357486dae7755d17443462f7448efc22

Packed MD5	357486dae7755d17443462f7448efc22
Priority	5
First	12/25/2009
Last	01/18/2010
Count
History
Unpacked MD5
AV Hits	23
AV Count	32
CC Servers	88.198.228.238:65520 193.104.94.11:65520 88.198.228.238:65520 193.104.94.11:65520 122.195.190.197:65520 218.93.201.51:65520
DNS Lookups	US:microsoft.com :google.com GB:www.businesstomb.com DE:proxim.ircgalaxy.pl US:www.maxmind.com CN:av.lometr.pl CN:down1130.iwillhavesexygirls.com US:msn.com :commerceclick.co.uk US:cnn.com FR:ilo.brenz.pl US:gg.arrancar.org :monstersoftware.info CN:www.liagand.cn EU:getmyip.co.uk GB:www.vouchercodez.com US:i.nuseek.com :timeput.com :parkingbattery.com EU:pozeml.com :pozemle.cn CN:www.petdoso.com CN:1130.kfgrtjer.cn :wws.mobiec.net :piramidsoftware.info FR:proxima.ircgalaxy.pl :bfkq.com :jsactivity.com US:search.toptravellingtips.com :seekbbs.com CN:proxim.ircgalaxy.pl RU:ya.ru US:yahoo.com US:search.musicforher.com US:www.getmyip.org US:www.yahoo.com US:trafficconverter.biz CN:russia.2288.org :jccalke.net :bknmmpz.net :ukiyg.com :syhujqepb.net :youeexjw.org :pvgrfqk.com :znvepug.biz :nugzmbkb.info :zwgafupebb.org :jrxgenexevu.org :yfuwgqvtjzt.org :yhykutl.org :fdxsbf.org :audqfgrc.com :snercki.biz :obtbfiv.org :mcdumjsd.net :jukoozxcia.biz :wazsrjb.biz :ffvpksowyfx.com FR:proxim.ircgalaxy.pl EU:streq.cn :horobl.cn
Failed Connects	GB:212.117.177.140:80 US:67.15.94.80:80 CN:210.51.36.215:88 US:72.20.40.25:555 US:75.126.138.202:80 CN:202.97.184.196:81 98.126.9.218:80 204.27.57.154:8392 US:66.96.221.101:8392 US:204.152.184.139:80 US:208.43.250.167:80 EU:78.40.35.134:80 DE:88.198.228.238:65520
AV Name	AhnLab-V3:MISSED, AntiVir:TRFraudPack.aefn, Authentium:MISSED, Avast:_Malware-gen, AVG:MISSED, BitDefender:MISSED, CAT-QuickHeal:FraudPack.aefn, ClamAV:MISSED, DrWeb:Fakealert.8143, eSafe:MISSED, eTrust-Vet:MISSED, Ewido:MISSED, FileAdvisor:MISSED, Fortinet:FraudPack.AEFN!tr, F-Prot:MISSED, F-Secure:Suspicious_Malware!Gemini, Ikarus:FakeAV, Kaspersky:FraudPack.aefn, McAfee:Suspect-1B!357486DAE775, Microsoft:MISSED, NOD32v2:MISSED, Norman:MISSED, Panda:TrjZlob.KH, Prevx1:MISSED, Rising:MISSED, Sophos:MalEncPk-KH, Sunbelt:Generic!BT, Symantec:MISSED, TheHacker:MISSED, VBA32:MISSED, VirusBuster:DR.Agent.RFTA, Webwasher-Gateway:MISSED
WinXP Files	, 1.ico, 2.ico, 3.ico, 4.tmp, 6.tmp, accwiz.exe, actmovie.exe, agentsvr.exe, ahui.exe, alg.exe, arp.exe, asr_fmt.exe, asr_ldm.exe, at.exe, atmadm.exe, attrib.exe, bootcfg.exe, bootok.exe, bootvrfy.exe, cacls.exe, calc.exe, charmap.exe, chkdsk.exe, chkntfs.exe, cidaemon.exe, cipher.exe, cisvc.exe, ckcnv.exe, cleanmgr.exe, cliconfg.exe, clipbrd.exe, clipsrv.exe, cmdl32.exe, cmmon32.exe, cmstp.exe, compact.exe, comp.exe, comrepl.exe, conime.exe, control.exe, convert.exe, cscript.exe, ctfmon.exe, dcomcnfg.exe, ddeshare.exe, defrag.exe, dfrgfat.exe, dfrgntfs.exe, diantz.exe, diskpart.exe, diskperf.exe, dllhost.exe, dllhst3g.exe, dmadmin.exe, dmremote.exe, doskey.exe, dplaysvr.exe, dpnsvr.exe, dpvsetup.exe, driverquery.exe, drwtsn32.exe, dumprep.exe, dvdplay.exe, dvdupgrd.exe, dxdiag.exe, esentutl.exe, eudcedit.exe, eventcreate.exe, eventtriggers.exe, eventvwr.exe, expand.exe, extrac32.exe, fc.exe, find.exe, findstr.exe, finger.exe, fixmapi.exe, fontview.exe, forcedos.exe, freecell.exe, fsutil.exe, ftp.exe, getmac.exe, gpresult.exe, gpupdate.exe, grpconv.exe, HelpCtr.exe, help.exe, HelpHost.exe, HelpSvc.exe, hh.exe, hostname.exe, ie4uinit.exe, iexpress.exe, imapi.exe, ipconfig.exe, ipsec6.exe, ipv6.exe, ipxroute.exe, label.exe, lights.exe, lnkstub.exe, locator.exe, lodctr.exe, logagent.exe, logman.exe, logoff.exe, logon.scr, logonui.exe, lpq.exe, lpr.exe, magnify.exe, makecab.exe, migload.exe, migpwd.exe, migwiz_a.exe, migwiz.exe, mmc.exe, mnmsrvc.exe, mobsync.exe, mofcomp.exe, mountvol.exe, mplay32.exe, mpnotify.exe, mqbkup.exe, mqsvc.exe, mqtgsvc.exe, mrinfo.exe, msconfig.exe, msdtc.exe, msg.exe, mshearts.exe, mshta.exe, msiexec.exe, msoobe.exe, mspaint.exe, msswchx.exe, mstinit.exe, mstsc.exe, narrator.exe, nbtstat.exe, nddeapir.exe, net1.exe, netdde.exe, net.exe, netsetup.exe, netsh.exe, netstat.exe, NOTEPAD.EXE, notiflag.exe, nppagent.exe, nslookup.exe, ntbackup.exe, ntload.dll, ntsd.exe, ntvdm.exe, nwscript.exe, odbcad32.exe, odbcconf.exe, oobebaln.exe, openfiles.exe, osk.exe, osuninst.exe, packager.exe, pathping.exe, pentnt.exe, perfmon.exe, ping6.exe, print.exe, progman.exe, proquota.exe, proxycfg.exe, qappsrv.exe, qprocess.exe, qwinsta.exe, rasautou.exe, rasdial.exe, rasphone.exe, rcimlby.exe, rcp.exe, rdpclip.exe, rdsaddin.exe, rdshost.exe, recover.exe, relog.exe, replace.exe, reset.exe, rexec.exe, routemon.exe, rsh.exe, rsm.exe, rsmsink.exe, rsmui.exe, rsnotify.exe, rsopprov.exe, rstrui.exe, rsvp.exe, rtcshare.exe, runas.exe, rundll32.exe, runonce.exe, rwinsta.exe, savedump.exe, scardsvr.exe, schtasks.exe, SC.INS, scrcons.exe, scrnsave.scr, sdbinst.exe, secedit.exe, sessmgr.exe, sethc.exe, sfc.exe, shadow.exe, shmgrate.exe, shrpubw.exe, shutdown.exe, sigverif.exe, skeys.exe, smlogsvc.exe, sndrec32.exe, sndvol32.exe, sol.exe, sort.exe, spider.exe, srdiag.exe, ss3dfo.scr, ssbezier.scr, ssflwbox.scr, ssmarque.scr, ssmypics.scr, ssmyst.scr, sspipes.scr, ssstars.scr, sstext3d.scr, stimon.exe, subst.exe, SVCHOST.EXE, syncapp.exe, syskey.exe, sysocmgr.exe, systeminfo.exe, systray.exe, taskkill.exe, tasklist.exe, taskman.exe, taskmgr.exe, tcmsetup.exe, tcpsvcs.exe, telnet.exe, tftp.exe, tlntadmn.exe, tlntsess.exe, tlntsvr.exe, tourstart.exe, tracerpt.exe, tracert6.exe, tracert.exe, tscon.exe, tscupgrd.exe, tsdiscon.exe, tskill.exe, tsshutdn.exe, twunk_32.exe, typeperf.exe, unlodctr.exe, unsecapp.exe, UploadM.exe, upnpcont.exe, ups.exe, userinit.exe, usrmlnka.exe, usrprbda.exe, usrshuta.exe, utilman.exe, verifier.exe, VRT1.tmp, VRT2.tmp, vssadmin.exe, vssvc.exe, w32tm.exe, wbemtest.exe, wextract.exe, wiaacmgr.exe, winhlp32.exe, winmgmt.exe, winmine.exe, winmsd.exe, winver.exe, wmiadap.exe, wmiapsrv.exe, wmic.exe, wmiprvse.exe, wmpstub.exe, wpabaln.exe, wpnpinst.exe, write.exe, wuauclt.exe, wupdmgr.exe, xcopy.exe
WinXP Processes	CMD.EXE, CSRSS.EXE, DLLHOST.EXE, EXPLORER.EXE, LSASS.EXE, MSMSGS.EXE, rundll32.exe, SERVICES.EXE, SPOOLSV.EXE, SVCHOST.EXE, VRT1.tmp, WINLOGON.EXE
WinXP Registries	HKEY_CURRENT_USER@...Software\\ProtectionSystem, HKEY_LOCAL_MACHINE@...Microsoft\\DownloadManager, HKEY_USERS@...Software\\ProtectionSystem
WinXP Ports	1031, 1039
Win-2Kf Files
Win-2Kf Processes
Win-2Kf Registries
Win-2Kf Ports
Create Events
Create Files
Create RegKeys
Open RegKeys
Service Starts
Service Deletes
Service Creates
Cluster
Cluster Confidence
Packer ID1	none
Packer ID2	none
Embedded DNS
String Count
String Link	text
String MD5
Timerange	365 Days
Unpack Status	unknown ()
Countries	11
Unpacked Link
Callgraph
API Resolution
Comment	none