119.59.8(4).51/soft.exe

Note: The (4) should just be 4

Is this site dangerous? Is the downloaded file dangerous? I’ve run it inside my VM. Nothing showing… Hmmm

File is blocked by Evo-Gen.

4/46 on Virustotal: https://www.virustotal.com/en/file/aa347c6f57ee2560b103970eec929ae13f77f00fe6ebb2bb657d960e46b843d1/analysis/1383171367/
Zulu: http://zulu.zscaler.com/submission/show/44f587d9054b0dee3cb10d4621e02055-1383171757 Malicious
Malwr: https://malwr.com/analysis/MmYyOTFkYmE2NzFkNDhhZDg0NmJlY2U4NWEzNzQ1OTk/

Hi alan1998,

What Steven Winderlich has said is true, because first thing I see is a server redirect Code: 404, Content cannot be read! because of that naturally.
On urlquery dot net a scan flags an IDS alert for ET INFO Exectuable Download from dotted-quad Host
From yesterday we have the Malwr Cuckoo scan report: https://malwr.com/analysis/NmYyZjNjMTRjNGQzNDc2ZWJhYTM4ODRiNjNmNjVhMmY/
We already have 6 detections on VT file results: https://www.virustotal.com/nl/file/b2ae99c8a9f68817eceb2782445c1b74d8bad87ff6a2c8b7374f7584347e7d58/analysis/1383103194/
and avast detects this malware as Win32:Rootkit-gen [Rtk]
So stay away from that site, folks…and good we are being protected against this,
because sucuri misses this alltogether: http://sitecheck.sucuri.net/results/119.59.84.51/soft.exe
and it is missed here: http://evuln.com/tools/malware-scanner/119.59.84.51/ & here: http://www.quttera.com/detailed_report/119.59.84.51
Only old zulu zscaler flags as 100/100% malicious → http://zulu.zscaler.com/submission/show/44f587d9054b0dee3cb10d4621e02055-1383172219
Could there be a minor chance this to be a false positive on the packed by FLY-CODE?

Damian

File is now detected as Win32:Malware-Gen