Author Topic: SpyEye C&C &files  (Read 39674 times)

0 Members and 1 Guest are viewing this topic.

July 05, 2010, 08:24:08 am
Read 39674 times

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
IP Location: Canada  - NETEL-ARIN-BLK04 - NETELLIGENT Hosting Services Inc.
AS10929
Code: [Select]
hxxp://68.71.51.162/admin/bin/config.binmd5sum ===> a0d20632a82f87ef296bf512843b8cf7
SHA256 ===>  299b12f5c6e9613892f7afd8c3f6429c25999b4f0aae7ffe6f1b5a7f838ef4c4
Code: [Select]
hxxp://68.71.51.162/admin/bin/limited.exemd5sum ===> 8fd47a5210d42224d1f4e177adc819a6
SHA256 ===>  fd2cac4f6fa11bd42b93eea9e5004f5fb8c6f96f5b2d42249583cb1409a8f697
http://www.virustotal.com/es/analisis/fd2cac4f6fa11bd42b93eea9e5004f5fb8c6f96f5b2d42249583cb1409a8f697-1278315236
VT 3/41 (7.32%)
Code: [Select]
hxxp://68.71.51.162/admin/gate.php
IP Location: Russian Federation  - NEVAL - TELENETSIA-AS Telenet SIA
IP 91.212.198.180
AS24589
Registrant/Registrant Email: Artem Belkin/hironakamuraeye@gmail.com
Code: [Select]
hxxp://cpucardioholder.com/warrior/bin/build.exemd5sum ===> 0d2bb2aee263ebf1d0ffed66aaf8cb8d
SHA256 ===>  4d167222d25f307fa1bf8c6f42a2daa5c833355c292d0d62187592cc19072164
http://www.virustotal.com/es/analisis/4d167222d25f307fa1bf8c6f42a2daa5c833355c292d0d62187592cc19072164-1278315442
VT 11/41 (26.83%)
Code: [Select]
hxxp://cpucardioholder.com/warrior/bin/outback.exemd5sum ===> 7d30619f84b00347404462729b1ba235
SHA256 ===>  0195e1aa3127f30523cd4bbed0b2b054090b78330722e95ae82bc5a40f5b3a65
http://www.virustotal.com/es/analisis/0195e1aa3127f30523cd4bbed0b2b054090b78330722e95ae82bc5a40f5b3a65-1278315625
VT 7/41 (17.08%)
Code: [Select]
hxxp://cpucardioholder.com/warrior/bin/outlook.exemd5sum ===> ee6f4473e3704e4e2b4564668b1edef5
SHA256 ===>  46c4740b701213c1b27fece35d02cf8a9e200ac14661d7c196c535febca7577b
http://www.virustotal.com/es/analisis/46c4740b701213c1b27fece35d02cf8a9e200ac14661d7c196c535febca7577b-1278315846
VT 9/40 (22.5%)
Code: [Select]
hxxp://cpucardioholder.com/warrior/bin/upload/nomixed.exemd5sum ===> 75a2e24420bb92125ff32e3354ad6c46
SHA256 ===>  481cc3b344cee60924d706019deb13b432a51a31b342cf8df034a8cc91334866
http://www.virustotal.com/es/analisis/481cc3b344cee60924d706019deb13b432a51a31b342cf8df034a8cc91334866-1278316140
VT 17/41 (41.47%)
Code: [Select]
hxxp://cpucardioholder.com/warrior/bin/upload/nomixed2.exemd5sum ===> 491e8f143c1f54bcb457915dabff504e
SHA256 ===>  f0df68e7c001380ec6842905b126b91908e8d7618989a53900f47abb12719fae
http://www.virustotal.com/es/analisis/f0df68e7c001380ec6842905b126b91908e8d7618989a53900f47abb12719fae-1278316383
VT 14/41 (34.15%)
Code: [Select]
hxxp://cpucardioholder.com/warrior/bin/upload/mixed.exemd5sum ===> 80f24344e0424cc345a62d2ea6d7c353
SHA256 ===>  cd0d00960f3488d0fa3f04274758dd91c5869d46b888022d8ceec5c62bc59749
http://www.virustotal.com/es/analisis/cd0d00960f3488d0fa3f04274758dd91c5869d46b888022d8ceec5c62bc59749-1278316492
VT 23/41 (56.1%)
Code: [Select]
hxxp://cpucardioholder.com/warrior/bin/upload/mixed2.exemd5sum ===> d6a6432ae0ea1de2f216ad8bcfe81aa1
SHA256 ===>  3c8324705799ef0f33efd97f314fb1d61c78b6b8d1b75bdf88f701ea5a622ba7
http://www.virustotal.com/es/analisis/3c8324705799ef0f33efd97f314fb1d61c78b6b8d1b75bdf88f701ea5a622ba7-1278316622
VT 22/41 (53.66%)
Code: [Select]
hxxp://cpucardioholder.com/warrior/bin/upload/update060610.exemd5sum ===> 0e8756a7e7f1cc3e43e129f475ee89ef
SHA256 ===>  093852a0560bd2d0a0278347ed79247c929f4ce82528e2620a79f05ec5b42686
http://www.virustotal.com/es/analisis/093852a0560bd2d0a0278347ed79247c929f4ce82528e2620a79f05ec5b42686-1278316744
VT 2/41 (4.88%)
Code: [Select]
hxxp://cpucardioholder.com/warrior/gate.php
IP Location: China - CHINANET-BJ-METRO BeijingTelecom
IP 113.11.194.137
AS4847
Registrant/Registrant Email: Peter Pitkin/pparkst@yahoo.com
Code: [Select]
hxxp://peosoe.com/spa/mn/bin/cfg.bin
Code: [Select]
hxxp://peosoe.com/spa/mn/bin/config.binmd5sum ===> 58ecf7c87760cd2bae8ed0fb2a5cd12c
SHA256 ===>  a9caad5cb4926d88ec94c432ecbcae22770e75d11c78974b19f1bfd7df823c08
Code: [Select]
hxxp://peosoe.com/spa/mn/bin/build.exemd5sum ===> 60a72cc7992f896d4ea004b91bf400aa
SHA256 ===>  ccaf35873d614a4bb15c59ddcef582474529caddd0c1198ad76e33fda0037358
http://www.virustotal.com/es/analisis/ccaf35873d614a4bb15c59ddcef582474529caddd0c1198ad76e33fda0037358-1278316985
VT 22/41 (53.66%)
Code: [Select]
hxxp://peosoe.com/spa/mn/gate.php
IP Location: Ukraine  - Pe Volovik Elena Sergiyvna
IP 193.105.174.48
AS196954
Registrant/Registrant Email: Miroslaw Rutkowski/vikingg1981@gmail.com
Code: [Select]
hxxp://abrakodabra12345.com/sp3a/gate.php
Code: [Select]
hxxp://eu-analytics.com/sp4a/bin/config.binmd5sum ===> adc1ec5e84c0d651a3b5fe30ee1f4339
SHA256 ===>  baaf99f8cfb868dc2c15c46610d9b8f82c0583750884bfc0b266ea2186daa735
Code: [Select]
hxxp://eu-analytics.com/sp4a/bin/2_ns4.exe.crypted.exemd5sum ===> 4fa5bd5e2b1bd86e7d4d3a738527308e
SHA256 ===>  5ca47e1f7840838b172616dab7918b488a07c045790f7542e8993ca5667d711c
http://www.virustotal.com/es/analisis/5ca47e1f7840838b172616dab7918b488a07c045790f7542e8993ca5667d711c-1278317233
VT 14/41 (34.15%)
Code: [Select]
hxxp://eu-analytics.com/sp4a/space.php


July 07, 2010, 09:42:54 am
Reply #1

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
IP Location: Netherlands - CUSTOMERPANEL-BLK-217-23-0-0 - WorldStream
IP 217.23.7.182
AS49981
Registrant/Registrant Email: Dale Fitting/dale@coundnes.com
Code: [Select]
hxxp://coundnes.com/cache/bin/config.binmd5sum ===> c1f99256947a1bde8ba1dba752304f48
SHA256 ===>  d291a7639f907ca6f3e083bc08d141f88c27d3988d749f5209886c3a570b20dc
Code: [Select]
hxxp://coundnes.com/cache/bin/build.exemd5sum ===> 929e28700c607cb71a188a1811e2de0b
SHA256 ===>  51f01c1f688d6d032dde73bbaa2169b9376e9122b9547f84da99dfed0565dd6f
http://www.virustotal.com/es/analisis/51f01c1f688d6d032dde73bbaa2169b9376e9122b9547f84da99dfed0565dd6f-1278494315
VT 8/41 (19.52%)
Code: [Select]
hxxp://coundnes.com/cache/gate.php
IP Location: Netherlands  - CUSTOMERPANEL-BLK-217-23-0-0 - WorldStream
IP 217.23.7.182
AS49981
Registrant/Registrant Email: Cornelia Foster/dns@managna.com
Code: [Select]
hxxp://managna.com/cache/bin/config.binmd5sum ===> c1f99256947a1bde8ba1dba752304f48
SHA256 ===>  d291a7639f907ca6f3e083bc08d141f88c27d3988d749f5209886c3a570b20dc
Code: [Select]
hxxp://managna.com/cache/bin/build.exemd5sum ===> 929e28700c607cb71a188a1811e2de0b
SHA256 ===>  51f01c1f688d6d032dde73bbaa2169b9376e9122b9547f84da99dfed0565dd6f
http://www.virustotal.com/es/analisis/51f01c1f688d6d032dde73bbaa2169b9376e9122b9547f84da99dfed0565dd6f-1278494315
VT 8/41 (19.52%)
Code: [Select]
hxxp://managna.com/cache/gate.php
Code: [Select]
hxxp://eu-analytics.com/sp4a/bin/1_sp4a_new.exe.crypted.exemd5sum ===> c92ba6ce203e4ff492c22ed6ae9044e4
SHA256 ===>  2f285d081cccd903b943d8b59ba1e0c5260dca985ed42e38078d7ee41a87c02f
http://www.virustotal.com/es/analisis/2f285d081cccd903b943d8b59ba1e0c5260dca985ed42e38078d7ee41a87c02f-1278394299
VT 33/41 (80.49%)

July 08, 2010, 07:15:35 pm
Reply #2

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
IP Location: United States  - Comcast Cable Communications, Inc. - FDCSERVERS AS for FDC Servers
IP 76.73.100.10
AS30058
Registrant/Registrant Email: sun qiang/81285588@163.com
Code: [Select]
hxxp://silajopa.com/tpsa/swen/trais.exe
hxxp://perejopa.com/tpsa/swen/trais.exe
md5sum ===> 3e62e0307d29dae196e7d408a3ac5303
SHA256 ===>  2a513ea62f7fa990126805bfb411a3735746dd82b723ebe8cfcc2aa03ba7b1ba
http://www.virustotal.com/es/analisis/2a513ea62f7fa990126805bfb411a3735746dd82b723ebe8cfcc2aa03ba7b1ba-1278579988
VT 8/41 (19.52%)
Code: [Select]
hxxp://silajopa.com/tpsa/swar/f2.exe
hxxp://perejopa.com/tpsa/swar/f2.exe
md5sum ===> 812aae1e74301e557a5b6e6446b6d936
SHA256 ===>  2085422864106be1f65a9867c9b956a8e9917bb577b2f74ed9bcdd6f6b974a55
http://www.virustotal.com/es/analisis/2085422864106be1f65a9867c9b956a8e9917bb577b2f74ed9bcdd6f6b974a55-1278580254
VT 6/41 (14.64%)
Code: [Select]
hxxp://silajopa.com/tpsa/gate/data.phprelated:
Code: [Select]
hxxp://76.73.100.10/

July 13, 2010, 03:42:15 pm
Reply #3

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
IP Location: Russian Federation  - VLine Telecom Block Moscow - VLTELECOM-AS
IP 109.196.134.49
AS39150
Registrant/Registrant Email: Denis Osipov/admin@nerukabbcompany.com
Code: [Select]
hxxp://nerukabbcompany.com/fgdhfgvcryegf/bin/config.binmd5sum ===> 7eb23f2cc64d2331704e1a3adaa4a000
SHA256 ===>  af53066e52277f8adcf310dbf74d496b9115aa9e2acf6d351e6dc18111b4f167
Code: [Select]
hxxp://nerukabbcompany.com/fgdhfgvcryegf/bin/build.exe.crypted.exemd5sum ===> 5964e3b648f805106f7d289c275e6478
SHA256 ===>  d0a9555c9fa150e5f07f0a643deff73dbf96f7219d4c18aaad7129213ffb014a
http://www.virustotal.com/es/analisis/d0a9555c9fa150e5f07f0a643deff73dbf96f7219d4c18aaad7129213ffb014a-1279034553
VT 18/42 (42.86%)
Code: [Select]
hxxp://nerukabbcompany.com/fgdhfgvcryegf/bin/build_cry.exemd5sum ===> adf5f0c510260c48f05b2f85874821c2
SHA256 ===>  b8fdb71ad797b39529853527058b9e83150bb92f04775851fca039414a61c00c
http://www.virustotal.com/es/analisis/b8fdb71ad797b39529853527058b9e83150bb92f04775851fca039414a61c00c-1279034926
VT 19/42 (45.24%)
Code: [Select]
hxxp://nerukabbcompany.comfgdhfgvcryegf/gate.php

July 13, 2010, 08:23:09 pm
Reply #4

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
Code: [Select]
[code]hxxp://peosoe.com/spa/mn/bin/tess.exemd5sum ===> 42df0e42a8269f513d8fb7f25d9eabe7
SHA256 ===>  efd7ceaa3da72defc647d5631a359db01a9172b91f8022532cf4ab629f2a7e33
http://www.virustotal.com/es/analisis/efd7ceaa3da72defc647d5631a359db01a9172b91f8022532cf4ab629f2a7e33-1279050731
VT 7/41 (16.67%)

Code: [Select]
hxxp://217.23.7.21/cache/bin/config.binmd5sum ===> 91a8eb4939c5afcb5ca878e9a65bf650
SHA256 ===>  29a053b6090705419ffa5c9d90701ae06efa10193c3515daca27914ce80fdb0d
Code: [Select]
hxxp://217.23.7.21/cache/bin/build.exemd5sum ===> 622f8d6d65aa9dd019070c247cdebb6e
SHA256 ===>  cd31a4d636e5ced7d93bea2a484cfa788738a20896a57050f4003f729374154c
http://www.virustotal.com/es/analisis/cd31a4d636e5ced7d93bea2a484cfa788738a20896a57050f4003f729374154c-1279052050
VT 16/42 (38.1%)
[url]http://217.23.7.21/cache/gate.php[/code]

July 16, 2010, 07:29:12 am
Reply #5

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
IP Location: Russian Federation  - ISPsystem-RU - ISPSYSTEM-AS ISPsystem Autonomous System
IP 82.146.60.19
[ritarkon.fvds.ru]
AS29182
Code: [Select]
hxxp://spys.fvds.ru/admink/bin/config.binmd5sum ===> dd8151c211a39ea8668266baeb720bad
SHA256 ===>  4ba0ae91e7cb397e2865651313fcaff1f4686288f9ee52a1b0869491a9803cbb
Code: [Select]
hxxp://spys.fvds.ru/admink/bin/build.exemd5sum ===> 9aa97f0b7ea203dcddad5e4015d2ecfe
SHA256 ===>  5a405d9b531df198ca10243629cfca0286795a786bb15a2ed3ce9ea9ae15d574
http://www.virustotal.com/es/analisis/5a405d9b531df198ca10243629cfca0286795a786bb15a2ed3ce9ea9ae15d574-1279263125
VT 22/42 (52.39%)
Code: [Select]
hxxp://spys.fvds.ru/admink/gate.php

July 24, 2010, 07:11:09 pm
Reply #6

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
IP Location:  Russian Federation - NEVAL - NEVAL PE Nevedomskiy Alexey Alexeevich
IP 91.212.198.60
AS49314
Registrant/Registrant Email: Artem Belkin/hironakamuraeye@gmail.com
Code: [Select]
hxxp://wardefer.com/warrior/bin/mih.exemd5sum ===> e19a3ee2f2dd73993265f45037876475
http://www.virustotal.com/es/analisis/75ef2cb14efacf51b0fb45f55778c4c9e3e92cab7bce5dd393a5eee1873ff073-1279994111
VT 2/42 (4.77%)
Code: [Select]
hxxp://wardefer.com/warrior/bin/outcast.exemd5sum ===> 42dbf8a268334936a6297eb638e175de
http://www.virustotal.com/es/analisis/cdeca9222733e6c90f758146da88c66ce25bf94c168ead4cd5e9c53b9dd04c67-1279994264
VT 15/42 (35.72%)
Code: [Select]
hxxp://wardefer.com/warrior/bin/outpost.exemd5sum ===> bb720867a1800e6f9cb5f8f0cd10c746
http://www.virustotal.com/es/analisis/d3b91745a9a053cc00115133fb438133fc12913d5b12b837017ce80cdd7c70f0-1279994335
VT 3/42 (7.15%)

Code: [Select]
hxxp://wardefer.com/warrior/bin/upload/Hiro.exemd5sum ===> 63368d609c1e62f1e4deeade5eb0140b
http://www.virustotal.com/es/analisis/4848a0d94f427f2c2dac8c24f30f7bfeffc8e20f1dda6a55642959f89b562453-1279994510
VT 18/42 (42.86%)

Code: [Select]
hxxp://wardefer.com/warrior/bin/upload/Hiro1.exemd5sum ===> 4097fcd673779aa65a41c12ba1495a88
http://www.virustotal.com/es/analisis/a218fec270b65d7966eaa0414c48846019e391d57a32c9627d7359290fca0549-1279994624
VT 21/42 (50%)
Code: [Select]
hxxp://wardefer.com/warrior/bin/upload/Hiro12.exemd5sum ===> adea4413512a5015f2f1fc77ddfc55ab
http://www.virustotal.com/es/analisis/d6a5951768f43e74303a4fbbb2da50a160521bf954d3b7b99bfec46044e99e35-1279994844
VT 20/42 (47.62%)
Code: [Select]
hxxp://wardefer.com/warrior/bin/upload/setup2201.exe
hxxp://wardefer.com/warrior/bin/upload/setup22012.exe
hxxp://wardefer.com/warrior/bin/upload/setup2201234.exe
md5sum ===> 30d6e1d6746eb1877dbbf1ff7c5343b1
http://www.virustotal.com/analisis/fc498af2a519e56d1968bcd5490fa290f17038a366d147e8afce591437e2ad35-1279994884
VT 19/42 (45.24%)
Code: [Select]
hxxp://wardefer.com/warrior/bin/upload/setup2211.exe
hxxp://wardefer.com/warrior/bin/upload/setup221123.exe
md5sum ===> 9f8d2f870b0f35cc3400a95d188b624b
http://www.virustotal.com/es/analisis/cd430edc072bc83267ecb94973480f741fa8ad92be1848f3ef93839694ec8a6d-1279995458
VT 19/42 (45.24%)
Code: [Select]
hxxp://wardefer.com/warrior/bin/upload/setup22112.exemd5sum ===> 543bfab41657e7d724ab37f51b13c5dc
http://www.virustotal.com/es/analisis/1eae7cade29ee08f6ca5ffecf3ca03ebb3edacabf24d17f1793ac21d9234bc8c-1279995657
VT 25/42 (59.53%)
Code: [Select]
hxxp://wardefer.com/warrior/bin/upload/setup220123.exemd5sum ===> dfa43b1200bc911e854e5977506b9d6d
http://www.virustotal.com/es/analisis/fe0b048b73bbf13e54490b13ebf1af6d9a3f5b010ada14c8aee0ba0edf62b179-1279995720
VT 26/42 (61.91%)
Code: [Select]
hxxp://wardefer.com/warrior/bin/upload/rp.php




IP Location: Colombia - NEWWORLDNETWORK
IP 190.242.65.134
AS23520
Registrant/Registrant Email: Whoisprotection.cc/reg_883388@whoisprotection.cc
Code: [Select]
hxxp://secure-checking.com/admmm/bin/config.binmd5sum ===> fdda11475bdbcf80f57d22e46045f34c
Code: [Select]
hxxp://secure-checking.com/admmm/bin/build.exemd5sum ===> 556a74b813ffdfb9a3c0db849d1dbdb6
http://www.virustotal.com/es/analisis/25676e68dd3a3579e850a95421a0609b6f81e5863cbba5defbed4bb0ff32110f-1279283850
VT 15/42 (35.72%)



IP Location: Ukraine  - Pe Volovik Elena Sergiyvna
IP 193.105.174.29
AS196954
Registrant Email: admin@acidsource.com
Code: [Select]
hxxp://acidsource.com/cp/bin/config.binmd5sum ===> ec272ecb2448f6855826a6c3fa98d4d5
Code: [Select]
hxxp://acidsource.com/cp/gate.php

Code: [Select]
hxxp://peosoe.com/spa/mn/big/upss.binmd5sum ===> 7910eff0b47c4e4368e40ab4682f81d2

July 27, 2010, 07:55:52 pm
Reply #7

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
IP Location: Moldova - Najada route - INTERACTIVE3D-AS
IP 91.216.122.102
AS49544
Registrant/Registrant Email: John Smith/transfers-auth@wnames.co.uk
Code: [Select]
hxxp://googlemaps3.com/google/bin/config.binmd5sum ===> cd349a12e942edf8a1092ef9c6f1e2c6
Code: [Select]
hxxp://googlemaps3.com/google/bin/build.exemd5sum ===> bb0b0042f0fa212354f1b147e2d3bbce
http://www.virustotal.com/es/analisis/fd5b1ab7d76871245a4e11f86da9cc58daac91701062b18a37fa0deb42c3f4c7-1280259859
VT 2/42 (4.77%)
Code: [Select]
hxxp://googlemaps3.com/google/gate.php

July 27, 2010, 08:51:30 pm
Reply #8

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
IP Location: Germany - HETZNER-RZ-NBG-BLK5 - HETZNER-AS
IP 78.46.104.41
[www18.subdomain.com]
AS24940
Code: [Select]
hxxp://kaspersky.server.tl/wp-content/plugins/download-monitor/download.php?id=1downloads ====> Patch.exe
md5sum ===> 1aadc8f2820e4fe6c5e66a10c9eac1ee
http://www.virustotal.com/es/analisis/51f57f6aa0f784230374aed00fc5a0fc9f8180d40ae5451fd3be8ab0171c575b-1280262799
VT 33/42 (78.58%)
related:
Code: [Select]
hxxp://project.kilu.info/content/

July 28, 2010, 07:39:13 am
Reply #9

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
IP Location: Germany - HETZNER-RZ-NBG-BLK5 - HETZNER-AS Hetzner Online AG RZ
IP 78.46.49.34
AS24940
Registrant/Registrant Email: Katrin Koenig/info@katrinkoenig.com
Code: [Select]
hxxp://katrinkoenig.com/awstats/awstat.exemd5sum ===> d83d99c01040f7d05f46f0365df163ba
http://www.virustotal.com/es/analisis/bfea9cfae12c37b36bafb315499d00ac6a4293eaa689a08438d81e0426aac957-1280300420
VT 2/42 (4.77%)
related:
Code: [Select]
hxxp://113.11.194.173/eye/main/gate.php

July 28, 2010, 07:50:36 pm
Reply #10

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
IP Location: Germany - HETZNER-RZ-NBG-BLK5 - HETZNER-AS Hetzner Online AG RZ
IP 78.46.49.34
AS24940
Registrant/Registrant Email: Katrin Koenig/info@katrinkoenig.com
Code: [Select]
hxxp://katrinkoenig.com/awstats/awstat.exemd5sum ===> d83d99c01040f7d05f46f0365df163ba
http://www.virustotal.com/es/analisis/bfea9cfae12c37b36bafb315499d00ac6a4293eaa689a08438d81e0426aac957-1280300420
VT 2/42 (4.77%)

Sorry: is a false positive:
Die Datei 'awstat.exe' wurde als 'FALSE POSITIVE' eingestuft. In particular this means that this file is not malicious but a false alarm. Das Erkennungsmuster wird mit einem der nächsten Updates der Virendefinitionsdatei (VDF) entfernt werden. (From Avira Lab Response)

July 29, 2010, 08:36:07 am
Reply #11

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
Code: [Select]
hxxp://acidsource.com/cp/bin/_mon.exemd5sum ===> 54d199ccdca78d4d45bd1e82bf524888
http://www.virustotal.com/es/analisis/0d0be58c65922a232f017ace7a2fe31422629a079953f1ee5d4a933cc96d7906-1280391690
VT 2/42 (16.67%)

July 29, 2010, 02:34:25 pm
Reply #12

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
IP Location: Russian Federation - NEVAL - NEVAL PE Nevedomskiy Alexey Alexeevich
IP 91.212.198.61
AS49314
Registrant/Registrant Email: Artem Belkin/hironakamuraeye@gmail.com
Code: [Select]
hxxp://countfrom1970.com/warrior/bin/upload/setup2201234.exe
hxxp://countfrom1970.com/warrior/bin/upload/Hiro.exe
hxxp://countfrom1970.com/warrior/bin/upload/Hiro1.exe
hxxp://countfrom1970.com/warrior/bin/upload/Hiro12.exe
hxxp://countfrom1970.com/warrior/bin/upload/setup220.exe
hxxp://countfrom1970.com/warrior/bin/upload/setup221.exe
hxxp://countfrom1970.com/warrior/bin/upload/setup2201.exe
hxxp://countfrom1970.com/warrior/bin/upload/setup2211.exe
hxxp://countfrom1970.com/warrior/bin/upload/setup22012.exe
hxxp://countfrom1970.com/warrior/bin/upload/setup22112.exe
hxxp://countfrom1970.com/warrior/bin/upload/setup220123.exe
hxxp://countfrom1970.com/warrior/bin/upload/setup221123.exe
hxxp://countfrom1970.com/warrior/bin/upload/setup2201234.exe
hxxp://countfrom1970.com/warrior/bin/upload/setup2211234.exe
hxxp://countfrom1970.com/warrior/bin/upload/setup22012345.exe
hxxp://countfrom1970.com/warrior/bin/upload/setup22112345.exe
hxxp://countfrom1970.com/warrior/bin/upload/setup220123456.exe
hxxp://countfrom1970.com/warrior/bin/upload/setup221123456.exe
hxxp://countfrom1970.com/warrior/bin/upload/setup2201234567.exe
hxxp://countfrom1970.com/warrior/bin/upload/setup2211234567.exe
hxxp://countfrom1970.com/warrior/bin/upload/setup22012345678.exe
hxxp://countfrom1970.com/warrior/bin/upload/setup22112345678.exe
hxxp://countfrom1970.com/warrior/bin/upload/setup2211234567891011.exe
hxxp://countfrom1970.com/warrior/bin/upload/setup220123456789101112.exe
hxxp://countfrom1970.com/warrior/bin/upload/setup22012345678910111213.exe
hxxp://countfrom1970.com/warrior/bin/upload/setup2201234567891011121314.exe
hxxp://countfrom1970.com/warrior/bin/ieupdate.exe
hxxp://countfrom1970.com/warrior/bin/mih.exe
hxxp://countfrom1970.com/warrior/bin/msnworks.exe
hxxp://countfrom1970.com/warrior/bin/newarc.exe
hxxp://countfrom1970.com/warrior/bin/outcast.exe
hxxp://countfrom1970.com/warrior/bin/outpost.exe
hxxp://countfrom1970.com/warrior/bin/outv.exe
hxxp://countfrom1970.com/warrior/bin/psp1204b.exe

July 29, 2010, 06:49:08 pm
Reply #13

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
IP Location: Germany - NETDIRECT AS NETDIRECT
IP 89.149.202.109
AS28753
Registrant/Registrant Email: Derrick Grimes/ddgrimes@earthlink.net
Code: [Select]
hxxp://worlddatahouse.com/eyjedai123/bin/config.binmd5sum ===> 53effacca661a9de98a0922517951edb
Code: [Select]
hxxp://worlddatahouse.com/eyjedai123/bin/build.exemd5sum ===> 4241f18c62261544d50ad8b1855d2caf
http://www.virustotal.com/es/analisis/7685c380f7385f638355d0a79228f9e84e222be4c49e62888b38813a01a2b8fd-1280428357
VT 8/42 (19.05%)
Code: [Select]
hxxp://worlddatahouse.com/eyjedai123/gate.php
Code: [Select]
hxxp://worlddatahouse.com/eyjedai123/bin/upload/rapport.exemd5sum ===> ae20e2a9d83628c6e5107537c6e37955
http://www.virustotal.com/es/analisis/6533408a8ed01b07d61a4e41e1aafc2056d92a64ec591fcb37f335e1b4b17eb2-1280428605
VT 9/42 (21.43%)

Code: [Select]
hxxp://77.78.240.162/spye/bin/config.binmd5sum ===> 71f597e50fc623aa4d4a74714ecec073

July 30, 2010, 04:22:41 pm
Reply #14

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
IP Location: United States - WHOLESALEINTERNET-3
AS32097
Code: [Select]
hxxp://204.12.243.187/main/bin/config.binmd5sum ===> e5fb5166ff2cf8caae6adfe795baaecf
Code: [Select]
hxxp://204.12.243.187/main/gate.phprelated:
Code: [Select]
hxxp://sockslist.fraudcrew.com/proxy/proxy2005.dllmd5sum ===> fbf1e72706b40552e0405356d6ee425a
http://www.virustotal.com/es/analisis/eb9080e963ac55b388fe3b3de6d2af8eb07b2d3f8804a56c575ecefa66a39a6a-1280505728
VT 20/42 (47.62%)