[thisisu]

Pulled this one from a live machine. MSE detects as Nymaim.A ( http://www.microsoft.com/security/porta ... 2FNymaim.A )

https://www.virustotal.com/file/c65fff4 ... 359492243/

MD5: 5a5770a8e1920aad5eb923aa43c2322d

Code: Select all

HKU\Owner\...\Winlogon: [Shell] C:\Users\Owner\AppData\Roaming\ldr.mcb,explorer.exe [x]

[rkhunter]

Downloader - Pony Loader aka Fareit and Nymaim in attach (3 files)
http://www.welivesecurity.com/2013/08/2 ... hronicles/

[ikolor]

next

https://www.virustotal.com/en/file/e582 ... /analysis/

[geoffreyvdb]

New sample, uses API hammering to avoid reverse engineering and sandbox analysis

http://joe4security.blogspot.be/2016/04 ... h-api.html

https://www.virustotal.com/nl/file/2bbf ... /analysis/

[ikolor]

next

https://www.virustotal.com/en/file/6152 ... 461686991/

[benkow_]

next .

https://www.virustotal.com/en/file/b4bf ... 461686328/

Cerber

next

https://www.virustotal.com/en/file/6152 ... 461686991/

nymaim

[ikolor]

Next .Thanks for checking .
https://www.virustotal.com/en/file/49fa ... 461781109/

https://www.virustotal.com/en/file/e0ad ... 461782102/

[benkow_]

Next .Thanks for checking .
https://www.virustotal.com/en/file/49fa ... 461781109/

https://www.virustotal.com/en/file/e0ad ... 461782102/

https://www.virustotal.com/en/file/e0ad ... 461782102/
Nymaim

https://www.virustotal.com/en/file/49fa ... 461781109/
Dridex

[ikolor]

next..
https://www.virustotal.com/en/file/eab4 ... 494426835/

[Antelox]

next..
https://www.virustotal.com/en/file/eab4 ... 494426835/

Nymaim doc dropper.

BR,

Antelox