VSUB - Malware Submissions :: January

VS0601006 Possible new malware [Ranky and Sdbot Dropper]

Data on a sample of a suspected new malware being spread via SMB.

This was caught by my WormCharmer.

I have included data on a sample of the dropper and the files extracted from the
RAR SFX dropper for your information and analysis.

1 copy has been trapped so far.

I haven’t had a chance to test it on a goat system yet.

============================================================
Details:

FileName: moonshine.exe
FileDateTime: 27/01/2006 09:19:52
Filesize: 164870
MD5: e382af0f14c12563cfea229b9cacba66
CRC32: 3099EBB0
File Type: PE Executable RAR

Scan report of: moonshine.exe

@Proventia-VPS -
AntiVir -
Avast! -
AVG Packed.gen
BitDefender Backdoor.SDBot.532451D8
ClamAV Worm.Mytob.GH
Command -
Dr Web Win32.IRC.Bot.based
eSafe -
eTrust-INO -
eTrust-INO (BETA) -
eTrust-VET -
eTrust-VET (BETA) -
Ewido Backdoor.SdBot
F-Prot -
F-Secure Backdoor.Win32.SdBot.gen
F-Secure (BETA) Backdoor.Win32.SdBot.gen
Fortinet W32/SDBot!bdr
Fortinet (BETA) W32/SDBot!bdr
Ikarus -
Kaspersky Backdoor.Win32.SdBot.gen
McAfee Downloader-PS trojan
McAfee (BETA) W32/Sdbot.worm.gen.by
Nod32 -
Norman -
Panda Bck/Sdbot.GGX
Panda (BETA) Bck/Sdbot.GGX
QuickHeal -
Sophos -
Symantec -
Symantec (BETA) -
Trend Micro -
Trend Micro (BETA) -
VBA32 Backdoor.Win32.SdBot.gen
VirusBuster -
YY_Spybot -

============================================================

Drops:-

============================================================
FileName: ciaraf.exe
FileDateTime: 25/01/2006 17:43:01
Filesize: 35391
MD5: b75c6b285daf3fb97b12ab328b5d11c0
CRC32: 6B9FB36B
File Type: PE Executable

Scan report of: ciaraf.exe

@Proventia-VPS Malicious (Cancelled)
AntiVir PCK/MEW
Avast! -
AVG -
BitDefender Backdoor.SDBot.532451D8
ClamAV Worm.Mytob.GH
Command -
Dr Web Win32.IRC.Bot.based
eSafe Trojan/Worm [100] (suspicious)
eTrust-INO Win32/IRCBot.Variant!Trojan
eTrust-INO (BETA) Win32/IRCBot.Variant!Trojan
eTrust-VET -
eTrust-VET (BETA) -
Ewido Backdoor.SdBot
F-Prot -
F-Secure Backdoor.Win32.SdBot.gen
F-Secure (BETA) Backdoor.Win32.SdBot.gen
Fortinet W32/SDBot!bdr
Fortinet (BETA) W32/SDBot!bdr
Ikarus Backdoor.Win32.Rbot.Gen
Kaspersky Backdoor.Win32.SdBot.gen
McAfee -
McAfee (BETA) W32/Sdbot.worm.gen.by
Nod32 IRC/SdBot trojan (variant)
Norman Bofra.C@mm
Panda Bck/Sdbot.GGX
Panda (BETA) Bck/Sdbot.GGX
QuickHeal W32.Bobic.L
Sophos W32/Sdbot-Fam
Symantec -
Symantec (BETA) -
Trend Micro WORM_SDBOT.GEN
Trend Micro (BETA) WORM_SDBOT.GEN
VBA32 Backdoor.Win32.SdBot.gen
VirusBuster -
YY_Spybot -

============================================================
FileName: fciara.exe
FileDateTime: 25/01/2006 17:43:41
Filesize: 36864
MD5: b9cd72ee34e9d16eb35bfa3541a1deae
CRC32: E0ED83F5
File Type: PE Executable
Packer: Standard PE File

Scan report of: fciara.exe

@Proventia-VPS Malicious (Cancelled)
AntiVir TR/Proxy.Agent.AR
Avast! -
AVG Packed.gen
BitDefender BehavesLike:Win32.Backdoor (suspected)
ClamAV -
Command -
Dr Web BackDoor.DarkMoon.66
eSafe Win32.Darkmoon.bw
eTrust-INO Win32/NTPacker.B!Trojan
eTrust-INO (BETA) Win32/NTPacker.B!Trojan
eTrust-VET Win32/NTPacker.B
eTrust-VET (BETA) Win32/NTPacker.B
Ewido Backdoor.Bifrose.d
F-Prot -
F-Secure -
F-Secure (BETA) -
Fortinet W32/Bifrose.D-bdr
Fortinet (BETA) W32/Bifrose.D-bdr
Ikarus Net-Worm.Win32.Mytob.BI
Kaspersky -
McAfee Downloader-PS trojan
McAfee (BETA) Downloader-PS trojan
Nod32 Win32/TrojanDropper.ErPack trojan
Norman -
Panda -
Panda (BETA) Trj/Ranky.LL
QuickHeal -
Sophos -
Symantec -
Symantec (BETA) -
Trend Micro -
Trend Micro (BETA) -
VBA32 Backdoor.PcClient.34 (suspected)
VirusBuster -
YY_Spybot -

============================================================

The following updates have been used for the test (all times in GMT):

@Proventia-VPS VPS.rar 2005-12-31 23:59
AntiVir ifusebundle_de.zip 2006-01-30 07:58
Avast! 400.vps 2006-01-28 23:47
AVG avg7mmav375a699.zip 2006-01-27 11:53
BitDefender cumulative.zip 2006-01-30 08:25
ClamAV daily.cvd 2006-01-30 09:09
Command DEFFILES.ZIP 2006-01-28 17:51
Dr Web drwtoday.zip 2006-01-29 20:43
eSafe com_evsvsp_vtest.upd 2006-01-29 12:51
eTrust-INO fi_nt86.exe 2006-01-29 15:40
eTrust-INO (BETA) fi_nt86.exe 2006-01-29 13:50
eTrust-VET fv_nt86.exe 2006-01-30 04:35
eTrust-VET (BETA) fv_nt86.exe 2006-01-30 02:12
Ewido ewidoscan.zip 2006-01-29 16:12
F-Prot fp-def.zip 2006-01-28 16:49
F-Secure latest.zip 2006-01-30 08:29
F-Secure (BETA) latest.zip 2006-01-30 08:10
Fortinet vir_high 2006-01-30 01:06
Fortinet (BETA) vir_high 2006-01-30 08:23
Ikarus pd060127.exe 2006-01-27 16:42
Kaspersky daily.zip 2006-01-30 09:07
McAfee dat-4684.zip 2006-01-27 18:33
McAfee (BETA) win_netware_betadat.zip 2006-01-30 08:25
Nod32 minnt.exe 2006-01-29 13:37
Norman nvc5oem.zip 2006-01-30 08:33
Panda pav.zip 2006-01-29 13:51
Panda (BETA) pav.zip 2006-01-30 09:04
QuickHeal qhadvdef.zip 2006-01-27 17:15
Sophos ides.zip 2006-01-30 04:54
Symantec 20060129-004-i32.exe 2006-01-29 22:05
Symantec (BETA) symrapidreleasedefsi32.exe 2006-01-30 08:35
Trend Micro lpt183.zip 2006-01-30 04:32
Trend Micro (BETA) lpt184.zip 2006-01-30 05:16
VBA32 vba32w-latest.rar 2006-01-29 23:48
VirusBuster vbuster8.vdb 2006-01-29 15:46
YY_Spybot includes.zip 2006-01-27 10:04

============================================================

Comments (0)

Please note that this blog has now moved to my own hosted domain here: http://momusings.com/vsub/.
A full RSS/ATOM feed can be found there.

All the data up to the end of December 2006 will be left here, however all postings from the 1st of January 2007 onwards will only be available at this blogs new home.
ALL future postings will only be available at the new site.

VS0601005 Possible new malware [Ranky and Sdbot Dropper]

Filed under: All, Submitted

Attached is a sample of a suspected new malware being spread via SMB.

This was caught by my WormCharmer.

I have included a sample of the dropper and the files extracted from the
RAR SFX dropper for your information and analysis.

6 copies (1 copy attached) have been trapped so far.

I haven’t had a chance to test it on a goat system yet.

============================================================
Details:

FileName: blizzard.exe
FileDateTime: 19/01/2006 10:39:35
Filesize: 156626
MD5: afeec8473d6b4cee26700b38dc8041e5
CRC32: 883C9432
File Type: PE Executable RAR

Scan report of: blizzard.exe

@Proventia-VPS -
AntiVir -
Avast! -
AVG Proxy.BFD (Trojan horse)
BitDefender Trojan.Proxy.Ranky.DW
ClamAV Worm.Mytob.GH
Command -
Dr Web DLOADER.Trojan (probably)
eSafe -
eTrust-INO -
eTrust-INO (BETA) -
eTrust-VET -
eTrust-VET (BETA) -
Ewido -
F-Prot -
F-Secure Backdoor.Win32.SdBot.gen
F-Secure (BETA) Backdoor.Win32.SdBot.gen
Fortinet -
Fortinet (BETA) -
Ikarus -
Kaspersky Trojan-Proxy.Win32.Ranky.gen
McAfee Proxy-FBSR trojan
McAfee (BETA) Proxy-FBSR trojan
Nod32 -
Norman -
Panda Trj/Multidropper.BCY
Panda (BETA) Trj/Multidropper.BCY
QuickHeal -
Sophos -
Symantec -
Symantec (BETA) -
Trend Micro -
Trend Micro (BETA) TROJ_RANKY.IK
VBA32 Trojan-Spy.Banker.24 (suspected)
VirusBuster Worm.DR.SdBot.BSM
YY_Spybot -

============================================================

Drops:-

============================================================
FileName: megod.exe
FileDateTime: 16/01/2006 14:40:13
Filesize: 35394
MD5: c6e3f2d726855c5d88cad2b5967315f3
CRC32: 4982E484
File Type: PE Executable

Scan report of: megod.exe

@Proventia-VPS Malicious (Cancelled)
AntiVir PCK/MEW
Avast! -
AVG IRC/BackDoor.SdBot.TRE (Trojan horse)
BitDefender Backdoor.SDBot.532451D8
ClamAV Worm.Mytob.GH
Command -
Dr Web Win32.IRC.Bot.based
eSafe Trojan/Worm [100] (suspicious)
eTrust-INO Win32/IRCBot.Variant!Trojan
eTrust-INO (BETA) Win32/IRCBot.Variant!Trojan
eTrust-VET -
eTrust-VET (BETA) -
Ewido -
F-Prot -
F-Secure Backdoor.Win32.SdBot.gen
F-Secure (BETA) Backdoor.Win32.SdBot.gen
Fortinet -
Fortinet (BETA) -
Ikarus Backdoor.Win32.Rbot.Gen
Kaspersky Backdoor.Win32.SdBot.gen
McAfee -
McAfee (BETA) -
Nod32 IRC/SdBot trojan
Norman Bofra.C@mm
Panda Bck/Sdbot.GGX
Panda (BETA) Bck/Sdbot.GGX
QuickHeal W32.Bobic.L
Sophos W32/Sdbot-Fam
Symantec -
Symantec (BETA) -
Trend Micro WORM_SDBOT.GEN
Trend Micro (BETA) WORM_SDBOT.DBK
VBA32 Trojan-Spy.Banker.24 (suspected)
VirusBuster Worm.SdBot.BSM
YY_Spybot -

============================================================
FileName: takeon.exe
FileDateTime: 16/01/2006 14:40:28
Filesize: 22292
MD5: 3bb69de7581c51deca78e5ae2aed40b8
CRC32: E9289607
File Type: PE Executable

Scan report of: takeon.exe

@Proventia-VPS Malicious (Cancelled)
AntiVir PCK/MEW
Avast! -
AVG Proxy.BFD (Trojan horse)
BitDefender Trojan.Proxy.Ranky.DW
ClamAV Worm.Mytob.GH
Command -
Dr Web DLOADER.Trojan (probably)
eSafe Trojan/Worm [100] (suspicious)
eTrust-INO Win32/Ranky.8gb!Trojan
eTrust-INO (BETA) Win32/Ranky.8gb!Trojan
eTrust-VET -
eTrust-VET (BETA) -
Ewido -
F-Prot -
F-Secure Trojan-Proxy.Win32.Ranky.gen
F-Secure (BETA) Trojan-Proxy.Win32.Ranky.gen
Fortinet -
Fortinet (BETA) -
Ikarus Backdoor.Win32.Rbot.Gen
Kaspersky Trojan-Proxy.Win32.Ranky.gen
McAfee Proxy-FBSR trojan
McAfee (BETA) Proxy-FBSR trojan
Nod32 Win32/TrojanProxy.Ranky trojan
Norman W32/Suspicious_M.gen
Panda Trj/Ranky.KX
Panda (BETA) Trj/Ranky.KX
QuickHeal W32.Bobic.L
Sophos Troj/Ranck-Fam
Symantec -
Symantec (BETA) -
Trend Micro -
Trend Micro (BETA) TROJ_RANKY.IL
VBA32 Trojan-Spy.Banker.24 (suspected)
VirusBuster Trojan.PR.Ranck.HE
YY_Spybot -

============================================================

Comments (0)

Please note that this blog has now moved to my own hosted domain here: http://momusings.com/vsub/.
A full RSS/ATOM feed can be found there.

All the data up to the end of December 2006 will be left here, however all postings from the 1st of January 2007 onwards will only be available at this blogs new home.
ALL future postings will only be available at the new site.

VS0601004 Possible new malware [Bancos]

Filed under: All, Submitted

Data on a sample of a suspected new malware being spread via a link
in an e-mail.

This was caught by an end user.

I have included data on a sample for your information and analysis.

1 copy has been trapped so far.

I haven’t had a chance to test it on a goat system yet.

============================================================
Details:

FileName: vacina-Worm.bda.267.scr
FileDateTime: 19/01/2006 09:33:54
Filesize: 550095
MD5: 2821371d6b856148ea64b9d936b37474
CRC32: 2C62DCC1
File Type: PE Executable
Packer: DoomPack

Scan report of: vacina-Worm.bda.267.scr

@Proventia-VPS Malicious (Cancelled)
AntiVir -
Avast! -
AVG PSW.Banker.SGG (Trojan horse)
BitDefender Trojan.Banker.Delf.0FA7F3DA
ClamAV -
Command -
Dr Web -
eSafe -
eTrust-INO Win32/Bancos.BAX!PWS!Trojan
eTrust-INO (BETA) Win32/Bancos.BAX!PWS!Trojan
eTrust-VET -
eTrust-VET (BETA) Win32/Bancos.BHY
Ewido Logger.Banker.ahy
F-Prot -
F-Secure Trojan-Spy.Win32.Banker.ahy
F-Secure (BETA) Trojan-Spy.Win32.Banker.ahy
Fortinet Spy/Banker
Fortinet (BETA) Spy/Banker
Ikarus suspicious
McAfee -
McAfee (BETA) -
Nod32 -
Norman -
Panda Suspicious file
Panda (BETA) Suspicious file
QuickHeal -
Sophos -
Symantec -
Symantec (BETA) -
Trend Micro -
Trend Micro (BETA) -
VBA32 Trojan-Spy.Banbra.19 (suspected)
VirusBuster -
YY_Spybot -

============================================================

Comments (0)

Please note that this blog has now moved to my own hosted domain here: http://momusings.com/vsub/.
A full RSS/ATOM feed can be found there.

All the data up to the end of December 2006 will be left here, however all postings from the 1st of January 2007 onwards will only be available at this blogs new home.
ALL future postings will only be available at the new site.

VS0601003 Possible new malware [Bancos]

Filed under: All, Submitted

Data on a sample of a suspected new malware being spread via a link
in an e-mail.

This was caught by my Bayesian Filter.

I have included data on a sample for your information and analysis.

1 copy has been trapped so far.

I haven’t had a chance to test it on a goat system yet.

============================================================
Details:

FileName: fotos.exe
FileDateTime: 14/01/2006 22:53:14
Filesize: 126754
MD5: 466bed20e00ecf5447243e7de7d24943
CRC32: 4B445F56
File Type: PE Executable

Scan report of: fotos.exe

@Proventia-VPS Malicious (Cancelled)
AntiVir -
Avast! -
AVG -
BitDefender Trojan.Banker.VB.4616C390
ClamAV Worm.Mytob.Gen-6
Command -
Dr Web Trojan.PWS.Bancos.207
eSafe -
eTrust-INO -
eTrust-INO (BETA) -
eTrust-VET -
eTrust-VET (BETA) -
Ewido Logger.Bancos.ha
F-Prot -
F-Secure Trojan-Spy.Win32.Bancos.ha
F-Secure (BETA) Trojan-Spy.Win32.Bancos.ha
Fortinet suspicious
Fortinet (BETA) suspicious
Ikarus -
Kaspersky Trojan-Spy.Win32.Bancos.ha
McAfee New Malware.n (trojan or variant)
McAfee (BETA) PWS-Banker.gen.i trojan
Nod32 Win32/Spy.Bancos.U trojan
Norman -
Panda Suspicious file
Panda (BETA) Suspicious file
QuickHeal Suspicious (warning)
Sophos -
Symantec -
Symantec (BETA) -
Trend Micro -
Trend Micro (BETA) -
VBA32 Trojan-Spy.Win32.Bancos.ha
VirusBuster -
YY_Spybot -

============================================================

Comments (0)

Please note that this blog has now moved to my own hosted domain here: http://momusings.com/vsub/.
A full RSS/ATOM feed can be found there.

All the data up to the end of December 2006 will be left here, however all postings from the 1st of January 2007 onwards will only be available at this blogs new home.
ALL future postings will only be available at the new site.

VS0601002 Possible new malware [Ranky and Sdbot Dropper]

Filed under: All, Submitted

Data on a sample of a suspected new malware being spread via SMB.

This was caught by my WormCharmer.

I have included data on a sample of the dropper and the files extracted from the
RAR SFX dropper for your information and analysis.

1 copy has been trapped so far.

I haven’t had a chance to test it on a goat system yet.

============================================================
Details:

FileName: secarik.exe
FileDateTime: 08/01/2006 02:49:19
Filesize: 155530
MD5: 69ebd33f22754f6d4b618dac781e1905
CRC32: 101DA3CB
File Type: PE Executable RAR

Scan report of: secarik.exe

@Proventia-VPS -
AntiVir -
Avast! -
AVG -
BitDefender Backdoor.SDBot.C2E9FBBA
ClamAV Worm.Mytob.GH
Command -
Dr Web Win32.IRC.Bot.based
eSafe -
eTrust-INO -
eTrust-INO (BETA) -
eTrust-VET -
eTrust-VET (BETA) -
Ewido -
F-Prot -
F-Secure Trojan-Proxy.Win32.Ranky.gen
F-Secure (BETA) Trojan-Proxy.Win32.Ranky.gen
Fortinet suspicious
Fortinet (BETA) suspicious
Ikarus -
Kaspersky Backdoor.Win32.SdBot.gen
McAfee Proxy-FBSR.gen trojan
McAfee (BETA) Proxy-FBSR.gen trojan
Nod32 -
Norman -
Panda -
Panda (BETA) -
QuickHeal -
Sophos -
Symantec -
Symantec (BETA) -
Trend Micro -
Trend Micro (BETA) -
VBA32 Trojan-Spy.Banker.24 (suspected)
VirusBuster -
YY_Spybot -

============================================================

Drops:-

============================================================
FileName: gomex.exe
FileDateTime: 06/01/2006 21:44:50
Filesize: 34372
MD5: a8d1f91ead26578e337bf75260d808ce
CRC32: 24EB1B99
File Type: PE Executable

Scan report of: gomex.exe

@Proventia-VPS Malicious (Cancelled)
AntiVir PCK/MEW
Avast! -
AVG -
BitDefender Backdoor.SDBot.C2E9FBBA
ClamAV Worm.Mytob.GH
Command -
Dr Web Win32.IRC.Bot.based
eSafe Routine CRC-Mytob8
eTrust-INO Win32/IRCBot.Variant!Trojan
eTrust-INO (BETA) Win32/IRCBot.Variant!Trojan
eTrust-VET -
eTrust-VET (BETA) -
Ewido -
F-Prot -
F-Secure Backdoor.Win32.SdBot.gen
F-Secure (BETA) Backdoor.Win32.SdBot.gen
Fortinet -
Fortinet (BETA) -
Ikarus Backdoor.Win32.Rbot.Gen
Kaspersky Backdoor.Win32.SdBot.gen
McAfee -
McAfee (BETA) -
Nod32 IRC/SdBot trojan (variant)
Norman W32/Suspicious_M.gen
Panda W32/Gaobot.gen.worm
Panda (BETA) W32/Gaobot.gen.worm
QuickHeal W32.Bobic.L
Sophos W32/Sdbot-Fam
Symantec -
Symantec (BETA) -
Trend Micro Possible_Virus
Trend Micro (BETA) Possible_Virus
VBA32 Trojan-Spy.Banker.24 (suspected)
VirusBuster -
YY_Spybot -

============================================================
FileName: nexom.exe
FileDateTime: 06/01/2006 21:55:28
Filesize: 23552
MD5: 8dfd156fd09653d086aa08319b6521ce
CRC32: 4EB8C7CC
File Type: PE Executable
Packer: UPX

Scan report of: nexom.exe

@Proventia-VPS Malicious (Cancelled)
AntiVir Heuristic/Trojan.Downloader
Avast! -
AVG -
BitDefender Generic.Malware.Sdld.22BCD2CD (suspected)
ClamAV -
Command -
Dr Web DLOADER.Trojan (probably)
eSafe Trojan/Worm [101] (suspicious)
eTrust-INO Win32/Ranky.Variant!Trojan
eTrust-INO (BETA) Win32/Ranky.Variant!Trojan
eTrust-VET Win32/Ranck.JR
eTrust-VET (BETA) Win32/Ranck.JR
Ewido -
F-Prot -
F-Secure Trojan-Proxy.Win32.Ranky.gen
F-Secure (BETA) Trojan-Proxy.Win32.Ranky.gen
Fortinet suspicious
Fortinet (BETA) suspicious
Ikarus -
Kaspersky Trojan-Proxy.Win32.Ranky.gen
McAfee Proxy-FBSR.gen trojan
McAfee (BETA) Proxy-FBSR.gen trojan
Nod32 Win32/TrojanProxy.Ranky trojan (variant)
Norman W32/Malware (Sandbox)
Panda Suspicious file
Panda (BETA) Suspicious file
QuickHeal -
Sophos Troj/Ranck-Fam
Symantec -
Symantec (BETA) -
Trend Micro -
Trend Micro (BETA) -
VBA32 -
VirusBuster -
YY_Spybot -
============================================================

Comments (0)

Please note that this blog has now moved to my own hosted domain here: http://momusings.com/vsub/.
A full RSS/ATOM feed can be found there.

All the data up to the end of December 2006 will be left here, however all postings from the 1st of January 2007 onwards will only be available at this blogs new home.
ALL future postings will only be available at the new site.

VS0601001 Possible new malware [Ranky and Sdbot Dropper]

Filed under: All, Submitted

Data on a sample of a suspected new malware being spread via SMB.

This was caught by my WormCharmer.

I have included data on a sample of the dropper and the files extracted from the
RAR SFX dropper for your information and analysis.

2 copies have been trapped so far.

I haven’t had a chance to test it on a goat system yet.

============================================================
Details:

FileName: newyear.exe
FileDateTime: 05/01/2006 16:10:40
Filesize: 155620
MD5: 75ff76d1b8b0d53f5901ecaab25dfb40
CRC32: 8DE88371
File Type: PE Executable RAR

Scan report of: newyear.exe

@Proventia-VPS -
AntiVir -
Avast! -
AVG IRC/BackDoor.SdBot.SBT (Trojan horse)
BitDefender BehavesLike:Win32.Backdoor (suspected)
ClamAV Worm.Mytob.GH
Command -
Dr Web DLOADER.Trojan (probably)
eSafe -
eTrust-INO -
eTrust-INO (BETA) -
eTrust-VET -
eTrust-VET (BETA) -
Ewido -
F-Prot -
F-Secure Backdoor.Win32.SdBot.gen
F-Secure (BETA) Backdoor.Win32.SdBot.gen
Fortinet -
Fortinet (BETA) -
Ikarus -
Kaspersky Trojan-Proxy.Win32.Ranky.be (warning)
McAfee Proxy-FBSR trojan
McAfee (BETA) Proxy-FBSR trojan
Nod32 -
Norman -
Panda -
Panda (BETA) -
QuickHeal -
Sophos -
Symantec -
Symantec (BETA) -
Trend Micro -
Trend Micro (BETA) -
VBA32 Trojan-Spy.Banker.24 (suspected)
VirusBuster -
YY_Spybot -

============================================================

Drops:-

============================================================

FileName: smallko.exe
FileDateTime: 05/01/2006 00:46:49
Filesize: 22286
MD5: df67bfb04235d2f7b5b4898eb0acdfef
CRC32: A2A97F28
File Type: PE Executable

Scan report of: smallko.exe

@Proventia-VPS Malicious (Cancelled)
AntiVir PCK/MEW
Avast! -
AVG -
BitDefender BehavesLike:Win32.Backdoor (suspected)
ClamAV Worm.Mytob.GH
Command -
Dr Web DLOADER.Trojan (probably)
eSafe Trojan/Worm [100] (suspicious)
eTrust-INO Win32/Ranky.Variant!Trojan
eTrust-INO (BETA) Win32/Ranky.Variant!Trojan
eTrust-VET -
eTrust-VET (BETA) -
Ewido -
F-Prot -
F-Secure Trojan-Proxy.Win32.Ranky.be
F-Secure (BETA) Trojan-Proxy.Win32.Ranky.be
Fortinet -
Fortinet (BETA) -
Ikarus Backdoor.Win32.Rbot.Gen
Kaspersky Trojan-Proxy.Win32.Ranky.be (warning)
McAfee Proxy-FBSR trojan
McAfee (BETA) Proxy-FBSR trojan
Nod32 Win32/TrojanProxy.Ranky trojan (variant)
Norman W32/Suspicious_M.gen
Panda Suspicious file
Panda (BETA) Suspicious file
QuickHeal TrojanProxy.Ranky.gen
Sophos Troj/Ranck-Fam
Symantec -
Symantec (BETA) -
Trend Micro -
Trend Micro (BETA) -
VBA32 Trojan-Spy.Banker.24 (suspected)
VirusBuster -
YY_Spybot -

============================================================
FileName: smallok.exe
FileDateTime: 05/01/2006 00:46:25
Filesize: 34382
MD5: 09e9474350284e6e5fe3dc76608177ea
CRC32: EF816634
File Type: PE Executable

Scan report of: smallok.exe

@Proventia-VPS Malicious (Cancelled)
AntiVir PCK/MEW
Avast! -
AVG IRC/BackDoor.SdBot.SBT (Trojan horse)
BitDefender Backdoor.SDBot.DF38CD19
ClamAV Worm.Mytob.GH
Command -
Dr Web Win32.IRC.Bot.based
eSafe Trojan/Worm [100] (suspicious)
eTrust-INO Win32/IRCBot.Variant!Trojan
eTrust-INO (BETA) Win32/IRCBot.Variant!Trojan
eTrust-VET -
eTrust-VET (BETA) -
Ewido -
F-Prot -
F-Secure Backdoor.Win32.SdBot.gen
F-Secure (BETA) Backdoor.Win32.SdBot.gen
Fortinet -
Fortinet (BETA) -
Ikarus Backdoor.Win32.Rbot.Gen
Kaspersky Backdoor.Win32.SdBot.gen
McAfee W32/Sdbot.worm.gen.by
McAfee (BETA) W32/Sdbot.worm.gen.by
Nod32 IRC/SdBot trojan (variant)
Norman W32/Suspicious_M.gen
Panda W32/Gaobot.gen.worm
Panda (BETA) W32/Gaobot.gen.worm
QuickHeal W32.Bobic.L
Sophos W32/Sdbot-Fam
Symantec -
Symantec (BETA) -
Trend Micro Possible_Virus
Trend Micro (BETA) Possible_Virus
VBA32 Trojan-Spy.Banker.24 (suspected)
VirusBuster Worm.SdBot.BQZ
YY_Spybot -

============================================================

Comments (0)

Please note that this blog has now moved to my own hosted domain here: http://momusings.com/vsub/.
A full RSS/ATOM feed can be found there.

All the data up to the end of December 2006 will be left here, however all postings from the 1st of January 2007 onwards will only be available at this blogs new home.
ALL future postings will only be available at the new site.

VSUB - Malware Submissions

Monday 30th January, 2006

VS0601006 Possible new malware [Ranky and Sdbot Dropper]

Monday 23rd January, 2006

VS0601005 Possible new malware [Ranky and Sdbot Dropper]

Friday 20th January, 2006

VS0601004 Possible new malware [Bancos]

Monday 16th January, 2006

VS0601003 Possible new malware [Bancos]

Tuesday 10th January, 2006

VS0601002 Possible new malware [Ranky and Sdbot Dropper]

Friday 6th January, 2006

VS0601001 Possible new malware [Ranky and Sdbot Dropper]

January 2006
M	T	W	T	F	S	S
				Feb »
						1
2	3	4	5	6	7	8
9	10	11	12	13	14	15
16	17	18	19	20	21	22
23	24	25	26	27	28	29
30	31