Skip navigation.

Ani Maker


Just uploaded an ANI maker.
It generates an index.html and 2 jpg files.
MD5: 66b803e2903afbd00642193b2ba63a29

AhnLab-V3 2007.4.18.0 04.17.2007 no virus found
AntiVir 04.17.2007 no virus found
Authentium 4.93.8 04.18.2007 no virus found
Avast 4.7.981.0 04.17.2007 no virus found
AVG 04.17.2007 no virus found
BitDefender 7.2 04.18.2007 no virus found
CAT-QuickHeal 9.00 04.17.2007 no virus found
ClamAV devel-20070312 04.18.2007 no virus found
DrWeb 4.33 04.17.2007 no virus found
eSafe 04.17.2007 no virus found
eTrust-Vet 30.7.3574 04.17.2007 no virus found
Ewido 4.0 04.17.2007 no virus found
FileAdvisor 1 04.18.2007 no virus found
Fortinet 04.17.2007 W32/CONSTKIT.X!tr
F-Prot 04.17.2007 no virus found
F-Secure 6.70.13030.0 04.18.2007 no virus found
Ikarus T3.1.1.5 04.17.2007 Trojan-Spy.Win32.Banker.AKX
Kaspersky 04.18.2007 no virus found
McAfee 5011 04.17.2007 no virus found
Microsoft 1.2405 04.18.2007 no virus found
NOD32v2 2199 04.17.2007 no virus found
Norman 5.80.02 04.17.2007 no virus found


thanks thats great!



whats the password for the zip ?! of the malware.exe


the password is infected


what are the fields for i cant understand with question marks, thank you for your help

The first text box should be

The first text box should be asking for the domain where your exe file is stored.
Second text box should be where the exact url where your exe file is.
Left buttons says that 3 files are dropped - 1 html and 2 jpgs.
Right button says you are welcome to use this program, please contact

could i be patch against it ?

Hi thank you for the reply and your interesting program after i uploaded the exe and the 2 jpgs to the server i tested it but it did not execute the program i uploaded am i doing something wrong or am i patch against the vulnerability or what, heres a more detailed description of what i did: i extracted your program to my documents i executed it, in the first field i introduce the domain and folder where the exe is, on the 2 field i introduce the very same address but with the programs name at the end just like in the example it shows when i start the program, thiers a testing executable in the very same address i wrote in field number 2 then i uploaded the 2 jpgs to the same folder as the exe and finally i run the index.htm from my documents but it didnt work, thank you in advance !

you can open the jpg files

you can open the jpg files in hex editor to make sure that it contains the url which you have entered. just by opening the jpg file in an unpatched windows environment will trigger the exploit to download and execute files which you have stated in the program.

I change the jpg file extension

I change the jpg file extension to .txt i open it and scrolled to the end and i saw the complete address of the exe file i dont know if thats enough to confirm or i have to download a hex editor, i open both jpg file and stil no download i guess iam already patch against it any further help would be appreciated, thank you

your machine should be

your machine should be patched in that case. try it on vm with an unpatched xp.

Link is not active

m new here the link is not active i am unable to download!

Any Reason.?

Search for the MD5 sum

You'll need to search for the MD5 in question, specifically 66b803e2903afbd00642193b2ba63a29 from the original post.