NovCon Minotaur Analysis System

Enter the MD5, SHA1 or SHA256 hash to search for:

Summary

Sections

Summary
FileType Stats
Identity Stats
Static Analysis
Screenshots
Origin Stats
Primary Domain Stats
Network Traffic
HTTP Requests
DNS Requests
Discussion

MD5:	6cd64647499a408a1fff91b1de8682e8
SHA1:	e7f460ac4dc7fd8d10b76f3ccb0bb5f15c88e154
SHA256:	10686d5999f02937a7166bb041606a83fdd05cc7c9f58494f54da349485424d7
Date Submitted:	1/21/2012 6:22:27 AM
Malicious:	True
Executable:	True

Minotaur Sample ID

111959

FileType Statistics

FileType:

 38.4% (.EXE) Win32 Executable Generic (8527/13/3)
 34.1% (.DLL) Win32 Dynamic Link Library (generic) (7583/30/2)
  9.3% (.EXE) Win16/32 Executable Delphi generic (2072/23)
  9.0% (.EXE) Generic Win/DOS Executable (2002/3)
  9.0% (.EXE) DOS Executable Generic (2000/1)

Identity Statistics

Vendors Declaring Malicious:
TotalVendors:

VirusTotal Report:
http://www.virustotal.com/file/10686d5999f02937a7166bb041606a83fdd05cc7c9f58494f54da349485424d7/analysis/

Malware Family Detections:

TR/Crypt.ZPACK.Gen2
Win32:MalOb-HX [Cryp]
Win32/Cryptor
Gen:Variant.Kazy.53213
Heuristic.LooksLike.Win32.Winwebsec.E

Static Analysis Data

CRC Data

Claimed	Actual
949425	949425

Claimed Compile Date:
Fri Apr 7 12:21:00 2006 UTC

Count	Language Reference Counts
1	LANG_FRENCH SUBLANG_FRENCH

Screenshots

Origin Statistics

URL ID	Date Added	URL	IP	Source
113303	1/21/2012 6:22:27 AM	http://fjsknh.trickip.org/franki2.exe	91.217.153.130	Clean-MX

Primary Domain Information

Domain not found

Network Traffic Analysis

HTTP Request Data

Host	Port	HTTP URI	Method
107.10.81.2	80	/tzFMyLVAYs8wH.htm	GET
109.122.4.204	80	/rIP67tC.htm	GET
109.185.188.48	80	/GEfqo/cfEs05.htm	GET
109.185.216.46	80	/FN1B1.htm	GET
112.204.4.42	80	/Wkka.htm	GET
1.22.16.83	80	/RjboocrgCubEgIzmKd.htm	GET
132.235.229.41	80	/ISJF9AuF.htm	GET
151.0.10.75	80	/1p7vW59yW.htm	GET
151.28.113.19	80	/gbSy5rqKhQqodklZ.htm	GET
178.148.80.86	80	/103PMNPCOnPnBzrlK8.htm	GET
178.148.80.86	80	/AavSLDTiwAzICh5.htm	GET
178.165.69.12	80	/41x166tjyF417mawY.htm	GET
186.136.24.25	80	/djtncP526.htm	GET
186.19.181.16	80	/cjGl.htm	GET
186.23.135.232	80	/OANFjjB9N9.htm	GET
186.35.101.8	80	/QbZ1NULy4X7sG.htm	GET
188.230.98.25	80	/vjTL.htm	GET
190.18.64.142	80	/QO9vEZL2Zj.htm	GET
190.245.69.50	80	/G84C.htm	GET
190.6.225.231	80	/WSYuO/qEndDrOYe.htm	GET
190.6.4.0	80	/CA0oGEk7.htm	GET
195.174.26.14	80	/aYkpTghnswEVQXw.htm	GET
200.127.182.35	80	/uT8qlVy9Ih2ed.htm	GET
201.231.3.47	80	/cFpvqSSZ.htm	GET
201.239.11.222	80	/U67D1T.htm	GET
202.150.185.70	80	/7d0TU.htm	GET
202.150.185.70	80	/AjEt2kCCV/1m88taLY.htm	GET
212.1.99.82	80	/vHfB89FAdI6.htm	GET
24.12.67.45	80	/2FGq4HQ/jMT.htm	GET
24.232.129.51	80	/oxXpVU2wPF.htm	GET
24.29.200.60	80	/MqNLGkZoFCg.htm	GET
31.11.199.43	80	/fPcyADRYQnxsDdw0p.htm	GET
31.14.236.49	80	/H/2UKGb.htm	GET
31.170.134.13	80	/JI9l3kQ4Oa5rHc.htm	GET
31.41.8.25	80	/rehC12OFBWGWL35.htm	GET
31.47.25.164	80	/6Ynqm9wIB.htm	GET
31.47.3.241	80	/9TBfsyPLMcJn.htm	GET
50.131.15.71	80	/8iPZ5wFKkOvIi/lmOHb.htm	GET
62.178.159.75	80	/HvbQy4.htm	GET
66.168.199.154	80	/aJEE.htm	GET
66.215.158.37	80	/6Suc.htm	GET
67.165.216.66	80	/aAgm.htm	GET
68.225.61.31	80	/LfpGLZFyF3AOwgCVtsF.htm	GET
68.43.2.103	80	/iEHigDHVjaWS7cZS.htm	GET
68.62.236.208	80	/wKCNf3Ib.htm	GET
69.142.117.16	80	/kHM8.htm	GET
71.196.72.60	80	/8I6JhjdL8FhGK.htm	GET
71.203.120.43	80	/NOkJSY/.htm	GET
71.60.28.85	80	/hmSZVjkx15M.htm	GET
74.62.40.73	80	/0BZt5.htm	GET
75.139.33.39	80	/P6V4Efa.htm	GET
75.176.46.199	80	/kE3GzZPf5Z9Sk.htm	GET
75.24.144.130	80	/Xu5yqDlrdja7v.htm	GET
75.64.6.183	80	/GpMqkHToD.htm	GET
75.64.6.183	80	/M/RN38hmnTpS8r4wFc.htm	GET
75.72.144.92	80	/jK5f.htm	GET
75.72.144.92	80	/Wvn9nhOFaKR.htm	GET
75.72.144.92	80	/yqKb.htm	GET
75.76.3.154	80	/dV9VHjt.htm	GET
75.76.3.154	80	/erdj.htm	GET
76.186.22.57	80	/IHnawT5pV.htm	GET
76.29.208.247	80	/Pu6D88534SwA.htm	GET
76.85.133.14	80	/BfWX.htm	GET
77.120.146.210	80	/gEFD.htm	GET
77.78.234.24	80	/xmj7dCIm4z6.htm	GET
77.81.134.81	80	/SShG.htm	GET
77.81.50.28	80	/8Hwr6KXcGswKG.htm	GET
80.65.171.79	80	/W5MQaLDhX65up50Nz.htm	GET
81.191.41.78	80	/oly0o2CWwBznI.htm	GET
82.131.1.159	80	/cSgT.htm	GET
83.3.31.22	80	/KbGO.htm	GET
84.73.146.157	80	/OGFy.htm	GET
85.122.52.10	80	/9pJ5VbuUOpbq71I.htm	GET
86.38.209.65	80	/HxoBTXGmspTaG5.htm	GET
88.207.56.212	80	/dIhPf7YJ4cf.htm	GET
88.207.56.212	80	/mUmmyfT0OZdOvzzz.htm	GET
88.207.56.212	80	/samA0.htm	GET
88.216.55.168	80	/GwXA.htm	GET
88.216.55.168	80	/stesTnHdCP.htm	GET
88.216.55.168	80	/szuTuNhgsi4I32.htm	GET
88.216.55.168	80	/TSV9BFIw11Q.htm	GET
88.216.55.168	80	/wO2yc9F4PIFYHQ.htm	GET
89.19.149.3	80	/MJLfWpHFyDKBsqE.htm	GET
89.34.175.184	80	/5bPTSno.htm	GET
91.220.90.33	80	/yzKBC/nFBNE8/ifDvC.htm	GET
92.39.51.61	80	/8j/vHZLGu.htm	GET
93.113.217.17	80	/XDldNnJIq5ZfittSHa.htm	GET
93.123.69.29	80	/Ya50i.htm	GET
95.87.57.162	80	/FSWI16f/iUUt.htm	GET
97.85.58.14	80	/zZk0pubhEyiDwUgf7U.htm	GET
98.223.246.13	80	/ZCJK.htm	GET
98.248.74.236	80	/86PCa8uA.htm	GET
99.139.26.78	80	/TbwBXyh9mJjU.htm	GET

DNS Request Data

DNS Requests

Query

akinard.com

DNS Responses

Query	Response
akinard.com	109.122.4.204
akinard.com	109.185.216.46
akinard.com	178.148.80.86
akinard.com	186.23.135.232
akinard.com	190.18.64.142
akinard.com	190.245.69.50
akinard.com	190.6.225.231
akinard.com	201.239.11.222
akinard.com	202.150.185.70
akinard.com	24.12.67.45
akinard.com	31.47.25.164
akinard.com	31.47.3.241
akinard.com	66.168.199.154
akinard.com	68.43.2.103
akinard.com	68.62.236.208
akinard.com	75.176.46.199
akinard.com	75.24.144.130
akinard.com	75.64.6.183
akinard.com	75.72.144.92
akinard.com	75.76.3.154
akinard.com	76.29.208.247
akinard.com	77.120.146.210
akinard.com	82.131.1.159
akinard.com	84.73.146.157
akinard.com	86.38.209.65
akinard.com	88.207.56.212
akinard.com	88.216.55.168
akinard.com	89.34.175.184
akinard.com	92.39.51.61
akinard.com	95.87.57.162
akinard.com	98.248.74.236