A forum for reverse engineering, OS internals and malware analysis 

Search found 51 matches

 Go to advanced search

Re: Win32/Dalexis (Downloader)

 by B-boy/StyLe/ ¦  Thu Jan 29, 2015 12:35 am ¦  Forum: Malware ¦  Topic: Win32/Dalexis (Downloader) ¦  Replies: 12 ¦  Views: 33981

Re: Downloader.Cabby

 by B-boy/StyLe/ ¦  Thu Jan 22, 2015 6:04 pm ¦  Forum: Malware ¦  Topic: Win32/Dalexis (Downloader) ¦  Replies: 12 ¦  Views: 33981

Grabbed some of these from e-mail attachments: https://www.virustotal.com/en/file/25f1441818c8441487d533cc48d733e90e61ea39b0339e00252e5b5f8c5640be/analysis/1421865188/ https://www.virustotal.com/en/file/cb955304d4aebebce6a8b362c45daff7bc2b4591d1eaa7b3a70cc1b65dfbda0d/analysis/ https://www.virustotal...

Re: Win32/Poweliks

 by B-boy/StyLe/ ¦  Tue Jul 15, 2014 11:14 am ¦  Forum: Malware ¦  Topic: Win32/Poweliks ¦  Replies: 36 ¦  Views: 112337

Thanks for the detailed analysis. :) Btw credits goes to aharonov and Picasso as well. We worked together on the latest variant which hijack HKEY_CURRENT_USER\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5} instead of HKCU\Software\Microsoft\Windows\CurrentVersion\Run. Regards, Georgi

Re: WinNT/Pigeon (W32.Mezit!inf)

 by B-boy/StyLe/ ¦  Thu Apr 24, 2014 10:04 am ¦  Forum: Malware ¦  Topic: WinNT/Pigeon ¦  Replies: 36 ¦  Views: 20641

Attached is a file in it's folder path (From FRST) that is detected as Mezit!inf Quads Yes....this Mezit (aka Viknok, Zekos, BlackBeard, Pigeon) now use LocalLow: Suspicious files ____________________________________________________________ C:\Users\Jeri\AppData\LocalLow\DE6D.tmp Size . . . . . . ....

Re: WinNT/Pigeon

 by B-boy/StyLe/ ¦  Sat Apr 19, 2014 8:20 pm ¦  Forum: Malware ¦  Topic: WinNT/Pigeon ¦  Replies: 36 ¦  Views: 20641

Another one (different size and MD5):

Will have another one soon...


Regards,
Georgi

Re: WinNT/Pigeon

 by B-boy/StyLe/ ¦  Fri Apr 18, 2014 9:41 pm ¦  Forum: Malware ¦  Topic: WinNT/Pigeon ¦  Replies: 36 ¦  Views: 20641

+1 more patched dll..

VT:
https://www.virustotal.com/en/file/171d ... 397857231/

I expect to receive 2 more tomorrow and will upload then as well.


Regards
Georgi

Re: WinNT/Pigeon

 by B-boy/StyLe/ ¦  Mon Apr 14, 2014 6:56 am ¦  Forum: Malware ¦  Topic: WinNT/Pigeon ¦  Replies: 36 ¦  Views: 20641

Hello, Here is the latest one I grabbed so far: VT: https://www.virustotal.com/en/file/09f5196e2fb4edae8a7b93fd5ca49bf3b8183672992924af8021bce223e98ac8/analysis/ So now we have 3 different samples: https://www.virustotal.com/en/file/594cc682849079d68984aa2eb824c65498c34f98ea960fe43224faded369fe82/an...

Re: WinNT/Pigeon

 by B-boy/StyLe/ ¦  Sat Apr 12, 2014 8:45 am ¦  Forum: Malware ¦  Topic: WinNT/Pigeon ¦  Replies: 36 ¦  Views: 20641

Yes, it look like the same variant! :) I was able to grab the samples from my topic here: https://forums.malwarebytes.org/index.php?showtopic=146349 https://www.virustotal.com/en/file/594cc682849079d68984aa2eb824c65498c34f98ea960fe43224faded369fe82/analysis/1397291955/ https://www.virustotal.com/en/...

Re: WinNT/Pigeon

 by B-boy/StyLe/ ¦  Fri Apr 11, 2014 2:57 pm ¦  Forum: Malware ¦  Topic: WinNT/Pigeon ¦  Replies: 36 ¦  Views: 20641

it looks like that I probably came across the same variant and will try to get all of the samples...


Regards,
Georgi

Re: WinNT/Pigeon

 by B-boy/StyLe/ ¦  Tue Apr 08, 2014 4:23 pm ¦  Forum: Malware ¦  Topic: WinNT/Pigeon ¦  Replies: 36 ¦  Views: 20641

Hi, Thanks! Will keep it in mind the next time I found something like this. However if this was on my PC it would be easier since it could be too complicated for the users to upload files for my review. My main task is to clean their PCs from malware and then if possible to collect samples for analy...