A forum for reverse engineering, OS internals and malware analysis 

Forum for analysis and discussion about malware.
 #4682  by kmd
 Mon Jan 24, 2011 5:27 am
new spyeye 1.3 with anti TrusteerRapport module has been released on black market.
any sample?
 #4685  by EP_X0FF
 Mon Jan 24, 2011 8:01 am
Enjoy :)

Author added "short to long" jumps.
You do not have the required permissions to view the files attached to this post.
 #4686  by PX5
 Mon Jan 24, 2011 8:11 am
publisher....: Trusteer Ltd.
copyright....: (c) Trusteer Ltd. All rights reserved.
product......: Rapport
description..: RapportService
original name: RapportService
internal name: RapportService
file version.: 3.5.1007.28
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned


Give this one a try. ;)


http://owned-nets.blogspot.com/2011/01/ ... osted.html

80.91.191.156/boss/bin/jupdate.exe appears alive and downloadable as well.
You do not have the required permissions to view the files attached to this post.
 #4704  by nullptr
 Mon Jan 24, 2011 5:13 pm
Here's the RapportService sample dumped and fixed so that it'll run on VMs.
Pretty lame antiVM, lol
You do not have the required permissions to view the files attached to this post.
 #4707  by EP_X0FF
 Mon Jan 24, 2011 5:30 pm
Xylitol wrote:@nullptr, bsod for me
that's interesting, what kind of? Page fault?
 #4752  by kmd
 Thu Jan 27, 2011 4:19 am
EP_X0FF wrote:Enjoy :)

Author added "short to long" jumps.
yea exactly what i was looking for
thx

deadly effective against rapport
 #4754  by EP_X0FF
 Thu Jan 27, 2011 7:07 am
kmd wrote:deadly effective against rapport
Are you sure? Guys from Rapport dev has a different opinion :)
(unless they will silently update their soft in few days/weeks)
  • 1
  • 5
  • 6
  • 7
  • 8
  • 9
  • 42