Results 1 to 6 of 6

Thread: some FB shared malware.

  1. #1
    Musician member evaluator's Avatar
    Join Date
    Sep 2001
    Posts
    1,479
    Blog Entries
    1

    some FB shared malware.

    some hot link was shared on FB:

    http://tiny.cc/nt7ebx#UZwLn=Avier

    goes to

    http://www.fileshareservices.net/ads21.html?ref=1702&aff_sub=1702&sub_id=1702

    ps did not ran myself yet

    EDIT update:
    I ran this in VM and it has downloaded another NET runtime thingies..

    password: malware
    Attached Files Attached Files
    Last edited by evaluator; February 20th, 2014 at 13:01. Reason: update

  2. #2
    Condemned geezer
    Join Date
    Oct 2001
    Location
    Ankara, Turkey
    Posts
    138
    FB is the root of all eval, ...erm, evil.

    P.S.: Guncelle=Update in TR. Fancy that, looks like some compatriot has involved in spreading malware.

  3. #3
    Musician member evaluator's Avatar
    Join Date
    Sep 2001
    Posts
    1,479
    Blog Entries
    1
    do you mean, it is NOT malware??
    and 34 of 50 AV are wrong?
    https://www.virustotal.com/en/file/42aff123de91c0ae75ab544aa0a87e047277ca725e3e42e97cfa36e71ba80fd9/analysis/

  4. #4
    He's saying it is a malware with some info included that indicates someone
    from his country is involved.

    Woodmann
    Learn Or Die.

  5. #5
    The piece you attached is a very simplistic downloader, probably written by a teenager. It achieves persistence via registry, then connects to http://www.fileshareservices.org/extFiles/control409.txt to get the URL for another file, which it then downloads and executes. Presently the file control409.txt does not exist at fileshareservices.org though, so the malware is basically harmless until someone creates it.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  6. #6
    Musician member evaluator's Avatar
    Join Date
    Sep 2001
    Posts
    1,479
    Blog Entries
    1
    well, at that day I downloaded more then 2mb other NET executables, then deleted those.. did not want to keep such trash even in thread..

Similar Threads

  1. find checksum code inside shared lib (linux .so)
    By mikeparadox in forum Advanced Reversing and Programming
    Replies: 0
    Last Post: December 8th, 2012, 03:24
  2. Decompilation of shared libraries (.so files)
    By Flood in forum The Newbie Forum
    Replies: 6
    Last Post: August 30th, 2012, 21:20
  3. Is this malware?
    By bboitano in forum Malware Analysis and Unpacking Forum
    Replies: 2
    Last Post: December 18th, 2009, 07:18
  4. Some VB malware
    By b3n in forum Malware Analysis and Unpacking Forum
    Replies: 3
    Last Post: November 24th, 2008, 11:38
  5. help linux shared linked library
    By celestezhu in forum Advanced Reversing and Programming
    Replies: 6
    Last Post: August 20th, 2004, 01:13

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •