| Packed MD5 | d41d8cd98f00b204e9800998ecf8427e |
| Priority | 11 |
| First | 08/09/2009 |
| Last | 08/11/2009 |
| Count | |
| History | |
| Unpacked MD5 | |
| AV Hits | 0 0 |
| AV Count | 32 |
| CC Servers | 218.93.205.24:65520 203.146.251.62:3305 218.93.205.24:65520 216.245.213.194:80 221.5.74.39:65520 67.43.236.67:10324 61.120.62.28:3305 |
| DNS Lookups | CN:proxim.ircgalaxy.pl US:microsoft.com CN:www.zief.pl IL:xt67ur.wwlax.com CN:dretis.cn IL:bugreport.waverevenue.com IL:tidwhmep.s4upd.com IL:rec.bestrevenue.net US:b155.bundlext.com :cx10man.weedns.com GB:fx010413.whyI.org TH:gynoman.weedns.com JP:g.0x20.biz TH:telephone.dd.blueline.be CN:proxima.ircgalaxy.pl CN:kritq.cn :onuka.cn :mxs.mail.ru US:alt4.gmail-smtp-in.l.google.com US:in1.smtp.messagingengine.com US:mail7.digitalwaves.co.nz CA:xx.nadnadzz.info :xx.enterhere.biz NL:xx.sqlteam.info CA:xx.ka3ek.com :nadsamcabran12.com TH:fx010413.whyI.org US:ns2.msft.net US:alt2.gmail-smtp-in.l.google.com US:alt3.gmail-smtp-in.l.google.com US:alt1.gmail-smtp-in.l.google.com GB:cx10man.weedns.com AR:fx010413.whyI.org US:gg.arrancar.org |
| Failed Connects | IL:62.90.134.24:80 JP:61.120.62.28:3305 CN:211.95.79.170:80 CN:218.93.205.24:65520 CA:67.43.236.67:10324 NL:83.68.16.6:5190 US:209.190.85.36:25 CN:222.138.109.99:80 US:209.85.51.152:555 |
| AV Name | AhnLab-V3:MISSED, AntiVir:MISSED, Authentium:MISSED, Avast:MISSED, AVG:MISSED, BitDefender:MISSED, CAT-QuickHeal:MISSED, ClamAV:MISSED, DrWeb:MISSED, eSafe:MISSED, eTrust-Vet:MISSED, Ewido:MISSED, FileAdvisor:MISSED, Fortinet:MISSED, F-Prot:MISSED, F-Secure:MISSED, Ikarus:MISSED, Kaspersky:MISSED, McAfee:MISSED, Microsoft:MISSED, NOD32v2:MISSED, Norman:MISSED, Panda:MISSED, Prevx1:MISSED, Rising:MISSED, Sophos:MISSED, Sunbelt:MISSED, Symantec:MISSED, TheHacker:MISSED, VBA32:MISSED, VirusBuster:MISSED, Webwasher-Gateway:MISSED |
| WinXP Files | , DLLHOST.EXE, SVCHOST.EXE, 3.tmp, 5.tmp, 6.tmp, 8.tmp, accwiz.exe, actmovie.exe, agentsvr.exe, ahui.exe, alg.exe, arp.exe, asr_fmt.exe, asr_ldm.exe, at.exe, atmadm.exe, attrib.exe, bootcfg.exe, bootok.exe, bootvrfy.exe, cacls.exe, calc.exe, charmap.exe, chkdsk.exe, chkntfs.exe, cidaemon.exe, cipher.exe, cisvc.exe, ckcnv.exe, cleanmgr.exe, cliconfg.exe, clipbrd.exe, clipsrv.exe, cmdl32.exe, cmmon32.exe, cmstp.exe, compact.exe, comp.exe, comrepl.exe, conime.exe, control.exe, convert.exe, cscript.exe, ctfmon.exe, dcomcnfg.exe, ddeshare.exe, defrag.exe, dfrgfat.exe, dfrgntfs.exe, diantz.exe, diskpart.exe, diskperf.exe, dllhost.exe, dllhst3g.exe, dmadmin.exe, dmremote.exe, doskey.exe, dplaysvr.exe, dpnsvr.exe, dpvsetup.exe, driverquery.exe, drwtsn32.exe, dumprep.exe, dvdplay.exe, dvdupgrd.exe, dxdiag.exe, esentutl.exe, eudcedit.exe, eventcreate.exe, eventtriggers.exe, eventvwr.exe, expand.exe, extrac32.exe, fc.exe, find.exe, findstr.exe, finger.exe, fixmapi.exe, fontview.exe, forcedos.exe, freecell.exe, fsutil.exe, ftp.exe, getmac.exe, gpresult.exe, gpupdate.exe, grpconv.exe, HelpCtr.exe, help.exe, HelpHost.exe, HelpSvc.exe, hh.exe, hostname.exe, ie4uinit.exe, iexpress.exe, imapi.exe, ipconfig.exe, ipsec6.exe, ipv6.exe, ipxroute.exe, label.exe, lights.exe, lnkstub.exe, locator.exe, lodctr.exe, logagent.exe, logman.exe, logoff.exe, logon.scr, logonui.exe, lpq.exe, lpr.exe, magnify.exe, makecab.exe, migload.exe, migpwd.exe, migwiz_a.exe, migwiz.exe, mmc.exe, mnmsrvc.exe, mobsync.exe, mofcomp.exe, mountvol.exe, mplay32.exe, mpnotify.exe, mqbkup.exe, mqsvc.exe, mqtgsvc.exe, mrinfo.exe, msconfig.exe, msdtc.exe, msg.exe, mshearts.exe, mshta.exe, msiexec.exe, msoobe.exe, mspaint.exe, msswchx.exe, mstinit.exe, mstsc.exe, msword98.exe, narrator.exe, nbtstat.exe, nddeapir.exe, net1.exe, netdde.exe, net.exe, netsetup.exe, netsh.exe, netstat.exe, NOTEPAD.EXE, notiflag.exe, nppagent.exe, nslookup.exe, ntbackup.exe, ntfs.sys, ntsd.exe, ntvdm.exe, nwscript.exe, odbcad32.exe, odbcconf.exe, oobebaln.exe, openfiles.exe, osk.exe, osuninst.exe, packager.exe, pathping.exe, pentnt.exe, perfmon.exe, ping6.exe, print.exe, progman.exe, proquota.exe, proxycfg.exe, qappsrv.exe, qprocess.exe, qwinsta.exe, rasautou.exe, rasdial.exe, rasphone.exe, rcimlby.exe, rcp.exe, rdpclip.exe, rdsaddin.exe, rdshost.exe, recover.exe, relog.exe, replace.exe, reset.exe, rexec.exe, routemon.exe, rsh.exe, rsm.exe, rsmsink.exe, rsmui.exe, rsnotify.exe, rsopprov.exe, rstrui.exe, rsvp.exe, rtcshare.exe, runas.exe, rundll32.exe, runonce.exe, rwinsta.exe, savedump.exe, scardsvr.exe, schtasks.exe, scrcons.exe, scrnsave.scr, sdbinst.exe, secedit.exe, services.exe, sessmgr.exe, sethc.exe, sfc.exe, shadow.exe, shmgrate.exe, shrpubw.exe, shutdown.exe, sigverif.exe, skeys.exe, smlogsvc.exe, sndrec32.exe, sndvol32.exe, sol.exe, sort.exe, spider.exe, srdiag.exe, ss3dfo.scr, ssbezier.scr, ssflwbox.scr, ssmarque.scr, ssmypics.scr, ssmyst.scr, sspipes.scr, ssstars.scr, sstext3d.scr, stimon.exe, subst.exe, syncapp.exe, syskey.exe, sysocmgr.exe, systeminfo.exe, systray.exe, taskkill.exe, tasklist.exe, taskman.exe, taskmgr.exe, tcmsetup.exe, tcpsvcs.exe, telnet.exe, tftp.exe, tlntadmn.exe, tlntsess.exe, tlntsvr.exe, tourstart.exe, tracerpt.exe, tracert6.exe, tracert.exe, tscon.exe, tscupgrd.exe, tsdiscon.exe, tskill.exe, tsshutdn.exe, twunk_32.exe, typeperf.exe, unlodctr.exe, unsecapp.exe, UploadM.exe, upnpcont.exe, ups.exe, userinit.exe, usrmlnka.exe, usrprbda.exe, usrshuta.exe, utilman.exe, verifier.exe, VRT1.tmp, vssadmin.exe, vssvc.exe, w32tm.exe, wbemtest.exe, wextract.exe, wiaacmgr.exe, winhlp32.exe, winmgmt.exe, winmine.exe, winmsd.exe, winver.exe, wmiadap.exe, wmiapsrv.exe, wmic.exe, wmpstub.exe, wpabaln.exe, wpnpinst.exe, write.exe, wuauclt.exe, wupdmgr.exe, xcopy.exe, zxwkfaatkqjic5.sys, 2.tmp, UAC76f3.tmp, UAC7731.tmp, UAC78d7.tmp, UACd.sys, wmiprvse.exe, TFTP980, 4.tmp, znqyoichhe5.sys, UACacac.tmp, UACaccc.tmp, UACaecf.tmp |
| WinXP Processes | CMD.EXE, CSRSS.EXE, DLLHOST.EXE, EXPLORER.EXE, LSASS.EXE, MSMSGS.EXE, SERVICES.EXE, SPOOLSV.EXE, SVCHOST.EXE, WINLOGON.EXE, 8.tmp, msword98.exe, wmiprvse.exe, 4.tmp, csrsc.exe, dwwin.exe |
| WinXP Registries | HKEY_LOCAL_MACHINE@...CurrentVersion\\services, HKEY_LOCAL_MACHINE@...Microsoft\\DownloadManager, HKEY_LOCAL_MACHINE@...Microsoft\\SecurityCenter, HKEY_LOCAL_MACHINE@...Microsoft\\WindowsFirewall, HKEY_LOCAL_MACHINE@...WindowsFirewall\\DomainProfile, HKEY_LOCAL_MACHINE@...WindowsFirewall\\StandardProfile, HKEY_LOCAL_MACHINE@...Microsoft\\MRT, HKEY_LOCAL_MACHINE@...WindowsNT\\WindowsFileProtection, HKEY_LOCAL_MACHINE@...Windows\\WindowsUpdate |
| WinXP Ports | 1031, 1035, 1045, 1046, 1047, 1048, 1049, 1034, 1038, 1036, 1043, 1044, 135, 1037, 3358, 3359, 3360, 3361, 3362, 3363, 3364, 3365, 3366, 3367, 3368, 3369, 3370, 3371, 3372, 3373, 3374, 3375, 3376, 3377, 3378, 3379, 3380, 3381, 3382, 3383, 3384, 3385, 3386, 3387, 3388, 3389, 3390, 3391, 3392, 3393, 3394, 3395, 3396, 3397, 3398, 3399, 3400, 3401, 3402, 3403, 3404, 3405, 3406, 3407, 3408, 3409, 3410, 3411, 3412, 3413, 3414, 3415, 3416, 3417, 3418, 61961, 21813, 4607, 4608, 4609, 4610, 4611, 4612, 4613, 4614, 4615, 4616, 4617, 4618, 4619, 4620, 4621, 4622, 4623, 4624, 4625, 4626, 4627, 4628, 4629, 4630, 4631, 4632, 4633, 4634, 4635, 4636, 4637, 4638, 4639, 4640, 4641, 4642, 4643, 4644, 4645, 4646, 4647, 4648, 4649, 4650, 4651, 4652, 4653, 4654, 4655, 4656, 4657, 4658, 4659, 4660, 4661, 4662, 4663, 4664, 4665, 4666, 4667, 4668, 4669, 4670, 4671, 4672 |
| Win-2Kf Files | |
| Win-2Kf Processes | unwise_.exe, DLLHOST.EXE |
| Win-2Kf Registries | HKEY_LOCAL_MACHINE@...Microsoft\\MRT, HKEY_LOCAL_MACHINE@...Microsoft\\SecurityCenter, HKEY_LOCAL_MACHINE@...Microsoft\\WindowsNT, HKEY_LOCAL_MACHINE@...WindowsNT\\WindowsFileProtection, HKEY_LOCAL_MACHINE@...Windows\\WindowsUpdate, HKEY_USERS@...InternetSettings\\5.0, HKEY_USERS@...InternetSettings\\Connections |
| Win-2Kf Ports | 1039, 135, 4075, 4076, 4077, 4078, 4079, 4080, 4081, 4082, 4083, 4084, 4085, 4086, 4087, 4088, 4089, 4090, 4091, 4092, 4093, 4094, 4095, 4096, 4097, 4098, 4099, 4100, 4101, 4102, 4103, 4104, 4105, 4106, 4107, 4108, 4109, 4110, 4111, 4112, 4113, 4114, 4115, 4116, 4117, 4118, 4119, 4120, 4121, 4122, 4123, 4124, 4125, 4126, 4127, 4128, 4129, 4130, 47489, 69, 1027, 1033, 44947, 4515, 4516, 4517, 4518, 4519, 4520, 4521, 4522, 4523, 4524, 4525, 4526, 4527, 4528, 4529, 4530, 4531, 4532, 4533, 4534, 4535, 4536, 4537, 4538, 4539, 4540, 4541, 4542, 4543, 4544, 4545, 4546, 4547, 4548, 4549, 4550, 4551, 4552, 4553, 4554, 4555, 4556, 4557, 4558, 4559, 4560, 4561, 4562, 4563, 4564, 4565, 4566, 4567, 4568, 4569, 4570, 4571, 4572, 4573, 4574, 4575, 4576 |
| Create Events | |
| Create Files | |
| Create RegKeys | |
| Open RegKeys | |
| Service Starts | |
| Service Deletes | |
| Service Creates | |
| Cluster | |
| Cluster Confidence | |
| Packer ID1 | none |
| Packer ID2 | none |
| Embedded DNS | |
| String Count | 0 |
| String Link | text |
| String MD5 | d41d8cd98f00b204e9800998ecf8427e |
| Timerange | 365 Days |
| Unpack Status | unknown (FAILED : 3 : No Unpacked Binary Generated) |
| Countries | 6 |
| Unpacked Link | |
| Callgraph | |
| API Resolution | |
| Comment | none |