| Packed MD5 | 168aab35a3c1e948ab4f93c12bc73494 |
| Priority | 8 |
| First | 08/13/2009 |
| Last | 02/06/2010 |
| Count | |
| History | |
| Unpacked MD5 | 60b730b97e079dd2529609c5659ccfd4 |
| AV Hits | 31 31 |
| AV Count | 32 |
| CC Servers | 91.212.220.75:65520 218.93.205.30:65520 83.133.119.206:65520 88.198.228.238:65520 218.93.201.51:65520 193.104.94.11:65520 88.198.228.238:65520 193.104.94.11:65520 221.5.74.39:65520 122.195.190.197:65520 218.93.205.30:65520 91.212.220.75:65520 91.212.220.75:65520 218.93.205.30:65520 |
| DNS Lookups | US:microsoft.com CN:proxima.ircgalaxy.pl CN:dl.guarddog2009.com EU:gidromash.cn EU:ottopay.cn DE:proxima.ircgalaxy.pl CN:stashonline.info CN:down0129.iwillhavesexygirls.com EU:pozeml.com :pozemle.cn :nenastiya.cn CN:config1007.iwillhavesexygirls.com CN:maillist.iwillhavesexygirls.com EU:sleepatnight.cn :wws.mobiec.net US:xz.ub9.net CN:russia.2288.org CN:www.petdoso.com :in.7cy.net :in1.7cy.net US:domainmillions.info US:images01.tzimg.com US:domdex.com US:ad.yieldmanager.com :ad.doubleclick.net GB:www.businesstomb.com EU:proxima.ircgalaxy.pl CN:www.liagand.cn CN:av.lometr.pl CN:down1130.iwillhavesexygirls.com CN:1130.kfgrtjer.cn :bfkq.com :jsactivity.com US:search.toptravellingtips.com :www.toptravellingtips.com CN:q.kfgrtjer.cn CA:maxdomzhit.com EU:colopin.cn CN:www.kimcar.com US:fafcdsads.com US:syndication.exoclick.com FR:proxima.ircgalaxy.pl :monstersoftware.info CN:dretis.cn CN:kritq.cn :onuka.cn US:client155.faster-hosting.com CN:www.brans.pl CN:js.users.51.la CN:icon.ajiang.net CN:web.51.la US:criminallawyercell.info US:speedywindshieldrepair.info US:growthhormoneproducts.com :cuguy.com :pdffilesite.com CN:gidromash.cn CN:ottopay.cn CN:streq.cn :horobl.cn CN:ad.lometr.pl EU:mskfintrust.com :ns2.mm1-shop.net |
| Failed Connects | US:64.235.53.208:80 EU:91.212.220.75:65520 CN:122.224.6.48:88 93.174.92.220:80 CN:121.14.145.75:88 CN:202.97.184.196:81 74.125.19.148:80 174.36.176.242:81 CN:218.93.205.30:65520 173.45.105.218:8392 DE:88.198.228.238:65520 CA:209.172.57.51:80 CN:210.51.36.215:88 CN:61.235.117.71:80 CN:61.152.144.146:80 US:208.43.250.167:80 FR:193.104.94.11:65520 204.27.57.154:8392 US:66.96.221.101:8392 98.126.9.218:80 112.200.121.97:3128 115.86.64.11:3128 117.102.113.3:3128 117.68.8.79:3128 CN:124.115.37.201:3128 KR:124.49.62.227:3128 ES:155.54.19.250:3128 BR:200.133.48.28:3128 ID:202.159.52.59:3128 KR:210.108.183.12:3128 KR:211.246.215.29:3128 ES:84.124.241.148:3128 CN:211.95.79.170:80 US:64.191.44.5:80 GB:212.117.177.140:80 |
| AV Name | AhnLab-V3:Virut, AntiVir:Virut.A, Authentium:Virut.4960, Avast:_Virut-B, AVG:Virut.A, BitDefender:Virtob.6.Gen, CAT-QuickHeal:Virut.A, ClamAV:Virut.A, DrWeb:Virut, eSafe:Virut.a, eTrust-Vet:Virut.5127, Ewido:MISSED, FileAdvisor:MISSED, Fortinet:Virut.A, F-Prot:Virut.4960, F-Secure:Virut.a, Ikarus:Virut.a, Kaspersky:Virut.a, McAfee:Virut.a, Microsoft:Virut.A, NOD32v2:Virut.5127, Norman:Virut.A, Panda:Virutas.B, Prevx1:MISSED, Rising:Virut.a, Sophos:Virut-T, Sunbelt:MISSED, Symantec:Virut.A, TheHacker:Virut.gen, VBA32:Virut.A, VirusBuster:Virut.Gen.4, Webwasher-Gateway:Virut.A |
| WinXP Files | 1.ico, 2.ico, 3.ico, 3.tmp, 4.tmp, accwiz.exe, actmovie.exe, agentsvr.exe, ahui.exe, alg.exe, arp.exe, asr_fmt.exe, asr_ldm.exe, at.exe, atmadm.exe, attrib.exe, bootcfg.exe, bootok.exe, bootvrfy.exe, cacls.exe, calc.exe, charmap.exe, chkdsk.exe, chkntfs.exe, cidaemon.exe, cipher.exe, cisvc.exe, ckcnv.exe, cleanmgr.exe, cliconfg.exe, clipbrd.exe, clipsrv.exe, cmdl32.exe, cmmon32.exe, cmstp.exe, compact.exe, comp.exe, comrepl.exe, conime.exe, control.exe, convert.exe, cscript.exe, ctfmon.exe, dcomcnfg.exe, ddeshare.exe, defrag.exe, dfrgfat.exe, dfrgntfs.exe, diantz.exe, diskpart.exe, diskperf.exe, dllhost.exe, dllhst3g.exe, dmadmin.exe, dmremote.exe, doskey.exe, dplaysvr.exe, dpnsvr.exe, dpvsetup.exe, driverquery.exe, drwtsn32.exe, dumprep.exe, dvdplay.exe, dvdupgrd.exe, dxdiag.exe, esentutl.exe, eudcedit.exe, eventcreate.exe, eventtriggers.exe, eventvwr.exe, expand.exe, extrac32.exe, fc.exe, find.exe, findstr.exe, finger.exe, fixmapi.exe, fontview.exe, forcedos.exe, freecell.exe, fsutil.exe, ftp.exe, getmac.exe, gpresult.exe, gpupdate.exe, grpconv.exe, HelpCtr.exe, help.exe, HelpHost.exe, HelpSvc.exe, hh.exe, hostname.exe, ie4uinit.exe, iexpress.exe, imapi.exe, ipconfig.exe, ipsec6.exe, ipv6.exe, ipxroute.exe, label.exe, lights.exe, lnkstub.exe, locator.exe, lodctr.exe, logagent.exe, logman.exe, logoff.exe, logon.scr, logonui.exe, lpq.exe, lpr.exe, magnify.exe, makecab.exe, migload.exe, migpwd.exe, migwiz_a.exe, migwiz.exe, mmc.exe, mnmsrvc.exe, mobsync.exe, mofcomp.exe, mountvol.exe, mplay32.exe, mpnotify.exe, mqbkup.exe, mqsvc.exe, mqtgsvc.exe, mrinfo.exe, msconfig.exe, msdtc.exe, msg.exe, mshearts.exe, mshta.exe, msiexec.exe, msoobe.exe, mspaint.exe, msswchx.exe, mstinit.exe, mstsc.exe, narrator.exe, nbtstat.exe, nddeapir.exe, net1.exe, netdde.exe, net.exe, netsetup.exe, netsh.exe, netstat.exe, NOTEPAD.EXE, notiflag.exe, nppagent.exe, nslookup.exe, ntbackup.exe, ntsd.exe, ntvdm.exe, nwscript.exe, odbcad32.exe, odbcconf.exe, oobebaln.exe, openfiles.exe, osk.exe, osuninst.exe, packager.exe, pathping.exe, pentnt.exe, perfmon.exe, ping6.exe, print.exe, progman.exe, proquota.exe, proxycfg.exe, qappsrv.exe, qprocess.exe, qwinsta.exe, rasautou.exe, rasdial.exe, rasphone.exe, rcimlby.exe, rcp.exe, rdpclip.exe, rdsaddin.exe, rdshost.exe, recover.exe, relog.exe, replace.exe, reset.exe, rexec.exe, routemon.exe, rsh.exe, rsm.exe, rsmsink.exe, rsmui.exe, rsnotify.exe, rsopprov.exe, rstrui.exe, rsvp.exe, rtcshare.exe, runas.exe, rundll32.exe, runonce.exe, rwinsta.exe, savedump.exe, scardsvr.exe, schtasks.exe, SC.INS, scrcons.exe, scrnsave.scr, sdbinst.exe, secedit.exe, sessmgr.exe, sethc.exe, sfc.exe, shadow.exe, shmgrate.exe, shrpubw.exe, shutdown.exe, sigverif.exe, skeys.exe, smlogsvc.exe, sndrec32.exe, sndvol32.exe, sol.exe, sort.exe, spider.exe, srdiag.exe, ss3dfo.scr, ssbezier.scr, ssflwbox.scr, ssmarque.scr, ssmypics.scr, ssmyst.scr, sspipes.scr, ssstars.scr, sstext3d.scr, stimon.exe, subst.exe, SVCHOST.EXE, syncapp.exe, syskey.exe, sysocmgr.exe, systeminfo.exe, systray.exe, taskkill.exe, tasklist.exe, taskman.exe, taskmgr.exe, tcmsetup.exe, tcpsvcs.exe, telnet.exe, tftp.exe, tlntadmn.exe, tlntsess.exe, tlntsvr.exe, tourstart.exe, tracerpt.exe, tracert6.exe, tracert.exe, tscon.exe, tscupgrd.exe, tsdiscon.exe, tskill.exe, tsshutdn.exe, twunk_32.exe, typeperf.exe, unlodctr.exe, unsecapp.exe, UploadM.exe, upnpcont.exe, ups.exe, userinit.exe, usrmlnka.exe, usrprbda.exe, usrshuta.exe, utilman.exe, verifier.exe, VRT1.tmp, vssadmin.exe, vssvc.exe, w32tm.exe, wbemtest.exe, wextract.exe, wiaacmgr.exe, winhlp32.exe, winmgmt.exe, winmine.exe, winmsd.exe, winver.exe, wmiadap.exe, wmiapsrv.exe, wmic.exe, wmiprvse.exe, wmpstub.exe, wpabaln.exe, wpnpinst.exe, write.exe, wuauclt.exe, wupdmgr.exe, xcopy.exe, 5.tmp, 6.tmp, info.tmp, kbdsock.dll, mshlps.dll, |
| WinXP Processes | CMD.EXE, CSRSS.EXE, DLLHOST.EXE, EXPLORER.EXE, LSASS.EXE, MSMSGS.EXE, SERVICES.EXE, SPOOLSV.EXE, SVCHOST.EXE, VRT1.tmp, WINLOGON.EXE |
| WinXP Registries | HKEY_LOCAL_MACHINE@...Microsoft\\DownloadManager, HKEY_CLASSES_ROOT@...HKEY_CLASSES_ROOT\\MDDZ7AK0R, HKEY_LOCAL_MACHINE@...Classes\\MDDZ7AK0R, HKEY_USERS@...Software\\LBXS39E70U |
| WinXP Ports | 1031, 1038, 1034, 1041 |
| Win-2Kf Files | |
| Win-2Kf Processes | |
| Win-2Kf Registries | |
| Win-2Kf Ports | |
| Create Events | |
| Create Files | |
| Create RegKeys | |
| Open RegKeys | SOFTWARE\Microsoft\Updates\Windows 2000\SP5\KB823980,SOFTWARE\Microsoft\Updates\Windows XP\SP1\KB823980,SOFTWARE\Microsoft\Updates\Windows XP\SP2\KB823980 |
| Service Starts | RpcPatch |
| Service Deletes | RpcPatch,RpcTftpd |
| Service Creates | |
| Cluster | |
| Cluster Confidence | |
| Packer ID1 | Armadillo |
| Packer ID2 | |
| Embedded DNS | |
| String Count | 91 |
| String Link | text |
| String MD5 | 30018e66fb67056f1acf6962b1677d8e |
| Timerange | 365 Days |
| Unpack Status | unknown (unpacked : 0 : Unpacking Provided Binary. (Code,Data) = (62.31%, 17.09%)) |
| Countries | 2 |
| Unpacked Link | |
| Callgraph | |
| API Resolution | |
| Comment | none |