Archive for the 'Low Detection' Category

13
Jul

New rogue domain: personalonlinescanv3.com

By djpnuemo Comments
Categories: Database Update, Low Detection, Malicious Domains and Malware

Whois entry for personalonlinescanv3.com 83.133.126.155
Name: Yuvaraj K Jothi
Address: 88, Periyar EVR High Road
City: Chennai
Province/state: Chennai
Country: IN
Postal Code: 600007

Setup-fdbd6_02012.exe
Result: 2/41 (4.88%)
MD5: eb0111f5fd11420d70988bc21dcda65a
VirusTotal
ThreatExpert Analysis
hxxp://personalonlinescanv3.com/download/

13
Jul

New malware domain: hotexefiles.com

By djpnuemo Comments
Categories: Database Update, Infection, Low Detection, Malicious Domains and Malware

hxxp://besttubetech.com/xplays.php?id=40014&name=sahel+kazemi+dui+video&hostingtype=vox&theme=trends&category=hottrends&from=videoplayer

Whois entry for hotexefiles.com 64.20.38.172
Susan Field (susfie16@gmail.com)
1059 Rubaiyat Road
Grand Rapids
Michigan,49503
US
Tel. +001.56578987654

onlinemovies.40014.exe
Result: 8/41 (19.52%)
MD5: 2e02ea10960799a78792e39f5498adb6
VirusTotal
ThreatExpert Analysis
hxxp://hotexefiles.com/

onlinemovies.40069.exe
Result: 2/40 (5%)
MD5: 35b979934376577e4429db4317e5184f
VirusTotal
ThreatExpert Analysis
hxxp://hotexefiles.com/

SIDE NOTE: There may be a misconception as to the purpose of these posts. It is not posting a NEW malware variant or NEW malware altogether. These posts are simply to show the new domain it has switched to. I include the the binary downloaded as additional information because we add it to our database. Because the person(s) involved will not respond to my emails, I posted here.

Let’s not make assumptions people.

10
Jul

New malware domain: exe-cosmos.com

By djpnuemo Comments
Categories: Database Update, Low Detection, Malicious Domains and Malware

hxxp://tubessite.com/xplays.php?id=40069

Whois entry for exe-cosmos.com 64.20.38.172
Jennifer Ket (jennifket@gmail.com)
1120 Broadway Avenue
Johnson City
Tennessee,37601
US
Tel. +001.43459898760

onlinemovies.40014.exe
Result: 3/41 (7.32%)
MD5: 64a411cce0da8680576a5314eb6ce8e0
VirusTotal
ThreatExpert Analysis
hxxp://exe-cosmos.com/

onlinemovies.40069.exe
Result: 3/41 (7.32%)
MD5: a8148ab3190ae2d5b2765b10ded7228b
VirusTotal
ThreatExpert Analysis
hxxp://exe-cosmos.com/

09
Jul

New malware domain: red-exe.com

By djpnuemo Comments
Categories: Database Update, Low Detection, Malicious Domains and Malware

hxxp://go-go-tube.com/xplays.php?id=40069

Whois entry for red-exe.com 64.20.38.172
Tasha Chambers (tashcham@gmail.com)
2520 North Street
Kearns
Utah,84118
US
Tel. +001.98985647689

onlinemovies.40069.exe
Result: 0/40 (0%)
MD5: 39c1a48433c6de8c08d75926cb468d20
VirusTotal
ThreatExpert Analysis
hxxp://red-exe.com/

onlinemovies.40014.exe
Result: 0/40 (0%)
MD5: a24bcd49eb5d266d11fb2883a203ef76
VirusTotal
ThreatExpert Analysis
hxxp://red-exe.com/

09
Jul

Rogue domain: securedvirusscan.com

By djpnuemo Comments
Categories: Database Update, Low Detection, Malicious Domains and Malware

Whois entry for securedvirusscan.com 69.4.230.205
Privat person
Aleksandr Rozanov adsff@freebbmail.com
+74952783441 fax: +74952783441
ul. Peshkova 29-52
Moskva Moskovskay oblast 126106
ru

Setup-4e45_02022.exe
Result: 0/40 (0%)
MD5: abc17998e1b33fe99f60497010028523
VirusTotal
ThreatExpert Analysis
hxxp://securedvirusscan.com/download/

08
Jul

Multiple domains targeting pornographic videos distributing malware codec

By djpnuemo Comments
Categories: Codec, Database Update, Infection, Low Detection, Malicious Domains and Malware

Found these sites today while browsing on Google Video.  This redirection is triggered from having a video.google.com referrer and pushes the user through a few domains to redirect and download content.  It may be triggered by other video sites as well.  This is offering an HD codec for flash player and features a cute installation process when you visit the site.

hxxp://best.viralprn.net
Redirects to
hxxp://only.hdpornr.net
Loads files from
hxxp://tvcodec.net

Whois entry for viralprn.net 88.80.19.191

Whois entry for hdpornr.net 195.95.151.178

Whois entry for tvcodec.net 91.194.10.60
PrivacyProtect.org
Domain Admin (contact@privacyprotect.org)
P.O. Box 97
Note – All Postal Mails Rejected, visit Privacyprotect.org
Moergestel
null,5066 ZH
NL
Tel. +45.36946676

Whois entry for hdenabled.com 213.163.66.241

Flash.Player.HD.v10.0.exe
Result: 12/41 (29.27%)
MD5: 947828203c38f7cc2e98277076b747a0
VirusTotal
ThreatExpert Analysis
hxxp://hdenabled.com/download/5a6a576343673d3d050cf77920090701/

08
Jul

New malware domain: exe-site.com

By djpnuemo Comments
Categories: Codec, Database Update, Low Detection, Malicious Domains and Malware

hxxp://go-go-tube.com/xplays.php?id=40069

Whois entry for exe-site.com exe-site.com
Queenie Ziegler (queeziegl@gmail.com)
4806 Green Avenue
Fremont
California,94536
US
Tel. +001.34980976583

streamviewer.40069.exe
Result: 0/40 (0%)
MD5: 7f14d9626761ac467f85b542028259e3
VirusTotal
ThreatExpert Analysis
hxxp://exe-site.com/

08
Jul

Rogue domain: advanedspywarescan.com

By djpnuemo Comments
Categories: Database Update, Infection, Low Detection, Malicious Domains and Malware

Whois entry for advanedspywarescan.com 78.46.251.41, 83.133.126.155, 94.102.48.29, 69.4.230.205
Privat person
Mikhail Peshkov xors678@freebbmail.com
+74952783440 fax: +74952783440
ul. Rozanova 28-51
Moskva Moskovskay oblast 126105
ru

Setup-27a_02022.exe
Result: 0/41 (0.00%)
MD5: a778ceee0fa0161bf77fa318fa3f1a51
VirusTotal
ThreatExpert Analysis
hxxp://advanedspywarescan.com/download.php?id=2022
hxxp://advanedspywarescan.com/download/

« Previous Entries


 

March 2010
M T W T F S S
« Jul    
1234567
891011121314
15161718192021
22232425262728
293031