[rough_spear]

Hi Everybody, :)
Here i found some files from infected system.ZAccess rootkit drivers files.

File Name - 800000cb.@ and 80000000.@
File Size - 16KB

VT Link - http://www.virustotal.com/file-scan/rep ... 1319030816

MD5 : 976734129c1390447b2436a36d14dcbd
SHA1 : 7a2aa0b1273db6fddf2853b07fdd7b1f4ad79c3b
SHA256: daa5bc99959a3fe3b9e8449c175b1df28d57b859ac5ea0e389bbe8bd9022940e
ssdeep: 384:TtMI0XKhkNbXj+Z1l1NByikvZHikNNFR80:TCikN2Z1VBy3Hp80

File name - X
File Size - 59 KB

VT Link - http://www.virustotal.com/file-scan/rep ... 1318950271

MD5 : d1da221b63f0577f744b8b946d101295
SHA1 : f91dbfa1e7d0b8518c1db23a643592f94316cecb
SHA256: b6d4f12d840fd1a190b1f5e613c8b6db70ff0c6940b65772301901f9df0c62b8
ssdeep: 768:oeiMfpZzL5fNFOLtRGxETsZgZfUvq5h59kzf15C5Sp0AgD57TFQQm+SuguJ5:93LnSsZgJe
e59o+5STQ57CNu55

Malware dropped by ZAccess.
File name - mexe.com
File Size - 3.32 MB

VT Link - http://www.virustotal.com/file-scan/rep ... 1315066444
MD5 : 3c0b9c82f0a1c2528f2ee22715ba1d82
SHA1 : eda451bf50f825f4c8a15394dc562b46b31834bb
SHA256: d86f2dafdb23212bef7239fa4b54b07eaaee16244ba147f524ff5a3756722c93
ssdeep: 49152:wTdh8jgydkZkPyQtx4x6mar14tjz8VnyBA5hPKJHPKJgPKJ5PKJtPKJSPKJxcfZW:FoWP
PtxN14tj+cfI

Waiting for Expert comments. :mrgreen:
Thanks in advance.

Regards,


rough_spear. ;)

[markusg]

last one is clean and part of
MicroWorld

[rough_spear]

Thanks for your comment markus. :D

last one is clean and part of
MicroWorld

rough_spear. ;)

[S!Ri]

I like coders when they create a '666' resource in a legit stuff

[bitx]

VirusTotal 2/43

[EP_X0FF]

VirusTotal 2/43

I like this page it's trying to access :)

hxxp://193.105.154.210/

[rough_spear]

Hi All, :D
Two fresh samples of ZAccess Rootkit. :twisted:

hxxp://mega-upload-servers.com/setup_.exe

VT link - http://www.virustotal.com/file-scan/rep ... 1319058190

MD5 : d79be95a6b66ad2fb5d61c398e1770e1
SHA1 : 14b6545765428b417e2cef0d86801353256518fd
SHA256: aedf2542cdfb61daf1613c119c5fc0b764bf3d49617f1b1ae80dcf49b184b2e7
ssdeep: 6144:YicAXLQzFcEw6+uSYGYHaT2ossuBe7Iiz4YUriaOk4aZX4O9:YicmLQzfw6+fY/HKjiesA
4caiaZXx
File size : 248832 bytes

hxxp://maturexporntube.in/hot/dogsex_08.avi.exe

File name - dogsex_08.avi.exe

VT link - http://www.virustotal.com/file-scan/rep ... 1319197450

MD5 : dbc87daeb66834b316eecdf82d3734a5
SHA1 : 1ef4f91e311ed48b2f0a2b5e3413198cb52a1557
SHA256: 1c5962f4d9b1cd386b219221bdb8a5ca66729dd2e600ac5ca4ff1c68f95db24d
ssdeep: 6144:F4aTlsUIPB0MztDu/SF1NfF9IGsPBM4g9dil:F4lUkBRlL/sPBM4g9d
File size : 242688 bytes

Regards,


rough_spear. ;)

[rough_spear]

Hi All,
ZAccess dropped files today i found on infected systems. :twisted:


Regards,


rough_spear. ;)

[EP_X0FF]

ZAccess dropped files today i found on infected systems. :twisted:

Probably one machine with TDL4 killed by ZeroAccess.
There are also Cycbot (Gbot) - 6 items, Cycbot config file, spambot, trojan iSpreader (Z:\ISpread-NEW\Release\iSpreader Release Version.pdb), some vb junk.

[markusg]

X
MD5   : 92f9c6dc64e0be590c7a2d6a2da6fbe7
http://www.virustotal.com/file-scan/rep ... 1319292337