A forum for reverse engineering, OS internals and malware analysis 

Malware Requests, part 2

Forum for completed malware requests.
 Topic locked

Re: Malware Requests, part 2

 #15765  by mirchi
 Wed Sep 26, 2012 8:01 pm
yokami wrote:https://www.virustotal.com/file/e108432 ... /analysis/
SHA256: e108432dd9dad6ff57c8de6e907fd6dd25b62673bd4799fa1a47b200db5acf7c
File name: 805538ff200ec714a735ef3bc1fff1f0
It is a pdf file
Im also looking for any new Andromeda samples,especially rootkit and formgrabber part
thx in advance
Plz Check the attach file
Attachments
password: infected
(11.16 KiB) Downloaded 61 times

Re: Malware Requests, part 2

 #15872  by 360Tencent
 Wed Oct 03, 2012 12:22 am
http://www.adobe.com/support/security/a ... 12-01.html
PwDump7.exe:
MD5 hash: 130F7543D2360C40F8703D3898AFAC22

File size: 81.6 KB (83,648 bytes)
Signature timestamp: Thursday, July 26, 2012 8:44:40 PM PDT (GMT -7:00)

MD5 hash of file with signature removed: D1337B9E8BAC0EE285492B89F895CADB
libeay32.dll
MD5 hash: 095AB1CCC827BE2F38620256A620F7A4
File size: 999 KB (1,023,168 bytes)
Signature timestamp: Thursday, July 26, 2012 8:44:13 PM PDT (GMT -7:00)

MD5 hash of file with signature removed: A7EFD09E5B963AF88CE2FC5B8EB7127C

The second malicious utility, myGeeksmail.dll, appears to be a malicious ISAPI filter. Unlike the first utility, we are not aware of any publicly available versions of this ISAPI filter.

myGeeksmail.dll
MD5 hash: 46DB73375F05F09AC78EC3D940F3E61A
File size: 80.6 KB (82,624 bytes)
Signature timestamp: Wednesday, July 25, 2012 8:48:59 PM (GMT -7:00)

MD5 hash of file with signature removed: 8EA2420013090077EA875B97D7D1FF07
https://www.virustotal.com/file/e374fd4 ... /analysis/

https://www.virustotal.com/file/c11f031 ... /analysis/

https://www.virustotal.com/file/b884f72 ... /analysis/

Re: Malware Requests, part 2

 #15879  by Xylitol
 Wed Oct 03, 2012 5:21 pm
360Tencent wrote:http://www.adobe.com/support/security/a ... 12-01.html
PwDump7.exe:
MD5 hash: 130F7543D2360C40F8703D3898AFAC22

File size: 81.6 KB (83,648 bytes)
Signature timestamp: Thursday, July 26, 2012 8:44:40 PM PDT (GMT -7:00)

MD5 hash of file with signature removed: D1337B9E8BAC0EE285492B89F895CADB
libeay32.dll
MD5 hash: 095AB1CCC827BE2F38620256A620F7A4
File size: 999 KB (1,023,168 bytes)
Signature timestamp: Thursday, July 26, 2012 8:44:13 PM PDT (GMT -7:00)

MD5 hash of file with signature removed: A7EFD09E5B963AF88CE2FC5B8EB7127C

The second malicious utility, myGeeksmail.dll, appears to be a malicious ISAPI filter. Unlike the first utility, we are not aware of any publicly available versions of this ISAPI filter.

myGeeksmail.dll
MD5 hash: 46DB73375F05F09AC78EC3D940F3E61A
File size: 80.6 KB (82,624 bytes)
Signature timestamp: Wednesday, July 25, 2012 8:48:59 PM (GMT -7:00)

MD5 hash of file with signature removed: 8EA2420013090077EA875B97D7D1FF07
https://www.virustotal.com/file/e374fd4 ... /analysis/

https://www.virustotal.com/file/c11f031 ... /analysis/

https://www.virustotal.com/file/b884f72 ... /analysis/
Attachments
infected
(1.04 MiB) Downloaded 64 times

Re: Malware Requests, part 2

 #15899  by Win32:Virut
 Sat Oct 06, 2012 3:42 pm
I need:

Ransom.Jagfu

https://www.botnets.fr/index.php/Jagfu
Drop a mp3 : "FBI warning your computer is Blocked for violation of Federal Law"
MD5:
57409cf35820a9f35e9179d4338c0ec5
f7bf18dccff32de994271b4859211d2c
http get
109.72.156.30 GET /adm52807/lic.php
109.72.156.30 GET /adm52807/picture.php
MP3 md5:
819be88d910d97bb06e02bc255977999
Thanks in advance

Re: Malware Requests, part 2

 #15917  by Xylitol
 Mon Oct 08, 2012 9:23 am
Win32:Virut wrote:I need:

Ransom.Jagfu

https://www.botnets.fr/index.php/Jagfu
Drop a mp3 : "FBI warning your computer is Blocked for violation of Federal Law"
MD5:
57409cf35820a9f35e9179d4338c0ec5
f7bf18dccff32de994271b4859211d2c
http get
109.72.156.30 GET /adm52807/lic.php
109.72.156.30 GET /adm52807/picture.php
MP3 md5:
819be88d910d97bb06e02bc255977999
Thanks in advance
Attachments
infected
(581.14 KiB) Downloaded 85 times
infected
(19.38 KiB) Downloaded 76 times

Re: Malware Requests, part 2

 #15979  by kalptarunet
 Sat Oct 13, 2012 1:26 pm
Hi,

Looking samples for Gozi-Prinimalka, please find few known MD5 listed below.

http://blogs.rsa.com/rsafarl/cyber-gang ... u-s-banks/

Known Gozi Prinimalka MD5 Hashes:

MD5: 09f75a3fcaeb2c46dd67b666a109d844

MD5: c89e960e0155bd9c78889b415de82f55

MD5: a8bc29c5ae35a634adbe63d43a2efaab

MD5: e4065c9aa45afc54003ca2d7ae6f15f1

MD5: ca54385bb345f20454ec0cd1f01ca9f9

Thanks in advance.

--KTX
 Topic locked
  • 1
  • 9
  • 10
  • 11
  • 12
  • 13
  • 15
 Return to “Completed Malware Requests”