Home > malware > Malware Report: e835691420145ae8ce2bd341bb3bf38fb0b217b0

Malware Report: e835691420145ae8ce2bd341bb3bf38fb0b217b0

November 11th, 2009 xandora Leave a comment Go to comments

File SHA1: e835691420145ae8ce2bd341bb3bf38fb0b217b0
File MD5 : be2507cddc25b2575e9376a0be4a576b
File Type: PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Date: Wed Nov 11 06:00:19 MYT 2009
Possible Malware: YES

#– Files Created: –

/Documents and Settings/Administrator/Local Settings/Temp/a.exe
/Documents and Settings/Administrator/Local Settings/Temp/b.exe
/Documents and Settings/Administrator/Local Settings/Temp/~DF7A9E.tmp
/Documents and Settings/Administrator/aOdLgh.exe
/Documents and Settings/Administrator/jtper.exe
/Documents and Settings/Administrator/nfmJjX.bat
/Documents and Settings/Administrator/vekwTy.exe
/Documents and Settings/All Users/Application Data/Microsoft/Dr Watson
/WINDOWS/Prefetch/A.EXE-11A2A041.pf
/WINDOWS/Prefetch/AODLGH.EXE-1C434D25.pf
/WINDOWS/Prefetch/B.EXE-01C1736A.pf
/WINDOWS/Tasks/{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
/WINDOWS/system32/msxml71.dll

#– Registry Created: –

[SOFTWARE]
+ [software\Microsoft\PCHealth\ErrorReporting\ExclusionList]
+ [software\Microsoft\PCHealth\ErrorReporting\InclusionList]
+ [software\Microsoft\RFC1156Agent]
+ [software\Microsoft\RFC1156Agent\CurrentVersion]
+ [software\Microsoft\RFC1156Agent\CurrentVersion\Parameters]
[SYSTEM]
[SECURITIES]
[DEFAULT]
[NTUSER]
+ [NTUSER\Software\TurboNet]
+ [NTUSER\Software\VB and VBA Program Settings]
+ [NTUSER\Software\VB and VBA Program Settings\pz]
+ [NTUSER\Software\VB and VBA Program Settings\pz\x]
+ [NTUSER\Software\XML]

#– System Running Processes: –

::
command=(b.exe):pid=(1472:1480):uid=(0)
command=(cmd.exe):pid=(1356:1544):uid=(0)
command=(cmd.exe):pid=(1364:1380):uid=(0)
command=(cmd.exe):pid=(1388:1496):uid=(0)
command=(rsLzue.exe):pid=(1356:1388):uid=(0)
command=(sample.exe):pid=(752:912):uid=(0)
command=(svchost.exe):pid=(260:508):uid=(0)
command=(svchost.exe):pid=(260:556):uid=(0)

#– Malware Traffic – DNS: –

blueartscube.com
chatpartyline.com
greatwebarts.com
happy397.cn
kinoarts.com
lokoartsgallery.com
new-search-zone.com
ns4.theimageparlour.net
springhousearts.net

#– Malware Traffic – Connections: –

213.239.201.80.80
213.239.201.80.8000
64.120.164.39.80
64.191.82.22.80
64.27.5.204.80
66.197.207.41.80
66.45.246.155.80
69.10.35.253.80
95.211.8.71.80

#– Malware Traffic – www: –

happy397.cn/1/
kinoarts.com/report.php?data=v26MmjSySdemWGR07AUYErNqP+e6JIE9b4NbTn0hKBwACwaB20XYnzqvURqQdlOPgJmd6MMTeQiBMF4YGmLzbY+RtufRrKX/N/tqt+7rkA==
blueartscube.com/item/e7908d9eeafdb73121de37051468fe2257d68671c14f0fb5b025591d6f463e5de3c0ecd8cfa80ff17/34f89492f7b/titem.gif
springhousearts.net/perce/07502dae9a0d47b1612ee755a4080e02f706c66181ff2f65a075a95dbf864ebde3705c787fa83fd1d/14387422477/qwerce.gif
greatwebarts.com/werber/d4d834b257d/217.gif
lokoartsgallery.com/werber/b4c844e2673/217.gif
chatpartyline.com/resolution.php
new-search-zone.com/borders.php

#– Screenshots: –

Screen After 90 Seconds

Categories: malware Tags:
  1. No comments yet.
  1. No trackbacks yet.