| Packed MD5 | 954a98c971fda498f9d1211f18e75cd7 |
| Priority | 1 |
| First | 06/27/2008 |
| Last | 08/17/2008 |
| Count | 9 |
| History | 9 hits: 06-09 to 08-17 |
| Unpacked MD5 | |
| AV Hits | 31 |
| AV Count | 32 |
| CC Servers | 67.43.236.66:8080 72.10.172.211:8080 67.43.236.98:5190 |
| DNS Lookups | CA:xx.nadnadzz.info CA:xx.ka3ek.com CA:xx.enterhere.biz CA:xx.sqlteam.info CA:nadsam0.info CA:alwayssam.com CA:zonetech.info |
| Failed Connects | CA:67.43.226.242:8080 CA:67.43.236.66:8080 CA:67.43.236.98:10324 CA:67.43.236.98:1863 CA:67.43.236.99:10324 CA:67.43.236.99:1863 CA:72.10.172.211:8080 US:130.107.211.165:17189 US:130.107.250.214:34462 CA:72.10.166.195:80 CA:72.10.167.74:80 |
| AV Name | AhnLab-V3:IRCBot.variant, AntiVir:VanBot.AX.215, Authentium:Backdoor2.KMO, Avast:_Crypt-CBZ, AVG:Packed.AverCrypt, BitDefender:Agent.ZHT, CAT-QuickHeal:VanBot.ax, ClamAV:Vanbot-166, DrWeb:IRC.Sdbot.2665, eSafe:VanBot.ax, eTrust-Vet:Linkbot.QL, Ewido:VanBot.ax, FileAdvisor:MISSED, Fortinet:MISSED, F-Prot:Backdoor2.KMO, F-Secure:VanBot.ax, Ikarus:PoisonIvy.ay, Kaspersky:VanBot.ax, McAfee:Nirbot.worm, Microsoft:Ircbrute, NOD32v2:Poebot, Norman:SDBot.BIGG, Panda:Sdbot.LPH.worm, Prevx1:MISSED, Rising:IRCbot.wrb, Sophos:Nirbot-C, Sunbelt:Vanbot, Symantec:Spybot.Worm, TheHacker:BackdoorVanBot.ax, VBA32:IRC.Sdbot.2665, VirusBuster:VanBot.FQ, Webwasher-Gateway:VanBot.AX.215 |
| WinXP Files | htqfzdh.exe, iifcDUNh.dll, mzfcg.exe, SVCHOST.EXE, ttitv.exe, uahzxmbe.exe, ycijoe.exe |
| WinXP Processes | CMD.EXE, CSRSS.EXE, dwwin.exe, EXPLORER.EXE, LSASS.EXE, MSMSGS.EXE, mzfcg.exe, NTVDM.EXE, rundll32.exe, SERVICES.EXE, spooIsv.exe, SPOOLSV.EXE, SVCHOST.EXE, WINLOGON.EXE, ycijoe.exe |
| WinXP Registries | HKEY_LOCAL_MACHINE@...ControlPanel\\Settings, HKEY_LOCAL_MACHINE@...InstalledComponents\\28ABC5C0-4FCB-11CF-AAX5-81CX1C635612, HKEY_LOCAL_MACHINE@...Notify\\iifcDUNh |
| WinXP Ports | 1031, 1034, 2176, 2177, 2178, 2179, 2180, 2181, 2182, 2183, 2184, 2185, 2186, 2187, 2188, 2189, 2190, 2191, 2192, 2193, 2194, 2195, 2196, 2197, 2198, 2199, 2200, 2201, 2202, 2203, 2204, 2205, 2206, 2207, 2208, 2209, 2210, 2211, 2212, 2213, 2214, 2215, 2216, 2217, 2218, 2219, 2220, 2221, 2222, 2223, 2224, 2225, 2226, 2227, 2228, 2229, 2230, 2231, 2232, 2233, 2234, 2235, 2236, 2237, 2238, 2239, 2240, 2241, 2242, 2243, 2244, 2245, 2246, 2247, 2248, 2249, 2250, 2251, 2252, 2253, 2254, 2255, 2256, 2257, 2258, 2259, 2260, 2261, 2262, 2263, 2264, 2265, 2266, 2267, 2268, 2269, 2270, 2271, 2272, 2273, 2274, 2275, 2276, 2277, 2278, 2279, 2280, 2281, 2282, 2283, 2284, 2285, 2286, 2287, 2288, 2289, 2290, 2291, 2292, 2293, 2294, 2295, 2296, 2297, 2298, 2299, 2300, 2301, 2302, 2303, 2304, 2305, 2306, 2307, 2308, 2309, 2310, 2311, 2312, 2313, 2314, 2315, 2316, 2317, 2318, 2319, 2320, 2321, 2322, 2323, 2324, 2325, 2326, 2327, 2328, 2329, 2330, 2331, 2332, 2333, 2334, 2335, 2336, 2337, 2338, 2339, 2340, 2341, 2342, 2343, 2344, 2345, 2346, 2347, 2348, 2349, 2350, 2351, 2352, 2353, 2354, 2355, 2356, 2357, 2358, 2359, 2360, 2361, 2362, 2363, 2364, 2365, 2366, 2367, 2368, 2369, 2370, 2371, 2372, 2373, 2374, 2375, 2376, 2377, 2378, 2379, 2380, 2381, 2382, 2383, 2384, 2385, 2386, 2387, 2388, 2389, 2390, 2391, 2392, 2393, 2394, 2395, 2396, 2397, 2398, 2399, 2400, 2401, 2402, 2403, 2404, 2405, 2406, 2407, 2408, 2409, 2410, 2411, 2412, 2413, 2414, 2415, 2416, 2417, 2418, 2419, 2420, 2421, 2422, 2423, 2424, 2425, 2426, 2427, 2428, 2429, 2430, 2431, 1036, 1037, 1038, 1039, 1040 |
| Win-2Kf Files | |
| Win-2Kf Processes | Isass.exe, sqawees.exe, winIogon.exe |
| Win-2Kf Registries | HKEY_LOCAL_MACHINE@...ControlPanel\\Settings, HKEY_LOCAL_MACHINE@...Notify\\hgGyxVOe, HKEY_USERS@...InternetSettings\\5.0, HKEY_USERS@...InternetSettings\\ZoneMap, HKEY_USERS@...InternetSettings\\Zones, HKEY_USERS@...Microsoft\\Installer, HKEY_USERS@...ZoneMap\\Domains, HKEY_USERS@...ZoneMap\\ProtocolDefaults, HKEY_USERS@...ZoneMap\\Ranges, HKEY_USERS@...Zones\\0, HKEY_USERS@...Zones\\1, HKEY_USERS@...Zones\\2, HKEY_USERS@...Zones\\3, HKEY_USERS@...Zones\\4 |
| Win-2Kf Ports | 1027, 1031, 135, 4113, 4114, 4115, 4116, 4117, 4118, 4119, 4120, 4121, 4122, 4123, 4124, 4125, 4126, 4127, 4128, 4129, 4130, 4131, 4132, 4133, 4134, 4135, 4136, 4137, 4138, 4139, 4140, 4141, 4142, 4143, 4144, 4145, 4146, 4147, 4148, 4149, 4150, 4151, 4152, 4153, 4154, 4155, 4156, 4157, 4158, 4159, 4160, 4161, 4162, 4163, 4164, 4165, 4166, 4167, 4168, 4169, 4170, 4171, 4172, 4173, 4174, 4175, 4176 |
| Create Events | |
| Create Files | |
| Create RegKeys | |
| Open RegKeys | |
| Service Starts | |
| Service Deletes | |
| Service Creates | |
| Cluster | |
| Cluster Confidence | |
| Packer ID1 | FSG |
| Packer ID2 | |
| Embedded DNS | |
| String Count | |
| String Link | text |
| String MD5 | |
| Timerange | 365 Days |
| Unpack Status | unknown (FAILED : 4 : Unpacking Timed Out) |
| Countries | 3 |
| Unpacked Link | none[4] |
| Callgraph | none:none |
| API Resolution | |
| Comment | none |