| Packed MD5 | 7dd1fe297017eb28b383b453288f6338 |
| Priority | 2 |
| First | 03/12/2008 |
| Last | 08/19/2008 |
| Count | 18 |
| History | 18 hits: 02-03 to 08-19 |
| Unpacked MD5 | dcc673c8157d6b9510525caebdc8990c |
| AV Hits | 30 |
| AV Count | 32 |
| CC Servers | |
| DNS Lookups | DE:siliconfireware.ru UA:vit.ln.ua :baner.vit DE:ebookfinaltrash.ru :wpad EU:siliconfireware.ru :www.proxy-socks.net GB:welcome3.smile.co.uk US:searchportal.information.com US:ads1.revenue.net US:spi.domainsponsor.com :adserving.cpxinteractive.com :ad.yieldmanager.com US:sprw.information.com GB:new.egg.com |
| Failed Connects | DE:212.227.111.29:80 DE:217.11.54.126:80 EU:78.47.200.154:80 UA:195.189.16.10:80 GB:195.92.84.198:80 76.13.212.11:80 US:208.73.212.12:80 |
| AV Name | AhnLab-V3:IRCBot.variant, AntiVir:Padobot.AB, Authentium:Protoride.IO, Avast:MISSED, AVG:Padobot.CI, BitDefender:Generic.Malware.SFWX!V.3D65199A, CAT-QuickHeal:I-Padobot.ab, ClamAV:Padobot-15, DrWeb:MulDrop.3649, eSafe:Padobot.ab, eTrust-Vet:VMalum.COB, Ewido:Dropper.Small, FileAdvisor:MISSED, Fortinet:BDoor.AXJ!tr.bdr, F-Prot:Protoride.IO, F-Secure:Padobot.ab, Ikarus:Trojan-Downloader.Small.AIP, Kaspersky:Padobot.ab, McAfee:BackDoor-AXJ, Microsoft:Berbew!426F, NOD32v2:Spy.Qukart, Norman:Padobot.DD, Panda:Korgo.BV.worm, Prevx1:Malware.Gen, Rising:Padobot.ba, Sophos:Doxpar-C, Sunbelt:Padobot.ab, Symantec:Dropper, TheHacker:Padobot.ab, VBA32:MISSED, VirusBuster:MISSED, Webwasher-Gateway:Padobot.AB |
| WinXP Files | DCPROMO.LOG, ndisrd.sys, Opkeja32.dll, pxyl32.dll, jkuvxl32.dll, Onhcca32.dll, dbric32.dll, Kdfcjalc.dll, Jkkgipnc.dll, poedvg32.dll, akipp32.dll, Hoeaoo32.dll, index.dat, system@new.egg2.txt, system@sprw.information1.txt, dksena32.dll, Ehgaad32.dll, peaj32.dll, gdhhsv32.dll, hmbjix32.dll, Kbbepq32.dll, system@searchportal.information1.txt, akbc32.dll, Gepddadg.dll, rays32.dll |
| WinXP Processes | CMD.EXE, CSRSS.EXE, EXPLORER.EXE, Iexplore.exe, LSASS.EXE, MSMSGS.EXE, SERVICES.EXE, SPOOLSV.EXE, SVCHOST.EXE, WINLOGON.EXE, iexplore.exe |
| WinXP Registries | HKEY_CURRENT_USER@...ActivatingDocument\.Current, HKEY_CURRENT_USER@...CurrentVersion\InternetSettings, HKEY_CURRENT_USER@...FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN, HKEY_CURRENT_USER@...International\CpMRU, HKEY_CURRENT_USER@...InternetSettings\Zones, HKEY_CURRENT_USER@...Main\FeatureControl, HKEY_CURRENT_USER@...Microsoft\Windows, HKEY_CURRENT_USER@...Windows\CurrentVersion, HKEY_CURRENT_USER@...Zones\0, HKEY_CURRENT_USER@...Zones\1, HKEY_CURRENT_USER@...Zones\2, HKEY_CURRENT_USER@...Zones\3, HKEY_CURRENT_USER@...Zones\4, HKEY_LOCAL_MACHINE@...CurrentVersion\InternetSettings, HKEY_LOCAL_MACHINE@...InternetSettings\Zones, HKEY_LOCAL_MACHINE@...Reliability\UserDefined, HKEY_LOCAL_MACHINE@...Windows\CurrentVersion, HKEY_LOCAL_MACHINE@...Zones\0, HKEY_LOCAL_MACHINE@...Zones\1, HKEY_LOCAL_MACHINE@...Zones\2, HKEY_LOCAL_MACHINE@...Zones\3, HKEY_LOCAL_MACHINE@...Zones\4, HKEY_USERS@...ActivatingDocument\.Current, HKEY_USERS@...CurrentVersion\InternetSettings, HKEY_USERS@...Explorer\ActivatingDocument, HKEY_USERS@...Explorer\CabinetState, HKEY_USERS@...Explorer\RunMRU, HKEY_USERS@...FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN, HKEY_USERS@...International\CpMRU, HKEY_USERS@...InternetExplorer\International, HKEY_USERS@...InternetExplorer\Toolbar, HKEY_USERS@...InternetExplorer\TypedURLs, HKEY_USERS@...InternetSettings\Zones, HKEY_USERS@...Main\FeatureControl, HKEY_USERS@...Microsoft\IEAK, HKEY_USERS@...Microsoft\InternetConnectionWizard, HKEY_USERS@...Microsoft\Windows, HKEY_USERS@...Windows\CurrentVersion, HKEY_USERS@...Zones\0, HKEY_USERS@...Zones\1, HKEY_USERS@...Zones\2, HKEY_USERS@...Zones\3, HKEY_USERS@...Zones\4, HKEY_CURRENT_USER@...ActivatingDocument\\.Current, HKEY_CURRENT_USER@...CurrentVersion\\InternetSettings, HKEY_CURRENT_USER@...FeatureControl\\FEATURE_LOCALMACHINE_LOCKDOWN, HKEY_CURRENT_USER@...International\\CpMRU, HKEY_CURRENT_USER@...InternetSettings\\Zones, HKEY_CURRENT_USER@...Main\\FeatureControl, HKEY_CURRENT_USER@...Microsoft\\Windows, HKEY_CURRENT_USER@...Windows\\CurrentVersion, HKEY_CURRENT_USER@...Zones\\0, HKEY_CURRENT_USER@...Zones\\1, HKEY_CURRENT_USER@...Zones\\2, HKEY_CURRENT_USER@...Zones\\3, HKEY_CURRENT_USER@...Zones\\4, HKEY_LOCAL_MACHINE@...CurrentVersion\\InternetSettings, HKEY_LOCAL_MACHINE@...InternetSettings\\Zones, HKEY_LOCAL_MACHINE@...Reliability\\UserDefined, HKEY_LOCAL_MACHINE@...Windows\\CurrentVersion, HKEY_LOCAL_MACHINE@...Zones\\0, HKEY_LOCAL_MACHINE@...Zones\\1, HKEY_LOCAL_MACHINE@...Zones\\2, HKEY_LOCAL_MACHINE@...Zones\\3, HKEY_LOCAL_MACHINE@...Zones\\4, HKEY_USERS@...ActivatingDocument\\.Current, HKEY_USERS@...CurrentVersion\\InternetSettings, HKEY_USERS@...Explorer\\ActivatingDocument, HKEY_USERS@...Explorer\\CabinetState, HKEY_USERS@...Explorer\\RunMRU, HKEY_USERS@...FeatureControl\\FEATURE_LOCALMACHINE_LOCKDOWN, HKEY_USERS@...International\\CpMRU, HKEY_USERS@...InternetExplorer\\International, HKEY_USERS@...InternetExplorer\\Toolbar, HKEY_USERS@...InternetExplorer\\TypedURLs, HKEY_USERS@...InternetSettings\\Zones, HKEY_USERS@...Main\\FeatureControl, HKEY_USERS@...Microsoft\\IEAK, HKEY_USERS@...Microsoft\\InternetConnectionWizard, HKEY_USERS@...Microsoft\\Windows, HKEY_USERS@...Windows\\CurrentVersion, HKEY_USERS@...Zones\\0, HKEY_USERS@...Zones\\1, HKEY_USERS@...Zones\\2, HKEY_USERS@...Zones\\3, HKEY_USERS@...Zones\\4, HKEY_CURRENT_USER@...InternetExplorer\\Media, HKEY_USERS@...InternetExplorer\\Media |
| WinXP Ports | 80, 1039, 1719, 3493, 1028, 4621, 1033, 1049, 2030, 3379, 1038, 4529 |
| Win-2Kf Files | |
| Win-2Kf Processes | |
| Win-2Kf Registries | |
| Win-2Kf Ports | |
| Create Events | |
| Create Files | |
| Create RegKeys | ofstkkq,Software\Microsoft\Windows,ofstkkqc,KKQHOOK |
| Open RegKeys | ofstkkq,Software\Microsoft\Windows,ofstkkqc,KKQHOOK |
| Service Starts | |
| Service Deletes | |
| Service Creates | |
| Cluster | |
| Cluster Confidence | |
| Packer ID1 | ASPack |
| Packer ID2 | |
| Embedded DNS | chevychasebank.com, gronxplanets.ru, www.mdmbank.ru, fethard.biz, royalbank.com, securitylab.ru, tat-neftbank.ru, seclab.ru, openbank.com, gutabank.ru, www.b2b-trust.com, grepware-facility.ru, www.uralsib.ru, 53bank.com, totallyfreebanking.com, barclays.com, kidos-bank.ru, yambo.biz, prorat.net, www.ovk.ru, www.rbc.com, www.allahabadbank.com, online-business.lloydstsb.co.uk, myonlineaccounts2.abbeynational.co.uk, www.absolutbank.ru, www.netmagister.com, www.kmb.ru, www.spyinstructors.com, acrolein-hawk.rubanking.halifax-online.co.uk, www.icbank.ru, www.bankofindia.com, pizdabol-inc.ru, www.sbrf.ru, digital-relaxkgb.ru, asmworm.com, atmacasoft.com, www.uniastrum.ru, www.mmbank.ru, alfabank.ru, hyper-space-fuel.ru, www.cwbank.com, www.vtb.ru, www.cibc.com, www.bankofmadura.com, www.bmo.com, www.masterbank.ru, ebookfinaltrash.ru, master-x.com, www.bbin.ru, olb2.nationet.com, welcome3.smile.co.uk, www.baltbank.ru, new.egg.com, prodexteam.netcrutop.nu, www.proxy-socks.net, www.cbr.ru, prodexteam.net, chechenpress.info, siliconfireware.ru |
| String Count | 374 |
| String Link | text |
| String MD5 | 9b2844e8e86447784b2cb445beaf9af2 |
| Timerange | 365 Days |
| Unpack Status | good (unpacked : 0 : Unpacking Provided Binary. (Code,Data) = (71.23%, 16.84%)) |
| Countries | 1 |
| Unpacked Link | dcc673c815 [0] |
| Callgraph | ASM:Graph |
| API Resolution | 72% |
| Comment | none |