[Aleksandra]

_http://down.web052.com:804/qvodsetup7.exe
MD5: 62297731ed94b07ae91cffc72bcaded8
SHA1: cafb948455fa7d8c86d840a7ae43f0d450ca9d37
https://www.virustotal.com/ru/file/b8da ... /analysis/

[360Tencent]

http://nakedsecurity.sophos.com/2013/06 ... ew-tricks/

2 droppers (from http://www.sophos.com/en-us/threat-cent ... lysis.aspx ,not sure whether they are already in the post)

Mal_Jadtre_C.zip

pw:infected
(136.18 KiB) Downloaded 67 times

[PX5]

_http://down.web052.com:804/qvodsetup7.exe
MD5: 62297731ed94b07ae91cffc72bcaded8
SHA1: cafb948455fa7d8c86d840a7ae43f0d450ca9d37
https://www.virustotal.com/ru/file/b8da ... /analysis/

Im not sure this belongs here but gonna post it and let the Moderators decide.

Other live links from same domain name

Code: Select all

http://down.web052.com:804/qvodsetup5.exe
http://down.web052.com:804/qvodsetup6.exe
http://down.web052.com:804/qvodsetup7.exe
http://down.web052.com:804/qvodsetup8.exe

Have not scanned any of the files yet but all are in attached

[hx1997]

Guntior dropper+dll+driver in attach

Downloads a lot of online game password stealers.

Code: Select all

[info]
isdown=1
huifang=60
jiange=5  /* interval=5 --hx1997 */
url1=http://122.224.8.92:904/a09.exe
pid1=Lobby.exe /* 456游戏大厅 */
biaoshi1=ga5nm4 /* identifier=ga5nm4 */
url2=http://122.224.8.92:903/a11.exe
pid2=QQSG.exe /* QQ三国 */
biaoshi2=qqsg
url3=http://122.224.8.92:903/a12.exe
pid3=QQhxgame.exe  /* QQ华夏 */
biaoshi3=qqhx
url4=http://122.224.8.92:902/a16.exe
pid4=Bo.exe  /* 刀剑英雄 */
biaoshi4=daojian
url5=http://122.224.8.92:907/a17.exe
pid5=qqffo.exe  /* QQ自由幻想 */
biaoshi5=qqzyhx
url6=http://122.224.8.92:907/a22.exe
pid6=Dyntmp1.dat /* 传奇世界 */
biaoshi6=rxjh
url7=http://122.224.8.92:908/a23.exe
pid7=mir3.dat /* 传奇世界 */
biaoshi7=rxjh
url8=http://122.224.8.92:908/a24.exe
pid8=mir1.dat /* 传奇世界 */
biaoshi8=cqwz
url9=http://122.224.8.92:909/a31.exe
pid9=
biaoshi9=qq /* QQ (a Chinese IM) */
url10=http://122.224.8.92:909/a32.exe
pid10=
biaoshi10=dnf /* 地下城与勇士，Dungeon & Fighter */
url11=http://122.224.8.92:904/a00.exe
pid11=asktao.mod /* 问道 */
biaoshi11=wendao

[jioushizhu]

Guntior dropper+dll+driver in attach

Downloads a lot of online game password stealers.

Code: Select all

[info]
isdown=1
huifang=60
jiange=5  /* interval=5 --hx1997 */
url1=http://122.224.8.92:904/a09.exe
pid1=Lobby.exe /* 456游戏大厅 */
biaoshi1=ga5nm4 /* identifier=ga5nm4 */
url2=http://122.224.8.92:903/a11.exe
pid2=QQSG.exe /* QQ三国 */
biaoshi2=qqsg
url3=http://122.224.8.92:903/a12.exe
pid3=QQhxgame.exe  /* QQ华夏 */
biaoshi3=qqhx
url4=http://122.224.8.92:902/a16.exe
pid4=Bo.exe  /* 刀剑英雄 */
biaoshi4=daojian
url5=http://122.224.8.92:907/a17.exe
pid5=qqffo.exe  /* QQ自由幻想 */
biaoshi5=qqzyhx
url6=http://122.224.8.92:907/a22.exe
pid6=Dyntmp1.dat /* 传奇世界 */
biaoshi6=rxjh
url7=http://122.224.8.92:908/a23.exe
pid7=mir3.dat /* 传奇世界 */
biaoshi7=rxjh
url8=http://122.224.8.92:908/a24.exe
pid8=mir1.dat /* 传奇世界 */
biaoshi8=cqwz
url9=http://122.224.8.92:909/a31.exe
pid9=
biaoshi9=qq /* QQ (a Chinese IM) */
url10=http://122.224.8.92:909/a32.exe
pid10=
biaoshi10=dnf /* 地下城与勇士，Dungeon & Fighter */
url11=http://122.224.8.92:904/a00.exe
pid11=asktao.mod /* 问道 */
biaoshi11=wendao

Not infected MBR

[cjbi]

Fresh signed Guntior (with PbBot) sample attached.

VirusTotal result(s)
ght3.exe.vir 13/47 https://www.virustotal.com/en/file/99b7 ... 373794226/