Trojan Win32 Tobfy M Affiliate

Trojan Win32 Tobfy M Affiliate


Came across a Tobfy sample today, things was interesting so here is a post.
I will skip the reversing part: im a bit bored to take 50 screenshots and go step by step about whats do the M version of Tobfy. (this winlock is very primitive and relatively easy to understand)
So, lets go directly to the C&C part.

French landing when loaded (buggy IP retrieving, and geoloc):
� dns: 1 �� ip: 91.226.212.174 - adresse: HKKPOGMPG.POLEXT-FREEHOST.RU
� dns: 1 �� ip: 91.226.212.174 - adresse: AREKOV.COM


Login:
Registration:

News:

Statistics:

Checks:

Links/EXE (39090a097cfbe4ab766317e5f3d74b53):

Rules:

Affiliate stats:
(Ignore the admin account, its also made by me)

Affiliate Checks:


Some samples took from the server:
http://www.kernelmode.info/forum/viewtopic.php?f=16&t=2214&start=10#p19581

Im a bit unaware about Tobfy but that the first time i see this one on affiliate system.

download file now

Comments

Post a Comment

Popular posts from this blog

Top 3 Custom Contact Us Form Widgets for Blogger

Image
Top 3 Custom Contact Us Form Widgets for Blogger Adding Contact Form 1. Log in to Blogger dashboard than go to "Layout" > "Add Widget". 2. Click on "More Widget" below "Basic" Tab on left Side. 3. Add "Contact Form" Widget Hiding Contact Form from Slidebar 1. Go to "Theme" click on "Edit HTML". 2. Click Anywhere & Press "CTRL + F" from "Keyboard" and a Search Box Will be Opened. 3. Paste the Below Code to Find it 4. Paste the Below Code Just Above the Tag (You Search in Last Step) #ContactForm1{display: none !important;} 5. Then Click on "Save Template" Adding Custom Contact Form 1. Go to "Pages" create a new page by click "New Page" 2. Give it any Title you like i.e "Contact Us" or "Contact" etc 3. Click on the "Options" from Right Sidebar & click on "Dont Allow" and "Done" 4. Now, Below there are 3 Custom ...
Read more

Redshift challenge in Seyferts Sextet

Image
Redshift challenge in Seyferts Sextet Seyferts Sextet image NOAO The National Optical Astronomy Observatory (NOAO)  site tells about the image: "This picture was taken at the Kitt Peak National Observatory s 2.1-meter telescope in July of 1998, as part of the KPNO Research Experiences for Undergraduates program, sponsored by the National Science Foundation . North is up, east is to the left." The accompanying image shows labeling and redshifts expressed in speeds km/s. While most redshifts in the sextet are in the range 4017 km/s - 4482 km/s there is one odd galaxy in the center with the speed of 19813 km/s. This is another story, altogether. Image NOAO Always ready for new adventures in Science, arent we! "Five of the members show very similar redshifts, from 4000 to 4500 km/s, while the fifth is measured at nearly 20000 km/s. Conventional wisdom argues that this is a chance projection of a distant background galaxy: some would have otherwise and require a complete reth...
Read more

Transistor 80 Analog Percussion Module Eurorack Demo 1

Image
Transistor 80 Analog Percussion Module Eurorack Demo 1 The Transistor-80 is an analog percussion module I designed as a lo-fi incarnation of those transistor-based CR- DR- and TRs from the circa 1980 era. It is thump-y, hiss-y, and it has those click-y pops and bacon sizzle sounds. Sports 3 sounds: Bass Drum, Snare Drum, and Hats. Bass has a tone control that controls the amount of sub frequency (you may hear a slight boom if youre wearing headphones) the other two sounds have decay controls. It has individual volume knobs for each sound, and a single output jack for the mix. In this video I am feeding trigger gates from the Malekko Varigate 4, and recording output directly to Tascam DR-5. If youre interested in hearing more check out a track on Soundcloud I made using the Transistor-80. https://soundcloud.com/gstormelectro/transistor-80 More modules will be built completely by hand in small numbers, including PCB and face plate. Further details and availability can be found on Modular...
Read more