A forum for reverse engineering, OS internals and malware analysis 

Forum for analysis and discussion about malware.
 #32633  by EP_X0FF
 Wed Feb 27, 2019 2:22 pm
https://www.zdnet.de/88351787/malware-a ... usweitung/
https://securityaffairs.co/wordpress/79 ... lware.html

Primitive copy-paste ransomware.

VT
https://www.virustotal.com/en/file/0cc9 ... 551276309/

Contain UAC bypass from this topic http://www.kernelmode.info/forum/viewto ... mgr#p28872, pkgmgr uacme #23. Author managed to trash it down to his mad skills level. Specifically the only thing I was interested in this sample. Malware implemented this method as standalone executable(!) and standalone payload dll stored in the resources of executable. In attach as uacbypass.zip.

Image
You do not have the required permissions to view the files attached to this post.