Author Topic: MS08-021 / igloofamily.com  (Read 3330 times)

0 Members and 1 Guest are viewing this topic.

April 16, 2008, 02:48:34 pm
Read 3330 times

pcaccent

  • Special Access
  • Sr. Member

  • Offline
  • *

  • 190
yesterday(04.15. 2008 /  08:03:34 AM / GMT+9), I was downloaded three files.
and now, Unfortunately three links didn't work.

Quote
hxxp://igloofamily.com/word.gif
hxxp://igloofamily.com/word2.gif
hxxp://amrc.com.tw/css/sbc/sbc.exe

Quote
http://www.symantec.com/business/security_response/writeup.jsp?docid=2008-041101-3634-99


I think that there is three different file.
work.gif(MD5 : 4ab57cd9eeddae0ce4746b2249636c2b)
work2.gif(MD5 : ad8a29c0e69de10112ed21ad1ef79a6f)
sbc.exe(MD5 : eca91cb10b82f3aa8439fb2a49add97b)


April 16, 2008, 04:33:38 pm
Reply #1

Orac

  • Special Members
  • Hero Member

  • Offline
  • *

  • 723
    • malwareremoval.com
Both the files word.gif and word2.gif from igloofamily.com are 404 Not Found

VirusTotal scan of sbc.exe
Quote
AhnLab-V3 2008.4.15.1 2008.04.16 -
AntiVir 7.6.0.85 2008.04.16 -
Authentium 4.93.8 2008.04.16 -
Avast 4.8.1169.0 2008.04.16 -
AVG 7.5.0.516 2008.04.16 -
BitDefender 7.2 2008.04.16 -
CAT-QuickHeal 9.50 2008.04.16 -
ClamAV 0.92.1 2008.04.16 -
DrWeb 4.44.0.09170 2008.04.16 -
eSafe 7.0.15.0 2008.04.16 -
eTrust-Vet 31.3.5703 2008.04.16 -
Ewido 4.0 2008.04.16 -
F-Prot 4.4.2.54 2008.04.15 -
F-Secure 6.70.13260.0 2008.04.16 -
FileAdvisor 1 2008.04.16 -
Fortinet 3.14.0.0 2008.04.16 -
Ikarus T3.1.1.26.0 2008.04.16 -
Kaspersky 7.0.0.125 2008.04.16 -
McAfee 5275 2008.04.16 -
Microsoft 1.3408 2008.04.14 -
NOD32v2 3031 2008.04.16 -
Norman 5.80.02 2008.04.16 -
Panda 9.0.0.4 2008.04.16 -
Prevx1 V2 2008.04.16 -
Rising 20.40.22.00 2008.04.16 -
Sophos 4.28.0 2008.04.16 -
Sunbelt 3.0.1041.0 2008.04.12 -
Symantec 10 2008.04.16 -
TheHacker 6.2.92.280 2008.04.16 -
VBA32 3.12.6.4 2008.04.16 -
VirusBuster 4.3.26:9 2008.04.16 -
Webwasher-Gateway 6.6.2 2008.04.16 -

Additional information
File size: 7617 bytes
MD5...: e3bd9c1909223a5a7efad829b306700a
SHA1..: 9257e20de4b806bc0f5b18689ac15233aa49abdf
SHA256: 367fe4c64ae34693ab8af8466e805cdb790de920b80223065dd797cea60a493c
SHA512: 043362b49103f83b5045ba375045d50d3f3319e301eeff341e75c589dff8422a
1c5894fe597ebb7590bb33909fda010d783216e2e7c310c731384e955c2cc6ae
PEiD..: -
PEInfo: -

These results DO NOT guarantee the harmlessness of the file.
Malware analysised using clarified analyzer to record and document how malware behaves in a networking environment