Analysis of a random piece of malware found on MDL

Discussion in 'malware problems & news' started by Gullible Jones, Jul 19, 2014.

Thread Status:
Not open for further replies.
  1. Gullible Jones

    Gullible Jones Registered Member

    Joined:
    May 16, 2013
    Posts:
    1,466
    md5sum is 2faef876504495530b64256b5c1d4863 if you want to see what VirusTotal has to say about it.

    First off: I tried to get this thing running on a Win7 install, but either it didn't work or was so stealthy that I couldn't find it afterwards. What I do know about it is
    - The installer is actually a compiled AutoIt script (or script/interpreter package? I don't know AutoIt)
    - It spawns several copies of itself when running
    - It does not seem to be compressed (at least not as a whole)

    And that's all.

    I will be using radare2 to try and analyze the thing, and posting stuff as it comes... Don't expect fast progress though. Or much progress at all for that matter.
     
  2. JRViejo

    JRViejo Super Moderator

    Joined:
    Jul 9, 2008
    Posts:
    97,165
    Location:
    U.S.A.
    Thread Closed As Per Policy.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.