New parameter. 'makefile'
Attachments
password:infected
(230.6 KiB) Downloaded 73 times
(230.6 KiB) Downloaded 73 times
@xorsthingsv2
A forum for reverse engineering, OS internals and malware analysis
One more, 'woody' as parameter
Attachments
password:infected
(193.6 KiB) Downloaded 81 times
(193.6 KiB) Downloaded 81 times
@xorsthingsv2
0001 as parameter
Attachments
password:infected
(193.59 KiB) Downloaded 76 times
(193.59 KiB) Downloaded 76 times
@xorsthingsv2
Using 'boobs' as parameter
Attachments
password:infected
(190.18 KiB) Downloaded 69 times
(190.18 KiB) Downloaded 69 times
@xorsthingsv2
Using 'testtest' as parameter.
Attachments
password:infected
(204.97 KiB) Downloaded 75 times
(204.97 KiB) Downloaded 75 times
@xorsthingsv2
Recent locky. with 'app' as parameter.
Attachments
password:infected
(197.13 KiB) Downloaded 74 times
(197.13 KiB) Downloaded 74 times
@xorsthingsv2
Droppers, that require numeric key for parameter are no longer used?
Used 'nipples' as parameter.
Attachments
password:infected
(208.9 KiB) Downloaded 82 times
(208.9 KiB) Downloaded 82 times
@xorsthingsv2
Can i run it with this command:
rundll32.exe 'DllName' 'ParameterName'
?
rundll32.exe 'DllName' 'ParameterName'
?
There's a new one in the wild.
I think this is it: https://www.virustotal.com/en/file/4b9a ... 479986832/
Some send it as .hta file, in facebook messenger looks like a picture. People think is an image so they double click it.
I think this is it: https://www.virustotal.com/en/file/4b9a ... 479986832/
Some send it as .hta file, in facebook messenger looks like a picture. People think is an image so they double click it.