A forum for reverse engineering, OS internals and malware analysis 

Forum for analysis and discussion about malware.
 #28814  by EP_X0FF
 Tue Jul 05, 2016 3:52 pm
Because it purpose is more boring. It is S.Korean online games spy/backdoor.
 #29420  by EP_X0FF
 Sat Oct 15, 2016 7:36 am
ikolor wrote:next..
https://www.virustotal.com/en/file/c127 ... 467457618/


https://www.virustotal.com/en/file/5bf7 ... 467459457/
resources.rar is a GbpBoot (alias Urelas) bootkit data (in your post https://www.virustotal.com/en/file/5bf7 ... 467459457/ is MBR file).

Second archive is Backdoor HtBot (https://www.virustotal.com/en/file/c127 ... 467457618/).

It would be nice if you will upload files separately in different posts so we can move them to dedicated threads once they are identified.