CastleCops, Internet Crime Fighters
Need help? Click here to register for free! Absolutely zero advertisements on this site!

Donation/Premium
spacer
Donations. Become Premium Today! Premium Icon
block bottom
Security Central
spacer
· Home
· PIRT/Fried Phish
· MIRT
· SIRT
· Deutsch
· Wiki
· Newsletter
· O16/ActiveX
· CLSID List
· Contest2007
· Downloads
· Feedback (send)
· Forums
· HijackThis
· Hijacktrend
· LSPs
· My Downloads
· O18
· O20
· O21
· O22
· O23
· O9
· Premium
· Private Messages
· Proxomitron
· Reviews
· Search
· StartupList
· Stories Archive
· Submit News
· WsIRT
· Your Account
· Acceptable Use Policy
block bottom
spacer spacer
 Forum FAQForum FAQ   SearchSearch   UsergroupsUsergroups   ProfileProfile   Login to check your private messagesLogin to check your private messages   LoginLogin   Your Favorite ForumsSelect FavForums 

hotvideostube.com trojan

 
Post new topic   Reply to topic       All -> FavForums -> Web Malware Links [del.icio.us!] [digg it!] [reddit!]
View previous topic :: View next topic  
Author Message
philipp2

Trooper
Trooper


Joined: Apr 11, 2008
Posts: 22
Location: Germany
PostPosted: Sat Apr 12, 2008 10:12 am    Post subject: hotvideostube.com trojan
Reply with quote

hxxp://www.magicporntube.com/index.php?id=4165
--> hxxp://www.hotvideostube.com/m3/
--> hxxp://swfinstrument.com/download.php?id=4165
--> setup.exe

av detection: 6/32 (18.75%)

AhnLab-V3 2008.4.12.0 2008.04.11 -
AntiVir 7.6.0.85 2008.04.11 TR/Crypt.CFI.Gen
Authentium 4.93.8 2008.04.11 -
Avast 4.8.1169.0 2008.04.11 -
AVG 7.5.0.516 2008.04.11 -
BitDefender 7.2 2008.04.12 -
CAT-QuickHeal 9.50 2008.04.12 -
ClamAV 0.92.1 2008.04.12 -
DrWeb 4.44.0.09170 2008.04.12 -
eSafe 7.0.15.0 2008.04.09 suspicious Trojan/Worm
eTrust-Vet 31.3.5692 2008.04.11 -
Ewido 4.0 2008.04.12 -
F-Prot 4.4.2.54 2008.04.11 -
F-Secure 6.70.13260.0 2008.04.11 -
FileAdvisor 1 2008.04.12 -
Fortinet 3.14.0.0 2008.04.12 -
Ikarus T3.1.1.26.0 2008.04.12 Trojan-Downloader.Win32.Zlob.abw
Kaspersky 7.0.0.125 2008.04.12 -
McAfee 5272 2008.04.11 -
Microsoft 1.3408 2008.04.12 TrojanDownloader:Win32/Zlob.gen!AW
NOD32v2 3020 2008.04.11 -
Norman 5.80.02 2008.04.11 -
Panda 9.0.0.4 2008.04.11 -
Prevx1 V2 2008.04.12 -
Rising 20.39.52.00 2008.04.12 -
Sophos 4.28.0 2008.04.12 -
Sunbelt 3.0.1041.0 2008.04.12 -
Symantec 10 2008.04.12 -
TheHacker 6.2.92.275 2008.04.12 -
VBA32 3.12.6.4 2008.04.06 suspected of Downloader.Zlob.3
VirusBuster 4.3.26:9 2008.04.11 -
Webwasher-Gateway 6.6.2 2008.04.11 Trojan.Crypt.CFI.Gen
weitere Informationen
File size: 12288 bytes
MD5...: 9532832738809a4febf85667e5609e39
SHA1..: a4c1bf4cf33628967d13df5375cf785540c874db
SHA256: 744a91f7fbe0e97a7f2f67ffda383be1aad14e972d388d83fffd1023ffaa5600
SHA512: 9f2a21f9497e278910275583a25024233d91ae20603970abb962ad5ab6b3b7ae
c88730ae5355a4a51fc1bda9fcf12d79ee39423f013a32c48b2e68b87733b87b
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x408a30
timedatestamp.....: 0x48007ceb (Sat Apr 12 09:12:11 2008)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
UPX0 0x1000 0x6000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
UPX1 0x7000 0x2000 0x1c00 7.81 fbd8234e40a2a0dd67717e715d099e9b
.rsrc 0x9000 0x1000 0x1000 5.67 686a378bf7df5cedbf80f9044880a754

( 5 imports )
> KERNEL32.DLL: LoadLibraryA, GetProcAddress, VirtualProtect, VirtualAlloc, VirtualFree, ExitProcess
> ADVAPI32.dll: RegOpenKeyA
> GDI32.dll: SelectObject
> SHELL32.dll: SHGetFolderPathA
> USER32.dll: wsprintfA

( 0 exports )
packers (Kaspersky): PE_Patch.UPX, UPX
packers (F-Prot): UPX
Back to top
View users profile Send private message
tetak

MIRT Team Lead
Premium Member

Joined: Jan 19, 2007
Posts: 5869

MIRT Premium

PostPosted: Sat Apr 12, 2008 4:11 pm    Post subject:
Reply with quote

Thanks for posting the links, I've added the file to the malware listserv.

CastleCops Link/p1077750-MD5_9532832738809a4febf85667e5609e39_setup_exe.html


_________________
Got Windows XP? Help protect your PC from malware with Microsofts anti-spyware program Windows Defender.

Download it for free from http://www.microsoft.com/athome/security/spyware/software/default.mspx
Back to top
View users profile Send private message
Display posts from previous:   
Post new topic   Reply to topic       All -> FavForums -> Web Malware Links All times are GMT
Page 1 of 1

 
Quick Reply:
Username: 

Quote the last message
Attach signature (signatures can be changed in profile)
 
You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You cannot download files in this forum


Powered by phpBB © 2001 phpBB Group
2002-2008 © Computer Cops LLC dba CastleCops®. All rights reserved.
Acceptable Use Policy. Use signifies your agreement.
82ppm 0.188s (0.032s)
Making cybercriminals unhappy since 2002*
In Memory of Trpm
spacer spacer