New viral sample available for upload (April 21)

Discussion in 'Anti-Virus' started by Virus Guy, Apr 22, 2012.

  1. Virus Guy

    Virus Guy Guest

    This came in via e-mail attachment today:

    http://www.fileden.com/files/2012/4/21/3295201/Label_Parcel_USPS.rar

    Password is "a" (no quotes).

    Can't quite make out what it's supposed to be according to VT. Mostly
    being id'd as "Barys".
     
    Virus Guy, Apr 22, 2012
    #1
    1. Advertisements

  2. I ran it, and it dropped a file urlmon.exe which when submitted to VT
    indicated it had already been submitted (probably yours). They're
    scanning a file from temp now.

    dGhKQWC2HzkZGD.exe.tmp

    https://www.virustotal.com/file/dbbac24f548a46f9d507579903507614fe5501972309be42786ba43103f98ce3/analysis/1335057298/
     
    FromTheRafters, Apr 22, 2012
    #2
    1. Advertisements

  3. Virus Guy

    Dustin Guest

    Cool beans. I'll check it out tomorrow. Thanks.
     
    Dustin, Apr 22, 2012
    #3
  4. Virus Guy

    Virus Guy Guest

    http://www.bleepingcomputer.com/forums/topic451240.html

    --------------
    Posted Today, 03:16 AM

    OK... so Monday's 0day drop/version update revealed some information I
    haven't seen before. A phone number!

    888-887-7721

    This goes to some chimps at a company called "soft logic". I spent a few
    hours poking, prodding, and yes trolling them to get the following
    information. Ruin my customer's day, time for me to be the bringer of
    Karma and ruin theirs hahaha!. I either spoke with a "Catherine" or a
    "Louie" who were incredibly shady in their phone demeanor.

    From what I gathered they are an outsourced support company (supposedly)
    that provides customer service to all versions of, Smart HDD, System
    Check, System Fix, and Defrag Pro. It is yet to be confirmed if this is
    a couple of jack@$$es posing as Soft Logic or the real company. A
    contact of mine living in India says they're a new company. By the time
    this post gets read the number could have been changed.

    Giving the benefit of the doubt, I did suggest that if they are the
    kinda company they say they are, they will drop the contract and do
    support for Dell or something. May suck but atleast it's more honest
    work.
    ----------------
     
    Virus Guy, Apr 24, 2012
    #4
  5. Yeah, VT apparently recognized it by md5 and told me it had been
    submitted about an hour earlier. It apparently left a zero length file
    under the original name and created the newly named urlmon.exe and the
    temp file.
    Is that all? :eek:D

    [...]
     
    FromTheRafters, Apr 24, 2012
    #5
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.