A forum for reverse engineering, OS internals and malware analysis 

Forum for analysis and discussion about malware.
 #11461  by rkhunter
 Mon Feb 06, 2012 7:31 am
Actual 14 samples.
You do not have the required permissions to view the files attached to this post.
 #11537  by rkhunter
 Fri Feb 10, 2012 7:29 am
15 samples, observed since 6 Feb.
You do not have the required permissions to view the files attached to this post.
 #11629  by rkhunter
 Wed Feb 15, 2012 8:07 am
12 samples of last 4 days
You do not have the required permissions to view the files attached to this post.
 #11664  by rkhunter
 Fri Feb 17, 2012 7:51 am
16 samples of last two days
You do not have the required permissions to view the files attached to this post.
 #11666  by EX!
 Fri Feb 17, 2012 5:57 pm
zbot
SHA256: d692760e4614ae96f281522c80996e1ed9d31f29f5f9d4dbbd75481f649c2bb7
Detecciones: 1 / 42

NOD32 a variant of Win32/Injector.OEC 20120217


:D
You do not have the required permissions to view the files attached to this post.
 #11690  by rkhunter
 Sat Feb 18, 2012 6:06 pm
markusg wrote:i think its zbot
SHA256:
3f2cc71d5aa1c91ff84ac32e2eb18c24e2ca9c57ef8999a210ba00e4636cff1b 
Not ZBot (already by behaviour).
But GEMA.

Image
 #11728  by rkhunter
 Tue Feb 21, 2012 2:53 pm
11 droppers of last few days
You do not have the required permissions to view the files attached to this post.
 #11799  by rkhunter
 Fri Feb 24, 2012 6:12 pm
13 ZBot droppers, last few days observed
You do not have the required permissions to view the files attached to this post.
  • 1
  • 4
  • 5
  • 6
  • 7
  • 8
  • 29