See: https://urlquery.net/report.php?id=6861528 (archive ZLIB file)
and https://www.virustotal.com/nl/url/aa5822f4a26b8452fb4af2a01c9bc826e8154c1ec4c335c5ef2bf9d5c8779831/analysis/
and https://www.virustotal.com/nl/file/8af249ca875777ed06642f26d00e25375f7ec39b7717003a55d4d55614378efa/analysis/1381406664/
See:
tedut.com/sqliteboy.exe benign
[nothing detected] [MZ] tedut dot com/sqliteboy.exe
status: (referer=http:/www.ask.com/web?q=puppies)saved 5642644 bytes fe76019eea1dd16428f619712bab3b30addc8b0a
info: [0] executable file
info: [decodingLevel=0] found JavaScript
error: line:3: SyntaxError: missing ; before statement:
error: line:3: MZ@!L!This program cannot be run in DOS mode.
error: line:3: ^
suspicious:

See analysis of the executable here:
N.B. http://anubis.iseclab.org/?action=result&task_id=1a1c563ffcb918f241d807d125df0a865&format=html
Found in Windows Vista registry
Registered class: CActiveIMMAppEx_Trident
Inproc sever: C:\Windows\system32\msimtf.dll (product: Microsoft® Windows® Operating System,version 6.0.6000.16386)
msimtf.dll can be easily infected by virus Backdoor:Win32/Delf.FK and spyware Program:Win32/CaiFu for illegal purpose.
http://www.autohotkey.com/docs/misc/CLSID-List.htm → FileSelectFolder, OutputVar, ::{20d04fe0-3aea-1069-a2d8-08002b30309d} ; Select a folder within My Computer.
HKU\​S-1-5-21-842925246-1425521274-308236825-500 abused by spammers

polonus

scanned now, still only 3/47 First submission 2013-09-14 20:25:13 UTC ( 1 måned siden )
https://www.virustotal.com/nb/file/8af249ca875777ed06642f26d00e25375f7ec39b7717003a55d4d55614378efa/analysis/1381962757/

to big for ThreatExpert
comodo
http://camas.comodo.com/cgi-bin/submit?file=8af249ca875777ed06642f26d00e25375f7ec39b7717003a55d4d55614378efa

Hi Pondus,

Thank you for your reply. Well I found out that there is a way to inject a backdoor here as I described. But it is also possible that it is a general detection of sorts that later can be explained away as a false positive. I would treat it as a suspicious file for the time being. Interesting to hear the final verdict. Cannot you upload it to Norman’s? Maybe we have stumbled upon something here, Pondus,

pol

Cannot you upload it to Norman's? Maybe we have stumbled upon something here, Pondus,

EDIT: well it seems they have seen the file before

Created: 2013-09-14 20:26:21 Last Seen: 2013-10-11 04:19:41 Last Processed: 2013-10-16 23:50:59

so i guess clean, but have to wait for any comments until tomorrow

result from Norman lab … file is clean

Hi, This is a simple c++ file. Its a clean file. Thanks

Files: sqliteboy.exe: Not Detected

Hi Pondus,

Then it is clear it has not been injected or has been cleansed,

pol