A forum for reverse engineering, OS internals and malware analysis 

Forum for analysis and discussion about malware.
 #1448  by EP_X0FF
 Thu Jul 08, 2010 4:42 am
http://www.virustotal.com/analisis/2872 ... 1278563453
http://www.virustotal.com/analisis/51f0 ... 1278563448
http://www.virustotal.com/analisis/2f28 ... 1278563461

Some spyeyes :)

Opened for access SpyEyes drop servers. Grab the malware :D

cpucardioholder.com/warrior/bin/
peosoe.com/spa/mn/bin/

stuff in attach as malware.rar
Attachments
pass: malware
(1.05 MiB) Downloaded 106 times
pass: malware
(443.33 KiB) Downloaded 106 times
 #1477  by PX5
 Mon Jul 12, 2010 3:32 pm
Parent Directory-nerukabbcompany.com/fgdhfgvcryegf/bin/

build.exe.crypted.exe">build.exe.crypted.exe>12-Jul-2010 10:17

build_cry.exe>build_cry.exe>08-Jul-2010 15:23

config.bin>12-Jul-2010 08:25
 #1746  by EP_X0FF
 Tue Aug 03, 2010 12:39 pm
Public directory, download what you want :)

hxxp://clickxfinder.com/warrior/bin/

VirusTotal
http://www.virustotal.com/analisis/9a0f ... 1280839060
http://www.virustotal.com/analisis/f070 ... 1280839066
http://www.virustotal.com/analisis/bf53 ... 1280839077
http://www.virustotal.com/analisis/db7d ... 1280839084

from sample version info
BitDefender Management Console
:D

all in attach
Attachments
pass: malware
(206.81 KiB) Downloaded 100 times
 #1775  by egomoo
 Thu Aug 05, 2010 2:11 am
it was identified by safe returner
Attachments
11111.gif
11111.gif (10.08 KiB) Viewed 786 times
 #1851  by EP_X0FF
 Sun Aug 08, 2010 1:34 pm
Thanks for sharing, attached info (config file, screenshots, webinjects) from recovered config.bin.
Seems to be this is spyeye v1.2.4.

Btw, you can detect SpyEye with WinObjEx by the presence of the following mutex - __SPYNET_REPALREADYSENDED__, WinObjEx will also show you one of the processes where SpyEye code is injected.
Attachments
(133 KiB) Downloaded 78 times
 #1960  by cjbi
 Sat Aug 14, 2010 12:35 am
Screenshot of SpyEye 1.2.0 builder.
It supports changing EXE & mutex name.
Interesting!
Attachments
spyeye1.2.jpg
spyeye1.2.jpg (168.39 KiB) Viewed 731 times
 #2223  by EP_X0FF
 Tue Aug 24, 2010 4:18 am
Author wants some vm unfriendly cryptor with sources :) Here is a little discussion.
Attachments
12.JPG
12.JPG (67.05 KiB) Viewed 690 times
  • 1
  • 2
  • 3
  • 4
  • 5
  • 42