Saturday, February 16, 2013

Jan 2013 Shylock (skype version) sample




In January 2013,  Iurii Khvyl and Peter Kruse from CSIS posted analysis of Shylock variant capable of spreading through Skype.

You can read their research here Shylock calling Skype. The sample is below






Download
Sample credit: anonymous

Automatic scans


https://www.virustotal.com/en/file/4bd97130a89c2f9080259d8e87d8d713a23fd0e4336eabb0bf47a44d700ec842/analysis/
SHA256: 4bd97130a89c2f9080259d8e87d8d713a23fd0e4336eabb0bf47a44d700ec842
SHA1: b87948722e04fa3edda45303d20c745a6301e567
MD5: 8fbeb78b06985c3188562e2f1b82d57d
File size: 278.0 KB ( 284672 bytes )
File name: 4bd97130a89c2f9080259d8e87d8d713a23fd0e4336eabb0bf47a44d700ec842
File type: Win32 DLL
Tags: pedll
Detection ratio: 33 / 46
Analysis date: 2013-02-05 19:05:29 UTC ( 1 week, 4 days ago )
31 91
AhnLab-V3 Win-Trojan/Caphaw.284672 20130205
AntiVir TR/Skyspy.AJ 20130205
Avast Win32:Shylock-A [Trj] 20130205
AVG Ransomer.BKE 20130205
BitDefender Trojan.Generic.8640212 20130205
CAT-QuickHeal Backdoor.Caphaw 20130205
ClamAV Win.Trojan.Shylock 20130205
Comodo UnclassifiedMalware 20130205
eSafe Win32.Trojan 20130204
ESET-NOD32 Win32/Caphaw.M 20130205
F-Secure Trojan:W32/Agent.DUIE 20130205
Fortinet W32/Shylock.A!tr 20130205
GData Trojan.Generic.8640212 20130205
Ikarus Trojan-Spy.Agent 20130205
Kaspersky Trojan.Win32.Agentb.hxk 20130204
Malwarebytes Trojan.Shylock 20130205
McAfee RDN/Generic.dx!i 20130205
McAfee-GW-Edition RDN/Generic.dx!i 20130205
Microsoft Backdoor:Win32/Caphaw.N 20130205
MicroWorld-eScan Trojan.Generic.8640212 20130205
NANO-Antivirus Trojan.Win32.Caphaw.bevzou 20130205
Norman Shylock.C 20130205
nProtect Trojan.Generic.8640212 20130205
Panda Trj/CI.A 20130205
PCTools Trojan.Generic 20130205
Rising Backdoor.Caphaw!4ED7 20130205
Sophos Troj/Shype-A 20130205
Symantec Trojan Horse 20130205
TheHacker Trojan/Caphaw.gen 20130205
TrendMicro WORM_KEPSY.A 20130205
TrendMicro-HouseCall WORM_KEPSY.A 20130205
VIPRE Trojan.Win32.Generic!BT 20130205
ViRobot Backdoor.Win32.S.Shylock.284672 20130205

No comments:

Post a Comment