NovCon Minotaur Analysis System

Enter the MD5, SHA1 or SHA256 hash to search for:

Summary

Sections

Summary
FileType Stats
Identity Stats
Static Analysis
Screenshots
Origin Stats
Primary Domain Stats
Network Traffic
HTTP Requests
DNS Requests
Discussion

MD5:	f94e26d1bb5f61b3ffc1c1cba4c9ec1b
SHA1:	e7b48ff551a0deb00b6ee2ce38fb947f4d40b265
SHA256:	f2ee318b3233229f1626a6b94f9f11b47190d40e19932a90c8b065d73c566b36
Date Submitted:	1/15/2012 2:02:29 AM
Malicious:	True
Executable:	True

Minotaur Sample ID

110091

FileType Statistics

FileType:

 38.4% (.EXE) Win32 Executable Generic (8527/13/3)
 34.1% (.DLL) Win32 Dynamic Link Library (generic) (7583/30/2)
  9.3% (.EXE) Win16/32 Executable Delphi generic (2072/23)
  9.0% (.EXE) Generic Win/DOS Executable (2002/3)
  9.0% (.EXE) DOS Executable Generic (2000/1)

Identity Statistics

Vendors Declaring Malicious:
TotalVendors:

VirusTotal Report:
http://www.virustotal.com/file/f2ee318b3233229f1626a6b94f9f11b47190d40e19932a90c8b065d73c566b36/analysis/

Malware Family Detections:

TR/ATRAPS.Gen2
Gen:Variant.Kazy.52571
W32/Kryptik.XUW!tr
Generic BackDoor.wl
Heuristic.LooksLike.Win32.Winwebsec.E
a variant of Win32/Kryptik.YWJ
Suspicious file
Suspicious.Cloud.5

Static Analysis Data

CRC Data

Claimed	Actual
902781	902781

Claimed Compile Date:
Fri Mar 30 15:11:12 2007 UTC

Count	Language Reference Counts
1	LANG_ENGLISH SUBLANG_ENGLISH_UK

Screenshots

Origin Statistics

URL ID	Date Added	URL	IP	Source
111432	1/15/2012 2:02:30 AM	http://ahczbhl.ddns.me.uk/ivanp33.exe	91.217.153.130	Clean-MX

Primary Domain Information

Domain not found

Network Traffic Analysis

HTTP Request Data

Host	Port	HTTP URI	Method
124.96.161.52	80	/oxXpVU2wPF.htm	GET
180.235.176.53	80	/IHnawT5pV.htm	GET
186.136.202.41	80	/NOkJSY/.htm	GET
188.244.25.19	80	/XDldNnJIq5ZfittSHa.htm	GET
189.143.88.41	80	/ISJF9AuF.htm	GET
190.19.221.66	80	/1p7vW59yW.htm	GET
190.192.2.70	80	/TbwBXyh9mJjU.htm	GET
190.213.142.34	80	/LfpGLZFyF3AOwgCVtsF.htm	GET
190.6.237.38	80	/yzKBC/nFBNE8/ifDvC.htm	GET
190.6.4.0	80	/CA0oGEk7.htm	GET
197.220.154.40	80	/P6V4Efa.htm	GET
200.120.164.71	80	/oly0o2CWwBznI.htm	GET
212.52.48.67	80	/HvbQy4.htm	GET
218.171.56.72	80	/W5MQaLDhX65up50Nz.htm	GET
24.107.187.47	80	/H/2UKGb.htm	GET
24.129.73.47	80	/GEfqo/cfEs05.htm	GET
24.2.29.4	80	/MJLfWpHFyDKBsqE.htm	GET
24.29.200.60	80	/8iPZ5wFKkOvIi/lmOHb.htm	GET
31.129.106.60	80	/aAgm.htm	GET
31.133.43.43	80	/cFpvqSSZ.htm	GET
31.134.213.73	80	/SShG.htm	GET
31.170.134.13	80	/aYkpTghnswEVQXw.htm	GET
31.170.137.74	80	/hmSZVjkx15M.htm	GET
31.216.189.57	80	/8I6JhjdL8FhGK.htm	GET
31.223.221.7	80	/9pJ5VbuUOpbq71I.htm	GET
31.42.167.16	80	/kHM8.htm	GET
41.77.12.39	80	/uT8qlVy9Ih2ed.htm	GET
50.134.152.41	80	/Wkka.htm	GET
62.84.50.6	80	/QbZ1NULy4X7sG.htm	GET
66.177.116.23	80	/gbSy5rqKhQqodklZ.htm	GET
66.74.52.25	80	/KbGO.htm	GET
67.190.236.2	80	/tzFMyLVAYs8wH.htm	GET
68.113.109.10	80	/JI9l3kQ4Oa5rHc.htm	GET
69.142.117.16	80	/zZk0pubhEyiDwUgf7U.htm	GET
72.185.8.30	80	/djtncP526.htm	GET
75.131.253.12	80	/ZCJK.htm	GET
76.17.124.40	80	/6Suc.htm	GET
77.77.229.57	80	/MqNLGkZoFCg.htm	GET
85.120.148.33	80	/Ya50i.htm	GET
85.122.52.10	80	/41x166tjyF417mawY.htm	GET
86.38.209.65	80	/0BZt5.htm	GET
91.220.90.33	80	/8Hwr6KXcGswKG.htm	GET
91.73.53.30	80	/vjTL.htm	GET
92.115.124.16	80	/BfWX.htm	GET
93.113.217.17	80	/cjGl.htm	GET
93.113.38.29	80	/xmj7dCIm4z6.htm	GET
93.95.70.29	80	/rehC12OFBWGWL35.htm	GET
97.88.24.74	80	/vHfB89FAdI6.htm	GET
98.228.111.42	80	/fPcyADRYQnxsDdw0p.htm	GET
98.233.107.74	80	/RjboocrgCubEgIzmKd.htm	GET