Jump to content


Photo

hicham's malware submissions


  • Please log in to reply
37 replies to this topic

#1 hicham

hicham

    Active Member

  • Members
  • PipPipPip
  • 54 posts
  • OS:Windows 7
  • AV:emsisoft anti malware
  • HIPS:comodo firewell
  • Other:nothing

Posted 02 July 2012 - 10:18 AM

http://www63.zippyshare.com/v/60818282/file.html

:) i hope to add this signatures
it's too dangers
i can't download it and upload because my isp too bad internet
but i help emsisoft what i can

#2 hicham

hicham

    Active Member

  • Members
  • PipPipPip
  • 54 posts
  • OS:Windows 7
  • AV:emsisoft anti malware
  • HIPS:comodo firewell
  • Other:nothing

Posted 02 July 2012 - 10:20 AM

[url="http://www20.zippyshare.com/v/72479754/file.html"]http://www20.zippyshare.com/v/72479754/file.html[/url]
this 3 simple too

#3 Arief Prabowo

Arief Prabowo

    Forum Veteran

  • Emsisoft Employee
  • 2471 posts
  • LocationIndonesia

Posted 02 July 2012 - 10:25 AM

http://www63.zippyshare.com/v/60818282/file.html

:) i hope to add this signatures
it's too dangers
i can't download it and upload because my isp too bad internet
but i help emsisoft what i can


There's no undetected malware. All files has been detected by EAM.

Again, please follow our guidelines. No need to password protected archive!
Best regards,

Arief Prabowo [Research]

Emsisoft Team - http://www.emsisoft.com
Posted Image

#4 hicham

hicham

    Active Member

  • Members
  • PipPipPip
  • 54 posts
  • OS:Windows 7
  • AV:emsisoft anti malware
  • HIPS:comodo firewell
  • Other:nothing

Posted 02 July 2012 - 10:35 AM

i take it from bit defender forum
in virus total i see emsisoft don't detect it
at all all what i mean i need to help
thanks bro and good luck

#5 Arief Prabowo

Arief Prabowo

    Forum Veteran

  • Emsisoft Employee
  • 2471 posts
  • LocationIndonesia

Posted 02 July 2012 - 10:38 AM

Yes we are very appreciate your help. But please read and follow our guidelines carefully.
Best regards,

Arief Prabowo [Research]

Emsisoft Team - http://www.emsisoft.com
Posted Image

#6 hicham

hicham

    Active Member

  • Members
  • PipPipPip
  • 54 posts
  • OS:Windows 7
  • AV:emsisoft anti malware
  • HIPS:comodo firewell
  • Other:nothing

Posted 04 July 2012 - 04:32 PM

https://www.virustot...26788/analysis/

password unrar = sa3eka

#7 hicham

hicham

    Active Member

  • Members
  • PipPipPip
  • 54 posts
  • OS:Windows 7
  • AV:emsisoft anti malware
  • HIPS:comodo firewell
  • Other:nothing

Posted 04 July 2012 - 04:34 PM

password unrar = sa3eka
good luck
this pass for new people may be they will download directly and their pc it will infected
because this kind of virus to danger

#8 Arief Prabowo

Arief Prabowo

    Forum Veteran

  • Emsisoft Employee
  • 2471 posts
  • LocationIndonesia

Posted 04 July 2012 - 05:52 PM

Please read and follow our guidelines!



https://www.virustotal.com/file/f75e3f2c4bab1cb642ce5087f126d28c733260ec4a997c6a09bd160cde626788/analysis/


File is already detected. See this latest report:

https://www.virustot...sis/1341420373/

Your VT report is 2 days ago, you need to re-scan the file to make sure it's not detected by Emsisoft.

password unrar = sa3eka
good luck
this pass for new people may be they will download directly and their pc it will infected
because this kind of virus to danger


File is password protected!

Only experts member are able to download the file, so you don't need to worry about that.
Best regards,

Arief Prabowo [Research]

Emsisoft Team - http://www.emsisoft.com
Posted Image

#9 hicham

hicham

    Active Member

  • Members
  • PipPipPip
  • 54 posts
  • OS:Windows 7
  • AV:emsisoft anti malware
  • HIPS:comodo firewell
  • Other:nothing

Posted 04 July 2012 - 05:58 PM

happy to hear that bro :) i was tryiing emsisoft detect it may be i don't do the updates
at all there's a trojan downloader im waiting my friend he will send me it
i hope to help me how to Test this malwares and trojans in good places secure no afraid from infected ?
virtual box with shadow deffender 100 Secure ?

#10 hicham

hicham

    Active Member

  • Members
  • PipPipPip
  • 54 posts
  • OS:Windows 7
  • AV:emsisoft anti malware
  • HIPS:comodo firewell
  • Other:nothing

Posted 06 July 2012 - 02:00 PM

https://www.virustot...sis/1341579360/
malware
Detection ratio: 3 / 42

#11 Arief Prabowo

Arief Prabowo

    Forum Veteran

  • Emsisoft Employee
  • 2471 posts
  • LocationIndonesia

Posted 06 July 2012 - 02:18 PM

Thank you for your submission. A database update has already been issued and will be available via online update within the next minutes.
Best regards,

Arief Prabowo [Research]

Emsisoft Team - http://www.emsisoft.com
Posted Image

#12 hicham

hicham

    Active Member

  • Members
  • PipPipPip
  • 54 posts
  • OS:Windows 7
  • AV:emsisoft anti malware
  • HIPS:comodo firewell
  • Other:nothing

Posted 06 July 2012 - 03:26 PM

https://www.virustot...sis/1341584626/

16 / 42
malware.rar
MD5: dcb7a668bc23f2333007e3ee49e1b70b

#13 hicham

hicham

    Active Member

  • Members
  • PipPipPip
  • 54 posts
  • OS:Windows 7
  • AV:emsisoft anti malware
  • HIPS:comodo firewell
  • Other:nothing

Posted 06 July 2012 - 04:14 PM

Posted Image

i stop my internet now it will be normal

Posted Image

Posted Image

Posted Image
using real player icon

Posted Image

lol using system memory

Posted Image


Posted Image

lol

Posted Image

lol he want injection with mozilla firefox

Posted Image

injection with firefox

Posted Image

lol

Posted Image

lol his place injection

C:\WINDOWS\InstallDir


#14 hicham

hicham

    Active Member

  • Members
  • PipPipPip
  • 54 posts
  • OS:Windows 7
  • AV:emsisoft anti malware
  • HIPS:comodo firewell
  • Other:nothing

Posted 06 July 2012 - 05:12 PM

there's a password in file so the file automatiquler from the paker it will unpack to system32 after 10 min from download
it's so danger file
we need Anti SFX password chifrax trojans

#15 hicham

hicham

    Active Member

  • Members
  • PipPipPip
  • 54 posts
  • OS:Windows 7
  • AV:emsisoft anti malware
  • HIPS:comodo firewell
  • Other:nothing

Posted 06 July 2012 - 05:17 PM

Posted Image
This too

#16 Arief Prabowo

Arief Prabowo

    Forum Veteran

  • Emsisoft Employee
  • 2471 posts
  • LocationIndonesia

Posted 07 July 2012 - 06:08 AM

Thank you. The file will be checked.
Best regards,

Arief Prabowo [Research]

Emsisoft Team - http://www.emsisoft.com
Posted Image

#17 hicham

hicham

    Active Member

  • Members
  • PipPipPip
  • 54 posts
  • OS:Windows 7
  • AV:emsisoft anti malware
  • HIPS:comodo firewell
  • Other:nothing

Posted 07 July 2012 - 06:59 AM

the file is too danger
if it says password SFX unpacker Because this's the idea from the hacker to add a time to unpack automatiquler in your system32
and hack with hidden prossess
and getting a injection with svshost.exe and mozilla firefox.exe
good luck arief im sure u will get it :)

#18 hicham

hicham

    Active Member

  • Members
  • PipPipPip
  • 54 posts
  • OS:Windows 7
  • AV:emsisoft anti malware
  • HIPS:comodo firewell
  • Other:nothing

Posted 09 July 2012 - 07:58 AM

http://www.umplayer.com/download/
This player as virus virtumond
not detected By all anti viruses
i scan it with assempler i see much viruses and bad behavior on it

#19 Elise

Elise

    Forum Veteran

  • Emsisoft Employee
  • 3937 posts
  • LocationRomania
  • OS:Windows 7 x64

Posted 09 July 2012 - 08:29 AM

No malware was detected in the download you linked to.

Nevertheless, if you suspect a URL to download malicious files onto a computer, then please attach a text file containing the link so nobody can accidentally click it and get infected that way. Also, as explained here, please try to attach the actual file together with a Virustotal scan. These rules were already pointed out to you several times, so please try to follow them. If they are not clear to you somehow, then please let us know which part you don't understand so we can clarify it.
Best regards,

Elise van Dorp [Malware Research]

Emsisoft Team - http://www.emsisoft.com

#20 hicham

hicham

    Active Member

  • Members
  • PipPipPip
  • 54 posts
  • OS:Windows 7
  • AV:emsisoft anti malware
  • HIPS:comodo firewell
  • Other:nothing

Posted 09 July 2012 - 08:46 AM

i scan the file of setup virus total says it's malware
go scan umplayer setup file and tell me what you see

#21 Elise

Elise

    Forum Veteran

  • Emsisoft Employee
  • 3937 posts
  • LocationRomania
  • OS:Windows 7 x64

Posted 09 July 2012 - 09:10 AM

This is the VT scan of the URL you linked to: https://www.virustot...sis/1341821329/
This is the VT scan of the downloaded file: https://www.virustot...sis/1341821250/

On top of that I analysed the installer and nothing malicious or undesirable was dropped/installed.
Best regards,

Elise van Dorp [Malware Research]

Emsisoft Team - http://www.emsisoft.com

#22 hicham

hicham

    Active Member

  • Members
  • PipPipPip
  • 54 posts
  • OS:Windows 7
  • AV:emsisoft anti malware
  • HIPS:comodo firewell
  • Other:nothing

Posted 09 July 2012 - 09:27 AM

This file is Virtumonde virus!
This is Rogue.
#malware #drivebydownload
Posted 7 months, 2 weeks ago by anonymous
look in the comments in virus total
that anonymous he's from admins of virus total

always he says the truth

#23 hicham

hicham

    Active Member

  • Members
  • PipPipPip
  • 54 posts
  • OS:Windows 7
  • AV:emsisoft anti malware
  • HIPS:comodo firewell
  • Other:nothing

Posted 09 July 2012 - 09:28 AM

#4 Elise

ok at all thanks for help i love romania :) i have a friend from There
named alex :)

#24 hicham

hicham

    Active Member

  • Members
  • PipPipPip
  • 54 posts
  • OS:Windows 7
  • AV:emsisoft anti malware
  • HIPS:comodo firewell
  • Other:nothing

Posted 19 July 2012 - 11:15 AM

http://haizer-dz1.com/

A malware back track web site to hack cookies and steal them from cookies

:)

i hope to see and add the suspious files on it in black list

We Trust you emsisoft

the Best

protect us



#25 Fabian Wosar

Fabian Wosar

    Forum Veteran

  • Emsisoft Employee
  • 2962 posts
  • OS:Windows 8.1 x64
  • AV:Emsisoft Anti-Malware

Posted 19 July 2012 - 11:49 AM

Consider this a last warning, hicham. Either follow the guidelines of this forum or I will remove your access to this forum.
Best regards,

Fabian Wosar [Development]
Emsisoft Team - www.emsisoft.com

#26 hicham

hicham

    Active Member

  • Members
  • PipPipPip
  • 54 posts
  • OS:Windows 7
  • AV:emsisoft anti malware
  • HIPS:comodo firewell
  • Other:nothing

Posted 10 September 2012 - 02:48 PM

File: Yu42R5sC.exe
CRC-32: 5b19c1cf
MD4: 352507a47f9beb1424880005ad368d19
MD5: e0fdfa0fcc3ce9fd148ab7ebe9f372f3
SHA-1: faf7314321c8e000695407d1461ca8a3ee1cc257

https://www.virustot...cfe9f/analysis/

Zbot malware

#27 Elise

Elise

    Forum Veteran

  • Emsisoft Employee
  • 3937 posts
  • LocationRomania
  • OS:Windows 7 x64

Posted 10 September 2012 - 03:07 PM

Thank you for your submission. I will look into it as soon as possible.
Best regards,

Elise van Dorp [Malware Research]

Emsisoft Team - http://www.emsisoft.com

#28 hicham

hicham

    Active Member

  • Members
  • PipPipPip
  • 54 posts
  • OS:Windows 7
  • AV:emsisoft anti malware
  • HIPS:comodo firewell
  • Other:nothing

Posted 10 September 2012 - 03:32 PM

np :) my bro elise :) if you found it's malware :) tell me :)

#29 Elise

Elise

    Forum Veteran

  • Emsisoft Employee
  • 3937 posts
  • LocationRomania
  • OS:Windows 7 x64

Posted 10 September 2012 - 04:13 PM

Yes, its indeed zbot and has been added to the database, thank you!
Best regards,

Elise van Dorp [Malware Research]

Emsisoft Team - http://www.emsisoft.com

#30 hicham

hicham

    Active Member

  • Members
  • PipPipPip
  • 54 posts
  • OS:Windows 7
  • AV:emsisoft anti malware
  • HIPS:comodo firewell
  • Other:nothing

Posted 10 September 2012 - 04:28 PM

Elise i will work in this Team soon :) i will try to submit all files which EAM don't detected them

:) Remember to help me to join this team :)
good luck bro

#31 hicham

hicham

    Active Member

  • Members
  • PipPipPip
  • 54 posts
  • OS:Windows 7
  • AV:emsisoft anti malware
  • HIPS:comodo firewell
  • Other:nothing

Posted 11 September 2012 - 11:55 AM

File: linun.exe
CRC-32: 3b4cac9b
MD4: 078b854463c5c332884f6d3b5623c36d
MD5: 6c1995fdd1e90fb013e6390cf68c3ef4
SHA-1: 588ea8bad35166cb1b13dadcfed2ff2833968d46

lol with Fake Digitale signature
that file need to use internet explorer to download more malwares
this kind (Zbot) yasterday i submit it and update for it
but i see the file created too in application data with another hash and md5
so please add this new version too
14/42

https://www.virustot...sis/1347360848/

#32 Arief Prabowo

Arief Prabowo

    Forum Veteran

  • Emsisoft Employee
  • 2471 posts
  • LocationIndonesia

Posted 11 September 2012 - 11:59 AM

Thanks, I will look into it.
Best regards,

Arief Prabowo [Research]

Emsisoft Team - http://www.emsisoft.com
Posted Image

#33 hicham

hicham

    Active Member

  • Members
  • PipPipPip
  • 54 posts
  • OS:Windows 7
  • AV:emsisoft anti malware
  • HIPS:comodo firewell
  • Other:nothing

Posted 12 September 2012 - 08:48 AM

lets tell me if the file take a update

#34 Arief Prabowo

Arief Prabowo

    Forum Veteran

  • Emsisoft Employee
  • 2471 posts
  • LocationIndonesia

Posted 12 September 2012 - 10:01 AM

The file has been added to database since yesterday. You can scan the file to know whether the file already detected or not.
Best regards,

Arief Prabowo [Research]

Emsisoft Team - http://www.emsisoft.com
Posted Image

#35 hicham

hicham

    Active Member

  • Members
  • PipPipPip
  • 54 posts
  • OS:Windows 7
  • AV:emsisoft anti malware
  • HIPS:comodo firewell
  • Other:nothing

Posted 12 September 2012 - 10:43 AM

arief Prabowo The problem not add it to database because the file has a auto md5 Changer
i was upload it in virustotal and get emsisoft already detect and catch it
but after that i see in appdata the same file with fake digital signature and another md5
scan with The emsisoft not detected
i sent it yasterday and you add it
i hope it's detected at all no change again :(

#36 hicham

hicham

    Active Member

  • Members
  • PipPipPip
  • 54 posts
  • OS:Windows 7
  • AV:emsisoft anti malware
  • HIPS:comodo firewell
  • Other:nothing

Posted 12 September 2012 - 04:06 PM

Zeroday malware Trojan.(ZeroAccess)HT

File: malware.avi.exe
CRC-32: 1ac7f28a
MD4: 32b9bf964d6ab2f2dad448e48099177b
MD5: bbe20cd362b5b15ffc62fa9a8c1f9af9
SHA-1: 924ebcdea2fa9abba999bf78a1b88c519b4735c1

https://www.virustot...sis/1347460624/

#37 hicham

hicham

    Active Member

  • Members
  • PipPipPip
  • 54 posts
  • OS:Windows 7
  • AV:emsisoft anti malware
  • HIPS:comodo firewell
  • Other:nothing

Posted 12 September 2012 - 04:11 PM

lol The same Zbot with another Md5 not detected
need to new Generation which detected the file if that change The informations

File: GjTagQc.exe
CRC-32: 8793f1be
MD4: 37d1a03c757ee560b82b20747991bc05
MD5: 29bf648581ce4e9d371701c487db22e5
SHA-1: b5380e132bbcfaf3c549aff3864d17ee6e6da6b5

https://www.virustot...sis/1347461878/

#38 Arief Prabowo

Arief Prabowo

    Forum Veteran

  • Emsisoft Employee
  • 2471 posts
  • LocationIndonesia

Posted 12 September 2012 - 04:51 PM

Thank you for your submission. A database update has already been issued and will be available via online update within the next minutes.
Best regards,

Arief Prabowo [Research]

Emsisoft Team - http://www.emsisoft.com
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users