A forum for reverse engineering, OS internals and malware analysis 

Forum for analysis and discussion about malware.
 #8158  by Xylitol
 Sat Aug 20, 2011 8:31 am
Hoax SMS
Fake pedo porn, from zippro.ru affil.

25/43 >> 58.1%
http://www.virustotal.com/file-scan/rep ... 1313577168
Code: Select all
GET /excount.php?file_id=256223&hwid=696632b5898e0c592feb0c43c16be96b HTTP/1.1
Host: srv.zippro.ru
Accept: text/html, */*
Accept-Encoding: identity
User-Agent: Mozilla/3.0 (compatible; Indy Library)

HTTP/1.1 200 OK
Server: nginx/1.0.5
Date: Sat, 20 Aug 2011 08:27:07 GMT
Content-Type: text/html
Connection: keep-alive
Content-Length: 2

FR
Image
Attachments
pwd: xylibox
(889.54 KiB) Downloaded 63 times
 #8671  by Xylitol
 Wed Sep 21, 2011 12:49 pm
Attachments
pwd: xylibox
(716.55 KiB) Downloaded 73 times
 #8786  by Striker
 Tue Sep 27, 2011 9:26 pm
Target: about.exe (Data Recovery)
Serial: 1203978628012489708290478989147

VT: http://www.virustotal.com/file-scan/rep ... 1317157615

Screenshots:

Image

Image

Image

After registration, you can download the purchased copy of Master Utilities:

Image
Attachments
pw = zoit
(239.59 KiB) Downloaded 66 times
pw = zoit
(404.09 KiB) Downloaded 64 times
Last edited by Striker on Tue Sep 27, 2011 11:24 pm, edited 3 times in total.
 #8811  by rough_spear
 Wed Sep 28, 2011 6:39 pm
Hi, ;)
Two sms hoax malwares.i ran it in sandbox but nothing much i can understand as it in russian.I m still studying russian language alphabets. :D

Web link -
hxxp://brozy.10gb.ru/gdz/GDZ_Mordkovich_algebra_10_klass.exe
File size - 5.22 MB

hxxp://dl.filestuffhouse.ru/a1/size8504320/pesnya
File Size - 8.11 MB
As file size in archive is even exceeding 5MB so i uploaded it on hotfile, the url is given below.

http://hotfile.com/dl/130964945/3636c01/pesnya.7z.html
password - malware.

Regards,


rough_spear. 8-)
Attachments
password - malware
(3.89 MiB) Downloaded 55 times
 #8815  by rough_spear
 Wed Sep 28, 2011 7:39 pm
Hi, :D
One more sms hoax.This time pretending to be Adobe Flash Player. :twisted:

Web link - hxxp://flashplayer.ctellez.com/downloads/flash-player.exe
File name - flash-player.exe
File size - 748 KB

MD5 : 42463f58979d7d56b6d8b89fd9d84af6
SHA1 : 70ea6e8a77e54c7c365e5c0898282da9041669e4
SHA256: 49dd2f8dca0e8a18c7dc3803bfe7391568322bb35318cab72d7ce6b9d8d9d962
ssdeep: 12288:NIxOFf1Cc9grNSs/GQFenpEvWUuSRzZETUm8s2UDRcwbg9meJBnSkam4AJFfmGUC:dJgr
NSGG5npEv9uSzy8PgRcZcAJVmtC
flash-player-1.jpg
flash-player-1.jpg (101.65 KiB) Viewed 714 times
flash-player-2.jpg
flash-player-2.jpg (80.24 KiB) Viewed 714 times
Regards,



rough_spear. ;)
Attachments
password - malware.
(673.5 KiB) Downloaded 58 times
 #8847  by Xylitol
 Thu Sep 29, 2011 10:12 pm
Exposing Evapharma ~ http://xylibox.blogspot.com/2011/09/tra ... l?spref=tw

Full package is 68,5 Mb
List of keywords, alot of banners...
Code: Select all
http://dl.dropbox.com/u/14644039/Evapharmacy-crap.zip
pwd: xylibox
Attachments
pwd: xylibox
(511.69 KiB) Downloaded 61 times
pwd: xylibox
(4.03 MiB) Downloaded 61 times
 #8870  by rough_spear
 Fri Sep 30, 2011 6:03 pm
Hi,
SMS Hoax, This time Vlc media player. :D

hxxp://2011fr.pro/downloads/vlc-media-player.exe
file size - 691 KB

VT Link - http://www.virustotal.com/file-scan/rea ... 1317405083

MD5 : 3c3e669858b1518a1d2b8a4c516c7cf6
SHA1 : 63653c46aa82e4d5361754d9739f2eae5833bf9b
SHA256: 5edaf3bc9e682a37c816ab20e33379f7e793a33becf7909220935753c9791b4d
ssdeep: 12288:kIxOFf1Cc9grNSs/GQFenpEvWUuSRzZETUm8s2UDRcwbg9CxPUU5:EJgrNSGG5npEv9uS
zy8PgRcZCV/5
sms-hoax-vlc-01.jpg
sms-hoax-vlc-01.jpg (102.75 KiB) Viewed 655 times
Regards,


rough_spear. 8-)
Attachments
password - malware.
(622.89 KiB) Downloaded 60 times
 #8906  by icr
 Sat Oct 01, 2011 1:07 pm
SMS sending programs
Total 25 files
Original Size : 17,549,792 bytes
7z size : 1,510,135 bytes

regards,
icr ;)
Attachments
Re-uploaded again
Password : infected

(1.44 MiB) Downloaded 61 times
Last edited by icr on Sat Oct 01, 2011 5:54 pm, edited 1 time in total.
  • 1
  • 4
  • 5
  • 6
  • 7
  • 8
  • 12