Home > malware > Malware Report: f808c8af6111640cfdb9c8ff029bdde49d448d10

Malware Report: f808c8af6111640cfdb9c8ff029bdde49d448d10

November 11th, 2009 xandora Leave a comment Go to comments

File SHA1: f808c8af6111640cfdb9c8ff029bdde49d448d10
File MD5 : f078391331a190b176477d50b47cf442
File Type: PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Date: Wed Nov 11 02:27:26 MYT 2009
Possible Malware: YES

#– Files Created: –

/Documents and Settings/Administrator/KcnKJZ.exe
/Documents and Settings/Administrator/Local Settings/Temp/a.exe
/Documents and Settings/Administrator/Local Settings/Temp/b.exe
/Documents and Settings/Administrator/Local Settings/Temp/~DF779D.tmp
/Documents and Settings/Administrator/MPoDqb.exe
/Documents and Settings/Administrator/ogmTAC.bat
/Documents and Settings/Administrator/quuoxa.exe
/Documents and Settings/All Users/Application Data/Microsoft/Dr Watson
/WINDOWS/Prefetch/A.EXE-11A2A041.pf
/WINDOWS/Prefetch/B.EXE-01C1736A.pf
/WINDOWS/Prefetch/DRWTSN32.EXE-2B4B52AC.pf
/WINDOWS/Prefetch/KCNKJZ.EXE-087554C7.pf
/WINDOWS/Prefetch/MPODQB.EXE-0252435A.pf
/WINDOWS/Tasks/{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
/WINDOWS/system32/msxml71.dll

#– Registry Created: –

[SOFTWARE]
+ [software\Microsoft\PCHealth\ErrorReporting\ExclusionList]
+ [software\Microsoft\PCHealth\ErrorReporting\InclusionList]
+ [software\Microsoft\RFC1156Agent]
+ [software\Microsoft\RFC1156Agent\CurrentVersion]
+ [software\Microsoft\RFC1156Agent\CurrentVersion\Parameters]
[SYSTEM]
[SECURITIES]
[DEFAULT]
[NTUSER]
+ [NTUSER\Software\TurboNet]
+ [NTUSER\Software\VB and VBA Program Settings]
+ [NTUSER\Software\VB and VBA Program Settings\pz]
+ [NTUSER\Software\VB and VBA Program Settings\pz\x]
+ [NTUSER\Software\XML]

#– Malware Traffic – DNS: –

blueartscube.com
chatpartyline.com
greatwebarts.com
happy397.cn
kinoarts.com
lokoartsgallery.com
new-search-zone.com
ns2.theimageparlour.net
springhousearts.net

#– Malware Traffic – Connections: –

213.239.201.80.80
213.239.201.80.8000
64.120.164.39.80
64.191.82.22.80
64.27.5.204.80
66.197.207.41.80
66.45.246.155.80
69.10.35.253.80
95.211.8.71.80

#– Malware Traffic – www: –

happy397.cn/1/
kinoarts.com/report.php?data=v26MmjSySdemWGR07AUYErNqP+e6JIE9b4NbTn0hKBwACwaB20XYnzqvURqQdlOPgJmd6MMTeQiBMF4YGmLzbY+RtufRrKX/N/tqt+7rkA==
blueartscube.com/item/f790fd5e5a8d17b1311e376584e82e8207b6d6b1612f5ff580b5092d0f967efd33605c98ff784f218/84880462a79/titem.gif
springhousearts.net/perce/3780cd7eaacdf7e151feb7e564382e5217c656b1f1ef1f55a035f9adcf56ee0dd3b07c787f685fd16/14c8d442e72/qwerce.gif
greatwebarts.com/werber/04782482574/217.gif
lokoartsgallery.com/werber/7418c472971/217.gif
chatpartyline.com/resolution.php
new-search-zone.com/borders.php

#– Screenshots: –

Screen After 90 Seconds

Categories: malware Tags:
  1. No comments yet.
  1. No trackbacks yet.