Search found 51 matches

by B-boy/StyLe/
Thu Jan 29, 2015 12:35 am
Forum: Malware
Topic: Win32/Dalexis (Downloader)
Replies: 12
Views: 33309

Re: Win32/Dalexis (Downloader)

by B-boy/StyLe/
Thu Jan 22, 2015 6:04 pm
Forum: Malware
Topic: Win32/Dalexis (Downloader)
Replies: 12
Views: 33309

Re: Downloader.Cabby

Grabbed some of these from e-mail attachments: https://www.virustotal.com/en/file/25f1441818c8441487d533cc48d733e90e61ea39b0339e00252e5b5f8c5640be/analysis/1421865188/ https://www.virustotal.com/en/file/cb955304d4aebebce6a8b362c45daff7bc2b4591d1eaa7b3a70cc1b65dfbda0d/analysis/ https://www.virustotal...
by B-boy/StyLe/
Tue Jul 15, 2014 11:14 am
Forum: Malware
Topic: Win32/Poweliks
Replies: 36
Views: 109589

Re: Win32/Poweliks

Thanks for the detailed analysis. :) Btw credits goes to aharonov and Picasso as well. We worked together on the latest variant which hijack HKEY_CURRENT_USER\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5} instead of HKCU\Software\Microsoft\Windows\CurrentVersion\Run. Regards, Georgi
by B-boy/StyLe/
Thu Apr 24, 2014 10:04 am
Forum: Malware
Topic: WinNT/Pigeon
Replies: 36
Views: 19765

Re: WinNT/Pigeon (W32.Mezit!inf)

Attached is a file in it's folder path (From FRST) that is detected as Mezit!inf Quads Yes....this Mezit (aka Viknok, Zekos, BlackBeard, Pigeon) now use LocalLow: Suspicious files ____________________________________________________________ C:\Users\Jeri\AppData\LocalLow\DE6D.tmp Size . . . . . . ....
by B-boy/StyLe/
Sat Apr 19, 2014 8:20 pm
Forum: Malware
Topic: WinNT/Pigeon
Replies: 36
Views: 19765

Re: WinNT/Pigeon

Another one (different size and MD5):

Will have another one soon...


Regards,
Georgi
by B-boy/StyLe/
Fri Apr 18, 2014 9:41 pm
Forum: Malware
Topic: WinNT/Pigeon
Replies: 36
Views: 19765

Re: WinNT/Pigeon

+1 more patched dll..

VT:
https://www.virustotal.com/en/file/171d ... 397857231/

I expect to receive 2 more tomorrow and will upload then as well.


Regards
Georgi
by B-boy/StyLe/
Mon Apr 14, 2014 6:56 am
Forum: Malware
Topic: WinNT/Pigeon
Replies: 36
Views: 19765

Re: WinNT/Pigeon

Hello, Here is the latest one I grabbed so far: VT: https://www.virustotal.com/en/file/09f5196e2fb4edae8a7b93fd5ca49bf3b8183672992924af8021bce223e98ac8/analysis/ So now we have 3 different samples: https://www.virustotal.com/en/file/594cc682849079d68984aa2eb824c65498c34f98ea960fe43224faded369fe82/an...
by B-boy/StyLe/
Sat Apr 12, 2014 8:45 am
Forum: Malware
Topic: WinNT/Pigeon
Replies: 36
Views: 19765

Re: WinNT/Pigeon

Yes, it look like the same variant! :) I was able to grab the samples from my topic here: https://forums.malwarebytes.org/index.php?showtopic=146349 https://www.virustotal.com/en/file/594cc682849079d68984aa2eb824c65498c34f98ea960fe43224faded369fe82/analysis/1397291955/ https://www.virustotal.com/en/...
by B-boy/StyLe/
Fri Apr 11, 2014 2:57 pm
Forum: Malware
Topic: WinNT/Pigeon
Replies: 36
Views: 19765

Re: WinNT/Pigeon

it looks like that I probably came across the same variant and will try to get all of the samples...


Regards,
Georgi
by B-boy/StyLe/
Tue Apr 08, 2014 4:23 pm
Forum: Malware
Topic: WinNT/Pigeon
Replies: 36
Views: 19765

Re: WinNT/Pigeon

Hi, Thanks! Will keep it in mind the next time I found something like this. However if this was on my PC it would be easier since it could be too complicated for the users to upload files for my review. My main task is to clean their PCs from malware and then if possible to collect samples for analy...