A forum for reverse engineering, OS internals and malware analysis 

Forum for completed malware requests.
 #12221  by Xylitol
 Mon Mar 19, 2012 1:15 pm
Maxstar wrote:Hi,

I'am look for the following trojan.ransom sample(s).

Filename: flint4ytw.exe
MD5: 0x21E582CC765DE5BB58191200E9F54E77
MD5: 0x81F37A4C738C77E764CD707EC197AB73
MD5: 0xB09E7D4723FEB64E1967B0B21E7848F9
MD5: 21e582cc765de5bb58191200e9f54e77 https://www.virustotal.com/file/3d19b03 ... /analysis/

Regards,

Maxstar
Attachments
infected
(1.07 MiB) Downloaded 56 times
 #12288  by prim
 Fri Mar 23, 2012 12:32 pm
Hello, somebody can help with search this files?

MD5: e7f308509217a1d13278854415e476a2
MD5: 5e8da2748af96cd1e3e6fd2cf2f3cf10
 #12289  by Xylitol
 Fri Mar 23, 2012 1:11 pm
hnpl2011 wrote:
Flopik wrote:Trojan-Spy.Win32.Lurk.ja

Mentioned in :
http://www.theregister.co.uk/2012/03/18 ... are_found/

Java exploit infection , maybe a website ?
MD5: 6e5766d37b088cb5ba59b8d13eeb39cc
SHA256: 7a300fff5a51a8f8a6e85d92cf55d16f0379b3c44bde2fd1f90863394c2cfe43
https://www.virustotal.com/file/7a300ff ... /analysis/
infected
(56.14 KiB) Downloaded 47 times
prim wrote:Hello, somebody can help with search this files?

MD5: e7f308509217a1d13278854415e476a2
MD5: 5e8da2748af96cd1e3e6fd2cf2f3cf10
infected
(41.48 KiB) Downloaded 40 times
 #12513  by alankar
 Wed Apr 04, 2012 1:13 pm
Greetings,

Looking for a backdoor infection sample files with the following details

File name : - 5606.sys
Md5 hash :- DD27C9D3B8EBB193E103AC1B1AA35BFB
Virustotal Link:- https://www.virustotal.com/file/7e0a2c6 ... /analysis/

File name : - 5606.sys
Md5 hash :- 288AF53D533A0727842878B96137D1B2
Virustotal Link:- https://www.virustotal.com/file/cdecee4 ... /analysis/

Thanks and regards,
Alankar Reddy
 #12592  by Xylitol
 Tue Apr 10, 2012 8:42 am
alankar wrote:Greetings,

Looking for a backdoor infection sample files with the following details

File name : - 5606.sys
Md5 hash :- DD27C9D3B8EBB193E103AC1B1AA35BFB
Virustotal Link:- https://www.virustotal.com/file/7e0a2c6 ... /analysis/

File name : - 5606.sys
Md5 hash :- 288AF53D533A0727842878B96137D1B2
Virustotal Link:- https://www.virustotal.com/file/cdecee4 ... /analysis/

Thanks and regards,
Alankar Reddy
Attachments
infected
(203.9 KiB) Downloaded 48 times
 #12754  by R136a1
 Tue Apr 17, 2012 9:55 am
Hi there,

I am searching the following samples:

MD5: d28924f702b252fa4a7e746fd5261d88
Report: http://xml.ssdsandbox.net/view/d28924f7 ... 6fd5261d88

MD5: 6da754d56131dda68ab0b43050afbb9e
Report: http://xml.ssdsandbox.net/view/6da754d5 ... 3050afbb9e

MD5: 12c225d039fd690283f911dc1cc782eb
Report: http://xml.ssdsandbox.net/view/12c225d0 ... dc1cc782eb
 #12761  by Xylitol
 Tue Apr 17, 2012 1:12 pm
R136a1 wrote:Hi there,

I am searching the following samples:

MD5: d28924f702b252fa4a7e746fd5261d88
Report: http://xml.ssdsandbox.net/view/d28924f7 ... 6fd5261d88

MD5: 6da754d56131dda68ab0b43050afbb9e
Report: http://xml.ssdsandbox.net/view/6da754d5 ... 3050afbb9e

MD5: 12c225d039fd690283f911dc1cc782eb
Report: http://xml.ssdsandbox.net/view/12c225d0 ... dc1cc782eb
Attachments
infected
(298.29 KiB) Downloaded 45 times
 #12845  by Buster_BSA
 Sat Apr 21, 2012 5:43 pm
hx1997 wrote:Maybe this one?
At least it does what the other user requested.
Report generated with Buster Sandbox Analyzer 1.59 at 19:39:17 on 21/04/2012

[ General information ]
* File name: c:\m\test\c1e5dae72a51a7b7219346c4a360d867.exe
* File length: 30720 bytes
* File type: EXE
* TLS hooks: NO
* File entropy: 7.55224 (94.4030%)
* Adobe Malware Classifier: Unknown
* Digital signature: Unsigned
* MD5 hash: c1e5dae72a51a7b7219346c4a360d867
* SHA1 hash: 628c7396db3ca6ca7b111102e4d24be9426c35d7
* SHA256 hash: 6ddbe1f43fcc4f13ec0d0d92b650a58a4dab4ed83cb549652b64633fda12d7b1

[ Changes to filesystem ]
* Deletes file C:\M\TEST\C1E5DAE72A51A7B7219346C4A360D867.EXE
* Creates file C:\Documents and Settings\Administrador\Menú Inicio\Programas\Inicio\dxdiag.exe
File length: 30720 bytes
File type: EXE
File entropy: 7.55224 (94.4030%)
Adobe Malware Classifier: Unknown
MD5 hash: c1e5dae72a51a7b7219346c4a360d867
SHA1 hash: 628c7396db3ca6ca7b111102e4d24be9426c35d7
SHA256 hash: 6ddbe1f43fcc4f13ec0d0d92b650a58a4dab4ed83cb549652b64633fda12d7b1

[ Changes to registry ]
* Deletes Registry key HKEY_LOCAL_MACHINE\software\Classes\clsid\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
* Modifies value "SavedLegacySettings=3C000000A70700000100000000000000000000000000000004000000000000004029829C4F33CB0101000000C0A800040000000000000000" in key HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
old value "SavedLegacySettings=3C000000A60700000100000000000000000000000000000004000000000000004029829C4F33CB0101000000C0A800040000000000000000"

[ Network services ]
* Looks for an Internet connection.
* Connects to "salex4.net" on port 80.
* Connects to "xasmen8.in" on port 80.
* Opens next URLs:
hxxp://salex4.net/fda3/task.php?bid=adf73fd1b07a0f1d&os=5-1-2600&uptime=0&rnd=351845156
hxxp://salex4.net/fda3/task.php?bid=adf73fd1b07a0f1d&os=5-1-2600&uptime=0&rnd=351868937
hxxp://salex4.net/fda3/task.php?bid=adf73fd1b07a0f1d&os=5-1-2600&uptime=0&rnd=351892328
hxxp://xasmen8.in/sex4/task.php?bid=adf73fd1b07a0f1d&os=5-1-2600&uptime=0&rnd=351895203

[ Process/window/string information ]
* Gets user name information.
* Gets volume information.
* Gets computer name.
* Creates process "(null),svchost.exe,(null)".
Last edited by a_d_13 on Sat Apr 21, 2012 6:15 pm, edited 1 time in total. Reason: Obfuscated links
  • 1
  • 6
  • 7
  • 8
  • 9
  • 10