Packed MD5 168aab35a3c1e948ab4f93c12bc73494 
Priority
First 01/09/2012 
Last 02/07/2012 
Count  
History  
Unpacked MD5 60b730b97e079dd2529609c5659ccfd4  
AV Hits 31 31 23 17 
AV Count 32 
CC Servers 83.133.119.197:65520 94.63.149.150:65520 91.226.212.159:65520 
DNS Lookups :proxima.ircgalaxy.pl US:microsoft.com EU:ghyt54.com EU:poilka09.com :touchmytralala9856.com :rewfkg0ret876.com EU:proxima.ircgalaxy.pl DE:proxima.ircgalaxy.pl EU:vbnjhg.com EU:ivestgrpp.ru 
Failed Connects 184.173.252.243:443 184.173.252.246:443 EU:188.247.135.69:80 CN:222.88.205.195:443 EU:188.247.135.95:80 DE:83.133.119.197:65520 
AV Name AhnLab-V3:MISSED, AntiVir:MISSED, Authentium:MISSED, Avast:MISSED, AVG:MISSED, BitDefender:Gen_Heur.FKP.1, CAT-QuickHeal:MISSED, ClamAV:MISSED, DrWeb:MISSED, eSafe:MISSED, eTrust-Vet:MISSED, Ewido:MISSED, FileAdvisor:MISSED, Fortinet:MISSED, F-Prot:MISSED, F-Secure:Gen_Heur.FKP.1, Ikarus:Trojan-Downloader.Cutwail, Kaspersky:HEUR_Generic, McAfee:MISSED, Microsoft:TrojanDownloader_Cutwail.BF, NOD32v2:MISSED, Norman:MISSED, Panda:TrjCI.A, Prevx1:MISSED, Rising:MISSED, Sophos:MalEncPk-AAY, Sunbelt:MISSED, Symantec:Zbot, TheHacker:Posible_Worm32, VBA32:MISSED, VirusBuster:MISSED, Webwasher-Gateway:MISSED  
WinXP Files accwiz.exe, actmovie.exe, agentsvr.exe, ahui.exe, alg.exe, arp.exe, asr_fmt.exe, asr_ldm.exe, at.exe, atmadm.exe, attrib.exe, bootcfg.exe, bootok.exe, bootvrfy.exe, cacls.exe, calc.exe, charmap.exe, chkdsk.exe, chkntfs.exe, cidaemon.exe, cipher.exe, cisvc.exe, ckcnv.exe, cleanmgr.exe, cliconfg.exe, clipbrd.exe, clipsrv.exe, cmdl32.exe, cmmon32.exe, cmstp.exe, compact.exe, comp.exe, comrepl.exe, conime.exe, control.exe, convert.exe, cscript.exe, ctfmon.exe, dcomcnfg.exe, ddeshare.exe, defrag.exe, dfrgfat.exe, dfrgntfs.exe, diantz.exe, diskpart.exe, diskperf.exe, dllhost.exe, dllhst3g.exe, dmadmin.exe, dmremote.exe, doskey.exe, dplaysvr.exe, dpnsvr.exe, dpvsetup.exe, driverquery.exe, drwtsn32.exe, dumprep.exe, dvdplay.exe, dvdupgrd.exe, dxdiag.exe, esentutl.exe, eudcedit.exe, eventcreate.exe, eventtriggers.exe, eventvwr.exe, expand.exe, extrac32.exe, fc.exe, find.exe, findstr.exe, finger.exe, fixmapi.exe, fontview.exe, forcedos.exe, freecell.exe, fsutil.exe, ftp.exe, getmac.exe, gpresult.exe, gpupdate.exe, grpconv.exe, HelpCtr.exe, help.exe, HelpHost.exe, HelpSvc.exe, hh.exe, hostname.exe, ie4uinit.exe, iexpress.exe, imapi.exe, ipconfig.exe, ipsec6.exe, ipv6.exe, ipxroute.exe, label.exe, lights.exe, lnkstub.exe, locator.exe, lodctr.exe, logagent.exe, logman.exe, logoff.exe, logon.scr, logonui.exe, lpq.exe, lpr.exe, magnify.exe, makecab.exe, migload.exe, migpwd.exe, migwiz_a.exe, migwiz.exe, mmc.exe, mnmsrvc.exe, mobsync.exe, mofcomp.exe, mountvol.exe, mplay32.exe, mpnotify.exe, mqbkup.exe, mqsvc.exe, mqtgsvc.exe, mrinfo.exe, msconfig.exe, msdtc.exe, msg.exe, mshearts.exe, mshta.exe, msiexec.exe, msoobe.exe, mspaint.exe, msswchx.exe, mstinit.exe, mstsc.exe, narrator.exe, nbtstat.exe, nddeapir.exe, net1.exe, netdde.exe, net.exe, netsetup.exe, netsh.exe, netstat.exe, NOTEPAD.EXE, notiflag.exe, nppagent.exe, nslookup.exe, ntbackup.exe, ntsd.exe, ntvdm.exe, nwscript.exe, odbcad32.exe, odbcconf.exe, oobebaln.exe, openfiles.exe, osk.exe, osuninst.exe, packager.exe, pathping.exe, pentnt.exe, perfmon.exe, ping6.exe, ping.exe, print.exe, progman.exe, proquota.exe, proxycfg.exe, qappsrv.exe, qdmincva.exe, qprocess.exe, qwinsta.exe, rasautou.exe, rasdial.exe, rasphone.exe, rcimlby.exe, rcp.exe, rdpclip.exe, rdsaddin.exe, rdshost.exe, recover.exe, relog.exe, replace.exe, reset.exe, rexec.exe, route.exe, routemon.exe, rsh.exe, rsm.exe, rsmsink.exe, rsmui.exe, rsnotify.exe, rsopprov.exe, rstrui.exe, rsvp.exe, rtcshare.exe, runas.exe, rundll32.exe, runonce.exe, rwinsta.exe, savedump.exe, scardsvr.exe, sc.exe, schtasks.exe, scrcons.exe, scrnsave.scr, sdbinst.exe, secedit.exe, sessmgr.exe, sethc.exe, setup.exe, sfc.exe, shadow.exe, shmgrate.exe, shrpubw.exe, shutdown.exe, sigverif.exe, skeys.exe, smlogsvc.exe, sndrec32.exe, sndvol32.exe, sol.exe, sort.exe, spider.exe, srdiag.exe, ss3dfo.scr, ssbezier.scr, ssflwbox.scr, ssmarque.scr, ssmypics.scr, ssmyst.scr, sspipes.scr, ssstars.scr, sstext3d.scr, stimon.exe, subst.exe, SVCHOST.EXE, syncapp.exe, syskey.exe, sysocmgr.exe, systeminfo.exe, systray.exe, taskkill.exe, tasklist.exe, taskman.exe, taskmgr.exe, tcmsetup.exe, tcpsvcs.exe, telnet.exe, tftp.exe, tlntadmn.exe, tlntsess.exe, tlntsvr.exe, tourstart.exe, tracerpt.exe, tracert6.exe, tracert.exe, tscon.exe, tscupgrd.exe, tsdiscon.exe, tskill.exe, tsshutdn.exe, twunk_32.exe, typeperf.exe, unlodctr.exe, unsecapp.exe, UploadM.exe, upnpcont.exe, ups.exe, userinit.exe, usrmlnka.exe, usrprbda.exe, usrshuta.exe, utilman.exe, verifier.exe, VRT2.tmp, vssadmin.exe, vssvc.exe, w32tm.exe, wbemtest.exe, wextract.exe, wiaacmgr.exe, winhlp32.exe, winmgmt.exe, winmine.exe, winmsd.exe, winver.exe, wmiadap.exe, wmiapsrv.exe, wmic.exe, wmiprvse.exe, wmpstub.exe, wpabaln.exe, wpnpinst.exe, write.exe, wscript.exe, wupdmgr.exe, xcopy.exe, wuauclt.exe  
WinXP Processes CMD.EXE, CSRSS.EXE, DLLHOST.EXE, EXPLORER.EXE, LSASS.EXE, MSMSGS.EXE, SERVICES.EXE, SPOOLSV.EXE, SVCHOST.EXE, WINLOGON.EXE, wuauclt.exe  
WinXP Registries HKEY_LOCAL_MACHINE@...Explorer\Run, HKEY_LOCAL_MACHINE@...policies\Explorer  
WinXP Ports 1031, 1035, 1035, 1034  
Win-2Kf Files  
Win-2Kf Processes  
Win-2Kf Registries  
Win-2Kf Ports  
Create Events  
Create Files  
Create RegKeys  
Open RegKeys SOFTWARE\Microsoft\Updates\Windows 2000\SP5\KB823980,SOFTWARE\Microsoft\Updates\Windows XP\SP1\KB823980,SOFTWARE\Microsoft\Updates\Windows XP\SP2\KB823980 
Service Starts RpcPatch 
Service Deletes RpcPatch,RpcTftpd 
Service Creates  
Cluster  
Cluster Confidence  
Packer ID1 none 
Packer ID2 none 
Embedded DNS  
String Count 91 
String Link text
String MD5 30018e66fb67056f1acf6962b1677d8e 
Timerange 365 Days 
Unpack Status unknown (unpacked : 0 : Unpacking Provided Binary. (Code,Data) = (62.31%, 17.09%)) 
Countries
Unpacked Link  
Callgraph  
API Resolution  
Comment none