eBlaster Spy Software

#2122 by ConanTheLibrarian
Fri Aug 20, 2010 3:33 pm

Routine RK, nothing to get excited about:

Can anyone identify this a little better than Virustotal? The driver was preventing copying of itself and a dll file (attached) while the driver was enabled. Simple disable took it to its knees however, so I could scan it.

vbasepnp.sys
http://www.virustotal.com/file-scan/rep ... 1282317044

w32ewbit.dll
http://www.virustotal.com/file-scan/rep ... 1282317131

Thanks in advance.

Attachments

malware.zip

pass: malware
(585.68 KiB) Downloaded 63 times

Last edited by ConanTheLibrarian on Sat Aug 21, 2010 2:00 pm, edited 1 time in total.

Username

ConanTheLibrarian

Posts

56

Joined

Mon Mar 15, 2010 1:12 am

Location

USA

Contact

Re: Unknown RK coupled with Eldorado/Spector virus

#2124 by EP_X0FF
Fri Aug 20, 2010 4:30 pm

from driver

x:\code-6z\specto~1\driver\objsp\i386\drvspector.pdb

C:\windows\system32\autofpnp.dll

could be kernel mode APC dll injector (imports contains all required routines).

dll contains a lot of stuff related to emails. SPECTORSOFT found. hxxp://www.spectorsoft.com/?

very likely http://en.wikipedia.org/wiki/SpectorSoft

from dll

Application not recording, skipping initialization

Ring0 - the source of inspiration

Username

EP_X0FF

Rank

Global Moderator

Posts

4947

Joined

Sun Mar 07, 2010 5:35 am

Location

Russian Federation

Contact

Re: Eldorado/Spector virus

#2166 by ConanTheLibrarian
Sat Aug 21, 2010 2:01 pm

Very interesting, thank you for that peek. I especially am interested in the malware uses on that wiki page. ;)

Username

ConanTheLibrarian

Posts

56

Joined

Mon Mar 15, 2010 1:12 am

Location

USA

Contact