A forum for reverse engineering, OS internals and malware analysis 

Forum for analysis and discussion about malware.
 #17683  by p4r4n0id
 Sat Jan 12, 2013 9:20 am
Cassiel wrote:This is predicting trouble, any chances we can get an sample of what is being dropper/jar ?

EDIT:

Kafeine did full disclore, I have added his files here
JoeBox analysis for UTTER-OFFEND.exe (MD5: 237f8ffc0c24191c5bb7bd9099802ee4)

http://joe4security.blogspot.ch/2013/01 ... nical.html

p4r4n0id
 #17704  by Xylitol
 Sun Jan 13, 2013 8:08 pm
Silent jdb, cve 2013-0422 from Adwind Web Fake 1.4 (hackforums.net/showthread.php?tid=3128940)
https://www.virustotal.com/file/10f09d0 ... 358106689/ > 0/46
Code: Select all
https://rstforums.com/forum/63344-java-0day-cve-2013-0422-1-7u10.rst
also just saw this pdf 0day:
Code: Select all
https://damagelab.org/index.php?showtopic=23552&st=0
Attachments
infected
(793.63 KiB) Downloaded 115 times
 #18254  by secObs
 Mon Feb 18, 2013 10:59 pm
@EKwatcher has spotted Cool EK using CVE-2013-0431.

It drops reveton and isn't heavely obfuscated.

Detection 2/45
https://www.virustotal.com/en/file/c..d9c/analysis/

MD5: 97ad65a3458e4d8551e4bc0ff4a8f97c
SHA-1: 98c61c132a918766c7565a719274fdefab33f7ff
Attachments
pass: malware
(14.62 KiB) Downloaded 102 times
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7