A forum for reverse engineering, OS internals and malware analysis 

Search found 32 matches

 Go to advanced search

Re: Malware Requests, part 2

 by tachion ¦  Mon Oct 08, 2012 7:38 pm ¦  Forum: Malware ¦  Topic: NgrBot (aka Win32/Dorkbot.gen!A) ¦  Replies: 71 ¦  Views: 78316

Can any1 give me this ransomware sample mentioned here? http://www.gfi.com/blog/skype-users-targeted-with-ransomware-and-click-fraud/ No MD5(Sorry,can't find). Thanks in advance. MD5 e8e2ba08f9aff27eed45daa8dbde6159 https://www.virustotal.com/file/51100553d15597e9d0ca98aa0f3be3ab5a49c0ca10808456b7a...

Re: Trojan Ransom / Pliqpay_monexy

 by tachion ¦  Sun Sep 16, 2012 10:06 am ¦  Forum: Malware ¦  Topic: Backdoor Bot (including unnamed IRC bots) ¦  Replies: 13 ¦  Views: 11386

Hi thisisu log [ Changes to filesystem ] * Creates file C:\Windows\System32\windtr32.exe [ Changes to registry ] * Creates value "AudioDriver=C:\Windows\system32\windtr32.exe" in key HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Run * Modifies value "NukeOnDelete=00000001" in key HKEY...

Re: ZeroAccess (alias MaxPlus, Sirefef)

 by tachion ¦  Wed Aug 22, 2012 10:37 am ¦  Forum: Malware ¦  Topic: ZeroAccess (alias MaxPlus, Sirefef) ¦  Replies: 557 ¦  Views: 574530

Antivirus Reviews
what the end key / f :lol:

Thisisu


The problem is using HitmanPro.
When disinfection program Malwarebytes problem occurs

It also helps to create a new administrator account :)

Re: Malware Requests, part 2

 by tachion ¦  Tue Aug 14, 2012 9:28 pm ¦  Forum: Malware ¦  Topic: Trojan:Win32/Ligsetrac (DieBold Skimer Trojan) ¦  Replies: 3 ¦  Views: 7980

Re: Malware Requests, part 2

 by tachion ¦  Tue Jul 31, 2012 5:43 pm ¦  Forum: Completed Malware Requests ¦  Topic: Malware Requests, part 2 ¦  Replies: 145 ¦  Views: 120227

_69 wrote:Has someone got this: http://www.securelist.com/en/descriptio ... AutoRun.jw
this is variant sality

Re: Trojan Ransom / FakePoliceAlert

 by tachion ¦  Sat Jul 21, 2012 7:44 am ¦  Forum: Malware ¦  Topic: Trojan Ransom / FakePoliceAlert ¦  Replies: 134 ¦  Views: 125531

This one is new to me. It looks kinda like Reveton but does not load the same way. No webcam module on this one either. Only MoneyPak accepted as payment. These are in U.S. http://i.imgur.com/VJFyDl.png Creates 2 exe files - %appdata%\<Random.exe> %userprofile%\<Random.exe> Loads up via registry in...

Re: Rogue antimalware (FakeAV, FakeAlert)

 by tachion ¦  Sun Jul 01, 2012 3:09 pm ¦  Forum: Malware ¦  Topic: Rogue Antimalware (FakeAV, 2012 year) ¦  Replies: 454 ¦  Views: 223856

2x FakeAV - WinWebSec - Live Security Platinum MD5 90db3d6fd87602d6bd0ab98de65e5176 84e34023163e61f8b4271d5c2090ce4e https://www.virustotal.com/file/388a457bde78331e1909742ce820ff8b10b83da513bac5477d679159a58c14d3/analysis/ https://www.virustotal.com/file/fcd063ddada1cbea8756409415c6c27b9f82aea560ea...

Re: Rogue antimalware (FakeAV, FakeAlert)

 by tachion ¦  Sun Jul 01, 2012 2:54 pm ¦  Forum: Malware ¦  Topic: Rogue Antimalware (FakeAV, 2012 year) ¦  Replies: 454 ¦  Views: 223856

FakeAV - WinWebSec - Security Shield
md5 eb05548415f1594de9660977171a7bdd
https://www.virustotal.com/file/5d07e2d ... /analysis/

Re: Malware Requests, part 2

 by tachion ¦  Thu Jun 21, 2012 3:48 pm ¦  Forum: Completed Malware Requests ¦  Topic: Malware Requests, part 2 ¦  Replies: 145 ¦  Views: 120227

Hi, I am looking for ACAD/Medre.A sorry,no md5 or sha1 http://blog.eset.com/2012/06/21/acadmedre-10000s-of-autocad-files-leaked-in-suspected-industrial-espionage I have only MD5 7b563740f41e495a68b70cbb22980b20 analysis - http://www.dataprotectioncenter.com/antivirus/eset-nod32/acadmedre-a-technica...

Re: Malware Requests, part 2

 by tachion ¦  Sun Jun 17, 2012 7:52 pm ¦  Forum: Completed Malware Requests ¦  Topic: Virus.Boot.Azusa.a ¦  Replies: 8 ¦  Views: 5234

probably so

Can anyone track down after the md5 :) http://v.virscan.org/Virus.Boot.Azusa!IK.html