A forum for reverse engineering, OS internals and malware analysis 

Forum for analysis and discussion about malware.
 #26807  by Xylitol
 Sat Sep 26, 2015 12:11 am
Meet GreenDispenser: A New Breed of ATM Malware ~ https://www.proofpoint.com/us/threat-in ... nDispenser
c:\src\Misc\sdel\Release\sdelete.pdb SDelete embedded

bff1bf173b934a4255b4eca0fbaa6309
1dbac403209d1f5aac9bdac28d4ea335
c10b0157f6fd6590424a748f3c6c80ee
bcd3cdbded825b96861bfbc7a399b89a
e1f9360f952acf5dabdf2f46458e7842

Image Image Image Image

Dirty modifications to bypass time check + two-factor authentication:
Code: Select all
on 1dbac403209d1f5aac9bdac28d4ea335
0040C495    . /0F85 24010000   JNZ 1dbac403.0040C5BF ; Fill with NOP's
0040C4A1    . /0F83 18010000   JNB 1dbac403.0040C5BF ; Fill with NOP's
00403DA4       E8 070C0000     CALL 1dbac403.004049B0 ; Fill with NOP's
00404641    . /0F85 03020000   JNZ 1dbac403.0040484A ; JMP 0040484A
00403DDF    .^\74 C3           JE SHORT 1dbac403.00403DA4 ; Fill with NOP's
Patched: https://www.virustotal.com/en/file/5a37 ... 445341792/
Debug video ~ https://www.youtube.com/watch?v=n_iBDVnNPI0
Attachments
infected
(188.11 KiB) Downloaded 136 times
infected
(933.82 KiB) Downloaded 128 times