| Email address | private |
|---|---|
| Website | malvuln.com |
| First Active | 2021-01-04 |
| Last Active | 2024-05-09 |
Backdoor.Win32.Winshell.5_0 malware suffers from a hardcoded credential vulnerability.
201d48fd8e208d4a8f0f5fe13f6ea04030c8b92edf569417c28e11967d421e3bTrojan.Win32.Autoit.fhj malware suffers from an insecure permissions vulnerability.
0f6155ea2513333fd3502daa57841369a525497799193023cf1e190924b6beefThe BlueSky Win32.Ransom.BlueSky ransomware looks for and executes arbitrary DLLs in its current working directory. Therefore, we can hijack a DLL, execute our own code, and control and terminate the malware pre-encryption. The exploit DLL checks if the current directory is "C:\Windows\System32" and if not we grab our own process ID and terminate. All basic tests were conducted successfully in a virtual machine environment.
89d2bd5ff16cd696ea9036900183536f0e04110cc01f816bc6a135cd810e99bbBackdoor.Win32.Guptachar.20 malware suffers from an insecure credential storage vulnerability.
e3369625a4e3f23a7d0dca07bf0660807db452941c0e93d8a5ede6f3641451dcBackdoor.Win32.Bushtrommel.122 malware suffers from an unauthenticated remote command execution vulnerability.
cf89785b492c836d6c244e6fc3290bceee66fd68edf28a7400e7d2792d8b6e34Backdoor.Win32.Bushtrommel.122 malware suffers from an authentication bypass vulnerability.
d7fc922486275581f2cf458522575af4443622981bf09a3aaadddd603ff38990Backdoor.Win32.Jokerdoor malware suffers from a buffer overflow vulnerability.
b1a0f0eda16637855c7124025a9bba474d285060035c7ace064b81d352be6595Backdoor.Win32.Destrukor.20 malware suffers from an unauthenticated remote command execution vulnerability.
b2929297a27431a955030b6a10960d07ffdcbdeb69b274c81b62bcbd3f78ab50Backdoor.Win32.Destrukor.20 malware suffers from authentication bypass and code execution vulnerabilities.
094948131e62030329dfa1f6e0d5cc98ee61866dcecf381f4a6aa14f046758b4Backdoor.Win32.Eclipse.h malware suffers from a hardcoded credential vulnerability.
cb80773c5ec99bb1c8f84021a4d97f89b467aa36feac244444c08a628a4e0d51Builder XtremeRAT malware version 3.7 suffers from an insecure cryptography implementation vulnerability that allows an attacker to login with only partial knowledge of a secret.
64afc70b38c5684f21216d5ed8e39c73acbe6348ff91c93e3ee63365a41f1707Builder XtremeRAT malware version 3.7 suffers from an insecure permissions vulnerability.
ef90ca2ab92a13d6e33b94fee625bc1e804dce16d6f7434e1b00204cd73cf811Backdoor.Win32.HoneyPot.a malware suffers from a weak hardcoded password vulnerability.
fdde865ffe948d481838603a00c0516a0d9f4a63ff58349bf3b6ddeb98e2b35bLockbit version 3.0 ransomware looks for and executes DLLs in its current directory. Therefore, we can hijack a DLL, in this case "RstrtMgr.dll", execute our own code, and terminate the malware pre-encryption. The exploit DLL checks if the current directory is "C:\Windows\System32" and if not we grab our process ID and terminate. All basic tests were conducted successfully in a virtual machine environment.
a8a36c8b61552ab9f3cad6eb0046a944604dace1c03fa5782e607d1933f5f017Lockbit ransomware version 3.0 apparently now requires a password to execute as noted by "@vxunderground", but does not properly check bounds for both the -pass and -k arguments. Supplying a long string of characters for either flag will trigger a unicode stack buffer overflow overwriting the ECX register and structured exception handler (SEH).
06a133f3bc4006162df18df2401be464873b516bcdfcc7cac2c75f2ef63c8d53Backdoor.Win32.Coredoor.10.a malware suffers from an authentication bypass vulnerability.
055d74c98fd4886a4ab9e17cd07e71ac4ac4ad467f97fde9461333c1c7f00d4bBackdoor.Win32.EvilGoat.b malware suffers from a hardcoded credential vulnerability.
19ef0671c05c0afcf2c8bf3c081a0188020bbea1b901243ff9829edcb89199ffBackdoor.Win32.Cafeini.b malware suffers from a hardcoded credential vulnerability.
214a018ddc8a2c372d96a47976e8c26f81dd4d2ccb905c570b6443c8eca58854Backdoor.Win32.InfecDoor.17.c malware suffers from an insecure permissions vulnerability.
3d83874665d92c5753ea0f979739fbb96e5a47c3ff77657f79b68a13a96e6218Trojan-Mailfinder.Win32.VB.p malware suffers from an insecure permissions vulnerability.
eccb9f610544b46bcdf27fabac4f1f936099cd8c6b21232d4171889d289f6dd4Backdoor.Win32.Shark.btu malware suffers from an insecure permissions vulnerability.
c655d4e022fcaf26fe0ab1bc5057626705455cfc787337ad8df95d9c1fca1f2fYashma Ransomware Builder version 1.2 malware suffers from an insecure permissions vulnerability.
2958cbdc74819764ad9679c607c3aa49b36ad14d86fb437d927a14ccf2c14229Backdoor.Win32.Cabrotor.10.d malware suffers from an unauthenticated remote command execution vulnerability.
781c3249eb6aa36f7b01597bb27d91c8d79a40805368b694be3b50761acdfb32Haron ransomware looks for and executes DLLs in its current directory. Therefore, we can potentially hijack a DLL to execute our own code and control and terminate the malware pre-encryption. The exploit DLL will check if the current directory is "C:\Windows\System32" and if not we grab our process ID and terminate. We do not need to rely on hash signatures or third-party products as the malware's own flaw will do the work for us. Endpoint protection systems and or antivirus can potentially be killed prior to executing malware, but this method cannot as there's nothing to kill the DLL that just lives on disk waiting. From a defensive perspective you can add the DLLs to a specific network share containing important data as a layered approach. All basic tests were conducted successfully in a virtual machine environment.
a7bd8f153e57e54fb1756517560dc5963dec37175fe2367abb498be3cb192cc2Trojan-Proxy.Win32.Symbab.o malware suffers from a heap corruption vulnerability.
d87eadfc59cb93da41ff57f425f1d203ea3db932253b3a8c23cde42e7b31c47c
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed