Sign in to follow this  
Followers 0
nosirrah

Running a small test

22 posts in this topic

Please do not comment on this thread. I am only posting here to give points of reference over time on detection of a 0day sample.

SHA256: e0dc4d79d2c5a5c2fb1d9107b1c5f817c589c195f1b8fbbcaa64847b73c3cc78

SHA1: a352cb3a4327634d599911ea3d9e095950b2371b

MD5: c4b357b6b09b35c6784319b5a27914e8

File size: 810.5 KB ( 829965 bytes )

File name: E:\Downloads\scandsk(309).exe

File type: Win32 EXE

Detection ratio: 2 / 42

Analysis date: 2012-07-16 02:32:08 UTC ( 0 minutes ago )

Antivirus Result Update

AhnLab-V3 - 20120705

AntiVir DR/Delphi.Gen 20120705

Antiy-AVL - 20120705

Avast - 20120705

AVG - 20120705

BitDefender - 20120705

ByteHero - 20120704

CAT-QuickHeal - 20120705

ClamAV - 20120705

Commtouch - 20120705

Comodo - 20120705

DrWeb - 20120706

Emsisoft - 20120705

eSafe - 20120705

F-Prot - 20120705

F-Secure - 20120706

Fortinet - 20120705

GData - 20120705

Ikarus - 20120705

Jiangmin - 20120705

K7AntiVirus - 20120705

Kaspersky - 20120705

McAfee - 20120706

McAfee-GW-Edition - 20120705

Microsoft - 20120705

NOD32 - 20120705

Norman - 20120705

nProtect - 20120706

Panda - 20120705

PCTools - 20120705

Rising - 20120705

Sophos Mal/EncPk-ACI 20120705

SUPERAntiSpyware - 20120705

Symantec - 20120706

TheHacker - 20120704

TotalDefense - 20120705

TrendMicro - 20120706

TrendMicro-HouseCall - 20120705

VBA32 - 20120705

VIPRE - 20120705

ViRobot - 20120705

VirusBuster - 20120705

First seen by VirusTotal

2012-07-16 02:32:08 UTC ( 34 minutes ago )

Last seen by VirusTotal

2012-07-16 02:32:08 UTC ( 34 minutes ago )

Share this post


Link to post
Share on other sites

update

SHA256: e0dc4d79d2c5a5c2fb1d9107b1c5f817c589c195f1b8fbbcaa64847b73c3cc78

SHA1: a352cb3a4327634d599911ea3d9e095950b2371b

MD5: c4b357b6b09b35c6784319b5a27914e8

File size: 810.5 KB ( 829965 bytes )

File name: E:\Downloads\scandsk(309).exe

File type: Win32 EXE

Detection ratio: 6 / 42

Analysis date: 2012-07-16 09:12:51 UTC ( 0 minutes ago )

Antivirus Result Update

AhnLab-V3 - 20120715

AntiVir DR/Delphi.Gen 20120716

Antiy-AVL - 20120712

Avast - 20120716

AVG - 20120715

BitDefender - 20120716

ByteHero - 20120716

CAT-QuickHeal - 20120716

ClamAV - 20120716

Commtouch - 20120715

Comodo - 20120716

DrWeb Trojan.Rodricter.8 20120716

Emsisoft - 20120716

eSafe - 20120716

ESET-NOD32 Win32/Simda.B 20120716

F-Prot - 20120715

F-Secure - 20120716

Fortinet - 20120716

GData - 20120716

Ikarus - 20120716

Jiangmin - 20120716

K7AntiVirus - 20120714

Kaspersky Trojan.Win32.Inject.eigh 20120716

McAfee - 20120716

McAfee-GW-Edition - 20120716

Microsoft - 20120716

Norman W32/Simda.AA 20120716

nProtect - 20120716

Panda - 20120715

PCTools - 20120716

Rising - 20120716

Sophos Mal/EncPk-ACI 20120716

SUPERAntiSpyware - 20120715

Symantec - 20120716

TheHacker - 20120716

TotalDefense - 20120713

TrendMicro - 20120716

TrendMicro-HouseCall - 20120715

VBA32 - 20120716

VIPRE - 20120716

ViRobot - 20120716

VirusBuster - 20120715

First seen by VirusTotal

2012-07-16 02:32:08 UTC ( 6 hours, 44 minutes ago )

Last seen by VirusTotal

2012-07-16 09:12:51 UTC ( 3 minutes ago )

Share this post


Link to post
Share on other sites

update

SHA256: e0dc4d79d2c5a5c2fb1d9107b1c5f817c589c195f1b8fbbcaa64847b73c3cc78

SHA1: a352cb3a4327634d599911ea3d9e095950b2371b

MD5: c4b357b6b09b35c6784319b5a27914e8

File size: 810.5 KB ( 829965 bytes )

File name: E:\Downloads\scandsk(309).exe

File type: Win32 EXE

Detection ratio: 10 / 42

Analysis date: 2012-07-16 13:46:25 UTC ( 0 minutes ago )

AhnLab-V3 - 20120716

AntiVir DR/Delphi.Gen 20120716

Antiy-AVL - 20120712

Avast - 20120716

AVG - 20120716

BitDefender Trojan.Generic.KDV.673357 20120716

ByteHero - 20120716

CAT-QuickHeal - 20120716

ClamAV - 20120716

Commtouch - 20120716

Comodo - 20120716

DrWeb Trojan.Rodricter.8 20120716

Emsisoft Trojan.Win32.Inject.eigh.AMN!A2 20120716

eSafe - 20120716

ESET-NOD32 Win32/Simda.B 20120716

F-Prot - 20120716

F-Secure - 20120716

Fortinet - 20120716

GData Trojan.Generic.KDV.673357 20120716

Ikarus - 20120716

Jiangmin - 20120716

K7AntiVirus - 20120714

Kaspersky Trojan.Win32.Inject.eigh 20120716

McAfee - 20120716

McAfee-GW-Edition - 20120716

Microsoft - 20120716

Norman W32/Simda.AA 20120716

nProtect - 20120716

Panda - 20120716

PCTools - 20120716

Rising - 20120716

Sophos Mal/EncPk-ACI 20120716

SUPERAntiSpyware - 20120715

Symantec - 20120716

TheHacker - 20120716

TotalDefense - 20120713

TrendMicro - 20120716

TrendMicro-HouseCall - 20120716

VBA32 - 20120716

VIPRE - 20120716

ViRobot Trojan.Win32.A.Inject.829965 20120716

VirusBuster - 20120715

First seen by VirusTotal

2012-07-16 02:32:08 UTC ( 11 hours, 18 minutes ago )

Last seen by VirusTotal

2012-07-16 13:46:25 UTC ( 4 minutes ago )

Share this post


Link to post
Share on other sites

update

at this point the source for this sample has mutated so further updates by the AVs will be irrelevant

old variant first

SHA256: e0dc4d79d2c5a5c2fb1d9107b1c5f817c589c195f1b8fbbcaa64847b73c3cc78

SHA1: a352cb3a4327634d599911ea3d9e095950b2371b

MD5: c4b357b6b09b35c6784319b5a27914e8

File size: 810.5 KB ( 829965 bytes )

File name: E:\Downloads\scandsk(309).exe

File type: Win32 EXE

Detection ratio: 11 / 42

Analysis date: 2012-07-16 16:06:59 UTC ( 1 minute ago )

AhnLab-V3 - 20120716

AntiVir DR/Delphi.Gen 20120716

Antiy-AVL - 20120712

Avast - 20120716

AVG - 20120716

BitDefender Trojan.Generic.KDV.673357 20120716

ByteHero - 20120716

CAT-QuickHeal - 20120716

ClamAV - 20120716

Commtouch - 20120716

Comodo - 20120716

DrWeb Trojan.Rodricter.8 20120716

Emsisoft Trojan.Win32.Inject.eigh.AMN!A2 20120716

eSafe - 20120716

ESET-NOD32 Win32/Simda.B 20120716

F-Prot - 20120716

F-Secure Trojan.Generic.KDV.673357 20120716

Fortinet - 20120716

GData Trojan.Generic.KDV.673357 20120716

Ikarus - 20120716

Jiangmin - 20120716

K7AntiVirus - 20120714

Kaspersky Trojan.Win32.Inject.eigh 20120716

McAfee - 20120716

McAfee-GW-Edition - 20120716

Microsoft - 20120716

Norman W32/Simda.AA 20120716

nProtect - 20120716

Panda - 20120716

PCTools - 20120716

Rising - 20120716

Sophos Mal/EncPk-ACI 20120716

SUPERAntiSpyware - 20120715

Symantec - 20120716

TheHacker - 20120716

TotalDefense - 20120713

TrendMicro - 20120716

TrendMicro-HouseCall - 20120716

VBA32 - 20120716

VIPRE - 20120716

ViRobot Trojan.Win32.A.Inject.829965 20120716

VirusBuster - 20120716

First seen by VirusTotal

2012-07-16 02:32:08 UTC ( 13 hours, 39 minutes ago )

Last seen by VirusTotal

2012-07-16 16:06:59 UTC ( 4 minutes ago )

and now the new variant that has replaced the old one

SHA256: 9cbbd4a113c0ba71c9ace2897b37375040c1aa4b4f75dc15f2fda70a44a6f78b

SHA1: c1ab3d8ca23c29b32994795eaca146dcc3f182fa

MD5: ea8083a2c187db22a5c1eacdd31161b7

File size: 823.0 KB ( 842765 bytes )

File name: E:\Downloads\scandsk(317).exe

File type: Win32 EXE

Detection ratio: 2 / 42

Analysis date: 2012-07-16 16:06:57 UTC ( 1 minute ago )

AhnLab-V3 - 20120716

AntiVir DR/Delphi.Gen 20120716

Antiy-AVL - 20120712

Avast - 20120716

AVG - 20120716

BitDefender - 20120716

ByteHero - 20120716

CAT-QuickHeal - 20120716

ClamAV - 20120716

Commtouch - 20120716

Comodo - 20120716

DrWeb - 20120716

Emsisoft - 20120716

eSafe - 20120716

ESET-NOD32 - 20120716

F-Prot - 20120716

F-Secure - 20120716

Fortinet - 20120716

GData - 20120716

Ikarus - 20120716

Jiangmin - 20120716

K7AntiVirus - 20120714

Kaspersky - 20120716

McAfee - 20120716

McAfee-GW-Edition - 20120716

Microsoft - 20120716

Norman W32/Simda.AA 20120716

nProtect - 20120716

Panda - 20120716

PCTools - 20120716

Rising - 20120716

Sophos - 20120716

SUPERAntiSpyware - 20120715

Symantec - 20120716

TheHacker - 20120716

TotalDefense - 20120713

TrendMicro - 20120716

TrendMicro-HouseCall - 20120716

VBA32 - 20120716

VIPRE - 20120716

ViRobot - 20120716

VirusBuster - 20120716

First seen by VirusTotal

2012-07-16 16:06:57 UTC ( 7 minutes ago )

Last seen by VirusTotal

2012-07-16 16:06:57 UTC ( 7 minutes ago )

Share this post


Link to post
Share on other sites

update

this is the current detection for the now obsolete malware

SHA256: e0dc4d79d2c5a5c2fb1d9107b1c5f817c589c195f1b8fbbcaa64847b73c3cc78

SHA1: a352cb3a4327634d599911ea3d9e095950b2371b

MD5: c4b357b6b09b35c6784319b5a27914e8

File size: 810.5 KB ( 829965 bytes )

File name: E:\Downloads\scandsk(309).exe

File type: Win32 EXE

Detection ratio: 13 / 42

Analysis date: 2012-07-16 20:47:00 UTC ( 1 minute ago )

AhnLab-V3 - 20120716

AntiVir DR/Delphi.Gen 20120716

Antiy-AVL - 20120712

Avast - 20120716

AVG - 20120716

BitDefender Trojan.Generic.KDV.673357 20120716

ByteHero - 20120716

CAT-QuickHeal - 20120716

ClamAV - 20120716

Commtouch - 20120716

Comodo - 20120716

DrWeb Trojan.Rodricter.8 20120716

Emsisoft Trojan.Win32.Inject.eigh.AMN!A2 20120716

eSafe - 20120716

ESET-NOD32 Win32/Simda.B 20120716

F-Prot - 20120716

F-Secure Trojan.Generic.KDV.673357 20120716

Fortinet W32/Inject.EIGH!tr 20120716

GData Trojan.Generic.KDV.673357 20120716

Ikarus - 20120716

Jiangmin - 20120716

K7AntiVirus - 20120716

Kaspersky Trojan.Win32.Inject.eigh 20120716

McAfee - 20120716

McAfee-GW-Edition - 20120716

Microsoft - 20120716

Norman W32/Simda.AA 20120716

nProtect - 20120716

Panda Trj/CI.A 20120716

PCTools - 20120716

Rising - 20120716

Sophos Mal/EncPk-ACI 20120716

SUPERAntiSpyware - 20120715

Symantec - 20120716

TheHacker - 20120716

TotalDefense - 20120713

TrendMicro - 20120716

TrendMicro-HouseCall - 20120716

VBA32 - 20120716

VIPRE - 20120716

ViRobot Trojan.Win32.A.Inject.829965 20120716

VirusBuster - 20120716

First seen by VirusTotal

2012-07-16 02:32:08 UTC ( 18 hours, 21 minutes ago )

Last seen by VirusTotal

2012-07-16 20:47:00 UTC ( 6 minutes ago )

Share this post


Link to post
Share on other sites

update

this is the current detection for the now very obsolete infection

SHA256: e0dc4d79d2c5a5c2fb1d9107b1c5f817c589c195f1b8fbbcaa64847b73c3cc78

SHA1: a352cb3a4327634d599911ea3d9e095950b2371b

MD5: c4b357b6b09b35c6784319b5a27914e8

File size: 810.5 KB ( 829965 bytes )

File name: E:\Downloads\scandsk(309).exe

File type: Win32 EXE

Detection ratio: 17 / 42

Analysis date: 2012-07-17 17:17:06 UTC ( 4 hours, 57 minutes ago )

AhnLab-V3 - 20120717

AntiVir DR/Delphi.Gen 20120717

Antiy-AVL - 20120717

Avast - 20120717

AVG - 20120717

BitDefender Trojan.Generic.KDV.673357 20120717

ByteHero - 20120716

CAT-QuickHeal - 20120717

ClamAV - 20120717

Commtouch - 20120717

Comodo UnclassifiedMalware 20120717

DrWeb Trojan.Rodricter.8 20120717

Emsisoft Trojan.Win32.Inject.eigh.AMN!A2 20120717

eSafe - 20120717

ESET-NOD32 Win32/Simda.B 20120717

F-Prot - 20120717

F-Secure Trojan.Generic.KDV.673357 20120717

Fortinet W32/Inject.EIGH!tr 20120717

GData Trojan.Generic.KDV.673357 20120717

Ikarus Trojan.Win32.Inject 20120717

Jiangmin - 20120717

K7AntiVirus - 20120717

Kaspersky Trojan.Win32.Inject.eigh 20120717

McAfee - 20120717

McAfee-GW-Edition - 20120717

Microsoft - 20120717

Norman W32/Simda.AA 20120717

nProtect Trojan.Generic.KDV.673357 20120717

Panda Trj/CI.A 20120717

PCTools - 20120717

Rising - 20120717

Sophos Mal/EncPk-ACI 20120717

SUPERAntiSpyware - 20120717

Symantec - 20120717

TheHacker - 20120717

TotalDefense - 20120717

TrendMicro - 20120717

TrendMicro-HouseCall TROJ_GEN.R47H1GG 20120717

VBA32 - 20120717

VIPRE - 20120717

ViRobot Trojan.Win32.A.Inject.829965 20120717

VirusBuster - 20120717

First seen by VirusTotal

2012-07-16 02:32:08 UTC ( 1 day, 19 hours ago )

Last seen by VirusTotal

2012-07-17 22:14:18 UTC ( 1 minute ago )

here is the most recent mutation

as you can see some vendors have been able to use the previous version to predict this version

SHA256: 5212e626882d9fe38417f860e29b7cfa546da6ff68bff4b470015f0c9274941f

SHA1: 3ed789a314e7721ba312b1a688d33fd613e2e82d

MD5: 79be6139b018b53cca107301e6dce46e

File size: 805.0 KB ( 824333 bytes )

File name: E:\Downloads\scandsk(325).exe

File type: Win32 EXE

Detection ratio: 8 / 42

Analysis date: 2012-07-17 22:14:12 UTC ( 0 minutes ago )

AhnLab-V3 - 20120717

AntiVir DR/Delphi.Gen 20120717

Antiy-AVL - 20120717

Avast - 20120717

AVG - 20120717

BitDefender - 20120717

ByteHero - 20120716

CAT-QuickHeal - 20120717

ClamAV - 20120717

Commtouch W32/MalwareHiderPatched-based!Maximus 20120717

Comodo - 20120717

DrWeb - 20120717

Emsisoft - 20120717

eSafe - 20120717

ESET-NOD32 - 20120717

F-Prot W32/MalwareHiderPatched-based!Maximus 20120717

F-Secure - 20120717

Fortinet - 20120717

GData - 20120717

Ikarus - 20120717

Jiangmin - 20120717

K7AntiVirus Trojan 20120717

Kaspersky - 20120717

McAfee PWS-Zbot.gen.zy 20120717

McAfee-GW-Edition PWS-Zbot.gen.zy 20120717

Microsoft - 20120718

Norman W32/Obfuscated_J 20120717

nProtect - 20120717

Panda - 20120717

PCTools - 20120717

Rising - 20120717

Sophos Mal/EncPk-ACI 20120717

SUPERAntiSpyware - 20120717

Symantec - 20120717

TheHacker - 20120717

TotalDefense - 20120717

TrendMicro - 20120717

TrendMicro-HouseCall - 20120717

VBA32 - 20120717

VIPRE - 20120717

ViRobot - 20120717

VirusBuster - 20120717

First seen by VirusTotal

2012-07-17 22:14:12 UTC ( 3 minutes ago )

Last seen by VirusTotal

2012-07-17 22:14:12 UTC ( 3 minutes ago )

Share this post


Link to post
Share on other sites

Another new mutation

SHA256: da67c25c078d81b8509c3359e299e5adee4d4b3ba142f210bdf9cbbbacf07220

SHA1: ba0826e61ac02083352f041a0e50b6ab5313c5f3

MD5: 63c2f15ab622140f1fccee28c22a1032

File size: 804.5 KB ( 823821 bytes )

File name: E:\Downloads\scandsk(326).exe

File type: Win32 EXE

Detection ratio: 5 / 42

Analysis date: 2012-07-18 06:43:22 UTC ( 0 minutes ago )

AhnLab-V3 - 20120717

AntiVir DR/Delphi.Gen 20120717

Antiy-AVL - 20120717

Avast - 20120717

AVG - 20120717

BitDefender - 20120717

ByteHero - 20120613

CAT-QuickHeal - 20120717

ClamAV - 20120717

Commtouch - 20120717

Comodo - 20120717

DrWeb - 20120717

Emsisoft - 20120717

eSafe - 20120717

F-Prot - 20120717

F-Secure - 20120717

Fortinet - 20120717

GData - 20120717

Ikarus - 20120717

Jiangmin - 20120717

K7AntiVirus - 20120717

Kaspersky - 20120717

McAfee PWS-Zbot.gen.zy 20120717

McAfee-GW-Edition PWS-Zbot.gen.zy 20120717

Microsoft - 20120717

NOD32 - 20120715

Norman W32/Simda.AA 20120717

nProtect - 20120717

Panda - 20120717

PCTools - 20120717

Rising - 20120717

Sophos Mal/EncPk-AEM 20120717

SUPERAntiSpyware - 20120717

Symantec - 20120717

TheHacker - 20120717

TotalDefense - 20120717

TrendMicro - 20120717

TrendMicro-HouseCall - 20120717

VBA32 - 20120717

VIPRE - 20120717

ViRobot - 20120717

VirusBuster - 20120717

First seen by VirusTotal

2012-07-18 06:43:22 UTC ( 3 minutes ago )

Last seen by VirusTotal

2012-07-18 06:43:22 UTC ( 3 minutes ago )

Share this post


Link to post
Share on other sites

update

first the now 2 day old sample

SHA256: e0dc4d79d2c5a5c2fb1d9107b1c5f817c589c195f1b8fbbcaa64847b73c3cc78

SHA1: a352cb3a4327634d599911ea3d9e095950b2371b

MD5: c4b357b6b09b35c6784319b5a27914e8

File size: 810.5 KB ( 829965 bytes )

File name: E:\Downloads\scandsk(309).exe

File type: Win32 EXE

Detection ratio: 19 / 42

Analysis date: 2012-07-18 10:02:03 UTC ( 0 minutes ago )

AhnLab-V3 - 20120718

AntiVir DR/Delphi.Gen 20120718

Antiy-AVL - 20120717

Avast Win32:Trojan-gen 20120718

AVG Generic28.CGSU 20120718

BitDefender Trojan.Generic.KDV.673357 20120718

ByteHero - 20120716

CAT-QuickHeal - 20120718

ClamAV - 20120717

Commtouch - 20120718

Comodo UnclassifiedMalware 20120718

DrWeb Trojan.Rodricter.8 20120718

Emsisoft Trojan.Win32.Inject!IK 20120718

eSafe - 20120717

ESET-NOD32 Win32/Simda.B 20120718

F-Prot - 20120718

F-Secure Trojan.Generic.KDV.673357 20120718

Fortinet W32/Inject.EIGH!tr 20120718

GData Trojan.Generic.KDV.673357 20120718

Ikarus Trojan.Win32.Inject 20120718

Jiangmin - 20120718

K7AntiVirus - 20120717

Kaspersky Trojan.Win32.Inject.eigh 20120718

McAfee - 20120718

McAfee-GW-Edition - 20120718

Microsoft - 20120718

Norman W32/Simda.AA 20120718

nProtect Trojan.Generic.KDV.673357 20120718

Panda Trj/CI.A 20120718

PCTools - 20120718

Rising - 20120718

Sophos Mal/EncPk-ACI 20120718

SUPERAntiSpyware - 20120718

Symantec - 20120717

TheHacker - 20120717

TotalDefense - 20120717

TrendMicro - 20120718

TrendMicro-HouseCall TROJ_GEN.R47H1GG 20120717

VBA32 - 20120718

VIPRE - 20120718

ViRobot Trojan.Win32.A.Inject.829965 20120718

VirusBuster - 20120717

First seen by VirusTotal

2012-07-16 02:32:08 UTC ( 2 days, 7 hours ago )

Last seen by VirusTotal

2012-07-18 10:02:03 UTC ( 1 minute ago )

and now the latest variant from the same source

SHA256: 9fcfcad511ba153666296f2a974aebce276838542f425d1a1b32c56b933b850d

SHA1: cfdfdc8e37ec4e5ca35802c84c165108c0dde520

MD5: 646b1c0c4a3dab6a4644f30572c0a21f

File size: 767.0 KB ( 785421 bytes )

File name: E:\Downloads\scandsk(328).exe

File type: Win32 EXE

Detection ratio: 7 / 41

Analysis date: 2012-07-18 10:01:38 UTC ( 1 minute ago )

Antivirus Result Update

AntiVir - 20120718

Antiy-AVL - 20120717

Avast - 20120718

AVG - 20120718

BitDefender Gen:Trojan.Heur2.LVP.VGX@aaiPczgi 20120718

ByteHero - 20120716

CAT-QuickHeal - 20120718

ClamAV - 20120717

Commtouch - 20120718

Comodo - 20120718

DrWeb - 20120718

Emsisoft Trojan.Win32.Inject!IK 20120718

eSafe - 20120717

ESET-NOD32 - 20120718

F-Prot - 20120718

F-Secure Gen:Trojan.Heur2.LVP.VGX@aaiPczgi 20120718

Fortinet - 20120718

GData Gen:Trojan.Heur2.LVP.VGX@aaiPczgi 20120718

Ikarus Trojan.Win32.Inject 20120718

Jiangmin - 20120718

K7AntiVirus - 20120717

Kaspersky - 20120718

McAfee - 20120718

McAfee-GW-Edition - 20120718

Microsoft - 20120718

Norman W32/Simda.AA 20120718

nProtect - 20120718

Panda - 20120718

PCTools - 20120718

Rising - 20120718

Sophos Mal/EncPk-ACI 20120718

SUPERAntiSpyware - 20120718

Symantec - 20120717

TheHacker - 20120717

TotalDefense - 20120717

TrendMicro - 20120718

TrendMicro-HouseCall - 20120717

VBA32 - 20120718

VIPRE - 20120718

ViRobot - 20120718

VirusBuster - 20120717

First seen by VirusTotal

2012-07-18 10:01:38 UTC ( 2 minutes ago )

Last seen by VirusTotal

2012-07-18 10:01:38 UTC ( 2 minutes ago )

Share this post


Link to post
Share on other sites

today there was another new mutation

here are detections for the now 3 day obsolete trojan

SHA256: e0dc4d79d2c5a5c2fb1d9107b1c5f817c589c195f1b8fbbcaa64847b73c3cc78

SHA1: a352cb3a4327634d599911ea3d9e095950b2371b

MD5: c4b357b6b09b35c6784319b5a27914e8

File size: 810.5 KB ( 829965 bytes )

File name: E:\Downloads\scandsk(309).exe

File type: Win32 EXE

Detection ratio: 20 / 42

Analysis date: 2012-07-19 18:07:58 UTC ( 1 minute ago )

AhnLab-V3 - 20120719

AntiVir DR/Delphi.Gen 20120719

Antiy-AVL - 20120717

Avast Win32:Trojan-gen 20120719

AVG Generic28.CGSU 20120719

BitDefender Trojan.Generic.KDV.673357 20120719

ByteHero - 20120719

CAT-QuickHeal - 20120719

ClamAV - 20120719

Commtouch - 20120719

Comodo UnclassifiedMalware 20120719

DrWeb Trojan.Rodricter.8 20120719

Emsisoft Trojan.Win32.Inject!IK 20120719

eSafe - 20120719

ESET-NOD32 Win32/Simda.B 20120719

F-Prot - 20120719

F-Secure Trojan.Generic.KDV.673357 20120719

Fortinet W32/Inject.EIGH!tr 20120719

GData Trojan.Generic.KDV.673357 20120719

Ikarus Trojan.Win32.Inject 20120719

Jiangmin - 20120719

K7AntiVirus - 20120719

Kaspersky Trojan.Win32.Inject.eigh 20120719

McAfee Generic BackDoor.abj 20120719

McAfee-GW-Edition - 20120719

Microsoft - 20120719

Norman W32/Simda.AA 20120719

nProtect Trojan/W32.Agent.829965 20120719

Panda - 20120719

PCTools - 20120719

Rising - 20120719

Sophos Mal/EncPk-ACI 20120719

SUPERAntiSpyware - 20120719

Symantec - 20120719

TheHacker - 20120719

TotalDefense - 20120718

TrendMicro - 20120719

TrendMicro-HouseCall TROJ_GEN.R47H1GG 20120719

VBA32 - 20120719

VIPRE Trojan.Win32.Generic!BT 20120719

ViRobot Trojan.Win32.A.Inject.829965 20120719

VirusBuster - 20120719

First seen by VirusTotal

2012-07-16 02:32:08 UTC ( 3 days, 15 hours ago )

Last seen by VirusTotal

2012-07-19 18:07:58 UTC ( 1 minute ago )

Here is the current detection for the current trojan from the same source

SHA256: 708b3abfcb049581e565340f0c550e8520f3f802dd2e44649856806ff01037fe

SHA1: c3aae91842bcec90e80ddd222d455e679b28cee4

MD5: 1db4547bf121a7aff42b087f4f67445d

File size: 768.5 KB ( 786957 bytes )

File name: E:\Downloads\scandsk(334).exe

File type: Win32 EXE

Detection ratio: 4 / 42

Analysis date: 2012-07-19 18:07:52 UTC ( 1 minute ago )

AhnLab-V3 - 20120719

AntiVir - 20120719

Antiy-AVL - 20120717

Avast - 20120719

AVG - 20120719

BitDefender Gen:Trojan.Heur2.LVP.WGX@amP1bSdi 20120719

ByteHero - 20120719

CAT-QuickHeal - 20120719

ClamAV - 20120719

Commtouch - 20120719

Comodo - 20120719

DrWeb - 20120719

Emsisoft - 20120719

eSafe - 20120719

ESET-NOD32 - 20120719

F-Prot - 20120719

F-Secure Gen:Trojan.Heur2.LVP.WGX@amP1bSdi 20120719

Fortinet - 20120719

GData Gen:Trojan.Heur2.LVP.WGX@amP1bSdi 20120719

Ikarus - 20120719

Jiangmin - 20120719

K7AntiVirus - 20120719

Kaspersky - 20120719

McAfee - 20120719

McAfee-GW-Edition - 20120719

Microsoft - 20120719

Norman W32/Simda.AA 20120719

nProtect - 20120719

Panda - 20120719

PCTools - 20120719

Rising - 20120719

Sophos - 20120719

SUPERAntiSpyware - 20120719

Symantec - 20120719

TheHacker - 20120719

TotalDefense - 20120718

TrendMicro - 20120719

TrendMicro-HouseCall - 20120719

VBA32 - 20120719

VIPRE - 20120719

ViRobot - 20120719

VirusBuster - 20120719

First seen by VirusTotal

2012-07-19 18:07:52 UTC ( 1 minute ago )

Last seen by VirusTotal

2012-07-19 18:07:52 UTC ( 1 minute ago )

Share this post


Link to post
Share on other sites

updating again

the first trojan is now 5 days obsolete and once again has been replaced with a new mutation

here are the current detections for the original sample

SHA256: e0dc4d79d2c5a5c2fb1d9107b1c5f817c589c195f1b8fbbcaa64847b73c3cc78

SHA1: a352cb3a4327634d599911ea3d9e095950b2371b

MD5: c4b357b6b09b35c6784319b5a27914e8

File size: 810.5 KB ( 829965 bytes )

File name: E:\Downloads\scandsk(309).exe

File type: Win32 EXE

Detection ratio: 22 / 42

Analysis date: 2012-07-21 02:54:59 UTC ( 0 minutes ago )

AhnLab-V3 - 20120720

AntiVir DR/Delphi.Gen 20120720

Antiy-AVL - 20120717

Avast Win32:Trojan-gen 20120721

AVG Generic28.CGSU 20120720

BitDefender Trojan.Generic.KDV.673357 20120721

ByteHero - 20120719

CAT-QuickHeal - 20120720

ClamAV - 20120721

Commtouch - 20120721

Comodo UnclassifiedMalware 20120721

DrWeb Trojan.Rodricter.8 20120721

Emsisoft Trojan.Win32.Inject!IK 20120721

eSafe - 20120719

ESET-NOD32 Win32/Simda.B 20120720

F-Prot - 20120720

F-Secure Trojan.Generic.KDV.673357 20120721

Fortinet W32/Inject.EIGH!tr 20120721

GData Trojan.Generic.KDV.673357 20120721

Ikarus Trojan.Win32.Inject 20120720

Jiangmin - 20120720

K7AntiVirus - 20120720

Kaspersky Trojan.Win32.Inject.eigh 20120721

McAfee Generic BackDoor.abj 20120721

McAfee-GW-Edition - 20120721

Microsoft - 20120721

Norman W32/Simda.AA 20120720

nProtect Trojan/W32.Agent.829965 20120720

Panda Trj/CI.A 20120720

PCTools - 20120721

Rising - 20120720

Sophos Mal/EncPk-ACI 20120721

SUPERAntiSpyware - 20120720

Symantec - 20120721

TheHacker Trojan/Inject.eigh 20120720

TotalDefense - 20120718

TrendMicro - 20120721

TrendMicro-HouseCall TROJ_GEN.R47H1GG 20120721

VBA32 - 20120720

VIPRE Trojan.Win32.Generic!BT 20120721

ViRobot Trojan.Win32.A.Inject.829965 20120720

VirusBuster - 20120721

First seen by VirusTotal

2012-07-16 02:32:08 UTC ( 5 days ago )

Last seen by VirusTotal

2012-07-21 02:54:59 UTC ( 6 minutes ago )

and now the new trojan from the same source

SHA256: 315424b78585b20d42cd677e2c200941c490b4d60c3de7b409e010a26252f220

SHA1: f00040728911b4992b8277c432f279dbad633d20

MD5: dc141f06bc9f47cabde4c6af88051c39

File size: 758.0 KB ( 776205 bytes )

File name: E:\Downloads\scandsk(342).exe

File type: Win32 EXE

Detection ratio: 8 / 42

Analysis date: 2012-07-21 02:54:42 UTC ( 0 minutes ago )

AhnLab-V3 - 20120720

AntiVir DR/Delphi.Gen 20120720

Antiy-AVL - 20120717

Avast - 20120721

AVG - 20120720

BitDefender - 20120721

ByteHero - 20120719

CAT-QuickHeal - 20120720

ClamAV - 20120721

Commtouch W32/MalwareHiderPatched-based!Maximus 20120721

Comodo - 20120721

DrWeb - 20120721

Emsisoft Trojan.Win32.Inject!IK 20120721

eSafe - 20120719

ESET-NOD32 - 20120720

F-Prot W32/MalwareHiderPatched-based!Maximus 20120720

F-Secure - 20120721

Fortinet - 20120721

GData - 20120721

Ikarus Trojan.Win32.Inject 20120720

Jiangmin - 20120720

K7AntiVirus Trojan 20120720

Kaspersky - 20120721

McAfee - 20120721

McAfee-GW-Edition - 20120721

Microsoft - 20120721

Norman W32/Simda.AA 20120720

nProtect - 20120720

Panda - 20120720

PCTools - 20120721

Rising - 20120720

Sophos Mal/EncPk-AEM 20120721

SUPERAntiSpyware - 20120720

Symantec - 20120721

TheHacker - 20120720

TotalDefense - 20120718

TrendMicro - 20120721

TrendMicro-HouseCall - 20120721

VBA32 - 20120720

VIPRE - 20120721

ViRobot - 20120720

VirusBuster - 20120721

First seen by VirusTotal

2012-07-21 02:54:42 UTC ( 7 minutes ago )

Last seen by VirusTotal

2012-07-21 02:54:42 UTC ( 7 minutes ago )

Share this post


Link to post
Share on other sites

update

here are the latest updates for the original version and more recent mutation

first the original sample that is now 5 and a half days obsolete

SHA256: e0dc4d79d2c5a5c2fb1d9107b1c5f817c589c195f1b8fbbcaa64847b73c3cc78

SHA1: a352cb3a4327634d599911ea3d9e095950b2371b

MD5: c4b357b6b09b35c6784319b5a27914e8

File size: 810.5 KB ( 829965 bytes )

File name: E:\Downloads\scandsk(309).exe

File type: Win32 EXE

Detection ratio: 23 / 41

Analysis date: 2012-07-21 18:14:48 UTC ( 1 minute ago )

AntiVir DR/Delphi.Gen 20120721

Antiy-AVL - 20120717

Avast Win32:Trojan-gen 20120721

AVG Generic28.CGSU 20120721

BitDefender Trojan.Generic.KDV.673357 20120721

ByteHero - 20120719

CAT-QuickHeal Trojan.Inject.eigh 20120721

ClamAV - 20120721

Commtouch - 20120721

Comodo UnclassifiedMalware 20120721

DrWeb Trojan.Rodricter.8 20120721

Emsisoft Trojan.Win32.Inject!IK 20120721

eSafe - 20120719

ESET-NOD32 Win32/Simda.B 20120721

F-Prot - 20120721

F-Secure Trojan.Generic.KDV.673357 20120721

Fortinet W32/Inject.EIGH!tr 20120721

GData Trojan.Generic.KDV.673357 20120721

Ikarus Trojan.Win32.Inject 20120721

Jiangmin - 20120721

K7AntiVirus - 20120721

Kaspersky Trojan.Win32.Inject.eigh 20120721

McAfee Generic BackDoor.abj 20120721

McAfee-GW-Edition - 20120721

Microsoft - 20120721

Norman W32/Simda.AA 20120721

nProtect Trojan/W32.Agent.829965 20120721

Panda Trj/CI.A 20120721

PCTools - 20120721

Rising - 20120720

Sophos Mal/EncPk-ACI 20120721

SUPERAntiSpyware - 20120721

Symantec - 20120721

TheHacker Trojan/Inject.eigh 20120720

TotalDefense - 20120718

TrendMicro - 20120721

TrendMicro-HouseCall TROJ_GEN.R47H1GG 20120721

VBA32 - 20120720

VIPRE Trojan.Win32.Generic!BT 20120721

ViRobot Trojan.Win32.A.Inject.829965 20120721

VirusBuster - 20120721

First seen by VirusTotal

2012-07-16 02:32:08 UTC ( 5 days, 15 hours ago )

Last seen by VirusTotal

2012-07-21 18:14:48 UTC ( 3 minutes ago )

and not the latest mutation from the same source

SHA256: 470c8a2ac73bc0855ec460e9b8d74c30aa0b2e4d5dccca83f41707b0aa6d587c

SHA1: 98c41ea5863cedd24b2de21b2d03f766ecf994fc

MD5: fb2b813b69e7a2ac1b31551cb2cf4f8c

File size: 724.0 KB ( 741389 bytes )

File name: E:\Downloads\scandsk(347).exe

File type: Win32 EXE

Detection ratio: 6 / 41

Analysis date: 2012-07-21 18:11:23 UTC ( 0 minutes ago )

AhnLab-V3 - 20120721

AntiVir - 20120721

Antiy-AVL - 20120717

Avast - 20120721

AVG - 20120721

BitDefender - 20120721

ByteHero - 20120719

CAT-QuickHeal - 20120721

ClamAV - 20120721

Commtouch W32/MalwareHiderPatched-based!Maximus 20120721

Comodo - 20120721

DrWeb - 20120721

Emsisoft - 20120721

eSafe - 20120719

ESET-NOD32 - 20120721

F-Prot W32/MalwareHiderPatched-based!Maximus 20120721

F-Secure - 20120721

Fortinet W32/Inject.EIA!tr 20120721

GData - 20120721

Ikarus - 20120721

Jiangmin - 20120721

K7AntiVirus Trojan 20120721

McAfee - 20120721

McAfee-GW-Edition - 20120721

Microsoft - 20120721

Norman W32/Simda.AA 20120721

nProtect - 20120721

Panda - 20120721

PCTools - 20120721

Rising - 20120720

Sophos Mal/EncPk-ACI 20120721

SUPERAntiSpyware - 20120721

Symantec - 20120721

TheHacker - 20120720

TotalDefense - 20120718

TrendMicro - 20120721

TrendMicro-HouseCall - 20120721

VBA32 - 20120720

VIPRE - 20120721

ViRobot - 20120721

VirusBuster - 20120721

First seen by VirusTotal

2012-07-21 18:11:23 UTC ( 6 minutes ago )

Last seen by VirusTotal

2012-07-21 18:11:23 UTC ( 6 minutes ago )

Share this post


Link to post
Share on other sites

another update, I think I will continue this until the first example is either 75% detected or is no longer increasing in detection

here are the latest updates for the original version and more recent mutation

first the original sample that is now 6 and a half days obsolete

SHA256: e0dc4d79d2c5a5c2fb1d9107b1c5f817c589c195f1b8fbbcaa64847b73c3cc78

SHA1: a352cb3a4327634d599911ea3d9e095950b2371b

MD5: c4b357b6b09b35c6784319b5a27914e8

File size: 810.5 KB ( 829965 bytes )

File name: E:\Downloads\scandsk(309).exe

File type: Win32 EXE

Detection ratio: 23 / 42

Analysis date: 2012-07-22 19:00:55 UTC ( 0 minutes ago )

AhnLab-V3 - 20120722

AntiVir DR/Delphi.Gen 20120722

Antiy-AVL - 20120717

Avast Win32:Trojan-gen 20120722

AVG Generic28.CGSU 20120722

BitDefender Trojan.Generic.KDV.673357 20120722

ByteHero - 20120719

CAT-QuickHeal Trojan.Inject.eigh 20120722

ClamAV - 20120721

Commtouch - 20120721

Comodo UnclassifiedMalware 20120722

DrWeb Trojan.Rodricter.8 20120722

Emsisoft Trojan.Win32.Inject!IK 20120722

eSafe - 20120722

ESET-NOD32 Win32/Simda.B 20120722

F-Prot - 20120721

F-Secure Trojan.Generic.KDV.673357 20120722

Fortinet W32/Inject.EIGH!tr 20120721

GData Trojan.Generic.KDV.673357 20120722

Ikarus Trojan.Win32.Inject 20120722

Jiangmin - 20120722

K7AntiVirus - 20120721

Kaspersky Trojan.Win32.Inject.eigh 20120722

McAfee Generic BackDoor.abj 20120722

McAfee-GW-Edition - 20120722

Microsoft - 20120722

Norman W32/Simda.AA 20120721

nProtect Trojan/W32.Agent.829965 20120722

Panda Trj/CI.A 20120722

PCTools - 20120722

Rising - 20120720

Sophos Mal/EncPk-ACI 20120722

SUPERAntiSpyware - 20120722

Symantec - 20120722

TheHacker Trojan/Inject.eigh 20120722

TotalDefense - 20120718

TrendMicro - 20120722

TrendMicro-HouseCall TROJ_GEN.R47H1GG 20120722

VBA32 - 20120720

VIPRE Trojan.Win32.Generic!BT 20120722

ViRobot Trojan.Win32.A.Inject.829965 20120722

VirusBuster - 20120722

First seen by VirusTotal

2012-07-16 02:32:08 UTC ( 6 days, 16 hours ago )

Last seen by VirusTotal

2012-07-22 19:00:55 UTC ( 4 minutes ago )

and now the new trojan from the same source

SHA256: 70bc7f6191fa7dd028229df0eb96a7a616c818dc292dacfd5908446d0cb4d9f3

SHA1: 52ae6db5ccb227613bc889c40b8f21c784adf42a

MD5: 1f1d8af323954cd20471285b80d827c7

File size: 788.5 KB ( 807437 bytes )

File name: E:\Downloads\scandsk(354).exe

File type: Win32 EXE

Detection ratio: 5 / 42

Analysis date: 2012-07-22 19:00:39 UTC ( 0 minutes ago )

AhnLab-V3 - 20120722

AntiVir - 20120722

Antiy-AVL - 20120717

Avast - 20120722

AVG - 20120722

BitDefender - 20120722

ByteHero - 20120719

CAT-QuickHeal - 20120722

ClamAV - 20120721

Commtouch W32/MalwareHiderPatched-based!Maximus 20120721

Comodo - 20120722

DrWeb - 20120722

Emsisoft - 20120722

eSafe - 20120722

ESET-NOD32 - 20120722

F-Prot W32/MalwareHiderPatched-based!Maximus 20120721

F-Secure - 20120722

Fortinet - 20120721

GData - 20120722

Ikarus - 20120722

Jiangmin - 20120722

K7AntiVirus Trojan 20120721

Kaspersky - 20120722

McAfee - 20120722

McAfee-GW-Edition - 20120722

Microsoft - 20120722

Norman W32/Simda.AA 20120721

nProtect - 20120722

Panda - 20120722

PCTools - 20120722

Rising - 20120720

Sophos Mal/EncPk-ACT 20120722

SUPERAntiSpyware - 20120722

Symantec - 20120722

TheHacker - 20120722

TotalDefense - 20120718

TrendMicro - 20120722

TrendMicro-HouseCall - 20120722

VBA32 - 20120720

VIPRE - 20120722

ViRobot - 20120722

VirusBuster - 20120722

First seen by VirusTotal

2012-07-22 19:00:39 UTC ( 4 minutes ago )

Last seen by VirusTotal

2012-07-22 19:00:39 UTC ( 4 minutes ago )

Share this post


Link to post
Share on other sites

update

here are the latest updates for the original version and more recent mutation

first the original sample that is now 1 week obsolete

SHA256: e0dc4d79d2c5a5c2fb1d9107b1c5f817c589c195f1b8fbbcaa64847b73c3cc78

SHA1: a352cb3a4327634d599911ea3d9e095950b2371b

MD5: c4b357b6b09b35c6784319b5a27914e8

File size: 810.5 KB ( 829965 bytes )

File name: E:\Downloads\scandsk(309).exe

File type: Win32 EXE

Detection ratio: 25 / 40

Analysis date: 2012-07-24 02:17:38 UTC ( 1 minute ago )

AntiVir DR/Delphi.Gen 20120724

Antiy-AVL Trojan/Win32.Inject.gen 20120724

Avast Win32:Trojan-gen 20120723

AVG Generic28.CGSU 20120723

BitDefender Trojan.Generic.KDV.673357 20120724

ByteHero - 20120723

CAT-QuickHeal Trojan.Inject.eigh 20120723

ClamAV - 20120723

Commtouch - 20120724

Comodo UnclassifiedMalware 20120724

DrWeb Trojan.Rodricter.8 20120724

Emsisoft Trojan.Win32.Inject!IK 20120724

eSafe - 20120722

ESET-NOD32 Win32/Simda.B 20120723

F-Prot - 20120723

F-Secure Trojan.Generic.KDV.673357 20120724

Fortinet W32/Inject.EIGH!tr 20120724

GData Trojan.Generic.KDV.673357 20120724

Ikarus Trojan.Win32.Inject 20120724

Jiangmin - 20120723

K7AntiVirus - 20120723

Kaspersky Trojan.Win32.Inject.eigh 20120724

McAfee Generic BackDoor.abj 20120724

McAfee-GW-Edition - 20120723

Microsoft Backdoor:Win32/Simda.gen!E 20120724

Norman W32/Simda.AA 20120723

nProtect Trojan/W32.Agent.829965 20120723

Panda Trj/CI.A 20120723

Rising - 20120723

Sophos Mal/EncPk-ACI 20120724

SUPERAntiSpyware - 20120722

Symantec - 20120724

TheHacker Trojan/Inject.eigh 20120724

TotalDefense - 20120718

TrendMicro - 20120724

TrendMicro-HouseCall TROJ_GEN.R47H1GG 20120724

VBA32 - 20120723

VIPRE Trojan.Win32.Generic!BT 20120724

ViRobot Trojan.Win32.A.Inject.829965 20120723

VirusBuster - 20120723

First seen by VirusTotal

2012-07-16 02:32:08 UTC ( 1 week ago )

Last seen by VirusTotal

2012-07-23 19:12:52 UTC ( 7 hours, 5 minutes ago )

and now the new trojan from the same source, detection has seriously fallen off

SHA256: 7c6a66ce2748ed06a5c1028aa0183d6210aa9462cd75c5b4483e68848f556669

SHA1: b5042851118582484707d1aa4f155197c4540ce3

MD5: 6465a50f68b709b2c0bb2b299cb9a347

File size: 802.5 KB ( 821773 bytes )

File name: E:\Downloads\scandsk(360).exe

File type: Win32 EXE

Detection ratio: 3 / 41

Analysis date: 2012-07-24 02:17:09 UTC ( 0 minutes ago )

AhnLab-V3 - 20120723

AntiVir - 20120724

Antiy-AVL - 20120724

Avast - 20120723

AVG - 20120723

BitDefender - 20120724

ByteHero - 20120723

CAT-QuickHeal - 20120723

ClamAV - 20120723

Commtouch - 20120724

Comodo - 20120724

DrWeb Trojan.Rodricter.16 20120724

Emsisoft - 20120724

eSafe - 20120722

ESET-NOD32 - 20120723

F-Prot - 20120723

F-Secure - 20120724

Fortinet - 20120724

GData - 20120724

Ikarus - 20120724

Jiangmin - 20120723

K7AntiVirus - 20120723

Kaspersky - 20120724

McAfee - 20120724

McAfee-GW-Edition - 20120723

Microsoft Backdoor:Win32/Simda.gen!E 20120724

Norman W32/Simda.AA 20120723

nProtect - 20120723

Panda - 20120723

Rising - 20120723

Sophos - 20120724

SUPERAntiSpyware - 20120722

Symantec - 20120724

TheHacker - 20120724

TotalDefense - 20120718

TrendMicro - 20120724

TrendMicro-HouseCall - 20120724

VBA32 - 20120723

VIPRE - 20120724

ViRobot - 20120723

VirusBuster - 20120723

First seen by VirusTotal

2012-07-24 02:17:09 UTC ( 1 minute ago )

Last seen by VirusTotal

2012-07-24 02:17:09 UTC ( 1 minute ago )

Share this post


Link to post
Share on other sites

update

current detection for the now 8 day obsolete sample

SHA256: e0dc4d79d2c5a5c2fb1d9107b1c5f817c589c195f1b8fbbcaa64847b73c3cc78

SHA1: a352cb3a4327634d599911ea3d9e095950b2371b

MD5: c4b357b6b09b35c6784319b5a27914e8

File size: 810.5 KB ( 829965 bytes )

File name: E:\Downloads\scandsk(309).exe

File type: Win32 EXE

Detection ratio: 26 / 41

Analysis date: 2012-07-24 21:37:04 UTC ( 0 minutes ago )

AhnLab-V3 Trojan/Win32.Inject 20120724

AntiVir DR/Delphi.Gen 20120724

Antiy-AVL Trojan/Win32.Inject.gen 20120724

Avast Win32:Trojan-gen 20120724

AVG Generic28.CGSU 20120724

BitDefender Trojan.Generic.KDV.673357 20120724

ByteHero - 20120723

CAT-QuickHeal Trojan.Inject.eigh 20120724

ClamAV - 20120724

Commtouch - 20120724

Comodo UnclassifiedMalware 20120724

DrWeb Trojan.Rodricter.8 20120724

Emsisoft Trojan.Win32.Inject!IK 20120724

eSafe - 20120724

ESET-NOD32 Win32/Simda.B 20120724

F-Prot - 20120724

F-Secure Trojan.Generic.KDV.673357 20120724

Fortinet W32/Inject.EIGH!tr 20120724

GData Trojan.Generic.KDV.673357 20120724

Ikarus Trojan.Win32.Inject 20120724

Jiangmin - 20120724

K7AntiVirus - 20120724

Kaspersky Trojan.Win32.Inject.eigh 20120724

McAfee Generic BackDoor.abj 20120724

McAfee-GW-Edition - 20120724

Microsoft Backdoor:Win32/Simda.gen!E 20120724

Norman W32/Simda.AA 20120724

nProtect Trojan/W32.Agent.829965 20120724

Panda - 20120724

Rising - 20120724

Sophos Mal/EncPk-ACI 20120724

SUPERAntiSpyware - 20120724

Symantec - 20120724

TheHacker Trojan/Inject.eigh 20120724

TotalDefense - 20120724

TrendMicro - 20120724

TrendMicro-HouseCall TROJ_GEN.R47H1GG 20120724

VBA32 Trojan.Inject.eigh 20120724

VIPRE Trojan.Win32.Generic!BT 20120724

ViRobot Trojan.Win32.A.Inject.829965 20120724

VirusBuster - 20120724

First seen by VirusTotal

2012-07-16 02:32:08 UTC ( 1 week, 1 day ago )

Last seen by VirusTotal

2012-07-24 21:37:04 UTC ( 7 minutes ago )

and now the newest mutation

SHA256: 868888773e0710ad8886e3fae33dafd6a8d483cc6d66516aa4a13fbbd79d26b9

SHA1: 872b87bd6a88872976e87be050643d5c57c3749c

MD5: 503b6f7ea741f3f359b38e7ea19bfdf0

File size: 865.5 KB ( 886285 bytes )

File name: E:\Downloads\scandsk(366).exe

File type: Win32 EXE

Detection ratio: 8 / 41

Analysis date: 2012-07-24 21:33:03 UTC ( 0 minutes ago )

AhnLab-V3 - 20120724

AntiVir DR/Delphi.Gen 20120724

Antiy-AVL - 20120724

Avast - 20120724

AVG - 20120724

BitDefender - 20120724

ByteHero - 20120723

CAT-QuickHeal - 20120724

ClamAV - 20120724

Commtouch - 20120724

Comodo - 20120724

DrWeb - 20120724

Emsisoft Trojan.Win32.Inject!IK 20120724

eSafe - 20120724

ESET-NOD32 a variant of Win32/Injector.UHG 20120724

F-Prot - 20120724

F-Secure - 20120724

Fortinet W32/Delf.STT!tr 20120724

GData - 20120724

Ikarus Trojan.Win32.Inject 20120724

Jiangmin - 20120724

K7AntiVirus - 20120724

Kaspersky - 20120724

McAfee PWS-Zbot.gen.zy 20120724

McAfee-GW-Edition PWS-Zbot.gen.zy 20120724

Microsoft - 20120724

Norman - 20120724

nProtect - 20120724

Panda - 20120724

Rising - 20120724

Sophos Mal/EncPk-ACI 20120724

SUPERAntiSpyware - 20120724

Symantec - 20120724

TheHacker - 20120724

TotalDefense - 20120724

TrendMicro - 20120724

TrendMicro-HouseCall - 20120724

VBA32 - 20120724

VIPRE - 20120724

ViRobot - 20120724

VirusBuster - 20120724

First seen by VirusTotal

2012-07-24 21:33:03 UTC ( 11 minutes ago )

Last seen by VirusTotal

2012-07-24 21:33:03 UTC ( 11 minutes ago )

Share this post


Link to post
Share on other sites

update

here are the current detections for the now9 day obsolete trojan

SHA256: e0dc4d79d2c5a5c2fb1d9107b1c5f817c589c195f1b8fbbcaa64847b73c3cc78

SHA1: a352cb3a4327634d599911ea3d9e095950b2371b

MD5: c4b357b6b09b35c6784319b5a27914e8

File size: 810.5 KB ( 829965 bytes )

File name: E:\Downloads\scandsk(309).exe

File type: Win32 EXE

Detection ratio: 28 / 41

Analysis date: 2012-07-25 17:47:02 UTC ( 0 minutes ago )

AhnLab-V3 - 20120725

AntiVir DR/Delphi.Gen 20120725

Antiy-AVL Trojan/Win32.Inject.gen 20120725

Avast Win32:Trojan-gen 20120725

AVG Generic28.CGSU 20120725

BitDefender Trojan.Generic.KDV.673357 20120725

ByteHero - 20120723

CAT-QuickHeal Trojan.Inject.eigh 20120724

ClamAV - 20120725

Commtouch - 20120725

Comodo UnclassifiedMalware 20120725

DrWeb Trojan.Rodricter.8 20120725

Emsisoft Trojan.Win32.Inject!IK 20120725

eSafe - 20120724

ESET-NOD32 Win32/Simda.B 20120725

F-Prot - 20120725

F-Secure Trojan.Generic.KDV.673357 20120725

Fortinet W32/Inject.EIGH!tr 20120725

GData Trojan.Generic.KDV.673357 20120725

Ikarus Trojan.Win32.Inject 20120725

Jiangmin - 20120725

K7AntiVirus - 20120725

Kaspersky Trojan.Win32.Inject.eigh 20120725

McAfee Generic BackDoor.abj 20120725

McAfee-GW-Edition Generic BackDoor.abj 20120725

Microsoft Backdoor:Win32/Simda.gen!E 20120725

Norman W32/Simda.AA 20120725

nProtect Trojan/W32.Agent.829965 20120725

Panda Trj/CI.A 20120725

Rising - 20120725

Sophos Mal/EncPk-ACI 20120725

SUPERAntiSpyware - 20120725

Symantec WS.Reputation.1 20120725

TheHacker Trojan/Inject.eigh 20120725

TotalDefense - 20120724

TrendMicro - 20120725

TrendMicro-HouseCall TROJ_GEN.R47H1GG 20120725

VBA32 Trojan.Inject.eigh 20120725

VIPRE Trojan.Win32.Generic!BT 20120725

ViRobot Trojan.Win32.A.Inject.829965 20120725

VirusBuster - 20120725

First seen by VirusTotal

2012-07-16 02:32:08 UTC ( 1 week, 2 days ago )

Last seen by VirusTotal

2012-07-25 17:47:02 UTC ( 1 minute ago )

and here is the current mutation, detection has once again fallen off

SHA256: d36fe9f43335c6e8618ec243eadea18b6887763eb68154f5e64dde945fdb617d

SHA1: 6cdd5d2e81b5267261e71fede0926dfb18a09498

MD5: 35c0a360127cd4de1efe0471d440e727

File size: 981.0 KB ( 1004557 bytes )

File name: E:\Downloads\scandsk(370).exe

File type: Win32 EXE

Detection ratio: 4 / 41

Analysis date: 2012-07-25 17:46:35 UTC ( 1 minute ago )

AhnLab-V3 - 20120725

AntiVir DR/Delphi.Gen 20120725

Antiy-AVL - 20120725

Avast - 20120725

AVG - 20120725

BitDefender - 20120725

ByteHero - 20120723

CAT-QuickHeal - 20120724

ClamAV - 20120725

Commtouch W32/MalwareHiderPatched-based!Maximus 20120725

Comodo - 20120725

DrWeb - 20120725

Emsisoft - 20120725

eSafe - 20120724

ESET-NOD32 - 20120725

F-Prot W32/MalwareHiderPatched-based!Maximus 20120725

F-Secure - 20120725

Fortinet - 20120725

GData - 20120725

Ikarus - 20120725

Jiangmin - 20120725

K7AntiVirus Trojan 20120725

Kaspersky - 20120725

McAfee - 20120725

McAfee-GW-Edition - 20120725

Microsoft - 20120725

Norman - 20120725

nProtect - 20120725

Panda - 20120725

Rising - 20120725

Sophos - 20120725

SUPERAntiSpyware - 20120725

Symantec - 20120725

TheHacker - 20120725

TotalDefense - 20120724

TrendMicro - 20120725

TrendMicro-HouseCall - 20120725

VBA32 - 20120725

VIPRE - 20120725

ViRobot - 20120725

VirusBuster - 20120725

First seen by VirusTotal

2012-07-25 17:46:35 UTC ( 1 minute ago )

Last seen by VirusTotal

2012-07-25 17:46:35 UTC ( 1 minute ago )

Share this post


Link to post
Share on other sites

update

detection of the first sample has not changed but there is a new mutation from the same source

SHA256: 2a673f1b9cb00019202a309bdebde7b462d545e3d2b71a26617ef33a351e9eca

SHA1: 799e7dc50bc0bdde57ef4e56a95d6438e79b41ed

MD5: 3994538f2305c45586aa675f7e4ed7f3

File size: 882.0 KB ( 903181 bytes )

File name: E:\Downloads\scandsk(371).exe

File type: Win32 EXE

Detection ratio: 4 / 41

Analysis date: 2012-07-26 00:16:22 UTC ( 0 minutes ago )

AhnLab-V3 - 20120725

AntiVir DR/Delphi.Gen 20120725

Antiy-AVL - 20120725

Avast - 20120726

AVG - 20120725

BitDefender - 20120725

ByteHero - 20120723

CAT-QuickHeal - 20120724

ClamAV - 20120725

Commtouch W32/MalwareHiderPatched-based!Maximus 20120725

Comodo - 20120726

DrWeb - 20120725

Emsisoft - 20120726

eSafe - 20120724

ESET-NOD32 - 20120725

F-Prot W32/MalwareHiderPatched-based!Maximus 20120725

F-Secure - 20120726

Fortinet - 20120725

GData - 20120726

Ikarus - 20120725

Jiangmin - 20120725

K7AntiVirus Trojan 20120725

Kaspersky - 20120726

McAfee - 20120726

McAfee-GW-Edition - 20120725

Microsoft - 20120725

Norman - 20120725

nProtect - 20120725

Panda - 20120725

Rising - 20120725

Sophos - 20120725

SUPERAntiSpyware - 20120725

Symantec - 20120726

TheHacker - 20120725

TotalDefense - 20120724

TrendMicro - 20120726

TrendMicro-HouseCall - 20120726

VBA32 - 20120725

VIPRE - 20120725

ViRobot - 20120725

VirusBuster - 20120725

First seen by VirusTotal

2012-07-26 00:16:22 UTC ( 0 minutes ago )

Last seen by VirusTotal

2012-07-26 00:16:22 UTC ( 0 minutes ago )

Share this post


Link to post
Share on other sites

update

here are the latest updates for the original version and most recent mutation

first the original sample that is now 10 days obsolete

SHA256: e0dc4d79d2c5a5c2fb1d9107b1c5f817c589c195f1b8fbbcaa64847b73c3cc78

SHA1: a352cb3a4327634d599911ea3d9e095950b2371b

MD5: c4b357b6b09b35c6784319b5a27914e8

File size: 810.5 KB ( 829965 bytes )

File name: E:\Downloads\scandsk(309).exe

File type: Win32 EXE

Detection ratio: 29 / 41

Analysis date: 2012-07-26 04:51:13 UTC ( 0 minutes ago )

AhnLab-V3 Trojan/Win32.Inject 20120726

AntiVir DR/Delphi.Gen 20120726

Antiy-AVL Trojan/Win32.Inject.gen 20120726

Avast Win32:Trojan-gen 20120726

AVG Generic28.CGSU 20120725

BitDefender Trojan.Generic.KDV.673357 20120726

ByteHero - 20120723

CAT-QuickHeal Trojan.Inject.eigh 20120724

ClamAV - 20120726

Commtouch - 20120726

Comodo UnclassifiedMalware 20120726

DrWeb Trojan.Rodricter.8 20120726

Emsisoft Trojan.Win32.Inject!IK 20120726

eSafe - 20120724

ESET-NOD32 Win32/Simda.B 20120725

F-Prot - 20120725

F-Secure Trojan.Generic.KDV.673357 20120726

Fortinet W32/Inject.EIGH!tr 20120726

GData Trojan.Generic.KDV.673357 20120726

Ikarus Trojan.Win32.Inject 20120726

Jiangmin - 20120726

K7AntiVirus - 20120725

Kaspersky Trojan.Win32.Inject.eigh 20120726

McAfee Generic BackDoor.abj 20120726

McAfee-GW-Edition Generic BackDoor.abj 20120725

Microsoft Backdoor:Win32/Simda.gen!E 20120726

Norman W32/Simda.AA 20120725

nProtect Trojan/W32.Agent.829965 20120726

Panda Trj/CI.A 20120725

Rising - 20120726

Sophos Mal/EncPk-ACI 20120726

SUPERAntiSpyware - 20120726

Symantec Trojan.Gen 20120726

TheHacker Trojan/Inject.eigh 20120725

TotalDefense - 20120724

TrendMicro - 20120726

TrendMicro-HouseCall TROJ_GEN.R47H1GG 20120726

VBA32 Trojan.Inject.eigh 20120725

VIPRE Trojan.Win32.Generic!BT 20120726

ViRobot Trojan.Win32.A.Inject.829965 20120726

VirusBuster - 20120725

First seen by VirusTotal

2012-07-16 02:32:08 UTC ( 1 week, 3 days ago )

Last seen by VirusTotal

2012-07-26 04:51:13 UTC ( 3 minutes ago )

and here is the current mutation, detection is still terrible

SHA256: 482269069d7997309030340c3553418da178b6a16fdb3006feb698eacc51d412

SHA1: 93f07bf5be9784a700abee8c723446e14e8a19e2

MD5: 53e13b40b0c2afc92e4306877eeacac8

File size: 887.0 KB ( 908301 bytes )

File name: E:\Downloads\scandsk(372).exe

File type: Win32 EXE

Detection ratio: 4 / 41

Analysis date: 2012-07-26 04:49:02 UTC ( 0 minutes ago )

AhnLab-V3 - 20120726

AntiVir DR/Delphi.Gen 20120726

Antiy-AVL - 20120726

Avast - 20120726

AVG - 20120725

BitDefender - 20120726

ByteHero - 20120723

CAT-QuickHeal - 20120724

ClamAV - 20120726

Commtouch W32/MalwareHiderPatched-based!Maximus 20120726

Comodo - 20120726

DrWeb - 20120726

Emsisoft - 20120726

eSafe - 20120724

ESET-NOD32 - 20120725

F-Prot W32/MalwareHiderPatched-based!Maximus 20120725

F-Secure - 20120726

Fortinet - 20120726

GData - 20120726

Ikarus - 20120726

Jiangmin - 20120726

K7AntiVirus Trojan 20120725

Kaspersky - 20120726

McAfee - 20120726

McAfee-GW-Edition - 20120725

Microsoft - 20120726

Norman - 20120725

nProtect - 20120726

Panda - 20120725

Rising - 20120726

Sophos - 20120726

SUPERAntiSpyware - 20120726

Symantec - 20120726

TheHacker - 20120725

TotalDefense - 20120724

TrendMicro - 20120726

TrendMicro-HouseCall - 20120726

VBA32 - 20120725

VIPRE - 20120726

ViRobot - 20120726

VirusBuster - 20120725

First seen by VirusTotal

2012-07-26 04:49:02 UTC ( 5 minutes ago )

Last seen by VirusTotal

2012-07-26 04:49:02 UTC ( 5 minutes ago )

Share this post


Link to post
Share on other sites

detections of the base sample have not changed but there is another mutation today

SHA256: a4d0242a108bba737a609edc0599ca283b0bb03c27ae3868af427639bae6128e

SHA1: 59fa3e69836660acfdbf14a7eaf9fe2c92e6100a

MD5: 6b555c9775272918c8a097c2031ac295

File size: 802.5 KB ( 821773 bytes )

File name: E:\Downloads\scandsk(378).exe

File type: Win32 EXE

Detection ratio: 4 / 41

Analysis date: 2012-07-27 11:48:59 UTC ( 1 minute ago )

AhnLab-V3 - 20120727

AntiVir - 20120727

Antiy-AVL - 20120727

Avast - 20120727

AVG - 20120727

BitDefender - 20120727

ByteHero - 20120723

CAT-QuickHeal - 20120727

ClamAV - 20120727

Commtouch W32/MalwareHiderPatched-based!Maximus 20120727

Comodo - 20120727

DrWeb - 20120727

Emsisoft - 20120727

eSafe - 20120726

ESET-NOD32 - 20120727

F-Prot W32/MalwareHiderPatched-based!Maximus 20120727

F-Secure - 20120727

Fortinet - 20120727

GData - 20120727

Ikarus - 20120727

Jiangmin - 20120727

K7AntiVirus Trojan 20120726

Kaspersky - 20120727

McAfee Generic BackDoor.abu 20120727

McAfee-GW-Edition - 20120727

Microsoft - 20120727

Norman - 20120727

nProtect - 20120726

Panda - 20120727

Rising - 20120726

Sophos - 20120727

SUPERAntiSpyware - 20120727

Symantec - 20120727

TheHacker - 20120726

TotalDefense - 20120726

TrendMicro - 20120727

TrendMicro-HouseCall - 20120727

VBA32 - 20120726

VIPRE - 20120727

ViRobot - 20120727

VirusBuster - 20120727

First seen by VirusTotal

2012-07-27 11:48:59 UTC ( 13 minutes ago )

Last seen by VirusTotal

2012-07-27 11:48:59 UTC ( 13 minutes ago )

Share this post


Link to post
Share on other sites

the starting sample has the same detections still but there is a new mutation today

SHA256: 491654e756a30fc41987be6796b55d4c092eb826f74b11766d21dc923e81ec6a

SHA1: 0dfd7e76a2287072ad83e5a888b915c145730c0d

MD5: c8c6743fac59c182fb164a2cc5c5e3f8

File size: 1007.5 KB ( 1031693 bytes )

File name: E:\Downloads\scandsk(382).exe

File type: Win32 EXE

Detection ratio: 4 / 41

Analysis date: 2012-07-28 19:38:59 UTC ( 0 minutes ago )

AhnLab-V3 - 20120728

AntiVir - 20120728

Antiy-AVL - 20120727

Avast - 20120728

AVG - 20120728

BitDefender - 20120728

ByteHero - 20120723

CAT-QuickHeal - 20120728

ClamAV - 20120728

Commtouch W32/MalwareHiderPatched-based!Maximus 20120728

Comodo - 20120728

DrWeb Adware.InstallCore.53 20120728

Emsisoft - 20120728

eSafe - 20120726

ESET-NOD32 - 20120728

F-Prot W32/MalwareHiderPatched-based!Maximus 20120728

F-Secure - 20120728

Fortinet - 20120728

GData - 20120728

Ikarus - 20120728

Jiangmin - 20120728

K7AntiVirus Trojan 20120728

Kaspersky - 20120728

McAfee - 20120728

McAfee-GW-Edition - 20120728

Microsoft - 20120728

Norman - 20120728

nProtect - 20120728

Panda - 20120728

Rising - 20120726

Sophos - 20120728

SUPERAntiSpyware - 20120728

Symantec - 20120728

TheHacker - 20120728

TotalDefense - 20120728

TrendMicro - 20120728

TrendMicro-HouseCall - 20120728

VBA32 - 20120727

VIPRE - 20120728

ViRobot - 20120728

VirusBuster - 20120728

First seen by VirusTotal

2012-07-28 19:38:59 UTC ( 3 minutes ago )

Last seen by VirusTotal

2012-07-28 19:38:59 UTC ( 3 minutes ago )

Share this post


Link to post
Share on other sites

another update today, first the initial sample that is now 2 weeks obsolete

SHA256: e0dc4d79d2c5a5c2fb1d9107b1c5f817c589c195f1b8fbbcaa64847b73c3cc78

SHA1: a352cb3a4327634d599911ea3d9e095950b2371b

MD5: c4b357b6b09b35c6784319b5a27914e8

File size: 810.5 KB ( 829965 bytes )

File name: E:\Downloads\scandsk(309).exe

File type: Win32 EXE

Detection ratio: 32 / 41

Analysis date: 2012-07-30 21:13:24 UTC ( 0 minutes ago )

AhnLab-V3 Trojan/Win32.Inject 20120730

AntiVir DR/Delphi.Gen 20120730

Antiy-AVL Trojan/Win32.Inject.gen 20120727

Avast Win32:Trojan-gen 20120730

AVG Generic28.CGSU 20120730

BitDefender Trojan.Generic.KDV.673357 20120730

ByteHero - 20120723

CAT-QuickHeal Trojan.Inject.eigh 20120730

ClamAV - 20120730

Commtouch - 20120730

Comodo UnclassifiedMalware 20120730

DrWeb Trojan.Rodricter.8 20120730

Emsisoft Trojan.Win32.Inject!IK 20120730

eSafe - 20120730

ESET-NOD32 Win32/Simda.B 20120730

F-Prot - 20120730

F-Secure Trojan.Generic.KDV.673357 20120730

Fortinet W32/Inject.EIGH!tr 20120730

GData Trojan.Generic.KDV.673357 20120730

Ikarus Trojan.Win32.Inject 20120730

Jiangmin Trojan/Inject.aiya 20120730

K7AntiVirus - 20120730

Kaspersky Trojan.Win32.Inject.eigh 20120730

McAfee Generic BackDoor.abj 20120730

McAfee-GW-Edition Generic BackDoor.abj 20120730

Microsoft Backdoor:Win32/Simda.gen!E 20120730

Norman W32/Simda.AA 20120730

nProtect Trojan/W32.Agent.829965 20120730

Panda Trj/CI.A 20120730

Rising - 20120730

Sophos Mal/EncPk-ACI 20120730

SUPERAntiSpyware - 20120729

Symantec Trojan.Gen 20120730

TheHacker Trojan/Inject.eigh 20120730

TotalDefense - 20120730

TrendMicro TROJ_GEN.R47C1GS 20120730

TrendMicro-HouseCall TROJ_GEN.R47C1GS 20120730

VBA32 Trojan.Inject.eigh 20120730

VIPRE Trojan.Win32.Generic!BT 20120730

ViRobot Trojan.Win32.A.Inject.829965 20120730

VirusBuster Trojan.Inject!ehulIdEE6p4 20120730

First seen by VirusTotal

2012-07-16 02:32:08 UTC ( 2 weeks ago )

Last seen by VirusTotal

2012-07-30 21:10:05 UTC ( 3 minutes ago )

and now the newest mutation, detection has fallen even further for this well know trojan

SHA256: 096c9c6a3b4e901f6e619ddcbfa0ee8da0f03e858429d548f4888b7b24e9d9c9

SHA1: d0154ac745a6e36f3976204da49e36f10a8f2098

MD5: 26f0ceb8c46f371db417f43ffc73fe68

File size: 979.5 KB ( 1003021 bytes )

File name: E:\Downloads\scandsk(391).exe

File type: Win32 EXE

Detection ratio: 2 / 41

Analysis date: 2012-07-30 21:08:04 UTC ( 0 minutes ago )

AhnLab-V3 - 20120730

AntiVir - 20120730

Antiy-AVL - 20120727

Avast - 20120730

AVG - 20120730

BitDefender - 20120730

ByteHero - 20120723

CAT-QuickHeal - 20120730

ClamAV - 20120730

Commtouch - 20120730

Comodo - 20120730

DrWeb - 20120730

Emsisoft Virus.Win32.DelfInject !IK 20120730

eSafe - 20120730

ESET-NOD32 - 20120730

F-Prot - 20120730

F-Secure - 20120730

Fortinet - 20120730

GData - 20120730

Ikarus Virus.Win32.DelfInject 20120730

Jiangmin - 20120730

K7AntiVirus - 20120730

Kaspersky - 20120730

McAfee - 20120730

McAfee-GW-Edition - 20120730

Microsoft - 20120730

Norman - 20120730

nProtect - 20120730

Panda - 20120730

Rising - 20120730

Sophos - 20120730

SUPERAntiSpyware - 20120729

Symantec - 20120730

TheHacker - 20120730

TotalDefense - 20120730

TrendMicro - 20120730

TrendMicro-HouseCall - 20120730

VBA32 - 20120730

VIPRE - 20120730

ViRobot - 20120730

VirusBuster - 20120730

First seen by VirusTotal

2012-07-30 21:08:04 UTC ( 2 minutes ago )

Last seen by VirusTotal

2012-07-30 21:08:04 UTC ( 2 minutes ago )

Share this post


Link to post
Share on other sites

this is going to be the final update as detection from for the initial sample has stopped increasing

here is the current detection for the most recent mutation from the same source used for ever sample in this test

SHA256: f29f814dad85613698b668833c48f8b4635c6a88b56a4660c050fa1406792f66

SHA1: 1c9914e8b847de1c57e509890b81fd7539c5cbea

MD5: 5dded97297d4ebdc3b28c3a6eacfed59

File size: 944.0 KB ( 966669 bytes )

File name: E:\Downloads\scandsk(405).exe

File type: Win32 EXE

Detection ratio: 1 / 41

Analysis date: 2012-08-03 15:56:51 UTC ( 1 minute ago )

AhnLab-V3 - 20120803

AntiVir - 20120803

Antiy-AVL - 20120803

Avast - 20120803

AVG - 20120803

BitDefender - 20120803

ByteHero - 20120723

CAT-QuickHeal - 20120803

ClamAV - 20120803

Commtouch - 20120803

Comodo - 20120803

DrWeb - 20120803

Emsisoft - 20120803

eSafe - 20120802

ESET-NOD32 - 20120803

F-Prot - 20120803

F-Secure - 20120803

Fortinet - 20120803

GData - 20120803

Ikarus - 20120803

Jiangmin - 20120803

K7AntiVirus - 20120802

Kaspersky - 20120803

McAfee - 20120803

McAfee-GW-Edition - 20120802

Microsoft - 20120803

Norman - 20120803

nProtect - 20120803

Panda Suspicious file 20120803

Rising - 20120803

Sophos - 20120803

SUPERAntiSpyware - 20120803

Symantec - 20120803

TheHacker - 20120801

TotalDefense - 20120802

TrendMicro - 20120803

TrendMicro-HouseCall - 20120803

VBA32 - 20120803

VIPRE - 20120803

ViRobot - 20120803

VirusBuster - 20120803

First seen by VirusTotal

2012-08-03 15:56:51 UTC ( 5 minutes ago )

Last seen by VirusTotal

2012-08-03 15:56:51 UTC ( 5 minutes ago )

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0

  • Recently Browsing   0 members

    No registered users viewing this page.