ltheonel Posted August 12, 2011 Share Posted August 12, 2011 (edited) Since noboy is interested, thread can be deleted please.zbot.zip Edited August 28, 2011 by ltheonel Attached sample to post... Link to comment Share on other sites More sharing options...
ltheonel Posted August 12, 2011 Author Share Posted August 12, 2011 ATTENTION: THIS IS A MALEWARE SAMPLE AND EXECUTION/ANALYSING IS ON OWN RISK!!!!!!!!! Hello, i got this Zeus bot sample this should connect to your local lan, there seems to be some selfchecking done inside it, that i dont understand. I obscured it with a simple crypter to analyse behavior but failed. If you have some interest tips for me just post, doing research now maybe a week You can break befor execution of resumethread and manipulate the entry of new created process thats where the maleware got deobfuscated in first layer. this is bot samlpe: crypted.bot:http://www.mediafire.com/?qryeecrg3j3se3c uncrypted.bot:http://www.mediafire.com/?idcx6gy3xmntd3j ATTENTION: THIS IS A MALEWARE SAMPLE AND EXECUTION/ANALYSING IS ON OWN RISC!!!!!!!!! Link to comment Share on other sites More sharing options...
Teddy Rogers Posted September 1, 2011 Share Posted September 1, 2011 Is it looking for specific processes before injection?What is the password to the archive?Ted. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now