A forum for reverse engineering, OS internals and malware analysis 

Search found 32 matches

 Go to advanced search

Re: Malware Requests, part 2

 by tachion ¦  Mon Oct 08, 2012 7:38 pm ¦  Forum: Malware ¦  Topic: NgrBot (aka Win32/Dorkbot.gen!A) ¦  Replies: 71 ¦  Views: 77442

Can any1 give me this ransomware sample mentioned here? http://www.gfi.com/blog/skype-users-targeted-with-ransomware-and-click-fraud/ No MD5(Sorry,can't find). Thanks in advance. MD5 e8e2ba08f9aff27eed45daa8dbde6159 https://www.virustotal.com/file/51100553d15597e9d0ca98aa0f3be3ab5a49c0ca10808456b7a...

Re: Trojan Ransom / Pliqpay_monexy

 by tachion ¦  Sun Sep 16, 2012 10:06 am ¦  Forum: Malware ¦  Topic: Backdoor Bot (including unnamed IRC bots) ¦  Replies: 13 ¦  Views: 11162

Hi thisisu log [ Changes to filesystem ] * Creates file C:\Windows\System32\windtr32.exe [ Changes to registry ] * Creates value "AudioDriver=C:\Windows\system32\windtr32.exe" in key HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Run * Modifies value "NukeOnDelete=00000001" in key HKEY...

Re: ZeroAccess (alias MaxPlus, Sirefef)

 by tachion ¦  Wed Aug 22, 2012 10:37 am ¦  Forum: Malware ¦  Topic: ZeroAccess (alias MaxPlus, Sirefef) ¦  Replies: 557 ¦  Views: 571468

Antivirus Reviews
what the end key / f :lol:

Thisisu


The problem is using HitmanPro.
When disinfection program Malwarebytes problem occurs

It also helps to create a new administrator account :)

Re: Malware Requests, part 2

 by tachion ¦  Tue Aug 14, 2012 9:28 pm ¦  Forum: Malware ¦  Topic: Trojan:Win32/Ligsetrac (DieBold Skimer Trojan) ¦  Replies: 3 ¦  Views: 7850

Re: Malware Requests, part 2

 by tachion ¦  Tue Jul 31, 2012 5:43 pm ¦  Forum: Completed Malware Requests ¦  Topic: Malware Requests, part 2 ¦  Replies: 145 ¦  Views: 119260

_69 wrote:Has someone got this: http://www.securelist.com/en/descriptio ... AutoRun.jw
this is variant sality

Re: Trojan Ransom / FakePoliceAlert

 by tachion ¦  Sat Jul 21, 2012 7:44 am ¦  Forum: Malware ¦  Topic: Trojan Ransom / FakePoliceAlert ¦  Replies: 134 ¦  Views: 124298

This one is new to me. It looks kinda like Reveton but does not load the same way. No webcam module on this one either. Only MoneyPak accepted as payment. These are in U.S. http://i.imgur.com/VJFyDl.png Creates 2 exe files - %appdata%\<Random.exe> %userprofile%\<Random.exe> Loads up via registry in...

Re: Rogue antimalware (FakeAV, FakeAlert)

 by tachion ¦  Sun Jul 01, 2012 3:09 pm ¦  Forum: Malware ¦  Topic: Rogue Antimalware (FakeAV, 2012 year) ¦  Replies: 454 ¦  Views: 222153

2x FakeAV - WinWebSec - Live Security Platinum MD5 90db3d6fd87602d6bd0ab98de65e5176 84e34023163e61f8b4271d5c2090ce4e https://www.virustotal.com/file/388a457bde78331e1909742ce820ff8b10b83da513bac5477d679159a58c14d3/analysis/ https://www.virustotal.com/file/fcd063ddada1cbea8756409415c6c27b9f82aea560ea...

Re: Rogue antimalware (FakeAV, FakeAlert)

 by tachion ¦  Sun Jul 01, 2012 2:54 pm ¦  Forum: Malware ¦  Topic: Rogue Antimalware (FakeAV, 2012 year) ¦  Replies: 454 ¦  Views: 222153

FakeAV - WinWebSec - Security Shield
md5 eb05548415f1594de9660977171a7bdd
https://www.virustotal.com/file/5d07e2d ... /analysis/

Re: Malware Requests, part 2

 by tachion ¦  Thu Jun 21, 2012 3:48 pm ¦  Forum: Completed Malware Requests ¦  Topic: Malware Requests, part 2 ¦  Replies: 145 ¦  Views: 119260

Hi, I am looking for ACAD/Medre.A sorry,no md5 or sha1 http://blog.eset.com/2012/06/21/acadmedre-10000s-of-autocad-files-leaked-in-suspected-industrial-espionage I have only MD5 7b563740f41e495a68b70cbb22980b20 analysis - http://www.dataprotectioncenter.com/antivirus/eset-nod32/acadmedre-a-technica...

Re: Malware Requests, part 2

 by tachion ¦  Sun Jun 17, 2012 7:52 pm ¦  Forum: Completed Malware Requests ¦  Topic: Virus.Boot.Azusa.a ¦  Replies: 8 ¦  Views: 5181

probably so

Can anyone track down after the md5 :) http://v.virscan.org/Virus.Boot.Azusa!IK.html