[EP_X0FF]

http://virusscan.jotti.org/de/scanresul ... 02fa67d8b3

Keygen for Adobe Photoshop CS5 joined with Agobot.

Original attach removed, actual malware and music from keygen attached.

AVAST EAT YOUR SHIT

[markusg]

Free Sms Setup.exe
http://www.virustotal.com/file-scan/rep ... 1298998285

[EP_X0FF]

Free Sms Setup.exe
http://www.virustotal.com/file-scan/rep ... 1298998285

Like previous Smart Install Maker setup joined with Agobot. In attach actual malware file extracted from bundle.
Nothing impressive, can be easily removed by users even without deep knowledge.

[rkhunter]

One more IRCBot - Backdoor:Win32/IRCbot.FH.

Copies itself to: %AppData%\Microsoft\svchost.exe
Runs from: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Windows Defender
DNS query to

venomz1000.no-ip.biz.

Creates mutex: 7VTE1FB2ZY.

SOFTWARE\Borland\Delphi\RTL
kernel32.dll
CreateToolhelp32Snapshot
kernel32.dll
GetDiskFreeSpaceExA
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
SOFTWARE\
\FileNameActual
\FirstInstall
~cache.bat
sqlite3_open
sqlite3_errmsg
sqlite3_free
sqlite3_close
sqlite3_last_insert_rowid
sqlite3_total_changes
sqlite3_errcode
sqlite3_bind_text
sqlite3_bind_int
sqlite3_bind_int64
sqlite3_bind_double
sqlite3_bind_null
sqlite3_bind_blob
sqlite3_prepare_v2
sqlite3_step
sqlite3_reset
:\windows\explorer.exe
SOFTWARE\Mozilla\Mozilla Firefox\CurrentVersion
[autorun]
shell=verb
open=
action=Open folder to view files
shell\open=Open
icon=%SystemRoot%\system32\SHELL32.dll,4

Responce to 144.132.216.78:3086 http://whois.domaintools.com/144.132.216.78.

[rkhunter]

IRCBot

VT (22/43 >> 51.2%)

[vennemars-alex]

Is it that eight years old Agobot? I have that source

[Win32:Virut]

MD5: F5B2F0B7A9E58E4800945146A87D25FE
SHA1: 0C065ACAF958581C53C0CCA4FDD59065A27A6FBE
https://www.virustotal.com/file/f9a3241 ... /analysis/

http://niebezpiecznik.pl/post/dane-kont ... kaspersky/ (in Polish)

[360Tencent]

http://www.gironsec.com/blog/2013/03/re ... -a-botnet/

http://www.gironsec.com/zz_botnet.7z