Alina 3 4 POS Malware

Alina 3 4 POS Malware


The malware come from: http://vxvault.siri-urz.net/ViriFiche.php?ID=23179
Hosted on the site of a deputy.

GetPCname:

Create a mutex:

Create /%appdata%/java.exe
If the malware cant he will try with different name (jusched.exe, jucheck.exe, desktop.exe, dwm.exe, win-firewall.exe, adobeflash.exe)
If all names are take and in read only mode the malware is trapped on infinit loop :)))

Write the file:

and if he fail to write he will Copy it:

Add a registry persistence:

Launch the process:

Encode something (ive not checked what)

Call the C&C

And fail because the first is dead, so retry with 208.98.63.228
Backend info:
208.98.63.228:
OrgName: Sharktech
OrgId: SHARK-7
Address: 100 Pinehurst Ct.
City: Missoula
StateProv: MT
PostalCode: 59803
Country: US

http://xxx.98.63.228/main.php
http://xxx.98.63.228/info.php
http://xxx.98.63.228/test.php
http://xxx.98.63.228/test2.php
http://xxx.98.63.228/api.php
http://xxx.98.63.228/config.php
http://xxx.98.63.228/autoupdate.php
http://xxx.98.63.228/404.html
http://xxx.98.63.228/wordpress/admin.php
http://xxx.98.63.228/forum/admin.php
http://xxx.98.63.228/blog/admin.php
http://xxx.98.63.228/blog/export.php
http://xxx.98.63.228/blog/config.php
http://xxx.98.63.228/blog/front/stats.php
http://xxx.98.63.228/blog/front/cards.php
http://xxx.98.63.228/blog/front/settings.php
http://xxx.98.63.228/blog/front/logs.php


This one is cool because coder leaved comments for each action...

I tried to trigger it to send data but ive not succeeded yet.
I will see the rest later.
Alina is interesting ive found many version: http://www.kernelmode.info/forum/viewtopic.php?f=16&t=1756&start=40#p18008
Still ive not checked these files for the moment, i dont know differences.

download file now

Popular posts from this blog

All Samsung ADB Enable Files for Removing Security FRP August 2017

All Samsung ADB Enable Files for Removing Security FRP August 2017 All Samsung ADB Enable Files for Removing Security FRP ENABLE_ADB_SAM A310F ENABLE_ADB_SAM A510F ENABLE_ADB_SAM A510Y ENABLE_ADB_SAM A710F ENABLE_ADB_SAM A710Y ENABLE_ADB_SAM A910F ENABLE_ADB_SAM B350E ENABLE_ADB_SAM G120F ENABLE_ADB_SAM G398F ENABLE_ADB_SAM G510G ENABLE_ADB_SAM G600F ENABLE_ADB_SAM G903F ENABLE_ADB_SAM G920P ENABLE_ADB_SAM G928F ENABLE_ADB_SAM G928G ENABLE_ADB_SAM G930F ENABLE_ADB_SAM G935F ENABLE_ADB_SAM J105 ENABLE_ADB_SAM J105H ENABLE_ADB_SAM J120F ENABLE_ADB_SAM J200H ENABLE_ADB_SAM J320F ENABLE_ADB_SAM J320P ENABLE_ADB_SAM J320Y ENABLE_ADB_SAM J510F ENABLE_ADB_SAM J510H ENABLE_ADB_SAM J700H ENABLE_ADB_SAM J710F ENABLE_ADB_SAM J710G ENABLE_ADB_SAM N930F ENABLE_ADB_SAM R350 ENABLE_ADB_SAM T580 ENABLE_ADB_SAM T585 ENABLE_ADB_SAM T677D ENABLE_ADB_SAM T813 ENABLE...
Read more

ALBUM TECH N9NE – DOMINION DELUXE VERSION FLAC

Image
ALBUM TECH N9NE – DOMINION DELUXE VERSION FLAC TECH N9NE DROP A NEW SONG TITLED DOMINION. Stream And  �Listen Dominion� � Tech N9ne� �Download Mp3� 320kbps Descarger Torrent CDQ Itunes Song Below Tracklist: 01. Intro (Skit) 02. Drama (feat. Krizz Kaliko) 03. Casket Music (feat. Wrekonize & CES Cru) 04. Put Em On (feat. Stevie Stone & Darrein Safron) 05. Wheels Like Hill 06. Nevermind Me (feat. Stevie Stone, Mackenzie Nicole & Krizz Kaliko) 07. Deevil Cookies (Skit) 08. Some Good (feat. JL) 09. Reloaded (feat. Darrein Safron & Godemis) 10. Bacon (feat. Brotha Lynch Hung, Godemis & MURS) 11. Shoe Game (feat. Mackenzie Nicole & Krizz Kaliko) 12. The Answer (feat. CES Cru & Krizz Kaliko) 13. Salute (feat. �MAYDAY! & MURS) 14. Fish in a Pita (feat. Krizz Kaliko) 15. Mo� Ammo (feat. Rittz & MURS) 16. Stone Interviews (Skit) 17. Lowdown (feat. Darrein Safron & Ubiquitous) 18. Morning Till the Nightfall (feat. Rittz, Wreckonize & Krizz ...
Read more