USPS hook instead of the UPS hook

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
Finally had access to one, passed through the yahoo filter process,
but had to disable Avira AntiVir to have a looksie.

Currently 24/42 on VT reported it as malware.   I also uploaded it to
uploadmalware.com before I noticed the same filename was on the
previous upload list.

http://www.virustotal.com/file-scan/report.html?id=c794a9455eeb6caeaaa0140ebe9cac64bc588460e304b675c86490b337150a63-1321357772

Re: USPS hook instead of the UPS hook


Quoted text here. Click to load it
http://www.virustotal.com/file-scan/report.html?id=c794a9455eeb6caeaaa0140ebe9cac64bc588460e304b675c86490b337150a63-1321357772


Yes, USPS report.exe MD5=99e3f257fc99ec5c3a48289475a7f7c2, was uploaded November
14, 2011,
0605 hrs and then again by you at 0703 hrs Today.

--
Dave
Multi-AV Scanning Tool - http://multi-av.thespykiller.co.uk
http://www.pctipp.ch/downloads/dl/35905.asp



Re: USPS hook instead of the UPS hook

Duh_OZ wrote:
Quoted text here. Click to load it
http://www.virustotal.com/file-scan/report.html?id=c794a9455eeb6caeaaa0140ebe9cac64bc588460e304b675c86490b337150a63-1321357772

Looks like a lot of generic/heuristic detections and just a few
identifications (or misidentifications). Makes me wonder what it
*really* is. :o)

Re: USPS hook instead of the UPS hook


Quoted text here. Click to load it

Fakealert trojan family.


--
Dave
Multi-AV Scanning Tool - http://multi-av.thespykiller.co.uk
http://www.pctipp.ch/downloads/dl/35905.asp



Re: USPS hook instead of the UPS hook

David H. Lipman wrote:
Quoted text here. Click to load it
That sure is a large family now.


Re: USPS hook instead of the UPS hook

"David H. Lipman" wrote:

Quoted text here. Click to load it

It's a highly obfuscated downloader, as I said in ACV. Currently it
downloads fake-alerts but potentially could be anything else.



Site Timeline