Peed Goes Static
For the last few days, the Peed servers have stopped rotating their malware. They are sticking with the static MD5 sum of c05893a656b54164fb486028309bd89e.
Most of the major Antivirus vendors are aware of the file:
UPDATE: A closer look at our binaries over the last few days shows that we're still getting random binaries, but only a couple hundred a day, instead of several thousand. By far the most common binary appears to be c05893a656b54164fb486028309bd89e.
| File setup.exe received on 09.01.2007 17:54:57 (CET) | |||
| Antivirus | Version | Last Update | Result |
| AhnLab-V3 | 2007.9.1.0 | 2007.09.01 | Win32/Zhelatin.worm.138240.B |
| AntiVir | 7.4.1.66 | 2007.08.31 | Worm/Zhelatin.HJ |
| Authentium | 4.93.8 | 2007.09.01 | W32/Tibs.XB |
| Avast | 4.7.1029.0 | 2007.09.01 | Win32:Tibs-BCY |
| AVG | 7.5.0.484 | 2007.08.31 | Generic6.WTZ |
| BitDefender | 7.2 | 2007.09.01 | Trojan.Peed.PB |
| CAT-QuickHeal | 9.00 | 2007.09.01 | - |
| ClamAV | 0.91.2 | 2007.09.01 | - |
| DrWeb | 4.33 | 2007.09.01 | BackDoor.Groan |
| eSafe | 7.0.15.0 | 2007.08.29 | - |
| eTrust-Vet | 31.1.5100 | 2007.08.31 | Win32/Pecoan |
| Ewido | 4.0 | 2007.09.01 | - |
| FileAdvisor | 1 | 2007.09.01 | - |
| Fortinet | 3.11.0.0 | 2007.09.01 | W32/Tibs@mm |
| F-Prot | 4.3.2.48 | 2007.08.31 | W32/Tibs.XB |
| F-Secure | 6.70.13030.0 | 2007.08.31 | Email-Worm.Win32.Zhelatin.hj |
| Ikarus | T3.1.1.12 | 2007.09.01 | Backdoor.Win32.Agent.amd |
| Kaspersky | 4.0.2.24 | 2007.09.01 | Email-Worm.Win32.Zhelatin.hj |
| McAfee | 5110 | 2007.08.31 | W32/Nuwar@MM |
| Microsoft | 1.2803 | 2007.09.01 | - |
| NOD32v2 | 2495 | 2007.09.01 | - |
| Norman | 5.80.02 | 2007.08.31 | W32/Tibs.dam |
| Panda | 9.0.0.4 | 2007.09.01 | Trj/Alanchum.MV |
| Prevx1 | V2 | 2007.09.01 | - |
| Rising | 19.38.52.00 | 2007.09.01 | Worm.Mail.Win32.Zhelatin.dau |
| Sophos | 4.21.0 | 2007.09.01 | W32/Bagz-I |
| Sunbelt | 2.2.907.0 | 2007.08.31 | Trojan-Downloader.Win32.Tibs.jy |
| Symantec | 10 | 2007.09.01 | Trojan Horse |
| TheHacker | 6.1.9.175 | 2007.08.31 | W32/Zhelatin.hj |
| VBA32 | 3.12.2.3 | 2007.09.01 | Email-Worm.Win32.Zhelatin.hj |
| VirusBuster | 4.3.26:9 | 2007.09.01 | I-Worm.Zhelatin.AA |
| Webwasher-Gateway | 6.0.1 | 2007.08.31 | Worm.Zhelatin.HJ |
| Additional information | |||
| File size: 138240 bytes | |||
| MD5: c05893a656b54164fb486028309bd89e | |||
| SHA1: 8ad506547710d61a6ac0613fdb1d290911f8e600 | |||
(Virustotal Results, http://www.virustotal.com)
As you can see, a select few still miss it, so please be careful clicking on those links in email or blog posts!UPDATE: A closer look at our binaries over the last few days shows that we're still getting random binaries, but only a couple hundred a day, instead of several thousand. By far the most common binary appears to be c05893a656b54164fb486028309bd89e.
Labels: nuwar, peacomm, peed, Storm, virustotal
posted by Nicholas at
09:18
0 Comments:
Post a Comment
<< Home