TrojanDownloader:Win32/Chepvil

#6070 by Triple Helix
Thu Apr 28, 2011 5:44 pm

New Infected Attachment email going around! VirusTotal reports 21/42 http://www.virustotal.com/file-scan/rep ... 1304009540 please move to the proper thread if necessary!

TH

Attachments

Order details.rar

Password: infected
(7.05 KiB) Downloaded 55 times

Triple Helix

Username

Triple Helix

Posts

20

Joined

Mon Aug 09, 2010 6:01 pm

Re: Malware/Not classified

#6071 by EP_X0FF
Thu Apr 28, 2011 6:16 pm

Triple Helix wrote:New Infected Attachment email going around! VirusTotal reports 21/42 http://www.virustotal.com/file-scan/rep ... 1304009540 please move to the proper thread if necessary!

TH

This is trojan downloader Chepvil.

kkojjors.net zolotiyeyayca.ru nahuysplyaga.ru variantov.com pusk.exe Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.0; .NET CLR 1.0.2914) http://%s/f/g.php data= /f/s.php POST Content-Type: application/x-www-form-urlencoded TEMP

As payload it downloads and installs XP Total Security FakeAV. After removal registry repair is required, because FakeAV extends Exefile HKCR entry.
Posts moved.

Attachments

12.rar

payload, pass: malware
(276.66 KiB) Downloaded 50 times

Ring0 - the source of inspiration

Username

EP_X0FF

Rank

Global Moderator

Posts

4947

Joined

Sun Mar 07, 2010 5:35 am

Location

Russian Federation

Contact

Re: TrojanDownloader:Win32/Chepvil

#6073 by Triple Helix
Thu Apr 28, 2011 8:01 pm

Thanks for the info! :D

TH

Triple Helix

Username

Triple Helix

Posts

20

Joined

Mon Aug 09, 2010 6:01 pm