nRansom v1 Analysis: http://xywcloud.blogspot.com/2017/09/nransom.html
nRansom v3 Analysis: http://xywcloud.blogspot.com/2017/10/nransom-v3.html
As you can see from the title, the new ransomware called “nRansom” has been updated. But after a full analysis of nRansom v2, we only found few changes(but some of them are important) Continue reading “nRansom v2”
From July to now, we have collected lots of Chinese backdoor samples from a special source.
Sometimes they are encrypted, so they need a loader to download & decrypt.
We’re very lucky to get the full source code of this family of backdoor(Including source code, server module, client module and payload builder), so it’s easier for us to create signature.
Here is a downloader sample. Continue reading “Chinese Trojan Downloader”
X-Sec Antivirus 188.8.131.52 Release Note
- Now X-Sec Antivirus can scan more types of file
- Detection for a new type of encoded backdoor payload
- Now X-Sec Antivirus GUI and X-Sec Antivirus Updater require admin privilege
- Optimize memory usage during scan
- Optimize script identification logic
- X-Sec CommandLine Scanner updated to 184.108.40.206
- X-Sec Antivirus Updater updated to 220.127.116.11
- XSec_FC.dll updated to 18.104.22.168
- XSec_FI.dll updated to 22.214.171.124
- XSec_HE.dll updated to 126.96.36.199
- XSec_STK.dll updated to 188.8.131.52
Users must update to this version otherwise you will no longer use Cloud Engine.