Necurs - another x64 rootkit - Page 6

Re: Win32/Zeus (alias Zbot)

#22530 by Aleksandra
Mon Mar 24, 2014 2:42 am

Necurs x64 driver: https://www.virustotal.com/ru/file/aa6a ... 395612964/

Username

Aleksandra

Posts

79

Joined

Sun Jun 05, 2011 9:34 pm

Re: Necurs - another x64 rootkit

#22883 by Xylitol
Fri May 16, 2014 3:13 pm

exe: https://www.virustotal.com/en/file/6819 ... 400251423/ > 5/53
x64 sys: https://www.virustotal.com/en/file/b47a ... 400253021/ > 9/52

Attachments

Trojan.Win32.Necurs.gen!A.zip

infected
(113.58 KiB) Downloaded 115 times

Registration Problems and FAQ - Rules For Malware Requests

Username

Xylitol

Rank

Global Moderator

Posts

1706

Joined

Sat Apr 10, 2010 5:54 pm

Location

Seireitei, Soul Society

Contact

Re: Necurs - another x64 rootkit

#22884 by Win32:Virut
Fri May 16, 2014 8:04 pm

3 drivers

Attachments

Necurs.zip

(125.41 KiB) Downloaded 107 times

Username

Win32:Virut

Posts

324

Joined

Sat Jun 02, 2012 2:22 pm

Re: Necurs - another x64 rootkit

#22973 by hx1997
Sun May 25, 2014 2:07 pm

http://pferrie.host22.com/papers/necurs1.pdf

Username

hx1997

Posts

101

Joined

Sat Apr 07, 2012 12:16 am

Re: Necurs - another x64 rootkit

#22978 by Blaze
Mon May 26, 2014 11:24 am

Droppers + driver attached.

Exe:
a5923e1efd90be7542c779184f4a7843
f681b38447a16e4d6c9ae4837bfb407b

Sys:
fb7a765c02c06123958c20512c1b8e6a

Attachments

Necurs.zip

(571 KiB) Downloaded 122 times

Username

Blaze

Posts

198

Joined

Fri Aug 27, 2010 7:35 am

Contact

Re: Necurs - another x64 rootkit

#23027 by thisisu
Tue Jun 03, 2014 5:50 am

Credits to Malekal_morte for providing dropper on his website.

.sys + .exe/dropper attached

syshost.exe -- dabea808bb91f02e158cdbcbf3e8a790 -- https://www.virustotal.com/en/file/2b64 ... 401773988/
79051d41d365f350.sys -- ca82853fd71df06831edf7ffede4b1d5 -- https://www.virustotal.com/en/file/b94e ... 401773274/

Attachments

occurs after reboot
necursgen.png (143.47 KiB) Viewed 759 times

Rootkit.Win32.Necurs.gen.zip

pass: infected
(109.07 KiB) Downloaded 132 times

Username

thisisu

Posts

362

Joined

Sun Feb 26, 2012 8:57 am

Contact

Re: Necurs - another x64 rootkit

#23074 by forty-six
Mon Jun 09, 2014 7:12 pm

More Necurs:

Code: Select all

bcdedit.exe -set TESTSIGNING ON
%s\drivers\%s.sys
runas
ComSpec
\\.\NtSecureSys

Attachments

Unpacked_file.7z

(29.73 KiB) Downloaded 105 times

Username

forty-six

Posts

66

Joined

Tue Sep 03, 2013 3:23 pm

Re: Necurs - another x64 rootkit

#23129 by rkhunter
Tue Jun 17, 2014 8:09 am

MSRT + Necurs :)

http://blogs.technet.com/b/mmpc/archive ... ecurs.aspx

Username

rkhunter

Posts

1156

Joined

Mon Mar 15, 2010 12:51 pm

Location

Russian Federation

Contact

Need little help :)

#23464 by achn30
Tue Jul 29, 2014 10:18 pm

I have some thing here: virustotal.com/en/file/c8b6ae219c944f4a6362b22dad1a3cf25a31ca2dbe5ec96d645c031ad7332bf0/analysis/1406668147/
but actually i stuck in unpacking ... lot of anti-debugging tricks ://

Username

achn30

Posts

2

Joined

Sat Jun 21, 2014 2:44 pm

Re: Need little help :)

#23467 by EP_X0FF
Wed Jul 30, 2014 4:07 am

It is Necurs downloader.

Ring0 - the source of inspiration

Username

EP_X0FF

Rank

Global Moderator

Posts

4947

Joined

Sun Mar 07, 2010 5:35 am

Location

Russian Federation

Contact