A forum for reverse engineering, OS internals and malware analysis 

Forum for analysis and discussion about malware.
 #4064  by rough_spear
 Sun Dec 19, 2010 4:17 pm
post the password along with samples from next time.do not keep us guessing.
Well for other users password is infected
 #4065  by GamingMasteR
 Sun Dec 19, 2010 5:11 pm
It's common in malware researching forums/sites that zipped malwares have password that is either "malware" or "infected" :)
 #6604  by ramesh
 Wed Jun 01, 2011 2:14 am
Hello, I'm looking for particular sample of

a) Mebroot sample= Trojan family
b) MD5 0a211ac6b398f49f8ce982bb0b07bd4a (if you have others samples, please attach also)
c) It modifies the Master Boot Record (MBR). It uses sophisticated rootkit techniques to hide its presence and opens a back door that allows a remote attacker
control over the compromised computer.
d)VT=14/40; http://www.virustotal.com/file-scan/rep ... 1275018744

Thank you.
 #6605  by Meriadoc
 Wed Jun 01, 2011 2:55 am
Hi ramesh,

MD5:0A211AC6B398F49F8CE982BB0B07BD4A
Attachments
pass=malware
(348.29 KiB) Downloaded 167 times
 #7645  by PX5
 Mon Jul 25, 2011 5:00 pm
rough_spear wrote:post the password along with samples from next time.do not keep us guessing.
Well for other users password is infected
FO!

hxxp://anysexlife.net/index.php?tp=3b736217eef38124
hxxp://anysexlife.net/d.php?f=32&e=2

anysexlife.net - 200.35.147.150

hxxp://200.35.147.150/files/17
hxxp://200.35.147.150/files/18
hxxp://200.35.147.150/files/19
hxxp://200.35.147.150/files/23
hxxp://200.35.147.150/files/24
hxxp://200.35.147.150/files/25
hxxp://200.35.147.150/files/26
hxxp://200.35.147.150/files/27
hxxp://200.35.147.150/files/28
hxxp://200.35.147.150/files/29
hxxp://200.35.147.150/files/30
hxxp://200.35.147.150/files/31
hxxp://200.35.147.150/files/32
hxxp://200.35.147.150/files/33
hxxp://200.35.147.150/files/34
hxxp://200.35.147.150/files/35
hxxp://200.35.147.150/files/36
hxxp://200.35.147.150/files/37
hxxp://200.35.147.150/files/38
hxxp://200.35.147.150/files/39
hxxp://200.35.147.150/files/40
hxxp://200.35.147.150/files/41
hxxp://200.35.147.150/files/42
hxxp://200.35.147.150/files/43
hxxp://200.35.147.150/files/44
hxxp://200.35.147.150/files/45
hxxp://200.35.147.150/files/46
hxxp://200.35.147.150/files/47
hxxp://200.35.147.150/files/48
hxxp://200.35.147.150/files/49
hxxp://200.35.147.150/files/50
hxxp://200.35.147.150/files/51
hxxp://200.35.147.150/files/52
hxxp://200.35.147.150/files/53
hxxp://200.35.147.150/files/54
hxxp://200.35.147.150/files/55
hxxp://200.35.147.150/files/56
hxxp://200.35.147.150/files/57
hxxp://200.35.147.150/files/58
hxxp://200.35.147.150/files/59
hxxp://200.35.147.150/files/60
hxxp://200.35.147.150/files/61
hxxp://200.35.147.150/files/63
hxxp://200.35.147.150/files/69
hxxp://200.35.147.150/files/71



Blackhole Kit, loading exe yields nadda, emailed self html link and off we went.

First Ive seen of meb in any public arena in quite some time.

Curious if this one has gone platform compatiable...
 #7718  by Quads
 Thu Jul 28, 2011 12:24 am
The unzipped file can't run on XP, it's not a valid win32 application

Quads
 #7719  by EP_X0FF
 Thu Jul 28, 2011 2:34 am
Quads wrote:The unzipped file can't run on XP, it's not a valid win32 application

Quads
They are DLL's.
 #8310  by icr
 Sun Aug 28, 2011 7:54 am
Hey all as this topic was dedicated for mebroot virus programs so I would like to add some of mebroot programs
Attachments
password : infected
(2.25 MiB) Downloaded 242 times
 #8813  by rough_spear
 Wed Sep 28, 2011 6:52 pm
Hi,
Here is one more variant of sinowal-mebroot bootkit. :D

hxxp://uablszeuyus.com/w.php?f=26&e=1
File name - contacts.exe
File size - 124 KB

MD5 : 406e27ffcfc5134910f90524a5dd9350
SHA1 : bcc59a3d3b4a5ef41a0df7c2059ccc1da83298a1
SHA256: 45035761a3516278ca53f1c0e0b31d4607e342c4a59afcb4925b8d264bb65e8d
ssdeep: 1536:Zv1aIDH4GJYGb3Wd+OfUedf7JB0vDZfuDCpMT9kb7GThzzBqem:ZtpDYGKGznOfUaf7MvU
DBpkbizzBqe

Regards,


rough_spear. ;)
Attachments
password - malware.
(39.26 KiB) Downloaded 188 times
  • 1
  • 2
  • 3
  • 4
  • 5
  • 12