A forum for reverse engineering, OS internals and malware analysis 

Forum for analysis and discussion about malware.
 #21188  by skgsergio
 Fri Oct 18, 2013 1:33 pm
103.exe seems lees detected yet, is a new version?

On the other hand when u enter to a C&C via http (ex [url]hxxp://gktibioivpqbot.net/[/url]) u get this msg:
Temporary notes:

You cannot restore files after time has expired! Setting the system clock back will not help you!

Uninstall action and expiry time controlled by server, your key pair destroyed after uninstall (time has expired)!
You can't control it!!!
After uninstall (if you try reinstall) you obtain a new key pair from server.

You can reinstall software only if time has not expired!


Personal message:

Dear guy, please resend your MP 307*********07, you have month. (We know your machine, we wait you...), this is merchant error, sorry.
Why you did not do this immediately after an error?

Uninstall temporary disabled.
Soon will be available the decryption service... Stay with us :)
 #21191  by Cody Johnston
 Fri Oct 18, 2013 6:23 pm
Here you go :)

SHA256: b3530b7519660996d28eb31a8d5b585ec60601843c77dd9f2b712812c99843e4
SHA1: 347b21e94912e99fb312153948d1f2758454e136
MD5: a8e0d4771c1f71709ddb63d9a75dc895
File name: 103.exe
Detection ratio: 32 / 48

https://www.virustotal.com/en/file/b353 ... /analysis/
Attachments
Password: infected
(528.45 KiB) Downloaded 195 times
 #21197  by Cody Johnston
 Sat Oct 19, 2013 12:05 am
New Crypt from today attached:

SHA256: 136e8991816b958bb76aaf22fefd18194cf78a80e95d572754f95e1f86149a65
SHA1: ea64129f9634ce8a7c3f5e0dd8c2e70af46ae8a5
MD5: f1e2de2a9135138ef5b15093612dd813
Detection ratio: 12 / 47

https://www.virustotal.com/en/file/136e ... /analysis/
Attachments
Password: infected
(326.45 KiB) Downloaded 229 times
 #21215  by emc74
 Tue Oct 22, 2013 6:48 am
Can a more recent file be posted so that I can download and attempt a recovery? Can I check that following the download I just execute the file?
  • 1
  • 2
  • 3
  • 4
  • 5
  • 12