A forum for reverse engineering, OS internals and malware analysis 

Search found 365 matches

 Go to advanced search

Re: Themida? Need help

 by thisisu ¦  Sun Jun 22, 2014 12:53 am ¦  Forum: Malware ¦  Topic: Themida? Need help ¦  Replies: 1 ¦  Views: 2655

Sorry, it must be related to Dofoil.

Re: Rootkit TDL 4 (alias TDSS, Alureon.DX, Olmarik)

 by thisisu ¦  Sat Jun 21, 2014 9:39 pm ¦  Forum: Malware ¦  Topic: WinNT/Wowliks (Alureon) ¦  Replies: 8 ¦  Views: 8685

wow.dll MD5 7d0463045f947477919491d2a0d025d8 SHA1 a34041f7a80bd165943673e887197807753be784 SHA256 a00d64fa5ff2a92f5d58cf06b0c0df67014c7ed19a1b34ec8c509fdda6e4f3da https://www.virustotal.com/en/file/a00d64fa5ff2a92f5d58cf06b0c0df67014c7ed19a1b34ec8c509fdda6e4f3da/analysis/1403386063/ wow.ini [main] s...

Re: WinNT/Rovnix (alias Mayachok, Cidox, BkLoader)

 by thisisu ¦  Sat Jun 21, 2014 9:31 pm ¦  Forum: Malware ¦  Topic: WinNT/Rovnix (alias Mayachok, Cidox, BkLoader) ¦  Replies: 83 ¦  Views: 119265

Themida? Need help

 by thisisu ¦  Sat Jun 21, 2014 9:11 pm ¦  Forum: Malware ¦  Topic: Themida? Need help ¦  Replies: 1 ¦  Views: 2655

Need help identifying this one. Thanks friends MD5 aa397e188a68f7ba950d6b44c82888d4 SHA1 5e25690e639813ce66412644742c2ce5d185d186 SHA256 05e22beed355a21f200faf58c3513bdafd5f5cbcc445740ac64fa7d47b19a383 jpiexpl32.dll -- https://www.virustotal.com/en/file/05e22beed355a21f200faf58c3513bdafd5f5cbcc44574...

Re: Win32/Dofoil

 by thisisu ¦  Sat Jun 21, 2014 8:37 pm ¦  Forum: Malware ¦  Topic: Win32/Dofoil ¦  Replies: 7 ¦  Views: 8314

Win32/Dofoil.T MD5 8176a3ec0aec664fb4170fdf9c9ee261 SHA1 034cee51257195b9b29e68d5ec714671de9ccc0d SHA256 3d773d150fa014625c9c8718068d91b6a32b05431601754808e91ec1932512a8 https://www.virustotal.com/en/file/3d773d150fa014625c9c8718068d91b6a32b05431601754808e91ec1932512a8/analysis/ HKU\Owner\...\Polici...

Re: Win32/Reveton

 by thisisu ¦  Thu Jun 12, 2014 2:29 am ¦  Forum: Malware ¦  Topic: Win32/Reveton ¦  Replies: 150 ¦  Views: 194987

bitstechs wrote:Did you happen to save any of the samples from the programdata folder? I'd like to grab those if you have them.
No, but I'll save them next time.

Btw, was anyone able to find out what EntryPoint was of that .dll file?

Re: Win32/Reveton

 by thisisu ¦  Sat Jun 07, 2014 10:16 pm ¦  Forum: Malware ¦  Topic: Win32/Reveton ¦  Replies: 150 ¦  Views: 194987

ICE Cyber Crime Center with low detection (4/51). Fresh from a customer's computer. MD5 5651aa11bf10475e23c049f3c61f6dd1 SHA1 4e1f5b15668dcc25434d469d2d308f1b2fc95358 SHA256 bc495ccdb5013fe9cdfbf8c14979d40e7f17d0e07e17728b9891f4bfa9ab01c4 https://www.virustotal.com/en/file/bc495ccdb5013fe9cdfbf8c149...

Re: Necurs - another x64 rootkit

 by thisisu ¦  Tue Jun 03, 2014 5:50 am ¦  Forum: Malware ¦  Topic: Necurs - another x64 rootkit ¦  Replies: 70 ¦  Views: 97394

Credits to Malekal_morte for providing dropper on his website. .sys + .exe/dropper attached syshost.exe -- dabea808bb91f02e158cdbcbf3e8a790 -- https://www.virustotal.com/en/file/2b64536b04f8773d80aaef36fc7943058bda76372c5eb3516b0107f2937ccb9e/analysis/1401773988/ 79051d41d365f350.sys -- ca82853fd71d...

Re: ZeroAccess (alias MaxPlus, Sirefef)

 by thisisu ¦  Mon Apr 28, 2014 2:07 am ¦  Forum: Malware ¦  Topic: ZeroAccess (alias MaxPlus, Sirefef) ¦  Replies: 557 ¦  Views: 574506

AronPX wrote:Does anyone have new sample of za?
Have a PC now with ZA that contains *etadpug service. Is that still newest variant?

Re: Rogue Antimalware (FakeAV, 2014 year)

 by thisisu ¦  Sun Apr 20, 2014 12:11 am ¦  Forum: Malware ¦  Topic: Rogue Antimalware (FakeAV, 2014 year) ¦  Replies: 58 ¦  Views: 69820

Cool :)
Another Windows Internet Guard credits to BornSlippy @ MBAM
pass: infected
https://www.virustotal.com/en/file/fe29 ... /analysis/

  • 1
  • 2
  • 3
  • 4
  • 5
  • 37