A forum for reverse engineering, OS internals and malware analysis 

Forum for analysis and discussion about malware.
 #15490  by Quads
 Mon Sep 03, 2012 6:41 am
Rogue Killer, doesn't get these, Win 7 is not the recycler folder.

c:\$recycle.bin\S-1-5-18\$a437a1a12864ba5ff69ec86ce7982643\@
c:\$recycle.bin\S-1-5-18\$a437a1a12864ba5ff69ec86ce7982643\n
c:\$recycle.bin\S-1-5-18\$a437a1a12864ba5ff69ec86ce7982643\U\00000004.@
c:\$recycle.bin\S-1-5-18\$a437a1a12864ba5ff69ec86ce7982643\U\000000cb.@
c:\$recycle.bin\S-1-5-18\$a437a1a12864ba5ff69ec86ce7982643\U\80000000.@
c:\$recycle.bin\S-1-5-21-1207855306-3296853362-3562190217-1000\$a437a1a12864ba5ff69ec86ce7982643\@
c:\$recycle.bin\S-1-5-21-1207855306-3296853362-3562190217-1000\$a437a1a12864ba5ff69ec86ce7982643\n

Quads
 #15596  by thisisu
 Sun Sep 16, 2012 8:06 am
Fresh "recycler" dropper with fail av results

Detection ratio: 3 / 42
https://www.virustotal.com/file/947f6ba ... /analysis/
Code: Select all
Kaspersky UDS:DangerousObject.Multi.Generic 
PCTools HeurEngine.Skintrim
Symantec Suspicious.Skintrim 
Obtained from : hxxp://94.199.53.203/latest/Flash_Player_v11.3.301_for_Windows.exe
Attachments
pass: infected
(145.67 KiB) Downloaded 91 times
 #15605  by EP_X0FF
 Sun Sep 16, 2012 10:14 am
thisisu wrote:Fresh "recycler" dropper with fail av results

Detection ratio: 3 / 42
https://www.virustotal.com/file/947f6ba ... /analysis/
Code: Select all
Kaspersky UDS:DangerousObject.Multi.Generic 
PCTools HeurEngine.Skintrim
Symantec Suspicious.Skintrim 
Obtained from : hxxp://94.199.53.203/latest/Flash_Player_v11.3.301_for_Windows.exe
Unpacked in attach + all significant files extracted from CAB.
Attachments
pass: infected
(162.35 KiB) Downloaded 84 times
  • 1
  • 30
  • 31
  • 32
  • 33
  • 34
  • 56