Author Topic: Various stuff,as usual...  (Read 4941 times)

0 Members and 1 Guest are viewing this topic.

November 22, 2007, 05:04:48 am
Read 4941 times

sowhat-x

  • Guest
Quote
hxxp://qq.53462.cn/setup.exe
hxxp://user.free2.77169.net/mjooo/setup.exe
MD5 - 8E466E87BC2D90499C37B75EA8734DBE
FSG packed,QQ-related trojan...28% detection rate at VirusTotal...
=======================
Quote
hxxp://x.98725.com/00001.exe
And it goes up at least to...
Quote
hxxp://x.98725.com/00026.exe
Mainly Upack used here...
=======================
Now that's a quite smart name for malware hosting domain...
Quote
hxxp://www.ispdown.com/
Has the following iframe...
Quote
hxxp://boc.sbb22.com/home/index.htm
More iframes here,a few of them we've also seen before,
leading to exploits,binaries etc...
=======================
Quote
hxxp://1.ie-google.cn/uusee54.exe
PECompact used...
MD5 - a8dd2f2267cb865b757913620111535e
=======================
Quote
hxxp://3.xqhgm.com/zs.exe
hxxp://5.xqhgm.com/new/1.gif -> Pseudo-extension / exploit...
=======================
Quote
hxxp://520sj.com
Iframes to a few already well-known guys,
and even more iframes and exploits there...
Quote
hxxp://xxx.llxxcx.cn/pv.htm
hxxp://aa.llsging.com/ww/new05.htm?075
hxxp://xxx.llxxcx.cn/wm.htm
hxxp://u.haom.us/u103/index.htm
hxxp://xxx.llxxcx.cn/ll.htm
hxxp://xx.522love.cn/wm/306.htm
=======================
Quote
hxxp://ads.goodnetads.org/main.js
hxxp://down.goodnetads.org/tk/xl.js
hxxp://ads.1234214.info/tk.js
hxxp://ads.1234214.info/tk/info.exe
=======================
...some more exploit pages,there might be more stuff in there...
Quote
hxxp://cc.ehai01.com/1.htm
hxxp://cc.ehai01.com/wm/0614.htm
hxxp://cc.ehai01.com/wm/614.htm
hxxp://cc.ehai01.com/wm/baidu.htm
hxxp://cc.ehai01.com/wm/active.html
hxxp://bbb.ehai01.com/calc.cab
hxxp://3.ehai01.com/a.exe
hxxp://3.ehai01.com/a.exe
hxxp://1.ehai01.com/1.exe
...up to...
hxxp://1.ehai01.com/22.exe
hxxp://da.ehai01.com/23.exe
hxxp://da.ehai01.com/24.exe