A forum for reverse engineering, OS internals and malware analysis 

Forum for analysis and discussion about malware.
 #13375  by rkhunter
 Wed May 23, 2012 7:12 am
360Tencent wrote:http://blog.gdatasoftware.com/blog/arti ... -name.html

SHA256: show in "an interesting spyeye build"

and maybe kaspersky also found it

http://www.securelist.com/en/blog/208193513/Big_Brother
MD5: 1a47e3325f64a60442666de6f3184d56
SHA256: f9d0beaba8b5fd62a3f18e13be94470344dbb1db9e4b088158dbb1374f0828cb
Trojan:Win32/EyeStye.N
You do not have the required permissions to view the files attached to this post.
 #16349  by kmd
 Tue Oct 30, 2012 7:13 pm
1.3.48 builder fully cracked
credits to banned from opensc
pass infected
You do not have the required permissions to view the files attached to this post.
 #16689  by Xylitol
 Sun Nov 18, 2012 11:20 pm
SpyEye loaded onto http loader used by HF skids for selling installs hxxp://fpbb.com.br/images/zeusyo.exe
VT: 3/44 >> https://www.virustotal.com/file/7adfaff ... 353266757/
Code: Select all
cn1: hxxp://control.av-update-server.net/~ciscoFirewall/
md5 pw: 546e89665afe59ee8d5748f6e2c83f85
Small botnet: 593 offline, 232 online with no back connect db, looks like they are guys stupid enought to use this.
You do not have the required permissions to view the files attached to this post.
 #16692  by EP_X0FF
 Mon Nov 19, 2012 3:12 am
Xylitol wrote:SpyEye loaded onto http loader used by HF skids for selling installs hxxp://fpbb.com.br/images/zeusyo.exe
VT: 3/44 >> https://www.virustotal.com/file/7adfaff ... 353266757/
Code: Select all
cn1: hxxp://control.av-update-server.net/~ciscoFirewall/
md5 pw: 546e89665afe59ee8d5748f6e2c83f85
Small botnet: 593 offline, 232 online with no back connect db, looks like they are guys stupid enought to use this.
ver=10348

Decrypted dropper and decrypted config in attach.

Pass for config: 5076848FB39AC6DD00000051E39468E3

Must be HF l33t kids used leaked and cracked builder.
You do not have the required permissions to view the files attached to this post.
 #17392  by STRELiTZIA
 Thu Dec 27, 2012 8:53 am
hxxp://www.chengdaepe.com/system/gate.php;90
hxxp://members-save.com/components/gate.php;90
hxxp://www.sibylleallgaier.com/wp-content/gate.php;90
hxxp://www.paydaysupermarket.com/wp-content/gate.php;90
hxxp://btmir.ru/admin/gate.php;90
hxxp://www.stoneplus.cn/it/gate.php;90
hxxp://uttraining.com/data/gate.php;90
95.170.86.84:443
Password to unzip config: 4B234ADDC6118EAB4B2678E3F694E9FE
You do not have the required permissions to view the files attached to this post.
  • 1
  • 38
  • 39
  • 40
  • 41
  • 42