Tuesday, March 31, 2009

ARE YOU INTERESTED ON PROTECTED VIDEO CONTENS? DON’T GET INFECTED

ARE YOU INTERESTED ON PROTECTED VIDEO CONTENS? DON’T GET INFECT

Protected private content videos are spreading malware. The web site is looking like original movie website. If you want to see the the protected content, you have to click the ‘ENABLE VIDEO NOW’. After clicking the link you are ready to get infect the malware



If you need to open the video, you need secure code & access code





Where can I get the code? .Click the access generator. It will generate the code& simultaneously Drop the trojan.AntiVir is detecting as TR/Dropper.Gen, McAfee-GW-Edition is detecting as Trojan.Dropper.Gen

Additional information:

File size: 88576 bytes
MD5...: 37d63ad95eae5b2810b9b860dcb03ba6

TrID..: File type identification
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)

PEInfo: PE Structure information

Base Data
entrypointaddress.: 0x2214
timedatestamp.....: 0x49cfb31d (Sun Mar 29 17:42:53 2009)
machinetype.......: 0x14c (I386)

Imports

kernel32.dll: ExitProcess, FreeLibrary, GetModuleHandleA, GetProcAddress, LoadLibraryA, lstrcatA, lstrcpyA, lstrlenA

More ananlysis:http://www.virustotal.com/analisis/e65ba59b29da0592d47c871d3261d48e

WHOIS INFORMATION:

Registration Service Provided By: REGNAME.BIZ
Contact: +1.2014674681
Website: http://www.regname.biz

Domain Name: CUTMYHEART.COM

Registrant:
N/A
Karlos ()
Mira str 144 app. 12
Moscow
Moskovskaya oblast,987458
RU
Tel. +495.7639012

Creation Date: 27-Jul-2008
Expiration Date: 27-Jul-2009

Domain servers in listed order:
ns2.rusparters.com
ns1.rusparters.com

Status:ACTIVE

*********THANKS to our Team Lead Kalyan on his analysis **********

No comments: