Mobile and print friendly view | Contagio Exchange - Contagio community malware dump

Thursday, February 4, 2010

Feb 04 Downloader Trojan "Friends say I am free" from joan@fguang.com

This came as a rar archive with a password featured on the postcard 12ab34.What does the postcard say - can anyone translate? This is a lame and huge (2mb) mailing but maybe exe will be of interest for someone, it has a very low detection rate.

Download a694466ea431046d2a063db37390abea Content. Exe - 内容.exe as a password protected archive (contact me for the password if you need it)



Friends say I am free

From: joan [mailto:joan@fguang.com]
Sent: Thursday, February 04, 2010 12:35 PM
To: XXXXXXXXXXXXX
Subject: 朋友们说 我很自由














CW Sandbox
http://www.sunbeltsecurity.com/cwsandboxreport.aspx?id=51263117&cs=7F3CF650FE8908CE7DC291901D7A2878


Anubis
http://anubis.iseclab.org/?action=result&task_id=19d68eaed2090ba344d36653cc1feb143&call=first

Virustotal
 http://www.virustotal.com/analisis/9c9743d33025cd50910dfef8a7c2f1560e3d45b85e2871a357b47ccd66749c9a-1265695511
Result: 3/40 (7.5%)
eSafe 7.0.17.0 2010.02.07 Win32.TrojanHorse
F-Secure 9.0.15370.0 2010.02.09 Suspicious:W32/Riskware!Online
Sophos 4.50.0 2010.02.09 Troj/DwnLdr-IAE
File size: 1536904 bytes
MD5...: a694466ea431046d2a063db37390abea

No comments:

Post a Comment