Trojan SpyEye (alias Pincav)

Forum for analysis and discussion about malware.
User avatar
Meriadoc
Posts: 195
Joined: Sat Mar 13, 2010 7:36 pm
Location: Cymru

Re: Trojan SpyEye (alias Pincav)

Post by Meriadoc » Mon Oct 25, 2010 12:20 am

Thanks, this is more advanced than the 1.0.7 builder I found.
Who controls the past controls the future
Who controls the present controls the past

User avatar
gjf
Posts: 198
Joined: Mon Mar 15, 2010 10:23 am
Location: Where I lay my head is home
Contact:

Re: Trojan SpyEye (alias Pincav)

Post by gjf » Mon Oct 25, 2010 9:17 am

Meriadoc wrote:Thanks, this is more advanced than the 1.0.7 builder I found.
If you will look through the second link you will find that author states he put the backdoor in 1.0.7 ;)
VirusInfo / Defendium / SafeZone Helpers Crew

User avatar
Meriadoc
Posts: 195
Joined: Sat Mar 13, 2010 7:36 pm
Location: Cymru

Re: Trojan SpyEye (alias Pincav)

Post by Meriadoc » Mon Oct 25, 2010 10:56 am

Yes :) I've been following the various forum posts.
Who controls the past controls the future
Who controls the present controls the past

Jaxryley
Posts: 140
Joined: Mon Mar 15, 2010 7:49 am

Re: Trojan SpyEye (alias Pincav)

Post by Jaxryley » Tue Oct 26, 2010 10:03 am

hxxp://208.53.183.158/O.exe
O.exe drops a few including a :
ltzqai.exe - 6/42 - Kaspersky - Trojan.Win32.Pincav.ajid
http://www.virustotal.com/file-scan/rep ... 1288086662
O exe and Droppers.rar
You do not have the required permissions to view the files attached to this post.

User avatar
EP_X0FF
Global Moderator
Posts: 4884
Joined: Sun Mar 07, 2010 5:35 am
Location: Russian Federation
Contact:

Re: Trojan SpyEye (alias Pincav)

Post by EP_X0FF » Thu Nov 04, 2010 1:52 pm

Yet another public directory.

hxxp://88.198.36.61/main/bin/

in attach all stuff collected.
You do not have the required permissions to view the files attached to this post.
Ring0 - the source of inspiration

User avatar
gjf
Posts: 198
Joined: Mon Mar 15, 2010 10:23 am
Location: Where I lay my head is home
Contact:

Re: Trojan SpyEye (alias Pincav)

Post by gjf » Sun Nov 07, 2010 10:22 pm

Not sure I have seen it in this forum.
SpyEye Tracker
VirusInfo / Defendium / SafeZone Helpers Crew

User avatar
EP_X0FF
Global Moderator
Posts: 4884
Joined: Sun Mar 07, 2010 5:35 am
Location: Russian Federation
Contact:

Re: Trojan SpyEye (alias Pincav)

Post by EP_X0FF » Sun Nov 07, 2010 11:26 pm

Excellent news. According abuse.ch this service was started just right now, 7 November 2010. Link added to malware sources, thanks.
Ring0 - the source of inspiration

Jaxryley
Posts: 140
Joined: Mon Mar 15, 2010 7:49 am

SpyEye - Tdss ?

Post by Jaxryley » Thu Nov 11, 2010 10:02 am

Sample if anyone cares to take a look.
YHgugz.exe - 12/43 - MD5 : 733e1744ec34df6763c9e8fcf12d3518
http://www.virustotal.com/file-scan/rep ... 1289466119

NOD32 - Win32/Spy.SpyEye.BY

GData - Trojan.Tdss.4162
You do not have the required permissions to view the files attached to this post.
Last edited by EP_X0FF on Thu Nov 11, 2010 10:47 am, edited 1 time in total.
Reason: attach reuploaded, malware samples must be in password-protected archives

User avatar
EP_X0FF
Global Moderator
Posts: 4884
Joined: Sun Mar 07, 2010 5:35 am
Location: Russian Federation
Contact:

Re: SpyEye - Tdss ?

Post by EP_X0FF » Thu Nov 11, 2010 10:37 am

This is SpyEye.
SpyEye_Stop Start SpyEye_Start Init SpyEye_Init
Ring0 - the source of inspiration

nullptr
Posts: 209
Joined: Sun Mar 14, 2010 6:35 am

Re: Trojan SpyEye (alias Pincav)

Post by nullptr » Fri Nov 12, 2010 8:36 am

SpyEye + dumped + strings
You do not have the required permissions to view the files attached to this post.

Post Reply