A forum for reverse engineering, OS internals and malware analysis 

Malware Requests, part 2

Forum for completed malware requests.
 Topic locked

Malware Request

 #16035  by eyalbd1
 Tue Oct 16, 2012 8:22 am
Hey guys,

I am looking for this Trojan - http://vms.drweb.com/virus/?i=1817029

It comes in many shapes, the most common are -

File Name : UrnatlarRiml.dll
File Size : 13824 byte
File Type : PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bi
MD5 : 295b77a25284a7822dfeb5a1039fe526
SHA1 : 5cf9dfddc7f0756f10b97011d966b24ceca8aff8
Online report : http://r.virscan.org/bebb794918f3fee1790ef146ae7aef5f

And

File Name : AsmohtuStuzq.dll
File Size : 13824 byte
File Type : PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bi
MD5 : 2dc5f6df3379594bb98d037137b654d1
SHA1 : ae6070e7190f704101c5f32da9edd0dce064127e
Online report : http://r.virscan.org/8c6fc692e7ab1a20d418eeae5492659d

Many thanks.

Re: Malware Requests, part 2

 #16037  by kodo
 Tue Oct 16, 2012 10:31 am
Hello!

Looking for Gauss samples with following MD5 sums (found on VirusTotal):

C3B8AD4ECA93114947C777B19D3C6059
ED2B439708F204666370337AF2A9E18F

and for new SPE threat

http://www.securelist.com/en/analysis/2 ... is_friends

=============================
Icsvnt32.ocx (main module)
Version Compile date MD5 Size

4.00 10.10.2010 6F5ACDC848508C33F15634B1A068B16D 75264
4.20 21.02.2011 11C845B2C254C4170E9E49177F5053BB 89680
4.30 09.03.2011 16C986E14D34C7881E16186384DAB968 76288
4.40 11.04.2011 3091B15D27EEEE830FF85C50D50B3A05 97280
4.50 26.07.2011 B3E630714BF2526D3AA70370D2AC54B7 96768
5.00 01.09.2011 256469662C493731D4CEB003FC4783B1 104448


Icsvntu32.ocx (USB module)
Version Compile date MD5 Size
4.30 09.03.2011 523C6D9229B5656942B2CADEA3F0824C 108544
4.40 11.04.2011 E4EA1110E5915B7B66B405979E586887 113152
4.50 20.07.2011 A4C2DD6F3998A7625196DC79B1954150 112128
=============================

Re: Malware Requests, part 2

 #16041  by Xylitol
 Tue Oct 16, 2012 2:04 pm
kalptarunet wrote:Hi,

Looking samples for Gozi-Prinimalka, please find few known MD5 listed below.

http://blogs.rsa.com/rsafarl/cyber-gang ... u-s-banks/

Known Gozi Prinimalka MD5 Hashes:

MD5: 09f75a3fcaeb2c46dd67b666a109d844

MD5: c89e960e0155bd9c78889b415de82f55

MD5: a8bc29c5ae35a634adbe63d43a2efaab

MD5: e4065c9aa45afc54003ca2d7ae6f15f1

MD5: ca54385bb345f20454ec0cd1f01ca9f9

Thanks in advance.

--KTX
infected
(437.95 KiB) Downloaded 67 times
swapnilpatil1188 wrote:Hi guys,

I'm looking for particular sample of,

a) Dirt Jumper DDos Bot
b) MD5 f29b1089b3f5e076d4d4bd2a3a02d3cb
c) This is Link of virus total analysis
https://www.virustotal.com/file/02422d9 ... /analysis/

Thank you.
infected
(264.14 KiB) Downloaded 70 times
eyalbd1 wrote:Hey guys,

I am looking for this Trojan - http://vms.drweb.com/virus/?i=1817029

It comes in many shapes, the most common are -

File Name : UrnatlarRiml.dll
File Size : 13824 byte
File Type : PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bi
MD5 : 295b77a25284a7822dfeb5a1039fe526
SHA1 : 5cf9dfddc7f0756f10b97011d966b24ceca8aff8
Online report : http://r.virscan.org/bebb794918f3fee1790ef146ae7aef5f

And

File Name : AsmohtuStuzq.dll
File Size : 13824 byte
File Type : PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bi
MD5 : 2dc5f6df3379594bb98d037137b654d1
SHA1 : ae6070e7190f704101c5f32da9edd0dce064127e
Online report : http://r.virscan.org/8c6fc692e7ab1a20d418eeae5492659d

Many thanks.
infected
(15.56 KiB) Downloaded 53 times
kodo wrote:Hello!

Looking for Gauss [...]
Have a look on the Gauss thread.

Re: Malware Requests, part 2

 #16052  by kodo
 Tue Oct 16, 2012 6:21 pm
Xylitol wrote:
kodo wrote:Hello!

Looking for Gauss [...]
Have a look on the Gauss thread.
C3B8AD4ECA93114947C777B19D3C6059
ED2B439708F204666370337AF2A9E18F

not found in your pack, but i seen em on VT

Re: Malware Requests, part 2

 #16061  by Xylitol
 Wed Oct 17, 2012 1:49 am
kodo wrote:
Xylitol wrote:
kodo wrote:Hello!

Looking for Gauss [...]
Have a look on the Gauss thread.
C3B8AD4ECA93114947C777B19D3C6059
ED2B439708F204666370337AF2A9E18F

not found in your pack, but i seen em on VT
alright, i'm sorry, it's in attach.
Attachments
infected
(244.2 KiB) Downloaded 83 times

Re: Malware Requests, part 2

 #16146  by hanan
 Fri Oct 19, 2012 10:46 am
Xylitol wrote:
hanan wrote:I am looking for a work with the name of TSPY_YUNSIP.E (this is the name that Trend Micro AV gives me , but it seems that it can't clean).
I am don't have a MD5 or SHA-1 for it, but i have done some search and i have found a page from VirusTotal :

https://www.virustotal.com/file/37ab92f ... /analysis/

and another page from Symantec:
http://www.symantec.com/security_respon ... 99&tabid=2

I would like to get the virus by name, if that possible , since i am assume that there are some variants of it and the page i gave from VT is just one of them.

Thanks.

I have found that there is a newer version of the YUNSIP and i would like to get the new one, what you gave me (and what i have asked for) seems to be the former version that came as a dll file, but the new one come in EXE format, here is the MD5s (from http://www.sophos.com/en-us/threat-cent ... lysis.aspx):

9d3097ee180148b99a132dc706ba3a31
7c92786310756c97e81c6ff76407f225
9f2c40421b3cee6aee2eb352ddd9e596

THX.
 Topic locked
  • 1
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
 Return to “Completed Malware Requests”