chickenbutt Posted June 30, 2010 Share Posted June 30, 2010 I didn't look to see what this does, beyong dropping binaries and making services. It has to be rebuilt to load in olly(the dropped binaries).KIS 2010,NIS 2010,Avira 2010 didn't detect with high heuristics. It's all ring 3dfgdfgdgdgf.zip Link to comment Share on other sites More sharing options...
JMC31337 Posted July 4, 2010 Share Posted July 4, 2010 (edited) I didn't look to see what this does, beyong dropping binaries and making services. It has to be rebuilt to load in olly(the dropped binaries).KIS 2010,NIS 2010,Avira 2010 didn't detect with high heuristics. It's all ring 3yu'll fig it out... malware analysis aint no joke...P.S: try to put a password on your viral weaponry zip's and rar's Edited July 4, 2010 by JMC31337 Link to comment Share on other sites More sharing options...
quosego Posted July 4, 2010 Share Posted July 4, 2010 File is empty and 0 bytes. Seems to have been cleaned out before you uploaded it. Link to comment Share on other sites More sharing options...
chickenbutt Posted July 4, 2010 Author Share Posted July 4, 2010 hmm..here are the binaries they drop. Still no detections.password:pizzasdfsdfsd.zip Link to comment Share on other sites More sharing options...
quosego Posted July 4, 2010 Share Posted July 4, 2010 (edited) hmmm some custom packer, nothing fancy and have seen it before. Actual viral stuff is unobfuscated. Looking at it briefly;- Drops ernel32.dll in the system directory and injects it into explorer.exe when loaded it'll unmap itself. - Disables bitdefender. - Seems a bot or server of some sorts. Edited July 4, 2010 by quosego Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now