A forum for reverse engineering, OS internals and malware analysis 

Forum for analysis and discussion about malware.
 #4032  by EP_X0FF
 Thu Dec 16, 2010 8:11 pm
Thanks for sharing. Typical backdoor with tcp server inside. Bot packed with UPX 3.07 and crypted.

Autoruns through HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run as SmartIndex

Just a coupe of stirngs from this bot (there are a lot of them inside), some typos detected :)
Error!!! .\client.cpp
Failed to init client!
Autorun update write failed
Config loaded Ok. own_id=
, port =
Loaded bootstrap list:
[forwardingrequest]Failed to connect to job_server:
[forwardingrequest]Failed to invoke get to job_server:
[forwardingrequest]http_response_info* presnose not filled after success get.
HTTP Proxy routed success. [remote_client:
-->> remote_server:
], URI=
Internal Server Error
Failed to write autorun entry
Autorun entry writed success.
[requesting_parachute]Failed to resolve URL:
[requesting_parachute]Connecting to
[requesting_parachute]Failed to connect to server:
[requesting_parachute]Invoking to
[requesting_parachute]Failed to invoke to server:
[requesting_parachute] presnose not filled, server:
[requesting_parachute]boot_helper surprise, response code =
[requesting_parachute]Failed! wrong response code =
[requesting_parachute] Empty body in http response :(
 #16418  by nullptr
 Sun Nov 04, 2012 9:08 am
MD5: F22AF0C2BC0356FFBEA84D6034BFD4A9
SHA-1: C1D3CE13E0473CC333D8A484E3BD58E1AD953CA6
From Oct 31, 2012

dropper + unpacked attached
You do not have the required permissions to view the files attached to this post.
 #16889  by Win32:Virut
 Wed Nov 28, 2012 6:07 pm
I don't have this file, but I don't think this is Tepfer, probably System Progressive Protection but I'm not sure. I have file B59C79DCEA3404E86161C01593A1F358. This is also detected by Kaspersky as Tepfer but also probably SPP.


One more attached.
You do not have the required permissions to view the files attached to this post.
Last edited by Win32:Virut on Wed Nov 28, 2012 6:15 pm, edited 1 time in total.
  • 1
  • 2
  • 3
  • 4
  • 5
  • 10