A forum for reverse engineering, OS internals and malware analysis 

Forum for analysis and discussion about malware.
 #11653  by AaLl86
 Thu Feb 16, 2012 2:48 pm
Great news! I'm starting to anlyze it...
KernelMode.info is as usually a very good place for us...

Regards,
Andrea
 #11654  by rkhunter
 Thu Feb 16, 2012 2:56 pm
AaLl86 wrote:Great news! I'm starting to anlyze it...
KernelMode.info is as usually a very good place for us...

Regards,
Andrea
:D
Peace for all!
 #11782  by Kafeine
 Fri Feb 24, 2012 6:52 am
Look like this is a test run no ?
Or or preprod server...Stats are really stranges.

Rovnix.b C&C
Image

Image
1 ip only (??) In fact 2..both from Lease web. The other one ( 178.162.174.xx) not far from the C&C (178.162.132.xx)
Image

Image
Image

Note the 2020 group (See Eset Post)
Image
Image
Image

On the Other IP.
Image
 #12615  by erikloman
 Wed Apr 11, 2012 8:51 am
VBR detection remains quite low (as per above VT results).
According to this tweet there seems to be some interesting self-defense.

Looking for some recent droppers for research, thanks!
 #14638  by Xylitol
 Sat Jul 14, 2012 9:52 am
Attachments
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 9