CastleCops® poorly detected malware

Need help? Click here to register for free! Absolutely zero advertisements on this site!

**$9736.22 of $21422.68**

Help CastleCops serve the community on new servers, Donate Here to reach our goal.

	Donation/Premium

	Donations. Become Premium Today!

	Security Central

	· Home · PIRT/Fried Phish · MIRT · SIRT · Deutsch · Wiki · Newsletter · O16/ActiveX · CLSID List · Contest2007 · Downloads · Feedback (send) · Forums · HijackThis · Hijacktrend · LSPs · My Downloads · O18 · O20 · O21 · O22 · O23 · O9 · Premium · Private Messages · Proxomitron · Reviews · Search · StartupList · Stories Archive · Submit News · WsIRT · Your Account · Acceptable Use Policy

Survey

Forum FAQ

Usergroups

Profile

Select FavForums

poorly detected malware
Goto page 1, 2 Next

All -> FavForums -> Unknown Files

[del.icio.us!] [digg it!] [reddit!]

View previous topic :: View next topic

Author

Message

brewt

SIRT Handler
Premium Member

Joined: May 29, 2007
Posts: 779
Location: USA

Posted: Tue Apr 29, 2008 8:52 pm Post subject: poorly detected malware

i am creating this thread to for my convenience, to simplify uploading of malware found from various locations (zlob hunting, spam, links seen in forum posts, etc.) most/all of it is also submitted to the MIRT queue. All the files have already been scanned with virustotal. I have named the files poorlydet_www.example.com_-_filename.exe or halfdet_www.example.com_-_filename.exe to signify whether the detection is below 13, or below 20. this is an arbitrary number. if you have better numbers, let me know.

tetak

MIRT Team Lead
Premium Member

Joined: Jan 19, 2007
Posts: 5764

Posted: Tue Apr 29, 2008 10:04 pm Post subject:

I've added the samples to the malware listserv. _________________ Got Windows XP? Help protect your PC from malware with Microsofts anti-spyware program Windows Defender. Download it for free from http://www.microsoft.com/athome/security/spyware/software/default.mspx

brewt

SIRT Handler
Premium Member

Joined: May 29, 2007
Posts: 779
Location: USA

Posted: Wed Apr 30, 2008 6:42 am Post subject:

3 files. vt scores: 8, 15, 19

brewt

SIRT Handler
Premium Member

Joined: May 29, 2007
Posts: 779
Location: USA

Posted: Wed Apr 30, 2008 5:11 pm Post subject:

1 phish malware 11/3x detection

tetak

MIRT Team Lead
Premium Member

Joined: Jan 19, 2007
Posts: 5764

Posted: Wed Apr 30, 2008 5:25 pm Post subject:

I've added the new samples to the malware listserv. _________________ Got Windows XP? Help protect your PC from malware with Microsofts anti-spyware program Windows Defender. Download it for free from http://www.microsoft.com/athome/security/spyware/software/default.mspx

brewt

SIRT Handler
Premium Member

Joined: May 29, 2007
Posts: 779
Location: USA

Posted: Sat May 03, 2008 7:32 pm Post subject:

1 file MD5: cb1de4847ca840f8837fc8381ec6b0cb First received: 05.02.2008 12:59:33 (CET) Date: 05.03.2008 13:26:49 (CET) [<1D] Results: 14/30 Permalink: analisis/8d32bce1ee3f733079814aa7857baeda

tetak

MIRT Team Lead
Premium Member

Joined: Jan 19, 2007
Posts: 5764

Posted: Sun May 04, 2008 7:37 pm Post subject:

I've added the file to the malware listserv. /p1085721-MD5_cb1de4847ca840f8837fc8381ec6b0cb_My_foto_exe.html _________________ Got Windows XP? Help protect your PC from malware with Microsofts anti-spyware program Windows Defender. Download it for free from http://www.microsoft.com/athome/security/spyware/software/default.mspx

brewt

SIRT Handler
Premium Member

Joined: May 29, 2007
Posts: 779
Location: USA

Posted: Mon May 05, 2008 8:09 pm Post subject:

1 x 8/30 http://siteadvisor.com/sites/wmadirection.com/

tetak

MIRT Team Lead
Premium Member

Joined: Jan 19, 2007
Posts: 5764

Posted: Mon May 05, 2008 9:36 pm Post subject:

I've added the file to the malware listserv. I've also run it on a test PC and I've collected the many files it downloaded. _________________ Got Windows XP? Help protect your PC from malware with Microsofts anti-spyware program Windows Defender. Download it for free from http://www.microsoft.com/athome/security/spyware/software/default.mspx

brewt

SIRT Handler
Premium Member

Joined: May 29, 2007
Posts: 779
Location: USA

Posted: Mon May 05, 2008 11:55 pm Post subject:

1 x 4/31 MD5: 8b4351afb1e92f906e2f19f361bc7d0f First received: 05.06.2008 01:54:39 (CET) Date: 05.06.2008 01:54:44 (CET) [<1D] Results: 4/31 Permalink: analisis/d11f4fc2066c56d50d5053efe456f19e from a malware phish

brewt

SIRT Handler
Premium Member

Joined: May 29, 2007
Posts: 779
Location: USA

Posted: Thu May 08, 2008 6:17 am Post subject:

1 x 12/3x mpack via storm site MD5: 1675fc36e9cd008e5035c1a69d3f9eb9 First received: 05.06.2008 17:47:06 (CET) Date: 05.07.2008 06:55:16 (CET) [+1D] Results: 12/31 Permalink: analisis/61de6dddb56384b44303ed1b368a3813

tetak

MIRT Team Lead
Premium Member

Joined: Jan 19, 2007
Posts: 5764

Posted: Thu May 08, 2008 5:16 pm Post subject:

I've added both files to the malware listserv. _________________ Got Windows XP? Help protect your PC from malware with Microsofts anti-spyware program Windows Defender. Download it for free from http://www.microsoft.com/athome/security/spyware/software/default.mspx

brewt

SIRT Handler
Premium Member

Joined: May 29, 2007
Posts: 779
Location: USA

Posted: Sat May 10, 2008 10:23 pm Post subject:

3 poorly detected files (dupes omitted) http://www.siteadvisor.com/sites/antivirus-scanner.com MD5: 9e9d72893711d4b00fb002f7a443c9b5 First received: 05.10.2008 03:20:12 (CET) Date: 05.10.2008 19:53:40 (CET) [<1D] Results: 2/31 Permalink: analisis/6df4942ddc188b8ab014b27456999a6b ---------------------------------------------------- http://www.siteadvisor.com/sites/avitool.com/ 1724 MD5: 153730257a2a04ebdf69c5bfb36ed71d First received: 05.10.2008 20:24:38 (CET) Date: 05.10.2008 20:24:42 (CET) [<1D] Results: 6/30 Permalink: analisis/4c51394ecf167279b53fbab2951a92e3 ---------------------------------------------------- http://www.siteadvisor.com/sites/avitool.com/ 1294 MD5: b4e60acb28b4192a1af1154632a298a6 First received: 05.10.2008 20:27:21 (CET) Date: 05.10.2008 20:27:25 (CET) [<1D] Results: 7/31 Permalink: analisis/6199b77489f07024425adc979ff8c473 ---------------------------------------------------- http://www.siteadvisor.com/sites/avitool.com/ 283 MD5: fd4819fab71c7589292c405c2e792b56 First received: 05.10.2008 20:39:42 (CET) Date: 05.10.2008 20:39:55 (CET) [<1D] Results: 6/30 Permalink: analisis/78b41f6bc0a72008589fb770869134b4 ---------------------------------------------------- http://www.siteadvisor.com/sites/mediasoftportal.com MD5: 0558d855b2c7842b831adc2a3bde0ff2 First received: 05.10.2008 16:29:35 (CET) Date: 05.10.2008 20:18:08 (CET) [<1D] Results: 8/32 Permalink: analisis/ea9c7543bf92f6dc8d427736d1cff0da

tetak

MIRT Team Lead
Premium Member

Joined: Jan 19, 2007
Posts: 5764

Posted: Mon May 12, 2008 2:47 am Post subject:

I've added the files to the malware listserv. _________________ Got Windows XP? Help protect your PC from malware with Microsofts anti-spyware program Windows Defender. Download it for free from http://www.microsoft.com/athome/security/spyware/software/default.mspx

brewt

SIRT Handler
Premium Member

Joined: May 29, 2007
Posts: 779
Location: USA

Posted: Mon Jun 30, 2008 3:14 pm Post subject:

looks like another hacked storm site

File has already been analysed:
MD5: 4b4ad0fb083ba4ee6cb4d0b08c0fcb44
First received: 06.30.2008 12:21:55 (CET)
Date: 06.30.2008 16:11:36 (CET) [<1D]
Results: 7/33
Permalink: analisis/fb1ec17d5084f64d48fc2e5e8aab4339

Code:

http://gnosistv.com.ar/index1.php
-->
http://gnosistv.com.ar/index6.html
-->
http://gnosistv.com.ar/hot_video.exe

	All -> FavForums -> Unknown Files	All times are GMT Goto page 1, 2 Next
Page 1 of 2

You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You cannot download files in this forum


	2002-2008 � Computer Cops LLC dba CastleCops®. All rights reserved. Acceptable Use Policy. Use signifies your agreement. 120ppm 0.468s (0.204s) Making cybercriminals unhappy since 2002*