A forum for reverse engineering, OS internals and malware analysis 

Forum for analysis and discussion about malware.
 #5890  by EP_X0FF
 Sun Apr 10, 2011 2:44 pm
markusg wrote:Setup.exe
http://virusscan.jotti.org/de/scanresul ... 9675334c11
Payload set as critical system process (termination leads to BSOD).
UPX + DarkEyE crypter + UPX

likely this DarkEyE skiddie crypter.
Image
Features:
•Delayed Execution
•Inject in custom process
•Bypass UAC
•Hide File
•Persistance Critical Process
•Bypass KIS11
•U.S.G. (Unique Stub Generator)
•Process Mutex
•Obfuscator
•Binder
•Downloader
Primitive crapware Backdoor:Win32/Fynloski.A written on Delphi.

In attach totally unpacked.

https://www.virustotal.com/file-scan/re ... 1302446215

Posts moved.
Attachments
pass: malware
(240.09 KiB) Downloaded 74 times
 #9964  by EP_X0FF
 Mon Nov 28, 2011 5:02 pm
markusg wrote:adobe.exe
MD5   : 4004a3656f5d684a9890a182f443c820
https://www.virustotal.com/file-scan/re ... 1322494690
Backdoor Fynloski written on Delphi and packed by UPX then moved to MSIL encrypted container.
In attach extracted and unpacked (http://www.virustotal.com/file-scan/rep ... 1322498966)

Posts moved.
Attachments
pass: malware
(240.13 KiB) Downloaded 70 times
 #15649  by Cody Johnston
 Mon Sep 17, 2012 11:47 pm
In case anyone was curious, this is the DarkComet RAT. It is available for free online and commonly used by skids on HackForums. I have a copy of the builder, since I believe it is against forum rules to upload that, PM me if you would like more information.