Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Running a small test

Started by nosirrah, Jul 15 2012 10:09 PM

Prev

Please log in to reply

21 replies to this topic

#21 nosirrah

Forum Deity

Administrators
5,402 posts

Location:Northampton, MA USA

Posted 30 July 2012 - 04:17 PM

another update today, first the initial sample that is now 2 weeks obsolete

SHA256: e0dc4d79d2c5a5c2fb1d9107b1c5f817c589c195f1b8fbbcaa64847b73c3cc78
SHA1: a352cb3a4327634d599911ea3d9e095950b2371b
MD5: c4b357b6b09b35c6784319b5a27914e8
File size: 810.5 KB ( 829965 bytes )
File name: E:\Downloads\scandsk(309).exe
File type: Win32 EXE
Detection ratio: 32 / 41
Analysis date: 2012-07-30 21:13:24 UTC ( 0 minutes ago )

AhnLab-V3 Trojan/Win32.Inject 20120730
AntiVir DR/Delphi.Gen 20120730
Antiy-AVL Trojan/Win32.Inject.gen 20120727
Avast Win32:Trojan-gen 20120730
AVG Generic28.CGSU 20120730
BitDefender Trojan.Generic.KDV.673357 20120730
ByteHero - 20120723
CAT-QuickHeal Trojan.Inject.eigh 20120730
ClamAV - 20120730
Commtouch - 20120730
Comodo UnclassifiedMalware 20120730
DrWeb Trojan.Rodricter.8 20120730
Emsisoft Trojan.Win32.Inject!IK 20120730
eSafe - 20120730
ESET-NOD32 Win32/Simda.B 20120730
F-Prot - 20120730
F-Secure Trojan.Generic.KDV.673357 20120730
Fortinet W32/Inject.EIGH!tr 20120730
GData Trojan.Generic.KDV.673357 20120730
Ikarus Trojan.Win32.Inject 20120730
Jiangmin Trojan/Inject.aiya 20120730
K7AntiVirus - 20120730
Kaspersky Trojan.Win32.Inject.eigh 20120730
McAfee Generic BackDoor.abj 20120730
McAfee-GW-Edition Generic BackDoor.abj 20120730
Microsoft Backdoor:Win32/Simda.gen!E 20120730
Norman W32/Simda.AA 20120730
nProtect Trojan/W32.Agent.829965 20120730
Panda Trj/CI.A 20120730
Rising - 20120730
Sophos Mal/EncPk-ACI 20120730
SUPERAntiSpyware - 20120729
Symantec Trojan.Gen 20120730
TheHacker Trojan/Inject.eigh 20120730
TotalDefense - 20120730
TrendMicro TROJ_GEN.R47C1GS 20120730
TrendMicro-HouseCall TROJ_GEN.R47C1GS 20120730
VBA32 Trojan.Inject.eigh 20120730
VIPRE Trojan.Win32.Generic!BT 20120730
ViRobot Trojan.Win32.A.Inject.829965 20120730
VirusBuster Trojan.Inject!ehulIdEE6p4 20120730

First seen by VirusTotal
2012-07-16 02:32:08 UTC ( 2 weeks ago )
Last seen by VirusTotal
2012-07-30 21:10:05 UTC ( 3 minutes ago )

and now the newest mutation, detection has fallen even further for this well know trojan

SHA256: 096c9c6a3b4e901f6e619ddcbfa0ee8da0f03e858429d548f4888b7b24e9d9c9
SHA1: d0154ac745a6e36f3976204da49e36f10a8f2098
MD5: 26f0ceb8c46f371db417f43ffc73fe68
File size: 979.5 KB ( 1003021 bytes )
File name: E:\Downloads\scandsk(391).exe
File type: Win32 EXE
Detection ratio: 2 / 41
Analysis date: 2012-07-30 21:08:04 UTC ( 0 minutes ago )

AhnLab-V3 - 20120730
AntiVir - 20120730
Antiy-AVL - 20120727
Avast - 20120730
AVG - 20120730
BitDefender - 20120730
ByteHero - 20120723
CAT-QuickHeal - 20120730
ClamAV - 20120730
Commtouch - 20120730
Comodo - 20120730
DrWeb - 20120730
Emsisoft Virus.Win32.DelfInject !IK 20120730
eSafe - 20120730
ESET-NOD32 - 20120730
F-Prot - 20120730
F-Secure - 20120730
Fortinet - 20120730
GData - 20120730
Ikarus Virus.Win32.DelfInject 20120730
Jiangmin - 20120730
K7AntiVirus - 20120730
Kaspersky - 20120730
McAfee - 20120730
McAfee-GW-Edition - 20120730
Microsoft - 20120730
Norman - 20120730
nProtect - 20120730
Panda - 20120730
Rising - 20120730
Sophos - 20120730
SUPERAntiSpyware - 20120729
Symantec - 20120730
TheHacker - 20120730
TotalDefense - 20120730
TrendMicro - 20120730
TrendMicro-HouseCall - 20120730
VBA32 - 20120730
VIPRE - 20120730
ViRobot - 20120730
VirusBuster - 20120730

First seen by VirusTotal
2012-07-30 21:08:04 UTC ( 2 minutes ago )
Last seen by VirusTotal
2012-07-30 21:08:04 UTC ( 2 minutes ago )

Bruce Harrison
Vice President of Research

Follow us: Twitter, Become a fan: Facebook

Back to top

#22 nosirrah

Forum Deity

Administrators
5,402 posts

Location:Northampton, MA USA

Posted 03 August 2012 - 11:05 AM

this is going to be the final update as detection from for the initial sample has stopped increasing

here is the current detection for the most recent mutation from the same source used for ever sample in this test

SHA256: f29f814dad85613698b668833c48f8b4635c6a88b56a4660c050fa1406792f66
SHA1: 1c9914e8b847de1c57e509890b81fd7539c5cbea
MD5: 5dded97297d4ebdc3b28c3a6eacfed59
File size: 944.0 KB ( 966669 bytes )
File name: E:\Downloads\scandsk(405).exe
File type: Win32 EXE
Detection ratio: 1 / 41
Analysis date: 2012-08-03 15:56:51 UTC ( 1 minute ago )

AhnLab-V3 - 20120803
AntiVir - 20120803
Antiy-AVL - 20120803
Avast - 20120803
AVG - 20120803
BitDefender - 20120803
ByteHero - 20120723
CAT-QuickHeal - 20120803
ClamAV - 20120803
Commtouch - 20120803
Comodo - 20120803
DrWeb - 20120803
Emsisoft - 20120803
eSafe - 20120802
ESET-NOD32 - 20120803
F-Prot - 20120803
F-Secure - 20120803
Fortinet - 20120803
GData - 20120803
Ikarus - 20120803
Jiangmin - 20120803
K7AntiVirus - 20120802
Kaspersky - 20120803
McAfee - 20120803
McAfee-GW-Edition - 20120802
Microsoft - 20120803
Norman - 20120803
nProtect - 20120803
Panda Suspicious file 20120803
Rising - 20120803
Sophos - 20120803
SUPERAntiSpyware - 20120803
Symantec - 20120803
TheHacker - 20120801
TotalDefense - 20120802
TrendMicro - 20120803
TrendMicro-HouseCall - 20120803
VBA32 - 20120803
VIPRE - 20120803
ViRobot - 20120803
VirusBuster - 20120803

First seen by VirusTotal
2012-08-03 15:56:51 UTC ( 5 minutes ago )
Last seen by VirusTotal
2012-08-03 15:56:51 UTC ( 5 minutes ago )

Bruce Harrison
Vice President of Research

Follow us: Twitter, Become a fan: Facebook