MD5 EE0168C4D752DB3720E005B0929EAB7D
Download (pass infected)
Name UPS_Invoice_02142012.PDF.exe
Category crime
type trojan
vector email link
callback IP
77.79.6.191 193.106.172.227
URLs hxxp://core1.ko2-20d-bbnet1.lax.core02.net/0463/1.php
DNS query core1.ko2-20d-bbnet1.lax.core02.ne
Sample credit anonymous
Other links
http://www.mcafee.com/threat-intelligence/malware/default.aspx?id=835902
http://www.threatexpert.com/report.aspx?md5=9ee2136ed046f5d0d7fce32ab9a5c36a '
Disclaimer: no analysis done on the sample, the sample name derived from AV results
Virustotal
SHA256: cadc5e5de727049c9efbbe262f6483f404818b6ea784ea66d155a9b229bc085c
SHA1: 720f2d03eaad4e23ed22cf1886f1bb9abb0617ca
MD5: ee0168c4d752db3720e005b0929eab7d
File size: 421.5 KB ( 431616 bytes )
File name: 720f2d03eaad4e23ed22cf1886f1bb9abb0617ca.bin
File type: Win32 EXE
Detection ratio: 17 / 43
Analysis date: 2012-02-19 00:32:02 UTC ( 1 week, 6 days ago )
AhnLab-V3 Win-Trojan/Spyeyes.431616.B 20120215
AVG Win32/Cryptor 20120216
BitDefender Trojan.Generic.KDV.533579 20120216
ClamAV BC.Heuristic.Trojan.SusPacked.BF-6.A 20120216
Comodo UnclassifiedMalware 20120215
Emsisoft Virus.Win32.Cryptor!IK 20120216
F-Secure Trojan.Generic.KDV.533579 20120216
GData Trojan.Generic.KDV.533579 20120216
Ikarus Virus.Win32.Cryptor 20120216
Kaspersky HEUR:Trojan.Win32.Generic 20120216
McAfee Generic.tfr!bu 20120216
McAfee-GW-Edition Heuristic.BehavesLike.Win32.ModifiedUPX.C 20120215
Microsoft Trojan:Win32/EyeStye.N 20120215
NOD32 a variant of Win32/Kryptik.AAQK 20120216
nProtect Trojan.Generic.KDV.533579 20120215
Sophos Mal/ZboCheMan-A 20120215
TrendMicro-HouseCall - 20120216
193.106.172.227
Host reachable, 144 ms. average
193.106.172.0 - 193.106.175.255
IQHost Ltd
Russian Federation
Maxim Sukhomlin
IQHOST Company
Dinamo 15-22
phone: +7 903 2871074
max@iqhost.ru
77.79.6.191
hst-6-191.duomenucentras.lt
Host reachable, 133 ms. average
77.79.6.0 - 77.79.7.255
Webhosting, collocation services
Lithuania
Remigijus Laurutis
Tilzes 74-320
LT-76247 Siauliai
Lithuania
phone: +37041503500
abuse@aleja.lt
Name UPS_Invoice_02142012.PDF.exe
Category crime
type trojan
vector email link
callback IP
77.79.6.191 193.106.172.227
URLs hxxp://core1.ko2-20d-bbnet1.lax.core02.net/0463/1.php
DNS query core1.ko2-20d-bbnet1.lax.core02.ne
Sample credit anonymous
Other links
http://www.mcafee.com/threat-intelligence/malware/default.aspx?id=835902
http://www.threatexpert.com/report.aspx?md5=9ee2136ed046f5d0d7fce32ab9a5c36a '
Disclaimer: no analysis done on the sample, the sample name derived from AV results
Virustotal
SHA256: cadc5e5de727049c9efbbe262f6483f404818b6ea784ea66d155a9b229bc085c
SHA1: 720f2d03eaad4e23ed22cf1886f1bb9abb0617ca
MD5: ee0168c4d752db3720e005b0929eab7d
File size: 421.5 KB ( 431616 bytes )
File name: 720f2d03eaad4e23ed22cf1886f1bb9abb0617ca.bin
File type: Win32 EXE
Detection ratio: 17 / 43
Analysis date: 2012-02-19 00:32:02 UTC ( 1 week, 6 days ago )
AhnLab-V3 Win-Trojan/Spyeyes.431616.B 20120215
AVG Win32/Cryptor 20120216
BitDefender Trojan.Generic.KDV.533579 20120216
ClamAV BC.Heuristic.Trojan.SusPacked.BF-6.A 20120216
Comodo UnclassifiedMalware 20120215
Emsisoft Virus.Win32.Cryptor!IK 20120216
F-Secure Trojan.Generic.KDV.533579 20120216
GData Trojan.Generic.KDV.533579 20120216
Ikarus Virus.Win32.Cryptor 20120216
Kaspersky HEUR:Trojan.Win32.Generic 20120216
McAfee Generic.tfr!bu 20120216
McAfee-GW-Edition Heuristic.BehavesLike.Win32.ModifiedUPX.C 20120215
Microsoft Trojan:Win32/EyeStye.N 20120215
NOD32 a variant of Win32/Kryptik.AAQK 20120216
nProtect Trojan.Generic.KDV.533579 20120215
Sophos Mal/ZboCheMan-A 20120215
TrendMicro-HouseCall - 20120216
193.106.172.227
Host reachable, 144 ms. average
193.106.172.0 - 193.106.175.255
IQHost Ltd
Russian Federation
Maxim Sukhomlin
IQHOST Company
Dinamo 15-22
phone: +7 903 2871074
max@iqhost.ru
77.79.6.191
hst-6-191.duomenucentras.lt
Host reachable, 133 ms. average
77.79.6.0 - 77.79.7.255
Webhosting, collocation services
Lithuania
Remigijus Laurutis
Tilzes 74-320
LT-76247 Siauliai
Lithuania
phone: +37041503500
abuse@aleja.lt
