Jumat, 20 Desember 2013

Posted by Ardiant Utomo
No comments | 21.07

Win32/HackTool.Inject.O

Details
Detected As Win32/HackTool.Inject.O
File Name SoundBreak v142.2.exe

PE signature block
Publisher www.billkr4z.blogspot.com
Product SoundBreak v141.8
Original name SoundBreak v142.2.exe
Internal name SoundBreak v142.2
File version 1.00
File identification
MD5 7361bcacefce5c1eefa056fad4dd8c8b
SHA1 62867937a0f771c31725d9074a39d0421d484bde
SHA256 cc8a5652ed48f1743ccccbc185bb4c098e44e6667b2df5abfd005a09c751ef28
ssdeep
3072:O6n0QrcAU3ulEwHghrt9EhV2mXFhWgyEOZosY:OacAYuGwHghp90V9XjyO
File size 120.0 KB ( 122880 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

Opened files
 Read files
 Hooking activity
 Runtime DLLs
Posted by Ardiant Utomo
No comments | 20.49

Adware/TSUploader

Risk Assessment:Home Low | Corporate Low
Date Discovered:11/14/2013
Date Added:21/12/2013
Origin:Unknown
Length:322144
Type:Program
Subtype:-
DAT Required:7258


File PropertiesProperty Values
Amzkomp DetectionAdware/TSUploader
Length322144 bytes
MD59e33fe73d8175433069cbd7d6a005fe1
SHA14c6de9415e913b75d135b4fefdf19030314d1ce7

Other Common Detection Aliases
Company NamesDetection Names
avastWin32:InstalleRex-AI [PUP]
AVG (GriSoft)Generic.2EF.
aviraADWARE/InstallRex.Gen
Kasperskynot-a-virus:Downloader.Win32.AdLoad.fwz
clamavPUA.Win32.Packer.SetupExeSection
Dr.WebAdware.Downware.1252
FortiNetRiskware/Adload
EsetWin32/InstalleRex.L application
pandaAdware/TSUploader
risingTrojan.InstallRex!562A
McAfeeRDN/Generic PUP.x!bm3

System Changes
Some path values have been replaced with environment variables as the exact location may vary with different configurations.
e.g.
%WINDIR% = \WINDOWS (Windows 9x/ME/XP/Vista/7), \WINNT (Windows NT/2000)
%PROGRAMFILES% = \Program Files

The following files were analyzed:
4C6DE9415E913B75D135B4FEFDF19030314D1CE7
The following files have been added to the system:
  • %TEMP%\{D814EF2B-7906-457A-A791-312403F7CDDD}\Readme.txt
  • %TEMP%\{D814EF2B-7906-457A-A791-312403F7CDDD}\Custom.dll
  • %TEMP%\~DF5CE1.tmp
  • %TEMP%\{D814EF2B-7906-457A-A791-312403F7CDDD}\Setup.ico
  • %ALLUSERSPROFILE%\Application Data\InstallMate\6C0731FE\cfg\1.ini
  • %TEMP%\{D814EF2B-7906-457A-A791-312403F7CDDD}\v_grey.jpg
  • %TEMP%\{D814EF2B-7906-457A-A791-312403F7CDDD}\_Setup.dll
  • %TEMP%\4C6DE9415E913B75D135B4FEFDF19030314D1CE7.log
  • %TEMP%\{D814EF2B-7906-457A-A791-312403F7CDDD}\general_logo.jpg
  • %TEMP%\{D814EF2B-7906-457A-A791-312403F7CDDD}\Setup.exe
  • %TEMP%\TsuF7B0F4A7.dll
The following files were temporarily written to disk then later removed:
  • %TEMP%\6C0731FE.dat
  • %TEMP%\down.1372.1.ini.part
  • %TEMP%\down.1372.v_grey.jpg.part
  • %TEMP%\down.1372.general_logo.jpg.part
The applications attempted the following network connection(s):
  • 198.7.61.***:80
  • hxxp://r1.stylezip.info/*****

Rabu, 11 Desember 2013

Posted by Ardiant Utomo
No comments | 18.28

W32/almanahe.b

Virus Profile:W32/Almanahe.b

  
Risk Assessment:Home Low | Corporate Low
Date Discovered:4/1/2013
Date Added:7/12/2013
Origin:Unknown
Length:48640
Type:Virus
Subtype:Win32
DAT Required:7031

  
 This is a Virus
File PropertiesProperty Values
Amzkomp DetectionW32/Almanahe.b
Length48640 bytes
MD5215f9064eb731688713a2111ff9a27bd
SHA162b34e208db7bea62a5be5e5927eaa9abd8d0039

Other Common Detection Aliases
Company NamesDetection Names
ahnlabWin32/Alman
avastWin32:Alman
AVG (GriSoft)Win32/Alman
aviraW32/Almanahe.a
KasperskyVirus.Win32.Alman.a
BitDefenderGeneric.IRCBot.87E052BB
clamavW32.Alman.cd-1
Dr.WebWin32.Alman.2
F-ProtW32/Alman.D
FortiNetW32/Alman.DB
Microsofttrojan:win32/almanahe.a.dll
SymantecW32.Spybot.Worm
EsetWin32/Alman.A virus
normanAgent.VEHZ
pandaW32/Almanahe.b
risingWin32.Almanahe.C
SophosW32/Alman-B
Trend MicroPE_ALMANAHE.A
vba32Virus.Alman.a
V-BusterWin32.Agent.HAC
Vet (Computer Associates)Win32/Almanahe.C
Other brands and names may be claimed as the property of others.

ActivitiesRisk Levels
Enumerates many system files and directories.Low
Adds or modifies a COM object.Low
Adds or modifies Internet Explorer cookiesLow
No digital signature is presentInformational

Amzkomp ScansScan Detections
Amzkomp Security EssentialsW32/Almanahe.b

System Changes
Some path values have been replaced with environment variables as the exact location may vary with different configurations.
e.g.
%WINDIR% = \WINDOWS (Windows 9x/ME/XP/Vista/7), \WINNT (Windows NT/2000)
%PROGRAMFILES% = \Program Files

The following files were analyzed:
62B34E208DB7BEA62A5BE5E5927EAA9ABD8D0039
The following files have been added to the system:
  • %WINDIR%\AppPatch\deamon.dll
  • %WINDIR%\img4851.zip
  • %WINDIR%\c_095.nls
  • %WINDIR%\winnt.exe
The following files were temporarily written to disk then later removed:
  • C:\a.bat
The following registry elements have been created:
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{C111980D-B372-44B4-8095-1B6060E8C647}\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{C111980D-B372-44B4-8095-1B6060E8C647}\INPROCSERVER32\
The following registry elements have been changed:
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{C111980D-B372-44B4-8095-1B6060E8C647}\INPROCSERVER32\THREADINGMODEL = Apartment
  • HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\AUDIO DEVICE MANAGER = WinNT.exe
Langganan: Komentar (Atom)

Most Viewed

  • Win32/HackTool.Inject.O
    Details Detected As  Win32/HackTool.Inject.O File Name  SoundBreak v142.2.exe PE signature block Publisher  www.billkr4z.blogs...
  • Adware/TSUploader
    Risk Assessment: Home  Low   |  Corporate  Low Date Discovered: 11/14/2013 Date Added: 21/12/2013 Origin: Unknown Length: 322144 Type:...
  • W32/almanahe.b
    Virus Profile: W32/Almanahe.b     Risk Assessment: Home  Low   |  Corporate  Low Date Discovered: 4/1/2013 Date Added: 7/12/...
Diberdayakan oleh Blogger.

Blogroll

About