Trojan SpyEye (alias Pincav)

Forum for analysis and discussion about malware.
Post Reply
User avatar
EP_X0FF
Global Moderator
Posts: 4808
Joined: Sun Mar 07, 2010 5:35 am
Location: Russian Federation
Contact:

Re: Trojan SpyEye (alias Pincav)

Post by EP_X0FF » Fri Nov 19, 2010 3:43 am

SpyEye Builder v1.2.60 (protected by VmProtect)
+ patch from Xylitol (requires VS 2010 redistr).

Take care, could be harmful.
You do not have the required permissions to view the files attached to this post.
Ring0 - the source of inspiration

nullptr
Posts: 209
Joined: Sun Mar 14, 2010 6:35 am

Re: Trojan SpyEye (alias Pincav)

Post by nullptr » Fri Nov 19, 2010 1:51 pm

SpyEye + other crap
hxxp://213.155.12.144/sec/bin/

User avatar
EP_X0FF
Global Moderator
Posts: 4808
Joined: Sun Mar 07, 2010 5:35 am
Location: Russian Federation
Contact:

Re: Trojan SpyEye (alias Pincav)

Post by EP_X0FF » Fri Nov 19, 2010 1:54 pm

BTW seems to be 1.2.80 is final.
Author switched to Zeus development.

files from the link above (in case if source will be unavailable)
You do not have the required permissions to view the files attached to this post.
Ring0 - the source of inspiration

User avatar
gjf
Posts: 198
Joined: Mon Mar 15, 2010 10:23 am
Location: Where I lay my head is home
Contact:

Re: Trojan SpyEye (alias Pincav)

Post by gjf » Fri Nov 19, 2010 1:58 pm

EP_X0FF wrote:BTW seems to be 1.2.80 is final.
Author switched to Zeus development.
I know about passing Zeus sources to SpyEye author but are you sure he will continue Zeus, not merging them all together into something new?
Where did you get this information?
VirusInfo / Defendium / SafeZone Helpers Crew

User avatar
EP_X0FF
Global Moderator
Posts: 4808
Joined: Sun Mar 07, 2010 5:35 am
Location: Russian Federation
Contact:

Re: Trojan SpyEye (alias Pincav)

Post by EP_X0FF » Fri Nov 19, 2010 2:02 pm

From underground places.
gribodemon (01:11:43 22/10/2010)
Мой новый проект во много раз лучше.

I (01:12:08 22/10/2010)
mmm... t.e. ty zevsa perepisal ili kak?

gribodemon (01:13:41 22/10/2010)
Переписал. Доработал. Поправил. Улучшил. Изменил.

I (01:14:04 22/10/2010)
a chto s glazom? obnovleniy bol'she ne budet ?

gribodemon (01:14:39 22/10/2010)
Нет.

gribodemon (01:15:11 22/10/2010)
Я тебе советую. Возьми. Благодарить будешь.

gribodemon(01:15:16 22/10/2010)
Это приват теперь.

gribodemon (01:15:18 22/10/2010)
Никакого паба.

I (01:15:28 22/10/2010)
hmmm... alya zevs 2.1 ?

gribodemon (01:16:09 22/10/2010)
3.0
Ring0 - the source of inspiration

User avatar
gjf
Posts: 198
Joined: Mon Mar 15, 2010 10:23 am
Location: Where I lay my head is home
Contact:

Re: Trojan SpyEye (alias Pincav)

Post by gjf » Fri Nov 19, 2010 2:05 pm

So what? He tries to sell his crap. Will see in future what we have to say "thank you!" for! ;)
VirusInfo / Defendium / SafeZone Helpers Crew

User avatar
EP_X0FF
Global Moderator
Posts: 4808
Joined: Sun Mar 07, 2010 5:35 am
Location: Russian Federation
Contact:

Re: Trojan SpyEye (alias Pincav)

Post by EP_X0FF » Fri Nov 19, 2010 2:07 pm

In any case, not a big loss if this bot series will die. More likely it will be sold somebody else in future.
Ring0 - the source of inspiration

User avatar
EP_X0FF
Global Moderator
Posts: 4808
Joined: Sun Mar 07, 2010 5:35 am
Location: Russian Federation
Contact:

Re: Trojan SpyEye (alias Pincav)

Post by EP_X0FF » Sat Nov 20, 2010 4:06 pm

SpyEye v1.2.50 Builder.
Patch by Zer0Flag

Image

Take care, could be harmful.
You do not have the required permissions to view the files attached to this post.
Ring0 - the source of inspiration

markusg
Posts: 733
Joined: Mon Mar 15, 2010 2:53 pm

Re: Trojan SpyEye (alias Pincav)

Post by markusg » Sun Nov 21, 2010 5:55 pm

You do not have the required permissions to view the files attached to this post.

Jaxryley
Posts: 140
Joined: Mon Mar 15, 2010 7:49 am

Re: Trojan SpyEye (alias Pincav)

Post by Jaxryley » Wed Nov 24, 2010 6:18 am

crypted.exe - 7/43 - Kaspersky - Win32.Jorik.SpyEyes.gs - MD5 : deb097c6dee4df1b6ee1b6874d0bc676
http://www.virustotal.com/file-scan/rep ... 1290578875

Dropped:
upd1.tmp - 12/43 - MD5 : b903ef100b28ef5f82e753fccb0d2079
http://www.virustotal.com/file-scan/rep ... 1290578879
crypted.rar
You do not have the required permissions to view the files attached to this post.

Post Reply