CastleCops, Internet Crime Fighters
Need help? Click here to register for free! Absolutely zero advertisements on this site!

Donation/Premium
spacer
Donations. Become Premium Today! Premium Icon
block bottom
Security Central
spacer
· Home
· PIRT/Fried Phish
· MIRT
· SIRT
· Deutsch
· Wiki
· Newsletter
· O16/ActiveX
· CLSID List
· Contest2007
· Downloads
· Feedback (send)
· Forums
· HijackThis
· Hijacktrend
· LSPs
· My Downloads
· O18
· O20
· O21
· O22
· O23
· O9
· Premium
· Private Messages
· Proxomitron
· Reviews
· Search
· StartupList
· Stories Archive
· Submit News
· WsIRT
· Your Account
· Acceptable Use Policy
block bottom
spacer spacer
 Forum FAQForum FAQ   SearchSearch   UsergroupsUsergroups   ProfileProfile   Login to check your private messagesLogin to check your private messages   LoginLogin   Your Favorite ForumsSelect FavForums 

gate.etel.dn.ua

 
Post new topic   Reply to topic       All -> FavForums -> Web Malware Links [del.icio.us!] [digg it!] [reddit!]
View previous topic :: View next topic  
Author Message
tetak

MIRT Team Lead
Premium Member

Joined: Jan 19, 2007
Posts: 5879

MIRT Premium

PostPosted: Sun Apr 01, 2007 4:59 pm    Post subject: gate.etel.dn.ua
Reply with quote

Code:
http://gate.etel.dn.ua/~dbs/cool.pif


Looks like some fresh new malware! I've uploaded it to the Malware Listserv.



Complete scanning result of "cool.pif", received in VirusTotal at 04.01.2007, 18:25:33 (CET).

Antivirus Version Update Result
AhnLab-V3 2007.3.31.0 04.01.2007 no virus found
AntiVir 7.3.1.47 04.01.2007 no virus found
Authentium 4.93.8 03.31.2007 could be a corrupted executable file
Avast 4.7.936.0 03.31.2007 no virus found
AVG 7.5.0.447 03.31.2007 no virus found
BitDefender 7.2 04.01.2007 no virus found
CAT-QuickHeal 9.00 03.31.2007 no virus found
ClamAV devel-20070312 04.01.2007 no virus found
DrWeb 4.33 04.01.2007 no virus found
eSafe 7.0.15.0 04.01.2007 suspicious Trojan/Worm
eTrust-Vet 30.6.3527 03.31.2007 no virus found
Ewido 4.0 04.01.2007 no virus found
FileAdvisor 1 04.01.2007 no virus found
Fortinet 2.85.0.0 04.01.2007 REG/Zapchast.4D53!tr.bdr
F-Prot 4.3.1.45 03.30.2007 no virus found
F-Secure 6.70.13030.0 04.01.2007 no virus found
Ikarus T3.1.1.3 04.01.2007 no virus found
Kaspersky 4.0.2.24 04.01.2007 no virus found
McAfee 4997 03.31.2007 New Win32
Microsoft 1.2306 04.01.2007 no virus found
NOD32v2 2161 04.01.2007 no virus found
Norman 5.80.02 03.31.2007 no virus found
Panda 9.0.0.4 04.01.2007 Suspicious file
Prevx1 V2 04.01.2007 no virus found
Sophos 4.16.0 03.30.2007 no virus found
Sunbelt 2.2.907.0 03.31.2007 VIPRE.Suspicious
Symantec 10 04.01.2007 no virus found
TheHacker 6.1.6.083 03.30.2007 no virus found
UNA 1.83 03.16.2007 no virus found
VBA32 3.11.3 04.01.2007 no virus found
VirusBuster 4.3.7:9 04.01.2007 no virus found
Webwasher-Gateway 6.0.1 04.01.2007 Win32.Malware.dam (suspicious)


Aditional Information
File size: 711266 bytes
MD5: 94913b52a5b8953817f5815c4eff74dc
SHA1: 1706e252cfd2434f8ed52a1cc6b663594e711e38
Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics.
Back to top
View users profile Send private message
nosirrah

Security Expert
Special Response Team

Joined: Apr 19, 2006
Posts: 6301
Location: USA
MIRT MVP Premium Rootkit Responders Security Experts SRT

PostPosted: Sun Apr 01, 2007 5:05 pm    Post subject:
Reply with quote

Did you run the offending file ? if not I can do that now for you .
Back to top
View users profile Send private message Send email
tetak

MIRT Team Lead
Premium Member

Joined: Jan 19, 2007
Posts: 5879

MIRT Premium

PostPosted: Sun Apr 01, 2007 5:08 pm    Post subject:
Reply with quote

No I haven't.


_________________
Got Windows XP? Help protect your PC from malware with Microsofts anti-spyware program Windows Defender.

Download it for free from http://www.microsoft.com/athome/security/spyware/software/default.mspx
Back to top
View users profile Send private message
solcroft

MIRT Hunter


Joined: Apr 01, 2007
Posts: 188

MIRT

PostPosted: Sun Apr 01, 2007 5:35 pm    Post subject:
Reply with quote

Seems to be an invalid Win32 executable on my system.
Back to top
View users profile Send private message
tetak

MIRT Team Lead
Premium Member

Joined: Jan 19, 2007
Posts: 5879

MIRT Premium

PostPosted: Sun Apr 01, 2007 5:51 pm    Post subject:
Reply with quote

solcroft wrote:
Seems to be an invalid Win32 executable on my system.


I've just run it and I got the same thing.
Back to top
View users profile Send private message
Display posts from previous:   
Post new topic   Reply to topic       All -> FavForums -> Web Malware Links All times are GMT
Page 1 of 1

 
Quick Reply:
Username: 

Quote the last message
Attach signature (signatures can be changed in profile)
 
You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You cannot download files in this forum


Powered by phpBB © 2001 phpBB Group
2002-2008 © Computer Cops LLC dba CastleCops®. All rights reserved.
Acceptable Use Policy. Use signifies your agreement.
132ppm 0.284s (0.053s)
Making cybercriminals unhappy since 2002*
In Memory of Trpm
spacer spacer