003 - APT-Taidoor - Attachment -Trojan - Oct 2011- RTLO

MD5:  E0F799CA5E8CEC5479235F5EC9E46FF7

Download (pass infected) 





Name  RTLO Oct 2011
Category APT
type trojan
vector  email attachment
Sample credit Mila
Threatexpert
CC
2.229.10.5 Italy
2.116.180.66 Italy
drops a word doc as a decoy


2.229.10.5
2-229-10-5.ip194.fastwebnet.it
Host reachable, 149 ms. average
2.229.10.0 - 2.229.10.255
Infrastructure for Fastwebs main location
IP addresses for Small Business Customer 41, public subnet
Italy
ip registration service
Via Caracciolo, 51
20155 Milano MI
Italy
phone: +39 02 45451
fax: +39 02 45451
IP.RegistrationService@fastweb.it


2.116.180.66
2.116.180.64 - 2.116.180.71
UNITESSILE S.P.A.
ROBERTO DORO
UNITESSILE S P A
VIA ROMA 15
33028 TOLMEZZO
Italy
phone: +394223277
fax: +39422327852

Virustotal
 SHA256:     03b893da011374ec48929a5bfa81bf951ea66cf6effc470a616af691a708b4dd
SHA1:     7a918cb5171a9b700d7ed7484cab657962c5c7b5
MD5:     e0f799ca5e8cec5479235f5ec9e46ff7
File size:     91.9 KB ( 94129 bytes )
File name:     t.scr
File type:     Win32 EXE
Detection ratio:     36 / 43
Analysis date:     2012-03-07 03:29:38 UTC ( 0 minutes ago )

Antivirus     Result     Update
AhnLab-V3     Trojan/Win32.Sasfis     20120305
AntiVir     BDS/Simbot.94129     20120306
Antiy-AVL     Trojan/Win32.Sasfis.gen     20120305
Avast     Win32:Malware-gen     20120306
AVG     Generic25.KVX     20120306
BitDefender     Trojan.Generic.KDV.364611     20120306
ByteHero     -     20120305
CAT-QuickHeal     Trojan.Sasfis.ckjz     20120307
ClamAV     -     20120306
Commtouch     W32/Trojan-Gypikon-based.BA!Maximus     20120306
Comodo     TrojWare.Win32.Trojan.Agent.Gen     20120306
DrWeb     Trojan.Click1.63215     20120306
Emsisoft     Backdoor.Win32.Simbot!IK     20120307
eSafe     -     20120305
eTrust-Vet     Win32/Fakedoc_i     20120306
F-Prot     W32/Trojan-Gypikon-based.BA!Maximus     20120306
F-Secure     Trojan.Generic.KDV.364611     20120306
Fortinet     W32/Dropper.ZW!tr     20120305
GData     Trojan.Generic.KDV.364611     20120306
Ikarus     Backdoor.Win32.Simbot     20120307
Jiangmin     Trojan/JboxGeneric.bmq     20120301
K7AntiVirus     Trojan     20120306
Kaspersky     Trojan.Win32.Sasfis.ckjz     20120306
McAfee     Generic Dropper.zw     20120307
McAfee-GW-Edition     Generic Dropper.zw     20120307
Microsoft     Backdoor:Win32/Simbot.gen     20120307
NOD32     probably a variant of Win32/Inject.MJPLDDL     20120306
Norman     W32/Suspicious_Gen2.RRKGX     20120304
nProtect     Trojan/W32.Agent.94129     20120306
Panda     Suspicious file     20120307
PCTools     Spyware.Perfect!rem     20120228
Sophos     Mal/Behav-043     20120307
SUPERAntiSpyware     -     20120307
Symantec     Spyware.Perfect     20120305
TheHacker     Trojan/Sasfis.ckho     20120306
TrendMicro     TROJ_GEN.R3EC1JR     20120306
TrendMicro-HouseCall     TROJ_GEN.R3EC1JR     20120307
VBA32     Trojan.Genome.soas     20120306
VIPRE     Trojan.Win32.Generic!BT     20120307
VirusBuster     Backdoor.Simbot!mG3bwuKLiV4     20120307