A new virus is currently circulating at Facebook. It is hidden behind an address of hidemyass.com (an IP and domain hiding service) and leads to a website of blogspot.gr. The virus can not be said to come from a Greek blog as blogspot changes the ending of domains depending on the geographical location of the visitor. But with a better look, things change.
Below you can see the message that is trafficked through Facebook. (Our image sent her a friend from us safer-internet.gr)
If someone clicks on the “safe Youtube Video” που έρχεται με το μήνυμα του Facebook, οδηγείται στην παρακάτω διεύθυνση.
The page that opens represents Youtube but the video (classic) will not play unless you install “adobe flash player. ”
In the blog screenshot below you can see the Greek name used by the malicious user: Note the URL of the page. The title of the publication is brazil sugar (This page is displayed with Firefox)
If you use Firefox you need to download the file (video) that is actually a Windows executable (.exe) file.
If someone uses Chrome and opens the hidemyass URL, the executable file will be downloaded on its own.
See the page displayed in Chrome
The malicious file is downloaded with a different name each time, since the numbers it contains change each time. So the "Private_Video_23429.mp4.exe" next time it downloads changes to "Private_Video_xxxxx.mp4.exe."
What is happening with the virus now:
We uploaded the malicious file to jotti.org, The virustotal and VirSCAN. You can see the results and which antivirus they recognize.
Read more data about the virus and the files it injects into the infected system below:
Compilation timestamp 2014-06-06 11:29:14
Link data 12:29 PM 6/6/2014
Entry Point 0x0001D41B
Number of sections 4
PE sections
Name Virtual address Virtual size Raw size EntropyMD5
.text 4096 165203 165376 6.72 0d2680623ee21ef164d1e5badd4a9069
.rdata 172032 20307 20480 5.35 3b2a89ea65c257eec0c12a06de2a115a
.data 192512 137468 5632 3.47 599cdae4e964b67335324e67538c2a9c
.rsrc 331776 245516 245760 6.88 f046331948dcc96236d87dc27f09e0cd
PE imports
RegCreateKeyExW
RegCloseKey
OpenProcessToken
RegSetValueExW
RegOpenKeyExW
SetFileSecurityW
AdjustTokenPrivileges
LookupPrivilegeValueW
RegQueryValueExW
GetSaveFileNameW
GetOpenFileNameW
CommDlgExtendedError
GetDeviceCaps
CreateDIBSection
DeleteObject
GetObjectW
GetStdHandle
GetConsoleOutputCP
FileTimeToSystemTime
WaitForSingleObject
GetFileAttributesW
SystemTimeToTzSpecificLocalTime
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
OpenFileMappingW
GetConsoleMode
GetLocaleInfoA
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
GetCPInfo
GetStringTypeA
GetTempPathW
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetOEMCP
GetExitCodeProcess
InitializeCriticalSection
FindClose
InterlockedDecrement
MoveFileW
SetFileAttributesW
SetLastError
GetSystemTime
DeviceIoControl
GetModuleFileNameW
IsDebuggerPresent
ExitProcess
GetModuleFileNameA
SetThreadPriority
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
SetFilePointer
GetFullPathNameW
CreateThread
SetEnvironmentVariableW
MoveFileExW
SetUnhandledExceptionFilter
TzSpecificLocalTimeToSystemTime
TerminateProcess
CreateSemaphoreW
WriteConsoleA
SetCurrentDirectoryW
GlobalAlloc
SetEndOfFile
GetCurrentThreadId
InterlockedIncrement
GetNumberFormatW
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
FreeLibrary
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetDateFormatW
SetEvent
DeleteFileW
GetProcAddress
CreateFileMappingW
GetTimeFormatW
WriteFile
RemoveDirectoryW
ExpandEnvironmentStringsW
FindNextFileW
CreateDirectoryW
ResetEvent
FindFirstFileW
GetProcessAffinityMask
CreateEventW
CreateFileW
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
LeaveCriticalSection
GetLastError
SystemTimeToFileTime
LCMapStringW
GetShortPathNameW
HeapCreate
GetConsoleCP
LCMapStringA
CompareStringW
GetEnvironmentStringsW
IsDBCSLeadByte
FileTimeToLocalFileTime
GetEnvironmentStrings
GetCurrentDirectoryW
GetCurrentProcessId
SetFileTime
GetCommandLineW
WideCharToMultiByte
HeapSize
GetCommandLineA
RaiseException
ReleaseSemaphore
MapViewOfFile
TlsFree
GetModuleHandleA
ReadFile
CloseHandle
GetACP
GetModuleHandleW
GetLongPathNameW
IsValidCodePage
UnmapViewOfFile
FindResourceW
VirtualFree
Better sleep
VirtualAlloc
CreateHardLinkW
SHBrowseForFolderW
SHChangeNotify
SHFileOperationW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
ShellExecuteExW
SHGetFileInfoW
SHGetMalloc
MapWindowPoints
SetFocus
GetParent
UpdateWindow
EndDialog
LoadBitmapW
SetWindowTextW
DefWindowProcW
GetWindowTextW
GetMessageW
ShowWindow
SetWindowPos
wvsprintfW
GetSystemMetrics
SetWindowLongW
IsWindow
SendMessageW
GetWindowRect
RegisterClassExW
DialogBoxParamW
SendDlgItemMessageW
GetDlgItemTextW
PostMessageW
MessageBoxW
SetDlgItemTextW
GetDC
GetWindowLongW
ReleaseDC
DestroyIcon
TranslateMessage
IsWindowVisible
LoadStringW
GetClientRect
GetDlgItem
GetWindow
OemToCharBuffA
DispatchMessageW
PeekMessageW
GetSysColor
GetClassNameW
CopyRect
WaitForInputIdle
LoadCursorW
LoadIconW
FindWindowExW
CreateWindowExW
EnableWindow
SetForegroundWindow
DestroyWindow
CreateStreamOnHGlobal
CoCreateInstance
CLSIDFromString
OleInitialize
OleUninitialize