Skip navigation.
Home

Sample of bound Ventrillo exe

|

Alright guys, I ran across this while on
http://www.ventrilo-software.com/

All of it is bound malware as I have seen and I am going to give a bound as well as unbound .exe for you guys.

http://uppit.com/ifjeb3rnaqib/Infected.rar

There you go. It is a bound as well as unbound copy. Unbound is in the folder and bound is the vent install file when you first open it.

*I'm going to try to get a rogue AV file on this board as soon as I can, enjoy analyzing.

PeID report on install.exe:
Scanning -> C:\Users\Indirect\Desktop\Random\Misc\Sum Big Hecks Rite Hur\Infected\ventrilo-2.1.4-windows-i386\install.exe
File Type : 32-Bit Exe (Subsystem : Win GUI / 2), Size : 433176 (069C18h) Byte(s)
-> File has 24 (018h) bytes of appended data starting at offset 069C00h
[File Heuristics] -> Flag : 00000000000001001100000000100100 (0x0004C024)
[CompilerDetect] -> Borland Delphi
[!] File appears to have no protection or is using an unknown protection
- Scan Took : 0.906 Second(s)