NEWIMAGE22.zip / Trojan.Win32.Agent.xsm

[Malekal_morte]

Se propage par le fichier contenant le fichier NEWIMAGE22.zip (se trouve dans %windir%) contenant le fichier NEWIMAGE0022.JPG-www.facebook.scr

Message de propagation :

I just started some photoshop classes, does my picture edit look good?
I found this picture on AdultFriendFinder.com it can't be you right?
This is the definition of sexy. You just have to take a look!
My account wouldn't get removed for posting this right?
I haven't seen anything this wild in a long time. Check it out!

L'infection ajoute la ligne suivante sur HijackThis :

O4 - HKLM\..\Run: [MSN Settings Manager] msnsetmg.exe

Fichier 0x05.exe reçu le 2008.08.05 23:38:41 (CET)
Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE
Résultat: 7/36 (19.45%)

Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.8.6.0 2008.08.05 -
AntiVir 7.8.1.15 2008.08.05 TR/ATRAPS.Gen
Authentium 5.1.0.4 2008.08.05 W32/Threat-SysVenFak-based!Maximus
Avast 4.8.1195.0 2008.08.05 -
AVG 8.0.0.156 2008.08.05 -
BitDefender 7.2 2008.08.05 -
CAT-QuickHeal 9.50 2008.08.05 -
ClamAV 0.93.1 2008.08.05 -
DrWeb 4.44.0.09170 2008.08.05 Trojan.Inject.3688
eSafe 7.0.17.0 2008.08.05 -
eTrust-Vet 31.6.6011 2008.08.05 -
Ewido 4.0 2008.08.05 -
F-Prot 4.4.4.56 2008.08.05 W32/Threat-SysVenFak-based!Maximus
F-Secure 7.60.13501.0 2008.08.05 -
Fortinet 3.14.0.0 2008.08.05 -
GData 2.0.7306.1023 2008.08.05 -
Ikarus T3.1.1.34.0 2008.08.05 -
K7AntiVirus 7.10.404 2008.08.05 -
Kaspersky 7.0.0.125 2008.08.05 -
McAfee 5354 2008.08.05 -
Microsoft 1.3807 2008.08.05 VirTool:Win32/DelfInject.gen!AF
NOD32v2 3330 2008.08.05 Win32/IRCBot.AAH
Norman 5.80.02 2008.08.05 -
Panda 9.0.0.4 2008.08.05 -
PCTools 4.4.2.0 2008.08.05 -
Prevx1 V2 2008.08.05 -
Rising 20.56.12.00 2008.08.05 -
Sophos 4.31.0 2008.08.05 -
Sunbelt 3.1.1537.1 2008.08.01 -
Symantec 10 2008.08.05 -
TheHacker 6.2.96.393 2008.08.04 -
TrendMicro 8.700.0.1004 2008.08.05 -
VBA32 3.12.8.2 2008.08.05 -
ViRobot 2008.8.5.1324 2008.08.05 -
VirusBuster 4.5.11.0 2008.08.05 -
Webwasher-Gateway 6.6.2 2008.08.05 Trojan.ATRAPS.Gen
Information additionnelle
File size: 53248 bytes
MD5...: 04f9b060f55692e8de9cea45e3f48db0
SHA1..: 506403290d1bc2cadb8aab6acdf08c3cf37269e7

Fichier 0x05x.exe reçu le 2008.08.05 23:45:33 (CET)
Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE
Résultat: 3/36 (8.34%)

Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.8.6.0 2008.08.05 -
AntiVir 7.8.1.15 2008.08.05 -
Authentium 5.1.0.4 2008.08.05 -
Avast 4.8.1195.0 2008.08.05 -
AVG 8.0.0.156 2008.08.05 -
BitDefender 7.2 2008.08.05 -
CAT-QuickHeal 9.50 2008.08.05 -
ClamAV 0.93.1 2008.08.05 -
DrWeb 4.44.0.09170 2008.08.05 Trojan.Inject.3688
eSafe 7.0.17.0 2008.08.05 -
eTrust-Vet 31.6.6011 2008.08.05 -
Ewido 4.0 2008.08.05 -
F-Prot 4.4.4.56 2008.08.05 -
F-Secure 7.60.13501.0 2008.08.05 -
Fortinet 3.14.0.0 2008.08.05 -
GData 2.0.7306.1023 2008.08.05 -
Ikarus T3.1.1.34.0 2008.08.05 -
K7AntiVirus 7.10.404 2008.08.05 -
Kaspersky 7.0.0.125 2008.08.05 -
McAfee 5354 2008.08.05 -
Microsoft 1.3807 2008.08.05 VirTool:Win32/DelfInject.gen!AF
NOD32v2 3330 2008.08.05 Win32/IRCBot.AAH
Norman 5.80.02 2008.08.05 -
Panda 9.0.0.4 2008.08.05 -
PCTools 4.4.2.0 2008.08.05 -
Prevx1 V2 2008.08.05 -
Rising 20.56.12.00 2008.08.05 -
Sophos 4.31.0 2008.08.05 -
Sunbelt 3.1.1537.1 2008.08.01 -
Symantec 10 2008.08.05 -
TheHacker 6.2.96.393 2008.08.04 -
TrendMicro 8.700.0.1004 2008.08.05 -
VBA32 3.12.8.2 2008.08.05 -
ViRobot 2008.8.5.1324 2008.08.05 -
VirusBuster 4.5.11.0 2008.08.05 -
Webwasher-Gateway 6.6.2 2008.08.05 -
Information additionnelle
File size: 52736 bytes
MD5...: 8139da57f9453a24f9d388ca619f5572
SHA1..: d3d19d504ea62eee303ce1ccd02981044718cbc9

[Malekal_morte]

Scan au lendemain :

Complete scanning result of "0x05x.exe", processed in VirusTotal at 08/07/2008 10:37:34 (CET).

[ file data ]
* name..: 0x05x.exe
* size..: 52736
* md5...: 8139da57f9453a24f9d388ca619f5572
* sha1..: d3d19d504ea62eee303ce1ccd02981044718cbc9
* peid..: BobSoft Mini Delphi -> BoB / BobSoft

[ scan result ]
AhnLab-V3 2008.8.7.0/20080807 found nothing
AntiVir 7.8.1.19/20080807 found [TR/Agent.xsn]
Authentium 5.1.0.4/20080807 found nothing
Avast 4.8.1195.0/20080806 found nothing
AVG 8.0.0.156/20080807 found [BackDoor.Ircbot.FCO]
BitDefender 7.2/20080807 found nothing
CAT-QuickHeal 9.50/20080806 found nothing
ClamAV 0.93.1/20080807 found nothing
DrWeb 4.44.0.09170/20080807 found [Trojan.Inject.3688]
eSafe 7.0.17.0/20080806 found nothing
eTrust-Vet 31.6.6016/20080806 found nothing
Ewido 4.0/20080806 found nothing
F-Prot 4.4.4.56/20080806 found nothing
F-Secure 7.60.13501.0/20080807 found [Trojan.Win32.Agent.xsn]
Fortinet 3.14.0.0/20080807 found [W32/Agent.XSN!tr]
GData 2.0.7306.1023/20080807 found [Trojan.Win32.Agent.xsn]
Ikarus T3.1.1.34.0/20080807 found [VirTool.Win32.DelfInject.AF]
K7AntiVirus 7.10.405/20080807 found nothing
Kaspersky 7.0.0.125/20080807 found [Trojan.Win32.Agent.xsn]
McAfee 5355/20080806 found nothing
Microsoft 1.3807/20080807 found [VirTool:Win32/DelfInject.gen!AF]
NOD32v2 3335/20080807 found [Win32/IRCBot.AAH]
Norman 5.80.02/20080806 found nothing
Panda 9.0.0.4/20080806 found nothing
PCTools 4.4.2.0/20080806 found nothing
Prevx1 V2/20080807 found [Worm]
Rising 20.56.30.00/20080807 found nothing
Sophos 4.31.0/20080807 found nothing
Sunbelt 3.1.1537.1/20080807 found [Trojan.Win32.Agent.xsn]
Symantec 10/20080807 found nothing
TheHacker 6.2.96.393/20080804 found nothing
TrendMicro 8.700.0.1004/20080807 found nothing
VBA32 3.12.8.2/20080806 found nothing
ViRobot 2008.8.6.1326/20080806 found [Trojan.Win32.Agent.52736.C]
VirusBuster 4.5.11.0/20080806 found nothing
Webwasher-Gateway 6.6.2/20080807 found nothing

Complete scanning result of "0x05.exe", processed in VirusTotal at 08/07/2008 10:37:34 (CET).

[ file data ]
* name..: 0x05.exe
* size..: 53248
* md5...: 04f9b060f55692e8de9cea45e3f48db0
* sha1..: 506403290d1bc2cadb8aab6acdf08c3cf37269e7
* peid..: BobSoft Mini Delphi -> BoB / BobSoft

[ scan result ]
AhnLab-V3 2008.8.7.0/20080807 found nothing
AntiVir 7.8.1.19/20080807 found [TR/ATRAPS.Gen]
Authentium 5.1.0.4/20080807 found [W32/Threat-SysVenFak-based!Maximus]
Avast 4.8.1195.0/20080806 found [Win32:Trojan-gen {Other}]
AVG 8.0.0.156/20080807 found [BackDoor.Ircbot.FCO]
BitDefender 7.2/20080807 found nothing
CAT-QuickHeal 9.50/20080806 found nothing
ClamAV 0.93.1/20080807 found nothing
DrWeb 4.44.0.09170/20080807 found [Trojan.Inject.3688]
eSafe 7.0.17.0/20080806 found nothing
eTrust-Vet 31.6.6016/20080806 found nothing
Ewido 4.0/20080806 found nothing
F-Prot 4.4.4.56/20080806 found [W32/Threat-SysVenFak-based!Maximus]
F-Secure 7.60.13501.0/20080807 found [Trojan.Win32.Agent.xsm]
Fortinet 3.14.0.0/20080807 found [W32/Agent.XSM!tr]
GData 2.0.7306.1023/20080807 found [Trojan.Win32.Agent.xsm]
Ikarus T3.1.1.34.0/20080807 found [VirTool.Win32.DelfInject.AF]
K7AntiVirus 7.10.405/20080807 found nothing
Kaspersky 7.0.0.125/20080807 found [Trojan.Win32.Agent.xsm]
McAfee 5355/20080806 found nothing
Microsoft 1.3807/20080807 found [VirTool:Win32/DelfInject.gen!AF]
NOD32v2 3335/20080807 found [Win32/IRCBot.AAH]
Norman 5.80.02/20080806 found nothing
Panda 9.0.0.4/20080806 found nothing
PCTools 4.4.2.0/20080806 found nothing
Prevx1 V2/20080807 found nothing
Rising 20.56.30.00/20080807 found nothing
Sophos 4.31.0/20080807 found nothing
Sunbelt 3.1.1537.1/20080807 found [Trojan.Win32.Agent.xsm]
Symantec 10/20080807 found nothing
TheHacker 6.2.96.393/20080804 found nothing
TrendMicro 8.700.0.1004/20080807 found nothing
VBA32 3.12.8.2/20080806 found nothing
ViRobot 2008.8.6.1326/20080806 found [Trojan.Win32.Agent.52736.C]
VirusBuster 4.5.11.0/20080806 found nothing
Webwasher-Gateway 6.6.2/20080807 found nothing