A forum for reverse engineering, OS internals and malware analysis 

Forum for analysis and discussion about malware.
 #30999  by sysopfb
 Thu Nov 16, 2017 1:09 am
Magical builtin hijack.

Attached is a sample from 19sep with the anti layer in the crypter they are referring to.
You do not have the required permissions to view the files attached to this post.
 #31290  by tomatto007
 Fri Feb 23, 2018 6:06 am
Antelox wrote:
ikolor wrote:thanks the same shit

https://www.virustotal.com/#/file/dfd70 ... /detection
Geodo/Emotet doc downloader.
Download this: https://www.virustotal.com/en/file/a267 ... /analysis/

BR,

Antelox
FILES ADDED:
%LOCAL APPDATA%\MICROSOFT\WINDOWS\ISONET.EXE

VALUES ADDED:
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ISONET: "%LOCAL APPDATA%\MICROSOFT\WINDOWS\ISONET.EXE"