Pages

Sunday, April 25, 2010

Jan 17, 2010 JAVA Mobile Malware #1 by Donato "ratsoul" Ferrante www.InReverse.net Post #2

The following article was written and published by Donato "ratsoul" Ferrante (www.inreverse.net) on January 17, 2010. His recent java analysis publications attracted attention of the exploit kit owners who launched a heavy DDoS attack on April 16, 2010.  DDoS is still in progress today, April 25, 2010. They sent their  demands - remove the analysis articles because it hurts their 'business'.
www.inreverse.net is currently inaccessible, therefore, we are publishing the InReverse java analysis here (this is Post #2) but this time together with the malware samples provided by the InReverse crew.  We ask antivirus and security companies to download, analyze, and develop protection (if you have not done yet).  Thank you.

Download 9 files listed below as a password protected archive (please contact me for the password, if you need it)


All Virustotal scan results are from April 25, 2010. Compare to the initial scan results of some of the samples (1/42 a 0/42 - see post #5
  1. 8d499308df04932ed1b58a78417d6fb9.jar from JAVA Exploit Kit Malware #1 Post #1                       Virustotal 26/40
  2. 7e92d280472ca426aff1c20fbeb8d2db.jar from JAVA Mobile Malware #1 Post #2                         Virustotal 17/41  
  3. 38f083169319d0141532db992d295448.jar  from JAVA Sound malware Post #3                          Virustotal 11/41
  4. 52586e8a85188a0ada59294650c91362.jar from JAVA Sound malware Post #3                             Virustotal  19/41
  5. 3af7627af6348a76d1bf3b7bf31514e0.jar from JAVA malware family Post #4                                    Virustotal 20/38
  6. a022524cb52223a939ba50043d90ff94.jar from JAVA malware family Post #4                                   Virustotal 21/39
  7. d45a156c76f3c34bac0cf22cb586fdd1.jar from JAVA malware family Post #4                                      Virustotal 16/40
  8. 2138bfc0c92b726a13ff5095bd2f2b72.jar  from JAVA Malware evading decompilation Post #5      Virustotal 11/39
  9.  a0585edf638f5d1c556239d3bfaf08db.jar from JAVA Malware evading decompilation Post #5      Virustotal 10/40
       
-----------------------------------------
Sunday, January 17, 2010
Donato "ratsoul" Ferrante

JAVA Mobile Malware #1
Hi guys,

today I will focus on a JAVA mobile malware (md5 is: 7e92d280472ca426aff1c20fbeb8d2db).

It is spread as jar, containing a class with an attractive name. The jar contains three files:


    * a java class (the malware engine);

    * an icon image (it is used in order to be attractive..);

    * an inf file (it is used to extract sms information).


The following is the class code after the usage of jd. I report only relevant parts:

LoadData:


 This method is used to read the inf file in order to fill smsnumber and smstext fields. It uses the first byte of the inf file to know how many sms should be sent.

InputStreamString:


This method is used to read user-defined strings from the inf file.



SendSMS:


This method is used to send the crafted sms.

Focus on inf:

As we can see, the malware uses the inf file to extract information such as: sms number and text. Let's take a look at this file to understand its format:
Question: have you noticed anything wrong in this format ? Before proceeding, please focus on inf format and the three methods reported above.

Answer: It seems that we have a programming bug or a bad-edited inf file. In fact, the malware will try to send 0x10 (16) sms by using this inf, but it has information only for 8 sms. Maybe this is a mistake of the malware author, or someone else has wrongly edited this file.

I hope you have enjoyed this article... see you soon ;]


Virustotal results on April 26, 2010
Other samples mentioned in InReverse articles will be added later.

http://www.virustotal.com/analisis/d00fa63f4202a980ab4d854172eed4fce57fcf1fd5cff32e846107982573a91b-1272218810
 File a0585edf638f5d1c556239d3bfaf08db.  received on 2010.04.25 18:06:50 (UTC)
Result: 11/41 (26.83%)
Avast    4.8.1351.0    2010.04.25    Java:Djewers-L
Avast5    5.0.332.0    2010.04.25    Java:Djewers-L
eSafe    7.0.17.0    2010.04.25    Win32.Horse
Ikarus    T3.1.1.80.0    2010.04.25    Trojan-Downloader.Java.Agent
McAfee    5.400.0.1158    2010.04.25    Exploit-CVE2008-5353
Sophos    4.53.0    2010.04.25    Troj/JavaDL-L
Sunbelt    6221    2010.04.25    Trojan.Java.Agent.c (v)
Symantec    20091.2.0.41    2010.04.25    Trojan Horse
TrendMicro    9.120.0.1004    2010.04.25    JAVA_BYTEVER.DP
TrendMicro-HouseCall    9.120.0.1004    2010.04.25    JAVA_BYTEVER.DP
File size: 43253 bytes
MD5...: a0585edf638f5d1c556239d3bfaf08db


http://www.virustotal.com/analisis/f95aeffa63f809a419dddc32c5bd65e28a1e6d21c587aef4342ac95c07bd9e80-1272218387
 File 2138bfc0c92b726a13ff5095bd2f2b72.  received on 2010.04.25 17:59:47 (UTC)
Result: 12/40 (30%)
Antiy-AVL    2.0.3.7    2010.04.23    Exploit/Java.CVE-2009-3867
eSafe    7.0.17.0    2010.04.25    Win32.Horse
F-Secure    9.0.15370.0    2010.04.25    Trojan-Downloader:Java/Agent.DIVS
Ikarus    T3.1.1.80.0    2010.04.25    Exploit.Java.Agent
Kaspersky    7.0.0.125    2010.04.25    Exploit.Java.Agent.a
Norman    6.04.11    2010.04.25    JAVA/Byteverify.O
Sophos    4.53.0    2010.04.25    Troj/Agent-NBP
Sunbelt    6221    2010.04.25    Trojan.Java.Byteverify.c (v)
Symantec    20091.2.0.41    2010.04.25    Trojan Horse
TrendMicro    9.120.0.1004    2010.04.25    JAVA_BYTEVER.DP
TrendMicro-HouseCall    9.120.0.1004    2010.04.25    JAVA_BYTEVER.DP
ViRobot    2010.4.24.2293    2010.04.25    JS.EX-Agent.2276
File size: 32260 bytes
MD5...: 2138bfc0c92b726a13ff5095bd2f2b72


http://www.virustotal.com/analisis/fba57ff8cfed809e8fdc1b6647515090933f4dd6f1c3cc0b02d80044c6c50f7b-1272216836 File 38f083169319d0141532db992d295448.  received on 2010.04.25 17:33:56 (UTC)
Result: 20/41 (48.79%)
a-squared    4.5.0.50    2010.04.25    Exploit.OSX.Smid.c!A2
AntiVir    8.2.1.224    2010.04.23    JAVA/Dldr.Agen.NA.1
Antiy-AVL    2.0.3.7    2010.04.23    Exploit/OSX.Smid
BitDefender    7.2    2010.04.25    Java.Exploit.Smid.A
Comodo    4678    2010.04.25    Exploit.Java.Agent.~A
DrWeb    5.0.2.03300    2010.04.25    Exploit.Java.10
eTrust-Vet    35.2.7448    2010.04.24    Java/ByteVerify!exploit
F-Secure    9.0.15370.0    2010.04.25    Exploit:OSX/Smid.B
GData    21    2010.04.25    Java.Exploit.Smid.A
Kaspersky    7.0.0.125    2010.04.25    Exploit.OSX.Smid.c
McAfee-GW-Edition    6.8.5    2010.04.23    Java.Dldr.Agen.NA.1
Microsoft    1.5703    2010.04.25    Trojan:Java/Classloader.T
NOD32    5059    2010.04.25    OSX/Exploit.Smid.B
nProtect    2010-04-25.01    2010.04.25    Java.Exploit.Smid.A
PCTools    7.0.3.5    2010.04.25    Trojan.ByteVerify
Sophos    4.53.0    2010.04.25    Troj/Clsldr-U
Symantec    20091.2.0.41    2010.04.25    Trojan.ByteVerify
TrendMicro    9.120.0.1004    2010.04.25    JAVA_BYTEVER.Y
TrendMicro-HouseCall    9.120.0.1004    2010.04.25    JAVA_BYTEVER.Y
VBA32    3.12.12.4    2010.04.23    Exploit.OSX.Smid.c
Additional information
File size: 1955 bytes
MD5...: 38f083169319d0141532db992d295448



http://www.virustotal.com/analisis/ce21ea5e25fe92ef6fa182c7fe588b050021796ea880e277aa7acd6e547f0994-1272218599
 File 52586e8a85188a0ada59294650c91362.  received on 2010.04.25 18:03:19 (UTC)
Result: 19/41 (46.35%)
Antivirus     Version     Last Update     Result
a-squared    4.5.0.50    2010.04.25    Exploit.OSX.Smid.b!A2
AntiVir    8.2.1.224    2010.04.23    EXP/Java.mo.232
Antiy-AVL    2.0.3.7    2010.04.23    Exploit/OSX.Smid
BitDefender    7.2    2010.04.25    Java.Exploit.Smid.A
Comodo    4678    2010.04.25    Exploit.Java.Agent.~B
eTrust-Vet    35.2.7448    2010.04.24    JAVA/Smid.A
F-Secure    9.0.15370.0    2010.04.25    Exploit:Java/Agent.NHV
GData    21    2010.04.25    Java.Exploit.Smid.A
Ikarus    T3.1.1.80.0    2010.04.25    Exploit.OSX.Smid
Kaspersky    7.0.0.125    2010.04.25    Exploit.OSX.Smid.b
McAfee-GW-Edition    6.8.5    2010.04.23    Exploit.Java.mo.232
Microsoft    1.5703    2010.04.25    Trojan:Java/Classloader.T
NOD32    5059    2010.04.25    OSX/Exploit.Smid.B
nProtect    2010-04-25.01    2010.04.25    Java.Exploit.Smid.A
PCTools    7.0.3.5    2010.04.25    Exploit.OSX.Smid.b
Symantec    20091.2.0.41    2010.04.25    Trojan.ByteVerify
TrendMicro    9.120.0.1004    2010.04.25    TROJ_SMID.B
TrendMicro-HouseCall    9.120.0.1004    2010.04.25    TROJ_SMID.B
File size: 1847 bytes
MD5...: 52586e8a85188a0ada59294650c91362



 Virustotal results on April 25, 2010


http://www.virustotal.com/analisis/d00fa63f4202a980ab4d854172eed4fce57fcf1fd5cff32e846107982573a91b-1272218810
 File a0585edf638f5d1c556239d3bfaf08db.  received on 2010.04.25 18:06:50 (UTC)
Result: 11/41 (26.83%)
Avast    4.8.1351.0    2010.04.25    Java:Djewers-L
Avast5    5.0.332.0    2010.04.25    Java:Djewers-L
eSafe    7.0.17.0    2010.04.25    Win32.Horse
Ikarus    T3.1.1.80.0    2010.04.25    Trojan-Downloader.Java.Agent
McAfee    5.400.0.1158    2010.04.25    Exploit-CVE2008-5353
Sophos    4.53.0    2010.04.25    Troj/JavaDL-L
Sunbelt    6221    2010.04.25    Trojan.Java.Agent.c (v)
Symantec    20091.2.0.41    2010.04.25    Trojan Horse
TrendMicro    9.120.0.1004    2010.04.25    JAVA_BYTEVER.DP
TrendMicro-HouseCall    9.120.0.1004    2010.04.25    JAVA_BYTEVER.DP
File size: 43253 bytes
MD5...: a0585edf638f5d1c556239d3bfaf08db


http://www.virustotal.com/analisis/f95aeffa63f809a419dddc32c5bd65e28a1e6d21c587aef4342ac95c07bd9e80-1272218387
 File 2138bfc0c92b726a13ff5095bd2f2b72.  received on 2010.04.25 17:59:47 (UTC)
Result: 12/40 (30%)
Antiy-AVL    2.0.3.7    2010.04.23    Exploit/Java.CVE-2009-3867
eSafe    7.0.17.0    2010.04.25    Win32.Horse
F-Secure    9.0.15370.0    2010.04.25    Trojan-Downloader:Java/Agent.DIVS
Ikarus    T3.1.1.80.0    2010.04.25    Exploit.Java.Agent
Kaspersky    7.0.0.125    2010.04.25    Exploit.Java.Agent.a
Norman    6.04.11    2010.04.25    JAVA/Byteverify.O
Sophos    4.53.0    2010.04.25    Troj/Agent-NBP
Sunbelt    6221    2010.04.25    Trojan.Java.Byteverify.c (v)
Symantec    20091.2.0.41    2010.04.25    Trojan Horse
TrendMicro    9.120.0.1004    2010.04.25    JAVA_BYTEVER.DP
TrendMicro-HouseCall    9.120.0.1004    2010.04.25    JAVA_BYTEVER.DP
ViRobot    2010.4.24.2293    2010.04.25    JS.EX-Agent.2276
File size: 32260 bytes
MD5...: 2138bfc0c92b726a13ff5095bd2f2b72


http://www.virustotal.com/analisis/fba57ff8cfed809e8fdc1b6647515090933f4dd6f1c3cc0b02d80044c6c50f7b-1272216836 File 38f083169319d0141532db992d295448.  received on 2010.04.25 17:33:56 (UTC)
Result: 20/41 (48.79%)
a-squared    4.5.0.50    2010.04.25    Exploit.OSX.Smid.c!A2
AntiVir    8.2.1.224    2010.04.23    JAVA/Dldr.Agen.NA.1
Antiy-AVL    2.0.3.7    2010.04.23    Exploit/OSX.Smid
BitDefender    7.2    2010.04.25    Java.Exploit.Smid.A
Comodo    4678    2010.04.25    Exploit.Java.Agent.~A
DrWeb    5.0.2.03300    2010.04.25    Exploit.Java.10
eTrust-Vet    35.2.7448    2010.04.24    Java/ByteVerify!exploit
F-Secure    9.0.15370.0    2010.04.25    Exploit:OSX/Smid.B
GData    21    2010.04.25    Java.Exploit.Smid.A
Kaspersky    7.0.0.125    2010.04.25    Exploit.OSX.Smid.c
McAfee-GW-Edition    6.8.5    2010.04.23    Java.Dldr.Agen.NA.1
Microsoft    1.5703    2010.04.25    Trojan:Java/Classloader.T
NOD32    5059    2010.04.25    OSX/Exploit.Smid.B
nProtect    2010-04-25.01    2010.04.25    Java.Exploit.Smid.A
PCTools    7.0.3.5    2010.04.25    Trojan.ByteVerify
Sophos    4.53.0    2010.04.25    Troj/Clsldr-U
Symantec    20091.2.0.41    2010.04.25    Trojan.ByteVerify
TrendMicro    9.120.0.1004    2010.04.25    JAVA_BYTEVER.Y
TrendMicro-HouseCall    9.120.0.1004    2010.04.25    JAVA_BYTEVER.Y
VBA32    3.12.12.4    2010.04.23    Exploit.OSX.Smid.c
Additional information
File size: 1955 bytes
MD5...: 38f083169319d0141532db992d295448



http://www.virustotal.com/analisis/ce21ea5e25fe92ef6fa182c7fe588b050021796ea880e277aa7acd6e547f0994-1272218599
 File 52586e8a85188a0ada59294650c91362.  received on 2010.04.25 18:03:19 (UTC)
Result: 19/41 (46.35%)
Antivirus     Version     Last Update     Result
a-squared    4.5.0.50    2010.04.25    Exploit.OSX.Smid.b!A2
AntiVir    8.2.1.224    2010.04.23    EXP/Java.mo.232
Antiy-AVL    2.0.3.7    2010.04.23    Exploit/OSX.Smid
BitDefender    7.2    2010.04.25    Java.Exploit.Smid.A
Comodo    4678    2010.04.25    Exploit.Java.Agent.~B
eTrust-Vet    35.2.7448    2010.04.24    JAVA/Smid.A
F-Secure    9.0.15370.0    2010.04.25    Exploit:Java/Agent.NHV
GData    21    2010.04.25    Java.Exploit.Smid.A
Ikarus    T3.1.1.80.0    2010.04.25    Exploit.OSX.Smid
Kaspersky    7.0.0.125    2010.04.25    Exploit.OSX.Smid.b
McAfee-GW-Edition    6.8.5    2010.04.23    Exploit.Java.mo.232
Microsoft    1.5703    2010.04.25    Trojan:Java/Classloader.T
NOD32    5059    2010.04.25    OSX/Exploit.Smid.B
nProtect    2010-04-25.01    2010.04.25    Java.Exploit.Smid.A
PCTools    7.0.3.5    2010.04.25    Exploit.OSX.Smid.b
Symantec    20091.2.0.41    2010.04.25    Trojan.ByteVerify
TrendMicro    9.120.0.1004    2010.04.25    TROJ_SMID.B
TrendMicro-HouseCall    9.120.0.1004    2010.04.25    TROJ_SMID.B
File size: 1847 bytes
MD5...: 52586e8a85188a0ada59294650c91362


http://www.virustotal.com/analisis/b69f0e77a89df3af21c4ad2bae57cdf19dc01edea3cf2958931ebbbe4e428e99-1272241193
  File 7e92d280472ca426aff1c20fbeb8d2db.  received on 2010.04.26 00:19:53 (UTC)
Result: 17/41 (41.47%)
Antiy-AVL    2.0.3.7    2010.04.23    Trojan/J2ME.Swapi
Avast    4.8.1351.0    2010.04.25    Other:Malware-gen
Avast5    5.0.332.0    2010.04.25    Other:Malware-gen
Comodo    4678    2010.04.25    UnclassifiedMalware
DrWeb    5.0.2.03300    2010.04.26    Java.SMSSend.4
F-Secure    9.0.15370.0    2010.04.26    Riskware:Java/SmsSend.Gen!A
Fortinet    4.0.14.0    2010.04.25    Java/Swapi.KS!tr
GData    21    2010.04.26    Other:Malware-gen
Ikarus    T3.1.1.80.0    2010.04.25    Trojan-SMS
Kaspersky    7.0.0.125    2010.04.26    Trojan-SMS.J2ME.Swapi.k
McAfee    5.400.0.1158    2010.04.26    JS/Downloader-Class.b
NOD32    5059    2010.04.25    probably a variant of Win32/Agent
PCTools    7.0.3.5    2010.04.26    Trojan.Generic
Symantec    20091.2.0.41    2010.04.26    Trojan Horse
TrendMicro    9.120.0.1004    2010.04.25    TROJ_SWAPI.E
TrendMicro-HouseCall    9.120.0.1004    2010.04.26    TROJ_SWAPI.E
VBA32    3.12.12.4    2010.04.23    Trojan-SMS.J2ME.Swapi.k
Additional information
File size: 2903 bytes
MD5...: 7e92d280472ca426aff1c20fbeb8d2db


http://www.virustotal.com/analisis/c52137b3dc1d700ee0b094b995b0da6d3bf13da40bca00d567209ce3cdd1a7cb-1272241740
  File 3af7627af6348a76d1bf3b7bf31514e0.  received on 2010.04.26 00:29:00 (UTC)
Result: 21/39 (53.85%)
AntiVir    8.2.1.224    2010.04.25    EXP/Java.Bytverif.I
Antiy-AVL    2.0.3.7    2010.04.23    Trojan/Java.Agent
Avast    4.8.1351.0    2010.04.25    Java:Agent-B
Avast5    5.0.332.0    2010.04.25    Java:Agent-B
BitDefender    7.2    2010.04.25    Java.Trojan.Exploit.Bytverify.I
ClamAV    0.96.0.3-git    2010.04.26    Trojan.JS.Selace-1
Comodo    4678    2010.04.25    UnclassifiedMalware
DrWeb    5.0.2.03300    2010.04.26    Exploit.Java.5
F-Secure    9.0.15370.0    2010.04.26    Java.Trojan.Exploit.Bytverify.I
GData    21    2010.04.26    Java.Trojan.Exploit.Bytverify.I
Ikarus    T3.1.1.80.0    2010.04.25    Exploit.Java.BytVerify
Kaspersky    7.0.0.125    2010.04.26    Trojan-Downloader.Java.Agent.as
McAfee-GW-Edition    6.8.5    2010.04.25    Exploit.Java.Bytverif.I
Microsoft    1.5703    2010.04.25    Exploit:Java/CVE-2008-5353.C
NOD32    5059    2010.04.25    Java/TrojanDownloader.Agent.NAG
Norman    6.04.11    2010.04.25    JAVA/ByteVerify.A
PCTools    7.0.3.5    2010.04.26    Trojan.ByteVerify
Sophos    4.53.0    2010.04.26    Troj/ClsLdr-V
Symantec    20091.2.0.41    2010.04.26    Trojan.ByteVerify
TrendMicro    9.120.0.1004    2010.04.25    JAVA_BYTEVER.BN
TrendMicro-HouseCall    9.120.0.1004    2010.04.26    JAVA_BYTEVER.BN
Additional information
File size: 8397 bytes
MD5...: 3af7627af6348a76d1bf3b7bf31514e0



http://www.virustotal.com/analisis/eb4f3bd460824c701f3a99463a16e4307f5a4c111f1dc610d26db82d6436f842-1272242166
File 8d499308df04932ed1b58a78417d6fb9.  received on 2010.04.26 00:36:06 (UTC)
Result: 28/41 (68.3%)
a-squared    4.5.0.50    2010.04.25    Trojan-Downloader.Java.OpenStream!IK
AntiVir    8.2.1.224    2010.04.25    JAVA/OpenStream.AE
Antiy-AVL    2.0.3.7    2010.04.23    Trojan/Java.OpenStream
Avast    4.8.1351.0    2010.04.25    Java:Agent-B
Avast5    5.0.332.0    2010.04.25    Java:Agent-B
AVG    9.0.0.787    2010.04.25    Java/OpenStream
BitDefender    7.2    2010.04.26    Trojan.Generic.IS.614610
Comodo    4678    2010.04.25    TrojWare.Win32.Trojan.Agent.~318
DrWeb    5.0.2.03300    2010.04.26    Exploit.CVE2008.5353
eSafe    7.0.17.0    2010.04.25    Win32.TrojanHorse
eTrust-Vet    35.2.7448    2010.04.24    Java/ByteVerify!exploit
F-Secure    9.0.15370.0    2010.04.26    Trojan.Generic.IS.614610
Fortinet    4.0.14.0    2010.04.25    Java/OpenStream.AD!tr.dldr
GData    21    2010.04.26    Trojan.Generic.IS.614610
Ikarus    T3.1.1.80.0    2010.04.25    Trojan-Downloader.Java.OpenStream
Kaspersky    7.0.0.125    2010.04.26    Trojan-Downloader.Java.OpenStream.ad
McAfee    5.400.0.1158    2010.04.26    Exploit-ByteVerify
McAfee-GW-Edition    6.8.5    2010.04.25    Java.OpenStream.AE
Microsoft    1.5703    2010.04.25    Exploit:Java/CVE-2008-5353.B
NOD32    5059    2010.04.25    probably a variant of Win32/Agent
Norman    6.04.11    2010.04.25    Exploit/ByteVerify.A
nProtect    2010-04-25.01    2010.04.25    Trojan.Generic.IS.616012
PCTools    7.0.3.5    2010.04.26    Trojan.Generic
Sophos    4.53.0    2010.04.26    Troj/BytVrfy-C
Symantec    20091.2.0.41    2010.04.26    Trojan Horse
TrendMicro    9.120.0.1004    2010.04.25    JAVA_BYTEVER.AT
TrendMicro-HouseCall    9.120.0.1004    2010.04.26    JAVA_BYTEVER.AT
ViRobot    2010.4.24.2293    2010.04.25    Java.S.OpenStream.2238
Additional information
File size: 4519 bytes
MD5...: 8d499308df04932ed1b58a78417d6fb9 



 http://www.virustotal.com/analisis/e5daafafa3eedcff7577a1545a1e45fbaa964547cc46846f8d6ae90d9674ea4f-1272242459
File a022524cb52223a939ba50043d90ff94.  received on 2010.04.26 00:40:59 (UTC)
Result: 23/41 (56.1%)
AntiVir    8.2.1.224    2010.04.25    JAVA/OpenStrem.BN.2
Antiy-AVL    2.0.3.7    2010.04.23    Trojan/Java.Agent
Avast    4.8.1351.0    2010.04.25    Java:Agent-B
Avast5    5.0.332.0    2010.04.25    Java:Agent-B
AVG    9.0.0.787    2010.04.25    Generic2_c.TEA
BitDefender    7.2    2010.04.26    Java.Trojan.Exploit.Bytverify.I
ClamAV    0.96.0.3-git    2010.04.26    Trojan.JS.Selace-1
Comodo    4678    2010.04.25    UnclassifiedMalware
DrWeb    5.0.2.03300    2010.04.26    Java.Siggen.11
eSafe    7.0.17.0    2010.04.25    Win32.Horse
eTrust-Vet    35.2.7448    2010.04.24    Java/ByteVerify!exploit
F-Secure    9.0.15370.0    2010.04.26    Java.Trojan.Exploit.Bytverify.I
GData    21    2010.04.26    Java.Trojan.Exploit.Bytverify.I
Ikarus    T3.1.1.80.0    2010.04.25    Exploit.Java.BytVerify
Kaspersky    7.0.0.125    2010.04.26    Trojan-Downloader.Java.Agent.ay
McAfee-GW-Edition    6.8.5    2010.04.25    Java.OpenStrem.BN.2
Microsoft    1.5703    2010.04.25    Trojan:Java/Bytverify
NOD32    5059    2010.04.25    probably a variant of Win32/Agent
Norman    6.04.11    2010.04.25    JAVA/ByteVerify.A
Sophos    4.53.0    2010.04.26    Troj/ClsLdr-Gen
Symantec    20091.2.0.41    2010.04.26    Trojan Horse
TrendMicro    9.120.0.1004    2010.04.25    JS_BYTEVER.AT
TrendMicro-HouseCall    9.120.0.1004    2010.04.26    JS_BYTEVER.AX
Additional information
File size: 9417 bytes
MD5...: a022524cb52223a939ba50043d90ff94 


http://www.virustotal.com/analisis/a19089a18db356fb5ef5cfa78b94a1fd8538381930c5998061d5176c77e136a0-1272243385
File d45a156c76f3c34bac0cf22cb586fdd1.  received on 2010.04.26 00:56:25 (UTC)
Result: 16/40 (40.00%)
AntiVir     8.2.1.224     2010.04.25     JAVA/ClassLoad.AD.2
Antiy-AVL     2.0.3.7     2010.04.23     Trojan/Java.Agent
Avast     4.8.1351.0     2010.04.25     Java:Agent-B
Avast5     5.0.332.0     2010.04.25     Java:Agent-B
Comodo     4678     2010.04.25     TrojWare.Java.TrojanDownloader.Agent.av
DrWeb     5.0.2.03300     2010.04.26     Exploit.Java.8
eSafe     7.0.17.0     2010.04.25     Win32.ByteVerify
F-Secure     9.0.15370.0     2010.04.26     Trojan-Downloader:Java/Agent.NWB
Ikarus     T3.1.1.80.0     2010.04.26     Trojan-Downloader.Java.Agent
Kaspersky     7.0.0.125     2010.04.26     Trojan-Downloader.Java.Agent.av
McAfee-GW-Edition     6.8.5     2010.04.25     Java.ClassLoad.AD.2
NOD32     5059     2010.04.25     probably a variant of Java/TrojanDownloader.Agent.NAI
Sophos     4.53.0     2010.04.26     Troj/ByteVer-I
Symantec     20091.2.0.41     2010.04.26     Trojan.ByteVerify
TrendMicro     9.120.0.1004     2010.04.25     TROJ_BYTEVER.BO
Additional information
File size: 7291 bytes
MD5   : d45a156c76f3c34bac0cf22cb586fdd1


 

No comments:

Post a Comment