New Virus Sample (June 14)

Discussion in 'Anti-Virus' started by Virus Guy, Jun 15, 2012.

  1. Virus Guy

    Virus Guy Guest

    I received a new spam e-mail containing viral attachments yesterday.

    So sad to see that yahoo did not detect these files and block the e-mail
    from being sent.

    The attachments were:

    tt.xls.exe (589 kb)
    tt.pdf.exe (569 kb)

    Both files were detected by 50% of A-V apps @ VirusTotal yesterday when
    they were submitted.

    E-mail originates from (Lagos, Nigeria).

    The files can be downloaded here:

    Password is "a" (no quotes).

    Here's the full spam:

    Return-Path: <>
    Received: from ([])
    Wed, 13 June 2012 21:57:43 -0400
    Received: from [] by via HTTP
    Wed, 13 Jun 2012 18:57:34 PDT
    X-Mailer: YahooMailClassic/15.0.6 YahooMailWebService/
    From: Dr Datti Williams <>
    Subject: hello

    I saw your website and I am interested in your products.
    Attached is a list for what we need and quantity.
    Please check and quote similar items.
    Any question please let us know.
    We want to know if products can be designed and labelled
    (client private label) as seen on this attached list.
    Please download the attachment and confirm to us.

    I’ll be waiting for Your quotation.

    Look forward to hearing from you soon.

    Best regards
    nancy lee

    Content-Type: application/x-zip-compressed;
    Content-Transfer-Encoding: base64
    Content-Disposition: attachment;
    Virus Guy, Jun 15, 2012
    1. Advertisements

  2. Virus Guy

    Virus Guy Guest

    This file was already analysed by VirusTotal on 2012-06-11 15:45:36.

    Detection ratio: 0/42

    You can take a look at the last analysis or analyse it again now.

    Detection ratio: 0 / 42
    Analysis date: 2012-06-15 13:58:14 UTC ( 0 minutes ago )

    I'm not sure if these secondary payloads are supposed to be detectable
    by AV programs.

    This one wasn't flagged by any AV apps on June 11, and today (June 15)
    it still isin't.

    What is this file anyways?
    Virus Guy, Jun 15, 2012
    1. Advertisements

  3. Virus Guy

    Virus Guy Guest

    Yes, the bin file hosted by

    What is it (what type of compression, what does it contain) and why
    doesn't any AV package detect or recognize it?
    Virus Guy, Jun 16, 2012
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.