Clik here to view.
AVScanner Source
Found yesterday:Package is simpleYou just need a scan4you APISelect a file:Result:We will probably see some new private av checkers soon...
View ArticleClik here to view.
DeadLine's Survey Builder (Adslocker)
Another 'adslock' this time in .NET (so yeah, that come from HF)Webcheck:It open a webpage to a text file and look on the txt your hwid, on the list ? allowed.Builder:Locker:Designed to fail.Open...
View ArticleClik here to view.
Raspberry Pi
In August i've ordered a Raspberry Pi, i just received it (not a joke, it took 5 months)I just need to get back my HDMI cable now...Will use it to brute force malicious servers :)
View ArticleClik here to view.
Web Crab formgrabber
And to finish my hackforum tour for the day...Advert:9Kb with UPX:Looking for process:Open process:WriteProcess:And CreateRemoteThread. (the first time i run the malware made Firefox crashed, second...
View ArticleClik here to view.
Talking to a FakeAV black processing service
Finding a payement processor for black is complicated and private kind of business because they are connected with banks and real life, in 2011 most of FakeAV program was in difficulty due to the...
View ArticleClik here to view.
It's the end of Citadel ?
Not the end of world like Mayan calendar predict but the end of Citadel.Since November, Aquabox have misteriously vanished of forums and jabber.He even got banned on a underground forumLast CRM...
View ArticleClik here to view.
Moneycloud PPI Affiliate (Simda.A)
New PPI affiliate appearedI know it since the begining i was just bored to have a look.. Via mails etc....Advert:Statistic screenshot of a guys inside:ICQ:It's the end of 2012 so.. wanna laugh a bit...
View ArticleClik here to view.
Phish-BankFraud/PHP.Mailer/PHP.Shell
Investigation on some compromised servers used for phishings during these two weeks. (part 2 of Phishing Hunting, a bit more technical now)The first site is gtmaustralia.com.au, phishing...
View ArticleClik here to view.
Black processing service for malware only
Adv:Shortened a bit:good Internet day =)I'm looking for a partner with working spyware or an owner of affiliate programI have a working merchant for plastic cards, for high risk. (not for carding)Some...
View ArticleClik here to view.
Andromeda bot
Come from a Keitaro TDS: http://urlquery.net/report.php?id=756624Â Lead on: ald-facebook.co.uk/operations/outer_band_remote.phpPayload: http://vxvault.siri-urz.net/ViriFiche.php?ID=22729Andromeda 2.6,...
View ArticleClik here to view.
How to hex a malware and make a builder
Hello, a tutorial made some weeks ago on Trojanforge, got the idea to write after seeing this:And also because malware builders seems to be fashion these days.When malware writers give only bins and no...
View ArticleClik here to view.
IceIX/Zeus Red/Zeus
Some C&C of Zeus found in the wild.Let's start with IceIX: • dns: 1 ›› ip: 78.131.222.67 - adresse: POWIAT-LANCUT.COM.PLLogin:Summary statistics:OS:Bots:Scripts:Search in database:Search in...
View ArticleClik here to view.
Trojan:Win32/Reveton
[root@heretyghyuiiiojk www]#What a cool hostname.Just the basic, landing for Italian ransom.And traces of german landingCode comments and variables name are in englishBy looking the code source of...
View ArticleClik here to view.
vSkimmer, Another POS malware
When i've view this post, content was already removed and member Banned.vSkimmer - Virtual SkimmerFunctions:- Track 2 grabber- HTTP Loader (Download & Execute)- Update bot itselfWorking Modes:-...
View ArticleClik here to view.
TowPow BulletProof Affiliate
TOWPOW is a sub-affiliate of Zed-Cash who recently rebranded. Adv:Login page:News:Stats:Stats by sites:By domains:Charts:Websites landings:Profile:Change password:Change profile:Affiliate...
View ArticleClik here to view.
Trojan.Win32/Spy.Ranbyus
 Received a mail with an interesting exehttps://www.virustotal.com/file/17a3ee51492b9b2ba155f54be61f2c305b090cee8d604d1df616ca3ba881b372/analysis/1359049655/Thanks creep.This bot is used by one group...
View ArticleClik here to view.
Phish-BankFraud (EDF+CAF)
These time our guys target CAF and still EDF.Phishing redirector:http://www.phishtank.com/phish_detail.php?phish_id=1711740 > 0/33CAF phishing:...
View ArticleClik here to view.
Disk Antivirus Professional
According to S!Ri:Disk Antivirus Professional is a fake anti-spyware tool. It displays fake alert messages, prevent execution of legit programs and detects inexistent infections to scare users.It is a...
View ArticleClik here to view.
Clik here to view.
Petroleum POS malware ?
Recently aaSSfxxx posted an interesting file on kernelmodea POS malware loaded via Andromeda according to him.I've asked him to write something so i will not explain you the life about how this malware...
View Article