Malware Domain List

Malware Related => Malicious Domains => Gaztransitstroyinfo => Topic started by: Malware-Web-Threats on May 22, 2009, 10:15:50 pm

Title: 91.212.41.236
Post by: Malware-Web-Threats on May 22, 2009, 10:15:50 pm
can also be downloaded using the IP
Code: [Select]
hxxp://91.212.41.236/PCAntiMalwareScannerSetup.exe
http://www.malwaredomainlist.com/mdl.php?search=91.212.41.236&colsearch=All&quantity=50 (http://www.malwaredomainlist.com/mdl.php?search=91.212.41.236&colsearch=All&quantity=50)

with exploits on 91.212.41.102:
redirects:
Code: [Select]
hxxp://cacbuhub.cn/pa.html
hxxp://hotxasib.cn/su/in.cgi?18
Wepawet (http://wepawet.iseclab.org/view.php?hash=ef4ca2e2f34aea5e7c86ce5046724144&t=1242885288&type=js)

exploits:
Code: [Select]
hxxp://kiskecaq.cn/pages/index.php
Anubis (http://anubis.iseclab.org/?action=result&task_id=133ffd663fcf8fa94cdbe48effae9e761&format=html)

call
Quote
From ANUBIS:1042 to 91.212.41.236:80 - [91.212.41.236] 
Request: GET /download/?aff_id=6015&wm_id=0&v=19&s=m 
Response: 302 "Found" 
Request: GET /PCAntiMalwareScannerSetup.exe 
Response: 200 "OK" 

call
Quote
From ANUBIS:1034 to 91.212.41.102:80 - [kiskecaq.cn] 
Request: GET /pages/index.php 
Response: 200 "OK" 
Request: GET /pages/load.php?id=0 
Response: 200 "OK"
VirusTotal (http://www.virustotal.com/analisis/94f3d2aa917f12675a0346d983eb5298b3d3fe8860dc990f6781ff7a253201cf-1243027647) - 7/40 (17.50%)

calls from load.exe:
Quote
From ANUBIS:1033 to 91.212.41.29:80 - [91.212.41.29] 
Request: GET /l2.php?aff_id=6015 
Response: 302 "Found" 
Request: GET /m2/m.dll 
Response: 200 "OK" 
Request: POST /log19.php 
Response: 200 "OK" 
Request: GET /start.php?aff_id=6015&wm_id=0&v=19&s=m 
Response: 200 "OK" 
VirusTotal (http://www.virustotal.com/analisis/b4076e19b6d62dd424a44ccfa7fcef0f615abfdc323911bd46b32f6a4857fc08-1243029413) - 7/37 (18.92%)