[[analysis:norman:7a67f7a8c844820c1bae3ebf720c1cd9]]
 
Trace: home » analysis » norman » 7a67f7a8c844820c1bae3ebf720c1cd9 
Norman Scanner Engine 5.83.  2
Sandbox 05.83, dated 20/05-2005

Your message ID (for later reference): 20050816-976

nepenthes-7a67f7a8c844820c1bae3ebf720c1cd9-a2155.exe : Not detected by sandbox (Signature: NO_VIRUS)
 [ General information ]
    * **IMPORTANT: PLEASE SEND THE SCANNED FILE TO: ANALYSIS@NORMAN.NO - REMEMBER TO ENCRYPT IT (E.G. ZIP WITH PASSWORD)**.
    * File length:        10366 bytes.

 [ Changes to filesystem ]
    * Creates file C:\WINDOWS\TEMP\222.bat.
    * Creates file C:\WINDOWS\SYSTEM\wintbp.exe.

 [ Changes to registry ]
    * Creates value "wintbp.exe"="wintbp.exe" in key "HKLM\Software\Microsoft\Windows\CurrentVersion\Run".

 [ Network services ]
    * Connects to "0.0.192.27" on port 445 (IP).
    * Connects to "72.20.27.115" on port 8080 (TCP).
    * Connects to "0.0.192.24" on port 445 (Unknown).
    * Connects to "54.65.16.47" on port 445 (Unknown).
    * Connects to "48.123.10.89" on port 445 (Unknown).
    * Connects to "30.41.120.55" on port 445 (Unknown).
    * Connects to "98.109.60.75" on port 445 (Unknown).
    * Connects to "110.57.72.7" on port 445 (Unknown).
    * Connects to "50.125.12.91" on port 445 (Unknown).
    * Connects to "126.9.88.23" on port 445 (Unknown).
    * Connects to "24.35.114.1" on port 445 (Unknown).
    * Connects to "44.103.54.69" on port 445 (Unknown).
    * Connects to "104.51.66.17" on port 445 (Unknown).
    * Connects to "86.97.48.79" on port 445 (Unknown).
    * Connects to "80.27.42.121" on port 445 (Unknown).
    * Connects to "4.95.110.61" on port 445 (Unknown).
    * Connects to "96.107.58.73" on port 445 (Unknown).
    * Connects to "14.89.104.39" on port 445 (Unknown).
    * Connects to "82.29.44.123" on port 445 (Unknown).
    * Connects to "56.67.18.33" on port 445 (Unknown).
    * Connects to "102.49.64.31" on port 445 (Unknown).
    * Connects to "32.43.122.9" on port 445 (Unknown).
    * Connects to "78.25.40.103" on port 445 (Unknown).
    * Connects to "18.93.108.59" on port 445 (Unknown).
    * Connects to "94.105.56.119" on port 445 (Unknown).
    * Connects to "120.3.82.97" on port 445 (Unknown).
    * Connects to "38.113.0.95" on port 445 (Unknown).
    * Connects to "40.115.2.81" on port 445 (Unknown).
    * Connects to "22.33.112.15" on port 445 (Unknown).
    * Connects to "16.91.106.57" on port 445 (Unknown).
    * Connects to "68.31.46.125" on port 445 (Unknown).

 [ Process/window information ]
    * Will automatically restart after boot (I'll be back...).
    * Creates a mutex wintbp.exe.
    * Attemps to open C:\WINDOWS\TEMP\\222.bat NULL.
    * Attemps to open C:\WINDOWS\SYSTEM\wintbp.exe NULL.


(C) 2004 Norman ASA. All Rights Reserved.
The material presented is distributed by Norman ASA as an information source only.
Sent by removed@email.com to sandbox.

Received 16.Aug 2005 at 21.31 - processed 16.Aug 2005 at 21.36.
 
analysis/norman/7a67f7a8c844820c1bae3ebf720c1cd9.txt · Last modified: 2006/03/05 20:14
 
Recent changes RSS feed Creative Commons License Donate Powered by PHP Valid XHTML 1.0 Valid CSS Driven by DokuWiki