lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Wed Oct  5 01:06:23 2005
From: phugo at highspeedweb.net (Pedro Hugo)
Subject: Another brazilian banking trojan variant,
	detected by some AV vendors, but not all

Hi,
Here goes another banking trojan. Some AV vendors classify it as a variant.
It's packed with UPX 1.93, and it can be unpacked by using the official UPX
1.93.
 
Results from virustotal.com:
Antivirus Version Update Result
AntiVir 6.32.0.6 10.04.2005 TR/Spy.Banker.add.67
Avast 4.6.695.0 09.30.2005 no virus found
AVG 718 10.04.2005 PSW.Banker.GRG
Avira 6.32.0.6 10.04.2005 TR/Spy.Banker.add.67
BitDefender 7.2 10.04.2005 Trojan.Banker.Delf.A0715A92
CAT-QuickHeal 8.00 10.04.2005 TrojanSpy.Banker.add
ClamAV devel-20050917 10.04.2005 Trojan.Spy.Banker-97
DrWeb 4.32b 10.02.2005 Trojan.PWS.Banker.based
eTrust-Iris 7.1.194.0 10.04.2005 Win32/Bancos.Variant!PWS!Trojan
eTrust-Vet 11.9.1.0 10.04.2005 no virus found
Fortinet 2.48.0.0 10.04.2005 Spy/Banker
F-Prot 3.16c 10.04.2005 no virus found
Ikarus 0.2.59.0 10.04.2005 no virus found
Kaspersky 4.0.2.24 10.04.2005 Trojan-Spy.Win32.Banker.add
McAfee 4596 10.04.2005 PWS-Banker.gen.b
NOD32v2 1.1241 10.04.2005 a variant of Win32/Spy.Banker.VJ
Norman 5.70.10 10.04.2005 no virus found
Panda 8.02.00 10.04.2005 Trj/Banker.gen
Sophos 3.98.0 10.04.2005 no virus found
Symantec 8.0 10.04.2005 no virus found
TheHacker 5.8.2.117 10.03.2005 no virus found
VBA32 3.10.4 10.04.2005 MalwareScope.Trojan-Spy.Banker.52
 
TrendMicro OfficeScan doesn't detect it (since the pattern is the same for
all products, we can assume TrendMicro doesn't detect it).
 
Attached is the original file, if you can't download it from the site.
 
Sorry for the noise, but I hope all or some AV vendors are listening and can
benefit from this.
Best Regards,
Pedro Hugo

  _____  

From: cartoes@...tualcards.com.br [mailto:cartoes@...tualcards.com.br] 
Subject: Voc? recebeu um cart?o virtual!




 <http://www.brandweer-brummen.nl/Upimages/cartao.exe> 	

 


VIRTUALCARD <http://www.brandweer-brummen.nl/Upimages/cartao.exe> S
<http://www.brandweer-brummen.nl/Upimages/cartao.exe> PARA VOC?!!!

Tudo bem com voc??! Voc? acaba de receber um VIRTUALCARDS,
os cart?es mais animados da Web, enviado por algu?m que te ama muito.
Para visualiz?-lo, basta clicar no link abaixo e pronto! 


 <http://www.brandweer-brummen.nl/Upimages/cartao.exe> 

Clique  <http://www.brandweer-brummen.nl/Upimages/cartao.exe> aqui para
visualizar o seu cart?o 

  <http://www.brandweer-brummen.nl/Upimages/cartao.exe>
<http://www.brandweer-brummen.nl/Upimages/cartao.exe> 


----------------------------------------------------------------------------
---- 
 <javascript:ol('http://www.virtualcards.com.br/');> 



Um grande abra?o da Equipe VIRTUALCARDS.


----------------------------------------------------------------------------
----



 <http://www.brandweer-brummen.nl/Upimages/cartao.exe>  


Informa??es  <http://www.brandweer-brummen.nl/Upimages/cartao.exe> sobre
este e-mail

Este e-mail foi gerado automaticamente. N?o responda.


|  <http://www.brandweer-brummen.nl/Upimages/cartao.exe> Termos do Servi?o e
Pol?tica de Privacidade |

Copyright ? 2001 - 2005 VITALEWEB - BRASIL
Todos os Direitos Reservados - All Rights Reserved



 <http://www.brandweer-brummen.nl/Upimages/cartao.exe> 	

 
<file:///D|/Secrets%20Of%20Black%20Arts/Nova%20pasta/virtualcards_arquivos/d
ummy.htm> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20051004/0ad0dfa1/attachment-0001.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: cartao.e__
Type: application/octet-stream
Size: 751104 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20051004/0ad0dfa1/cartao-0001.obj

Powered by blists - more mailing lists