NovCon Minotaur Analysis System

Enter the MD5, SHA1 or SHA256 hash to search for:

Summary

Sections

Summary
FileType Stats
Identity Stats
Static Analysis
Screenshots
Origin Stats
Primary Domain Stats
Network Traffic
HTTP Requests
DNS Requests
Discussion

MD5:	f42d530ca7d29dca8f5affb7af0cb4c8
SHA1:	b99225f35649e9f9fd46fdffedcdb4955aeea7c4
SHA256:	6bdd6175a40281e844b28a27e7644fb7081063dc490e707167b5f00067ba88e6
Date Submitted:	2/26/2012 9:57:21 PM
Malicious:	True
Executable:	True

Minotaur Sample ID

128839

FileType Statistics

FileType:

 68.0% (.EXE) Win32 Executable Generic (8527/13/3)
 15.9% (.EXE) Generic Win/DOS Executable (2002/3)
 15.9% (.EXE) DOS Executable Generic (2000/1)
  0.0% (.CEL) Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3)

Identity Statistics

Vendors Declaring Malicious:
TotalVendors:

VirusTotal Report:
http://www.virustotal.com/file/6bdd6175a40281e844b28a27e7644fb7081063dc490e707167b5f00067ba88e6/analysis/

Malware Family Detections:

Dropped:Worm.Generic.365388
Suspect.Trojan.Generic.FD-4
TrojWare.Win32.Downloader.Fraudload.AB
W32/FakeAlert.FY.gen!Eldorado
Trojan:Win32/Fifesock.gen!A
W32/Obfuscated.A2!genr
Suspicious file
Riskware
Trojan.Win32.Generic.pak!cobra

Static Analysis Data

CRC Data

Claimed	Actual
75037	765679

Claimed Compile Date:
Thu Feb 23 03:36:26 2012 UTC

Count	Language Reference Counts
3	LANG_ENGLISH SUBLANG_ENGLISH_US
2	LANG_RUSSIAN SUBLANG_RUSSIAN

Screenshots

Origin Statistics

URL ID	Date Added	URL	IP	Source
131104	2/26/2012 9:57:21 PM	http://photo-album-mcshs.osa.pl/album.exe	91.217.153.155	Clean-MX

Primary Domain Information

Level 3 (control)	91.217.153.155	Control
Google	91.217.153.155	ALLOWED
OpenDNS	91.217.153.155	ALLOWED
Norton	91.217.153.155	ALLOWED
Comodo	91.217.153.155	ALLOWED

Network Traffic Analysis

HTTP Request Data

Host	Port	HTTP URI	Method
62.143.199.24	80	/LfpGLZFyF3AOwgCVtsF.htm	GET
46.249.143.3	80	/86PCa8uA.htm	GET
46.249.143.3	80	/MJLfWpHFyDKBsqE.htm	GET
46.49.52.29	80	/6Suc.htm	GET
62.221.134.39	80	/H/2UKGb.htm	GET
62.231.125.34	80	/fPcyADRYQnxsDdw0p.htm	GET
67.172.102.59	80	/hmSZVjkx15M.htm	GET
69.142.117.16	80	/6Ynqm9wIB.htm	GET
69.142.117.16	80	/gbSy5rqKhQqodklZ.htm	GET
77.120.133.55	80	/SShG.htm	GET
77.91.4.18	80	/rehC12OFBWGWL35.htm	GET
78.142.39.30	80	/ISJF9AuF.htm	GET
78.88.37.30	80	/P6V4Efa.htm	GET
78.92.186.4	80	/cSgT.htm	GET
78.92.186.4	80	/QbZ1NULy4X7sG.htm	GET
wyylsic.eu	80	/jucheck.exe	GET
stn0001.com	80	/1/setup.php?act=grabber&id=uOr4IHTwxtisdYE4akxpOO3e&log=STARTED	GET
stn0001.com	80	/1/setup.php?act=grabber&id=uOr4IHTwxtisdYE4akxpOO3e&log=OTHER_5_1_SP_3_0_	GET
stn0001.com	80	/1/setup.php?act=grabber&id=uOr4IHTwxtisdYE4akxpOO3e&log=ANTIEMUL	GET
stn0001.com	80	/1/setup.php?act=grabber&id=uOr4IHTwxtisdYE4akxpOO3e&log=20	GET
ryflyed.eu	80	/rnn0001.exe	GET
95.77.237.5	80	/9pJ5VbuUOpbq71I.htm	GET
95.77.237.5	80	/AjEt2kCCV/1m88taLY.htm	GET
99.40.31.58	80	/RjboocrgCubEgIzmKd.htm	GET
92.47.86.45	80	/aAgm.htm	GET
91.189.34.14	80	/mUmmyfT0OZdOvzzz.htm	GET
91.220.90.33	80	/NOkJSY/.htm	GET
91.189.34.14	80	/cjGl.htm	GET
89.46.237.12	80	/stesTnHdCP.htm	GET
89.69.4.48	80	/1p7vW59yW.htm	GET
89.228.29.40	80	/IHnawT5pV.htm	GET
89.46.237.12	80	/BfWX.htm	GET
89.148.84.45	80	/MqNLGkZoFCg.htm	GET
89.133.241.2	80	/FSWI16f/iUUt.htm	GET
89.133.241.2	80	/tzFMyLVAYs8wH.htm	GET
88.132.4.56	80	/vHfB89FAdI6.htm	GET
85.121.218.39	80	/oxXpVU2wPF.htm	GET
87.248.90.36	80	/GEfqo/cfEs05.htm	GET
84.38.80.9	80	/ZCJK.htm	GET
84.205.164.46	80	/8iPZ5wFKkOvIi/lmOHb.htm	GET
84.38.80.9	80	/103PMNPCOnPnBzrlK8.htm	GET
82.237.8.52	80	/TbwBXyh9mJjU.htm	GET
81.15.207.43	80	/8I6JhjdL8FhGK.htm	GET
79.124.88.14	80	/XDldNnJIq5ZfittSHa.htm	GET
79.124.88.14	80	/OANFjjB9N9.htm	GET
31.6.149.13	80	/kHM8.htm	GET
31.6.149.13	80	/WSYuO/qEndDrOYe.htm	GET
31.133.32.50	80	/HvbQy4.htm	GET
31.41.12.32	80	/Wkka.htm	GET
24.178.227.8	80	/wKCNf3Ib.htm	GET
24.241.206.35	80	/cFpvqSSZ.htm	GET
196.202.56.10	80	/szuTuNhgsi4I32.htm	GET
212.52.46.24	80	/8Hwr6KXcGswKG.htm	GET
190.160.160.16	80	/KbGO.htm	GET
196.202.56.10	80	/aYkpTghnswEVQXw.htm	GET
188.124.101.17	80	/xmj7dCIm4z6.htm	GET
188.2.220.46	80	/0BZt5.htm	GET
186.22.136.53	80	/oly0o2CWwBznI.htm	GET
178.90.10.54	80	/W5MQaLDhX65up50Nz.htm	GET
178.235.51.29	80	/uT8qlVy9Ih2ed.htm	GET
178.48.73.24	80	/Ya50i.htm	GET
178.168.91.2	80	/CA0oGEk7.htm	GET
178.168.91.2	80	/U67D1T.htm	GET
178.165.69.12	80	/zZk0pubhEyiDwUgf7U.htm	GET
176.73.170.6	80	/41x166tjyF417mawY.htm	GET
176.73.170.6	80	/dV9VHjt.htm	GET
178.165.69.12	80	/HxoBTXGmspTaG5.htm	GET

DNS Request Data

DNS Requests

Query

ryflyed.eu

wyylsic.eu

stn0001.com