PbBot malware family (Non-bootkit) - KernelMode.info

PbBot malware family (Non-bootkit)

2 posts

2 posts

PbBot malware family (Non-bootkit)

#16723 by cjbi
Tue Nov 20, 2012 11:06 am

General description of PbBot malware family (incl. bootkit):
Korean online card gamer targeted malware (for spying)

Old and recent samples attached.

P.S Some payload is interesting. :) (e.g., DFMgr.dll)

Attachments

PbBot(Non-bootkit).zip

pass: infected
(4.47 MiB) Downloaded 72 times

Username

cjbi

Posts

92

Joined

Sun Mar 14, 2010 7:16 am

Re: PbBot malware family (Non-bootkit)

#19136 by cjbi
Wed May 01, 2013 11:52 am

Windows 7 x64 targeted "PbBot downloader" detected.
Win7Elevate and signed driver inside.
Droppers and payloads attached.

VirusTotal result(s):
Legit installer + Dropper
wLauncherS2.exe.vir 15/45 https://www.virustotal.com/ru/file/6804 ... 367408510/

Dropper
special.exe.vir 17/46 https://www.virustotal.com/ru/file/a262 ... 367407611/

Payloads
InstDrv.exe.vir 2/46 https://www.virustotal.com/ru/file/c77b ... 367408868/
Rdrv64.sys.vir 0/46 https://www.virustotal.com/ru/file/f66b ... 367408982/
Win7Elevate.exe.vir 9/46 https://www.virustotal.com/ru/file/8855 ... 367408987/

Final payload: Delphi coded PbBot
demo.EXE.vir 8/46 https://www.virustotal.com/ru/file/1f3b ... 367408790/

Attachments

PbBotDownloader_x64_20130501.zip

pass: infected
(955 KiB) Downloaded 44 times

Username

cjbi

Posts

92

Joined

Sun Mar 14, 2010 7:16 am

Page 1 of 1
2 posts

Return to “Malware”

Display:

Sort by:

Sort by:

Jump to: