[RomaNNN]

Mouse doesn't work with this malware...

Mouse doesn't work with this malware and installed Kaspersky AV \ Avast.

http://innetro.ru/tests/av_cure_test_necurs

[TwinHeadedEagle]

There is no AV installed...

[rough_spear]

Hi All,

Necurs revisited.

Driver component.

VT link - https://www.virustotal.com/en/file/978d ... /analysis/ (1 / 45)

Dropper EXE

VT link - https://www.virustotal.com/en/file/5dfd ... /analysis/ (11 / 46)

Very low detection.

Regards,

rough_spear. ;)

[m4lware]

Hi all,
I just just started analyzing Necurs. if anyone able to find new sample with active CnC please share. and one more question recently seen samples of Necurs were same as old or was there any modified version present?

[rkhunter]

http://normanshark.com/news-events/blog ... ensorable/

[m4lware]

http://normanshark.com/blog/necurs-cc-part-2-2/

[Cody Johnston]

http://normanshark.com/news-events/blog ... ensorable/

Link has been updated to the following:

http://normanshark.com/blog/necurs-cc-d ... ensorable/

[DeW]

:arrow: It doesn't allow some processes to run even not included in 2 blacklists...In other words if the program launches any kernel-mode components that does not exists in the whitelist of the malware it wouldn't allow them to launch. If your program wants to load a kernel-mode image that wasn't exist in "REGISTRY\MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES", "SystemRoot\System32 " or "SystemRoot\System32\Drivers" during system BOOT, in order to add to the whitelist, its kernel-mode modules execution will be banned by writing failure code in their entries.

[sevatar]

a newer sample of the driver, dropped 3/4

https://www.virustotal.com/en/file/67d6 ... 394417660/

[Cody Johnston]

This one drops Necurs along with some other goodies that Necurs seems to protect.

MD5 6cecb76e84f5043f12b83578d58dc69a

https://www.virustotal.com/en/file/8383 ... 393529536/