A forum for reverse engineering, OS internals and malware analysis 

Trojan SpyEye (alias Pincav)

Forum for analysis and discussion about malware.

Re: Trojan SpyEye (alias Pincav)

 #6710  by EP_X0FF
 Tue Jun 07, 2011 9:51 am
markusg wrote:Recycle.Bin.exe
http://www.virustotal.com/file-scan/report.html?id=94457981a2d3969426d2c67b190bc93291d8ee46e36551fc3d93732f0ddebe76-1307438580
v1.3

pass for decrypted config: DC170F331378C7242C1213717EE584ED

Gates:
hxxp://95.168.178.220/index.php;80
hxxp://188.72.201.213/index.php;80
hxxp://google-1aa.com/index.php;80
hxxp://avira-data.com/index.php;80
hxxp://212.95.58.129/index.php;80
hxxp://212.95.63.35/index.php;80
hxxp://212.95.63.36/index.php;80
Attachments
(159.82 KiB) Downloaded 53 times

Re: Trojan SpyEye (alias Pincav)

 #6711  by EP_X0FF
 Tue Jun 07, 2011 10:02 am
another v1.3

pass for decrypted config: FEDA7534E2C3725954CEC9228912738E

Gates:
hxxp://www.borsgandkotletsplatinum.com/suit/gate.php;90
hxxp://www.uploadefreewarenow.co.cc/mail/gate.php;90
hxxp://www.muchachasgraciass.co.cc/freeware/gate.php;90
hxxp://www.muchafdfererss.co.cc/driver/gate.php;90
hxxp://www.erfotofreefactory.co.cc/freeware/gate.php;90
http://www.virustotal.com/file-scan/rep ... 1307433646
Attachments
pass: malware
(114.96 KiB) Downloaded 47 times
(5.05 KiB) Downloaded 47 times

Re: Trojan SpyEye (alias Pincav)

 #6748  by EP_X0FF
 Thu Jun 09, 2011 11:03 pm
Some old v1.2.9 SpyEye

pass for decrypted config: FC5DFC3BE86D6753AB56776417840CCE

Gates:
hxxp://visitorcounter.net.in/images/gate.php
hxxp://visitorcounterbck.net.in/images/gate.php
http://www.virustotal.com/file-scan/rep ... 1307654559
Attachments
pass: malware
(125.52 KiB) Downloaded 47 times
(577 Bytes) Downloaded 47 times

Re: Trojan SpyEye (alias Pincav)

 #6755  by EP_X0FF
 Fri Jun 10, 2011 10:02 am
Washer2.rar.exe
http://www.virustotal.com/file-scan/report.html?id=c15125dc7ad2954330538a4aa1cb22c438251896fdf3521df6718c9065c5af8d-1307698951
SpyEye v1.3

pass to decrypted config: 9B24636E1BB55960CF9B8F04A905FE96

Gates:
hxxp://host-checkker.net/ASdhgas6d/sdhgas/yrgdate13.php;350
hxxp://befirstchild.net/bFeIN_L/50x.html.php;350
hxxp://nofrostengland.com/hYtgfE/dgTrfdbbbf.php;350
Washer1.rar.exe
http://www.virustotal.com/file-scan/report.html?id=10b758a75f5662fec1d08be607e7f8c2f241333267f185cf3bd697a983dc4892-1307698615
SpyEye v1.3

pass for decrypted config: 8A803E9EB9EE77938D7B07DFCDC3C844

Gates:
hxxp://host-checkker.net/ASdhgas6d/sdhgas/yrgdate13.php;350
hxxp://keepyoursecurity.net/lTq_YTrqw3/hhgdftco9.php;350
hxxp://befirstchild.net/qDewtdd/bfdhtt33.php;350
Attachments
(76.25 KiB) Downloaded 47 times
Washer2.rar.exe config
(76.81 KiB) Downloaded 47 times

Re: Trojan SpyEye (alias Pincav)

 #6757  by Xylitol
 Fri Jun 10, 2011 10:28 am
hxxp://usps.com.trackr04.com/shipping/invoice.php?navigation=1&resplang=eng&r

29/42 >> 69.0%
http://www.virustotal.com/file-scan/rep ... 1307696632

Image

1.3.41 interface ~
Image
Attachments
pwd: infected
(252.69 KiB) Downloaded 50 times

Re: Trojan SpyEye (alias Pincav)

 #6758  by EP_X0FF
 Fri Jun 10, 2011 10:40 am
Attached decrypted config, pass: A2DBA672503655D3FBFFDA96B8E97823

Gates:
hxxp://nslookupxo.com/dns/home.php;1500
hxxp://91.223.82.127/dns/home.php;1500
hxxp://91.223.82.128/dns/home.php;1500
hxxp://91.223.82.125/dns/home.php;1500
hxxp://91.223.82.126/dns/home.php;1500
I see random name for config.bin :)
Attachments
(20.32 KiB) Downloaded 53 times
  • 1
  • 12
  • 13
  • 14
  • 15
  • 16
  • 42
 Return to “Malware”