A forum for reverse engineering, OS internals and malware analysis 

Forum for analysis and discussion about malware.
 #28341  by patriq
 Mon Apr 18, 2016 6:09 pm
64bit loader .dll (detection ratio 5/56)
https://virustotal.com/en/file/9ca837ca ... /analysis/

looks like some hybrid cryptowall/teslacrypt based only on ransom notes and payment C&C. Don't have a 64bit vm setup at the moment.
de_crypt.jpeg
.png not allowed, converted to jpeg
de_crypt.jpeg (116.17 KiB) Viewed 1193 times


Attached.
Attachments
(1.54 MiB) Downloaded 211 times
 #28892  by g00dv1n
 Fri Jul 15, 2016 7:14 am
xors wrote:
g00dv1n wrote:New sample
In the attachment
Could you describe your strategy for unpack it ?

I looked the sample in Olly but i found only trash jumps and ReleaseMutex functions.

Thanks.