About contagio exchange

CONTAGIO EXCHANGE Contagio exchange was created to absorb malware samples shared by readers of Contagio. This is meant to be a community driven malware collection.
Edit Aug 2013 - The community is busy and Mila too so this was not a very active site (my fault probably) so I will be just dumping malware strings here - it often helps in malware identification and googling is the best way.
With just strings, not exactly a fun blog to read but might become s useful resource over time.
I will not be posting samples here, just md5. You can find the corresponding samples on contagio or ping me if you can't find
M
P.S. Robot pictures delivered by Robohash.com (generated from file hashes)

Wednesday, April 4, 2012

014 - Crime - Sinowal Mebroot Torpig -rootkit-trojan - Web - Feb-Mar 2012

MD5:  13CE4CD747E450A129D900E842315328
MD5:  C2BB7A8316EF7A106E6A3B3BB8D5532A
MD5:  CBE853D5D7EC089EF0302789284D6C44
MD5:  E16261185C13FB16213288A3860C1B8D


Download 014_Crime_Sinowal-Mebroot-Torpig.zip (Email me if you need the pass)



SHA256:     0dcb7a582a0e72dcccf4fd855a159a4206b67b85fdcd0f58b71d85ba28e40440
SHA1:     69dd85ab1cd7098e1510aec2afa6b3e2a6814999
MD5:     13ce4cd747e450a129d900e842315328
File size:     816.0 KB ( 835584 bytes )
File name:     13ce4cd747e450a129d900e842315328
File type:     Win32 DLL
Detection ratio:     26 / 42
Analysis date:     2012-04-02 04:30:30 UTC ( 2 days, 22 hours ago )

Antivirus     Result     Update
AhnLab-V3     Backdoor/Win32.Sinowal     20120401
AntiVir     TR/Kazy.3545812     20120401
Antiy-AVL     -     20120401
Avast     Win32:Sinowal-JA [Trj]     20120401
AVG     PSW.Agent.7.AZ     20120402
BitDefender     Trojan.PWS.Sinowal.NCX     20120402
ByteHero     -     20120328
CAT-QuickHeal     -     20120401
ClamAV     -     20120402
Commtouch     W32/Sinowal.AA.gen!Eldorado     20120401
Comodo     UnclassifiedMalware     20120401
DrWeb     BackDoor.MaosBoot.377     20120402
Emsisoft     Trojan-Dropper.Agent!IK     20120402
eSafe     -     20120328
eTrust-Vet     Win32/Sinowal.F!generic     20120331
F-Prot     W32/Sinowal.AA.gen!Eldorado     20120401
F-Secure     Trojan.PWS.Sinowal.NCX     20120402
Fortinet     W32/Sinowal.NYN!tr     20120401
GData     Trojan.PWS.Sinowal.NCX     20120402
Ikarus     Trojan-Dropper.Agent     20120402
Jiangmin     -     20120331
K7AntiVirus     Backdoor     20120331
Kaspersky     Backdoor.Win32.Sinowal.odq     20120402
McAfee     -     20120402
McAfee-GW-Edition     -     20120401
Microsoft     PWS:Win32/Sinowal.gen!Y     20120401
NOD32     a variant of Win32/Kryptik.SJI     20120402
Norman     W32/Crypt.AWKB     20120401
nProtect     Trojan.PWS.Sinowal.NCX     20120401
Panda     Suspicious file     20120401
PCTools     -     20120326
Rising     -     20120401
Sophos     Mal/Sinowal-N     20120402
SUPERAntiSpyware     -     20120329
Symantec     -     20120401
TheHacker     -     20120401
TrendMicro     -     20120401
TrendMicro-HouseCall     -     20120402
VBA32     BScope.Trojan.MTA.01512     20120330
VIPRE     Trojan-Dropper.Win32.Sinowal.y (v)     20120402
ViRobot     -     20120402
VirusBuster     Trojan.DR.Sinowal.Gen.20     20120401