Search found 12 matches

by aaSSfxxx
Sat Jan 26, 2013 7:15 pm
Forum: Malware
Topic: Point-of-Sale malwares / RAM scrapers
Replies: 244
Views: 864078

Re: Point-of-Sale malwares / RAM scrapers

Hello, Just found these samples today on (the sload.exe and sload1.exe are just malicious firefox extension droppers, sload1.exe was dropped by andromeda bot). They seem to target posw32.exe (software used in petrol stations as far I found) https://www.virustotal...
by aaSSfxxx
Sun Jan 13, 2013 1:33 pm
Forum: Malware
Topic: Win32/Fareit
Replies: 60
Views: 119498

Re: Fareit - BlackHole loader of ZBot

Hello, I also began to analyse the socks.exe provided by Xylitol. It uses the same crypter than JavaUpdate_KB62519857.exe. Then the program is packed with another packer, and the unpacked file drops a DLL stored ressources which drops another DLL (which seems to be a http proxy, but not fully revers...