A forum for reverse engineering, OS internals and malware analysis 

Search found 252 matches

 Go to advanced search

Re: Malware Requests

 by R136a1 ¦  Tue Apr 17, 2012 9:55 am ¦  Forum: Completed Malware Requests ¦  Topic: Malware Requests ¦  Replies: 97 ¦  Views: 122090

Hi there, I am searching the following samples: MD5: d28924f702b252fa4a7e746fd5261d88 Report: http://xml.ssdsandbox.net/view/d28924f702b252fa4a7e746fd5261d88 MD5: 6da754d56131dda68ab0b43050afbb9e Report: http://xml.ssdsandbox.net/view/6da754d56131dda68ab0b43050afbb9e MD5: 12c225d039fd690283f911dc1cc...

Re: Stuxnet case

 by R136a1 ¦  Sat Apr 14, 2012 2:55 pm ¦  Forum: Malware ¦  Topic: Stuxnet case ¦  Replies: 64 ¦  Views: 84687

Interesting article (also regarding the secret "war" in Iran):

http://www.isssource.com/stuxnet-loaded ... le-agents/

Re: Taking Down Botnets: Microsoft and the Rustock Botnet

 by R136a1 ¦  Sat Apr 07, 2012 9:28 am ¦  Forum: Malware ¦  Topic: Taking Down Botnets: Microsoft and the Rustock Botnet ¦  Replies: 14 ¦  Views: 12513

If your botnet is getting to big, you get too much attention and you will be destroyed. The lesser attention you get the better it is for money making. ;-)

Re: Doctor Web identifies large Mac botnet

 by R136a1 ¦  Sat Apr 07, 2012 9:20 am ¦  Forum: Malware ¦  Topic: Doctor Web identifies large Mac botnet ¦  Replies: 25 ¦  Views: 19842

Seems like DrWeb landed a great coup with this story. :-)

If someone has a sample of this malware, please upload. Thanks.

Re: Rootkit ZeroAccess (alias Max++, Sirefef)

 by R136a1 ¦  Sat Mar 31, 2012 11:05 am ¦  Forum: Malware ¦  Topic: Rootkit ZeroAccess (alias MaxPlus, Sirefef) ¦  Replies: 374 ¦  Views: 328450

Whitepaper by Symantec (22.3.2012):

ZeroAccess Infection Analysis
http://www.symantec.com/content/en/us/e ... alysis.pdf

List of Anti-Rootkits -> updated

 by R136a1 ¦  Sat Mar 31, 2012 10:39 am ¦  Forum: Tools/Software ¦  Topic: Antirootkits ¦  Replies: 55 ¦  Views: 72319

ATool - http://www.antiy.net/download/atool.rar -> dead ATool (mirror) - http://www.kernelmode.info/ARKs/atool.rar Antivir Antirootkit - http://dl.antivir.de/down/windows/antivir_rootkit.zip Avast! Antirootkit - http://files.avast.com/files/beta/aswar.exe AVZ - http://www.z-oleg.com/secur/avz/downl...

Re: Whistler Bootkit

 by R136a1 ¦  Sun Feb 26, 2012 1:23 pm ¦  Forum: Malware ¦  Topic: Whistler Bootkit ¦  Replies: 16 ¦  Views: 18109

Dropper
MD5: 4b9ef6ed40836450035cad1c45b8beb6

Does someone have access to Virustotal?

Crash dump I/O path [talk at syscan12 conference]

 by R136a1 ¦  Mon Feb 13, 2012 10:37 am ¦  Forum: Reverse Engineering and Debugging ¦  Topic: Crash dump I/O path [talk at syscan12 conference] ¦  Replies: 3 ¦  Views: 5336

Hi there, a friend drew my attention to this interesting talk about the Windows crash dump path. I/O, You own: Regaining control of your disk in the presence of bootkits (Aaron LeMasters) Master Boot Record based rootkits (MBR rootkits, or bootkits for short)have existed for decades but are more rec...

Re: Whistler Bootkit

 by R136a1 ¦  Mon Feb 13, 2012 10:25 am ¦  Forum: Malware ¦  Topic: Whistler Bootkit ¦  Replies: 16 ¦  Views: 18109

I was aware of this MBRs uploaded to virustotal, unfortunately doesn't help me very much.

Anyway thanks for uploading here!

Re: Whistler Bootkit

 by R136a1 ¦  Sun Feb 05, 2012 5:35 pm ¦  Forum: Malware ¦  Topic: Whistler Bootkit ¦  Replies: 16 ¦  Views: 18109

Hey there, the development of Whistler Bootkit hasn't stopped as I thought. Here we have a blogpost claiming that they found a new Whistler varaint ITW (November 2011): http://labs.bitdefender.com/?post_type=post&p=807 Unfortunately they don't want to provide a sample (I asked) or a hash of the afor...

  • 1
  • 22
  • 23
  • 24
  • 25
  • 26