Researchers Present Tinba, 20KB Trojan Banker

Discussion in 'malware problems & news' started by Dermot7, May 31, 2012.

Thread Status:
Not open for further replies.
  1. Dermot7

    Dermot7 Registered Member

    Dec 20, 2009
    Surrey, England.
  2. CloneRanger

    CloneRanger Registered Member

    Jan 4, 2006
    @ Dermot7 Thanks for posting :thumb:

    Analysis -

    Noted from the above, DAKOTAVOLANDOS.COM

    Is it Chinese or Rusian or ?

    I managed to get hold of it & run it. As usual i had to first allow it, & then the other stuff it sporned, through ProcessGuard.

    readme (2).exe = MD5: 08ab7f68c6b3a4a2a745cc244d41d213 launches winver.exe then deletes readme (2).exe

    winver.exe then launches Version Reporter Applet which wanted out, so i allowed it. The funny thing is that it goes to IP which is

    Not sure why that should be, ANY ideas ? And also my ISP's DNS.

    I didn't notice anything unusual in Anything, when typing in false info at RBS, & PrevxSafeOnline didn't blink, or detect it. One possible reason for nothing bad happening, was my FW blocked incoming. As my time on this was short, i didn't persue it.

    Here's some screenies

    z1.gif za1.gif

    za2.gif rbs.gif
    Last edited by a moderator: May 31, 2012
  3. STV0726

    STV0726 Registered Member

    Jul 29, 2010
    But the injection into web browsers only can occur AFTER the initial executable has been RAN... anti-execution and policy restrictions will still block this piece of malware completely... :thumb:

    If that crap tried to automatically download and run on my computer, all I would see is an X-box message from group policy.
  4. subhrobhandari

    subhrobhandari Registered Member

    Nov 6, 2009
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.