NovCon Minotaur Analysis System

Enter the MD5, SHA1 or SHA256 hash to search for:

Summary

Sections

Summary
FileType Stats
Identity Stats
Static Analysis
Screenshots
Origin Stats
Primary Domain Stats
Network Traffic
HTTP Requests
DNS Requests
Discussion

MD5:	bf055d2e6aa03b9a574b8d848d80b1bb
SHA1:	0bc9406011d80fd646691a091e4f3e5f1634042b
SHA256:	f55bec20b8fc010e659cdd024cd817a5193df62e83318c0dc9031918ad907d99
Date Submitted:	3/4/2012 7:39:37 PM
Malicious:	True
Executable:	True

Minotaur Sample ID

131352

FileType Statistics

FileType:

 38.4% (.EXE) Win32 Executable Generic (8527/13/3)
 34.1% (.DLL) Win32 Dynamic Link Library (generic) (7583/30/2)
  9.3% (.EXE) Win16/32 Executable Delphi generic (2072/23)
  9.0% (.EXE) Generic Win/DOS Executable (2002/3)
  9.0% (.EXE) DOS Executable Generic (2000/1)

Identity Statistics

Vendors Declaring Malicious:
TotalVendors:

VirusTotal Report:
http://www.virustotal.com/file/f55bec20b8fc010e659cdd024cd817a5193df62e83318c0dc9031918ad907d99/analysis/

Malware Family Detections:

TR/Crypt.ZPACK.Gen2
Win32:MalOb-JI [Cryp]
Win32/Cryptor
Gen:Variant.Kazy.59549
Heuristic.LooksLike.Win32.Winwebsec.E
a variant of Win32/Kryptik.ABTV
Suspicious file
Suspicious.Cloud.5

Static Analysis Data

CRC Data

Claimed	Actual
949829	949829

Claimed Compile Date:
Sun Jun 25 15:12:36 2006 UTC

Count	Language Reference Counts
1	LANG_PORTUGUESE SUBLANG_PORTUGUESE
1	LANG_NORWEGIAN SUBLANG_NORWEGIAN_BOKMAL
1	LANG_NEUTRAL SUBLANG_NEUTRAL
1	LANG_NEUTRAL SUBLANG_DEFAULT

Screenshots

Origin Statistics

URL ID

Date Added

URL

Source

Primary Domain Information

Network Traffic Analysis

HTTP Request Data

Host	Port	HTTP URI	Method
173.18.17.194	80	/QO9vEZL2Zj.htm	GET
153.19.164.210	80	/Wvn9nhOFaKR.htm	GET
173.18.17.194	80	/8j/vHZLGu.htm	GET
151.28.113.36	80	/aJEE.htm	GET
153.19.164.210	80	/szuTuNhgsi4I32.htm	GET
174.109.151.104	80	/mUmmyfT0OZdOvzzz.htm	GET
176.240.131.21	80	/vjTL.htm	GET
176.73.170.6	80	/41x166tjyF417mawY.htm	GET
176.9.229.133	80	/7d0TU.htm	GET
178.165.69.12	80	/zZk0pubhEyiDwUgf7U.htm	GET
178.168.91.2	80	/CA0oGEk7.htm	GET
178.235.51.29	80	/uT8qlVy9Ih2ed.htm	GET
178.48.122.19	80	/djtncP526.htm	GET
178.48.73.24	80	/Ya50i.htm	GET
178.48.86.119	80	/gEFD.htm	GET
178.48.86.119	80	/TyaG.htm	GET
178.90.10.54	80	/W5MQaLDhX65up50Nz.htm	GET
178.95.172.27	80	/yzKBC/nFBNE8/ifDvC.htm	GET
186.19.60.238	80	/103PMNPCOnPnBzrlK8.htm	GET
186.22.136.53	80	/oly0o2CWwBznI.htm	GET
186.97.111.171	80	/HxoBTXGmspTaG5.htm	GET
188.124.101.17	80	/xmj7dCIm4z6.htm	GET
188.2.220.46	80	/0BZt5.htm	GET
188.230.107.39	80	/AjEt2kCCV/1m88taLY.htm	GET
190.112.101.34	80	/rIP67tC.htm	GET
190.114.149.199	80	/8N1TX7gjlwZz3JIVU.htm	GET
190.121.69.139	80	/wKCNf3Ib.htm	GET
190.160.160.16	80	/KbGO.htm	GET
190.162.137.60	80	/Xu5yqDlrdja7v.htm	GET
190.191.213.189	80	/U67D1T.htm	GET
196.202.56.10	80	/aYkpTghnswEVQXw.htm	GET
201.213.176.14	80	/2FGq4HQ/jMT.htm	GET
201.213.176.14	80	/OGFy.htm	GET
212.52.46.24	80	/8Hwr6KXcGswKG.htm	GET
213.113.55.194	80	/iEHigDHVjaWS7cZS.htm	GET
24.178.227.8	80	/JI9l3kQ4Oa5rHc.htm	GET
24.241.206.35	80	/cFpvqSSZ.htm	GET
31.133.32.50	80	/HvbQy4.htm	GET
31.207.220.217	80	/GwXA.htm	GET
31.41.12.32	80	/Wkka.htm	GET
31.6.149.13	80	/kHM8.htm	GET
46.249.143.3	80	/MJLfWpHFyDKBsqE.htm	GET
46.49.52.29	80	/6Suc.htm	GET
62.143.199.24	80	/LfpGLZFyF3AOwgCVtsF.htm	GET
62.221.134.39	80	/H/2UKGb.htm	GET
62.231.125.34	80	/fPcyADRYQnxsDdw0p.htm	GET
67.172.102.59	80	/hmSZVjkx15M.htm	GET
67.49.92.189	80	/M/RN38hmnTpS8r4wFc.htm	GET
68.119.169.4	80	/Pu6D88534SwA.htm	GET
68.185.226.198	80	/86PCa8uA.htm	GET
69.142.117.16	80	/gbSy5rqKhQqodklZ.htm	GET
69.203.114.151	80	/erdj.htm	GET
72.182.9.55	80	/cSgT.htm	GET
72.182.9.55	80	/wO2yc9F4PIFYHQ.htm	GET
72.42.146.238	80	/G84C.htm	GET
76.174.35.216	80	/FN1B1.htm	GET
76.84.14.71	80	/FSWI16f/iUUt.htm	GET
77.120.133.55	80	/SShG.htm	GET
77.91.4.18	80	/rehC12OFBWGWL35.htm	GET
78.142.39.30	80	/ISJF9AuF.htm	GET
78.88.37.30	80	/P6V4Efa.htm	GET
78.92.186.4	80	/QbZ1NULy4X7sG.htm	GET
79.124.88.14	80	/XDldNnJIq5ZfittSHa.htm	GET
79.175.219.124	80	/jK5f.htm	GET
79.175.219.124	80	/KvPZl5HFMP.htm	GET
80.27.172.145	80	/GpMqkHToD.htm	GET
81.15.207.43	80	/8I6JhjdL8FhGK.htm	GET
82.237.8.52	80	/TbwBXyh9mJjU.htm	GET
83.251.52.149	80	/dV9VHjt.htm	GET
84.205.164.46	80	/8iPZ5wFKkOvIi/lmOHb.htm	GET
84.38.80.9	80	/ZCJK.htm	GET
85.121.218.39	80	/oxXpVU2wPF.htm	GET
86.106.53.161	80	/OANFjjB9N9.htm	GET
87.248.90.36	80	/GEfqo/cfEs05.htm	GET
88.132.4.56	80	/vHfB89FAdI6.htm	GET
88.188.78.53	80	/9TBfsyPLMcJn.htm	GET
88.220.103.56	80	/dIhPf7YJ4cf.htm	GET
89.133.241.2	80	/tzFMyLVAYs8wH.htm	GET
89.148.84.45	80	/MqNLGkZoFCg.htm	GET
89.174.234.56	80	/AavSLDTiwAzICh5.htm	GET
89.204.243.30	80	/5bPTSno.htm	GET
89.205.96.123	80	/jBbzofqNsafxn7.htm	GET
89.205.96.123	80	/samA0.htm	GET
89.228.29.40	80	/IHnawT5pV.htm	GET
89.235.225.101	80	/kE3GzZPf5Z9Sk.htm	GET
89.46.237.12	80	/BfWX.htm	GET
89.69.4.48	80	/1p7vW59yW.htm	GET
91.189.34.14	80	/cjGl.htm	GET
91.220.90.33	80	/NOkJSY/.htm	GET
92.47.86.45	80	/aAgm.htm	GET
95.77.237.5	80	/9pJ5VbuUOpbq71I.htm	GET
99.135.245.49	80	/stesTnHdCP.htm	GET
99.135.245.49	80	/TSV9BFIw11Q.htm	GET
99.40.31.58	80	/RjboocrgCubEgIzmKd.htm	GET
147.83.118.92	80	/6Ynqm9wIB.htm	GET
130.255.134.66	80	/yqKb.htm	GET
115.43.223.21	80	/WSYuO/qEndDrOYe.htm	GET

DNS Request Data

DNS Requests

Query

akinard.com

DNS Responses

Query	Response
akinard.com	115.43.223.21
akinard.com	130.255.134.66
akinard.com	147.83.118.92
akinard.com	151.28.113.36
akinard.com	153.19.164.210
akinard.com	173.18.17.194
akinard.com	174.109.151.104
akinard.com	176.9.229.133
akinard.com	178.48.86.119
akinard.com	186.19.60.238
akinard.com	186.97.111.171
akinard.com	188.230.107.39
akinard.com	190.112.101.34
akinard.com	190.114.149.199
akinard.com	190.121.69.139
akinard.com	190.162.137.60
akinard.com	190.191.213.189
akinard.com	201.213.176.14
akinard.com	213.113.55.194
akinard.com	31.207.220.217
akinard.com	67.49.92.189
akinard.com	68.119.169.4
akinard.com	68.185.226.198
akinard.com	99.135.245.49
akinard.com	89.235.225.101
akinard.com	89.205.96.123
akinard.com	89.204.243.30
akinard.com	89.174.234.56
akinard.com	88.220.103.56
akinard.com	88.188.78.53
akinard.com	86.106.53.161
akinard.com	83.251.52.149
akinard.com	80.27.172.145
akinard.com	79.175.219.124
akinard.com	76.84.14.71
akinard.com	76.174.35.216
akinard.com	72.42.146.238
akinard.com	72.182.9.55
akinard.com	69.203.114.151