MS sandbox description
http://www.microsoft.com/security/porta ... 9%09#tab=2
Written on Delphi, packed with PECompact + crypted.
It include small downloader Win32/Dimegup which contacts hxxp://networksecurityx.hopto.org (unavailable at the moment of post).
Main malware contains lots of encrypted strings, just dump it loaded to get them.
Sample courtesy of markusg.
https://www.virustotal.com/en/file/a704 ... /analysis/
https://www.virustotal.com/en/file/e33c ... /analysis/
http://www.microsoft.com/security/porta ... 9%09#tab=2
Written on Delphi, packed with PECompact + crypted.
It include small downloader Win32/Dimegup which contacts hxxp://networksecurityx.hopto.org (unavailable at the moment of post).
Main malware contains lots of encrypted strings, just dump it loaded to get them.
Sample courtesy of markusg.
https://www.virustotal.com/en/file/a704 ... /analysis/
https://www.virustotal.com/en/file/e33c ... /analysis/
Attachments
pass: infected
(234.62 KiB) Downloaded 98 times
(234.62 KiB) Downloaded 98 times
Ring0 - the source of inspiration