WinNT/Gootkit (BkLoader based bootkit)

#22688 by iLnes
Tue Apr 15, 2014 12:47 pm

Link to DrWeb article: http://vms.drweb.com/virus/?i=3771317
Can't fild any MD5 or SHA1
Can't find new build.

Username

iLnes

Posts

1

Joined

Sun Feb 10, 2013 10:04 pm

Re: BackDoor.Gootkit.112

#22689 by Xylitol
Tue Apr 15, 2014 1:03 pm

Filled your request because that look interesting but for further requests have a look here: http://www.kernelmode.info/forum/viewto ... =20&t=1950

a_d_13 wrote: [*]Requests from users with zero posts, "thank-you" only posts, or requests-only posts not allowed. Make your effort for this place before asking anything.
--AD

VT:
https://www.virustotal.com/en/file/670b ... 397566854/ > 3/51
https://www.virustotal.com/en/file/be8f ... 397566915/ > 3/51
https://www.virustotal.com/en/file/d836 ... 397566916/ > 19/51
https://www.virustotal.com/en/file/3698 ... 397566854/ > 23/51

Attachments

BackDoor.Gootkit.112.7z

infected
(3.12 MiB) Downloaded 174 times

Registration Problems and FAQ - Rules For Malware Requests

Username

Xylitol

Rank

Global Moderator

Posts

1706

Joined

Sat Apr 10, 2010 5:54 pm

Location

Seireitei, Soul Society

Contact

Re: WinNT/Gootkit

#24824 by EP_X0FF
Sun Jan 04, 2015 4:37 am

Up.

Gootkit variant equiped with BkLoader bootkit (Cidox/Rovnix from Carberp source leak). Implements shim UAC bypass. Presumable previous version of next gen Win32/Xswkit

Ring0 - the source of inspiration

Username

EP_X0FF

Rank

Global Moderator

Posts

4947

Joined

Sun Mar 07, 2010 5:35 am

Location

Russian Federation

Contact