DrWeb URL checker detects:
Checking: -http://up4.iranblog.com/images/c5n5am2zqc2jdfb1i3o.zip
Engine version: 5.0.2.3300
Total virus-finding records: 2849424
File size: 346.52 KB
File MD5: bb83b26222e92acb56dfc499732c006a

-http://up4.iranblog.com/images/c5n5am2zqc2jdfb1i3o.zip - archive ZIP

-http://up4.iranblog.com/images/c5n5am2zqc2jdfb1i3o.zip/cat.nfo - Ok
-http://up4.iranblog.com/images/c5n5am2zqc2jdfb1i3o.zip/FILE_ID.DIZ - Ok
–http://up4.iranblog.com/images/c5n5am2zqc2jdfb1i3o.zip/Zzee.php.gui.3.1.0.serial.maker.by.cat.exe packed by UPX

-http://up4.iranblog.com/images/c5n5am2zqc2jdfb1i3o.zip/Zzee.php.gui.3.1.0.serial.maker.by.cat.exe infected with Trojan.PWS.Siggen.30660

See VT results: http://www.virustotal.com/url-scan/report.html?id=4b48506b596e481bff6c6276b5a8bfd0-1322678529
&
http://www.virustotal.com/file-scan/report.html?id=d0e1f6c4f2a2013c4c62f6099b4ac6c8de49794ccf542437268ce4502ffdd694-1322682327

Also: http://vscan.urlvoid.com/analysis/bb83b26222e92acb56dfc499732c006a/YzVuNWFtMnpxYzJqZGZiMWkzby16aXA=/

polonus

Good catch…!!

Another analysis of this malware: http://threatcenter.crdf.fr/?More&ID=54649&D=CRDF.Trojan.Exploit.PDF.1416654913

polonus

Hello,
should be detected in next VPS update (111201-0).

Milos

Thanks Milos…!

Yes, we have detection for it now: http://www.virustotal.com/file-scan/report.html?id=d0e1f6c4f2a2013c4c62f6099b4ac6c8de49794ccf542437268ce4502ffdd694-1322728270
avast detects as Win32:Nebuler-AM [Trj]

polonus