Skip navigation.
Home

TmpHider Stuxnet Sample Needed Urgent

|

Hi

I want a sample of tmp files of this malware which adds to USB disks. Here is more details:

http://www.securelist.com/en/blog/269/Myrtus_and_Guava_Episode_1
http://www.wilderssecurity.com/showthread.php?t=276994

It's called Stuxnet or TmpHider

Please upload a sample, there is 2 tmp files which this malware puts in USB. I need them

Thanks
Regards

TmpHider

How do you upload here?

For the mean time here :
http://rapidshare.com/files/407833729/TmpHider.rar
all pass : malware

10 downloads so please deposit here.

How about an MD5 or sample

How about an MD5 or sample posted to OC

submit form

@ Meriadoc,

You can upload here:
http://www.offensivecomputing.net/submit.php

and then post the md5 you get after uploading.

uploaded

Thanks.

~wtr4141.tmp
MD5 055a3421813caf77e1387ff77b2e2e28

~wtr4132.tmp
MD5 74ddc49a7c121a61b8d06c03f92d0c13

Thanks for uploading

Thanks for uploading this sample!
:)

uploaded

uploaded:

MD5: 15db99383d46d790812e83df6196f4fd
VT results: 1/42 (2.39%)
Nod32: LNK/Exploit.CVE-2010-2568

MD5: d24f522d4c40c33cb92f226a255c5bd0
VT results: 3/42 (7.15%)
2 x Gen. Trojan | Nod32: Win32/Exploit.CVE-2010-2568

Thanks for uploading

Many Thanks for the samples !

I thanks too :)

I thanks too :)

Thank You

Thank you for sharing this sample thank you very much...

But could anyone here please also share the .lnk files of the threat...

Actually, I can't figure out

Actually, I can't figure out how to get it working... could anybody help me please? I'm courious... :)

Please!

Can anyone here please provide the .lnk files, really needed!

.lnk file

md5 .lnk file: 15db99383d46d790812e83df6196f4fd

Here it is one of the links

I uploaded it
Search for f0dc6f465c800db53f982384b17d645a
Don't forget that the link tries to open specific path like this:
\\.\STORAGE#RemovableMedia#8&364cf31c&0&RM#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\~WTR414

Did anybody make it work?

Did anybody make it work? Maybe it's because i'm on a virtual machine...?

Thank You

Thank you very much!

FSB Security Labs, a new

FSB Security Labs, a new antivirus startup company has already published a pure generic detection utility which aims to detect the CVE-2010-2568 vulnerability inside malicious Microsoft Link files.

Response Security tool available to download from this address : http://90plan.ovh.net/~avfsb/index.php?SSP=TELECHARGEMENT6&MENU=1

I think these guyz are doing great job already :)

But this link died:

But this link have died: http://rapidshare.com/files/407833729/TmpHider.rar
Can you upload to the another link? Thank so much!

Help Needed!

How to run the shortcut files with the malware, please help me!

where's the uploaded samples?

How do you get the samples uploaded by other users? I would also like to test those myself...thanks!

download instruction

Paste checksum in corresponding field, uncheck "Thorough search" and click search.

Microsoft LNK vulnerability fix coming on Monday

Security update to address the vulnerability in Windows Shell (Microsoft Security Advisory 2286198) is coming on Monday, August 2, 2010 at or around 10 AM PDT.

http://blogs.technet.com/b/msrc/archive/2010/07/29/out-of-band-release-to-address-microsoft-security-advisory-2286198.aspx

http://isc.sans.edu/diary.html?storyid=9304

Cheers !