A forum for reverse engineering, OS internals and malware analysis 

Search found 51 matches

 Go to advanced search

Re: Win32/Dalexis (Downloader)

 by B-boy/StyLe/ ¦  Thu Jan 29, 2015 12:35 am ¦  Forum: Malware ¦  Topic: Win32/Dalexis (Downloader) ¦  Replies: 12 ¦  Views: 33424

Re: Downloader.Cabby

 by B-boy/StyLe/ ¦  Thu Jan 22, 2015 6:04 pm ¦  Forum: Malware ¦  Topic: Win32/Dalexis (Downloader) ¦  Replies: 12 ¦  Views: 33424

Grabbed some of these from e-mail attachments: https://www.virustotal.com/en/file/25f1441818c8441487d533cc48d733e90e61ea39b0339e00252e5b5f8c5640be/analysis/1421865188/ https://www.virustotal.com/en/file/cb955304d4aebebce6a8b362c45daff7bc2b4591d1eaa7b3a70cc1b65dfbda0d/analysis/ https://www.virustotal...

Re: Win32/Poweliks

 by B-boy/StyLe/ ¦  Tue Jul 15, 2014 11:14 am ¦  Forum: Malware ¦  Topic: Win32/Poweliks ¦  Replies: 36 ¦  Views: 110022

Thanks for the detailed analysis. :) Btw credits goes to aharonov and Picasso as well. We worked together on the latest variant which hijack HKEY_CURRENT_USER\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5} instead of HKCU\Software\Microsoft\Windows\CurrentVersion\Run. Regards, Georgi

Re: WinNT/Pigeon (W32.Mezit!inf)

 by B-boy/StyLe/ ¦  Thu Apr 24, 2014 10:04 am ¦  Forum: Malware ¦  Topic: WinNT/Pigeon ¦  Replies: 36 ¦  Views: 19942

Attached is a file in it's folder path (From FRST) that is detected as Mezit!inf Quads Yes....this Mezit (aka Viknok, Zekos, BlackBeard, Pigeon) now use LocalLow: Suspicious files ____________________________________________________________ C:\Users\Jeri\AppData\LocalLow\DE6D.tmp Size . . . . . . ....

Re: WinNT/Pigeon

 by B-boy/StyLe/ ¦  Sat Apr 19, 2014 8:20 pm ¦  Forum: Malware ¦  Topic: WinNT/Pigeon ¦  Replies: 36 ¦  Views: 19942

Another one (different size and MD5):

Will have another one soon...


Regards,
Georgi

Re: WinNT/Pigeon

 by B-boy/StyLe/ ¦  Fri Apr 18, 2014 9:41 pm ¦  Forum: Malware ¦  Topic: WinNT/Pigeon ¦  Replies: 36 ¦  Views: 19942

+1 more patched dll..

VT:
https://www.virustotal.com/en/file/171d ... 397857231/

I expect to receive 2 more tomorrow and will upload then as well.


Regards
Georgi

Re: WinNT/Pigeon

 by B-boy/StyLe/ ¦  Mon Apr 14, 2014 6:56 am ¦  Forum: Malware ¦  Topic: WinNT/Pigeon ¦  Replies: 36 ¦  Views: 19942

Hello, Here is the latest one I grabbed so far: VT: https://www.virustotal.com/en/file/09f5196e2fb4edae8a7b93fd5ca49bf3b8183672992924af8021bce223e98ac8/analysis/ So now we have 3 different samples: https://www.virustotal.com/en/file/594cc682849079d68984aa2eb824c65498c34f98ea960fe43224faded369fe82/an...

Re: WinNT/Pigeon

 by B-boy/StyLe/ ¦  Sat Apr 12, 2014 8:45 am ¦  Forum: Malware ¦  Topic: WinNT/Pigeon ¦  Replies: 36 ¦  Views: 19942

Yes, it look like the same variant! :) I was able to grab the samples from my topic here: https://forums.malwarebytes.org/index.php?showtopic=146349 https://www.virustotal.com/en/file/594cc682849079d68984aa2eb824c65498c34f98ea960fe43224faded369fe82/analysis/1397291955/ https://www.virustotal.com/en/...

Re: WinNT/Pigeon

 by B-boy/StyLe/ ¦  Fri Apr 11, 2014 2:57 pm ¦  Forum: Malware ¦  Topic: WinNT/Pigeon ¦  Replies: 36 ¦  Views: 19942

it looks like that I probably came across the same variant and will try to get all of the samples...


Regards,
Georgi

Re: WinNT/Pigeon

 by B-boy/StyLe/ ¦  Tue Apr 08, 2014 4:23 pm ¦  Forum: Malware ¦  Topic: WinNT/Pigeon ¦  Replies: 36 ¦  Views: 19942

Hi, Thanks! Will keep it in mind the next time I found something like this. However if this was on my PC it would be easier since it could be too complicated for the users to upload files for my review. My main task is to clean their PCs from malware and then if possible to collect samples for analy...