A forum for reverse engineering, OS internals and malware analysis 

Search found 87 matches

 Go to advanced search

Re: Ransom/BetterCallSaul

 by TwinHeadedEagle ¦  Thu Mar 17, 2016 11:26 am ¦  Forum: Malware ¦  Topic: Ransom/Shade (alias Troldesh, BetterCallSaul) ¦  Replies: 12 ¦  Views: 18933

Re: CryptoLocker (Trojan:Win32/Crilock.A)

 by TwinHeadedEagle ¦  Thu Aug 07, 2014 8:22 am ¦  Forum: Malware ¦  Topic: CryptoLocker (Trojan:Win32/Crilock.A) ¦  Replies: 118 ¦  Views: 204182

Unlocking Cryptolocker - free service launched

https://www.decryptcryptolocker.com/

More info here --> http://www.fireeye.com/blog/corporate/2 ... ption.html

Re: Win32/Poweliks

 by TwinHeadedEagle ¦  Sun Aug 03, 2014 1:50 pm ¦  Forum: Malware ¦  Topic: Win32/Poweliks ¦  Replies: 36 ¦  Views: 110154

Does someone have these hashes?

4727b7ea70d0fc00f96a28de7fa3d97fa9d0b253bd63ae54fbbf0bd0c8b766bb
e8d6943742663401e5c44a5fa9cfdd8fad6a9a0dc0f886dc77c065a86c0e10aa

Or this one?

BFA2DC3B9956A88A2E56BD6AB68D1F4F675A425A

Re: Win32/Poweliks

 by TwinHeadedEagle ¦  Tue Jul 15, 2014 3:05 pm ¦  Forum: Malware ¦  Topic: Win32/Poweliks ¦  Replies: 36 ¦  Views: 110154

Yes, I can imagine probably a bunch of Adware along with this malware :lol:

Thanks for the info.

Re: Win32/Poweliks

 by TwinHeadedEagle ¦  Tue Jul 15, 2014 2:56 pm ¦  Forum: Malware ¦  Topic: Win32/Poweliks ¦  Replies: 36 ¦  Views: 110154

I am hoping I will have some case these days, although it doesn't seem too complex. I cannot find, what this malware actually does?

Re: MCShield

 by TwinHeadedEagle ¦  Sat Jan 25, 2014 9:40 am ¦  Forum: Tools/Software ¦  Topic: MCShield ¦  Replies: 9 ¦  Views: 15569

v3.0 is online :) v3.0.3.26 v3 final: 25th January 2014. - completely redesigned user interface with additional features; - new tab in Control Center: "Status" used to - - view & change main functions; - - view system information & main settings; - new tab in Control Center: "Logs" for easy logfile ...

WinNT/Pigeon

 by TwinHeadedEagle ¦  Mon Jan 06, 2014 10:08 am ¦  Forum: Malware ¦  Topic: WinNT/Pigeon ¦  Replies: 36 ¦  Views: 19982

Did someone come across malware that patches rpcss.dll and plays audio ads in background?

It also creates 5 random files/random extensions located in system32 folder...

Re: CryptoLocker (Trojan:Win32/Crilock.A)

 by TwinHeadedEagle ¦  Thu Dec 26, 2013 11:28 pm ¦  Forum: Malware ¦  Topic: CryptoLocker (Trojan:Win32/Crilock.A) ¦  Replies: 118 ¦  Views: 204182

Grinler wrote:
MAXS wrote:Anyone got this sample?

http://blog.trendmicro.com/trendlabs-se ... le-drives/
I am pretty sure this CryptoLocker 2.0 posted above.
Yes, thanks, I already tried it succesfully :)

Re: CryptoLocker (Trojan:Win32/Crilock.A)

 by TwinHeadedEagle ¦  Thu Dec 26, 2013 9:33 pm ¦  Forum: Malware ¦  Topic: CryptoLocker (Trojan:Win32/Crilock.A) ¦  Replies: 118 ¦  Views: 204182

Multiple samples

 by TwinHeadedEagle ¦  Sun Dec 15, 2013 1:44 pm ¦  Forum: Completed Malware Requests ¦  Topic: Multiple samples ¦  Replies: 1 ¦  Views: 1978

I need the following three sample: MD5 14e835ac613d541a20c4260c0fd85820 Virustotal --> https://www.virustotal.com/en/file/0e4fd033fa96731e69d5bbef331581f543d45525e8cf1463acac1f50437fb9a5/analysis/1380996472/ ==================================== MD5 d701470aaf2d3a16cd1e2a0d901930b2 Virustotal --> htt...

  • 1
  • 2
  • 3
  • 4
  • 5
  • 9