Image4.zip / Trojan.Win32.Delf.dxj

par **Malekal_morte** » 01 août 2008 09:45

Se propage par le fichier contenant le fichier Image4.zip (se trouve dans %windir%) contenant le fichier Image04.JPEG-www.photobucket.com

Message de propagation :

do we look good together? I just added you into the background.
did you see any of the pictures from the party last night? Here is my favorite
This guys shirt is outrageous!!!! Have you seen it before?
I just found a wallpaper from the new Batman movie, its AWESOME!
You wouldn't get upset at me for posting this on myspace right?
Is the picture quality alright for this pic? I just took it with my new camera.

L'infection ajoute la ligne suivante sur HijackThis :

O4 - HKLM\..\Run: [Clip Service Manager] clipmg.exe

Fichier 0x01.exe reçu le 2008.07.31 11:19:50 (CET)
Situation actuelle: terminé
Résultat: 1/34 (2.94%)
Formaté Formaté
Impression des résultats Impression des résultats
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 - - -
AntiVir - - -
Authentium - - -
Avast - - -
AVG - - -
BitDefender - - -
CAT-QuickHeal - - -
ClamAV - - -
DrWeb - - -
eSafe - - -
eTrust-Vet - - -
Ewido - - -
F-Prot - - -
F-Secure - - -
Fortinet - - -
GData - - -
Ikarus - - -
Kaspersky - - -
McAfee - - -
Microsoft - - -
NOD32v2 - - -
Norman - - -
Panda - - -
PCTools - - -
Prevx1 - - Cloaked Malware
Rising - - -
Sophos - - -
Sunbelt - - -
Symantec - - -
TheHacker - - -
TrendMicro - - -
VBA32 - - -
VirusBuster - - -
Webwasher-Gateway - - -
Information additionnelle
MD5: 04387be6016177db38c7bd299062daf3
SHA1: 9e37d33488b9707fe2851d12d948d7078891b1a5

Le lendemain :

Fichier 0x01.exe reçu le 2008.08.01 09:26:27 (CET)
Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE
Résultat: 5/35 (14.29%)

Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.7.29.1 2008.08.01 Win32/MSNBot.worm.43008.B
AntiVir 7.8.1.15 2008.08.01 -
Authentium 5.1.0.4 2008.07.31 -
Avast 4.8.1195.0 2008.07.31 -
AVG 8.0.0.156 2008.07.31 -
BitDefender 7.2 2008.08.01 -
CAT-QuickHeal 9.50 2008.07.31 -
ClamAV 0.93.1 2008.08.01 -
DrWeb 4.44.0.09170 2008.07.31 Trojan.KillFiles.808
eSafe 7.0.17.0 2008.07.29 -
eTrust-Vet 31.6.5999 2008.07.31 -
Ewido 4.0 2008.07.31 -
F-Prot 4.4.4.56 2008.07.31 -
F-Secure 7.60.13501.0 2008.08.01 -
Fortinet 3.14.0.0 2008.08.01 -
GData 2.0.7306.1023 2008.08.01 -
Ikarus T3.1.1.34.0 2008.08.01 VirTool.Win32.DelfInject.AF
Kaspersky 7.0.0.125 2008.08.01 -
McAfee 5351 2008.07.31 -
Microsoft 1.3704 2008.07.28 -
NOD32v2 3316 2008.07.31 Win32/AutoRun.UB
Norman 5.80.02 2008.07.31 -
Panda 9.0.0.4 2008.08.01 -
PCTools 4.4.2.0 2008.08.01 -
Prevx1 V2 2008.08.01 Cloaked Malware
Rising 20.55.40.00 2008.08.01 -
Sophos 4.31.0 2008.08.01 -
Sunbelt 3.1.1537.1 2008.08.01 -
Symantec 10 2008.08.01 -
TheHacker 6.2.96.391 2008.07.31 -
TrendMicro 8.700.0.1004 2008.08.01 -
VBA32 3.12.8.2 2008.07.31 -
ViRobot 2008.7.31.1319 2008.07.31 -
VirusBuster 4.5.11.0 2008.07.31 -
Webwasher-Gateway 6.6.2 2008.08.01 -
Information additionnelle
File size: 43008 bytes
MD5...: 04387be6016177db38c7bd299062daf3
SHA1..: 9e37d33488b9707fe2851d12d948d7078891b1a5

par **Malekal_morte** » 06 août 2008 12:56

Complete scanning result of "0x01.exe", processed in VirusTotal at 08/06/2008 12:01:20 (CET).

[ file data ]
* name..: 0x01.exe
* size..: 43008
* md5...: 04387be6016177db38c7bd299062daf3
* sha1..: 9e37d33488b9707fe2851d12d948d7078891b1a5
* peid..: BobSoft Mini Delphi -> BoB / BobSoft

[ scan result ]
AhnLab-V3 2008.8.6.2/20080806 found [Win32/MSNBot.worm.43008.B]
AntiVir 7.8.1.15/20080806 found [TR/Dldr.Agent.pxa]
Authentium 5.1.0.4/20080805 found nothing
Avast 4.8.1195.0/20080805 found nothing
AVG 8.0.0.156/20080806 found [Worm/Generic.JAU]
BitDefender 7.2/20080806 found [Trojan.QHosts.ASF]
CAT-QuickHeal 9.50/20080805 found nothing
ClamAV 0.93.1/20080806 found nothing
DrWeb 4.44.0.09170/20080806 found [Trojan.KillFiles.808]
eSafe 7.0.17.0/20080805 found nothing
eTrust-Vet 31.6.6015/20080806 found nothing
Ewido 4.0/20080805 found nothing
F-Prot 4.4.4.56/20080805 found nothing
F-Secure 7.60.13501.0/20080806 found [Trojan.Win32.Delf.dxj]
Fortinet 3.14.0.0/20080806 found nothing
GData 2.0.7306.1023/20080806 found [Trojan.Win32.Delf.dxj]
Ikarus T3.1.1.34.0/20080806 found [VirTool.Win32.DelfInject.AF]
K7AntiVirus 7.10.404/20080805 found [Trojan.Win32.Delf.dvf]
Kaspersky 7.0.0.125/20080806 found [Trojan.Win32.Delf.dxj]
McAfee 5354/20080805 found nothing
Microsoft 1.3807/20080806 found [VirTool:Win32/DelfInject.gen!AF]
NOD32v2 3331/20080806 found [Win32/AutoRun.UB]
Norman 5.80.02/20080806 found nothing
Panda 9.0.0.4/20080805 found nothing
PCTools 4.4.2.0/20080805 found nothing
Prevx1 V2/20080806 found [Cloaked Malware]
Rising 20.56.22.00/20080806 found nothing
Sophos 4.31.0/20080806 found nothing
Sunbelt 3.1.1537.1/20080806 found [Trojan.QHosts.ASF]
Symantec 10/20080806 found nothing
TheHacker 6.2.96.393/20080804 found nothing
TrendMicro 8.700.0.1004/20080806 found nothing
VBA32 3.12.8.2/20080805 found [Trojan.Win32.Delf.dup]
ViRobot 2008.8.5.1324/20080806 found nothing
VirusBuster 4.5.11.0/20080805 found nothing
Webwasher-Gateway 6.6.2/20080806 found [Trojan.Dldr.Agent.pxa]

Malekal.com forum

Image4.zip / Trojan.Win32.Delf.dxj

Image4.zip / Trojan.Win32.Delf.dxj

Re: Image4.zip / <noname>