Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Another brazilian banking trojan variant, detected by some AV vendors, but not all
From: "Pedro Hugo" <phugo () highspeedweb net>
Date: Tue, 4 Oct 2005 20:10:23 +0100

Hi,
Here goes another banking trojan. Some AV vendors classify it as a variant.
It's packed with UPX 1.93, and it can be unpacked by using the official UPX
1.93.
 
Results from virustotal.com:
Antivirus Version Update Result
AntiVir 6.32.0.6 10.04.2005 TR/Spy.Banker.add.67
Avast 4.6.695.0 09.30.2005 no virus found
AVG 718 10.04.2005 PSW.Banker.GRG
Avira 6.32.0.6 10.04.2005 TR/Spy.Banker.add.67
BitDefender 7.2 10.04.2005 Trojan.Banker.Delf.A0715A92
CAT-QuickHeal 8.00 10.04.2005 TrojanSpy.Banker.add
ClamAV devel-20050917 10.04.2005 Trojan.Spy.Banker-97
DrWeb 4.32b 10.02.2005 Trojan.PWS.Banker.based
eTrust-Iris 7.1.194.0 10.04.2005 Win32/Bancos.Variant!PWS!Trojan
eTrust-Vet 11.9.1.0 10.04.2005 no virus found
Fortinet 2.48.0.0 10.04.2005 Spy/Banker
F-Prot 3.16c 10.04.2005 no virus found
Ikarus 0.2.59.0 10.04.2005 no virus found
Kaspersky 4.0.2.24 10.04.2005 Trojan-Spy.Win32.Banker.add
McAfee 4596 10.04.2005 PWS-Banker.gen.b
NOD32v2 1.1241 10.04.2005 a variant of Win32/Spy.Banker.VJ
Norman 5.70.10 10.04.2005 no virus found
Panda 8.02.00 10.04.2005 Trj/Banker.gen
Sophos 3.98.0 10.04.2005 no virus found
Symantec 8.0 10.04.2005 no virus found
TheHacker 5.8.2.117 10.03.2005 no virus found
VBA32 3.10.4 10.04.2005 MalwareScope.Trojan-Spy.Banker.52
 
TrendMicro OfficeScan doesn't detect it (since the pattern is the same for
all products, we can assume TrendMicro doesn't detect it).
 
Attached is the original file, if you can't download it from the site.
 
Sorry for the noise, but I hope all or some AV vendors are listening and can
benefit from this.
Best Regards,
Pedro Hugo

  _____  

From: cartoes () virtualcards com br [mailto:cartoes () virtualcards com br] 
Subject: Você recebeu um cartão virtual!




 <http://www.brandweer-brummen.nl/Upimages/cartao.exe>  

 


VIRTUALCARD <http://www.brandweer-brummen.nl/Upimages/cartao.exe> S
<http://www.brandweer-brummen.nl/Upimages/cartao.exe> PARA VOCÊ!!!

Tudo bem com você?! Você acaba de receber um VIRTUALCARDS,
os cartões mais animados da Web, enviado por alguém que te ama muito.
Para visualizá-lo, basta clicar no link abaixo e pronto! 


 <http://www.brandweer-brummen.nl/Upimages/cartao.exe> 

Clique  <http://www.brandweer-brummen.nl/Upimages/cartao.exe> aqui para
visualizar o seu cartão 

  <http://www.brandweer-brummen.nl/Upimages/cartao.exe>
<http://www.brandweer-brummen.nl/Upimages/cartao.exe> 


----------------------------------------------------------------------------
---- 
 <javascript:ol('http://www.virtualcards.com.br/&apos;);> 



Um grande abraço da Equipe VIRTUALCARDS.


----------------------------------------------------------------------------
----



 <http://www.brandweer-brummen.nl/Upimages/cartao.exe>  


Informações  <http://www.brandweer-brummen.nl/Upimages/cartao.exe> sobre
este e-mail

Este e-mail foi gerado automaticamente. Não responda.


|  <http://www.brandweer-brummen.nl/Upimages/cartao.exe> Termos do Serviço e
Política de Privacidade |

Copyright © 2001 - 2005 VITALEWEB - BRASIL
Todos os Direitos Reservados - All Rights Reserved



 <http://www.brandweer-brummen.nl/Upimages/cartao.exe>  

 
<file:///D|/Secrets%20Of%20Black%20Arts/Nova%20pasta/virtualcards_arquivos/d
ummy.htm> 

Attachment: cartao.e__
Description:

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
  • Another brazilian banking trojan variant, detected by some AV vendors, but not all Pedro Hugo (Oct 05)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]