A suspicious scan result found here: http://wepawet.iseclab.org/view.php?hash=43e850834792ea99c467757b44f4577d&t=1306330517&type=js
With accompanying Anubis report here: http://anubis.iseclab.org/?action=result&task_id=128a2f2b2c385df0465e3146c3efc90b0
This malcode URL was scanned against various online URL scanners (stand alone & meta scanners)
with the following scan results (changes in Regmon log, Delphi bug? file modification only…)
Possibly we have a Borland Delphi Packer detection, could be classified as PUP,
that is why we have the conflicting results and only three detections of scanners that cannot scan this properly in the VT results.
ScanThis results: Clean
Your file was not found to be infected with any known viruses;
LinkScanner® Online did not find any exploits;
URLVoid dangerous: http://www.urlvoid.com/scan/i.cr3ation.co.uk
Unmasked parasites: This page seems to be
8 hidden external links found.
Sucuri Site Check:
web site:
-http://i.cr3ation.co.uk/dl/s1/exe/spinnen.exe
status:
Site verified to be secure and free of malware.
web trust:
Site not blacklisted.
The site URL -http://i.cr3ation.co.uk/dl/s1/exe/spinnen.exe has been successfully scanned.And No Malware or badwares found.
DrWeb says clean:
Checking: -http://i.cr3ation.co.uk/dl/s1/exe/spinnen.exe
Engine version: 5.0.2.3300
Total virus-finding records: 2125819
File size: 3.03 MB
File MD5: 57ca7edd2a413697103d08bcb90bd84c
-http://i.cr3ation.co.uk/dl/s1/exe/spinnen.exe packed by ZLIB
-http://i.cr3ation.co.uk/dl/s1/exe/spinnen.exe - archive BINARYRES
-http://i.cr3ation.co.uk/dl/s1/exe/spinnen.exe/data001 - Ok
-http://i.cr3ation.co.uk/dl/s1/exe/spinnen.exe/data002 - Ok
-http://i.cr3ation.co.uk/dl/s1/exe/spinnen.exe/data003 - Ok
-http://i.cr3ation.co.uk/dl/s1/exe/spinnen.exe - Ok
and http://www.garyshood.com/virus/results.php?r=57ca7edd2a413697103d08bcb90bd84c
File Size: 3,177,020 bytes File is clean 4 x
Finally the VT results of the exe file scan:
http://www.virustotal.com/file-scan/report.html?id=3f60cfc0dae8dcc133dadfebe6cce2fbffc89f93c20c762b3bd94edbebee69b6-1306330102
polonus