VSUB - Malware Submissions

Details on new malware submitted to anti-malware vendors for inclusion in their products...

Sunday, 12 August 2007

VS0708001 Possible New malware [PolyCrypt?]

Data on a sample of a suspected new malware being seeded
via a spam e-mail with an attached rar file.

I have included data on a sample for your information and analysis.
Also included is data onn the file extracted from the RAR.

1 copy has been trapped so far.

I haven't had a chance to test it on a goat system yet.

============================================================

Details:

FileName: Information (Money Gram).rar
FileDateTime: 12/08/2007 17:48:54
Filesize: 42949
MD5: 0a6f685bd13b8deb963e3c1a8270b66f
CRC32: 476C16CE
File Type: RAR Archive File

Contains:

FileName: MG information for my angel 20870432 5-32 PM 08.11.07 order number 11-0427. jpeg.scr
FileDateTime: 12/08/2007 08:23:30
Filesize: 65872
MD5: 35e750f66efa5edda40d5ed3e3c8694e
CRC32: B52AB8AA
File Type: PE Executable

============================================================

Scan report of: MG information for my angel 20870432 5-32 PM 08.11.07 order number 11-0427. jpeg.scr

@Proventia-VPS -
AntiVir TR/Crypt.CFI.Gen
Avast! -
AVG Win32/PolyCrypt
BitDefender -
ClamAV -
Command -
Dr Web -
eSafe -
eTrust-VET -
eTrust-VET (BETA) -
Ewido -
F-Prot -
F-Secure -
F-Secure (BETA) -
Fortinet suspicious
Fortinet (BETA) suspicious
Ikarus Trojan-Downloader.Win32.Banload.ams
Kaspersky -
McAfee -
McAfee (BETA) -
Microsoft -
Nod32 -
Norman LdPinch.JVR
Panda -
Panda (BETA) -
QuickHeal Suspicious (warning)
Rising Packer.RyCrypt
Sophos Mal/Basine-C
Symantec -
Symantec (BETA) -
Trend Micro -
Trend Micro (BETA) -
VBA32 -
VirusBuster Trojan.DR.Cimuz.Gen.1
WebWasher Trojan.Crypt.CFI.Gen
YY_A-Squared -
YY_Spybot -

============================================================

Labels: ,