NovCon Minotaur Analysis System

Enter the MD5, SHA1 or SHA256 hash to search for:

Summary

Sections

Summary
FileType Stats
Identity Stats
Static Analysis
Screenshots
Origin Stats
Primary Domain Stats
Network Traffic
HTTP Requests
DNS Requests
Discussion

MD5:	7b55cab3983f73642dd0340000b623f8
SHA1:	701a957460980a46f0e209968fc7c36308294f9a
SHA256:	5d038d0fdf544e1fad104838f47562e3d12d36508f82f5c3e9632392a407a1cf
Date Submitted:	2/2/2012 4:00:30 AM
Malicious:	True
Executable:	True

Minotaur Sample ID

119042

FileType Statistics

FileType:

 38.4% (.EXE) Win32 Executable Generic (8527/13/3)
 34.1% (.DLL) Win32 Dynamic Link Library (generic) (7583/30/2)
  9.3% (.EXE) Win16/32 Executable Delphi generic (2072/23)
  9.0% (.EXE) Generic Win/DOS Executable (2002/3)
  9.0% (.EXE) DOS Executable Generic (2000/1)

Identity Statistics

Vendors Declaring Malicious:
TotalVendors:

VirusTotal Report:
http://www.virustotal.com/file/5d038d0fdf544e1fad104838f47562e3d12d36508f82f5c3e9632392a407a1cf/analysis/

Malware Family Detections:

Win32/Cryptor
Gen:Variant.Kazy.53951
W32/Kryptik.XUW!tr
a variant of Win32/Kryptik.ZXC
Suspicious file
Mal/Agent-AFY

Static Analysis Data

CRC Data

Claimed	Actual
935321	935321

Claimed Compile Date:
Mon Jun 26 00:25:35 2006 UTC

Count	Language Reference Counts
1	LANG_NEUTRAL SUBLANG_SYS_DEFAULT
1	LANG_NEUTRAL SUBLANG_NEUTRAL
1	LANG_GERMAN SUBLANG_GERMAN_AUSTRIAN
1	LANG_FRENCH SUBLANG_FRENCH
1	LANG_FINNISH SUBLANG_NEUTRAL
1	LANG_ENGLISH SUBLANG_ENGLISH_UK

Screenshots

Origin Statistics

URL ID	Date Added	URL	IP	Source
121008	2/2/2012 4:00:30 AM	http://xyrpavu.eu/rtce002.exe	195.28.8.121	Clean-MX

Primary Domain Information

Domain not found

Network Traffic Analysis

HTTP Request Data

Host	Port	HTTP URI	Method
95.68.53.34	80	/BfWX.htm	GET
96.10.251.108	80	/uT8qlVy9Ih2ed.htm	GET
97.101.137.15	80	/cSgT.htm	GET
97.101.137.15	80	/QbZ1NULy4X7sG.htm	GET
98.218.107.99	80	/8Hwr6KXcGswKG.htm	GET
98.230.203.111	80	/P6V4Efa.htm	GET
117.204.70.207	80	/hmSZVjkx15M.htm	GET
118.41.235.190	80	/SShG.htm	GET
139.30.121.132	80	/8iPZ5wFKkOvIi/lmOHb.htm	GET
174.134.71.115	80	/ISJF9AuF.htm	GET
175.205.116.57	80	/gbSy5rqKhQqodklZ.htm	GET
186.137.172.116	80	/NOkJSY/.htm	GET
187.184.33.56	80	/XDldNnJIq5ZfittSHa.htm	GET
189.202.35.1	80	/CA0oGEk7.htm	GET
189.202.35.1	80	/U67D1T.htm	GET
189.220.155.69	80	/rehC12OFBWGWL35.htm	GET
190.245.137.28	80	/aYkpTghnswEVQXw.htm	GET
201.158.81.166	80	/oly0o2CWwBznI.htm	GET
213.113.51.50	80	/cjGl.htm	GET
217.144.24.102	80	/Ya50i.htm	GET
222.108.148.119	80	/GEfqo/cfEs05.htm	GET
24.11.239.118	80	/cFpvqSSZ.htm	GET
24.12.67.45	80	/kHM8.htm	GET
24.163.56.124	80	/IHnawT5pV.htm	GET
24.2.231.128	80	/aAgm.htm	GET
46.105.114.120	80	/H/2UKGb.htm	GET
50.128.166.152	80	/TbwBXyh9mJjU.htm	GET
50.82.135.94	80	/vjTL.htm	GET
61.61.219.64	80	/xmj7dCIm4z6.htm	GET
66.8.220.12	80	/86PCa8uA.htm	GET
66.8.220.12	80	/MJLfWpHFyDKBsqE.htm	GET
66.91.51.23	80	/41x166tjyF417mawY.htm	GET
66.91.51.23	80	/dV9VHjt.htm	GET
68.114.12.150	80	/HvbQy4.htm	GET
68.42.204.12	80	/FSWI16f/iUUt.htm	GET
68.42.204.12	80	/tzFMyLVAYs8wH.htm	GET
68.51.242.21	80	/9pJ5VbuUOpbq71I.htm	GET
68.51.242.21	80	/AjEt2kCCV/1m88taLY.htm	GET
69.110.8.147	80	/1p7vW59yW.htm	GET
69.142.73.109	80	/6Suc.htm	GET
69.253.127.87	80	/djtncP526.htm	GET
69.27.61.144	80	/0BZt5.htm	GET
69.47.94.103	80	/LfpGLZFyF3AOwgCVtsF.htm	GET
71.196.251.116	80	/fPcyADRYQnxsDdw0p.htm	GET
71.204.9.125	80	/8I6JhjdL8FhGK.htm	GET
71.86.102.115	80	/Wkka.htm	GET
75.64.6.183	80	/W5MQaLDhX65up50Nz.htm	GET
75.81.232.121	80	/oxXpVU2wPF.htm	GET
76.90.46.106	80	/yzKBC/nFBNE8/ifDvC.htm	GET
77.81.50.28	80	/103PMNPCOnPnBzrlK8.htm	GET
77.81.50.28	80	/ZCJK.htm	GET
85.122.82.126	80	/MqNLGkZoFCg.htm	GET
87.97.204.202	80	/RjboocrgCubEgIzmKd.htm	GET
88.222.176.59	80	/KbGO.htm	GET
91.220.90.33	80	/zZk0pubhEyiDwUgf7U.htm	GET
93.116.9.196	80	/vHfB89FAdI6.htm	GET
98.240.212.26	80	/JI9l3kQ4Oa5rHc.htm	GET
98.240.212.26	80	/wKCNf3Ib.htm	GET