A forum for reverse engineering, OS internals and malware analysis 

Forum for completed malware requests.
 #5607  by korczyn
 Wed Mar 23, 2011 5:13 pm
Hi,

I would like to ask if someone has a sample of Worm.Skipi.g

other aliases by threatexpert:
* Worm.Skipi.g [PCTools]
* Worm.Win32.Skipi.g [Kaspersky Lab]
* Mal/Behav-043, Mal/Behav-103 [Sophos]
* PWS:Win32/Phorex.A [Microsoft]

more info:
http://www.threatexpert.com/report.aspx ... ee3b563424
http://support.clean-mx.de/clean-mx/md5 ... 32/Skipi.g

md5: b6b1985142e4ad9846d3ffee3b563424

...by the use of md5 I found potential malicious links in the database:
http://honeywhales.com/malware_samples/list ...but no longer available

I'd like to observe the behaviour of automatically messaging my Skype contacts from my Skype name and offers them the malicious download link.

Thanks!
 #5614  by Meriadoc
 Thu Mar 24, 2011 9:29 am
Hello,

I have two Worm.Win32.Skipi.b in collection
a worm that sends instant-messages on behalf of a user logged into Skype
md5 : ED6BB008B67AF3BC5D388AB0C16F5DC1
md5 : 8527F1C84E0E137A9A3111CE40014F9C

HTH
You do not have the required permissions to view the files attached to this post.
 #5642  by korczyn
 Fri Mar 25, 2011 7:46 am
Meriadoc wrote: I have two Worm.Win32.Skipi.b in collection
a worm that sends instant-messages on behalf of a user logged into Skype
Thanks a lot! That's what I was searching for!
 #5663  by Blender
 Sat Mar 26, 2011 12:07 pm
Careful with those --

md5 : ED6BB008B67AF3BC5D388AB0C16F5DC1

My AV tags it as Virut (which is a file infector for those that don't know)
 #5664  by Meriadoc
 Sat Mar 26, 2011 1:38 pm
korczyn wrote:Thanks a lot! That's what I was searching for!
(Glad to help...)I'm not scouting for points but if we keep thanks in this thread to private message or Rep. point it will keep things nice and tidy :)
Blender wrote:Careful with those --

md5 : ED6BB008B67AF3BC5D388AB0C16F5DC1

My AV tags it as Virut (which is a file infector for those that don't know)
VT - http://www.virustotal.com/file-scan/rep ... 1301142839

Hi Blender welcome, concern duly noted but please see the rules on page 1.
1. This thread is only for requests and sharing. If you want to discuss specified malware...start new thread.
Mods. hope I never overstepped the mark :)