Analysis of a random piece of malware found on MDL

Discussion in 'malware problems & news' started by Gullible Jones, Jul 19, 2014.

Thread Status:
Not open for further replies.
  1. Gullible Jones

    Gullible Jones Registered Member

    May 16, 2013
    md5sum is 2faef876504495530b64256b5c1d4863 if you want to see what VirusTotal has to say about it.

    First off: I tried to get this thing running on a Win7 install, but either it didn't work or was so stealthy that I couldn't find it afterwards. What I do know about it is
    - The installer is actually a compiled AutoIt script (or script/interpreter package? I don't know AutoIt)
    - It spawns several copies of itself when running
    - It does not seem to be compressed (at least not as a whole)

    And that's all.

    I will be using radare2 to try and analyze the thing, and posting stuff as it comes... Don't expect fast progress though. Or much progress at all for that matter.
  2. JRViejo

    JRViejo Super Moderator

    Jul 9, 2008
    Thread Closed As Per Policy.
Thread Status:
Not open for further replies.