[fatdcuk]

Nothing fancy just a distinct lack of any route 1 identification by any VT DB ;)

http://www.virustotal.com/file-scan/rep ... 1300160250

Spammed by seeded search terms.
Updates c/o

Code: Select all

http://checkifuneed.com/codecs/QuickTimeCodec.3291.exe

Runs as a service and wants to share even more junk seeded onto the P2P networks.

MalwareBytes detects as Trojan.P2P.Agent oddly enough :)

[fatdcuk]

Another day , another set of cloths same critter ;)

:evil: Lamerz hall of shame 1/41 @ VT
http://www.virustotal.com/file-scan/rep ... 1301061954

[fatdcuk]

Updated again...

http://www.virustotal.com/file-scan/rep ... 1302107684

Still no cure for AV lamerz

[EP_X0FF]

Well Dr.Web clearly says this is trojan* :D

https://www.virustotal.com/file-scan/re ... 1302111883

*(after removing crypter)

There many C++ RTL code inside and GnucDNA components code (d:\GnucDNA\src\GnucleusR3\Release\revengeConsole.pdb)
http://www.gnucleus.com/GnucDNA

Maybe this low detection ration is because this malware is not well known? :)

[fatdcuk]

Another day and papas found another new bag floated in P2P land :D

http://www.virustotal.com/file-scan/rep ... 1303475625
http://www.virustotal.com/file-scan/rep ... 1303475759

Code: Select all

http://litecodecupdate.com/play/?f=01

There are more files @ that URL..same critter different MD5 blah blah...Installs its tuck shop(shares) in random named directory in %SYSDIR%.

[EP_X0FF]

That's the same repacked malware, post merged with previous thread :)

[Quads]

Norton 2012 Download Insight Quarantines the files after being downloaded from the websites.

Quads

[EP_X0FF]

I believe most AV's/FW with HIPS component should block this malware by behavior analysis because installing and running service is suspicious by default.