A forum for reverse engineering, OS internals and malware analysis 

Search found 4316 matches

 Go to advanced search

Re: Making ReactOS Great Again*, Part 1

 by EP_X0FF ¦  Wed Jan 16, 2019 4:10 pm ¦  Forum: Tools/Software ¦  Topic: Making ReactOS Great Again*, Part 1 ¦  Replies: 9 ¦  Views: 11135

Hello, At first, the previous fanboy post have been disapproved. Project that is in alpha state 20 years is a dead project. So don't waste your time posting this again. I usually don't repeat things twice or more. At second, the fairy tales about "clean rooms", "super-developers", "great contributor...

Re: Looking for itkvar.sys

 by EP_X0FF ¦  Sat Jan 12, 2019 7:24 am ¦  Forum: Completed Malware Requests ¦  Topic: Looking for itkvar.sys ¦  Replies: 1 ¦  Views: 551

In attach, no pw.

Re: Win32/CoinMiner (Valhalla)

 by EP_X0FF ¦  Fri Jan 11, 2019 4:40 pm ¦  Forum: Malware ¦  Topic: Win32/CoinMiner (Valhalla) ¦  Replies: 3 ¦  Views: 1174

With help of own designed physical memory analysis tool. All these obfuscators produce original data/code in the runtime, otherwise nothing will work.

Re: Help! Unknown malware.

 by EP_X0FF ¦  Fri Jan 11, 2019 1:04 pm ¦  Forum: Malware ¦  Topic: Win32/CoinMiner (Valhalla) ¦  Replies: 3 ¦  Views: 1174

At first this is trojan muldrop. It contain resource dll with C# source code that is modified by dropper and then compiled with csc.exe in runtime. Additionally it creates multiple embedded directories with pseudo-random names to store it files. The source dll has 2 templates: using System; using Sy...

Re: Malware collection

 by EP_X0FF ¦  Wed Jan 09, 2019 11:06 am ¦  Forum: Malware ¦  Topic: Malware collection ¦  Replies: 62 ¦  Views: 502277

Most of posts moved to dedicated malware family topics.

False positives/offtopic removed.

Some posts cannot be moved because they contain packs of different malware.

Thread bump.

Re: Malware collection

 by EP_X0FF ¦  Wed Jan 09, 2019 10:27 am ¦  Forum: Malware ¦  Topic: Joke/EasyPort ¦  Replies: 1 ¦  Views: 668

SHA256: 95c262880e271de8e0e765c39c431b6d62e4d2db80f8a8dd0442d8a30ad074f4 Dateiname: EasyPort.exe https://virustotal.com/de/file/95c262880e271de8e0e765c39c431b6d62e4d2db80f8a8dd0442d8a30ad074f4/analysis/1485639002/ RAR SFX with the following bat file inside. Joke. @echo off title EasyPort v5.4.0.0 c...

Re: Malware collection

 by EP_X0FF ¦  Wed Jan 09, 2019 9:38 am ¦  Forum: Malware ¦  Topic: Win32/CoinMiner (Dokinzakbar) ¦  Replies: 1 ¦  Views: 645

Please make selection ...2017 https://www.virustotal.com/en/file/ca2ef50363e017ec860ddf7b123fea9851d717cd06b7294098e32de6d6e6af90/analysis/1483276621/ Trojan muldrop with coin miner as payload. SFX archive, next actual malware dropper -> extracts files to %UserProfile%\Public. Main malware inside p...

Re: Malware collection

 by EP_X0FF ¦  Wed Jan 09, 2019 8:20 am ¦  Forum: Malware ¦  Topic: WinNT/BlackEnergy ¦  Replies: 38 ¦  Views: 61778

ikolor wrote: Sun Nov 12, 2017 7:02 pm next

https://www.virustotal.com/#/file/00a12 ... /detection
Remains of BlackEnergy with Kaspersky fanboy inside. Posts moved.

Re: Malware collection

 by EP_X0FF ¦  Tue Jan 08, 2019 3:00 pm ¦  Forum: Malware ¦  Topic: PUPs & Rogue software ¦  Replies: 14 ¦  Views: 6100

markusg wrote: Fri Jun 23, 2017 3:29 pm SHA256:
7e905a00dc1d73f34744654e7dbb7eebda22c4ea27f1428e92bb30da2b56c367
Dateiname:
Setup.exe
Erkennungsrate:
10 / 58
https://virustotal.com/de/file/7e905a00 ... 498231551/
Contain runpe utorrent OpenCandy edition. Posts moved.

Re: Malware collection

 by EP_X0FF ¦  Tue Jan 08, 2019 1:22 pm ¦  Forum: Malware ¦  Topic: MSIL/STLR2 ¦  Replies: 1 ¦  Views: 554

ikolor wrote: Thu Dec 14, 2017 7:20 pm thanks

https://www.virustotal.com/#/file/9441a ... /detection



https://www.virustotal.com/#/file/52496 ... /detection
Info stealer "STLR-2" targeting Firefox. Posts moved.

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 432