A forum for reverse engineering, OS internals and malware analysis 

Search found 197 matches

 Go to advanced search

Re: Malware analysis - Buster Sandbox Analyzer

 by gjf ¦  Mon Mar 21, 2011 8:39 pm ¦  Forum: Tools/Software ¦  Topic: Malware analysis - Buster Sandbox Analyzer ¦  Replies: 314 ¦  Views: 251343

Actually it was not me who expects the problem. But I will try to find out and let you know.

Re: Malware analysis - Buster Sandbox Analyzer

 by gjf ¦  Mon Mar 21, 2011 3:23 pm ¦  Forum: Tools/Software ¦  Topic: Malware analysis - Buster Sandbox Analyzer ¦  Replies: 314 ¦  Views: 251343

Buster_BSA , can you help with pretty strange issue? Here is sandboxie.ini: [GlobalSettings] FileRootPath=C:\Sandbox\%SANDBOX% [DefaultBox] ConfigLevel=7 AutoRecover=y Template=BlockPorts Template=LingerPrograms Template=Firefox_Phishing_DirectAccess Template=AutoRecoverIgnore RecoverFolder=%Person...

JoeBox (Joe Sandbox): say good-bye to free service

 by gjf ¦  Mon Mar 14, 2011 7:55 pm ¦  Forum: Tools/Software ¦  Topic: JoeBox (Joe Sandbox): say good-bye to free service ¦  Replies: 4 ¦  Views: 6198

Nothing to said. In a few last months famous JoeBox stopped giving free service. At first time there was "a registration form" for e-mail - but now the case is closed. Just to cite: We have provide for the last three years a completely free service to the security community. Due to increasing costs ...

Re: Rootkit TDL 4 (alias TDSS, Alureon.DX, Olmarik)

 by gjf ¦  Mon Mar 14, 2011 7:02 pm ¦  Forum: Malware ¦  Topic: Rootkit TDL 4 (alias TDSS, Alureon.DX, Olmarik) ¦  Replies: 595 ¦  Views: 641447

ESET found (sorry, in Russian only) that sometimes TDL4 installs Win32/Glupteba immediately after identification in botnet. It is performing using instruction from C&C: task_id = 2|10||hxxp://wheelcars.ru/no.exe that could be interpreted as task_id = [command_id] [encryption_key] [URL] Glupteba wor...

Re: Rootkit TDL 4 (alias TDSS, Alureon.DX, Olmarik)

 by gjf ¦  Fri Mar 04, 2011 9:45 pm ¦  Forum: Malware ¦  Topic: Rootkit TDL 4 (alias TDSS, Alureon.DX, Olmarik) ¦  Replies: 595 ¦  Views: 641447

Certainly a Kav fan:) Nope :) I offer my gratitude to Michael Hale Ligh, one of the authors of the excellent Malware Analysts Cookbook Just because I have read it I can state that this guy just trying to be a pro according to this book. All the same scenarios, all the same tools and a lot of non-sy...

Re: RkUnhooker 3.8 SR2 public beta test

 by gjf ¦  Thu Feb 24, 2011 10:41 am ¦  Forum: Tools/Software ¦  Topic: RkUnhooker 3.8 SR2 public beta test ¦  Replies: 154 ¦  Views: 132358

Attached is my config file. You can import it, update KIS (I see your bases are outdated - it's OK, but what about patches? The actual version is 11.0.2.556 a.b.c.d), reboot and check if RkU will work.

Re: RkUnhooker 3.8 SR2 public beta test

 by gjf ¦  Thu Feb 24, 2011 8:59 am ¦  Forum: Tools/Software ¦  Topic: RkUnhooker 3.8 SR2 public beta test ¦  Replies: 154 ¦  Views: 132358

Actually I have to state that some hooks made by antivirus products really makes it impossible to work with subj.

If you try RkU with installed and (of course!) shutted down KIS 11.0.2.556 the whole system will hang so it would be necessary to perform cold reboot.

Re: Smitnyl - MBR infector

 by gjf ¦  Tue Feb 22, 2011 10:59 am ¦  Forum: Malware ¦  Topic: Smitnyl - MBR infector ¦  Replies: 3 ¦  Views: 5694

It should be noted, because it was not obvious from F-Secure post, that fake explrer.exe (downloader) starts, downloads some stuff (in my case it was hxxp://xc.115.bz/tools.exe ) and then exits . So without checking userinit.exe and MBR it is not possible to find the way where malware comes in. Actu...

Smitnyl - MBR infector

 by gjf ¦  Sun Feb 20, 2011 3:54 pm ¦  Forum: Malware ¦  Topic: Smitnyl - MBR infector ¦  Replies: 3 ¦  Views: 5694

Re: Trojan SpyEye (alias Pincav)

 by gjf ¦  Sat Feb 19, 2011 11:57 pm ¦  Forum: Malware ¦  Topic: Trojan SpyEye (alias Pincav) ¦  Replies: 418 ¦  Views: 402817

One of the latest SpyEyes, looks like with Zeus embedded functionality. Password - virus.

  • 1
  • 3
  • 4
  • 5
  • 6
  • 7
  • 20