Malware+Custom Obfusc+No detections

Posted June 30, 201015 yr

I didn't look to see what this does, beyong dropping binaries and making services. It has to be rebuilt to load in olly(the dropped binaries).

KIS 2010,NIS 2010,Avira 2010 didn't detect with high heuristics. It's all ring 3

dfgdfgdgdgf.zip

July 4, 201015 yr

I didn't look to see what this does, beyong dropping binaries and making services. It has to be rebuilt to load in olly(the dropped binaries).
KIS 2010,NIS 2010,Avira 2010 didn't detect with high heuristics. It's all ring 3

yu'll fig it out... malware analysis aint no joke...

P.S: try to put a password on your viral weaponry zip's and rar's

Edited July 4, 201015 yr by JMC31337

July 4, 201015 yr

File is empty and 0 bytes. Seems to have been cleaned out before you uploaded it.

July 4, 201015 yr

Author

hmm..here are the binaries they drop. Still no detections.

password:pizza

sdfsdfsd.zip

July 4, 201015 yr

hmmm some custom packer, nothing fancy and have seen it before. Actual viral stuff is unobfuscated.

Looking at it briefly;

- Drops ernel32.dll in the system directory and injects it into explorer.exe when loaded it'll unmap itself.

- Disables bitdefender.

- Seems a bot or server of some sorts.

Edited July 4, 201015 yr by quosego

Create an account or sign in to comment

https://forum.tuts4you.com/topic/23305-malwarecustom-obfuscno-detections/

Followers

Go to topic listing

Sign In

Malware+Custom Obfusc+No detections

Featured Replies

Create an account or sign in to comment

Account

Navigation

Search

Configure browser push notifications

Chrome (Android)

Chrome (Desktop)

Safari (iOS 16.4+)

Safari (macOS)

Edge (Android)

Edge (Desktop)

Firefox (Android)

Firefox (Desktop)