strings for new SpyEye - Vol-users - volatilityfoundation.org

strings for new SpyEye

Userhandles

Re: [Vol-users] stings input file...

Mike Lambert

29 Feb 2012 29 Feb '12

12:24 p.m.

Does anyone have any strings unique for the new SpyEye mentioned in this article? http://redtape.msnbc.msn.com/_news/2012/01/06/9986119-new-virus-raids-your-… If you have a memory image with this trojan, could you share it with me? Mike Lambert michael-lambert.us

Attachments:

attachment.html (text/html — 689 bytes)

Reply

Show replies by date

Jamie Levy

29 Feb 29 Feb

12:32 p.m.

MHL put up a SpyEye memory sample on the FAQ wiki (http://code.google.com/p/volatility/wiki/FAQ#Are_there_any_public_memory_sa…) earlier that might be of interest: http://code.google.com/p/malwarecookbook/source/browse/trunk/spyeye.vmem.zip On Wed, Feb 29, 2012 at 12:24 PM, Mike Lambert <dragonforen(a)hotmail.com> wrote:

Does anyone have any strings unique for the new SpyEye mentioned in this article? http://redtape.msnbc.msn.com/_news/2012/01/06/9986119-new-virus-raids-your-… If you have a memory image with this trojan, could you share it with me? Mike Lambert michael-lambert.us _______________________________________________ Vol-users mailing list Vol-users(a)volatilityfoundation.org http://lists.volatilityfoundation.org/mailman/listinfo/vol-users

-- PGP Fingerprint: 2E87 17A1 EC10 1E3E 11D3 64C2 196B 2AB5 27A4 AC92

Reply

Mike Lambert

1:43 p.m.

New subject: strings for new SpyEye written about on Jan 6, 2012

Thanks, I will take a look at that one. I have several images of disks/memorys of tests with (what the scanners call) Spyeye and Zeus. I can compare them. The malware scanners don't use a common naming scheme which confuses things. Question to MHL, what criteria or marker do you use to classify SpyEye, Zues and Silent Banker? And, if you have a criteria to identify the new version in the article below, I would love to know what it is. Best, Mike

Date: Wed, 29 Feb 2012 12:32:16 -0500 Subject: Re: [Vol-users] strings for new SpyEye From: jamie.levy(a)gmail.com To: dragonforen(a)hotmail.com CC: vol-users(a)volatilityfoundation.org MHL put up a SpyEye memory sample on the FAQ wiki (http://code.google.com/p/volatility/wiki/FAQ#Are_there_any_public_memory_sa…) earlier that might be of interest: http://code.google.com/p/malwarecookbook/source/browse/trunk/spyeye.vmem.zip On Wed, Feb 29, 2012 at 12:24 PM, Mike Lambert <dragonforen(a)hotmail.com> wrote:

Does anyone have any strings unique for the new SpyEye mentioned in this article? http://redtape.msnbc.msn.com/_news/2012/01/06/9986119-new-virus-raids-your-… If you have a memory image with this trojan, could you share it with me? Mike Lambert michael-lambert.us _______________________________________________ Vol-users mailing list Vol-users(a)volatilityfoundation.org http://lists.volatilityfoundation.org/mailman/listinfo/vol-users

-- PGP Fingerprint: 2E87 17A1 EC10 1E3E 11D3 64C2 196B 2AB5 27A4 AC92

Reply

4642

days inactive

4642

days old

vol-users@lists.volatilityfoundation.org

Manage subscription

2 comments

2 participants

tags (0)

participants (2)

Jamie Levy
Mike Lambert