A forum for reverse engineering, OS internals and malware analysis 

Forum for analysis and discussion about malware.
 #3211  by Meriadoc
 Mon Oct 25, 2010 12:20 am
Thanks, this is more advanced than the 1.0.7 builder I found.
 #3214  by gjf
 Mon Oct 25, 2010 9:17 am
Meriadoc wrote:Thanks, this is more advanced than the 1.0.7 builder I found.
If you will look through the second link you will find that author states he put the backdoor in 1.0.7 ;)
 #3215  by Meriadoc
 Mon Oct 25, 2010 10:56 am
Yes :) I've been following the various forum posts.
 #3330  by EP_X0FF
 Thu Nov 04, 2010 1:52 pm
Yet another public directory.

hxxp://88.198.36.61/main/bin/

in attach all stuff collected.
You do not have the required permissions to view the files attached to this post.
 #3377  by EP_X0FF
 Sun Nov 07, 2010 11:26 pm
Excellent news. According abuse.ch this service was started just right now, 7 November 2010. Link added to malware sources, thanks.
 #3419  by Jaxryley
 Thu Nov 11, 2010 10:02 am
Sample if anyone cares to take a look.
hxxp://www.derquda.com/sv/YHgugz.exe
YHgugz.exe - 12/43 - MD5 : 733e1744ec34df6763c9e8fcf12d3518
http://www.virustotal.com/file-scan/rep ... 1289466119

NOD32 - Win32/Spy.SpyEye.BY

GData - Trojan.Tdss.4162
You do not have the required permissions to view the files attached to this post.
Last edited by EP_X0FF on Thu Nov 11, 2010 10:47 am, edited 1 time in total. Reason: attach reuploaded, malware samples must be in password-protected archives
 #3421  by EP_X0FF
 Thu Nov 11, 2010 10:37 am
This is SpyEye.
SpyEye_Stop Start SpyEye_Start Init SpyEye_Init
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 42