DrWeb URL checker detects: Checking: -http://up4.iranblog.com/images/c5n5am2zqc2jdfb1i3o.zip Engine version: 5.0.2.3300 Total virus-finding records: 2849424 File size: 346.52 KB File MD5: bb83b26222e92acb56dfc499732c006a
-http://up4.iranblog.com/images/c5n5am2zqc2jdfb1i3o.zip - archive ZIP
-http://up4.iranblog.com/images/c5n5am2zqc2jdfb1i3o.zip/cat.nfo - Ok -http://up4.iranblog.com/images/c5n5am2zqc2jdfb1i3o.zip/FILE_ID.DIZ - Ok –http://up4.iranblog.com/images/c5n5am2zqc2jdfb1i3o.zip/Zzee.php.gui.3.1.0.serial.maker.by.cat.exe packed by UPX -http://up4.iranblog.com/images/c5n5am2zqc2jdfb1i3o.zip/Zzee.php.gui.3.1.0.serial.maker.by.cat.exe infected with Trojan.PWS.Siggen.30660
-http://up4.iranblog.com/images/c5n5am2zqc2jdfb1i3o.zip/cat.nfo - Ok -http://up4.iranblog.com/images/c5n5am2zqc2jdfb1i3o.zip/FILE_ID.DIZ - Ok –http://up4.iranblog.com/images/c5n5am2zqc2jdfb1i3o.zip/Zzee.php.gui.3.1.0.serial.maker.by.cat.exe packed by UPX
-http://up4.iranblog.com/images/c5n5am2zqc2jdfb1i3o.zip/Zzee.php.gui.3.1.0.serial.maker.by.cat.exe infected with Trojan.PWS.Siggen.30660
See VT results: http://www.virustotal.com/url-scan/report.html?id=4b48506b596e481bff6c6276b5a8bfd0-1322678529 & http://www.virustotal.com/file-scan/report.html?id=d0e1f6c4f2a2013c4c62f6099b4ac6c8de49794ccf542437268ce4502ffdd694-1322682327
Also: http://vscan.urlvoid.com/analysis/bb83b26222e92acb56dfc499732c006a/YzVuNWFtMnpxYzJqZGZiMWkzby16aXA=/
polonus
Good catch…!!
Another analysis of this malware: http://threatcenter.crdf.fr/?More&ID=54649&D=CRDF.Trojan.Exploit.PDF.1416654913
Hello, should be detected in next VPS update (111201-0).
Milos
Thanks Milos…!
Yes, we have detection for it now: http://www.virustotal.com/file-scan/report.html?id=d0e1f6c4f2a2013c4c62f6099b4ac6c8de49794ccf542437268ce4502ffdd694-1322728270 avast detects as Win32:Nebuler-AM [Trj]