| Packed MD5 | 000ed84d4f7a670eda64a1ee9f0b73d6 |
| Priority | 64 |
| First | 08/05/2013 |
| Last | 01/30/2014 |
| Count | |
| History | |
| Unpacked MD5 | dd524b02593d021e73571d0345043c00 |
| AV Hits | 0 0 40 32 41 0 8 0 7 0 0 0 0 29 38 40 0 36 6 42 0 0 29 28 0 0 2 41 2 0 0 0 0 42 40 0 41 3 0 0 0 0 0 0 0 38 2 0 32 38 0 23 0 8 22 7 0 37 0 0 0 0 39 0 0 41 0 0 42 0 43 0 39 0 0 5 31 7 0 0 39 0 0 0 26 25 0 36 0 39 0 0 38 29 0 0 4 3 38 0 0 16 0 0 0 37 29 41 0 42 40 0 42 35 0 39 0 28 0 40 40 0 0 26 41 0 0 37 31 0 34 30 0 0 0 2 0 0 0 39 3 36 0 3 0 41 0 0 40 34 29 0 41 41 0 0 37 38 0 0 0 0 0 0 0 0 41 0 6 41 |
| AV Count | 32 |
| CC Servers | 213.155.14.161:80 |
| DNS Lookups | :www.maxmind.com US:checkip.dyndns.org :getmyip.co.uk :www.getmyip.org EU:checkip.dyndns.org DE:moscow-advokat.ru DE:citi-bank.ru PL:bgr.runk.pl PL:ilo.brenz.pl US:microsoft.com |
| Failed Connects | 108.168.255.243:80 US:216.146.38.70:80 DE:131.220.6.26:80 EU:91.198.22.70:80 IN:202.141.240.86:8232 DE:82.98.86.164:6667 DE:213.155.14.161:80 37.140.71.128:1876 PL:148.81.111.111:80 182.73.223.140:8830 DE:82.98.86.167:6667 TW:203.69.112.58:9437 182.73.225.116:6641 TH:122.155.167.90:5687 95.0.90.30:6292 IN:122.169.240.178:5794 PK:202.142.161.170:8571 ID:202.152.30.227:6731 112.25.21.7:5931 124.195.193.51:6808 UA:212.111.205.92:3598 VN:123.25.28.52:9173 |
| AV Name | AhnLab-V3:Virut.B, AntiVir:Virut.AX, Authentium:Virut.7116, Avast:_Virtob, AVG:Korgo.A, BitDefender:Generic.1710790, CAT-QuickHeal:Virut.E, ClamAV:Virut-54, DrWeb:Lsabot, eSafe:WormKorgo.V, eTrust-Vet:Virut.7115, Ewido:MISSED, FileAdvisor:MISSED, Fortinet:Virut.AV, F-Prot:Korgo.V, F-Secure:Generic.1710790, Ikarus:Padobot, Kaspersky:Padobot.m, McAfee:Virut.gen.a, Microsoft:Korgo.V, NOD32v2:MISSED, Norman:Korgo.V, Panda:MISSED, Prevx1:MISSED, Rising:Virut.an, Sophos:Virut-W, Sunbelt:MISSED, Symantec:Virut.W, TheHacker:Virut.av, VBA32:Padobot.m, VirusBuster:Padobot.D, Webwasher-Gateway:MISSED |
| WinXP Files | ftpupd.exe, fwdam.exe, DLLHOST.EXE, SVCHOST.EXE, umwbb.exe, ymosh.exe, tpvgrk.exe |
| WinXP Processes | CMD.EXE, CSRSS.EXE, EXPLORER.EXE, fwdam.exe, LSASS.EXE, MSMSGS.EXE, SERVICES.EXE, SPOOLSV.EXE, SVCHOST.EXE, WINLOGON.EXE, DLLHOST.EXE, umwbb.exe, ymosh.exe, tpvgrk.exe |
| WinXP Registries | HKEY_LOCAL_MACHINE@...Microsoft\\Wireless |
| WinXP Ports | 4799, 1031, 1050, 2454, 1049, 2951, 6928 |
| Win-2Kf Files | |
| Win-2Kf Processes | |
| Win-2Kf Registries | HKEY_LOCAL_MACHINE@...Microsoft\DownloadManager, HKEY_USERS@...InternetSettings\5.0, HKEY_USERS@...InternetSettings\Connections, HKEY_LOCAL_MACHINE@...Microsoft\\DownloadManager, HKEY_USERS@...InternetSettings\\5.0, HKEY_USERS@...InternetSettings\\Connections |
| Win-2Kf Ports | 9110, 1027 |
| Create Events | |
| Create Files | |
| Create RegKeys | |
| Open RegKeys | |
| Service Starts | |
| Service Deletes | |
| Service Creates | |
| Cluster | |
| Cluster Confidence | |
| Packer ID1 | none |
| Packer ID2 | none |
| Embedded DNS | |
| String Count | 298 |
| String Link | text |
| String MD5 | 1cfbc263db2978969500387a01c75ace |
| Timerange | 365 Days |
| Unpack Status | unknown () |
| Countries | 30 |
| Unpacked Link | |
| Callgraph | |
| API Resolution | |
| Comment | none |