Search found 3 matches

by ea56f45e66e2c
Tue Apr 04, 2017 7:54 pm
Forum: Completed Malware Requests
Topic: ATMitch
Replies: 2
Views: 7840

ATMitch

Hi, I am looking for a sample of a recent ATM malware named ATMitch . Karspersky wrote an article about it : https://securelist.com/blog/sas/77918/atmitch-remote-administration-of-atms/ Analysis on VirusTotal : https://www.virustotal.com/en/file/ea5ebd1e5f98e10b1e7c834dd54707ad06772bccb4179cae7e50c7...
by ea56f45e66e2c
Fri Jul 15, 2016 3:13 pm
Forum: Malware
Topic: Pizzacrypts
Replies: 3
Views: 6002

Re: Pizzacrypts

The dropper uses RunPE technique : spanws another pizzacrypts suspended process, unmaps the sections and writes the upx-packed payload inside, then terminates the current process. Some weird anti-debug behaviors in the unpacked payload. It compares running processes with this list : ollydbg.exe idag...
by ea56f45e66e2c
Thu Jul 07, 2016 11:58 am
Forum: Malware
Topic: Ransom/Satana
Replies: 4
Views: 6738

Re: Ransom/Satana

Unpacked in the attachment ( For those who don't have an account on malwr.com) The unpacking process is easy. Just put a breakpoint on RtlDecompressBuffer did hbp on it.. but mine crashed, with error msg Debugged application message: on_tls_callback3 Debugged application message: EntryPoint-4 40281...