Win32/Ramnit - Page 8 - KernelMode.info

Re: Win32.Ramnit

#12262 by rkhunter
Thu Mar 22, 2012 8:10 am

MD5: a2e6b61bc477038a0d5b0fac279723ee
12/43

Attachments

A2E6B61BC477038A0D5B0FAC279723EE.zip

pass:infected
(72.63 KiB) Downloaded 112 times

Username

rkhunter

Posts

1156

Joined

Mon Mar 15, 2010 12:51 pm

Location

Russian Federation

Contact

Re: Win32.Ramnit

#12550 by rkhunter
Sat Apr 07, 2012 6:02 am

MD5: B762A109E37F16BC5C82769E1B96B004
https://www.virustotal.com/file/e1b1dfd ... /analysis/

Attachments

B762A109E37F16BC5C82769E1B96B004.zip

pass:infected
(71.85 KiB) Downloaded 98 times

Username

rkhunter

Posts

1156

Joined

Mon Mar 15, 2010 12:51 pm

Location

Russian Federation

Contact

Re: Win32.Ramnit

#12654 by thisisu
Fri Apr 13, 2012 3:47 am

MD5: 268a7d20e073af1403e6c9828a77e90c
https://www.virustotal.com/file/a56355b ... 334288704/

Attachments

l2walker.zip

pass: infected
(1.71 MiB) Downloaded 98 times

Username

thisisu

Posts

362

Joined

Sun Feb 26, 2012 8:57 am

Contact

Re: Malware/VB (Autorunners, PWS)

#14489 by markusg
Fri Jul 06, 2012 6:56 pm

from infected pc

Attachments

Roaming.rar

(111.79 KiB) Downloaded 101 times

Username

markusg

Posts

737

Joined

Mon Mar 15, 2010 2:53 pm

Re: Malware/VB (Autorunners, PWS)

#14518 by EP_X0FF
Sun Jul 08, 2012 3:29 pm

markusg wrote:from infected pc

This is Ramnit bundled with SdtRestore driver.

c:\project\demetra\loader~1\drivers\ssdt\driver~1\objfre_win7_x86\i386\SdtRestore.pdb

Attached decrypted dropper. Posts moved.

Attachments

unpacked.rar

pass: malware
(64.49 KiB) Downloaded 97 times

Ring0 - the source of inspiration

Username

EP_X0FF

Rank

Global Moderator

Posts

4947

Joined

Sun Mar 07, 2010 5:35 am

Location

Russian Federation

Contact

Re: Viruses (File infectors)

#14898 by dumb110
Sat Jul 28, 2012 9:40 am

New varient of ramnit in attach! :D
https://www.virustotal.com/file/e68d075 ... 343465556/

Attachments

17939ea33ef557081fe45f066a988190.7z

Pw: infected
(75.13 KiB) Downloaded 112 times

Username

dumb110

Posts

111

Joined

Tue Jun 05, 2012 1:29 pm

Re: Viruses (File infectors)

#14899 by markusg
Sat Jul 28, 2012 1:12 pm

this is a damaged file

Username

markusg

Posts

737

Joined

Mon Mar 15, 2010 2:53 pm

Re: Viruses (File infectors)

#14900 by STRELiTZIA
Sat Jul 28, 2012 1:53 pm

markusg wrote:this is a damaged file

try to change mz to MZ and pe to PE

Username

STRELiTZIA

Posts

104

Joined

Sun Mar 14, 2010 7:02 am

Re: Viruses (File infectors)

#14902 by EP_X0FF
Sat Jul 28, 2012 3:29 pm

dumb110 wrote:New varient of ramnit in attach! :D
https://www.virustotal.com/file/e68d075 ... 343465556/

It isn't new, or not even refined. It simple hexed as pointed above.

https://www.virustotal.com/file/c8a07de ... 343488999/

Ring0 - the source of inspiration

Username

EP_X0FF

Rank

Global Moderator

Posts

4947

Joined

Sun Mar 07, 2010 5:35 am

Location

Russian Federation

Contact

Re: Win32.Ramnit

#18528 by kmd
Fri Mar 15, 2013 2:33 am

does anybody have new ramnit from this mmpc blog entry?

http://blogs.technet.com/b/mmpc/archive ... -town.aspx

Username

kmd

Posts

271

Joined

Mon Mar 15, 2010 4:09 am

Location

Russian Federation