A forum for reverse engineering, OS internals and malware analysis
cjbi wrote:Slides from Microsoft.Can anyone else download those slides? I get an error when downloading (using IE, FF, Chrome, and wget). If you can download, please upload them here :)
Alureon: The First In The Wild 64-Bit Windows Rootkit http://www.virusbtn.com/pdf/conference_ ... VB2010.pdf
[main]load.zip
version=0.03
aid=30020
sid=0
builddate=4096
rnd=1770027372
[inject]
*=cmd.dll
* (x64)=cmd64.dll
[cmd]
srv=hxxps://kangojim1.com/;hxxps://lkaturi71.com/;hxxps://rukkeianno.in/;hxxps://neywrika.in/;hxxps://86b6b6b6.com/
wsrv=hxxp://rudolfdisney.com/;hxxp://crozybanner.com/;hxxp://imagemonstar.com/;hxxp://funimgpixson.com/;hxxp://bunnylandisney.com/
psrv=hxxp://cri71ki813ck.com/
version=0.15
[main]
version=0.03
aid=40583
sid=0
builddate=4096
rnd=1202660629
[inject]
*=cmd.dll
* (x64)=cmd64.dll
[cmd]
srv=hxxps://nichtadden.in/;hxxps://li1i16b0.com/;hxxps://zz87jhfda88.com/;hxxps://n16fa53.com/;hxxps://01n02n4cx00.cc/;hxxps://lj1i16b0.com/
wsrv=hxxp://clikcpixelabn.com/;hxxp://thinksn0taeg.com/;hxxp://jimgwarehouse.com/;hxxp://getbestbaner.com/;hxxp://pixelratator.com/
psrv=hxxp://clkh71yhks66.com/
version=0.15
Blur wrote:Hm, I've checked this sample on 3 vms. It seems to be incompatible with cracked win7 (yes i use cracked windows on my vmwares :) oh c'mon). The only way to boot in that case is to use f8->disable driver signing... Epx0ff are you using cracked windows hehe :)What is the way to crack? I believe there was a simple conflict because of similar booting stage patching.
Blur wrote:Epx0ff are you using cracked windows hehe :)Both samples were analyzed under clean Windows XP SP3 x86 licensed copy.
