Thursday, 7 November 2013

Incoming malware example

An incoming bit of malware:

"Please see attached copy (Invoice_9918492) of the original invoice." with an attached zip file.

Let's have a look at the *current* 0 minute results...

MD5: 90d968aab763ea0e91c357e47f10372d
File name: Invoice_9918492.zip

Detected already by ClamAV 3rd Party signatures:  

phish.ndb: Sanesecurity.Malware.22634.ZipHeur.Dte.UNOFFICIAL  
foxhole_all.cdb: Sanesecurity.Foxhole.Zip_exe.UNOFFICIAL

Detected already by ClamAV 3rd Party signatures hashes:  

rogue.hdb: Sanesecurity.Rogue.0hr.1107v29162.UNOFFICIAL
bofhland_malware_attach.hdb: BofhlandMWFile498.UNOFFICIAL

Example snapshot, number blocked per hour mean: 114, Max: 4831

VirusTotal:

Detection ratio: 2 / 47
Analysis date: 2013-11-07 09:13:28 UTC ( 2 minutes ago )
 AntiVir: TR/Crypt.XPACK.Gen3
Sophos: Troj/Invo-Zip

ThreatTrack Pdf Analysis:

https://drive.google.com/file/d/0B1SVySdiVS8BY25DSmdaOXZzbU0

No comments: