Packed MD5 df17a625eec94cdcd4b1b7998c099d87 
Priority 50 
First 03/01/2008 
Last 08/27/2008 
Count 227 
History 227 hits: 01-01 to 08-27 
Unpacked MD5 9bbdd086c53e8ece6eb841c3296be2ae  
AV Hits 29 
AV Count 32 
CC Servers  
DNS Lookups DE:siliconfireware.ru US:searchportal.information.com US:spi.domainsponsor.com EU:siliconfireware.ru :wpad GB:welcome3.smile.co.uk GB:new.egg.com :landdev1.lap.internal :www.proxy-socks.net RU:www.bbin.ru DE:ebookfinaltrash.ru RU:www.binbank.ru EU:ebookfinaltrash.ru CA:www.bmo.com US:sprw.information.com CA:www.cibc.com US:sptc01.information.com US:ads1.revenue.net US:as.casalemedia.com US:activex.microsoft.com US:codecs.microsoft.com CA:www.bank-banque-canada.ca US:b.casalemedia.com US:i.casalemedia.com US:www.bankofmadura.com 
Failed Connects DE:212.227.111.29:80 DE:217.11.54.126:80 EU:78.47.200.154:80 US:208.73.210.32:80 US:204.13.161.51:80 US:208.73.212.12:80 GB:217.145.227.180:80 RU:195.200.213.52:80 GB:217.145.225.22:80 GB:195.92.84.198:80 US:208.73.210.71:80 
AV Name AhnLab-V3:IRCBot.variant, AntiVir:Padobot.Z.11, Authentium:Berbew.S, Avast:MISSED, AVG:Generic2.EAJ, BitDefender:Generic.Malware.SFWX!V.A10AC054, CAT-QuickHeal:I-Padobot.z, ClamAV:Padobot, DrWeb:HangUp.26, eSafe:Padobot.z, eTrust-Vet:Berkor.A, Ewido:Padobot.z, FileAdvisor:MISSED, Fortinet:BDoor.AXJ!tr.bdr, F-Prot:Berbew.S, F-Secure:MISSED, Ikarus:Trojan-Downloader.Small.AIP, Kaspersky:Padobot.z, McAfee:BackDoor-AXJ, Microsoft:Korgo.AP, NOD32v2:Padobot.Z, Norman:Padobot.AG, Panda:TrjQuKart.U, Prevx1:MISSED, Rising:MISSED, Sophos:Doxpar-C, Sunbelt:Padobot.gen, Symantec:Ifbo.A, TheHacker:Padobot.z, VBA32:Padobot.z, VirusBuster:Padobot.E, Webwasher-Gateway:Padobot.Z.11  
WinXP Files DCPROMO.LOG, index.dat, Mbjmdjob.dll, ndisrd.sys, rjlab32.dll, system@searchportal.information1.txt, adjcp32.dll, Fhjedlch.dll, Loedfojh.dll, odokxt32.dll, rxgll32.dll, Dpgpobie.dll, vlequ32.dll, Fepjopcg.dll, hybx32.dll, ildtp32.dll, olefcblc.htm, Icmjif32.dll, tmwfx32.dll, Nlkkokka.dll, tlpjt32.dll, csrm32.dll, odeph32.dll, Oneokm32.dll, Gnlpfjid.dll, shnrc32.dll, cxer32.dll, Gacjkc32.dll, psmwm32.dll, Pcfkaolf.dll, qebkgmgk.htm, vshh32.dll, Iifoip32.dll, laajtl32.dll, Boegof32.dll, oglyqx32.dll, Jaimln32.dll, vpibgq32.dll, ybnel32.dll, Jjfalm32.dll, zquu32.dll, Djbjkpom.dll, fjlirh32.dll, xaqg32.dll, Kanocm32.dll, vnxvf32.dll, Olaafahi.dll, qquqo32.dll, feahn32.dll, Fhdjpe32.dll, Damqoq32.dll, nvaurr32.dll, zihz32.dll, Blnqbo32.dll, usil32.dll, Jmjegb32.dll, xkjct32.dll, Cdlmln32.dll, cibmcn32.dll, Jeololhb.dll, pyux32.dll, sjhae32.dll, djtkzv32.dll, Kbpnfo32.dll, Blcmki32.dll, koffmx32.dll, Npkeqo32.dll, ppckwh32.dll, xzfmm32.dll, bpjb32.dll, fsweqj32.dll, Pahclgcg.dll, Kipbin32.dll, pjjkcpdf.htm, reyn32.dll, vhlqyt32.dll, dsgr32.dll, Kgobfeaa.dll, Imjkhp32.dll, rldqg32.dll, Mphkah32.dll, ojluof32.dll, Iodbmd32.dll, jfcnb32.dll, xkuj32.dll, eefht32.dll, Infbfb32.dll, nnar32.dll, Bjcjafcp.dll, decqxi32.dll, nldaabfi.htm, rjulc32.dll, bmyjyq32.dll, Qapdgpjo.dll, xblhu32.dll, Omjofc32.dll, symb32.dll, vjzenc32.dll, Mdhjio32.dll, wmhkim32.dll, Fcpcbq32.dll, kuaw32.dll, Cdqmgdqm.dll, dytn32.dll, zmokv32.dll, Jjdfjaoe.dll, ueuxbv32.dll, Eeffhmcf.dll, ldaya32.dll, xpicvb32.dll, aflz32.dll, Mlngmiel.dll, okdmjq32.dll, anyuser@new.egg2.txt, Nhbdcibg.dll, noji32.dll, Cekkol32.dll, xwfv32.dll, Kfglac32.dll, rsmdeb32.dll, Hhmqin32.dll, hjfdhekj.htm, qtbwgx32.dll, iycvz32.dll, Qemmhagp.dll, Piaihjef.dll, vkspd32.dll, Fbnjoe32.dll, swgu32.dll, Bmbgob32.dll, muxx32.dll, xxkajd32.dll, mfwfhl32.dll, Nhpokm32.dll, vorhy32.dll, Hajpejbe.dll, ycuwiy32.dll, Gfcooa32.dll, rhfbtv32.dll, Acmjjb32.dll, kliz32.dll, oxncdu32.dll, Kakmnn32.dll, orxaej32.dll, pinbiofe.htm, sdcdj32.dll, Hhbmah32.dll, iqxfs32.dll, Blfoaipg.dll, kmkn32.dll, Imfgob32.dll, kjkvb32.dll, Biohcaio.dll, ukphd32.dll, Chgjobbi.dll, micth32.dll, clpdalkn.htm, Fpkhcpln.dll, fyjni32.dll, wphlrx32.dll, evtrp32.dll, Phliff32.dll, skgolo32.dll, system@new.egg2.txt, Canafoje.dll, lnvw32.dll, zbqtp32.dll, jyqz32.dll, Nnkjochc.dll, xdivhu32.dll, ajtey32.dll, Ngdgmd32.dll, Ifmahdcc.dll, olopt32.dll, rwbs32.dll, dmphdheg.htm, jpfrf32.dll, masu32.dll, Ombaoo32.dll, Epaajnel.dll, wrmkgi32.dll, fxbp32.dll, jcglaagp.htm, Mffjhg32.dll, rsjct32.dll, Fgdcni32.dll, sjtnth32.dll, yhbu32.dll, Jpaonl32.dll, xblni32.dll, bezm32.dll, Opeogggk.dll, pksimz32.dll, Pbdkpn32.dll, uwvpjh32.dll, avtk32.dll, Lakokf32.dll, blrep32.dll, gpnnodpq.htm, Idbpnomb.dll, gwrob32.dll, Ibjabcdm.dll, xnwmk32.dll, Ihgflkjp.dll, kfxslx32.dll, xaff32.dll, kvqqzv32.dll, Odfbjpbn.dll, wqyu32.dll, gutpxp32.dll, Haaoigfb.dll, kdmlqhba.htm, laio32.dll, iqylpx32.dll, Khfpje32.dll, fjkx32.dll, Ihakoa32.dll, tpcsgz32.dll, Efemjp32.dll, eyfq32.dll, Ckoeaeao.dll, txad32.dll, Anafnc32.dll, jlmt32.dll, aivho32.dll, Qmlgalji.dll, wxqeju32.dll, karm32.dll, Pkhhfljh.dll, Mmppeb32.dll, mxkh32.dll, rdag32.dll, Lodcpbjp.dll, qvzk32.dll, wbrxxe32.dll, hgftv32.dll, Kfcdnd32.dll, vlxo32.dll, anyuser@www.binbank1.txt, Nbiobg32.dll, zlbnbd32.dll, Caobmljm.dll, fqoilkjj.htm, mnddt32.dll, ljjgfbmj.htm, Pomcpifd.dll, zkbi32.dll, dktzv32.dll, Ecpihj32.dll, eqgla32.dll, Idacoc32.dll, sntiww32.dll, Dpjobmke.dll, sfgh32.dll, Blojlm32.dll, qdxnak32.dll, uocqe32.dll, Ehdcpi32.dll, scnx32.dll, Qccfdn32.dll, rfygun32.dll, Apkjob32.dll, yetvcc32.dll, yolj32.dll, Nokpilbk.dll, ykwbze32.dll, Ejccjd32.dll, oymoy32.dll, system@sprw.information1.txt, Dlfhifle.dll, ucxoiu32.dll, dkmqccon.htm, nloi32.dll, Qjlbeboi.dll, zyond32.dll, nfjhsw32.dll, Oacopjga.dll, Fbdnbgal.dll, system@casalemedia1.txt, system@revenue2.txt, tcxhx32.dll, Blpehbag.dll, igrn32.dll, ubzrt32.dll, eaem32.dll, Kpoiobdi.dll, bffkpecc.htm, Ckmjoa32.dll, upujsp32.dll, fzcs32.dll, micphjaa.htm, Omkebc32.dll, qdpun32.dll, Eqdlnbli.dll, jpras32.dll, Ekjqaa32.dll, pwpyud32.dll, Anjcfinq.dll, ctkskw32.dll, ogsx32.dll, Jmoehg32.dll, yvwozj32.dll, Ghklgplp.dll, trtzzq32.dll, Jgqqmm32.dll, lcpqr32.dll, uljs32.dll, Ckdnbf32.dll, eqhdvw32.dll, Fklcgoee.dll, wlcw32.dll, ehlmcdfo.htm, Knhndn32.dll, uyjz32.dll, Cfpjkd32.dll, onojz32.dll, Ckganqbl.dll, lspfhr32.dll, awzg32.dll, Ihamkj32.dll, taza32.dll, Necjhbpf.dll, scbhgk32.dll, anvzup32.dll, nide32.dll, Nlmhnf32.dll, hygf32.dll, Lcialdjn.dll, bgltj32.dll, Nmehha32.dll, bkmleana.htm, ohyo32.dll, Pgifdm32.dll, Baloqacf.dll, pvdzq32.dll, acqrcj32.dll, Nicgcqnm.dll, ohifh32.dll, Phnpic32.dll, wolnh32.dll, Bfalhgaj.dll, fvjyb32.dll, tacu32.dll, Lmjlieoh.dll, tohz32.dll, gyel32.dll, Lkibfijg.dll, rjrnz32.dll, system@casalemedia2.txt, fdof32.dll, Fecibjef.dll, xutvl32.dll, Dodjje32.dll, kyfr32.dll, ojsuag32.dll, Gbnjpd32.dll, ujdxiu32.dll, DCFBBDEI.exe, Flqbhl32.dll, kldujg32.dll, Nnklllam.exe, opqw32.dll, avla32.dll, Ndmlgllo.dll, garq32.dll, Hjcdbodm.dll, boot.sys, faxkbe32.dll, Fpiolf32.dll, wjui32.dll, Bkdakp32.dll, cpoqidml.htm, jccbuo32.dll, system@www.binbank1.txt, xpuwa32.dll, ecdsdh32.dll, lyvxmn32.dll, Ollhfqpd.dll, Ejalpc32.dll, rwty32.dll, gdgdnmno.htm, Mejemc32.dll, oswuy32.dll, wcrw32.dll, Cfjognoq.dll, yxbini32.dll, ezmdt32.dll, Fmammejk.dll, blps32.dll, Pkdngmal.dll, prifzr32.dll, Egpipb32.dll, exbkpo32.dll, voha32.dll, Aeknlmqa.dll, exzc32.dll, okccoigm.htm, pfyfx32.dll, Qmeooibk.dll  
WinXP Processes CMD.EXE, CSRSS.EXE, EXPLORER.EXE, LSASS.EXE, MSMSGS.EXE, SERVICES.EXE, SPOOLSV.EXE, SVCHOST.EXE, WINLOGON.EXE, iexplore.exe, Iexplore.exe, LOGONUI.EXE, DCFBBDEI.exe, dwwin.exe, Nnklllam.exe  
WinXP Registries HKEY_CURRENT_USER@...ActivatingDocument\.Current, HKEY_CURRENT_USER@...CurrentVersion\InternetSettings, HKEY_CURRENT_USER@...FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN, HKEY_CURRENT_USER@...InternetSettings\Zones, HKEY_CURRENT_USER@...Main\FeatureControl, HKEY_CURRENT_USER@...Microsoft\Windows, HKEY_CURRENT_USER@...Windows\CurrentVersion, HKEY_CURRENT_USER@...Zones\0, HKEY_CURRENT_USER@...Zones\1, HKEY_CURRENT_USER@...Zones\2, HKEY_CURRENT_USER@...Zones\3, HKEY_CURRENT_USER@...Zones\4, HKEY_LOCAL_MACHINE@...CurrentVersion\InternetSettings, HKEY_LOCAL_MACHINE@...InternetSettings\Zones, HKEY_LOCAL_MACHINE@...Reliability\UserDefined, HKEY_LOCAL_MACHINE@...Windows\CurrentVersion, HKEY_LOCAL_MACHINE@...Zones\0, HKEY_LOCAL_MACHINE@...Zones\1, HKEY_LOCAL_MACHINE@...Zones\2, HKEY_LOCAL_MACHINE@...Zones\3, HKEY_LOCAL_MACHINE@...Zones\4, HKEY_USERS@...ActivatingDocument\.Current, HKEY_USERS@...CurrentVersion\InternetSettings, HKEY_USERS@...Explorer\ActivatingDocument, HKEY_USERS@...Explorer\CabinetState, HKEY_USERS@...Explorer\RunMRU, HKEY_USERS@...FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN, HKEY_USERS@...InternetExplorer\Toolbar, HKEY_USERS@...InternetExplorer\TypedURLs, HKEY_USERS@...InternetSettings\Zones, HKEY_USERS@...Main\FeatureControl, HKEY_USERS@...Microsoft\Windows, HKEY_USERS@...Windows\CurrentVersion, HKEY_USERS@...Zones\0, HKEY_USERS@...Zones\1, HKEY_USERS@...Zones\2, HKEY_USERS@...Zones\3, HKEY_USERS@...Zones\4, HKEY_CURRENT_USER@...ActivatingDocument\\.Current, HKEY_CURRENT_USER@...CurrentVersion\\InternetSettings, HKEY_CURRENT_USER@...FeatureControl\\FEATURE_LOCALMACHINE_LOCKDOWN, HKEY_CURRENT_USER@...InternetSettings\\Zones, HKEY_CURRENT_USER@...Main\\FeatureControl, HKEY_CURRENT_USER@...Microsoft\\Windows, HKEY_CURRENT_USER@...Windows\\CurrentVersion, HKEY_CURRENT_USER@...Zones\\0, HKEY_CURRENT_USER@...Zones\\1, HKEY_CURRENT_USER@...Zones\\2, HKEY_CURRENT_USER@...Zones\\3, HKEY_CURRENT_USER@...Zones\\4, HKEY_LOCAL_MACHINE@...CurrentVersion\\InternetSettings, HKEY_LOCAL_MACHINE@...InternetSettings\\Zones, HKEY_LOCAL_MACHINE@...Reliability\\UserDefined, HKEY_LOCAL_MACHINE@...Windows\\CurrentVersion, HKEY_LOCAL_MACHINE@...Zones\\0, HKEY_LOCAL_MACHINE@...Zones\\1, HKEY_LOCAL_MACHINE@...Zones\\2, HKEY_LOCAL_MACHINE@...Zones\\3, HKEY_LOCAL_MACHINE@...Zones\\4, HKEY_USERS@...ActivatingDocument\\.Current, HKEY_USERS@...CurrentVersion\\InternetSettings, HKEY_USERS@...Explorer\\ActivatingDocument, HKEY_USERS@...Explorer\\CabinetState, HKEY_USERS@...Explorer\\RunMRU, HKEY_USERS@...FeatureControl\\FEATURE_LOCALMACHINE_LOCKDOWN, HKEY_USERS@...InternetExplorer\\Toolbar, HKEY_USERS@...InternetExplorer\\TypedURLs, HKEY_USERS@...InternetSettings\\Zones, HKEY_USERS@...Main\\FeatureControl, HKEY_USERS@...Microsoft\\Windows, HKEY_USERS@...Windows\\CurrentVersion, HKEY_USERS@...Zones\\0, HKEY_USERS@...Zones\\1, HKEY_USERS@...Zones\\2, HKEY_USERS@...Zones\\3, HKEY_USERS@...Zones\\4, HKEY_CURRENT_USER@...International\\CpMRU, HKEY_USERS@...International\\CpMRU, HKEY_USERS@...InternetExplorer\\International, HKEY_LOCAL_MACHINE@...Microsoft\\CodeStoreDatabase, HKEY_USERS@...5E6AB780-7743-11CF-A12B-00AA004AE837\\Count, HKEY_USERS@...75048700-EF1F-11D0-9888-006097DEACF9\\Count, HKEY_USERS@...Explorer\\UserAssist, HKEY_USERS@...InternetExplorer\\Media, HKEY_USERS@...Microsoft\\IEAK, HKEY_USERS@...Microsoft\\InternetConnectionWizard, HKEY_USERS@...UserAssist\\5E6AB780-7743-11CF-A12B-00AA004AE837, HKEY_USERS@...UserAssist\\75048700-EF1F-11D0-9888-006097DEACF9, HKEY_CURRENT_USER@...InternetExplorer\\Media  
WinXP Ports 80, 1035, 1086, 1030, 1046, 1376, 1029, 1044, 1091, 1038, 1037, 1109, 2587, 1045, 1060, 1047, 1042, 1096, 4781, 1039, 4386, 4438, 1059, 1975, 1103, 1043, 1090, 1040, 3065, 1857, 1028, 2541, 1036, 3925, 1517, 1093, 1057, 2271, 2922, 2000, 1080, 2925, 1034, 1049, 4271, 4966, 4358, 1102, 2143, 1110, 1032, 1061, 1074, 1033, 3224, 1368, 1549, 1534, 1137, 3152, 1048, 4535, 1063, 1087, 2768, 1058, 2383, 1869, 2496  
Win-2Kf Files  
Win-2Kf Processes  
Win-2Kf Registries  
Win-2Kf Ports  
Create Events  
Create Files  
Create RegKeys ofstkkqc 
Open RegKeys ofstkkqc 
Service Starts  
Service Deletes  
Service Creates  
Cluster  
Cluster Confidence  
Packer ID1 ASPack 
Packer ID2  
Embedded DNS chevychasebank.com, gronxplanets.ru, www.mdmbank.ru, fethard.biz, royalbank.com, securitylab.ru, tat-neftbank.ru, seclab.ru, openbank.com, gutabank.ru, www.b2b-trust.com, grepware-facility.ru, www.uralsib.ru, 53bank.com, totallyfreebanking.com, barclays.com, kidos-bank.ru, yambo.biz, prorat.net, www.ovk.ru, www.rbc.com, www.allahabadbank.com, online-business.lloydstsb.co.uk, myonlineaccounts2.abbeynational.co.uk, www.absolutbank.ru, www.netmagister.com, www.kmb.ru, www.spyinstructors.com, acrolein-hawk.rubanking.halifax-online.co.uk, www.icbank.ru, www.bankofindia.com, pizdabol-inc.ru, www.sbrf.ru, digital-relaxkgb.ru, asmworm.com, atmacasoft.com, www.uniastrum.ru, www.mmbank.ru, alfabank.ru, hyper-space-fuel.ru, www.cwbank.com, www.vtb.ru, www.cibc.com, www.bankofmadura.com, www.bmo.com, www.masterbank.ru, ebookfinaltrash.ru, master-x.com, www.bbin.ru, olb2.nationet.com, welcome3.smile.co.uk, www.baltbank.ru, new.egg.com, prodexteam.netcrutop.nu, www.proxy-socks.net, www.cbr.ru, prodexteam.net, chechenpress.info, siliconfireware.ru  
String Count 186 
String Link text
String MD5 88e8cdbe694936841446bc35acc14e66 
Timerange 365 Days 
Unpack Status unknown (unpacked : 0 : Unpacking Provided Binary. (Code,Data) = (71.02%, 15.78%)) 
Countries 17 
Unpacked Link none[3
Callgraph none:none 
API Resolution  
Comment none