Win32/Spatet

#5214 by markusg
Mon Feb 28, 2011 3:58 pm

cyber gate

Attachments

007 ultra facebook hacking.rar

(327.56 KiB) Downloaded 35 times

Username

markusg

Posts

737

Joined

Mon Mar 15, 2010 2:53 pm

Win32/Spatet

#5237 by EP_X0FF
Tue Mar 01, 2011 4:35 am

markusg wrote:cyber gate

Trojan PWS with AntiVM stuff on board.
Likely Spatet, however DrWeb for example marks it like CyberGate. This is generic detection.

Ring0 - the source of inspiration

Username

EP_X0FF

Rank

Global Moderator

Posts

4947

Joined

Sun Mar 07, 2010 5:35 am

Location

Russian Federation

Contact

Re: Malware/MSIL-BA

#5285 by markusg
Thu Mar 03, 2011 12:00 pm

Ulitmate Adobe Photoshop CS5 Keygen.exe?
http://www.virustotal.com/file-scan/rep ... 1299152371

Attachments

Ulitmate Adobe Photoshop CS5 Keygen.rar

(416.33 KiB) Downloaded 34 times

Username

markusg

Posts

737

Joined

Mon Mar 15, 2010 2:53 pm

Re: Malware/MSIL-BA

#5286 by markusg
Thu Mar 03, 2011 12:12 pm

TuneUpUtilities2011_keygen.exe
http://www.virustotal.com/file-scan/rep ... 1299153266

Attachments

TuneUpUtilities2011_keygen.rar

(830.83 KiB) Downloaded 33 times

Username

markusg

Posts

737

Joined

Mon Mar 15, 2010 2:53 pm

Re: Malware/MSIL-BA

#5287 by markusg
Thu Mar 03, 2011 12:34 pm

http://www.virustotal.com/file-scan/rep ... 1299152545
Kaspersky IS 2011 Patch (30-06-11).exe?

Attachments

Kaspersky IS 2011 Patch (30-06-11).rar

(380.58 KiB) Downloaded 34 times

Username

markusg

Posts

737

Joined

Mon Mar 15, 2010 2:53 pm

Re: Malware/MSIL-BA

#5289 by markusg
Thu Mar 03, 2011 12:47 pm

BulletStorm Keygen.exe
http://www.virustotal.com/file-scan/rep ... 1299153626

Attachments

BulletStorm Keygen.rar

(299.64 KiB) Downloaded 34 times

Username

markusg

Posts

737

Joined

Mon Mar 15, 2010 2:53 pm

Re: Malware/MSIL-BA

#5290 by EP_X0FF
Thu Mar 03, 2011 2:02 pm

markusg wrote:Ulitmate Adobe Photoshop CS5 Keygen.exe?
http://www.virustotal.com/file-scan/rep ... 1299152371

Crashes on start.

markusg wrote:TuneUpUtilities2011_keygen.exe
http://www.virustotal.com/file-scan/rep ... 1299153266

drops payload which crashes on start due to incorrect decryption.

markusg wrote:http://www.virustotal.com/file-scan/rep ... 1299152545
Kaspersky IS 2011 Patch (30-06-11).exe?

dotnet container for Win32 Spatet.

unpacked result
https://www.virustotal.com/file-scan/re ... 1299160220

markusg wrote:BulletStorm Keygen.exe
http://www.virustotal.com/file-scan/rep ... 1299153626

same info stealer

Ring0 - the source of inspiration

Username

EP_X0FF

Rank

Global Moderator

Posts

4947

Joined

Sun Mar 07, 2010 5:35 am

Location

Russian Federation

Contact

Re: Malware/MSIL-BA

#5301 by markusg
Thu Mar 03, 2011 8:24 pm

IPMonitor.exe
http://www.virustotal.com/file-scan/rep ... 1299183148

Attachments

IPMonitor.rar

(290.1 KiB) Downloaded 37 times

Username

markusg

Posts

737

Joined

Mon Mar 15, 2010 2:53 pm

Re: Malware/MSIL-BA

#5308 by EP_X0FF
Fri Mar 04, 2011 12:10 pm

markusg wrote:IPMonitor.exe
http://www.virustotal.com/file-scan/rep ... 1299183148

Dotnet container for trojan info stealer, payload executed in vbc.exe address space (Delphi, AntiSandbox/AntiVM, Cryptor + UPX).
Spatet/Rebhib/CyberGate.1

https://www.virustotal.com/file-scan/re ... 1299240275

the names of the same. Reviewed many times.

Posts moved.

Ring0 - the source of inspiration

Username

EP_X0FF

Rank

Global Moderator

Posts

4947

Joined

Sun Mar 07, 2010 5:35 am

Location

Russian Federation

Contact

Win32/Spatet

#5313 by markusg
Fri Mar 04, 2011 2:18 pm

FapBox v3.0.exe
http://www.virustotal.com/file-scan/rep ... 1299245884

Attachments

FapBox v3.0.rar

(305.88 KiB) Downloaded 36 times

Username

markusg

Posts

737

Joined

Mon Mar 15, 2010 2:53 pm