Jump to content
IObit Forum
Recover any lost or deleted data with Stellar Data Recovery Top Free Driver Updater Tools Best 25 PC Optimization Software Best 22 Antimalware Best 22 Uninstaller Software IObit Coupons & Discount Offers

FUD Malware!!


Recommended Posts

I had some years ago a very good friend, who was into coding programms. First we made useful tools together. Then we had one year no contact to each other. Now I've asked some friends of me about him, they said they stopped their relationship and their contact to him because he started to code malware and he doesn't want to stop this. I know his email and I want report you about his FUD malware. One of his malware I have in attachement. Because it is new, no scanner can analyze it as malware, please scan this file deeper!

I knew his email but I don't know who I shall report it, the police?? ^^

 

ATTENTION: I RECOMMEND YOU NOT TO DOWNLOAD OR TO RUN THIS FILE, BECAUSE THIS IS MALWARE AND CAN CAUSE SERIOUS PROBLEMS TO YOUR COMPUTER, ALSO DON'T VISIT THE WEBSITE, I RECOMMEND YOU TO BLOCK THE WEBSITE USING YOUR HOST FILE!!

 

I have analyzed his malware a bit further and found out that is a Stealer ... moreover the program loads malware from his FTP server:

Network.zip

Link to comment
Share on other sites

It is a steal stealer:

00004434h: 4B 3A 5C 53 48 43 2D 54 6F 6F 6C 73 20 57 4E 20 ; K:\SHC-Tools WN

00004444h: 32 30 30 39 5C 53 74 65 61 6D 20 53 74 65 61 6C ; 2009\Steam Steal

00004454h: 65 72 5C 53 74 65 61 6D 20 53 74 65 61 6C 65 72 ; er\Steam Stealer

00004464h: 20 56 42 5C 4E 65 74 77 6F 72 6B 5C 4E 65 74 77 ; VB\Network\Netw

00004474h: 6F 72 6B 31 5C 6F 62 6A 5C 44 65 62 75 67 5C 4E ; ork1\obj\Debug\N

00004484h: 65 74 77 6F 72 6B 31 2E 70 64 62 00 ; etwork1.pdb.

 

Who is SHC? Maybe a Google search should be done ;)

Link to comment
Share on other sites

I have reported yesterday the file also to Avira Labs.

Here the result:

 

http://analysis.avira.com/samples/details.php?uniqueid=KbYUGTzJMvvIdbC9VJWvUCsp3SVYRjLQ&incidentid=342302

 

its in German, they analyzed the file and added it to their database as "TR/Agent.dic".

 

Thanks Tesk for showing your analyze.

 

But the server is empty, looks like we were out to late.

 

I think he wanted to delete his tracks as far he knew I got one of his malware programs and deleted every file in his server. I heard this is one of his old stealers and he has better one's on his computer, if I get the new one's I'll report them too.

 

// Update: I know why the server is empty. I told he Kilu people yesterday to delete his kilu account as far as possible and today I got the message they have done so, but yesterday morning there were files on his webspace.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...