A forum for reverse engineering, OS internals and malware analysis 

Forum for analysis and discussion about malware.
 #18643  by spandexednaps
 Fri Mar 22, 2013 2:20 am
Hello,

Im looking for a Win32/TrojanDownloader.Carberp.AM sample. Searched the forums and can not find any recent samples. Virus total link below shows what appears to be a possibly new variant.

SHA1:
89426df295c7d84e1c1f1fc4315ab41665ee53a7

MD5:
c6b9ebb31b18ac9a5cf1d4caf5b15e77

Virustotal link:
https://www.virustotal.com/en/file/77fb ... /analysis/

Many thanks.
 #18876  by kodo
 Tue Apr 09, 2013 7:25 am
Looking for Carberp plugins samples

http://blog.avast.com/2013/04/08/carberp_epitaph/

sb.plug 3150522d039ea64715951d2461c04b9f Win32:Carberp-AI [Trj]
rdp.plug 5f93b2f8d8c0f6f00f3cc99adbe7efc0 Win32:SpyeyePlugin-E [Trj]
ddos.plug e20146551b34409d71dde02a8e3d5c15 Win32:CarberpPlugin-L [Trj]
vnc.plug 5683fcb77c6f6447aba75b44338cb461 Win32:CarberpPlugin-K [Trj]
ifobs.plug c96ff5f3ec55220e99b9d7c8a3a98e8f Win32:CarberpPlugin-M [Trj]
bot.plug f29e19cbe20dd7e0eba5d1ff09abdbbb Win32:CarberpPlugin-P [Trj]
fake.dll 6b2fcfa7cb57a44d28530eaf28ac253e Win32:CarberpPlugin-N [Trj]
ammy.plug 3b91280aa14a1dc0870f53f76a48c3f8 Win32:AmmyyRAdmin-A [PUP]
iphlpapi.dll 0993ac70dd8ab896ae349f45cc82d63d Win32:CarberpPlugin-Q [Trj]
ActiveX.jar 46f348d9a990004d8e2c5694f5544f56 Java:Carberp-A [Trj]
passw.plug 38956767859e03e126f1d79c0f0e3ea0 Win32:CarberpPlugin-D [Trj]

------------

+ other with unknown MD5:

cyberplat.plug
rtlext.plug
docfind.plug
addtrust.plug
vncdll.plug
 #20187  by Win32:Virut
 Mon Jul 22, 2013 9:13 am
Hello, I'm looking for particular sample of

a) AhnLab detected as Trojan/Win32.Zbot but I don't think it is Zbot.
b) MD5 b1345f655c106b9944a390c2d491f1e8

https://malwr.com/analysis/Mjg1MzRhNDUx ... I3MGMzM2Q/
https://www.virustotal.com/file/c481369 ... /analysis/

MD5 b1345f655c106b9944a390c2d491f1e8
SHA1 e7b136f641b742823f23533f3d9defcd434c0e72
SHA256 c4813692f1094dff15c4a34765ddd2dfac841425b1e9e82337525eb3ec7ab4eb
SHA512 a6e5790917b0374db907beceec4cbfe3fc9444c704ad4d0d7c8318d1dd06d9a26ffe78909a6a166238fe72eea29949091ecb6b396db94cb4c5158832a1af8673
CRC32 45588056

Thank you.