A forum for reverse engineering, OS internals and malware analysis 

Forum for analysis and discussion about malware.
 #7076  by EP_X0FF
 Tue Jul 05, 2011 2:07 am
user wrote:Looking virus virut.ce

MD5 : 4fcc92493c892529c4eb348ed735ed11
VT: http://www.virustotal.com/file-scan/rep ... 1301669819
There are plenty of Virut samples available on www.offensivecomputing.net

Maybe, instead of asking each time yet another malware, you will first check the place I mentioned above?
 #8646  by mohit4565
 Tue Sep 20, 2011 5:05 am
Malware Name: Virut Virus and its variants.
MD5 (If the particular sample is not available then others will also be accepted):
0CEBE50B6FB0BEF37C08234AA9C3DA7E
1CD1779CD5073E5669D4B4A834230055
3AFBCC6E6FBDA7C57D4E5EA99EB06883
1F0BD413449A1DD83ED655D948A1EE42
3C317C446B2623EAF7F0AB50FACB95FF
3AC1A1BAD2F5C9B88538D08ABE666398
0D96D35C20E6C2950517EF1CA8F09BBA
1A235133FBB370852DDBE03076A7BCF5
1A073017000AA4F7252688BF2CB8F6F5
About the malware:
(Links)
http://www.microsoft.com/security/porta ... 32%2fVirut
http://www.microsoft.com/security/porta ... 2fVirut.BF
http://www.microsoft.com/security/porta ... %2fVirut.E
http://www.microsoft.com/security/porta ... 2fVirut.AB
http://www.microsoft.com/security/porta ... %2fVirut.V
http://www.microsoft.com/security/porta ... 2fVirut.AP
http://www.microsoft.com/security/porta ... %2fVirut.X
http://www.microsoft.com/security/porta ... 2fVirut.BB
http://www.microsoft.com/security/porta ... 2fVirut.BM
http://www.microsoft.com/security/porta ... %2fVirut.B
http://www.microsoft.com/security/porta ... 2fVirut.AH
http://www.microsoft.com/security/porta ... %2fVirut.Y
http://www.microsoft.com/security/porta ... 2fVirut.BI
http://www.microsoft.com/security/porta ... rut.gen!AI
http://www.microsoft.com/security/porta ... %2fVirut.K
http://www.microsoft.com/security/porta ... irut.gen!J
http://www.microsoft.com/security/porta ... %2fVirut.A
http://www.microsoft.com/security/porta ... 2fVirut.AR
http://www.microsoft.com/security/porta ... 2fVirut.BH
http://www.microsoft.com/security/porta ... %2fVirut.L
http://www.microsoft.com/security/porta ... 2fVirut.BM
http://www.microsoft.com/security/porta ... 2fVirut.BN
http://www.microsoft.com/security/porta ... 2fVirut.AE
http://www.microsoft.com/security/porta ... 2fVirut.AC
http://www.microsoft.com/security/porta ... 2fVirut.BL
http://www.microsoft.com/security/porta ... %2fVirut.C
http://www.microsoft.com/security/porta ... %2fVirut.D
http://www.microsoft.com/security/porta ... %2fVirut.Q
http://www.microsoft.com/security/porta ... 2fVirut.AA
http://www.microsoft.com/security/porta ... irut.gen!M
(If other variants exist too, that will also be accepted)
Thanks in advance!
 #8661  by dcmorton
 Tue Sep 20, 2011 5:31 pm
mohit4565 wrote:Malware Name: Virut Virus and its variants.
MD5 (If the particular sample is not available then others will also be accepted):
0CEBE50B6FB0BEF37C08234AA9C3DA7E
1CD1779CD5073E5669D4B4A834230055
3AFBCC6E6FBDA7C57D4E5EA99EB06883
1F0BD413449A1DD83ED655D948A1EE42
3C317C446B2623EAF7F0AB50FACB95FF
3AC1A1BAD2F5C9B88538D08ABE666398
0D96D35C20E6C2950517EF1CA8F09BBA
1A235133FBB370852DDBE03076A7BCF5
1A073017000AA4F7252688BF2CB8F6F5
Samples in attach. Also check out http://www.offensivecomputing.net for more virut samples.
Attachments
Password: malware
(926.11 KiB) Downloaded 223 times
 #18697  by EP_X0FF
 Tue Mar 26, 2013 2:33 pm
More Virut if interested (found today while scanning some garbage looking for TDL's).

SHA256: 6118dcac6650b22a89fa06faf8430863230afdcf4a69024b671b3e94836814d6
SHA1: 7f9176bbcdcfb23b337fafe44015239ab3571bf4
MD5: 0fb45bee9cb29d58d7014be39fe2883b

Win32/Virut.AE

https://www.virustotal.com/en/file/6118 ... /analysis/


SHA256: 4d7a2ee955c844c5f514537123727a69f1aa229bf18f3dc282775cf297360637
SHA1: ebd0ec63c3c22c3d1a1e9a95189377cd9afc0a10
MD5: 06dccbcfd1cd49fe1b5142b25ceb2a8d

Win32/Virut.I

https://www.virustotal.com/en/file/4d7a ... 364308764/
Attachments
pass: malware
(28.89 KiB) Downloaded 104 times
pass: malware
(34.7 KiB) Downloaded 98 times
 #19301  by thisisu
 Thu May 16, 2013 9:31 pm
Hi,

Virut pulled from a customer laptop.

MD5: 018fb5184d3e0b5fa2024e5648ebfd67

https://www.virustotal.com/en/file/ba2f ... 368739544/
Code: Select all
HKU\Owner\...\Run: [Tok-Cirrhatus-1695] "C:\Users\Owner\AppData\Local\br4413on.exe" [117760 2012-05-22] ()
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Empty.pif ()
Attachments
pass: infected
(45.51 KiB) Downloaded 103 times