| Packed MD5 | 3ae357d17b1d2e0174bf477c28422c29 |
| Priority | 39 |
| First | 01/07/2008 |
| Last | 07/02/2008 |
| Count | 729 |
| History | 729 hits: 05-01 to 07-02 |
| Unpacked MD5 | 462a7be1711f5bf66f112c3788350776 |
| AV Hits | 29 |
| AV Count | 32 |
| CC Servers | 194.54.90.246:80 |
| DNS Lookups | UA:citi-bank.ru |
| Failed Connects | UA:194.54.90.246:80 |
| AV Name | AhnLab-V3:Korgo.9359.B, AntiVir:Korgo.X, Authentium:Korgo.W, Avast:_Korgo-T, AVG:Padobot.W, BitDefender:Korgo.W, CAT-QuickHeal:Korgo.X, ClamAV:Korgo.Y, DrWeb:Lsabot, eSafe:Korgo.ab, eTrust-Vet:Korgo.AB, Ewido:Dropper.Paradrop.a, FileAdvisor:MISSED, Fortinet:Korgo.X!worm, F-Prot:Korgo.W, F-Secure:MISSED, Ikarus:Korgo.K, Kaspersky:Padobot.gen, McAfee:Korgo.ab, Microsoft:Korgo.AB, NOD32v2:Korgo.Y, Norman:Malware.AGJ, Panda:Korgo.Z.worm, Prevx1:MISSED, Rising:MISSED, Sophos:Korgo-K, Sunbelt:Korgo, Symantec:Korgo.X, TheHacker:Korgo(2).gen.pack, VBA32:Padobot.gen, VirusBuster:Korgo.AB, Webwasher-Gateway:Korgo.X |
| WinXP Files | ftpupd.exe, ihwxqb.exe, frqpkrlu.exe, eksvtiv.exe, jyhotomd.exe, gsens.exe, snpige.exe, yfrhsgc.exe, gqdzbiuw.exe, ozxbc.exe, prbsnn.exe, gxtopfqh.exe, nireh.exe, nlczty.exe, vvzgsrdw.exe, wwfdjqg.exe, ckrgr.exe, scboqd.exe, eqdpuoou.exe, omvvjrlf.exe, okwdqrel.exe, ylokzza.exe, qczfml.exe, dlfuq.exe, gszuzlsf.exe, irhbe.exe, xiflmfq.exe, vfwidw.exe, kqtcukg.exe, bnkbv.exe, txdda.exe, eegemtbp.exe, raotmgf.exe, orzqgvst.exe, trxsgy.exe, iskpieqv.exe, stjhy.exe, buxctb.exe, cpbgcpz.exe, jlayk.exe, weikazx.exe, frkwm.exe, psihwqfi.exe, nudhidpq.exe, cbnmxl.exe, orezyk.exe, cugfcfk.exe, ojvneq.exe, qwushy.exe, swcvz.exe, kwmpwl.exe, pthlarg.exe, dcbmd.exe, xfdoiun.exe, ywdfp.exe, fbklea.exe, wekaxw.exe, qnxoboj.exe, ngwiy.exe, rpuord.exe, velyg.exe, hccfge.exe, neolkpu.exe, dxhlquyn.exe, klggdq.exe, wpuiy.exe, rywfjzao.exe, vwhaetkb.exe, vppukss.exe, xaklwky.exe, qdbngjj.exe, ffugzk.exe, bdzudcfn.exe, fyhzjk.exe, jorxae.exe, sllly.exe, lmoms.exe, nvkglj.exe, vsjeysx.exe, vclcg.exe, vfcfjl.exe, jeuqafll.exe, ajkjjdx.exe, kkxrbowl.exe, htzwcane.exe, tyffbry.exe, ynsev.exe, aaxpfnw.exe, yoxauqo.exe, psxrzewi.exe, rvfhgnpa.exe, ftcdtyxg.exe, rdpms.exe, sstnv.exe, fvsfklp.exe, wqziu.exe, tqtlr.exe, rdlnzui.exe, oyooqsvf.exe, fhjsac.exe, zvpkc.exe, bwuufc.exe, cyioksf.exe, ydgpiu.exe, wrfdgj.exe, rsoytex.exe, vxdiucet.exe, gvsysg.exe, tkayiw.exe, glnmx.exe, ktkatfko.exe |
| WinXP Processes | CMD.EXE, CSRSS.EXE, EXPLORER.EXE, ihwxqb.exe, LSASS.EXE, MSMSGS.EXE, SERVICES.EXE, SPOOLSV.EXE, SVCHOST.EXE, WINLOGON.EXE, frqpkrlu.exe, eksvtiv.exe, jyhotomd.exe, gsens.exe, yfrhsgc.exe, gqdzbiuw.exe, ozxbc.exe, prbsnn.exe, gxtopfqh.exe, nireh.exe, vvzgsrdw.exe, wwfdjqg.exe, ckrgr.exe, scboqd.exe, eqdpuoou.exe, omvvjrlf.exe, okwdqrel.exe, ylokzza.exe, qczfml.exe, dlfuq.exe, gszuzlsf.exe, irhbe.exe, xiflmfq.exe, vfwidw.exe, kqtcukg.exe, bnkbv.exe, txdda.exe, eegemtbp.exe, raotmgf.exe, orzqgvst.exe, trxsgy.exe, iskpieqv.exe, stjhy.exe, cpbgcpz.exe, jlayk.exe, weikazx.exe, frkwm.exe, psihwqfi.exe, nudhidpq.exe, cbnmxl.exe, cugfcfk.exe, ojvneq.exe, swcvz.exe, pthlarg.exe, dcbmd.exe, xfdoiun.exe, ywdfp.exe, fbklea.exe, wekaxw.exe, qnxoboj.exe, ngwiy.exe, rpuord.exe, velyg.exe, neolkpu.exe, dxhlquyn.exe, klggdq.exe, wpuiy.exe, rywfjzao.exe, vwhaetkb.exe, vppukss.exe, ftpupd.exe, xaklwky.exe, qdbngjj.exe, ffugzk.exe, bdzudcfn.exe, sllly.exe, lmoms.exe, vsjeysx.exe, vclcg.exe, jeuqafll.exe, ajkjjdx.exe, kkxrbowl.exe, htzwcane.exe, tyffbry.exe, ynsev.exe, aaxpfnw.exe, yoxauqo.exe, psxrzewi.exe, rvfhgnpa.exe, ftcdtyxg.exe, rdpms.exe, sstnv.exe, fvsfklp.exe, wqziu.exe, tqtlr.exe, rdlnzui.exe, oyooqsvf.exe, fhjsac.exe, zvpkc.exe, bwuufc.exe, cyioksf.exe, ydgpiu.exe, wrfdgj.exe, rsoytex.exe, vxdiucet.exe, gvsysg.exe, glnmx.exe, ktkatfko.exe |
| WinXP Registries | HKEY_LOCAL_MACHINE@...Microsoft\Wireless, HKEY_LOCAL_MACHINE@...Microsoft\\Wireless |
| WinXP Ports | 794, 3203, 6354, 1065, 3984, 445, 914, 3696, 6215, 2314, 7913, 2136, 1042, 1972, 6154, 1989, 1085, 2879, 1798, 4327, 2962, 2005, 2295, 2762, 2080, 3813, 4314, 2172, 659, 1051, 5977, 2791, 4962, 4039, 1863, 3568, 6630, 6687, 6890, 5547, 1765, 1069, 7901, 309, 2442, 4488, 7951, 6306, 7980, 7765, 1041, 2977, 1896, 2337, 4635, 5707, 6767, 2061, 1047, 4588, 1028, 1215, 4421, 1191, 5017, 3021, 6714, 785, 3539, 4310, 4898, 7626, 6406, 1957, 3434, 3882, 5034, 3150, 3373, 4550, 3238, 915, 2627, 7485, 4749, 979, 2571, 5534, 2501, 5908, 5568, 7388, 3975, 1927, 1455, 1031, 4020, 3891, 4862, 3730, 5811, 8123, 1043, 3707, 1100, 3082, 1536, 7650, 3680, 5482, 7333, 2989 |
| Win-2Kf Files | |
| Win-2Kf Processes | |
| Win-2Kf Registries | |
| Win-2Kf Ports | |
| Create Events | |
| Create Files | |
| Create RegKeys | ,Cryptographic Service,SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ID,Client |
| Open RegKeys | Cryptographic Service,SOFTWARE\Microsoft\Windows\CurrentVersion\Run,Software\Microsoft\Wireless,ID,Client |
| Service Starts | |
| Service Deletes | |
| Service Creates | |
| Cluster | |
| Cluster Confidence | |
| Packer ID1 | PolyEnE |
| Packer ID2 | |
| Embedded DNS | |
| String Count | 73 |
| String Link | text |
| String MD5 | 3a70b75f7716749943030c2edf6484c9 |
| Timerange | 365 Days |
| Unpack Status | good (unpacked : 0 : Unpacking Provided Binary. (Code,Data) = (70.32%, 18.52%)) |
| Countries | 18 |
| Unpacked Link | 462a7be171 [0] |
| Callgraph | ASM:Graph |
| API Resolution | 99% |
| Comment | none |