Hi all,
received this through Outlook Express email; I have not opened it, but I did download it to my HDD
to check it out. Would avast! like a copy of this file,
which certainly appears to be suspicious:
https://www.virustotal.com/en/file/2f72be4b354d417cab3c01c2429c49e7d462dfe7b3136071cba3af570ed3f2b3/analysis/1384880734/
First submission 2013-11-19 15:55:07 UTC ( 1 hour, 15 minutes ago )
Could be new malware.
Can you upload the file at wikisend.com and send me the link in a private message?
You can send files to virus@avast.com Subject: missed sample In an password protected zip archive Password: infected
You could also upload the file here and we can see what its doing: https://malwr.com/submission/
Hi Steven,
here’s the analysis
https://malwr.com/analysis/NjQ5ODU3YTBkNjg3NDgxNWI1ZGUyMmM2MjhkZWY5Zjk/
Thanks. 
Now Kaspersky is detecting it : https://www.virustotal.com/en/file/2f72be4b354d417cab3c01c2429c49e7d462dfe7b3136071cba3af570ed3f2b3/analysis/1384881695/
And Malwr: file is reaching out to some internet adresses: https://malwr.com/analysis/OTEyMTgzN2Q5YzJlNDdlN2IwNDc4MTMwODhhMjY3MjU/
File is reported to Avast.
It came through my ISP’s email, which is rare - I get very, very little spam from them.
I guess they have good filters. This message said something about “you have two voice mail messages waiting”
Which is obviously suspicious since I don’t subscribe to any such service.
Yep, thats malicious.
I had a fake paypal mail in my Gmail some time.
And my grandma got 2 malicious zip attachments via mail some weeks ago.
And i just killed my Explorer with a context scan of the file. 
auto added by Norman analyzer G2 as Suspicious_Gen4.FJJGX
Norman Sandbox
ThreatExpert http://www.threatexpert.com/report.aspx?md5=b8757664d4589ae1b7b77d23dbbe6d5d
Now Emsisoft is detecting it too: https://www.virustotal.com/en/file/2f72be4b354d417cab3c01c2429c49e7d462dfe7b3136071cba3af570ed3f2b3/analysis/1384892019/
Its detected as downloader.
Does avast! have any plans to detect it,
or do some further tests need to be done?
Casn you email that file to me in a Password protected RAR file to (Deleted)
Password: infected
I’m going to be running it in my VM to see what changes it makes etc.
Thanks!
Suspect files should only be sent directly to avast for analysis. Not to other forum members.
The forums shouldn’t become a quasi malware distribution source.
Use the avastUI > Help > Feedback - Submit to virus lab… to send the suspect file to the labs, you could also give a link to this topic.
alan1998 I’ve sent you a private message.
DavidR, I no longer have the file, but Steven Winderlich looked at it earlier.
I though he would put it where it need to go?
No files, malicious or otherwise, should be sent to other forum members. One possible outcome of this is a scenario where malicious attachments are sent out on purpose en masse to other members. We do not want to encourage that ever happening here.
@ alan1998, you might want to remove your email address to prevent spam from malicious email harvesters.
@ davexnet And yes, from what I see, this attachment is malicious. And it is new. You did right to report it to avast! and then delete it from your system.
Removed. Should’ve known not to put that there. Thanks
No problem, generally it isn’t a good idea to publish your email on a publicly available web site unless you don’t mind it being harvested by some bot.
File is now detected as Win32:Malware-Gen.
Good work Avast.
Actual Virustotal Scan: https://www.virustotal.com/en/file/2f72be4b354d417cab3c01c2429c49e7d462dfe7b3136071cba3af570ed3f2b3/analysis/1384963374/
Only 14 out of 47 are detecting it now.
This malware is Detected by MBAM now. Trojan.Mail.ZB.
More notable About every 2 ish minutes it tries to call home at hxxp://menaged-recognition.com/joomla3.575/css/
Polonus, Would you do the honours of saying everything that is wrong with that site?
Just malware. 