A forum for reverse engineering, OS internals and malware analysis 

Search found 3 matches

 Go to advanced search

Re: Malware/MSIL-BA

 by Wack0 ¦  Fri Sep 13, 2013 7:27 pm ¦  Forum: Malware ¦  Topic: Win32/Fynloski (DarkComet) ¦  Replies: 54 ¦  Views: 101620

https://www.virustotal.com/file/8d70b8dae18b40edcc399a6d12a60b8287983fa236640d5f87063555b204ae2e/analysis/ Darkcomet RAT plus the *actual* IW5M launcher in .NET (probably VB.NET due to Microsoft.VisualBasic.dll reference) crypted file. Decrypts and uses reflection to call in memory a function from ...

Re: Re:bitcoin miner

 by Wack0 ¦  Thu Aug 29, 2013 1:15 pm ¦  Forum: Malware ¦  Topic: Backdoor Blackshades NET ¦  Replies: 57 ¦  Views: 70034

https://www.virustotal.com/en/file/033eaba80338b831768afb505a6d7d0a26afdf3486f1be6540a98a303ac6765f/analysis/1377765203/ http://anubis.iseclab.org/?action=result&task_id=179c59e3289e5f6042d1dca2bcb29c4c9&format=html not bitcoin miner, actually BlackShades RAT packed using HF-style autoit crypter th...

Re: Misc critter Gen/Heur detections VT 8/43

 by Wack0 ¦  Fri Aug 19, 2011 4:17 pm ¦  Forum: Malware ¦  Topic: Malware/AutoIt ¦  Replies: 9 ¦  Views: 6349

Nothing special just weird these types of pages been about for a while now and not may vendors tracking them it would seem.. Java loader start http://leechpro.tk/ Payload http://dl.dropbox.com/u/27300888/update.exe http://www.virustotal.com/file-scan/report.html?id=e4518f9f166d29230d46772c53e753550...