Malware Domain List

Malware Related => Malicious Domains => Topic started by: sowhat-x on October 26, 2007, 05:03:00 pm

Title: ms1.exe and data.exe
Post by: sowhat-x on October 26, 2007, 05:03:00 pm
Quote
hxxp://ww.mtwor.com/ms1.exe

MD5 Hash -  E50EE7BB625302DAACA03ECFE07930A7

FSG 2 used on this one,multiple naming conventions from AV companies,
but the most common among them was "Delf.crp" or so...

Quote
hxxp://ww.mtwor.com/ms1/data.exe

MD5 Hash - 7245CE2FB66DC572B8AD2B2AA0695554

PEiD doesn't detect the packer used internally (yet).
EP Section name is ".bedrock" though,and it certainly isn't some sign-faker:
I can assure you this is Bambam speaking here...

VirusTotal's engine reports too many different names to be listed here.
It also (incorrectly) flags the packer as "NPack".




Title: Re: ms1.exe and data.exe
Post by: JohnC on October 26, 2007, 06:58:16 pm
Thanks, these will be in the list soon.