Backdoor Blackshades NET - Page 3

Re: W32/Zbot

#5384 by markusg
Wed Mar 09, 2011 4:13 pm

winlogon_72.exe
http://www.virustotal.com/file-scan/rep ... 1299686606

Winlogon.exe
http://www.virustotal.com/file-scan/rep ... 1299686204
winlogon.exe
http://www.virustotal.com/file-scan/rep ... 1299686416

Attachments

MovedFiles.rar

(367 KiB) Downloaded 65 times

Username

markusg

Posts

737

Joined

Mon Mar 15, 2010 2:53 pm

Re: Malware/Not classified

#5432 by markusg
Fri Mar 11, 2011 3:23 pm

MS77E3~1.EXE
http://www.virustotal.com/file-scan/rep ... 1299856542

Attachments

MS77E3~1.rar

(134.44 KiB) Downloaded 57 times

Username

markusg

Posts

737

Joined

Mon Mar 15, 2010 2:53 pm

Re: Malware/VB (Autorunners, PWS)

#5448 by markusg
Sat Mar 12, 2011 2:11 pm

Patch.exe
http://www.virustotal.com/file-scan/rep ... 1299937869

Last edited by EP_X0FF on Sat Mar 12, 2011 3:45 pm, edited 1 time in total. Reason: removed attach

Username

markusg

Posts

737

Joined

Mon Mar 15, 2010 2:53 pm

Re: Malware/VB (Autorunners, PWS)

#5449 by EP_X0FF
Sat Mar 12, 2011 3:44 pm

markusg wrote:Patch.exe
http://www.virustotal.com/file-scan/rep ... 1299937869

Blackshades NET joined with Roboform7 patcher, according to forum rules attach has been removed.
Extracted bot attached, posts moved.

Attachments

SN5j6U1Gp.rar

pass: malware
(388.23 KiB) Downloaded 55 times

Ring0 - the source of inspiration

Username

EP_X0FF

Rank

Global Moderator

Posts

4947

Joined

Sun Mar 07, 2010 5:35 am

Location

Russian Federation

Contact

Re: Malware/Not classified

#5450 by markusg
Sat Mar 12, 2011 4:46 pm

pg_ctl1.exe
http://www.virustotal.com/file-scan/rep ... 1299947982

Attachments

pg_ctl1.rar

(134.4 KiB) Downloaded 52 times

Username

markusg

Posts

737

Joined

Mon Mar 15, 2010 2:53 pm

Re: Malware/Not classified

#5451 by nullptr
Sun Mar 13, 2011 4:21 am

markusg wrote:pg_ctl1.exe
http://www.virustotal.com/file-scan/rep ... 1299947982

This is Blackshades NET - C:\Users\Admin\Desktop\Blackshades project\Blackshades NET\server\server.vbp
Runs as %USERPROFILE%\Application Data\Msnupdate8799.exe

bss_server
usrReverseRelay
usrRelay
tmrLiveLogger
tmrIntervalUpdate
_extentx
_extenty
tmrGrabber
sckFormGrab
bss_server.usrRelay
tmrFocus
tmrAlarms
picThumb
picThumbSize
tmrDoWork
tmrPersistant
tmrWebHide
tmrInfoTO
sckInfo
bss_server.Socket
tmrAudio
sckServer
tmrCrazy
picWC
tmrAlive
tmrScreenshot
tmrDOS
tmrInaktivitet
picScreenshot
tmrSprid
tmrSpara
tmrAnslut
sckTransfer
modFuctions
modOS
modSpread
modAPI
modSS
modSocketMaster
CSocketMaster
socket
frmSck
usrRelay
modIInet
modICallBack
WinInetAsync
modPWs
modLaunchWeb
cCDECL
cFFPD
modRegistry
cSubCls
iSubCls
modSniff
modSqueezer
modAudio
frmHijack
modHijack
frmChat
modInfect
modTorrentSeed
modInjPE
modCrypt
cImage
modScreencap
mWinsock
modBtKiller
Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1) Gecko/20090612 Firefox/3.5
Software\Microsoft\Internet Explorer\IntelliForms\Storage2
{00020404-0000-0000-C000-000000000046}
tmrDoWork
tCE
AIJ
BtmrIntervalUpdate
tmrDOS
tmrInfoTO
tmrAlarms
tmrSprid
sckServer
picThumbSize
tmrInaktivitet
picThumb
tmrPersistant
picScreenshot
tmrScreenshot
tmrAlive
tmrLiveLogger
K6sckInfo
tmrAudio
tmrCrazy
tmrAnslut
tmrSpara
Form
tmrFocus
tmrWebHide
MTheBrowser
C_Mutex
Delay
iSubCls_Antes
iSubCls_Despues
GetBrowserName2
PATH_WINLOGON
TheBrowser_BeforeNavigate2
TheBrowser_OnQuit
BROWSER_FB_DocumentComplete
BROWSER_FB_OnQuit
FACEBOOK_START
+ lots more