API tools faq
paste
Advertisement
openblacklist

OpenBlackList

openblacklist
Sep 24th, 2015
123
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 7.07 KB | None | 0 0
raw download clone embed print report
  1. OpenBlackList (twitter: @OpenBlackList) . A project by ElCatapan (twitter: @ElCatapan).
  2.  
  3. This paste contain information about attacks collected from my honeypot systems.
  4.  
  5.  
  6.  
  7. Date: 2015-09-24
  8.  
  9. Source of the attack: 178.174.152.35 (AS21250-Customer access block),located in Sweden
  10.  
  11. Service attacked: MSRPC
  12.  
  13. Action: Malware propagation
  14.  
  15. MD5 sample: cf263991bb889c28e6185ac4dd24668f
  16.  
  17. Downloads number: 1
  18.  
  19. Download URL:
  20. tftp://178.174.152.35/ssms.exe
  21.  
  22. Offer URL:
  23. tftp://178.174.152.35/ssms.exe
  24.  
  25.  
  26.  
  27. VirusTotal Analisys:
  28.  
  29. Antivirus total: 51
  30. Antivirus positives: 49
  31.  
  32.  
  33. Antivirus: Bkav
  34. Antivirus version: 1.3.0.4959
  35. Antivirus update: 20140606
  36. Malware: W32.SpyBotQ.Worm
  37.  
  38. Antivirus: MicroWorld-eScan
  39. Antivirus version: 12.0.250.0
  40. Antivirus update: 20140609
  41. Malware: Backdoor.SDbot.DFNQ
  42.  
  43. Antivirus: nProtect
  44. Antivirus version: 2014-06-08.01
  45. Antivirus update: 20140608
  46. Malware: Backdoor/W32.RBot.163840.U
  47.  
  48. Antivirus: CMC
  49. Antivirus version: 1.1.0.977
  50. Antivirus update: 20140609
  51. Malware: Generic.Win32.cf263991bb!CMCRadar
  52.  
  53. Antivirus: CAT-QuickHeal
  54. Antivirus version: 14.00
  55. Antivirus update: 20140607
  56. Malware: I-Worm.Bobic.fu.n4
  57.  
  58. Antivirus: McAfee
  59. Antivirus version: 6.0.4.564
  60. Antivirus update: 20140609
  61. Malware: W32/Sdbot.worm.gen.x
  62.  
  63. Antivirus: Malwarebytes
  64. Antivirus version: 1.75.0.1
  65. Antivirus update: 20140609
  66. Malware: Backdoor.RBot
  67.  
  68. Antivirus: TheHacker
  69. Antivirus version: 6.8.0.5.464
  70. Antivirus update: 20140606
  71. Malware: Backdoor/Rbot.aftu
  72.  
  73. Antivirus: K7GW
  74. Antivirus version: 9.179.12333
  75. Antivirus update: 20140606
  76. Malware: Backdoor ( 000df2a31 )
  77.  
  78. Antivirus: K7AntiVirus
  79. Antivirus version: 9.179.12333
  80. Antivirus update: 20140606
  81. Malware: Backdoor ( 000df2a31 )
  82.  
  83. Antivirus: Agnitum
  84. Antivirus version: 5.5.1.3
  85. Antivirus update: 20140608
  86. Malware: Worm.Rbot.AFAE
  87.  
  88. Antivirus: F-Prot
  89. Antivirus version: 4.7.1.166
  90. Antivirus update: 20140609
  91. Malware: W32/Backdoor.ZZR
  92.  
  93. Antivirus: Symantec
  94. Antivirus version: 20131.1.5.61
  95. Antivirus update: 20140609
  96. Malware: W32.IRCBot
  97.  
  98. Antivirus: Norman
  99. Antivirus version: 7.04.04
  100. Antivirus update: 20140608
  101. Malware: Rbot.dam
  102.  
  103. Antivirus: TotalDefense
  104. Antivirus version: 37.0.10987
  105. Antivirus update: 20140608
  106. Malware: Win32/Rbot.GCG
  107.  
  108. Antivirus: TrendMicro-HouseCall
  109. Antivirus version: 9.700.0.1001
  110. Antivirus update: 20140609
  111. Malware: BKDR_MYBOT.AH
  112.  
  113. Antivirus: Avast
  114. Antivirus version: 8.0.1489.320
  115. Antivirus update: 20140609
  116. Malware: Win32:Rbot-GNZ [Trj]
  117.  
  118. Antivirus: ClamAV
  119. Antivirus version: 0.98.3.0
  120. Antivirus update: 20140609
  121. Malware: Trojan.SdBot-9861
  122.  
  123. Antivirus: Kaspersky
  124. Antivirus version: 12.0.0.1225
  125. Antivirus update: 20140609
  126. Malware: Backdoor.Win32.Rbot.aftu
  127.  
  128. Antivirus: BitDefender
  129. Antivirus version: 7.2
  130. Antivirus update: 20140609
  131. Malware: Backdoor.SDbot.DFNQ
  132.  
  133. Antivirus: NANO-Antivirus
  134. Antivirus version: 0.28.0.60100
  135. Antivirus update: 20140609
  136. Malware: Trojan.Win32.Rbot.jcdl
  137.  
  138. Antivirus: ViRobot
  139. Antivirus version: 2011.4.7.4223
  140. Antivirus update: 20140609
  141. Malware: Backdoor.Win32.RBot.147456.D
  142.  
  143. Antivirus: SUPERAntiSpyware
  144. Antivirus version: 5.6.0.1032
  145. Antivirus update: 20140608
  146. Malware: Trojan.Agent/Gen
  147.  
  148. Antivirus: Tencent
  149. Antivirus version: 1.0.0.1
  150. Antivirus update: 20140609
  151. Malware: Win32.Backdoor.Rbot.Szva
  152.  
  153. Antivirus: Ad-Aware
  154. Antivirus version: 12.0.163.0
  155. Antivirus update: 20140609
  156. Malware: Backdoor.SDbot.DFNQ
  157.  
  158. Antivirus: Emsisoft
  159. Antivirus version: 3.0.0.599
  160. Antivirus update: 20140609
  161. Malware: Backdoor.SDbot.DFNQ (B)
  162.  
  163. Antivirus: Comodo
  164. Antivirus version: 18485
  165. Antivirus update: 20140609
  166. Malware: Backdoor.Win32.Rbot
  167.  
  168. Antivirus: F-Secure
  169. Antivirus version: 11.0.19100.45
  170. Antivirus update: 20140608
  171. Malware: Backdoor.SDbot.DFNQ
  172.  
  173. Antivirus: DrWeb
  174. Antivirus version: 7.0.7.12100
  175. Antivirus update: 20140609
  176. Malware: Win32.HLLW.MyBot.8091
  177.  
  178. Antivirus: VIPRE
  179. Antivirus version: 30108
  180. Antivirus update: 20140609
  181. Malware: Backdoor.Win32.Rbot.aftu (v)
  182.  
  183. Antivirus: AntiVir
  184. Antivirus version: 7.11.153.238
  185. Antivirus update: 20140609
  186. Malware: Worm/SdBo.167936.56
  187.  
  188. Antivirus: TrendMicro
  189. Antivirus version: 9.740.0.1012
  190. Antivirus update: 20140609
  191. Malware: BKDR_MYBOT.AH
  192.  
  193. Antivirus: McAfee-GW-Edition
  194. Antivirus version: 2013
  195. Antivirus update: 20140608
  196. Malware: Heuristic.BehavesLike.Win32.Suspicious-BAY.G
  197.  
  198. Antivirus: Sophos
  199. Antivirus version: 4.98.0
  200. Antivirus update: 20140609
  201. Malware: W32/Rbot-GSL
  202.  
  203. Antivirus: ESET-NOD32
  204. Antivirus version: 9914
  205. Antivirus update: 20140609
  206. Malware: Win32/Rbot
  207.  
  208. Antivirus: Antiy-AVL
  209. Antivirus version: 1.0.0.1
  210. Antivirus update: 20140609
  211. Malware: Trojan[Backdoor]/Win32.Rbot
  212.  
  213. Antivirus: Kingsoft
  214. Antivirus version: 2013.4.9.267
  215. Antivirus update: 20140609
  216. Malware: Worm.Bobic.ig.(kcloud)
  217.  
  218. Antivirus: Microsoft
  219. Antivirus version: 1.10600
  220. Antivirus update: 20140609
  221. Malware: Backdoor:Win32/Rbot
  222.  
  223. Antivirus: AhnLab-V3
  224. Antivirus version: 2014.06.09.01
  225. Antivirus update: 20140609
  226. Malware: Backdoor/Win32.Rbot
  227.  
  228. Antivirus: GData
  229. Antivirus version: 24
  230. Antivirus update: 20140609
  231. Malware: Backdoor.SDbot.DFNQ
  232.  
  233. Antivirus: Commtouch
  234. Antivirus version: 5.4.1.7
  235. Antivirus update: 20140609
  236. Malware: W32/Backdoor.CLQG-2510
  237.  
  238. Antivirus: VBA32
  239. Antivirus version: 3.12.26.0
  240. Antivirus update: 20140607
  241. Malware: Backdoor.Rbot
  242.  
  243. Antivirus: Panda
  244. Antivirus version: 10.0.3.5
  245. Antivirus update: 20140608
  246. Malware: W32/Gaobot.PCK.worm
  247.  
  248. Antivirus: Rising
  249. Antivirus version: 25.0.0.11
  250. Antivirus update: 20140608
  251. Malware: PE:Backdoor.Mybot.wzj!1074836425
  252.  
  253. Antivirus: Ikarus
  254. Antivirus version: T3.1.6.1.0
  255. Antivirus update: 20140609
  256. Malware: Virus.Win32.Rbot
  257.  
  258. Antivirus: Fortinet
  259. Antivirus version: 5.1.147.0
  260. Antivirus update: 20140608
  261. Malware: W32/RBot.AFTU!tr.bdr
  262.  
  263. Antivirus: AVG
  264. Antivirus version: 14.0.0.3955
  265. Antivirus update: 20140608
  266. Malware: IRC/BackDoor.SdBot4.RJW
  267.  
  268. Antivirus: Baidu-International
  269. Antivirus version: 3.5.1.41473
  270. Antivirus update: 20140608
  271. Malware: Backdoor.Win32.Rbot.aDH
  272.  
  273. Antivirus: Qihoo-360
  274. Antivirus version: 1.0.0.1015
  275. Antivirus update: 20140609
  276. Malware: Win32/Worm.BO.2aa
  277.  
  278.  
  279.  
  280.  
  281. Static analysis with PEframe:
  282.  
  283. Short information
  284. ------------------------------------------------------------
  285. File Name cf263991bb889c28e6185ac4dd24668f
  286. File Size 163840 byte
  287. Compile Time 1970-01-01 01:00:00
  288. DLL False
  289. Sections 4
  290. Hash MD5 cf263991bb889c28e6185ac4dd24668f
  291. Hash SHA-1 e285ec5c0baf46398f11bc1f96d197dd94395246
  292. Imphash a7333743ef063a68d1d860bbdf1c328e
  293. Directory Import
  294.  
  295. Suspicious API discovered [2]
  296. ------------------------------------------------------------
  297. Function LoadLibraryA
  298. Function VirtualAlloc
  299.  
  300. Suspicious Sections discovered [4]
  301. ------------------------------------------------------------
  302. Section
  303. Hash MD5 fc3fba3686eec07c41be729d85733ae2
  304. Hash SHA-1 ad18810c86ee75b85ba002d72ea7bc8ac2a74ed4
  305. Section
  306. Hash MD5 1317c43e52e2cfdcf141de023ed651bd
  307. Hash SHA-1 f5ea021d5a9087cbb7b89505a7ee7262b13d19ec
  308. Section
  309. Hash MD5 9c93fc8b7fc0dbe1d670a153e711a173
  310. Hash SHA-1 e47d44f1d995bec3c3de0cc77700656dcc32503f
  311. Section
  312. Hash MD5 256a9e7ccb584110e457f38db9fb00c4
  313. Hash SHA-1 22378829e85660826a6b97e15399110e00fd9531
  314.  
  315. File name discovered [1]
  316. ------------------------------------------------------------
  317. Library KERNEL32.dll
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!