Malware Analysis: Utntweep

MD5 hash: 5b53eab7edc13c1db7c066d96b64ddc6
Virus Total Link:



Sourcejob.dat, Feelcat.ini, Tupix.ini
Start of Malware Code
Continuation of code for explorer.exe
svchost.exe string, if compare successful malware continues
Delete feelcat.ini after process complete
Decrypted Strings via OlyDbg




Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Ben Lee

I focus on Malware, RE, DFIR. This blog is used to improve my understanding of these concepts and show my progress.