Resolved :[demoralize.biz] To [37.221.170.194]
Panel:hxxp://37.221.170.194/panel/image.php
Module:hxxp://37.221.170.194/panel/r.pack
DirtJumper:demoralize.biz/dj/index.php
Other files:hxxp://demoralize.biz/f/
hosting infos:
http://whois.domaintools.com/37.221.170.194
Anonymous - January 30, 2013 at 9:41 pm
pig please see this file
http://bmc.linkpc.net/download/bmchat.exe
i think it's ngr bot
how you can fine PORT DNS info?
can you tell us the program name
how we can printe all bot info?
like this one ? http://www.exposedbotnets.com/2012/01/9521116562ngrbot-hosted-in-netherlands.html
http://bmc.linkpc.net/download/bmchat.exe
Pig - January 30, 2013 at 10:03 pm
thank you for this file:-) i m making new post with your submition now
please next time replace http with hxxp in your links
Pig - January 30, 2013 at 10:11 pm
to find infos from malwares first of all u can start by installing virtual box or vmware
then install sandboxie wireshark
execute the exe in your vmware then start snifing the traffic with wireshark to find infos
most of malwares have anti virtual machine/sandboxie/wireshark protections so u have to use other methods to find infos
but u can start by vmware+sandboxie+wireshark if u really like to sniff exe files lol