Author Topic: Backdoor trojan found here: (Read 4104 times)

polonus · « **on:** June 07, 2010, 11:41:24 PM »

Hi malware fighters,

Malware detected here: htxp://www.ideogramma.net/jaccise/full/J-Accise.exe
malcode known as: backdoor trojan...
See: http://wepawet.iseclab.org/view.php?hash=14ed47c73754259110886c7d044bcf4b&t=1275946171&type=js

polonus

polonus · « **Reply #1 on:** June 15, 2010, 12:04:38 AM »

Hi malware fighters,

Another one found on this Brazilian site:
danilodonadeli.kit.net
Domain Hash    aaa66a8fbfcb9b5c0e6e4098d2a1ff24
IP Address    201.7.184.2
IP Hostname    -
IP Country    BR (Brazil)
AS Number    28604
AS Name    TV GLOBO LTDA

Threat Name:     PHP.Backdoor.Trojan
Location:    htxp://www.danilodonadeli.kit.net/


Threat Name:    PHP.Backdoor.Trojan
Location:    htxp://www.danilodonadeli.kit.net/favicon.ico

Also detected here: http://www.mywot.com/en/scorecard/danilodonadeli.kit.net

polonus

Pondus · « **Reply #2 on:** June 15, 2010, 12:23:14 AM »

VirusTotal - danilodonadeli.kit.net.htm - 3/41
http://www.virustotal.com/analisis/d3e4917e75abc2e9b2391cab1e54134f5be9074c097f9d2c9da74bad0bbb0de6-1276554027

VirusTotal - favicon.ico - 3/41
http://www.virustotal.com/analisis/d3e4917e75abc2e9b2391cab1e54134f5be9074c097f9d2c9da74bad0bbb0de6-1276554032

polonus · « **Reply #3 on:** June 15, 2010, 12:26:15 AM »

Hi Pondus,

Where is avast detection? We have to check again within a few days,

polonus

polonus · « **Reply #4 on:** June 16, 2010, 11:35:34 PM »

Hi malware fighters,

Another backdoor found on this Chinese site: Threat Name: Backdoor.Tidserv
Location: htxp://www.russianmomds.ru/dogma.exe
Active content was blocked due to digital signature violation
The violation is Missing Digital Signature
# We never found it to be benign according to Wepawet
# The last time we found it to be suspicious was at 2010-06-02 20:44:35.
The analyzed resource contains one or more syntax errors.
hxtp://www.russianmomds.ru/dogma.exe PE32 executable for MS Windows (GUI) Intel 80386 32-bit 35164a99caf83a240f302967b76c4d74

See:
http://www.virustotal.com/analisis/bd9bf9ebdaef2511cd684da0469ceb7d2840eef6764747d4e38720886511880b-1275987396
where avast does not detect it..
analysis here: htxp://jsunpack.jeek.org/dec/go?report=fae7cef75c70a450942d681a12b050fca3e0a6db
On the malware file read: http://www.prevx.com/filenames/X2126548755673220298-X1/DOGMA.EXE.html
http://www.threatexpert.com/report.aspx?md5=b9ba7af9ce0fb149a4d14b664ecdaffe
cloaked malware..

polonus

Pondus · « **Reply #5 on:** June 17, 2010, 12:29:09 AM »

Quote

where avast does not detect it..

updated scan......different md5 then the one you show...?

VirusTotal - dogma.exe - 14/41
http://www.virustotal.com/analisis/56e43a91ea3870e162ab6da98d32381433799c6f9f5ec8d145094d158eb0e124-1276727175

polonus · « **Reply #6 on:** June 17, 2010, 12:36:13 AM »

Hi Pondus,

Attentively flagged, now waiting for a better detection rate on the Malscript malware in the other thread,
just over 38% detection rate for avast now...
http://forum.avast.com/index.php?topic=60161.msg513406#msg513406

polonus

Author Topic: Backdoor trojan found here: (Read 4104 times)

polonus

Backdoor trojan found here:

polonus

Re: Backdoor trojan found here:

Pondus

Re: Backdoor trojan found here:

polonus

Re: Backdoor trojan found here:

polonus

Re: Backdoor trojan found here:

Pondus

Re: Backdoor trojan found here:

polonus

Re: Backdoor trojan found here: