Malware Reverse Engineering

Hi, can anyone help me to figure out what this malware is packed with. PeID does not identify it, and VirusTotal gives these results from F-Prot and Authentium: packers (F-Prot): PE-Armor, Malware_Prot.V packers (Authentium): PE-Armor, Malware_Prot.V I've attached the file in a password protected Rar, password is "password". Any help would be appreciated. Thank you Also, I'm new to these forums, so if I'm breaking any rules, please let me know. malware.rar

get the whole exploit code here: http://www.milw0rm.com/exploits/6031 i think this exploit is dangerous. maybe some software will use it to avoid debugging? or probably malware will use it. keep your eyes open

There was a file sent from my email that I didn't authorize, me and my staff have been analyzing but haven't come u with a lot of stuff, here is what we got so far: johnnyk analyzed the crypter drops this smss.exe into windows directory hers some reports http://anubis.iseclab.org/?action=result&a...amp;format=html http://research.sunbelt-software.com/ViewM...aspx?id=6585843 http://www.novirusthanks.org/analisis/39b5...18cba37b757e2b4 plus it dorps this crypter.exe and this txt file saying Your files zip,rar,doc,txt,xls,ppt,vbs,htm,html,pas,bas,c,cpp,exe were encrypted . Send mail to unknowncrypter@mail.ru for unencryption key. Your …

I came across this some months back but only taken a look at it now. Strange thing is after running the crypter everytime I now go in to the directory, "Mu_hr00M_CryT0r_V1.0" it crashes and reboots the OS. Same thing for the filename... http://rapidshare.com/files/142314333/Mu_h...r_V1.0.zip.html Ted.

hey all.. i want to try this app out but when clicking the setup exe zone alarm says its malicious but not sure if its true since the source is right from the web page heres the homepage http://www.pitchtrain.com/ exe http://www.pitchtrain.com/PTsetup.exe thanx mates...

Hi, I've released a paper on Trojan.Zhelatin.pk RCE Analysis, that can be downloaded here: http://evilcry.netsons.org/tuts/Mw/Zhelatin.pdf Have a nice read.. Regards, Giuseppe 'Evilcry' Bonfa'

Hi, Rustock C is definitely the most powerful advanced rootkit for Windows ever seen, the Pure Evil Here some papers about it http://info.drweb.com/show/3342/en http://www.rootkit.com/newsread.php?newsid=879 http://blog.threatexpert.com/2008/05/rusto...ested-doll.html http://blog.threatexpert.com/2008/06/new-r...to-hotmail.html

Research_Blog___Research___SecureWorks.pdf http://www.secureworks.com/research/blog/i...racking-gimmiv/ Ted.

VERY IMPORTANT - BIG VIRUS COMING !!! PLEASE READ http://www.snopes.com/computer/virus/postcard.asp Hi All, I checked with Norton Anti-Virus, and they are gearing up for this virus! I checked Snopes (URL above:), and it is for real!! Get this E-mail message sent around to your contacts ASAP. You should be alert during the next few days. Do not open any message with an attachme nt entitled 'POSTCARD FROM HALLMARK,' regardless of who sent it to you. It is a virus which opens A POSTCARD IMAGE, which 'burns' the whole hard disc C of your computer. This virus will be received from someone who has y…

http://www.secureworks.com/research/threat...hreat=coreflood Ted.

Hello I've just released CartellaUnicaTasse.exe An Italian Malware Case Study, it can be downloaded here: http://evilcry.altervista.org/tuts/Mw/CartellaUnicaTasse.pdf if does not works the link, just go on the home of my site and reach it from the link Regards to Tuts4You Community, Evilcry

Hi. Anyone knows from where I can get the source code of a virus made in Delphi? Doesn't matter what virus it is as long as I can learn something from it. Thanks a lot.

I wanna get into malware analyzing with a virtual box but I have a few questions. What are some things I should/shouldn't do with the virtual machine that might make it secure/insecure? Will installing guest additions make the virtual box insecure? Will having a shared folder with read only permission make it insecure? And what are some things I should know about VirtualBox before I debug malware?

Site : http://honeyblog.org/archives/175-Storm-Wo...esentation.html Paper : http://honeyblog.org/junkyard/paper/08_storm_ITSF.pdf

Trojan-Downloader.Win32.Small or Win32/PolyCrypt Analysis Trojan_DownloaderWin32Small.pdf Ted.

source: http://www.cs.cmu.edu/~dbrumley/pubs/apeg.html full pdf article(Worth Reading) http://www.cs.cmu.edu/~dbrumley/pubs/apeg.pdf PS I was not sure where does it fit.

Hi, Here a little collection of links where you can download the basical Digital Forensics tools.. http://www.opensourceforensics.org/tools/windows.html http://www.forinsect.de/forensics/forensics-tools.html and WinHex http://www.winhex.com/winhex/ In a next post I'll talk about the first procedures of HDD Acquisition. Have a nice Day, Evilcry

This looks like its worth checking out: As soon as we announced that we were running such a unique course, we received lots of questions about the material. So now we're happy to announce that all the course material from the lectures are publicly available from the course webpage.Now the course is coming to a close. The students are currently working on their final project: designing and implementing an antivirus engine. While this sounds like a daunting task (it takes a lot of time to develop a good engine), we are keeping things reasonable. The main focus is on coming up with a sound design and implementing a basic engine to test it out.Our students have been very succ…

Another paper from the guys at offensive computing http://www.offensivecomputing.net/?q=node/678 PDF direct link : http://www.offensivecomputing.net/papers/j...m-3-23-2008.pdf