About contagio exchange

CONTAGIO EXCHANGE Contagio exchange was created to absorb malware samples shared by readers of Contagio. This is meant to be a community driven malware collection.
Edit Aug 2013 - The community is busy and Mila too so this was not a very active site (my fault probably) so I will be just dumping malware strings here - it often helps in malware identification and googling is the best way.
With just strings, not exactly a fun blog to read but might become s useful resource over time.
I will not be posting samples here, just md5. You can find the corresponding samples on contagio or ping me if you can't find
M
P.S. Robot pictures delivered by Robohash.com (generated from file hashes)

Sunday, March 11, 2012

010 - Crime - GameOver Zeus (with P2P and DGA) -trojan- - Web - Feb 2012

MD5:    29bd4104db1417d8323d124ab355e232

Download (pass infected)





Name Gameover Zeus variant (with P2P and DGA)
Category Crime
type trojan 
vector  Web
Sample credit anonymous
Date Feb 2012


https://www.virustotal.com/file/701b1a1a8f6b59c2ec79776d332a3149f9d5e2ae449214a13a5f76c371fec522/analysis/1331487539/

SHA256:     701b1a1a8f6b59c2ec79776d332a3149f9d5e2ae449214a13a5f76c371fec522
SHA1:     6027557ace4158d21b771503ed3d84f8911134a8
MD5:     29bd4104db1417d8323d124ab355e232
File size:     321.5 KB ( 329192 bytes )
File name:     melt.exe
File type:     Win32 EXE
Detection ratio:     36 / 43
Analysis date:     2012-03-11 17:38:59 UTC ( 0 minutes ago )

Antivirus     Result     Update
AhnLab-V3     Spyware/Win32.Zbot     20120310
AntiVir     TR/PSW.Zbot.142     20120311
Antiy-AVL     Trojan/Win32.Zbot.gen     20120311
Avast     Win32:Crypt-LKD [Trj]     20120311
AVG     PSW.Generic9.BJJL     20120311
BitDefender     Gen:Variant.Kazy.54668     20120311
ByteHero     -     20120309
CAT-QuickHeal     TrojanPWS.Zbot.Y     20120311
ClamAV     Trojan.Spy.Zbot-568     20120311
Commtouch     W32/Zbot.DQ.gen!Eldorado     20120311
Comodo     TrojWare.Win32.Spy.ZBot.DIWT     20120311
DrWeb     Trojan.PWS.Panda.1698     20120311
Emsisoft     Trojan-Spy.Win32.Zbot!IK     20120311
eSafe     -     20120308
eTrust-Vet     Win32/Zbot.AA!generic     20120310
F-Prot     W32/Zbot.DQ.gen!Eldorado     20120311
F-Secure     Gen:Variant.Kazy.54668     20120311
Fortinet     W32/Zbot.DIVN!tr     20120311
GData     Gen:Variant.Kazy.54668     20120311
Ikarus     Trojan-Spy.Win32.Zbot     20120311
Jiangmin     TrojanDropper.Injector.lbl     20120301
K7AntiVirus     Spyware     20120310
Kaspersky     Trojan-Spy.Win32.Zbot.divn     20120311
McAfee     PWS-Zbot.gen.re     20120308
McAfee-GW-Edition     PWS-Zbot.gen.re     20120311
Microsoft     PWS:Win32/Zbot.gen!AF     20120311
NOD32     Win32/Spy.Zbot.AAN     20120311
Norman     W32/Agent.XEHW     20120310
nProtect     Trojan-Spy/W32.ZBot.329192     20120311
Panda     Generic Trojan     20120311
PCTools     -     20120311
Prevx     -     20120311
Rising     -     20120309
Sophos     Troj/Zbot-BJZ     20120311
SUPERAntiSpyware     -     20120308
Symantec     Trojan.Zbot!gen30     20120311
TheHacker     Trojan/Spy.Zbot.dixa     20120309
TrendMicro     TSPY_ZBOT.SMKS     20120311
TrendMicro-HouseCall     TSPY_ZBOT.SMKS     20120311
VBA32     TrojanSpy.Zbot.diwt     20120311
VIPRE     Trojan.Win32.Zbot.bjz (v)     20120311
ViRobot     -     20120311
VirusBuster     TrojanSpy.Zbot!9voVWKfmClE     20120311

No comments
The file is a malware known as "CRDF.Trojan.PWS.Win32.PEx.Delphi.9883274346". Report on this threat: http://threatcenter.crdf.fr/?More&ID=70808 - 70808 -
#malware
Labels: , ,