A forum for reverse engineering, OS internals and malware analysis 

Forum for analysis and discussion about malware.
 #4588  by EP_X0FF
 Thu Jan 20, 2011 4:42 pm
Xylitol wrote:Security Shield rogue, full undetected: https://www.virustotal.com/file-scan/re ... 1295541138
No surprise :) These guys has very good cryptor support. And it's server side, same sample downloaded few minutes after yours, the same but different :)

http://www.virustotal.com/file-scan/rep ... 1295542056
 #4626  by gigaz
 Fri Jan 21, 2011 8:51 pm
Palladium Pro

VirusTotal Results:
http://www.virustotal.com/file-scan/rep ... 1295642152


Starts during the windows boot process, modifies registry to start on safe mode, does not allow to show the desktop and run apps.

Image

Main UI
Image
Attachments
pass= malware
(662.95 KiB) Downloaded 102 times
Last edited by EP_X0FF on Sat Apr 16, 2011 6:52 am, edited 1 time in total. Reason: Screenshots resized to be more accurate
 #4680  by redcodefinal
 Mon Jan 24, 2011 4:47 am
Xylitol wrote:i dont like guys who request something when he have only one post.

seem he have anti-vm but i'm lazy to find them...
why do you need it?
I'm looking to infect a billion computers with it BWHAHAHAHA! No, I am looking for it for research. I've been studying computer security for 2 years and have taken a course called Offensive Security -> (http://www.offensive-security.com/). Also run my own Youtube security channel in case your interested-> (http://www.youtube.com/user/redcodefinal). I wanted to A:See what it installs, where it installs it, reg keys it uses etc. (I know I can find this on the internet but, I like to do things myself) and then I want to fuzz the application to see if I can create a usable buffer overflow. I was really hoping to make my own solution as a learning tool. Also sorry @EP_X0FF, I'm new and kind of suck, please forgive me ;_;.

-Ian
 #4712  by Xylitol
 Mon Jan 24, 2011 6:48 pm
Spyware Protection

drop Spyware Protection
serial: SL55J-T54YHJ61-YHG88

Image

http://www.virustotal.com/file-scan/rep ... 1295894768
Attachments
see archive comment for password
(1.86 MiB) Downloaded 110 times
Last edited by EP_X0FF on Sat Apr 16, 2011 6:53 am, edited 1 time in total. Reason: Screenshot resized to be more accurate
 #4717  by Xylitol
 Tue Jan 25, 2011 9:36 am
fake defrager: windows scan
Code: Select all
Thank you for your purchase, Windows Scan!
Your activation code: 0973467457475070215340537432225
EDS URL: http://edsfull.com/customers/dl/Defrag.exe
Contact us through Help&Support section in the Windows Scan menu or by phone +1-877 282 0139
drop files in %appdata%

http://www.virustotal.com/file-scan/rep ... 1295948222
Attachments
see archive comment for passwd
(413.35 KiB) Downloaded 75 times
 #4729  by Xylitol
 Tue Jan 25, 2011 10:21 pm
Attachments
see archive comment for password
(1.21 MiB) Downloaded 74 times
Last edited by EP_X0FF on Sat Apr 16, 2011 6:54 am, edited 1 time in total. Reason: Screenshot resized to be more accurate
 #4748  by Xylitol
 Wed Jan 26, 2011 7:37 pm
Attachments
see archive comment for password
(1.16 MiB) Downloaded 75 times
Last edited by EP_X0FF on Sat Apr 16, 2011 7:08 am, edited 1 time in total. Reason: Screenshot resized to be more accurate
  • 1
  • 2
  • 3
  • 4
  • 5
  • 34