A forum for reverse engineering, OS internals and malware analysis 

Forum for analysis and discussion about malware.
 #8868  by rough_spear
 Fri Sep 30, 2011 5:36 pm
ProtectInfo

Hi,
ProtectInfo FakeAv. :D

Web link - hxxp://update.protectinfo.kr/setup/install_p1.exe
File size - 863 KB.

Image


Regards,

rough_spear. 8-)
Attachments
password - malware.
(1.38 MiB) Downloaded 60 times
password - malware.
(835.83 KiB) Downloaded 58 times
Last edited by EP_X0FF on Mon Oct 31, 2011 7:28 am, edited 2 times in total. Reason: title edited, image moved to imageshack.us
 #8871  by rough_spear
 Fri Sep 30, 2011 6:28 pm
Fake AV(Sysdef). also dropps one {random_name}.tmp file, this tmp file is detected as "Trojan:Win32/Alureon.FL" by Microsoft. :D
Possibly TDL4/TDSS rootkit along.

hxxp://www.dinsuceava.ro/icon/1/index.php?spl=mdac
File size - 495 KB.

VT Link - http://www.virustotal.com/file-scan/rep ... 1317403835

MD5 : fc13eb19b37b0d59cd499a47b284568e
SHA1 : f3ed45315c618a7771912b89a5534050e3f1e40a
SHA256: 5d3eb503275c3d7cd0efb7f46a60b2d97751dded571eb7d112b0bf9b30bcf0b3
ssdeep: 12288:sRYyCXwAoqZ0mOS+cVDr7JFg2HmzwyBKNZCAEshzs9+waVuI:sRYyCXvo6LOQDfg2G1+CAEE

Dropped file name - B962.tmp
File size - 300 KB.

VT Link - http://www.virustotal.com/file-scan/rep ... 1317406553

MD5 : 4412b8fa733828d17a843235c02bf599
SHA1 : c960f843e79f7b5aff4e28f570fe8e49fde1e3af
SHA256: 2c8ed65d8fb1952faed783cfda57c9b72e476ff7b19dff99842f004fad585a26
ssdeep: 6144:zRcdlw6sjTLZyyvCpZoN6jRt5SImCTA4g1pkaBuhOa:z6dlJMLIFmEj7tTAxjBuwa


Regards,


rough_spear. :lol:
Attachments
password - malware.
(652.43 KiB) Downloaded 77 times
 #8879  by EP_X0FF
 Sat Oct 01, 2011 2:53 am
More fresh and refined Security Spheres :)

VT detect 2 /43 (4.7%)
http://www.virustotal.com/file-scan/rep ... 1317436657

59 files, multipart archive

pass: malware
Attachments
(929.07 KiB) Downloaded 62 times
(4.63 MiB) Downloaded 88 times
(4.63 MiB) Downloaded 111 times
(4.63 MiB) Downloaded 67 times
(4.63 MiB) Downloaded 91 times
 #9015  by bitx
 Fri Oct 07, 2011 12:12 pm
AV Guard Online

Image
Attachments
pass=malware
(2.14 MiB) Downloaded 98 times
Last edited by EP_X0FF on Mon Oct 31, 2011 7:29 am, edited 1 time in total. Reason: title edited
 #9029  by Striker
 Sat Oct 08, 2011 1:01 am
bitx wrote:AV Guard Online
Serial for activation: 9992665263

what a sh*t lol..
Last edited by EP_X0FF on Mon Oct 31, 2011 7:30 am, edited 2 times in total. Reason: removed picture in quote
 #9058  by rough_spear
 Sun Oct 09, 2011 6:44 pm
Zentom System Guard

Hi, 8-)

Dropper File - dllupdt70.exe
File size - 2.32 MB
VT Link - http://www.virustotal.com/file-scan/rep ... 1318137290

Dropped File - finc70dkk.exe
File Size - 2.00 MB
VT Link - http://www.virustotal.com/file-scan/rep ... 1318102556

Image

Regards,

rough_spear. :D
Attachments
password - malware.
(3.68 MiB) Downloaded 73 times
Last edited by EP_X0FF on Mon Oct 31, 2011 7:36 am, edited 1 time in total. Reason: title edited, image moved to imageshack.us, capslock removed
 #9060  by Striker
 Sun Oct 09, 2011 8:33 pm
rough_spear wrote:Hi, 8-)

ZENTOM SYSTEM GUARD

Dropper File - dllupdt70.exe
File size - 2.32 MB
VT Link - http://www.virustotal.com/file-scan/rep ... 1318137290

Dropped File - finc70dkk.exe
File Size - 2.00 MB
VT Link - http://www.virustotal.com/file-scan/rep ... 1318102556
Serial for activation: MTk4-NzE1-NTYx-NTUw

Image
Last edited by EP_X0FF on Mon Oct 31, 2011 7:37 am, edited 1 time in total. Reason: quote corrected
 #9126  by Striker
 Thu Oct 13, 2011 8:48 pm
Cloud Protection

Target: Hardcore_Porn_Movie_82.mpeg.exe
MD5: 9ca34506acf87aa24c3bbd1ea2218609
VT: http://www.virustotal.com/file-scan/rep ... 1318538333

Serial: 1835437232

Image
Attachments
pw = zoit
(1.51 MiB) Downloaded 89 times
Last edited by EP_X0FF on Mon Oct 31, 2011 7:37 am, edited 1 time in total. Reason: title edited
 #9165  by rough_spear
 Fri Oct 14, 2011 5:36 pm
Hi All, :D

Again System Restore

File name - keito.exe
VT link - http://www.virustotal.com/file-scan/rep ... 1318613128

MD5 : fd58ad7cc72e9286a618f127fa241946
SHA1 : ed076b20442a1902d5aef9b3d9a92366a8001227
SHA256: 46c6d88a45847cfe6c228d3f424e5bd9fafcd86cf22bb57026abfbe0c6d607bb

Regards,


rough_spear. ;)
Attachments
password - malware.
(4.47 MiB) Downloaded 84 times
Last edited by EP_X0FF on Mon Oct 31, 2011 7:38 am, edited 1 time in total. Reason: oversized text removed
 #9421  by Xylitol
 Thu Oct 27, 2011 10:21 am
Security Defender

Image

(Sample found yesterday) Security Defender.dll 1/43: >> 2.3%
https://www.virustotal.com/file-scan/re ... 1319709080

(Sample found today) Security Defender2.dll: 0/43 >> 0.0%
https://www.virustotal.com/file-scan/re ... 1319710208
Attachments
pwd: infected
(1.87 MiB) Downloaded 129 times
Last edited by EP_X0FF on Mon Oct 31, 2011 7:38 am, edited 1 time in total. Reason: title edited
  • 1
  • 23
  • 24
  • 25
  • 26
  • 27
  • 34