A forum for reverse engineering, OS internals and malware analysis
Cerberus Cerberus Blackshades Blackshades Blackshades [RAT] Cerberus [RAT] IRC TsGH "TsGH" IRCbot PRIVMSG IRCbot PONG|### CyberGate pong|### CyberGate pong|Mark CyberGate pong|cmd.exe### [Botkiller] Killing Process "%s", Type: "%s" [Botkiller] All Bots Have Been Removed! explorer.exe EXPLORER.EXE winlogon.exe csrss.exe WINLOGON.EXE services.exe SERVICES.EXE [Botkiller] Scanning The Registry! Please Wait... open %AppData% %s\%s%i%i.exe %s Downloading File From: %s, To: %s %s File Successfully Downloaded To: %s %s Failed To Download File Reason: Insufficient Memory %s Failed To Download File Reason: Unknown %s Failed To Download File Reason: Unknown %s Successfully Executed: %s %s Failed To Execute File via Create Process Reason: Unknown %AppData% %s\%s%i%i.exe %s Downloading File From: %s, To: %s %s File Successfully Downloaded To: %s %s Failed To Download File Reason: Insufficient Memory %s Failed To Download File Reason: Unknown %s Failed To Download File Reason: Unknown %s Successfully Executed: %s %s Failed To Execute File via Create Process Reason: Unknown %appdata%\lsass.exe Re: Forgot to send you this.. It's just horrible. A 12 year old was nearly stung to death. BeeSwarm.exe Identities Default User ID \Software\Microsoft\Outlook Express\5.0\Mail Warn on Mapi Send MAPI32.DLL MAPILogon MAPIFindNext MAPIReadMail MAPISendMail MAPILogoff *.html <iframe src="%s" width="0" height="0" frameborder="0"></iframe> wb %s\%s SOFTWARE\Microsoft\Windows\CurrentVersion\Run SOFTWARE\Microsoft\Windows\CurrentVersion\Run %s:*:Enabled:%s SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List %s\%s Software\Microsoft\Windows\CurrentVersion\Run\ SOFTWARE\Microsoft\Windows\CurrentVersion\Run SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\Listedit:
%i ganja%s.exe open %s Updating to: %s %s Execution Failed! %s Dowload Failed! Botkiller: Already running open %s Has Been Visited! 04[P2P Spread]: 09Injecting into P2P Shared Folders... Message being sent to Facebook Contacts! 04[Email Spread]: 09Email Sent to Victims! 04[LAN Spread]: 09Spreading via Local Area Network... 04[HTML Infector]: 09Html Files Infected! 04[Torrent Seeder]: Seeding Torrent! MSNHiddenWindowClass Windows Live Messenger 04[MSN Spreader]: Sent to %i Contacts. #%s #%s %i Ganja%s.exe open [Download]: Executed Successfully [UDP]: Flooding %s, On Port: %d, With Delay of: %d(ms), For: %d(s) 04[Slowloris]: 01Starting Flood On %s, On The Fucking Port: %d, For Fucking: %d seconds [SSYN]: Flooding %s:%s for %s seconds. 332 001 433 332 %s .torrent %temp% \torr %i .torrent open Seeding Torrent.. 200
#Mike #Mike Mike ! 11..:: Ganja IRC Bot v3.0 By PhobiiA ::.. JffDKDF62432DJASDmmJSDMSDL %appdata% reader.exe Windows Update System DataBlock.exe silent join part dl remove update clean visit speedtest ssyn msn unsort sort udp ver torrent email p2p fb lan html slow NICK JOIN PART QUIT PASS PING PONG USER PRIVMSG [Download]: [Main]: [Update]: gnjabot.dyndns.info SOFTWARE\Microsoft\Windows\CurrentVersion\Run\DriverUpdate SOFTWARE\Microsoft\Windows\CurrentVersion\Run\DriverManager http://lab005.comule.com/do/15082010/test5 [Speedtest]: %d kB/s Windows Security Alert BitDefender Firewall Alert CreateProcessA KERNEL32.dll Error An error has occured: One or more of the update processes returned error code 61658. %s%d 2K XP 2K3 VIS 2K8 WN7 2K8 ERR ERR n[%s-%s]%s [%s-%s]%s %d.%d.%d.%d %s %TEMP% 2 \google_cache%s.tmp wb website=1 4844848438385FFFJFJF \DFG-2352-26235-2322322-624621221-2622255 \Desktop.ini [.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E} usbBlock.exe [autorun]
open=
icon=%SystemRoot%\system32\SHELL32.dll,9
action=Open folder to view files
shell\open\command=
shell\open\default=1 \autorun.inf [USB] 11Infected Drive %s [USB]
