Trojan Downloader:Win32/Renos

Trojan-Downloader.Win32.CodecPack

#4144 by markusg
Sun Dec 26, 2010 6:42 pm

http://www.virustotal.com/file-scan/rep ... 1293385974

Attachments

Keygen.UpToDate.18.2.Portable.(2010).45369.rar

(87.47 KiB) Downloaded 51 times

Username

markusg

Posts

737

Joined

Mon Mar 15, 2010 2:53 pm

Trojan Downloader:Win32/Renos

#4697 by Meriadoc
Mon Jan 24, 2011 1:33 pm

Can someone have a look at this active beast - if not I will pick up again later, thanks :)

http://www.virustotal.com/file-scan/rep ... 1295873874

Attachments

Flash_Player_10_1_update_for_Win.rar

pass=malware
(97.59 KiB) Downloaded 50 times

Who controls the past controls the future
Who controls the present controls the past

Username

Meriadoc

Posts

195

Joined

Sat Mar 13, 2010 7:36 pm

Location

Cymru

Re: Trojan Downloader:Win32/Renos

#4700 by nullptr
Mon Jan 24, 2011 2:47 pm

connects to:
* fivecross.in
* voozioapple.in
* devalex.in
internal build date: Jan 21 2011, 22:14:38

Attachments

flash_dumped.zip

pass: malware
(40.33 KiB) Downloaded 46 times

Username

nullptr

Posts

209

Joined

Sun Mar 14, 2010 6:35 am

Re: Trojan Downloader:Win32/Renos

#4721 by Meriadoc
Tue Jan 25, 2011 3:18 pm

Thanks nullptr :)

Security Zone change

File C:\WINDOWS\system32\sshnas21.dll
File C:\WINDOWS\Spuxoa.exe

Registry entry "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SSHNAS\ImagePath" (created) :
New entry was set to <%SystemRoot%\system32\svchost.exe -k netsvcs>
Registry entry "HKEY_CURRENT_USER\software\microsoft\windows\currentVersion\Run\CE8SIIFGSU" (created) :
New entry was set to <C:\DOCUME~1\user\LOCALS~1\Temp\Sn1.exe>
Registry entry "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SSHNAS\Parameters\ServiceDll" (created) :
New entry was set to <C:\WINDOWS\system32\sshnas21.dll>

Scheduled task "{22116563-108C-42c0-A7CE-60161B75E508}.job" (created) :
New scheduled task: <C:\Documents and Settings\user\Local Settings\Temp\Sn1.exe >
Scheduled task "{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job" (created) :
New scheduled task: <C:\Documents and Settings\user\Local Settings\Temp\Sn2.exe >
Scheduled task "{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job" (created) :
New scheduled task: <C:\WINDOWS\Spuxoa.exe >

Process Spuxoa.exe <C:\WINDOWS\Spuxoa.exe>
Process Sn2.exe <C:\Documents and Settings\user\Local Settings\Temp\Sn2.exe>
Process rundll32.exe <C:\WINDOWS\system32\rundll32.exe>
Process Sn1.exe <C:\Documents and Settings\user\Local Settings\Temp\Sn1.exe>

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
CE8SIIFGSU Windows Setup API (Not Verified) Avira GmbH c:\documents and settings\user\local settings\temp\sn1.exe
CL2GFOKBC9 Windows Setup API (Not Verified) Avira GmbH c:\windows\spuxoa.exe

HKLM\System\CurrentControlSet\Services
SSHNAS Windows Setup API (Not verified) Avira GmbH c:\windows\system32\sshnas21.dll

Attachments

Trojan Downloader Win32.Renos.CodecPack.txt

(17.46 KiB) Downloaded 43 times

Who controls the past controls the future
Who controls the present controls the past

Username

Meriadoc

Posts

195

Joined

Sat Mar 13, 2010 7:36 pm

Location

Cymru

Renos

#4976 by markusg
Wed Feb 09, 2011 4:07 pm

Nhk.exe
http://www.virustotal.com/file-scan/rep ... 1297266914
Nhl.exe
http://www.virustotal.com/file-scan/rep ... 1297267005

Attachments

Temp.rar

(229.58 KiB) Downloaded 42 times

Username

markusg

Posts

737

Joined

Mon Mar 15, 2010 2:53 pm

Re: Malware/Not classified

#6909 by markusg
Wed Jun 22, 2011 7:20 pm

flashPlugin.40028.exe

Code: Select all

 http://moviehugestorage.us/flashPlugin.40028.exe

http://www.virustotal.com/file-scan/rep ... 1308769637
you can change the last 2 numbers at the end from 01 till 99 and get files with other md5

Attachments

flashPlugin.40028.rar

(75.1 KiB) Downloaded 40 times

Username

markusg

Posts

737

Joined

Mon Mar 15, 2010 2:53 pm

Re: Malware/Not classified

#6911 by EP_X0FF
Thu Jun 23, 2011 3:10 am

markusg wrote:flashPlugin.40028.exe
Code: Select all
 http://moviehugestorage.us/flashPlugin.40028.exe
http://www.virustotal.com/file-scan/rep ... 1308769637
you can change the last 2 numbers at the end from 01 till 99 and get files with other md5

Trojan Downloader Renos.

Posts moved.

Ring0 - the source of inspiration

Username

EP_X0FF

Rank

Global Moderator

Posts

4947

Joined

Sun Mar 07, 2010 5:35 am

Location

Russian Federation

Contact

Re: Trojan Downloader:Win32/Renos

#6912 by EP_X0FF
Thu Jun 23, 2011 3:35 am

All recrypted samples in attach.

Attachments

renos.part2.rar

pass: malware
(3 MiB) Downloaded 44 times

renos.part1.rar

pass: malware
(4.25 MiB) Downloaded 47 times

Ring0 - the source of inspiration

Username

EP_X0FF

Rank

Global Moderator

Posts

4947

Joined

Sun Mar 07, 2010 5:35 am

Location

Russian Federation

Contact

downloader

#7985 by markusg
Sat Aug 13, 2011 6:56 pm

Virtual.Dj.7.0.5.Crack.45186.exe
http://www.virustotal.com/file-scan/rep ... 1313260926

Attachments

Virtual.Dj.7.0.5.Crack.45186.rar

(65.58 KiB) Downloaded 53 times

Username

markusg

Posts

737

Joined

Mon Mar 15, 2010 2:53 pm

Re: downloader

#7993 by EP_X0FF
Sun Aug 14, 2011 4:12 am

markusg wrote:Virtual.Dj.7.0.5.Crack.45186.exe
http://www.virustotal.com/file-scan/rep ... 1313260926

Trojan Downloader Renos.
Posts moved.

Ring0 - the source of inspiration

Username

EP_X0FF

Rank

Global Moderator

Posts

4947

Joined

Sun Mar 07, 2010 5:35 am

Location

Russian Federation

Contact