Recibimos diferentes mails que anexan fichero ZIP que descarga un SCR infectado con CTBLOCKERRmsc hotline sat Monday, April 27, 2015 Recibimos diferentes mails con diferentes ficheros anexados, que resumimos con el mail tipico y los preanalisis del virustotal: MAIL MALICIOSO TIPICO RECIBIDO POR VARIOS USUARIOS: ___________ Asunto: Your account #23917673354 has been blocked De: "Terri Clampitt" < Fecha: 27/04/2015 15:56 Para: <DESTINATARIO> Your account #23917673354 was blocked for violation of our TOS. Please see attached. Anexo : fichero malicioso ____________ Los preanalisis de virustotal son los siguientes: MD5 05d9372baf43fabccb22179314ed530e SHA1 70821a23bba9cf7f161eef6d6237fa9fe8723175 File size 108.0 KB ( 110592 bytes ) SHA256: 7c584760b7349629df6e994dc81e925f87c8adff395ca85136eebcbaf71a9b33 File name: 72588799776.scr Detection ratio: 5 / 54 Analysis date: 2015-04-27 14:43:10 UTC ( 11 minutes ago ) 0 1 Antivirus Result Update AVG Luhe.Fiha.A 20150427 ESET-NOD32 a variant of Win32/Kryptik.DGLV 20150427 Kaspersky UDS:DangerousObject.Multi.Generic 20150427 Norman Heur.I 20150427 Tencent Trojan.Win32.Qudamah.Gen.2 20150427 _________ OTRA VARIANTE DE CTBLOCKER: MD5 66edf67332b24f3fa7ae26e7e3d53747 SHA1 922d609869aedec6badbc87bc0c11af01532a8cb File size 108.0 KB ( 110592 bytes ) SHA256: 13246fe244b58317273c090c740e23118cfc9c9ac2733e92dcbf000559edd735 File name: 282850295223.scr Detection ratio: 5 / 55 Analysis date: 2015-04-27 15:01:01 UTC ( 3 minutes ago ) 0 1 Antivirus Result Update AVG Luhe.Fiha.A 20150427 ESET-NOD32 a variant of Win32/Kryptik.DGLV 20150427 Kaspersky UDS:DangerousObject.Multi.Generic 20150427 Norman Heur.I 20150427 Tencent Trojan.Win32.Qudamah.Gen.2 20150427 __________ otra variante del ctblocker MD5 571399ccd9206a26b8e3dc7d8a820df7 SHA1 aeb3f1bb3f2438fd44f02d468d7b29e2743c8e4e File size 96.0 KB ( 98304 bytes ) SHA256: dbb284eeb4d1f3207e63dd6ae180a2d3a9ba29398c19d7dad8ff9f18acbc8239 File name: 712064227449.scr Detection ratio: 6 / 54 Analysis date: 2015-04-27 15:07:23 UTC ( 3 minutes ago ) 0 1 Antivirus Result Update AVG Luhe.Fiha.A 20150427 AhnLab-V3 Win-Trojan/CTBLocker.Gen 20150427 ESET-NOD32 a variant of Win32/Kryptik.DGLV 20150427 Kaspersky UDS:DangerousObject.Multi.Generic 20150427 Norman Heur.I 20150427 Tencent Trojan.Win32.Qudamah.Gen.2 20150427 ___________ MAS VARIANTES DEL CTBLOCKER MD5 d3a7c3c500c62950a88e8ca3d83c2994 SHA1 12b3278815284e6c4376005bb2de68cc1101357a File size 92.0 KB ( 94208 bytes ) SHA256: 50c7ee5e584038d51deaaf1c35864e43763aaa4ec66d8e36752c4fba0e263f51 File name: d3a7c3c500c62950a88e8ca3d83c2994 Detection ratio: 6 / 57 Analysis date: 2015-04-27 14:36:10 UTC ( 38 minutes ago ) 0 1 Antivirus Result Update AVG Luhe.Fiha.A 20150427 AhnLab-V3 Win-Trojan/CTBLocker.Gen 20150427 ESET-NOD32 a variant of Win32/Kryptik.DGLV 20150427 Kaspersky UDS:DangerousObject.Multi.Generic 20150427 Norman Heur.I 20150427 Tencent Trojan.Win32.Qudamah.Gen.2 20150427 ___________ Todas ellas pasan a ser detectadas y eliminadas con el ELISTARA 32.17 que estará disponible en nuestra web a partir de las 19 h CEST de hoy. saludos ms, 27-4-2015 |
RSS Noticias RSS Articulos RSS Descargas>> Compartircomparte con tus amigos, zonavirus.com |