Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Hi, remember me?...

Published: 2008-05-02
Last Updated: 2008-05-02 14:20:12 UTC
by Adrien de Beaupre (Version: 1)
3 comment(s)

Ever read through your spam sometimes to see what's popular? Of course you may also get a fresh serving of malware, which makes it very worthwhile. "Hi, remember me?..
new fotos(archived) you asked ;))
hxxp://lightfly.de/My_foto.exe
kiss,
Angella O."

Well, no I don't remember an Angella that I have met recently, particularly not someone who might send me photos. But I'll bite. A simple wget scores me an exe. Virustotal results are depressingly consistent. 4/32.

AntiVir     7.8.0.11     2008.05.02     TR/Crypt.XPACK.Gen
CAT-QuickHeal     9.50     2008.05.01     (Suspicious) - DNAScan
eSafe     7.0.15.0     2008.04.28     Suspicious File
Webwasher-Gateway     6.6.2     2008.05.02     Trojan.Crypt.XPACK.Gen
Additional information
File size: 167936 bytes
MD5...: cb1de4847ca840f8837fc8381ec6b0cb
SHA1..: 26c018e4968e6dc092d5389759e939f741bb66b3

So, only generic detection when the file was first seen, how about 12 hours later? Nope, same results.

Cheers,
Adrien de Beaupré
Bell Canada

 


Keywords: malware spam
3 comment(s)
Diary Archives