deffdf68e848d5e5c0e2019b16bc05e2

Packed MD5	deffdf68e848d5e5c0e2019b16bc05e2
Priority	0
First	11/14/2010
Last	11/14/2010
Count
History
Unpacked MD5	2b011e15ba06663bd6a4e3a112459125
AV Hits	34
AV Count	32
CC Servers	210.127.253.90:3305
DNS Lookups	IT:cx10man.weedns.com FR:fx010413.whyI.org EU:gynoman.weedns.com KR:g.0x20.biz :c010x1.co.cc :commgr.co.cc KR:telephone.dd.blueline.be
Failed Connects	114.207.244.143:3305 FR:62.193.249.122:3305
AV Name	AhnLab-V3:MalPackedB.suspicious, AntiVir:TRCrypt.XPACK.Gen, Authentium:Heuristic-210!Eldorado, Avast:_DCom-F, AVG:SHeur2.BBMT, BitDefender:GenPack_Generic.Mydoom.BE79FA05, CAT-QuickHeal:I-Kolabc.gza, ClamAV:VB-4601, DrWeb:HLLW.Piabot.4, eSafe:MISSED, eTrust-Vet:Rbot.JVO, Ewido:MISSED, FileAdvisor:MISSED, Fortinet:Kolabc.GZA!im, F-Prot:Heuristic-210!Eldorado, F-Secure:Kolabc.gza, Ikarus:Packer.RLPack.D, Kaspersky:Kolabc.gza, McAfee:MISSED, Microsoft:Exploit_MS08067.gen!A, NOD32v2:MISSED, Norman:Packed_RLPack.I, Panda:MISSED, Prevx1:MISSED, Rising:MISSED, Sophos:MalBehav-104, Sunbelt:MISSED, Symantec:Spybot.Worm, TheHacker:MISSED, VBA32:Kolabc.gza, VirusBuster:RBot.Gen.3, Webwasher-Gateway:MISSED
WinXP Files
WinXP Processes
WinXP Registries
WinXP Ports
Win-2Kf Files
Win-2Kf Processes	unwise_.exe
Win-2Kf Registries	HKEY_LOCAL_MACHINE@...Microsoft\MRT, HKEY_LOCAL_MACHINE@...Microsoft\SecurityCenter, HKEY_LOCAL_MACHINE@...Microsoft\WindowsNT, HKEY_LOCAL_MACHINE@...WindowsNT\WindowsFileProtection, HKEY_LOCAL_MACHINE@...Windows\WindowsUpdate, HKEY_USERS@...InternetSettings\5.0, HKEY_USERS@...InternetSettings\Connections
Win-2Kf Ports	1043, 1043, 3112, 3113, 3114, 3115, 3116, 3117, 3118, 3119, 3120, 3121, 3122, 3123, 3124, 3125, 3126, 3127, 3128, 3129, 3130, 3131, 3132, 3133, 3134, 3135, 3136, 3137, 3138, 3139, 3140, 3141, 3142, 3143, 3144, 3145, 3146, 3147, 3148, 3149, 3150, 3151, 3152, 3153, 3154, 3155, 3156, 3157, 3158, 3159, 3160, 3161, 3162, 3163, 3164, 3165, 3166, 3167, 3168, 3169, 3170, 3171, 3172, 3173, 3174, 62583, 69
Create Events
Create Files
Create RegKeys	SOFTWARE\VMware, Inc.\VMware Tools,InstallPath,ShowTray,Shell,SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon,SOFTWARE\Microsoft\Windows NT\CurrentVersion
Open RegKeys	SOFTWARE\VMware, Inc.\VMware Tools,InstallPath,ShowTray,Shell,SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon,SOFTWARE\Microsoft\Windows NT\CurrentVersion
Service Starts
Service Deletes
Service Creates
Cluster
Cluster Confidence
Packer ID1	StarForce
Packer ID2
Embedded DNS	.com, ASP.NET, O.sxv.ze9bK1GOISY.dO.Vn1, YESBRON.COM, windowsupdate.com, www.kaist.ac.kr, www.pku.edu.cn, www.bandai.co.jp, www.seiko-watch.co.jp, www.nintendo.co.jp, www.nthu.edu.tw, www.lib.nthu.edu.tw, www.umin.ac.jp, unimelb.edu.au, www.conexim.com.au, gamearena.com.au, www.nintendo.com, www.apple.com, www.easynews.com, www.above.net, www.level3.com, www.burst.net, www.cogentco.com, www.rit.edu, www.nocster.com, www.stanford.edu, www.xo.net, www.google.com, www.nintendo-europe.com, www.supergames.cz, www.epfl.ch, www.hon.ch, www.switch.ch, www.1und1.de, www.rtv.de, www.rollingstone.de, www.uni-tuebingen.de, www.univ-angers.fr, verio.fr, www.volkskrant.nl, www.news.nl, www.utwente.nl, www.schlund.net
String Count	3122
String Link	text
String MD5	b4b4a4ab677672b5452a49c682fd189a
Timerange	365 Days
Unpack Status	unknown (unpacked : 0 : Unpacking Provided Binary. (Code,Data) = (77.18%, 14.91%))
Countries	1
Unpacked Link
Callgraph
API Resolution
Comment	none