Skip navigation.
Home
WARNING: This site contains samples of live malware. Use at your own risk.

Acebot and CIH

| |

Thanks to Scarlet Pimpernel for multiple contributions!

#################################
FILE TYPE: MS-DOS executable (EXE), OS/2 or MS Windows
MD5SUM: 515980587de204fad7333d8a4f2bbd51
SHA1SUM: 7f2149706862d26240d1921c78e99b3e9046430b
SHA256SUM: 4e16e340dbe7fae2661a34961ae110d139d8cc3a38283ef3b7528863e52b4fe9
A/V SCAN: Trojan.Acebot-1
#################################
> perl scan.pl Worm.Win32.Newbiero.032.032
#################################
FILE TYPE: MS-DOS executable (EXE), OS/2 or MS Windows
MD5SUM: 823b48f2646ebe622f264dacda91b492
SHA1SUM: 0e46b606cfca97370989dbeec7fe55b18e97af7f

Broken_Executable

| |

thanks to sevill for the contribution:

#################################
FILE TYPE: MS-DOS executable (EXE), OS/2 or MS Windows
MD5SUM: c686e9b14452fd4b15c4799382b0df1b
SHA1SUM: a48c52aaab09c36540836d9192510780bee8be78
SHA256SUM: 61670a687a506301c4507123eb74e90aac6c01c88a73c2c3dc7681789bc80cff
A/V SCAN: Broken.Executable
PACKER: SVKP 1.3x Pavol Cerven - Slovak Protector encrypted !
#################################

trojan_spybot-123

| |

thanks to sevill for the contribution:

#################################
FILE TYPE: MS-DOS executable (EXE), OS/2 or MS Windows
MD5SUM: 4e89934d3554741f832cd39084d6d489
SHA1SUM: e02d45d03f7b9c2b5179f19384030f106aa93186
SHA256SUM: 12d36ae4e96fbe8403602dcd83a4bde4c2365d321546bb80e1a27e3c26cdfd76
A/V SCAN: Trojan.Spybot-123
PACKER: [!] SVKP - Slovak Protector encrypted !
#################################

Big Thanks to pstach

| |

For all the hard work and submissions today. I think thats a record!

V.

Worm.Ardurk.G

Ardurk.G, useds a modified version of PE_PATCH packer.

MD5: bd243bed6aed37341c87416785b5587a
SHA1: a978ad431c92a527bdff431c7f75bf2f0045aa37

AntiVir Found Worm/Arduk.G
ArcaVir Found nothing
Avast Found Win32:Ardurk
AVG Antivirus Found nothing
BitDefender Found Win32.Ardurk.A
ClamAV Found Worm.Ardurk.G
Dr.Web Found Win32.Artur.9216
F-Prot Antivirus Found W32/Ardurk.A@mm
Fortinet Found W32/Adurk.A-mm
Kaspersky Anti-Virus Found Email-Worm.Win32.Ardurk.g
NOD32 Found Win32/Ardurk.G
Norman Virus Control Found nothing
UNA Found I-Worm.Ardurk.g
VBA32 Found Win32.Worm.Ardurk.g

Trojan.Win32.Zapchast

Found this in some spam. Apparently someone bulk emailed out the url: http://postcards2005.home.ro/postcards.gif.exe

The binary is an IRC controlled trojan.

Has an interesting XML blob in it as well, which when changed, makes a lot of AV software misdetect it:

WinRAR archiver.

W32/Netsky.D@mm

Yet another NetSky variant. Uses the "Petite" packer.

MD5: f2bb4d11b28b4a37f94c685b554cb5b0
SHA1: c2cd401716df387ff21db75ebf047c4c26abcc86

AntiVir Found Worm/Netsky.D.Dam
ArcaVir Found Worm.Netsky.D
Avast Found Win32:Netsky-D
AVG Antivirus Found I-Worm/Netsky.D
BitDefender Found Win32.Netsky.D
ClamAV Found Worm.SomeFool.Gen-1
Dr.Web Found Win32.HLLM.Netsky.based
F-Prot Antivirus Found W32/Netsky.D@mm
Fortinet Found W32/Netsky.D-mm
Kaspersky Anti-Virus Found Email-Worm.Win32.NetSky.d
NOD32 Found Win32/Netsky.D
Norman Virus Control Found Netsky.D@mm
UNA Found I-Worm.NoDoom.d

Win32.Bagle.U@mm

Bagel.U Bagel variant.

MD5: bbe239359da199a09abff39452c1f3e0
SHA1: 964b9d83a435d6f258f7dda7e0f56f7bef1b60df

AntiVir Found Worm/Bagle.U.2
ArcaVir Found Worm.Beagle.U
Avast Found Win32:Beagle-U
AVG Antivirus Found I-Worm/Bagle.U
BitDefender Found Win32.Bagle.U@mm
ClamAV Found Worm.Bagle.U
Dr.Web Found Win32.HLLM.Beagle.based
F-Prot Antivirus Found W32/Bagle.U@mm
Fortinet Found W32/Bagle.U-mm
Kaspersky Anti-Virus Found Email-Worm.Win32.Bagle.s
NOD32 Found Win32/Bagle.U
Norman Virus Control Found Bagle.U@mm
UNA Found I-Worm.Bagle.s
VBA32 Found Win32.Worm.Bagle.s

W32/Netsky.B@mm

Another virus in recent email, apparently still in circulation.

MD5 (of zip per email): c6afed3d21cc77e55d59b0bbaf483a7c
SHA1: 35068c9691157887f0746c4fc977bc99f982f79d

Finally something everyone agrees on:

AntiVir Found Worm/NetSky.#1
ArcaVir Found Worm.Netsky.B
Avast Found Win32:Netsky-B
AVG Antivirus Found I-Worm/Netsky.B
BitDefender Found Win32.Netsky.B@mm
ClamAV Found Worm.SomeFool.Gen-2
Dr.Web Found Win32.HLLM.Netsky.based
F-Prot Antivirus Found W32/Netsky.B@mm
Fortinet Found W32/Netsky.B-mm
Kaspersky Anti-Virus Found Email-Worm.Win32.NetSky.b
NOD32 Found Win32/Netsky.B

HTML.Phishing.Bank-1

Found this attached to an email, Clamav caught it, none of the others did.

MD5: b542a99d11181bc71f40628a72c4c80d
SHA1: f823712163961bfb59d894089fc466648fdae962

Zip contains GIF file attached to email, along with the orignal email with hostnames removed.