Multiperspective Malware Analysis Page

Welcome to the Cyber-TA
SRI's Multiperspective Malware Infection Analysis Page

UNCENSORED PAGE

<Click here: to download BotHunter>

12 October 2011
<prev> <next>

All data collection and analyses summarized in this page were 100% AUTO-GENERATED.

DEVELOPERS: Vinod Yegneswaran (SRI), Phillip Porras (SRI), Hassen Saidi (SRI)
Monirul Sharif (Georgia-Tech), Arvind Narayanan (University of Texas at Austin)

The data on this website is provided for research purposes only. It is provided
for your personal use only and is supplied AS IS, WITHOUT WARRANTY OF ANY KIND.
Use or reliance on this data is at your own risk.

Daily Summary Files: [DNS Lookups & Failed Connects] [ Attacker IPs ] [C&C Servers] [Binary Digests]
Cumulative Summary Files: [DNS Lookup Log] [Attacker IP Log] [C&C Server Log] [Antivirus Detection] [Code Segment Overlap]
[Behavioral Clusters] [Binary Digest Log]

[See Country Codes ]

Time
Victim
OS
Infection
Source
C&C
Server
DNS Lookups &
Failed Connects Infection
Port
Packet
Trace
Detection
Signatures
Infection
Chatter
BotHunter
Analysis
Behavioral
Cluster
Forensic
Logs
Antivirus
Labels
Packed Malware_Binary Unpacked egg.exe
Unpacked egg.asm
Packer PEID
Data Strings
Syscall Trace

T:02:29:00 Win2K-f 180.188.222.148 (-):
. n/a US:microsoft.com 135 pcap raw alerts
ruleset other
110 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

T:03:14:00 WinXP 223.141.102.160 (-):
. n/a 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball none none none none none none none

T:03:15:00 WinXP 118.83.14.53 (HTOJ.J-CNET.JP):
JCN-HTMNET,
HACHIOJI, TOKYO, JP. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
128 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

T:04:35:00 WinXP 213.109.225.38 (IPAPER.COM):
BLOCK FOR PI ASSIGNMENTS,
GLASGOW, SCOTLAND, UK. (DSL) n/a DE:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball none none none none none none none

T:07:19:00 WinXP 178.151.227.80 (FINEBLANK.COM):
EU-ZZ,
UK. (DSL) n/a DE:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball none none none none none none none

T:07:26:00 WinXP 223.16.69.12 (-):
. n/a DE:citi-bank.ru
DE:213.155.14.161:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball none none none none none none none

T:09:35:00 WinXP 117.19.91.115 (TAIWANMOBILE.NET):
TAIWAN MOBILE CO. LTD,
TAIPEI, T'AI-PEI, TW. (DSL) n/a DE:citi-bank.ru
DE:213.155.14.161:80 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:09:58:00 Win2K-f 173.16.170.15 (MCHSI.COM):
MEDIACOM COMMUNICATIONS CORP,
MOYOCK, NORTH CAROLINA, US. (DSL) n/a 135 pcap raw alerts
ruleset other
188 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

T:10:21:00 WinXP 178.25.165.102 (FINEBLANK.COM):
EU-ZZ,
UK. (DSL) n/a DE:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball none none none none none none none

T:10:49:00 Win2K-f 1.251.92.15 (-):
. 94.63.149.150:65520 DE:proxima.ircgalaxy.pl
US:microsoft.com
CN:sb.letmedo.net
EU:huyechek.com
CN:w.nucleardiscover.com
CN:hn.yigeyuming.com
RU:sedsed1.com
RO:backup-windows.ru
:a.95622.com
CN:ru.letmedo.net
174.123.157.154:80 135 pcap raw alerts
ruleset irc
http
127 lines Yeah : 1.8
profile none summary
tarball none none none none none none none

10:53:00 WinXP 201.172.114.24 (INTERCABLE.NET):
TELEVISION INTERNACIONAL S.A. DE C.V,
MONTERREY, NUEVO LEON, MX. (DSL) n/a DE:citi-bank.ru
DE:213.155.14.161:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 41 of 43
1 of 43
40 of 41
39 of 41
29 of 29
38 of 43
22 of 43
1 of 43
none
35 of 43
15 of 42
7 of 37
29 of 29
32 of 32
42 of 42
35 of 43
39 of 40
41 of 42
41 of 43
37 of 43
43 of 43
38 of 44
31 of 32
26 of 28
25 of 25
37 of 42
38 of 42
1 of 43
38 of 41
38 of 44
43 of 43
1 of 43
38 of 43
32 of 32
42 of 43
40 of 43
34 of 34
39 of 41
3 of 37
9 of 42
36 of 43
41 of 41
26 of 43
41 of 42
16 of 44
41 of 43 04d4170d3b
NEW
0a5f0b13d6
NEW
1096ba143e
NEW
169a5d5c84
NEW
1a2c0e6130
NEW
1e46eb92be
NEW
258c957144
NEW
2dbc977045
NEW
2f6cab0a72
NEW
3129f5662b
NEW
3420de55b8
NEW
3862324588
NEW
3ae357d17b
NEW
488d27fe97
NEW
4aa9b2104a
NEW
595430f951
NEW
5e8ccc4190
NEW
63d3d93432
NEW
67db574df4
NEW
69f32b85f1
NEW
6ffc4847e4
NEW
71395792c5
NEW
741e3b03b3
NEW
7d99b0e910
NEW
7f60162c2c
NEW
88edab3d8b
NEW
8a2553433c
NEW
8dcd3108b5
NEW
9276456bf8
NEW
994930c79a
NEW
ab147c2b58
NEW
ac238609b7
NEW
af614537c1
NEW
b502f83a7c
NEW
c66d771507
NEW
c8d42bea74
NEW
d20f157117
NEW
d8040f84d4
NEW
d9cb288f31
NEW
e4240d7958
NEW
e9117180db
NEW
e9667ba9e6
NEW
e9a62d4b65
NEW
ecc40fb127
NEW
f593071f74
NEW
fb486908b0
NEW none[none]
none [none]
none [none]
none [none]
none [0]
none [none]
none [none]
none [none]
none [none]
none [none]
none [none]
none [3]
none [0]
none [none]
none [none]
none [none]
8d5f86583f[0]
none [none]
none [none]
none [none]
none [none]
none [none]
none [0]
none [0]
none [0]
none [none]
none [none]
none [none]
none [none]
none [none]
none [none]
none [none]
none [none]
28f5be93b0[0]
none [none]
none [none]
738f555183[0]
d683995e84[0]
45603a001c[0]
none [none]
none [none]
none [none]
none [none]
none [none]
none [none]
none [none] none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
ASM:Graph
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
ASM:Graph
none:none
none:none
ASM:Graph
ASM:Graph
ASM:Graph
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none|none
none|none
none|none
none|none
none|none
none|none
none|none
none|none
none|none
none|none
none|none
UPX|
PolyEnE|
none|none
none|none
none|none
PolyEnE|
none|none
none|none
none|none
none|none
none|none
none|none
PolyEnE|
PolyEnE|
none|none
none|none
none|none
none|none
none|none
none|none
none|none
none|none
PolyEnE|
none|none
none|none
PolyEnE|
PolyEnE|
UPX|
none|none
none|none
none|none
none|none
none|none
none|none
none|none none
none
none
none
lines=60
none
none
none
none
none
none
none
lines=73
none
none
none
lines=68
none
none
none
none
none
lines=61
lines=68
lines=93
embedded dns
none
none
none
none
none
none
none
none
lines=73
none
none
lines=68
lines=73
lines=174
embedded dns
none
none
none
none
none
none
none none
none
none
none
trace
none
none
none
none
none
none
trace
trace
none
none
none
trace
none
none
none
none
none
trace
trace
trace
none
none
none
none
none
none
none
none
trace
none
none
trace
trace
trace
none
none
none
none
none
none
none

T:11:08:00 WinXP 93.102.216.128 (REV.OPTIMUS.PT):
OPTIMUS PORTUGAL,
PT. (DSL) 213.155.14.161:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

T:11:14:00 Win2K-f 111.88.34.150 (HOSTS-WORLDCALL.NET.PK):
WORLDCALL TELECOM LTD,
PK. (DSL) n/a US:pizzaisp.net
US:as.casalemedia.com
:images.ddc.com
US:activex.microsoft.com
US:codecs.microsoft.com
US:cdn.optmd.com
DE:proxima.ircgalaxy.pl
CN:s5.perfectexe.com
:a.95622.com
CN:myck.nucleardiscover.com
US:bestfoodhabit.com
CN:w.nucleardiscover.com
RU:sedsed1.com
:s5.mainpage.cc
14.102.118.147:6667
174.123.157.154:80
183.81.42.124:6667
RU:213.33.174.74:6667
41.202.123.63:6667
46.225.244.190:6667
CN:60.15.212.25:6667
CN:60.190.223.132:88 445 pcap raw alerts
ruleset irc
http
26 lines Argh : 0.3
profile none summary
tarball none none none none none none none

13:02:00 Win2K-f 182.18.142.163 (-):
. n/a US:www.maxmind.com
:getmyip.co.uk
:www.getmyip.org
US:checkip.dyndns.org
DE:131.220.6.26:80 445 pcap raw alerts
ruleset http
5 lines Yeah : 0.8
profile none summary
tarball 41 of 43
1 of 43
40 of 41
39 of 41
29 of 29
38 of 43
22 of 43
1 of 43
none
35 of 43
15 of 42
7 of 37
29 of 29
32 of 32
35 of 43
39 of 40
41 of 42
37 of 43
43 of 43
38 of 44
31 of 32
26 of 28
25 of 25
37 of 42
38 of 42
1 of 43
38 of 41
38 of 44
43 of 43
1 of 43
38 of 43
32 of 32
42 of 43
40 of 43
34 of 34
39 of 41
3 of 37
9 of 42
36 of 43
41 of 41
26 of 43
41 of 42
16 of 44
41 of 43 04d4170d3b
NEW
0a5f0b13d6
NEW
1096ba143e
NEW
169a5d5c84
NEW
1a2c0e6130
NEW
1e46eb92be
NEW
258c957144
NEW
2dbc977045
NEW
2f6cab0a72
NEW
3129f5662b
NEW
3420de55b8
NEW
3862324588
NEW
3ae357d17b
NEW
488d27fe97
NEW
595430f951
NEW
5e8ccc4190
NEW
63d3d93432
NEW
69f32b85f1
NEW
6ffc4847e4
NEW
71395792c5
NEW
741e3b03b3
NEW
7d99b0e910
NEW
7f60162c2c
NEW
88edab3d8b
NEW
8a2553433c
NEW
8dcd3108b5
NEW
9276456bf8
NEW
994930c79a
NEW
ab147c2b58
NEW
ac238609b7
NEW
af614537c1
NEW
b502f83a7c
NEW
c66d771507
NEW
c8d42bea74
NEW
d20f157117
NEW
d8040f84d4
NEW
d9cb288f31
NEW
e4240d7958
NEW
e9117180db
NEW
e9667ba9e6
NEW
e9a62d4b65
NEW
ecc40fb127
NEW
f593071f74
NEW
fb486908b0
NEW none[none]
none [none]
none [none]
none [none]
none [0]
none [none]
none [none]
none [none]
none [none]
none [none]
none [none]
none [3]
none [0]
none [none]
none [none]
8d5f86583f[0]
none [none]
none [none]
none [none]
none [none]
none [0]
none [0]
none [0]
none [none]
none [none]
none [none]
none [none]
none [none]
none [none]
none [none]
none [none]
28f5be93b0[0]
none [none]
none [none]
738f555183[0]
d683995e84[0]
45603a001c[0]
none [none]
none [none]
none [none]
none [none]
none [none]
none [none]
none [none] none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
ASM:Graph
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
ASM:Graph
none:none
none:none
ASM:Graph
ASM:Graph
ASM:Graph
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none|none
none|none
none|none
none|none
none|none
none|none
none|none
none|none
none|none
none|none
none|none
UPX|
PolyEnE|
none|none
none|none
PolyEnE|
none|none
none|none
none|none
none|none
none|none
PolyEnE|
PolyEnE|
none|none
none|none
none|none
none|none
none|none
none|none
none|none
none|none
PolyEnE|
none|none
none|none
PolyEnE|
PolyEnE|
UPX|
none|none
none|none
none|none
none|none
none|none
none|none
none|none none
none
none
none
lines=60
none
none
none
none
none
none
none
lines=73
none
none
lines=68
none
none
none
none
lines=61
lines=68
lines=93
embedded dns
none
none
none
none
none
none
none
none
lines=73
none
none
lines=68
lines=73
lines=174
embedded dns
none
none
none
none
none
none
none none
none
none
none
trace
none
none
none
none
none
none
trace
trace
none
none
trace
none
none
none
none
trace
trace
trace
none
none
none
none
none
none
none
none
trace
none
none
trace
trace
trace
none
none
none
none
none
none
none

T:13:12:00 Win2K-f 182.18.142.163 (-):
. n/a US:www.maxmind.com
EU:checkip.dyndns.org
DE:131.220.6.26:80 445 pcap raw alerts
ruleset http
10 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:13:26:00 WinXP 88.155.92.191 (-):
LIMITED LIABILITY COMPANY ASTELIT,
UA. (DSL) n/a DE:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball none none none none none none none

T:13:43:00 WinXP 186.180.59.234 (-):
. n/a DE:moscow-advokat.ru
DE:82.98.86.164:6667 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball none none none none none none none

T:14:12:00 WinXP 178.72.61.160 (FINEBLANK.COM):
EU-ZZ,
UK. (DSL) 213.155.14.161:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

15:35:00 Win2K-f 182.18.189.221 (-):
. n/a US:www.maxmind.com
:www.getmyip.org
US:checkip.dyndns.org
:getmyip.co.uk
US:208.43.124.51:80
EU:91.198.22.70:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 41 of 43
1 of 43
40 of 41
39 of 41
29 of 29
38 of 43
22 of 43
1 of 43
none
35 of 43
15 of 42
7 of 37
29 of 29
32 of 32
35 of 43
39 of 40
41 of 42
37 of 43
43 of 43
38 of 44
31 of 32
26 of 28
25 of 25
37 of 42
38 of 42
1 of 43
38 of 41
38 of 44
43 of 43
1 of 43
38 of 43
32 of 32
42 of 43
40 of 43
34 of 34
39 of 41
3 of 37
9 of 42
36 of 43
41 of 41
26 of 43
41 of 42
16 of 44
41 of 43 04d4170d3b
NEW
0a5f0b13d6
NEW
1096ba143e
NEW
169a5d5c84
NEW
1a2c0e6130
NEW
1e46eb92be
NEW
258c957144
NEW
2dbc977045
NEW
2f6cab0a72
NEW
3129f5662b
NEW
3420de55b8
NEW
3862324588
NEW
3ae357d17b
NEW
488d27fe97
NEW
595430f951
NEW
5e8ccc4190
NEW
63d3d93432
NEW
69f32b85f1
NEW
6ffc4847e4
NEW
71395792c5
NEW
741e3b03b3
NEW
7d99b0e910
NEW
7f60162c2c
NEW
88edab3d8b
NEW
8a2553433c
NEW
8dcd3108b5
NEW
9276456bf8
NEW
994930c79a
NEW
ab147c2b58
NEW
ac238609b7
NEW
af614537c1
NEW
b502f83a7c
NEW
c66d771507
NEW
c8d42bea74
NEW
d20f157117
NEW
d8040f84d4
NEW
d9cb288f31
NEW
e4240d7958
NEW
e9117180db
NEW
e9667ba9e6
NEW
e9a62d4b65
NEW
ecc40fb127
NEW
f593071f74
NEW
fb486908b0
NEW none[none]
none [none]
none [none]
none [none]
none [0]
none [none]
none [none]
none [none]
none [none]
none [none]
none [none]
none [3]
none [0]
none [none]
none [none]
8d5f86583f[0]
none [none]
none [none]
none [none]
none [none]
none [0]
none [0]
none [0]
none [none]
none [none]
none [none]
none [none]
none [none]
none [none]
none [none]
none [none]
28f5be93b0[0]
none [none]
none [none]
738f555183[0]
d683995e84[0]
45603a001c[0]
none [none]
none [none]
none [none]
none [none]
none [none]
none [none]
none [none] none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
ASM:Graph
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
ASM:Graph
none:none
none:none
ASM:Graph
ASM:Graph
ASM:Graph
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none|none
none|none
none|none
none|none
none|none
none|none
none|none
none|none
none|none
none|none
none|none
UPX|
PolyEnE|
none|none
none|none
PolyEnE|
none|none
none|none
none|none
none|none
none|none
PolyEnE|
PolyEnE|
none|none
none|none
none|none
none|none
none|none
none|none
none|none
none|none
PolyEnE|
none|none
none|none
PolyEnE|
PolyEnE|
UPX|
none|none
none|none
none|none
none|none
none|none
none|none
none|none none
none
none
none
lines=60
none
none
none
none
none
none
none
lines=73
none
none
lines=68
none
none
none
none
lines=61
lines=68
lines=93
embedded dns
none
none
none
none
none
none
none
none
lines=73
none
none
lines=68
lines=73
lines=174
embedded dns
none
none
none
none
none
none
none none
none
none
none
trace
none
none
none
none
none
none
trace
trace
none
none
trace
none
none
none
none
trace
trace
trace
none
none
none
none
none
none
none
none
trace
none
none
trace
trace
trace
none
none
none
none
none
none
none

T:15:43:00 Win2K-f 182.18.189.221 (-):
. n/a US:www.maxmind.com
US:checkip.dyndns.org
DE:131.220.6.26:80
US:208.43.124.51:80 445 pcap raw alerts
ruleset http
8 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:16:41:00 WinXP 62.40.48.167 (O2.IE):
O2 IRELAND MOBILE PHONE OPERATOR,
DUBLIN, DUBLIN, IE. (DSL) n/a DE:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball none none none none none none none

T:17:06:00 WinXP 124.241.146.168 (STARCAT.NE.JP):
KMN CORPORATION,
NAGOYA, TOKYO, JP. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

T:17:37:00 Win2K-f 4.164.135.51 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
DENVER, COLORADO, US. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
224 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

18:26:00 WinXP 101.13.62.188 (-):
. n/a DE:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 41 of 43
1 of 43
40 of 41
39 of 41
29 of 29
38 of 43
22 of 43
1 of 43
none
35 of 43
15 of 42
7 of 37
29 of 29
32 of 32
35 of 43
39 of 40
41 of 42
37 of 43
43 of 43
38 of 44
31 of 32
26 of 28
25 of 25
37 of 42
38 of 42
1 of 43
38 of 41
38 of 44
43 of 43
1 of 43
38 of 43
32 of 32
42 of 43
40 of 43
34 of 34
39 of 41
3 of 37
9 of 42
36 of 43
41 of 41
26 of 43
41 of 42
16 of 44
41 of 43 04d4170d3b
NEW
0a5f0b13d6
NEW
1096ba143e
NEW
169a5d5c84
NEW
1a2c0e6130
NEW
1e46eb92be
NEW
258c957144
NEW
2dbc977045
NEW
2f6cab0a72
NEW
3129f5662b
NEW
3420de55b8
NEW
3862324588
NEW
3ae357d17b
NEW
488d27fe97
NEW
595430f951
NEW
5e8ccc4190
NEW
63d3d93432
NEW
69f32b85f1
NEW
6ffc4847e4
NEW
71395792c5
NEW
741e3b03b3
NEW
7d99b0e910
NEW
7f60162c2c
NEW
88edab3d8b
NEW
8a2553433c
NEW
8dcd3108b5
NEW
9276456bf8
NEW
994930c79a
NEW
ab147c2b58
NEW
ac238609b7
NEW
af614537c1
NEW
b502f83a7c
NEW
c66d771507
NEW
c8d42bea74
NEW
d20f157117
NEW
d8040f84d4
NEW
d9cb288f31
NEW
e4240d7958
NEW
e9117180db
NEW
e9667ba9e6
NEW
e9a62d4b65
NEW
ecc40fb127
NEW
f593071f74
NEW
fb486908b0
NEW none[none]
none [none]
none [none]
none [none]
none [0]
none [none]
none [none]
none [none]
none [none]
none [none]
none [none]
none [3]
none [0]
none [none]
none [none]
8d5f86583f[0]
none [none]
none [none]
none [none]
none [none]
none [0]
none [0]
none [0]
none [none]
none [none]
none [none]
none [none]
none [none]
none [none]
none [none]
none [none]
28f5be93b0[0]
none [none]
none [none]
738f555183[0]
d683995e84[0]
45603a001c[0]
none [none]
none [none]
none [none]
none [none]
none [none]
none [none]
none [none] none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
ASM:Graph
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
ASM:Graph
none:none
none:none
ASM:Graph
ASM:Graph
ASM:Graph
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none|none
none|none
none|none
none|none
none|none
none|none
none|none
none|none
none|none
none|none
none|none
UPX|
PolyEnE|
none|none
none|none
PolyEnE|
none|none
none|none
none|none
none|none
none|none
PolyEnE|
PolyEnE|
none|none
none|none
none|none
none|none
none|none
none|none
none|none
none|none
PolyEnE|
none|none
none|none
PolyEnE|
PolyEnE|
UPX|
none|none
none|none
none|none
none|none
none|none
none|none
none|none none
none
none
none
lines=60
none
none
none
none
none
none
none
lines=73
none
none
lines=68
none
none
none
none
lines=61
lines=68
lines=93
embedded dns
none
none
none
none
none
none
none
none
lines=73
none
none
lines=68
lines=73
lines=174
embedded dns
none
none
none
none
none
none
none none
none
none
none
trace
none
none
none
none
none
none
trace
trace
none
none
trace
none
none
none
none
trace
trace
trace
none
none
none
none
none
none
none
none
trace
none
none
trace
trace
trace
none
none
none
none
none
none
none

18:53:00 Win2K-f 182.18.140.163 (-):
. n/a US:www.maxmind.com
:getmyip.co.uk
:www.getmyip.org
EU:checkip.dyndns.org
DE:131.220.6.26:80 445 pcap raw alerts
ruleset http
5 lines Yeah : 0.8
profile none summary
tarball 41 of 43
1 of 43
40 of 41
39 of 41
29 of 29
38 of 43
22 of 43
1 of 43
none
35 of 43
15 of 42
7 of 37
29 of 29
32 of 32
35 of 43
39 of 40
41 of 42
37 of 43
43 of 43
38 of 44
31 of 32
26 of 28
25 of 25
37 of 42
38 of 42
1 of 43
38 of 41
38 of 44
43 of 43
1 of 43
38 of 43
32 of 32
42 of 43
40 of 43
34 of 34
39 of 41
3 of 37
9 of 42
36 of 43
41 of 41
26 of 43
41 of 42
16 of 44
41 of 43 04d4170d3b
NEW
0a5f0b13d6
NEW
1096ba143e
NEW
169a5d5c84
NEW
1a2c0e6130
NEW
1e46eb92be
NEW
258c957144
NEW
2dbc977045
NEW
2f6cab0a72
NEW
3129f5662b
NEW
3420de55b8
NEW
3862324588
NEW
3ae357d17b
NEW
488d27fe97
NEW
595430f951
NEW
5e8ccc4190
NEW
63d3d93432
NEW
69f32b85f1
NEW
6ffc4847e4
NEW
71395792c5
NEW
741e3b03b3
NEW
7d99b0e910
NEW
7f60162c2c
NEW
88edab3d8b
NEW
8a2553433c
NEW
8dcd3108b5
NEW
9276456bf8
NEW
994930c79a
NEW
ab147c2b58
NEW
ac238609b7
NEW
af614537c1
NEW
b502f83a7c
NEW
c66d771507
NEW
c8d42bea74
NEW
d20f157117
NEW
d8040f84d4
NEW
d9cb288f31
NEW
e4240d7958
NEW
e9117180db
NEW
e9667ba9e6
NEW
e9a62d4b65
NEW
ecc40fb127
NEW
f593071f74
NEW
fb486908b0
NEW none[none]
none [none]
none [none]
none [none]
none [0]
none [none]
none [none]
none [none]
none [none]
none [none]
none [none]
none [3]
none [0]
none [none]
none [none]
8d5f86583f[0]
none [none]
none [none]
none [none]
none [none]
none [0]
none [0]
none [0]
none [none]
none [none]
none [none]
none [none]
none [none]
none [none]
none [none]
none [none]
28f5be93b0[0]
none [none]
none [none]
738f555183[0]
d683995e84[0]
45603a001c[0]
none [none]
none [none]
none [none]
none [none]
none [none]
none [none]
none [none] none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
ASM:Graph
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
ASM:Graph
none:none
none:none
ASM:Graph
ASM:Graph
ASM:Graph
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none|none
none|none
none|none
none|none
none|none
none|none
none|none
none|none
none|none
none|none
none|none
UPX|
PolyEnE|
none|none
none|none
PolyEnE|
none|none
none|none
none|none
none|none
none|none
PolyEnE|
PolyEnE|
none|none
none|none
none|none
none|none
none|none
none|none
none|none
none|none
PolyEnE|
none|none
none|none
PolyEnE|
PolyEnE|
UPX|
none|none
none|none
none|none
none|none
none|none
none|none
none|none none
none
none
none
lines=60
none
none
none
none
none
none
none
lines=73
none
none
lines=68
none
none
none
none
lines=61
lines=68
lines=93
embedded dns
none
none
none
none
none
none
none
none
lines=73
none
none
lines=68
lines=73
lines=174
embedded dns
none
none
none
none
none
none
none none
none
none
none
trace
none
none
none
none
none
none
trace
trace
none
none
trace
none
none
none
none
trace
trace
trace
none
none
none
none
none
none
none
none
trace
none
none
trace
trace
trace
none
none
none
none
none
none
none

T:19:02:00 Win2K-f 182.18.140.163 (-):
. n/a US:www.maxmind.com
US:checkip.dyndns.org 445 pcap raw alerts
ruleset http
19 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:21:52:00 WinXP 124.45.57.41 (WAKWAK.NE.JP):
NTT-ME CORPORATION,
TOKYO, TOKYO, JP. (DIAL) n/a 445 pcap raw alerts
ruleset shell
ftp
14 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

T:23:21:00 WinXP 74.115.72.169 (MTCBROADBAND.NET):
MTC BROADBAND INC,
US. (DSL) n/a :siliconfireware.ru
RU:www.bbin.ru
:wpad
RU:195.200.213.54:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball none none none none none none none

T:23:33:00 WinXP 176.8.176.186 (-):
. n/a DE:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball none none none none none none none

T:23:36:00 WinXP 1.200.30.214 (-):
. 213.155.14.161:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

23:54:00 WinXP 186.58.144.12 (COM.AR):
TELEFONICA DE ARGENTINA,
AR. (DSL) n/a DE:citi-bank.ru
DE:213.155.14.161:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 41 of 43
1 of 43
40 of 41
39 of 41
29 of 29
38 of 43
22 of 43
1 of 43
none
35 of 43
15 of 42
7 of 37
29 of 29
32 of 32
42 of 42
35 of 43
39 of 40
41 of 42
37 of 43
43 of 43
38 of 44
31 of 32
26 of 28
25 of 25
37 of 42
38 of 42
1 of 43
38 of 41
38 of 44
43 of 43
1 of 43
38 of 43
32 of 32
42 of 43
40 of 43
34 of 34
39 of 41
3 of 37
9 of 42
36 of 43
41 of 41
26 of 43
41 of 42
16 of 44
41 of 43 04d4170d3b
NEW
0a5f0b13d6
NEW
1096ba143e
NEW
169a5d5c84
NEW
1a2c0e6130
NEW
1e46eb92be
NEW
258c957144
NEW
2dbc977045
NEW
2f6cab0a72
NEW
3129f5662b
NEW
3420de55b8
NEW
3862324588
NEW
3ae357d17b
NEW
488d27fe97
NEW
4aa9b2104a
NEW
595430f951
NEW
5e8ccc4190
NEW
63d3d93432
NEW
69f32b85f1
NEW
6ffc4847e4
NEW
71395792c5
NEW
741e3b03b3
NEW
7d99b0e910
NEW
7f60162c2c
NEW
88edab3d8b
NEW
8a2553433c
NEW
8dcd3108b5
NEW
9276456bf8
NEW
994930c79a
NEW
ab147c2b58
NEW
ac238609b7
NEW
af614537c1
NEW
b502f83a7c
NEW
c66d771507
NEW
c8d42bea74
NEW
d20f157117
NEW
d8040f84d4
NEW
d9cb288f31
NEW
e4240d7958
NEW
e9117180db
NEW
e9667ba9e6
NEW
e9a62d4b65
NEW
ecc40fb127
NEW
f593071f74
NEW
fb486908b0
NEW none[none]
none [none]
none [none]
none [none]
none [0]
none [none]
none [none]
none [none]
none [none]
none [none]
none [none]
none [3]
none [0]
none [none]
none [none]
none [none]
8d5f86583f[0]
none [none]
none [none]
none [none]
none [none]
none [0]
none [0]
none [0]
none [none]
none [none]
none [none]
none [none]
none [none]
none [none]
none [none]
none [none]
28f5be93b0[0]
none [none]
none [none]
738f555183[0]
d683995e84[0]
45603a001c[0]
none [none]
none [none]
none [none]
none [none]
none [none]
none [none]
none [none] none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
ASM:Graph
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
ASM:Graph
none:none
none:none
ASM:Graph
ASM:Graph
ASM:Graph
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none|none
none|none
none|none
none|none
none|none
none|none
none|none
none|none
none|none
none|none
none|none
UPX|
PolyEnE|
none|none
none|none
none|none
PolyEnE|
none|none
none|none
none|none
none|none
none|none
PolyEnE|
PolyEnE|
none|none
none|none
none|none
none|none
none|none
none|none
none|none
none|none
PolyEnE|
none|none
none|none
PolyEnE|
PolyEnE|
UPX|
none|none
none|none
none|none
none|none
none|none
none|none
none|none none
none
none
none
lines=60
none
none
none
none
none
none
none
lines=73
none
none
none
lines=68
none
none
none
none
lines=61
lines=68
lines=93
embedded dns
none
none
none
none
none
none
none
none
lines=73
none
none
lines=68
lines=73
lines=174
embedded dns
none
none
none
none
none
none
none none
none
none
none
trace
none
none
none
none
none
none
trace
trace
none
none
none
trace
none
none
none
none
trace
trace
trace
none
none
none
none
none
none
none
none
trace
none
none
trace
trace
trace
none
none
none
none
none
none
none