chickenbutt Posted June 30, 2010 Posted June 30, 2010 I didn't look to see what this does, beyong dropping binaries and making services. It has to be rebuilt to load in olly(the dropped binaries).KIS 2010,NIS 2010,Avira 2010 didn't detect with high heuristics. It's all ring 3dfgdfgdgdgf.zip
JMC31337 Posted July 4, 2010 Posted July 4, 2010 (edited) I didn't look to see what this does, beyong dropping binaries and making services. It has to be rebuilt to load in olly(the dropped binaries).KIS 2010,NIS 2010,Avira 2010 didn't detect with high heuristics. It's all ring 3yu'll fig it out... malware analysis aint no joke...P.S: try to put a password on your viral weaponry zip's and rar's Edited July 4, 2010 by JMC31337
quosego Posted July 4, 2010 Posted July 4, 2010 File is empty and 0 bytes. Seems to have been cleaned out before you uploaded it.
chickenbutt Posted July 4, 2010 Author Posted July 4, 2010 hmm..here are the binaries they drop. Still no detections.password:pizzasdfsdfsd.zip
quosego Posted July 4, 2010 Posted July 4, 2010 (edited) hmmm some custom packer, nothing fancy and have seen it before. Actual viral stuff is unobfuscated. Looking at it briefly;- Drops ernel32.dll in the system directory and injects it into explorer.exe when loaded it'll unmap itself. - Disables bitdefender. - Seems a bot or server of some sorts. Edited July 4, 2010 by quosego
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now