A forum for reverse engineering, OS internals and malware analysis 

Search found 72 matches

 Go to advanced search

Re: Malware collection

 by Fedor22 ¦  Fri Apr 27, 2018 2:16 pm ¦  Forum: Malware ¦  Topic: XMRig Miner ¦  Replies: 5 ¦  Views: 421

Bitcoin Miner
Contains fake Microsoft copyright: "Copyright (C) 2016-2018 Microsoft"
VT (38/67): https://www.virustotal.com/en/file/098b ... 524580322/

Re: Fraud/Rouge software

 by Fedor22 ¦  Fri Apr 27, 2018 1:52 pm ¦  Forum: Malware ¦  Topic: Fraud/Rouge software ¦  Replies: 114 ¦  Views: 122625

SpyDevastator http://www.symantec.com/content/en/us/global/images/threat_writeups/2008-090913-0337-99.1.jpg Creates registry entries: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Paths\SpyDevastator.exe HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{528A3C...

Rogue Request #2

 by Fedor22 ¦  Thu Apr 26, 2018 11:28 am ¦  Forum: Completed Malware Requests ¦  Topic: Rogue Request #2 ¦  Replies: 2 ¦  Views: 1442

AdwareRemover Gold MD5: 1d444d608f2946cecb6820660c9c5e8a SHA1: c2fc86f525ee499f0d53d2f484542f5dc935b17a VT ( 0/0 ): https://www.virustotal.com/en/file/d7f8f63736c37bc3eb1743e7829cb861530b7cda0f8a228f833237b4e58a4cba/analysis/ https://www.adaware.com/myadaware/sites/default/files/imagecache/rogue_sc...

Re: Fraud/Rouge software

 by Fedor22 ¦  Mon Apr 09, 2018 7:03 pm ¦  Forum: Malware ¦  Topic: Fraud/Rouge software ¦  Replies: 114 ¦  Views: 122625

Netcom3 (Rogue) https://www.adaware.com/myadaware/sites/default/files/imagecache/rogue_screenshot/netcom3.jpg Creates registry entries: HKEY_CURRENT_USER\Software\Netcom3 Cleaner HKEY_CURRENT_USER\Software\SpyClean HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Netcom3 Clean...

Re: Sandboxes (Discussion)

 by Fedor22 ¦  Thu Mar 22, 2018 11:56 am ¦  Forum: Malware ¦  Topic: Sandboxes (Discussion) ¦  Replies: 25 ¦  Views: 27129

New one:
AlienVault OTX: https://otx.alienvault.com

Re: Android Malware(All Android malware goes here)

 by Fedor22 ¦  Thu Mar 15, 2018 6:59 pm ¦  Forum: Malware ¦  Topic: Android Malware(All Android malware goes here) ¦  Replies: 105 ¦  Views: 192926

SMS Worm - Photo Viewer (Thanks to Contagio) This is a sample of SMS Worm, whicn runs in Singapore. More informaton here: https://www.fireeye.com/blog/threat-research/2014/11/sms_worm_runs_wildi.html VT ( 43/63 ): https://www.virustotal.com/en/file/8a50fa660c0d926bc48552c93ebda7a3f1bd119d14b89714d2...

Rogue Request

 by Fedor22 ¦  Mon Mar 05, 2018 1:48 pm ¦  Forum: Completed Malware Requests ¦  Topic: Rogue Request ¦  Replies: 1 ¦  Views: 1662

1. SpyEraser MD5: 128888cd4cc7c701b8c56e2e018242be SHA1: a45f3e7526c7d604ec344eec50c6e17155460fcb VT: https://www.virustotal.com/en/file/0461dbc10535bcc56382bb379422433eb9c5b6c400c80b3e4a8e5475f98907cd/analysis/1264242730/ 2. Antivirus 2010 Security Clenaer (maybe) MD5: 283ff436f981a6d6b4867b86b13fa...

Win32/Skeeyah (FakeChrome)

 by Fedor22 ¦  Sun Mar 04, 2018 3:44 pm ¦  Forum: Malware ¦  Topic: Win32/Skeeyah (FakeChrome) ¦  Replies: 0 ¦  Views: 255

Fake Chrome (Trojan:Win32/Skeeyah.A!rfn) Dropped in: C:\Users\*username*\AppData\Roaming\WebBrowser.exe Changes the autorun value in: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run URL: xxxx://campinglesamis.com/wpscripts/Chrome%20Hijacker.exe VT ( 55/67 ): https://www.virustotal.co...

Re: SteamStealer malware.

 by Fedor22 ¦  Mon Feb 19, 2018 1:16 pm ¦  Forum: Malware ¦  Topic: SteamStealer malware. ¦  Replies: 1 ¦  Views: 3314

Another SteamStealer sample with Dota 2 items icon (Trojan.MSIL.Steamilik) Created in: "AppData/Local/Temp". Changes the autorun value in the registry ("HKEY_CURRENT_USER") and dropped "RegAsm.exe" file ("C:/Windows\Microsoft.NET\Framework\v2.0.50727"). After all this shows a fake error: https://i.i...

Saturn Ransomsware

 by Fedor22 ¦  Sat Feb 17, 2018 10:36 am ¦  Forum: Malware ¦  Topic: Saturn Ransomsware ¦  Replies: 0 ¦  Views: 2815

This ransomware encrypts user data with AES, and then requires a 300$ repurchase to BTC to return the files. In a week the amount is doubled. #DECRYPT_MY_FILES#.txt - text note #DECRYPT_MY_FILES#.html - web page #DECRYPT_MY_FILES.BMP - desktop wallpaller #DECRYPT_MY_FILES#.vbs - script for the audio...

  • 1
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8