nosirrah
Security Expert
Special Response Team
Joined: Apr 19, 2006
Posts: 6301
Location: USA
|
 Posted: Sun Nov 19, 2006 5:49 pm Post subject: MD5: 191f986fc7b646e7a95afa8711983035 isamonitor.exe ZLOB |
|
|
STATUS: FINISHEDComplete scanning result of "isamonitor.exe", received in VirusTotal at 11.19.2006, 18:18:17 (CET).
Antivirus Version Update Result
AntiVir 7.2.0.39 11.19.2006 no virus found
Authentium 4.93.8 11.17.2006 no virus found
Avast 4.7.892.0 11.18.2006 Win32:Zlob-QT
AVG 386 11.18.2006 no virus found
BitDefender 7.2 11.19.2006 no virus found
CAT-QuickHeal 8.00 11.18.2006 no virus found
ClamAV devel-20060426 11.18.2006 no virus found
DrWeb 4.33 11.19.2006 STPAGE.Trojan
eSafe 7.0.14.0 11.19.2006 no virus found
eTrust-InoculateIT 23.73.59 11.18.2006 no virus found
eTrust-Vet 30.3.3197 11.17.2006 no virus found
Ewido 4.0 11.19.2006 no virus found
Fortinet 2.82.0.0 11.19.2006 no virus found
F-Prot 3.16f 11.17.2006 no virus found
F-Prot4 4.2.1.29 11.17.2006 no virus found
Ikarus 0.2.65.0 11.17.2006 no virus found
Kaspersky 4.0.2.24 11.19.2006 no virus found
McAfee 4899 11.18.2006 no virus found
Microsoft 1.1609 11.19.2006 Getter
NOD32v2 1871 11.19.2006 no virus found
Norman 5.80.02 11.17.2006 W32/Malware
Panda 9.0.0.4 11.19.2006 Suspicious file
Prevx1 V2 11.19.2006 Trojan.eCodec
Sophos 4.11.0 11.16.2006 Troj/Zlobmi-Gen
TheHacker 6.0.3.122 11.18.2006 Trojan/Puper
UNA 1.83 11.17.2006 no virus found
VBA32 3.11.1 11.19.2006 MalwareScope.Downloader.Zlob.1
VirusBuster 4.3.15:9 11.18.2006 no virus found
Aditional Information
File size: 27648 bytes
MD5: 191f986fc7b646e7a95afa8711983035
SHA1: d9422f8b899792eeef5a9b9a7adb7ac4747b9016
norman sandbox: [ General information ]
* **IMPORTANT: PLEASE SEND THE SCANNED FILE TO: ANALYSIS@NORMAN.NO - REMEMBER TO ENCRYPT IT (E.G. ZIP WITH PASSWORD)**.
* Accesses executable file from resource section.
* File length: 27648 bytes.
[ Changes to filesystem ]
* Creates file C:isaddon.dll.
[ Changes to registry ]
* Creates key "HKLMSoftwareCLASSESCLSID{192c5b4a-3efd-40c7-9f99-c472deb8efc0}".
* Sets value ""="" in key "HKLMSoftwareCLASSESCLSID{192c5b4a-3efd-40c7-9f99-c472deb8efc0}".
* Creates key "HKLMSoftwareCLASSESCLSID{192c5b4a-3efd-40c7-9f99-c472deb8efc0}InprocServer32".
* Sets value ""="c:isaddon.dll" in key "HKLMSoftwareCLASSESCLSID{192c5b4a-3efd-40c7-9f99-c472deb8efc0}InprocServer32".
* Sets value "ThreadingModel"="Apartment" in key "HKLMSoftwareCLASSESCLSID{192c5b4a-3efd-40c7-9f99-c472deb8efc0}InprocServer32".
* Creates key "HKLMSoftwareCurrentVersionExplorerBrowser Helper Objects{192c5b4a-3efd-40c7-9f99-c472deb8efc0}".
* Sets value ""="" in key "HKLMSoftwareCurrentVersionExplorerBrowser Helper Objects{192c5b4a-3efd-40c7-9f99-c472deb8efc0}".
* Creates key "HKLMSoftwareMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{192c5b4a-3efd-40c7-9f99-c472deb8efc0}".
* Sets value ""="" in key "HKLMSoftwareMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{192c5b4a-3efd-40c7-9f99-c472deb8efc0}".
[ Process/window information ]
* Creates an event called __ISA_INSURANCE__.
|
|
Forum FAQ
Search
Usergroups
Profile
Login to check your private messages
Login
