VS0606001 Possible new malware [Downloader/Banker?]
Data on a sample of a suspected new malware being spread via a link
in an e-mail.
This was caught by my Bayesian Filter.
I have included data on a sample for your information and analysis downloaded
from the link.
1 copy has been trapped so far.
I haven’t had a chance to test it on a goat system yet.
============================================================
Details:
FileName: fotos.exe
FileDateTime: 22/06/2006 10:20:14
Filesize: 125372
MD5: 1803f8dee08195b26e90c5f035d3a266
CRC32: 63723D6A
File Type: PE Executable
Packer: Standard PE File
============================================================
Scan report of: fotos.exe
@Proventia-VPS -
AntiVir -
Avast! -
AVG -
BitDefender BehavesLike:Trojan.Downloader (suspected)
ClamAV -
Command -
Dr Web -
eSafe Trojan/Worm [100] (suspicious)
eTrust-INO -
eTrust-INO (BETA) -
eTrust-VET -
eTrust-VET (BETA) -
Ewido Downloader.Banload.aau
F-Prot -
F-Secure Trojan-Spy.Win32.Banker.bll
F-Secure (BETA) Trojan-Spy.Win32.Banker.bll
Fortinet Spy/Banker
Fortinet (BETA) Spy/Banker
Ikarus -
Kaspersky Trojan-Spy.Win32.Banker.bll
McAfee -
McAfee (BETA) -
Microsoft -
Nod32 -
Norman W32/Downloader (Sandbox)
Panda Suspicious file
Panda (BETA) Suspicious file
QuickHeal Suspicious (warning)
Sophos -
Symantec -
Symantec (BETA) -
Trend Micro -
Trend Micro (BETA) -
VBA32 -
VirusBuster -
YY_Spybot -
============================================================
Please note that this blog has now moved to my own hosted domain here: http://momusings.com/vsub/.
A full RSS/ATOM feed can be found there.
All the data up to the end of December 2006 will be left here, however all postings from the 1st of January 2007 onwards will only be available at this blogs new home.
ALL future postings will only be available at the new site.
