Download d4b98bda9c3ae0810a61f95863f4f81e ATT39755.xls and all the files described below as a password protected archive (contact me if you need the password) 
From: ¤u¦X•|³ø [mailto:0922750173@mail.ahccddi.org.tw]
Sent: Monday, May 10, 2010 9:38 AM
To: XXXXXXXXXXX
Subject: 99下半年國防工業評鑑日期表
檢送99下半年國防工業評鑑日期表文件乙份,請查照!
蕭名槐 敬上
From: ¤ u | X • | ³ ø [mailto: 0922750173@mail.ahccddi.org.tw]Sent: Monday, May 10, 2010 9:38 AM
To: XXXXXXXXXXX
Subject: 99下半年國防工業評鑑日期表
檢送99下半年國防工業評鑑日期表文件乙份,請查照!
蕭名槐 敬上
Sent: Monday, May 10, 2010 9:38 AM
To: XXXXXXXXXXX
Subject: 99 in the second half schedule of the defense industry evaluation
Sincerely, Huai Hsiao
Headers
Received: (qmail 314 invoked from network); 10 May 2010 13:54:05 -0000
Received: from mailsnd3.chollian.net (HELO mailsnd3.chol.com) (203.252.1.124)
by XXXXXXXXXXXXXXXXXXXwith SMTP; 10 May 2010 13:54:05 -0000
Received: (qmail 2745 invoked from network); Mon, 10 May 2010 22:53:58 +0900 (KST)Received: from [202.65.223.202] (202.65.223.202)
by mailsnd3.chol.com with ESMTP;
Mon, 10 May 2010 22:53:58 +0900 (KST)
Message-ID: <1975e5623c$23fce32a$0ae1d8b4@0922750173212af2ce2>
From: "?u?X?|??" <0922750173@mail.ahccddi.org.tw>
To: XXXXXXXXXXXXXXXXXX
Subject: =?big5?B?OTmkVaVipn6w6qi+pHW3frX7xbKk6bTBqu0=?=
Date: Mon, 10 May 2010 21:37:50 +0800
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_NextPart_000_0009_01CAF089.0C84DC60"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.3138
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.5579
Received: from mailsnd3.chollian.net (HELO mailsnd3.chol.com) (203.252.1.124)
by XXXXXXXXXXXXXXXXXXXwith SMTP; 10 May 2010 13:54:05 -0000
Received: (qmail 2745 invoked from network); Mon, 10 May 2010 22:53:58 +0900 (KST)Received: from [202.65.223.202] (202.65.223.202)
by mailsnd3.chol.com with ESMTP;
Mon, 10 May 2010 22:53:58 +0900 (KST)
Message-ID: <1975e5623c$23fce32a$0ae1d8b4@0922750173212af2ce2>
From: "?u?X?|??" <0922750173@mail.ahccddi.org.tw>
To: XXXXXXXXXXXXXXXXXX
Subject: =?big5?B?OTmkVaVipn6w6qi+pHW3frX7xbKk6bTBqu0=?=
Date: Mon, 10 May 2010 21:37:50 +0800
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_NextPart_000_0009_01CAF089.0C84DC60"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.3138
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.5579
202.65.223.202
Hostname: static-ip-202-223-65-202.rev.dyxnet.comISP: Genesis Net Limited
Organization: Tsuen Wan
Type: Broadband
Assignment: Static IP
Country: Hong Kong
City: Central District
File ATT39755.xls received on 2010.06.03 11:27:14 (UTC)
http://www.virustotal.com/analisis/616b561b49258346ead431e34fb1925e2dbc11fb4620083efae92d7ed8e5333c-1275564434
Result: 7/41 (17.08%)
Jiangmin 13.0.900 2010.06.03 Heur:Exploit.CVE-2009-3129
Kaspersky 7.0.0.125 2010.06.03 Trojan-Dropper.MSExcel.Agent.bc
Heuristic.BehavesLike.Exploit.X97.CodeExec.FFLG
PCTools 7.0.3.5 2010.06.03 HeurEngine.MaliciousExploit
Symantec 20101.1.0.89 2010.06.03 Bloodhound.Exploit.306
TrendMicro 9.120.0.1004 2010.06.03 TROJ_EXELDROP.A
TrendMicro-HouseCall 9.120.0.1004 2010.06.03 TROJ_EXELDROP.A
Additional information
File size: 72192 bytes
MD5...: d4b98bda9c3ae0810a61f95863f4f81e
Files created
%Userprofile%\LOCALS~1\Temp\wuauclt.exe
File: wuauclt.exe Size: 31232 MD5: D037500368207625E3FFEE16C50D60A7
%Userprofile%\LOCALS~1\Temp\ ATT39755.xls
File: ATT39755.xls Size: 13824 MD5: 75B495C8324C4DCF5A0B2CFCACC47971 == clean xls filehttp://www.virustotal.com/reanalisis.html?1a15e1c3220e8d1800bb7b186e9d47f63aefd669cd0f1569a79982498d5d9ba6-1275579814
File wuauclt.exe-- received on 2010.06.02 00:43:59 (UTC)
Result: 4/41 (9.76%)
Microsoft 1.5802 2010.06.02 Backdoor:Win32/Ixeshe.A
Norman 6.04.12 2010.06.01 W32/Malware
TrendMicro 9.120.0.1004 2010.06.01 BKDR_IXESHE.SM
TrendMicro-HouseCall 9.120.0.1004 2010.06.02 BKDR_IXESHE.SM
Additional information
File size: 31232 bytes
MD5 : d037500368207625e3ffee16c50d60a7
TCP traffic to 211.78.147.220
Hostname: ll-211-78-147-220.ll.sparqnet.net
ISP: New Centry InfoComm Tech. Co., Ltd.
Organization: Lill Guan Industry co., LTD
Type: Broadband
Assignment: Static IP
Country: Taiwan
City: Taichung
No comments:
Post a Comment