| Packed MD5 | 3ae357d17b1d2e0174bf477c28422c29 |
| Priority | 30 |
| First | 03/23/2008 |
| Last | 08/27/2008 |
| Count | 170 |
| History | 170 hits: 01-01 to 08-27 |
| Unpacked MD5 | 462a7be1711f5bf66f112c3788350776 |
| AV Hits | 29 |
| AV Count | 32 |
| CC Servers | 194.54.90.246:80 |
| DNS Lookups | UA:citi-bank.ru US:adult-empire.com |
| Failed Connects | UA:194.54.90.246:80 |
| AV Name | AhnLab-V3:Korgo.9359.B, AntiVir:Korgo.X, Authentium:Korgo.W, Avast:_Korgo-T, AVG:Padobot.W, BitDefender:Korgo.W, CAT-QuickHeal:Korgo.X, ClamAV:Korgo.Y, DrWeb:Lsabot, eSafe:Korgo.ab, eTrust-Vet:Korgo.AB, Ewido:Dropper.Paradrop.a, FileAdvisor:MISSED, Fortinet:Korgo.X!worm, F-Prot:Korgo.W, F-Secure:MISSED, Ikarus:Korgo.K, Kaspersky:Padobot.gen, McAfee:Korgo.ab, Microsoft:Korgo.AB, NOD32v2:Korgo.Y, Norman:Malware.AGJ, Panda:Korgo.Z.worm, Prevx1:MISSED, Rising:MISSED, Sophos:Korgo-K, Sunbelt:Korgo, Symantec:Korgo.X, TheHacker:Korgo(2).gen.pack, VBA32:Padobot.gen, VirusBuster:Korgo.AB, Webwasher-Gateway:Korgo.X |
| WinXP Files | ftpupd.exe, jcfeypw.exe, jyhotomd.exe, yfrhsgc.exe, gqdzbiuw.exe, ozxbc.exe, prbsnn.exe, jtrepd.exe, otrev.exe, vvzgsrdw.exe, msjycbn.exe, zsqiqe.exe, wwfdjqg.exe, ckrgr.exe, jhqowf.exe, wumsrnhr.exe, jpykie.exe, ypfdmfqq.exe, okwdqrel.exe, dysmis.exe, ylokzza.exe, qczfml.exe, omalaw.exe, udigpe.exe, gszuzlsf.exe, fgzwjywm.exe, irhbe.exe, gzmhbxdz.exe, xyytfe.exe, xiflmfq.exe, vfwidw.exe, raotmgf.exe, ycllwo.exe, pbfecph.exe, qlukak.exe, phqghu.exe, yyvxgm.exe, orzqgvst.exe, mfmqgce.exe, pzoqvf.exe, catpt.exe, dmpqpi.exe, euznlu.exe, trnyev.exe, trxsgy.exe, stjhy.exe, weikazx.exe, nudhidpq.exe, xfdoiun.exe, fbklea.exe, ccskopbg.exe, qnxoboj.exe, wsijm.exe, hccfge.exe, neolkpu.exe, dxhlquyn.exe, wpuiy.exe, igkgrfeb.exe, cldfnt.exe, lishx.exe, akxriu.exe, hepqn.exe, qdbngjj.exe, benrsjka.exe, iyvnmi.exe, ffugzk.exe, bdzudcfn.exe, fyhzjk.exe, lmoms.exe, nvkglj.exe, vclcg.exe, vfcfjl.exe, ajkjjdx.exe, htzwcane.exe, tyffbry.exe, ynsev.exe, xzigq.exe, lqsvwl.exe, vmpwit.exe, rvfhgnpa.exe, sstnv.exe, fvsfklp.exe, qiash.exe, tqtlr.exe, kolvgf.exe, oyooqsvf.exe, zvpkc.exe, bwuufc.exe, egkjroo.exe, cyioksf.exe, dcmawano.exe, wgxssd.exe, wrfdgj.exe, giurux.exe, xoqvlu.exe, vklnx.exe, gvsysg.exe, tkayiw.exe, glnmx.exe, lyqhjs.exe, ktkatfko.exe, fwpnde.exe, xcwbwy.exe |
| WinXP Processes | CMD.EXE, CSRSS.EXE, EXPLORER.EXE, jcfeypw.exe, LSASS.EXE, MSMSGS.EXE, SERVICES.EXE, SPOOLSV.EXE, SVCHOST.EXE, WINLOGON.EXE, jyhotomd.exe, yfrhsgc.exe, gqdzbiuw.exe, ozxbc.exe, prbsnn.exe, otrev.exe, vvzgsrdw.exe, msjycbn.exe, wwfdjqg.exe, ckrgr.exe, wumsrnhr.exe, ypfdmfqq.exe, okwdqrel.exe, dysmis.exe, ylokzza.exe, qczfml.exe, udigpe.exe, gszuzlsf.exe, fgzwjywm.exe, irhbe.exe, gzmhbxdz.exe, xiflmfq.exe, vfwidw.exe, raotmgf.exe, ycllwo.exe, pbfecph.exe, yyvxgm.exe, orzqgvst.exe, mfmqgce.exe, catpt.exe, euznlu.exe, trxsgy.exe, stjhy.exe, weikazx.exe, nudhidpq.exe, xfdoiun.exe, fbklea.exe, ccskopbg.exe, qnxoboj.exe, wsijm.exe, neolkpu.exe, dxhlquyn.exe, wpuiy.exe, igkgrfeb.exe, lishx.exe, hepqn.exe, qdbngjj.exe, benrsjka.exe, ffugzk.exe, bdzudcfn.exe, lmoms.exe, vclcg.exe, ajkjjdx.exe, htzwcane.exe, tyffbry.exe, ynsev.exe, xzigq.exe, lqsvwl.exe, rvfhgnpa.exe, sstnv.exe, fvsfklp.exe, qiash.exe, tqtlr.exe, kolvgf.exe, oyooqsvf.exe, zvpkc.exe, bwuufc.exe, egkjroo.exe, cyioksf.exe, dcmawano.exe, wrfdgj.exe, giurux.exe, vklnx.exe, gvsysg.exe, glnmx.exe, lyqhjs.exe, ktkatfko.exe, fwpnde.exe |
| WinXP Registries | HKEY_LOCAL_MACHINE@...Microsoft\Wireless, HKEY_LOCAL_MACHINE@...Microsoft\\Wireless |
| WinXP Ports | 2382, 1065, 3984, 445, 3696, 6215, 2314, 7913, 2136, 1398, 1989, 6419, 1085, 2879, 4319, 4522, 2005, 1031, 4244, 2295, 2762, 2080, 3945, 2172, 691, 659, 2119, 1051, 5977, 2791, 6630, 5622, 4302, 747, 6687, 1785, 533, 3135, 5680, 6890, 1765, 309, 6306, 5707, 2061, 1048, 2133, 1215, 4421, 2856, 6714, 4310, 7164, 2695, 6447, 3434, 6050, 3882, 5034, 3373, 3238, 915, 7485, 979, 2571, 5534, 470, 5459, 7388, 1455, 4020, 3354, 4862, 289, 5811, 1043, 550, 3707, 3333, 1100, 5786, 1536, 7650, 1090, 4216, 4217, 5946, 547, 7333, 1044, 8176, 2989, 1175 |
| Win-2Kf Files | |
| Win-2Kf Processes | |
| Win-2Kf Registries | |
| Win-2Kf Ports | |
| Create Events | |
| Create Files | |
| Create RegKeys | ,Cryptographic Service,SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ID,Client |
| Open RegKeys | Cryptographic Service,SOFTWARE\Microsoft\Windows\CurrentVersion\Run,Software\Microsoft\Wireless,ID,Client |
| Service Starts | |
| Service Deletes | |
| Service Creates | |
| Cluster | |
| Cluster Confidence | |
| Packer ID1 | PolyEnE |
| Packer ID2 | |
| Embedded DNS | |
| String Count | 73 |
| String Link | text |
| String MD5 | 3a70b75f7716749943030c2edf6484c9 |
| Timerange | 365 Days |
| Unpack Status | good (unpacked : 0 : Unpacking Provided Binary. (Code,Data) = (70.32%, 18.52%)) |
| Countries | 19 |
| Unpacked Link | 462a7be171 [0] |
| Callgraph | ASM:Graph |
| API Resolution | 99% |
| Comment | none |