CastleCops® malware sample from 222online.cn

Need help? Click here to register for free! Absolutely zero advertisements on this site!

	Donation/Premium

	Donations. Become Premium Today!

	Security Central

	· Home · PIRT/Fried Phish · MIRT · SIRT · Deutsch · Wiki · Newsletter · O16/ActiveX · CLSID List · Contest2007 · Downloads · Feedback (send) · Forums · HijackThis · Hijacktrend · LSPs · My Downloads · O18 · O20 · O21 · O22 · O23 · O9 · Premium · Private Messages · Proxomitron · Reviews · Search · StartupList · Stories Archive · Submit News · WsIRT · Your Account · Acceptable Use Policy

Forum FAQ

Usergroups

Profile

Select FavForums

malware sample from 222online.cn

All -> FavForums -> Unknown Files

[del.icio.us!] [digg it!] [reddit!]

View previous topic :: View next topic

Author

Message

AlphaCentauri

SIRT Handler
Premium Member

Joined: Nov 20, 2003
Posts: 2886

Posted: Thu May 08, 2008 5:46 pm Post subject: malware sample from 222online.cn

This link was posted on another thread. When I resubmitted the file to VirusTotal while posting the domain on SiteAdvisor, the analysis was somewhat different, so it may have been changed. www.222online.cn/down/1003.exe http://www.virustotal.com/analisis/a5148ac5983a3abe8c9bc9efb163dc1f Antivirus Version Last Update Result AhnLab-V3 2008.5.3.0 2008.05.08 - AntiVir 7.8.0.14 2008.05.08 TR/BHO.Gen Authentium 4.93.8 2008.05.08 - Avast 4.8.1169.0 2008.05.07 Win32:Ejik-B AVG 7.5.0.516 2008.05.07 - BitDefender 7.2 2008.05.08 - CAT-QuickHeal 9.50 2008.05.08 (Suspicious) - DNAScan ClamAV 0.92.1 2008.05.08 - DrWeb 4.44.0.09170 2008.05.08 Trojan.Click.origin eSafe 7.0.15.0 2008.05.07 - eTrust-Vet 31.4.5769 2008.05.08 - Ewido 4.0 2008.05.08 - F-Prot 4.4.2.54 2008.05.07 - F-Secure 6.70.13260.0 2008.05.08 Suspicious:W32/Malware!Gemini Fortinet 3.14.0.0 2008.05.08 - Ikarus T3.1.1.26.0 2008.05.08 - Kaspersky 7.0.0.125 2008.05.08 - McAfee 5290 2008.05.07 - Microsoft 1.3408 2008.05.08 Trojan:Win32/Ejik.A NOD32v2 3086 2008.05.08 - Norman 5.80.02 2008.05.08 - Panda 9.0.0.4 2008.05.07 Suspicious file Prevx1 V2 2008.05.09 Malicious Software Rising 20.43.32.00 2008.05.08 - Sophos 4.29.0 2008.05.08 - Sunbelt 3.0.1097.0 2008.05.07 VIPRE.Suspicious Symantec 10 2008.05.08 - TheHacker 6.2.92.305 2008.05.08 - VBA32 3.12.6.5 2008.05.08 - VirusBuster 4.3.26:9 2008.05.08 - Webwasher-Gateway 6.6.2 2008.05.08 Trojan.BHO.Gen Additional information File size: 295682 bytes MD5...: be516f4eda81f33543acbf6a4f1e4644 SHA1..: a1978941511141aca316228c55c6290215585872 SHA256: add81abb87d95c2344e79549c3e99e124525ac7245267e1b7b15320475a1fad9 SHA512: 5b1ebdad15982c92191ef08aec45ae930ec8e454b3a5b065d003934897948575 308b1fe8abcc54365aa28125d5a66f9a6306db70dafb5f462a03008c91e0f429

tetak

MIRT Team Lead
Premium Member

Joined: Jan 19, 2007
Posts: 5869

Posted: Thu May 08, 2008 7:33 pm Post subject:

I've added the file to the malware listserv. /p1087379-MD5_be516f4eda81f33543acbf6a4f1e4644_1003_exe.html _________________ Got Windows XP? Help protect your PC from malware with Microsofts anti-spyware program Windows Defender. Download it for free from http://www.microsoft.com/athome/security/spyware/software/default.mspx

	All -> FavForums -> Unknown Files	All times are GMT
Page 1 of 1

You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You cannot download files in this forum


	2002-2008 � Computer Cops LLC dba CastleCops®. All rights reserved. Acceptable Use Policy. Use signifies your agreement. 181ppm 0.347s (0.06s) Making cybercriminals unhappy since 2002*