| Packed MD5 | dc8e1c63cdf9f539cff935e528c34a4e |
| Priority | 12 |
| First | 01/07/2008 |
| Last | 06/18/2008 |
| Count | 105 |
| History | 105 hits: 12-27 to 06-18 |
| Unpacked MD5 | e0eb8646ee3e9d0b64a8b9a68acf3a38 |
| AV Hits | 22 |
| AV Count | 32 |
| CC Servers | 222.177.11.165:7000 218.25.36.7:7000 209.250.232.240:7000 210.217.196.11:7000 67.19.50.66:7000 |
| DNS Lookups | US:scorti1.dns2go.com KR:scorti1.dns2go.com CN:scorti1.dns2go.com :www.google.com FR:members.lycos.co.uk CN:hail2.dns2go.com |
| Failed Connects | US:209.250.232.240:7000 CN:222.177.11.165:7000 CN:211.96.97.44:7000 KR:210.217.196.11:7000 CN:218.93.14.236:7000 CN:218.25.36.7:7000 US:65.12.238.82:7000 US:67.19.50.66:7000 US:208.101.48.210:7000 US:63.149.6.91:7000 US:65.117.119.162:7000 US:65.23.35.204:7000 |
| AV Name | AhnLab-V3:IRCBot.variant, AntiVir:IrcBot.ZF, Authentium:Sdbot.AEFD, Avast:MISSED, AVG:SHeur.ADQC, BitDefender:Agent.YZJ, CAT-QuickHeal:SdBot.gen, ClamAV:PUA.Packed.Themida, DrWeb:IRC.Sdbot.2150, eSafe:MISSED, eTrust-Vet:ForBot.TQ, Ewido:MISSED, FileAdvisor:MISSED, Fortinet:MISSED, F-Prot:Sdbot.AEFD, F-Secure:SdBot.ckf, Ikarus:Generic.Sdbot, Kaspersky:SdBot.ckf, McAfee:Gaobot.gen.ca, Microsoft:MISSED, NOD32v2:Wootbot.NIR, Norman:MISSED, Panda:MISSED, Prevx1:DIMPY.WIN32VBSY.Q, Rising:MISSED, Sophos:MISSED, Sunbelt:Agent.YZJ, Symantec:Spybot.Worm, TheHacker:Behav-Heuristic-064, VBA32:MISSED, VirusBuster:SdBot.GFN, Webwasher-Gateway:IrcBot.ZF |
| WinXP Files | msnnmaneger.exe, index.dat, afro.bat |
| WinXP Processes | CMD.EXE, CSRSS.EXE, EXPLORER.EXE, LSASS.EXE, MSMSGS.EXE, msnnmaneger.exe, SERVICES.EXE, SPOOLSV.EXE, SVCHOST.EXE, WINLOGON.EXE, zdoypzmp.exe |
| WinXP Registries | HKEY_LOCAL_MACHINE@...CurrentVersion\RunServices, HKEY_USERS@...CurrentVersion\RunOnce, HKEY_LOCAL_MACHINE@...CurrentVersion\\RunServices, HKEY_USERS@...CurrentVersion\\RunOnce |
| WinXP Ports | 1040, 11464, 1043, 14842, 1035, 13714, 1037, 1924, 1039, 13882, 1038, 7683, 113, 7493, 9792, 2277 |
| Win-2Kf Files | |
| Win-2Kf Processes | msnnmaneger.exe |
| Win-2Kf Registries | HKEY_LOCAL_MACHINE@...CurrentVersion\\RunServices, HKEY_USERS@...CurrentVersion\\Run |
| Win-2Kf Ports | 1041, 18418, 1026, 135, 500, 8796, 1030, 17235, 22156, 1044, 16621, 1068, 10724, 11996, 1809, 1810, 1811, 1812, 1813, 1814, 1815, 1816, 1817, 1818, 1819, 1820, 1821, 1822, 1823, 1824, 1825, 1826, 1827, 1828, 1829, 1830, 1831, 1832, 1833, 1834, 1835, 1836, 1837, 1838, 1839, 1840, 1842, 1843, 1844, 1845, 1846, 1847, 1848, 1849, 1850, 1851, 1852 |
| Create Events | |
| Create Files | |
| Create RegKeys | |
| Open RegKeys | |
| Service Starts | |
| Service Deletes | |
| Service Creates | |
| Cluster | |
| Cluster Confidence | |
| Packer ID1 | none |
| Packer ID2 | none |
| Embedded DNS | admin.com, scorti1.dns2go.com |
| String Count | 601 |
| String Link | text |
| String MD5 | e4b8e1bcb3fca331a752d62574071bcb |
| Timerange | 365 Days |
| Unpack Status | good (unpacked : 0 : Unpacking Provided Binary. (Code,Data) = (32.71%, 41.76%)) |
| Countries | 17 |
| Unpacked Link | e0eb8646ee [0] |
| Callgraph | ASM:Graph |
| API Resolution | 62% |
| Comment | none |