Multiperspective Malware Analysis Page - Daily Malware Binary Digest Summary

Welcome to the Cyber-TA
Daily Malware Binary DIGEST Summary Page

18 September 2008

All data collection and analyses summarized in this page were 100% AUTO-GENERATED.

DEVELOPERS: Vinod Yegneswaran (SRI), Phillip Porras (SRI), Hassen Saidi (SRI)
Monirul Sharif (Georgia-Tech), Arvind Narayanan (University of Texas at Austin)

The data on this website is provided for research purposes only. It is provided
for your personal use only and is supplied AS IS, WITHOUT WARRANTY OF ANY KIND.
Use or reliance on this data is at your own risk.

Packed
MD5 UnPacket
MD5 Victim
OS AntiVirus
Hit-Cnt First
Encounter Last
Encounter Freq
Cnt Behavioral
Clusters Unpacked
Egg.asm Packer
Fingerprint API
Resolution String
Cnt Syscall
Trace

53bfe15e91
[Firefox:2220 hits: 06-17 to 09-17]
73f1082158
[Firefox:1108 hits: 06-18 to 09-17] none[4]
73f1082158[1] Win2K-f
WinXP 0 of 32 00:46:55 23:39:33 17 none none:none
ASM:Graph
tElock|
Armadillo| 47% none
lines=81 trace
trace

53bfe15e91
[Firefox:2220 hits: 06-17 to 09-17] none[4] Win2K-f
WinXP 33 of 33 00:46:55 23:39:33 37 none none:none
tElock| none trace

8d3ac9bfce
NEW none[none] WinXP 33 of 36 09:40:54 09:40:54 1 none none:none
none|none none none

1951eee0cd
[Firefox: 5 hits: 06-18 to 08-30]
e5e0dbde57
[Firefox: 5 hits: 06-18 to 08-30] 1951eee0cd [1]
none [4] Win2K-f 31 of 33 07:50:17 07:50:17 1 none ASM:Graph
none:none
Armadillo|
tElock| lines=82
none trace
trace

623e0b5433
[Firefox: 4 hits: 09-14 to 09-17] none[none] WinXP 34 of 36 19:05:07 19:05:07 1 none none:none
none|none none none

e4ed963a77
NEW none[none] WinXP 36 of 36 10:01:05 10:01:05 1 none none:none
none|none none none

53bfe15e91
[Firefox:2220 hits: 06-17 to 09-17]
b5919931fe
[Firefox:593 hits: 06-20 to 09-17]
b7082104e4
[Firefox:135 hits: 06-18 to 09-17] none[4]
b5919931fe[1]
none [4] Win2K-f 8 of 33 18:07:58 18:07:58 1 none none:none
ASM:Graph
none:none
tElock|
ASProtect|
tElock| none
lines=90
none trace
trace
trace

7f89b38665
[Firefox:11 hits: 08-02 to 09-17] none[none] Win2K-f
WinXP 32 of 36 03:13:50 14:10:46 2 none none:none
none|none none none

203a4cb5a4
NEW
990354b619
NEW none[none]
none [none] Win2K-f 33 of 36 05:43:21 05:43:21 1 none none:none
none:none
none|none
none|none none
none none
none

03d5bf43b7
NEW none[none] Win2K-f 19 of 36 18:34:19 18:34:19 1 none none:none
none|none none none

1b7ec6ce60
[Firefox: 2 hits: 09-16 to 09-16] none[none] WinXP 35 of 36 13:15:00 13:15:01 2 none none:none
none|none none none

1951eee0cd
[Firefox: 5 hits: 06-18 to 08-30] 1951eee0cd [1] Win2K-f 27 of 33 07:50:17 07:50:17 1 none ASM:Graph
Armadillo| 47% lines=82 trace

2a0ee3c795
[Firefox: 5 hits: 09-13 to 09-17] none[none] WinXP 27 of 36 06:53:37 06:53:37 1 none none:none
none|none none none

168aab35a3
[Firefox:130 hits: 06-17 to 09-17] none[4] Win2K-f 31 of 33 21:55:19 21:55:19 1 none none:none
tElock| none trace

a12cab51ef
[Firefox:522 hits: 01-01 to 09-17] 40f7f463c4 [0] WinXP 29 of 29 16:00:15 23:02:37 3 none ASM:Graph
ASPack| 54% lines=281
embedded dns trace

d99da8735e
NEW none[none] WinXP 34 of 36 10:22:03 10:22:49 2 none none:none
none|none none none

9b891c1007
NEW
c64bd50d88
NEW none[none]
none [none] Win2K-f 33 of 36 16:46:06 16:46:06 1 none none:none
none:none
none|none
none|none none
none none
none

83959d63ea
NEW none[none] WinXP 35 of 36 15:04:38 15:04:38 1 none none:none
none|none none none

03f912899b
[Firefox:125 hits: 01-08 to 09-17] 83893bd25d [0] WinXP 32 of 32 01:48:11 14:59:35 2 none ASM:Graph
none|none 100% lines=65 trace

571e381ed4
[Firefox: 7 hits: 09-14 to 09-17] none[none] WinXP 35 of 36 08:05:40 08:05:40 1 none none:none
none|none none none

ba4637f8f0
[Firefox:10 hits: 07-01 to 09-16]
d02ae67164
[Firefox:10 hits: 07-01 to 09-16] none[none]
none [none] WinXP 31 of 33 20:53:58 20:53:58 1 none none:none
none:none
none|none
none|none none
none none
none

168aab35a3
[Firefox:130 hits: 06-17 to 09-17]
4c3df24b32
[Firefox:185 hits: 06-17 to 09-16] none[4]
4c3df24b32[1] Win2K-f 0 of 33 21:55:19 21:55:19 1 none none:none
ASM:Graph
tElock|
Armadillo| 47% none
lines=81 trace
trace

2a0ee3c795
[Firefox: 5 hits: 09-13 to 09-17]
3e0c5e5ebf
NEW none[none]
none [none] WinXP 33 of 36 06:53:37 06:53:37 1 none none:none
none:none
none|none
none|none none
none none
none

126a1d4446
[Firefox: 2 hits: 08-19 to 08-23]
3ed16ae12d
[Firefox:21 hits: 06-19 to 09-17] none[none]
3ed16ae12d[1] WinXP 3 of 33 22:17:42 22:17:42 1 none none:none
ASM:Graph
none|none
Armadillo| 47% none
lines=81 none
trace

97eb912b2a
NEW none[none] Win2K-f 33 of 36 18:33:55 18:33:55 1 none none:none
none|none none none

6528697102
NEW none[none] WinXP 35 of 36 09:24:23 09:24:23 1 none none:none
none|none none none

741e3b03b3
[Firefox:367 hits: 01-05 to 09-17] e0197e8a64 [0] WinXP 31 of 32 03:47:01 23:07:32 3 none ASM:Graph
none|none 100% lines=62 trace

f353d4eed9
NEW none[none] WinXP 35 of 36 00:41:46 10:54:07 2 none none:none
none|none none none

831f4ee0a7
[Firefox:538 hits: 01-01 to 09-17] eb7546c600 [0] WinXP 29 of 29 05:01:37 20:34:12 3 none ASM:Graph
none|none 100% lines=61 trace

7df84ee3d1
NEW none[none] WinXP 33 of 36 12:40:06 12:40:06 1 none none:none
none|none none none

53bfe15e91
[Firefox:2220 hits: 06-17 to 09-17]
73f1082158
[Firefox:1108 hits: 06-18 to 09-17]
b5919931fe
[Firefox:593 hits: 06-20 to 09-17] none[4]
73f1082158[1]
b5919931fe[1] Win2K-f 0 of 32 00:46:55 23:39:33 11 none none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
ASProtect| 48% none
lines=81
lines=90 trace
trace
trace

2204fd4d17
[Firefox: 3 hits: 09-15 to 09-16] none[none] Win2K-f 35 of 36 18:15:27 18:15:27 1 none none:none
none|none none none

6ec2a8994b
[Firefox:22 hits: 06-18 to 09-17]
bcf66a38c8
[Firefox: 9 hits: 07-30 to 09-17] none[4]
none [none] Win2K-f 2 of 35 15:42:44 15:42:44 1 none none:none
none:none
tElock|
none|none none
none trace
none

53bfe15e91
[Firefox:2220 hits: 06-17 to 09-17]
57ce4acac2
[Firefox:183 hits: 06-17 to 09-16] none[4]
57ce4acac2[1] Win2K-f
WinXP 0 of 33 05:23:25 22:59:52 4 none none:none
ASM:Graph
tElock|
Armadillo| 47% none
lines=81 trace
trace

6df1b03604
NEW none[none] WinXP 33 of 36 00:46:57 00:46:57 1 none none:none
none|none none none

af79e0c602
[Firefox: 7 hits: 01-08 to 09-16] none[4] WinXP 29 of 30 06:49:02 06:49:02 1 none none:none
ASPack| none trace

2a0ee3c795
[Firefox: 5 hits: 09-13 to 09-17]
3e0c5e5ebf
NEW
d3b4e5e7df
NEW none[none]
none [none]
none [none] WinXP 10 of 36 06:53:37 06:53:37 1 none none:none
none:none
none:none
none|none
none|none
none|none none
none
none none
none
none

1a2c0e6130
[Firefox:395 hits: 12-31 to 09-17] 048df78048 [0] WinXP 29 of 29 12:59:25 22:32:01 4 none ASM:Graph
none|none 100% lines=61 trace

53bfe15e91
[Firefox:2220 hits: 06-17 to 09-17]
a08f3b74a4
[Firefox:761 hits: 06-18 to 09-17] none[4]
a08f3b74a4[1] Win2K-f
WinXP 0 of 33 02:14:24 22:24:25 16 none none:none
ASM:Graph
tElock|
Armadillo| 47% none
lines=81 trace
trace

0a752bfb2a
NEW none[none] WinXP 34 of 36 20:54:36 20:54:36 1 none none:none
none|none none none

57c095a73a
NEW
71feff97fb
NEW none[none]
none [none] WinXP 32 of 36 20:40:37 20:40:37 1 none none:none
none:none
none|none
none|none none
none none
none

b872c76081
[Firefox: 6 hits: 09-13 to 09-17] none[none] WinXP 36 of 36 10:21:39 10:21:39 1 none none:none
none|none none none

7f89b38665
[Firefox:11 hits: 08-02 to 09-17]
a51a50404e
[Firefox:11 hits: 08-02 to 09-17] none[none]
none [none] Win2K-f
WinXP 34 of 36 03:13:50 14:10:46 2 none none:none
none:none
none|none
none|none none
none none
none

a4eb225807
[Firefox: 2 hits: 06-19 to 07-12]
f85f8eb994
[Firefox: 2 hits: 06-19 to 07-12] none[4]
f85f8eb994[1] Win2K-f 29 of 33 08:26:07 08:26:07 1 none none:none
ASM:Graph
tElock|
Armadillo| 48% none
lines=82 trace
trace

a0139d7ad8
[Firefox:101 hits: 01-03 to 09-17] d9e9662db1 [0] WinXP 29 of 29 10:36:31 10:36:31 1 none ASM:Graph
PolyEnE| 99% lines=68 trace

6528697102
NEW
667b157f26
NEW none[none]
none [none] WinXP 32 of 36 09:24:23 09:24:23 1 none none:none
none:none
none|none
none|none none
none none
none

a84ffdf670
[Firefox: 2 hits: 09-14 to 09-16] none[none] WinXP 36 of 36 07:33:02 07:33:02 1 none none:none
none|none none none

97a3feb53f
NEW none[none] WinXP 35 of 36 10:12:39 10:12:39 1 none none:none
none|none none none

d7525690c2
NEW none[none] Win2K-f 5 of 36 05:43:53 05:43:53 1 none none:none
none|none none none

607b60ad51
[Firefox:34 hits: 06-20 to 09-17]
e5c7bce70e
[Firefox:33 hits: 06-20 to 09-17] none[4]
e5c7bce70e[1] Win2K-f 2 of 32 15:00:07 15:00:07 1 none none:none
ASM:Graph
tElock|
Armadillo| 47% none
lines=81 trace
trace

8a75955033
[Firefox:31 hits: 06-20 to 08-27]
9276c8b36b
[Firefox:31 hits: 06-20 to 08-27] none[4]
9276c8b36b[1] Win2K-f 28 of 32 06:47:50 06:47:50 1 none none:none
ASM:Graph
tElock|
Armadillo| 47% none
lines=81 trace
trace

b5919931fe
[Firefox:593 hits: 06-20 to 09-17]
baa3b7672d
NEW b5919931fe [1]
none [none] Win2K-f 33 of 36 21:29:27 21:29:27 1 none ASM:Graph
none:none
ASProtect|
none|none lines=90
none trace
none

df17a625ee
[Firefox:236 hits: 01-01 to 09-17] 9bbdd086c5 [0] WinXP 29 of 29 09:45:30 19:09:25 5 none ASM:Graph
ASPack| 49% lines=186
embedded dns trace

6ec2a8994b
[Firefox:22 hits: 06-18 to 09-17] none[4] Win2K-f 30 of 33 15:42:44 15:42:44 1 none none:none
tElock| none trace

2204fd4d17
[Firefox: 3 hits: 09-15 to 09-16]
eb0857e1b1
[Firefox: 3 hits: 09-15 to 09-16] none[none]
none [none] Win2K-f 32 of 36 18:15:27 18:15:27 1 none none:none
none:none
none|none
none|none none
none none
none

a4eb225807
[Firefox: 2 hits: 06-19 to 07-12] none[4] Win2K-f 29 of 32 08:26:07 08:26:07 1 none none:none
tElock| none trace

986b59708d
[Firefox:76 hits: 01-14 to 09-17] 8a00217866 [0] WinXP 29 of 29 18:59:36 18:59:36 1 none ASM:Graph
PolyEnE| 100% lines=57 trace

c05385e600
[Firefox:13 hits: 01-20 to 09-15] 6a383b021d [0] WinXP 29 of 29 14:59:08 14:59:31 2 none ASM:Graph
PolyEnE| 99% lines=68 trace

0a2b1894da
[Firefox: 7 hits: 06-26 to 09-13] none[none] WinXP 30 of 33 06:19:52 06:19:52 1 none none:none
none|none none none

27b945de66
[Firefox:20 hits: 06-20 to 09-17] none[4] WinXP 31 of 32 07:09:48 07:09:48 1 none none:none
none|none none trace

77bf3c6d25
[Firefox: 2 hits: 08-23 to 09-15]
88fd020726
[Firefox: 2 hits: 08-23 to 09-15] none[none]
none [none] Win2K-f 33 of 35 02:09:32 02:09:32 1 none none:none
none:none
none|none
none|none none
none none
none

6df1b03604
NEW
74fa06e356
NEW none[none]
none [none] WinXP 34 of 36 00:46:57 00:46:57 1 none none:none
none:none
none|none
none|none none
none none
none

126a1d4446
[Firefox: 2 hits: 08-19 to 08-23]
3ed16ae12d
[Firefox:21 hits: 06-19 to 09-17]
e07c29c4ae
[Firefox:455 hits: 06-19 to 09-17] none[none]
3ed16ae12d[1]
e07c29c4ae[1] WinXP 0 of 33 00:46:57 22:17:42 11 none none:none
ASM:Graph
ASM:Graph
none|none
Armadillo|
FSG| 48% none
lines=81
lines=92 none
trace
trace

7e8782e8f4
[Firefox: 4 hits: 04-19 to 08-29] 486e5604b0 [0] WinXP 31 of 32 08:19:45 08:19:45 1 none ASM:Graph
PolyEnE| 100% lines=68 trace

6e2eaa0359
[Firefox: 8 hits: 07-10 to 09-14]
740e3bffe0
[Firefox: 9 hits: 06-25 to 09-14] none[none]
none [none] Win2K-f 24 of 33 01:02:33 01:02:33 1 none none:none
none:none
none|none
none|none none
none none
none

203a4cb5a4
NEW none[none] Win2K-f 32 of 36 05:43:21 05:43:21 1 none none:none
none|none none none

8a75955033
[Firefox:31 hits: 06-20 to 08-27] none[4] Win2K-f 29 of 32 06:47:50 06:47:50 1 none none:none
tElock| none trace

f8503f879a
NEW none[none] WinXP 34 of 36 07:43:40 07:43:40 1 none none:none
none|none none none

9b891c1007
NEW none[none] Win2K-f 31 of 36 16:46:06 16:46:06 1 none none:none
none|none none none

0a2b1894da
[Firefox: 7 hits: 06-26 to 09-13]
414b95a784
[Firefox: 7 hits: 06-26 to 09-13] none[none]
none [none] WinXP 32 of 33 06:19:52 06:19:52 1 none none:none
none:none
none|none
none|none none
none none
none

d175563b7f
NEW none[none] WinXP 33 of 36 00:15:59 00:15:59 1 none none:none
none|none none none

7f60162c2c
[Firefox:568 hits: 12-31 to 09-17] 1aad8e4632 [0] WinXP 25 of 25 05:16:56 23:23:19 7 none ASM:Graph
PolyEnE| 100% lines=93
embedded dns trace

dbbc586732
[Firefox:32 hits: 07-28 to 09-15] none[none] WinXP 35 of 35 23:59:56 23:59:56 1 none none:none
none|none none none

126a1d4446
[Firefox: 2 hits: 08-19 to 08-23] none[none] WinXP 35 of 36 22:17:42 22:17:42 1 none none:none
none|none none none

6e2eaa0359
[Firefox: 8 hits: 07-10 to 09-14] none[none] Win2K-f 31 of 33 01:02:33 01:02:33 1 none none:none
none|none none none

78b29f38ed
[Firefox: 7 hits: 06-29 to 09-13] none[none] WinXP 32 of 33 07:03:58 07:03:58 1 none none:none
none|none none none

ba4637f8f0
[Firefox:10 hits: 07-01 to 09-16] none[none] WinXP 28 of 33 20:53:58 20:53:58 1 none none:none
none|none none none

03d5bf43b7
NEW
b9cdf4ca69
[Firefox: 5 hits: 06-18 to 09-16] none[none]
none [4] Win2K-f 31 of 33 18:34:19 18:34:19 1 none none:none
none:none
none|none
none|none none
none none
trace

8d3ac9bfce
NEW
e07c29c4ae
[Firefox:455 hits: 06-19 to 09-17]
e8876f10e2
NEW none[none]
e07c29c4ae[1]
none [none] WinXP 34 of 36 09:40:54 09:40:54 1 none none:none
ASM:Graph
none:none
none|none
FSG|
none|none none
lines=92
none none
trace
none

b5919931fe
[Firefox:593 hits: 06-20 to 09-17]
baa3b7672d
NEW
c6db9a9ecd
NEW b5919931fe [1]
none [none]
none [none] Win2K-f 31 of 36 21:29:27 21:29:27 1 none ASM:Graph
none:none
none:none
ASProtect|
none|none
none|none lines=90
none
none trace
none
none

7d99b0e910
[Firefox:1098 hits: 12-31 to 09-17] 7a70e1b592 [0] WinXP 26 of 28 07:15:57 23:46:24 8 none ASM:Graph
PolyEnE| 99% lines=68 trace

57c095a73a
NEW none[none] WinXP 34 of 36 20:40:37 20:40:37 1 none none:none
none|none none none

c9d01112a8
[Firefox:10 hits: 08-06 to 09-17] none[none] WinXP 35 of 36 11:49:28 11:49:28 1 none none:none
none|none none none

e2cd0c3b41
NEW none[none] WinXP 29 of 29 12:45:41 12:45:41 1 none none:none
none|none none none

77bf3c6d25
[Firefox: 2 hits: 08-23 to 09-15] none[none] Win2K-f 32 of 36 02:09:32 02:09:32 1 none none:none
none|none none none

607b60ad51
[Firefox:34 hits: 06-20 to 09-17] none[4] Win2K-f 31 of 32 15:00:07 15:00:07 1 none none:none
tElock| none trace

cdc0471930
NEW none[none] WinXP 36 of 36 19:35:28 19:35:28 1 none none:none
none|none none none

6b1c6d0395
NEW none[none] WinXP 34 of 36 23:55:00 23:55:00 1 none none:none
none|none none none