A forum for reverse engineering, OS internals and malware analysis 

Forum for analysis and discussion about malware.
 #10074  by EP_X0FF
 Fri Dec 02, 2011 12:16 pm
markusg wrote:0.837970031559333.exe
MD5   : 4c11c67ff7f05a9a77200d4659c6ef4f
http://www.virustotal.com/file-scan/rep ... 1322822552
Ransom BundezPolizei deploying as dll that spawns IE copy on specially allocated desktop with warning message located at -> 194.28.132.231
 #10157  by GMax
 Mon Dec 05, 2011 5:01 pm
markusg wrote:dr5j56iud56.exe
MD5   : ab48f926417c5ae2bc19aeee7b6a6165
https://www.virustotal.com/file-scan/report.html?id=482f69d9eeb910f4bb60b41239a05b24010be1f8edac39dacc5971cde43bb51b-1323098592
Image

used dWinlock (http://www.kassl.de) to disable special keyboard shortcuts

webform hxxp://gemapayment.net/gibmirgeld_de/index.php

unpacked file:
Size: 2119 Kb (2170288 byte)
Data/Time compile: 19.06.1992 / 22:22:17 UTC
MD5: c6a425a7563c4b2a759407890c7ab1d7
www.virustotal.com
Attachments
unpacked pass: malware
(227.3 KiB) Downloaded 55 times
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 12