About contagio exchange

CONTAGIO EXCHANGE Contagio exchange was created to absorb malware samples shared by readers of Contagio. This is meant to be a community driven malware collection.
Edit Aug 2013 - The community is busy and Mila too so this was not a very active site (my fault probably) so I will be just dumping malware strings here - it often helps in malware identification and googling is the best way.
With just strings, not exactly a fun blog to read but might become s useful resource over time.
I will not be posting samples here, just md5. You can find the corresponding samples on contagio or ping me if you can't find
M
P.S. Robot pictures delivered by Robohash.com (generated from file hashes)

Saturday, August 10, 2013

BunituB-Proxy strings - CRIME (3)

robohash

File: BunituB-Proxy_BC22DE23FB07EE9E3C02DD1D2B3E52B3
MD5:  bc22de23fb07ee9e3c02dd1d2b3e52b3
Size: 73728






Ascii Strings:
---------------------------------------------------------------------------
!This program cannot be run in DOS mode.
.text
.rdata
@.data
.reloc
PUX]KP
SVWR
Z_^[
hW^Y
Rns1.triohappy.co.uk
It19B
W QR
3u 3
_PQh
_PQh
WSVh
D8%f
zlaopfha
BNO1P-ACCW7ER-ZFDFGE
nabled:
SPGTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\frumtel
Start
SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\
@tEHPh|
Qhk0
f=//t
</tM<:t
@tHHPhL
rt$&68ytdf4rjns3.triohappy.co.uk
Kim?Fs2GRmT5ns5.triohappy.co.uk
cnvfat.dll
frumtel.dll
AZ_^
,$Wu
il32
Ph\c
:*:EZSV
Ahc{
.Ph\c
XZRQj
VWS3
F<a|
CreateThread
GetProcessHeaps
LoadLibraryW
KERNEL32.dll
WS2_32.dll
frumtel.dll
frumtel
zjorncgui.dll
wrrr/1.0 200 OK
c0de 404
5k6t6
6B7v7
8"8(8
9I9P9]9c94:=:H:^:w:
:&;2;I;p;w;
;*<5<
>">/>6>>>F>M>S>X>c>l>w>
0)0/0>0V0]0g0
1<2P2h2n2
3&3,343I3]3q3
6(7S7\7m7v7
:9:@:J:r:z:
;1;Q;Y;`;f;k;x;
<'<7<B<O<
='=C=K=S=
>.>Y>j>y>
;0R0X0^0d0j0p0v0|0

Unicode Strings:
---------------------------------------------------------------------------
kernel32
advapi32
ws2_32