70ec5c4b3ff662232eacb0192fae42ac

Packed MD5	70ec5c4b3ff662232eacb0192fae42ac
Priority	3
First	06/10/2009
Last	10/30/2009
Count
History
Unpacked MD5	f697adabdd53dcb4af031616c2fba0a5
AV Hits	39
AV Count	32
CC Servers	61.120.62.28:3305 212.54.2.171:3305 92.240.234.164:3305
DNS Lookups	GB:cx10man.weedns.com AR:cx10man.weedns.com AR:fx010413.whyI.org FI:gynoman.weedns.com AR:c010x1.co.cc :commgr.co.cc JP:g.0x20.biz FI:telephone.dd.blueline.be KR:cx10man.weedns.com JP:cx10man.weedns.com JP:fx010413.whyI.org AR:gynoman.weedns.com TH:cx10man.weedns.com
Failed Connects	92.240.234.164:3305 JP:61.120.62.28:3305
AV Name	AhnLab-V3:IRCBot.variant, AntiVir:TRDropper.Gen, Authentium:Threat-HLLIYE!Eldorado, Avast:_DCom-F, AVG:Heur, BitDefender:Packer.Yoda.A, CAT-QuickHeal:IRCBot.idc, ClamAV:MISSED, DrWeb:HLLW.Piabot, eSafe:TRDropper, eTrust-Vet:IRCBot.KU, Ewido:MISSED, FileAdvisor:MISSED, Fortinet:PossibleThreat, F-Prot:Threat-HLLIYE!Eldorado, F-Secure:IRCBot.idc, Ikarus:Exploit.MS06040, Kaspersky:IRCBot.idc, McAfee:MISSED, Microsoft:Exploit_MS06040.gen, NOD32v2:MISSED, Norman:Smalltroj.MTNE, Panda:Gaobot.OXI.worm, Prevx1:MISSED, Rising:MS06-040.b, Sophos:MalPacker, Sunbelt:Wootbot.gen, Symantec:Spybot.Worm, TheHacker:BackdoorIRCBot.idc, VBA32:Kolabc.gco, VirusBuster:IRCBot.AAWX, Webwasher-Gateway:MISSED
WinXP Files	SVCHOST.EXE
WinXP Processes	CMD.EXE, CSRSS.EXE, EXPLORER.EXE, LSASS.EXE, MSMSGS.EXE, SERVICES.EXE, SPOOLSV.EXE, SVCHOST.EXE, WINLOGON.EXE, wmiprvse.exe, WMIPRVSE.EXE
WinXP Registries	HKEY_LOCAL_MACHINE@...Microsoft\MRT, HKEY_LOCAL_MACHINE@...Microsoft\SecurityCenter, HKEY_LOCAL_MACHINE@...WindowsNT\WindowsFileProtection, HKEY_LOCAL_MACHINE@...Windows\WindowsUpdate, HKEY_LOCAL_MACHINE@...Microsoft\\MRT, HKEY_LOCAL_MACHINE@...Microsoft\\SecurityCenter, HKEY_LOCAL_MACHINE@...WindowsNT\\WindowsFileProtection, HKEY_LOCAL_MACHINE@...Windows\\WindowsUpdate
WinXP Ports	1034, 1034, 135, 22279, 3329, 3330, 3331, 3332, 3333, 3334, 3335, 3336, 3337, 3338, 3339, 3340, 3341, 3342, 3343, 3344, 3345, 3346, 3347, 3348, 3349, 3350, 3351, 3352, 3353, 3354, 3355, 3356, 3357, 3358, 3359, 3360, 3361, 3362, 3363, 3364, 3365, 3366, 3367, 3368, 3369, 3370, 3371, 3372, 3373, 3374, 3375, 3376, 3377, 3378, 3379, 3380, 3381, 3382, 3383, 3384, 3385, 3386, 3387, 3388, 69, 26445, 4290, 4291, 4292, 4293, 4294, 4295, 4296, 4297, 4298, 4299, 4300, 4301, 4302, 4303, 4304, 4305, 4306, 4307, 4308, 4309, 4310, 4311, 4312, 4313, 4314, 4315, 4316, 4317, 4318, 4319, 4320, 4321, 4322, 4323, 4324, 4325, 4326, 4327, 4328, 4329, 4330, 4331, 4332, 4333, 4334, 4335, 4336, 4337, 4338, 4339, 4340, 4341, 4342, 4343, 4344, 1036, 3593, 3594, 3595, 3596, 3597, 3598, 3599, 3600, 3601, 3602, 3603, 3604, 3605, 3606, 3607, 3608, 3609, 3610, 3611, 3612, 3613, 3614, 3615, 3616, 3617, 3618, 3619, 3620, 3621, 3622, 3623, 3624, 3625, 3626, 3627, 3628, 3629, 3630, 3631, 3632, 3633, 3634, 3635, 3636, 3637, 3638, 3639, 3640, 3641, 3642, 3643, 3644, 3645, 3646, 3647, 43760, 11067, 3428, 3429, 3430, 3431, 3432, 3433, 3434, 3435, 3436, 3437, 3438, 3439, 3440, 3441, 3442, 3443, 3444, 3445, 3446, 3447, 3448, 3449, 3450, 3451, 3452, 3453, 3454, 3455, 3456, 3457, 3458, 3459, 3460, 3461, 3462, 3463, 3464, 3465, 3466
Win-2Kf Files
Win-2Kf Processes	unwise_.exe
Win-2Kf Registries	HKEY_LOCAL_MACHINE@...Microsoft\\MRT, HKEY_LOCAL_MACHINE@...Microsoft\\SecurityCenter, HKEY_LOCAL_MACHINE@...Microsoft\\WindowsNT, HKEY_LOCAL_MACHINE@...WindowsNT\\WindowsFileProtection, HKEY_LOCAL_MACHINE@...Windows\\WindowsUpdate, HKEY_USERS@...InternetSettings\\5.0, HKEY_USERS@...InternetSettings\\Connections
Win-2Kf Ports	1043, 2557, 2558, 2559, 2560, 2561, 2562, 2563, 2564, 2565, 2566, 2567, 2568, 2569, 2570, 2571, 2572, 2573, 2574, 2575, 2576, 2577, 2578, 2579, 2580, 2581, 2582, 2583, 2584, 2585, 2586, 2587, 2588, 2589, 2590, 2591, 2592, 2593, 2594, 2595, 2596, 2597, 2598, 2599, 2600, 2601, 2602, 2603, 2604, 2605, 2606, 2607, 2608, 2609, 2610, 2611, 2612, 2613, 2614, 2615, 2616, 2617, 2618, 30099, 1031, 135, 1449, 1450, 1451, 1452, 1453, 1454, 1455, 1456, 1457, 1458, 1459, 1460, 1461, 1462, 1463, 1464, 1465, 1466, 1467, 1468, 1469, 1470, 1471, 1472, 1473, 1474, 1475, 1476, 1477, 1478, 1479, 1480, 1481, 1482, 1483, 1484, 1485, 1486, 1487, 1488, 1489, 1490, 1491, 1492, 8825, 2412, 2413, 2414, 2415, 2416, 2417, 2418, 2419, 2420, 2421, 2422, 2423, 2424, 2425, 2426, 2427, 2428, 2429, 2430, 2431, 2432, 2433, 2434, 2435, 2436, 2437, 2438, 2439, 2440, 2441, 2442, 2443, 60316, 10280, 1710, 1711, 1712, 1713, 1714, 1715, 1716, 1717, 1718, 1719, 1720, 1721, 1722, 1723, 1724, 1725, 1726, 1727, 1728, 1729, 1730, 1731, 1732, 1733, 1734, 1735, 1736, 1737, 1738, 1739, 1740, 1741, 1742, 1743, 1744, 1745, 1746, 1747, 1748, 1749, 1750, 1751, 1752, 1753, 1754, 1755, 1756, 1757, 1758, 1759, 1760, 1761, 1762, 1033, 23840, 2758, 2759, 2760, 2761, 2762, 2763, 2764, 2765, 2766, 2767, 2768, 2769, 2770, 2771, 2772, 2773, 2774, 2775, 2776, 2777, 2778, 2779, 2780, 2781, 2782, 2783, 2784, 2785, 2786, 2787, 2788, 2789, 2790, 2791, 2792, 2793, 2794, 2795, 2796, 2797, 2798, 2799, 2800, 2801, 2802, 2803, 2804, 2805, 13122, 2889, 2890, 2891, 2892, 2893, 2894, 2895, 2896, 2897, 2898, 2899, 2900, 2901, 2902, 2903, 2904, 2905, 2906, 2907, 2908, 2909, 2910, 2911, 2912, 2913, 2914, 2915, 2916, 2917, 2918, 2919, 2920, 2921, 2922, 2923, 2924, 2925, 2926, 2927, 2928, 2929, 2930, 2931, 2932, 2933, 2934, 2935, 2936, 2937, 2938, 2939, 2940, 2941, 2942
Create Events
Create Files
Create RegKeys
Open RegKeys
Service Starts
Service Deletes
Service Creates
Cluster
Cluster Confidence
Packer ID1	StarForce
Packer ID2
Embedded DNS
String Count
String Link	text
String MD5
Timerange	365 Days
Unpack Status	unknown ( : 0 : Unpacking Provided Binary. (Code,Data) = (, ))
Countries	3
Unpacked Link
Callgraph
API Resolution
Comment	none