Malware Domain List

Malware Related => Malicious Domains => Zlkon.lv => Topic started by: CkreM on April 05, 2009, 06:23:17 pm

Title: hs.2-22.zlkon.lv - (94.247.2.22)
Post by: CkreM on April 05, 2009, 06:23:17 pm
Koobface:
Code: [Select]
http://viewworldmy2.com/software/38e4f74690/10005/1/Setup.exe
http://rtraffclicks.com/software/38e4f74690/10005/1/Setup.exe
http://viewworldmy1.com/view/1/1000/5 (no trojan there atm)
http://www.virustotal.com/analisis/2f4d43ab87704959d145405cd9305627
Title: Re: hs.2-22.zlkon.lv - (94.247.2.22)
Post by: SysAdMini on April 07, 2009, 08:48:04 pm
Code: [Select]
xviewworldmy2.com/view/1/1220/3
Title: Re: hs.2-22.zlkon.lv - (94.247.2.22)
Post by: Malware-Web-Threats on April 17, 2009, 09:44:12 am
Fake codec page + trojan koobface

Code: [Select]
hxxp://hqviewworldmy2.com/view/1/1000/5
http://hqviewworldmy2.com/software/dc0536f1f1/10005/1/Setup.exe

Anubis (http://anubis.iseclab.org/?action=result&task_id=1f580c5d1e923f914c18bf600876b4ae8)
VirusTotal: Worm Koobface (http://www.virustotal.com/analisis/6b1538063741ae9c9e62c21ae4431ce1) - 19/40 (47.50%)

Second download on 91.92.165.55 [stanishev.com]

Code: [Select]
hxxp://stanishev.com/1/pch.exe

VirusTotal: Trojan (http://www.virustotal.com/analisis/42bb74abac1f10212672ee2dabea3402) - 19/40 (47.5%)

Config on 218.93.202.50 [nua06032009.biz]

Code: [Select]
hxxp://nua06032009.biz/ld/gen.php

Quote
#noparam #PID=6145
STARTONCE|http://stanishev.com/1/pch.exe
START|http://stanishev.com/1/nfr.exe
STARTONCE|http://stanishev.com/1/pp.06.exe
WAIT|120 #BLACKLABEL EXIT
Title: Re: hs.2-22.zlkon.lv - (94.247.2.22)
Post by: Malware-Web-Threats on April 19, 2009, 09:46:05 pm
Fake codec page + trojan Koobface

Code: [Select]
hxxp://hxviewworldmy2.com/view/1/1000/5
hxxp://hxviewworldmy2.com/software/e3d6b7561f/10005/1/Setup.exe

File name: Setup.exe
File size: 16384 bytes
MD5: 96bf2207c64602e9e71d99977fc68f21

VirusTotal: Win32/Koobface (http://www.virustotal.com/analisis/e11c2132a5b958531a063c8bfa960fdb) - 23/40 (57.5%)
Title: Re: hs.2-22.zlkon.lv - (94.247.2.22)
Post by: Serg on April 20, 2009, 10:20:48 am
Chinese worm for social networks in Latvia?! GG...