HelpMe.exe malware

VirusTotal:  SHA256 – 9ff1c8e6d80ebf5626714362cbc55a53ba17038e841773d24fdc018891adb52e Tools used for analysis: Ollydbg, WireShark, PEExplorer, I started debugging using Ollydbg. The first warning I received is “Module ‘AutoRUN_’ has entry point outside the code (as specified in the PE header). Maybe this file is self-extracting or self-modifying. Please keep it in mind when setting breakpoints!” The executable file extracts HelpMe.exe file and… Read More HelpMe.exe malware

SmartConnect.exe Malware

VirusTtoal — SHA-256 — 7c3e2a38dcacc3246409151ecdf283814611a8f9d98ed0e5996fb2615adc2cc2 I pulled the request for malware sample from Malshare for analysis and renamed the file with .exe extension. Tools I used: Ollydbg, WireShark, PEExplorer, I downloaded malware sample, opened in PE explorer, and found resource information Before I start debugginh, I extracted the malware executable file using 7-zip. There were… Read More SmartConnect.exe Malware