About contagio exchange

CONTAGIO EXCHANGE Contagio exchange was created to absorb malware samples shared by readers of Contagio. This is meant to be a community driven malware collection.
Edit Aug 2013 - The community is busy and Mila too so this was not a very active site (my fault probably) so I will be just dumping malware strings here - it often helps in malware identification and googling is the best way.
With just strings, not exactly a fun blog to read but might become s useful resource over time.
I will not be posting samples here, just md5. You can find the corresponding samples on contagio or ping me if you can't find
M
P.S. Robot pictures delivered by Robohash.com (generated from file hashes)

Monday, August 12, 2013

Citadel 1.3.5.1 strings - CRIME (2)

File: Citadel1.3.5.1_296DA66E2F5239F9AF433C1EFBCDC079
MD5:  296da66e2f5239f9af433c1efbcdc079
Size: 276992







Ascii Strings:
---------------------------------------------------------------------------
!This program cannot be run in DOS mode.
Rich
UPX0
UPX1
.rsrc
3.09
UPX!
SVB^|
hY[3
H^_u
----------------------------------snip
baXK
WVLQ
`_V]
rqjc
zzt<
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
    <security>
      <requestedPrivileges>
        <requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
      </requestedPrivileges>
    </security>
  </trustInfo>
</assembly>PA
KERNEL32.DLL
ADVAPI32.dll
COMCTL32.dll
COMDLG32.dll
USER32.dll
LoadLibraryA
GetProcAddress
VirtualProtect
VirtualAlloc
VirtualFree
ExitProcess
StartTraceA
PrintDlgA
SetFocus

Unicode Strings:
---------------------------------------------------------------------------
VS_VERSION_INFO
StringFileInfo
100c04b0
CompanyName
EA Swiss-Digital LLC
FileDescription
Data Layered Background Broker
FileVersion
8.0.1.1
InternalName
dlbro
LegalCopyright
Copyright (C) 2005-2013 - EA Swiss-Digital LLC
OriginalFilename
dlbro.exe
ProductName
Data Layered Background Broker
ProductVersion
8.0.1.1
VarFileInfo
Translation