Known malware IP address.
http://antivirus-2009-ppro.com/disk/?code=585
Whois entry for antivirus-2009-ppro.com 91.212.65.29
Organization : Xing
Name : Cheng
Address : quio av. 12
City : Shanghai
Province/State : beijing
Country :
Postal Code : 852586
setup.exe (Rogue: Advanced Virus Remover)
Result: 3/40 (22.5%)
MD5: 70ede29145cedd7d57f672ade7b6d4ce
VirusTotal
ThreatExpert Analysis
hxxp://antivirus-2009-ppro.com/cgi-bin/setup.pl?code=585
This was found from a known malware codec website.
http://hi-my-tube.com/xplays.php?id=40014&name=david+carradine
Whois entry for my-exe-work.com 66.197.171.6
Scott Bradford (scttbrdfrd08@gmail.com)
4921 Oakridge Lane
Macon
Guam,31206
US
Tel. +001.97094875848
streamviewer.40014.exe
Result: 5/40 (22.5%)
MD5: 7dafe64e443f60b9f512cd9d1526a595
VirusTotal
ThreatExpert Analysis
hxxp://my-exe-work.com/streamviewer.40014.exe
On a known malware IP address.
http://bitsecuritycenter.com/index.php?affid=08045
Whois entry for bitsecuritycenter.com 209.44.126.241
PrivacyProtect.org
Domain Admin (contact@privacyprotect.org)
P.O. Box 97
Note – All Postal Mails Rejected, visit Privacyprotect.org
Moergestel
null,5066 ZH
NL
Tel. +45.36946676
install.exe (Rogue: System Security 2009)
Result: 10/40 (22.5%)
MD5: b4193de844f6700da31aa3be5b40c390
VirusTotal
ThreatExpert Analysis
hxxp://bitsecuritycenter.com/download.php?affid=08045
From the search result, the user is sent to the goldeninternetsites.com and then to the rogue domain.
http://goldeninternetsites.com/go.php?id=2009-01&key=cd19f5036&p=1
http://bestantiviruscheck2.com/1/?id=2009-1&smersh=9a049eefc&back=%3DDQ31zD3NUQMMI%3DO
Whois entry for bestantiviruscheck2.com 83.133.115.9
Name: Gray A Vincent
Address: 1112 16th Street
City: Washington
Province/state: Columbia
Country: US
Postal Code: 20036
amigos24.net
anti-malware-internet-scanv3.com
antimalware-live-scanv3.com
antimalware-online-scanv3.com
antimalwareinternetproscanv3.com
antimalwareinternetscannerv3.com
antimalwareonlinescannerv3.com
antivirusquickscanv1.com
freeantispywarescan2.com
fullantispywarescan.com
mail.amigos24.net
mail.paul-schoenle.com
mail.paul-schoenle.org
mail.tallinnblog.org
malwareliveproscannerv1.com
paul-schoenle.com
premiumlivescanv1.com
pricelessfinish.cn
proantivirusscanv3.com
savemypcnowv1.com
t529.1paket.com
vrusstatuscheck.com
worldofwarcry.cn
Whois entry for goldeninternetsites.com 83.133.123.140
Name: Faulhaber Q Mary
Address: 101 College St
City: Toronto
Province/state: Toronto
Country: CA
Postal Code: 424652
allinternetfreebies.com
antiviruspaymentsystem.com
antivirusquickscanv1.com
awardspacelooksbig.us
bestbuysoftwaresystem.com
homeandofficefun.com
live-payment-system.com
liveavantbrowser2.cn
momentstohaveyou.cn
privateaolemail.cn
ramazottieldorado.cn
t490.1paket.com
Setup-5c76_02009-1.exe
Result: 5/40 (22.5%)
MD5: 46e0425c975eb54d574fa37f489adebe
VirusTotal
ThreatExpert Analysis
hxxp://bestantiviruscheck2.com/download/Setup-5c76_02009-1.exe
Whois entry for super-antiviral-scan.com 64.191.102.135
Scott Bradford (scttbrdfrd08@gmail.com)
4921 Oakridge Lane
Macon
Guam,31206
US
Tel. +001.97094875848
antivir-scanner-4free.com
www.antivir-scanner-4free.com
Whois entry for fast-exe-load.com 66.197.171.6
Scott Bradford (scttbrdfrd08@gmail.com)
4921 Oakridge Lane
Macon
Guam,31206
US
Tel. +001.97094875848
exe-file-boom.com
exe-web-files.com
my-exe-profile.com
web-exe-depositary.com
av-scanner.48283.exe
Result: 3/40 (22.5%)
MD5: 78a3631fbc7d93ce07c33233416a2176
VirusTotal
ThreatExpert Analysis
hxxp://fast-exe-load.com/av-scanner.48283.exe
