A forum for reverse engineering, OS internals and malware analysis 

Search found 163 matches

 Go to advanced search

Re: ZeroAccess (alias MaxPlus, Sirefef)

 by rough_spear ¦  Sat Sep 14, 2013 7:44 am ¦  Forum: Malware ¦  Topic: ZeroAccess (alias MaxPlus, Sirefef) ¦  Replies: 557 ¦  Views: 572327

Hi All,

one more sample of Sirefef.

MD5 - 456D4D94B65C44C8B42901F2D87538A6

VT link - https://www.virustotal.com/en/file/0853 ... /analysis/

Regards,

rough_spear. ;)

Re: Win32/Zeus (alias Zbot)

 by rough_spear ¦  Tue Sep 10, 2013 11:23 am ¦  Forum: Malware ¦  Topic: Win32/Zeus (alias Zbot) ¦  Replies: 281 ¦  Views: 364454

Hi All,

Zbot sample with low detection.

MD5 - f2583374f538f95198490f2e019e3430

VT - https://www.virustotal.com/en/file/4b0a ... 378811356/ (7 / 47).

Regards,

rough_spear. ;)

Re: Virus:Win32/Virut

 by rough_spear ¦  Sun Aug 18, 2013 7:34 pm ¦  Forum: Malware ¦  Topic: Virus:Win32/Virut ¦  Replies: 14 ¦  Views: 15505

Hi All,

Virut sample!!! low detection.

VT link - https://www.virustotal.com/en/file/4df2 ... 376853761/


Regards,

rough_spear. ;)

Re: Win32/Bladabindi (NJ RAT)

 by rough_spear ¦  Sat Aug 17, 2013 12:32 pm ¦  Forum: Malware ¦  Topic: Win32/Bladabindi (NJ RAT) ¦  Replies: 17 ¦  Views: 24515

It seems that Bladabindi is on the prowl, one more sample.

MD5 - A47C6E1861C6935CA98185C8D5C3795A

VT link - https://www.virustotal.com/en/file/0273 ... 376742132/

Regards,

rough_spear. ;)

Re: Win32/Bladabindi (NJ RAT)

 by rough_spear ¦  Sat Aug 17, 2013 11:16 am ¦  Forum: Malware ¦  Topic: Win32/Bladabindi (NJ RAT) ¦  Replies: 17 ¦  Views: 24515

Hi All,

One more sample file of this malware.

MD5 - BD1D660819EE54457794F31B8AB1FDE2

VT link - https://www.virustotal.com/en/file/4128 ... 376738064/

Regards,

rough_spear. ;)

Re: Worm:Win32/Vobfus

 by rough_spear ¦  Fri Aug 09, 2013 8:36 pm ¦  Forum: Malware ¦  Topic: Win32/Pronny (alias Beebone) ¦  Replies: 6 ¦  Views: 4404

Hi, one more observation by me is that it adds secret.exe into every .zip and .rar file to increase it attack surface. Absolutely correct my friend Blaze. Saw more of these recently as well, annoying autorun worm. Spreads via shares, hides folders and creates new .exe files with the folder name in a...

Re: Win32/Bladabindi (NJ RAT)

 by rough_spear ¦  Fri Aug 09, 2013 8:13 pm ¦  Forum: Malware ¦  Topic: Win32/Bladabindi (NJ RAT) ¦  Replies: 17 ¦  Views: 24515

Hi All, This malware has an excellent capability of key logging.After execution it drops file java.exe in %temp% and created java.exe.tmp file where it actually stores all the key strokes from user. MD5 - 30E363C63AB1BA3BA87AD281E31CA223 VT link - https://www.virustotal.com/en/file/ed87c99769ce45c37...

Re: Worm:Win32/Vobfus

 by rough_spear ¦  Fri Aug 09, 2013 12:15 pm ¦  Forum: Malware ¦  Topic: Win32/Pronny (alias Beebone) ¦  Replies: 6 ¦  Views: 4404

Absolutely correct my friend Blaze. Saw more of these recently as well, annoying autorun worm. Spreads via shares, hides folders and creates new .exe files with the folder name in attempt to spread. Drops these: Porn.exe Sexy.exe Secret.exe Passwords.exe Also known as Symmi or Pronny: http://www.wel...

Win32/Pronny (alias Beebone)

 by rough_spear ¦  Thu Aug 08, 2013 9:07 pm ¦  Forum: Malware ¦  Topic: Win32/Pronny (alias Beebone) ¦  Replies: 6 ¦  Views: 4404

Hi All, New 8 files of worm:Win32/Vobfus. list of md5s 0378295CAA597C03C4AB03E0D05376E8 20258E9E021332B4C2635E559E6A3571 2419DB8237D6019D7976D90F576C03DA 51AE659C5179AFD3FE4D4AB7268889D0 5A47F39A008B1E3791F72CA4BA8F4F66 601C34861B00C0EFB016692EAAEAC5B0 7D9EF029DC86D15E6364E6F18EAA9DE9 CA1A4DB825A65B...

Re: Win32/Zeus (alias Zbot)

 by rough_spear ¦  Fri Aug 02, 2013 6:07 am ¦  Forum: Malware ¦  Topic: Win32/Zeus (alias Zbot) ¦  Replies: 281 ¦  Views: 364454

Hi All,

ZBOT mentioned in http://www.kernelmode.info/forum/postin ... 74#pr20302

Regards,

rough_spear.

  • 1
  • 2
  • 3
  • 4
  • 5
  • 17