Trojan dropper bdf243b7a296f7aecc366c799e3fb865e 3aff7c72d8d942e2b2632a347fe5c3

SHA256: bdf243b7a296f7aecc366c799e3fb865ee3aff7c72d8d942e2b2632a347fe5c3 I downloaded this sample from Malshare. I started decoding PE hex to text file and found that the PE file has embedded another file which will be dropped on execution. Filename: help.exe SHA256: 837bef64239be017a2aac92852576efc7d84774d90f64e9d69c5cc3a2b4ecce4 It also drops Autoexec.bat.exe file and Autoexec.exe files at C:\ location. (But it didn’t drop these files instead it… Read More Trojan dropper bdf243b7a296f7aecc366c799e3fb865e 3aff7c72d8d942e2b2632a347fe5c3

HelpMe.exe malware

VirusTotal:  SHA256 – 9ff1c8e6d80ebf5626714362cbc55a53ba17038e841773d24fdc018891adb52e Tools used for analysis: Ollydbg, WireShark, PEExplorer, I started debugging using Ollydbg. The first warning I received is “Module ‘AutoRUN_’ has entry point outside the code (as specified in the PE header). Maybe this file is self-extracting or self-modifying. Please keep it in mind when setting breakpoints!” The executable file extracts HelpMe.exe file and… Read More HelpMe.exe malware