Dear Avast,
This is a report that virustotal.com has detected the Comprovante.exe Trojan at the following webpage:
hxxp://www.statelinefastpitch.com.
Here is the report:
If the above link does not work, here are the Virus Total scan results for this malware:
File name: Comprovante.exe
Submission date: 2011-04-07 18:28:31 (UTC)
Current status: finished
Result: 13 /40 (32.5%)
VT Community
malware
Safety score: 0.0%
Compact Print results Antivirus Version Last Update Result
AhnLab-V3 2011.04.08.00 2011.04.07 -
AntiVir 7.11.6.4 2011.04.07 TR/Spy.Banker.LW.85
Antiy-AVL 2.0.3.7 2011.04.06 -
Avast 4.8.1351.0 2011.04.07 -
Avast5 5.0.677.0 2011.04.01 -
AVG 10.0.0.1190 2011.04.07 PSW.Generic8.BKFK
BitDefender 7.2 2011.04.07 Dropped:Trojan.Generic.5781220
CAT-QuickHeal 11.00 2011.04.07 -
ClamAV 0.97.0.0 2011.04.07 -
Commtouch 5.2.11.5 2011.04.06 -
Comodo 8256 2011.04.07 -
DrWeb 5.0.2.03300 2011.04.07 -
eSafe 7.0.17.0 2011.04.04 -
eTrust-Vet 36.1.8258 2011.04.07 -
F-Prot 4.6.2.117 2011.04.07 -
F-Secure 9.0.16440.0 2011.04.07 -
Fortinet 4.2.254.0 2011.04.07 -
GData 22 2011.04.07 -
Ikarus T3.1.1.103.0 2011.04.07 Trojan-Spy.Win32.Banker
Jiangmin 13.0.900 2011.04.07 -
K7AntiVirus 9.96.4320 2011.04.07 -
McAfee 5.400.0.1158 2011.04.07 Generic PWS.y!dab
McAfee-GW-Edition 2010.1C 2011.04.07 Generic PWS.y!dab
Microsoft 1.6702 2011.04.07 TrojanSpy:Win32/Banker.LW
NOD32 6023 2011.04.07 probably a variant of Win32/Spy.Delf.OJR
Norman 6.07.07 2011.04.07 -
Panda 10.0.3.5 2011.04.07 -
PCTools 7.0.3.5 2011.04.07 -
Prevx 3.0 2011.04.07 -
Rising 23.52.03.06 2011.04.07 -
Sophos 4.64.0 2011.04.07 -
SUPERAntiSpyware 4.40.0.1006 2011.04.06 Trojan.Agent/Gen-Banload
Symantec 20101.3.2.89 2011.04.07 -
TheHacker 6.7.0.1.168 2011.04.07 -
TrendMicro 9.200.0.1012 2011.04.07 TSPY_BANKER.SMAW
TrendMicro-HouseCall 9.200.0.1012 2011.04.07 TSPY_BANKER.SMAW
VBA32 3.12.14.3 2011.04.07 TrojanDownloader.Banload.bblx
VIPRE 8949 2011.04.07 Trojan.Win32.Generic!BT
ViRobot 2011.4.7.4398 2011.04.07 -
VirusBuster 13.6.293.1 2011.04.07 -
Additional informationShow all
MD5 : de6963a89ac914772e9badebc9519943
SHA1 : 3d0d2d27c9abca39491556b579072fcb09c7be8f
SHA256: bc8b9da1cec4dd77cfb4136698b0c06be7dfb06c75bb5963f90d75c4e531c0c3
ssdeep: 6144:mu2urzh9xu/Xkau/8V0RD1qdpMHQz3E399wls58FloyCr1tz5nnKG+:mutrzh9xOXkUV0V
QEtSlrXCzz5nc
File size : 300689 bytes
First seen: 2011-04-06 17:59:52
Last seen : 2011-04-07 18:28:31
Magic: PE32 executable for MS Windows (GUI) Intel 80386 32-bit
TrID:
Win64 Executable Generic (59.6%)
Win32 Executable MS Visual C++ (generic) (26.2%)
Win32 Executable Generic (5.9%)
Win32 Dynamic Link Library (generic) (5.2%)
Generic Win/DOS Executable (1.3%)
sigcheck:
publisher…: n/a
copyright…: n/a
product…: n/a
description…: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments…: n/a
signers…: -
signing date.: -
verified…: Unsigned
PEiD: -
packers (F-Prot): RAR
PEInfo: PE structure information
[[ basic data ]]
entrypointaddress: 0xA7B1
timedatestamp…: 0x4B9DD366 (Mon Mar 15 06:27:50 2010)
machinetype…: 0x14C (Intel I386)
[[ 5 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
.text, 0x1000, 0x1076E, 0x10800, 6.58, 8e6577c8c479f3e85e7fa573af92977e
.rdata, 0x12000, 0x1865, 0x1A00, 5.33, 4ec1c384a6c5f398ea7ca4031012f2d6
.data, 0x14000, 0xBFF4, 0x200, 3.55, 0ebca16960628061dcf3807fd384d9e9
.CRT, 0x20000, 0x10, 0x200, 0.21, a74a099866bd9750c2aa37309234732b
.rsrc, 0x21000, 0x3E60, 0x4000, 5.23, 8aabefb1e4cfa5dd14c4d7fe514d0403
[[ 9 import(s) ]]
advapi32.dll: LookupPrivilegeValueA, RegOpenKeyExA, RegQueryValueExA, RegCreateKeyExA, RegSetValueExA, RegCloseKey, SetFileSecurityW, SetFileSecurityA, OpenProcessToken, AdjustTokenPrivileges
comctl32.dll: -
comdlg32.dll: GetSaveFileNameA, CommDlgExtendedError, GetOpenFileNameA
gdi32.dll: GetDeviceCaps, GetObjectA, CreateCompatibleBitmap, SelectObject, StretchBlt, CreateCompatibleDC, DeleteObject, DeleteDC
kernel32.dll: DeleteFileA, DeleteFileW, CreateDirectoryA, CreateDirectoryW, FindClose, FindNextFileA, FindFirstFileA, FindNextFileW, FindFirstFileW, GetTickCount, WideCharToMultiByte, MultiByteToWideChar, GetVersionExA, GlobalAlloc, lstrlenA, GetModuleFileNameA, FindResourceA, GetModuleHandleA, HeapAlloc, GetProcessHeap, HeapFree, HeapReAlloc, CompareStringA, ExitProcess, GetLocaleInfoA, GetNumberFormatA, lstrcmpiA, GetProcAddress, GetDateFormatA, GetTimeFormatA, FileTimeToSystemTime, FileTimeToLocalFileTime, ExpandEnvironmentStringsA, WaitForSingleObject, SetCurrentDirectoryA, Sleep, GetTempPathA, MoveFileExA, UnmapViewOfFile, GetCommandLineA, MapViewOfFile, CreateFileMappingA, GetModuleFileNameW, SetEnvironmentVariableA, OpenFileMappingA, LocalFileTimeToFileTime, SystemTimeToFileTime, GetSystemTime, IsDBCSLeadByte, GetCPInfo, FreeLibrary, LoadLibraryA, GetCurrentDirectoryA, GetFullPathNameA, SetFileAttributesW, SetFileAttributesA, GetFileAttributesW, GetFileAttributesA, WriteFile, SetLastError, GetStdHandle, ReadFile, CreateFileW, CreateFileA, GetFileType, SetEndOfFile, SetFilePointer, MoveFileA, SetFileTime, GetCurrentProcess, CloseHandle, GetLastError, DosDateTimeToFileTime
ole32.dll: CreateStreamOnHGlobal, OleInitialize, CoCreateInstance, OleUninitialize, CLSIDFromString
oleaut32.dll: -
shell32.dll: ShellExecuteExA, SHFileOperationA, SHGetFileInfoA, SHGetSpecialFolderLocation, SHGetMalloc, SHBrowseForFolderA, SHGetPathFromIDListA, SHChangeNotify
user32.dll: ReleaseDC, GetDC, SendMessageA, wsprintfA, SetDlgItemTextA, EndDialog, DestroyIcon, SendDlgItemMessageA, GetDlgItemTextA, DialogBoxParamA, IsWindowVisible, WaitForInputIdle, GetSysColor, PostMessageA, SetMenu, SetFocus, LoadBitmapA, LoadIconA, CharToOemA, OemToCharA, GetClassNameA, CharUpperA, GetWindowRect, GetParent, MapWindowPoints, CreateWindowExA, UpdateWindow, SetWindowTextA, LoadCursorA, RegisterClassExA, SetWindowLongA, GetWindowLongA, DefWindowProcA, PeekMessageA, GetMessageA, TranslateMessage, DispatchMessageA, GetClientRect, CopyRect, IsWindow, MessageBoxA, ShowWindow, GetDlgItem, EnableWindow, FindWindowExA, wvsprintfA, CharToOemBuffA, LoadStringA, SetWindowPos, GetWindowTextA, GetWindow, GetSystemMetrics, OemToCharBuffA, DestroyWindow
ExifTool:
file metadata
CodeSize: 67584
EntryPoint: 0xa7b1
FileSize: 294 kB
FileType: Win32 EXE
ImageVersion: 0.0
InitializedDataSize: 24064
LinkerVersion: 9.0
MIMEType: application/octet-stream
MachineType: Intel 386 or later, and compatibles
OSVersion: 5.0
PEType: PE32
Subsystem: Windows GUI
SubsystemVersion: 4.0
TimeStamp: 2010:03:15 07:27:50+01:00
UninitializedDataSize: 0
Symantec reputation:Suspicious.Insight
VT Community
2
User:Letti.net.br
Reputation:534 credits
Comment date:2011-04-06 18:01:30 (UTC)
hxxp://www.statelinefastpitch.com/templates/system/css/comprovante.php
Tags: Malware, banker, tspy_banker, banload
Jack