SimbiOZ, is that a malware

February 15, 2009

This's un unpackme from the unpackmes collection uploaded on tuts4you server

It has a very strange behavior,

it replaces the svchost.exe sercive + tries to scan all opened processes + tries to change the page protection of some places in these processes

After each run, It crashes all opened apps (even kaspersky AV + Outpost firewall + explorer olso ...) all processes are closed

It's very strange

I first lunched it under vista no sp -> crashes all

and then I tried to figure out what happened (but leak of time) and can't go further now

Please if someone has some extra time and can analyse this unpackme, it will be a great help

thank you.

BE CAREFULL, DON'T RUN IT OUT OF A VM TILL WE FIND OUT WHAT IT REALLY DOES

unpackme is here

http://www.tuts4you.com/download.php?view.1946

February 15, 2009

That sounds like SimbOZ...

Ted.

February 15, 2009

That sounds like SimbOZ...
Ted.

Does it mean it's a normal behavior of this 'protector' ted?

February 16, 2009

Yes, those are some of the features which can be set when protecting an executable...

Ted.

February 16, 2009

Yes, those are some of the features which can be set when protecting an executable...
Ted.

thank you

February 26, 2009

Is anywhere available for download this packer/protector?

February 26, 2009

Is anywhere available for download this packer/protector?

Here you go:

SimbiOZ.7z

Ted.

February 26, 2009

thanks for uploading

Sign In

SimbiOZ, is that a malware

Recommended Posts

movzxEax

Link to comment

Share on other sites

Teddy Rogers

Link to comment

Share on other sites

movzxEax

Link to comment

Share on other sites

Teddy Rogers

Link to comment

Share on other sites

movzxEax

Link to comment

Share on other sites

4e4en

Link to comment

Share on other sites

Teddy Rogers

Link to comment

Share on other sites

4e4en

Link to comment

Share on other sites

Create an account or sign in to comment

Create an account

Sign in

Community

Search