Cookies help us display personalized product recommendations and ensure you have great shopping experience.

By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
SmartData CollectiveSmartData Collective
  • Analytics
    AnalyticsShow More
    unusual trading activity
    Signal Or Noise? A Decision Tree For Evaluating Unusual Trading Activity
    3 Min Read
    software developer using ai
    How Data Analytics Helps Developers Deliver Better Tech Services
    8 Min Read
    ai for stock trading
    Can Data Analytics Help Investors Outperform Warren Buffett
    9 Min Read
    media monitoring
    Signals In The Noise: Using Media Monitoring To Manage Negative Publicity
    5 Min Read
    data analytics
    How Data Analytics Can Help You Construct A Financial Weather Map
    4 Min Read
  • Big Data
  • BI
  • Exclusive
  • IT
  • Marketing
  • Software
Search
© 2008-25 SmartData Collective. All Rights Reserved.
Reading: Virtumondo/Virtumundo – virus hunt, continued
Share
Notification
Font ResizerAa
SmartData CollectiveSmartData Collective
Font ResizerAa
Search
  • About
  • Help
  • Privacy
Follow US
© 2008-23 SmartData Collective. All Rights Reserved.
SmartData Collective > Uncategorized > Virtumondo/Virtumundo – virus hunt, continued
Uncategorized

Virtumondo/Virtumundo – virus hunt, continued

Editor SDC
Editor SDC
3 Min Read
SHARE

I couldn’t remove this virus. I might if I had the system CD, so that I could start up without starting the logon process (virus uses winlogon notifiers). Here is, however, some information in case people want to pursue this:

Functionality is in a dll named “__c00*.dat”, where the star is a number in hexadecimal format and

MD5=6717D534A44C9913FFFE9985EE7E933F:

More Read

Intoxicated by the possibility of making mediocrity hard to sustain (#100ppl)
Managed Services: Freeing Corporate IT for Business Strategies
A Turker’s Got To Know His Limitations
And now something completely different: brain simulation
Working with Greatness: The Processes Behind the Production
  • It “calls home” to “nx1.zappoworld.com”, which is based in the Netherlands.
  • Error output from the file can be found in “c:\xcrashdump.dat”
  • Files it hooks on are:
    • iexplore.exe
    • explorer.exe
    • services.exe
    • winlogon.exe
    • firefox.exe
    • opera.exe
  • Functionality includes
    • HttpSendRequestA (call home)
    • CreateWindowExA (show information)
    • SetWindowsHookExA (log stuff, I suspect key logging)
    • UrlDownloadFileA (download more stuff to update it self, maybe)
    • CreateMutex (I guess so that only one instance runs)
    • WriteProcessMemory (don’t know, looks evil)
    • GetProcAddress (load what ever functionality from dlls, I couldn’t find LoadLibrary, however)
    • CreateRemoteThread (looks bad)
    • Process Management and file management
    • Registry functions
    • String handling, both from shell api and native, both ANSI and UNICODE
    • SetSecurityDescriptorDacl

MD5=69FEB378121DB99F80E15D597EC60124

  • Lingvo9…



I couldn’t remove this virus. I might if I had the system CD, so that I could start up without starting the logon process (virus uses winlogon notifiers). Here is, however, some information in case people want to pursue this:

Functionality is in a dll named “__c00*.dat”, where the star is a number in hexadecimal format and

MD5=6717D534A44C9913FFFE9985EE7E933F:

  • It “calls home” to “nx1.zappoworld.com”, which is based in the Netherlands.
  • Error output from the file can be found in “c:\xcrashdump.dat”
  • Files it hooks on are:
    • iexplore.exe
    • explorer.exe
    • services.exe
    • winlogon.exe
    • firefox.exe
    • opera.exe
  • Functionality includes
    • HttpSendRequestA (call home)
    • CreateWindowExA (show information)
    • SetWindowsHookExA (log stuff, I suspect key logging)
    • UrlDownloadFileA (download more stuff to update it self, maybe)
    • CreateMutex (I guess so that only one instance runs)
    • WriteProcessMemory (don’t know, looks evil)
    • GetProcAddress (load what ever functionality from dlls, I couldn’t find LoadLibrary, however)
    • CreateRemoteThread (looks bad)
    • Process Management and file management
    • Registry functions
    • String handling, both from shell api and native, both ANSI and UNICODE
    • SetSecurityDescriptorDacl

MD5=69FEB378121DB99F80E15D597EC60124

  • Lingvo9Netpatch from 2003
  • LocalAlloc and VirtualAlloc (memory allocation functions without their freeing counterparts) #”¤#””¤ memory leaks?
  • OpenFile
  • C-runtime functions
  • Looks sloppy written
  • Not detected by any virus scanners I’ve tried!

 

Analysis done with FileAlyzer.

So, I’m off to support so they can wipe my machine. ¤#”%”#”!%”#¤@work.

Zappoworld.com…
Flashget.com catch url…

BTW, I found a nice hosts file at: http://mvps.org/winhelp2002/hosts.htm, http://mvps.org/winhelp2002/hosts.txt

Share This Article
Facebook Pinterest LinkedIn
Share

Follow us on Facebook

Latest News

ai driven task management
Reducing “Work About Work” with AI Task Managers
Artificial Intelligence Exclusive
data center uptime
Why Rodent-Resistant Conduits Are Critical for Data Center Uptime
Big Data Data Management Exclusive Risk Management
big data and AI
The Intersection of Big Data and AI in Project Management
Artificial Intelligence Big Data Exclusive
data migration risk prevention
Best Approach to Risk Management for Data Migration in Data-Driven Businesses
Big Data Data Management Exclusive Risk Management

Stay Connected

1.2KFollowersLike
33.7KFollowersFollow
222FollowersPin

You Might also Like

How Businesses Should Adapt to the Consumerization of IT

5 Min Read

Why No Regulation of Offshoring: Untangling the Gap Between Rhetoric and Action

9 Min Read

CDISC: The Road Ahead

4 Min Read

Real-world batch versus real-world real-time

0 Min Read

SmartData Collective is one of the largest & trusted community covering technical content about Big Data, BI, Cloud, Analytics, Artificial Intelligence, IoT & more.

ai is improving the safety of cars
From Bolts to Bots: How AI Is Fortifying the Automotive Industry
Artificial Intelligence
AI chatbots
AI Chatbots Can Help Retailers Convert Live Broadcast Viewers into Sales!
Chatbots

Quick Link

  • About
  • Contact
  • Privacy
Follow US
© 2008-25 SmartData Collective. All Rights Reserved.
Welcome Back!

Sign in to your account

Username or Email Address
Password

Lost your password?