1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

can someone check this file

Discussion in 'BlackHat Lounge' started by saladflorida, Apr 2, 2011.

  1. saladflorida

    saladflorida Newbie

    Joined:
    Mar 28, 2011
    Messages:
    5
    Likes Received:
    0
    hi,

    i received an email from fedex


    here's what's in it

    HTML:
    Dear customer.
    
    The parcel was sent your home address.
    And it will arrive within 3 business day.
    
    More information and the tracking number are attached in document below.
    
    Thank you.
    © 1994-2011 FedEx, Inc.
    and this is what's on the attachment

    ----link deleted.. found the answer, thanks to en.smartis-----------



    can someone check that .exe file, i am affraid of something scary happen if i execute the file.
     
    Last edited: Apr 2, 2011
  2. en.smartis

    en.smartis Jr. VIP Jr. VIP Premium Member

    Joined:
    May 4, 2009
    Messages:
    292
    Likes Received:
    230
    Location:
    127.0.0.1
    Use
    Virustotal.com
     
    • Thanks Thanks x 1
  3. BlackSeng

    BlackSeng Jr. VIP Jr. VIP

    Joined:
    Mar 5, 2009
    Messages:
    1,963
    Likes Received:
    3,519
    Occupation:
       
    Location:
    SG50
    . . . . . .. . . . . . . . . . . ,.-‘". . . . . . . . . .``~.,
    . . . . . . . .. . . . . .,.-". . . . . . . . . . . . . . . . . ."-.,
    . . . . .. . . . . . ..,/. . . . . . . . . . . . . . . . . . . . . . . ":,
    . . . . . . . .. .,?. . . . . . . . . . . . . . . . . . . . . . . . . . .\,
    . . . . . . . . . /. . . . . . . . . . . . . . . . . . . . . . . . . . . . ,}
    . . . . . . . . ./. . . . . . . . . . . . . . . . . . . . . . . . . . ,:`^`.}
    . . . . . . . ./. . . . . . . . . . . . . . . . . . . . . . . . . ,:". . . ./
    . . . . . . .?. . . __. . . . . . . . . . . . . . . . . . . . :`. . . ./
    . . . . . . . /__.(. . ."~-,_. . . . . . . . . . . . . . ,:`. . . .. ./
    . . . . . . /(_. . "~,_. . . .."~,_. . . . . . . . . .,:`. . . . _/
    . . . .. .{.._$;_. . ."=,_. . . ."-,_. . . ,.-~-,}, .~"; /. .. .}
    . . .. . .((. . .*~_. . . ."=-._. . .";,,./`. . /" . . . ./. .. ../
    . . . .. . .\`~,. . .."~.,. . . . . . . . . ..`. . .}. . . . . . ../
    . . . . . .(. ..`=-,,. . . .`. . . . . . . . . . . ..(. . . ;_,,-"
    . . . . . ../.`~,. . ..`-.. . . . . . . . . . . . . . ..\. . /\
    . . . . . . \`~.*-,. . . . . . . . . . . . . . . . . ..|,./.....\,__
    ,,_. . . . . }.>-._\. . . . . . . . . . . . . . . . . .|. . . . . . ..`=~-,
    . .. `=~-,_\_. . . `\,. . . . . . . . . . . . . . . . .\
    . . . . . . . . . .`=~-,,.\,. . . . . . . . . . . . . . . .\
    . . . . . . . . . . . . . . . . `:,, . . . . . . . . . . . . . `\. . . . . . ..__
    . . . . . . . . . . . . . . . . . . .`=-,. . . . . . . . . .,%`>--
     
    Last edited: Apr 2, 2011
  4. saladflorida

    saladflorida Newbie

    Joined:
    Mar 28, 2011
    Messages:
    5
    Likes Received:
    0
    en.smartis : thanks i would do that as my avast didn't detect anything suspicious


    BlackSeng : i am sorry, i didn't get what you mean?


    *why can't i multiquote replying the post?*

    -----
    en.smartis : here's what the virustotal says, any idea?

    File already submitted: The file sent has already been analysed by VirusTotal in the past. This is same basic info regarding the sample itself and its last analysis: MD5:626c8a5e5c39059b9bbe628553c1c9aa Date first seen:2011-04-02 11:48:20 (UTC) Date last seen:2011-04-02 11:48:20 (UTC) Detection ratio:2/42 What do you wish to do?
     
    Last edited: Apr 2, 2011
  5. bertbaby

    bertbaby Elite Member

    Joined:
    Apr 15, 2009
    Messages:
    2,019
    Likes Received:
    1,496
    Occupation:
    Product marketing
    Location:
    USA
    Home Page:
    Here's a suggestion: just don't open it! That's what i do all day long....
     
  6. saladflorida

    saladflorida Newbie

    Joined:
    Mar 28, 2011
    Messages:
    5
    Likes Received:
    0
    nevermind, i think i found the answer :

    either

    it's Backdoor:Win32/Hostil.gen!A

    or

    Trj/Sasfis.A

    thanks en.smartis :)
     
  7. popcrdom29

    popcrdom29 Jr. VIP Jr. VIP Premium Member

    Joined:
    May 20, 2008
    Messages:
    807
    Likes Received:
    518
    I use Fedex all of the time and they won't email you a file to download. If you get any emails like this, it's probably a virus from an unscrupulous. If they have information for you, it'll be in the body of the email and not attached for download.