A forum for reverse engineering, OS internals and malware analysis 

Search found 20 matches

 Go to advanced search

Re: Virus:Win32/Floxif.A

 by Mut4nt ¦  Wed Aug 22, 2012 5:23 pm ¦  Forum: Malware ¦  Topic: Virus:Win32/Floxif.A ¦  Replies: 3 ¦  Views: 3265

http://blogs.technet.com/b/mmpc/archive/2012/08/22/there_2700_s-nothing-old-school-about-viruses.aspx Recently, we discovered a new parasitic infection virus in the wild – Win32/Floxif - which specifically targets DLL files. https://www.virustotal.com/file/6842ada96f7d11938aa70a3124fc14d7c9f6cacaf9...

Re: Malware Requests, part 2

 by Mut4nt ¦  Wed Aug 22, 2012 2:50 am ¦  Forum: Completed Malware Requests ¦  Topic: Malware Requests, part 2 ¦  Replies: 145 ¦  Views: 119207

hello, could someone share these samples, please: 601b3f2466bfa6989b9c7586b5ba54aa https://www.virustotal.com/file/5c64b14604e6651b7e5ea01f8b580898c1726d944e33c71a35c194f3ab1429eb/analysis/ 3bd41125ad2b73afb7be83b54efe1376 ( not found on VT ), alias: Cutwail.K http://r.virscan.org/0b9fdb5777d7fe18d9...

Alureon.CO + Alureon.DV

 by Mut4nt ¦  Mon Aug 20, 2012 8:06 am ¦  Forum: Completed Malware Requests ¦  Topic: Alureon.CO + Alureon.DV ¦  Replies: 1 ¦  Views: 2132

Hello Guys, sorry, I'm looking for this samples: 089d3fdd412d07b0db38dbc2f6705e0f https://www.virustotal.com/file/dca2946be865653577234f5e109ec2fe7716bde42386603906dce051a80caf60/analysis/ 088d9041908394178f06c654f9ba7bcf https://www.virustotal.com/file/1644252d9c695e538e28040a0ac7a713edfc1ac182aea4...

Backdoor:WinNT/Rustock.H

 by Mut4nt ¦  Wed Aug 15, 2012 5:15 am ¦  Forum: Completed Malware Requests ¦  Topic: Backdoor:WinNT/Rustock.H ¦  Replies: 1 ¦  Views: 1820

Guys, I'm looking for this sampes:

MD5:
1f751bf5039f771006b41bdc24bfadd3

MD5:
71d8b9e8b5286aace52c833a5435a0b3

are rustock drivers. please help me. thanks

Re: FBI ransomware.

 by Mut4nt ¦  Thu Jun 28, 2012 6:04 pm ¦  Forum: Malware ¦  Topic: Win32/Reveton ¦  Replies: 150 ¦  Views: 192768

Re: Kill kaspersky 2012 from user mode :)

 by Mut4nt ¦  Fri Jun 15, 2012 11:37 pm ¦  Forum: User-Mode Development ¦  Topic: AV SP Discussion & Bypass ¦  Replies: 121 ¦  Views: 222417

nice, well , kaspersky has always been weak ... I remember the 8,9 versions, they were very easy to remove from user mode :?

Re: Stealthiest way of closing another process

 by Mut4nt ¦  Mon Jun 11, 2012 3:28 am ¦  Forum: Newbie Questions ¦  Topic: Stealthiest way of closing another process ¦  Replies: 13 ¦  Views: 16700

the trouble is that using the EP_X0FF method, it's so weak with it can not even finish the process of any AV :P Most people in this field don't make kill solutions, most of them cause segfaults anyway without ordered patching of all the NDIS and DKOM mods most AVs do today. Unless you're talking ab...

Re: Stealthiest way of closing another process

 by Mut4nt ¦  Wed Jun 06, 2012 5:50 am ¦  Forum: Newbie Questions ¦  Topic: Stealthiest way of closing another process ¦  Replies: 13 ¦  Views: 16700

the trouble is that using the EP_X0FF method, it's so weak with it can not even finish the process of any AV :P

Re: Stealthiest way of closing another process

 by Mut4nt ¦  Tue Jun 05, 2012 4:53 am ¦  Forum: Newbie Questions ¦  Topic: Stealthiest way of closing another process ¦  Replies: 13 ¦  Views: 16700

Re: Stealthiest way of closing another process

 by Mut4nt ¦  Mon Jun 04, 2012 1:10 am ¦  Forum: Newbie Questions ¦  Topic: Stealthiest way of closing another process ¦  Replies: 13 ¦  Views: 16700

there are several ways to close a process, you check this program, it's open source:
http://processhacker.sourceforge.net/