A forum for reverse engineering, OS internals and malware analysis 

Rootkit ZeroAccess (alias MaxPlus, Sirefef)

Forum for analysis and discussion about malware.

Re: Rootkit ZeroAccess (alias Max++, Sirefef)

 #10723  by rkhunter
 Sat Dec 31, 2011 11:01 am
Aleksandra wrote:http://www.virustotal.com/file-scan/rep ... 1325327360

http://virusscan.jotti.org/ru/scanresul ... 922ca658d6

http://camas.comodo.com/cgi-bin/submit? ... 5d1eaddaf7
Very low detection 2 /43 (4.7%).
Tried send it to MS lab but https://www.microsoft.com/security/port ... ubmit.aspx not responding.

Re: Rootkit ZeroAccess (alias Max++, Sirefef)

 #10744  by rough_spear
 Mon Jan 02, 2012 6:43 am
Hi All,
NOT AGAIN..... :evil:
again same link and same file but again different md5.


File name - Keygen-Toolsoft_Audio_Converter_1_72_3.exe :evil:
VT Link - http://www.virustotal.com/file-scan/rep ... 1325484943
11 /43 (25.6%)

Web link - hxxp://ahead-adobeyo.servegame.com/getfilez/Keygen-Toolsoft_Audio_Converter_1_72_3.exe

MD5 : 002747e2dcaedbccf8f0c0bfd2e144f8
SHA1 : d067c420d3cfbd0078ed54a0cd49822738d9538c
SHA256: 72a68ca7a11cb6a514f1593c1b9b81e4585472c589d3424b757f2d2133d2accd

File name - X
VT link - http://www.virustotal.com/file-scan/rep ... 1325485437
2/ 43 (4.7%)

MD5 : 841a4242aa398154dff2a99b49f3be65
SHA1 : b1d4c3687f9004d2cccad915795ac9cfaeba1439
SHA256: 65512b218c82c9750fe60fc65faae49d54fd09a87c41fa0d2db11d848194af5e
ssdeep: 768:F2Oz6cE39Vw9lDlpJuXywUQuYHL0lAuWfOW0VgfwRfC5uX8vK8vWexL5V:FNdg9WjlfuXtu
YHi60EMfC5C8vLvH5V

Regards,

rough_spear. ;)
Attachments
pass: malware
(1.13 MiB) Downloaded 64 times
Last edited by EP_X0FF on Mon Jan 02, 2012 7:22 am, edited 1 time in total. Reason: overquoting removed, posts merged

Re: Rootkit ZeroAccess (alias Max++, Sirefef)

 #10745  by EP_X0FF
 Mon Jan 02, 2012 7:26 am
Thank you for samples, but there is no need to upload same sample everyday. Each new update always eradicates all significant AV detection's, so there is no surprise or catastrophe there. Your samples have been merged in one archive and was attached to your last post.

Re: Rootkit ZeroAccess (alias Max++, Sirefef)

 #10751  by rough_spear
 Mon Jan 02, 2012 6:01 pm
@ EP_X0FF, Thank you. :D
EP_X0FF wrote:Thank you for samples, but there is no need to upload same sample everyday. Each new update always eradicates all significant AV detection's, so there is no surprise or catastrophe there. Your samples have been merged in one archive and was attached to your last post.
Regards,

rough_spear. 8-)

Re: Rootkit ZeroAccess (alias Max++, Sirefef)

 #10768  by ConanTheLibrarian
 Tue Jan 03, 2012 6:17 pm
markusg wrote:@ConanTheLibrarian
sorry for late reply, but i see in germany at the last 3-5 days an growing of zero access infections.
It was short lived - a matter of about 3 days with less activity. Perhaps they took a Holiday vacation? :P
  • 1
  • 18
  • 19
  • 20
  • 21
  • 22
  • 38
 Return to “Malware”