Anexado a mails/spam se reciben estas dos variantes SOUNDER, que si se ejecutan, descargan ficheros malware como downloaders que son.
Pasan a ser controlados a partir de ElistarA 30.73
Los preanalisis de virustotal ofrecen los siguientes informes:
MD5 4aeb979ff27f55babde4c0db59dcd7dd
SHA1 19f4d83a543b45714b84d4e754b09d0ebdfa7b80
Tamaño del fichero 51.0 KB ( 52224 bytes )
SHA256: 4aac94d293955a483514059434a7d1202c83e95178998733fd9311f620370783
Nombre: photo.exe
Detecciones: 41 / 53
Fecha de análisis: 2014-10-06 14:58:59 UTC ( hace 1 minuto )
0 34
Antivirus Resultado Actualización
AVG MSIL5.FUA 20141006
AVware Trojan.Win32.Generic.pak!cobra 20141006
Ad-Aware Trojan.GenericKD.1883197 20141006
Agnitum Backdoor.Androm!bVZT4HKhIvw 20141005
AhnLab-V3 Backdoor/Win32.Androm 20141006
Antiy-AVL Trojan/Win32.Androm 20141006
Avast Win32:Trojan-gen 20141006
Avira TR/Gamarue.Lse.26 20141006
Baidu-International Backdoor.Win32.Androm.aVSG 20141006
BitDefender Trojan.GenericKD.1883197 20141006
Bkav W32.SymmiRweaszsC.Trojan 20141006
CAT-QuickHeal Worm.Gamarue.r3 20141004
Comodo TrojWare.Win32.Amtar.amu 20141006
Cyren W32/Trojan.VQWK-3103 20141006
Emsisoft Backdoor.Win32.Agent (A) 20141006
F-Prot W32/Trojan3.KYT 20141006
F-Secure Trojan.GenericKD.1883197 20141006
Fortinet MSIL/Wauchos.AF!tr 20141006
GData Trojan.GenericKD.1883197 20141006
Ikarus Backdoor.Win32.Androm 20141006
K7AntiVirus Trojan-Downloader ( 0049c6041 ) 20141006
K7GW Trojan-Downloader ( 0049c6041 ) 20141006
Kaspersky Backdoor.Win32.Androm.fauy 20141006
Malwarebytes Backdoor.Bot 20141006
McAfee Generic.so 20141006
McAfee-GW-Edition BehavesLike.Win32.Backdoor.qh 20141006
MicroWorld-eScan Trojan.GenericKD.1883197 20141006
Microsoft Worm:Win32/Gamarue 20141006
NANO-Antivirus Trojan.Win32.Andromeda.dfrven 20141006
Norman Troj_Generic.WACOZ 20141006
Panda Trj/WLT.A 20141006
Qihoo-360 HEUR/Malware.QVM03.Gen 20141006
Sophos Troj/Msil-AKX 20141006
Symantec Backdoor.Trojan 20141006
Tencent Win32.Trojan.Inject.Auto 20141006
TotalDefense Win32/Tnega.AVVE 20141006
TrendMicro-HouseCall BKDR_ANDROM.YPN 20141006
VBA32 TScope.Trojan.MSIL 20141006
VIPRE Trojan.Win32.Generic.pak!cobra 20141006
ViRobot Trojan.Win32.S.Agent.52224.AU 20141006
nProtect Backdoor/W32.Androm.52224.B 20141006
y la otra variante:
MD5 d5a7290b056649b179f0440a47085588
SHA1 eca5b389c14b0d4fb3276c867458016d7a473fa7
Tamaño del fichero 49.5 KB ( 50688 bytes )
SHA256: e836820d947de6da456a61b37f9c9cdf749a61211b52a51a2aef0aab5786239f
Nombre: 2.exe
Detecciones: 36 / 54
Fecha de análisis: 2014-10-06 12:47:19 UTC ( hace 2 horas, 21 minutos )
3 36
Antivirus Resultado Actualización
AVG MSIL5.KRQ 20141006
Ad-Aware Trojan.GenericKD.1899677 20141006
AhnLab-V3 Backdoor/Win32.Androm 20141006
Antiy-AVL Trojan/Win32.Androm 20141006
Avast Win32:Malware-gen 20141006
Avira TR/Gamarue.A.780 20141006
Baidu-International Backdoor.Win32.Androm.aPr 20141006
BitDefender Trojan.GenericKD.1899677 20141006
ClamAV Win.Trojan.Generickd-990 20141006
Cyren W32/Trojan.IVAO-9078 20141006
ESET-NOD32 Win32/TrojanDownloader.Wauchos.AF 20141006
Emsisoft Backdoor.Win32.Androm (A) 20141006
F-Prot W32/Trojan3.LCN 20141005
F-Secure Trojan:W32/Agent.DVST 20141006
Fortinet W32/Androm.AF!tr.bdr 20141006
GData Trojan.GenericKD.1899677 20141006
Ikarus Trojan-Spy.Zbot 20141006
K7AntiVirus Trojan-Downloader ( 0049c6041 ) 20141006
K7GW Trojan-Downloader ( 0049c6041 ) 20141006
Kaspersky Backdoor.Win32.Androm.fcce 20141006
Malwarebytes Backdoor.Bot 20141006
McAfee Generic VB.i 20141006
McAfee-GW-Edition Generic VB.i 20141006
MicroWorld-eScan Trojan.GenericKD.1899677 20141006
Microsoft Worm:Win32/Gamarue 20141006
Norman Troj_Generic.WDTJX 20141006
Panda Trj/CI.A 20141006
Qihoo-360 HEUR/Malware.QVM03.Gen 20141006
Sophos Mal/Agent-APQ 20141006
Symantec Backdoor.Trojan 20141006
Tencent Win32.Trojan.Inject.Auto 20141006
TotalDefense Win32/Tnega.EKOIeZD 20141006
TrendMicro TROJ_INJECT.LGR 20141006
VBA32 TScope.Trojan.MSIL 20141006
ViRobot Trojan.Win32.U.Agent.50688.B 20141006
nProtect Backdoor/W32.Androm.50688.M 20141006
Dicha version del ElistarA 30.73 que los detecta y elimina, estará disponible en nuestra web a partir de las 19 h CEST de hoy
saludos
ms, 6-10-2014
Pasan a ser controlados a partir de ElistarA 30.73
Los preanalisis de virustotal ofrecen los siguientes informes:
MD5 4aeb979ff27f55babde4c0db59dcd7dd
SHA1 19f4d83a543b45714b84d4e754b09d0ebdfa7b80
Tamaño del fichero 51.0 KB ( 52224 bytes )
SHA256: 4aac94d293955a483514059434a7d1202c83e95178998733fd9311f620370783
Nombre: photo.exe
Detecciones: 41 / 53
Fecha de análisis: 2014-10-06 14:58:59 UTC ( hace 1 minuto )
0 34
Antivirus Resultado Actualización
AVG MSIL5.FUA 20141006
AVware Trojan.Win32.Generic.pak!cobra 20141006
Ad-Aware Trojan.GenericKD.1883197 20141006
Agnitum Backdoor.Androm!bVZT4HKhIvw 20141005
AhnLab-V3 Backdoor/Win32.Androm 20141006
Antiy-AVL Trojan/Win32.Androm 20141006
Avast Win32:Trojan-gen 20141006
Avira TR/Gamarue.Lse.26 20141006
Baidu-International Backdoor.Win32.Androm.aVSG 20141006
BitDefender Trojan.GenericKD.1883197 20141006
Bkav W32.SymmiRweaszsC.Trojan 20141006
CAT-QuickHeal Worm.Gamarue.r3 20141004
Comodo TrojWare.Win32.Amtar.amu 20141006
Cyren W32/Trojan.VQWK-3103 20141006
Emsisoft Backdoor.Win32.Agent (A) 20141006
F-Prot W32/Trojan3.KYT 20141006
F-Secure Trojan.GenericKD.1883197 20141006
Fortinet MSIL/Wauchos.AF!tr 20141006
GData Trojan.GenericKD.1883197 20141006
Ikarus Backdoor.Win32.Androm 20141006
K7AntiVirus Trojan-Downloader ( 0049c6041 ) 20141006
K7GW Trojan-Downloader ( 0049c6041 ) 20141006
Kaspersky Backdoor.Win32.Androm.fauy 20141006
Malwarebytes Backdoor.Bot 20141006
McAfee Generic.so 20141006
McAfee-GW-Edition BehavesLike.Win32.Backdoor.qh 20141006
MicroWorld-eScan Trojan.GenericKD.1883197 20141006
Microsoft Worm:Win32/Gamarue 20141006
NANO-Antivirus Trojan.Win32.Andromeda.dfrven 20141006
Norman Troj_Generic.WACOZ 20141006
Panda Trj/WLT.A 20141006
Qihoo-360 HEUR/Malware.QVM03.Gen 20141006
Sophos Troj/Msil-AKX 20141006
Symantec Backdoor.Trojan 20141006
Tencent Win32.Trojan.Inject.Auto 20141006
TotalDefense Win32/Tnega.AVVE 20141006
TrendMicro-HouseCall BKDR_ANDROM.YPN 20141006
VBA32 TScope.Trojan.MSIL 20141006
VIPRE Trojan.Win32.Generic.pak!cobra 20141006
ViRobot Trojan.Win32.S.Agent.52224.AU 20141006
nProtect Backdoor/W32.Androm.52224.B 20141006
y la otra variante:
MD5 d5a7290b056649b179f0440a47085588
SHA1 eca5b389c14b0d4fb3276c867458016d7a473fa7
Tamaño del fichero 49.5 KB ( 50688 bytes )
SHA256: e836820d947de6da456a61b37f9c9cdf749a61211b52a51a2aef0aab5786239f
Nombre: 2.exe
Detecciones: 36 / 54
Fecha de análisis: 2014-10-06 12:47:19 UTC ( hace 2 horas, 21 minutos )
3 36
Antivirus Resultado Actualización
AVG MSIL5.KRQ 20141006
Ad-Aware Trojan.GenericKD.1899677 20141006
AhnLab-V3 Backdoor/Win32.Androm 20141006
Antiy-AVL Trojan/Win32.Androm 20141006
Avast Win32:Malware-gen 20141006
Avira TR/Gamarue.A.780 20141006
Baidu-International Backdoor.Win32.Androm.aPr 20141006
BitDefender Trojan.GenericKD.1899677 20141006
ClamAV Win.Trojan.Generickd-990 20141006
Cyren W32/Trojan.IVAO-9078 20141006
ESET-NOD32 Win32/TrojanDownloader.Wauchos.AF 20141006
Emsisoft Backdoor.Win32.Androm (A) 20141006
F-Prot W32/Trojan3.LCN 20141005
F-Secure Trojan:W32/Agent.DVST 20141006
Fortinet W32/Androm.AF!tr.bdr 20141006
GData Trojan.GenericKD.1899677 20141006
Ikarus Trojan-Spy.Zbot 20141006
K7AntiVirus Trojan-Downloader ( 0049c6041 ) 20141006
K7GW Trojan-Downloader ( 0049c6041 ) 20141006
Kaspersky Backdoor.Win32.Androm.fcce 20141006
Malwarebytes Backdoor.Bot 20141006
McAfee Generic VB.i 20141006
McAfee-GW-Edition Generic VB.i 20141006
MicroWorld-eScan Trojan.GenericKD.1899677 20141006
Microsoft Worm:Win32/Gamarue 20141006
Norman Troj_Generic.WDTJX 20141006
Panda Trj/CI.A 20141006
Qihoo-360 HEUR/Malware.QVM03.Gen 20141006
Sophos Mal/Agent-APQ 20141006
Symantec Backdoor.Trojan 20141006
Tencent Win32.Trojan.Inject.Auto 20141006
TotalDefense Win32/Tnega.EKOIeZD 20141006
TrendMicro TROJ_INJECT.LGR 20141006
VBA32 TScope.Trojan.MSIL 20141006
ViRobot Trojan.Win32.U.Agent.50688.B 20141006
nProtect Backdoor/W32.Androm.50688.M 20141006
Dicha version del ElistarA 30.73 que los detecta y elimina, estará disponible en nuestra web a partir de las 19 h CEST de hoy
saludos
ms, 6-10-2014