Skip navigation.
Home

Interesting Malware

|

66819d1f0e6e4f5696ad1c02365813cd is an intersting sample we got last week. It's not detected by our AV scanners and it is very difficult to unpack.

This malware is firewall and antivirus aware and detects debuggers. There are a bunch of strings inside of it which list things like Mydoom.j sobig.c TSUNAMI sniffer yahoobuddy NICK DDOS etc. I'm not sure if these are decoys yet or what this is for. More as I get it.

V.

jotti.org scan results,..

Only about 3 vendors saw anything in your file though the 3 that did picked it up as a sdbot variant. I'll post the results if you want.

My opinion: SdBot

took a look in it.. it has strings like "Exploit statistics" and "220 Reptile welcomes you.." and many others... (that one with "Reptile" is kind of a visual-signature for my eye, telling it's SdBot :P)
In XPSP2(vmware) it crashed (DrWatson was launched) but anyway, I suspended dwwin and malware.exe and did a memory dump.. that would be enough..
About the ida's screenshot.. which version do you use, cause ida4.9 seems to behave ok.. at least for now..
and, one more thing: BitDefender detects is as DeepScan:Generic.SdBot :)

ida 5

is the version right now.

Yeh i saw alot of interesting strings. Keep up the good work! the more details people post about things they find the better!

V.

yeh please

you never have to ask, always post results :)

V.

hmm BitDefender

well BitDefender detected this malware first1.
Read more on BitDefender Forum, but you need to be registered to View the forum and to post.

www.BitDforum.com