Malware Related > Malicious Domains
ms1.exe and data.exe
(1/1)
sowhat-x:
--- Quote ---hxxp://ww.mtwor.com/ms1.exe
--- End quote ---
MD5 Hash - E50EE7BB625302DAACA03ECFE07930A7
FSG 2 used on this one,multiple naming conventions from AV companies,
but the most common among them was "Delf.crp" or so...
--- Quote ---hxxp://ww.mtwor.com/ms1/data.exe
--- End quote ---
MD5 Hash - 7245CE2FB66DC572B8AD2B2AA0695554
PEiD doesn't detect the packer used internally (yet).
EP Section name is ".bedrock" though,and it certainly isn't some sign-faker:
I can assure you this is Bambam speaking here...
VirusTotal's engine reports too many different names to be listed here.
It also (incorrectly) flags the packer as "NPack".
JohnC:
Thanks, these will be in the list soon.
Navigation
[0] Message Index
Go to full version