Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

remixed's malware submissions

Started by UnusedAccount, Aug 17 2011 11:35 AM

Please log in to reply

599 replies to this topic

#1 UnusedAccount

Deceased

Malware Hunter
486 posts

AV:None
HIPS:None

Posted 17 August 2011 - 11:35 AM

Files included;
Wolfram Antivirus
Multi-Name Fake AV
System Repair
Download Urls and Virus Total reports are attached with files.

Bored

#2 UnusedAccount

Deceased

Malware Hunter
486 posts

AV:None
HIPS:None

Posted 17 August 2011 - 12:04 PM

Download Urls and reports attached.
SMS Fraud
Fake Adobe Flash Update. Rootkit Zero Access

Bored

#3 UnusedAccount

Deceased

Malware Hunter
486 posts

AV:None
HIPS:None

Posted 17 August 2011 - 01:51 PM

videos17.avi.exe
VT down atm. Virscan log attached

Bored

#4 markusg

Malware Removal Team

Malware Removal Team
689 posts

Posted 17 August 2011 - 02:48 PM

the list is not kompett, so i updated it and will upload.
an aditional info:
this urls getting updated every 30 minutes.

Attached Files

ransom.rtf 1.51K 2 downloads

#5 UnusedAccount

Deceased

Malware Hunter
486 posts

AV:None
HIPS:None

Posted 17 August 2011 - 03:15 PM

setup.exe / Trojan Dropper
Nouware.exe / Trojan FakeAlert

Bored

#6 UnusedAccount

Deceased

Malware Hunter
486 posts

AV:None
HIPS:None

Posted 17 August 2011 - 04:52 PM

pusk3.exe ; 2/37 Virscan
Office_Pr0n_Movie_267.Mpeg ; 3/37 Virscan

Bored

#7 UnusedAccount

Deceased

Malware Hunter
486 posts

AV:None
HIPS:None

Posted 17 August 2011 - 09:05 PM

Virscan, 8% Scanner(s) (3/37) found malware!
File Name : flywauemaueviobr.exe
File Size : 463872 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : e22b6377fcfe26484753237ba4c231f7
http://r.virscan.org...164ac84bdd2a0c8
Wepawet report included

Bored

#8 UnusedAccount

Deceased

Malware Hunter
486 posts

AV:None
HIPS:None

Posted 18 August 2011 - 12:02 AM

http://www.virustota...4e79-1313620612
File name: exe.exe
Submission date: 2011-08-17 22:36:52 (UTC)
Current status: finished
Result: 4/ 44 (9.1%)
MD5 : f643841559e90b770dd22e6908d92adc

http://www.virustota...ab0a-1313621441
File name: X.exe
Submission date: 2011-08-17 22:50:41 (UTC)
Current status: finished
Result: 1/ 44 (2.3%)
MD5 : 2dff3265278fb6a894829a75f6275c8a

Bored

#9 UnusedAccount

Deceased

Malware Hunter
486 posts

AV:None
HIPS:None

Posted 18 August 2011 - 12:52 AM

http://www.virustota...fee2-1313623851
File name: defender.exe
Submission date: 2011-08-17 23:30:51 (UTC)
Current status: finished
Result: 6 /43 (14.0%)
MD5 : bef78ec9929efee32c0b4cfaca1eba58

Bored

#10 UnusedAccount

Deceased

Malware Hunter
486 posts

AV:None
HIPS:None

Posted 18 August 2011 - 12:58 PM

http://www.virustota...c4d1-1313667463
File name: FastAntivirus2011.exe
Submission date: 2011-08-18 11:37:43 (UTC)
Current status: finished
Result: 6 /43 (14.0%)
MD5 : 71992bb588ed636361c27148aa5e4eab

3 versions (different file size / MD5 attached)

Bored

#11 UnusedAccount

Deceased

Malware Hunter
486 posts

AV:None
HIPS:None

Posted 18 August 2011 - 03:10 PM

File name: csrss.exe
Submission date: 2011-08-18 13:55:20 (UTC)
Current status: finished
Result: 2 /38 (5.3%)
http://www.virustota...952a-1313675720
MD5 : 75265f4aa4b0e69483300bba6da06e3f

File name: dwm.exe
Submission date: 2011-08-18 14:00:53 (UTC)
Current status: finished
Result: 2 /43 (4.7%)
http://www.virustota...e50f-1313676053
MD5 : 6f761f7c51f35366f49c3e2c716722de

Bored

#12 UnusedAccount

Deceased

Malware Hunter
486 posts

AV:None
HIPS:None

Posted 18 August 2011 - 08:58 PM

File name: calc.exe
Submission date: 2011-08-18 19:38:14 (UTC)
Current status: finished
Result: 2 /43 (4.7%)
MD5 : 1cc76cb6fac8f203ff0a33ae407095f6
http://www.virustota...bd97-1313696294

Bored

#13 UnusedAccount

Deceased

Malware Hunter
486 posts

AV:None
HIPS:None

Posted 18 August 2011 - 10:51 PM

File name: pusk3.exe
Submission date: 2011-08-18 21:40:20 (UTC)
Current status: finished
Result: 4 /43 (9.3%)
MD5 : b71a20a231007e7d88389158b2cd4ce9
http://www.virustota...cc87-1313703620

Bored

#14 UnusedAccount

Deceased

Malware Hunter
486 posts

AV:None
HIPS:None

Posted 18 August 2011 - 11:11 PM

Undetected
File name: Wolfram Antivirus.exe
Submission date: 2011-08-18 21:59:27 (UTC)
Current status: finished
Result: 1 /43 (2.3%)
http://www.virustota...5521-1313704767

Bored

#15 UnusedAccount

Deceased

Malware Hunter
486 posts

AV:None
HIPS:None

Posted 18 August 2011 - 11:56 PM

New Rogue AV. Replaces Ant-Malware Lab. Emsisoft's detection is holding on this one, but a new removal guide is required. This rogue has no google hits for removal blogs at this time.

Bored

#16 UnusedAccount

Deceased

Malware Hunter
486 posts

AV:None
HIPS:None

Posted 19 August 2011 - 01:19 AM

Using Malzilla
File name: 0ced4b7c5821ce1478d0cda0463fcc70
Submission date: 2011-08-18 23:52:01 (UTC)
Current status: finished
Result: 4 /43 (9.3%)
MD5 : 0ced4b7c5821ce1478d0cda0463fcc70
http://www.virustota...1daf-1313711521
http://wepawet.cs.uc...63fcc70&type=js
Payload
File name: about.exe
Submission date: 2011-08-19 00:00:13 (UTC)
Current status: finished
Result: 1 /43 (2.3%)
MD5 : 755ed1697402c2d52d0c375d0b7f861b
http://www.virustota...006a-1313712013

Bored

#17 UnusedAccount

Deceased

Malware Hunter
486 posts

AV:None
HIPS:None

Posted 19 August 2011 - 03:07 PM

Undetected.
File name: lto.exe
Submission date: 2011-08-19 13:48:07 (UTC)
Current status: finished
Result: 4 /43 (9.3%)
MD5 : 33d2d86e21b8ac955ecf269f7a26b2d2
http://www.virustota...46fc-1313761687

Bored

#18 UnusedAccount

Deceased

Malware Hunter
486 posts

AV:None
HIPS:None

Posted 19 August 2011 - 06:11 PM

File name: 8.exe
Submission date: 2011-08-19 17:02:36 (UTC)
Current status: finished
Result: 5 /43 (11.6%)
MD5 : 7d23a817e5c5670464fd21d76c1a985f
http://www.virustota...67d8-1313773356

Bored

#19 markusg

Malware Removal Team

Malware Removal Team
689 posts

Posted 19 August 2011 - 07:29 PM

as info, change the number from the jpg and you will get more droppers.
i try till 20 and got 5, perhaps there are more.

#20 UnusedAccount

Deceased

Malware Hunter
486 posts

AV:None
HIPS:None

Posted 19 August 2011 - 10:29 PM

http://www.virustota...20a5-1313788714
File name: adobeflashplayerv10.2.152.32.exe
Submission date: 2011-08-19 21:18:34 (UTC)
Current status: finished
Result: 9/ 44 (20.5%)
MD5 : 7323946929ebb99368f491837b0b385f

Bored

#21 UnusedAccount

Deceased

Malware Hunter
486 posts

AV:None
HIPS:None

Posted 19 August 2011 - 11:33 PM

File name: P1kAlMiG2Kb7Fz.exe
Submission date: 2011-08-19 22:14:13 (UTC)
Current status: finished
Result: 9/ 44 (20.5%)
MD5 : 606a5a88d5f3ac45a2f2b578fb52e353
http://www.virustota...76dd-1313792053

File name: SoftwareUpdate.exe
Submission date: 2011-08-19 22:20:29 (UTC)
Current status: finished
Result: 2/ 44 (4.5%)
MD5 : c2c97e027a56b07cc3861bdae92ff0c4
http://www.virustota...2c3c1-131379242

Bored

#22 UnusedAccount

Deceased

Malware Hunter
486 posts

AV:None
HIPS:None

Posted 20 August 2011 - 08:50 PM

File name: Hardcore_Porn_Movie_82.mpeg.exe
Submission date: 2011-08-20 19:31:25 (UTC)
Current status: finished
Result: 9 /43 (20.9%)
MD5 : 38d622dbd0ae389c5419d7b637d1061d
http://www.virustota...2525-1313868685

Bored

#23 UnusedAccount

Deceased

Malware Hunter
486 posts

AV:None
HIPS:None

Posted 20 August 2011 - 10:19 PM

File name: MRT.exe
Submission date: 2011-08-20 21:11:58 (UTC)
Current status: finished
Result: 2/ 44 (4.5%)
MD5 : 260cc54929997b6e844025ff53649ac8
http://www.virustota...e304-1313874718

Bored

#24 UnusedAccount

Deceased

Malware Hunter
486 posts

AV:None
HIPS:None

Posted 21 August 2011 - 01:26 PM

File name: calc.exe
Submission date: 2011-08-21 11:49:16 (UTC)
Current status: finished
Result: 9/ 44 (20.5%)
MD5 : 2b84eff43db0c40c86408f490f967115
http://www.virustota...45a6-1313927356

File name: GIB-17-08.exe
Submission date: 2011-08-21 12:03:18 (UTC)
Current status: finished
Result: 3/ 44 (6.8%)
MD5 : 20f409761ffeca44bc0c02035a1a5317
http://www.virustota...b940-1313928198

File name: flash_player_installer.exe
Submission date: 2011-08-21 12:09:15 (UTC)
Current status: finished
Result: 7/ 44 (15.9%)
MD5 : f2f84c3b248bc6e9c5d5e6f5a7138a1e
http://www.virustota...6601-1313928555

File name: BDSM_Movie_214.mpeg.exe
Submission date: 2011-08-21 12:07:32 (UTC)
Current status: finished
Result: 9/ 44 (20.5%)
MD5 : b9ee693cbb87eec14a93c27520be2cbb
http://www.virustota...fbdd-1313928452

Bored

#25 UnusedAccount

Deceased

Malware Hunter
486 posts

AV:None
HIPS:None

Posted 21 August 2011 - 02:50 PM

File name: csrss.exe
Submission date: 2011-08-21 13:35:41 (UTC)
Current status: finished
Result: 3/ 44 (6.8%)
MD5 : 9fcee5821e3401f2c01b519bb5ffba22
http://www.virustota...1dc5-1313933741

File name: dwm.exe
Submission date: 2011-08-21 13:39:50 (UTC)
Current status: finished
Result: 3/ 44 (6.8%)
MD5 : cafb80246ea7baebe10dcd4933d94d2c
http://www.virustota...c733-1313933990

Bored

#26 UnusedAccount

Deceased

Malware Hunter
486 posts

AV:None
HIPS:None

Posted 21 August 2011 - 06:40 PM

Scanner results : 8% Scanner(s) (3/37) found malware!
File Name : install_flash_player.exe
File Size : 193536 byte
MD5 : 6b6408217f8b7457fce5e05d4bbe8cb9
http://r.virscan.org...f2c0b0383ddb078

Bored

#27 UnusedAccount

Deceased

Malware Hunter
486 posts

AV:None
HIPS:None

Posted 21 August 2011 - 11:36 PM

Undetected
File name: Hardcore_Porn_Movie_82.mpeg.exe
Submission date: 2011-08-21 22:15:39 (UTC)
Current status: finished
Result: 5/ 44 (11.4%)
MD5 : d887bacdbab0b81e1a29311e02667fe1
http://www.virustota...08f3-1313964939

Bored

#28 UnusedAccount

Deceased

Malware Hunter
486 posts

AV:None
HIPS:None

Posted 22 August 2011 - 12:13 AM

File name: mcmst.exe
Submission date: 2011-08-21 16:25:14 (UTC)
Current status: finished
Result: 3 /42 (7.1%)
http://www.virustota...e445-1313943914

Bored

#29 UnusedAccount

Deceased

Malware Hunter
486 posts

AV:None
HIPS:None

Posted 22 August 2011 - 06:04 PM

Undetected.
File name: pusk3.exe
Submission date: 2011-08-22 16:48:24 (UTC)
Current status: finished
Result: 4 /44 (9.1%)
MD5 : 0434c084dba8626df980c7974d5728e1
http://www.virustota...33dc-1314031704

Bored

#30 UnusedAccount

Deceased

Malware Hunter
486 posts

AV:None
HIPS:None

Posted 23 August 2011 - 12:26 AM

Apologies, the previous version of this sample was corrupt.
File Name : pusk3.exe
MD5 : 73c8e9f35f1454559c66a3311fa7f39b
Scanner results : 14% Scanner(s) (5/37) found malware!
http://r.virscan.org...03413f38828e505

Bored

#31 UnusedAccount

Deceased

Malware Hunter
486 posts

AV:None
HIPS:None

Posted 23 August 2011 - 12:41 AM

File Name : updateflash.exe
MD5 : 9da9c37a8dac814b009dc8955aea2bc8
Scanner results : 8% Scanner(s) (3/37) found malware!
http://r.virscan.org...bbbd423535eb159

Bored

#32 UnusedAccount

Deceased

Malware Hunter
486 posts

AV:None
HIPS:None

Posted 23 August 2011 - 01:12 AM

File name: calc.exe
Submission date: 2011-08-22 23:53:33 (UTC)
Current status: finished
Result: 4/ 44 (9.1%)
http://www.virustota...1f98-1314057213

File name: Flash-Player.exe
Submission date: 2011-08-23 00:05:16 (UTC)
Current status: finished
Result: 11 /44 (25.0%)
MD5 : 85dbe6be51686d63f6c18cbbf38db640
http://www.virustota...5dcc-1314057916

Bored

#33 UnusedAccount

Deceased

Malware Hunter
486 posts

AV:None
HIPS:None

Posted 23 August 2011 - 12:01 PM

File name: fdbfdf542.exe
Submission date: 2011-08-23 10:16:52 (UTC)
Current status: finished
Result: 4/ 44 (9.1%)
MD5 : 8270fbe8a4ef6abe08c6fe4ed9359c32
http://www.virustota...ad6a-1314094612

File name: robertiniii.exe
Submission date: 2011-08-23 10:39:58 (UTC)
Current status: finished
Result: 6 /44 (13.6%)
MD5 : 6626f592df69523e9eb013fb1c09eeb4
http://www.virustota...7841-1314095998

File name: netgear.exe
Submission date: 2011-08-23 10:31:10 (UTC)
Current status: finished
Result: 5 /44 (11.4%)
MD5 : 65e89eba061729f014891ea6dc067922
http://www.virustota...5867-1314095470

Bored

#34 UnusedAccount

Deceased

Malware Hunter
486 posts

AV:None
HIPS:None

Posted 23 August 2011 - 12:30 PM

File name: firefox.exe
Submission date: 2011-08-23 11:14:43 (UTC)
Current status: finished
Result: 11/ 44 (25.0%)
MD5 : 8a8a5c6b3d7ef90ed641736789e27796
http://www.virustota...2be3-1314098083

Bored

#35 UnusedAccount

Deceased

Malware Hunter
486 posts

AV:None
HIPS:None

Posted 23 August 2011 - 12:57 PM

File name: Lolita_F*ck_Movie_92.mpeg.exe
Submission date: 2011-08-23 11:46:46 (UTC)
Current status: finished
Result: 9 /43 (20.9%)
MD5 : 0fe5570370c8c1c1d8bb0ca422d98002
http://www.virustota...bb16-1314100006

Bored

#36 UnusedAccount

Deceased

Malware Hunter
486 posts

AV:None
HIPS:None

Posted 23 August 2011 - 01:36 PM

4 miscellaneous undetected samples
Scan info attached

Bored

#37 Arief Prabowo

Forum Veteran

Emsisoft Employee
1610 posts

LocationIndonesia

Posted 23 August 2011 - 01:53 PM

Ok, no problem. Thanks, remixed.

Best regards,

Arief Prabowo [Research]
Emsisoft Team - http://www.emsisoft.com
Posted Image

#38 UnusedAccount

Deceased

Malware Hunter
486 posts

AV:None
HIPS:None

Posted 23 August 2011 - 04:11 PM

Trojan.Agent
File name: contacts.exe
Submission date: 2011-08-23 14:52:38 (UTC)
Current status: finished
Result: 6 /44 (13.6%)
MD5 : 56a48964455d94644279948bc418baf2
http://www.virustota...7bfb-1314111158

Bored

#39 UnusedAccount

Deceased

Malware Hunter
486 posts

AV:None
HIPS:None

Posted 23 August 2011 - 07:15 PM

In response to a post elsewhere concerning detection issues, I have scanned 7 different versions of this file and this is the only one undetected.

Bored

#40 UnusedAccount

Deceased

Malware Hunter
486 posts

AV:None
HIPS:None

Posted 23 August 2011 - 08:25 PM

Scanner results : 16% Scanner(s) (6/37) found malware!
File Name : Amateur_Pr0n_Movie_217.mpeg.exe
MD5 : f008e9c700d942268b7cbb467ca1dbf6
http://r.virscan.org...dab5c4230b97888

Bored

#41 UnusedAccount

Deceased

Malware Hunter
486 posts

AV:None
HIPS:None

Posted 23 August 2011 - 10:44 PM

File Name : flash_player_installer.exe
MD5 : 48eb9eddfb58fe4412e55f8d62f407e0
Scanner results : 8% Scanner(s) (3/37) found malware!
http://r.virscan.org...37c4927e8a515b6

Bored

#42 UnusedAccount

Deceased

Malware Hunter
486 posts

AV:None
HIPS:None

Posted 24 August 2011 - 12:21 AM

File name: netprotocol.exe
Submission date: 2011-08-23 22:58:20 (UTC)
Current status: finished
Result: 5/ 44 (11.4%)
MD5 : 57389431a0a5e45e8136effb6e63b06b
http://www.virustota...9bca-1314140300

Bored

#43 UnusedAccount

Deceased

Malware Hunter
486 posts

AV:None
HIPS:None

Posted 24 August 2011 - 01:10 AM

File name: UPatikNiIP.exe
Submission date: 2011-08-23 23:57:55 (UTC)
Current status: finished
Result: 6 /44 (13.6%)
MD5 : 12d3cdbac1508f0616d044926938f3ac
http://www.virustota...f684-1314143875

File name: MpSigStub.exe
Submission date: 2011-08-24 00:01:31 (UTC)
Current status: finished
Result: 6/ 44 (13.6%)
MD5 : f47d774b0887601596c42d27f9bc2fb6
http://www.virustota...9558-1314144091

Bored

#44 UnusedAccount

Deceased

Malware Hunter
486 posts

AV:None
HIPS:None

Posted 24 August 2011 - 03:42 PM

File name: flash_player_installer.exe
Submission date: 2011-08-24 14:28:49 (UTC)
Current status: finished
Result: 7 /44 (15.9%)
MD5 : 0ba8780aaca1d90691806e127727cea0
http://www.virustota...15d5-1314196129

Bored

#45 UnusedAccount

Deceased

Malware Hunter
486 posts

AV:None
HIPS:None

Posted 24 August 2011 - 04:39 PM

File name: P1kAlMiG2Kb7Fz.exe
Submission date: 2011-08-24 15:26:26 (UTC)
Current status: finished
Result: 8 /44 (18.2%)
http://www.virustota...ef02-1314199586
MD5 : 44ec1e633e389ed96791cc81fa6ed5cf

Bored

#46 UnusedAccount

Deceased

Malware Hunter
486 posts

AV:None
HIPS:None

Posted 24 August 2011 - 08:30 PM

File name: FastAntivirus2011.exe
Submission date: 2011-08-24 19:16:49 (UTC)
Current status: finished
Result: 0/ 44 (0.0%)
http://www.virustota...2b5a-1314213409
MD5 : 26aa392bbbbf193db9d736c693cd60a5

Bored

#47 UnusedAccount

Deceased

Malware Hunter
486 posts

AV:None
HIPS:None

Posted 24 August 2011 - 11:06 PM

File name: defender.exe
Submission date: 2011-08-24 21:39:52 (UTC)
Current status: finished
Result: 5 /43 (11.6%)
MD5 : c70dd0beb78231e661415197f6fc1804
http://www.virustota...c71e-1314221992

Bored

#48 UnusedAccount

Deceased

Malware Hunter
486 posts

AV:None
HIPS:None

Posted 25 August 2011 - 10:42 AM

Already morphed
File name: FastAntivirus2011.exe
Submission date: 2011-08-25 09:09:38 (UTC)
Current status: finished
Result: 0/ 44 (0.0%)
MD5 : 6840bf89737fc62701212aefcc5b59be
http://www.virustota...ffc4-1314263378

Bored

#49 UnusedAccount

Deceased

Malware Hunter
486 posts

AV:None
HIPS:None

Posted 25 August 2011 - 06:56 PM

Undetected
File name: Sex_Party_F__k_Orgy_72.mpeg.exe
Submission date: 2011-08-25 17:45:30 (UTC)
Current status: finished
Result: 5 /44 (11.4%)
MD5 : 05a8d7d451f7fa134f24220c82341536
http://www.virustota...a05a-1314294330

Bored

#50 UnusedAccount

Deceased

Malware Hunter
486 posts

AV:None
HIPS:None

Posted 25 August 2011 - 08:42 PM

File name: flash_player_installer.exe
Submission date: 2011-08-25 19:34:08 (UTC)
Current status: finished
Result: 4/ 44 (9.1%)
MD5 : 884c4eaec094c5d276395533f9bb91be
http://www.virustota...a4ef-1314300848

Bored