Search found 12 matches

by aaSSfxxx
Sat Jan 26, 2013 7:15 pm
Forum: Malware
Topic: Point-of-Sale malwares / RAM scrapers
Replies: 244
Views: 864078

Re: Point-of-Sale malwares / RAM scrapers

Hello, Just found these samples today on http://royjamesinsurance.com/images/ (the sload.exe and sload1.exe are just malicious firefox extension droppers, sload1.exe was dropped by andromeda bot). They seem to target posw32.exe (software used in petrol stations as far I found) https://www.virustotal...
by aaSSfxxx
Sun Jan 13, 2013 1:33 pm
Forum: Malware
Topic: Win32/Fareit
Replies: 60
Views: 119498

Re: Fareit - BlackHole loader of ZBot

Hello, I also began to analyse the socks.exe provided by Xylitol. It uses the same crypter than JavaUpdate_KB62519857.exe. Then the program is packed with another packer, and the unpacked file drops a DLL stored ressources which drops another DLL (which seems to be a http proxy, but not fully revers...