A forum for reverse engineering, OS internals and malware analysis 

Forum for analysis and discussion about malware.
 #6729  by EP_X0FF
 Wed Jun 08, 2011 5:03 pm
A little bit (just little - two years) too late. So this reader is just another attempt to do some PR on that rootkit.
 #6740  by EP_X0FF
 Thu Jun 09, 2011 3:47 pm
markusg wrote:dll.exe
http://www.virustotal.com/file-scan/rep ... 1307633271
[main]
version=0.03
aid=30041
sid=0
builddate=351
rnd=515967899
[inject]
*=cmd.dll
* (x64)=cmd64.dll
[cmd]
srv=hxxps://lo4undreyk.com/;hxxps://sh01cilewk.com/;hxxps://cap01tchaa.com/;hxxps://kur1k0nona.com/;hxxps://u101mnay2k.com/
wsrv=hxxp://gnarenyawr.com/;hxxp://rinderwayr.com/;hxxp://jukdoout0.com/;hxxp://swltcho0.com/;hxxp://ranmjyuke.com/
psrv=hxxp://crj71ki813ck.com/
version=0.175
the same as few previous.
Attachments
pass: malware
(78.55 KiB) Downloaded 92 times
 #6846  by EP_X0FF
 Fri Jun 17, 2011 2:32 am
Some fresh TDL4 for collection
[main]
version=0.03
aid=30198
sid=0
builddate=351
rnd=220523388
[inject]
*=cmd.dll
* (x64)=cmd64.dll
[cmd]
srv=hxxps://lo4undreyk.com/;hxxps://sh01cilewk.com/;hxxps://cap01tchaa.com/;hxxps://kur1k0nona.com/;hxxps://u101mnay2k.com/
wsrv=hxxp://gnarenyawr.com/;hxxp://rinderwayr.com/;hxxp://jukdoout0.com/;hxxp://swltcho0.com/;hxxp://ranmjyuke.com/
psrv=hxxp://crj71ki813ck.com/
version=0.175
Unpacked dropper also attached.

original http://www.virustotal.com/file-scan/rep ... 1308277187
unpacked http://www.virustotal.com/file-scan/rep ... 1308276205
Attachments
pass: malware
(397.14 KiB) Downloaded 120 times
 #7003  by EP_X0FF
 Fri Jul 01, 2011 3:03 am
Attached recent TDL4 dropper with updated cmd.dll
[main]
version=0.03
aid=40787
sid=0
builddate=351
installdate=1.7.2011 2:26:34
rnd=2709195991
[inject]
*=cmd.dll
* (x64)=cmd64.dll
[cmd]
srv=hxxps://4tag16ag100.com/;hxxps://zna61udha01.com/;hxxps://dg6a51ja813.com/;hxxps://7gaur15eb71.com/;hxxps://ka18i7gah10.com/
wsrv=hxxp://bangl24nj14.com/;hxxp://lkeopee32.com/;hxxp://63.223.106.16/;hxxp://63.223.106.17/;hxxp://iau71nag001.com/;hxxp://baj19kall10.com/
psrv=hxxp://cikh71ynks66.com/;hxxp://clkh71yhks66.com/
version=0.24
All in attach.
Attachments
pass: malware
(360.31 KiB) Downloaded 82 times
  • 1
  • 46
  • 47
  • 48
  • 49
  • 50
  • 60