Ransom/AveMaria

Forum for analysis and discussion about malware.
Post Reply
User avatar
EP_X0FF
Global Moderator
Posts: 4883
Joined: Sun Mar 07, 2010 5:35 am
Location: Russian Federation
Contact:

Ransom/AveMaria

Post by EP_X0FF » Wed Feb 27, 2019 2:22 pm

https://www.zdnet.de/88351787/malware-a ... usweitung/
https://securityaffairs.co/wordpress/79 ... lware.html

Primitive copy-paste ransomware.

VT
https://www.virustotal.com/en/file/0cc9 ... 551276309/

Contain UAC bypass from this topic http://www.kernelmode.info/forum/viewto ... mgr#p28872, pkgmgr uacme #23. Author managed to trash it down to his mad skills level. Specifically the only thing I was interested in this sample. Malware implemented this method as standalone executable(!) and standalone payload dll stored in the resources of executable. In attach as uacbypass.zip.

Image
You do not have the required permissions to view the files attached to this post.
Ring0 - the source of inspiration

Post Reply