Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- OpenBlackList (twitter: @OpenBlackList) . A project by ElCatapan (twitter: @ElCatapan).
- This paste contain information about attacks collected from my honeypot systems.
- Date: 2015-09-24
- Source of the attack: 178.174.152.35 (AS21250-Customer access block),located in Sweden
- Service attacked: MSRPC
- Action: Malware propagation
- MD5 sample: cf263991bb889c28e6185ac4dd24668f
- Downloads number: 1
- Download URL:
- tftp://178.174.152.35/ssms.exe
- Offer URL:
- tftp://178.174.152.35/ssms.exe
- VirusTotal Analisys:
- Antivirus total: 51
- Antivirus positives: 49
- Antivirus: Bkav
- Antivirus version: 1.3.0.4959
- Antivirus update: 20140606
- Malware: W32.SpyBotQ.Worm
- Antivirus: MicroWorld-eScan
- Antivirus version: 12.0.250.0
- Antivirus update: 20140609
- Malware: Backdoor.SDbot.DFNQ
- Antivirus: nProtect
- Antivirus version: 2014-06-08.01
- Antivirus update: 20140608
- Malware: Backdoor/W32.RBot.163840.U
- Antivirus: CMC
- Antivirus version: 1.1.0.977
- Antivirus update: 20140609
- Malware: Generic.Win32.cf263991bb!CMCRadar
- Antivirus: CAT-QuickHeal
- Antivirus version: 14.00
- Antivirus update: 20140607
- Malware: I-Worm.Bobic.fu.n4
- Antivirus: McAfee
- Antivirus version: 6.0.4.564
- Antivirus update: 20140609
- Malware: W32/Sdbot.worm.gen.x
- Antivirus: Malwarebytes
- Antivirus version: 1.75.0.1
- Antivirus update: 20140609
- Malware: Backdoor.RBot
- Antivirus: TheHacker
- Antivirus version: 6.8.0.5.464
- Antivirus update: 20140606
- Malware: Backdoor/Rbot.aftu
- Antivirus: K7GW
- Antivirus version: 9.179.12333
- Antivirus update: 20140606
- Malware: Backdoor ( 000df2a31 )
- Antivirus: K7AntiVirus
- Antivirus version: 9.179.12333
- Antivirus update: 20140606
- Malware: Backdoor ( 000df2a31 )
- Antivirus: Agnitum
- Antivirus version: 5.5.1.3
- Antivirus update: 20140608
- Malware: Worm.Rbot.AFAE
- Antivirus: F-Prot
- Antivirus version: 4.7.1.166
- Antivirus update: 20140609
- Malware: W32/Backdoor.ZZR
- Antivirus: Symantec
- Antivirus version: 20131.1.5.61
- Antivirus update: 20140609
- Malware: W32.IRCBot
- Antivirus: Norman
- Antivirus version: 7.04.04
- Antivirus update: 20140608
- Malware: Rbot.dam
- Antivirus: TotalDefense
- Antivirus version: 37.0.10987
- Antivirus update: 20140608
- Malware: Win32/Rbot.GCG
- Antivirus: TrendMicro-HouseCall
- Antivirus version: 9.700.0.1001
- Antivirus update: 20140609
- Malware: BKDR_MYBOT.AH
- Antivirus: Avast
- Antivirus version: 8.0.1489.320
- Antivirus update: 20140609
- Malware: Win32:Rbot-GNZ [Trj]
- Antivirus: ClamAV
- Antivirus version: 0.98.3.0
- Antivirus update: 20140609
- Malware: Trojan.SdBot-9861
- Antivirus: Kaspersky
- Antivirus version: 12.0.0.1225
- Antivirus update: 20140609
- Malware: Backdoor.Win32.Rbot.aftu
- Antivirus: BitDefender
- Antivirus version: 7.2
- Antivirus update: 20140609
- Malware: Backdoor.SDbot.DFNQ
- Antivirus: NANO-Antivirus
- Antivirus version: 0.28.0.60100
- Antivirus update: 20140609
- Malware: Trojan.Win32.Rbot.jcdl
- Antivirus: ViRobot
- Antivirus version: 2011.4.7.4223
- Antivirus update: 20140609
- Malware: Backdoor.Win32.RBot.147456.D
- Antivirus: SUPERAntiSpyware
- Antivirus version: 5.6.0.1032
- Antivirus update: 20140608
- Malware: Trojan.Agent/Gen
- Antivirus: Tencent
- Antivirus version: 1.0.0.1
- Antivirus update: 20140609
- Malware: Win32.Backdoor.Rbot.Szva
- Antivirus: Ad-Aware
- Antivirus version: 12.0.163.0
- Antivirus update: 20140609
- Malware: Backdoor.SDbot.DFNQ
- Antivirus: Emsisoft
- Antivirus version: 3.0.0.599
- Antivirus update: 20140609
- Malware: Backdoor.SDbot.DFNQ (B)
- Antivirus: Comodo
- Antivirus version: 18485
- Antivirus update: 20140609
- Malware: Backdoor.Win32.Rbot
- Antivirus: F-Secure
- Antivirus version: 11.0.19100.45
- Antivirus update: 20140608
- Malware: Backdoor.SDbot.DFNQ
- Antivirus: DrWeb
- Antivirus version: 7.0.7.12100
- Antivirus update: 20140609
- Malware: Win32.HLLW.MyBot.8091
- Antivirus: VIPRE
- Antivirus version: 30108
- Antivirus update: 20140609
- Malware: Backdoor.Win32.Rbot.aftu (v)
- Antivirus: AntiVir
- Antivirus version: 7.11.153.238
- Antivirus update: 20140609
- Malware: Worm/SdBo.167936.56
- Antivirus: TrendMicro
- Antivirus version: 9.740.0.1012
- Antivirus update: 20140609
- Malware: BKDR_MYBOT.AH
- Antivirus: McAfee-GW-Edition
- Antivirus version: 2013
- Antivirus update: 20140608
- Malware: Heuristic.BehavesLike.Win32.Suspicious-BAY.G
- Antivirus: Sophos
- Antivirus version: 4.98.0
- Antivirus update: 20140609
- Malware: W32/Rbot-GSL
- Antivirus: ESET-NOD32
- Antivirus version: 9914
- Antivirus update: 20140609
- Malware: Win32/Rbot
- Antivirus: Antiy-AVL
- Antivirus version: 1.0.0.1
- Antivirus update: 20140609
- Malware: Trojan[Backdoor]/Win32.Rbot
- Antivirus: Kingsoft
- Antivirus version: 2013.4.9.267
- Antivirus update: 20140609
- Malware: Worm.Bobic.ig.(kcloud)
- Antivirus: Microsoft
- Antivirus version: 1.10600
- Antivirus update: 20140609
- Malware: Backdoor:Win32/Rbot
- Antivirus: AhnLab-V3
- Antivirus version: 2014.06.09.01
- Antivirus update: 20140609
- Malware: Backdoor/Win32.Rbot
- Antivirus: GData
- Antivirus version: 24
- Antivirus update: 20140609
- Malware: Backdoor.SDbot.DFNQ
- Antivirus: Commtouch
- Antivirus version: 5.4.1.7
- Antivirus update: 20140609
- Malware: W32/Backdoor.CLQG-2510
- Antivirus: VBA32
- Antivirus version: 3.12.26.0
- Antivirus update: 20140607
- Malware: Backdoor.Rbot
- Antivirus: Panda
- Antivirus version: 10.0.3.5
- Antivirus update: 20140608
- Malware: W32/Gaobot.PCK.worm
- Antivirus: Rising
- Antivirus version: 25.0.0.11
- Antivirus update: 20140608
- Malware: PE:Backdoor.Mybot.wzj!1074836425
- Antivirus: Ikarus
- Antivirus version: T3.1.6.1.0
- Antivirus update: 20140609
- Malware: Virus.Win32.Rbot
- Antivirus: Fortinet
- Antivirus version: 5.1.147.0
- Antivirus update: 20140608
- Malware: W32/RBot.AFTU!tr.bdr
- Antivirus: AVG
- Antivirus version: 14.0.0.3955
- Antivirus update: 20140608
- Malware: IRC/BackDoor.SdBot4.RJW
- Antivirus: Baidu-International
- Antivirus version: 3.5.1.41473
- Antivirus update: 20140608
- Malware: Backdoor.Win32.Rbot.aDH
- Antivirus: Qihoo-360
- Antivirus version: 1.0.0.1015
- Antivirus update: 20140609
- Malware: Win32/Worm.BO.2aa
- Static analysis with PEframe:
- Short information
- ------------------------------------------------------------
- File Name cf263991bb889c28e6185ac4dd24668f
- File Size 163840 byte
- Compile Time 1970-01-01 01:00:00
- DLL False
- Sections 4
- Hash MD5 cf263991bb889c28e6185ac4dd24668f
- Hash SHA-1 e285ec5c0baf46398f11bc1f96d197dd94395246
- Imphash a7333743ef063a68d1d860bbdf1c328e
- Directory Import
- Suspicious API discovered [2]
- ------------------------------------------------------------
- Function LoadLibraryA
- Function VirtualAlloc
- Suspicious Sections discovered [4]
- ------------------------------------------------------------
- Section
- Hash MD5 fc3fba3686eec07c41be729d85733ae2
- Hash SHA-1 ad18810c86ee75b85ba002d72ea7bc8ac2a74ed4
- Section
- Hash MD5 1317c43e52e2cfdcf141de023ed651bd
- Hash SHA-1 f5ea021d5a9087cbb7b89505a7ee7262b13d19ec
- Section
- Hash MD5 9c93fc8b7fc0dbe1d670a153e711a173
- Hash SHA-1 e47d44f1d995bec3c3de0cc77700656dcc32503f
- Section
- Hash MD5 256a9e7ccb584110e457f38db9fb00c4
- Hash SHA-1 22378829e85660826a6b97e15399110e00fd9531
- File name discovered [1]
- ------------------------------------------------------------
- Library KERNEL32.dll
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement