Jump to content
Sign in to follow this  
steady

(APE-SNE) FP or trojan?

Recommended Posts

Hi,

MBAM 1.50.1.1100 with database 6360 detects an infected registry key HKEY_CLASSES_ROOT\d (Trojan.Agent)

Detection takes place once that a spanish goverment related site is used, the site is http://notificaciones.060.es (servicio de notificaciones electronicas), this is supposed to be a secure site used by the spanish goverment and administration to deliver electronic notifications _with_legal_value_

It seems that the site (or any MITM) installs some softare (activeX) on the computer using the site. Given that the installed software is not digitally signed there is no real certainity relative to the origin of the software and its actual intentions.

The software is installed in "C:\Archivos de programa\APE-SNE\APE-SNE ActiveX" where APE-SNE is supposed to represent "Apartado Postal Electronico - Servicio de Notificaciones Electronicas" which theoretically is a service provided by the official spanish mail company correos.es

There are four files in mentioned folder (APESNEActivex.dll APESNEActivex.InstallState APESNEActivex.tlb Interop.SHDocVw.DLL) and all four pass clean at virustotal.com

I'm attaching MBAM's log and some registry keys that seem related with APE-SNE ActiveX.

Is this a FP or some kind of malware?

Thanks

APE_SNE_mbam_log.zip

APE_SNE_Reg_keys.zip

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.