| Packed MD5 | f58222344f8238f64195972712fe6e2e |
| Priority | 4 |
| First | 03/30/2008 |
| Last | 06/22/2008 |
| Count | 14 |
| History | 14 hits: 12-31 to 06-22 |
| Unpacked MD5 | 2a56436a64803fa8b01c86c3b97d7305 |
| AV Hits | 28 |
| AV Count | 32 |
| CC Servers | 85.114.137.60:80 |
| DNS Lookups | DE:proxim.ircgalaxy.pl DE:siliconfireware.ru US:searchportal.information.com US:spi.domainsponsor.com :landdev1.lap.internal RU:www.bbin.ru :wpad GB:welcome3.smile.co.uk |
| Failed Connects | DE:85.114.143.208:80 DE:85.114.137.60:80 RU:195.200.213.52:80 EU:78.47.200.154:80 |
| AV Name | AhnLab-V3:Korgo.46592, AntiVir:Virut.X, Authentium:MISSED, Avast:_Padobot-I, AVG:Generic7.ORM, BitDefender:Berbew.Be.DAM, CAT-QuickHeal:Virut.F, ClamAV:Korgo.Z, DrWeb:Virut.5, eSafe:MISSED, eTrust-Vet:Berkor.A, Ewido:MISSED, FileAdvisor:MISSED, Fortinet:MetaCrypt.1, F-Prot:Berbew.M, F-Secure:Virut.T, Ikarus:Padobot.Z, Kaspersky:Virut.q, McAfee:Virut.gen, Microsoft:Virut.AP, NOD32v2:Padodor.NAU, Norman:Virut.T, Panda:Virutas.gen, Prevx1:MISSED, Rising:Virut.GEN, Sophos:Vetor-A, Sunbelt:MISSED, Symantec:MISSED, TheHacker:Virut.gen2, VBA32:Virut.q, VirusBuster:Padobot.B, Webwasher-Gateway:Virut.X |
| WinXP Files | cmd.exe, DCFBBDEI.exe, ndisrd.sys, Nflppn32.dll, Omgich32.exe, yrzb32.dll, Clkchjcn.exe, ekvm32.dll, frkr32.dll, Ipmhpj32.dll, Mkbjaipc.dll, nkhtc32.dll, Ogncii32.exe, |
| WinXP Processes | |
| WinXP Registries | HKEY_LOCAL_MACHINE@...CurrentVersion\\InternetSettings, HKEY_LOCAL_MACHINE@...InternetSettings\\Zones, HKEY_LOCAL_MACHINE@...Windows\\CurrentVersion, HKEY_LOCAL_MACHINE@...Zones\\0, HKEY_LOCAL_MACHINE@...Zones\\1, HKEY_LOCAL_MACHINE@...Zones\\2, HKEY_LOCAL_MACHINE@...Zones\\3, HKEY_LOCAL_MACHINE@...Zones\\4, HKEY_USERS@...ActivatingDocument\\.Current, HKEY_USERS@...CurrentVersion\\InternetSettings, HKEY_USERS@...Explorer\\ActivatingDocument, HKEY_USERS@...Explorer\\CabinetState, HKEY_USERS@...FeatureControl\\FEATURE_LOCALMACHINE_LOCKDOWN, HKEY_USERS@...InternetSettings\\Zones, HKEY_USERS@...Main\\FeatureControl, HKEY_USERS@...Microsoft\\Windows, HKEY_USERS@...Windows\\CurrentVersion, HKEY_USERS@...Zones\\0, HKEY_USERS@...Zones\\1, HKEY_USERS@...Zones\\2, HKEY_USERS@...Zones\\3, HKEY_USERS@...Zones\\4 |
| WinXP Ports | 445, 80, 1101 |
| Win-2Kf Files | |
| Win-2Kf Processes | |
| Win-2Kf Registries | |
| Win-2Kf Ports | |
| Create Events | |
| Create Files | |
| Create RegKeys | 1601,yes,BrowseNewProcess,.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows,iexplore.exe,GlobalUserOffline,Software\Microsoft\Windows\CurrentVersion\Internet Settings,AppEvents\Schemes\Apps\Explorer\Navigating\.Current,AppEvents\Schemes\Apps\Explorer\ActivatingDocument\.Current,ifc,Software\Microsoft\Windows,ofstkkq,ofstkkqc,KKQHOOK,Apartment,ThreadingModel,Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelay |
| Open RegKeys | Path,Software\Microsoft\IE Setup\Setup,ifc,Software\Microsoft\Windows,ofstkkq,ofstkkqc,KKQHOOK,Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelay |
| Service Starts | |
| Service Deletes | |
| Service Creates | |
| Cluster | |
| Cluster Confidence | |
| Packer ID1 | PolyEnE |
| Packer ID2 | |
| Embedded DNS | command.com, chevychasebank.com, gronxplanets.ru, www.mdmbank.ru, fethard.biz, royalbank.com, securitylab.ru, tat-neftbank.ru, seclab.ru, openbank.com, gutabank.ru, www.b2b-trust.com, grepware-facility.ru, www.uralsib.ru, 53bank.com, totallyfreebanking.com, barclays.com, kidos-bank.ru, yambo.biz, prorat.net, www.ovk.ru, www.rbc.com, www.allahabadbank.com, online-business.lloydstsb.co.uk, myonlineaccounts2.abbeynational.co.uk, www.absolutbank.ru, www.nomos.ru, www.netmagister.com, www.kmb.ru, www.spyinstructors.com, acrolein-hawk.rubanking.halifax-online.co.uk, www.icbank.ru, www.bankofindia.com, pizdabol-inc.ru, www.sbrf.ru, digital-relaxkgb.ru, asmworm.com, www.uniastrum.ru, www.mmbank.ru, alfabank.ru, hyper-space-fuel.ru, www.cwbank.com, www.vtb.ru, www.cibc.com, www.bankofmadura.com, www.bmo.com, www.masterbank.ru, ebookfinaltrash.ru, master-x.com, www.bbin.ru, olb2.nationet.com, welcome3.smile.co.uk, www.baltbank.ru, new.egg.com, prodexteam.netcrutop.nu, www.proxy-socks.net, www.cbr.ru, prodexteam.net, atmacasoft.com, siliconfireware.ru |
| String Count | 265 |
| String Link | text |
| String MD5 | 2887cea3a3e902f8aa6dbe1fc057ae33 |
| Timerange | 365 Days |
| Unpack Status | good (unpacked : 0 : Unpacking Provided Binary. (Code,Data) = (70.64%, 17.79%)) |
| Countries | 1 |
| Unpacked Link | 2a56436a64 [0] |
| Callgraph | ASM:Graph |
| API Resolution | 54% |
| Comment | none |