Dropper BUZUS.IQDL descargados por el Worm.VBNA y generadores de Backdoor.EXI y otras hierbas como el SIREFEF

Publicado el 16 noviembre 2011 ¬ 15:32 pmh.mscComentarios desactivados en Dropper BUZUS.IQDL descargados por el Worm.VBNA y generadores de Backdoor.EXI y otras hierbas como el SIREFEF

Estos BUZUS.IQDL son descargados por el worm VBNA y son generadores de Backdoors y algun que otro engendro como el ZEROACCESS SIREFEF, de armas tomar !

Controlamos estas variantes a partir del ELISTARA 24.28 de hoy

Los preanalisis con VirusTotal, ofrecen los siguientes informes:

 

File name: 0A378A8BCB6D161364B102180DA0860059B5B7B6.exe
Submission date: 2011-11-15 22:02:17 (UTC)
Current status: finished
Result: 12 /42 (28.6%)
VT Community

malware
Safety score: 0.0%
Compact Print results Antivirus Version Last Update Result
AhnLab-V3 2011.11.15.01 2011.11.15 Trojan/Win32.Buzus
AntiVir 7.11.17.176 2011.11.15 –
Antiy-AVL 2.0.3.7 2011.11.15 –
Avast 6.0.1289.0 2011.11.15 –
AVG 10.0.0.1190 2011.11.15 –
BitDefender 7.2 2011.11.15 Trojan.Generic.6897719
ByteHero 1.0.0.1 2011.11.14 –
ClamAV 0.97.3.0 2011.11.15 –
Commtouch 5.3.2.6 2011.11.15 W32/DelfCrypt.A.gen!Eldorado
Comodo 10778 2011.11.14 –
DrWeb 5.0.2.03300 2011.11.15 –
Emsisoft 5.1.0.11 2011.11.15 Trojan-Downloader.Win32.Cycbot!A2
eSafe 7.0.17.0 2011.11.15 –
eTrust-Vet 37.0.9568 2011.11.15 –
F-Prot 4.6.5.141 2011.11.15 W32/DelfCrypt.A.gen!Eldorado
F-Secure 9.0.16440.0 2011.11.15 Trojan.Generic.6897719
Fortinet 4.3.370.0 2011.11.15 –
GData 22 2011.11.15 Trojan.Generic.6897719
Ikarus T3.1.1.109.0 2011.11.15 –
Jiangmin 13.0.900 2011.11.15 –
K7AntiVirus 9.119.5466 2011.11.15 Riskware
Kaspersky 9.0.0.837 2011.11.15 –
McAfee 5.400.0.1158 2011.11.15 Generic BackDoor.uj
McAfee-GW-Edition 2010.1D 2011.11.15 –
Microsoft 1.7801 2011.11.15 –
NOD32 6633 2011.11.15 Win32/Slenfbot.AJ
Norman 6.07.13 2011.11.15 –
nProtect 2011-11-15.01 2011.11.15 –
Panda 10.0.3.5 2011.11.15 –
PCTools 8.0.0.5 2011.11.15 –
Prevx 3.0 2011.11.15 –
Rising 23.84.01.02 2011.11.15 –
Sophos 4.71.0 2011.11.15 Mal/Delf-DQ
SUPERAntiSpyware 4.40.0.1006 2011.11.15 –
Symantec 20111.2.0.82 2011.11.15 –
TheHacker 6.7.0.1.343 2011.11.15 –
TrendMicro 9.500.0.1008 2011.11.15 –
TrendMicro-HouseCall 9.500.0.1008 2011.11.15 –
VBA32 3.12.16.4 2011.11.15 –
VIPRE 11056 2011.11.15 Trojan.Win32.Generic!BT
ViRobot 2011.11.15.4774 2011.11.15 –
VirusBuster 14.1.65.0 2011.11.15 –
Additional informationShow all
MD5   : 52f42d7b3168372ea722c27cd526678a
SHA1  : 3185dc7b1776130e887da03111470b85a55307f9

File size : 156875 bytes

 

_____________
File name: e6258d826a5e11ab09a7eb308932816d
Submission date: 2011-11-16 12:04:41 (UTC)
Current status: finished
Result: 17 /42 (40.5%)
VT Community

malware
Safety score: 0.0%
Compact Print results Antivirus Version Last Update Result
AhnLab-V3 2011.11.15.01 2011.11.15 Trojan/Win32.Buzus
AntiVir 7.11.17.183 2011.11.16 –
Antiy-AVL 2.0.3.7 2011.11.16 –
Avast 6.0.1289.0 2011.11.16 Win32:Dropper-gen [Drp]
AVG 10.0.0.1190 2011.11.16 BackDoor.Generic14.BSQF
BitDefender 7.2 2011.11.16 Trojan.Generic.6897712
ByteHero 1.0.0.1 2011.11.14 –
ClamAV 0.97.3.0 2011.11.16 –
Commtouch 5.3.2.6 2011.11.16 W32/DelfCrypt.A.gen!Eldorado
Comodo 10778 2011.11.14 –
DrWeb 5.0.2.03300 2011.11.16 –
Emsisoft 5.1.0.11 2011.11.16 Trojan-Downloader.Win32.Cycbot!A2
eSafe 7.0.17.0 2011.11.15 –
eTrust-Vet 37.0.9569 2011.11.16 –
F-Prot 4.6.5.141 2011.11.16 W32/DelfCrypt.A.gen!Eldorado
F-Secure 9.0.16440.0 2011.11.16 Trojan.Generic.6897712
Fortinet 4.3.370.0 2011.11.16 W32/Delf.DQ!tr
GData 22 2011.11.16 Trojan.Generic.6897712
Ikarus T3.1.1.109.0 2011.11.16 –
Jiangmin 13.0.900 2011.11.15 –
K7AntiVirus 9.119.5466 2011.11.15 Riskware
Kaspersky 9.0.0.837 2011.11.16 –
McAfee 5.400.0.1158 2011.11.16 Generic BackDoor.uj
McAfee-GW-Edition 2010.1D 2011.11.16 Artemis!E6258D826A5E
Microsoft 1.7801 2011.11.16 –
NOD32 6634 2011.11.16 a variant of Win32/Injector.KYC
Norman 6.07.13 2011.11.16 –
nProtect 2011-11-16.01 2011.11.16 –
Panda 10.0.3.5 2011.11.16 Suspicious file
PCTools 8.0.0.5 2011.11.16 –
Prevx 3.0 2011.11.16 –
Rising 23.84.02.02 2011.11.16 –
Sophos 4.71.0 2011.11.16 Mal/Delf-DQ
SUPERAntiSpyware 4.40.0.1006 2011.11.16 –
Symantec 20111.2.0.82 2011.11.16 –
TheHacker 6.7.0.1.343 2011.11.16 –
TrendMicro 9.500.0.1008 2011.11.16 –
TrendMicro-HouseCall 9.500.0.1008 2011.11.16 –
VBA32 3.12.16.4 2011.11.15 –
VIPRE 11060 2011.11.16 Trojan.Win32.Generic!BT
ViRobot 2011.11.16.4776 2011.11.16 –
VirusBuster 14.1.65.0 2011.11.15 –
Additional informationShow all
MD5   : e6258d826a5e11ab09a7eb308932816d
SHA1  : de1a7a40607c2a2ef101a5837fb3f21d842be6b8

File size : 150319 bytes
________
File name: dxhost.exe
Submission date: 2011-11-16 14:12:32 (UTC)
Current status: queued (#3) queued (#3) analysing finished
Result: 15/ 42 (35.7%)
VT Community

not reviewed
Safety score: –
Compact Print results Antivirus Version Last Update Result
AhnLab-V3 2011.11.15.01 2011.11.15 –
AntiVir 7.11.17.183 2011.11.16 –
Antiy-AVL 2.0.3.7 2011.11.16 –
Avast 6.0.1289.0 2011.11.16 –
AVG 10.0.0.1190 2011.11.16 Generic25.CCJU
BitDefender 7.2 2011.11.16 Gen:Variant.Kazy.44423
ByteHero 1.0.0.1 2011.11.14 Trojan.Malware.Obscu.Gen.002
ClamAV 0.97.3.0 2011.11.16 –
Commtouch 5.3.2.6 2011.11.16 –
Comodo 10778 2011.11.14 Heur.Packed.Unknown
DrWeb 5.0.2.03300 2011.11.16 –
Emsisoft 5.1.0.11 2011.11.16 –
eSafe 7.0.17.0 2011.11.15 –
eTrust-Vet 37.0.9569 2011.11.16 –
F-Prot 4.6.5.141 2011.11.16 –
F-Secure 9.0.16440.0 2011.11.16 Gen:Variant.Kazy.44423
Fortinet 4.3.370.0 2011.11.16 W32/Kryptik.CQW!tr
GData 22 2011.11.16 Gen:Variant.Kazy.44423
Ikarus T3.1.1.109.0 2011.11.16 –
Jiangmin 13.0.900 2011.11.15 –
K7AntiVirus 9.119.5466 2011.11.15 –
Kaspersky 9.0.0.837 2011.11.16 HEUR:Trojan.Win32.Generic
McAfee 5.400.0.1158 2011.11.16 Generic Dropper.abl
McAfee-GW-Edition 2010.1D 2011.11.16 –
Microsoft 1.7801 2011.11.16 Trojan:Win32/Sirefef.P
NOD32 6635 2011.11.16 a variant of Win32/Kryptik.VLI
Norman 6.07.13 2011.11.16 –
nProtect 2011-11-16.01 2011.11.16 Gen:Variant.Kazy.44423
Panda 10.0.3.5 2011.11.16 Suspicious file
PCTools 8.0.0.5 2011.11.16 –
Prevx 3.0 2011.11.16 –
Rising 23.84.02.02 2011.11.16 –
Sophos 4.71.0 2011.11.16 Mal/FakeAV-OQ
SUPERAntiSpyware 4.40.0.1006 2011.11.16 Trojan.Agent/Gen-FraudScan[Prod]
Symantec 20111.2.0.82 2011.11.16 –
TheHacker 6.7.0.1.343 2011.11.16 –
TrendMicro 9.500.0.1008 2011.11.16 –
TrendMicro-HouseCall 9.500.0.1008 2011.11.16 –
VBA32 3.12.16.4 2011.11.15 –
VIPRE 11060 2011.11.16 –
ViRobot 2011.11.16.4776 2011.11.16 –
VirusBuster 14.1.65.0 2011.11.15 –
Additional informationShow all
MD5   : b38fe379ab4999133d4cbeceb716416a
SHA1  : f3e1fa04e3aa7b0579200e23bee5628e6fac82c7

File size : 177664 bytes

publisher….: i(c)fSYSt(c)ems
copyright….: i(c)fSYSt(c)ems Corp All Rights reserved
product……: niBluse
description..: niBluse
original name: qathdbqhdlg.exe
internal name: qathdbqhdlg
file version.: 7.R31.37242T RC14.809 alpha

________
File name: exhost.exe
Submission date: 2011-11-16 14:15:38 (UTC)
Current status: finished
Result: 2 /42 (4.8%)
VT Community

malware
Safety score: 0.0%
Compact Print results Antivirus Version Last Update Result
AhnLab-V3 2011.11.15.01 2011.11.15 –
AntiVir 7.11.17.183 2011.11.16 –
Antiy-AVL 2.0.3.7 2011.11.16 –
Avast 6.0.1289.0 2011.11.16 –
AVG 10.0.0.1190 2011.11.16 –
BitDefender 7.2 2011.11.16 –
ByteHero 1.0.0.1 2011.11.14 –
ClamAV 0.97.3.0 2011.11.16 –
Commtouch 5.3.2.6 2011.11.16 –
Comodo 10778 2011.11.14 –
DrWeb 5.0.2.03300 2011.11.16 –
Emsisoft 5.1.0.11 2011.11.16 –
eSafe 7.0.17.0 2011.11.15 –
eTrust-Vet 37.0.9569 2011.11.16 –
F-Prot 4.6.5.141 2011.11.16 –
F-Secure 9.0.16440.0 2011.11.16 –
Fortinet 4.3.370.0 2011.11.16 –
GData 22 2011.11.16 –
Ikarus T3.1.1.109.0 2011.11.16 –
Jiangmin 13.0.900 2011.11.15 –
K7AntiVirus 9.119.5466 2011.11.15 –
Kaspersky 9.0.0.837 2011.11.16 HEUR:Trojan.Win32.Generic
McAfee 5.400.0.1158 2011.11.16 –
McAfee-GW-Edition 2010.1D 2011.11.16 –
Microsoft 1.7801 2011.11.16 –
NOD32 6635 2011.11.16 –
Norman 6.07.13 2011.11.16 –
nProtect 2011-11-16.01 2011.11.16 –
Panda 10.0.3.5 2011.11.16 –
PCTools 8.0.0.5 2011.11.16 –
Prevx 3.0 2011.11.16 –
Rising 23.84.02.02 2011.11.16 –
Sophos 4.71.0 2011.11.16 –
SUPERAntiSpyware 4.40.0.1006 2011.11.16 Trojan.Agent/Gen-FakeSecurity
Symantec 20111.2.0.82 2011.11.16 –
TheHacker 6.7.0.1.343 2011.11.16 –
TrendMicro 9.500.0.1008 2011.11.16 –
TrendMicro-HouseCall 9.500.0.1008 2011.11.16 –
VBA32 3.12.16.4 2011.11.15 –
VIPRE 11060 2011.11.16 –
ViRobot 2011.11.16.4776 2011.11.16 –
VirusBuster 14.1.65.0 2011.11.15 –
Additional informationShow all
MD5   : 805aa66b17cb3b6df005d564e818dbbc
SHA1  : 2b2239797e6f0b80e73323d64a341067506fd913

File size : 36864 bytes

publisher….: n/a
copyright….: n/a
product……: Project1
description..: n/a
original name: 6.exe
internal name: 6
file version.: 1.00

________
File name: xienl.exe
Submission date: 2011-11-16 14:22:15 (UTC)
Current status: queued queued analysing finished
Result: 16/ 42 (38.1%)
VT Community

malware
Safety score: 0.0%
Compact Print results Antivirus Version Last Update Result
AhnLab-V3 2011.11.15.01 2011.11.15 Trojan/Win32.Buzus
AntiVir 7.11.17.183 2011.11.16 –
Antiy-AVL 2.0.3.7 2011.11.16 –
Avast 6.0.1289.0 2011.11.16 Win32:Dropper-gen [Drp]
AVG 10.0.0.1190 2011.11.16 BackDoor.Generic14.BSQF
BitDefender 7.2 2011.11.16 Trojan.Generic.KDV.410352
ByteHero 1.0.0.1 2011.11.14 –
ClamAV 0.97.3.0 2011.11.16 –
Commtouch 5.3.2.6 2011.11.16 W32/DelfCrypt.A.gen!Eldorado
Comodo 10778 2011.11.14 –
DrWeb 5.0.2.03300 2011.11.16 –
Emsisoft 5.1.0.11 2011.11.16 Trojan-Downloader.Win32.Cycbot!A2
eSafe 7.0.17.0 2011.11.15 –
eTrust-Vet 37.0.9569 2011.11.16 –
F-Prot 4.6.5.141 2011.11.16 W32/DelfCrypt.A.gen!Eldorado
F-Secure 9.0.16440.0 2011.11.16 Trojan.Generic.KDV.410352
Fortinet 4.3.370.0 2011.11.16 W32/Delf.DQ!tr
GData 22 2011.11.16 Trojan.Generic.KDV.410352
Ikarus T3.1.1.109.0 2011.11.16 –
Jiangmin 13.0.900 2011.11.15 –
K7AntiVirus 9.119.5466 2011.11.15 Riskware
Kaspersky 9.0.0.837 2011.11.16 Backdoor.Win32.Buterat.dbk
McAfee 5.400.0.1158 2011.11.16 Generic BackDoor.uj
McAfee-GW-Edition 2010.1D 2011.11.16 –
Microsoft 1.7801 2011.11.16 –
NOD32 6635 2011.11.16 a variant of Win32/Injector.KYC
Norman 6.07.13 2011.11.16 –
nProtect 2011-11-16.01 2011.11.16 –
Panda 10.0.3.5 2011.11.16 –
PCTools 8.0.0.5 2011.11.16 –
Prevx 3.0 2011.11.16 –
Rising 23.84.02.02 2011.11.16 –
Sophos 4.71.0 2011.11.16 Mal/Delf-DQ
SUPERAntiSpyware 4.40.0.1006 2011.11.16 –
Symantec 20111.2.0.82 2011.11.16 –
TheHacker 6.7.0.1.343 2011.11.16 –
TrendMicro 9.500.0.1008 2011.11.16 –
TrendMicro-HouseCall 9.500.0.1008 2011.11.16 –
VBA32 3.12.16.4 2011.11.15 –
VIPRE 11060 2011.11.16 Trojan.Win32.Generic!BT
ViRobot 2011.11.16.4776 2011.11.16 –
VirusBuster 14.1.65.0 2011.11.15 –
Additional informationShow all
MD5   : 11342813cf9b33691dd2b51b0aae8009
SHA1  : 5a304e4fe3e43a38a2245e371aeaab4d0f45fa4a

File size : 787699 bytes
Dicha version del ELISTARA 24.28 que los detecta y elimina estará disponible en nuestra web a partir de las 19 h CEST de hoy
saludos

ms, 16-11-2011

__________

NOTA: Los interesados en información sobre contrato de soporte Asistencia Tecnica de SATINFO y/o licencia de uso/actualizaciones de sus utilidades, contacten con info@satinfo.es
__________

Este blog no se hace responsable de las opiniones y comentarios de los textos en los que se cita la Fuente, ofreciendo su contenido solo para facilitar el acceso a la información del mismo.
Virus, , , , , , , , , , , , , , , , , , , , , ,

Puedes seguir cualquier respuesta a esta entrada mediante el canal RSS 2.0. Los comentarios y los pings están cerrados.

Los comentarios están cerrados.

 

Uso de cookies

Este sitio web utiliza cookies para que usted tenga la mejor experiencia de usuario. Si continúa navegando está dando su consentimiento para la aceptación de las mencionadas cookies y la aceptación de nuestra política de cookies, pinche el enlace para mayor información.

ACEPTAR
Aviso de cookies