| Packed MD5 | d42c1cc7c02828c4ca6065d2bce714c2 |
| Priority | 29 |
| First | 03/15/2008 |
| Last | 08/27/2008 |
| Count | 128 |
| History | 128 hits: 01-01 to 08-27 |
| Unpacked MD5 | af9ca5bed1a2eddda4d9eee5589d9186 |
| AV Hits | 29 |
| AV Count | 32 |
| CC Servers | |
| DNS Lookups | UA:citi-bank.ru DE:kidos-bank.ru EU:kidos-bank.ru |
| Failed Connects | UA:194.54.90.246:80 |
| AV Name | AhnLab-V3:Korgo.9343.C, AntiVir:Korgo.AE, Authentium:Korgo.P, Avast:_Korgo-P, AVG:Padobot.P, BitDefender:Korgo.X, CAT-QuickHeal:Padobot, ClamAV:Padobot.G, DrWeb:Lsabot, eSafe:Korgo.p, eTrust-Vet:Korgo.P, Ewido:Padobot.g, FileAdvisor:MISSED, Fortinet:Korgo.I, F-Prot:Korgo.P, F-Secure:MISSED, Ikarus:Korgo.P, Kaspersky:Padobot.g, McAfee:Korgo.p, Microsoft:Korgo.P, NOD32v2:Korgo.P, Norman:Horst.gen33, Panda:Korgo.N.worm, Prevx1:MISSED, Rising:MISSED, Sophos:Korgo-P, Sunbelt:Korgo, Symantec:Korgo.P, TheHacker:Korgo.P, VBA32:Padobot.g, VirusBuster:Korgo.P, Webwasher-Gateway:Korgo.AE |
| WinXP Files | ftpupd.exe, vlkna.exe, uoleq.exe, suvqv.exe, phqghu.exe, uyevyz.exe, qxtmlcgd.exe, hshlfczt.exe, lvmlb.exe, gwdoapbr.exe, lfpkzp.exe, hsehmv.exe, cbmuzed.exe, uuamteeq.exe, umlbchf.exe, bgottqal.exe, vwkndm.exe, rhwaidqj.exe, bkjeagiv.exe, rhjxo.exe, mprap.exe, anwzod.exe, irnrisr.exe, ovxvoev.exe, gdrtrzhr.exe, nbuqn.exe, atlsyllr.exe, uwlkoba.exe, mzalboad.exe, mljqkvi.exe, gycmpg.exe, scjabkf.exe, dcyew.exe, umpoafga.exe, cknakz.exe, fohau.exe, wdzhhmye.exe, bdggik.exe, ryond.exe, dtfip.exe, eqyiiet.exe, ajhcra.exe, dnwnoqbm.exe, fjoktcoq.exe, kdcphmfw.exe, ekzuowzt.exe, cbxfcfw.exe, hnkwy.exe, zfzev.exe, xerptu.exe, rtbnsdvo.exe, kgyix.exe, rmmqnkop.exe, yjksp.exe, bcegwn.exe, eawmka.exe, shnssg.exe, jnxmqcw.exe, bghdoir.exe, zufvlqc.exe, llhemhft.exe, jasgcmai.exe, uszsupe.exe, gbxjadjj.exe, uphjzhfv.exe, qwjemftk.exe, qgpdszne.exe, fzahpc.exe, ggzhv.exe, axdda.exe, dorhejmt.exe, hoitai.exe, ztztvgl.exe, xnaihcs.exe, gmjyp.exe, oqfybmq.exe |
| WinXP Processes | CMD.EXE, CSRSS.EXE, EXPLORER.EXE, LSASS.EXE, MSMSGS.EXE, SERVICES.EXE, SPOOLSV.EXE, SVCHOST.EXE, vlkna.exe, WINLOGON.EXE, uoleq.exe, suvqv.exe, uyevyz.exe, qxtmlcgd.exe, hshlfczt.exe, lvmlb.exe, gwdoapbr.exe, lfpkzp.exe, hsehmv.exe, cbmuzed.exe, uuamteeq.exe, umlbchf.exe, bgottqal.exe, vwkndm.exe, rhwaidqj.exe, bkjeagiv.exe, rhjxo.exe, mprap.exe, anwzod.exe, irnrisr.exe, ovxvoev.exe, gdrtrzhr.exe, nbuqn.exe, atlsyllr.exe, uwlkoba.exe, ftpupd.exe, mzalboad.exe, mljqkvi.exe, gycmpg.exe, scjabkf.exe, dcyew.exe, umpoafga.exe, cknakz.exe, fohau.exe, wdzhhmye.exe, bdggik.exe, ryond.exe, dtfip.exe, eqyiiet.exe, ajhcra.exe, dnwnoqbm.exe, fjoktcoq.exe, kdcphmfw.exe, defrag.exe, DfrgFat.exe, ekzuowzt.exe, cbxfcfw.exe, hnkwy.exe, zfzev.exe, xerptu.exe, rtbnsdvo.exe, kgyix.exe, rmmqnkop.exe, yjksp.exe, bcegwn.exe, eawmka.exe, shnssg.exe, jnxmqcw.exe, bghdoir.exe, zufvlqc.exe, llhemhft.exe, jasgcmai.exe, uszsupe.exe, gbxjadjj.exe, uphjzhfv.exe, qwjemftk.exe, qgpdszne.exe, fzahpc.exe, ggzhv.exe, axdda.exe, dorhejmt.exe, hoitai.exe, ztztvgl.exe, xnaihcs.exe, gmjyp.exe, oqfybmq.exe |
| WinXP Registries | HKEY_LOCAL_MACHINE@...Microsoft\Wireless, HKEY_LOCAL_MACHINE@...Microsoft\\Wireless |
| WinXP Ports | 1041, 1041, 5943, 5354, 1871, 6339, 2011, 7063, 1031, 7624, 7289, 7112, 1055, 6557, 5302, 2906, 4520, 4626, 6536, 1263, 1265, 7372, 3800, 6241, 4860, 464, 7559, 7083, 1352, 4560, 3023, 4763, 819, 6002, 4586, 7877, 4997, 5193, 4117, 5524, 1528, 4018, 2273, 445, 7288, 4099, 619, 1156, 7589, 7440, 7177, 782, 1552, 4638, 7136, 3190, 3612, 1561, 3963, 2786, 3782, 4360, 7411, 6845, 4093, 1058, 2644, 7367, 3414, 964, 4421, 5210, 6900, 3580, 7817, 671, 7371, 7955, 3680, 4830, 7733, 5415, 5810, 6075, 4931, 3482 |
| Win-2Kf Files | |
| Win-2Kf Processes | |
| Win-2Kf Registries | |
| Win-2Kf Ports | |
| Create Events | |
| Create Files | |
| Create RegKeys | .exe,Windows Update,SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ID,Client |
| Open RegKeys | Windows Update,SOFTWARE\Microsoft\Windows\CurrentVersion\Run,Software\Microsoft\Wireless,ID,Client |
| Service Starts | |
| Service Deletes | |
| Service Creates | |
| Cluster | |
| Cluster Confidence | |
| Packer ID1 | PolyEnE |
| Packer ID2 | |
| Embedded DNS | |
| String Count | 54 |
| String Link | text |
| String MD5 | d1496f1674936d28f0023a8856a7a590 |
| Timerange | 365 Days |
| Unpack Status | good (unpacked : 0 : Unpacking Provided Binary. (Code,Data) = (68.94%, 18.81%)) |
| Countries | 17 |
| Unpacked Link | af9ca5bed1 [0] |
| Callgraph | ASM:Graph |
| API Resolution | 100% |
| Comment | none |