[EP_X0FF]

Symantec Win32.Unruy!gen1
A-squared Trojan-Clicker.Win32.Cycler.ajsx!A2
AVG Trojan horse Downloader.Generic9.CAXD or trojan horse clicker.AJRO
Avast Win32:Cycler-l[trj] or Win32:Cycler-G [Trj]
Malwarebytes Trojan.cycler
ESET a variant of Win32/TrojanDownloader.Unruy.BV trojan
Kaspersky Trojan-Clicker.win32.cycler.ajtp or Win32:Cycler-F [Trj]
SAS Trojan.Agent/Gen-Blarsa

Got something for you :) See attach, no analysis was done.

http://www.virustotal.com/analisis/cd9a ... 1278164650

[Quads]

Thanks

Files and copy of the MBR before fixing attached

Quads

[R136a1]

Hey there,

the development of Whistler Bootkit hasn't stopped as I thought.

Here we have a blogpost claiming that they found a new Whistler varaint ITW (November 2011):
http://labs.bitdefender.com/?post_type=post&p=807

Unfortunately they don't want to provide a sample (I asked) or a hash of the aforementioned variant.

Has anybody a sample of this new Whistler? Driver? Dropper?

[B-boy/StyLe/]

I only have two MBR bin files:

https://www.virustotal.com/file/70e8c97 ... 329092224/

https://www.virustotal.com/file/b61ffbe ... 329092011/

Pass: infected

Regards,
G.

[R136a1]

I was aware of this MBRs uploaded to virustotal, unfortunately doesn't help me very much.

Anyway thanks for uploading here!

[R136a1]

Dropper
MD5: 4b9ef6ed40836450035cad1c45b8beb6

Does someone have access to Virustotal?

[rkhunter]

Dropper
MD5: 4b9ef6ed40836450035cad1c45b8beb6

Does someone have access to Virustotal?

To VT it was uploaded more than one year ago https://www.virustotal.com/file/56148d2 ... /analysis/