http://arnoth.net/earnoth/dokuwiki/ 2010-09-08T20:15:45-05:00 http://arnoth.net/earnoth/dokuwiki/ http://arnoth.net/earnoth/dokuwiki/lib/images/favicon.ico text/html 2010-01-09T10:32:55-05:00 http://arnoth.net/earnoth/dokuwiki/techdocs:security:malware:0ada2a2f49fd01b56b7c0ca69de2dbf6 Research Notes for 0ada2a2f49fd01b56b7c0ca69de2dbf6 Summary Notes 2010-01-09 Unable to execute on WinXPHomeSP2 running in VMware Server 1.0.0 build 28343, OS complains that the file “is not a valid Win32 application”. Links virustotal analysis text/html 2010-01-10T21:46:51-05:00 http://arnoth.net/earnoth/dokuwiki/techdocs:security:malware:0fc38cc0e7f8f732a79b976fd79d9a76 Research Notes for 0fc38cc0e7f8f732a79b976fd79d9a76 Summary Notes 2010-01-10 Executed on WinXPHomeSP2 running in VMware Server 1.0.0 build 28343, OS complains that the file “is not a valid Win32 application”. Links virustotal analysis text/html 2010-01-10T21:41:37-05:00 http://arnoth.net/earnoth/dokuwiki/techdocs:security:malware:1df34209b750a6651f94388897d0f737 Research Notes for 1df34209b750a6651f94388897d0f737 Summary Notes 2010-01-10 Executed on WinXPHomeSP2 running in VMware Server 1.0.0 build 28343. Received a dialog box that exclaimed, “W32.NytemareV2 says 'Your kung-fu is no good!'” Will try on a bare-metal victim device tomorrow. text/html 2010-01-09T10:30:53-05:00 http://arnoth.net/earnoth/dokuwiki/techdocs:security:malware:1f443c0271f1d699164521fb8b3dd408 Research Notes for 1f443c0271f1d699164521fb8b3dd408 Summary Notes 2010-01-09 Unable to execute on WinXPHomeSP2 running in VMware Server 1.0.0 build 28343, OS complains that the file “is not a valid Win32 application”. Links virustotal analysis text/html 2010-01-09T09:09:28-05:00 http://arnoth.net/earnoth/dokuwiki/techdocs:security:malware:3018e3b251119fd3215489f1f233a328 Research Notes for 3018e3b251119fd3215489f1f233a328 Summary Loaded program on WinXP Home for 1 week. After execution, the app attempted to connect to a IRC server irc.sohbetini.net without success (SYNs went without replies). The hostname for the server continued to resolve until Jan 4, 2010 11:40:20, when it was apparently removed from DNS. text/html 2010-01-09T10:05:24-05:00 http://arnoth.net/earnoth/dokuwiki/techdocs:security:malware:53fed7473c878ad4b4e57a42c99df38f Research Notes for 53fed7473c878ad4b4e57a42c99df38f Summary Observations Links virustotal analysis text/html 2010-01-10T21:10:28-05:00 http://arnoth.net/earnoth/dokuwiki/techdocs:security:malware:61b0eb271ad8b4417ad3b5e292e4b545 Research Notes for 61b0eb271ad8b4417ad3b5e292e4b545 Summary Notes 2010-01-10 Executed on Win2KSP0 running in VMware ESX Server 110271. Application spawned, but has not yet shown any appreciable network behavior. Continuing to run the test overnight. text/html 2010-01-09T10:31:57-05:00 http://arnoth.net/earnoth/dokuwiki/techdocs:security:malware:90eef215f1ab82cf891731cace23ac9b Research Notes for 90eef215f1ab82cf891731cace23ac9b Summary Notes 2010-01-09 Unable to execute on WinXPHomeSP2 running in VMware Server 1.0.0 build 28343, OS complains that the file “is not a valid Win32 application”. Links virustotal analysis text/html 2010-01-23T14:58:29-05:00 http://arnoth.net/earnoth/dokuwiki/techdocs:security:malware:9d64e6a0dc6a3353770916d53350c2ac Research Notes for bd618f92139641ac7a2800c9f895a2ce Summary Notes 2010-01-23 Executed on WinXPHomeSP2 running in VMware Server 1.0.0 build 28343. Installed an agent that started massive communications with a multitude of hosts on the Internet, primarily over port 80 but seeming to use encrypted channels. text/html 2010-01-10T21:07:07-05:00 http://arnoth.net/earnoth/dokuwiki/techdocs:security:malware:a4c0f6ed2dbb15e8dbfbcf261531a1f6 Research Notes for a4c0f6ed2dbb15e8dbfbcf261531a1f6 Summary Notes 2010-01-09 Executed on WinXPHomeSP2 running in VMware Server 1.0.0 build 28343. No appreciable network behavior. Test terminated. Links text/html 2010-01-10T21:26:28-05:00 http://arnoth.net/earnoth/dokuwiki/techdocs:security:malware:bd618f92139641ac7a2800c9f895a2ce Research Notes for bd618f92139641ac7a2800c9f895a2ce Summary Notes 2010-01-10 Executed on WinXPHomeSP2 running in VMware Server 1.0.0 build 28343, OS complains that the file “is not a valid Win32 application”. Executed on Win2KSP0 running in VMware ESX Server 110271, OS complains that the file “is not a valid Win32 application”. text/html 2010-01-10T21:06:50-05:00 http://arnoth.net/earnoth/dokuwiki/techdocs:security:malware:ef0d2bf1947b1ff2ffdd572e484f531d Research Notes for ef0d2bf1947b1ff2ffdd572e484f531d Summary Notes 2010-01-09 Executed on WinXPHomeSP2 running in VMware Server 1.0.0 build 28343. No appreciable network behavior. Test terminated. Links text/html 2010-01-10T21:29:46-05:00 http://arnoth.net/earnoth/dokuwiki/techdocs:security:malware:f981992c0f944aa29ab9a217b98d7172 Research Notes for f981992c0f944aa29ab9a217b98d7172 Summary Notes 2010-01-10 Executed on WinXPHomeSP2 running in VMware Server 1.0.0 build 28343, OS complains that the file “is not a valid Win32 application”. Executed on Win2KSP0 running in VMware ESX Server 110271, OS complains that the file “is not a valid Win32 application”.