Win32/Zeus (alias Zbot)

Forum for analysis and discussion about malware.
Post Reply
PX5
Posts: 144
Joined: Thu Apr 29, 2010 1:14 am

Re: searchin new zbot variannt

Post by PX5 » Thu Sep 30, 2010 7:30 am

Should be the Zeus2 your looking for.
You do not have the required permissions to view the files attached to this post.
Arrogance led me to my Ignorance
Top
nullptr
Posts: 209
Joined: Sun Mar 14, 2010 6:35 am

Trojan Zeus (alias ZBot)

Post by nullptr » Thu Nov 18, 2010 5:02 am

Playing with this sample with OllyDbg in Virtual PC XP Mode on Win7 x64 and received notification from the host machine:
C:\Applications\DebugView\Dbgview.exe
Win32/TrojanDownloader.Small.PAC trojan cleaned - quarantined
Event occurred on a file modified by the application: C:\Windows\winsxs\amd64_microsoft-windows-virtualpc ui-vmwindow_31bf3856ad364e35_7.1.7600.16393_none_c661bbf36eaa14f2\VMWindow.exe
File was definitely infected.
A nice escape :)

edit: Actually the alert came when I ran the sample outside the debugger. ie infected the VM.
You do not have the required permissions to view the files attached to this post.
Last edited by EP_X0FF on Wed Nov 02, 2011 4:50 am, edited 2 times in total.
Reason: title edited
Top
User avatar
EP_X0FF
Global Moderator
Posts: 4872
Joined: Sun Mar 07, 2010 5:35 am
Location: Russian Federation
Contact:
Contact EP_X0FF

Re: W32/Zbot

Post by EP_X0FF » Thu Nov 18, 2010 8:09 am

What is that? :)
0xBF28CD64
Ring0 - the source of inspiration
Top
nullptr
Posts: 209
Joined: Sun Mar 14, 2010 6:35 am

Re: W32/Zbot

Post by nullptr » Thu Nov 18, 2010 12:16 pm

;) unpacked with special guest # BOT NOT CRYPTED :lol:
You do not have the required permissions to view the files attached to this post.
Top
User avatar
GamingMasteR
Global Moderator
Posts: 228
Joined: Sun Mar 07, 2010 10:52 am

Re: W32/Zbot

Post by GamingMasteR » Fri Nov 19, 2010 7:10 pm

You are enabling shared folder ?
Top
nullptr
Posts: 209
Joined: Sun Mar 14, 2010 6:35 am

Re: W32/Zbot

Post by nullptr » Fri Nov 19, 2010 10:13 pm

I was, but not anymore when playing with malware lol
Top
markusg
Posts: 734
Joined: Mon Mar 15, 2010 2:53 pm

PWS:Win32/Zbot

Post by markusg » Mon Dec 27, 2010 8:30 pm

http://www.virustotal.com/file-scan/rep ... 1293480626
You do not have the required permissions to view the files attached to this post.
Top
User avatar
EP_X0FF
Global Moderator
Posts: 4872
Joined: Sun Mar 07, 2010 5:35 am
Location: Russian Federation
Contact:
Contact EP_X0FF

Re: backdoor

Post by EP_X0FF » Tue Dec 28, 2010 3:37 am

Typical ZBot.

Unpacked sample results

http://www.virustotal.com/file-scan/rep ... 1293507474
Ring0 - the source of inspiration
Top
markusg
Posts: 734
Joined: Mon Mar 15, 2010 2:53 pm

Re: W32/Zbot

Post by markusg » Tue Jan 25, 2011 7:44 pm

twaind3d.exe
http://www.virustotal.com/file-scan/rep ... 1295984054
You do not have the required permissions to view the files attached to this post.
Top
PX5
Posts: 144
Joined: Thu Apr 29, 2010 1:14 am

Re: W32/Zbot

Post by PX5 » Wed Jan 26, 2011 7:53 pm

Lmfao!....nullptr, some lessons are best learned in a fashion not easily forgettable, for sure, dont feel like the lone ranger!

Ive found when using certain types of wireless via host and vm, this can also be a bad thing. :lol:
Arrogance led me to my Ignorance
Top
Post Reply

Return to “Malware”