{
	"id": "132ae7ae-45a7-48d6-bc5f-7d3726d67e2e",
	"created_at": "2026-04-06T00:21:13.357852Z",
	"updated_at": "2026-04-10T03:21:50.819868Z",
	"deleted_at": null,
	"sha1_hash": "aefed0556feef3f453e522ed6451cf452b9b1846",
	"title": "ZeroAccess / Max++ / Smiscer Crimeware Rootkit sample for Step-by-Step Reverse Engineering by Giuseppe Bonfa - \u003c\u003c (Update 2011 version available)",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 56235,
	"plain_text": "ZeroAccess / Max++ / Smiscer Crimeware Rootkit sample for Step-by-Step Reverse Engineering by Giuseppe Bonfa - \u003c\u003c (Update 2011\r\nversion available)\r\nArchived: 2026-04-05 20:01:52 UTC\r\nZeroAccess / Max++ / Smiscer Crimeware Rootkit sample for Step-by-Step Reverse Engineering\r\nby Giuseppe Bonfa - \u003c\u003c (Update 2011 version available)\r\nPost Update Feb 24, 2011\r\n The new version is available here, thanks to Guiseppe :)\r\nDownload MaxRootkit_2011_1.exe as a password protected archive (contact me if you need the\r\npassword)\r\n  File name: 392ddf0d2ee5049da11afa4668e9c98f\r\nVirustotal\r\nSubmission date 2011-02-14 14:41:24 (UTC)\r\nResult:25 /43 (58.1%)\r\nAntivirus     Version     Last Update     Result\r\nAhnLab-V3     2011.02.14.02     2011.02.14     Trojan/Win32.Gen\r\nAntiVir     7.11.3.78     2011.02.14     TR/Dropper.Gen\r\nAvast     4.8.1351.0     2011.02.14     Win32:FakeAlert-FC\r\nAvast5     5.0.677.0     2011.02.14     Win32:FakeAlert-FC\r\nAVG     10.0.0.1190     2011.02.14     Dropper.Generic3.AJH\r\nBitDefender     7.2     2011.02.14     Trojan.Generic.5349632\r\nCAT-QuickHeal     11.00     2011.02.14     Worm.Sirefef.a\r\nDrWeb     5.0.2.03300     2011.02.14     Trojan.DownLoader2.2219\r\nEmsisoft     5.1.0.2     2011.02.14     Worm.Win32.Sirefef!IK\r\nF-Secure     9.0.16160.0     2011.02.14     Trojan.Generic.5349632\r\nFortinet     4.2.254.0     2011.02.14     W32/Dx.VUZ!tr\r\nGData     21     2011.02.14     Trojan.Generic.5349632\r\nIkarus     T3.1.1.97.0     2011.02.14     Worm.Win32.Sirefef\r\nMcAfee     5.400.0.1158     2011.02.14     Generic.dx!vuz\r\nMcAfee-GW-Edition     2010.1C     2011.02.14     Heuristic.BehavesLike.Win32.Suspicious.H\r\nMicrosoft     1.6502     2011.02.14     Worm:Win32/Sirefef.gen!A\r\nhttp://contagiodump.blogspot.com/2010/11/zeroaccess-max-smiscer-crimeware.html\r\nPage 1 of 3\n\nNOD32     5872     2011.02.14     a variant of Win32/Sirefef.C\r\nPanda     10.0.3.5     2011.02.13     Trj/CI.A\r\nPCTools     7.0.3.5     2011.02.13     Trojan.Gen\r\nRising     23.45.00.00     2011.02.14     [Suspicious]\r\nSymantec     20101.3.0.103     2011.02.14     Trojan.Gen\r\nTheHacker     6.7.0.1.130     2011.02.13     Trojan/Sirefef.c\r\nTrendMicro     9.200.0.1012     2011.02.14     TROJ_GEN.R3EC1BD\r\nTrendMicro-HouseCall     9.200.0.1012     2011.02.14     TROJ_GEN.R3EC1BD\r\nVIPRE     8416     2011.02.14     Trojan.Win32.Generic!BT\r\nMD5   : 392ddf0d2ee5049da11afa4668e9c98f\r\nAutomated Scans\r\nMax++ downloader install_2010.ex_\r\nSubmission date:2010-10-29 17:02:09 (UTC)\r\nhttp://www.virustotal.com/file-scan/report.html?\r\nid=d22425d964751152471cca7e8166cc9e03c1a4a2e8846f18b665bb3d350873db-1288371729\r\nResult:40 /43 (93.0%)\r\nAntivirus     Version     Last Update     Result\r\nAhnLab-V3     2010.10.29.00     2010.10.28     Dropper/Smiscer.79360.B\r\nAntiVir     7.10.13.74     2010.10.29     TR/Drop.Smiscer.HF.1\r\nAuthentium     5.2.0.5     2010.10.29     W32/Dropper.AYXZ\r\nAvast     4.8.1351.0     2010.10.29     Win32:Trojan-gen\r\nAvast5     5.0.594.0     2010.10.29     Win32:Trojan-gen\r\nAVG     9.0.0.851     2010.10.28     Crypt.NSQ\r\nBitDefender     7.2     2010.10.29     Trojan.Generic.IS.439387\r\nCAT-QuickHeal     11.00     2010.10.26     TrojanDropper.Smiscer.hf\r\nClamAV     0.96.2.0-git     2010.10.29     Trojan.Dropper-24318\r\nComodo     6552     2010.10.29     TrojWare.Win32.TrojanDropper.Agent.783360\r\nDrWeb     5.0.2.03300     2010.10.29     BackDoor.Maxplus.6\r\nEmsisoft     5.0.0.50     2010.10.29     Trojan-Dropper.Win32.Smiscer!IK\r\neTrust-Vet     36.1.7942     2010.10.29     Win32/ASuspect.HADSN\r\nF-Prot     4.6.2.117     2010.10.29     W32/Dropper.AYXZ\r\nF-Secure     9.0.16160.0     2010.10.29     Trojan.Generic.IS.439387\r\nGData     21     2010.10.29     Trojan.Generic.IS.439387\r\nIkarus     T3.1.1.90.0     2010.10.29     Trojan-Dropper.Win32.Smiscer\r\nJiangmin     13.0.900     2010.10.29     Backdoor/Agent.ctrw\r\nK7AntiVirus     9.67.2865     2010.10.29     Trojan\r\nhttp://contagiodump.blogspot.com/2010/11/zeroaccess-max-smiscer-crimeware.html\r\nPage 2 of 3\n\nKaspersky     7.0.0.125     2010.10.29     Trojan-Dropper.Win32.Smiscer.hf\r\nMcAfee     5.400.0.1158     2010.10.29     Generic Dropper!cev\r\nMcAfee-GW-Edition     2010.1C     2010.10.29     Generic Dropper!cev\r\nMicrosoft     1.6301     2010.10.29     TrojanDropper:Win32/Sirefef.B\r\nNOD32     5575     2010.10.29     Win32/Sirefef.P\r\nNorman     6.06.10     2010.10.29     W32/Obfuscated.T\r\nnProtect     2010-10-29.01     2010.10.29     Trojan-Dropper/W32.Smiscer.79360\r\nPanda     10.0.2.7     2010.10.29     Trj/Dropper.WF\r\nPCTools     7.0.3.5     2010.10.29     Trojan.Generic\r\nPrevx     3.0     2010.10.29     Medium Risk Malware\r\nRising     22.71.03.02     2010.10.29     Trojan.Win32.Generic.51F92A9D\r\nSophos     4.59.0     2010.10.29     Mal/EncPk-NL\r\nSunbelt     7165     2010.10.29     Trojan.Win32.Generic!BT\r\nSUPERAntiSpyware     4.40.0.1006     2010.10.29     Trojan.Agent/Gen\r\nSymantec     20101.2.0.161     2010.10.29     Trojan Horse\r\nTheHacker     6.7.0.1.073     2010.10.29     Trojan/Dropper.Smiscer.hf\r\nTrendMicro     9.120.0.1004     2010.10.29     TROJ_Gen.CX34I8\r\nTrendMicro-HouseCall     9.120.0.1004     2010.10.29     TROJ_Gen.CX34I8\r\nVBA32     3.12.14.1     2010.10.29     Trojan.Win32.Waledac.45\r\nViRobot     2010.10.25.4110     2010.10.29     Dropper.Smiscer.79410\r\nVirusBuster     12.70.12.0     2010.10.29     Trojan.DR.Smiscer.LP\r\nMD5   : d8f6566c5f9caa795204a40b3aaaafa2\r\nSHA1  : d0b7cd496387883b265d649e811641f743502c41\r\nSource: http://contagiodump.blogspot.com/2010/11/zeroaccess-max-smiscer-crimeware.html\r\nhttp://contagiodump.blogspot.com/2010/11/zeroaccess-max-smiscer-crimeware.html\r\nPage 3 of 3",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia"
	],
	"references": [
		"http://contagiodump.blogspot.com/2010/11/zeroaccess-max-smiscer-crimeware.html"
	],
	"report_names": [
		"zeroaccess-max-smiscer-crimeware.html"
	],
	"threat_actors": [],
	"ts_created_at": 1775434873,
	"ts_updated_at": 1775791310,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/aefed0556feef3f453e522ed6451cf452b9b1846.pdf",
		"text": "https://archive.orkl.eu/aefed0556feef3f453e522ed6451cf452b9b1846.txt",
		"img": "https://archive.orkl.eu/aefed0556feef3f453e522ed6451cf452b9b1846.jpg"
	}
}