VSUB - Malware Submissions

Details on new malware submitted to anti-malware vendors for inclusion in their products...

Monday, 19 March 2007

VS0703001 Possible new malware [Banload?]

Data on a sample of a suspected new malware being downloaded
from a fake e-card site.

This was caught by an end-user.

I have included data on a sample for your information and analysis.

1 copy has been trapped so far.

I haven't had a chance to test them on a goat system yet.

============================================================

Details:

FileName: voxcards.exe
FileDateTime: 19/03/2007 08:44:25
Filesize: 148992
MD5: d9ef82e2e71375404b81e3c846b2461e
CRC32: 87379A9F
File Type: PE Executable
Packer: DoomPack
File Attributes: A

============================================================

Scan report of: voxcards.exe

@Proventia-VPS Malicious (Cancelled)
AntiVir -
Avast! -
AVG -
BitDefender BehavesLike:Trojan.Downloader (suspected)
ClamAV Trojan.Downloader.Banload-11
Command -
Dr Web -
eSafe Trojan/Worm [100] (suspicious)
eTrust-VET -
eTrust-VET (BETA) -
Ewido -
F-Prot -
F-Secure -
F-Secure (BETA) -
Fortinet suspicious
Fortinet (BETA) suspicious
Ikarus BehavesLikeTrojan.Downloader
Kaspersky -
McAfee -
McAfee (BETA) -
Microsoft -
Nod32 -
Norman W32/Downloader (Sandbox)
Panda Suspicious file
Panda (BETA) Suspicious file
QuickHeal Suspicious (warning)
Rising -
Sophos -
Symantec -
Symantec (BETA) -
Trend Micro -
Trend Micro (BETA) -
UNA -
VBA32 -
VirusBuster -
WebWasher Worm.Win32.Malware.gen!94 (suspicious)
YY_Spybot -

============================================================

Labels: ,