About contagio exchange

CONTAGIO EXCHANGE Contagio exchange was created to absorb malware samples shared by readers of Contagio. This is meant to be a community driven malware collection.
Edit Aug 2013 - The community is busy and Mila too so this was not a very active site (my fault probably) so I will be just dumping malware strings here - it often helps in malware identification and googling is the best way.
With just strings, not exactly a fun blog to read but might become s useful resource over time.
I will not be posting samples here, just md5. You can find the corresponding samples on contagio or ping me if you can't find
M
P.S. Robot pictures delivered by Robohash.com (generated from file hashes)

Saturday, March 3, 2012

002 Gov - Bundestrojan - for government surveilance - Troajn - Oct 2011

MD5  930712416770A8D5E6951F3E38548691
D6791F5AA6239D143A22B2A15F627E72

Download (pass infected)




Name  Bundestrojaner
Category
crime
type trojan
vector  gov install
Sample credit anonymous
Other links   http://ccc.de/de/updates/2011/staatstrojaner




Virustotal
SHA256:     be36ce1e79ba6f97038a6f9198057abecf84b38f0ebb7aaa897fd5cf385d702f
SHA1:     e4f07b5a443cd99fd45cb5e1445ac2c1be4b455e
MD5:     930712416770a8d5e6951f3e38548691
File size:     352.0 KB ( 360448 bytes )
File name:     mfc42ul.dll
File type:     Win32 DLL
Tags:     armadillo
Detection ratio:     39 / 43
Analysis date:     2012-02-13 16:41:55 UTC ( 2 weeks, 4 days ago )
Antivirus     Result     Update
AhnLab-V3     Win-Trojan/R2d2.360448     20120213
AntiVir     TR/GruenFink.1     20120213
Antiy-AVL     Backdoor/Win32.R2D2.gen     20120213
Avast     Win32:R2D2-L [Trj]     20120213
AVG     BackDoor.Generic14.BBFR     20120213
BitDefender     Trojan.Generic.6714587     20120213
ByteHero     -     20120211
CAT-QuickHeal     Backdoor.R2d2.a     20120213
ClamAV     Trojan.BTroj-1     20120213
Commtouch     W32/R2D2.A     20120213
Comodo     Backdoor.Win32.R2D2.~B1     20120213
DrWeb     BackDoor.RTwoDTwo.1     20120213
Emsisoft     Backdoor.Win32.R2D2!IK     20120213
eSafe     Win32.Backdoor.Earlt     20120213
eTrust-Vet     Win32/R2D2.A     20120213
F-Prot     W32/R2D2.A     20120213
F-Secure     Backdoor:W32/R2D2.A     20120213
Fortinet     W32/R2D2.A!tr.bdr     20120213
GData     Trojan.Generic.6714587     20120213
Ikarus     Backdoor.Win32.R2D2     20120213
Jiangmin     Backdoor/R2D2.c     20120212
K7AntiVirus     Backdoor     20120213
Kaspersky     Backdoor.Win32.R2D2.a     20120213
McAfee     BackDoor-FCA     20120213
McAfee-GW-Edition     BackDoor-FCA     20120212
Microsoft     Backdoor:Win32/R2d2.A     20120213
NOD32     Win32/R2D2.A     20120213
Norman     W32/R2D2.A     20120213
nProtect     Backdoor/W32.R2D2.360448     20120213
Panda     Trj/Bundestrojaner.A     20120213
PCTools     Backdoor.R2D2     20120207
Sophos     Troj/BckR2D2-A     20120213
SUPERAntiSpyware     -     20120206
Symantec     Backdoor.R2D2     20120213
TheHacker     Trojan/R2D2.a     20120213
TrendMicro     BKDR_R2D2.A     20120213
TrendMicro-HouseCall     BKDR_R2D2.A     20120213
VBA32     Trojan.Polizei     20120213
VIPRE     Backdoor.Win32.R2D2.a (v)     20120213
ViRobot     Backdoor.Win32.R2D2.360448     20120213
VirusBuster     Backdoor.R2D2!w/vENfl9bd8     20120213

    * Comments
    * Additional information

No comments
This is #SPYWARE
---------------------------------
Huntsville PC Repair Computer Repair Virus Removal IT Services Huntsville Alabama
Posted 1 month ago by http://www.hsvpcrepair.com/
Component of the so-called 'Bundestrojaner' (ger. for federal trojan) of the German government.

"#Bundestrojaner" is the slang-word for a Trojan horse malware program initiated by German politicians and the german government to get access to each private PC connected to the Internet.


http://ccc.de/de/updates/2011/staatstrojaner
#malware #bundestrojaner #r2d2 #360448 #6714587
Posted 1 month, 3 weeks ago by Smartcom5
very useful spy tool
#malware #spamattachmentorlink #networkworm #drivebydownload #r2d2 #360448 #6714587
Posted 4 months, 2 weeks ago by anonymous
Bundestrojaner - 0zaptis -R2D2

Trojan Backdoor

#Bundestrojaner
#0zaptis
#R2D2
#malware #bundestrojaner #r2d2 #r2d2 #360448 #6714587
Posted 4 months, 2 weeks ago by Krypto_Graph
#malware #r2d2 #360448 #6714587
Virustotal

SHA256:     3407bf876e208f2dce3b43ccf5361c5e009ed3daf87571ba5107d10a05dc7bc4
SHA1:     7bd8d737460c1dbbfc4b250fb1b6b906ed643a2d
MD5:     d6791f5aa6239d143a22b2a15f627e72
File size:     5.3 KB ( 5376 bytes )
File name:     winsys32.sys
File type:     Win32 EXE
Detection ratio:     40 / 43
Analysis date:     2012-01-26 09:54:26 UTC ( 1 month, 1 week ago )

Antivirus     Result     Update
AhnLab-V3     Win-Trojan/R2d2.5376     20120125
AntiVir     TR/GruenFink.2     20120125
Antiy-AVL     Backdoor/Win32.R2D2.gen     20120126
Avast     Win32:R2D2-F [Trj]     20120126
AVG     BackDoor.Generic14.BBFQ     20120126
BitDefender     Backdoor.Agent.AAZH     20120126
ByteHero     -     20120125
CAT-QuickHeal     Trojan.R2d2.roo     20120125
ClamAV     Trojan.BTroj     20120126
Commtouch     W32/R2D2.A     20120126
Comodo     Backdoor.Win32.R2D2.B     20120125
DrWeb     BackDoor.RTwoDTwo.1     20120126
Emsisoft     Backdoor.Win32.R2D2!IK     20120126
eSafe     Win32.Backdoor.Earlt     20120125
eTrust-Vet     Win32/R2D2.A     20120125
F-Prot     W32/R2D2.A     20120125
F-Secure     Backdoor:W32/R2D2.A     20120126
Fortinet     W32/R2D2.A!tr.bdr     20120126
GData     Backdoor.Agent.AAZH     20120126
Ikarus     Backdoor.Win32.R2D2     20120126
Jiangmin     Backdoor/R2D2.a     20120125
K7AntiVirus     Backdoor     20120125
Kaspersky     Backdoor.Win32.R2D2.a     20120126
McAfee     BackDoor-FCA!sys     20120126
McAfee-GW-Edition     BackDoor-FCA!sys     20120126
Microsoft     Trojan:Win32/R2d2.A!rootkit     20120126
NOD32     Win32/R2D2.A     20120126
Norman     W32/R2D2.A     20120125
nProtect     Backdoor/W32.R2D2.5376     20120126
Panda     Trj/Bundestrojaner.A     20120125
PCTools     Backdoor.R2D2     20120126
Prevx     -     20120126
Rising     Trojan.Win32.Generic.12A1BF23     20120118
Sophos     Troj/BckR2D2-A     20120126
SUPERAntiSpyware     -     20120126
Symantec     Backdoor.R2D2     20120126
TheHacker     Trojan/R2D2.a     20120126
TrendMicro     RTKT_R2D2.A     20120126
TrendMicro-HouseCall     RTKT_R2D2.A     20120126
VBA32     Backdoor.R2D2.a     20120125
VIPRE     Trojan.Win32.R2D2.a!rootkit (v)     20120126
ViRobot     Backdoor.Win32.R2D2.5376     20120126
VirusBuster     Backdoor.R2D2!uglG32Y6ai0     20120126

    * Comments
    * Additional information

No comments
Component of the so-called 'Bundestrojaner' (ger. for federal trojan) of the German government.

"#Bundestrojaner" is the slang-word for a Trojan horse malware program initiated by German politicians and the german government to get access to each private PC connected to the Internet.


http://ccc.de/de/updates/2011/staatstrojaner
#malware #bundestrojaner #r2d2 #aazh #5376
Posted 1 month, 3 weeks ago by Smartcom5
Bundestrojaner driver

#Bundestrojaner
#0zaptis
#R2D2
#malware #bundestrojaner #r2d2 #r2d2 #agent #aazh
Posted 4 months, 2 weeks ago by Krypto_Graph
malware of the bundestrojana
http://www.heise.de/newsticker/meldung/CCC-knackt-Bundestrojaner-1357670.html
#malware
Posted 4 months, 3 weeks ago by anonymous
Unsigned 32bit kernel mode driver with local privilege escalation, file planting, registry modification and keylogger functionality.

Part of the german federal republic trojan / (lawful?) spying tool.
#malware #r2d2 #aazh #agent
Posted 4 months, 3 weeks ago by anonymous
Gouvernment MAlware for citizen survellience.
#earltwo #r2d2 #btroj