About contagio exchange

CONTAGIO EXCHANGE Contagio exchange was created to absorb malware samples shared by readers of Contagio. This is meant to be a community driven malware collection.
Edit Aug 2013 - The community is busy and Mila too so this was not a very active site (my fault probably) so I will be just dumping malware strings here - it often helps in malware identification and googling is the best way.
With just strings, not exactly a fun blog to read but might become s useful resource over time.
I will not be posting samples here, just md5. You can find the corresponding samples on contagio or ping me if you can't find
M
P.S. Robot pictures delivered by Robohash.com (generated from file hashes)

Saturday, August 10, 2013

Ardamax Keylogger strings - CRIME

File: ArdamaxKeylogger_E33AF9E602CBB7AC3634C2608150DD18
MD5:  e33af9e602cbb7ac3634c2608150dd18
Size: 802724





Ascii Strings:
---------------------------------------------------------------------------
SrXF
1Rich
.text
`.rdata
@.data
.rsrc
SVWh
SrXFt
X_^[
~$+~8YY
W9^4t
W$YY
G0_^[
W$YY3
F8PWV
F0WV
Ht<Ht*H
V(9U
G(+G$+C
W0VW
;O(u
W0VW
W0VW
9W,t!
P$YY
G0X_^[
SVW3
9~ u
F H2@
~(9~$u
F$X2@
X_^[
X_^][
V$YY
]hVW3
]TAX9|
B;Uhr
MPA;
E(@P
E,9EX
;Els
;E(s"
;E(r
u@H#
Ed;L
HN#u@;t
Ed9}P
E0;E8
9}dt
_^[]
=@d@
Ph8d@
G0SQ
9F0u
G0SQ
=\d@
hXd@
h\d@
%x@@
h0C@
hSVW
hv4@
5Dd@
>"u:F
XPVSS
%t@@
%p@@
%d@@
%D@@
%\@@
%`@@
sfx_main
invalid bit length repeat
too many length or distance symbols
invalid stored block lengths
invalid block type
invalid literal/length code
invalid distance code
need dictionary
incorrect data check
incorrect header check
invalid window size
unknown compression method
incomplete dynamic bit lengths tree
oversubscribed dynamic bit lengths tree
incomplete literal/length tree
oversubscribed literal/length tree
incompatible version
buffer error
insufficient memory
data error
stream error
file error
stream end
free
??3@YAXPAX@Z
_wcsdup
??2@YAPAXI@Z
_itow
memset
memcpy
exit
calloc
??1type_info@@UAE@XZ
MSVCRT.dll
__dllonexit
_onexit
_exit
_XcptFilter
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
GetProcAddress
LoadLibraryW
ReadFile
WriteFile
DeleteFileW
FreeLibrary
GetTempFileNameW
CloseHandle
SetFilePointer
CreateFileW
GetModuleFileNameW
GetModuleHandleW
GetTempPathW
GetModuleHandleA
GetStartupInfoA
KERNEL32.dll
MessageBoxW
USER32.dll
.?AVILoader@@
.?AVCLoader@@
.?AV?$CStreamDecompress@VCWin32FileReader@@VCWin32FileWriter@@VCStreamSimpleCallback@@@@
.?AVtype_info@@
wwwwp
wwwwwwwwwxwwp
wwwwww
wwwwww
wwwwwwwp
W_L[e
[2yp&fS3
s6kDI$1
o7u-{
q0N`%
DW4[
zC\@
:!X3
~ZQc
!,Ee
|rV+
CJ"A
kK\Q
BSt8


---------------------snip snip

Unicode Strings:
---------------------------------------------------------------------------
0Failed to init.
Error: