See: https://www.virustotal.com/nl/url/878e8bfffdb87a58f92906b972f008ead08477d611fee4bcaadb225c5bf21abc/analysis/1384791325/
see: http://urlquery.net/report.php?id=7795630
Redirects to htxp://dl1sw.baidu.com/qdmn/hetwrx_30071.exe → http://anubis.iseclab.org/?action=result&task_id=1670985c0547d1c74917fc683b31cb2d8&format=html
→ http://urlquery.net/report.php?id=7795885
polonus
Malwr: https://malwr.com/analysis/MmQ0YmVkODA5NDdlNDI0Yjk1OWNlMzA5OTNjNGIwOTc/
That file is malicious cause it steals private information from browsers.
File is a downloader.
File is reported to Avast.
File is downloading and installing Baidu Antivirus.
But as far as i know it does not look like Baidu Antivirus.
Screenshot attached.
Tend to belive this, however here nothing was found: http://www.garyshood.com/virus/ for
Seen another redirect to: htxp://209.170.78.103/dl1sw.baidu.com/qdmn/hetwrx_30071.exe?wsiphost=local
only Emisift to flag…
For that IP see what we got here: http://www.scumware.org/report/file.myfiles.com.cn
What you said, a backdoor trojan.
Some malcode out there → http://totalhash.com/network/dnsrr:*sw.baidu.com*%20or%20ip:sw.baidu.com
and in particular: http://totalhash.com/network/fiename:*hetwrx_30071.exe%20*%20or%20registry:*hetwrx_30071.exe%20*
polonus
This is the real baidu 2013 av download site: hxtp://antivirus.baidu.com/en/
pol