Malware Related > Malicious Domains

ms1.exe and data.exe

(1/1)

sowhat-x:

--- Quote ---hxxp://ww.mtwor.com/ms1.exe
--- End quote ---

MD5 Hash -  E50EE7BB625302DAACA03ECFE07930A7

FSG 2 used on this one,multiple naming conventions from AV companies,
but the most common among them was "Delf.crp" or so...


--- Quote ---hxxp://ww.mtwor.com/ms1/data.exe
--- End quote ---

MD5 Hash - 7245CE2FB66DC572B8AD2B2AA0695554

PEiD doesn't detect the packer used internally (yet).
EP Section name is ".bedrock" though,and it certainly isn't some sign-faker:
I can assure you this is Bambam speaking here...

VirusTotal's engine reports too many different names to be listed here.
It also (incorrectly) flags the packer as "NPack".




JohnC:
Thanks, these will be in the list soon.

Navigation

[0] Message Index

Go to full version