Storm worm

 CastleCops -> Unknown Files
Author: AlphaCentauri PostPosted: Fri Jun 27, 2008 2:29 am    Post subject: Storm worm
Downloaded from 80.81.108.198, the Beijing faux-earthquake faux-video. VirusTotal did not have a previous copy of this variant submitted, though detection still isn't bad:

Virus Total:
Result: 13/33 (39.4%)
Antivirus Version Last Update Result
AhnLab-V3 2008.6.26.0 2008.06.26 -
AntiVir 7.8.0.59 2008.06.26 Worm/Zhelatin.ZD
Authentium 5.1.0.4 2008.06.27 W32/Zhelatin.L.gen!Eldorado
Avast 4.8.1195.0 2008.06.26 Win32:TDrop
AVG 7.5.0.516 2008.06.26 -
BitDefender 7.2 2008.06.27 Trojan.Peed.JLV
CAT-QuickHeal 9.50 2008.06.26 -
ClamAV 0.93.1 2008.06.27 -
DrWeb 4.44.0.09170 2008.06.26 -
eSafe 7.0.17.0 2008.06.26 Suspicious File
eTrust-Vet 31.6.5910 2008.06.27 -
Ewido 4.0 2008.06.26 -
F-Prot 4.4.4.56 2008.06.27 W32/Zhelatin.L.gen!Eldorado
F-Secure 7.60.13501.0 2008.06.26 -
Fortinet 3.14.0.0 2008.06.27 -
GData 2.0.7306.1023 2008.06.27 Trojan-Downloader.Win32.Cntr.by
Ikarus T3.1.1.26.0 2008.06.27 Email-Worm.Win32.Zhelatin.zy
Kaspersky 7.0.0.125 2008.06.27 Trojan-Downloader.Win32.Cntr.by
McAfee 5326 2008.06.26 W32/Nuwar@MM
Microsoft None 2008.06.27 -
NOD32v2 3222 2008.06.26 a variant of Win32/Nuwar.DA
Norman 5.80.02 2008.06.26 -
Panda 9.0.0.4 2008.06.26 -
Prevx1 V2 2008.06.27 -
Rising 20.50.32.00 2008.06.27 -
Sophos 4.30.0 2008.06.27 Troj/Agent-HDG
Sunbelt 3.0.1176.1 2008.06.26 -
Symantec 10 2008.06.27 -
TheHacker 6.2.96.362 2008.06.27 -
TrendMicro 8.700.0.1004 2008.06.26 -
VBA32 3.12.6.8 2008.06.26 -
VirusBuster 4.5.11.0 2008.06.23 -
Webwasher-Gateway 6.6.2 2008.06.27 Worm.Zhelatin.ZD
Additional information
File size: 119296 bytes
MD5...: 0126580fc41fed724ea8fb86034487ae
SHA1..: bb8a14fdc4e90537fa75779bcce8e4f37f27e291
SHA256: 695cd5348d3c26a2dd6140da9b8f13f71881ff196cb33830e55226cc710fbbbf
SHA512: c0e8f99889d10d915c4af0e6cfbf4ed15d23788e4885859e2240edc2d87affa1
289b1757a290b1a21a8dacb5f68a950e6da547510132ee713b4d99dda1bfa8fa

Jotti:
A-Squared
Found nothing
AntiVir
Found WORM/Zhelatin.ZD
ArcaVir
Found nothing
Avast
Found Win32:TDrop
AVG Antivirus
Found nothing
BitDefender
Found Trojan.Peed.JLV
ClamAV
Found nothing
CPsecure
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
F-Secure Anti-Virus
Found Trojan-Downloader.Win32.Cntr.by
Fortinet
Found nothing
Ikarus
Found Email-Worm.Win32.Zhelatin.zy
Kaspersky Anti-Virus
Found Trojan-Downloader.Win32.Cntr.by
NOD32
Found a variant of Win32/Nuwar.DA
Norman Virus Control
Found nothing
Panda Antivirus
Found nothing
Sophos Antivirus
Found Troj/Agent-HDG
VirusBuster
Found nothing
VBA32
Found nothing
Author: tetak PostPosted: Fri Jun 27, 2008 9:49 pm    Post subject:
I've added the file to the malware listserv.

CastleCops Link/p1101467-MD5_0126580fc41fed724ea8fb86034487ae_beijing_exe.html
CastleCops -> Unknown Files

All times are GMT

Page 1 of 1


Powered by phpBB © 2001 phpBB Group