Sign In
Create Account
0http://softportal-extrafiles.com/TubeViewer.ver.6.48268.exeResult: 2/41 (4.88%)
VT
File size: 78489 bytes
http://rapidshare.de/files/47679110/TubeViewer.ver.6.48268.rar.html
-
This topic is locked
#1
Posted 27 June 2009 - 02:47 PM
-
- Malware Hunters
-
- 6,718 posts
Forum Deity
- Gender:Male
- Location:West Aussie
- Interests:Gardening and computers.
VT
File size: 78489 bytes
Back to top
#2
Posted 27 June 2009 - 03:09 PM
-
- Malware Hunters
-
- 6,718 posts
Forum Deity
- Gender:Male
- Location:West Aussie
- Interests:Gardening and computers.
http://files-softportal.com/TubeViewer.ver.6.48268.exeResult: 2/40 (5.00%)
VT
File size: 74852 bytes
http://rapidshare.de/files/47679327/TubeViewer.ver.6.48268.rar.htmlMorph.
http://rapidshare.de/files/47679530/TubeViewer.ver.6.48268.rar.html
#3
Posted 27 June 2009 - 03:18 PM
-
- Moderators
-
- 7,111 posts
Forum Deity
- Gender:Male
Take care with those files. They are the same
Today the DNS is: extrafiles-softportal.com
Filename is not important, exemple:
hxxp://extrafiles-softportal.com/Jaxryley.123.exe
Coders are using a stub to have different MD5 (different size, different key). The stub is changed every 24h/48h.
When running the exe, the stub decrypt an UPX file, then it is unpacked, and finally we get the original executable that downloads 3 other malwares.
Don't look after MD5 or VT detection. Classic AV are far behind...
Today the DNS is: extrafiles-softportal.com
Filename is not important, exemple:
hxxp://extrafiles-softportal.com/Jaxryley.123.exe
Coders are using a stub to have different MD5 (different size, different key). The stub is changed every 24h/48h.
When running the exe, the stub decrypt an UPX file, then it is unpacked, and finally we get the original executable that downloads 3 other malwares.
Don't look after MD5 or VT detection. Classic AV are far behind...
1 user(s) are reading this topic
0 members, 1 guests, 0 anonymous users
