Page 4 of 12

Re: Trojan Ransom / FakePoliceAlert

PostPosted:Fri Dec 02, 2011 12:16 pm
by EP_X0FF
markusg wrote:0.837970031559333.exe
MD5   : 4c11c67ff7f05a9a77200d4659c6ef4f
http://www.virustotal.com/file-scan/rep ... 1322822552
Ransom BundezPolizei deploying as dll that spawns IE copy on specially allocated desktop with warning message located at -> 194.28.132.231

Re: Trojan Ransom / FakePoliceAlert

PostPosted:Sat Dec 03, 2011 7:22 pm
by markusg
svhcost.exe
MD5   : eb7b3e1ef5c07a5ff6d2f72f1a8adaa3
https://www.virustotal.com/file-scan/re ... 1322939539

Re: Trojan Ransom / FakePoliceAlert

PostPosted:Sat Dec 03, 2011 8:23 pm
by GMax
markusg wrote:svhcost.exe
MD5   : eb7b3e1ef5c07a5ff6d2f72f1a8adaa3
https://www.virustotal.com/file-scan/re ... 1322939539
Image

Image

C&C: banderose.jino.ru

Re: Trojan Ransom / FakePoliceAlert

PostPosted:Mon Dec 05, 2011 3:42 pm
by markusg
dr5j56iud56.exe
MD5   : ab48f926417c5ae2bc19aeee7b6a6165
https://www.virustotal.com/file-scan/re ... 1323098592

Re: Trojan Ransom / FakePoliceAlert

PostPosted:Mon Dec 05, 2011 5:01 pm
by GMax
markusg wrote:dr5j56iud56.exe
MD5   : ab48f926417c5ae2bc19aeee7b6a6165
https://www.virustotal.com/file-scan/report.html?id=482f69d9eeb910f4bb60b41239a05b24010be1f8edac39dacc5971cde43bb51b-1323098592
Image

used dWinlock (http://www.kassl.de) to disable special keyboard shortcuts

webform hxxp://gemapayment.net/gibmirgeld_de/index.php

unpacked file:
Size: 2119 Kb (2170288 byte)
Data/Time compile: 19.06.1992 / 22:22:17 UTC
MD5: c6a425a7563c4b2a759407890c7ab1d7
www.virustotal.com

Re: Trojan Ransom / FakePoliceAlert

PostPosted:Thu Dec 08, 2011 8:20 pm
by markusg
hostrun.exe
MD5   : 1fd8f14161c79fc4d2adb2da7bf865c6
http://www.virustotal.com/file-scan/rep ... 1323374526

Re: Trojan Ransom / FakePoliceAlert

PostPosted:Fri Dec 09, 2011 3:33 pm
by markusg
seryhse5u.exe
MD5   : b7fd16e439c97dc62c31b4039bb62919
https://www.virustotal.com/file-scan/re ... 1323444146

Re: Trojan Ransom / FakePoliceAlert

PostPosted:Fri Dec 09, 2011 6:27 pm
by GMax
markusg wrote:hostrun.exe
MD5   : 1fd8f14161c79fc4d2adb2da7bf865c6
http://www.virustotal.com/file-scan/rep ... 1323374526
Image

Image

С&C: banduman.ru

Re: Trojan Ransom / FakePoliceAlert

PostPosted:Fri Dec 09, 2011 7:04 pm
by GMax
markusg wrote:seryhse5u.exe
MD5   : b7fd16e439c97dc62c31b4039bb62919
https://www.virustotal.com/file-scan/re ... 1323444146
Equal to this: fhttp://www.kernelmode.info/orum/viewtopic.php? ... =40#p10157

Re: Trojan Ransom / FakePoliceAlert

PostPosted:Wed Dec 14, 2011 8:21 pm
by markusg
firefox.exe
MD5   : 61ae78c270fdb7a1038e92999a317968
http://www.virustotal.com/file-scan/rep ... 1323893416