Author Topic: obfuscated script  (Read 3697 times)

0 Members and 1 Guest are viewing this topic.

January 07, 2009, 11:15:23 am
Read 3697 times

SysAdMini

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 3335
Code: [Select]
http://nathangann.com/
contains an obfuscated script with the url

Code: [Select]
http://regedintheclub.info/srt/go.php?sid=1?w3cPU
It is another obfuscated script which downloads a pdf file from

Code: [Select]
http://regedintheclub.info/spluy/pdf.php?id=88451
shellcode destination is :
Code: [Select]
http://regedintheclub.info/spluy/load.php?id=3&8451&spl=2
downloads load.exe

http://www.virustotal.com/analisis/b0329de9aa5f5be1a1d3da8893fc2e04

Ruining the bad guy's day

January 07, 2009, 02:42:24 pm
Reply #1

Kayrac

  • Guest
your VT link is broken, fairly good detection though :)

File Info

Report generated: 7.1.2009 at 15.40.42 (GMT 1)
Filename: load.exe
File size: 38 KB
MD5 Hash: 2CE6D5CDC49BC6046D3CAD2032C12199
SHA1 Hash: A0B465E06337DE93756552A4D1E62A3B6B92842A
Packer detected: UPX 0.89.6 - 1.02 / 1.05 - 1.24 -> Markus & Laszlo
Self-Extract Archive: Nothing found
Binder Detector:  Nothing found
Detection rate: 16 on 24

Detections

a-squared - Backdoor.Win32.Haxdoor!IK
Avira AntiVir - TR/Crypt.XPACK.Gen
Avast - Win32:Rootkit-gen [Rtk]
AVG - Win32/Heur
BitDefender - Trojan.Generic.982676
ClamAV - Nothing found!
Comodo - Nothing found! 
Dr.Web - Trojan.PWS.GoldSpy.2495
Ewido - Nothing found!
F-PROT 6 - W32/Trojan2.FJKL
G DATA - Trojan-Spy.Win32.Goldun.bkq   A
IkarusT3 - Backdoor.Win32.Haxdoor
Kaspersky - Trojan-Spy.Win32.Goldun.bkq
McAfee - BackDoor-BAC.gen trojan  
MHR (Malware Hash Registry) - Nothing found!
NOD32 v3 - Win32/Spy.Goldun.NDP 
Norman - Trojan W32/Smalltroj.JUFR
Panda - Nothing found!
Quick Heal - TrojanSpy.Goldun.bkq
Solo Antivirus - Nothing found!
Sophos - Mal/EncPk-CZ
TrendMicro - Nothing found!
VBA32 - Malware-Cryptor.Win32.General.2   
Virus Buster - Nothing found!

Scan report generated by 
NoVirusThanks.org



http://camas.comodo.com/cgi-bin/submit?file=f833b14291bffb77e93b88f5119c4d914d989e3d2f4281ebfdac95882c69ba0c