A forum for reverse engineering, OS internals and malware analysis 

Trojan.MBRlock

Forum for analysis and discussion about malware.

Re: Trojan.MBRlock

 #13304  by Xylitol
 Fri May 18, 2012 6:59 pm
Image
Trojan.MBRlock.16 distributed via Smoke Loader
1/42 >> https://www.virustotal.com/file/829f9a9 ... 337367680/
Keygen can be found here http://www.kernelmode.info/forum/viewto ... 829#p11855
Attachments
infected
(7.54 KiB) Downloaded 67 times

Re: Trojan.MBRlock

 #13313  by akadam
 Sat May 19, 2012 9:13 am
EP_X0FF wrote:The same MBRlock type from different server.

Unblock code: 67334561

In attach dropper, fully unpacked dropper (all crypter data removed, 61Kb -> 9 Kb) and MBR.

Screenshot will be the same.

Source hxxp://limboclitor.ru/xxxvideo.avi.exe
Could someone let me know the password to unzip this file? I tried the Unblock code but that does not seem to be the password. Would like to run this for experimental purposes.
Thanks for the help.

Re: Trojan.MBRlock

 #13314  by EP_X0FF
 Sat May 19, 2012 9:22 am
Try again, this time with reading attach part.

Re: Trojan.MBRlock

 #13341  by akadam
 Mon May 21, 2012 9:16 am
EP_X0FF wrote:Try again, this time with reading attach part.
Got it - thanks. These samples don't seem to work on Win7 32-bit. The partition table is wiped out. If I use a boot tool to fix the partition table and reboot, the malware works. Am I doing something wrong when running the sample?

Re: Trojan.MBRlock

 #13343  by EP_X0FF
 Mon May 21, 2012 10:48 am
Yes. You doing this on wrong OS.
  • 1
  • 6
  • 7
  • 8
  • 9
  • 10
 Return to “Malware”