Pua.Auslogics.Gen!c – Checks the version of Bios, possibly for anti-virtualization

Pua.Auslogics.Gen!c – details crc32: 31926A83 md5: a77389f9b1f74566ec0728b217bc31ab name: 2947307928_driver-updater-setup.exe.exe sha1: f6ce22293a0c3663184ec81b98d0ccedfaf5813e sha256: eb088d43e4b03d0a205cd4c6adf677cecd2d8d67a8b7ad6d6558010ee5d9acf7 size: 387072 ssdeep: 6144 : wtCTrfnddqX7jBoCMvFJR0QSjm3PZhaSysDaKpz7 : wasM0Qn/pysVR7 type: PE32 executable (GUI) Intel 80386, for MS Windows urls: Array yara: Array Security Risk Attention! Characteristics of the …..

Read More

6717292043_nethost.exe.exe – Allocates read-write-execute memory (usually to unpack itself)

6717292043_nethost.exe.exe – details crc32: C98F95EE md5: b146372d2e2262803ed43765c89bffa6 name: 6717292043_nethost.exe.exe sha1: 84cdf2b6c7502544a753cfa8e8b17138c2a40f6e sha256: 6125451328210e3e030bfeca75bc709f279c4a8dbbb4b7c9fe2e297f19646c59 size: 738296 ssdeep: 12288 : cuYCzMZEhMOxRXJpv8xUFdyuVGYjWXE5X/Ch9P49MRfzD : cFCzknOxR5pu6G6W2ChF49MJzD type: PE32 executable (GUI) Intel 80386, for MS Windows urls: Array yara: Array Security Risk Attention! Characteristics of the …..

Read More

Generic.61A – File has been identified by at least 30 AntiVirus engines on VirusTotal as malicious

Generic.61A – details crc32: 784A9779 md5: 914713d358f46cb82396b471fb779c1e name: 1756079729_jZipSetup-r231-n-bc.exe.exe sha1: 6ea628db250ef9536d627f5c6699aff826107171 sha256: 5d5add0161b7acbf1c645965397b798213153988d952147febfbccffde8b7387 size: 1293640 ssdeep: 24576 : CrK69yus8hqY0nUTuRRopfwbWaiuBov11iW6mfBGvVa4b : wyoqFU6RRopfwb3vBop6SBG9aG type: PE32 executable (GUI) Intel 80386, for MS Windows urls: Array yara: Array Security Risk Attention! Characteristics of the …..

Read More

Skodna.E86 – Performs some HTTP requests

Skodna.E86 – details crc32: 8ABED758 md5: d423687604a0afee5a913dc2ccc57d4f name: 4375627013_1381919518_ominent_1.8.26.12.exe.exe sha1: 19087d4a6a2a6e284213240f83b9a17ea3085e9e sha256: 36acf2c1be375e1252c1d25c5c0c0b16ef6928f912c429b28effff243956ca0b size: 2382160 ssdeep: 49152 : cLDJVWTQxemuKf7dgvEsMMbyXriKOfoequ8LZ8hz : xMxemuKxgvUM2HY0Y type: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive urls: Array yara: Array Security Risk …..

Read More

4933607775_smw120c.exe.exe – Queries for the computername

4933607775_smw120c.exe.exe – details crc32: 04C94364 md5: 127bb970eab723578928b148df0027e6 name: 4933607775_smw120c.exe.exe sha1: 326a067b67856a98b1d7a0db8be0aa01b3e90095 sha256: c487ddbe93f098818949bb9c45e3708c5673579c08cbe9ee7fffa1c08a15edb7 size: 3965168 ssdeep: 98304 : a1+5tYhf4KPTxzrcW9QTAMREN1v4bO6gkRxIno2E : a1zJFzQW9QMobPgksxE type: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive urls: Array yara: Array Security Risk …..

Read More

Pua.Auslogics.Gen!c – Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually)

Pua.Auslogics.Gen!c – details crc32: 31926A83 md5: a77389f9b1f74566ec0728b217bc31ab name: 7656541829_driver-updater-setup.exe.exe sha1: f6ce22293a0c3663184ec81b98d0ccedfaf5813e sha256: eb088d43e4b03d0a205cd4c6adf677cecd2d8d67a8b7ad6d6558010ee5d9acf7 size: 387072 ssdeep: 6144 : wtCTrfnddqX7jBoCMvFJR0QSjm3PZhaSysDaKpz7 : wasM0Qn/pysVR7 type: PE32 executable (GUI) Intel 80386, for MS Windows urls: Array yara: Array Security Risk Attention! Characteristics of the …..

Read More

Win32.Trojan.WisdomEyes.16070401.9500.9931 – Queries for the computername

Win32.Trojan.WisdomEyes.16070401.9500.9931 – details crc32: C56BF747 md5: b45fe8d096dcd0ca2c69659b97d1ecd9 name: 3393514094_driver-updater-setup.exe.exe sha1: f532b57c35a26c58e8aa8ab1abd60e1f17474792 sha256: f5539e0956751415afa58999a1c289672b8764476fd4ba3db8d5ee09eb895794 size: 406528 ssdeep: 6144 : 2uHQNdzUFkfVPRUp2hz90UTBRafOCRzGU+EHZCUamX/2SaN9tQz9H5rVL : 1wP1yifT3afJlVZBamX+TN9tWrVL type: PE32 executable (GUI) Intel 80386, for MS Windows urls: Array yara: Array Security Risk Attention! Characteristics of the …..

Read More

Trojan.Win32.Generic!BT – This executable is signed

Trojan.Win32.Generic!BT – details crc32: A0FCA9D0 md5: ab582ff6a74e9f976111ce730d640ad5 name: 0388110193__C3_93_C3_8E_D1_B8_C3_8D_C3_B8__C3_95_C.exe sha1: be287e5018ded2f913e9c9060a18eefe0fa200d1 sha256: 8cbd16eb6ad744f0463991aff04bbbb8ce7e51635dd68025788e9e63ca79d62b size: 4071144 ssdeep: 98304 : yUoSKgN0kcE5pK8jf6IVLBKSIZSXh99YeT : yTAN0Oz7SHZWT type: PE32 executable (GUI) Intel 80386, for MS Windows urls: Array yara: Array Security Risk Attention! Characteristics of the …..

Read More

5597212521_ATLauncher.exe.exe – Queries for the computername

5597212521_ATLauncher.exe.exe – details crc32: 0948C862 md5: 0af968e79897133b9d9b936ccdb24a8f name: 5597212521_ATLauncher.exe.exe sha1: 639bcab3a9c20d9822ed737d2f37ff8bd874afea sha256: 91c7a0e75aa0aebccf436696f496c85542009bcce2cfc8eb4558bc15977bc1b4 size: 243712 ssdeep: 6144 : CQCXfNwVGxsTBx9++MxikvqUvLjToGtVw : CQeYGxsTV++MxikvqUvLjToGc type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows urls: Array yara: Array Security Risk Attention! Characteristics …..

Read More

2024915334_searchlike.exe.exe – Installs itself for autorun at Windows startup

2024915334_searchlike.exe.exe – details crc32: A2813FD0 md5: 4fd7e80af84de06de3d89d933409ec49 name: 2024915334_searchlike.exe.exe sha1: 801069aac45a718a8f0467454d8b32671857f05f sha256: 097087cad5bb2ad949ce78a0ee71b1ce006008884da7c2b99c30860e62b9e51f size: 230568 ssdeep: 6144 : fKOo10xjr7RiXh4rBMlmJ32umUeJZtbhQnXr8ifJC : k1iX7RJrBQgjeJHCnXrfBC type: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed urls: Array yara: Array Security Risk Attention! Characteristics …..

Read More

7054585901_setupos_7198.exe.exe – Checks whether any human activity is being performed by constantly checking whether the foreground window changed

7054585901_setupos_7198.exe.exe – details crc32: 0DD6A3B6 md5: 22fe768797ab5e09ebb7ddfd38568c38 name: 7054585901_setupos_7198.exe.exe sha1: 3c7a01a4b331b94147d4e03a25974845d5cf31a9 sha256: 178467ffc053e8b07bb0d03a98eb182ac7f055ba0944192670db7124caec0132 size: 6069248 ssdeep: 98304 : jmDT8heRVxf1emP9OKkEPnguX755ybBZjQWT41XQarjRgXSdTX/D2ZcoIo : jEeO9pPNV0rQLmarlQkTXatIo type: PE32 executable (GUI) Intel 80386, for MS Windows urls: Array yara: Array Security Risk Attention! Characteristics of the …..

Read More

a variant of Win32/Hao123.H potentially unwanted – Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually)

a variant of Win32/Hao123.H potentially unwanted – details crc32: 9F699098 md5: ae9476855191c6b6998e59e23a15b332 name: 7481377813_attachment; filename= setup_[c=1111]__91215899_o2_.exe sha1: a4f8e57caa3640cbae607e5fd5b7657c1a69d396 sha256: a73813d5f412ac9686a83be7497be0f5d70e499763fdc7c48664b7c0102b42be size: 3923488 ssdeep: 98304 : 7KJvfid/ibeSeYlCBLrJZy/6CcyjWWLl2OpFMUsSQEO1ym : 7Ce/iDeY8l+6EPLl28KcNOMm type: PE32 executable (GUI) Intel 80386, for MS Windows urls: Array yara: …..

Read More

Trojan.GenericKD.3470594 – This executable has a PDB path

Trojan.GenericKD.3470594 – details crc32: C425B1FC md5: 5f15ac42f2db59632154e374b452f743 name: 6416103781_attachment; filename=_wizzupdater.exe_.exe sha1: 5989c76600f112cde7cf0897d40cf866f71488f6 sha256: 7b691bf3a8959ee1c73c5f14d5d6551acb130eb2d3c263d18e68b4bc193575ea size: 4034048 ssdeep: 24576 : cI53ZK8pSLtxZr7WMtzh59+ewDEo6qX4myTpqa91PSSgmNhKmK1LwQawCX1PasL : cIq8qnFtR4oLT0v+hHQVi1ysLnagX type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows urls: Array yara: Array Security Risk Attention! …..

Read More

Gen:Variant.Zusy.215798 – File has been identified by at least 30 AntiVirus engines on VirusTotal as malicious

Gen:Variant.Zusy.215798 – details crc32: 0EC3A24F md5: e8083f90e3b0a6a88e4b4a77a5272a74 name: 4457530452_pro_list.asp_type=42&Fid=352.exe sha1: 699ee57d323a7ddb0caf4d08d649b516c3712e04 sha256: 484e8a0e8903931329c2b1f09c8dc4585ea354eff955c49de9606c1a2aae883b size: 373471 ssdeep: 6144 : MlKoRnEU23mY4ZHw2Nc6JrsDnDeg/uyJVm8i1t/QjxtXJbx7IfuIMzIpdP0EhM+0 : MfEU2k0Deg/fi1tY1t5x4M4dPpRRSZv type: PE32 executable (GUI) Intel 80386, for MS Windows urls: Array yara: Array Security Risk Attention! Characteristics of the …..

Read More

Gen:Variant.Adware.Symmi.60792 – The binary likely contains encrypted or compressed data.

Gen:Variant.Adware.Symmi.60792 – details crc32: 49F5A229 md5: a62d5f0c028f25a51b01350b6a12e2c1 name: 1563340858_attachment; filename=__E8_B4_AA_E5_90_83_E8_9B_87_.exe sha1: 09826e44618a0b386bbf266a1c51e72231c8dd17 sha256: cc0373714bdddf894783fe1f287f711c6b1cf461db8f92aef0d7013701e3ea56 size: 1040992 ssdeep: 24576 : JPKJecZwWJUySDUZzzOUvLaIpgQJs4x2uCdA : N7SitIhzxLaygQJR2uCdA type: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed urls: Array yara: Array Security Risk Attention! …..

Read More

Trojan.Generic.17823447 – One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.

Trojan.Generic.17823447 – details crc32: 380B4AC8 md5: ba0a46c7f87a115a4d13882098a7bf49 name: 6146364881_ClickHeretoDownload-dTmlMXb.exe.exe sha1: 6416b68c4d28f5785eb476c512b39f33d8b6abf3 sha256: 7f60680c70b17ffbb94a8c23acd8840cbee7162edb77566021da52d4159bf06b size: 165576 ssdeep: 3072 : T22ihA0m3BJf0AA9jYavBYs+jlKIsA4zArkztvf1bI1117v/ianDktZFHA : sA0m3T0AYjYapF0lGA4krit1s1wao3Fg type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, Nullsoft Installer self-extracting archive urls: Array …..

Read More

Win32/Adware.Agent.NQE – File has been identified by at least one AntiVirus engine on VirusTotal as malicious

Win32/Adware.Agent.NQE – details crc32: 38ABE5BB md5: 7f335f685fa075c57ba8f36d98ca2397 name: 1548358918_FalcoAnnounceMakerSetup.exe.exe sha1: 34f7f2dfd469b9470351aac60e11bc4163da51ad sha256: cebe848ae7b2b7077c9ce8cec35564de79dd07d8b04edab926d5aedb565467bc size: 477011 ssdeep: 12288 : xQiGq8mL8+iDNdRFrI9RgbRMNWxLphunGGwrQWVkL2KxB6OsrGDQXJ : xQiwG8DdawRMxnsLkLbzd8GkXJ type: PE32 executable (GUI) Intel 80386, for MS Windows urls: Array yara: Array Security Risk Attention! Characteristics of the …..

Read More

6434950523_hp.exe.exe – The binary likely contains encrypted or compressed data.

6434950523_hp.exe.exe – details crc32: 977810DC md5: e432f99f93d63d8ec0f64708231ed3a6 name: 6434950523_hp.exe.exe sha1: 40fe9604ed32fad54d16a6ceeff53612e024edb0 sha256: 7a542658d255c35c4d553efc55df2209e5aa37e096237cc2b0a953ace3ec0f35 size: 511488 ssdeep: 12288 : jycZtx8S8Vwqy1f6KcmMdCOVIHAdHqsngt : jyw8SSE1fidXhKsgt type: PE32 executable (GUI) Intel 80386, for MS Windows urls: Array yara: Array Security Risk Attention! Characteristics of the …..

Read More

Trojan.GenericKD.3470594 – This executable has a PDB path

Trojan.GenericKD.3470594 – details crc32: C425B1FC md5: 5f15ac42f2db59632154e374b452f743 name: 2340799647_attachment; filename=_wizzupdater.exe_.exe sha1: 5989c76600f112cde7cf0897d40cf866f71488f6 sha256: 7b691bf3a8959ee1c73c5f14d5d6551acb130eb2d3c263d18e68b4bc193575ea size: 4034048 ssdeep: 24576 : cI53ZK8pSLtxZr7WMtzh59+ewDEo6qX4myTpqa91PSSgmNhKmK1LwQawCX1PasL : cIq8qnFtR4oLT0v+hHQVi1ysLnagX type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows urls: Array yara: Array Security Risk Attention! …..

Read More

5982835541_nethost.exe.exe – The binary likely contains encrypted or compressed data.

5982835541_nethost.exe.exe – details crc32: 56655276 md5: 2f4b29dd0afdf41ad7acd63ba0032e36 name: 5982835541_nethost.exe.exe sha1: fd827f55c85c1528b3a05c14073f07e4ff718438 sha256: 4b7e44ab5e74b69db9742cc59642538bc39be03977e1c1db8a9ed709130e77ef size: 734200 ssdeep: 12288 : QizCzMZEhMOxRXJpv8xUFdyuVGYjWXE5X/Ch9P49MRI2Yk : QqCzknOxR5pu6G6W2ChF49M6/k type: PE32 executable (GUI) Intel 80386, for MS Windows urls: Array yara: Array Security Risk Attention! Characteristics of the …..

Read More
1 2 3 1,303

Recent Posts

Categories

RSS Trojan Killer

January 2017
M T W T F S S
« Dec    
 1
2345678
9101112131415
16171819202122
23242526272829
3031