3 Replies Latest reply on Mar 23, 2014 6:47 PM by exbrit

    Malware Artemis!BB6CEC789A39

    mcfivpe

      Hello

       

      The file is a malware

      Os Melhores CDs ( Ao vivo) - Gospel - Crianças Diante do Trono.rar

      It downloadable from hxxp://search.4shared.com/postDownload/3bs78JP5ce/Os_Melhores_CDs___Ao_vivo__-_ G.html  (file link broken by Moderator as possibly dangerous)

       

      Analysis

      https://www.virustotal.com/bg/file/db174be757ed20ef161ec8eda345b2dd713bf90abe11e f4404d077384cec43df/analysis/1395607051/

      Ad-Aware                      DeepScan:Generic.Banker.OT.CE8330D3                      20140323         
                  AntiVir                      TR/Spy.Banker.Gen                      20140323         
                  BitDefender                      DeepScan:Generic.Banker.OT.CE8330D3                      20140323         
                  Commtouch                      W32/D_Bancos!Generic                      20140323         
                  ESET-NOD32                      probably a variant of Win32/Spy.Banker.AAPM                      20140323         
                  Emsisoft                      DeepScan:Generic.Banker.OT.CE8330D3 (B)                      20140323         
                  F-Prot                      W32/D_Bancos!Generic                      20140323         
                  F-Secure                      DeepScan:Generic.Banker.OT.CE8330D3                      20140323         
                  GData                      DeepScan:Generic.Banker.OT.CE8330D3                      20140323         
                  K7AntiVirus                      Trojan ( 00361abb1 )                      20140321         
                  K7GW                      Trojan ( 00361abb1 )                      20140321         
                  Malwarebytes                      Spyware.InfoStealer                      20140323         
                  MicroWorld-eScan                      DeepScan:Generic.Banker.OT.CE8330D3                      20140323         
                  Norman                      Suspicious.C6!genr                      20140323         
                  Sophos                      Mal/Banker-U                      20140323         

       

      4.JPG

       

       

       

      Message was edited by: Ex_Brit on 23/03/14 6:46:46 EDT PM

       

      Message was edited by: Ex_Brit on 23/03/14 7:43:38 EDT PM
        • 1. Re: Malware Artemis!BB6CEC789A39
          exbrit

          Full Analysis from VirusTotal:

           

           

          Ad-Aware                      DeepScan:Generic.Banker.OT.CE8330D3                      20140323         
                      AntiVir                      TR/Spy.Banker.Gen                      20140323         
                      BitDefender                      DeepScan:Generic.Banker.OT.CE8330D3                      20140323         
                      Commtouch                      W32/D_Bancos!Generic                      20140323         
                      ESET-NOD32                      probably a variant of Win32/Spy.Banker.AAPM                      20140323         
                      Emsisoft                      DeepScan:Generic.Banker.OT.CE8330D3 (B)                      20140323         
                      F-Prot                      W32/D_Bancos!Generic                      20140323         
                      F-Secure                      DeepScan:Generic.Banker.OT.CE8330D3                      20140323         
                      GData                      DeepScan:Generic.Banker.OT.CE8330D3                      20140323         
                      K7AntiVirus                      Trojan ( 00361abb1 )                      20140321         
                      K7GW                      Trojan ( 00361abb1 )                      20140321         
                      Malwarebytes                      Spyware.InfoStealer                      20140323         
                      MicroWorld-eScan                      DeepScan:Generic.Banker.OT.CE8330D3                      20140323         
                      Norman                      Suspicious.C6!genr                      20140323         
                      Sophos                      Mal/Banker-U                      20140323         
                      AVG         
                      20140323         
                      AegisLab         
                      20140323         
                      Agnitum         
                      20140323         
                      AhnLab-V3         
                      20140323         
                      Antiy-AVL         
                      20140320         
                      Avast         
                      20140323         
                      Baidu-International         
                      20140323         
                      Bkav         
                      20140322         
                      ByteHero         
                      20140323         
                      CAT-QuickHeal         
                      20140323         
                      CMC         
                      20140319         
                      ClamAV         
                      20140323         
                      Comodo         
                      20140323         
                      DrWeb         
                      20140323         
                      Fortinet         
                      20140323         
                      Ikarus         
                      20140323         
                      Jiangmin         
                      20140323         
                      Kaspersky         
                      20140323         
                      Kingsoft         
                      20140323         
                      McAfee         
                      20140323         
                      McAfee-GW-Edition         
                      20140323         
                      Microsoft         
                      20140323         
                      NANO-Antivirus         
                      20140323         
                      Panda         
                      20140323         
                      Qihoo-360         
                      20140323         
                      Rising         
                      20140322         
                      SUPERAntiSpyware         
                      20140323         
                      Symantec         
                      20140323         
                      TheHacker         
                      20140321         
                      TotalDefense         
                      20140323         
                      TrendMicro         
                      20140323         
                      TrendMicro-HouseCall         
                      20140323         
                      VBA32         
                      20140321         
                      VIPRE         
                      20140323         
                      ViRobot         
                      20140323         
                      nProtect         
                      20140323         

           

          So McAfee antivirus doesn't find a problem with it,   are you asking if it should?     What does find a probem with it is SiteAdvisor (browser add-on) and that is probably due to the nature of the download, file-sharing sites are usually marked as dangerous.

           

          If you feel it is incorrect you can contact SiteAdvisor here:  https://community.mcafee.com/message/66185#66185

           

          Превод от Google:


          Така че McAfee антивирусна не намери проблем с него, са ви питам, ако трябва? Какво може да намери probem с него е SiteAdvisor (браузър добавка) и това вероятно се дължи на естеството на мишката, за обмен на файлове сайтове обикновено са маркирани като опасни.



          Ако смятате, че е неправилна, можете да се свържете с SiteAdvisor тук: https://community.mcafee.com/message/66185 # 66185

           

          Message was edited by: Ex_Brit on 23/03/14 7:02:44 EDT PM

           

          Message was edited by: Ex_Brit on 23/03/14 7:44:05 EDT PM
          • 2. Re: Malware Artemis!BB6CEC789A39
            mcfivpe

            Hello

             

            McAfee have already found the file is a malware.

             

            McAfee-Gateway5008 ms2014-03-23

            Artemis!BB6CEC789A39

             

             

            https://www.metascan-online.com/en/scanresult/file/23bc23a59b2a46688c24cea705773 972

             

            AegisLab2246 ms2014-03-21

            No threat detected

            Agnitum3573 ms2014-03-22

            No threat detected

            Ahnlab3027 ms1899-12-30

            No threat detected

            Antiy3853 ms2014-02-12

            No threat detected

            AVG4103 ms2014-03-22

            No threat detected

            Avira2402 ms2014-03-23

            TR/Spy.Banker.Gen

            Infected
            BitDefender4587 ms2014-03-23

            DeepScan:Generic.Banker.OT.CE8330D3

            Infected
            ByteHero2293 ms2014-03-23

            No threat detected

            ClamWin1638 ms2014-03-23

            No threat detected

            Commtouch2340 ms2014-03-23

            W32/D_Bancos!Generic

            Infected
            Emsisoft2636 ms2014-03-23

            DeepScan:Generic.Banker.OT.CE8330D3

            Infected
            ESET10234 ms2014-03-23

            probably a variant of Win32/Spy.Banker.A...

            Infected
            F-prot2434 ms2014-03-23

            W32/D_Bancos!Generic

            Infected
            F-secure4696 ms2014-03-23

            DeepScan:Generic.Banker.OT.CE8330D3

            Infected
            Filseclab2200 ms2014-03-23

            TrojanDrop.VB.ahht.pzyq.mg

            Infected
            Fortinet5897 ms2014-03-16

            No threat detected

            Hauri1466 ms2014-03-23

            No threat detected

            Ikarus3682 ms2014-03-23

            No threat detected

            Jiangmin4025 ms2014-03-23

            No threat detected

            K71451 ms2014-03-22

            Trojan ( 00361abb1 )

            Infected
            Kaspersky4977 ms2014-03-23

            No threat detected

            Kingsoft14743 ms2014-03-23

            No threat detected

            Lavasoft4540 ms2014-03-23

            DeepScan:Generic.Banker.OT.CE8330D3

            Infected
            McAfee-Gateway5008 ms2014-03-23

            Artemis!BB6CEC789A39

            Infected
            Microsoft5725 ms2014-03-23

            No threat detected

            NANO2558 ms2014-03-23

            No threat detected

            Norman3229 ms2014-03-23

            Suspicious.C6!genr

            Infected
            nProtect1950 ms2014-03-15

            No threat detected

            QuickHeal2714 ms2014-03-23

            No threat detected

            Sophos3261 ms2014-03-16

            Mal/Banker-U

            Infected
            SUPERAntiSpyware1934 ms2014-03-23

            No threat detected

            Symantec3292 ms2014-03-22

            No threat detected

            ThreatTrack23276 ms2014-03-23

            No threat detected

            TotalDefense3541 ms2014-03-22

            No threat detected

            TrendMicro4571 ms2014-03-15

            No threat detected

            TrendMicroHouseCall4399 ms2014-03-14

            No threat detected

            VirIT3994 ms2014-03-21

            No threat detected

            VirusBlokAda6115 ms2014-03-21

            No threat detected

            Zillya!1903 ms2014-03-23

            No threat detected

            Zoner4649 ms2014-03-19

            No threat detected

             

            Problem is resolved.

            Thank you!

             

            Message was edited by: Ex_Brit on 23/03/14 7:44:36 EDT PM
            • 3. Re: Malware Artemis!BB6CEC789A39
              exbrit

              Pity you didn't say that before.   I've now edited the headers to read the Artemis detection number and have moved the tthread to that section.  

              Hopefully someone from the lab will pagtrol here soon.

               

              Artemis detections are "unknowns" that have been automatically submitted to the labs for investigation.

               

              If something is identified, maybe wrongly as "Artemis" then McAfee already knows about it.  Merely send an email to virus_research@mcafee.com with the Artemis detection name and the words "False Artemis!++++++++++++" (where ++++++++++++ is the 12-digit code given to it) as the subject line. (Minus the "").