Morocco Spiders, Trojan
Barb: Mistress of the Dark side.
Our White hat hacker team, headed by Barb,
( She also heads the Black hat team.)
found this in a file the Jaddies are
spreading around.
Our BSU's have tracked a "Weak induction" that this is the work of
The "Moroco Spiders", recruiting arm.
We have recon teams on this to develop the case.
Win32:KillWin-Y
File size: 135168 bytes |
MD5...: 758123bb84b6af185e5909e5b50e5d |
SHA1..: d0958e8ba1d9c0d4c0d37c7214a9ec |
SHA256: 512024dea1c7d7a25a69122d2a0e2c |
SHA512: e0480ed930d77836396b28cb40f9aa 74e0644b036be9b0269255fdfcf9e9 |
ssdeep: 3072:bxbbZWPQLPZMH9/njiTlm/ |
PEiD..: - |
TrID..: File type identification Win32 Executable Microsoft Visual Basic 6 (86.2%) Win32 Executable Generic (5.8%) Win32 Dynamic Link Library (generic) (5.1%) Generic Win/DOS Executable (1.3%) DOS Executable Generic (1.3%) |
PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x4013cc timedatestamp.....: 0x48e59e36 (Fri Oct 03 04:23:18 2008) machinetype.......: 0x14c (I386) ( 3 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x1df24 0x1e000 7.61 f862670918d11cec726ac5b76d44ec .data 0x1f000 0xb74 0x1000 0.00 620f0b67a91f7f74151bc5be745b71 .rsrc 0x20000 0xc30 0x1000 4.68 0066c558164c1b48b9fa71b768e83c ( 1 imports ) > MSVBVM60.DLL: _CIcos, _adj_fptan, __vbaVarMove, __vbaStrI4, __vbaFreeVar, __vbaFreeVarList, _adj_fdiv_m64, _adj_fprem1, __vbaRecAnsiToUni, __vbaCopyBytes, __vbaStrCat, __vbaSetSystemError, __vbaHresultCheckObj, _adj_fdiv_m32, -, __vbaAryDestruct, __vbaLateMemSt, __vbaOnError, __vbaObjSet, -, _adj_fdiv_m16i, __vbaObjSetAddref, _adj_fdivr_m16i, -, __vbaFpR4, __vbaStrFixstr, __vbaVargVar, _CIsin, __vbaChkstk, EVENT_SINK_AddRef, __vbaGenerateBoundsError, -, -, __vbaAryConstruct2, __vbaObjVar, DllFunctionCall, _adj_fpatan, __vbaRecUniToAnsi, EVENT_SINK_Release, -, _CIsqrt, EVENT_SINK_QueryInterface, __vbaExceptHandler, _adj_fprem, _adj_fdivr_m64, -, __vbaFPException, __vbaInStrVar, -, _CIlog, __vbaErrorOverflow, __vbaNew2, _adj_fdiv_m32i, _adj_fdivr_m32i, __vbaFreeStrList, _adj_fdivr_m32, _adj_fdiv_r, -, __vbaVarTstNe, __vbaVarSetVar, __vbaI4Var, __vbaLateMemCall, __vbaVarDup, __vbaStrToAnsi, _CIatan, __vbaStrMove, _allmul, _CItan, _CIexp, __vbaFreeObj, __vbaFreeStr ( 0 exports ) |
Only 6 of 40 antivirus engines spotted it.
Trend Micro missed it.
We believe it disables your PC.
Gerald
.
Labels: Morocco Spiders, Trojan
0 Comments:
Post a Comment
Subscribe to Post Comments [Atom]
<< Home