About contagio exchange

CONTAGIO EXCHANGE Contagio exchange was created to absorb malware samples shared by readers of Contagio. This is meant to be a community driven malware collection.
Edit Aug 2013 - The community is busy and Mila too so this was not a very active site (my fault probably) so I will be just dumping malware strings here - it often helps in malware identification and googling is the best way.
With just strings, not exactly a fun blog to read but might become s useful resource over time.
I will not be posting samples here, just md5. You can find the corresponding samples on contagio or ping me if you can't find
P.S. Robot pictures delivered by Robohash.com (generated from file hashes)

Saturday, March 3, 2012

001 - Crime - Bredolab - Email link - Trojan - Feb 2012

 MD5 EE0168C4D752DB3720E005B0929EAB7D
Download (pass infected)

Name UPS_Invoice_02142012.PDF.exe
type trojan
vector email link

callback IP
URLs hxxp://core1.ko2-20d-bbnet1.lax.core02.net/0463/1.php
DNS query core1.ko2-20d-bbnet1.lax.core02.ne 
Sample credit anonymous
Other links 

http://www.threatexpert.com/report.aspx?md5=9ee2136ed046f5d0d7fce32ab9a5c36a '
Disclaimer: no analysis done on the sample, the sample name derived from AV results

SHA256:     cadc5e5de727049c9efbbe262f6483f404818b6ea784ea66d155a9b229bc085c
SHA1:     720f2d03eaad4e23ed22cf1886f1bb9abb0617ca
MD5:     ee0168c4d752db3720e005b0929eab7d
File size:     421.5 KB ( 431616 bytes )
File name:     720f2d03eaad4e23ed22cf1886f1bb9abb0617ca.bin
File type:     Win32 EXE
Detection ratio:     17 / 43
Analysis date:     2012-02-19 00:32:02 UTC ( 1 week, 6 days ago )
AhnLab-V3     Win-Trojan/Spyeyes.431616.B     20120215
AVG     Win32/Cryptor     20120216
BitDefender     Trojan.Generic.KDV.533579     20120216
ClamAV     BC.Heuristic.Trojan.SusPacked.BF-6.A     20120216
Comodo     UnclassifiedMalware     20120215
Emsisoft     Virus.Win32.Cryptor!IK     20120216
F-Secure     Trojan.Generic.KDV.533579     20120216
GData     Trojan.Generic.KDV.533579     20120216
Ikarus     Virus.Win32.Cryptor     20120216
Kaspersky     HEUR:Trojan.Win32.Generic     20120216
McAfee     Generic.tfr!bu     20120216
McAfee-GW-Edition     Heuristic.BehavesLike.Win32.ModifiedUPX.C     20120215
Microsoft     Trojan:Win32/EyeStye.N     20120215
NOD32     a variant of Win32/Kryptik.AAQK     20120216
nProtect     Trojan.Generic.KDV.533579     20120215
Sophos     Mal/ZboCheMan-A     20120215
TrendMicro-HouseCall     -     20120216
Host reachable, 144 ms. average -
IQHost Ltd
Russian Federation
Maxim Sukhomlin
IQHOST Company
Dinamo 15-22
phone: +7 903 2871074
Host reachable, 133 ms. average -
Webhosting, collocation services
Remigijus Laurutis
Tilzes 74-320
LT-76247 Siauliai
phone: +37041503500