Difference between revisions of "Alina"
Jump to navigation
Jump to search
(One intermediate revision by the same user not shown) | |||
Line 5: | Line 5: | ||
* packers used: UPX from version 2.1, a Visual Basic crypter from version 5.2 and UPX protector from version 5.5 | * packers used: UPX from version 2.1, a Visual Basic crypter from version 5.2 and UPX protector from version 5.5 | ||
|Target=Microsoft Windows, | |Target=Microsoft Windows, | ||
|Vector=Spam, | |||
|CCProtocol=HTTP, | |CCProtocol=HTTP, | ||
|Feature=Regular expression filtering, Memory scrapping, XOR encoding, Logging, UPX Packing, Visual Basic crypter, UPX Protector, | |Feature=Regular expression filtering, Memory scrapping, XOR encoding, Logging, UPX Packing, Visual Basic crypter, UPX Protector, Credit card data theft, | ||
|BeginYear=2012 | |BeginYear=2012 | ||
|Group=Point-of-sale, | |Group=Point-of-sale, | ||
}} | }} |
Latest revision as of 13:43, 18 July 2015
(Botnet) Link to the old Wiki page : [1] / Google search: [2]
Alina | |
---|---|
Alias | |
Group | Point-of-sale |
Parent | |
Sibling | |
Family | |
Relations | Variants: Eagle, Spark Sibling of: |
Target | Microsoft Windows |
Origin | |
Distribution vector | Spam |
UserAgent | |
CCProtocol | HTTP (Centralized) |
Activity | 2012 / |
Status | |
Language | |
Programming language | |
Operation/Working group |
Introduction
- starting v2 XOR was added and the key used was 0xAB
- starting v5.2, XOR scheme is more complex, 0xAA for the first 76 bytes, then data between offsets 18 and 35 are used as the XOR key
- starting version 3.1 HTTP status code 666
- packers used: UPX from version 2.1, a Visual Basic crypter from version 5.2 and UPX protector from version 5.5
Features