[EP_X0FF]

SpyEye v1.3.45

Pass for decrypted config: D822B811023197A44BF9BA0116660963

Gates:

hxxp://www.fullfreepoker.info/gate1.php;120
hxxp://www.p0k3r.info/gate.php;460
hxxp://www.m4st3r.eu/gate;360

Plugins: customconnect, ccgrabber, ffcertgrabber, rdp, socks5, spySpread.

Original, unpacked and decrypted config in attach.

VT 30/ 44 (68.2%)
http://www.virustotal.com/file-scan/rep ... 1315006986

[EP_X0FF]

SpyEye v1.2.99

Pass for decrypted config: B958C8D4ED8EE82523308468ED8EAAE3

Gates:

hxxp://ping.indiatours.gen.in/ads/gate.php
hxxp://indiatoursback.in/ads/gate.php
hxxp://indiatoursbck.gen.in/ads/gate.php
hxxp://siriusprojback.net.in/ads/gate.php

Original, unpacked and decrypted config in attach.

VT 30/ 44 (68.2%)
http://www.virustotal.com/file-scan/rep ... 1315055010

SpyEye v1.3.4x

Pass for decrypted config: AB39D0B8B0C6CFAD363E328D66C8ACB3

Gates:

hxxp://totdisseny.net/gate.php;90
hxxp://dongdog.ru/_cp/gate.php;90
hxxp://orgnetpro4u.ru/_cp/gate.php;90
hxxp://bannermegan2all.ru/_cp/gate.php;90
hxxp://feelfree2us.ru/_cp/gate.php;90
hxxp://orgnetpro4u.uni.cc/_cp/gate.php;90
hxxp://bannermegan2all.uni.cc/_cp/gate.php;90
hxxp://feelfree2us.uni.cc/_cp/gate.php;90
hxxp://orgnetpro4u.cz.cc/_cp/gate.php;90
hxxp://bannermegan2all.cz.cc/_cp/gate.php;90
hxxp://feelfree2us.cz.cc/_cp/gate.php;90

Original, unpacked and decrypted config in attach as Malware2.rar

VT 26 /44 (59.1%)
http://www.virustotal.com/file-scan/rep ... 1314983610

[EP_X0FF]

SpyEye v1.3.4x

Pass for decrypted config: 9C7E5474950BB49E47B6DD88D6B2906F

Capable to distribute itself through available shared network drives as autorun worm, so be careful.

Gates:

hxxp://91.223.82.20/account/gate.php;60
hxxp://dailyforexedge/account/gate.php;60

Plugins: customconnect, ftp backconnect, socks5.

Original, decrypted + config in attach.

VT 31 /44 (70.5%)
http://www.virustotal.com/file-scan/rep ... 1315097553

[EP_X0FF]

SpyEye v1.3.4x

Payload of the Blackhole exploit kit (nnm.copyfighter.org/main.php?page=096ecc0d8a14102c)

Pass for decrypted config: 130CBE0950491F6148A65482B9B50CC4

Gates:

hxxp://secur3storag3.com:8080/pic1s0fs.php;150
hxxp://war9932rerew.co.cc:8080/pic1s0fs.php;150
hxxp://refg4thu56j7kfbnm.cz.cc:8080/pic1s0fs.php;150
hxxp://tbyu657ib7k67iddro.cx.cc:8080/pic1s0fs.php;150
hxxp://uybkyukn78k67rvjyro.co.cc:8080/pic1s0fs.php;150
hxxp://hgbu67bjyrturtyuk.info:8080/pic1s0fs.php;150
hxxp://hgbu67bjyrturtyuk.org:8080/pic1s0fs.php;150
hxxp://fgbnutyfhfgjdfghjil.cn:8080/pic1s0fs.php;150
hxxp://fgbnutyfhfgjdfghjil.com:8080/pic1s0fs.php;150
hxxp://h2323yrturtyuk.com:8080/pic1s0fs.php;150

Plugins: customconnector

Original + decrypted config in attach.

VT 10/ 44 (22.7%)
http://www.virustotal.com/file-scan/rep ... 1315129430

[nullptr]

SpyEye

Plugins:
ccgrabber
connector2
mch_3_5

Gates:
hxxp://tiritopi.org/mainapp/gate4df.php;350
hxxp://chesterfield.net.in/default.php;300
hxxp://dekormorion.ru/includes/route.php;500

unpacked - http://www.virustotal.com/file-scan/rep ... 1315292248
original - http://www.virustotal.com/file-scan/rep ... 1315292343

Everything in attachment.

[EP_X0FF]

SpyEye v1.3.4x

Payload of Blackhole exploit kit (jy6d.com/main.php?page=032e0888f2c5d72e)

Pass for decrypted config: B4EF3D9AF202D34BC9EE08E5892BCFF5

Gates:

hxxp://win32updatenow.com/_pigeons_/_go.php;90
hxxp://allegro.gmb.pl/UNIPARTS/gdb1115/P1021029.php;90
hxxp://orumearchsdelaltruk.info/_cp/gate.php;90

Plugins: customconnector, ActiveAZ.

Original, decrypted + config in attach.

VT 6/ 44 (13.6%)
http://www.virustotal.com/file-scan/rep ... 1315417934

[gritland]

http://www.virustotal.com/file-scan/rep ... 1315650138

[EP_X0FF]

http://www.virustotal.com/file-scan/rep ... 1315650138

SpyEye v1.3

Gate:

hxxp://livedieoslix.com/_cp/gate.php;180

SYN1


In attach unpacked + decrypted config.

[Gunnerofarsenal]

How were you able to guess the location of the panel

[EP_X0FF]

Dictionary based brute-force.