A forum for reverse engineering, OS internals and malware analysis 

Forum for analysis and discussion about malware.
 #29754  by tildedennis
 Mon Dec 19, 2016 8:14 pm
dropper: https://www.virustotal.com/en/file/ff83 ... /analysis/
main: https://www.virustotal.com/en/file/25a3 ... /analysis/
mitb: https://www.virustotal.com/en/file/53af ... /analysis/

c2:
Code: Select all
hxxp://85.69.197.19/PanelDark/client.php


components attached, likely test/development samples.
You do not have the required permissions to view the files attached to this post.
 #29959  by TheExecuter
 Mon Feb 13, 2017 9:45 am
The main file shouldn't execute properly.
RtlAdjustPrivilege's 4th param is null. It'll crash for access violation.
how'd you extract the dlls?
 #29968  by tildedennis
 Tue Feb 14, 2017 4:11 pm
statically. they're stored compressed in the dropper and can be carved out and RtlDecompressBuffer'd.