AVScanner Source
Found yesterday:Package is simpleYou just need a scan4you APISelect a file:Result:We will probably see some new private av checkers soon...
View ArticleDeadLine's Survey Builder (Adslocker)
Another 'adslock' this time in .NET (so yeah, that come from HF)Webcheck:It open a webpage to a text file and look on the txt your hwid, on the list ? allowed.Builder:Locker:Designed to fail.Open...
View ArticleRaspberry Pi
In August i've ordered a Raspberry Pi, i just received it (not a joke, it took 5 months)I just need to get back my HDMI cable now...Will use it to brute force malicious servers :)
View ArticleWeb Crab formgrabber
And to finish my hackforum tour for the day...Advert:9Kb with UPX:Looking for process:Open process:WriteProcess:And CreateRemoteThread. (the first time i run the malware made Firefox crashed, second...
View ArticleTalking to a FakeAV black processing service
Finding a payement processor for black is complicated and private kind of business because they are connected with banks and real life, in 2011 most of FakeAV program was in difficulty due to the...
View ArticleIt's the end of Citadel ?
Not the end of world like Mayan calendar predict but the end of Citadel.Since November, Aquabox have misteriously vanished of forums and jabber.He even got banned on a underground forumLast CRM...
View ArticleMoneycloud PPI Affiliate (Simda.A)
New PPI affiliate appearedI know it since the begining i was just bored to have a look.. Via mails etc....Advert:Statistic screenshot of a guys inside:ICQ:It's the end of 2012 so.. wanna laugh a bit...
View ArticlePhish-BankFraud/PHP.Mailer/PHP.Shell
Investigation on some compromised servers used for phishings during these two weeks. (part 2 of Phishing Hunting, a bit more technical now)The first site is gtmaustralia.com.au, phishing...
View ArticleBlack processing service for malware only
Adv:Shortened a bit:good Internet day =)I'm looking for a partner with working spyware or an owner of affiliate programI have a working merchant for plastic cards, for high risk. (not for carding)Some...
View ArticleAndromeda bot
Come from a Keitaro TDS: http://urlquery.net/report.php?id=756624Â Lead on: ald-facebook.co.uk/operations/outer_band_remote.phpPayload: http://vxvault.siri-urz.net/ViriFiche.php?ID=22729Andromeda 2.6,...
View ArticleHow to hex a malware and make a builder
Hello, a tutorial made some weeks ago on Trojanforge, got the idea to write after seeing this:And also because malware builders seems to be fashion these days.When malware writers give only bins and no...
View ArticleIceIX/Zeus Red/Zeus
Some C&C of Zeus found in the wild.Let's start with IceIX: • dns: 1 ›› ip: 78.131.222.67 - adresse: POWIAT-LANCUT.COM.PLLogin:Summary statistics:OS:Bots:Scripts:Search in database:Search in...
View ArticleTrojan:Win32/Reveton
[root@heretyghyuiiiojk www]#What a cool hostname.Just the basic, landing for Italian ransom.And traces of german landingCode comments and variables name are in englishBy looking the code source of...
View ArticlevSkimmer, Another POS malware
When i've view this post, content was already removed and member Banned.vSkimmer - Virtual SkimmerFunctions:- Track 2 grabber- HTTP Loader (Download & Execute)- Update bot itselfWorking Modes:-...
View ArticleTowPow BulletProof Affiliate
TOWPOW is a sub-affiliate of Zed-Cash who recently rebranded. Adv:Login page:News:Stats:Stats by sites:By domains:Charts:Websites landings:Profile:Change password:Change profile:Affiliate...
View ArticleTrojan.Win32/Spy.Ranbyus
 Received a mail with an interesting exehttps://www.virustotal.com/file/17a3ee51492b9b2ba155f54be61f2c305b090cee8d604d1df616ca3ba881b372/analysis/1359049655/Thanks creep.This bot is used by one group...
View ArticlePhish-BankFraud (EDF+CAF)
These time our guys target CAF and still EDF.Phishing redirector:http://www.phishtank.com/phish_detail.php?phish_id=1711740 > 0/33CAF phishing:...
View ArticleDisk Antivirus Professional
According to S!Ri:Disk Antivirus Professional is a fake anti-spyware tool. It displays fake alert messages, prevent execution of legit programs and detects inexistent infections to scare users.It is a...
View ArticlePetroleum POS malware ?
Recently aaSSfxxx posted an interesting file on kernelmodea POS malware loaded via Andromeda according to him.I've asked him to write something so i will not explain you the life about how this malware...
View Article