[MountFranklin]

Thanks thisisu for leading me to this post.

Also thanks to Kafeine for the dll samples.

Would greatly appreciate if anyone can share for a "working" dropper file or an active dropper site, I would be very interested to let one of my dedicated sandbox to be infected and analyse its behaviour.

Thank you very much in advance.

Regards,
Frank

[Horgh]

Sinowal dropper + a dump (ugly one, but it works) + dll dropped.
Downloaded by a zbot sample.

Sinowal.7z

pwd : infected
(194.49 KiB) Downloaded 127 times

[Blaze]

Dropped DLL.

https://www.virustotal.com/nl/file/748c ... /analysis/

[Kafeine]

641 items of past 2 weeks. (tried to attach here in 9 split Zip but got rejected from 00x wrong attachement so i gave up)

http://goo.gl/KXAxL (owncloud )

[kloent]

Extracted Sinowal modules: iecl, ffcl, crcl, snif, mg + chrome extension + dropped exe (solid.bin)

[Kafeine]

18 fresh items.