Title: Anyone else get this malware email? Post by: theymos on May 24, 2012, 07:24:27 PM I received this file via email. I suspect it is malware -- possibly a wallet-stealer. Did anyone else get this?
http://www5.zippyshare.com/v/12732912/file.html (Warning: probable malware) Quote from: Email Invitation to ecurrency conference. http:// asiaelektronik.com/docs/processdl.html Please let us know if you interested. Thanks & Regards The ecurrency part makes me think it's targeted to Bitcoin users. Title: Re: Anyone else get this malware email? Post by: ribuck on May 24, 2012, 07:29:54 PM I got it too. I deleted it without clicking, so I don't know where the link goes.
Title: Re: Anyone else get this malware email? Post by: rjk on May 24, 2012, 08:05:50 PM File ends in .xls.scr.xls. .scr is the same as .exe, used in screensavers but can do anything that a standard executable can do.
EDIT: https://www.virustotal.com/file/b50dd5b511934b97edf77f7611e5b007d330c6adfe68adeb167068a20b38409f/analysis/#additional-info Title: Re: Anyone else get this malware email? Post by: ZodiacDragon84 on May 25, 2012, 02:48:42 AM File ends in .xls.scr.xls. .scr is the same as .exe, used in screensavers but can do anything that a standard executable can do. EDIT: https://www.virustotal.com/file/b50dd5b511934b97edf77f7611e5b007d330c6adfe68adeb167068a20b38409f/analysis/#additional-info A screensaver miner maybe? Title: Re: Anyone else get this malware email? Post by: rjk on May 25, 2012, 03:32:05 AM File ends in .xls.scr.xls. .scr is the same as .exe, used in screensavers but can do anything that a standard executable can do. EDIT: https://www.virustotal.com/file/b50dd5b511934b97edf77f7611e5b007d330c6adfe68adeb167068a20b38409f/analysis/#additional-info A screensaver miner maybe? Title: Re: Anyone else get this malware email? Post by: ZodiacDragon84 on May 25, 2012, 03:36:43 AM Truth be told, I ran it on my offline virtual machine, and I have no freaking Idea what it does.
Title: Re: Anyone else get this malware email? Post by: rjk on May 25, 2012, 03:54:22 AM Truth be told, I ran it on my offline virtual machine, and I have no freaking Idea what it does. Run it in a VM with Sandboxie, with logging enabled. The Sandboxie logs will tell you all the files and registry objects that the programs touches, whether in a read or a write operation.Title: Re: Anyone else get this malware email? Post by: ZodiacDragon84 on May 25, 2012, 04:10:14 AM Give me a bit, and I will have a log ready as soon as I run it. Call it my White hat deed of the day...lol
Cant figure out how to make a log at moment, but none of my scans are showing really anything malicious. multi scanner results http://metascan.org/result.php?scan=MzkxODYx Title: Re: Anyone else get this malware email? Post by: ZodiacDragon84 on May 25, 2012, 04:38:51 AM imunitet and Panda did find this:
http://virusremoval.info/Remove/Trojan/TrojanHorse/Trojan.aspx?name=Trojan.Generic.KDV.102762 Title: Re: Anyone else get this malware email? Post by: theymos on May 25, 2012, 05:53:31 AM It just displayed gibberish when I opened it in Office 2007. Didn't touch any files. Maybe it targets some other vulnerable software.
Title: Re: Anyone else get this malware email? Post by: Foxpup on May 25, 2012, 06:09:45 AM It just displayed gibberish when I opened it in Office 2007. Didn't touch any files. Maybe it targets some other vulnerable software. It's a Win32 executable, not an Office file. The vulnerable software it targets is Windows. ;) Title: Re: Anyone else get this malware email? Post by: ZodiacDragon84 on May 25, 2012, 06:13:18 AM It is hiding a trojan. Out of the 32 scans I ran, it only popped up in 2 of them. All the appropriate information is posted in my previous posts links.
Title: Re: Anyone else get this malware email? Post by: rjk on May 25, 2012, 12:50:20 PM A form grabber. Interesting.
Title: Re: Anyone else get this malware email? Post by: Graet on May 27, 2012, 03:24:34 AM http://anubis.iseclab.org/
Anubis: Analyzing Unknown Binaries, rather useful site too :) Title: Re: Anyone else get this malware email? Post by: rjk on May 27, 2012, 03:45:19 AM http://anubis.iseclab.org/ Cool site! Analysis of this particular sample: http://anubis.iseclab.org/?action=result&task_id=10628d7019a46f47405a49a63bcc93a25Anubis: Analyzing Unknown Binaries, rather useful site too :) It appears to be a trojan that does keylogging, and installs a reverse shell or VNC-type program. It does 2 DNS lookups and a few http connections, all shown in the report. Here is the beginning of the text report, not all of it will fit due to forum limits on the amount of text in one post: Code: ___ __ _ Title: Re: Anyone else get this malware email? Post by: ZodiacDragon84 on May 27, 2012, 08:40:43 PM Thank you for adding! I always love new tools in my arsenal
|