Aerosol Posted February 5, 2015 Report Share Posted February 5, 2015 Generic ransomware pushed to small ZeuS botnet machines by script:user_execute hxxp://ge.tt/api/1/files/4k8mPe82/0/blob?download >> (informations.exe)zeus script.png (835.88 KiB) Viewed 115 timesec2b6ecfc8ca67f9357b6550166a0838 informations.exe (UPX)6ec6069728a91a04407283bc6bf208b7 UNPACKEDSome generic ransomware junk..run in VM it asks for a password to decrypt files so I thought I would try to crack. winxp.png (590.39 KiB) Viewed 115 timesI'm not a great RE like most ppl on here so I gave up and just patched the binary Change 00401C19 > JMP 0040124F (decryption routine) Attached are samples and patched binary in case anyone needs to unlock stuff... I was surprised, the malware does decrypt everything.. I did not look into the encryption routine or the password too much, but I'm sure someone around here can figure it out.DownloadSource Quote Link to comment Share on other sites More sharing options...
Guest Posted February 8, 2015 Report Share Posted February 8, 2015 (edited) Dovada ca el posteaza fara sa verifice, copy/paste dupa alt forum cred @AerosolTe rog nu mai veni aici cu scuze de 2 lei, cine are 20 de conturi banate?apropo m-ai dat pe spate cu astaVoi sunteti aici doar pentru offtopic ( fiindca sa vede ca doar asta va duce capul)Sa punem si noi o piesa nu? Edited February 8, 2015 by NETGEAR Quote Link to comment Share on other sites More sharing options...
Aerosol Posted February 8, 2015 Author Report Share Posted February 8, 2015 (edited) Fetele, de ce comentati aiurea? postul era de xylitol ( un om foarte cunoscut in Franta si influent) ma cunosc cu el de ceva timp.app am pus sursa ca de pe acel forum l-am luat dar ulterior au mutat postul. ( Sunt membru pe KM din 2010 )Download-ul inca merge asa ca GURA!Va place sa comentati aiurea dar inainte incercati sa descarcati geniilor. @NETGEAR in loc sa comentati da-ti log out.Nu mai comentati aiurea, nu mai incercati sa va bagati in seama cu mine ca nu dau tuturor.... importanta!Voi sunteti aici doar pentru offtopic ( fiindca sa vede ca doar asta va duce capul)Ba mai mult unu dintre voi (se stie el) are deja 20 de conturi banate si asta spune totul.AMIN!Melodie cu dedicatie speciala pentru:Doru alu' Supozitor si Vasile n'Curamluat-o @NETGEAR Primele mele posturi sunt in 2011 ( 21-11-2011 )Oricum iti urez noroc cu cariera ta de hater( copil cu 8 clase ) Edited February 8, 2015 by Aerosol Quote Link to comment Share on other sites More sharing options...
Guest Posted February 8, 2015 Report Share Posted February 8, 2015 (edited) Boule, ai inceput sa postezi dupa Aerosol acum cateva luni, cand mi-am facut eu contu asta mai exactdoar ca eu am 92 post-uri(cu asta) si tu 2,228?Ce parere ai? eu nu puteam sa mut HF sau altele aici prin copy/paste?On: Mai pune odata sursa ca aia nu merge, vezi ca trebuie sa stii unde s-a mutat daca ai cont acolo din 2010 Serios? @Aerosol ? Edited February 8, 2015 by NETGEAR Quote Link to comment Share on other sites More sharing options...
Mrcucubaux Posted February 8, 2015 Report Share Posted February 8, 2015 Quote Link to comment Share on other sites More sharing options...
