VS0608001 Possible new malware [Banload?]
Data on a sample of a suspected new malware being spread via a link
in an e-mail.
This was caught by my bayesian filter.
I have included data on a sample of the excutable downloaded from the link in
the e-mail for your information and analysis.
1 copy has been trapped so far.
I haven’t had a chance to test it on a goat system yet.
============================================================
Details:
FileName: fotos.exe
FileDateTime: 03/08/2006 10:11:24
Filesize: 47485
MD5: a881e92bfeef3e4c27159d5e12e9bd90
CRC32: E89E4C81
File Type: PE Executable
============================================================
Scan report of: fotos.exe
@Proventia-VPS -
AntiVir HEUR/Crypted.Layered.B
Avast! -
AVG -
BitDefender BehavesLike:Trojan.Downloader (suspected)
ClamAV -
Command -
Dr Web -
eSafe -
eTrust-INO -
eTrust-INO (BETA) -
eTrust-VET -
eTrust-VET (BETA) -
Ewido -
F-Prot -
F-Secure Trojan-Downloader.Win32.Banload.pu
F-Secure (BETA) Trojan-Downloader.Win32.Banload.pu
Fortinet suspicious
Fortinet (BETA) suspicious
Ikarus -
Kaspersky Trojan-Downloader.Win32.Banload.pu
McAfee New Malware.n (trojan or variant)
McAfee (BETA) New Malware.n (trojan or variant)
Microsoft -
Nod32 NewHeur_PE (probably unknown virus)
Norman W32/Downloader (Sandbox)
Panda Suspicious file
Panda (BETA) Suspicious file
QuickHeal Suspicious (warning)
Sophos -
Symantec -
Symantec (BETA) -
Trend Micro TROJ_BANLOAD.AWN
Trend Micro (BETA) TROJ_BANLOAD.AWN
UNA -
VBA32 Trojan-Downloader.Win32.Banload.pu
VirusBuster -
WebWasher Heuristic.Crypted.Layered.B
YY_Spybot Dialer_XX,,Executable
============================================================
Please note that this blog has now moved to my own hosted domain here: http://momusings.com/vsub/.
A full RSS/ATOM feed can be found there.
All the data up to the end of December 2006 will be left here, however all postings from the 1st of January 2007 onwards will only be available at this blogs new home.
ALL future postings will only be available at the new site.
