2 replies to this topic

[JoleFindsTheRogues]

http://www.virustotal.com/analisis/b5c0309ca9a4af8c1b3950102ae713ea5d434de12b9afd2b428f594dca428d38-1250878725

VT 0/41 0-day Malware

Adler32: EA0A653B
CRC32: AAA618C2
HAVAL: 0D1A5397FDF0F9C6FEEF28248775618E02A278626675059341E7A77158E781A5
MD2: 3A860651A4799CDA7623A555319BB953
MD4: AC14878A57DE80646020BFEE6B4553CD
MD5: 682511606BD329FB481EF8E60C8B0578
RIPEMD-128: 224891A261AA2B4562FD79A1D6FF2B6F
RIPEMD-256: D3EEF90E8BB1334F1970AF74E0672C5AB51172A37239B066E50A325889F0FCD7
RIPEMD-320: 18C19A101D3945778B8004A0FEBD6EA3638516DB9C6858C5A90FB0C483A378282F77E4A79F226ADB
SHA-1: 227ADC9CF48B9E261F5077BFCB0C7F1CAC3AA7BC
SHA-256: B5C0309CA9A4AF8C1B3950102AE713EA5D434DE12B9AFD2B428F594DCA428D38
SHA-384: 24E9149401D5D943E66025B34C5FF49FD3E1072ADA9C223E86897DFFA0D76F6F84AEF8B8FF2AE0B9
BDF21D4F4279C516
SHA-512: 485CE4144C7249F70E04DCF5D90102413F644A271632260255F80356BB1B44AC0CA207BF1041F63B
E9C6F30826570F87F8C179E58042851ED893D91C81C7EF1C
Tiger: AB35090C53DEE49A1D825B975F9B135488CE6CFCD77959AB
Whirlpool: A744D187AA2E0230DEFB9C7776067D124F74CB881F17A33CE529747890801F2C5AD038EC0B0DF027
963FBD8C635654564072ABF7D5D6A3838298A74D3C5F7F30

http://rapidshare.com/files/269915782/Hide_My_IP_2009_keygen.rar

It drops explorer1.exe , winlog.exe and server.exe

I guess server.exe renames to winlog.exe and copys itself to WINDOWS

But what is explorer1.exe , could you tell me that , fatdcuk?

[Fatdcuk]

Hi Jole,

I will report back when i have done stage 2 testing on the file

[Fatdcuk]

Hi Jole,


The sample did'nt want to play ball in my test enviroment

 suspect.jpg   10.59K   4 downloads

However it did play nicely for sandboxed analysis
http://www.threatexpert.com/report.aspx?md...81ef8e60c8b0578

Explorer1.exe is a keylogger!