A forum for reverse engineering, OS internals and malware analysis 

Forum for analysis and discussion about malware.
 #21083  by Win32:Virut
 Sat Oct 05, 2013 11:05 am
MD5: 5b15886809dd1b62ae633d5471790f6d
File size: 546.6 KB ( 559768 bytes )
File name: contacts.exe
File type: Win32 EXE
Detection ratio: 4 / 48
Analysis date: 2013-10-05 10:58:53 UTC ( 0 minutes ago )
https://www.virustotal.com/en/file/7d44 ... 380970733/
Publisher: Ingenieursbureau Matrix B.V.
Signature verification: Signed file, verified signature
Signing date: 11:59 AM 10/5/2013
Signers:
[+] Ingenieursbureau Matrix B.V.
[+] VeriSign Class 3 Code Signing 2010 CA
[+] VeriSign
Attachments
(512 KiB) Downloaded 78 times
 #21091  by Win32:Virut
 Sun Oct 06, 2013 10:13 am
MD5: c46f7e3fad57aed27db9cc98cb5cf87a
File size: 524.6 KB ( 537240 bytes )
File name: an333333.exe
File type: Win32 EXE
Detection ratio: 8 / 48
Analysis date: 2013-10-06 10:08:33 UTC ( 0 minutes ago )
https://www.virustotal.com/en/file/173c ... 381054113/

Attached with some other dropped samples.
Attachments
(800.16 KiB) Downloaded 93 times
 #21113  by Xylitol
 Tue Oct 08, 2013 8:39 am
Antimalware
https://www.virustotal.com/en/file/f79c ... 381221528/
Code: Select all
GET /info.php?idd=1760
Host: antivm.com
---
GET /check?pgid=10
Host: www.antivm.com
---
GET /percer.php?login=MTc2MA== HTTP/1.1
Host: www.antivm.com
---
GET http://www.antivm.com/shop?abc=cGdpZD0xMCZyPTE3NjA=
Attachments
infected
(732.53 KiB) Downloaded 153 times
 #21261  by grum
 Mon Oct 28, 2013 1:32 pm
Xylitol wrote:Antimalware
https://www.virustotal.com/en/file/f79c ... 381221528/
Code: Select all
GET /info.php?idd=1760
Host: antivm.com
---
GET /check?pgid=10
Host: www.antivm.com
---
GET /percer.php?login=MTc2MA== HTTP/1.1
Host: www.antivm.com
---
GET http://www.antivm.com/shop?abc=cGdpZD0xMCZyPTE3NjA=

:lol: base one old projetcs src in sale

http://www.xylibox.com/2011/11/fakeavfa ... e-for.html
 #21556  by Xylitol
 Wed Dec 04, 2013 12:20 pm
Windows Active HotSpot
https://www.virustotal.com/en/file/1cab ... 386159457/
Code: Select all
hxtp://93.115.82.248/?0=5&1=1&2=4&3=i&4=2600&5=0&6=1111&7=emaesylmty
Attachments
  • 1
  • 11
  • 12
  • 13
  • 14
  • 15