A forum for reverse engineering, OS internals and malware analysis 

Forum for analysis and discussion about malware.
 #20604  by unixfreaxjp
 Mon Aug 26, 2013 7:41 am
Somehow I can not upload the sample archive, so the below is download link.
The today's round of kelihos binaries full set samples:
http://www.mediafire.com/?8jdc0zz4yxay4jg
Detection ratio in average today is 15/46

VT link is for members only (security purpose)
You do not have the required permissions to view the files attached to this post.
 #22471  by Win32:Virut
 Tue Mar 18, 2014 6:54 pm
Could someone check what is that? It downloads a Kelihos and Simda sample for me.
You do not have the required permissions to view the files attached to this post.
 #22475  by EP_X0FF
 Wed Mar 19, 2014 3:02 am
Hello,

it is very simple dedicated Kelihos/Waledac downloader (TrojanDownloader:Win32/Waledac). Decrypted in attach.

But I found a piece of funny code.
kelihos_fail.png
Posts moved.
You do not have the required permissions to view the files attached to this post.
 #22497  by wacked2
 Thu Mar 20, 2014 7:38 pm
EP_X0FF wrote:Hello,

it is very simple dedicated Kelihos/Waledac downloader (TrojanDownloader:Win32/Waledac). Decrypted in attach.

But I found a piece of funny code.
kelihos_fail.png
Posts moved.
I like the LoadLibrary("kernel32.dll") in BlackEnergy and some codes of HF people more..
 #22536  by forty-six
 Mon Mar 24, 2014 2:26 pm
Code: Select all
GET /mod2/5minut1 .exe 

Host: 87 .224 .219 .174
You do not have the required permissions to view the files attached to this post.
 #22563  by darkladdie
 Wed Mar 26, 2014 3:01 am
what is the password to the file? the usually one is not working. Thanks in advance.
 #22564  by darkladdie
 Wed Mar 26, 2014 3:07 am
never mind about my previous reply. The problem wtih the unzpping program I was using.
  • 1
  • 4
  • 5
  • 6
  • 7
  • 8
  • 10