A forum for reverse engineering, OS internals and malware analysis 

Forum for analysis and discussion about malware.
 #14161  by Xylitol
 Fri Jun 22, 2012 7:59 am
dumb110 wrote:anybody has this one??
https://www.virustotal.com/file/cb3409b ... 340335311/

:lol:
why don't you ask malwarebytes guys for these samples ? they are all posted.
You do not have the required permissions to view the files attached to this post.
 #15172  by rkhunter
 Tue Aug 14, 2012 9:26 am
Another Worm:Win32/Gamarue.I sample

SHA256: a314f9bd29b16716f2bffd13661bfcad36531874c9c8cbf52b3461c2611fee20
SHA1: ea712090dd30c8f52b76209f6a0b094c2130866a
MD5: 7b774e8e9ef31241339f17632f70ba45

https://www.virustotal.com/file/a314f9b ... /analysis/
You do not have the required permissions to view the files attached to this post.
 #15258  by Aleksandra
 Mon Aug 20, 2012 6:31 am
MD5: fd79ef59cc3174e4a82e3501b9413871
SHA1: c610ac661110aaecdd298c74903fcfc6e3a8aafe
https://www.virustotal.com/file/ed17e91 ... /analysis/

Creates a new value under this key: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Registry Value = SunJavaUpdateSched
File path = C:\Documents and Settings\All Users\svchost.exe (same MD5)
Opens port: 8000
You do not have the required permissions to view the files attached to this post.
  • 1
  • 2
  • 3
  • 4
  • 5
  • 13