Internet Anthropologist Think Tank: World Wide Cell

  • Search our BLOG


  • HOME
    Terrorist Names SEARCH:
    Loading

    Sunday, March 01, 2009

    World Wide Cell


    World Wide Cell
    By Gerald: Internet Anthropologist Think Tank
    2.1 09

    Our BSU's Bot Surveillance Unit, intercept, are tracking a world wide cell with over 200 members.
    They claim to have taken down over 300 u.s soldiers computers.

    We are taking actions to diminish the threat.
    And tracking all members world wide.

    Members are from iraq - kuwait - saudi arabia - libya -  yemen- algeria - egypt - morroco -syria...
    And they anticipate taking down 100 per day in the near future.
    They are using Win32:KillWin-Y

    File size: 135168 bytes
    MD5...: 758123bb84b6af185e5909e5b50e5d11
    SHA1..: d0958e8ba1d9c0d4c0d37c7214a9ec72e10c9daf
    SHA256: 512024dea1c7d7a25a69122d2a0e2c787df675709019e4265b33bda19deac03c
    SHA512: e0480ed930d77836396b28cb40f9aa82aab070cf154257c199977f0cd638a7d3
    74e0644b036be9b0269255fdfcf9e9
    edf1689ab6a70d59411da47988e6140064
    ssdeep: 3072:bxbbZWPQLPZMH9/njiTlm/K8sJTCVdXjNuJr:bxbbZWQPZQ/nFw+nhu
    PEiD..: -
    TrID..: File type identification
    Win32 Executable Microsoft Visual Basic 6 (86.2%)
    Win32 Executable Generic (5.8%)
    Win32 Dynamic Link Library (generic) (5.1%)
    Generic Win/DOS Executable (1.3%)
    DOS Executable Generic (1.3%)
    PEInfo: PE Structure information

    ( base data )
    entrypointaddress.: 0x4013cc
    timedatestamp.....: 0x48e59e36 (Fri Oct 03 04:23:18 2008)
    machinetype.......: 0x14c (I386)

    ( 3 sections )
    name viradd virsiz rawdsiz ntrpy md5
    .text 0x1000 0x1df24 0x1e000 7.61 f862670918d11cec726ac5b76d44ec
    59
    .data 0x1f000 0xb74 0x1000 0.00 620f0b67a91f7f74151bc5be745b71
    10
    .rsrc 0x20000 0xc30 0x1000 4.68 0066c558164c1b48b9fa71b768e83c
    9e

    ( 1 imports ) 
    > MSVBVM60.DLL: _CIcos, _adj_fptan, __vbaVarMove, __vbaStrI4, __vbaFreeVar, __vbaFreeVarList, _adj_fdiv_m64, _adj_fprem1, __vbaRecAnsiToUni, __vbaCopyBytes, __vbaStrCat, __vbaSetSystemError, __vbaHresultCheckObj, _adj_fdiv_m32, -, __vbaAryDestruct, __vbaLateMemSt, __vbaOnError, __vbaObjSet, -, _adj_fdiv_m16i, __vbaObjSetAddref, _adj_fdivr_m16i, -, __vbaFpR4, __vbaStrFixstr, __vbaVargVar, _CIsin, __vbaChkstk, EVENT_SINK_AddRef, __vbaGenerateBoundsError, -, -, __vbaAryConstruct2, __vbaObjVar, DllFunctionCall, _adj_fpatan, __vbaRecUniToAnsi, EVENT_SINK_Release, -, _CIsqrt, EVENT_SINK_QueryInterface, __vbaExceptHandler, _adj_fprem, _adj_fdivr_m64, -, __vbaFPException, __vbaInStrVar, -, _CIlog, __vbaErrorOverflow, __vbaNew2, _adj_fdiv_m32i, _adj_fdivr_m32i, __vbaFreeStrList, _adj_fdivr_m32, _adj_fdiv_r, -, __vbaVarTstNe, __vbaVarSetVar, __vbaI4Var, __vbaLateMemCall, __vbaVarDup, __vbaStrToAnsi, _CIatan, __vbaStrMove, _allmul, _CItan, _CIexp, __vbaFreeObj, __vbaFreeStr

    ( 0 exports ) 

    This will take down a PC.
    We have checked it, its a
    new version of an older
    trojan, basic but inefficent..


    Gerald
    Tactical Internet Systems analyst


    Labels:

    0 Comments:

    Post a Comment

    Subscribe to Post Comments [Atom]

    << Home