-toe
Attached Files
-
ahhhh.rar 7.4K
23 downloads
Sponsored by: █ Sparkhost - Hosting Without Compromises! █ Hybrid Performance Web Hosting █ Spark Host Stream Hosting █ Hybrid IRC & IRCd Server Shell Accounts
Trojan, New?
Started by
toe
, Feb 28 2007 10:19 PM
2 replies to this topic
#1
toe
-
- Members
-
- 271 posts
Staff Sergeant
Posted 28 February 2007 - 10:19 PM
got this the other day none of the .exes where detected by nod32 a few days ago. the .exe's included are what were created. only 2 of the .exes are now detected with nod32. Haven't got any vms or tools set up atm so any info on these bastards would be great.
-toe
-toe
#2
1p1
-
- Members
-
- 4 posts
Private
Posted 19 March 2007 - 10:34 PM
why not download?
Ryan: Because you are a trial member who just got warned
Ryan: Because you are a trial member who just got warned
#3
MpR
-
- Members
-
- 41 posts
Private First Class
Posted 20 March 2007 - 01:02 PM
For the file iftucmk.exe and others same size
Technical Details:
Analysis Number 1
Parent ID 0
Process ID 1892
Filename c:\8ea684a850c9f72c5f0a1740bf50505a.exe
Filesize 1024 bytes
MD5 8ea684a850c9f72c5f0a1740bf50505a
Start Reason AnalysisTarget
Termination Reason NormalTermination
Start Time 00:00.063
Stop Time 00:01.688
Detection OK (ClamAV)
Trojan.Spy.Sheriff.C (BDC/Linux-Console)
TR/Killav.DB.2 (AntiVir Workstation)
DLL-Handling Loaded DLLs
c:\8ea684a850c9f72c5f0a1740bf50505a.exe
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\user32.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\advapi32.dll
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\oleaut32.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\comctl32.dll
C:\WINDOWS\system32\wsock32.dll
C:\WINDOWS\system32\WS2_32.dll
C:\WINDOWS\system32\WS2HELP.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\pstorec.dll
C:\WINDOWS\system32\ATL.DLL
C:\WINDOWS\system32\Wship6.dll
C:\WINDOWS\system32\Secur32.dll
Process Management Kill Process - Filename () CommandLine: () Target PID: (1892) As User: () Creation Flags: ()
other files are same just unpacked versions
http://www.symantec....-122910-4625-99
Technical Details:
Analysis Number 1
Parent ID 0
Process ID 1892
Filename c:\8ea684a850c9f72c5f0a1740bf50505a.exe
Filesize 1024 bytes
MD5 8ea684a850c9f72c5f0a1740bf50505a
Start Reason AnalysisTarget
Termination Reason NormalTermination
Start Time 00:00.063
Stop Time 00:01.688
Detection OK (ClamAV)
Trojan.Spy.Sheriff.C (BDC/Linux-Console)
TR/Killav.DB.2 (AntiVir Workstation)
DLL-Handling Loaded DLLs
c:\8ea684a850c9f72c5f0a1740bf50505a.exe
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\user32.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\advapi32.dll
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\oleaut32.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\comctl32.dll
C:\WINDOWS\system32\wsock32.dll
C:\WINDOWS\system32\WS2_32.dll
C:\WINDOWS\system32\WS2HELP.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\pstorec.dll
C:\WINDOWS\system32\ATL.DLL
C:\WINDOWS\system32\Wship6.dll
C:\WINDOWS\system32\Secur32.dll
Process Management Kill Process - Filename () CommandLine: () Target PID: (1892) As User: () Creation Flags: ()
other files are same just unpacked versions
http://www.symantec....-122910-4625-99
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
