Sign In
Create Account
1Quote
File xp_0118.exe received on 03.02.2009 06:21:18 (CET)
Current status: finished
Result: 19/37 (51.35%)
Current status: finished
Result: 19/37 (51.35%)
File size: 10752 bytes
#1
Posted 02 March 2009 - 05:28 AM
-
- Malware Hunters
-
- 6,718 posts
Forum Deity
- Gender:Male
- Location:West Aussie
- Interests:Gardening and computers.
209.205.196.16/freehost22/chris0118/lu/xp_0118.exe
File size: 10752 bytes
Virus Total
File size: 10752 bytes
Back to top
#2
Posted 02 March 2009 - 09:31 PM
-
- Moderators
-
- 16,154 posts
Malware BBQ'er
- Gender:Male
- Location:127.0.0.1
Hi ya and thanks for the sample.
Installer is new MD5 to us and will be added shortly but the dropped bot is known by heuristic hit.
So MBAM rips it back off the system
The installer copies itself to <WINDIR>,renames itself to wint32.exe and sets a load value to run on reboot.
Malwarebytes' Anti-Malware 1.34
Database version: 1814
Windows 5.1.2600 Service Pack 2
02/03/2009 21:22:12
mbam-log-2009-03-02 (21-22-12).txt
Scan type: Quick Scan
Objects scanned: 49048
Time elapsed: 1 minute(s), 18 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\win aggior (Backdoor.Bot) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\wint32.exe (Backdoor.Bot) -> Delete on reboot.
Installer is new MD5 to us and will be added shortly but the dropped bot is known by heuristic hit.
So MBAM rips it back off the system
The installer copies itself to <WINDIR>,renames itself to wint32.exe and sets a load value to run on reboot.
Malwarebytes' Anti-Malware 1.34
Database version: 1814
Windows 5.1.2600 Service Pack 2
02/03/2009 21:22:12
mbam-log-2009-03-02 (21-22-12).txt
Scan type: Quick Scan
Objects scanned: 49048
Time elapsed: 1 minute(s), 18 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\win aggior (Backdoor.Bot) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\wint32.exe (Backdoor.Bot) -> Delete on reboot.
1 user(s) are reading this topic
0 members, 1 guests, 0 anonymous users
