tag:blogger.com,1999:blog-7885177434994542510.post1891665175070024838..comments2024-02-18T03:42:38.869-05:00Comments on contagio: DarkMegi rootkit - sample (distributed via Blackhole)Milahttp://www.blogger.com/profile/09472209631979859691noreply@blogger.comBlogger2125tag:blogger.com,1999:blog-7885177434994542510.post-87448609686420917272012-04-19T15:53:15.722-04:002012-04-19T15:53:15.722-04:00A CreateFile on C:\Windows\System32\com32.dll retu...A CreateFile on C:\Windows\System32\com32.dll return (0x00000002) The system cannot find the file specified.<br /><br />FindFirstFile seem to be working.<br /><br />But a GetFileAttributes return FILE_ATTRIBUTE_ARCHIVE <br /><br />It will not fool antirootkit that parse ntfs and compare with api.<br />:)f3e7xxxhttps://www.blogger.com/profile/03316057826218939971noreply@blogger.comtag:blogger.com,1999:blog-7885177434994542510.post-73212508784916383852012-04-19T05:18:37.870-04:002012-04-19T05:18:37.870-04:00Sample Mila =) MD5:6c8f9658a390c24a9f4551dc150639...Sample Mila =) MD5:6c8f9658a390c24a9f4551dc15063927<br />com32.sys<br />https://www.virustotal.com/file/c6483c1d66f9301dd531a732d739c70616ae486d62a0068a6e812c7f244fe295/analysis/1334825301/<br />MD5:5f8022f7fbe17cd815261bcb848b1d9e<br />com32.dll<br />https://www.virustotal.com/file/9b7fbdb740b772e4f87f5428a093dd31ff656163f8807a4cfc2bf418b93dce06/analysis/1334825338/<br />MD5:6e2297863d3d10ae40bd1c0499545f10Vitalikhttps://www.blogger.com/profile/06241385020009722457noreply@blogger.com