My bad<oops> Is old phide tool hosted at VX heavens and nothing to do with PE386's Phide_ex POC...So my bad on testing as have 2 folders...
And here's a couple of advanced POC's RK's in the mix8) Sample 1 Unreal [ATTACH] [ATTACH] [ATTACH] Sample 2 Phide_ex [ATTACH]
Well is kudo's to the author ad_13 for his creation:thumb: So far none of my zoo collection of malware RK's and POC's have defeated it so IMO...
Because all available public ARK detectors todate do not offer the scope of detection as RR so this is why this is *new* data returned and not...
It is attached to the directory and not inside of system32 folder. HTH and hope ya enjoy the samples;D
Possibly your confusion is caused from misunderstanding tool configuration/data returned.....with that the file visible in your temp folder is not...
Unfortunetly whether we agree or disagree with their attitudes/opinions....the technical data returned is 100% accurate. From a malware research...
Re http://www.wilderssecurity.com/showthread.php?t=214600 locked thread by Bubba and suggested that enquiry/reply be posted in this topic and with...
Really this needs to be put into some perspective for want of not seeing a very effective botkiller bad coverage;) So for all naysayers then...
Typical Limewire search using topical wording but same files will appear whilst searching audio files;) [ATTACH]
Hi Aigle, It was used in this topic but the topic poster neglected to tell folks what they were using as *live* test:ouch:...
I have seen it reported at a closed research forum by one of the resident experts there.Threat sample was gained c/o the following topic@...
Anyone playing with kd.exe sample be advised it is an MBR killer if it goes live:o RC and fix mbr command for anyone who gets into trouble:thumb:
Well the *bit of fun* has been seen being utilized by fake alert infections ITW! Nick did address same enquiry @ SAS forums:)...
sheer class Marco;D Now where's my tin foil hat gone lol
interesting info on SB being posted at the following topic;) http://forum.sysinternals.com/forum_posts.asp?TID=15072
lol Ilya upload your so called droppers to VT...ignore Doctor Webs flag and look at the other classifications;) ~VirusTotal and\or Jotti link...
You mean Trojan downloader.Agent.ddl is no match for Defencewall as for Rustock C/ntldrbot then it has still not been tested versus DW! BTW...
Now this will be confusing... Nick S, a12e891a.sys is Trojan downloader.agent.ddl It is agent and not Rustock C/spambot. It no longer...
Ok Nick stop painting me bad afterall it was me and my bro who goaded Dr Webs hand on VT upload to get the driver out to the bigger...
The dumped driver was uploaded =6/5 No need to upload the dropper for the downloader agent or the downloader agent because one had 32/32 hits@...
It does not then..quite streight forward. I don't beieve Nick has done his homework on this one..that said it is so not widely dispersed that...
I have replied to this comment in ntldrbot topic and still standby what is posted in my reply post to you;) Just to clear up this little bit...
Well got to be honest i can niether agree or disagree with that statement except all those things would foil the downloader.agent in its tracks!...
lol Nick might have the 1 or even possibly the 2nd broken driver that were doing the rounds when DR Web made its PR advert announcing the arrival...
Separate names with a comma.
