What is Generic.EEB?

Viruses and worms
1

See: https://www.virustotal.com/nl/url/c212bf9d2e23ff1cc7cd0739012371656d04a3d3508dbe03296aad3ae82eabfb/analysis/1407345077/
See: https://www.virustotal.com/nl/file/8ae6a8ccf491e3f467ecbb6273d17f8d7a8f1075e074733a487f0989f689bdcf/analysis/1407284930/
detected as Trojan.Win32.Agent, Trojan:Win32/Agent is a generic detection for a number of trojans that may perform different malicious functions. The behaviors exhibited by this family are highly variable. For instance it can be a keylogger.
See: https://urlquery.net/report.php?id=1406206855890 IDS alert there. Served Attached HTTP warning.
IP Badness history: https://www.virustotal.com/nl/ip-address/115.29.226.120/information/
Site has HTML 5 implementation. See: http://fetch.scritch.org/%2Bfetch/?url=http%3A%2F%2Fnewware2.chinagacc.cn&useragent=Fetch+useragent&accept_encoding=
Here I get a bad gateway scan result: https://asafaweb.com/Scan?Url=newware2.chinagacc.cn
redirects via htxp://dl1sw.baidu.com/client/20140708/sdins/F0708_s_30791.exe → htxp://dl1sw.baidu.com/client/20140708/sdins/F0708_s_30791.exe

Following detections for F0708_s_30791.exe:
http://home.mcafee.com/VirusInfo/VirusProfile.aspx?key=8639676
http://home.mcafee.com/VirusInfo/VirusProfile.aspx?key=8641440

Download device can be searched as this example shows:http://www.base64online.com/hc.php?q=Cdn%20Cache%20Server%20V2.0

pol

2

@Pondus,

Generic EEB is the virus name given at MX VirusWatch Archives, this equals a Trojan.Win32.Agent (variant) for the detection of F0708_s_30791.exe. I give this info whenever this was not clear from the onset of the initial posting.
The generic virus could have various function and could get additional malware. Here it probably is a keylogger/tracker malware.
Anyone with more info on this detection.
Mind you that the download server could have been compromised, see the IDS warning given above.

Also read here: http://www.pandasecurity.com/homeusers/security-info/150191/Agent.EEB

Damian

3

https://www.virusbtn.com/vgrep/index?s=EEB#0

Avast - Win32:Malware-gen
AVG - win32:malware-gen
Avira - EXP/Pidief.eeb
Dr.Web - Adware.Downware.3527
Fortinet - W32/Agent.EEB!tr
GFI VIPRE - Trojan.Win32.Generic!BT
Ikarus - Rootkit

4

Hi Eddy,

Excellent classification, thanks,

pol