CartellaUnicaTasse Trojan


Today my Girl kindly signaled me an e-mail that she has received some time ago. This mail have as subject Cartella esattoriale n° 003 210400360968173 and contains an Executable in attachement called CartellaUnicaTasse.exe

This executable is packed with a layer of UPX so it can be easly unpacked, is also coded in VB6, this malware is actually detected as Trojan-Downloader.Win32.VB.fcd by many AVs but is still working in all its functionalities.

From a fast analysis we can carve two URLs from which are downloaded two virusses:



Download1.exe -> Trojan-Clicker.Win32.Agent.aqk

Download2.exe -> Trojan.Win32.Small.atd

Download3.exe -> Trojan.Win32.Dialer.qi

loader_mef.exe -> Trojan-Downloader.Win32.VB.fcd

mef.exe -> Trojan-Clicker.Win32.Agent.aqk

I’ll analyze both Download1 and Download3 and I’ll post soon how these craps works 😉

All these Malwares are written by an Italian, the downloader contains the path c:\Programmi\ and the Dialer contains also italian terms.

See you to the next post.. 🙂


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: