About contagio exchange

CONTAGIO EXCHANGE Contagio exchange was created to absorb malware samples shared by readers of Contagio. This is meant to be a community driven malware collection.
Edit Aug 2013 - The community is busy and Mila too so this was not a very active site (my fault probably) so I will be just dumping malware strings here - it often helps in malware identification and googling is the best way.
With just strings, not exactly a fun blog to read but might become s useful resource over time.
I will not be posting samples here, just md5. You can find the corresponding samples on contagio or ping me if you can't find
M
P.S. Robot pictures delivered by Robohash.com (generated from file hashes)

Saturday, August 10, 2013

BunituB-Proxy strings - CRIME

File: BunituB-Proxy_A725B21C1F9D24ADA97564F3F152CF50
MD5:  a725b21c1f9d24ada97564f3f152cf50
Size: 16896





Ascii Strings:
---------------------------------------------------------------------------
!This program cannot be run in DOS mode.
.text
.rdata
@.data
.rsrc
@.reloc
#G#G
3g*U
/_&M
#G#G
/_'O
#G#G
7o(Q
'O%K
;w*U
/_&M
#G#G
/_'O
#G#G
3g'O
#G$I
3g'O
'O$I
7o(Q
PQUXY]KP
SVWR
Z_^[
Rns1.folkerj3.co.uk
!h<'
It19B
W QR
3u 3
_PQh
_PQh
WSVh&,
D8%f
Ph='
BR1GCA-XL14GDE-HBIMA
mandfrep
nabled:
SPGTWARE\Microsoft\Windows NT\CurrentVersion\Vinlogon\Notify\lebniva
Start
SYSTEz\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\
@tEHPh|
f=//t
</tM<:t
QhN5
@tHHPhL
FAosg#kmns9.folkerj3.co.uk
Ki^ON)-T11ns6.folkerj3.co.uk
Ph9/
cnvfat.dll
lebniva.dll
AZ_^
PPhp=
,$`u
il32
Ph<c
:*:EZSV
MAhC{
.Ph<c
PTZ]
VWS3
F<a|
LoadLibraryA
KERNEL32.dll
WS2_32.dll
RtlGetAce
ntdll.dll
lebniva.dll
lebniva
zvoerterw.dll
kernel32
advapi32
ws2_32
wrrr/1.0 200 OK
 unknown
<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
<assemblyIdentity
name='Microsoft.Windows.MyCoolApp'
processorArchitecture='x86'
version='1.0.0.0'
type='win32'/>
<description>Birtel</description>
<dependency>
<dependentAssembly>
<assemblyIdentity
type='win32'
name='Microsoft.Windows.Common-Controls'
version='6.0.0.0'
processorArchitecture='x86'
publicKeyToken='6595b64144ccf1df'
language='*'
</dependentAssembly>
</dependency>
</assembly>
7y7~7
768F8^8d8P9
9W:`:r:{:
;O;[;f;r;
;4<g<}<1=
>1>A>L>Q>Y>`>h>q>~>
)0M0X0e0w0}0
2'353A3O3[3f3l3t3
3(444
7D7Q7X7
7[8d8l8
9(9:9@9O9j9q9{9
:!:&:+:1:7:=:C:I:N:Y:c:i:r:x:~:
;!;';-;3;G;O;U;\;e;n;t;
<#<)<1<7<><K<P<\<i<s<
<[=b=j=
>!>&>2>9>M>R>l>t>z>
?6???E?K?Q?W?p?
1$1*10161<1B1H1

Unicode Strings:
---------------------------------------------------------------------------
BRITT
SWERTYO
Serif