Win32/Conficker

Forum for analysis and discussion about malware.

Win32/Conficker

Postby freyr » Sat Jun 19, 2010 8:36 pm

Hi, does anyone have latest sample of this bullshit, is it active now ?
freyr
 
Posts: 7
Joined: Wed Mar 17, 2010 6:08 pm
Reputation point: 0

Re: Conficker

Postby Maniac » Sat Jun 19, 2010 10:04 pm

According to statistics of ESET ThreatSense.Net ®, absolutely YES!
http://www.eset.eu/press-european-pcs-u ... ia-malware

However, it is generated through the results of ThreatSense.Net ® technology and only for users who use their products and have included the submission of data to ESET.
Maniac
 
Posts: 11
Joined: Sun May 09, 2010 2:57 pm
Location: Bulgaria, EU
Reputation point: 10

Re: Conficker

Postby NOP » Sat Jun 19, 2010 11:42 pm

Though it may still be active its owners are too scared to use it, probably due to the crazy media coverage. The last use I read for it was FakeAV distribution, some time last year. Can find samples of it at offensivecomputing.net.
NOP
 
Posts: 36
Joined: Wed Mar 31, 2010 4:56 pm
Reputation point: 5

Re: Conficker

Postby EP_X0FF » Sun Jun 20, 2010 3:09 am

I've some old sample that I retrieved from infected computer in 2009. Here it is if you need.

http://www.virustotal.com/ru/analisis/a ... 1277003023
You do not have the required permissions to view the files attached to this post.
Ring0 - the source of inspiration
User avatar
EP_X0FF
Global Moderator
 
Posts: 4752
Joined: Sun Mar 07, 2010 5:35 am
Location: Russian Federation
Reputation point: 562

Re: Conficker

Postby B-boy/StyLe/ » Sun Jul 04, 2010 9:59 pm

Here is the latest dll...

File is attached => no password. :)

Regards,
G.
You do not have the required permissions to view the files attached to this post.
Last edited by EP_X0FF on Mon Jul 05, 2010 4:56 am, edited 1 time in total.
Reason: archive reupload
User avatar
B-boy/StyLe/
 
Posts: 51
Joined: Mon Mar 22, 2010 2:43 am
Reputation point: 12

Re: Conficker

Postby EP_X0FF » Mon Jul 05, 2010 4:55 am

Hello,

Thanks for newest sample.

I've reuploaded archive with password "malware".

VirusTotal links also added
http://www.virustotal.com/analisis/5ac0 ... 1278305420
http://www.virustotal.com/analisis/24fe ... 1278305413

vdixmzcz.sys file is empty driver with retn at DriverEntry.

Regards.
Ring0 - the source of inspiration
User avatar
EP_X0FF
Global Moderator
 
Posts: 4752
Joined: Sun Mar 07, 2010 5:35 am
Location: Russian Federation
Reputation point: 562


Re: Conficker worm variants

Postby Xylitol » Mon Jun 13, 2011 9:05 pm

20 Mb of different Conficker's version (100 files)
http://www.multiupload.com/T8ED4FF4XF
pwd: infected

Code: Select all
C:\Documents and Settings\Administrator\My Documents\Downloads\last12\02830b424d88664cc3576941dd9841f9 - Win32/Conficker.AA worm
C:\Documents and Settings\Administrator\My Documents\Downloads\last12\04199a5b981fd5a3d846d3f9d4c1d574 - Win32/Conficker.AA worm
C:\Documents and Settings\Administrator\My Documents\Downloads\last12\060722ac0e512e73f6c16ebe87229bea - a variant of Win32/Conficker.X worm
C:\Documents and Settings\Administrator\My Documents\Downloads\last12\0656e272e85a25caaece4591e24b4d35 - a variant of Win32/Conficker.X worm
C:\Documents and Settings\Administrator\My Documents\Downloads\last12\0724c68f973e4e35391849cfb5259f86 - a variant of Win32/Conficker.AA worm
C:\Documents and Settings\Administrator\My Documents\Downloads\last12\0850949288794dc856f1d6bfc841f29b - Win32/Conficker.X worm
C:\Documents and Settings\Administrator\My Documents\Downloads\last12\0b10abf888bf59dab5b9b3dc94a1b7aa - a variant of Win32/Conficker.X worm
C:\Documents and Settings\Administrator\My Documents\Downloads\last12\0c059b0d1d5a03f69a21185987c17d5c - Win32/Conficker.X worm
C:\Documents and Settings\Administrator\My Documents\Downloads\last12\0c552468a699d1be06006623c65dabe5 - a variant of Win32/Conficker.AA worm
C:\Documents and Settings\Administrator\My Documents\Downloads\last12\16acf30169d089b8a967f40d9a38d8f7 - Win32/Conficker.AA worm
C:\Documents and Settings\Administrator\My Documents\Downloads\last12\170eda3eee51debc4fd5ee276a4b90e6 - a variant of Win32/Conficker.X worm
C:\Documents and Settings\Administrator\My Documents\Downloads\last12\179db61a8ffd3b0f50ff8369f948efd5 - Win32/Conficker.AE worm
C:\Documents and Settings\Administrator\My Documents\Downloads\last12\1ee727ac887e6a2425719ed082fbdbb5 - Win32/Conficker.AM worm
C:\Documents and Settings\Administrator\My Documents\Downloads\last12\1fabdc27b3332008617416348969e612 - Win32/Conficker.AE worm
C:\Documents and Settings\Administrator\My Documents\Downloads\last12\22d8946916e8358cbb46bd53e476b7f2 - Win32/Conficker.AA worm
C:\Documents and Settings\Administrator\My Documents\Downloads\last12\25ac910d6d2c48ed2a57532bfc5acc21 - Win32/Conficker.AA worm
C:\Documents and Settings\Administrator\My Documents\Downloads\last12\26fe6e1c61e63e0a9fa52c4f24b7a67e - a variant of Win32/Conficker.X worm
C:\Documents and Settings\Administrator\My Documents\Downloads\last12\292589f58fa4c5c46a996a6a98e33253 - a variant of Win32/Conficker.X worm
C:\Documents and Settings\Administrator\My Documents\Downloads\last12\2a265198638bb987e84dea0ec5fbe5af - a variant of Win32/Conficker.X worm
C:\Documents and Settings\Administrator\My Documents\Downloads\last12\2aeae56802c4efc7b68e8e1f6b04edea - a variant of Win32/Conficker.X worm
C:\Documents and Settings\Administrator\My Documents\Downloads\last12\2b670171de63bf1c9514585248fccb80 - a variant of Win32/Conficker.X worm
C:\Documents and Settings\Administrator\My Documents\Downloads\last12\2bb554a5870a5c809771e9aa1e997e4f - Win32/Conficker.AE worm
C:\Documents and Settings\Administrator\My Documents\Downloads\last12\2e3a0423b96aa1183cdfc84e0675641d - a variant of Win32/Conficker.X worm
C:\Documents and Settings\Administrator\My Documents\Downloads\last12\2e8da5a55865a091864a4338ef4d2e44 - Win32/Conficker.AL worm
C:\Documents and Settings\Administrator\My Documents\Downloads\last12\302271285bd21c968232eaf77dc2d266 - Win32/Conficker.AA worm
C:\Documents and Settings\Administrator\My Documents\Downloads\last12\3284fad8a6238205829d812a26a608ff - Win32/Conficker.AA worm
C:\Documents and Settings\Administrator\My Documents\Downloads\last12\3349eab5cc4660bafa502f7565ff761d - a variant of Win32/Conficker.AA worm
C:\Documents and Settings\Administrator\My Documents\Downloads\last12\344770974dce3c039b48d27bd4e9a114 - Win32/Conficker.AE worm
C:\Documents and Settings\Administrator\My Documents\Downloads\last12\35b3f4ad55e3cf32784ced7b0e035ebe - Win32/Conficker.X worm
C:\Documents and Settings\Administrator\My Documents\Downloads\last12\36c2dc0a1f50ccc3a77b2a57684fad88 - a variant of Win32/Conficker.X worm
C:\Documents and Settings\Administrator\My Documents\Downloads\last12\393e2e61ff08a8f7439e3d2cfcb8056f - Win32/Conficker.AB worm
C:\Documents and Settings\Administrator\My Documents\Downloads\last12\3a17d2b030d2180c42fadf2d649f903b - a variant of Win32/Conficker.X worm
C:\Documents and Settings\Administrator\My Documents\Downloads\last12\3ac52cf907dc74d9ea1165405e71f1f7 - Win32/Conficker.AN worm
C:\Documents and Settings\Administrator\My Documents\Downloads\last12\3aff8601a8a6fc1dccb836ae3e971e3e - Win32/Conficker.X worm
C:\Documents and Settings\Administrator\My Documents\Downloads\last12\464c2dc20ac316574ab6b4351263d440 - Win32/IRCBot.OO trojan
C:\Documents and Settings\Administrator\My Documents\Downloads\last12\4a270b9e3b708a55639a531de71c7af4 - a variant of Win32/Conficker.X worm
C:\Documents and Settings\Administrator\My Documents\Downloads\last12\4c6f98a8e33748d8053ca96e220ff9d6 - a variant of Win32/Conficker.X worm
C:\Documents and Settings\Administrator\My Documents\Downloads\last12\4fbcfb9557656c96edb479e30eef2fb3 - Win32/Conficker.X worm
C:\Documents and Settings\Administrator\My Documents\Downloads\last12\515ea537628f3371fbac9a332854062d - Win32/Conficker.AE worm
C:\Documents and Settings\Administrator\My Documents\Downloads\last12\574cf0062911c8c4eca2156187b8207d - Win32/Conficker.AA worm
C:\Documents and Settings\Administrator\My Documents\Downloads\last12\595673fac780251f8083e688c7c381cd - Win32/Conficker.AI worm
C:\Documents and Settings\Administrator\My Documents\Downloads\last12\59fe65fad4849c95ed538475c1f707cf - a variant of Win32/Conficker.X worm
C:\Documents and Settings\Administrator\My Documents\Downloads\last12\5a596acc916f37f266498535ebfc8d9e - a variant of Win32/Conficker.AA worm
C:\Documents and Settings\Administrator\My Documents\Downloads\last12\5cd426dbec0619b9500a96f24b3886c8 - a variant of Win32/Conficker.X worm
C:\Documents and Settings\Administrator\My Documents\Downloads\last12\607a710f446de466fcb3be1e5c189c71 - a variant of Win32/Conficker.X worm
C:\Documents and Settings\Administrator\My Documents\Downloads\last12\63239a888c7ccf18e89650bfba35047d - a variant of Win32/Conficker.X worm
C:\Documents and Settings\Administrator\My Documents\Downloads\last12\635d7d63bbda1c8cde0d421972b9e8a0 - Win32/Conficker.AA worm
C:\Documents and Settings\Administrator\My Documents\Downloads\last12\642f4f6aa7622e73f85142936da8bcc5 - a variant of Win32/Conficker.X worm
C:\Documents and Settings\Administrator\My Documents\Downloads\last12\6a0376660e684e3e36fa5cdf17249f89 - Win32/Conficker.X worm
C:\Documents and Settings\Administrator\My Documents\Downloads\last12\6e1c0a42348d4f027db61f40909f31b1 - a variant of Win32/Conficker.X worm
C:\Documents and Settings\Administrator\My Documents\Downloads\last12\78c9042bbcefd65beaa0d40386da9f89 - Win32/Conficker.AA worm
C:\Documents and Settings\Administrator\My Documents\Downloads\last12\7bb455ea4a77b24478fba4de145115eb - a variant of Win32/Conficker.AA worm
C:\Documents and Settings\Administrator\My Documents\Downloads\last12\7c4f89b8b01015120bad896f4ab69243 - Win32/Conficker.AE worm
C:\Documents and Settings\Administrator\My Documents\Downloads\last12\7c8ba7a2720428a10645c8d23a188d28 - a variant of Win32/Conficker.X worm
C:\Documents and Settings\Administrator\My Documents\Downloads\last12\7f7e07dfd34c0dd2f99b144cc1023040 - Win32/Conficker.AA worm
C:\Documents and Settings\Administrator\My Documents\Downloads\last12\7fc76c868e094d05bbe8e42ccf550209 - Win32/Conficker.X worm
C:\Documents and Settings\Administrator\My Documents\Downloads\last12\81abc5e68ca47004b75e7027d2810fa3 - Win32/Conficker.AC worm
C:\Documents and Settings\Administrator\My Documents\Downloads\last12\820b72b7fca61c7f6778fadc7793f4a2 - Win32/Conficker.X worm
C:\Documents and Settings\Administrator\My Documents\Downloads\last12\82c2f38879dec02d0a7a1fb7664d7bfc - a variant of Win32/Conficker.AA worm
C:\Documents and Settings\Administrator\My Documents\Downloads\last12\85e6e49f323f618b1ba7f9c223994740 - Win32/Conficker.AE worm
C:\Documents and Settings\Administrator\My Documents\Downloads\last12\87136c488903474630369e232704fa4d - Win32/Conficker.AA worm
C:\Documents and Settings\Administrator\My Documents\Downloads\last12\8c9367b7dc43dadaa3ec9da767c586cf - Win32/Conficker.AA worm
C:\Documents and Settings\Administrator\My Documents\Downloads\last12\9013a966ea22aa85f5ae581a34139f86 - Win32/Conficker.AK worm
C:\Documents and Settings\Administrator\My Documents\Downloads\last12\908f7f11efb709acac525c03839dc9e5 - Win32/Conficker.AD worm
C:\Documents and Settings\Administrator\My Documents\Downloads\last12\94e689d7d6bc7c769d09a59066727497 - Win32/Conficker.AA worm
C:\Documents and Settings\Administrator\My Documents\Downloads\last12\95ad430abca3da496600f764c120683c - Win32/Conficker.AE worm
C:\Documents and Settings\Administrator\My Documents\Downloads\last12\961cfb405f6aa100bf6a3d66507eda18 - Win32/Conficker.AF worm
C:\Documents and Settings\Administrator\My Documents\Downloads\last12\984cef500b81e7ad2f7a69d9208e64e6 - a variant of Win32/Conficker.X worm
C:\Documents and Settings\Administrator\My Documents\Downloads\last12\9928166c8ac7392dd943d7b21b681a07 - Win32/Conficker.AE worm
C:\Documents and Settings\Administrator\My Documents\Downloads\last12\99956824d4ed97e89a8da41ee4ed3461 - a variant of Win32/Conficker.AA worm
C:\Documents and Settings\Administrator\My Documents\Downloads\last12\a4ea15978b7ff55299f822d2a13bb09a - a variant of Win32/Conficker.AA worm
C:\Documents and Settings\Administrator\My Documents\Downloads\last12\a61bb611ab77e5bb2d3cab672392a928 - a variant of Win32/Conficker.X worm
C:\Documents and Settings\Administrator\My Documents\Downloads\last12\a7e4659ec5807b169f28039602f14fe8 - a variant of Win32/Conficker.X worm
C:\Documents and Settings\Administrator\My Documents\Downloads\last12\a95ca1b2083f0acdc015a7589d5dadda - Win32/Conficker.AA worm
C:\Documents and Settings\Administrator\My Documents\Downloads\last12\aacf3bdc1560cb19cd891edda07a7166 - a variant of Win32/Conficker.X worm
C:\Documents and Settings\Administrator\My Documents\Downloads\last12\acc6dbf1d92baf4af234a6a9fc063e3f - a variant of Win32/Conficker.X worm
C:\Documents and Settings\Administrator\My Documents\Downloads\last12\b29d79b0bf961834bb18300f384db3ea - Win32/Conficker.AA worm
C:\Documents and Settings\Administrator\My Documents\Downloads\last12\b30c906d0e99e9461e487a7085ad1b55 - Win32/Conficker.AE worm
C:\Documents and Settings\Administrator\My Documents\Downloads\last12\b420138b88eda83a51fea5298f72864a - Win32/Conficker.AA worm
C:\Documents and Settings\Administrator\My Documents\Downloads\last12\b4f2a1266aca3dfc06551965828ba83c - Win32/Conficker.AA worm
C:\Documents and Settings\Administrator\My Documents\Downloads\last12\b58e61eee89bea25dcf4a6509353ef05 - a variant of Win32/Conficker.X worm
C:\Documents and Settings\Administrator\My Documents\Downloads\last12\bdc18dfcfa63861aaa9d9fb95919d32a - Win32/Conficker.AE worm
C:\Documents and Settings\Administrator\My Documents\Downloads\last12\bece18bbd94a751f0575fd83f2ddba5e - a variant of Win32/Conficker.AA worm
C:\Documents and Settings\Administrator\My Documents\Downloads\last12\bff95ab29e8fc5c8aeeee9998d90c54e - Win32/Conficker.X worm
C:\Documents and Settings\Administrator\My Documents\Downloads\last12\c211a5f4c4cf34098a0e9cc6e65a025d - Win32/Conficker.AE worm
C:\Documents and Settings\Administrator\My Documents\Downloads\last12\c3852074ee50da92c2857d24471747d9 - a variant of Win32/Conficker.AA worm
C:\Documents and Settings\Administrator\My Documents\Downloads\last12\c3fb75c9781e1fd668c9ec6717c88830 - a variant of Win32/Conficker.X worm
C:\Documents and Settings\Administrator\My Documents\Downloads\last12\c7277972654775258bf3d4d6936eb1b0 - a variant of Win32/Conficker.X worm
C:\Documents and Settings\Administrator\My Documents\Downloads\last12\d0e0c049ed7056eac8bb396429795010 - Win32/Conficker.AE worm
C:\Documents and Settings\Administrator\My Documents\Downloads\last12\d271ac4c401873c202fa443a8d7c3163 - a variant of Win32/Conficker.X worm
C:\Documents and Settings\Administrator\My Documents\Downloads\last12\d45895e3980c96b077cb4ed8dc163db8 - Win32/Conficker.AE worm
C:\Documents and Settings\Administrator\My Documents\Downloads\last12\d635160cdc117fe86fe107e823e1d4e6 - a variant of Win32/Conficker.X worm
C:\Documents and Settings\Administrator\My Documents\Downloads\last12\d94ad814af77a5c969bda09a1352c94e - Win32/Conficker.AI worm
C:\Documents and Settings\Administrator\My Documents\Downloads\last12\d9cb288f317124a0e63e3405ed290765 - Win32/Conficker.A worm
C:\Documents and Settings\Administrator\My Documents\Downloads\last12\dd0400bed68d272b08d1d0272bc18462 - Win32/Conficker.AA worm
C:\Documents and Settings\Administrator\My Documents\Downloads\last12\e53ed987e82ad7bf076c23d91401cac7 - Win32/Conficker.AA worm
C:\Documents and Settings\Administrator\My Documents\Downloads\last12\e6571ed41e985ed1244046a730b33da4 - a variant of Win32/Conficker.X worm
C:\Documents and Settings\Administrator\My Documents\Downloads\last12\e74e2fa245fda2d11dd0b13d87e93cd4 - a variant of Win32/Conficker.AA worm
C:\Documents and Settings\Administrator\My Documents\Downloads\last12\f4db293d2b9d4fc9acb3c144a1f7486b - Win32/Conficker.X worm
C:\Documents and Settings\Administrator\My Documents\Downloads\last12\f4dbeec1e9b98fdbf880cc2e35359172 - a variant of Win32/Conficker.X worm

ip adresses from different countrys infected by this worm:
Code: Select all
Number of downloads|file|ip
1|f4dbeec1e9b98fdbf880cc2e35359172|114.42.198.196
1|f4db293d2b9d4fc9acb3c144a1f7486b|86.38.196.253
1|e74e2fa245fda2d11dd0b13d87e93cd4|79.41.15.71
1|e6571ed41e985ed1244046a730b33da4|187.10.205.243
1|e53ed987e82ad7bf076c23d91401cac7|61.216.17.169
1|e53ed987e82ad7bf076c23d91401cac7|84.3.147.70
1|e53ed987e82ad7bf076c23d91401cac7|95.189.166.218
2|dd0400bed68d272b08d1d0272bc18462|114.36.55.113
2|dd0400bed68d272b08d1d0272bc18462|125.227.180.12
1|dd0400bed68d272b08d1d0272bc18462|81.182.183.189
1|dd0400bed68d272b08d1d0272bc18462|95.29.71.244
1|d9cb288f317124a0e63e3405ed290765|116.90.176.21
1|d94ad814af77a5c969bda09a1352c94e|219.119.0.112
1|d635160cdc117fe86fe107e823e1d4e6|79.164.142.126
1|d45895e3980c96b077cb4ed8dc163db8|190.137.82.85
1|d271ac4c401873c202fa443a8d7c3163|190.230.3.34
1|d0e0c049ed7056eac8bb396429795010|201.13.166.18
2|c7277972654775258bf3d4d6936eb1b0|184.78.54.112
1|c7277972654775258bf3d4d6936eb1b0|89.42.88.248
1|c7277972654775258bf3d4d6936eb1b0|92.36.242.231
1|c3fb75c9781e1fd668c9ec6717c88830|211.169.94.53
1|c3852074ee50da92c2857d24471747d9|92.247.122.135
1|c3852074ee50da92c2857d24471747d9|92.247.122.176
1|c211a5f4c4cf34098a0e9cc6e65a025d|85.64.68.32
1|bff95ab29e8fc5c8aeeee9998d90c54e|92.47.250.44
1|bece18bbd94a751f0575fd83f2ddba5e|115.39.209.173
1|bdc18dfcfa63861aaa9d9fb95919d32a|114.137.227.205
1|bdc18dfcfa63861aaa9d9fb95919d32a|200.54.200.72
2|b58e61eee89bea25dcf4a6509353ef05|61.231.224.82
1|b4f2a1266aca3dfc06551965828ba83c|178.184.186.192
1|b420138b88eda83a51fea5298f72864a|122.76.81.176
2|b420138b88eda83a51fea5298f72864a|212.19.7.177
1|b30c906d0e99e9461e487a7085ad1b55|189.111.78.232
1|b29d79b0bf961834bb18300f384db3ea|88.134.66.21
1|acc6dbf1d92baf4af234a6a9fc063e3f|61.225.134.208
1|acc6dbf1d92baf4af234a6a9fc063e3f|78.84.109.190
1|aacf3bdc1560cb19cd891edda07a7166|109.70.146.203
2|a95ca1b2083f0acdc015a7589d5dadda|77.22.70.42
1|a7e4659ec5807b169f28039602f14fe8|189.70.237.87
1|a61bb611ab77e5bb2d3cab672392a928|66.65.224.44
1|a4ea15978b7ff55299f822d2a13bb09a|118.171.44.197
1|a4ea15978b7ff55299f822d2a13bb09a|72.178.225.225
1|a4ea15978b7ff55299f822d2a13bb09a|81.20.166.255
1|a4ea15978b7ff55299f822d2a13bb09a|91.99.140.197
1|99956824d4ed97e89a8da41ee4ed3461|46.109.18.132
2|9928166c8ac7392dd943d7b21b681a07|118.232.237.83
2|984cef500b81e7ad2f7a69d9208e64e6|59.113.137.176
1|961cfb405f6aa100bf6a3d66507eda18|190.175.4.239
1|95ad430abca3da496600f764c120683c|178.214.165.163
1|95ad430abca3da496600f764c120683c|89.42.231.220
1|94e689d7d6bc7c769d09a59066727497|115.39.160.12
1|94e689d7d6bc7c769d09a59066727497|82.132.25.136
2|94e689d7d6bc7c769d09a59066727497|93.178.0.226
1|908f7f11efb709acac525c03839dc9e5|118.165.169.207
1|9013a966ea22aa85f5ae581a34139f86|188.173.194.7
1|9013a966ea22aa85f5ae581a34139f86|91.146.182.143
1|8c9367b7dc43dadaa3ec9da767c586cf|178.150.84.245
1|8c9367b7dc43dadaa3ec9da767c586cf|86.55.92.215
1|87136c488903474630369e232704fa4d|113.37.160.87
1|87136c488903474630369e232704fa4d|178.95.102.106
1|87136c488903474630369e232704fa4d|184.74.84.21
1|87136c488903474630369e232704fa4d|189.47.117.60
1|87136c488903474630369e232704fa4d|83.22.137.253
2|87136c488903474630369e232704fa4d|92.86.69.109
1|87136c488903474630369e232704fa4d|95.26.72.76
1|87136c488903474630369e232704fa4d|95.37.21.94
1|85e6e49f323f618b1ba7f9c223994740|94.52.207.70
2|82c2f38879dec02d0a7a1fb7664d7bfc|24.43.223.118
1|820b72b7fca61c7f6778fadc7793f4a2|190.135.215.44
1|81abc5e68ca47004b75e7027d2810fa3|151.81.179.177
2|7fc76c868e094d05bbe8e42ccf550209|201.68.162.166
1|7f7e07dfd34c0dd2f99b144cc1023040|60.250.3.8
1|7c8ba7a2720428a10645c8d23a188d28|78.34.233.92
1|7c4f89b8b01015120bad896f4ab69243|111.240.64.207
1|7bb455ea4a77b24478fba4de145115eb|112.203.39.150
1|7bb455ea4a77b24478fba4de145115eb|123.229.214.183
1|7bb455ea4a77b24478fba4de145115eb|187.34.168.184
1|7bb455ea4a77b24478fba4de145115eb|187.80.128.75
2|7bb455ea4a77b24478fba4de145115eb|76.89.102.219
1|7bb455ea4a77b24478fba4de145115eb|78.190.159.89
1|7bb455ea4a77b24478fba4de145115eb|88.31.35.130
1|7bb455ea4a77b24478fba4de145115eb|94.21.64.37
1|78c9042bbcefd65beaa0d40386da9f89|123.99.56.163
1|78c9042bbcefd65beaa0d40386da9f89|201.21.117.238
1|78c9042bbcefd65beaa0d40386da9f89|79.179.45.159
1|6e1c0a42348d4f027db61f40909f31b1|93.124.120.110
1|6a0376660e684e3e36fa5cdf17249f89|81.57.22.80
1|642f4f6aa7622e73f85142936da8bcc5|88.165.26.174
1|635d7d63bbda1c8cde0d421972b9e8a0|190.227.115.143
1|63239a888c7ccf18e89650bfba35047d|87.121.203.163
2|607a710f446de466fcb3be1e5c189c71|189.69.63.220
1|5cd426dbec0619b9500a96f24b3886c8|222.214.236.253
1|5a596acc916f37f266498535ebfc8d9e|109.173.37.45
1|5a596acc916f37f266498535ebfc8d9e|140.114.228.70
1|59fe65fad4849c95ed538475c1f707cf|92.253.37.155
1|595673fac780251f8083e688c7c381cd|118.170.245.15
1|595673fac780251f8083e688c7c381cd|216.41.204.92
1|595673fac780251f8083e688c7c381cd|80.98.72.46
1|595673fac780251f8083e688c7c381cd|91.18.13.89
1|574cf0062911c8c4eca2156187b8207d|110.24.76.81
1|574cf0062911c8c4eca2156187b8207d|183.83.181.1
1|574cf0062911c8c4eca2156187b8207d|190.145.60.126
2|574cf0062911c8c4eca2156187b8207d|211.174.127.209
1|574cf0062911c8c4eca2156187b8207d|211.255.146.47
1|515ea537628f3371fbac9a332854062d|109.229.4.3
1|515ea537628f3371fbac9a332854062d|187.80.199.79
1|4fbcfb9557656c96edb479e30eef2fb3|79.115.226.88
1|4c6f98a8e33748d8053ca96e220ff9d6|95.27.245.98
1|4a270b9e3b708a55639a531de71c7af4|78.244.232.42
1|464c2dc20ac316574ab6b4351263d440|74.128.38.186
1|3aff8601a8a6fc1dccb836ae3e971e3e|217.203.94.216
1|3aff8601a8a6fc1dccb836ae3e971e3e|59.121.5.9
1|3ac52cf907dc74d9ea1165405e71f1f7|88.222.152.152
1|3a17d2b030d2180c42fadf2d649f903b|112.200.164.188
1|393e2e61ff08a8f7439e3d2cfcb8056f|123.89.68.218
2|393e2e61ff08a8f7439e3d2cfcb8056f|85.120.97.25
2|393e2e61ff08a8f7439e3d2cfcb8056f|91.103.104.3
1|393e2e61ff08a8f7439e3d2cfcb8056f|95.58.120.219
1|36c2dc0a1f50ccc3a77b2a57684fad88|151.83.187.207
2|35b3f4ad55e3cf32784ced7b0e035ebe|200.107.120.42
2|344770974dce3c039b48d27bd4e9a114|123.193.89.112
1|344770974dce3c039b48d27bd4e9a114|190.50.198.41
1|344770974dce3c039b48d27bd4e9a114|212.50.252.212
1|344770974dce3c039b48d27bd4e9a114|88.183.23.158
1|344770974dce3c039b48d27bd4e9a114|95.25.135.114
1|3349eab5cc4660bafa502f7565ff761d|69.132.156.230
1|3284fad8a6238205829d812a26a608ff|216.227.120.249
1|3284fad8a6238205829d812a26a608ff|80.117.19.63
1|3284fad8a6238205829d812a26a608ff|87.97.134.126
2|302271285bd21c968232eaf77dc2d266|200.69.116.54
2|302271285bd21c968232eaf77dc2d266|62.215.18.140
1|2e8da5a55865a091864a4338ef4d2e44|193.198.163.217
1|2e8da5a55865a091864a4338ef4d2e44|78.84.51.52
5|2e8da5a55865a091864a4338ef4d2e44|94.52.191.49
1|2e8da5a55865a091864a4338ef4d2e44|95.28.2.207
1|2e8da5a55865a091864a4338ef4d2e44|95.30.169.144
1|2e8da5a55865a091864a4338ef4d2e44|96.49.240.115
2|2e3a0423b96aa1183cdfc84e0675641d|188.136.163.133
1|2bb554a5870a5c809771e9aa1e997e4f|81.60.4.208
1|2b670171de63bf1c9514585248fccb80|200.204.200.8
1|2aeae56802c4efc7b68e8e1f6b04edea|77.106.246.93
1|2a265198638bb987e84dea0ec5fbe5af|121.73.111.108
1|292589f58fa4c5c46a996a6a98e33253|122.121.13.233
1|26fe6e1c61e63e0a9fa52c4f24b7a67e|93.120.75.170
1|26156811dacf6bf756cecfff692cd8b4|186.108.178.46
1|25ac910d6d2c48ed2a57532bfc5acc21|190.173.100.74
2|22d8946916e8358cbb46bd53e476b7f2|187.15.78.47
1|22d8946916e8358cbb46bd53e476b7f2|213.181.215.176
1|1fabdc27b3332008617416348969e612|92.27.201.61
1|1ee727ac887e6a2425719ed082fbdbb5|112.197.109.95
1|179db61a8ffd3b0f50ff8369f948efd5|92.81.32.80
1|170eda3eee51debc4fd5ee276a4b90e6|78.8.50.16
2|16acf30169d089b8a967f40d9a38d8f7|119.77.215.97
1|16acf30169d089b8a967f40d9a38d8f7|81.182.237.122
1|0c552468a699d1be06006623c65dabe5|58.69.174.74
1|0c059b0d1d5a03f69a21185987c17d5c|109.87.114.115
2|0b10abf888bf59dab5b9b3dc94a1b7aa|114.41.2.45
1|0b10abf888bf59dab5b9b3dc94a1b7aa|88.235.211.19
1|0b10abf888bf59dab5b9b3dc94a1b7aa|94.53.83.126
1|0850949288794dc856f1d6bfc841f29b|85.179.192.226
1|0724c68f973e4e35391849cfb5259f86|111.88.38.253
1|0724c68f973e4e35391849cfb5259f86|111.88.47.3
1|0724c68f973e4e35391849cfb5259f86|111.88.54.89
1|0656e272e85a25caaece4591e24b4d35|111.254.125.90
1|060722ac0e512e73f6c16ebe87229bea|212.106.37.78
2|04199a5b981fd5a3d846d3f9d4c1d574|212.45.69.125
1|02830b424d88664cc3576941dd9841f9|189.69.130.250


Infs ~
Wikipedia: http://en.wikipedia.org/wiki/Conficker
Know Your Enemy: Conficker http://www.honeynet.org/files/KYE-Conficker.pdf
Confi cker.C A Technical Analysis http://www.sophos.com/sophos/docs/eng/m ... alysis.pdf
McAfee Avert Labs Finding W32/Conficker.worm: http://download.nai.com/products/mcafee ... r_worm.pdf
User avatar
Xylitol
Global Moderator
 
Posts: 1635
Joined: Sat Apr 10, 2010 5:54 pm
Location: Seireitei, Soul Society
Reputation point: 494

Re: Conficker

Postby blueblackant » Tue Aug 02, 2011 4:48 pm

I would like to execute the files so that I can do some research on them. How do you that ? Thanks.
blueblackant
 
Posts: 2
Joined: Sat Jul 09, 2011 6:21 am
Reputation point: 0

Re: Conficker

Postby EP_X0FF » Wed Aug 03, 2011 4:20 am

blueblackant wrote:I would like to execute the files so that I can do some research on them. How do you that ? Thanks.

Change/Add extension to exe and run.
Ring0 - the source of inspiration
User avatar
EP_X0FF
Global Moderator
 
Posts: 4752
Joined: Sun Mar 07, 2010 5:35 am
Location: Russian Federation
Reputation point: 562

Next

Return to Malware

Who is online

Users browsing this forum: No registered users and 4 guests