A forum for reverse engineering, OS internals and malware analysis 

Flamer worm

Forum for analysis and discussion about malware.

Re: Flamer worm

 #13905  by rkhunter
 Mon Jun 11, 2012 5:27 pm
360Tencent wrote:http://www.securelist.com/en/blog/20819 ... ssing_link
Stuxnet dropper [that contains Flamer component in resource]

Orig [crypted/packed]:

MD5: 2fb979eb3e8d8b1571cdd0df33427969
SHA1: 46104bf26300a5fb7a4f799d80e141b95465d0cc
File size: 611840 bytes

Decrypted/unpacked [with resource section]:

MD5: 2f4e30a497ae6183aabfe8ba23068c1b
SHA1: 1df6ae2a5594ab29a6e60b6d9296128b1f9fd980
File size: 1603072 bytes

Both in attach.
Attachments
pass:infected
(590.02 KiB) Downloaded 122 times
pass:infected
(780.77 KiB) Downloaded 117 times

Re: Flamer worm

 #13917  by rkhunter
 Tue Jun 12, 2012 8:30 am
rkhunter wrote:
360Tencent wrote:http://www.securelist.com/en/blog/20819 ... ssing_link
Stuxnet dropper [that contains Flamer component in resource]

Orig [crypted/packed]:

MD5: 2fb979eb3e8d8b1571cdd0df33427969
SHA1: 46104bf26300a5fb7a4f799d80e141b95465d0cc
File size: 611840 bytes

Decrypted/unpacked [with resource section]:

MD5: 2f4e30a497ae6183aabfe8ba23068c1b
SHA1: 1df6ae2a5594ab29a6e60b6d9296128b1f9fd980
File size: 1603072 bytes

Both in attach.
Symantec describes similar dropper and it decrypted version at white paper http://www.symantec.com/content/en/us/e ... ossier.pdf

Image
Image

Re: Flamer worm

 #14027  by EP_X0FF
 Sat Jun 16, 2012 2:42 pm
kmd wrote:Alex Gostev from KL has accused security community in dullness.
He is right. I would say even rougher.

Re: Flamer worm

 #14029  by rkhunter
 Sat Jun 16, 2012 5:44 pm
EP_X0FF wrote:He is right.
:? Right in what?...
Some large incidents in out of view of researchers, there are exclusive collaboration of large companies, that we are saw in case of Flame. Moreover they keep info about threat for organize larger PR-company. Any arguments in their defense?
  • 1
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
 Return to “Malware”