Attachments
(118.63 KiB) Downloaded 60 times
A forum for reverse engineering, OS internals and malware analysis
markusg wrote:dll.exeTDL4, nothing unusual or new.
http://www.virustotal.com/file-scan/report.html?id=768eb0f794e102591616c9bc41012bbfaf845bfe8c60ce98b99adc76d2915e30-1300823199
[main]
version=0.03
aid=30041
sid=0
builddate=351
rnd=1960408961
[inject]
*=cmd.dll
* (x64)=cmd64.dll
[cmd]
srv=hxxps://lo4undreyk.com/;hxxps://sh01cilewk.com/;hxxps://cap01tchaa.com/;hxxps://kur1k0nona.com/;hxxps://u101mnay2k.com/
wsrv=hxxp://gnarenyawr.com/;hxxp://rinderwayr.com/;hxxp://jukdoout0.com/;hxxp://swltcho0.com/;hxxp://ranmjyuke.com/
psrv=hxxp://crj71ki813ck.com/
version=0.15
markusg wrote:bc86222.exeUsual TDL4.
http://www.virustotal.com/file-scan/report.html?id=cc4a2781af5ca19ba8cdd9fc8d6183195682fdcba5a37a4569f7f85103e62caa-1300962936
[main]
version=0.03
aid=30185
sid=0
builddate=351
rnd=1085031214
[inject]
*=cmd.dll
* (x64)=cmd64.dll
[cmd]
srv=hxxps://lo4undreyk.com/;hxxps://sh01cilewk.com/;hxxps://cap01tchaa.com/;hxxps://kur1k0nona.com/;hxxps://u101mnay2k.com/
wsrv=hxxp://gnarenyawr.com/;hxxp://rinderwayr.com/;hxxp://jukdoout0.com/;hxxp://swltcho0.com/;hxxp://ranmjyuke.com/
psrv=hxxp://crj71ki813ck.com/
version=0.15
[main]I think there is no sense to upload another identical droppers. The odds are that rootkit part of TDL4 will stay unchanged for a long time...
version=0.03
aid=30185
sid=0
builddate=351
rnd=839522115
[inject]
*=cmd.dll
* (x64)=cmd64.dll
[cmd]
srv=https://lo4undreyk.com/;https://sh01cil ... nay2k.com/
wsrv=http://gnarenyawr.com/;http://rinderway ... jyuke.com/
psrv=http://crj71ki813ck.com/
version=0.15
push esi
xor esi,esi
cmp dword prt:[esp+8], esi
...