Single Report

Details

Submission Details

Date Submitted Submitted Submission Name File in Submission
2012-09-09 02:00:02 msknight: Knight, Michael msknight_134717040209105488 連接到受害者電腦.exe
2012-09-09 02:00:02 msknight: Knight, Michael msknight_134717040209105488 連接到受害者電腦.exe
2012-09-09 02:00:02 msknight: Knight, Michael msknight_134717040209105488 連接到受害者電腦.exe
2012-09-09 02:00:02 msknight: Knight, Michael msknight_134717040209105488 連接到受害者電腦.exe
2012-09-09 02:00:02 msknight: Knight, Michael msknight_134717040209105488 連接到受害者電腦.exe

Results Summary

Finding Count
Number of times identifed as a virus 12
Number of times identifed as a virus 30
Number of registry keys read or modified 3070
Number of network connection attempted 389

Overview

MD5 6badb4b96e4b7727e6cf0c2d72b72e97
SHA-1 bf33cb2aa1b59e855434a46c2aa2629bb390a3a9
SHA-256 daf6a908850c86c7cfd1872f36c3f7c430aec71238b70ab7b8d4ec8ec8bb98b5
Filetype PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Filesize 365056
SSDeep 6144:RwXs24E1GgBzVJJlir5gJtLuAxrVSjJxei4IFMuuuuuuuuuuuuuuuuuuuuuuuuuU:GvGgZVHY+fkjJJ4sMuuuuuuuuuuuuuuz
Cases 349B-NY-1234567 , 351C-SF-3245678
Request Further Analysis: Pony EC Analysis
Download

Antivirus Results

Tool Results
PandaAVCL W32/Sality.AF
Avast Win32:Sality
TrendMicro PE_SALITY.EK
BitDefender Win32.Sality.2.OE
Avira [W32/Sality] Contains signature of the Windows virus W32/Sality
Nod32 Win32/Sality.NAO virus
Quick Heal W32.Sality.R
More
Help
Download

Network Activity

The following network activity occurs during this file's execution

Operating System Event Direction Protocol Remote IP Address Local Port Remote Port Remote Hostname
Windows XP SP3 (INet Sim) Connection Outgoing Binary 58.40.150.204 1219 5517  
Windows XP SP3 (INet Sim) Connection Outgoing Binary 58.40.150.204 1219 5517  
Windows XP SP3 (INet Sim) Connection Outgoing Binary 58.40.150.204 1219 5517  
Windows XP SP3 (INet Sim) Connection Outgoing Binary 58.40.150.204 1219 5517  
Windows XP SP3 (INet Sim) Connection Outgoing Binary 58.40.150.204 1219 5517  
Windows XP SP3 (INet Sim) Connection Outgoing Binary 58.40.150.204 1219 5517  
Windows XP SP3 (INet Sim) Connection Outgoing Binary 58.40.150.204 1219 5517  
Windows XP SP3 (INet Sim) Connection Outgoing Binary 58.40.150.204 1219 5517  
Windows XP SP3 (INet Sim) Connection Outgoing Binary 58.40.150.204 1219 5517  
Windows XP SP3 (INet Sim) Connection Outgoing Binary 58.40.150.204 1219 5517  
More
Help
Download

Process Information

The following process information was recorded during this file's execution

Operating System Event Direction File Name
Windows XP SP3 (INet Sim) Connection Outgoing C:\Program Files\ICW\bin\sshd.exe
Windows XP SP3 (INet Sim) Connection Outgoing C:\Program Files\ICW\bin\sshd.exe
Windows XP SP3 (INet Sim) Connection Outgoing C:\Program Files\ICW\bin\sshd.exe
Windows XP SP3 (INet Sim) Connection Outgoing C:\Program Files\ICW\bin\sshd.exe
Windows XP SP3 (INet Sim) Connection Outgoing C:\Program Files\ICW\bin\sshd.exe
Windows XP SP3 (INet Sim) Connection Outgoing C:\Program Files\ICW\bin\sshd.exe
Windows XP SP3 (INet Sim) Connection Outgoing C:\Program Files\ICW\bin\sshd.exe
Windows XP SP3 (INet Sim) Connection Outgoing C:\Program Files\ICW\bin\sshd.exe
Windows XP SP3 (INet Sim) Connection Outgoing C:\Program Files\ICW\bin\sshd.exe
Windows XP SP3 (INet Sim) Connection Outgoing C:\Program Files\ICW\bin\sshd.exe
More
Help
Download

File System Modifications

The following file system modifications are made during this file's execution

Operating System Event File Name MDS File Size
Windows XP SP3 (INet Sim) Connection C:\Program Files\ICW\bin\sshd.exe 3313145c4d206449a15e9af3afc5f530 254
Windows XP SP3 (INet Sim) Connection C:\Program Files\ICW\bin\sshd.exe 3313145c4d206449a15e9af3afc5f530 0
Windows XP SP3 (INet Sim) Connection C:\Program Files\ICW\bin\sshd.exe 3313145c4d206449a15e9af3afc5f530 36506
Windows XP SP3 (INet Sim) Connection C:\Program Files\ICW\bin\sshd.exe 3313145c4d206449a15e9af3afc5f530 5506
Windows XP SP3 (INet Sim) Connection C:\Program Files\ICW\bin\sshd.exe 3313145c4d206449a15e9af3afc5f530 940053
Windows XP SP3 (INet Sim) Connection C:\Program Files\ICW\bin\sshd.exe 3313145c4d206449a15e9af3afc5f530 8
Windows XP SP3 (INet Sim) Connection C:\Program Files\ICW\bin\sshd.exe 3313145c4d206449a15e9af3afc5f530 267
Windows XP SP3 (INet Sim) Connection C:\Program Files\ICW\bin\sshd.exe 3313145c4d206449a15e9af3afc5f530 268
Windows XP SP3 (INet Sim) Connection C:\Program Files\ICW\bin\sshd.exe 3313145c4d206449a15e9af3afc5f530 365056
Windows XP SP3 (INet Sim) Connection C:\Program Files\ICW\bin\sshd.exe 3313145c4d206449a15e9af3afc5f530 106342
More
Help
Download

Registry Modifications

The following registry modifications are made during this file's execution

Operating System Event Key Name Value Name Data Size Data
Windows XP SP3 (INet Sim) Connection C:\Program Files\ICW\bin\sshd.exe 3313145c4d206449a15e9af3afc5f530 254 3004514389
Windows XP SP3 (INet Sim) Connection C:\Program Files\ICW\bin\sshd.exe 3313145c4d206449a15e9af3afc5f530 0 3004514389
Windows XP SP3 (INet Sim) Connection C:\Program Files\ICW\bin\sshd.exe 3313145c4d206449a15e9af3afc5f530 36506 3004514389
Windows XP SP3 (INet Sim) Connection C:\Program Files\ICW\bin\sshd.exe 3313145c4d206449a15e9af3afc5f530 5506 3004514389
Windows XP SP3 (INet Sim) Connection C:\Program Files\ICW\bin\sshd.exe 3313145c4d206449a15e9af3afc5f530 940053 3004514389
Windows XP SP3 (INet Sim) Connection C:\Program Files\ICW\bin\sshd.exe 3313145c4d206449a15e9af3afc5f530 8 3004514389
Windows XP SP3 (INet Sim) Connection C:\Program Files\ICW\bin\sshd.exe 3313145c4d206449a15e9af3afc5f530 267 3004514389
Windows XP SP3 (INet Sim) Connection C:\Program Files\ICW\bin\sshd.exe 3313145c4d206449a15e9af3afc5f530 268 3004514389
Windows XP SP3 (INet Sim) Connection C:\Program Files\ICW\bin\sshd.exe 3313145c4d206449a15e9af3afc5f530 365056 3004514389
Windows XP SP3 (INet Sim) Connection C:\Program Files\ICW\bin\sshd.exe 3313145c4d206449a15e9af3afc5f530 106342 3004514389
More
Help
Download

Strings

The following interesting strings were found in this file

  • Windows XP SP3 (INet Sim)
  • Connection
  • C:\Program Files\ICW\bin\sshd.exe
  • 3313145c4d206449a15e9af3afc5f530
  • 254
  • 3004514389
  • Windows XP SP3 (INet Sim)
  • Connection
  • C:\Program Files\ICW\bin\sshd.exe
  • 3313145c4d206449a15e9af3afc5f530
  • 254
  • 3004514389
  • Windows XP SP3 (INet Sim)
  • Connection
  • C:\Program Files\ICW\bin\sshd.exe
  • 3313145c4d206449a15e9af3afc5f530
  • 254
  • 3004514389
  • Windows XP SP3 (INet Sim)
  • Connection
  • C:\Program Files\ICW\bin\sshd.exe
  • 3313145c4d206449a15e9af3afc5f530
  • 254
  • 3004514389
  • Windows XP SP3 (INet Sim)
  • Connection
  • C:\Program Files\ICW\bin\sshd.exe
  • 3313145c4d206449a15e9af3afc5f530
  • 254
  • 3004514389
  • Windows XP SP3 (INet Sim)
  • Connection
  • C:\Program Files\ICW\bin\sshd.exe
  • 3313145c4d206449a15e9af3afc5f530
  • 254
  • 3004514389
  • Windows XP SP3 (INet Sim)
  • Connection
  • C:\Program Files\ICW\bin\sshd.exe
  • 3313145c4d206449a15e9af3afc5f530
  • 254
  • 3004514389
  • Windows XP SP3 (INet Sim)
  • Connection
  • C:\Program Files\ICW\bin\sshd.exe
  • 3313145c4d206449a15e9af3afc5f530
  • 254
  • 3004514389
  • Windows XP SP3 (INet Sim)
  • Connection
  • C:\Program Files\ICW\bin\sshd.exe
  • 3313145c4d206449a15e9af3afc5f530
  • 254
  • 3004514389
  • Windows XP SP3 (INet Sim)
  • Connection
  • C:\Program Files\ICW\bin\sshd.exe
  • 3313145c4d206449a15e9af3afc5f530
  • 254
  • 3004514389
  • Windows XP SP3 (INet Sim)
  • Connection
  • C:\Program Files\ICW\bin\sshd.exe
  • 3313145c4d206449a15e9af3afc5f530
  • 254
  • 3004514389
More
Help
Download

Other Information

This information was also gathered during this file's execution

  • Imports from file: KERNEL32.DLL
  • 0x4b8154: LoadLibraryA
  • 0x4b8158: GetProcAddress
  • 0x4b815c: VirtualAlloc
  • 0x4b8160: VirtualFree
  • 0x4b8164: ExitProcess
  • 0x4b8168: GetModuleHandleA
  • Imports from file: KERNEL32.DLL
  • 0x4b8154: LoadLibraryA
  • 0x4b8158: GetProcAddress
  • 0x4b815c: VirtualAlloc
  • 0x4b8160: VirtualFree
  • 0x4b8164: ExitProcess
  • 0x4b8168: GetModuleHandleA
  • Imports from file: KERNEL32.DLL
  • 0x4b8154: LoadLibraryA
  • 0x4b8158: GetProcAddress
  • 0x4b815c: VirtualAlloc
  • 0x4b8160: VirtualFree
  • 0x4b8164: ExitProcess
  • 0x4b8168: GetModuleHandleA
  • Imports from file: KERNEL32.DLL
  • 0x4b8154: LoadLibraryA
  • 0x4b8158: GetProcAddress
  • 0x4b815c: VirtualAlloc
  • 0x4b8160: VirtualFree
  • 0x4b8164: ExitProcess
  • 0x4b8168: GetModuleHandleA
  • Imports from file: KERNEL32.DLL
  • 0x4b8154: LoadLibraryA
  • 0x4b8158: GetProcAddress
  • 0x4b815c: VirtualAlloc
  • 0x4b8160: VirtualFree
  • 0x4b8164: ExitProcess
  • 0x4b8168: GetModuleHandleA

Help
Download

User Comments

Comments posted in this section will be visible by every user within your organization

  • 9.09.13
  • Lorem ipsum dolor sit amet, consectetur adipiscing elit. Morbi non placerat libero. Nullam facilisis erat ac nisi fringilla volutpat. Ut quis mattis leo. In et adipiscing eros, eu egestas velit. Donec rutrum dolor gravida lobortis facilisis.
  • 9.09.13
  • Lorem ipsum dolor sit amet, consectetur adipiscing elit. Morbi non placerat libero. Nullam facilisis erat ac nisi fringilla volutpat. Ut quis mattis leo. In et adipiscing eros, eu egestas velit. Donec rutrum dolor gravida lobortis facilisis.
  • 9.09.13
  • Lorem ipsum dolor sit amet, consectetur adipiscing elit. Morbi non placerat libero. Nullam facilisis erat ac nisi fringilla volutpat. Ut quis mattis leo. In et adipiscing eros, eu egestas velit. Donec rutrum dolor gravida lobortis facilisis.
More
Help
Download

Join the Conversation

FBI will be presenting Malware Investigator, a new #malware analytical tool, at #ConferenceA. Link #FBIMI

E-Newsletter

Lorem ipsum dolor sit amet, consectetur adipiscing elit. In quis dignissim leo. Aliquam eu dignissim quam, nec euismod nibh.

Federal Bureau of Investigation

©2014 | Privacy Policy

Malwareinvestigator.gov is an official site of the U.S. Government, U.S. Department of Defense