Infostealer.Gampass

MD5: d7872f2487ceff922b7f4a384ba970bd
SHA1: 3ee82d48413a68c080f5bf290a3cc40dd138218f

File size: 4608 bytes
Packer: UPX

SAMPLE DOWNLOAD / ANALYSIS:

Files created:

%TEMP%\rundll52.exe (VirusTotal)
%TEMP%\scansock.exe (VirusTotal)

%TEMP%\sockhelp32.exe (VirusTotal)
%WINDIR%\dnfhack.cy
%WINDIR%\dnfset.cyc

%HOMEDRIVE%\test.bat

Registry changes:

LM = Local Machine

CU = Current User

LM\Software\Microsoft\DownloadManager
CU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings

Internet connection:

hxxp://client.jxyunge.com/

hxxp = http

Other:

Modify hosts file

DOWNLOAD SAMPLE

MIRROR - DOWNLOAD SAMPLE

Password: malwaresniper

Members www.malware-sniper.blogspot.com no responsibility for any damage caused by malware. Use at your own risk!

Malware Sniper - About 0-Day Malware

2012/08/08

Infostealer.Gampass

No comments:

Post a Comment

I recommend

Contact with me

I'm here

Subscribe

Reklama