Nothing interesting, all mad skills and pretty lame, however it was delivered directly to me, so I decided to post it there. Written on VB and crypted with some RunPE based cryptor. Connects to various Yandex hosted narod.ru sites to obtain "hello.txt" with further instuctions I guess. In attach original and decrypted. ICQ message with links to this malware spammed from various ICQ accounts. Uses WScripting to copy file/add autorun reg entries (userinit = "c:\windows\system\winlogon.exe") as "update"
Some fun string from inside
Some fun string from inside
E:\code c#\hspam\test\icq spamer crypted pseudornd\Project1.vbp
Attachments
pass: malware
(118.27 KiB) Downloaded 54 times
(118.27 KiB) Downloaded 54 times
Ring0 - the source of inspiration