Jump to content
View in the app

A better way to browse. Learn more.
Tuts 4 You

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Strange file was sent, help analyzing.

carb0n
carb0n
in Malware Reverse Engineering

Featured Replies

Posted

There was a file sent from my email that I didn't authorize, me and my staff have been analyzing but haven't come u with a lot of stuff, here is what we got so far:

johnnyk

analyzed the crypter

drops this smss.exe into windows directory

hers some reports

http://anubis.iseclab.org/?action=result&a...amp;format=html

http://research.sunbelt-software.com/ViewM...aspx?id=6585843

http://www.novirusthanks.org/analisis/39b5...18cba37b757e2b4

plus it dorps this crypter.exe and this txt file saying

Your files zip,rar,doc,txt,xls,ppt,vbs,htm,html,pas,bas,c,cpp,exe were encrypted . Send mail to unknowncrypter@mail.ru for unencryption key. Your PC has been marked - reporting this activity may lead to the complete deletion of your HDD.

cm2

guys I ran the file through the lab computer which is a winxp machine NOT updated using internet explorer 6 has avg.

tcpmon showed no outside connections now while both the main file and the stub both do alot of querying and copies into the prefetch I don't see much in the way of activity they both ran and then stopped the lab is not a virtual pc it is a live installation on a separate hdd

filemon showed that it queried alot for the gdi exploit but was not able to execute.

it does modify the host file to hackhound.org 127.0.0.1

in the end the file APPEARED to run look for some exploitable shiz and then end

I have not seen any effects of this exe on the lab

IT DOES try and set itself to run as a debugger in the gdl execute debugger registry entry

but other than that I don't see anything else happening

will continue to monitor tonight

So if you guys find anything else, please let me know, thanks.

http://rapidshare.de/files/41145344/backdoored.rar.html

Your files zip,rar,doc,txt,xls,ppt,vbs,htm,html,pas,bas,c,cpp,exe were encrypted . Send mail to unknowncrypter@mail.ru for unencryption key. Your PC has been marked - reporting this activity may lead to the complete deletion of your HDD.

This message reminds me of GPcode !

Create an account or sign in to comment

Go to topic listing

Configure browser push notifications
Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.