28bf01f67db4a5e8e6174b066775eae0 / psiphon.exe
PostPosted:Mon May 26, 2014 5:07 am
by iodust
Hello everyone,
Does anyone have the following sample mentioned in the article below?
https://citizenlab.org/2014/03/maliciou ... d-psiphon/
MD5: 28bf01f67db4a5e8e6174b066775eae0
filename: psiphon.exe
Thanks,
iodust
Re: 28bf01f67db4a5e8e6174b066775eae0 / psiphon.exe
PostPosted:Mon May 26, 2014 7:49 am
by CloneRanger
Hi, i'm not sure what's going on here because both files have dodgy certs !
cert.png (1.89 KiB) Viewed 209 times
I downloaded psiphon3.exe from the "official" www
https://psiphon.ca/en/index.html & psiphon3a.exe from -
https://555777.biz/rgVaxk/?lang=en I renamed psiphon3.exe to psiphon3a.exe
5. Psiphon’s website states:”The SHA1 thumbprint for the Psiphon Inc. certificate public key is displayed in the Certificate dialog Details tab. For the certificate valid for the period June 16, 2011 to June 21, 2012 the SHA1 thumbprint is:8f:b7:ef:bd:20:a9:20:3a:38:37:08:a2:1e:0a:1d:2e:ad:7b:ee:6dThe certificate valid for the for the period May 21, 2011 to July 30, 2014 the SHA1 thumbprint is:84:c5:13:5b:13:d1:53:96:7e:88:c9:13:86:0e:83:ee:ef:48:8e:91
https://citizenlab.org/2014/03/maliciou ... ed-psiphon
psiphon3.exe - SHA1 = 2bd632f03c0d8de53948a100bf9ad9f1283b8117
http://r.virscan.org/report/4dc1d1e04da ... cdd727e943
psiphon3a.exe - SHA1 = 5de435df5a55b8f0b4f3b6643c53cdc7bd43a012
http://r.virscan.org/report/966a5761c78 ... 16a7008a0f
PW = infected
(690.8 KiB) Downloaded 49 times
Re: 28bf01f67db4a5e8e6174b066775eae0 / psiphon.exe
PostPosted:Mon May 26, 2014 11:22 am
by EP_X0FF
What he wants is Bladabindi MSIL crap (aka NJ rat). Yes, iodust also banned on VT and this forum search button seems unavailable for him.
