View Full Version : Trojan type infection perhaps?
Woodmann
June 16th, 2009, 22:12
Howdy,
A preface before I begin.
I dont play around with mals or virs or troj's.
When I get them I delete them and run multiple AV's to make sure they are gone.
The story:
Since I have been seeing so many of them on the boxes I am now maintaining, I am trying to make an effort to save them so that all of you can take a look at perhaps find something interesting.
Remember, I will need some "learnin". I have no idea if the files I have saved are in fact the real thing or something an AV has cleaned up.
If you can lend me a hand in doing this I can promise you I will have a never ending supply of this "shit".
Woodmann
As always, beware of the contents.
marcovaldo
June 17th, 2009, 17:16
If your perhaps becomes infected by a trojan then the trojan might indeed
phone home to the undead indeed :-O
Sorry for that but the title triggered a playing with words and as words
are also just another kind of endangered species - you have to play with
them while they still exist... :-)
Woodmann
June 17th, 2009, 19:20
marco,
I can appreciate how you play with words

.
When I read the first line I laughed to myself. Now if only I could describe how I see that play on words.........
I put a dirty trojan on my perhaps and now it is infected

.
Woodmann
evaluator
June 18th, 2009, 07:14
mostly repacked TDSS group malware.
btw, downloaded some GIFs, which have little image, but big file-size.
GIF uses lossless compression on 24bit images, so can keep any data.
how-to decompress them directly?
esther
June 18th, 2009, 08:09
An image viewer?
evaluator
June 19th, 2009, 15:22
uff.. ingeniuos help.
seems data is attached at GIF without packing. and then decrypted as exe-files.
new exe-files are generated automatically, packed with UPX, crypted with castom tr-cryptor, attached to GIFs. this all is automated process!
Woodmann
June 21st, 2009, 20:00
Virus attached to images.............
Now I know

.
Thanks, Don Wooma
evaluator
June 22nd, 2009, 09:30
you can attack this servers =)
http://superimagesart.com/item/.../609/titem.gif
http://thenewpic.com/item/..
http://stockshopimages.com/perce/../90b/qwerce.gif
http://imagesoffline.com/perce/..
http://theimagesphoto.com/werber/803/217.gif
Woodmann
June 22nd, 2009, 18:30
Well.........
Those are not real places according to my browser

.
You want another rar 'o mals ?
Woodmann
evaluator
June 23rd, 2009, 09:20
you can start downloader 4a657d55.exe. just you need prevent new process creation from this downloader.
"image"-server addresses are changing, but main redirector server is
http://reportsystem32.com/senm.php?data=[YOUR PC DATA ENCODED]==
so this should attacked.
do you see in your browser these servers:
studioofimages.com
pixphotos.com
imgesinstudioonline.com
imagesplusonline.com
***
upload more qualified malware

Woodmann
June 23rd, 2009, 20:07
Why yes those sites do seem to be real.
They all returned a "forbidden"

.
Why would they deny me the mal's I so richly deserve?
As for more qualified mal's, I only rar them, I dont play with them

.
I will get some more uploaded tonight or tomorrow.
Woodmann
Lula8r
August 24th, 2009, 06:02
Quote:
[Originally Posted by Woodmann;81157]Howdy,
A preface before I begin.
I dont play around with mals or virs or troj's.
When I get them I delete them and run multiple AV's to make sure they are gone.
The story:
Since I have been seeing so many of them on the boxes I am now maintaining, I am trying to make an effort to save them so that all of you can take a look at perhaps find something interesting.
Remember, I will need some "learnin". I have no idea if the files I have saved are in fact the real thing or something an AV has cleaned up.
If you can lend me a hand in doing this I can promise you I will have a never ending supply of this "shit".
Woodmann
As always, beware of the contents. |
I deleted KAV and all other (antivirus) programs because they use too much resources of a pc ... and they always scanning something
Powered by vBulletin® Version 4.2.2 Copyright © 2018 vBulletin Solutions, Inc. All rights reserved.