OTHER MALWARES Part 11

Publié le par SSTA



-Backdoor Aladino: P1/P2









-Backdoor Clindestine.152.a: P1/P2





Symantec? never heard of that...





-Backdoor.Yuri (DrWeb and Panda have the more appropriated name): P1/P2












The "disable Task manager" choosed for the server is easily detected and blocked:






-Backdoor Zdmon: P1/P2









-BrainBot: P1/P2

For this malware, F-Prot scanner engine has the appropriate name (the server file is a script, and is classified as a P2P Worm by some editors).












-Cybernetic Rat/Backdoor Darkmoon.bx (Kav): P1/P2






We choose to use SVCHOST.EXE as the server name:





We enable the killing option (in our case AVP.exe for Kaspersky antivirus):





We choose the AciveX start up option, to make job more difficult( for the AV:




We choose the Kaspersky AV icon, that could be interesting to infect a  victim via social engineering attack by mail or MSN/Yahoo messenger ( "hé i have a version of KAV 7 beta, blah blah and blah blah...):













As we have chosen the ActiveX option and not the run key:






-Backdoor Eclipse: P1/P2







-Trojan Spy Inet20.b: P1/P2










-Trendy Nigger Trojan (TNT): P1/P2










-Backdoor Win32.bca: P1/P2




We create a server as a tribute to a famous and "genius" football player called Materazzi...






-Trojan Downloader Win32.Small.cyn (Ikarus): P1/P2



Complete scanning result of "sferhtemp.exe", received in VirusTotal at 05.28.2007, 19:22:31 (CET).

Antivirus Version Update Result
AhnLab-V3 2007.5.29.0 05.28.2007  no virus found
AntiVir 7.4.0.27 05.28.2007 HEUR/Crypted
Authentium 4.93.8 05.23.2007  no virus found
Avast 4.7.997.0 05.28.2007  no virus found
AVG 7.5.0.467 05.28.2007  no virus found
BitDefender 7.2 05.28.2007 DeepScan:Generic.Malware.G!IFM!Yddldprng.A0E89207
CAT-QuickHeal 9.00 05.28.2007 (Suspicious) - DNAScan
ClamAV devel-20070416 05.28.2007  no virus found
DrWeb 4.33 05.28.2007  no virus found
eSafe 7.0.15.0 05.28.2007 Suspicious Trojan/Worm
eTrust-Vet 30.7.3670 05.28.2007  no virus found
Ewido 4.0 05.28.2007  no virus found
FileAdvisor 1 05.28.2007  no virus found
Fortinet 2.85.0.0 05.28.2007 suspicious
F-Prot 4.3.2.48 05.25.2007  no virus found
Ikarus T3.1.1.8 05.28.2007 Trojan-Downloader.Win32.Small.cyn
Kaspersky 4.0.2.24 05.28.2007  no virus found
McAfee 5040 05.28.2007  no virus found
Microsoft 1.2503 05.28.2007  no virus found
NOD32v2 2293 05.27.2007  no virus found
Norman 5.80.02 05.28.2007  no virus found
Panda 9.0.0.4 05.28.2007  no virus found
Prevx1 V2 05.28.2007  no virus found
Sophos 4.18.0 05.28.2007 Mal/Basine-C
Sunbelt 2.2.907.0 05.26.2007  no virus found
Symantec 10 05.28.2007  no virus found
TheHacker 6.1.6.124 05.28.2007  no virus found
VBA32 3.12.0 05.28.2007  no virus found
VirusBuster 4.3.23:9 05.28.2007  no virus found
Webwasher-Gateway 6.0.1 05.28.2007 Heuristic.Crypted


Aditional Information
File size: 35120 bytes
MD5: c6ad18b48cec1cc25f0706c8e538756f


Here again undetected by the file antivirus protection (black list), catched by the proactive module:



Mister Windows does not like executables which try to corrupt its integrity:










Publié dans KASPERSKY 6 TEST

Commenter cet article