NovCon Minotaur Analysis System

Enter the MD5, SHA1 or SHA256 hash to search for:

Summary

Sections

Summary
FileType Stats
Identity Stats
Static Analysis
Screenshots
Origin Stats
Primary Domain Stats
Network Traffic
HTTP Requests
DNS Requests
Discussion

MD5:	975dc355e8fcaec11d5b1ab5ce995acc
SHA1:	e89b05c49076600fa4d8a56de851aa951460b41c
SHA256:	2c8f5e67db8c1ae700ae780d760d516aa1b671eb6b906818bcf86c06e08d4cc2
Date Submitted:	1/16/2012 1:10:01 PM
Malicious:	True
Executable:	True

Minotaur Sample ID

110563

FileType Statistics

FileType:

 38.4% (.EXE) Win32 Executable Generic (8527/13/3)
 34.1% (.DLL) Win32 Dynamic Link Library (generic) (7583/30/2)
  9.3% (.EXE) Win16/32 Executable Delphi generic (2072/23)
  9.0% (.EXE) Generic Win/DOS Executable (2002/3)
  9.0% (.EXE) DOS Executable Generic (2000/1)

Identity Statistics

Vendors Declaring Malicious:
TotalVendors:

VirusTotal Report:
http://www.virustotal.com/file/2c8f5e67db8c1ae700ae780d760d516aa1b671eb6b906818bcf86c06e08d4cc2/analysis/

Malware Family Detections:

TR/Crypt.XPACK.Gen5
Gen:Variant.Kazy.53213
W32/Kryptik.XUW!tr
Suspicious file

Static Analysis Data

CRC Data

Claimed	Actual
891944	891944

Claimed Compile Date:
Sat Jan 20 12:54:51 2007 UTC

Count	Language Reference Counts
1	LANG_NORWEGIAN SUBLANG_NORWEGIAN_BOKMAL

Screenshots

Origin Statistics

URL ID	Date Added	URL	IP	Source
111904	1/16/2012 1:10:01 PM	http://uvoaflzwxu.dns2.us/ivanp34.exe	91.217.153.130	vxVault

Primary Domain Information

Domain not found

Network Traffic Analysis

HTTP Request Data

Host	Port	HTTP URI	Method
98.223.246.13	80	/aYkpTghnswEVQXw.htm	GET
97.101.137.15	80	/kHM8.htm	GET
97.85.58.14	80	/zZk0pubhEyiDwUgf7U.htm	GET
93.113.217.17	80	/cjGl.htm	GET
89.116.28.49	80	/8I6JhjdL8FhGK.htm	GET
91.220.90.33	80	/rehC12OFBWGWL35.htm	GET
79.112.67.60	80	/SShG.htm	GET
82.49.196.4	80	/CA0oGEk7.htm	GET
82.49.196.4	80	/U67D1T.htm	GET
84.205.167.34	80	/8Hwr6KXcGswKG.htm	GET
84.91.28.62	80	/vHfB89FAdI6.htm	GET
85.120.148.33	80	/djtncP526.htm	GET
87.242.57.40	80	/P6V4Efa.htm	GET
77.78.234.24	80	/gbSy5rqKhQqodklZ.htm	GET
77.77.229.57	80	/HvbQy4.htm	GET
76.85.133.14	80	/BfWX.htm	GET
75.23.37.35	80	/Ya50i.htm	GET
76.186.28.41	80	/ISJF9AuF.htm	GET
69.144.28.31	80	/xmj7dCIm4z6.htm	GET
71.203.120.43	80	/NOkJSY/.htm	GET
72.185.8.30	80	/KbGO.htm	GET
74.72.100.51	80	/aAgm.htm	GET
31.11.199.43	80	/fPcyADRYQnxsDdw0p.htm	GET
31.13.208.47	80	/oxXpVU2wPF.htm	GET
31.170.134.13	80	/ZCJK.htm	GET
31.216.189.57	80	/1p7vW59yW.htm	GET
31.42.174.9	80	/41x166tjyF417mawY.htm	GET
46.234.144.44	80	/cFpvqSSZ.htm	GET
67.165.216.66	80	/hmSZVjkx15M.htm	GET
213.92.178.59	80	/TbwBXyh9mJjU.htm	GET
217.129.169.56	80	/8iPZ5wFKkOvIi/lmOHb.htm	GET
217.129.230.5	80	/86PCa8uA.htm	GET
217.129.230.5	80	/MJLfWpHFyDKBsqE.htm	GET
24.12.67.45	80	/GEfqo/cfEs05.htm	GET
24.21.137.66	80	/RjboocrgCubEgIzmKd.htm	GET
24.225.32.50	80	/MqNLGkZoFCg.htm	GET
188.244.25.19	80	/XDldNnJIq5ZfittSHa.htm	GET
190.2.126.5	80	/FSWI16f/iUUt.htm	GET
190.2.126.5	80	/tzFMyLVAYs8wH.htm	GET
190.238.120.11	80	/JI9l3kQ4Oa5rHc.htm	GET
190.238.120.11	80	/wKCNf3Ib.htm	GET
200.112.142.34	80	/vjTL.htm	GET
200.120.90.36	80	/LfpGLZFyF3AOwgCVtsF.htm	GET
201.224.178.41	80	/Wkka.htm	GET
112.203.89.57	80	/0BZt5.htm	GET
151.0.2.7	80	/cSgT.htm	GET
151.0.2.7	80	/QbZ1NULy4X7sG.htm	GET
151.27.190.47	80	/H/2UKGb.htm	GET
178.149.196.59	80	/oly0o2CWwBznI.htm	GET
178.216.212.39	80	/6Suc.htm	GET
178.90.58.60	80	/W5MQaLDhX65up50Nz.htm	GET
188.230.107.39	80	/uT8qlVy9Ih2ed.htm	GET
188.24.211.8	80	/9pJ5VbuUOpbq71I.htm	GET
107.3.193.36	80	/yzKBC/nFBNE8/ifDvC.htm	GET
109.185.188.48	80	/IHnawT5pV.htm	GET