X97M.Downloader.BZ – One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.

X97M.Downloader.BZ – details crc32: 4A47019A md5: d6725f450e4b64e51ee229f44b831034 name: INVOICE.TAM_74138_20161129_9C0142051.xls sha1: 3c066322efe442db50e0ebf73457605747917390 sha256: 5705d03fc3010a009e5808b84a9c6014e1bfc7a63f3558823019f730198af663 size: 44348 ssdeep: 768 : +xHFvVVxQIvEMKR/njr5t6MYxYvP+Kq0dzt/lfXimYD9NaFiZ : +Ztx5K3UMYajq0dzffXimYfoiZ type: Microsoft Excel 2007+ urls: Array yara: Array Security Risk Attention! Characteristics of the security risk was identified in …..

Read More

Troj.Msword.Agent!c – Queries for the computername

Troj.Msword.Agent!c – details crc32: 049F32A9 md5: f95e2d097aaac29257550e6470181c5b name: INVOICE.TAM_566964_20161129_D55E9DDC1.xls sha1: 0a3dcaee30d902af4e8a2fa677188a3170a6a99f sha256: 81dde58f511622bc21046b184404eebfc83b61c2d2da9e544cad0b421a7a230a size: 44399 ssdeep: 768 : +xE4EQmXzBd9ttyvWx9Yp41wWWoTp1RHXG1DDIDB9fQqzxMpMNaFiJ : +yXtbtiWx9YIwJK7RHXGNDIDTZzSYoiJ type: Microsoft Excel 2007+ urls: Array yara: Array Security Risk Attention! Characteristics of the security risk was identified in …..

Read More

ehv30ei – File has been identified by at least one AntiVirus engine on VirusTotal as malicious

ehv30ei – details crc32: C43594FF md5: 614d0f9bc6beb038c55766e162abe535 name: ehv30ei sha1: 9ef590112d4fcadd892c3f2f0133e6afee20d831 sha256: d67c692f34953d5c85c7c6831fc6a88cb6255aeab67586d58027d80fda776ba4 size: 152635 ssdeep: 3072 : cX7G/pCbcuAA7bWO4EuyAzhWSBpEoYG0NuVDUbKFcM7DGqSg3rKO8T8 : cXO0wuAA7bwUs50hbIr65AKO8I type: data urls: Array yara: Array Security Risk Attention! Characteristics of the security risk was identified in the system: …..

Read More

5895418122_RibbonFinder2010x86-ProfessionalPlus.ex.exe – This executable is signed

5895418122_RibbonFinder2010x86-ProfessionalPlus.ex.exe – details crc32: 97C60E37 md5: f7313a8e0568960713a81d34ce62474a name: 5895418122_RibbonFinder2010x86-ProfessionalPlus.ex.exe sha1: a1178faff2dc210d2686427b06bcec8019d09575 sha256: d923b8e572ad5d4561745850ca8dbba3ebf7933ae68cd194a1c4820ca4ac5658 size: 4792472 ssdeep: 98304 : nhvVxxfbeG16fyHNH5VigCN+ItXdVylspT7Dbaflo2RTmqvDBJa : hZdu8zVBZIttQlcKfZLa type: PE32 executable (GUI) Intel 80386, for MS Windows urls: Array yara: Array Security Risk Attention! Characteristics of the …..

Read More

8501720250_nethost.exe.exe – Queries information on disks, possibly for anti-virtualization

8501720250_nethost.exe.exe – details crc32: F1ADF536 md5: 05b92a5940158ec694a1212a175bcc6d name: 8501720250_nethost.exe.exe sha1: 196d9cdaa9eb18944c32811ab823f890b5342da9 sha256: 31b78648d6b0638916668bba16acc08e4da431f2a555fe9ab6452e13ac34ac42 size: 812016 ssdeep: 12288 : Et6W8kkSnMm9IzTE5BMyaPhn3hpohyqky/VBHyaFe7Wj : Et6lCMsOMHaBLUyqkIgSe7Wj type: PE32 executable (GUI) Intel 80386, for MS Windows urls: Array yara: Array Security Risk Attention! Characteristics of the …..

Read More

Adware.Downware.13962 – File has been identified by at least one AntiVirus engine on VirusTotal as malicious

Adware.Downware.13962 – details crc32: CDCB425C md5: c9c65bde44e60e4abdd6b7a262223535 name: 2231585703_hpr_27_site_update.exe.exe sha1: 35f8acc0189cc6b862971bc2eda0c4ecd0f44f18 sha256: 5feb4a88526b0354a2836fd58aeceb1bf473e316dbe3a5d2f8b7c75dff1e992c size: 4907600 ssdeep: 98304 : UxQPxA0JSTYogiAkFL3c5OtIb9kG62H39/t7WKkcAR : U25AQJoJdL3wGG68RZlAR type: PE32 executable (GUI) Intel 80386, for MS Windows urls: Array yara: Array Security Risk Attention! Characteristics of the …..

Read More

9649783846_doc.exe.exe – Queries for the computername

9649783846_doc.exe.exe – details crc32: 43B20A9F md5: fbf46f7f2aec2a0b1d339620e2ca65f6 name: 9649783846_doc.exe.exe sha1: 98cac3cc618085f00de5df30b9a59d736ec2333e sha256: 328c2b42d4e1770fe7c08ba2d02996bc8014a6864ea740b0586415b76a62a393 size: 293242 ssdeep: 6144 : gy9v17kwzERlV++cNqWii7U0nae3n8MNXwdU6pxNbRKl+KeDgv+6kQ7 : x97k1CNd7U0as/gdU6px1R0eDg26kq type: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive urls: Array yara: Array Security Risk …..

Read More

trojan.win32.dorv.b!rfn – Checks whether any human activity is being performed by constantly checking whether the foreground window changed

trojan.win32.dorv.b!rfn – details crc32: 222FA6C7 md5: aee243d7c6ffaddff9f3d8d2c2cda19a name: 5187509012_attachment; filename=_RAFBCSetup.exe_.exe sha1: 34f8859892b49265d18c0abaf85fe9fcc0d21e55 sha256: 98d0d1c67907937afc530a4c5ac85402e57ce75c93ae80e441c07b52db751677 size: 532784 ssdeep: 12288 : WQFaXiHnLDcdey+Jqf+hVK5n3SFhUZ14O8HRwOABZm8/k : WQFDHnLQerVKFCFjWOABjk type: PE32 executable (GUI) Intel 80386, for MS Windows urls: Array yara: Array Security Risk Attention! Characteristics of …..

Read More

1501887946_inline; filename=RobloxStudioLauncherBeta.exe.exe – Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually)

1501887946_inline; filename=RobloxStudioLauncherBeta.exe.exe – details crc32: 43010F8D md5: 995667df26df79fc189bc11d140828a0 name: 1501887946_inline; filename=RobloxStudioLauncherBeta.exe.exe sha1: c304f3e8c2fba52bbd330b74070480efd4a1686e sha256: bf159690bed922f98a038cf9ce46d901f58926fc352895350dbb302fdb393118 size: 1069624 ssdeep: 24576 : 3R0d3U3aqtuvZ/DHBdp2ny1NAjVEGAgPSlT4UWcMDk7z : WN2usalTKcMg7z type: PE32 executable (GUI) Intel 80386, for MS Windows urls: Array yara: Array Security Risk Attention! Characteristics …..

Read More

Win32:Evo-gen [Susp] – File has been identified by at least one AntiVirus engine on VirusTotal as malicious

Win32:Evo-gen [Susp] – details crc32: 5CE01868 md5: a78b4424187e691fcf0b46698a8f2ff1 name: 0700776183_Creata-Tree v3.1.0.exe.exe sha1: afaaccf8982d2ae1b074c88f3afe3dcdff86587f sha256: 4601446f8c377813090f81f1efc2d0ee3f2698a15078469b7adf415f5c047705 size: 1698568 ssdeep: 49152 : cejDHEf234VQjAmMCTtCBBj02rqESzoigPObsr8 : rDHEupjA1hB10zgPObsI type: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive urls: Array yara: Array …..

Read More

W32.Sality.mgnJ – Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually)

W32.Sality.mgnJ – details crc32: 25E1CB83 md5: c7f9a430e2678a7750e6cabec5b46ef2 name: 2047657263_pptv_yingxiongshendian_3301.exe.exe sha1: 9404cc586b3cb5b3d8c4eead95e956c24b130d1b sha256: d4b76727c58b944bfe5eb72a15d130362b2ca31851d34e84c7a29dcaf6056a57 size: 1005408 ssdeep: 24576 : JZVq0kwMvYIbItv2f6Vngo1EaCDwl48QG0p+c : o01pkbXkrQ1 type: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed urls: Array yara: Array Security Risk Attention! Characteristics …..

Read More

1445644005_speedupmypc.exe.exe – Checks whether any human activity is being performed by constantly checking whether the foreground window changed

1445644005_speedupmypc.exe.exe – details crc32: 3034AA05 md5: 3f2ec3ba48632a2368c774747fb9ad58 name: 1445644005_speedupmypc.exe.exe sha1: ea84dcf43dc41ee3bda8e7ece01fe5d0bbbbc4c3 sha256: fd399751ceb5ed4c25d690f2f10aabeb4dfad6341714029c24748df0481963f0 size: 1380032 ssdeep: 24576 : VxGL0Zn10a1Kle9yg105QPeEF1BEYCFPdLwvi1zDfqDX8LEhoLu/Pr6cKuTFW1 : O6n10a1Kle9yg105Kd12YCVm61fSDWiK type: PE32 executable (GUI) Intel 80386, for MS Windows urls: Array yara: Array Security Risk Attention! Characteristics of the …..

Read More

0265575841_Dont_Tread_On_Me.exe.exe – Installs a Browser Helper Object to thwart the users browsing experience

0265575841_Dont_Tread_On_Me.exe.exe – details crc32: C3E2A7B8 md5: c96e1f758391d6c64364be4e073a4a61 name: 0265575841_Dont_Tread_On_Me.exe.exe sha1: dc329869c0219b45e31b2561fced5a2e096fb137 sha256: abb930035034aa9550ca2b16673592b8a0605907084997e869f4f61f6cc9d9f9 size: 1127184 ssdeep: 24576 : rkdMDFqNCfRoIrANIMnVU0Zcibico/P4UBlAW8EeclPE : rk2fRoI0NTVU0Gco/P47sfE type: PE32 executable (GUI) Intel 80386, for MS Windows urls: Array yara: Array Security Risk Attention! Characteristics of the …..

Read More

5542713478_a.exe.exe – Queries for the computername

5542713478_a.exe.exe – details crc32: CD11E09F md5: 5cf53ff2d717d768c88fa264934f3361 name: 5542713478_a.exe.exe sha1: 63b8ba6b63a44df24f359707c27006901d36244b sha256: b6fdf9369af7d3663274392de89b1d644f86232311e63a4a395dda474e1200ee size: 232833 ssdeep: 3072 : bwJ52Y7ZoH5XJaZ45ku0GJutpaNeVBnLlzcpOpTTOxtgOgEsFB3 : bwHysZPEutpaNeVFloclT7esFB3 type: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive urls: Array yara: Array Security Risk …..

Read More

W32.HfsAdware.35A6 – Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually)

W32.HfsAdware.35A6 – details crc32: A0E7DA31 md5: c3e0d3bd83bf329b09f137d52747b6f4 name: 0830584347_pc-speed-up-setup.exe.exe sha1: c99d6ee78e05e2748bcebe9ca08945faf5f29421 sha256: ba006be9ecab3c960b0debf59b568b85a53e4e0412be3dc20dd3b1e686b80df7 size: 376832 ssdeep: 3072 : kNdEMX6kLVZka5P3BtuLkfpO6j3jEJVx80MDNOqHOVttvyaKhIspDOPUjJE1nDwC : kNyMX9VygdpO6axEOvnKjpDOsji1DX6U type: PE32 executable (GUI) Intel 80386, for MS Windows urls: Array yara: Array Security Risk Attention! Characteristics of the …..

Read More

AdWare.Win32.F1Organizer!O – Creates a windows hook that monitors keyboard input (keylogger)

AdWare.Win32.F1Organizer!O – details crc32: C97A1D8B md5: 625078e4b53ad8ec42e5f5359fea9dd7 name: 6453866835_40035-6499-karaoke-anything.exe.exe sha1: 5ee6e8671e4cfe29cd9402cdec881b486d27bcd7 sha256: da59412fe17654f95fb5ddf3696299e2ce933a6758304064d59ee0a41d59d84c size: 2716520 ssdeep: 49152 : 49dFv6btKun62DB2KyR46akpH9dkJN4C6WFVk8P+O8luTzCDtZ07syjoe3 : 49d8btTFByHpHbkD4xWFVPP+ALsIoi type: PE32 executable (GUI) Intel 80386, for MS Windows urls: Array yara: Array Security Risk Attention! Characteristics of the …..

Read More

5206532927_start_page.exe.exe – Creates a suspicious process

5206532927_start_page.exe.exe – details crc32: 2FC89009 md5: 31a6132927eca616227c650802d97301 name: 5206532927_start_page.exe.exe sha1: 633b7e867e60ee839b7e2ba24d26f9edf6c62268 sha256: 2030f0f9fa95e6e824d12664b48344c6e4fd58e607c96e6300c88a8292d1f743 size: 935640 ssdeep: 24576 : myccWkvnDF7nxQR8gyZw5sDdxeBUKVoTy+yI : myccZxQcy524VoT5yI type: PE32 executable (GUI) Intel 80386, for MS Windows urls: Array yara: Array Security Risk Attention! Characteristics of the …..

Read More

Gen:Variant.Symmi.60792 – This executable is signed

Gen:Variant.Symmi.60792 – details crc32: 49C067CC md5: e6cf7a3c987ada0625981f2a654f5106 name: 0632200087_attachment; filename=__E5_8D_8E_E5_88_9B_E8_AF_81_.exe sha1: bc07c6f13fd14eef6d807b8403701b6fd1a00960 sha256: d28cb0c2ff4d04255043d10f5bc1e44f3b8ebf1a60dfeb5dbfd62fe4f16df468 size: 1040992 ssdeep: 24576 : JPKJecZwWJUySDUEoq7brUjYdd1cG48LiCd+ : N7SitItqrWY31cGR+Cd+ type: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed urls: Array yara: Array Security Risk Attention! …..

Read More

0241220718_setsearchm.exe.exe – Queries for the computername

0241220718_setsearchm.exe.exe – details crc32: 6FFF1232 md5: 4d3ff9cba2e72c28a102a241d8b1dddc name: 0241220718_setsearchm.exe.exe sha1: 1e81043d2a846c89574cefd4a25a9353af56d7df sha256: 812398e6457933be94c79fe29c3da9e43baef4f83e1adbc2214ae49293fb503c size: 2672096 ssdeep: 49152 : gzMLXQ6tdGloRTgdjyfO2VT0z38w+RCs3h+T9PltTWNS2h09F : gl6wD2ySRCs3hQ2+ type: PE32 executable (GUI) Intel 80386, for MS Windows urls: Array yara: Array Security Risk Attention! Characteristics of the …..

Read More

9154661257_51490.exe.exe – Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually)

9154661257_51490.exe.exe – details crc32: 776917E6 md5: d2570667d2f591d9eb7cf8e7d89264d7 name: 9154661257_51490.exe.exe sha1: 10a33c971b1e2a4bdaefd6058ac8a62457b28a94 sha256: 8ae8dd668406d0e60570450f2dd47b2e6d6e1474637c555e643d9dc4ff6d4c6b size: 897024 ssdeep: 12288 : c/nz1lXTn7YDiobi8W4OLLLwtXB9JGX/AI+1NpC : cL1lDnkDiobi8qLL4X0iLC type: PE32 executable (GUI) Intel 80386, for MS Windows urls: Array yara: Array Security Risk Attention! Characteristics of the …..

Read More
1 2 3 1,201

Recent Posts

Categories

RSS Trojan Killer

December 2016
M T W T F S S
« Nov    
 1234
567891011
12131415161718
19202122232425
262728293031