69f8ccc92eaf6ae26d31ad0cf35cd0b3

Packed MD5	69f8ccc92eaf6ae26d31ad0cf35cd0b3
Priority	1
First	07/01/2009
Last	10/11/2009
Count
History
Unpacked MD5	e9613e6868a46de2a9f92671e5f504eb
AV Hits	38
AV Count	32
CC Servers	61.120.62.28:3305 200.49.145.197:3305 92.240.234.164:3305
DNS Lookups	TH:cx10man.weedns.com FI:cx10man.weedns.com FI:fx010413.whyI.org JP:gynoman.weedns.com FI:g.0x20.biz JP:c010x1.co.cc JP:commgr.co.cc KR:telephone.dd.blueline.be AR:phonewire.dd.blueline.be TH:fx010413.whyI.org JP:cx10man.weedns.com
Failed Connects	KR:211.233.45.253:3305 JP:61.120.62.28:3305 92.240.234.164:3305
AV Name	AhnLab-V3:Virut.B, AntiVir:Virut.AX, Authentium:Virut.7116, Avast:_Virtob, AVG:Virut, BitDefender:Virtob.8.Gen, CAT-QuickHeal:Virut.Z, ClamAV:Virut-54, DrWeb:HLLW.Piabot.3, eSafe:MISSED, eTrust-Vet:Virut.7115, Ewido:MISSED, FileAdvisor:MISSED, Fortinet:Virut.AV, F-Prot:Virut.7116, F-Secure:Virut.av, Ikarus:Kolabc, Kaspersky:Virut.av, McAfee:Virut.gen.a, Microsoft:Virut.AC, NOD32v2:MISSED, Norman:Virut.AG, Panda:Virutas.FG, Prevx1:MISSED, Rising:Virut.an, Sophos:Virut-W, Sunbelt:MISSED, Symantec:Virut.W, TheHacker:Virut.av, VBA32:Virut.2, VirusBuster:Rbot.ALER, Webwasher-Gateway:MISSED
WinXP Files	SVCHOST.EXE
WinXP Processes	CMD.EXE, CSRSS.EXE, EXPLORER.EXE, LSASS.EXE, MSMSGS.EXE, SERVICES.EXE, SPOOLSV.EXE, SVCHOST.EXE, WINLOGON.EXE, wmiprvse.exe, WMIPRVSE.EXE
WinXP Registries	HKEY_LOCAL_MACHINE@...Microsoft\MRT, HKEY_LOCAL_MACHINE@...Microsoft\SecurityCenter, HKEY_LOCAL_MACHINE@...WindowsNT\WindowsFileProtection, HKEY_LOCAL_MACHINE@...Windows\WindowsUpdate, HKEY_LOCAL_MACHINE@...Microsoft\\MRT, HKEY_LOCAL_MACHINE@...Microsoft\\SecurityCenter, HKEY_LOCAL_MACHINE@...WindowsNT\\WindowsFileProtection, HKEY_LOCAL_MACHINE@...Windows\\WindowsUpdate
WinXP Ports	1034, 1034, 135, 33413, 4521, 4522, 4523, 4524, 4525, 4526, 4527, 4528, 4529, 4530, 4531, 4532, 4533, 4534, 4535, 4536, 4537, 4538, 4539, 4540, 4541, 4542, 4543, 4544, 4545, 4546, 4547, 4548, 4549, 4550, 4551, 4552, 4553, 4554, 4555, 4556, 4557, 4558, 4559, 4560, 4561, 4562, 4563, 4564, 4565, 4566, 4567, 4568, 4569, 4570, 4571, 4572, 4573, 4574, 4575, 4576, 69, 1041, 21053, 4579, 4580, 4581, 4582, 4583, 4584, 4585, 4586, 4587, 4588, 4589, 4590, 4591, 4592, 4593, 4594, 4595, 4596, 4597, 4598, 4599, 4600, 4601, 4602, 4603, 4604, 4605, 4606, 4607, 4608, 4609, 4610, 4611, 4612, 4613, 4614, 4615, 4616, 4617, 4618, 4619, 4620, 4621, 4622, 4623, 4624, 4625, 4626, 4627, 4628, 4629, 4630, 4631, 4632, 4633, 4634, 4635, 4636, 4637, 4638, 4639, 4640, 4641, 4642, 4643, 4644, 4645, 4646, 4647, 1035, 3665, 3666, 3667, 3668, 3669, 3670, 3671, 3672, 3673, 3674, 3675, 3676, 3677, 3678, 3679, 3680, 3681, 3682, 3683, 3684, 3685, 3686, 3687, 3688, 3689, 3690, 3691, 3692, 3693, 3694, 3695, 3696, 3697, 3698, 3699, 3700, 3701, 3702, 3703, 3704, 3705, 3706, 3707, 3708, 3709, 3710, 3711, 3712, 3713, 3714, 3715, 3716, 3717, 3718, 3719, 3720, 3721, 3722, 3723, 3724, 3725, 3726, 3727, 3728, 3729, 3730, 3731, 38730, 3631, 3632, 3633, 3634, 3635, 3636, 3637, 3638, 3639, 3640, 3641, 3642, 3643, 3644, 3645, 3646, 3647, 3648, 3649, 3650, 3651, 3652, 3653, 3654, 3655, 3656, 3657, 3658, 3659, 3660, 3661, 3662, 3663, 3664, 9660
Win-2Kf Files
Win-2Kf Processes	unwise_.exe
Win-2Kf Registries	HKEY_LOCAL_MACHINE@...Microsoft\\MRT, HKEY_LOCAL_MACHINE@...Microsoft\\SecurityCenter, HKEY_LOCAL_MACHINE@...Microsoft\\WindowsNT, HKEY_LOCAL_MACHINE@...WindowsNT\\WindowsFileProtection, HKEY_LOCAL_MACHINE@...Windows\\WindowsUpdate, HKEY_USERS@...InternetSettings\\5.0, HKEY_USERS@...InternetSettings\\Connections
Win-2Kf Ports	1031, 135, 27156, 3411, 3412, 3413, 3414, 3415, 3416, 3417, 3418, 3419, 3420, 3421, 3422, 3423, 3424, 3425, 3426, 3427, 3428, 3429, 3430, 3431, 3432, 3433, 3434, 3435, 3436, 3437, 3438, 3439, 3440, 3441, 3442, 3443, 3444, 3445, 3446, 3447, 3448, 3449, 3450, 3451, 3452, 3453, 3454, 3455, 3456, 3457, 3458, 3459, 3460, 3461, 3462, 3463, 3464, 69
Create Events
Create Files
Create RegKeys
Open RegKeys
Service Starts
Service Deletes
Service Creates
Cluster
Cluster Confidence
Packer ID1	StarForce
Packer ID2
Embedded DNS
String Count
String Link	text
String MD5
Timerange	365 Days
Unpack Status	unknown ( : 0 : Unpacking Provided Binary. (Code,Data) = (, ))
Countries	1
Unpacked Link
Callgraph
API Resolution
Comment	none