├── CVE-2010-3333 ├── breakpoint_fixed.jpg ├── crash.jpg ├── error.jpg ├── grep.jpg ├── mona.jpg ├── sed.jpg └── shellcode.jpg ├── C_Logger.NET ├── code │ └── cloger7_config.py └── img │ ├── EmailLogsTimer_Tick.png │ ├── FTPCreateUpload.png │ ├── PEID.png │ ├── SaveScreenShotTimer_Tick.png │ ├── fiddler.png │ ├── popup.png │ ├── site1.png │ ├── site2.png │ ├── site3.png │ ├── site4.png │ ├── site5.png │ ├── site6.png │ ├── site7.png │ └── telerik.png ├── Dridex_config_decoder └── Dridex_config_decoder.py ├── Hancitor-decrypter └── decrypt-hancitor.py ├── Karagny.L ├── screen-01.png ├── screen-02.png ├── screen-03.png ├── screen-04.png ├── screen-05.png ├── screen-06.png ├── screen-07.png └── screen-08.png ├── Necurs_Analysis ├── BMP_PE_Header.PNG ├── DeviceTree.png ├── Immunity_C&C.PNG ├── Immunity_MZ_Header_FirstOR.PNG ├── Immunity_MZ_Header_UnXoredUPX.PNG ├── Immunity_MZ_Header_Xored.PNG ├── Immunity_XOR_Routine.PNG ├── PIMAGE_INFO_Structure.png ├── WindowsUltraAV.png ├── biohazard.png ├── functionPrototype.png ├── immunity_Creating1st_Driver.PNG ├── immunity_LoadImage.PNG ├── vipcines.png ├── windbg_IoCreateSymbolicLink.png ├── windbg_Regcallback.png ├── windbg_RegistryCallback_CMP.PNG ├── windbg_RootKitRegistryConfig_callbackDeleted.png ├── windbg_SSDT_Fixed.PNG ├── windbg_chkimg_NT_.png ├── windbg_deviceCreationDisass.PNG ├── windbg_deviceCreationDisass2.PNG ├── windbg_deviceCreationDisass3.PNG ├── windbg_deviceCreationDisass4.PNG ├── windbg_deviceCreationDisass6.PNG ├── windbg_deviceCreationDisass6_2.PNG ├── windbg_pscallback.png ├── windbg_ssdt.png └── windbg_structureLive.png ├── README.md ├── autoit_ransomware └── img │ ├── exe2aut_autoit.png │ ├── ida_autoit_msgbox.png │ ├── ida_isdebug.png │ ├── url_start.png │ └── url_wrongpaysafecard.png ├── blackenergy ├── 11.u.idb ├── getprochash.tgz └── img │ ├── ida_call_compute_hash.png │ ├── ida_call_decode_config.png │ ├── ida_call_inflate.png │ ├── ida_config_encrypted.png │ ├── ida_encryption_loop.png │ ├── ida_hash_fct.png │ ├── ida_hash_resolved.png │ ├── ida_push_calleax.png │ └── ida_rc4_init.png ├── cdorked.A ├── command_url_check.png ├── creation_of_the_xor_key.png ├── etag.png ├── secid.png ├── totally_legit.png ├── want_backdoor.png └── xor_with_ip.png ├── doublepack ├── code │ ├── unittest.sh │ ├── unpacker.c │ ├── winnt.h │ └── yara.rules ├── idb │ ├── 003B0000-stage2.mem │ ├── abc113dcabb074229f7f5b74a6dbc178-stage2.idb │ └── abc113dcabb074229f7f5b74a6dbc178.idb └── img │ ├── hd-pe-legit.png │ ├── ida-call-decode1.png │ ├── ida-decode.png │ ├── ida-jmp-eax.png │ ├── ida-loading-offset.png │ ├── ida-loc_41BD14-init.png │ ├── ida-loc_41BF5A.png │ ├── ida-reconstruct-loop1.png │ ├── ida-stage2-start.png │ ├── img-lordpe-dump-partial.png │ ├── olly-00153A90-data.png │ ├── olly-dmp-page.png │ ├── olly-jmp-eax.png │ ├── olly-memory-map.png │ ├── olly-stage2-loop2-out.png │ └── olly-stage2-loop2.png ├── duqu ├── coderipper2.rb ├── decode.401D18.c ├── decryptstage2.rb ├── decryptstrings.rb ├── duqu.0x5098.decrypted ├── duqu.0x5098.idb ├── export.sh ├── getfunbyhash.rb ├── pedump │ ├── Makefile │ ├── pedump.c │ ├── pefile.c │ ├── pefile.h │ └── pestruct.h └── ripper.rb ├── facebookspreader ├── code │ ├── decode-data.c │ └── decode-url.py ├── idb │ ├── 270c66954ed73885bc463923bb81ebff.packer.idb │ └── 4128e7521acfac1cf25a0d02d17deef6.facebookspreader.idb └── img │ ├── debug-string.png │ ├── dump-8b0000.png │ ├── ida-decode-loop.png │ ├── ida-decode-url.png │ ├── ida-dword-fonctions.png │ ├── ida-dword-ok.png │ ├── ida-dword-references.png │ ├── ida-string.png │ ├── img-ida-readurl.png │ ├── lordpe-dmp.png │ ├── ollydbg-memory-breakpoint.png │ └── ollydbg-memory-write.png ├── herpnet ├── code │ ├── decode-all.py │ └── decode.rb ├── extract │ └── Herpes.tgz ├── idb │ └── db6779d497cb5e22697106e26eebfaa8.idb └── img │ ├── PtPVDrKD.jpeg │ ├── bot_info.png │ ├── fb.png │ ├── ida_build_req_call.png │ ├── ida_buildreq.png │ ├── ida_decode_loop.png │ ├── ida_doreq_useragent.png │ ├── ida_initthread.png │ ├── ida_initvariable.png │ ├── ida_winmain.png │ ├── login.png │ ├── option.png │ ├── panel.png │ ├── picasa.png │ ├── real.png │ ├── repo.png │ ├── task.png │ └── twitter.png ├── presentation ├── ndh2k12 │ ├── Analysis_and_pownage_of_a_botnet.pdf │ └── Initiation_reverse.pdf ├── pses2012 │ └── Initiation_reverse.pdf └── rmll2012 │ ├── Conference.pdf │ └── workshop.tgz ├── rannoh ├── decompress_rannoh.tgz ├── extract_pic.tgz └── img │ ├── ida_call_initpic.png │ ├── ida_decompress_call.png │ ├── ida_decompress_len.png │ ├── ida_dwimgavailable.png │ ├── ida_entry_function.png │ ├── ida_entry_function_clean.png │ ├── ida_setimgpointer.png │ ├── image_0.png │ ├── image_1.png │ ├── image_2.png │ ├── image_3.png │ └── img_calldecodeimg.png ├── ransom_india └── img │ ├── ollydbg_bp_writeprocess.png │ ├── ollydbg_dump.png │ ├── ollydbg_execmod.png │ ├── ollydbg_kernel32_bp.png │ ├── ollydbg_lock.png │ ├── ollydbg_options.png │ └── ollydbg_run.png ├── ransom_russia └── img │ ├── ollydbg_bp_writeprocess.png │ ├── ollydbg_dump.png │ ├── ollydbg_execmod.png │ ├── ollydbg_kernel32_bp.png │ ├── ollydbg_lock.png │ ├── ollydbg_options.png │ └── ollydbg_run.png ├── redoctober ├── ida │ └── red.idb ├── img │ ├── copy_sc_msmc21.png │ ├── createfile1.png │ ├── createfile2.png │ ├── createfile3.png │ ├── mz_final_msmx21.png │ ├── part3-1.png │ ├── part3-2.png │ ├── part3-3.png │ ├── part3-4.png │ ├── part3-5.png │ ├── part3-6.png │ ├── part3-7.png │ ├── part3-8.png │ ├── part3-9.png │ ├── rc4-1.png │ ├── rc4-2.png │ ├── stage_1.png │ ├── stage_2.png │ ├── stage_3.png │ ├── virtualalloc_msmc21.png │ ├── writefile1.png │ ├── writefile2.png │ └── zlib.png └── yara │ └── red_october.yr ├── ripper └── ripper.rb ├── script_gdb_flame ├── img │ ├── installgdbwin.png │ ├── listaddrmov.png │ ├── listaddrpush.png │ ├── lordPEcharacteristics.png │ └── staticanalysis.png └── pkg │ └── gdb-6.8-2.tar.bz2 ├── tobfy ├── idb │ └── e1387d35d3d0b59eb9eb68f08598cb67-patched.idb └── img │ ├── ida_decode_func.png │ ├── ida_decode_strings.bmp │ ├── ida_decode_strings.png │ ├── ida_decoded.png │ ├── ida_decrypt_bin.png │ ├── ida_encoded.png │ ├── ida_encoded_strings.png │ ├── ida_injection.png │ ├── olly_bp_writeprocess.png │ ├── olly_mz.png │ ├── olly_options.png │ ├── screenshot_lock_myf-files-download.ru.png │ ├── web-page.bmp │ └── web-page.png ├── tools ├── CaptureBAT-Setup-2.0.0-5574.exe ├── idafree50.exe ├── malwarelu.py ├── teamCymru │ ├── SubmitTeamCymru.py │ ├── teamcymru.py │ └── transformOnMD5.py ├── virustotal.py └── yara │ ├── capabilities.yara │ ├── detect_artefact.yara │ ├── magic_number.yara │ ├── packer.yara │ └── peid_to_yara.py ├── vt_08-2012.png ├── wirenet ├── cc │ └── cc.py └── img │ ├── ida_decryptsettings.png │ ├── ida_main.png │ └── ida_readsettings.png ├── x0rb0t └── ida.png ├── xpxaxcxk ├── bin │ ├── _00330000.finalstage.mem │ ├── _00870000.mem.b64.mem │ └── _00870000.mem.b64.mem.decode ├── code │ └── backdoor.c ├── idb │ └── _00330000.finalstage.idb ├── img │ ├── ida-start-call.png │ ├── ida-sub_401284-alloc.png │ ├── ida-sub_401284-calleax.png │ ├── ida_final_code_conv.png │ ├── ida_final_code_func.png │ ├── ida_final_fct.png │ ├── ida_final_offset.png │ ├── ida_finale_code.png │ ├── olly-ZwAllocateVirtualMemory.png │ ├── olly-br-afterloop.png │ ├── olly-br-dump-00870000-2.png │ ├── olly-br-dump-00870000.png │ ├── olly-br-mem-00870000.png │ ├── olly-br-mem-00890000-MZ.png │ ├── olly-br-mem-00890000.png │ ├── olly-br-memoire1.png │ ├── olly-br-memoire2.png │ ├── olly-br-memoire3.png │ ├── olly-br-virtualalloc1-out.png │ ├── olly-br-virtualalloc1.png │ ├── olly-br-virtualalloc2.png │ ├── olly-br-virtualalloc3.png │ ├── olly-br-virtualalloc4.png │ ├── olly-br-virtualalloc5.png │ ├── olly-br-virtualprotect1.png │ ├── olly-br-virtualprotect2.png │ ├── olly-br-virtualprotect3.png │ ├── olly-calleax.png │ ├── olly-copy-byte-bin.png │ ├── olly-exec-modules.png │ ├── olly-final-dump.png │ ├── olly-final-stage.png │ ├── olly-loop-base64.png │ ├── olly-memap.png │ ├── olly-pe-full.png │ └── olly-set-br-virtualalloc.png └── yara │ └── yara.rules ├── xtreme_rat ├── code │ └── xtremerat_config.py ├── idb │ └── xtreme.idb └── img │ ├── 40B61B.png │ ├── break.png │ ├── email.png │ ├── exception.png │ ├── ida01.png │ ├── ida02.png │ ├── ida03.png │ ├── ida04.png │ └── mz.png └── zeroaccess └── maps.png /CVE-2010-3333/breakpoint_fixed.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/CVE-2010-3333/breakpoint_fixed.jpg -------------------------------------------------------------------------------- /CVE-2010-3333/crash.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/CVE-2010-3333/crash.jpg -------------------------------------------------------------------------------- /CVE-2010-3333/error.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/CVE-2010-3333/error.jpg -------------------------------------------------------------------------------- /CVE-2010-3333/grep.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/CVE-2010-3333/grep.jpg -------------------------------------------------------------------------------- /CVE-2010-3333/mona.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/CVE-2010-3333/mona.jpg -------------------------------------------------------------------------------- /CVE-2010-3333/sed.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/CVE-2010-3333/sed.jpg -------------------------------------------------------------------------------- /CVE-2010-3333/shellcode.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/CVE-2010-3333/shellcode.jpg -------------------------------------------------------------------------------- /C_Logger.NET/code/cloger7_config.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/C_Logger.NET/code/cloger7_config.py -------------------------------------------------------------------------------- /C_Logger.NET/img/EmailLogsTimer_Tick.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/C_Logger.NET/img/EmailLogsTimer_Tick.png -------------------------------------------------------------------------------- /C_Logger.NET/img/FTPCreateUpload.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/C_Logger.NET/img/FTPCreateUpload.png -------------------------------------------------------------------------------- /C_Logger.NET/img/PEID.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/C_Logger.NET/img/PEID.png -------------------------------------------------------------------------------- /C_Logger.NET/img/SaveScreenShotTimer_Tick.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/C_Logger.NET/img/SaveScreenShotTimer_Tick.png -------------------------------------------------------------------------------- /C_Logger.NET/img/fiddler.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/C_Logger.NET/img/fiddler.png -------------------------------------------------------------------------------- /C_Logger.NET/img/popup.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/C_Logger.NET/img/popup.png -------------------------------------------------------------------------------- /C_Logger.NET/img/site1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/C_Logger.NET/img/site1.png -------------------------------------------------------------------------------- /C_Logger.NET/img/site2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/C_Logger.NET/img/site2.png -------------------------------------------------------------------------------- /C_Logger.NET/img/site3.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/C_Logger.NET/img/site3.png -------------------------------------------------------------------------------- /C_Logger.NET/img/site4.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/C_Logger.NET/img/site4.png -------------------------------------------------------------------------------- /C_Logger.NET/img/site5.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/C_Logger.NET/img/site5.png -------------------------------------------------------------------------------- /C_Logger.NET/img/site6.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/C_Logger.NET/img/site6.png -------------------------------------------------------------------------------- /C_Logger.NET/img/site7.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/C_Logger.NET/img/site7.png -------------------------------------------------------------------------------- /C_Logger.NET/img/telerik.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/C_Logger.NET/img/telerik.png -------------------------------------------------------------------------------- /Dridex_config_decoder/Dridex_config_decoder.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/Dridex_config_decoder/Dridex_config_decoder.py -------------------------------------------------------------------------------- /Hancitor-decrypter/decrypt-hancitor.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/Hancitor-decrypter/decrypt-hancitor.py -------------------------------------------------------------------------------- /Karagny.L/screen-01.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/Karagny.L/screen-01.png -------------------------------------------------------------------------------- /Karagny.L/screen-02.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/Karagny.L/screen-02.png -------------------------------------------------------------------------------- /Karagny.L/screen-03.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/Karagny.L/screen-03.png -------------------------------------------------------------------------------- /Karagny.L/screen-04.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/Karagny.L/screen-04.png -------------------------------------------------------------------------------- /Karagny.L/screen-05.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/Karagny.L/screen-05.png -------------------------------------------------------------------------------- /Karagny.L/screen-06.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/Karagny.L/screen-06.png -------------------------------------------------------------------------------- /Karagny.L/screen-07.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/Karagny.L/screen-07.png -------------------------------------------------------------------------------- /Karagny.L/screen-08.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/Karagny.L/screen-08.png -------------------------------------------------------------------------------- /Necurs_Analysis/BMP_PE_Header.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/Necurs_Analysis/BMP_PE_Header.PNG -------------------------------------------------------------------------------- /Necurs_Analysis/DeviceTree.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/Necurs_Analysis/DeviceTree.png -------------------------------------------------------------------------------- /Necurs_Analysis/Immunity_C&C.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/Necurs_Analysis/Immunity_C&C.PNG -------------------------------------------------------------------------------- /Necurs_Analysis/Immunity_MZ_Header_FirstOR.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/Necurs_Analysis/Immunity_MZ_Header_FirstOR.PNG -------------------------------------------------------------------------------- /Necurs_Analysis/Immunity_MZ_Header_UnXoredUPX.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/Necurs_Analysis/Immunity_MZ_Header_UnXoredUPX.PNG -------------------------------------------------------------------------------- /Necurs_Analysis/Immunity_MZ_Header_Xored.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/Necurs_Analysis/Immunity_MZ_Header_Xored.PNG -------------------------------------------------------------------------------- /Necurs_Analysis/Immunity_XOR_Routine.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/Necurs_Analysis/Immunity_XOR_Routine.PNG -------------------------------------------------------------------------------- /Necurs_Analysis/PIMAGE_INFO_Structure.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/Necurs_Analysis/PIMAGE_INFO_Structure.png -------------------------------------------------------------------------------- /Necurs_Analysis/WindowsUltraAV.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/Necurs_Analysis/WindowsUltraAV.png -------------------------------------------------------------------------------- /Necurs_Analysis/biohazard.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/Necurs_Analysis/biohazard.png -------------------------------------------------------------------------------- /Necurs_Analysis/functionPrototype.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/Necurs_Analysis/functionPrototype.png -------------------------------------------------------------------------------- /Necurs_Analysis/immunity_Creating1st_Driver.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/Necurs_Analysis/immunity_Creating1st_Driver.PNG -------------------------------------------------------------------------------- /Necurs_Analysis/immunity_LoadImage.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/Necurs_Analysis/immunity_LoadImage.PNG -------------------------------------------------------------------------------- /Necurs_Analysis/vipcines.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/Necurs_Analysis/vipcines.png -------------------------------------------------------------------------------- /Necurs_Analysis/windbg_IoCreateSymbolicLink.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/Necurs_Analysis/windbg_IoCreateSymbolicLink.png -------------------------------------------------------------------------------- /Necurs_Analysis/windbg_Regcallback.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/Necurs_Analysis/windbg_Regcallback.png -------------------------------------------------------------------------------- /Necurs_Analysis/windbg_RegistryCallback_CMP.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/Necurs_Analysis/windbg_RegistryCallback_CMP.PNG -------------------------------------------------------------------------------- /Necurs_Analysis/windbg_RootKitRegistryConfig_callbackDeleted.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/Necurs_Analysis/windbg_RootKitRegistryConfig_callbackDeleted.png -------------------------------------------------------------------------------- /Necurs_Analysis/windbg_SSDT_Fixed.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/Necurs_Analysis/windbg_SSDT_Fixed.PNG -------------------------------------------------------------------------------- /Necurs_Analysis/windbg_chkimg_NT_.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/Necurs_Analysis/windbg_chkimg_NT_.png -------------------------------------------------------------------------------- /Necurs_Analysis/windbg_deviceCreationDisass.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/Necurs_Analysis/windbg_deviceCreationDisass.PNG -------------------------------------------------------------------------------- /Necurs_Analysis/windbg_deviceCreationDisass2.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/Necurs_Analysis/windbg_deviceCreationDisass2.PNG -------------------------------------------------------------------------------- /Necurs_Analysis/windbg_deviceCreationDisass3.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/Necurs_Analysis/windbg_deviceCreationDisass3.PNG -------------------------------------------------------------------------------- /Necurs_Analysis/windbg_deviceCreationDisass4.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/Necurs_Analysis/windbg_deviceCreationDisass4.PNG -------------------------------------------------------------------------------- /Necurs_Analysis/windbg_deviceCreationDisass6.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/Necurs_Analysis/windbg_deviceCreationDisass6.PNG -------------------------------------------------------------------------------- /Necurs_Analysis/windbg_deviceCreationDisass6_2.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/Necurs_Analysis/windbg_deviceCreationDisass6_2.PNG -------------------------------------------------------------------------------- /Necurs_Analysis/windbg_pscallback.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/Necurs_Analysis/windbg_pscallback.png -------------------------------------------------------------------------------- /Necurs_Analysis/windbg_ssdt.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/Necurs_Analysis/windbg_ssdt.png -------------------------------------------------------------------------------- /Necurs_Analysis/windbg_structureLive.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/Necurs_Analysis/windbg_structureLive.png -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/README.md -------------------------------------------------------------------------------- /autoit_ransomware/img/exe2aut_autoit.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/autoit_ransomware/img/exe2aut_autoit.png -------------------------------------------------------------------------------- /autoit_ransomware/img/ida_autoit_msgbox.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/autoit_ransomware/img/ida_autoit_msgbox.png -------------------------------------------------------------------------------- /autoit_ransomware/img/ida_isdebug.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/autoit_ransomware/img/ida_isdebug.png -------------------------------------------------------------------------------- /autoit_ransomware/img/url_start.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/autoit_ransomware/img/url_start.png -------------------------------------------------------------------------------- /autoit_ransomware/img/url_wrongpaysafecard.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/autoit_ransomware/img/url_wrongpaysafecard.png -------------------------------------------------------------------------------- /blackenergy/11.u.idb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/blackenergy/11.u.idb -------------------------------------------------------------------------------- /blackenergy/getprochash.tgz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/blackenergy/getprochash.tgz -------------------------------------------------------------------------------- /blackenergy/img/ida_call_compute_hash.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/blackenergy/img/ida_call_compute_hash.png -------------------------------------------------------------------------------- /blackenergy/img/ida_call_decode_config.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/blackenergy/img/ida_call_decode_config.png -------------------------------------------------------------------------------- /blackenergy/img/ida_call_inflate.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/blackenergy/img/ida_call_inflate.png -------------------------------------------------------------------------------- /blackenergy/img/ida_config_encrypted.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/blackenergy/img/ida_config_encrypted.png -------------------------------------------------------------------------------- /blackenergy/img/ida_encryption_loop.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/blackenergy/img/ida_encryption_loop.png -------------------------------------------------------------------------------- /blackenergy/img/ida_hash_fct.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/blackenergy/img/ida_hash_fct.png -------------------------------------------------------------------------------- /blackenergy/img/ida_hash_resolved.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/blackenergy/img/ida_hash_resolved.png -------------------------------------------------------------------------------- /blackenergy/img/ida_push_calleax.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/blackenergy/img/ida_push_calleax.png -------------------------------------------------------------------------------- /blackenergy/img/ida_rc4_init.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/blackenergy/img/ida_rc4_init.png -------------------------------------------------------------------------------- /cdorked.A/command_url_check.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/cdorked.A/command_url_check.png -------------------------------------------------------------------------------- /cdorked.A/creation_of_the_xor_key.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/cdorked.A/creation_of_the_xor_key.png -------------------------------------------------------------------------------- /cdorked.A/etag.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/cdorked.A/etag.png -------------------------------------------------------------------------------- /cdorked.A/secid.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/cdorked.A/secid.png -------------------------------------------------------------------------------- /cdorked.A/totally_legit.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/cdorked.A/totally_legit.png -------------------------------------------------------------------------------- /cdorked.A/want_backdoor.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/cdorked.A/want_backdoor.png -------------------------------------------------------------------------------- /cdorked.A/xor_with_ip.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/cdorked.A/xor_with_ip.png -------------------------------------------------------------------------------- /doublepack/code/unittest.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/doublepack/code/unittest.sh -------------------------------------------------------------------------------- /doublepack/code/unpacker.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/doublepack/code/unpacker.c -------------------------------------------------------------------------------- /doublepack/code/winnt.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/doublepack/code/winnt.h -------------------------------------------------------------------------------- /doublepack/code/yara.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/doublepack/code/yara.rules -------------------------------------------------------------------------------- /doublepack/idb/003B0000-stage2.mem: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/doublepack/idb/003B0000-stage2.mem -------------------------------------------------------------------------------- /doublepack/idb/abc113dcabb074229f7f5b74a6dbc178-stage2.idb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/doublepack/idb/abc113dcabb074229f7f5b74a6dbc178-stage2.idb -------------------------------------------------------------------------------- /doublepack/idb/abc113dcabb074229f7f5b74a6dbc178.idb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/doublepack/idb/abc113dcabb074229f7f5b74a6dbc178.idb -------------------------------------------------------------------------------- /doublepack/img/hd-pe-legit.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/doublepack/img/hd-pe-legit.png -------------------------------------------------------------------------------- /doublepack/img/ida-call-decode1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/doublepack/img/ida-call-decode1.png -------------------------------------------------------------------------------- /doublepack/img/ida-decode.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/doublepack/img/ida-decode.png -------------------------------------------------------------------------------- /doublepack/img/ida-jmp-eax.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/doublepack/img/ida-jmp-eax.png -------------------------------------------------------------------------------- /doublepack/img/ida-loading-offset.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/doublepack/img/ida-loading-offset.png -------------------------------------------------------------------------------- /doublepack/img/ida-loc_41BD14-init.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/doublepack/img/ida-loc_41BD14-init.png -------------------------------------------------------------------------------- /doublepack/img/ida-loc_41BF5A.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/doublepack/img/ida-loc_41BF5A.png -------------------------------------------------------------------------------- /doublepack/img/ida-reconstruct-loop1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/doublepack/img/ida-reconstruct-loop1.png -------------------------------------------------------------------------------- /doublepack/img/ida-stage2-start.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/doublepack/img/ida-stage2-start.png -------------------------------------------------------------------------------- /doublepack/img/img-lordpe-dump-partial.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/doublepack/img/img-lordpe-dump-partial.png -------------------------------------------------------------------------------- /doublepack/img/olly-00153A90-data.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/doublepack/img/olly-00153A90-data.png -------------------------------------------------------------------------------- /doublepack/img/olly-dmp-page.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/doublepack/img/olly-dmp-page.png -------------------------------------------------------------------------------- /doublepack/img/olly-jmp-eax.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/doublepack/img/olly-jmp-eax.png -------------------------------------------------------------------------------- /doublepack/img/olly-memory-map.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/doublepack/img/olly-memory-map.png -------------------------------------------------------------------------------- /doublepack/img/olly-stage2-loop2-out.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/doublepack/img/olly-stage2-loop2-out.png -------------------------------------------------------------------------------- /doublepack/img/olly-stage2-loop2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/doublepack/img/olly-stage2-loop2.png -------------------------------------------------------------------------------- /duqu/coderipper2.rb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/duqu/coderipper2.rb -------------------------------------------------------------------------------- /duqu/decode.401D18.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/duqu/decode.401D18.c -------------------------------------------------------------------------------- /duqu/decryptstage2.rb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/duqu/decryptstage2.rb -------------------------------------------------------------------------------- /duqu/decryptstrings.rb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/duqu/decryptstrings.rb -------------------------------------------------------------------------------- /duqu/duqu.0x5098.decrypted: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/duqu/duqu.0x5098.decrypted -------------------------------------------------------------------------------- /duqu/duqu.0x5098.idb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/duqu/duqu.0x5098.idb -------------------------------------------------------------------------------- /duqu/export.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/duqu/export.sh -------------------------------------------------------------------------------- /duqu/getfunbyhash.rb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/duqu/getfunbyhash.rb -------------------------------------------------------------------------------- /duqu/pedump/Makefile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/duqu/pedump/Makefile -------------------------------------------------------------------------------- /duqu/pedump/pedump.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/duqu/pedump/pedump.c -------------------------------------------------------------------------------- /duqu/pedump/pefile.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/duqu/pedump/pefile.c -------------------------------------------------------------------------------- /duqu/pedump/pefile.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/duqu/pedump/pefile.h -------------------------------------------------------------------------------- /duqu/pedump/pestruct.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/duqu/pedump/pestruct.h -------------------------------------------------------------------------------- /duqu/ripper.rb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/duqu/ripper.rb -------------------------------------------------------------------------------- /facebookspreader/code/decode-data.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/facebookspreader/code/decode-data.c -------------------------------------------------------------------------------- /facebookspreader/code/decode-url.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/facebookspreader/code/decode-url.py -------------------------------------------------------------------------------- /facebookspreader/idb/270c66954ed73885bc463923bb81ebff.packer.idb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/facebookspreader/idb/270c66954ed73885bc463923bb81ebff.packer.idb -------------------------------------------------------------------------------- /facebookspreader/idb/4128e7521acfac1cf25a0d02d17deef6.facebookspreader.idb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/facebookspreader/idb/4128e7521acfac1cf25a0d02d17deef6.facebookspreader.idb -------------------------------------------------------------------------------- /facebookspreader/img/debug-string.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/facebookspreader/img/debug-string.png -------------------------------------------------------------------------------- /facebookspreader/img/dump-8b0000.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/facebookspreader/img/dump-8b0000.png -------------------------------------------------------------------------------- /facebookspreader/img/ida-decode-loop.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/facebookspreader/img/ida-decode-loop.png -------------------------------------------------------------------------------- /facebookspreader/img/ida-decode-url.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/facebookspreader/img/ida-decode-url.png -------------------------------------------------------------------------------- /facebookspreader/img/ida-dword-fonctions.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/facebookspreader/img/ida-dword-fonctions.png -------------------------------------------------------------------------------- /facebookspreader/img/ida-dword-ok.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/facebookspreader/img/ida-dword-ok.png -------------------------------------------------------------------------------- /facebookspreader/img/ida-dword-references.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/facebookspreader/img/ida-dword-references.png -------------------------------------------------------------------------------- /facebookspreader/img/ida-string.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/facebookspreader/img/ida-string.png -------------------------------------------------------------------------------- /facebookspreader/img/img-ida-readurl.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/facebookspreader/img/img-ida-readurl.png -------------------------------------------------------------------------------- /facebookspreader/img/lordpe-dmp.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/facebookspreader/img/lordpe-dmp.png -------------------------------------------------------------------------------- /facebookspreader/img/ollydbg-memory-breakpoint.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/facebookspreader/img/ollydbg-memory-breakpoint.png -------------------------------------------------------------------------------- /facebookspreader/img/ollydbg-memory-write.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/facebookspreader/img/ollydbg-memory-write.png -------------------------------------------------------------------------------- /herpnet/code/decode-all.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/herpnet/code/decode-all.py -------------------------------------------------------------------------------- /herpnet/code/decode.rb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/herpnet/code/decode.rb -------------------------------------------------------------------------------- /herpnet/extract/Herpes.tgz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/herpnet/extract/Herpes.tgz -------------------------------------------------------------------------------- /herpnet/idb/db6779d497cb5e22697106e26eebfaa8.idb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/herpnet/idb/db6779d497cb5e22697106e26eebfaa8.idb -------------------------------------------------------------------------------- /herpnet/img/PtPVDrKD.jpeg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/herpnet/img/PtPVDrKD.jpeg -------------------------------------------------------------------------------- /herpnet/img/bot_info.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/herpnet/img/bot_info.png -------------------------------------------------------------------------------- /herpnet/img/fb.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/herpnet/img/fb.png -------------------------------------------------------------------------------- /herpnet/img/ida_build_req_call.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/herpnet/img/ida_build_req_call.png -------------------------------------------------------------------------------- /herpnet/img/ida_buildreq.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/herpnet/img/ida_buildreq.png -------------------------------------------------------------------------------- /herpnet/img/ida_decode_loop.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/herpnet/img/ida_decode_loop.png -------------------------------------------------------------------------------- /herpnet/img/ida_doreq_useragent.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/herpnet/img/ida_doreq_useragent.png -------------------------------------------------------------------------------- /herpnet/img/ida_initthread.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/herpnet/img/ida_initthread.png -------------------------------------------------------------------------------- /herpnet/img/ida_initvariable.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/herpnet/img/ida_initvariable.png -------------------------------------------------------------------------------- /herpnet/img/ida_winmain.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/herpnet/img/ida_winmain.png -------------------------------------------------------------------------------- /herpnet/img/login.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/herpnet/img/login.png -------------------------------------------------------------------------------- /herpnet/img/option.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/herpnet/img/option.png -------------------------------------------------------------------------------- /herpnet/img/panel.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/herpnet/img/panel.png -------------------------------------------------------------------------------- /herpnet/img/picasa.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/herpnet/img/picasa.png -------------------------------------------------------------------------------- /herpnet/img/real.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/herpnet/img/real.png -------------------------------------------------------------------------------- /herpnet/img/repo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/herpnet/img/repo.png -------------------------------------------------------------------------------- /herpnet/img/task.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/herpnet/img/task.png -------------------------------------------------------------------------------- /herpnet/img/twitter.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/herpnet/img/twitter.png -------------------------------------------------------------------------------- /presentation/ndh2k12/Analysis_and_pownage_of_a_botnet.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/presentation/ndh2k12/Analysis_and_pownage_of_a_botnet.pdf -------------------------------------------------------------------------------- /presentation/ndh2k12/Initiation_reverse.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/presentation/ndh2k12/Initiation_reverse.pdf -------------------------------------------------------------------------------- /presentation/pses2012/Initiation_reverse.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/presentation/pses2012/Initiation_reverse.pdf -------------------------------------------------------------------------------- /presentation/rmll2012/Conference.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/presentation/rmll2012/Conference.pdf -------------------------------------------------------------------------------- /presentation/rmll2012/workshop.tgz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/presentation/rmll2012/workshop.tgz -------------------------------------------------------------------------------- /rannoh/decompress_rannoh.tgz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/rannoh/decompress_rannoh.tgz -------------------------------------------------------------------------------- /rannoh/extract_pic.tgz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/rannoh/extract_pic.tgz -------------------------------------------------------------------------------- /rannoh/img/ida_call_initpic.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/rannoh/img/ida_call_initpic.png -------------------------------------------------------------------------------- /rannoh/img/ida_decompress_call.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/rannoh/img/ida_decompress_call.png -------------------------------------------------------------------------------- /rannoh/img/ida_decompress_len.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/rannoh/img/ida_decompress_len.png -------------------------------------------------------------------------------- /rannoh/img/ida_dwimgavailable.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/rannoh/img/ida_dwimgavailable.png -------------------------------------------------------------------------------- /rannoh/img/ida_entry_function.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/rannoh/img/ida_entry_function.png -------------------------------------------------------------------------------- /rannoh/img/ida_entry_function_clean.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/rannoh/img/ida_entry_function_clean.png -------------------------------------------------------------------------------- /rannoh/img/ida_setimgpointer.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/rannoh/img/ida_setimgpointer.png -------------------------------------------------------------------------------- /rannoh/img/image_0.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/rannoh/img/image_0.png -------------------------------------------------------------------------------- /rannoh/img/image_1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/rannoh/img/image_1.png -------------------------------------------------------------------------------- /rannoh/img/image_2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/rannoh/img/image_2.png -------------------------------------------------------------------------------- /rannoh/img/image_3.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/rannoh/img/image_3.png -------------------------------------------------------------------------------- /rannoh/img/img_calldecodeimg.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/rannoh/img/img_calldecodeimg.png -------------------------------------------------------------------------------- /ransom_india/img/ollydbg_bp_writeprocess.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/ransom_india/img/ollydbg_bp_writeprocess.png -------------------------------------------------------------------------------- /ransom_india/img/ollydbg_dump.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/ransom_india/img/ollydbg_dump.png -------------------------------------------------------------------------------- /ransom_india/img/ollydbg_execmod.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/ransom_india/img/ollydbg_execmod.png -------------------------------------------------------------------------------- /ransom_india/img/ollydbg_kernel32_bp.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/ransom_india/img/ollydbg_kernel32_bp.png -------------------------------------------------------------------------------- /ransom_india/img/ollydbg_lock.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/ransom_india/img/ollydbg_lock.png -------------------------------------------------------------------------------- /ransom_india/img/ollydbg_options.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/ransom_india/img/ollydbg_options.png -------------------------------------------------------------------------------- /ransom_india/img/ollydbg_run.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/ransom_india/img/ollydbg_run.png -------------------------------------------------------------------------------- /ransom_russia/img/ollydbg_bp_writeprocess.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/ransom_russia/img/ollydbg_bp_writeprocess.png -------------------------------------------------------------------------------- /ransom_russia/img/ollydbg_dump.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/ransom_russia/img/ollydbg_dump.png -------------------------------------------------------------------------------- /ransom_russia/img/ollydbg_execmod.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/ransom_russia/img/ollydbg_execmod.png -------------------------------------------------------------------------------- /ransom_russia/img/ollydbg_kernel32_bp.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/ransom_russia/img/ollydbg_kernel32_bp.png -------------------------------------------------------------------------------- /ransom_russia/img/ollydbg_lock.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/ransom_russia/img/ollydbg_lock.png -------------------------------------------------------------------------------- /ransom_russia/img/ollydbg_options.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/ransom_russia/img/ollydbg_options.png -------------------------------------------------------------------------------- /ransom_russia/img/ollydbg_run.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/ransom_russia/img/ollydbg_run.png -------------------------------------------------------------------------------- /redoctober/ida/red.idb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/redoctober/ida/red.idb -------------------------------------------------------------------------------- /redoctober/img/copy_sc_msmc21.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/redoctober/img/copy_sc_msmc21.png -------------------------------------------------------------------------------- /redoctober/img/createfile1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/redoctober/img/createfile1.png -------------------------------------------------------------------------------- /redoctober/img/createfile2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/redoctober/img/createfile2.png -------------------------------------------------------------------------------- /redoctober/img/createfile3.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/redoctober/img/createfile3.png -------------------------------------------------------------------------------- /redoctober/img/mz_final_msmx21.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/redoctober/img/mz_final_msmx21.png -------------------------------------------------------------------------------- /redoctober/img/part3-1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/redoctober/img/part3-1.png -------------------------------------------------------------------------------- /redoctober/img/part3-2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/redoctober/img/part3-2.png -------------------------------------------------------------------------------- /redoctober/img/part3-3.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/redoctober/img/part3-3.png -------------------------------------------------------------------------------- /redoctober/img/part3-4.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/redoctober/img/part3-4.png -------------------------------------------------------------------------------- /redoctober/img/part3-5.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/redoctober/img/part3-5.png -------------------------------------------------------------------------------- /redoctober/img/part3-6.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/redoctober/img/part3-6.png -------------------------------------------------------------------------------- /redoctober/img/part3-7.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/redoctober/img/part3-7.png -------------------------------------------------------------------------------- /redoctober/img/part3-8.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/redoctober/img/part3-8.png -------------------------------------------------------------------------------- /redoctober/img/part3-9.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/redoctober/img/part3-9.png -------------------------------------------------------------------------------- /redoctober/img/rc4-1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/redoctober/img/rc4-1.png -------------------------------------------------------------------------------- /redoctober/img/rc4-2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/redoctober/img/rc4-2.png -------------------------------------------------------------------------------- /redoctober/img/stage_1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/redoctober/img/stage_1.png -------------------------------------------------------------------------------- /redoctober/img/stage_2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/redoctober/img/stage_2.png -------------------------------------------------------------------------------- /redoctober/img/stage_3.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/redoctober/img/stage_3.png -------------------------------------------------------------------------------- /redoctober/img/virtualalloc_msmc21.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/redoctober/img/virtualalloc_msmc21.png -------------------------------------------------------------------------------- /redoctober/img/writefile1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/redoctober/img/writefile1.png -------------------------------------------------------------------------------- /redoctober/img/writefile2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/redoctober/img/writefile2.png -------------------------------------------------------------------------------- /redoctober/img/zlib.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/redoctober/img/zlib.png -------------------------------------------------------------------------------- /redoctober/yara/red_october.yr: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/redoctober/yara/red_october.yr -------------------------------------------------------------------------------- /ripper/ripper.rb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/ripper/ripper.rb -------------------------------------------------------------------------------- /script_gdb_flame/img/installgdbwin.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/script_gdb_flame/img/installgdbwin.png -------------------------------------------------------------------------------- /script_gdb_flame/img/listaddrmov.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/script_gdb_flame/img/listaddrmov.png -------------------------------------------------------------------------------- /script_gdb_flame/img/listaddrpush.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/script_gdb_flame/img/listaddrpush.png -------------------------------------------------------------------------------- /script_gdb_flame/img/lordPEcharacteristics.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/script_gdb_flame/img/lordPEcharacteristics.png -------------------------------------------------------------------------------- /script_gdb_flame/img/staticanalysis.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/script_gdb_flame/img/staticanalysis.png -------------------------------------------------------------------------------- /script_gdb_flame/pkg/gdb-6.8-2.tar.bz2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/script_gdb_flame/pkg/gdb-6.8-2.tar.bz2 -------------------------------------------------------------------------------- /tobfy/idb/e1387d35d3d0b59eb9eb68f08598cb67-patched.idb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/tobfy/idb/e1387d35d3d0b59eb9eb68f08598cb67-patched.idb -------------------------------------------------------------------------------- /tobfy/img/ida_decode_func.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/tobfy/img/ida_decode_func.png -------------------------------------------------------------------------------- /tobfy/img/ida_decode_strings.bmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/tobfy/img/ida_decode_strings.bmp -------------------------------------------------------------------------------- /tobfy/img/ida_decode_strings.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/tobfy/img/ida_decode_strings.png -------------------------------------------------------------------------------- /tobfy/img/ida_decoded.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/tobfy/img/ida_decoded.png -------------------------------------------------------------------------------- /tobfy/img/ida_decrypt_bin.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/tobfy/img/ida_decrypt_bin.png -------------------------------------------------------------------------------- /tobfy/img/ida_encoded.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/tobfy/img/ida_encoded.png -------------------------------------------------------------------------------- /tobfy/img/ida_encoded_strings.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/tobfy/img/ida_encoded_strings.png -------------------------------------------------------------------------------- /tobfy/img/ida_injection.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/tobfy/img/ida_injection.png -------------------------------------------------------------------------------- /tobfy/img/olly_bp_writeprocess.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/tobfy/img/olly_bp_writeprocess.png -------------------------------------------------------------------------------- /tobfy/img/olly_mz.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/tobfy/img/olly_mz.png -------------------------------------------------------------------------------- /tobfy/img/olly_options.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/tobfy/img/olly_options.png -------------------------------------------------------------------------------- /tobfy/img/screenshot_lock_myf-files-download.ru.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/tobfy/img/screenshot_lock_myf-files-download.ru.png -------------------------------------------------------------------------------- /tobfy/img/web-page.bmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/tobfy/img/web-page.bmp -------------------------------------------------------------------------------- /tobfy/img/web-page.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/tobfy/img/web-page.png -------------------------------------------------------------------------------- /tools/CaptureBAT-Setup-2.0.0-5574.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/tools/CaptureBAT-Setup-2.0.0-5574.exe -------------------------------------------------------------------------------- /tools/idafree50.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/tools/idafree50.exe -------------------------------------------------------------------------------- /tools/malwarelu.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/tools/malwarelu.py -------------------------------------------------------------------------------- /tools/teamCymru/SubmitTeamCymru.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/tools/teamCymru/SubmitTeamCymru.py -------------------------------------------------------------------------------- /tools/teamCymru/teamcymru.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/tools/teamCymru/teamcymru.py -------------------------------------------------------------------------------- /tools/teamCymru/transformOnMD5.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/tools/teamCymru/transformOnMD5.py -------------------------------------------------------------------------------- /tools/virustotal.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/tools/virustotal.py -------------------------------------------------------------------------------- /tools/yara/capabilities.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/tools/yara/capabilities.yara -------------------------------------------------------------------------------- /tools/yara/detect_artefact.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/tools/yara/detect_artefact.yara -------------------------------------------------------------------------------- /tools/yara/magic_number.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/tools/yara/magic_number.yara -------------------------------------------------------------------------------- /tools/yara/packer.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/tools/yara/packer.yara -------------------------------------------------------------------------------- /tools/yara/peid_to_yara.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/tools/yara/peid_to_yara.py -------------------------------------------------------------------------------- /vt_08-2012.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/vt_08-2012.png -------------------------------------------------------------------------------- /wirenet/cc/cc.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/wirenet/cc/cc.py -------------------------------------------------------------------------------- /wirenet/img/ida_decryptsettings.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/wirenet/img/ida_decryptsettings.png -------------------------------------------------------------------------------- /wirenet/img/ida_main.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/wirenet/img/ida_main.png -------------------------------------------------------------------------------- /wirenet/img/ida_readsettings.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/wirenet/img/ida_readsettings.png -------------------------------------------------------------------------------- /x0rb0t/ida.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/x0rb0t/ida.png -------------------------------------------------------------------------------- /xpxaxcxk/bin/_00330000.finalstage.mem: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/xpxaxcxk/bin/_00330000.finalstage.mem -------------------------------------------------------------------------------- /xpxaxcxk/bin/_00870000.mem.b64.mem: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/xpxaxcxk/bin/_00870000.mem.b64.mem -------------------------------------------------------------------------------- /xpxaxcxk/bin/_00870000.mem.b64.mem.decode: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/xpxaxcxk/bin/_00870000.mem.b64.mem.decode -------------------------------------------------------------------------------- /xpxaxcxk/code/backdoor.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/xpxaxcxk/code/backdoor.c -------------------------------------------------------------------------------- /xpxaxcxk/idb/_00330000.finalstage.idb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/xpxaxcxk/idb/_00330000.finalstage.idb -------------------------------------------------------------------------------- /xpxaxcxk/img/ida-start-call.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/xpxaxcxk/img/ida-start-call.png -------------------------------------------------------------------------------- /xpxaxcxk/img/ida-sub_401284-alloc.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/xpxaxcxk/img/ida-sub_401284-alloc.png -------------------------------------------------------------------------------- /xpxaxcxk/img/ida-sub_401284-calleax.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/xpxaxcxk/img/ida-sub_401284-calleax.png -------------------------------------------------------------------------------- /xpxaxcxk/img/ida_final_code_conv.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/xpxaxcxk/img/ida_final_code_conv.png -------------------------------------------------------------------------------- /xpxaxcxk/img/ida_final_code_func.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/xpxaxcxk/img/ida_final_code_func.png -------------------------------------------------------------------------------- /xpxaxcxk/img/ida_final_fct.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/xpxaxcxk/img/ida_final_fct.png -------------------------------------------------------------------------------- /xpxaxcxk/img/ida_final_offset.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/xpxaxcxk/img/ida_final_offset.png -------------------------------------------------------------------------------- /xpxaxcxk/img/ida_finale_code.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/xpxaxcxk/img/ida_finale_code.png -------------------------------------------------------------------------------- /xpxaxcxk/img/olly-ZwAllocateVirtualMemory.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/xpxaxcxk/img/olly-ZwAllocateVirtualMemory.png -------------------------------------------------------------------------------- /xpxaxcxk/img/olly-br-afterloop.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/xpxaxcxk/img/olly-br-afterloop.png -------------------------------------------------------------------------------- /xpxaxcxk/img/olly-br-dump-00870000-2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/xpxaxcxk/img/olly-br-dump-00870000-2.png -------------------------------------------------------------------------------- /xpxaxcxk/img/olly-br-dump-00870000.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/xpxaxcxk/img/olly-br-dump-00870000.png -------------------------------------------------------------------------------- /xpxaxcxk/img/olly-br-mem-00870000.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/xpxaxcxk/img/olly-br-mem-00870000.png -------------------------------------------------------------------------------- /xpxaxcxk/img/olly-br-mem-00890000-MZ.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/xpxaxcxk/img/olly-br-mem-00890000-MZ.png -------------------------------------------------------------------------------- /xpxaxcxk/img/olly-br-mem-00890000.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/xpxaxcxk/img/olly-br-mem-00890000.png -------------------------------------------------------------------------------- /xpxaxcxk/img/olly-br-memoire1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/xpxaxcxk/img/olly-br-memoire1.png -------------------------------------------------------------------------------- /xpxaxcxk/img/olly-br-memoire2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/xpxaxcxk/img/olly-br-memoire2.png -------------------------------------------------------------------------------- /xpxaxcxk/img/olly-br-memoire3.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/xpxaxcxk/img/olly-br-memoire3.png -------------------------------------------------------------------------------- /xpxaxcxk/img/olly-br-virtualalloc1-out.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/xpxaxcxk/img/olly-br-virtualalloc1-out.png -------------------------------------------------------------------------------- /xpxaxcxk/img/olly-br-virtualalloc1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/xpxaxcxk/img/olly-br-virtualalloc1.png -------------------------------------------------------------------------------- /xpxaxcxk/img/olly-br-virtualalloc2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/xpxaxcxk/img/olly-br-virtualalloc2.png -------------------------------------------------------------------------------- /xpxaxcxk/img/olly-br-virtualalloc3.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/xpxaxcxk/img/olly-br-virtualalloc3.png -------------------------------------------------------------------------------- /xpxaxcxk/img/olly-br-virtualalloc4.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/xpxaxcxk/img/olly-br-virtualalloc4.png -------------------------------------------------------------------------------- /xpxaxcxk/img/olly-br-virtualalloc5.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/xpxaxcxk/img/olly-br-virtualalloc5.png -------------------------------------------------------------------------------- /xpxaxcxk/img/olly-br-virtualprotect1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/xpxaxcxk/img/olly-br-virtualprotect1.png -------------------------------------------------------------------------------- /xpxaxcxk/img/olly-br-virtualprotect2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/xpxaxcxk/img/olly-br-virtualprotect2.png -------------------------------------------------------------------------------- /xpxaxcxk/img/olly-br-virtualprotect3.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/xpxaxcxk/img/olly-br-virtualprotect3.png -------------------------------------------------------------------------------- /xpxaxcxk/img/olly-calleax.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/xpxaxcxk/img/olly-calleax.png -------------------------------------------------------------------------------- /xpxaxcxk/img/olly-copy-byte-bin.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/xpxaxcxk/img/olly-copy-byte-bin.png -------------------------------------------------------------------------------- /xpxaxcxk/img/olly-exec-modules.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/xpxaxcxk/img/olly-exec-modules.png -------------------------------------------------------------------------------- /xpxaxcxk/img/olly-final-dump.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/xpxaxcxk/img/olly-final-dump.png -------------------------------------------------------------------------------- /xpxaxcxk/img/olly-final-stage.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/xpxaxcxk/img/olly-final-stage.png -------------------------------------------------------------------------------- /xpxaxcxk/img/olly-loop-base64.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/xpxaxcxk/img/olly-loop-base64.png -------------------------------------------------------------------------------- /xpxaxcxk/img/olly-memap.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/xpxaxcxk/img/olly-memap.png -------------------------------------------------------------------------------- /xpxaxcxk/img/olly-pe-full.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/xpxaxcxk/img/olly-pe-full.png -------------------------------------------------------------------------------- /xpxaxcxk/img/olly-set-br-virtualalloc.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/xpxaxcxk/img/olly-set-br-virtualalloc.png -------------------------------------------------------------------------------- /xpxaxcxk/yara/yara.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/xpxaxcxk/yara/yara.rules -------------------------------------------------------------------------------- /xtreme_rat/code/xtremerat_config.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/xtreme_rat/code/xtremerat_config.py -------------------------------------------------------------------------------- /xtreme_rat/idb/xtreme.idb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/xtreme_rat/idb/xtreme.idb -------------------------------------------------------------------------------- /xtreme_rat/img/40B61B.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/xtreme_rat/img/40B61B.png -------------------------------------------------------------------------------- /xtreme_rat/img/break.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/xtreme_rat/img/break.png -------------------------------------------------------------------------------- /xtreme_rat/img/email.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/xtreme_rat/img/email.png -------------------------------------------------------------------------------- /xtreme_rat/img/exception.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/xtreme_rat/img/exception.png -------------------------------------------------------------------------------- /xtreme_rat/img/ida01.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/xtreme_rat/img/ida01.png -------------------------------------------------------------------------------- /xtreme_rat/img/ida02.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/xtreme_rat/img/ida02.png -------------------------------------------------------------------------------- /xtreme_rat/img/ida03.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/xtreme_rat/img/ida03.png -------------------------------------------------------------------------------- /xtreme_rat/img/ida04.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/xtreme_rat/img/ida04.png -------------------------------------------------------------------------------- /xtreme_rat/img/mz.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/xtreme_rat/img/mz.png -------------------------------------------------------------------------------- /zeroaccess/maps.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MalwareLu/malware-lu/HEAD/zeroaccess/maps.png --------------------------------------------------------------------------------