Sites: hxxp://antivirusworld9.com -> hxxp://scanthnet.com -> hxxp://innovagest2000sl.com
Files: AV2009Install_*.exe (0570484B66E9A139D8FD0A71F5448957)
VirusTotal Result: 4/36 (11.11%)
MDB: /lithium-malware/AV2009Install.zip
Removal:
Here is a fresh round of malware discovered today. Most are the usual zlob variant. This post may be updated as more information about the malware is found, so check back. All files are available in /pnuemo-malware/.
Links may still be live. Proceed at your own risk.
city-codec.v.1.345.exe
Result: 18/36 (50%)
MD5: 905c85ab50f200dd0229cc93e055ed5a
VirusTotal
hxxp://city-codec.com/download/city-codec.v.1.345.exe
citycodec.v3.001.exe
Result: 5/36 (13.89%)
MD5: b71e1150138e77c14b9caa62bcd5b259
VirusTotal
hxxp://citycodec.net/download/citycodec.v3.001.exe
zcodec.1062.exe & zcodec.1091.exe
Result: 5/36 (13.89%)
MD5: b0c7c21760919e0df7606dadde5413ae
VirusTotal
hxxp://codecdownload.anothersoftportal09.com/zcodec.1062.exe
hxxp://codecdownload.anothersoftportal09.com/zcodec.1091.exe
HDCodec_ver1.5000.0.exe
Result: 2/36 (5.56%)
MD5: 5b055fc89bc0dbb2ebce8c76a7ca7c1a
VirusTotal
Sunbelt Sandbox Analysis
hxxp://pornotube8.net/load.php?
WebSoftCodecDrivern.exe
Result: 7/36 (19.45%)
MD5: d3691fac5ee729794dd013e0807514a0
VirusTotal
Sunbelt Sandbox Analysis
hxxp://viacodecright2.com/08.php
xcodec.186.exe
Result: 6/36 (16.67%)
MD5: f96300487a4472da3c0e7083534732c1
VirusTotal
Sunbelt Sandbox Analysis
hxxp://hot-porn-tube2009.net/viewmovie.php?id=186
setup.exe & setup.exe (2)
Result: 8/36 (22.23%)
MD5: 989c2f345c04eb02a7277175fdd8ee32
MD5: 632847f20721a3cf09f991fbe1acc5a6 (2)
VirusTotal
VirusTotal (2)
hxxp://www.vidsware.net/download.php?id=1653
hxxp://www.vidsware.net/download.php?id=1285 (2)
index
Result: 3/36 (8.34%)
MD5: b8db4c79a11c6a4451bf9c02bdfcfcbe
VirusTotal
hxxp://wwwforum.myphotos.cc/stat.php?f=105
