VSUB - Malware Submissions

Details on new malware submitted to anti-malware vendors for inclusion in their products...

Thursday, 8 November 2007

VS0711001 Possible New Malware [Zhelatin?]

Data on a sample of a suspected new malware being seeded
via an e-mail with a link to a website.

I have included data on sample of the file offered on the
site for your information and analysis.

1 copy has been trapped so far.

I haven't had a chance to test it on a goat system yet.

============================================================

Details:

FileName: dancer.exe
FileDateTime: 08/11/2007 09:33:24
Filesize: 125283
MD5: bf9dfa4e8f6ea259b3aff05cf5509215
CRC32: 44507CCE
File Type: PE Executable

============================================================

Scan report of: dancer.exe

@Proventia-VPS -
AntiVir WORM/Zhelatin.Gen
Avast! -
AVG -
BitDefender Trojan.Peed.INS (suspected)
ClamAV -
Command -
Dr Web Trojan.Packed.209
eSafe File [100] (suspicious)
eTrust-VET -
eTrust-VET (BETA) -
Ewido -
F-Prot -
F-Secure -
F-Secure (BETA) -
Fortinet suspicious
Fortinet (BETA) suspicious
Ikarus -
Kaspersky -
McAfee New Malware.cn (trojan or variant)
McAfee (BETA) New Malware.cn (trojan or variant)
Microsoft TrojanDropper:Win32/Nuwar.gen!avkill (suspicious)
Nod32 NewHeur_PE (probably unknown virus)
Norman -
Panda -
Panda (BETA) -
QuickHeal Suspicious (warning)
Rising -
Sophos Mal/Dorf-F
Sunbelt -
Symantec -
Symantec (BETA) Trojan.Peacomm.D
Trend Micro WORM_NUCRP.GEN
Trend Micro (BETA) WORM_NUCRP.GEN
VBA32 -
VirusBuster -
WebWasher Worm.Zhelatin.Gen
YY_A-Squared -
YY_Spybot -

============================================================

Labels: ,

0 Comments:

Post a Comment

Subscribe to Post Comments [Atom]

<< Home