[mrbelyash]

pass-virus

No unlock functions?

[Xylitol]

Code: Select all

00407E39    E8 C2DCFFFF     CALL 00405B00                            ; JMP to USER32.GetWindowTextLengthA

i've found nothing.

[GMax]

pass-virus

No unlock functions?

Unpacked file

[EP_X0FF]

International fake police alert ransoms discussion moved to dedicated topic

[Xylitol]

7/43 >> 16.3%
http://www.virustotal.com/file-scan/rep ... 1323434065

come from a blackhole 1.2.1

[rkhunter]

Another winlock, with aggressive behavior - Trojan:Win32/Ransom.EZ.

Makes impossible boot in safe mode - BSOD, because moves all services (from HKLM\System\CurrentControlSet\Control\SafeBoot) in special key - HKLM\System\CurrentControlSet\Control\SystemNls.

Runs from:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\system
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\iexplorer

[mrbelyash]

E13879A64D8D091D6B826ED002FA67CD.zip

http://mrbelyash.blogspot.com/2012/01/t ... 29177.html

щелкнуть по слову является

[Xylitol]

found on blackhole

Code: Select all

95.57.120.135/files/71

Also this dll payload also from bh


and the last is NSFW.

[mrbelyash]

U162230155893
U207622064801
U241939228576
U232408233067
U279445227788
U134116812055
U394793444245

code: kkkkkk

[Xylitol]

16/43
https://www.virustotal.com/file/8146351 ... /analysis/

11/43 When unpacked
https://www.virustotal.com/file/8c200d5 ... /analysis/