Internet Anthropologist Think Tank: Morocco Spiders, Trojan

  • Search our BLOG


  • HOME
    Terrorist Names SEARCH:
    Loading

    Sunday, February 01, 2009

    Morocco Spiders, Trojan


    Barb: Mistress of the Dark side.

    Our White hat hacker team, headed by Barb,
    ( She also heads the Black hat team.)
    found this in a file the Jaddies are
    spreading around.

    Our BSU's have tracked a "Weak induction" that this is the work of
    The "Moroco Spiders", recruiting arm.


    We have recon teams on this to develop the case.


    Win32:KillWin-Y
    File size: 135168 bytes
    MD5...: 758123bb84b6af185e5909e5b50e5d11
    SHA1..: d0958e8ba1d9c0d4c0d37c7214a9ec72e10c9daf
    SHA256: 512024dea1c7d7a25a69122d2a0e2c787df675709019e4265b33bda19deac03c
    SHA512: e0480ed930d77836396b28cb40f9aa82aab070cf154257c199977f0cd638a7d3
    74e0644b036be9b0269255fdfcf9e9edf1689ab6a70d59411da47988e6140064
    ssdeep: 3072:bxbbZWPQLPZMH9/njiTlm/K8sJTCVdXjNuJr:bxbbZWQPZQ/nFw+nhu
    PEiD..: -
    TrID..: File type identification
    Win32 Executable Microsoft Visual Basic 6 (86.2%)
    Win32 Executable Generic (5.8%)
    Win32 Dynamic Link Library (generic) (5.1%)
    Generic Win/DOS Executable (1.3%)
    DOS Executable Generic (1.3%)
    PEInfo: PE Structure information

    ( base data )
    entrypointaddress.: 0x4013cc
    timedatestamp.....: 0x48e59e36 (Fri Oct 03 04:23:18 2008)
    machinetype.......: 0x14c (I386)

    ( 3 sections )
    name viradd virsiz rawdsiz ntrpy md5
    .text 0x1000 0x1df24 0x1e000 7.61 f862670918d11cec726ac5b76d44ec59
    .data 0x1f000 0xb74 0x1000 0.00 620f0b67a91f7f74151bc5be745b7110
    .rsrc 0x20000 0xc30 0x1000 4.68 0066c558164c1b48b9fa71b768e83c9e

    ( 1 imports )
    > MSVBVM60.DLL: _CIcos, _adj_fptan, __vbaVarMove, __vbaStrI4, __vbaFreeVar, __vbaFreeVarList, _adj_fdiv_m64, _adj_fprem1, __vbaRecAnsiToUni, __vbaCopyBytes, __vbaStrCat, __vbaSetSystemError, __vbaHresultCheckObj, _adj_fdiv_m32, -, __vbaAryDestruct, __vbaLateMemSt, __vbaOnError, __vbaObjSet, -, _adj_fdiv_m16i, __vbaObjSetAddref, _adj_fdivr_m16i, -, __vbaFpR4, __vbaStrFixstr, __vbaVargVar, _CIsin, __vbaChkstk, EVENT_SINK_AddRef, __vbaGenerateBoundsError, -, -, __vbaAryConstruct2, __vbaObjVar, DllFunctionCall, _adj_fpatan, __vbaRecUniToAnsi, EVENT_SINK_Release, -, _CIsqrt, EVENT_SINK_QueryInterface, __vbaExceptHandler, _adj_fprem, _adj_fdivr_m64, -, __vbaFPException, __vbaInStrVar, -, _CIlog, __vbaErrorOverflow, __vbaNew2, _adj_fdiv_m32i, _adj_fdivr_m32i, __vbaFreeStrList, _adj_fdivr_m32, _adj_fdiv_r, -, __vbaVarTstNe, __vbaVarSetVar, __vbaI4Var, __vbaLateMemCall, __vbaVarDup, __vbaStrToAnsi, _CIatan, __vbaStrMove, _allmul, _CItan, _CIexp, __vbaFreeObj, __vbaFreeStr

    ( 0 exports )

    Only 6 of 40 antivirus engines spotted it.
    Trend Micro missed it.

    We believe it disables your PC.

    Gerald
    .

    Labels: ,

    0 Comments:

    Post a Comment

    Subscribe to Post Comments [Atom]

    << Home