Search found 3 matches

by ea56f45e66e2c
Tue Apr 04, 2017 7:54 pm
Forum: Completed Malware Requests
Topic: ATMitch
Replies: 2
Views: 7840


Hi, I am looking for a sample of a recent ATM malware named ATMitch . Karspersky wrote an article about it : Analysis on VirusTotal :
by ea56f45e66e2c
Fri Jul 15, 2016 3:13 pm
Forum: Malware
Topic: Pizzacrypts
Replies: 3
Views: 6002

Re: Pizzacrypts

The dropper uses RunPE technique : spanws another pizzacrypts suspended process, unmaps the sections and writes the upx-packed payload inside, then terminates the current process. Some weird anti-debug behaviors in the unpacked payload. It compares running processes with this list : ollydbg.exe idag...
by ea56f45e66e2c
Thu Jul 07, 2016 11:58 am
Forum: Malware
Topic: Ransom/Satana
Replies: 4
Views: 6738

Re: Ransom/Satana

Unpacked in the attachment ( For those who don't have an account on The unpacking process is easy. Just put a breakpoint on RtlDecompressBuffer did hbp on it.. but mine crashed, with error msg Debugged application message: on_tls_callback3 Debugged application message: EntryPoint-4 40281...