Avast WEBforum
Other => Viruses and worms => Topic started by: polonus on November 30, 2011, 08:58:09 PM
-
DrWeb URL checker detects:
Checking: -http://up4.iranblog.com/images/c5n5am2zqc2jdfb1i3o.zip
Engine version: 5.0.2.3300
Total virus-finding records: 2849424
File size: 346.52 KB
File MD5: bb83b26222e92acb56dfc499732c006a
-http://up4.iranblog.com/images/c5n5am2zqc2jdfb1i3o.zip - archive ZIP
>-http://up4.iranblog.com/images/c5n5am2zqc2jdfb1i3o.zip/cat.nfo - Ok
>-http://up4.iranblog.com/images/c5n5am2zqc2jdfb1i3o.zip/FILE_ID.DIZ - Ok
>--http://up4.iranblog.com/images/c5n5am2zqc2jdfb1i3o.zip/Zzee.php.gui.3.1.0.serial.maker.by.cat.exe packed by UPX
>>-http://up4.iranblog.com/images/c5n5am2zqc2jdfb1i3o.zip/Zzee.php.gui.3.1.0.serial.maker.by.cat.exe infected with Trojan.PWS.Siggen.30660
See VT results: http://www.virustotal.com/url-scan/report.html?id=4b48506b596e481bff6c6276b5a8bfd0-1322678529
&
http://www.virustotal.com/file-scan/report.html?id=d0e1f6c4f2a2013c4c62f6099b4ac6c8de49794ccf542437268ce4502ffdd694-1322682327
Also: http://vscan.urlvoid.com/analysis/bb83b26222e92acb56dfc499732c006a/YzVuNWFtMnpxYzJqZGZiMWkzby16aXA=/
polonus
-
Good catch..!! :)
-
Another analysis of this malware: http://threatcenter.crdf.fr/?More&ID=54649&D=CRDF.Trojan.Exploit.PDF.1416654913
polonus
-
Hello,
should be detected in next VPS update (111201-0).
Milos
-
Hello,
should be detected in next VPS update (111201-0).
Milos
Thanks Milos..! :)
-
Yes, we have detection for it now: http://www.virustotal.com/file-scan/report.html?id=d0e1f6c4f2a2013c4c62f6099b4ac6c8de49794ccf542437268ce4502ffdd694-1322728270
avast detects as Win32:Nebuler-AM [Trj]
polonus