possibly malicious

« previous next »

Print

Pages: [1] Go Down

Author Topic: possibly malicious (Read 2499 times)

0 Members and 1 Guest are viewing this topic.

December 04, 2009, 07:01:02 pm

Read 2499 times

crunchtime

Special Access
Full Member
Offline
54

possibly malicious

I haven't had time to analyze this one but it looks interesting.

VirusTotal:
http://www.virustotal.com/analisis/00cbe01f1efde60ec0a22aceb16aaaf2a0f59674f8e501ce81b62b23c8189099-1259935626

Sample:
hxxp://74.81.78.68/IMG55340_09.JPG-www.myspace.com.exe

Logged

December 06, 2009, 11:35:14 am

Reply #1

MysteryFCM

Administrator
Hero Member
Offline
1693
Personal Text
Phishing Phanatic

Re: possibly malicious

There's a few of these floating around, for most social networking sites, and for some banks and the likes of PayPal etc.

/edit

The IP btw, belongs to solutionsbeyond.com and wickedleo.com (URL doesn't work if you replace the IP with either of these domain names though, indicating it's the server itself that's been compromised)

Logged

Regards

Steven Burn
I.T. Mate / hpHosts
it-mate.co.uk / hosts-file.net

December 06, 2009, 02:23:08 pm

Reply #2

Evilcry

Special Access
Jr. Member
Offline
39

Re: possibly malicious

The application is packed and presents a second executable called pista_.exe witch is the core malicious executable =)
pista_.exe is located into Temp Directory

Logged

Deep Root Never Freezes - Tolkien

Print

Pages: [1] Go Up

« previous next »

SMF 2.0.17 | SMF © 2019, Simple Machines
Aqua Style by Diego Andrés
XHTML
RSS
WAP2

Page created in 0.038 seconds with 20 queries.