Thursday, December 6, 2012

Oct 2012 - Skype Dorkbot / W32.Phopifas samples




End of the year presents:
These are 4 samples of Skype Dorkbot / W32.Phopifas
Related News and Analysis:
October 2012
Infection Spreads Profile Pic Messages to Skype Users -GFI
W32.Phopifas | Symantec



Download



Files


  1. 926B749219E33D4EF2D8996DCCE22354
  2. 88E635876F20CDB681CA0EDD31D5ACB5
  3. B8CD29A76DA2E4747FF9DE8C1DC5202B 
  4. F84178426AB688EA35EC4D96D18537F9


Automatic scans


https://www.virustotal.com/file/a36b74c64b85605b79f662821cd455eb96449a3c4e35fd3eaac7a6e40f87a38b/analysis/1354847521/
SHA256: a36b74c64b85605b79f662821cd455eb96449a3c4e35fd3eaac7a6e40f87a38b
SHA1: 34d48ccea4a619408064f133cb49c5036c75509b
MD5: 88e635876f20cdb681ca0edd31d5acb5
File size: 32.0 KB ( 32768 bytes )
File name: 8E635876F20CDB681CA0EDD31D5ACB5

File type: Win32 EXE
Detection ratio: 31 / 42
Analysis date: 2012-12-07 02:32:01 UTC ( 1 minute ago )
00

Additional information
Antivirus Result Update
Agnitum Worm.Rodpicom!/SOsrYJpUIk 20121206
AntiVir TR/Bublik.I 20121207
Avast Win32:Crypt-NXP [Trj] 20121207
AVG Downloader.Generic13.LGV 20121207
BitDefender Win32.Floppier.A 20121206
CAT-QuickHeal TrojanDropper.Agent.hdfl 20121206
ClamAV - 20121207
Comodo UnclassifiedMalware 20121206
Emsisoft Win32.Floppier.A (B) 20121207
eSafe - 20121205
ESET-NOD32 Win32/Rodpicom.A 20121206
F-Prot - 20121206
Fortinet W32/Boberog.AZ!tr 20121207
GData Win32.Floppier.A 20121207
Ikarus Virus.Win32.CeeInject 20121206
Jiangmin Trojan/Generic.avgzr 20121206
K7AntiVirus Riskware 20121206
Kaspersky Trojan-Dropper.Win32.Agent.hdfl 20121206
Kingsoft Win32.Troj.Yakes.(kcloud) 20121206
McAfee Generic.dx!bgcd 20121207
McAfee-GW-Edition Generic.dx!bgcd 20121206
Microsoft Worm:Win32/Dorkbot.AK 20121207
MicroWorld-eScan Win32.Floppier.A 20121206
NANO-Antivirus Trojan.Win32.Spamlink.ziaze 20121207
Norman W32/Troj_Generic.EUPTJ 20121206
nProtect Trojan/W32.Agent.32768.CEQ 20121207
Panda Trj/CI.A 20121206
PCTools Malware.Phopifas 20121207
SUPERAntiSpyware Trojan.Agent/Gen-Floppier 20121207
Symantec W32.Phopifas 20121207
TheHacker Trojan/Rodpicom.a 20121207
TrendMicro-HouseCall WORM_DORKBOT.IF 20121207
VIPRE Trojan.Win32.Generic!BT 20121206
ViRobot Trojan.Win32.A.Yakes.24064.L 20121206

https://www.virustotal.com/file/7e2cc281dd8c4df94b7bdba4d5517254064714444c17abd646d8b5a40033212d/analysis/1354847560/
SHA256: 7e2cc281dd8c4df94b7bdba4d5517254064714444c17abd646d8b5a40033212d
SHA1: 6431a1b536bd623fef398dbea10baaa688b85ea5
MD5: 926b749219e33d4ef2d8996dcce22354
File size: 23.5 KB ( 24064 bytes )
File name: 2014DB56271F0712808AF5600BB8BF73.exe
File type: Win32 EXE
Detection ratio: 37 / 46
Analysis date: 2012-12-07 02:32:40 UTC ( 0 minutes ago )

Agnitum Worm.Rodpicom!/SOsrYJpUIk 20121206
AhnLab-V3 ASD.Prevention 20121206
AntiVir TR/Bublik.I 20121207
Antiy-AVL - 20121204
Avast Win32:Crypt-NXP [Trj] 20121207
AVG Downloader.Generic13.LGV 20121207
BitDefender Win32.Floppier.A 20121206
ByteHero - 20121130
CAT-QuickHeal Worm.Dorkbot.gen 20121206
ClamAV - 20121207
Commtouch - 20121206
Comodo - 20121206
DrWeb Trojan.Spamlink.3 20121207
Emsisoft Trojan.Win32.Agent.AMN (A) 20121207
eSafe - 20121205
ESET-NOD32 Win32/Rodpicom.A 20121206
F-Prot - 20121206
F-Secure Win32.Floppier.A 20121207
Fortinet W32/Agent.YDD!tr 20121207
GData Win32.Floppier.A 20121207
Ikarus Virus.Win32.CeeInject 20121206
Jiangmin Trojan/Generic.avgzr 20121206
K7AntiVirus Riskware 20121206
Kaspersky Trojan.Win32.Yakes.bgft 20121206
Kingsoft Win32.Troj.Yakes.(kcloud) 20121206
Malwarebytes Trojan.Agent 20121207
McAfee Generic.dx!bgbb 20121207
McAfee-GW-Edition Generic.dx!bgbb 20121206
Microsoft Worm:Win32/Dorkbot.AK 20121207
MicroWorld-eScan Win32.Floppier.A 20121206
NANO-Antivirus Trojan.Win32.Spamlink.ziaze 20121207
Norman W32/Troj_Generic.EQRMN 20121206
nProtect Win32.Floppier.A 20121207
Panda Trj/OCJ.A 20121206
PCTools Malware.Phopifas 20121207
Rising - 20121206
Sophos Troj/Agent-YDD 20121207
SUPERAntiSpyware Trojan.Agent/Gen-Floppier 20121207
Symantec W32.Phopifas 20121207
TheHacker Trojan/Rodpicom.a 20121207
TotalDefense - 20121206
TrendMicro WORM_DORKBOT.IF 20121207
TrendMicro-HouseCall WORM_DORKBOT.IF 20121207
VBA32 Trojan.MTE.01676 20121205
VIPRE Trojan.Win32.Generic!BT 20121206
ViRobot Trojan.Win32.A.Yakes.24064.L 20121206

https://www.virustotal.com/file/076c65bfb4a6b15f7af11e4714945bd6c599a78b98e07c59febabbc0b7dc256b/analysis/1354847573/
HA256: 076c65bfb4a6b15f7af11e4714945bd6c599a78b98e07c59febabbc0b7dc256b
SHA1: 35f89a167ea5ff0ea1d35824dda9e48bfa8521d4
MD5: b8cd29a76da2e4747ff9de8c1dc5202b
File size: 79.5 KB ( 81408 bytes )
File name: B8CD29A76DA2E4747FF9DE8C1DC5202B.exe_
File type: Win32 EXE
Detection ratio: 36 / 44
Analysis date: 2012-12-07 02:32:53 UTC ( 1 minute ago )

Antivirus Result Update
Agnitum - 20121206
AhnLab-V3 Spyware/Win32.Zbot 20121206
AntiVir TR/Dropper.Gen7 20121207
Antiy-AVL - 20121204
Avast Win32:Trojan-gen 20121207
AVG Crypt.BAND 20121207
BitDefender Worm.Generic.396812 20121206
ByteHero - 20121130
CAT-QuickHeal Trojan.Agent.gen 20121206
ClamAV - 20121207
Commtouch - 20121206
Comodo UnclassifiedMalware 20121206
Emsisoft Trojan.Win32.AMN (A) 20121207
eSafe - 20121205
ESET-NOD32 Win32/Rodpicom.B 20121206
F-Prot - 20121206
F-Secure Worm.Generic.396812 20121207
Fortinet W32/Menti.OSIU!tr 20121207
GData Worm.Generic.396812 20121207
Ikarus Win32.LockScreen 20121206
Jiangmin Trojan/Menti.aeyw 20121206
K7AntiVirus Trojan 20121206
Kaspersky Trojan.Win32.Menti.osiu 20121206
Kingsoft Win32.Troj.Undef.(kcloud) 20121206
Malwarebytes Trojan.Ransom.ANC 20121207
McAfee Ransom-ABD.gen.a 20121207
McAfee-GW-Edition Ransom-ABD.gen.a 20121206
Microsoft Worm:Win32/Dorkbot 20121207
MicroWorld-eScan Worm.Generic.396812 20121206
NANO-Antivirus Trojan.Win32.Menti.zvsvl 20121207
Norman W32/Troj_Generic.EVDFK 20121206
nProtect Trojan/W32.Agent.81408.UO 20121207
Panda Trj/OCJ.A 20121206
PCTools Malware.Phopifas 20121207
Rising - 20121206
Sophos Troj/Inject-ZP 20121207
SUPERAntiSpyware Trojan.Agent/Gen-Menti 20121207
Symantec W32.Phopifas 20121207
TheHacker Trojan/Rodpicom.b 20121207
TotalDefense Win32/Ransom.ATQ 20121206
TrendMicro WORM_DORKBOT.IF 20121207
TrendMicro-HouseCall WORM_DORKBOT.IF 20121207
VIPRE Trojan.Win32.Generic!BT 20121206
ViRobot Trojan.Win32.A.Menti.81408.G 20121206


https://www.virustotal.com/file/d0aae118322c403d6a52fbb53efea03f654720b67a827055d55e76e1b0dcfa86/analysis/1354847589/
HA256: d0aae118322c403d6a52fbb53efea03f654720b67a827055d55e76e1b0dcfa86
SHA1: 843f429035cf7196669e79303de716d94e550794
MD5: f84178426ab688ea35ec4d96d18537f9
File size: 95.0 KB ( 97280 bytes )
File name: F84178426AB688EA35EC4D96D18537F9.exe_
File type: Win32 EXE
Detection ratio: 36 / 45
Analysis date: 2012-12-07 02:33:09 UTC ( 1 minute ago )

Antivirus Result Update
Agnitum - 20121206
AntiVir TR/Obfuscate.acgmo 20121207
Antiy-AVL - 20121204
Avast Win32:Dofoil-AX [Trj] 20121207
AVG PSW.Generic10.AAXX 20121207
BitDefender Trojan.Generic.KDV.763408 20121206
ByteHero - 20121130
CAT-QuickHeal Trojan.PornoAsset.anf 20121206
ClamAV - 20121207
Commtouch W32/Falab.F18.gen!Eldorado 20121206
Comodo TrojWare.Win32.Kryptik.NEGB 20121206
DrWeb BackDoor.IRC.NgrBot.42 20121207
Emsisoft Trojan.Generic.KDV.763408 (B) 20121207
eSafe - 20121205
ESET-NOD32 Win32/Dorkbot.B 20121206
F-Prot W32/Falab.F18.gen!Eldorado 20121206
F-Secure Trojan.Generic.KDV.763408 20121207
Fortinet W32/PornoAsset.ANFK!tr 20121207
GData Trojan.Generic.KDV.763408 20121207
Ikarus Worm.Win32.Cridex 20121206
Jiangmin Trojan/PornoAsset.itl 20121206
K7AntiVirus Trojan 20121206
Kaspersky Trojan-Ransom.Win32.PornoAsset.anfk 20121206
Kingsoft Win32.Troj.Undef.(kcloud) 20121206
Malwarebytes Trojan.Winlock 20121207
McAfee PWS-Zbot.gen.anq 20121207
McAfee-GW-Edition PWS-Zbot.gen.anq 20121206
Microsoft VirTool:Win32/Obfuscator.ACG 20121207
MicroWorld-eScan Trojan.Generic.KDV.763408 20121206
NANO-Antivirus Trojan.Win32.Obfuscate.zureo 20121207
Norman W32/FakeAV.BJTL 20121206
nProtect Trojan.Generic.KDV.763408 20121207
Panda Trj/OCJ.A 20121206
PCTools Trojan.IRCBot 20121207
Rising - 20121206
Sophos Mal/ZboCheMan-D 20121207
SUPERAntiSpyware - 20121207
Symantec W32.IRCBot.NG 20121207
TheHacker - 20121207
TotalDefense - 20121206
TrendMicro WORM_DORKBOT.IF 20121207
TrendMicro-HouseCall WORM_DORKBOT.IF 20121207
VBA32 BScope.Worm.NgrBot.1812 20121205
VIPRE Trojan.Win32.Generic!BT 20121206
ViRobot Trojan.Win32.A.PornoAsset.97280.R 20121206







No comments:

Post a Comment