56youku.3322.org (Trojan-Banker.Win32.Banker hosted in China Guangdong Chinanet Guangdong Province Network)

By Pig, January 20, 2011

56youku.3322.org DNS_TYPE_A 183.7.66.173
– TCP Connection Attempts:183.7.66.173:8000

Suspicious Actions Detected
Copies self to other locations
Creates and executes scripts
Creates files in windows system directory
Creates system services or drivers

exe file :
http://ct.ftpvpn.info:3355/yuhaimin/windsca.exe

anubis scan:
http://anubis.iseclab.org/?action=result&task_id=1ef1923bf055827246da05311ccd4a263&format=html

info about hosting:
http://whois.domaintools.com/183.7.66.173

Categories: Uncategorized

Previous postbad-girl.no-ip.biz(bifrose hosted in Germany Bremen Ewe-tel)

Next postunassigned.calpop.com(botnet hosted in United States Los Angeles Calpop.com Inc)