Skip navigation.
Home

W32/Duqu

Hey guys,
This is urgent: http://www.symantec.com/connect/w32_duqu_precursor_next_stuxnet

anyone got any sample yet?

no, but a VT scan

no,
but a VT scan here
http://www.virustotal.com/file-scan/report.html?id=f2b631fcdf83b928661a7e09dd11fa640251a4850ff570436f3b16abef0fad10-1318965731

trojan component already here

Search 9749d38ae9b9ddd81b50aad679ee87ec for the trojan component. Drivers and other files seem to be missing, at least when searching for hashsums posted by F-Secure.

HTH,
Oliver

Duqu Samples

Hello the_mfox,

I got 2 drivers and a dropper. have phun

http://www.mediafire.com/?51ll5c592uu5m5c

Re: Duqu samples

Thx for posting Netcat.

All 3 files are drivers, namely "cmi4432.sys", "jminet7.sys", "nfrd965.sys". "cmi4432.sys" is the only one with a signature, from C-Media Electronics Incorporation.

There is a 4th driver variant out there named "adpu321.sys" / 3d83b077d32c422d6c7016b5083b9fc2.

HTH,
Oliver

yea, you're right. that was

yea, you're right. that was not a dropper, sry..

Thanks Netcat

Netcat,

Thanks again man. Been looking for this sample. Appreciate it.

Q

Question All Things - So you can make sure people aren't jerking you around.