Multiperspective Malware Analysis Page - Daily Malware Binary Digest Summary

Welcome to the Cyber-TA
Daily Malware Binary DIGEST Summary Page

14 July 2008

All data collection and analyses summarized in this page were 100% AUTO-GENERATED.

DEVELOPERS: Vinod Yegneswaran (SRI), Phillip Porras (SRI), Hassen Saidi (SRI)
Monirul Sharif (Georgia-Tech), Arvind Narayanan (University of Texas at Austin)

The data on this website is provided for research purposes only. It is provided
for your personal use only and is supplied AS IS, WITHOUT WARRANTY OF ANY KIND.
Use or reliance on this data is at your own risk.

Packed
MD5 UnPacket
MD5 Victim
OS AntiVirus
Hit-Cnt First
Encounter Last
Encounter Freq
Cnt Behavioral
Clusters Unpacked
Egg.asm Packer
Fingerprint API
Resolution String
Cnt Syscall
Trace

0fa273d7cb
NEW none[none] WinXP 32 of 33 14:32:58 14:32:58 1 none none:none
none|none none none

7ba9e53288
NEW none[none] Win2K-f 31 of 33 18:27:55 18:27:55 1 none none:none
none|none none none

53bfe15e91
[Firefox:638 hits: 06-17 to 07-13]
73f1082158
[Firefox:307 hits: 06-18 to 07-13] none[4]
73f1082158[1] WinXP
Win2K-f 0 of 32 04:27:46 23:47:43 8 none none:none
ASM:Graph
tElock|
Armadillo| 47% none
lines=81 trace
trace

7f6ea12654
NEW none[none] WinXP 32 of 33 12:46:55 22:21:34 2 none none:none
none|none none none

53bfe15e91
[Firefox:638 hits: 06-17 to 07-13] none[4] WinXP
Win2K-f 33 of 33 04:27:46 23:47:43 16 none none:none
tElock| none trace

53bfe15e91
[Firefox:638 hits: 06-17 to 07-13]
b7082104e4
[Firefox:41 hits: 06-18 to 07-13] none[4]
none [4] WinXP 8 of 33 06:45:49 06:45:49 1 none none:none
none:none
tElock|
tElock| none
none trace
trace

9242113c52
NEW
92df1d8b32
NEW none[none]
none [none] WinXP 32 of 33 16:25:38 16:25:38 1 none none:none
none:none
none|none
none|none none
none none
none

493624c3e6
NEW none[none] Win2K-f 32 of 33 19:03:32 19:03:32 1 none none:none
none|none none none

8a93930ea8
[Firefox: 6 hits: 07-06 to 07-11]
bc94f66052
[Firefox: 6 hits: 07-06 to 07-11] none[none]
none [none] Win2K-f 32 of 33 15:16:00 15:16:00 1 none none:none
none:none
none|none
none|none none
none none
none

e321efdb3f
[Firefox: 9 hits: 05-07 to 10-21] none[none] WinXP 26 of 28 10:55:41 10:55:41 1 none none:none
none|none none none

168aab35a3
[Firefox:52 hits: 06-17 to 07-13] none[4] WinXP 31 of 33 00:08:45 07:44:22 2 none none:none
tElock| none trace

d42c1cc7c0
[Firefox:315 hits: 05-01 to 07-12] af9ca5bed1 [0] WinXP 29 of 29 10:16:00 10:16:00 1 none ASM:Graph
PolyEnE| 100% lines=54 trace

bca9e0fb5f
[Firefox:12 hits: 06-18 to 07-12] none[4] Win2K-f 31 of 32 10:05:24 10:05:24 1 none none:none
PolyEnE| none trace

a12cab51ef
[Firefox:1113 hits: 05-01 to 07-13] 40f7f463c4 [0] WinXP 29 of 29 02:07:13 20:02:43 3 none ASM:Graph
ASPack| 54% lines=281
embedded dns trace

3a400e5085
NEW none[none] WinXP 31 of 33 21:59:03 21:59:03 1 none none:none
none|none none none

6aaaa4c587
NEW none[none] Win2K-f 29 of 32 05:50:30 05:50:30 1 none none:none
none|none none none

7452c8448d
[Firefox: 2 hits: 06-17 to 06-23] none[4] WinXP 30 of 32 01:54:08 01:54:08 1 none none:none
PolyEnE| none trace

a704164588
[Firefox: 4 hits: 07-04 to 07-13] none[none] WinXP 31 of 33 18:05:49 18:05:49 1 none none:none
none|none none none

cce9566ceb
[Firefox:27 hits: 06-12 to 07-13] none[4] WinXP 31 of 32 11:03:34 14:08:36 2 none none:none
PolyEnE| none trace

168aab35a3
[Firefox:52 hits: 06-17 to 07-13]
4c3df24b32
[Firefox:86 hits: 06-17 to 07-13] none[4]
4c3df24b32[1] WinXP 0 of 33 07:44:22 07:44:22 1 none none:none
ASM:Graph
tElock|
Armadillo| 47% none
lines=81 trace
trace

7fdfe363d5
[Firefox:2893 hits: 12-31 to 07-13] 10862ea8b8 [0] WinXP
Win2K-f 25 of 28 01:59:46 23:04:31 15 none ASM:Graph
FSG| 95% lines=1933
embedded dns trace

7bd63bb17d
[Firefox: 2 hits: 07-12 to 07-12] none[none] WinXP 33 of 33 11:37:42 11:37:42 1 none none:none
none|none none none

a704164588
[Firefox: 4 hits: 07-04 to 07-13]
eb270b5ad2
NEW none[none]
none [none] WinXP 30 of 32 18:05:49 18:05:49 1 none none:none
none:none
none|none
none|none none
none none
none

168aab35a3
[Firefox:52 hits: 06-17 to 07-13]
667f0c59f3
[Firefox: 2 hits: 07-04 to 07-07] none[4]
none [none] WinXP 31 of 33 00:08:45 00:08:45 1 none none:none
none:none
tElock|
none|none none
none trace
none

741e3b03b3
[Firefox:154 hits: 09-28 to 07-13] e0197e8a64 [0] WinXP 31 of 32 05:47:36 14:17:44 4 none ASM:Graph
none|none 100% lines=62 trace

9543d041a7
[Firefox: 8 hits: 05-16 to 05-29] 49e3eed5c5 [0] WinXP 29 of 29 18:48:12 18:48:18 2 none ASM:Graph
PolyEnE| 100% lines=77
embedded dns trace

5971a3c5fb
NEW none[none] WinXP 28 of 32 19:27:44 19:27:44 1 none none:none
none|none none none

e286d9e6a9
[Firefox: 3 hits: 07-13 to 07-13] none[none] Win2K-f
WinXP 21 of 33 00:08:10 21:21:26 8 none none:none
none|none none none

e64061f403
[Firefox: 4 hits: 10-08 to 03-13] 5c0b28de87 [0] Win2K-f 29 of 32 06:32:10 19:04:04 2 none ASM:Graph
FSG| 95% lines=1933
embedded dns trace

4250d77f5b
NEW none[none] WinXP 31 of 33 13:49:02 13:49:02 1 none none:none
none|none none none

831f4ee0a7
[Firefox:693 hits: 07-11 to 07-13] eb7546c600 [0] WinXP 29 of 29 08:28:45 21:18:18 2 none ASM:Graph
none|none 100% lines=61 trace

4ab5b0788c
[Firefox:13 hits: 04-21 to 06-25] 272da55ef8 [0] WinXP 29 of 31 13:08:41 13:08:41 1 none ASM:Graph
PolyEnE| 100% lines=114 trace

81264c16dd
[Firefox: 2 hits: 07-03 to 07-11]
9a91743938
[Firefox: 2 hits: 07-03 to 07-11] none[none]
none [none] WinXP 29 of 33 12:58:44 12:58:44 1 none none:none
none:none
none|none
none|none none
none none
none

8a93930ea8
[Firefox: 6 hits: 07-06 to 07-11] none[none] Win2K-f 24 of 33 15:16:00 15:16:00 1 none none:none
none|none none none

5f3232223a
NEW none[none] Win2K-f 31 of 33 12:37:55 12:37:55 1 none none:none
none|none none none

53bfe15e91
[Firefox:638 hits: 06-17 to 07-13]
73f1082158
[Firefox:307 hits: 06-18 to 07-13]
b5919931fe
[Firefox:121 hits: 06-20 to 07-13] none[4]
73f1082158[1]
b5919931fe[1] Win2K-f 0 of 32 01:35:40 15:30:39 2 none none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
ASProtect| 48% none
lines=81
lines=90 trace
trace
trace

0efbb2ee6a
NEW none[none] Win2K-f 27 of 33 09:30:57 09:30:57 1 none none:none
none|none none none

cc545e1c99
NEW 97a4355156 [0] WinXP 28 of 31 02:56:32 02:56:32 1 none ASM:Graph
none|none 47% lines=90 trace

53bfe15e91
[Firefox:638 hits: 06-17 to 07-13]
57ce4acac2
[Firefox:56 hits: 06-17 to 07-13] none[4]
57ce4acac2[1] WinXP
Win2K-f 0 of 33 08:34:13 20:51:18 2 none none:none
ASM:Graph
tElock|
Armadillo| 47% none
lines=81 trace
trace

afc1e634b2
NEW
eee8ce8675
NEW none[none]
none [none] Win2K-f 29 of 33 00:31:50 00:31:50 1 none none:none
none:none
none|none
none|none none
none none
none

2110c8100f
[Firefox: 8 hits: 06-19 to 07-11]
e818015a89
[Firefox: 7 hits: 06-23 to 07-11] none[4]
e818015a89[1] Win2K-f 0 of 0 02:36:40 02:36:40 1 none none:none
ASM:Graph
PolyEnE|
Armadillo| 47% none
lines=81 trace
trace

1a2c0e6130
[Firefox:480 hits: 12-31 to 07-13] 048df78048 [0] WinXP 29 of 29 05:33:01 19:48:44 3 none ASM:Graph
none|none 100% lines=61 trace

53bfe15e91
[Firefox:638 hits: 06-17 to 07-13]
a08f3b74a4
[Firefox:206 hits: 06-18 to 07-13] none[4]
a08f3b74a4[1] WinXP
Win2K-f 0 of 33 05:20:17 20:36:56 6 none none:none
ASM:Graph
tElock|
Armadillo| 47% none
lines=81 trace
trace

f99b3c8fe6
NEW none[none] Win2K-f 32 of 33 14:54:55 14:54:55 1 none none:none
none|none none none

5601dcf617
NEW
d0c1f3c8c7
NEW none[none]
none [none] WinXP 30 of 32 03:29:39 03:30:21 2 none none:none
none:none
none|none
none|none none
none none
none

661a97baa1
[Firefox: 2 hits: 07-02 to 07-02] none[none] Win2K-f 31 of 33 03:34:01 03:34:01 1 none none:none
none|none none none

ecb8ed0ff5
NEW none[none] WinXP 19 of 33 20:58:00 20:58:00 1 none none:none
none|none none none

1e03efd64c
NEW none[none] WinXP 33 of 33 12:42:59 12:42:59 1 none none:none
none|none none none

e3ce8985e6
[Firefox: 2 hits: 03-08 to 03-12] 3762d19d64 [0] WinXP 31 of 32 05:33:42 05:33:42 1 none ASM:Graph
PolyEnE| 99% lines=68 trace

16874933ea
[Firefox:14 hits: 06-18 to 07-10]
76ee340669
[Firefox:14 hits: 06-18 to 07-10] 16874933ea [1]
none [4] Win2K-f 33 of 33 01:07:05 01:07:05 1 none ASM:Graph
none:none
Armadillo|
PolyEnE| lines=82
none trace
trace

881c59659d
NEW
df17a625ee
[Firefox:486 hits: 05-04 to 07-13] none[none]
9bbdd086c5[0] WinXP 29 of 29 10:03:22 10:03:22 1 none none:none
ASM:Graph
none|none
ASPack| 49% none
lines=186
embedded dns none
trace

35350ef80b
NEW none[none] Win2K-f 31 of 33 08:10:53 08:10:53 1 none none:none
none|none none none

f12583a6d2
[Firefox:43 hits: 07-13 to 07-13] none[none] Win2K-f
WinXP 20 of 32 00:05:19 18:29:22 47 none none:none
none|none none none

2110c8100f
[Firefox: 8 hits: 06-19 to 07-11] none[4] Win2K-f 29 of 32 02:36:40 02:36:40 1 none none:none
PolyEnE| none trace

16874933ea
[Firefox:14 hits: 06-18 to 07-10] 16874933ea [1] Win2K-f 29 of 33 01:07:05 01:07:05 1 none ASM:Graph
Armadillo| 48% lines=82 trace

bca9e0fb5f
[Firefox:12 hits: 06-18 to 07-12]
e53a9ea82e
[Firefox:12 hits: 06-18 to 07-12] none[4]
e53a9ea82e[1] Win2K-f 23 of 33 10:05:24 10:05:24 1 none none:none
ASM:Graph
PolyEnE|
Armadillo| 47% none
lines=81 trace
trace

881c59659d
NEW none[none] WinXP 0 of 33 10:03:22 10:03:22 1 none none:none
none|none none none

ce46f7ab87
[Firefox: 2 hits: 07-02 to 07-06] none[none] WinXP 1 of 33 01:25:38 01:25:38 1 none none:none
none|none none none

9242113c52
NEW
92df1d8b32
NEW
e07c29c4ae
[Firefox:92 hits: 06-19 to 07-13] none[none]
none [none]
e07c29c4ae[1] WinXP 0 of 33 04:27:46 16:25:38 5 none none:none
none:none
ASM:Graph
none|none
none|none
FSG| 48% none
none
lines=92 none
none
trace

d3cdd013ea
NEW none[none] WinXP 33 of 33 14:35:03 14:35:03 1 none none:none
none|none none none

87835b2882
NEW none[none] WinXP 19 of 33 14:55:59 14:55:59 1 none none:none
none|none none none

5601dcf617
NEW none[none] WinXP 30 of 33 03:29:39 03:30:21 2 none none:none
none|none none none

7f60162c2c
[Firefox:1415 hits: 12-31 to 07-12] 1aad8e4632 [0] WinXP 25 of 25 12:50:55 14:12:12 2 none ASM:Graph
PolyEnE| 100% lines=93
embedded dns trace

7df41a77e6
[Firefox: 5 hits: 06-16 to 07-12] none[4] Win2K-f 30 of 33 00:17:40 00:17:40 1 none none:none
PolyEnE| none trace

9242113c52
NEW none[none] WinXP 29 of 33 16:25:38 16:25:38 1 none none:none
none|none none none

7452c8448d
[Firefox: 2 hits: 06-17 to 06-23]
fd9b49840f
NEW none[4]
fd9b49840f[1] WinXP 0 of 0 01:54:08 01:54:08 1 none none:none
ASM:Graph
PolyEnE|
Armadillo| 47% none
lines=81 trace
trace

7ba9e53288
NEW
d2e7fab9c3
NEW none[none]
none [none] Win2K-f 29 of 33 18:27:55 18:27:55 1 none none:none
none:none
none|none
none|none none
none none
none

5f96502533
NEW none[none] WinXP 31 of 33 12:37:27 12:37:27 1 none none:none
none|none none none

afc1e634b2
NEW none[none] Win2K-f 32 of 33 00:31:50 00:31:50 1 none none:none
none|none none none

ce46f7ab87
[Firefox: 2 hits: 07-02 to 07-06]
d7dc1e3bea
[Firefox: 2 hits: 07-02 to 07-06] none[none]
none [none] WinXP 32 of 33 01:25:38 01:25:38 1 none none:none
none:none
none|none
none|none none
none none
none

f806c334f0
[Firefox: 2 hits: 07-13 to 07-13] none[none] Win2K-f 31 of 33 15:54:31 15:54:31 1 none none:none
none|none none none

7d99b0e910
[Firefox:3197 hits: 12-31 to 07-13] 7a70e1b592 [0] WinXP 26 of 28 00:46:05 19:14:47 6 none ASM:Graph
PolyEnE| 99% lines=68 trace

366148f7b7
[Firefox: 4 hits: 07-06 to 07-13] none[none] WinXP 31 of 33 00:11:05 00:11:05 1 none none:none
none|none none none

131351dd21
[Firefox: 7 hits: 05-22 to 06-29] none[4] WinXP 20 of 32 01:37:14 01:37:14 1 none none:none
none|none none trace

d1377a8b90
[Firefox: 2 hits: 03-25 to 04-26] ad56da3672 [0] WinXP 32 of 32 12:09:47 12:09:47 1 none ASM:Graph
PolyEnE| 99% lines=68 trace

81264c16dd
[Firefox: 2 hits: 07-03 to 07-11] none[none] WinXP 31 of 33 12:58:44 12:58:44 1 none none:none
none|none none none

4250d77f5b
NEW
7da49624d7
NEW none[none]
none [none] WinXP 28 of 32 13:49:02 13:49:02 1 none none:none
none:none
none|none
none|none none
none none
none

de288d3080
NEW none[none] WinXP 20 of 33 10:35:41 10:35:41 1 none none:none
none|none none none

773c775064
NEW none[none] WinXP 32 of 33 10:30:45 10:30:45 1 none none:none
none|none none none

4cb4a015fc
NEW none[none] Win2K-f 30 of 32 11:42:22 11:42:22 1 none none:none
none|none none none