Malware/MSIL-BA - Page 3 - KernelMode.info

Re: Malware/MSIL-BA

#4811 by markusg
Sat Jan 29, 2011 4:03 pm

Windows 7 ultimate+Keygen.exe
http://www.virustotal.com/file-scan/rep ... 1296305901
Nero9Keymaker.exe
http://www.virustotal.com/file-scan/rep ... 1296306971
Microsoft Windows 7 Ultimate Validator + Activation.exe
http://www.virustotal.com/file-scan/rep ... 1296307304
keygen.exe
http://www.virustotal.com/file-scan/rep ... 1296313498
Office2010Crack.exe
http://www.virustotal.com/file-scan/rep ... 1296315979

Attachments

1.rar

(3.12 MiB) Downloaded 45 times

Username

markusg

Posts

737

Joined

Mon Mar 15, 2010 2:53 pm

Re: Malware/MSIL-BA

#4822 by EP_X0FF
Sun Jan 30, 2011 8:09 am

Microsoft Windows 7 Ultimate Validator + Activation.exe
http://www.virustotal.com/file-scan/rep ... 1296307304

Activator joined with CyberGate v1.04.0 RAT.

Windows 7 ultimate+Keygen.exe
http://www.virustotal.com/file-scan/rep ... 1296305901

Another spy rat.

CCleaner.exe

https://www.virustotal.com/file-scan/re ... 1296308973

Same as above, spy rat (Trojan Inject + PWS).

Nero9Keymaker.exe
http://www.virustotal.com/file-scan/rep ... 1296306971

PWS Spatet

Office2010Crack.exe
http://www.virustotal.com/file-scan/rep ... 1296315979

PWS Spatet

keygen.exe
http://www.virustotal.com/file-scan/rep ... 1296313498

Joined with Backdoor Blackshades NET.

Music from last one attached

Attachments

104.rar

(8.04 KiB) Downloaded 42 times

Ring0 - the source of inspiration

Username

EP_X0FF

Rank

Global Moderator

Posts

4947

Joined

Sun Mar 07, 2010 5:35 am

Location

Russian Federation

Contact

Re: Malware/MSIL-BA

#5224 by markusg
Mon Feb 28, 2011 5:56 pm

http://virusscan.jotti.org/de/scanresul ... f6fa47fe22

Attachments

Zone Alarm Keygen.rar

(268.18 KiB) Downloaded 39 times

Username

markusg

Posts

737

Joined

Mon Mar 15, 2010 2:53 pm

Re: Malware/MSIL-BA

#5235 by EP_X0FF
Tue Mar 01, 2011 4:02 am

markusg wrote:http://virusscan.jotti.org/de/scanresul ... f6fa47fe22

Dotnet encrypted container. Dropped executables crashed here on start probably due to decryption failure (not valid PE image).

Ring0 - the source of inspiration

Username

EP_X0FF

Rank

Global Moderator

Posts

4947

Joined

Sun Mar 07, 2010 5:35 am

Location

Russian Federation

Contact

Re: Malware/MSIL-BA

#5259 by markusg
Tue Mar 01, 2011 7:48 pm

http://www.virustotal.com/file-scan/rep ... 1299008527

Attachments

28-Feb-11-7948ed0691d0a81-scvhost.rar

(25.73 KiB) Downloaded 40 times

Username

markusg

Posts

737

Joined

Mon Mar 15, 2010 2:53 pm

Re: Malware/MSIL-BA

#5260 by markusg
Tue Mar 01, 2011 7:56 pm

hSwitch.exe
http://www.virustotal.com/file-scan/rep ... 1299009072

Attachments

hSwitch.rar

(752.42 KiB) Downloaded 43 times

Username

markusg

Posts

737

Joined

Mon Mar 15, 2010 2:53 pm

Re: Malware/MSIL-BA

#5265 by markusg
Wed Mar 02, 2011 11:57 am

WINDEF~1.EXE
http://www.virustotal.com/file-scan/rep ... 1299066603

Attachments

WINDEF~1.rar

(167.45 KiB) Downloaded 45 times

Username

markusg

Posts

737

Joined

Mon Mar 15, 2010 2:53 pm

Re: Malware/MSIL-BA

#5277 by EP_X0FF
Thu Mar 03, 2011 5:36 am

markusg wrote:http://www.virustotal.com/file-scan/rep ... 1299008527

Trojan Info Stealer.

markusg wrote:hSwitch.exe
http://www.virustotal.com/file-scan/rep ... 1299009072

Dotnet container with harmless hSwitch application and trojan - primitive Delphi coded keylogger (captured data stored in text file dclogs.sys) running from IEXPLORE address space.

Autoruns through
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

as x:\documents and settings\user\application data\nvidia\svchost.exe

markusg wrote:WINDEF~1.EXE
http://www.virustotal.com/file-scan/rep ... 1299066603

Blackshades.NET

Ring0 - the source of inspiration

Username

EP_X0FF

Rank

Global Moderator

Posts

4947

Joined

Sun Mar 07, 2010 5:35 am

Location

Russian Federation

Contact

Re: Malware/MSIL-BA

#5314 by markusg
Fri Mar 04, 2011 4:11 pm

Setup.exe

http://www.virustotal.com/file-scan/rep ... 1299253820

Attachments

Setup.rar

(86.5 KiB) Downloaded 33 times

Username

markusg

Posts

737

Joined

Mon Mar 15, 2010 2:53 pm

Re: Malware/MSIL-BA

#5328 by markusg
Sat Mar 05, 2011 3:14 pm

Adobe Acrobat pro keygen only by the crew.exe
http://www.virustotal.com/file-scan/rep ... 1299327702
Patcher.exe
http://www.virustotal.com/file-scan/rep ... 1299331856

Runescape Gold Changer.exe
http://www.virustotal.com/file-scan/rep ... 1299333303

Attachments

MalwareMSIL.rar

(1.18 MiB) Downloaded 34 times

Username

markusg

Posts

737

Joined

Mon Mar 15, 2010 2:53 pm