A forum for reverse engineering, OS internals and malware analysis 

Forum for analysis and discussion about malware.
 #13638  by Win32:Virut
 Sat Jun 02, 2012 2:37 pm
Live Security Platinum (Winwebsec)

Image

MD5: 1D3C98F7F2E65AE66EFF506734FB638A
(330.09 KiB) Downloaded 52 times
https://www.virustotal.com/file/7ae0723 ... /analysis/

_________________________________________________________________________________________________________________________

Windows Malware Firewall (FakeVimes)

Image

MD5: fc6e6abc813548efcc0ad8b79904c04a
(1.84 MiB) Downloaded 52 times
https://www.virustotal.com/file/7cc79b3 ... /analysis/
 #13661  by Win32:Virut
 Sun Jun 03, 2012 9:08 am
Live Security Platinum (Winwebsec)
Password: infected
(314.03 KiB) Downloaded 41 times
MD5: 58e54e3718cd47300a9c530f74e2b08d

17 / 42 https://www.virustotal.com/file/1b2007c ... /analysis/

(329.2 KiB) Downloaded 39 times
MD5: 4790d1b9830f184bd675addd3ba642f4

16 / 42 https://www.virustotal.com/file/4219b05 ... /analysis/
 #13855  by Xylitol
 Sun Jun 10, 2012 9:06 am
Blackhole used by the BestAV affiliate
Code: Select all
195.88.74.86/files/f424f
195.88.74.86/files/d4fc7
195.88.74.86/files/cf234
195.88.74.86/files/c5826
195.88.74.86/files/c4672
195.88.74.86/files/c2567
195.88.74.86/files/b6863
195.88.74.86/files/a2e1a
195.88.74.86/files/97d19
195.88.74.86/files/96ece
195.88.74.86/files/9235d
195.88.74.86/files/6d4b0
195.88.74.86/files/5e91c
195.88.74.86/files/5db33
195.88.74.86/files/5a20e
195.88.74.86/files/47bca
195.88.74.86/files/182b5
195.88.74.86/f/t2.php (phpinfo)
Image
Attachments
infected
(2.46 MiB) Downloaded 54 times
infected
(2.76 MiB) Downloaded 55 times
 #13866  by Xylitol
 Sun Jun 10, 2012 7:15 pm
New file found on the BestAV blackhole but external to the EK
Code: Select all
hihihihiihihihihi.ipq.co/f/1110.exe
• dns: 1 ›› ip: 195.88.74.86 - adresse: HIHIHIHIIHIHIHIHI.IPQ.CO
File in attach.
https://www.virustotal.com/file/e031033 ... /analysis/
https://www.virustotal.com/file/2751ffc ... /analysis/

also fun fact they don't verify instant the credit card and you get the activation code (who don't work by the way)
another fail is the email order received who ask you to put your registration e-mail on a non existant field.
Image
Attachments
infected
(512.55 KiB) Downloaded 54 times
  • 1
  • 20
  • 21
  • 22
  • 23
  • 24
  • 46