Johannes Bacher's reversing efforts
| Subfolder | Malware Family | Alias | Write-Up |
|---|---|---|---|
| pizd | ?? | [link] (https://blog.avast.com/2013/06/18/your-facebook-connection-is-now-secured/) | |
| newgoz | newGOZ | Gameover Zeus, Peer-to-Peer Zeus | link |
| ramnit | Ramnit | link | |
| shiotob | Shiotob | Urlzone, Bebloh | link |
| symmi | Symmni | link | |
| banjori | Banjori | MultiBanker 2, BankPatch(er) | link |
| necurs | Necurs | link | |
| dircrypt | DirCrypt | link | |
| pykspa/precursor | Precursor of Pykspa | link | |
| pkyspa/improved | Improved Pykspa | link | |
| simda | Simda | Shiz | link |
| tinba | Tinba | TinyBanker, Zusy | link |
| ranbyus/may | Ranbyus Version 1 | link | |
| ranbyus/september | Ranbyus Version 2 | link | |
| nymaim | Nymaim | ||
| nymaim2 | Nymaim v2 | link | |
| murofet/v1 | Murofet Variant 1 | LICAT | link |
| murofet/v2 | Murofet Variant 2 | LICAT | link |
| murofet/v3 | Murofet Variant 3 | LICAT | link |
| fobber | Fobber | Tinba v3 | |
| corebot | CoreBot | link | |
| suppobox | SuppoBox | link | |
| unnamed_javascript_dga | Unnamed | link Obsolete, see Proslikefan | |
| kraken/v1 | Kraken Version 1 | Bobax, Oderoor | link |
| kraken/v2 | Kraken Version 2 | Bobax, Oderoor | link |
| dnschanger | DNSChanger | Alureon | link |
| qakbot | Qakbot | link | |
| locky | Locky | link | |
| padcrypt | Padcrypt | link | |
| gozi | Gozi | Ursnif, Snifula, Papras | link |
| qadars | Qadars | link | |
| sisron | Sisron | TOMB, Win32/Agent.WRQ, Trojan.Scar | link |
| proslikefan | Proslikefan | link | |
| vawtrak | Vawtrak | link | |
| unnamed_downloader | Unnamed Downloader | ||
| chinad | Chinad | link | |
| tempedreve | Tempedreve | link | |
| unknown_malware | ? |