World Wide Cell
By Gerald: Internet Anthropologist Think Tank
2.1 09
Our BSU's Bot Surveillance Unit, intercept, are tracking a world wide cell with over 200 members.
They claim to have taken down over 300 u.s soldiers computers.
We are taking actions to diminish the threat.
And tracking all members world wide.
Members are from iraq - kuwait - saudi arabia - libya - yemen- algeria - egypt - morroco -syria...
And they anticipate taking down 100 per day in the near future.
They are using Win32:KillWin-Y
| File size: 135168 bytes |
| MD5...: 758123bb84b6af185e5909e5b50e5d |
| SHA1..: d0958e8ba1d9c0d4c0d37c7214a9ec |
| SHA256: 512024dea1c7d7a25a69122d2a0e2c |
| SHA512: e0480ed930d77836396b28cb40f9aa 74e0644b036be9b0269255fdfcf9e9 |
| ssdeep: 3072:bxbbZWPQLPZMH9/njiTlm/ |
| PEiD..: - |
| TrID..: File type identification Win32 Executable Microsoft Visual Basic 6 (86.2%) Win32 Executable Generic (5.8%) Win32 Dynamic Link Library (generic) (5.1%) Generic Win/DOS Executable (1.3%) DOS Executable Generic (1.3%) |
| PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x4013cc timedatestamp.....: 0x48e59e36 (Fri Oct 03 04:23:18 2008) machinetype.......: 0x14c (I386) ( 3 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x1df24 0x1e000 7.61 f862670918d11cec726ac5b76d44ec .data 0x1f000 0xb74 0x1000 0.00 620f0b67a91f7f74151bc5be745b71 .rsrc 0x20000 0xc30 0x1000 4.68 0066c558164c1b48b9fa71b768e83c ( 1 imports ) > MSVBVM60.DLL: _CIcos, _adj_fptan, __vbaVarMove, __vbaStrI4, __vbaFreeVar, __vbaFreeVarList, _adj_fdiv_m64, _adj_fprem1, __vbaRecAnsiToUni, __vbaCopyBytes, __vbaStrCat, __vbaSetSystemError, __vbaHresultCheckObj, _adj_fdiv_m32, -, __vbaAryDestruct, __vbaLateMemSt, __vbaOnError, __vbaObjSet, -, _adj_fdiv_m16i, __vbaObjSetAddref, _adj_fdivr_m16i, -, __vbaFpR4, __vbaStrFixstr, __vbaVargVar, _CIsin, __vbaChkstk, EVENT_SINK_AddRef, __vbaGenerateBoundsError, -, -, __vbaAryConstruct2, __vbaObjVar, DllFunctionCall, _adj_fpatan, __vbaRecUniToAnsi, EVENT_SINK_Release, -, _CIsqrt, EVENT_SINK_QueryInterface, __vbaExceptHandler, _adj_fprem, _adj_fdivr_m64, -, __vbaFPException, __vbaInStrVar, -, _CIlog, __vbaErrorOverflow, __vbaNew2, _adj_fdiv_m32i, _adj_fdivr_m32i, __vbaFreeStrList, _adj_fdivr_m32, _adj_fdiv_r, -, __vbaVarTstNe, __vbaVarSetVar, __vbaI4Var, __vbaLateMemCall, __vbaVarDup, __vbaStrToAnsi, _CIatan, __vbaStrMove, _allmul, _CItan, _CIexp, __vbaFreeObj, __vbaFreeStr ( 0 exports ) |
This will take down a PC.
We have checked it, its a
new version of an older
trojan, basic but inefficent..
Gerald
Tactical Internet Systems analyst
No comments:
Post a Comment