Thursday, May 14, 2009

got it ? - trying to analyze mebroot (torpig) - part 0.4

It's been discovered using an alias for mebroot (sinowal) as search keyword.
So trying to retrieve one of the latest it was been discovered the following:

md5: 0xba1f006b05e898c0e4a61458cd981870
or
md5: 0x53d03e99cfbfaa0df3695c27b2b5f364

URL:hxxp://----------.----/cgi-bin/index.cgi?ECVCEzzEZzZZsZrZZMzClEkuuMZEZZZZZZZZZMMkVkuukZZZZzZkZlZZZZZZZZzOZ

At this time the URL , like a fast bulk place, doesn't provide anything.

Feedback are welcome.

No comments:

Post a Comment