About contagio exchange

CONTAGIO EXCHANGE Contagio exchange has been created to absorb malware samples shared by readers of Contagio. This is meant to be a community driven malware collection. The site offers an upload dropbox for you to share your general (non-mobile) malware samples and follows the same post format as you see on Contagio Mobile . You can also download any samples individually or in one zip. Please be kind to the housekeeper (Mila) and follow The Rules

CONTAGIO MINI DUMP - MOBILE MALWARE
Contagio Mobile Mini-dump is a community driven mobile malware collection. The site offers an upload dropbox for you to share your mobile malware samples. You can also download any samples individually or in one zip.
CONTAGIO MALWARE DUMP Contagio Malware Dump is a personal malware analysis site maintained by Mila. If you need any samples from there, email her for the password - email address is in the profile.
NOT ALL ARE POSTED YET - DOWNLOAD EXCHANGE FILES FROM HERE

Tuesday, March 6, 2012

004 - Crime - Worm Gamarue.F or Yakes - Web - Worm - Feb 2012

MD5: c8cc880f91c832bc7c432507f7ca56d6

Download (pass infected)





Name  worm Gamarue.F
Category Crime
type worm?
vector  Web drive by
Sample credit anonymous
File date: 2012-02-02

C&C
Domains do not resolve at the moment
business.greatespnjob.com
toptours.grantandamy.net
c388env.grasaker.se
touchme.graymalkin.us
ns1.afraid.org





strings

v'@.
XPTPSW
KERNEL32.DLL
ADVAPI32.DLL
USER32.DLL
LoadLibraryA
GetProcAddress
VirtualProtect
VirtualAlloc
VirtualFree
ExitProcess
RegCloseKey
GetMenu

Unicode Strings:
---------------------------------------------------------------------------
VS_VERSION_INFO
StringFileInfo
040904b0
Comments
CompanyName
Foxit Corporation
FileDescription
Foxit Reader 5.0, Best Reader for Everyday Use!
FileVersion
5, 0, 2, 0718
InternalName
Foxit Reader.exe
LegalCopyright
Copyright (C) 2009-2011 Foxit Corporation
LegalTrademarks
OriginalFilename
Foxit Reader.EXE
PrivateBuild
ProductName
Foxit Reader
ProductVersion
5, 0, 2, 0718
SpecialBuild
VarFileInfo


VirustotalDetection ratio:     33 / 43
Analysis date:     2012-03-07 04:27:15 UTC ( 0 minutes ago )
0
0
Antivirus     Result     Update
AhnLab-V3     Trojan/Win32.Jorik     20120307
AntiVir     Worm/Gamarue.F.6     20120306
Antiy-AVL     Trojan/Win32.Yakes.gen     20120305
Avast     Win32:Rootkit-gen [Rtk]     20120306
AVG     Generic26.CNIK     20120306
BitDefender     Trojan.Generic.KDV.524519     20120307
ByteHero     -     20120305
CAT-QuickHeal     Trojan.Yakes.oqs     20120307
ClamAV     -     20120306
Commtouch     -     20120307
Comodo     TrojWare.Win32.Trojan.Agent.Gen     20120306
DrWeb     Trojan.DownLoader5.42407     20120307
Emsisoft     Trojan.Win32.Yakes!IK     20120307
eSafe     -     20120305
eTrust-Vet     -     20120306
F-Prot     -     20120306
F-Secure     Trojan.Generic.KDV.524519     20120306
Fortinet     W32/Yakes.OQS!tr     20120305
GData     Trojan.Generic.KDV.524519     20120306
Ikarus     Trojan.Win32.Yakes     20120307
Jiangmin     Trojan/Generic.wzzm     20120301
K7AntiVirus     Trojan     20120306
Kaspersky     Trojan.Win32.Yakes.oqs     20120306
McAfee     Generic.tfr!br     20120307
McAfee-GW-Edition     Generic.tfr!br     20120307
Microsoft     Worm:Win32/Gamarue.F     20120307
NOD32     a variant of Win32/Kryptik.ZXP     20120306
Norman     W32/Suspicious_Gen4.IAZE     20120304
nProtect     Trojan.Generic.KDV.524519     20120306
Panda     Generic Trojan     20120307
PCTools     -     20120228
Prevx     -     20120307
Rising     -     20120306
Sophos     Troj/Bredo-QG     20120307
SUPERAntiSpyware     Heur.Agent/Gen-FakeFoxit     20120307
Symantec     Trojan.Gen     20120305
TheHacker     Posible_Worm32     20120306
TrendMicro     TROJ_GEN.R3EC7B4     20120306
TrendMicro-HouseCall     TROJ_GEN.R3EC7B4     20120307
VBA32     Trojan.Yakes.oqs     20120306
VIPRE     Trojan.Win32.Generic!BT     20120307
ViRobot     -     20120307
VirusBuster     Trojan.Yakes!krnc77DoB8w     20120307
Labels: , ,