Sign In
Create Account
0http://archiv-tube-world.com/xplaymovie.php?id=48339 http://files-softportal.com/TubeViewer.ver.6.48339.exeResult: 3/41 (7.32%)
VT
File size: 71508 bytes
http://rapidshare.de/files/47695565/TubeViewer.ver.6.48339.rar.html
-
This topic is locked
#1
Posted 29 June 2009 - 06:23 AM
-
- Malware Hunters
-
- 6,718 posts
Forum Deity
- Gender:Male
- Location:West Aussie
- Interests:Gardening and computers.
VT
File size: 71508 bytes
Back to top
#2
Posted 29 June 2009 - 08:20 AM
-
- Moderators
-
- 7,111 posts
Forum Deity
- Gender:Male
Same file as:
http://www.malwarebytes.org/forums/index.p...ost&p=94139
softportal-files.com (64.20.38.172)
files-softportal.com (64.20.38.172)
http://www.malwarebytes.org/forums/index.p...ost&p=94139
softportal-files.com (64.20.38.172)
files-softportal.com (64.20.38.172)
S!Ri, on Jun 27 2009, 05:18 PM, said:
Take care with those files. They are the same
Today the DNS is: extrafiles-softportal.com
Filename is not important, exemple:
hxxp://extrafiles-softportal.com/Jaxryley.123.exe
Coders are using a stub to have different MD5 (different size, different key). The stub is changed every 24h/48h.
When running the exe, the stub decrypt an UPX file, then it is unpacked, and finally we get the original executable that downloads 3 other malwares.
Don't look after MD5 or VT detection. Classic AV are far behind...
Today the DNS is: extrafiles-softportal.com
Filename is not important, exemple:
hxxp://extrafiles-softportal.com/Jaxryley.123.exe
Coders are using a stub to have different MD5 (different size, different key). The stub is changed every 24h/48h.
When running the exe, the stub decrypt an UPX file, then it is unpacked, and finally we get the original executable that downloads 3 other malwares.
Don't look after MD5 or VT detection. Classic AV are far behind...
1 user(s) are reading this topic
0 members, 1 guests, 0 anonymous users
