Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Suspicious Files
- Reported by neonprimetime security
- http://neonprimetime.blogspot.com
- *****
- All related to a Phish Email
- *****
- InfoStealer.Zbot.Citadel
- Trojan.ZBot
- Invoice.exe
- hxxp://www.richardkmet.sk/file.php
- Application Data\Ziuml\irty.ilg
- Application Data\Hyru
- Application Data\Axxoo\ifymp.exe
- AppData\Local\Temp\NTMARTA.DLL
- AppData\Roaming\Sidy\UXEQU.AKE
- AppData\Roaming\Sidy
- AppData\Roaming\Ryko\qoice.exe
- AppData\Roaming\Unzoad\ehbu.eda
- AppData\Roaming\Ryko\API-MS-WIN-DOWNLEVEL-ADVAPI32-L2-1-0.DLL
- AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat
- AppData\Roaming\Ryko\RPCRTREMOTE.DLL
- Software\Microsoft\Windows\CurrentVersion\Run\"Vyhieqvek"
- ****
- \366\026\307U\254ra\310\340o\350\032\010\313\274\317\341\033~\371Y\322\025\345\210\031#\234\313\027d)\204\034UAA\325g\205\305!\007,\227\375\221S\3024\365\037\011~U\272\357\314\344D\031\263{50v\303\205\253\376\207kZw\2474So2\023\007\230d\370\206\350dl\205\305\237\234Ws\0370\2162Ei\313'UvqX\375\030\315s&\013\221\227\3465\271S\352\240f\346
- ****
- kernel32.dll
- 734265A3 mov [0x7352f0b8], ax;734265A9 call 0xf;734265AE pop edi;734265AF pop esi;734265B0 leave ;734265B1 ret ;734265B2 call 0x22;734265B7 test eax, eax;734265B9 mov [0x7352f0c0], eax;734265BE jge dword 0x1aa3e;
- *****
- Software\Microsoft\Yvpiyq\"Vuidekbiy" = 99 7d 1c c2 65 ba 4d 98 f5 32 a7 8f 9c 5e 93 cf 99 7d 1c c2 65 ba 4d 98 f5 32 a7 8f 9c 5e 93 cf 99 7d 1c c2 65 ba 4d 98 f5 32 a7 8f 9c 5e 93 cf 25 ce a7 f2 c6 90 f0 45 50 31 60 d5 51 31 33 75 99 7d 1c c2 65 ba 4d 98 f5 32 a7 8f 9c 5e 93 cf 99 7d 1c c2 65 ba 4d 98 f5 32 a7 8f 9c 5e 93 cf 99 7d 1c c2 65 ba 4d 98 f5 32 a7 8f 9c 5e 93 cf 7a a5 4e 9b 7e c1 de 96 06 e4 40 f2 e2 52 3b 5b 99 7d 1c c2 65 ba 4d 98 f5 32 a7 8f 9c 5e 93 cf 99 7d 1c c2 65 ba 4d 98 f5 32 a7 8f 9c 5e 93 cf
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
