Results 1 to 12 of 12

Thread: Trojan type infection perhaps?

  1. #1

    Trojan type infection perhaps?

    Howdy,

    A preface before I begin.

    I dont play around with mals or virs or troj's.
    When I get them I delete them and run multiple AV's to make sure they are gone.

    The story:

    Since I have been seeing so many of them on the boxes I am now maintaining, I am trying to make an effort to save them so that all of you can take a look at perhaps find something interesting.

    Remember, I will need some "learnin". I have no idea if the files I have saved are in fact the real thing or something an AV has cleaned up.
    If you can lend me a hand in doing this I can promise you I will have a never ending supply of this "shit".

    Woodmann

    As always, beware of the contents.
    Attached Files Attached Files

  2. #2
    If your perhaps becomes infected by a trojan then the trojan might indeed
    phone home to the undead indeed :-O







    Sorry for that but the title triggered a playing with words and as words
    are also just another kind of endangered species - you have to play with
    them while they still exist... :-)

  3. #3
    marco,

    I can appreciate how you play with words .

    When I read the first line I laughed to myself. Now if only I could describe how I see that play on words.........

    I put a dirty trojan on my perhaps and now it is infected .

    Woodmann

  4. #4
    Musician member evaluator's Avatar
    Join Date
    Sep 2001
    Posts
    1,516
    Blog Entries
    1
    mostly repacked TDSS group malware.

    btw, downloaded some GIFs, which have little image, but big file-size.
    GIF uses lossless compression on 24bit images, so can keep any data.
    how-to decompress them directly?
    Attached Files Attached Files
    Last edited by evaluator; June 18th, 2009 at 07:18.

  5. #5
    An image viewer?
    esther


    Reverse the code,Reverse Your Minds First

  6. #6
    Musician member evaluator's Avatar
    Join Date
    Sep 2001
    Posts
    1,516
    Blog Entries
    1
    uff.. ingeniuos help.

    seems data is attached at GIF without packing. and then decrypted as exe-files.

    new exe-files are generated automatically, packed with UPX, crypted with castom tr-cryptor, attached to GIFs. this all is automated process!

  7. #7
    Virus attached to images.............

    Now I know .

    Thanks, Don Wooma

  8. #8
    Musician member evaluator's Avatar
    Join Date
    Sep 2001
    Posts
    1,516
    Blog Entries
    1
    you can attack this servers =)

    http://superimagesart.com/item/.../609/titem.gif
    http://thenewpic.com/item/..
    http://stockshopimages.com/perce/../90b/qwerce.gif
    http://imagesoffline.com/perce/..
    http://theimagesphoto.com/werber/803/217.gif

  9. #9
    Well.........

    Those are not real places according to my browser .

    You want another rar 'o mals ?

    Woodmann

  10. #10
    Musician member evaluator's Avatar
    Join Date
    Sep 2001
    Posts
    1,516
    Blog Entries
    1
    you can start downloader 4a657d55.exe. just you need prevent new process creation from this downloader.

    "image"-server addresses are changing, but main redirector server is
    http://reportsystem32.com/senm.php?data=[YOUR PC DATA ENCODED]==

    so this should attacked.

    do you see in your browser these servers:
    studioofimages.com
    pixphotos.com
    imgesinstudioonline.com
    imagesplusonline.com

    ***
    upload more qualified malware

  11. #11
    Why yes those sites do seem to be real.
    They all returned a "forbidden" .

    Why would they deny me the mal's I so richly deserve?

    As for more qualified mal's, I only rar them, I dont play with them .

    I will get some more uploaded tonight or tomorrow.

    Woodmann

  12. #12
    Lula8r
    Guest
    Quote Originally Posted by Woodmann View Post
    Howdy,

    A preface before I begin.

    I dont play around with mals or virs or troj's.
    When I get them I delete them and run multiple AV's to make sure they are gone.

    The story:

    Since I have been seeing so many of them on the boxes I am now maintaining, I am trying to make an effort to save them so that all of you can take a look at perhaps find something interesting.

    Remember, I will need some "learnin". I have no idea if the files I have saved are in fact the real thing or something an AV has cleaned up.
    If you can lend me a hand in doing this I can promise you I will have a never ending supply of this "shit".

    Woodmann

    As always, beware of the contents.
    I deleted KAV and all other (antivirus) programs because they use too much resources of a pc ... and they always scanning something
    I promise that I have read the FAQ and tried to use the Search to answer my question.

Similar Threads

  1. my USB another infection..
    By evaluator in forum Malware Analysis and Unpacking Forum
    Replies: 5
    Last Post: January 21st, 2014, 22:08
  2. anyone know what type of hash this is?
    By twisted in forum RCE Cryptographics
    Replies: 2
    Last Post: November 26th, 2010, 04:57
  3. Introduction to various file infection techniques
    By Kurapica in forum Advanced Reversing and Programming
    Replies: 1
    Last Post: March 21st, 2010, 07:22
  4. Trojan.Zhelatin.pk
    By evilcry in forum Blogs Forum
    Replies: 3
    Last Post: November 2nd, 2008, 12:10
  5. Trojan made in C#
    By Cthulhu in forum Malware Analysis and Unpacking Forum
    Replies: 0
    Last Post: May 26th, 2008, 14:28

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •