Archive for May, 2009

31
May

Database Update: 19 files (Low Detection)

By djpnuemo Comments
Categories: Database Update, Malicious Domains, Malware and Rogue Security Software

Some files added to the repository this weekend.

WARNING: URL’s may still be active. Proceed at your own risk

codec.exe
Result: 27/40 (67.50%)
MD5: 038b4594a0079366b9dfed39e48d7570
VirusTotal
ThreatExpert Analysis
hxxp://loved-online-tube.com/codec/212.exe

file.exe or svchost_32.exe
Result: 8/40 (20%)
MD5: c0ad103137d69ae6959fafe8e3fe5df9
VirusTotal
ThreatExpert Analysis
hxxp://videoporntrue.net/file.exe

ieocx.dll
Result: 18/39 (46.16%)
MD5: 4aca1a0c6e7928395a8261e382a525b9
VirusTotal
ThreatExpert Analysis

find26.exe
Result: 8/39 (20.52%)
MD5: cfc44f26402b3212a0bce1f61928fb98
VirusTotal
ThreatExpert Analysis
hxxp://alfafoxx.com/temp/

ret26.exe
Result: 12/40 (30%)
MD5: 7e5774291fbf82aacbf1adce25336924
VirusTotal
ThreatExpert Analysis
hxxp://alfafoxx.com/temp/

VideoStreamSoftware.exe
Result: 5/40 (12.5%)
MD5: 531463abb018217620732158a416dfd5
VirusTotal
ThreatExpert Analysis
hxxp://home-intra.com/download/5855766a7a773d3d99b4484520090516/

DVDConv.exe
Result: 4/40 (10%)
MD5: 95ec4e90b0408e25cafee81b394ae218
VirusTotal
ThreatExpert Analysis

0.pdf
Result: 10/38 (26.32%)
MD5: 46863c6ab5e2767e0820f90039ee35e6
VirusTotal
Wepawet Analysis
hxxp://gurru-turru2.com/forum/data/exp/

load.exe
Result: 3/40 (7.5%)
MD5: d4f1702c5875e64b994789ee9168bb2e
VirusTotal
ThreatExpert Analysis
hxxp://gurru-turru2.com/forum/update.php?id=3

softwarefortubeview40009.exe
Result: 11/39 (28.21%)
MD5: e0485af8a76e58aa04e023c4bacad385
VirusTotal
ThreatExpert Analysis
hxxp://exe-soft-portal.com/

a.exe
Result: 8/39 (20.52%)
MD5: 744c1c147d91511344d4e20b3c3e944a
VirusTotal
ThreatExpert Analysis

b.exe
Result: 12/39 (30.77%)
MD5: ae43bcdd7e04da5adff8304f6d292465
VirusTotal
ThreatExpert Analysis

c.exe
Result: 9/40 (22.5%)
MD5: 1f6d7c2eef405d4e637ede091265849c
VirusTotal
ThreatExpert Analysis

load.exe or servises.exe
Result: 5/39 (12.83%)
MD5: 4fc003e9563ffb6260fcccaa254378fb
VirusTotal
ThreatExpert Analysis
hxxp://koqsuyod.cn/nuc/exe.php

KB908311.exe
Result: 19/36 (52.78%)
MD5: e0641eab7bf65c11217ed11d504ca1d7
VirusTotal
ThreatExpert Analysis
hxxp://lsiu.info/evo/getexe.exe?o=7&t=1241452799&i=2154770526&e=18

Server_7.exe
Result: 6/40 (15%)
MD5: 6d05a073f0004c3c33169bf34003dca5
VirusTotal
ThreatExpert Analysis
hxxp://58.211.114.9/

fywd.dll
Result: 4/40 (10%)
MD5: 78903b4e5c6351022d1cb3125c83ec2c
VirusTotal
ThreatExpert Analysis

ad2.exe
Result: 20/40 (50%)
MD5: 499f68191358c70fad6fb6126befb3fe
VirusTotal
ThreatExpert Analysis
hxxp://85.114.131.69/

star.exe
Result: 10/39 (25.65%)
MD5: d9fb6ed011cde5b66c31a49b263a9568
VirusTotal
ThreatExpert Analysis
hxxp://www.anas.tv/

29
May

Rogue domain: proantivirusscannerv2.com

By djpnuemo Comments
Categories: Blackhat SEO, Database Update, Infection, Malicious Domains, Malware, Malware Distribution and Rogue Security Software

This domain wasn’t newly registered and I didn’t see much reported on it. As with previous posts, this was found with crawling search results.

The first referring domain is a brand new domain usanevvs.com with keywords to trigger search engines. It then uses macrosoftwarego.com, as I reported on before, and then on to proantivirusscannerv2.com.

Whois entry for proantivirusscannerv2.com 83.133.115.9

antvirushelpv1.com
premiumlivescanv1.com

proantivirusscannerv2.com/1/ – Fake scan page
proantivirusscannerv2.com/2/ – Fake scan page

Whois entry for usanevvs.com 64.21.86.16

Approximately 1,170 search results appeared from this domain that can trigger the redirection.

Install_2010-10.exe (Personal Antivirus)
Result: 7/40 (17.5%)
MD5: e0d8a4e13a400236d18c26e872d4098f
VirusTotal
ThreatExpert
hxxp://proantivirusscannerv2.com/download/Install_2010-10.exe

28
May

Database Update: 17 files (Low/Moderate Detection)

By djpnuemo Comments
Categories: Codec, Database Update, Infection, Malicious Domains and Malware

Some files added to our repository today.

WARNING: URL’s may still be active. Proceed at your own risk.

softwarefortubeview[1].40014.exe
Result: 2/40 (5%)
MD5: 93af52674eae7a71725f6414a532608c
VirusTotal
ThreatExpert Analysis
hxxp://zxc-sofftwares.com/

perce.jpg or 8427.exe
Result: 5/39 (12.83%)
MD5: 626297bb62a2eda0ae5a0096d8dc978b
VirusTotal
ThreatExpert Analysis
hxxp://imageempires.com/perce/550cc2b204ea9a6bedf4617da89c2d69d82fb0305b7210545e192870b029b9083e7ccf386452975e4/04d0e091044/

item.gif or 17978.exe
Result: 6/40 (15%)
MD5: b6bcda2bef477b41db11fdd4c93df564
VirusTotal
ThreatExpert Analysis
hxxp://imagescolor.com/item/653cf292847abadbcdc4f14d782cfd89587f4090eb923034ee3908c0c01919384e1cdfc88482975e4/9490b0c1943/

bb.jpg or 9299.exe
Result: 6/39 (15.39%)
MD5: 27fb9bba6b48a49b4983b264423cf365
VirusTotal
ThreatExpert Analysis
hxxp://picturehappiness.com/werber/240080c1e42/

plugin2.1.0.exe
Result: 10/38 (26.32%)
MD5: 7af59586ca7adbd07101f96a8a5b5816
VirusTotal
ThreatExpert Analysis

flash_player_v11.exe
Result: 9/39 (23.08%)
MD5: 78bad054d37a7e4fc1e111fdf3840396
VirusTotal
ThreatExpert Analysis

MoviesPlay.exe
Result: 4/40 (10%)
MD5: fb6cc48d25aa61811f11883257c13c31
VirusTotal
ThreatExpert Analysis

installer_1.exe (Antivirus Plus)
Result: 12/40 (30%)
MD5: ae09b7321db1e1813e102440c5355877
VirusTotal
ThreatExpert Analysis
hxxp://acetaiz.cn/

dop.exe or se.exe
Result: 6/40 (15%)
MD5: 3275e2b5eb4779618f508d2b04e35d2c
VirusTotal
ThreatExpert Analysis

important.exe
Result: 31/40 (77.5%)
MD5: 5ca9139de651cdb155de2012b86d44ef
VirusTotal
ThreatExpert Analysis
hxxp://zxc-sofftwares.com/

websrvx.exe
Result: 32/40 (80%)
MD5: 671cf6505a9292dfa902b9c58cec469e
VirusTotal
ThreatExpert Analysis
hxxp://i-site.ph/1/

setup.exe
Result: 22/39 (56.42%)
MD5: 10083ae73b3d397eddd2852116d76c46
VirusTotal
ThreatExpert Analysis
hxxtp://videofx4you1.com/software/2218736093/12440/1/

6244.exe
Result: 24/40 (60%)
MD5: 9f7bba0c5de7a66a958592e6fe6d6010
VirusTotal
ThreatExpert Analysis
hxxp://www.i-site.ph/1/

sysloc.dll
Result: 19/40 (47.5%)
MD5: f6bc4fb2988b8871ec978d98542a73d4
VirusTotal
ThreatExpert Analysis

nfr.exe or SYSDLL.exe
Result: 28/40 (70%)
MD5: 4bf2a453fce39e60262bcb9859f7bda9
VirusTotal
ThreatExpert Analysis
hxxp://www.i-site.ph/1/

pp.10.exe or pp10.exe
Result: 23/40 (57.5%)
MD5: 13bec5cf50c885a017e6f45594c5dfba
VirusTotal
ThreatExpert Analysis
hxxp://www.i-site.ph/1/

codec.exe (WinPC Defender)
Result: 22/40 (55%)
MD5: 539f37376c789ca019fa12e1197bde28
VirusTotal
ThreatExpert Analysis
hxxp://macromedla.com/codec/

28
May

New rogue domain: antivirus-protection-kit.com

By djpnuemo Comments
Categories: Blackhat SEO, Codec, Database Update, Malicious Domains, Malware and Rogue Security Software

Same as reported yesterday. Another rogue website distributing rogue security programs. This one was redirected to from new-redone.com as I reported about before. Once again, found through search results only.

Whois entry for antivirus-protection-kit.com 91.212.132.12
(Registered 5/28/09)

free-antivirus-engine.com
free-porn-xmovies.com
free-xtube.com
free-xxx-central.com
fresh-xxx-movies.com
secure-center-antivirus.com
the-best-antivirus.com
youporn-for-free.com
your-antivirus.com

Same as yesterday, each promoX in the URL will show a different webpage to get you to install a video codec or a rogue security program from a fake scan. I will not upload the images again because they are the same.

/promo1/ Fake Adult-archive.net website
/promo2/ Fake porntube.com website
/promo3/ Fake scanning page
/promo4/ Fake sextube website

antivirus.exe (Privacy Center)
Result: 8/40 (20%)
MD5: 0fcd809d824e1bfdc578de6e84385794
VirusTotal

27
May

New rogue domain: antivirus-protection-tools.com

By djpnuemo Comments
Categories: Blackhat SEO, Codec, Database Update, Infection, Malicious Domains, Malware Distribution and Rogue Security Software

Found this new domain spreading rogue anti-malware programs. These are fraudulent programs trying to extort money from you. This is the same scheme that has been running. This of course was found through search results. Here are the details…

This is similar to the one I previously blogged about that has multiple websites with fake porn websites that try to get you to install a codec.

/promo1/ Fake Adult-archive.net website

/promo2/ Fake porntube.com website

/promo3/ Fake scanning page

/promo4/ Fake sextube website

Whois entry for antivirus-protection-tools.com 78.129.166.166 (Registered 5/27/09)

antispyware-center.com
best-xmovies.com
fuck-me-pumps.com
hot-tube-tuberzzz.net
hot-xmovies.com
my-fuck-movies.com
niche-tube-videos-here.net
security-components.com
top-porn-tubes.com
tubes-xxx-movies.com
tubezzz-boobezzz.net
xtube-downloads.com
xtubes-xmovies.com
xxxtube-for-xxxtube.com
www.antispyware-center.com
www.antovirus-pro.com
www.free-xtubes-host.com
www.porn-hub-xmovies.com
www.porn-movies-central.com
www.top-porn-tubes.com

The referrer in this case was:

http://macrosoftwarego.com/go.php?id=2009-01&key=cd19f5036&p=1.

Whois entry for macrosoftwarego.com 83.133.123.140 (Registered 5/15/09)

advanedmalwarescanner.com
antiviruspaymentsystem.com
antivirusquickscanv1.com
live-payment-system.com
liveavantbrowser2.cn
macrosoftwarego.com

flash_player_plugin.exe
Result: 20/40 (50%)
MD5: 2f03c33b7a8b8a36a0aa1db7b1c78767
VirusTotal

27
May

Database Update: 27 files (Low Detection)

By djpnuemo Comments
Categories: Codec, Database Update, Low Detection, Malicious Domains, Malicious Links, Malware and Rogue Security Software

After missing yesterday, there are quite a few files to add to the database today.

WARNING: URL’s may still be active. Proceed at your own risk.

load.exe
Result: 6/40 (15%)
MD5: d2fc97f0abff58c67febdfd316b8aa81
VirusTotal
ThreatExpert Analysis
hxxp://leosex.org/nn/load.php?id=0

apphelph3.dll
Result: 10/40 (25%)
MD5: b24255ba9abd0ffb20bf3c1632fa652a
VirusTotal
ThreatExpert Analysis

sys.dat
Result: 9/40 (22.5%)
MD5: 096425a77beb21c9974d9c730e76b3fb
VirusTotal

0.pdf
Result: 11/40 (27.5%)
MD5: 7b49bb03b7bd72047edde2c06fe4e341
VirusTotal
Wepawet Analysis

antivirusdoktor.exe
Result: 12/40 (30%)
MD5: bb3d4e5ef9a29b1cfbc84be6b77ada04
VirusTotal
ThreatExpert Analysis
hxxp://antivirus-doktor.com/

softwarefortubeview.40014.exe
Result: 4/39 (10.26%)
MD5: 487a45b682c3d4343009bebf43d42796
VirusTotal
ThreatExpert Analysis
hxxp://exearchstortage.com/

4399.exe or msa.exe
Result: 5/39 (12.83%)
MD5: f3de94325135ce5603b0a63e9a3ff1ab
VirusTotal
ThreatExpert Analysis
hxxp://picturehappiness.com/werber/84107071646/216.jpg

8141.exe
Result: 2/40 (5%)
MD5: c59a91bbda095383b00ed793f61188bc
VirusTotal
ThreatExpert Analysis
hxxp://archiveexefiles09.com/

ip_fw.sys
Result: 0/39 (0%)
MD5:
VirusTotal
ThreatExpert Analysis

10244.exe
Result: 11/40 (27.5%)
MD5: 76bd2a4197bbc9d41f75b2cb0f5835ee
VirusTotal
ThreatExpert Analysis
hxxp://imageempires.com/perce/f5fc3272a4aa1a0b0d74417dd81c1d09785f0050ab8230d4fef948d02059a9185edc8ff884a2079e1/5410e06124f/perce.jpg

20361.exe
Result: 5/40 (12.5%)
MD5: 0d8b9162534ef511814ce0f8c05d36bb
VirusTotal
ThreatExpert Analysis
hxxp://imagescolor.com/item/e57c0242148a7afb7d74315d989cfdb9f8df40f05bf2f0f40e4908f0b039e9a8aefcefc87462b7fed/f4407091342/item.gif

msxml71.dll
Result: 2/40 (5%)
MD5: 68f09531c95d93ec556e1f9c3725987c
VirusTotal
ThreatExpert Analysis

pdfupd.exe
Result: 2/40 (5%)
MD5: 03d959dde5b7f9b9f62f12762ba72f43
VirusTotal
ThreatExpert Analysis
hxxp://bestlitediscover.cn:8080/load.php?id=0

digiwet.dll
Result: 1/39 (2.57%)
MD5: 5d01826fafef0d31afc5ae9901936b0a
VirusTotal
ThreatExpert Analysis

readme.pdf
Result: 9/40 (22.5%)
MD5: 3228c641929bb40475c44a26bda8531a
VirusTotal
Wepawet Analysis
hxxp://bestlitediscover.cn:8080/cache/readme.pdf

install.exe (System Security 2009)
Result: 9/40 (22.5%)
MD5: 32cb0a33cce480796d7e456edbeb074f
VirusTotal
ThreatExpert Analysis
hxxp://truesafetyweb.com/download.php?affid=19400

12390624.exe
Result: 5/39 (12.83%)
MD5: d13d31493b125c0ae50d0b3e40494555
VirusTotal
ThreatExpert Analysis

install.exe (Winwebsec)
Result: 7/40 (17.5%)
MD5: 026bd1e148156087359e8914bfd4259c
VirusTotal
ThreatExpert Analysis
hxxp://inityoursecurity.com/download.php

load.exe
Result: 12/40 (30%)
MD5: 3eba59eeb0972cd4968ac232d6ea9ef0
VirusTotal
ThreatExpert Analysis
hxxp://dom11z.cn/load.php?id=2

svchost.exe
Result: 30/40 (75%)
MD5: 628d213324e3e427a95e7daaf58dadf7
VirusTotal
ThreatExpert Analysis
hxxp://soft.qwr11mn.cn/cp/l/0/38166c504811c24e5d13d3d25b13eac2

svchost.exe
Result: 15/40 (37.5%)
MD5: a77f436dcb45e5020e289b421cd31cd3
VirusTotal
ThreatExpert Analysis
hxxp://soft.qwr11mn.cn/cp/l/1/2e8285d1a12eb79ec7c773fa18455708

amd64si.sys or ati64si.sys or ksi32sk.sys
Result: 18/40 (45%)
MD5: 141e855d7bc6bb2a315d804f6487cfee
VirusTotal
ThreatExpert Analysis

svchost.exe or services.exe
Result: 4/40 (10%)
MD5: 1088829ecdede6bfcc616fedb0543b07
VirusTotal
ThreatExpert Analysis
hxxp://soft.qwr11mn.cn/cp/l/2/b543959ae131338b82fc56b62b3914e8

svchost.exe or wininet.exe
Result: 35/40 (87.5%)
MD5: a4c6c8eb2d7f271ec603aa1442292f77
VirusTotal
ThreatExpert Analysis
hxxp://soft.qwr11mn.cn/cp/l/4/b3d285139cc6ca63f8a8ab0824feaa52

svshost.dll
Result: 32/40 (80%)
MD5: a8f817743e6f3ab85a81f91f85554c2d
VirusTotal
ThreatExpert Analysis

av.exe (Secure Antivirus Pro)
Result: 15/40 (37.5%)
MD5: 601620dc229478c0636574cb1f3304f4
VirusTotal
ThreatExpert Analysis
hxxp://dl.guarddog2009.com/

S0L1NG3N.exe
Result: 22/40 (55%)
MD5: c7f709c3d02a9e4d5cdec6b0c697b037
VirusTotal
ThreatExpert Analysis
hxxp://s0l1ng3n.com/Private-Section/Downloads/

25
May

Database Update: 17 files (Low Detection)

By djpnuemo Comments
Categories: Database Update, Low Detection, Malicious Domains, Malicious Links and Malware

Added to database today. Some nasty malware around the internet these days.

WARNING: URL’s may still be active. Proceed at your own risk!

update!!.exe
Result: 1/40 (2.50%)
MD5: 752c997a56b0b126de6eac328d5f4c29
VirusTotal
ThreatExpert Analysis
hxxp://contempt.fileave.com/

load.exe
Result: 2/40 (5.00%)
MD5: d0d3f4cbe5a9f0fb84e76ddd119ebd4d
VirusTotal
ThreatExpert Analysis
hxxp://litetopseeksite.cn:8080/load.php

digiwet.dll
Result: 4/39 (10.26%)
MD5: 3528f8479f7388045c1a08cdbcafeb53
VirusTotal
ThreatExpert Analysis

globo.exe
Result: 17/40 (42.50%)
MD5: f249bd9a03122dd88120cc106dd23db1
VirusTotal
ThreatExpert Analysis
hxxp://193.43.88.137/

ilss32.dll or log_s.png
Result: 10/40 (25%)
MD5: 9630b88f3b62a2432cb190821fa6fb5a
VirusTotal
ThreatExpert Analysis
hxxp://www.moltbedesigns.com/twittermeter/

install.exe (Internet Antivirus Pro)
Result: 16/40 (40.00%)
MD5: c4827fbff82c1e0334784107640121fe
VirusTotal
ThreatExpert Analysis
hxxp://note4scan.info/download/install.php

winlogon.exe
Result: 6/40 (15%)
MD5: 1ace9823a59b90c81c51c9d8cbaefd47
VirusTotal
ThreatExpert Analysis

InternetAntivirusPro.exe
Result: 1/40 (2.5%)
MD5: 84b6f791c8426928b5ec92b9146d998b
VirusTotal
ThreatExpert Analysis

23.exe
Result: 6/39 (15.39%)
MD5: 8cf2cd55c2fe1b0d2550262b1fc0366f
VirusTotal
ThreatExpert Analysis
hxxp://averi-idite-nah.com/

jfzvwahyrzz.sys (Rustock)
Result: 3/39 (7.7%)
MD5: d42340555c8068053b2e9abd0cefbb5f
VirusTotal
ThreatExpert Analysis

setup.exe or ld08.exe
Result: 23/35 (65.72%)
MD5: ca862aebcb4fa5681ba0613da39a79e0
VirusTotal
ThreatExpert Analysis
hxxp://72.26.145.118/

3zs9o6.exe (mebroot)
Result: 10/40 (25%)
MD5: 547c3ebc2086f05c7fea2847b8bac80f
VirusTotal
ThreatExpert Analysis
hxxp://cdouidmvif.com/cgi-bin/index.cgi?ZZMulkAVZzZZsZEZZMzClEkuuMZEZZZZZZZZZMkAOsOsFMZZZOZkZlZZZZZZZZZMZ0

52hxw.exe
Result: 14/40 (35%)
MD5: 86cab3dc8b9189339f43ab6a2b590d74
VirusTotal
ThreatExpert Analysis
hxxp://down.52hxw.com/52hxw.exe

malay.exe
Result: 4/40 (10%)
MD5: 9fce0b0f08b26a98682093c32773f676
VirusTotal
ThreatExpert Analysis
hxxp://nicozion001.net/cgi-bin/loader.cgi?file=usr/home/host1/ihackr.com/htdocs/download/

IEApplet.dll
Result: 2/39 (5.13%)
MD5: 2f9dc2883e0e4e9f8fa82513139d8a07
VirusTotal
ThreatExpert Analysis

Install_2018-2.exe (Personal Antivirus)
Result: 2/40 (5%)
MD5: 60a3183abfc39676f3078de1fe0763e1
VirusTotal
ThreatExpert Analysis
hxxp://malware-live-pro-scanv1.com/download/

4d0a1021b24909270ff548267b4c33cd.exe
Result: 20/39 (51.28%)
MD5: 4d0a1021b24909270ff548267b4c33cd
VirusTotal
ThreatExpert

24
May

Database Update: 23 files (Low/Moderate Detection)

By djpnuemo Comments
Categories: Database Update, Malicious Links and Malware

Files added to our database here at the end of the week.

WARNING: URL’s may still be active. Proceed at your own risk.

readme.pdf
Result: 11/40 (27.50%)
MD5: 28173ad2ee4dd72df7a3e859a931fdde
VirusTotal
Wepawet Analysis
hxxp://prostmirkost.net/next/cache/

load.exe
Result: 5/40 (12.50%)
MD5: 8aeb55b8b73802403a0687477f10e3a1
VirusTotal
ThreatExpert Analysis
hxxp://prostmirkost.net/next/load.php?id=0

pdf.pdf
Result: 3/34 (8.82%)
MD5: 8300a7db7bfb4c16db5369b31df9b06d
VirusTotal
hxxp://updatesoftwareserver.com/update/?d093eb78eeb8c74605d42cd76d23d15b

c.exe
Result: 21/40 (52.50%)
MD5: ffb00dca70a6204e8c748b2ba391e631
VirusTotal
ThreatExpert Analysis

10110314.exe
Result: 19/40 (47.50%)
MD5: 4335d9c6fc66729eb28baefe83ffa102
VirusTotal
ThreatExpert Analysis

90120306.exe
Result: 14/40 (35.00%)
MD5: e0916ab6afa6766e039ea3146f1109c7
VirusTotal
ThreatExpert Analysis

load.exe or e.exe
Result: 5/22 (22.73%)
MD5: deb932d537c4e63c7dc148b81e2789aa
VirusTotal
ThreatExpert Analysis
hxxp://kiskecaq.cn/pages/load.php?id=4

240.pdf
Result: 8/40 (20.00%)
MD5: 243be2bf9b95abfe59608bee963118ef
VirusTotal
hxxp://kiskecaq.cn/pages/

3e441f3ba804e4c6dcb9d9d0ca5d9cab.21.dll or m.dll
Result: 8/39 (20.51%)
MD5: ca52b4c5fc7c434dad49cce7c855d630
VirusTotal
ThreatExpert Analysis
hxxp://91.212.41.29/m2/

KB908562.exe
Result: 5/40 (12.50%)
MD5: 06d85761e5ff3f432d51d11e3ad11b84
VirusTotal
ThreatExpert Analysis
hxxp://lsiu.info/evo/getexe.exe?o=7&t=1243095081&i=1173083336&e=1

KB908698.exe
Result: 5/40 (12.50%)
MD5: c122fba043f461f5831c6e9155dd11ea
VirusTotal
ThreatExpert Analysis

info.pdf
Result: 11/40 (27.5%)
MD5: 9a5dd3fe70a7a8c1ebd1f71c5fcfaa0d
VirusTotal
Wepawet Analysis

load.exe or servises.exe
Result: 10/40 (25%)
MD5: db44669711389c6745968bfdb2cbdc7f
VirusTotal
ThreatExpert Analysis
hxxp://bikpakoc.cn/nuc/exe.php

zend.exe
Result: 22/40 (55%)
MD5: f3dc42f38cf0de6d4f0b9edd8fd29aba
VirusTotal
ThreatExpert Analysis
hxxp://fremoperka.com/embded/zend.php

loader.exe
Result: 15/40 (37.5%)
MD5: e45c639cd250c805ba921f5b7ca0a86a
VirusTotal
ThreatExpert Analysis
hxxp://basdzsdas.com/poker/

sdra64.exe
Result: 14/40 (35%)
MD5: 974529c8f024ebc27f75881ffd0b5789
VirusTotal
ThreatExpert Analysis

lsp.exe or userinit.exe
Result: 20/40 (50%)
MD5: f1c800638b3da692a0d33ba0a13ccacd
VirusTotal
ThreatExpert Analysis
hxxp://trucount3002.com/cgi-bin/promo.pl?code=0000276

mousehook.dll
Result: 13/40 (32.5%)
MD5: 5ae3a136f30e08e5763e5d7d175824ab
VirusTotal
ThreatExpert Analysis

ntdll64.dll
Result: 14/40 (35%)
MD5: 9fb3aa673c51c3c45dc2f17b61333a4e
VirusTotal
ThreatExpert Analysis

file.exe
Result: 26/40 (65%)
MD5: f5509233b54f065b8e913234c2f63944
VirusTotal
ThreatExpert Analysis
hxxp://82.98.235.173/

f.pdf
Result: 11/39 (28.21%)
MD5: a7c76ca3fb390c8175deb48441803fe1
VirusTotal
hxxp://124.217.238.162/

load.exe
Result: 4/40 (10%)
MD5: ae688ca204f05c59ab74a00f1d51d630
VirusTotal
ThreatExpert Analysis
hxxp://basdzsdas.com/neon/load.php?id=3

sdra64.exe
Result: 5/40 (12.5%)
MD5: 0f235b240ff2a7a50a2cc2578c58cc8f
VirusTotal
ThreatExpert Analysis

MD5:
VirusTotal
ThreatExpert Analysis

MD5:
VirusTotal
ThreatExpert Analysis

MD5:
VirusTotal
ThreatExpert Analysis

« Previous Entries
SANDBOX

SANDBOX ANALYSIS PAGE




 

May 2009
M T W T F S S
« Apr   Jun »
 123
45678910
11121314151617
18192021222324
25262728293031