VS0605002 - Possible new malware [Downloader]
Data on a sample of a suspected new malware being spread via a link
in an e-mail.
This was caught by my Bayesian Filter.
I have included data on a sample for your information and analysis.
1 copy has been trapped so far.
I haven’t had a chance to test it on a goat system yet.
============================================================
Details:
FileName: ORDER 0228127.rar
FileDateTime: 10/05/2006 14:46:47
Filesize: 7324
MD5: be8cb6787d40d3898a17ebeda2466374
CRC32: 3CF9037B
File Type: RAR Archive File RAR
Contains:-
FileName: ORDER 0228127.exe
FileDateTime: 08/05/2006 13:50:20
Filesize: 8316
MD5: 31560115bd56e415228a84bca0c37f52
CRC32: A0BF309F
File Type: PE Executable
Packer: FSG
============================================================
Scan report of: ORDER 0228127.exe
@Proventia-VPS -
AntiVir TR/Dldr.Small.cjv.3
Avast! -
AVG -
BitDefender -
ClamAV -
Command -
Dr Web DLOADER.Trojan (probably)
eSafe Trojan/Worm [100] (suspicious)
eTrust-INO -
eTrust-INO (BETA) -
eTrust-VET -
eTrust-VET (BETA) -
Ewido -
F-Prot -
F-Secure Trojan-Downloader.Win32.Small.cul
F-Secure (BETA) Trojan-Downloader.Win32.Small.cul
Fortinet suspicious
Fortinet (BETA) suspicious
Ikarus Trojan-Downloader.Win32.Harnig.bl
Kaspersky Trojan-Downloader.Win32.Small.cul
McAfee -
McAfee (BETA) Generic Downloader.ab trojan
Microsoft -
Nod32 -
Norman -
Panda Suspicious file
Panda (BETA) Suspicious file
QuickHeal Suspicious (warning)
Sophos -
Symantec -
Symantec (BETA) Download.Trojan
Trend Micro -
Trend Micro (BETA) -
VBA32 -
VirusBuster -
YY_Spybot Smitfraud-C.,,Executable
============================================================
Please note that this blog has now moved to my own hosted domain here: http://momusings.com/vsub/.
A full RSS/ATOM feed can be found there.
All the data up to the end of December 2006 will be left here, however all postings from the 1st of January 2007 onwards will only be available at this blogs new home.
ALL future postings will only be available at the new site.
