| Packed MD5 | fd0bf48a757d685550858b2f150edd39 |
| Priority | 4 |
| First | 04/28/2008 |
| Last | 06/25/2008 |
| Count | 15 |
| History | 15 hits: 04-28 to 06-25 |
| Unpacked MD5 | |
| AV Hits | 20 |
| AV Count | 32 |
| CC Servers | 222.177.11.165:7000 209.250.232.240:7000 211.96.97.44:7000 208.101.48.210:7000 |
| DNS Lookups | CN:scorti1.dns2go.com US:scorti1.dns2go.com |
| Failed Connects | CN:222.177.11.165:7000 US:209.250.232.240:7000 CN:211.96.97.44:7000 US:208.101.48.210:7000 CN:218.93.14.236:7000 |
| AV Name | AhnLab-V3:IRCBot.variant, AntiVir:TRAgent.1126400, Authentium:MISSED, Avast:_Rbot-FHT, AVG:SHeur.ADOK, BitDefender:DeepScan_Generic.Malware.KIFWXg.1D26B81A, CAT-QuickHeal:SdBot.gen, ClamAV:PUA.Packed.Themida, DrWeb:MISSED, eSafe:MISSED, eTrust-Vet:ForBot.TT, Ewido:MISSED, FileAdvisor:MISSED, Fortinet:MISSED, F-Prot:Zlob.CXE, F-Secure:Suspicious_Malware!Gemini, Ikarus:Generic.Sdbot, Kaspersky:MISSED, McAfee:MISSED, Microsoft:MISSED, NOD32v2:MISSED, Norman:Agent.EEIP, Panda:MISSED, Prevx1:DIMPY.WIN32VBSY.Q, Rising:Rbot.fda, Sophos:SusComPack, Sunbelt:MISSED, Symantec:MISSED, TheHacker:Behav-Heuristic-064, VBA32:MISSED, VirusBuster:Rbot.UWC, Webwasher-Gateway:Agent.1126400 |
| WinXP Files | hotfixs.exe |
| WinXP Processes | CMD.EXE, CSRSS.EXE, defrag.exe, DfrgFat.exe, EXPLORER.EXE, hotfixs.exe, LSASS.EXE, MSMSGS.EXE, SERVICES.EXE, SPOOLSV.EXE, SVCHOST.EXE, WINLOGON.EXE |
| WinXP Registries | HKEY_LOCAL_MACHINE@...CurrentVersion\RunServices, HKEY_USERS@...CurrentVersion\RunOnce, HKEY_LOCAL_MACHINE@...CurrentVersion\\RunServices, HKEY_USERS@...CurrentVersion\\RunOnce |
| WinXP Ports | 1041, 1787, 1039, 8912, 1036, 1327, 1328, 1572, 1573, 1581, 1582, 1583, 1584, 1585, 1586, 1587, 1588, 1589, 1590, 1591, 1592, 1593, 1594, 1595, 1596, 1597, 1598, 1599, 1600, 1601, 1602, 1603, 1604, 1605, 1606, 1607, 1608, 5506, 1038, 15051, 1035, 1061, 1062, 11219, 2036, 2037, 2161, 2162, 2163, 2164, 2165, 2166, 2167, 2168, 2169, 2170, 2171, 2172, 2173, 2174, 2175, 2176, 2177, 2178, 2179, 2180, 2181, 2182, 2183, 2184, 2185, 2186, 2187, 2188, 2189, 2190, 2191, 2192, 2193, 2194, 2195, 2196, 2197, 2198, 2199, 2200, 2201, 2202, 2203, 2204, 2205 |
| Win-2Kf Files | |
| Win-2Kf Processes | hotfixs.exe |
| Win-2Kf Registries | HKEY_LOCAL_MACHINE@...CurrentVersion\\RunServices, HKEY_USERS@...CurrentVersion\\Run |
| Win-2Kf Ports | 1027, 1030, 1281, 1282, 1283, 1284, 1285, 1286, 1287, 1288, 1289, 19541, 1041, 21390, 1045 |
| Create Events | |
| Create Files | |
| Create RegKeys | |
| Open RegKeys | |
| Service Starts | |
| Service Deletes | |
| Service Creates | |
| Cluster | |
| Cluster Confidence | |
| Packer ID1 | ASProtect |
| Packer ID2 | |
| Embedded DNS | |
| String Count | |
| String Link | text |
| String MD5 | |
| Timerange | 365 Days |
| Unpack Status | unknown (FAILED : 3 : No Unpacked Binary Generated) |
| Countries | 3 |
| Unpacked Link | none[3] |
| Callgraph | none:none |
| API Resolution | |
| Comment | none |