[user]

Hi.Seeking Virus Sality variant .bh (newest)

Type: Polymorphic virus
MD5 : 5c1d6a3b0ea845cbdf730cee3647ae43
VT - http://www.virustotal.com/file-scan/rep ... 1289660557

Thanks ;) .

[cjbi]

Hi.Seeking Virus Sality variant .bh (newest)

Virus.Win32.Sality.bh

VT result
http://www.virustotal.com/file-scan/rep ... 1307976975

[Striker]

Sality file infector

http://www.threatexpert.com/report.aspx ... f9b244bef7

[rough_spear]

Hi All, :D
W32.Sality.U

One more sample of Sality. :twisted:
this file is trojan.hello.A1 which is infected by sality.

Regards,

rough_spear. ;)

[360Tencent]

http://seclists.org/fulldisclosure/2012/Mar/315

[thisisu]

MD5: da262430c37fb20deb395c99c3a4a024
https://www.virustotal.com/file/f99f5e3 ... 333679166/

[SmilingWolf]

2 samples from honeypot

MD5: 60bd4776338ea598d4f1964c01616468
https://www.virustotal.com/file/9ffff54 ... /analysis/

MD5: 93991afbfd36c9ce24d3c81ed0d2d0df
https://www.virustotal.com/file/c51bf1d ... /analysis/

[Mosh]

Hi All

I'm new on malware analysis and i would share with you a small analysis that I did.

I took the sample: 60bd4776338ea598d4f1964c01616468 and I found the device and driver name





Later with the help of WinDbg i found the driver in the address 0x82a73b30 and then i could view the structure



Then i review the DriverInit memory position and i found with a interesting function in the address 0xf7bcab50, i dont know what exactly this function does, but when i revise this memory position i found the string list for the antivirus.






See you ;)

[Xylitol]

Sality rootkit analysis - http://artemonsecurity.blogspot.com/201 ... lysis.html

[Mosh]

MD5: 683b33d2e0c23f6c37f5594cbf193ffc
https://www.virustotal.com/file/b01c1b5 ... /analysis/