Malware Encyclopedia

Nrgbot

by alexander.adamov on July 19th, 2013 in Malware Descriptions.

Platform: Win32
Type: Trojan
Size: 126976 bytes
Packer: unknown
Unpacked size: 320 Kb
Language: C++
MD5: 85f087a291256829f418a3be3dd76ad8
SHA1: 112d92cdd5165af9c0d22f931e77f929b97395fa
Aliases: Dorkbot, Trojan.Win32.Generic!BT

Summary

Nrgbot is a Trojan-spy program designed to steal confidential data.


Skyper

by alexander.adamov on May 29th, 2013 in Malware Descriptions.

Platform: Win32
Type: Worm
Size: 657760 bytes
Packer: UPX
Unpacked size: 1000 Kb
Language: C++
MD5: 61abb8eab44cd5d529825838647c5d09
SHA1: 2fc3c7edb195be79d8fb9d85bdb84213ea6db396


Platform: Win32
Type: Exploit
Size: 1410681 bytes
File type: rtf
MD5: 93d0222c8c7b57d38931cfd712523c67
SHA1: 94b802273340f406d5bfda7812330d15eb8dcdeb
Aliases : Red October RTF, Exploit.Win32.CVE-2012-0158

Summary

This Exploit uses a vulnerability in Microsoft Windows Common Control Library (MSCOMCTL.OCX) ActiveX (CVE-2012-0158, MS12-027 ) to execute an arbitrary code on a target computer.


We discovered a new modification of the Kelihos backdoor dated March, 4 2013 (MD5:80bb0a4c115ca5309baaf4c85017869), which is still in operation after the much publicized botnet shut down at RSA Conference. The new modification is able to steal passwords from Internet browsers.

The compilation date of the unpacked backdoor body is March, 4 2013.


Win32.Chir.b

by alexander.adamov on November 30th, 2012 in Malware Descriptions.

Detect: Win32.Сhir.b
Platform: Win32
Type: Worm
Size: 10 748 bytes
md5: a0ec5fc7ccb941955c24d53374361915
sha1: 3e0e6e1e2b7879f70fe6284a9c24020d1c05264f

Summary

It is an email worm which spreads via the Internet as an attachment of its executable file copy to the infected messages. For mailing, the worm uses addresses found on the infected computer.


Platform: Win32
Type: Downloader
Size: 214528 bytes
Packer: unknown packer
Unpacked size: ~127 Kb


Platform: Win32
Type: Trojan
Size: 127035  bytes
Language: C++
MD5: 33e10314899a5b890a25f8cd85d67e67
SHA1: ff0a5ddd0c3769dcf918ec43e83d62d6bcd48bd1
Aliases: Diple, Carberp

Summary

Trojan.Win32.Carberp is a spyware designed to steal confidential user’s data.


Platform: Win32
Type: Trojan
Size: 16896 bytes
Language: Visual Basic
MD5: ebe60fa9bf0dfcf7c00ddbaaf14da510
SHA1: 8ea7e3b9e7c8b7c6ad6d4b5afc94e71185a6e8b7

Summary

Trojan-Downloader.Win32.Beebone is a Trojan which downloads files via the Internet without user’s knowledge or consent. The Trojan can be spread using the following name:


Platform: Win32
Type: Trojan
Size: 16896 bytes
Language: C++
MD5: 8d326300a6f4dfe93a456c4c185bf2a
SHA1: a01dee0fdb5a752afea044c4e4fe4534ef5a23f6
Aliases : Backdoor:Win32.Poison

Summary

Trojan.Win32.Generic!BT is a Trojan which extracts from itself another malicious program providing the attacker with unauthorized remote access to the infected computer. The Trojan is installed on the system by another malicious program which uses the critical vulnerability CVE-2012-4969.


Platform: Win32
Type: Backdoor
Size: 40448 bytes
Packer: UPX
Unpacked size: ~95 Kb
Language: C++
MD5: 8fb5b6fcad0d7e67bf750a9194f19dfc
SHA1: 4749575d1b929f6f03f196ad6c7d04ee8d940dbd
Aliases : Trojan.Win32.Generic!BT

Summary

Trojan.Win32.OnlineGames is a program that belongs to the Trojan family stealing passwords to online game accounts.