Multiperspective Malware Analysis Page - Daily Malware Binary Digest Summary

Welcome to the Cyber-TA
Daily Malware Binary DIGEST Summary Page

08 July 2008

All data collection and analyses summarized in this page were 100% AUTO-GENERATED.

DEVELOPERS: Vinod Yegneswaran (SRI), Phillip Porras (SRI), Hassen Saidi (SRI)
Monirul Sharif (Georgia-Tech), Arvind Narayanan (University of Texas at Austin)

The data on this website is provided for research purposes only. It is provided
for your personal use only and is supplied AS IS, WITHOUT WARRANTY OF ANY KIND.
Use or reliance on this data is at your own risk.

Packed
MD5 UnPacket
MD5 Victim
OS AntiVirus
Hit-Cnt First
Encounter Last
Encounter Freq
Cnt Behavioral
Clusters Unpacked
Egg.asm Packer
Fingerprint API
Resolution String
Cnt Syscall
Trace

4ab411960c
NEW
e8fee31b4e
NEW none[none]
none [none] Win2K-f 31 of 33 19:01:47 19:01:47 1 none none:none
none:none
none|none
none|none none
none none
none

2ca2e34968
NEW none[none] WinXP 30 of 33 22:23:58 22:23:58 1 none none:none
none|none none none

53bfe15e91
[Firefox:480 hits: 06-17 to 07-07]
73f1082158
[Firefox:224 hits: 06-18 to 07-07] none[4]
73f1082158[1] WinXP
Win2K-f 0 of 32 01:21:29 23:46:20 17 none none:none
ASM:Graph
tElock|
Armadillo| 47% none
lines=81 trace
trace

5a50b6f4ab
NEW none[none] WinXP 24 of 33 18:27:50 18:27:50 1 none none:none
none|none none none

53bfe15e91
[Firefox:480 hits: 06-17 to 07-07] none[4] WinXP
Win2K-f 33 of 33 01:21:29 23:46:20 29 none none:none
tElock| none trace

b5919931fe
[Firefox:89 hits: 06-20 to 07-07]
dfbaaf577c
[Firefox: 6 hits: 06-18 to 07-06]
f504b4af20
[Firefox: 6 hits: 06-18 to 07-06] b5919931fe [1]
none [4]
f504b4af20[1] Win2K-f 29 of 33 02:52:08 02:58:23 2 none ASM:Graph
none:none
ASM:Graph
ASProtect|
tElock|
Armadillo| 47% lines=90
none
lines=82 trace
trace
trace

d70e9267fe
[Firefox: 2 hits: 06-24 to 07-07] none[4] Win2K-f 31 of 33 21:41:48 21:41:48 1 none none:none
PolyEnE| none trace

53bfe15e91
[Firefox:480 hits: 06-17 to 07-07]
b7082104e4
[Firefox:30 hits: 06-18 to 07-07] none[4]
none [4] Win2K-f 8 of 33 11:11:56 11:11:56 1 none none:none
none:none
tElock|
tElock| none
none trace
trace

02cab5983b
[Firefox: 3 hits: 06-18 to 07-06] none[4] Win2K-f 31 of 33 21:50:37 21:50:37 1 none none:none
tElock| none trace

4c3df24b32
[Firefox:62 hits: 06-17 to 07-07]
8390780c27
[Firefox: 9 hits: 06-18 to 07-07] 4c3df24b32 [1]
none [4] Win2K-f
WinXP 30 of 32 01:31:27 23:11:12 5 none ASM:Graph
none:none
Armadillo|
tElock| lines=81
none trace
trace

9f707522e5
NEW none[none] Win2K-f 28 of 33 00:32:06 00:32:06 1 none none:none
none|none none none

8ae2cc2e80
[Firefox:60 hits: 05-06 to 03-05] c24ca14cda [0] WinXP 29 of 29 15:48:01 15:48:01 1 none ASM:Graph
PolyEnE| 99% lines=68 trace

6686b0fe5f
NEW none[4] Win2K-f 20 of 32 07:41:59 07:41:59 1 none none:none
ASProtect| none trace

168aab35a3
[Firefox:42 hits: 06-17 to 07-07] none[4] Win2K-f 31 of 33 06:45:56 06:45:56 1 none none:none
tElock| none trace

4ab411960c
NEW none[none] Win2K-f 30 of 33 19:01:47 19:01:47 1 none none:none
none|none none none

2bfd553322
NEW none[none] WinXP 30 of 33 17:57:51 17:57:51 1 none none:none
none|none none none

e8d4d8cde1
[Firefox:306 hits: 03-31 to 07-05] fda109a6fd [0] Win2K-f
WinXP 13 of 31 07:24:14 10:37:45 17 none ASM:Graph
ASProtect| 64% lines=583
embedded dns trace

c55d8c1cdf
NEW none[none] WinXP 32 of 33 05:26:24 05:26:24 1 none none:none
none|none none none

24acffe86e
NEW
a0d83e7d41
NEW 24acffe86e [1]
none [4] Win2K-f 30 of 32 19:18:13 19:18:13 1 none ASM:Graph
none:none
Armadillo|
tElock| lines=82
none trace
trace

c929e6508d
[Firefox: 2 hits: 06-23 to 07-01] c929e6508d [1] Win2K-f 0 of 0 12:08:19 12:08:19 1 none ASM:Graph
Armadillo| 47% lines=82 trace

018b5e869b
NEW none[none] Win2K-f 9 of 33 16:35:16 16:35:16 1 none none:none
none|none none none

9183352b97
NEW none[none] WinXP 31 of 33 13:53:46 13:53:46 1 none none:none
none|none none none

03f912899b
[Firefox:35 hits: 12-14 to 07-07] 83893bd25d [0] WinXP 32 of 32 10:54:58 11:52:10 2 none ASM:Graph
none|none 100% lines=65 trace

1801222e74
NEW none[none] WinXP 33 of 33 16:33:20 16:33:20 1 none none:none
none|none none none

2d51a863df
NEW
65c9f5c345
NEW none[none]
none [none] WinXP 31 of 33 12:29:32 12:29:32 1 none none:none
none:none
none|none
none|none none
none none
none

4c3df24b32
[Firefox:62 hits: 06-17 to 07-07] 4c3df24b32 [1] Win2K-f
WinXP 0 of 33 01:31:27 23:11:12 6 none ASM:Graph
Armadillo| 47% lines=81 trace

686d4ca67b
NEW
b7e379b157
NEW none[none]
none [none] WinXP 29 of 33 01:43:35 01:43:35 1 none none:none
none:none
none|none
none|none none
none none
none

6d86a1ff5a
[Firefox: 8 hits: 06-25 to 07-07] none[none] Win2K-f 28 of 33 14:21:17 14:21:17 1 none none:none
none|none none none

4d244a981f
[Firefox: 5 hits: 03-30 to 07-07] b66b85d85f [0] WinXP 30 of 31 10:04:22 10:04:22 1 none ASM:Graph
PolyEnE| 100% lines=129 trace

741e3b03b3
[Firefox:120 hits: 09-28 to 07-07] e0197e8a64 [0] WinXP 31 of 32 00:44:24 19:44:32 8 none ASM:Graph
none|none 100% lines=62 trace

f921e443d9
NEW none[none] WinXP 32 of 33 11:44:06 11:44:06 1 none none:none
none|none none none

6d86a1ff5a
[Firefox: 8 hits: 06-25 to 07-07]
7f6e032fc0
[Firefox: 8 hits: 06-25 to 07-07] none[none]
none [none] Win2K-f 31 of 33 14:21:17 14:21:17 1 none none:none
none:none
none|none
none|none none
none none
none

2d51a863df
NEW none[none] WinXP 28 of 32 12:29:32 12:29:32 1 none none:none
none|none none none

831f4ee0a7
[Firefox:683 hits: 07-11 to 07-07] eb7546c600 [0] WinXP 29 of 29 02:57:19 07:03:23 3 none ASM:Graph
none|none 100% lines=61 trace

231c00981d
NEW none[none] WinXP 33 of 33 05:12:34 05:12:34 1 none none:none
none|none none none

53bfe15e91
[Firefox:480 hits: 06-17 to 07-07]
57ce4acac2
[Firefox:41 hits: 06-17 to 07-07]
b5919931fe
[Firefox:89 hits: 06-20 to 07-07] none[4]
57ce4acac2[1]
b5919931fe[1] Win2K-f 0 of 32 02:58:23 16:54:13 5 none none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
ASProtect| 48% none
lines=81
lines=90 trace
trace
trace

17028f1eda
[Firefox:17 hits: 09-29 to 07-06] none[3] WinXP 31 of 32 04:35:29 05:00:21 2 none none:none
tElock| none trace

bf19b66a13
NEW none[none] WinXP 32 of 33 08:22:23 08:22:23 1 none none:none
none|none none none

f9a1559785
NEW none[none] WinXP 31 of 32 23:31:32 23:31:32 1 none none:none
none|none none none

9d9054829c
NEW none[4] Win2K-f 31 of 33 12:29:26 12:29:26 1 none none:none
tElock| none trace

71c478fc03
NEW none[none] Win2K-f 25 of 33 00:26:26 00:26:26 1 none none:none
none|none none none

3dffacd270
[Firefox: 2 hits: 06-20 to 07-02]
d5bf17f14e
[Firefox: 2 hits: 06-20 to 07-02] 3dffacd270 [1]
none [4] WinXP 30 of 32 05:50:40 05:50:40 1 none ASM:Graph
none:none
Armadillo|
tElock| lines=82
none trace
trace

53bfe15e91
[Firefox:480 hits: 06-17 to 07-07]
57ce4acac2
[Firefox:41 hits: 06-17 to 07-07] none[4]
57ce4acac2[1] WinXP
Win2K-f 0 of 33 06:31:37 22:42:22 5 none none:none
ASM:Graph
tElock|
Armadillo| 47% none
lines=81 trace
trace

2ca2e34968
NEW
61f8a55907
NEW none[none]
none [none] WinXP 31 of 33 22:23:58 22:23:58 1 none none:none
none:none
none|none
none|none none
none none
none

a38eaf614a
NEW none[none] Win2K-f 31 of 33 20:19:24 20:19:24 1 none none:none
none|none none none

1a2c0e6130
[Firefox:457 hits: 12-31 to 07-07] 048df78048 [0] WinXP 29 of 29 13:06:03 18:44:26 2 none ASM:Graph
none|none 100% lines=61 trace

7a393628ea
[Firefox: 4 hits: 05-12 to 06-27] none[4] WinXP 30 of 32 11:09:14 11:09:14 1 none none:none
ASProtect| none trace

53bfe15e91
[Firefox:480 hits: 06-17 to 07-07]
a08f3b74a4
[Firefox:161 hits: 06-18 to 07-07] none[4]
a08f3b74a4[1] Win2K-f
WinXP 0 of 33 15:17:59 21:16:25 6 none none:none
ASM:Graph
tElock|
Armadillo| 47% none
lines=81 trace
trace

9015d9e9fc
NEW
a014934a72
[Firefox:65 hits: 06-28 to 07-07] none[none]
none [none] Win2K-f 27 of 33 08:36:55 08:36:55 1 none none:none
none:none
none|none
none|none none
none none
none

777e93c56a
NEW none[none] Win2K-f 31 of 33 20:12:22 20:12:22 1 none none:none
none|none none none

24acffe86e
NEW 24acffe86e [1] Win2K-f 29 of 33 19:18:13 19:18:13 1 none ASM:Graph
Armadillo| 48% lines=82 trace

32a0d7d0e0
[Firefox:45 hits: 05-04 to 06-23] d791762796 [0] WinXP 29 of 29 02:00:20 02:00:20 1 none ASM:Graph
tElock| 100% lines=81
embedded dns trace

0abcc85844
NEW none[none] WinXP 28 of 33 07:55:43 07:55:43 1 none none:none
none|none none none

0dbe638eb4
NEW
2765878b0a
NEW none[none]
none [none] Win2K-f 29 of 33 20:27:11 20:27:11 1 none none:none
none:none
none|none
none|none none
none none
none

b5919931fe
[Firefox:89 hits: 06-20 to 07-07]
dfbaaf577c
[Firefox: 6 hits: 06-18 to 07-06] b5919931fe [1]
none [4] Win2K-f 31 of 33 02:52:08 02:58:23 2 none ASM:Graph
none:none
ASProtect|
tElock| lines=90
none trace
trace

686d4ca67b
NEW none[none] WinXP 32 of 33 01:43:35 01:43:35 1 none none:none
none|none none none

16874933ea
[Firefox:12 hits: 06-18 to 06-30]
76ee340669
[Firefox:12 hits: 06-18 to 06-30] 16874933ea [1]
none [4] WinXP 33 of 33 16:00:29 16:00:29 1 none ASM:Graph
none:none
Armadillo|
PolyEnE| lines=82
none trace
trace

8a75955033
[Firefox: 5 hits: 06-20 to 06-29]
9276c8b36b
[Firefox: 5 hits: 06-20 to 06-29] none[4]
9276c8b36b[1] Win2K-f 28 of 32 04:14:31 04:14:31 1 none none:none
ASM:Graph
tElock|
Armadillo| 47% none
lines=81 trace
trace

0dbe638eb4
NEW none[none] Win2K-f 32 of 33 20:27:11 20:27:11 1 none none:none
none|none none none

07fabc79ef
[Firefox: 4 hits: 06-19 to 07-07] 07fabc79ef [1] WinXP 0 of 32 17:09:53 17:09:53 1 none ASM:Graph
Armadillo| 47% lines=81 trace

4c3df24b32
[Firefox:62 hits: 06-17 to 07-07]
6a4845ca11
[Firefox: 3 hits: 06-27 to 07-02] 4c3df24b32 [1]
none [none] Win2K-f 0 of 0 11:59:44 11:59:44 1 none ASM:Graph
none:none
Armadillo|
none|none lines=81
none trace
none

df17a625ee
[Firefox:479 hits: 05-04 to 07-04] 9bbdd086c5 [0] WinXP 29 of 29 18:45:25 18:45:25 1 none ASM:Graph
ASPack| 49% lines=186
embedded dns trace

6ec2a8994b
[Firefox: 4 hits: 06-18 to 07-05] none[4] Win2K-f 30 of 33 02:18:36 02:18:36 1 none none:none
tElock| none trace

6c36e19037
[Firefox:10 hits: 06-22 to 07-05] none[4] Win2K-f 27 of 32 18:34:54 18:34:54 1 none none:none
none|none none trace

d74613e216
NEW d74613e216 [1] Win2K-f 29 of 32 05:27:28 05:27:28 1 none ASM:Graph
ASProtect| lines=45 trace

a732992479
NEW a732992479 [1] WinXP 30 of 33 13:49:11 13:49:11 1 none ASM:Graph
FASM| 0% lines=84 trace

2bfd553322
NEW
58b2aabe81
NEW none[none]
none [none] WinXP 31 of 33 17:57:51 17:57:51 1 none none:none
none:none
none|none
none|none none
none none
none

48f8b1a711
[Firefox: 5 hits: 06-19 to 07-07] none[4] Win2K-f 31 of 33 17:56:08 17:56:08 1 none none:none
PolyEnE| none trace

814b221f75
NEW none[none] WinXP
Win2K-f 24 of 33 07:22:05 07:45:31 2 none none:none
none|none none none

c929e6508d
[Firefox: 2 hits: 06-23 to 07-01]
ee1d9a67bb
[Firefox: 2 hits: 06-23 to 07-01] c929e6508d [1]
none [4] Win2K-f 0 of 0 12:08:19 12:08:19 1 none ASM:Graph
none:none
Armadillo|
tElock| lines=82
none trace
trace

16874933ea
[Firefox:12 hits: 06-18 to 06-30] 16874933ea [1] WinXP 29 of 33 16:00:29 16:00:29 1 none ASM:Graph
Armadillo| 48% lines=82 trace

9d9054829c
NEW
b69118be9f
NEW none[4]
b69118be9f[1] Win2K-f 30 of 33 12:29:26 12:29:26 1 none none:none
ASM:Graph
tElock|
Armadillo| 47% none
lines=82 trace
trace

9015d9e9fc
NEW none[none] Win2K-f 31 of 33 08:36:55 08:36:55 1 none none:none
none|none none none

53bfe15e91
[Firefox:480 hits: 06-17 to 07-07]
a08f3b74a4
[Firefox:161 hits: 06-18 to 07-07]
e07c29c4ae
[Firefox:72 hits: 06-19 to 07-07] none[4]
a08f3b74a4[1]
e07c29c4ae[1] WinXP 0 of 33 02:21:39 18:15:28 2 none none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
FSG| 48% none
lines=81
lines=92 trace
trace
trace

48f8b1a711
[Firefox: 5 hits: 06-19 to 07-07]
ae4e62adc2
NEW none[4]
none [none] Win2K-f 22 of 32 17:56:08 17:56:08 1 none none:none
none:none
PolyEnE|
none|none none
none trace
none

e1502b71c0
NEW none[none] Win2K-f 31 of 33 19:22:22 19:22:22 1 none none:none
none|none none none

5ba106150e
NEW
801e729de2
NEW none[none]
none [none] Win2K-f 31 of 33 15:23:51 15:23:51 1 none none:none
none:none
none|none
none|none none
none none
none

8a75955033
[Firefox: 5 hits: 06-20 to 06-29] none[4] Win2K-f 29 of 32 04:14:31 04:14:31 1 none none:none
tElock| none trace

76e95d966a
NEW none[none] WinXP 28 of 33 23:04:16 23:04:16 1 none none:none
none|none none none

02cab5983b
[Firefox: 3 hits: 06-18 to 07-06]
76e6f343c5
[Firefox: 3 hits: 06-18 to 07-06] none[4]
76e6f343c5[1] Win2K-f 30 of 33 21:50:37 21:50:37 1 none none:none
ASM:Graph
tElock|
Armadillo| 47% none
lines=82 trace
trace

8178c88f5e
NEW none[none] WinXP 33 of 33 11:17:28 16:21:50 2 none none:none
none|none none none

7f60162c2c
[Firefox:1398 hits: 12-31 to 07-07] 1aad8e4632 [0] WinXP 25 of 25 08:54:57 15:24:24 5 none ASM:Graph
PolyEnE| 100% lines=93
embedded dns trace

5ba106150e
NEW none[none] Win2K-f 29 of 33 15:23:51 15:23:51 1 none none:none
none|none none none

9183352b97
NEW
d711e38d6d
NEW none[none]
none [none] WinXP 30 of 33 13:53:46 13:53:46 1 none none:none
none:none
none|none
none|none none
none none
none

dc20b6fe59
[Firefox: 4 hits: 06-23 to 07-01] dc20b6fe59 [1] Win2K-f 0 of 0 12:52:53 12:52:53 1 none ASM:Graph
Armadillo| 47% lines=81 trace

7d99b0e910
[Firefox:3154 hits: 12-31 to 07-07] 7a70e1b592 [0] WinXP 26 of 28 06:32:59 21:21:31 10 none ASM:Graph
PolyEnE| 99% lines=68 trace

dc20b6fe59
[Firefox: 4 hits: 06-23 to 07-01]
f97070ef2b
[Firefox: 4 hits: 06-23 to 07-01] dc20b6fe59 [1]
none [4] Win2K-f 0 of 0 12:52:53 12:52:53 1 none ASM:Graph
none:none
Armadillo|
PolyEnE| lines=81
none trace
trace

168aab35a3
[Firefox:42 hits: 06-17 to 07-07]
61426996c3
[Firefox: 4 hits: 06-20 to 07-04] none[4]
61426996c3[1] Win2K-f 29 of 32 06:45:56 06:45:56 1 none none:none
ASM:Graph
tElock|
Armadillo| 47% none
lines=82 trace
trace

65275a1614
[Firefox: 6 hits: 06-21 to 07-07] 65275a1614 [1] Win2K-f 29 of 33 12:20:07 12:20:07 1 none ASM:Graph
Armadillo| 47% lines=82 trace

5a387593a6
[Firefox: 3 hits: 06-27 to 06-27] none[none] WinXP 0 of 0 01:32:16 01:32:16 1 none none:none
none|none none none

a92e3f8fc8
[Firefox:116 hits: 05-03 to 06-25] dfe02a1e52 [0] WinXP 26 of 28 07:03:18 07:03:18 1 none ASM:Graph
PolyEnE| 99% lines=68 trace

65275a1614
[Firefox: 6 hits: 06-21 to 07-07]
b5919931fe
[Firefox:89 hits: 06-20 to 07-07]
ec0d7783de
[Firefox: 6 hits: 06-21 to 07-07] 65275a1614 [1]
b5919931fe[1]
none [4] Win2K-f 30 of 32 12:20:07 12:20:07 1 none ASM:Graph
ASM:Graph
none:none
Armadillo|
ASProtect|
tElock| lines=82
lines=90
none trace
trace
trace

dae77d66f3
NEW none[none] WinXP 31 of 32 01:25:06 01:26:20 2 none none:none
none|none none none

3dffacd270
[Firefox: 2 hits: 06-20 to 07-02] 3dffacd270 [1] WinXP 28 of 32 05:50:40 05:50:40 1 none ASM:Graph
Armadillo| 47% lines=82 trace

6ec2a8994b
[Firefox: 4 hits: 06-18 to 07-05]
bec9340f6c
NEW none[4]
none [none] Win2K-f 31 of 33 02:18:36 02:18:36 1 none none:none
none:none
tElock|
none|none none
none trace
none