Sign In
Create Account
0
hxxp://132.238.55.114/
Result: 6/38 (15.79%)
http://www.virustotal.com/analisis/e31a921...d355bdbb97eec76
CIMA: http://camas.comodo.com/cgi-bin/submit?fil...8ebce56effc6678
#1
Posted 26 February 2009 - 04:01 PM
-
- Honorary Members
-
- 179 posts
Advanced Member
- Gender:Male
- Interests:Mainly salmon
Trojan.Salmon moving to fish tank on reboot.
Back to top
#2
Posted 26 February 2009 - 04:39 PM
-
- Honorary Members
-
- 179 posts
Advanced Member
- Gender:Male
- Interests:Mainly salmon
Morph List.exe
hxxp://88.161.229.82/
hxxp://81.9.198.159
Result: 4/38 (10.53%)
http://www.virustotal.com/analisis/8f67a91...827845fe2fe863a
hxxp://88.161.229.82/
hxxp://81.9.198.159
Result: 4/38 (10.53%)
http://www.virustotal.com/analisis/8f67a91...827845fe2fe863a
Trojan.Salmon moving to fish tank on reboot.
#3
Posted 26 February 2009 - 04:52 PM
-
- Honorary Members
-
- 179 posts
Advanced Member
- Gender:Male
- Interests:Mainly salmon
Sale.exe
hxxp://85.231.18.13/
Result: 6/38 (15.79%)
http://www.virustotal.com/analisis/87aa37a...c1be874cf89f766
hxxp://85.231.18.13/
Result: 6/38 (15.79%)
http://www.virustotal.com/analisis/87aa37a...c1be874cf89f766
Trojan.Salmon moving to fish tank on reboot.
#4
Posted 26 February 2009 - 07:41 PM
-
- Honorary Members
-
- 179 posts
Advanced Member
- Gender:Male
- Interests:Mainly salmon
Sales.exe
hxxp://200.206.142.116/
Result: 7/39 (17.95%)
http://www.virustotal.com/analisis/ba61712...b8f37e222a94092
CIMA: http://camas.comodo.com/cgi-bin/submit?fil...9e6b01517b81ae0
hxxp://200.206.142.116/
Result: 7/39 (17.95%)
http://www.virustotal.com/analisis/ba61712...b8f37e222a94092
CIMA: http://camas.comodo.com/cgi-bin/submit?fil...9e6b01517b81ae0
Trojan.Salmon moving to fish tank on reboot.
#5
Posted 26 February 2009 - 11:58 PM
-
- Malware Hunters
-
- 6,718 posts
Forum Deity
- Gender:Male
- Location:West Aussie
- Interests:Gardening and computers.
salmon, on Feb 27 2009, 12:01 AM, said:
hxxp://132.238.55.114/
Result: 6/38 (15.79%)
http://www.virustotal.com/analisis/e31a921...d355bdbb97eec76
CIMA: http://camas.comodo.com/cgi-bin/submit?fil...8ebce56effc6678
Result: 6/38 (15.79%)
http://www.virustotal.com/analisis/e31a921...d355bdbb97eec76
CIMA: http://camas.comodo.com/cgi-bin/submit?fil...8ebce56effc6678
Quote
File nocrisis.exe received on 02.27.2009 00:55:34 (CET)
Current status: finished
Result: 5/38 (13.16%)
Current status: finished
Result: 5/38 (13.16%)
File size: 411136 bytes
#6
Posted 27 February 2009 - 12:03 AM
-
- Members
-
- 3 posts
New Member
Jaxryley, on Feb 26 2009, 11:58 PM, said:
Hello, the waledac serving sites are automated. They serve different malware every 10 minutes or so, posting them is useless as they are gone as soon as they came.
#7
Posted 27 February 2009 - 12:05 AM
-
- Malware Hunters
-
- 6,718 posts
Forum Deity
- Gender:Male
- Location:West Aussie
- Interests:Gardening and computers.
I would hazard a guess and say these are from the same family of trojans along the lines of those postcard.exes and valentine's.exes we had a while back.
The sites can spit out a morphed and or renamed exe at any time and real hard to keep up with the variants.
Bit of fun for some though!
The sites can spit out a morphed and or renamed exe at any time and real hard to keep up with the variants.
Bit of fun for some though!
#8
Posted 27 February 2009 - 12:07 AM
-
- Malware Hunters
-
- 6,718 posts
Forum Deity
- Gender:Male
- Location:West Aussie
- Interests:Gardening and computers.
funkydude, on Feb 27 2009, 08:03 AM, said:
Hello, the waledac serving sites are automated. They serve different malware every 10 minutes or so, posting them is useless as they are gone as soon as they came.
#9
Posted 01 March 2009 - 04:05 PM
-
- Honorary Members
-
- 179 posts
Advanced Member
- Gender:Male
- Interests:Mainly salmon
Anyone know what these are?
A popup comes up with some strange thing O.o
hxxp://69.242.178.19
hxxp://69.242.178.19
hxxp://68.91.215.17
Source: http://www.threatexpert.com/report.aspx?md...61b0ffed62f5dee
A popup comes up with some strange thing O.o
hxxp://69.242.178.19
hxxp://69.242.178.19
hxxp://68.91.215.17
Source: http://www.threatexpert.com/report.aspx?md...61b0ffed62f5dee
Trojan.Salmon moving to fish tank on reboot.
#10
Posted 01 March 2009 - 04:19 PM
-
- Experts
-
- 10,162 posts
I Love Andriana
- Gender:Male
- Location:Bulgaria, EU
- Interests:Information security and web development
Very bad....
Virustotal
Quote
File run_2_.exe received on 03.01.2009 17:15:36 (CET)
Current status: finished
Result: 2/39 (5.13%)
Current status: finished
Result: 2/39 (5.13%)
Virustotal
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here
#11
Posted 01 March 2009 - 04:36 PM
-
- Honorary Members
-
- 3,023 posts
कैंसर योद्धा
- Gender:Not Telling
- Location:Jah Jersey Shore
re-morphed
hxxp://69.242.178.19
virustotal
hxxp://69.242.178.19
Quote
File salelist.exe received on 03.01.2009 17:28:22 (CET)
Current status: finished
Result: 9/39 (23.08%) File size:400 KB (409,600 bytes)
Current status: finished
Result: 9/39 (23.08%) File size:400 KB (409,600 bytes)
"Don't worry about a thing,
'Cause every little thing gonna be all right!"
'Cause every little thing gonna be all right!"
#12
Posted 01 March 2009 - 06:11 PM
-
- Experts
-
- 1,549 posts
Malware Researcher
- Gender:Male
- Location:United States
Jaxryley, on Feb 26 2009, 07:05 PM, said:
I would hazard a guess and say these are from the same family of trojans along the lines of those postcard.exes and valentine's.exes we had a while back.
The sites can spit out a morphed and or renamed exe at any time and real hard to keep up with the variants.
The sites can spit out a morphed and or renamed exe at any time and real hard to keep up with the variants.
That is an understatement if I ever read one.
#13
Posted 01 March 2009 - 06:23 PM
-
- Honorary Members
-
- 3,023 posts
कैंसर योद्धा
- Gender:Not Telling
- Location:Jah Jersey Shore
Morphing us to death softly.
"Don't worry about a thing,
'Cause every little thing gonna be all right!"
'Cause every little thing gonna be all right!"
#14
Posted 01 March 2009 - 06:58 PM
-
- Honorary Members
-
- 179 posts
Advanced Member
- Gender:Male
- Interests:Mainly salmon
hxxp://www.chatloveonline.com/
Getting discounts.exe at the moment
Result: 4/39 (10.26%)
http://www.virustotal.com/analisis/af8be2d...09b0f6e37aeb31e
CIMA: http://camas.comodo.com/cgi-bin/submit?fil...72861ea60b4f673
Getting discounts.exe at the moment
Result: 4/39 (10.26%)
http://www.virustotal.com/analisis/af8be2d...09b0f6e37aeb31e
CIMA: http://camas.comodo.com/cgi-bin/submit?fil...72861ea60b4f673
Trojan.Salmon moving to fish tank on reboot.
#15
Posted 01 March 2009 - 07:16 PM
-
- Honorary Members
-
- 179 posts
Advanced Member
- Gender:Male
- Interests:Mainly salmon
coponlist.exe
hxxp://84.29.203.15/
Result: 3/38 (7.9%)
http://www.virustotal.com/analisis/b41ed6c...131a5e7bad5d38a
http://88.114.207.199 <- Not online yet
hxxp://84.29.203.15/
Result: 3/38 (7.9%)
http://www.virustotal.com/analisis/b41ed6c...131a5e7bad5d38a
http://88.114.207.199 <- Not online yet
Trojan.Salmon moving to fish tank on reboot.
1 user(s) are reading this topic
0 members, 1 guests, 0 anonymous users
