A forum for reverse engineering, OS internals and malware analysis 

Search found 31 matches

 Go to advanced search

Re: Win32/VirLock

 by Mosh ¦  Sun Jul 17, 2016 3:01 am ¦  Forum: Malware ¦  Topic: Win32/VirLock ¦  Replies: 1 ¦  Views: 5012

Hi I don't know if this Ransomware is active again, looks like that nothing has changed in his functionality. Virlock.exe eeeb3519dbba09bd590076ab921e9d17 c92a20e3ce9756ea1b2a0f89626cd093e6de573b a95f93b1a16559b07820aea239014c2169161ce23d378a05d0c82bf960941e30 805.0 KB https://www.virustotal.com/es/...

Re: Android Malware(All Android malware goes here)

 by Mosh ¦  Fri Apr 22, 2016 10:04 pm ¦  Forum: Malware ¦  Topic: Android Malware(All Android malware goes here) ¦  Replies: 105 ¦  Views: 192163

A new image for this Ransomware:

MD5: 825da14a0a6a4528b3fcf6e656a3f463
SHA1: e5bdd38eb212354a484fd8ba1702de97238b04d4
SHA256: 0daee2e56a7a79e15dcb804a211453718c844f8d7688b87337dcfb8f1063722f

Image

JobCrypter Ransomware

 by Mosh ¦  Sat Feb 13, 2016 5:09 pm ¦  Forum: Malware ¦  Topic: JobCrypter Ransomware ¦  Replies: 1 ¦  Views: 4504

Malware targeting French people FileLocker.exe (465.5 KB) a02aff753dffb13ad034ca67aed985d8 f53cb550bc4d6193a42f8aa2ec348e8cc89728e9 b47f15d1093fd6466e040d3ee786a18e25f8980d3db33465d2acbafe8b0f6850 deobfuscated.exe (294.5 KB) 2ee9b110cd784d6bcdf663c9249ebee4 3d84dfd0f7dd95f26a9a47dd16149602bf8cfb56 4...

Re: Android Malware(All Android malware goes here)

 by Mosh ¦  Tue Nov 10, 2015 4:35 pm ¦  Forum: Malware ¦  Topic: Android Malware(All Android malware goes here) ¦  Replies: 105 ¦  Views: 192163

RootChecker.apk (169 KB)
MD5: 3d2f666cb5fbcdf92c457d5dcabdc47d
SHA1: 71a99e3c5ef52041d1fdcfc11af6c942ccd22abc
SHA256: d86a9e62928d3c9f45f79eb7ab5eff2bfe94753190b46cda707b4bf0a9247a7f
VirusTotal: 9/54

Image

Re: Android Malware(All Android malware goes here)

 by Mosh ¦  Fri Oct 30, 2015 4:04 pm ¦  Forum: Malware ¦  Topic: Android Malware(All Android malware goes here) ¦  Replies: 105 ¦  Views: 192163

Police Locker/Ransomware

teen18tubePlayer-49.2.apk (65,5 KB)
MD5: 3f7b5912c4db84feb783ca6ca3bae339
SHA1: 051d2564bd986ce0c8c248f67f2fbfdf87b33cb5
SHA256: 53336abac276ae519004d62d3f6949584cf3535a00264b66803d4a05364aa176

Image

Re: Android Malware(All Android malware goes here)

 by Mosh ¦  Thu Oct 22, 2015 5:31 pm ¦  Forum: Malware ¦  Topic: Android Malware(All Android malware goes here) ¦  Replies: 105 ¦  Views: 192163

XXX_Porno_Video.apk (851 KB)
MD5: 65770c670bdf1e6f433c6d0314ac8071
SHA1: 870ffacbfc4138a6adfad559c17ec97e855713d0
SHA256: 83c2fecf4d3a7e6a00c03bcaac0bedeba597e1c1d0d98215d81de455a02dd9fa

With images for Russian and Ukraine goverments

Image

Re: WinNT/Tinba (World’s smallest trojan-banker)

 by Mosh ¦  Sat Aug 22, 2015 7:07 am ¦  Forum: Malware ¦  Topic: WinNT/Tinba (World’s smallest trojan-banker) ¦  Replies: 35 ¦  Views: 46517

Sample found on 66.147.244.116 with the names: Pago_ID4323466.zip and OrdenES328721.zip MD5: 0097807174360134c88dcd682ff38c78 SHA1: ffcb9663d5984824926b9311e67e2e6af3376217 SHA256: f156f440e2f05777aa22d1655fabfcf61acf7109a1a202b0d7cfa891dd3fc315 https://www.virustotal.com/es/file/f156f440e2f05777aa2...

Re: Win32/Upatre (alias Waski)

 by Mosh ¦  Wed Jul 01, 2015 10:37 pm ¦  Forum: Malware ¦  Topic: Win32/Upatre (alias Waski) ¦  Replies: 22 ¦  Views: 23822

Hi All

Looks like Upatre (cancelation_invoice_information.zip) continue dropping Dyre Malware from these IP addresses:

62.204.250.26 (Czech Republic)
87.229.109.250 (Hungary)
217.168.210.122 (Czech Republic)
80.87.220.102 (Slovakia)
93.185.4.90 (Czech Republic)

Re: TorrentLocker ransomware

 by Mosh ¦  Thu Mar 12, 2015 3:52 pm ¦  Forum: Malware ¦  Topic: TorrentLocker ransomware ¦  Replies: 25 ¦  Views: 46424

Friends, fyi I found this on 100.42.62.205 (US).

Re: Virus:Win32/Sality (alias Sector)

 by Mosh ¦  Tue Oct 22, 2013 6:12 pm ¦  Forum: Malware ¦  Topic: Virus:Win32/Sality (alias Sector) ¦  Replies: 13 ¦  Views: 16587

Three more samples: SHA1: 7c53f61b753cf7d59a8aaa091af930555852e017 MD5: 2e9f353c64c13306419bd820c2cbb0f3 https://www.virustotal.com/en/file/6fe8af288bc3f0b2165c6f11af401d527b6546e6051870e1442ff746935c0039/analysis/ SHA1: ee4ddc814d72eb2e7d964fbed04047ca6ef40552 MD5: 8fab66e316af89f39de3b95e3846ec8c ...