Archive for October 5th, 2008

05
Oct

Multiple Exploit Page (Acrobat, Outlook Express, & Quicktime)-VIDEO

By djpnuemo Comments
Categories: Database Update, Malicious Domains, Malicious Links, Malware and Vulnerabilities

Here is another example of an exploit page. This exploit searches for a vilnerability and then injects the malware to the computer. In this case, there are multiple files in use here. All the files are listed below with details. As with previous posts, we captured video of the exploit in action.  The files are available our repository under /pnuemo-malware/1005-exploit.zip.

The first page starts the search for an vulnerability to exploit and once found, loads the binary from the next URL. It will look for vulnerabilities in Adobe Acrobat, Outlook Express, and Quicktime to name a few. The exploit page has multiple pages of obfuscated code that is too much to post. You can download the code here (.txt).

BE ADVISED: This websites may still be live. Proceed at your own risk.

hxxp://195.242.161.63/z/index.php -> hxxp://195.242.161.63/z/load.php?ssv=

doc.pdf
Result: 8/36 (22.23%)
MD5: 2b477c02cef58a4d965b149311f495f2
VirusTotal

default.exe
Result: 14/36 (38.89%)
MD5: df5fbc8fb5ab1e9a69c72508250cb451
VirusTotal
ThreatExpert Analysis

Download Video (.wmv)

05
Oct

Database Update – 7 Files (Low Detection)

By djpnuemo Comments
Categories: Codec, Database Update, Malicious Domains, Malicious Links and Malware

We have another database update with files pulled from multiple locations. Below is information regarding each piece of malware. These are available in our repository under /pnuemo-malware/.

BE ADVISED: These sites may still be live. Proceed at your own risk.

MSCodecLt.v.1.0.exe
Result: 7/36 (19.45%)
MD5: 6281268d81ae94a6c2852f9fa203ab64
VirusTotal
ThreatExpert Sandbox
hxxp://download-st-software.com/MSCodecLt.v.1.0.20931.exe

AntiMalware2009Installer.exe
Result: 8/36 (22.23%)
MD5: 89a475b16fe8d9dbf86dca07c4a1970d
VirusTotal
Sunbelt Sandbox
hxxp://antimalware09.com

windgxy4na.exe
Result: 11/36 (30.56%)
MD5: 852b4fbf1b6a8e17264037664c16f874
VirusTotal
ThreatExpert Sandbox

MSCodecLite.7.exe
Result: 18/36 (50%)
MD5: f087cf90964be150bc086f53b9f4477e
VirusTotal
ThreatExpert Sandbox

antivirus.v.1.0.1011.exe
Result: 12/36 (33.34%)
MD5: c5bdfb5826cb871ad355b9d2609b7a1d
VirusTotal
ThreatExpert Sandbox
hxxp://antivirusdownload.softvvareportal.com/antivirus.v.1.0.1011.exe

zcodec.1401.exe
Result: 12/36 (33.34%)
MD5: fe924640bf4ad441133fa3adcc54335a
VirusTotal
Sunbelt Sandbox
hxxp://codecdownload.softvvareportal.com/zcodec.1401.exe

8820931756739.mp3.exe
Result: 6/36 (16.67%)
MD5: 7d503ad0da991497f434eaf38398aa66
VirusTotal
Sunbelt Sandbox
hxxp://vmpupdate.com/mp3download.php?id=323



 

October 2008
M T W T F S S
« Sep   Nov »
 12345
6789101112
13141516171819
20212223242526
2728293031