contagio malware exchange: 013 - Crime -Kelihos.B -trojan- - Web

About contagio exchange

CONTAGIO EXCHANGE Contagio exchange was created to absorb malware samples shared by readers of Contagio. This is meant to be a community driven malware collection.

Edit Aug 2013 - The community is busy and Mila too so this was not a very active site (my fault probably) so I will be just dumping malware strings here - it often helps in malware identification and googling is the best way.

With just strings, not exactly a fun blog to read but might become s useful resource over time.

I will not be posting samples here, just md5. You can find the corresponding samples on contagio or ping me if you can't find

P.S. Robot pictures delivered by Robohash.com (generated from file hashes)

Wednesday, April 4, 2012

013 - Crime -Kelihos.B -trojan- - Web - Feb 2012

MD5 eca54de6268f57ed1a9a2b9f0f877cb4
spam trojan

Download (pass infected)

SHA256:	78ccee8e07ebbc84d9ba4f5d4952ccc6bf516213559b3317a915fd2566c22fe1
SHA1:	77a4bc93f54cdeb30804773a8ef7459352fb92be
MD5:	eca54de6268f57ed1a9a2b9f0f877cb4
File size:	636.0 KB ( 651264 bytes )
File name:	eca54de6268f57ed1a9a2b9f0f877cb4.exe
File type:	Win32 EXE
Detection ratio:	33 / 40
Analysis date:	2012-04-05 01:02:12 UTC ( 1 hour, 24 minutes ago )

Antivirus	Result	Update
AhnLab-V3	Trojan/Win32.FakeAV	20120404
AntiVir	TR/Crypt.XPACK.Gen2	20120404
Antiy-AVL	Backdoor/Win32.Bredolab.gen	20120403
Avast	Win32:MalOb-GZ [Cryp]	20120404
AVG	Win32/Cryptor	20120404
BitDefender	Gen:Variant.Kazy.21101	20120405
ByteHero	-	20120404
CAT-QuickHeal	FraudTool.Security	20120404
ClamAV	-	20120404
Commtouch	W32/SuspPack.DA.gen!Eldorado	20120404
Comodo	TrojWare.Win32.Kryptik.MZR	20120405
DrWeb	Trojan.Packed.21552	20120405
Emsisoft	Backdoor.Win32.Kelihos!IK	20120405
eSafe	-	20120404
eTrust-Vet	Win32/FakeAV.AK!generic	20120405
F-Prot	W32/SuspPack.DA.gen!Eldorado	20120404
F-Secure	Gen:Variant.Kazy.21101	20120404
Fortinet	W32/PKeliAV.fam@mm	20120404
GData	Gen:Variant.Kazy.21101	20120405
Ikarus	Backdoor.Win32.Kelihos	20120405
Jiangmin	Backdoor/Bredolab.hqp	20120331
K7AntiVirus	Riskware	20120404
Kaspersky	Backdoor.Win32.Bredolab.mog	20120404
McAfee	Generic FakeAlert.ama	20120405
McAfee-GW-Edition	Generic FakeAlert.ama	20120404
Microsoft	Backdoor:Win32/Kelihos.B	20120404
NOD32	a variant of Win32/Kryptik.MZR	20120405
Norman	W32/FakeAV.ADPU	20120404
nProtect	Backdoor/W32.Bredolab.651264.CD	20120404
PCTools	HeurEngine.MaliciousPacker	20120405
Rising	-	20120401
SUPERAntiSpyware	Trojan.Agent/Gen-Multicon	20120402
Symantec	Packed.Generic.322	20120405
TheHacker	-	20120404
TrendMicro	TROJ_FAKEAV.SMIE	20120404
TrendMicro-HouseCall	TROJ_FAKEAV.SMIE	20120405
VBA32	-	20120404
VIPRE	FraudTool.Win32.MSRemovalTool.ek!b (v)	20120404
ViRobot	-	20120404
VirusBuster	Trojan.Kelihos.Gen!Pac	20120404