A forum for reverse engineering, OS internals and malware analysis 

Search found 29 matches

 Go to advanced search

TrojanDownloader:VBS/Bancos.A

 by hackr8 ¦  Sun Apr 14, 2019 11:15 am ¦  Forum: Completed Malware Requests ¦  Topic: TrojanDownloader:VBS/Bancos.A ¦  Replies: 2 ¦  Views: 95

Hello, I am looking for this particular sample: TrojanDownloader:VBS/Bancos.A(Microsoft) SHA-256: 93f488e4bb25977443ff34b593652bea06e7914564af5721727b1acdd453ced9 MD5: 349db5e1fd5fecdca2f264d1379d2b38 Virustotal: https://www.virustotal.com/#/file/93f488e4bb25977443ff34b593652bea06e7914564af5721727b1...

TrojanDownloader.VBS.Agent.REH

 by hackr8 ¦  Sat Apr 13, 2019 11:12 am ¦  Forum: Malware ¦  Topic: TrojanDownloader.VBS.Agent.REH ¦  Replies: 0 ¦  Views: 112

VBS Trojan with double extension *.doc.vbs Nothing special, the code is a bit complicated though. VirusTotal: https://www.virustotal.com/#/file/34631cbcb4298ac021cedd1b57bd2dcf3b94e24752e67b61a9f37e0cef8ec2ad/detection Direct Download(dangerous): hxxps://onedrive.live.com/download.aspx?cid=FD5AFF729...

Re: Overwrite a file using WinAPI functions VB.NET

 by hackr8 ¦  Thu Mar 28, 2019 3:50 pm ¦  Forum: Newbie Questions ¦  Topic: Overwrite a file using WinAPI functions VB.NET ¦  Replies: 9 ¦  Views: 267

BTW, it worked perfectly on a dummy after slight modifications (fixed the indentations).
Thanks!

Re: Overwrite a file using WinAPI functions VB.NET

 by hackr8 ¦  Thu Mar 28, 2019 3:30 pm ¦  Forum: Newbie Questions ¦  Topic: Overwrite a file using WinAPI functions VB.NET ¦  Replies: 9 ¦  Views: 267

Oh, I see what you did there. I never thought of that.
how does &H40000000 work as an integer, though?
BTW, Thanks for the help.

Re: Overwrite a file using WinAPI functions VB.NET

 by hackr8 ¦  Thu Mar 28, 2019 2:50 pm ¦  Forum: Newbie Questions ¦  Topic: Overwrite a file using WinAPI functions VB.NET ¦  Replies: 9 ¦  Views: 267

I didn't quite work. Am I doing something wrong? Please help. I tried it like this: Imports System.IO Imports System Imports System.Runtime.InteropServices Public Class Form Private Sub Button1_Click(ByVal sender As Object, ByVal e As System.EventArgs) Handles Button1.Click If CheckBox1.Checked = Tr...

Re: Overwrite a file using WinAPI functions VB.NET

 by hackr8 ¦  Thu Mar 28, 2019 2:14 pm ¦  Forum: Newbie Questions ¦  Topic: Overwrite a file using WinAPI functions VB.NET ¦  Replies: 9 ¦  Views: 267

Ok i will try it ASAP. Thanks!

Re: Overwrite a file using WinAPI functions VB.NET

 by hackr8 ¦  Thu Mar 28, 2019 1:54 pm ¦  Forum: Newbie Questions ¦  Topic: Overwrite a file using WinAPI functions VB.NET ¦  Replies: 9 ¦  Views: 267

Please remember that I want to replace the bytes of the file with null (basically overwrite the file) I tried the following code with a bit of modification: Imports System.IO Imports System Imports System.Runtime.InteropServices Public Class Form Private Sub Button1_Click(ByVal sender As Object, ByV...

Overwrite a file using WinAPI functions VB.NET

 by hackr8 ¦  Wed Mar 27, 2019 8:32 pm ¦  Forum: Newbie Questions ¦  Topic: Overwrite a file using WinAPI functions VB.NET ¦  Replies: 9 ¦  Views: 267

One of my friends and I have been trying to learn more about API calls. At first, we successfully used DeleteFileW to delete files. Then, we tried to call CreateFile and WriteFile from kernel32.dll to overwrite a file. We were trying for a long time, to no avail. We looked for more information on th...

Adware.IStartSurf

 by hackr8 ¦  Fri Mar 08, 2019 5:33 pm ¦  Forum: Malware ¦  Topic: Adware.IStartSurf ¦  Replies: 1 ¦  Views: 302

I downloaded this sample from a site I was redirected to while googling. The file has unusual structure.
Can somebody try analyzing this? Thanks.
Virustotal: https://www.virustotal.com/#/file/e9b4b ... 0f5c535d4d

UDS.DangerousObject.Multi.Generic (Nanocore RAT)

 by hackr8 ¦  Thu Mar 07, 2019 2:49 pm ¦  Forum: Malware ¦  Topic: MSIL/Noancooe (alias Nanocore) ¦  Replies: 7 ¦  Views: 6265

I found this on dropbox. It's made with VB6 [signature:Microsoft Visual Basic v5.0] Please note that I was the first person to upload the file to Virustotal so the report might change soon . Virustotal: https://www.virustotal.com/#/file/dab62c03ba5ddbbd98961dcda9a6af73fbc8f594d0299842984c2effbb65a87...