Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: freeftpmanager p2psharing.biz trojan site! - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
freeftpmanager p2psharing.biz trojan site!
WARNING do not visit this site nor attempt to download freeftpmanager you are likely to get infected.
Steve reported downloading “freeftpmanager”. He submitted it to virustotal.com and it is a virus but it is not well recognized.

Following his lead I see that wwwDOTfreeftpmanagerDOTcom redirects to wwwDOTp2psharingDOTbiz/freeftpmanger
So what is freeftpmanager?
Only two of the virus engines at VirusTotal recognize it. The rest came back clean.
File: freeftpman.exe
SHA-1 Digest: 793bcfefaf4f2a0f36c24aa823a5bf242a6873fa
Packers: Unknown
Status: Infected or Malware

Scanner Scanner_Version Result Scan Time
F-Secure 1.02 Trojan-Downloader.Win32.PurityScan.eg [AVP] 7.62644 secs
Sophos Sweep 4.16.0 Troj/Istbar-Fam 12.5367 secs

p2psharingDOTbiz also hosts Shareazalite and several other suspicious looking files.
It's ip is 68.178.211.35.
The abuse dept has been notified and is working on it at this time.
donald

206 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!