Malware Domain List

Malware Related => Malicious Domains => Zlkon.lv => Topic started by: SysAdMini on April 07, 2009, 08:49:26 pm

Title: hs.3-3.zlkon.lv -(94.247.3.3)
Post by: SysAdMini on April 07, 2009, 08:49:26 pm
Rogue
Code: [Select]
webwidesecurity.com/index.php?affid=09400
webwidesecurity.com/download.php?affid=00000
webwidesecurity.com/install/ws.zip
webwidesecurity.com/install/installpv.exe
Title: Re: hs.3-3.zlkon.lv -(94.247.3.3)
Post by: Malware-Web-Threats on April 15, 2009, 01:31:36 am
Another fake Antivirus

Code: [Select]
hxxp://greatonlinesecurityscan.com/
hxxp://greatonlinesecurityscan.com/hitin.php
hxxp://greatonlinesecurityscan.com/download.php
hxxp://greatonlinesecurityscan.com/install/installpv.exe
hxxp://greatonlinesecurityscan.com/install/ws.zip

VirusTotal for install.exe (http://www.virustotal.com/analisis/6cc7e0db530ad0322515f58315aa16f8) 13/40 (32.5%)
VirusTotal for installpv.exe (http://www.virustotal.com/analisis/b66bd731212048d09358c3da1bc9b4cd) 3/40 (7.5%)
VirusTotal for ws.exe (http://www.virustotal.com/analisis/d22da16d42ca580e8c92221ff49638f3) 10/40 (25%)

VirusTotal for av.exe (ws.zip) (http://www.virustotal.com/analisis/a56710028ccfff521a0c461799394739) 9/40 (22.5%)

Anubis report for install.exe (http://anubis.iseclab.org/?action=result&task_id=10ef8bdb983a52714dd858f6cc6ab498d&format=html)

Redirect to google after infection with these links

Code: [Select]
hxxp://greatonlinesecurityscan.com/in.php?url=5&affid=00000
hxxp://greatonlinesecurityscan.com/in.php?url=1&affid=00000
Title: Re: hs.3-3.zlkon.lv -(94.247.3.3)
Post by: Malware-Web-Threats on April 22, 2009, 11:12:02 am
Redirects:

Code: [Select]
hxxp://theonlinesecurity.com/in.php
hxxp://theonlinesecurity.com/hitin.php

Fake scanner page:

Code: [Select]
hxxp://theonlinesecurity.com/index.php
hxxp://theonlinesecurity.com/scan.php

Payloads:

Code: [Select]
hxxp://theonlinesecurity.com/download.php
hxxp://theonlinesecurity.com/install/installpv.exe
hxxp://theonlinesecurity.com/install/ws.zip

VirusTotal (http://www.virustotal.com/analisis/febc253ea7fe55c790f8fd8699219ef7) - 15/40 (37.5%)
VirusTotal (http://www.virustotal.com/analisis/6f3c48ee4c017553b1abe6b4125a64ad) - 10/40 (25%)
VirusTotal (http://www.virustotal.com/analisis/a6f77a04406fd416ba4fc57b1b29693a) - 13/40 (32.5%)