Hello
Just wanted to open this thread to list every MBR dump we can find ITW (malware or not) and help to determine if unknown MBR are legit or not, and their owner (some are custom MBR made by manufacturers)
You can use this tool to parse the informations > http://tigzy.geekstogo.com/Tools/readMBR.exe
I use it in command line with the path of the dump as parameter, and redirect the flow into a file to get Bootstrap HASH
Files attached with each dump contains HASH (bootstrap + file) and VT scan link
More coming....
List:
Just wanted to open this thread to list every MBR dump we can find ITW (malware or not) and help to determine if unknown MBR are legit or not, and their owner (some are custom MBR made by manufacturers)
You can use this tool to parse the informations > http://tigzy.geekstogo.com/Tools/readMBR.exe
I use it in command line with the path of the dump as parameter, and redirect the flow into a file to get Bootstrap HASH
Files attached with each dump contains HASH (bootstrap + file) and VT scan link
More coming....
List:
19/02/2012 11:30 512 7x64-2.dat
18/12/2012 18:47 196 7x64-2.txt
19/02/2012 11:30 512 7x86.dat
18/12/2012 18:49 204 7x86.txt
19/02/2012 11:30 512 Acertatooed.dat
18/12/2012 18:50 204 Acertatooed.txt
12/12/2012 12:32 512 Alipop.dat
18/12/2012 18:52 204 Alipop.txt
28/02/2012 19:45 512 bitlock2.dat
18/12/2012 18:54 204 bitlock2.txt
19/02/2012 11:30 512 Grub.dat
18/12/2012 18:55 204 Grub.txt
19/02/2012 11:30 512 HPtatooed.dat
18/12/2012 18:56 204 HPtatooed.txt
