Malware Kuluoz/Asprox/Dofoil - "Invalid address"





The link leads to malware download site to download Shipping_Label_US_Washington_20016.zip, which contains Shipping_Label_US_Washington_20016.exe
The exe file is malicious (Kuluoz/Asprox/Dofoil downloader)

http://hydrogeit-verlag.de/main.php?go=CHHuKL+oZufc6u5wT/BTLoyHfLdLZ+5u38VxbyT81ME=

Here is the link to virustotal scan results
https://www.virustotal.com/en/file/10911b4ce659503e802779ec1acbd208feacc2ffa4ada604bbafd89f21fbd101/analysis/1385148082/


Date: Fri, 22 Nov 2013 16:07:25 +0100 (CET)
From: "One Day Shipping" <us_259@punktum-magazin.de>
To: 
Subject: Invalid address


CARGO .COM
    

Notification

Our courier couldnt make the delivery of parcel to you at 20th November.
Print label and show it in the nearest post office.

 Get a Shipping Label NOW


CARGO | Copyright 2013 CARGO. All Rights Reserved.




Envelope From: xb5469@xb5.serverdomain.org
Content-Type: multipart/alternative;boundary="----------1385132845528F732DED708"
Date: Fri, 22 Nov 2013 16:07:25 +0100 (CET)
From: "One Day Shipping" <us_259@punktum-magazin.de>
MIME-Version: 1.0
Message-ID: <20131122150725.EE4BF28F74930@mail.xb5.serverdomain.org>
Received: from
by na3sys009amx199.postini.com ([74.125.148.10]) with SMTP; Fri, 22 Nov 2013 10:07:34 EST
Received: from mail.xb5.serverdomain.org ([89.107.189.101]) by iron3-mx.tops.gwu.edu with ESMTP; 22 Nov 2013 10:07:27 -0500
Received: from xb5.serverdomain.org (localhost.localdomain [127.0.0.1]) (Authenticated sender: xb5469smtp) by mail.xb5.serverdomain.org (mail.xb5.serverdomain.org) with SMTP id EE4BF28F74930 for <bcomer@gwu.edu>; Fri, 22 Nov 2013 16:07:25 +0100 (CET)
Received: (from xb5469@xb5.serverdomain.org) by xb5.serverdomain.org (mini_sendmail/1.3.6 29jun2005); Fri, 22 Nov 2013 16:07:25 CET (sender xb5469@xb5.serverdomain.org)
Received-SPF: None (iron3-mx.tops.gwu.edu: no sender authenticity information available from domain of xb5469@xb5.serverdomain.org) identity=mailfrom; client-ip=89.107.189.101; receiver=iron3-mx.tops.gwu.edu; envelope-from="xb5469@xb5.serverdomain.org"; x-sender="xb5469@xb5.serverdomain.org"; x-conformance=spf_only
Received-SPF: None (iron3-mx.tops.gwu.edu: no sender authenticity information available from domain of postmaster@mail.xb5.serverdomain.org) identity=helo; client-ip=89.107.189.101; receiver=
; envelope-from="xb5469@xb5.serverdomain.org"; x-sender="postmaster@mail.xb5.serverdomain.org"; x-conformance=spf_only
Reply-To: "One Day Shipping" <us_259@punktum-magazin.de>

X-Ipas-Result: AqGCAG9yj1JZa71lnGdsb2JhbAA/Gg6BYwQBTXyqOIp3iFwWDgEBAQEBCB08g0QdNDGINQk2oGugK48kgwqBEgOJCooxfINcAYJskGKBLUA7
X-Ironport-Anti-Spam-Result: AqGCAG9yj1JZa71lnGdsb2JhbAA/Gg6BYwQBTXyqOIp3iFwWDgEBAQEBCB08g0QdNDGINQk2oGugK48kgwqBEgOJCooxfINcAYJskGKBLUA7
X-Ironport-Av: E=Sophos;i="4.93,752,1378872000"; d="scan'208,217";a="329582488"
X-Mailer: EasyDMfree
X-Senderbase: 5.6

IP:    89.107.189.101
Decimal:    1500233061
Hostname:    mail.xb5.serverdomain.org
ISP:    WebhostOne GmbH
Organization:    WebhostOne GmbH
Services:    Likely mail server
Country:    Germany

---


https://www.virustotal.com/en/file/10911b4ce659503e802779ec1acbd208feacc2ffa4ada604bbafd89f21fbd101/analysis/1385148082/
Antivirus     Result     Update
Ikarus     Virus.Win32.Vbinder     20131122
Kaspersky     UDS:DangerousObject.Multi.Generic     20131122
Baidu-International     Trojan.Win32.Kryptik.BPKY     20131122
Malwarebytes     Trojan.Inject.RRE     20131122
TrendMicro-HouseCall     TROJ_GEN.F47V1122     20131122
Symantec     Suspicious.Cloud.5     20131122
TrendMicro     PAK_Generic.001     20131122
Sophos     Mal/Generic-S     20131122
McAfee-GW-Edition     Heuristic.LooksLike.Win32.Suspicious.F     20131121
ESET-NOD32     a variant of Win32/Kryptik.BPKY     20131122 
at
Labels:

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.

Subscribe to: Post Comments (Atom)