2014-04-29 - TODAY'S FAKE FLASH UPDATER HOSTED ON MICROSOFT ONEDRIVE

ASSOCIATED FILES:

 

MICROSOFT ONEDIRVE IP ADDRESSES HOSTING THE MALWARE:

 

NOTES:

 

TODAY'S EXAMPLES

comromised website --> fake Flash updater notice --> Microsoft OneDrive hosting the malware
rubikon.bg --> site.lt --> xmeazw.dm2301.livefilestore.com

HTTPS link from fake Flash updater notice:

 

comromised website --> fake Flash updater notice --> Microsoft OneDrive hosting the malware
webradio-powerplay.de --> www.emiliabayer.com --> xmeazw.dm2304.livefilestore.com

HTTPS link from fake Flash updater notice:

 

comromised website --> fake Flash updater notice --> Microsoft OneDrive hosting the malware
www.mkon.de --> aviontechnology.it --> xmeazw.dm2301.livefilestore.com

HTTPS link from fake Flash updater notice:

 

PRELIMINARY MALWARE ANALYSIS

File name:  FlashUpdater.exe
File size:  159.0 KB ( 162816 bytes )
MD5 hash:  f7193a06030e19e0d0c66dfa013481a5
Detection ratio:  3 / 51
First submission:  2014-04-29 01:25:40 UTC
VirusTotal link:  https://www.virustotal.com/en/file/938700a3f84dd6ef0e414b83ad4ec132f0e94504f8ad9bbfa62eefded9ebd49b/analysis/

NOTE: This is the same file size and icon as yesterday, but a different MD5 hash.

 

FINAL NOTES

Once again, here are links for the associated files:

ZIP files are password-protected with the standard password.  If you don't know it, look at the "about" page of this website.

Click here to return to the main page.