[markusg]

This thread contains .NET based malware samples without any specific name

could be an other one, not sure.
http://www.virustotal.com/file-scan/rep ... 1292022826

[EP_X0FF]

Yet another .NET framework based trojan.

Drops CCleaner.exe to system.

Runs through HKCU\Software\Microsoft\Windows\CurrentVersion\Run as c:\documents and settings\UserName\application data\cdnlgjkryqyoupqotflsik\cdnlgjkryqyoupqotflsik\0.0.0.0\ccleaner.exe

Turns off System Restore, TaskManager, MSConfig, Regedit.

from the inside

Software\Microsoft\Windows\CurrentVersion\Run

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
EnableBalloonTips
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System
DisableTaskMgr
DisableRegistryTools

HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System
DisableCMD

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\SystemRestore
DisableSR

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
DisallowRun msconfig.exe

[markusg]

an other one

[EP_X0FF]

The same stuff :)

http://www.virustotal.com/file-scan/rep ... 1292168313

Drops previously described CCleaner.exe

http://www.virustotal.com/file-scan/rep ... 1292168485

[markusg]

Help.txt.exe
http://www.virustotal.com/file-scan/rep ... 1293626434
MBAM.ReadMe.txt.exe
http://www.virustotal.com/file-scan/rep ... 1293626608

[markusg]

http://www.virustotal.com/file-scan/rep ... 1293723899

[EP_X0FF]

Crashes at start (Index was outside the bounds of the array).

[markusg]

http://www.virustotal.com/file-scan/rep ... 1294077409

[markusg]

http://www.virustotal.com/file-scan/rep ... 1294404241

[EP_X0FF]

http://www.virustotal.com/file-scan/rep ... 1294404241

Does not working. Crashes at start.
Maybe because Of BloodCrypter1.0 used.