Sunday, August 31, 2014

my new photo ;) (Virus)

my new photo ;)
if you like my photo to send me u photo

< photo.zip >

Virus Analysis :

AVG SHeur4.CBFB 20140830
AVware Trojan.Win32.Generic!BT 20140830
Ad-Aware Trojan.Agent.BEZQ 20140830
AntiVir TR/Dropper.VB.18514 20140830
Avast Win32:Trojan-gen 20140830
BitDefender Trojan.Agent.BEZQ 20140830
ByteHero Virus.Win32.Heur.p 20140830
Cyren W32/Trojan.OVUX-2230 20140830
DrWeb BackDoor.Tishop.122 20140830
ESET-NOD32 Win32/TrojanDownloader.Zurgop.BK 20140830
Emsisoft Trojan.Agent.BEZQ (B) 20140830
F-Secure Trojan.Agent.BEZQ 20140830
GData Trojan.Agent.BEZQ 20140830
Ikarus Trojan.Inject 20140830
Kaspersky Trojan.Win32.Inject.qtsd 20140830
Malwarebytes Spyware.Zbot.ED 20140830
McAfee Dropper-FLO!01BD3D688F14 20140830
McAfee-GW-Edition Dropper-FLO!01BD3D688F14 20140830
MicroWorld-eScan Trojan.Agent.BEZQ 20140830
Sophos Troj/VB-HOC 20140830
Symantec Trojan.Smoaler 20140830
VIPRE Trojan.Win32.Generic!BT 20140830

ASM DLL Analysis :

; Imports from SHELL32.DLL
imp_SHCreateShellItem:
00401000 F4 hlt ; XREF=0x4010ae
00401001 db 0x0e
00401002 db 0x91
00401003 db 0x73
00401004 0000 add byte [ds:eax], al
00401006 0000 add byte [ds:eax], al

; Imports from NETAPI32.DLL
imp_NetGetDCName:
00401008 dd 0xffffffff ; XREF=0x4010a8
0040100c 0000 add byte [ds:eax], al
0040100e 0000 add byte [ds:eax], al

; Imports from MSVBVM60.DLL
imp_ordinal_669:
00401010 dd 0x7294a1bb ; XREF=0x40109c
imp_ordinal_598:
00401014 dd 0x72a0e0f7 ; XREF=0x40108a
imp_ordinal_631:
00401018 dd 0x72a26fe2 ; XREF=0x401090
imp_ordinal_632:
0040101c dd 0x72a2702f ; XREF=0x401096
imp_EVENT_SINK_AddRef:
00401020 dd 0x72a09b74 ; XREF=0x4010c0
imp_DllFunctionCall:
00401024 dd 0x7294a0fd ; XREF=0x401060
imp_EVENT_SINK_Release:
00401028 dd 0x72a09b87 ; XREF=0x4010c6
imp_EVENT_SINK_QueryInterface:
0040102c dd 0x72a09a85 ; XREF=0x4010ba
imp___vbaExceptHandler:
00401030 dd 0x72a247df ; XREF=0x4010b4
imp_ordinal_717:
00401034 dd 0x72a28fe9 ; XREF=0x401066
imp_ProcCallEngine:
00401038 dd 0x72a3d05d ; XREF=0x4010cc
imp_ordinal_535:
0040103c dd 0x72a1c85d ; XREF=0x401084
imp_ordinal_644:
00401040 dd 0x72a1de99 ; XREF=0x401078
imp_ordinal_648:
00401044 dd 0x72a14275 ; XREF=0x401072
imp_ordinal_578:
00401048 dd 0x72a161f8 ; XREF=0x4010a2
imp_ordinal_100:
0040104c dd 0x729435a4 ; XREF=0x4010d2
imp_ordinal_616:
00401050 dd 0x72a26d9a ; XREF=0x40106c
imp_ordinal_544:
00401054 dd 0x72a11c93 ; XREF=0x40107e
No comments:
Labels : , , , , , ,
Subscribe to: Posts (Atom)
Copyright © Scam.cz | Created by Rbcafe