A forum for reverse engineering, OS internals and malware analysis 

Search found 70 matches

 Go to advanced search

Angler bypass EMET pcap

 by erikloman ¦  Wed Jun 08, 2016 6:19 am ¦  Forum: Completed Malware Requests ¦  Topic: Angler bypass EMET pcap ¦  Replies: 0 ¦  Views: 5086

Looking for a Pcap of the EMET bypass mentioned in this article:
https://www.fireeye.com/blog/threat-res ... _kite.html

Re: Clandestine Wolf exploit CVE-2015-3113

 by erikloman ¦  Fri Jun 26, 2015 6:02 pm ¦  Forum: Completed Malware Requests ¦  Topic: Clandestine Wolf exploit CVE-2015-3113 ¦  Replies: 2 ¦  Views: 4708

I decrypted the SWF and posted exploit here:
http://pastebin.com/eQ1gBMSt

Clandestine Wolf exploit CVE-2015-3113

 by erikloman ¦  Wed Jun 24, 2015 7:33 am ¦  Forum: Completed Malware Requests ¦  Topic: Clandestine Wolf exploit CVE-2015-3113 ¦  Replies: 2 ¦  Views: 4708

I'm looking for the exploit used in the Clandestine Wolf attack abusing CVE-2015-3113:
https://www.fireeye.com/blog/threat-res ... o-day.html

Thanks!

CVE-2015-0313

 by erikloman ¦  Wed Feb 04, 2015 12:17 pm ¦  Forum: Completed Malware Requests ¦  Topic: CVE-2015-0313 ¦  Replies: 1 ¦  Views: 2250

Looking for this sample:

SHA-256: 703e10bbdc4f8cc7fad1cace6ae5c2e0ddbfc72696914b16ac8894350f12b10c
MD5: 50b86e05ab6d5c8ceb0eb0d2a08fbb6f

Thanks!

Re: CryptoLocker (Trojan:Win32/Crilock.A)

 by erikloman ¦  Sun Nov 17, 2013 9:31 am ¦  Forum: Malware ¦  Topic: CryptoLocker (Trojan:Win32/Crilock.A) ¦  Replies: 118 ¦  Views: 204159

Hi Erik, on the demo video i see that the ransomware is still running and not suspended on background, did he encrypt stuff during this time ? Sorry for the slow reply; The CryptoLocker process still tries to encrypt the files but is blocked by CryptoGuard's minifilter driver. Keeping the process a...

CryptoGuard

 by erikloman ¦  Tue Nov 05, 2013 4:07 pm ¦  Forum: Malware ¦  Topic: CryptoLocker (Trojan:Win32/Crilock.A) ¦  Replies: 118 ¦  Views: 204159

We've just released a BETA version of HitmanPro.Alert 2.5 which contains CryptoGuard. Our universal solution against crypto ransomware that works at the file system level. More information, including a demonstration video, can be found here: http://www.hitmanpro.com/alert/cryptoguard

Dropper altering ScanWithAntivirus policy key

 by erikloman ¦  Mon Sep 09, 2013 2:28 pm ¦  Forum: Completed Malware Requests ¦  Topic: Dropper altering ScanWithAntivirus policy key ¦  Replies: 1 ¦  Views: 1854

Looking for this old dropper:

MD5: 4c4e3760e56fc8cbdd585eb030aefb78
SHA-256 be926e7fc19a8f49d409db42f1413d8283cdc45f520f5c43ddf772fe506e9d52

Some associate this with ZeroAccess.

Re: ZeroAccess (alias MaxPlus, Sirefef)

 by erikloman ¦  Thu May 23, 2013 3:37 pm ¦  Forum: Malware ¦  Topic: ZeroAccess (alias MaxPlus, Sirefef) ¦  Replies: 557 ¦  Views: 571011

We just released a Beta version of HitmanPro that cleans up the reparse points:
http://www.wilderssecurity.com/showpost ... count=5345

Re: Specific Sinowal atapi.sys

 by erikloman ¦  Mon Nov 12, 2012 8:38 pm ¦  Forum: Completed Malware Requests ¦  Topic: Specific Sinowal atapi.sys ¦  Replies: 2 ¦  Views: 2348

I got the file from a friend. But the file is not what I expected.

The hash came from TDSSkiller log with Sinowal infection like this one:
http://forum.viry.cz/viewtopic.php?f=13 ... 6#p1138676

Specific Sinowal atapi.sys

 by erikloman ¦  Mon Nov 12, 2012 7:10 pm ¦  Forum: Completed Malware Requests ¦  Topic: Specific Sinowal atapi.sys ¦  Replies: 2 ¦  Views: 2348

SHA-256: 39f315fb70469d438883c6a4649cfb1c2f9d7f1fa42903412e29653287121626
MD5: 850c544201c26ca8371c7678ebb0d871

  • 1
  • 2
  • 3
  • 4
  • 5
  • 7