[rough_spear]

Hi All, :D
I m back with TDL4 and it's plugin. :lol:
including most awaited socks.dll :twisted:

Code: Select all

[main]
version=0.03
aid=30022
sid=0
builddate=351
rnd=854245398
knt=1320123429
[inject]
*=cmd.dll
* (x64)=cmd64.dll
svchost.exe=socks.dll
[cmd]
srv=https://195.3.145.111/;https://212.36.9.52/;https://91.213.29.63/;https://tr1ck-track.com/;https://188.95.52.162/;https://mo0nviser.com/
wsrv=http://gnarenyawr.com/;http://rinderwayr.com/;http://jukdoout0.com/;http://swltcho0.com/;http://ranmjyuke.com/
psrv=http://crj71ki813ck.com/
version=0.31
bsh=b77f22b74a6630d91d7f44bdafb7ce6426cde915
delay=7200
csrv=http://lkckclcklii1i.com/
dlc_srand=103
ns_conf=0
ssl=http://revalati0n-startup.com:8344/
[tasks]
[socks]
port=35211
[tslcaloc]
svchost.exe=180| -g yes -t 1 -o http://pacrim.eclipsemc.com:8337/ -u ilnick89_1 -p 112233
kwrd=300|conhost.exe| -g no -t 1 -o http://generic--t00ls.com:8344/ -u %s -p %s

Regards,


rough_spear. ;)

[limiter]

Cheers rough_spears going to have a look at this in more detail! I read recently that TDL4 had been updated and checked for VM's. Does the infection run in a virtual machines or does it check and then stop it's self.

[EP_X0FF]

I read recently that TDL4 had been updated and checked for VM's. Does the infection run in a virtual machines or does it check and then stop it's self.

Where did you get this? In ESET article? This is not TDL4. That somehow mistakes of others spawning ridiculous legends and myths.

[EP_X0FF]

Has anyone got an infected binary of TDL4? can't seem to find a new one around any help would be great really wanna analyse it.

Ok, one more time. Before posting anything in this thread it is highly recommended to read this thread starting from 1 page to current. Flooding it with "give me sample" posts are not welcomed. Such posts will be removed and if required - user will be banned.

[kmd]

tdl4 seems dead

[frank_boldewin]

tdl4 seems dead

yep, it seems the Maxss tree will be further developed.

[steward]

Why dead?

Would you explain that?Please

[EP_X0FF]

Why dead?

Call 1-800-TDSS for more info.

Would you explain that?Please

There is new TDL4 version branch ITW - MaxSS/SST. TDL4 as well as it predecessor refined TDL3 still can be found itw. Don't ask for fresh sample - if someone has it - it will share.

[Xylitol]

Dogma Millions, soon to face justice
EN: http://malwareinsights.blogspot.com/201 ... ogram.html
RU: http://malwareinsights.blogspot.com/201 ... lions.html

[erikloman]

Hi all. I am looking for a specific TDL4 (or variant) dropper that uses ACPI.sys (XP 32-bit) to conceal its DEVICE_OBJECT hijacking. Thanks!