A forum for reverse engineering, OS internals and malware analysis 

Forum for analysis and discussion about malware.
 #30292  by Antelox
 Wed May 03, 2017 9:47 am
ikolor wrote:next..
https://www.virustotal.com/en/file/5347 ... 493803270/
Geodo doc downloader which downloads this: https://www.virustotal.com/en/file/eec3 ... 493803270/
ikolor wrote:Something ?
https://www.virustotal.com/en/file/7aa5 ... 493754433/


https://www.virustotal.com/en/file/024d ... /analysis/
The first one is Geodo doc downloader which downloads this: https://www.virustotal.com/en/file/7c17 ... 493754433/

The second one doesn't look malicious to me...

BR,

Antelox
 #30641  by Antelox
 Wed Jul 26, 2017 9:27 am
ikolor wrote:thanks brother ..

https://www.virustotal.com/en/file/92e2 ... 501057215/
Geodo/Emotet doc downloader

https://www.hybrid-analysis.com/sample/ ... mentId=100

The Geodo binary:

https://www.virustotal.com/en/file/a79d ... /analysis/
https://www.hybrid-analysis.com/sample/ ... mentId=100

FYI in the HA report, you can find some download URLs, both for the doc and the binary.

BR,

Antelox
 #30648  by Antelox
 Thu Jul 27, 2017 8:53 am
ikolor wrote:I know but what is inside.If you decipher it .
I don't know the source as well as the key to decrypt it...

BR,

Antelox