A forum for reverse engineering, OS internals and malware analysis 

Win32/LoadMoney

Forum for analysis and discussion about malware.

Re: Malware collection

 #29446  by EP_X0FF
 Tue Oct 18, 2016 6:59 am
ikolor wrote:next..

https://www.virustotal.com/en/file/2e7c ... 475241132/


https://www.virustotal.com/en/file/8039 ... 475237137/
unidentified.exe - PUP InstallMonster.
notify.exe - Win32/KingSoft adware
nethost.exe - Win32/LoadMoney trojan with VM detect.
Code: Select all
F R O M       ,       S E L E C T       W H E R E     W Q L   t r u e     f a l s e   d i s p l a y N a m e   p r o d u c t S t a t e     R O O T \ S e c u r i t y C e n t e r 2     |   e   o   u   n n     o n A c c e s s S c a n n i n g E n a b l e d   p r o d u c t U p t o D a t e   R O O T \ S e c u r i t y C e n t e r   n   A n t i v i r u s P r o d u c t
S E L E C T   *   F R O M       m a n u f a c t u r e r     m o d e l   v i r t u a l b o x     v m w a r e     p a r a l l e l s   q e m u     w i n e     v i r t u a l   W i n 3 2 _ C o m p u t e r S y s t e m     R O O T \ C I M v 2     channel installed_after installed_before    name    period  type    runfile url params  $ _ _ C H N     waiting_time    infinite    run_d   openurl o p e n     & t =   l   U n k n o w n   t y p e   o f   t a s k     &   & a n t i v i r u s e s =   o n l i n e     S o f t w a r e \ M i c r o s o f t \   1   0   i n s t a l l   updateversion   updateurl   tasks         - - a f t e r u p d a t e     u p d a t e     . o l d     _ u p g r a d e . e x e     S o f t w a r e \   / D e l e t e   / F   / T N   % s   s c h t a s k s . e x e         S O F T W A R E \ M i c r o s o f t \ W i n d o w s \ C u r r e n t V e r s i o n \ U n i n s t a l l \     % s \ % s _ % i . e x e     r   A u t h o r   n a m e   T r i g g e r 1     % 0 4 d - % 0 2 d - % 0 2 d T % 0 2 d : % 0 2 d : % 0 2 d   P T 1 5 M   % s . j o b     % s   - - r e m o v e   U n i n s t a l l S t r i n g   D i s p l a y N a m e   P u b l i s h e r   D i s p l a y V e r s i o n     S o f t w a r e \ % s \     % s \
Thread split, posts moved to Win32/LoadMoney.

Re: Win32/LoadMoney

 #31376  by markusg
 Sat Mar 24, 2018 4:11 pm
can not attach files at this time so i send droppbox link
https://www.virustotal.com/#/home/upload
https://www.dropbox.com/s/5l70xhnom3sfw ... __.7z?dl=0
Attachments
PW: infected
(1.01 MiB) Downloaded 19 times
Last edited by R136a1 on Sun Mar 25, 2018 11:47 am, edited 1 time in total. Reason: Attached the file, thanks for reporting the error!
 Return to “Malware”