VSUB - Malware Submissions

Wednesday 12th July, 2006

VS0607001 Possible new malware [Downloader/Banker?]

Filed under: All, Submitted

Data on a sample of a suspected new malware being spread via e-mail.

This was caught by my Bayesian Filter.

I have included data on the zip extracted from the e-mail, and the executable
extracted from the zip for your information and analysis.

12 copies have been trapped so far.

I haven’t had a chance to test it on a goat system yet.

============================================================

Details:

FileName: ID 0220712.zip
FileDateTime: 11/07/2006 19:09:40
Filesize: 4230
MD5: 1ad4a6cdc799d7ac112bf749d3339924
CRC32: 74DD4E84
File Type: ZIP Archive File

Contains:-

FileName: ID 0220712.exe
FileDateTime: 11/07/2006 06:47:10
Filesize: 5172
MD5: 73da3beb4b2d09db14d9881a18fd7535
CRC32: 883E01A9
File Type: PE Executable
Packer: FSG

============================================================

Scan report of: ID 0220712.exe

@Proventia-VPS -
AntiVir HEUR/Trojan.Downloader
Avast! Win32:Small-TI [Trj]
AVG -
BitDefender -
ClamAV -
Command -
Dr Web Trojan.DownLoader.10885
eSafe Trojan/Worm [100] (suspicious)
eTrust-INO -
eTrust-INO (BETA) -
eTrust-VET -
eTrust-VET (BETA) -
Ewido -
F-Prot -
F-Secure W32/Small.DEO
F-Secure (BETA) W32/Small.DEO
Fortinet suspicious
Fortinet (BETA) W32/ATM!tr.dldr
Ikarus Trojan-Downloader.Win32.Agent.gen
Kaspersky Trojan-Downloader.Win32.Small.dep
McAfee -
McAfee (BETA) Downloader-ATM trojan
Microsoft -
Nod32 Win32/TrojanDownloader.Small.NIH trojan (variant)
Norman -
Panda Suspicious file
Panda (BETA) Trj/Banker.CZI
QuickHeal Suspicious (warning)
Sophos Troj/Clagger-W
Symantec -
Symantec (BETA) Downloader
Trend Micro -
Trend Micro (BETA) -
UNA -
VBA32 -
VirusBuster -
WebWasher Heuristic.Trojan.Downloader
YY_Spybot Smitfraud-C.,,Executable

============================================================

Get free blog up and running in minutes with Blogsome | Theme designs available here