Whois entry for personalonlinescanv3.com 83.133.126.155
Name: Yuvaraj K Jothi
Address: 88, Periyar EVR High Road
City: Chennai
Province/state: Chennai
Country: IN
Postal Code: 600007
Setup-fdbd6_02012.exe
Result: 2/41 (4.88%)
MD5: eb0111f5fd11420d70988bc21dcda65a
VirusTotal
ThreatExpert Analysis
hxxp://personalonlinescanv3.com/download/
hxxp://besttubetech.com/xplays.php?id=40014&name=sahel+kazemi+dui+video&hostingtype=vox&theme=trends&category=hottrends&from=videoplayer
Whois entry for hotexefiles.com 64.20.38.172
Susan Field (susfie16@gmail.com)
1059 Rubaiyat Road
Grand Rapids
Michigan,49503
US
Tel. +001.56578987654
onlinemovies.40014.exe
Result: 8/41 (19.52%)
MD5: 2e02ea10960799a78792e39f5498adb6
VirusTotal
ThreatExpert Analysis
hxxp://hotexefiles.com/
onlinemovies.40069.exe
Result: 2/40 (5%)
MD5: 35b979934376577e4429db4317e5184f
VirusTotal
ThreatExpert Analysis
hxxp://hotexefiles.com/
SIDE NOTE: There may be a misconception as to the purpose of these posts. It is not posting a NEW malware variant or NEW malware altogether. These posts are simply to show the new domain it has switched to. I include the the binary downloaded as additional information because we add it to our database. Because the person(s) involved will not respond to my emails, I posted here.
Let’s not make assumptions people.
hxxp://tubessite.com/xplays.php?id=40069
Whois entry for exe-cosmos.com 64.20.38.172
Jennifer Ket (jennifket@gmail.com)
1120 Broadway Avenue
Johnson City
Tennessee,37601
US
Tel. +001.43459898760
onlinemovies.40014.exe
Result: 3/41 (7.32%)
MD5: 64a411cce0da8680576a5314eb6ce8e0
VirusTotal
ThreatExpert Analysis
hxxp://exe-cosmos.com/
onlinemovies.40069.exe
Result: 3/41 (7.32%)
MD5: a8148ab3190ae2d5b2765b10ded7228b
VirusTotal
ThreatExpert Analysis
hxxp://exe-cosmos.com/
Files added to our database recently.
WARNING: URL’s may still be active. Proceed at your own risk.
Setup-73cb3_02009-1938.exe
Result: 12/41 (29.27%)
MD5: 082c4b1a7b77db893364c3fd3a77b647
VirusTotal
ThreatExpert Analysis
hxxp://secured-virus-scanner.com/download/
id_0122.exe or setup.exe
Result: 13/40 (32.5%)
MD5: 5e6ea7e4f4fbe148e3a06afa58daf581
VirusTotal
ThreatExpert Analysis
hxxp://youtube-adult.name/
pdrv.exe or vcru_1246903147.exe
Result: 12/40 (30%)
MD5: 97207099a118be4091785119b1d9937d
VirusTotal
ThreatExpert Analysis
hxxp://upload.octopus-multimedia.be/1/pdrv.exe
pp.10.exe or pp10.exe
Result: 24/40 (60%)
MD5: 133f989d913fea3e8802282bd37c5927
VirusTotal
ThreatExpert Analysis
hxxp://upload.octopus-multimedia.be/1/pp.10.exe
ld12.exe
Result: 22/41 (53.66%)
MD5: 5c8c37b5ce36b12aaa670b30bd84887a
VirusTotal
ThreatExpert Analysis
install.48322.exe
Result: 17/41 (41.47%)
MD5: 6b8828c90810b4c46eb93bab5976be89
VirusTotal
ThreatExpert Analysis
codec.exe
Result: 19/41 (46.35%)
MD5: 50f81d56bc7e620032d6e87c917aa663
VirusTotal
ThreatExpert Analysis
lol.exe
Result: 5/41 (12.2%)
MD5: ee8171ed76ae49a9c68dd5d33ce74931
VirusTotal
ThreatExpert Analysis
service.exe
Result: 7/41 (17.08%)
MD5: 6e42355db044533bea5f06552065efa3
VirusTotal
ThreatExpert Analysis
391.exe
Result: 8/41 (19.52%)
MD5: 39ef491b937577930f7057f2a7d2e3f4
VirusTotal
ThreatExpert Analysis
setup.exe
Result: 21/41 (51.22%)
MD5: 513ffc855daed8d0889188431add9d34
VirusTotal
ThreatExpert Analysis
FlashPlayer.exe
Result: 18/41 (43.91%)
MD5: 88d88eb7a3941e89c1c9dac8797e7301
VirusTotal
ThreatExpert Analysis
hxxp://healsearcher.com/download/2b58736731513d3d150878b420090701/
.exe
Result: 11/41 (26.83%)
MD5: 174aa8777d77426485747d6de4d0039b
VirusTotal
ThreatExpert Analysis
setup.exe
Result: 20/41 (48.79%)
MD5: e28ecac172dd0b6a178e4abbd6e92af7
VirusTotal
ThreatExpert Analysis
a.exe
Result: 26/41 (63.42%)
MD5: eb4209ac9062804a8c83831ffb0dc6c7
VirusTotal
ThreatExpert Analysis
hxxp://arplgm.cn/
VideoCodec.exe
Result: 14/41 (34.15%)
MD5: 8254d797dc12adaa7e50f30128199b17
VirusTotal
ThreatExpert Analysis
hxxp://healsearcher.com/download/4672366463673d3d0c36c19720090701/
Mediacodec.exe
Result: 16/41 (39.03%)
MD5: 72ede7e934e0777120ec95fa229f0a2a
VirusTotal
ThreatExpert Analysis
win.exe
Result: 23/41 (56.1%)
MD5: b6ebdb9c3e24ef845af65a8ea5d09540
VirusTotal
ThreatExpert Analysis
hxxp://ads.v8dc.com/win/
evilItTheir.pdf
Result: 12/41 (29.27%)
MD5: 3e43e2393e03b76af5f7ff1b30ed83a1
VirusTotal
Wepawet Analysis
hxxp://imagehut3.cn/images/
load.exe
Result: 5/41 (12.2%)
MD5: 55126b500a9cbecb6e3df1a61592fcc7
VirusTotal
ThreatExpert Analysis
hxxp://imagehut3.cn/images/update.php
install_flash_player.exe
Result: 0/41 (0%)
MD5: a51b5d3fee2215f0068fc36174a53513
VirusTotal
ThreatExpert Analysis
hxxp://missing-codecs.net/download/download.php
load.exe or sysguard.exe
Result: 2/40 (5%)
MD5: 507aedd5e26a6bf81635b067b8053ceb
VirusTotal
ThreatExpert Analysis
hxxp://91.212.198.116/lib/update.php
fotos_Album.exe
Result: 21/41 (51.22%)
MD5: af50713e6ff1cfc0e190261a48dc8ee2
VirusTotal
ThreatExpert Analysis
principal.txt or process.exe
Result: 12/40 (30%)
MD5: 097fcf4368c94d83563f205ce335f89b
VirusTotal
ThreatExpert Analysis
hxxp://www.hoje-noticias.pagebr.com/downloads/
TS45.SYS
Result: 2/41 (4.88%)
MD5: aba452fd10f74aabcac36b579046ede8
VirusTotal
ThreatExpert Analysis
plug2.txt or wiskyx.exe
Result: 20/41 (48.79%)
MD5: 6b88ad201100fe58920842be576f5482
VirusTotal
ThreatExpert Analysis
hxxp://www.hoje-noticias.pagebr.com/downloads/
winsex2.txt or winsex2.exe
Result: 11/40 (27.5%)
MD5: 3abb2f2eda63e9ed447aad1e502b5e25
VirusTotal
ThreatExpert Analysis
hxxp://www.hoje-noticias.pagebr.com/downloads/
Setup-27a_02022.exe
Result: 6/41 (14.64%)
MD5: a778ceee0fa0161bf77fa318fa3f1a51
VirusTotal
ThreatExpert Analysis
update.exe
Result: 14/40 (35%)
MD5: 4e37097b45d8885a55ef8bd0a0669446
VirusTotal
ThreatExpert Analysis
hxxp://vikd3jj-2.com/2/index.php
hxxp://go-go-tube.com/xplays.php?id=40069
Whois entry for red-exe.com 64.20.38.172
Tasha Chambers (tashcham@gmail.com)
2520 North Street
Kearns
Utah,84118
US
Tel. +001.98985647689
onlinemovies.40069.exe
Result: 0/40 (0%)
MD5: 39c1a48433c6de8c08d75926cb468d20
VirusTotal
ThreatExpert Analysis
hxxp://red-exe.com/
onlinemovies.40014.exe
Result: 0/40 (0%)
MD5: a24bcd49eb5d266d11fb2883a203ef76
VirusTotal
ThreatExpert Analysis
hxxp://red-exe.com/
Whois entry for securedvirusscan.com 69.4.230.205
Privat person
Aleksandr Rozanov adsff@freebbmail.com
+74952783441 fax: +74952783441
ul. Peshkova 29-52
Moskva Moskovskay oblast 126106
ru
Setup-4e45_02022.exe
Result: 0/40 (0%)
MD5: abc17998e1b33fe99f60497010028523
VirusTotal
ThreatExpert Analysis
hxxp://securedvirusscan.com/download/
Found these sites today while browsing on Google Video. This redirection is triggered from having a video.google.com referrer and pushes the user through a few domains to redirect and download content. It may be triggered by other video sites as well. This is offering an HD codec for flash player and features a cute installation process when you visit the site.
hxxp://best.viralprn.net
Redirects to
hxxp://only.hdpornr.net
Loads files from
hxxp://tvcodec.net
Whois entry for viralprn.net 88.80.19.191
Whois entry for hdpornr.net 195.95.151.178
Whois entry for tvcodec.net 91.194.10.60
PrivacyProtect.org
Domain Admin (contact@privacyprotect.org)
P.O. Box 97
Note – All Postal Mails Rejected, visit Privacyprotect.org
Moergestel
null,5066 ZH
NL
Tel. +45.36946676
Whois entry for hdenabled.com 213.163.66.241
Flash.Player.HD.v10.0.exe
Result: 12/41 (29.27%)
MD5: 947828203c38f7cc2e98277076b747a0
VirusTotal
ThreatExpert Analysis
hxxp://hdenabled.com/download/5a6a576343673d3d050cf77920090701/
hxxp://go-go-tube.com/xplays.php?id=40069
Whois entry for exe-site.com exe-site.com
Queenie Ziegler (queeziegl@gmail.com)
4806 Green Avenue
Fremont
California,94536
US
Tel. +001.34980976583
streamviewer.40069.exe
Result: 0/40 (0%)
MD5: 7f14d9626761ac467f85b542028259e3
VirusTotal
ThreatExpert Analysis
hxxp://exe-site.com/
