Jump to content


Photo

Running a small test


  • Please log in to reply
21 replies to this topic

#1 nosirrah

nosirrah

    Forum Deity

  • Administrators
  • PipPipPipPipPipPip
  • 5,452 posts
  • Gender:Male
  • Location:Northampton, MA USA

Posted 15 July 2012 - 10:09 PM

Please do not comment on this thread. I am only posting here to give points of reference over time on detection of a 0day sample.

SHA256: e0dc4d79d2c5a5c2fb1d9107b1c5f817c589c195f1b8fbbcaa64847b73c3cc78
SHA1: a352cb3a4327634d599911ea3d9e095950b2371b
MD5: c4b357b6b09b35c6784319b5a27914e8
File size: 810.5 KB ( 829965 bytes )
File name: E:\Downloads\scandsk(309).exe
File type: Win32 EXE
Detection ratio: 2 / 42
Analysis date: 2012-07-16 02:32:08 UTC ( 0 minutes ago )

Antivirus Result Update
AhnLab-V3 - 20120705
AntiVir DR/Delphi.Gen 20120705
Antiy-AVL - 20120705
Avast - 20120705
AVG - 20120705
BitDefender - 20120705
ByteHero - 20120704
CAT-QuickHeal - 20120705
ClamAV - 20120705
Commtouch - 20120705
Comodo - 20120705
DrWeb - 20120706
Emsisoft - 20120705
eSafe - 20120705
F-Prot - 20120705
F-Secure - 20120706
Fortinet - 20120705
GData - 20120705
Ikarus - 20120705
Jiangmin - 20120705
K7AntiVirus - 20120705
Kaspersky - 20120705
McAfee - 20120706
McAfee-GW-Edition - 20120705
Microsoft - 20120705
NOD32 - 20120705
Norman - 20120705
nProtect - 20120706
Panda - 20120705
PCTools - 20120705
Rising - 20120705
Sophos Mal/EncPk-ACI 20120705
SUPERAntiSpyware - 20120705
Symantec - 20120706
TheHacker - 20120704
TotalDefense - 20120705
TrendMicro - 20120706
TrendMicro-HouseCall - 20120705
VBA32 - 20120705
VIPRE - 20120705
ViRobot - 20120705
VirusBuster - 20120705

First seen by VirusTotal
2012-07-16 02:32:08 UTC ( 34 minutes ago )
Last seen by VirusTotal
2012-07-16 02:32:08 UTC ( 34 minutes ago )
Bruce Harrison
Vice President of Research

Posted Image

Follow us: Twitter, Become a fan: Facebook

#2 nosirrah

nosirrah

    Forum Deity

  • Administrators
  • PipPipPipPipPipPip
  • 5,452 posts
  • Gender:Male
  • Location:Northampton, MA USA

Posted 16 July 2012 - 04:16 AM

update

SHA256: e0dc4d79d2c5a5c2fb1d9107b1c5f817c589c195f1b8fbbcaa64847b73c3cc78
SHA1: a352cb3a4327634d599911ea3d9e095950b2371b
MD5: c4b357b6b09b35c6784319b5a27914e8
File size: 810.5 KB ( 829965 bytes )
File name: E:\Downloads\scandsk(309).exe
File type: Win32 EXE
Detection ratio: 6 / 42
Analysis date: 2012-07-16 09:12:51 UTC ( 0 minutes ago )

Antivirus Result Update
AhnLab-V3 - 20120715
AntiVir DR/Delphi.Gen 20120716
Antiy-AVL - 20120712
Avast - 20120716
AVG - 20120715
BitDefender - 20120716
ByteHero - 20120716
CAT-QuickHeal - 20120716
ClamAV - 20120716
Commtouch - 20120715
Comodo - 20120716
DrWeb Trojan.Rodricter.8 20120716
Emsisoft - 20120716
eSafe - 20120716
ESET-NOD32 Win32/Simda.B 20120716
F-Prot - 20120715
F-Secure - 20120716
Fortinet - 20120716
GData - 20120716
Ikarus - 20120716
Jiangmin - 20120716
K7AntiVirus - 20120714
Kaspersky Trojan.Win32.Inject.eigh 20120716
McAfee - 20120716
McAfee-GW-Edition - 20120716
Microsoft - 20120716
Norman W32/Simda.AA 20120716
nProtect - 20120716
Panda - 20120715
PCTools - 20120716
Rising - 20120716
Sophos Mal/EncPk-ACI 20120716
SUPERAntiSpyware - 20120715
Symantec - 20120716
TheHacker - 20120716
TotalDefense - 20120713
TrendMicro - 20120716
TrendMicro-HouseCall - 20120715
VBA32 - 20120716
VIPRE - 20120716
ViRobot - 20120716
VirusBuster - 20120715


First seen by VirusTotal
2012-07-16 02:32:08 UTC ( 6 hours, 44 minutes ago )
Last seen by VirusTotal
2012-07-16 09:12:51 UTC ( 3 minutes ago )
Bruce Harrison
Vice President of Research

Posted Image

Follow us: Twitter, Become a fan: Facebook

#3 nosirrah

nosirrah

    Forum Deity

  • Administrators
  • PipPipPipPipPipPip
  • 5,452 posts
  • Gender:Male
  • Location:Northampton, MA USA

Posted 16 July 2012 - 08:50 AM

update


SHA256: e0dc4d79d2c5a5c2fb1d9107b1c5f817c589c195f1b8fbbcaa64847b73c3cc78
SHA1: a352cb3a4327634d599911ea3d9e095950b2371b
MD5: c4b357b6b09b35c6784319b5a27914e8
File size: 810.5 KB ( 829965 bytes )
File name: E:\Downloads\scandsk(309).exe
File type: Win32 EXE
Detection ratio: 10 / 42
Analysis date: 2012-07-16 13:46:25 UTC ( 0 minutes ago )


AhnLab-V3 - 20120716
AntiVir DR/Delphi.Gen 20120716
Antiy-AVL - 20120712
Avast - 20120716
AVG - 20120716
BitDefender Trojan.Generic.KDV.673357 20120716
ByteHero - 20120716
CAT-QuickHeal - 20120716
ClamAV - 20120716
Commtouch - 20120716
Comodo - 20120716
DrWeb Trojan.Rodricter.8 20120716
Emsisoft Trojan.Win32.Inject.eigh.AMN!A2 20120716
eSafe - 20120716
ESET-NOD32 Win32/Simda.B 20120716
F-Prot - 20120716
F-Secure - 20120716
Fortinet - 20120716
GData Trojan.Generic.KDV.673357 20120716
Ikarus - 20120716
Jiangmin - 20120716
K7AntiVirus - 20120714
Kaspersky Trojan.Win32.Inject.eigh 20120716
McAfee - 20120716
McAfee-GW-Edition - 20120716
Microsoft - 20120716
Norman W32/Simda.AA 20120716
nProtect - 20120716
Panda - 20120716
PCTools - 20120716
Rising - 20120716
Sophos Mal/EncPk-ACI 20120716
SUPERAntiSpyware - 20120715
Symantec - 20120716
TheHacker - 20120716
TotalDefense - 20120713
TrendMicro - 20120716
TrendMicro-HouseCall - 20120716
VBA32 - 20120716
VIPRE - 20120716
ViRobot Trojan.Win32.A.Inject.829965 20120716
VirusBuster - 20120715


First seen by VirusTotal
2012-07-16 02:32:08 UTC ( 11 hours, 18 minutes ago )
Last seen by VirusTotal
2012-07-16 13:46:25 UTC ( 4 minutes ago )
Bruce Harrison
Vice President of Research

Posted Image

Follow us: Twitter, Become a fan: Facebook

#4 Sveta MRG

Sveta MRG

    New Member

  • Members
  • Pip
  • 2 posts
  • Gender:Male

Posted 16 July 2012 - 09:08 AM

Perfect example of how time plays an important factor in testing.
Sveta Miladinov

MRG Effitas
Efficacy Assessment & Assurance

#5 nosirrah

nosirrah

    Forum Deity

  • Administrators
  • PipPipPipPipPipPip
  • 5,452 posts
  • Gender:Male
  • Location:Northampton, MA USA

Posted 16 July 2012 - 11:15 AM

update

at this point the source for this sample has mutated so further updates by the AVs will be irrelevant

old variant first


SHA256: e0dc4d79d2c5a5c2fb1d9107b1c5f817c589c195f1b8fbbcaa64847b73c3cc78
SHA1: a352cb3a4327634d599911ea3d9e095950b2371b
MD5: c4b357b6b09b35c6784319b5a27914e8
File size: 810.5 KB ( 829965 bytes )
File name: E:\Downloads\scandsk(309).exe
File type: Win32 EXE
Detection ratio: 11 / 42
Analysis date: 2012-07-16 16:06:59 UTC ( 1 minute ago )


AhnLab-V3 - 20120716
AntiVir DR/Delphi.Gen 20120716
Antiy-AVL - 20120712
Avast - 20120716
AVG - 20120716
BitDefender Trojan.Generic.KDV.673357 20120716
ByteHero - 20120716
CAT-QuickHeal - 20120716
ClamAV - 20120716
Commtouch - 20120716
Comodo - 20120716
DrWeb Trojan.Rodricter.8 20120716
Emsisoft Trojan.Win32.Inject.eigh.AMN!A2 20120716
eSafe - 20120716
ESET-NOD32 Win32/Simda.B 20120716
F-Prot - 20120716
F-Secure Trojan.Generic.KDV.673357 20120716
Fortinet - 20120716
GData Trojan.Generic.KDV.673357 20120716
Ikarus - 20120716
Jiangmin - 20120716
K7AntiVirus - 20120714
Kaspersky Trojan.Win32.Inject.eigh 20120716
McAfee - 20120716
McAfee-GW-Edition - 20120716
Microsoft - 20120716
Norman W32/Simda.AA 20120716
nProtect - 20120716
Panda - 20120716
PCTools - 20120716
Rising - 20120716
Sophos Mal/EncPk-ACI 20120716
SUPERAntiSpyware - 20120715
Symantec - 20120716
TheHacker - 20120716
TotalDefense - 20120713
TrendMicro - 20120716
TrendMicro-HouseCall - 20120716
VBA32 - 20120716
VIPRE - 20120716
ViRobot Trojan.Win32.A.Inject.829965 20120716
VirusBuster - 20120716


First seen by VirusTotal
2012-07-16 02:32:08 UTC ( 13 hours, 39 minutes ago )
Last seen by VirusTotal
2012-07-16 16:06:59 UTC ( 4 minutes ago )



and now the new variant that has replaced the old one


SHA256: 9cbbd4a113c0ba71c9ace2897b37375040c1aa4b4f75dc15f2fda70a44a6f78b
SHA1: c1ab3d8ca23c29b32994795eaca146dcc3f182fa
MD5: ea8083a2c187db22a5c1eacdd31161b7
File size: 823.0 KB ( 842765 bytes )
File name: E:\Downloads\scandsk(317).exe
File type: Win32 EXE
Detection ratio: 2 / 42
Analysis date: 2012-07-16 16:06:57 UTC ( 1 minute ago )


AhnLab-V3 - 20120716
AntiVir DR/Delphi.Gen 20120716
Antiy-AVL - 20120712
Avast - 20120716
AVG - 20120716
BitDefender - 20120716
ByteHero - 20120716
CAT-QuickHeal - 20120716
ClamAV - 20120716
Commtouch - 20120716
Comodo - 20120716
DrWeb - 20120716
Emsisoft - 20120716
eSafe - 20120716
ESET-NOD32 - 20120716
F-Prot - 20120716
F-Secure - 20120716
Fortinet - 20120716
GData - 20120716
Ikarus - 20120716
Jiangmin - 20120716
K7AntiVirus - 20120714
Kaspersky - 20120716
McAfee - 20120716
McAfee-GW-Edition - 20120716
Microsoft - 20120716
Norman W32/Simda.AA 20120716
nProtect - 20120716
Panda - 20120716
PCTools - 20120716
Rising - 20120716
Sophos - 20120716
SUPERAntiSpyware - 20120715
Symantec - 20120716
TheHacker - 20120716
TotalDefense - 20120713
TrendMicro - 20120716
TrendMicro-HouseCall - 20120716
VBA32 - 20120716
VIPRE - 20120716
ViRobot - 20120716
VirusBuster - 20120716


First seen by VirusTotal
2012-07-16 16:06:57 UTC ( 7 minutes ago )
Last seen by VirusTotal
2012-07-16 16:06:57 UTC ( 7 minutes ago )
Bruce Harrison
Vice President of Research

Posted Image

Follow us: Twitter, Become a fan: Facebook

#6 nosirrah

nosirrah

    Forum Deity

  • Administrators
  • PipPipPipPipPipPip
  • 5,452 posts
  • Gender:Male
  • Location:Northampton, MA USA

Posted 16 July 2012 - 03:58 PM

update

this is the current detection for the now obsolete malware


SHA256: e0dc4d79d2c5a5c2fb1d9107b1c5f817c589c195f1b8fbbcaa64847b73c3cc78
SHA1: a352cb3a4327634d599911ea3d9e095950b2371b
MD5: c4b357b6b09b35c6784319b5a27914e8
File size: 810.5 KB ( 829965 bytes )
File name: E:\Downloads\scandsk(309).exe
File type: Win32 EXE
Detection ratio: 13 / 42
Analysis date: 2012-07-16 20:47:00 UTC ( 1 minute ago )


AhnLab-V3 - 20120716
AntiVir DR/Delphi.Gen 20120716
Antiy-AVL - 20120712
Avast - 20120716
AVG - 20120716
BitDefender Trojan.Generic.KDV.673357 20120716
ByteHero - 20120716
CAT-QuickHeal - 20120716
ClamAV - 20120716
Commtouch - 20120716
Comodo - 20120716
DrWeb Trojan.Rodricter.8 20120716
Emsisoft Trojan.Win32.Inject.eigh.AMN!A2 20120716
eSafe - 20120716
ESET-NOD32 Win32/Simda.B 20120716
F-Prot - 20120716
F-Secure Trojan.Generic.KDV.673357 20120716
Fortinet W32/Inject.EIGH!tr 20120716
GData Trojan.Generic.KDV.673357 20120716
Ikarus - 20120716
Jiangmin - 20120716
K7AntiVirus - 20120716
Kaspersky Trojan.Win32.Inject.eigh 20120716
McAfee - 20120716
McAfee-GW-Edition - 20120716
Microsoft - 20120716
Norman W32/Simda.AA 20120716
nProtect - 20120716
Panda Trj/CI.A 20120716
PCTools - 20120716
Rising - 20120716
Sophos Mal/EncPk-ACI 20120716
SUPERAntiSpyware - 20120715
Symantec - 20120716
TheHacker - 20120716
TotalDefense - 20120713
TrendMicro - 20120716
TrendMicro-HouseCall - 20120716
VBA32 - 20120716
VIPRE - 20120716
ViRobot Trojan.Win32.A.Inject.829965 20120716
VirusBuster - 20120716


First seen by VirusTotal
2012-07-16 02:32:08 UTC ( 18 hours, 21 minutes ago )
Last seen by VirusTotal
2012-07-16 20:47:00 UTC ( 6 minutes ago )
Bruce Harrison
Vice President of Research

Posted Image

Follow us: Twitter, Become a fan: Facebook

#7 nosirrah

nosirrah

    Forum Deity

  • Administrators
  • PipPipPipPipPipPip
  • 5,452 posts
  • Gender:Male
  • Location:Northampton, MA USA

Posted 17 July 2012 - 05:22 PM

update

this is the current detection for the now very obsolete infection


SHA256: e0dc4d79d2c5a5c2fb1d9107b1c5f817c589c195f1b8fbbcaa64847b73c3cc78
SHA1: a352cb3a4327634d599911ea3d9e095950b2371b
MD5: c4b357b6b09b35c6784319b5a27914e8
File size: 810.5 KB ( 829965 bytes )
File name: E:\Downloads\scandsk(309).exe
File type: Win32 EXE
Detection ratio: 17 / 42
Analysis date: 2012-07-17 17:17:06 UTC ( 4 hours, 57 minutes ago )


AhnLab-V3 - 20120717
AntiVir DR/Delphi.Gen 20120717
Antiy-AVL - 20120717
Avast - 20120717
AVG - 20120717
BitDefender Trojan.Generic.KDV.673357 20120717
ByteHero - 20120716
CAT-QuickHeal - 20120717
ClamAV - 20120717
Commtouch - 20120717
Comodo UnclassifiedMalware 20120717
DrWeb Trojan.Rodricter.8 20120717
Emsisoft Trojan.Win32.Inject.eigh.AMN!A2 20120717
eSafe - 20120717
ESET-NOD32 Win32/Simda.B 20120717
F-Prot - 20120717
F-Secure Trojan.Generic.KDV.673357 20120717
Fortinet W32/Inject.EIGH!tr 20120717
GData Trojan.Generic.KDV.673357 20120717
Ikarus Trojan.Win32.Inject 20120717
Jiangmin - 20120717
K7AntiVirus - 20120717
Kaspersky Trojan.Win32.Inject.eigh 20120717
McAfee - 20120717
McAfee-GW-Edition - 20120717
Microsoft - 20120717
Norman W32/Simda.AA 20120717
nProtect Trojan.Generic.KDV.673357 20120717
Panda Trj/CI.A 20120717
PCTools - 20120717
Rising - 20120717
Sophos Mal/EncPk-ACI 20120717
SUPERAntiSpyware - 20120717
Symantec - 20120717
TheHacker - 20120717
TotalDefense - 20120717
TrendMicro - 20120717
TrendMicro-HouseCall TROJ_GEN.R47H1GG 20120717
VBA32 - 20120717
VIPRE - 20120717
ViRobot Trojan.Win32.A.Inject.829965 20120717
VirusBuster - 20120717


First seen by VirusTotal
2012-07-16 02:32:08 UTC ( 1 day, 19 hours ago )
Last seen by VirusTotal
2012-07-17 22:14:18 UTC ( 1 minute ago )



here is the most recent mutation

as you can see some vendors have been able to use the previous version to predict this version


SHA256: 5212e626882d9fe38417f860e29b7cfa546da6ff68bff4b470015f0c9274941f
SHA1: 3ed789a314e7721ba312b1a688d33fd613e2e82d
MD5: 79be6139b018b53cca107301e6dce46e
File size: 805.0 KB ( 824333 bytes )
File name: E:\Downloads\scandsk(325).exe
File type: Win32 EXE
Detection ratio: 8 / 42
Analysis date: 2012-07-17 22:14:12 UTC ( 0 minutes ago )


AhnLab-V3 - 20120717
AntiVir DR/Delphi.Gen 20120717
Antiy-AVL - 20120717
Avast - 20120717
AVG - 20120717
BitDefender - 20120717
ByteHero - 20120716
CAT-QuickHeal - 20120717
ClamAV - 20120717
Commtouch W32/MalwareHiderPatched-based!Maximus 20120717
Comodo - 20120717
DrWeb - 20120717
Emsisoft - 20120717
eSafe - 20120717
ESET-NOD32 - 20120717
F-Prot W32/MalwareHiderPatched-based!Maximus 20120717
F-Secure - 20120717
Fortinet - 20120717
GData - 20120717
Ikarus - 20120717
Jiangmin - 20120717
K7AntiVirus Trojan 20120717
Kaspersky - 20120717
McAfee PWS-Zbot.gen.zy 20120717
McAfee-GW-Edition PWS-Zbot.gen.zy 20120717
Microsoft - 20120718
Norman W32/Obfuscated_J 20120717
nProtect - 20120717
Panda - 20120717
PCTools - 20120717
Rising - 20120717
Sophos Mal/EncPk-ACI 20120717
SUPERAntiSpyware - 20120717
Symantec - 20120717
TheHacker - 20120717
TotalDefense - 20120717
TrendMicro - 20120717
TrendMicro-HouseCall - 20120717
VBA32 - 20120717
VIPRE - 20120717
ViRobot - 20120717
VirusBuster - 20120717


First seen by VirusTotal
2012-07-17 22:14:12 UTC ( 3 minutes ago )
Last seen by VirusTotal
2012-07-17 22:14:12 UTC ( 3 minutes ago )
Bruce Harrison
Vice President of Research

Posted Image

Follow us: Twitter, Become a fan: Facebook

#8 nosirrah

nosirrah

    Forum Deity

  • Administrators
  • PipPipPipPipPipPip
  • 5,452 posts
  • Gender:Male
  • Location:Northampton, MA USA

Posted 18 July 2012 - 01:48 AM

Another new mutation


SHA256: da67c25c078d81b8509c3359e299e5adee4d4b3ba142f210bdf9cbbbacf07220
SHA1: ba0826e61ac02083352f041a0e50b6ab5313c5f3
MD5: 63c2f15ab622140f1fccee28c22a1032
File size: 804.5 KB ( 823821 bytes )
File name: E:\Downloads\scandsk(326).exe
File type: Win32 EXE
Detection ratio: 5 / 42
Analysis date: 2012-07-18 06:43:22 UTC ( 0 minutes ago )


AhnLab-V3 - 20120717
AntiVir DR/Delphi.Gen 20120717
Antiy-AVL - 20120717
Avast - 20120717
AVG - 20120717
BitDefender - 20120717
ByteHero - 20120613
CAT-QuickHeal - 20120717
ClamAV - 20120717
Commtouch - 20120717
Comodo - 20120717
DrWeb - 20120717
Emsisoft - 20120717
eSafe - 20120717
F-Prot - 20120717
F-Secure - 20120717
Fortinet - 20120717
GData - 20120717
Ikarus - 20120717
Jiangmin - 20120717
K7AntiVirus - 20120717
Kaspersky - 20120717
McAfee PWS-Zbot.gen.zy 20120717
McAfee-GW-Edition PWS-Zbot.gen.zy 20120717
Microsoft - 20120717
NOD32 - 20120715
Norman W32/Simda.AA 20120717
nProtect - 20120717
Panda - 20120717
PCTools - 20120717
Rising - 20120717
Sophos Mal/EncPk-AEM 20120717
SUPERAntiSpyware - 20120717
Symantec - 20120717
TheHacker - 20120717
TotalDefense - 20120717
TrendMicro - 20120717
TrendMicro-HouseCall - 20120717
VBA32 - 20120717
VIPRE - 20120717
ViRobot - 20120717
VirusBuster - 20120717


First seen by VirusTotal
2012-07-18 06:43:22 UTC ( 3 minutes ago )
Last seen by VirusTotal
2012-07-18 06:43:22 UTC ( 3 minutes ago )
Bruce Harrison
Vice President of Research

Posted Image

Follow us: Twitter, Become a fan: Facebook

#9 nosirrah

nosirrah

    Forum Deity

  • Administrators
  • PipPipPipPipPipPip
  • 5,452 posts
  • Gender:Male
  • Location:Northampton, MA USA

Posted 18 July 2012 - 05:10 AM

update

first the now 2 day old sample


SHA256: e0dc4d79d2c5a5c2fb1d9107b1c5f817c589c195f1b8fbbcaa64847b73c3cc78
SHA1: a352cb3a4327634d599911ea3d9e095950b2371b
MD5: c4b357b6b09b35c6784319b5a27914e8
File size: 810.5 KB ( 829965 bytes )
File name: E:\Downloads\scandsk(309).exe
File type: Win32 EXE
Detection ratio: 19 / 42
Analysis date: 2012-07-18 10:02:03 UTC ( 0 minutes ago )


AhnLab-V3 - 20120718
AntiVir DR/Delphi.Gen 20120718
Antiy-AVL - 20120717
Avast Win32:Trojan-gen 20120718
AVG Generic28.CGSU 20120718
BitDefender Trojan.Generic.KDV.673357 20120718
ByteHero - 20120716
CAT-QuickHeal - 20120718
ClamAV - 20120717
Commtouch - 20120718
Comodo UnclassifiedMalware 20120718
DrWeb Trojan.Rodricter.8 20120718
Emsisoft Trojan.Win32.Inject!IK 20120718
eSafe - 20120717
ESET-NOD32 Win32/Simda.B 20120718
F-Prot - 20120718
F-Secure Trojan.Generic.KDV.673357 20120718
Fortinet W32/Inject.EIGH!tr 20120718
GData Trojan.Generic.KDV.673357 20120718
Ikarus Trojan.Win32.Inject 20120718
Jiangmin - 20120718
K7AntiVirus - 20120717
Kaspersky Trojan.Win32.Inject.eigh 20120718
McAfee - 20120718
McAfee-GW-Edition - 20120718
Microsoft - 20120718
Norman W32/Simda.AA 20120718
nProtect Trojan.Generic.KDV.673357 20120718
Panda Trj/CI.A 20120718
PCTools - 20120718
Rising - 20120718
Sophos Mal/EncPk-ACI 20120718
SUPERAntiSpyware - 20120718
Symantec - 20120717
TheHacker - 20120717
TotalDefense - 20120717
TrendMicro - 20120718
TrendMicro-HouseCall TROJ_GEN.R47H1GG 20120717
VBA32 - 20120718
VIPRE - 20120718
ViRobot Trojan.Win32.A.Inject.829965 20120718
VirusBuster - 20120717


First seen by VirusTotal
2012-07-16 02:32:08 UTC ( 2 days, 7 hours ago )
Last seen by VirusTotal
2012-07-18 10:02:03 UTC ( 1 minute ago )


and now the latest variant from the same source


SHA256: 9fcfcad511ba153666296f2a974aebce276838542f425d1a1b32c56b933b850d
SHA1: cfdfdc8e37ec4e5ca35802c84c165108c0dde520
MD5: 646b1c0c4a3dab6a4644f30572c0a21f
File size: 767.0 KB ( 785421 bytes )
File name: E:\Downloads\scandsk(328).exe
File type: Win32 EXE
Detection ratio: 7 / 41
Analysis date: 2012-07-18 10:01:38 UTC ( 1 minute ago )


Antivirus Result Update
AntiVir - 20120718
Antiy-AVL - 20120717
Avast - 20120718
AVG - 20120718
BitDefender Gen:Trojan.Heur2.LVP.VGX@aaiPczgi 20120718
ByteHero - 20120716
CAT-QuickHeal - 20120718
ClamAV - 20120717
Commtouch - 20120718
Comodo - 20120718
DrWeb - 20120718
Emsisoft Trojan.Win32.Inject!IK 20120718
eSafe - 20120717
ESET-NOD32 - 20120718
F-Prot - 20120718
F-Secure Gen:Trojan.Heur2.LVP.VGX@aaiPczgi 20120718
Fortinet - 20120718
GData Gen:Trojan.Heur2.LVP.VGX@aaiPczgi 20120718
Ikarus Trojan.Win32.Inject 20120718
Jiangmin - 20120718
K7AntiVirus - 20120717
Kaspersky - 20120718
McAfee - 20120718
McAfee-GW-Edition - 20120718
Microsoft - 20120718
Norman W32/Simda.AA 20120718
nProtect - 20120718
Panda - 20120718
PCTools - 20120718
Rising - 20120718
Sophos Mal/EncPk-ACI 20120718
SUPERAntiSpyware - 20120718
Symantec - 20120717
TheHacker - 20120717
TotalDefense - 20120717
TrendMicro - 20120718
TrendMicro-HouseCall - 20120717
VBA32 - 20120718
VIPRE - 20120718
ViRobot - 20120718
VirusBuster - 20120717


First seen by VirusTotal
2012-07-18 10:01:38 UTC ( 2 minutes ago )
Last seen by VirusTotal
2012-07-18 10:01:38 UTC ( 2 minutes ago )
Bruce Harrison
Vice President of Research

Posted Image

Follow us: Twitter, Become a fan: Facebook

#10 nosirrah

nosirrah

    Forum Deity

  • Administrators
  • PipPipPipPipPipPip
  • 5,452 posts
  • Gender:Male
  • Location:Northampton, MA USA

Posted 19 July 2012 - 01:19 PM

today there was another new mutation

here are detections for the now 3 day obsolete trojan


SHA256: e0dc4d79d2c5a5c2fb1d9107b1c5f817c589c195f1b8fbbcaa64847b73c3cc78
SHA1: a352cb3a4327634d599911ea3d9e095950b2371b
MD5: c4b357b6b09b35c6784319b5a27914e8
File size: 810.5 KB ( 829965 bytes )
File name: E:\Downloads\scandsk(309).exe
File type: Win32 EXE
Detection ratio: 20 / 42
Analysis date: 2012-07-19 18:07:58 UTC ( 1 minute ago )


AhnLab-V3 - 20120719
AntiVir DR/Delphi.Gen 20120719
Antiy-AVL - 20120717
Avast Win32:Trojan-gen 20120719
AVG Generic28.CGSU 20120719
BitDefender Trojan.Generic.KDV.673357 20120719
ByteHero - 20120719
CAT-QuickHeal - 20120719
ClamAV - 20120719
Commtouch - 20120719
Comodo UnclassifiedMalware 20120719
DrWeb Trojan.Rodricter.8 20120719
Emsisoft Trojan.Win32.Inject!IK 20120719
eSafe - 20120719
ESET-NOD32 Win32/Simda.B 20120719
F-Prot - 20120719
F-Secure Trojan.Generic.KDV.673357 20120719
Fortinet W32/Inject.EIGH!tr 20120719
GData Trojan.Generic.KDV.673357 20120719
Ikarus Trojan.Win32.Inject 20120719
Jiangmin - 20120719
K7AntiVirus - 20120719
Kaspersky Trojan.Win32.Inject.eigh 20120719
McAfee Generic BackDoor.abj 20120719
McAfee-GW-Edition - 20120719
Microsoft - 20120719
Norman W32/Simda.AA 20120719
nProtect Trojan/W32.Agent.829965 20120719
Panda - 20120719
PCTools - 20120719
Rising - 20120719
Sophos Mal/EncPk-ACI 20120719
SUPERAntiSpyware - 20120719
Symantec - 20120719
TheHacker - 20120719
TotalDefense - 20120718
TrendMicro - 20120719
TrendMicro-HouseCall TROJ_GEN.R47H1GG 20120719
VBA32 - 20120719
VIPRE Trojan.Win32.Generic!BT 20120719
ViRobot Trojan.Win32.A.Inject.829965 20120719
VirusBuster - 20120719


First seen by VirusTotal
2012-07-16 02:32:08 UTC ( 3 days, 15 hours ago )
Last seen by VirusTotal
2012-07-19 18:07:58 UTC ( 1 minute ago )



Here is the current detection for the current trojan from the same source


SHA256: 708b3abfcb049581e565340f0c550e8520f3f802dd2e44649856806ff01037fe
SHA1: c3aae91842bcec90e80ddd222d455e679b28cee4
MD5: 1db4547bf121a7aff42b087f4f67445d
File size: 768.5 KB ( 786957 bytes )
File name: E:\Downloads\scandsk(334).exe
File type: Win32 EXE
Detection ratio: 4 / 42
Analysis date: 2012-07-19 18:07:52 UTC ( 1 minute ago )


AhnLab-V3 - 20120719
AntiVir - 20120719
Antiy-AVL - 20120717
Avast - 20120719
AVG - 20120719
BitDefender Gen:Trojan.Heur2.LVP.WGX@amP1bSdi 20120719
ByteHero - 20120719
CAT-QuickHeal - 20120719
ClamAV - 20120719
Commtouch - 20120719
Comodo - 20120719
DrWeb - 20120719
Emsisoft - 20120719
eSafe - 20120719
ESET-NOD32 - 20120719
F-Prot - 20120719
F-Secure Gen:Trojan.Heur2.LVP.WGX@amP1bSdi 20120719
Fortinet - 20120719
GData Gen:Trojan.Heur2.LVP.WGX@amP1bSdi 20120719
Ikarus - 20120719
Jiangmin - 20120719
K7AntiVirus - 20120719
Kaspersky - 20120719
McAfee - 20120719
McAfee-GW-Edition - 20120719
Microsoft - 20120719
Norman W32/Simda.AA 20120719
nProtect - 20120719
Panda - 20120719
PCTools - 20120719
Rising - 20120719
Sophos - 20120719
SUPERAntiSpyware - 20120719
Symantec - 20120719
TheHacker - 20120719
TotalDefense - 20120718
TrendMicro - 20120719
TrendMicro-HouseCall - 20120719
VBA32 - 20120719
VIPRE - 20120719
ViRobot - 20120719
VirusBuster - 20120719


First seen by VirusTotal
2012-07-19 18:07:52 UTC ( 1 minute ago )
Last seen by VirusTotal
2012-07-19 18:07:52 UTC ( 1 minute ago )
Bruce Harrison
Vice President of Research

Posted Image

Follow us: Twitter, Become a fan: Facebook

#11 nosirrah

nosirrah

    Forum Deity

  • Administrators
  • PipPipPipPipPipPip
  • 5,452 posts
  • Gender:Male
  • Location:Northampton, MA USA

Posted 20 July 2012 - 10:11 PM

updating again

the first trojan is now 5 days obsolete and once again has been replaced with a new mutation

here are the current detections for the original sample


SHA256: e0dc4d79d2c5a5c2fb1d9107b1c5f817c589c195f1b8fbbcaa64847b73c3cc78
SHA1: a352cb3a4327634d599911ea3d9e095950b2371b
MD5: c4b357b6b09b35c6784319b5a27914e8
File size: 810.5 KB ( 829965 bytes )
File name: E:\Downloads\scandsk(309).exe
File type: Win32 EXE
Detection ratio: 22 / 42
Analysis date: 2012-07-21 02:54:59 UTC ( 0 minutes ago )


AhnLab-V3 - 20120720
AntiVir DR/Delphi.Gen 20120720
Antiy-AVL - 20120717
Avast Win32:Trojan-gen 20120721
AVG Generic28.CGSU 20120720
BitDefender Trojan.Generic.KDV.673357 20120721
ByteHero - 20120719
CAT-QuickHeal - 20120720
ClamAV - 20120721
Commtouch - 20120721
Comodo UnclassifiedMalware 20120721
DrWeb Trojan.Rodricter.8 20120721
Emsisoft Trojan.Win32.Inject!IK 20120721
eSafe - 20120719
ESET-NOD32 Win32/Simda.B 20120720
F-Prot - 20120720
F-Secure Trojan.Generic.KDV.673357 20120721
Fortinet W32/Inject.EIGH!tr 20120721
GData Trojan.Generic.KDV.673357 20120721
Ikarus Trojan.Win32.Inject 20120720
Jiangmin - 20120720
K7AntiVirus - 20120720
Kaspersky Trojan.Win32.Inject.eigh 20120721
McAfee Generic BackDoor.abj 20120721
McAfee-GW-Edition - 20120721
Microsoft - 20120721
Norman W32/Simda.AA 20120720
nProtect Trojan/W32.Agent.829965 20120720
Panda Trj/CI.A 20120720
PCTools - 20120721
Rising - 20120720
Sophos Mal/EncPk-ACI 20120721
SUPERAntiSpyware - 20120720
Symantec - 20120721
TheHacker Trojan/Inject.eigh 20120720
TotalDefense - 20120718
TrendMicro - 20120721
TrendMicro-HouseCall TROJ_GEN.R47H1GG 20120721
VBA32 - 20120720
VIPRE Trojan.Win32.Generic!BT 20120721
ViRobot Trojan.Win32.A.Inject.829965 20120720
VirusBuster - 20120721



First seen by VirusTotal
2012-07-16 02:32:08 UTC ( 5 days ago )
Last seen by VirusTotal
2012-07-21 02:54:59 UTC ( 6 minutes ago )


and now the new trojan from the same source


SHA256: 315424b78585b20d42cd677e2c200941c490b4d60c3de7b409e010a26252f220
SHA1: f00040728911b4992b8277c432f279dbad633d20
MD5: dc141f06bc9f47cabde4c6af88051c39
File size: 758.0 KB ( 776205 bytes )
File name: E:\Downloads\scandsk(342).exe
File type: Win32 EXE
Detection ratio: 8 / 42
Analysis date: 2012-07-21 02:54:42 UTC ( 0 minutes ago )


AhnLab-V3 - 20120720
AntiVir DR/Delphi.Gen 20120720
Antiy-AVL - 20120717
Avast - 20120721
AVG - 20120720
BitDefender - 20120721
ByteHero - 20120719
CAT-QuickHeal - 20120720
ClamAV - 20120721
Commtouch W32/MalwareHiderPatched-based!Maximus 20120721
Comodo - 20120721
DrWeb - 20120721
Emsisoft Trojan.Win32.Inject!IK 20120721
eSafe - 20120719
ESET-NOD32 - 20120720
F-Prot W32/MalwareHiderPatched-based!Maximus 20120720
F-Secure - 20120721
Fortinet - 20120721
GData - 20120721
Ikarus Trojan.Win32.Inject 20120720
Jiangmin - 20120720
K7AntiVirus Trojan 20120720
Kaspersky - 20120721
McAfee - 20120721
McAfee-GW-Edition - 20120721
Microsoft - 20120721
Norman W32/Simda.AA 20120720
nProtect - 20120720
Panda - 20120720
PCTools - 20120721
Rising - 20120720
Sophos Mal/EncPk-AEM 20120721
SUPERAntiSpyware - 20120720
Symantec - 20120721
TheHacker - 20120720
TotalDefense - 20120718
TrendMicro - 20120721
TrendMicro-HouseCall - 20120721
VBA32 - 20120720
VIPRE - 20120721
ViRobot - 20120720
VirusBuster - 20120721


First seen by VirusTotal
2012-07-21 02:54:42 UTC ( 7 minutes ago )
Last seen by VirusTotal
2012-07-21 02:54:42 UTC ( 7 minutes ago )
Bruce Harrison
Vice President of Research

Posted Image

Follow us: Twitter, Become a fan: Facebook

#12 nosirrah

nosirrah

    Forum Deity

  • Administrators
  • PipPipPipPipPipPip
  • 5,452 posts
  • Gender:Male
  • Location:Northampton, MA USA

Posted 21 July 2012 - 01:27 PM

update

here are the latest updates for the original version and more recent mutation

first the original sample that is now 5 and a half days obsolete


SHA256: e0dc4d79d2c5a5c2fb1d9107b1c5f817c589c195f1b8fbbcaa64847b73c3cc78
SHA1: a352cb3a4327634d599911ea3d9e095950b2371b
MD5: c4b357b6b09b35c6784319b5a27914e8
File size: 810.5 KB ( 829965 bytes )
File name: E:\Downloads\scandsk(309).exe
File type: Win32 EXE
Detection ratio: 23 / 41
Analysis date: 2012-07-21 18:14:48 UTC ( 1 minute ago )


AntiVir DR/Delphi.Gen 20120721
Antiy-AVL - 20120717
Avast Win32:Trojan-gen 20120721
AVG Generic28.CGSU 20120721
BitDefender Trojan.Generic.KDV.673357 20120721
ByteHero - 20120719
CAT-QuickHeal Trojan.Inject.eigh 20120721
ClamAV - 20120721
Commtouch - 20120721
Comodo UnclassifiedMalware 20120721
DrWeb Trojan.Rodricter.8 20120721
Emsisoft Trojan.Win32.Inject!IK 20120721
eSafe - 20120719
ESET-NOD32 Win32/Simda.B 20120721
F-Prot - 20120721
F-Secure Trojan.Generic.KDV.673357 20120721
Fortinet W32/Inject.EIGH!tr 20120721
GData Trojan.Generic.KDV.673357 20120721
Ikarus Trojan.Win32.Inject 20120721
Jiangmin - 20120721
K7AntiVirus - 20120721
Kaspersky Trojan.Win32.Inject.eigh 20120721

McAfee Generic BackDoor.abj 20120721
McAfee-GW-Edition - 20120721
Microsoft - 20120721
Norman W32/Simda.AA 20120721
nProtect Trojan/W32.Agent.829965 20120721
Panda Trj/CI.A 20120721
PCTools - 20120721
Rising - 20120720
Sophos Mal/EncPk-ACI 20120721
SUPERAntiSpyware - 20120721
Symantec - 20120721
TheHacker Trojan/Inject.eigh 20120720
TotalDefense - 20120718
TrendMicro - 20120721
TrendMicro-HouseCall TROJ_GEN.R47H1GG 20120721
VBA32 - 20120720
VIPRE Trojan.Win32.Generic!BT 20120721
ViRobot Trojan.Win32.A.Inject.829965 20120721
VirusBuster - 20120721


First seen by VirusTotal
2012-07-16 02:32:08 UTC ( 5 days, 15 hours ago )
Last seen by VirusTotal
2012-07-21 18:14:48 UTC ( 3 minutes ago )



and not the latest mutation from the same source



SHA256: 470c8a2ac73bc0855ec460e9b8d74c30aa0b2e4d5dccca83f41707b0aa6d587c
SHA1: 98c41ea5863cedd24b2de21b2d03f766ecf994fc
MD5: fb2b813b69e7a2ac1b31551cb2cf4f8c
File size: 724.0 KB ( 741389 bytes )
File name: E:\Downloads\scandsk(347).exe
File type: Win32 EXE
Detection ratio: 6 / 41
Analysis date: 2012-07-21 18:11:23 UTC ( 0 minutes ago )


AhnLab-V3 - 20120721
AntiVir - 20120721
Antiy-AVL - 20120717
Avast - 20120721
AVG - 20120721
BitDefender - 20120721
ByteHero - 20120719
CAT-QuickHeal - 20120721
ClamAV - 20120721
Commtouch W32/MalwareHiderPatched-based!Maximus 20120721
Comodo - 20120721
DrWeb - 20120721
Emsisoft - 20120721
eSafe - 20120719
ESET-NOD32 - 20120721
F-Prot W32/MalwareHiderPatched-based!Maximus 20120721
F-Secure - 20120721
Fortinet W32/Inject.EIA!tr 20120721
GData - 20120721
Ikarus - 20120721
Jiangmin - 20120721
K7AntiVirus Trojan 20120721
McAfee - 20120721
McAfee-GW-Edition - 20120721
Microsoft - 20120721
Norman W32/Simda.AA 20120721
nProtect - 20120721
Panda - 20120721
PCTools - 20120721
Rising - 20120720
Sophos Mal/EncPk-ACI 20120721
SUPERAntiSpyware - 20120721
Symantec - 20120721
TheHacker - 20120720
TotalDefense - 20120718
TrendMicro - 20120721
TrendMicro-HouseCall - 20120721
VBA32 - 20120720
VIPRE - 20120721
ViRobot - 20120721
VirusBuster - 20120721


First seen by VirusTotal
2012-07-21 18:11:23 UTC ( 6 minutes ago )
Last seen by VirusTotal
2012-07-21 18:11:23 UTC ( 6 minutes ago )
Bruce Harrison
Vice President of Research

Posted Image

Follow us: Twitter, Become a fan: Facebook

#13 nosirrah

nosirrah

    Forum Deity

  • Administrators
  • PipPipPipPipPipPip
  • 5,452 posts
  • Gender:Male
  • Location:Northampton, MA USA

Posted 22 July 2012 - 02:13 PM

another update, I think I will continue this until the first example is either 75% detected or is no longer increasing in detection

here are the latest updates for the original version and more recent mutation

first the original sample that is now 6 and a half days obsolete


SHA256: e0dc4d79d2c5a5c2fb1d9107b1c5f817c589c195f1b8fbbcaa64847b73c3cc78
SHA1: a352cb3a4327634d599911ea3d9e095950b2371b
MD5: c4b357b6b09b35c6784319b5a27914e8
File size: 810.5 KB ( 829965 bytes )
File name: E:\Downloads\scandsk(309).exe
File type: Win32 EXE
Detection ratio: 23 / 42
Analysis date: 2012-07-22 19:00:55 UTC ( 0 minutes ago )


AhnLab-V3 - 20120722
AntiVir DR/Delphi.Gen 20120722
Antiy-AVL - 20120717
Avast Win32:Trojan-gen 20120722
AVG Generic28.CGSU 20120722
BitDefender Trojan.Generic.KDV.673357 20120722
ByteHero - 20120719
CAT-QuickHeal Trojan.Inject.eigh 20120722
ClamAV - 20120721
Commtouch - 20120721
Comodo UnclassifiedMalware 20120722
DrWeb Trojan.Rodricter.8 20120722
Emsisoft Trojan.Win32.Inject!IK 20120722
eSafe - 20120722
ESET-NOD32 Win32/Simda.B 20120722
F-Prot - 20120721
F-Secure Trojan.Generic.KDV.673357 20120722
Fortinet W32/Inject.EIGH!tr 20120721
GData Trojan.Generic.KDV.673357 20120722
Ikarus Trojan.Win32.Inject 20120722
Jiangmin - 20120722
K7AntiVirus - 20120721
Kaspersky Trojan.Win32.Inject.eigh 20120722
McAfee Generic BackDoor.abj 20120722
McAfee-GW-Edition - 20120722
Microsoft - 20120722
Norman W32/Simda.AA 20120721
nProtect Trojan/W32.Agent.829965 20120722
Panda Trj/CI.A 20120722
PCTools - 20120722
Rising - 20120720
Sophos Mal/EncPk-ACI 20120722
SUPERAntiSpyware - 20120722
Symantec - 20120722
TheHacker Trojan/Inject.eigh 20120722
TotalDefense - 20120718
TrendMicro - 20120722
TrendMicro-HouseCall TROJ_GEN.R47H1GG 20120722
VBA32 - 20120720
VIPRE Trojan.Win32.Generic!BT 20120722
ViRobot Trojan.Win32.A.Inject.829965 20120722
VirusBuster - 20120722


First seen by VirusTotal
2012-07-16 02:32:08 UTC ( 6 days, 16 hours ago )
Last seen by VirusTotal
2012-07-22 19:00:55 UTC ( 4 minutes ago )


and now the new trojan from the same source


SHA256: 70bc7f6191fa7dd028229df0eb96a7a616c818dc292dacfd5908446d0cb4d9f3
SHA1: 52ae6db5ccb227613bc889c40b8f21c784adf42a
MD5: 1f1d8af323954cd20471285b80d827c7
File size: 788.5 KB ( 807437 bytes )
File name: E:\Downloads\scandsk(354).exe
File type: Win32 EXE
Detection ratio: 5 / 42
Analysis date: 2012-07-22 19:00:39 UTC ( 0 minutes ago )


AhnLab-V3 - 20120722
AntiVir - 20120722
Antiy-AVL - 20120717
Avast - 20120722
AVG - 20120722
BitDefender - 20120722
ByteHero - 20120719
CAT-QuickHeal - 20120722
ClamAV - 20120721
Commtouch W32/MalwareHiderPatched-based!Maximus 20120721
Comodo - 20120722
DrWeb - 20120722
Emsisoft - 20120722
eSafe - 20120722
ESET-NOD32 - 20120722
F-Prot W32/MalwareHiderPatched-based!Maximus 20120721
F-Secure - 20120722
Fortinet - 20120721
GData - 20120722
Ikarus - 20120722
Jiangmin - 20120722
K7AntiVirus Trojan 20120721
Kaspersky - 20120722
McAfee - 20120722
McAfee-GW-Edition - 20120722
Microsoft - 20120722
Norman W32/Simda.AA 20120721
nProtect - 20120722
Panda - 20120722
PCTools - 20120722
Rising - 20120720
Sophos Mal/EncPk-ACT 20120722
SUPERAntiSpyware - 20120722
Symantec - 20120722
TheHacker - 20120722
TotalDefense - 20120718
TrendMicro - 20120722
TrendMicro-HouseCall - 20120722
VBA32 - 20120720
VIPRE - 20120722
ViRobot - 20120722
VirusBuster - 20120722


First seen by VirusTotal
2012-07-22 19:00:39 UTC ( 4 minutes ago )
Last seen by VirusTotal
2012-07-22 19:00:39 UTC ( 4 minutes ago )
Bruce Harrison
Vice President of Research

Posted Image

Follow us: Twitter, Become a fan: Facebook

#14 nosirrah

nosirrah

    Forum Deity

  • Administrators
  • PipPipPipPipPipPip
  • 5,452 posts
  • Gender:Male
  • Location:Northampton, MA USA

Posted 23 July 2012 - 09:33 PM

update

here are the latest updates for the original version and more recent mutation

first the original sample that is now 1 week obsolete


SHA256: e0dc4d79d2c5a5c2fb1d9107b1c5f817c589c195f1b8fbbcaa64847b73c3cc78
SHA1: a352cb3a4327634d599911ea3d9e095950b2371b
MD5: c4b357b6b09b35c6784319b5a27914e8
File size: 810.5 KB ( 829965 bytes )
File name: E:\Downloads\scandsk(309).exe
File type: Win32 EXE
Detection ratio: 25 / 40
Analysis date: 2012-07-24 02:17:38 UTC ( 1 minute ago )


AntiVir DR/Delphi.Gen 20120724
Antiy-AVL Trojan/Win32.Inject.gen 20120724
Avast Win32:Trojan-gen 20120723
AVG Generic28.CGSU 20120723
BitDefender Trojan.Generic.KDV.673357 20120724
ByteHero - 20120723
CAT-QuickHeal Trojan.Inject.eigh 20120723
ClamAV - 20120723
Commtouch - 20120724
Comodo UnclassifiedMalware 20120724
DrWeb Trojan.Rodricter.8 20120724
Emsisoft Trojan.Win32.Inject!IK 20120724
eSafe - 20120722
ESET-NOD32 Win32/Simda.B 20120723
F-Prot - 20120723
F-Secure Trojan.Generic.KDV.673357 20120724
Fortinet W32/Inject.EIGH!tr 20120724
GData Trojan.Generic.KDV.673357 20120724
Ikarus Trojan.Win32.Inject 20120724
Jiangmin - 20120723
K7AntiVirus - 20120723
Kaspersky Trojan.Win32.Inject.eigh 20120724
McAfee Generic BackDoor.abj 20120724
McAfee-GW-Edition - 20120723
Microsoft Backdoor:Win32/Simda.gen!E 20120724
Norman W32/Simda.AA 20120723
nProtect Trojan/W32.Agent.829965 20120723
Panda Trj/CI.A 20120723
Rising - 20120723
Sophos Mal/EncPk-ACI 20120724
SUPERAntiSpyware - 20120722
Symantec - 20120724
TheHacker Trojan/Inject.eigh 20120724
TotalDefense - 20120718
TrendMicro - 20120724
TrendMicro-HouseCall TROJ_GEN.R47H1GG 20120724
VBA32 - 20120723
VIPRE Trojan.Win32.Generic!BT 20120724
ViRobot Trojan.Win32.A.Inject.829965 20120723
VirusBuster - 20120723


First seen by VirusTotal
2012-07-16 02:32:08 UTC ( 1 week ago )
Last seen by VirusTotal
2012-07-23 19:12:52 UTC ( 7 hours, 5 minutes ago )



and now the new trojan from the same source, detection has seriously fallen off


SHA256: 7c6a66ce2748ed06a5c1028aa0183d6210aa9462cd75c5b4483e68848f556669
SHA1: b5042851118582484707d1aa4f155197c4540ce3
MD5: 6465a50f68b709b2c0bb2b299cb9a347
File size: 802.5 KB ( 821773 bytes )
File name: E:\Downloads\scandsk(360).exe
File type: Win32 EXE
Detection ratio: 3 / 41
Analysis date: 2012-07-24 02:17:09 UTC ( 0 minutes ago )


AhnLab-V3 - 20120723
AntiVir - 20120724
Antiy-AVL - 20120724
Avast - 20120723
AVG - 20120723
BitDefender - 20120724
ByteHero - 20120723
CAT-QuickHeal - 20120723
ClamAV - 20120723
Commtouch - 20120724
Comodo - 20120724
DrWeb Trojan.Rodricter.16 20120724
Emsisoft - 20120724
eSafe - 20120722
ESET-NOD32 - 20120723
F-Prot - 20120723
F-Secure - 20120724
Fortinet - 20120724
GData - 20120724
Ikarus - 20120724
Jiangmin - 20120723
K7AntiVirus - 20120723
Kaspersky - 20120724
McAfee - 20120724
McAfee-GW-Edition - 20120723
Microsoft Backdoor:Win32/Simda.gen!E 20120724
Norman W32/Simda.AA 20120723
nProtect - 20120723
Panda - 20120723
Rising - 20120723
Sophos - 20120724
SUPERAntiSpyware - 20120722
Symantec - 20120724
TheHacker - 20120724
TotalDefense - 20120718
TrendMicro - 20120724
TrendMicro-HouseCall - 20120724
VBA32 - 20120723
VIPRE - 20120724
ViRobot - 20120723
VirusBuster - 20120723


First seen by VirusTotal
2012-07-24 02:17:09 UTC ( 1 minute ago )
Last seen by VirusTotal
2012-07-24 02:17:09 UTC ( 1 minute ago )
Bruce Harrison
Vice President of Research

Posted Image

Follow us: Twitter, Become a fan: Facebook

#15 nosirrah

nosirrah

    Forum Deity

  • Administrators
  • PipPipPipPipPipPip
  • 5,452 posts
  • Gender:Male
  • Location:Northampton, MA USA

Posted 24 July 2012 - 04:51 PM

update

current detection for the now 8 day obsolete sample


SHA256: e0dc4d79d2c5a5c2fb1d9107b1c5f817c589c195f1b8fbbcaa64847b73c3cc78
SHA1: a352cb3a4327634d599911ea3d9e095950b2371b
MD5: c4b357b6b09b35c6784319b5a27914e8
File size: 810.5 KB ( 829965 bytes )
File name: E:\Downloads\scandsk(309).exe
File type: Win32 EXE
Detection ratio: 26 / 41
Analysis date: 2012-07-24 21:37:04 UTC ( 0 minutes ago )


AhnLab-V3 Trojan/Win32.Inject 20120724
AntiVir DR/Delphi.Gen 20120724
Antiy-AVL Trojan/Win32.Inject.gen 20120724
Avast Win32:Trojan-gen 20120724
AVG Generic28.CGSU 20120724
BitDefender Trojan.Generic.KDV.673357 20120724
ByteHero - 20120723
CAT-QuickHeal Trojan.Inject.eigh 20120724
ClamAV - 20120724
Commtouch - 20120724
Comodo UnclassifiedMalware 20120724
DrWeb Trojan.Rodricter.8 20120724
Emsisoft Trojan.Win32.Inject!IK 20120724
eSafe - 20120724
ESET-NOD32 Win32/Simda.B 20120724
F-Prot - 20120724
F-Secure Trojan.Generic.KDV.673357 20120724
Fortinet W32/Inject.EIGH!tr 20120724
GData Trojan.Generic.KDV.673357 20120724
Ikarus Trojan.Win32.Inject 20120724
Jiangmin - 20120724
K7AntiVirus - 20120724
Kaspersky Trojan.Win32.Inject.eigh 20120724
McAfee Generic BackDoor.abj 20120724
McAfee-GW-Edition - 20120724
Microsoft Backdoor:Win32/Simda.gen!E 20120724
Norman W32/Simda.AA 20120724
nProtect Trojan/W32.Agent.829965 20120724
Panda - 20120724
Rising - 20120724
Sophos Mal/EncPk-ACI 20120724
SUPERAntiSpyware - 20120724
Symantec - 20120724
TheHacker Trojan/Inject.eigh 20120724
TotalDefense - 20120724
TrendMicro - 20120724
TrendMicro-HouseCall TROJ_GEN.R47H1GG 20120724
VBA32 Trojan.Inject.eigh 20120724
VIPRE Trojan.Win32.Generic!BT 20120724
ViRobot Trojan.Win32.A.Inject.829965 20120724
VirusBuster - 20120724


First seen by VirusTotal
2012-07-16 02:32:08 UTC ( 1 week, 1 day ago )
Last seen by VirusTotal
2012-07-24 21:37:04 UTC ( 7 minutes ago )



and now the newest mutation


SHA256: 868888773e0710ad8886e3fae33dafd6a8d483cc6d66516aa4a13fbbd79d26b9
SHA1: 872b87bd6a88872976e87be050643d5c57c3749c
MD5: 503b6f7ea741f3f359b38e7ea19bfdf0
File size: 865.5 KB ( 886285 bytes )
File name: E:\Downloads\scandsk(366).exe
File type: Win32 EXE
Detection ratio: 8 / 41
Analysis date: 2012-07-24 21:33:03 UTC ( 0 minutes ago )


AhnLab-V3 - 20120724
AntiVir DR/Delphi.Gen 20120724
Antiy-AVL - 20120724
Avast - 20120724
AVG - 20120724
BitDefender - 20120724
ByteHero - 20120723
CAT-QuickHeal - 20120724
ClamAV - 20120724
Commtouch - 20120724
Comodo - 20120724
DrWeb - 20120724
Emsisoft Trojan.Win32.Inject!IK 20120724
eSafe - 20120724
ESET-NOD32 a variant of Win32/Injector.UHG 20120724
F-Prot - 20120724
F-Secure - 20120724
Fortinet W32/Delf.STT!tr 20120724
GData - 20120724
Ikarus Trojan.Win32.Inject 20120724
Jiangmin - 20120724
K7AntiVirus - 20120724
Kaspersky - 20120724
McAfee PWS-Zbot.gen.zy 20120724
McAfee-GW-Edition PWS-Zbot.gen.zy 20120724
Microsoft - 20120724
Norman - 20120724
nProtect - 20120724
Panda - 20120724
Rising - 20120724
Sophos Mal/EncPk-ACI 20120724
SUPERAntiSpyware - 20120724
Symantec - 20120724
TheHacker - 20120724
TotalDefense - 20120724
TrendMicro - 20120724
TrendMicro-HouseCall - 20120724
VBA32 - 20120724
VIPRE - 20120724
ViRobot - 20120724
VirusBuster - 20120724


First seen by VirusTotal
2012-07-24 21:33:03 UTC ( 11 minutes ago )
Last seen by VirusTotal
2012-07-24 21:33:03 UTC ( 11 minutes ago )
Bruce Harrison
Vice President of Research

Posted Image

Follow us: Twitter, Become a fan: Facebook

#16 nosirrah

nosirrah

    Forum Deity

  • Administrators
  • PipPipPipPipPipPip
  • 5,452 posts
  • Gender:Male
  • Location:Northampton, MA USA

Posted 25 July 2012 - 01:00 PM

update

here are the current detections for the now9 day obsolete trojan


SHA256: e0dc4d79d2c5a5c2fb1d9107b1c5f817c589c195f1b8fbbcaa64847b73c3cc78
SHA1: a352cb3a4327634d599911ea3d9e095950b2371b
MD5: c4b357b6b09b35c6784319b5a27914e8
File size: 810.5 KB ( 829965 bytes )
File name: E:\Downloads\scandsk(309).exe
File type: Win32 EXE
Detection ratio: 28 / 41
Analysis date: 2012-07-25 17:47:02 UTC ( 0 minutes ago )


AhnLab-V3 - 20120725
AntiVir DR/Delphi.Gen 20120725
Antiy-AVL Trojan/Win32.Inject.gen 20120725
Avast Win32:Trojan-gen 20120725
AVG Generic28.CGSU 20120725
BitDefender Trojan.Generic.KDV.673357 20120725
ByteHero - 20120723
CAT-QuickHeal Trojan.Inject.eigh 20120724
ClamAV - 20120725
Commtouch - 20120725
Comodo UnclassifiedMalware 20120725
DrWeb Trojan.Rodricter.8 20120725
Emsisoft Trojan.Win32.Inject!IK 20120725
eSafe - 20120724
ESET-NOD32 Win32/Simda.B 20120725
F-Prot - 20120725
F-Secure Trojan.Generic.KDV.673357 20120725
Fortinet W32/Inject.EIGH!tr 20120725
GData Trojan.Generic.KDV.673357 20120725
Ikarus Trojan.Win32.Inject 20120725
Jiangmin - 20120725
K7AntiVirus - 20120725
Kaspersky Trojan.Win32.Inject.eigh 20120725
McAfee Generic BackDoor.abj 20120725
McAfee-GW-Edition Generic BackDoor.abj 20120725
Microsoft Backdoor:Win32/Simda.gen!E 20120725
Norman W32/Simda.AA 20120725

nProtect Trojan/W32.Agent.829965 20120725
Panda Trj/CI.A 20120725
Rising - 20120725
Sophos Mal/EncPk-ACI 20120725
SUPERAntiSpyware - 20120725
Symantec WS.Reputation.1 20120725
TheHacker Trojan/Inject.eigh 20120725
TotalDefense - 20120724
TrendMicro - 20120725
TrendMicro-HouseCall TROJ_GEN.R47H1GG 20120725
VBA32 Trojan.Inject.eigh 20120725
VIPRE Trojan.Win32.Generic!BT 20120725
ViRobot Trojan.Win32.A.Inject.829965 20120725
VirusBuster - 20120725


First seen by VirusTotal
2012-07-16 02:32:08 UTC ( 1 week, 2 days ago )
Last seen by VirusTotal
2012-07-25 17:47:02 UTC ( 1 minute ago )


and here is the current mutation, detection has once again fallen off


SHA256: d36fe9f43335c6e8618ec243eadea18b6887763eb68154f5e64dde945fdb617d
SHA1: 6cdd5d2e81b5267261e71fede0926dfb18a09498
MD5: 35c0a360127cd4de1efe0471d440e727
File size: 981.0 KB ( 1004557 bytes )
File name: E:\Downloads\scandsk(370).exe
File type: Win32 EXE
Detection ratio: 4 / 41
Analysis date: 2012-07-25 17:46:35 UTC ( 1 minute ago )


AhnLab-V3 - 20120725
AntiVir DR/Delphi.Gen 20120725
Antiy-AVL - 20120725
Avast - 20120725
AVG - 20120725
BitDefender - 20120725
ByteHero - 20120723
CAT-QuickHeal - 20120724
ClamAV - 20120725
Commtouch W32/MalwareHiderPatched-based!Maximus 20120725
Comodo - 20120725
DrWeb - 20120725
Emsisoft - 20120725
eSafe - 20120724
ESET-NOD32 - 20120725
F-Prot W32/MalwareHiderPatched-based!Maximus 20120725
F-Secure - 20120725
Fortinet - 20120725
GData - 20120725
Ikarus - 20120725
Jiangmin - 20120725
K7AntiVirus Trojan 20120725
Kaspersky - 20120725
McAfee - 20120725
McAfee-GW-Edition - 20120725
Microsoft - 20120725
Norman - 20120725
nProtect - 20120725
Panda - 20120725
Rising - 20120725
Sophos - 20120725
SUPERAntiSpyware - 20120725
Symantec - 20120725
TheHacker - 20120725
TotalDefense - 20120724
TrendMicro - 20120725
TrendMicro-HouseCall - 20120725
VBA32 - 20120725
VIPRE - 20120725
ViRobot - 20120725
VirusBuster - 20120725


First seen by VirusTotal
2012-07-25 17:46:35 UTC ( 1 minute ago )
Last seen by VirusTotal
2012-07-25 17:46:35 UTC ( 1 minute ago )
Bruce Harrison
Vice President of Research

Posted Image

Follow us: Twitter, Become a fan: Facebook

#17 nosirrah

nosirrah

    Forum Deity

  • Administrators
  • PipPipPipPipPipPip
  • 5,452 posts
  • Gender:Male
  • Location:Northampton, MA USA

Posted 25 July 2012 - 07:25 PM

update

detection of the first sample has not changed but there is a new mutation from the same source



SHA256: 2a673f1b9cb00019202a309bdebde7b462d545e3d2b71a26617ef33a351e9eca
SHA1: 799e7dc50bc0bdde57ef4e56a95d6438e79b41ed
MD5: 3994538f2305c45586aa675f7e4ed7f3
File size: 882.0 KB ( 903181 bytes )
File name: E:\Downloads\scandsk(371).exe
File type: Win32 EXE
Detection ratio: 4 / 41
Analysis date: 2012-07-26 00:16:22 UTC ( 0 minutes ago )



AhnLab-V3 - 20120725
AntiVir DR/Delphi.Gen 20120725
Antiy-AVL - 20120725
Avast - 20120726
AVG - 20120725
BitDefender - 20120725
ByteHero - 20120723
CAT-QuickHeal - 20120724
ClamAV - 20120725
Commtouch W32/MalwareHiderPatched-based!Maximus 20120725
Comodo - 20120726
DrWeb - 20120725
Emsisoft - 20120726
eSafe - 20120724
ESET-NOD32 - 20120725
F-Prot W32/MalwareHiderPatched-based!Maximus 20120725
F-Secure - 20120726
Fortinet - 20120725
GData - 20120726
Ikarus - 20120725
Jiangmin - 20120725
K7AntiVirus Trojan 20120725
Kaspersky - 20120726
McAfee - 20120726
McAfee-GW-Edition - 20120725
Microsoft - 20120725
Norman - 20120725
nProtect - 20120725
Panda - 20120725
Rising - 20120725
Sophos - 20120725
SUPERAntiSpyware - 20120725
Symantec - 20120726
TheHacker - 20120725
TotalDefense - 20120724
TrendMicro - 20120726
TrendMicro-HouseCall - 20120726
VBA32 - 20120725
VIPRE - 20120725
ViRobot - 20120725
VirusBuster - 20120725


First seen by VirusTotal
2012-07-26 00:16:22 UTC ( 0 minutes ago )
Last seen by VirusTotal
2012-07-26 00:16:22 UTC ( 0 minutes ago )
Bruce Harrison
Vice President of Research

Posted Image

Follow us: Twitter, Become a fan: Facebook

#18 nosirrah

nosirrah

    Forum Deity

  • Administrators
  • PipPipPipPipPipPip
  • 5,452 posts
  • Gender:Male
  • Location:Northampton, MA USA

Posted 26 July 2012 - 12:03 AM

update

here are the latest updates for the original version and most recent mutation

first the original sample that is now 10 days obsolete



SHA256: e0dc4d79d2c5a5c2fb1d9107b1c5f817c589c195f1b8fbbcaa64847b73c3cc78
SHA1: a352cb3a4327634d599911ea3d9e095950b2371b
MD5: c4b357b6b09b35c6784319b5a27914e8
File size: 810.5 KB ( 829965 bytes )
File name: E:\Downloads\scandsk(309).exe
File type: Win32 EXE
Detection ratio: 29 / 41
Analysis date: 2012-07-26 04:51:13 UTC ( 0 minutes ago )



AhnLab-V3 Trojan/Win32.Inject 20120726
AntiVir DR/Delphi.Gen 20120726
Antiy-AVL Trojan/Win32.Inject.gen 20120726
Avast Win32:Trojan-gen 20120726
AVG Generic28.CGSU 20120725
BitDefender Trojan.Generic.KDV.673357 20120726
ByteHero - 20120723
CAT-QuickHeal Trojan.Inject.eigh 20120724
ClamAV - 20120726
Commtouch - 20120726
Comodo UnclassifiedMalware 20120726
DrWeb Trojan.Rodricter.8 20120726
Emsisoft Trojan.Win32.Inject!IK 20120726
eSafe - 20120724
ESET-NOD32 Win32/Simda.B 20120725
F-Prot - 20120725
F-Secure Trojan.Generic.KDV.673357 20120726
Fortinet W32/Inject.EIGH!tr 20120726
GData Trojan.Generic.KDV.673357 20120726
Ikarus Trojan.Win32.Inject 20120726
Jiangmin - 20120726
K7AntiVirus - 20120725
Kaspersky Trojan.Win32.Inject.eigh 20120726
McAfee Generic BackDoor.abj 20120726
McAfee-GW-Edition Generic BackDoor.abj 20120725
Microsoft Backdoor:Win32/Simda.gen!E 20120726
Norman W32/Simda.AA 20120725
nProtect Trojan/W32.Agent.829965 20120726
Panda Trj/CI.A 20120725
Rising - 20120726
Sophos Mal/EncPk-ACI 20120726
SUPERAntiSpyware - 20120726
Symantec Trojan.Gen 20120726
TheHacker Trojan/Inject.eigh 20120725
TotalDefense - 20120724
TrendMicro - 20120726
TrendMicro-HouseCall TROJ_GEN.R47H1GG 20120726
VBA32 Trojan.Inject.eigh 20120725
VIPRE Trojan.Win32.Generic!BT 20120726
ViRobot Trojan.Win32.A.Inject.829965 20120726
VirusBuster - 20120725


First seen by VirusTotal
2012-07-16 02:32:08 UTC ( 1 week, 3 days ago )
Last seen by VirusTotal
2012-07-26 04:51:13 UTC ( 3 minutes ago )



and here is the current mutation, detection is still terrible



SHA256: 482269069d7997309030340c3553418da178b6a16fdb3006feb698eacc51d412
SHA1: 93f07bf5be9784a700abee8c723446e14e8a19e2
MD5: 53e13b40b0c2afc92e4306877eeacac8
File size: 887.0 KB ( 908301 bytes )
File name: E:\Downloads\scandsk(372).exe
File type: Win32 EXE
Detection ratio: 4 / 41
Analysis date: 2012-07-26 04:49:02 UTC ( 0 minutes ago )



AhnLab-V3 - 20120726
AntiVir DR/Delphi.Gen 20120726
Antiy-AVL - 20120726
Avast - 20120726
AVG - 20120725
BitDefender - 20120726
ByteHero - 20120723
CAT-QuickHeal - 20120724
ClamAV - 20120726
Commtouch W32/MalwareHiderPatched-based!Maximus 20120726
Comodo - 20120726
DrWeb - 20120726
Emsisoft - 20120726
eSafe - 20120724
ESET-NOD32 - 20120725
F-Prot W32/MalwareHiderPatched-based!Maximus 20120725
F-Secure - 20120726
Fortinet - 20120726
GData - 20120726
Ikarus - 20120726
Jiangmin - 20120726
K7AntiVirus Trojan 20120725
Kaspersky - 20120726
McAfee - 20120726
McAfee-GW-Edition - 20120725
Microsoft - 20120726
Norman - 20120725
nProtect - 20120726
Panda - 20120725
Rising - 20120726
Sophos - 20120726
SUPERAntiSpyware - 20120726
Symantec - 20120726
TheHacker - 20120725
TotalDefense - 20120724
TrendMicro - 20120726
TrendMicro-HouseCall - 20120726
VBA32 - 20120725
VIPRE - 20120726
ViRobot - 20120726
VirusBuster - 20120725



First seen by VirusTotal
2012-07-26 04:49:02 UTC ( 5 minutes ago )
Last seen by VirusTotal
2012-07-26 04:49:02 UTC ( 5 minutes ago )
Bruce Harrison
Vice President of Research

Posted Image

Follow us: Twitter, Become a fan: Facebook

#19 nosirrah

nosirrah

    Forum Deity

  • Administrators
  • PipPipPipPipPipPip
  • 5,452 posts
  • Gender:Male
  • Location:Northampton, MA USA

Posted 27 July 2012 - 07:09 AM

detections of the base sample have not changed but there is another mutation today


SHA256: a4d0242a108bba737a609edc0599ca283b0bb03c27ae3868af427639bae6128e
SHA1: 59fa3e69836660acfdbf14a7eaf9fe2c92e6100a
MD5: 6b555c9775272918c8a097c2031ac295
File size: 802.5 KB ( 821773 bytes )
File name: E:\Downloads\scandsk(378).exe
File type: Win32 EXE
Detection ratio: 4 / 41
Analysis date: 2012-07-27 11:48:59 UTC ( 1 minute ago )



AhnLab-V3 - 20120727
AntiVir - 20120727
Antiy-AVL - 20120727
Avast - 20120727
AVG - 20120727
BitDefender - 20120727
ByteHero - 20120723
CAT-QuickHeal - 20120727
ClamAV - 20120727
Commtouch W32/MalwareHiderPatched-based!Maximus 20120727
Comodo - 20120727
DrWeb - 20120727
Emsisoft - 20120727
eSafe - 20120726
ESET-NOD32 - 20120727
F-Prot W32/MalwareHiderPatched-based!Maximus 20120727
F-Secure - 20120727
Fortinet - 20120727
GData - 20120727
Ikarus - 20120727
Jiangmin - 20120727
K7AntiVirus Trojan 20120726
Kaspersky - 20120727
McAfee Generic BackDoor.abu 20120727
McAfee-GW-Edition - 20120727
Microsoft - 20120727
Norman - 20120727
nProtect - 20120726
Panda - 20120727
Rising - 20120726
Sophos - 20120727
SUPERAntiSpyware - 20120727
Symantec - 20120727
TheHacker - 20120726
TotalDefense - 20120726
TrendMicro - 20120727
TrendMicro-HouseCall - 20120727
VBA32 - 20120726
VIPRE - 20120727
ViRobot - 20120727
VirusBuster - 20120727


First seen by VirusTotal
2012-07-27 11:48:59 UTC ( 13 minutes ago )
Last seen by VirusTotal
2012-07-27 11:48:59 UTC ( 13 minutes ago )
Bruce Harrison
Vice President of Research

Posted Image

Follow us: Twitter, Become a fan: Facebook

#20 nosirrah

nosirrah

    Forum Deity

  • Administrators
  • PipPipPipPipPipPip
  • 5,452 posts
  • Gender:Male
  • Location:Northampton, MA USA

Posted 28 July 2012 - 02:45 PM

the starting sample has the same detections still but there is a new mutation today


SHA256: 491654e756a30fc41987be6796b55d4c092eb826f74b11766d21dc923e81ec6a
SHA1: 0dfd7e76a2287072ad83e5a888b915c145730c0d
MD5: c8c6743fac59c182fb164a2cc5c5e3f8
File size: 1007.5 KB ( 1031693 bytes )
File name: E:\Downloads\scandsk(382).exe
File type: Win32 EXE
Detection ratio: 4 / 41
Analysis date: 2012-07-28 19:38:59 UTC ( 0 minutes ago )


AhnLab-V3 - 20120728
AntiVir - 20120728
Antiy-AVL - 20120727
Avast - 20120728
AVG - 20120728
BitDefender - 20120728
ByteHero - 20120723
CAT-QuickHeal - 20120728
ClamAV - 20120728
Commtouch W32/MalwareHiderPatched-based!Maximus 20120728
Comodo - 20120728
DrWeb Adware.InstallCore.53 20120728
Emsisoft - 20120728
eSafe - 20120726
ESET-NOD32 - 20120728
F-Prot W32/MalwareHiderPatched-based!Maximus 20120728
F-Secure - 20120728
Fortinet - 20120728
GData - 20120728
Ikarus - 20120728
Jiangmin - 20120728
K7AntiVirus Trojan 20120728
Kaspersky - 20120728
McAfee - 20120728
McAfee-GW-Edition - 20120728
Microsoft - 20120728
Norman - 20120728
nProtect - 20120728
Panda - 20120728
Rising - 20120726
Sophos - 20120728
SUPERAntiSpyware - 20120728
Symantec - 20120728
TheHacker - 20120728
TotalDefense - 20120728
TrendMicro - 20120728
TrendMicro-HouseCall - 20120728
VBA32 - 20120727
VIPRE - 20120728
ViRobot - 20120728
VirusBuster - 20120728


First seen by VirusTotal
2012-07-28 19:38:59 UTC ( 3 minutes ago )
Last seen by VirusTotal
2012-07-28 19:38:59 UTC ( 3 minutes ago )
Bruce Harrison
Vice President of Research

Posted Image

Follow us: Twitter, Become a fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users