[Dshield] Need help decoding hackers javascript code
Julio Canto
jcanto at hispasec.com
Fri Sep 7 12:47:28 GMT 2007
Security escribió:
> In this particular case, the end goal of the zlo-x.net/XDS/iframe.php
> is to download and install a piece of malware from
> hxxp://oya.ru/vyhod/numizmat/ima/get.php?file=exe. The file that gets
> downloaded, update.exe is UPX-packed and is known to most AV as
> Goldun. The following link should let you see the VT results:
>
> http://www.virustotal.com/resultado.html?e308317d18761b82d81c41c1f7902d53
Links at VirusTotal results have a very limited lifespan.
--
Regards,
Julio Canto | VirusTotal.com | Hispasec Sistemas Lab | Tlf:
+34.902.161.025 | Fax: +34.952.028.694 | PGP Key ID: EF618D2B |
jcanto at hispasec.com
More information about the list
mailing list