Packed MD5 df17a625eec94cdcd4b1b7998c099d87 
Priority 51 
First 01/07/2008 
Last 07/04/2008 
Count 479 
History 479 hits: 05-04 to 07-04 
Unpacked MD5  
AV Hits 29 
AV Count 32 
CC Servers  
DNS Lookups EU:siliconfireware.ru :wpad RU:www.bbin.ru US:searchportal.information.com DE:siliconfireware.ru GB:welcome3.smile.co.uk US:spi.domainsponsor.com GB:new.egg.com US:ads.kw.revenue.net US:sptc.information.com :www.proxy-socks.net :landdev1.lap.internal EU:ebookfinaltrash.ru DE:ebookfinaltrash.ru RU:www.binbank.ru US:ads1.revenue.net US:as.casalemedia.com US:b.casalemedia.com US:i.casalemedia.com CA:www.bank-banque-canada.ca US:asmworm.com CA:www.cibc.com US:activex.microsoft.com US:codecs.microsoft.com :adserving.cpxinteractive.com :ad.yieldmanager.com 
Failed Connects RU:195.200.213.52:80 DE:212.227.111.29:80 DE:217.11.54.126:80 EU:78.47.200.154:80 US:204.13.161.51:80 US:208.73.212.12:80 GB:217.145.227.180:80 US:204.13.160.20:80 GB:195.92.84.198:80 GB:217.145.225.22:80 DE:212.227.111.20:80 DE:212.227.111.26:80 
AV Name AhnLab-V3:IRCBot.variant, AntiVir:Padobot.Z.11, Authentium:Berbew.S, Avast:MISSED, AVG:Generic2.EAJ, BitDefender:Generic.Malware.SFWX!V.A10AC054, CAT-QuickHeal:I-Padobot.z, ClamAV:Padobot, DrWeb:HangUp.26, eSafe:Padobot.z, eTrust-Vet:Berkor.A, Ewido:Padobot.z, FileAdvisor:MISSED, Fortinet:BDoor.AXJ!tr.bdr, F-Prot:Berbew.S, F-Secure:MISSED, Ikarus:Trojan-Downloader.Small.AIP, Kaspersky:Padobot.z, McAfee:BackDoor-AXJ, Microsoft:Korgo.AP, NOD32v2:Padobot.Z, Norman:Padobot.AG, Panda:TrjQuKart.U, Prevx1:MISSED, Rising:MISSED, Sophos:Doxpar-C, Sunbelt:Padobot.gen, Symantec:Ifbo.A, TheHacker:Padobot.z, VBA32:Padobot.z, VirusBuster:Padobot.E, Webwasher-Gateway:Padobot.Z.11  
WinXP Files DCPROMO.LOG, fcjoj32.dll, Gbpbpadd.dll, ndisrd.sys, thbk32.dll, adjcp32.dll, Fhjedlch.dll, index.dat, system@searchportal.information1.txt, Loedfojh.dll, odokxt32.dll, rxgll32.dll, Dpgpobie.dll, vlequ32.dll, Icmjif32.dll, tmwfx32.dll, Nlkkokka.dll, tlpjt32.dll, csrm32.dll, odeph32.dll, Oneokm32.dll, otiz32.dll, Pipiamem.dll, uzauyo32.dll, Adgigfic.dll, qssa32.dll, fhoii32.dll, Jleale32.dll, nqhnpfpm.htm, rsbl32.dll, cxer32.dll, Gacjkc32.dll, psmwm32.dll, Iifoip32.dll, laajtl32.dll, atrj32.dll, gokcddoq.htm, mozns32.dll, Piagfeqc.dll, mzndy32.dll, Pcnoofkf.dll, cczws32.dll, Lehonc32.dll, Mckoln32.dll, repgn32.dll, amcgn32.dll, Bdjhejeo.dll, uhjsir32.dll, Jaimln32.dll, vpibgq32.dll, ybnel32.dll, ajsxn32.dll, Difcck32.dll, mdacij32.dll, Djbjkpom.dll, fjlirh32.dll, xaqg32.dll, Kanocm32.dll, vnxvf32.dll, Olaafahi.dll, qquqo32.dll, feahn32.dll, Fhdjpe32.dll, Blnqbo32.dll, usil32.dll, Jmjegb32.dll, xkjct32.dll, Cdlmln32.dll, cibmcn32.dll, Cabpdljk.dll, nqpt32.dll, Cbbiin32.dll, cfbbq32.dll, Jeololhb.dll, pyux32.dll, sjhae32.dll, djtkzv32.dll, Kbpnfo32.dll, Blcmki32.dll, koffmx32.dll, Npkeqo32.dll, ppckwh32.dll, xzfmm32.dll, bpjb32.dll, fsweqj32.dll, Pahclgcg.dll, jeiw32.dll, Lmdganbp.dll, nqvzyv32.dll, Kipbin32.dll, pjjkcpdf.htm, reyn32.dll, vhlqyt32.dll, Ipadhlak.dll, nzej32.dll, wsuvsi32.dll, Mphkah32.dll, ojluof32.dll, Elobjjgh.dll, hlbff32.dll, nrua32.dll, eefht32.dll, Infbfb32.dll, nnar32.dll, Bjcjafcp.dll, decqxi32.dll, nldaabfi.htm, rjulc32.dll, ibegfpeg.htm, lrjht32.dll, Qflhcomo.dll, xermwy32.dll, Mdhjio32.dll, wmhkim32.dll, Agfcblkd.dll, cmlq32.dll, gxytbd32.dll, Cdqmgdqm.dll, dytn32.dll, zmokv32.dll, Eeffhmcf.dll, ldaya32.dll, xpicvb32.dll, iycvz32.dll, Qemmhagp.dll, Piaihjef.dll, vkspd32.dll, Fbnjoe32.dll, swgu32.dll, egkxb32.dll, Mhoefefl.dll, qarcwp32.dll, Bmbgob32.dll, muxx32.dll, xxkajd32.dll, Dlpakk32.dll, jqful32.dll, xwxp32.dll, Hajpejbe.dll, ycuwiy32.dll, Gfcooa32.dll, rhfbtv32.dll, hjvh32.dll, Lndkqlij.dll, Hanlfo32.dll, oifmfooa.htm, prelaj32.dll, qmgh32.dll, Kakmnn32.dll, orxaej32.dll, pinbiofe.htm, sdcdj32.dll, Dbngbedh.dll, ejsi32.dll, ydamo32.dll, Ddglddgn.dll, iaid32.dll, Biohcaio.dll, ukphd32.dll, clpdalkn.htm, Fpkhcpln.dll, fyjni32.dll, wphlrx32.dll, evtrp32.dll, Phliff32.dll, skgolo32.dll, system@new.egg2.txt, Canafoje.dll, lnvw32.dll, zbqtp32.dll, ajtey32.dll, Ngdgmd32.dll, dmphdheg.htm, jpfrf32.dll, masu32.dll, Ombaoo32.dll, fqygzc32.dll, Khljqc32.dll, nzsiq32.dll, fxbp32.dll, jcglaagp.htm, Mffjhg32.dll, rsjct32.dll, Jpaonl32.dll, xblni32.dll, aheugv32.dll, Cehqkiqq.dll, dbovuz32.dll, ifjiocle.htm, lvbc32.dll, Oapkhenh.dll, Dmmaaf32.dll, ealf32.dll, sndspu32.dll, avtk32.dll, Lakokf32.dll, blrep32.dll, gpnnodpq.htm, Idbpnomb.dll, gwrob32.dll, Ibjabcdm.dll, xnwmk32.dll, Ihgflkjp.dll, kfxslx32.dll, xaff32.dll, gutpxp32.dll, Haaoigfb.dll, kdmlqhba.htm, laio32.dll, iqylpx32.dll, Khfpje32.dll, Djipcgkd.dll, fzuce32.dll, fjkx32.dll, Ihakoa32.dll, tpcsgz32.dll, elwro32.dll, gngs32.dll, Lekilj32.dll, pqclcdeh.htm, Efemjp32.dll, eyfq32.dll, Ckoeaeao.dll, txad32.dll, Anafnc32.dll, jlmt32.dll, aivho32.dll, Qmlgalji.dll, wxqeju32.dll, karm32.dll, Pkhhfljh.dll, Mmppeb32.dll, mxkh32.dll, rdag32.dll, Eldmgc32.dll, mhgjhr32.dll, Lodcpbjp.dll, qvzk32.dll, wbrxxe32.dll, hxuao32.dll, Jcdhaigm.dll, lanflhfe.htm, vdmv32.dll, hgftv32.dll, Kfcdnd32.dll, vlxo32.dll, anyuser@www.binbank1.txt, Nbiobg32.dll, zlbnbd32.dll, ljjgfbmj.htm, Pomcpifd.dll, zkbi32.dll, Eddeiind.dll, qlaih32.dll, uonkll32.dll, Qccfdn32.dll, rfygun32.dll, Dlfhifle.dll, ucxoiu32.dll, Mmjlchnn.dll, tivv32.dll, Cjhjmmfo.dll, cnmmec32.dll, zczja32.dll, Dfgjhdol.dll, fezbb32.dll, Aalbjkoc.dll, aiyzfb32.dll, mldb32.dll, dkmqccon.htm, nloi32.dll, Qjlbeboi.dll, zyond32.dll, nfjhsw32.dll, Oacopjga.dll, jjdqobai.htm, mbomp32.dll, Ojldga32.dll, Heiipq32.dll, pvaqq32.dll, Fbdnbgal.dll, system@casalemedia1.txt, system@revenue2.txt, tcxhx32.dll, eaem32.dll, Kpoiobdi.dll, ckgc32.dll, Mppijnji.dll, rztzav32.dll, bffkpecc.htm, Ckmjoa32.dll, upujsp32.dll, fzcs32.dll, micphjaa.htm, Omkebc32.dll, qdpun32.dll, kjvwm32.dll, onacgjhd.htm, Onlopj32.dll, wedbpl32.dll, Eqdlnbli.dll, jpras32.dll, Ekjqaa32.dll, pwpyud32.dll, cdahf32.dll, Jhngfc32.dll, omhakmco.htm, Ghklgplp.dll, trtzzq32.dll, abbnhebj.htm, curwg32.dll, Hgnhligb.dll, Ckdnbf32.dll, eqhdvw32.dll, Fklcgoee.dll, wlcw32.dll, ehlmcdfo.htm, Knhndn32.dll, uyjz32.dll, Cfpjkd32.dll, onojz32.dll, Emogod32.dll, hgjkth32.dll, nflpogii.htm, Cajpogpl.dll, zdqa32.dll, ztvyl32.dll, Necjhbpf.dll, scbhgk32.dll, Bhecbcgj.dll, lwbhz32.dll, xrjmul32.dll, Lmhhgnfg.dll, tcntk32.dll, anvzup32.dll, nide32.dll, Nlmhnf32.dll, fejfgdpj.htm, Nlknap32.dll, qosuhk32.dll, tzxxl32.dll, hygf32.dll, Lcialdjn.dll, Cpdogela.dll, xibx32.dll, bgltj32.dll, Nmehha32.dll, Aehkkl32.dll, dlfpz32.dll, bkmleana.htm, ohyo32.dll, Pgifdm32.dll, acqrcj32.dll, Nicgcqnm.dll, ohifh32.dll, Phnpic32.dll, wolnh32.dll, Bfalhgaj.dll, fvjyb32.dll, tacu32.dll, gyel32.dll, Lkibfijg.dll, rjrnz32.dll, system@casalemedia2.txt, Dodjje32.dll, kyfr32.dll, ojsuag32.dll, Gbnjpd32.dll, ujdxiu32.dll, DCFBBDEI.exe, Flqbhl32.dll, kldujg32.dll, Nnklllam.exe, opqw32.dll, Koaialfo.dll, tnvtky32.dll, efzm32.dll, Qljhojka.dll, slrian32.dll, brko32.dll, Qiihfk32.dll, znmqik32.dll, Ngiecgoj.dll, system@ad.yieldmanager1.txt, ugid32.dll, Hoolfgbj.dll, vsret32.dll, Bkdakp32.dll, cpoqidml.htm, jccbuo32.dll, system@www.binbank1.txt, xpuwa32.dll, ecdsdh32.dll, lyvxmn32.dll, Ollhfqpd.dll, Ejalpc32.dll, rwty32.dll, gdgdnmno.htm, Mejemc32.dll, oswuy32.dll, wcrw32.dll, Cfjognoq.dll, yxbini32.dll, ezmdt32.dll, Fmammejk.dll, Leilmope.dll, ufsvgb32.dll, okccoigm.htm, pfyfx32.dll, Qmeooibk.dll, Bckplbda.dll, brvjqm32.dll  
WinXP Processes CMD.EXE, CSRSS.EXE, EXPLORER.EXE, iexplore.exe, LSASS.EXE, MSMSGS.EXE, SERVICES.EXE, SPOOLSV.EXE, SVCHOST.EXE, WINLOGON.EXE, Iexplore.exe, LOGONUI.EXE, defrag.exe, DfrgFat.exe, DCFBBDEI.exe, dwwin.exe, Nnklllam.exe  
WinXP Registries HKEY_CURRENT_USER@...ActivatingDocument\.Current, HKEY_CURRENT_USER@...CurrentVersion\InternetSettings, HKEY_CURRENT_USER@...FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN, HKEY_CURRENT_USER@...InternetSettings\Zones, HKEY_CURRENT_USER@...Main\FeatureControl, HKEY_CURRENT_USER@...Microsoft\Windows, HKEY_CURRENT_USER@...Windows\CurrentVersion, HKEY_CURRENT_USER@...Zones\0, HKEY_CURRENT_USER@...Zones\1, HKEY_CURRENT_USER@...Zones\2, HKEY_CURRENT_USER@...Zones\3, HKEY_CURRENT_USER@...Zones\4, HKEY_LOCAL_MACHINE@...CurrentVersion\InternetSettings, HKEY_LOCAL_MACHINE@...InternetSettings\Zones, HKEY_LOCAL_MACHINE@...Reliability\UserDefined, HKEY_LOCAL_MACHINE@...Windows\CurrentVersion, HKEY_LOCAL_MACHINE@...Zones\0, HKEY_LOCAL_MACHINE@...Zones\1, HKEY_LOCAL_MACHINE@...Zones\2, HKEY_LOCAL_MACHINE@...Zones\3, HKEY_LOCAL_MACHINE@...Zones\4, HKEY_USERS@...ActivatingDocument\.Current, HKEY_USERS@...CurrentVersion\InternetSettings, HKEY_USERS@...Explorer\ActivatingDocument, HKEY_USERS@...Explorer\CabinetState, HKEY_USERS@...Explorer\RunMRU, HKEY_USERS@...FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN, HKEY_USERS@...InternetExplorer\Toolbar, HKEY_USERS@...InternetExplorer\TypedURLs, HKEY_USERS@...InternetSettings\Zones, HKEY_USERS@...Main\FeatureControl, HKEY_USERS@...Microsoft\Windows, HKEY_USERS@...Windows\CurrentVersion, HKEY_USERS@...Zones\0, HKEY_USERS@...Zones\1, HKEY_USERS@...Zones\2, HKEY_USERS@...Zones\3, HKEY_USERS@...Zones\4, HKEY_CURRENT_USER@...ActivatingDocument\\.Current, HKEY_CURRENT_USER@...CurrentVersion\\InternetSettings, HKEY_CURRENT_USER@...FeatureControl\\FEATURE_LOCALMACHINE_LOCKDOWN, HKEY_CURRENT_USER@...InternetSettings\\Zones, HKEY_CURRENT_USER@...Main\\FeatureControl, HKEY_CURRENT_USER@...Microsoft\\Windows, HKEY_CURRENT_USER@...Windows\\CurrentVersion, HKEY_CURRENT_USER@...Zones\\0, HKEY_CURRENT_USER@...Zones\\1, HKEY_CURRENT_USER@...Zones\\2, HKEY_CURRENT_USER@...Zones\\3, HKEY_CURRENT_USER@...Zones\\4, HKEY_LOCAL_MACHINE@...CurrentVersion\\InternetSettings, HKEY_LOCAL_MACHINE@...InternetSettings\\Zones, HKEY_LOCAL_MACHINE@...Reliability\\UserDefined, HKEY_LOCAL_MACHINE@...Windows\\CurrentVersion, HKEY_LOCAL_MACHINE@...Zones\\0, HKEY_LOCAL_MACHINE@...Zones\\1, HKEY_LOCAL_MACHINE@...Zones\\2, HKEY_LOCAL_MACHINE@...Zones\\3, HKEY_LOCAL_MACHINE@...Zones\\4, HKEY_USERS@...ActivatingDocument\\.Current, HKEY_USERS@...CurrentVersion\\InternetSettings, HKEY_USERS@...Explorer\\ActivatingDocument, HKEY_USERS@...Explorer\\CabinetState, HKEY_USERS@...Explorer\\RunMRU, HKEY_USERS@...FeatureControl\\FEATURE_LOCALMACHINE_LOCKDOWN, HKEY_USERS@...InternetExplorer\\Toolbar, HKEY_USERS@...InternetExplorer\\TypedURLs, HKEY_USERS@...InternetSettings\\Zones, HKEY_USERS@...Main\\FeatureControl, HKEY_USERS@...Microsoft\\Windows, HKEY_USERS@...Windows\\CurrentVersion, HKEY_USERS@...Zones\\0, HKEY_USERS@...Zones\\1, HKEY_USERS@...Zones\\2, HKEY_USERS@...Zones\\3, HKEY_USERS@...Zones\\4, HKEY_CURRENT_USER@...International\\CpMRU, HKEY_USERS@...International\\CpMRU, HKEY_CURRENT_USER@...InternetExplorer\\Media, HKEY_USERS@...InternetExplorer\\Media, HKEY_USERS@...InternetExplorer\\International, HKEY_LOCAL_MACHINE@...Microsoft\\CodeStoreDatabase, HKEY_USERS@...5E6AB780-7743-11CF-A12B-00AA004AE837\\Count, HKEY_USERS@...75048700-EF1F-11D0-9888-006097DEACF9\\Count, HKEY_USERS@...Explorer\\UserAssist, HKEY_USERS@...Microsoft\\IEAK, HKEY_USERS@...Microsoft\\InternetConnectionWizard, HKEY_USERS@...UserAssist\\5E6AB780-7743-11CF-A12B-00AA004AE837, HKEY_USERS@...UserAssist\\75048700-EF1F-11D0-9888-006097DEACF9  
WinXP Ports 80, 1042, 1086, 1030, 1046, 1376, 1029, 1044, 1091, 1038, 4849, 1037, 1109, 2587, 1060, 1034, 1051, 1934, 1090, 3620, 1045, 1096, 4781, 2883, 1039, 4386, 1028, 1077, 2169, 1103, 1043, 1059, 1857, 2541, 2432, 1048, 3312, 1057, 2271, 2000, 1863, 1040, 1093, 4358, 1110, 1668, 1032, 1047, 1061, 1033, 1049, 4117, 1074, 1088, 2984, 1549, 1534, 1137, 2472, 3152, 4535, 1036, 1063, 1058, 2383, 1869, 1089, 2496, 2900  
Win-2Kf Files  
Win-2Kf Processes  
Win-2Kf Registries  
Win-2Kf Ports  
Create Events  
Create Files  
Create RegKeys  
Open RegKeys  
Service Starts  
Service Deletes  
Service Creates  
Cluster  
Cluster Confidence  
Packer ID1 ASPack 
Packer ID2  
Embedded DNS  
String Count  
String Link text
String MD5  
Timerange 365 Days 
Unpack Status good (unpacked : 0 : Unpacking Provided Binary. (Code,Data) = (71.02%, 15.78%)) 
Countries 21 
Unpacked Link ace045b78f [0
Callgraph ASM:Graph 
API Resolution 72% 
Comment none