A forum for reverse engineering, OS internals and malware analysis 

Forum for analysis and discussion about malware.
 #18937  by rkhunter
 Sun Apr 14, 2013 5:22 pm
heard a lot of questions regarding malware that contain x64 modules on board and work fine on x32 and x64 with payload, here an idea to collect some families together;
Last edited by EP_X0FF on Mon Apr 22, 2013 5:28 am, edited 5 times in total. Reason: list updated
 #18944  by EP_X0FF
 Mon Apr 15, 2013 2:58 am
Sinowal has user mode backdoor for x64.
Necurs has a compatible driver agent for x64.
Some of Bankers with rootkit component too.
Ransom Weelsof has x64 module.
Some variants of Koobface too.

x64 modules are not really popular because old win32 code can do most of the job from wow64, except specific injects (IE) etc and having standalone version of malware in dropper increase it size plus pe32+ crypter cost. Maybe when most of browsers will be x64 we will see rise of win64 malware.