Packed MD5 3f5ec58a6b3aabb258fc60aa0bcc5812 
Priority 10 
First 04/24/2008 
Last 07/03/2008 
Count 32 
History 32 hits: 04-24 to 07-03 
Unpacked MD5 4a77430a5939c3342092f126787ba551  
AV Hits 30 
AV Count 32 
CC Servers 85.114.137.60:80 194.54.90.246:80 
DNS Lookups DE:proxim.ircgalaxy.pl UA:citi-bank.ru PL:proxim.ircgalaxy.pl HK:proxim.ircgalaxy.pl 
Failed Connects DE:85.114.137.60:80 UA:194.54.90.246:80 HK:210.245.211.11:80 
AV Name AhnLab-V3:MISSED, AntiVir:Virut.X, Authentium:Korgo.V, Avast:_Padobot-Q, AVG:Korgo.A, BitDefender:Padobot.BV.Dam, CAT-QuickHeal:Virut.F, ClamAV:Padobot.M, DrWeb:Virut.5, eSafe:Virut.gen, eTrust-Vet:Virut.10683, Ewido:Padobot.m, FileAdvisor:MISSED, Fortinet:MetaCrypt.1, F-Prot:Korgo.V, F-Secure:Horst.gen33, Ikarus:Korgo.S, Kaspersky:Padobot.m, McAfee:Virut.gen, Microsoft:Virut.L, NOD32v2:Virut.Q, Norman:Horst.gen33, Panda:Virutas.gen, Prevx1:MISSED, Rising:Virut.GEN, Sophos:Vetor-A, Sunbelt:MISSED, Symantec:Virut.U, TheHacker:Virut.gen2, VBA32:Virut.q, VirusBuster:Virut.Gen.5, Webwasher-Gateway:Virut.X  
WinXP Files , accwiz.exe, actmovie.exe, agentsvr.exe, ahui.exe, alg.exe, arp.exe, asr_fmt.exe, asr_ldm.exe, at.exe, atmadm.exe, attrib.exe, bootcfg.exe, bootok.exe, bootvrfy.exe, cacls.exe, calc.exe, charmap.exe, chkdsk.exe, chkntfs.exe, cidaemon.exe, cipher.exe, cisvc.exe, ckcnv.exe, cleanmgr.exe, cliconfg.exe, clipbrd.exe, clipsrv.exe, cmd.exe, cmdl32.exe, cmmon32.exe, cmstp.exe, compact.exe, comp.exe, comrepl.exe, conime.exe, control.exe, convert.exe, cscript.exe, ctfmon.exe, dcomcnfg.exe, ddeshare.exe, defrag.exe, dfrgfat.exe, dfrgntfs.exe, diantz.exe, diskpart.exe, diskperf.exe, dllhost.exe, dllhst3g.exe, dmadmin.exe, dmremote.exe, doskey.exe, dplaysvr.exe, dpnsvr.exe, dpvsetup.exe, driverquery.exe, drwtsn32.exe, dumprep.exe, dvdplay.exe, dvdupgrd.exe, dxdiag.exe, esentutl.exe, eudcedit.exe, eventcreate.exe, eventtriggers.exe, eventvwr.exe, expand.exe, extrac32.exe, fc.exe, find.exe, findstr.exe, finger.exe, fixmapi.exe, fontview.exe, forcedos.exe, freecell.exe, fsutil.exe, ftp.exe, ftpupd.exe, getmac.exe, gpresult.exe, gpupdate.exe, grpconv.exe, HelpCtr.exe, help.exe, HelpHost.exe, HelpSvc.exe, hh.exe, hostname.exe, ie4uinit.exe, iexpress.exe, imapi.exe, ipconfig.exe, ipsec6.exe, ipv6.exe, ipxroute.exe, label.exe, lights.exe, lnkstub.exe, locator.exe, lodctr.exe, logagent.exe, logman.exe, logoff.exe, logon.scr, logonui.exe, lpq.exe, lpr.exe, magnify.exe, makecab.exe, migload.exe, migpwd.exe, migwiz_a.exe, migwiz.exe, mmc.exe, mnmsrvc.exe, mobsync.exe, mofcomp.exe, mountvol.exe, mplay32.exe, mpnotify.exe, mqbkup.exe, mqsvc.exe, mqtgsvc.exe, mrinfo.exe, msconfig.exe, msdtc.exe, msg.exe, mshearts.exe, mshta.exe, msiexec.exe, msoobe.exe, mspaint.exe, msswchx.exe, mstinit.exe, mstsc.exe, narrator.exe, nbtstat.exe, nddeapir.exe, net1.exe, netdde.exe, net.exe, netsetup.exe, netsh.exe, netstat.exe, NOTEPAD.EXE, notiflag.exe, nppagent.exe, nslookup.exe, ntbackup.exe, ntsd.exe, ntvdm.exe, nwscript.exe, odbcad32.exe, odbcconf.exe, oobebaln.exe, openfiles.exe, osk.exe, osuninst.exe, packager.exe, pathping.exe, pentnt.exe, perfmon.exe, ping6.exe, print.exe, progman.exe, proquota.exe, proxycfg.exe, qappsrv.exe, qprocess.exe, qwinsta.exe, rasautou.exe, rasdial.exe, rasphone.exe, rcimlby.exe, rcp.exe, rdpclip.exe, rdsaddin.exe, rdshost.exe, recover.exe, relog.exe, replace.exe, reset.exe, rexec.exe, routemon.exe, rsh.exe, rsm.exe, rsmsink.exe, rsmui.exe, rsnotify.exe, rsopprov.exe, rstrui.exe, rsvp.exe, rtcshare.exe, runas.exe, rundll32.exe, runonce.exe, rwinsta.exe, savedump.exe, scardsvr.exe, schtasks.exe, scrcons.exe, scrnsave.scr, sdbinst.exe, secedit.exe, sessmgr.exe, sethc.exe, sfc.exe, shadow.exe, shmgrate.exe, shrpubw.exe, shutdown.exe, sigverif.exe, skeys.exe, smlogsvc.exe, sndrec32.exe, sndvol32.exe, sol.exe, sort.exe, spider.exe, srdiag.exe, ss3dfo.scr, ssbezier.scr, ssflwbox.scr, ssmarque.scr, ssmypics.scr, ssmyst.scr, sspipes.scr, ssstars.scr, sstext3d.scr, stimon.exe, subst.exe, syncapp.exe, syskey.exe, sysocmgr.exe, systeminfo.exe, systray.exe, taskkill.exe, tasklist.exe, taskman.exe, taskmgr.exe, tcmsetup.exe, tcpsvcs.exe, telnet.exe, tftp.exe, tlntadmn.exe, tlntsess.exe, tlntsvr.exe, tourstart.exe, tracerpt.exe, tracert6.exe, tracert.exe, tscon.exe, tscupgrd.exe, tsdiscon.exe, tskill.exe, tsshutdn.exe, twunk_32.exe, typeperf.exe, unlodctr.exe, unsecapp.exe, UploadM.exe, upnpcont.exe, upraeblo.exe, ups.exe, userinit.exe, usrmlnka.exe, usrprbda.exe, usrshuta.exe, utilman.exe, verifier.exe, vssadmin.exe, vssvc.exe, w32tm.exe, wbemtest.exe, wextract.exe, wiaacmgr.exe, winhlp32.exe, winmgmt.exe, winmine.exe, winmsd.exe, winver.exe, wmiadap.exe, wmiapsrv.exe, wmic.exe, wmiprvse.exe, wmpstub.exe, wpabaln.exe, wpnpinst.exe, write.exe, wuauclt.exe, wupdmgr.exe, xcopy.exe, setzibr.exe, hgirzlk.exe, kdarzc.exe, xfbshf.exe, nloyjvw.exe, hpilmb.exe, oupnu.exe, qxkeduh.exe, tjits.exe, wnmenm.exe, cxiukmxf.exe, lwgobjeg.exe, gahsy.exe, jlusipvc.exe, gesqnwr.exe, wpkcwri.exe, afcczw.exe, mwdqmpoz.exe, fwcsm.exe, eaxcnulk.exe, rzgirb.exe, wwurcld.exe, eulzcfn.exe, rdgeh.exe  
WinXP Processes CMD.EXE, CSRSS.EXE, EXPLORER.EXE, LSASS.EXE, MSMSGS.EXE, SERVICES.EXE, SPOOLSV.EXE, SVCHOST.EXE, upraeblo.exe, WINLOGON.EXE, setzibr.exe, hgirzlk.exe, kdarzc.exe, xfbshf.exe, nloyjvw.exe, hpilmb.exe, oupnu.exe, qxkeduh.exe, tjits.exe, cxiukmxf.exe, lwgobjeg.exe, gahsy.exe, jlusipvc.exe, gesqnwr.exe, wpkcwri.exe, mwdqmpoz.exe, fwcsm.exe, eaxcnulk.exe, wwurcld.exe, eulzcfn.exe, rdgeh.exe  
WinXP Registries HKEY_LOCAL_MACHINE@...Microsoft\\Wireless  
WinXP Ports 2922, 1297, 1602, 1037, 2248, 6522, 1674, 2853, 1039, 577, 1970, 8100, 4642, 6173, 3298, 3629, 4237, 1032, 6209, 764, 6666, 2703, 1887, 2436, 4899, 6823, 6895, 1031, 5787  
Win-2Kf Files  
Win-2Kf Processes  
Win-2Kf Registries  
Win-2Kf Ports  
Create Events  
Create Files  
Create RegKeys Cryptographic Service,SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ID,Client 
Open RegKeys Cryptographic Service,SOFTWARE\Microsoft\Windows\CurrentVersion\Run,Software\Microsoft\Wireless,ID,Client 
Service Starts  
Service Deletes  
Service Creates  
Cluster  
Cluster Confidence  
Packer ID1 PolyEnE 
Packer ID2  
Embedded DNS  
String Count 70 
String Link text
String MD5 ee9f9f1277ac24defb797113b33b2ceb 
Timerange 365 Days 
Unpack Status good (unpacked : 0 : Unpacking Provided Binary. (Code,Data) = (45.14%, 23.21%)) 
Countries
Unpacked Link 4a77430a59 [0
Callgraph ASM:Graph 
API Resolution 99% 
Comment none