You are not logged in. Please login or register.
jamesbond.exe
VirusTotal 17.1 %
[Register or log in to view the URL]
[Register or log in to view the URL]
password: infected
webcam.exe
Downloaded from hxxp://www.softcab.com/ftp/webcam.exe
VirusTotal 12.2 %
[Register or log in to view the URL]
[Register or log in to view the URL]
password: infected
Last edited by Kobayashi (2011-06-17 17:45:57)
VirusTotal 23.8 %
[Register or log in to view the URL]
[Register or log in to view the URL]
password: infected
chu.exe
VirusTotal 21.4 %
[Register or log in to view the URL]
Download:
[Register or log in to view the URL]
password: infected
From Yahoo Mail "IRS notification letter"
VirusTotal 31 %
[Register or log in to view the URL]
Download:
[Register or log in to view the URL]
Another sample
[Register or log in to view the URL]
VT 57.1 %
[Register or log in to view the URL]
Password: infected
See also here:
[Register or log in to view the URL]
Last edited by Kobayashi (2011-07-03 08:19:03)
Received by mail.
VirusTotal 12.2 %
[Register or log in to view the URL]
Download.
[Register or log in to view the URL]
password: infected
[Register or log in to view the URL]
it's a trojan ransom
unlock code:1351236
send thanks or karma to minodal95 (and herm1t)
first screen
second screen
it has different languages too
From Yahoo mail.
Subject: "ACOMPANHANTES DE LUXO"
or " 4 Jovens sao filmados e presos apos fazer sexo com menor em posto de gasolina no Distrito Federal"
Download link in mail:
hxxp://ad.doubleclick.net/clk;210557104;32229481;v?http://187.61.5.26/~flogsnet/d/FOTOS_DSC_JPG.php?0.40971
Downloaded file: Fotos_dsc_0932_jpg.cpl
VirusTotal 47.6 %
[Register or log in to view the URL]
Created files:
c:\WINDOWS\kernelSms32.exe
VirusTotal 31 %
[Register or log in to view the URL]
c:\WINDOWS\svchosts32.exe
VirusTotal 38.1 %
[Register or log in to view the URL]
Startup :
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
Does connect to 201.7.184.2, located in Brazil
Download all files with test rapport.
[Register or log in to view the URL]
password: infected
Received by mail.
Downloaded from hxxp://demo.ckentgroup.com/kenchan/international/fotos_jpg.exe
VirusTotal 31.0 %
[Register or log in to view the URL]
Dropped /downloaded files:
c:\Documents and Settings\All Users\Application Data\Designer\DesignerLG.exe
Registry key added: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
VirusTotal 35.7 %
[Register or log in to view the URL]
c:\Documents and Settings\%userr%\Local Settings\Temp\hookdll.dll
VirusTotal 7.1 %
[Register or log in to view the URL]
Download 3 files
[Register or log in to view the URL]
password: infected
Downloaded from hxxp://jessicapussy.fileave.com/Steam.exe
Steam.exe
VirusTotal 36.7 %
[Register or log in to view the URL]
Steam.exe does install process32.exe and tempfile.exe (a copy of Steam.exe)
A startup key is added to the registry for tempfile.exe
(HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run)
process32.exe
VirusTotal 21.4 %
[Register or log in to view the URL]
Download.
[Register or log in to view the URL]
password: infected
From mail "It's Kathy's new car!"
Link to hxxp://arcid_87326160.oposumcruiser.com/arc/file
Download archive.exe
VirusTotal 61.9 %
[Register or log in to view the URL]
New created file "ytra.exe"
with Registry Key "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run"
VirusTotal 45.2 %
[Register or log in to view the URL]
Download
[Register or log in to view the URL]
password "infected"
To view porn files on your phone, you must download and install the YouTube-Player v.1.65
From website hxxp://youtubemobile.ru/ downloaded hxxp://zver.in/dx/123/Porno_Player.jar
VirusTotal 4.8 %
[Register or log in to view the URL]
Download
[Register or log in to view the URL]
password "infected"
Received by Yahoo mail.
Similar to this one. http://forum.vxheavens.com/viewtopic.php?pid=6897#p6897
Imagen-Jpg .exe
VirusTotal
[Register or log in to view the URL]
New created files:
DesignerLG.exe
VirusTotal
[Register or log in to view the URL]
hookdll.dll
VirusTotal
[Register or log in to view the URL]
Startup key is added for "DesignerLG.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "DesignerLG.exe"
Download
[Register or log in to view the URL]
password "infected"
Crack.Free_Disk_Defrag
Keygen.Free_Disk_Defrag_2.0.3.45446.exe
VirusTotal 19.5%
[Register or log in to view the URL]
Crack.Free_Disk_Defrag_2.0.15.45446.exe
VirusTotal 26.2%
[Register or log in to view the URL]
Download
[Register or log in to view the URL]
password "infected"
Downloaded from hxxp://www.projectxcam.com/
Template-Extract.exe
VirusTotal 59.5 %
[Register or log in to view the URL]
Download
[Register or log in to view the URL]
password: "infected"
x7_Race_Changer.exe
VirusTotal 64.3 %
[Register or log in to view the URL]
Download
[Register or log in to view the URL]
password "infected"
test.bat
VirusTotal 19.0 %
[Register or log in to view the URL]
Download
[Register or log in to view the URL]
password "infected"
Last edited by Kobayashi (2011-06-29 21:49:36)
bitcoin stealing trojan
Read [Register or log in to view the URL]
builder.exe 0%
[Register or log in to view the URL]
stub.exe 4.8 %
[Register or log in to view the URL]
BC-Done.exe 4.8 %
[Register or log in to view the URL]
bitcoin.php 0 %
[Register or log in to view the URL]
bitcoin2 2.4 %
[Register or log in to view the URL]
Download
[Register or log in to view the URL]
password "infected"
svchosta.exe
Downloaded from hxxp://91.212.135.158/svchosta.exe
VirusTotal 42.9 %
[Register or log in to view the URL]
Download
[Register or log in to view the URL]
password "infected"
bodun.jar
hxxp://dalanaya.cz.cc/bodun.jar
VirusTotal 45.2 %
[Register or log in to view the URL]
Download
[Register or log in to view the URL]
password "infected"
update.exe
downloaded from hxxp://46.108.225.43/update.exe
VT 31.0 %
[Register or log in to view the URL]
Creates file jashla.exe with Registry autostart.
VT 33.3 %
[Register or log in to view the URL]
Download
[Register or log in to view the URL]
password "infected"
Atualizacao_CitiBank.exe
Downloaded from hxxp://186.202.61.217/Atualizacao_CitiBank.exe
VirusTotal 11.9 %
[Register or log in to view the URL]
Download
[Register or log in to view the URL]
password "infected"
GOOGLE.exe
Download hxxp://109.235.249.44/GOOGLE.exe
VT 82.9 %
[Register or log in to view the URL]
Created files;
Hit.exe
VT 83.3 %
[Register or log in to view the URL]
resim.exe
VT 81.0 %
[Register or log in to view the URL]
tv.exe
VT 83.3 %
[Register or log in to view the URL]
web.exe
VT 83.3 %
[Register or log in to view the URL]
winlogon.exe
VT 73.8 %
[Register or log in to view the URL]
syz.reg
VT 0.0 %
[Register or log in to view the URL]
Download
[Register or log in to view the URL]
password "infected"
Stephanie's Nude Videos Exposed 2011.exe
VT 11.9 %
[Register or log in to view the URL]
Download
[Register or log in to view the URL]
password "infected"
visualizarDOC-PDF.scr
Download hxxp://www.alugarveleiro.com.br/XHTML//visualizarDOC-PDF.scr
VirusTotal 42.9 %
[Register or log in to view the URL]
Creates file C:\Windows\service\2s.exe
with autostart HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\RUN
Download
[Register or log in to view the URL]
password "infected"
smiley9.gif.exe
hxxp://poderygloria.org/.smileys/smiley9.gif.exe
VirusTotal 44.2 %
[Register or log in to view the URL]
Download
[Register or log in to view the URL]
password "infected"