New malware (0/52 detection rate at VT) May 5 / 2014

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
Sample can be downloaded here:

http://filepost.com/files/1b13bfm5/VoiceMail.zip/

Zero detection rate of unpacked file (.scr / exe) at VT.

---------------
File already analysed

This file was last analysed by VirusTotal on 2014-05-05 12:42:15 UTC
it was first analysed by VirusTotal on 2014-05-05 11:34:26 UTC.

Detection ratio: 0/52  

https://www.virustotal.com/en/file/6d8fed40d1023a26da990d04bf68fb9da0c09e843c2f6886573ae9fb3bca3b88/analysis/1399293921/
---------------

Anubis analysis:

---------------
http://anubis.iseclab.org/?action=result&task_id=1831c35c473df6f14a94c12bf1379713d&call=first

DNS Queries:        
Name               Query Type   Query Result     Successful
iknowstudio.com   DNS_TYPE_A   216.185.116.28   YES  

HTTP Conversations:       
From ANUBIS:1028 to 216.185.116.28:80 - [iknowstudio.com]
Request: GET /scripts/0505USdw.dat
Response: 200 "OK"
---------------


Spam:

-----------------
Received: from cust-053-082.static-dsl.andrexen.net ([85.118.53.82])
Date: Mon, 5 May 2014 14:31:48 +0100
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:24.0) Gecko/20100101
            Thunderbird/24.2.0
Subject: You received a voice mail

You received a voice mail : VOICE645-969-4957.wav (26 KB)
Caller-Id: 645-969-4957
Message-Id: UGK0C0
Email-Id: (account@my-domain.tld)

This e-mail contains a voice message.    

Download and extract the attachment to listen the message.

Sent by Microsoft Exchange Server
-------------------

Re: New malware (0/52 detection rate at VT) May 5 / 2014

On Mon, 05 May 2014 08:57:28 -0400, Virus Guy wrote:

Quoted text here. Click to load it
file/6d8fed40d1023a26da990d04bf68fb9da0c09e843c2f6886573ae9fb3bca3b88/
analysis/1399293921/
Quoted text here. Click to load it
action=result&task_id=1831c35c473df6f14a94c12bf1379713d&call=first
Quoted text here. Click to load it

Back for more? Never mind about that malware. I'm sure you believe your  
Win98 box is immune.

Thane

Site Timeline