A forum for reverse engineering, OS internals and malware analysis
https://www.kernelmode.info/forum/
Maxstar wrote:Hi,
I'am look for the following trojan.ransom sample(s).
Filename: flint4ytw.exe
MD5: 0x21E582CC765DE5BB58191200E9F54E77
MD5: 0x81F37A4C738C77E764CD707EC197AB73
MD5: 0xB09E7D4723FEB64E1967B0B21E7848F9
MD5: 21e582cc765de5bb58191200e9f54e77 https://www.virustotal.com/file/3d19b03 ... /analysis/
Regards,
Maxstar
hnpl2011 wrote:Flopik wrote:Trojan-Spy.Win32.Lurk.jaMD5: 6e5766d37b088cb5ba59b8d13eeb39cc
Mentioned in :
http://www.theregister.co.uk/2012/03/18 ... are_found/
Java exploit infection , maybe a website ?
SHA256: 7a300fff5a51a8f8a6e85d92cf55d16f0379b3c44bde2fd1f90863394c2cfe43
https://www.virustotal.com/file/7a300ff ... /analysis/
prim wrote:Hello, somebody can help with search this files?
MD5: e7f308509217a1d13278854415e476a2
MD5: 5e8da2748af96cd1e3e6fd2cf2f3cf10
alankar wrote:Greetings,
Looking for a backdoor infection sample files with the following details
File name : - 5606.sys
Md5 hash :- DD27C9D3B8EBB193E103AC1B1AA35BFB
Virustotal Link:- https://www.virustotal.com/file/7e0a2c6 ... /analysis/
File name : - 5606.sys
Md5 hash :- 288AF53D533A0727842878B96137D1B2
Virustotal Link:- https://www.virustotal.com/file/cdecee4 ... /analysis/
Thanks and regards,
Alankar Reddy
R136a1 wrote:Hi there,
I am searching the following samples:
MD5: d28924f702b252fa4a7e746fd5261d88
Report: http://xml.ssdsandbox.net/view/d28924f7 ... 6fd5261d88
MD5: 6da754d56131dda68ab0b43050afbb9e
Report: http://xml.ssdsandbox.net/view/6da754d5 ... 3050afbb9e
MD5: 12c225d039fd690283f911dc1cc782eb
Report: http://xml.ssdsandbox.net/view/12c225d0 ... dc1cc782eb
hx1997 wrote:Maybe this one?At least it does what the other user requested.
Report generated with Buster Sandbox Analyzer 1.59 at 19:39:17 on 21/04/2012
[ General information ]
* File name: c:\m\test\c1e5dae72a51a7b7219346c4a360d867.exe
* File length: 30720 bytes
* File type: EXE
* TLS hooks: NO
* File entropy: 7.55224 (94.4030%)
* Adobe Malware Classifier: Unknown
* Digital signature: Unsigned
* MD5 hash: c1e5dae72a51a7b7219346c4a360d867
* SHA1 hash: 628c7396db3ca6ca7b111102e4d24be9426c35d7
* SHA256 hash: 6ddbe1f43fcc4f13ec0d0d92b650a58a4dab4ed83cb549652b64633fda12d7b1
[ Changes to filesystem ]
* Deletes file C:\M\TEST\C1E5DAE72A51A7B7219346C4A360D867.EXE
* Creates file C:\Documents and Settings\Administrador\MenĂº Inicio\Programas\Inicio\dxdiag.exe
File length: 30720 bytes
File type: EXE
File entropy: 7.55224 (94.4030%)
Adobe Malware Classifier: Unknown
MD5 hash: c1e5dae72a51a7b7219346c4a360d867
SHA1 hash: 628c7396db3ca6ca7b111102e4d24be9426c35d7
SHA256 hash: 6ddbe1f43fcc4f13ec0d0d92b650a58a4dab4ed83cb549652b64633fda12d7b1
[ Changes to registry ]
* Deletes Registry key HKEY_LOCAL_MACHINE\software\Classes\clsid\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
* Modifies value "SavedLegacySettings=3C000000A70700000100000000000000000000000000000004000000000000004029829C4F33CB0101000000C0A800040000000000000000" in key HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
old value "SavedLegacySettings=3C000000A60700000100000000000000000000000000000004000000000000004029829C4F33CB0101000000C0A800040000000000000000"
[ Network services ]
* Looks for an Internet connection.
* Connects to "salex4.net" on port 80.
* Connects to "xasmen8.in" on port 80.
* Opens next URLs:
hxxp://salex4.net/fda3/task.php?bid=adf73fd1b07a0f1d&os=5-1-2600&uptime=0&rnd=351845156
hxxp://salex4.net/fda3/task.php?bid=adf73fd1b07a0f1d&os=5-1-2600&uptime=0&rnd=351868937
hxxp://salex4.net/fda3/task.php?bid=adf73fd1b07a0f1d&os=5-1-2600&uptime=0&rnd=351892328
hxxp://xasmen8.in/sex4/task.php?bid=adf73fd1b07a0f1d&os=5-1-2600&uptime=0&rnd=351895203
[ Process/window/string information ]
* Gets user name information.
* Gets volume information.
* Gets computer name.
* Creates process "(null),svchost.exe,(null)".