dl.sd.keniu.com(trojan downloader hosted in China Jinan China Unicom Shandong Province Network)

By Pig, April 1, 2011

dl.sd.keniu.com
dl.sd.keniu.com 123.235.32.185
stat.sd.keniu.com
stat.sd.keniu.com 219.232.254.35

Outgoing connection to remote server: dl.sd.keniu.com TCP port 80
Outgoing connection to remote server: 123.235.32.247 TCP port 80
Outgoing connection to remote server: 218.29.42.138 TCP port 80
Outgoing connection to remote server: stat.sd.keniu.com TCP port 80

exe file
http://www.multiupload.com/SGDN1Z6H3Q

virustotal scan
http://www.virustotal.com/file-scan/report.html?id=22ccc8633a1c0b255aa07459b5343b4ab24c07e3e0fe15a7f1b23e8dd86b43cf-1301688919

infos about hosting:
http://whois.domaintools.com/219.232.254.35
http://whois.domaintools.com/123.235.32.247

Categories: Uncategorized

Previous postblackshades.info(stealer hosted in United States Chicago Hosting Services Inc)

Next post173.242.123.150(botnet hosted in United States Clarks Summit Volumedrive)