A forum for reverse engineering, OS internals and malware analysis 

Forum for analysis and discussion about malware.
 #3973  by EP_X0FF
 Mon Dec 13, 2010 3:42 am
By using partition recovery tool or entering valid password obviously.
 #4019  by EP_X0FF
 Wed Dec 15, 2010 5:38 pm
Allow it in UAC - and enjoy reboot :)
Last edited by EP_X0FF on Wed Dec 15, 2010 6:02 pm, edited 1 time in total. Reason: edit: tested stuff in Seven
 #4024  by EP_X0FF
 Thu Dec 16, 2010 4:21 am
Use normal VM.
 #5983  by Xylitol
 Tue Apr 19, 2011 1:08 am
Image

http://www.virustotal.com/file-scan/rep ... 1303174170
Code: Select all
hXXp://212.95.54.70/admin2/index.php
hXXp://212.95.54.70/locker/z.php?codeFromBootkit=
Attachments
See archive comment for password
(194.45 KiB) Downloaded 120 times
See archive comment for password
(16.83 KiB) Downloaded 98 times
See archive comment for password
(42.66 KiB) Downloaded 114 times
 #7060  by EP_X0FF
 Mon Jul 04, 2011 1:38 pm
MBRlock

Unblock code: 4011894

Image

MBR, dropper, unpacked dropper in attach.

I'm wondering now, how these script-kiddies managed to write their own mbr code while everything else in all lockers are piece of sh*t coding example (however this does not mean that this mbr code is perfect of course).

Source hxxp://urukxxx.ru/xxxvideo.avi.exe (already down)

found alternative
hxxp://ulumbekogli.ru/xxxvideo.avi.exe
Attachments
pass: malware
(28.08 KiB) Downloaded 127 times
  • 1
  • 2
  • 3
  • 4
  • 5
  • 10