Cthulhu
April 2nd, 2007, 15:59
I just got this trojan from a friend. And it seems that it is packed with a brand new packer.
Warning this is a malware
Warning this is a malware
View Full Version : Another strange packer
fr33ke
April 2nd, 2007, 16:43
I think this is a home-brewn packer. Pretty trivial to unpack, just trace a bit until the 'jmp eax'. Oep is 403530.
Looks kinda interesting, uses non-API code to get kernel32 base address and functions. Also the strings look promising (some HTTP shit).
EDIT: I found some strings that indicate the trojan want to steal your money. They were encrypted.
EDIT2: I am pretty sure it is the trojan described in this paper: http://ip.securescience.net/advisories/pubMalwareCaseStudy.pdf
Attached is my dump, and yes it's malware. Download at your own risk.
Looks kinda interesting, uses non-API code to get kernel32 base address and functions. Also the strings look promising (some HTTP shit).
EDIT: I found some strings that indicate the trojan want to steal your money. They were encrypted.
Code:
https://onlineeast#.bankofamerica.com/cgi-bin/ias/*/
*banking.*/cgi/ueber*.cgi*
*citibank.de/*
GRABBED TAN:
EDIT2: I am pretty sure it is the trojan described in this paper: http://ip.securescience.net/advisories/pubMalwareCaseStudy.pdf
Attached is my dump, and yes it's malware. Download at your own risk.
Cthulhu
April 3rd, 2007, 07:23
Thanks for helping me with this one man!
Powered by vBulletin® Version 4.2.2 Copyright © 2018 vBulletin Solutions, Inc. All rights reserved.