Packed MD5 168aab35a3c1e948ab4f93c12bc73494 
Priority
First 06/17/2009 
Last 11/05/2009 
Count  
History  
Unpacked MD5 60b730b97e079dd2529609c5659ccfd4  
AV Hits 31 31 
AV Count 32 
CC Servers 91.212.220.75:65520 218.93.205.30:65520 221.5.74.39:65520 114.80.101.21:65520 218.93.205.24:65520 218.93.205.30:65520 91.212.220.75:65520 91.212.220.75:65520 218.93.205.30:65520 121.12.116.142:65520 193.104.94.11:65520 
DNS Lookups US:microsoft.com CN:proxima.ircgalaxy.pl CN:dl.guarddog2009.com EU:gidromash.cn EU:ottopay.cn CN:put.ghura.pl IL:xt67ur.wwlax.com IL:bugreport.waverevenue.com IL:xul93.pubdomainstr.com CN:brenz.pl :nenastiya.cn CN:config1007.iwillhavesexygirls.com CN:maillist.iwillhavesexygirls.com EU:sleepatnight.cn :wws.mobiec.net US:xz.ub9.net CN:russia.2288.org CN:www.petdoso.com :in.7cy.net :in1.7cy.net US:domainmillions.info US:images01.tzimg.com US:domdex.com US:ad.yieldmanager.com :ad.doubleclick.net GB:www.businesstomb.com EU:dfeuvyoage.net :cmdmand.info :mcsset.org :inporter.info NL:thcway.info :moreverde.com :mounth.biz :gethtmlhelp.com :rabetis.net EU:thestatsdata.com :www.searchmagnets.net US:online-fabrics-store.info EU:proxima.ircgalaxy.pl CN:lometr.pl NL:teenagersporn.net CN:dretis.cn CN:kritq.cn :onuka.cn US:client155.faster-hosting.com CN:gidromash.cn CN:ottopay.cn CN:streq.cn :horobl.cn CN:goasi.cn :bfkq.com :jsactivity.com EU:mskfintrust.com :ns2.mm1-shop.net 
Failed Connects US:64.235.53.208:80 EU:91.212.220.75:65520 CN:211.95.79.6:80 CN:121.14.145.75:88 CN:202.97.184.196:81 74.125.19.148:80 US:68.178.254.169:80 174.36.176.242:81 CN:218.93.205.30:65520 112.200.121.97:3128 115.86.64.11:3128 117.102.113.3:3128 117.68.8.79:3128 CN:124.115.37.201:3128 KR:124.49.62.227:3128 ES:155.54.19.250:3128 BR:200.133.48.28:3128 ID:202.159.52.59:3128 KR:210.108.183.12:3128 KR:211.246.215.29:3128 ES:84.124.241.148:3128 CN:211.95.79.170:80 EU:91.207.61.180:80 173.45.105.218:8392 US:64.191.44.5:80 US:66.96.221.101:8392 FR:193.104.94.11:65520 GB:212.117.177.140:80 
AV Name AhnLab-V3:Virut, AntiVir:Virut.A, Authentium:Virut.4960, Avast:_Virut-B, AVG:Virut.A, BitDefender:Virtob.6.Gen, CAT-QuickHeal:Virut.A, ClamAV:Virut.A, DrWeb:Virut, eSafe:Virut.a, eTrust-Vet:Virut.5127, Ewido:MISSED, FileAdvisor:MISSED, Fortinet:Virut.A, F-Prot:Virut.4960, F-Secure:Virut.a, Ikarus:Virut.a, Kaspersky:Virut.a, McAfee:Virut.a, Microsoft:Virut.A, NOD32v2:Virut.5127, Norman:Virut.A, Panda:Virutas.B, Prevx1:MISSED, Rising:Virut.a, Sophos:Virut-T, Sunbelt:MISSED, Symantec:Virut.A, TheHacker:Virut.gen, VBA32:Virut.A, VirusBuster:Virut.Gen.4, Webwasher-Gateway:Virut.A  
WinXP Files 1.ico, 2.ico, 3.ico, 3.tmp, 4.tmp, accwiz.exe, actmovie.exe, agentsvr.exe, ahui.exe, alg.exe, arp.exe, asr_fmt.exe, asr_ldm.exe, at.exe, atmadm.exe, attrib.exe, bootcfg.exe, bootok.exe, bootvrfy.exe, cacls.exe, calc.exe, charmap.exe, chkdsk.exe, chkntfs.exe, cidaemon.exe, cipher.exe, cisvc.exe, ckcnv.exe, cleanmgr.exe, cliconfg.exe, clipbrd.exe, clipsrv.exe, cmdl32.exe, cmmon32.exe, cmstp.exe, compact.exe, comp.exe, comrepl.exe, conime.exe, control.exe, convert.exe, cscript.exe, ctfmon.exe, dcomcnfg.exe, ddeshare.exe, defrag.exe, dfrgfat.exe, dfrgntfs.exe, diantz.exe, diskpart.exe, diskperf.exe, dllhost.exe, dllhst3g.exe, dmadmin.exe, dmremote.exe, doskey.exe, dplaysvr.exe, dpnsvr.exe, dpvsetup.exe, driverquery.exe, drwtsn32.exe, dumprep.exe, dvdplay.exe, dvdupgrd.exe, dxdiag.exe, esentutl.exe, eudcedit.exe, eventcreate.exe, eventtriggers.exe, eventvwr.exe, expand.exe, extrac32.exe, fc.exe, find.exe, findstr.exe, finger.exe, fixmapi.exe, fontview.exe, forcedos.exe, freecell.exe, fsutil.exe, ftp.exe, getmac.exe, gpresult.exe, gpupdate.exe, grpconv.exe, HelpCtr.exe, help.exe, HelpHost.exe, HelpSvc.exe, hh.exe, hostname.exe, ie4uinit.exe, iexpress.exe, imapi.exe, ipconfig.exe, ipsec6.exe, ipv6.exe, ipxroute.exe, label.exe, lights.exe, lnkstub.exe, locator.exe, lodctr.exe, logagent.exe, logman.exe, logoff.exe, logon.scr, logonui.exe, lpq.exe, lpr.exe, magnify.exe, makecab.exe, migload.exe, migpwd.exe, migwiz_a.exe, migwiz.exe, mmc.exe, mnmsrvc.exe, mobsync.exe, mofcomp.exe, mountvol.exe, mplay32.exe, mpnotify.exe, mqbkup.exe, mqsvc.exe, mqtgsvc.exe, mrinfo.exe, msconfig.exe, msdtc.exe, msg.exe, mshearts.exe, mshta.exe, msiexec.exe, msoobe.exe, mspaint.exe, msswchx.exe, mstinit.exe, mstsc.exe, narrator.exe, nbtstat.exe, nddeapir.exe, net1.exe, netdde.exe, net.exe, netsetup.exe, netsh.exe, netstat.exe, NOTEPAD.EXE, notiflag.exe, nppagent.exe, nslookup.exe, ntbackup.exe, ntsd.exe, ntvdm.exe, nwscript.exe, odbcad32.exe, odbcconf.exe, oobebaln.exe, openfiles.exe, osk.exe, osuninst.exe, packager.exe, pathping.exe, pentnt.exe, perfmon.exe, ping6.exe, print.exe, progman.exe, proquota.exe, proxycfg.exe, qappsrv.exe, qprocess.exe, qwinsta.exe, rasautou.exe, rasdial.exe, rasphone.exe, rcimlby.exe, rcp.exe, rdpclip.exe, rdsaddin.exe, rdshost.exe, recover.exe, relog.exe, replace.exe, reset.exe, rexec.exe, routemon.exe, rsh.exe, rsm.exe, rsmsink.exe, rsmui.exe, rsnotify.exe, rsopprov.exe, rstrui.exe, rsvp.exe, rtcshare.exe, runas.exe, rundll32.exe, runonce.exe, rwinsta.exe, savedump.exe, scardsvr.exe, schtasks.exe, SC.INS, scrcons.exe, scrnsave.scr, sdbinst.exe, secedit.exe, sessmgr.exe, sethc.exe, sfc.exe, shadow.exe, shmgrate.exe, shrpubw.exe, shutdown.exe, sigverif.exe, skeys.exe, smlogsvc.exe, sndrec32.exe, sndvol32.exe, sol.exe, sort.exe, spider.exe, srdiag.exe, ss3dfo.scr, ssbezier.scr, ssflwbox.scr, ssmarque.scr, ssmypics.scr, ssmyst.scr, sspipes.scr, ssstars.scr, sstext3d.scr, stimon.exe, subst.exe, SVCHOST.EXE, syncapp.exe, syskey.exe, sysocmgr.exe, systeminfo.exe, systray.exe, taskkill.exe, tasklist.exe, taskman.exe, taskmgr.exe, tcmsetup.exe, tcpsvcs.exe, telnet.exe, tftp.exe, tlntadmn.exe, tlntsess.exe, tlntsvr.exe, tourstart.exe, tracerpt.exe, tracert6.exe, tracert.exe, tscon.exe, tscupgrd.exe, tsdiscon.exe, tskill.exe, tsshutdn.exe, twunk_32.exe, typeperf.exe, unlodctr.exe, unsecapp.exe, UploadM.exe, upnpcont.exe, ups.exe, userinit.exe, usrmlnka.exe, usrprbda.exe, usrshuta.exe, utilman.exe, verifier.exe, VRT1.tmp, vssadmin.exe, vssvc.exe, w32tm.exe, wbemtest.exe, wextract.exe, wiaacmgr.exe, winhlp32.exe, winmgmt.exe, winmine.exe, winmsd.exe, winver.exe, wmiadap.exe, wmiapsrv.exe, wmic.exe, wmiprvse.exe, wmpstub.exe, wpabaln.exe, wpnpinst.exe, write.exe, wuauclt.exe, wupdmgr.exe, xcopy.exe, , 2.tmp, 5.tmp  
WinXP Processes CMD.EXE, CSRSS.EXE, DLLHOST.EXE, EXPLORER.EXE, LSASS.EXE, MSMSGS.EXE, SERVICES.EXE, SPOOLSV.EXE, SVCHOST.EXE, VRT1.tmp, WINLOGON.EXE, pridl.exe, dwwin.exe  
WinXP Registries HKEY_LOCAL_MACHINE@...Microsoft\\DownloadManager  
WinXP Ports 1031, 1038, 1034, 1041, 1035, 1037  
Win-2Kf Files  
Win-2Kf Processes  
Win-2Kf Registries  
Win-2Kf Ports  
Create Events  
Create Files  
Create RegKeys  
Open RegKeys SOFTWARE\Microsoft\Updates\Windows 2000\SP5\KB823980,SOFTWARE\Microsoft\Updates\Windows XP\SP1\KB823980,SOFTWARE\Microsoft\Updates\Windows XP\SP2\KB823980 
Service Starts RpcPatch 
Service Deletes RpcPatch,RpcTftpd 
Service Creates  
Cluster  
Cluster Confidence  
Packer ID1 Armadillo 
Packer ID2  
Embedded DNS  
String Count 91 
String Link text
String MD5 30018e66fb67056f1acf6962b1677d8e 
Timerange 365 Days 
Unpack Status unknown (unpacked : 0 : Unpacking Provided Binary. (Code,Data) = (62.31%, 17.09%)) 
Countries
Unpacked Link  
Callgraph  
API Resolution  
Comment none