VS0608004 Possible new malware [Haxdoor/Goldun?]
Data on a sample of a suspected new malware being spread via e-mail.
This was caught by an end user.
I have included data on a sample of the file attachment for your information and analysis.
1 copy has been trapped so far.
I haven’t had a chance to test it on a goat system yet.
============================================================
Details:
FileName: au.zl9
FileDateTime: 31/08/2006 10:20:51
Filesize: 21662
MD5: 7467cb4602a9bec41a93113748c54446
CRC32: E270C958
File Type: PE Executable
Packer: FSG
============================================================
Scan report of: au.zl9
@Proventia-VPS Malicious (Cancelled)
AntiVir -
Avast! -
AVG -
BitDefender DeepScan:Generic.Malware.SYw.273566A3
ClamAV -
Command W32/Dropper.gen2
Dr Web -
eSafe Trojan/Worm [100] (suspicious)
eTrust-INO -
eTrust-INO (BETA) -
eTrust-VET -
eTrust-VET (BETA) -
Ewido -
F-Prot W32/Dropper.gen2
F-Secure -
F-Secure (BETA) -
Fortinet suspicious
Fortinet (BETA) suspicious
Ikarus Trojan-Spy.Win32.Gen
Kaspersky -
McAfee -
McAfee (BETA) -
Microsoft -
Nod32 Win32/Spy.Goldun.LX trojan (probably variant)
Norman Suspicious_F.gen
Panda Suspicious file
Panda (BETA) Trj/Goldun.LA
QuickHeal Suspicious (warning)
Sophos Troj/Haxdoor-DC
Symantec -
Symantec (BETA) -
Trend Micro -
Trend Micro (BETA) -
UNA -
VBA32 Trojan-Spy.Banker.63 (suspected)
VirusBuster -
WebWasher Heuristic.Crypted
YY_Spybot -
============================================================
Please note that this blog has now moved to my own hosted domain here: http://momusings.com/vsub/.
A full RSS/ATOM feed can be found there.
All the data up to the end of December 2006 will be left here, however all postings from the 1st of January 2007 onwards will only be available at this blogs new home.
ALL future postings will only be available at the new site.
