Adobe_Flash_Player.exe
http://www.virustotal.com/file-scan/rep ... 1305630154
http://www.virustotal.com/file-scan/rep ... 1305630154
Attachments
(111.87 KiB) Downloaded 147 times
A forum for reverse engineering, OS internals and malware analysis
markusg wrote:Adobe_Flash_Player.exeMaxSS TDL3 mod. Infinite loop of blue screens after installation - TDL3 mod brand behavior.
http://www.virustotal.com/file-scan/rep ... 1305630154
[redirected_dns]
-affiliate=44;
-host=89.248.168.188;
[redirected_domains]
-www.google.com.=74.125.87.99;
-google.com.=74.125.87.103;
-google.com.au.=74.125.87.104;
-www.google.com.au.=74.125.87.147;
-google.be.=74.125.87.148;
-www.google.be.=74.125.87.148;
-google.com.br.=74.125.87.109;
-www.google.com.br.=74.125.87.150;
-google.ca.=74.125.87.152;
-www.google.ca.=74.125.87.153;
-google.ch.=74.125.87.155;
-www.google.ch.=74.125.87.158;
-google.de.=74.125.87.160;
-www.google.de.=74.125.87.161;
-google.dk.=74.125.87.123;
-www.google.dk.=74.125.87.160;
-google.fr.=74.125.87.154;
-www.google.fr.=74.125.87.134;
-google.ie.=74.125.87.170;
-www.google.ie.=74.125.87.177;
-google.it.=74.125.87.173;
-www.google.it.=74.125.87.147;
-google.co.jp.=74.125.87.103;
-www.google.co.jp.=74.125.87.147;
-google.nl.=74.125.87.103;
-www.google.nl.=74.125.87.147;
-google.no.=74.125.87.103;
-www.google.no.=74.125.87.147;
-google.co.nz.=74.125.87.103;
-www.google.co.nz.=74.125.87.147;
-google.pl.=74.125.87.103;
-www.google.pl.=74.125.87.147;
-google.se.=74.125.87.103;
-www.google.se.=74.125.87.147;
-google.co.uk.=74.125.87.103;
-www.google.co.uk.=74.125.87.147;
-google.co.za.=74.125.87.103;
-www.google.co.za.=74.125.87.147;
-www.google-analytics.com.=74.125.87.101;
-www.bing.com.=92.123.68.97;
-search.yahoo.com.=72.30.186.249;
-www.search.yahoo.com.=72.30.186.249;
-uk.search.yahoo.com.=87.248.112.8;
-ca.search.yahoo.com.=87.248.112.8;
-de.search.yahoo.com.=87.248.112.8;
-fr.search.yahoo.com.=87.248.112.8;
-au.search.yahoo.com.=87.248.112.8;
\SystemRoot\system32\drivers\
*.sys
\systemroot\system32\drivers\etc\hosts
\BaseNamedObjects
{B35867ED-8377-44d9-9EAB-973E99447B37}
\systemRoot\system32\drivers\cntnr0.sys
\systemRoot
%s\%s
\SystemRoot
C:\WINDDK\7600.16385.0\inc\ddk\wdm.h
Irp->CurrentLocation <= Irp->StackCount + 1
redirected_dns
host
redirected_domains
.config
Windows
Opera
AppleWebKit
.NET CLR
Gecko
Trident/4.0
compatible
Mozilla
Safari
?Ff
Firefo
Firefox
Presto
?FWP
FunWebProducts
?AOB
America Online Browser 1.1
?O962
Opera/9.62
?O963
Opera/9.63
?O964
Opera/9.64
?P2
Presto/2.1.1
?P22
Presto/2.2.15 Version/10.00
?W6
Windows NT 6.0
?W61
Windows NT 6.1
?W5
Windows NT 5.1
?W50
Windows NT 5.0
?W5U
Windows NT 5.1; U
?W5Ur
Windows NT 5.1; U; ru
W5Ud
Windows NT 5.1; U; de
?W5Ue
Windows NT 5.1; U; en
?I6
MSIE 6.0
?I7
MSIE 7.0
?I8
MSIE 8.0
?M5
Mozilla/5.0
?M4
Mozilla/4.0
?cI6W5
compatible; MSIE 6.0; Windows NT 5.1
?cI7W5
compatible; MSIE 7.0; Windows NT 5.1
?cI8W5
compatible; MSIE 8.0; Windows NT 5.1
?cI6W50
compatible; MSIE 6.0; Windows NT 5.0
?cI7W50
compatible; MSIE 7.0; Windows NT 5.0
?cI8W50
compatible; MSIE 8.0; Windows NT 5.0
?cI6W6
compatible; MSIE 6.0; Windows NT 6.0
?cI7W6
compatible; MSIE 7.0; Windows NT 6.0
?cI8W6
compatible; MSIE 8.0; Windows NT 6.0
?WUW61
Windows; U; Windows NT 6.1;
?WUW6
Windows; U; Windows NT 6.0;
?WUW5
Windows; U; Windows NT 5.1;
?WUW50
Windows; U; Windows NT 5.0;
?WUW61e
Windows; U; Windows NT 6.1; en-US;
?WUW6e
Windows; U; Windows NT 6.0; en-US;
?WUW50e
Windows; U; Windows NT 5.0; en-US;
?WUW5e
Windows; U; Windows NT 5.1; en-US;
affiliate
User-Agent:
%.08X%.08X%.08X%.08X
%.05d%s
%.05d