Multiperspective Malware Analysis Page - Daily Malware Binary Digest Summary

Welcome to the Cyber-TA
Daily Malware Binary DIGEST Summary Page

24 June 2008

All data collection and analyses summarized in this page were 100% AUTO-GENERATED.

DEVELOPERS: Vinod Yegneswaran (SRI), Phillip Porras (SRI), Hassen Saidi (SRI)
Monirul Sharif (Georgia-Tech), Arvind Narayanan (University of Texas at Austin)

The data on this website is provided for research purposes only. It is provided
for your personal use only and is supplied AS IS, WITHOUT WARRANTY OF ANY KIND.
Use or reliance on this data is at your own risk.

Packed
MD5 UnPacket
MD5 Victim
OS AntiVirus
Hit-Cnt First
Encounter Last
Encounter Freq
Cnt Behavioral
Clusters Unpacked
Egg.asm Packer
Fingerprint API
Resolution String
Cnt Syscall
Trace

60be29c325
NEW 60be29c325 [1] WinXP 31 of 33 23:45:22 23:45:22 1 none ASM:Graph
ASPack| lines=10 trace

6ec2a8994b
NEW
857b781ca9
NEW none[4]
857b781ca9[1] Win2K-f 29 of 33 08:43:28 08:43:28 1 none none:none
ASM:Graph
tElock|
Armadillo| 47% none
lines=82 trace
trace

53bfe15e91
[Firefox:150 hits: 06-17 to 06-23]
73f1082158
[Firefox:52 hits: 06-18 to 06-23] none[4]
73f1082158[1] WinXP
Win2K-f 0 of 32 00:36:20 22:40:48 12 none none:none
ASM:Graph
tElock|
Armadillo| 47% none
lines=81 trace
trace

b3dc05139e
NEW none[4] WinXP 32 of 33 00:16:29 00:16:29 1 none none:none
PolyEnE| none trace

53bfe15e91
[Firefox:150 hits: 06-17 to 06-23] none[4] WinXP
Win2K-f 33 of 33 00:36:20 23:19:31 22 none none:none
tElock| none trace

53bfe15e91
[Firefox:150 hits: 06-17 to 06-23]
b7082104e4
[Firefox: 8 hits: 06-18 to 06-23] none[4]
none [4] Win2K-f 8 of 33 20:40:17 20:40:17 1 none none:none
none:none
tElock|
tElock| none
none trace
trace

d70e9267fe
NEW none[4] Win2K-f 31 of 33 19:51:30 19:51:30 1 none none:none
PolyEnE| none trace

122376b0c0
NEW none[4] Win2K-f 29 of 33 23:12:51 23:12:51 1 none none:none
none|none none trace

d42c1cc7c0
[Firefox:302 hits: 05-01 to 06-22] af9ca5bed1 [0] WinXP 29 of 29 13:54:39 13:54:39 1 none ASM:Graph
PolyEnE| 100% lines=54 trace

533d15b5ce
NEW none[4] Win2K-f 30 of 33 03:56:33 03:56:33 1 none none:none
tElock| none trace

0e8b1eb68b
NEW none[4] WinXP 32 of 33 21:19:13 21:19:13 1 none none:none
PolyEnE| none trace

03f912899b
[Firefox:19 hits: 12-14 to 06-23] 83893bd25d [0] WinXP 32 of 32 00:53:13 01:49:40 2 none ASM:Graph
none|none 100% lines=65 trace

7fdfe363d5
[Firefox:2697 hits: 12-31 to 06-23] 10862ea8b8 [0] WinXP
Win2K-f 25 of 28 00:20:57 22:28:58 18 none ASM:Graph
FSG| 95% lines=1933
embedded dns trace

741e3b03b3
[Firefox:59 hits: 09-28 to 06-23] e0197e8a64 [0] WinXP 31 of 32 03:22:54 15:56:16 5 none ASM:Graph
none|none 100% lines=62 trace

831f4ee0a7
[Firefox:655 hits: 07-11 to 06-22] eb7546c600 [0] WinXP 29 of 29 01:08:00 01:08:00 1 none ASM:Graph
none|none 100% lines=61 trace

533d15b5ce
NEW
58c343a8d8
NEW none[4]
58c343a8d8[1] Win2K-f 28 of 33 03:56:33 03:56:33 1 none none:none
ASM:Graph
tElock|
Armadillo| 47% none
lines=82 trace
trace

53bfe15e91
[Firefox:150 hits: 06-17 to 06-23]
a08f3b74a4
[Firefox:53 hits: 06-18 to 06-23]
b5919931fe
[Firefox:21 hits: 06-20 to 06-23] none[4]
a08f3b74a4[1]
b5919931fe[1] Win2K-f 0 of 32 12:08:10 23:19:31 5 none none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
ASProtect| 48% none
lines=81
lines=90 trace
trace
trace

9d9054829c
NEW none[4] WinXP 31 of 33 18:40:05 18:40:05 1 none none:none
tElock| none trace

57ce4acac2
[Firefox:18 hits: 06-17 to 06-22] 57ce4acac2 [1] WinXP 0 of 33 20:05:59 21:16:19 2 none ASM:Graph
Armadillo| 47% lines=81 trace

dd98c3c108
NEW dd98c3c108 [1] Win2K-f 29 of 33 13:43:44 13:43:44 1 none ASM:Graph
Armadillo| 47% lines=82 trace

1a2c0e6130
[Firefox:436 hits: 12-31 to 06-23] 048df78048 [0] WinXP 29 of 29 15:37:32 15:37:32 1 none ASM:Graph
none|none 100% lines=61 trace

993cfd2369
NEW
acce263b25
NEW none[4]
acce263b25[1] Win2K-f 30 of 33 13:15:59 13:15:59 1 none none:none
ASM:Graph
PolyEnE|
Armadillo| 47% none
lines=81 trace
trace

12df83cb4f
[Firefox: 2 hits: 06-19 to 06-22] 12df83cb4f [1] Win2K-f 28 of 33 20:50:19 20:50:19 1 none ASM:Graph
Armadillo| 47% lines=82 trace

53bfe15e91
[Firefox:150 hits: 06-17 to 06-23]
a08f3b74a4
[Firefox:53 hits: 06-18 to 06-23] none[4]
a08f3b74a4[1] WinXP
Win2K-f 0 of 33 02:20:29 23:19:31 9 none none:none
ASM:Graph
tElock|
Armadillo| 47% none
lines=81 trace
trace

12df83cb4f
[Firefox: 2 hits: 06-19 to 06-22]
2e7dc3f066
[Firefox: 2 hits: 06-19 to 06-22] 12df83cb4f [1]
none [4] Win2K-f 30 of 33 20:50:19 20:50:19 1 none ASM:Graph
none:none
Armadillo|
tElock| lines=82
none trace
trace

8acd7e1937
NEW
f0473a332c
NEW 8acd7e1937 [1]
f0473a332c[1] WinXP 27 of 33 15:13:40 15:13:40 1 none ASM:Graph
ASM:Graph
none|none
ASPack| lines=0
lines=10 trace
trace

dd98c3c108
NEW
e98746deb1
NEW dd98c3c108 [1]
none [4] Win2K-f 31 of 33 13:43:44 13:43:44 1 none ASM:Graph
none:none
Armadillo|
tElock| lines=82
none trace
trace

b5919931fe
[Firefox:21 hits: 06-20 to 06-23]
e592406be2
[Firefox: 2 hits: 06-19 to 06-19] b5919931fe [1]
e592406be2[1] Win2K-f 28 of 32 19:00:57 19:00:57 1 none ASM:Graph
ASM:Graph
ASProtect|
Armadillo| 47% lines=90
lines=82 trace
trace

e19fa0dfad
NEW none[4] WinXP 32 of 33 16:47:58 16:47:58 1 none none:none
PolyEnE| none trace

b5919931fe
[Firefox:21 hits: 06-20 to 06-23]
e592406be2
[Firefox: 2 hits: 06-19 to 06-19]
f1218dd4e7
[Firefox: 2 hits: 06-19 to 06-19] b5919931fe [1]
e592406be2[1]
none [4] Win2K-f 30 of 33 19:00:57 19:00:57 1 none ASM:Graph
ASM:Graph
none:none
ASProtect|
Armadillo|
tElock| lines=90
lines=82
none trace
trace
trace

607b60ad51
NEW
e07c29c4ae
[Firefox:25 hits: 06-19 to 06-23]
e5c7bce70e
NEW none[4]
e07c29c4ae[1]
e5c7bce70e[1] WinXP 2 of 32 17:03:29 17:03:29 1 none none:none
ASM:Graph
ASM:Graph
tElock|
FSG|
Armadillo| 47% none
lines=92
lines=81 trace
trace
trace

df17a625ee
[Firefox:470 hits: 05-04 to 06-21] 9bbdd086c5 [0] WinXP 29 of 29 01:50:16 13:28:00 3 none ASM:Graph
ASPack| 49% lines=186
embedded dns trace

6ec2a8994b
NEW none[4] Win2K-f 30 of 33 08:43:28 08:43:28 1 none none:none
tElock| none trace

d16355e15b
NEW none[4] Win2K-f 33 of 33 16:14:24 16:14:24 1 none none:none
ASPack| none trace

986b59708d
[Firefox:300 hits: 05-03 to 06-18] 8a00217866 [0] WinXP 29 of 29 12:45:35 12:45:35 1 none ASM:Graph
PolyEnE| 100% lines=57 trace

9d9054829c
NEW
b69118be9f
NEW none[4]
b69118be9f[1] WinXP 30 of 33 18:40:05 18:40:05 1 none none:none
ASM:Graph
tElock|
Armadillo| 47% none
lines=82 trace
trace

53bfe15e91
[Firefox:150 hits: 06-17 to 06-23]
a08f3b74a4
[Firefox:53 hits: 06-18 to 06-23]
e07c29c4ae
[Firefox:25 hits: 06-19 to 06-23] none[4]
a08f3b74a4[1]
e07c29c4ae[1] WinXP 0 of 33 05:20:12 17:36:57 3 none none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
FSG| 48% none
lines=81
lines=92 trace
trace
trace

993cfd2369
NEW none[4] Win2K-f 32 of 33 13:15:59 13:15:59 1 none none:none
PolyEnE| none trace

21e5edb96d
[Firefox: 5 hits: 06-19 to 06-22] none[4] WinXP 31 of 33 10:08:42 10:08:42 1 none none:none
none|none none trace

7ffffc0adf
NEW none[4] WinXP 32 of 33 21:18:21 21:18:21 1 none none:none
PolyEnE| none trace

9edaa61558
NEW none[4] WinXP 33 of 33 22:24:39 22:25:03 2 none none:none
PolyEnE| none trace

3690b64ca2
[Firefox: 2 hits: 06-18 to 06-21] none[4] Win2K-f 32 of 33 04:27:35 04:27:35 1 none none:none
PolyEnE| none trace

7f60162c2c
[Firefox:1346 hits: 12-31 to 06-23] 1aad8e4632 [0] WinXP 25 of 25 12:08:47 20:55:13 6 none ASM:Graph
PolyEnE| 100% lines=93
embedded dns trace

57ce4acac2
[Firefox:18 hits: 06-17 to 06-22]
83f26f5044
NEW 57ce4acac2 [1]
none [4] WinXP 29 of 32 21:16:19 21:16:19 1 none ASM:Graph
none:none
Armadillo|
tElock| lines=81
none trace
trace

776985f561
NEW 776985f561 [1] WinXP 31 of 33 20:16:04 20:16:04 1 none ASM:Graph
Armadillo| 47% lines=82 trace

f2668b51f1
[Firefox: 9 hits: 08-10 to 06-20] none[4] WinXP 31 of 32 20:54:56 20:54:56 1 none none:none
PolyEnE| none trace

49f8b27cca
NEW
e414dccc52
NEW 49f8b27cca [1]
none [4] WinXP 31 of 33 20:27:56 20:27:56 1 none ASM:Graph
none:none
Armadillo|
ASProtect| lines=82
none trace
trace

b74e792974
NEW b74e792974 [1] Win2K-f 31 of 33 23:43:15 23:43:15 1 none ASM:Graph
Armadillo| 47% lines=82 trace

3690b64ca2
[Firefox: 2 hits: 06-18 to 06-21]
a6fb77fd26
[Firefox: 2 hits: 06-18 to 06-21] none[4]
a6fb77fd26[1] Win2K-f 30 of 33 04:27:35 04:27:35 1 none none:none
ASM:Graph
PolyEnE|
Armadillo| 47% none
lines=82 trace
trace

3ae357d17b
[Firefox:719 hits: 05-01 to 06-21] 462a7be171 [0] WinXP 29 of 29 09:54:34 09:54:34 1 none ASM:Graph
PolyEnE| 99% lines=73 trace

9861192127
NEW none[4] WinXP 31 of 33 14:20:19 14:20:19 1 none none:none
FSG| none trace

55bbb36238
NEW none[4] WinXP 30 of 33 23:29:43 23:29:43 1 none none:none
ASPack| none trace

8acd7e1937
NEW 8acd7e1937 [1] WinXP 29 of 32 15:13:40 15:13:40 1 none ASM:Graph
none|none 44% lines=0 trace

7d99b0e910
[Firefox:3082 hits: 12-31 to 06-23] 7a70e1b592 [0] WinXP 26 of 28 01:02:31 19:32:07 7 none ASM:Graph
PolyEnE| 99% lines=68 trace

49f8b27cca
NEW 49f8b27cca [1] WinXP 29 of 33 20:27:56 20:27:56 1 none ASM:Graph
Armadillo| 47% lines=82 trace

60be29c325
NEW
83b454f0d3
NEW 60be29c325 [1]
83b454f0d3[1] WinXP 31 of 33 23:45:22 23:45:22 1 none ASM:Graph
ASM:Graph
ASPack|
ASPack| lines=10
lines=10 trace
trace

1509c8d024
[Firefox: 2 hits: 06-17 to 06-22]
f23b040440
NEW none[4]
f23b040440[1] WinXP 30 of 32 13:22:59 13:22:59 1 none none:none
ASM:Graph
tElock|
Armadillo| 47% none
lines=82 trace
trace

131351dd21
[Firefox: 5 hits: 05-22 to 06-22] none[4] Win2K-f 20 of 32 16:13:27 16:13:27 1 none none:none
none|none none trace

776985f561
NEW
8ec6129efe
NEW 776985f561 [1]
none [4] WinXP 31 of 33 20:16:04 20:16:04 1 none ASM:Graph
none:none
Armadillo|
tElock| lines=82
none trace
trace

b74e792974
NEW
f0e73c39a8
NEW b74e792974 [1]
none [4] Win2K-f 31 of 33 23:43:15 23:43:15 1 none ASM:Graph
none:none
Armadillo|
tElock| lines=82
none trace
trace

1509c8d024
[Firefox: 2 hits: 06-17 to 06-22] none[4] WinXP 31 of 33 13:22:59 13:22:59 1 none none:none
tElock| none trace

48dc88ef9d
NEW 48dc88ef9d [1] Win2K-f 29 of 33 19:02:33 19:02:33 1 none ASM:Graph
FASM| 47% lines=81 trace

607b60ad51
NEW none[4] WinXP 31 of 32 17:03:29 17:03:29 1 none none:none
tElock| none trace

fd0bf48a75
[Firefox:13 hits: 04-28 to 05-23] none[3] Win2K-f 20 of 32 23:27:49 23:27:49 1 none none:none
ASProtect| none trace