| Packed MD5 | a0e262b14d87b88475ec54fc78afe133 |
| Priority | 1 |
| First | 09/07/2009 |
| Last | 11/03/2009 |
| Count | |
| History | |
| Unpacked MD5 | 4ae21c0514eaecbb10cf43c16aaaa614 |
| AV Hits | 23 |
| AV Count | 32 |
| CC Servers | 203.146.251.62:3305 211.233.45.253:3305 92.240.234.164:3305 |
| DNS Lookups | FI:cx10man.weedns.com AR:fx010413.whyI.org FI:gynoman.weedns.com JP:g.0x20.biz FI:telephone.dd.blueline.be AR:phonewire.dd.blueline.be :phonelogin.dd.blueline.be TH:ufospace.etowns.net TH:cx10man.weedns.com JP:fx010413.whyI.org KR:gynoman.weedns.com KR:telephone.dd.blueline.be JP:cx10man.weedns.com KR:fx010413.whyI.org TH:gynoman.weedns.com KR:g.0x20.biz |
| Failed Connects | AR:200.49.145.197:3305 FI:212.54.2.171:3305 92.240.234.164:3305 JP:61.120.62.28:3305 |
| AV Name | AhnLab-V3:MISSED, AntiVir:TRDropper.Gen, Authentium:Threat-HLLIYE!Eldorado, Avast:_DCom-F, AVG:Heur, BitDefender:Packer.Yoda.A, CAT-QuickHeal:MISSED, ClamAV:MISSED, DrWeb:HLLW.Piabot.4, eSafe:MISSED, eTrust-Vet:MISSED, Ewido:MISSED, FileAdvisor:MISSED, Fortinet:MISSED, F-Prot:Threat-HLLIYE!Eldorado, F-Secure:MISSED, Ikarus:Exploit.MS06040, Kaspersky:Heur.Generic, McAfee:MISSED, Microsoft:Exploit_MS06040.gen, NOD32v2:MISSED, Norman:MISSED, Panda:TrjCI.A, Prevx1:MISSED, Rising:MISSED, Sophos:MalPacker, Sunbelt:MISSED, Symantec:MISSED, TheHacker:MISSED, VBA32:MISSED, VirusBuster:PackedYoda, Webwasher-Gateway:MISSED |
| WinXP Files | SVCHOST.EXE |
| WinXP Processes | CMD.EXE, CSRSS.EXE, EXPLORER.EXE, LSASS.EXE, MSMSGS.EXE, SERVICES.EXE, SPOOLSV.EXE, SVCHOST.EXE, WINLOGON.EXE, wmiprvse.exe |
| WinXP Registries | HKEY_LOCAL_MACHINE@...Microsoft\MRT, HKEY_LOCAL_MACHINE@...Microsoft\SecurityCenter, HKEY_LOCAL_MACHINE@...WindowsNT\WindowsFileProtection, HKEY_LOCAL_MACHINE@...Windows\WindowsUpdate, HKEY_LOCAL_MACHINE@...Microsoft\\MRT, HKEY_LOCAL_MACHINE@...Microsoft\\SecurityCenter, HKEY_LOCAL_MACHINE@...WindowsNT\\WindowsFileProtection, HKEY_LOCAL_MACHINE@...Windows\\WindowsUpdate |
| WinXP Ports | 1039, 1039, 2062, 2063, 2064, 2065, 2066, 2067, 2068, 2069, 2070, 2071, 2072, 2073, 2074, 2075, 2076, 2077, 2078, 2079, 2080, 2081, 2082, 2083, 2084, 2085, 2086, 2087, 2088, 2089, 2090, 2091, 2092, 2093, 2094, 2095, 2096, 2097, 2098, 2099, 2100, 2101, 2102, 2103, 2104, 2105, 2106, 2107, 2108, 2109, 2110, 2111, 2112, 2113, 2114, 2115, 2116, 2117, 2118, 2119, 2120, 2121, 2122, 2123, 2124, 2125, 2126, 2127, 2128, 2129, 2130, 2131, 2132, 2133, 2134, 2135, 48392, 69, 1038, 2891, 4368, 4369, 4370, 4371, 4372, 4373, 4374, 4375, 4376, 4377, 4378, 4379, 4380, 4381, 4382, 4383, 4384, 4385, 4386, 4387, 4388, 4389, 4390, 4391, 4392, 4393, 4394, 4395, 4396, 4397, 4398, 4399, 4400, 4401, 4402, 4403, 4404, 4405, 4406, 4407, 4408, 4409, 4410, 4411, 4412, 4413, 4414, 4415, 4416, 4417, 4418, 4419, 4420, 4421, 4422, 4423, 4424, 4425, 4426, 1034, 4540, 4541, 4542, 4543, 4544, 4545, 4546, 4547, 4548, 4549, 4550, 4551, 4552, 4553, 4554, 4555, 4556, 4557, 4558, 4559, 4560, 4561, 4562, 4563, 4564, 4565, 4566, 4567, 4568, 4569, 4570, 4571, 4572, 4573, 4574, 4575, 4576, 4577, 4578, 4579, 4580, 4581, 4582, 4583, 4584, 4585, 4586, 4587, 4588, 4589, 4590, 4591, 4592, 4593, 4594, 4595, 4596, 4597, 50521, 1036, 16417, 1752, 1753, 1754, 1755, 1756, 1757, 1758, 1759, 1760, 1761, 1762, 1763, 1764, 1765, 1766, 1767, 1768, 1769, 1770, 1771, 1772, 1773, 1774, 1775, 1776, 1777, 1778, 1779, 1780, 1781, 1782, 1783, 1784, 1785, 1786, 1787, 1788, 1789, 1790, 1791, 1792, 1793, 1794, 1795, 1796, 1797, 1798, 1799, 1800, 1801, 1802, 1803, 1804 |
| Win-2Kf Files | |
| Win-2Kf Processes | unwise_.exe |
| Win-2Kf Registries | HKEY_LOCAL_MACHINE@...Microsoft\\MRT, HKEY_LOCAL_MACHINE@...Microsoft\\SecurityCenter, HKEY_LOCAL_MACHINE@...Microsoft\\WindowsNT, HKEY_LOCAL_MACHINE@...WindowsNT\\WindowsFileProtection, HKEY_LOCAL_MACHINE@...Windows\\WindowsUpdate, HKEY_USERS@...InternetSettings\\5.0, HKEY_USERS@...InternetSettings\\Connections |
| Win-2Kf Ports | 1031, 135, 21866, 2499, 2500, 2501, 2502, 2503, 2504, 2505, 2506, 2507, 2508, 2509, 2510, 2511, 2512, 2513, 2514, 2515, 2516, 2517, 2518, 2519, 2520, 2521, 2522, 2523, 2524, 2525, 2526, 2527, 2528, 2529, 2530, 2531, 2532, 2533, 2534, 2535, 2536, 2537, 2538, 2539, 2540, 2541, 2542, 2543, 2544, 2545, 2546, 2547, 2548, 2549, 2550, 2551, 2552, 2553, 2554, 2555, 2556, 69, 2391, 2392, 2393, 2394, 2395, 2396, 2397, 2398, 2399, 2400, 2401, 2402, 2403, 2404, 2405, 2406, 2407, 2408, 2409, 2410, 2411, 2412, 2413, 2414, 2415, 2416, 2417, 2418, 2419, 2420, 2421, 2422, 2423, 2424, 2425, 2426, 2427, 2428, 2429, 2430, 2431, 2432, 2433, 2434, 2435, 2436, 2437, 2438, 2439, 2440, 2441, 2442, 2443, 2444, 2445, 2446, 2447, 2448, 2449, 2450, 2451, 2452, 2453, 2454, 31038 |
| Create Events | |
| Create Files | |
| Create RegKeys | |
| Open RegKeys | |
| Service Starts | |
| Service Deletes | |
| Service Creates | |
| Cluster | |
| Cluster Confidence | |
| Packer ID1 | StarForce |
| Packer ID2 | |
| Embedded DNS | |
| String Count | |
| String Link | text |
| String MD5 | |
| Timerange | 365 Days |
| Unpack Status | unknown ( : 0 : Unpacking Provided Binary. (Code,Data) = (, )) |
| Countries | 4 |
| Unpacked Link | |
| Callgraph | |
| API Resolution | |
| Comment | none |