Malware Domain List

Malware Related => Malicious Domains => Eurohost LLC => Topic started by: SysAdMini on May 11, 2009, 10:25:57 am

Title: 91.212.65.148
Post by: SysAdMini on May 11, 2009, 10:25:57 am
pdf exploit
Code: [Select]
wollance.com/image/pfgt.phphttp://wepawet.cs.ucsb.edu/view.php?hash=1bddf10d6f2d7ea6af9d15d897312f34&type=js

downloads fake AV
Code: [Select]
wollance.com/image/qaze.phphttp://www.virustotal.com/analisis/929c06c8b1bc2b355a09a6198bd4ab6e 7/39


Title: 91.212.65.148
Post by: CkreM on May 26, 2009, 09:06:58 am
Exploit/trojan:
Code: [Select]
http://nuotoll.com/image/pfgt.phpwepawet gives error on this one but the PDF analyze work:
http://wepawet.iseclab.org/view.php?hash=7263485859f869eac110cf4178deea3c&type=js
leads to
Code: [Select]
http://nuotoll.com/image/qaze.phpwhich downloads in the end
Code: [Select]
http://nuotoll.com/image/install.exehttp://www.virustotal.com/analisis/12e04038d5392ff73ff8be1c78bba444f85ea3d2ec07ea3497629e93c8102d9e-1243327556

should start on
Code: [Select]
nuotoll.com/image/