| Packed MD5 | 53bfe15e9143d86b276d73fdcaf66265 |
| Priority | 100 |
| First | 06/17/2008 |
| Last | 08/27/2008 |
| Count | 1922 |
| History | 1922 hits: 06-17 to 08-27 |
| Unpacked MD5 | a08f3b74a44279644e3e5db508491131 |
| AV Hits | 33 0 |
| AV Count | 32 |
| CC Servers | 210.245.211.11:65520 |
| DNS Lookups | US:microsoft.com US:download.microsoft.com HK:proxim.ircgalaxy.pl DE:dl2.teenpassage.com :wpad HK:proxima.ircgalaxy.pl US:w3bs.chat-shqip.org IL:ksn.a1001186.wrs.mcboo.com US:chat-shqip.org |
| Failed Connects | US:208.111.148.23:80 US:198.78.220.124:80 US:205.128.79.125:80 US:206.33.45.125:80 US:208.111.173.47:80 US:208.111.148.43:80 US:204.160.126.126:80 US:205.128.66.126:80 US:192.221.110.125:80 US:192.221.99.126:80 US:207.123.47.126:80 US:199.93.41.124:80 US:199.93.41.126:80 US:205.128.73.126:80 US:207.123.37.126:80 US:4.23.60.125:80 US:208.111.148.15:80 DE:85.114.141.207:80 US:207.123.46.125:80 US:192.221.110.126:80 US:208.111.148.69:80 US:205.128.66.124:80 US:192.221.99.124:80 US:198.78.201.126:80 US:207.123.42.126:80 US:64.62.216.10:80 US:64.62.216.56:80 US:199.93.44.126:80 US:208.111.148.152:80 US:208.111.148.174:80 US:204.160.126.124:80 US:206.33.43.126:80 US:208.111.148.226:80 US:199.93.46.125:80 US:4.23.60.126:80 US:207.123.37.123:80 US:8.12.222.126:80 US:208.111.148.115:80 US:208.111.173.53:80 US:69.28.178.10:80 US:208.111.173.52:80 US:72.247.30.81:80 US:72.247.30.83:80 US:208.111.148.149:80 US:199.93.46.126:80 US:198.78.220.126:80 US:204.160.104.126:80 US:192.221.108.126:80 US:207.123.37.125:80 US:207.123.46.126:80 US:8.12.202.125:80 US:208.111.148.247:80 US:205.128.79.126:80 US:199.93.53.125:80 US:208.111.173.51:80 96.6.122.9:80 US:208.111.148.254:80 US:208.111.153.215:80 US:205.128.79.124:80 US:199.93.44.124:80 US:208.111.148.108:80 US:208.111.148.219:80 US:199.93.53.126:80 US:208.111.148.137:80 US:64.62.193.134:80 US:64.62.193.166:80 US:199.93.46.124:80 US:208.111.173.16:80 US:207.123.44.126:80 HK:210.245.211.11:65520 US:209.84.20.126:80 US:208.111.173.42:80 US:208.111.148.54:80 US:204.2.160.90:80 US:204.2.160.91:80 US:208.111.173.46:80 US:64.215.166.173:80 US:64.215.166.190:80 US:72.247.30.144:80 US:72.247.30.211:80 US:12.190.48.65:80 US:12.190.48.97:80 US:208.111.153.231:80 US:208.111.153.236:80 US:12.190.48.114:80 US:12.190.48.83:80 US:12.190.48.91:80 US:12.190.48.99:80 US:204.2.133.57:80 US:204.2.133.73:80 US:207.123.37.124:80 US:207.123.44.125:80 NL:77.67.126.83:80 US:216.246.93.73:80 CZ:217.170.244.2:443 CZ:82.114.64.251:443 96.6.127.18:80 96.6.127.74:80 96.6.122.74:80 HK:210.245.211.11:80 US:204.2.133.43:80 US:204.2.133.81:80 IL:194.90.224.86:80 DE:85.114.143.2:80 US:67.149.121.39:12351 US:67.149.121.39:13001 |
| AV Name | AhnLab-V3:MISSED, AntiVir:MISSED, Authentium:MISSED, Avast:MISSED, AVG:MISSED, BitDefender:MISSED, CAT-QuickHeal:MISSED, ClamAV:MISSED, DrWeb:MISSED, eSafe:MISSED, eTrust-Vet:MISSED, Ewido:MISSED, FileAdvisor:MISSED, Fortinet:MISSED, F-Prot:MISSED, F-Secure:MISSED, Ikarus:MISSED, Kaspersky:MISSED, McAfee:MISSED, Microsoft:MISSED, NOD32v2:MISSED, Norman:MISSED, Panda:MISSED, Prevx1:MISSED, Rising:MISSED, Sophos:MISSED, Sunbelt:MISSED, Symantec:MISSED, TheHacker:MISSED, VBA32:MISSED, VirusBuster:MISSED, Webwasher-Gateway:MISSED |
| WinXP Files | catdb, dberr.txt, DLLHOST.EXE, edb.log, KB823980.log, ole32.dll, rpcrt4.dll, rpcss.dll, setupapi.log, spmsg.dll, SVCHOST.EXE, TimeStamp, tmp.edb, xpsp1hfm.exe, xpsp1hfm.log, , edb.chk, accwiz.exe, actmovie.exe, agentsvr.exe, ahui.exe, alg.exe, arp.exe, asr_fmt.exe, asr_ldm.exe, at.exe, atmadm.exe, attrib.exe, bootcfg.exe, bootok.exe, bootvrfy.exe, cacls.exe, calc.exe, charmap.exe, chkdsk.exe, chkntfs.exe, cidaemon.exe, cipher.exe, cisvc.exe, ckcnv.exe, cleanmgr.exe, cliconfg.exe, clipbrd.exe, clipsrv.exe, cmdl32.exe, cmmon32.exe, cmstp.exe, compact.exe, comp.exe, comrepl.exe, conime.exe, control.exe, convert.exe, cscript.exe, ctfmon.exe, dcomcnfg.exe, ddeshare.exe, defrag.exe, dfrgfat.exe, dfrgntfs.exe, diantz.exe, diskpart.exe, diskperf.exe, dllhost.exe, dllhst3g.exe, dmadmin.exe, dmremote.exe, doskey.exe, dplaysvr.exe, dpnsvr.exe, dpvsetup.exe, driverquery.exe, drwtsn32.exe, dumprep.exe, dvdplay.exe, dvdupgrd.exe, dxdiag.exe, esentutl.exe, eudcedit.exe, eventcreate.exe, eventtriggers.exe, eventvwr.exe, expand.exe, extrac32.exe, fc.exe, find.exe, findstr.exe, finger.exe, fixmapi.exe, fontview.exe, forcedos.exe, freecell.exe, fsutil.exe, ftp.exe, getmac.exe, gpresult.exe, gpupdate.exe, grpconv.exe, HelpCtr.exe, help.exe, HelpHost.exe, HelpSvc.exe, hh.exe, hostname.exe, ie4uinit.exe, iexpress.exe, imapi.exe, ipconfig.exe, ipsec6.exe, ipv6.exe, ipxroute.exe, label.exe, lights.exe, lnkstub.exe, locator.exe, lodctr.exe, logagent.exe, logman.exe, logoff.exe, logon.scr, logonui.exe, lpq.exe, lpr.exe, magnify.exe, makecab.exe, migload.exe, migpwd.exe, migwiz_a.exe, migwiz.exe, mmc.exe, mnmsrvc.exe, mobsync.exe, mofcomp.exe, mountvol.exe, mplay32.exe, mpnotify.exe, mqbkup.exe, mqsvc.exe, mqtgsvc.exe, mrinfo.exe, msconfig.exe, msdtc.exe, msg.exe, mshearts.exe, mshta.exe, msiexec.exe, msoobe.exe, mspaint.exe, msswchx.exe, mstinit.exe, mstsc.exe, narrator.exe, nbtstat.exe, nddeapir.exe, net1.exe, netdde.exe, net.exe, netsetup.exe, netsh.exe, netstat.exe, NOTEPAD.EXE, notiflag.exe, nppagent.exe, nslookup.exe, ntbackup.exe, ntsd.exe, ntvdm.exe, nwscript.exe, odbcad32.exe, odbcconf.exe, oobebaln.exe, openfiles.exe, osk.exe, osuninst.exe, packager.exe, pathping.exe, pentnt.exe, perfmon.exe, ping6.exe, print.exe, progman.exe, proquota.exe, proxycfg.exe, qappsrv.exe, qprocess.exe, qwinsta.exe, rasautou.exe, rasdial.exe, rasphone.exe, rcimlby.exe, rcp.exe, rdpclip.exe, rdsaddin.exe, rdshost.exe, recover.exe, relog.exe, replace.exe, reset.exe, rexec.exe, routemon.exe, rsh.exe, rsm.exe, rsmsink.exe, rsmui.exe, rsnotify.exe, rsopprov.exe, rstrui.exe, rsvp.exe, rtcshare.exe, runas.exe, rundll32.exe, runonce.exe, rwinsta.exe, savedump.exe, scardsvr.exe, schtasks.exe, scrcons.exe, scrnsave.scr, sdbinst.exe, secedit.exe, sessmgr.exe, sethc.exe, sfc.exe, shadow.exe, shmgrate.exe, shrpubw.exe, shutdown.exe, sigverif.exe, skeys.exe, smlogsvc.exe, sndrec32.exe, sndvol32.exe, sol.exe, sort.exe, spider.exe, srdiag.exe, ss3dfo.scr, ssbezier.scr, ssflwbox.scr, ssmarque.scr, ssmypics.scr, ssmyst.scr, sspipes.scr, ssstars.scr, sstext3d.scr, stimon.exe, subst.exe, syncapp.exe, syskey.exe, sysocmgr.exe, systeminfo.exe, systray.exe, taskkill.exe, tasklist.exe, taskman.exe, taskmgr.exe, tcmsetup.exe, tcpsvcs.exe, telnet.exe, tftp.exe, tlntadmn.exe, tlntsess.exe, tlntsvr.exe, tourstart.exe, tracerpt.exe, tracert6.exe, tracert.exe, tscon.exe, tscupgrd.exe, tsdiscon.exe, tskill.exe, tsshutdn.exe, twunk_32.exe, typeperf.exe, unlodctr.exe, unsecapp.exe, UploadM.exe, upnpcont.exe, ups.exe, userinit.exe, usrmlnka.exe, usrprbda.exe, usrshuta.exe, utilman.exe, verifier.exe, vssadmin.exe, vssvc.exe, w32tm.exe, wbemtest.exe, wextract.exe, wiaacmgr.exe, winhlp32.exe, winmgmt.exe, winmine.exe, winmsd.exe, winver.exe, wmiadap.exe, wmiapsrv.exe, wmic.exe, wmiprvse.exe, wmpstub.exe, wpabaln.exe, wpnpinst.exe, write.exe, wuauclt.exe, wupdmgr.exe, xcopy.exe, TFTP3460, RpcServicePack.exe |
| WinXP Processes | CMD.EXE, CSRSS.EXE, DLLHOST.EXE, EXPLORER.EXE, LSASS.EXE, MSMSGS.EXE, SERVICES.EXE, SPOOLSV.EXE, SVCHOST.EXE, WINLOGON.EXE, LOGONUI.EXE, defrag.exe, DfrgFat.exe |
| WinXP Registries | HKEY_LOCAL_MACHINE@...Filelist\\0, HKEY_LOCAL_MACHINE@...Filelist\\1, HKEY_LOCAL_MACHINE@...Filelist\\2, HKEY_LOCAL_MACHINE@...Filelist\\3, HKEY_LOCAL_MACHINE@...Filelist\\4, HKEY_LOCAL_MACHINE@...Filelist\\5, HKEY_LOCAL_MACHINE@...HotFix\\KB823980, HKEY_LOCAL_MACHINE@...KB823980\\File1, HKEY_LOCAL_MACHINE@...KB823980\\Filelist, HKEY_LOCAL_MACHINE@...Microsoft\\DownloadManager, HKEY_LOCAL_MACHINE@...Microsoft\\Updates, HKEY_LOCAL_MACHINE@...SP1\\KB823980, HKEY_LOCAL_MACHINE@...Updates\\WindowsXP, HKEY_LOCAL_MACHINE@...WindowsXP\\SP1 |
| WinXP Ports | 707, 69, 1031, 1034, 1035, 1028, 1036, 1037, 1033, 1038, 1032 |
| Win-2Kf Files | |
| Win-2Kf Processes | DLLHOST.EXE |
| Win-2Kf Registries | HKEY_LOCAL_MACHINE@...Microsoft\DownloadManager, HKEY_USERS@...InternetSettings\5.0, HKEY_USERS@...InternetSettings\Connections, HKEY_LOCAL_MACHINE@...Filelist\\0, HKEY_LOCAL_MACHINE@...Filelist\\1, HKEY_LOCAL_MACHINE@...Filelist\\2, HKEY_LOCAL_MACHINE@...Filelist\\3, HKEY_LOCAL_MACHINE@...Filelist\\4, HKEY_LOCAL_MACHINE@...Filelist\\5, HKEY_LOCAL_MACHINE@...HotFix\\KB823980, HKEY_LOCAL_MACHINE@...KB823980\\File1, HKEY_LOCAL_MACHINE@...KB823980\\Filelist, HKEY_LOCAL_MACHINE@...Microsoft\\DownloadManager, HKEY_LOCAL_MACHINE@...Microsoft\\Updates, HKEY_LOCAL_MACHINE@...SP5\\KB823980, HKEY_LOCAL_MACHINE@...Updates\\Windows2000, HKEY_LOCAL_MACHINE@...Windows2000\\SP5, HKEY_USERS@...InternetSettings\\5.0, HKEY_USERS@...InternetSettings\\Connections |
| Win-2Kf Ports | 1027, 707, 1031, 69, 1029, 1042, 135, 1034, 1033, 1039, 1040, 1035, 1026, 1028, 1036, 1041, 1037, 1038, 1030 |
| Create Events | |
| Create Files | |
| Create RegKeys | |
| Open RegKeys | |
| Service Starts | |
| Service Deletes | |
| Service Creates | |
| Cluster | |
| Cluster Confidence | |
| Packer ID1 | Armadillo |
| Packer ID2 | |
| Embedded DNS | |
| String Count | 81 |
| String Link | text |
| String MD5 | 44926503ef0b75a14cdb2930659e3dbc |
| Timerange | 365 Days |
| Unpack Status | unknown (FAILED : 4 : Unpacking Timed Out) |
| Countries | 24 |
| Unpacked Link | none[4] |
| Callgraph | none:none |
| API Resolution | |
| Comment | none |