https://www.virustotal.com/en/file/fe0d ... /analysis/
some string inside it :)
http://www.rising-global.com/ ??
some string inside it :)
Accept: */*fix SSDT :geek:
Accept-Language: zh-cn
Accept-Encoding: gzip, deflate
Host: %s:%d
Cache-Control: no-cache
Pragma: no-cache
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows 5.1)
Referer: http://%s
Connection: Keep-Alive
Possibly KiServiceLimit==%08Xresource string :)
&KiServiceTable==%08X
Dumping 'old' ServiceTable:
an't find KiServiceTable...
can't find KeServiceDescriptorTable
eServiceDescriptorTable ailed to load! LastError=%i
\\.\Dark2118
[RepairSSDT] DriverEntry
c:\winddk\demo\repairssdt\bin\i386\RepairSSDT.pdb
http://www.rising-global.com/ ??
VALUE "CompanyName", "Beijing Rising Information Technology Co., Ltd."ftp user pass of malware :D
VALUE "FileDescription", "RavCopy Module"
VALUE "FileVersion", "21.0.0.17"
VALUE "InternalName", "Beijing Rising Information Technology Co., Ltd."
VALUE "LegalCopyright", "Copyright(C) 2008-2009 Beijing Rising Information Technology Co., Ltd. All Rights Reserved."
VALUE "OriginalFilename", "ravcopy.exe"
VALUE "ProductName", "Rising AntiVirus 2009"
VALUE "ProductVersion", "21.00"
VALUE "SpecialBuild", "668531044687500"
}
59.175.153.49
xzq
p@ssw0rd
Attachments
pass : infected
(475.17 KiB) Downloaded 58 times
(475.17 KiB) Downloaded 58 times
@R00tkitSMM