MSIL/TrojanDropper.Agent.EZ - not found by avast

hi,
i found that avast isn’t sensitive to a file that’s made by a keylogger.
but it’s found as a trojan by avg and nod32.
dl link of file : hxxp://up.iranblog.com/images/17sgautb8j7xqlwwkrv.rar

was a report.

Hi munge the link so the unaware may not click on it and get themselves infected, put link address like hxtp://etc.

Mail this file link to virus AT avast.com so detection can be added.
See:
http://www.virustotal.com/url-scan/report.html?id=06f068efe429ab1f8b6ff8898dd69043-1302445468
malware site, other malware also detected here: http://safeweb.norton.com/report/show?url=htxp://up.iranblog.com/images/criqw8irqh2azku1lze7.jpg
Web Attack: Suspicious Executable Image Download
Site has PUA-PackedASPack here: hxtp://up.iranblog.com/images/3bqsuiykurdhhq0s2ahx.rar
http://www.virustotal.com/file-scan/report.html?id=d32abe62c76f3a9ef2946cc9b5cbb1dcb554031947c2efee470a6873cfd28150-1302357812
BackdoorWin32Armageddon here: hxtp://up.iranblog.com/images/pp23ljo3m69q0r3jvm5.zip
http://www.virustotal.com/file-scan/report.html?id=24e120374f56cccea10e477d8a34d675ff53cdcdbc7bd41948a91d8ba77f26ca-1301716884 (2 detections, not detected by avast)
and TR/Spy.131072.128 here: htxp://www.up.iranblog.com/images/d0xuepaexh8vimf8eyx.rar
this one is detected by avast as Win32:Trojan-gen, see:
http://www.virustotal.com/file-scan/report.html?id=e1be077fd8b727956e0b5326751c2d5bc57c70a9f39bfbfbf89655d1dad8f877-1301653330

Anyway thanks for reporting,

polonus

Looks suspicious as it would not run in a VM - so break the link please

2siamak.exe - 2/20
MD5: a74e558d0a0c61bff5e08399de8aa13b
http://virusscan.jotti.org/en/scanresult/bcd4aa7b635d776b519f174fb3cbac129d8c3cde/97aa367376f572704cecb70aec9706ca34e8f310

Hi essexboy,

Why these x-rar files do not open up in a virtual machine? application/x-rar
Reported some here and see a lot of these malcreations on the Internet lately going under the av-radar!
For this one, see: htxp://jsunpack.jeek.org/dec/go?report=d48f8e16e8939bfd9a72f8a997691013910d2b0a
(only go there when you are security aware, sandboxed and have ample script blocking)
list of javascripts included:
source/includes/genjscript.js (a so-called multi-hoster script)
htxp://up.iranblog.com/style.js
htxp://www.google-analytics.com/urchin.js

pondus; QuicTime malware?

pol

i sent the file to Avast AT,
anyhow when the chosen keylogger configurations are set and ur file is made, it can be harmful.

urs sincerely

also undetected by Malwarebytes, will upload :wink: