daily something......

[jackberri]

IP Location: Brazil  - ZIPNET BR AS
IP  200.147.1.41
[200-147-1-41.static.uol.com.br]
AS7162
Registrant/Email Registrant: Contato Administrativo - UOL/l-registrobr-uol@corp.uol.com.br/

Code: [Select]

hxxp://biodata.sites.uol.com.br/loterias.ico         md5sum ===> 9e2edf6c2ac8dc77798fc9cda7de5f5a
hxxp://biodata.sites.uol.com.br/muriel.ico         md5sum ===> 46311e7267f8e402f8f22d987aa23c5c
hxxp://transrealtt.sites.uol.com.br/novobho/santa.gif         md5sum ===> 12b78c785a3cb149d84f262d8d68ae6f
hxxp://transrealtt.sites.uol.com.br/novobho/ne.gif         md5sum ===> 6a5dab8f9cfa33106b9e01f23de24d73
hxxp://transrealtt.sites.uol.com.br/novobho/pegamsn.gif         md5sum ===> 7b79d59698025b68e0a34970abcab61f
hxxp://transrealtt.sites.uol.com.br/novobho/gf.gif         md5sum ===> a5fc22301baef855a3b175588511f001
hxxp://transrealtt.sites.uol.com.br/novobho/lista.gif         md5sum ===> 3ba613cfeb4227b471cd06136bb948f3http://www.virustotal.com/file-scan/report.html?id=1e800ffd7ee0032dd6c18d11c65ac5c2b5c10932173b730d65da770714398b3e-1317705259
VT 25/43 (58.1%)
http://www.virustotal.com/file-scan/report.html?id=04d8bfb631f42afd4dca283cb4ba2ab99aa89797eeef2089969399ba9f0dea55-1317705290
VT 24/43 (55.8%)
http://www.virustotal.com/file-scan/report.html?id=4a88a27440c988d7c0dbe004464b3598e0c1b16c3d668ce1135c8272b89169c5-1317705285
VT 3/43 (7.0%)
http://www.virustotal.com/file-scan/report.html?id=29a45b33141a4dc09429cf5cec4cf0c99cc41030dfe2489fe79401a88bd5f8ff-1317705331
VT 9/43 (20.9%)
http://www.virustotal.com/file-scan/report.html?id=bca7ce1f2d412a2bcd95d86622fe169bbe33e2763285cf292a466e761eb93c91-1317705325
VT 22/43 (51.2%)
http://www.virustotal.com/file-scan/report.html?id=b058664827092eaac3b3976bf1c44266e88ffba15885e2b25d614ec8a2e7dc0d-1317705318
VT 19/43 (44.2%)
http://www.virustotal.com/file-scan/report.html?id=90367919d3a44705d3d85afaca7f2bf7be6774040ba34d950489e6a0f003676c-1317705326
VT 29/43 ((67.4%)

[jackberri]

IP Location:  Korea - SK-1
IP 210.219.173.220
AS9318
Name Server: ns33.dnsever.com  |ns61.dnsever.com  | ns76.dnsever.com  | ns231.dnsever.com  | ns259.dnsever.com
Registrant/Email Registrant: pinkmode/aa0123aa@daum.net

Code: [Select]

hxxp://update.graycolor.co.kr/down/privacynsetup_ad.exe         md5sum ===> dccfb491cf2a219860f884ce39f78e19
hxxp://update.graycolor.co.kr/down/shotcuts.exe         md5sum ===> 6211999662a77041117b16d6f22acb76
hxxp://update.graycolor.co.kr/down/WinDV__WD03.exe         md5sum ===> 6b4a3351007371755aab8c379ac77fea
hxxp://update.graycolor.co.kr/down/yahoomain.exe         md5sum ===> 151de3356bf907c729ba86ce5f388d04http://www.virustotal.com/file-scan/report.html?id=98466abcabfc00e23150fd75d9965df690734c0346d764a7fe4745500a5866da-1317341404
VT 25/43 (58.1%)
http://www.virustotal.com/file-scan/report.html?id=127cca63f5d12a41f6126bc46353f320186ada09531a4c7d133ad5be995cf785-1317719862
VT 4/43 (9.3%)
http://www.virustotal.com/file-scan/report.html?id=6c3f8b36a679ffc03fe09e5fdd61b3068848432137f45a1a535587cbb5b28858-1317687714
VT 36/43 (83.7%)
http://www.virustotal.com/file-scan/report.html?id=be6b5cd22ad2c2f96c7df58b472de3fbc9c8fc0b456fd3fb64036b296417d8a2-1317719832
VT 27/43 (62.8%)

IP Location:  Korea - KRNIC-ASBLOCK-AP
IP 119.70.227.138
AS17858
Name Server: ns1.nurihosting.com | ns2.nurihosting.com
Registrant/Email Registrant: kim eun ho/amuking@nate.com

Code: [Select]

hxxp://update.mylinks.kr/windowsliveprotect/windowsliveprotect.ts3         md5sum ===> 6c28f46324ead6841ead741faee2dc19http://www.virustotal.com/file-scan/report.html?id=ed1d4048654d4d62c31981d6ee3206cfb3a680618403681570debaf0ed3b3494-1317114164
VT 3/43 (6.8%)

[EP_X0FF]

Worm:Win32/Phorpiex.B

hxxp://www.allezdax.com/images/m.exe

original

http://www.virustotal.com/file-scan/report.html?id=46df00fe94b56de2db6994ac1fec95abddb9541f0e9df6221d90570f8fe7c997-1317833435

decrypted

http://www.virustotal.com/file-scan/report.html?id=868bfc53f7f216b62eae4b403e4cd4ae8a7c36917553ef086f606ce4a47daf78-1317833792

[jackberri]

IP Location:  Korea - SK-1
IP 211.49.99.33
AS9318
Name Server: ns.realcleaner.co.kr
Registrant/Email Registrant: UCF/ucf@hotmail.co.kr

Code: [Select]

hxxp://upstat.realcleaner.co.kr/P/datamodify.exe         md5sum ===> d9fd3fd4ac002b835acefb37ab425c82http://www.virustotal.com/file-scan/report.html?id=4b012a336bf4f8c6b23086fa86c3dea18d841a8cbd8dd962bc8ab67f99226f17-1317770637
VT 23/43 (53.5%)

IP Location:  CHINA - CHINA-TELECOM
IP 223.244.225.3
AS4134
Name Server: NS1.SUPERDNS.ORG | NS2.SUPERDNS.ORG
Registrant/Email Registrant: xiao  qi/liaio32@qq.com

Code: [Select]

hxxp://fonfo.info:50/setup.exe          md5sum ===> a09297cdd49ebb134858db4f6da1986d
hxxp://fonfo.info:50/Installation.exe          md5sum ===> 42ec6d814f6b7b74f76d5d34876b92e7http://www.virustotal.com/file-scan/report.html?id=0bd202a64fb5c084facf98bd93265fabe53219031492e11c7aacf813eef69137-1317815901
VT 32/43 (74.4%)
http://www.virustotal.com/file-scan/report.html?id=f2dac0f5451359981b36eb180cb150592f4be26201695d32ae147ef0ddf25d1b-1317816166
VT 35/42 (83.3%)

IP Location: Brazil  - ZIPNET BR AS
IP  200.147.1.41
[200-147-1-41.static.uol.com.br]
AS7162
Registrant/Email Registrant: Contato Administrativo - UOL/l-registrobr-uol@corp.uol.com.br/

Code: [Select]

hxxp://ferreira.adao.sites.uol.com.br/1droid.txt         md5sum ===> 3bc1fe0f8639b019cab2ad03156861aa
hxxp://ferreira.adao.sites.uol.com.br/2pject.txt         md5sum ===> f3f64e3ebe9e1a192048bc1d6bf6f09a
hxxp://ferreira.adao.sites.uol.com.br/3dfwuy.txt         md5sum ===> 1491addec99ab2fa4dd84ae931c4bbab
hxxp://ferreira.adao.sites.uol.com.br/4dpjec.txt         md5sum ===> 418453180c535301678fa2cd115df539
hxxp://ferreira.adao.sites.uol.com.br/5btusb.txt         md5sum ===> 8be21ea7f35726bcf61435e33a0f4ea5http://www.virustotal.com/file-scan/report.html?id=b1d33b2b1f54fcfc435693c2a2223537087df6b484838a335adf60bd18a2c545-1317797417
VT 26/43 (60.5%)
http://www.virustotal.com/file-scan/report.html?id=cdad02967a4d26c937889e5056a01333056afffa3546079e4cf1e5628b68116f-1317797505
VT 26/43 (60.5%)
http://www.virustotal.com/file-scan/report.html?id=9369b2ad7e0c75bfaca28c1cdefe513dc077be491f795009886d7a3fd11ec341-1317797432
VT 28/43 (65.1%)
http://www.virustotal.com/file-scan/report.html?id=b2a71abdeeaca30e7d763e828df95e4a0acb5a548b57fa7ef51c896d5ac69df8-1317797433
VT 23/43 (53.5%)
http://www.virustotal.com/file-scan/report.html?id=088d7235b39a62a7b8df7ea2428953d55c5f954f894894bc6b8e1c77dee3f021-1317797423
VT 27/43 (62.8%)

[HGPower]

Code: [Select]

http://update.realcleaner.co.kr/setupa/realcleanersetup.exerealcleanersetup.exe 17/ 43
MD5: 3f67862ffbaaab5f919b8128d844596e
https://www.virustotal.com/file-scan/report.html?id=2be1d5ead3d5d585f71ce4254ab20e7de365777b6828627d52fa049eba7b0f1f-1317857225

Code: [Select]

http://update.realcleaner.co.kr/bin/uninst_realcleaner.exeuninst_realcleaner.exe 4/ 43
MD5: 930c5c4e81498b4c3598a1d6b4e2e914
https://www.virustotal.com/file-scan/report.html?id=b8a98305eb82f394b86206632092791e5ce3b79c87b7728cfc02b960a3b97672-1317857600

[jackberri]

IP Location:  United States - BurstNet Technologies
IP 64.191.44.136
[noc26.simplehost.com.br]
AS21788
Name Server: ns1.simplehost.com.br  | ns2.simplehost.com.br | ns3.simplehost.com.br
Registrant/Email Registrant: Mateus B Mattos/mateus@simplehost.com.br

Code: [Select]

hxxp://luizrenato05.site.com.br/clientes/u_422205_715f6bab21/imgRoot/4512.txt         md5sum ===> ee86a7c141e46aaf8e5aeab40a36e27ehttp://www.virustotal.com/file-scan/report.html?id=fd339d1013fc0eb4847ba00efcd8e87f174ca06282889c1446611493dddeb1a8-1317919865
VT 29/43 (67.4%)

IP Location: Brazil  - ZIPNET BR AS
IP  200.147.1.41
[200-147-1-41.static.uol.com.br]
AS7162
Registrant/Email Registrant: Contato Administrativo - UOL/l-registrobr-uol@corp.uol.com.br/

Code: [Select]

hxxp://silva-lucas2011.sites.uol.com.br/parte1.png         md5sum ===> ff8b7dd4b03a07e4c4ef70034fc50361
hxxp://silva-lucas2011.sites.uol.com.br/parte2.png        md5sum ===> 6838d3bc36df918ac32da69b4d4129f0
hxxp://silva-lucas2011.sites.uol.com.br/parte3.png         md5sum ===> abfdcc137575ffe75b58f94dcceb23fb
hxxp://silva-lucas2011.sites.uol.com.br/parte4.png         md5sum ===> 7124eee9aa4514d2475e834923ed652d
hxxp://silva-lucas2011.sites.uol.com.br/parte5.png        md5sum ===> 591a8a99dc75ef145bfac8ae9941a829
hxxp://pr.dsa.sites.uol.com.br/toples.ico         md5sum ===> 91f918a35085b5c033578f5fc4fbba9chttp://www.virustotal.com/file-scan/report.html?id=d96344ddae3642c90bb88264e8b10736fdc00ff4590a1ca09a0a3adf24587218-1317918725
VT 28/43 (65.1%)
http://www.virustotal.com/file-scan/report.html?id=e5401a94bdf46a557cb6683f8ebe19f4a20cb35452a61f35fbce0f3cb6c59e6f-1317918862
VT 28/43 (65.1%)
http://www.virustotal.com/file-scan/report.html?id=1fc24b834664b0650fdc2c789ff382d43860857c73ded8dbc6c00fef261296af-1317923316
VT 30/43 (69.8%)
http://www.virustotal.com/file-scan/report.html?id=74d74983b69d0e70a2ad6cac4f9ba6a47531e1ab79d64db34c224414305757d8-1317918977
VT 24/43 (55.8%)
http://www.virustotal.com/file-scan/report.html?id=ecd5ae89562fcf72becb26c2a292932fa4912610164386059e928819cb1d75c7-1317918986
VT 21/43 (48.8%)
http://www.virustotal.com/file-scan/report.html?id=dafc2f894f1808336d1ecf75d6751a2096f44d1708affd541de700c43d7f5789-1317919979
VT 27/43 (62.8%)

[jackberri]

IP Location: Brazil  - ZIPNET BR AS
IP  200.147.1.41
[200-147-1-41.static.uol.com.br]
AS7162
Registrant/Email Registrant: Contato Administrativo - UOL/l-registrobr-uol@corp.uol.com.br/

Code: [Select]

hxxp://fontessouza.sites.uol.com.br/moduloa.jpg         md5sum ===> 6f4b0cc26ce2aeb612950a93dfa80f27
hxxp://edinei.francisco.sites.uol.com.br/moduloa.jpg        md5sum ===> bfa7881c72f4c68b406bd9343c08bd07
hxxp://adelcio.dias.sites.uol.com.br/590.ico         md5sum ===> ad04ec830ec2a74d3d04165998d3e228
hxxp://adelcio.dias.sites.uol.com.br/710.ico         md5sum ===> f3a36952d8f223660c6d4a01d5e03c9f
hxxp://ultemar.sites.uol.com.br/principal.swf        md5sum ===> 17fa380f2c752c85d8980af80402d141
hxxp://brudekitransportes.sites.uol.com.br/lojas.ico         md5sum ===> 7b09a532ba9728419d13b2245b464628
hxxp://brudekitransportes.sites.uol.com.br/mozilla.ico         md5sum ===> de026166b2c69ff6ed4e839e248f1fe6
hxxp://sonia.sales.sites.uol.com.br/600.ico         md5sum ===> 484b7e1ab9915235810199ad43216d2c
hxxp://sonia.sales.sites.uol.com.br/720.ico         md5sum ===> 96c9a154f9f8915adaaf827651034eb9http://www.virustotal.com/file-scan/report.html?id=f77fc0c7711cebc76be3485f11fa60868128da563ed07958af37d8c307abda47-1318103224
VT 35/43 (81.4%)
http://www.virustotal.com/file-scan/report.html?id=2a0731e37619887bd5742f3f795ab2fe1f13098530ad6fba2a7cbd28b0d9b17f-1318162659
VT 33/43 (76.7%)
http://www.virustotal.com/file-scan/report.html?id=5bd3dcc304655aca1103ca5278d1f214700ceb279ace387f3e67833824bc0029-1318162641
VT 26/43 (60.5%)
http://www.virustotal.com/file-scan/report.html?id=f29ba82279b6e52059b5c5034123f093b92fe17295c969ce01a6f29866a340d5-1318162668
VT 24/43 (55.8%)
http://www.virustotal.com/file-scan/report.html?id=103aa9f8e0a8162b6363c4cc073b1d783c066c41bdefed7e8c85645f34191923-1318162626
VT 34/43 (79.1%)
http://www.virustotal.com/file-scan/report.html?id=f87491179f722f2570402c729e477308d0302f84c7fb77589d8e4b7ec32d1c79-1318162643
VT 26/43 (60.5%)
http://www.virustotal.com/file-scan/report.html?id=a2b7097f32651ae201987805c4db2679ea7e8fbb014325427779a50ffd42ff85-1318162635
VT 25/43 (58.1%)
http://www.virustotal.com/file-scan/report.html?id=cdc231fc32d87b2c1c93f0ee36d828a66f790a6feaf49644739a4d30759b55ec-1318162573
VT 25/43 (58.1%)
http://www.virustotal.com/file-scan/report.html?id=1fc45bf022d5a0d3c23a5e2729925b2415119f8872a8b0a5147e3e6b0b0d17b1-1318162525
VT 25/43 (58.1%)

IP Location:  United States - INTERNAP-2BLK
IP 74.201.86.21
[sugarsync.com]
AS12182
Name Server: PDNS1.ULTRADNS.NET  | PDNS2.ULTRADNS.NET  | PDNS5.ULTRADNS.INFO  | PDNS6.ULTRADNS.CO.UK  | PDNS3.ULTRADNS.ORG  | PDNS4.ULTRADNS.ORG
Registrant/Email Registrant: SugarSync, Inc./itops@sugarsync.com

Code: [Select]

hxxps://www.sugarsync.com/pf/D6378394_613_33073627         md5sum ===> f51ec60c147a32cc46a92269f86b74e4
hxxps://www.sugarsync.com/pf/D6378394_613_33089782         md5sum ===> 13d21251bbcabe5515785a26f1fd433fhttp://www.virustotal.com/file-scan/report.html?id=dab40af7699a3c4f2e2abe3a353dcdd9c374d61ccb4a6ade0b6a669e8c627071-1318157003
VT 15/43 (34.9%)
http://www.virustotal.com/file-scan/report.html?id=be78ef2a8e498ced6e96c6778d4d14f04c74b6d6fc5007b6e08f8c4b625bfc78-1318157284
VT 28/43 (65.1%)

IP Location:  United States - BurstNet Technologies
IP 184.22.40.247
[184-22-40-247.static.hostnoc.net]
AS21788
Name Server: f1g1ns2.dnspod.net  | f1g1ns1.dnspod.net
Registrant/Email Registrant: ShaoJunyuan/sjy6553@163.com

Code: [Select]

hxxp://zz.cdbeta.com/update/main.exe         md5sum ===> 69a36f1fd855bbd2a3c2692c65c0587ehttp://www.virustotal.com/file-scan/report.html?id=797b96dfc3e75ae2c8e9a2fcfbb2cd113924867167e40e4af3ed856644b6d74e-1318149380
VT 15/42 (35.7%)

[boston]

xttp://image331.tk -> xttp://huxors.fileave.com/FACEBOOK-Photo-DSC120302032023.jpg.exe
http://www.virustotal.com/file-scan/report.html?id=11819e49868bbcade399d0eaee2197bd5989c143f530923fc9a026578ca33d3e-1318325263

[jackberri]

Code: [Select]

hxxp://94.198.240.105/sdownload50/let1115/1317.1ff928a8bc27a3b6a380d2ef3a7b_0/SpyEye_v2.0.exehttp://www.virustotal.com/file-scan/report.html?id=99ec2ca9b3a7bf5bd299e908c32db19f29eca750a688f8fca68b868d6e1f4ab7-1318332023
VT 1/43 (2.3%)

[MysteryFCM]

It's 404'ing here

[jackberri]

yes 

[jackberri]

IP Location: Brazil  - ZIPNET BR AS
IP  200.147.1.41
[200-147-1-41.static.uol.com.br]
AS7162
Registrant/Email Registrant: Contato Administrativo - UOL/l-registrobr-uol@corp.uol.com.br/

Code: [Select]

hxxp://pizaniraybolt.sites.uol.com.br/720.ico         md5sum ===> 8ca466674a3810208c3c8bfcb0862afd
hxxp://pizaniraybolt.sites.uol.com.br/600.ico        md5sum ===> 5b2caa3bc38b212ed357014c68f56e4a
hxxp://yellowblack.sites.uol.com.br/SET1.tmp         md5sum ===> 86a46daef687199f4f951691bdeba977
hxxp://yellowblack.sites.uol.com.br/SET2.tmp         md5sum ===> 45b0ae86eb7db1b489d15ea36bf70062
hxxp://matheus.m.filho.sites.uol.com.br/200.ico        md5sum ===> adbefc3011625e0df5c6f641ee9d7adc
hxxp://matheus.m.filho.sites.uol.com.br/300.ico         md5sum ===> 1aeb31ac555ec91881262f028b675c99
hxxp://amazzamboni.sites.uol.com.br/moduloa.ico         md5sum ===> cf47f7ab6f1fc3970f1f0a00b7e37d16
hxxp://corsinogomes.sites.uol.com.br/moduloa.jpg         md5sum ===> 4eafb4dc228f313d9c27d9850ddd34c6
hxxp://cidamiquelim.sites.uol.com.br/album/uolk/thumb/hotlive.css        md5sum ===> 671bd55e4747b95cb72042c0e6bb0d65
hxxp://cidamiquelim.sites.uol.com.br/album/china.css         md5sum ===> 537de85fee654027de622cb44f31a606
hxxp://coferpaltda.sites.uol.com.br/marussia.ico         md5sum ===> 6554ae9c695ae1990c7dca73cf8f584b
hxxp://coferpaltda.sites.uol.com.br/luduvico.ico         md5sum ===> 88f12047374ad0db5aefd70b733baefd

[jackberri]

IP Location: Germany - Karlsruhe Inline Internet Online Dienste Gmbh
IP 178.18.243.201
AS31147
Name Server: ns1.freedns.ws | ns2.freedns.ws | ns3.freedns.ws | ns4.freedns.ws
Registrant/Email Registrant: Miroslava Batkova/MiroslavaBatkova@yahoo.com

Code: [Select]

hxxp:/www.ao9z.com/js.exehttp://www.virustotal.com/file-scan/report.html?id=c64a74b008ed5c8c607bb86a51e8452db05237cdcdc162d4debff8c82f6d33ab-1318590540
VT 32/42 (76.2%)

[jackberri]

IP Location:  Germany - GIGA-HOSTING
IP 79.143.188.72
[hserv22.homehost.com.br]
AS51167
Name Server: NS7.SERVIDORPROTEGIDO.COM  | NS8.SERVIDORPROTEGIDO.COM
Registrant/Email Registrant: Nelson Ribeiro Bastos Junior/calunga44@yahoo.com.br

Code: [Select]

hxxp://thubn.com/mod32.txt          md5sum ===> 310405756ea46ed1c9a1185fd51308fb
hxxp://thubn.com/Authot.txt         md5sum ===> 17b3fd5f20e6981006ef730842f21980http://www.virustotal.com/file-scan/report.html?id=e176725ea377fa24f349d07a6eab1f66dbb92e88613b9fea97b1c8038ccdf820-1318957687
VT 17/43 (39.5%)
http://www.virustotal.com/file-scan/report.html?id=ed03d7dd698ef8fff3ca6ab43ec25dfdea1ad107633ca3799142e6f0c73d3255-1318965443
VT 24/41 (58.5%)

malware calls home:
IP Location:  Netherlands - LeaseWeb B.V
IP 95.211.78.30
[hosted-by.leaseweb.com]
AS33055
Name Server: ns3.cnmsn.com | ns4.cnmsn.com
Registrant/Email Registrant: Whois Privacy Protection Service/gmvjcxkxhs@whoisservices.cn

Code: [Select]

hxxp://finalcortex.com/snapbn/gate.php

[jackberri]

IP Location:  Korea - HCLC-AS-KR HCLC
IP 124.217.218.10
AS38661
Name Server: ns1.rcdns.com  | ns2.rcdns.com  | ns3.rcdns.com
Registrant/Email Registrant: lee sang moon/kyung424@ebiznetworks.co.kr

Code: [Select]

hxxp://down.okprivacy.co.kr/okprivacy/okpwcher.exe   md5sum ===> 3e57b1942e29ab80d799454084dd1cfd
hxxp://down.okprivacy.co.kr/okprivacy/okprivacy.exe  md5sum ===> 0aa158d06a999eaff16e55e2760e387d
hxxp://down.okprivacy.co.kr/okprivacy/okpuninst.exe  md5sum ===> dc2a6221b092e7a7b25e64bb38c3a9dfhttp://www.virustotal.com/file-scan/report.html?id=579736297f818e8ed2e759d466a4597eb6ec6791fad00d90d9a6ddc4094e500e-1318487309
VT 38/43 (88.4%)
http://www.virustotal.com/file-scan/report.html?id=17314a0fdfb2dea58c2b2d9e65446216f20285ef8280aea0789e220b6ccb1f49-1318860791
VT 40/43 (93.0%)
http://www.virustotal.com/file-scan/report.html?id=acb3ab7a9961784f9cc4a6b725e56a04858f636256c9fb778e777d5d973a6489-1318860798
VT 40/43 (93.0%)

IP Location:  United States - Brinkster Communications
IP 65.182.101.165
[yuma4.brinkster.com]
AS33055
Name Server: NS1.BRINKSTER.COM | NS2.BRINKSTER.COM
Registrant/Email Registrant: Diane Boivie/dgboivie@sbcglobal.net

Code: [Select]

hxxp://livingradiantly.com/pictures/Adove.exe        md5sum ===> 014ba9789090711a6a42fa63da27d04bhttp://www.virustotal.com/file-scan/report.html?id=323f5f12b8ce45e50c159d6d4ff0790db1af0c29f84099365439fbf24c7626d2-1319050183
VT 30/42 (71.4%)

IP Location:  Germany - XSSERVER-EU
IP 109.230.222.235
AS197043
Name Server: NS1.INWARE.IN | NS2.INWARE.IN
Registrant/Email Registrant: William Christie/christiew67@yahoo.com

Code: [Select]

hxxp://inware.in/dllupdt70.exe        md5sum ===> ef8aa3a2daf71b0dc60f54ba4b44084c
hxxp://inware.in/aslpatch10.exe       md5sum ===> 96d827f9ceffd2e58fa7092f7e424dffhttp://www.virustotal.com/file-scan/report.html?id=a7163e01e7b8e330f12f5452e21c1b7ee6b5519f9db75a2bb60091a8cbe08f1e-1319015857
VT 19/42 (45.2%)
http://www.virustotal.com/file-scan/report.html?id=f57927dba34b6d32793c39db6f8cd5fd7f960595e0d9154ab346af4ab1189bb0-1319038509
VT 22/43 (51.2%)