Protected private content videos are spreading malware. The web site is looking like original movie website. If you want to see the the protected content, you have to click the ‘ENABLE VIDEO NOW’. After clicking the link you are ready to get infect the malware
If you need to open the video, you need secure code & access code
Where can I get the code? .Click the access generator. It will generate the code& simultaneously Drop the trojan.AntiVir is detecting as TR/Dropper.Gen, McAfee-GW-Edition is detecting as Trojan.Dropper.Gen
Additional information:
File size: 88576 bytes
MD5...: 37d63ad95eae5b2810b9b860dcb03ba6
TrID..: File type identification
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information
Base Data
entrypointaddress.: 0x2214
timedatestamp.....: 0x49cfb31d (Sun Mar 29 17:42:53 2009)
machinetype.......: 0x14c (I386)
Imports
kernel32.dll: ExitProcess, FreeLibrary, GetModuleHandleA, GetProcAddress, LoadLibraryA, lstrcatA, lstrcpyA, lstrlenA
More ananlysis:http://www.virustotal.com/analisis/e65ba59b29da0592d47c871d3261d48e
WHOIS INFORMATION:
Registration Service Provided By: REGNAME.BIZ
Contact: +1.2014674681
Website: http://www.regname.biz
Domain Name: CUTMYHEART.COM
Registrant:
N/A
Karlos ()
Mira str 144 app. 12
Moscow
Moskovskaya oblast,987458
RU
Tel. +495.7639012
Creation Date: 27-Jul-2008
Expiration Date: 27-Jul-2009
Domain servers in listed order:
ns2.rusparters.com
ns1.rusparters.com
Status:ACTIVE
*********THANKS to our Team Lead Kalyan on his analysis **********
No comments:
Post a Comment