Malware Domain List

Malware Related => Malicious Domains => Zlkon.lv => Topic started by: sowhat-x on April 06, 2009, 01:43:50 am

Title: hs.2-123.zlkon.lv (94.247.2.123)
Post by: sowhat-x on April 06, 2009, 01:43:50 am

Quote

hxxp://94.247.2.123/ ---> fake av scan crap
hxxp://avscanonline.com//install/ ---> spawns the .exe...

Result: 0/40 (0%)...time to change that,and blacklist the scumbags' ip as well...
http://www.virustotal.com/analisis/2ca2556d4482792f7b99c979f20d4697

Title: Re: hs.2-123.zlkon.lv (94.247.2.123)
Post by: SysAdMini on April 10, 2009, 01:39:04 pm

Code: [Select]

94.247.2.123/Install.exehttp://virscan.org/report/de26f0b2fb5e9f06a71a9dab5d51989c.html 22/37

Title: Re: hs.2-123.zlkon.lv (94.247.2.123)
Post by: Malware-Web-Threats on April 26, 2009, 02:28:12 am

Fake scanner page:

Code: [Select]

hxxp://avscanonline.com/promo/?tid=fin&aid=run1

Fake AV:

Code: [Select]

hxxp://avscanonline.com/inst.php?tid=fin&aid=run1


Quote

File name: AV2009Setup.exe
File size: 162304 bytes
MD5: 7509d6f880ef598f969e8f2908a78eef

VirusTotal (http://www.virustotal.com/analisis/9993e11e4264b79feec2fc47ce15ed6b) - 4/40 (10%)
Anubis Report (http://anubis.iseclab.org/?action=result&task_id=17f54df89ae7e70c411fcaaaf83ab4152)

Quote

94.247.2.123:80 - [avscanonline.com] 
Request: GET /src.php 
Response: 200 "OK" 
Request: GET /install/zip.zip 
Response: 200 "OK" 

Quote

File name: zip.zip
File size: 162304 bytes
MD5: 7509d6f880ef598f969e8f2908a78eef

VirusTotal (http://www.virustotal.com/analisis/8230fa17783c8ca985e27e5a1aa787a9) - 0/39 (0.00%)

decompressed:

AV2009.exe
VirusTotal (http://www.virustotal.com/analisis/7cf14feea00519e47aff6cb652a1f505) - 0/40 (0%)

AV2009_Update.exe
VirusTotal (http://www.virustotal.com/analisis/3f897adc6c37fce93e27ab7af84e9a85) - 0/40 (0%)
Anubis Report (http://anubis.iseclab.org/?action=result&task_id=14f523509daef83046d073ebad4bc780a)

sysdata.sys
VirusTotal (http://www.virustotal.com/analisis/c8e3c9c3614899024e2f85e14d939002) - 0/40 (0%)

SysShield.exe
VirusTotal (http://www.virustotal.com/analisis/6b13339db1689388d5fc60183aac97b1) - 0/40 (0%)
Anubis Report (http://anubis.iseclab.org/?action=result&task_id=185fdb460c2ddc1f489cd4772e1e3138f)

Uninstall.exe
VirusTotal (http://www.virustotal.com/analisis/0e18c432b6528d14556ac6d4c36cb377) - 0/40 (0%)
Anubis Report (http://anubis.iseclab.org/?action=result&task_id=188d74561902f3ca4e9aaba84d294d086)

Support (Internet shortcut) - 94.247.2.191

Code: [Select]

hxxp://www.antivirus-protection.us/support