Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- OpenBlackList (twitter: @OpenBlackList) . A project by ElCatapan (twitter: @ElCatapan).
- This paste contain information about attacks collected from my honeypot systems.
- Date: 2015-10-03
- Source of the attack: 186.74.238.212 (AS11556-Cable & Wireless Panama),located in Panama
- Service attacked: SMB
- Action: Malware propagation
- MD5 sample: 4d4c2729b8aa56e70eaf9ef84e9d5d3d
- Downloads number: 1
- Download URL:
- smb://::ffff:186.74.238.212
- Offer URL:
- smb://::ffff:186.74.238.212/csrss.exe
- VirusTotal Analisys:
- Antivirus total: 56
- Antivirus positives: 52
- Antivirus: Bkav
- Antivirus version: 1.3.0.7237
- Antivirus update: 20150928
- Malware: W32.TBrambulA.Trojan
- Antivirus: MicroWorld-eScan
- Antivirus version: 12.0.250.0
- Antivirus update: 20150929
- Malware: Worm.Generic.230976
- Antivirus: nProtect
- Antivirus version: 2015-09-25.01
- Antivirus update: 20150925
- Malware: Trojan-Spy/W32.Agent.57344.KT
- Antivirus: CMC
- Antivirus version: 1.1.0.977
- Antivirus update: 20150928
- Malware: Trojan-Spy.Win32.Agent!O
- Antivirus: CAT-QuickHeal
- Antivirus version: 14.00
- Antivirus update: 20150928
- Malware: TrojanSpy.Agent.bbel.n4
- Antivirus: ALYac
- Antivirus version: 1.0.1.4
- Antivirus update: 20150929
- Malware: Trojan.Spammer.57344
- Antivirus: Malwarebytes
- Antivirus version: 2.1.1.1115
- Antivirus update: 20150929
- Malware: Trojan.Agent
- Antivirus: VIPRE
- Antivirus version: 44142
- Antivirus update: 20150929
- Malware: Trojan.Win32.Generic!BT
- Antivirus: TheHacker
- Antivirus version: 6.8.0.5.681
- Antivirus update: 20150929
- Malware: Trojan/Spy.Agent.bmxb
- Antivirus: BitDefender
- Antivirus version: 7.2
- Antivirus update: 20150929
- Malware: Worm.Generic.230976
- Antivirus: K7GW
- Antivirus version: 9.210.17358
- Antivirus update: 20150928
- Malware: Backdoor ( 04c4f2671 )
- Antivirus: K7AntiVirus
- Antivirus version: 9.210.17358
- Antivirus update: 20150928
- Malware: Backdoor ( 04c4f2671 )
- Antivirus: NANO-Antivirus
- Antivirus version: 0.30.26.3725
- Antivirus update: 20150929
- Malware: Trojan.Win32.Agent.bmgds
- Antivirus: Cyren
- Antivirus version: 5.4.16.7
- Antivirus update: 20150929
- Malware: W32/Agent.IX.gen!Eldorado
- Antivirus: Symantec
- Antivirus version: 20141.2.0.56
- Antivirus update: 20150928
- Malware: Trojan Horse
- Antivirus: ESET-NOD32
- Antivirus version: 12325
- Antivirus update: 20150929
- Malware: Win32/Pepex.F
- Antivirus: TrendMicro-HouseCall
- Antivirus version: 9.800.0.1009
- Antivirus update: 20150929
- Malware: WORM_MYDOOM.WA
- Antivirus: Avast
- Antivirus version: 8.0.1489.320
- Antivirus update: 20150929
- Malware: Win32:Agent-AOKX [Trj]
- Antivirus: ClamAV
- Antivirus version: 0.98.5.0
- Antivirus update: 20150929
- Malware: Trojan.Spy-78857
- Antivirus: Kaspersky
- Antivirus version: 15.0.1.10
- Antivirus update: 20150929
- Malware: Email-Worm.Win32.Pepex.o
- Antivirus: Agnitum
- Antivirus version: 5.5.1.3
- Antivirus update: 20150928
- Malware: Trojan.Brambul!EaXSuFVXfdU
- Antivirus: ViRobot
- Antivirus version: 2014.3.20.0
- Antivirus update: 20150929
- Malware: Trojan.Win32.Agent.57344.TI[h]
- Antivirus: SUPERAntiSpyware
- Antivirus version: 5.6.0.1032
- Antivirus update: 20150929
- Malware: Trojan.Agent/Gen-Brambul
- Antivirus: Rising
- Antivirus version: 25.0.0.17
- Antivirus update: 20150928
- Malware: PE:Backdoor.Win32.Mnless.diy!1541335[F1]
- Antivirus: Ad-Aware
- Antivirus version: 12.0.163.0
- Antivirus update: 20150929
- Malware: Worm.Generic.230976
- Antivirus: Sophos
- Antivirus version: 4.98.0
- Antivirus update: 20150928
- Malware: Mal/Spy-Y
- Antivirus: Comodo
- Antivirus version: 23321
- Antivirus update: 20150929
- Malware: TrojWare.Win32.Agent.mtv0
- Antivirus: F-Secure
- Antivirus version: 11.0.19100.45
- Antivirus update: 20150929
- Malware: Worm.Generic.230976
- Antivirus: DrWeb
- Antivirus version: 7.0.15.8310
- Antivirus update: 20150929
- Malware: Win32.HLLW.Bumble
- Antivirus: Zillya
- Antivirus version: 2.0.0.2419
- Antivirus update: 20150928
- Malware: Trojan.Agent.Win32.100751
- Antivirus: TrendMicro
- Antivirus version: 9.740.0.1012
- Antivirus update: 20150929
- Malware: WORM_MYDOOM.WA
- Antivirus: McAfee-GW-Edition
- Antivirus version: v2015
- Antivirus update: 20150929
- Malware: Downloader-CUZ
- Antivirus: Emsisoft
- Antivirus version: 3.5.0.642
- Antivirus update: 20150929
- Malware: Worm.Generic.230976 (B)
- Antivirus: F-Prot
- Antivirus version: 4.7.1.166
- Antivirus update: 20150929
- Malware: W32/Agent.IX.gen!Eldorado
- Antivirus: Jiangmin
- Antivirus version: 16.0.100
- Antivirus update: 20150927
- Malware: TrojanSpy.Agent.mza
- Antivirus: Avira
- Antivirus version: 8.3.2.2
- Antivirus update: 20150929
- Malware: TR/Agent.mtv
- Antivirus: Antiy-AVL
- Antivirus version: 1.0.0.1
- Antivirus update: 20150929
- Malware: Trojan[Spy]/Win32.Agent
- Antivirus: Kingsoft
- Antivirus version: 2013.4.9.267
- Antivirus update: 20150929
- Malware: Win32.Troj.Agent.(kcloud)
- Antivirus: Arcabit
- Antivirus version: 1.0.0.567
- Antivirus update: 20150929
- Malware: Worm.Generic.D38640
- Antivirus: AhnLab-V3
- Antivirus version: 2015.09.29.00
- Antivirus update: 20150928
- Malware: Trojan/Win32.Npkon
- Antivirus: Microsoft
- Antivirus version: 1.1.12101.0
- Antivirus update: 20150929
- Malware: Trojan:Win32/Brambul.A!dha
- Antivirus: TotalDefense
- Antivirus version: 37.1.62.1
- Antivirus update: 20150929
- Malware: Win32/Tnega.WW
- Antivirus: McAfee
- Antivirus version: 6.0.6.653
- Antivirus update: 20150929
- Malware: Downloader-CUZ
- Antivirus: AVware
- Antivirus version: 1.5.0.21
- Antivirus update: 20150929
- Malware: Trojan.Win32.Generic!BT
- Antivirus: VBA32
- Antivirus version: 3.12.26.4
- Antivirus update: 20150928
- Malware: TrojanSpy.Agent
- Antivirus: Panda
- Antivirus version: 4.6.4.2
- Antivirus update: 20150928
- Malware: Generic Malware
- Antivirus: Tencent
- Antivirus version: 1.0.0.1
- Antivirus update: 20150929
- Malware: Win32.Worm-email.Pepex.Pegi
- Antivirus: Ikarus
- Antivirus version: T3.1.9.5.0
- Antivirus update: 20150929
- Malware: Trojan-Spy.Win32.Agent
- Antivirus: GData
- Antivirus version: 25
- Antivirus update: 20150929
- Malware: Worm.Generic.230976
- Antivirus: AVG
- Antivirus version: 16.0.0.4419
- Antivirus update: 20150929
- Malware: PSW.Agent.AHCN
- Antivirus: Baidu-International
- Antivirus version: 3.5.1.41473
- Antivirus update: 20150928
- Malware: Worm.Win32.Pepex.F
- Antivirus: Qihoo-360
- Antivirus version: 1.0.0.1015
- Antivirus update: 20150929
- Malware: Win32/RootKit.Rootkit.7e5
- Static analysis with PEframe:
- Short information
- ------------------------------------------------------------
- File Name 4d4c2729b8aa56e70eaf9ef84e9d5d3d
- File Size 57344 byte
- Compile Time 2009-10-14 14:45:54
- DLL False
- Sections 4
- Hash MD5 4d4c2729b8aa56e70eaf9ef84e9d5d3d
- Hash SHA-1 e10c84a65e928dbc03e5a84ee4dc5a96304d2707
- Imphash 2b018f96d7cda0b915d2c1dcb16595c4
- Detected Packer, Anti Debug
- Directory Import, Resource
- Packer matched [4]
- ------------------------------------------------------------
- Packer Microsoft Visual C++ v6.0
- Packer Microsoft Visual C++ 5.0
- Packer Microsoft Visual C++
- Packer Installer VISE Custom
- Anti Debug discovered [3]
- ------------------------------------------------------------
- Function GetLastError
- Function TerminateProcess
- Function UnhandledExceptionFilter
- Suspicious API discovered [34]
- ------------------------------------------------------------
- Function CloseHandle
- Function CopyFileA
- Function CreateFileA
- Function CreateProcessA
- Function CreateServiceA
- Function ExitProcess
- Function FindResourceA
- Function GetCommandLineA
- Function GetCurrentProcess
- Function GetModuleFileNameA
- Function GetModuleHandleA
- Function GetProcAddress
- Function GetStartupInfoA
- Function GetSystemDirectoryA
- Function GetTickCount
- Function GetUserNameA
- Function LoadLibraryA
- Function LockResource
- Function RegCloseKey
- Function RegOpenKeyExA
- Function Sleep
- Function StartServiceA
- Function TerminateProcess
- Function UnhandledExceptionFilter
- Function VirtualAlloc
- Function VirtualFree
- Function WSAStartup
- Function WriteFile
- Function closesocket
- Function connect
- Function recv
- Function send
- Function sendto
- Function socket
- Suspicious Sections discovered [1]
- ------------------------------------------------------------
- Section .rsrc
- Hash MD5 885b726aee5a5c6372c32a6860008a17
- Hash SHA-1 f754c4e383c9c220da418922c75a8e4ddf95a80a
- File name discovered [12]
- ------------------------------------------------------------
- Executable %SystemRoot%\csrss.exe
- Executable %s\admin$\csrss.exe
- Executable \lsasvc.exe
- Library 32.dll
- Library ADVAPI32.dll
- Library KERNEL32.dll
- Library MSVCRT.dll
- Library USER32.dll
- Library WS2_32.dll
- Library dnsapi.dll
- Library iphlpapi.dll
- Library user32.dll
- Url discovered [5]
- ------------------------------------------------------------
- Url gmail-smtp-in.l.google.com
- Url gmail.com
- Url google.com
- Url johnS203@yahoo.com
- Url whiat1001@gmail.com
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement