Jump to content

nosirrah

Honorary Members
 View Profile  See their activity

  • Posts

    5,487

  • Joined

  • Last visited

 Content Type 

Everything posted by nosirrah

  1. nosirrah
    HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify Notify here means that if they were to be turned off, windows would not warn you. This is likely because MSE has taken over this role. Set these detections to ignore if you do not wish to see them again.
  2. nosirrah
    This is the easiest update yet, absolutely no detections at all from the same source. SHA256: 32a2a2dec04e9868403a884961fbdbf10d2e02a4b86806073349c82cf6defb09 SHA1: c0c9b59979eb2c8d9564157dda31a610332f6582 MD5: 22d30e771bf5d47e97c45c4392186674 File size: 217.4 KB ( 222625 bytes ) File name: E:\Downloads\0.892491262712407.exe File type: Win32 EXE Detection ratio: 0 / 41 Analysis date: 2012-08-01 05:11:24 UTC ( 1 minute ago ) AhnLab-V3 - 20120731 AntiVir - 20120801 Antiy-AVL - 20120801 Avast - 20120731 AVG - 20120731 BitDefender - 20120801 ByteHero - 20120723 CAT-QuickHeal - 20120801 ClamAV - 20120801 Commtouch - 20120801 Comodo - 20120801 DrWeb - 20120801 Emsisoft - 20120801 eSafe - 20120731 ESET-NOD32 - 20120731 F-Prot - 20120801 F-Secure - 20120801 Fortinet - 20120801 GData - 20120801 Ikarus - 20120801 Jiangmin - 20120801 K7AntiVirus - 20120731 Kaspersky - 20120801 McAfee - 20120801 McAfee-GW-Edition - 20120731 Microsoft - 20120731 Norman - 20120731 nProtect - 20120731 Panda - 20120731 Rising - 20120731 Sophos - 20120801 SUPERAntiSpyware - 20120801 Symantec - 20120801 TheHacker - 20120730 TotalDefense - 20120731 TrendMicro - 20120801 TrendMicro-HouseCall - 20120801 VBA32 - 20120731 VIPRE - 20120801 ViRobot - 20120801 VirusBuster - 20120731 First seen by VirusTotal 2012-08-01 05:11:24 UTC ( 5 minutes ago ) Last seen by VirusTotal 2012-08-01 05:11:24 UTC ( 5 minutes ago )
  3. nosirrah
    another update today, first the initial sample that is now 2 weeks obsolete SHA256: e0dc4d79d2c5a5c2fb1d9107b1c5f817c589c195f1b8fbbcaa64847b73c3cc78 SHA1: a352cb3a4327634d599911ea3d9e095950b2371b MD5: c4b357b6b09b35c6784319b5a27914e8 File size: 810.5 KB ( 829965 bytes ) File name: E:\Downloads\scandsk(309).exe File type: Win32 EXE Detection ratio: 32 / 41 Analysis date: 2012-07-30 21:13:24 UTC ( 0 minutes ago ) AhnLab-V3 Trojan/Win32.Inject 20120730 AntiVir DR/Delphi.Gen 20120730 Antiy-AVL Trojan/Win32.Inject.gen 20120727 Avast Win32:Trojan-gen 20120730 AVG Generic28.CGSU 20120730 BitDefender Trojan.Generic.KDV.673357 20120730 ByteHero - 20120723 CAT-QuickHeal Trojan.Inject.eigh 20120730 ClamAV - 20120730 Commtouch - 20120730 Comodo UnclassifiedMalware 20120730 DrWeb Trojan.Rodricter.8 20120730 Emsisoft Trojan.Win32.Inject!IK 20120730 eSafe - 20120730 ESET-NOD32 Win32/Simda.B 20120730 F-Prot - 20120730 F-Secure Trojan.Generic.KDV.673357 20120730 Fortinet W32/Inject.EIGH!tr 20120730 GData Trojan.Generic.KDV.673357 20120730 Ikarus Trojan.Win32.Inject 20120730 Jiangmin Trojan/Inject.aiya 20120730 K7AntiVirus - 20120730 Kaspersky Trojan.Win32.Inject.eigh 20120730 McAfee Generic BackDoor.abj 20120730 McAfee-GW-Edition Generic BackDoor.abj 20120730 Microsoft Backdoor:Win32/Simda.gen!E 20120730 Norman W32/Simda.AA 20120730 nProtect Trojan/W32.Agent.829965 20120730 Panda Trj/CI.A 20120730 Rising - 20120730 Sophos Mal/EncPk-ACI 20120730 SUPERAntiSpyware - 20120729 Symantec Trojan.Gen 20120730 TheHacker Trojan/Inject.eigh 20120730 TotalDefense - 20120730 TrendMicro TROJ_GEN.R47C1GS 20120730 TrendMicro-HouseCall TROJ_GEN.R47C1GS 20120730 VBA32 Trojan.Inject.eigh 20120730 VIPRE Trojan.Win32.Generic!BT 20120730 ViRobot Trojan.Win32.A.Inject.829965 20120730 VirusBuster Trojan.Inject!ehulIdEE6p4 20120730 First seen by VirusTotal 2012-07-16 02:32:08 UTC ( 2 weeks ago ) Last seen by VirusTotal 2012-07-30 21:10:05 UTC ( 3 minutes ago ) and now the newest mutation, detection has fallen even further for this well know trojan SHA256: 096c9c6a3b4e901f6e619ddcbfa0ee8da0f03e858429d548f4888b7b24e9d9c9 SHA1: d0154ac745a6e36f3976204da49e36f10a8f2098 MD5: 26f0ceb8c46f371db417f43ffc73fe68 File size: 979.5 KB ( 1003021 bytes ) File name: E:\Downloads\scandsk(391).exe File type: Win32 EXE Detection ratio: 2 / 41 Analysis date: 2012-07-30 21:08:04 UTC ( 0 minutes ago ) AhnLab-V3 - 20120730 AntiVir - 20120730 Antiy-AVL - 20120727 Avast - 20120730 AVG - 20120730 BitDefender - 20120730 ByteHero - 20120723 CAT-QuickHeal - 20120730 ClamAV - 20120730 Commtouch - 20120730 Comodo - 20120730 DrWeb - 20120730 Emsisoft Virus.Win32.DelfInject !IK 20120730 eSafe - 20120730 ESET-NOD32 - 20120730 F-Prot - 20120730 F-Secure - 20120730 Fortinet - 20120730 GData - 20120730 Ikarus Virus.Win32.DelfInject 20120730 Jiangmin - 20120730 K7AntiVirus - 20120730 Kaspersky - 20120730 McAfee - 20120730 McAfee-GW-Edition - 20120730 Microsoft - 20120730 Norman - 20120730 nProtect - 20120730 Panda - 20120730 Rising - 20120730 Sophos - 20120730 SUPERAntiSpyware - 20120729 Symantec - 20120730 TheHacker - 20120730 TotalDefense - 20120730 TrendMicro - 20120730 TrendMicro-HouseCall - 20120730 VBA32 - 20120730 VIPRE - 20120730 ViRobot - 20120730 VirusBuster - 20120730 First seen by VirusTotal 2012-07-30 21:08:04 UTC ( 2 minutes ago ) Last seen by VirusTotal 2012-07-30 21:08:04 UTC ( 2 minutes ago )
  4. nosirrah
    Another update today, here is the current detection for the now 13 day obsolete trojan. SHA256: e3b181e228b196dc1d57dadfce7555707090db10f239361fe11f3cedf8e49bfa SHA1: 77439b2d9932e8ca78a365e09b893d71310205a6 MD5: 8b196c4ac506ec2350ae134b5a9038d1 File size: 113.0 KB ( 115712 bytes ) File name: E:\Downloads\0.4068175439503239.exe File type: Win32 EXE Detection ratio: 30 / 40 Analysis date: 2012-07-30 20:10:11 UTC ( 1 minute ago ) AhnLab-V3 Trojan/Win32.Tdss 20120730 AntiVir TR/Alureon.FO.9 20120730 Antiy-AVL Trojan/Win32.TDSS.gen 20120727 Avast Win32:Alureon-ATW [Trj] 20120730 AVG Generic28.CIHX 20120730 BitDefender Trojan.Generic.KDV.675625 20120730 ByteHero - 20120723 CAT-QuickHeal Trojan.Tdss.isog 20120730 ClamAV - 20120730 Commtouch - 20120730 Comodo TrojWare.Win32.Trojan.Agent.Gen 20120730 Emsisoft Trojan.Win32.Tdss!IK 20120730 eSafe - 20120730 ESET-NOD32 a variant of Win32/Kryptik.AIPA 20120730 F-Prot - 20120730 F-Secure Trojan.Generic.KDV.675625 20120730 Fortinet W32/TDSS.ISOG!tr 20120730 GData Trojan.Generic.KDV.675625 20120730 Ikarus Trojan.Win32.Tdss 20120730 Jiangmin Trojan/TDSS.aiqz 20120730 K7AntiVirus Trojan 20120730 Kaspersky Trojan.Win32.TDSS.isog 20120730 McAfee Generic BackDoor.abk 20120730 McAfee-GW-Edition Generic BackDoor.abk 20120730 Microsoft Trojan:Win32/Alureon.FO 20120730 Norman W32/Troj_Generic.CZIVT 20120730 nProtect Trojan/W32.Agent.115712.QJ 20120730 Panda Generic Trojan 20120730 Rising - 20120730 Sophos Mal/TDL3Drop-A 20120730 SUPERAntiSpyware - 20120729 Symantec - 20120730 TheHacker Trojan/Kryptik.aipa 20120730 TotalDefense - 20120730 TrendMicro - 20120730 TrendMicro-HouseCall TROJ_GEN.F47V0723 20120730 VBA32 Trojan.TDSS.isog 20120730 VIPRE Trojan.Win32.Generic!BT 20120730 ViRobot Trojan.Win32.A.Tdss.115712.BS 20120730 VirusBuster Trojan.TDSS!lUkgpVkYrok 20120730 First seen by VirusTotal 2012-07-17 16:06:18 UTC ( 1 week, 6 days ago ) Last seen by VirusTotal 2012-07-30 20:10:11 UTC ( 1 minute ago ) And now the most recent mutation from the same source SHA256: d64c14fb7e00246a359e71b7340329b955db15e84018b74aeec1ec8fe7c5e98e SHA1: c8409a21cd1b51b37f0f64d251449db38c86a138 MD5: 6064078263830fd0a257400313c730b6 File size: 95.5 KB ( 97792 bytes ) File name: E:\Downloads\0138d9684aa1.exe File type: Win32 EXE Detection ratio: 3 / 41 Analysis date: 2012-07-30 20:07:33 UTC ( 0 minutes ago ) AhnLab-V3 - 20120730 AntiVir TR/Crypt.XPACK.Gen 20120730 Antiy-AVL - 20120727 Avast - 20120730 AVG - 20120730 BitDefender - 20120730 ByteHero - 20120723 CAT-QuickHeal - 20120730 ClamAV - 20120730 Commtouch - 20120730 Comodo - 20120730 DrWeb - 20120730 Emsisoft - 20120730 eSafe - 20120730 ESET-NOD32 - 20120730 F-Prot - 20120730 F-Secure - 20120730 Fortinet W32/Zbot.ADN!tr 20120730 GData - 20120730 Ikarus - 20120730 Jiangmin - 20120730 K7AntiVirus - 20120730 Kaspersky - 20120730 McAfee - 20120730 McAfee-GW-Edition - 20120730 Microsoft - 20120730 Norman - 20120730 nProtect - 20120730 Panda Suspicious file 20120730 Rising - 20120730 Sophos - 20120730 SUPERAntiSpyware - 20120729 Symantec - 20120730 TheHacker - 20120730 TotalDefense - 20120730 TrendMicro - 20120730 TrendMicro-HouseCall - 20120730 VBA32 - 20120730 VIPRE - 20120730 ViRobot - 20120730 VirusBuster - 20120730 First seen by VirusTotal 2012-07-30 20:07:33 UTC ( 1 minute ago ) Last seen by VirusTotal 2012-07-30 20:07:33 UTC ( 1 minute ago )
  5. nosirrah
    This should be fixed now.
  6. nosirrah
    This should be fixed now.
  7. nosirrah
    This should be fixed now.
  8. nosirrah
    the starting sample has the same detections still but there is a new mutation today SHA256: 491654e756a30fc41987be6796b55d4c092eb826f74b11766d21dc923e81ec6a SHA1: 0dfd7e76a2287072ad83e5a888b915c145730c0d MD5: c8c6743fac59c182fb164a2cc5c5e3f8 File size: 1007.5 KB ( 1031693 bytes ) File name: E:\Downloads\scandsk(382).exe File type: Win32 EXE Detection ratio: 4 / 41 Analysis date: 2012-07-28 19:38:59 UTC ( 0 minutes ago ) AhnLab-V3 - 20120728 AntiVir - 20120728 Antiy-AVL - 20120727 Avast - 20120728 AVG - 20120728 BitDefender - 20120728 ByteHero - 20120723 CAT-QuickHeal - 20120728 ClamAV - 20120728 Commtouch W32/MalwareHiderPatched-based!Maximus 20120728 Comodo - 20120728 DrWeb Adware.InstallCore.53 20120728 Emsisoft - 20120728 eSafe - 20120726 ESET-NOD32 - 20120728 F-Prot W32/MalwareHiderPatched-based!Maximus 20120728 F-Secure - 20120728 Fortinet - 20120728 GData - 20120728 Ikarus - 20120728 Jiangmin - 20120728 K7AntiVirus Trojan 20120728 Kaspersky - 20120728 McAfee - 20120728 McAfee-GW-Edition - 20120728 Microsoft - 20120728 Norman - 20120728 nProtect - 20120728 Panda - 20120728 Rising - 20120726 Sophos - 20120728 SUPERAntiSpyware - 20120728 Symantec - 20120728 TheHacker - 20120728 TotalDefense - 20120728 TrendMicro - 20120728 TrendMicro-HouseCall - 20120728 VBA32 - 20120727 VIPRE - 20120728 ViRobot - 20120728 VirusBuster - 20120728 First seen by VirusTotal 2012-07-28 19:38:59 UTC ( 3 minutes ago ) Last seen by VirusTotal 2012-07-28 19:38:59 UTC ( 3 minutes ago )
  9. nosirrah
    Please zip and attach copies of these files to your next post.
  10. nosirrah
    detections of the base sample have not changed but there is another mutation today SHA256: a4d0242a108bba737a609edc0599ca283b0bb03c27ae3868af427639bae6128e SHA1: 59fa3e69836660acfdbf14a7eaf9fe2c92e6100a MD5: 6b555c9775272918c8a097c2031ac295 File size: 802.5 KB ( 821773 bytes ) File name: E:\Downloads\scandsk(378).exe File type: Win32 EXE Detection ratio: 4 / 41 Analysis date: 2012-07-27 11:48:59 UTC ( 1 minute ago ) AhnLab-V3 - 20120727 AntiVir - 20120727 Antiy-AVL - 20120727 Avast - 20120727 AVG - 20120727 BitDefender - 20120727 ByteHero - 20120723 CAT-QuickHeal - 20120727 ClamAV - 20120727 Commtouch W32/MalwareHiderPatched-based!Maximus 20120727 Comodo - 20120727 DrWeb - 20120727 Emsisoft - 20120727 eSafe - 20120726 ESET-NOD32 - 20120727 F-Prot W32/MalwareHiderPatched-based!Maximus 20120727 F-Secure - 20120727 Fortinet - 20120727 GData - 20120727 Ikarus - 20120727 Jiangmin - 20120727 K7AntiVirus Trojan 20120726 Kaspersky - 20120727 McAfee Generic BackDoor.abu 20120727 McAfee-GW-Edition - 20120727 Microsoft - 20120727 Norman - 20120727 nProtect - 20120726 Panda - 20120727 Rising - 20120726 Sophos - 20120727 SUPERAntiSpyware - 20120727 Symantec - 20120727 TheHacker - 20120726 TotalDefense - 20120726 TrendMicro - 20120727 TrendMicro-HouseCall - 20120727 VBA32 - 20120726 VIPRE - 20120727 ViRobot - 20120727 VirusBuster - 20120727 First seen by VirusTotal 2012-07-27 11:48:59 UTC ( 13 minutes ago ) Last seen by VirusTotal 2012-07-27 11:48:59 UTC ( 13 minutes ago )
  11. nosirrah
    update here are the latest updates for the original version and most recent mutation first the original sample that is now 10 days obsolete SHA256: e0dc4d79d2c5a5c2fb1d9107b1c5f817c589c195f1b8fbbcaa64847b73c3cc78 SHA1: a352cb3a4327634d599911ea3d9e095950b2371b MD5: c4b357b6b09b35c6784319b5a27914e8 File size: 810.5 KB ( 829965 bytes ) File name: E:\Downloads\scandsk(309).exe File type: Win32 EXE Detection ratio: 29 / 41 Analysis date: 2012-07-26 04:51:13 UTC ( 0 minutes ago ) AhnLab-V3 Trojan/Win32.Inject 20120726 AntiVir DR/Delphi.Gen 20120726 Antiy-AVL Trojan/Win32.Inject.gen 20120726 Avast Win32:Trojan-gen 20120726 AVG Generic28.CGSU 20120725 BitDefender Trojan.Generic.KDV.673357 20120726 ByteHero - 20120723 CAT-QuickHeal Trojan.Inject.eigh 20120724 ClamAV - 20120726 Commtouch - 20120726 Comodo UnclassifiedMalware 20120726 DrWeb Trojan.Rodricter.8 20120726 Emsisoft Trojan.Win32.Inject!IK 20120726 eSafe - 20120724 ESET-NOD32 Win32/Simda.B 20120725 F-Prot - 20120725 F-Secure Trojan.Generic.KDV.673357 20120726 Fortinet W32/Inject.EIGH!tr 20120726 GData Trojan.Generic.KDV.673357 20120726 Ikarus Trojan.Win32.Inject 20120726 Jiangmin - 20120726 K7AntiVirus - 20120725 Kaspersky Trojan.Win32.Inject.eigh 20120726 McAfee Generic BackDoor.abj 20120726 McAfee-GW-Edition Generic BackDoor.abj 20120725 Microsoft Backdoor:Win32/Simda.gen!E 20120726 Norman W32/Simda.AA 20120725 nProtect Trojan/W32.Agent.829965 20120726 Panda Trj/CI.A 20120725 Rising - 20120726 Sophos Mal/EncPk-ACI 20120726 SUPERAntiSpyware - 20120726 Symantec Trojan.Gen 20120726 TheHacker Trojan/Inject.eigh 20120725 TotalDefense - 20120724 TrendMicro - 20120726 TrendMicro-HouseCall TROJ_GEN.R47H1GG 20120726 VBA32 Trojan.Inject.eigh 20120725 VIPRE Trojan.Win32.Generic!BT 20120726 ViRobot Trojan.Win32.A.Inject.829965 20120726 VirusBuster - 20120725 First seen by VirusTotal 2012-07-16 02:32:08 UTC ( 1 week, 3 days ago ) Last seen by VirusTotal 2012-07-26 04:51:13 UTC ( 3 minutes ago ) and here is the current mutation, detection is still terrible SHA256: 482269069d7997309030340c3553418da178b6a16fdb3006feb698eacc51d412 SHA1: 93f07bf5be9784a700abee8c723446e14e8a19e2 MD5: 53e13b40b0c2afc92e4306877eeacac8 File size: 887.0 KB ( 908301 bytes ) File name: E:\Downloads\scandsk(372).exe File type: Win32 EXE Detection ratio: 4 / 41 Analysis date: 2012-07-26 04:49:02 UTC ( 0 minutes ago ) AhnLab-V3 - 20120726 AntiVir DR/Delphi.Gen 20120726 Antiy-AVL - 20120726 Avast - 20120726 AVG - 20120725 BitDefender - 20120726 ByteHero - 20120723 CAT-QuickHeal - 20120724 ClamAV - 20120726 Commtouch W32/MalwareHiderPatched-based!Maximus 20120726 Comodo - 20120726 DrWeb - 20120726 Emsisoft - 20120726 eSafe - 20120724 ESET-NOD32 - 20120725 F-Prot W32/MalwareHiderPatched-based!Maximus 20120725 F-Secure - 20120726 Fortinet - 20120726 GData - 20120726 Ikarus - 20120726 Jiangmin - 20120726 K7AntiVirus Trojan 20120725 Kaspersky - 20120726 McAfee - 20120726 McAfee-GW-Edition - 20120725 Microsoft - 20120726 Norman - 20120725 nProtect - 20120726 Panda - 20120725 Rising - 20120726 Sophos - 20120726 SUPERAntiSpyware - 20120726 Symantec - 20120726 TheHacker - 20120725 TotalDefense - 20120724 TrendMicro - 20120726 TrendMicro-HouseCall - 20120726 VBA32 - 20120725 VIPRE - 20120726 ViRobot - 20120726 VirusBuster - 20120725 First seen by VirusTotal 2012-07-26 04:49:02 UTC ( 5 minutes ago ) Last seen by VirusTotal 2012-07-26 04:49:02 UTC ( 5 minutes ago )
  12. nosirrah
    fixed in the next update
  13. nosirrah
    update detection of the first sample has not changed but there is a new mutation from the same source SHA256: 2a673f1b9cb00019202a309bdebde7b462d545e3d2b71a26617ef33a351e9eca SHA1: 799e7dc50bc0bdde57ef4e56a95d6438e79b41ed MD5: 3994538f2305c45586aa675f7e4ed7f3 File size: 882.0 KB ( 903181 bytes ) File name: E:\Downloads\scandsk(371).exe File type: Win32 EXE Detection ratio: 4 / 41 Analysis date: 2012-07-26 00:16:22 UTC ( 0 minutes ago ) AhnLab-V3 - 20120725 AntiVir DR/Delphi.Gen 20120725 Antiy-AVL - 20120725 Avast - 20120726 AVG - 20120725 BitDefender - 20120725 ByteHero - 20120723 CAT-QuickHeal - 20120724 ClamAV - 20120725 Commtouch W32/MalwareHiderPatched-based!Maximus 20120725 Comodo - 20120726 DrWeb - 20120725 Emsisoft - 20120726 eSafe - 20120724 ESET-NOD32 - 20120725 F-Prot W32/MalwareHiderPatched-based!Maximus 20120725 F-Secure - 20120726 Fortinet - 20120725 GData - 20120726 Ikarus - 20120725 Jiangmin - 20120725 K7AntiVirus Trojan 20120725 Kaspersky - 20120726 McAfee - 20120726 McAfee-GW-Edition - 20120725 Microsoft - 20120725 Norman - 20120725 nProtect - 20120725 Panda - 20120725 Rising - 20120725 Sophos - 20120725 SUPERAntiSpyware - 20120725 Symantec - 20120726 TheHacker - 20120725 TotalDefense - 20120724 TrendMicro - 20120726 TrendMicro-HouseCall - 20120726 VBA32 - 20120725 VIPRE - 20120725 ViRobot - 20120725 VirusBuster - 20120725 First seen by VirusTotal 2012-07-26 00:16:22 UTC ( 0 minutes ago ) Last seen by VirusTotal 2012-07-26 00:16:22 UTC ( 0 minutes ago )
  14. nosirrah
    update here are the current detections for the now9 day obsolete trojan SHA256: e0dc4d79d2c5a5c2fb1d9107b1c5f817c589c195f1b8fbbcaa64847b73c3cc78 SHA1: a352cb3a4327634d599911ea3d9e095950b2371b MD5: c4b357b6b09b35c6784319b5a27914e8 File size: 810.5 KB ( 829965 bytes ) File name: E:\Downloads\scandsk(309).exe File type: Win32 EXE Detection ratio: 28 / 41 Analysis date: 2012-07-25 17:47:02 UTC ( 0 minutes ago ) AhnLab-V3 - 20120725 AntiVir DR/Delphi.Gen 20120725 Antiy-AVL Trojan/Win32.Inject.gen 20120725 Avast Win32:Trojan-gen 20120725 AVG Generic28.CGSU 20120725 BitDefender Trojan.Generic.KDV.673357 20120725 ByteHero - 20120723 CAT-QuickHeal Trojan.Inject.eigh 20120724 ClamAV - 20120725 Commtouch - 20120725 Comodo UnclassifiedMalware 20120725 DrWeb Trojan.Rodricter.8 20120725 Emsisoft Trojan.Win32.Inject!IK 20120725 eSafe - 20120724 ESET-NOD32 Win32/Simda.B 20120725 F-Prot - 20120725 F-Secure Trojan.Generic.KDV.673357 20120725 Fortinet W32/Inject.EIGH!tr 20120725 GData Trojan.Generic.KDV.673357 20120725 Ikarus Trojan.Win32.Inject 20120725 Jiangmin - 20120725 K7AntiVirus - 20120725 Kaspersky Trojan.Win32.Inject.eigh 20120725 McAfee Generic BackDoor.abj 20120725 McAfee-GW-Edition Generic BackDoor.abj 20120725 Microsoft Backdoor:Win32/Simda.gen!E 20120725 Norman W32/Simda.AA 20120725 nProtect Trojan/W32.Agent.829965 20120725 Panda Trj/CI.A 20120725 Rising - 20120725 Sophos Mal/EncPk-ACI 20120725 SUPERAntiSpyware - 20120725 Symantec WS.Reputation.1 20120725 TheHacker Trojan/Inject.eigh 20120725 TotalDefense - 20120724 TrendMicro - 20120725 TrendMicro-HouseCall TROJ_GEN.R47H1GG 20120725 VBA32 Trojan.Inject.eigh 20120725 VIPRE Trojan.Win32.Generic!BT 20120725 ViRobot Trojan.Win32.A.Inject.829965 20120725 VirusBuster - 20120725 First seen by VirusTotal 2012-07-16 02:32:08 UTC ( 1 week, 2 days ago ) Last seen by VirusTotal 2012-07-25 17:47:02 UTC ( 1 minute ago ) and here is the current mutation, detection has once again fallen off SHA256: d36fe9f43335c6e8618ec243eadea18b6887763eb68154f5e64dde945fdb617d SHA1: 6cdd5d2e81b5267261e71fede0926dfb18a09498 MD5: 35c0a360127cd4de1efe0471d440e727 File size: 981.0 KB ( 1004557 bytes ) File name: E:\Downloads\scandsk(370).exe File type: Win32 EXE Detection ratio: 4 / 41 Analysis date: 2012-07-25 17:46:35 UTC ( 1 minute ago ) AhnLab-V3 - 20120725 AntiVir DR/Delphi.Gen 20120725 Antiy-AVL - 20120725 Avast - 20120725 AVG - 20120725 BitDefender - 20120725 ByteHero - 20120723 CAT-QuickHeal - 20120724 ClamAV - 20120725 Commtouch W32/MalwareHiderPatched-based!Maximus 20120725 Comodo - 20120725 DrWeb - 20120725 Emsisoft - 20120725 eSafe - 20120724 ESET-NOD32 - 20120725 F-Prot W32/MalwareHiderPatched-based!Maximus 20120725 F-Secure - 20120725 Fortinet - 20120725 GData - 20120725 Ikarus - 20120725 Jiangmin - 20120725 K7AntiVirus Trojan 20120725 Kaspersky - 20120725 McAfee - 20120725 McAfee-GW-Edition - 20120725 Microsoft - 20120725 Norman - 20120725 nProtect - 20120725 Panda - 20120725 Rising - 20120725 Sophos - 20120725 SUPERAntiSpyware - 20120725 Symantec - 20120725 TheHacker - 20120725 TotalDefense - 20120724 TrendMicro - 20120725 TrendMicro-HouseCall - 20120725 VBA32 - 20120725 VIPRE - 20120725 ViRobot - 20120725 VirusBuster - 20120725 First seen by VirusTotal 2012-07-25 17:46:35 UTC ( 1 minute ago ) Last seen by VirusTotal 2012-07-25 17:46:35 UTC ( 1 minute ago )
  15. nosirrah
    update current detection for the now 8 day obsolete sample SHA256: e0dc4d79d2c5a5c2fb1d9107b1c5f817c589c195f1b8fbbcaa64847b73c3cc78 SHA1: a352cb3a4327634d599911ea3d9e095950b2371b MD5: c4b357b6b09b35c6784319b5a27914e8 File size: 810.5 KB ( 829965 bytes ) File name: E:\Downloads\scandsk(309).exe File type: Win32 EXE Detection ratio: 26 / 41 Analysis date: 2012-07-24 21:37:04 UTC ( 0 minutes ago ) AhnLab-V3 Trojan/Win32.Inject 20120724 AntiVir DR/Delphi.Gen 20120724 Antiy-AVL Trojan/Win32.Inject.gen 20120724 Avast Win32:Trojan-gen 20120724 AVG Generic28.CGSU 20120724 BitDefender Trojan.Generic.KDV.673357 20120724 ByteHero - 20120723 CAT-QuickHeal Trojan.Inject.eigh 20120724 ClamAV - 20120724 Commtouch - 20120724 Comodo UnclassifiedMalware 20120724 DrWeb Trojan.Rodricter.8 20120724 Emsisoft Trojan.Win32.Inject!IK 20120724 eSafe - 20120724 ESET-NOD32 Win32/Simda.B 20120724 F-Prot - 20120724 F-Secure Trojan.Generic.KDV.673357 20120724 Fortinet W32/Inject.EIGH!tr 20120724 GData Trojan.Generic.KDV.673357 20120724 Ikarus Trojan.Win32.Inject 20120724 Jiangmin - 20120724 K7AntiVirus - 20120724 Kaspersky Trojan.Win32.Inject.eigh 20120724 McAfee Generic BackDoor.abj 20120724 McAfee-GW-Edition - 20120724 Microsoft Backdoor:Win32/Simda.gen!E 20120724 Norman W32/Simda.AA 20120724 nProtect Trojan/W32.Agent.829965 20120724 Panda - 20120724 Rising - 20120724 Sophos Mal/EncPk-ACI 20120724 SUPERAntiSpyware - 20120724 Symantec - 20120724 TheHacker Trojan/Inject.eigh 20120724 TotalDefense - 20120724 TrendMicro - 20120724 TrendMicro-HouseCall TROJ_GEN.R47H1GG 20120724 VBA32 Trojan.Inject.eigh 20120724 VIPRE Trojan.Win32.Generic!BT 20120724 ViRobot Trojan.Win32.A.Inject.829965 20120724 VirusBuster - 20120724 First seen by VirusTotal 2012-07-16 02:32:08 UTC ( 1 week, 1 day ago ) Last seen by VirusTotal 2012-07-24 21:37:04 UTC ( 7 minutes ago ) and now the newest mutation SHA256: 868888773e0710ad8886e3fae33dafd6a8d483cc6d66516aa4a13fbbd79d26b9 SHA1: 872b87bd6a88872976e87be050643d5c57c3749c MD5: 503b6f7ea741f3f359b38e7ea19bfdf0 File size: 865.5 KB ( 886285 bytes ) File name: E:\Downloads\scandsk(366).exe File type: Win32 EXE Detection ratio: 8 / 41 Analysis date: 2012-07-24 21:33:03 UTC ( 0 minutes ago ) AhnLab-V3 - 20120724 AntiVir DR/Delphi.Gen 20120724 Antiy-AVL - 20120724 Avast - 20120724 AVG - 20120724 BitDefender - 20120724 ByteHero - 20120723 CAT-QuickHeal - 20120724 ClamAV - 20120724 Commtouch - 20120724 Comodo - 20120724 DrWeb - 20120724 Emsisoft Trojan.Win32.Inject!IK 20120724 eSafe - 20120724 ESET-NOD32 a variant of Win32/Injector.UHG 20120724 F-Prot - 20120724 F-Secure - 20120724 Fortinet W32/Delf.STT!tr 20120724 GData - 20120724 Ikarus Trojan.Win32.Inject 20120724 Jiangmin - 20120724 K7AntiVirus - 20120724 Kaspersky - 20120724 McAfee PWS-Zbot.gen.zy 20120724 McAfee-GW-Edition PWS-Zbot.gen.zy 20120724 Microsoft - 20120724 Norman - 20120724 nProtect - 20120724 Panda - 20120724 Rising - 20120724 Sophos Mal/EncPk-ACI 20120724 SUPERAntiSpyware - 20120724 Symantec - 20120724 TheHacker - 20120724 TotalDefense - 20120724 TrendMicro - 20120724 TrendMicro-HouseCall - 20120724 VBA32 - 20120724 VIPRE - 20120724 ViRobot - 20120724 VirusBuster - 20120724 First seen by VirusTotal 2012-07-24 21:33:03 UTC ( 11 minutes ago ) Last seen by VirusTotal 2012-07-24 21:33:03 UTC ( 11 minutes ago )
  16. nosirrah
    updating again Here is the current detection for the now 6 day obsolete trojan. SHA256: e3b181e228b196dc1d57dadfce7555707090db10f239361fe11f3cedf8e49bfa SHA1: 77439b2d9932e8ca78a365e09b893d71310205a6 MD5: 8b196c4ac506ec2350ae134b5a9038d1 File size: 113.0 KB ( 115712 bytes ) File name: E:\Downloads\0.4068175439503239.exe File type: Win32 EXE Detection ratio: 26 / 41 Analysis date: 2012-07-24 07:06:10 UTC ( 4 minutes ago ) AhnLab-V3 Trojan/Win32.Tdss 20120724 AntiVir TR/Alureon.FO.9 20120724 Antiy-AVL Trojan/Win32.TDSS.gen 20120724 Avast Win32:Alureon-ATW [Trj] 20120723 AVG Generic28.CIHX 20120723 BitDefender Trojan.Generic.KDV.675625 20120724 ByteHero - 20120723 CAT-QuickHeal Trojan.Tdss.isog 20120724 ClamAV - 20120723 Commtouch - 20120724 Comodo TrojWare.Win32.Trojan.Agent.Gen 20120724 DrWeb - 20120724 Emsisoft Trojan.Win32.Tdss!IK 20120724 eSafe - 20120722 ESET-NOD32 a variant of Win32/Kryptik.AIPA 20120723 F-Prot - 20120723 F-Secure Trojan.Generic.KDV.675625 20120724 Fortinet W32/TDSS.ISOG!tr 20120724 GData Trojan.Generic.KDV.675625 20120724 Ikarus Trojan.Win32.Tdss 20120724 Jiangmin Trojan/TDSS.aiqz 20120724 K7AntiVirus Trojan 20120723 Kaspersky Trojan.Win32.TDSS.isog 20120724 McAfee Generic BackDoor.abk 20120724 McAfee-GW-Edition Artemis!8B196C4AC506 20120723 Microsoft Trojan:Win32/Alureon.FO 20120724 Norman W32/Troj_Generic.CZIVT 20120724 nProtect Trojan/W32.Agent.115712.QJ 20120724 Panda - 20120723 Rising - 20120724 Sophos - 20120724 SUPERAntiSpyware - 20120724 Symantec - 20120724 TheHacker Trojan/Kryptik.aipa 20120724 TotalDefense - 20120724 TrendMicro - 20120724 TrendMicro-HouseCall TROJ_GEN.F47V0723 20120724 VBA32 - 20120723 VIPRE Trojan.Win32.Generic!BT 20120724 ViRobot Trojan.Win32.A.Tdss.115712.BS 20120724 VirusBuster - 20120723 First seen by VirusTotal 2012-07-17 16:06:18 UTC ( 6 days, 15 hours ago ) Last seen by VirusTotal 2012-07-24 07:06:10 UTC ( 3 minutes ago ) And now the detections for the newest mutation. SHA256: dc140113dcab6f5f465153a21504104fb4712aa0e1aa42a838035f08fd562d89 SHA1: 35bfe66c296cc0fb33d4b5e806ae5fe0d2e12a48 MD5: 1f11e70f34d068b002950a8636ad0e10 File size: 119.0 KB ( 121856 bytes ) File name: E:\Downloads\0.11607481874437486.exe File type: Win32 EXE Detection ratio: 6 / 41 Analysis date: 2012-07-24 07:05:53 UTC ( 3 minutes ago ) AhnLab-V3 - 20120724 AntiVir - 20120724 Antiy-AVL - 20120724 Avast - 20120723 AVG - 20120723 BitDefender Gen:Variant.Kazy.82237 20120724 ByteHero - 20120723 CAT-QuickHeal - 20120724 ClamAV - 20120723 Commtouch - 20120724 Comodo - 20120724 DrWeb Trojan.Encoder.origin 20120724 Emsisoft - 20120724 eSafe - 20120722 ESET-NOD32 - 20120723 F-Prot - 20120723 F-Secure Gen:Variant.Kazy.82237 20120724 Fortinet - 20120724 GData Gen:Variant.Kazy.82237 20120724 Ikarus - 20120724 Jiangmin - 20120724 K7AntiVirus - 20120723 Kaspersky Trojan.Win32.TDSS.isqn 20120724 McAfee - 20120724 McAfee-GW-Edition - 20120723 Microsoft - 20120724 Norman - 20120724 nProtect - 20120724 Panda - 20120723 Rising - 20120724 Sophos - 20120724 SUPERAntiSpyware - 20120724 Symantec - 20120724 TheHacker - 20120724 TotalDefense - 20120724 TrendMicro - 20120724 TrendMicro-HouseCall TROJ_GEN.F47V0724 20120724 VBA32 - 20120723 VIPRE - 20120724 ViRobot - 20120724 VirusBuster - 20120723 First seen by VirusTotal 2012-07-24 03:07:38 UTC ( 4 hours, 1 minute ago ) Last seen by VirusTotal 2012-07-24 07:05:53 UTC ( 3 minutes ago )
  17. nosirrah
    update here are the latest updates for the original version and more recent mutation first the original sample that is now 1 week obsolete SHA256: e0dc4d79d2c5a5c2fb1d9107b1c5f817c589c195f1b8fbbcaa64847b73c3cc78 SHA1: a352cb3a4327634d599911ea3d9e095950b2371b MD5: c4b357b6b09b35c6784319b5a27914e8 File size: 810.5 KB ( 829965 bytes ) File name: E:\Downloads\scandsk(309).exe File type: Win32 EXE Detection ratio: 25 / 40 Analysis date: 2012-07-24 02:17:38 UTC ( 1 minute ago ) AntiVir DR/Delphi.Gen 20120724 Antiy-AVL Trojan/Win32.Inject.gen 20120724 Avast Win32:Trojan-gen 20120723 AVG Generic28.CGSU 20120723 BitDefender Trojan.Generic.KDV.673357 20120724 ByteHero - 20120723 CAT-QuickHeal Trojan.Inject.eigh 20120723 ClamAV - 20120723 Commtouch - 20120724 Comodo UnclassifiedMalware 20120724 DrWeb Trojan.Rodricter.8 20120724 Emsisoft Trojan.Win32.Inject!IK 20120724 eSafe - 20120722 ESET-NOD32 Win32/Simda.B 20120723 F-Prot - 20120723 F-Secure Trojan.Generic.KDV.673357 20120724 Fortinet W32/Inject.EIGH!tr 20120724 GData Trojan.Generic.KDV.673357 20120724 Ikarus Trojan.Win32.Inject 20120724 Jiangmin - 20120723 K7AntiVirus - 20120723 Kaspersky Trojan.Win32.Inject.eigh 20120724 McAfee Generic BackDoor.abj 20120724 McAfee-GW-Edition - 20120723 Microsoft Backdoor:Win32/Simda.gen!E 20120724 Norman W32/Simda.AA 20120723 nProtect Trojan/W32.Agent.829965 20120723 Panda Trj/CI.A 20120723 Rising - 20120723 Sophos Mal/EncPk-ACI 20120724 SUPERAntiSpyware - 20120722 Symantec - 20120724 TheHacker Trojan/Inject.eigh 20120724 TotalDefense - 20120718 TrendMicro - 20120724 TrendMicro-HouseCall TROJ_GEN.R47H1GG 20120724 VBA32 - 20120723 VIPRE Trojan.Win32.Generic!BT 20120724 ViRobot Trojan.Win32.A.Inject.829965 20120723 VirusBuster - 20120723 First seen by VirusTotal 2012-07-16 02:32:08 UTC ( 1 week ago ) Last seen by VirusTotal 2012-07-23 19:12:52 UTC ( 7 hours, 5 minutes ago ) and now the new trojan from the same source, detection has seriously fallen off SHA256: 7c6a66ce2748ed06a5c1028aa0183d6210aa9462cd75c5b4483e68848f556669 SHA1: b5042851118582484707d1aa4f155197c4540ce3 MD5: 6465a50f68b709b2c0bb2b299cb9a347 File size: 802.5 KB ( 821773 bytes ) File name: E:\Downloads\scandsk(360).exe File type: Win32 EXE Detection ratio: 3 / 41 Analysis date: 2012-07-24 02:17:09 UTC ( 0 minutes ago ) AhnLab-V3 - 20120723 AntiVir - 20120724 Antiy-AVL - 20120724 Avast - 20120723 AVG - 20120723 BitDefender - 20120724 ByteHero - 20120723 CAT-QuickHeal - 20120723 ClamAV - 20120723 Commtouch - 20120724 Comodo - 20120724 DrWeb Trojan.Rodricter.16 20120724 Emsisoft - 20120724 eSafe - 20120722 ESET-NOD32 - 20120723 F-Prot - 20120723 F-Secure - 20120724 Fortinet - 20120724 GData - 20120724 Ikarus - 20120724 Jiangmin - 20120723 K7AntiVirus - 20120723 Kaspersky - 20120724 McAfee - 20120724 McAfee-GW-Edition - 20120723 Microsoft Backdoor:Win32/Simda.gen!E 20120724 Norman W32/Simda.AA 20120723 nProtect - 20120723 Panda - 20120723 Rising - 20120723 Sophos - 20120724 SUPERAntiSpyware - 20120722 Symantec - 20120724 TheHacker - 20120724 TotalDefense - 20120718 TrendMicro - 20120724 TrendMicro-HouseCall - 20120724 VBA32 - 20120723 VIPRE - 20120724 ViRobot - 20120723 VirusBuster - 20120723 First seen by VirusTotal 2012-07-24 02:17:09 UTC ( 1 minute ago ) Last seen by VirusTotal 2012-07-24 02:17:09 UTC ( 1 minute ago )
  18. nosirrah
    updating again Here is the current detection for the now 5 day obsolete trojan. SHA256: e3b181e228b196dc1d57dadfce7555707090db10f239361fe11f3cedf8e49bfa SHA1: 77439b2d9932e8ca78a365e09b893d71310205a6 MD5: 8b196c4ac506ec2350ae134b5a9038d1 File size: 113.0 KB ( 115712 bytes ) File name: E:\Downloads\0.4068175439503239.exe File type: Win32 EXE Detection ratio: 24 / 41 Analysis date: 2012-07-23 07:17:36 UTC ( 0 minutes ago ) AhnLab-V3 Trojan/Win32.Tdss 20120723 AntiVir TR/Alureon.FO.9 20120723 Antiy-AVL - 20120717 Avast Win32:Alureon-ATW [Trj] 20120723 AVG Generic28.CIHX 20120722 BitDefender Trojan.Generic.KDV.675625 20120723 ByteHero - 20120719 CAT-QuickHeal Trojan.Tdss.isog 20120723 ClamAV - 20120723 Commtouch - 20120723 Comodo TrojWare.Win32.Trojan.Agent.Gen 20120723 DrWeb - 20120723 Emsisoft Trojan.Win32.Tdss!IK 20120723 eSafe - 20120722 ESET-NOD32 a variant of Win32/Kryptik.AIPA 20120722 F-Prot - 20120723 F-Secure Trojan.Generic.KDV.675625 20120723 Fortinet W32/TDSS.ISOG!tr 20120721 GData Trojan.Generic.KDV.675625 20120723 Ikarus Trojan.Win32.Tdss 20120723 Jiangmin Trojan/TDSS.aiqz 20120723 K7AntiVirus - 20120721 Kaspersky Trojan.Win32.TDSS.isog 20120723 McAfee Generic BackDoor.abk 20120723 McAfee-GW-Edition Artemis!8B196C4AC506 20120722 Microsoft Trojan:Win32/Alureon.FO 20120723 Norman W32/Troj_Generic.CZIVT 20120721 nProtect Trojan/W32.Agent.115712.QJ 20120723 Panda Trj/CI.A 20120722 Rising - 20120723 Sophos - 20120723 SUPERAntiSpyware - 20120722 Symantec - 20120723 TheHacker Trojan/Kryptik.aipa 20120722 TotalDefense - 20120718 TrendMicro - 20120723 TrendMicro-HouseCall - 20120723 VBA32 - 20120720 VIPRE Trojan.Win32.Generic!BT 20120723 ViRobot Trojan.Win32.A.Tdss.115712.BS 20120723 VirusBuster - 20120722 First seen by VirusTotal 2012-07-17 16:06:18 UTC ( 5 days, 15 hours ago ) Last seen by VirusTotal 2012-07-23 07:17:36 UTC ( 4 minutes ago ) And now the detections for the newest mutation. As you can see I was not the first to get to this one this time as it was first checked 3 hours ago so these detections may be higher than at 0hour. SHA256: 1e1bab15ab614526d96317f64180c3209eedcb98a1902aad048f185e8fa7123f SHA1: 73e2083a5d67ef601b7a68073106b90ed6277477 MD5: 296af247727a2c5c14b5d102efcac477 File size: 118.5 KB ( 121344 bytes ) File name: E:\Downloads\0.7420048455182366.exe File type: Win32 EXE Detection ratio: 4 / 41 Analysis date: 2012-07-23 07:16:36 UTC ( 0 minutes ago ) AhnLab-V3 Trojan/Win32.Tdss 20120723 AntiVir - 20120723 Antiy-AVL - 20120717 Avast - 20120723 AVG - 20120722 BitDefender - 20120723 ByteHero - 20120719 CAT-QuickHeal - 20120723 ClamAV - 20120723 Commtouch - 20120723 Comodo - 20120723 DrWeb - 20120723 Emsisoft - 20120723 eSafe - 20120722 ESET-NOD32 - 20120722 F-Prot - 20120723 F-Secure - 20120723 Fortinet - 20120721 GData - 20120723 Ikarus - 20120723 Jiangmin - 20120723 K7AntiVirus - 20120721 Kaspersky Trojan.Win32.TDSS.isqb 20120723 McAfee - 20120723 McAfee-GW-Edition - 20120722 Microsoft - 20120723 Norman - 20120721 nProtect - 20120723 Panda Suspicious file 20120722 Rising - 20120723 Sophos - 20120723 SUPERAntiSpyware - 20120722 Symantec - 20120723 TheHacker - 20120722 TotalDefense - 20120718 TrendMicro - 20120723 TrendMicro-HouseCall TROJ_GEN.F47V0723 20120723 VBA32 - 20120720 VIPRE - 20120723 ViRobot - 20120723 VirusBuster - 20120722 First seen by VirusTotal 2012-07-23 04:17:35 UTC ( 3 hours, 6 minutes ago ) Last seen by VirusTotal 2012-07-23 07:16:36 UTC ( 7 minutes ago )
  19. nosirrah
    fixed in the next update
  20. nosirrah
    another update, I think I will continue this until the first example is either 75% detected or is no longer increasing in detection here are the latest updates for the original version and more recent mutation first the original sample that is now 6 and a half days obsolete SHA256: e0dc4d79d2c5a5c2fb1d9107b1c5f817c589c195f1b8fbbcaa64847b73c3cc78 SHA1: a352cb3a4327634d599911ea3d9e095950b2371b MD5: c4b357b6b09b35c6784319b5a27914e8 File size: 810.5 KB ( 829965 bytes ) File name: E:\Downloads\scandsk(309).exe File type: Win32 EXE Detection ratio: 23 / 42 Analysis date: 2012-07-22 19:00:55 UTC ( 0 minutes ago ) AhnLab-V3 - 20120722 AntiVir DR/Delphi.Gen 20120722 Antiy-AVL - 20120717 Avast Win32:Trojan-gen 20120722 AVG Generic28.CGSU 20120722 BitDefender Trojan.Generic.KDV.673357 20120722 ByteHero - 20120719 CAT-QuickHeal Trojan.Inject.eigh 20120722 ClamAV - 20120721 Commtouch - 20120721 Comodo UnclassifiedMalware 20120722 DrWeb Trojan.Rodricter.8 20120722 Emsisoft Trojan.Win32.Inject!IK 20120722 eSafe - 20120722 ESET-NOD32 Win32/Simda.B 20120722 F-Prot - 20120721 F-Secure Trojan.Generic.KDV.673357 20120722 Fortinet W32/Inject.EIGH!tr 20120721 GData Trojan.Generic.KDV.673357 20120722 Ikarus Trojan.Win32.Inject 20120722 Jiangmin - 20120722 K7AntiVirus - 20120721 Kaspersky Trojan.Win32.Inject.eigh 20120722 McAfee Generic BackDoor.abj 20120722 McAfee-GW-Edition - 20120722 Microsoft - 20120722 Norman W32/Simda.AA 20120721 nProtect Trojan/W32.Agent.829965 20120722 Panda Trj/CI.A 20120722 PCTools - 20120722 Rising - 20120720 Sophos Mal/EncPk-ACI 20120722 SUPERAntiSpyware - 20120722 Symantec - 20120722 TheHacker Trojan/Inject.eigh 20120722 TotalDefense - 20120718 TrendMicro - 20120722 TrendMicro-HouseCall TROJ_GEN.R47H1GG 20120722 VBA32 - 20120720 VIPRE Trojan.Win32.Generic!BT 20120722 ViRobot Trojan.Win32.A.Inject.829965 20120722 VirusBuster - 20120722 First seen by VirusTotal 2012-07-16 02:32:08 UTC ( 6 days, 16 hours ago ) Last seen by VirusTotal 2012-07-22 19:00:55 UTC ( 4 minutes ago ) and now the new trojan from the same source SHA256: 70bc7f6191fa7dd028229df0eb96a7a616c818dc292dacfd5908446d0cb4d9f3 SHA1: 52ae6db5ccb227613bc889c40b8f21c784adf42a MD5: 1f1d8af323954cd20471285b80d827c7 File size: 788.5 KB ( 807437 bytes ) File name: E:\Downloads\scandsk(354).exe File type: Win32 EXE Detection ratio: 5 / 42 Analysis date: 2012-07-22 19:00:39 UTC ( 0 minutes ago ) AhnLab-V3 - 20120722 AntiVir - 20120722 Antiy-AVL - 20120717 Avast - 20120722 AVG - 20120722 BitDefender - 20120722 ByteHero - 20120719 CAT-QuickHeal - 20120722 ClamAV - 20120721 Commtouch W32/MalwareHiderPatched-based!Maximus 20120721 Comodo - 20120722 DrWeb - 20120722 Emsisoft - 20120722 eSafe - 20120722 ESET-NOD32 - 20120722 F-Prot W32/MalwareHiderPatched-based!Maximus 20120721 F-Secure - 20120722 Fortinet - 20120721 GData - 20120722 Ikarus - 20120722 Jiangmin - 20120722 K7AntiVirus Trojan 20120721 Kaspersky - 20120722 McAfee - 20120722 McAfee-GW-Edition - 20120722 Microsoft - 20120722 Norman W32/Simda.AA 20120721 nProtect - 20120722 Panda - 20120722 PCTools - 20120722 Rising - 20120720 Sophos Mal/EncPk-ACT 20120722 SUPERAntiSpyware - 20120722 Symantec - 20120722 TheHacker - 20120722 TotalDefense - 20120718 TrendMicro - 20120722 TrendMicro-HouseCall - 20120722 VBA32 - 20120720 VIPRE - 20120722 ViRobot - 20120722 VirusBuster - 20120722 First seen by VirusTotal 2012-07-22 19:00:39 UTC ( 4 minutes ago ) Last seen by VirusTotal 2012-07-22 19:00:39 UTC ( 4 minutes ago )
  21. nosirrah
    fixed in the next update
  22. nosirrah
    updating again Here is the current detection for the now 4 day obsolete trojan. SHA256: e3b181e228b196dc1d57dadfce7555707090db10f239361fe11f3cedf8e49bfa SHA1: 77439b2d9932e8ca78a365e09b893d71310205a6 MD5: 8b196c4ac506ec2350ae134b5a9038d1 File size: 113.0 KB ( 115712 bytes ) File name: E:\Downloads\0.4068175439503239.exe File type: Win32 EXE Detection ratio: 22 / 42 Analysis date: 2012-07-21 20:10:58 UTC ( 0 minutes ago ) AhnLab-V3 Trojan/Win32.Tdss 20120721 AntiVir TR/Alureon.FO.9 20120721 Antiy-AVL - 20120717 Avast Win32:Alureon-ATW [Trj] 20120721 AVG Generic28.CIHX 20120721 BitDefender Trojan.Generic.KDV.675625 20120721 ByteHero - 20120719 CAT-QuickHeal - 20120721 ClamAV - 20120721 Commtouch - 20120721 Comodo TrojWare.Win32.Trojan.Agent.Gen 20120721 DrWeb - 20120721 Emsisoft Trojan.Win32.Tdss!IK 20120721 eSafe - 20120719 ESET-NOD32 a variant of Win32/Kryptik.AIPA 20120721 F-Prot - 20120721 F-Secure Trojan.Generic.KDV.675625 20120721 Fortinet W32/TDSS.ISOG!tr 20120721 GData Trojan.Generic.KDV.675625 20120721 Ikarus Trojan.Win32.Tdss 20120721 Jiangmin Trojan/TDSS.aiqz 20120721 K7AntiVirus - 20120721 Kaspersky Trojan.Win32.TDSS.isog 20120721 McAfee Generic BackDoor.abk 20120721 McAfee-GW-Edition Artemis!8B196C4AC506 20120721 Microsoft Trojan:Win32/Alureon.FO 20120721 Norman W32/Troj_Generic.CZIVT 20120721 nProtect Trojan/W32.Agent.115712.QJ 20120721 Panda Trj/CI.A 20120721 PCTools - 20120721 Rising - 20120720 Sophos - 20120721 SUPERAntiSpyware - 20120721 Symantec - 20120721 TheHacker - 20120720 TotalDefense - 20120718 TrendMicro - 20120721 TrendMicro-HouseCall - 20120721 VBA32 - 20120720 VIPRE Trojan.Win32.Generic!BT 20120721 ViRobot Trojan.Win32.A.Tdss.115712.BS 20120721 VirusBuster - 20120721 First seen by VirusTotal 2012-07-17 16:06:18 UTC ( 4 days, 4 hours ago ) Last seen by VirusTotal 2012-07-21 20:10:58 UTC ( 1 minute ago ) And now the detections for the newest mutation. SHA256: 5f8285675a407cabf426fa23377fc34b3faf1c9c6e80403f23715e0f28fe8a5f SHA1: a6c0a86edd76119b4a7e25f18fcc008929ac6ea8 MD5: a83b0989072f0a01702a44d44202d141 File size: 25.6 KB ( 26188 bytes ) File name: E:\Downloads\890982cos4023832.exe File type: Win32 EXE Detection ratio: 2 / 42 Analysis date: 2012-07-21 20:10:19 UTC ( 0 minutes ago ) AhnLab-V3 - 20120721 AntiVir - 20120721 Antiy-AVL - 20120717 Avast - 20120721 AVG - 20120721 BitDefender - 20120721 ByteHero - 20120719 CAT-QuickHeal - 20120721 ClamAV - 20120721 Commtouch - 20120721 Comodo TrojWare.Win32.Kryptik.AFFK 20120721 DrWeb - 20120721 Emsisoft - 20120721 eSafe - 20120719 ESET-NOD32 - 20120721 F-Prot - 20120721 F-Secure - 20120721 Fortinet - 20120721 GData - 20120721 Ikarus - 20120721 Jiangmin - 20120721 K7AntiVirus - 20120721 Kaspersky - 20120721 McAfee - 20120721 McAfee-GW-Edition - 20120721 Microsoft - 20120721 Norman - 20120721 nProtect - 20120721 Panda Suspicious file 20120721 PCTools - 20120721 Rising - 20120720 Sophos - 20120721 SUPERAntiSpyware - 20120721 Symantec - 20120721 TheHacker - 20120720 TotalDefense - 20120718 TrendMicro - 20120721 TrendMicro-HouseCall - 20120721 VBA32 - 20120720 VIPRE - 20120721 ViRobot - 20120721 VirusBuster - 20120721 First seen by VirusTotal 2012-07-21 20:10:19 UTC ( 2 minutes ago ) Last seen by VirusTotal 2012-07-21 20:10:19 UTC ( 2 minutes ago )
  23. nosirrah
    update here are the latest updates for the original version and more recent mutation first the original sample that is now 5 and a half days obsolete SHA256: e0dc4d79d2c5a5c2fb1d9107b1c5f817c589c195f1b8fbbcaa64847b73c3cc78 SHA1: a352cb3a4327634d599911ea3d9e095950b2371b MD5: c4b357b6b09b35c6784319b5a27914e8 File size: 810.5 KB ( 829965 bytes ) File name: E:\Downloads\scandsk(309).exe File type: Win32 EXE Detection ratio: 23 / 41 Analysis date: 2012-07-21 18:14:48 UTC ( 1 minute ago ) AntiVir DR/Delphi.Gen 20120721 Antiy-AVL - 20120717 Avast Win32:Trojan-gen 20120721 AVG Generic28.CGSU 20120721 BitDefender Trojan.Generic.KDV.673357 20120721 ByteHero - 20120719 CAT-QuickHeal Trojan.Inject.eigh 20120721 ClamAV - 20120721 Commtouch - 20120721 Comodo UnclassifiedMalware 20120721 DrWeb Trojan.Rodricter.8 20120721 Emsisoft Trojan.Win32.Inject!IK 20120721 eSafe - 20120719 ESET-NOD32 Win32/Simda.B 20120721 F-Prot - 20120721 F-Secure Trojan.Generic.KDV.673357 20120721 Fortinet W32/Inject.EIGH!tr 20120721 GData Trojan.Generic.KDV.673357 20120721 Ikarus Trojan.Win32.Inject 20120721 Jiangmin - 20120721 K7AntiVirus - 20120721 Kaspersky Trojan.Win32.Inject.eigh 20120721 McAfee Generic BackDoor.abj 20120721 McAfee-GW-Edition - 20120721 Microsoft - 20120721 Norman W32/Simda.AA 20120721 nProtect Trojan/W32.Agent.829965 20120721 Panda Trj/CI.A 20120721 PCTools - 20120721 Rising - 20120720 Sophos Mal/EncPk-ACI 20120721 SUPERAntiSpyware - 20120721 Symantec - 20120721 TheHacker Trojan/Inject.eigh 20120720 TotalDefense - 20120718 TrendMicro - 20120721 TrendMicro-HouseCall TROJ_GEN.R47H1GG 20120721 VBA32 - 20120720 VIPRE Trojan.Win32.Generic!BT 20120721 ViRobot Trojan.Win32.A.Inject.829965 20120721 VirusBuster - 20120721 First seen by VirusTotal 2012-07-16 02:32:08 UTC ( 5 days, 15 hours ago ) Last seen by VirusTotal 2012-07-21 18:14:48 UTC ( 3 minutes ago ) and not the latest mutation from the same source SHA256: 470c8a2ac73bc0855ec460e9b8d74c30aa0b2e4d5dccca83f41707b0aa6d587c SHA1: 98c41ea5863cedd24b2de21b2d03f766ecf994fc MD5: fb2b813b69e7a2ac1b31551cb2cf4f8c File size: 724.0 KB ( 741389 bytes ) File name: E:\Downloads\scandsk(347).exe File type: Win32 EXE Detection ratio: 6 / 41 Analysis date: 2012-07-21 18:11:23 UTC ( 0 minutes ago ) AhnLab-V3 - 20120721 AntiVir - 20120721 Antiy-AVL - 20120717 Avast - 20120721 AVG - 20120721 BitDefender - 20120721 ByteHero - 20120719 CAT-QuickHeal - 20120721 ClamAV - 20120721 Commtouch W32/MalwareHiderPatched-based!Maximus 20120721 Comodo - 20120721 DrWeb - 20120721 Emsisoft - 20120721 eSafe - 20120719 ESET-NOD32 - 20120721 F-Prot W32/MalwareHiderPatched-based!Maximus 20120721 F-Secure - 20120721 Fortinet W32/Inject.EIA!tr 20120721 GData - 20120721 Ikarus - 20120721 Jiangmin - 20120721 K7AntiVirus Trojan 20120721 McAfee - 20120721 McAfee-GW-Edition - 20120721 Microsoft - 20120721 Norman W32/Simda.AA 20120721 nProtect - 20120721 Panda - 20120721 PCTools - 20120721 Rising - 20120720 Sophos Mal/EncPk-ACI 20120721 SUPERAntiSpyware - 20120721 Symantec - 20120721 TheHacker - 20120720 TotalDefense - 20120718 TrendMicro - 20120721 TrendMicro-HouseCall - 20120721 VBA32 - 20120720 VIPRE - 20120721 ViRobot - 20120721 VirusBuster - 20120721 First seen by VirusTotal 2012-07-21 18:11:23 UTC ( 6 minutes ago ) Last seen by VirusTotal 2012-07-21 18:11:23 UTC ( 6 minutes ago )
  24. nosirrah
    updating again the first trojan is now 5 days obsolete and once again has been replaced with a new mutation here are the current detections for the original sample SHA256: e0dc4d79d2c5a5c2fb1d9107b1c5f817c589c195f1b8fbbcaa64847b73c3cc78 SHA1: a352cb3a4327634d599911ea3d9e095950b2371b MD5: c4b357b6b09b35c6784319b5a27914e8 File size: 810.5 KB ( 829965 bytes ) File name: E:\Downloads\scandsk(309).exe File type: Win32 EXE Detection ratio: 22 / 42 Analysis date: 2012-07-21 02:54:59 UTC ( 0 minutes ago ) AhnLab-V3 - 20120720 AntiVir DR/Delphi.Gen 20120720 Antiy-AVL - 20120717 Avast Win32:Trojan-gen 20120721 AVG Generic28.CGSU 20120720 BitDefender Trojan.Generic.KDV.673357 20120721 ByteHero - 20120719 CAT-QuickHeal - 20120720 ClamAV - 20120721 Commtouch - 20120721 Comodo UnclassifiedMalware 20120721 DrWeb Trojan.Rodricter.8 20120721 Emsisoft Trojan.Win32.Inject!IK 20120721 eSafe - 20120719 ESET-NOD32 Win32/Simda.B 20120720 F-Prot - 20120720 F-Secure Trojan.Generic.KDV.673357 20120721 Fortinet W32/Inject.EIGH!tr 20120721 GData Trojan.Generic.KDV.673357 20120721 Ikarus Trojan.Win32.Inject 20120720 Jiangmin - 20120720 K7AntiVirus - 20120720 Kaspersky Trojan.Win32.Inject.eigh 20120721 McAfee Generic BackDoor.abj 20120721 McAfee-GW-Edition - 20120721 Microsoft - 20120721 Norman W32/Simda.AA 20120720 nProtect Trojan/W32.Agent.829965 20120720 Panda Trj/CI.A 20120720 PCTools - 20120721 Rising - 20120720 Sophos Mal/EncPk-ACI 20120721 SUPERAntiSpyware - 20120720 Symantec - 20120721 TheHacker Trojan/Inject.eigh 20120720 TotalDefense - 20120718 TrendMicro - 20120721 TrendMicro-HouseCall TROJ_GEN.R47H1GG 20120721 VBA32 - 20120720 VIPRE Trojan.Win32.Generic!BT 20120721 ViRobot Trojan.Win32.A.Inject.829965 20120720 VirusBuster - 20120721 First seen by VirusTotal 2012-07-16 02:32:08 UTC ( 5 days ago ) Last seen by VirusTotal 2012-07-21 02:54:59 UTC ( 6 minutes ago ) and now the new trojan from the same source SHA256: 315424b78585b20d42cd677e2c200941c490b4d60c3de7b409e010a26252f220 SHA1: f00040728911b4992b8277c432f279dbad633d20 MD5: dc141f06bc9f47cabde4c6af88051c39 File size: 758.0 KB ( 776205 bytes ) File name: E:\Downloads\scandsk(342).exe File type: Win32 EXE Detection ratio: 8 / 42 Analysis date: 2012-07-21 02:54:42 UTC ( 0 minutes ago ) AhnLab-V3 - 20120720 AntiVir DR/Delphi.Gen 20120720 Antiy-AVL - 20120717 Avast - 20120721 AVG - 20120720 BitDefender - 20120721 ByteHero - 20120719 CAT-QuickHeal - 20120720 ClamAV - 20120721 Commtouch W32/MalwareHiderPatched-based!Maximus 20120721 Comodo - 20120721 DrWeb - 20120721 Emsisoft Trojan.Win32.Inject!IK 20120721 eSafe - 20120719 ESET-NOD32 - 20120720 F-Prot W32/MalwareHiderPatched-based!Maximus 20120720 F-Secure - 20120721 Fortinet - 20120721 GData - 20120721 Ikarus Trojan.Win32.Inject 20120720 Jiangmin - 20120720 K7AntiVirus Trojan 20120720 Kaspersky - 20120721 McAfee - 20120721 McAfee-GW-Edition - 20120721 Microsoft - 20120721 Norman W32/Simda.AA 20120720 nProtect - 20120720 Panda - 20120720 PCTools - 20120721 Rising - 20120720 Sophos Mal/EncPk-AEM 20120721 SUPERAntiSpyware - 20120720 Symantec - 20120721 TheHacker - 20120720 TotalDefense - 20120718 TrendMicro - 20120721 TrendMicro-HouseCall - 20120721 VBA32 - 20120720 VIPRE - 20120721 ViRobot - 20120720 VirusBuster - 20120721 First seen by VirusTotal 2012-07-21 02:54:42 UTC ( 7 minutes ago ) Last seen by VirusTotal 2012-07-21 02:54:42 UTC ( 7 minutes ago )
  25. nosirrah
    fixed in the next update
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.