Skip navigation.
Home

Need a researcher for this virus

|

I need someone to analysis this virus
it's md5:
f5c6b935e47b6a8da4c5337f8dc84f76

I'm waiting for replies

Simple skeletal analysis for "f5c6b935e47b6a8da4c5337f8dc84f76"

This is a simple file which
1. Erases the contents of "\\.\PhysicalDrive%d" (25 to 2, 1, 0) bootsector first 64 bytes with the string "Memory of the independence day".
2. Then it enumerates everydrive (z: thro A:) to check for a valid drive, finds files of extension
.gz
.zip
.pas
.cpp
.java
.jsp
.aspx
.asp
.php
.rar
.gho
.alz
.xml
.pst
.eml
.kwp
.gul
.hna
.hwp
.txt
.rtf
.dbf
.db
.accdb
.pdf
.pptx
.ppt
.mdb
.xlsx
.xls
.wri
.wpx
.wpd
.docm
.docx
.doc

password protects it with random 8 character word and number and saves it in the .gz extension. It is actually a zip file. There is some error in this routine, where it deletes the complete file so that you will never obtain the original file.

Hope this info helps!!!

**** Sriram ****

Nice info, but i think it is

Nice info, but i think it is better make a full reverse (and port it to C). This way you can know very well what system its uses.

I am reversing actually, :)