A forum for reverse engineering, OS internals and malware analysis 

Discussion on reverse-engineering and debugging.
 #17266  by Tigzy
 Tue Dec 18, 2012 6:01 pm
Hello

Just wanted to open this thread to list every MBR dump we can find ITW (malware or not) and help to determine if unknown MBR are legit or not, and their owner (some are custom MBR made by manufacturers)

You can use this tool to parse the informations > http://tigzy.geekstogo.com/Tools/readMBR.exe
I use it in command line with the path of the dump as parameter, and redirect the flow into a file to get Bootstrap HASH
Files attached with each dump contains HASH (bootstrap + file) and VT scan link

More coming....
List:
19/02/2012 11:30 512 7x64-2.dat
18/12/2012 18:47 196 7x64-2.txt
19/02/2012 11:30 512 7x86.dat
18/12/2012 18:49 204 7x86.txt
19/02/2012 11:30 512 Acertatooed.dat
18/12/2012 18:50 204 Acertatooed.txt
12/12/2012 12:32 512 Alipop.dat
18/12/2012 18:52 204 Alipop.txt
28/02/2012 19:45 512 bitlock2.dat
18/12/2012 18:54 204 bitlock2.txt
19/02/2012 11:30 512 Grub.dat
18/12/2012 18:55 204 Grub.txt
19/02/2012 11:30 512 HPtatooed.dat
18/12/2012 18:56 204 HPtatooed.txt
MBRs.rar
You do not have the required permissions to view the files attached to this post.
 #17267  by Tigzy
 Tue Dec 18, 2012 6:12 pm
28/02/2012 19:45 512 KIWI.dat
18/12/2012 19:04 196 KIWI.txt
19/02/2012 11:30 512 maxSS.dat
18/12/2012 19:05 204 maxSS.txt
12/12/2012 12:32 512 mebroot.dat
18/12/2012 19:06 204 mebroot.txt
19/02/2012 11:30 512 mybios.dat
18/12/2012 19:07 204 mybios.txt
19/02/2012 11:30 512 pihar.dat
18/12/2012 19:08 204 pihar.txt
19/02/2012 11:30 446 pihar_uncrypted.dat
18/12/2012 19:09 204 pihar_uncrypted.txt
29/11/2012 20:21 512 Plite.dat
18/12/2012 19:10 204 Plite.txt
MBRs2.rar
You do not have the required permissions to view the files attached to this post.