Results 1 to 2 of 2

Thread: Virtob.si yet ready to infect you..

  1. #1
    Musician member evaluator's Avatar
    Join Date
    Sep 2001
    Posts
    1,479
    Blog Entries
    1

    Virtob.si yet ready to infect you..

    damn, today i did browse some old (jan 2010) downloaded samples..

    789981e352460461755325a3c109ee95a7c81c51 *Virtob.si

    cmon, they are ready to infect you at high level..
    so there is not any normal anti-malware control over net..

    http://ad.ghura.pl/rus.php
    http://kdert.com/kb2.txt
    http://kdert.com/wmp/dmq4.txt

    pass: MALWARE
    Attached Files Attached Files

  2. #2
    Musician member evaluator's Avatar
    Join Date
    Sep 2001
    Posts
    1,479
    Blog Entries
    1
    also there is

    http://kdert.com/wmp/adq1.txt
    (Preloader)
    it's loader is funny, uses WrProcMemory to overwrite self execution.

    it then starts svchost process & injects there Loader module
    which downloads file "ndis.sys"=OuterDrv (in first pack)

    this "OuterDrv.sys" conteins sp2-ndis.sys & another "InnerDrv.sys", which again has slightly changed Loader-module.
    Attached Files Attached Files

Similar Threads

  1. Your free airline ticket is ready.
    By Woodmann in forum Malware Analysis and Unpacking Forum
    Replies: 25
    Last Post: March 28th, 2012, 14:06
  2. Hex-Rays SDK is ready!
    By Hex Blog in forum Blogs Forum
    Replies: 0
    Last Post: November 14th, 2007, 00:35
  3. Heh, new armkiller is ready.
    By Unpacker in forum Malware Analysis and Unpacking Forum
    Replies: 2
    Last Post: October 28th, 2002, 02:06
  4. Armadillo Killer 2.6 ready!
    By Armkiller in forum Malware Analysis and Unpacking Forum
    Replies: 32
    Last Post: August 27th, 2002, 22:23

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •