CastleCops® casinos

Need help? Click here to register for free! Absolutely zero advertisements on this site!

	Donation/Premium

	Donations. Become Premium Today!

	Security Central

	· Home · PIRT/Fried Phish · MIRT · SIRT · Deutsch · Wiki · Newsletter · O16/ActiveX · CLSID List · Contest2007 · Downloads · Feedback (send) · Forums · HijackThis · Hijacktrend · LSPs · My Downloads · O18 · O20 · O21 · O22 · O23 · O9 · Premium · Private Messages · Proxomitron · Reviews · Search · StartupList · Stories Archive · Submit News · WsIRT · Your Account · Acceptable Use Policy

Forum FAQ

Usergroups

Profile

Select FavForums

casinos

All -> FavForums -> Unknown Files

[del.icio.us!] [digg it!] [reddit!]

View previous topic :: View next topic

Author

Message

brewt

SIRT Handler
Premium Member

Joined: May 29, 2007
Posts: 792
Location: USA

Posted: Thu Feb 21, 2008 5:46 am Post subject: casinos

these exact files have been around since at least 12/2007.

detection rate is still less than it could be.
i'm not sure if they are "just" adware, or truly malicious.

Code:

http://banner.maximacasino.com/cgi-bin/SetupCasino.exe

Quote:

File SetupCasino.exe received on 02.21.2008 06:18:33 (CET)
Current status: finished
Result: 7/32 (21.88%)

File has already been analysed:
MD5: 3a267d6ae5b6544ab4aec63f30ff860b
Date: 02.21.2008 06:25:07 (CET) [<1D]
Results: 7/32
Permalink: analisis/f2ca24ad7ace122df7f8f0de64d67ee2

Additional information
File size: 311325 bytes
Bit9 info: http://fileadvisor.bit9.com/services/extinfo.aspx?md5=3a267d6ae5b6544ab4aec63f30ff860b
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=18AEA8D01D4B2597C0B604B83D49190009923089

Code:

http://gamingstarsite.net/SmartDownload.exe

Quote:

File SmartDownload.exe received on 02.21.2008 06:18:25 (CET)
Current status: finished
Result: 16/32 (50%)

File has already been analysed:
MD5: a50a5c8c1e5e7cd4d441246e28e04b93
Date: 02.21.2008 06:25:07 (CET) [<1D]
Results: 16/32
Permalink: analisis/1181ae863ccb49fdd93b4e87fae92b36

Additional information
File size: 504128 bytes
MD5: a50a5c8c1e5e7cd4d441246e28e04b93
SHA1: c1d499f9feac12620fa727949e466eca3d253fa4
PEiD: UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
packers: PE_Patch.UPX, UPX
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=EDF1830B40F80BD3B17207EF7640BF004D043F82

tetak

MIRT Team Lead
Premium Member

Joined: Jan 19, 2007
Posts: 5879

Posted: Thu Feb 21, 2008 6:47 pm Post subject:

Each "Casino" will be different but I think these are more on the adware side rather than malware. I've also found that some AV companies won't add detections for these files. For example, Kaspersky won't but McAfee will. potentially unwanted program CasOnline (McAfee). _________________ Got Windows XP? Help protect your PC from malware with Microsofts anti-spyware program Windows Defender. Download it for free from http://www.microsoft.com/athome/security/spyware/software/default.mspx

	All -> FavForums -> Unknown Files	All times are GMT
Page 1 of 1

You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You cannot download files in this forum


	2002-2008 � Computer Cops LLC dba CastleCops®. All rights reserved. Acceptable Use Policy. Use signifies your agreement. 189ppm 0.304s (0.044s) Making cybercriminals unhappy since 2002*