Search found 15 matches

by swirl
Sat Jan 28, 2012 1:18 pm
Forum: Malware
Topic: Win32/Poisonivy
Replies: 15
Views: 26542

Re: TrojanDownloader:Win32/Poison.A

here it is
by swirl
Mon Jan 23, 2012 11:36 am
Forum: Tools/Software
Topic: Tool for Java Script debug
Replies: 4
Views: 8049

Re: Tool for Java Script debug

debugging or just unpack it ? for blackhole I'd just change the last eval() into a document.write() (like you'd do in malzilla) and enjoy the unpacked script. You might want to pass it through a code beautifier ( to read it smoothly. EDIT: I just saw this thread is 2 months ...
by swirl
Sat Oct 01, 2011 1:52 pm
Forum: Kernel-Mode Development
Topic: Notify callback tables
Replies: 13
Views: 9100

Re: Notify callback tables

by swirl
Thu Aug 18, 2011 9:44 am
Forum: Newbie Questions
Replies: 6
Views: 6493


Vrtule wrote: I neither tested this nor I am sure whether the statement above holds now. I have found this information two years ago here:
I found this exact same link and seem to work just fine (
by swirl
Mon Jun 06, 2011 4:58 pm
Forum: Malware
Topic: Rootkit MaxSS (alias TDSS, SST, Alureon.FE, Olmasco)
Replies: 149
Views: 164102

Re: Mal/GSPFx

it came to me without a father :cry:
by swirl
Sat Jun 04, 2011 11:06 pm
Forum: Malware
Topic: Rootkit MaxSS (alias TDSS, SST, Alureon.FE, Olmasco)
Replies: 149
Views: 164102


HTTP/DNS redirector - NDIS hooking - filesystem IRP hooking gspfx.sys SHA1: 0f9f0935d0db58983014b1d263687d2e11556a59 VT 16/38: unpacked.sys SHA1: ce011ef8b18e5b10d15f800ea78...
by swirl
Mon Jan 10, 2011 5:20 pm
Forum: Malware
Topic: TrojanSpy:AndroidOS/Geimini.A
Replies: 0
Views: 3584


in case someone wants to have a look at it (pw: infected)

here a nice report ... ardown.pdf ... 1294510437
by swirl
Fri Oct 22, 2010 2:49 pm
Forum: Malware
Topic: WinNT/BlackEnergy
Replies: 38
Views: 61718

Re: Black Energy 2.1+

too bad doesn't work anymore, they've changed the url format and parameters, and probably also the encryption method :( Also judging by the response size they are using two separate hosts: one for the configuration and one for downloading the dos modules hxxp://
by swirl
Thu Sep 23, 2010 9:52 pm
Forum: Malware
Topic: Stuxnet case
Replies: 64
Views: 83851

Re: Stuxnet case

two more links from reddit: and about this last one, I don't think this kinds of attacks are a prerogative of states. Now this in particular seems to point to a state ok, but what you really ...