|
|
|
|
It is currently Mon Dec 28, 2009 2:25 am
|
View unanswered posts | View active topics
| Welcome |
|
|
Welcome to <strong>Malware Analysis Forum</strong>.
You are currently viewing our boards as a guest, which gives you limited access to view most discussions and access our other features. By joining our free community, you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content, and access many other special features. Registration is fast, simple, and absolutely free, so please, <a href="/profile.php?mode=register">join our community today</a>! |
  |
Page 1 of 1
|
[ 3 posts ] |
|
| Author |
Message |
|
maliciousbrains
|
Post subject: b216853745171ffe59f0fa97fd102bb4 - autorun.exe  Posted: Wed Sep 03, 2008 9:25 pm |
|
 |
| Site Admin |
 |
Joined: Thu Mar 27, 2008 1:06 pm
Posts: 163
Location: India
|
|
File autorun.exe received on 09.03.2008 16:29:51 (CET)
Result: 24/36 (66.67%)
Antivirus Version Last Update Result
AhnLab-V3 2008.9.3.0 2008.09.03 Win32/Socks.worm.16896.B
AntiVir 7.8.1.23 2008.09.03 Worm/Socks.FX
Authentium 5.1.0.4 2008.09.03 -
Avast 4.8.1195.0 2008.09.03 Win32:Trojan-gen {Other}
AVG 8.0.0.161 2008.09.03 Win32/Heur
BitDefender 7.2 2008.09.03 Win32.Worm.Socks.BO
CAT-QuickHeal 9.50 2008.09.02 I-Worm.Socks.fx
ClamAV 0.93.1 2008.09.03 -
DrWeb 4.44.0.09170 2008.09.03 Win32.HLLW.Brutus.4651
eSafe 7.0.17.0 2008.09.02 Suspicious File
eTrust-Vet 31.6.6066 2008.09.03 -
Ewido 4.0 2008.09.03 -
F-Prot 4.4.4.56 2008.09.03 -
F-Secure 8.0.14332.0 2008.09.03 P2P-Worm.Win32.Socks.fx
Fortinet 3.14.0.0 2008.09.03 W32/Socks.FX!worm.p2p
GData 19 2008.09.03 P2P-Worm.Win32.Socks.fx
Ikarus T3.1.1.34.0 2008.09.03 P2P-Worm.Win32.Socks.fx
K7AntiVirus 7.10.439 2008.09.03 -
Kaspersky 7.0.0.125 2008.09.03 P2P-Worm.Win32.Socks.fx
McAfee 5375 2008.09.02 -
Microsoft 1.3903 2008.09.03 VirTool:Win32/Obfuscator.BO
NOD32v2 3411 2008.09.03 Win32/Zalup
Norman 5.80.02 2008.09.03 W32/Socks.BW
Panda 9.0.0.4 2008.09.02 W32/Socks.AC.worm
PCTools 4.4.2.0 2008.09.03 -
Prevx1 V2 2008.09.03 Malicious Software
Rising 20.60.21.00 2008.09.03 Worm.Win32.Agent.xa
Sophos 4.33.0 2008.09.03 -
Sunbelt 3.1.1592.1 2008.08.30 -
Symantec 10 2008.09.03 -
TheHacker 6.3.0.8.070 2008.09.02 W32/Socks.fx
TrendMicro 8.700.0.1004 2008.09.03 WORM_SOCKS.AR
VBA32 3.12.8.4 2008.09.02 P2P-Worm.Win32.Socks.fx
ViRobot 2008.9.2.1361 2008.09.03 Worm.Win32.P2P-Socks.16896
VirusBuster 4.5.11.0 2008.09.03 -
Webwasher-Gateway 6.6.2 2008.09.03 Worm.Socks.FX
Additional information
File size: 16896 bytes
MD5...: b216853745171ffe59f0fa97fd102bb4
SHA1..: f56c0fb0db9613696f3c261f7b89a194e5cfbedb
SHA256: 4f9dadf33dc6b6b99d5d448707ffcaf0904ab34b65455943cd134710fa119e8d
SHA512: 9b1391f8d0a3ff02554cc59b2458c4fa9c9b64366c7b45df1bb0b08068df6bcd
2eba013a598f32cf39dfddebbe8033f4a35acacddaa770801398c6f71c960a25
PEiD..: -
TrID..: File type identification
Win16/32 Executable Delphi generic (34.0%)
Generic Win/DOS Executable (32.9%)
DOS Executable Generic (32.8%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x4091d1
timedatestamp.....: 0x4861242e (Tue Jun 24 16:43:26 2008)
machinetype.......: 0x14c (I386)
( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.DATA 0x1000 0x1ff4 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.text 0x3000 0x4df6 0x2600 7.92 bcf7cb4be7ab8f0d6cbc84237f4a5d16
.not 0x8000 0x1000 0xa00 7.92 3825b8b089ba727be89d62c59710c9f3
.not 0x9000 0x61c 0x800 6.36 de88ce1ec0aee3d192a319d549f140a1
.share 0xa000 0x4c7 0x600 4.09 77fcd88ec208047e2e04a98ed9f2c2ed
_________________
.:: MaliciousBrains ::.
http://www.malwareinfo.org
There are no patches or service packs for IGNORANCE!!
|
|
| Top |
|
 |
|
D1N
|
Post subject: Re: b216853745171ffe59f0fa97fd102bb4 - autorun.exe Posted: Tue Oct 07, 2008 7:31 pm |
|
|
| Member |
Joined: Wed Oct 01, 2008 4:40 pm
Posts: 8
|
|
maliciousbrains,
I would like to take a look at this file. Looks like it was compiled with Delphi. The three sections including the EOF .share .not .not would be interesting to look at in memory. zip it up for me if you have it and password protect it with the word "infected" without the ""
Thanks!
|
|
| Top |
|
|
|
maliciousbrains
|
Post subject: Re: b216853745171ffe59f0fa97fd102bb4 - autorun.exe Posted: Sun Oct 12, 2008 12:51 pm |
|
|
| Site Admin |
|
Joined: Thu Mar 27, 2008 1:06 pm
Posts: 163
Location: India
|
|
D1N,
I recently delete a bulk of these infected files that I was saving. Unfortunately, I am not yet maintaining a decent archive of these samples. I will keep a note of the MD5 and will forward you if I get hold of that file again. As far as I can remember, it was an USB infecter.
_________________
.:: MaliciousBrains ::.
http://www.malwareinfo.org
There are no patches or service packs for IGNORANCE!!
|
|
| Top |
|
|
|
|
Page 1 of 1
|
[ 3 posts ] |
|
Who is online |
Users browsing this forum: No registered users and 0 guests |
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum
|
|
