Home > malware > Malware Report: 76116674f35b6ab166b5d78e9839cf024d77b60b

Malware Report: 76116674f35b6ab166b5d78e9839cf024d77b60b

November 9th, 2009 xandora Leave a comment Go to comments

File SHA1: 76116674f35b6ab166b5d78e9839cf024d77b60b
File MD5 : cd788ecf8682136360c800b4fcdec588
File Type: MS-DOS executable, MZ for MS-DOS
Date: Mon Nov 9 18:48:53 MYT 2009
Possible Malware: YES
Panda Says: W32/RXBot.AB.worm

#– Files Created: –

/Documents and Settings/Administrator/Local Settings/Temp/593.exe
/Documents and Settings/Administrator/Local Settings/Temporary Internet Files/Content.IE5/WDANS5QR/pqz2[1].exe
/RECYCLER/S-1-5-21-0243636035-3055115376-381863306-1556
/RECYCLER/S-1-5-21-9823467314-3091667598-523553611-1477
/WINDOWS/Prefetch/593.EXE-31762CD0.pf
/WINDOWS/Prefetch/FCQWI.EXE-1FAEDA0F.pf
/WINDOWS/Prefetch/IEXPLORE.EXE-07D1865D.pf
/WINDOWS/Prefetch/ZTLNZV.EXE-0B210405.pf
/WINDOWS/system32/csrs.exe
/WINDOWS/system32/iexplore.exe
/WINDOWS/system32/ztlnzv.exe

#– Registry Created: –

[SOFTWARE]
[SYSTEM]
[SECURITIES]
[DEFAULT]
[NTUSER]

#– Malware Traffic – DNS: –

38.234.82.124.in-addr.arpa
idfc.info
orts.alwaysproxy4.info
tes.stuckin.org
tx.mostafaaljaafari.net
xx.ka3ek.com
xx.nadnadzz.info

#– Malware Traffic – Connections: –

67.215.1.206.80
67.43.232.36.8080
67.43.236.66.8080
67.43.236.67.10324
72.10.172.211.8080
76.73.9.106.4444

#– Malware Traffic – www: –

idfc.info/rr2.exe
idfc.info/f4.exe
idfc.info/pqz2.exe

#– Screenshots: –

Screen After 90 Seconds

Categories: malware Tags:
  1. No comments yet.
  1. No trackbacks yet.