End of the year presents:
This is a sample of Hikit rootkit
Aug 2012
Related News and Analysis:
The “Hikit” Rootkit: Advanced and Persistent Attack Techniques (Part 1) - Mandiant
Aug 2012
Related News and Analysis:
The “Hikit” Rootkit: Advanced and Persistent Attack Techniques (Part 1) - Mandiant
Download
Download Hikit_oci.zip . (Email me if you need the password scheme - see profile for email)
sample credit anonymous and https://twitter.com/codelancer/status/237887048177041409
sample credit anonymous and https://twitter.com/codelancer/status/237887048177041409
Files
File: oci.dll
MD5: d3fb2b78fd7815878a70eac35f2945df
Automatic scans
SHA256: aa4b2b448a5e246888304be51ef9a65a11a53bab7899bc1b56e4fc20e1b1fd9f
SHA1: 8d6292bd0abaaf3cf8c162d8c6bf7ec16a5ffba7
MD5: d3fb2b78fd7815878a70eac35f2945df
File size: 256.5 KB ( 262656 bytes )
File type: Win32 DLL
Detection ratio: 36 / 46
Analysis date: 2012-12-07 03:23:27 UTC ( 1 minute ago )
00
Additional information
Antivirus Result Update
Agnitum Trojan.Hiki!QpyVN4Y1r88 20121206
AhnLab-V3 Win-Trojan/Ascesso.262656 20121206
AntiVir TR/Agent.262656.33 20121207
Antiy-AVL - 20121204
Avast Win32:Hikit-B [Rtk] 20121207
AVG BackDoor.Agent.ARQT 20121207
BitDefender Trojan.Generic.KDV.705176 20121206
ByteHero - 20121130
CAT-QuickHeal Trojan.Hiki.a 20121206
ClamAV - 20121207
Commtouch - 20121206
Comodo UnclassifiedMalware 20121206
DrWeb - 20121207
Emsisoft Trojan.Win32.Hiki.AMN (A) 20121207
eSafe Win32.Trojan 20121205
ESET-NOD32 Win32/Hikit.A 20121206
F-Prot - 20121206
F-Secure Trojan.Generic.KDV.705176 20121207
Fortinet W32/Dx.BCV4!tr 20121207
GData Trojan.Generic.KDV.705176 20121207
Ikarus Trojan.Win32.Hiki 20121207
Jiangmin Trojan/Hiki.a 20121206
K7AntiVirus Trojan 20121206
Kaspersky Trojan.Win32.Hiki.a 20121206
Kingsoft Win32.Troj.Hiki.a.(kcloud) 20121206
Malwarebytes - 20121207
McAfee Generic.dx!bcv4 20121207
McAfee-GW-Edition Generic.dx!bcv4 20121207
Microsoft Backdoor:Win32/Hikiti.gen!A 20121207
MicroWorld-eScan Trojan.Generic.KDV.705176 20121206
NANO-Antivirus Trojan.Win32.Hiki.wweio 20121207
Norman W32/Troj_Generic.DOLAK 20121206
nProtect Trojan.Generic.KDV.705176 20121207
Panda Trj/CI.A 20121206
PCTools Backdoor.Hikit 20121207
Sophos Troj/PWS-BZI 20121207
Symantec Backdoor.Hikit 20121207
TheHacker Trojan/Hiki.a 20121207
TrendMicro BKDR_HIKIT.A 20121207
TrendMicro-HouseCall BKDR_HIKIT.A 20121207
VBA32 Trojan.Hiki.a 20121205
VIPRE Trojan.Win32.Generic!BT 20121206
ViRobot Trojan.Win32.A.Hiki.262656 20121206
Mila, any chance you may have gotten a sample for the tor botnet (https://community.rapid7.com/community/infosec/blog/2012/12/06/skynet-a-tor-powered-botnet-straight-from-reddit)?
ReplyDelete