A forum for reverse engineering, OS internals and malware analysis 

Search found 19 matches

 Go to advanced search

Re: Win32/Betabot (alias Neurevt)

 by Thanat0S ¦  Mon Sep 23, 2013 8:03 am ¦  Forum: Malware ¦  Topic: Win32/Betabot (alias Neurevt) ¦  Replies: 59 ¦  Views: 119417

Xylitol wrote:
Thanat0S wrote:does anyone has panel src of 1.5 please
useless, panel is under ioncube.
ya, i know, this may work:
http://ioncubedecoder2013.blogspot.com/ ... coder.html

Re: Win32/Betabot (alias Neurevt)

 by Thanat0S ¦  Mon Sep 23, 2013 7:45 am ¦  Forum: Malware ¦  Topic: Win32/Betabot (alias Neurevt) ¦  Replies: 59 ¦  Views: 119417

does anyone has panel src of 1.5 please

Re: Win32/Napolar (Solar)

 by Thanat0S ¦  Mon Sep 23, 2013 7:40 am ¦  Forum: Malware ¦  Topic: Win32/Napolar (Solar) ¦  Replies: 17 ¦  Views: 21813

uCares wrote:Panel :
Code: Select all
hxtp://canc3r1nf0rmat10n.pw/Panel/
not working, reupload panel src please I want to analyze it

edit, you mean gate not panel , well I thought it was panel source code, anyways if anyone find it, please post it

Re: Win32/Betabot (alias Neurevt)

 by Thanat0S ¦  Mon Sep 23, 2013 4:28 am ¦  Forum: Malware ¦  Topic: Win32/Betabot (alias Neurevt) ¦  Replies: 59 ¦  Views: 119417

it contains blacklist of a lot of tools ( process monitor not process exp, RKU, tcpview )
also, In the skid forum, he (betamoneky) says it includes x64 support.

Re: Win32/Betabot (alias Neurevt)

 by Thanat0S ¦  Sun Sep 22, 2013 10:13 am ¦  Forum: Malware ¦  Topic: Win32/Betabot (alias Neurevt) ¦  Replies: 59 ¦  Views: 119417

I think anyone in the scene must create a builder to this shit and stop the game to this skid. bin is compressed with 7zip algo.

Re: Win32/Betabot (alias Neurevt)

 by Thanat0S ¦  Sun Sep 22, 2013 10:11 am ¦  Forum: Malware ¦  Topic: Win32/Betabot (alias Neurevt) ¦  Replies: 59 ¦  Views: 119417

From the inside - Betabot (c) 2012-2014, coded by Userbased. As for super-duper stealth loading - well just changed a bit handler of NTDLL registry hook, now it is giving faked registry path representing Betabot as second copy of Explorer.exe. But this entry has randomized name which itself is susp...

Re: Am I infected? System handle

 by Thanat0S ¦  Fri Aug 09, 2013 4:35 am ¦  Forum: Newbie Questions ¦  Topic: Am I infected? System handle ¦  Replies: 2 ¦  Views: 4398

Thank you EP_X0FF :D

Am I infected? System handle

 by Thanat0S ¦  Thu Aug 08, 2013 9:53 pm ¦  Forum: Newbie Questions ¦  Topic: Am I infected? System handle ¦  Replies: 2 ¦  Views: 4398

Hello there I created this thread becuase I have 2 q Im suspecting that Im infected, my scenery: ~ hello world in VS2012 ~ I start debugging mode ~ I stop it ~ I change the src then F7 (rebuild solution) and I get this: 1>LINK : fatal error LNK1168: cannot open C:\Users\Admin\Desktop\Hellow\Debug\He...

Re: Kill kaspersky 2012 from user mode :)

 by Thanat0S ¦  Sat Sep 29, 2012 5:49 pm ¦  Forum: User-Mode Development ¦  Topic: AV SP Discussion & Bypass ¦  Replies: 121 ¦  Views: 224685

so who will share this POC with us? :P

Size of Data base?

 by Thanat0S ¦  Fri Sep 28, 2012 9:11 am ¦  Forum: Reverse Engineering and Debugging ¦  Topic: Size of Data base? ¦  Replies: 1 ¦  Views: 3944

Hello guys, I'm debugging a malware and alright, but my idb file has a size of 90mb! (
I did some changes, for example, change function name, add comments. so , my question is: Is this normal?. or how to can i fix it?
the malware has a size of 123kb. thanks!