New Win32.Alureon variant not detected by avast [SOLVED]

See: http://anubis.iseclab.org/?action=result&task_id=1446b5a250775d9c485d8663bd6b920c1&format=html
VT results: http://www.virustotal.com/file-scan/report.html?id=a99aa275cd539f17cfdd9483eccdd2926767ebce923274d7bc8753d96fe0068f-1312832335

Reported to virus AT avast dot com

polonus

Good job polonus i think avast! will be glad to hear that. :wink:

Hi MrAgent,

Especially while it is packed with FLY-CODE, where Control flow analysis is hindered by malware hiding the real code and contents, see here where the malware comes undetected:
http://www.garyshood.com/virus/results.php?r=2da115a9f4e4667fb437f11bf2c5d41f
and in the anubis analysis we find this alureon characteristic: “x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\​comctl32.dll” unresolved import
One of three mutexes = critopmutex. which tries to connect out etc. etc.

polonus

Hi forum friends.

Well again the avast Network shield blocks the malicious url as URL:Mal and the avast users have been protected all the time. Forum friends, the shields are the avast av solution’s gems, really they are,

polonus

Howdy Pol,

What do you mean “new”,what are the major changes compared to a “daily” Tdss infection?

ThreatExpert
http://www.threatexpert.com/report.aspx?md5=2da115a9f4e4667fb437f11bf2c5d41f

Hi Left123,

This is proof of a quite new one or partially new:
http://www.virustotal.com/file-scan/report.html?id=a99aa275cd539f17cfdd9483eccdd2926767ebce923274d7bc8753d96fe0068f-1312832335
Threat-Expert analysis:
File MD5: 0x2DA115A9F4E4667FB437F11BF2C5D41F;
File SHA-1: … %Temp%\2.tmp, 163840 bytes
unique and first seen here;
RGI4.TMP is unknown, probably legitimate
First seen June 1st 2011
MD5 of RGI4.TMP = 8DDC22056678464374DBD9BF8EFBFDA4
RGI4.TMP size is 85018 bytes.
Full path on a computer: %TEMP%\RGI4.TMP
E5\index.dat, 16384 bytes, MD5: 0x50CC4803AC4953D1B21A4120D4EC4669. SHA-1:
also first seen here.

polonus