{
	"id": "87f512e3-d658-40db-bf17-4f13b2818ecd",
	"created_at": "2026-04-06T00:21:18.239636Z",
	"updated_at": "2026-04-10T03:20:43.637483Z",
	"deleted_at": null,
	"sha1_hash": "6183109c32d4598372f099adc5fb133042830e7c",
	"title": "Rootkit TDL-4 (TDSS, Alureon.DX, Olmarik, TDL) 32-bit and 64-bit Sample + Analysis links - Update July 7",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 97061,
	"plain_text": "Rootkit TDL-4 (TDSS, Alureon.DX, Olmarik, TDL) 32-bit and 64-\r\nbit Sample + Analysis links - Update July 7\r\nArchived: 2026-04-05 21:31:50 UTC\r\nRootkit TDL-4 (TDSS, Alureon.DX, Olmarik, TDL) 32-bit and 64-bit Sample + Analysis links -\r\nUpdate July 7\r\nOld version 3 -  See August 27, 2010  TDL3 dropper (x86 compatible with x64 systems).\r\nGeneral File Information - April 2011\r\n This is an updated version of TDL4, which made a lot of news recently thanks to being named the ‘indestructible’\r\nbotnet. This is the last / current version and it is dated April 2011 (the previous version is from January 2011)\r\nAll the credits and many thanks for the files and comments go to @EP_X0FF @InsaneKaos @markusg\r\n@USForce from KernelMode.info. I am posting the files and their comments here because of the the large\r\nnumber of inquiries for the updated version.\r\n1) Bypassed Microsoft patch (STATUS_INVALID_IMAGE_HASH error overwritten) to be able again\r\nto infect x64 OS\r\n2) Bypasssed Microsoft patch to kdcom.dll (this version of TDL4 checks kdcom resource directory size\r\non the x64 version of it, whether it is == 0x110 || 0xFA)\r\n2) Improved disk minport filtering hook\r\nVersion history:\r\n1. 0.01 firstly detected ITW in the end of July 2010\r\n2. 0.02 August 2010, version with x64 support\r\n3. 0.03 September 2010, small changes, new C\u0026C library\r\n4. In April 2011 Microsoft released KB2506014 targeting 0.03 version, exactly boot loader and kd\r\ndll - and it was able to successfully prevent TDL4 from working. However, the rootkit support\r\nstrike back within two weeks releasing their update, which could bypass the MS patch. The\r\nrootkit version wasn't changed.\r\nRelated articles:\r\nThe Evolution of TDL: Conquering x64 ESET Eugene Rodionov, Aleksandr Matrosov\r\nJune 27, 2011 TDL4 – Top Bot - Kaspersky - Sergey Golovanov, Igor Soumenkov\r\nMay 1, 2011  TDL4 rootkit is coming back stronger than before  - Prevx Marco Giuliani\r\nList of samples included\r\nhttp://contagiodump.blogspot.com/2011/02/tdss-tdl-4-alureon-32-bit-and-64-bit.html\r\nPage 1 of 11\n\nFile: TDL4.exe\r\nSize: 146944\r\nMD5:  4A052246C5551E83D2D55F80E72F03EB\r\nhttp://www.virustotal.com/file-scan/report.html?\r\nid=b75fd580c29736abd11327eef949e449f6d466a05fb6fd343d3957684c8036e5-1305275113\r\nFile: dll (2).exe\r\nSize: 140288\r\nMD5:  D69B02C1ACD87B5A5C33B19693E24020\r\nhttp://www.virustotal.com/file-scan/report.html?\r\nid=fe165840b709adb5b7765ea329c317f64d05a402873c8d8cea84873cbe192bf4-1304405700\r\nFile: DLL.exe\r\nSize: 140288\r\nMD5:  A1DE5B3607845F5C6597528BE02EBDA5\r\nhttp://www.virustotal.com/file-scan/report.html?\r\nid=1aa5708519389ddcf96fa6206cf274844414c58bff6e3f8338188364449f4509-1304402425\r\nDownload TDL4 - April 2011 edition files listed above as a password protected archive (contact me if you\r\nneed the password)\r\n  General File Information - January 2011\r\nList of components provided\r\ncfg.ini                MD5 CB4AAD4D8D464E58461C867FFAD6462B\r\ncmd.dll              MD5 03B82BE24271737CC0DA6C83CBB5A24F\r\ncmd64.dll          MD5 E6B9F8C6726FA44DD833992A9A908907\r\ndrv32                MD5 528C67F455234CD413335246EBC136B7\r\ndrv64                MD5 F7E79B727D9EB24EB522204182D47FDD\r\nldr16                 MD5  F4CBF6BEF6DF44213CFF3332422A0B78\r\nldr32                 MD5  8B0B9ACEA732B91BC2305162C06ED8FC\r\nldr64                 MD5  3EDD490066EA4A312E6FA6DC420AF6C6\r\nkeygen_v.45.23.4.ex1   MD531DB7A22DF02E1A91DB9AFDA4F02F3BF \r\nThe following information in the blue box is posted with thanks to EP_X0FF from www.kernelmode.info \r\nhttp://contagiodump.blogspot.com/2011/02/tdss-tdl-4-alureon-32-bit-and-64-bit.html\r\nPage 2 of 11\n\nTDL4 common information\r\nFirst kernel mode rootkit compatible with x64 Windows.\r\nUses bootkit technique to load itself and bypass drivers signing restriction on x64\r\nUses payload C\u0026C dll injection (cmd.dll for x86 and cmd64.dll for x64).\r\nTo keep it's data uses own VFS where stored following files:\r\ncfg.ini (configuration text file, replaced previously used config.ini)\r\ncmd.dll (payload dll to be injected into x86 processes)\r\ncmd64.dll (the same but for x64)\r\nmbr (copy of original main boot record)\r\nldr16 (rootkit loader parts, gets control from infected mbr and provides further rootkit\r\nloading)\r\nldr32 (rootkit driver, representing fake KD dll, responsible for loading main rootkit\r\ndriver)\r\nldr64 (ldr32 version for x64 systems)\r\ndrv32 (main rootkit driver, VFS support, modifications hiding)\r\ndrv64 (drv32 version for x64 systems)\r\nmay store additional files or payload downloaded by cmd library.\r\nRootkit renders Windows XP (x86/x64), Windows 2003(x86/x64) into unbootable state after\r\ninfection (infection method restriction).\r\nCurrent versions\r\nrootkit 0.03\r\nC\u0026C library version 0.163 (cmd.dll)\r\nDownload\r\nAnalysis\r\nJan 25, 2011    Kaspersky Lab TDSS. TDL-4  - great analysis by Vyacheslav Rusakov\r\nDec 7, 2010 Kaspersky Lab  TDL4 Starts Using 0-Day Vulnerability! by Sergey Golovanov\r\nNov 15, 2010  How the TDL4 rootkit gets around driver signing policy on a 64-bit machine (Analysis by\r\nChandra Prakash, Technical Fellow, GFI Labs )\r\nPrevious Versions: \r\nApril 6, 2008  Kaspersky Lab   TDL-1 The Beginning: TDL-1  \r\nearly 2009      Kaspersky Lab   TDL-2: the saga continues\r\nAug 05, 2010 Kaspersky Lab  TDL-3: the end of the story?\r\nOct 2010  Microsoft Alureon: The First 64-Bit Windows Rootkit by Joe Johnson\r\nhttp://contagiodump.blogspot.com/2011/02/tdss-tdl-4-alureon-32-bit-and-64-bit.html\r\nPage 3 of 11\n\nAutomated Scans\r\nHere are current scans \r\n File name:keygen_v.45.23.4.ex1\r\nhttp://www.virustotal.com/file-scan/report.html?\r\nid=ba670c68a7e481c324bdc2e8c5c8c1c8ddc4a2772e991826771350ea8e03f2ce-1296794154\r\nSubmission date:2011-02-04 04:35:54 (UTC)\r\nResult:37/ 43 (86.0%)\r\nAhnLab-V3    2011.01.27.01    2011.01.27    Win-Trojan/Tdss.123904.KD\r\nAntiVir    7.11.2.68    2011.02.03    TR/Drop.TDss.usr\r\nAntiy-AVL    2.0.3.7    2011.01.28    Trojan/Win32.TDSS.gen\r\nAvast    4.8.1351.0    2011.02.03    Win32:Alureon-MT\r\nAvast5    5.0.677.0    2011.02.03    Win32:Alureon-MT\r\nAVG    10.0.0.1190    2011.02.04    Agent2.BXSP\r\nBitDefender    7.2    2011.02.04    Gen:Variant.Kazy.5799\r\nCAT-QuickHeal    11.00    2011.02.03    Win32.Trojan-Dropper.TDSS.uuc.6.a\r\nClamAV    0.96.4.0    2011.02.04    Trojan.Dropper-27337\r\nCommtouch    5.2.11.5    2011.02.04    W32/MalwareF.TJXJ\r\nComodo    7584    2011.02.03    TrojWare.Win32.Trojan.Agent.Gen\r\nDrWeb    5.0.2.03300    2011.02.04    BackDoor.Tdss.based.7\r\nEmsisoft    5.1.0.2    2011.02.04    Trojan-Dropper.Win32.TDSS!IK\r\neTrust-Vet    36.1.8139    2011.02.03    Win32/TDSS.B!generic\r\nF-Prot    4.6.2.117    2011.02.01    W32/MalwareF.TJXJ\r\nF-Secure    9.0.16160.0    2011.02.04    Gen:Variant.Kazy.5799\r\nGData    21    2011.02.04    Gen:Variant.Kazy.5799\r\nIkarus    T3.1.1.97.0    2011.02.04    Trojan-Dropper.Win32.TDSS\r\nJiangmin    13.0.900    2011.02.03    TrojanDropper.TDSS.clw\r\nK7AntiVirus    9.81.3737    2011.02.03    Riskware\r\nKaspersky    7.0.0.125    2011.02.04    Trojan-Dropper.Win32.TDSS.usr\r\nMcAfee    5.400.0.1158    2011.02.04    Generic Dropper.va.gen.m\r\nMcAfee-GW-Edition    2010.1C    2011.02.03    Generic Dropper.va.gen.m\r\nMicrosoft    1.6502    2011.02.03    Trojan:Win32/Meredrop\r\nNOD32    5844    2011.02.03    a variant of Win32/Olmarik.AJM\r\nnProtect    2011-01-27.01    2011.02.02    Trojan-Dropper/W32.TDSS.123904.AI\r\nPanda    10.0.3.5    2011.02.03    Generic Trojan\r\nPCTools    7.0.3.5    2011.02.04    Trojan.Gen\r\nPrevx    3.0    2011.02.04    High Risk Cloaked Malware\r\nRising    23.43.04.02    2011.02.04    Trojan.Win32.Generic.1261B216\r\nSymantec    20101.3.0.103    2011.02.04    Trojan.Gen.2\r\nTheHacker    6.7.0.1.123    2011.02.02    Trojan/Olmarik.ajm\r\nhttp://contagiodump.blogspot.com/2011/02/tdss-tdl-4-alureon-32-bit-and-64-bit.html\r\nPage 4 of 11\n\nTrendMicro    9.200.0.1012    2011.02.04    BKDR_TDSS.SMEO\r\nTrendMicro-HouseCall    9.200.0.1012    2011.02.04    BKDR_TDSS.SMEO\r\nVBA32    3.12.14.3    2011.02.02    OScope.Trojan.TTVV\r\nVIPRE    8301    2011.02.04    Packed.Win32.Tdss.Gen (v)\r\nVirusBuster    13.6.180.0    2011.02.03    Trojan.DR.TDSS!IiQY+NDfskI\r\nMD5   : 31db7a22df02e1a91db9afda4f02f3bf\r\nSHA1  : 6ede4482be1b06c90cca93bedf3e363c096102f5\r\nSHA256: ba670c68a7e481c324bdc2e8c5c8c1c8ddc4a2772e991826771350ea8e03f2ce\r\nssdeep: 3072:ly+NYC1kAB4DtZ1VEY88vp3O/+AtyZ6g8J4Kgp98QH3a1/Qh/C7:ly+NYC1kfDtH8Q309N\r\n2B98QH3a1YE\r\nFile size : 123904 bytes\r\nFirst seen: 2010-12-14 14:25:05\r\nLast seen : 2011-02-04 04:35:54\r\nTrID:Win32 Executable Generic (42.3%)\r\ncmd.dll\r\nhttp://www.virustotal.com/file-scan/report.html?\r\nid=bb05718936de0aa434806679088c27d58786ad40f89c4af9812d0eb5f804518c-1296793082\r\nSubmission date:2011-02-04 04:18:02 (UTC)\r\nResult:35/ 42 (83.3%)\r\nAhnLab-V3    2011.01.27.01    2011.01.27    Win-Trojan/Xema.variant\r\nAntiVir    7.11.2.68    2011.02.03    TR/Agent.8704.76\r\nAntiy-AVL    2.0.3.7    2011.01.28    Trojan/Win32.Agent.gen\r\nAvast    4.8.1351.0    2011.02.03    Win32:Alureon-LU\r\nAvast5    5.0.677.0    2011.02.03    Win32:Alureon-LU\r\nAVG    10.0.0.1190    2011.02.04    Agent_r.XJ\r\nBitDefender    7.2    2011.02.04    Generic.Malware.FYddld.50835ADA\r\nCAT-QuickHeal    11.00    2011.02.03    TrojanDownloader.Agent.exgl\r\nCommtouch    5.2.11.5    2011.02.04    W32/MalwareF.UERA\r\nComodo    7584    2011.02.03    UnclassifiedMalware\r\nDrWeb    5.0.2.03300    2011.02.04    Trojan.DownLoad2.17710\r\nEmsisoft    5.1.0.2    2011.02.04    Virus.Win32.DNSChanger.VJ!IK\r\neTrust-Vet    36.1.8139    2011.02.03    Win32/Alureon.CFR\r\nF-Prot    4.6.2.117    2011.02.01    W32/MalwareF.UERA\r\nF-Secure    9.0.16160.0    2011.02.04    Generic.Malware.FYddld.50835ADA\r\nGData    21    2011.02.04    Generic.Malware.FYddld.50835ADA\r\nIkarus    T3.1.1.97.0    2011.02.04    Virus.Win32.DNSChanger.VJ\r\nK7AntiVirus    9.81.3737    2011.02.03    Riskware\r\nKaspersky    7.0.0.125    2011.02.04    Trojan-Downloader.Win32.Agent.exgl\r\nMcAfee-GW-Edition    2010.1C    2011.02.03    Heuristic.BehavesLike.Win32.Spyware.J\r\nMicrosoft    1.6502    2011.02.03    Trojan:Win32/Alureon.DY\r\nNOD32    5844    2011.02.03    Win32/Olmarik.ADZ\r\nhttp://contagiodump.blogspot.com/2011/02/tdss-tdl-4-alureon-32-bit-and-64-bit.html\r\nPage 5 of 11\n\nNorman    6.07.03    2011.02.03    W32/Suspicious_Gen2.EIISB\r\nnProtect    2011-01-27.01    2011.02.02    Trojan-Downloader/W32.Agent.73728.JD\r\nPanda    10.0.3.5    2011.02.03    Trj/CI.AS\r\nPCTools    7.0.3.5    2011.02.04    Trojan.Gen\r\nPrevx    3.0    2011.02.04    Medium Risk Malware\r\nSophos    4.61.0    2011.02.04    Mal/Emogen-Y\r\nSymantec    20101.3.0.103    2011.02.04    Trojan.Gen\r\nTheHacker    6.7.0.1.123    2011.02.02    Trojan/Olmarik.adz\r\nTrendMicro    9.200.0.1012    2011.02.04    Mal_TDSS-16\r\nTrendMicro-HouseCall    9.200.0.1012    2011.02.04    Mal_TDSS-16\r\nVBA32    3.12.14.3    2011.02.02    TrojanDownloader.Agent.exgl\r\nVIPRE    8301    2011.02.04    Trojan.Win32.Alureon.DY (v)\r\nVirusBuster    13.6.180.0    2011.02.03    Trojan.DL.Agent!zPxnel7NLbo\r\nAdditional information\r\nShow all\r\nMD5   : 03b82be24271737cc0da6c83cbb5a24f\r\ncmd64.dll\r\nhttp://www.virustotal.com/file-scan/report.html?\r\nid=fafff9cb858fcd5560c747f29c3e70e248c37d7e4efb6e6c4977d6d3a11ba1ec-1294575619\r\nSubmission date:2011-02-04 04:14:58 (UTC)\r\nResult:31/ 43 (72.1%)\r\nAhnLab-V3    2011.01.27.01    2011.01.27    Trojan/Win64.TDSS\r\nAvast    4.8.1351.0    2011.02.03    Win32:Malware-gen\r\nAvast5    5.0.677.0    2011.02.03    Win32:Malware-gen\r\nAVG    10.0.0.1190    2011.02.04    Generic18.CFVM\r\nBitDefender    7.2    2011.02.04    Trojan.Generic.4667917\r\nComodo    7584    2011.02.03    UnclassifiedMalware\r\nDrWeb    5.0.2.03300    2011.02.04    BackDoor.Tdss.4005\r\nEmsisoft    5.1.0.2    2011.02.04    Trojan.Win64!IK\r\neTrust-Vet    36.1.8139    2011.02.03    Win64/Alureon.A\r\nF-Secure    9.0.16160.0    2011.02.04    Trojan.Generic.4667917\r\nGData    21    2011.02.04    Trojan.Generic.4667917\r\nIkarus    T3.1.1.97.0    2011.02.04    Trojan.Win64\r\nJiangmin    13.0.900    2011.02.03    Trojan/Win64.j\r\nK7AntiVirus    9.81.3737    2011.02.03    Trojan\r\nKaspersky    7.0.0.125    2011.02.04    Trojan.Win64.TDSS.b\r\nMcAfee    5.400.0.1158    2011.02.04    Generic.dx!tpx\r\nMcAfee-GW-Edition    2010.1C    2011.02.03    Generic.dx!tpx\r\nMicrosoft    1.6502    2011.02.03    Trojan:Win64/Alureon.gen!A\r\nNOD32    5844    2011.02.03    Win64/Olmarik.D\r\nNorman    6.07.03    2011.02.03    Suspicious_Gen2.ESEQG\r\nhttp://contagiodump.blogspot.com/2011/02/tdss-tdl-4-alureon-32-bit-and-64-bit.html\r\nPage 6 of 11\n\nnProtect    2011-01-27.01    2011.02.02    -\r\nPanda    10.0.3.5    2011.02.03    Trj/CI.A\r\nPCTools    7.0.3.5    2011.02.04    Backdoor.Tidserv\r\nPrevx    3.0    2011.02.04    Medium Risk Malware\r\nSymantec    20101.3.0.103    2011.02.04    Backdoor.Tidserv.L\r\nTheHacker    6.7.0.1.123    2011.02.02    Trojan/Tdss.a\r\nTrendMicro    9.200.0.1012    2011.02.04    TROJ_ALUREON.WVM\r\nTrendMicro-HouseCall    9.200.0.1012    2011.02.04    TROJ_ALUREON.WVM\r\nVBA32    3.12.14.3    2011.02.02    Trojan.Win64.TDSS.a\r\nVIPRE    8301    2011.02.04    Trojan.Win32.Generic!BT\r\nViRobot    2011.2.4.4291    2011.02.04    Trojan.Win32.S.Alureon.45056\r\nVirusBuster    13.6.180.0    2011.02.03    Trojan.Win64.TDSS.ACPV\r\nMD5   : e6b9f8c6726fa44dd833992a9a908907\r\ndrv32\r\nSubmission date:2011-02-04 04:28:15 (UTC)\r\nResult:37/ 43 (86.0%)\r\nhttp://www.virustotal.com/file-scan/report.html?\r\nid=1434cac829f1e962f3784d788492626846952c3479530ee57f503ed17e92f71e-1296793695\r\nAntiVir    7.11.2.50    2011.02.01    TR/TDss.X\r\nAntiy-AVL    2.0.3.7    2011.01.28    Trojan/Win32.TDSS.gen\r\nAvast    4.8.1351.0    2011.02.01    Win32:Alureon-NH\r\nAvast5    5.0.677.0    2011.02.01    Win32:Alureon-NH\r\nAVG    10.0.0.1190    2011.02.02    Cryptic.BLS\r\nBitDefender    7.2    2011.02.02    Trojan.Tdss.4951\r\nCAT-QuickHeal    11.00    2011.02.02    Trojan.Rootkit.gen\r\nCommtouch    5.2.11.5    2011.02.02    W32/MalwareF.TLBA\r\nComodo    7562    2011.02.02    UnclassifiedMalware\r\nEmsisoft    5.1.0.2    2011.02.02    Trojan.TDss!IK\r\neSafe    7.0.17.0    2011.02.01    Win32.TRTDss.X\r\neTrust-Vet    36.1.8135    2011.02.01    Win32/Tnega.VNH\r\nF-Prot    4.6.2.117    2011.02.01    W32/MalwareF.TLBA\r\nF-Secure    9.0.16160.0    2011.02.02    Trojan.Tdss.4951\r\nGData    21    2011.02.02    Trojan.Tdss.4951\r\nIkarus    T3.1.1.97.0    2011.02.02    Trojan.TDss\r\nJiangmin    13.0.900    2011.02.01    Rootkit.TDSS.esm\r\nK7AntiVirus    9.80.3713    2011.02.01    RootKit\r\nKaspersky    7.0.0.125    2011.02.02    Rootkit.Win32.TDSS.wia\r\nMcAfee    5.400.0.1158    2011.02.02    Generic Dropper.va.gen.e\r\nMcAfee-GW-Edition    2010.1C    2011.02.02    Generic Dropper.va.gen.e\r\nMicrosoft    1.6502    2011.02.01    Trojan:WinNT/Alureon.L\r\nNOD32    5838    2011.02.01    a variant of Win32/Olmarik.AJN\r\nNorman    6.06.12    2011.02.01    W32/Suspicious_Gen2.GSVJS\r\nhttp://contagiodump.blogspot.com/2011/02/tdss-tdl-4-alureon-32-bit-and-64-bit.html\r\nPage 7 of 11\n\nPanda    10.0.3.5    2011.02.01    Generic Trojan-BOUNDARY\r\nPCTools    7.0.3.5    2011.01.31    SecurityRisk.ADH\r\nPrevx    3.0    2011.02.04    Medium Risk Malware\r\nRising    23.43.02.02    2011.02.02    Trojan.Win32.Generic.12621AC5\r\nSophos    4.61.0    2011.02.02    Mal/TDSSPk-AF\r\nSUPERAntiSpyware    4.40.0.1006    2011.02.02    Trojan.Agent/Gen-FakeAlert\r\nSymantec    20101.3.0.103    2011.02.02    SecurityRisk.ADH\r\nTheHacker    6.7.0.1.122    2011.01.30    Trojan/TDSS.wia\r\nTrendMicro    9.120.0.1004    2011.02.02    TROJ_GEN.R47C2LJ\r\nTrendMicro-HouseCall    9.120.0.1004    2011.02.02    TROJ_GEN.R47C2LJ\r\nVBA32    3.12.14.3    2011.02.01    Rootkit.TDSS.wik\r\nVIPRE    8282    2011.02.02    Trojan.Win32.Generic!BT\r\nVirusBuster    13.6.176.0    2011.02.01    Rootkit.TDSS!FdSt/2yWsyY\r\nAdditional information\r\nShow all\r\nMD5   : 528c67f455234cd413335246ebc136b7\r\ndrv64\r\nhttp://www.virustotal.com/file-scan/report.html?\r\nid=231e95dc2ad1c2e2325ebcd2f75b2d2569a952e138226b71ee8420ee5a639ef1-1296795040\r\nSubmission date:2011-02-04 04:50:40 (UTC)\r\nResult:28/ 42 (66.7%)\r\nAhnLab-V3    2011.01.27.01    2011.01.27    Backdoor/Win64.Tidserv\r\nAntiVir    7.11.2.68    2011.02.03    RKit/TDss.A\r\nAvast    4.8.1351.0    2011.02.03    Win64:Alureon\r\nAvast5    5.0.677.0    2011.02.03    Win64:Alureon\r\nAVG    10.0.0.1190    2011.02.04    Cryptic.BMW\r\nBitDefender    7.2    2011.02.04    Rootkit.TDSS.BH\r\nCAT-QuickHeal    11.00    2011.02.04    Trojan.Alureon.Gen\r\nComodo    7584    2011.02.03    UnclassifiedMalware\r\nDrWeb    5.0.2.03300    2011.02.04    BackDoor.Tdss.4688\r\nEmsisoft    5.1.0.2    2011.02.04    Rootkit.TDss!IK\r\neTrust-Vet    36.1.8139    2011.02.03    Win64/Alureon.A\r\nF-Secure    9.0.16160.0    2011.02.04    Rootkit.TDSS.BH\r\nGData    21    2011.02.04    Rootkit.TDSS.BH\r\nIkarus    T3.1.1.97.0    2011.02.04    Rootkit.TDss\r\nK7AntiVirus    9.81.3737    2011.02.03    Riskware\r\nMcAfee    5.400.0.1158    2011.02.04    Generic.dx!vfe\r\nMcAfee-GW-Edition    2010.1C    2011.02.03    Generic.dx!vfe\r\nNOD32    5844    2011.02.03    Win64/Olmarik.H\r\nNorman    6.07.03    2011.02.03    Suspicious_Gen2.GQURM\r\nnProtect    2011-01-27.01    2011.02.02    -\r\nhttp://contagiodump.blogspot.com/2011/02/tdss-tdl-4-alureon-32-bit-and-64-bit.html\r\nPage 8 of 11\n\nPanda    10.0.3.5    2011.02.03    Generic MalwareBOUNDARY\r\nPCTools    7.0.3.5    2011.02.04    Backdoor.Tidserv\r\nSophos    4.61.0    2011.02.04    Troj/TDL3-Fam\r\nSUPERAntiSpyware    4.40.0.1006    2011.02.04    -\r\nSymantec    20101.3.0.103    2011.02.04    Backdoor.Tidserv.L\r\nTheHacker    6.7.0.1.123    2011.02.02    Trojan/Olmarik.g\r\nTrendMicro    9.200.0.1012    2011.02.04    BKDR_TDSS.ANU\r\nTrendMicro-HouseCall    9.200.0.1012    2011.02.04    TROJ_GEN.R47C3AA\r\nVIPRE    8301    2011.02.04    Trojan.Win32.Generic!BT\r\nVirusBuster    13.6.180.0    2011.02.03    Rootkit.TDss!DMEmZtR66Yk\r\nShow all\r\nMD5   : f7e79b727d9eb24eb522204182d47fdd\r\nldr16\r\nhttp://www.virustotal.com/file-scan/report.html?\r\nid=964fec64fb8b03d387fae132e206f0b7e4c3fe5e7aa1f5d12fbe765f7da2c66a-1296795255\r\nSubmission date:2011-02-04 04:54:15 (UTC)\r\nResult:8/ 43 (18.6%)\r\nAvast    4.8.1351.0    2011.02.03    Alureon-B@mbr\r\nAvast5    5.0.677.0    2011.02.03    Alureon-B@mbr\r\nBitDefender    7.2    2011.02.04    Rootkit.TDSS.BH\r\nDrWeb    5.0.2.03300    2011.02.04    BackDoor.Tdss.4724\r\neTrust-Vet    36.1.8139    2011.02.03    Dos/Alureon\r\nF-Secure    9.0.16160.0    2011.02.04    Rootkit.TDSS.BH\r\nGData    21    2011.02.04    Rootkit.TDSS.BH\r\nVIPRE    8301    2011.02.04    Trojan.DOS.Alureon.a (v)\r\nMD5   : f4cbf6bef6df44213cff3332422a0b78\r\nldr32\r\nhttp://www.virustotal.com/file-scan/report.html?\r\nid=857df0c9d476fa9fbaa96bc07aeb94466172fa0820c3625a04b1f87f3d94731a-1296795535\r\nSubmission date:2011-02-04 04:58:55 (UTC)\r\nResult:34/ 43 (79.1%)\r\nAntivirus     Version     Last Update     Result\r\nAhnLab-V3    2011.01.27.01    2011.01.27    Backdoor/Win32.Tidserv\r\nAntiVir    7.11.2.50    2011.02.01    TR/Alureon.3134.X.2\r\nAvast    4.8.1351.0    2011.02.01    Win32:Alureon-MJ@mbr\r\nAvast5    5.0.677.0    2011.02.01    Win32:Alureon-MJ@mbr\r\nAVG    10.0.0.1190    2011.02.02    Generic20.AFVG\r\nBitDefender    7.2    2011.02.02    Rootkit.TDSS.BH\r\nCAT-QuickHeal    11.00    2011.02.02    Trojan.Alureon.gen\r\nClamAV    0.96.4.0    2011.02.02    BC.Heuristics.Rootkit.B-9.SL5IT\r\nhttp://contagiodump.blogspot.com/2011/02/tdss-tdl-4-alureon-32-bit-and-64-bit.html\r\nPage 9 of 11\n\nCommtouch    5.2.11.5    2011.02.02    W32/MalwareF.UGCX\r\nComodo    7562    2011.02.02    UnclassifiedMalware\r\nDrWeb    5.0.2.03300    2011.02.01    BackDoor.Tdss.4688\r\nEmsisoft    5.1.0.2    2011.02.02    Trojan.Win32.Alureon!IK\r\neSafe    7.0.17.0    2011.02.01    Win32.TRAlureon.X\r\neTrust-Vet    36.1.8135    2011.02.01    Win32/Alureon.CFS\r\nF-Prot    4.6.2.117    2011.02.01    W32/MalwareF.UGCX\r\nF-Secure    9.0.16160.0    2011.02.02    Rootkit.TDSS.BH\r\nFortinet    4.2.254.0    2011.02.02    W32/DNSChanger.EP!tr\r\nGData    21    2011.02.02    Rootkit.TDSS.BH\r\nIkarus    T3.1.1.97.0    2011.02.02    Trojan.Win32.Alureon\r\nK7AntiVirus    9.80.3713    2011.02.01    Riskware\r\nMcAfee    5.400.0.1158    2011.02.02    DNSChanger!ep\r\nMcAfee-GW-Edition    2010.1C    2011.02.02    DNSChanger!ep\r\nMicrosoft    1.6502    2011.02.01    Trojan:Win32/Alureon.gen!X\r\nNOD32    5838    2011.02.01    Win32/Olmarik.AFK\r\nNorman    6.06.12    2011.02.01    W32/Suspicious_Gen2.GSECX\r\nPanda    10.0.3.5    2011.02.01    Trj/CI.A\r\nPCTools    7.0.3.5    2011.01.31    Backdoor.Tidserv\r\nRising    23.43.02.02    2011.02.02    Trojan.Win32.Generic.126012F5\r\nSophos    4.61.0    2011.02.02    Mal/Generic-L\r\nSymantec    20101.3.0.103    2011.02.02    Backdoor.Tidserv.L\r\nTheHacker    6.7.0.1.122    2011.01.30    W32/Behav-Heuristic-068\r\nTrendMicro    9.120.0.1004    2011.02.02    TROJ_GEN.R47C2LB\r\nTrendMicro-HouseCall    9.120.0.1004    2011.02.02    TROJ_GEN.R47C2LB\r\nVIPRE    8282    2011.02.02    Trojan.Win32.Generic!BT\r\nMD5   : 8b0b9acea732b91bc2305162c06ed8fc\r\nldr64\r\nhttp://www.virustotal.com/file-scan/report.html?\r\nid=215e7f87c18525fc842c155278a0a49d5075c35ffac1d4f1580e1fc92d4cc52c-1296797566\r\nSubmission date:2011-02-04 05:32:46 (UTC)\r\nResult:20/ 43 (46.5%)\r\nAntivirus     Version     Last Update     Result\r\nAhnLab-V3    2011.01.27.01    2011.01.27    Malware/Win64.Generic\r\nAntiVir    7.11.2.68    2011.02.03    RKit/TDss.CC\r\nAvast    4.8.1351.0    2011.02.03    Win64:Alureon-B@mbr\r\nAvast5    5.0.677.0    2011.02.03    Win64:Alureon-B@mbr\r\nAVG    10.0.0.1190    2011.02.04    Cryptic.BUA\r\nBitDefender    7.2    2011.02.04    Rootkit.TDSS.BH\r\nComodo    7586    2011.02.04    UnclassifiedMalware\r\nDrWeb    5.0.2.03300    2011.02.04    BackDoor.Tdss.4688\r\nhttp://contagiodump.blogspot.com/2011/02/tdss-tdl-4-alureon-32-bit-and-64-bit.html\r\nPage 10 of 11\n\nEmsisoft    5.1.0.2    2011.02.04    Rootkit.TDss!IK\r\neSafe    7.0.17.0    2011.02.03    Win32.Rootkit.TDSS.B\r\neTrust-Vet    36.1.8139    2011.02.03    Win64/Alureon.A\r\nF-Secure    9.0.16160.0    2011.02.04    Rootkit.TDSS.BH\r\nGData    21    2011.02.04    Rootkit.TDSS.BH\r\nIkarus    T3.1.1.97.0    2011.02.04    Rootkit.TDss\r\nK7AntiVirus    9.81.3737    2011.02.03    Riskware\r\nNOD32    5844    2011.02.03    Win64/Olmarik.G\r\nNorman    6.07.03    2011.02.03    Suspicious_Gen2.GVBYR\r\nPanda    10.0.3.5    2011.02.03    Trj/CI.A\r\nTheHacker    6.7.0.1.123    2011.02.02    Trojan/Olmarik.g\r\nVIPRE    8302    2011.02.04    Trojan.Win32.Generic!BT\r\nMD5   : 3edd490066ea4a312e6fa6dc420af6c6\r\nSource: http://contagiodump.blogspot.com/2011/02/tdss-tdl-4-alureon-32-bit-and-64-bit.html\r\nhttp://contagiodump.blogspot.com/2011/02/tdss-tdl-4-alureon-32-bit-and-64-bit.html\r\nPage 11 of 11",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia"
	],
	"references": [
		"http://contagiodump.blogspot.com/2011/02/tdss-tdl-4-alureon-32-bit-and-64-bit.html"
	],
	"report_names": [
		"tdss-tdl-4-alureon-32-bit-and-64-bit.html"
	],
	"threat_actors": [],
	"ts_created_at": 1775434878,
	"ts_updated_at": 1775791243,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/6183109c32d4598372f099adc5fb133042830e7c.pdf",
		"text": "https://archive.orkl.eu/6183109c32d4598372f099adc5fb133042830e7c.txt",
		"img": "https://archive.orkl.eu/6183109c32d4598372f099adc5fb133042830e7c.jpg"
	}
}