Yet another non-worm being spammed(btw,
breplibot #1 is on the advisories page)
Almost the same as the breplibot from the advisories, but no email
details for this one, so it’s not in the advisories hehehe.
Anyway, here’s the lowdown on this sample:
FileName:
MD5: a64420398bb46698ac81ca87dc1b05ca (unzipped)
MIST Detections:
breplibot #1 is on the advisories page)
Almost the same as the breplibot from the advisories, but no email
details for this one, so it’s not in the advisories hehehe.
Anyway, here’s the lowdown on this sample:
FileName:
- Photo and Article.zip (7,391 bytes) (extracts to Photo and
Article.exe 10,240 bytes)
MD5: a64420398bb46698ac81ca87dc1b05ca (unzipped)
MIST Detections:
- TrendMicro : PAK_Generic.001
- Symantec : Backdoor.Naninf.A
- Kaspersky : Backdoor.Win32.Breplibot.n
- McAfee : W32/Brepibot
- Sophos : Troj/Stinx-Fam
- Panda : NO_VIRUS
Update (Chachi, 05 December 2005 10:24:54)
This will detected as BKDR_BREPLIBOT.M