A forum for reverse engineering, OS internals and malware analysis 

ZeroAccess (alias MaxPlus, Sirefef)

Forum for analysis and discussion about malware.

Re: ZeroAccess (alias MaxPlus, Sirefef)

 #14515  by rkhunter
 Sun Jul 08, 2012 2:19 pm
rkhunter wrote: SHA1: ee82783374ac3298978cb4d555f6039fe8c06b27
MD5: 137496bbad2022442280c10b6798fb7c
http://www.kernelmode.info/forum/viewto ... 220#p14409
rkhunter wrote:SHA1: 355dd21d69f349fa2519116f00144ef3b3c09082
MD5: 30d8cfa7509168edad468b3b61b618ac
http://www.kernelmode.info/forum/viewto ... 220#p14410
Aleksandra wrote: MD5: 5e5a57e39fe8010ff25009425ab642d2
SHA1: ef6cffc993e541fa7e8de06c88672e3f3c7e8749
http://www.kernelmode.info/forum/viewto ... 220#p14414
Attachments
pass:infected
(137.33 KiB) Downloaded 60 times
pass:infected
(136.68 KiB) Downloaded 56 times
pass:infected
(136.67 KiB) Downloaded 59 times

Re: ZeroAccess (alias MaxPlus, Sirefef)

 #14583  by EP_X0FF
 Wed Jul 11, 2012 2:27 pm
It took 2 with a half months to guy find and describe PEB patch. Ah lol yes this is the best and most interesting what they got from this trojan.

Re: ZeroAccess (alias MaxPlus, Sirefef)

 #14585  by rkhunter
 Wed Jul 11, 2012 2:36 pm
Some guys told me that it's normal - publish research about malware that were already 3 month ago...there are people who believe to such mega-corporations.

Re: ZeroAccess (alias MaxPlus, Sirefef)

 #14587  by EP_X0FF
 Wed Jul 11, 2012 2:46 pm
Yes it is OK, when content is OK. He can add when this malware initially started spreading, add statistics, tell about affiliate who is behind, sensitive referenses and more *useful* content describing malware overall behaviour. He is wokring in AV company, which is one of the most largest corps in a world with increadible resources. So what this guy actually did? Fired up windbg and typed few commands. Oh really - great research! This is one of the most dumbest writeups from McAfee what I ever read.
  • 1
  • 22
  • 23
  • 24
  • 25
  • 26
  • 56
 Return to “Malware”