KernelMode.info

A forum for reverse engineering, OS internals and malware analysis
https://www.kernelmode.info/forum/

TrojanSpy:Win64/Ursnif.A

https://www.kernelmode.info/forum/viewtopic.php?f=21&t=2490

Page 1 of 1

TrojanSpy:Win64/Ursnif.A

PostPosted:Wed Jul 25, 2012 11:25 pm
by thisisu
Hello, I'm looking for the following file with MD5: 7B1C08BCBD6F75EE924448CF1015E5C6

Creation and modification date: 2012-07-21 11:28 - 2012-07-21 11:28
Size: 0062464
Attributes: ---AC
Company Name: FRISK Software International
Internal Name: F-PROT
Original Name: FPROT.DLL
Product Name: F-PROT Antivirus
Description: F-PROT Antivirus
File Version: 3.6.2
Product Version: 3.6.2
Copyright: FRISK Software International, 1993-2012
Code: Select all
[SUSP PATH] HKCU\[...]\Run : findSTAT (rundll32 "C:\Users\Tiffany\AppData\Local\Temp\dllhpand.dll",CreateProcessNotify) -> FOUND
[SUSP PATH] HKCU\[...]\Run : cmstcaui (rundll32 "C:\Users\Tiffany\AppData\Local\Temp\dllhpand64.dll",CreateProcessNotify) -> FOUND
[SUSP PATH] HKUS\S-1-5-21-1833796289-1936695377-2858367867-1000[...]\Run : findSTAT (rundll32 "C:\Users\Tiffany\AppData\Local\Temp\dllhpand.dll",CreateProcessNotify) -> FOUND
[SUSP PATH] HKUS\S-1-5-21-1833796289-1936695377-2858367867-1000[...]\Run : cmstcaui (rundll32 "C:\Users\Tiffany\AppData\Local\Temp\dllhpand64.dll",CreateProcessNotify) -> FOUND
Thank you.

Re: Malware Requests, part 2

PostPosted:Thu Jul 26, 2012 12:53 am
by thisisu
thisisu wrote:Hello, I'm looking for the following file with MD5: 7B1C08BCBD6F75EE924448CF1015E5C6
I got the user to upload it, please disregard my request

http://forums.majorgeeks.com/showpost.p ... stcount=10
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/