A forum for reverse engineering, OS internals and malware analysis 

Forum for analysis and discussion about malware.
 #10510  by EP_X0FF
 Thu Dec 22, 2011 7:26 am
sugar wrote:hello, i'm looking for acdd4c2a377933d89139b5ee6eefc464
This is Cridex.
You do not have the required permissions to view the files attached to this post.
 #10758  by EP_X0FF
 Tue Jan 03, 2012 10:05 am
rkhunter wrote:Seems this is Cridex too, but it detected as not Cridex by all (ZBot, VirTool)...look VT link (probably this is muldrop)
Yes it is Cridex.B too (http://www.virustotal.com/file-scan/rep ... 1325584240)

VirTool:Win32/VBInject because of crypter that has VB origin, with CreateProcess(CREATE_SUSPENDED)/NtWriteVirtualMemory/NtSetContextThread/NtResumeThread.
 #11024  by rkhunter
 Sat Jan 14, 2012 4:45 am
Observed as BH payload

MD5: e3fa551432bb0ac6fdcbb992e3332cd3

9/43

Drops to %appdata%\KB00725031.exe
You do not have the required permissions to view the files attached to this post.
 #11161  by rkhunter
 Fri Jan 20, 2012 2:14 pm
Cridex.B

MD5: 98d4503ad44ade815830019ce44caad2
23/43
You do not have the required permissions to view the files attached to this post.
 #11180  by rkhunter
 Sat Jan 21, 2012 5:27 am
MD5: 29ff4c6c301a412d0b6ce8f1b44a4983
5/43
You do not have the required permissions to view the files attached to this post.
 #11181  by rkhunter
 Sat Jan 21, 2012 5:30 am
MD5: 1fa2fe2e25ddb2365ac942be5e734681
8/43
You do not have the required permissions to view the files attached to this post.
  • 1
  • 2
  • 3
  • 4
  • 5
  • 15