| Packed MD5 | 5ec55a04a2289f956c9e0b1804492d54 |
| Priority | 0 |
| First | 09/07/2009 |
| Last | 10/16/2009 |
| Count | |
| History | |
| Unpacked MD5 | c77c150cc2800e7b8d8c65414bcde0a9 |
| AV Hits | 40 |
| AV Count | 32 |
| CC Servers | 92.240.234.164:3305 211.233.45.253:3305 |
| DNS Lookups | JP:cx10man.weedns.com :fx010413.whyI.org FI:gynoman.weedns.com AR:g.0x20.biz AR:c010x1.co.cc :commgr.co.cc KR:telephone.dd.blueline.be |
| Failed Connects | JP:61.120.62.28:3305 |
| AV Name | AhnLab-V3:Virut.B, AntiVir:Virut.AX, Authentium:Virut.7116, Avast:_Virtob, AVG:Virut, BitDefender:Virtob.8.Gen, CAT-QuickHeal:Virut.Z, ClamAV:Virut-54, DrWeb:HLLW.Piabot.3, eSafe:MISSED, eTrust-Vet:Virut.7115, Ewido:MISSED, FileAdvisor:MISSED, Fortinet:Virut.AV, F-Prot:Virut.7116, F-Secure:Virut.av, Ikarus:Kolabc, Kaspersky:Virut.av, McAfee:Virut.gen.a, Microsoft:Virut.AC, NOD32v2:MISSED, Norman:Virut.AG, Panda:Virutas.FG, Prevx1:MISSED, Rising:Virut.an, Sophos:Virut-W, Sunbelt:MISSED, Symantec:Virut.W, TheHacker:Virut.av, VBA32:Virut.2, VirusBuster:Rbot.AKMS, Webwasher-Gateway:MISSED |
| WinXP Files | SVCHOST.EXE |
| WinXP Processes | CMD.EXE, CSRSS.EXE, EXPLORER.EXE, LSASS.EXE, MSMSGS.EXE, SERVICES.EXE, SPOOLSV.EXE, SVCHOST.EXE, WINLOGON.EXE, wmiprvse.exe |
| WinXP Registries | HKEY_LOCAL_MACHINE@...Microsoft\\MRT, HKEY_LOCAL_MACHINE@...Microsoft\\SecurityCenter, HKEY_LOCAL_MACHINE@...WindowsNT\\WindowsFileProtection, HKEY_LOCAL_MACHINE@...Windows\\WindowsUpdate |
| WinXP Ports | 1040, 3774, 3775, 3776, 3777, 3778, 3779, 3780, 3781, 3782, 3783, 3784, 3785, 3786, 3787, 3788, 3789, 3790, 3791, 3792, 3793, 3794, 3795, 3796, 3797, 3798, 3799, 3800, 3801, 3802, 3803, 3804, 3805, 3806, 3807, 3808, 3809, 3810, 3811, 3812, 3813, 3814, 3815, 3816, 3817, 3818, 3819, 3820, 56176, 69 |
| Win-2Kf Files | |
| Win-2Kf Processes | unwise_.exe |
| Win-2Kf Registries | HKEY_LOCAL_MACHINE@...Microsoft\MRT, HKEY_LOCAL_MACHINE@...Microsoft\SecurityCenter, HKEY_LOCAL_MACHINE@...Microsoft\WindowsNT, HKEY_LOCAL_MACHINE@...WindowsNT\WindowsFileProtection, HKEY_LOCAL_MACHINE@...Windows\WindowsUpdate, HKEY_USERS@...InternetSettings\5.0, HKEY_USERS@...InternetSettings\Connections |
| Win-2Kf Ports | 1031, 1031, 135, 20437, 3040, 3044, 3045, 3046, 3047, 3048, 3049, 3050, 3051, 3052, 3053, 3054, 3055, 3056, 3057, 3058, 3059, 3060, 3061, 3062, 3063, 3064, 3065, 3066, 3067, 3068, 3069, 3070, 3071, 3072, 3073, 3074, 3075, 3076, 3077, 3078, 3079, 3080, 3081, 3082, 3083, 3084, 3085, 3086, 3087, 3088, 3089, 3090, 3091, 3092, 3093, 3094, 3095, 3096, 69 |
| Create Events | |
| Create Files | |
| Create RegKeys | |
| Open RegKeys | |
| Service Starts | |
| Service Deletes | |
| Service Creates | |
| Cluster | |
| Cluster Confidence | |
| Packer ID1 | StarForce |
| Packer ID2 | |
| Embedded DNS | |
| String Count | |
| String Link | text |
| String MD5 | |
| Timerange | 365 Days |
| Unpack Status | unknown ( : 0 : Unpacking Provided Binary. (Code,Data) = (, )) |
| Countries | 1 |
| Unpacked Link | |
| Callgraph | |
| API Resolution | |
| Comment | none |