This time, gsbill.exe (the extracted file
that is, although it is being spammed with a random-looking
filename). We’ve received 2 copies so far, although yet again, no
email details (due to the nature of the setup).
FileName: {random}.zip (28128 bytes), extracts to gsbill.exe
(29,696 bytes)
MD5:
MIST Detections:
that is, although it is being spammed with a random-looking
filename). We’ve received 2 copies so far, although yet again, no
email details (due to the nature of the setup).
FileName: {random}.zip (28128 bytes), extracts to gsbill.exe
(29,696 bytes)
MD5:
- ZIPped file – 7ad8ee031755fb6f3c4da35584cccf7f
- Executable – af97407d3fd715dc41861816b184be5d
MIST Detections:
- TrendMicro : PAK_Generic.001
- Symantec : Trojan.Danmec
- Kaspersky : NO_VIRUS
- McAfee : MultiDropper-PH
- Sophos : NO_VIRUS
- Panda : NO_VIRUS
Update (JJ,
04 December 2005 19:43:32)
And from another source comes the actual
email details yes! heeheheh. Check out the advisories page.
email details yes! heeheheh. Check out the advisories page.
Update (Ivan, 04 December 2005 21:16:16)
This will now be detected as
TROJ_DANMEC.E.
TROJ_DANMEC.E.