Whois entry for personalonlinescanv3.com 83.133.126.155
Name: Yuvaraj K Jothi
Address: 88, Periyar EVR High Road
City: Chennai
Province/state: Chennai
Country: IN
Postal Code: 600007
Setup-fdbd6_02012.exe
Result: 2/41 (4.88%)
MD5: eb0111f5fd11420d70988bc21dcda65a
VirusTotal
ThreatExpert Analysis
hxxp://personalonlinescanv3.com/download/
hxxp://besttubetech.com/xplays.php?id=40014&name=sahel+kazemi+dui+video&hostingtype=vox&theme=trends&category=hottrends&from=videoplayer
Whois entry for hotexefiles.com 64.20.38.172
Susan Field (susfie16@gmail.com)
1059 Rubaiyat Road
Grand Rapids
Michigan,49503
US
Tel. +001.56578987654
onlinemovies.40014.exe
Result: 8/41 (19.52%)
MD5: 2e02ea10960799a78792e39f5498adb6
VirusTotal
ThreatExpert Analysis
hxxp://hotexefiles.com/
onlinemovies.40069.exe
Result: 2/40 (5%)
MD5: 35b979934376577e4429db4317e5184f
VirusTotal
ThreatExpert Analysis
hxxp://hotexefiles.com/
SIDE NOTE: There may be a misconception as to the purpose of these posts. It is not posting a NEW malware variant or NEW malware altogether. These posts are simply to show the new domain it has switched to. I include the the binary downloaded as additional information because we add it to our database. Because the person(s) involved will not respond to my emails, I posted here.
Let’s not make assumptions people.
hxxp://tubessite.com/xplays.php?id=40069
Whois entry for exe-cosmos.com 64.20.38.172
Jennifer Ket (jennifket@gmail.com)
1120 Broadway Avenue
Johnson City
Tennessee,37601
US
Tel. +001.43459898760
onlinemovies.40014.exe
Result: 3/41 (7.32%)
MD5: 64a411cce0da8680576a5314eb6ce8e0
VirusTotal
ThreatExpert Analysis
hxxp://exe-cosmos.com/
onlinemovies.40069.exe
Result: 3/41 (7.32%)
MD5: a8148ab3190ae2d5b2765b10ded7228b
VirusTotal
ThreatExpert Analysis
hxxp://exe-cosmos.com/
hxxp://go-go-tube.com/xplays.php?id=40069
Whois entry for red-exe.com 64.20.38.172
Tasha Chambers (tashcham@gmail.com)
2520 North Street
Kearns
Utah,84118
US
Tel. +001.98985647689
onlinemovies.40069.exe
Result: 0/40 (0%)
MD5: 39c1a48433c6de8c08d75926cb468d20
VirusTotal
ThreatExpert Analysis
hxxp://red-exe.com/
onlinemovies.40014.exe
Result: 0/40 (0%)
MD5: a24bcd49eb5d266d11fb2883a203ef76
VirusTotal
ThreatExpert Analysis
hxxp://red-exe.com/
Whois entry for securedvirusscan.com 69.4.230.205
Privat person
Aleksandr Rozanov adsff@freebbmail.com
+74952783441 fax: +74952783441
ul. Peshkova 29-52
Moskva Moskovskay oblast 126106
ru
Setup-4e45_02022.exe
Result: 0/40 (0%)
MD5: abc17998e1b33fe99f60497010028523
VirusTotal
ThreatExpert Analysis
hxxp://securedvirusscan.com/download/
Found these sites today while browsing on Google Video. This redirection is triggered from having a video.google.com referrer and pushes the user through a few domains to redirect and download content. It may be triggered by other video sites as well. This is offering an HD codec for flash player and features a cute installation process when you visit the site.
hxxp://best.viralprn.net
Redirects to
hxxp://only.hdpornr.net
Loads files from
hxxp://tvcodec.net
Whois entry for viralprn.net 88.80.19.191
Whois entry for hdpornr.net 195.95.151.178
Whois entry for tvcodec.net 91.194.10.60
PrivacyProtect.org
Domain Admin (contact@privacyprotect.org)
P.O. Box 97
Note – All Postal Mails Rejected, visit Privacyprotect.org
Moergestel
null,5066 ZH
NL
Tel. +45.36946676
Whois entry for hdenabled.com 213.163.66.241
Flash.Player.HD.v10.0.exe
Result: 12/41 (29.27%)
MD5: 947828203c38f7cc2e98277076b747a0
VirusTotal
ThreatExpert Analysis
hxxp://hdenabled.com/download/5a6a576343673d3d050cf77920090701/
hxxp://go-go-tube.com/xplays.php?id=40069
Whois entry for exe-site.com exe-site.com
Queenie Ziegler (queeziegl@gmail.com)
4806 Green Avenue
Fremont
California,94536
US
Tel. +001.34980976583
streamviewer.40069.exe
Result: 0/40 (0%)
MD5: 7f14d9626761ac467f85b542028259e3
VirusTotal
ThreatExpert Analysis
hxxp://exe-site.com/
hxxp://browsersecurityinfo.com
Redirects to
hxxp://ieprotectionlist.com/2/
Redirects to
hxxp://bennysaintscathedral.com/buy.php?nh=1&id=
Redirects to
hxxp://secure.buysecuritysoftwareonline.com/buy.php?nh=1&id=
Whois entry for browsersecurityinfo.com 83.133.123.113
Name: Gupta C Deepak
Address: 580 Booth
City: Edmonton
Province/state: AB
Country: CA
Postal Code: 787843
Whois entry for ieprotectionlist.com 83.133.123.109
Name: Van M Jane
Address: Rod. 5C 41 – Km. 4,8
City: Santa Catarina
Province/state: Santa Catarina
Country: BR
Postal Code: 88122
Whois entry for bennysaintscathedral.com 83.133.123.113
Name: Gayao M Mel
Address: 16-18 Kingsley Close
City: Melbourne
Province/state: Melbourne
Country: RU
Postal Code: 31781
Whois entry for buysecuritysoftwareonline.com 83.133.123.109
Name: Rauf K Abdur
Address: 79-E, Al-Rehman Chamber
City: Islamabad
Province/state: Islamabad
Country: PK
Postal Code: 53241
