A new security killer in town (Tejon Crypter 1.3)

Discussion in 'malware problems & news' started by pandlouk, Jun 4, 2010.

Thread Status:
Not open for further replies.
  1. pandlouk

    pandlouk Registered Member

    Joined:
    Jul 15, 2007
    Posts:
    2,976
    Panagiotis
     
  2. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,738
    Hmmn, does it bypass default-deny SRP and LUA / UAC?
     
    Last edited: Jun 5, 2010
  3. pandlouk

    pandlouk Registered Member

    Joined:
    Jul 15, 2007
    Posts:
    2,976
    What do you mean with bypass?
    SRP/LUA protects by not allowing anything unknown to run (if set correctly).

    If you run it, is game over.

    Panagiotis
     
  4. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,738
    Good to know, thanks.
    How is it anti-sandbox though? Even virtual machines?
     
  5. AvinashR

    AvinashR Registered Member

    Joined:
    Dec 26, 2009
    Posts:
    2,063
    Location:
    New Delhi Metallo β-Lactamase 1
    I guess it cannot bypass Sandbox & Virtual Machine...It refuses to run inside it but can't bypass. :)
     
  6. pandlouk

    pandlouk Registered Member

    Joined:
    Jul 15, 2007
    Posts:
    2,976
    Not exactly.
    Anti-sandbox etc. could mean that it can identify that is running in a sandbox.
    Then you can instract it to behave differently in the sandbox -> the user thinks it is ok, runs it on the real machine and there unleashes the "hidden present".

    Panagiotis
     
  7. AvinashR

    AvinashR Registered Member

    Joined:
    Dec 26, 2009
    Posts:
    2,063
    Location:
    New Delhi Metallo β-Lactamase 1
    Agree with you...Sometimes malwares crypted with this kind of crypters refuses to run inside the sandbox, and user try to run it outside the sandbox and then get infected...:)
     
  8. wat0114

    wat0114 Guest

    Please no offense to anyone, but I would wonder why someone would be stupid enough to run a file that refuses to run in a vm on the real system. As for this super duper Binford 9000 system terminating genre of new age malware that's supposed to scare the socks off of anyone who so much as dare glance at it, simply don't run it.
     
  9. AvinashR

    AvinashR Registered Member

    Joined:
    Dec 26, 2009
    Posts:
    2,063
    Location:
    New Delhi Metallo β-Lactamase 1
    You know i have saw many stupids in my office too...:D
     
  10. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,738
    Not that simple if hit with a drive-by attack.

    Anyways, I don't understand what these 2 means: *Get All Privileges and *Run Only in Admin Mode
    Does it execute properly with limited rights or not?
     
  11. subhrobhandari

    subhrobhandari Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    780
    Tejon? I remember one guy named Tejas was flooding his tools as such in some of the underground markets. Btw, anyone used it against Zemana and Spyshelter?
     
  12. Chiron

    Chiron Registered Member

    Joined:
    Jun 6, 2010
    Posts:
    174
    Where can I download this software and is it dangerous?
     
  13. Triple Helix

    Triple Helix Specialist

    Joined:
    Nov 20, 2004
    Posts:
    13,269
    Location:
    Ontario, Canada
    Use Google!

    TH
     
  14. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,164
    Location:
    UK / Pakistan
    It,s very interesting. Have any one tried it so far?

    Thanks
     
  15. Chiron

    Chiron Registered Member

    Joined:
    Jun 6, 2010
    Posts:
    174
  16. Ibrad

    Ibrad Registered Member

    Joined:
    Dec 8, 2009
    Posts:
    1,972
    I remember someone spammed the MBAM forums for this, I never understood why malware writers would advertise malware on a security forum.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.