| Packed MD5 | d42c1cc7c02828c4ca6065d2bce714c2 |
| Priority | 32 |
| First | 01/08/2008 |
| Last | 07/04/2008 |
| Count | 312 |
| History | 312 hits: 05-01 to 07-04 |
| Unpacked MD5 | af9ca5bed1a2eddda4d9eee5589d9186 |
| AV Hits | 29 |
| AV Count | 32 |
| CC Servers | |
| DNS Lookups | UA:citi-bank.ru EU:kidos-bank.ru DE:kidos-bank.ru |
| Failed Connects | UA:194.54.90.246:80 |
| AV Name | AhnLab-V3:Korgo.9343.C, AntiVir:Korgo.AE, Authentium:Korgo.P, Avast:_Korgo-P, AVG:Padobot.P, BitDefender:Korgo.X, CAT-QuickHeal:Padobot, ClamAV:Padobot.G, DrWeb:Lsabot, eSafe:Korgo.p, eTrust-Vet:Korgo.P, Ewido:Padobot.g, FileAdvisor:MISSED, Fortinet:Korgo.I, F-Prot:Korgo.P, F-Secure:MISSED, Ikarus:Korgo.P, Kaspersky:Padobot.g, McAfee:Korgo.p, Microsoft:Korgo.P, NOD32v2:Korgo.P, Norman:Horst.gen33, Panda:Korgo.N.worm, Prevx1:MISSED, Rising:MISSED, Sophos:Korgo-P, Sunbelt:Korgo, Symantec:Korgo.P, TheHacker:Korgo.P, VBA32:Padobot.g, VirusBuster:Korgo.P, Webwasher-Gateway:Korgo.AE |
| WinXP Files | ftpupd.exe, vlkna.exe, uoleq.exe, kyzflckj.exe, suvqv.exe, phqghu.exe, uyevyz.exe, cvjyffd.exe, hshlfczt.exe, lvmlb.exe, gwdoapbr.exe, lfpkzp.exe, berpjr.exe, hsehmv.exe, lsyzn.exe, uuamteeq.exe, umlbchf.exe, bgottqal.exe, ybfnmz.exe, mhaax.exe, hqjih.exe, bkjeagiv.exe, rhjxo.exe, mprap.exe, gzpqa.exe, anwzod.exe, irnrisr.exe, zrbkz.exe, ovxvoev.exe, gdrtrzhr.exe, fqlsd.exe, nbuqn.exe, atlsyllr.exe, mzalboad.exe, mljqkvi.exe, gycmpg.exe, dyevmbl.exe, scjabkf.exe, exvxt.exe, umpoafga.exe, fyqel.exe, oacfnsd.exe, kicryl.exe, gvcdj.exe, cknakz.exe, zbofustp.exe, boxci.exe, lmjszdl.exe, wdzhhmye.exe, iikvkfi.exe, bdggik.exe, ryond.exe, maedao.exe, ajhcra.exe, dnwnoqbm.exe, srnhwlt.exe, wromji.exe, rcyutyy.exe, fjoktcoq.exe, kdcphmfw.exe, cbxfcfw.exe, hnkwy.exe, xerptu.exe, kgyix.exe, bcegwn.exe, eawmka.exe, shnssg.exe, katdnui.exe, bghdoir.exe, gmnaf.exe, zufvlqc.exe, llhemhft.exe, jasgcmai.exe, uszsupe.exe, uphjzhfv.exe, qgpdszne.exe, fzahpc.exe, ahohpi.exe, ggzhv.exe, axdda.exe, hoitai.exe, ztztvgl.exe, rimya.exe, xnaihcs.exe, pvrgl.exe, gmjyp.exe, oqfybmq.exe |
| WinXP Processes | CMD.EXE, CSRSS.EXE, EXPLORER.EXE, LSASS.EXE, MSMSGS.EXE, SERVICES.EXE, SPOOLSV.EXE, SVCHOST.EXE, vlkna.exe, WINLOGON.EXE, uoleq.exe, kyzflckj.exe, suvqv.exe, uyevyz.exe, cvjyffd.exe, LOGONUI.EXE, hshlfczt.exe, lvmlb.exe, gwdoapbr.exe, lfpkzp.exe, berpjr.exe, hsehmv.exe, lsyzn.exe, uuamteeq.exe, umlbchf.exe, bgottqal.exe, ybfnmz.exe, mhaax.exe, hqjih.exe, bkjeagiv.exe, rhjxo.exe, mprap.exe, gzpqa.exe, anwzod.exe, irnrisr.exe, zrbkz.exe, ovxvoev.exe, gdrtrzhr.exe, fqlsd.exe, nbuqn.exe, atlsyllr.exe, ftpupd.exe, mzalboad.exe, mljqkvi.exe, gycmpg.exe, dyevmbl.exe, scjabkf.exe, exvxt.exe, umpoafga.exe, fyqel.exe, oacfnsd.exe, kicryl.exe, gvcdj.exe, cknakz.exe, zbofustp.exe, boxci.exe, lmjszdl.exe, wdzhhmye.exe, iikvkfi.exe, bdggik.exe, ryond.exe, maedao.exe, ajhcra.exe, dnwnoqbm.exe, srnhwlt.exe, wromji.exe, rcyutyy.exe, fjoktcoq.exe, kdcphmfw.exe, cbxfcfw.exe, hnkwy.exe, xerptu.exe, kgyix.exe, bcegwn.exe, eawmka.exe, shnssg.exe, katdnui.exe, bghdoir.exe, gmnaf.exe, zufvlqc.exe, llhemhft.exe, jasgcmai.exe, uszsupe.exe, uphjzhfv.exe, qgpdszne.exe, fzahpc.exe, ahohpi.exe, ggzhv.exe, axdda.exe, hoitai.exe, ztztvgl.exe, rimya.exe, xnaihcs.exe, pvrgl.exe, gmjyp.exe, oqfybmq.exe |
| WinXP Registries | HKEY_LOCAL_MACHINE@...Microsoft\Wireless, HKEY_LOCAL_MACHINE@...Microsoft\\Wireless |
| WinXP Ports | 1041, 1041, 5943, 5354, 2044, 1871, 6339, 7649, 1031, 7624, 7289, 7112, 1055, 6557, 1790, 1903, 5302, 7785, 4626, 6536, 1263, 1265, 7372, 5188, 7296, 7402, 4860, 464, 7559, 4092, 7083, 1352, 4003, 4560, 3023, 4763, 2678, 819, 6002, 7877, 4997, 5193, 4259, 4117, 2419, 1528, 4582, 4178, 1276, 1286, 5988, 4018, 6125, 1873, 445, 7288, 7056, 4099, 619, 1839, 7440, 7177, 5167, 3398, 6059, 782, 1552, 7136, 3190, 1561, 3963, 3782, 6845, 4093, 1058, 2644, 8077, 3414, 4044, 964, 4421, 5210, 6900, 671, 7955, 495, 3680, 4830, 5415, 5810, 3768, 6075, 1925, 4931, 3482 |
| Win-2Kf Files | |
| Win-2Kf Processes | |
| Win-2Kf Registries | |
| Win-2Kf Ports | |
| Create Events | |
| Create Files | |
| Create RegKeys | .exe,Windows Update,SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ID,Client |
| Open RegKeys | Windows Update,SOFTWARE\Microsoft\Windows\CurrentVersion\Run,Software\Microsoft\Wireless,ID,Client |
| Service Starts | |
| Service Deletes | |
| Service Creates | |
| Cluster | |
| Cluster Confidence | |
| Packer ID1 | PolyEnE |
| Packer ID2 | |
| Embedded DNS | |
| String Count | 54 |
| String Link | text |
| String MD5 | d1496f1674936d28f0023a8856a7a590 |
| Timerange | 365 Days |
| Unpack Status | good (unpacked : 0 : Unpacking Provided Binary. (Code,Data) = (68.94%, 18.81%)) |
| Countries | 18 |
| Unpacked Link | e3f5b343b8 [0] |
| Callgraph | ASM:Graph |
| API Resolution | 100% |
| Comment | none |