| Packed MD5 | 6887c0c41745ab2eb7aa90f80e7adbd1 |
| Priority | 1 |
| First | 01/08/2008 |
| Last | 07/02/2008 |
| Count | 12 |
| History | 12 hits: 08-17 to 07-02 |
| Unpacked MD5 | 0a9bea275061008f929aad3c0cdeaefc |
| AV Hits | 25 |
| AV Count | 32 |
| CC Servers | 217.170.244.2:443 |
| DNS Lookups | |
| Failed Connects | CZ:217.170.244.2:443 CZ:82.114.64.251:443 |
| AV Name | AhnLab-V3:IRCBot.Gen, AntiVir:SdBo.100864.22, Authentium:Sdbot.OKR, Avast:_Trojano-3403, AVG:IRCBackDoor.SdBot.OZG, BitDefender:Rbot.GNN, CAT-QuickHeal:Rbot.gen, ClamAV:MISSED, DrWeb:HLLW.MyBot.based, eSafe:MISSED, eTrust-Vet:Rbot.EDK, Ewido:MISSED, FileAdvisor:MISSED, Fortinet:SDBot.OKR@mm, F-Prot:Sdbot.OKR, F-Secure:MISSED, Ikarus:MISSED, Kaspersky:Rbot.gen, McAfee:Sdbot.gen.x, Microsoft:Rbot!DF7F, NOD32v2:Rbot, Norman:Spybot.AADO, Panda:Sdbot.FRD.worm, Prevx1:MISSED, Rising:MISSED, Sophos:Rbot-BAB, Sunbelt:VIPRE.Suspicious, Symantec:Spybot.Worm, TheHacker:BackdoorRbot.gen, VBA32:Rbot.gen, VirusBuster:RBot.DBI, Webwasher-Gateway:SdBo.100864.22 |
| WinXP Files | |
| WinXP Processes | CMD.EXE, CSRSS.EXE, EXPLORER.EXE, LSASS.EXE, MSMSGS.EXE, qexgvjr32.exe, SERVICES.EXE, SPOOLSV.EXE, SVCHOST.EXE, WINLOGON.EXE, pgpwsdh32.exe |
| WinXP Registries | HKEY_LOCAL_MACHINE@...CurrentVersion\RunServices, HKEY_USERS@...Microsoft\OLE, HKEY_LOCAL_MACHINE@...CurrentVersion\\RunServices, HKEY_USERS@...Microsoft\\OLE |
| WinXP Ports | 44445 |
| Win-2Kf Files | |
| Win-2Kf Processes | eokejzl32.exe |
| Win-2Kf Registries | HKEY_LOCAL_MACHINE@...CurrentVersion\\RunServices, HKEY_USERS@...InternetSettings\\5.0, HKEY_USERS@...InternetSettings\\Connections, HKEY_USERS@...Microsoft\\OLE |
| Win-2Kf Ports | 44445 |
| Create Events | |
| Create Files | |
| Create RegKeys | Software\Microsoft\OLE,SYSTEM\CurrentControlSet\Control\Lsa |
| Open RegKeys | Software\Microsoft\OLE,SYSTEM\CurrentControlSet\Control\Lsa |
| Service Starts | |
| Service Deletes | |
| Service Creates | |
| Cluster | |
| Cluster Confidence | |
| Packer ID1 | FSG |
| Packer ID2 | |
| Embedded DNS | *@celestial.org |
| String Count | 1932 |
| String Link | text |
| String MD5 | 5b635e5da140471e2024e7c425fd1936 |
| Timerange | 365 Days |
| Unpack Status | good (unpacked : 0 : Unpacking Provided Binary. (Code,Data) = (84.71%, 8.27%)) |
| Countries | 3 |
| Unpacked Link | 0a9bea2750 [0] |
| Callgraph | ASM:Graph |
| API Resolution | 93% |
| Comment | none |