Author Topic: Trojan adload found here: (Read 3123 times)

polonus · « **on:** June 24, 2010, 11:38:47 PM »

Hi malware fighters,

We started with this site: stop.500forbiddenerror.com
69.59.137.237
   69.59.137.237.servepath.com    Trojan Adload
Choi Jin / bp8tg5wg9tATnetworksolutionsprivateregistration.com
   2010-01-20   details PACKER etc.
EXECryptor 2.2.4 -> Strongbit/SoftComplete Development (h3) *   00075057   0002F457   1f4iroqk   6.0   d07765bfebef50057cd7120e1bff17bb72abada5
Here is a complete list:
Backdoor.Win32.Agent.amsp found there...
Threat Name:    Downloader
Location:    htxp://kin.500forbiddenerror.com/CK3V.exe
finjan: active content was blocked due to digital signature violation
http://malc0de.com/database/index.php?search=26228&ASN=on
http://x.maldb.com/?p=9193
The violation is missing digital signature!
Threat Name:    Downloader
File name:    c:\documents and settings\user\local settings\temporary internet files\content.ie5\ocieqgj3\ck3v[1].exe
Location:    htxp://kin.500forbiddenerror.com/SHILD/INST_Kin2.exe
Here we can find if the dirt has been cleansed in the mean time:
http://www.malwaredomainlist.com/forums/index.php?topic=3190.990

polonus

Pondus · « **Reply #1 on:** June 25, 2010, 12:50:20 AM »

VirusTotal - CK3V.exe - 31/40
http://www.virustotal.com/analisis/f69ecbde6510b89943a9870a02791194cb6d75d5dd93e6bfc6c64f58a06d88d4-1277419659

VirusTotal - INST_Kin2.exe - 3/41
http://www.virustotal.com/analisis/caf8ecf1810caeaa2855ad3b003a09d73529d0dc895c01587549d4dc9f80d50c-1277419580

polonus · « **Reply #2 on:** June 25, 2010, 03:17:09 PM »

Hi Pondus,

That second detection rate is not given me too much confidence,

polonus

Author Topic: Trojan adload found here: (Read 3123 times)

polonus

Trojan adload found here:

Pondus

Re: Trojan adload found here:

polonus

Re: Trojan adload found here: