XKeyScore

Forum for analysis and discussion about malware.
Post Reply
MalwareInfo
Posts: 6
Joined: Sat Oct 01, 2016 3:37 am

Sun Oct 01, 2017 3:49 am

This malware may be using OutputDebugString as an anti-debugging technique.I am not familiar with this technique,so how to fix it? Any help would be greatly appreciated!
You do not have the required permissions to view the files attached to this post.
Last edited by Xylitol on Thu Jan 24, 2019 4:32 pm, edited 1 time in total.
Reason: edited topic title
User avatar
Xylitol
Global Moderator
Posts: 1684
Joined: Sat Apr 10, 2010 5:54 pm
Location: Seireitei, Soul Society
Contact:

Sun Oct 01, 2017 9:24 am

in attachment unpacked keylogger, 8/64 on VT https://www.virustotal.com/en/file/5fb7 ... 506849125/
payload is took from ressource and then decoded, ending up with a file you can upx -d, appear coded in delphi

Code: Select all

ASCII "C:\\Downloads\\FUD\\XKey\\autorunreg.pas"
ASCII "----------------------------------------------------------------------------------------------------"
ASCII "\r\n"
ASCII "[<<]"
ASCII "[Tab]"
ASCII "[Esc]"
ASCII "[PrtScr]"
ASCII "[Del]"
ASCII "[Num Lock]"
ASCII "\r\n\r\n================================== 0USER0 - "
ASCII "[ Áóôåð îáìåíà - Clipboard - "
ASCII "nynewsguardianinternet.com"
ASCII "text="
ASCII "/upwin/index.php"
ASCII "Content-Type: application/x-www-form-urlencoded"
ASCII "GetAsyncKeyState"
KeyloggerTimer
AtivarTimer
DesativarTimer
host where it send datas is down and file is 2 years old.
You do not have the required permissions to view the files attached to this post.
sysopfb
Posts: 97
Joined: Thu Oct 23, 2014 1:22 am
Contact:

Thu Jan 17, 2019 4:25 pm

Sorry for necroing but this is XKeyScore , found topic while looking at another sample

Panel attached from a different C2 server
You do not have the required permissions to view the files attached to this post.
Post Reply