Trojan SpyEye (alias Pincav) - Page 7

Re: Trojan SpyEye (alias Pincav)

#4682 by kmd
Mon Jan 24, 2011 5:27 am

new spyeye 1.3 with anti TrusteerRapport module has been released on black market.
any sample?

Username

kmd

Posts

271

Joined

Mon Mar 15, 2010 4:09 am

Location

Russian Federation

Re: Trojan SpyEye (alias Pincav)

#4685 by EP_X0FF
Mon Jan 24, 2011 8:01 am

Enjoy :)

Author added "short to long" jumps.

Attachments

SpyEye.rar

pass: malware
(278.2 KiB) Downloaded 64 times

Ring0 - the source of inspiration

Username

EP_X0FF

Rank

Global Moderator

Posts

4947

Joined

Sun Mar 07, 2010 5:35 am

Location

Russian Federation

Contact

Re: Trojan SpyEye (alias Pincav)

#4686 by PX5
Mon Jan 24, 2011 8:11 am

publisher....: Trusteer Ltd.
copyright....: (c) Trusteer Ltd. All rights reserved.
product......: Rapport
description..: RapportService
original name: RapportService
internal name: RapportService
file version.: 3.5.1007.28
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

Give this one a try. ;)

http://owned-nets.blogspot.com/2011/01/ ... osted.html

80.91.191.156/boss/bin/jupdate.exe appears alive and downloadable as well.

Attachments

85e51eb2fdf9443c09569fc6e2dde0b1.zip

(362.13 KiB) Downloaded 57 times

Arrogance led me to my Ignorance

Username

PX5

Posts

144

Joined

Thu Apr 29, 2010 1:14 am

Re: Trojan SpyEye (alias Pincav)

#4702 by markusg
Mon Jan 24, 2011 4:06 pm

cleansweep.exe
http://www.virustotal.com/file-scan/rep ... 1295884724
mute.exe
http://www.virustotal.com/file-scan/rep ... 1295884902

Attachments

C_.rar

(321.76 KiB) Downloaded 55 times

Username

markusg

Posts

737

Joined

Mon Mar 15, 2010 2:53 pm

Re: Trojan SpyEye (alias Pincav)

#4704 by nullptr
Mon Jan 24, 2011 5:13 pm

Here's the RapportService sample dumped and fixed so that it'll run on VMs.
Pretty lame antiVM, lol

Attachments

Rapport_fix.zip

pass: malware
(348.46 KiB) Downloaded 57 times

Username

nullptr

Posts

209

Joined

Sun Mar 14, 2010 6:35 am

Re: Trojan SpyEye (alias Pincav)

#4706 by Xylitol
Mon Jan 24, 2011 5:28 pm

@nullptr, bsod for me

Registration Problems and FAQ - Rules For Malware Requests

Username

Xylitol

Rank

Global Moderator

Posts

1706

Joined

Sat Apr 10, 2010 5:54 pm

Location

Seireitei, Soul Society

Contact

Re: Trojan SpyEye (alias Pincav)

#4707 by EP_X0FF
Mon Jan 24, 2011 5:30 pm

Xylitol wrote:@nullptr, bsod for me

that's interesting, what kind of? Page fault?

Ring0 - the source of inspiration

Username

EP_X0FF

Rank

Global Moderator

Posts

4947

Joined

Sun Mar 07, 2010 5:35 am

Location

Russian Federation

Contact

Re: Trojan SpyEye (alias Pincav)

#4710 by Xylitol
Mon Jan 24, 2011 5:50 pm

argh i've retested and he did not make it again it work properly, i've not view the seg but my vm was full fcuked when i've reboot after the bsod.. nothing happend just blocked on the win32 loading logo.

Registration Problems and FAQ - Rules For Malware Requests

Username

Xylitol

Rank

Global Moderator

Posts

1706

Joined

Sat Apr 10, 2010 5:54 pm

Location

Seireitei, Soul Society

Contact

Re: Trojan SpyEye (alias Pincav)

#4752 by kmd
Thu Jan 27, 2011 4:19 am

EP_X0FF wrote:Enjoy :)

Author added "short to long" jumps.

yea exactly what i was looking for
thx

deadly effective against rapport

Username

kmd

Posts

271

Joined

Mon Mar 15, 2010 4:09 am

Location

Russian Federation

Re: Trojan SpyEye (alias Pincav)

#4754 by EP_X0FF
Thu Jan 27, 2011 7:07 am

kmd wrote:deadly effective against rapport

Are you sure? Guys from Rapport dev has a different opinion :)
(unless they will silently update their soft in few days/weeks)

Ring0 - the source of inspiration

Username

EP_X0FF

Rank

Global Moderator

Posts

4947

Joined

Sun Mar 07, 2010 5:35 am

Location

Russian Federation

Contact