NovCon Minotaur Analysis System

Enter the MD5, SHA1 or SHA256 hash to search for:

Summary

Sections

Summary
FileType Stats
Identity Stats
Static Analysis
Screenshots
Origin Stats
Primary Domain Stats
Network Traffic
HTTP Requests
DNS Requests
Discussion

MD5:	b25c15646354cc07a14eab4fa38c22c8
SHA1:	96b60bfeed08900331489557763bcc0acd4db10c
SHA256:	0a83008c1f27516395c62de46cc7f18a6e72d2b401a4c42b99673b8d29c76734
Date Submitted:	6/24/2012 7:36:17 PM
Malicious:	True
Executable:	True

Minotaur Sample ID

164110

FileType Statistics

FileType:

 80.3% (.EXE) Win32 Executable Microsoft Visual Basic 6 (82067/2/8)
  8.3% (.EXE) Win32 Executable Generic (8527/13/3)
  7.4% (.DLL) Win32 Dynamic Link Library (generic) (7583/30/2)
  1.9% (.EXE) Generic Win/DOS Executable (2002/3)
  1.9% (.EXE) DOS Executable Generic (2000/1)

Identity Statistics

Vendors Declaring Malicious:
TotalVendors:

VirusTotal Report:
http://www.virustotal.com/file/0a83008c1f27516395c62de46cc7f18a6e72d2b401a4c42b99673b8d29c76734/analysis/

Malware Family Detections:

Gen:Variant.Kazy.70694
(Suspicious) - DNAScan
Win32.SuspectCrc
Trojan-Downloader.Win32.VB.awch
Artemis!B25C15646354
Suspicious file
Win32.SuspectCrc!IK
Trojan.Win32.Generic.pak!cobra

Static Analysis Data

CRC Data

Claimed	Actual
128180	326095

Claimed Compile Date:
Mon Jun 18 12:11:06 2012 UTC

Count	Language Reference Counts
18	LANG_ENGLISH SUBLANG_ENGLISH_US
12	LANG_NEUTRAL SUBLANG_NEUTRAL

Screenshots

Origin Statistics

URL ID	Date Added	URL	IP	Source
166512	6/24/2012 7:36:17 PM	http://www.postalesamor.socivil.cl/Postales_Amor_www.riotarjetas.com.exe	200.6.118.169	Clean-MX

Summary

FileType Statistics

Identity Statistics

Static Analysis Data

Screenshots

Origin Statistics

Primary Domain Information

Domain not found

Network Traffic Analysis

Discussion