hxxp://codec-fun.com/
Currently, virus detection is not good. My best recommendation is never download a video file that asks you to install a video codec. Its normally malware. Safe surfing.
Subscribe to:
Post Comments (Atom)
About Me
- sjpritch25
- United States
- In 2004, i became interested in computers and security. I volunteer a lot of my time helping others at various security sites Malwarebytes, Spywarehammer and TechSupportGuy. Hope you enjoy my blog, i look forward to any replies.
1 comments:
DNS: CODEC-FUN.COM
Creation: 16 April 2007
http://www.siteadvisor.com/sites/codec-fun.com
IP Range Monitoring: 64.28.184.1**
by the evil registrar ESTDOMAINS.
Source: infected://codec-fun.com/download/codec-fun4091.exe
Filename: codec-fun4091.exe
Compil on: Sat Jul 14 15:12:49 2007
Size: 207 727 octects
Packer: NullSoft PiMP SFX
MD5: 3c04ec7f05ccbfdab02e7452ad333866
SHA-1: 9c65d521d0556e10516808fce45c5b3114e9fda1
KAV: Win32.Trojan.DNSChanger.KA
An easy way for a quick analysis is to use a simple NSIS extractor tool for example, uniextrac.
Read the .NSI script:
Push "$TEMP\check.exe" e -o+ -pnLKQ3KC3DPFGgub1PP9bOEm0gg8CF package.tmp
$TEMP = %tmp%
check.exe = unrar.exe
e Extract files to current directory
-o Overwrite existing files
p[password] Set password
package.tmp = compressed files
Rename package.tmp in package.rar
Now, we can extract files on our virtual b0x.
71 205 tmp1.exe
7 199 tmp2.exe
Regards,
Post a Comment