A forum for reverse engineering, OS internals and malware analysis 

Search found 197 matches

 Go to advanced search

Re: Malware analysis - Buster Sandbox Analyzer

 by gjf ¦  Tue May 17, 2011 10:12 pm ¦  Forum: Tools/Software ¦  Topic: Malware analysis - Buster Sandbox Analyzer ¦  Replies: 314 ¦  Views: 251520

Yes, I can agree with you concerning 64.12.96.129 - actually it is icq.com, but 198.78.212.126:80, 213.248.111.235:80 and 195.12.231.10:80....
Possibly these hosts belongs to icq.com, possibly it is just banners or ads, but anyway thay have no index page.

Thanks for quick reply.

Re: Malware analysis - Buster Sandbox Analyzer

 by gjf ¦  Tue May 17, 2011 7:24 pm ¦  Forum: Tools/Software ¦  Topic: Malware analysis - Buster Sandbox Analyzer ¦  Replies: 314 ¦  Views: 251520

Question to developer - could you please respond? The question touches upon investigation of Qimiral sample . The network log includes the following lines: OUT,TCP - HTTP,10.0.2.15,64.12.96.129:80,C:\Documents and Settings\User\Desktop\Piggy.exe IN,TCP - HTTP,64.12.96.129:80,10.0.2.15,C:\Documents a...

Necurs - another x64 rootkit

 by gjf ¦  Sat May 14, 2011 2:11 pm ¦  Forum: Malware ¦  Topic: Necurs - another x64 rootkit ¦  Replies: 70 ¦  Views: 96820

Looks like another x64 rootkit appeared.
Information from kaspersky Lab (sorry for Russian - English version will follow). So all credits to them.

Dropper/payload

Zeus Sources

 by gjf ¦  Wed May 11, 2011 9:12 pm ¦  Forum: Malware ¦  Topic: Win32/Zeus (alias Zbot) ¦  Replies: 281 ¦  Views: 363743

Just because this sources has leaked from closed mailings to public I can give a link here too :)
Sources are as old as 2.0.8.9.
For everybody who is interested.

Re: JoeBox (Joe Sandbox): say good-bye to free service

 by gjf ¦  Tue May 10, 2011 11:34 am ¦  Forum: Tools/Software ¦  Topic: JoeBox (Joe Sandbox): say good-bye to free service ¦  Replies: 4 ¦  Views: 6198

Hehe, I'd recommend you just to try open such free account. I have waited for a few months - no success. So it is not always the same as it looks like.

Re: Malware analysis - Buster Sandbox Analyzer

 by gjf ¦  Tue May 03, 2011 4:19 pm ¦  Forum: Tools/Software ¦  Topic: Malware analysis - Buster Sandbox Analyzer ¦  Replies: 314 ¦  Views: 251520

Sure it works on my Win 7 x32. If it were not working I'd not discuss it ;)

Re: Malware analysis - Buster Sandbox Analyzer

 by gjf ¦  Tue May 03, 2011 12:43 pm ¦  Forum: Tools/Software ¦  Topic: Malware analysis - Buster Sandbox Analyzer ¦  Replies: 314 ¦  Views: 251520

Buster_BSA wrote:The sample is not sent. BSA sends the MD5 here:

http://www.virustotal.com/search.html
In this case - no problem :) So please disregard my p.1, but p.2.

Re: Malware analysis - Buster Sandbox Analyzer

 by gjf ¦  Tue May 03, 2011 12:17 pm ¦  Forum: Tools/Software ¦  Topic: Malware analysis - Buster Sandbox Analyzer ¦  Replies: 314 ¦  Views: 251520

Could anyone try it and let me know if it works fine or not, please? Question: Should I keep the feature as it´s now or I should include an option to include av detections for every executable created? There good feature, but 1. It is well known VT spreads out all analyzed files through AV vendors....

Re: Malware analysis - Buster Sandbox Analyzer

 by gjf ¦  Tue Mar 29, 2011 12:19 pm ¦  Forum: Tools/Software ¦  Topic: Malware analysis - Buster Sandbox Analyzer ¦  Replies: 314 ¦  Views: 251520

Please clarify: new log_api won't show file/registry operations but log them? It is not clear for me: if it doesn't log such activity - how is it possible to analyze malware at all?

Re: Malware analysis - Buster Sandbox Analyzer

 by gjf ¦  Mon Mar 28, 2011 9:10 am ¦  Forum: Tools/Software ¦  Topic: Malware analysis - Buster Sandbox Analyzer ¦  Replies: 314 ¦  Views: 251520

Buster_BSA wrote: + Included two versions of LOG_API.DLL: One of them will not show file/registry operations so BSA will run faster
Which one? Old or new?

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 20