A forum for reverse engineering, OS internals and malware analysis 

Forum for analysis and discussion about malware.
 #21393  by EP_X0FF
 Thu Nov 14, 2013 5:13 am
MS sandbox description
http://www.microsoft.com/security/porta ... 9%09#tab=2

Written on Delphi, packed with PECompact + crypted.

It include small downloader Win32/Dimegup which contacts hxxp://networksecurityx.hopto.org (unavailable at the moment of post).
Main malware contains lots of encrypted strings, just dump it loaded to get them.

Sample courtesy of markusg.

https://www.virustotal.com/en/file/a704 ... /analysis/
https://www.virustotal.com/en/file/e33c ... /analysis/
Attachments
pass: infected
(234.62 KiB) Downloaded 97 times