Simply New

« previous next »

Print

Pages: [1] 2 3 Go Down

Author Topic: Simply New (Read 48184 times)

0 Members and 1 Guest are viewing this topic.

April 23, 2012, 09:44:50 am

Read 48184 times

GaryDee

Sr. Member
Offline
248

Simply New

http://www.ares.com.es/down.php
Adware.Downware.178

https://www.virustotal.com/url/732fd8916dee6a468b5c0fcb412b943ec0a1abfb20f95030e88ee7fc662cdb77/analysis/1335173711/
https://www.virustotal.com/file/8bbf62f0c7ea7f14f114a62b8ad6e13e5ebff4c64b7ed11c55869fa518ceab57/analysis/1335173713/
http://128.111.48.236/view.php?hash=c4039bdf20ae421b04eb96a4f70ba9ed&t=1335173723&type=js
http://anubis.iseclab.org/?action=result&task_id=1d030f21979bf99f41908a77b8f834127

Logged

April 23, 2012, 08:29:04 pm

Reply #1

GaryDee

Sr. Member
Offline
248

Re: Simply New

With Reports like this:

http://anubis.iseclab.org/?action=result&task_id=1b38d421dbd84aae415bd76891ec22e55&format=html

or

http://anubis.iseclab.org/?action=result&task_id=16b6d923b5fff08e4610bb10ff44d7c11&format=html

these possibly could be brandnew...you can find it at

http://www.xunsourj.com/bdtghelper.rar
It includes: (See Screenshot)

Some References:

https://www.virustotal.com/file/3d85774607569a5f1eb242d3ac6cc08eaa939aab36c40117def1645f0e2d9272/analysis/1335182563/
https://www.virustotal.com/file/49261be7f20c9d9dfd1ff35d71e9f3b1b7de17f65581c67beed43d933f1eb85c/analysis/1335180349/
https://www.virustotal.com/file/ff7a37653770ac171e3898c9f5b7a33c08baa6ed71bc578a3e02640179a17484/analysis/1335179753/

So, to be assured that its MW, see:

https://www.virustotal.com/file/dbeceadf49a2e2a33af612d08938cd78951eea7038e09952c032bd70dd25a1f4/analysis/1335213223/

Trojan-Dropper.Win32.Clons!IK
Generic.dx!vvc
TrojanDropper.Clons.abv

1.jpg (170.18 kB, 1600x860 - viewed 2060 times.)

Logged

April 24, 2012, 11:13:48 am

Reply #2

GaryDee

Sr. Member
Offline
248

Re: Simply New

Domains with the possible MW-Package bdtghelper.rar:

http://www.xunsourj.com/bdtghelper.rar

http://www.baijinzhushou.com/
http://www.bdjingjia.com/
http://www.jingjia888.com/
http://www.jingjiasem.com/
http://www.semjingjia.com/
http://www.semruanjian.com/

Domains with the possible MW-Package vzz0506.rar:

http://www.vzzsoft.cn/vzz0506.rar

http://www.08195.com/
http://www.xmsem.com/

Logged

April 25, 2012, 03:03:47 pm

Reply #3

GaryDee

Sr. Member
Offline
248

Re: Simply New

http://www.myschoner.de/cgi-bin/links/verweis.cgi?ID=497
Trojan/Dropper.Viruce.c

https://www.virustotal.com/file/88d498ed0b4d974ab08242bd92eac2a97581c8f6d8849664956cc0bb0f8d8dd4/analysis/1335364891/

Logged

April 26, 2012, 11:48:44 am

Reply #4

GaryDee

Sr. Member
Offline
248

Re: Simply New

http://www.gedhtree.com/download/ght280.exe
Trojan/PSW.HyvBrowse.a

https://www.virustotal.com/file/e158fd3ac085943406e368ec201ce82204122dbff07143f031d098eb1c0b68be/analysis/1335440634/
http://128.111.48.236/view.php?hash=003f0c656a316680c20aba176acf47af&t=1335441158&type=js
http://anubis.iseclab.org/?action=result&task_id=15e5aa994b0cbad1461c5b583f686da92

Logged

April 26, 2012, 01:34:48 pm

Reply #5

EP_X0FF

Guest

Re: Simply New

Quote from: GaryDee on April 26, 2012, 11:48:44 am

Code: [Select]
http://www.gedhtree.com/download/ght280.exe
Trojan/PSW.HyvBrowse.a

https://www.virustotal.com/file/e158fd3ac085943406e368ec201ce82204122dbff07143f031d098eb1c0b68be/analysis/1335440634/
http://128.111.48.236/view.php?hash=003f0c656a316680c20aba176acf47af&t=1335441158&type=js
http://anubis.iseclab.org/?action=result&task_id=15e5aa994b0cbad1461c5b583f686da92

This is false positive due to UPX. Here is the same without UPX
https://www.virustotal.com/file/a7ef873b417c55c88bacdd517ef857003a7b9f9d97dd385bfa1edad2161e96ab/analysis/1335447008/

Quote

GedHTree is a program for Windows 95 through XP, Vista and Windows 7 users that processes GEDCOM files to generate output pages in HTML format.

Logged

April 26, 2012, 01:51:01 pm

Reply #6

EP_X0FF

Guest

Re: Simply New

Quote from: GaryDee on April 25, 2012, 03:03:47 pm

Code: [Select]
http://www.myschoner.de/cgi-bin/links/verweis.cgi?ID=497
Trojan/Dropper.Viruce.c

https://www.virustotal.com/file/88d498ed0b4d974ab08242bd92eac2a97581c8f6d8849664956cc0bb0f8d8dd4/analysis/1335364891/

Same FP. It is Alfa 147 Cup screensaver.

Logged

April 26, 2012, 01:53:13 pm

Reply #7

dlipman

Special Access
Full Member
Offline
61

Re: Simply New

The MAJORITY of what GaryDee posts are False Positives!

Logged

April 27, 2012, 03:43:56 pm

Reply #8

GaryDee

Sr. Member
Offline
248

Re: Simply New

http://www.editorandauthor.com/
Suspicious (PHISHING)

http://128.111.48.236/view.php?type=js&hash=a232c71b90692bcac478fe9e2cfbe73f&t=1335540465

http://128.111.48.236/domain.php?hash=a232c71b90692bcac478fe9e2cfbe73f&type=js

Links to:

http://ads.getthebar.com/ (Known by McAfee as a former Phishing-Site)

http://www.linkscout.com/
http://www.mywot.com/en/scorecard/linkscout.com

http://www.UnmaskParasites.com/security-report/?page=www.editorandauthor.com

See also:
http://www.sitetruth.com/fcgi/ratingdetails.fcgi?url=www.editorandauthor.com&details=true

Logged

April 27, 2012, 04:55:42 pm

Reply #9

GaryDee

Sr. Member
Offline
248

Re: Simply New

http://www.freeflashbuilder.com/
Additional (potential) malware:

http://www.freeflashbuilder.com/sitebuilder/usercontent&userurl1=http://www.free flashbuilder.com/sites&userid=index&subdomain=

http://128.111.48.236/view.php?hash=e04319a4febfbd6c8c62d0b290622c00&t=1335545136&type=js

Logged

April 27, 2012, 07:32:15 pm

Reply #10

GaryDee

Sr. Member
Offline
248

Re: Simply New

Site

http://www.nopaypoker.com/
appears to be good,

http://www.mywot.com/en/scorecard/nopaypoker.com

but:

Additional (potential) malware found:

http://www.nopaypoker.com/nopaypoker.exe
See:
http://128.111.48.236/view.php?hash=d0480f43e34cbc5a6d79d27482215b7e&t=1335554148&type=js
&
http://anubis.iseclab.org/?action=result&task_id=16fb9383d4a076ed469c973fdd98d6402&format=html

Also:

1 HIDDEN Link:

http://www.UnmaskParasites.com/security-report/?page=www.nopaypoker.com/UserSection/StaticPages/General/download.aspx

Logged

April 28, 2012, 09:33:34 am

Reply #11

GaryDee

Sr. Member
Offline
248

Re: Simply New

http://game.qplay.vn/getfile.jspx?ver=3&type=1&id=85
Trojan-SMS!IK

https://www.virustotal.com/url/7f3dae83c74bc04c279ee6b3fb3097c719d9903ac16179c08192522e6f9ea99f/analysis/1335604824/
https://www.virustotal.com/file/81a7f6633b96fc25145e61925be20f4cf1f289afee6796be9c722ba86dc53052/analysis/1335604836/

Logged

April 28, 2012, 11:13:01 am

Reply #12

GaryDee

Sr. Member
Offline
248

Re: Simply New

http://game.qplay.vn/getfile.jspx?ver=1&type=1&id=67
Trojan-SMS!IK
Riskware:Java/SmsSend.Gen!A
Trojan-SMS

https://www.virustotal.com/url/765b0baf4f218bbe5177db30c56e6c73fcf791cc29a9bcd480c8920173fbb88b/analysis/1335607751/
https://www.virustotal.com/file/1a82b511f308dedfb8571865e2c5731ac822c5c8ea8109eb2f332ed403d8e5eb/analysis/1335607756/

http://game.qplay.vn/getfile.jspx?ver=1&type=1&id=62
Riskware:Java/SmsSend.Gen!A

https://www.virustotal.com/url/a4f2b7ade59ce686adff6998fc534e1b18a01a5d0099750f73a68bfe2b141571/analysis/1335608042/
https://www.virustotal.com/file/1312016b03e4e3550a5a0b5cb72b5ada0395b3da77281849b62cb90637de61c6/analysis/1335608050/

http://game.qplay.vn/getfile.jspx?ver=1&type=1&id=59
Riskware:Java/SmsSend.Gen!A

https://www.virustotal.com/url/fa2e772aa34ffbb9b1911720a63159aaaad7c8462b758f2ff928eba1081942a8/analysis/1335608100/
https://www.virustotal.com/file/49ab705f50e510ea239ad3d7bdda4fd2c8abd531b15a74d62260313678cfba9f/analysis/1335608107/

http://game.qplay.vn/getfile.jspx?ver=1&type=1&id=49
Trojan-SMS!IK
Riskware:Java/SmsSend.Gen!A
Trojan-SMS

https://www.virustotal.com/url/5ac6189838fa282378f1daaee9c748a35f6773796910e82eeea98aa70de55ae4/analysis/1335608177/
https://www.virustotal.com/file/a07d7b10ab04e5519c60e035b1c5e38ff6f249b4edea05ed9df3009db71e3e0f/analysis/1335608184/

http://game.qplay.vn/getfile.jspx?ver=1&type=1&id=105
Java.SMSSend.780
Riskware:Java/SmsSend.Gen!A

https://www.virustotal.com/url/adf8d9da5351a565dc0391052dd0e3a9a1445ec9430358918df1e8ce872836d6/analysis/1335608683/
https://www.virustotal.com/file/52dbe9f4c9a04dd1aaf0d1ab8399c6a55df4addd1e25650ae26d661aa667402d/analysis/1335608689/

http://game.qplay.vn/getfile.jspx?ver=1&type=1&id=43
Trojan-SMS!IK
Riskware:Java/SmsSend.Gen!A
Trojan-SMS

https://www.virustotal.com/url/849dc5bb7700d79b33d80ba6840d337d719d49f70269b2b5380f8fd7fb875556/analysis/1335608731/
https://www.virustotal.com/file/4003594889f00f7b16455a2b78e51813e284b7d080610dedbbca85a264ad37d8/analysis/1335608737/

http://game.qplay.vn/getfile.jspx?ver=1&type=1&id=57
Riskware:Java/SmsSend.Gen!A

https://www.virustotal.com/url/04803e20c501d9ce5db261f90db34026b44b056b049bfbe12409581c48701d77/analysis/1335608852/
https://www.virustotal.com/file/1036d68dc0c6a1dafedb7c2887978edfe40c25252e6ab158192005bcfc5cf4f4/analysis/1335608861/

http://game.qplay.vn/getfile.jspx?ver=1&type=1&id=87
Trojan-SMS!IK
Trojan-SMS

https://www.virustotal.com/url/2249dc977700002b4d1abd484bcbef22d8896b2b010e2bd6e9e7508e3610aa0c/analysis/1335608997/
https://www.virustotal.com/file/72542f3054cdc94917fa1b4c930680ee2bed6cd4462a95fc2ba0bd2531d6915c/analysis/1335609005/

http://game.qplay.vn/getfile.jspx?ver=1&type=1&id=47
Riskware:Java/SmsSend.Gen!A

https://www.virustotal.com/url/21e576fe8456a5b4300139411248d422e1b060e79c0461a9c8ec0f9c08f66be7/analysis/1335609086/
https://www.virustotal.com/file/fdb2f423f08de84621f003978b57a99e1ab294d2d44803fbf0765f68c762aa4e/analysis/1335609091/

http://game.qplay.vn/getfile.jspx?ver=1&type=1&id=99
Riskware:Java/SmsSend.Gen!A

https://www.virustotal.com/url/7084f5276e86acf70452e55c20601f993e9fe1c01f999b77649c0def3f9fb70f/analysis/1335609409/
https://www.virustotal.com/file/0a6679be05a66f81d892c6151387030a99d93034f0e5996280c48cf66778460a/analysis/1335609415/

http://game.qplay.vn/getfile.jspx?ver=1&type=1&id=46
Trojan-SMS!IK
Riskware:Java/SmsSend.Gen!A
Trojan-SMS

https://www.virustotal.com/url/540848b8653824359c31122c51ce34bde2269cdcc396598958a4aeed27e341e4/analysis/1335609528/
https://www.virustotal.com/file/f09711aaaa7495a89a12aa479f5d564e9436b6e9e2dd3bd9a04504c0b9edbad9/analysis/1335609533/

http://game.qplay.vn/getfile.jspx?ver=1&type=1&id=104
Riskware:Java/SmsSend.Gen!A

https://www.virustotal.com/file/c9e9d2de2a1bfff205c202a67d4001dc348eb3365f00f2943092dd176888493c/analysis/1335609850/

http://game.qplay.vn/getfile.jspx?ver=1&type=1&id=101
Riskware:Java/SmsSend.Gen!A

https://www.virustotal.com/file/931c476c3a5a4bb97e4eb18cda863b8969cecd28a712da69e436eaebf107807f/analysis/1335609936/

http://game.qplay.vn/getfile.jspx?ver=1&type=1&id=64
Riskware:Java/SmsSend.Gen!A

https://www.virustotal.com/file/7802558764ad041f08cb8c07377b23b07f0917ef1fd76c2c17b91d4bac491a71/analysis/1335610005/

http://game.qplay.vn/getfile.jspx?ver=1&type=1&id=69
Trojan-SMS!IK
Riskware:Java/SmsSend.Gen!A
Trojan-SMS

https://www.virustotal.com/file/92b9835b1d7b0841cbf98553625c06ffcd718c22261cc88350aa894621c84ba7/analysis/1335610032/

http://game.qplay.vn/getfile.jspx?ver=1&type=1&id=48
Riskware:Java/SmsSend.Gen!A

https://www.virustotal.com/file/f17431cbb05f7dfe15cbd3009bb71f1957aaa09cb9c868268fe8b0de056cb7ec/analysis/1335610244/

http://game.qplay.vn/getfile.jspx?ver=1&type=1&id=52
Riskware:Java/SmsSend.Gen!A

https://www.virustotal.com/file/5ed45d726baef5c10b018a5a0ef73146f9c25292d48f90a886a1ff74f3ec9808/analysis/1335610260/

http://game.qplay.vn/getfile.jspx?ver=1&type=1&id=58
Riskware:Java/SmsSend.Gen!A

https://www.virustotal.com/file/9983a8f34dd2aaeabfcb8637ec952ec0ec2f18938fecfe78254867ae55d7c87d/analysis/1335610358/

http://game.qplay.vn/getfile.jspx?ver=1&type=1&id=63
Riskware:Java/SmsSend.Gen!A

https://www.virustotal.com/file/f1b6dbbe17bb6edbdddfbee726806b3d88e3277e2f8d364e3fccd5de072e81c7/analysis/1335610383/

http://game.qplay.vn/getfile.jspx?ver=1&type=1&id=68
Riskware:Java/SmsSend.Gen!A

https://www.virustotal.com/file/f88aad9e5b6a76598f7c0da76821d38284b1d8c4d49fb818a7e78628badb10b4/analysis/1335610478/

http://game.qplay.vn/getfile.jspx?ver=1&type=1&id=73
JAVA_JIFAKE.SMA

https://www.virustotal.com/file/91bbbbc6317c8cf43f734ffc91f3afa325fcd02c75ca1a8ec272ebfd0935f308/analysis/1335610722/

http://game.qplay.vn/getfile.jspx?ver=1&type=1&id=74
Riskware:Java/SmsSend.Gen!A

https://www.virustotal.com/file/2c2845aa2081b1f672fccdb7c6577b99bd4c6e3b30ede72571b01e0fbe9d905d/analysis/1335610870/

http://game.qplay.vn/getfile.jspx?ver=1&type=1&id=86
Riskware:Java/SmsSend.Gen!A

https://www.virustotal.com/file/d997fe22203d695cc2c9d913e72c8c58accd84cc7a8c6adcaa47c97b826abe81/analysis/1335610907/

http://game.qplay.vn/getfile.jspx?ver=1&type=1&id=50
Trojan-SMS!IK
Riskware:Java/SmsSend.Gen!A
Trojan-SMS

https://www.virustotal.com/file/c38876dd02d9eb9018b67d30ae10402d4ec234d6be74b57b6661235a4c979edc/analysis/1335611338/

http://game.qplay.vn/getfile.jspx?ver=1&type=1&id=77
Riskware:Java/SmsSend.Gen!A

https://www.virustotal.com/file/949b4869bb30f7ba602dadb7b201310313b9f3251b99cfbc9e8cd61ea19ada1c/analysis/1335611311/

Logged

April 30, 2012, 10:04:30 am

Reply #13

GaryDee

Sr. Member
Offline
248

Re: Simply New

http://www.bazagraphics.com/cms/css/sincronizar.exe
Trojan-Banker.Win32.Banbra.amvh
Trojan.Generic.6904328
TrojanSpy:Win32/Banker.ABU

https://www.virustotal.com/url/87baec2acb27b9015cb0704d231cfeb3729b3f4b132293aa69a097217d00330e/analysis/1335779612/
https://www.virustotal.com/url/5725219cae8cc66c581a67682f99c480c5b6b06fbec1a6dbf19209a842db30c4/analysis/1335779723/
https://www.virustotal.com/file/34b9bb5c758de56d62d84c5e9b2dd240fbd1e33f96a5ab739bcb2d53c11351e9/analysis/1335779725/
http://128.111.48.236/view.php?hash=0adf5838a3abfc8a861a9e9fb88b6de0&t=1335779884&type=js
http://anubis.iseclab.org/?action=result&task_id=16b5a941d5fa331e495c6a40f62fc7ad0

Logged

May 03, 2012, 10:51:16 am

Reply #14

GaryDee

Sr. Member
Offline
248

Re: Simply New

http://mybigtastybacon.my.ohost.de/
Hoax.JS.BadJoke.FlyWin.c

http://wepawet.iseclab.org/domain.php?hash=50aa7309c6462d2fb8ac7f1bb441aea7&type=js
http://vscan.novirusthanks.org/analysis/1d89438300cd9cd2a2608f939ef29cb7/aW5kZXg=/

Logged

Print

Pages: [1] 2 3 Go Up

« previous next »

SMF 2.0.19 | SMF © 2021, Simple Machines
Aqua Style by Diego Andrés
XHTML
RSS
WAP2

Page created in 0.101 seconds with 20 queries.