Enter the MD5, SHA1 or SHA256 hash to search for:
Summary
Sections
|
| MD5: | 8048d065f8e12d6cda926974d6e6a459 | | SHA1: | 9412b94068d48e596550f50bcecfdb8e90348b45 | | SHA256: | b27c45a1879c8638fbca68502a5873c2e050bf018fa9cafc82efef8cf88ea28f | | Date Submitted: | 12/31/2011 9:09:35 AM | | Malicious: | True | | Executable: | True |
| | | |
|
FileType Statistics
| FileType: | 58.4% (.EXE) Win32 Executable Generic (8527/13/3)
13.8% (.EXE) Clipper DOS Executable (2018/12)
13.7% (.EXE) Generic Win/DOS Executable (2002/3)
13.7% (.EXE) DOS Executable Generic (2000/1)
0.2% (.VXD) VXD Driver (31/22) |
Identity Statistics
| Vendors Declaring Malicious: | |
| TotalVendors: | |
VirusTotal Report:
http://www.virustotal.com/file-scan/report.html?id=b27c45a1879c8638fbca68502a5873c2e050bf018fa9cafc82efef8cf88ea28f-1325340192| Malware Family Detections: | | Generic26.AXKL
Gen:Variant.Graftor.11895
(Suspicious) - DNAScan
UnclassifiedMalware
BackDoor.Maxplus.519
Trojan.Win32.Sirefef
HEUR:Trojan.Win32.Generic
Generic Dropper.ace
Artemis!8048D065F8E1
Trojan:Win32/Sirefef.P
a variant of Win32/Kryptik.YFV
Trj/CI.A
Trojan.Gen
Trojan.Gen.2
Trojan.Agent/Gen-FraudScan[Prod]
Trojan.Win32.Sirefef!IK
Trojan.Win32.Generic!BT
|
Static Analysis Data
CRC Data
| Claimed | Actual | | 242737 | 242737 |
Claimed Compile Date:
Fri Dec 30 17:47:30 2011 UTC
| | Count | Language Reference Counts | | 2 | LANG_NEUTRAL SUBLANG_NEUTRAL |
| |
Screenshots
Origin Statistics
| URL ID | Date Added | URL | IP | Source |
| 107505 | 12/31/2011 9:09:35 AM | http://lovelebanon.org/st.exe | 64.202.102.234 | Clean-MX |
Primary Domain Information
| Level 3 (control) | 64.202.102.234 | Control | | Google | 64.202.102.234 | ALLOWED | | OpenDNS | 64.202.102.234 | ALLOWED | | Norton | 198.153.192.4 | BLOCKED | | Comodo | 64.202.102.234 | ALLOWED |
| |
Network Traffic Analysis
HTTP Request Data
| Host | Port | HTTP URI | Method |
| j.maxmind.com | 80 | /app/geoip.js | GET |
| promos.fling.com | 80 | /geo/txt/city.php | GET |
DNS Request Data
DNS Requests
| Query |
| www.google.com |
| promos.fling.com |
| j.maxmind.com |
| www.yahoo.com |
| www.msn.com |
| www.google.com |
| www.bing.com |
| simplexstored.com |
| ourdatatransfers.com |
| mektek.net |
| logstoreonline.com |
| letraff.com |
| jumptomoon.com |
| gfjdyrfcb.net |
| findtouch.org |
| findsuppose.org |
| engineeringcrossing.com |
| electronicstheory.com |
| battleon.com |
| armoredlegion.com |
DNS Responses
| Query | Response |
| www.yahoo.com | 98.139.180.149 |
| www.msn.com | 65.55.84.56 |
| www.google.com | 74.125.47.105,74.125.47.99,74.125.47.103,74.125.47.106,74.125.47.104,74.125.47.147 |
| www.google.com | 72.14.204.99,72.14.204.103,72.14.204.104,72.14.204.105,72.14.204.147 |
| www.bing.com | 65.121.208.242,65.121.208.218,65.121.208.232 |
| promos.fling.com | 208.91.207.10 |
| simplexstored.com | 66.96.217.37 |
| ourdatatransfers.com | |
| mektek.net | 69.162.123.226 |
| letraff.com | 74.200.72.198 |
| jumptomoon.com | |
| j.maxmind.com | 74.86.64.162 |
| gfjdyrfcb.net | |
| findtouch.org | |
| findsuppose.org | |
| engineeringcrossing.com | 75.126.76.35 |
| electronicstheory.com | 206.188.192.55 |
| battleon.com | 70.86.82.20 |
| armoredlegion.com | 216.157.39.209 |
Discussion
blog comments powered by