Results 1 to 3 of 3

Thread: Another strange packer

  1. #1

    Another strange packer

    I just got this trojan from a friend. And it seems that it is packed with a brand new packer.

    Warning this is a malware
    Attached Files Attached Files

  2. #2
    King of Redonda
    Join Date
    Jul 2006
    Posts
    109
    Blog Entries
    4
    I think this is a home-brewn packer. Pretty trivial to unpack, just trace a bit until the 'jmp eax'. Oep is 403530.

    Looks kinda interesting, uses non-API code to get kernel32 base address and functions. Also the strings look promising (some HTTP shit).

    EDIT: I found some strings that indicate the trojan want to steal your money. They were encrypted.

    Code:
    https://onlineeast#.bankofamerica.com/cgi-bin/ias/*/
    *banking.*/cgi/ueber*.cgi*
    *citibank.de/*
    GRABBED TAN:
    EDIT2: I am pretty sure it is the trojan described in this paper: http://ip.securescience.net/advisories/pubMalwareCaseStudy.pdf

    Attached is my dump, and yes it's malware. Download at your own risk.
    Attached Files Attached Files
    Last edited by fr33ke; April 2nd, 2007 at 18:58.
    <[TN]FBMachine> i got kicked out of barnes and noble once for moving all the bibles into the fiction section

  3. #3
    Thanks for helping me with this one man!

Similar Threads

  1. Need help with a strange MD5 problem
    By Darkelf in forum The Newbie Forum
    Replies: 3
    Last Post: January 3rd, 2011, 12:36
  2. strange AntivirusXP2008?
    By evaluator in forum Malware Analysis and Unpacking Forum
    Replies: 4
    Last Post: August 6th, 2008, 23:56
  3. Help about such a strange SEH trick
    By kcynice in forum Advanced Reversing and Programming
    Replies: 16
    Last Post: June 4th, 2008, 11:52
  4. Found something strange..
    By malikah in forum The Newbie Forum
    Replies: 6
    Last Post: June 29th, 2007, 15:22

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •