VS0610002 Possible new malware [Banload?]
Data on a sample of a suspected new malware being spread via e-mail
using a website link in the e-mail.
This was caught by an end-user.
I have included data on a sample for your information and analysis.
1 copy has been trapped so far.
I haven’t had a chance to test it on a goat system yet.
============================================================
Details:
FileName: newfoto.exe
FileDateTime: 16/10/2006 17:41:34
Filesize: 182089
MD5: f27e13acf595fe5fdb9a1dbac8dfbf8f
CRC32: 40B774F3
File Type: PE Executable
Packer: FSG
============================================================
Scan report of: newfoto.exe
@Proventia-VPS Malicious (Cancelled)
AntiVir TR/Delphi.Downloader.Gen
Avast! -
AVG Downloader.Generic2.SKL (Trojan horse)
BitDefender -
ClamAV ERROR
Command -
Dr Web -
eSafe Trojan/Worm [100] (suspicious)
eTrust-INO -
eTrust-INO (BETA) -
eTrust-VET -
eTrust-VET (BETA) -
Ewido Downloader.Banload.aoo
F-Prot -
F-Secure Trojan-Downloader.Win32.Banload.aoo
F-Secure (BETA) Trojan-Downloader.Win32.Banload.aoo
Fortinet W32/Banload.AOO!tr.dldr
Fortinet (BETA) W32/Banload.AOO!tr.dldr
Ikarus suspicious
Kaspersky Trojan-Downloader.Win32.Banload.aoo
McAfee -
McAfee (BETA) -
Microsoft -
Nod32 Win32/TrojanDownloader.Banload.AOO trojan (variant)
Norman W32/Banload.HKN
Panda Trj/Nabload.QE
Panda (BETA) Trj/Nabload.QE
QuickHeal Suspicious (warning)
Rising Trojan.DL.Banload.iun
Sophos Mal/Packer
Symantec -
Symantec (BETA) -
Trend Micro Possible_Virus
Trend Micro (BETA) Possible_Virus
UNA -
VBA32 -
VirusBuster -
WebWasher Heuristic.Malware
YY_Spybot ERROR
============================================================
Please note that this blog has now moved to my own hosted domain here: http://momusings.com/vsub/.
A full RSS/ATOM feed can be found there.
All the data up to the end of December 2006 will be left here, however all postings from the 1st of January 2007 onwards will only be available at this blogs new home.
ALL future postings will only be available at the new site.
