home

malwr.com

Claudio Guarnieri

Domain Information

malwr.com is a fantastic malware research website that utilizes the Cuckoo Sandbox which allows users to upload files and receive a full detailed dynamic analysis of what the files does including network activities, and much more. Malwr was created and operated by Claudio nex Guarnieri and Alessandro jekil Tanasi and powered by The Shadowserver Foundation. The domain malwr.com registered by Claudio Guarnieri was initially registered in March of 2010 through GANDI SAS. The hosted servers are located in San Jose, California within the United States which resides on the Hurricane Electric, Inc. network.
Registrar:
GANDI SAS

Server location:
California, United States (US)

Create date:
Tuesday, March 9, 2010

Expires date:
Wednesday, March 9, 2016

Updated date:
Wednesday, March 4, 2015

ASN:
AS6939 HURRICANE - Hurricane Electric, Inc.,US

Whois:
3 malwr.com records

Scanner detections:
Malware distribution  (80% detected)

Scan engine
Details
Detections

McAfee
Artemis!C6A0B1016CD8, generic!bg.ftt, Artemis!F99D5D0E6F9E, Artemis!6B65D5803184, GenericR-EZX!E822C6C07D88, BackDoor-EZG.b
66.67%

Trend Micro House Call
TROJ_GEN.F47V1219, TROJ_GEN.R01ZH09BB15, PAK_Generic.001, TROJ_GEN.F0C2C00AM15, TSPY_ZBOT.YUYAKU, BKDR_FYNLOS.SMIA
66.67%

AVG
MalSign.Adpeak, FakeAlert, Inject2, Atros, Zbot, Delf
66.67%

Microsoft Security Essentials
Adware:Win32/Adpeak, HackTool:Win32/Wincred.H, Trojan:Win32/Chanitor.A, Backdoor:Win32/Fynloski.K, PWS:Win32/Fareit, Backdoor:Win32/Fynloski.A
66.67%

Sophos
AdPeak, Troj/Agent-ALEF, Troj/MSIL-DTH, Troj/Fareit-TZ, Mal/DelfInj-A
55.56%

ESET NOD32
Win64/Adware.Adpeak (variant), Win32/Injector.BSXD, MSIL/Kryptik.DAI (variant), Win32/PSW.Fareit, Win32/Delf.OAZ
55.56%

VIPRE Antivirus
Adware.Adpeak, Trojan.Win32.Generic, Backdoor.Win32.Fynloski.A
55.56%

MicroWorld eScan
Gen:Variant.Graftor.Elzob.9261, Trojan.GenericKD.2084628, Trojan.GenericKD.2593985, Trojan.GenericKD.2859501, Backdoor.Fynloski.S
55.56%

avast!
Win32:Evo-gen [Susp], Win32:PePatch-P [Trj], Win32:Malware-gen, Win32:Flooder-GR [Trj]
55.56%

Bitdefender
Gen:Variant.Graftor.Elzob.9261, Trojan.GenericKD.2084628, Trojan.GenericKD.2593985, Trojan.GenericKD.2859501, Backdoor.Fynloski.S
55.56%

F-Secure
Gen:Variant.Graftor.Elzob.9261, Trojan.GenericKD.2084628, Trojan.GenericKD.2593985, Trojan.GenericKD.2859501, Backdoor.Fynloski.S
55.56%

Emsisoft Anti-Malware
Gen:Variant.Graftor.Elzob.9261, Trojan.GenericKD.2084628, Trojan.GenericKD.2593985, Trojan.GenericKD.2859501, Backdoor.Fynloski.S
55.56%

G Data
Gen:Variant.Graftor.Elzob.9261, Trojan.GenericKD.2084628, Trojan.GenericKD.2593985, Trojan.GenericKD.2859501, Backdoor.Fynloski
55.56%

Panda Antivirus
Trj/CI.A, Generic Suspicious, Generic Malware
55.56%

K7 AntiVirus
Riskware , Trojan , Password-Stealer
55.56%

The domain malwr.com has been seen to resolve to the following 2 IP addresses.

184.105.143.147
cuckoo-prime.shadowserver.org
November 29, 2014

46.244.22.3
3-22-244-46.a2b-internet.com
February 1, 2014

File downloads found at URLs served by malwr.com.

1 / 68      (Malware)
https://malwr.com/analysis/file/ZmQ2ZDMwNjBmZDMzNDQ1MWI0ZmQyZjBhMTJhZWE4N2M/sample/.../  (locd3210.dll)

1 / 68
https://malwr.com/analysis/file/NjgzODY3MjM1NjIxNGZjMjk4ZTE5M2Q5MDY4YTFhNTY/sample/.../  (weixinlieyou.exe)

40 / 68    (Malware)
https://malwr.com/analysis/file/OTM4NjJiNGQ4ZDg0NDZhYmI5ZjU4YzAxZmEwZWUwN2E/sample/.../  (s_rv_r.exe)

29 / 68    (Malware)
https://malwr.com/analysis/file/MDMzNmZhMmE5YmJlNGE0ZDg0YjgzODQ2YTU3NGFkN2Q/sample/.../  (pm2.exe)

26 / 68    (Malware)
https://malwr.com/analysis/file/MWUxMTVmZGNhNjU3NDQ0YWE5ZGY3Mjg5YTk2OWU4NGY/sample/.../  (njrat.exe)

27 / 68    (Malware)
https://malwr.com/analysis/file/OWY1MTU1ZWE4YWFjNDI5OWI4MTNiMzMwMTY1YTIwYmI/sample/.../  (agmas.dll)

8 / 68      (Malware)
https://malwr.com/analysis/file/NTE1YmE5ZWM5OWExNDQ3ZGFjNTVlZDliNmIyYmU0Nzg/sample/.../  (7.exe)

11 / 68    (Malware)
https://malwr.com/analysis/file/OTE5NGVkYzkzZjU5NDg3YmE0YzVjMzU0Njk3YjY5NjU/sample/.../  (75.exe)

0 / 68
https://malwr.com/analysis/file/NzhhOWU3YTUzYzZlNDM0YTliYjgxMDhkOTkwZmJhMzM/sample/.../  ({d2d8150c-a684-4a11-a6fd-044d076ae451}-f8990f71d53014ead02e13b4e063291d80dba9892b80843a9ffe007c81642)

9 / 68      (Adware)
https://malwr.com/analysis/file/MDI3Y2YzZTNkMmJiNGZiMWI5YzczMTQ2YTE1NmYwOTQ/sample/.../  (levelqualitywatcher64.exe)

URL:
http://malwr.com/

Google Analytics:
UA-30121810

Title:
“Malwr - Malware Analysis by Cuckoo Sandbox”

Description:
“Submit malware for free analysis with Cuckoo Sandbox”

SSL certificate subject:
CN=malwr.com, OU=Gandi Standard SSL, OU=Domain Control Validated

SSL certificate issuer:
CN=Gandi Standard SSL CA, O=GANDI SAS, C=FR

Web server:
nginx

Facebook:
Likes:  129
Shares:  136
Comments:  38

Twitter:
Shares:  346

Statistics above are for the previous month of March 2024.

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.