Author Topic: daily something......  (Read 687605 times)

0 Members and 1 Guest are viewing this topic.

January 20, 2010, 09:44:25 pm
Reply #690

GmG

  • Special Members
  • Full Member

  • Offline
  • *

  • 92
Seo Sploit Pack

Code: [Select]
http://speechabout.com/spkven/img/logo.png
Code: [Select]
http://speechabout.com/spkven/index.php
http://speechabout.com/spkven/oeblowyz.php
http://speechabout.com/spkven/peaksl.php
http://speechabout.com/spkven/loadjavad.php?page=1
http://speechabout.com/spkven/newkclh.php
http://speechabout.com/spkven/files/common.jar
http://speechabout.com/spkven/flash.php
http://speechabout.com/spkven/f10.swf
http://speechabout.com/spkven/js/fuckyouowaw.js
http://speechabout.com/spkven/files/goapezbf.pdf
http://speechabout.com/spkven/files/llliesr.pdf


January 21, 2010, 12:43:19 am
Reply #691

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
Code: [Select]
hxxp://klitar.cn//cp/r/20/299c49cc5225165610cd08227e9d5562/af73d9596a9a6363ffd5d968628f7a9c  Trojan Zbothttp://www.virustotal.com/es/analisis/c41d106d812ddd638d884ecfad511f538ade219a75e6040fd2a0fe1c40f48ebf-1264033144

Code: [Select]
hxxp://klitar.cn//cp/l/28/088f1f3a888617973b88c21a23f907d5/f8fdf0601bcc3453b8b4d90fce622406  VBInjecthttp://www.virustotal.com/analisis/3077da26818ed411d55d29708de40b4ce10c15a94804e7253a60ec634ce701bc-1263894929

Code: [Select]
hxxp://klitar.cn/cp/l/19/c95535db0ebc2d416bbefcacd3345420/f1a64914c01f584549056805acc61736   Trojan Pincavhttp://www.virustotal.com/analisis/510f22b8ab8e26bbba57c069c4c828a5914a69bdfa79759c3b55fdf84493aac7-1264007610

Code: [Select]
klitar.cn/cp/l/4/d0bb4def365fa3b84722730df8d5d426/be5497d39d00bb43062d5086aba72eea    Backdoorhttp://www.virustotal.com/analisis/ecb37ee28c5a3d85a71fcac80bbc6699efe9480c20a96768ce6141ce7f304975-1263799262

IP 193.104.110.89
AS50073

Registration Date: 2009-11-28 04:25
Administrative Email: gamegalenty@mail.ru

January 21, 2010, 07:43:27 pm
Reply #692

SysAdMini

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 3335
pdf files from Seo Sploit Pack.
http://www.malwaredomainlist.com/mdl.php?search=aboutstarting.com&colsearch=All&quantity=50&inactive=on

detection rate is extremely low.

http://www.virustotal.com/analisis/496355ba64ffabe3c90739a69ce1ea7b87270a619509f3695021253fe6b47660-1264102393
Sunbelt   3.2.1858.2   2010.01.21   Exploit.PDF-JS.Gen (v)
File size: 10813 bytes
MD5...: 02991fa85c1829cb77e7e600a61635a0

http://www.virustotal.com/analisis/adcfea769e83278928f53f39f9ee3c8300c07fbf2c8568bd1880bbf4d0faae8f-1264102403
Sophos   4.50.0   2010.01.21   Mal/PDFEx-D
Sunbelt   3.2.1858.2   2010.01.21   Exploit.PDF-JS.Gen (v)
File size: 6173 bytes
MD5...: d35044b1ffcbed1d2f30de2521b10d3c
Ruining the bad guy's day

January 21, 2010, 08:36:25 pm
Reply #693

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
Trojans:

Code: [Select]
hxxp://x.mdwyt.com:81/tl.exe
hxxp://x.mdwyt.com:81/wm.exe
hxxp://x.mdwyt.com:81/jx.exe
hxxp://x.mdwyt.com:81/tx2.exe
hxxp://x.mdwyt.com:81/yh.exe
hxxp://x.mdwyt.com:81/cjsh.exe
hxxp://x.mdwyt.com:81/my.exe
hxxp://x.mdwyt.com:81/zx.exe
hxxp://x.mdwyt.com:81/yxd.exe
hxxp://x.mdwyt.com:81/qqsg.exe
hxxp://x.mdwyt.com:81/wow.exe
hxxp://x.mdwyt.com:81/wd.exe
hxxp://x.mdwyt.com:81/dh2.exe
hxxp://x.mdwyt.com:81/wl.exe
hxxp://x.mdwyt.com:81/qqhx.exe
hxxp://x.mdwyt.com:81/sm.exe
hxxp://x.mdwyt.com:81/mh.exe
hxxp://x.mdwyt.com:81/lszt.exe
hxxp://x.mdwyt.com:81/dnf.exe
hxxp://x.mdwyt.com:81/mz.exe
hxxp://x.mdwyt.com:81/mj.exe
hxxp://x.mdwyt.com:81/qq.exe
hxxp://x.mdwyt.com:81/msn.exe
hxxp://x.mdwyt.com:81/yingzi.exe
hxxp://x.mdwyt.com:81/ie.exe
hxxp://x.mdwyt.com:81/dbs.exe

IP 202.107.244.170
AS4134


January 22, 2010, 09:10:20 am
Reply #694

sursmurf

  • Special Access
  • Full Member

  • Offline
  • *

  • 68
Downloader:
Code: [Select]
http://dogphotography.nl/admin/getfile.php?a=1003
http://axul13.com/admin/getfile.php?a=1003
http://arhewi.com.pl/admin/getfile.php?a=1003

[VT 9/41]
http://www.virustotal.com/analisis/77207a8afe57d147e904f54515db8edd1a570b23b8623262ad78e5adc486b44e-1264151129

January 23, 2010, 10:40:01 am
Reply #695

CkreM

  • Special Access
  • Hero Member

  • Offline
  • *

  • 567
Eleonore pack(1.3.2):
Code: [Select]
m19citizen.cn/2/index.php
m19citizen.cn/2/pdf.php
m19citizen.cn/2/stat.php
m19citizen.cn/2/load.php
http://www.virustotal.com/analisis/e5e34f3a567f87accc740535655eb86dc0b85ab879ec054d79e3485821f92cb7-1264241128

Nuclear pack:
Code: [Select]
mamarubik.in/dead/index.php
mamarubik.in/dead/spl/pdf.pdf
mamarubik.in/dead/stat.php
mamarubik.in/dead/exe.php
http://www.virustotal.com/analisis/2aac2603405ca3989802faaee668885a2780a65504d39423417fa20871886d33-1264241284

Eleonore pack:
Code: [Select]
yourenterain.com/index.php
yourenterain.com/pdf.php
yourenterain.com/load.php
yourenterain.com/stat.php
http://www.virustotal.com/analisis/7be889d58b448aa84996cd883074c7c5b3c694c2913fc470ac2f4963add74130-1264241578

Eleonore pack:
Code: [Select]
analiticcontrol.net/index.php
analiticcontrol.net/pdf.php
analiticcontrol.net/stat.php
analiticcontrol.net/load.php
http://www.virustotal.com/analisis/6dad5aab2ba7169ba3118324066e7bef4bcb885382636212fcfc7639d9cdb3d6-1264241668

Eleonore pack(needs www.):
Code: [Select]
www.cihaz.info/elenord/index.php
www.cihaz.info/elenord/pdf.php
www.cihaz.info/elenord/stat.php
www.cihaz.info/elenord/getexe.php
http://www.virustotal.com/analisis/7c3eb886538f702106873b0935aa4daabdbd6fbd6bad000af09b78ebdbff5068-1264241848

Nuclear pack:
Code: [Select]
electrofunny.cn/fun/index.php
electrofunny.cn/fun/stat.php
electrofunny.cn/fun/spl/pdf.pdf
electrofunny.cn/fun/exe.php
http://www.virustotal.com/analisis/3615df2d4b6d5704c0936032b66c316b26acfb3288d9ea5108fa52ed86e96b22-1264242029


Exploit pack(liberty?):
Code: [Select]
rainmannn.org/whitehorse/index.php
rainmannn.org/whitehorse/admin.php
rainmannn.org/whitehorse/update.php
http://www.virustotal.com/analisis/0f4a906a6fe60b53378bf954361963de03a0cb2e21915e421f1f3988250c580a-1264242315

trojans:
Code: [Select]
mega-counter.com/1tr.exehttp://www.virustotal.com/analisis/3a15d18d7e595eec975ad2238bde34913a5a8403815829bf184435f0c62d505c-1264242452
Code: [Select]
firstrew.com/ars/bot_1.7.10.exehttp://www.virustotal.com/analisis/88a925157ead4a3bfab277993bbdaeae5fd1216947e0fdab4216ce75acccc492-1264242527
Code: [Select]
globalstopaids.org/a8f370ac994d0450/core/4.exehttp://www.virustotal.com/analisis/e3a3a730fd33177aca5cad6e84978e367de6e7a88f5c8a80cdb02650d899527e-1264242551
Code: [Select]
www.vipimagine.cn/spyeraser096.exehttp://www.virustotal.com/analisis/0461dbc10535bcc56382bb379422433eb9c5b6c400c80b3e4a8e5475f98907cd-1264242730
Code: [Select]
195.189.247.101/bcbot.exe?12345http://www.virustotal.com/analisis/580af8b1af319ded2ac88f7a2d16d68f31fb045b893d3ba79fa04363ff536140-1264242789
Code: [Select]
refda.com/new/bot.exehttp://www.virustotal.com/analisis/c1ede7c2a4a7dfb23b1442fd18a851b4733374b6bb6803772e9582823b8ee3e8-1264242905
Mal-Aware

January 24, 2010, 01:15:55 am
Reply #696

CkreM

  • Special Access
  • Hero Member

  • Offline
  • *

  • 567

Eleonore  pack (1.3.2)
Code: [Select]
lizingss.com/index.php
lizingss.com//axLMw-p.php
lizingss.com/jquery.php
lizingss.com/eTnpw-l.php/8342d2c7f0e213ae11b8f0ce991f3294?spl=ActiveX_pack
lizingss.com//eTnpw-l.php/8ad56f034021e4baf4ce97a1c919937b?spl=javad

http://wepawet.cs.ucsb.edu/view.php?hash=c11ac1c04b61b1a61c2e993ef7b0b44d&t=1264296648&type=js
http://www.virustotal.com/analisis/1eca3b297fe4f49d7c81d8b60213178ed3367df77e12f80bbc1f4273d96feb43-1264272511
Mal-Aware

January 24, 2010, 01:31:34 am
Reply #697

CkreM

  • Special Access
  • Hero Member

  • Offline
  • *

  • 567
Liberty Pack:
Code: [Select]
gwsdwxae.cn/rtv/index.php
gwsdwxae.cn/rtv/admin.php
gwsdwxae.cn/rtv/download.php?expid=6&fid=1
http://www.virustotal.com/analisis/afa8f026297f8a37d5eb9ce1bfc73f1b6381a367601f48d36e5a42444772039d-1264296661
Mal-Aware

January 24, 2010, 01:45:03 am
Reply #698

CkreM

  • Special Access
  • Hero Member

  • Offline
  • *

  • 567
Eleonore pack(1.3.2)
Code: [Select]
thintin.com/1/sv777/index.php
thintin.com/1/sv777/pdf.php
thintin.com/1/sv777/stat.php
thintin.com/1/sv777/load.php
http://www.virustotal.com/analisis/d63fc72b098a88f9b7fd386c17f69c15305ba7d5ff93156cf3e4a3485962401e-1264297420
Mal-Aware

January 24, 2010, 01:54:11 am
Reply #699

CkreM

  • Special Access
  • Hero Member

  • Offline
  • *

  • 567
Nulled Pack
Code: [Select]
http://xxxfunporncheap.com/new/viewtopic.php?s=49c58ccafe
http://xxxfunporncheap.com/new/admin.php
http://xxxfunporncheap.com/new/post.php
http://www.virustotal.com/analisis/dd8b19430887334e4cbca46aff8e896f1587914b34bcbfdcbcfe37012f11e85b-1264297978

Oficla C&C:
Code: [Select]
topdns341.com/park/bb.php?v=200&id=525818411&b=smile24&tm=60
Mal-Aware

January 24, 2010, 04:00:41 am
Reply #700

CkreM

  • Special Access
  • Hero Member

  • Offline
  • *

  • 567




Code: [Select]
apomith.com/bu1/?t=4b543cc8f3408
apomith.com/bu1/admin.php
apomith.com/bu1/news.php?dd=%253AA1A%257B_s3xstrnOyfove6uBepY9%255D%253DaO%2524xE05FX8X%2522%252B%252C%2522qg%255DmqBuaTu%2522n%252BH9LiJMJNkV%252F%2522SuR%255Bl1%253B%252C6%253B%2522ZF1%253Dsy%252F3Ygi%25299%2522bz%253Dyl9%2529%253A%2529%2522HAD7rlzD%2522y%257D%253D%2522M%2522nrH%2522qK0%2522%2529q&tr=0

http://wepawet.cs.ucsb.edu/view.php?hash=17d6b54f2a44a6befd8645f6a353a9f1&t=1264306539&type=js
Mal-Aware

January 25, 2010, 01:02:25 pm
Reply #701

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
Trojans

Code: [Select]
hxxp://www.juanmm.cn:82/cpa/aaa.exe  md5sum ===>  626235e9e5862a76e41c0e3568625046http://www.virustotal.com/es/analisis/717231f7bc8c9d81e9a28b21ce52cd68e11d044953abd8185e3476b4037a5fb1-1264420813
VT 35/41 (85.37%)

Code: [Select]
hxxp://www.juanmm.cn:82/cpa/000.exe  md5sum ===>  a2d11350585fd808fd148116fb8cde3chttp://www.virustotal.com/es/analisis/4d4ec05e02ac3d004fe196a9ca2898569f9702478a1e5a74ed716d8f669c2dfc-1264421049
VT 10/41 (24.4%)

Code: [Select]
hxxp://www.juanmm.cn:82/cpa/111.exe   md5sum ===>  178afb04913060db6710691c82876a85http://www.virustotal.com/es/analisis/65666ec8d24ef6ba8b42e4519003ddcb69601584bf5600810df82cfe09512dd9-1264421219
VT 19/41 (46.35%)

Code: [Select]
hxxp://www.juanmm.cn:82/cpa/222.exe   md5sum ===> 3ac13b616fbf764840e40f8b6d22c338http://www.virustotal.com/analisis/eaeede43628853913d833b38731fbc7e95395981332d64b110a69912778a08c2-1264390321
VT 17/41 (41.46%)

Code: [Select]
hxxp://www.juanmm.cn:82/cpa/333.exe  md5sum ===>  1b718d0a88ba96c2ff6f87e6c88255cbhttp://www.virustotal.com/analisis/3b452283bbc236f6f17610744a3f708e7c5718957952cf74e5342d7e777eadc9-1264390141
VT 12/40 (30.00%)

Code: [Select]
hxxp://www.juanmm.cn:82/cpa/444.exe   md5sum ===>  f8737da375c84a4e066c1137e606e5bbhttp://www.virustotal.com/es/analisis/57f962b614b3706c3e2ebaccf7753420101c8f8bf77b0387766f729536003077-1264422863
VT 20/41 (48.79%)

Code: [Select]
hxxp://www.juanmm.cn:82/cpa/555.exe  md5sum ===>  e8149fc3ed4edf90e061de77a0aa3bd9http://www.virustotal.com/analisis/f8be676537c4204e07082e7d3eb1f395334d8da2a8f58f7b9afa81ac8104d0bc-1264388553
VT 21/41 (51.22%)

IP: 124.42.34.164
AS23844

Administrative Email: 328036447@qq.com




January 27, 2010, 08:55:54 am
Reply #702

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
Worm Palevo

Code: [Select]
hxxp://host3.idfc2.info/bdad.exea25184915b9ca74ea8c1aed4875513d4  ===>  bdad.exe
http://www.virustotal.com/analisis/11a87f2da1d19edb2e1e53ed2f6bf17304e55382ea7e30d42fecd148120f85e8-1264537990

Code: [Select]
hxxp://host3.idfc2.info/buda.exe6e9b5b5ccde950fa107932d767acc496  ===>  buda.exe
http://www.virustotal.com/analisis/9231017c8fec5d6e286189fc409e7619ea00f81deb482aedaa2d5dc2a1ea92a8-1264564259

Code: [Select]
hxxp://host3.idfc2.info/fdc1.exe43eaa93fa42e36a0efe682db00faa503  ===>  fdc1.exe
http://www.virustotal.com/analisis/1782e88b6377bd360a0b35f5f4048eceaea93ddcd08f18d45553f3f476359149-1264538200


Code: [Select]
hxxp://host3.idfc2.info/fdc2.exe86b004d610d0908747136a24b3d529ef  ===>  fdc2.exe
http://www.virustotal.com/analisis/3dd9347912c1407ef26704c1b9a7c1ce216470e2bde1e0a7b034b4637ca4ec07-1264564272


Code: [Select]
hxxp://host3.idfc2.info/ten.exe60ce94f5627b055270c0d40844645145  ===>  ten.exe
http://www.virustotal.com/analisis/8f0c44d0bc8b4a7910e0108ac61d924eac071becc5e0d2a74e172649e1151407-1264565024

Code: [Select]
hxxp://host3.idfc2.info/zero.exeaeb80081fc3d7aed4ea56575e274f527  ===>  zero.exe
http://www.virustotal.com/analisis/621fd211569a3040377a82a75855de4e91d98568091889d04862ab8f39d55e1f-1264542266

IP 98.126.28.121
Reverse:
Code: [Select]
customer.vpls.net
AS35908


January 27, 2010, 05:53:56 pm
Reply #703

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
Trojans

Code: [Select]
hxxp://pcqook.com/mssec/1000/mscmds.dlle7972bb0a76bc569830e9c7119f95320  ===>  mscmds.dll
http://www.virustotal.com/es/analisis/51d7b80b864440d563404d97b493f77aa1a1d7e4518aca6be6281cc286aacde6-1264613344
VT 10/41 (24.4%)

Code: [Select]
hxxp://pcqook.com/mssec/1000/msl.dll19886116b2c9b07ff03f0876a0832e72  ===>  msl.dll
http://www.virustotal.com/es/analisis/79ca43396d40d81bdb9df67a5ce829ef44089378de47098cffeb5d7dfe6986a6-1264613523
VT 22/41 (53.66%)

Code: [Select]
hxxp://pcqook.com/mssec/1000/mslight.exe6bb1273e4fea2d01e8bf3c94b2c932a3  ===>  mslight.exe
http://www.virustotal.com/es/analisis/636a212f26cf1f6465c3d0d4afb722a08bb70c022d8fbf437c6a7ed829ebcfb4-1264612702
VT 14/41 (34.15%)

Code: [Select]
hxxp://pcqook.com/mssec/1000/mssec.exed51535fd390c3d9c120dbd4f5957f7df  ===>  mssec.exe
http://www.virustotal.com/es/analisis/f00cb8ec79fddb52325983910c1a1b8c1de79d9167c002c8aa0bf7c698d935a4-1264614315
VT 16/41 (39.03%)

Code: [Select]
hxxp://pcqook.com/mssec/1000/uninstall.exe5ec55ecf4de71ee5e60fee45cf3e16ea  ===>  uninstall.exe
http://www.virustotal.com/analisis/788ef2229abc26aa5daab0dc07a72a73e933ef6405a77a5077860e4b236502b9-1264182835
VT 25/41 (60.98%)


Code: [Select]
hxxp://pcqook.com
IP: 114.207.112.169

Reverse:
 
Code: [Select]
114-207-112-169.tongkni.co.kr
IP Location: Republic Of Korea, Kyonggi-do - Seoul - Hanaro Telecom

AS9318

Registrar: HANGANG SYSTEMS, INC. D/B/A DOREGI.COM
Registrant: Seong ho, Cho
email: shcho007@nate.com

Seong ho, Cho owns about 3 other domains

January 27, 2010, 07:29:56 pm
Reply #704

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
Trojans:

Code: [Select]
hxxp://www.dnusax.com/bo/boappsdl.exe
hxxp://www.dnusax.com/bo/bodvddl.exe
hxxp://www.dnusax.com/bo/bogamdl.exe
hxxp://www.dnusax.com/bo/ep.exe
hxxp://www.dnusax.com/bo/bodivxdl.exe

bodivxdl.exe ===>  md5sum ===>  992d3a6d2b526c5734af10f5a5818d41
http://www.virustotal.com/es/analisis/138feab09768c3065ecf7cda081ff7ea54dad128770d26b68ef9eb053a805e9e-1264619188
VT 25/41 (60.98%)

Code: [Select]
hxxp://www.dnusax.comIP: 217.23.3.127

AS49981