A forum for reverse engineering, OS internals and malware analysis 

Forum for analysis and discussion about malware.
 #21105  by bsteo
 Mon Oct 07, 2013 7:05 pm
grum wrote::D on hand with me KINS ~ 300$ full src :lol:
Wow! grum the ripper here! Here is malware research forum dude, not the black market!
 #21108  by btclord
 Tue Oct 08, 2013 12:18 am
EP_X0FF wrote:
btclord wrote:can anyone unpack this? i am not able to unpack it.
bp CreateProcessW, dump memory, upx -d.

C:\Users\dice\Desktop\src\grab\Debug\alina_dex.pdb
dunno if it is unpacked or not, when i open it with ollydbg and go for strings i see empty page.
is it really fully unpacked?
 #21131  by EP_X0FF
 Wed Oct 09, 2013 9:41 am
btclord wrote:
EP_X0FF wrote:Facepalm.

instead of your facepalm, try to support new people who is looking to learn and make the community clean
lolwut?

Instead of asking stupid questions go read few posts before. You have EVERYTHING -> dump, unpacked file and even tutorial how to unpack it yourself. Go buy some glasses.

Edit: What kind of EXTRA strings do you need? Sorry I have only ~40Kb of them inside. Must be not enough?
1234.png
1234.png (24.25 KiB) Viewed 646 times
 #21381  by Hessss
 Tue Nov 12, 2013 2:18 am
These "jokers" trying to sell KINS and Alina malware sources ain't funny at all , since I got all possible variations of this here , I'll have sleepless nights trying to check what files are legit ones and which one aren't , and do a deep research on my machine , since I am getting weird mails few days back which are phishing ones and I am thinking that I am hopefully NOT infected by something of this posted here , and some people ask me for damn source of Alina "for personal use only" which is most likely that they are looking to implement something even worse than this here. I think , after reading blogs on this , which VB crypter is used and I marked it as suspicious , which doesn't has to be , but , I will only respond to staff here on that matter , since it is sold on HF and alike forums , and little research brought me to root of that crypter originating first at July 2011. And main thing is that protected executable of it is around 200 to 400 KB in size. And for test , I used RAT which is similar to Alina size itself when it is removed crypter thing from it and de UPX'ed.
  • 1
  • 12
  • 13
  • 14
  • 15
  • 16
  • 25