VS0612001 Possible New Malware [Banload?]
Data on a sample of a suspected new malware being spread via a link in an e-mail.
This was caught by an end-user.
I have included data on a sample for your information and analysis.
1 copy has been trapped so far.
I haven’t had a chance to test it on a goat system yet.
============================================================
Details:
FileName: fotos.scr
FileDateTime: 20/11/2006 03:42:14
Filesize: 197632
MD5: c3f5d3e1f4859fd862ba87fe9cb3ba08
CRC32: 1E72E632
File Type: PE Executable
============================================================
Scan report of: fotos.scr
@Proventia-VPS Malicious (Cancelled)
AntiVir -
Avast! -
AVG -
BitDefender BehavesLike:Trojan.Downloader (suspected)
ClamAV -
Command -
Dr Web -
eSafe Trojan/Worm [106] (suspicious)
eTrust-INO -
eTrust-INO (BETA) -
eTrust-VET -
eTrust-VET (BETA) -
Ewido Downloader.Banload.app
F-Prot -
F-Secure -
F-Secure (BETA) -
Fortinet suspicious
Fortinet (BETA) suspicious
Ikarus -
Kaspersky -
McAfee -
McAfee (BETA) -
Microsoft -
Nod32 -
Norman -
Panda Suspicious file
Panda (BETA) Suspicious file
QuickHeal Suspicious (warning)
Rising -
Sophos -
Symantec Downloader.Bancos!gen
Symantec (BETA) Downloader.Bancos!gen
Trend Micro -
Trend Micro (BETA) -
UNA -
VBA32 -
VirusBuster -
WebWasher Win32.Malware.gen!94 (suspicious)
YY_Spybot -
============================================================
Please note that this blog has now moved to my own hosted domain here: http://momusings.com/vsub/.
A full RSS/ATOM feed can be found there.
All the data up to the end of December 2006 will be left here, however all postings from the 1st of January 2007 onwards will only be available at this blogs new home.
ALL future postings will only be available at the new site.
