Log in

View Full Version : Custome Themida? packed malware


tfBullet
November 8th, 2013, 15:33
Hey ppl! My first post here, so be gentle with me please )

I've just recieved this file here (BE CAREFUL!):
http://www.share-online.biz/dl/3D5DOYVMAVI ("http://www.share-online.biz/dl/3D5DOYVMAVI")
password: tfbullet

I've scanned it with all kind of tools, but no result - NOD32 Says "a variant of Win32/Packed.Themida".

And when i debug it in olly, i get a debug output that says "------- Themida -------" but that would be too easy...
i already tryed to unpack it the way i use when i get themida packed files, but no success so far...

can anyone help me unpacking this? or at least point me in the direction?


Regards
tfBullet

tfBullet
November 11th, 2013, 17:13
As far as i got, this thing is only a part of the malware.. at some point it gets dropped to the harddrive, collects some information, mainly about the system it self i guess, and then drops a encrypted file to the drive... but when it comes to unpacking i did'nt get any further...
Suggestions? Anyone?

Regards

VGA
November 24th, 2013, 13:22
Can't even download from that crappy file hoster.

tfBullet
November 24th, 2013, 14:10
uploaded it here for you: http://uploaded.net/file/jcef7p7d