Monday, December 7, 2009

Dec.7 Attack of the Day. Poison Ivy zip download link. Our soliders in Afghanistan Mon. Dec 07, 2009 10:34 AM




Download Afghanistan.zip 052e62513505a25ccfadf900a052709c http://www.mediafire.com/file/dwo2kih2ayn/Afghanistan8.zip



 From: XXX@yahoo.com]
Sent: Monday, December 07, 2009 10:34 AM
To: XXX@xxx.xxx
Subject: Our soliders in Afghanistan
President Obama recently announced that he was determined to "finish the job"
in Afghanistan, and aides signaled to allies that he would send as many as
25,000 to 30,000 additional American troops there. 2009 is shaping up to be
the deadliest year yet for coalition troops - twice as deadly as 2008.
Here are images of the country and conflict over the past month...
http://www.dreamlifes.net/Afghanistan/Afghanistan.zip
Regards


Virustotal scan 
http://www.virustotal.com/analisis/16952bc60a64af478fd7fd74bfb662b2f2c26cebc515cf4d17adeed90da6cf06-1260935214
File Afghanistan.scr received on 2009.12.16 03:46:54 (UTC)
Result: 22/41 (53.66%)

a-squared 4.5.0.43 2009.12.16 Riskware.RemoteAdmin.Win32.PoisonIvy!IK
AhnLab-V3 5.0.0.2 2009.12.15 Dropper/Malware.1259008.B
AntiVir 7.9.1.108 2009.12.15 TR/Mepaow.jvr
Avast 4.8.1351.0 2009.12.15 Win32:Malware-gen
AVG 8.5.0.427 2009.12.15 SHeur2.BTHV.dropper
BitDefender 7.2 2009.12.16 BehavesLike:Win32.ExplorerHijack
eSafe 7.0.17.0 2009.12.15 Win32.TRMepaow.Jvr
F-Secure 9.0.15370.0 2009.12.15 BehavesLike:Win32.ExplorerHijack
Fortinet 4.0.14.0 2009.12.16 RAT/PoisonIvy
GData 19 2009.12.16 BehavesLike:Win32.ExplorerHijack
Ikarus T3.1.1.77.0 2009.12.16 not-a-virus:RemoteAdmin.Win32.PoisonIvy
K7AntiVirus 7.10.920 2009.12.14 not-a-virus:RemoteAdmin.Win32.PoisonIvy.c
Kaspersky 7.0.0.125 2009.12.16 not-a-virus:RemoteAdmin.Win32.PoisonIvy.c
McAfee+Artemis 5833 2009.12.15 potentially unwanted program Artemis!052E62513505
McAfee-GW-Edition 6.8.5 2009.12.15 Trojan.Mepaow.jvr
nProtect 2009.1.8.0 2009.12.15 Trojan/W32.Agent.1259008.C
Panda 10.0.2.2 2009.12.15 Malicious Packer
PCTools 7.0.3.5 2009.12.16 Backdoor.Trojan
Rising 22.26.02.01 2009.12.16 Backdoor.Win32.RemoteAdmin.a
Sophos 4.48.0 2009.12.16 Mal/Generic-A
Sunbelt 3.2.1858.2 2009.12.16 Trojan.Win32.Generic!BT
Symantec 1.4.4.12 2009.12.16 Backdoor.Trojan

Additional information
File size: 1259008 bytes
MD5...: 052e62513505a25ccfadf900a052709c
SHA1..: 5ba291b3a0810bc319e243bb496f3b99a5280a64
SHA256: 16952bc60a64af478fd7fd74bfb662b2f2c26cebc515cf4d17adeed90da6cf06
ssdeep: 24576:PxW/6gOd4NpwO7ghtSaKvq+dh1j9gBYH+/kXEok48:ZWlhwWghtSq+rjgB

Headers
....
Received: from [174.139.22.106] by web56506.mail.re3.yahoo.com via HTTP; Mon, 07 Dec 2009 07:33:57 PST

X-Mailer: YahooMailClassic/8.1.6 YahooMailWebService/0.8.100.260964
Date: Mon, 7 Dec 2009 07:33:57 -0800 (PST)
From: XXXXXXXXX stolen yahoo account
Subject: Our soliders in Afghanistan
To: XXXXXXXX
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="0-743893425-1260200037=:86552"
Return-Path: XXXXXXXXX stolen yahoo account
X-OriginalArrivalTime: 07 Dec 2009 15:34:01.0709 (UTC) FILETIME=[B39069D0:01CA7752]

174.139.22.106
Hostname: customer.krypt.com

ISP: VPLS Inc. d/b/a Krypt Technologies
Organization: Kevin Perry
Type: Corporate
Country: United States
State/Region: CO
City: Boulder

1 comment:

  1. 09/June/2011
    Just found 2 x SHeur2.SBF on a computer in Shenzhen Shekou in China

    ReplyDelete