A forum for reverse engineering, OS internals and malware analysis
NTSTATUS CmUnRegisterCallback(Is it possible to break all the callback with bruteforce?
__in LARGE_INTEGER Cookie
);
KProcess Hacker VirusBuster Ltd Beijing Jiangmin SUNBELT SOFTWARE Sunbelt Software K7 Computing Immunet Corporation Beijing Rising G DATA Software Quick Heal Technologies Comodo Security Solutions Sophos Plc Anti - Virus CJSC Returnil Software NovaShield Inc antimalware BullGuard Ltd Check Point Software Technologies Ltd Symantec Corporation Panda Software International Kaspersky Lab FRISK Software International Ltd ESET, spol. s r.o. Doctor Web Ltd Comodo Inc BitDefender SRL BITDEFENDER LLC Avira GmbH GRISOFT, s.r.o. PC Tools ALWIL Software Agnitum Ltd
ntoskrnl.exe-->NtOpenProcess, Type: Address Change 0x805717C7-->F32FA213 [C:\WINDOWS\System32\Drivers\40ac432e68c8aa52.sys]
ntoskrnl.exe-->NtOpenThread, Type: Address Change 0x8058A1BD-->F32FA33C [C:\WINDOWS\System32\Drivers\40ac432e68c8aa52.sys]Is it possible to break all the callback with bruteforce?This is at least not wise.
Quads wrote:Noticed with the driver for Necurs running it doesn't allow GMER on program start to have all the scan areas selected, only from Services and below available, with a error message appearing.
EP_X0FF wrote:And looks like this blacklist works not like expected - for example on my machines it blocked from loading ALL drivers (Process Explorer, WinObj, any other tool with driver on board).GMER is unable to load it driver due to block from Necurs and then works in a UM scan mode which is useless.
R136a1 wrote:I am searching for the following sample:
MD5: 2bfb754276ff44a1c11ed231f22f3b04
SHA1: c99d7a2881a28b676fc8a89e0731769dcc9e3d9a
R136a1 wrote:Thanks, but password isn't right!
