a12cab51ef99e98305668d189d0db147

Packed MD5	a12cab51ef99e98305668d189d0db147
Priority	25
First	05/18/2009
Last	10/17/2009
Count
History
Unpacked MD5
AV Hits	29
AV Count	32
CC Servers	82.98.86.170:80
DNS Lookups	DE:siliconfireware.ru US:searchportal.information.com US:spi.domainsponsor.com GB:new.egg.com :wpad GB:welcome3.smile.co.uk :www.proxy-socks.net EU:siliconfireware.ru RU:www.bbin.ru RU:www.binbank.ru DE:ebookfinaltrash.ru US:splegacy.information.com US:spt.information.com US:turing.oversee.net
Failed Connects	GB:195.92.84.198:80 DE:212.227.111.29:80 DE:217.11.54.126:80 EU:78.47.200.154:80 US:204.13.161.51:80 RU:195.200.213.54:80 US:208.73.210.123:80 US:208.73.210.125:80
AV Name	AhnLab-V3:Korgo.46592, AntiVir:Padobot.Z.2, Authentium:MISSED, Avast:_Padobot-I, AVG:Padobot.AR, BitDefender:Padobot.Z, CAT-QuickHeal:I-Padobot.z, ClamAV:Korgo.Z, DrWeb:HangUp.26, eSafe:Padobot.z, eTrust-Vet:Berkor.A, Ewido:Padobot.z, FileAdvisor:MISSED, Fortinet:Padobot.Z!worm, F-Prot:Berbew.M, F-Secure:MISSED, Ikarus:Padobot.Z, Kaspersky:Padobot.z, McAfee:MISSED, Microsoft:Berbew.BE!dam, NOD32v2:Padodor.NAU, Norman:Padobot.Q, Panda:Korgo.BF.worm, Prevx1:MISSED, Rising:MISSED, Sophos:Doxpar-C, Sunbelt:Padobot.gen, Symantec:Berbew.N, TheHacker:Padobot.z, VBA32:Padobot.z, VirusBuster:Padobot.B, Webwasher-Gateway:Padobot.Z.2
WinXP Files	DCPROMO.LOG, Hgdnjd32.dll, index.dat, mcqoh32.dll, miqghghm.htm, ndisrd.sys, qfdr32.dll, system@searchportal.information1.txt, aeeflodg.htm, dysr32.dll, Gbonpc32.dll, rdknam32.dll, Encimafm.dll, hbdahgjb.htm, njohz32.dll, anyuser@www.binbank1.txt, Ehileh32.dll, ihanoali.htm, itdj32.dll, nzsiq32.dll, anyuser@new.egg2.txt, Bbgdkd32.dll, csxzhl32.dll, dmmeiplc.htm, Ehdpbbgi.dll, fxinma32.dll, pclhkloa.htm, uldk32.dll, bziibt32.dll, hgeeeghb.htm, Ppjmgeem.dll, eciao32.dll, Ibfpfmip.dll, opneofih.htm, aiflieme.htm, Dbmaen32.dll, lxhi32.dll, djmkbkgk.htm, Olmnim32.dll, tawlol32.dll, mjombnci.htm, Oaphdh32.dll, yfflln32.dll, Fjebgg32.dll, imppngjc.htm, whpxbc32.dll, joafpmhg.htm, Qiglgonm.dll, vbhuv32.dll, bonadeij.htm, Ogenfede.dll, oopkgk32.dll, system@splegacy.information1.txt, Lemjklpl.dll, lmjq32.dll, ofkfjcbf.htm, wxrl32.dll, Bicbio32.dll, gganeejp.htm, kndll32.dll, ptskxz32.dll, idmxuw32.dll, Ifljqb32.dll, mbnplfmq.htm, vjftz32.dll, amopelbd.htm, hsioh32.dll, Jmhnbf32.dll, kusp32.dll, aphf32.dll, djzg32.dll, finjlcde.htm, Gejipj32.dll, iopfdmcf.htm, lflb32.dll, Odnaia32.dll, zuyzhc32.dll, dkpjpdbg.htm, Eeighohe.dll, efqmo32.dll, Mefcondk.dll, nplbbhcn.htm, nrua32.dll, vaoc32.dll, lzwg32.dll, mkcpncfp.htm, Nlbkbhaj.dll, xkbjno32.dll, egjgfedk.htm, gaiho32.dll, Jedfdi32.dll, Dcgdendm.dll, dtmha32.dll, jpallpgc.htm, pfutvz32.dll, ahbaggbh.htm, Ddgfeemp.dll, ixbi32.dll, jsweq32.dll, aohaea32.dll, Ffbfejop.dll, oebpdjko.htm, pduy32.dll, dihgggbh.htm, Eeehdd32.dll, xaybwm32.dll, daicjplj.htm, Dbihgemn.dll, gzxw32.dll, pdmbfpbb.htm, Phaommog.dll, vtdy32.dll, Bcebgf32.dll, imggecgc.htm, pgqk32.dll, vvblfe32.dll, ckikhphe.htm, Ljgfmi32.dll, sbohpl32.dll, Babalhji.dll, jhhnanja.htm, zsfavk32.dll, bbeimmdp.htm, ojka32.dll, Opknie32.dll, fdnlt32.dll, heqfiopa.htm, ipao32.dll, Plpppk32.dll, system@searchportal.information2.txt, Dolpka32.dll, eodehoke.htm, lcxvs32.dll, zzktvu32.dll, DCFBBDEI.exe, Ekcqam32.exe, Mfpbnile.dll, ocdu32.dll, alpcehji.htm, gnns32.dll, Hgcbaf32.dll, loiolc32.dll, lkalcffh.htm, Peghakjh.dll, yajdqq32.dll, bkjekebl.htm, etgnj32.dll, Kgfiha32.dll, bnmdcnbh.htm, duxp32.dll, Jalloh32.dll, imfkejjb.htm, kvak32.dll, Ngmang32.dll, nnjcnmmc.htm, Ppholoim.dll, uqvmw32.dll, ybhoav32.dll, aefegnjf.htm, Odkdaq32.dll, qskvk32.dll, tdxx32.dll, Blckdf32.dll, ciqgmaqk.htm, rshq32.dll, kaku32.dll, Lfqdefdk.dll, lgjodcfh.htm, Gdfdfmjf.dll, nogkiama.htm, qowwpk32.dll, brokl32.dll, eoklahfl.htm, Ifnkom32.dll, igoql32.dll, fcjpjkcg.htm, jzxwsa32.dll, Ojnafmcn.dll, yvpc32.dll, Cemnihbk.dll, eeezsq32.dll, iprkp32.dll, kdkhjdhh.htm, Bmnhpdkh.dll, efbqeban.htm, trwalm32.dll, Aaocokde.dll, atse32.dll, jpompmlh.htm, oylrji32.dll, cqejn32.dll, jeepou32.dll, oadjdglb.htm, Qfolkcfi.dll, cqkdd32.dll, hoacp32.dll, Jmpmhd32.dll, kmbfegfb.htm, kaqz32.dll, olpccmhf.htm, Qnlica32.dll, Daaocl32.dll, eojfinlk.htm, wxvu32.dll, zaixt32.dll, Hcjmhj32.dll, kmpqafmm.htm, pwou32.dll, system@spt.information2.txt, Ddllfhie.dll, ecfeth32.dll, jivdod32.dll, occfdipo.htm, Aedmmo32.dll, gjddqo32.dll, hchdkmpp.htm, kmig32.dll, Blcjna32.dll, mpnnlcch.htm, phvnb32.dll, Gbehgh32.dll, nagjqefc.htm, qzcp32.dll, xnuus32.dll, ahfflhqa.htm, Emkgfn32.dll, joblnq32.dll, xtuys32.dll, Hdafgfgp.dll, kbqn32.dll, njhjbpjp.htm, amhxqs32.dll, bjhfafbp.htm, Enmipb32.dll, labhqlmm.htm, mkiwi32.dll, Pliniadc.dll, yepbdg32.dll, hmkkaejj.htm, Lgmike32.dll, zukzqk32.dll, bmllz32.dll, fxqo32.dll, gjbeomnk.htm, Ojjpfj32.dll, ebmb32.dll, emgkdafh.htm, Kmlddnnm.dll, nkhlbv32.dll, Bioealem.dll, lkrn32.dll, ocekiogp.htm, ebffjhpo.htm, igzgyr32.dll, lrmic32.dll, Pcfokifi.dll, Aemfahhj.dll, fzpzp32.dll, goepojic.htm, pqzfe32.dll
WinXP Processes	CMD.EXE, CSRSS.EXE, EXPLORER.EXE, LSASS.EXE, MSMSGS.EXE, SERVICES.EXE, SPOOLSV.EXE, SVCHOST.EXE, WINLOGON.EXE, iexplore.exe, DCFBBDEI.exe, dwwin.exe, Ekcqam32.exe, Iexplore.exe
WinXP Registries	HKEY_CURRENT_USER@...ActivatingDocument\\.Current, HKEY_CURRENT_USER@...CurrentVersion\\InternetSettings, HKEY_CURRENT_USER@...FeatureControl\\FEATURE_LOCALMACHINE_LOCKDOWN, HKEY_CURRENT_USER@...InternetSettings\\Zones, HKEY_CURRENT_USER@...Main\\FeatureControl, HKEY_CURRENT_USER@...Microsoft\\Windows, HKEY_CURRENT_USER@...Windows\\CurrentVersion, HKEY_CURRENT_USER@...Zones\\0, HKEY_CURRENT_USER@...Zones\\1, HKEY_CURRENT_USER@...Zones\\2, HKEY_CURRENT_USER@...Zones\\3, HKEY_CURRENT_USER@...Zones\\4, HKEY_LOCAL_MACHINE@...CurrentVersion\\InternetSettings, HKEY_LOCAL_MACHINE@...InternetSettings\\Zones, HKEY_LOCAL_MACHINE@...Reliability\\UserDefined, HKEY_LOCAL_MACHINE@...Windows\\CurrentVersion, HKEY_LOCAL_MACHINE@...Zones\\0, HKEY_LOCAL_MACHINE@...Zones\\1, HKEY_LOCAL_MACHINE@...Zones\\2, HKEY_LOCAL_MACHINE@...Zones\\3, HKEY_LOCAL_MACHINE@...Zones\\4, HKEY_USERS@...ActivatingDocument\\.Current, HKEY_USERS@...CurrentVersion\\InternetSettings, HKEY_USERS@...Explorer\\ActivatingDocument, HKEY_USERS@...Explorer\\CabinetState, HKEY_USERS@...Explorer\\RunMRU, HKEY_USERS@...FeatureControl\\FEATURE_LOCALMACHINE_LOCKDOWN, HKEY_USERS@...InternetExplorer\\Toolbar, HKEY_USERS@...InternetExplorer\\TypedURLs, HKEY_USERS@...InternetSettings\\Zones, HKEY_USERS@...Main\\FeatureControl, HKEY_USERS@...Microsoft\\Windows, HKEY_USERS@...Windows\\CurrentVersion, HKEY_USERS@...Zones\\0, HKEY_USERS@...Zones\\1, HKEY_USERS@...Zones\\2, HKEY_USERS@...Zones\\3, HKEY_USERS@...Zones\\4, HKEY_USERS@...International\\CpMRU, HKEY_USERS@...InternetExplorer\\International, HKEY_CURRENT_USER@...International\\CpMRU
WinXP Ports	80, 1962, 1036, 2733, 1029, 1042, 1030, 1047, 1035, 1046, 1044, 1060, 1032, 1048, 1866, 4248, 1034, 1037, 1039, 1043, 4257, 2832, 1045, 4481, 1038, 1058, 4231, 1828, 1041, 1084, 1051, 1067, 2155, 4967, 2179, 4259, 1098, 3971, 1543, 1028, 1059, 2398, 2416, 3082, 1088, 4740, 2830
Win-2Kf Files
Win-2Kf Processes
Win-2Kf Registries
Win-2Kf Ports
Create Events
Create Files
Create RegKeys
Open RegKeys
Service Starts
Service Deletes
Service Creates
Cluster
Cluster Confidence
Packer ID1	ASPack
Packer ID2
Embedded DNS	command.com, chevychasebank.com, gronxplanets.ru, www.mdmbank.ru, fethard.biz, royalbank.com, securitylab.ru, tat-neftbank.ru, seclab.ru, openbank.com, gutabank.ru, www.b2b-trust.com, grepware-facility.ru, www.uralsib.ru, 53bank.com, totallyfreebanking.com, barclays.com, kidos-bank.ru, yambo.biz, prorat.net, www.ovk.ru, www.rbc.com, www.allahabadbank.com, online-business.lloydstsb.co.uk, myonlineaccounts2.abbeynational.co.uk, www.absolutbank.ru, www.nomos.ru, www.netmagister.com, www.kmb.ru, www.spyinstructors.com, acrolein-hawk.rubanking.halifax-online.co.uk, www.icbank.ru, www.bankofindia.com, pizdabol-inc.ru, www.sbrf.ru, digital-relaxkgb.ru, asmworm.com, www.uniastrum.ru, www.mmbank.ru, alfabank.ru, hyper-space-fuel.ru, www.cwbank.com, www.vtb.ru, www.cibc.com, www.bankofmadura.com, www.bmo.com, www.masterbank.ru, ebookfinaltrash.ru, master-x.com, www.bbin.ru, olb2.nationet.com, welcome3.smile.co.uk, www.baltbank.ru, new.egg.com, prodexteam.netcrutop.nu, www.proxy-socks.net, www.cbr.ru, prodexteam.net, atmacasoft.com, siliconfireware.ru
String Count	281
String Link	text
String MD5	bcce4122120c34e6976c99de21cfa230
Timerange	365 Days
Unpack Status	unknown (unpacked : 0 : Unpacking Provided Binary. (Code,Data) = (68.44%, 20.00%))
Countries	10
Unpacked Link
Callgraph
API Resolution
Comment	none