[markusg]

http://www.virustotal.com/file-scan/rep ... 1302115978

[EP_X0FF]

http://www.virustotal.com/file-scan/rep ... 1302115978

Spatet/Rebhip (different crypter and UPX).

This is VT result for unpacked
http://www.virustotal.com/file-scan/rep ... 1302186625

Posts moved.

[markusg]

key 2011 new.exe
http://www.virustotal.com/file-scan/rep ... 1304850581

[markusg]

LEGOPirates path.exe
http://www.virustotal.com/file-scan/rep ... 1305989349

[markusg]

Windows7UltraActivator.exe
http://www.virustotal.com/file-scan/rep ... 1306510899

[markusg]

Install.exe
MD5   : 559a09461edbf7c31640db8e617e214d
https://www.virustotal.com/file-scan/re ... 1317051570

[nullptr]

Install.exe
MD5   : 559a09461edbf7c31640db8e617e214d
https://www.virustotal.com/file-scan/re ... 1317051570

This is Rebhip/Spatet variant.
Decrypt stage 1, TensilCrypt - http://www.virustotal.com/file-scan/rep ... 1317099707
Decrypt stage 2 - http://www.virustotal.com/file-scan/rep ... 1317099535

edit: TensilCrypt can throw an error due to AntiVM. Just search for (VIRTUAL, VBOX, Sbie.dll etc) strings and change them.
All in attachment.

[markusg]

Pro.Evolution.Soccer.2012.Patch.v1.01.GERMAN-0x0007.7z
https://www.virustotal.com/file-scan/re ... 1317719034

[EP_X0FF]

Pro.Evolution.Soccer.2012.Patch.v1.01.GERMAN-0x0007.7z
https://www.virustotal.com/file-scan/re ... 1317719034

Spatet / Rebhip.A with VBKrypt and 70+ Mb of zero data overlay.
Real dropper size - 440 Kb, real malware size - 324 Kb

Posts moved.

[markusg]

cybergate
https://www.virustotal.com/file/cc3b5bd ... /analysis/