VS0605006 Possible new malware [Downloader]
Details on a sample of a suspected new malware being spread via a link
in an e-mail.
This was caught by my Bayesian Filter.
I have included data on a sample for your information and analysis and the file extracted from the zip file attached to the original e-mail.
2 copies have been trapped so far.
I haven’t had a chance to test it on a goat system yet.
============================================================
Details:
Here’s the data on the ZIP file attached:
FileName: ref 7119606.zip
FileDateTime: 25/05/2006 11:38:23
Filesize: 5115
MD5: 32447beb481aad2a670093a75d7ae82e
CRC32: 5913500A
File Type: ZIP Archive File
This is the data on the file extracted from the ZIP attachment:
FileName: ref 7119606.exe
FileDateTime: 25/05/2006 09:19:04
Filesize: 6092
MD5: 9127f478235f98b6572bd3193918e473
CRC32: 6D0A8FD7
File Type: PE Executable
Packer: FSG
============================================================
Scan report of: ref 7119606.exe
AntiVir 6.34.1.32/20060525 found [Heuristic/Trojan.Downloader]
Authentium 4.93.8/20060525 found nothing
Avast 4.6.695.0/20060524 found nothing
AVG 386/20060524 found nothing
BitDefender 7.2/20060525 found nothing
CAT-QuickHeal 8.00/20060525 found [(Suspicious) - DNAScan]
ClamAV devel-20060426/20060525 found nothing
DrWeb 4.33/20060525 found nothing
eTrust-InoculateIT 23.72.17/20060525 found nothing
eTrust-Vet 12.6.2227/20060525 found nothing
Ewido 3.5/20060525 found nothing
Fortinet 2.77.0.0/20060524 found [suspicious]
F-Prot 3.16c/20060524 found nothing
Ikarus 0.2.65.0/20060524 found [Trojan-Downloader.Win32.Harnig.bl]
Kaspersky 4.0.2.24/20060525 found nothing
McAfee 4769/20060524 found nothing
Microsoft 1.1440/20060522 found nothing
NOD32v2 1.1557/20060525 found nothing
Norman 5.90.17/20060524 found nothing
Panda 9.0.0.4/20060524 found [Suspicious file]
Sophos 4.05.0/20060525 found nothing
Symantec 8.0/20060525 found nothing
TheHacker 5.9.8.147/20060524 found nothing
UNA 1.83/20060524 found nothing
VBA32 3.11.0/20060525 found nothing
============================================================
Please note that this blog has now moved to my own hosted domain here: http://momusings.com/vsub/.
A full RSS/ATOM feed can be found there.
All the data up to the end of December 2006 will be left here, however all postings from the 1st of January 2007 onwards will only be available at this blogs new home.
ALL future postings will only be available at the new site.
