Search found 15 matches

by swirl
Sat Jan 28, 2012 1:18 pm
Forum: Malware
Topic: Win32/Poisonivy
Replies: 15
Views: 26542

Re: TrojanDownloader:Win32/Poison.A

here it is
by swirl
Mon Jan 23, 2012 11:36 am
Forum: Tools/Software
Topic: Tool for Java Script debug
Replies: 4
Views: 8049

Re: Tool for Java Script debug

debugging or just unpack it ? for blackhole I'd just change the last eval() into a document.write() (like you'd do in malzilla) and enjoy the unpacked script. You might want to pass it through a code beautifier (http://jsbeautifier.org/) to read it smoothly. EDIT: I just saw this thread is 2 months ...
by swirl
Sat Oct 01, 2011 1:52 pm
Forum: Kernel-Mode Development
Topic: Notify callback tables
Replies: 13
Views: 9100

Re: Notify callback tables

by swirl
Thu Aug 18, 2011 9:44 am
Forum: Newbie Questions
Topic: DRIVER_OBJECT
Replies: 6
Views: 6493

Re: DRIVER_OBJECT

Vrtule wrote: I neither tested this nor I am sure whether the statement above holds now. I have found this information two years ago here: http://d.hatena.ne.jp/xna/20080517/1210984806
I found this exact same link and seem to work just fine (http://www.inreverse.net/?p=1740)
by swirl
Mon Jun 06, 2011 4:58 pm
Forum: Malware
Topic: Rootkit MaxSS (alias TDSS, SST, Alureon.FE, Olmasco)
Replies: 149
Views: 164102

Re: Mal/GSPFx

it came to me without a father :cry:
by swirl
Sat Jun 04, 2011 11:06 pm
Forum: Malware
Topic: Rootkit MaxSS (alias TDSS, SST, Alureon.FE, Olmasco)
Replies: 149
Views: 164102

Mal/GSPFx

HTTP/DNS redirector - NDIS hooking - filesystem IRP hooking gspfx.sys SHA1: 0f9f0935d0db58983014b1d263687d2e11556a59 VT 16/38: http://www.virustotal.com/file-scan/report.html?id=3d3317b09d5941a0a54299bf2b370f9b3eeb3394fbcffee1f1233921bc1d8c46-1307209741 unpacked.sys SHA1: ce011ef8b18e5b10d15f800ea78...
by swirl
Mon Jan 10, 2011 5:20 pm
Forum: Malware
Topic: TrojanSpy:AndroidOS/Geimini.A
Replies: 0
Views: 3584

TrojanSpy:AndroidOS/Geimini.A

in case someone wants to have a look at it (pw: infected)

here a nice report http://blog.mylookout.com/_media/Geinim ... ardown.pdf

http://www.virustotal.com/file-scan/rep ... 1294510437
by swirl
Fri Oct 22, 2010 2:49 pm
Forum: Malware
Topic: WinNT/BlackEnergy
Replies: 38
Views: 61718

Re: Black Energy 2.1+

too bad ddos_update.py doesn't work anymore, they've changed the url format and parameters, and probably also the encryption method :( Also judging by the response size they are using two separate hosts: one for the configuration and one for downloading the dos modules hxxp://91.212.127.147/spm/s_al...
by swirl
Thu Sep 23, 2010 9:52 pm
Forum: Malware
Topic: Stuxnet case
Replies: 64
Views: 83851

Re: Stuxnet case

two more links from reddit: http://www.eset.com/resources/white-papers/Stuxnet_Under_the_Microscope.pdf and http://frank.geekheim.de/?p=1189 about this last one, I don't think this kinds of attacks are a prerogative of states. Now this in particular seems to point to a state ok, but what you really ...