Forensic

Hi everybody,
is there someone who can shad some light on how the path has to look like before producing the checksum. There are so many possibilities.
Do I really need to use lower case letters only in the path. Should I use FAT12 naming with the truncated numbered filenames?

I really tried all combinations above but didn’t get a hit. I obviously found the malware as this is nescessary to solve C&C 4 but I can’t get #3 to work.

Cheers
Matse

Hey,

You don’t have to lower case anything; take the path as it is (with spaces) and get the md5sum.
I’m available on IRC if you’re having troubles.

Found malware in 2 executables -validated with Virustotal- and problems to generate de md5 validation signature of the full path. I understand you have to generate a md5sum of C:\xxxxxx\xxxxx\xxxx.exe , right?

http://www.md5lab.com/word/ ????

Ohh my Gosh!!!!

HI everybody. i have a problem. I dont know what process is malware? when i use volatility i show all process and all dll list, but i dont know how to know it’s a malware process. and how check md5 of thi path of malware?