A forum for reverse engineering, OS internals and malware analysis 

Trojan SpyEye (alias Pincav)

Forum for analysis and discussion about malware.

Re: Malware Requests

 #13375  by rkhunter
 Wed May 23, 2012 7:12 am
360Tencent wrote:http://blog.gdatasoftware.com/blog/arti ... -name.html

SHA256: show in "an interesting spyeye build"

and maybe kaspersky also found it

http://www.securelist.com/en/blog/208193513/Big_Brother
MD5: 1a47e3325f64a60442666de6f3184d56
SHA256: f9d0beaba8b5fd62a3f18e13be94470344dbb1db9e4b088158dbb1374f0828cb
Trojan:Win32/EyeStye.N
Attachments
pass:infected
(381.65 KiB) Downloaded 95 times

Re: Trojan SpyEye (alias Pincav)

 #16349  by kmd
 Tue Oct 30, 2012 7:13 pm
1.3.48 builder fully cracked
credits to banned from opensc
pass infected
Attachments
(1.6 MiB) Downloaded 117 times

Re: Trojan SpyEye (alias Pincav)

 #16689  by Xylitol
 Sun Nov 18, 2012 11:20 pm
SpyEye loaded onto http loader used by HF skids for selling installs hxxp://fpbb.com.br/images/zeusyo.exe
VT: 3/44 >> https://www.virustotal.com/file/7adfaff ... 353266757/
Code: Select all
cn1: hxxp://control.av-update-server.net/~ciscoFirewall/
md5 pw: 546e89665afe59ee8d5748f6e2c83f85
Small botnet: 593 offline, 232 online with no back connect db, looks like they are guys stupid enought to use this.
Attachments
infected
(177.72 KiB) Downloaded 104 times

Re: Trojan SpyEye (alias Pincav)

 #16692  by EP_X0FF
 Mon Nov 19, 2012 3:12 am
Xylitol wrote:SpyEye loaded onto http loader used by HF skids for selling installs hxxp://fpbb.com.br/images/zeusyo.exe
VT: 3/44 >> https://www.virustotal.com/file/7adfaff ... 353266757/
Code: Select all
cn1: hxxp://control.av-update-server.net/~ciscoFirewall/
md5 pw: 546e89665afe59ee8d5748f6e2c83f85
Small botnet: 593 offline, 232 online with no back connect db, looks like they are guys stupid enought to use this.
ver=10348

Decrypted dropper and decrypted config in attach.

Pass for config: 5076848FB39AC6DD00000051E39468E3

Must be HF l33t kids used leaked and cracked builder.
Attachments
pass: malware
(114.77 KiB) Downloaded 102 times

Re: Trojan SpyEye (alias Pincav)

 #17392  by STRELiTZIA
 Thu Dec 27, 2012 8:53 am
hxxp://www.chengdaepe.com/system/gate.php;90
hxxp://members-save.com/components/gate.php;90
hxxp://www.sibylleallgaier.com/wp-content/gate.php;90
hxxp://www.paydaysupermarket.com/wp-content/gate.php;90
hxxp://btmir.ru/admin/gate.php;90
hxxp://www.stoneplus.cn/it/gate.php;90
hxxp://uttraining.com/data/gate.php;90
95.170.86.84:443
Password to unzip config: 4B234ADDC6118EAB4B2678E3F694E9FE
Attachments
(5.27 KiB) Downloaded 80 times
  • 1
  • 38
  • 39
  • 40
  • 41
  • 42
 Return to “Malware”