A forum for reverse engineering, OS internals and malware analysis 

Search found 143 matches

 Go to advanced search

Re: Win32/Poweliks

 by PX5 ¦  Wed Jun 10, 2015 11:01 pm ¦  Forum: Malware ¦  Topic: Win32/Poweliks ¦  Replies: 36 ¦  Views: 110563

Has anyone seen a newer run of Poweliks droppers?

Seems we have a rash of this crap running about.

Any help, pointers are much appreciated.

--MJ

Re: CryptoLocker (Trojan:Win32/Crilock.A)

 by PX5 ¦  Thu Nov 21, 2013 7:41 am ¦  Forum: Malware ¦  Topic: CryptoLocker (Trojan:Win32/Crilock.A) ¦  Replies: 118 ¦  Views: 204994

Re: Guntior bootkit (Chinese combine)

 by PX5 ¦  Wed Jun 12, 2013 11:21 am ¦  Forum: Malware ¦  Topic: Guntior bootkit (Chinese combine) ¦  Replies: 35 ¦  Views: 38458

_http://down.web052.com:804/qvodsetup7.exe MD5: 62297731ed94b07ae91cffc72bcaded8 SHA1: cafb948455fa7d8c86d840a7ae43f0d450ca9d37 https://www.virustotal.com/ru/file/b8da7ddafaedf35d9ea754f8b66fc07126e0cce523723f32864df144f165629f/analysis/ Im not sure this belongs here but gonna post it and let the M...

Re: Win32/Cutwail

 by PX5 ¦  Fri May 31, 2013 1:52 pm ¦  Forum: Malware ¦  Topic: Win32/Cutwail ¦  Replies: 33 ¦  Views: 43601

Hmmmmm, seems my monday is happening 5 days in a row this week, please ignore this post. :(

Re: Win32/Reveton

 by PX5 ¦  Thu May 30, 2013 5:12 pm ¦  Forum: Malware ¦  Topic: Win32/Reveton ¦  Replies: 150 ¦  Views: 193225

Last edited by Xylitol on Thu May 30, 2013 11:41 am, edited 1 time in total.
Reason: image fix

Looks like Xylitol has repaired the image as much as it can be, thanks for asking EP_X0FF. :)

Thank You Much X! :)

Re: Win32/Reveton

 by PX5 ¦  Thu May 30, 2013 9:47 am ¦  Forum: Malware ¦  Topic: Win32/Reveton ¦  Replies: 150 ¦  Views: 193225

Image

Holy Crap!

Best I could do for now, hadda use a camera, safe mode didnt load, havent tried anything else yet, still not awake.

If someone is good at re-sizing photos, have at it and repost so its visible.

Thanks,

MJ

Re: Win32/Reveton

 by PX5 ¦  Thu May 30, 2013 9:38 am ¦  Forum: Malware ¦  Topic: Win32/Reveton ¦  Replies: 150 ¦  Views: 193225

Reveton aka FBI/MoneyPak Link is dead....http://ytojuxate.pl/erolikos (50.7.46.181) Seen it called Screenlock and other names like Fortinet W32/Moure.A!tr.dldr I disagree, although screenlock, this is pure reveton, wont be able to share pcap but trust me, its Reveton, all my stolen PWs say so! ;) ht...

Re: Power Loader (alias Alureon)

 by PX5 ¦  Wed May 29, 2013 11:16 am ¦  Forum: Malware ¦  Topic: Power Loader (blast, alias Alureon) ¦  Replies: 38 ¦  Views: 48997

Thanks EP, This is a clear example of how long I been outa the loop, not so sure I was ever in the loop, tbh! :lol: Should be some more fun somewhere to get back into the swing of things, especially since our tools section does good to "Suck Wind"!!!!!!!!!! Best, I shhhhh before i get myself into tr...

Re: Power Loader (alias Alureon)

 by PX5 ¦  Tue May 28, 2013 1:17 pm ¦  Forum: Malware ¦  Topic: Power Loader (blast, alias Alureon) ¦  Replies: 38 ¦  Views: 48997

Same here but am having troubles with collecting the file while online, in either normal or safe mode, which I think is hilarious given fact Ive been doing this a while and am so out of practice, I barely remember how to infect anything!

Damn the bad luck!!!!! :lol:

Re: Qakbot.KY

 by PX5 ¦  Tue Oct 23, 2012 7:22 pm ¦  Forum: Malware ¦  Topic: Win32/Qakbot ¦  Replies: 20 ¦  Views: 15878

If its truely a variant of qakbot, Im curious if you had windows show all hidden files, then venture into ?:\Windows\Task If so, you very well may find some rogue job files which need deletion else in some 4 to 7 days, all cleaned machines will reinfect, general task time between execution on last v...

  • 1
  • 2
  • 3
  • 4
  • 5
  • 15