Avast community forum
Home
Help
Search
Login
Register
Avast WEBforum
»
Other
»
Viruses and worms
(Moderators:
Maxx_original
,
misak
) »
Does avast detect iWin.Trojan.691128 in PUP-mode?
« previous
next »
Print
Pages: [
1
]
Go Down
Author
Topic: Does avast detect iWin.Trojan.691128 in PUP-mode? (Read 1775 times)
0 Members and 1 Guest are viewing this topic.
polonus
Avast Überevangelist
Probably Bot
Posts: 33897
malware fighter
Does avast detect iWin.Trojan.691128 in PUP-mode?
«
on:
December 19, 2014, 02:30:47 PM »
See:
https://www.virustotal.com/nl/url/de8d14445e339225d58f4045dc12d384f3a4b058ce8b684a477c660f323d82e9/analysis/1418995260/
and
https://www.virustotal.com/nl/file/0584d22455f05a3a19438f00083d595f5ab089ece49e11f0cc063752d8f6fc4c/analysis/1418973658/
Quttera blacklisted site. Unable to properly scan site. Site returning error (40x): HTTP/1.0 403 Forbidden
IP badness history:
https://www.virustotal.com/nl/ip-address/122.226.102.76/information/
Aknowledged program may have legitimate uses in contexts where an authorized administrator has knowingly installed this application.
polonus
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.
Use NoScript, a limited user account and a virtual machine and be safe(r)!
polonus
Avast Überevangelist
Probably Bot
Posts: 33897
malware fighter
Re: Does avast detect iWin.Trojan.691128 in PUP-mode?
«
Reply #1 on:
January 08, 2015, 03:35:06 PM »
Update for Riskware/Generic.AC.18053 APNIC CN antispam at dcb.hz.zj dot cn 122.225.96.132 to 122.226.102.76 sh5y dot com htxp://xiazai9.sh5y.com/setup_361.exe
See:
https://www.virustotal.com/nl/url/c13305ac6dbbb96d65475d9c6f15bec30a00bae019e0a0771d76c64d270672a1/analysis/1420725973/
Filescan:
https://herdprotect.com/setup_361.exe-35e8fe7d3aa073c08c4067ce3f2d6bc2c41d9e4a.aspx
System Details:
Running on: nginx
Via proxy: 1.0 Netcraft Risk Status:
http://toolbar.netcraft.com/site_report/?url=xiazai9.sh5y.com
&
http://totalhash.com/network/ip:122.226.102.76
Unable to properly scan your site. Site returning error (40x): HTTP/1.0 403 Forbidden
IP badness ->
https://www.virustotal.com/nl/ip-address/122.226.102.76/information/
Malware on IP:
http://www.scumware.org/report/122.226.102.76.html
IDS alerts:
http://urlquery.net/report.php?id=1418323679450
Cannot get DNS for parent server! ->
http://www.dnsinspect.com/sh5y.com/1420727499
Direct link to a malware file:
https://app.webinspector.com/public/reports/28562072
Link to Malware File. Found by Antivirus Engine.
SHA1: a765610ea32ada1338c027971799d63207b162e6
Only 1 flags: fortinet 23.543, 23.543 5.1.158 2015-01-07 Riskware/Generic.AC.18053
500 Took to long to download - URL Domain Result: Blacklisted in multiple real-time domain blocklists
See:
http://support.clean-mx.de/clean-mx/viruses.php?id=51240418
Does avast detect in PUP-mode? ->
https://www.virustotal.com/nl/file/0584d22455f05a3a19438f00083d595f5ab089ece49e11f0cc063752d8f6fc4c/analysis/
malware up an d active now since 2014-12-24 - 21:08:51 hrs.
polonus
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.
Use NoScript, a limited user account and a virtual machine and be safe(r)!
Pondus
Probably Bot
Posts: 37527
Not a avast user
Re: Does avast detect iWin.Trojan.691128 in PUP-mode?
«
Reply #2 on:
January 08, 2015, 03:38:52 PM »
htxp://xiazai9.sh5y.com/
setup_361.exe
First submission 2014-12-31 17:27:28 UTC ( 1 week ago )
https://www.virustotal.com/en/file/e48262292ebd2d348071e1cdecd51cbef99990af33c21a91ff9c461be9eb93db/analysis/1420727881/
«
Last Edit: January 08, 2015, 03:46:26 PM by Pondus
»
Logged
Print
Pages: [
1
]
Go Up
« previous
next »
Avast WEBforum
»
Other
»
Viruses and worms
(Moderators:
Maxx_original
,
misak
) »
Does avast detect iWin.Trojan.691128 in PUP-mode?
