$ cat VirusShare_search-ponmocup.htm | egrep "( = )" | sed -e 's/<.*>//g' | cut -d"=" -f1 | sort | uniq -c | sort -nr 20 Panda 20 NOD32 20 Ikarus 20 GData 20 F-Secure 20 Emsisoft 20 DrWeb 20 BitDefender 20 Avast 19 Norman 19 Kaspersky 19 Fortinet 19 Comodo 19 AntiVir 19 AhnLab-V3 19 AVG 18 TrendMicro-HouseCall 18 TrendMicro 18 Microsoft 18 K7AntiVirus 17 nProtect 17 VIPRE 17 McAfee-GW-Edition 17 McAfee 17 Jiangmin 15 VirusBuster 15 Symantec 15 Sophos 14 VBA32 14 TheHacker 14 PCTools 11 F-Prot 11 Commtouch 10 SUPERAntiSpyware 9 Rising 9 ClamAV 9 Antiy-AVL 8 eTrust-Vet 8 ViRobot 6 ByteHero 5 eSafe 3 CAT-QuickHeal $ cat VirusShare_search-ponmocup.htm | egrep "( = )" | sed -e 's/<.*>//g' | sort | uniq -c 1 AVG = Downloader.Generic10.BMDC 1 AVG = Downloader.Generic10.BOLE 1 AVG = Downloader.Small.62.D 1 AVG = Dropper.Generic4.BXSO 8 AVG = Dropper.VB.CMD 1 AVG = Generic22.JDH 1 AVG = Generic25.AFPK 1 AVG = Generic25.AIJK 1 AVG = Generic25.BRLU 1 AVG = Generic25.BTFX 1 AVG = Generic25.BTHJ 1 AVG = Suspicion: unknown virus 1 AhnLab-V3 = Trojan/Win32.HDC 2 AhnLab-V3 = Trojan/Win32.Jorik 1 AhnLab-V3 = Trojan/Win32.Monder 5 AhnLab-V3 = Trojan/Win32.Pirminay 8 AhnLab-V3 = Trojan/Win32.Swisyn 1 AhnLab-V3 = Win-Trojan/Pirminay.313344.M 1 AhnLab-V3 = Win-Trojan/Pirminay.438601 1 AntiVir = TR/Crypt.XPACK.Gen 1 AntiVir = TR/Dldr.Ponmocup.A.393 1 AntiVir = TR/Downloader.Gen 1 AntiVir = TR/Graftor.1139.2 1 AntiVir = TR/Graftor.3421.1 1 AntiVir = TR/Graftor.3421.2 1 AntiVir = TR/Monder.mzyl 1 AntiVir = TR/Pirminay.bg.2 1 AntiVir = TR/Pirminay.bhf 1 AntiVir = TR/Pirminay.bhy 1 AntiVir = TR/Spy.438876.1 8 AntiVir = TR/VB.Downloader.Gen 2 Antiy-AVL = Trojan/Win32.Jorik 1 Antiy-AVL = Trojan/Win32.Jorik.gen 1 Antiy-AVL = Trojan/Win32.Monder 1 Antiy-AVL = Trojan/Win32.Pirminay 3 Antiy-AVL = Trojan/Win32.Pirminay.gen 1 Antiy-AVL = Trojan/win32.agent 8 Avast = Win32:Hosts-J [Trj] 1 Avast = Win32:Kryptik-WL [Trj] 1 Avast = Win32:MalOb-EI [Cryp] 7 Avast = Win32:Malware-gen 1 Avast = Win32:Pirminay-DW [Trj] 1 Avast = Win32:Spyware-gen [Spy] 1 Avast = Win32:Trojan-gen 1 BitDefender = Backdoor.Generic.542938 1 BitDefender = Gen:Variant.Graftor.1139 1 BitDefender = Gen:Variant.Graftor.3421 1 BitDefender = Gen:Variant.Vundo.11 1 BitDefender = Trojan.Generic.5274711 1 BitDefender = Trojan.Generic.6148391 2 BitDefender = Trojan.Generic.6270838 1 BitDefender = Trojan.Generic.6764589 1 BitDefender = Trojan.Generic.6871065 1 BitDefender = Trojan.Generic.6892427 1 BitDefender = Trojan.Generic.KD.393940 8 BitDefender = Trojan.QHosts.AVD 5 ByteHero = Trojan.Win32.Heur.Gen 1 ByteHero = Virus.Win32.Heur.p 1 CAT-QuickHeal = Trojan.Jorik.Pirminay.aoq 1 CAT-QuickHeal = Trojan.Monder.mzyl 1 CAT-QuickHeal = TrojanDownloader.Ponmocup.a 1 ClamAV = Trojan.Agent-183385 8 ClamAV = Trojan.VB-43290 2 Commtouch = W32/FakeAlert.FT.gen!Eldorado 1 Commtouch = W32/FakeAlert.LP.gen!Eldorado 8 Commtouch = W32/Swisyn.E.gen!Eldorado 8 Comodo = TrojWare.Win32.Swisyn.C 5 Comodo = TrojWare.Win32.Trojan.Agent.Gen 6 Comodo = UnclassifiedMalware 1 DrWeb = Trojan.DownLoader5.4289 1 DrWeb = Trojan.DownLoader5.5892 1 DrWeb = Trojan.Fakealert.26434 1 DrWeb = Trojan.Hosts.2582 9 DrWeb = Trojan.Hosts.303 1 DrWeb = Trojan.MulDrop1.59103 4 DrWeb = Trojan.WinSpy.1014 2 DrWeb = Trojan.WinSpy.origin 1 Emsisoft = Riskware.AdWare.Win32.SuperJuan!IK 6 Emsisoft = Trojan-Downloader.Win32.Ponmocup!IK 1 Emsisoft = Trojan.Pirminay!IK 4 Emsisoft = Trojan.Win32.Pirminay!IK 8 Emsisoft = Trojan.Win32.Swisyn!IK 2 F-Prot = W32/FakeAlert.FT.gen!Eldorado 1 F-Prot = W32/FakeAlert.LP.gen!Eldorado 8 F-Prot = W32/Swisyn.E.gen!Eldorado 1 F-Secure = Backdoor.Generic.542938 1 F-Secure = Gen:Variant.Graftor.1139 1 F-Secure = Gen:Variant.Graftor.3421 1 F-Secure = Gen:Variant.Vundo.11 1 F-Secure = Trojan.Generic.5274711 1 F-Secure = Trojan.Generic.6148391 2 F-Secure = Trojan.Generic.6270838 1 F-Secure = Trojan.Generic.6764589 1 F-Secure = Trojan.Generic.6871065 1 F-Secure = Trojan.Generic.6892427 1 F-Secure = Trojan.Generic.KD.393940 8 F-Secure = Trojan.QHosts.AVD 1 Fortinet = PossibleThreat 1 Fortinet = W32/Evx.BG!tr 1 Fortinet = W32/Jorik_Pirminay.ANO!tr 1 Fortinet = W32/Kryptik.ANL!tr 1 Fortinet = W32/Malware_fam.NB 1 Fortinet = W32/Monder.MZYL!tr 2 Fortinet = W32/Pirminay.A!tr 1 Fortinet = W32/Ponmocup.A 1 Fortinet = W32/Ponmocup.AA 8 Fortinet = W32/Swisyn.CQV!tr 1 Fortinet = W32/Virtum!tr 1 GData = Backdoor.Generic.542938 1 GData = Gen:Variant.Graftor.1139 1 GData = Gen:Variant.Graftor.3421 1 GData = Gen:Variant.Vundo.11 1 GData = Trojan.Generic.5274711 1 GData = Trojan.Generic.6148391 2 GData = Trojan.Generic.6270838 1 GData = Trojan.Generic.6764589 1 GData = Trojan.Generic.6871065 1 GData = Trojan.Generic.6892427 1 GData = Trojan.Generic.KD.393940 8 GData = Trojan.QHosts.AVD 6 Ikarus = Trojan-Downloader.Win32.Ponmocup 1 Ikarus = Trojan.Pirminay 4 Ikarus = Trojan.Win32.Pirminay 8 Ikarus = Trojan.Win32.Swisyn 1 Ikarus = not-a-virus:AdWare.Win32.SuperJuan 2 Jiangmin = Trojan/Generic.kfzm 1 Jiangmin = Trojan/Generic.kkfx 2 Jiangmin = Trojan/Generic.knvv 1 Jiangmin = Trojan/Pirminay.gr 1 Jiangmin = Trojan/Pirminay.gs 1 Jiangmin = Trojan/Pirminay.up 8 Jiangmin = Trojan/Swisyn.cby 1 Jiangmin = TrojanDownloader.Agent.ctuc 6 K7AntiVirus = Riskware 12 K7AntiVirus = Trojan 2 Kaspersky = HEUR:Trojan.Win32.Generic 1 Kaspersky = Trojan.Win32.Jorik.Pirminay.ano 1 Kaspersky = Trojan.Win32.Jorik.Pirminay.aoq 1 Kaspersky = Trojan.Win32.Jorik.Pirminay.avy 1 Kaspersky = Trojan.Win32.Monder.mzyl 1 Kaspersky = Trojan.Win32.Pirminay.bg 1 Kaspersky = Trojan.Win32.Pirminay.bhy 1 Kaspersky = Trojan.Win32.Pirminay.cub 1 Kaspersky = Trojan.Win32.Pirminay.hjy 1 Kaspersky = Trojan.Win32.Pirminay.hlu 8 Kaspersky = Trojan.Win32.Swisyn.jyb 1 McAfee = Downloader.a!bu 1 McAfee = Downloader.a!cc 1 McAfee = Downloader.a!vz 1 McAfee = Generic Downloader.x!g2z 1 McAfee = Generic.dx!yak 1 McAfee = Generic.evx!bd 2 McAfee = Generic.evx!bg 1 McAfee = Kryp.b 8 McAfee = Swisyn.s 1 McAfee-GW-Edition = Downloader.a!cc 1 McAfee-GW-Edition = Generic Downloader.x!g2z 1 McAfee-GW-Edition = Generic.dx!yak 1 McAfee-GW-Edition = Generic.evx!bd 2 McAfee-GW-Edition = Generic.evx!bg 4 McAfee-GW-Edition = Heuristic.BehavesLike.Win32.Downloader.A 1 McAfee-GW-Edition = Heuristic.BehavesLike.Win32.Downloader.D 1 McAfee-GW-Edition = Heuristic.BehavesLike.Win32.Downloader.H 1 McAfee-GW-Edition = Heuristic.LooksLike.Trojan.Dropper.B 1 McAfee-GW-Edition = Kryp.b 3 McAfee-GW-Edition = Swisyn.s 1 Microsoft = Trojan:Win32/Meredrop 16 Microsoft = TrojanDownloader:Win32/Ponmocup.A 1 Microsoft = TrojanDownloader:Win32/Renos.KC 2 NOD32 = Win32/Ponmocup.AA 8 NOD32 = Win32/Qhost.NRX 2 NOD32 = Win32/TrojanDownloader.Agent.PXO 1 NOD32 = a variant of Win32/Kryptik.LLT 1 NOD32 = a variant of Win32/Kryptik.SWI 1 NOD32 = a variant of Win32/Kryptik.UFA 1 NOD32 = a variant of Win32/Kryptik.VDN 3 NOD32 = a variant of Win32/Ponmocup.AA 1 NOD32 = probably a variant of Win32/Agent.BTILRDN 8 Norman = W32/DLoader.ACMAD 3 Norman = W32/Kryptik.AIF 8 Norman = W32/Obfuscated.L 8 PCTools = Malware.Changeup 5 PCTools = Trojan.Gen 1 PCTools = Trojan.Milicenso 3 Panda = Generic Trojan 2 Panda = Suspicious file 1 Panda = Trj/Agent.OLO 6 Panda = Trj/CI.A 8 Panda = Trj/Qhost.LU 1 Rising = Trojan.Win32.Generic.129CDFF1 8 Rising = Trojan.Win32.QHost.awf 1 SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] 2 SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[RE] 5 SUPERAntiSpyware = Trojan.Agent/Gen-HackHost 2 SUPERAntiSpyware = Trojan.Agent/Gen-Qhost 2 Sophos = Mal/Generic-L 1 Sophos = Mal/Ponmocup-A 8 Sophos = Mal/Swisyn-D 1 Sophos = Sus/Behav-278 1 Sophos = Troj/Ponmo-A 2 Sophos = Troj/Virtum-Gen 1 Symantec = Suspicious.Cloud 5 Symantec = Trojan.Gen 1 Symantec = Trojan.Milicenso 7 Symantec = W32.Changeup!gen 1 Symantec = WS.Reputation.1 1 TheHacker = Trojan/Downloader.Agent.pxo 1 TheHacker = Trojan/Kryptik.vdn 1 TheHacker = Trojan/Pirminay.bhf 1 TheHacker = Trojan/Pirminay.bhy 1 TheHacker = Trojan/Pirminay.fwy 1 TheHacker = Trojan/Ponmocup.aa 8 TheHacker = Trojan/Swisyn.jyb 8 TrendMicro = TROJ_FAM_00001e3.TOMA 1 TrendMicro = TROJ_GEN.R11C7KB 1 TrendMicro = TROJ_GEN.R21C2F4 1 TrendMicro = TROJ_GEN.R21C2FE 1 TrendMicro = TROJ_GEN.R23C3BD 1 TrendMicro = TROJ_GEN.R3BCRBR 1 TrendMicro = TROJ_GEN.R47C7K8 1 TrendMicro = TROJ_GEN.R47C7KE 1 TrendMicro = TROJ_GEN.R4AC7KK 1 TrendMicro = TROJ_PONMOCUP.AB 1 TrendMicro = TROJ_PONMOCUP.AC 8 TrendMicro-HouseCall = TROJ_FAM_00001e3.TOMA 1 TrendMicro-HouseCall = TROJ_GEN.R11C7KB 1 TrendMicro-HouseCall = TROJ_GEN.R21C2F4 1 TrendMicro-HouseCall = TROJ_GEN.R21C2FE 1 TrendMicro-HouseCall = TROJ_GEN.R23C3BD 1 TrendMicro-HouseCall = TROJ_GEN.R3BCRBR 1 TrendMicro-HouseCall = TROJ_GEN.R47C7K8 1 TrendMicro-HouseCall = TROJ_GEN.R47C7KE 1 TrendMicro-HouseCall = TROJ_GEN.R4AC7KK 1 TrendMicro-HouseCall = TROJ_PONMOCUP.AB 1 TrendMicro-HouseCall = TROJ_PONMOCUP.AC 1 VBA32 = SScope.Trojan.Pirminay.chc 8 VBA32 = SScope.Trojan.VB.0609 1 VBA32 = Trojan.Fksys.81105 1 VBA32 = Trojan.Jorik.Pirminay.ano 1 VBA32 = Trojan.Pirminay.bg 1 VBA32 = Trojan.Pirminay.cta 1 VBA32 = Trojan.Pirminay.fwz 1 VIPRE = Trojan-Downloader.Win32.Agent.ecjo (v) 7 VIPRE = Trojan.Win32.Generic!BT 1 VIPRE = Trojan.Win32.Monder.gen 8 VIPRE = Trojan.Win32.Swisyn.jyb (v) 8 ViRobot = Trojan.Win32.Swisyn.65024 1 VirusBuster = Trojan.Kryptik!XPYaFkgQJuY 1 VirusBuster = Trojan.Kryptik!YhtS8OcgDPE 1 VirusBuster = Trojan.Monder!KTXAshYxjGA 1 VirusBuster = Trojan.Pirminay!1T9hymiWPH0 1 VirusBuster = Trojan.Ponmocup!Qf/SCxIUIDk 1 VirusBuster = Trojan.Ponmocup!lGJTkqsZNdg 8 VirusBuster = Trojan.Swisyn!whPY1JLc4mw 1 VirusBuster = TrojanSpy.Agent!jdleA1Gsspg 1 eSafe = Win32.GenVariant.Gra 1 eSafe = Win32.HEURCrypted.E 1 eSafe = Win32.Milicenso 1 eSafe = Win32.TRGraftor 1 eSafe = Win32.Trojan 8 eTrust-Vet = Win32/Swisyn.R 1 nProtect = Backdoor/W32.Agent.294341 3 nProtect = Gen:Variant.Graftor.3421 1 nProtect = Trojan/W32.Jorik.219136.B 1 nProtect = Trojan/W32.Jorik.236032.B 1 nProtect = Trojan/W32.Jorik.243712.D 1 nProtect = Trojan/W32.Pirminay.17176 1 nProtect = Trojan/W32.Pirminay.313344 1 nProtect = Trojan/W32.Pirminay.438601 1 nProtect = Trojan/W32.QHosts.122880 1 nProtect = Trojan/W32.QHosts.147456 1 nProtect = Trojan/W32.Swisyn.126976.G 1 nProtect = Trojan/W32.Swisyn.157184 1 nProtect = Trojan/W32.Swisyn.184320.I 1 nProtect = Trojan/W32.Swisyn.241664.F 1 nProtect = Trojan/W32.Swisyn.79872 $ cat VirusShare_search-ponmocup.htm | egrep "(MD5)" | sed -e 's/<[/]*t[dr]>/\n/g' | egrep -A 2 "(MD5)" | xargs | sed 's/ -- /\n/g' MD5 c23425f852e3ad188effc205317142fc MD5 bb479a7e69c5e1c503aa6dd506c732f3 MD5 9e08f52039eeacf7f3e8696046358684 MD5 97a1acc085849c0b9af19adcf44607a7 MD5 f8fd20b40667882e9e7301fb76b890c0 MD5 4734169e48df4fea56bce65ec0e56066 MD5 fcac6af96d814f68c9a48d9cc5ad91ed MD5 f7efabd89d9b4d4ee3f3b4875c11b47c MD5 ffe728d69c233b6f09b016084be62270 MD5 edf380c2b7526cf521818af7d1ea6727 MD5 e918c9bd0093b52590c3c93751a84b56 MD5 e5dfa7c6ef3b2853a98f02178ffbfed8 MD5 cc699a17b1f9fc43d419f2d8cbf1e24b MD5 b8a3097df22fe768639738fbf1afca98 MD5 b6babab0cbcc42a07d89df325ddeccdf MD5 a939841b8e4724d1b0163b30f0d9baec MD5 651589d6999c4017c8f42a9cabdb5a85 MD5 5e501ecbadd0a9d0f380f918f1c4986e MD5 5b9ece2e5d16bdcb86e3ad8b3259991a MD5 58d7c19e16e421440e372780832ecf61 $ cat VirusShare_search-ponmocup.htm | egrep "(Time Stamp|Entry Point|>Size<)" | sed -e 's///g' | sed -e 's/<\/td>/ : /g' | sed -e 's/<\/td><\/tr>//g' Size : 313344 bytes Time Stamp : 2006:11:08 19:50:42-05:00 Entry Point : 0x47ac Size : 219136 bytes Time Stamp : 0000:00:00 00:00:00 Entry Point : 0x12b2 Size : 241664 bytes Time Stamp : 0000:00:00 00:00:00 Entry Point : 0x45130 Size : 270848 bytes Time Stamp : 0000:00:00 00:00:00 Entry Point : 0x47620 Size : 258560 bytes Time Stamp : 0000:00:00 00:00:00 Entry Point : 0x46ab0 Size : 236032 bytes Time Stamp : 0000:00:00 00:00:00 Entry Point : 0x1296 Size : 294912 bytes Time Stamp : 0000:00:00 00:00:00 Entry Point : 0x109aa Size : 79872 bytes Time Stamp : 2009:07:13 10:28:38-04:00 Entry Point : 0x1088 Size : 243712 bytes Time Stamp : 2009:07:30 02:01:14-04:00 Entry Point : 0x46670 Size : 17176 bytes Time Stamp : 0000:00:00 00:00:00 Entry Point : 0x197f Size : 147456 bytes Time Stamp : 2009:07:13 10:28:38-04:00 Entry Point : 0x1088 Size : 266032 bytes Time Stamp : 0000:00:00 00:00:00 Entry Point : 0x109aa Size : 241664 bytes Time Stamp : 2009:07:13 10:28:38-04:00 Entry Point : 0x1088 Size : 122880 bytes Time Stamp : 2009:07:13 10:28:38-04:00 Entry Point : 0x1088 Size : 294341 bytes Time Stamp : 2003:04:01 19:14:40-05:00 Entry Point : 0x69a6 Size : 157184 bytes Time Stamp : 2009:07:13 10:28:38-04:00 Entry Point : 0x1088 Size : 184320 bytes Time Stamp : 2009:07:13 10:28:38-04:00 Entry Point : 0x1088 Size : 144384 bytes Time Stamp : 2009:07:13 10:28:38-04:00 Entry Point : 0x1088 Size : 438601 bytes Time Stamp : 2008:02:05 19:07:07-05:00 Entry Point : 0x17e86 Size : 126976 bytes Time Stamp : 2009:07:13 10:28:38-04:00 Entry Point : 0x1088