Jump to content


Photo

CC2E826681142D313F32115EBE4E26DA


  • This topic is locked This topic is locked
1 reply to this topic

#1 ZeroSecurity

ZeroSecurity

    New Member

  • Members
  • Pip
  • 26 posts
  • Gender:Male

Posted 09 May 2012 - 11:10 PM

Found on youtube video, currently UD on Malwarebytes database.

Coded in: C#/VB.NET

File: RunescapeBot V1.08 Setup.exe
Size: 938496
MD5: CC2E826681142D313F32115EBE4E26DA
Path: C:\Users\Zher0\Downloads\RunescapeBot V1.08



DNS REQUESTS:

edis22.no-ip.biz:184.171.198.41
edis22.no-ip.biz:184.171.198.41

One file droped + added to startup:

Startup name: Spoof Service
File: taskmgr.exe
Size: 938496
MD5: CC2E826681142D313F32115EBE4E26DA
Path: C:\Users\Zher0\AppData\Local\Temp\taskmgr.exe - DETECTED by malwarebytes but not on direct scan
Microsoft Visual C# / Basic .NET

Same MD5 hash but malwarebytes only detects in temp directory.

VT:

Detection ratio: 8 / 42

https://www.virustot...sis/1336622645/

#2 sUBs

sUBs

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 8,309 posts

Posted 10 May 2012 - 12:01 AM

Thank you for your help. Attached file will be verified.
sUBs
Research Engineer

Posted Image

Follow us: Twitter, Become a fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users