Author Topic: Few unsorted...  (Read 10650 times)

0 Members and 1 Guest are viewing this topic.

October 30, 2007, 01:08:50 am
Read 10650 times

sowhat-x

  • Guest
...few more unsorted,some pseudo-extensions here as well...

Quote
hxxp://60.190.222.235/window.cab
hxxp://60.190.222.235/ww/nick.js
hxxp://bzx.cn/ooo.hta
hxxp://flyget.8800.org/ah.c
hxxp://flyget.8800.org/svcos.exe
hxxp://hotbb.cn/kdh.rar
hxxp://iebar.t2t2.com/iebar.cab
hxxp://o1.o1wy.com/kyo/usa.vbs
hxxp://pi.51.net/download/diybar2.cab
hxxp://update2.borlander.cn/cup/wincup.cab
hxxp://www.dudpoe.cn/1710.rar
hxxp://www.medclub.com.tw/share/pisacard.gif
hxxp://www.tutohm.org.cn/1710.rar
hxxp://www.yhuyet.org.cn/1710.rar
hxxp://xx.522love.cn/html/bg.cab

November 01, 2007, 09:07:13 pm
Reply #1

JohnC

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1964
These will be in the list soon thank you :)

January 19, 2008, 10:32:16 am
Reply #2

sowhat-x

  • Guest
Quote
Excellent topic title.
Rotfl...yeah,certainly...especially when followed with the hundreds of links you've submitted...
excellent sense of humour I would say!  :D

January 23, 2008, 11:54:15 am
Reply #3

sowhat-x

  • Guest
Quote
hxxp://60.190.118.15/new/1.exe
hxxp://60.190.118.15/new/2.exe
hxxp://60.190.118.31/new/3.exe
hxxp://60.190.118.31/new/4.exe
hxxp://60.190.118.71/new/5.exe
hxxp://60.190.118.50/new/6.exe
hxxp://74.222.132.178/new/7.exe
hxxp://60.190.118.50/new/8.exe
hxxp://60.190.118.50/new/9.exe
hxxp://60.190.118.50/new/10.exe
hxxp://60.190.118.182/new/11.exe
hxxp://60.190.118.182/new/13.exe
hxxp://60.190.118.203/new/14.exe
hxxp://60.190.118.71/new/15.exe
hxxp://60.190.118.203/new/16.exe
hxxp://74.222.132.186/new/17.exe
hxxp://74.222.132.186/new/18.exe
hxxp://74.222.132.186/new/19.exe
hxxp://74.222.132.186/new/20.exe
hxxp://74.222.132.186/new/21.exe
hxxp://74.222.132.186/new/22.exe
hxxp://74.222.132.178/new/23.exe
hxxp://74.222.132.178/new/24.exe
hxxp://74.222.132.178/new/25.exe
hxxp://74.222.132.178/new/26.exe
hxxp://74.222.132.178/new/27.exe
hxxp://74.222.132.178/new/28.exe
hxxp://74.222.132.178/new/29.exe
hxxp://74.222.132.178/new/30.exe
hxxp://74.222.132.178/new/31.exe
hxxp://74.222.132.178/new/32.exe
hxxp://74.222.132.178/new/33.exe

Almost all of them Upacked...next one is most probably a 'friend' of the above...

Quote
hxxp://60.190.118.151/a1.exe
hxxp://60.190.118.151/a2.exe
hxxp://60.190.118.151/a3.exe
hxxp://60.190.118.151/a5.exe
hxxp://60.190.118.151/a6.exe
hxxp://60.190.118.151/a8.exe
hxxp://60.190.118.151/a9.exe
hxxp://60.190.118.151/a10.exe
hxxp://60.190.118.151/a11.exe
hxxp://60.190.118.151/a12.exe
hxxp://60.190.118.151/a13.exe
hxxp://60.190.118.151/a14.exe
hxxp://60.190.118.151/a15.exe
hxxp://60.190.118.151/a16.exe
hxxp://60.190.118.151/a17.exe
hxxp://60.190.118.151/a18.exe
hxxp://60.190.118.151/a19.exe
hxxp://60.190.118.151/a21.exe
hxxp://60.190.118.151/a22.exe
hxxp://60.190.118.151/a23.exe
hxxp://60.190.118.151/a24.exe

January 23, 2008, 12:09:49 pm
Reply #4

sowhat-x

  • Guest
Quote
hxxp://www.0fish.cn/2.exe
Packed with MEW - detected by almost all AVs as "Small.tf" or so...

January 23, 2008, 12:47:18 pm
Reply #5

JohnC

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1964
These will be added soon.

January 24, 2008, 01:48:12 pm
Reply #6

andrewmccain

  • Newbie

  • Offline
  • *

  • 7
Have several more boatloads but wonder if public view of this particular section of the forum is warranted?

I think this should be public. If we censor information, what do we learn from that?

January 25, 2008, 11:40:55 am
Reply #7

sowhat-x

  • Guest
Quote
Have several more boatloads but wonder if public view of this particular section of the forum is warranted?
I also agree 100% with andrewmccain...and I vote for: "Few unsorted - Part 2!"  :)

February 16, 2008, 07:30:23 am
Reply #8

bobby

  • Special Members
  • Hero Member

  • Offline
  • *

  • 322
    • Malzilla
Open folder:
Quote
hxxp://pousadarecantonatureza.com.br/fotos/new/

February 27, 2008, 08:41:22 pm
Reply #9

tjs

  • Special Members
  • Sr. Member

  • Offline
  • *

  • 248
Some live malware URLs from Dancho Danchev's blog:

Quote
buytraffic.cn/in.cgi?11 - 62.149.18.34
sclgntfy.com/ent2763.htm - 85.255.118.12
tds-service.net/in.cgi?20 - 72.233.50.148
spywareisolator.com/landing/?wmid=sga - 72.233.50.150
warinmyarms.com/check/upd.php?t=670 - 58.65.239.114
coripastares.com/in.php?adv=1267&val=3ee328 - 202.83.197.239
xanjan.cn/in.cgi?mikh - 78.109.22.246
chportal.cn/top/count.php?o=4 - 203.117.111.102
buhaterafe.com/in.php?adv=1208&val=65286d - 202.83.197.239
193.109.163.179/exp/count.php
193.109.163.179/exp/getexe.php
78.109.22.242/mikh/1.html
78.109.22.242/sh.html

TJS

February 27, 2008, 10:56:29 pm
Reply #10

JohnC

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1964
Thanks for these, they will be added soon.

February 29, 2008, 09:57:17 pm
Reply #11

tjs

  • Special Members
  • Sr. Member

  • Offline
  • *

  • 248
FYI:

from lamodano.info/tim_data/modules/version.txt:

Quote
lamodano.info/tim_data/modules/oc2.exe
lamodano.info/tim_data/modules/mega.exe
lamodano.info/tim_data/modules/hr3.exe

TJS

March 01, 2008, 05:09:44 pm
Reply #12

JohnC

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1964
Thank you.