daily something......

[jackberri]

IP Location: Republic Of Korea  - Telecom
IP  218.153.66.39
ASAS4766
Name Server: NS.123-REG.CO.UK  | NS2.123-REG.CO.UK
Registrant/Email Registrant: Mark Pickford/domains@supanames.co.uk

Code: [Select]

http://218.153.66.39/Download/searchpop/1.0.0.2/SearchPopInstaller.exe               md5sum ===> c1be1b4707498b5be81ac38921026f23
http://218.153.66.39/Download/searchpop/1.0.0.2/SearchPop.dll                        md5sum ===> 6bdd5da707304eeae89ab8fde7625a95
http://218.153.66.39/Download/searchpop/1.0.0.2/SearchPopUpdater.exe                 md5sum ===> 7e176048b5961f69f600e491c2099161
http://218.153.66.39/Download/searchpop/1.0.0.2/SearchPopUninstaller.exe             md5sum ===> cfbdca43ae15adb9b023a2f9b40db8f4http://www.virustotal.com/file-scan/report.html?id=e8f8e2d2979ea357054235f6547c0013d7b2c192ba6335d06cd98dcd283446b5-1313058014
VT 26/43 (60.5%)
http://www.virustotal.com/file-scan/report.html?id=20cbec7a9d1b3b3e8d99ffc73a217da2af4c5f594e39a3797b64a8a7ea7efd62-1313059609
VT 7/43 (16.3%)
http://www.virustotal.com/file-scan/report.html?id=620dcace0a00137d0402051e6e885823b17ef6e0a0296164f520eea1bc1debea-1313059159
VT 0/43 (0.0%)
http://www.virustotal.com/file-scan/report.html?id=2e2a5101a1d84cc26bedcc70346c3aa42bdb40d5d80652f03fb0d177df2288c3-1313059753
VT 13/43 (30.2%)

[jackberri]

IP Location: Brazil  - ZIPNET BR AS
IP  200.147.1.41
[200-147-1-41.static.uol.com.br]
AS7162
Registrant/Email Registrant: Contato Administrativo - UOL/l-registrobr-uol@corp.uol.com.br

Code: [Select]

http://crogsz.sites.uol.com.br/moduloa.jpg         md5sum ===> b543d79f23dc5836140e4fcf540076c1
http://candinhobill.sites.uol.com.br/clientes/byte.swf         md5sum ===> b9b228ef7defec4a0682ed7321c68f5c
http://candinhobill.sites.uol.com.br/clientes/mega.swf         md5sum ===> c7001061a5e5a35adace82e125bc846c
http://robsson.s.sites.uol.com.br/newli.htm         md5sum ===> 2b10a3b5eb4b0a82bb9effcecaddb995
http://robsson.s.sites.uol.com.br/newl.htm         md5sum ===> 8bf0ec9c90aac64e7939e4980096f69f
http://robsson.s.sites.uol.com.br/news.htm         md5sum ===> 9cb0ec8d2107a3f682df2cdf06ec202f
http://robsson.s.sites.uol.com.br/newm.htm         md5sum ===> 001720dc6d614ac159abef5b3677bb6c
http://rebivelveiculos.sites.uol.com.br/SET1.tmp         md5sum ===> 58ff05dec31cc23937201c7550ecee07
http://rebivelveiculos.sites.uol.com.br/SET2.tmp         md5sum ===> 4843a717e8d0aa14e698be76fb6f1381http://www.virustotal.com/file-scan/report.html?id=1e4609afb561e0523878a50a316f2bbbe071c5c6ea134d43b6ecb7740f923266-1313221812
VT 37/43 (86.0%)
[urlhttp://www.virustotal.com/file-scan/report.html?id=02fd45089b6ed5e96904645860a511b8b2d30c4c9ea62de191f8fcd2437de223-1313221973[/url]
VT 17/43 (39.5%)
http://www.virustotal.com/file-scan/report.html?id=94619e5d879f8898411b7566312aa267ae9e9eef595cebc5919de9c20ad0ec19-1313222107
VT 18/43 (41.9%)
http://www.virustotal.com/file-scan/report.html?id=1fd2415b4e17e18802891034728d4fc85dac8217f46db38c98e9d60866631634-1313222319
VT 27/30 (62.8%)
http://www.virustotal.com/file-scan/report.html?id=64d7857c9e66147077f950986fb47bb069e3d9690a319dc6dc31add89eacfb79-1313222500
VT 32/43 (74.4%)
http://www.virustotal.com/file-scan/report.html?id=fb9d94ba4e012de0bc09549be0082e92ead15e58db8e15f7e4bb812adf2be458-1313222649
VT 29/42 (69.0%)
http://www.virustotal.com/file-scan/report.html?id=a188ad2ca02364c696e0ba90ad8e3c4c5e86f3c97e60f8d80db7e4426ee121af-1313222799
VT 28/43 (65.1%)
http://www.virustotal.com/file-scan/report.html?id=b3701fe7ce22c8a3611957ec45c5d4f42e4e49ac3fc34c7d9dc84e748b16f12a-1313222977
VT 31/43 (72.1%)
http://www.virustotal.com/file-scan/report.html?id=852ee463e674082735e4729edea94dbd32c41d0e963cb5aa40103e3f1aa90c5e-1313222990
VT 24/36 (66.7%)

[jackberri]

IP Location: Korea  - KORNET-KR Korea Telecom
IP  121.156.86.22
AS4766

Code: [Select]

http://pmdexsfp.cz.cc/firefox.exe         md5sum ===> 6ba065237d0e26958a1a3d2e7c5edefehttp://www.virustotal.com/file-scan/report.html?id=d301774be25a6200dd9eba59922cc57e1fae3a07f06b9a262bf528731e79d5fd-1313423746
VT 5/43 (11.6%)

IP Location: Netherlands  - ICN-BG Internet Corporated Networks Ltd.
IP  95.211.58.37
[onebesthosting.com]
AS16265
Name Server: ns1.reg.ru.  | ns2.reg.ru.
Registrant/Email Registrant: Private Whois/jprj6as4d9120f7b92d6@qc8iazv4cbecce2a1df1.privatewhois.net

Code: [Select]

hulucon.com/tish/cb.exe                  md5sum ===> 858d5b5d7f4ee944aea61ee2d5426eeehttp://www.virustotal.com/file-scan/report.html?id=c490321061fa2253949a7f406eaad47729bccbb7ad8d2bf890ca2de54a351957-1313427254
VT 35/43 (81.4%)

IP Location: Brazil - ZIPNET BR AS
IP  200.147.1.41
[200-147-1-41.static.uol.com.br]
AS7162
Registrant/Email Registrant: Contato Administrativo - UOL/l-registrobr-uol@corp.uol.com.br

Code: [Select]

http://matos.lima.sites.uol.com.br/live.htm         md5sum ===> ec0c5d1565aff08495c68a4f6d9d980e
http://matos.lima.sites.uol.com.br/bradinha.htm         md5sum ===> 7920d2f2b14cfebcfbe4f6b524d8fb71
http://mruthsantos.sites.uol.com.br/Laila.jpg         md5sum ===> 3704cff681b9b188d6b8093581d07a9b
http://mruthsantos.sites.uol.com.br/Salete.jpg         md5sum ===> 02f7580288fcc1d50ff63e5e1bd9bf1d
http://mruthsantos.sites.uol.com.br/Magali.jpg         md5sum ===> 5f49cbbb251158455b9482049684d376http://www.virustotal.com/file-scan/report.html?id=fd21ac1cbcb05c1f2d35ca9ed2d0e56d3467f4a61815758e79c7903f2b5ff3de-1313427932
VT 21/43 (48.8%)
http://www.virustotal.com/file-scan/report.html?id=193e4dd55e0a6484593bf053cb57c8a15a43cf80c5f13a1b2aa530f526d8df3a-1313428343
VT 21/43 (48.8%)
http://www.virustotal.com/file-scan/report.html?id=d1c503e43a002264fc2401d83f7c844febd4fac4559d665993f4fa943813658a-1313428151
VT 18/43 (41.9%)
http://www.virustotal.com/file-scan/report.html?id=50138799c69b329ed437618618d6a17f3fda65b8ce0a7008504e1d37332caf8b-1313428486
VT 21/43 (48.8%)
http://www.virustotal.com/file-scan/report.html?id=76400815d1ab3bac488b5db9b1b2bb8dd3d2e4752095bc8e1e1422ba706e1faf-1313429169
VT 31/43 (72.1%)

IP Location: Brazil - ZIPNET BR AS
IP  200.98.196.57
[whw0029.whservidor.com]
AS7162
Name Server: ns1.dominios.uol.com.br  | ns2.dominios.uol.com.br
Registrant/Email Registrant: JOSÉ ROBERTO PILOTO/teepiloto@uol.com.br

Code: [Select]

http://mcjrtreinamento.com/webcn1/deleni.bmp         md5sum ===> 0492d3191ad065db6dfdaccb51acdfcf
http://mcjrtreinamento.com/webcn1/350.bmp                  md5sum ===> 9960448089e1db74f93978017aff2bac
http://mcjrtreinamento.com/webcn1/250.bmp                  md5sum ===> 9def20c9de2e1fcc024a775879ae142chttp://www.virustotal.com/file-scan/report.html?id=9fdec05bb38f1ddb55ea1d465cd2606ee86e890324278d3e165d0ec03ad1e413-1313011032
VT 16/43 (37.2%)
http://www.virustotal.com/file-scan/report.html?id=1ed677261b7b62701b7f39c90024be5d7cb9fe5bfb7e7d620ecf0114a542c9a5-1313429389
VT 22/43 (51.2%)
http://www.virustotal.com/file-scan/report.html?id=0d6184dad77a8401eb84a4b00c33ac64505f06b707b37b478b443197fa4ada47-1313428788
VT 25/43 (58.1%)

[jackberri]

IP Location: Brazil  - ZIPNET BR AS
IP  200.147.1.41
[200-147-1-41.static.uol.com.br]
AS7162
Registrant/Email Registrant: Contato Administrativo - UOL/l-registrobr-uol@corp.uol.com.br

Code: [Select]

http://apfcc.sites.uol.com.br/img01.png         md5sum ===> 0c17c6a49b10335b29dec2d5d7767808
http://apfcc.sites.uol.com.br/img02.png         md5sum ===> ca9fea2c4029859733b320294898b8ec
http://thaisqz.sites.uol.com.br/Salete.jpg         md5sum ===> 0362e640bda32f7c59dc136dbc4dcb4a
http://thaisqz.sites.uol.com.br/Dulce.jpg         md5sum ===> 9e38810e04fc62ba9e763fb636355a46
http://be.t.sites.uol.com.br/imgandroidoid1.gif         md5sum ===> d25b032877e155e3d57519b724777a95
http://supportgold.sites.uol.com.br/imgsant2.gif         md5sum ===> 3f0dd8dd0894977c71e643417aeb56ea
http://supportgold.sites.uol.com.br/imgnet3.gif         md5sum ===> a54c61b9fa3ce88bb1a49c633a8d659b
http://supportgold.sites.uol.com.br/imgalt4.gif         md5sum ===> e31459a1ae8bb68fc36615e27b0f8a4f
http://supportgold.sites.uol.com.br/imgav5.gif         md5sum ===> b46ee1c7b51183e3bf6780a9255988c6
http://melgarejoautomoveis.sites.uol.com.br/fotoblog/images/fura.html         md5sum ===> ea91edf2bcde9d79a102e70cd6f2e6e8
http://melgarejoautomoveis.sites.uol.com.br/fotoblog/images/iarunha.html         md5sum ===> 96b0420d64b8f58e6e3242d8e7971253
http://melgarejoautomoveis.sites.uol.com.br/fotoblog/images/marina.html         md5sum ===> 51ff6e154e99554c141d586f4631ffb0http://www.virustotal.com/file-scan/report.html?id=63cc1dae9ec85469dccc48410ff8e2ea850b9310d19148ab69a70d30f756a9d1-1313492079
VT 24/42 (57.1%)
[urlhttps://www.virustotal.com/file-scan/report.html?id=3d83a38c46c40fb763994268ae1ef894822e6af66a320425a33260a1a22975f3-1313492572[/url]
VT 21/43 (48.8%)
http://www.virustotal.com/file-scan/report.html?id=1549a5bd9617ee49725f0a0be23343cee2e7fd2684e289852410742cc764ff69-1313492197
VT 22/43 (51.2%)
http://www.virustotal.com/file-scan/report.html?id=ee9727fe7f5a5611fc0f835432b2de882fe06c7c8eed272b95d54077fed36d29-1313492070
VT 2/43 (4.7%)
http://www.virustotal.com/file-scan/report.html?id=0b64ec97ef27db16438a3692d6d130e1aa6871f416c9823c2e95e2975051ba35-1313493800
VT 28/43 (65.1%)
http://www.virustotal.com/file-scan/report.html?id=adf0dbbab1a68b40eaa17dcc8df0cd52db2e7e5b51a06050c7a175915650fee7-1313493333
VT 34/43 (79.1%)
http://www.virustotal.com/file-scan/report.html?id=541200d6ad77b4b34e877fe61b7ead013f62eb8778468248de50d91774dde2ca-1313493348
VT 35/43 (81.4%)
http://www.virustotal.com/file-scan/report.html?id=a384a9db65088f7dfca334d9fdf9d9e0dafdc20fa8ea014a0b418a571d6d1045-1313494429
VT 24/40 (60.0%)
http://www.virustotal.com/file-scan/report.html?id=f9c04043b1b0081e54c61da405569f1087ae71d62dd9620ff944c7821bf5daac-1313494670
VT 23/36 (53.5%)
http://www.virustotal.com/file-scan/report.html?id=3548e6d674fffdf11c5bca6daae4ec721569e63ec66dc8c69f58f60c4b3396d2-1313494274
VT 2/36 (4.7%)
http://www.virustotal.com/file-scan/report.html?id=9a708fefca21f1aac4df56f3f0229b18a108f9294e1fc5ce8338d8dacdb7c5fa-1313494491
VT 27/41 (65.9%)
http://www.virustotal.com/file-scan/report.html?id=5e09858d55773a21ee77cdd490b6a27dda502f844515460cc856d2df168d644c-1313494708
VT 32/43 (74.4%)

[jackberri]

IP Location: Brazil - ZIPNET BR AS
IP  200.147.1.41
[200-147-1-41.static.uol.com.br]
AS7162
Registrant/Email Registrant: Contato Administrativo - UOL/l-registrobr-uol@corp.uol.com.br

Code: [Select]

http://italorlins.sites.uol.com.br/madrugada/moduloa.html         md5sum ===> 969c525ecba15ae09e7c850e7ab61da7
http://adrianapmoro.sites.uol.com.br/urgente/moduloa.html         md5sum ===> 2c35119c83bd81292b41f1453523c00d
http://eugeniagreco.sites.uol.com.br/71.jpg         md5sum ===> 4b192e63d60d62d6841f5808f97756dd
http://eugeniagreco.sites.uol.com.br/72.jpg         md5sum ===> 51e1509cd6d99fef4c86d268068a92d0
http://eugeniagreco.sites.uol.com.br/73.jpg         md5sum ===> 2b1d2776bd81ffadc0329145b098c388
http://eugeniagreco.sites.uol.com.br/74.jpg         md5sum ===> e6c24dafd9c4650ea33e2e063d3da636
http://novickarodrigues.sites.uol.com.br/imags1.gif         md5sum ===> 3918d5025086ed9d8373799e94df86a4
http://novickarodrigues.sites.uol.com.br/imags2.gif         md5sum ===> d948a027655c087a72f5294f15ff581e
http://novickarodrigues.sites.uol.com.br/imags3.gif         md5sum ===> cca62b7cb95a8b9a0a67afc40c0ec828
http://novickarodrigues.sites.uol.com.br/imags4.gif         md5sum ===> 42d33cb8333c9d1d99a46ec519206653
http://novickarodrigues.sites.uol.com.br/imags5.gif         md5sum ===> 8044e1531ac7db1eda261040d2b4b886
http://novickarodrigues.sites.uol.com.br/imags6.gif         md5sum ===> cf77b77703e72e4f9588525a7424cdechttp://www.virustotal.com/file-scan/report.html?id=63cc1dae9ec85469dccc48410ff8e2ea850b9310d19148ab69a70d30f756a9d1-1313492079
VT 24/42 (57.1%)
http://www.virustotal.com/file-scan/report.html?id=47aa1bd2d17f4f3a045e03e7289cd1307e2b0a5599e65dba0586826c36b2b72f-1313493100
VT 25/43 (58.1%)
http://www.virustotal.com/file-scan/report.html?id=6d522e8e394686167d8795b05f8071fa3696818dc4ba0f7d48b8b49a0aa73a63-1313493297
VT 21/43 (48.8%)
http://www.virustotal.com/file-scan/report.html?id=9bdeaaffe4b47db43c516d78f9be1fcd6266a4ef204277905fbe26671a065bae-1313493156
VT 8/43 (18.6%)
http://www.virustotal.com/file-scan/report.html?id=a1100db987cf0307c698f90e369985171f4cae692cba2c96e72c0608968ebc7f-1313509274
VT 14/44 (31.8%)
http://www.virustotal.com/file-scan/report.html?id=895a08957166bd425cd7e296cee1c00d572a2a4b877e7bc8600d2dbba11c4f9e-1313492129
VT 28/43 (65.1%)
http://www.virustotal.com/file-scan/report.html?id=03ac67999cc26571c284b47f4b6a79447f91af30ec2599cab34f87576fb5f515-1313509670
VT 18/43 (41.9%)
http://www.virustotal.com/file-scan/report.html?id=c28f3a9dba73bc4de4a51238247efc76295bde4efedc3c06bdf3f07982ae6b5a-1313509946
VT 27/43 (62.8%)
http://www.virustotal.com/file-scan/report.html?id=e949013550d01c878ee05a66fc469490607bae536c4c57928582be048b132d97-1313492471
VT 30/36 (69.8%)
http://www.virustotal.com/file-scan/report.html?id=951a5304fb22e6c855dc92879bdb2a4cae79c1c3e738ba64e0870371c17b3834-1313492458
VT 21/43 (48.8%)
http://www.virustotal.com/file-scan/report.html?id=29805fabe748d19458421b3ad8f7b5d4e648f11aec3fdba8c0d5af69288f2146-1313509547
VT 21/43 (48.8%)

IP Location: United States  - SOFTLAYER Technologies Inc
IP  173.192.140.248
[173.192.140.248-static.reverse.softlayer.com]
AS36351
Name Server: ns1.webnames-l03.com  | ns2.webnames-l03.com
Registrant/Email Registrant: Carlos Magno Pereira Tavares/rk-tamura@bol.com.br

Code: [Select]

http://lantorpedo.com/ctfnonpp.jpg         md5sum ===> 2d28e08551f855422e5af1f19a9eddda
http://lantorpedo.com/ctfnonff.jpg                        md5sum ===> 3a24b8d6506d7a412556d2e50edc01bf
http://lantorpedo.com/ctfnonjj.jpg                 md5sum ===> 547e0d4335bda68eba3b6870732b28fchttp://www.virustotal.com/file-scan/report.html?id=cbfabf7afa174eee4262a83c7e3f56b9a16700ccf506286de59844c011759190-1313510392
VT 13/43 (30.2%)
http://www.virustotal.com/file-scan/report.html?id=83d564681e1a4585584efca90307c31803aa12672521874232080006ea6d50d3-1313510445
VT 32/43 (74.4%)
http://www.virustotal.com/file-scan/report.html?id=ce1de423db02e40f65b551d801e11a6bafe7fd135f67a37cbb4b36355a40dbd0-1313510472
VT 26/43 (60.5%)

[jackberri]

Code: [Select]

[color=blue]IP Location:  Netherlands[/color] - WorldStream AS
IP 109.236.81.160
[customer.worldstream.nl]
AS49981
[code]http://wwwe.nl.ai/d.php?f=37&e=4         md5sum ===> fab3ffb81cf0ecf18dc0211c048782cahttp://www.virustotal.com/file-scan/report.html?id=020bb15cc88c26d8cd6e971ae6ef59076a19548394d909c3dcd61c8e44406df1-1313750108
VT 2/44 (4.5%)[/code]

IP Location:  Germany - INLINE-AS
IP 205.234.236.202
[unknown.kayotex.net]
AS31147

Code: [Select]

http://178.18.243.229/js.exe          md5sum ===> d9f79262152ae95267c469a69ff9ed62http://www.virustotal.com/file-scan/report.html?id=5daba5c11af47b0f89ac7a3f6ed1dddb26f5124f7cf3a2cf9960760a8061a2f3-1313604924
VT 34/44 (77.3%)

[jackberri]

IP Location:  Korea - DACOM-NET
IP 61.97.247.39
AS3786
Name Server: ns3.dnsoray.net  | ns4.dnsoray.net

Code: [Select]

http://ciygqn.gicp.net/iehost/a.exe         md5sum ===> bd93e830464e6d6174ea19b7ea705234
http://ciygqn.gicp.net/iehost/b.exe         md5sum ===> 48c7e98871add9e553cf3b66908280bf
http://ciygqn.gicp.net/iehost/c.exe         md5sum ===> 04002694d8ac1c0a762835a36c28d32e
http://ciygqn.gicp.net/iehost/d.exe         md5sum ===> 9631795588ab415dc5f5b776f48664b5
http://ciygqn.gicp.net/iehost/e.exe         md5sum ===> 9203f9d8c7109242a0b07ad7483dc907http://www.virustotal.com/file-scan/report.html?id=98e47b9a458f9288bac94aaa0bc2a2c03bc1fcbe8255aa4b82e65c0a3a36948c-1313835330
VT 13/44 (29.5%)
http://www.virustotal.com/file-scan/report.html?id=1afd065d72ade21eac37d7493558a21d0a31fd3de4df9d7e20b39d8a8cd1bf33-1313835394
VT 13/44 (29.5%)
http://www.virustotal.com/file-scan/report.html?id=794cea7fb66e6ed7d0635d28c3b5c58bf85a248bb0cae404f3bb437dfc216933-1313835546
VT 13/44 (29.5%)
http://www.virustotal.com/file-scan/report.html?id=0d1aef4a3a3b50d24a47df023dc294bb10069fb6abfac84aa12b8f561f6905bb-1313835568
VT 13/44 (29.5%)
http://www.virustotal.com/file-scan/report.html?id=835342272d374c62c76d291324d0b9fc050bd5e2aec5410ee8d15575d6b64440-1313835293
VT 13/44 (29.5%)

[jackberri]

IP Location: Brazil - ZIPNET BR AS
IP  200.147.1.41
[200-147-1-41.static.uol.com.br]
AS7162
Registrant/Email Registrant: Contato Administrativo - UOL/l-registrobr-uol@corp.uol.com.br/

Code: [Select]

http://ricardosorren.sites.uol.com.br/moara.html         md5sum ===> 29b639dc5cbb1a74f06798a875c2d5c4
http://ricardosorren.sites.uol.com.br/imara.html         md5sum ===> e394bc9c52cdc02dbe3bade1ca45bd91
http://ricardosorren.sites.uol.com.br/lmara.html         md5sum ===> 7ce122680a7e38ec4ea06133b5497aed
http://ricardosorren.sites.uol.com.br/miara.html         md5sum ===> a45217de508e32c4d8f3ee82431672ab
http://abucker.sites.uol.com.br/configoracao.bmp         md5sum ===> 379575c51320769368c97f3694741ed8
http://abucker.sites.uol.com.br/125487.jpg         md5sum ===> 8ca8646c4fa2fa9297b193d049cf8381
http://adilsonrodrigues1979.sites.uol.com.br/nerd1.htm         md5sum ===> 0525ee5c6651d6d4156cb305822f5b9b
http://adilsonrodrigues1979.sites.uol.com.br/nerd2.htm         md5sum ===> 306d330b18d95e06033dcad492a9aea6
http://adilsonrodrigues1979.sites.uol.com.br/nerd3.htm         md5sum ===> 9cd173fdd5f71034cf9796ff47d3fd4f
http://adilsonrodrigues1979.sites.uol.com.br/nerddll.htm         md5sum ===> 41994fe41feffdd8762463f441ceed36
http://esoeli.sites.uol.com.br/2011/sunjun7.swf         md5sum ===> 085e53e1ff29f4467c4eb6e45e4f40c9
http://casadecarneslorao.kit.net/pinkfloyd.txthttp://www.virustotal.com/file-scan/report.html?id=6986ceb7136d88e29a41096c0d654ac1662209689a633b39f588be5286026798-1313842064
VT 33/44 (75.0%)
http://www.virustotal.com/file-scan/report.html?id=198cb0c6ae2aef923814dae80dcde635a42d792a5a4c4b80cff083929a01569d-1313842253
VT 32/44 (72.7%)
http://www.virustotal.com/file-scan/report.html?id=9d032757d34136bed6de1921647f176a5aba4ebadb457e48ec074655e237d90f-1313841828
VT 29/44 (65.9%)
http://www.virustotal.com/file-scan/report.html?id=314609ecc96706079ec0f7ade5463501c209df8e33ddd206073f955507f2be1f-1313842097
VT 36/43 (81.8%)
http://www.virustotal.com/file-scan/report.html?id=c3c3bf22d03a44c2be56595632911a75f8fab466b52b36904626522d64b52cc6-1313842242
VT 3/44 (6.8%)
http://www.virustotal.com/file-scan/report.html?id=4a817655025280ef9206a1f6844daf2fe159c665a0d1ac73d64c88172d242181-1313842447
VT 37/44 (84.1%)
http://www.virustotal.com/file-scan/report.html?id=2ddc7607cac2720f520c909d78a216f98f78ce2c1bc3d08c051b5158da0b0ab3-1313843219
VT 27/44 (61.4%)
http://www.virustotal.com/file-scan/report.html?id=1f5d57fe6d732260fe4eaf89380584c2a01cbb7c1084319e0541edf3220e6f9b-1313843405
VT 34/44 (77.3%)
http://www.virustotal.com/file-scan/report.html?id=54c5b5a8ac6389581cf69c2c4b44b80a72ed034d0f4d50dbe34f48250ba1f98a-1313843492
VT 35/44 (79.5%)
http://www.virustotal.com/file-scan/report.html?id=008f41c045b2b8c3807976782a6dd82de8c6bbc24210990f56df08b00db0ee62-1313849120
VT 1/44 (2.3%)
http://www.virustotal.com/file-scan/report.html?id=fcf436977e5445befbcd66a43305aa209a6851a1f0defd0e1fb39106e41f27ab-1313847703
VT 1/44 (2.3%)

[boston]

xttp://www.saltcitycandle.com.au/facebook-pic0008422012.exe
http://www.virustotal.com/file-scan/report.html?id=a2b59d4866bfb257736e29c278b5011c6ba22e1167a8476c5536cf60550826c8-1314349064

[boston]

xttp://nexusys.com/facebook-pic0008422012.exe
http://www.virustotal.com/file-scan/report.html?id=d99115476173bb83f9fae69711817e0137263e840d8cae6dc28cd4099ab3abdb-1314447110
nexusys.com is hacked("Own3d By G-TeaM").

[EP_X0FF]

Trojan Downloader

hxxp://178.18.243.242/d.php?e=2&f=54

It's payload - SpyEye v1.3.4x

hxxp://dl.dropbox.com/u/35881612/axis.prd

SpyEye customconnector gates

hxxp://hydracock.ru/hydra/sneak.php;90
hxxp://womenlovetdqs.ru/women/calendar.php;90

FTP back connect settings

176.28.0.133:30000;reseach1;WinUser0;WinPassw0;hxxp://dl.dropbox.com/u/31900636/proper.otx

[EP_X0FF]

SpyEye v1.3 gate

hxxp://livedieoslix.com/_cp/gate.php

SpyEye 1.3 SYN1

hxxp://livedieoslix.com/frmcp0/

[boston]

xttp://www.facebook.realtorarcf.com/facebook-pic00099231016.exe
http://www.virustotal.com/file-scan/report.html?id=716fe47fd35d28f7960f760f22b68423c9c7b4e2b92fb4cd76863b9fd51ee628-1315655919

[boston]

xttp://www.zeissopticszone.com/facebook-pic00049232016.exe
http://www.virustotal.com/file-scan/report.html?id=8840a31dceb0b7eb3b2a9b84ebc57216a9416f97116aec9357f48a78b5ed364d-1315698118

[EP_X0FF]

Redirects to Blackhole exploit kit

hxxp://www.protizer.net/example2.html

Blackhole exploit kit

hxxp://mnedw.info/internet.php?top=2c60cb648797f598

Blackhole payload (various)

hxxp://mnedw.info/w.php?f=16&e=2
hxxp://mnedw.info/w.php?f=19&e=2
hxxp://mnedw.info/w.php?f=21&e=2