A forum for reverse engineering, OS internals and malware analysis 

Trojan:Win32/Alureon.EC

Forum for completed malware requests.

Trojan:Win32/Alureon.EC

 #6859  by user
 Sat Jun 18, 2011 2:23 pm
Hello.I am looking for the latest variant of the Trojan Sinowal (not Trojan-PSW)

MD5 : cae05ce308501438afff56921ed13965
VT: http://www.virustotal.com/file-scan/rep ... 1304154956

and

Rootkit TDSS sample

MD5 : 6a013f3d94d9d4a92677aa0c7bbb428b
VT: http://www.virustotal.com/file-scan/rep ... 1294410439

Thanks.

Re: Malware Requests

 #6863  by Alex
 Sat Jun 18, 2011 9:34 pm
Fresh samples of TDSS aka TDL are available in dedicated topics - Rootkit TDL 4 (alias TDSS, Alureon.DX, Olmarik), Rootkit TDL 3 (alias TDSS, Alureon.TC, Olmarik). Sinowal aka Mebroot has been posted here the older and the fresher not so long ago ;) I don't think that newest variants (if any) have something more than these already posted...

Re: Malware Requests

 #6868  by Alex
 Sun Jun 19, 2011 2:38 pm
markusg wrote:the tdss he is searching for is out of 2010
Here it is.
Attachments
pass: infected source: offensivecomputing.net
(37.35 KiB) Downloaded 60 times

Re: Malware Requests

 #6869  by EP_X0FF
 Sun Jun 19, 2011 3:02 pm
@user

Not sure for what reason you need 6 months outdated Alureon downloader related to hermindol.com.
Rootkit TDSS sample
This is not rootkit. It is only using loader part from TDL3/4. Injection to the spooler (+Scheduler exploit) and downloading more content. Much more actual rootkit samples posted in threads that Alex suggested.
 Return to “Completed Malware Requests”