A forum for reverse engineering, OS internals and malware analysis 

Search found 4316 matches

 Go to advanced search

Re: Malware collection

 by EP_X0FF ¦  Tue Jan 08, 2019 12:58 pm ¦  Forum: Malware ¦  Topic: Malware/AutoIt ¦  Replies: 9 ¦  Views: 6257

ikolor wrote: Wed Jan 31, 2018 7:55 pm Thanks you .

https://www.virustotal.com/#/file/b4104 ... /detection

############
https://www.youtube.com/watch?v=ICJeTV2zgrM
###########
AutoIt 2 Exe. Posts moved.

Re: Malware collection

 by EP_X0FF ¦  Tue Jan 08, 2019 6:28 am ¦  Forum: Malware ¦  Topic: JS/Downloader ¦  Replies: 1 ¦  Views: 486

thanks .. https://www.virustotal.com/en/file/63e715dc2584ff614ef61fc3191565250851158e581db317d79af81d05025ac2/analysis/1494780835/ JS downloader for something that looks like was self-signed rootkit. File unavailable. <script> /***********************************************************************...

Re: Malware collection

 by EP_X0FF ¦  Tue Jan 08, 2019 5:54 am ¦  Forum: Malware ¦  Topic: Backdoor:MSIL/Orcus ¦  Replies: 1 ¦  Views: 455

SHA-256 26e3ac4d81005556ccce5d912403bebd8423e47947abfc373b399ad375f35782 File name wwe_2K18_installer.exe https://www.virustotal.com/#/file/26e3ac4d81005556ccce5d912403bebd8423e47947abfc373b399ad375f35782/detection Backdoor Orcus written in C#. Copy itself to %AppData%\Roaming\Microsoft\Windows\Sta...

Re: LoJax(UEFI rootkit)

 by EP_X0FF ¦  Tue Jan 08, 2019 5:01 am ¦  Forum: Malware ¦  Topic: LoJax(UEFI rootkit) ¦  Replies: 6 ¦  Views: 2686

Password is standard. If you need these two missing binaries you can:

contact eset for them threatintel@eset.com

do as authors did - copy paste everything

Re: Malware collection

 by EP_X0FF ¦  Mon Jan 07, 2019 2:02 pm ¦  Forum: Malware ¦  Topic: Win32/Corebot ¦  Replies: 7 ¦  Views: 10925

maddog4012 wrote: Thu Jun 15, 2017 4:07 pm
ikolor wrote:thanks .

https://www.virustotal.com/en/file/dcc8 ... 497533985/
file dropped by js file
It is CoreBot. In attach extracted. Posts moved.

Re: Malware collection

 by EP_X0FF ¦  Mon Jan 07, 2019 8:57 am ¦  Forum: Malware ¦  Topic: Win32/Phorpiex (alias Phokace, Trik) ¦  Replies: 17 ¦  Views: 30050

ikolor wrote: Sat Apr 08, 2017 6:51 pm next..

https://www.virustotal.com/en/file/0e2c ... 491677306/
Trik v2.7
Code: Select all
C:\Users\s\Desktop\Home\Code\Trik v2.7 - Work\Release\Trik.pdb  
Phorpiex spam bot under dotnet obfuscator. Completely unpacked in attach.

Posts moved.

Re: Malware collection

 by EP_X0FF ¦  Mon Jan 07, 2019 5:39 am ¦  Forum: Malware ¦  Topic: Win32/Betabot (alias Neurevt) ¦  Replies: 59 ¦  Views: 116898

SHA256: a70b7ed2aceac7b591bd64950fda5d358bc6d64d175fff61156a3eedc3a3f629 Dateiname: disableTrial.exe https://virustotal.com/de/file/a70b7ed2aceac7b591bd64950fda5d358bc6d64d175fff61156a3eedc3a3f629/analysis/ Ref http://www.kernelmode.info/forum/viewtopic.php?p=30676#p30676 (it is hard to split posts...

Re: Malware collection

 by EP_X0FF ¦  Mon Jan 07, 2019 5:33 am ¦  Forum: Malware ¦  Topic: RevengeRAT ¦  Replies: 5 ¦  Views: 738

backdoor SHA256: 46917915419ce17cbde789b5b73a3b5af518b370ec37f575906a2e93e4fc5a1d Dateiname: REV.exe https://virustotal.com/de/file/46917915419ce17cbde789b5b73a3b5af518b370ec37f575906a2e93e4fc5a1d/analysis/ Revenge RAT. After decrypting payload dropper inject it to the the %WINDIR%\Microsoft.NET\Fr...

Re: Malware collection

 by EP_X0FF ¦  Mon Jan 07, 2019 4:55 am ¦  Forum: Malware ¦  Topic: Joke/HiddenSabotage ¦  Replies: 1 ¦  Views: 396

ikolor wrote: Mon Oct 23, 2017 5:07 pm hi

https://www.virustotal.com/#/file/4c98c ... /detection
Turkish origin joke named "Hidden Sabotage".
Code: Select all
C:\Users\Tayfun\Documents\Visual Studio 2013\Projects\Zamanlı İşlemler\Zamanlı İşlemler\obj\Debug\Zamanlı İşlemler.pdb

Re: Malware collection

 by EP_X0FF ¦  Mon Jan 07, 2019 4:14 am ¦  Forum: Malware ¦  Topic: Win32/Unwaders ¦  Replies: 1 ¦  Views: 363

ikolor wrote: Fri Sep 21, 2018 8:43 pm hi

https://www.virustotal.com/en/file/69f6 ... 537562459/
It seems it is a MSIMG32 proxy dll. Probably part of SoftwareBundler/Adware. Posts moved.

  • 1
  • 3
  • 4
  • 5
  • 6
  • 7
  • 432