18dfbbc85b46c2e1c85d763130eae228

Packed MD5	18dfbbc85b46c2e1c85d763130eae228
Priority	6
First	06/30/2009
Last	10/10/2009
Count
History
Unpacked MD5	4f6fcecea3cfaeca1086499e8b2d9aa1
AV Hits	7 23 32 29
AV Count	32
CC Servers	218.93.205.30:65520 91.212.220.75:65520 221.5.74.39:65520 218.93.205.24:65520 218.93.205.24:65520 221.5.74.39:65520 66.252.13.214:2081
DNS Lookups	CN:proxim.ircgalaxy.pl US:microsoft.com CN:www.brans.pl CN:gidromash.cn CN:dl.guarddog2009.com CN:ottopay.cn :www.petdoso.com CN:put.ghura.pl IL:xt67ur.wwlax.com CN:brenz.pl IL:bugreport.waverevenue.com IL:tidwhmep.s4upd.com IL:rec.bestrevenue.net US:b152.bundlext.com CN:lometr.pl EU:proxima.ircgalaxy.pl EU:gidromash.cn EU:ottopay.cn CN:proxima.ircgalaxy.pl CN:dretis.cn CN:kritq.cn :ns1.mm1-shop.net CN:irc.zief.pl :gg.arrancar.org IL:xul93.pubdomainstr.com CN:dl2.guarddog2009.com US:b155.bundlext.com CN:www.zief.pl :onuka.cn US:client155.faster-hosting.com US:s.unicat.org
Failed Connects	CN:211.95.79.170:80 174.36.176.242:81 CN:211.95.79.6:80 CN:218.93.205.30:65520 EU:91.206.201.39:80 CN:221.5.74.39:65520 IL:62.90.134.24:80 US:64.235.53.208:80 CN:218.93.205.24:65520 US:66.90.73.229:555 IL:62.90.134.29:80 116.75.103.108:3128 119.204.13.54:3128 119.63.138.160:3128 PH:122.2.120.48:3128 PH:122.54.26.244:3128 123.237.99.93:3128 124.153.224.40:3128 CN:124.95.103.37:3128 KR:210.116.189.162:3128 KR:211.246.215.29:3128 KR:221.160.223.56:3128 CN:218.93.205.30:80 112.66.33.148:3128 115.126.196.117:3128 116.41.234.219:3128 KR:122.38.120.237:3128 IN:124.125.243.179:3128 124.153.218.176:3128 189.106.96.64:3128 BR:189.15.44.149:3128 ID:202.159.52.59:3128 HK:61.239.140.92:3128 EU:77.239.4.170:3128
AV Name	AhnLab-V3:Virut.D, AntiVir:Virut.Gen, Authentium:Virut.9264, Avast:_Virut, AVG:Virut, BitDefender:Virtob.3.Gen, CAT-QuickHeal:Virut.D, ClamAV:Virut.di, DrWeb:Virut.5, eSafe:MISSED, eTrust-Vet:Virut.9276, Ewido:MISSED, FileAdvisor:MISSED, Fortinet:Virut.E, F-Prot:Virut.9264, F-Secure:Virut.n, Ikarus:Virut.d, Kaspersky:Virut.n, McAfee:Virut.gen, Microsoft:Virut.AK, NOD32v2:Virut.E, Norman:Virut.D, Panda:Virutas.gen, Prevx1:MISSED, Rising:Virut.aw, Sophos:Vetor-A, Sunbelt:MISSED, Symantec:Virut.B, TheHacker:Virut.F, VBA32:Virut.3, VirusBuster:Virut.Gen, Webwasher-Gateway:Virut.Gen
WinXP Files	, accwiz.exe, actmovie.exe, agentsvr.exe, ahui.exe, alg.exe, arp.exe, asr_fmt.exe, asr_ldm.exe, at.exe, atmadm.exe, attrib.exe, bootcfg.exe, bootok.exe, bootvrfy.exe, cacls.exe, calc.exe, charmap.exe, chkdsk.exe, chkntfs.exe, cidaemon.exe, cipher.exe, cisvc.exe, ckcnv.exe, cleanmgr.exe, cliconfg.exe, clipbrd.exe, clipsrv.exe, cmdl32.exe, cmmon32.exe, cmstp.exe, compact.exe, comp.exe, comrepl.exe, conime.exe, control.exe, convert.exe, cscript.exe, ctfmon.exe, dcomcnfg.exe, ddeshare.exe, defrag.exe, dfrgfat.exe, dfrgntfs.exe, diantz.exe, diskpart.exe, diskperf.exe, dllhost.exe, dllhst3g.exe, dmadmin.exe, dmremote.exe, doskey.exe, dplaysvr.exe, dpnsvr.exe, dpvsetup.exe, driverquery.exe, drwtsn32.exe, dumprep.exe, dvdplay.exe, dvdupgrd.exe, dxdiag.exe, esentutl.exe, eudcedit.exe, eventcreate.exe, eventtriggers.exe, eventvwr.exe, expand.exe, extrac32.exe, fc.exe, find.exe, findstr.exe, finger.exe, fixmapi.exe, fontview.exe, forcedos.exe, freecell.exe, fsutil.exe, ftp.exe, getmac.exe, gpresult.exe, gpupdate.exe, grpconv.exe, HelpCtr.exe, help.exe, HelpHost.exe, HelpSvc.exe, hh.exe, hostname.exe, ie4uinit.exe, iexpress.exe, imapi.exe, ipconfig.exe, ipsec6.exe, ipv6.exe, ipxroute.exe, label.exe, lights.exe, lnkstub.exe, locator.exe, lodctr.exe, logagent.exe, logman.exe, logoff.exe, logon.scr, logonui.exe, lpq.exe, lpr.exe, magnify.exe, makecab.exe, migload.exe, migpwd.exe, migwiz_a.exe, migwiz.exe, mmc.exe, mnmsrvc.exe, mobsync.exe, mofcomp.exe, mountvol.exe, mplay32.exe, mpnotify.exe, mqbkup.exe, mqsvc.exe, mqtgsvc.exe, mrinfo.exe, msconfig.exe, msdtc.exe, msg.exe, mshearts.exe, mshta.exe, msiexec.exe, msoobe.exe, mspaint.exe, msswchx.exe, mstinit.exe, mstsc.exe, narrator.exe, nbtstat.exe, nddeapir.exe, net1.exe, netdde.exe, net.exe, netsetup.exe, netsh.exe, netstat.exe, NOTEPAD.EXE, notiflag.exe, nppagent.exe, nslookup.exe, ntbackup.exe, ntsd.exe, ntvdm.exe, nwscript.exe, odbcad32.exe, odbcconf.exe, oobebaln.exe, openfiles.exe, osk.exe, osuninst.exe, packager.exe, pathping.exe, pentnt.exe, perfmon.exe, ping6.exe, print.exe, progman.exe, proquota.exe, proxycfg.exe, qappsrv.exe, qprocess.exe, qwinsta.exe, rasautou.exe, rasdial.exe, rasphone.exe, rcimlby.exe, rcp.exe, rdpclip.exe, rdsaddin.exe, rdshost.exe, recover.exe, relog.exe, replace.exe, reset.exe, rexec.exe, routemon.exe, rsh.exe, rsm.exe, rsmsink.exe, rsmui.exe, rsnotify.exe, rsopprov.exe, rstrui.exe, rsvp.exe, rtcshare.exe, runas.exe, rundll32.exe, runonce.exe, rwinsta.exe, savedump.exe, scardsvr.exe, schtasks.exe, scrcons.exe, scrnsave.scr, sdbinst.exe, secedit.exe, sessmgr.exe, sethc.exe, sfc.exe, shadow.exe, shmgrate.exe, shrpubw.exe, shutdown.exe, sigverif.exe, skeys.exe, smlogsvc.exe, sndrec32.exe, sndvol32.exe, sol.exe, sort.exe, spider.exe, srdiag.exe, ss3dfo.scr, ssbezier.scr, ssflwbox.scr, ssmarque.scr, ssmypics.scr, ssmyst.scr, sspipes.scr, ssstars.scr, sstext3d.scr, stimon.exe, subst.exe, SVCHOST.EXE, syncapp.exe, syskey.exe, sysocmgr.exe, systeminfo.exe, systray.exe, taskkill.exe, tasklist.exe, taskman.exe, taskmgr.exe, tcmsetup.exe, tcpsvcs.exe, telnet.exe, tftp.exe, tlntadmn.exe, tlntsess.exe, tlntsvr.exe, tourstart.exe, tracerpt.exe, tracert6.exe, tracert.exe, tscon.exe, tscupgrd.exe, tsdiscon.exe, tskill.exe, tsshutdn.exe, twunk_32.exe, typeperf.exe, unlodctr.exe, unsecapp.exe, UploadM.exe, upnpcont.exe, ups.exe, userinit.exe, usrmlnka.exe, usrprbda.exe, usrshuta.exe, utilman.exe, verifier.exe, VRT1.tmp, vssadmin.exe, vssvc.exe, w32tm.exe, wbemtest.exe, wextract.exe, wiaacmgr.exe, winhlp32.exe, winmgmt.exe, winmine.exe, winmsd.exe, winver.exe, wmiadap.exe, wmiapsrv.exe, wmic.exe, wmiprvse.exe, wmpstub.exe, wpabaln.exe, wpnpinst.exe, write.exe, wuauclt.exe, wupdmgr.exe, xcopy.exe, 3.tmp, 4.tmp, 1.ico, 2.ico, 3.ico, SC.INS, VRT2.tmp, 5.tmp, services.exe, zopvsifw3.sys
WinXP Processes	CMD.EXE, CSRSS.EXE, DLLHOST.EXE, EXPLORER.EXE, LSASS.EXE, MSMSGS.EXE, SERVICES.EXE, SPOOLSV.EXE, SVCHOST.EXE, WINLOGON.EXE, VRT2.tmp, 4.tmp
WinXP Registries	HKEY_LOCAL_MACHINE@...Microsoft\\DownloadManager, HKEY_CURRENT_USER@...Software\\ProtectionSystem, HKEY_USERS@...Software\\ProtectionSystem, HKEY_LOCAL_MACHINE@...CurrentVersion\\services, HKEY_LOCAL_MACHINE@...Microsoft\\SecurityCenter, HKEY_LOCAL_MACHINE@...Microsoft\\WindowsFirewall, HKEY_LOCAL_MACHINE@...WindowsFirewall\\DomainProfile, HKEY_LOCAL_MACHINE@...WindowsFirewall\\StandardProfile
WinXP Ports	1031, 1034, 1035, 1038, 28045, 3128
Win-2Kf Files
Win-2Kf Processes
Win-2Kf Registries
Win-2Kf Ports
Create Events
Create Files
Create RegKeys
Open RegKeys
Service Starts
Service Deletes
Service Creates
Cluster
Cluster Confidence
Packer ID1	Armadillo
Packer ID2
Embedded DNS
String Count
String Link	text
String MD5
Timerange	365 Days
Unpack Status	unknown ( : 0 : Unpacking Provided Binary. (Code,Data) = (, ))
Countries	6
Unpacked Link
Callgraph
API Resolution
Comment	none