| Packed MD5 | a12cab51ef99e98305668d189d0db147 |
| Priority | 22 |
| First | 08/17/2009 |
| Last | 02/08/2010 |
| Count | |
| History | |
| Unpacked MD5 | |
| AV Hits | 29 |
| AV Count | 32 |
| CC Servers | 82.98.86.170:80 |
| DNS Lookups | DE:siliconfireware.ru US:searchportal.information.com US:spi.domainsponsor.com GB:new.egg.com :wpad DE:ebookfinaltrash.ru :www.proxy-socks.net GB:welcome3.smile.co.uk RU:www.bbin.ru RU:www.binbank.ru US:new.egg.com EU:siliconfireware.ru RU:ebookfinaltrash.ru US:spt.information.com US:splegacy.information.com |
| Failed Connects | GB:195.92.84.198:80 US:204.13.161.51:80 DE:217.11.54.126:80 US:208.73.210.125:80 DE:212.227.111.29:80 EU:78.47.200.154:80 RU:195.200.213.54:80 RU:89.108.64.156:80 US:208.73.210.123:80 US:199.67.205.200:80 |
| AV Name | AhnLab-V3:Korgo.46592, AntiVir:Padobot.Z.2, Authentium:MISSED, Avast:_Padobot-I, AVG:Padobot.AR, BitDefender:Padobot.Z, CAT-QuickHeal:I-Padobot.z, ClamAV:Korgo.Z, DrWeb:HangUp.26, eSafe:Padobot.z, eTrust-Vet:Berkor.A, Ewido:Padobot.z, FileAdvisor:MISSED, Fortinet:Padobot.Z!worm, F-Prot:Berbew.M, F-Secure:MISSED, Ikarus:Padobot.Z, Kaspersky:Padobot.z, McAfee:MISSED, Microsoft:Berbew.BE!dam, NOD32v2:Padodor.NAU, Norman:Padobot.Q, Panda:Korgo.BF.worm, Prevx1:MISSED, Rising:MISSED, Sophos:Doxpar-C, Sunbelt:Padobot.gen, Symantec:Berbew.N, TheHacker:Padobot.z, VBA32:Padobot.z, VirusBuster:Padobot.B, Webwasher-Gateway:Padobot.Z.2 |
| WinXP Files | alpcehji.htm, anyuser@new.egg2.txt, DCPROMO.LOG, gnns32.dll, Hgcbaf32.dll, index.dat, loiolc32.dll, ndisrd.sys, system@searchportal.information2.txt, imfkejjb.htm, kvak32.dll, Ngmang32.dll, system@searchportal.information1.txt, Hgdnjd32.dll, mcqoh32.dll, miqghghm.htm, qfdr32.dll, anyuser@www.binbank1.txt, Ffekgaff.dll, ibiamjfn.htm, qkakpb32.dll, Eapceg32.dll, pnffpggm.htm, tkpsoy32.dll, isppqg32.dll, Jpcbch32.dll, luiqwd32.dll, pimdpagb.htm, jmkcgogp.htm, Khcojcan.dll, oyngdb32.dll, sjajh32.dll, aefegnjf.htm, Odkdaq32.dll, qskvk32.dll, tdxx32.dll, Encimafm.dll, hbdahgjb.htm, njohz32.dll, Elnekn32.dll, hmapaael.htm, knvj32.dll, Ehileh32.dll, ihanoali.htm, itdj32.dll, nzsiq32.dll, darvv32.dll, fcjoj32.dll, Nfbhkb32.dll, odjnqald.htm, Blckdf32.dll, ciqgmaqk.htm, rshq32.dll, dniix32.dll, hmclkblb.htm, Obnhmbad.dll, pynk32.dll, Gdfdfmjf.dll, nogkiama.htm, qowwpk32.dll, aixyh32.dll, Bpkcii32.dll, delopmlk.htm, fmjcnjgn.htm, kpjtm32.dll, Oeklji32.dll, bpiv32.dll, Focafjgi.dll, ncqhv32.dll, oppikqbf.htm, Dgbafnii.dll, ivpf32.dll, oqhgljkd.htm, epbhbjbo.htm, Hdonqcea.dll, ukfex32.dll, zhvy32.dll, fcjpjkcg.htm, jzxwsa32.dll, Ojnafmcn.dll, yvpc32.dll, Gaigkccf.dll, hfompiah.htm, rsiujc32.dll, Dplnef32.dll, mxom32.dll, pitpt32.dll, plqkminb.htm, mjcrxr32.dll, Ncfopn32.dll, qbchgmbf.htm, joafpmhg.htm, Qiglgonm.dll, vbhuv32.dll, Cemnihbk.dll, eeezsq32.dll, iprkp32.dll, kdkhjdhh.htm, bonadeij.htm, Ogenfede.dll, oopkgk32.dll, system@splegacy.information1.txt, Lemjklpl.dll, lmjq32.dll, ofkfjcbf.htm, wxrl32.dll, deadnnbh.htm, Lipfna32.dll, mgtyav32.dll, pjgbe32.dll, bfsph32.dll, fixr32.dll, Llnfhdhc.dll, qofoaipe.htm, dssray32.dll, Fhmfcn32.dll, piqmmekj.htm, shno32.dll, aphf32.dll, djzg32.dll, finjlcde.htm, Gejipj32.dll, Dcdaap32.dll, iiyftt32.dll, kfdjbobc.htm, pxyl32.dll, dkpjpdbg.htm, Eeighohe.dll, efqmo32.dll, emkjinlj.htm, Geghljbn.dll, jcwe32.dll, nnjhew32.dll, bsha32.dll, iommnbmn.htm, Mhdpcn32.dll, Adbmdpng.dll, japk32.dll, pgllgcek.htm, vnpoj32.dll, Kddlkk32.dll, ngnjgcql.htm, zbvj32.dll, kaqz32.dll, olpccmhf.htm, Qnlica32.dll, lzwg32.dll, mkcpncfp.htm, Nlbkbhaj.dll, xkbjno32.dll, cooikqfg.htm, jdam32.dll, Lbkmnebi.dll, akfcgilb.htm, Bppbnd32.dll, cfvvv32.dll, eqiwe32.dll, icoaojjm.htm, Opcedlah.dll, qcqbzd32.dll, emcdijnf.htm, kovm32.dll, Ldfpmb32.dll, Hcjmhj32.dll, kmpqafmm.htm, pwou32.dll, system@spt.information2.txt, apfbnoml.htm, Kmbcpgio.dll, sovcps32.dll, Ddllfhie.dll, ecfeth32.dll, jivdod32.dll, occfdipo.htm, aohaea32.dll, Ffbfejop.dll, oebpdjko.htm, pduy32.dll, Codpki32.dll, hfkjohne.htm, rmdaw32.dll, vyqd32.dll, bdhcmhkl.htm, janun32.dll, jriw32.dll, Leceoc32.dll, Gbehgh32.dll, nagjqefc.htm, qzcp32.dll, xnuus32.dll, Hdafgfgp.dll, kbqn32.dll, njhjbpjp.htm, Bcebgf32.dll, imggecgc.htm, pgqk32.dll, vvblfe32.dll, ckikhphe.htm, Ljgfmi32.dll, sbohpl32.dll, labhqlmm.htm, mkiwi32.dll, Pliniadc.dll, yepbdg32.dll, hxmick32.dll, Lhgffdch.dll, lmphehjf.htm, Aamkii32.dll, kshq32.dll, wfpv32.dll, hmkkaejj.htm, Lgmike32.dll, zukzqk32.dll, cmiqimhp.htm, Dijaah32.dll, svoc32.dll, bmllz32.dll, fxqo32.dll, gjbeomnk.htm, Ojjpfj32.dll, ebmb32.dll, emgkdafh.htm, Kmlddnnm.dll, nkhlbv32.dll, fdnlt32.dll, heqfiopa.htm, ipao32.dll, Plpppk32.dll, emwc32.dll, hafodnnl.htm, Hepejl32.dll, Kgdplaaj.dll, lygut32.dll, mkkfbiol.htm, ffkajokp.htm, frvh32.dll, Khndmj32.dll, uoies32.dll |
| WinXP Processes | CMD.EXE, CSRSS.EXE, EXPLORER.EXE, LSASS.EXE, MSMSGS.EXE, SERVICES.EXE, SPOOLSV.EXE, SVCHOST.EXE, WINLOGON.EXE, Iexplore.exe, iexplore.exe, LOGONUI.EXE |
| WinXP Registries | HKEY_CURRENT_USER@...ActivatingDocument\.Current, HKEY_CURRENT_USER@...CurrentVersion\InternetSettings, HKEY_CURRENT_USER@...FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN, HKEY_CURRENT_USER@...InternetSettings\Zones, HKEY_CURRENT_USER@...Main\FeatureControl, HKEY_CURRENT_USER@...Microsoft\Windows, HKEY_CURRENT_USER@...Windows\CurrentVersion, HKEY_CURRENT_USER@...Zones\0, HKEY_CURRENT_USER@...Zones\1, HKEY_CURRENT_USER@...Zones\2, HKEY_CURRENT_USER@...Zones\3, HKEY_CURRENT_USER@...Zones\4, HKEY_LOCAL_MACHINE@...CurrentVersion\InternetSettings, HKEY_LOCAL_MACHINE@...InternetSettings\Zones, HKEY_LOCAL_MACHINE@...Reliability\UserDefined, HKEY_LOCAL_MACHINE@...Windows\CurrentVersion, HKEY_LOCAL_MACHINE@...Zones\0, HKEY_LOCAL_MACHINE@...Zones\1, HKEY_LOCAL_MACHINE@...Zones\2, HKEY_LOCAL_MACHINE@...Zones\3, HKEY_LOCAL_MACHINE@...Zones\4, HKEY_USERS@...ActivatingDocument\.Current, HKEY_USERS@...CurrentVersion\InternetSettings, HKEY_USERS@...Explorer\ActivatingDocument, HKEY_USERS@...Explorer\CabinetState, HKEY_USERS@...Explorer\RunMRU, HKEY_USERS@...FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN, HKEY_USERS@...InternetExplorer\Toolbar, HKEY_USERS@...InternetExplorer\TypedURLs, HKEY_USERS@...InternetSettings\Zones, HKEY_USERS@...Main\FeatureControl, HKEY_USERS@...Microsoft\Windows, HKEY_USERS@...Windows\CurrentVersion, HKEY_USERS@...Zones\0, HKEY_USERS@...Zones\1, HKEY_USERS@...Zones\2, HKEY_USERS@...Zones\3, HKEY_USERS@...Zones\4, HKEY_CURRENT_USER@...ActivatingDocument\\.Current, HKEY_CURRENT_USER@...CurrentVersion\\InternetSettings, HKEY_CURRENT_USER@...FeatureControl\\FEATURE_LOCALMACHINE_LOCKDOWN, HKEY_CURRENT_USER@...InternetSettings\\Zones, HKEY_CURRENT_USER@...Main\\FeatureControl, HKEY_CURRENT_USER@...Microsoft\\Windows, HKEY_CURRENT_USER@...Windows\\CurrentVersion, HKEY_CURRENT_USER@...Zones\\0, HKEY_CURRENT_USER@...Zones\\1, HKEY_CURRENT_USER@...Zones\\2, HKEY_CURRENT_USER@...Zones\\3, HKEY_CURRENT_USER@...Zones\\4, HKEY_LOCAL_MACHINE@...CurrentVersion\\InternetSettings, HKEY_LOCAL_MACHINE@...InternetSettings\\Zones, HKEY_LOCAL_MACHINE@...Reliability\\UserDefined, HKEY_LOCAL_MACHINE@...Windows\\CurrentVersion, HKEY_LOCAL_MACHINE@...Zones\\0, HKEY_LOCAL_MACHINE@...Zones\\1, HKEY_LOCAL_MACHINE@...Zones\\2, HKEY_LOCAL_MACHINE@...Zones\\3, HKEY_LOCAL_MACHINE@...Zones\\4, HKEY_USERS@...ActivatingDocument\\.Current, HKEY_USERS@...CurrentVersion\\InternetSettings, HKEY_USERS@...Explorer\\ActivatingDocument, HKEY_USERS@...Explorer\\CabinetState, HKEY_USERS@...Explorer\\RunMRU, HKEY_USERS@...FeatureControl\\FEATURE_LOCALMACHINE_LOCKDOWN, HKEY_USERS@...InternetExplorer\\Toolbar, HKEY_USERS@...InternetExplorer\\TypedURLs, HKEY_USERS@...InternetSettings\\Zones, HKEY_USERS@...Main\\FeatureControl, HKEY_USERS@...Microsoft\\Windows, HKEY_USERS@...Windows\\CurrentVersion, HKEY_USERS@...Zones\\0, HKEY_USERS@...Zones\\1, HKEY_USERS@...Zones\\2, HKEY_USERS@...Zones\\3, HKEY_USERS@...Zones\\4, HKEY_USERS@...International\\CpMRU, HKEY_USERS@...InternetExplorer\\International, HKEY_CURRENT_USER@...International\\CpMRU |
| WinXP Ports | 80, 1051, 1067, 1032, 1062, 1091, 1048, 4967, 1036, 2733, 1078, 1077, 1028, 1046, 1088, 4999, 1030, 1090, 1047, 4358, 1035, 1646, 1033, 1057, 4259, 1640, 1037, 1049, 1034, 2493, 1298, 1029, 3183, 1039, 1042, 1038, 1543, 1128, 1043, 1058, 1045, 3971, 1087, 2901, 3370, 2398, 4231, 1828, 1060, 1139, 4943, 2416, 1113, 1116, 1119, 1094, 3082, 1092, 2896 |
| Win-2Kf Files | |
| Win-2Kf Processes | |
| Win-2Kf Registries | |
| Win-2Kf Ports | |
| Create Events | |
| Create Files | |
| Create RegKeys | |
| Open RegKeys | |
| Service Starts | |
| Service Deletes | |
| Service Creates | |
| Cluster | |
| Cluster Confidence | |
| Packer ID1 | ASPack |
| Packer ID2 | |
| Embedded DNS | command.com, chevychasebank.com, gronxplanets.ru, www.mdmbank.ru, fethard.biz, royalbank.com, securitylab.ru, tat-neftbank.ru, seclab.ru, openbank.com, gutabank.ru, www.b2b-trust.com, grepware-facility.ru, www.uralsib.ru, 53bank.com, totallyfreebanking.com, barclays.com, kidos-bank.ru, yambo.biz, prorat.net, www.ovk.ru, www.rbc.com, www.allahabadbank.com, online-business.lloydstsb.co.uk, myonlineaccounts2.abbeynational.co.uk, www.absolutbank.ru, www.nomos.ru, www.netmagister.com, www.kmb.ru, www.spyinstructors.com, acrolein-hawk.rubanking.halifax-online.co.uk, www.icbank.ru, www.bankofindia.com, pizdabol-inc.ru, www.sbrf.ru, digital-relaxkgb.ru, asmworm.com, www.uniastrum.ru, www.mmbank.ru, alfabank.ru, hyper-space-fuel.ru, www.cwbank.com, www.vtb.ru, www.cibc.com, www.bankofmadura.com, www.bmo.com, www.masterbank.ru, ebookfinaltrash.ru, master-x.com, www.bbin.ru, olb2.nationet.com, welcome3.smile.co.uk, www.baltbank.ru, new.egg.com, prodexteam.netcrutop.nu, www.proxy-socks.net, www.cbr.ru, prodexteam.net, atmacasoft.com, siliconfireware.ru |
| String Count | 281 |
| String Link | text |
| String MD5 | bcce4122120c34e6976c99de21cfa230 |
| Timerange | 365 Days |
| Unpack Status | unknown (unpacked : 0 : Unpacking Provided Binary. (Code,Data) = (68.44%, 20.00%)) |
| Countries | 9 |
| Unpacked Link | |
| Callgraph | |
| API Resolution | |
| Comment | none |