Sign In
Create Account
1Quote
File bot2.exe received on 03.02.2009 01:22:07 (CET)
Current status: finished
Result: 24/39 (61.54%)
Current status: finished
Result: 24/39 (61.54%)
virustotal
#1
Posted 02 March 2009 - 12:40 AM
-
- Honorary Members
-
- 3,023 posts
कैंसर योद्धा
- Gender:Not Telling
- Location:Jah Jersey Shore
h**p://www.trafficmonsterinc.ru/bot2.exe
virustotal
15.0 KB
virustotal
"Don't worry about a thing,
'Cause every little thing gonna be all right!"
'Cause every little thing gonna be all right!"
Back to top
#2
Posted 02 March 2009 - 08:51 PM
-
- Moderators
-
- 16,158 posts
Malware BBQ'er
- Gender:Male
- Location:127.0.0.1
Hi ya,
Thankfully we have the installer flagged as Trojan.Dropper
If allowed to install it patch's kernel32.dll with its own code and also the clean copy held in DLL backup folder which makes restoration a PITA
http://www.virustotal.com/analisis/152cc4f...9629b8cb646f52c
Patched Kernel32.dll will fail signature verification and *clean* copy of the original file has been renamed to kbdpx.dll located in <system32> folder.
http://www.threatexpert.com/report.aspx?md...48c968dab05a467
Thankfully we have the installer flagged as Trojan.Dropper
If allowed to install it patch's kernel32.dll with its own code and also the clean copy held in DLL backup folder which makes restoration a PITA
http://www.virustotal.com/analisis/152cc4f...9629b8cb646f52c
Patched Kernel32.dll will fail signature verification and *clean* copy of the original file has been renamed to kbdpx.dll located in <system32> folder.
http://www.threatexpert.com/report.aspx?md...48c968dab05a467
Attached Files
-
sigverify.jpg 22.42K
0 downloads
1 user(s) are reading this topic
0 members, 1 guests, 0 anonymous users
