Im going to start a new thing for every infected thread , ASSUMING it has the clean BINs binded to it
I will reupload the the Content but the CLEAN Version.
Now it wont always be possible as some dont have the Binded Bins or are just plain out all infected
This Sample was Binded as a Windows .CAB or Cabinet File Upon Extraction you will get the Infected Bins and Non Infected Bins
Once Executed , Select option "1" enter a Random key
Once Greeted with the Logo Screen click Enter.
===========================================================
Downloads
===========================================================
Zippyshare
AnonFiles
MirrorAce
MultiUp
REAL VT Bin Scan:
https://www.virustot...41ddfa207177ad5
Clown of the Day Spreading the Coin Miner Malware goes to:
SpoilerFull Analysis ON the INFECTED version
~ "WEXTRACT.exe" is the original file name
~ Description "Internet Explorer" (spoofed file details)
~ Its a Cabinet file so when extracting it now gives us two EXEs (Brw0C.exe) & (GANG.exe)
~ Gang.exe seems to be legit "Brw0C.exe" is not , it is also 700+ mb
~ Uses MPRESS packer
~ Runs as Admin executes Powershell
~ Drops files in the %AppData% Roaming Folder under "WindowsElements" folder
~ Files Dropped "Kapow.zip" , "DesktopSessionManager.exe" , "AntimalwareService.exe"
~ In the "Kapow" folder it has a file called "GPUMonitor.exe"
Bin Scans:
Spoiler
thank you