Internet Anthropologist Think Tank: World Wide Cell

  • Search our BLOG

  • HOME
    Terrorist Names SEARCH:

    Sunday, March 01, 2009

    World Wide Cell

    World Wide Cell
    By Gerald: Internet Anthropologist Think Tank
    2.1 09

    Our BSU's Bot Surveillance Unit, intercept, are tracking a world wide cell with over 200 members.
    They claim to have taken down over 300 u.s soldiers computers.

    We are taking actions to diminish the threat.
    And tracking all members world wide.

    Members are from iraq - kuwait - saudi arabia - libya -  yemen- algeria - egypt - morroco -syria...
    And they anticipate taking down 100 per day in the near future.
    They are using Win32:KillWin-Y

    File size: 135168 bytes
    MD5...: 758123bb84b6af185e5909e5b50e5d11
    SHA1..: d0958e8ba1d9c0d4c0d37c7214a9ec72e10c9daf
    SHA256: 512024dea1c7d7a25a69122d2a0e2c787df675709019e4265b33bda19deac03c
    SHA512: e0480ed930d77836396b28cb40f9aa82aab070cf154257c199977f0cd638a7d3
    ssdeep: 3072:bxbbZWPQLPZMH9/njiTlm/K8sJTCVdXjNuJr:bxbbZWQPZQ/nFw+nhu
    PEiD..: -
    TrID..: File type identification
    Win32 Executable Microsoft Visual Basic 6 (86.2%)
    Win32 Executable Generic (5.8%)
    Win32 Dynamic Link Library (generic) (5.1%)
    Generic Win/DOS Executable (1.3%)
    DOS Executable Generic (1.3%)
    PEInfo: PE Structure information

    ( base data )
    entrypointaddress.: 0x4013cc
    timedatestamp.....: 0x48e59e36 (Fri Oct 03 04:23:18 2008)
    machinetype.......: 0x14c (I386)

    ( 3 sections )
    name viradd virsiz rawdsiz ntrpy md5
    .text 0x1000 0x1df24 0x1e000 7.61 f862670918d11cec726ac5b76d44ec
    .data 0x1f000 0xb74 0x1000 0.00 620f0b67a91f7f74151bc5be745b71
    .rsrc 0x20000 0xc30 0x1000 4.68 0066c558164c1b48b9fa71b768e83c

    ( 1 imports ) 
    > MSVBVM60.DLL: _CIcos, _adj_fptan, __vbaVarMove, __vbaStrI4, __vbaFreeVar, __vbaFreeVarList, _adj_fdiv_m64, _adj_fprem1, __vbaRecAnsiToUni, __vbaCopyBytes, __vbaStrCat, __vbaSetSystemError, __vbaHresultCheckObj, _adj_fdiv_m32, -, __vbaAryDestruct, __vbaLateMemSt, __vbaOnError, __vbaObjSet, -, _adj_fdiv_m16i, __vbaObjSetAddref, _adj_fdivr_m16i, -, __vbaFpR4, __vbaStrFixstr, __vbaVargVar, _CIsin, __vbaChkstk, EVENT_SINK_AddRef, __vbaGenerateBoundsError, -, -, __vbaAryConstruct2, __vbaObjVar, DllFunctionCall, _adj_fpatan, __vbaRecUniToAnsi, EVENT_SINK_Release, -, _CIsqrt, EVENT_SINK_QueryInterface, __vbaExceptHandler, _adj_fprem, _adj_fdivr_m64, -, __vbaFPException, __vbaInStrVar, -, _CIlog, __vbaErrorOverflow, __vbaNew2, _adj_fdiv_m32i, _adj_fdivr_m32i, __vbaFreeStrList, _adj_fdivr_m32, _adj_fdiv_r, -, __vbaVarTstNe, __vbaVarSetVar, __vbaI4Var, __vbaLateMemCall, __vbaVarDup, __vbaStrToAnsi, _CIatan, __vbaStrMove, _allmul, _CItan, _CIexp, __vbaFreeObj, __vbaFreeStr

    ( 0 exports ) 

    This will take down a PC.
    We have checked it, its a
    new version of an older
    trojan, basic but inefficent..

    Tactical Internet Systems analyst



    Post a Comment

    Subscribe to Post Comments [Atom]

    << Home