A forum for reverse engineering, OS internals and malware analysis 

Forum for analysis and discussion about malware.
 #670  by EP_X0FF
 Mon Apr 12, 2010 4:49 pm
Update of malware package, 30 samples. Contains several FakeAV's including Security Central (I'm not yet analyzed this bundle because of lack of any free time).

http://www.megaupload.com/?d=3LLUWXQI (7.15 Mb)

pass: malware
 #871  by EP_X0FF
 Sat Apr 24, 2010 2:48 pm
Daily catch from one of my hp. Not sorted or filtered.
Note: some files can be just a trash.

Spam bots, multiple droppers, pws stealers, autoruner, fakeav's.
9.5 Mb unpacked.

Pass to all: malware

Edit: this is RAR archive split on two parts, so to get everything from it you need to download both parts.
Attachments
(2.4 MiB) Downloaded 129 times
(5 MiB) Downloaded 100 times
 #925  by PX5
 Thu Apr 29, 2010 1:42 am
My little contribution, torpig loaders from 4/21/2010--4/27/2010

hxxp://removalhowtos.com/cm/Alexey/mbr-42810.rar (80MB)

Hope is OK to post this way, was arranged for a fellow hunter in .ru
 #929  by PX5
 Thu Apr 29, 2010 2:00 am
Have daily collect of these, tdss (Dogma) and Fakes (Usually ScreenLock and Rogue), always too large, so many md5 but only 2 or 3 different installers, tdss seems stay same for month or more sometimes.

The Pigs just change host, have that info around somewhere as well.
 #940  by PX5
 Thu Apr 29, 2010 9:55 am
maos changed their IP's

nslookup qghrcgpqfir.com

Non-authoritative answer:
Name: qghrcgpqfir.com
Addresses: 66.135.59.116, 209.222.2.7

All links like hxxp://69.65.42.85/nte/WIR1.py/eH should change address to one from new

Torpig,MAOs,Mebroot,Sinowal......All same stuff, loaders are rebuilt often, have many different URLs now.
 #977  by EP_X0FF
 Mon May 03, 2010 2:23 pm
Update.

pass: malware

archive split on three parts, to get everything you need to download all parts.
Attachments
(1.29 MiB) Downloaded 706 times
(4.25 MiB) Downloaded 114 times
(4.25 MiB) Downloaded 154 times