H1N1 loader (aka Win32/Zlader)

Forum for analysis and discussion about malware.
User avatar
xors
Posts: 163
Joined: Mon May 23, 2016 2:01 am

Re: H1N1 loader (aka Win32/Zlader)

Post by xors » Thu Jun 23, 2016 11:33 pm

Saw it on hybrid analysis. I haven't extracted the config.

https://www.hybrid-analysis.com/sample/ ... mentId=100


Unpacked in the attachment
It communicates with 81.177.23.247
You do not have the required permissions to view the files attached to this post.
@xorsthingsv2

User avatar
xors
Posts: 163
Joined: Mon May 23, 2016 2:01 am

Re: H1N1 loader (aka Win32/Zlader)

Post by xors » Thu Jun 30, 2016 7:42 pm

You do not have the required permissions to view the files attached to this post.
@xorsthingsv2

User avatar
EP_X0FF
Global Moderator
Posts: 4872
Joined: Sun Mar 07, 2010 5:35 am
Location: Russian Federation
Contact:

Re: H1N1 loader (aka Win32/Zlader)

Post by EP_X0FF » Fri Oct 14, 2016 3:28 pm

Trouble in paradise.

hxxps://ripper.cc/blacks/57
hxxps://ripper.cc/blacks/56
Ring0 - the source of inspiration

Post Reply