A forum for reverse engineering, OS internals and malware analysis 

Forum for analysis and discussion about malware.
 #27388  by sysopfb
 Thu Dec 10, 2015 4:52 pm
Sample and config attached
You do not have the required permissions to view the files attached to this post.
 #27395  by p1nk
 Fri Dec 11, 2015 3:42 am
Anyone reversed the packing that it's using (working on reinstalling my analysis vm). It doesn't look terribly complex and the encoded data likely starts in the data section at 0x0041E023
 #28092  by sysopfb
 Tue Mar 22, 2016 6:41 pm
Releasing a paper I wrote last year on this.
You do not have the required permissions to view the files attached to this post.
 #32389  by EP_X0FF
 Mon Jan 07, 2019 2:02 pm
maddog4012 wrote: Thu Jun 15, 2017 4:07 pm
ikolor wrote:thanks .

https://www.virustotal.com/en/file/dcc8 ... 497533985/
file dropped by js file
It is CoreBot. In attach extracted. Posts moved.
You do not have the required permissions to view the files attached to this post.