malwarefor.memalwarefor.me

malwarefor.me Profile

malwarefor.me

Title:malwarefor.me

Description:Analysis of malware, malicious network traffic, and everything in between

Keywords:

Discover malwarefor.me website stats, rating, details and status online. Read and write reviews or vote to improve it ranking. Check alliedvsaxis duplicates with related css, domain relations, most used words, social networks references. Find out where is server located. Use our online tools to find owner and admin contact info. Go to regular site

malwarefor.me Information

Website / Domain: malwarefor.me
Website IP Address: 104.131.149.192
Domain DNS Server: ns2.digitalocean.com,ns3.digitalocean.com,ns1.digitalocean.com

malwarefor.me Rank

Alexa Rank: 5023420
OursSite Rank: 2
Google Page Rank: 0/10 (Google Pagerank Has Been Closed)

malwarefor.me Traffic & Earnings

Purchase/Sale Value: $4,011
Daily Revenue: $10
Monthly Revenue: $329
Yearly Revenue: $4,011
Daily Unique Visitors: 1,011
Monthly Unique Visitors: 30,330
Yearly Unique Visitors: 369,015

malwarefor.me WebSite Httpheader

StatusCode 200
Cache-Control public, max-age=0
Content-Type text/html; charset=utf-8
Date Thu, 19 Oct 2017 14:52:59 GMT
Server nginx/1.4.6 (Ubuntu)

malwarefor.me Keywords accounting

Keyword Count Percentage

malwarefor.me Similar Website

Domain WebSite Title
urbansantosha.com Urban Santosha | Personalized attention in a small setting
redspropertynetwork.co.za RENTAL APARTMENTS SANDTON JOHANNESBURG ACCOMMODATION REDS PROPERTY NETWORK SOUTH AFRICA
karibuadventure.com Karibu Adventure - Africa Safari, Kilimanjaro Climbs, Kilimanjaro Trekking
stellerconcrete.com Steller Concrete
humansinspace.org The Human Adventures in Space Exploration | A Look at Humanity Reaching for the Stars
pontustextil.cz ?aty. Pestrá nabídka spole?enskych, svatebních ?at?, kostym? na plesy a jiné spole?enské události.
tgv.ch Thurgauer Gewerbeverband TGV | Startseite
mr-auction.com Mr. Auction
jungwacht-weinfelden.ch Home - Jungwacht Weinfelden
reitermusik-elgg.ch Reitermusik Elgg
marhabachlef.com ::: MARHABA CHLEF :::
musikverein-weinfelden.ch Musikverein Weinfelden
clearfacelaserclinic.com Clear Face Laser Clinic – ??? ??? ??? ???
fashionago.com Well Come... | International World Fashion
welcomehiringworks.com Welcome Hiring Works | Home
littledownrailway.co.uk B&DSME : Bournemouth & District Society of Model Engineers
integratedengrs.com Integrated Engineers
denclothing.co.uk Den Clothing Company Limited | Officially Licensed Merchandise | 100% Awesome

malwarefor.me Traffic Sources Chart

malwarefor.me Alexa Rank History Chart

malwarefor.me aleax

malwarefor.me Html To Plain Text

malwarefor.me Latest Post Browse Posts About Tutorials RSS 2016-05-24 - zCrypt Ransomware Published May 24th 2016 by Jack zCrypt Ransomware Overview I didn't find this one, but haven't noticed anyone mentioning it. Not digging into this much deeper, so I will dump the main aspects and move on. This ransomware is called "zCrypt", which is based on the extension left on encrypted files as well as other artifacts. zCrypt has been observed being delivered via malspam. zCrypt utilizes a command and control server to check-in infected bots and also pass the encryption key from the server to the infected machine. When executed, the malware creates a pop-up that appears to be benign-- likely to confuse a user while the malware talks to the command and control server and begins the encryption routine. The pop-up will continue to appear while the malware is running. Ransom Note Details There is a clickable link in the HTML note: "Click Here to Show Bitcoin Address". It appears the ransom note HTML will look for a locally created file "btc.addr" in "C:\Roaming" but the file is actually created in %APPDATA%\Roaming. The browser will throw an error when it cannot find it. I manually moved the file to the location it was looking for and it worked and revealed another BTC payment address. Currently both wallets are empty. Encrypted files Files will be appended with the ".zcrypt" extension. Network Communications IOCs Mutex: zcrypt1.0 Registry key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\zcrypt Dropped file: C:\Users[UserName]\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\zcrypt.lnk Dropped file: C:\Users[UserName]\AppData\Roaming\zcrypt.exe Dropped file: C:\Users[UserName]\AppData\Roaming\btc.addr Dropped file: C:\Users[UserName]\AppData\Roaming\public.key Dropped file: How to decrypt files.html Encrypted file extention: .zcrypt Preliminary Malware Analysis File name: invoice-order.exe File size: 791.0 KB ( 809984 bytes ) MD5 hash: d1e75b274211a78d9c5d38c8ff2e1778 Detection ratio: 20 / 57 First submission: 2016-05-22 17:59:19 UTC VirusTotal link: https://www.virustotal.com/en/file/bc557a7bfec430aab3a1b326f35c8d6c1d2de0532263df872b2280af65f32b8f/analysis/ If you have any feedback or questions please email me at jack@malwarefor.me. Additionally, you can reach out on Twitter or follow for for updates. Twitter Facebook Google+ 2016-05-24 - zCrypt Ransomware Published May 24th 2016 Writing Signatures for Clam AV 0.99: A Tutorial Published March 26th 2016 2015-12-27 Sundown EK sending Neutrino Published December 30th 2015 2015-12-21 Nuclear EK via Malvertizing Dropping Kelihos.F Published December 27th 2015 2015-12-03 Nuclear EK sending H1N1 Loader, AlphaCrypt, and Andromeda Published December 5th 2015 2015-12-01 Angler EK sending CryptoWall Published December 1st 2015 2015-11-27 Angler EK sending Ramnit Published November 27th 2015 2015-11-11 RIG EK delivers Kelihos Published November 11th 2015 2015-11-04 Quick Look at Cryptowall 4.0 Published November 4th 2015 2015-11-02 Angler EK sending Bedep Published November 3rd 2015 2015-09-20 KaiXin EK from koreatimes.com Published September 21st 2015 2015-09-07 Nuclear EK dropping Pony/Fareit leading to Troldesh Published September 7th 2015 2015-09-04 Angler EK sends AlphaCrypt Ransomware Published September 4th 2015 2015-08-31 Angler EK pushing Bedep Published August 31st 2015 2015-08-28 RIG EK dropping Rovnix Published August 28th 2015 2015-07-22 Updated Nuclear EK activity pushing CryptoWall 3.0 Published July 22nd 2015 2015-07-21 Angler EK Dropping CryptoWall 3.0 Published July 21st 2015 2015-07-12 Nuclear EK from Windigo Group pushes Glupteba Published July 12th 2015 2015-07-11 Nuclear EK and Angler EK with CryptoWall 3.0 Payload Published July 11th 2015 2015-07-08 Angler EK Drops Tinba via Andromeda/Gamarue Published July 8th 2015 2015-07-02 Malspam delivers CryptoWall 3.0 via "Resume" Attachment Published July 2nd 2015 2015-06-17 Angler EK Continuing to Change Published June 17th 2015 2015-06-15 Nuclear EK, Glupteba, Operation Windigo (again) Published June 15th 2015 2015-05-31 'Paying-Days' CryptoWall 3.0 Campaign via Magnitude EK Published May 31st 2015 2015-05-20 Angler EK from cupidfunda.com Published May 21st 2015 2015-05-19 Angler EK and Bedep from starmusiq.com Published May 19th 2015 2015-05-02 Angler EK and RIG EK both from cupidfunda.com Published May 2nd 2015 2015-04-27 Angler EK pushes TeslaCrypt 0.3.6 Ransomware Published April 27th 2015 2015-04-26 Nuclear EK with Pony/Fareit Payload Published April 26th 2015 2015-04-11 Nuclear EK, Glupteba, and Operation Windigo Published April 16th 2015 Page 1 of 2 Older Posts → malwarefor.me ? 2016 / Published with Ghost / Ghostwriter theme By JollyGoodThemes

malwarefor.me Whois

Domain Name: MALWAREFOR.ME Domain ID: D108500000014499099-AGRS WHOIS Server: Referral URL: www.namecheap.com Updated Date: 2015-10-07T21:13:03Z Creation Date: 2014-11-24T02:22:31Z Registry Expiry Date: 2016-11-24T02:22:31Z Sponsoring Registrar: NameCheap, Inc. Sponsoring Registrar IANA ID: 1068 Domain Status: clientTransferProhibited https://www.icann.org/epp#clientTransferProhibited Registrant ID: BIFUMDKLVCAPKV5D Registrant Name: WhoisGuard Protected Registrant Organization: WhoisGuard, Inc. Registrant Street: P.O. Box 0823-03411 Registrant City: Panama Registrant State/Province: Panama Registrant Postal Code: 00000 Registrant Country: PA Registrant Phone: +507.8365503 Registrant Phone Ext: Registrant Fax: +51.17057182 Registrant Fax Ext: Registrant Email: bb83756308db4a96a3b86e6b7a1b053f.protectⓜwhoisguard.com Admin ID: 0M1V5Z4XPT0ZTSWU Admin Name: WhoisGuard Protected Admin Organization: WhoisGuard, Inc. Admin Street: P.O. Box 0823-03411 Admin City: Panama Admin State/Province: Panama Admin Postal Code: 00000 Admin Country: PA Admin Phone: +507.8365503 Admin Phone Ext: Admin Fax: +51.17057182 Admin Fax Ext: Admin Email: bb83756308db4a96a3b86e6b7a1b053f.protectⓜwhoisguard.com Tech ID: W0ETJCRKPL0RR0HO Tech Name: WhoisGuard Protected Tech Organization: WhoisGuard, Inc. Tech Street: P.O. Box 0823-03411 Tech City: Panama Tech State/Province: Panama Tech Postal Code: 00000 Tech Country: PA Tech Phone: +507.8365503 Tech Phone Ext: Tech Fax: +51.17057182 Tech Fax Ext: Tech Email: bb83756308db4a96a3b86e6b7a1b053f.protectⓜwhoisguard.com Name Server: NS1.DIGITALOCEAN.COM Name Server: NS2.DIGITALOCEAN.COM Name Server: NS3.DIGITALOCEAN.COM DNSSEC: unsigned >>> Last update of WHOIS database: 2016-05-18T20:18:42Z <<< "For more information on Whois status codes, please visit https://icann.org/epp" Access to WHOIS information is provided to assist persons in determining the contents of a domain name registration record in the registry database. The data in this record is provided by The Registry Operator for informational purposes only, and accuracy is not guaranteed. This service is intended only for query-based access. You agree that you will use this data only for lawful purposes and that, under no circumstances will you use this data to(a) allow, enable, or otherwise support the transmission by e-mail, telephone, or facsimile of mass unsolicited, commercial advertising or solicitations to entities other than the data recipient's own existing customers; or (b) enable high volume, automated, electronic processes that send queries or data to the systems of Registry Operator, a Registrar, or Afilias except as reasonably necessary to register domain names or modify existing registrations. All rights reserved. Registry Operator reserves the right to modify these terms at any time. By submitting this query, you agree to abide by this policy