VS0607003 Possible new malware [Downloader?]
Data on a sample of a suspected new malware being spread via e-mail.
This was caught by my Bayesian Filter.
I have included data on the zip extracted from the e-mail, and the executable extracted from the zip for
your information and analysis.
1 copy has been trapped so far.
I haven’t had a chance to test it on a goat system yet.
============================================================
Details:
FileName: DD269901.zip
FileDateTime: 20/07/2006 10:49:40
Filesize: 4308
MD5: c1aa725f9b6eedd79b99491e014e258c
CRC32: 90F66E21
File Type: ZIP Archive File
Contains:-
FileName: DD269901.exe
FileDateTime: 19/07/2006 17:09:00
Filesize: 5244
MD5: eb6aa621d168bf53a204141d0ace119e
CRC32: 1CDC43AE
File Type: PE Executable
Packer: FSG
============================================================
Scan report of: DD269901.exe
@Proventia-VPS -
AntiVir HEUR/Trojan.Downloader
Avast! -
AVG -
BitDefender -
ClamAV -
Command -
Dr Web -
eSafe Trojan/Worm [100] (suspicious)
eTrust-INO -
eTrust-INO (BETA) -
eTrust-VET -
eTrust-VET (BETA) -
Ewido -
F-Prot -
F-Secure W32/Small.DGR
F-Secure (BETA) W32/Small.DGR
Fortinet suspicious
Fortinet (BETA) suspicious
Ikarus suspicious
Kaspersky -
McAfee -
McAfee (BETA) -
Microsoft -
Nod32 -
Norman -
Panda Suspicious file
Panda (BETA) Suspicious file
QuickHeal Suspicious (warning)
Sophos -
Symantec -
Symantec (BETA) -
Trend Micro -
Trend Micro (BETA) -
UNA -
VBA32 -
VirusBuster -
WebWasher Heuristic.Trojan.Downloader
YY_Spybot Smitfraud-C.,,Executable
============================================================
Please note that this blog has now moved to my own hosted domain here: http://momusings.com/vsub/.
A full RSS/ATOM feed can be found there.
All the data up to the end of December 2006 will be left here, however all postings from the 1st of January 2007 onwards will only be available at this blogs new home.
ALL future postings will only be available at the new site.
