A forum for reverse engineering, OS internals and malware analysis 

Winnti samples

Forum for completed malware requests.

Winnti samples

 #26201  by former33t
 Mon Jun 29, 2015 2:38 am
I'm looking for the winnti samples in the Kaspersky report here:
https://securelist.com/blog/research/70 ... -are-over/

8e61219b18d36748ce956099277cc29b – Backdoor.Win64.Winnti.gy
5979cf5018c03be2524b87b7dda64a1a – Backdoor.Win64.Winnti.gf
ac9b247691b1036a1cdb4aaf37bea97f – Rootkit.Win64.Winnti.ai

and/or related files in the comments sections:
b8ffea5aa357e8bac5efc03f8e202292
80f37df0d062fa4ddaace213c2883da5

Does anyone have these? Thanks!

Re: Winnti samples

 #26203  by TETYYSs
 Mon Jun 29, 2015 7:49 am
MD5: b8ffea5aa357e8bac5efc03f8e202292
SHA1: 48f2da6aeaef0cc342ea4bf9ff20aa8bfcde9872
SHA256: 7c09b14a34114e5b6861530ac19ab1aaadf9e8c9a7fbbde96542c21175b094e0

MD5: 80f37df0d062fa4ddaace213c2883da5
SHA-1: 1b6fd3c2dc457fe85f76b79f9f1a040bf3d234d5
SHA256: 6b347be5b776700468332608084ed1477312a276e8c87f189bdfd006d5ef33b3
Attachments
infected
(368.91 KiB) Downloaded 58 times

Re: Winnti samples

 #26222  by Xylitol
 Wed Jul 01, 2015 5:42 pm
5979cf5018c03be2524b87b7dda64a1a & 8e61219b18d36748ce956099277cc29b in attachement.
Can't find ac9b247691b1036a1cdb4aaf37bea97f, so i attached two files based on KL detection (Rootkit.Win64.Winnti.ai)
ecc7f180d438663185466a9783bd0790
68fd2aa16f3b4597cbd446676fade3eb
Attachments
infected
(67.5 KiB) Downloaded 52 times
infected
(397.58 KiB) Downloaded 52 times
 Return to “Completed Malware Requests”