Hi malware fighters,
Malware detected here: htxp://www.ideogramma.net/jaccise/full/J-Accise.exe
malcode known as: backdoor trojan…
See: http://wepawet.iseclab.org/view.php?hash=14ed47c73754259110886c7d044bcf4b&t=1275946171&type=js
polonus
Hi malware fighters,
Malware detected here: htxp://www.ideogramma.net/jaccise/full/J-Accise.exe
malcode known as: backdoor trojan…
See: http://wepawet.iseclab.org/view.php?hash=14ed47c73754259110886c7d044bcf4b&t=1275946171&type=js
polonus
Hi malware fighters,
Another one found on this Brazilian site:
danilodonadeli.kit.net
Domain Hash aaa66a8fbfcb9b5c0e6e4098d2a1ff24
IP Address 201.7.184.2
IP Hostname -
IP Country BR (Brazil)
AS Number 28604
AS Name TV GLOBO LTDA
Threat Name: PHP.Backdoor.Trojan
Location: htxp://www.danilodonadeli.kit.net/
Threat Name: PHP.Backdoor.Trojan
Location: htxp://www.danilodonadeli.kit.net/favicon.ico
Also detected here: http://www.mywot.com/en/scorecard/danilodonadeli.kit.net
polonus
VirusTotal - danilodonadeli.kit.net.htm - 3/41
http://www.virustotal.com/analisis/d3e4917e75abc2e9b2391cab1e54134f5be9074c097f9d2c9da74bad0bbb0de6-1276554027
VirusTotal - favicon.ico - 3/41
http://www.virustotal.com/analisis/d3e4917e75abc2e9b2391cab1e54134f5be9074c097f9d2c9da74bad0bbb0de6-1276554032
Hi Pondus,
Where is avast detection? We have to check again within a few days,
polonus
Hi malware fighters,
Another backdoor found on this Chinese site: Threat Name: Backdoor.Tidserv
Location: htxp://www.russianmomds.ru/dogma.exe
Active content was blocked due to digital signature violation
The violation is Missing Digital Signature
The analyzed resource contains one or more syntax errors.
hxtp://www.russianmomds.ru/dogma.exe PE32 executable for MS Windows (GUI) Intel 80386 32-bit 35164a99caf83a240f302967b76c4d74
See:
http://www.virustotal.com/analisis/bd9bf9ebdaef2511cd684da0469ceb7d2840eef6764747d4e38720886511880b-1275987396
where avast does not detect it…
analysis here: htxp://jsunpack.jeek.org/dec/go?report=fae7cef75c70a450942d681a12b050fca3e0a6db
On the malware file read: http://www.prevx.com/filenames/X2126548755673220298-X1/DOGMA.EXE.html
http://www.threatexpert.com/report.aspx?md5=b9ba7af9ce0fb149a4d14b664ecdaffe
cloaked malware…
polonus
where avast does not detect it..updated scan......different md5 then the one you show...?
VirusTotal - dogma.exe - 14/41
http://www.virustotal.com/analisis/56e43a91ea3870e162ab6da98d32381433799c6f9f5ec8d145094d158eb0e124-1276727175
Hi Pondus,
Attentively flagged, now waiting for a better detection rate on the Malscript malware in the other thread,
just over 38% detection rate for avast now…
http://forum.avast.com/index.php?topic=60161.msg513406#msg513406
polonus