Clicky

Sunday, December 21, 2014

Infected HTML Files (Windows malware Ramnit) in Android Apps - samples


Research: Malwarebytes: Infected HTML Files Bundled in Android Apps


nameMD5
air.ELA4.A00196BA842449CDEDD5C22AB5037D2022
air.ELA4.A00AD96A161E350D709B216FE0046D6ADB
air.ELA4.A02D31F784B43F70DE1C7D935BD9FE64CE
air.ELA4.A05E1249EACD38108F154F4052F62AACEB
air.ELA4.A06331C7053A63ABA6635C4ABE741D46F8
air.ELA4.A09502CE34A896C67B54DE50628F272258
air.ELA4.A0DBAC184F71C79E1E79ACE356A37C6C67
com.amd.menggambar759F7EC766C6203AA331E00B8FDDAF5C
com.amd.tebaktimnasBE0788A38153562C63B0F711130AC054
com.aviatosystems786339A22AED23AE699458FB2A5DB565
com.aviatosystems929E2F4F59985E2D2517FEB730EC8750
com.aviatosystems65D456B0FAB474457E5BA33852E227B0


Download. Email me if you need the password.








res/raw/startga.html  of MD5 DBAC184F71C79E1E79ACE356A37C6C67
https://www.virustotal.com/en/file/855999addcc6672a50c127a3709f4c0de6c8da9a86a77a138bba5b47921edc9e/analysis/
SHA256: 855999addcc6672a50c127a3709f4c0de6c8da9a86a77a138bba5b47921edc9e
File name: startga.html
Detection ratio: 41 / 53
Analysis date: 2014-12-21 16:51:06 UTC ( 9 hours, 16 minutes ago )
Antivirus Result Update
AVG VBS/Dropper 20141221
AVware Virus.VBS.Ramnit.a (v) 20141221
Ad-Aware Trojan.HTML.Ramnit.A 20141221
Agnitum VBS.Ramnit.T 20141221
AhnLab-V3 JS/Dropper 20141221
Antiy-AVL Trojan[Dropper]/VBS.Agent.bp 20141221
Avast VBS:Dropper-DF [Trj] 20141221
Avira VBS/Ramnit.483893 20141221
BitDefender Trojan.HTML.Ramnit.A 20141221
Bkav W32.ScriptDropperE.Worm 20141220
CAT-QuickHeal VBS/Ramnit.BG 20141219
ClamAV Heuristic.HTML.Dropper 20141221
Comodo Virus.VBS.Ramnit.c 20141221
Cyren VBS/DropDownld.B 20141221
DrWeb VBS.Rmnet.2 20141221
ESET-NOD32 Win32/Ramnit.A 20141221
Emsisoft Trojan.HTML.Ramnit.A (B) 20141221
F-Prot VBS/DropDownld.B 20141221
Fortinet VBS/Dropper.DL!tr 20141221
GData Trojan.HTML.Ramnit.A 20141221
Ikarus Virus.VBS.Ramnit 20141221
Jiangmin Trojan/Script.Gen 20141221
K7AntiVirus Trojan ( 001bb56b1 ) 20141219
K7GW Trojan ( 001bb56b1 ) 20141220
Kaspersky Trojan-Dropper.VBS.Agent.bp 20141221
McAfee W32/Ramnit.a!htm 20141221
MicroWorld-eScan Trojan.HTML.Ramnit.A 20141221
Microsoft Virus:VBS/Ramnit.gen!A 20141221
NANO-Antivirus Trojan.Html.Agent.dhyatq 20141221
Norman Ramnit.CQSW 20141221
Rising HTML:Dropper.Script.VBS.Fednu.a!1590497 20141218
Sophos VBS/Inor-AA 20141221
Symantec W32.Ramnit!html 20141221
Tencent Html.Win32.Script.1500711 20141221
TotalDefense HTML/Ramnit!generic 20141221
TrendMicro VBS_RAMNIT.SMC 20141221
TrendMicro-HouseCall VBS_RAMNIT.SMC 20141221
VIPRE Virus.VBS.Ramnit.a (v) 20141221
ViRobot VBS.Dropper.B[h] 20141221
Zillya Dropper.Inor.VBS.1 20141221
nProtect Trojan.HTML.Ramnit.A 20141219

/assets/www/index.html of MD5:  65d456b0fab474457e5ba33852e227b0
https://www.virustotal.com/en/file/beab132850e504611531f06ceb586893caebb013a8466ab2a549e078ae70a303/analysis/1419176897/
VirusTotal
SHA256: beab132850e504611531f06ceb586893caebb013a8466ab2a549e078ae70a303
File name: index.html
Detection ratio: 41 / 55
Analysis date: 2014-12-21 15:48:17 UTC ( 1 minute ago )
Antivirus Result Update
AVG VBS/Dropper 20141221
AVware Virus.VBS.Ramnit.a (v) 20141221
Ad-Aware Trojan.HTML.Ramnit.A 20141221
Agnitum Trojan.VBS.RmBot.A 20141221
Avast VBS:Dropper-DF [Trj] 20141221
Avira VBS/Ramnit.483893 20141221
BitDefender Trojan.HTML.Ramnit.A 20141221
Bkav W32.ScriptDropperE.Worm 20141220
CAT-QuickHeal VBS/Ramnit.BG 20141219
ClamAV Heuristic.HTML.Dropper 20141221
Comodo Virus.VBS.Ramnit.c 20141221
Cyren VBS/DropDownld.B 20141221
DrWeb VBS.Rmnet.2 20141221
ESET-NOD32 Win32/Ramnit.A 20141221
Emsisoft Trojan.HTML.Ramnit.A (B) 20141221
F-Prot VBS/DropDownld.B 20141221
F-Secure Trojan.HTML.Ramnit.A 20141221
Fortinet VBS/Dropper.DL!tr 20141221
GData Trojan.HTML.Ramnit.A 20141221
Ikarus Trojan.Script 20141221
Jiangmin Trojan/Script.Gen 20141221
K7AntiVirus Trojan ( 001bb56b1 ) 20141219
K7GW Trojan ( 001bb56b1 ) 20141220
Kaspersky Trojan-Dropper.VBS.Agent.bp 20141221
McAfee W32/Ramnit.a!htm 20141221
MicroWorld-eScan Trojan.HTML.Ramnit.A 20141221
Microsoft Virus:VBS/Ramnit.gen!C 20141221
NANO-Antivirus Trojan.Html.Agent.dhyatq 20141221
Norman Ramnit.CQSW 20141221
Qihoo-360 virus.vbs.runner.a 20141221
Rising HTML:Dropper.Script.VBS.Fednu.a!1590497 20141218
Sophos VBS/Inor-AA 20141221
Symantec W32.Ramnit!html 20141221
Tencent Html.Win32.Script.1500711 20141221
TotalDefense HTML/Ramnit!generic 20141221
TrendMicro VBS_RAMNIT.SMC 20141221
TrendMicro-HouseCall VBS_RAMNIT.SMC 20141221
VIPRE Virus.VBS.Ramnit.a (v) 20141221
ViRobot VBS.Dropper.B[h] 20141221
Zillya Dropper.Inor.VBS.1 20141221
nProtect Script/W32.SpyEye 20141219

No comments:

Post a Comment