Multiperspective Malware Analysis Page - Daily Malware Binary Digest Summary

Welcome to the Cyber-TA
Daily Malware Binary DIGEST Summary Page

20 June 2008

All data collection and analyses summarized in this page were 100% AUTO-GENERATED.

DEVELOPERS: Vinod Yegneswaran (SRI), Phillip Porras (SRI), Hassen Saidi (SRI)
Monirul Sharif (Georgia-Tech), Arvind Narayanan (University of Texas at Austin)

The data on this website is provided for research purposes only. It is provided
for your personal use only and is supplied AS IS, WITHOUT WARRANTY OF ANY KIND.
Use or reliance on this data is at your own risk.

Packed
MD5 UnPacket
MD5 Victim
OS AntiVirus
Hit-Cnt First
Encounter Last
Encounter Freq
Cnt Behavioral
Clusters Unpacked
Egg.asm Packer
Fingerprint API
Resolution String
Cnt Syscall
Trace

53bfe15e91
[Firefox:73 hits: 06-17 to 06-19]
b5919931fe
NEW
f685f8e027
NEW none[4]
b5919931fe[1]
f685f8e027[1] Win2K-f 28 of 33 17:49:34 17:49:34 1 none none:none
ASM:Graph
ASM:Graph
tElock|
ASProtect|
Armadillo| 48% none
lines=90
lines=82 trace
trace
trace

53bfe15e91
[Firefox:73 hits: 06-17 to 06-19]
73f1082158
[Firefox:21 hits: 06-18 to 06-19] none[4]
73f1082158[1] Win2K-f
WinXP 0 of 32 01:31:25 22:37:46 13 none none:none
ASM:Graph
tElock|
Armadillo| 47% none
lines=81 trace
trace

22999be88c
[Firefox: 4 hits: 04-05 to 05-02] eda2056971 [0] WinXP 31 of 32 17:51:32 17:51:55 2 none ASM:Graph
PolyEnE| 100% lines=154
embedded dns trace

0f8f00b9bb
NEW none[4] WinXP 0 of 0 07:56:46 07:56:46 1 none none:none
StarForce| none trace

f58222344f
[Firefox:12 hits: 12-31 to 06-03] 2a56436a64 [0] WinXP 28 of 31 13:14:16 13:14:16 1 none ASM:Graph
PolyEnE| 54% lines=265
embedded dns trace

53bfe15e91
[Firefox:73 hits: 06-17 to 06-19] none[4] Win2K-f
WinXP 33 of 33 00:32:49 23:49:57 32 none none:none
tElock| none trace

3f0a5b2ebe
[Firefox: 2 hits: 06-18 to 06-18]
c6bfb5f0f2
[Firefox: 2 hits: 06-18 to 06-18] none[4]
c6bfb5f0f2[1] WinXP 28 of 32 22:02:49 22:02:49 1 none none:none
ASM:Graph
PolyEnE|
Armadillo| 47% none
lines=81 trace
trace

e5d5ee5587
NEW none[4] WinXP 0 of 0 11:39:42 11:39:42 1 none none:none
FSG| none trace

55fe9d9ade
[Firefox:50 hits: 05-03 to 06-04] 4bce6c4887 [0] WinXP 29 of 29 14:54:38 14:54:38 1 none ASM:Graph
PolyEnE| 100% lines=93
embedded dns trace

67e72b246f
NEW 67e72b246f [1] Win2K-f 0 of 0 09:54:16 23:15:41 3 none ASM:Graph
none|none 2% lines=7 trace

53bfe15e91
[Firefox:73 hits: 06-17 to 06-19]
b7082104e4
[Firefox: 4 hits: 06-18 to 06-18] none[4]
none [4] WinXP 8 of 33 09:43:55 20:10:25 3 none none:none
none:none
tElock|
tElock| none
none trace
trace

8390780c27
NEW none[4] Win2K-f 30 of 32 11:08:52 11:08:52 1 none none:none
tElock| none trace

168aab35a3
[Firefox: 3 hits: 06-17 to 06-19] none[4] Win2K-f
WinXP 31 of 33 04:00:27 23:50:05 2 none none:none
tElock| none trace

d42c1cc7c0
[Firefox:296 hits: 05-01 to 06-19] af9ca5bed1 [0] WinXP 29 of 29 14:53:21 16:17:10 2 none ASM:Graph
PolyEnE| 100% lines=54 trace

a12cab51ef
[Firefox:1060 hits: 05-01 to 06-19] 40f7f463c4 [0] WinXP 29 of 29 06:58:51 06:58:51 1 none ASM:Graph
ASPack| 54% lines=281
embedded dns trace

4dcf7f18ac
NEW none[4] Win2K-f 0 of 0 22:56:51 22:56:51 1 none none:none
tElock| none trace

c78281a815
NEW none[4] Win2K-f 0 of 0 20:20:29 20:20:29 1 none none:none
PolyEnE| none trace

03f912899b
[Firefox:14 hits: 12-14 to 06-19] 83893bd25d [0] WinXP 32 of 32 05:23:01 07:15:22 2 none ASM:Graph
none|none 100% lines=65 trace

18f75b34a5
NEW none[4] WinXP 30 of 33 15:05:47 15:05:47 1 none none:none
PolyEnE| none trace

899035248c
NEW 899035248c [1] WinXP 0 of 0 11:55:53 11:55:53 1 none ASM:Graph
Armadillo| 47% lines=82 trace

794273fbfc
NEW none[4] Win2K-f 0 of 0 22:45:06 22:45:06 1 none none:none
PolyEnE| none trace

7fdfe363d5
[Firefox:2658 hits: 12-31 to 06-19] 10862ea8b8 [0] Win2K-f
WinXP 25 of 28 02:56:10 23:14:26 9 none ASM:Graph
FSG| 95% lines=1933
embedded dns trace

168aab35a3
[Firefox: 3 hits: 06-17 to 06-19]
4c3df24b32
[Firefox: 8 hits: 06-17 to 06-19] none[4]
4c3df24b32[1] Win2K-f
WinXP 0 of 33 05:58:33 23:50:05 2 none none:none
ASM:Graph
tElock|
Armadillo| 47% none
lines=81 trace
trace

741e3b03b3
[Firefox:40 hits: 09-28 to 06-19] e0197e8a64 [0] WinXP 31 of 32 06:09:31 21:21:03 4 none ASM:Graph
none|none 100% lines=62 trace

8390780c27
NEW
af88ae89f8
NEW none[4]
af88ae89f8[1] Win2K-f 31 of 33 11:08:52 11:08:52 1 none none:none
ASM:Graph
tElock|
Armadillo| 47% none
lines=82 trace
trace

831f4ee0a7
[Firefox:647 hits: 07-11 to 06-19] eb7546c600 [0] WinXP 29 of 29 07:52:44 21:15:08 4 none ASM:Graph
none|none 100% lines=61 trace

3f0a5b2ebe
[Firefox: 2 hits: 06-18 to 06-18] none[4] WinXP 32 of 33 22:02:49 22:02:49 1 none none:none
PolyEnE| none trace

17028f1eda
[Firefox: 8 hits: 09-29 to 06-19] none[3] WinXP 31 of 32 21:43:14 21:45:15 2 none none:none
tElock| none trace

53bfe15e91
[Firefox:73 hits: 06-17 to 06-19]
a08f3b74a4
[Firefox:24 hits: 06-18 to 06-19]
b5919931fe
NEW none[4]
a08f3b74a4[1]
b5919931fe[1] Win2K-f 0 of 0 00:32:49 23:30:06 8 none none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
ASProtect| 48% none
lines=81
lines=90 trace
trace
trace

3dffacd270
NEW
d5bf17f14e
NEW 3dffacd270 [1]
none [4] WinXP 0 of 0 18:58:21 18:58:21 1 none ASM:Graph
none:none
Armadillo|
tElock| lines=82
none trace
trace

5c52e3199d
NEW
69b938edb7
NEW 5c52e3199d [1]
none [4] WinXP
Win2K-f 0 of 0 11:53:10 17:48:53 2 none ASM:Graph
none:none
FASM|
tElock| lines=83
none trace
trace

57ce4acac2
[Firefox:12 hits: 06-17 to 06-19] 57ce4acac2 [1] Win2K-f
WinXP 0 of 33 00:32:49 20:02:59 4 none ASM:Graph
Armadillo| 47% lines=81 trace

398530ed93
NEW none[4] Win2K-f 0 of 0 16:42:56 16:42:56 1 none none:none
PolyEnE| none trace

1a2c0e6130
[Firefox:428 hits: 12-31 to 06-19] 048df78048 [0] WinXP 29 of 29 16:44:42 16:44:42 1 none ASM:Graph
none|none 100% lines=61 trace

53bfe15e91
[Firefox:73 hits: 06-17 to 06-19]
a08f3b74a4
[Firefox:24 hits: 06-18 to 06-19] none[4]
a08f3b74a4[1] Win2K-f
WinXP 0 of 33 04:54:22 23:49:57 10 none none:none
ASM:Graph
tElock|
Armadillo| 47% none
lines=81 trace
trace

33575aa644
NEW 33575aa644 [1] WinXP 0 of 0 02:50:07 02:50:07 1 none ASM:Graph
Armadillo| 47% lines=82 trace

33575aa644
NEW
c7001e5413
NEW 33575aa644 [1]
none [4] WinXP 0 of 0 02:50:07 02:50:07 1 none ASM:Graph
none:none
Armadillo|
tElock| lines=82
none trace
trace

67e72b246f
NEW
f24b618b0e
NEW 67e72b246f [1]
none [4] Win2K-f 0 of 0 08:01:12 23:15:41 4 none ASM:Graph
none:none
none|none
none|none lines=7
none trace
trace

a0139d7ad8
[Firefox:439 hits: 05-02 to 06-03] d9e9662db1 [0] WinXP 29 of 29 09:58:22 09:58:22 1 none ASM:Graph
PolyEnE| 99% lines=68 trace

794273fbfc
NEW
b455f223d6
NEW none[4]
b455f223d6[1] Win2K-f 0 of 0 22:45:06 22:45:06 1 none none:none
ASM:Graph
PolyEnE|
Armadillo| 47% none
lines=81 trace
trace

ea9787a186
NEW none[4] WinXP 0 of 0 12:34:25 12:34:25 1 none none:none
PolyEnE| none trace

830faa6678
NEW none[4] Win2K-f 0 of 0 07:43:48 07:43:48 1 none none:none
EXECrypto| none trace

607b60ad51
NEW
e07c29c4ae
[Firefox: 2 hits: 06-19 to 06-19]
e5c7bce70e
NEW none[4]
e07c29c4ae[1]
e5c7bce70e[1] WinXP 0 of 0 18:13:17 18:13:17 1 none none:none
ASM:Graph
ASM:Graph
tElock|
FSG|
Armadillo| 47% none
lines=92
lines=81 trace
trace
trace

dd3f647f74
NEW none[3] WinXP 0 of 0 01:39:01 01:39:01 1 none none:none
PolyEnE| none trace

16874933ea
[Firefox: 3 hits: 06-18 to 06-19]
76ee340669
[Firefox: 3 hits: 06-18 to 06-19] 16874933ea [1]
none [4] WinXP 33 of 33 08:18:18 08:18:18 1 none ASM:Graph
none:none
Armadillo|
PolyEnE| lines=82
none trace
trace

8a75955033
NEW
9276c8b36b
NEW none[4]
9276c8b36b[1] Win2K-f 0 of 0 16:53:59 16:53:59 1 none none:none
ASM:Graph
tElock|
Armadillo| 47% none
lines=81 trace
trace

27b945de66
NEW none[4] WinXP 0 of 0 03:11:38 03:11:38 1 none none:none
none|none none trace

9961bc25ef
NEW none[4] WinXP 0 of 0 19:33:43 19:33:43 1 none none:none
FSG| none trace

53bfe15e91
[Firefox:73 hits: 06-17 to 06-19]
dc92683d9a
NEW none[4]
dc92683d9a[1] WinXP 0 of 0 22:38:03 22:38:03 1 none none:none
ASM:Graph
tElock|
Armadillo| 47% none
lines=82 trace
trace

16874933ea
[Firefox: 3 hits: 06-18 to 06-19] 16874933ea [1] WinXP 29 of 33 08:18:18 08:18:18 1 none ASM:Graph
Armadillo| 48% lines=82 trace

53bfe15e91
[Firefox:73 hits: 06-17 to 06-19]
dc92683d9a
NEW
e07c29c4ae
[Firefox: 2 hits: 06-19 to 06-19] none[4]
dc92683d9a[1]
e07c29c4ae[1] WinXP 0 of 0 10:26:27 22:38:03 10 none none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
FSG| 48% none
lines=82
lines=92 trace
trace
trace

90d02b6b68
NEW none[4] WinXP 0 of 0 19:06:09 19:06:09 1 none none:none
PolyEnE| none trace

8a75955033
NEW none[4] Win2K-f 0 of 0 16:53:59 16:53:59 1 none none:none
tElock| none trace

21e5edb96d
NEW none[4] WinXP 0 of 0 08:22:08 08:22:08 1 none none:none
none|none none trace

56265328e3
NEW 56265328e3 [1] Win2K-f 0 of 0 08:01:12 08:01:12 1 none ASM:Graph
none|none 4% lines=7 trace

862c0a7fa5
NEW none[4] WinXP 0 of 0 10:46:34 10:46:34 1 none none:none
FSG| none trace

5c52e3199d
NEW 5c52e3199d [1] WinXP
Win2K-f 0 of 0 11:53:10 17:48:53 2 none ASM:Graph
FASM| 47% lines=83 trace

83f26f5044
NEW none[4] WinXP 0 of 0 22:32:58 22:32:58 1 none none:none
tElock| none trace

f2668b51f1
[Firefox: 8 hits: 08-10 to 06-15] none[4] WinXP 31 of 32 05:29:11 05:29:11 1 none none:none
PolyEnE| none trace

4dcf7f18ac
NEW
9bf5558de5
NEW none[4]
9bf5558de5[1] Win2K-f 0 of 0 22:56:51 22:56:51 1 none none:none
ASM:Graph
tElock|
Armadillo| 47% none
lines=82 trace
trace

3ae357d17b
[Firefox:715 hits: 05-01 to 06-18] 462a7be171 [0] WinXP 29 of 29 17:01:12 20:14:56 2 none ASM:Graph
PolyEnE| 99% lines=73 trace

e09933a21a
NEW none[4] WinXP 0 of 0 05:17:17 06:29:49 2 none none:none
PolyEnE| none trace

7d99b0e910
[Firefox:3066 hits: 12-31 to 06-19] 7a70e1b592 [0] WinXP 26 of 28 03:10:44 21:32:43 5 none ASM:Graph
PolyEnE| 99% lines=68 trace

168aab35a3
[Firefox: 3 hits: 06-17 to 06-19]
61426996c3
NEW none[4]
61426996c3[1] Win2K-f 0 of 0 04:00:27 04:00:27 1 none none:none
ASM:Graph
tElock|
Armadillo| 47% none
lines=82 trace
trace

ab5e47bf8d
[Firefox:48 hits: 05-10 to 06-14] none[3] WinXP 29 of 29 10:02:44 10:02:44 1 none none:none
ASPack| none trace

607b60ad51
NEW none[4] WinXP 0 of 0 18:13:17 18:13:17 1 none none:none
tElock| none trace

899035248c
NEW
9d677c3f70
NEW 899035248c [1]
none [4] WinXP 0 of 0 11:55:53 11:55:53 1 none ASM:Graph
none:none
Armadillo|
tElock| lines=82
none trace
trace

83f26f5044
NEW
d715f88a95
NEW none[4]
d715f88a95[1] WinXP 0 of 0 22:32:58 22:32:58 1 none none:none
ASM:Graph
tElock|
Armadillo| 47% none
lines=82 trace
trace

3dffacd270
NEW 3dffacd270 [1] WinXP 0 of 0 18:58:21 18:58:21 1 none ASM:Graph
Armadillo| 47% lines=82 trace