HackTool.Win32.Downloader.aX not detected?

Viruses and worms
1

See: https://www.virustotal.com/nl/url/6d02392909c44c2ce26e81c702c19d6e8681f7a69de59d043df12e4fd6d22f24/analysis/1386683523/
and https://www.virustotal.com/nl/file/53506aa3c2fdbfd3cd28574f979a4a4745964bd214742d12c5f9e633f73116ab/analysis/1386636332/

This scan with IDS alerts: http://urlquery.net/report.php?id=8304934
100% malicioius: http://zulu.zscaler.com/submission/show/74a1b6b539f152d10e033daa8887b319-1386683910
5 AV detect a general trojan downloader…
Analysis see: http://anubis.iseclab.org/?action=result&task_id=121eca11405afc464d96504c9154d4f09&format=html
Is this NSIS/TrojanDownloader.Agent.NON trojan (NSIS install htxp://jnkardh.miansu.org/kuplay.exe?_upd=tocife_276_212.exe - archive NSIS)

pol

2

This file is downloading some weird software. (Screenshot)

I ran it in the VM i used for the Brontok Worm.

3

Hi Steven Winderlich,

Well understandable and for you this seems so, as this is Chinese malcode and I think it can be classified as a fraud tool, see:
http://www.slideshare.net/trojanremoval2/hacktoolwin32-keygen-2
We have to be vigilant not to visit particular sites that install this down loader from a pre-defined server,
because that could lead to continuous reinfection whenever such a site is frequented.

polonus

4

Just sent the file to Avast.

We will see what they do about it.

5

Hi Steven Winderlich,

Good action, there is where all our detection belong->
… in the hands of the avast detection system landing at the avast team desk to evaluate further.

polonus