Rootkit | Malware Database

Archive for the 'Rootkit' Category

May

Database Update: 28 files (Low Detection)

By djpnuemo 0 Comments

Categories: Database Update, Malicious Domains, Malicious Links, Malware and Rootkit

More files added to the database for today. Most files have very low detection rates unfortunately.

WARNING: URL’s may still be active. Proceed at your own risk!

install_flash_player.exe
Result: 18/40 (45%)
MD5: 1b0cd65c299bf6a212e7d034d7f35ab9
VirusTotal
ThreatExpert

winfokevipuva9.exe
Result: 11/40 (27.5%)
MD5: 026779ee56b685d752b3f30a78166df0
VirusTotal
ThreatExpert

Owner.exe
Result: 26/39 (66.67%)
MD5: 5efd4aabad66e3192fdb2c7c42635f61
VirusTotal
ThreatExpert

sfcfiles.dll
Result: 10/40 (25%)
MD5: 533f33fecc9459d3c21581a89b11174a
VirusTotal
ThreatExpert

Dropper_3.exe
Result: 14/40 (35%)
MD5: e5a139e924a58c3eb94df7ce537115d3
VirusTotal
ThreatExpert

1.exe
Result: 14/40 (35%)
MD5: d708b70ffc8e439b143d2b3ec246a470
VirusTotal
ThreatExpert

twex.exe
Result: 9/40 (22.5%)
MD5: a42c0a1970c61189ff8245e10897c768
VirusTotal
ThreatExpert

15.05-fuck.exe
Result: 2/39 (5.13%)
MD5: 52feb65af86e2047ea7cdd47594b45b4
VirusTotal
ThreatExpert
hxxp://buzizoo2.com

hcewgfbpjaag.sys (Rustock)
Result: 2/40 (5.00%)
MD5: a9358c7ecf744e136341eb80641705d4
VirusTotal
ThreatExpert

main_.exe
Result: 4/39 (10.26%)
MD5: 58e243072dbe8a2809bb4e7ee9f96494
VirusTotal
ThreatExpert
hxxp://091809.ru

load.exe
Result: 8/39 (20.52%)
MD5: ccd860384cedf30dba0576601b6e51f8
VirusTotal
ThreatExpert
hxxp://numbersbulk.cn/load.php?id=5

odb.exe
Result: 5/40 (12.5%)
MD5: 007c818af7de303943ad5d3128fc6d23
VirusTotal
ThreatExpert

lsass.exe
Result: 4/39 (10.26%)
MD5: 8639079b90993a8fb19de06ffb9e9de8
VirusTotal
ThreatExpert

svc.exe
Result: 6/40 (15%)
MD5: ecb9c1380dfab37f988f2eef2a9d601e
VirusTotal
ThreatExpert

adsmsextb.exe
Result: 7/39 (17.95%)
MD5: 80d5f388c607ca32f348d14ab9fb223e
VirusTotal
ThreatExpert

ntos.exe
Result: 5/39 (12.83%)
MD5: 89090c4df5990be3218e1dce09fa7b0a
VirusTotal
ThreatExpert

6_ldr.exe
Result: 7/40 (17.5%)
MD5: 4c97e7bed4de49a0746654d7ae0c804c
VirusTotal
ThreatExpert

4_pinnew.exe
Result: 7/40 (17.5%)
MD5: 4f54774b3c191dde87b9704fc1e33cb1
VirusTotal
ThreatExpert

1_dropper_other.exe
Result: 12/40 (30%)
MD5: 2d58f0a5c82a7ea15be987232d6211a3
VirusTotal
Anubis Analysis

96995616.exe
Result: 4/40 (10%)
MD5: ef8d640cc299d1ee1c84ccf60ba5c57e
VirusTotal
ThreatExpert

load.exe (servises.exe)
Result: 4/39 (10.26%)
MD5: 9e16ba7ba6be34089e12f21441958261
VirusTotal
ThreatExpert
hxxp://popyodiw.cn/s/in.cgi?10 redirects to hxxp://hifgejig.cn/nuc/index.php redirects to hxxp://hifgejig.cn/nuc/exe.php

1.pdf (Pdfka)
Result: 4/40 (10%)
MD5: f29098f0b2a63103532436dd2742673d
VirusTotal

adobe_flash_player_v10.0.22.87.exe
Result: 4/40 (10%)
MD5: cb5e8239e4165f00b20d6528a8d00135
VirusTotal
ThreatExpert

PluginVideo.exe
Result: 4/40 (10%)
MD5: 922bbb339dc1d3fc9acc857fb56f919a
VirusTotal
Anubis Analysis

postais.net.exe
Result: 22/40 (55%)
MD5: a2b225b715d701cd925aadcc2c2efac2
VirusTotal
ThreatExpert

titulos_clis.exe
Result: 13/40 (32.5%)
MD5: be27cb58b67f1fc24b3f82964245d89f
VirusTotal
ThreatExpert

metis_teaser.exe
Result: 13/40 (32.5%)
MD5: d932e57c91a77b15cfa5cbd7bdc4e1f5
VirusTotal
Anubis Analysis

ActiveX.exe
Result: 17/40 (42.50%)
MD5: f35f15300f1149f984ba044ed286c58b
VirusTotal
ThreatExpert

May

Database Update: 14 files (Low/Moderate Detection)

By djpnuemo 0 Comments

Categories: Database Update, Infection, Low Detection, Malicious Links, Malware, Malware Distribution, Rogue Security Software, Rogue Software and Rootkit

Another database update of files for today. These are a few gathered today with lower detection rates. If you would like access to the files we have in our database, please visit the FAQ.

WARNING: URL’s may still be active. Proceed at your own risk!

c.exe
Result: 15/40 (37.5%)
MD5: 947bc1a7ea205c0396ea8b4f5e04d041
VirusTotal
ThreatExpert

shell32.dll
Result: 6/40 (15%)
MD5: 89943d910d05a45576e1f0d1003f5021
VirusTotal
ThreatExpert

install.exe (System Security 2009)
Result: 8/38 (21.06%)
MD5: a31ee7f96dbea454952aebcf76c766ca
VirusTotal
ThreatExpert
hxxp://hd.sbells.info/pcxp.php redirects to hxxp://axmell.info/out.php?p=pcxp redirects to hxxp://futureinternetsecurity.com/hitin.php?land=20&affid=09300 redirects to hxxp://futureinternetsecurity.com/index.php?affid=09300

60609529.exe
Result: 7/40 (17.5%)
MD5: 50e9879c9605d4baa85c03d05f000ed4
VirusTotal
ThreatExpert

10589534.exe
Result: 6/40 (15%)
MD5: 5e5237cfb060be24d4e905766300fc70
VirusTotal
ThreatExpert

avi.exe (winpc defender)
Result: 22/40 (55%)
MD5: 61065fcce2ef9910b4c073ec415fc4b1
VirusTotal
ThreatExpert
hxxp://eurorem2009.ru/

ieocx.dll
Result: 11/39 (28.21%)
MD5: a10e6205c62802ad7c472bd5d003cb4a
VirusTotal
ThreatExpert

autochk.dll
Result: 27/40 (67.5%)
MD5: 87a2583de6f6fbb5104e0433e89b1bcf
VirusTotal
ThreatExpert

exe.exe (sinowal/mebroot)
Result: 13/40 (32.5%)
MD5: ba1f006b05e898c0e4a61458cd981870
VirusTotal
ThreatExpert
hxxp://hiyuxngvif.com/cgi-bin/index.cgi?ECVCEzzEZzZZsZrZZMzClEkuuMZEZZZZZZZZZMMkVkuukZZZZzZkZlZZZZZZZZzOZ

5D.tmp
Result: 14/40 (35%)
MD5: 57a3ab03d67ef939893ec3c0b080b79d
VirusTotal

is.jpg (virtumonde)
Result: 15/40 (37.5%)
MD5: 0b9eb8391474d131510457354f69a2de
VirusTotal
ThreatExpert
hxxp://facebook-gallery.net

popeyuwi.dll
Result: 11/40 (27.5%)
MD5: 1bdcc59a49d3e9b54c32654a289511e1
VirusTotal
ThreatExpert

yofiyuya.dll
Result: 11/40 (27.5%)
MD5: d3b1e08f356bb2c00994a29170d52973
VirusTotal
ThreatExpert

kamujibi.dll
Result: 11/40 (27.5%)
MD5: 0b03e806c5e2ec821f6dcb57f044664c
VirusTotal
ThreatExpert

May

Database Update: 7 files (Low Detection)

By djpnuemo 0 Comments

Categories: Database Update, Rogue Software and Rootkit

Here is another smaller update of files that have a lower detection rate.

WARNING: All URL’s may still be active. Proceed at your own risk.

socksbot.exe
Result: 7/39 (17.95%)
MD5: a9455a0992c46645b46977f368107f94
VirusTotal
Anubis
hxxp://greatjobdealuk.info/isp/upload

install.exe (tdss)
Result: 5/40 (12.5%)
MD5: 61cfcf7d5bd0bdbc20d10e758d3c27a7
VirusTotal
ThreatExpert
hxxp://islandtravet.cn/in.cgi?6 redirects to hxxp://nextfreedollar.com/in.cgi?6 redirects to hxxp://goelitescan.com/?uid=12727 redirects to hxxp://scanstar4.info/?uid=12727

winlogon.exe
Result: 5/39 (12.83%)
MD5: e6fadeef4756e4400950ff3f68cfff7e
VirusTotal
ThreatExpert

services.exe
Result: 4/39 (10.26%)
MD5: 4b28aee52f37489ac20b41a9f1e81b2e
VirusTotal
ThreatExpert

gbspv_plugin.exe
Result: 14/39 (35.9%)
MD5: 4f2030f6114f40c05ecae08b0f54c3f0
VirusTotal
Anubis
hxxp://61.180.154.201/www.bradesco.com.br/seguranca/download

file.exe (installs rootkit)
Result: 6/40 (15%)
MD5: 9c7108673d8092472a55c8cd2ac8e6d9
VirusTotal
Anubis
hxxp://sdfv-programs.com
hxxp://sgh-topprograms.com

NameServer(s): ns1.sdfv-programs.com & ns2.sdfv-programs.com
Other domains that share the same NS that are not accessible as of now: hxxp://kxc-softwaresportal.com | hxxp://cls-softwares.com | hxxp://slk-softwareportal.com

ip_fw.sys
Result: 8/39 (20.52%)
MD5: ae46124499ac8b85299fd4a7f9353acf
VirusTotal

May

Database Update: 12 Files (Moderate Detection)

By djpnuemo 0 Comments

Categories: Database Update, Infection, Malicious Domains, Malicious Links, Malware, Malware Distribution, Rogue Security Software, Rogue Software and Rootkit

A small update for today of files that have been online for the past few days so the detection rates are moderate.

WARNING: URL’s may still be live. Proceed at your own risk.

setup.exe (koobface)
Result: 22/40 (55%)
MD5:ba5d638275b715fe7834c71955447ca0
VirusTotal
ThreatExpert
hxxp://jii.be/fds/in.cgi?20

install.exe (fakealert)
Result: 13/40 (32.5%)
MD5: 9eeaf5611cd4beae23a5ddd7c33a4a7c
VirusTotal
ThreatExpert
hxxp://greatscansecurity.com/index.php?affid=08030

softwarefortubeview.40014.exe (waledac)
Result: 20/40 (50%)
MD5: a248abe8299564327d4dc1275316b370
VirusTotal
ThreatExpert
hxxp://my-tube-zone.com/xplays.php?id=40014&name=1 redirects to
hxxp://slk-softwareportal.com/softwarefortubeview.40014.exe

file.exe (wlord)
Result: 21/40 (52.5%)
MD5: 80b259ed2141a1457092b0cf0ec8791d
VirusTotal
ThreatExpert
hxxp://file-system.biz

1-1.pdf
Result: 14/40 (35.00%)
MD5: 8ec93dd5f15b4f2db875e391c98becd0
VirusTotal
hxxp://zusojbktvo.cn/1.pdf

FlashPlayer.exe (alureon/dnschanger)
Result: 9/39 (23.08%)
MD5: 7016504876ed16f76abddcefac4ea485
VirusTotal
ThreatExpert
hxxp://bestxmovs.info redirects to
hxxp://tourdo.net/download/5765434374673d3d82789d4820090505/FlashPlayer.exe

wJQs.exe
Result: 6/40 (15%)
MD5: 84df1282446c32701df8625dd361e938
VirusTotal
ThreatExpert
hxxp://visitcouns.com/?

svchost32.exe (tdss)
Result: 18/40 (45%)
MD5: 71c7265e9ae9791238cb9ad5075c5b86
VirusTotal
ThreatExpert

winav.exe (fakeav)
Result: 10/40 (25%)
MD5: d4d93f65f663188131c27503c54cdc69
VirusTotal
ThreatExpert
hxxp://winbestsoftdownload.com/winav.exe

readme.pdf (exploit.pdf-js)
Result: 13/40 (32.5%)
MD5: 475783198512313f722925826dc9f763
VirusTotal
hxxp://nonfatautobest.cn/ts/in.cgi?mozila13 redirects to hxxp://litetopdetect.cn/cache/readme.pdf

pdf.pdf (exploit.pdf-js)
Result: 13/40 (32.5%)
MD5: 0ed90bf71f6cbf846771c4536cb6c29b
VirusTotal
hxxp://nicdaheb.cn/nuc/spl/pdf.pdf

file.exe (tdss)
Result: 30/40 (75%)
MD5: c58a98b33e9f37b34b3ef470d66f0a24
VirusTotal
ThreatExpert
hxxp://xoomer.virgilio.it/irbray/file.exe

Nov

Database Update – 16 Files (Low-Moderate Detection)

By djpnuemo 0 Comments

Categories: Database Update, Infection, Low Detection, Malicious Domains, Malicious Links, Malware, Malware Distribution, Rogue Security Software, Rogue Software and Rootkit

Another update for tonight. Should have more over the weekend. Find them in /pnuemo-malware/.

BE ADVISED: These URL’s may still be active. Proceed at your own risk!

services.exe
Result: 19/36 (52.78%)
MD5: c629db60a9a5d7303419b5153d3e9b0b
VirusTotal
ThreatExpert Analysis

nd82m0.dll
Result: 5/36 (13.89%)
MD5: d6f2135dc562c7d4992cf2cea2166707
VirusTotal
ThreatExpert Analysis
hxxp://85.17.166.182

kb600179.dll
Result: 5/36 (13.89%)
MD5: f946f8c3de445d45c7eb34591bee037b
VirusTotal
ThreatExpert Analysis
hxxp://89.188.16.30

setup_457_6777_.exe
Result: 1/36 (2.78%)
MD5: e9339f9045368947789ec70739de4b21
VirusTotal
ThreatExpert Analysis
hxxp://files.download-antispyware.com

scanner_457_6777_.exe
Result: 16/36 (44.44%)
MD5: e0f855c6c5fc93f0a8ed1fe9e702e492
VirusTotal
ThreatExpert Analysis
hxxp://dl.storage-antispyware.com/get/

42.exe
Result: 4/36 (11.12%)
MD5: f5201b9e77b7b31443b4e0e6190e219f
VirusTotal
ThreatExpert Analysis
hxxp://85.92.157.141/mxlivemedia/

msansspc.dll
Result: 6/36 (16.67%)
MD5: 3cc545e42b9bb14df4a63f2a37aebdb0
VirusTotal
ThreatExpert Analysis

mvnzivtlmzhxi.dll
Result: 7/36 (19.45%)
MD5: 7614e7448f1983b9641e9699f67576a4
VirusTotal
ThreatExpert Analysis

pdf.pdf
Result: 6/36 (16.67%)
MD5: a3f83503a165a19c4b01328463175cd7
VirusTotal
hxxp://activision.cc/1/spl

twext.exe
Result: 11/36 (30.56%)
MD5: 5767c816cb20753976df2edb60eaf448
VirusTotal
ThreatExpert Analysis

load.exe
Result: 12/36 (33.34%)
MD5: 9b467bdc6dd1b3e68651b7039cd373c8
VirusTotal
ThreatExpert Analysis
hxxp://activision.cc/1/

xcvb.pdf
Result: 4/36 (11.12%)
MD5: e3b86145de00ebfab3e3159d24b81104
VirusTotal
hxxp://91.203.92.137/xcv/

install.exe
Result: 16/36 (44.45%)
MD5: 0869881865032bd1b3b08d82e5e4f404
VirusTotal
ThreatExpert Analysis
hxxp://91.203.92.137/xcv/

beep.sys & figaro.sys
Result: 29/36 (80.56%)
MD5: c4618f889863b5aa357f5f5ba8f353d6
VirusTotal
ThreatExpert Analysis

brastk.exe
Result: 14/36 (38.89%)
MD5: 0d63a88fdb4259de8280f8bb7d78ec35
VirusTotal
ThreatExpert Analysis

KB908268.exe
Result: 7/36 (19.45%)
MD5: 504eb66e741186a61792862f0a83ff82
VirusTotal
ThreatExpert Analysis
hxxp://76.74.239.143/weruoiq/

msansspc.dll
Result: 6/36 (16.67%)
MD5: 3cc545e42b9bb14df4a63f2a37aebdb0
VirusTotal
ThreatExpert Analysis

Nov

Database Update – 13 Files (Low-Moderate Detection)

By djpnuemo 0 Comments

Categories: Database Update, Low Detection, Malicious Domains, Malware and Rootkit

Only a smaller update today. Files available in /pnuemo-malware/. The installers I’ve been collecting are getting nastier and nastier. Keep everything updated!

xloader.exe
Result: 6/36 (16.67%)
MD5: efe48c6ea123b7d5a07f1beaf4b9efb1
VirusTotal
ThreatExpert Analysis
hxxp://adwords.google.com.upload.main.update.kliauj.cn

winlogon.exe
Result: 5/36 (13.89%)
MD5: 6c161cf9aefd577235547a0514ea7336
VirusTotal
ThreatExpert Analysis

brastk.exe
Result: 23/36 (63.89%)
MD5: 89bbe87df33a7722ce6bc890023a82c0
VirusTotal
ThreatExpert Analysis

uesiuqcr.exe & svchost.exe
Result: 14/36 (38.89%)
MD5: f74dc617cec41d36aca9ffc793add258
VirusTotal
ThreatExpert Analysis

getfn32.dll
Result: 6/36 (16.67%)
MD5: 98c8c4cc9ae42cbd630fc8c1aec50a50
VirusTotal
ThreatExpert Analysis

smwin32.dll
Result: 6/36 (16.67%)
MD5: 47c4fa178eefe5379856c7d35e953acd
VirusTotal
ThreatExpert Analysis

beep.sys
Result: 32/36 (88.89%)
MD5: e2bba2140204d6e4134828445a9c486c
VirusTotal
ThreatExpert Analysis

svchost.exe
Result: 19/36 (52.78%)
MD5: 57841b5c7ed709f6b5ff0027c014083b
VirusTotal
ThreatExpert Analysis

svchost.exe
Result: 24/36 (66.67%)
MD5: 26fafa838db23646661bfde34b537059
VirusTotal
ThreatExpert Analysis

l.exe
Result: 12/36 (33.34%)
MD5: 3f052a786ef71d4d9368732f9d25bfdf
VirusTotal
ThreatExpert Analysis
hxxp://worldfirefighter.com/wellstonfd

LDR24.tmp
Result: 18/36 (50%)
MD5: bd336a1191044325d0165b70fecc5520
VirusTotal
ThreatExpert Analysis

svchost.exe
Result: 17/36 (47.23%)
MD5: ff22b4365b9d2f8b8940c1558c82effd
VirusTotal
ThreatExpert Analysis

KB908995.exe (TDSServ Rootkit)
Result: 6/36 (16.67%)
MD5: 942aa524ab0de25a6750c5e9772fa387
VirusTotal
ThreatExpert Analysis
hxxp://google-analyze.cn

SANDBOX

SANDBOX ANALYSIS PAGE

Malware Database

Archive for the 'Rootkit' Category

Database Update: 28 files (Low Detection)

Database Update: 14 files (Low/Moderate Detection)

Database Update: 7 files (Low Detection)

Database Update: 12 Files (Moderate Detection)

Database Update – 16 Files (Low-Moderate Detection)

Database Update – 13 Files (Low-Moderate Detection)

Search

Recent Posts

Categories

Archives

Blogroll

September 2010
M	T	W	T	F	S	S
« Aug
		1	2	3	4	5
6	7	8	9	10	11	12
13	14	15	16	17	18	19
20	21	22	23	24	25	26
27	28	29	30