Home > malware > Malware Report: f3eca368509f59f365cb9924a43ad060b34126d8

Malware Report: f3eca368509f59f365cb9924a43ad060b34126d8

November 10th, 2009 xandora Leave a comment Go to comments

File SHA1: f3eca368509f59f365cb9924a43ad060b34126d8
File MD5 : cd9e0ec0d69d723d4f074741c3829b83
File Type: PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Date: Tue Nov 10 02:50:23 MYT 2009
Possible Malware: YES

#– Files Created: –

/Documents and Settings/Administrator/Local Settings/Temporary Internet Files/Content.IE5/ADR46XYH/st[1].txt
/Documents and Settings/Administrator/Local Settings/Temporary Internet Files/Content.IE5/WDANS5QR/bot[1].txt
/Documents and Settings/Administrator/Local Settings/Temporary Internet Files/Content.IE5/WDANS5QR/lgate[1].htm
/Documents and Settings/All Users/Application Data/Microsoft/Dr Watson
/WINDOWS/Temp/bytojpjqmjru.bat
/WINDOWS/system32/2.tmp
/WINDOWS/system32/3.tmp
/WINDOWS/system32/4.tmp
/WINDOWS/system32/5.tmp
/WINDOWS/system32/drivers/zckkifvt7.sys
/WINDOWS/system32/lowsec
/WINDOWS/system32/sdra64.exe

#– Registry Created: –

[SOFTWARE]
+ [software\Microsoft\DownloadManager]
+ [software\Microsoft\PCHealth\ErrorReporting\ExclusionList]
+ [software\Microsoft\PCHealth\ErrorReporting\InclusionList]
[SYSTEM]
[SECURITIES]
[DEFAULT]
[NTUSER]

#– Malware Traffic – DNS: –

colopin.cn
irc.zief.pl
komojoke.cn

#– Malware Traffic – Connections: –

218.93.205.30.80
91.206.201.39.80
93.174.92.220.80

#– Malware Traffic – www: –

colopin.cn/oc/box.txt
colopin.cn/op/lgate.php?n=E15210BDE81AC24D
colopin.cn/lib/bot.txt
komojoke.cn/cit/st.txt
komojoke.cn/ag/lo.txt

#– Screenshots: –

Screen After 90 Seconds

Screen After 120 Seconds

Categories: malware Tags:
  1. No comments yet.
  1. No trackbacks yet.