A forum for reverse engineering, OS internals and malware analysis 

Forum for analysis and discussion about malware.
 #17917  by EP_X0FF
 Tue Jan 29, 2013 3:58 am
Very primitive, Delphi 7 origin.

Landing hxxp://18adult.myjino.ru/

Runs from HKLM\Software\Microsoft\Windows\CurrentVersion\Run

Unlock code: 199515650qwerty
123.jpg
123.jpg (46.1 KiB) Viewed 424 times
Original + decrypted in attach.

SHA-1 cf7382c25a8bf0d904d51063ceb29fb70f630bc9
Attachments
pass: malware
(668.46 KiB) Downloaded 62 times