ZeroAccess (alias MaxPlus, Sirefef)

Forum for analysis and discussion about malware.

Re: ZeroAccess (alias MaxPlus, Sirefef)

Postby Quads » Tue Sep 03, 2013 7:47 am

OK Roguekiller finds the Install folder on a 32bit system located C:\Program Files\Google\Desktop\Install

But doesn't find the Install folder if located in C:\Program Files (x86)\Google\Desktop\Install

I created the C:\Program Files (x86)\Google\Desktop\Install path and folders on my system and Roguekiller does not find it

Roguekiller does find these 2 locations, I created these 2 paths and folders also

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][Folder] Install : C:\Users\Quads\AppData\Local\Google\Desktop\Install [-] --> FOUND
[ZeroAccess][Folder] Install : C:\Program Files\Google\Desktop\Install [-] --> FOUND


Quads
Quads
 
Posts: 147
Joined: Thu May 06, 2010 10:19 pm
Location: New Zealand
Reputation point: 22

Re: ZeroAccess (alias MaxPlus, Sirefef)

Postby 0x16/7ton » Wed Sep 04, 2013 2:20 pm

Dropper from 01.09.2013 with mini-update
01_09_2013.rar

Sirefef attempts to stop and delete in addition two services: RemoteAccess,PolicyAgent
mini_update.png
You do not have the required permissions to view the files attached to this post.
Cause and effect
User avatar
0x16/7ton
 
Posts: 49
Joined: Fri Apr 20, 2012 12:59 pm
Location: Russian Federation
Reputation point: 77

Re: ZeroAccess (alias MaxPlus, Sirefef)

Postby Win32:Virut » Sat Sep 07, 2013 3:52 pm

60 droppers

03.09.2013 - 07.09.2013
You do not have the required permissions to view the files attached to this post.
Win32:Virut
 
Posts: 324
Joined: Sat Jun 02, 2012 2:22 pm
Reputation point: 82

Re: ZeroAccess (alias MaxPlus, Sirefef)

Postby Cody Johnston » Mon Sep 09, 2013 2:49 am

Cody Johnston
 
Posts: 135
Joined: Sun May 01, 2011 4:33 pm
Location: Los Angeles, CA
Reputation point: 60

Re: ZeroAccess (alias MaxPlus, Sirefef)

Postby rough_spear » Sat Sep 14, 2013 7:44 am

Hi All,

one more sample of Sirefef.

MD5 - 456D4D94B65C44C8B42901F2D87538A6

VT link - https://www.virustotal.com/en/file/0853 ... /analysis/

Regards,

rough_spear. ;)
You do not have the required permissions to view the files attached to this post.
rough_spear
 
Posts: 157
Joined: Mon Oct 18, 2010 4:46 pm
Location: India
Reputation point: 56

Re: ZeroAccess (alias MaxPlus, Sirefef)

Postby Win32:Virut » Sat Sep 14, 2013 10:19 am

48 droppers

08.09.2013 - 14.09.2013
You do not have the required permissions to view the files attached to this post.
Win32:Virut
 
Posts: 324
Joined: Sat Jun 02, 2012 2:22 pm
Reputation point: 82

Re: ZeroAccess (alias MaxPlus, Sirefef)

Postby Win32:Virut » Sat Sep 21, 2013 2:22 pm

41 droppers

14.09.2013 - 21.09.2013
You do not have the required permissions to view the files attached to this post.
Win32:Virut
 
Posts: 324
Joined: Sat Jun 02, 2012 2:22 pm
Reputation point: 82

Re: ZeroAccess (alias MaxPlus, Sirefef)

Postby r3shl4k1sh » Fri Oct 04, 2013 5:10 am

A paper by Symantec called ZeroAcess Indepth
It seems they went really depth in some areas...
User avatar
r3shl4k1sh
 
Posts: 83
Joined: Tue Feb 05, 2013 10:26 pm
Location: Israel
Reputation point: 16

Re: ZeroAccess (alias MaxPlus, Sirefef)

Postby EP_X0FF » Fri Oct 04, 2013 5:51 am

Blah-blah-blah with hyped marketing shit in the end, completely wrong timeline and major copy-paste work from Sophos articles. Not to mention they totally miss 2013 versions.
Ring0 - the source of inspiration
User avatar
EP_X0FF
Global Moderator
 
Posts: 3869
Joined: Sun Mar 07, 2010 5:35 am
Location: Russian Federation
Reputation point: 465

Re: ZeroAccess (alias MaxPlus, Sirefef)

Postby N3mes1s » Fri Oct 04, 2013 7:28 am

N3mes1s
 
Posts: 35
Joined: Wed Mar 09, 2011 5:17 pm
Reputation point: 5

PreviousNext

Return to Malware

Who is online

Users browsing this forum: No registered users and 4 guests