Home > malware > Malware Report: acea4c57143b051b65cad1b4f56deb0f381f4c67

Malware Report: acea4c57143b051b65cad1b4f56deb0f381f4c67

November 11th, 2009 xandora Leave a comment Go to comments

File SHA1: acea4c57143b051b65cad1b4f56deb0f381f4c67
File MD5 : e7ad6a0ba8046418566d83a85175153f
File Type: PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Date: Wed Nov 11 01:14:27 MYT 2009
Possible Malware: YES

#– Files Created: –

/Documents and Settings/Administrator/Local Settings/Temp/a.exe
/Documents and Settings/Administrator/Local Settings/Temp/b.exe
/Documents and Settings/Administrator/Local Settings/Temp/~DF7D3E.tmp
/Documents and Settings/Administrator/RgFmDH.exe
/Documents and Settings/Administrator/gilen.exe
/Documents and Settings/Administrator/trotvG.exe
/Documents and Settings/Administrator/zNqXAh.bat
/Documents and Settings/All Users/Application Data/Microsoft/Dr Watson
/WINDOWS/Prefetch/DRWTSN32.EXE-2B4B52AC.pf
/WINDOWS/Prefetch/GIGHSM.EXE-2C6BC2C3.pf
/WINDOWS/Tasks/{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
/WINDOWS/system32/msxml71.dll

#– Registry Created: –

[SOFTWARE]
+ [software\Microsoft\PCHealth\ErrorReporting\ExclusionList]
+ [software\Microsoft\PCHealth\ErrorReporting\InclusionList]
+ [software\Microsoft\RFC1156Agent]
+ [software\Microsoft\RFC1156Agent\CurrentVersion]
+ [software\Microsoft\RFC1156Agent\CurrentVersion\Parameters]
[SYSTEM]
[SECURITIES]
[DEFAULT]
[NTUSER]
+ [NTUSER\Software\TurboNet]
+ [NTUSER\Software\VB and VBA Program Settings]
+ [NTUSER\Software\VB and VBA Program Settings\pz]
+ [NTUSER\Software\VB and VBA Program Settings\pz\x]
+ [NTUSER\Software\XML]

#– Malware Traffic – DNS: –

blueartscube.com
chatpartyline.com
greatwebarts.com
happy397.cn
interhomesite.com
kinoarts.com
lokoartsgallery.com
ns4.theimageparlour.net
springhousearts.net

#– Malware Traffic – Connections: –

213.239.201.80.80
213.239.201.80.8000
64.191.82.22.80
64.191.82.23.80
64.27.5.204.80
66.197.207.41.80
66.45.246.155.80
69.10.35.253.80
95.211.8.71.80

#– Malware Traffic – www: –

happy397.cn/1/
kinoarts.com/report.php?data=v26MmjSySdemWGR07AUYErNqP+e6JIE9b4NbTn0hKBwACwaB20XYnzqvURqQdlOPgJmd6MMTeQiBMF4YGmLzbY+RtufRrKX/N/tqt+7rkA==
blueartscube.com/item/67409d1ecaade7b1b10ed7d50488cea2c76646b1814f7f65d055a97d4f86bebdc340cc98ffb84fa1c/2488c4a2477/titem.gif
springhousearts.net/perce/8790ddce1a6d5731b10ee7d564e86e32a7d656a1510f6fd5c065c9cd5fe6cedd73a0ac880ff8cfb10/b48864a2f7a/qwerce.gif
greatwebarts.com/werber/e49834a2a7d/217.gif
lokoartsgallery.com/werber/24688462b79/217.gif
chatpartyline.com/resolution.php
interhomesite.com/borders.php

#– Screenshots: –

Screen After 90 Seconds

Categories: malware Tags:
  1. No comments yet.
  1. No trackbacks yet.