Jump to content


Photo

Trojan:Win32/Cinject.B


  • Please log in to reply
No replies to this topic

#1 TeMerc

TeMerc

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 2,019 posts
  • Gender:Male
  • Location:Phx. AZ. USA
  • Interests:Formula 1 Auto Racing, Computer Security, Entertainment, Sci-Fi, SuperHeroes

Posted 26 March 2009 - 02:21 AM

Undetected by 1.35 beta

File fuc8m04e.exe received on 03.26.2009 08:12:08 (CET)


AntiVir 7.9.0.126 2009.03.25 TR/Dropper.Gen
Authentium 5.1.2.4 2009.03.26 W32/Zbot.I.gen!Eldorado
Avast 4.8.1335.0 2009.03.25 Win32:Small-MST
CAT-QuickHeal 10.00 2009.03.26 (Suspicious) - DNAScan
F-Prot 4.4.4.56 2009.03.26 W32/Zbot.I.gen!Eldorado
F-Secure 8.0.14470.0 2009.03.26 Suspicious:W32/Malware!Gemini
GData 19 2009.03.26 Win32:Small-MST
McAfee-GW-Edition 6.7.6 2009.03.26 Trojan.Dropper.Gen
Microsoft 1.4502 2009.03.26 Trojan:Win32/Cinject.B
Sophos 4.39.0 2009.03.26 Troj/Agent-IZX
TrendMicro 8.700.0.1004 2009.03.26 PAK_Generic.001
VBA32 3.12.10.1 2009.03.26 suspected of Win32 Shadow Socket Open

Additional information
File size: 9216 bytes
MD5...: 1158ec44a84bf99eb051499263d8d1bb
SHA1..: 8a664d2b62a305d86a587c2d5f6b818d7134f10c
SHA256: 14202aed60973b71ee77430fb896df769472ab99a0550836ec5e1f878880a52a
SHA512: e020edbb23e5f89ac90a0f87579e17f16066107abbd2e2197c80009ac18301f9
2142d20762c5386bb6215a81d0151f030e042d8eff86ee93fec658f8680f60c2
ssdeep: 96:Z1cc1i56v4SjviH3GYbRBwAHnrA2yFdtH2wbHicTj0DL7w6OzFpsLwKrn+DGw
JKA:gb5efjK3d3Hy2wbHicTj2nSILOGwJK

PEiD..: -
TrID..: File type identification
Win32 Executable Generic (58.2%)
Win16/32 Executable Delphi generic (14.1%)
Generic Win/DOS Executable (13.6%)
DOS Executable Generic (13.6%)
VXD Driver (0.2%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x3a08
timedatestamp.....: 0x49ca046d (Wed Mar 25 10:16:13 2009)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.data 0x1000 0x1 0x200 0.00 bf619eac0cdf3f68d496ea9344137e8b
.code 0x2000 0x1b68 0x1c00 4.38 f054e72f2da4da103aaff2aa03426574
.idata 0x4000 0x286 0x400 3.00 641f324f2eced3587f56ec5311a00e85

( 3 imports )
> user32.dll: ExitWindowsEx, GetMessageA
> kernel32.dll: CloseHandle, CreateFileA, CreateThread, ExitProcess, GetModuleFileNameA, GetModuleHandleA, GetTempPathA, GlobalAlloc, GlobalLock, Sleep, WriteFile, lstrcatA, lstrlenA
> advapi32.dll: AdjustTokenPrivileges, LookupPrivilegeValueA, OpenProcessToken, RegCloseKey, RegOpenKeyExA, RegSetValueExA

( 0 exports )

RDS...: NSRL Reference Data Set
-

pw=infected

Attached Files


Tom Mercado
Product Support Team Lead

Posted Image

Follow us: Twitter, Become a fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users