| Packed MD5 | deffdf68e848d5e5c0e2019b16bc05e2 |
| Priority | 3 |
| First | 09/14/2009 |
| Last | 02/02/2010 |
| Count | |
| History | |
| Unpacked MD5 | 2b011e15ba06663bd6a4e3a112459125 |
| AV Hits | 34 |
| AV Count | 32 |
| CC Servers | 92.240.234.164:3305 212.54.2.171:3305 |
| DNS Lookups | JP:cx10man.weedns.com AR:cx10man.weedns.com FI:fx010413.whyI.org US:cx10man.weedns.com US:fx010413.whyI.org US:gynoman.weedns.com AR:g.0x20.biz TH:c010x1.co.cc RU:commgr.co.cc FI:telephone.dd.blueline.be FI:cx10man.weedns.com TH:cx10man.weedns.com JP:fx010413.whyI.org AR:gynoman.weedns.com RU:g.0x20.biz AR:commgr.co.cc |
| Failed Connects | 92.240.234.164:3305 RU:89.208.33.88:3305 |
| AV Name | AhnLab-V3:MalPackedB.suspicious, AntiVir:TRCrypt.XPACK.Gen, Authentium:Heuristic-210!Eldorado, Avast:_DCom-F, AVG:SHeur2.BBMT, BitDefender:GenPack_Generic.Mydoom.BE79FA05, CAT-QuickHeal:I-Kolabc.gza, ClamAV:VB-4601, DrWeb:HLLW.Piabot.4, eSafe:MISSED, eTrust-Vet:Rbot.JVO, Ewido:MISSED, FileAdvisor:MISSED, Fortinet:Kolabc.GZA!im, F-Prot:Heuristic-210!Eldorado, F-Secure:Kolabc.gza, Ikarus:Packer.RLPack.D, Kaspersky:Kolabc.gza, McAfee:MISSED, Microsoft:Exploit_MS08067.gen!A, NOD32v2:MISSED, Norman:Packed_RLPack.I, Panda:MISSED, Prevx1:MISSED, Rising:MISSED, Sophos:MalBehav-104, Sunbelt:MISSED, Symantec:Spybot.Worm, TheHacker:MISSED, VBA32:Kolabc.gza, VirusBuster:RBot.Gen.3, Webwasher-Gateway:MISSED |
| WinXP Files | SVCHOST.EXE |
| WinXP Processes | CMD.EXE, CSRSS.EXE, EXPLORER.EXE, LSASS.EXE, MSMSGS.EXE, SERVICES.EXE, SPOOLSV.EXE, SVCHOST.EXE, WINLOGON.EXE, wmiprvse.exe |
| WinXP Registries | HKEY_LOCAL_MACHINE@...Microsoft\\MRT, HKEY_LOCAL_MACHINE@...Microsoft\\SecurityCenter, HKEY_LOCAL_MACHINE@...WindowsNT\\WindowsFileProtection, HKEY_LOCAL_MACHINE@...Windows\\WindowsUpdate |
| WinXP Ports | 1034, 135, 2051, 2052, 2053, 2054, 2055, 2056, 2057, 2058, 2059, 2060, 2061, 2062, 2063, 2064, 2065, 2066, 2067, 2068, 2069, 2070, 2071, 2072, 2073, 2074, 2075, 2076, 2077, 2078, 2079, 2080, 2081, 2082, 2083, 2084, 2085, 2086, 2087, 2088, 2089, 2090, 2091, 2092, 2093, 2094, 2095, 2096, 2097, 2098, 2099, 2100, 2101, 2102, 2103, 2104, 2105, 2106, 2107, 2108, 2109, 2110, 2111, 2112, 2113, 2114, 2115, 2116, 2117, 2118, 2119, 2120, 42286 |
| Win-2Kf Files | |
| Win-2Kf Processes | unwise_.exe |
| Win-2Kf Registries | HKEY_LOCAL_MACHINE@...Microsoft\MRT, HKEY_LOCAL_MACHINE@...Microsoft\SecurityCenter, HKEY_LOCAL_MACHINE@...Microsoft\WindowsNT, HKEY_LOCAL_MACHINE@...WindowsNT\WindowsFileProtection, HKEY_LOCAL_MACHINE@...Windows\WindowsUpdate, HKEY_USERS@...InternetSettings\5.0, HKEY_USERS@...InternetSettings\Connections, HKEY_LOCAL_MACHINE@...Microsoft\\MRT, HKEY_LOCAL_MACHINE@...Microsoft\\SecurityCenter, HKEY_LOCAL_MACHINE@...Microsoft\\WindowsNT, HKEY_LOCAL_MACHINE@...WindowsNT\\WindowsFileProtection, HKEY_LOCAL_MACHINE@...Windows\\WindowsUpdate, HKEY_USERS@...InternetSettings\\5.0, HKEY_USERS@...InternetSettings\\Connections |
| Win-2Kf Ports | 1031, 1031, 135, 19733, 2438, 2439, 2440, 2441, 2442, 2443, 2444, 2445, 2446, 2447, 2448, 2449, 2450, 2451, 2452, 2453, 2454, 2455, 2456, 2457, 2458, 2459, 2460, 2461, 2462, 2463, 2464, 2465, 2466, 2467, 2468, 2469, 2470, 2471, 2472, 2473, 2474, 2475, 2476, 2477, 2478, 2479, 2480, 2481, 2482, 2483, 2484, 2485, 2486, 2487, 2488, 2489, 2490, 2491, 2492, 2493, 2494, 2495, 2496, 69, 2952, 2953, 2954, 2955, 2956, 2957, 2958, 2959, 2960, 2961, 2962, 2963, 2964, 2965, 2966, 2967, 2968, 2969, 2970, 2971, 2972, 2973, 2974, 2975, 2976, 2977, 2978, 2979, 2980, 2981, 2982, 2983, 2984, 2985, 2986, 2987, 2988, 2989, 2990, 2991, 2992, 2993, 2994, 2995, 2996, 2997, 2998, 2999, 3000, 3001, 3002, 3003, 3004, 3005, 3006, 3007, 3008, 3009, 3010, 3011, 3012, 45045, 1033, 2497, 2498, 2499, 2500, 2501, 2502, 2503, 2504, 2505, 2506, 2507, 2508, 2509, 2510, 2511, 2512, 2513, 2514, 2515, 2516, 2517, 2518, 2519, 2520, 2521, 2522, 2523, 2524, 2525, 2526, 2527, 2528, 2529, 2530, 2531, 2532, 2533, 2534, 2535, 50015, 19170, 39650, 1043, 1918, 1919, 1920, 1921, 1922, 1923, 1924, 1925, 1926, 1927, 1928, 1929, 1930, 1931, 1932, 1933, 1934, 1935, 1936, 1937, 1938, 1939, 1940, 1941, 1942, 1943, 1944, 1945, 1946, 1947, 1948, 1949, 1950, 1951, 1952, 1953, 1954, 1955, 1956, 1957, 1958, 1959, 1960, 1961, 1962, 1963, 1964, 1965, 1966, 1967, 1968, 1969, 1970, 1971, 1972, 1974, 1975, 1976, 1977, 24488, 2555, 2556, 2557, 2558, 2559, 2560, 2561, 2562, 2563, 2564, 2565, 2566, 2567, 2568, 2569, 2570, 2571, 2572, 2573, 2574, 2575, 2576, 2577, 2578, 2579, 2580, 2581, 2582, 2583, 2584, 2585, 2586, 2587, 2588, 2589, 2590, 2591, 2592, 2593, 2594, 2595, 2596, 2597, 2598, 2599, 2600, 2601, 2602, 2603, 2604, 2605, 2606, 2607, 2608, 2609, 2610, 36184, 35167, 3631, 3635, 3636, 3637, 3638, 3639, 3640, 3641, 3642, 3643, 3644, 3645, 3646, 3647, 3648, 3649, 3650, 3651, 3652, 3653, 3654, 3655, 3656, 3657, 3658, 3659, 3660, 3661, 3662, 3663, 3664, 3665, 3666, 3667, 3668, 3669, 3670, 3671, 3672, 3673, 3674, 3675, 3676, 3677, 3678, 3679, 3680, 3681, 3682, 3683, 3684, 3685, 3686, 3687, 3688, 3689, 3690, 3691, 3692, 3693, 3694, 3695, 3696, 3697, 3698 |
| Create Events | |
| Create Files | |
| Create RegKeys | |
| Open RegKeys | |
| Service Starts | |
| Service Deletes | |
| Service Creates | |
| Cluster | |
| Cluster Confidence | |
| Packer ID1 | StarForce |
| Packer ID2 | |
| Embedded DNS | |
| String Count | |
| String Link | text |
| String MD5 | |
| Timerange | 365 Days |
| Unpack Status | unknown ( : 0 : Unpacking Provided Binary. (Code,Data) = (, )) |
| Countries | 4 |
| Unpacked Link | |
| Callgraph | |
| API Resolution | |
| Comment | none |