Thread: Release MaTr!x Hook ReLoaDeD
View Single Post
Old 10-07-2009, 08:14 AM   #3
CampStaff
Registered User
 
CampStaff's Avatar
 
Last Online: 12-28-2009 04:47 PM
Join Date: Mar 2009
Posts: 392
Rep Power: 3
Rep Points: 123
CampStaff will become famous soon enoughCampStaff will become famous soon enough
Feedback: (0)
Points: 22,332.78
Bank: 10,457.35
Total Points: 32,790.13
Re: MaTr!x Hook ReLoaDeD
Malicious TROJAN Detected

Analysis: Backdoor.Win32..PoisonIvy.Gen

Suspicious Actions Detected
Creates autorun records
Creates files in windows system directory
Injects code into other processes
Outgoing connection to remote server: 69.181.86.121 TCP port 5150

Code:
LM\Software\Microsoft\Active Setup\Installed Components\{63B43C3B-A373-61B7-E883-E0BF2695222B}\StubPath    REG_SZ    510    "C:\WINDOWS\system32\omg123.exe"
Quote:

File Info

Report generated: 7.10.2009 at 17.11.27 (GMT 1)
Filename: Loader.exe
File size: 144 KB
MD5 Hash: 973407a9a2ef74bc4251704cf7fce3bc
SHA1 Hash: 968730C059DE68A9D865CBA106F9F454EECDA3C2
Self-Extract Archive: Nothing found
Binder Detector: Nothing found
Detection rate: 7 on 23

Detections

a-squared - Backdoor.Win32.Bifrose!IK
Avira AntiVir - TR/Dropper.Gen
Avast - -
AVG - BackDoor.Generic11.AWIT
BitDefender - Backdoor.Generic.214789
ClamAV - -
Comodo - -
Dr.Web - -
Ewido - -
F-PROT6 - -
Ikarus T3 - Backdoor.Win32.Bifrose
Kaspersky - Backdoor.Win32.Bifrose.bqyb
McAfee - Generic VB.i trojan
NOD32 v3 - -
Norman - -
Panda - -
QuickHeal - -
Solo Antivirus - -
Sophos - -
TrendMicro - -
VBA32 - -
VirusBuster - -
CampStaff is offline