Win32/Reveton

Forum for analysis and discussion about malware.
Cody Johnston
Posts: 158
Joined: Sun May 01, 2011 4:33 pm
Location: Los Angeles, CA
Contact:

Re: Win32/Reveton

Post by Cody Johnston » Fri Aug 22, 2014 3:15 pm

Code: Select all

4998A47D1ECB8C80E3AC5BAF743E87CC3546322335EDF89CE4A9AB1EF5420F69
https://www.virustotal.com/en/file/4998 ... /analysis/

Attached.
You do not have the required permissions to view the files attached to this post.

leeno
Posts: 45
Joined: Wed Apr 11, 2012 10:19 am

Re: Win32/Reveton

Post by leeno » Sat Nov 15, 2014 5:49 pm

I am trying to execute Ransom:Win64/Reveton.B Dll .I am unable to run this 64 Bit sample . it would be great if some one help in executing this sample .
I will appreciate if you can provide detail steps to run this sample .
I am attaching the sample pass is infected

Thanks

leeno
You do not have the required permissions to view the files attached to this post.

Midnight-Star234
Posts: 2
Joined: Sun Nov 23, 2014 2:02 am

Re: Win32/Reveton

Post by Midnight-Star234 » Mon Nov 24, 2014 2:23 am

How are you supposed to open these files? :?

User avatar
TETYYSs
Posts: 98
Joined: Fri Jun 28, 2013 6:51 pm

Re: Win32/Reveton

Post by TETYYSs » Mon Nov 24, 2014 12:52 pm

Midnight-Star234 wrote:How are you supposed to open these files? :?
The ZIP file is an archive file, you'll need software like 7-zip or similar to open these.

frame4-mdpro
Posts: 40
Joined: Wed Jul 13, 2011 1:53 am

Re: Win32/Reveton

Post by frame4-mdpro » Mon Nov 24, 2014 2:56 pm

I don't want to be too scathing, but I have virtually no confidence in somebody asking how to handle archive files, let alone malware :x

User avatar
EP_X0FF
Global Moderator
Posts: 4814
Joined: Sun Mar 07, 2010 5:35 am
Location: Russian Federation
Contact:

Re: Win32/Reveton

Post by EP_X0FF » Tue Nov 25, 2014 10:01 am

frame4-mdpro wrote:I don't want to be too scathing, but I have virtually no confidence in somebody asking how to handle archive files, let alone malware :x
Quite speculative but probably he is asking how to run them, because Reveton is in dll. However this mean he doesn't read whole thread before posting his question, because how to launch reveton was discussed earlier here, even with examples.
Ring0 - the source of inspiration

Midnight-Star234
Posts: 2
Joined: Sun Nov 23, 2014 2:02 am

Re: Win32/Reveton

Post by Midnight-Star234 » Fri Nov 28, 2014 6:10 am

EP_X0FF wrote:
frame4-mdpro wrote:I don't want to be too scathing, but I have virtually no confidence in somebody asking how to handle archive files, let alone malware :x
Quite speculative but probably he is asking how to run them, because Reveton is in dll. However this mean he doesn't read whole thread before posting his question, because how to launch reveton was discussed earlier here, even with examples.
Yeah I should have read the entire thread I got them running actually well to a page saying Internet Explorer couldn't display this page but I got it working after screwing around a little bit I gotta read before I post I'm such an idiot

harikrish093
Posts: 3
Joined: Mon Jan 26, 2015 8:43 am

Re: Win32/Reveton

Post by harikrish093 » Sun Mar 01, 2015 5:36 am

Hey Check out this variant of Reveton.I try find which algorithm it uses for encryption but cant if any one find pls tell Here i posted VT link

https://www.virustotal.com/en/file/823b ... /analysis/

Cody Johnston
Posts: 158
Joined: Sun May 01, 2011 4:33 pm
Location: Los Angeles, CA
Contact:

Re: Win32/Reveton

Post by Cody Johnston » Sun Mar 01, 2015 5:30 pm

harikrish093 wrote:Hey Check out this variant of Reveton.I try find which algorithm it uses for encryption but cant if any one find pls tell Here i posted VT link

https://www.virustotal.com/en/file/823b ... /analysis/
A few things:

1. Not everyone here has access to download files from VirusTotal, so if you want people to look at something, attach the actual sample.
2. Reveton is not known to encrypt files, so there is nothing to discover.
3. This sample is over a month old..

User avatar
Xylitol
Global Moderator
Posts: 1670
Joined: Sat Apr 10, 2010 5:54 pm
Location: Seireitei, Soul Society
Contact:

Re: Win32/Reveton

Post by Xylitol » Mon Jul 11, 2016 8:16 pm

https://heimdalsecurity.com/blog/what-i ... rotection/
In 2012, the major ransomware strand known as Reveton started to spread. It was based on the Citadel trojan, which was, in turn, part of the Zeus family.
Heimdal security clowns are back

Post Reply