Packed MD5 e30fb27bda3e449353048a5053eb4585 
Priority
First 09/04/2009 
Last 01/27/2010 
Count  
History  
Unpacked MD5 90ee26f4513b2456fbbcdc0b9ef0bdd2  
AV Hits 33 
AV Count 32 
CC Servers 194.109.11.65:6556 
DNS Lookups :0x80.my-secure.name NL:0x80.my1x1.com NL:0x80.martiansong.com NL:0x80.goingformars.com NL:0x80.online-software.org :0xff.memzero.info 
Failed Connects NL:194.109.11.65:6556 
AV Name AhnLab-V3:IRCBot.20959, AntiVir:Codbot.BG, Authentium:Sdbot.LHJ, Avast:_CodBot-P, AVG:Generic.GFM, BitDefender:Codbot.AG, CAT-QuickHeal:MISSED, ClamAV:Stration.QR-1, DrWeb:IRC.Moto, eSafe:Stration, eTrust-Vet:Toxbot.AO, Ewido:Codbot.ag, FileAdvisor:MISSED, Fortinet:SpyBot.ZI!dam, F-Prot:Sdbot.LHJ, F-Secure:Codbot.bn, Ikarus:Codbot.bn, Kaspersky:Codbot.bn, McAfee:Proxy-FBSR, Microsoft:Codbot, NOD32v2:Codbot, Norman:Codbot.BG, Panda:Codbot.BC.worm, Prevx1:MISSED, Rising:Codbot.l, Sophos:MalIRCBot-B, Sunbelt:MISSED, Symantec:Toxbot, TheHacker:BackdoorCodbot.ag, VBA32:Codbot.ag, VirusBuster:Codbot.W, Webwasher-Gateway:Codbot.20959  
WinXP Files SVCHOST.EXE  
WinXP Processes CMD.EXE, CSRSS.EXE, EXPLORER.EXE, LSASS.EXE, mapi32.exe, MSMSGS.EXE, SERVICES.EXE, SPOOLSV.EXE, SVCHOST.EXE, WINLOGON.EXE  
WinXP Registries  
WinXP Ports 1040, 26092, 62244, 69, 1036, 6087, 6967, 1037, 10682, 14443  
Win-2Kf Files  
Win-2Kf Processes mapi32.exe  
Win-2Kf Registries  
Win-2Kf Ports  
Create Events  
Create Files  
Create RegKeys  
Open RegKeys  
Service Starts  
Service Deletes  
Service Creates  
Cluster  
Cluster Confidence  
Packer ID1 MEW 
Packer ID2  
Embedded DNS 0xff.memzero.info, 0x80.online-software.org, 0x80.goingformars.com, 0x80.martiansong.com, 0x80.my1x1.com  
String Count 185 
String Link text
String MD5 0c5106d6ebf30d5c6158b2074fdb6ea6 
Timerange 365 Days 
Unpack Status unknown (unpacked : 0 : Unpacking Provided Binary. (Code,Data) = (64.96%, 21.27%)) 
Countries
Unpacked Link  
Callgraph  
API Resolution  
Comment none