Author Topic: New files for Zeus servers  (Read 54469 times)

0 Members and 1 Guest are viewing this topic.

October 15, 2011, 03:04:20 pm
Reply #300

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
IP Location: Russian Federation - GRDS-AS
IP 91.228.133.75
AS56878
Name Server: ns3.cnmsn.com | ns4.cnmsn.com
Registrant/Email Registrant: Eric Krowsz/EricK@hotmail.com
Registrant/Email Registrant: Donald Efristing/denf@hotmail.com
Code: [Select]
hxxp://shoping-cards.com/cfg/bss.bin      md5sum ===> 57aa88c282d78f4a599f149e17491cb0
hxxp://inspector-gadgets.com/cfg/bss.bin  md5sum ===> 57aa88c282d78f4a599f149e17491cb0
hxxp://ownership-online.com/cfg/bss.bin   md5sum ===> 57aa88c282d78f4a599f149e17491cb0
hxxp://91.221.98.31/531-01.exe            md5sum ===> c6b2ea802a8fe22ebe3904d34dd75db1
related:
Code: [Select]
hxxp://tindsator.com/404.php?type=stats&affid=531&subid=01&awokhttp://www.virustotal.com/file-scan/report.html?id=9f3e0a7d1930e09279b73eebd4b4e39780a4018f25e1c8f29218be45f16bf9bc-1318688760
VT 8/43 (18.6%)

October 16, 2011, 03:40:03 pm
Reply #301

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
IP Location: Russian Federation - Lomonosov - Cjsc Masterhost
IP 90.156.201.63
IP 90.156.201.106
[fe.shared.masterhost.ru]
AS25532
Name Server: ns.masterhost.ru | ns1.masterhost.ru | ns2.masterhost.ru
Registrant/Email Registrant: Private Person/yakovdima@gmail.com
Code: [Select]
hxxp://www.relax-tropicana.ru/modules/mod_stats/tmpl/im.exe  md5sum ===> 8adc5e35f4e2dc15e22156322cc7eb4b
hxxp://relax-tropicana.ru/modules/mod_stats/tmpl/im.exe      md5sum ===> 8adc5e35f4e2dc15e22156322cc7eb4b

October 17, 2011, 07:57:10 pm
Reply #302

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
related with:
Code: [Select]
hxxp://gorycup.ru/search/newfile11.bin
IP Location: Indonesia - ARDH-AS-ID   
IP 124.158.158.135
AS24197
Name Server: ns1.idclient.net | ns2.idclient.net
Registrant/Email Registrant: Data Sarana Nusantara/tatang.mulyana@gmail.com
Code: [Select]
hxxp://bursamobkas.com/us.bin         md5sum ===> 86ae7f11f444d437e0269eaa71fa9009
IP Location: China - China-Network-Communications-Group 
IP 218.24.113.3
AS4837
Name Server: ns1.acorngroupinc.com | ns1.acorngroupinc.com
Registrant/Email Registrant: Private Person/built@ppmail.ru
Code: [Select]
hxxp://weaktrash.ru/search/dontlook.exe         md5sum ===> adf6f6346ba1f432d8f792745233f71dhttp://www.virustotal.com/file-scan/report.html?id=defe7dbcf714989a9553326bd332c6688d0541eb427c6efdd5f7af34d51f54cf-1318880099
VT 8/42 (19.0%)


IP Location: China - China-Network-Communications-Group 
IP 218.24.113.3
AS4837
Name Server: ns1.acorngroupinc.com | ns2.acorngroupinc.com
Registrant/Email Registrant: Private Person/java@free-id.ru
Code: [Select]
hxxp://papertulip.ru/search/USA/updatenew.php

October 19, 2011, 11:11:18 am
Reply #303

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
202.199.160.107
41.189.229.65
82.210.157.9
60.19.30.131
Registrant/Email Registrant: Private Person/steelcinetecs@free-id.ru
Code: [Select]
hxxp://steelcinetecs.ru/pla/folsk.php

Code: [Select]
hxxp://papertulip.ru/search/jeremy16.php

October 20, 2011, 07:33:37 am
Reply #304

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
Code: [Select]
hxxp://193.169.218.210/logo/config.php
hxxp://193.169.218.210/main.php

October 21, 2011, 05:49:38 pm
Reply #305

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
Code: [Select]
hxxp://tampusa.com/mb/l/ist.dat  md5sum ===> 11dbd5c7f2d826b374feeb3a34b29f26

October 23, 2011, 11:29:31 am
Reply #306

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
Code: [Select]
hxxp://brentnallfg.com/zh.exe             md5sum ===> 8de257e7ac6d71c74ca0f4be31417a19
hxxp://financialactivson.com/zh.exe       md5sum ===> 8de257e7ac6d71c74ca0f4be31417a19
http://www.virustotal.com/file-scan/report.html?id=464371b6f2cd03f2e3d304f72c5533856ceacb32424fd689d441ac8bd0aaf1a6-1319368480
VT 9/40 (22.5%)

Code: [Select]
hxxp://gorycup.ru/search/foryou0.bin           md5sum ===> aa8ae2063e92e7b81a479969bafd480b
hxxp://weaktrash.ru/search/foryou0.bin         md5sum ===> aa8ae2063e92e7b81a479969bafd480b
hxxp://papertulip.ru/search/foryou0.bin        md5sum ===> aa8ae2063e92e7b81a479969bafd480b
hxxp://gorycup.ru/search/dontlook.exe          md5sum ===> 48d2ef8b511f645e73ee7d65a5e39830
hxxp://papertulip.ru/search/dontlook.exe       md5sum ===> 48d2ef8b511f645e73ee7d65a5e39830
http://www.virustotal.com/file-scan/report.html?id=406ce57991dfa4be954340b0e1b8d02f4973a795277723a0180c55eb9020edf8-1319371348
VT 23/43 (53.5%)

October 24, 2011, 06:35:24 pm
Reply #307

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
New md5sum:

Code: [Select]
hxxp://gorycup.ru/search/newcalc.exe             md5sum ===> c60a3292ac0701e066c1c0f414eb0770
hxxp://weaktrash.ru/search/newcalc.exe           md5sum ===> c60a3292ac0701e066c1c0f414eb0770
hxxp://papertulip.ru/search/newcalc.exe          md5sum ===> c60a3292ac0701e066c1c0f414eb0770
http://www.virustotal.com/file-scan/report.html?id=b90dd26a14956789c87d4779acc503467f35263df99c09defba0d84f322a5de0-1319480222
VT 9/43 (20.9%)

Code: [Select]
hxxp://gorycup.ru/search/dontlook.exe          md5sum ===> e8c92a7de613d358aa117a62b6807c07
hxxp://papertulip.ru/search/dontlook.exe       md5sum ===> e8c92a7de613d358aa117a62b6807c07
hxxp://weaktrash.ru/search/dontlook.exe        md5sum ===> e8c92a7de613d358aa117a62b6807c07
http://www.virustotal.com/file-scan/report.html?id=5fb0633ee4a80d32bc9e6f341f4f789def62431a6daa82f88b754db821c70877-1319480239
VT 3/43 (7.0%)

October 25, 2011, 05:11:29 am
Reply #308

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
IP Location: Turkey - Coskunoz_Holding-ASN
IP 62.244.243.13
[www.copa.com.tr]
AS39253
Name Server: ns1.getinmo.net | ns2.getinmo.net
Registrant/Email Registrant: Private Person/softmarkets@ppmail.ru
Code: [Select]
hxxp://softmarkets.ru/adminochka/serv/forum/incom/winxpsp_ver209221.msi                 md5sum ===> ae6014727d8da464b2b304374192eb13
hxxp://softmarkets.ru/adminochka/serv/forum/incom/winxpsp_ver209221.exe                 md5sum ===> 34f6340c75c96d5e1737957eea47d763
hxxp://softmarkets.ru/adminochka/serv/message.php
http://www.virustotal.com/file-scan/report.html?id=764f3ebda63c0721cc6740633c6e7ea2cbcafc12d4ad8c1dd3c5c33507c883aa-1319519028
VT 15/43 (34.9%)

October 25, 2011, 07:21:04 pm
Reply #309

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
Code: [Select]
hxxp://wholenutrients.org/us.bin           md5sum ===> aa8ae2063e92e7b81a479969bafd480brelated md5sum 764b578d085e1af5ff40ffb804b200a4

October 29, 2011, 05:45:38 am
Reply #310

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
New md5sum:
IP Location: Romania - UPC Broadband
IP 95.77.9.210
AS6830
Name Server: ns.1maimare.ro | ns.2maimare.ro
Registrant/Email Registrant: Elefterescu Andrei/andrei_alex_andrei@yahoo.com
Code: [Select]
hxxp://1maimare.ro/.backups/movies/mediaplayer.exe                 md5sum ===> 6a52972d8f07ea14fe89c8648295f85ahttp://www.virustotal.com/file-scan/report.html?id=49d3d15626e2ac2f35c8de44b4a9404a785a5aa221bf56757e174486fda61a7d-1319866097
VT 4/43 (9.3%)

October 30, 2011, 11:14:10 pm
Reply #311

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
Another WampServer:
Code: [Select]
hxxp:/188.219.154.228/ISAPI22460012100/get_adobeFlash.exe                 md5sum ===> 177e77d48bdf6424eaf0bbbff2905236http://www.virustotal.com/file-scan/report.html?id=17ba640966b85410537423f2cee7ad3f80be7a53fdbf2916c6b4a4792a61ced6-1320015575
VT 32/43 (74.4%)

November 04, 2011, 07:23:39 am
Reply #312

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
Code: [Select]
ftwtogether.ru.         214     IN      A       60.19.30.135
ftwtogether.ru.         214     IN      A       218.24.113.3
ftwtogether.ru.         214     IN      A       121.124.111.7
ftwtogether.ru.         214     IN      A       69.4.116.110
ftwtogether.ru.         214     IN      A       205.185.117.149

Code: [Select]
hxxp://ftwtogether.ru/zh.exe                 md5sum ===> 8b7d61bbee9adeb54f6a00f1b8a224b0
http://ftwtogether.ru/report.php
http://www.virustotal.com/file-scan/report.html?id=d259dc4d995ee7fc4e0c617f188a3ccee95b6867b97738d5c85c0a99f18055c5-1320390283
VT 23/43 (53.5%)

November 04, 2011, 03:29:31 pm
Reply #313

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
Code: [Select]
hxxp://softmarkets.ru/adminochka/serv/forum/incom/winxpsp_ver209221.msi                 md5sum ===> 8da8438fcf57266490eb025abb049934
hxxp://softmarkets.ru/adminochka/serv/forum/incom/winxpsp_ver209221.exe                 md5sum ===> c25724fdec65d41e987acf60c8894829
http://www.virustotal.com/file-scan/report.html?id=3dafd37d7439ad23742d8cad1ddeaba6ac6d80f4ce3860ee66692b9dc37ddeab-1320412596
VT 21/43 (48.8%)

November 08, 2011, 12:02:51 am
Reply #314

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
IP Location: China - China-Network-Communications-Group
IP 60.19.30.135
AS4837
Name Server: ns2.advisorhirings.org | ns1.advisorhirings.org
Registrant/Email Registrant: PrivacyProtect.org/contact@privacyprotect.org
Code: [Select]
hxxp://veerpalace.biz/pic.gif              md5sum ===> 221a5598a4a3d700c987663b4d67ff86
hxxp://veerpalace.biz/update.exe           md5sum ===> 232250c8f5f2da31e3c468ce8327ca8f
hxxp://veerpalace.biz/opaopa.php
http://www.virustotal.com/file-scan/report.html?id=b203f61ce9214a52b4bcfa695813a0289a8377f8b9edf96b9abfea3d804b1111-1320709638
VT 3/42 (7.1%)