| Packed MD5 | 3a813df3eda223b75d9e51a0941b156f |
| Priority | 1 |
| First | 03/11/2008 |
| Last | 08/24/2008 |
| Count | 6 |
| History | 6 hits: 02-04 to 08-24 |
| Unpacked MD5 | 7759abbf552d1441aff8897537b399f6 |
| AV Hits | 28 |
| AV Count | 32 |
| CC Servers | |
| DNS Lookups | RU:moscow-advokat.ru |
| Failed Connects | RU:194.6.222.11:6667 |
| AV Name | AhnLab-V3:Korgo.11391, AntiVir:Korgo.AF, Authentium:Korgo.S, Avast:_Korgo-S, AVG:Padobot.S, BitDefender:Korgo.T, CAT-QuickHeal:Korgo.S, ClamAV:Padobot.N, DrWeb:Lsabot, eSafe:MISSED, eTrust-Vet:Korgo.S, Ewido:Padobot.n, FileAdvisor:MISSED, Fortinet:Korgo.S!tr, F-Prot:Korgo.S, F-Secure:MISSED, Ikarus:Korgo.N, Kaspersky:Padobot.n, McAfee:Korgo.s, Microsoft:Korgo.S, NOD32v2:Korgo.U, Norman:Korgo.U, Panda:Korgo.AR.worm, Prevx1:MISSED, Rising:MISSED, Sophos:Korgo-S, Sunbelt:Korgo.S, Symantec:Korgo.S, TheHacker:Korgo.gen, VBA32:MISSED, VirusBuster:Korgo.U, Webwasher-Gateway:Korgo.AF |
| WinXP Files | ftpupd.exe, thesq.exe, ibbxmkp.exe, uccbokx.exe |
| WinXP Processes | CMD.EXE, CSRSS.EXE, EXPLORER.EXE, LSASS.EXE, MSMSGS.EXE, SERVICES.EXE, SPOOLSV.EXE, SVCHOST.EXE, thesq.exe, WINLOGON.EXE, ibbxmkp.exe, uccbokx.exe |
| WinXP Registries | HKEY_LOCAL_MACHINE@...Microsoft\Wireless, HKEY_LOCAL_MACHINE@...Microsoft\\Wireless |
| WinXP Ports | 113, 1546, 3067, 3182, 6788 |
| Win-2Kf Files | |
| Win-2Kf Processes | |
| Win-2Kf Registries | |
| Win-2Kf Ports | |
| Create Events | |
| Create Files | |
| Create RegKeys | .exe,System Update,SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ID,Client |
| Open RegKeys | System Update,SOFTWARE\Microsoft\Windows\CurrentVersion\Run,Software\Microsoft\Wireless,ID,Client |
| Service Starts | |
| Service Deletes | |
| Service Creates | |
| Cluster | |
| Cluster Confidence | |
| Packer ID1 | PolyEnE |
| Packer ID2 | |
| Embedded DNS | qis.md.us.dal.net, ced.dal.net, viking.dal.net, vancouver.dal.net, ozbytes.dal.net, broadway.ny.us.dal.net, coins.dal.net, lulea.se.eu.undernet.org, diemen.nl.eu.undernet.org, gaspode.zanet.org.za, lia.zanet.net, london.uk.eu.undernet.org, washington.dc.us.undernet.org, los-angeles.ca.us.undernet.org, brussels.be.eu.undernet.org, caen.fr.eu.undernet.org, flanders.be.eu.undernet.org, graz.at.eu.undernet.org, moscow-advokat.ru |
| String Count | 93 |
| String Link | text |
| String MD5 | b3ff4983d397cadd298d04b0c63e704d |
| Timerange | 365 Days |
| Unpack Status | good (unpacked : 0 : Unpacking Provided Binary. (Code,Data) = (73.53%, 13.26%)) |
| Countries | 3 |
| Unpacked Link | 7759abbf55 [0] |
| Callgraph | ASM:Graph |
| API Resolution | 100% |
| Comment | none |