ThreatExpert Report: Java.FakeUpdate, Trojan.Maljava!gen23

Technical Details:

Possible Security Risk

Attention! The following threat category was identified:

Threat Category

Description

A malicious trojan horse or bot that may represent security risk for the compromised system and/or its network environment

File System Modifications

The following files were created in the system:

Filename(s)

File Size

File Hash

Alias

%Temp%\META-INF\MANIFEST.MF

99 bytes

MD5: 0xD8B452B5302AFA0555775A0E073BDAE0
SHA-1: 0xE958379BCBEA6DCB3A63D67CCB26A75304EC8DBC

(not available)

%Temp%\mobile\engine.class

1,123 bytes

MD5: 0xA535766A8C2273831B413C67602F0A4D
SHA-1: 0x4DEAF8698BDF68F0722E417C91B53D11239FB9B5

(not available)

%Temp%\mobile\flakes.class

11,357 bytes

MD5: 0x9374BCF257A418908708CE3570C64E8E
SHA-1: 0x5669D502AE9BFE18C719A80F8F9D0C26A6E9C7A6

Trojan.Maljava!gen23 [Symantec]

%Temp%\mobile\update.class

12,238 bytes

MD5: 0xB7847CC0323156F303AC7AAF0CD08CD7
SHA-1: 0xC123395F0C569F6BE0F4C2C56732955C3EC40458

(not available)

%Temp%\mobile\webservice.class

2,216 bytes

MD5: 0x36551AEC278093C2670B4B936E36EE79
SHA-1: 0x225328B3B95479BFEB51613DEFCF9B837750D3D3

Java.FakeUpdate [Ikarus]

[file and pathname of the sample #1]

16,348 bytes

MD5: 0x78627B94DA26E027DC70CF688D15BC8B
SHA-1: 0x45B9E716E7DEFAB8386CD99B8377930D682270D4

Java.FakeUpdate [Ikarus]

Note:

%Temp% is a variable that refers to the temporary folder in the short path form. By default, this is C:\Documents and Settings\[UserName]\Local Settings\Temp\ (Windows NT/2000/XP).

The following directories were created:

%Temp%\META-INF
%Temp%\mobile

Other details

The following Host Name was requested from a host database:

192.5.5.241

All content ("Information") contained in this report is the copyrighted work of Threat Expert Ltd and its associated companies ("ThreatExpert") and may not be copied without the express permission of ThreatExpert.

The Information is provided on an "as is" basis. ThreatExpert disclaims all warranties, whether express or implied, to the maximum extent permitted by law, including the implied warranties that the Information is merchantable, of satisfactory quality, accurate, fit for a particular purpose or need, or non-infringing, unless such implied warranties are legally incapable of exclusion. Further, ThreatExpert does not warrant or make any representations regarding the use or the results of the use of the Information in terms of their correctness, accuracy, reliability, or otherwise.

Submission Summary:

Technical Details: