Variantes de Backdoor EXI (CYCBOT) descargados o creados por dropper creado por VBNA

Publicado el 11 noviembre 2011 ¬ 13:25 pmh.mscComentarios desactivados en Variantes de Backdoor EXI (CYCBOT) descargados o creados por dropper creado por VBNA

 

Varios backdoors de la misma familia han sido creados o descargados por el VBNA, los cuales pasamos a controlarlos a partir del ELITRIIP 7.64 de hoy, y que en el preanalisis ofrecen estos informes:

File name: 0BCD7.exe
Submission date: 2011-11-11 10:28:12 (UTC)
Current status: finished
Result: 15 /42 (35.7%)
VT Community

malware
Safety score: 0.0%
Compact Print results Antivirus Version Last Update Result
AhnLab-V3 2011.11.11.00 2011.11.11 Trojan/Win32.Jorik
AntiVir 7.11.17.131 2011.11.11 TR/Crypt.XPACK.Gen6
Antiy-AVL 2.0.3.7 2011.11.11 –
Avast 6.0.1289.0 2011.11.11 Win32:Cycbot-OE [Trj]
AVG 10.0.0.1190 2011.11.11 Win32/Cryptor
BitDefender 7.2 2011.11.11 –
ByteHero 1.0.0.1 2011.11.04 –
CAT-QuickHeal 11.00 2011.11.11 –
ClamAV 0.97.3.0 2011.11.11 –
Commtouch 5.3.2.6 2011.11.11 –
Comodo 10745 2011.11.11 –
DrWeb 5.0.2.03300 2011.11.11 BackDoor.Gbot.1534
Emsisoft 5.1.0.11 2011.11.11 –
eSafe 7.0.17.0 2011.11.10 –
eTrust-Vet 37.0.9563 2011.11.11 Win32/OpenCloud.A!generic
F-Prot 4.6.5.141 2011.11.10 –
F-Secure 9.0.16440.0 2011.11.11 –
Fortinet 4.3.370.0 2011.11.11 –
GData 22 2011.11.11 Win32:Cycbot-OE
Ikarus T3.1.1.109.0 2011.11.11 –
Jiangmin 13.0.900 2011.11.10 –
K7AntiVirus 9.119.5433 2011.11.10 –
Kaspersky 9.0.0.837 2011.11.11 Trojan.Win32.Jorik.Gbot.rgg
McAfee 5.400.0.1158 2011.11.11 BackDoor-EXI.gen.aa
McAfee-GW-Edition 2010.1D 2011.11.10 –
Microsoft 1.7801 2011.11.11 Backdoor:Win32/Cycbot.B
NOD32 6620 2011.11.11 a variant of Win32/Kryptik.VFV
Norman 6.07.13 2011.11.10 W32/Cycbot.EH
nProtect 2011-11-11.01 2011.11.11 –
Panda 10.0.3.5 2011.11.10 Suspicious file
PCTools 8.0.0.5 2011.11.11 –
Prevx 3.0 2011.11.11 –
Rising 23.83.01.01 2011.11.08 –
Sophos 4.71.0 2011.11.11 Mal/FakeAV-IS
SUPERAntiSpyware 4.40.0.1006 2011.11.11 –
TheHacker 6.7.0.1.342 2011.11.11 –
TrendMicro 9.500.0.1008 2011.11.11 –
TrendMicro-HouseCall 9.500.0.1008 2011.11.11 –
VBA32 3.12.16.4 2011.11.10 –
VIPRE 11019 2011.11.11 Trojan.Win32.Generic!BT
ViRobot 2011.11.11.4768 2011.11.11 –
VirusBuster 14.1.57.0 2011.11.10 –
Additional informationShow all
MD5   : 842b92fd21180064f43acce65f865237
SHA1  : cb7bcda851cc603c187dc9eb320a865bf05d283b

File size : 174592 bytes

______
File name: 4 tmp
Submission date: 2011-11-11 12:01:41 (UTC)
Current status: finished
Result: 21 /43 (48.8%)
VT Community

malware
Safety score: 0.0%
Compact Print results Antivirus Version Last Update Result
AhnLab-V3 2011.11.10.00 2011.11.10 Trojan/Win32.Jorik
AntiVir 7.11.17.121 2011.11.10 –
Antiy-AVL 2.0.3.7 2011.11.10 –
Avast 6.0.1289.0 2011.11.10 Win32:Cycbot-OE [Trj]
AVG 10.0.0.1190 2011.11.10 PSW.Generic9.AMQY
BitDefender 7.2 2011.11.10 Gen:Variant.Kazy.43376
ByteHero 1.0.0.1 2011.11.04 –
CAT-QuickHeal 11.00 2011.11.10 –
ClamAV 0.97.3.0 2011.11.10 –
Commtouch 5.3.2.6 2011.11.10 –
Comodo 10735 2011.11.10 –
DrWeb 5.0.2.03300 2011.11.10 Trojan.PWS.Siggen.29702
Emsisoft 5.1.0.11 2011.11.10 Trojan-PWS.Win32.Fareit!IK
eSafe 7.0.17.0 2011.11.09 –
eTrust-Vet 37.0.9562 2011.11.10 –
F-Prot 4.6.5.141 2011.11.10 –
F-Secure 9.0.16440.0 2011.11.10 Gen:Variant.Kazy.43376
Fortinet 4.3.370.0 2011.11.10 –
GData 22 2011.11.10 Gen:Variant.Kazy.43376
Ikarus T3.1.1.109.0 2011.11.10 Trojan-PWS.Win32.Fareit
Jiangmin 13.0.900 2011.11.10 –
K7AntiVirus 9.119.5423 2011.11.09 –
Kaspersky 9.0.0.837 2011.11.10 Trojan.Win32.FakeAV.iqow
McAfee 5.400.0.1158 2011.11.10 BackDoor-EXI.gen.aa
McAfee-GW-Edition 2010.1D 2011.11.10 –
Microsoft 1.7801 2011.11.10 PWS:Win32/Fareit.gen!C
NOD32 6618 2011.11.10 a variant of Win32/Kryptik.VFG
Norman 6.07.13 2011.11.10 W32/Cycbot.EH
nProtect 2011-11-10.01 2011.11.10 Gen:Variant.Kazy.43376
Panda 10.0.3.5 2011.11.10 Suspicious file
PCTools 8.0.0.5 2011.11.10 –
Prevx 3.0 2011.11.11 Medium Risk Malware
Rising 23.83.01.01 2011.11.08 –
Sophos 4.71.0 2011.11.10 Mal/FakeAV-IS
SUPERAntiSpyware 4.40.0.1006 2011.11.10 –
Symantec 20111.2.0.82 2011.11.10 –
TheHacker 6.7.0.1.341 2011.11.10 –
TrendMicro 9.500.0.1008 2011.11.10 TROJ_KAZY.SMO
TrendMicro-HouseCall 9.500.0.1008 2011.11.10 TROJ_KAZY.SMO
VBA32 3.12.16.4 2011.11.10 –
VIPRE 11012 2011.11.10 Trojan.Win32.Generic!BT
ViRobot 2011.11.10.4766 2011.11.10 –
VirusBuster 14.1.56.0 2011.11.10 –
Additional informationShow all
MD5   : a1d80ed250788260ffd66258555a4876
SHA1  : 10b81c2cdc4a7d645f9058c220587fac79281351

File size : 97792 bytes

_____
File name: 7.tmp
Submission date: 2011-11-04 12:17:33 (UTC)
Current status: finished
Result: 21 /43 (48.8%)
VT Community

malware
Safety score: 0.0%
Compact Print results Antivirus Version Last Update Result
AhnLab-V3 2011.11.04.02 2011.11.04 Trojan/Win32.Agent
AntiVir 7.11.17.10 2011.11.04 –
Antiy-AVL 2.0.3.7 2011.11.04 –
Avast 6.0.1289.0 2011.11.04 Win32:Cycbot-NY [Trj]
AVG 10.0.0.1190 2011.11.04 Generic25.BHNL
BitDefender 7.2 2011.11.04 Gen:Variant.TDss.71
ByteHero 1.0.0.1 2011.11.04 –
CAT-QuickHeal 11.00 2011.11.04 –
ClamAV 0.97.3.0 2011.11.04 –
Commtouch 5.3.2.6 2011.11.04 –
Comodo 10660 2011.11.04 UnclassifiedMalware
DrWeb 5.0.2.03300 2011.11.04 –
Emsisoft 5.1.0.11 2011.11.04 –
eSafe 7.0.17.0 2011.11.02 –
eTrust-Vet 36.1.8656 2011.11.04 –
F-Prot 4.6.5.141 2011.11.04 –
F-Secure 9.0.16440.0 2011.11.04 Gen:Variant.TDss.71
Fortinet 4.3.370.0 2011.11.04 –
GData 22 2011.11.04 Gen:Variant.TDss.71
Ikarus T3.1.1.107.0 2011.11.04 –
Jiangmin 13.0.900 2011.11.03 –
K7AntiVirus 9.116.5386 2011.11.03 –
Kaspersky 9.0.0.837 2011.11.04 Trojan-PSW.Win32.Agent.ztf
McAfee 5.400.0.1158 2011.11.04 Artemis!F1DC7CF1CC0A
McAfee-GW-Edition 2010.1D 2011.11.04 Artemis!F1DC7CF1CC0A
Microsoft 1.7801 2011.11.04 PWS:Win32/Fareit.gen!C
NOD32 6600 2011.11.04 a variant of Win32/Kryptik.UWH
Norman 6.07.13 2011.11.04 W32/Cycbot.EN
nProtect 2011-11-04.01 2011.11.04 Gen:Variant.TDss.71
Panda 10.0.3.5 2011.11.03 Suspicious file
PCTools 8.0.0.5 2011.11.04 Trojan.Gen
Prevx 3.0 2011.11.04 High Risk Cloaked Malware
Rising 23.82.02.02 2011.11.02 –
Sophos 4.71.0 2011.11.04 Mal/FakeAV-IS
SUPERAntiSpyware 4.40.0.1006 2011.11.04 Trojan.Agent/Gen-NumTemp
Symantec 20111.2.0.82 2011.11.04 Trojan.Gen.2
TheHacker 6.7.0.1.338 2011.11.04 –
TrendMicro 9.500.0.1008 2011.11.04 –
TrendMicro-HouseCall 9.500.0.1008 2011.11.04 –
VBA32 3.12.16.4 2011.11.04 –
VIPRE 10960 2011.11.04 Trojan.Win32.FakeAV.IS (v)
ViRobot 2011.11.4.4755 2011.11.04 –
VirusBuster 14.1.44.0 2011.11.03 –
Additional informationShow all
MD5   : f1dc7cf1cc0a34caaf5a8ccca9d01787
SHA1  : 98cd26168c49e0ede4ed8b9ca7cc028e8312ed25

File size : 99328 bytes
_____
File name: cthost.exe
Submission date: 2011-11-10 16:31:38 (UTC)
Current status: finished
Result: 15 /43 (34.9%)
VT Community

malware
Safety score: 0.0%
Compact Print results Antivirus Version Last Update Result
AhnLab-V3 2011.11.10.00 2011.11.10 –
AntiVir 7.11.17.121 2011.11.10 –
Antiy-AVL 2.0.3.7 2011.11.10 –
Avast 6.0.1289.0 2011.11.10 Win32:Cycbot-OE [Trj]
AVG 10.0.0.1190 2011.11.10 –
BitDefender 7.2 2011.11.10 Gen:Variant.Kazy.43332
ByteHero 1.0.0.1 2011.11.04 –
CAT-QuickHeal 11.00 2011.11.10 –
ClamAV 0.97.3.0 2011.11.10 –
Commtouch 5.3.2.6 2011.11.10 –
Comodo 10735 2011.11.10 –
DrWeb 5.0.2.03300 2011.11.10 BackDoor.Gbot.1521
Emsisoft 5.1.0.11 2011.11.10 –
eSafe 7.0.17.0 2011.11.09 –
eTrust-Vet 37.0.9562 2011.11.10 –
F-Prot 4.6.5.141 2011.11.10 –
F-Secure 9.0.16440.0 2011.11.10 Gen:Variant.Kazy.43332
Fortinet 4.3.370.0 2011.11.10 –
GData 22 2011.11.10 Gen:Variant.Kazy.43332
Ikarus T3.1.1.109.0 2011.11.10 –
Jiangmin 13.0.900 2011.11.10 –
K7AntiVirus 9.119.5433 2011.11.10 –
Kaspersky 9.0.0.837 2011.11.10 Trojan.Win32.Jorik.Gbot.rfj
McAfee 5.400.0.1158 2011.11.10 BackDoor-EXI.gen.aa
McAfee-GW-Edition 2010.1D 2011.11.10 –
Microsoft 1.7801 2011.11.10 Backdoor:Win32/Cycbot.G
NOD32 6618 2011.11.10 a variant of Win32/Kryptik.VFG
Norman 6.07.13 2011.11.10 W32/Cycbot.EH
nProtect 2011-11-10.01 2011.11.10 Gen:Variant.Kazy.43332
Panda 10.0.3.5 2011.11.10 Suspicious file
PCTools 8.0.0.5 2011.11.10 –
Prevx 3.0 2011.11.10 –
Rising 23.83.01.01 2011.11.08 –
Sophos 4.71.0 2011.11.10 Mal/FakeAV-IS
SUPERAntiSpyware 4.40.0.1006 2011.11.10 –
Symantec 20111.2.0.82 2011.11.10 –
TheHacker 6.7.0.1.341 2011.11.10 –
TrendMicro 9.500.0.1008 2011.11.10 –
TrendMicro-HouseCall 9.500.0.1008 2011.11.10 TROJ_GEN.RC1C7KA
VBA32 3.12.16.4 2011.11.10 –
VIPRE 11012 2011.11.10 Trojan.Win32.Generic!BT
ViRobot 2011.11.10.4766 2011.11.10 –
VirusBuster 14.1.57.0 2011.11.10 –
Additional informationShow all
MD5   : da7eb330833b1163b08442d6e577a00d
SHA1  : 9c0fbbbd11f43870b8702ed9f40651ac39fd98f8

File size : 284672 bytes

_____
File name: lvvm.exe
Submission date: 2011-11-11 10:32:41 (UTC)
Current status: finished
Result: 14 /43 (32.6%)
VT Community

malware
Safety score: 0.0%
Compact Print results Antivirus Version Last Update Result
AhnLab-V3 2011.11.11.00 2011.11.11 Trojan/Win32.Jorik
AntiVir 7.11.17.132 2011.11.11 TR/Crypt.XPACK.Gen6
Antiy-AVL 2.0.3.7 2011.11.11 –
Avast 6.0.1289.0 2011.11.11 Win32:Cycbot-OE [Trj]
AVG 10.0.0.1190 2011.11.11 Win32/Cryptor
BitDefender 7.2 2011.11.11 –
ByteHero 1.0.0.1 2011.11.04 –
CAT-QuickHeal 11.00 2011.11.11 –
ClamAV 0.97.3.0 2011.11.11 –
Commtouch 5.3.2.6 2011.11.11 –
Comodo 10745 2011.11.11 –
DrWeb 5.0.2.03300 2011.11.11 –
Emsisoft 5.1.0.11 2011.11.11 –
eSafe 7.0.17.0 2011.11.10 –
eTrust-Vet 37.0.9563 2011.11.11 Win32/OpenCloud.A!generic
F-Prot 4.6.5.141 2011.11.10 –
F-Secure 9.0.16440.0 2011.11.11 –
Fortinet 4.3.370.0 2011.11.11 –
GData 22 2011.11.11 Win32:Cycbot-OE
Ikarus T3.1.1.109.0 2011.11.11 –
Jiangmin 13.0.900 2011.11.10 –
K7AntiVirus 9.119.5433 2011.11.10 –
Kaspersky 9.0.0.837 2011.11.11 Trojan.Win32.Jorik.Gbot.rga
McAfee 5.400.0.1158 2011.11.11 BackDoor-EXI.gen.aa
McAfee-GW-Edition 2010.1D 2011.11.10 –
Microsoft 1.7801 2011.11.11 Backdoor:Win32/Cycbot.B
NOD32 6620 2011.11.11 Win32/Cycbot.AF
Norman 6.07.13 2011.11.10 W32/Cycbot.EH
nProtect 2011-11-11.01 2011.11.11 –
Panda 10.0.3.5 2011.11.10 Suspicious file
PCTools 8.0.0.5 2011.11.11 –
Prevx 3.0 2011.11.11 –
Rising 23.83.01.01 2011.11.08 –
Sophos 4.71.0 2011.11.11 Mal/FakeAV-IS
SUPERAntiSpyware 4.40.0.1006 2011.11.11 –
Symantec 20111.2.0.82 2011.11.11 –
TheHacker 6.7.0.1.342 2011.11.11 –
TrendMicro 9.500.0.1008 2011.11.11 –
TrendMicro-HouseCall 9.500.0.1008 2011.11.11 –
VBA32 3.12.16.4 2011.11.10 –
VIPRE 11019 2011.11.11 Trojan.Win32.Generic!BT
ViRobot 2011.11.11.4768 2011.11.11 –
VirusBuster 14.1.57.0 2011.11.10 –
Additional informationShow all
MD5   : 882ce6e90b73155ee46cd9af437693df
SHA1  : d2ae6083e17fd443e84dd74bff80c40a83d6888a

File size : 190464 bytes
Dicha version 7.64 del ELITRIIP, que los detecta y elimina,  estará disponible en nuestra web a partir de las 15 h CEST de hoy

saludos

ms, 11-11-2011

__________

NOTA: Los interesados en información sobre contrato de soporte Asistencia Tecnica de SATINFO y/o licencia de uso/actualizaciones de sus utilidades, contacten con info@satinfo.es
__________

Este blog no se hace responsable de las opiniones y comentarios de los textos en los que se cita la Fuente, ofreciendo su contenido solo para facilitar el acceso a la información del mismo.
Virus, , , , , , , , , , , , , , , , , , , , , , , , , ,

Puedes seguir cualquier respuesta a esta entrada mediante el canal RSS 2.0. Los comentarios y los pings están cerrados.

Los comentarios están cerrados.

 

Uso de cookies

Este sitio web utiliza cookies para que usted tenga la mejor experiencia de usuario. Si continúa navegando está dando su consentimiento para la aceptación de las mencionadas cookies y la aceptación de nuestra política de cookies, pinche el enlace para mayor información.

ACEPTAR
Aviso de cookies