A forum for reverse engineering, OS internals and malware analysis 

Forum for analysis and discussion about malware.
 #7074  by EP_X0FF
 Tue Jul 05, 2011 1:59 am
Thread split, Porno-Rolik discussion moved to Trojan Winlock - WinAD topic. This was done because we strongly believe - they all related and produced by the same people.

EDIT:

Split again, new Lock'Em'All version moved to Trojan Winlock - Lock'Em'All topic. Also built currently small table of active winlock locations.
Last edited by EP_X0FF on Thu Jul 07, 2011 7:00 pm, edited 1 time in total. Reason: see edit
 #7125  by Xylitol
 Thu Jul 07, 2011 7:45 pm
Encoder Builder v2.31 xorist winlock generator with source code (Delphi/Asm)

Image

Image

Builder 30/43 >> 69.8% http://www.virustotal.com/file-scan/rep ... 1310067752
'virgin' stub 18/43 >> 41.9% http://www.virustotal.com/file-scan/rep ... 1310067296
Attachments
pwd: xylibox
(411.69 KiB) Downloaded 68 times
 #7445  by EP_X0FF
 Wed Jul 20, 2011 12:22 pm
mrbelyash wrote:code?

pass-virus
Unblock code: 1G@h3J$k

Posts moved.

Unpacked in attach, see
Code: Select all
CODE:00476F3C _TForm1_Button1Click
Attachments
pass: malware
(248.72 KiB) Downloaded 51 times
  • 1
  • 3
  • 4
  • 5
  • 6
  • 7
  • 9