GitHub - loneicewolf/MINI-FLAME-Skywiper: FLAME MALWARE (MINI FLAME, Specifically ) https://securelist.com/miniflame-aka-spe-elvis-and-his-friends/68560/

Name		Name	Last commit message	Last commit date
Latest commit History 13 Commits
00000000.dll		00000000.dll
G1.png		G1.png
README.md		README.md
icsvnt32.ocx.png		icsvnt32.ocx.png

Repository files navigation

MINI-FLAME-Skywiper

FLAME MALWARE (MINI FLAME, Specifically )

https://securelist.com/miniflame-aka-spe-elvis-and-his-friends/68560/

00000000.dll was NOT known to virustotal until I uplaoded it! (What a shock!) (Edit: ) the 0..0.dll file was actually some file called icsvnt32.ocx - dug deeper and found this:https://securelist.com/miniflame-aka-spe-elvis-and-his-friends/68560/

+Related to Gauss.

https://www.virustotal.com/gui/file/907fe5666c52b3bcd3c0b9baa3c8fb5c9eb63edad6b7e75119612fdf5e75bee2/detection

From the link: https://securelist.com/miniflame-aka-spe-elvis-and-his-friends/68560/

Sample Gauss configuration file Gauss 1.0.8 ShellNotifyUser ShellNotifyUserEx SetWindowEvent InitShellEx %systemroot%\system32\winshell.ocx %systemroot%\temp\ws1bin.dat

Godel InitCache RevertCache ValidateEntry CreateEntry %windir%\system32\dskapi.ocx %temp%~gdl.tmp

John RegisterService %systemroot%\system32\icsvnt32.ocx

UsbDir %windir%\system32\smdk.ocx %temp%~mdk.tmp 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29

Gauss 1.0.8 ShellNotifyUser ShellNotifyUserEx SetWindowEvent InitShellEx %systemroot%\system32\winshell.ocx

%systemroot%\temp\ws1bin.dat

Godel InitCache RevertCache ValidateEntry CreateEntry %windir%\system32\dskapi.ocx

%temp%~gdl.tmp

John RegisterService %systemroot%\system32\icsvnt32.ocx

UsbDir %windir%\system32\smdk.ocx

%temp%~mdk.tmp