Win32/Encoder

Forum for analysis and discussion about malware.
Post Reply
bao
Posts: 20
Joined: Sat Sep 22, 2012 9:27 pm

Win32/Encoder

Post by bao » Wed Jul 09, 2014 9:50 pm

Code: Select all

hxxp://specmail.info/fssp6.lzh
https://www.virustotal.com/ru/file/a8aa ... /analysis/
The encoder will be downloaded from link. The file is in attach just in case.
You do not have the required permissions to view the files attached to this post.
Last edited by EP_X0FF on Thu Jul 10, 2014 6:05 am, edited 2 times in total.
Reason: Malware samples must be placed in password protected archive

User avatar
EP_X0FF
Global Moderator
Posts: 4882
Joined: Sun Mar 07, 2010 5:35 am
Location: Russian Federation
Contact:

Re: support@casinomtgox.com

Post by EP_X0FF » Thu Jul 10, 2014 6:05 am

Delphi trash encoder.

Cryptor->Armadillo->UPX->Delphi.

In attach unpacked.

Target file extensions (on drive C:\)

Code: Select all

.jpg
.jpeg
.doc
.rtf
.xls
.zip
.db3
.rar
.7z
.kwm
.docx
.pdf
.arj
.csv
.xlsm
.key
.cer
.mpeg
.accdb
.psd
.mov
.odt
.ppt
.mdb
.dwg
.dt
.gsf
.ppsx
.pptx
.xlsx
.1cd
.dbf
For encryption it seems uses this https://github.com/SnakeDoctor/FGInt, see https://github.com/SnakeDoctor/FGInt/bl ... IntRSA.pas
You do not have the required permissions to view the files attached to this post.
Ring0 - the source of inspiration

bao
Posts: 20
Joined: Sat Sep 22, 2012 9:27 pm

Re: Win32/Encoder

Post by bao » Tue Jul 29, 2014 10:57 am

You do not have the required permissions to view the files attached to this post.

bao
Posts: 20
Joined: Sat Sep 22, 2012 9:27 pm

Re: Win32/Encoder

Post by bao » Wed Nov 12, 2014 10:43 am

You do not have the required permissions to view the files attached to this post.

Post Reply