A forum for reverse engineering, OS internals and malware analysis 

Forum for analysis and discussion about malware.
 #12300  by Maxstar
 Fri Mar 23, 2012 5:15 pm
rkhunter wrote:LOL! Reveton, GEMA, German and French at least.
In the Netherlands (holland) and also Belgium are these trojan.ransoms massively active, but I don't have a full working sample yet. But I have cached some files from infected machines.
Code: Select all
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
"Load"="C:\\Users\\GEBRUI~1\\LOCALS~1\\Temp\\msyelu.exe"
mskabad.bat
https://www.virustotal.com/file/0ed9ca5 ... 332522702/

msyelu.exe
https://www.virustotal.com/file/0ed9ca5 ... 332522771/
Attachments
PW = infected
(44.62 KiB) Downloaded 71 times
  • 1
  • 2
  • 3
  • 4
  • 5
  • 16