Malware Poc (Curious)

#29406 by pinifiux
Fri Oct 14, 2016 6:08 am

Multiple anti debugging tricks, etc...analyzes are welcome ;)

Attachments

wuservice.zip

infected
(608.61 KiB) Downloaded 50 times

Username

pinifiux

Posts

Joined

Sat Feb 21, 2015 7:11 pm

Re: Malware Poc (Curious)

#29408 by xors
Fri Oct 14, 2016 3:19 pm

I am a bit confused, is that somethiing that you made or you found it somewhere?

PDB paths: C:\Users\fotis\Documents\Visual Studio 2015\Projects\EnisaMalware2016\Release\BootStrapper.pdb

C:\Users\fotis\Documents\Visual Studio 2015\Projects\EnisaMalware2016\x64\Release\PackManDLL.pdb.

fotis = greek name (?)

@xorsthingsv2

Username

xors

Posts

165

Joined

Mon May 23, 2016 2:01 am

Re: Malware Poc (Curious)

#29428 by xors
Sun Oct 16, 2016 1:39 pm

Hi again,

I had a quick look at it. It looks like a ransomware from a cyber security challenge (Enisa Cyber Europe 2016?). Powershell script, kemel32.dll (a dll which is dropped to %appdata%) and the payload (ransomware?) in the attachment.

Attachments

xazomares.zip

Password:infected
(839.73 KiB) Downloaded 43 times

@xorsthingsv2

Username

xors

Posts

165

Joined

Mon May 23, 2016 2:01 am

Re: Malware Poc (Curious)

#29430 by TSION
Mon Oct 17, 2016 12:29 am

xors wrote:Hi again,

I had a quick look at it. It looks like a ransomware from a cyber security challenge (Enisa Cyber Europe 2016?). Powershell script, kemel32.dll (a dll which is dropped to %appdata%) and the payload (ransomware?) in the attachment.

If you wanted to know if he made it himself why don't you just bindiff the files.

Username

TSION

Posts

Joined

Wed Feb 03, 2016 10:35 pm

Page 1 of 1
4 posts

Return to “Malware”

Display:

Sort by:

Jump to: