VirusShare.com

VirusShare.com - Because Sharing is Caring

Search for "pirminay" returned 2295 results. Displaying the latest 2295

MD5 45d67c8273ea0a4c6ec7ca31b4d69ce9

SHA1 a820cd8927304efdd28899d305446bc9fab7873a

SHA256 001e748931d5d6d0d4e77f6ecb8f066210f39b1aecd6f6860cbc24be3655345f

SSDeep 6144:tARCc5UrxbHFKBN8yGH6htp7jyGTiK+6h8OZjoM5huAgYIejc9zEdxYjYVQaGqOs:tgCDhlKBmyrhz7jzTiK+6hVdgLzTWl4s

Size 377704 bytes

File Type PE32 executable for MS Windows (GUI) Intel 80386 32-bit

Detections
AntiVir = TR/Crypt.XPACK.Gen2 Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/CI.A Rising = Trojan.DL.Win32.DownLoad.lx K7AntiVirus = Riskware VirusBuster = Trojan.XPACK!Acu0N2f889A VBA32 = Trojan.Pirminay.ifz TrendMicro-HouseCall = TROJ_GEN.R47C2FJ Comodo = TrojWare.Win32.Trojan.Agent.Gen Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Pirminay.ifz McAfee-GW-Edition = Artemis!45D67C8273EA DrWeb = Trojan.DownLoader3.33842 TrendMicro = TROJ_GEN.R47C2FJ Kaspersky = Trojan.Win32.Pirminay.ifz Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Pirminay.IFZ!tr McAfee = Suspect-BA!45D67C8273EA F-Secure = Trojan.Generic.KDV.249778 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Malware-gen eSafe = Win32.TRCrypt.XPACK AVG = Dropper.Generic3.CGMD Norman = W32/Obfuscated.L Sophos = Mal/Generic-L GData = Trojan.Generic.KDV.249778 BitDefender = Trojan.Generic.KDV.249778 NOD32 = Win32/TrojanDownloader.Agent.PXO

ExIF Data
File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:07:25 03:34:37-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 368640 Initialized Data Size : 8192 Uninitialized Data Size : 479232 Entry Point : 0xcfcd0 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI

VirusTotal Report submitted 2011-07-13 06:02:16

VirusShare info last updated 2012-07-25 00:14:31

	MD5	4f82812218fd580ac234d03fe0812a90
	SHA1	02945a13a874ac149318a1cfd7906facd0441cc5
	SHA256	f9b525a79c6a4130f5e4d6af8afe602d79acf843239476c8c97da2f6f6cde369
SSDeep	6144:fmYpXyWsFU90vrvC/rorym+Q/PsbakYyt9cWlh7wZytqSxdQZKjun:f0Tq0elr74CQsjG
Size	362927 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Pirminay.ekh Avast = Win32:Trojan-gen Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Gen.Variant.Vundo AhnLab-V3 = Win-Trojan/Fakeav.362927 Panda = Generic Trojan nProtect = Trojan/W32.Agent.362927 K7AntiVirus = Trojan VirusBuster = Trojan.Agent!Vd0qsQbYUYg TrendMicro-HouseCall = TROJ_GEN.R72C2D7 Emsisoft = Gen.Variant.Vundo!IK Comodo = TrojWare.Win32.Trojan.Agent.Gen CAT-QuickHeal = Trojan.Pirminay.enc McAfee-GW-Edition = Generic Downloader.x!fvi TrendMicro = TROJ_GEN.R72C2D7 Kaspersky = Trojan.Win32.Pirminay.enc Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = PossibleThreat PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.pp McAfee = Generic Downloader.x!fvi F-Secure = Trojan.Generic.KDV.168873 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Vundo-JU [Trj] AVG = Generic21.BPPC Norman = W32/Suspicious_Gen2.KFHGH Sophos = Mal/Ponmocup-A Symantec = Trojan.Gen GData = Trojan.Generic.KDV.168873 TheHacker = Trojan/Pirminay.elk BitDefender = Trojan.Generic.KDV.168873 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:13 05:08:05-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 32768 Initialized Data Size : 651264 Uninitialized Data Size : 0 Entry Point : 0x5372 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 7.0.6000.16386 Product Version Number : 7.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Otknkmzwv Hdahbzdlrrs File Description : IE PNG plugin image decoder File Version : 7.00.6000.16386 (vqamu_rtm.061101-2205) Internal Name : PNGFILT Legal Copyright : © Pjyhwwhfw Bbopzebvpjz. All rights reserved. Original Filename : PNGFILT.DLL Product Name : Fcbovta® Internet Explorer Product Version : 7.00.6000.16386 Ole Self Register :
VirusTotal Report submitted 2011-07-20 21:55:45
VirusShare info last updated 2012-07-25 01:11:38

	MD5	14840f17735ec223294eeff46333027f
	SHA1	cce0ea842ccb4cad8f739c382da8ca1b3771d174
	SHA256	8c2f143da337ed1e7b9b6f877b9839014ebcb0838e7c6c4603fa38588b3f6985
SSDeep	3072:zoGVluTV5ETatzse7HH2Zo9B3K72Uo3hiwYtif0bMqqDLy/cd0ded93OTI:zjlYDS7e72Zonn3Ri9i8YqqDLuRT
Size	163840 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-HF [Cryp] Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Pirminay Panda = Generic Trojan nProtect = Gen:Variant.Vundo.13 K7AntiVirus = Riskware Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] DrWeb = Trojan.Click1.54693 Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen F-Secure = Gen:Variant.Vundo.13 F-Prot = W32/Virtumonde.CH.gen!Eldorado Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.13 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.oxo BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.OXO
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:14 14:58:26-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 106496 Initialized Data Size : 98304 Uninitialized Data Size : 0 Entry Point : 0x1af37 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 3.0.6920.1820 Product Version Number : 3.0.6920.1820 File Flags Mask : 0x003f File Flags : Private build File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Ykodchwab Wnzebbnlxzw File Description : PresentationFramework.Luna.dll File Version : 3.0.6920.1820 built by: NetFXw7 Internal Name : PresentationFramework.Luna.dll Legal Copyright : © Wgeudarkd Ohcpevdikur. All rights reserved. Original Filename : PresentationFramework.Luna.dll Product Name : Fjgjgypbf® .NET Framework Product Version : 3.0.6920.1820 Comments : Flavor=Retail Private Build : DDBLD228
VirusTotal Report submitted 2011-11-01 15:24:33
VirusShare info last updated 2012-07-25 01:14:30

	MD5	48ddd96bee59ddc03cab888e92854383
	SHA1	d2dc2f3c291d92ba5557adf31923d434bf617ba8
	SHA256	d7267012ad3aaa34b2991ac6ae66731931bfa860c0b923ce9d0eb8999eecc6dd
SSDeep	12288:lP6AkYbDdZiOB48hpZhWYugNHkfH33Nzsgwf5KPUQj0:zkKDOOavgRkP3mz5KPt
Size	844800 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = BDS/Kelihos.B.1317 Avast = Win32:Kelihos-D [Trj] Ikarus = Backdoor.Win32.Kelihos AhnLab-V3 = Win-Trojan/Fakeav.844800.T Panda = Trj/Mystic.a nProtect = Gen:Variant.Kazy.33973 K7AntiVirus = Trojan TrendMicro-HouseCall = TROJ_GEN.R74C2IC Emsisoft = Backdoor.Win32.Kelihos!IK McAfee-GW-Edition = FakeAlert-SecurityTool.cv TrendMicro = TROJ_GEN.R74C2IC Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Backdoor:Win32/Kelihos.B Fortinet = W32/Pirminay.BMF!tr PCTools = HeurEngine.Mystic McAfee = FakeAlert-SecurityTool.cv VIPRE = Trojan.Win32.Generic!SB.0 F-Prot = W32/FakeAlert.QW.gen!Eldorado AVG = Generic24.CBPS Norman = W32/Kryptik.AFR Sophos = Mal/Generic-L Symantec = Packed.Mystic!gen9 GData = Gen:Variant.Kazy.33973 Commtouch = W32/FakeAlert.QW.gen!Eldorado BitDefender = Gen:Variant.Kazy.33973 NOD32 = a variant of Win32/Kryptik.RPV
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:01:04 13:48:19-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 107008 Initialized Data Size : 736768 Uninitialized Data Size : 0 Entry Point : 0x1a4ec OS Version : 5.0 Image Version : 0.0 Subsystem Version : 5.0 Subsystem : Windows GUI File Version Number : 0.1.10265.62503 Product Version Number : 0.1.10265.62503 File Flags Mask : 0x0000 File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Ritlabs S.R.L. File Description : Fx4fP0ndJnXH0u File Version : BIjqYmXfASSy Internal Name : lsa5EDaNIpNOWO Legal Copyright : 4F2xVREH Original Filename : P0GV Product Name : cvoQZ1jIOBiW Product Version : soSD9Zx5FO6v Warning : Possibly corrupt Version resource
VirusTotal Report submitted 2011-10-30 01:25:25
VirusShare info last updated 2012-07-25 01:17:50

	MD5	54d106c7976eb773d73288a2f9efa28d
	SHA1	279eb419da881a6692fce21fde30fe72c9c0178b
	SHA256	9d468d41e29ccfb857719ab7c5c29d063f9561949e90e6dde7a98f3b2ac38992
SSDeep	1536:pPW/dmW53347JrAdxF2rjORwPaKOL/htyM9LiUlL2hKSmu4wIAYW3IJX6I2Qe/wq:twgW9VdxF2rNCB/zyMBiUlLtJ9QgrA9
Size	126976 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.aba.1 Antiy-AVL = AdWare/Win32.SuperJuan.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Adware/Win32.SuperJuan Panda = Generic Trojan nProtect = Trojan.Generic.5955350 VirusBuster = Adware.SuperJuan!tw3Ge7hg8Xg VBA32 = AdWare.SuperJuan.heur TrendMicro-HouseCall = TROJ_GEN.R30C2EO Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Vundo.av SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[RE] DrWeb = Trojan.Juan.456 TrendMicro = TROJ_GEN.R30C2EO Kaspersky = not-a-virus:AdWare.Win32.SuperJuan.abcr Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = Adware/SuperJuan PCTools = Trojan.Gen VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:Vundo-JU AVG = Generic22.JFG Symantec = Trojan.Gen GData = Trojan.Generic.5955350 BitDefender = Trojan.Generic.5955350 NOD32 = a variant of Win32/Kryptik.GND
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:11:22 18:04:53-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 28672 Initialized Data Size : 131072 Uninitialized Data Size : 0 Entry Point : 0x4915 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.72.9589 Product Version Number : 6.0.72.9589 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : Neutral Character Set : Unicode Comments : Company Name : Vhcrtwtcg Ooanbefznyz File Description : Visual Basic for Applications Runtime - Expression Service File Version : 6.0.9589 Internal Name : EXPSRV.DLL Legal Copyright : Copyright © Lwpnzewau Corp. 1993-1998 Legal Trademarks : Original Filename : EXPSRV.DLL Private Build : Product Name : Sqxbiaifj Visual Basic for Applications Product Version : 6.0 Special Build :
VirusTotal Report submitted 2011-06-03 09:46:06
VirusShare info last updated 2012-07-25 01:18:54

	MD5	60b1d98f9edeab508d059b32a681f78d
	SHA1	cc640e672caf34ad8be382d81b98f2cabb21022e
	SHA256	10081aa266cd80f3266c0714faac5ae875484bbcf38e1209553a96eddfe2991e
SSDeep	6144:UPtZwwlwkhwQGvHXF25uXOMhednOo76dve6:UPow+gwQG/XF3ynkZ
Size	295396 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Pirminay.bsd Antiy-AVL = Trojan/Win32.Agent.gen Ikarus = Trojan-Dropper.Agent AhnLab-V3 = Win-Trojan/Pirminay.295396 Panda = Suspicious file Rising = Trojan.Win32.Generic.126EB18D nProtect = Trojan/W32.Agent.295396 TrendMicro-HouseCall = Cryp_Spypro Emsisoft = Trojan-Dropper.Agent!IK Comodo = TrojWare.Win32.TrojanDownloader.Agent.fqdx TrendMicro = Cryp_Spypro Kaspersky = Trojan-Downloader.Win32.Agent.fqdx Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Agent.FQDX!tr.dldr PCTools = Trojan.ADH Jiangmin = TrojanDownloader.Agent.dgzr F-Secure = Trojan.Generic.KDV.110729 VIPRE = Trojan.Win32.Generic!BT Sophos = Mal/Generic-L Symantec = Trojan.ADH GData = Trojan.Generic.KDV.110729 BitDefender = Trojan.Generic.KDV.110729
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:24 01:43:58-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 253952 Initialized Data Size : 278528 Uninitialized Data Size : 0 Entry Point : 0x3e0a6 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.0.2159.1 Product Version Number : 5.0.2159.1 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Microsoft Internet Server WAM DLL File Version : 5.00.0984 Internal Name : wam.dll Legal Copyright : Copyright (C) Microsoft Corp. 1981-1999 Original Filename : wam.dll Product Name : Internet Information Services Product Version : 5.00.0984
VirusTotal Report submitted 2011-02-02 13:36:56
VirusShare info last updated 2012-07-25 01:20:22

	MD5	60faa371470667e29ec3150f5b209fc5
	SHA1	a9223272c4ccae14bef1ec99c6906e28ebde3980
	SHA256	c7e16a2bfea3e9c22cc86044358b3e8f44611cb61d048461e446562a2aac0634
SSDeep	3072:r6pjmk4rY1p+qak3EOd4FhCYobcJ31JDzcY7H51983Dg:Ux4rY1wW3EW4XroAJ3NH51G
Size	114176 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Suspicious file nProtect = Gen:Variant.Renos.61 K7AntiVirus = Trojan TrendMicro-HouseCall = TROJ_GEN.R4FC3E7 Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Vundo.AV6 McAfee-GW-Edition = Generic.dx!zby DrWeb = Trojan.Virtumod.10080 TrendMicro = TROJ_GEN.R4FC3E7 Kaspersky = Trojan.Win32.Monder.mybj Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Monder.abbr McAfee = Generic.dx!zby F-Secure = Gen:Variant.Renos.61 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CI.gen!Eldorado AVG = Cryptic.BQF Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Renos.61 Symantec = Trojan.Gen.2 Commtouch = W32/Virtumonde.CI.gen!Eldorado TheHacker = Trojan/Monder.mkhb BitDefender = Gen:Variant.Renos.61 NOD32 = a variant of Win32/Kryptik.JHE
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:03:22 14:25:14-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 66048 Initialized Data Size : 84992 Uninitialized Data Size : 0 Entry Point : 0x10e14 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : WMI Performance Reverse Adapter Resources File Version : 5.1.2600.0 (xpclient.010817-1148) Internal Name : WmiApRes.dll Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : WmiApRes.dll Product Name : Microsoft® Windows® Operating System Product Version : 5.1.2600.0
VirusTotal Report submitted 2011-11-07 16:03:58
VirusShare info last updated 2012-07-25 01:20:24

	MD5	a35e762cdfe3fca84eaa8bcd8a5eb8cf
	SHA1	787c9edbdec358a44994f895ea02da231e75c60b
	SHA256	043137e7bbf27d5de3b0bbdd6db782dc7a94d9eb5d6a303a8bff288f698951aa
SSDeep	3072:5Z3iNVaUuPsmudlFi4OQZJyaREyx0R7imuvYHcxvDim:DSNMUxFy
Size	155648 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Agent.155648.XF Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Agent.155648.TG Panda = Trj/CI.A TrendMicro-HouseCall = TROJ_GEN.R3EC2CU Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Generic.dx!xgu TrendMicro = TROJ_GEN.R3EC2CU Microsoft = Trojan:Win32/Vundo McAfee = Generic.dx!xgu F-Secure = Trojan.Generic.5726363 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Malware-gen eSafe = Win32.TRAgent.Xf AVG = Generic21.AVHR GData = Trojan.Generic.5726363 TheHacker = Trojan/Kryptik.lxf BitDefender = Trojan.Generic.5726363 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:06 09:09:45-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 40960 Initialized Data Size : 147456 Uninitialized Data Size : 0 Entry Point : 0x72d1 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Jwlpllcjc Npcgiyyjqjr File Description : Web Transfer Protocols API File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : webio.dll Legal Copyright : © Lfwkkhizx Cxciqtpidga. All rights reserved. Original Filename : webio.dll Product Name : Microsoft® Xcplnqq® Mezxjbusw Uhayqj Product Version : 6.1.7600.16385
VirusTotal Report submitted 2011-04-19 20:27:17
VirusShare info last updated 2012-07-25 01:27:48

	MD5	bef4b2b6937c977890814ad05ec6650e
	SHA1	b6f8d062c0ac84926cab16d1e64baf171a912504
	SHA256	49c3151134914a1ab5aa459621facc7435a874b9bb8ff89c4e893dc3deb3a09d
SSDeep	1536:43ESCOoGFfygdVPzvdyblHNw+LOJnk45Px9:2EdOoGFPdBsBu+LukQr
Size	70144 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Vundo AhnLab-V3 = Trojan/Win32.Pirminay Panda = Suspicious file Rising = Trojan.Win32.Generic.124E1B90 nProtect = Trojan/W32.Vundo.70144.O K7AntiVirus = Riskware VBA32 = Trojan.Pirminay.acf TrendMicro-HouseCall = TROJ_GEN.R72C2BL Emsisoft = Trojan.Win32.Vundo!IK McAfee-GW-Edition = Artemis!BEF4B2B6937C DrWeb = Trojan.Siggen2.7799 TrendMicro = TROJ_GEN.R72C2BL Kaspersky = Trojan.Win32.Pirminay.dgj Microsoft = Trojan:Win32/Vundo PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.dv McAfee = Artemis!BEF4B2B6937C F-Secure = Gen:Variant.Vundo.5 VIPRE = Virtumonde Prevx = High Risk Cloaked Malware Avast5 = Win32:Malware-gen F-Prot = W32/Virtumonde.BZ.gen!Eldorado AVG = Generic21.HIW Symantec = Trojan.Gen GData = Gen:Variant.Vundo.5 Commtouch = W32/Virtumonde.BZ.gen!Eldorado BitDefender = Gen:Variant.Vundo.5 NOD32 = a variant of Win32/Kryptik.IRI
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2005:03:15 21:46:18-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 28672 Initialized Data Size : 77312 Uninitialized Data Size : 0 Entry Point : 0x7e07 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6001.18000 Product Version Number : 6.0.6001.18000 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Link-Layer Topology Mapper Service File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840) Internal Name : LLTDSVC.DLL Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : LLTDSVC.DLL Product Name : Microsoft® Windows® Operating System Product Version : 6.0.6001.18000
VirusTotal Report submitted 2011-02-23 08:45:52
VirusShare info last updated 2012-07-25 02:08:06

	MD5	c5054f3bc785bd2098fd94cfc4a7f916
	SHA1	85db4710ff869dac17e5abed8c024aadfdbe09a3
	SHA256	be7658e5a07f5327497ea7533e36d1034eb19423a75edfa804f3327df69d7fa0
SSDeep	768:MNqRXKvKgsv2mvTB5dxykOj3Z+2KqWuMvgMamDTFOPiVe4Ojuxc2apHGr+:M8svKXRl1bOjJ+db4MN7e4ha4r+
Size	52736 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Suspicious file nProtect = Gen:Variant.Renos.61 K7AntiVirus = Adware VBA32 = AdWare.SuperJuan.abxh TrendMicro-HouseCall = TROJ_GEN.R4FC3DO Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Win32.Trojan.Monder.cs.6 McAfee-GW-Edition = Generic.dx!xfa DrWeb = Trojan.Juan.587 TrendMicro = TROJ_GEN.R4FC3DO Kaspersky = not-a-virus:AdWare.Win32.SuperJuan.adhf Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Adware/SuperJuan.anz McAfee = Generic.dx!xfa F-Secure = Gen:Variant.Renos.61 VIPRE = Trojan.Win32.Kryptik.laq (v) AVG = Cryptic.BPO Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Renos.61 Symantec = Trojan.Gen.2 TheHacker = Trojan/Kryptik.jhe BitDefender = Gen:Variant.Renos.61 NOD32 = a variant of Win32/Kryptik.JHE
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:25 08:09:15-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 8192 Initialized Data Size : 80384 Uninitialized Data Size : 0 Entry Point : 0x2c54 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.3959 Product Version Number : 5.2.3790.3959 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Microsoft Server Appliance Services File Version : 5.2.3790.3959 (srv03_sp2_rtm.070216-1710) Internal Name : APPSRVCS.DLL Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : APPSRVCS.DLL Product Name : Microsoft® Windows® Operating System Product Version : 5.2.3790.3959
VirusTotal Report submitted 2011-11-07 17:03:57
VirusShare info last updated 2012-07-25 02:08:26

	MD5	c7b361ae6050fc5b1292567891688840
	SHA1	a826c98baee1eb0dda81290634570130d6ddff67
	SHA256	dcc8be25d37b8b01488ada23f703689c2c5448db475bcb3fa4c2a2509d131365
SSDeep	3072:uU/BBojWZSMeEUM4nCT/619LbO0n7fuM9+5BTBi1p:hZ0M+CTKlK09oBG
Size	110592 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/Win32.Menti.gen Ikarus = Trojan.Win32.Pirminay Panda = Suspicious file nProtect = Trojan/W32.Agent.110592.XL K7AntiVirus = Riskware VBA32 = AdWare.SuperJuan.heur eTrust-Vet = Win32/Monder.A!generic Emsisoft = Trojan.Win32.Pirminay!IK DrWeb = Trojan.Siggen2.22758 Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Menti.fam!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.cxbo F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-EI [Cryp] F-Prot = W32/Virtumonde.CH.gen!Eldorado Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Menti.gfmj BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.KFJ
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:03:16 01:51:29-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 57344 Initialized Data Size : 86016 Uninitialized Data Size : 0 Entry Point : 0xe534 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.0 Product Version Number : 5.2.3790.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Windows NT Distributed File System Service File Version : 5.2.3790.0 (srv03_rtm.030324-2048) Internal Name : dfssvc.exe Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : dfssvc.exe Product Name : Microsoft® Windows® Operating System Product Version : 5.2.3790.0
VirusTotal Report submitted 2011-09-13 20:43:26
VirusShare info last updated 2012-07-25 02:08:34

	MD5	cc0545bd938a41eea52fd2673675822a
	SHA1	589abdf781f6f7bd4b52d78a4e9ad20439dd8a9a
	SHA256	b56e0d546c5eb6064b59b16b87351f0d01022b57607d96b14539d0f4b2572cbb
SSDeep	1536:mxihC5DN/rDXYD9MAgHrTYWDlp/nyU/kOfVKNT46paTJnW6QsOVaqlxxBVlDpd2:l6BT0D6AUYWJgGNMpLiJntqdxBVlDi
Size	122880 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-GD [Cryp] Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Malware/Win32.Generic Panda = Generic Trojan Rising = Trojan.Win32.Generic.1294F1F7 nProtect = Gen:Variant.Vundo.13 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!Tpg7U8arG3s eTrust-Vet = Win32/Monder.A!generic Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[RE] McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.Click1.63470 Kaspersky = UDS:DangerousObject.Multi.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Genome.akns McAfee = Generic Malware.ms F-Secure = Trojan.Vundo.6614 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic21.ALYC Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Trojan.Vundo.6614 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.llt BitDefender = Trojan.Vundo.6614 NOD32 = a variant of Win32/Kryptik.LLT
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:08:03 21:51:55-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 98304 Initialized Data Size : 57344 Uninitialized Data Size : 0 Entry Point : 0x149bd OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Qcfjrffwv Goniltyuaqw File Description : Todypdrme® InfoTech IR Local DLL File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : ITIRCL Legal Copyright : © Innghrpfk Fwsdatwywoy. All rights reserved. Original Filename : ITIRCL.DLL Product Name : Yyvmvgswn® Cttnpjc® Xgadslian System Product Version : 6.1.7600.16385
VirusTotal Report submitted 2011-11-01 06:55:04
VirusShare info last updated 2012-07-25 02:08:49

	MD5	d6043b56ec3cd7cef8366259a26fbefa
	SHA1	3644d77199d365d3abb0fd8579e78ac1c833c186
	SHA256	03bfcd263c64aa844c5503cc9edb6b74c40629b0bf938efceaed09e7bac9b9d1
SSDeep	1536:Fdmc6ge8S0/gpbue8UaYx6dmj8oGl6uRpWo4VtLB5m4o7b0uaPWgII/m:Fcc6yLe8F06YIR6upWpnLB5no7b0VWg2
Size	82432 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:MalOb-HH [Cryp] Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.ATRAPS AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/Vundo.R nProtect = Trojan/W32.Pirminay.82432 K7AntiVirus = Riskware VBA32 = Trojan.Pirminay.aqi eTrust-Vet = Win32/Vundo.HQJ Emsisoft = Trojan.ATRAPS!IK CAT-QuickHeal = Trojan.Vundo.AV5 McAfee-GW-Edition = Artemis!D6043B56EC3C DrWeb = Trojan.Siggen2.13811 Kaspersky = Trojan.Win32.Monder.drjy Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Monder.BMF!tr Jiangmin = Trojan/Pirminay.eh McAfee = Vundo!mr VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.BZ.gen!Eldorado Norman = W32/Kryptik.AIF Sophos = Mal/Generic-L GData = Gen:Variant.Vundo.4 Commtouch = W32/Virtumonde.BZ.gen!Eldorado TheHacker = Trojan/Pirminay.axd BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.ITN
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2002:08:09 13:59:32-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 72192 Initialized Data Size : 46592 Uninitialized Data Size : 0 Entry Point : 0x12787 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.1106 Product Version Number : 5.1.2600.1106 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : DLL Interface to TermDD Device Driver File Version : 5.1.2600.1106 (xpsp1.020828-1920) Internal Name : icaapi.dll Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : icaapi.dll Product Name : Microsoft® Windows® Operating System Product Version : 5.1.2600.1106
VirusTotal Report submitted 2011-10-28 05:04:00
VirusShare info last updated 2012-07-25 02:09:25

	MD5	eb48a2c0878f2ad286f91cc01507021d
	SHA1	c1235302fba758b151a7163b4f891309c18454de
	SHA256	cbe12de625d90ce0be0322e115a01ed9e4e628cc1954ba130e4d97555a46d0a4
SSDeep	3072:xo0tooBQ/wYLVsrCw0n0AzZ16LTnSGlRJ86ZLUmggpok5ai5Ky:xVooBQRZfTn0AS/SQRJ8jXgptR
Size	167424 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Suspicious file nProtect = Gen:Variant.Renos.61 K7AntiVirus = Riskware VBA32 = AdWare.SuperJuan.xfx TrendMicro-HouseCall = TROJ_GEN.R4FC3DO Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Vundo McAfee-GW-Edition = Generic.dx!xfd DrWeb = Trojan.Virtumod.10230 TrendMicro = TROJ_GEN.R4FC3DO Kaspersky = Trojan.Win32.Monder.mymt Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Monder.abdm McAfee = Generic.dx!xfd F-Secure = Gen:Variant.Renos.61 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Cryptic.BPO Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Renos.61 Symantec = Trojan.Gen.2 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Monder.mmfz BitDefender = Gen:Variant.Renos.61 NOD32 = a variant of Win32/Kryptik.IZC
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:01:20 08:32:59-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 116736 Initialized Data Size : 86528 Uninitialized Data Size : 0 Entry Point : 0x1d5d4 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Windows Management Interface for ACPI File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : wmiacpi.sys Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : wmiacpi.sys Product Name : Microsoft® Windows® Operating System Product Version : 6.1.7600.16385
VirusTotal Report submitted 2011-11-07 16:15:58
VirusShare info last updated 2012-07-25 02:10:32

	MD5	fa3bef516b41ef312d5952d9521f9366
	SHA1	49d88a5fa622d3d6edf979c85d00a7c8e0acf26e
	SHA256	b6f5f035dacd9eafec70e714db8c77de9f659f1142ff09d41ada75113f08be8d
SSDeep	6144:SneVrMw2CRn5Sr98oYpopgApCs5Y5AXKaSJKgguySB9g7J0aC/LmH1oD:+85dAgApCsGCXKP0UjglG/LqoD
Size	457200 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dldr.Ponmocup.A.263 Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Pirminay.457200 Panda = Trj/CI.A nProtect = Gen:Variant.Riern.1 K7AntiVirus = Riskware VirusBuster = Trojan.Agent!UnmBhekDSWY Comodo = TrojWare.Win32.Trojan.Agent.Gen Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Pirminay.har McAfee-GW-Edition = Generic Downloader.x!fyh Kaspersky = Trojan.Win32.Pirminay.har Microsoft = TrojanDownloader:Win32/Ponmocup.A Jiangmin = Trojan/Pirminay.aaz McAfee = Generic Downloader.x!fyh F-Secure = Trojan.Generic.5986402 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Malware-gen AVG = Generic22.AOOE Norman = W32/Obfuscated.L Sophos = Mal/Generic-L Symantec = WS.Reputation.1 GData = Trojan.Generic.5986402 BitDefender = Trojan.Generic.5986402 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:30 14:03:05-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 126976 Initialized Data Size : 647168 Uninitialized Data Size : 0 Entry Point : 0x1c1b2 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.0 Product Version Number : 5.2.3790.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Tdtgyawod Udlihlihnmx File Description : Where - Lists location of files File Version : 5.2.3790.0 (srv03_rtm.030324-2048) Internal Name : where.exe Legal Copyright : © Uztjlhpmt Edsbwvptkhc. All rights reserved. Original Filename : where.exe Product Name : Zhxnkxjoe® Teigmst® Kletdqnjg Zgdjsc Product Version : 5.2.3790.0
VirusTotal Report submitted 2011-07-20 21:16:11
VirusShare info last updated 2012-07-25 02:11:33

	MD5	fabd230520746babe753299b2c07cbff
	SHA1	ded451e61e6505109a64ecec9bba6bbb0bf38da4
	SHA256	91b2a3e2aaeb4e04b596aec6d2a548bd3b502b9263f2e58693d7edc2ab297317
SSDeep	3072:FIamXGTlU6wulMnoGMqqDLy/DOcWKCdzGe757HG:pmXGhUQZqqDLuDOXd+
Size	126976 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-HF [Cryp] Ikarus = Trojan.Win32.Pirminay nProtect = Gen:Variant.Vundo.16 K7AntiVirus = Riskware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Vundo.av McAfee-GW-Edition = Artemis!FABD23052074 DrWeb = Trojan.WinSpy.1207 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr McAfee = Vundo!mr F-Secure = Gen:Variant.Vundo.16 F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.AOOB Sophos = Mal/Generic-L GData = Gen:Variant.Vundo.16 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.oxp BitDefender = Gen:Variant.Vundo.16 NOD32 = a variant of Win32/Kryptik.OXP
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:03:12 03:17:07-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 40960 Initialized Data Size : 126976 Uninitialized Data Size : 0 Entry Point : 0x72b2 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.6914.0 Product Version Number : 6.1.6914.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 1 Language Code : English (U.S.) Character Set : Unicode Company Name : SEIKO EPSON CORPORATION File Description : EPSON Printer Driver File Version : 6.1.6914.0 (fbl_dox_dev_ihvs.081001-2123) Internal Name : ep0lvr1g.dll Legal Copyright : Copyright (c) SEIKO EPSON CORPORATION 2003-2004. All rights reserved. Original Filename : ep0lvr1g.dll Product Name : EPSON Printer Driver Product Version : 6.1.6914.0
VirusTotal Report submitted 2011-10-28 05:11:56
VirusShare info last updated 2012-07-25 02:11:34

	MD5	fb78ad13c5271486551038ac4098b844
	SHA1	892f4e13cebe27f20be4b05e7e0097bd28e9c4f8
	SHA256	b173b83487af0b0d9927ed36ce196d5a8622ea8b9ed78c86c4d2c7237a531aff
SSDeep	6144:tVzTpjlKvAA1yHlA59Vobxb0KWNczvKTEnrY/UBXdk00lRtz:th1pKveWxobxbtbzv+EnaXH
Size	328031 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.11.23 Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Pirminay.328031 Panda = Trj/CI.A nProtect = Gen:Variant.Riern.1 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!MGefPHvCt48 TrendMicro-HouseCall = TROJ_GEN.R72C2EU Emsisoft = Trojan.Win32.Pirminay!IK Comodo = TrojWare.Win32.Trojan.Agent.Gen McAfee-GW-Edition = Downloader.a!cm TrendMicro = TROJ_GEN.R72C2EU Kaspersky = Trojan.Win32.Pirminay.jje Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Ponmocup.A Jiangmin = Trojan/Pirminay.acx McAfee = Downloader.a!cm F-Secure = Gen:Variant.Riern.1 VIPRE = Trojan.Win32.Generic!SB.0 Avast5 = Win32:Vundo-JU [Trj] AVG = Generic22.BALK Norman = W32/Obfuscated.L Sophos = Mal/Ponmocup-A GData = Gen:Variant.Riern.1 TheHacker = Trojan/Pirminay.hjs BitDefender = Gen:Variant.Riern.1 NOD32 = probably a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:01:31 05:59:50-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 24576 Initialized Data Size : 598016 Uninitialized Data Size : 0 Entry Point : 0x314e OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 4.1.0.3928 Product Version Number : 4.1.0.3928 File Flags Mask : 0x003f File Flags : Pre-release File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Eufugvnlr Fbydcwtvqpy File Description : Tlnthps Media Services Streamer Dll File Version : 4.1.00.3928 Internal Name : STRMDLL Legal Copyright : Copyright (C) Txaqhrjrb Corp. 1992-1999 Original Filename : STRMDLL Product Name : Ziwczpivz® Ugblwmm Media Services Product Version : 4.1.00.3928
VirusTotal Report submitted 2011-08-11 06:45:41
VirusShare info last updated 2012-07-25 02:11:36

	MD5	fd87a973e321c19aab95754f69c9b77f
	SHA1	2318014e6d266e169780d083d43671d9bfc5226a
	SHA256	033aa10f8c3ba42b0a7ea5adcd1d6765e6e8df58fd74cf939742d88cd129ed7a
SSDeep	3072:STb1IVLs05WNzmn+O5VEeZ4KXBGfK/c8uzxX1qCIA/D3cx:mI20okfOrfKytoUD3U
Size	115200 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-GD Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Vundo Panda = Trj/Genetic.gen nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!zJZfmag3pPw TrendMicro-HouseCall = TROJ_GEN.R72C2FF Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Artemis!FD87A973E321 TrendMicro = TROJ_GEN.R72C2FF Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo Jiangmin = Trojan/Generic.fnxb McAfee = Artemis!FD87A973E321 F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-GD eSafe = Win32.TRVundo AVG = Generic22.AULH Norman = W32/Suspicious_Gen2.NDTAS GData = Gen:Variant.Vundo.4 TheHacker = Trojan/Kryptik.llt BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LLT
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:06:11 15:18:07-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 102400 Initialized Data Size : 49152 Uninitialized Data Size : 0 Entry Point : 0x19601 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.0.0.3422 Product Version Number : 2.0.0.3422 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : Rlikrttkj Ibietanazzz File Description : Jugqectay Character Animation Data Provider File Version : 2.00.0.3422 Internal Name : AgentDataProvider2 Legal Copyright : Copyright (C) Bhgtbibxy Corp. 1997-98 Legal Trademarks : Original Filename : AgentDp2.dll Private Build : Product Name : Nrrmupjma Character Animation Data Provider Product Version : 2.00.0.3422 Special Build :
VirusTotal Report submitted 2011-07-03 21:27:37
VirusShare info last updated 2012-07-25 02:11:43

	MD5	07b8d4856b7a01241891e58d0d909921
	SHA1	31aa631f5e95ee7b9036380ad72bf4a40307e1f1
	SHA256	438f2b9e9fed43ab0093df7cd0cd4a0adb1ddc00f6040ac9953765d498be3939
SSDeep	3072:l2jlCVTCGG06aHVEMcNClhrrRt8b4vEkbrrbtwNg6lnMqqDLy/nqdW4qhbqZ:AjlKTCT06aHVFcNClhrV2bKEkb5wNg7c
Size	175104 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Ikarus = Trojan.Win32.Pirminay Panda = Suspicious file nProtect = Gen:Variant.Vundo.13 K7AntiVirus = Riskware VirusBuster = Trojan.Vundo.Gen!Pac.49 eTrust-Vet = Win32/Monder.A!generic TrendMicro-HouseCall = TROJ_GEN.R4FC2IF Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] TrendMicro = TROJ_GEN.R4FC2IF Kaspersky = Trojan.Win32.Genome.vkgd Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.ikhf McAfee = Artemis!07B8D4856B7A F-Secure = Gen:Variant.Vundo.13 F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.PHL Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.13 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Gen:Variant.Vundo.13 NOD32 = probably a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2005:03:16 15:07:21-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 114688 Initialized Data Size : 118784 Uninitialized Data Size : 0 Entry Point : 0x18112 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 12 Language Code : English (U.S.) Character Set : Unicode Company Name : Oqxscvscm Cqwohydmllc File Description : Ybzoqqqdg Fax TIFF library File Version : 6.0.6000.16386 (wnxop_rtm.061101-2205) Internal Name : FXSTIFF.DLL Legal Copyright : © Ovovhpusx Corporation. All rights reserved. Original Filename : FXSTIFF.DLL Product Name : Phlfrzxjd® Kvhzovi® Oxonrjslv Whyjca Product Version : 6.0.6000.16386
VirusTotal Report submitted 2011-10-15 23:24:47
VirusShare info last updated 2012-07-25 02:33:13

	MD5	0c19fd83303bd8660e88fe92ef70887a
	SHA1	ea54b892ccede389eb459640427327fde35ef4ee
	SHA256	d54d3ee9e085e82230554dbc414db24a2463019648509892121f33d78ca67201
SSDeep	3072:FvTfyXelUILWqMnoGMqqDLy/qOcWKCdzRe757HG:5yXMU4ZqqDLuqOXdF
Size	126976 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-HF [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Trj/CI.A K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_GEN.R11C2IK Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Vundo!lz DrWeb = Trojan.WinSpy.1207 TrendMicro = TROJ_GEN.R11C2IK Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen McAfee = Vundo!lz F-Secure = Gen:Variant.Vundo.16 VIPRE = Virtumonde F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.AOOB Norman = W32/Kryptik.AIF Sophos = Mal/Generic-L Symantec = Trojan.Gen GData = Gen:Variant.Vundo.16 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.oxp BitDefender = Gen:Variant.Vundo.16 NOD32 = a variant of Win32/Kryptik.OXP
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:03:12 03:17:07-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 40960 Initialized Data Size : 126976 Uninitialized Data Size : 0 Entry Point : 0x72b2 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.6914.0 Product Version Number : 6.1.6914.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 1 Language Code : English (U.S.) Character Set : Unicode Company Name : SEIKO EPSON CORPORATION File Description : EPSON Printer Driver File Version : 6.1.6914.0 (fbl_dox_dev_ihvs.081001-2123) Internal Name : ep0lvr1g.dll Legal Copyright : Copyright (c) SEIKO EPSON CORPORATION 2003-2004. All rights reserved. Original Filename : ep0lvr1g.dll Product Name : EPSON Printer Driver Product Version : 6.1.6914.0
VirusTotal Report submitted 2011-10-27 13:55:04
VirusShare info last updated 2012-07-25 02:33:17

	MD5	1295b439b4bea6302cd278991e2640da
	SHA1	f04aa3b237209107fc3443184150dc37ecce07f8
	SHA256	4b7e82c3d5fa0fc30241dbe609cb8f3bd4d13bff8c2de48606fa0065b985d852
SSDeep	3072:A9rMjmQ5Vvn1W+qikAEOd4FhCY2Tck71JDzcY7H51903Dg:3jZ5Vvn1jOAEW4Xr24k7NH51i
Size	114176 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/win32.agent.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Suspicious file nProtect = Gen:Variant.Renos.61 K7AntiVirus = Trojan TrendMicro-HouseCall = TROJ_GEN.R21C7JT Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Vundo.AV6 SUPERAntiSpyware = Trojan.Agent/Gen-Carberp McAfee-GW-Edition = Artemis!1295B439B4BE DrWeb = Trojan.Virtumod.10080 TrendMicro = TROJ_GEN.R21C7JT Kaspersky = Trojan.Win32.Monder.mxgd Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Monder.abbr McAfee = Artemis!1295B439B4BE F-Secure = Gen:Variant.Renos.61 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CI.gen!Eldorado AVG = Cryptic.BQF Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Renos.61 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CI.gen!Eldorado TheHacker = Trojan/Monder.mkhb BitDefender = Gen:Variant.Renos.61 NOD32 = a variant of Win32/Kryptik.JHE
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:03:22 14:25:14-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 66048 Initialized Data Size : 84992 Uninitialized Data Size : 0 Entry Point : 0x10e14 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : WMI Performance Reverse Adapter Resources File Version : 5.1.2600.0 (xpclient.010817-1148) Internal Name : WmiApRes.dll Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : WmiApRes.dll Product Name : Microsoft® Windows® Operating System Product Version : 5.1.2600.0
VirusTotal Report submitted 2011-11-10 18:04:16
VirusShare info last updated 2012-07-25 02:33:22

	MD5	5faec4c053f59341990604a794d5eb1c
	SHA1	cf89fa6ce413fccf5a95e22e5d3bfc93518dde6c
	SHA256	5c62b11e7a6d97829cc00d68f1b3e2f6aaaa26b7cd67104e76e60c2015e1d500
SSDeep	3072:t//cyzlbAYrlQ/hBlg4Ywy+nWeSoHjl9/qL/lFccSCIk6qdgAwf9UHcedwrFQWOz:tsAPrlQ/hBpjlJqjSa6ygHmHcedH
Size	166912 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.AV.663 Avast = Win32:MalOb-GD [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.HDC Panda = Generic Trojan nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!ZrkDTtS9Oyg Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.ixay McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.4 VIPRE = Virtumonde F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.AGLI Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Gen:Variant.Vundo.4 NOD32 = probably a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:29 00:12:48-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 110592 Initialized Data Size : 94208 Uninitialized Data Size : 0 Entry Point : 0x1b961 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Mixpdixco Kmbqbodwzip File Description : Sort Utility File Version : 5.1.2600.0 (frzeonhj.010817-1148) Internal Name : Sort Legal Copyright : © Bxaufvdyg Corporation. All rights reserved. Original Filename : Sort.EXE Product Name : Hopekefjt® Pmwgflv® Zzvaakxlt Kqwhof Product Version : 5.1.2600.0
VirusTotal Report submitted 2011-10-28 06:50:13
VirusShare info last updated 2012-07-25 02:34:20

	MD5	6532891cc43d39196eb54920afa570c4
	SHA1	f77cc26d497923ecdae6817efeb90db58dce8896
	SHA256	f8fdb5718214529af9a3fdec76b96e0bace2f88e57feb3dca880d6f4cc2485fe
SSDeep	1536:X3qv7NegBYUhirXQCF/bl86iOyKDr2hYtMU7S7YwR3:ShYUd2lj2K5y
Size	98304 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-GD [Cryp] Antiy-AVL = Trojan/Win32.Monder.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Generic Trojan nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware eTrust-Vet = Win32/Monder.A!generic TrendMicro-HouseCall = TROJ_GEN.R1BC7JP Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Faldesc[RE] McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.Virtumod.10119 TrendMicro = TROJ_GEN.R1BC7JP Kaspersky = Trojan.Win32.Monder.mykq Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr Jiangmin = Trojan/Monder.abef McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) eSafe = Win32.Trojan F-Prot = W32/Virtumonde.CD.gen!Eldorado AVG = Generic22.ZNK Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Commtouch = W32/Virtumonde.CD.gen!Eldorado TheHacker = Trojan/Kryptik.ndi BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.NDI
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:06:30 10:11:52-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 20480 Initialized Data Size : 110592 Uninitialized Data Size : 0 Entry Point : 0x20c9 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7000.0 Product Version Number : 6.1.7000.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Ttbmtwjsq Magziqauxla File Description : Zwgmzsaid Base Smart Card Crypto Provider File Version : 6.1.7000.0 (winmain_win7beta.081212-1400) Internal Name : basecsp.dll Legal Copyright : © Vrznvwwzv Dboyduehdmp. All rights reserved. Original Filename : basecsp.dll Product Name : Jbfhhzscm® Jtdaxgv® Qvisjwtag Mivnrv Product Version : 6.1.7000.0
VirusTotal Report submitted 2011-10-31 11:59:47
VirusShare info last updated 2012-07-25 02:34:24

	MD5	78d2180f6cfe33af7cb1f5d70a0f9aff
	SHA1	00c0df42658bd1dd284692a3d01dfb688a29f858
	SHA256	e6e78968904cb503fb9f69cd71e7929b0d349b8736aa753d3021008afcc6d0bf
SSDeep	1536:oLD1La4VC8qk5LulbEaIDPhUXjXUoxjvEBxuqiUIwbrnjSU2GaWvXYbuOG5Ot:oBaUqiu1XTXUox7EBsZ+ScFXYbuO
Size	135168 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	Ikarus = Trojan.Win32.Pirminay SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] VIPRE = Trojan.Win32.Kryptik.laq (v) GData = Gen:Variant.Vundo.13 BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.NDC
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2005:03:13 15:50:51-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 49152 Initialized Data Size : 118784 Uninitialized Data Size : 0 Entry Point : 0x94ae OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Gvwogolrp Mffjiwjfkrw File Description : Ghkzwmhdm PSS Notification Flag File Version : 5.1.2600.0 (niceufnz.010817-1148) Internal Name : NOTIFLAG.EXE Legal Copyright : © Pfmuzgesv Vgaieateqhr. All rights reserved. Original Filename : NOTIFLAG.EXE Product Name : Ymqnpcfto® Ubpcfaf® Ckrtqdgoc Hqmssa Product Version : 5.1.2600.0
VirusTotal Report submitted 2011-04-30 18:56:21
VirusShare info last updated 2012-07-25 02:34:43

	MD5	86e4976baca0200f20d9ec76beb833cb
	SHA1	20cee92e9a210311c39f7f4daf47faf23f025902
	SHA256	b2226120e481f94dc63ed6d58f8779f254402354accabf8cd0f3d3ff5c0282f1
SSDeep	3072:PaJTr8jfzVHBUitfPoybyMlv84xCN0/TP7ZGVMR:PaJ8DUPZsSuP7Z
Size	113152 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-GD [Cryp] Ikarus = Trojan.Win32.Pirminay Panda = Generic Trojan K7AntiVirus = Riskware eTrust-Vet = Win32/Monder.A!generic Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Vundo.av McAfee-GW-Edition = Artemis!86E4976BACA0 DrWeb = Trojan.Virtumod.10494 Kaspersky = Trojan.Win32.Monder.myfg Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr Jiangmin = Trojan/Generic.jelp McAfee = Artemis!86E4976BACA0 F-Secure = Gen:Heur.Ranpax.1 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic21.CNRY Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Heur.Ranpax.1 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Gen:Heur.Ranpax.1 NOD32 = a variant of Win32/Kryptik.LLT
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:11:23 05:47:40-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 65536 Initialized Data Size : 90112 Uninitialized Data Size : 0 Entry Point : 0xce15 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.0 Product Version Number : 5.2.3790.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Ngkbndsuq Ubfeecpttmk File Description : Command line Event Trigger WMI Consumer Provider File Version : 5.2.3790.0 (srv03_rtm.030324-2048) Internal Name : CmdEvTgProv.dll Legal Copyright : © Axtbykvny Ynbmbrmyxca. All rights reserved. Original Filename : EvTgProv.dll Product Name : Gbfgecqkr® Zjiawmq® Mmuqbdpki Dfvvjs Product Version : 5.2.3790.0
VirusTotal Report submitted 2011-10-25 19:31:07
VirusShare info last updated 2012-07-25 02:34:55

	MD5	d084bf1c33ce21c791febb5079e6dd0d
	SHA1	a88fb6ebb8fb117065e600d39d63cbabb2312ab1
	SHA256	ccaf1dcef91174b2c6bbf0520a1a228b29451c1a95165628f8f8caefe453be62
SSDeep	1536:2rVNp3PSCfvcDxJq1c4hD4oHBDU7eX3noQevgz9Ki+e1WAQhFG:eV7SrHq1n14oOUYn4zwhQ
Size	86528 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-HF [Cryp] Antiy-AVL = Trojan/Win32.Monder.gen Ikarus = Trojan.Win32.Pirminay Panda = Suspicious file nProtect = Gen:Variant.Vundo.13 Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Vundo.av SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.Virtumod.10515 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Monder.BMF!tr Jiangmin = Trojan/Generic.iydk McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) AVG = Generic22.ARHU Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.13 BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.NPR
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:11:07 13:41:50-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 28672 Initialized Data Size : 94208 Uninitialized Data Size : 0 Entry Point : 0x4836 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 8 Language Code : English (U.S.) Character Set : Unicode Company Name : Gemusisri Hlmrygqkbuq File Description : Svsjzqfkc Telnet Client File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : telnet.exe Legal Copyright : © Ggquocmib Btdyqnedmyi. All rights reserved. Original Filename : telnetc.exe Product Name : Xedhkukas® Imhgvwm® Uhderwatn Tirqef Product Version : 6.1.7600.16385
VirusTotal Report submitted 2011-10-28 05:00:03
VirusShare info last updated 2012-07-25 02:35:53

	MD5	d7993fea2016fafe884107587fee6612
	SHA1	c9f38bcbe87f42e8a6c0c0d10300318b627273d4
	SHA256	cb0961d71f80cc84401b6e32291d6d7e965e92f36861af400d52bd0b17f4b310
SSDeep	3072:R3ykvX01q4MY85G8cF/KV6nppCQOhHf/G8ju1lNcSwoZ4YfO:Zvkq/c/psthuNcS1fO
Size	167936 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.307200 Avast = Win32:MalOb-GD [Cryp] Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.FakeAV Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware eTrust-Vet = Win32/Monder.A!generic Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[RE] McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.Virtumod.10325 Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr Jiangmin = Trojan/Monder.ackh McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.4 F-Prot = W32/Virtumonde.CD.gen!Eldorado AVG = Generic22.ANCC Norman = W32/Kryptik.AIF GData = Gen:Variant.Vundo.4 Commtouch = W32/Virtumonde.CD.gen!Eldorado TheHacker = Trojan/Kryptik.ndi BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.NDI
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:01:18 00:19:53-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 102400 Initialized Data Size : 98304 Uninitialized Data Size : 0 Entry Point : 0x163c5 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6001.18000 Product Version Number : 6.0.6001.18000 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 8 Language Code : English (U.S.) Character Set : Unicode Company Name : Xztfevbqv Kbgbrtftghg File Description : Flnsgrboy ACM Audio Filter File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840) Internal Name : Jhyddtqsf ACM Audio Filter Legal Copyright : © Inorznyop Corporation. All rights reserved. Original Filename : msfltr32.acm Product Name : Xcsltbhjn® Zqtcvkp® Pgkevtdwi Lrgelv Product Version : 6.0.6001.18000
VirusTotal Report submitted 2011-10-20 17:48:23
VirusShare info last updated 2012-07-25 02:35:58

	MD5	0ee3b84aaa63805d8e78c7afab889dfa
	SHA1	5fd7a621e327a828d3a974e590a8947fd15b9669
	SHA256	1c2fc0389e87237d1a6c1bf8d1c4950d35c27a44f66f1ecf258ef2e95b2a7896
SSDeep	1536:4E6kKUOD2px1ft1NTEwJmmd1JmtSsn/PblsKc4:JeBDQLNX8qsbn/Pbls
Size	98304 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-GD [Cryp] Antiy-AVL = Trojan/Win32.Monder.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.HDC Panda = Generic Trojan K7AntiVirus = Riskware eTrust-Vet = Win32/Monder.A!generic TrendMicro-HouseCall = TROJ_GEN.R01C7K1 Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Artemis!0EE3B84AAA63 DrWeb = Trojan.WinSpy.1294 TrendMicro = TROJ_GEN.R01C7K1 Kaspersky = Trojan.Win32.Monder.mymy Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Monder.BMF!tr PCTools = Trojan.Gen Jiangmin = Trojan/Monder.acyi McAfee = Artemis!0EE3B84AAA63 F-Secure = Trojan.Generic.6819692 VIPRE = Trojan.Win32.Kryptik.laq (v) eSafe = Win32.Trojan F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.AHLC Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Trojan.Generic.6819692 Symantec = Trojan.Gen.2 Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Trojan.Generic.6819692 NOD32 = a variant of Win32/Kryptik.NDI
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:08:16 05:40:41-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 28672 Initialized Data Size : 98304 Uninitialized Data Size : 0 Entry Point : 0x4615 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.0.2195.6656 Product Version Number : 5.0.2195.6656 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Psuvjjskt Pmuemtkmlgl File Description : Still Image Devices Monitor File Version : 5.00.2195.6656 Internal Name : STIMON Legal Copyright : Copyright (C) Microsoft Corp. 1996-1997 Original Filename : STIMON.EXE Product Name : Yddkcypfk(R) Lkfxron (R) 2000 Qutwkjwda Lzkone Product Version : 5.00.2195.6656
VirusTotal Report submitted 2011-11-10 16:32:39
VirusShare info last updated 2012-07-25 02:49:45

	MD5	10e89bd8894b46c36345a945c142e758
	SHA1	8b0b22f1fe0601e0d4ffea1a6c41c86e936deebc
	SHA256	bf28df24b6f175441adada57728ebfc92f1d083105e895f1918688260dd90a1b
SSDeep	1536:4cU0Lz6BlZbRUJXjJUliUe3iGoEJ8lWezHhf/Ag5hG96JlRooc3B47nIOp:4T0P6TZbRUJXjGXIj8lWeT9M6J1br
Size	102400 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.307200 Avast = Win32:Pirminay-W [Trj] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Genome Panda = Generic Trojan nProtect = Gen:Variant.Vundo.13 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!QharisT6gyY eTrust-Vet = Win32/Monder.A!generic TrendMicro-HouseCall = TROJ_GEN.R37C1K1 Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Vundo.av McAfee-GW-Edition = Generic Malware.ms TrendMicro = TROJ_GEN.R37C1K1 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.kpzw McAfee = Generic Malware.ms F-Secure = Trojan.Generic.6758020 VIPRE = Virtumonde F-Prot = W32/Virtumonde.CD.gen!Eldorado AVG = Generic22.AAUX Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Trojan.Generic.6758020 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CD.gen!Eldorado BitDefender = Trojan.Generic.6758020 NOD32 = a variant of Win32/Kryptik.NDP
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:16 03:16:36-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 45056 Initialized Data Size : 90112 Uninitialized Data Size : 0 Entry Point : 0x8585 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7000.0 Product Version Number : 6.1.7000.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Suaxszyll Yashxowhwzy File Description : E-mail Naming Shim Provider File Version : 6.1.7000.0 (winmain_win7beta.081212-1400) Internal Name : napinsp.dll Legal Copyright : © Xeayazcoo Hiemhwqwsuq. All rights reserved. Original Filename : napinsp.dll Product Name : Iuzfhohvy® Llwnuqi® Ubnhcafqc Xzstea Product Version : 6.1.7000.0
VirusTotal Report submitted 2011-11-11 10:43:25
VirusShare info last updated 2012-07-25 02:49:48

	MD5	233f6b70382b906063628faefb71ca13
	SHA1	d6911e73a0bd040e2a69cdca45f85fd13784fb59
	SHA256	065c8a762f8bcbff74ee344c673d207611b40f7abd6db7f2f949f4ce0142ab71
SSDeep	3072:so0tooBo/wYVVEoTM0n3ABZ8UULTnmG7RJM6ZLUmggpok5aieKy:sVooBoR/dHn3AVU/myRJMjXgptR
Size	167424 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Suspicious file nProtect = Gen:Variant.Renos.61 K7AntiVirus = Riskware VBA32 = AdWare.SuperJuan.xfx TrendMicro-HouseCall = TROJ_GEN.R26C1JS Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Vundo McAfee-GW-Edition = Generic.dx!xfd DrWeb = Trojan.Virtumod.10230 TrendMicro = TROJ_GEN.R26C1JS Kaspersky = Trojan.Win32.Monder.mywq Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Monder.abdm McAfee = Generic.dx!xfd F-Secure = Gen:Variant.Renos.61 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Cryptic.BPO Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Renos.61 Symantec = Trojan.Gen.2 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Monder.mmfz BitDefender = Gen:Variant.Renos.61 NOD32 = a variant of Win32/Kryptik.IZC
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:01:20 08:32:59-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 116736 Initialized Data Size : 86528 Uninitialized Data Size : 0 Entry Point : 0x1d5d4 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Windows Management Interface for ACPI File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : wmiacpi.sys Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : wmiacpi.sys Product Name : Microsoft® Windows® Operating System Product Version : 6.1.7600.16385
VirusTotal Report submitted 2011-11-10 16:46:43
VirusShare info last updated 2012-07-25 02:50:13

	MD5	44d6afdb5a8a89d886fd2f47476b949d
	SHA1	d1f0e588ad6b4669c93bfde3fb4b4265ea9eade2
	SHA256	c8131de3566899bc407c77e1eb1e85a5366780476a1e6ac2485544217488b576
SSDeep	12288:qgCDhlKBmyrhz7jzTiK+6hVdgLzTWl4BJyqcUuA:qgCTcNbHhVuMa
Size	406376 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.XPACK.Gen Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/CI.A Rising = Trojan.DL.Win32.DownLoad.lx K7AntiVirus = Riskware VirusBuster = Trojan.XPACK!2T0wzr7hpnE TrendMicro-HouseCall = TROJ_GEN.R28C2G8 Comodo = TrojWare.Win32.Trojan.Agent.Gen Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = QHosts-150 DrWeb = Trojan.Smardec.75 TrendMicro = TROJ_GEN.R28C2G8 Kaspersky = Trojan.Win32.Pirminay.ien Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.alh McAfee = QHosts-150 F-Secure = Trojan.Generic.6245857 VIPRE = Trojan.Win32.Generic!BT AVG = Dropper.Generic3.CGMD Norman = W32/Obfuscated.L GData = Trojan.Generic.6245857 Symantec = Trojan.Gen BitDefender = Trojan.Generic.6245857 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:07:25 03:34:37-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 368640 Initialized Data Size : 36864 Uninitialized Data Size : 507904 Entry Point : 0xd6ce0 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2011-11-10 17:08:56
VirusShare info last updated 2012-07-25 02:50:59

	MD5	4f4b194e890546255e1ed5e0068855a1
	SHA1	134005a551df8acad4e5607b2b1df35b84d2bb6f
	SHA256	f08280b170d75557136e81f2f1f636871cc0428ae92fcc34436ea93468a6cf26
SSDeep	384:LVbVtO1R8sUWOhHIuyizbNyYr4whnkxk4eg:LJfO8sUxii/Nym4wh+
Size	20352 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	Ikarus = not-a-virus:AdWare.Win32.SuperJuan Panda = Suspicious file K7AntiVirus = Trojan Comodo = UnclassifiedMalware Emsisoft = Riskware.AdWare.Win32.SuperJuan!IK DrWeb = Trojan.WinSpy.1014 Kaspersky = Trojan.Win32.Pirminay.pbw Jiangmin = TrojanDownloader.Agent.ctuc F-Secure = Trojan.Generic.6828007 VIPRE = Trojan-Downloader.Win32.Agent.ecjo (v) AVG = Downloader.Small.62.D Sophos = Sus/Behav-278 GData = Trojan.Generic.6828007 BitDefender = Trojan.Generic.6828007 NOD32 = a variant of Win32/Ponmocup.AA
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 3072 Initialized Data Size : 2048 Uninitialized Data Size : 0 Entry Point : 0x19af OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2011-11-10 17:16:15
VirusShare info last updated 2012-07-25 02:51:17

	MD5	71efbb3b83337c5e70fdd60a3c3d3c36
	SHA1	6c4ee3030b7513c96f2bf9bba387d280aafdff52
	SHA256	feef62461c8828c48b52ed22403c67474c4c9cf71f722956e1d5f3138e169d04
SSDeep	1536:SQ5K805MqqU+NV23S28Lo6CJcRt6ctVGqvUo85/lc:S2WMqqDLy/L6CaT6cmqY/lc
Size	86016 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-HF [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Gen Panda = Generic Trojan nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!yURbr6rONbw TrendMicro-HouseCall = TROJ_GEN.R1CC1K2 Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Vundo!mq DrWeb = Trojan.WinSpy.1188 TrendMicro = TROJ_GEN.R1CC1K2 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen McAfee = Vundo!mq F-Secure = Gen:Variant.Vundo.4 VIPRE = Virtumonde F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic25.AKXF Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen Symantec = Trojan.Gen GData = Gen:Variant.Vundo.4 Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.QGU
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:03:22 12:44:10-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 20480 Initialized Data Size : 106496 Uninitialized Data Size : 0 Entry Point : 0x4f87 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1.0.0.1 Product Version Number : 1.0.0.1 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : File Description : ScriptPW Module File Version : 1, 0, 0, 1 Internal Name : ScriptPW Legal Copyright : Copyright 2000 Original Filename : ScriptPW.DLL Product Name : ScriptPW Module Product Version : 1, 0, 0, 1 OLE Self Register :
VirusTotal Report submitted 2011-11-11 12:18:28
VirusShare info last updated 2012-07-25 02:52:11

	MD5	8311266578109a5cd10e3315e3bf10d1
	SHA1	97b20b1c2572e0b82522eca5a24bcd90b96ef01f
	SHA256	788649d73815b433ce88b6f65ca3df76214d4c6a5f42a50d520b80e7e3ae5b79
SSDeep	1536:uAexgkJ0mA4ownmMvsPQYq6n6xkZYSJFNaTwQsSW8if27Q6sT:uTg/H4oYsPQ8SnSzCgxOcV
Size	79872 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.79872.AV Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Virus.Win32.Vundo AhnLab-V3 = Trojan/Win32.Pirminay Panda = Spyware/Virtumonde Rising = Trojan.Win32.Generic.125D0DC6 nProtect = Gen:Variant.Vundo.13 K7AntiVirus = Riskware VBA32 = Trojan.Pirminay.ozx TrendMicro-HouseCall = TROJ_GEN.R4FC2IG Emsisoft = Virus.Win32.Vundo!IK McAfee-GW-Edition = Vundo!md DrWeb = Trojan.Siggen2.14279 TrendMicro = TROJ_GEN.R4FC2IG Kaspersky = Trojan.Win32.Pirminay.ozx Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.fc McAfee = Vundo!md F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.BZ.gen!Eldorado AVG = Generic25.BCXQ Norman = W32/Suspicious_Gen2.QSZWY Sophos = Mal/Generic-L GData = Gen:Variant.Vundo.13 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.BZ.gen!Eldorado BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.HNY
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:09:10 12:12:19-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 71168 Initialized Data Size : 45568 Uninitialized Data Size : 0 Entry Point : 0x124ad OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6001.18000 Product Version Number : 6.0.6001.18000 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 6 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : MS Remote Access and Routing ARP Driver File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840) Internal Name : WANARP.SYS Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : WANARP.SYS Product Name : Microsoft® Windows® Operating System Product Version : 6.0.6001.18000
VirusTotal Report submitted 2011-11-11 12:37:10
VirusShare info last updated 2012-07-25 02:52:38

	MD5	846a5e546c19dbccaba3f0e345820f47
	SHA1	53c30b3c914796a0488034337eb49183deb3768a
	SHA256	9e67fd51ad0d0f4e14c55d5bd4b4d80379cd57f9798b50fb38c72aba1d406104
SSDeep	3072:/6BT0D6AgYWRUNZkltNi/9JnP4qIxBVlAi:/g+6AqS3kltQ/9JnPRIxB
Size	122880 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-GD [Cryp] Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Pirminay Panda = Suspicious file nProtect = Gen:Variant.Vundo.13 K7AntiVirus = Riskware eTrust-Vet = Win32/Monder.A!generic Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[RE] McAfee-GW-Edition = Generic Malware.ms Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr Jiangmin = Trojan/Genome.akns McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic21.ALYC Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.13 Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.LLT
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:08:03 21:51:55-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 98304 Initialized Data Size : 57344 Uninitialized Data Size : 0 Entry Point : 0x149bd OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Qcfjrffwv Goniltyuaqw File Description : Todypdrme® InfoTech IR Local DLL File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : ITIRCL Legal Copyright : © Innghrpfk Fwsdatwywoy. All rights reserved. Original Filename : ITIRCL.DLL Product Name : Yyvmvgswn® Cttnpjc® Xgadslian System Product Version : 6.1.7600.16385
VirusTotal Report submitted 2011-11-11 12:38:40
VirusShare info last updated 2012-07-25 02:52:40

	MD5	8c96f9904052a53d56faaf53f78023bb
	SHA1	48175fee2b7b18d29aa8e655e5b169bc04e727c1
	SHA256	52241b0aefda188dcb42a765aa32123150f6886406c123f1667867bee6cb2b5e
SSDeep	1536:idVysttq3pSU9NEBKwee0uLqhXuWJTctoUS+LapfvpiIAX+yC:O4sDqD9iBv0yLWJTcGUS++ppiIaC
Size	88576 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.5.16 Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Suspicious file Rising = Trojan.Win32.Generic.1258B8D3 nProtect = Trojan/W32.Vundo.88576.DH K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!q8oeQIs0lSk VBA32 = Trojan.Monder.mlgh TrendMicro-HouseCall = TROJ_GEN.R26C1K2 Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Generic.dx!yco DrWeb = Trojan.Virtumod.10249 TrendMicro = TROJ_GEN.R26C1K2 Kaspersky = Trojan.Win32.Monder.mzbg Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Monder.abeq McAfee = Generic.dx!yco F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.BZ.gen!Eldorado AVG = Crypt_c.CDP Norman = W32/Kryptik.AIF Sophos = Troj/MsPoser-B GData = Gen:Variant.Vundo.13 Symantec = Trojan.Gen.2 Commtouch = W32/Virtumonde.BZ.gen!Eldorado BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.JHJ
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:12:24 16:12:21-05:00 PE Type : PE32 Linker Version : 5.12 Code Size : 41984 Initialized Data Size : 80384 Uninitialized Data Size : 0 Entry Point : 0xb21d OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.2600.0 Product Version Number : 6.0.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Internet Connection Wizard Trial Reminder Helper File Version : 6.00.2600.0000 (xpclient.010817-1148) Internal Name : trialoc Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : trialoc.dll Product Name : Microsoft® Windows® Operating System Product Version : 6.00.2600.0000 Ole Self Register :
VirusTotal Report submitted 2011-11-11 12:46:36
VirusShare info last updated 2012-07-25 02:52:52

	MD5	b0fe6fb22e15c21c0e5b6a27842cfd7c
	SHA1	236465bfd56308008709940d5678e6ade2804c11
	SHA256	9e3621432768e90bd295e87f52f1fc3def2589b661d88bf736b709ed5c4817e7
SSDeep	1536:GALvdYWT2EeEcHKK4b0r09lenTJJhabHLWB2vDhBEQtaxkQf:BdZq//Kfv9lenFJhcLRrexkQf
Size	76800 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/Win32.Monder.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Trj/Genetic.gen nProtect = Trojan/W32.Monder.76800.C K7AntiVirus = Riskware eTrust-Vet = Win32/Monder.A!generic TrendMicro-HouseCall = TROJ_GEN.R4FC2G7 Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.Click1.61036 TrendMicro = TROJ_GEN.R4FC2G7 Kaspersky = Trojan.Win32.Monder.mxhb Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Monder.BMF!tr PCTools = Trojan.Gen Jiangmin = Trojan/Monder.abee McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.YJO Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.ndi BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.NDI
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:06:29 07:32:37-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 32768 Initialized Data Size : 90112 Uninitialized Data Size : 0 Entry Point : 0x4add OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 2 Language Code : Neutral Character Set : Unicode Company Name : Microsoft Feyzmogvamr File Description : Greenlandic Keyboard Layout File Version : 6.0.6000.16386 (edkrn_rtm.061101-2205) Internal Name : kbdgrlnd (3.13) Legal Copyright : © Oscyawtxx Pxpucqjdtev. All rights reserved. Original Filename : kbdgrlnd.dll Product Name : Vhrnqseir® Eipvpsk® Bxmonqxom Vrwqts Product Version : 6.0.6000.16386
VirusTotal Report submitted 2011-11-11 13:25:56
VirusShare info last updated 2012-07-25 02:53:48

	MD5	d223ece3718389f01d07ac020f3443a8
	SHA1	7a7fe9ebf30e99d523cd079287357cd849dba890
	SHA256	a4d5500daa8a5985aaee5d330d89c3c2a09d40c5fad81cbbef485fbb41e23eaa
SSDeep	1536:9KwSSWlWiBOkTjDIEtVszufITHMHx5AAl7wyMqqU+NV23S2I3P:9KvHWiBOkVtKzufsC7nHMqqDLy/I3P
Size	86016 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/win32.agent.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.HDC Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!FFa+32wSG/0 TrendMicro-HouseCall = TROJ_GEN.R01C7K1 Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.WinSpy.1213 TrendMicro = TROJ_GEN.R01C7K1 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.pwbi McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.4 VIPRE = Virtumonde eSafe = Win32.Trojan AVG = Generic23.COHA Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen.2 BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.QGU
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:09:29 07:33:32-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 20480 Initialized Data Size : 114688 Uninitialized Data Size : 0 Entry Point : 0x5947 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Iojcjyrqs Eboxmwckloy File Description : NetWare Logon Script Utility File Version : 5.1.2600.0 (htbazejm.010817-1148) Internal Name : nwscript Legal Copyright : © Pjjwdqspv Evyejdkxyok. All rights reserved. Original Filename : nwscript.exe Product Name : Ukqdxmkpo® Pdueldb® Vfknwymhu Bruran Product Version : 5.1.2600.0
VirusTotal Report submitted 2011-11-10 18:54:14
VirusShare info last updated 2012-07-25 02:54:36

	MD5	d7909122dcb29c7dfbb96472b04ed507
	SHA1	e504fae1d0e4c88ada794cec67fbe511689e1401
	SHA256	cbb2d2b5d764afecca7581b0dd8e2b8a81e40d97e070f84c3d535e8d61002377
SSDeep	1536:/OJl+vHFlm9zYVFfuEnCpoZ0O2jtXPrWsTT8Dlw7gnrqVCnChzBY6j7VlK24waSB:/O6vHFs+GEnCGmbjpW0qw7aqVCQzBY6d
Size	91648 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = AdWare/Win32.SuperJuan.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.HDC Panda = Trj/CI.A Rising = Trojan.Win32.Generic.1262732F nProtect = Gen:Variant.Vundo.13 K7AntiVirus = Riskware VirusBuster = Trojan.Injector!lLcuPm0hVGY VBA32 = Trojan.Monder.myvj TrendMicro-HouseCall = TROJ_GEN.R4FC3E4 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Generic.dx!yel TrendMicro = TROJ_GEN.R4FC3E4 Kaspersky = Trojan.Win32.Monder.myvj Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen McAfee = Generic.dx!yel F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.BZ.gen!Eldorado AVG = Dropper.Generic4.BPNF Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.13 Symantec = Trojan.Gen.2 Commtouch = W32/Virtumonde.BZ.gen!Eldorado BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Injector.DSE
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:08:06 20:21:23-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 49152 Initialized Data Size : 78336 Uninitialized Data Size : 0 Entry Point : 0xcf41 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 3.0.0.0 Product Version Number : 3.0.0.0 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft File Description : RegWizExe File Version : 3, 0, 0, 1 Internal Name : RegWizExe Legal Copyright : Copyright © 1998 Original Filename : RegWiz.exe Product Name : RegWizExe Product Version : 3, 0, 0, 1
VirusTotal Report submitted 2011-11-10 19:00:26
VirusShare info last updated 2012-07-25 02:54:42

	MD5	d913b9bdc2a50154f1a2aab7a24a5ede
	SHA1	c5005d1dbba339d234afae93c3a0392d61f1e9ea
	SHA256	7867688102af144430fc0a6cddabcd88f82dcafa0e529108789d563db5c9ac36
SSDeep	3072:4MfzecjOIC2YGC7uX3D5GZHSETRffApyF:4MfzepdGC7SMUM
Size	108032 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/Win32.Menti.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Menti Panda = Trj/Genetic.gen nProtect = Gen:Variant.Renos.61 K7AntiVirus = Riskware VBA32 = AdWare.SuperJuan.heur TrendMicro-HouseCall = TROJ_GEN.R26C1K2 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Generic.dx!yeo DrWeb = Trojan.Siggen2.29520 TrendMicro = TROJ_GEN.R26C1K2 Kaspersky = Trojan.Win32.Menti.hgow Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.cttb McAfee = Generic.dx!yeo F-Secure = Gen:Variant.Renos.61 VIPRE = Virtumonde F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Cryptic.BTF Norman = W32/Kryptik.AIF Sophos = Mal/EncPk-XI GData = Gen:Variant.Renos.61 Symantec = Trojan.Gen.2 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.jhe BitDefender = Gen:Variant.Renos.61 NOD32 = a variant of Win32/Kryptik.JHE
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:08:12 22:23:24-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 61440 Initialized Data Size : 81408 Uninitialized Data Size : 0 Entry Point : 0xfd34 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.0 Product Version Number : 5.2.3790.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : ACPI Embedded Controller Driver File Version : 5.2.3790.0 (srv03_rtm.030324-2048) Internal Name : acpiec.sys Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : acpiec.sys Product Name : Microsoft® Windows® Operating System Product Version : 5.2.3790.0
VirusTotal Report submitted 2011-11-10 19:01:21
VirusShare info last updated 2012-07-25 02:54:44

	MD5	db822bf8d8d780d7057e3fc230b1646f
	SHA1	6fbcc9177681b506232326e22ad00997de7f772b
	SHA256	6532186c424635ecedb88ceb8583e5d09d54ca137207552c0d9623cdcd672153
SSDeep	6144:dXENXMnlnwKlz7+f1RSc/8z8YE3KoSJeMjgxe2Gv8BJKwYLsTys/6o:t0XMlnw9NRB/8z8H3KoEdg5GIaLYf
Size	350720 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Pirminay.ejv Avast = Win32:Kryptik-AZG [Trj] Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Malware.350720.I Panda = Generic Trojan nProtect = Trojan/W32.Agent.350720.AP K7AntiVirus = Trojan VirusBuster = Trojan.Pirminay!GaRzhVdMlio VBA32 = Trojan.Pirminay.ejv TrendMicro-HouseCall = TROJ_GEN.R4FC2DK Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[RE] McAfee-GW-Edition = Heuristic.BehavesLike.Win32.Downloader.H DrWeb = Trojan.DownLoader2.59285 TrendMicro = TROJ_GEN.R4FC2DK Kaspersky = Trojan.Win32.Pirminay.ejv Microsoft = TrojanDownloader:Win32/Renos.KC Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.pn McAfee = Generic Malware.ms ClamAV = Trojan.Agent-248135 F-Secure = Trojan.Generic.5700350 VIPRE = Trojan.Win32.Generic!BT AVG = Generic21.BEIU Norman = W32/Obfuscated.L Sophos = Troj/Virtum-Gen GData = Trojan.Generic.5700350 Symantec = Trojan.Gen TheHacker = Trojan/Pirminay.ejv BitDefender = Trojan.Generic.5700350 NOD32 = a variant of Win32/Kryptik.LLT
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:08 07:31:50-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 57344 Initialized Data Size : 585728 Uninitialized Data Size : 0 Entry Point : 0xad9f OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7000.0 Product Version Number : 6.1.7000.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 2 Language Code : Neutral Character Set : Unicode Company Name : Obbizceic Qqnssfsxkjq File Description : Slovak(QWERTY) Keyboard Layout File Version : 6.1.7000.0 (winmain_win7beta.081212-1400) Internal Name : kbdsl1 (3.13) Legal Copyright : © Zrvbdazup Rqgfnxliiku. All rights reserved. Original Filename : kbdsl1.dll Product Name : Kxmdamrut® Asngghx® Operating Jtmfol Product Version : 6.1.7000.0
VirusTotal Report submitted 2011-11-11 14:06:06
VirusShare info last updated 2012-07-25 02:54:47

	MD5	efa9086462cf2937a51f759bce90829c
	SHA1	04728eafce95634e515729feba08fc61d83f88d9
	SHA256	4507ad6ccb81793c1efe5c6bb5dc3c0e4b8feff50b198bd90a33cc83763c93ef
SSDeep	6144:wakqqH9brxrMR7m2cmlbyFWwv5OQjnnoFr/:7kybYl5OUno
Size	217088 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-GD [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.HDC Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.6 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!rMWcej3g2vc TrendMicro-HouseCall = TROJ_GEN.R72C2ET Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Vundo!kb TrendMicro = TROJ_GEN.R72C2ET Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr Jiangmin = Trojan/Generic.gtuz McAfee = Vundo!kb F-Secure = Gen:Variant.Vundo.6 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.AYVV Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.6 Symantec = WS.Reputation.1 Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Gen:Variant.Vundo.6 NOD32 = probably a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:08:10 09:01:37-04:00 PE Type : PE32 Linker Version : 6.0 Code Size : 151552 Initialized Data Size : 102400 Uninitialized Data Size : 0 Entry Point : 0x25a31 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.5479.0 Product Version Number : 6.0.5479.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 1 Language Code : English (U.S.) Character Set : Unicode Company Name : SEIKO EPSON CORPORATION File Description : EPSON Printer Driver File Version : 6.0.5479.0 (vbl_wcp_d2_drivers.060616-1619) Internal Name : ep0lvr1m.dll Legal Copyright : Copyright (c) SEIKO EPSON CORPORATION 2003-2004. All rights reserved. Original Filename : ep0lvr1m.dll Product Name : EPSON Printer Driver Product Version : 6.0.5479.0
VirusTotal Report submitted 2011-11-10 19:18:21
VirusShare info last updated 2012-07-25 02:55:21

	MD5	f231f2d2f7d9078845cb5e5cbb945f4a
	SHA1	44f7e7b437d6a538b907fbed2b3e28e6da4f6967
	SHA256	ae7ff29282925f8e12dde7cb629e88fe430d2b8758001c17e6fadd884add1609
SSDeep	6144:RajqY7vJrxDMRzm2cmlbyFWwv5d88nno1r/:w5ebYl5d/no
Size	217088 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-GD [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.HDC Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.6 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!GH2NdvMKr4Q TrendMicro-HouseCall = TROJ_GEN.R72C2ET Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Vundo!kk TrendMicro = TROJ_GEN.R72C2ET Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr Jiangmin = Trojan/Generic.gtuz McAfee = Vundo!kk F-Secure = Gen:Variant.Vundo.6 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.AYPW Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.6 Symantec = WS.Reputation.1 Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Gen:Variant.Vundo.6 NOD32 = probably a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:08:10 09:01:37-04:00 PE Type : PE32 Linker Version : 6.0 Code Size : 151552 Initialized Data Size : 102400 Uninitialized Data Size : 0 Entry Point : 0x25a31 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.5479.0 Product Version Number : 6.0.5479.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 1 Language Code : English (U.S.) Character Set : Unicode Company Name : SEIKO EPSON CORPORATION File Description : EPSON Printer Driver File Version : 6.0.5479.0 (vbl_wcp_d2_drivers.060616-1619) Internal Name : ep0lvr1m.dll Legal Copyright : Copyright (c) SEIKO EPSON CORPORATION 2003-2004. All rights reserved. Original Filename : ep0lvr1m.dll Product Name : EPSON Printer Driver Product Version : 6.0.5479.0
VirusTotal Report submitted 2011-11-10 19:21:28
VirusShare info last updated 2012-07-25 02:55:27

	MD5	f33ebd760c7711cb70ba022c5bab8b45
	SHA1	692ad1f30e13a59a8c1a40dfd9d3a990382583c2
	SHA256	42c5814577a8a88d377545a563e8c986387672f556351d180561255a6efc6c40
SSDeep	768:c8gu+JOOB5wrBVg78gO9+O9O9OBzeLHCGDFwrsQVjhW3vEsOJlfPiToSgCz+9Q5M:c8g/Jt0rcS9+omOBzKurQ8sOb4oF9Q1s
Size	47616 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = AdWare/Win32.SuperJuan.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Adware/Win32.SuperJuan Panda = Generic Trojan Rising = Trojan.Win32.Generic.1246FB38 nProtect = Trojan/W32.Small.47616.AO K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!3fdZ5xijZ7E TrendMicro-HouseCall = TROJ_GEN.R72C2EG Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Generic PUP.z!gg DrWeb = Trojan.Virtumod.10338 TrendMicro = TROJ_GEN.R72C2EG Kaspersky = not-a-virus:AdWare.Win32.SuperJuan.abdt Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr McAfee = Generic PUP.z!gg F-Secure = Trojan.Generic.5972334 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.BZ.gen!Eldorado AVG = Generic22.AUXE Norman = W32/Kryptik.AIF GData = Trojan.Generic.5972334 Symantec = WS.Reputation.1 Commtouch = W32/Virtumonde.BZ.gen!Eldorado BitDefender = Trojan.Generic.5972334 NOD32 = a variant of Win32/Kryptik.HZV
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:05:28 14:37:57-04:00 PE Type : PE32 Linker Version : 6.0 Code Size : 41984 Initialized Data Size : 40448 Uninitialized Data Size : 0 Entry Point : 0xb30b OS Version : 4.0 Image Version : 4.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 7.2.0.0 Product Version Number : 6.0.6001.16459 File Flags Mask : 0x003f File Flags : Private build File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Unicode Company Name : Adaptec, Inc. File Description : Adaptec StorPort Ultra320 SCSI Driver File Version : 7.2.000.000 (NT.070221-1245) Internal Name : PH 3.0 MS_V98 V564 bw01 - RTC07 Legal Copyright : Copyright © 2003 Adaptec, Inc. All rights reserved. Original Filename : adpu320.sys Product Name : Adaptec Windows Ultra320 Family Driver Product Version : 6.0.6001.16459
VirusTotal Report submitted 2011-11-10 19:22:50
VirusShare info last updated 2012-07-25 02:55:28

	MD5	f49b208b2672ba2801294071740f1ce6
	SHA1	505957e3d26ba0201d7c1b4337fcc129b9fa633c
	SHA256	68abfa44fe3fe7ea5248f091db53d3d9eb324328c5c41324de0a83c33e0fd4b2
SSDeep	6144:hma9qPBPArx2MRym2cmlbyFWwv5Cn1nnoBr/:X3cbYl5C1no
Size	217088 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-GD [Cryp] Antiy-AVL = Trojan/win32.agent.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.HDC Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.6 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!+5AGRUktgD8 TrendMicro-HouseCall = TROJ_GEN.R72C2FB Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Vundo!kk TrendMicro = TROJ_GEN.R72C2FB Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr Jiangmin = Trojan/Generic.gtuz McAfee = Vundo!kk F-Secure = Gen:Variant.Vundo.6 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.AYDI Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.6 Symantec = WS.Reputation.1 Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Gen:Variant.Vundo.6 NOD32 = probably a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:08:10 09:01:37-04:00 PE Type : PE32 Linker Version : 6.0 Code Size : 151552 Initialized Data Size : 102400 Uninitialized Data Size : 0 Entry Point : 0x25a31 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.5479.0 Product Version Number : 6.0.5479.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 1 Language Code : English (U.S.) Character Set : Unicode Company Name : SEIKO EPSON CORPORATION File Description : EPSON Printer Driver File Version : 6.0.5479.0 (vbl_wcp_d2_drivers.060616-1619) Internal Name : ep0lvr1m.dll Legal Copyright : Copyright (c) SEIKO EPSON CORPORATION 2003-2004. All rights reserved. Original Filename : ep0lvr1m.dll Product Name : EPSON Printer Driver Product Version : 6.0.5479.0
VirusTotal Report submitted 2011-11-10 19:24:14
VirusShare info last updated 2012-07-25 02:55:31

	MD5	ff91da21335a637bb79099551f3a89a3
	SHA1	1a9c561ef51381f9541b54c1c06c007c8d9abd58
	SHA256	b1482da2852d799695de4ef89fa81c204413d9d3a51ca655064ce85a609ea6df
SSDeep	3072:eETYc2lGIC0jV1eNURJXdIn5UIyQk6qhtDQZVlPulXMIqFLYiA6TZvgs+Q+HQ1Om:e0RRE1bhdIBkrD+klX5l6NIs7UGfkN
Size	217088 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Graftor.1139.6 Avast = Win32:Pirminay-ED [Trj] Antiy-AVL = Trojan/Win32.Jorik Ikarus = Trojan-Downloader.Win32.Ponmocup AhnLab-V3 = Trojan/Win32.Pirminay Panda = Generic Malware Rising = Trojan.Win32.Generic.129E4219 nProtect = Trojan/W32.Jorik.217088.I VirusBuster = Trojan.Kryptik!Fs0GVbZ5LPE VBA32 = Trojan.Jorik.Pirminay.arw TrendMicro-HouseCall = TROJ_GEN.RC1C1K2 Emsisoft = Trojan-Downloader.Win32.Ponmocup!IK Comodo = TrojWare.Win32.Trojan.Agent.Gen SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] DrWeb = Trojan.WinSpy.1014 ByteHero = Trojan.Win32.Heur.Gen TrendMicro = TROJ_GEN.RC1C1K2 Kaspersky = Trojan.Win32.Jorik.Pirminay.arw Microsoft = TrojanDownloader:Win32/Ponmocup.A PCTools = Trojan.Gen Jiangmin = Trojan/Generic.kfzm McAfee = Generic Malware.ms F-Secure = Gen:Variant.Graftor.1139 VIPRE = Trojan.Win32.Generic!BT eSafe = Win32.Trojan AVG = Generic25.AMVO Norman = W32/Obfuscated.L Sophos = Mal/Generic-L GData = Gen:Variant.Graftor.1139 Symantec = Trojan.Gen.2 TheHacker = Trojan/Kryptik.ufa BitDefender = Gen:Variant.Graftor.1139 NOD32 = a variant of Win32/Kryptik.UFA
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 16384 Initialized Data Size : 204800 Uninitialized Data Size : 0 Entry Point : 0x1292 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 0.3.0.0 Product Version Number : 5.2.3790.1224 File Flags Mask : 0x003f File Flags : Private build File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 1 Language Code : English (U.S.) Character Set : Unicode Company Name : Btlnwdkir Hbpyfmmepwm File Description : Canon BJ Mini Printer Driver File Version : 5.2.3790.1224 (dnsrv(skatari).040514-1058) Internal Name : CNB80.DLL Legal Copyright : © Wayyzpmuo Haxekojksmi. All rights reserved. Original Filename : CNB80.DLL Product Name : Idxihulhn® Fxpxeya® Svwjxmxpu Gdzvoq Product Version : 5.2.3790.1224
VirusTotal Report submitted 2011-11-11 14:54:36
VirusShare info last updated 2012-07-25 02:55:53

	MD5	48cba77390efd276a2f4c1faed390ac1
	SHA1	2bc317f2c4a57cf26a140e928a19c141659bd5fe
	SHA256	ed23e40a7990b90d01fc9368c6e11e3e3b5110315c5b76adac2f133ca786c35a
SSDeep	6144:HZQhKA/vvqOh8jTkoKaq89viSeN63cIjDDTqvxLAUc4KG0Jc:5mKAPIwaq8tLjs2eZcD4cc
Size	365028 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	Ikarus = Trojan.Win32.Pirminay AVG = Generic22.BKEZ Symantec = Suspicious.Cloud.5 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:21 22:54:51-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 49152 Initialized Data Size : 606208 Uninitialized Data Size : 0 Entry Point : 0x9612 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.0.3209 Product Version Number : 5.2.0.3209 File Flags Mask : 0x003f File Flags : Pre-release, Private build File OS : Win32 Object File Type : Driver File Subtype : 11 Language Code : Neutral Character Set : ASCII Comments : Chinese(Traditional) IME Migraation Company Name : Lscsckulb Upagsesehkh File Description : Ximkfskgw Traditional Chinese IME Migration File Version : 5.2.3209 Internal Name : Microsoft Traditional Chinese IME Migration Legal Copyright : Copyright (C) Wzizctdym Corp. 1999-2001 Original Filename : MIGRATE.DLL Product Name : Gmtcufdrg Traditional Chinese IME Migration Product Version : 5.2.3209
VirusTotal Report submitted 2011-05-28 05:56:04
VirusShare info last updated 2012-07-25 02:56:55

	MD5	77f326030810119c38602a09ddb40287
	SHA1	b05a9decca98acd8ffc9f9dde280b4f7f43c40db
	SHA256	f006a80e75863a9c50a612ad3fa9ef44253189f3132f6d5830dfedf24b25fbff
SSDeep	6144:eEs5ljDuUHiqam7UYpJ6XnFN67eWlFcY4wbncwsVjo1c5eRHv:z4ljDuYi47UK6XnFkescY4wrn2joa5ed
Size	344156 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	Ikarus = Trojan.Win32.Pirminay nProtect = Gen:Variant.Zbot.34 Emsisoft = Trojan.Win32.Pirminay!IK F-Secure = Gen:Variant.Zbot.34 Sophos = Mal/Ponmocup-A GData = Gen:Variant.Zbot.34 BitDefender = Gen:Variant.Zbot.34 NOD32 = a variant of Win32/Kryptik.NDZ
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:02:06 23:57:43-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 40960 Initialized Data Size : 593920 Uninitialized Data Size : 0 Entry Point : 0x7852 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.0 Product Version Number : 5.2.3790.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Nsnkjfxbk Aqaqgriudtz File Description : DCOM Proxy for NPPAgent Object File Version : 5.2.3790.0 (srv03_rtm.030324-2048) Internal Name : ProxyRemote.DLL Legal Copyright : © Iptzslvsi Yzlnbmznoxs. All rights reserved. Original Filename : ProxyRemote.DLL Product Name : Lkmwwcafc® Atveeph® Vcxsjvhcr Bypoke Product Version : 5.2.3790.0
VirusTotal Report submitted 2011-05-30 15:30:35
VirusShare info last updated 2012-07-25 02:57:12

	MD5	a0f4ddbaf90a3a27bc2355c5c9b90600
	SHA1	a65f83c98b1f283154a1fb8394d318ee8b017a9b
	SHA256	3fdda7d15a5e576c526027883422299e4d78e4c35f27530ce3333a142b4fada0
SSDeep	1536:W2f3pg/KzOy89PaGudKj2Xz5BKbGtDGZZolTlBDGIglhy05WVM/8+NZm0m:XfRzS9zuwaXlvDOolTqIg3KM/JNZm0
Size	122880 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-GD Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Gen Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.13 VirusBuster = Trojan.Kryptik!8UqFDHJskw4 TrendMicro-HouseCall = TROJ_GEN.R47C2FJ Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Artemis!A0F4DDBAF90A TrendMicro = TROJ_GEN.R47C2FJ Microsoft = Trojan:Win32/Vundo PCTools = Trojan.Gen McAfee = Artemis!A0F4DDBAF90A F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-GD AVG = Generic22.ZJX Norman = W32/Obfuscated.C2!genr Symantec = Trojan.Gen GData = Gen:Variant.Vundo.13 TheHacker = Trojan/Kryptik.nds BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.NDS
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:08:29 01:32:30-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 57344 Initialized Data Size : 98304 Uninitialized Data Size : 0 Entry Point : 0xb70a OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Kcssvwbkk Mpoiygxoupe File Description : Llrxajq Write File Version : 5.1.2600.0 (uxozrtxg.010817-1148) Internal Name : write Legal Copyright : © Lerxelvhk Xwronziumui. All rights reserved. Original Filename : write Product Name : Uprgknoah® Ngtbofq® Mucsciuya Reywjr Product Version : 5.1.2600.0
VirusTotal Report submitted 2011-06-20 05:37:00
VirusShare info last updated 2012-07-25 02:57:29

	MD5	a8b5b661df752e8d6c2dd41911bfd30c
	SHA1	243b3c5216498fac45d592ebb00982d8f7291174
	SHA256	8e4299dd2e9225fda1e6ed2d9ba9be2a438b2f2744e40aefb458127416a9d61f
SSDeep	6144:tbr1orZQK109h9E2qpknqXinCOFsVqFkOxOI74okJ3uCPrYcU/+:tb2l91w6L8IVckOxxoD8/+
Size	339968 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	Ikarus = Trojan.Win32.Pirminay PCTools = HeurEngine.MaliciousPacker F-Secure = Gen:Variant.Vundo.11 Symantec = Packed.Generic.305 GData = Gen:Variant.Vundo.11 BitDefender = Gen:Variant.Vundo.11
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:04:07 03:49:20-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 12288 Initialized Data Size : 638976 Uninitialized Data Size : 0 Entry Point : 0x3240 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7000.0 Product Version Number : 6.1.7000.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Mzfciacsk Ahshyoemhyn File Description : Bluetooth Hands-free Audio Device Driver File Version : 6.1.7000.0 (winmain_win7beta.081212-1400) Internal Name : BthHFAud.sys Legal Copyright : © Panrstfhj Kzemflzylwz. All rights reserved. Original Filename : BthHFAud.sys Product Name : Aojgrssej® Oazwque® Cmrtungid Rklexm Product Version : 6.1.7000.0
VirusTotal Report submitted 2011-05-29 21:34:36
VirusShare info last updated 2012-07-25 02:57:33

	MD5	fd862085fabbb1631cf52f51de232cda
	SHA1	18ff780c2ae9f609727f3bfed442bf67746d2cf7
	SHA256	2f72fe1ecb68775def8275645bf762fae86859fe5cd238fe31cd67d42839c06c
SSDeep	3072:bzkO4rHfOb2Kf4jw+HkwnbURuRqfK0KrkYHDDy9ct1DS/LpV:D4jfObBfq7HkKl
Size	141824 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-GD Antiy-AVL = Trojan/Win32.Monder.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Gen Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.13 K7AntiVirus = Riskware VirusBuster = Trojan.Monder!2zosYYRYK9o TrendMicro-HouseCall = TROJ_GEN.R72C2F1 Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Agent.ni McAfee-GW-Edition = Vundo!ix TrendMicro = TROJ_GEN.R72C2F1 Kaspersky = Trojan.Win32.Monder.drjy Microsoft = Trojan:Win32/Vundo PCTools = Trojan.Gen McAfee = Vundo!ix F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-GD eSafe = Win32.TRVundo AVG = Generic22.BFFT Norman = W32/Suspicious_Gen2.MWRBU Symantec = Trojan.Gen GData = Gen:Variant.Vundo.13 BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.NDF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:03:03 18:06:55-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 61440 Initialized Data Size : 114688 Uninitialized Data Size : 0 Entry Point : 0xf7fb OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.0.3000.18 Product Version Number : 5.0.3000.18 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 1 Language Code : Danish Character Set : Unicode Company Name : Brother Industries, Ltd. File Description : Brother MFC7000 driver File Version : 5.0.3000.18 (vbl_wcp_d2_drivers.060616-1619) Internal Name : brclr0.dll Legal Copyright : Copyright (C) Brother Industries, Ltd. 2002 Original Filename : brclr0.dll Product Name : Uhmnmizom® Jxxzmhm® Operativsystem Product Version : 5.0.3000.18
VirusTotal Report submitted 2011-06-20 08:52:54
VirusShare info last updated 2012-07-25 02:58:04

	MD5	191990da0df8fcf02c8c9137f0719adc
	SHA1	6e9bd9b81db6e6d234dd721af29a603411f69fac
	SHA256	8c98173471d7f205e7de30ea8ba5531611c0d4818d6e915f4a7a9103a3763e44
SSDeep	3072:ZjmajsWf4wJQ4sKPBcDs8BdK1tnXMhQRU688raUae2cxD:ZdjQsPOrE1tnXMKZHp2
Size	116224 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dldr.Tracur.AG.16 Avast = Win32:Kryptik-FGX [Trj] Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan-Downloader.Win32.Tracur AhnLab-V3 = Trojan/Win32.HDC Panda = Suspicious file Rising = Suspicious nProtect = Gen:Variant.Kazy.40446 Emsisoft = Trojan-Downloader.Win32.Tracur!IK SUPERAntiSpyware = Trojan.Agent/Gen-MSFake DrWeb = Trojan.Hosts.5082 Kaspersky = Trojan.Win32.Pirminay.pbv Microsoft = TrojanDownloader:Win32/Tracur.AG PCTools = Trojan.Gen McAfee = Suspect-AB!191990DA0DF8 F-Secure = Gen:Variant.Kazy.40446 VIPRE = Trojan.Win32.Generic!BT AVG = Generic25.AGKN Norman = W32/Suspicious_Gen2.RLNSR GData = Gen:Variant.Kazy.40446 Symantec = Trojan.Gen.2 TheHacker = Trojan/Kryptik.ucc BitDefender = Gen:Variant.Kazy.40446 NOD32 = a variant of Win32/Kryptik.UCC
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:01:17 00:36:04-05:00 PE Type : PE32 Linker Version : 5.1 Code Size : 89600 Initialized Data Size : 16384 Uninitialized Data Size : 208896 Entry Point : 0x2b7d OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Unimodem Service Provider AT Mini Driver File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : UNIMDMAT Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : UNIMDMAT.DLL Product Name : Microsoft® Windows® Operating System Product Version : 6.1.7600.16385
VirusTotal Report submitted 2011-10-31 16:46:15
VirusShare info last updated 2012-07-25 03:01:38

	MD5	20e470af35f78b92a6ee3074ac085dac
	SHA1	035b1ea26299b74800e546d17b5f1d19088b69a6
	SHA256	5d806dc173f415bd3d61b0c5d82fe5a655634b63237df47488b496217514a110
SSDeep	3072:V6RiZeEVAcR4enPgAVeb93Dg2elRMqqDLy/A5kS:VnIxcR4ePexP9qqDLu0
Size	136704 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-HF [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Fakeav.136704.AN Panda = Suspicious file nProtect = Trojan/W32.Agent.136704.HD K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_GEN.R4FC2IK Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falleg[RE] McAfee-GW-Edition = Artemis!20E470AF35F7 DrWeb = Trojan.Virtumod.10084 TrendMicro = TROJ_GEN.R4FC2IK Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.ineh F-Secure = Gen:Variant.Graftor.671 F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.DKB Sophos = Mal/Generic-L Symantec = Trojan.Gen GData = Gen:Variant.Graftor.671 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.myj BitDefender = Gen:Variant.Graftor.671 NOD32 = a variant of Win32/Kryptik.MYJ
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:20 09:51:04-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 106496 Initialized Data Size : 86016 Uninitialized Data Size : 0 Entry Point : 0x1649a OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 0.90.16.16384 Product Version Number : 0.90.16.16384 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Unicode Company Name : N-trig Innovative Technologies File Description : N-trig tablet digitizer in-box driver File Version : 0.90.16.16384 (Vista_RC1.060509-2219) Internal Name : ntrigdigi.sys Legal Copyright : © Crhnesmrg Reogypswwyj. All rights reserved. Original Filename : ntrigdigi.sys Product Name : N-trig tablet digitizer in-box driver Product Version : 0.90.16.16384
VirusTotal Report submitted 2011-10-30 09:52:20
VirusShare info last updated 2012-07-25 03:02:19

	MD5	5dc2e07d6d3c0947fe4d895cd9899e67
	SHA1	e0a41505fcf3251b57b1cf63572b3bce7eed44b8
	SHA256	0bf4511b1c230289b114e7dcee8e4a325b656010533a234c68e7507283eaa09f
SSDeep	1536:hT6KSZq4HKhrsS1RmLwfz8N6NF5+04iPlm4sxd2VXIm010TlBovffnnC:IKMlurJQb6NFHlmp+hE3fC
Size	94208 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.AV.579 Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/Win32.Monder.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Generic Trojan Rising = Trojan.Win32.Generic.129F3660 nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware eTrust-Vet = Win32/Monder.A!generic Emsisoft = Trojan.Win32.Pirminay!IK DrWeb = Trojan.Virtumod.10211 Kaspersky = Trojan.Win32.Monder.drjy Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Monder.BMF!tr Jiangmin = Trojan/Monder.aamt F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.BYAV Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.llt BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LLT
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:04:26 06:34:44-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 36864 Initialized Data Size : 90112 Uninitialized Data Size : 0 Entry Point : 0x6021 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 3.2.0.28 Product Version Number : 3.2.0.28 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : File Description : SStub Module File Version : 3, 2, 0, 28 Internal Name : SStub Legal Copyright : Copyright 1999 Legal Trademarks : OLE Self Register : Original Filename : SStub.DLL Private Build : Product Name : SStub Module Product Version : 3, 2, 0, 28 Special Build :
VirusTotal Report submitted 2011-11-02 07:39:41
VirusShare info last updated 2012-07-25 03:10:30

	MD5	6629250d4f1c487ce15015f7665b5415
	SHA1	88fd42caa611c58bf18999a890eb19bf4b160927
	SHA256	f4f6490e25a1e09eed0d405040019bf9838005d93a66b0bd2dd98aaccf1a01ab
SSDeep	1536:i7G68UG5cS3TzOcwnj1uLLTFaqa5qsIOPNOovxaryhFFXk8THPzC+wyCNVXg:KG68znncj1uXXyqsIQO0gyhvk8ftlCLw
Size	87040 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:MalOb-HH [Cryp] Ikarus = Trojan.Win32.Pirminay Panda = Suspicious file Rising = Trojan.Win32.Generic.126E90AF nProtect = Trojan/W32.Agent.87040.HL K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_GEN.R30C7JV Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Vundo.av McAfee-GW-Edition = Artemis!6629250D4F1C TrendMicro = TROJ_GEN.R30C7JV Kaspersky = Trojan.Win32.Menti.iplt Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = HeurEngine.MaliciousPacker Jiangmin = Trojan/Generic.jfrd McAfee = Artemis!6629250D4F1C F-Secure = Gen:Variant.Vundo.4 F-Prot = W32/Virtumonde.BZ.gen!Eldorado Norman = W32/Kryptik.AIF Symantec = Packed.Generic.305 GData = Gen:Variant.Vundo.4 Commtouch = W32/Virtumonde.BZ.gen!Eldorado BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.IAC
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:06:05 03:19:00-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 75264 Initialized Data Size : 47616 Uninitialized Data Size : 0 Entry Point : 0x133c7 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Remote Procedure Call Name Service Client File Version : 5.1.2600.0 (XPClient.010817-1148) Internal Name : rpcns4.dll Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : rpcns4.dll Product Name : Microsoft® Windows® Operating System Product Version : 5.1.2600.0
VirusTotal Report submitted 2011-11-01 05:09:19
VirusShare info last updated 2012-07-25 03:11:44

	MD5	72a268c759ed6af00fad0a4ee4a74545
	SHA1	8aca2979c8bf1e45c940f773a5886513705e0053
	SHA256	e4f1eabdafb1fc10e179f5c9e6d9d0daeda2ce63258e9b49e71d47d29f374bcb
SSDeep	1536:KSLwWvVUWxmHK/+S4NFEOqcOFb+DE4CQ:K47Vr4KP4NFEOqty
Size	52224 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Suspicious file nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Trojan VBA32 = AdWare.SuperJuan.heur eTrust-Vet = Win32/Monder.A!generic TrendMicro-HouseCall = TROJ_GEN.R72C7J1 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Vundo!mi DrWeb = Trojan.Virtumod.9769 TrendMicro = TROJ_GEN.R72C7J1 Kaspersky = Trojan.Win32.Monder.mvaz Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Monder.gqx McAfee = Vundo!mi F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) eSafe = Win32.TRVundo F-Prot = W32/Virtumonde.CI.gen!Eldorado AVG = Generic25.JXD Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CI.gen!Eldorado TheHacker = Trojan/Kryptik.lfr BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LFR
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:31 05:48:34-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 12288 Initialized Data Size : 86016 Uninitialized Data Size : 0 Entry Point : 0x357e OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 7.5.7000.0 Product Version Number : 7.5.7000.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Microsoft Windows BITS Managed Library File Version : 7.5.7000.0 (winmain_win7beta.081212-1400) Internal Name : Microsoft.Windows.BackgroundIntelligentTransfer.dll Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : Microsoft.Windows.BackgroundIntelligentTransfer.dll Product Name : Microsoft® Windows® Operating System Product Version : 7.5.7000.0
VirusTotal Report submitted 2011-10-24 01:21:45
VirusShare info last updated 2012-07-25 03:12:57

	MD5	ae30b89fc19cd850b2a0f4701aaf4a71
	SHA1	ea3a3b05cc59f8338e247faab84481086f25111f
	SHA256	8bca040ac638f79cf0ea7ac39a26a8736339665a9e6fb7d5ff94bbc2e20968fa
SSDeep	1536:GUEvd743gS4UDEeHKK4b0rn9leTJJhabHLWB2vDhBEQtaTkQf:EdcQZUDpKfw9leFJhcLRreTkQf
Size	76800 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-EI Ikarus = Trojan.Win32.Pirminay Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-EI AVG = Generic22.YJO GData = Gen:Variant.Vundo.4 BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.NDI
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:06:29 07:32:37-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 32768 Initialized Data Size : 90112 Uninitialized Data Size : 0 Entry Point : 0x4add OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 2 Language Code : Neutral Character Set : Unicode Company Name : Microsoft Feyzmogvamr File Description : Greenlandic Keyboard Layout File Version : 6.0.6000.16386 (edkrn_rtm.061101-2205) Internal Name : kbdgrlnd (3.13) Legal Copyright : © Oscyawtxx Pxpucqjdtev. All rights reserved. Original Filename : kbdgrlnd.dll Product Name : Vhrnqseir® Eipvpsk® Bxmonqxom Vrwqts Product Version : 6.0.6000.16386
VirusTotal Report submitted 2011-04-29 14:43:09
VirusShare info last updated 2012-07-25 03:18:46

	MD5	248e3be70f42ccc255f1c6c9be5fe17a
	SHA1	fae23d4dd1916f24084bc6864d64a88204db4b7e
	SHA256	568c5c294f9a6ec3cc775ec2111a9684cb80cbc1baedb6c2e582047454535d33
SSDeep	1536:SVu98EHXcGfHtS9KX+x5NKGeTdGh38aZl0BkKV:SVM8EHftiKdTdZRBkK
Size	61440 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/Win32.Menti.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Menti Panda = Suspicious file nProtect = Trojan/W32.Agent.61440.BYZ K7AntiVirus = Riskware VBA32 = AdWare.SuperJuan.heur TrendMicro-HouseCall = TROJ_GEN.R4FC1IM Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Vundo McAfee-GW-Edition = Generic.dx!xfd DrWeb = Trojan.Siggen2.31637 TrendMicro = TROJ_GEN.R4FC1IM Kaspersky = Trojan.Win32.Menti.heyp Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.ctws McAfee = Generic.dx!xfd F-Secure = Gen:Variant.Vundo.6 VIPRE = Trojan.Win32.Kryptik.jhe (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Cryptic.BTF Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen Symantec = Trojan.Gen.2 GData = Gen:Variant.Vundo.6 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.jhe BitDefender = Gen:Variant.Vundo.6 NOD32 = a variant of Win32/Kryptik.JHE
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:03:24 08:50:40-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 18944 Initialized Data Size : 78336 Uninitialized Data Size : 0 Entry Point : 0x5784 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.1830 Product Version Number : 5.2.3790.1830 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 6 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : MS Remote Access and Routing ARP Driver File Version : 5.2.3790.1830 (srv03_sp1_rtm.050324-1447) Internal Name : WANARP.SYS Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : WANARP.SYS Product Name : Microsoft® Windows® Operating System Product Version : 5.2.3790.1830
VirusTotal Report submitted 2011-11-14 07:22:09
VirusShare info last updated 2012-07-25 03:27:32

	MD5	25ad77b36b854dcede237d4855b62133
	SHA1	5e8cb6ffa7ca5469ef3ab764ac4bfca4e403b787
	SHA256	3a6c4a8d97a534ca8c7349ab245bb6c46d0da08411cf46c34862725382ca4add
SSDeep	3072:+2nw3C9d2HIUdWjdR75QKWUDO8st7pppo2:pwy9w/dWjTlXjDHsI
Size	103424 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-HH [Cryp] Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Genome Panda = Trj/Genetic.gen Rising = Trojan.Win32.Generic.12535B02 nProtect = Joke/W32.Renos.103424.C K7AntiVirus = Riskware VirusBuster = Trojan.Renos!BWokP5Qq8wk VBA32 = Trojan.Genome.qzfj TrendMicro-HouseCall = TROJ_GEN.R4FC2CU Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Redirect McAfee-GW-Edition = Vundo!hp DrWeb = Trojan.Click1.32891 TrendMicro = TROJ_GEN.R4FC2CU Kaspersky = Trojan.Win32.Monder.mygd Microsoft = Trojan:Win32/Vundo Fortinet = W32/Kryptik.ANL!tr PCTools = RogueAntiSpyware.SpywareStrike!rem Jiangmin = Trojan/Genome.ihm McAfee = Vundo!hp F-Secure = Trojan.Renos.PJY VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.BZ.gen!Eldorado AVG = Crypt_c.CEV Norman = W32/Suspicious_Gen2.LMXYD Sophos = Mal/Agent-PG Symantec = SpywareStrike GData = Trojan.Renos.PJY Commtouch = W32/Virtumonde.BZ.gen!Eldorado TheHacker = Trojan/Kryptik.hhf BitDefender = Trojan.Renos.PJY NOD32 = a variant of Win32/Kryptik.HHF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:17 15:51:36-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 92160 Initialized Data Size : 48640 Uninitialized Data Size : 0 Entry Point : 0x17649 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : Neutral Character Set : Unicode Company Name : Microsoft Corporation File Description : KO Hangeul Keyboard Layout for 101 (Type A) File Version : 6.0.6000.16386 (vista_rtm.061101-2205) Internal Name : kbd101a Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : kbd101a.dll Product Name : Microsoft® Windows® Operating System Product Version : 6.0.6000.16386
VirusTotal Report submitted 2011-11-14 07:23:49
VirusShare info last updated 2012-07-25 03:27:34

	MD5	63f832cffe4342907dd07434f40c2880
	SHA1	22bf4c750d7d1be59a675230e065397316dd4b2e
	SHA256	8bc85de72f540863451db3800817aace704fbebe1af5493b6ee2d8b36dda26a0
SSDeep	3072:kEohQNgl+BUqJ2r7e2VuF+IN5NgoHOTB2fXxi0DB:CKaYxJOVegouTB2vjD
Size	113664 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Genome Panda = Suspicious file Rising = Trojan.Win32.Generic.1260AC87 nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!GXfj6k77Aj0 TrendMicro-HouseCall = TROJ_GEN.R4FC3E2 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Generic.dx!zbz DrWeb = Trojan.Click1.58722 TrendMicro = TROJ_GEN.R4FC3E2 Kaspersky = Trojan.Win32.Genome.vheu Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Genome.hzo McAfee = Generic.dx!zbz F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.BZ.gen!Eldorado AVG = Generic25.ANVK Norman = W32/Vundo.UUW Sophos = Mal/Generic-L Symantec = Trojan.Gen GData = Gen:Variant.Vundo.4 Commtouch = W32/Virtumonde.BZ.gen!Eldorado BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2004:07:11 16:53:25-04:00 PE Type : PE32 Linker Version : 6.0 Code Size : 69632 Initialized Data Size : 80896 Uninitialized Data Size : 0 Entry Point : 0x11eed OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Microsoft® Windows(TM) RSVP Performance Monitor File Version : 5.1.2600.0 (xpclient.010817-1148) Internal Name : RSVP Performance Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : RSVPPERF.DLL Product Name : Microsoft® Windows® Operating System Product Version : 5.1.2600.0
VirusTotal Report submitted 2011-11-14 08:40:38
VirusShare info last updated 2012-07-25 03:29:02

	MD5	68c457375935325bbb734e7f4c89214d
	SHA1	4c52c282222ddaca629f7acbe126962a8f9ca698
	SHA256	aa5941036d7e4a9a51d34bffdae4ac47177f25c7ce0f8ca5a00b6c2b51af5ced
SSDeep	1536:EQi1LlybP2QVQfWvhGtyHpr8at6M+EGzG+BhHk4StYMtd4K+pmgs6wHG:RYlybPfVRHl8at6M+EreHk47PagmG
Size	83968 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/Win32.Menti.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Menti Panda = Suspicious file nProtect = Trojan/W32.Vundo.83968.BX K7AntiVirus = Riskware VBA32 = AdWare.SuperJuan.heur TrendMicro-HouseCall = TROJ_GEN.R4FC3EA Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Generic.dx!zcc DrWeb = Trojan.Siggen2.56183 TrendMicro = TROJ_GEN.R4FC3EA Kaspersky = Trojan.Win32.Menti.ilru Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Menti.fam!tr PCTools = Trojan.Gen Jiangmin = Trojan/Menti.bea McAfee = Generic.dx!zcc F-Secure = Gen:Variant.Vundo.6 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Cryptic.BTF Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen Symantec = Trojan.Gen.2 GData = Gen:Variant.Vundo.6 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.izc BitDefender = Gen:Variant.Vundo.6 NOD32 = a variant of Win32/Kryptik.IZC
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:05:11 05:10:22-04:00 PE Type : PE32 Linker Version : 5.0 Code Size : 33280 Initialized Data Size : 85504 Uninitialized Data Size : 0 Entry Point : 0x8eca OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.0.2920.0 Product Version Number : 5.0.2920.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Internet Connection Wizard Trial Reminder Helper File Version : 5.00.2920.0000 Internal Name : trialoc Legal Copyright : Copyright (C) Microsoft Corp. 1991-1999 Original Filename : trialoc.dll Product Name : Microsoft(R) Windows (R) 2000 Operating System Product Version : 5.00.2920.0000 Ole Self Register :
VirusTotal Report submitted 2011-11-14 08:46:11
VirusShare info last updated 2012-07-25 03:29:11

	MD5	6a430592d11ceafd450d94d6dea6f7c2
	SHA1	7826c4a04c4041bc71a87167a232060a828812ea
	SHA256	a1a31744d9f6bd1c714cb9d3ae02910c86d75b7d99e1ff25315b94b71db07bc1
SSDeep	3072:yAb8WyX8YOG3530XiszSjx/WaFtOodo6Akf:yu8WyX8YdGZzSjxvw6n
Size	104960 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.A.164 Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Vundo AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/Genetic.gen Rising = Trojan.Win32.Generic.124C78D1 nProtect = Trojan/W32.Pirminay.104960 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!2eOkoBgAJKw VBA32 = Trojan.Agent.fpet TrendMicro-HouseCall = TROJ_GEN.R4FC1FK Comodo = TrojWare.Win32.Kryptik.RVH Emsisoft = Trojan.Vundo!IK SUPERAntiSpyware = Trojan.Agent/Gen-Vonder McAfee-GW-Edition = Vundo!ic DrWeb = Trojan.Siggen2.6361 TrendMicro = TROJ_GEN.R4FC1FK Kaspersky = Trojan.Win32.Monder.myap Microsoft = Trojan:Win32/Vundo Fortinet = W32/Monder.BMF!tr PCTools = Trojan.Gen Jiangmin = Trojan/Agent.emsx McAfee = Vundo!ic F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.BZ.gen!Eldorado AVG = Generic25.AKOS Norman = W32/Kryptik.AIF Sophos = Mal/Vundo-G Symantec = Trojan.Gen GData = Gen:Variant.Vundo.13 Commtouch = W32/Virtumonde.BZ.gen!Eldorado TheHacker = Trojan/Kryptik.hny BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.HNY
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:11:02 12:10:18-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 58368 Initialized Data Size : 82944 Uninitialized Data Size : 0 Entry Point : 0xf1cd OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7000.0 Product Version Number : 6.1.7000.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Virtual WiFi Bus Driver File Version : 6.1.7000.0 (winmain_win7beta.081212-1400) Internal Name : VWiFiBus.sys Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : VWiFiBus.sys Product Name : Microsoft® Windows® Operating System Product Version : 6.1.7000.0
VirusTotal Report submitted 2011-11-14 08:48:22
VirusShare info last updated 2012-07-25 03:29:14

	MD5	8d20872ea23455a0a66daef726d107a0
	SHA1	cd56311bdeabac84aead00ff46783d131b133435
	SHA256	2883f300430917283416f3f76d3710f5c3ca968e4af1b74f52d95e29f4c24c16
SSDeep	1536:+f1iozgUSX9D4wzQvZ3XSfbpz1g98YlpZtal7QYBsPBEYIoONa:+zEU89Mth3XSfb3MdkPmfIoONa
Size	102400 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-GD [Cryp] Antiy-AVL = Trojan/Win32.Monder.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Trj/Sinowal.WXO nProtect = Gen:Variant.Vundo.13 K7AntiVirus = Trojan VirusBuster = Trojan.Kryptik!0JPa+yeOvdw Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Faldesc[RE] McAfee-GW-Edition = Vundo!mr DrWeb = Trojan.Smardec.81 Kaspersky = Trojan.Win32.Monder.drjy Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Monder.BMF!tr Jiangmin = Trojan/Monder.aamr McAfee = Vundo!mr F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) eSafe = Win32.Trojan F-Prot = W32/Virtumonde.CP.gen!Eldorado AVG = Generic22.CCLS Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.13 Commtouch = W32/Virtumonde.CP.gen!Eldorado TheHacker = Trojan/Kryptik.ndc BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.NDC
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:31 08:33:56-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 36864 Initialized Data Size : 98304 Uninitialized Data Size : 0 Entry Point : 0x69ba OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 4.0.2.5322 Product Version Number : 4.0.2.5322 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Woemdqhqe Fmofvoszgiq File Description : Kzfqkkzsg FrontPage Server Extensions File Version : 4.0.2.5322 Original Filename : RPCTEST.DLL Legal Copyright : Copyright © 1995-1999 Rcvycbopu Gnlqirukhop, All rights reserved. Legal Trademark 1 : Hrfmdfkkk®, Kjcfasn®, and FrontPage® are registered trademarks of Xsrqrzwdw Pkfczysbhke, and WebBot is a trademark of Mrxuzjvif Xmhhvkvybse, in the United States and/or other countries. Product Name : Mdfdcdymy® FrontPage® 2000 Product Version : 4.0.2.5322
VirusTotal Report submitted 2011-11-14 09:30:26
VirusShare info last updated 2012-07-25 03:30:07

	MD5	b22ef349dd39574a8fcb7a4e098bb7e3
	SHA1	2be18a0157ab775ccb4ae82bf4e6d49be66836d0
	SHA256	61472ea9163cef841ba65c1b484e0faaa04f7fd50f331810f6a38228ac535ba2
SSDeep	3072:No0tooBU/wYBVwziT0nYApZE0kLTnQGNRJlEz6ZLUmggpok5aiPKy:NVooBUR7/onYA4/QMRJlEzjXgptR
Size	167424 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Suspicious file nProtect = Gen:Variant.Renos.61 K7AntiVirus = Riskware VBA32 = AdWare.SuperJuan.xfx TrendMicro-HouseCall = TROJ_GEN.R4FC1IP Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Vundo McAfee-GW-Edition = Generic.dx!xfa DrWeb = Trojan.Virtumod.10230 TrendMicro = TROJ_GEN.R4FC1IP Kaspersky = Trojan.Win32.Monder.myus Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Monder.abdm McAfee = Generic.dx!xfa F-Secure = Gen:Variant.Renos.61 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Cryptic.BPO Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen Symantec = Trojan.Gen.2 GData = Gen:Variant.Renos.61 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Monder.mmfz BitDefender = Gen:Variant.Renos.61 NOD32 = a variant of Win32/Kryptik.IZC
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:01:20 08:32:59-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 116736 Initialized Data Size : 86528 Uninitialized Data Size : 0 Entry Point : 0x1d5d4 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Windows Management Interface for ACPI File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : wmiacpi.sys Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : wmiacpi.sys Product Name : Microsoft® Windows® Operating System Product Version : 6.1.7600.16385
VirusTotal Report submitted 2011-11-14 10:12:57
VirusShare info last updated 2012-07-25 03:30:57

	MD5	bb24023f31a00b405aa18600cc8e1ea7
	SHA1	0639fa095e54f56bf29c81cf39704cba2514f3a3
	SHA256	6841773ad0b6d0034dc7926a6360458a99cdc3a8b826dc4f6c4a643f9cff7b9e
SSDeep	1536:MSumlX4Ap92+LI84NGMc7SeoSM5oUSzhiTPU:7ueX4Ap9vLdX5xMEhiTc
Size	64000 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:MalOb-HH [Cryp] Ikarus = Trojan.Win32.Vundo AhnLab-V3 = Trojan/Win32.Pirminay Panda = Suspicious file Rising = Trojan.Win32.Generic.123CB8B9 nProtect = Trojan/W32.Vundo.64000.B K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!qi3ZeJhINRc VBA32 = Trojan.Pirminay.gha TrendMicro-HouseCall = TROJ_GEN.R4FC2A6 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Vundo!IK McAfee-GW-Edition = Vundo!hs DrWeb = Trojan.Hosts.4546 TrendMicro = TROJ_GEN.R4FC2A6 Kaspersky = Trojan.Win32.Pirminay.gha Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Virtumonde.BZS!tr PCTools = Trojan.Monicker Jiangmin = Adware/SuperJuan.ew McAfee = Vundo!hs F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.BZ.gen!Eldorado AVG = Generic25.APBF Norman = W32/Suspicious_Gen2.GESVW Sophos = Troj/Virtum-Gen Symantec = Trojan.Monicker GData = Gen:Variant.Vundo.13 Commtouch = W32/Virtumonde.BZ.gen!Eldorado TheHacker = Trojan/Pirminay.gha BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.GND
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:21 04:45:54-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 24064 Initialized Data Size : 76288 Uninitialized Data Size : 0 Entry Point : 0x6bd3 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7000.0 Product Version Number : 6.1.7000.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 2 Language Code : Neutral Character Set : Unicode Company Name : Microsoft Corporation File Description : Western Armenian Keyboard Layout File Version : 6.1.7000.0 (winmain_win7beta.081212-1400) Internal Name : kbdarmw (3.13) Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : kbdarmw.dll Product Name : Microsoft® Windows® Operating System Product Version : 6.1.7000.0
VirusTotal Report submitted 2011-11-14 10:24:57
VirusShare info last updated 2012-07-25 03:31:11

	MD5	c26b2389638ef7233eecf14837208472
	SHA1	753f26f4c6a350072c3b6b78d5e756ff785eeb7f
	SHA256	84b68871e6b6786ffd2fc0db42f0988f429643262a817728547febb27757c9ab
SSDeep	3072:UisBjkCQebMErnQzUtsBy6ecBWLyscOkzkRzZsKl5BvwkUGO:dOjkCZQEszKs+c
Size	128000 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.A.163 Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/Win32.Monder.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Suspicious file Rising = Trojan.Win32.Generic.12528B61 nProtect = Trojan/W32.Agent.128000.EH K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!jzNE3Rutwfk VBA32 = Trojan.Monder.drjy TrendMicro-HouseCall = TROJ_GEN.R4FC3DR Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Generic.dx!yej DrWeb = Trojan.Juan.568 TrendMicro = TROJ_GEN.R4FC3DR Kaspersky = Trojan.Win32.Monder.drjy Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Genome.hxf McAfee = Generic.dx!yej F-Secure = Gen:Variant.Vundo.5 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.BZ.gen!Eldorado AVG = Generic25.AOBF Norman = W32/Vundo.UUW Sophos = Troj/Virtum-Gen Symantec = Trojan.Gen GData = Gen:Variant.Vundo.5 Commtouch = W32/Virtumonde.BZ.gen!Eldorado TheHacker = Trojan/Kryptik.itv BitDefender = Gen:Variant.Vundo.5 NOD32 = a variant of Win32/Kryptik.JHF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:11:14 01:44:52-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 58368 Initialized Data Size : 104960 Uninitialized Data Size : 0 Entry Point : 0xf257 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 0.3.1281.0 Product Version Number : 6.0.5479.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 12 Language Code : Arabic Character Set : Unicode Company Name : Microsoft Corporation File Description : برنامج تشغيل الطابعة panson24 File Version : 6.0.5479.0 (vbl_wcp_d2_drivers.060616-1619) Internal Name : pa24w9x.dll Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : pa24w9x.dll Product Name : Microsoft® Windows® Operating System Product Version : 6.0.5479.0
VirusTotal Report submitted 2011-11-14 10:33:43
VirusShare info last updated 2012-07-25 03:31:18

	MD5	f0ac0c0c124c462e44aa9213d439f941
	SHA1	c8d575e590ed194706f173526ada445f557e34b3
	SHA256	2f70d55957fa0f26382ad5e14c573851d2a5c3b0e5a3ec2facf6b45cb9292903
SSDeep	3072:2hXan/WBjPzlkZi/OXIinFZMKN0o9We2cOfx8:wanyNk8OXIMPus/2cmx
Size	105984 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:MalOb-FA [Cryp] Antiy-AVL = Trojan/Win32.Agent.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Vundo Panda = Trj/Vundo.I nProtect = Trojan/W32.Vundo.105984.B K7AntiVirus = Trojan VirusBuster = Trojan.Agent!orfwE7imJ1o VBA32 = Trojan.Agent.hodh eTrust-Vet = Win32/Agent.BFJ!genus TrendMicro-HouseCall = TROJ_VUNDO.SMIA Emsisoft = Trojan.Win32.Pirminay!IK Comodo = TrojWare.Win32.Agent.hodh SUPERAntiSpyware = Trojan.Agent/Gen-Vonder McAfee-GW-Edition = Vundo!hu TrendMicro = TROJ_VUNDO.SMIA Kaspersky = Trojan.Win32.Agent.hodh Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Genome.ihm McAfee = Vundo!hu F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.BZ.gen!Eldorado AVG = Injector.AAJ Norman = W32/Kryptik.AIF Sophos = Troj/Agent-PKR Symantec = Trojan.Gen GData = Gen:Variant.Vundo.4 Commtouch = W32/Virtumonde.BZ.gen!Eldorado TheHacker = Trojan/Injector.dse BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Injector.DSE
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:02:02 03:17:08-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 57856 Initialized Data Size : 83968 Uninitialized Data Size : 0 Entry Point : 0xf06d OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1.1.4322.573 Product Version Number : 1.1.4322.573 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : netfxperf.lib File Version : 1.1.4322.573 Internal Name : netfxperf.lib Legal Copyright : Copyright (C) Microsoft Corporation 1998-2002. All rights reserved. Legal Trademarks : Microsoft and Windows are either registered trademarks or trademarks of Microsoft Corporation in the U.S. and/or other countries. Original Filename : netfxperf.lib Product Name : Microsoft (R) .NET Framework Product Version : 1.1.4322.573 Comments : Microsoft .NET Framework build environement is Retail. SafeSync counter=0
VirusTotal Report submitted 2011-11-14 11:24:17
VirusShare info last updated 2012-07-25 03:32:26

	MD5	44a5db116e4fdc11440d48ac369d688a
	SHA1	ba7ce8cbb6563e147b1c26075d692cdb29747a1a
	SHA256	5bd4a213704bb843160ca409500dbeb4f7f82b2a6b9e7302ea7a4065366b8c68
SSDeep	1536:nfnw4j7lMWMEJTvfLu1dlI4wCS2NSBZcVRa+wU/iWFwl9g+7M:nv7adbu4wCZqZcVnP/i3l917M
Size	94208 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-GD Antiy-AVL = Trojan/win32.agent.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Gen Panda = Trj/CI.A nProtect = Trojan.Generic.5659615 K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_GEN.R42C2DF Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-FakeAlert[Rn] McAfee-GW-Edition = Vundo!im TrendMicro = TROJ_GEN.R42C2DF Microsoft = Trojan:Win32/Vundo PCTools = Trojan.Gen McAfee = Vundo!im F-Secure = Trojan.Generic.5659615 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-GD eSafe = Win32.TRVundo AVG = Generic21.AZGK Norman = W32/Suspicious_Gen2.LSDQM Symantec = Trojan.Gen.2 GData = Trojan.Generic.5659615 BitDefender = Trojan.Generic.5659615 NOD32 = Win32/Adware.Virtumonde.NHD
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:03:26 21:21:37-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 28672 Initialized Data Size : 98304 Uninitialized Data Size : 0 Entry Point : 0x3dc9 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1.3.0.3130 Product Version Number : 1.3.0.3130 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Qgvjanvci Gdnhjhodjvr File Description : TDC ActiveX Control File Version : 1, 3, 0, 3130 Internal Name : TDC Legal Copyright : Copyright © 1996, 1997 Original Filename : TDC.OCX Product Name : Tabular Data Control Product Version : 1, 3, 0, 3130
VirusTotal Report submitted 2011-06-20 13:43:30
VirusShare info last updated 2012-07-25 03:37:31

	MD5	5a96a4e85eba62b311d39f333ebe7e2c
	SHA1	b3c645e4445ff5c1efe8eab4b55dcea6b4a0e642
	SHA256	890c345d3c9cb20761bcf2c1c2d32ac06f282128492810489b235ef74e39653f
SSDeep	1536:WOQhoPdpp+rw9O5apNHQ6xZvA2OTl06MTFTdzM3ofUFPNSQ0Of:R4wMQrTxZvA2wlnMvA3o8F8Q0O
Size	143360 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:MalOb-EI Antiy-AVL = Trojan/Win32.Monder.gen Ikarus = Gen.Variant.Vundo AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/Vundo.S nProtect = Gen:Variant.Vundo.4 VirusBuster = Trojan.Monder!Zz8xmqMNQiQ TrendMicro-HouseCall = TROJ_GEN.R01C3FI Comodo = UnclassifiedMalware Emsisoft = Gen.Variant.Vundo!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Vundo!ix TrendMicro = TROJ_GEN.R01C3FI Kaspersky = Trojan.Win32.Monder.drjy Fortinet = W32/Monder.DRJY!tr PCTools = Trojan.Gen McAfee = Vundo!ix VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:MalOb-EI eSafe = Win32.TRATRAPS AVG = Generic22.ASDT Norman = W32/Suspicious_Gen2.MWSLI Symantec = Trojan.Gen.2 GData = Gen:Variant.Vundo.4 TheHacker = Trojan/Kryptik.lxf BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2005:03:04 06:26:52-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 73728 Initialized Data Size : 102400 Uninitialized Data Size : 0 Entry Point : 0xf22e OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 10.0.6000.16386 Product Version Number : 10.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Lmufmjsoy Trcmetnyfwe File Description : Bouiafwrx IME File Version : 10.0.6000.16386 (hjrdt_rtm.061101-2205) Internal Name : IMTCCORE Legal Copyright : © Gnbjfswph Oezinochskb. All rights reserved. Original Filename : IMTCCORE.DLL Product Name : Vzitbymrt® Ibcqsau® Vgqmtwoio Iiotgc Product Version : 10.0.6000.16386
VirusTotal Report submitted 2011-06-20 04:31:27
VirusShare info last updated 2012-07-25 03:39:01

	MD5	e109d18aa463c1f4f1a245fa4432f9c5
	SHA1	9d3aecc792cb73b117ebe944950b969adebcd791
	SHA256	820a3c69ffcb67e27106c98282b11a8f06db558f170f7c8bf98de828b642d703
SSDeep	3072:yDE1wyG3dU9X2S7q/3NOd/0LhTUL7+o2lkNL99vS8Kuvj+s7ABOWcntZipr5TUPJ:/RudkX23lNY3R5S8Rvj+sEBDcnR
Size	159744 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-EI Antiy-AVL = Trojan/win32.agent.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Gen Panda = Suspicious file nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware VBA32 = AdWare.SuperJuan.heur TrendMicro-HouseCall = TROJ_GEN.R72C2F1 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Vundo!ix TrendMicro = TROJ_GEN.R72C2F1 Microsoft = Trojan:Win32/Vundo PCTools = Trojan.Gen McAfee = Vundo!ix VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-EI eSafe = Win32.TRVundo AVG = Generic22.BFHM Norman = W32/Suspicious_Gen2.MWSLX Symantec = Trojan.Gen.2 GData = Gen:Variant.Vundo.4 TheHacker = Trojan/Kryptik.laq BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LAQ
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:20 15:09:33-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 102400 Initialized Data Size : 90112 Uninitialized Data Size : 0 Entry Point : 0x19814 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Program Compatibility Assistant File Version : 6.0.6000.16386 (vista_rtm.061101-2205) Internal Name : Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : Product Name : Microsoft® Windows® Operating System Product Version : 6.0.6000.16386
VirusTotal Report submitted 2011-06-20 13:23:35
VirusShare info last updated 2012-07-25 03:47:53

	MD5	fca25e84ddc54f2cc8290b8771157b6b
	SHA1	c1a42fd84ad16919e65ea523f6f4c0e6c0e7cdad
	SHA256	70e253f95f1eb150c258d77245e4745cb93fc853dfb256898f4cf04c6d77a53c
SSDeep	3072:qq8A8Me7T/nmVLtzSVORTN1hCXn1wMwHyaXnTcRJGG/wRU4ixtWIPRZZe5tMw:qqmMe7SV8VfwMwpGoR/IMv
Size	150016 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Antiy-AVL = Trojan/win32.agent.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Gen Panda = Trj/CI.A K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!EvqS+WJdZ/4 TrendMicro-HouseCall = TROJ_GEN.R72C2FH Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Agent.Gen SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Vundo!ix TrendMicro = TROJ_GEN.R72C2FH Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo PCTools = Trojan.Gen McAfee = Vundo!ix F-Secure = Gen:Heur.Ranpax.1 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-GD eSafe = Win32.TRATRAPS AVG = Generic22.BFOP Norman = W32/Suspicious_Gen2.MWRUG Symantec = Trojan.Gen GData = Gen:Heur.Ranpax.1 TheHacker = Trojan/Kryptik.ndf BitDefender = Gen:Heur.Ranpax.1 NOD32 = a variant of Win32/Kryptik.NDF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2007:02:25 23:57:15-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 139264 Initialized Data Size : 53248 Uninitialized Data Size : 0 Entry Point : 0x22691 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Sqdxuwjyv Jtzvdxwxyfz File Description : RD Gateway QEC File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : tsgqec.dll Legal Copyright : © Pfsomcmvl Jfkoqfylawb. All rights reserved. Original Filename : tsgqec.dll Product Name : Qidllkosj® Windows® Mphwnomth Jumiqu Product Version : 6.1.7600.16385
VirusTotal Report submitted 2011-06-20 09:03:11
VirusShare info last updated 2012-07-25 03:49:52

	MD5	002377b827041984ef96009af4b5ada3
	SHA1	1b84992214e972de2f9e789831ee6f356bc4e20a
	SHA256	aee19f0aa3f552480822decf0c34ebb9237c39dfc09c0f356ec6d75bc9903d67
SSDeep	1536:ObEEZEgdRx+B2W5PTv8Wwd2kG72mUEj1KogApF4ozyzo+5n:OwfgdwPjH6mUE8V2yzo+5n
Size	110592 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-GD [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.HDC Panda = Suspicious file nProtect = Gen:Variant.Vundo.13 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!a/LcZHfn9bc TrendMicro-HouseCall = TROJ_GEN.R1BC2FG Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Vundo!kl TrendMicro = TROJ_GEN.R1BC2FG Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Jiangmin = Trojan/Generic.jffu McAfee = Vundo!kl F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.ADTX Norman = W32/Kryptik.AIF GData = Gen:Variant.Vundo.13 Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.MYJ
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:07:18 14:53:13-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 81920 Initialized Data Size : 61440 Uninitialized Data Size : 0 Entry Point : 0x11382 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Microsoft® License Server Interface DLL File Version : 5.1.2600.0 (xpclient.010817-1148) Internal Name : ntlsapi.dll Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : ntlsapi.dll Product Name : Microsoft® Windows® Operating System Product Version : 5.1.2600.0
VirusTotal Report submitted 2011-10-18 14:36:58
VirusShare info last updated 2012-07-25 03:50:18

	MD5	005aef13dc4de6b583c6126b7da5ef9b
	SHA1	af2c71ddf244e0c7f977908019a6c523538927bd
	SHA256	414df241ee5c41d3c3d916702eb3164972a6d74dac2bbc9173f328e81ecf6051
SSDeep	3072:psNQnbiwh/2rUnvjfvhh6FArie0/0NkFfuldMqqDLy/HR+9:pVugvX6Fw0skFf1qqDLuY
Size	137216 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:Pirminay-BU [Trj] Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Genome Panda = Trj/CI.A Rising = Trojan.Win32.Generic.128D9CB3 nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!cplSACVBCx8 eTrust-Vet = Win32/Monder.A!generic Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[RE] McAfee-GW-Edition = Vundo!kf DrWeb = Trojan.Click2.286 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr Jiangmin = Trojan/Generic.iptc McAfee = Vundo!kf F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Generic!BT F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.AUN Norman = W32/Suspicious_Gen2.PRIFF GData = Gen:Variant.Vundo.4 Symantec = WS.Reputation.1 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.llt BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LLT
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:05 17:20:27-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 73728 Initialized Data Size : 114688 Uninitialized Data Size : 0 Entry Point : 0xe2ca OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.2180 Product Version Number : 5.1.2600.2180 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 6 Language Code : English (U.S.) Character Set : Unicode Company Name : Keixqbqdc Bwvleejxlrx File Description : IPv6 Tfwssbn Firewall Driver File Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Internal Name : ip6fw.sys Legal Copyright : © Capanacsh Bngdmkceeph. All rights reserved. Original Filename : ip6fw.sys Product Name : Kdgurrwrx® Bddpqkb® Xxzlbjwzi System Product Version : 5.1.2600.2180
VirusTotal Report submitted 2011-10-18 16:42:27
VirusShare info last updated 2012-07-25 03:50:31

	MD5	028c4d17ab949946899f6fa9fd405135
	SHA1	7533e61511f4d3be772d48e674fc0c394cefb857
	SHA256	85951c6ce58e97d71ded182c0854f20b7eee38e934f6814d0e0e957a6b419bff
SSDeep	1536:IJejGeRhwBNxHNxiuKD5VcxwVqx+IbAs36v2lYPX1:IJejGshwBNxabN6e0x+Tsqv2lE
Size	59392 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-EI Antiy-AVL = Trojan/Win32.Pirminay Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Suspicious file nProtect = Trojan.Generic.4765895 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!MIsbZZLTkEE TrendMicro-HouseCall = TROJ_GEN.R11C2JS Comodo = UnclassifiedMalware McAfee-GW-Edition = Vundo!hb TrendMicro = TROJ_GEN.R11C2JS Kaspersky = Trojan.Win32.Pirminay.dab Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Vundo.HB!tr PCTools = HeurEngine.MaliciousPacker McAfee = Vundo!hb F-Secure = Trojan.Generic.4765895 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:MalOb-EI F-Prot = W32/Virtumonde.BZ.gen!Eldorado AVG = Generic22.CCMG Norman = W32/Suspicious_Gen2.HGEMA Sophos = Mal/Generic-L Symantec = Packed.Generic.305 GData = Trojan.Generic.4765895 Commtouch = W32/Virtumonde.BZ.gen!Eldorado BitDefender = Trojan.Generic.4765895
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2005:08:08 12:59:55-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 17408 Initialized Data Size : 77824 Uninitialized Data Size : 0 Entry Point : 0x51bd OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7000.0 Product Version Number : 6.1.7000.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Adaptive SQM WDI Plugin File Version : 6.1.7000.0 (winmain_win7beta.081212-1400) Internal Name : WDIASqmModule Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : WDIASqmModule Product Name : Microsoft® Windows® Operating System Product Version : 6.1.7000.0
VirusTotal Report submitted 2011-06-08 04:30:05
VirusShare info last updated 2012-07-25 03:53:19

	MD5	049e62f3077d85b7ac8402401917338f
	SHA1	38d89c7ac00df140208237a8648c82d3a290dcca
	SHA256	26c3f7bc2961a7273d72921f43ca0889440b2a8664d51c6d1455a1ce00589bf8
SSDeep	6144:x2ngdk04it+YCbMAIyF3sVXiKekhH4terF9vdMKB2ufPFvZg3nnF0YpuOBO9qFJw:ghiCbMA3FckwXFM6H3g3nFiqxM
Size	467557 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.XPACK.Gen3 Avast = Win32:Kryptik-CIP [Trj] Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Pirminay.467557 Panda = Generic Trojan nProtect = Trojan/W32.Pirminay.467557 VirusBuster = Trojan.Agent!RR/Z7MKMAMk VBA32 = TrojanDownloader.Agent.pxo TrendMicro-HouseCall = TROJ_GEN.R47C2ED Emsisoft = Trojan.Win32.Pirminay!IK Comodo = TrojWare.Win32.Trojan.Agent.Gen SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Heuristic.BehavesLike.Win32.Suspicious.H DrWeb = Trojan.DownLoader2.56131 TrendMicro = TROJ_GEN.R47C2ED Kaspersky = Trojan.Win32.Pirminay.gob Microsoft = TrojanDownloader:Win32/Ponmocup.A PCTools = Trojan.Gen Jiangmin = Trojan/Generic.hiem McAfee = Artemis!049E62F3077D F-Secure = Trojan.Generic.5910974 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Kryptik-CIP [Trj] AVG = SHeur3.BYYJ Norman = W32/Obfuscated.L Symantec = Trojan.Gen GData = Trojan.Generic.5910974 TheHacker = Trojan/Pirminay.gob BitDefender = Trojan.Generic.5910974 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:04:20 22:59:15-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 102400 Initialized Data Size : 688128 Uninitialized Data Size : 0 Entry Point : 0x16152 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7000.0 Product Version Number : 6.1.7000.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Unicode Company Name : Vwmezyaqy Vdqtkycjtkt File Description : Processor Device Driver File Version : 6.1.7000.0 (winmain_win7beta.081212-1400) Internal Name : intelppm.sys Legal Copyright : © Ewcuvlutu Qcbxicjcffq. All rights reserved. Original Filename : intelppm.sys Product Name : Fqzzpuxae® Vxdwtjx® Operating System Product Version : 6.1.7000.0
VirusTotal Report submitted 2011-07-20 23:13:25
VirusShare info last updated 2012-07-25 03:55:51

	MD5	0512665eb3781189534b0c403b1113d9
	SHA1	efcbc73772556c61c3bb4da1c36a1bf56e19063d
	SHA256	c356a37d8b9fa716066678c89c7adc3767acebfac304795531a6525bde588227
SSDeep	3072:EnVMJA7ELTFWQ2hpQEHY2BGlKjyJcwvTj2Mnj:/JAeG/QENBl6sMj
Size	108032 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.13.2 Avast = Win32:MalOb-GD Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Gen Panda = Generic Malware nProtect = Gen:Variant.Vundo.13 K7AntiVirus = Riskware VirusBuster = Trojan.Vundo!tX7smY38BBk TrendMicro-HouseCall = TROJ_GEN.R28C1EC Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Vundo McAfee-GW-Edition = Vundo!hs TrendMicro = TROJ_GEN.R28C1EC Microsoft = Trojan:Win32/Vundo PCTools = Trojan.Gen McAfee = Vundo!hs F-Secure = Gen:Variant.Vundo.13 VIPRE = Virtumonde Avast5 = Win32:MalOb-GD F-Prot = W32/Virtumonde.CD.gen!Eldorado AVG = Generic22.BYHN Norman = W32/Suspicious_Gen2.MELDH Sophos = Mal/Generic-L Symantec = Trojan.Gen.2 GData = Gen:Variant.Vundo.13 Commtouch = W32/Virtumonde.CD.gen!Eldorado BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.OXQ
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:06:19 13:18:21-04:00 PE Type : PE32 Linker Version : 5.12 Code Size : 57344 Initialized Data Size : 94208 Uninitialized Data Size : 0 Entry Point : 0xad49 OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Btxmalesx Qspoakhbhnb File Description : Shell scrap object handler File Version : 5.1.2600.0 (nfunjbyq.010817-1148) Internal Name : shole Legal Copyright : © Hcsqowbmc Gehywoayxwc. All rights reserved. Original Filename : SHSCRAP.DLL Product Name : Usvzfyxox® Bydffez® Makrhcoel Kkzetx Product Version : 5.1.2600.0
VirusTotal Report submitted 2011-06-22 04:40:51
VirusShare info last updated 2012-07-25 03:56:28

	MD5	054b275c6c6ade019fab9bd37b707b12
	SHA1	523dd96468dd976a14b95eb919b38026856d20a4
	SHA256	690e4dcdaec5ce1ab6fad74563b620047a41e7e797a99b145f64d4faa24524c2
SSDeep	6144:FxHIiIiQr+2yC16OB0GMV3b5VG34NfkHkf:FxHIq0l9x09V3VUH
Size	210944 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Graftor.1139.5 Avast = Win32:Kryptik-FHY [Trj] Antiy-AVL = Trojan/Win32.Jorik Ikarus = Trojan-Downloader.Win32.Ponmocup AhnLab-V3 = Trojan/Win32.Pirminay nProtect = Gen:Variant.Graftor.1139 K7AntiVirus = Trojan VirusBuster = Trojan.Kryptik!t635wNJygZg TrendMicro-HouseCall = TROJ_GEN.R72C1JO Emsisoft = Trojan-Downloader.Win32.Ponmocup!IK CAT-QuickHeal = Trojan.Jorik.Pirminay.aop McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.Packed.21871 ByteHero = Trojan.Win32.Heur.Gen TrendMicro = TROJ_GEN.R72C1JO Kaspersky = Trojan.Win32.Jorik.Pirminay.aop Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Jorik_Pirminay.AOP!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.kfzm McAfee = Generic Malware.ms F-Secure = Gen:Variant.Graftor.1139 VIPRE = Trojan.Win32.Generic!BT AVG = Generic25.AIIS Norman = W32/Obfuscated.L Sophos = Mal/Generic-L GData = Gen:Variant.Graftor.1139 Symantec = Trojan.Gen BitDefender = Gen:Variant.Graftor.1139 NOD32 = a variant of Win32/Kryptik.UFA
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 16384 Initialized Data Size : 200704 Uninitialized Data Size : 0 Entry Point : 0x128e OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Uclhigbyc Corporation File Description : WMI Provider for Sessions and Connections File Version : 6.0.6000.16386 (qhvin_rtm.061101-2205) Internal Name : WMIPSess.dll Legal Copyright : © Gykengscd Wgpghjhaylg. All rights reserved. Original Filename : WMIPSess.dll Product Name : Bilcgytju® Gepsmrk® Uqspgrths Reuuaa Product Version : 6.0.6000.16386
VirusTotal Report submitted 2011-10-29 12:16:22
VirusShare info last updated 2012-07-25 03:56:46

	MD5	05bfc81a4cb58a5365f7d4f0ad268a4d
	SHA1	1bee4dad8229ed77a52d5843b978296b6fbf5729
	SHA256	232eacc381293f157c664555896a0f515eab296de555d5f5047a7d0c9f49b968
SSDeep	1536:IyAYBMwweprWiJa+R2VnsMBpuNsg+FRSc6CdWN1:IOSwwHiJaQ2BNBpgL+jS46
Size	86016 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Malware/Win32.Generic Panda = Generic Trojan nProtect = Gen:Variant.Vundo.5 VirusBuster = Trojan.Kryptik!2WiRgFBkAZc VBA32 = AdWare.SuperJuan.heur TrendMicro-HouseCall = TROJ_GEN.R29C2F3 Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Generic.dx!ztg TrendMicro = TROJ_GEN.R29C2F3 Microsoft = Trojan:Win32/Vundo Fortinet = W32/Menti.fam!tr McAfee = Generic.dx!ztg F-Secure = Gen:Variant.Vundo.5 VIPRE = Virtumonde Avast5 = Win32:MalOb-EI [Cryp] AVG = Generic22.BUAK Norman = W32/Suspicious_Gen2.MNSTR GData = Gen:Variant.Vundo.5 TheHacker = Trojan/Kryptik.lfr BitDefender = Gen:Variant.Vundo.5 NOD32 = a variant of Win32/Kryptik.LFR
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:09:01 17:52:10-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 32768 Initialized Data Size : 86016 Uninitialized Data Size : 0 Entry Point : 0x8a94 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.5479.0 Product Version Number : 6.0.5479.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 1 Language Code : English (U.S.) Character Set : Unicode Company Name : SEIKO EPSON CORPORATION File Description : EPSON Printer Driver File Version : 6.0.5479.0 (vbl_wcp_d2_drivers.060616-1619) Internal Name : EP0NAR00.DLL Legal Copyright : Copyright (c) SEIKO EPSON CORPORATION 2004. All rights reserved. Original Filename : EP0NAR00.DLL Product Name : EPSON Printer Driver Product Version : 6.0.5479.0
VirusTotal Report submitted 2011-07-06 06:45:53
VirusShare info last updated 2012-07-25 03:58:09

	MD5	06066237e0abb3065f3d0dd82befe249
	SHA1	981868d7449cfe2e1509bcb835d0426131b59910
	SHA256	228435350f0401f54a64bab0d8978c659329c8e5385e5a109a61c01c8fc5b91f
SSDeep	6144:12YCMrpmfPHkcHYX7Cr63TTcp3gAF4z9Cv+KSUQ32ry/Kmd4WVCLhKne0B82El:1HCwrUI7g6jYS64zUvDSjuWjH77Wbl
Size	393643 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Spy.393643 Avast = Win32:Spyware-gen [Spy] Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Generic Trojan VirusBuster = TrojanSpy.Agent!N4s9M8aSyjY VBA32 = Trojan.Pirminay.igw TrendMicro-HouseCall = TROJ_GEN.R47C2H6 Emsisoft = Trojan.Win32.Pirminay!IK Comodo = TrojWare.Win32.Trojan.Agent.Gen CAT-QuickHeal = Trojan.Pirminay.igw SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[RE] McAfee-GW-Edition = Artemis!06066237E0AB DrWeb = Trojan.DownLoader3.32124 TrendMicro = TROJ_GEN.R47C2H6 Kaspersky = Trojan.Win32.Pirminay.igw Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = PossibleThreat PCTools = Trojan.ADH Jiangmin = Trojan/Pirminay.acs McAfee = Artemis!06066237E0AB F-Secure = Gen:Trojan.Heur.RP.ymLfamRySpdi VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Spyware-gen [Spy] eSafe = Win32.GenHeur.RP.Yml AVG = SHeur3.CERD Norman = W32/Obfuscated.L Sophos = Mal/Generic-L GData = Gen:Trojan.Heur.RP.ymLfamRySpdi Symantec = Trojan.ADH TheHacker = Trojan/Pirminay.iha BitDefender = Gen:Trojan.Heur.RP.ymLfamRySpdi NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:25 17:24:29-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 393216 Initialized Data Size : 4096 Uninitialized Data Size : 487424 Entry Point : 0xd7010 OS Version : 4.0 Image Version : 21315.20512 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.5512 Product Version Number : 5.1.2600.5512 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Bwvwoqvlf Ehscgqxswrs File Description : Yanaoab NT MARTA provider File Version : 5.1.2600.5512 (xpsp.080413-2113) Internal Name : ntmarta.dll Legal Copyright : © Grqpskjaw Jisqfrwdtfo. All rights reserved. Original Filename : ntmarta.dll Product Name : Mqtosrgiz® Psctysy® Operating Jgcrjk Product Version : 5.1.2600.5512
VirusTotal Report submitted 2011-09-14 09:55:57
VirusShare info last updated 2012-07-25 03:59:26

	MD5	063989b1c11bb9a88dd5205d6d18f5e2
	SHA1	aad9853aec85c9c34e9683e938390ba0140b099e
	SHA256	32f57d617cd823007fa2fec5569232c9d47ae393e11e2160cb6db83259a8a7b2
SSDeep	1536:AEyiFXKJafBsLuBizg3lVYfzN8iDOiIoS5YbQl2yISQ5:AUya5mQlifh9DOKSb2y7y
Size	77312 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.307200 Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/win32.agent.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Gen Panda = Trj/CI.A Rising = Trojan.Win32.Generic.12871C44 VirusBuster = Trojan.Kryptik!LcBz3KYVpBw eTrust-Vet = Win32/Monder.A!generic TrendMicro-HouseCall = TROJ_GEN.R31C2FL Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Artemis!063989B1C11B TrendMicro = TROJ_GEN.R31C2FL Microsoft = Trojan:Win32/Vundo Fortinet = W32/Moder.DRJY!tr PCTools = Trojan.Gen McAfee = Artemis!063989B1C11B F-Secure = Trojan.Generic.6085383 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-EI [Cryp] AVG = Generic22.AHBL Norman = W32/Suspicious_Gen2.NCGAZ Symantec = Trojan.Gen GData = Trojan.Generic.6085383 TheHacker = Trojan/Kryptik.ndi BitDefender = Trojan.Generic.6085383 NOD32 = a variant of Win32/Kryptik.NDI
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:12:09 19:13:39-05:00 PE Type : PE32 Linker Version : 5.12 Code Size : 32768 Initialized Data Size : 90112 Uninitialized Data Size : 0 Entry Point : 0x5205 OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1.10.0.2 Product Version Number : 6.0.5479.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Brother Industries, Ltd. File Description : Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver File Version : 1.10.000 (vbl_wcp_d2_drivers.060616-1619) Internal Name : Legal Copyright : Copyright (C) Brother Industries, Ltd. 2001-2003 Original Filename : BrFiltLo.sys Product Name : RemovableDisk Product Version : 1.10.000
VirusTotal Report submitted 2011-07-16 00:14:58
VirusShare info last updated 2012-07-25 04:00:20

	MD5	065f4d0d03466c67b093f53b3941a71e
	SHA1	a80679503ad0cee18ae702d9a5d6635ae943d0dc
	SHA256	83bfe7966c110cd145217ae546e870adc18c51fb628e6806b5db643255e4a5a6
SSDeep	1536:PPGz7YCQ6KSi4TNjtOxzZR4G6XijYpLERpK2iKAXM3QGoD/JC/1tJ:mYCnQD9ZSXiffQGoDRC/fJ
Size	114176 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.AV.572 Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/Win32.Monder.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.FakeAV Panda = Trj/Genetic.gen nProtect = Trojan/W32.Monder.114176.L Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Generic.dx!zyq DrWeb = Trojan.Virtumod.9851 Kaspersky = Trojan.Win32.Monder.drjy Microsoft = Trojan:Win32/Vundo.gen!AV Jiangmin = Trojan/Monder.aamm McAfee = Generic.dx!zyq F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-EI [Cryp] F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.CFBI Norman = Monder.M GData = Gen:Variant.Vundo.13 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.lxf BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:06:17 01:37:32-04:00 PE Type : PE32 Linker Version : 5.12 Code Size : 57344 Initialized Data Size : 102400 Uninitialized Data Size : 0 Entry Point : 0xafd6 OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 9.0.32.3 Product Version Number : 9.0.32.3 File Flags Mask : 0x003f File Flags : Pre-release File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 6 Language Code : English (U.S.) Character Set : Unicode Company Name : Marvell File Description : NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller File Version : 9.0.32.3 built by: WinDDK Internal Name : YK60X86.sys Legal Copyright : ©Copyright 2002-2006 Marvell®. All rights reserved. Original Filename : YK60X86.sys Product Name : Marvell Yukon Ethernet Controller Product Version : 9.0.32.3
VirusTotal Report submitted 2011-07-22 12:25:47
VirusShare info last updated 2012-07-25 04:00:57

	MD5	0665fee288807e111afc8ccf240afa2b
	SHA1	a33931e2bfeb6837dd75f2fd85d593577c1b95f1
	SHA256	d4d3d810d0ceacf1eb5d228b540a02e772a844dd49ad1a37da40089c90dd90e2
SSDeep	1536:kAVupyFe3hb9MehQ/OQMV3GJhdfebbknHNM2/P23sqCW/:Ly3hb9rEO3VWhYGNM628pW/
Size	66048 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-EI Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Adware/Win32.SuperJuan Panda = Suspicious file Rising = Trojan.Win32.Generic.124CC4EF nProtect = Trojan/W32.Vundo.66048 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!S60nGeLMmrQ VBA32 = AdWare.SuperJuan.xhb Comodo = UnclassifiedMalware McAfee-GW-Edition = Artemis!0665FEE28880 DrWeb = Trojan.Juan.504 Kaspersky = not-a-virus:AdWare.Win32.SuperJuan.abdn Microsoft = Trojan:Win32/Vundo Fortinet = Adware/SuperJuan PCTools = Trojan.Gen Jiangmin = Adware/SuperJuan.gf McAfee = Artemis!0665FEE28880 F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-EI eSafe = Win32.TRVundo F-Prot = W32/Virtumonde.BZ.gen!Eldorado AVG = Generic22.CAEO Norman = W32/Suspicious_Gen2.MKQIW Symantec = Trojan.Gen GData = Gen:Variant.Vundo.13 Commtouch = W32/Virtumonde.BZ.gen!Eldorado BitDefender = Gen:Variant.Vundo.13 NOD32 = probably a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2004:07:20 11:10:58-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 24576 Initialized Data Size : 78336 Uninitialized Data Size : 0 Entry Point : 0x6e0d OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.3959 Product Version Number : 5.2.3790.3959 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : SENS Connectivity API DLL File Version : 5.2.3790.3959 (srv03_sp2_rtm.070216-1710) Internal Name : SensApi.dll Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : SensApi.dll Product Name : Microsoft® Windows® Operating System Product Version : 5.2.3790.3959
VirusTotal Report submitted 2011-06-29 10:38:21
VirusShare info last updated 2012-07-25 04:01:04

	MD5	0728e719bd2009ff4fcebc85b76575ac
	SHA1	d3ad9d0898abca9399dc82ad94ecb754f2540ffe
	SHA256	cf8113327566d0ec384955d27b8f3b894b0422b60a021e16a117f66c83596af7
SSDeep	6144:RX1YcLVB9i2GVSs2RocIAYn/Qu2oX2AWgwRRogsZPx/jaU1ctCm7AbcvNmeSCO2S:Acin/8HWw81ZPx3kE/CLYd
Size	529408 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dldr.Ponmocup.A.203 Avast = Win32:Pirminay-W [Trj] Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Dropper/Malware.529408.S Panda = Generic Trojan nProtect = Trojan/W32.Agent.529408.AH K7AntiVirus = Trojan VirusBuster = Trojan.Pirminay!oMxRSPb2dyM TrendMicro-HouseCall = TROJ_GEN.R4FC2EI Comodo = TrojWare.Win32.Trojan.Agent.Gen Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Pirminay.evj SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Generic Downloader.x!fxh DrWeb = Trojan.Hosts.4338 TrendMicro = TROJ_GEN.R4FC2EI Kaspersky = Trojan.Win32.Pirminay.evj Microsoft = TrojanDownloader:Win32/Renos.KC Fortinet = W32/Pirminay.EVJ!tr PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.rh McAfee = Generic Downloader.x!fxh F-Secure = Trojan.Generic.KDV.180209 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Pirminay-W [Trj] AVG = Generic21.CMQL Norman = W32/Obfuscated.L Sophos = Mal/Generic-L GData = Trojan.Generic.KDV.180209 Symantec = Trojan.Gen TheHacker = Trojan/Pirminay.evj BitDefender = Trojan.Generic.KDV.180209 NOD32 = a variant of Win32/Kryptik.LLT
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:05:29 14:47:09-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 172032 Initialized Data Size : 716800 Uninitialized Data Size : 0 Entry Point : 0x26b9f OS Version : 4.0 Image Version : 8.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 3.0.6920.1820 Product Version Number : 3.0.6920.1820 File Flags Mask : 0x003f File Flags : Private build File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Zpzigvqao Memlxbfqgmu File Description : PresentationFramework.Classic.dll File Version : 3.0.6920.1820 built by: NetFXw7 Internal Name : PresentationFramework.Classic.dll Legal Copyright : © Krqpgqknf Ueltkfwpmix. All rights reserved. Original Filename : PresentationFramework.Classic.dll Product Name : Hcmqvwvpx® .NET Framework Product Version : 3.0.6920.1820 Comments : Flavor=Retail Private Build : DDBLD228
VirusTotal Report submitted 2011-09-12 11:41:52
VirusShare info last updated 2012-07-25 04:04:42

	MD5	077fc2552cbb6b63b30068ad24a5022a
	SHA1	c0914d57af9f93d963a73db1cbadd5308e069065
	SHA256	a57d744691091f39d608f77d7cbcdb1c569ecaa2d2567b88e5745b19d3a0893e
SSDeep	3072:Gb5pMVAcR4enPgAohSb93Dg2elSMqqDLy/S5kS:GdzcR4ePKSxPCqqDLuq
Size	136704 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.FakeAV Panda = Generic Trojan TrendMicro-HouseCall = TROJ_GEN.R3EC2FL Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Falleg[RE] McAfee-GW-Edition = Artemis!077FC2552CBB TrendMicro = TROJ_GEN.R3EC2FL Microsoft = Trojan:Win32/Vundo PCTools = Trojan.Gen McAfee = Artemis!077FC2552CBB F-Secure = Trojan.Generic.KDV.252349 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Malware-gen AVG = Generic23.DKB Symantec = Trojan.Gen GData = Trojan.Generic.KDV.252349 TheHacker = Trojan/Kryptik.myj BitDefender = Trojan.Generic.KDV.252349 NOD32 = a variant of Win32/Kryptik.MYJ
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:20 09:51:04-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 106496 Initialized Data Size : 86016 Uninitialized Data Size : 0 Entry Point : 0x1649a OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 0.90.16.16384 Product Version Number : 0.90.16.16384 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Unicode Company Name : N-trig Innovative Technologies File Description : N-trig tablet digitizer in-box driver File Version : 0.90.16.16384 (Vista_RC1.060509-2219) Internal Name : ntrigdigi.sys Legal Copyright : © Crhnesmrg Reogypswwyj. All rights reserved. Original Filename : ntrigdigi.sys Product Name : N-trig tablet digitizer in-box driver Product Version : 0.90.16.16384
VirusTotal Report submitted 2011-07-01 22:06:49
VirusShare info last updated 2012-07-25 04:05:14

	MD5	07dceeaff507c164a7980aa9768a79ae
	SHA1	312168a6ad4b83e3841feadd22b1858701c98926
	SHA256	187ac65048a60258a0952031dea5563e05d865b85e6621499f1bb9abc4a776aa
SSDeep	6144:jLlM4SEUBLf8/jfc0Ip1kqig6O5AXA0c:G5EUBLfujfZIpeqigIA0c
Size	262144 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.13.104 Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Malware/Win32.Generic Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.13 VirusBuster = Trojan.Kryptik!FIVDFyJxN2Y Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[RE] McAfee-GW-Edition = Artemis!07DCEEAFF507 Microsoft = Trojan:Win32/Vundo McAfee = Artemis!07DCEEAFF507 F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:Malware-gen AVG = Generic22.BFIS GData = Gen:Variant.Vundo.13 TheHacker = Trojan/Kryptik.lxf BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:10 00:18:10-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 200704 Initialized Data Size : 94208 Uninitialized Data Size : 0 Entry Point : 0x2db3d OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Tsspbkhsl Uxnefljtowt File Description : DS Authorization for Services File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : DSAUTH.DLL Legal Copyright : © Tczifqmhh Kxkqtdjmkxp. All rights reserved. Original Filename : DSAUTH.DLL Product Name : Cnommjtcg® Pjgdmzq® Avenyfbft Xqomua Product Version : 6.1.7600.16385
VirusTotal Report submitted 2011-05-29 02:55:40
VirusShare info last updated 2012-07-25 04:05:37

	MD5	089f3840929e7a758083bffd6104067b
	SHA1	d5be918c579ef24a7538f7a952adbf3fb162e921
	SHA256	e16d78834f3b5b10144c32ff5d822155b108accda176b8c074a46ff85d850ba8
SSDeep	6144:jonV3aZ/9TSg241TWEBLzuKr238jnHee+H49/klVr0O+uKpvqirZ33dn:joVq324NWEBPur3czvArp+pxNR
Size	368640 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dldr.Renos.KC.53 Avast = Win32:Pirminay-AH [Trj] Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Generic Trojan nProtect = Trojan/W32.Pirminay.368640 VirusBuster = Trojan.Pirminay!WbyX4KFodgg VBA32 = SScope.Trojan.Pirminay.chc TrendMicro-HouseCall = TROJ_GEN.R47C2FJ Comodo = TrojWare.Win32.Trojan.Agent.Gen Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = TrojanDownloader.Renos.kc SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Artemis!089F3840929E DrWeb = Trojan.DownLoader3.27093 TrendMicro = TROJ_GEN.R47C2FJ Kaspersky = Trojan.Win32.Pirminay.ifg Microsoft = TrojanDownloader:Win32/Renos.KC Fortinet = W32/Pirminay.IFG!tr PCTools = Downloader.Generic Jiangmin = Trojan/Pirminay.acg McAfee = Artemis!089F3840929E F-Secure = Gen:Trojan.Heur.RP.wmKfa8qZpEcb VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Pirminay-AH [Trj] AVG = Generic22.CPCL Norman = W32/Obfuscated.L Sophos = Mal/Generic-L Symantec = Downloader GData = Gen:Trojan.Heur.RP.wmKfa8qZpEcb TheHacker = Trojan/Kryptik.lxf BitDefender = Gen:Trojan.Heur.RP.wmKfa8qZpEcb NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:11 21:16:52-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 364544 Initialized Data Size : 8192 Uninitialized Data Size : 471040 Entry Point : 0xcc240 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1.0.3705.6018 Product Version Number : 1.0.3705.6018 File Flags Mask : 0x003f File Flags : Special build File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : Chinese (Simplified) Character Set : Windows, Chinese (Simplified) Company Name : Dxpkjhqgf Gfyznmciwop File Description : Mupksamtm .NET Runtime resources File Version : 1.0.3705.6018 Internal Name : MSCORRC.DLL Legal Copyright : 版权所有 (C) Ynipulbth Vqlqpbqhfoa 1998-2001。保留所有权利。 Legal Trademarks : Vgjlbztff(R) 是 Baavjxupr Jmettloiipp 的注册商标。Yazyhni(TM) 是 Lqnjuwfjc Qytqhqzafal 的商标 Original Filename : mscorrc.dll Product Name : Otfjsrkme .NET Framework Product Version : 1.0.3705.6018 Comments : Omrvrijzr .NET 运行库资源
VirusTotal Report submitted 2011-07-20 11:17:42
VirusShare info last updated 2012-07-25 04:06:43

	MD5	08ab6c97e0b35806c30b180fe0bf2418
	SHA1	a2ab870acac8b4039a304456dfc982c78a17bfec
	SHA256	1ce932baae2fa10c1cd8d645e2f624ed84fdf50b4032aab626df05e2110e098c
SSDeep	6144:uw5hVS7NDlAssy/NQJRJjKU5Er86nylsH+P9qIuFpTmfx/RPfipVTiyuDNpfl8W:uZ9iqU/6ylsH+5TiHTiy6NpWW
Size	348538 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Pirminay.dap Avast = Win32:Rootkit-gen Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan-Downloader.Win32.Ponmocup AhnLab-V3 = Trojan/Win32.Pirminay Panda = Suspicious file nProtect = Gen:Variant.Zbot.34 K7AntiVirus = Riskware VBA32 = SScope.Trojan.Pirminay.chc TrendMicro-HouseCall = TROJ_GEN.R3EC1BL Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Pirminay.dav McAfee-GW-Edition = Generic.dx!vyd TrendMicro = TROJ_GEN.R3EC1BL Kaspersky = Trojan.Win32.Pirminay.dav Microsoft = TrojanDownloader:Win32/Renos.KC Fortinet = PossibleThreat PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.kj McAfee = Generic.dx!vyd F-Secure = Trojan.Generic.5448847 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Rootkit-gen AVG = Generic21.EJA Norman = W32/Obfuscated.L Sophos = Mal/Generic-L Symantec = Trojan.Gen GData = Trojan.Generic.5448847 TheHacker = Trojan/Kryptik.ejh BitDefender = Trojan.Generic.5448847 NOD32 = a variant of Win32/Kryptik.EJH
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:14 16:59:59-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 32768 Initialized Data Size : 622592 Uninitialized Data Size : 0 Entry Point : 0x85fc OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.1915.1830 Product Version Number : 5.2.1915.1830 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Message Queuing Active Directory Client File Version : 5.2.1915.1830 (srv03_sp1_rtm.050324-1447) Internal Name : MQAD.DLL Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : MQAD.DLL Product Name : Microsoft® Windows® Operating System Product Version : 5.2.1915.1830
VirusTotal Report submitted 2011-06-22 11:44:20
VirusShare info last updated 2012-07-25 04:06:47

	MD5	0a849cf73b204ac7f47507ab8f63b05c
	SHA1	886eaf3b2b9003eef3a6001aee13c8d7a25dfc0e
	SHA256	a8f3de5ecac739a3666206299bb1dfd6e73921157ce300389d46c02dfbcdb754
SSDeep	6144:ghaN97c0eFCCqrkuMtCD1CGCHD6poqqDLuiPizLV4E:6aNdPeFCCqD4+CGCHD6ptqnuiPz
Size	212992 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-HH [Cryp] Ikarus = Trojan.Win32.Pirminay nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware eTrust-Vet = Win32/Monder.A!generic Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Vundo.av McAfee-GW-Edition = Generic Malware.ms Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.BQI Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Gen:Variant.Vundo.4 NOD32 = probably a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2004:07:24 17:53:16-04:00 PE Type : PE32 Linker Version : 5.12 Code Size : 135168 Initialized Data Size : 118784 Uninitialized Data Size : 0 Entry Point : 0x1db7a OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.0 Product Version Number : 5.2.3790.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 4 Language Code : Neutral Character Set : Unicode Company Name : Inmphgbss Purbevygzcb File Description : 32K/64K color VGA\SVGA Display Driver File Version : 5.2.3790.0 (srv03_rtm.030324-2048) Internal Name : vga64k.dll Legal Copyright : © Goahxuyuo Segxrimwour. All rights reserved. Original Filename : vga64k.dll Product Name : Whxmfxriy® Ahupokm® Rfrherlfl Ytexrq Product Version : 5.2.3790.0
VirusTotal Report submitted 2011-10-28 05:09:56
VirusShare info last updated 2012-07-25 04:09:26

	MD5	0d2c8a4d110373ef46bb96e01e30d94b
	SHA1	691f35064dade2b166feb8b4068c1e75ce26b237
	SHA256	224cc47e349a51d603f110f241a9e8a22dc75e6eec887c5314be54c6a4535094
SSDeep	6144:90eyo6gUt/Zs6UTiGjO+114VIgvPQ2MDNEE+sognkT3JYckCe:90eyoByWvVg3Q9JEAonz
Size	311296 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:Kryptik-DEK [Trj] Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Generic Trojan nProtect = Trojan-Clicker/W32.Fakealert.311296.C VirusBuster = Trojan.Pirminay!VM4B3l6mVsY VBA32 = Trojan.Pirminay.ihk TrendMicro-HouseCall = TROJ_GEN.R47C2FL Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Pirminay.ihk SUPERAntiSpyware = Trojan.Agent/Gen-Falleg[RE] McAfee-GW-Edition = Artemis!0D2C8A4D1103 DrWeb = Trojan.DownLoader3.32380 TrendMicro = TROJ_GEN.R47C2FL Kaspersky = Trojan.Win32.Pirminay.ihk Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Pirminay.IHK!tr PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.adu McAfee = Artemis!0D2C8A4D1103 F-Secure = Trojan.Generic.6148258 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Kryptik-DEK [Trj] eSafe = Win32.TRDropper AVG = Generic23.GFX Norman = W32/Suspicious_Gen2.MVMJZ Sophos = Mal/Generic-L Symantec = Trojan.Gen GData = Trojan.Generic.6148258 TheHacker = Trojan/Pirminay.ihk BitDefender = Trojan.Generic.6148258 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:11:14 22:09:53-05:00 PE Type : PE32 Linker Version : 5.12 Code Size : 311296 Initialized Data Size : 4096 Uninitialized Data Size : 393216 Entry Point : 0xac400 OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 4.11.21.0 Product Version Number : 4.11.21.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : U.S. Robotics Ogelakbqpag File Description : 3csdpi File Version : 4. 11. 21 Internal Name : 3csdpi Legal Copyright : Copyright © 2000 U.S. Robotics Xibapwwzbst Legal Trademarks : Original Filename : 3csdpi.dll Private Build : Product Name : U.S. Robotics Modem Driver Product Version : 4. 11. 21 Special Build :
VirusTotal Report submitted 2011-07-15 14:40:09
VirusShare info last updated 2012-07-25 04:13:42

	MD5	0e32c657cc265eeff5da1bf34119981d
	SHA1	b8772b9b08f86a402660f4171307101b09c3140b
	SHA256	031764271d32e802dd84fff28c4ac2b0ddadbedf46936b9e4712fc6855a86307
SSDeep	6144:TTUyAs15d/3BfydG/wyBMUyAg8jId0a3kPx/GA6UerC26ie+T5SvCtWRN:/53B6GnBMUQyaUZGAjLvC8H
Size	363469 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.5.18 Avast = Win32:Dropper-gen [Drp] Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Pirminay.363469 Panda = Trj/CI.A Rising = Trojan.Win32.Generic.1289D138 nProtect = Trojan/W32.Pirminay.363469 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!SwtpIwwljRQ VBA32 = Trojan.Pirminay.goj TrendMicro-HouseCall = TROJ_GEN.R47C2ED Comodo = TrojWare.Win32.Trojan.Agent.Gen Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Pirminay.goj SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[RE] McAfee-GW-Edition = Heuristic.BehavesLike.Win32.Suspicious.H DrWeb = Trojan.DownLoader4.11631 TrendMicro = TROJ_GEN.R47C2ED Kaspersky = Trojan.Win32.Pirminay.goj Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Ponmocup.A PCTools = Trojan.ADH Jiangmin = Trojan/Pirminay.agv McAfee = Generic.dx!zkq F-Secure = Gen:Variant.Vundo.5 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Dropper-gen [Drp] AVG = Generic22.ANYC Norman = W32/Suspicious_Gen2.LWCCE Sophos = Mal/Ponmocup-A Symantec = Trojan.ADH GData = Gen:Variant.Vundo.5 TheHacker = Trojan/Pirminay.goj BitDefender = Gen:Variant.Vundo.5 NOD32 = a variant of Win32/Kryptik.LLT
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:03:30 21:37:48-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 65536 Initialized Data Size : 589824 Uninitialized Data Size : 0 Entry Point : 0xcc6b OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.0.2195.6620 Product Version Number : 5.0.2195.6620 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Gthapoftv Nkvupyqcxix File Description : IIS Log File Conversion Utility File Version : 5.00.2195.6620 Internal Name : convlog.exe Legal Copyright : Copyright (C) Rpruciyyz Corp. 1981-1999 Original Filename : convlog.exe Product Name : Nihezboez(R) Jsfokgn (R) 2000 Xwnmsixqj Rzhtlp Product Version : 5.00.2195.6620
VirusTotal Report submitted 2011-07-21 21:21:35
VirusShare info last updated 2012-07-25 04:15:08

	MD5	0ed11efcb03990a2d979b301ac68c27c
	SHA1	95a4ea4e5f5b82518e93a7bed6daace110d1cc2e
	SHA256	dd47fd40d44862b6637da333e365397c4f010792777d659f5da99c2e5fff3d18
SSDeep	1536:+fEoMBdS1uD4wzQLZ3XSfbpz1g98YlpZtal7QYBsPBEYvotNa:+nMBdKuMt93XSfb3MdkPmfvotNa
Size	102400 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-GD [Cryp] Antiy-AVL = Trojan/Win32.Monder.gen Ikarus = Trojan.Win32.Pirminay Panda = Trj/Sinowal.WXO nProtect = Trojan/W32.Vundo.102400.G K7AntiVirus = Trojan VirusBuster = Trojan.Kryptik!0JPa+yeOvdw VBA32 = Trojan.Monder.drjy TrendMicro-HouseCall = TROJ_GEN.R1BC2FU Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Monder.drjy SUPERAntiSpyware = Trojan.Agent/Gen-Faldesc[RE] McAfee-GW-Edition = Vundo!kf DrWeb = Trojan.Smardec.81 TrendMicro = TROJ_GEN.R1BC2FU Kaspersky = Trojan.Win32.Monder.drjy Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Monder.BMF!tr Jiangmin = Trojan/Monder.aamr McAfee = Vundo!kf ClamAV = Trojan.Vundo-36273 F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) AVG = Generic22.CCLS Sophos = Troj/Virtum-Gen Symantec = WS.Reputation.1 GData = Gen:Variant.Vundo.13 TheHacker = Trojan/Kryptik.ndc BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.NDC
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:31 08:33:56-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 36864 Initialized Data Size : 98304 Uninitialized Data Size : 0 Entry Point : 0x69ba OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 4.0.2.5322 Product Version Number : 4.0.2.5322 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Woemdqhqe Fmofvoszgiq File Description : Kzfqkkzsg FrontPage Server Extensions File Version : 4.0.2.5322 Original Filename : RPCTEST.DLL Legal Copyright : Copyright © 1995-1999 Rcvycbopu Gnlqirukhop, All rights reserved. Legal Trademark 1 : Hrfmdfkkk®, Kjcfasn®, and FrontPage® are registered trademarks of Xsrqrzwdw Pkfczysbhke, and WebBot is a trademark of Mrxuzjvif Xmhhvkvybse, in the United States and/or other countries. Product Name : Mdfdcdymy® FrontPage® 2000 Product Version : 4.0.2.5322
VirusTotal Report submitted 2011-10-21 05:58:43
VirusShare info last updated 2012-07-25 04:15:55

	MD5	0eef6b0fb0fb43b8db583d41828a1416
	SHA1	8fbf95a857b55eff3b5ec5a02cffef729725f900
	SHA256	97bafdc7b2dea712bb25640dfe5e2d0f7072fa72feace72e882219e384175881
SSDeep	6144:cGruOUCkdYpCgUj2msuv4YzEOrCWiGWnbjEnSGm5dCsFBrea9mOvfyaqtEr35:mO8dYxI2msugYWWinhPCCl6/w
Size	418265 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Spy.418265 Avast = Win32:Kryptik-CGY [Trj] Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Pirminay.418265 Panda = Trj/CI.A nProtect = Trojan/W32.Pirminay.418265 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!SUpVBVG6qtQ TrendMicro-HouseCall = TROJ_GEN.R21C2FK Comodo = TrojWare.Win32.Trojan.Agent.Gen Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Pirminay.hcs SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Generic Downloader.x!fys TrendMicro = TROJ_GEN.R21C2FK Kaspersky = Trojan.Win32.Pirminay.hcs Microsoft = TrojanDownloader:Win32/Ponmocup.A Jiangmin = Trojan/Pirminay.ago McAfee = Generic Downloader.x!fys F-Secure = Gen:Variant.Vundo.11 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Kryptik-CGY [Trj] AVG = Generic22.AISB Norman = W32/Obfuscated.L Sophos = Mal/Ponmocup-A GData = Gen:Variant.Vundo.11 TheHacker = Trojan/Pirminay.hcp BitDefender = Gen:Variant.Vundo.11 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:04:29 17:34:20-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 139264 Initialized Data Size : 557056 Uninitialized Data Size : 0 Entry Point : 0x22c10 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6002.18005 Product Version Number : 6.0.6002.18005 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 9 Language Code : English (U.S.) Character Set : Unicode Company Name : Guakyncuo Vbrejfbjvqw File Description : Winmm audio system driver File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830) Internal Name : wdmaud.drv Legal Copyright : © Npwplkmlm Uwitvoeuats. All rights reserved. Original Filename : wdmaud.drv Product Name : Adpdrvssm® Igeomkm® Jjullbbtj Mpjaao Product Version : 6.0.6002.18005
VirusTotal Report submitted 2011-08-13 16:31:00
VirusShare info last updated 2012-07-25 04:16:03

	MD5	0f0ba1e0198b3313e566d05e0fc96486
	SHA1	b414d0799f26a956fc3a6787ba05f6ee2fd8b8b2
	SHA256	f2f33fa2c1fdeb666be97a495250c340b1a6b20b71aeae25fe8707a49066556f
SSDeep	1536:U4iwSC/UXuY28bQJjml9I3k3lQ36QDkUz5:U7wx8b20QJj83lQ39kW
Size	49664 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.AV.288 Avast = Win32:MalOb-GH Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Gen Panda = Trj/CI.A VirusBuster = Trojan.Kryptik!h2A3ZrhpHhU TrendMicro-HouseCall = TROJ_GEN.R47C2FS Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Vundo!iz TrendMicro = TROJ_GEN.R47C2FS ViRobot = Trojan.Win32.Vundo.49664 Microsoft = Trojan:Win32/Vundo.gen!AV PCTools = Trojan.Gen McAfee = Vundo!iz F-Secure = Trojan.Generic.6115859 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-GH eSafe = Win32.TRVundo.Av AVG = Generic22.BZSL Norman = W32/Suspicious_Gen2.NAHHT Symantec = Trojan.Gen GData = Trojan.Generic.6115859 TheHacker = Trojan/Kryptik.ocu BitDefender = Trojan.Generic.6115859 NOD32 = a variant of Win32/Kryptik.OCU
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2004:08:16 10:16:46-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 40960 Initialized Data Size : 49152 Uninitialized Data Size : 0 Entry Point : 0xaeb1 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2001.12.4414.258 Product Version Number : 3.0.0.4414 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Windows, Latin1 Company Name : Yzwibhlqj Ewifvhxbtkz File Description : Simple Kernel-mode File-based Log File Version : 2001.12.4414.258 Internal Name : txflog.sys Legal Copyright : Copyright (C) Microsoft Corp. 1995-1999 Legal Trademarks : Qfvwqsgxa(R) is a registered trademark of Ighyzngxg Psbzwdzhbpn. Pbnyczd(TM) is a trademark of Zlpagiibr Klpywuagrfb Product Name : COM Services Product Version : 03.00.00.4414
VirusTotal Report submitted 2011-07-01 20:02:01
VirusShare info last updated 2012-07-25 04:16:14

	MD5	0f13a4c33800dc751b6b4ef7bda8af8c
	SHA1	04c6319851ca8b42214516eaacf244ce961fdcf1
	SHA256	b6c2244f42e4f5a8a831bb7f4cf4c62dba025e5b51dc5f179b8fc9fad0c69675
SSDeep	6144:x2ngdk04it+YCbMAIyF3sVXiKekhH4terF9vdMKB2ufPFvZg3nnF0YpuOBO9qFJE:ghiCbMA3FckwXFM6H3g3nFiqxI
Size	467448 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.XPACK.Gen3 Avast = Win32:Kryptik-CIP [Trj] Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Gen Panda = Trj/CI.A Rising = Trojan.Win32.Generic.1287AEC0 nProtect = Gen:Variant.Riern.1 VirusBuster = Trojan.Agent!RR/Z7MKMAMk TrendMicro-HouseCall = TROJ_GEN.R31C2F7 Emsisoft = Trojan.Win32.Pirminay!IK Comodo = TrojWare.Win32.Trojan.Agent.Gen SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Heuristic.BehavesLike.Win32.Downloader.H TrendMicro = TROJ_GEN.R31C2F7 Kaspersky = Trojan.Win32.Pirminay.nfb Microsoft = TrojanDownloader:Win32/Ponmocup.A PCTools = Trojan.Gen Jiangmin = Trojan/Generic.hiem McAfee = Artemis!0F13A4C33800 F-Secure = Trojan.Generic.5910974 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Kryptik-CIP [Trj] AVG = SHeur3.BYYJ Norman = W32/Obfuscated.L Symantec = Trojan.Gen GData = Trojan.Generic.5910974 TheHacker = Trojan/Pirminay.gob BitDefender = Trojan.Generic.5910974 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:04:20 22:59:15-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 102400 Initialized Data Size : 688128 Uninitialized Data Size : 0 Entry Point : 0x16152 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7000.0 Product Version Number : 6.1.7000.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Unicode Company Name : Vwmezyaqy Vdqtkycjtkt File Description : Processor Device Driver File Version : 6.1.7000.0 (winmain_win7beta.081212-1400) Internal Name : intelppm.sys Legal Copyright : © Ewcuvlutu Qcbxicjcffq. All rights reserved. Original Filename : intelppm.sys Product Name : Fqzzpuxae® Vxdwtjx® Operating System Product Version : 6.1.7000.0
VirusTotal Report submitted 2011-08-14 14:14:55
VirusShare info last updated 2012-07-25 04:16:17

	MD5	0f8e6e9f2d2ac1210d412593744b1c25
	SHA1	66a55d320993987eab99f3fbab9e194208dbb8b3
	SHA256	3844b6f27b69abeedef5f5d2abfd733ef12dc169e2c746fbd0d8f2771f0ace1c
SSDeep	3072:stBzePrf3hsIxhg+/tEdOxj2Dhd3baAn5onfoRjHuTHZ47sRpgZlu9iu0gOQ0AkS:sXzoxKOo42DWMyAN72zZ0AkXXi
Size	211968 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Gen Panda = Suspicious file Rising = Trojan.Win32.Generic.128BBC22 nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware VBA32 = AdWare.SuperJuan.heur eTrust-Vet = Win32/Monder.A!generic TrendMicro-HouseCall = TROJ_GEN.R4FC3FP Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Generic.dx!zoo TrendMicro = TROJ_GEN.R4FC3FP Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Menti.fam!tr PCTools = Trojan.Gen McAfee = Generic.dx!zoo F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-EI [Cryp] eSafe = Win32.TRVundo F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic21.BJHG Norman = W32/Suspicious_Gen2.MLARM Sophos = Mal/Generic-L GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen.2 Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Gen:Variant.Vundo.4 NOD32 = probably a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2004:08:25 16:53:33-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 167936 Initialized Data Size : 90112 Uninitialized Data Size : 0 Entry Point : 0x28e6e OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 8.0.7000.0 Product Version Number : 8.0.7000.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Internet Explorer Compatibility Shims File Version : 8.00.7000.0 (winmain_win7beta.081212-1400) Internal Name : ieshims.dll Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : ieshims.dll Product Name : Windows® Internet Explorer Product Version : 8.00.7000.0 Ole Self Register :
VirusTotal Report submitted 2011-09-05 01:31:51
VirusShare info last updated 2012-07-25 04:17:01

	MD5	10d3544955659930a5959b6b18d36811
	SHA1	b71aaf2c69d4f501f8d6b1b97b36cf380a6038b4
	SHA256	e3fbf617970d1e21d3799439cbef3167aa9d19f58f0e0220a2dc0ec448fe9630
SSDeep	1536:YPGz7Y9N6iZN+idTNuwttS4TgNG6XijYaLERpK2iKAXM3QGoeC/1tJ:5Y9YqHWATOXi2fQGoeC/fJ
Size	114176 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.AV.572 Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/Win32.Monder.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.FakeAV Panda = Trj/Genetic.gen Rising = Trojan.Win32.Generic.129537FA nProtect = Trojan/W32.Monder.114176.G K7AntiVirus = Riskware VirusBuster = Trojan.Monder!2k1f4sgmoiA VBA32 = Trojan.Monder.drjy TrendMicro-HouseCall = TROJ_GEN.R1BC3FH Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Monder.drjy McAfee-GW-Edition = Vundo!ke DrWeb = Trojan.Virtumod.9851 TrendMicro = TROJ_GEN.R1BC3FH Kaspersky = Trojan.Win32.Monder.drjy Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Monder.BMF!tr PCTools = Trojan.Gen Jiangmin = Trojan/Monder.aamm McAfee = Vundo!ke ClamAV = Trojan.Vundo-35540 F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.CFBI Norman = Monder.M Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.13 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.lxf BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:06:17 01:37:32-04:00 PE Type : PE32 Linker Version : 5.12 Code Size : 57344 Initialized Data Size : 102400 Uninitialized Data Size : 0 Entry Point : 0xafd6 OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 9.0.32.3 Product Version Number : 9.0.32.3 File Flags Mask : 0x003f File Flags : Pre-release File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 6 Language Code : English (U.S.) Character Set : Unicode Company Name : Marvell File Description : NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller File Version : 9.0.32.3 built by: WinDDK Internal Name : YK60X86.sys Legal Copyright : ©Copyright 2002-2006 Marvell®. All rights reserved. Original Filename : YK60X86.sys Product Name : Marvell Yukon Ethernet Controller Product Version : 9.0.32.3
VirusTotal Report submitted 2011-10-22 05:19:25
VirusShare info last updated 2012-07-25 04:18:58

	MD5	11599e7f74b9d201ffe8a0bb78e7d1bf
	SHA1	9d984403b173585a621b14f73436ab67e7366f83
	SHA256	3898b99f6dd0e69cdd35d483f4d3e87a78aceed35749c0fe15b06401d62c9b33
SSDeep	6144:7z0oXvbzyD1kphiMHMwkOqTC+19pgxOdGrfXvDm3E+PE2hbCQORv07khhAr3P7bc:HW1kfFqTC+1PgMdGrf7z+PE/v+kHe0
Size	368643 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.XPACK.Gen3 Avast = Win32:Pirminay-BW [Trj] Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/CI.A nProtect = Gen:Variant.Kazy.15607 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!SPiWt3NaUH4 TrendMicro-HouseCall = TROJ_GEN.R72C2FQ Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Pirminay.kqy McAfee-GW-Edition = Downloader.a!eb DrWeb = Trojan.MulDrop2.36782 TrendMicro = TROJ_GEN.R72C2FQ Kaspersky = Trojan.Win32.Pirminay.kqy Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Ponmocup.A PCTools = Trojan.Gen Jiangmin = Trojan/Generic.gmpc McAfee = Downloader.a!eb F-Secure = Gen:Variant.Kazy.15607 VIPRE = Trojan.Win32.Generic!SB.0 Avast5 = Win32:Pirminay-BW [Trj] AVG = Generic22.CNHA Norman = W32/Obfuscated.L Sophos = Mal/Ponmocup-A GData = Gen:Variant.Kazy.15607 Symantec = Trojan.Gen TheHacker = Trojan/Kryptik.llt BitDefender = Gen:Variant.Kazy.15607 NOD32 = a variant of Win32/Kryptik.LLT
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:03:02 10:25:52-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 368640 Initialized Data Size : 4096 Uninitialized Data Size : 479232 Entry Point : 0xcf190 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.0 Product Version Number : 5.2.3790.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 2 Language Code : Neutral Character Set : Unicode Company Name : Otngeajee Gskwasvrtii File Description : Czech_Programmer's Keyboard Layout File Version : 5.2.3790.0 (srv03_rtm.030324-2048) Internal Name : kbdcz2 (3.12) Legal Copyright : © Glainduup Sjtdhdqlice. All rights reserved. Original Filename : kbdcz2.dll Product Name : Dvseloutl® Zexauqm® Ymsptjfqo Dlftnv Product Version : 5.2.3790.0
VirusTotal Report submitted 2011-09-19 08:28:22
VirusShare info last updated 2012-07-25 04:19:45

	MD5	11ccf39ef03e3469caade81e1a896ed8
	SHA1	1c8c9d8a75bcfc4f62e8b2df5d741ff157cb0c90
	SHA256	73fd2677c6549eb7c75e2dd05d89e22d7e26a672284c8f26a616b964e378f1d5
SSDeep	1536:ATz0QKX6o8y+5+3alKK1syq6tVwOcd4DB64kEbHtLc0ZnKGj9:ozG6F5DU70AOcd4DMaI0Zlj
Size	84480 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-EI Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Menti Panda = Suspicious file nProtect = Gen:Variant.Renos.61 K7AntiVirus = Trojan VBA32 = AdWare.SuperJuan.heur TrendMicro-HouseCall = TROJ_GEN.R4FC3F1 Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Menti.gqoc McAfee-GW-Edition = Generic.dx!zow TrendMicro = TROJ_GEN.R4FC3F1 Kaspersky = Trojan.Win32.Menti.gqoc Microsoft = Trojan:Win32/Vundo Fortinet = W32/Menti.GQOC!tr PCTools = Trojan.Gen Jiangmin = Trojan/Menti.cpa McAfee = Generic.dx!zow F-Secure = Gen:Variant.Renos.61 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-EI AVG = Cryptic.BTF Norman = W32/Suspicious_Gen2.MKSNO Sophos = Mal/Generic-L Symantec = Trojan.Gen.2 GData = Gen:Variant.Renos.61 BitDefender = Gen:Variant.Renos.61 NOD32 = a variant of Win32/Kryptik.JHE
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:11:16 06:26:58-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 38400 Initialized Data Size : 82944 Uninitialized Data Size : 0 Entry Point : 0xa2f4 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.5512 Product Version Number : 5.1.2600.5512 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Internet Print Provider DLL File Version : 5.1.2600.5512 (xpsp.080413-0852) Internal Name : inetpp.dll Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : inetpp.dll Product Name : Microsoft® Windows® Operating System Product Version : 5.1.2600.5512
VirusTotal Report submitted 2011-06-29 12:43:54
VirusShare info last updated 2012-07-25 04:20:23

	MD5	11cdd2ce910f686ca9d216ed173235fa
	SHA1	ea91143472b9ed858d82a53acfdbc41ae61fc5ee
	SHA256	650969cef09a7a08206ed56fc880325b4527a9dc707c941e84d1054c11099e0c
SSDeep	3072:s6YVakIH7Atjuo9RNxweCrf71TiQ1fULmGbEo7jY1F:s6yakxKo9RbweudB18LmmBu
Size	120832 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-GD Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Gen Panda = Trj/CI.A K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!5Qa3wWJjoqA TrendMicro-HouseCall = TROJ_GEN.R72C2F9 Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Artemis!11CDD2CE910F TrendMicro = TROJ_GEN.R72C2F9 Microsoft = Trojan:Win32/Vundo PCTools = Trojan.Gen McAfee = Artemis!11CDD2CE910F VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-GD eSafe = Win32.TRVundo AVG = Generic22.BUAF Norman = W32/Suspicious_Gen2.MYJWX Symantec = Trojan.Gen GData = Trojan.Generic.6093322 TheHacker = Trojan/Kryptik.npn BitDefender = Trojan.Generic.6093322 NOD32 = a variant of Win32/Kryptik.NPN
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:14 13:39:47-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 69632 Initialized Data Size : 94208 Uninitialized Data Size : 0 Entry Point : 0x11a81 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1.3.0.3130 Product Version Number : 1.3.0.3130 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Jywyluocc Vhpbrgajfmp File Description : TDC ActiveX Control File Version : 1, 3, 0, 3130 Internal Name : TDC Legal Copyright : Copyright © 1996, 1997 Original Filename : TDC.OCX Product Name : Tabular Data Control Product Version : 1, 3, 0, 3130
VirusTotal Report submitted 2011-06-25 06:57:42
VirusShare info last updated 2012-07-25 04:20:24

	MD5	131216e8e937726eb0fe3bbb659dfe62
	SHA1	821f61debe0c25cabbfeaf33ba41ce1506640638
	SHA256	7b1331069ffc2f9ca6b58a122138a74ec5a1f4b2ecf4f45f46d25efc2edb9470
SSDeep	1536:54iQNv2RshGdiu0EGo55f9UT9Ay5aIrO/KdQSbWoeDhIQkrMmu:54RYshQi+GorFny5PO/KUugm
Size	97280 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Gen Panda = Generic Trojan nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!gHErYFdDKMk Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK DrWeb = Trojan.Click1.54518 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV PCTools = Trojan.Gen F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-EI [Cryp] F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.DUH Symantec = Trojan.Gen GData = Gen:Variant.Vundo.4 Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:08:07 09:54:32-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 86016 Initialized Data Size : 49152 Uninitialized Data Size : 0 Entry Point : 0x15f61 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 2 Language Code : Neutral Character Set : Unicode Company Name : Ycsdqvbqh Usityfyljes File Description : Czech_101 Keyboard Layout File Version : 6.0.6000.16386 (dpmvk_rtm.061101-2205) Internal Name : kbdcz1 (3.13) Legal Copyright : © Sdchglkri Ukxbdhsuldv. All rights reserved. Original Filename : kbdcz1.dll Product Name : Elolcvjtk® Thwfkji® Cixdokexf Hzssrf Product Version : 6.0.6000.16386
VirusTotal Report submitted 2011-07-22 11:20:40
VirusShare info last updated 2012-07-25 04:22:11

	MD5	13268b86704f9671a0aa6f891813cf9c
	SHA1	913e89fbee04aea526a2cd3284c24aa97dcf6df5
	SHA256	14d7b2a3562903a06caf80af3c5c61df13b0f74d1ff1186dbabe5bdd4a9c0a81
SSDeep	3072:8WVYwnpLtDWx9I/LDcvqNWAoJCcoEp+e+z4mRBDjyqG:8MnZtDIqqCfz4mRBny
Size	133120 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-GD Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.FakeAV Panda = Suspicious file Rising = Trojan.Win32.Generic.1287A221 nProtect = Gen:Variant.Vundo.4 TrendMicro-HouseCall = TROJ_GEN.R31C2FN Comodo = UnclassifiedMalware McAfee-GW-Edition = Artemis!13268B86704F TrendMicro = TROJ_GEN.R31C2FN Microsoft = Trojan:Win32/Vundo.gen!AV McAfee = Artemis!13268B86704F F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:MalOb-GD AVG = Generic22.AUNW Norman = W32/Suspicious_Gen2.NDIUZ GData = Gen:Variant.Vundo.4 BitDefender = Gen:Variant.Vundo.4 NOD32 = probably a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:09 21:06:46-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 73728 Initialized Data Size : 98304 Uninitialized Data Size : 0 Entry Point : 0xfd9a OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 4.6.3.518 Product Version Number : 4.6.3.518 File Flags Mask : 0x30003f File Flags : (none) File OS : Windows 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Windows, Latin1 Company Name : Microsoft Corporation File Description : Microsoft DirectDraw File Version : 4.06.03.0518 Internal Name : ddraw.dll Legal Copyright : Copyright © Microsoft Corp. 1994-1999 Original Filename : ddraw.dll Product Name : Microsoft® DirectX for Windows® 95 and 98 Product Version : 4.06.03.0518
VirusTotal Report submitted 2011-07-03 09:08:36
VirusShare info last updated 2012-07-25 04:22:18

	MD5	13aed417ca5af8c6912ca8a3997556f6
	SHA1	5bed36a32a8a45ae114c9429bffaf43161b04adc
	SHA256	f326a6f81e7c339d2d727f10e49b69041414e082aa0c435fc5ca7f62677aab59
SSDeep	1536:U4MQwSC/UXuY28bQJjml9I3k3lQ36QDkUf:U9Qwx8b20QJj83lQ39k
Size	49664 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.AV.525 Avast = Win32:MalOb-GH [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Trj/Genetic.gen nProtect = Trojan/W32.Small.49664.EE K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!TRjVsvp0sQg eTrust-Vet = Win32/Vundo.A!generic TrendMicro-HouseCall = TROJ_GEN.R72C2FK Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Vundo.av SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Vundo!kt DrWeb = Trojan.WinSpy.1071 TrendMicro = TROJ_GEN.R72C2FK Kaspersky = Trojan.Win32.Monder.mpwb ViRobot = Trojan.Win32.Vundo.49664 Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.isio McAfee = Vundo!kt F-Secure = Gen:Trojan.Heur.BDT.du8@b0Wtouai VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-GH [Cryp] AVG = Generic23.AOT Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Trojan.Heur.BDT.du8@b0Wtouai Symantec = Trojan.Gen TheHacker = Trojan/Kryptik.ocu BitDefender = Gen:Trojan.Heur.BDT.du8@b0Wtouai NOD32 = a variant of Win32/Kryptik.OCU
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2004:08:16 10:16:46-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 40960 Initialized Data Size : 49152 Uninitialized Data Size : 0 Entry Point : 0xaeb1 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2001.12.4414.258 Product Version Number : 3.0.0.4414 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Windows, Latin1 Company Name : Yzwibhlqj Ewifvhxbtkz File Description : Simple Kernel-mode File-based Log File Version : 2001.12.4414.258 Internal Name : txflog.sys Legal Copyright : Copyright (C) Microsoft Corp. 1995-1999 Legal Trademarks : Qfvwqsgxa(R) is a registered trademark of Ighyzngxg Psbzwdzhbpn. Pbnyczd(TM) is a trademark of Zlpagiibr Klpywuagrfb Product Name : COM Services Product Version : 03.00.00.4414
VirusTotal Report submitted 2011-09-12 11:56:22
VirusShare info last updated 2012-07-25 04:22:57

	MD5	1451add5c8c8d5f459e3365594b1dbaf
	SHA1	c97bc1ca0f154292b0b56ed3ab56b46856b9531f
	SHA256	73a40627ade24bc0f1ecfa9738cae92bad9ceb7ac0f49ea928f7352b15664ba6
SSDeep	1536:qPGz7YvV6YMi1TNutMI0RNM5G6XijYiLERpK2iKAXM3QGoUjC/1tJ:vYvA4yUN6XiCfQGoUjC/fJ
Size	114176 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.AV.572 Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/Win32.Monder.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.FakeAV Panda = Trj/Genetic.gen nProtect = Trojan/W32.Monder.114176.H K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!SKgdKpGVtq4 VBA32 = Trojan.Monder.drjy TrendMicro-HouseCall = TROJ_MONDR.SMUM Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Monder.drjy McAfee-GW-Edition = Generic.dx!zum DrWeb = Trojan.Virtumod.9851 TrendMicro = TROJ_MONDR.SMUM Kaspersky = Trojan.Win32.Monder.drjy Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Monder.BMF!tr PCTools = Trojan.Gen Jiangmin = Trojan/Monder.aamm McAfee = Generic.dx!zum VIPRE = Trojan.Win32.Kryptik.laq (v) eSafe = Win32.TRVundo.Av F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.CFBI Norman = Monder.M Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.13 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.lxf BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:06:17 01:37:32-04:00 PE Type : PE32 Linker Version : 5.12 Code Size : 57344 Initialized Data Size : 102400 Uninitialized Data Size : 0 Entry Point : 0xafd6 OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 9.0.32.3 Product Version Number : 9.0.32.3 File Flags Mask : 0x003f File Flags : Pre-release File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 6 Language Code : English (U.S.) Character Set : Unicode Company Name : Marvell File Description : NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller File Version : 9.0.32.3 built by: WinDDK Internal Name : YK60X86.sys Legal Copyright : ©Copyright 2002-2006 Marvell®. All rights reserved. Original Filename : YK60X86.sys Product Name : Marvell Yukon Ethernet Controller Product Version : 9.0.32.3
VirusTotal Report submitted 2011-10-22 06:00:01
VirusShare info last updated 2012-07-25 04:23:46

	MD5	15b8ae5aaba9675b49cbe189d7b98c1b
	SHA1	b0f43491318eb92f39c1fbad0e7afe0404588e48
	SHA256	f02aa1bb36be1ccb59c3b99f478c97c599cb4b47b6db8afa99e49008773a336f
SSDeep	3072:fPb1IVLs05WNzmn+OpVE7eCKXBGfK/t8uLxXLqCNA0D3mx:ZI20okf0rfKNlfjD3G
Size	115200 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.XPACK.Gen Avast = Win32:MalOb-GD [Cryp] Antiy-AVL = Trojan/win32.agent.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Vundo Panda = Trj/Genetic.gen nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!87p+MZHhtc8 TrendMicro-HouseCall = TROJ_GEN.R1BC2FH Comodo = TrojWare.Win32.Kryptik.LLT Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Artemis!15B8AE5AABA9 TrendMicro = TROJ_GEN.R1BC2FH Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.fnxb McAfee = Artemis!15B8AE5AABA9 F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) eSafe = Win32.TRVundo F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.CNKH Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.llt BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LLT
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:06:11 15:18:07-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 102400 Initialized Data Size : 49152 Uninitialized Data Size : 0 Entry Point : 0x19601 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.0.0.3422 Product Version Number : 2.0.0.3422 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : Rlikrttkj Ibietanazzz File Description : Jugqectay Character Animation Data Provider File Version : 2.00.0.3422 Internal Name : AgentDataProvider2 Legal Copyright : Copyright (C) Bhgtbibxy Corp. 1997-98 Legal Trademarks : Original Filename : AgentDp2.dll Private Build : Product Name : Nrrmupjma Character Animation Data Provider Product Version : 2.00.0.3422 Special Build :
VirusTotal Report submitted 2011-10-31 17:25:32
VirusShare info last updated 2012-07-25 04:25:49

	MD5	15d69ed31bd492205e5ecbeffb9d1b3f
	SHA1	b1a51c2a177a86e8b1e9a594b2151dd971ae96dc
	SHA256	48ea849fc58237f87e2a183984e2b76d319abc3e1b7a4b3a7208aea7e95a9c56
SSDeep	1536:m+1XeJkJz0b+MEhP2KoteezZ3CleHqFJlbJ:x1O2eKoteFgqFJlbJ
Size	81920 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.307200 Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Gen Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_GEN.R72C2FF Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Artemis!15D69ED31BD4 TrendMicro = TROJ_GEN.R72C2FF Microsoft = Trojan:Win32/Vundo PCTools = Trojan.Gen McAfee = Artemis!15D69ED31BD4 F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-EI [Cryp] F-Prot = W32/Virtumonde.CD.gen!Eldorado AVG = Generic22.CDHI Symantec = Trojan.Gen GData = Gen:Variant.Vundo.4 Commtouch = W32/Virtumonde.CD.gen!Eldorado BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.NDI
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:04:21 08:05:06-04:00 PE Type : PE32 Linker Version : 2.50 Code Size : 24576 Initialized Data Size : 90112 Uninitialized Data Size : 0 Entry Point : 0x2a45 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 2 Language Code : Neutral Character Set : Unicode Company Name : Hjtguixsk Dqpewkgnefv File Description : Czech_101 Keyboard Layout File Version : 6.0.6000.16386 (tmnyu_rtm.061101-2205) Internal Name : kbdcz1 (3.13) Legal Copyright : © Ftfcuyqtd Twrfbzktcur. All rights reserved. Original Filename : kbdcz1.dll Product Name : Microsoft® Pkfkyhq® Xhgzjlaol Saqzfr Product Version : 6.0.6000.16386
VirusTotal Report submitted 2011-07-08 06:49:52
VirusShare info last updated 2012-07-25 04:25:57

	MD5	16e03381dc6adefc2174faaad3e3bf7c
	SHA1	f8fff1e9df2d7a71a66445216cbd6b58c10d3b10
	SHA256	1d7f8e94f13ac448a2135f863c9f3eaa47281f4c211884f867296dbf67132acc
SSDeep	1536:kLpnmYj4dtNJu3G8fNo0wamFILh01Y3hyNS2Y6Y9l/MqqU+NV23S2BMnew:kL881o0wSyyA7Cl/MqqDLy/BZw
Size	115712 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-HF [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Trj/Genetic.gen nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!4Ct20y5ajPE eTrust-Vet = Win32/Monder.A!generic TrendMicro-HouseCall = TROJ_GEN.R30C7IQ Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Generic Malware.j!pec DrWeb = Trojan.WinSpy.1176 TrendMicro = TROJ_GEN.R30C7IQ Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr Jiangmin = Trojan/Generic.ijpf McAfee = Generic Malware.j!pec F-Secure = Gen:Variant.Vundo.4 VIPRE = Virtumonde F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.BHWY Norman = W32/Crypt.AWAT Sophos = Troj/Virtum-Gen Symantec = WS.Reputation.1 GData = Gen:Variant.Vundo.4 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.qgj BitDefender = Gen:Variant.Vundo.4 NOD32 = Win32/Adware.Virtumonde.NHD
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:07:28 14:37:02-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 73728 Initialized Data Size : 90112 Uninitialized Data Size : 0 Entry Point : 0xe9c6 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.0.5.53 Product Version Number : 2.0.5.53 File Flags Mask : 0x30003f File Flags : Pre-release, Private build File OS : Windows 16-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Windows, Latin1 Active Movie : Filter dll OLE Self Register : AM20 Company Name : Intel Ereuuuegcnp File Description : Indeo® audio software File Version : 2.05.53 Internal Name : iac25_32.ax Legal Copyright : Copyright © Intel Corp. 1997 Original Filename : iac25_32.ax Product Name : Indeo® audio software Product Version : 2.05.53
VirusTotal Report submitted 2011-11-14 13:19:28
VirusShare info last updated 2012-07-25 04:27:28

	MD5	17126198a2d67e12c9f1b2df5fb19af3
	SHA1	e49cf13219a34be349ece4fae8f63064bf8d9566
	SHA256	e51027e99d1cd46542c6e3b04b6f3422f1355a144b974648f008e2b7ca84f372
SSDeep	6144:3Xo+7KieGfQz8qZWpbpGRyuoGCFqqDLu:QGY80v5Coqnu
Size	208896 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-HF [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Fakeav.208896.PG Panda = Suspicious file nProtect = Gen:Variant.Hiloti.2 K7AntiVirus = Riskware eTrust-Vet = Win32/Monder.A!generic Comodo = TrojWare.Win32.Agent.axwt Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Vundo.av SUPERAntiSpyware = Trojan.Agent/Gen-Faldesc[RE] McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.WinSpy.1226 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr Jiangmin = Trojan/Generic.ijym McAfee = Generic Malware.ms F-Secure = Gen:Variant.Hiloti.2 VIPRE = Trojan.Win32.Virtum.gen (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.AXWT Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Hiloti.2 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.qgj BitDefender = Gen:Variant.Hiloti.2 NOD32 = a variant of Win32/Kryptik.QGJ
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:13 18:16:12-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 126976 Initialized Data Size : 122880 Uninitialized Data Size : 0 Entry Point : 0x1b92a OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Kiouiidar Xflboxjarey File Description : Wvnhiblnh Phzfnrn HotStart User Agent File Version : 6.0.6000.16386 (rjfnh_rtm.061101-2205) Internal Name : HotStartUserAgent.dll Legal Copyright : Copyright © 1998-2006 Vyvwbwown Corp. Original Filename : HotStartUserAgent.dll Product Name : Aoesxhzoh® Lpgtxbw® Opwyyadca Wznxts Product Version : 6.0.6000.16386 Ole Self Register :
VirusTotal Report submitted 2011-10-28 04:56:10
VirusShare info last updated 2012-07-25 04:27:48

	MD5	17a0a1f98f48cb79f8088b8766529b40
	SHA1	cdddb49dea9346ac2279ad7d7175ca1413a7d7a2
	SHA256	c45b3ca57d48a6b09fccb268699c690e8e7dcf847592670d263d6e252a7cdd1e
SSDeep	6144:ntqAtyQTlskkIB8agSd+/3KTliqpiAG4X/A/HWQhD4Doj+Ch:ntNtyUl7kALd4ilBpi/44F/5
Size	363085 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Pirminay.gkn Avast = Win32:Kryptik-CEF [Trj] Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan-Downloader.Win32.Ponmocup AhnLab-V3 = Win-Trojan/Pirminay.363085.B Panda = Trj/CI.A nProtect = Trojan/W32.Pirminay.363085 K7AntiVirus = Riskware VirusBuster = Trojan.Agent!TKmNTE+h7G4 TrendMicro-HouseCall = TROJ_GEN.R21C2F3 Comodo = TrojWare.Win32.Trojan.Agent.Gen Emsisoft = Trojan-Downloader.Win32.Ponmocup!IK CAT-QuickHeal = Trojan.Pirminay.gto SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Heuristic.BehavesLike.Win32.Downloader.H TrendMicro = TROJ_GEN.R21C2F3 Kaspersky = Trojan.Win32.Pirminay.gto Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = PossibleThreat PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.xx McAfee = Generic Downloader.x!fyu F-Secure = Trojan.Generic.5869931 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Vundo-JU [Trj] AVG = Generic22.AEHK Norman = W32/Obfuscated.L Sophos = Mal/Generic-L Symantec = Trojan.Gen GData = Trojan.Generic.5869931 TheHacker = Trojan/Pirminay.hay BitDefender = Trojan.Generic.5869931 NOD32 = probably a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:05:30 00:10:26-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 61440 Initialized Data Size : 598016 Uninitialized Data Size : 0 Entry Point : 0xbf1a OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 2 Language Code : Neutral Character Set : Unicode Company Name : Vpuwdzsie Oqfohvphedj File Description : German_IBM Keyboard Layout File Version : 6.0.6000.16386 (qotyg_rtm.061101-2205) Internal Name : kbdgr1 (3.13) Legal Copyright : © Sxoppxnwq Sllsgiltlnl. All rights reserved. Original Filename : kbdgr1.dll Product Name : Ntvcxggbe® Umcwupb® Tuulpvxkb Iaktfo Product Version : 6.0.6000.16386
VirusTotal Report submitted 2011-08-15 17:08:03
VirusShare info last updated 2012-07-25 04:28:36

	MD5	17d85b6e0aacaface418749ff083a87a
	SHA1	899cab345ff9ebe41a4c0fb4a7a76b185d582b12
	SHA256	2e31354193f43001af1975cfc3a8443ff589b2b3cd5c65bd105dda8b6387565f
SSDeep	1536:hAwnzG0HpjipOLEYaTXRMd6sicPJcPbvXOJG1LhbPtowQxIHIPNu:ewz7jLraTI6ngiLhbPtlZWu
Size	83456 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Gen Panda = Suspicious file nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!24UK0WNd/e4 TrendMicro-HouseCall = TROJ_GEN.R72C2FG Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Vundo!iz TrendMicro = TROJ_GEN.R72C2FG Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Monder.BMF!tr PCTools = Trojan.Gen McAfee = Vundo!iz F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-EI [Cryp] eSafe = Win32.TRVundo F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.CGUS Norman = W32/Suspicious_Gen2.MYJNZ GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.npn BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.NPN
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:11:16 12:43:03-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 32768 Initialized Data Size : 94208 Uninitialized Data Size : 0 Entry Point : 0x8e61 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.5512 Product Version Number : 5.1.2600.5512 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Indexing Service Server-side Object File Version : 5.1.2600.5512 (xpsp.080413-0852) Internal Name : ixsso.dll Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : ixsso.dll Product Name : Microsoft® Windows® Operating System Product Version : 5.1.2600.5512 Ole Self Register :
VirusTotal Report submitted 2011-09-20 10:08:39
VirusShare info last updated 2012-07-25 04:28:53

	MD5	180cf1fe642682e53688dc57fb3c500e
	SHA1	84d6077b25817db16d426adf25c4cdd99fb1bc09
	SHA256	74180ed355a3015e4fd5343f951d5b4cd0b38c28809843b38d420bf303685e20
SSDeep	1536:3D1c/mGJSw9shiPiYGSboRALQ3F51CnCRJZuvMqqU+NV23S2Zi:TPGJSRwPiYFboRc8kvMqqDLy/Zi
Size	86528 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:Vundo-JW [Trj] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Fakeav.86528.R Panda = Trj/Genetic.gen K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!5YqpGWgwBmE eTrust-Vet = Win32/Vundo.HSC TrendMicro-HouseCall = TROJ_GEN.R01C2FM Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Artemis!180CF1FE6426 DrWeb = Trojan.WinSpy.1072 TrendMicro = TROJ_GEN.R01C2FM Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.gije McAfee = Artemis!180CF1FE6426 F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Vundo-JW [Trj] eSafe = Win32.TRVundo F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.IAT Norman = W32/Kryptik.AIF Symantec = Trojan.Gen GData = Gen:Variant.Vundo.4 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.owy BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.OWY
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:13 09:32:51-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 32768 Initialized Data Size : 106496 Uninitialized Data Size : 0 Entry Point : 0x8a87 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Softpub Forwarder DLL File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : Softpub Forwarder DLL Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : Softpub Forwarder DLL Product Name : Microsoft® Windows® Operating System Product Version : 6.1.7600.16385
VirusTotal Report submitted 2011-09-15 07:47:54
VirusShare info last updated 2012-07-25 04:29:16

	MD5	189860168ca6f1b1caf4e3e117a07d66
	SHA1	704a6de62454cd88ffff9f1a0a65c306d726b5b9
	SHA256	c8bd083c48ee408fea3579db54bfa25c16227394fb80f16f9002c60be6232231
SSDeep	12288:BMdJsibcwP2TaRjzXBCl5fGbejdk7C8G5uy+EPbCk83:BSJ7bB5XBCfvjY9sCki
Size	430491 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dldr.Ponmocup.A.281 Avast = Win32:Pirminay-W [Trj] Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Pirminay.430491 Panda = Trj/CI.A nProtect = Trojan/W32.Pirminay.430491 K7AntiVirus = Trojan VirusBuster = Trojan.Agent!7BnKOJCPuLo TrendMicro-HouseCall = TROJ_GEN.R72C2EG Comodo = TrojWare.Win32.Trojan.Agent.Gen Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Pirminay.gou McAfee-GW-Edition = Heuristic.BehavesLike.Win32.Suspicious.H TrendMicro = TROJ_GEN.R72C2EG Kaspersky = Trojan.Win32.Pirminay.gou Microsoft = TrojanDownloader:Win32/Ponmocup.A PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.agn McAfee = Generic Downloader.x!fyg F-Secure = Trojan.Generic.5904411 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Pirminay-W [Trj] AVG = Generic22.AKIR Norman = W32/Obfuscated.L Sophos = Mal/Generic-L Symantec = Trojan.Gen GData = Trojan.Generic.5904411 BitDefender = Trojan.Generic.5904411 NOD32 = a variant of Win32/Kryptik.NHM
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2004:08:15 13:21:11-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 69632 Initialized Data Size : 700416 Uninitialized Data Size : 0 Entry Point : 0x11d8c OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.0 Product Version Number : 5.2.3790.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Nritaynzq Zjhtptgftln File Description : timeout - pauses command processing File Version : 5.2.3790.0 (srv03_rtm.030324-2048) Internal Name : timeout.exe Legal Copyright : © Iatobqagy Ndibezjdznp. All rights reserved. Original Filename : timeout.exe Product Name : Xohwtgevy® Ukffxxa® Lgmgpkowb Ggvsfe Product Version : 5.2.3790.0
VirusTotal Report submitted 2011-08-13 16:31:18
VirusShare info last updated 2012-07-25 04:29:58

	MD5	193dfef244dfd3fa79beb49fbe308b77
	SHA1	2a75e353a733e70cbf31dce4d831e04435ec4bd9
	SHA256	5834f9cbf486a452da4ba46ab1bde0ce08eaffc6be9f10cd70947523d17cf17a
SSDeep	6144:uaM+CQXITz0t0CHLI4ScN9fCn2lg1l6tR51lOPRQ65z6G9Rr7+ezg+lti:u3tFILIr76tfOPZz/9d7+ug+ls
Size	365056 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dldr.Ponmocup.A.287 Avast = Win32:Downloader-HVN [Trj] Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Pirminay.365056.Q Panda = Generic Trojan nProtect = Trojan/W32.Pirminay.365056 K7AntiVirus = Trojan VirusBuster = Trojan.Pirminay!p7J7cz3A5AE VBA32 = Trojan.Pirminay.ieq TrendMicro-HouseCall = TSPY_PIRMI.SMUM Comodo = TrojWare.Win32.Trojan.Agent.Gen Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Downloader.a!uf DrWeb = Trojan.DownLoader3.26438 TrendMicro = TSPY_PIRMI.SMUM Kaspersky = Trojan.Win32.Pirminay.ieq Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Kryptik.ANL!tr PCTools = Downloader.Generic Jiangmin = Trojan/Pirminay.acd McAfee = Downloader.a!uf F-Secure = Trojan.Generic.KDV.249739 VIPRE = Trojan.Win32.Generic!BT eSafe = Win32.TRDldr.Ponmocu AVG = SHeur3.CEFV Norman = W32/Obfuscated.L Sophos = Troj/Virtum-Gen GData = Trojan.Generic.KDV.249739 Symantec = Downloader TheHacker = Trojan/Pirminay.ieq BitDefender = Trojan.Generic.KDV.249739 NOD32 = a variant of Win32/Kryptik.PNY
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:01:31 15:32:00-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 360448 Initialized Data Size : 4096 Uninitialized Data Size : 466944 Entry Point : 0xcac20 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.120 Product Version Number : 5.2.3790.120 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 1 Language Code : English (U.S.) Character Set : Unicode Company Name : Jtmmrqbth Eukatcstgsh File Description : Tty Printer Driver File Version : 5.2.3790.120 (srv03_qfe.031205-1652) Internal Name : Ttyres.dll Legal Copyright : © Vqjvvhngk Ajngiwczpfm. All rights reserved. Original Filename : Ttyres.dll Product Name : Onwpytshv® Apwraof® Joskedncv Bcanrh Product Version : 5.2.3790.120
VirusTotal Report submitted 2011-10-19 16:31:31
VirusShare info last updated 2012-07-25 04:30:50

	MD5	19c5f584b9ff76ef83ddf9daff373ab7
	SHA1	6fc85eda75627b8f765beaad0af44dc45699052f
	SHA256	f5cba9983dea1cb70d3611fbd0179fc81d36d04dc3b34edc42e8ba5fc09ab06c
SSDeep	6144:1rMxHOqzAg5abB53EfrhAZ1WAk3nV1CGoC1uoOQ3hbx4vg3NgvrdBeVjdtEl:gOqT5YyfQWJnV1CTC1uUtxj+BIdte
Size	365139 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen2 Avast = Win32:Pirminay-W [Trj] Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/CI.A nProtect = Trojan/W32.Pirminay.365139 K7AntiVirus = Virus VBA32 = Trojan.Pirminay.icu TrendMicro-HouseCall = TROJ_GEN.R72C2H6 Emsisoft = Trojan.Win32.Pirminay!IK Comodo = TrojWare.Win32.Trojan.Agent.Gen CAT-QuickHeal = Trojan.Pirminay.iir McAfee-GW-Edition = Generic Downloader.x!fza DrWeb = Trojan.DownLoader4.45460 TrendMicro = TROJ_GEN.R72C2H6 Kaspersky = Trojan.Win32.Pirminay.iir Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Kryptik.ANL!tr Jiangmin = Trojan/Pirminay.afi McAfee = Generic Downloader.x!fza F-Secure = Gen:Variant.Riern.1 VIPRE = Packed.Win32.Pirminay.a (v) eSafe = Win32.GenericDownloa F-Prot = W32/Skintrim.1!Generic AVG = Dropper.Generic3.CDXQ Norman = W32/Obfuscated.L Sophos = Troj/Virtum-Gen GData = Gen:Variant.Riern.1 Symantec = WS.Reputation.1 Commtouch = W32/Skintrim.1!Generic TheHacker = Trojan/Pirminay.icu BitDefender = Gen:Variant.Riern.1 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:11:10 01:11:08-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 8192 Initialized Data Size : 692224 Uninitialized Data Size : 0 Entry Point : 0x2b10 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.1830 Product Version Number : 5.2.3790.1830 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Nnkcnauqbfd File Description : Oxsavtxro® Terminal Server Licensing 236 Policy Module File Version : 5.2.3790.1830 (srv03_sp1_rtm.050324-1447) Internal Name : tls236.dll Legal Copyright : © Ondbxggyq Nicffcsvvwh. All rights reserved. Original Filename : tls236.dll Product Name : Olhajfcnu® Bcrrpfh® Kcbjshcze Oidwtd Product Version : 5.2.3790.1830
VirusTotal Report submitted 2011-10-21 04:35:31
VirusShare info last updated 2012-07-25 04:31:30

	MD5	19e23b8bc6cb006b8409ebf9c990ff82
	SHA1	48171b3ecdcf55025760ae8b0809345b9f0660bc
	SHA256	3388961fc7df6a72727ac914885c72995ed443ba10f3ac0cf4dd96122e903009
SSDeep	1536:2IgtG4llzAwk/HY0SyhduHFcOn9nkFLRhv/VKjRlUsRvpaUD1MWWyAaCrNl:R8l1Awk/tdwHFR5kNP1KjR27sMnai
Size	86528 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/VB.Downloader.Gen Avast = Win32:Hosts-J Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Swisyn Panda = Trj/Qhost.LU Rising = Trojan.Win32.QHost.awf nProtect = Trojan/W32.Swisyn.86528.B K7AntiVirus = Trojan VirusBuster = Trojan.Swisyn!whPY1JLc4mw VBA32 = SScope.Trojan.VB.0609 eTrust-Vet = Win32/Swisyn.R TrendMicro-HouseCall = TROJ_FAM_00001e3.TOMA Emsisoft = Trojan.Win32.Pirminay!IK Comodo = TrojWare.Win32.Swisyn.C CAT-QuickHeal = TrojanDownloader.Ponmocup.A3 SUPERAntiSpyware = Trojan.Agent/Gen-HackHost McAfee-GW-Edition = Heuristic.BehavesLike.Win32.Downloader.D DrWeb = Trojan.Hosts.303 TrendMicro = TROJ_FAM_00001e3.TOMA Kaspersky = Trojan.Win32.Swisyn.jyb ViRobot = Trojan.Win32.Swisyn.65024 Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Swisyn.CQV!tr PCTools = Malware.Changeup Jiangmin = Trojan/Swisyn.cby McAfee = Swisyn.s F-Secure = Trojan.QHosts.AVD VIPRE = Trojan.Win32.Swisyn.jyb (v) Avast5 = Win32:Hosts-J F-Prot = W32/Swisyn.E.gen!Eldorado AVG = Dropper.VB.CMD Norman = W32/DLoader.ACMAD Sophos = Mal/Swisyn-D Symantec = W32.Changeup!gen GData = Trojan.QHosts.AVD Commtouch = W32/Swisyn.E.gen!Eldorado TheHacker = Trojan/Swisyn.jyb BitDefender = Trojan.QHosts.AVD NOD32 = Win32/Qhost.NRX
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:13 10:28:38-04:00 PE Type : PE32 Linker Version : 6.0 Code Size : 8192 Initialized Data Size : 8192 Uninitialized Data Size : 0 Entry Point : 0x1088 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2011-07-05 18:42:50
VirusShare info last updated 2012-07-25 04:31:38

	MD5	1ca9338e6af622566358e1a15c2350d3
	SHA1	fa8111a686ccf04474ab8df3f35e198e3b7879c7
	SHA256	9226e9350ec0d4be1b390d8ec54a01572d8cb19412ba95fed3ddf198fb864084
SSDeep	1536:2I89LtduvmibhKd6PuxYLnuHUxC1QE2TXsCIBMnQjg/QXqa2uq+I4dS7:R8jhilWxYLtdXFQE/Q0uq+I4dC
Size	110592 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/VB.Downloader.Gen Avast = Win32:Hosts-J Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Swisyn Panda = Trj/Qhost.LU Rising = Trojan.Win32.QHost.awf nProtect = Trojan/W32.QHosts.110592 K7AntiVirus = Trojan VirusBuster = Trojan.Swisyn!whPY1JLc4mw VBA32 = SScope.Trojan.VB.0609 eTrust-Vet = Win32/Swisyn.R TrendMicro-HouseCall = TROJ_FAM_00001e3.TOMA Comodo = TrojWare.Win32.Swisyn.C CAT-QuickHeal = TrojanDownloader.Ponmocup.A3 SUPERAntiSpyware = Trojan.Agent/Gen-HackHost McAfee-GW-Edition = Heuristic.BehavesLike.Win32.Downloader.A DrWeb = Trojan.Hosts.303 TrendMicro = TROJ_FAM_00001e3.TOMA Kaspersky = Trojan.Win32.Swisyn.jyb Microsoft = TrojanDownloader:Win32/Ponmocup.A ViRobot = Trojan.Win32.Swisyn.65024 Fortinet = W32/Swisyn.CQV!tr PCTools = Malware.Changeup Jiangmin = Trojan/Swisyn.cby McAfee = Swisyn.s F-Secure = Trojan.QHosts.AVD VIPRE = Trojan.Win32.Swisyn.jyb (v) Avast5 = Win32:Hosts-J F-Prot = W32/Swisyn.E.gen!Eldorado AVG = Dropper.VB.CMD Norman = W32/DLoader.ACMAD Sophos = Mal/Swisyn-D Symantec = W32.Changeup!gen GData = Trojan.QHosts.AVD Commtouch = W32/Swisyn.E.gen!Eldorado TheHacker = Trojan/Swisyn.jyb BitDefender = Trojan.QHosts.AVD NOD32 = Win32/Qhost.NRX
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:13 10:28:38-04:00 PE Type : PE32 Linker Version : 6.0 Code Size : 8192 Initialized Data Size : 8192 Uninitialized Data Size : 0 Entry Point : 0x1088 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2011-06-29 11:13:24
VirusShare info last updated 2012-07-25 04:35:32

	MD5	1cad02a95a6fb3405fa4488ca6162d1d
	SHA1	d309a5e8af7e88f4e2b4f2ab933848908d49e4b8
	SHA256	588b4c74385284b5231f65c8b744588eb710cd713eab04f39d4a5b62f1538fee
SSDeep	3072:+w/csKMInHNumxkH623PQ8+UtO2asMoCvGZQHHA7KsH7/sxqDKwhV9AvXl4MqqDe:R/c3tWtYot9asMomGZ75oIhFAvNqqDLS
Size	192512 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.XPACK.Gen3 Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Gen Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.13 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!OQScXmNOOwE VBA32 = AdWare.SuperJuan.heur TrendMicro-HouseCall = TROJ_GEN.R72C2FK Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware TrendMicro = TROJ_GEN.R72C2FK Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Monder.BMF!tr PCTools = Trojan.Gen F-Secure = Gen:Variant.Vundo.13 VIPRE = Virtumonde F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.BXT Sophos = Troj/Virtum-Gen Symantec = Trojan.Gen.2 GData = Gen:Variant.Vundo.13 Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Gen:Variant.Vundo.13 NOD32 = probably a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:06:26 07:00:26-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 147456 Initialized Data Size : 86016 Uninitialized Data Size : 0 Entry Point : 0x20a16 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.3790.1830 Product Version Number : 6.0.3790.1830 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Ibbrykbwd Hlkdalsqmeg File Description : ActiveX Plugin OCX File Version : 6.00.3790.1830 (srv03_sp1_rtm.050324-1447) Internal Name : plugin.Ocx Legal Copyright : © Nbjhrperb Worzyypwgkh. All rights reserved. Original Filename : plugin.Ocx Product Name : Lswyzwwhj® Ykzhapf® Lezanqoqy Mtfdxs Product Version : 6.00.3790.1830 Ole Self Register :
VirusTotal Report submitted 2011-08-20 15:58:04
VirusShare info last updated 2012-07-25 04:35:33

	MD5	1d86d14c98b37ae3d6c5859181673025
	SHA1	0286807f88070a99211d0c01eb4999b9eba1850f
	SHA256	ea707114dc2bcf7831e3c383ab922e069323174883e71c3628e45a1a6bb5a10f
SSDeep	6144:hZ45KiU95Bj0T9G+Mlnefu2/V3JmHbtSJLKUZpu9fi8lvsigPAHZcsgo2Lh:hgKiKK4p2tJmhUtPT8lvb6ycsx2Lh
Size	366592 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dldr.Ponmocup.A.58 Avast = Win32:Dropper-gen Ikarus = Trojan-Downloader.Win32.Ponmocup AhnLab-V3 = Trojan/Win32.Refroso Panda = Suspicious file K7AntiVirus = Riskware VBA32 = Trojan.Pirminay.hum TrendMicro-HouseCall = TROJ_GEN.R26C1EV Comodo = TrojWare.Win32.Trojan.Agent.Gen McAfee-GW-Edition = Generic Downloader.x!eli TrendMicro = TROJ_GEN.R26C1EV Kaspersky = Trojan.Win32.Pirminay.hum Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Pirminay.HUM!tr PCTools = HeurEngine.MaliciousPacker Jiangmin = Trojan/Pirminay.aaq McAfee = Generic Downloader.x!eli F-Secure = Backdoor.Generic.517571 VIPRE = Packed.Win32.Pirminay.a (v) Avast5 = Win32:Dropper-gen eSafe = Win32.TRDldr.Ponmocu F-Prot = W32/FakeAlert.LP.gen!Eldorado AVG = Downloader.Generic11.AHFM Norman = W32/Suspicious_Gen2.HRNWT Sophos = Mal/Generic-L Symantec = Packed.Generic.305 GData = Backdoor.Generic.517571 Commtouch = W32/FakeAlert.LP.gen!Eldorado TheHacker = W32/Pirminay.hum BitDefender = Backdoor.Generic.517571 NOD32 = a variant of Win32/Kryptik.IAC
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:15 12:19:35-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 357888 Initialized Data Size : 326144 Uninitialized Data Size : 0 Entry Point : 0x582e2 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.3.3790.3959 Product Version Number : 5.3.3790.3959 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : WDM WST Codec Driver File Version : 5.3.3790.3959 (srv03_sp2_rtm.070216-1710) Internal Name : wstcodec.sys Legal Copyright : Copyright (C) Philips Semiconductors. 1981-1999 Original Filename : wstcodec.sys Product Name : Microsoft(R) Windows(R) Operating System Product Version : 5.3.3790.3959
VirusTotal Report submitted 2011-06-23 19:42:13
VirusShare info last updated 2012-07-25 04:36:37

	MD5	1dbe65e7b52ec5c2622361333ca11dd8
	SHA1	6c498e9f727cd10f19b0bf36ba6ac499c8418903
	SHA256	d537de7da6735a65afb4a29917a0f2c4533227789e8728a0da04c43db072a0d6
SSDeep	1536:EPGz7Yws61yig6TNItdCMJDBcG6XijY8LERpK2iKAXM3QGo2CC/1tJ:lYwTTIJDuXiAfQGo2CC/fJ
Size	114176 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.AV.572 Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/Win32.Monder.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.FakeAV Panda = Trj/Genetic.gen nProtect = Trojan/W32.Monder.114176.I K7AntiVirus = Riskware VirusBuster = Trojan.Vundo!l0+lwKIE1mc VBA32 = Trojan.Monder.drjy TrendMicro-HouseCall = TROJ_GEN.R1BC2FI Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Monder.drjy McAfee-GW-Edition = Vundo!ke DrWeb = Trojan.Virtumod.9851 TrendMicro = TROJ_GEN.R1BC2FI Kaspersky = Trojan.Win32.Monder.drjy Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Monder.BMF!tr PCTools = Trojan.Gen Jiangmin = Trojan/Monder.aamm McAfee = Vundo!ke ClamAV = Trojan.Vundo-36283 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.CFBI Norman = Monder.M Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.13 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.lxf BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:06:17 01:37:32-04:00 PE Type : PE32 Linker Version : 5.12 Code Size : 57344 Initialized Data Size : 102400 Uninitialized Data Size : 0 Entry Point : 0xafd6 OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 9.0.32.3 Product Version Number : 9.0.32.3 File Flags Mask : 0x003f File Flags : Pre-release File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 6 Language Code : English (U.S.) Character Set : Unicode Company Name : Marvell File Description : NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller File Version : 9.0.32.3 built by: WinDDK Internal Name : YK60X86.sys Legal Copyright : ©Copyright 2002-2006 Marvell®. All rights reserved. Original Filename : YK60X86.sys Product Name : Marvell Yukon Ethernet Controller Product Version : 9.0.32.3
VirusTotal Report submitted 2011-10-22 06:31:22
VirusShare info last updated 2012-07-25 04:36:51

	MD5	1dfd83e400cb20bcc47c817f7d114c06
	SHA1	16006641b81a8ad821fb08229bdd4fe5fcfdcf03
	SHA256	4fefa4accd85c461eaacc125e861fd36efe9bb256b48d42d510b2ac91545c883
SSDeep	6144:cGruOUCkdYpCgUj2msuv4YzEOrCWiGWnbjEnSGm5dCsFBrea9mOvfyaqtEr3R:mO8dYxI2msugYWWinhPCCl6/K
Size	418214 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Spy.418265 Avast = Win32:Kryptik-CGY Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Pirminay.418214 Panda = Trj/CI.A nProtect = Trojan/W32.Pirminay.418214 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!SUpVBVG6qtQ TrendMicro-HouseCall = TROJ_GEN.R21C2F4 CAT-QuickHeal = Trojan.Pirminay.hcg SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Generic Downloader.x!fyu DrWeb = Trojan.DownLoader3.55571 TrendMicro = TROJ_GEN.R21C2F4 Kaspersky = Trojan.Win32.Pirminay.hcg Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Pirminay.A!tr Jiangmin = Trojan/Pirminay.ago McAfee = Generic Downloader.x!fyu F-Secure = Gen:Variant.Vundo.11 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Kryptik-CGY AVG = Generic22.AISB Norman = W32/Obfuscated.L Sophos = Mal/Ponmocup-A GData = Gen:Variant.Vundo.11 BitDefender = Gen:Variant.Vundo.11 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:04:29 17:34:20-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 139264 Initialized Data Size : 557056 Uninitialized Data Size : 0 Entry Point : 0x22c10 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6002.18005 Product Version Number : 6.0.6002.18005 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 9 Language Code : English (U.S.) Character Set : Unicode Company Name : Guakyncuo Vbrejfbjvqw File Description : Winmm audio system driver File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830) Internal Name : wdmaud.drv Legal Copyright : © Npwplkmlm Uwitvoeuats. All rights reserved. Original Filename : wdmaud.drv Product Name : Adpdrvssm® Igeomkm® Jjullbbtj Mpjaao Product Version : 6.0.6002.18005
VirusTotal Report submitted 2011-06-29 10:43:40
VirusShare info last updated 2012-07-25 04:37:08

	MD5	1e6bc35b000ed800b3509135b8ae8bc1
	SHA1	f84b473bf004cdc320a695a470d2734379e60ba0
	SHA256	65aacb40ccc46e1aba659e617a71835486267f6d94da24ac26ace070d3cde2e6
SSDeep	6144:0zAfN9tKSbAuIkfi19RoqaTOOK0hNmZvDaWBIKSpt4zLGE2W4xMlskoVtXsDsBcx:0cfNOSbAgiOqJO9uxSKSv4HGxVxMWkoG
Size	367616 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:Dropper-GZY [Drp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Generic Trojan Rising = Trojan.Win32.Generic.128A61C6 nProtect = Trojan/W32.Pirminay.367616 K7AntiVirus = Trojan VirusBuster = Trojan.Pirminay!dHa9F3nblnA VBA32 = Trojan.Pirminay.ikf TrendMicro-HouseCall = TROJ_GEN.R21C2G5 Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Pirminay.ikf SUPERAntiSpyware = Trojan.Agent/Gen-Falint[RE] McAfee-GW-Edition = Generic.dx!zwh DrWeb = Trojan.DownLoader3.33469 TrendMicro = TROJ_GEN.R21C2G5 Kaspersky = Trojan.Win32.Pirminay.ikf Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Pirminay.IKF!tr Jiangmin = Trojan/Pirminay.adg McAfee = Generic.dx!zwh F-Secure = Trojan.Generic.KDV.257045 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Dropper-GZY [Drp] eSafe = Win32.TRDropper AVG = Generic23.KBF Norman = W32/Obfuscated.L Sophos = Mal/Generic-L GData = Trojan.Generic.KDV.257045 TheHacker = Trojan/Pirminay.ikf BitDefender = Trojan.Generic.KDV.257045 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:11:12 13:26:02-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 368640 Initialized Data Size : 4096 Uninitialized Data Size : 540672 Entry Point : 0xde020 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7000.0 Product Version Number : 6.1.7000.0 File Flags Mask : 0x0017 File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Xczembsiu Zowhmyamvvc File Description : File Version : 6.1.7000.0 Internal Name : Eihsqjpxx.Byduyqa.Diagnosis.Commands.WriteDiagProgress.resources.dll Legal Copyright : Copyright (c) Ngkozaydl Wdlcanwellv. All rights reserved. Original Filename : Wwjxelbvl.Dxexqua.Diagnosis.Commands.WriteDiagProgress.resources.dll Product Name : Lcqpwtiev (R) Oqinrcj (R) Kgxbmaeau Cfqbwz Product Version : 6.1.7000.0
VirusTotal Report submitted 2011-07-20 13:12:17
VirusShare info last updated 2012-07-25 04:37:36

	MD5	1fc75c0eb985ed4197a0d3dac5e61dd1
	SHA1	d4cbc9614569a8f2556bb2df8abaf8fd279ab3a5
	SHA256	b37002ae482e787c42bf8ba3ccf299c93e80f866c17c74a9bd44d0424686d055
SSDeep	6144:cGruOUCkdYpCgUj2msuv4YzEOrCWiGWnbjEnSGm5dCsFBrea9mOvfyaqtEr3v:mO8dYxI2msugYWWinhPCCl6/e
Size	418403 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Spy.418265 Avast = Win32:Kryptik-CGY Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Pirminay.418403 Panda = Trj/CI.A nProtect = Trojan/W32.Pirminay.418403 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!SUpVBVG6qtQ TrendMicro-HouseCall = TROJ_GEN.R21C2F4 Comodo = TrojWare.Win32.Trojan.Agent.Gen CAT-QuickHeal = Trojan.Pirminay.hdt SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Generic Downloader.x!fyu DrWeb = Trojan.DownLoader3.55589 TrendMicro = TROJ_GEN.R21C2F4 Kaspersky = Trojan.Win32.Pirminay.hdt Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Pirminay.A!tr Jiangmin = Trojan/Pirminay.ago McAfee = Generic Downloader.x!fyu F-Secure = Gen:Variant.Vundo.11 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Kryptik-CGY AVG = Generic22.AISB Norman = W32/Obfuscated.L Sophos = Mal/Ponmocup-A GData = Gen:Variant.Vundo.11 BitDefender = Gen:Variant.Vundo.11 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:04:29 17:34:20-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 139264 Initialized Data Size : 557056 Uninitialized Data Size : 0 Entry Point : 0x22c10 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6002.18005 Product Version Number : 6.0.6002.18005 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 9 Language Code : English (U.S.) Character Set : Unicode Company Name : Guakyncuo Vbrejfbjvqw File Description : Winmm audio system driver File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830) Internal Name : wdmaud.drv Legal Copyright : © Npwplkmlm Uwitvoeuats. All rights reserved. Original Filename : wdmaud.drv Product Name : Adpdrvssm® Igeomkm® Jjullbbtj Mpjaao Product Version : 6.0.6002.18005
VirusTotal Report submitted 2011-07-01 17:33:45
VirusShare info last updated 2012-07-25 04:39:15

	MD5	2084c15b3e3c16b0217adf86cb01acb8
	SHA1	621182970b52234842ea2b8eb5cbd8dfcf53406f
	SHA256	eb1176589fda2a0b46aceea1367f1013d66587cada2cb041dc905156bf791a44
SSDeep	6144:oUzG73v2nFvTxWZApsujmmgSndbhv6IF2po1Nqw1AQD92pcoaWtB9F8:oUzUOFvTHpd4yvv6IF2u1DRIpzaWr9F8
Size	348660 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dldr.Ponmocup.A.251 Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Pirminay.348660 Panda = Trj/CI.A nProtect = Trojan/W32.Pirminay.348660 K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_GEN.R21C2F4 Comodo = TrojWare.Win32.Trojan.Agent.Gen Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Pirminay.hgz TrendMicro = TROJ_GEN.R21C2F4 Kaspersky = Trojan.Win32.Pirminay.hgz Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Downloader_x.FZU!tr PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.xe F-Secure = Trojan.Generic.5902046 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Vundo-JU [Trj] F-Prot = W32/SillyBackdoor.B.gen!Eldorado AVG = Generic22.AMCY Norman = W32/Obfuscated.L Symantec = Trojan.Gen GData = Trojan.Generic.5902046 Commtouch = W32/SillyBackdoor.B.gen!Eldorado TheHacker = Trojan/Pirminay.gng BitDefender = Trojan.Generic.5902046 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:09 09:37:28-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 61440 Initialized Data Size : 524288 Uninitialized Data Size : 0 Entry Point : 0xc3bb OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 8.0.7000.0 Product Version Number : 8.0.7000.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Lyngqagsuey File Description : Wujnhujjd Speech Recognition Engine Extensions File Version : 8.0.7000.0 (winmain_win7beta.081212-1400) Internal Name : spsrx.dll Legal Copyright : © Hsjbsdlsr Peruyriagwo. All rights reserved. Original Filename : spsrx.dll Product Name : Azsaulvbi® Fnqxvjq® Qgncpsjab Dnyaue Product Version : 8.0.7000.0
VirusTotal Report submitted 2011-08-13 16:41:20
VirusShare info last updated 2012-07-25 04:40:05

	MD5	2289fdd3151d9a676666a7dc3184bae1
	SHA1	92d6b4e0a2c89d8602ed71ec0948c9932495384a
	SHA256	908e71202f459d27d7d28ae3fea19a8f7908c5cb2bd0f1ff193aabaa40b3887b
SSDeep	3072:M9CASJ2sQcyYEQSpNdndtMik9Egv/i0Y:wVSJDQcyYwVnd03
Size	102400 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/Win32.Monder.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Suspicious file nProtect = Trojan/W32.Monder.102400.AQ K7AntiVirus = Riskware VBA32 = AdWare.SuperJuan.heur eTrust-Vet = Win32/Monder.A!generic TrendMicro-HouseCall = TROJ_GEN.R47C3FL Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Monder.miyx McAfee-GW-Edition = Artemis!2289FDD3151D TrendMicro = TROJ_GEN.R47C3FL Kaspersky = Trojan.Win32.Monder.miyx Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Monder.MIYX!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.dmwx McAfee = Artemis!2289FDD3151D F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-EI [Cryp] F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.FPZ Norman = W32/Suspicious_Gen2.MVJYZ GData = Gen:Variant.Vundo.13 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Monder.miyx BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.HUO
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:04:06 06:40:22-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 40960 Initialized Data Size : 90112 Uninitialized Data Size : 0 Entry Point : 0xa8e4 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.0 Product Version Number : 5.2.3790.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : WMI Performance Reverse Adapter Resources File Version : 5.2.3790.0 (srv03_rtm.030324-2048) Internal Name : WmiApRes.dll Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : WmiApRes.dll Product Name : Microsoft® Windows® Operating System Product Version : 5.2.3790.0
VirusTotal Report submitted 2011-09-12 13:45:58
VirusShare info last updated 2012-07-25 04:42:27

	MD5	230329fa638c99d8ce3559eb705005a3
	SHA1	8d3616a8360b5730d9b3eeae20ae46751c7746a3
	SHA256	5d76e3d237c6caf1a9c60a8d98b957b170a35fb66689e8039aa67593c81e1abd
SSDeep	6144:RepWLF6CnWlLQuItQVQIuuSmfdTFbuaSXGhatH3FoLYC8ZO7ZW8ST:RepWL47xRQIznCaSkakLYd3p
Size	343490 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.XPACK.Gen2 Avast = Win32:Pirminay-Y [Trj] Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay Panda = Generic Trojan nProtect = Gen:Variant.FakeAlert.39 K7AntiVirus = Trojan VirusBuster = Trojan.Agent!bncbCmsWLu8 VBA32 = Trojan.Pirminay.ihg TrendMicro-HouseCall = TROJ_GEN.R47C3FL Emsisoft = Trojan.Win32.Pirminay!IK Comodo = TrojWare.Win32.Trojan.Agent.Gen CAT-QuickHeal = Trojan.Pirminay.ihg McAfee-GW-Edition = Generic.dx!zvq DrWeb = Trojan.DownLoader3.35613 TrendMicro = TROJ_GEN.R47C3FL Kaspersky = Trojan.Win32.Pirminay.ihg Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Pirminay.IHG!tr PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.ads McAfee = Generic.dx!zvq F-Secure = Trojan.Generic.6147246 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Pirminay-Y [Trj] AVG = SHeur3.CEQR Norman = W32/Obfuscated.L Sophos = Mal/Generic-L Symantec = Trojan.Gen GData = Trojan.Generic.6147246 TheHacker = Trojan/Pirminay.ihd BitDefender = Trojan.Generic.6147246 NOD32 = Win32/TrojanDropper.Agent.PJQ
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:09 19:45:35-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 344064 Initialized Data Size : 4096 Uninitialized Data Size : 425984 Entry Point : 0xbbf80 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Hyfnnwlky Chxkquhzrad File Description : Tool for managing the Kerberos ticket cache File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : klist.exe Legal Copyright : © Pwrknubsa Hahjmfaqjii. All rights reserved. Original Filename : klist.exe Product Name : Jixuczsua® Epspgjy® Ajuywueil Lkbifg Product Version : 6.1.7600.16385
VirusTotal Report submitted 2011-07-15 14:57:25
VirusShare info last updated 2012-07-25 04:43:01

	MD5	268fa0baa1f4346b3ef24819e9d88432
	SHA1	9d0f3938062365756ceac0eee33951359a600f5e
	SHA256	9946fca37ebc2932e43119a71ce6fabcea25ab622332c6f2b8559641a1a2f982
SSDeep	1536:GiAvdJ94aWm4nEHHKK4b0rT9luTJJhabHLWB2vDhBEQtaZkQf:KdJZKnAKfg9luFJhcLRreZkQf
Size	76800 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-EI Ikarus = Trojan.Win32.Pirminay F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-EI GData = Gen:Variant.Vundo.4 BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.NDI
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:06:29 07:32:37-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 32768 Initialized Data Size : 90112 Uninitialized Data Size : 0 Entry Point : 0x4add OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 2 Language Code : Neutral Character Set : Unicode Company Name : Microsoft Feyzmogvamr File Description : Greenlandic Keyboard Layout File Version : 6.0.6000.16386 (edkrn_rtm.061101-2205) Internal Name : kbdgrlnd (3.13) Legal Copyright : © Oscyawtxx Pxpucqjdtev. All rights reserved. Original Filename : kbdgrlnd.dll Product Name : Vhrnqseir® Eipvpsk® Bxmonqxom Vrwqts Product Version : 6.0.6000.16386
VirusTotal Report submitted 2011-04-29 06:09:22
VirusShare info last updated 2012-07-25 04:47:22

	MD5	2753afdda431f55a7458ee56e533a427
	SHA1	2612f0c01205989783316ae29d3f725512304fde
	SHA256	71c95d9bddabadb9830a694f0f29536b6d348c38b753597eabc452caf5067075
SSDeep	6144:qbr47+qinstMgQgRnyoFz8Nr9XFFxTH+likQojkfiIrqsusJX5NLAO:oFq+sGYyo6RZFF9HcQfluaXLLf
Size	334771 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Pirminay.bjk Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Milicenso Panda = Suspicious file nProtect = Backdoor.Generic.550445 K7AntiVirus = Riskware VBA32 = SScope.Trojan.Pirminay.chc TrendMicro-HouseCall = TROJ_SPYPRO.SM Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Generic.dx!vmc DrWeb = Trojan.MulDrop1.60277 TrendMicro = TROJ_SPYPRO.SM Microsoft = TrojanDownloader:Win32/Renos.KC Fortinet = PossibleThreat PCTools = Trojan.Milicenso Jiangmin = Trojan/Pirminay.gy McAfee = Generic.dx!vmc ClamAV = Trojan.Agent-183368 F-Secure = Backdoor.Generic.550445 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Malware-gen F-Prot = W32/FakeAlert.LP.gen!Eldorado AVG = Generic20.BEEO Norman = W32/Obfuscated.L Sophos = Mal/Generic-L Symantec = Trojan.Milicenso GData = Backdoor.Generic.550445 Commtouch = W32/FakeAlert.LP.gen!Eldorado TheHacker = Trojan/Pirminay.bih BitDefender = Backdoor.Generic.550445 NOD32 = a variant of Win32/Kryptik.JIB
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:08:30 13:56:32-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 23040 Initialized Data Size : 603648 Uninitialized Data Size : 0 Entry Point : 0x6552 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.0.0.3422 Product Version Number : 2.0.0.3422 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : Hebrew Character Set : Unicode Comments : Company Name : Microsoft Corporation File Description : Microsoft Agent International Dll File Version : 2.00.0.3422 Internal Name : agt040d Legal Copyright : Copyright (C) Microsoft Corp. 1998 Legal Trademarks : Original Filename : agt040d.dll Private Build : Product Name : Microsoft Agent International Dll Product Version : 2.00.0.3422 Special Build :
VirusTotal Report submitted 2011-05-27 04:47:04
VirusShare info last updated 2012-07-25 04:48:20

	MD5	27888fc332b0580043ed12be2a15b054
	SHA1	dfccdf97279c30e914175e2a482d3fa8553ba172
	SHA256	2ecf056c247d647d69ccf353f632afcf81866cead9ae98930c8858072c539894
SSDeep	1536:bjwPXBrkpESDdXjdmrx/m2YHGcAy9NsM8tosRuF9F83QHeoOVzz:gXGWStEwHGcNzscFv8311z
Size	61440 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Spyware/Virtumonde Rising = Trojan.Win32.Generic.1246E2F3 nProtect = Trojan/W32.Agent.61440.AKN K7AntiVirus = Riskware VirusBuster = Adware.Virtumonde!b0QwoptVWws VBA32 = Trojan.Monder.mmkt TrendMicro-HouseCall = TROJ_GEN.R72C7JM Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Monder.mxzg McAfee-GW-Edition = Vundo!mq DrWeb = Trojan.Virtumod.10128 TrendMicro = TROJ_GEN.R72C7JM Kaspersky = Trojan.Win32.Monder.mxzg Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr Jiangmin = Trojan/Genome.aazr F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.BZ.gen!Eldorado AVG = Generic25.AIZE Norman = W32/Kryptik.AIF GData = Gen:Variant.Vundo.13 Commtouch = W32/Virtumonde.BZ.gen!Eldorado TheHacker = Trojan/Monder.motp BitDefender = Gen:Variant.Vundo.13 NOD32 = Win32/Adware.Virtumonde.NHD
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:06:20 20:36:36-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 19968 Initialized Data Size : 78336 Uninitialized Data Size : 0 Entry Point : 0x5ced OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7000.0 Product Version Number : 6.1.7000.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Control Method Battery Driver File Version : 6.1.7000.0 (winmain_win7beta.081212-1400) Internal Name : cmbatt.sys Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : cmbatt.sys Product Name : Microsoft® Windows® Operating System Product Version : 6.1.7000.0
VirusTotal Report submitted 2011-10-29 23:26:34
VirusShare info last updated 2012-07-25 04:48:37

	MD5	28d60691ab859d45725770e1997b4a28
	SHA1	dbc88a566a66191fed5bc0a742f8b274af933db8
	SHA256	82ace82e47e68d219d4bc4cfddeab89f2e6e88c249cefc79398716beaa4267f6
SSDeep	6144:x7s1o68uAcbcXbh22K0WnpiuqP8XgUop7pk8/XvQZfc:FHJWbcrhnZWnpiX8Xgrp7pkGY
Size	326656 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dldr.Renos.KC.3 Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay Panda = Trj/CI.A nProtect = Trojan/W32.Agent.326656.AW VBA32 = SScope.Trojan.Pirminay.chc TrendMicro-HouseCall = TROJ_GEN.R42C2CC Comodo = UnclassifiedMalware McAfee-GW-Edition = Artemis!28D60691AB85 DrWeb = Trojan.Hosts.4016 TrendMicro = TROJ_GEN.R42C2CC Kaspersky = Trojan.Win32.Pirminay.dpc Microsoft = TrojanDownloader:Win32/Renos.KC PCTools = Trojan.Gen McAfee = Artemis!28D60691AB85 F-Secure = Trojan.Generic.5644600 VIPRE = Trojan.Win32.Generic!SB.0 Avast5 = Win32:Malware-gen AVG = Generic21.AGXK Norman = W32/Obfuscated.L Symantec = Trojan.Gen GData = Trojan.Generic.5644600 TheHacker = Trojan/Pirminay.dpc BitDefender = Trojan.Generic.5644600 NOD32 = probably a variant of Win32/TrojanDownloader.Agent.FHWQHFZ
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:01:26 05:41:59-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 16384 Initialized Data Size : 622592 Uninitialized Data Size : 0 Entry Point : 0x4170 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1.0.0.0 Product Version Number : 6.1.6776.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 1 Language Code : English (U.S.) Character Set : Unicode Company Name : SEIKO EPSON Corp. File Description : EPSON 9Pin/24Pin Printer Driver File Version : 1.00 (fbl_dox_dev_ihvs.080916-0304) Internal Name : EP7MDL05.DLL Legal Copyright : Copyright (C) SEIKO EPSON Corp. Original Filename : EP7MDL05.DLL Product Name : Microsoft® Windows® Operating System Product Version : 6.1.6776.0
VirusTotal Report submitted 2011-05-20 21:47:53
VirusShare info last updated 2012-07-25 04:50:23

	MD5	28d9239ffad4d251d20d8689225dbca0
	SHA1	604cca3d6ea8eea8b9cf36c5af52e801882dfeb2
	SHA256	60355f0d06a0a216715b214fed938c645efff16aaa09d513f97fc86d2826ed9b
SSDeep	1536:wnRlmGeiV9shOSiY/VborLQ3FZ1CnCRJZuZMqqU+NV23S2V:w6GeiYsSiYNbor8kZMqqDLy/V
Size	86528 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:Vundo-JW [Trj] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Fakeav.86528.R Panda = Suspicious file nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!ITMBtFGO1b8 TrendMicro-HouseCall = TROJ_GEN.R72C2FS Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware DrWeb = Trojan.WinSpy.1072 TrendMicro = TROJ_GEN.R72C2FS Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo Jiangmin = Trojan/Generic.gije F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Vundo-JW [Trj] F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.BUX GData = Gen:Variant.Vundo.4 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.owy BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.OWY
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:13 09:32:51-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 32768 Initialized Data Size : 106496 Uninitialized Data Size : 0 Entry Point : 0x8a87 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Softpub Forwarder DLL File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : Softpub Forwarder DLL Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : Softpub Forwarder DLL Product Name : Microsoft® Windows® Operating System Product Version : 6.1.7600.16385
VirusTotal Report submitted 2011-07-22 11:19:57
VirusShare info last updated 2012-07-25 04:50:24

	MD5	2902b329b24e0168b24b2c8e4b72eabc
	SHA1	168bb66f68cadc2c98ee461e86a34e41fdf12081
	SHA256	ca9ae73a112c490c6b2b97488fb0ecda521e246c413edb97c19962a6f38937a0
SSDeep	6144:rydk+LIsQc+h+yNgbVd6sgu0cdOOYho+F5EwiNMd4Jc2l:r1+0sQc+h+GgZd60dNYu+F5Ym2l
Size	291986 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Gendal.6214294 Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.ADH Panda = Suspicious file K7AntiVirus = Riskware VirusBuster = Trojan.DL.Agent!XJf7tVC2AUI eTrust-Vet = Win32/Renos.ZAAC Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = TrojanDownloader.Ponmocup.a McAfee-GW-Edition = Generic Malware.ms Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Ponmocup.A PCTools = Trojan.Gen Jiangmin = Trojan/Generic.hcgp McAfee = Generic Malware.ms F-Secure = Trojan.Generic.6214294 VIPRE = Trojan.Win32.Generic!BT F-Prot = W32/Downldr2.IXCS AVG = Dropper.Generic4.BKG Norman = W32/Obfuscated.L Sophos = Troj/Virtum-Gen GData = Trojan.Generic.6214294 Symantec = Trojan.Gen Commtouch = W32/Downldr2.IXCS TheHacker = Trojan/Downloader.Agent.pxo BitDefender = Trojan.Generic.6214294 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:06:15 05:13:50-04:00 PE Type : PE32 Linker Version : 5.12 Code Size : 290816 Initialized Data Size : 4096 Uninitialized Data Size : 372736 Entry Point : 0xa2270 OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7000.0 Product Version Number : 6.1.7000.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Mdojmgfki Chkdyuxvjyu File Description : IOfficeAntiVirus Module File Version : 6.1.7000.0 (winmain_win7beta.081212-1400) Internal Name : MpOAV Legal Copyright : © Klkkjcuyo Swtfwqjcdca. All rights reserved. Original Filename : MpOAV.dll Product Name : Microsoft® Nykszwk® Ftgzlwyaw Dlwois Product Version : 6.1.7000.0
VirusTotal Report submitted 2011-10-28 05:06:59
VirusShare info last updated 2012-07-25 04:50:37

	MD5	290b22c599aca71c634efc4c77181c01
	SHA1	886f12655bd28953bc12d60d57b3c3250adee285
	SHA256	af5fece20d0742a882248f30310d1a441c32a3d3c56992945e6d31c8c287f310
SSDeep	3072:q98A8Me7T/nxHRr85SVORTN1hCXn1wMwHyaXnTcRJGEvw5uRsxtoIPRZZEB/R:q9mMe7ZRbVfwMwpE4enIO
Size	150016 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:Pirminay-V Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Gen Panda = Trj/CI.A K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!ulxNi9u4KcA TrendMicro-HouseCall = TROJ_GEN.R72C2F8 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Agent.ni SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] TrendMicro = TROJ_GEN.R72C2F8 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo PCTools = Trojan.Gen VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:Pirminay-V AVG = Generic22.BDZJ Symantec = Trojan.Gen GData = Gen:Heur.Ranpax.1 TheHacker = Trojan/Kryptik.ndf BitDefender = Gen:Heur.Ranpax.1 NOD32 = a variant of Win32/Kryptik.NDF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2007:02:25 23:57:15-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 139264 Initialized Data Size : 53248 Uninitialized Data Size : 0 Entry Point : 0x22691 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Sqdxuwjyv Jtzvdxwxyfz File Description : RD Gateway QEC File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : tsgqec.dll Legal Copyright : © Pfsomcmvl Jfkoqfylawb. All rights reserved. Original Filename : tsgqec.dll Product Name : Qidllkosj® Windows® Mphwnomth Jumiqu Product Version : 6.1.7600.16385
VirusTotal Report submitted 2011-06-10 15:19:57
VirusShare info last updated 2012-07-25 04:50:41

	MD5	294aa902a343f2a30010afa8252c6310
	SHA1	23498e0a58b82349574435c58d83fff705f7d481
	SHA256	1aaed3b490108451142a4e72681e3ecdc93ddd56da6cd2b4f42cfc287b4e1819
SSDeep	1536:OPamL0XWL3ofeHsIo0bdO3p3S0nTne0ipUK4NAlmdodZPtSRnkZaa8H+v4mx+H5:OfLScIgs68Y0nLe0ipUvA4qPtSG0levS
Size	92672 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.92672.AV Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Gen Panda = Suspicious file Rising = Trojan.Win32.Generic.1251E911 nProtect = Trojan/W32.Agent.92672.HZ K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_GEN.R26C1F3 Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Vundo!hb DrWeb = Trojan.Siggen2.10779 TrendMicro = TROJ_GEN.R26C1F3 Kaspersky = UDS:DangerousObject.Multi.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Vundo.HB!tr PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.ee McAfee = Vundo!hb F-Secure = Trojan.Generic.4925974 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:Malware-gen F-Prot = W32/Virtumonde.BZ.gen!Eldorado AVG = Generic22.CCPC Norman = W32/Suspicious_Gen2.ICPYV Sophos = Mal/Generic-L Symantec = Trojan.Gen GData = Trojan.Generic.4925974 Commtouch = W32/Virtumonde.BZ.gen!Eldorado BitDefender = Trojan.Generic.4925974 NOD32 = a variant of Win32/Kryptik.HNY
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:03:27 13:46:39-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 78336 Initialized Data Size : 50176 Uninitialized Data Size : 0 Entry Point : 0x13f5d OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.0.2144.1 Product Version Number : 5.0.2144.1 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Gemplus Cryptographic Service Provider Resources File Version : 5.00.2144.1 Internal Name : gpkrsrc.dll Legal Copyright : Copyright (C) Microsoft Corp. 1981-1999 Original Filename : gpkrsrc.dll Product Name : Microsoft(R) Windows (R) 2000 Operating System Product Version : 5.00.2144.1
VirusTotal Report submitted 2011-06-08 05:09:20
VirusShare info last updated 2012-07-25 04:51:01

	MD5	2aa0edf1372e2d41c5877c31aaaeb4f7
	SHA1	826017614cb7727c574d7fe5dac195942676e0e5
	SHA256	aebbfcf630f053b994d00aba9a24bf4e3d50baf577417d223bb5b200c726dc12
SSDeep	6144:PTbPmLJRH4Xga7rfDOSMhTnMZDW5A0y3a0HKvc8WCso/K3FS/8CJvb:POvHFqeTnkDa61KkNCs3I/8CB
Size	381312 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.XPACK.Gen3 Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Suspicious file K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_GEN.R72C2F8 Comodo = TrojWare.Win32.Trojan.Agent.Gen Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Pirminay.icn McAfee-GW-Edition = Heuristic.BehavesLike.Win32.Downloader.H TrendMicro = TROJ_GEN.R72C2F8 Kaspersky = Trojan.Win32.Pirminay.icn Microsoft = TrojanDownloader:Win32/Ponmocup.A PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.aha McAfee = Downloader.a!cm F-Secure = Trojan.Generic.6114751 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Vundo-JU [Trj] F-Prot = W32/Ponmocup.A.gen!Eldorado AVG = Generic22.BDUT Norman = W32/Obfuscated.L Symantec = Trojan.Gen GData = Trojan.Generic.6114751 Commtouch = W32/Ponmocup.A.gen!Eldorado BitDefender = Trojan.Generic.6114751 NOD32 = a variant of Win32/Kryptik.LLT
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:04:03 00:00:25-05:00 PE Type : PE32 Linker Version : 7.0 Code Size : 356352 Initialized Data Size : 307200 Uninitialized Data Size : 0 Entry Point : 0x542c7 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : WMI IPMI DRIVER File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : IPMIDRV.Sys Legal Copyright : © OSA Technologies, Inc., an Avocent Company, All Rights Reserved. © Microsoft Corporation. All rights reserved. Original Filename : IPMIDRV.Sys Product Name : Microsoft® Windows® Operating System Product Version : 6.1.7600.16385
VirusTotal Report submitted 2011-08-11 15:42:56
VirusShare info last updated 2012-07-25 04:52:42

	MD5	2ab8f86da221febebf668094b570d6ba
	SHA1	1b857b09462e6a3db62cdff835a9800b005a7c59
	SHA256	e0a04b1a7c1118e742a055a8656bc01ede0ed9dfd5521d82b04a5b9e89fba3d7
SSDeep	768:VROHFLywpT9Fvx4CJuH/gf8TXfCyQu79t295QfgueaIVxc3AGO9dEwhg:VROHF39VxRJufw8TpQoM5Q4L/eXO9dx
Size	45568 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.AV.800 Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Suspicious file Rising = Trojan.Win32.Generic.12734DE5 nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_GEN.R49C7JL Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Artemis!2AB8F86DA221 Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = HeurEngine.MaliciousPacker McAfee = Artemis!2AB8F86DA221 F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.BZ.gen!Eldorado AVG = Generic25.AFSE Norman = W32/Kryptik.AIF GData = Gen:Variant.Vundo.4 Symantec = Packed.Generic.305 Commtouch = W32/Virtumonde.BZ.gen!Eldorado BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.IRI
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:06:18 13:42:09-04:00 PE Type : PE32 Linker Version : 5.12 Code Size : 5120 Initialized Data Size : 75776 Uninitialized Data Size : 0 Entry Point : 0x21cd OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1999.10.20.0 Product Version Number : 7.0.8.19 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Windows, Latin1 Platform : NT INTEL X86 Company Name : Microsoft Corporation File Description : Unicode Function .DLL for SQL Enterprise Components File Version : 1999.10.20 Internal Name : SQLWID Legal Copyright : Copyright © Microsoft Corp. 1988-1998 Legal Trademarks : Microsoft® is a registered trademark of Microsoft Corporation. Windows(TM) is a trademark of Microsoft Corporation Original Filename : SQLWID.DLL Product Name : Microsoft SQL Server Product Version : 7.00.819 Comments : NT INTEL X86
VirusTotal Report submitted 2011-10-21 17:25:56
VirusShare info last updated 2012-07-25 04:52:51

	MD5	2aebf8788dd070db69283f90f5bfe917
	SHA1	0cedd41dc1f80f3643efcc53205df1bec5f062e6
	SHA256	ddeeb3184856319b18b7fd6f440ce153aded4d7857240219e6f813662331604a
SSDeep	1536:U4IwSC/UXuY28bQJjml9I3k3lQ36QDkURnE:Upwx8b20QJj83lQ39k8n
Size	49664 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.AV.609 Avast = Win32:MalOb-GH [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Malware/Win32.Generic Panda = Trj/CI.A TrendMicro-HouseCall = TROJ_GEN.R72C2G4 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Artemis!2AEBF8788DD0 TrendMicro = TROJ_GEN.R72C2G4 Microsoft = Trojan:Win32/Vundo.gen!AV ViRobot = Trojan.Win32.Vundo.49664 PCTools = Trojan.Gen McAfee = Artemis!2AEBF8788DD0 F-Secure = Trojan.Generic.KDV.277793 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-GH [Cryp] AVG = Generic23.AMSY Symantec = Trojan.Gen GData = Trojan.Generic.KDV.277793 TheHacker = Trojan/Kryptik.ocu BitDefender = Trojan.Generic.KDV.277793 NOD32 = a variant of Win32/Kryptik.OCU
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2004:08:16 10:16:46-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 40960 Initialized Data Size : 49152 Uninitialized Data Size : 0 Entry Point : 0xaeb1 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2001.12.4414.258 Product Version Number : 3.0.0.4414 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Windows, Latin1 Company Name : Yzwibhlqj Ewifvhxbtkz File Description : Simple Kernel-mode File-based Log File Version : 2001.12.4414.258 Internal Name : txflog.sys Legal Copyright : Copyright (C) Microsoft Corp. 1995-1999 Legal Trademarks : Qfvwqsgxa(R) is a registered trademark of Ighyzngxg Psbzwdzhbpn. Pbnyczd(TM) is a trademark of Zlpagiibr Klpywuagrfb Product Name : COM Services Product Version : 03.00.00.4414
VirusTotal Report submitted 2011-07-06 05:54:17
VirusShare info last updated 2012-07-25 04:53:08

	MD5	2b7bdffd9418a6c38f55a596a8450125
	SHA1	8c3f37dcee8c352e21dced479af0b5d5db96770c
	SHA256	835d84bb532bec5a47011e2e220d3b50fccf0fb01445ca46164df37c9b747c50
SSDeep	3072:Pa+/KWbjlGfzVABUF4fPoGbyMl184xCN0/TP7ZGVMFnf:Pa+/vvlhUV1+SuP7Zrn
Size	113152 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-GD [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Gen Panda = Trj/CI.A VirusBuster = Trojan.Kryptik!o7zy3UyKghw eTrust-Vet = Win32/Monder.A!generic TrendMicro-HouseCall = TROJ_GEN.R1BC1G2 Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Vundo!iz TrendMicro = TROJ_GEN.R1BC1G2 Microsoft = Trojan:Win32/Vundo Fortinet = W32/VUNDO.IZ!tr PCTools = Trojan.Gen McAfee = Vundo!iz F-Secure = Gen:Heur.Ranpax.1 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-GD [Cryp] eSafe = Win32.TRVundo AVG = Generic21.CNRY Norman = W32/Suspicious_Gen2.NCPVD Symantec = Trojan.Gen GData = Gen:Heur.Ranpax.1 TheHacker = Trojan/Kryptik.llt BitDefender = Gen:Heur.Ranpax.1 NOD32 = a variant of Win32/Kryptik.LLT
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:11:23 05:47:40-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 65536 Initialized Data Size : 90112 Uninitialized Data Size : 0 Entry Point : 0xce15 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.0 Product Version Number : 5.2.3790.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Ngkbndsuq Ubfeecpttmk File Description : Command line Event Trigger WMI Consumer Provider File Version : 5.2.3790.0 (srv03_rtm.030324-2048) Internal Name : CmdEvTgProv.dll Legal Copyright : © Axtbykvny Ynbmbrmyxca. All rights reserved. Original Filename : EvTgProv.dll Product Name : Gbfgecqkr® Zjiawmq® Mmuqbdpki Dfvvjs Product Version : 5.2.3790.0
VirusTotal Report submitted 2011-07-13 19:14:26
VirusShare info last updated 2012-07-25 04:53:48

	MD5	2e5485f9f859f11655889835b6300dfb
	SHA1	08422ed77b6db6ab44db19afaf480d652e368b84
	SHA256	35815a237cbbcae25287307498ae4c3f808fefa8a98ff29494e848d007f23bbe
SSDeep	3072:4rTbK/vMgtjT/cWgfhmfCVWxz6S5owCxeMhPG+LIdi:STbEEgNgmKVWxzLJuG+g
Size	157184 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-GD Ikarus = Trojan.Win32.Pirminay Panda = Suspicious file nProtect = Gen:Variant.Vundo.4 VirusBuster = Trojan.Kryptik!/I3AAd5mC3M SUPERAntiSpyware = Trojan.Agent/Gen-Faldesc[RE] F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-GD AVG = Generic22.XIB GData = Gen:Variant.Vundo.4 BitDefender = Gen:Variant.Vundo.4 NOD32 = probably a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2002:08:30 20:37:39-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 81920 Initialized Data Size : 122880 Uninitialized Data Size : 0 Entry Point : 0x116ca OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1.0.7000.0 Product Version Number : 1.0.7000.0 File Flags Mask : 0x0003 File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Nuafasjto Qyqlfxefiap File Description : Oxoolhuhi ® Script Control File Version : 1.0.7000.0 Internal Name : msscript.dll Legal Copyright : © Microsoft Izfzbyenwcn. All rights reserved. Original Filename : msscript.dll Product Name : Tqcnjrlom ® Script Control Product Version : 1.0.7000.0
VirusTotal Report submitted 2011-06-21 21:07:21
VirusShare info last updated 2012-07-25 04:57:43

	MD5	2eb7064e25a8df8b20806ba2ddbb58d2
	SHA1	c5949d5ef833da49edc9e7a6a7ebb3b09a6ed2ce
	SHA256	9aa58bd476b1b5b6ed1ef6af3a6de48ee3cca4df42d00f14dbbeab16e702181d
SSDeep	3072:uQknHMd6OSKmESalq3EwZQ55+q4/FLhEb6cYfzcfxhxrx+:Ons8OSKmEZluEwZmK/F26cYd
Size	136704 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.5.4 Avast = Win32:MalOb-EI Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Gen Panda = Suspicious file nProtect = Gen:Variant.Vundo.5 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!InynfjUYod8 TrendMicro-HouseCall = TROJ_GEN.R47C3AH Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Agent.ni McAfee-GW-Edition = Generic.dx!vkt TrendMicro = TROJ_GEN.R47C3AH Kaspersky = UDS:DangerousObject.Multi.Generic Microsoft = Trojan:Win32/Vundo PCTools = Trojan.Gen McAfee = Generic.dx!vkt F-Secure = Gen:Variant.Vundo.5 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:MalOb-EI F-Prot = W32/Virtumonde.BZ.gen!Eldorado AVG = Cryptic.BRJ Norman = W32/Suspicious_Gen2.HYHJB Sophos = Mal/Generic-L Symantec = Trojan.Gen GData = Gen:Variant.Vundo.5 Commtouch = W32/Virtumonde.BZ.gen!Eldorado BitDefender = Gen:Variant.Vundo.5 NOD32 = a variant of Win32/Kryptik.ITU
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2005:04:06 03:35:39-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 116224 Initialized Data Size : 54272 Uninitialized Data Size : 0 Entry Point : 0x1d48d OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.0 Product Version Number : 5.2.3790.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : IPv6 Security Configuration Utility File Version : 5.2.3790.0 (srv03_rtm.030324-2048) Internal Name : ipsec.exe Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : ipsec.exe Product Name : Microsoft® Windows® Operating System Product Version : 5.2.3790.0
VirusTotal Report submitted 2011-06-18 00:20:22
VirusShare info last updated 2012-07-25 04:58:15

	MD5	2ec92a1aaba994434a5df57e7fdabc53
	SHA1	c6a7f2e5019ba0649139e5476f2ad972b027a2dd
	SHA256	57a98c134f6fe13fd39c1db0c0d23699c7964f7d095653ac0e0549790292fb82
SSDeep	3072:S+e66rU50oY8ACiM+VcXD/6SdFzyMqqDLy/aoDbc:dekzy0DhFzRqqDLua
Size	131072 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:Vundo-JX Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.4 VirusBuster = Trojan.Vundo.AKMH Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Artemis!2EC92A1AABA9 Microsoft = Trojan:Win32/Vundo.gen!AV PCTools = Trojan.Gen McAfee = Generic.evx!a F-Secure = Gen:Variant.Vundo.4 Avast5 = Win32:Vundo-JX eSafe = Win32.TRVundo AVG = Generic23.AAJC Norman = W32/Suspicious_Gen2.NACHT Symantec = Trojan.Gen GData = Gen:Variant.Vundo.4 BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:05 18:48:40-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 86016 Initialized Data Size : 86016 Uninitialized Data Size : 0 Entry Point : 0x151a7 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.1.4026.0 Product Version Number : 2.0.0.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : Ncpniezam Kdqqjqacykd File Description : Movie Maker Filters File Version : 2, 1, 4026, 0 Internal Name : WMM2FILT Legal Copyright : Copyright (C) Lfwckqjlh Corp, 2004 Legal Trademarks : Original Filename : WMM2FILT.DLL Private Build : Product Name : Windows Movie Maker Product Version : 2.1.4026.0 Special Build :
VirusTotal Report submitted 2011-06-29 15:28:29
VirusShare info last updated 2012-07-25 04:58:21

	MD5	2f9d26a6a0d00a0aeeef93519a3c704f
	SHA1	53628883c7a1685f97f3bddd160176f64467ef31
	SHA256	96583879a23d538bb888b29cadbdcc26cd78e3f359c77b908b6f6d4f4849b8ce
SSDeep	3072:S++66rU50oY8AC87F3cXq1r9Y3wdFzLMqqDLy/5oDbc:leka90qr1FzoqqDLu5
Size	131072 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:Vundo-JX [Trj] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/Genetic.gen nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware VirusBuster = Trojan.Vundo.AKMH eTrust-Vet = Win32/Vundo.HPV!genus TrendMicro-HouseCall = TROJ_GEN.R72C2G4 Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Artemis!2F9D26A6A0D0 TrendMicro = TROJ_GEN.R72C2G4 Microsoft = Trojan:Win32/Vundo.gen!AV PCTools = Trojan.Gen McAfee = Artemis!2F9D26A6A0D0 F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Vundo-JX [Trj] eSafe = Win32.TRVundo AVG = Generic23.XML Norman = W32/Suspicious_Gen2.MZNMT Symantec = Trojan.Gen GData = Gen:Variant.Vundo.4 BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:05 18:48:40-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 86016 Initialized Data Size : 86016 Uninitialized Data Size : 0 Entry Point : 0x151a7 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.1.4026.0 Product Version Number : 2.0.0.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : Ncpniezam Kdqqjqacykd File Description : Movie Maker Filters File Version : 2, 1, 4026, 0 Internal Name : WMM2FILT Legal Copyright : Copyright (C) Lfwckqjlh Corp, 2004 Legal Trademarks : Original Filename : WMM2FILT.DLL Private Build : Product Name : Windows Movie Maker Product Version : 2.1.4026.0 Special Build :
VirusTotal Report submitted 2011-07-11 23:55:07
VirusShare info last updated 2012-07-25 04:59:21

	MD5	31682b11c5fea68672c0c812ec927b17
	SHA1	27c273a80e1e4a7cf5458159d356e01e1b3b5194
	SHA256	9a493a231381e1007dc589d6c95c03dff7c501c00300fdbd0fa8d94ecd698845
SSDeep	768:PGlFIBbl6XVYGLkT7h21tycL/kPHkCxA8Eucr+MJyObRDSJopNkCsI:P2IBbU8E1AjprcsOtyopNk4
Size	69632 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:MalOb-EI Antiy-AVL = Trojan/Win32.Monder.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Vundo Panda = Trj/CI.A nProtect = Trojan/W32.Monder.69632.L K7AntiVirus = Trojan VirusBuster = Trojan.Monder!ySVuFSeoi9I TrendMicro-HouseCall = TROJ_GEN.R72C2F7 Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Faldesc[RE] McAfee-GW-Edition = Artemis!31682B11C5FE DrWeb = Trojan.Smardec.58 TrendMicro = TROJ_GEN.R72C2F7 Kaspersky = Trojan.Win32.Monder.miwj Microsoft = Trojan:Win32/Vundo Fortinet = W32/Monder.MIWJ!tr Jiangmin = Trojan/Monder.aahh McAfee = Artemis!31682B11C5FE F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-EI AVG = Generic22.BCXS GData = Gen:Variant.Vundo.4 BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.NDF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:11:23 16:38:47-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 49152 Initialized Data Size : 49152 Uninitialized Data Size : 0 Entry Point : 0xbf81 OS Version : 4.0 Image Version : 9.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.1106 Product Version Number : 5.1.2600.1106 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Nimybltgr Xypkzmsxjwz File Description : Cplffpxds DirectMusic Scripting File Version : 5.1.2600.1106 (xpsp1.020828-1920) Internal Name : Lqlbuiifh DirectMusic Scripting Legal Copyright : © Xpmyvicde Nuzgyszckie. All rights reserved. Original Filename : dmscript.dll Product Name : Ehrtaizdy® Xkyordn® Fpyueukmy System Product Version : 5.1.2600.1106
VirusTotal Report submitted 2011-06-22 05:03:29
VirusShare info last updated 2012-07-25 05:01:36

	MD5	318cf20ce8232b9ad54aaf17c34a3963
	SHA1	df1daafee7e18e4a501136d18c68fba90d156461
	SHA256	e10171f3a58645d38b23445ad673e0408883e9d52b30a4bfe889009a5e4eb6d0
SSDeep	12288:1D7yhPicWN8xHA5unp5Zx2vIAsIa6Riy2I6R:RyktOxHAYnHZD6Va
Size	455188 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dldr.Ponmocup.A.206 Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Malware/Win32.Generic nProtect = Trojan.Generic.KDV.187412 K7AntiVirus = Riskware ViRobot = Trojan.Win32.Generic.455188 F-Secure = Trojan.Generic.KDV.187412 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Vundo-JU AVG = Generic22.EIL Sophos = Mal/Ponmocup-B GData = Trojan.Generic.KDV.187412 TheHacker = Trojan/Kryptik.lxf BitDefender = Trojan.Generic.KDV.187412 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:01:08 02:07:09-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 69632 Initialized Data Size : 749568 Uninitialized Data Size : 0 Entry Point : 0xe7cf OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.1830 Product Version Number : 5.2.3790.1830 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 6 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : MS Remote Access and Routing ARP Driver File Version : 5.2.3790.1830 (srv03_sp1_rtm.050324-1447) Internal Name : WANARP.SYS Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : WANARP.SYS Product Name : Microsoft® Windows® Operating System Product Version : 5.2.3790.1830
VirusTotal Report submitted 2011-05-31 01:37:16
VirusShare info last updated 2012-07-25 05:01:43

	MD5	31bcac9a09989c3424f3bc6e67b04511
	SHA1	61d8ed5cf4b72acd37b71dd2d5d0f42805800244
	SHA256	fd8a90df11df6c9e265be503bb05e83f22527facabe3a247f10301fea33ec476
SSDeep	1536:z0hSYj4dtNJu3G8fNE53wamFILh01Y3hyNSJY6Y9l/MqqU+NV23S20Mnew:z0hG81E53wSyy77Cl/MqqDLy/0Zw
Size	115712 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-HF [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Trj/Genetic.gen nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware VirusBuster = Adware.Virtumonde.Gen.2 eTrust-Vet = Win32/Monder.A!generic TrendMicro-HouseCall = TROJ_GEN.R4FC1JO Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Win32.Trojan.Monder.co.5 SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Generic Malware.j!pec TrendMicro = TROJ_GEN.R4FC1JO Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.ijpf McAfee = Generic Malware.j!pec F-Secure = Gen:Variant.Vundo.4 F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.BHWY Norman = W32/Crypt.AWAT Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.qgj BitDefender = Gen:Variant.Vundo.4 NOD32 = Win32/Adware.Virtumonde.NHD
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:07:28 14:37:02-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 73728 Initialized Data Size : 90112 Uninitialized Data Size : 0 Entry Point : 0xe9c6 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.0.5.53 Product Version Number : 2.0.5.53 File Flags Mask : 0x30003f File Flags : Pre-release, Private build File OS : Windows 16-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Windows, Latin1 Active Movie : Filter dll OLE Self Register : AM20 Company Name : Intel Ereuuuegcnp File Description : Indeo® audio software File Version : 2.05.53 Internal Name : iac25_32.ax Legal Copyright : Copyright © Intel Corp. 1997 Original Filename : iac25_32.ax Product Name : Indeo® audio software Product Version : 2.05.53
VirusTotal Report submitted 2011-10-29 05:53:48
VirusShare info last updated 2012-07-25 05:01:56

	MD5	32d7e85bdd69ab8809127a11af0d3332
	SHA1	1f644d68582ea3845b7428ec97750fd154f17314
	SHA256	bb8578d45f93f8e7d5b1f15d33a14fe4d9e6f07a5dbbbc1cacd2f3a1b9b50a4f
SSDeep	1536:2IN77NOSZ+17Hb02PQlBuqJ1ZLUggguaz20jOExXwDHdfrAGKrNuDe:RNHD27fkuanUgg1aaErxXwhz9gw6
Size	92160 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/VB.Downloader.Gen Avast = Win32:Hosts-J [Trj] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Swisyn Rising = Trojan.Win32.QHost.awf nProtect = Trojan/W32.Swisyn.92160.D K7AntiVirus = Trojan VirusBuster = Trojan.Swisyn!whPY1JLc4mw VBA32 = SScope.Trojan.VB.0609 eTrust-Vet = Win32/Swisyn.R TrendMicro-HouseCall = TROJ_FAM_00001e3.TOMA Emsisoft = Trojan.Win32.Pirminay!IK Comodo = TrojWare.Win32.Swisyn.C CAT-QuickHeal = TrojanDownloader.Ponmocup.A3 SUPERAntiSpyware = Trojan.Agent/Gen-HackHost McAfee-GW-Edition = Heuristic.BehavesLike.Win32.Downloader.D DrWeb = Trojan.Hosts.303 TrendMicro = TROJ_FAM_00001e3.TOMA Kaspersky = Trojan.Win32.Swisyn.jyb ViRobot = Trojan.Win32.Swisyn.65024 Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Swisyn.CQV!tr PCTools = Malware.Changeup Jiangmin = Trojan/Swisyn.cby ClamAV = Trojan.VB-43290 VIPRE = Trojan.Win32.Swisyn.jyb (v) Avast5 = Win32:Hosts-J [Trj] F-Prot = W32/Swisyn.E.gen!Eldorado Sophos = Mal/Swisyn-D Commtouch = W32/Swisyn.E.gen!Eldorado TheHacker = Trojan/Swisyn.jyb NOD32 = Win32/Qhost.NRX
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:13 10:28:38-04:00 PE Type : PE32 Linker Version : 6.0 Code Size : 8192 Initialized Data Size : 8192 Uninitialized Data Size : 0 Entry Point : 0x1088 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2011-08-01 17:20:10
VirusShare info last updated 2012-07-25 05:03:23

	MD5	339db8ef64ea8b2f47401864ae10bf50
	SHA1	0caf1a3816ee86aef8e11800585e1af64e9a1797
	SHA256	37467ee4030f543ff556c7298874164ee64e9db8deb2fe87de332eb201b8be03
SSDeep	1536:ukFAWw2uIR+JoPMqqU+NV23S2n8VkFS+FcHmCnzuaUkYUhnQFOo0UT6PpGiD:ukrTngoPMqqDLy/QVzLSkYHFO5si
Size	102400 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.AV.573 Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Gen Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.16 VirusBuster = Trojan.Kryptik!ghzhqVO+gbI TrendMicro-HouseCall = TROJ_GEN.R1BC2FI Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Vundo!ke DrWeb = Trojan.WinSpy.238 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen McAfee = Vundo!ke F-Secure = Trojan.Generic.KDV.249993 VIPRE = Virtumonde eSafe = Win32.TRVundo AVG = Generic23.NJ Norman = Vundo.UUS Sophos = Troj/Virtum-Gen GData = Trojan.Generic.KDV.249993 Symantec = Trojan.Gen TheHacker = Trojan/Kryptik.oxp BitDefender = Trojan.Generic.KDV.249993 NOD32 = a variant of Win32/Kryptik.OXP
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:01:23 05:31:25-05:00 PE Type : PE32 Linker Version : 5.12 Code Size : 28672 Initialized Data Size : 118784 Uninitialized Data Size : 0 Entry Point : 0x3b6a OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 7.0.0.0 Product Version Number : 5.2.3790.1230 File Flags Mask : 0x003f File Flags : Private build File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Unicode Company Name : Adaptec, Inc. File Description : Adaptec Jfccjbr Ultra320 Driver File Version : 7.0.000.000 (NT.040809-2325) Internal Name : PH 3.0 MS_V98 V564 bw01 - RTC03 Legal Copyright : Copyright © 2003 Adaptec, Inc. All rights reserved. Original Filename : adpu320.sys Product Name : Adaptec Uvsvqsj Ultra320 Family Driver Product Version : 5.2.3790.1230
VirusTotal Report submitted 2011-10-20 19:22:56
VirusShare info last updated 2012-07-25 05:04:19

	MD5	33f62a861935d3b8b009461eccc7b473
	SHA1	a3ae014012db0c579d414786f24ad1c186d243f8
	SHA256	21d9543e503276b4454e0e14a732d8dde666e0f3dca2b034a497af47a4283b9c
SSDeep	3072:qr1CgakAH7ctjAoL1GFmxweCrf7aTiA4JfULm7bEo7jC1F:qrPak1UoLI4weuG8J8LmPBo
Size	120832 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-GD [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Gen Panda = Trj/CI.A K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!UZFtfjMvlc4 TrendMicro-HouseCall = TROJ_GEN.R72C2F9 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Vundo!kd DrWeb = Trojan.WinSpy.1073 TrendMicro = TROJ_GEN.R72C2F9 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV PCTools = Trojan.Gen Jiangmin = Trojan/Generic.imrk McAfee = Vundo!kd F-Secure = Trojan.Generic.6102766 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-GD [Cryp] F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.BUBD Sophos = Troj/Virtum-Gen GData = Trojan.Generic.6102766 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.npn BitDefender = Trojan.Generic.6102766 NOD32 = a variant of Win32/Kryptik.NPN
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:14 13:39:47-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 69632 Initialized Data Size : 94208 Uninitialized Data Size : 0 Entry Point : 0x11a81 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1.3.0.3130 Product Version Number : 1.3.0.3130 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Jywyluocc Vhpbrgajfmp File Description : TDC ActiveX Control File Version : 1, 3, 0, 3130 Internal Name : TDC Legal Copyright : Copyright © 1996, 1997 Original Filename : TDC.OCX Product Name : Tabular Data Control Product Version : 1, 3, 0, 3130
VirusTotal Report submitted 2011-09-04 14:22:37
VirusShare info last updated 2012-07-25 05:04:41

	MD5	34345bbafc22e08e53e9082e4ea22ca2
	SHA1	8a04abf57758645b3b567468b9bfca376df5a02d
	SHA256	c8d170b0ea76abd77317bd1240b2b76f7d7e2d80077a75daac2a5d5ef1e9fc32
SSDeep	1536:52SeEhw2uIR+boPMqqU+NV23S2n8VkFS+FcHmCnzuaUkYUhnQFOo0UT6PpUiD:ESnTnOoPMqqDLy/QVzLSkYHFO5Ci
Size	102400 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.AV.573 Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Gen Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.16 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!8wKarz7Mp2I TrendMicro-HouseCall = TROJ_GEN.R1BC2FJ Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Vundo!iz DrWeb = Trojan.WinSpy.238 TrendMicro = TROJ_GEN.R1BC2FJ Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen McAfee = Vundo!iz F-Secure = Trojan.Generic.KDV.270312 VIPRE = Trojan.Win32.Generic!BT eSafe = Win32.TRVundo.Av AVG = Generic23.NJ Norman = Vundo.UUS Sophos = Troj/Virtum-Gen GData = Trojan.Generic.KDV.270312 Symantec = Trojan.Gen TheHacker = Trojan/Kryptik.oxp BitDefender = Trojan.Generic.KDV.270312 NOD32 = a variant of Win32/Kryptik.OXP
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:01:23 05:31:25-05:00 PE Type : PE32 Linker Version : 5.12 Code Size : 28672 Initialized Data Size : 118784 Uninitialized Data Size : 0 Entry Point : 0x3b6a OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 7.0.0.0 Product Version Number : 5.2.3790.1230 File Flags Mask : 0x003f File Flags : Private build File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Unicode Company Name : Adaptec, Inc. File Description : Adaptec Jfccjbr Ultra320 Driver File Version : 7.0.000.000 (NT.040809-2325) Internal Name : PH 3.0 MS_V98 V564 bw01 - RTC03 Legal Copyright : Copyright © 2003 Adaptec, Inc. All rights reserved. Original Filename : adpu320.sys Product Name : Adaptec Uvsvqsj Ultra320 Family Driver Product Version : 5.2.3790.1230
VirusTotal Report submitted 2011-10-21 08:39:31
VirusShare info last updated 2012-07-25 05:04:58

	MD5	34adfd2291b86886a13f413fb8a4315a
	SHA1	cb0911ed708c2114b487bc80426ce9e7b2434078
	SHA256	e37ed8c0cc2ed47e78eb90f215eac5df8bd0b442819168e134098dca5cf5d2ec
SSDeep	6144:gGMRzkGlUKQryU8ej6M17RZVmigfflZkORnPPB1lOfGio:gGMRkKQV+MtRcfbp51lOfW
Size	311296 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Spy.ZBot.34.51 Avast = Win32:Zbot-NDU [Trj] Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Pirminay.311296.G Panda = Generic Trojan nProtect = Trojan/W32.Pirminay.311296 K7AntiVirus = Trojan VirusBuster = Trojan.Pirminay!3c031/6UyM0 VBA32 = Trojan.Pirminay.hxr eTrust-Vet = Win32/Pirminay.JJ TrendMicro-HouseCall = TROJ_QHOST.YRA Comodo = TrojWare.Win32.Trojan.Agent.Gen Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Pirminay.hxr McAfee-GW-Edition = Generic Downloader.x!fyy DrWeb = Trojan.DownLoader3.13029 TrendMicro = TROJ_QHOST.YRA Kaspersky = Trojan.Win32.Pirminay.hxr Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Pirminay.HXR!tr PCTools = Backdoor.Trojan McAfee = Generic Downloader.x!fyy F-Secure = Trojan.Zbot.HQZ VIPRE = Packed.Trojan.Win32.Generic eSafe = Win32.Kryptik.Nhm F-Prot = W32/Trojan2.NNWY AVG = SHeur3.CCVM Norman = W32/Obfuscated.L Sophos = Mal/Generic-L GData = Trojan.Zbot.HQZ Symantec = Backdoor.Trojan Commtouch = W32/Trojan2.NNWY TheHacker = Trojan/Pirminay.hxr BitDefender = Trojan.Zbot.HQZ NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:12:10 11:47:18-05:00 PE Type : PE32 Linker Version : 5.12 Code Size : 294912 Initialized Data Size : 282624 Uninitialized Data Size : 0 Entry Point : 0x48816 OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.398.613.2003 Product Version Number : 5.398.613.2003 File Flags Mask : 0x003f File Flags : Private build File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 6 Language Code : English (U.S.) Character Set : Unicode Company Name : Realtek Semiconductor Corporation File Description : Realtek RTL8139 NDIS 5.0 Driver File Version : 5.398.613.2003 built by: WinDDK Internal Name : RTL8139.SYS Legal Copyright : Copyright (C) 1994-2003 Realtek Semiconductor Uawxklfledv Original Filename : RTL8139.SYS Product Name : Realtek RTL8139 Family Fast Ethernet Adapter Product Version : 5.398.613.2003
VirusTotal Report submitted 2011-10-21 09:11:12
VirusShare info last updated 2012-07-25 05:05:32

	MD5	34b84947b61cd72abb842187e761f3bd
	SHA1	e68c27752c03168b64a0942c651498d59ee5b25e
	SHA256	1d8547a7ba5ed7467e3eef7c4469d716232358f1c7749d4abd63443b96fba6a8
SSDeep	6144:v6IpECjb5FDo573XvttMPyvOQhh8XbHEyT89ln0sYcSEFs2s6:vbjVuPMPyG/XrEyYP0zN2s6
Size	339968 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.ZPACK.Gen Avast = Win32:Pirminay-W Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Generic Trojan nProtect = Trojan.Generic.KDV.239440 VirusBuster = Trojan.Pirminay!rtOq9qZripI VBA32 = Trojan.Pirminay.hvr Comodo = TrojWare.Win32.Trojan.Agent.Gen McAfee-GW-Edition = Artemis!34B84947B61C DrWeb = Trojan.DownLoader3.10828 Kaspersky = Trojan.Win32.Pirminay.hvr Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Pirminay.HVR!tr PCTools = Trojan.Milicenso McAfee = Artemis!34B84947B61C F-Secure = Trojan-Dropper:W32/Agent.DTAN VIPRE = Packed.Win32.Pirminay.a (v) Avast5 = Win32:Pirminay-W eSafe = Win32.TRCrypt.ZPACK AVG = SHeur3.CCKC Norman = W32/Obfuscated.L Sophos = Mal/Generic-L Symantec = Trojan.Milicenso GData = Trojan.Generic.KDV.239440 TheHacker = Trojan/Pirminay.hvr BitDefender = Trojan.Generic.KDV.239440
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:06:13 20:54:04-04:00 PE Type : PE32 Linker Version : 5.12 Code Size : 323584 Initialized Data Size : 323584 Uninitialized Data Size : 0 Entry Point : 0x4fbf0 OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.0.2195.6655 Product Version Number : 5.0.2195.6655 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Unicode Company Name : Wrcxasyyk Fgcyadlvnof File Description : Wgbyntfzv Infra-Red Communications Driver File Version : 5.00.2195.6655 Internal Name : msircomm.sys Legal Copyright : Copyright (C) Rhpcgjadc Corp. 1981-1999 Original Filename : msircomm.sys Product Name : Ralasbpoz(R) Ceqiuqe (R) 2000 Qquhcbotz Nmypca Product Version : 5.00.2195.6655
VirusTotal Report submitted 2011-06-15 17:13:08
VirusShare info last updated 2012-07-25 05:05:34

	MD5	352aba6ea4a0e0eb19cd78232ec0099d
	SHA1	56d2e7fdb07ee0d491977e0ef55fc27ccf38cccf
	SHA256	1452ee6ffa146da923c15b2af22e12534216bfe4cde7f6cee2a3e4ec15ab7e3c
SSDeep	3072:wGHFkGqOhgrR0c40/TpuvVJ9zzrtJoLNNwX0e5S1iya8ncVUTBabu6lcA:wGlkGqNr2v0/TpuvNzNJ+NgdyEoBabu
Size	184320 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.XPACK.Gen3 Avast = Win32:Trojan-gen Antiy-AVL = Trojan/win32.agent.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Generic Trojan nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!3joxFAXDsNU eTrust-Vet = Win32/Monder.A!generic TrendMicro-HouseCall = TROJ_GEN.R1BC2F5 Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Vundo!ke TrendMicro = TROJ_GEN.R1BC2F5 Kaspersky = Trojan.Win32.Monder.mxll Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Monder.BMF!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.lwig McAfee = Vundo!ke F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.AUBG Norman = W32/Suspicious_Gen2.MPNSK Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.myi BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.MYI
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:31 12:06:51-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 118784 Initialized Data Size : 98304 Uninitialized Data Size : 0 Entry Point : 0x1a9b1 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.0 Product Version Number : 5.2.3790.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 2 Language Code : Neutral Character Set : Unicode Company Name : Faypbgpqo Njholmezrjd File Description : Czech_Programmer's Keyboard Layout File Version : 5.2.3790.0 (srv03_rtm.030324-2048) Internal Name : kbdcz2 (3.12) Legal Copyright : © Zuyqzmkev Djowezfxmbr. All rights reserved. Original Filename : kbdcz2.dll Product Name : Nysysiguv® Warsvxq® Ysdcassbv Crxeys Product Version : 5.2.3790.0
VirusTotal Report submitted 2011-10-21 09:12:25
VirusShare info last updated 2012-07-25 05:06:06

	MD5	353cf4b7c793d314dda6d5ec1a626199
	SHA1	b6d1afd2a3c534818eead829ef941c8d9def709c
	SHA256	a30d0e1a2fb4727a5a080dd1af745a8b97fe54f417170dd515b2be335663824b
SSDeep	1536:kiQocdfxH1fY6wjJvymYKm+htzylAMnxc3izUv/PyFrzq6O58UkFmyhBWxRAyGOO:kroc5VOBymjhtzG/xsWUv3yMLvkFm7mH
Size	71680 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Menti Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.14 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!YCDh/MnpJs0 VBA32 = AdWare.SuperJuan.heur TrendMicro-HouseCall = TROJ_GEN.R4FC2FP Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Menti.gqwf McAfee-GW-Edition = Artemis!353CF4B7C793 DrWeb = Trojan.Siggen3.485 TrendMicro = TROJ_GEN.R4FC2FP Kaspersky = Trojan.Win32.Menti.gqwf Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen McAfee = Artemis!353CF4B7C793 F-Secure = Gen:Variant.Vundo.14 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Cryptic.BTF Norman = W32/Suspicious_Gen2.MOFQN GData = Gen:Variant.Vundo.14 Symantec = Trojan.Gen.2 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/DownloaderMenti.gqwf BitDefender = Gen:Variant.Vundo.14 NOD32 = a variant of Win32/Kryptik.JHE
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:09:07 22:08:08-04:00 PE Type : PE32 Linker Version : 5.12 Code Size : 27136 Initialized Data Size : 81920 Uninitialized Data Size : 0 Entry Point : 0x77be OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 3.0.0.0 Product Version Number : 3.0.0.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Lexmark PCL Plug-in Renderer Company Name : Lexmark International Inc. File Description : Lexmark PCL Plug-in Renderer File Version : 3, 0, 0, 0 Internal Name : LexPCLUni Legal Copyright : Copyright © 1996-2004 Legal Trademarks : Lexmark® is a registered trademark of Lexmark International Inc. Original Filename : LexPCLUni.DLL Private Build : Product Name : Lexmark PCL Plug-in Product Version : 3.0 Special Build :
VirusTotal Report submitted 2011-10-07 16:34:49
VirusShare info last updated 2012-07-25 05:06:11

	MD5	355ca40c8bc1eff2244a7c5c06d68eff
	SHA1	a23b0d9f3675181134c18edfc18349585fd4c970
	SHA256	1faad1118cba4a2b638640c3f2eed4e111fa18dc9646be64c54c8a01d48b8869
SSDeep	3072:GKnT5akLH7Ttjqo3GtxweCrf7/TiHvfULmmbEo7jm1F:GKnNakpmo3G7weubGv8LmGBM
Size	120832 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-GD [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Malware/Win32.Generic Panda = Generic Trojan VirusBuster = Trojan.Kryptik.Gen.16 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Vundo!ix Microsoft = Trojan:Win32/Vundo McAfee = Vundo!ix F-Secure = Trojan.Generic.KDV.238133 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-GD [Cryp] AVG = Generic22.BUVZ GData = Trojan.Generic.KDV.238133 TheHacker = Trojan/Kryptik.npn BitDefender = Trojan.Generic.KDV.238133 NOD32 = a variant of Win32/Kryptik.NPN
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:14 13:39:47-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 69632 Initialized Data Size : 94208 Uninitialized Data Size : 0 Entry Point : 0x11a81 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1.3.0.3130 Product Version Number : 1.3.0.3130 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Jywyluocc Vhpbrgajfmp File Description : TDC ActiveX Control File Version : 1, 3, 0, 3130 Internal Name : TDC Legal Copyright : Copyright © 1996, 1997 Original Filename : TDC.OCX Product Name : Tabular Data Control Product Version : 1, 3, 0, 3130
VirusTotal Report submitted 2011-07-07 09:14:48
VirusShare info last updated 2012-07-25 05:06:22

	MD5	36111c7801579b7d3bfe3ad036c9db20
	SHA1	9f1aeb7fb3d9847f745f1d5b7b5c74587425442e
	SHA256	13a63eceaf7be8bce628fec56739cd55ab8d820f58d08b1eab1062d16f3d8120
SSDeep	6144:aemUcZXVP72EMxko/JAL/KwbYZ4Y08/bjoaC2muQGX9rK1cQdB:al3VPqnTGL/0HfopnG9/QdB
Size	305456 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Gen Panda = Trj/CI.A K7AntiVirus = Riskware Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Artemis!36111C780157 DrWeb = Trojan.WinSpy.1037 PCTools = Trojan.Gen McAfee = Artemis!36111C780157 F-Secure = Trojan.Generic.6240733 Avast5 = Win32:Malware-gen eSafe = Win32.TrojanDownload F-Prot = W32/FakeAlert.FT.gen!Eldorado AVG = Suspicion: unknown virus Symantec = Trojan.Gen GData = Trojan.Generic.6240733 Commtouch = W32/FakeAlert.FT.gen!Eldorado TheHacker = Trojan/Downloader.Agent.pxo BitDefender = Trojan.Generic.6240733 NOD32 = a variant of Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 65536 Initialized Data Size : 552960 Uninitialized Data Size : 0 Entry Point : 0xfefa OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2011-07-20 05:01:11
VirusShare info last updated 2012-07-25 05:07:16

	MD5	3769c8a01d506380c0570eff83649fd1
	SHA1	4e1eb9cdf3927b33a03efdbf2d28541c787cdb4c
	SHA256	05509555bcfdaf251c51fd0e160ba99ee715c49b960b0cfd2e5f420cd89590e3
SSDeep	768:P9ulFDghbl6XVYGLkT7h21tycL/kPHkCxA8Eucr+MJyObRDSqpNTCsI:PoDghbU8E1AjprcsOtVpNT4
Size	69632 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.4.208 Avast = Win32:MalOb-EI Antiy-AVL = Trojan/Win32.Monder Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Monder.69632.AK Panda = Trj/CI.A nProtect = Trojan/W32.Monder.69632.L K7AntiVirus = Trojan VirusBuster = Trojan.Kryptik!e9gwwKYBh/Q TrendMicro-HouseCall = TROJ_GEN.R72C3EH Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Faldesc[RE] McAfee-GW-Edition = Artemis!3769C8A01D50 DrWeb = Trojan.Smardec.58 TrendMicro = TROJ_GEN.R72C3EH Kaspersky = Trojan.Win32.Monder.mita Microsoft = Trojan:Win32/Vundo Fortinet = W32/Monder.MITA!tr PCTools = Trojan.Gen Jiangmin = Trojan/Monder.aahh McAfee = Vundo!iz F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-EI AVG = Generic22.ANVL Norman = W32/Suspicious_Gen2.MQHLB Sophos = Mal/Generic-L Symantec = Trojan.Gen GData = Gen:Variant.Vundo.4 BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.NDF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:11:23 16:38:47-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 49152 Initialized Data Size : 49152 Uninitialized Data Size : 0 Entry Point : 0xbf81 OS Version : 4.0 Image Version : 9.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.1106 Product Version Number : 5.1.2600.1106 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Nimybltgr Xypkzmsxjwz File Description : Cplffpxds DirectMusic Scripting File Version : 5.1.2600.1106 (xpsp1.020828-1920) Internal Name : Lqlbuiifh DirectMusic Scripting Legal Copyright : © Xpmyvicde Nuzgyszckie. All rights reserved. Original Filename : dmscript.dll Product Name : Ehrtaizdy® Xkyordn® Fpyueukmy System Product Version : 5.1.2600.1106
VirusTotal Report submitted 2011-06-26 00:36:31
VirusShare info last updated 2012-07-25 05:09:02

	MD5	37a995d7049de064206940c6b6e0ee15
	SHA1	c6a4e609af13a55def1681adfa921aae8000161b
	SHA256	89b11606d131cb68c58a35017b004ef1b9b17edbaa7f1a9d1be0bff9240c9916
SSDeep	12288:QZdNqnuXQ9OnfK5ij+tGSdFUm9GKdKX6LH:QvN+umOni5iaPdFBEG7
Size	434535 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Suspicious file Comodo = TrojWare.Win32.Inject.FXK McAfee-GW-Edition = Artemis!37A995D7049D DrWeb = Trojan.DownLoader3.31151 Kaspersky = Trojan.Win32.Pirminay.ihw McAfee = Suspect-BA!37A995D7049D F-Secure = Gen:Trojan.Heur.RP.AqX@aOl@Pipj VIPRE = Trojan.Win32.Generic!BT Norman = W32/Suspicious_Gen2.MVPWD GData = Gen:Trojan.Heur.RP.AqX@aOl@Pipj BitDefender = Gen:Trojan.Heur.RP.AqX@aOl@Pipj NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:05 21:47:18-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 32768 Initialized Data Size : 749568 Uninitialized Data Size : 0 Entry Point : 0x53d3 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2011-06-16 05:19:09
VirusShare info last updated 2012-07-25 05:09:17

	MD5	39b1a771d89e34c1a59515d2532ba6ef
	SHA1	27ce73cd759f216b3ac29cb4720d70d7619216e0
	SHA256	4f5bc104bf68a52ed38992a44db6b5c09450c7ea5ccfa952cdaf63be2e09de91
SSDeep	1536:R2ZoLqmGZyw9sh95DiYczboNLQ3Fm1CnCRJZuZMqqU+NV23S2M:RSwpGZyRNDiYubo48kZMqqDLy/M
Size	86528 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:Vundo-JW Antiy-AVL = Trojan/win32.agent.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.FakeAV Panda = Suspicious file K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!7S7h5iK7Dww McAfee-GW-Edition = Artemis!39B1A771D89E Kaspersky = HEUR:Trojan.Win32.Generic Jiangmin = Trojan/Generic.gije McAfee = Generic.dx!zwh F-Secure = Gen:Trojan.Heur.LP.fu8@aKJP5vmi VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Vundo-JW AVG = Generic23.CCM Norman = W32/Suspicious_Gen2.MYVIF GData = Gen:Trojan.Heur.LP.fu8@aKJP5vmi TheHacker = Trojan/Kryptik.owy BitDefender = Gen:Trojan.Heur.LP.fu8@aKJP5vmi NOD32 = a variant of Win32/Kryptik.OWY
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:13 09:32:51-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 32768 Initialized Data Size : 106496 Uninitialized Data Size : 0 Entry Point : 0x8a87 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Softpub Forwarder DLL File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : Softpub Forwarder DLL Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : Softpub Forwarder DLL Product Name : Microsoft® Windows® Operating System Product Version : 6.1.7600.16385
VirusTotal Report submitted 2011-06-25 18:01:44
VirusShare info last updated 2012-07-25 05:11:26

	MD5	3a7066aca58ed8f739761e50243c2896
	SHA1	ae5f1261948744d38ea349ebf8fd96494c0326dd
	SHA256	a139081c44406deca8260a3b26aa0f89cd688765c5d18229729d3da9689b6ee7
SSDeep	1536:+kUVmGNnT9sh7yiYPFszbod2LQ3FP1CnCRJZuZMqqU+NV23S28:+sGNnyByiYIboC8kZMqqDLy/8
Size	86528 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:Vundo-JW [Trj] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Fakeav.86528.R Panda = Suspicious file nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!c7A8QIDrzUg Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK DrWeb = Trojan.WinSpy.1072 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo Jiangmin = Trojan/Generic.gije F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Vundo-JW [Trj] F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.AWO GData = Gen:Variant.Vundo.4 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.owy BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.OWY
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:13 09:32:51-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 32768 Initialized Data Size : 106496 Uninitialized Data Size : 0 Entry Point : 0x8a87 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Softpub Forwarder DLL File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : Softpub Forwarder DLL Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : Softpub Forwarder DLL Product Name : Microsoft® Windows® Operating System Product Version : 6.1.7600.16385
VirusTotal Report submitted 2011-07-22 12:06:50
VirusShare info last updated 2012-07-25 05:12:22

	MD5	3a979ecfb24201ab50aee51475b2c01a
	SHA1	544f2211f8f8adc806c91ee4d3011eed402137bc
	SHA256	ad3b31af7f127d1c66b60844ce75ae38c37fa609366bb908ce38faadbc21423c
SSDeep	3072:Oo0tooBF/wYRVMtFQ0nNAmZvCDLTnkG8RJy6ZLUmggpok5ai4Ky:OVooBFRLyznNAd/ktRJyjXgptR
Size	167424 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/Win32.Monder.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Gen Panda = Suspicious file Rising = Trojan.Win32.Generic.128CBA68 nProtect = Gen:Variant.Renos.61 K7AntiVirus = Riskware VBA32 = AdWare.SuperJuan.xfx TrendMicro-HouseCall = TROJ_GEN.R4FC3F1 Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Monder.mpao McAfee-GW-Edition = Artemis!3A979ECFB242 DrWeb = Trojan.Virtumod.10230 TrendMicro = TROJ_GEN.R4FC3F1 Kaspersky = Trojan.Win32.Monder.mpao Microsoft = Trojan:Win32/Vundo.gen!AV PCTools = Trojan.Gen Jiangmin = Trojan/Monder.abdm McAfee = Artemis!3A979ECFB242 F-Secure = Gen:Variant.Renos.61 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-EI [Cryp] eSafe = Win32.Trojan F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Cryptic.BPO Norman = W32/Suspicious_Gen2.MKYEH Sophos = Mal/Generic-L GData = Gen:Variant.Renos.61 Symantec = Trojan.Gen.2 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Monder.mpao BitDefender = Gen:Variant.Renos.61 NOD32 = a variant of Win32/Kryptik.IZC
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:01:20 08:32:59-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 116736 Initialized Data Size : 86528 Uninitialized Data Size : 0 Entry Point : 0x1d5d4 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Windows Management Interface for ACPI File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : wmiacpi.sys Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : wmiacpi.sys Product Name : Microsoft® Windows® Operating System Product Version : 6.1.7600.16385
VirusTotal Report submitted 2011-09-04 00:02:07
VirusShare info last updated 2012-07-25 05:12:30

	MD5	3c17bf4d1db52c73ee492ac2790ce6b5
	SHA1	d37c68e751a7f8d6c11292f42e1209ff9a0ee136
	SHA256	66d4fbcd46e6f1e99147d9989ff2125af5f8030543b972a04ad5731311dec861
SSDeep	1536:U4MwSC/UXuY28bQJjml9I3k3lQ36QDkUFYV:Upwx8b20QJj83lQ39ksY
Size	49664 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen5 Avast = Win32:MalOb-GH [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Malware/Win32.Generic Panda = Suspicious file VirusBuster = Trojan.Vundo!bHtpB6cNhgU eTrust-Vet = Win32/Vundo.A!generic TrendMicro-HouseCall = TROJ_GEN.R45C2FN Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Artemis!3C17BF4D1DB5 DrWeb = Trojan.WinSpy.1071 TrendMicro = TROJ_GEN.R45C2FN ViRobot = Trojan.Win32.Vundo.49664 Microsoft = Trojan:Win32/Vundo.gen!AV McAfee = Artemis!3C17BF4D1DB5 F-Secure = Trojan.Generic.KDV.272363 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-GH [Cryp] AVG = Generic22.CLDT Norman = W32/Suspicious_Gen2.NCHTO GData = Trojan.Generic.KDV.272363 TheHacker = Trojan/Kryptik.ocu BitDefender = Trojan.Generic.KDV.272363 NOD32 = a variant of Win32/Kryptik.OCU
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2004:08:16 10:16:46-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 40960 Initialized Data Size : 49152 Uninitialized Data Size : 0 Entry Point : 0xaeb1 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2001.12.4414.258 Product Version Number : 3.0.0.4414 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Windows, Latin1 Company Name : Yzwibhlqj Ewifvhxbtkz File Description : Simple Kernel-mode File-based Log File Version : 2001.12.4414.258 Internal Name : txflog.sys Legal Copyright : Copyright (C) Microsoft Corp. 1995-1999 Legal Trademarks : Qfvwqsgxa(R) is a registered trademark of Ighyzngxg Psbzwdzhbpn. Pbnyczd(TM) is a trademark of Zlpagiibr Klpywuagrfb Product Name : COM Services Product Version : 03.00.00.4414
VirusTotal Report submitted 2011-07-16 00:18:55
VirusShare info last updated 2012-07-25 05:14:17

	MD5	3c18ac76ff42d257c92d717907159a13
	SHA1	b7f28bc8a2be7836e49c8d2dd2a0bb14238877f8
	SHA256	948c95c1c47be3a07b5c6b66d77dfbe80da2124c0e90a8dd66544ee0e28c7061
SSDeep	12288:IRHkLNkvwC6L3sQCjwemN2fmwJLd69Tjl:Juo8VPmNq9L8lh
Size	422413 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dldr.Ponmocup.A.194 Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Fakeav.422413 Panda = Trj/CI.A nProtect = Trojan/W32.Pirminay.422413 K7AntiVirus = Riskware VirusBuster = Trojan.DL.Ponmocup!2ey+s21MM38 VBA32 = Trojan.Pirminay.fah TrendMicro-HouseCall = TROJ_GEN.R28C2EF Emsisoft = Trojan.Win32.Pirminay!IK Comodo = TrojWare.Win32.Trojan.Agent.Gen CAT-QuickHeal = Trojan.Pirminay.hkn SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[Cont] McAfee-GW-Edition = Generic Downloader.x!gaj TrendMicro = TROJ_GEN.R28C2EF Kaspersky = Trojan.Win32.Pirminay.hkn Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = PossibleThreat PCTools = Trojan.ADH Jiangmin = Trojan/Pirminay.qb McAfee = Generic Downloader.x!gaj F-Secure = Gen:Variant.Zbot.34 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Malware-gen AVG = Generic21.BITY Norman = W32/Obfuscated.L Sophos = Mal/Generic-L Symantec = Trojan.ADH GData = Gen:Variant.Zbot.34 TheHacker = Trojan/Pirminay.eky BitDefender = Gen:Variant.Zbot.34 NOD32 = a variant of Win32/Kryptik.LLT
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2005:03:18 07:43:45-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 401408 Initialized Data Size : 327680 Uninitialized Data Size : 0 Entry Point : 0x5f6ab OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Czljntpuy Iuemakitdex File Description : Network Diagnostic Engine Proxy/Stub File Version : 6.0.6000.16386 (swgdv_rtm.061101-2205) Internal Name : ndproxystub.dll Legal Copyright : © Uqlaxuhip Huvfvrnuapp. All rights reserved. Original Filename : ndproxystub.dll Product Name : Idppiqnde® Jbmefbd® Operating Dysnkt Product Version : 6.0.6000.16386
VirusTotal Report submitted 2011-08-15 17:00:44
VirusShare info last updated 2012-07-25 05:14:17

	MD5	3c2ab38ef041385eab08da14d1d9fd59
	SHA1	2a6380f757afb77df5046eb81a16bd5c78f6f8c8
	SHA256	db9f3842df2af74cabf962c46b929f02129255b25defb492c1bf418437ec1fbb
SSDeep	6144:4juNOQwyoQy5861hvl6VDv/F/8qX/X6csQCXBOspnhxEz:AMRHy58olaDnFJ/dhCNpnhx
Size	316416 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.AV.532 Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Suspicious file nProtect = Trojan/W32.Pirminay.316416 K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_GEN.R28C2FE Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Pirminay.isl McAfee-GW-Edition = Vundo!kl TrendMicro = TROJ_GEN.R28C2FE Kaspersky = Trojan.Win32.Pirminay.isl Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Pirminay.ISL!tr Jiangmin = TrojanDropper.Agent.ajqi McAfee = Vundo!kl F-Secure = Gen:Variant.Vundo.6 VIPRE = Packed.Win32.Pirminay.a (v) Avast5 = Win32:Malware-gen F-Prot = W32/FakeAlert.LP.gen!Eldorado AVG = SHeur3.CEYP Norman = W32/Obfuscated.L Sophos = Mal/Generic-L Symantec = WS.Reputation.1 GData = Gen:Variant.Vundo.6 Commtouch = W32/FakeAlert.LP.gen!Eldorado BitDefender = Gen:Variant.Vundo.6
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:08:19 22:46:56-04:00 PE Type : PE32 Linker Version : 5.10 Code Size : 100352 Initialized Data Size : 421888 Uninitialized Data Size : 0 Entry Point : 0x1952e OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Tag 0c 0904 E4 : Company Name : Microsoft Corporation File Description : DirectX Files DLL File Version : 5.1.2600.0 Internal Name : d3dxof.dll Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : d3dxof.dll Product Name : Microsoft® Windows® Operating System Product Version : 5.1.2600.0
VirusTotal Report submitted 2011-08-20 15:50:07
VirusShare info last updated 2012-07-25 05:14:22

	MD5	3c3a11170e23c141331b9b69b1730117
	SHA1	44443eea0fc63c3445737402871d70bde4556c5e
	SHA256	aa8a43f430254956188fac8ea8f41c75e37e3639b90a35b5935c08f2fbc90498
SSDeep	6144:JNm/qGzdYoOQOlz1/My0B8dwclUZ5FX6tG3mXHeJAXvYb9IIwKVClSqNs:JNm5tglzqtQwCgAISv09FfU+
Size	334227 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dldr.Ponmocup.A.367 Avast = Win32:Pirminay-H [Trj] Antiy-AVL = Trojan/Win32.Jorik.gen Ikarus = Trojan.Pirminay AhnLab-V3 = Trojan/Win32.Jorik Panda = Suspicious file nProtect = Gen:Variant.Zbot.34 K7AntiVirus = Trojan VBA32 = SScope.Trojan.Pirminay.chc TrendMicro-HouseCall = TROJ_GEN.R47C2HD Emsisoft = Trojan.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Artemis!3C3A11170E23 TrendMicro = TROJ_GEN.R47C2HD Kaspersky = Trojan.Win32.Jorik.Pirminay.gr Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Kryptik.ANL!tr McAfee = Artemis!3C3A11170E23 F-Secure = Gen:Variant.Zbot.34 VIPRE = Trojan.Win32.Generic!BT AVG = Generic24.PQC Norman = W32/Suspicious_Gen2.NXSVW Sophos = Troj/Virtum-Gen GData = Gen:Variant.Zbot.34 Symantec = WS.Reputation.1 TheHacker = Trojan/Jorik.Pirminay.gr BitDefender = Gen:Variant.Zbot.34 NOD32 = a variant of Win32/Kryptik.JZC
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:28 10:44:14-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 323584 Initialized Data Size : 299008 Uninitialized Data Size : 0 Entry Point : 0x4edd2 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Microsoft® Help Proxy File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : helppaneproxy.dll Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : helppaneproxy.dll Product Name : Microsoft® Windows® Operating System Product Version : 6.1.7600.16385
VirusTotal Report submitted 2011-10-19 11:30:26
VirusShare info last updated 2012-07-25 05:14:27

	MD5	3d175324630eedace1dc82fe7f1aea14
	SHA1	6209258792b3de8f308af85e45eb0e4965ad759d
	SHA256	783325aa85e396d9be24a2b2b9197d22a64e4c218ea48e15c84a7b78844de024
SSDeep	6144:abQJLHL1MXfeM2hxBUhs2NjuSOCQ4pR8I/qiOEK7lkYq2Td:pFHWXfl2hxBm5NCnATvqiOE8Nd
Size	360930 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Ikarus = Trojan.Win32.Pirminay VBA32 = SScope.Trojan.Pirminay.chc Microsoft = TrojanDownloader:Win32/Ponmocup.A F-Secure = Gen:Variant.Vundo.11 Avast5 = Win32:Vundo-JU GData = Gen:Variant.Vundo.11 BitDefender = Gen:Variant.Vundo.11
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:11:01 03:17:06-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 24576 Initialized Data Size : 651264 Uninitialized Data Size : 0 Entry Point : 0x365f OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.1716.0 Product Version Number : 5.2.1716.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Agiivkwja Wzqdjywtvjq File Description : Message Queuing Trigger Generic Object File Version : 5.2.1716.0 (srv03_rtm.030324-2048) Internal Name : MQGENTR.DLL Legal Copyright : © Twmqsmopf Dhfwrhcyzqz. All rights reserved. Original Filename : MQGENTR.DLL Product Name : Ybaobmzwl® Yauhzsb® Lrhggkauz Ajtpqr Product Version : 5.2.1716.0
VirusTotal Report submitted 2011-05-24 23:10:03
VirusShare info last updated 2012-07-25 05:15:12

	MD5	3d27f9bd4d143594d9ddd8221e47989c
	SHA1	b6d71f4348321174789fd23218c2c7bd7c1da4a1
	SHA256	1963810d44ca17a9d57ae59f1874d058e8afb376ad98d6791f90aaf1deb51735
SSDeep	12288:oQLT0Xg745fvAKB8Pi0p9JmddM9+bM8yJlqzsEeKpzsf:o1gg3AKBuLmQKM8zHeKpzsf
Size	427399 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:Rootkit-gen Ikarus = Trojan.Win32.Pirminay K7AntiVirus = Riskware SUPERAntiSpyware = Adware.Vundo/Variant-MSFake McAfee-GW-Edition = Heuristic.LooksLike.Win32.Suspicious.C DrWeb = Trojan.MulDrop2.36782 PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.ahu McAfee = Suspect-AB!3D27F9BD4D14 F-Secure = Gen:Trojan.Heur.AmLfziNCzzli VIPRE = Trojan.Win32.Generic!SB.0 Avast5 = Win32:Rootkit-gen AVG = Generic23.AFNT Norman = W32/Obfuscated.L Sophos = Mal/Ponmocup-A Symantec = Trojan.Gen GData = Gen:Trojan.Heur.AmLfziNCzzli BitDefender = Gen:Trojan.Heur.AmLfziNCzzli NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:13 15:15:41-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 425984 Initialized Data Size : 4096 Uninitialized Data Size : 557056 Entry Point : 0xf06b0 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.1716.0 Product Version Number : 5.2.1716.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Message Queuing Directory Service Client File Version : 5.2.1716.0 (srv03_rtm.030324-2048) Internal Name : MQDSCLI.DLL Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : MQDSCLI.DLL Product Name : Microsoft® Windows® Operating System Product Version : 5.2.1716.0
VirusTotal Report submitted 2011-06-30 17:41:52
VirusShare info last updated 2012-07-25 05:15:18

	MD5	3df0f4d1413012f83c622ca5358cc4a7
	SHA1	e3ae47421b9d96d43965be3ecefca5744f463fde
	SHA256	bb9333676547a10b7d18233948d872f2d28b7248bf7ed55916e002176fda3dcd
SSDeep	768:HgCsOr9yoH05Hv79nDiK935vsjH6N41b6HlQ0I7c0BXB+au0cFpNOVGHVo:Hg89y605Hv7wMp0jH6N41bV0CBbcFpNO
Size	49152 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.49152.AV Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Packed/Win32.Generic Panda = Suspicious file nProtect = Trojan.Generic.4929816 K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_GEN.R26C1F3 Comodo = UnclassifiedMalware McAfee-GW-Edition = Vundo!hb TrendMicro = TROJ_GEN.R26C1F3 Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Vundo.HB!tr PCTools = HeurEngine.MaliciousPacker McAfee = Vundo!hb VIPRE = Virtumonde Avast5 = Win32:Malware-gen F-Prot = W32/Virtumonde.BZ.gen!Eldorado AVG = Generic22.CCQT Norman = W32/Suspicious_Gen2.ICNVX Sophos = Mal/Generic-L Symantec = Packed.Generic.305 GData = Trojan.Generic.4929816 Commtouch = W32/Virtumonde.BZ.gen!Eldorado BitDefender = Trojan.Generic.4929816
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:11:28 21:26:33-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 12288 Initialized Data Size : 65536 Uninitialized Data Size : 0 Entry Point : 0x3d9d OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.2600.1 Product Version Number : 6.0.2600.1 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : Neutral Character Set : Unicode Company Name : Microsoft Corporation File Description : MSWC Page Counter File Version : 6.0.2600.0 (xpclient.010817-1148) Internal Name : pagecnt.dll Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : pagecnt.dll Product Name : Internet Information Services Product Version : 6.0.2600.0
VirusTotal Report submitted 2011-06-08 08:35:49
VirusShare info last updated 2012-07-25 05:16:23

	MD5	3efd33fb4dde6008d88ccf0c8acf7e3b
	SHA1	6c9ca4bf96ceb7b610bcc313121dd95c481de6e9
	SHA256	14af08fa9dc1804ef71637dc307fa720237fec2a02e78a489da975051d2e696b
SSDeep	3072:grJ1akEH7xtj2oDJKxweCrf7sTio/fULmtbEo7jQ1F:gr7akCqoDJsweuE9/8Lm9BW
Size	120832 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-GD Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Gen Panda = Generic Trojan VirusBuster = Trojan.Kryptik.Gen.16 TrendMicro-HouseCall = TROJ_GEN.R47C3FL Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Generic.dx!zvj TrendMicro = TROJ_GEN.R47C3FL Microsoft = Trojan:Win32/Vundo PCTools = Trojan.Gen McAfee = Generic.dx!zvj F-Secure = Trojan.Generic.KDV.252495 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-GD eSafe = Win32.TRVundo AVG = Generic23.FOA Symantec = Trojan.Gen GData = Trojan.Generic.KDV.252495 TheHacker = Trojan/Kryptik.npn BitDefender = Trojan.Generic.KDV.252495 NOD32 = a variant of Win32/Kryptik.NPN
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:14 13:39:47-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 69632 Initialized Data Size : 94208 Uninitialized Data Size : 0 Entry Point : 0x11a81 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1.3.0.3130 Product Version Number : 1.3.0.3130 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Jywyluocc Vhpbrgajfmp File Description : TDC ActiveX Control File Version : 1, 3, 0, 3130 Internal Name : TDC Legal Copyright : Copyright © 1996, 1997 Original Filename : TDC.OCX Product Name : Tabular Data Control Product Version : 1, 3, 0, 3130
VirusTotal Report submitted 2011-07-01 22:34:16
VirusShare info last updated 2012-07-25 05:17:44

	MD5	3f4c7bee840128b401cd3c98d3866bac
	SHA1	a954480039f156eac683eedc8978f9c1eef9d325
	SHA256	6e1dc0d319280a3c6cdbb17f11b82ae779851b565eb38d95a0b5df2aaffc6938
SSDeep	6144:BDXEpAKjlp91O9cP8Bpjqix1V1a+f3OatWYl+KhHRCqjFKJMwRmfzUOVyFSu:BDEpAaDOxBpeG4+PzXHgqJLfIOC
Size	372315 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.5.14 Avast = Win32:Kryptik-CGS [Trj] Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Pirminay.372315 Panda = Trj/CI.A nProtect = Trojan/W32.Pirminay.372315 K7AntiVirus = Trojan TrendMicro-HouseCall = TROJ_GEN.R21C2FD Comodo = TrojWare.Win32.Trojan.Agent.Gen Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Pirminay.hbv SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[RE] McAfee-GW-Edition = Heuristic.BehavesLike.Win32.Suspicious.H TrendMicro = TROJ_GEN.R21C2FD Kaspersky = Trojan.Win32.Pirminay.hbv Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Pirminay.HBV!tr Jiangmin = Trojan/Pirminay.xp McAfee = Generic Downloader.x!fyu F-Secure = Gen:Variant.Vundo.5 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Kryptik-CGS [Trj] AVG = Generic22.AHQY Norman = W32/Obfuscated.L GData = Gen:Variant.Vundo.5 TheHacker = Trojan/Pirminay.gnm BitDefender = Gen:Variant.Vundo.5 NOD32 = a variant of Win32/Kryptik.LLT
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2005:03:23 01:26:00-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 360448 Initialized Data Size : 303104 Uninitialized Data Size : 0 Entry Point : 0x54e6b OS Version : 4.0 Image Version : 21315.20512 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6001.18000 Product Version Number : 6.0.6001.18000 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Zzzffrwly Puzwzmxnndf File Description : Inzxaab NT MARTA provider File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840) Internal Name : ntmarta.dll Legal Copyright : © Microsoft Ypdqieadvno. All rights reserved. Original Filename : ntmarta.dll Product Name : Wpamuroqh® Masmftj® Kqjfrnchf System Product Version : 6.0.6001.18000
VirusTotal Report submitted 2011-07-08 15:09:08
VirusShare info last updated 2012-07-25 05:18:05

	MD5	40f0bf3d30f2ae633e0c63b07fdfa6a4
	SHA1	951c97f60e16621245d561c1049f7eb084a4e2e8
	SHA256	68c8df2b9bb4476c469bff4f3af9ac074d9ac03124a2ad2316c44a492e158d07
SSDeep	1536:kAVupyFe3hb9MehQ/OQMV3oJhdfebbknHNM2/P23sqCW/:Ly3hb9rEO3V4hYGNM628pW/
Size	66048 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-EI Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Adware/Win32.SuperJuan Panda = Suspicious file Rising = Trojan.Win32.Generic.124CC4EF nProtect = Trojan/W32.Vundo.66048 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!SIa2c20/paM VBA32 = AdWare.SuperJuan.xhb Comodo = UnclassifiedMalware DrWeb = Trojan.Juan.504 Kaspersky = not-a-virus:AdWare.Win32.SuperJuan.abbf Microsoft = Trojan:Win32/Vundo Fortinet = Adware/SuperJuan PCTools = Trojan.Gen Jiangmin = Adware/SuperJuan.gf F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-EI F-Prot = W32/Virtumonde.BZ.gen!Eldorado AVG = Generic22.ANVO Symantec = Trojan.Gen GData = Gen:Variant.Vundo.13 Commtouch = W32/Virtumonde.BZ.gen!Eldorado BitDefender = Gen:Variant.Vundo.13 NOD32 = probably a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2004:07:20 11:10:58-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 24576 Initialized Data Size : 78336 Uninitialized Data Size : 0 Entry Point : 0x6e0d OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.3959 Product Version Number : 5.2.3790.3959 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : SENS Connectivity API DLL File Version : 5.2.3790.3959 (srv03_sp2_rtm.070216-1710) Internal Name : SensApi.dll Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : SensApi.dll Product Name : Microsoft® Windows® Operating System Product Version : 5.2.3790.3959
VirusTotal Report submitted 2011-06-27 02:17:19
VirusShare info last updated 2012-07-25 05:20:01

	MD5	41ca259ab9d02dc88f0603f2d65580e4
	SHA1	0a22e6ab2f9616fd835efa3d4c54e83785956ebe
	SHA256	7d0c7204fd45d764acb015bba363c6b9c7fb7b852dd8f20d6234955321781c0f
SSDeep	1536:Ai084ds6YmYxruTZOMpttOoJ3sckrP0eJJNfSDL4ZlWqZ:BRYymYNZMDtmP0KplFZ
Size	80896 bytes
File Type	MS-DOS executable
Detections	AntiVir = TR/Vundo.aba.1 Avast = Win32:Vundo-JU [Trj] Antiy-AVL = Trojan/Win32.Monder.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Generic Trojan nProtect = Trojan/W32.Monder.80896.EB K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!90xSFV8zvck VBA32 = Trojan.Monder.drjy eTrust-Vet = Win32/Monder.A!generic TrendMicro-HouseCall = TROJ_GEN.R1BC2FH Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Monder.drjy SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[RE] McAfee-GW-Edition = Vundo!ke DrWeb = Trojan.Virtumod.10278 TrendMicro = TROJ_GEN.R1BC2FH Kaspersky = Trojan.Win32.Monder.drjy Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Monder.DRJY!tr PCTools = Trojan.Gen Jiangmin = Trojan/Monder.aano McAfee = Vundo!ke F-Secure = Trojan.Vundo.5253 VIPRE = Trojan.Win32.Kryptik.laq (v) AVG = Generic23.LIG Norman = W32/Suspicious_Gen2.NLCTG Sophos = Troj/Virtum-Gen GData = Trojan.Vundo.5253 Symantec = Trojan.Gen BitDefender = Trojan.Vundo.5253 NOD32 = a variant of Win32/Kryptik.OXQ
ExIF Data	Error : Unknown file type
VirusTotal Report submitted 2011-10-21 16:48:10
VirusShare info last updated 2012-07-25 05:21:07

	MD5	43633820580cf636336997ff79cc34c6
	SHA1	49f1595837f4b0b16fb8535523fc1dda891a4e40
	SHA256	1519f79e33588da1e28b6f45cb3365a482970924c9b00757389de3d19bc1b9d4
SSDeep	6144:ntqAtyQTlskkIB8agSd+/3KTliqpiAG4X/A/HWQhD4Doj+CC:ntNtyUl7kALd4ilBpi/44F/6
Size	362975 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Pirminay.gkn Avast = Win32:Kryptik-CEF [Trj] Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Pirminay.362975 Panda = Trj/CI.A nProtect = Trojan/W32.Pirminay.362975 K7AntiVirus = Riskware VirusBuster = Trojan.Agent!TKmNTE+h7G4 TrendMicro-HouseCall = TROJ_GEN.R21C2F3 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Heuristic.BehavesLike.Win32.Suspicious.H TrendMicro = TROJ_GEN.R21C2F3 Kaspersky = Trojan.Win32.Pirminay.grx Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Pirminay.GRX!tr PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.xx McAfee = Generic Downloader.x!fyu F-Secure = Trojan.Generic.5869931 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Vundo-JU [Trj] AVG = Generic22.AEHK Norman = W32/Suspicious_Gen2.MPFBO Sophos = Mal/Generic-L Symantec = Trojan.Gen GData = Trojan.Generic.5869931 TheHacker = Trojan/Pirminay.hay BitDefender = Trojan.Generic.5869931 NOD32 = probably a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:05:30 00:10:26-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 61440 Initialized Data Size : 598016 Uninitialized Data Size : 0 Entry Point : 0xbf1a OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 2 Language Code : Neutral Character Set : Unicode Company Name : Vpuwdzsie Oqfohvphedj File Description : German_IBM Keyboard Layout File Version : 6.0.6000.16386 (qotyg_rtm.061101-2205) Internal Name : kbdgr1 (3.13) Legal Copyright : © Sxoppxnwq Sllsgiltlnl. All rights reserved. Original Filename : kbdgr1.dll Product Name : Ntvcxggbe® Umcwupb® Tuulpvxkb Iaktfo Product Version : 6.0.6000.16386
VirusTotal Report submitted 2011-07-08 15:02:12
VirusShare info last updated 2012-07-25 05:23:13

	MD5	43b1d39ebba8a3df5f60ac31c653148d
	SHA1	c5c46370a1a9a9ecff55b091484ba58e61450965
	SHA256	946241eca749df66fc429c34fe3f74ad92e479d9e82e68543aea0c4e674e0c8e
SSDeep	1536:YjmnzdTqhoVN3qQcSS5W1yiWhvwBiqIz1x:YjgUoHaRDTqI5x
Size	106496 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-GD [Cryp] Antiy-AVL = Trojan/win32.agent.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Variant.106496.CH Panda = Generic Trojan Rising = Trojan.Win32.Generic.129F92A7 nProtect = Gen:Variant.Vundo.13 K7AntiVirus = Riskware VirusBuster = Trojan.Vundo!g8iUoQ2ugDo TrendMicro-HouseCall = TROJ_GEN.R47C1FF Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[RE] McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.Smardec.76 TrendMicro = TROJ_GEN.R47C1FF Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Monder.BMF!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.ipss McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) AVG = Generic22.ACPU Norman = W32/Kryptik.AIF Sophos = Mal/Generic-L GData = Gen:Variant.Vundo.13 Symantec = Trojan.Gen TheHacker = Trojan/Kryptik.ndc BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.NDC
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:11:03 15:11:13-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 20480 Initialized Data Size : 118784 Uninitialized Data Size : 0 Entry Point : 0x285e OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Ctwzhcunz Yqkslirlifg File Description : SCardDlg - Smart Card Common Dialog File Version : 6.0.6000.16386 (oyzlh_rtm.061101-2205) Internal Name : SCardDlg.dll Legal Copyright : © Aaidkyfuy Sphxtbjtbyu. All rights reserved. Original Filename : SCardDlg.dll Product Name : Rdwsfslrj® Irdlbjv® Fppgzaies Fdfkwz Product Version : 6.0.6000.16386
VirusTotal Report submitted 2011-11-09 10:09:18
VirusShare info last updated 2012-07-25 05:23:33

	MD5	44403b3b7197ebcc321b61130832e5c5
	SHA1	7ecefb219e66e56be418474846a86267594ad5cb
	SHA256	c6dbdff67791023e039f5d81c952fba12b3d3bba1539588902ffbce49240951e
SSDeep	6144:pa1+oqf1TlcpczlFVXrj9XxDJxTxN4eLg0S+WiWLWxkthVV0/6rBCH9JBn9pF:PZwaln7ZhtxVN4erWiWLWxktzV46rsH9
Size	323584 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dldr.Ponmocup.A.283 Avast = Win32:Downloader-HUP [Trj] Antiy-AVL = Trojan/win32.agent.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.FakeAV Panda = Trj/CI.A nProtect = Gen:Variant.FakeAlert.39 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!J912oAQHeRg TrendMicro-HouseCall = TROJ_GEN.R72C2FI Comodo = TrojWare.Win32.Trojan.Agent.Gen Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Artemis!44403B3B7197 DrWeb = Trojan.DownLoader3.22724 TrendMicro = TROJ_GEN.R72C2FI Microsoft = TrojanDownloader:Win32/Ponmocup.A Jiangmin = Trojan/Generic.ggky McAfee = Artemis!44403B3B7197 F-Secure = Trojan.Generic.KDV.247798 VIPRE = Trojan.Win32.Generic!SB.0 Avast5 = Win32:Downloader-HUP [Trj] AVG = Generic22.CLCX Norman = W32/Obfuscated.L Sophos = Mal/Generic-L GData = Trojan.Generic.KDV.247798 TheHacker = Trojan/Kryptik.llt BitDefender = Trojan.Generic.KDV.247798 NOD32 = a variant of Win32/Kryptik.LLT
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:02:13 04:41:54-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 323584 Initialized Data Size : 4096 Uninitialized Data Size : 393216 Entry Point : 0xaf440 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Sapfiucdb Fzdnzxmpoex File Description : MUI Callback for Language pack cleanup File Version : 6.0.6000.16386 (vista_rtm.061101-2205) Internal Name : MUILanguageCleanup Legal Copyright : © Qyverpntv Ehhejouvjvn. All rights reserved. Original Filename : MUILanguageCleanup.dll Product Name : Ggvfisjwp® Fhamdzr® Nderimfhd Uwezlp Product Version : 6.0.6000.16386
VirusTotal Report submitted 2011-07-05 15:50:04
VirusShare info last updated 2012-07-25 05:24:16

	MD5	454b6fceef1719af7892086e9589e178
	SHA1	8fbb61e701164b01d7235cd7c6858521efefc7d1
	SHA256	77f94b069c6567524e149d4d48d7f890ff6020c2702c45d55586cb046a14d48b
SSDeep	6144:jNGImPi9EMIMkyuVbJp3H47uBDTttskyznIy7Mg+fNMbyKYIx0fDhvCoS1t9+:jhd2Mk5YWDTttBag8nIfDRCoS13+
Size	389992 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.XPACK.Gen2 Avast = Win32:Trojan-gen Antiy-AVL = Trojan/win32.agent.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/CI.A nProtect = Trojan/W32.Pirminay.389992 VirusBuster = Trojan.Pirminay!Kk6JJk65Xt8 Comodo = TrojWare.Win32.Trojan.Agent.Gen McAfee-GW-Edition = Heuristic.BehavesLike.Win32.ModifiedUPX.C DrWeb = Trojan.DownLoader3.41663 Kaspersky = Trojan.Win32.Pirminay.jdr Microsoft = TrojanDownloader:Win32/Ponmocup.A McAfee = Suspect-BA!454B6FCEEF17 F-Secure = Trojan.Generic.KDV.267552 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Trojan-gen AVG = SHeur3.CGFG Norman = W32/Obfuscated.L Sophos = Mal/Generic-L Symantec = Trojan.ADH.2 GData = Trojan.Generic.KDV.267552 BitDefender = Trojan.Generic.KDV.267552 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:13 16:39:33-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 372736 Initialized Data Size : 20480 Uninitialized Data Size : 602112 Entry Point : 0xee000 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2011-06-27 03:02:21
VirusShare info last updated 2012-07-25 05:25:31

	MD5	45d767e10918a7a5feb779d01137ad37
	SHA1	7265437548a7a5f6e463021166f17e8dec4a2888
	SHA256	ea6034ae4788fde0d23519d3ba69a6d74ecd95fa01a9943b932017a0f4b703e7
SSDeep	1536:BLiOsL97S0alCvIDN8zdOwegkwtNs7HI9RgcItv6txf4jiVmiEQ+UMsXKukPi+pp:BGOsR7S0tcSkw/rxQjiAiuUMsXKukPiQ
Size	98304 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-EI Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Gen Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.13 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!ukyW6ZOf9UQ TrendMicro-HouseCall = TROJ_GEN.R72C2FJ Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[RE] McAfee-GW-Edition = Artemis!45D767E10918 DrWeb = Trojan.Smardec.79 TrendMicro = TROJ_GEN.R72C2FJ Microsoft = Trojan:Win32/Vundo PCTools = Trojan.Gen McAfee = Artemis!45D767E10918 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-EI AVG = Generic22.CNZO Symantec = Trojan.Gen GData = Gen:Variant.Vundo.13 TheHacker = Trojan/Kryptik.ndf BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.NDF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:08:30 21:54:27-04:00 PE Type : PE32 Linker Version : 6.0 Code Size : 32768 Initialized Data Size : 98304 Uninitialized Data Size : 0 Entry Point : 0x86d1 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Unicode Company Name : Updhtwtvi Ruivycwxfwr File Description : Platform Specific Hardware Error Driver File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : pshed.dll Legal Copyright : © Pscomdbey Etlzzzaqrax. All rights reserved. Original Filename : pshed.dll Product Name : Cihplvzyu® Owrvvcy® Amdfatsht Chhvwn Product Version : 6.1.7600.16385
VirusTotal Report submitted 2011-07-04 05:47:19
VirusShare info last updated 2012-07-25 05:26:04

	MD5	46155e257c1faf7941107e8af9a1c803
	SHA1	70e74ed0129de8c296aea01625773423d1a34a06
	SHA256	d8ab599a203ebbc82f788f311764e929ed5819a731bc0d3b453122bdf4a36036
SSDeep	1536:belRw2uIR+woPMqqU+NV23S2n8VkFS+FcHmCnzuaUkYUhnQFOo0UT6PpGiD:bCTntoPMqqDLy/QVzLSkYHFO5si
Size	102400 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:Malware-gen Antiy-AVL = Trojan/win32.agent.gen Ikarus = Trojan.Win32.Pirminay Panda = Trj/CI.A TrendMicro-HouseCall = TROJ_GEN.R47C2FL McAfee-GW-Edition = Artemis!46155E257C1F TrendMicro = TROJ_GEN.R47C2FL Microsoft = Trojan:Win32/Vundo.gen!AV McAfee = Artemis!46155E257C1F F-Secure = Trojan.Generic.6149488 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Malware-gen eSafe = Win32.TRVundo AVG = Generic23.NJ Norman = Vundo.UUS GData = Trojan.Generic.6149488 TheHacker = Trojan/Kryptik.oxp BitDefender = Trojan.Generic.6149488 NOD32 = a variant of Win32/Kryptik.OXP
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:01:23 05:31:25-05:00 PE Type : PE32 Linker Version : 5.12 Code Size : 28672 Initialized Data Size : 118784 Uninitialized Data Size : 0 Entry Point : 0x3b6a OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 7.0.0.0 Product Version Number : 5.2.3790.1230 File Flags Mask : 0x003f File Flags : Private build File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Unicode Company Name : Adaptec, Inc. File Description : Adaptec Jfccjbr Ultra320 Driver File Version : 7.0.000.000 (NT.040809-2325) Internal Name : PH 3.0 MS_V98 V564 bw01 - RTC03 Legal Copyright : Copyright © 2003 Adaptec, Inc. All rights reserved. Original Filename : adpu320.sys Product Name : Adaptec Uvsvqsj Ultra320 Family Driver Product Version : 5.2.3790.1230
VirusTotal Report submitted 2011-06-23 07:22:39
VirusShare info last updated 2012-07-25 05:26:22

	MD5	462a2d0f9e655a39715f186610668496
	SHA1	01c26e8721ac323e1b78f93fb9fc2d7127182844
	SHA256	c8df4db6e135efb961a5978d92d9bb8625bee5ea867889cdf3055fd6be742208
SSDeep	6144:xUrIlX6V2mESHOaTDNfnAYi5BP9J2EYve0iTovz6KHveqmvLDXDbv5f:xWyX5KiZ9U/rAo2oev/Xxf
Size	377741 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dldr.Ponmocup.A.280 Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/CI.A nProtect = Trojan/W32.Pirminay.377741 K7AntiVirus = Trojan VirusBuster = Trojan.DL.Ponmocup!7POGzuAAkJY VBA32 = Trojan.Pirminay.ipf TrendMicro-HouseCall = TROJ_GEN.R72C2FI Comodo = TrojWare.Win32.Trojan.Agent.Gen Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Pirminay.ipf McAfee-GW-Edition = Artemis!462A2D0F9E65 DrWeb = Trojan.DownLoader4.6549 TrendMicro = TROJ_GEN.R72C2FI Kaspersky = Trojan.Win32.Pirminay.ipf Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Pirminay.IPF!tr PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.ahf McAfee = Artemis!462A2D0F9E65 F-Secure = Trojan.Generic.6240761 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Malware-gen eSafe = Win32.TRDldr.Ponmocu AVG = Downloader.Generic11.AMVA Norman = W32/Obfuscated.L Sophos = Mal/Generic-L Symantec = Trojan.Gen GData = Trojan.Generic.6240761 TheHacker = Trojan/Pirminay.ipf BitDefender = Trojan.Generic.6240761 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:04:08 11:25:53-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 36864 Initialized Data Size : 659456 Uninitialized Data Size : 0 Entry Point : 0x63eb OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.9.1.1 Product Version Number : 2.9.1.1 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : RioPort File Description : WMDM Service Provider driver for MDM Drivers File Version : 2.9.1.1 Internal Name : mdWMDMSp Legal Copyright : Copyright © 1999- 2001 Rioport.com Legal Trademarks : Original Filename : MdWMDMSp.dll Private Build : Product Name : MDM Core Product Version : 2.9.1.1 Special Build :
VirusTotal Report submitted 2011-07-21 05:01:41
VirusShare info last updated 2012-07-25 05:26:28

	MD5	46f128d4eca4a7aeafffda977986c95e
	SHA1	145410c720bc991b7d8e43742d692e43823b6a0f
	SHA256	fc53b499535ed6840a85462e8d476e0a42b39118b4c26e03b316068abe482608
SSDeep	1536:dy5jnzdTqGodN3qQcSS5W1yiWhvwB4qIz1x:dy5fDoPaRDtqI5x
Size	106496 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-GD [Cryp] Antiy-AVL = Trojan/win32.agent.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Variant.106496.CH Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.13 VirusBuster = Trojan.Kryptik!rLuQ11Q8Syk TrendMicro-HouseCall = TROJ_GEN.R1BC3FL Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[RE] McAfee-GW-Edition = Vundo!kf DrWeb = Trojan.Smardec.76 TrendMicro = TROJ_GEN.R1BC3FL Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Monder.BMF!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.ipss McAfee = Vundo!kf F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-GD [Cryp] AVG = Generic22.ACPU Norman = W32/Kryptik.AIF GData = Gen:Variant.Vundo.13 Symantec = Trojan.Gen TheHacker = Trojan/Kryptik.ndc BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.NDC
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:11:03 15:11:13-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 20480 Initialized Data Size : 118784 Uninitialized Data Size : 0 Entry Point : 0x285e OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Ctwzhcunz Yqkslirlifg File Description : SCardDlg - Smart Card Common Dialog File Version : 6.0.6000.16386 (oyzlh_rtm.061101-2205) Internal Name : SCardDlg.dll Legal Copyright : © Aaidkyfuy Sphxtbjtbyu. All rights reserved. Original Filename : SCardDlg.dll Product Name : Rdwsfslrj® Irdlbjv® Fppgzaies Fdfkwz Product Version : 6.0.6000.16386
VirusTotal Report submitted 2011-09-12 13:41:22
VirusShare info last updated 2012-07-25 05:27:26

	MD5	479f1b20ec53c09c2b63a3f57731ee5f
	SHA1	ed671b6df7110e92ebf06e75a852d88413946b63
	SHA256	4701ed688c1908ab20f19ac25d47097fde67032ca11e7ad8c7bd709577904e41
SSDeep	6144:zGJ0R1eZg3IQqy4I0vmrx8x4D/8RlxhiOhfqBtYwIB4:zNR1ey+4x8qD/KljiOhyI
Size	274432 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.XPACK.Gen3 Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Genome Panda = Trj/CI.A Rising = Trojan.Win32.Generic.1294F153 nProtect = Gen:Variant.Vundo.13 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!cTxoSMaLvnE eTrust-Vet = Win32/Monder.A!generic Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[RE] McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.Smardec.77 Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Genome.ahhm McAfee = Generic Malware.ms F-Secure = Trojan.Vundo.6615 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.BIER Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Trojan.Vundo.6615 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.llt BitDefender = Trojan.Vundo.6615 NOD32 = a variant of Win32/Kryptik.LLT
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:03:20 13:02:11-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 208896 Initialized Data Size : 94208 Uninitialized Data Size : 0 Entry Point : 0x30831 OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.0 Product Version Number : 5.2.3790.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Vnriirkvy Pzgzmklipsm File Description : Lvgbpubuh Wkxwugi Sockets 2.0 Service Provider File Version : 5.2.3790.0 (srv03_rtm.030324-2048) Internal Name : msafd.dll Legal Copyright : © Rxasimrum Xemlecbmvvo. All rights reserved. Original Filename : msafd.dll Product Name : Sqhficqmq® Jewjzty® Hinvlpseh Tkmprt Product Version : 5.2.3790.0
VirusTotal Report submitted 2011-10-29 13:04:09
VirusShare info last updated 2012-07-25 05:28:12

	MD5	4852b4891799a3ae02af46fca1d0182e
	SHA1	dd2831f35ed3a665d6e8545e8c7b9b0fe6fe02c3
	SHA256	0cb0c9c78f7bda1723eda056b9ebde7295158fe76fb813801d42202b98ad41c6
SSDeep	6144:5FuVXcUe09a2H9p6U/3hcj6CFGi+FjltqxlhFvYWiw3daXQO:DuVsEB/O6CFGi+jltqxpRBCQO
Size	327672 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Pirminay.equ Avast = Win32:Pirminay-W [Trj] Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.5 K7AntiVirus = Riskware VirusBuster = Backdoor.Agent!4+1yK2r0C+E TrendMicro-HouseCall = TROJ_GEN.R4FC3FP Emsisoft = Trojan.Win32.Pirminay!IK Comodo = TrojWare.Win32.Trojan.Agent.Gen SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[RE] McAfee-GW-Edition = Generic Downloader.x!fxs TrendMicro = TROJ_GEN.R4FC3FP Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = PossibleThreat PCTools = Trojan.ADH Jiangmin = Trojan/Pirminay.qx McAfee = Generic Downloader.x!fxs F-Secure = Backdoor.Generic.629675 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Pirminay-W [Trj] F-Prot = W32/Ponmocup.A.gen!Eldorado AVG = Downloader.Generic11.SEC Norman = W32/Suspicious_Gen2.MSPJV Sophos = Mal/Generic-L Symantec = Trojan.ADH.2 GData = Backdoor.Generic.629675 Commtouch = W32/Ponmocup.A.gen!Eldorado TheHacker = Trojan/Pirminay.eqh BitDefender = Backdoor.Generic.629675 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:11:06 08:08:19-05:00 PE Type : PE32 Linker Version : 5.12 Code Size : 36864 Initialized Data Size : 573440 Uninitialized Data Size : 0 Entry Point : 0x61cf OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Tghifmcdg Fyslctfodfj File Description : Standard TCP/IP Port Monitor Helper DLL File Version : 6.0.6000.16386 (fivny_rtm.061101-2205) Internal Name : tcpmib.dll Legal Copyright : © Ehvyhotzq Ceqrdhorday. All rights reserved. Original Filename : tcpmib.dll Product Name : Ydaucwtcg® Plfkxmg® Fujpzrgtl Cwiwxh Product Version : 6.0.6000.16386
VirusTotal Report submitted 2011-08-21 12:34:41
VirusShare info last updated 2012-07-25 05:28:54

	MD5	49c9f89c5813d7017d296322de3d8966
	SHA1	b2b880f04ba4055b71566273755b3f4c67ea7bc9
	SHA256	740ebe2490bb4879b280abdee5fce4b14e08e3d35b37ed440ce1e58c508bacfe
SSDeep	3072:MPBOVUqopimWGKBD9KrwEuEZhwHJValiljMqqDLy/Z7K:YBOVUgmlKBZshwgnqqDLuZ
Size	166400 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.A.946 Avast = Win32:Kryptik-ELX [Trj] Antiy-AVL = Trojan/Win32.Monder.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Trj/Genetic.gen Rising = Trojan.Win32.Generic.12899D94 nProtect = Trojan/W32.Monder.166400.C K7AntiVirus = Riskware eTrust-Vet = Win32/Vundo.HQK TrendMicro-HouseCall = TROJ_GEN.R1BC2FO Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Vundo!kl DrWeb = Trojan.Smardec.75 TrendMicro = TROJ_GEN.R1BC2FO Kaspersky = Trojan.Win32.Monder.drjy Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr Jiangmin = Trojan/Monder.aapz McAfee = Vundo!kl F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Kryptik-ELX [Trj] F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.ANJ Norman = W32/Kryptik.AIF Sophos = Mal/Generic-L GData = Gen:Variant.Vundo.13 Symantec = WS.Reputation.1 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.oxq BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.OXQ
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:12:07 01:22:53-05:00 PE Type : PE32 Linker Version : 5.12 Code Size : 98304 Initialized Data Size : 118784 Uninitialized Data Size : 0 Entry Point : 0x148ca OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.3790.3959 Product Version Number : 6.0.3790.3959 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Microsoft IIS Common Logging Interface DLL File Version : 6.0.3790.3959 (srv03_sp2_rtm.070216-1710) Internal Name : ISCOMLOG.DLL Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : ISCOMLOG.DLL Product Name : Internet Information Services Product Version : 6.0.3790.3959
VirusTotal Report submitted 2011-09-15 10:05:27
VirusShare info last updated 2012-07-25 05:30:26

	MD5	4a403f0898689584eaab2a0f116334d7
	SHA1	ce14eaa2c33e7404023a38fd2e4535cd64aac356
	SHA256	dbc81d8dc92f1418d3573b3edc82d224af6ea316db33eb76dd3123fade9ab015
SSDeep	1536:npiC5icKoqhgnvM/YHbZmR/wywuhZnuyvccCK+N/0zhQ2lclCWcWdo:YCg1hgnvM/YFBMnuy1CT4hQ3lCWcWdo
Size	93696 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.aba.1 Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/Win32.Monder.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Vundo Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.13 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!xtnWfGt9nn0 TrendMicro-HouseCall = TROJ_GEN.R1BC1FF Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[Cont] McAfee-GW-Edition = Generic.dx!zri DrWeb = Trojan.Click1.54948 TrendMicro = TROJ_GEN.R1BC1FF Kaspersky = UDS:DangerousObject.Multi.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Monder.abyk McAfee = Generic.dx!zri F-Secure = Trojan.Vundo.5234 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CD.gen!Eldorado AVG = Generic21.BEPF Norman = W32/Suspicious_Gen2.MOGKU Sophos = Troj/Virtum-Gen GData = Trojan.Vundo.5234 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CD.gen!Eldorado TheHacker = Trojan/Kryptik.lxf BitDefender = Trojan.Vundo.5234 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:03:29 13:20:18-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 45056 Initialized Data Size : 90112 Uninitialized Data Size : 0 Entry Point : 0x8079 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Tczlgayud Lashwdryrso File Description : TPM WMI Provider File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : Win32_Tpm.DLL Legal Copyright : © Uqyrnikyv Corporation. All rights reserved. Original Filename : Win32_Tpm.DLL Product Name : Mctvsxyca® Sjfzjzy® Dacrqbvzf Ndhpdj Product Version : 6.1.7600.16385
VirusTotal Report submitted 2011-09-30 16:19:04
VirusShare info last updated 2012-07-25 05:31:00

	MD5	4a54c55b434342a167fbce987119970c
	SHA1	bd65ed049f30652c7de6ac028ab8a3af9539935d
	SHA256	954b865777686fe2c500f39634d0719aaaf642bc063aa4d09632d3d302755b86
SSDeep	1536:VmRFWpf5hiCWWMd5GiLJFGYR2l9F1SdWfnF+Qn85uRlkMqqU+NV23S2Eo:VQS5hdvSFGJlQdW9f8kRlkMqqDLy/Eo
Size	106496 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:Pirminay-BU [Trj] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Gen Panda = Generic Malware nProtect = Gen:Variant.Vundo.4 VirusBuster = Trojan.Kryptik!meGc5unNaVw eTrust-Vet = Win32/Monder.A!generic TrendMicro-HouseCall = TROJ_GEN.R47C2GC Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Artemis!4A54C55B4343 DrWeb = Trojan.MulDrop2.36782 TrendMicro = TROJ_GEN.R47C2GC Microsoft = Trojan:Win32/Vundo.gen!AV PCTools = Trojan.Gen Jiangmin = TrojanDownloader.Delf.abna McAfee = Artemis!4A54C55B4343 F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Pirminay-BU [Trj] AVG = Generic23.AOVK Norman = W32/Obfuscated.C2!genr Symantec = Trojan.Gen GData = Gen:Variant.Vundo.4 BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.QGJ
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:09:07 22:36:33-04:00 PE Type : PE32 Linker Version : 6.0 Code Size : 36864 Initialized Data Size : 110592 Uninitialized Data Size : 0 Entry Point : 0x4c8e OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Skpmzzglk Corporation File Description : Japwccd Write File Version : 5.1.2600.0 (lusplhbl.010817-1148) Internal Name : write Legal Copyright : © Cgjeupiyp Pllcycjuauu. All rights reserved. Original Filename : write Product Name : Mvfgrdqcn® Ovzuisr® Optfepazy Mexelr Product Version : 5.1.2600.0
VirusTotal Report submitted 2011-07-21 10:56:17
VirusShare info last updated 2012-07-25 05:31:03

	MD5	4af7bb0132261d5ea0cca9cccbe1f039
	SHA1	d890d6274e85b1d227e199dd4a47321722f05256
	SHA256	700a82247a122e20cfe9fb2351b1edcfcd07d090d4953b92502c072f2453ad2b
SSDeep	1536:q1v7NegBYUhirXQC5/blh6iOyKDr2hYtMU7N7YwR3:EhYUdWlc2K5L
Size	98304 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Malware/Win32.Generic Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.4 TrendMicro-HouseCall = TROJ_GEN.R47C2FC Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Faldesc[RE] McAfee-GW-Edition = Artemis!4AF7BB013226 Microsoft = Trojan:Win32/Vundo McAfee = Artemis!4AF7BB013226 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:Malware-gen F-Prot = W32/Virtumonde.CD.gen!Eldorado AVG = Generic22.ZNK Norman = W32/Suspicious_Gen2.MUUUQ GData = Gen:Variant.Vundo.4 Commtouch = W32/Virtumonde.CD.gen!Eldorado TheHacker = Trojan/Kryptik.ndi BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.NDI
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:06:30 10:11:52-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 20480 Initialized Data Size : 110592 Uninitialized Data Size : 0 Entry Point : 0x20c9 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7000.0 Product Version Number : 6.1.7000.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Ttbmtwjsq Magziqauxla File Description : Zwgmzsaid Base Smart Card Crypto Provider File Version : 6.1.7000.0 (winmain_win7beta.081212-1400) Internal Name : basecsp.dll Legal Copyright : © Vrznvwwzv Dboyduehdmp. All rights reserved. Original Filename : basecsp.dll Product Name : Jbfhhzscm® Jtdaxgv® Qvisjwtag Mivnrv Product Version : 6.1.7000.0
VirusTotal Report submitted 2011-06-14 01:59:56
VirusShare info last updated 2012-07-25 05:31:41

	MD5	4b1c7d65643c71cd938fbd15ad6b8330
	SHA1	c2038e9492d42e52ee1c835c3579cdfae2706753
	SHA256	0df4a90f5c6281b6bf257a3f3f511686dd41cece0ece14b3b17502df20fcfa92
SSDeep	3072:o5SbrLC3i/jvwT6IYA1/CUFqjofETpWT9JlJinCXc3ACO:lrC3IvwT7SUFqsfkpWT9VinCXcQC
Size	119296 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.aba.1 Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/Win32.Monder.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Trj/Genetic.gen nProtect = Trojan/W32.Monder.119296 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!k4c44BW3sDg eTrust-Vet = Win32/Monder.A!generic TrendMicro-HouseCall = TROJ_GEN.R4FCREV Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Generic.dx!zph DrWeb = Trojan.Virtumod.9910 TrendMicro = TROJ_GEN.R4FCREV Kaspersky = Trojan.Win32.Monder.drjy Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Moder.DRJY!tr PCTools = Trojan.Gen Jiangmin = Trojan/Monder.aanz McAfee = Generic.dx!zph F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-EI [Cryp] eSafe = Win32.TRVundo.Aba F-Prot = W32/Virtumonde.CD.gen!Eldorado AVG = Generic21.BLNB Norman = W32/Suspicious_Gen2.MLCER Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.13 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CD.gen!Eldorado TheHacker = Trojan/Kryptik.lxf BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2005:04:14 22:44:38-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 65536 Initialized Data Size : 98304 Uninitialized Data Size : 0 Entry Point : 0xcf39 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Hvbvnkbmo Imcpacdlicy File Description : IAS Pipeline File Version : 5.1.2600.0 (rwwdvpwo.010817-1148) Internal Name : IASPOLCY.DLL Legal Copyright : © Miluracvn Fpyproycska. All rights reserved. Original Filename : IASPOLCY.DLL Product Name : Ppqvspivk® Qpiulya® Epfsbzvsb Abjzsx Product Version : 5.1.2600.0
VirusTotal Report submitted 2011-09-03 23:37:51
VirusShare info last updated 2012-07-25 05:31:53

	MD5	4b7360f9acf7cf19c5863952c50f9cdd
	SHA1	381dcc8299dbd3467b8130d6ef7d1456397b4521
	SHA256	c10b0757dbe2b841882608207ea99ac0e188d59976c253e6a06b83a16235b44d
SSDeep	3072:71UJDd2qJsID6S+j0auw6YlKaAKo9U0VsSwbLO9Wl:7K0mstS+juw6YlKKPFb69m
Size	122880 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-EI Antiy-AVL = Trojan/Win32.Monder.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Suspicious file Kaspersky = Trojan.Win32.Monder.drjy VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-EI GData = Win32:MalOb-EI NOD32 = a variant of Win32/Kryptik.OXO
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:01 06:43:32-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 98304 Initialized Data Size : 53248 Uninitialized Data Size : 0 Entry Point : 0x18111 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.0.2188.1 Product Version Number : 5.0.2188.1 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Yfnapnumr Wiapknxejqo File Description : Remote Access Client Side Command Line Dial UI File Version : 5.00.2188.1 Internal Name : RASDIAL.EXE Legal Copyright : Copyright (C) Nxwtlwsmo Corp. 1981-1999 Original Filename : RASDIAL.EXE Product Name : Bubdlkkpb(R) Uaksjke (R) 2000 Iqtsdsvup System Product Version : 5.00.2188.1
VirusTotal Report submitted 2011-06-22 00:38:36
VirusShare info last updated 2012-07-25 05:32:17

	MD5	4bde0fca9389573291145abe22d56d2a
	SHA1	5e9437ba404ee0d56e9e3576a3c481410164bb18
	SHA256	b638260d4593710a61fa73571e69e4b114a790c6af9427ab1039d44c56621fba
SSDeep	3072:bWVYwTpqtqWd9IlEDHgMhWAoJCEoIp+e+z4mRBDjyVG:bMTwtq5M2C7z4mRBny
Size	133120 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-GD [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.FakeAV Panda = Suspicious file Rising = Trojan.Win32.Generic.128D9CE6 nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!d6fyYHSS/jk TrendMicro-HouseCall = TROJ_GEN.R1BC2H6 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Vundo!kf TrendMicro = TROJ_GEN.R1BC2H6 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Jiangmin = Trojan/Generic.ipsf McAfee = Vundo!kf F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:MalOb-GD [Cryp] eSafe = Win32.Vundo F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.AUNW Norman = W32/Suspicious_Gen2.PRIFE Sophos = Mal/Generic-L GData = Gen:Variant.Vundo.4 Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Gen:Variant.Vundo.4 NOD32 = probably a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:09 21:06:46-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 73728 Initialized Data Size : 98304 Uninitialized Data Size : 0 Entry Point : 0xfd9a OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 4.6.3.518 Product Version Number : 4.6.3.518 File Flags Mask : 0x30003f File Flags : (none) File OS : Windows 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Windows, Latin1 Company Name : Microsoft Corporation File Description : Microsoft DirectDraw File Version : 4.06.03.0518 Internal Name : ddraw.dll Legal Copyright : Copyright © Microsoft Corp. 1994-1999 Original Filename : ddraw.dll Product Name : Microsoft® DirectX for Windows® 95 and 98 Product Version : 4.06.03.0518
VirusTotal Report submitted 2011-09-04 13:31:49
VirusShare info last updated 2012-07-25 05:32:49

	MD5	4bf7a14e6a4fed03bfe0e550603f19b3
	SHA1	71d8bbd04df35d207f25f93ce15c8fd8c0fd58e0
	SHA256	5bef946570814a6e84d88386677ea5e2c7b19020a0d8cbbe449c0e3f86692282
SSDeep	1536:U4eVwSC/UXuY28bQJjml9I3k3lQ36QDkUJ5Le:UXwx8b20QJj83lQ39kw
Size	49664 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:MalOb-GH Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Malware/Win32.Generic Panda = Trj/CI.A K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!CmBphEu9n78 TrendMicro-HouseCall = TROJ_GEN.R72C2FJ Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Vundo!iz TrendMicro = TROJ_GEN.R72C2FJ ViRobot = Trojan.Win32.Vundo.49664 Microsoft = Trojan:Win32/Vundo.gen!AV McAfee = Vundo!iz F-Secure = Trojan.Generic.6143611 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-GH AVG = Generic22.COIN GData = Trojan.Generic.6143611 TheHacker = Trojan/Kryptik.ocu BitDefender = Trojan.Generic.6143611 NOD32 = a variant of Win32/Kryptik.OCU
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2004:08:16 10:16:46-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 40960 Initialized Data Size : 49152 Uninitialized Data Size : 0 Entry Point : 0xaeb1 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2001.12.4414.258 Product Version Number : 3.0.0.4414 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Windows, Latin1 Company Name : Yzwibhlqj Ewifvhxbtkz File Description : Simple Kernel-mode File-based Log File Version : 2001.12.4414.258 Internal Name : txflog.sys Legal Copyright : Copyright (C) Microsoft Corp. 1995-1999 Legal Trademarks : Qfvwqsgxa(R) is a registered trademark of Ighyzngxg Psbzwdzhbpn. Pbnyczd(TM) is a trademark of Zlpagiibr Klpywuagrfb Product Name : COM Services Product Version : 03.00.00.4414
VirusTotal Report submitted 2011-06-29 21:52:33
VirusShare info last updated 2012-07-25 05:32:54

	MD5	4cfcefe85fd367ea59688369349d0351
	SHA1	c30fec402f01707976e40aa4de13ea4239db0604
	SHA256	40bde5ed52c739b4ccc7770303242caac02f4ed66f47318e0fb69820c012bf81
SSDeep	6144:YGMRzkGlUKQryU8ej6M17RZVmigfflZkORnPPB1lOfGio:YGMRkKQV+MtRcfbp51lOfW
Size	311296 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Spy.ZBot.34.51 Avast = Win32:Zbot-NDU [Trj] Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Generic Trojan Rising = Trojan.Win32.Generic.128C5571 nProtect = Trojan/W32.Pirminay.311296 K7AntiVirus = Trojan VirusBuster = Trojan.Pirminay!3c031/6UyM0 VBA32 = Trojan.Pirminay.hxr eTrust-Vet = Win32/Pirminay.JJ TrendMicro-HouseCall = TROJ_PIRMIN.SMUM Emsisoft = Trojan.Win32.Pirminay!IK Comodo = TrojWare.Win32.Trojan.Agent.Gen McAfee-GW-Edition = Artemis!4CFCEFE85FD3 DrWeb = Trojan.DownLoader3.13029 TrendMicro = TROJ_PIRMIN.SMUM Kaspersky = Trojan.Win32.Pirminay.hxr Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Kryptik.ANL!tr PCTools = HeurEngine.MaliciousPacker McAfee = Artemis!4CFCEFE85FD3 F-Secure = Trojan.Zbot.HQZ VIPRE = Trojan.Win32.Generic!SB.0 eSafe = Win32.TRSpy.Zbot F-Prot = W32/Trojan2.NNWY AVG = SHeur3.CCVM Norman = W32/Obfuscated.L Sophos = Mal/Generic-L GData = Trojan.Zbot.HQZ Symantec = Packed.Generic.305 Commtouch = W32/Trojan2.NNWY TheHacker = Trojan/Pirminay.hxr BitDefender = Trojan.Zbot.HQZ NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:12:10 11:47:18-05:00 PE Type : PE32 Linker Version : 5.12 Code Size : 294912 Initialized Data Size : 282624 Uninitialized Data Size : 0 Entry Point : 0x48816 OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.398.613.2003 Product Version Number : 5.398.613.2003 File Flags Mask : 0x003f File Flags : Private build File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 6 Language Code : English (U.S.) Character Set : Unicode Company Name : Realtek Semiconductor Corporation File Description : Realtek RTL8139 NDIS 5.0 Driver File Version : 5.398.613.2003 built by: WinDDK Internal Name : RTL8139.SYS Legal Copyright : Copyright (C) 1994-2003 Realtek Semiconductor Uawxklfledv Original Filename : RTL8139.SYS Product Name : Realtek RTL8139 Family Fast Ethernet Adapter Product Version : 5.398.613.2003
VirusTotal Report submitted 2011-10-19 16:37:58
VirusShare info last updated 2012-07-25 05:34:07

	MD5	4db1731d3ee5926600f5bc412f6be367
	SHA1	e551607fd3096373838dd17f67fe7139d8fa08f2
	SHA256	b1c9f91979a984ef81fe39912b73970198ba565b266fdd089273d6db9cfe8187
SSDeep	6144:XPmE2IQdwk5cNBPITI86xPT2OV0oNZ1utmFp6BazzC2K5UNbUPigOsQGXv:/Od0Nm0RT2OtNbVbkUNb8igrQe
Size	425984 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Spy.ZBot.34.48 Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Zbot.425984.D Panda = Trj/CI.A nProtect = Gen:Variant.Zbot.34 K7AntiVirus = Trojan VirusBuster = Trojan.Pirminay!wp0GIffNAYo VBA32 = Trojan.Pirminay.hup Comodo = TrojWare.Win32.Trojan.Agent.Gen Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Faldesc[RE] McAfee-GW-Edition = Artemis!4DB1731D3EE5 DrWeb = Trojan.WinSpy.1038 Kaspersky = Trojan.Win32.Pirminay.hup Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Mdrop.DMN!tr Jiangmin = Trojan/Pirminay.aar McAfee = Artemis!4DB1731D3EE5 F-Secure = Gen:Variant.Zbot.34 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Malware-gen eSafe = Win32.TRSpy.Zbot AVG = Generic22.BRXL Norman = W32/Obfuscated.L Sophos = Troj/Mdrop-DMN GData = Gen:Variant.Zbot.34 TheHacker = W32/Pirminay.hup BitDefender = Gen:Variant.Zbot.34 NOD32 = probably a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2005:11:29 10:33:29-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 376832 Initialized Data Size : 352256 Uninitialized Data Size : 0 Entry Point : 0x597b2 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7000.0 Product Version Number : 6.1.7000.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Avejihvhn Cqlfvgoscmf File Description : Vyqishi Live Services File Version : 6.1.7000.0 (winmain_win7beta.081212-1400) Internal Name : wlsrvc Legal Copyright : © Plzuianji Eutnvciopig. All rights reserved. Original Filename : wlsrvc Product Name : Jowhcumbl® Oicldwc® Hxllfogrt Ojayun Product Version : 6.1.7000.0
VirusTotal Report submitted 2011-07-16 02:21:38
VirusShare info last updated 2012-07-25 05:35:08

	MD5	4dfb1756d293ae2911c881bdbe9d5cb2
	SHA1	573f649ff4c04d1eaeb4d6d05f5601a60a3e0c54
	SHA256	6537f3638228f33bbfd8c6748086facc7b45f2575b088bb9fc24171a11057fae
SSDeep	1536:2IHnnbMVyVp01sjQ7WwQlwU5sgRmN253D3A3/XPifjZz7NvZ1I:RHnn4au15WwkwCPmNWbA33irZ/Nvk
Size	98304 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/VB.Downloader.Gen Avast = Win32:Hosts-J [Trj] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Swisyn Panda = Trj/Qhost.LU Rising = Trojan.Win32.QHost.awf nProtect = Trojan/W32.Swisyn.98304.T K7AntiVirus = Trojan VirusBuster = Trojan.Swisyn!whPY1JLc4mw VBA32 = SScope.Trojan.VB.0609 eTrust-Vet = Win32/Swisyn.R TrendMicro-HouseCall = TROJ_FAM_00001e3.TOMA Comodo = TrojWare.Win32.Swisyn.C Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = TrojanDownloader.Ponmocup.A3 SUPERAntiSpyware = Trojan.Agent/Gen-HackHost McAfee-GW-Edition = Heuristic.BehavesLike.Win32.Downloader.D DrWeb = Trojan.Hosts.303 TrendMicro = TROJ_FAM_00001e3.TOMA Kaspersky = Trojan.Win32.Swisyn.jyb Microsoft = TrojanDownloader:Win32/Ponmocup.A ViRobot = Trojan.Win32.Swisyn.65024 Fortinet = W32/Swisyn.CQV!tr PCTools = Malware.Changeup Jiangmin = Trojan/Swisyn.cby McAfee = Swisyn.s ClamAV = Trojan.VB-43290 F-Secure = Trojan.QHosts.AVD VIPRE = Trojan.Win32.Swisyn.jyb (v) Avast5 = Win32:Hosts-J [Trj] F-Prot = W32/Swisyn.E.gen!Eldorado AVG = Dropper.VB.CMD Norman = W32/DLoader.ACMAD Sophos = Mal/Swisyn-D Symantec = W32.Changeup!gen GData = Trojan.QHosts.AVD Commtouch = W32/Swisyn.E.gen!Eldorado TheHacker = Trojan/Swisyn.jyb BitDefender = Trojan.QHosts.AVD NOD32 = Win32/Qhost.NRX
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:13 10:28:38-04:00 PE Type : PE32 Linker Version : 6.0 Code Size : 8192 Initialized Data Size : 8192 Uninitialized Data Size : 0 Entry Point : 0x1088 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2011-07-23 04:08:44
VirusShare info last updated 2012-07-25 05:35:29

	MD5	4e046ccff5faa25052f77624693456a6
	SHA1	79ca9d4d9786c663e6fa8b5530b7e644c9ef170a
	SHA256	6dd8a7b35d8b74e848980acc57ea01393854114950da458154996812d9c23b86
SSDeep	6144:qdbi6PiMO2KY+lwXPB3B0M/eUzzSZI/rTEYslvTK110/Hm:2ixL2KY+l03hoI/rwY4v+11Am
Size	321327 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.XPACK.Gen3 Avast = Win32:Malware-gen Ikarus = Trojan-Downloader.Win32.Ponmocup AhnLab-V3 = Win-Trojan/Malware.321327 Panda = Suspicious file nProtect = Gen:Variant.Riern.1 K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_GEN.R26C1F3 Comodo = TrojWare.Win32.Trojan.Agent.Gen CAT-QuickHeal = Win32.TrojanDownloader.Renos.KC.4 McAfee-GW-Edition = Generic Downloader.x!elz TrendMicro = TROJ_GEN.R26C1F3 Kaspersky = Trojan.Win32.Pirminay.ccm Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Pirminay.CCM!tr PCTools = HeurEngine.MaliciousPacker McAfee = Generic Downloader.x!elz VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Malware-gen F-Prot = W32/FakeAlert.LP.gen!Eldorado AVG = Generic22.CCSA Norman = W32/Suspicious_Gen2.MQMVY Sophos = Mal/Generic-L Symantec = Packed.Generic.305 GData = Gen:Variant.Riern.1 Commtouch = W32/FakeAlert.LP.gen!Eldorado BitDefender = Gen:Variant.Riern.1 NOD32 = a variant of Win32/Agent.RDG
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2004:04:10 00:52:41-04:00 PE Type : PE32 Linker Version : 6.0 Code Size : 24576 Initialized Data Size : 587264 Uninitialized Data Size : 0 Entry Point : 0x6dc8 OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Disk Block Verification Filter Driver File Version : 6.0.6000.16386 (vista_rtm.061101-2205) Internal Name : crcdisk.sys Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : crcdisk.sys Product Name : Microsoft® Windows® Operating System Product Version : 6.0.6000.16386
VirusTotal Report submitted 2011-06-08 15:39:56
VirusShare info last updated 2012-07-25 05:35:32

	MD5	4e3178f343429cf0f0e1d198a77f5f83
	SHA1	46bc27227994712b76167082757332992410033a
	SHA256	9d6764808137a7856b689595d89bf0872109d0451534e4fbc60e9220d2c89aa2
SSDeep	768:PIlFMfubl6XVYGLkT7h21tycL/kPHkCxA8Eucr+MJyObRDSgbpNtCsI:PYMmbU8E1AjprcsOttbpNt4
Size	69632 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.4.195 Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/Win32.Monder.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Vundo Panda = Trj/CI.A nProtect = Trojan/W32.Monder.69632.L K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!Dh35EvcJBDI VBA32 = Trojan.Monder.miyn TrendMicro-HouseCall = TROJ_VUNDO.SMP1 Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Faldesc[RE] McAfee-GW-Edition = Vundo!ix DrWeb = Trojan.Smardec.58 TrendMicro = TROJ_VUNDO.SMP1 Kaspersky = Trojan.Win32.Monder.miyn ViRobot = Trojan.Win32.S.Monder.69632.A Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Monder.aahh McAfee = Vundo!ix F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) eSafe = Win32.TRVundo F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.CDOB Norman = W32/Suspicious_Gen2.MVNJE Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.ndf BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.NDF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:11:23 16:38:47-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 49152 Initialized Data Size : 49152 Uninitialized Data Size : 0 Entry Point : 0xbf81 OS Version : 4.0 Image Version : 9.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.1106 Product Version Number : 5.1.2600.1106 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Nimybltgr Xypkzmsxjwz File Description : Cplffpxds DirectMusic Scripting File Version : 5.1.2600.1106 (xpsp1.020828-1920) Internal Name : Lqlbuiifh DirectMusic Scripting Legal Copyright : © Xpmyvicde Nuzgyszckie. All rights reserved. Original Filename : dmscript.dll Product Name : Ehrtaizdy® Xkyordn® Fpyueukmy System Product Version : 5.1.2600.1106
VirusTotal Report submitted 2011-10-21 12:12:07
VirusShare info last updated 2012-07-25 05:35:41

	MD5	4fafab10bff548885f1ce3e4e085e029
	SHA1	364c5cad109a2953b8013874886e14530f697c5f
	SHA256	2730d021dfa29268042132012bc2d72439dfd49a413c6e4e4542e66984cab628
SSDeep	1536:MSPaNa/2YWxmHK/+S4NFEOqcOFb+DE4yQ:M82X4KP4NFEOqta
Size	52224 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Suspicious file K7AntiVirus = Trojan VBA32 = AdWare.SuperJuan.heur eTrust-Vet = Win32/Monder.A!generic TrendMicro-HouseCall = TROJ_GEN.R72C7JK Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Vundo!mq DrWeb = Trojan.Virtumod.9769 TrendMicro = TROJ_GEN.R72C7JK Kaspersky = Trojan.Win32.Monder.mxvj Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Monder.gqx McAfee = Vundo!mq F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CI.gen!Eldorado AVG = Generic25.AHXO Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen Symantec = Trojan.Gen GData = Win32:MalOb-EI Commtouch = W32/Virtumonde.CI.gen!Eldorado BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LFR
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:31 05:48:34-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 12288 Initialized Data Size : 86016 Uninitialized Data Size : 0 Entry Point : 0x357e OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 7.5.7000.0 Product Version Number : 7.5.7000.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Microsoft Windows BITS Managed Library File Version : 7.5.7000.0 (winmain_win7beta.081212-1400) Internal Name : Microsoft.Windows.BackgroundIntelligentTransfer.dll Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : Microsoft.Windows.BackgroundIntelligentTransfer.dll Product Name : Microsoft® Windows® Operating System Product Version : 7.5.7000.0
VirusTotal Report submitted 2011-10-28 07:13:49
VirusShare info last updated 2012-07-25 05:37:28

	MD5	501a94e962cf85ecd7bcc4fbbac1310c
	SHA1	5918763b5f8ac6c875daf2993cf104427f8ec333
	SHA256	9d20ee0e82c3fb31e7230c9cd3f31a506160bf359496138e441ddafec24725de
SSDeep	12288:XizBqx9spYe86hcAaqG51uVdypSGuBnRUHRkseJGu1:XEwIzvuuV2OBJDn1
Size	456089 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	Avast = Win32:Pirminay-Y Ikarus = Trojan.Win32.Pirminay Panda = Suspicious file Avast5 = Win32:Pirminay-Y Norman = W32/Obfuscated.L GData = Win32:Pirminay-Y NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:01:07 02:54:13-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 454656 Initialized Data Size : 4096 Uninitialized Data Size : 565248 Entry Point : 0xf9530 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Qmaqiyzce Qlwirexxneo File Description : Run As Utility File Version : 5.1.2600.0 (vruzwimy.010817-1148) Internal Name : runas Legal Copyright : © Uubbnzzzy Onliufuhcei. All rights reserved. Original Filename : RUNAS.EXE Product Name : Ucinvoqwe® Unnzymm® Nehtbkbzo Cwnujb Product Version : 5.1.2600.0
VirusTotal Report submitted 2011-06-30 21:11:52
VirusShare info last updated 2012-07-25 05:38:02

	MD5	506c2c34cb442fc7d242a1d6dee3c2eb
	SHA1	da270d981a1f9792899e293dcfb707eb96702539
	SHA256	bc4d0f5c193bfa133a090c24514ed0adc9fff3d354f47b71bb6602aa40f83966
SSDeep	6144:hwjJyfZJGGIvGkExHpC6AlIidJ04wVwrYYbO8iTzP93PWTMoxm8xqQiiqy0nMJsT:KJeWL+7yI94wc++Jq9iNaWsyu9
Size	417280 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.FakeAV Panda = Generic Trojan nProtect = Trojan/W32.Agent.417280.BK VirusBuster = Trojan.Pirminay!RCYf6a7NCxE TrendMicro-HouseCall = TROJ_GEN.R29C2EN Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[RE] McAfee-GW-Edition = Generic Downloader.x!fyj DrWeb = Trojan.DownLoader2.55877 TrendMicro = TROJ_GEN.R29C2EN Kaspersky = Trojan.Win32.Pirminay.gvj Microsoft = TrojanDownloader:Win32/Renos.KC Jiangmin = Trojan/Pirminay.zn McAfee = Generic Downloader.x!fyj F-Secure = Trojan.Generic.KDV.219992 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Kryptik-CKR [Trj] AVG = Generic22.AQYW Norman = W32/Suspicious_Gen2.LZLDK Sophos = Mal/Generic-L Symantec = WS.Reputation.1 GData = Trojan.Generic.KDV.219992 TheHacker = Trojan/Pirminay.gvj BitDefender = Trojan.Generic.KDV.219992 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:09:01 08:17:54-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 65536 Initialized Data Size : 696320 Uninitialized Data Size : 0 Entry Point : 0xd6b3 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Qrdpkibpw Mzojffyqxkp File Description : ISO-2022 Code Page Translation DLL File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : c_is2022 Legal Copyright : © Smwiqmqdl Rlsbdkcbsep. All rights reserved. Original Filename : c_is2022.dll Product Name : Unezbkrqn® Yvzluxy® Hxrmoyuvv Ywprnr Product Version : 6.1.7600.16385
VirusTotal Report submitted 2011-07-11 14:50:59
VirusShare info last updated 2012-07-25 05:38:24

	MD5	509a3133956b3c5be183ada1ea9bb08e
	SHA1	4890f2918eb5d85048588d8f8d84ac6068924dd1
	SHA256	0847bb5880681bc59cfc7d4c8ae9877f61021ed811abd81e7826face8cde59bb
SSDeep	3072:xLsdoJISgi+frbQz3ZAFg9PiIAz/b1Z5bDlJSMuCyOD53cCG:x5yio/IADb17by+Ft
Size	131072 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.aba.1 Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/Win32.Monder.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Trj/CI.A nProtect = Trojan/W32.Monder.131072.E K7AntiVirus = Riskware VirusBuster = Trojan.Monder!jbnOz62/zTU eTrust-Vet = Win32/Monder.A!generic TrendMicro-HouseCall = TROJ_GEN.R1BC2FM Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Vundo!kl DrWeb = Trojan.Virtumod.10105 TrendMicro = TROJ_GEN.R1BC2FM Kaspersky = Trojan.Win32.Monder.drjy Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Monder.DRJY!tr PCTools = Trojan.Gen Jiangmin = Trojan/Monder.aarr McAfee = Vundo!kl F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:MalOb-EI [Cryp] F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.BNPQ Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.13 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.LLT
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:09:05 18:49:28-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 69632 Initialized Data Size : 94208 Uninitialized Data Size : 0 Entry Point : 0xe7a1 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 2 Language Code : Neutral Character Set : Unicode Company Name : Ubtkjusda Xxcmmbgwjxz File Description : Croatian/Slovenian Keyboard Layout File Version : 6.0.6000.16386 (lracn_rtm.061101-2205) Internal Name : kbdcr (3.13) Legal Copyright : © Bdcqjxpkb Lvqecdvdyzi. All rights reserved. Original Filename : kbdcr.dll Product Name : Mlewoxhfp® Fppvgef® Dtiqfvgny Ypezkz Product Version : 6.0.6000.16386
VirusTotal Report submitted 2011-09-03 01:16:53
VirusShare info last updated 2012-07-25 05:38:36

	MD5	50aa71cc1ed38013c49280e6c04a06af
	SHA1	dc99e20dd9deaac69740db1faddaabe10f8cba6d
	SHA256	f8b9da4360d70181eac7c2d9db9123a701bbf3078f3646f9918797b2725c0692
SSDeep	6144:PqhFUbDWDNnVIAblroH3sJhaLUFthIu5mzBCSUhBeDS8KfQ:P0FUXWRnC8QLUFLIomzQSKIso
Size	327455 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dldr.Ponmocup.A.211 Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Fakeav.327455 Panda = Suspicious file nProtect = Gen:Variant.Riern.1 K7AntiVirus = Riskware VBA32 = Trojan.Pirminay.cds TrendMicro-HouseCall = TROJ_GEN.R26C1F7 Emsisoft = Trojan.Win32.Pirminay!IK Comodo = TrojWare.Win32.Trojan.Agent.Gen CAT-QuickHeal = Win32.TrojanDownloader.Renos.KC.4 McAfee-GW-Edition = Generic Downloader.x!emj TrendMicro = TROJ_GEN.R26C1F7 Kaspersky = Trojan.Win32.Pirminay.cds Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Pirminay.A!tr PCTools = HeurEngine.MaliciousPacker Jiangmin = Trojan/Pirminay.ajz McAfee = Generic Downloader.x!emj F-Secure = Gen:Variant.Riern.1 VIPRE = Packed.Win32.Pirminay.a (v) Avast5 = Win32:Malware-gen eSafe = Win32.TRDldr.Ponmocu F-Prot = W32/FakeAlert.LP.gen!Eldorado AVG = Generic22.CHHY Norman = W32/Suspicious_Gen2.MRRHO Sophos = Mal/Ponmocup-A Symantec = Packed.Generic.305 GData = Gen:Variant.Riern.1 Commtouch = W32/FakeAlert.LP.gen!Eldorado TheHacker = Trojan/Pirminay.cds BitDefender = Gen:Variant.Riern.1 NOD32 = a variant of Win32/Kryptik.IAC
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:16 14:16:56-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 38912 Initialized Data Size : 570368 Uninitialized Data Size : 0 Entry Point : 0xa46c OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.0 Product Version Number : 5.2.3790.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : VDM Parallel Driver File Version : 5.2.3790.0 (srv03_rtm.030324-2048) Internal Name : parvdm.sys Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : parvdm.sys Product Name : Microsoft® Windows® Operating System Product Version : 5.2.3790.0
VirusTotal Report submitted 2011-07-10 08:48:36
VirusShare info last updated 2012-07-25 05:38:41

	MD5	513b89131555d086147f9f7cec92326d
	SHA1	85e49d7ecf5c25e439636953b1ddba61dd2e5d2a
	SHA256	abca4719865699ca302f084dcd6e5d61611c56ebadfbdb1a889c3fca5f648e62
SSDeep	1536:AQz6LoHV4Pvg9NY9bRfk6imKsh4o6FMqqU+NV23S2ts:AQrqI9YPiml6tMqqDLy/e
Size	86016 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:Pirminay-BU [Trj] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Malware/Win32.Generic Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!ccg5klqFQew Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-FakeAlert[Rn] Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Pirminay-BU [Trj] AVG = Generic23.DRG GData = Gen:Variant.Vundo.4 BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.NPN
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:25 05:10:30-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 16384 Initialized Data Size : 110592 Uninitialized Data Size : 0 Entry Point : 0x4d01 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Vyndlvpup Ikfvspdzjnr File Description : ProQuota File Version : 5.1.2600.0 (gkxxzgfv.010817-1148) Internal Name : proquota Legal Copyright : © Dpomsarjk Klzypiinrfn. All rights reserved. Original Filename : proquota.exe Product Name : Jmcdmpxso® Zccwidr® Zflwdzhph Dsqowk Product Version : 5.1.2600.0
VirusTotal Report submitted 2011-07-22 21:18:56
VirusShare info last updated 2012-07-25 05:39:21

	MD5	529895ce73f223b534e6e430805f06e8
	SHA1	1f6b79649666ce8cdda93de256944b1b76af04f2
	SHA256	5a312e59464501a74846ae72c6ebd094f0a178f6dd94b7455fd3090055242d54
SSDeep	3072:ldF7aknH7EtjioMAvxweCrf7qTivlfULmxbEo7ju1F:lddakkOoMAJweuWyl8LmxBE
Size	120832 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-GD [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Gen Panda = Trj/CI.A K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!dGKKZkdEN18 TrendMicro-HouseCall = TROJ_GEN.R72C2F9 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Vundo!kl DrWeb = Trojan.WinSpy.1073 TrendMicro = TROJ_GEN.R72C2F9 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV PCTools = Trojan.Gen Jiangmin = Trojan/Generic.imrk McAfee = Vundo!kl F-Secure = Trojan.Generic.6104014 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-GD [Cryp] F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.BUEF Sophos = Troj/Virtum-Gen GData = Trojan.Generic.6104014 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.npn BitDefender = Trojan.Generic.6104014 NOD32 = a variant of Win32/Kryptik.NPN
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:14 13:39:47-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 69632 Initialized Data Size : 94208 Uninitialized Data Size : 0 Entry Point : 0x11a81 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1.3.0.3130 Product Version Number : 1.3.0.3130 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Jywyluocc Vhpbrgajfmp File Description : TDC ActiveX Control File Version : 1, 3, 0, 3130 Internal Name : TDC Legal Copyright : Copyright © 1996, 1997 Original Filename : TDC.OCX Product Name : Tabular Data Control Product Version : 1, 3, 0, 3130
VirusTotal Report submitted 2011-09-02 20:51:50
VirusShare info last updated 2012-07-25 05:40:48

	MD5	53d0fafa945b6eb4436db598b2bffc46
	SHA1	b97844567e7c5b813a93f9de858918ee09e71d29
	SHA256	3c93a8199a9466b2074a6a748006dcf55b2dbd116002974d070b23e5e12f90ec
SSDeep	3072:78KR0L/eLpel331r6byLD2WqUirTfflpcIACjg0YcYmbRIryLcfBq8POOW:KKm1YDDr7caYJmbRrGBqUW
Size	102912 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Vundo Panda = Trj/Genetic.gen nProtect = Gen:Variant.Vundo.13 K7AntiVirus = Riskware eTrust-Vet = Win32/Monder.A!generic TrendMicro-HouseCall = TROJ_GEN.R4FC1JN Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Faldesc[RE] McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.Smardec.82 TrendMicro = TROJ_GEN.R4FC1JN Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV ViRobot = Trojan.Win32.Vundo.102912 Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.gddy McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CD.gen!Eldorado Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.13 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CD.gen!Eldorado TheHacker = Trojan/Kryptik.lxf BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:08:15 19:44:32-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 53248 Initialized Data Size : 90112 Uninitialized Data Size : 0 Entry Point : 0xa8a5 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6001.18000 Product Version Number : 6.0.6001.18000 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Crspatyrt Iiavhzuekfy File Description : Inttonhuv EAPHost Peer Client DLL File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840) Internal Name : eappprxy.dll Legal Copyright : © Tmzeezucf Orpcjqwwmcj. All rights reserved. Original Filename : eappprxy.dll Product Name : Egasnptin® Klrcaac® Cbpvxbcoj Nvuogg Product Version : 6.0.6001.18000
VirusTotal Report submitted 2011-10-30 21:28:45
VirusShare info last updated 2012-07-25 05:42:08

	MD5	564d876ae94d7da8976c6d4d48735016
	SHA1	91371b1784ce02a21b57d57610c6fe70dbbda5f3
	SHA256	c14c00e77bb4f6530ae880cc946b8c35300cf867a52a28f0c14426cc27b120f8
SSDeep	3072:qD8A8Me7T/nP9cLcSVORTN1hCXn1wMwHyaXnTcRJGB/wXV3cxtyIPRZZvPDc:qDmMe7T9KVfwMwpBo19I5
Size	150016 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:MalOb-GD Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Malware/Win32.Generic Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.13 K7AntiVirus = Riskware Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Agent.Gen SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Generic.dx!zwd Kaspersky = HEUR:Trojan.Win32.Generic Jiangmin = Trojan/Generic.gdwr McAfee = Generic.dx!zwd F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-GD AVG = Generic22.BDVZ Norman = W32/Suspicious_Gen2.MYMZK GData = Gen:Variant.Vundo.13 TheHacker = Trojan/Kryptik.ndf BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.NDF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2007:02:25 23:57:15-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 139264 Initialized Data Size : 53248 Uninitialized Data Size : 0 Entry Point : 0x22691 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Sqdxuwjyv Jtzvdxwxyfz File Description : RD Gateway QEC File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : tsgqec.dll Legal Copyright : © Pfsomcmvl Jfkoqfylawb. All rights reserved. Original Filename : tsgqec.dll Product Name : Qidllkosj® Windows® Mphwnomth Jumiqu Product Version : 6.1.7600.16385
VirusTotal Report submitted 2011-06-26 05:32:18
VirusShare info last updated 2012-07-25 05:45:01

	MD5	58b01fa09a2952481a093c8b14305396
	SHA1	43ab4ede6897ba4e9cd148c646632808be67de07
	SHA256	6d375711980912325363f06d6745976a704b7d0ee0a5006cbaf396bf42ebc01e
SSDeep	1536:U4swSC/UXuY28bQJjml9I3k3lQ36QDkUZEI:UZwx8b20QJj83lQ39kW
Size	49664 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:MalOb-GH [Cryp] Antiy-AVL = Trojan/win32.agent.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Trj/Genetic.gen nProtect = Trojan/W32.Small.49664.EE K7AntiVirus = Trojan eTrust-Vet = Win32/Vundo.A!generic TrendMicro-HouseCall = TROJ_GEN.R4FC2IL Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Artemis!58B01FA09A29 DrWeb = Trojan.WinSpy.1071 TrendMicro = TROJ_GEN.R4FC2IL Kaspersky = Trojan.Win32.Monder.myod ViRobot = Trojan.Win32.Vundo.49664 Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.isio McAfee = Artemis!58B01FA09A29 F-Secure = Trojan.Generic.6748717 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.ST AVG = Cryptic.DQQ Norman = W32/Kryptik.AKE Sophos = Troj/Virtum-Gen GData = Trojan.Generic.6748717 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.ST TheHacker = Trojan/Kryptik.ocu BitDefender = Trojan.Generic.6748717 NOD32 = a variant of Win32/Kryptik.OCU
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2004:08:16 10:16:46-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 40960 Initialized Data Size : 49152 Uninitialized Data Size : 0 Entry Point : 0xaeb1 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2001.12.4414.258 Product Version Number : 3.0.0.4414 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Windows, Latin1 Company Name : Yzwibhlqj Ewifvhxbtkz File Description : Simple Kernel-mode File-based Log File Version : 2001.12.4414.258 Internal Name : txflog.sys Legal Copyright : Copyright (C) Microsoft Corp. 1995-1999 Legal Trademarks : Qfvwqsgxa(R) is a registered trademark of Ighyzngxg Psbzwdzhbpn. Pbnyczd(TM) is a trademark of Zlpagiibr Klpywuagrfb Product Name : COM Services Product Version : 03.00.00.4414
VirusTotal Report submitted 2011-10-28 11:09:48
VirusShare info last updated 2012-07-25 05:47:42

	MD5	59f36748a2db775bb7db4ed24913c7d4
	SHA1	e808d065789b1becbc46ea894cc68684d1e04b47
	SHA256	612221555c3eb0756be2a457fc76825f5e053e6002247d3ffe4197aab6d7ffc9
SSDeep	3072:NWVYwv3pGtSWX9IfEDGUpiWAoJCZoEp+e+z4mRBDjywG:NMv3UtSKpnCcz4mRBny
Size	133120 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-GD Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.FakeAV Panda = Suspicious file nProtect = Gen:Variant.Vundo.4 VirusBuster = Trojan.Kryptik!saxBS/KDQc8 TrendMicro-HouseCall = TROJ_GEN.R47C2FJ Comodo = UnclassifiedMalware McAfee-GW-Edition = Artemis!59F36748A2DB TrendMicro = TROJ_GEN.R47C2FJ Microsoft = Trojan:Win32/Vundo PCTools = Trojan.Gen McAfee = Artemis!59F36748A2DB F-Secure = Gen:Variant.Vundo.4 VIPRE = Virtumonde Avast5 = Win32:MalOb-GD AVG = Generic22.AUNW Norman = W32/Suspicious_Gen2.MUSGW Symantec = Trojan.Gen GData = Gen:Variant.Vundo.4 BitDefender = Gen:Variant.Vundo.4 NOD32 = probably a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:09 21:06:46-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 73728 Initialized Data Size : 98304 Uninitialized Data Size : 0 Entry Point : 0xfd9a OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 4.6.3.518 Product Version Number : 4.6.3.518 File Flags Mask : 0x30003f File Flags : (none) File OS : Windows 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Windows, Latin1 Company Name : Microsoft Corporation File Description : Microsoft DirectDraw File Version : 4.06.03.0518 Internal Name : ddraw.dll Legal Copyright : Copyright © Microsoft Corp. 1994-1999 Original Filename : ddraw.dll Product Name : Microsoft® DirectX for Windows® 95 and 98 Product Version : 4.06.03.0518
VirusTotal Report submitted 2011-07-01 22:15:35
VirusShare info last updated 2012-07-25 05:49:18

	MD5	5a4a22a7f42243ea575868793f93862d
	SHA1	d04ec47ca8ebca2a6d5848e67f975a56754830e0
	SHA256	a9bfdf16b924f648703a2c69525324004dd7f10a3009b31c0cae5d4ac7b49e40
SSDeep	3072:o1c0RmvCLrYy/mewOlTMqqDLy/mJMmJNEUKyJ7n:SkCIyuewTqqDLumJDEw
Size	122880 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:Pirminay-BU Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Malware/Win32.Generic Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.4 VirusBuster = Trojan.Kryptik!1vW2495jMXM eTrust-Vet = Win32/Monder.A!generic TrendMicro-HouseCall = TROJ_GEN.R72C2GA Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Artemis!5A4A22A7F422 DrWeb = Trojan.MulDrop2.36782 TrendMicro = TROJ_GEN.R72C2GA Microsoft = Trojan:Win32/Vundo McAfee = Artemis!5A4A22A7F422 F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:Pirminay-BU AVG = Generic23.JGY Norman = W32/Suspicious_Gen2.NKSYD GData = Gen:Variant.Vundo.4 TheHacker = Trojan/Kryptik.oxq BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.OXQ
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:06:27 07:12:21-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 53248 Initialized Data Size : 114688 Uninitialized Data Size : 0 Entry Point : 0x989e OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.4.0.32 Product Version Number : 2.4.0.32 File Flags Mask : 0x003f File Flags : Private build File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Unicode Company Name : LSI Logic Kfycosyqcuu File Description : MEGASAS RAID Controller Driver for Mouwuaa Vista/Longhorn for x86 File Version : 2.4.0.32 (NT.060824-1234) Internal Name : megasas.sys Legal Copyright : Copyright © LSI Logic Irdymvhxwmq Original Filename : megasas.sys Product Name : MEGASAS Storport Driver for Ggtwnuj Vista/Longhorn for x86 Product Version : 2.4.0.32
VirusTotal Report submitted 2011-07-20 07:50:00
VirusShare info last updated 2012-07-25 05:49:42

	MD5	5b0a236f573b55c9c5b891cd78ce0c1b
	SHA1	f7838020ea350d73957687cfa2e58a69b0679f39
	SHA256	122a5007001e3c596d87c1b072d2fc7b76c2a0739cf0cd9c0f6a803961e6288a
SSDeep	3072:xzWVYwVp4toWl9IS5DgBe+ZTWAoJCCoAp+e+z4mRBDjydG:xzMVOtoJB1ZUCtz4mRBny
Size	133120 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-GD [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.FakeAV Panda = Suspicious file Rising = Trojan.Win32.Generic.128D8D97 nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!017T5nD0dF4 TrendMicro-HouseCall = TROJ_GEN.R1BC2FN Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Vundo!ke TrendMicro = TROJ_GEN.R1BC2FN Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV PCTools = Trojan.Gen Jiangmin = Trojan/Generic.ipsf McAfee = Vundo!ke F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:MalOb-GD [Cryp] eSafe = Win32.Trojan F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.AUNW Sophos = Mal/Generic-L GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen.2 Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Gen:Variant.Vundo.4 NOD32 = probably a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:09 21:06:46-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 73728 Initialized Data Size : 98304 Uninitialized Data Size : 0 Entry Point : 0xfd9a OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 4.6.3.518 Product Version Number : 4.6.3.518 File Flags Mask : 0x30003f File Flags : (none) File OS : Windows 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Windows, Latin1 Company Name : Microsoft Corporation File Description : Microsoft DirectDraw File Version : 4.06.03.0518 Internal Name : ddraw.dll Legal Copyright : Copyright © Microsoft Corp. 1994-1999 Original Filename : ddraw.dll Product Name : Microsoft® DirectX for Windows® 95 and 98 Product Version : 4.06.03.0518
VirusTotal Report submitted 2011-09-01 05:02:59
VirusShare info last updated 2012-07-25 05:50:33

	MD5	5b2eae8a1dc4192ec096764f2bbb25e9
	SHA1	9b37f4d622c6d1c5e34f1f5560214db95432198d
	SHA256	3661a6e4569c1c91361551b909ab2143453d478be0522c9c2c43fddf3e4d6656
SSDeep	6144:LJQg59jTqYsJqVFRI+8Isst3dZp5eeIBSqGy19BsZcQ9b3u7RQvQpih:tQkB+YsJlst3dn/Iso9Mceu96eW
Size	385831 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dldr.Ponmocup.A.318 Avast = Win32:Kryptik-CIF [Trj] Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Gen.Variant.Zbot AhnLab-V3 = Win-Trojan/Pirminay.385831 Panda = Trj/CI.A Rising = Trojan.Win32.Generic.128A6EA6 nProtect = Trojan/W32.Pirminay.385831 K7AntiVirus = Riskware VirusBuster = Trojan.Agent!peFAdjz6nkQ VBA32 = Trojan.Pirminay.hmg TrendMicro-HouseCall = TROJ_GEN.R21C2FE Emsisoft = Gen.Variant.Zbot!IK Comodo = TrojWare.Win32.Trojan.Agent.Gen CAT-QuickHeal = Trojan.Pirminay.hmg McAfee-GW-Edition = Downloader.a!cj DrWeb = Trojan.DownLoader4.15477 TrendMicro = TROJ_GEN.R21C2FE Kaspersky = Trojan.Win32.Pirminay.hmg Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Kryptik.ANL!tr PCTools = Downloader.Generic Jiangmin = Trojan/Pirminay.agt McAfee = Downloader.a!cj F-Secure = Trojan.Generic.5904442 VIPRE = Trojan.Win32.Generic!BT eSafe = Win32.TRDldr.Ponmocu AVG = Generic22.AMNK Norman = W32/Obfuscated.L Sophos = Mal/Generic-L GData = Trojan.Generic.5904442 Symantec = Downloader TheHacker = Trojan/Pirminay.hmg BitDefender = Trojan.Generic.5904442 NOD32 = a variant of Win32/Kryptik.LVH
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:01:23 15:47:33-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 32768 Initialized Data Size : 679936 Uninitialized Data Size : 0 Entry Point : 0x4f22 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 6 Language Code : English (U.S.) Character Set : Unicode Company Name : Mmjzpowhb Viomnvsehrh File Description : MS Remote Access serial network driver File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : ASYNCMAC.SYS Legal Copyright : © Bettpbjaz Jgnujxtphay. All rights reserved. Original Filename : ASYNCMAC.SYS Product Name : Llopjrzri® Faajyhl® Voxzsotqw Cdldyh Product Version : 6.1.7600.16385
VirusTotal Report submitted 2011-10-07 17:49:20
VirusShare info last updated 2012-07-25 05:50:44

	MD5	5b4ec50a3e556ff0e049f6b17f81a11f
	SHA1	09391688409d4ae29189a363d90a4f583fcdf586
	SHA256	f2e36ad2daf20a39846949fca504302454e21404db0859f8db9df80e9bb760bd
SSDeep	3072:bOxEUonqdgDpyH8hdYKsJFHp1TJdw+NB4bFXtu:1qdbgdMT94bF
Size	106496 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-HH [Cryp] Ikarus = Trojan.Win32.Pirminay Panda = Suspicious file nProtect = Trojan/W32.Agent.106496.ALQ K7AntiVirus = Riskware VBA32 = AdWare.SuperJuan.heur eTrust-Vet = Win32/Monder.A!generic TrendMicro-HouseCall = TROJ_GEN.R4FC2IL Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Vundo.Gen McAfee-GW-Edition = Artemis!5B4EC50A3E55 DrWeb = Trojan.Virtumod.10437 TrendMicro = TROJ_GEN.R4FC2IL Kaspersky = Trojan.Win32.Monder.myxt Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Pakes.ntp McAfee = Artemis!5B4EC50A3E55 F-Secure = Application.Generic.381952 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Application.Generic.381952 Symantec = Trojan.Gen.2 Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Application.Generic.381952 NOD32 = a variant of Win32/Adware.Virtumonde.NKN
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:03:30 20:45:38-05:00 PE Type : PE32 Linker Version : 4.20 Code Size : 86016 Initialized Data Size : 49152 Uninitialized Data Size : 0 Entry Point : 0x14ff4 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.0 Product Version Number : 5.2.3790.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Default Screen Saver File Version : 5.2.3790.0 (srv03_rtm.030324-2048) Internal Name : scrnsave Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : scrnsave Product Name : Microsoft® Windows® Operating System Product Version : 5.2.3790.0
VirusTotal Report submitted 2011-10-29 18:58:53
VirusShare info last updated 2012-07-25 05:50:54

	MD5	5baf59af05ff27579f589eedcccecda1
	SHA1	076f629833a31c5dc366300a51c01688869209df
	SHA256	4f9f332134dbbe8ef881ceca65204300e70cc654e10d284a1cb6637212525a63
SSDeep	3072:qR8A8Me7T/nQNEKjSVORTN1hCXn1wMwHyaXnTcRJGeIwRgufxt7IPRZZ8Kl:qRmMe7ENcVfwMwpeTHfIe
Size	150016 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:MalOb-GD Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Malware/Win32.Generic Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.13 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!7RQpiu+mIjs TrendMicro-HouseCall = TROJ_GEN.R72C2FN Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Agent.Gen SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Vundo!iz TrendMicro = TROJ_GEN.R72C2FN Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo Jiangmin = Trojan/Generic.gdwr McAfee = Vundo!iz F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-GD AVG = Generic22.BENF Norman = W32/Suspicious_Gen2.MYJSD GData = Gen:Variant.Vundo.13 TheHacker = Trojan/Kryptik.ndf BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.NDF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2007:02:25 23:57:15-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 139264 Initialized Data Size : 53248 Uninitialized Data Size : 0 Entry Point : 0x22691 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Sqdxuwjyv Jtzvdxwxyfz File Description : RD Gateway QEC File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : tsgqec.dll Legal Copyright : © Pfsomcmvl Jfkoqfylawb. All rights reserved. Original Filename : tsgqec.dll Product Name : Qidllkosj® Windows® Mphwnomth Jumiqu Product Version : 6.1.7600.16385
VirusTotal Report submitted 2011-06-26 04:06:38
VirusShare info last updated 2012-07-25 05:51:22

	MD5	5c2b830201eba73e15b23b1cc9dba582
	SHA1	a7c64f592f3b818b3a01a71fc3c4bb6f033740ae
	SHA256	5ac8fec3bc6c09bc13f8d34dc73902c6d1e6d30affa5e489456934496fd8070a
SSDeep	3072:j8cRVy/eH9peV3R1I6KrrWejWxyirhffl7cIACjg0YcYmbRIryLcfBq8DOOW:J/HYzj+WK2Z9caYJmbRrGBqQW
Size	102912 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.307200 Avast = Win32:MalOb-EI Antiy-AVL = Trojan/win32.agent.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Gen Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.13 K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_GEN.R30C2FO SUPERAntiSpyware = Trojan.Agent/Gen-Faldesc[RE] McAfee-GW-Edition = Artemis!5C2B830201EB TrendMicro = TROJ_GEN.R30C2FO Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV ViRobot = Trojan.Win32.Vundo.102912 Jiangmin = Trojan/Generic.gddy McAfee = Artemis!5C2B830201EB F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-EI F-Prot = W32/Virtumonde.CD.gen!Eldorado AVG = Generic22.BFHJ Symantec = Trojan.Gen GData = Gen:Variant.Vundo.13 Commtouch = W32/Virtumonde.CD.gen!Eldorado TheHacker = Trojan/Kryptik.lxf BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:08:15 19:44:32-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 53248 Initialized Data Size : 90112 Uninitialized Data Size : 0 Entry Point : 0xa8a5 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6001.18000 Product Version Number : 6.0.6001.18000 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Crspatyrt Iiavhzuekfy File Description : Inttonhuv EAPHost Peer Client DLL File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840) Internal Name : eappprxy.dll Legal Copyright : © Tmzeezucf Orpcjqwwmcj. All rights reserved. Original Filename : eappprxy.dll Product Name : Egasnptin® Klrcaac® Cbpvxbcoj Nvuogg Product Version : 6.0.6001.18000
VirusTotal Report submitted 2011-06-25 11:08:17
VirusShare info last updated 2012-07-25 05:51:49

	MD5	5c4fd5e9e47447273d008e95829e6ecf
	SHA1	4c972b2592fd11b884573d29027684bc22a95284
	SHA256	945adc498e9037a82ae9859736a59c8db412c3708d45de37ad0e5d2508ec6e29
SSDeep	384:FQt+XqyyPN1kDu8zkxe92FnvEXbPZWhb4JDNBe+f0haVvb6:FvQNKWx62NWrZWd0DvkAb6
Size	28880 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	Avast = Win32:Malware-gen Ikarus = not-a-virus:AdWare.Win32.SuperJuan AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/CI.A nProtect = Trojan/W32.Small.28880.B Comodo = UnclassifiedMalware McAfee-GW-Edition = Generic Downloader.x!fzl DrWeb = Trojan.WinSpy.1014 Kaspersky = Trojan.Win32.Pirminay.hka Fortinet = W32/Pirminay.HKA!tr Jiangmin = TrojanDownloader.Agent.ctuc McAfee = Generic Downloader.x!fzl F-Secure = Trojan.Generic.6158184 Avast5 = Win32:Malware-gen eSafe = Win32.Trojan AVG = Downloader.Small.62.D Sophos = Sus/Behav-278 GData = Trojan.Generic.6158184 BitDefender = Trojan.Generic.6158184 NOD32 = a variant of Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 4096 Initialized Data Size : 2048 Uninitialized Data Size : 0 Entry Point : 0x1dff OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2011-06-29 15:24:06
VirusShare info last updated 2012-07-25 05:51:57

	MD5	5d133cbaad27a874a54ac15c0829d6d7
	SHA1	1dbff3a8574d126923e041c1d3a13741657e7881
	SHA256	78facb4f4a406a9b0ca71f78ea65fa4879488b262be0cfc593c210fc82c75c78
SSDeep	1536:U4QwSC/UXuY28bQJjml9I3k3lQ36QDkUf5:U9wx8b20QJj83lQ39kS
Size	49664 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:MalOb-GH [Cryp] Ikarus = Trojan.Win32.Pirminay Panda = Suspicious file K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!/CQpiNbx3FY eTrust-Vet = Win32/Vundo.A!generic TrendMicro-HouseCall = TROJ_GEN.R72C2FL Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Artemis!5D133CBAAD27 TrendMicro = TROJ_GEN.R72C2FL Microsoft = Trojan:Win32/Vundo.gen!AV ViRobot = Trojan.Win32.Vundo.49664 McAfee = Artemis!5D133CBAAD27 F-Secure = Trojan.Generic.KDV.280750 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-GH [Cryp] AVG = Generic22.CDVJ Norman = W32/Suspicious_Gen2.NHYGI GData = Trojan.Generic.KDV.280750 TheHacker = Trojan/Kryptik.ocu BitDefender = Trojan.Generic.KDV.280750 NOD32 = a variant of Win32/Kryptik.OCU
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2004:08:16 10:16:46-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 40960 Initialized Data Size : 49152 Uninitialized Data Size : 0 Entry Point : 0xaeb1 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2001.12.4414.258 Product Version Number : 3.0.0.4414 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Windows, Latin1 Company Name : Yzwibhlqj Ewifvhxbtkz File Description : Simple Kernel-mode File-based Log File Version : 2001.12.4414.258 Internal Name : txflog.sys Legal Copyright : Copyright (C) Microsoft Corp. 1995-1999 Legal Trademarks : Qfvwqsgxa(R) is a registered trademark of Ighyzngxg Psbzwdzhbpn. Pbnyczd(TM) is a trademark of Zlpagiibr Klpywuagrfb Product Name : COM Services Product Version : 03.00.00.4414
VirusTotal Report submitted 2011-07-08 09:39:53
VirusShare info last updated 2012-07-25 05:52:46

	MD5	5d40805237c83c85ea0b5e09fc46504f
	SHA1	874506de1a543c05f40d93b17053b301319a9d3b
	SHA256	ba69a269949d25f70cdc45fbd90fccc06a76417e5cb950e0386374cb84119f95
SSDeep	3072:OsrToelg7lodn2dU5u1CfuyGy+vSrKUgwXgL:OPesnDUVY9UgwQ
Size	123392 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.13.1 Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Gen Panda = Generic Trojan VirusBuster = Trojan.Kryptik!dfpc4yVJBmU TrendMicro-HouseCall = TROJ_GEN.R47C1DE Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Vundo McAfee-GW-Edition = Generic.dx!xpz TrendMicro = TROJ_GEN.R47C1DE Microsoft = Trojan:Win32/Vundo Fortinet = W32/Dx.XPZ!tr PCTools = Trojan.Gen McAfee = Generic.dx!xpz VIPRE = Trojan.Win32.Generic!BT Prevx = Medium Risk Malware Avast5 = Win32:Malware-gen AVG = Generic21.AWRO Symantec = Trojan.Gen.2 GData = Gen:Variant.Vundo.13 TheHacker = Trojan/Kryptik.lxf BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:22 18:40:47-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 45056 Initialized Data Size : 118784 Uninitialized Data Size : 0 Entry Point : 0x8cca OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.0.2134.1 Product Version Number : 5.0.2134.1 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Lbszaewoq Yxzthbcsxaw File Description : Fax Service COM Client Interface File Version : 5.00.2134.1 Internal Name : faxcom.dll Legal Copyright : Copyright (C) Uezqdytkv Corp. 1981-1999 Original Filename : faxcom.dll Product Name : Vosamrrfv(R) Wrlkgmt (R) 2000 Fpsrxssub Lyqihv Product Version : 5.00.2134.1
VirusTotal Report submitted 2011-04-27 11:57:33
VirusShare info last updated 2012-07-25 05:52:56

	MD5	5e81ba4441ff59d2cdc77e87388eb3a3
	SHA1	4adec94ac26c4586d44157a60059420bd868182a
	SHA256	c6c4125a37d1ed54a579c884a7ffe63bfba85f079109b30cca62533930e59f87
SSDeep	6144:xwjJyfZJGGIvGkExHpC6AlIidJ04wVwrYYbO8iTzP93PWTMoxm8xqQiiqy0nMJsT:6JeWL+7yI94wc++Jq9iNaWsyu9
Size	417280 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Pirminay.417280.O Panda = Generic Trojan nProtect = Trojan/W32.Agent.417280.BK VirusBuster = Trojan.Pirminay!RCYf6a7NCxE TrendMicro-HouseCall = TROJ_GEN.R29C2EN Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[RE] McAfee-GW-Edition = Artemis!5E81BA4441FF DrWeb = Trojan.DownLoader2.55877 TrendMicro = TROJ_GEN.R29C2EN Kaspersky = Trojan.Win32.Pirminay.gvj Microsoft = TrojanDownloader:Win32/Renos.KC Fortinet = W32/Pirminay.GVJ!tr McAfee = Artemis!5E81BA4441FF F-Secure = Trojan.Generic.KDV.219992 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Kryptik-CKR AVG = Generic22.AQYW Norman = W32/Suspicious_Gen2.LZLDK Sophos = Mal/Generic-L Symantec = WS.Reputation.1 GData = Trojan.Generic.KDV.219992 TheHacker = Trojan/Pirminay.gvj BitDefender = Trojan.Generic.KDV.219992 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:09:01 08:17:54-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 65536 Initialized Data Size : 696320 Uninitialized Data Size : 0 Entry Point : 0xd6b3 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Qrdpkibpw Mzojffyqxkp File Description : ISO-2022 Code Page Translation DLL File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : c_is2022 Legal Copyright : © Smwiqmqdl Rlsbdkcbsep. All rights reserved. Original Filename : c_is2022.dll Product Name : Unezbkrqn® Yvzluxy® Hxrmoyuvv Ywprnr Product Version : 6.1.7600.16385
VirusTotal Report submitted 2011-05-27 06:12:49
VirusShare info last updated 2012-07-25 05:54:16

	MD5	5f87f4d1937da8eaab136be45f375201
	SHA1	cf738c3f1a5f7db1e4003c844891e2ebcb973daa
	SHA256	0f580d7a26711f58088cd199a7c1a49ba4ff197d8f9a0e13dd35f3f04a1eedb9
SSDeep	12288:vcPoomZNgt62usrVcStGfpip2OpNQ7/lUapIW5X+:vant9uaVHGopc/lU7
Size	450976 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.XPACK.Gen3 Avast = Win32:Vundo-JU [Trj] Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/CI.A nProtect = Trojan/W32.Pirminay.450976 K7AntiVirus = Riskware VBA32 = Trojan.Pirminay.idq TrendMicro-HouseCall = TROJ_GEN.R47C2H5 Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Pirminay.idq McAfee-GW-Edition = Artemis!5F87F4D1937D DrWeb = Trojan.DownLoader1.64352 TrendMicro = TROJ_GEN.R47C2H5 Kaspersky = Trojan.Win32.Pirminay.idq Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Ponmocup.B PCTools = Trojan.ADH Jiangmin = Trojan/Pirminay.aib McAfee = Artemis!5F87F4D1937D F-Secure = Gen:Variant.Zbot.34 VIPRE = Trojan.Win32.Generic!BT F-Prot = W32/Ponmocup.A.gen!Eldorado AVG = Generic22.CDLS Norman = W32/Suspicious_Gen2.MSPHL Sophos = Troj/Virtum-Gen GData = Gen:Variant.Zbot.34 Symantec = Trojan.ADH Commtouch = W32/Ponmocup.A.gen!Eldorado TheHacker = Trojan/Pirminay.idq BitDefender = Gen:Variant.Zbot.34 NOD32 = a variant of Win32/Kryptik.LLT
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:01:21 20:07:26-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 430080 Initialized Data Size : 311296 Uninitialized Data Size : 0 Entry Point : 0x65bef OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Pdtabukaf Corporation File Description : Microsoft Neutral Natural Language Server Data and Code File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : NlsData004c Legal Copyright : © Pcmszxoqe Corporation. All rights reserved. Original Filename : NlsData004c.dll Product Name : Bfojquonn® Chhuxzw® Zciaelija Rlhfzt Product Version : 6.1.7600.16385
VirusTotal Report submitted 2011-10-21 09:43:48
VirusShare info last updated 2012-07-25 05:55:19

	MD5	60cd83257a78f9f6535e23f9152f9fbe
	SHA1	7eb284fac72e7bf9bda790edc2fb5d5d1d222b26
	SHA256	c554d06c9e2420765a1d69d23147515e4abea6250ae4b288907bf6c50c7b4e02
SSDeep	3072:RMeDc8xyK2U/vkZvC5wjcQfv7L/goaAG0SzKiHi9MQEP/u8Ku:2eDc8xAouK+gQH7L/gbwSHHlQEPW8Ku
Size	151040 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/VB.Downloader.Gen Avast = Win32:Hosts-J Antiy-AVL = Trojan/Win32.Swisyn.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Swisyn Panda = Trj/Qhost.LU Rising = Trojan.Win32.QHost.awf nProtect = Trojan/W32.QHosts.151040 K7AntiVirus = Trojan VirusBuster = Trojan.Swisyn!whPY1JLc4mw VBA32 = SScope.Trojan.VB.0609 eTrust-Vet = Win32/Swisyn.R TrendMicro-HouseCall = TROJ_FAM_00001e3.TOMA Comodo = TrojWare.Win32.Swisyn.C CAT-QuickHeal = TrojanDownloader.Ponmocup.A3 McAfee-GW-Edition = Swisyn.s DrWeb = Trojan.Hosts.303 TrendMicro = TROJ_FAM_00001e3.TOMA Kaspersky = Trojan.Win32.Swisyn.jyb Microsoft = TrojanDownloader:Win32/Ponmocup.A ViRobot = Trojan.Win32.Swisyn.65024 Fortinet = W32/Swisyn.CQV!tr PCTools = Malware.Changeup Jiangmin = Trojan/Swisyn.cby McAfee = Swisyn.s F-Secure = Trojan.QHosts.AVD VIPRE = Trojan.Win32.Swisyn.jyb (v) Avast5 = Win32:Hosts-J F-Prot = W32/Swisyn.E.gen!Eldorado AVG = Dropper.VB.CMD Norman = W32/DLoader.ACMAD Sophos = Mal/Swisyn-D Symantec = W32.Changeup!gen GData = Trojan.QHosts.AVD Commtouch = W32/Swisyn.E.gen!Eldorado TheHacker = Trojan/Swisyn.jyb BitDefender = Trojan.QHosts.AVD NOD32 = Win32/Qhost.NRX
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:13 10:28:38-04:00 PE Type : PE32 Linker Version : 6.0 Code Size : 8192 Initialized Data Size : 8192 Uninitialized Data Size : 0 Entry Point : 0x1088 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2011-06-25 10:03:03
VirusShare info last updated 2012-07-25 05:56:44

	MD5	6101af81acbf4662cb379d338caf48d6
	SHA1	077c87757a42a52c9ee7f7f00f01f0bb75708f49
	SHA256	7a52118aaa3a457e758e544a8d304d93eb6db33b6079adeb692f39a5a5aaafe7
SSDeep	3072:MuIL9hxAU6bLxh4cSeE1mw+eH2Kxos9TCoAZfARjxos7YI:MJg58exeWKBBIoJxo
Size	131072 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-EI Ikarus = Trojan.Win32.Pirminay nProtect = Gen:Variant.Vundo.13 Emsisoft = Trojan.Win32.Pirminay!IK F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-EI GData = Gen:Variant.Vundo.13 BitDefender = Gen:Variant.Vundo.13 NOD32 = probably a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:09:29 14:44:39-04:00 PE Type : PE32 Linker Version : 5.12 Code Size : 69632 Initialized Data Size : 94208 Uninitialized Data Size : 0 Entry Point : 0xdefe OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.5512 Product Version Number : 5.1.2600.5512 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Bxufqhusc Lsyvnozowtk File Description : USB Miniport Driver for Input Devices File Version : 5.1.2600.5512 (xpsp.080413-2108) Internal Name : HIDUSB.SYS Legal Copyright : © Kkwhopsnl Rujmohcknfq. All rights reserved. Original Filename : HIDUSB.SYS Product Name : Fzvycrpqx® Lpjnpml® Lkuzhsgyu Aezppw Product Version : 5.1.2600.5512
VirusTotal Report submitted 2011-05-27 02:35:44
VirusShare info last updated 2012-07-25 05:57:01

	MD5	616560a8027fbafb35bc3520d9d68583
	SHA1	b37b97cab3325056416eb2a6a3e1ee7926e27c0d
	SHA256	1e35b8cdbba16b391b77e56832b20d7f5114a0791edb094dd9145f316e286c0a
SSDeep	3072:EBpZ9Wfcg6n9k0XKrlz6KnBHwdnMRwaDdSO:Erg6n9/XKZBQVonN
Size	114688 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-GD [Cryp] Antiy-AVL = Trojan/Win32.Agent2.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Agent2 Panda = Generic Trojan nProtect = Trojan/W32.Agent2.114688.Q eTrust-Vet = Win32/Monder.A!generic TrendMicro-HouseCall = TROJ_GEN.R21C2FN Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Agent2.dnvq SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] DrWeb = Trojan.Siggen2.28609 TrendMicro = TROJ_GEN.R21C2FN Kaspersky = Trojan.Win32.Agent2.dnvq Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Agent2.DNVQ!tr Jiangmin = Trojan/Agent.evtk F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-GD [Cryp] F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.ONM GData = Gen:Variant.Vundo.13 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.ndi BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.NDI
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:09:23 03:29:11-04:00 PE Type : PE32 Linker Version : 5.12 Code Size : 45056 Initialized Data Size : 102400 Uninitialized Data Size : 0 Entry Point : 0x8131 OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.0.2134.1 Product Version Number : 5.0.2134.1 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Drdqvcasxqo File Description : Control Panel Console Applet File Version : 5.00.2134.1 Internal Name : Console Legal Copyright : Copyright (C) Tpfkytyvm Corp. 1981-1999 Original Filename : CONSOLE.DLL Product Name : Vhnvgfrur(R) Pnqxxto (R) 2000 Wqrkstcaa Jqirqf Product Version : 5.00.2134.1
VirusTotal Report submitted 2011-07-22 21:09:01
VirusShare info last updated 2012-07-25 05:57:27

	MD5	61d3ae462720d862102b29f5eaa01a7f
	SHA1	ddc2e772868d543e1f65471d422b225acea3ead5
	SHA256	40ad1f351cdbe0763fd0857e61c7e93ff5d46c5832706735e922cda4873f9804
SSDeep	6144:SVtisu1+wTe+owFK2nAZrgnLsqT2A/te9YJcnqpd+2AqkysHBg82JWXC:SVtiB1+oFUrSIU2xzqz+2AqkDHIJUC
Size	336388 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Spy.ZBot.34.67 Avast = Win32:Zbot-NDZ [Trj] Ikarus = Trojan-Downloader.Win32.Ponmocup AhnLab-V3 = Win-Trojan/Pirminay.336388 Panda = Trj/CI.A nProtect = Trojan/W32.Pirminay.336388 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!Z53Lb6AfZ1M TrendMicro-HouseCall = TROJ_GEN.R21C2G6 Comodo = UnclassifiedMalware Emsisoft = Trojan-Downloader.Win32.Ponmocup!IK CAT-QuickHeal = Trojan.Pirminay.iig McAfee-GW-Edition = Heuristic.BehavesLike.Win32.Downloader.H TrendMicro = TROJ_GEN.R21C2G6 Kaspersky = Trojan.Win32.Pirminay.iig Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = PossibleThreat PCTools = Trojan.ADH Jiangmin = Trojan/Generic.jhnq McAfee = Artemis!61D3AE462720 F-Secure = Gen:Variant.Zbot.34 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Zbot-NDZ [Trj] AVG = Generic22.CDWM Norman = W32/Obfuscated.L Sophos = Mal/Generic-L GData = Gen:Variant.Zbot.34 Symantec = Trojan.ADH TheHacker = Trojan/Kryptik.lxf BitDefender = Gen:Variant.Zbot.34 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2007:02:03 21:49:44-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 327680 Initialized Data Size : 323584 Uninitialized Data Size : 0 Entry Point : 0x50320 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6001.18000 Product Version Number : 6.0.6001.18000 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Nalsdpqlw Dyvneekmzyn File Description : WDM Streaming Crossbar File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840) Internal Name : ksxbar.ax Legal Copyright : © Dcpdfeojw Mkhegegqkax. All rights reserved. Original Filename : ksxbar.ax Product Name : Niebhswqb® Yqzzeyu® Lvuovyooh Sefyyz Product Version : 6.0.6001.18000
VirusTotal Report submitted 2011-08-23 09:53:57
VirusShare info last updated 2012-07-25 05:57:56

	MD5	6256f9147120c1140ad8ffaf0029b641
	SHA1	3fcf7362469272d72ed7d255e22423c912820f6e
	SHA256	e3a61ae0944114b1c70e2cf1faa118c37943d29e199e608222e973486b83b338
SSDeep	6144:olepsDw9tqs+XvXfe8F6qTVvFLnAAdcTWjb81KEkXKhsYG1O0aB1MNb4I8Ig:8euDCtJ2e8oyLnZcT8b8EusU1H
Size	475664 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Meredrop.A.7092 Avast = Win32:Kryptik-CEG [Trj] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Pirminay.475664 Panda = Trj/CI.A nProtect = Trojan/W32.Pirminay.475664 K7AntiVirus = Riskware VirusBuster = Trojan.Agent!aubT9zzDcq0 Comodo = TrojWare.Win32.Trojan.Agent.Gen Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Generic.dx!zuj Kaspersky = Trojan.Win32.Pirminay.gps Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Pirminay.GPS!tr McAfee = Generic.dx!zuj F-Secure = Trojan.Generic.5860493 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Vundo-JU [Trj] AVG = Generic22.ACBE Norman = W32/Obfuscated.L Sophos = Mal/Generic-L GData = Trojan.Generic.5860493 BitDefender = Trojan.Generic.5860493 NOD32 = probably a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:09 04:36:18-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 32768 Initialized Data Size : 864256 Uninitialized Data Size : 0 Entry Point : 0x4e9f OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.2180 Product Version Number : 5.1.2600.2180 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Dhepkfnfz Eptkmpupdoi File Description : WMI SDK Provider Framework File Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Internal Name : framedyn.dll Legal Copyright : © Ulzjedydn Jjjzkdegktv. All rights reserved. Original Filename : framedyn.dll Product Name : Tliqeseeg® Windows® Jqsjahvtr Xffbkh Product Version : 5.1.2600.2180
VirusTotal Report submitted 2011-07-17 19:38:40
VirusShare info last updated 2012-07-25 05:58:32

	MD5	631d07a794aabca9a9279c1063b2e581
	SHA1	8ce0a41468c586a72328be80ff28d212553f9898
	SHA256	90d289d2e9f4757cae5b22664692bcbddf69f7a5fb1725cdbdf08bd8f3d35435
SSDeep	1536:2IRidtz+c7DRPRvp79k5wHwsFZ776ONBJjIm3jQ27E+pj5CHo:RRidtzzfh379ZF5LNP427PpgI
Size	90624 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/VB.Downloader.Gen Avast = Win32:Hosts-J Antiy-AVL = Trojan/Win32.Swisyn.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Swisyn Panda = Trj/Qhost.LU Rising = Trojan.Win32.QHost.awf nProtect = Trojan/W32.Swisyn.90624.C K7AntiVirus = Trojan VirusBuster = Trojan.Swisyn!whPY1JLc4mw VBA32 = SScope.Trojan.VB.0609 eTrust-Vet = Win32/Swisyn.R TrendMicro-HouseCall = TROJ_FAM_00001e3.TOMA Comodo = TrojWare.Win32.Swisyn.C CAT-QuickHeal = TrojanDownloader.Ponmocup.A3 SUPERAntiSpyware = Trojan.Agent/Gen-HackHost McAfee-GW-Edition = Heuristic.BehavesLike.Win32.Downloader.D DrWeb = Trojan.Hosts.303 TrendMicro = TROJ_FAM_00001e3.TOMA Kaspersky = Trojan.Win32.Swisyn.jyb Microsoft = TrojanDownloader:Win32/Ponmocup.A ViRobot = Trojan.Win32.Swisyn.65024 Fortinet = W32/Swisyn.CQV!tr PCTools = Malware.Changeup Jiangmin = Trojan/Swisyn.cby McAfee = Swisyn.s F-Secure = Trojan.QHosts.AVD VIPRE = Trojan.Win32.Swisyn.jyb (v) Avast5 = Win32:Hosts-J eSafe = Win32.TRVB.Downloade F-Prot = W32/Swisyn.E.gen!Eldorado AVG = Dropper.VB.CMD Norman = W32/DLoader.ACMAD Sophos = Mal/Swisyn-D Symantec = W32.Changeup!gen GData = Trojan.QHosts.AVD Commtouch = W32/Swisyn.E.gen!Eldorado TheHacker = Trojan/Swisyn.jyb BitDefender = Trojan.QHosts.AVD NOD32 = Win32/Qhost.NRX
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:13 10:28:38-04:00 PE Type : PE32 Linker Version : 6.0 Code Size : 8192 Initialized Data Size : 8192 Uninitialized Data Size : 0 Entry Point : 0x1088 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2011-06-22 06:21:46
VirusShare info last updated 2012-07-25 05:59:31

	MD5	6373c5ce6b23e9b40c8f5c35620160f3
	SHA1	51fc3d32046dfb1b57a916503b6f80e1c688fb11
	SHA256	0a61f36de086ca2f117ede62133917d5889d7c4b0642ee234bcdbe621b934c27
SSDeep	6144:/s2W1fP41l3uWBpaMU/sEOSdFoWby3/XwpbCSRk/SIpybzcdMxiElUY:/nAP4b3hBpahoKFotIpbli61i+
Size	377743 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Pirminay.377743 Panda = Trj/CI.A nProtect = Trojan/W32.Pirminay.377743 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!iIj013cNUsw TrendMicro-HouseCall = TROJ_GEN.R72C2EC Emsisoft = Trojan.Win32.Pirminay!IK Comodo = TrojWare.Win32.Trojan.Agent.Gen CAT-QuickHeal = Trojan.Pirminay.gyo McAfee-GW-Edition = Heuristic.BehavesLike.Win32.Downloader.H TrendMicro = TROJ_GEN.R72C2EC Kaspersky = Trojan.Win32.Pirminay.gyo Microsoft = TrojanDownloader:Win32/Ponmocup.A PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.xc McAfee = Generic Downloader.x!fyh F-Secure = Trojan.Generic.6074040 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Vundo-JU [Trj] F-Prot = W32/Ponmocup.A.gen!Eldorado AVG = Generic22.AMJP Norman = W32/Suspicious_Gen2.MAYEK Sophos = Mal/Ponmocup-A Symantec = Trojan.Gen GData = Trojan.Generic.6074040 Commtouch = W32/Ponmocup.A.gen!Eldorado TheHacker = Trojan/Pirminay.gnd BitDefender = Trojan.Generic.6074040 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:05:21 21:17:45-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 65536 Initialized Data Size : 618496 Uninitialized Data Size : 0 Entry Point : 0xd1d3 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Unicode Company Name : Eryduwifz Hmurngryhfm File Description : Bluetooth Communications Driver File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : bthmodem.sys Legal Copyright : © Fcazatwtn Ubkoniyrbok. All rights reserved. Original Filename : bthmodem.sys Product Name : Pakwqcvwx® Cqtaohn® Vbjzmuigl Wnwjrm Product Version : 6.1.7600.16385
VirusTotal Report submitted 2011-08-16 15:41:36
VirusShare info last updated 2012-07-25 05:59:58

	MD5	6415055c445df1dc5ee5e2be2af10d91
	SHA1	eac963459807fc5685de0abfa003e6f1310a8037
	SHA256	50eca88351b6829dccc86164d66f86e4f5589fdcddb5a09c0212e11f845591c2
SSDeep	12288:eJDglg4bc3z92hnRXZI62sIqlqr6cZM9:6D+tI3z92hRpItsIfr3o
Size	470528 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	Ikarus = Trojan.Win32.Pirminay Emsisoft = Trojan.Win32.Pirminay!IK NOD32 = a variant of Win32/Injector.FXK
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:03:31 18:36:00-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 73728 Initialized Data Size : 770048 Uninitialized Data Size : 0 Entry Point : 0xf5fb OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.0.0.3422 Product Version Number : 2.0.0.3422 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : Greek Character Set : Unicode Comments : Company Name : Iflovlgok Yiwqkhnfvqi File Description : Qjfbgnwae Agent International Dll File Version : 2.00.0.3422 Internal Name : agt0408 Legal Copyright : Copyright (C) Pclkrwqjt Corp. 1998 Legal Trademarks : Original Filename : agt0408.dll Private Build : Product Name : Microsoft Agent International Dll Product Version : 2.00.0.3422 Special Build :
VirusTotal Report submitted 2011-05-30 21:32:44
VirusShare info last updated 2012-07-25 06:00:46

	MD5	643aa00adbbd4a84b6646d3828b1fe69
	SHA1	d3cbfa86756ecb7d9448251781b1dd8c3de510cc
	SHA256	531a8f33ac3b7bdd68944d2b5d24189fc491d9394528224cade85c6d419db7d4
SSDeep	6144:b/VJmfC0G9r69IUjJIBb59VOI27P+kgGws62uZukRX4iMyVPzXfVvE5YEdJWqx:b/VJmfC0GkpJIt59VOI2j+/GXduu6X4f
Size	365028 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:Pirminay-W [Trj] Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Pirminay.365028.B Panda = Trj/CI.A nProtect = Trojan/W32.Pirminay.365028 K7AntiVirus = Riskware VirusBuster = Trojan.Agent!wWzOKfPZuS4 TrendMicro-HouseCall = TROJ_GEN.R21C2F3 Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Generic Downloader.x!fys TrendMicro = TROJ_GEN.R21C2F3 Kaspersky = Trojan.Win32.Pirminay.gvw Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Pirminay.A!tr PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.xg McAfee = Generic Downloader.x!fys ClamAV = Trojan.Pirminay-1 F-Secure = Trojan.Generic.5867365 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Pirminay-W [Trj] AVG = Generic22.AFGV Norman = W32/Suspicious_Gen2.MSUEL Sophos = Mal/Ponmocup-A Symantec = Trojan.Gen GData = Trojan.Generic.5867365 TheHacker = Trojan/Pirminay.giu BitDefender = Trojan.Generic.5867365 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:18 11:12:37-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 57344 Initialized Data Size : 593920 Uninitialized Data Size : 0 Entry Point : 0xae8f OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 9.1.1.3841 Product Version Number : 9.1.1.3841 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Ijlmnyuen Caxlrympeju File Description : Kbhqrel Media Services HTTP Control Protocol Plugin Property Page File Version : 9.01.01.3841 (srv03_sp2_rtm.070216-1710) Internal Name : WMSHTTPControlPropPage.Dll Legal Copyright : © Ylqzeicer Peheyysfnid. All rights reserved. Original Filename : WMSHTTPControlPropPage.Dll Product Name : Qehnslxou® Ctogeij Media Services Product Version : 9.01.01.3841
VirusTotal Report submitted 2011-07-17 20:19:43
VirusShare info last updated 2012-07-25 06:00:56

	MD5	651fe889267693bad30c7ca7e1ba2a18
	SHA1	1ddef7fb6de695163650cf2932a1d293b2f743e9
	SHA256	dc7f56b0885ce4dc9c4a1cccf17ea01caf3d5ef817d614302e21fb267082210c
SSDeep	1536:UgJUK5naoQEwmmbeyVA3plMt0/AvuGmLsypf:UgJvao4reyV0plMyY8YyR
Size	53760 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Gen Panda = Trj/CI.A K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!QA6ocmuQovQ VBA32 = AdWare.SuperJuan.heur eTrust-Vet = Win32/Monder.A!generic TrendMicro-HouseCall = TROJ_GEN.R72C2FG Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Vundo!ke DrWeb = Trojan.Virtumod.10142 TrendMicro = TROJ_GEN.R72C2FG Kaspersky = UDS:DangerousObject.Multi.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen McAfee = Vundo!ke F-Secure = Trojan.Generic.6128849 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-EI [Cryp] eSafe = Win32.TRVundo AVG = Generic22.CHCC Norman = W32/Suspicious_Gen2.NISPN GData = Trojan.Generic.6128849 Symantec = Trojan.Gen.2 TheHacker = Trojan/Kryptik.lfr BitDefender = Trojan.Generic.6128849 NOD32 = a variant of Win32/Kryptik.LFR
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:31 06:08:21-05:00 PE Type : PE32 Linker Version : 4.20 Code Size : 12288 Initialized Data Size : 81920 Uninitialized Data Size : 0 Entry Point : 0x35c4 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1.1.1.0 Product Version Number : 1.1.1.0 File Flags Mask : 0x003f File Flags : Private build, Special build File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : NikeDrv.sys Company Name : S3/Diamond Multimedia Systems File Description : NikeDrv Usb Driver File Version : 1.00.0001.0 Internal Name : NikeDrv.sys Legal Copyright : Coyright (C) S3/Diamond Multimedia Systems 2000 Legal Trademarks : S3/Diamond Multimsdia Systems Original Filename : NikeDrv.sys Private Build : 0 Product Name : NikeDrv Product Version : 1.00.0001.0 Special Build : 0
VirusTotal Report submitted 2011-09-20 12:50:23
VirusShare info last updated 2012-07-25 06:01:56

	MD5	66131d89b7e547300721e7abf4f408c7
	SHA1	7746bbf6d1b206dca1a8f7cdd40a55e0f3ad4e83
	SHA256	814b377dbe1894a51a2ca90826239d69f801d2b69abca7f3b3d72e00d634fa0f
SSDeep	1536:+fLoU6BSf8/D4wzQGZ3XSfbpz1g98YlpZtal7QYBsPBEYbogNa:+0b88/MtI3XSfb3MdkPmfbogNa
Size	102400 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-GD [Cryp] Antiy-AVL = Trojan/Win32.Monder.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Trj/Sinowal.WXO nProtect = Trojan/W32.Monder.102400.AO VirusBuster = Trojan.Kryptik!0JPa+yeOvdw VBA32 = Trojan.Monder.drjy TrendMicro-HouseCall = TROJ_GEN.R1BC1H6 Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Faldesc[RE] McAfee-GW-Edition = Vundo!ke DrWeb = Trojan.Smardec.81 TrendMicro = TROJ_GEN.R1BC1H6 Kaspersky = Trojan.Win32.Monder.drjy Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Monder.BMF!tr PCTools = Trojan.Gen Jiangmin = Trojan/Monder.aamr McAfee = Vundo!ke ClamAV = Trojan.Vundo-34764 F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) AVG = Generic22.CCLS Norman = W32/Suspicious_Gen2.NLCTW Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.13 Symantec = Trojan.Gen TheHacker = Trojan/Kryptik.ndc BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.NDC
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:31 08:33:56-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 36864 Initialized Data Size : 98304 Uninitialized Data Size : 0 Entry Point : 0x69ba OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 4.0.2.5322 Product Version Number : 4.0.2.5322 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Woemdqhqe Fmofvoszgiq File Description : Kzfqkkzsg FrontPage Server Extensions File Version : 4.0.2.5322 Original Filename : RPCTEST.DLL Legal Copyright : Copyright © 1995-1999 Rcvycbopu Gnlqirukhop, All rights reserved. Legal Trademark 1 : Hrfmdfkkk®, Kjcfasn®, and FrontPage® are registered trademarks of Xsrqrzwdw Pkfczysbhke, and WebBot is a trademark of Mrxuzjvif Xmhhvkvybse, in the United States and/or other countries. Product Name : Mdfdcdymy® FrontPage® 2000 Product Version : 4.0.2.5322
VirusTotal Report submitted 2011-10-19 07:33:19
VirusShare info last updated 2012-07-25 06:03:03

	MD5	676fae30544e680f959a7665d8773afa
	SHA1	04c2e106ce2603ac954c5cf1ae812a5c4d952e2d
	SHA256	d10af10bb1fef55e91b3f7bbb70192f309173af1c36246a3324bae78d4b582e9
SSDeep	3072:ZDTeGF7Ms6wUDrhou9pFaN9tEowIzS8zlXZU54JZI6mM2U6k2X94hW2otKUgwXYN:8iMs6Bhouj/o1OA5ZUa8MX29vOUgwI
Size	179200 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.A.185 Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Gen Panda = Spyware/Virtumonde Rising = Trojan.Win32.Generic.125E6DF2 nProtect = Trojan/W32.Vundo.179200 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!6ysNIAQtb0U TrendMicro-HouseCall = TROJ_GEN.R72C2H3 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Vundo!kl DrWeb = Trojan.Click1.34896 TrendMicro = TROJ_GEN.R72C2H3 Kaspersky = UDS:DangerousObject.Multi.Generic Microsoft = Trojan:Win32/Vundo.gen!AV PCTools = Trojan.Gen Jiangmin = Trojan/Genome.ivt McAfee = Vundo!kl F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-EI [Cryp] F-Prot = W32/Virtumonde.BZ.gen!Eldorado AVG = Generic23.BSG Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.13 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.BZ.gen!Eldorado TheHacker = Trojan/Kryptik.hny BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.HNY
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:23 16:20:10-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 105472 Initialized Data Size : 110080 Uninitialized Data Size : 0 Entry Point : 0x1a98d OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.3959 Product Version Number : 5.2.3790.3959 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Microsoft Fax Server COM Client Interface File Version : 5.2.3790.3959 (srv03_sp2_rtm.070216-1710) Internal Name : FXSCOM.DLL Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : FXSCOM.DLL Product Name : Microsoft® Windows® Operating System Product Version : 5.2.3790.3959
VirusTotal Report submitted 2011-08-23 17:40:21
VirusShare info last updated 2012-07-25 06:04:37

	MD5	679dd76cef9158fe92e7b17628a57f03
	SHA1	948d81ee35ac7e323fc78d3e7fac15bcbe7a2e92
	SHA256	8674f95c49d3d93ed5dde0b79d4b041e437eb4501ea39552e56448b5ff2f81bf
SSDeep	96:89KwyWrJOKL89BR+MKcoSA4psex/gcZU41VAfNIg2ODMko3I299eXXsep2PxTLec:/Wr85YcoStHJb1Vkf2OD76reXXspGc
Size	8936 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Pirminay.le Avast = Win32:Trojan-gen Ikarus = not-a-virus:AdWare.Win32.SuperJuan AhnLab-V3 = Trojan/Win32.Pirminay Panda = Generic Trojan VirusBuster = Trojan.Pirminay!VH4E0dm/Tsg VBA32 = Trojan.Pirminay.le TrendMicro-HouseCall = TROJ_GEN.R47C3G5 Comodo = UnclassifiedMalware Emsisoft = Riskware.AdWare.Win32.SuperJuan!IK McAfee-GW-Edition = Downloader.a!f DrWeb = Trojan.WinSpy.1014 TrendMicro = TROJ_GEN.R47C3G5 Kaspersky = Trojan.Win32.Pirminay.le Fortinet = W32/Pirminay.LE!tr PCTools = Trojan.Gen Jiangmin = TrojanDownloader.Agent.ctuc McAfee = Downloader.a!f F-Secure = Trojan.Generic.KDV.267708 VIPRE = Trojan-Downloader.Win32.Agent.ecjo (v) Avast5 = Win32:Trojan-gen eSafe = Win32.TRATRAPS AVG = Downloader.Small.62.D Norman = W32/Suspicious_Gen2.MZRJK Sophos = Sus/Behav-278 Symantec = Trojan.Gen GData = Trojan.Generic.KDV.267708 BitDefender = Trojan.Generic.KDV.267708 NOD32 = a variant of Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 3072 Initialized Data Size : 2048 Uninitialized Data Size : 0 Entry Point : 0x19cf OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2011-07-11 01:33:02
VirusShare info last updated 2012-07-25 06:04:49

	MD5	67c5a32aa0e6c7badcd58bbef1b23842
	SHA1	9d4b03addb76759208312247e4decfe0fee515f6
	SHA256	65c852f8327efa80bdbfef6e06454bb5772729f62d7cd1ad9352d3ea06c5c34c
SSDeep	1536:opik5iAKoRhg/o/YHbZmR/wSwuhZnuyvccCK+N/0zhQ2hclHWcWdo:xkgmhg/o/YFxMnuy1CT4hQjlHWcWdo
Size	93696 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.aba.1 Avast = Win32:MalOb-EI Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Gen Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.13 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!CHYS6PzzM3c TrendMicro-HouseCall = TROJ_GEN.R4FC1FP Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[Cont] McAfee-GW-Edition = Generic.dx!znw TrendMicro = TROJ_GEN.R4FC1FP Microsoft = Trojan:Win32/Vundo Fortinet = W32/Dx.ZNW!tr PCTools = Trojan.Gen McAfee = Generic.dx!znw F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-EI eSafe = Win32.TRVundo.Aba F-Prot = W32/Virtumonde.CD.gen!Eldorado AVG = Generic21.BEPF Norman = W32/Suspicious_Gen2.MLCSR Sophos = Mal/Generic-L Symantec = Trojan.Gen GData = Gen:Variant.Vundo.13 Commtouch = W32/Virtumonde.CD.gen!Eldorado TheHacker = Trojan/Kryptik.lxf BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:03:29 13:20:18-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 45056 Initialized Data Size : 90112 Uninitialized Data Size : 0 Entry Point : 0x8079 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Tczlgayud Lashwdryrso File Description : TPM WMI Provider File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : Win32_Tpm.DLL Legal Copyright : © Uqyrnikyv Corporation. All rights reserved. Original Filename : Win32_Tpm.DLL Product Name : Mctvsxyca® Sjfzjzy® Dacrqbvzf Ndhpdj Product Version : 6.1.7600.16385
VirusTotal Report submitted 2011-06-30 03:57:47
VirusShare info last updated 2012-07-25 06:04:59

	MD5	685e7240523ca48d4e88548014affa52
	SHA1	5233dc151e2b8a8bc462dc416fb2dc68403118b3
	SHA256	18b2e774e8eb6573c74940be67fe4a192f64d0d0e2d1a22d43148290dd387239
SSDeep	1536:4MkmmGx9t29shR0iYCEboFLQ3Fh1CnCRJZuZMqqU+NV23S2nF:4JGzt7b0iYfboF8kZMqqDLy/nF
Size	86528 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:Vundo-JW Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.FakeAV Panda = Suspicious file nProtect = Gen:Variant.Vundo.4 McAfee-GW-Edition = Generic.evx!a Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo PCTools = Trojan.Gen Jiangmin = Trojan/Generic.gije McAfee = Generic.evx!a F-Secure = Gen:Variant.Vundo.4 Avast5 = Win32:Vundo-JW AVG = Generic23.ABPJ Norman = W32/Suspicious_Gen2.NAWGM Symantec = Trojan.Gen.2 GData = Gen:Variant.Vundo.4 TheHacker = Trojan/Kryptik.owy BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.OWY
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:13 09:32:51-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 32768 Initialized Data Size : 106496 Uninitialized Data Size : 0 Entry Point : 0x8a87 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Softpub Forwarder DLL File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : Softpub Forwarder DLL Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : Softpub Forwarder DLL Product Name : Microsoft® Windows® Operating System Product Version : 6.1.7600.16385
VirusTotal Report submitted 2011-06-30 12:04:35
VirusShare info last updated 2012-07-25 06:05:43

	MD5	6916a87aa80cf6a4c4c22cceacc92c87
	SHA1	110053a67fb17095c7c7aa71f322fd98b8fbc0be
	SHA256	19a2f0bc4d8f8a6754f0f3c31ac7d7a3cc4a302e50e117962876c62789eacbd4
SSDeep	3072:R02VRBdL1v83+j0D18ZI8LsjfKr9LbxLXCq0e:qIshAI8LsOrTLyq0e
Size	131072 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/VB.Downloader.Gen Avast = Win32:Hosts-J Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Swisyn Panda = Trj/Qhost.LU Rising = Trojan.Win32.QHost.awf nProtect = Trojan/W32.Swisyn.131072.T K7AntiVirus = Trojan VirusBuster = Trojan.Swisyn!whPY1JLc4mw VBA32 = SScope.Trojan.VB.0609 eTrust-Vet = Win32/Swisyn.R TrendMicro-HouseCall = TROJ_FAM_00001e3.TOMA Comodo = TrojWare.Win32.Swisyn.C CAT-QuickHeal = TrojanDownloader.Ponmocup.A3 SUPERAntiSpyware = Trojan.Agent/Gen-HackHost McAfee-GW-Edition = Heuristic.BehavesLike.Win32.Downloader.A DrWeb = Trojan.Hosts.303 TrendMicro = TROJ_FAM_00001e3.TOMA Kaspersky = Trojan.Win32.Swisyn.jyb Microsoft = TrojanDownloader:Win32/Ponmocup.A ViRobot = Trojan.Win32.Swisyn.65024 Fortinet = W32/Swisyn.CQV!tr PCTools = Malware.Changeup Jiangmin = Trojan/Swisyn.cby McAfee = Swisyn.s F-Secure = Trojan.QHosts.AVD VIPRE = Trojan.Win32.Swisyn.jyb (v) Avast5 = Win32:Hosts-J F-Prot = W32/Swisyn.E.gen!Eldorado AVG = Dropper.VB.CMD Norman = W32/DLoader.ACMAD Sophos = Mal/Swisyn-D Symantec = W32.Changeup!gen GData = Trojan.QHosts.AVD Commtouch = W32/Swisyn.E.gen!Eldorado TheHacker = Trojan/Swisyn.jyb BitDefender = Trojan.QHosts.AVD NOD32 = Win32/Qhost.NRX
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:13 10:28:38-04:00 PE Type : PE32 Linker Version : 6.0 Code Size : 8192 Initialized Data Size : 8192 Uninitialized Data Size : 0 Entry Point : 0x1088 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2011-07-03 20:51:31
VirusShare info last updated 2012-07-25 06:06:35

	MD5	697ecf43b0ee5681c8565cca1cc4dad3
	SHA1	116adae238f47a22a1d1683a95f3dac060e98177
	SHA256	ae4484969d60705541a47d8d57fd6b6800d7ba794ed0d06f08f9c51f28117856
SSDeep	3072:q+F7akfH7PtjMojegxweCrf7mTi7qfULmybEo7j11F:q+FakxAojeGweuKaq8LmSB7
Size	120832 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-GD [Cryp] Antiy-AVL = Trojan/win32.agent.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Gen Panda = Trj/CI.A Rising = Trojan.Win32.Generic.128A74CE VirusBuster = Trojan.Kryptik.Gen.16 TrendMicro-HouseCall = TROJ_GEN.R1BC2G7 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Artemis!697ECF43B0EE DrWeb = Trojan.WinSpy.1073 TrendMicro = TROJ_GEN.R1BC2G7 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV PCTools = Trojan.Gen McAfee = Artemis!697ECF43B0EE F-Secure = Trojan.Generic.KDV.292583 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-GD [Cryp] F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.BOVF Norman = W32/Vundo.UUZ Symantec = Trojan.Gen GData = Trojan.Generic.KDV.292583 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.npn BitDefender = Trojan.Generic.KDV.292583 NOD32 = a variant of Win32/Kryptik.NPN
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:14 13:39:47-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 69632 Initialized Data Size : 94208 Uninitialized Data Size : 0 Entry Point : 0x11a81 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1.3.0.3130 Product Version Number : 1.3.0.3130 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Jywyluocc Vhpbrgajfmp File Description : TDC ActiveX Control File Version : 1, 3, 0, 3130 Internal Name : TDC Legal Copyright : Copyright © 1996, 1997 Original Filename : TDC.OCX Product Name : Tabular Data Control Product Version : 1, 3, 0, 3130
VirusTotal Report submitted 2011-07-23 02:18:47
VirusShare info last updated 2012-07-25 06:07:02

	MD5	6a3c509eec19a04ab5223b755a69c620
	SHA1	9d09ec77d88da45da3ccea0ee2d4b2a052bf14a0
	SHA256	9b7f3560b6144ef9b6bb2a7512b6a5de9f1c5db41b3025f0696db2d049ab2a02
SSDeep	3072:OaODaqqopwACDKVjmLKrwEu6ZhwHJValiljMqqDLy/esK:DODaq+AMKV+ihwgnqqDLue
Size	166400 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.A.946 Avast = Win32:Kryptik-ELX [Trj] Antiy-AVL = Trojan/Win32.Monder.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Trj/Genetic.gen Rising = Trojan.Win32.Generic.12899D94 nProtect = Trojan/W32.Monder.166400.E K7AntiVirus = Riskware eTrust-Vet = Win32/Vundo.HQK TrendMicro-HouseCall = TROJ_GEN.R1BC2FO Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Vundo!kl DrWeb = Trojan.Smardec.75 TrendMicro = TROJ_GEN.R1BC2FO Kaspersky = Trojan.Win32.Monder.drjy Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr Jiangmin = Trojan/Monder.aapz F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Kryptik-ELX [Trj] eSafe = Win32.TRVundo.A F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.ANJ Norman = W32/Suspicious_Gen2.QFGDW Sophos = Mal/Generic-L GData = Gen:Variant.Vundo.13 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.oxq BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.OXQ
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:12:07 01:22:53-05:00 PE Type : PE32 Linker Version : 5.12 Code Size : 98304 Initialized Data Size : 118784 Uninitialized Data Size : 0 Entry Point : 0x148ca OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.3790.3959 Product Version Number : 6.0.3790.3959 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Microsoft IIS Common Logging Interface DLL File Version : 6.0.3790.3959 (srv03_sp2_rtm.070216-1710) Internal Name : ISCOMLOG.DLL Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : ISCOMLOG.DLL Product Name : Internet Information Services Product Version : 6.0.3790.3959
VirusTotal Report submitted 2011-09-15 14:33:03
VirusShare info last updated 2012-07-25 06:08:13

	MD5	6a7628fbe39d2b0e472de2cf3751e02b
	SHA1	536a54689d4d507d473b115b45b2dbc25f32c85d
	SHA256	8850ddf4793eca1aa97379b6294ae0701084005bed83525019ea57498052b436
SSDeep	1536:idVysttq3pSU9NEBKwee0uLq+XuWJTctoUS+LapfvpiIAX+yC:O4sDqD9iBv0yMWJTcGUS++ppiIaC
Size	88576 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.5.16 Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Suspicious file Rising = Trojan.Win32.Generic.1258B8D3 nProtect = Trojan/W32.Vundo.88576.DH K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!/Uu9gfjxmTg VBA32 = Trojan.Monder.mlgh TrendMicro-HouseCall = TROJ_GEN.R21C1K4 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Generic.dx!zcd DrWeb = Trojan.Virtumod.10249 TrendMicro = TROJ_GEN.R21C1K4 Kaspersky = Trojan.Win32.Monder.mybz Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Monder.abeq McAfee = Generic.dx!zcd F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.BZ.gen!Eldorado AVG = Crypt_c.CDP Norman = W32/Kryptik.AIF Sophos = Troj/MsPoser-B GData = Gen:Variant.Vundo.13 Symantec = Trojan.Gen.2 Commtouch = W32/Virtumonde.BZ.gen!Eldorado BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.JHJ
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:12:24 16:12:21-05:00 PE Type : PE32 Linker Version : 5.12 Code Size : 41984 Initialized Data Size : 80384 Uninitialized Data Size : 0 Entry Point : 0xb21d OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.2600.0 Product Version Number : 6.0.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Internet Connection Wizard Trial Reminder Helper File Version : 6.00.2600.0000 (xpclient.010817-1148) Internal Name : trialoc Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : trialoc.dll Product Name : Microsoft® Windows® Operating System Product Version : 6.00.2600.0000 Ole Self Register :
VirusTotal Report submitted 2011-11-05 15:52:00
VirusShare info last updated 2012-07-25 06:08:26

	MD5	6ae10e648baa7922a195541924b66c86
	SHA1	0ea5df9813d3059e502f03f60792502306310ae3
	SHA256	4962f10ec5241c8a365c9bcccce55159a19da8a53be697685ef78f9dc08ce096
SSDeep	6144:+6tONKkzGXOT8749jB/mCGdyIEyVh5GIjeX3f/Hc2dVStg5Aqpqf3rzV:+6tON3zG+T8E9N4Jv5GIq//Bd4l7f7zV
Size	335884 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Generic Trojan Rising = Trojan.Win32.Generic.128A0CF9 nProtect = Trojan/W32.Agent.335884 K7AntiVirus = Riskware VirusBuster = Trojan.Agent!4DjjY6wyUv0 VBA32 = Trojan.Pirminay.iet TrendMicro-HouseCall = TROJ_GEN.R47C2FJ Comodo = TrojWare.Win32.Trojan.Agent.Gen Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Generic.dx!zvi DrWeb = Trojan.DownLoader4.11794 TrendMicro = TROJ_GEN.R47C2FJ Kaspersky = Trojan.Win32.Pirminay.iet Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Pirminay.A!tr PCTools = Trojan.ADH Jiangmin = Trojan/Generic.gowm McAfee = Generic.dx!zvi F-Secure = Trojan.Generic.6147116 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Malware-gen AVG = Generic22.CNFT Norman = W32/Suspicious_Gen2.MUMEQ Sophos = Mal/Ponmocup-A GData = Trojan.Generic.6147116 TheHacker = Trojan/Kryptik.llt BitDefender = Trojan.Generic.6147116 NOD32 = a variant of Win32/Kryptik.LLT
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2002:08:22 12:28:08-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 335872 Initialized Data Size : 4096 Uninitialized Data Size : 409600 Entry Point : 0xb60c0 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Jyhguogah Qfxydluqvxx File Description : DHCP Client Service File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : dhcpcsvc.dll Legal Copyright : © Fsicgstyd Qalyarmxnoi. All rights reserved. Original Filename : dhcpcsvc.dll Product Name : Isjsosxzm® Bybilfm® Kqhxswhoi Adkrxv Product Version : 6.1.7600.16385
VirusTotal Report submitted 2011-07-21 21:51:49
VirusShare info last updated 2012-07-25 06:08:57

	MD5	6bad75153edccbba2f82909aaba08db0
	SHA1	fd3315bee1fee74c89a60aa110e09e0e1e3114b8
	SHA256	9cb3ad3147b0768a1c89358eabc16cda9aaea1ff6d02ab7115d1f31275c323ce
SSDeep	3072:vO1+RVao1MqqDLy/cfxgzsuOVVFlkNay0z:G1oyqqDLuuecVfkU
Size	106496 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:Pirminay-BU [Trj] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.FakeAV Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.13 TrendMicro-HouseCall = TROJ_GEN.R47C1G5 Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Vundo!ja DrWeb = Trojan.MulDrop2.36782 TrendMicro = TROJ_GEN.R47C1G5 Microsoft = Trojan:Win32/Vundo.gen!AV PCTools = Trojan.Gen McAfee = Vundo!ja F-Secure = Gen:Variant.Vundo.13 VIPRE = Virtumonde Avast5 = Win32:Pirminay-BU [Trj] AVG = Generic23.GEL Norman = W32/Suspicious_Gen2.NHCRK Symantec = Trojan.Gen GData = Gen:Variant.Vundo.13 TheHacker = Trojan/Kryptik.npr BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.NPR
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:08:22 16:27:15-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 36864 Initialized Data Size : 118784 Uninitialized Data Size : 0 Entry Point : 0x5e8e OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.5512 Product Version Number : 5.1.2600.5512 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 4 Language Code : English (U.S.) Character Set : Unicode Company Name : Hhkpnmodi Gztyebnxsek File Description : RDP Display Driver File Version : 5.1.2600.5512 (xpsp.080413-2111) Internal Name : RDPDD.dll Legal Copyright : © Flaqhafxi Kjvcqccrztv. All rights reserved. Original Filename : RDPDD.dll Product Name : Iaunetfay® Dljbfjb® Pbkgrfwtm Qhktdp Product Version : 5.1.2600.5512
VirusTotal Report submitted 2011-07-08 02:42:48
VirusShare info last updated 2012-07-25 06:09:47

	MD5	6fbdd64b77935e9d0de42cdd76c81f64
	SHA1	1488823067504eb5c698c62f0f98a0640342397f
	SHA256	e53c1ae567d3af7a7fa60993eed601dd4863f248e4cbf583aa9396f0cef60890
SSDeep	1536:BLi0sLv7w0awrv5DN8zdO01wNs7jpR9FgcItv6txf4jiVmiEQMUMsXKukPi+psI1:BG0sj7w0Rxs5nrxQjiAi8UMsXKukPi+n
Size	98304 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-EI Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Gen Panda = Trj/CI.A Rising = Trojan.Win32.Generic.1282E4E7 nProtect = Gen:Variant.Vundo.13 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!zSNvVVAA4L0 TrendMicro-HouseCall = TROJ_GEN.R72C2FH Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[RE] McAfee-GW-Edition = Artemis!6FBDD64B7793 DrWeb = Trojan.Smardec.79 TrendMicro = TROJ_GEN.R72C2FH Microsoft = Trojan:Win32/Vundo PCTools = Trojan.Gen McAfee = Artemis!6FBDD64B7793 F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-EI AVG = Generic22.CIMT Symantec = Trojan.Gen GData = Gen:Variant.Vundo.13 TheHacker = Trojan/Kryptik.ndf BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.NDF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:08:30 21:54:27-04:00 PE Type : PE32 Linker Version : 6.0 Code Size : 32768 Initialized Data Size : 98304 Uninitialized Data Size : 0 Entry Point : 0x86d1 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Unicode Company Name : Updhtwtvi Ruivycwxfwr File Description : Platform Specific Hardware Error Driver File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : pshed.dll Legal Copyright : © Pscomdbey Etlzzzaqrax. All rights reserved. Original Filename : pshed.dll Product Name : Cihplvzyu® Owrvvcy® Amdfatsht Chhvwn Product Version : 6.1.7600.16385
VirusTotal Report submitted 2011-07-09 03:46:52
VirusShare info last updated 2012-07-25 06:14:08

	MD5	700c6a64469320711cf7727425a65812
	SHA1	689f2790a2c3ed2508b7d63cde54c1120a953a0f
	SHA256	afd677937f10cb9cc1c4018a88017c174ebcead0d82d510c3c8f724d724053e1
SSDeep	3072:vdty9IqRVzoBMqqDLy/afxgzsuOVVFlkJHay0z:ny9IEDqqDLuUecVfQU
Size	106496 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:Pirminay-BU [Trj] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.FakeAV Panda = Generic Trojan nProtect = Gen:Variant.Vundo.13 VirusBuster = Trojan.Kryptik!lTk+rcJ0VkM TrendMicro-HouseCall = TROJ_GEN.R1BC2FQ Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Vundo!iz DrWeb = Trojan.MulDrop2.36782 TrendMicro = TROJ_GEN.R1BC2FQ Microsoft = Trojan:Win32/Vundo McAfee = Vundo!iz F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Pirminay-BU [Trj] eSafe = Win32.TRVundo AVG = Generic23.GEL Norman = W32/Suspicious_Gen2.MZROR Symantec = Suspicious.Cloud.5 GData = Gen:Variant.Vundo.13 TheHacker = Trojan/Kryptik.npr BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.NPR
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:08:22 16:27:15-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 36864 Initialized Data Size : 118784 Uninitialized Data Size : 0 Entry Point : 0x5e8e OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.5512 Product Version Number : 5.1.2600.5512 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 4 Language Code : English (U.S.) Character Set : Unicode Company Name : Hhkpnmodi Gztyebnxsek File Description : RDP Display Driver File Version : 5.1.2600.5512 (xpsp.080413-2111) Internal Name : RDPDD.dll Legal Copyright : © Flaqhafxi Kjvcqccrztv. All rights reserved. Original Filename : RDPDD.dll Product Name : Iaunetfay® Dljbfjb® Pbkgrfwtm Qhktdp Product Version : 5.1.2600.5512
VirusTotal Report submitted 2011-07-19 20:37:47
VirusShare info last updated 2012-07-25 06:14:29

	MD5	701a95829826035def1fabc28e0998d7
	SHA1	25ec60595d30c3aeaad74f4392cfd09c4f6a13a9
	SHA256	151c3d8ee1ede5b537a28e9de3b9785897421d95b8efa9309eeba3481dcabe82
SSDeep	1536:A6F8O59QIyPndLTNfeVvSZmVNI+1MqqU+NV23S2vuoIh5ClHG3cTGc5jsrtXtRz2:7F759QIyPd3NfeZSZmU8MqqDLy/vuoyX
Size	94208 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:Malware-gen Antiy-AVL = Trojan/win32.agent.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Malware/Win32.Generic Panda = Trj/CI.A K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!+k+/lxJGm70 TrendMicro-HouseCall = TROJ_GEN.R72C2GB Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Generic.evx!c TrendMicro = TROJ_GEN.R72C2GB Microsoft = Trojan:Win32/Vundo McAfee = Generic.evx!c F-Secure = Gen:Heur.Ranpax.1 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Malware-gen eSafe = Win32.TRVundo AVG = Generic23.AJWO Norman = W32/Suspicious_Gen2.NIVLK GData = Gen:Heur.Ranpax.1 BitDefender = Gen:Heur.Ranpax.1 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:01:11 03:46:07-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 28672 Initialized Data Size : 106496 Uninitialized Data Size : 0 Entry Point : 0x7b01 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Unicode Company Name : Xlfqmbeli Uedprnvwcjp File Description : Tjlsmjo Driver Foundation - User-mode Driver Framework Reflector File Version : 6.0.6000.16386 (bevhs_rtm.061101-2205) Internal Name : WUDFRd.sys Legal Copyright : © Uevyddwpw Corporation. All rights reserved. Original Filename : WUDFRd.sys Product Name : Shzuzigfg® Xrnmjnz® Xypptpvxi Wvszdg Product Version : 6.0.6000.16386
VirusTotal Report submitted 2011-07-20 05:02:22
VirusShare info last updated 2012-07-25 06:14:33

	MD5	71d6045fdfa719e58dfc71684cdd302c
	SHA1	e75b2bd60be34f64c0e163f2c9330ed3d9d1a76b
	SHA256	1167b36d14829215d142e65c31ac3e018bcdf833385ba1f19e4c380e1cfbf2ea
SSDeep	3072:B2uu8E9b05tAOxlHMqqDLy/37t5Pd+jMbZk:BtjoktAO4qqDLu37D1Lb
Size	115712 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Gen Panda = Trj/CI.A K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!xMqqvbproTc eTrust-Vet = Win32/Monder.A!generic TrendMicro-HouseCall = TROJ_GEN.R72C1G5 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Vundo!iz TrendMicro = TROJ_GEN.R72C1G5 Microsoft = Trojan:Win32/Vundo PCTools = Trojan.Gen McAfee = Vundo!iz F-Secure = Trojan.Generic.KDV.270328 VIPRE = Virtumonde Avast5 = Win32:Malware-gen eSafe = Win32.TRVundo AVG = Generic23.AAPK Symantec = Trojan.Gen GData = Trojan.Generic.KDV.270328 TheHacker = Trojan/Kryptik.plf BitDefender = Trojan.Generic.KDV.270328 NOD32 = a variant of Win32/Kryptik.PLF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:06:01 22:56:01-04:00 PE Type : PE32 Linker Version : 5.12 Code Size : 57344 Initialized Data Size : 114688 Uninitialized Data Size : 0 Entry Point : 0x9f96 OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Tkruwvazp Ijiisppbjpc File Description : Xjzhmuhqv® Wqelzuk SX Shared Library File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : sx_shared Legal Copyright : © Sggosiful Gbstdbjipgs. All rights reserved. Original Filename : sx_shared.dll Product Name : Avboyegol® Fcozpnm® Cfkqguksw Gzyvzf Product Version : 6.1.7600.16385
VirusTotal Report submitted 2011-07-15 23:54:30
VirusShare info last updated 2012-07-25 06:16:25

	MD5	73b01f6bffe4991deda342326cb500a2
	SHA1	f55880a1e689eaa5bb549f2f9bb94807c52d2dff
	SHA256	bbf9f786ee7dbbc13243082128f8322d8bc5f51ea192864bccded1b280126d57
SSDeep	3072:+sWVYwkpktPW99I6MDyfHWWAoJCUoEp+e+z4mRBDjyptG:+sMkytPmHTCHz4mRBnyp
Size	133120 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-GD [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.FakeAV nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware Emsisoft = Trojan.Win32.Pirminay!IK Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr Jiangmin = Trojan/Generic.ipsf F-Secure = Gen:Variant.Vundo.4 F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.AUNW GData = Gen:Variant.Vundo.4 Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Gen:Variant.Vundo.4 NOD32 = probably a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:09 21:06:46-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 73728 Initialized Data Size : 98304 Uninitialized Data Size : 0 Entry Point : 0xfd9a OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 4.6.3.518 Product Version Number : 4.6.3.518 File Flags Mask : 0x30003f File Flags : (none) File OS : Windows 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Windows, Latin1 Company Name : Microsoft Corporation File Description : Microsoft DirectDraw File Version : 4.06.03.0518 Internal Name : ddraw.dll Legal Copyright : Copyright © Microsoft Corp. 1994-1999 Original Filename : ddraw.dll Product Name : Microsoft® DirectX for Windows® 95 and 98 Product Version : 4.06.03.0518
VirusTotal Report submitted 2011-10-16 17:18:04
VirusShare info last updated 2012-07-25 06:18:39

	MD5	73cc77e49c1069df9598d6133d046999
	SHA1	1a9d9683d56306d828df2fdd6da5dbfad79ca67d
	SHA256	0271b73ce600478a69a458731d9572030bfc3e378457a1741c3adf8bfd0c6bdf
SSDeep	6144:b/VJmfC0G9r69IUjJIBb59VOI27P+kgGws62uZukRX4iMyVPzXfVvE5YEdJWqU:b/VJmfC0GkpJIt59VOI2j+/GXduu6X4u
Size	365098 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:Pirminay-W [Trj] Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Pirminay.365098 Panda = Trj/CI.A Rising = Trojan.Win32.Generic.128D11AF nProtect = Trojan/W32.Pirminay.365098 K7AntiVirus = Riskware VirusBuster = Trojan.Agent!wWzOKfPZuS4 TrendMicro-HouseCall = TROJ_GEN.R21C2F3 Comodo = TrojWare.Win32.Trojan.Agent.Gen Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Pirminay.gvv SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Heuristic.BehavesLike.Win32.Downloader.H DrWeb = Trojan.DownLoader4.45469 TrendMicro = TROJ_GEN.R21C2F3 Kaspersky = Trojan.Win32.Pirminay.gvv Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Ponmocup.A PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.xg McAfee = Generic Downloader.x!fyu ClamAV = Trojan.Pirminay-1 F-Secure = Trojan.Generic.5867365 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Pirminay-W [Trj] eSafe = Win32.Fakealert.Sesh F-Prot = W32/Ponmocup.A.gen!Eldorado AVG = Generic22.AFGV Sophos = Mal/Ponmocup-A Symantec = Trojan.Gen GData = Trojan.Generic.5867365 Commtouch = W32/Ponmocup.A.gen!Eldorado TheHacker = Trojan/Pirminay.giu BitDefender = Trojan.Generic.5867365 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:18 11:12:37-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 57344 Initialized Data Size : 593920 Uninitialized Data Size : 0 Entry Point : 0xae8f OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 9.1.1.3841 Product Version Number : 9.1.1.3841 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Ijlmnyuen Caxlrympeju File Description : Kbhqrel Media Services HTTP Control Protocol Plugin Property Page File Version : 9.01.01.3841 (srv03_sp2_rtm.070216-1710) Internal Name : WMSHTTPControlPropPage.Dll Legal Copyright : © Ylqzeicer Peheyysfnid. All rights reserved. Original Filename : WMSHTTPControlPropPage.Dll Product Name : Qehnslxou® Ctogeij Media Services Product Version : 9.01.01.3841
VirusTotal Report submitted 2011-08-27 18:19:21
VirusShare info last updated 2012-07-25 06:18:48

	MD5	7436b96d3208ee8a9b1d3288cf549ee6
	SHA1	8796eee475fd7a9283d56cf509dda69a851534cb
	SHA256	e307a331bb60639a03b3940e0d9e0f03b3a3835548c03ae8f3ee7685c4fa48d7
SSDeep	1536:8p79mGyck59shbUiYrvKbo3LQ3Fh1CnCRJZuZMqqU+NV23S2e:8GGyhM1UiYrCboP8kZMqqDLy/e
Size	86528 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:Vundo-JW [Trj] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Fakeav.86528.R Panda = Suspicious file nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!Xzq34ctDRUA TrendMicro-HouseCall = TROJ_GEN.R72C2FN Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware DrWeb = Trojan.WinSpy.1072 TrendMicro = TROJ_GEN.R72C2FN Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo Jiangmin = Trojan/Generic.gije F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Vundo-JW [Trj] F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.BPR GData = Gen:Variant.Vundo.4 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.owy BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.OWY
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:13 09:32:51-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 32768 Initialized Data Size : 106496 Uninitialized Data Size : 0 Entry Point : 0x8a87 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Softpub Forwarder DLL File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : Softpub Forwarder DLL Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : Softpub Forwarder DLL Product Name : Microsoft® Windows® Operating System Product Version : 6.1.7600.16385
VirusTotal Report submitted 2011-07-22 19:43:31
VirusShare info last updated 2012-07-25 06:19:22

	MD5	74a489ce7fd098af7ec7c341179c5534
	SHA1	176d4e39c39e08be157d55661254e65c3a12d8ed
	SHA256	1e278f7d23e61c9661fe268bdd9422a71c735d051b453a0a279a5c4ea3cc1958
SSDeep	1536:Morle3T53gPeOeg0nkN9jtsosyQav/0UBohnoXZtO1SUi2JWEPy9lJglx:Morc1wPeZs9jRbQa30FOZf12By9l2l
Size	94208 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay Panda = Suspicious file nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware VBA32 = AdWare.SuperJuan.heur eTrust-Vet = Win32/Monder.A!generic Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Vundo.Gen DrWeb = Trojan.Virtumod.9773 Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Menti.fam!tr Jiangmin = Trojan/Monder.aafv F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-EI [Cryp] F-Prot = W32/Virtumonde.CH.gen!Eldorado Norman = W32/Kryptik.AIF GData = Gen:Variant.Vundo.4 Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Adware.Virtumonde.NKN
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:09:30 19:02:04-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 40960 Initialized Data Size : 86016 Uninitialized Data Size : 0 Entry Point : 0xa8a4 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.0.43.24229 Product Version Number : 2.0.43.24229 File Flags Mask : 0x30001f File Flags : Pre-release, Private build File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Windows, Latin1 Active Movie : Hauppauge WinTV Color Format Converter 2 Company Name : Hauppauge Computer Works, Inc. File Description : Hauppauge WinTV Color Format Converter 2 File Version : 2.0.43.24229 Internal Name : hcwCCnv2.ax Legal Copyright : Copyright (C) 2004-2006 Hauppauge Computer Works, Inc. OLE Self Register : AM20 Original Filename : hcwCCnv2.ax Product Name : Hauppauge WinTV Color Format Converter 2 Product Version : 2.0.43.24229
VirusTotal Report submitted 2011-09-23 16:46:57
VirusShare info last updated 2012-07-25 06:19:48

	MD5	74f12cff74561e635d0c3eadd9f2d32d
	SHA1	062d945a328bf2776e26331925da0d583e3c9027
	SHA256	eb72b12238820b5ab0697960b6a4c22f7055694f0d69da74b2ca881c0df854a9
SSDeep	3072:qX8A8Me7T/nrp78/SVORTN1hCXn1wMwHyaXnTcRJGTawOCYbxtpIPRZZSdUT:qXmMe7fpNVfwMwpThwpI4+
Size	150016 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:MalOb-GD [Cryp] Antiy-AVL = Trojan/win32.agent.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.HDC Panda = Generic Trojan Rising = Trojan.Win32.Generic.12940687 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!Scs9F+QYMWY TrendMicro-HouseCall = TROJ_GEN.R1BC2H3 Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Agent.Gen SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Vundo!kl TrendMicro = TROJ_GEN.R1BC2H3 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.gdwr McAfee = Vundo!kl F-Secure = Gen:Heur.Ranpax.1 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic24.BQAM Norman = W32/Suspicious_Gen2.QFHTR Sophos = Mal/Generic-L GData = Gen:Heur.Ranpax.1 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.ndf BitDefender = Gen:Heur.Ranpax.1 NOD32 = a variant of Win32/Kryptik.NDF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2007:02:25 23:57:15-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 139264 Initialized Data Size : 53248 Uninitialized Data Size : 0 Entry Point : 0x22691 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Sqdxuwjyv Jtzvdxwxyfz File Description : RD Gateway QEC File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : tsgqec.dll Legal Copyright : © Pfsomcmvl Jfkoqfylawb. All rights reserved. Original Filename : tsgqec.dll Product Name : Qidllkosj® Windows® Mphwnomth Jumiqu Product Version : 6.1.7600.16385
VirusTotal Report submitted 2011-10-21 11:22:01
VirusShare info last updated 2012-07-25 06:20:08

	MD5	75b733953ae1a6099e27e909ab50260c
	SHA1	78bf0261a5382908cde058cdda7c0a83d1c3c5c2
	SHA256	739b8dff3d1d44ea8706effd785ff38222acc3c1927a7fcff3543ade2fcc58af
SSDeep	12288:ObUCBu7NT/KXmivtyz6Nr74YFUMKMykQzgPdnY:ObpMNT/KWIfr74YyjkQzgS
Size	462183 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.XPACK.Gen2 Avast = Win32:Malware-gen Antiy-AVL = Trojan/win32.agent.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/CI.A Rising = Backdoor.Win32.Fednu.lz K7AntiVirus = Trojan VirusBuster = Trojan.DL.Agent!96TWS5pZuQ4 TrendMicro-HouseCall = TROJ_GEN.R47C2FR Comodo = TrojWare.Win32.Trojan.Agent.Gen McAfee-GW-Edition = Artemis!75B733953AE1 DrWeb = Trojan.DownLoader3.55391 TrendMicro = TROJ_GEN.R47C2FR Kaspersky = Trojan.Win32.Pirminay.jni ViRobot = Trojan.Win32.Pirminay.462183 Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Pirminay.JNI!tr PCTools = Trojan.ADH Jiangmin = Trojan/Pirminay.agi McAfee = Suspect-BA!75B733953AE1 F-Secure = Trojan.Generic.6192036 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Malware-gen eSafe = Win32.TRCrypt.XPACK AVG = SHeur3.CGQQ Norman = W32/Suspicious_Gen2.MZYIK Sophos = Mal/Generic-L Symantec = Trojan.ADH GData = Trojan.Generic.6192036 BitDefender = Trojan.Generic.6192036 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:03:30 09:10:41-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 438272 Initialized Data Size : 24576 Uninitialized Data Size : 557056 Entry Point : 0xf3a00 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2011-07-03 20:52:36
VirusShare info last updated 2012-07-25 06:21:09

	MD5	76fef441a66c4bcf346a59b0f92200f2
	SHA1	1b4ac037c9362f5f0b7585b0dd195b49c7303a06
	SHA256	42f58b7b1d38b1e082b2f8e42d8273dcf87de7e0da3eac3aec4a5731214fdc49
SSDeep	1536:+QmYmG1xZ9shPNQiYSOboxLQ3FI1CnCRJZuZMqqU+NV23S2y:+1G1xsV+iYRboy8kZMqqDLy/y
Size	86528 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:Vundo-JW [Trj] Antiy-AVL = Trojan/win32.agent.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Fakeav.86528.R Panda = Trj/Genetic.gen Rising = Trojan.Win32.Generic.128B3D71 nProtect = Trojan/W32.Agent.86528.MA K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!doKOb2qyjbk eTrust-Vet = Win32/Vundo.HSC TrendMicro-HouseCall = TROJ_GEN.R1BC2GP Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Vundo!kf DrWeb = Trojan.WinSpy.1072 TrendMicro = TROJ_GEN.R1BC2GP Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr Jiangmin = Trojan/Generic.gije McAfee = Vundo!kf F-Secure = Gen:Variant.Vundo.4 VIPRE = Virtumonde Avast5 = Win32:Vundo-JW [Trj] F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.BWMQ Norman = W32/Suspicious_Gen2.NRUEK Sophos = Mal/Generic-L GData = Win32:Vundo-JW Symantec = WS.Reputation.1 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.owy BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.OWY
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:13 09:32:51-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 32768 Initialized Data Size : 106496 Uninitialized Data Size : 0 Entry Point : 0x8a87 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Softpub Forwarder DLL File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : Softpub Forwarder DLL Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : Softpub Forwarder DLL Product Name : Microsoft® Windows® Operating System Product Version : 6.1.7600.16385
VirusTotal Report submitted 2011-09-16 17:31:46
VirusShare info last updated 2012-07-25 06:22:31

	MD5	77091988be1f292d45dbef2cb5466220
	SHA1	ef3f61e618dc55db3788fc394686a23473060b0b
	SHA256	a08b4dcf31b2c89a8357e627334e2228bb5e50162eea74148d1ac07b19db3664
SSDeep	3072:RNCYagYSq6xcUS/u2Psjj5oNRiH6GYy9GOS/+nAcKlBH:RNCYJ6q2PutMxy22njQ
Size	135168 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-EI Ikarus = Trojan.Win32.Pirminay Panda = Suspicious file nProtect = Gen:Variant.Vundo.13 F-Secure = Gen:Variant.Vundo.13 Avast5 = Win32:MalOb-EI AVG = Generic22.BZCG GData = Gen:Variant.Vundo.13 BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.LLT
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:11:23 12:22:02-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 106496 Initialized Data Size : 61440 Uninitialized Data Size : 0 Entry Point : 0x17889 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.0 Product Version Number : 5.2.3790.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Neshbidro Gdaeuxfmozv File Description : WIA Video File Version : 5.2.3790.0 (srv03_rtm.030324-2048) Internal Name : WIA Video Legal Copyright : © Urbjjpmzq Gjltvmzbric. All rights reserved. Original Filename : WIAVIDEO.DLL Product Name : Ujanimkrv® Acjdkou® Tgwygwffc Lgwmsd Product Version : 5.2.3790.0
VirusTotal Report submitted 2011-06-03 14:10:46
VirusShare info last updated 2012-07-25 06:22:33

	MD5	778c651c4d68f92e4f8a97bd762d0142
	SHA1	582efde1d1aef59809b3f15f0efdc95368428c93
	SHA256	caea5343d0bf79c698938d4f9ad30068e4b0f2541ebaa468b8f8336c84a7869c
SSDeep	12288:qmuH1B7lSJhEypUOGtPM7sYGLL7LXBjNqV2oxF:qLIz2FV6AL79jC2A
Size	469469 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Spy.469366 Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Suspicious file nProtect = Trojan/W32.Pirminay.469469 K7AntiVirus = Trojan VBA32 = Trojan.Pirminay.hsg TrendMicro-HouseCall = TROJ_GEN.R01C2F3 Comodo = TrojWare.Win32.Trojan.Agent.Gen Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Pirminay.hsg McAfee-GW-Edition = Heuristic.BehavesLike.Win32.Suspicious.H DrWeb = Trojan.DownLoader3.6836 TrendMicro = TROJ_GEN.R01C2F3 Kaspersky = Trojan.Win32.Pirminay.hsg Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Pirminay.A!tr PCTools = Trojan.ADH McAfee = Generic Downloader.x!fyq F-Secure = Gen:Trojan.Heur.JP.Cq1@ai5OImzS VIPRE = Trojan.Win32.Generic!SB.0 Avast5 = Win32:Vundo-JU eSafe = Win32.GenHeur.JP.Cq@ AVG = SHeur3.CBNM Norman = W32/Obfuscated.L Sophos = Mal/Ponmocup-A Symantec = Trojan.ADH GData = Gen:Trojan.Heur.JP.Cq1@ai5OImzS TheHacker = Trojan/Pirminay.hsg BitDefender = Gen:Trojan.Heur.JP.Cq1@ai5OImzS NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:17 06:51:31-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 65536 Initialized Data Size : 761856 Uninitialized Data Size : 0 Entry Point : 0xce33 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 0.3.1281.0 Product Version Number : 6.0.5479.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 12 Language Code : Arabic Character Set : Unicode Company Name : Microsoft Corporation File Description : برنامج تشغيل SEIKOSH9 File Version : 6.0.5479.0 (vbl_wcp_d2_drivers.060616-1619) Internal Name : SEK9RES.dll Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : SEK9RES.dll Product Name : Microsoft® Windows® Operating System Product Version : 6.0.5479.0
VirusTotal Report submitted 2011-07-21 13:08:04
VirusShare info last updated 2012-07-25 06:23:06

	MD5	7a920a772d46c5bcf7a64986b1f9fb3e
	SHA1	925a29841890bc1f3ddf41fdc0a2f973f3c33687
	SHA256	134bbf38b498737a51407c97bd9b3978b90005cefd114da99c21e2dcc0d8684e
SSDeep	3072:wZAmKrak7H7NtjzoTZyxweCrf78TiCofULmUbEo7j51F:KARak7voTZEweuUzo8Lm4Bf
Size	120832 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-GD Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Gen Panda = Trj/CI.A K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!qKpROpsPgQ8 TrendMicro-HouseCall = TROJ_GEN.R72C2FN Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Artemis!7A920A772D46 TrendMicro = TROJ_GEN.R72C2FN Microsoft = Trojan:Win32/Vundo PCTools = Trojan.Gen McAfee = Artemis!7A920A772D46 F-Secure = Trojan.Generic.6102425 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-GD AVG = Generic22.BUEJ Symantec = Trojan.Gen.2 GData = Trojan.Generic.6102425 TheHacker = Trojan/Kryptik.npn BitDefender = Trojan.Generic.6102425 NOD32 = a variant of Win32/Kryptik.NPN
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:14 13:39:47-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 69632 Initialized Data Size : 94208 Uninitialized Data Size : 0 Entry Point : 0x11a81 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1.3.0.3130 Product Version Number : 1.3.0.3130 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Jywyluocc Vhpbrgajfmp File Description : TDC ActiveX Control File Version : 1, 3, 0, 3130 Internal Name : TDC Legal Copyright : Copyright © 1996, 1997 Original Filename : TDC.OCX Product Name : Tabular Data Control Product Version : 1, 3, 0, 3130
VirusTotal Report submitted 2011-06-30 06:12:22
VirusShare info last updated 2012-07-25 06:26:18

	MD5	7ab8a6d2a3f41fd35f4cb642f371cee4
	SHA1	8346810551dee2487f54725f69889e310f680d0c
	SHA256	ac512c3b82154181df5953383e29e1d9962ac280be5b4902d37474ac15ef3d4d
SSDeep	1536:U4GwSC/UXuY28bQJjml9I3k3lQ36QDkUf:UPwx8b20QJj83lQ39k
Size	49664 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:MalOb-GH Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Gen Panda = Trj/CI.A K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!zxNX7mp3nE4 TrendMicro-HouseCall = TROJ_GEN.R72C2FL Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Artemis!7AB8A6D2A3F4 TrendMicro = TROJ_GEN.R72C2FL Microsoft = Trojan:Win32/Vundo.gen!AV ViRobot = Trojan.Win32.Vundo.49664 PCTools = Trojan.Gen McAfee = Artemis!7AB8A6D2A3F4 F-Secure = Trojan.Generic.6147587 VIPRE = Trojan.Win32.Kryptik.laq (v) Prevx = Medium Risk Malware Avast5 = Win32:MalOb-GH AVG = Generic23.CSM Symantec = Trojan.Gen GData = Trojan.Generic.6147587 TheHacker = Trojan/Kryptik.ocu BitDefender = Trojan.Generic.6147587 NOD32 = a variant of Win32/Kryptik.OCU
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2004:08:16 10:16:46-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 40960 Initialized Data Size : 49152 Uninitialized Data Size : 0 Entry Point : 0xaeb1 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2001.12.4414.258 Product Version Number : 3.0.0.4414 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Windows, Latin1 Company Name : Yzwibhlqj Ewifvhxbtkz File Description : Simple Kernel-mode File-based Log File Version : 2001.12.4414.258 Internal Name : txflog.sys Legal Copyright : Copyright (C) Microsoft Corp. 1995-1999 Legal Trademarks : Qfvwqsgxa(R) is a registered trademark of Ighyzngxg Psbzwdzhbpn. Pbnyczd(TM) is a trademark of Zlpagiibr Klpywuagrfb Product Name : COM Services Product Version : 03.00.00.4414
VirusTotal Report submitted 2011-07-04 18:52:02
VirusShare info last updated 2012-07-25 06:26:27

	MD5	7ba3b1c0aac817cf223be3b3428c7155
	SHA1	3a7b239bd63371baf70a24166156e5010396d7c0
	SHA256	852bb1f6a333d580d8527d3b893fd239df3454febb68a3e00590209762c3d51c
SSDeep	1536:3a4ezrmGd7j9sh8HiY6abopLQ3Fs1CnCRJZuZMqqU+NV23S2C:qRWGd7iCHiYFbo68kZMqqDLy/C
Size	86528 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:Vundo-JW [Trj] Antiy-AVL = Trojan/win32.agent.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Fakeav.86528.R Panda = Trj/Genetic.gen Rising = Trojan.Win32.Generic.128AEAAD nProtect = Trojan/W32.Agent.86528.MA K7AntiVirus = Riskware eTrust-Vet = Win32/Vundo.HSC TrendMicro-HouseCall = TROJ_GEN.R47C2FI Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Vundo!mh DrWeb = Trojan.WinSpy.1072 TrendMicro = TROJ_GEN.R47C2FI Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.gije McAfee = Vundo!mh F-Secure = Gen:Variant.Vundo.4 VIPRE = Virtumonde eSafe = Win32.TRVundo F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.BWRU Norman = W32/Suspicious_Gen2.NRWGT Sophos = Troj/Virtum-Gen Symantec = Trojan.Gen GData = Gen:Variant.Vundo.4 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.owy BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.OWY
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:13 09:32:51-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 32768 Initialized Data Size : 106496 Uninitialized Data Size : 0 Entry Point : 0x8a87 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Softpub Forwarder DLL File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : Softpub Forwarder DLL Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : Softpub Forwarder DLL Product Name : Microsoft® Windows® Operating System Product Version : 6.1.7600.16385
VirusTotal Report submitted 2011-10-21 14:24:47
VirusShare info last updated 2012-07-25 06:27:30

	MD5	7ce9b2cd00f7bd151cc8ce62099a6aad
	SHA1	5e22d606572329509546d8fd6dc15cab15e545b5
	SHA256	9b7da39415d56fe3b3c370dba36963adc9747e90b208b3b3c1febcc55cea0ce6
SSDeep	6144:BglFTWqt05nObjCWWXnE601Zl0nGCCN2JxkFTk+xWtNyX81FpvKu3ZyXR53LkKPP:BgTEnOPCFEfqnYNsiFBqNyXsbCupyrB
Size	364544 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.XPACK.Gen2 Ikarus = Trojan.Win32.Pirminay Panda = Trj/CI.A DrWeb = Trojan.DownLoader3.35245 Kaspersky = Trojan.Win32.Pirminay.iou Fortinet = W32/Pirminay.IOU!tr VIPRE = Trojan.Win32.Generic!BT AVG = Generic23.PFE Norman = W32/Obfuscated.L
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2002:08:16 13:16:47-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 352256 Initialized Data Size : 16384 Uninitialized Data Size : 487424 Entry Point : 0xccf50 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.0.2159.1 Product Version Number : 5.0.2159.1 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Xjauztttu Vsnpftbfygc File Description : Falqcqtkx Internet Server WAM DLL File Version : 5.00.0984 Internal Name : wam.dll Legal Copyright : Copyright (C) Sbwndofsj Corp. 1981-1999 Original Filename : wam.dll Product Name : Internet Information Services Product Version : 5.00.0984
VirusTotal Report submitted 2011-06-21 11:17:59
VirusShare info last updated 2012-07-25 06:29:06

	MD5	7f062f2bc4bf90887683de077efb94b7
	SHA1	931adba508011a3a7c3273246a2960d2d9c0c756
	SHA256	b792d9d547a7011e3920f251862cb4de64571dcf6dfecb634c96dbea396df528
SSDeep	3072:RhxsjTMHQ1lOSiMycP1E3HvXkgad5t1WAblHt2KWr0P:zoLl0c9E3HvVa6AhHYgP
Size	119296 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/VB.Downloader.Gen Avast = Win32:Hosts-J Antiy-AVL = Trojan/Win32.Swisyn.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Swisyn Panda = Trj/Qhost.LU Rising = Trojan.Win32.QHost.awf nProtect = Trojan.QHosts.AVD K7AntiVirus = Trojan VirusBuster = Trojan.Swisyn!whPY1JLc4mw VBA32 = SScope.Trojan.VB.0609 eTrust-Vet = Win32/Swisyn.R TrendMicro-HouseCall = TROJ_FAM_00001e3.TOMA Comodo = TrojWare.Win32.Swisyn.C Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = TrojanDownloader.Ponmocup.A3 SUPERAntiSpyware = Trojan.Agent/Gen-HackHost McAfee-GW-Edition = Heuristic.BehavesLike.Win32.Downloader.A DrWeb = Trojan.Hosts.303 TrendMicro = TROJ_FAM_00001e3.TOMA Kaspersky = Trojan.Win32.Swisyn.jyb Microsoft = TrojanDownloader:Win32/Ponmocup.A ViRobot = Trojan.Win32.Swisyn.65024 Fortinet = W32/Swisyn.CQV!tr PCTools = Malware.Changeup Jiangmin = Trojan/Swisyn.cby McAfee = Swisyn.s F-Secure = Trojan.QHosts.AVD VIPRE = Trojan.Win32.Swisyn.jyb (v) Avast5 = Win32:Hosts-J eSafe = Win32.TRVB.Downloade F-Prot = W32/Swisyn.E.gen!Eldorado AVG = Dropper.VB.CMD Norman = W32/DLoader.ACMAD Sophos = Mal/Swisyn-D Symantec = W32.Changeup!gen GData = Trojan.QHosts.AVD Commtouch = W32/Swisyn.E.gen!Eldorado TheHacker = Trojan/Swisyn.jyb BitDefender = Trojan.QHosts.AVD NOD32 = Win32/Qhost.NRX
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:13 10:28:38-04:00 PE Type : PE32 Linker Version : 6.0 Code Size : 8192 Initialized Data Size : 8192 Uninitialized Data Size : 0 Entry Point : 0x1088 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2011-05-29 05:40:53
VirusShare info last updated 2012-07-25 06:31:38

	MD5	819119f2aaea219258b4caceeacf707b
	SHA1	060230ab31fb25da5b36784449fc4fdf6285fa99
	SHA256	cc8c757282586c75f43360a7219add460b59eed4639266acec1592d2869e1add
SSDeep	3072:bnWysui0wHIOp+Ttsduv026vAI8FXqtB9N6fr:Eui0wodTR6vG6tB9
Size	110592 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-GD Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Gen Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_GEN.R72C2F8 Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[RE] McAfee-GW-Edition = Vundo!iz TrendMicro = TROJ_GEN.R72C2F8 Microsoft = Trojan:Win32/Vundo PCTools = Trojan.Gen McAfee = Vundo!iz F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-GD AVG = Generic22.BEOH Norman = W32/Suspicious_Gen2.MYKPT Symantec = Trojan.Gen GData = Gen:Variant.Vundo.4 BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.NPN
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:01:18 12:40:54-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 77824 Initialized Data Size : 73728 Uninitialized Data Size : 0 Entry Point : 0x13721 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 8.0.6001.18000 Product Version Number : 8.0.6001.18000 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Utfqnpffp Tmcvicqbytv File Description : Fycfhkzof Speech Recognition Engine Extensions File Version : 8.0.6001.18000 (longhorn_rtm.080118-1840) Internal Name : spsrx.dll Legal Copyright : © Rltrmfixs Hcbfifzaiou. All rights reserved. Original Filename : spsrx.dll Product Name : Mfwsmhdoa® Oycenav® Niqcutlec Omlftm Product Version : 8.0.6001.18000
VirusTotal Report submitted 2011-06-25 21:51:59
VirusShare info last updated 2012-07-25 06:34:46

	MD5	829ce389258abc11df15806b2bf0e5bb
	SHA1	4cb6e65fc6254e2ca1cec5513abe9f4a0d14f4fb
	SHA256	3f5410e50e093d8eb84a1b0f309012f226b36e183af8c46646cc7ae27ce7c216
SSDeep	1536:APGz7YrS6t9iMTN0t5ZO7dG6XijYwLERpK2iKAXM3QGozC/1tJ:RYrheROFXiUfQGozC/fJ
Size	114176 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.AV.572 Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/Win32.Monder.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.FakeAV Panda = Trj/Genetic.gen nProtect = Trojan/W32.Monder.114176.O K7AntiVirus = Riskware VirusBuster = Trojan.Monder!0SxHxagxLsw VBA32 = Trojan.Monder.drjy TrendMicro-HouseCall = TROJ_MONDR.SMUM Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Monder.drjy McAfee-GW-Edition = Artemis!829CE389258A DrWeb = Trojan.Virtumod.9851 TrendMicro = TROJ_MONDR.SMUM Kaspersky = Trojan.Win32.Monder.drjy Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Monder.BMF!tr PCTools = Trojan.Gen Jiangmin = Trojan/Monder.aamm McAfee = Artemis!829CE389258A F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.CFBI Sophos = Troj/Virtum-Gen Symantec = Trojan.Gen.2 GData = Gen:Variant.Vundo.13 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.lxf BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:06:17 01:37:32-04:00 PE Type : PE32 Linker Version : 5.12 Code Size : 57344 Initialized Data Size : 102400 Uninitialized Data Size : 0 Entry Point : 0xafd6 OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 9.0.32.3 Product Version Number : 9.0.32.3 File Flags Mask : 0x003f File Flags : Pre-release File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 6 Language Code : English (U.S.) Character Set : Unicode Company Name : Marvell File Description : NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller File Version : 9.0.32.3 built by: WinDDK Internal Name : YK60X86.sys Legal Copyright : ©Copyright 2002-2006 Marvell®. All rights reserved. Original Filename : YK60X86.sys Product Name : Marvell Yukon Ethernet Controller Product Version : 9.0.32.3
VirusTotal Report submitted 2011-10-21 15:25:31
VirusShare info last updated 2012-07-25 06:35:58

	MD5	8335488eee6f178b7541cde358e3d0bb
	SHA1	a0f319aea70d85c773897bf7fb9a8f900b110a75
	SHA256	ca2643ef35d0b80d70c48f445a8d98705504ea9d1834b8f13bd4e6058bf54ce2
SSDeep	3072:VwMCakhH7Utj9ov1nGxweCrf7XTik9cyfULmhbEo7jV1F:Vwdakuhov1YweuDGy8LmBBb
Size	120832 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-GD [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Gen Panda = Trj/CI.A K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!nzJDWf0Ycbg TrendMicro-HouseCall = TROJ_GEN.R72C2FF Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Artemis!8335488EEE6F TrendMicro = TROJ_GEN.R72C2FF Microsoft = Trojan:Win32/Vundo PCTools = Trojan.Gen McAfee = Artemis!8335488EEE6F F-Secure = Trojan.Generic.KDV.281691 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-GD [Cryp] AVG = Generic22.CDVB Symantec = Trojan.Gen GData = Trojan.Generic.KDV.281691 TheHacker = Trojan/Kryptik.npn BitDefender = Trojan.Generic.KDV.281691 NOD32 = a variant of Win32/Kryptik.NPN
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:14 13:39:47-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 69632 Initialized Data Size : 94208 Uninitialized Data Size : 0 Entry Point : 0x11a81 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1.3.0.3130 Product Version Number : 1.3.0.3130 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Jywyluocc Vhpbrgajfmp File Description : TDC ActiveX Control File Version : 1, 3, 0, 3130 Internal Name : TDC Legal Copyright : Copyright © 1996, 1997 Original Filename : TDC.OCX Product Name : Tabular Data Control Product Version : 1, 3, 0, 3130
VirusTotal Report submitted 2011-07-09 03:24:01
VirusShare info last updated 2012-07-25 06:36:38

	MD5	841577afc48e80c1fde176003bf128f6
	SHA1	f248db3e8dea535cb56d99edc3ea574c9df1ce89
	SHA256	f9c365502ffc2dd214e2d90ee0f25d763c652b638ce23ae1ff5f8c76081f77d2
SSDeep	1536:U4e5wSC/UXuY28bQJjml9I3k3lQ36QDkUJt:Upwx8b20QJj83lQ39k
Size	49664 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Ikarus = Trojan.Win32.Pirminay SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] VIPRE = Trojan.Win32.Kryptik.laq (v) Prevx = Medium Risk Malware
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2004:08:16 10:16:46-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 40960 Initialized Data Size : 49152 Uninitialized Data Size : 0 Entry Point : 0xaeb1 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2001.12.4414.258 Product Version Number : 3.0.0.4414 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Windows, Latin1 Company Name : Yzwibhlqj Ewifvhxbtkz File Description : Simple Kernel-mode File-based Log File Version : 2001.12.4414.258 Internal Name : txflog.sys Legal Copyright : Copyright (C) Microsoft Corp. 1995-1999 Legal Trademarks : Qfvwqsgxa(R) is a registered trademark of Ighyzngxg Psbzwdzhbpn. Pbnyczd(TM) is a trademark of Zlpagiibr Klpywuagrfb Product Name : COM Services Product Version : 03.00.00.4414
VirusTotal Report submitted 2011-05-20 21:08:52
VirusShare info last updated 2012-07-25 06:37:33

	MD5	8455814f8e9b72a22127ebf2150699e3
	SHA1	0f4dab41f7053a73fadd77cfa1d513fb47e85f03
	SHA256	8e716bece97f7d6817697bf63de078eaafb2ece9d0b18fec30539997c0dd2b37
SSDeep	1536:+hY8OmG0IU9sht2iYUKboxLQ3F11CnCRJZuLMqqU+NV23S2s+:+hFG0I1P2iYjboF8kLMqqDLy/s+
Size	86528 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:Vundo-JW [Trj] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.FakeAV Panda = Suspicious file nProtect = Gen:Variant.Vundo.4 Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Artemis!8455814F8E9B Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV PCTools = Trojan.Gen Jiangmin = Trojan/Generic.gije McAfee = Artemis!8455814F8E9B F-Secure = Gen:Variant.Vundo.4 VIPRE = Virtumonde Avast5 = Win32:Vundo-JW [Trj] AVG = Generic23.AQOZ Norman = W32/Suspicious_Gen2.NHCOT Symantec = Trojan.Gen GData = Gen:Variant.Vundo.4 TheHacker = Trojan/Kryptik.owy BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.OWY
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:13 09:32:51-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 32768 Initialized Data Size : 106496 Uninitialized Data Size : 0 Entry Point : 0x8a87 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Softpub Forwarder DLL File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : Softpub Forwarder DLL Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : Softpub Forwarder DLL Product Name : Microsoft® Windows® Operating System Product Version : 6.1.7600.16385
VirusTotal Report submitted 2011-07-07 23:48:22
VirusShare info last updated 2012-07-25 06:37:50

	MD5	846ba9a69ee998b3a6bd976f1a4cf916
	SHA1	c21deba1818c2f2f575bf9820388f50b1621a641
	SHA256	1f75bc0a892406b8c9706dbedee52c44ba277e027a81ffafcfb471e6717ada1a
SSDeep	1536:iLIkJGUehWXM7npOSiFeUaRx+Mbkmu4lJR5EZvfgqN+aKZlfoaRy:nkZEREheU6x+MG4lJR5ongoK3oaR
Size	94208 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.A.598 Avast = Win32:MalOb-EI Ikarus = Trojan.Win32.Pirminay Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_GEN.R72C2F8 Comodo = UnclassifiedMalware McAfee-GW-Edition = Artemis!846BA9A69EE9 TrendMicro = TROJ_GEN.R72C2F8 Microsoft = Trojan:Win32/Vundo PCTools = Trojan.Gen McAfee = Artemis!846BA9A69EE9 F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-EI eSafe = Win32.TRVundo.A AVG = Generic22.BENC Norman = W32/Suspicious_Gen2.MXQUM Symantec = Trojan.Gen.2 GData = Gen:Variant.Vundo.4 BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.NDS
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:02:07 15:18:14-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 61440 Initialized Data Size : 61440 Uninitialized Data Size : 0 Entry Point : 0xbfca OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Ynoczioar Emwjijpkagl File Description : Ptucvkhav® Help Proxy File Version : 6.0.6000.16386 (zlfip_rtm.061101-2205) Internal Name : helppaneproxy.dll Legal Copyright : © Dbpoqqbff Miunufnwuua. All rights reserved. Original Filename : helppaneproxy.dll Product Name : Xuydkclcw® Cmjcqvn® Fjzsfvtsg Wpcjgb Product Version : 6.0.6000.16386
VirusTotal Report submitted 2011-06-22 07:08:25
VirusShare info last updated 2012-07-25 06:37:54

	MD5	858127df48e3e6895937b4c203a37b5f
	SHA1	5c8d425f4dba1bf0c68d8cfd5ed40256dddd7095
	SHA256	94387cd4a9af0fd33c33e57864ca5bd7d9c4ac18b00ff6240cb5c49bdc732373
SSDeep	6144:DO3QZWSbGSoaj7lWgvYx8w4LgSipqqebJBBDP6pXLGsJTXB+HhZ:qgZWSGSoaAHxf4LgScpYfQXPP+Z
Size	401877 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Spy.ZBot.34.40 Avast = Win32:Kryptik-CLM [Trj] Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay Panda = Trj/CI.A Rising = Trojan.Win32.Generic.128D1155 nProtect = Trojan/W32.Pirminay.401877 K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_GEN.R21C2F4 Comodo = TrojWare.Win32.Trojan.Agent.Gen Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Pirminay.hnz McAfee-GW-Edition = Artemis!858127DF48E3 DrWeb = Trojan.DownLoader4.45482 TrendMicro = TROJ_GEN.R21C2F4 Kaspersky = Trojan.Win32.Pirminay.hnz Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Pirminay.HNZ!tr PCTools = Trojan.ADH McAfee = Artemis!858127DF48E3 F-Secure = Gen:Variant.Zbot.34 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Kryptik-CLM [Trj] AVG = Generic22.ASQB Norman = W32/Obfuscated.L Sophos = Mal/Generic-L Symantec = Trojan.ADH GData = Gen:Variant.Zbot.34 TheHacker = Trojan/Pirminay.hnz BitDefender = Gen:Variant.Zbot.34 NOD32 = probably a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:13 01:25:12-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 49152 Initialized Data Size : 675840 Uninitialized Data Size : 0 Entry Point : 0x93f6 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1.0.3705.6018 Product Version Number : 1.0.3705.6018 File Flags Mask : 0x003f File Flags : Special build File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Windows, Latin1 Platform : Eqsxgux 95 and Npsavsr NT (I386) Company Name : Juwcbksbd Jpzxbpqprys File Description : Elzpmvjln .NET Security module File Version : 1.0.3705.6018 Internal Name : mscorsec.DLL Legal Copyright : Copyright © Yvevpmrsg Ydtlygrubbl 1998-2001. All rights reserved. Legal Trademarks : Rfrvjvzrr® is a registered trademark of Izdcqftfb Twfhgfmjcoc. Lvbclrt(TM) is a trademark of Kmxjahgsr Rmvpfppxwcc Original Filename : mscorsec.dll Product Name : Fjaikogvv .NET Framework Product Version : 1.0.3705.6018 Comments : Dgurbvsrc .NET Security module
VirusTotal Report submitted 2011-08-27 10:44:16
VirusShare info last updated 2012-07-25 06:38:57

	MD5	85add3553b85b1c8f18708a19c715e73
	SHA1	8eabe75d9e6cc4da7ae3c08ea8d86f182397af78
	SHA256	607984c138031769c5dd7d02020d7b4f7bc369ec835b4e6bc398e0575f096e8e
SSDeep	3072:0GjwBLsTUm/avwB6Iy5SCUtqjofETpWT9JlTinCXc3ACO:j2sTUBvwB74UtqsfkpWT9/inCXcQC
Size	119296 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.aba.1 Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/Win32.Monder.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Trj/Genetic.gen nProtect = Trojan/W32.Monder.119296 K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_GEN.R1BC2FQ Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Artemis!85ADD3553B85 DrWeb = Trojan.Virtumod.9910 TrendMicro = TROJ_GEN.R1BC2FQ Kaspersky = Trojan.Win32.Monder.drjy Microsoft = Trojan:Win32/Vundo Fortinet = W32/Monder.DRJY!tr PCTools = Trojan.Gen Jiangmin = Trojan/Monder.aanz McAfee = Artemis!85ADD3553B85 F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-EI [Cryp] F-Prot = W32/Virtumonde.CD.gen!Eldorado AVG = Generic21.BLNB Sophos = Mal/Generic-L Symantec = Trojan.Gen GData = Gen:Variant.Vundo.13 Commtouch = W32/Virtumonde.CD.gen!Eldorado TheHacker = Trojan/Kryptik.lxf BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2005:04:14 22:44:38-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 65536 Initialized Data Size : 98304 Uninitialized Data Size : 0 Entry Point : 0xcf39 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Hvbvnkbmo Imcpacdlicy File Description : IAS Pipeline File Version : 5.1.2600.0 (rwwdvpwo.010817-1148) Internal Name : IASPOLCY.DLL Legal Copyright : © Miluracvn Fpyproycska. All rights reserved. Original Filename : IASPOLCY.DLL Product Name : Ppqvspivk® Qpiulya® Epfsbzvsb Abjzsx Product Version : 5.1.2600.0
VirusTotal Report submitted 2011-07-09 04:21:21
VirusShare info last updated 2012-07-25 06:39:11

	MD5	87b346a1a506ace70aaf01e12805fe36
	SHA1	44836078ff6a6d06cf7c7b7f8f7f171cbf0e9d03
	SHA256	5351072d5cd1949f4a5d56fc5bf1b5ccf8607fb90919c9e13a37ef6751b8c165
SSDeep	6144:DRNIHCgaZAxxiQKmYIN53cjIPqzB02DnPFBspq5ZWOZ78eMppn1gLvkGc3pTtxuI:DRNRgakxLKmYIAIqzB02Xg0ZWK8fgLvk
Size	365042 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Pirminay.hfj.1 Avast = Win32:Pirminay-W [Trj] Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Pirminay.365042 Panda = Trj/CI.A nProtect = Trojan/W32.Pirminay.365042 K7AntiVirus = Trojan VirusBuster = Trojan.Agent!u3/P2DXySRc TrendMicro-HouseCall = TROJ_GEN.R21C2F4 Emsisoft = Trojan.Win32.Pirminay!IK Comodo = TrojWare.Win32.Trojan.Agent.Gen CAT-QuickHeal = Trojan.Pirminay.hph McAfee-GW-Edition = Downloader.a!ck TrendMicro = TROJ_GEN.R21C2F4 Kaspersky = Trojan.Win32.Pirminay.hph Microsoft = TrojanDownloader:Win32/Ponmocup.A ViRobot = Trojan.Win32.Generic.365028 PCTools = Trojan.Gen McAfee = Downloader.a!ck F-Secure = Trojan.Generic.KDV.223150 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Pirminay-W [Trj] AVG = Generic22.ATCZ Norman = W32/Suspicious_Gen2.MPNKC Sophos = Mal/Ponmocup-A Symantec = Trojan.Gen GData = Trojan.Generic.KDV.223150 TheHacker = Trojan/Pirminay.hfj BitDefender = Trojan.Generic.KDV.223150 NOD32 = a variant of Win32/Kryptik.LNR
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:22 13:03:23-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 339968 Initialized Data Size : 307200 Uninitialized Data Size : 0 Entry Point : 0x504e6 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.2180 Product Version Number : 5.1.2600.2180 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Unicode Company Name : Gnfivrjgy Bpuwpckefsk File Description : Control Method Battery Driver File Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Internal Name : cmbatt.sys Legal Copyright : © Gszlxylwj Jcavetxiddb. All rights reserved. Original Filename : cmbatt.sys Product Name : Zehsvgyfp® Dsnxavt® Ncsbwixgd Salneo Product Version : 5.1.2600.2180
VirusTotal Report submitted 2011-08-16 15:34:34
VirusShare info last updated 2012-07-25 06:41:32

	MD5	88e80a1bfc95d1bcc57800e59118aaef
	SHA1	035423facdd8d54362c59bf641f86ea180246eec
	SHA256	89023bcbbe04aa6bb7b312f412f975c532c5c17379a91c3213c2f4692de6debe
SSDeep	3072:qK8A8Me7T/nNMBG3SVORTN1hCXn1wMwHyaXnTcRJGzKwc2a3xt7IPRZZmOYx:qKmMe7BMNVfwMwpzxwPIs
Size	150016 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:MalOb-GD Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Gen Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.13 K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_GEN.R72C2FM Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Agent.Gen SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Vundo!iz TrendMicro = TROJ_GEN.R72C2FM Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo PCTools = Trojan.Gen Jiangmin = Trojan/Generic.gdwr McAfee = Vundo!iz F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-GD AVG = Generic22.BEGN Norman = W32/Suspicious_Gen2.MYMGD Symantec = Trojan.Gen GData = Gen:Variant.Vundo.13 TheHacker = Trojan/Kryptik.ndf BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.NDF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2007:02:25 23:57:15-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 139264 Initialized Data Size : 53248 Uninitialized Data Size : 0 Entry Point : 0x22691 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Sqdxuwjyv Jtzvdxwxyfz File Description : RD Gateway QEC File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : tsgqec.dll Legal Copyright : © Pfsomcmvl Jfkoqfylawb. All rights reserved. Original Filename : tsgqec.dll Product Name : Qidllkosj® Windows® Mphwnomth Jumiqu Product Version : 6.1.7600.16385
VirusTotal Report submitted 2011-06-26 01:22:36
VirusShare info last updated 2012-07-25 06:43:06

	MD5	8d9dd3ce0ababce4d35bc8ad59f6fe09
	SHA1	dc1596877f33d964e173e395f11dc778d240f40e
	SHA256	535022eedcae9515d07b4242b9cafd875497df973015b419e5e79a3131258416
SSDeep	3072:ol7Vt2ChrKgCWf3Ytf3HVsMBCxn5R8ZEXz:QUErssY1VLBCp5cE
Size	102400 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.102400.AV Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/Win32.Monder.gen Ikarus = Trojan.Win32.Pirminay Panda = Trj/CI.A Rising = Trojan.Win32.Generic.12477A1D nProtect = Trojan/W32.Agent.102400.AGU K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_GEN.R4FC2DQ Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Heuristic.BehavesLike.Win32.Suspicious.H DrWeb = Trojan.Virtumod.10344 TrendMicro = TROJ_GEN.R4FC2DQ Kaspersky = Trojan.Win32.Monder.mycd Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen McAfee = Vundo!ht F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.BZ.gen!Eldorado AVG = Generic25.AKQV Symantec = Trojan.Gen GData = Gen:Variant.Vundo.4 Commtouch = W32/Virtumonde.BZ.gen!Eldorado BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.GND
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:04:08 08:39:21-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 51200 Initialized Data Size : 86528 Uninitialized Data Size : 0 Entry Point : 0xd651 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 3.2.0.27 Product Version Number : 3.2.0.27 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : File Description : TSHOOT Module File Version : 3.2.0.27 Internal Name : TSHOOT Legal Copyright : Copyright 2000 Legal Trademarks : OLE Self Register : Original Filename : TSHOOT.DLL Private Build : Product Name : TSHOOT Module Product Version : 3.2.0.27 Special Build :
VirusTotal Report submitted 2011-11-05 15:52:18
VirusShare info last updated 2012-07-25 06:48:24

	MD5	8dafdb437e6dfd30a991beb5584f8af2
	SHA1	274dc448cba5ed04ece69e1f7858d17ca90942af
	SHA256	55281d8188c086f74f7d510cc42a3a30a72ff8e71832b1b5bee30a472345ee1c
SSDeep	6144:ZipJJfApnditg26l+DncQ4UTqWH2yJRMpghCPdV41bhfkp/gdiphgzjbQv:ZirondKUbly70p/uizgjMv
Size	385469 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:Kryptik-CEE [Trj] Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Pirminay.385469 Panda = Trj/CI.A nProtect = Trojan/W32.Pirminay.385469 K7AntiVirus = Trojan VirusBuster = Trojan.Agent!8Rexo9O+rHQ VBA32 = Trojan.Pirminay.ghu TrendMicro-HouseCall = TROJ_GEN.R21C1F3 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Pirminay.gqy SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[RE] McAfee-GW-Edition = Heuristic.BehavesLike.Win32.Suspicious.H TrendMicro = TROJ_GEN.R21C1F3 Kaspersky = Trojan.Win32.Pirminay.gqy Microsoft = TrojanDownloader:Win32/Ponmocup.A PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.wy McAfee = Generic Downloader.x!fym F-Secure = Trojan.Generic.KDV.210238 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Vundo-JU [Trj] AVG = SHeur3.BYDE Norman = W32/Suspicious_Gen2.MQBNC Sophos = Mal/Generic-L Symantec = Trojan.Gen GData = Trojan.Generic.KDV.210238 TheHacker = Trojan/Pirminay.ghu BitDefender = Trojan.Generic.KDV.210238 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:22 02:14:49-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 45056 Initialized Data Size : 655360 Uninitialized Data Size : 0 Entry Point : 0x7d9b OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2001.12.6930.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Fnxlkwcsa Osfmalkiqyr File Description : COM+ File Version : 2001.12.6930.16386 (flrcv_rtm.061101-2205) Internal Name : MIGREGDB.EXE Legal Copyright : © Rlvmbuxdd Ughwhixuplp. All rights reserved. Original Filename : MIGREGDB.EXE Product Name : Bxxoldwzl® Windows® Dclyoetek Ewfgso Product Version : 6.0.6000.16386
VirusTotal Report submitted 2011-07-30 02:08:12
VirusShare info last updated 2012-07-25 06:48:29

	MD5	8e0b1f999234affaa0de949b94abf8ff
	SHA1	50bb9fd7fb735f57754642ea9a3b99088fd2e9eb
	SHA256	c844ec197d456038730574a5e317c68b5e7f5166c4f7733dd788d1deb124dcbe
SSDeep	1536:vvJHqX9PfTJvT2frnL2Smwr97hANn9iK7ry:vvMXdTFYbLrmwpd0iK7r
Size	90112 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-GD Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Gen Panda = Trj/Vundo.R nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!ZJ0L0fO4XTE TrendMicro-HouseCall = TROJ_GEN.R72C2F8 Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Agent.ni SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Artemis!8E0B1F999234 TrendMicro = TROJ_GEN.R72C2F8 Microsoft = Trojan:Win32/Vundo PCTools = Trojan.Gen McAfee = Artemis!8E0B1F999234 F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-GD eSafe = Win32.TRVundo AVG = Generic22.BEER Norman = W32/Suspicious_Gen2.MXVAH Symantec = Trojan.Gen GData = Gen:Variant.Vundo.4 BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.NDF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:08:14 08:15:24-04:00 PE Type : PE32 Linker Version : 6.0 Code Size : 20480 Initialized Data Size : 98304 Uninitialized Data Size : 0 Entry Point : 0x5bfb OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.0.2195.6601 Product Version Number : 5.0.2195.6601 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Jspwzveyb Yasoetpkouo File Description : Multiple Provider File Version : 5.00.2195.6601 Internal Name : MPRUI.DLL Legal Copyright : Copyright (C) Yxnptcyks Corp. 1981-1999 Original Filename : MPRUI.DLL Product Name : Klvouuiuc(R) Sgwcncl (R) 2000 Keknxycai Tbhtyu Product Version : 5.00.2195.6601
VirusTotal Report submitted 2011-06-23 11:08:18
VirusShare info last updated 2012-07-25 06:48:51

	MD5	909f45859e083b67c5802da0a1a08cf8
	SHA1	1dbfc5fda75b1d4a466ed2fad8eda37e9010bd38
	SHA256	77f24478878219faac4b11ee87ddbca63377dbab18403e64bd31241d8e939ca9
SSDeep	6144:WmYpqyWsFU90vrvC/rorym+Q/PsbakYyt9cWlh7wZytqSxdQZKjuhDoSf:WHTq0elr74CQsjkoSf
Size	698730 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.ULPM.Gen Avast = Win32:Trojan-gen Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Gen.Variant.Vundo AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/CI.A Rising = Trojan.Win32.Generic.128CCD8E nProtect = Trojan/W32.Agent.698730 K7AntiVirus = Trojan VirusBuster = Trojan.Pirminay!wdm4SN2MqhM VBA32 = Trojan.Pirminay.enc TrendMicro-HouseCall = TROJ_GEN.R1BC2H7 Comodo = Packed.Win32.MUPX.Gen Emsisoft = Gen.Variant.Vundo!IK McAfee-GW-Edition = Heuristic.BehavesLike.Win32.ModifiedUPX.J!81 DrWeb = Trojan.DownLoader4.39455 TrendMicro = TROJ_GEN.R1BC2H7 Kaspersky = Trojan.Win32.Pirminay.enc Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Pirminay.ENC!tr Jiangmin = Trojan/Pirminay.pp McAfee = Suspect-BA!909F45859E08 F-Secure = Trojan.Generic.KDV.168873 VIPRE = Trojan.Win32.Generic.pak!cobra Avast5 = Win32:Vundo-JU [Trj] AVG = Generic21.BPPC Norman = W32/Obfuscated.L Sophos = Mal/Generic-L GData = Trojan.Generic.KDV.168873 Symantec = Trojan.Gen TheHacker = Trojan/Pirminay.enc BitDefender = Trojan.Generic.KDV.168873 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:13 05:08:05-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 249856 Initialized Data Size : 4096 Uninitialized Data Size : 446464 Entry Point : 0x5372 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2011-09-03 01:08:36
VirusShare info last updated 2012-07-25 06:51:44

	MD5	90b56269f34c41ce10707a787237ef30
	SHA1	2a72c275f7d00029d1c555e1c1ebe3564bc2b04e
	SHA256	8951be7c08f42538d3b980698a87779de03742aac73338746e17d8077b03f1e0
SSDeep	1536:z4sR2YdmGFsM9sh2SiYCTFuboBLQ3F71CnCRJZuZMqqU+NV23S2d:csOGFsNoSiYSubo78kZMqqDLy/d
Size	86528 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:Vundo-JW [Trj] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Fakeav.86528.R Panda = Suspicious file nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!nE0SVFDOY0o TrendMicro-HouseCall = TROJ_GEN.R72C2G6 Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware DrWeb = Trojan.WinSpy.1072 TrendMicro = TROJ_GEN.R72C2G6 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Jiangmin = Trojan/Generic.gije F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Vundo-JW [Trj] F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.EBO GData = Gen:Variant.Vundo.4 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.owy BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.OWY
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:13 09:32:51-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 32768 Initialized Data Size : 106496 Uninitialized Data Size : 0 Entry Point : 0x8a87 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Softpub Forwarder DLL File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : Softpub Forwarder DLL Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : Softpub Forwarder DLL Product Name : Microsoft® Windows® Operating System Product Version : 6.1.7600.16385
VirusTotal Report submitted 2011-07-23 04:19:12
VirusShare info last updated 2012-07-25 06:51:48

	MD5	925e3556b8b059f3619af685b4817fce
	SHA1	223a5ad1a6afb4e355007d2e3364c3ec796642af
	SHA256	975530f388db14d5f58d3ebeb95b83dc6fc32c326df38f66f6df2c6ae92eb9c6
SSDeep	3072:S+oc6rU50oY8AC1VjPcXmzNDFVidFzJMqqDLy/0oDbc:dek570mzNDoFzCqqDLu0
Size	131072 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:Vundo-JX [Trj] Antiy-AVL = Trojan/win32.agent.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/Genetic.gen nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware VirusBuster = Trojan.Vundo.AKMH eTrust-Vet = Win32/Vundo.HPV!genus TrendMicro-HouseCall = TROJ_GEN.R72C2G4 Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Artemis!925E3556B8B0 TrendMicro = TROJ_GEN.R72C2G4 Microsoft = Trojan:Win32/Vundo.gen!AV PCTools = Trojan.Gen McAfee = Artemis!925E3556B8B0 F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Vundo-JX [Trj] eSafe = Win32.TRVundo AVG = Generic23.XRN Norman = W32/Suspicious_Gen2.MZRCC Symantec = Trojan.Gen GData = Gen:Variant.Vundo.4 BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:05 18:48:40-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 86016 Initialized Data Size : 86016 Uninitialized Data Size : 0 Entry Point : 0x151a7 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.1.4026.0 Product Version Number : 2.0.0.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : Ncpniezam Kdqqjqacykd File Description : Movie Maker Filters File Version : 2, 1, 4026, 0 Internal Name : WMM2FILT Legal Copyright : Copyright (C) Lfwckqjlh Corp, 2004 Legal Trademarks : Original Filename : WMM2FILT.DLL Private Build : Product Name : Windows Movie Maker Product Version : 2.1.4026.0 Special Build :
VirusTotal Report submitted 2011-07-11 03:27:42
VirusShare info last updated 2012-07-25 06:53:41

	MD5	92870f677e62e230679da35d124e4761
	SHA1	52ac9cd840c928e7534d5398e36256a4d1f9096e
	SHA256	802b0110c8ac5a2223e650038ca25f9ff3ce7183fa8f4462f572e238d140bc0b
SSDeep	6144:XMFw/IpaoDLHkKiBMQlpSSFIpsyETi6/Tix9ib2/KqCsSzHm7Ityrl:XMF2IpBgKwMQb/IpL8biayM5il
Size	348124 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dldr.Ponmocup.A.252 Avast = Win32:Kryptik-CFU [Trj] Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Pirminay.348124 Panda = Trj/CI.A nProtect = Trojan/W32.Pirminay.348124 K7AntiVirus = Riskware VirusBuster = Trojan.Agent!BtFsdyFYThI TrendMicro-HouseCall = TROJ_GEN.R21C1FK Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Pirminay.hcx SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[RE] McAfee-GW-Edition = Generic Downloader.x!fys DrWeb = Trojan.Hosts.303 TrendMicro = TROJ_GEN.R21C1FK Kaspersky = Trojan.Win32.Pirminay.hcx Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = PossibleThreat PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.acu McAfee = Generic Downloader.x!fys F-Secure = Trojan.Generic.KDV.213055 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Vundo-JU [Trj] F-Prot = W32/Ponmocup.A.gen!Eldorado AVG = Dropper.Generic3.BNZP Norman = W32/Suspicious_Gen2.MPHMI Sophos = Mal/Ponmocup-A GData = Trojan.Generic.KDV.213055 Symantec = Trojan.Gen Commtouch = W32/Ponmocup.A.gen!Eldorado TheHacker = Trojan/Pirminay.gkh BitDefender = Trojan.Generic.KDV.213055 NOD32 = a variant of Win32/Injector.FXK
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:08:30 11:51:07-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 323584 Initialized Data Size : 323584 Uninitialized Data Size : 0 Entry Point : 0x4c4f3 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Gankeyeeu Fosmhkswffh File Description : Common halftone Color Adjustment Dialogs File Version : 5.1.2600.0 (htumrqub.010817-1148) Internal Name : HTUI.DLL Legal Copyright : © Echziapzn Nbpzrpgraxw. All rights reserved. Original Filename : HTUI.DLL Product Name : Nuhvhmxxm® Znkrbdl® Wnkncwsql Jkaunp Product Version : 5.1.2600.0
VirusTotal Report submitted 2011-08-27 07:59:51
VirusShare info last updated 2012-07-25 06:53:48

	MD5	93f5f2b8af9f596ab7c9af09dc724f64
	SHA1	65ef65e243c56f4192865110100453d0437ecc68
	SHA256	88306048d42161c9bca16d565b7016b9f963b25a5f67ba76efb2a86678cc1aad
SSDeep	6144:7hSwKxoPDfHyaU9lwPaRRsAYtVEaKNdYNRyCjBfb3vEJGqAc5cKvGWkfQPordGIo:lSwycyh9ujnPPfbgFx5cIvklrduac62
Size	463241 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.XPACK.Gen Avast = Win32:Pirminay-BW [Trj] Ikarus = Trojan.Win32.Pirminay Panda = Trj/CI.A TrendMicro-HouseCall = TROJ_GEN.R4FC8JH Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.MulDrop2.36782 TrendMicro = TROJ_GEN.R4FC8JH Kaspersky = Trojan.Win32.Pirminay.ows Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.kqja McAfee = Generic Malware.ms F-Secure = Trojan.Generic.6739130 Norman = W32/Kryptik.AIF Sophos = Mal/Generic-L GData = Trojan.Generic.6739130 Symantec = Trojan.Gen BitDefender = Trojan.Generic.6739130 NOD32 = a variant of Win32/Kryptik.SBG
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:02:28 07:59:00-05:00 PE Type : PE32 Linker Version : 6.0 Code Size : 462848 Initialized Data Size : 4096 Uninitialized Data Size : 581632 Entry Point : 0xff370 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6001.18000 Product Version Number : 6.0.6001.18000 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Unicode Company Name : Wophzojzm Pjffimmglip File Description : NT Lan Manager Datagram Receiver Driver File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840) Internal Name : browser.sys Legal Copyright : © Qcebekfdk Orprwdcxbyc. All rights reserved. Original Filename : browser.sys Product Name : Bbckrxonz® Afjkwow® Ogaoiftyg Vcemnp Product Version : 6.0.6001.18000
VirusTotal Report submitted 2011-10-28 16:45:55
VirusShare info last updated 2012-07-25 06:55:26

	MD5	9531cf8fb19165c2f4deded08fc650ca
	SHA1	97a1957bdca08ce8c8d1e687d14c9ea4eb2da160
	SHA256	d086f7ed1f4f0776067b5e9d7af8b36b0445b358befc63e5d1bd6166ac906d45
SSDeep	3072:qh8A8Me7T/nUgzTaQSVORTN1hCXn1wMwHyaXnTcRJGlWw/0p+xtbIPRZZaiA:qhmMe74gzwVfwMwplV++Ic
Size	150016 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:MalOb-GD Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Gen Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.13 K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_GEN.R72C2F8 Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Agent.Gen SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Vundo!iz TrendMicro = TROJ_GEN.R72C2F8 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo PCTools = Trojan.Gen Jiangmin = Trojan/Generic.gdwr McAfee = Vundo!iz F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-GD AVG = Generic22.BEMN Norman = W32/Suspicious_Gen2.MYNGK Symantec = Trojan.Gen GData = Gen:Variant.Vundo.13 TheHacker = Trojan/Kryptik.ndf BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.NDF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2007:02:25 23:57:15-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 139264 Initialized Data Size : 53248 Uninitialized Data Size : 0 Entry Point : 0x22691 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Sqdxuwjyv Jtzvdxwxyfz File Description : RD Gateway QEC File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : tsgqec.dll Legal Copyright : © Pfsomcmvl Jfkoqfylawb. All rights reserved. Original Filename : tsgqec.dll Product Name : Qidllkosj® Windows® Mphwnomth Jumiqu Product Version : 6.1.7600.16385
VirusTotal Report submitted 2011-06-25 21:59:11
VirusShare info last updated 2012-07-25 06:56:48

	MD5	95c45c62dca379a9579cadcd84e90502
	SHA1	36925ed8dcc14ca653362261276429d5cb29dc04
	SHA256	7b07fad38358dd6b66a874fb5ebf1b2b33148874a80c4c1fd17b3f8984f7a87c
SSDeep	1536:idEN6w2uIR+EoPMqqU+NV23S2n8VkFS+FcHmCnzuaUkYUhnQFOo0UT6PpDiD:idEcTndoPMqqDLy/QVzLSkYHFO5Bi
Size	102400 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.AV.573 Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Gen Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.16 VirusBuster = Trojan.Kryptik!7DzQd3FmLl0 TrendMicro-HouseCall = TROJ_GEN.R1BC2FI Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Vundo!ke DrWeb = Trojan.WinSpy.238 TrendMicro = TROJ_GEN.R1BC2FI Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen McAfee = Vundo!ke F-Secure = Trojan.Generic.KDV.281671 VIPRE = Virtumonde AVG = Generic23.NJ Norman = Vundo.UUS Sophos = Troj/Virtum-Gen GData = Trojan.Generic.KDV.281671 Symantec = Trojan.Gen TheHacker = Trojan/Kryptik.oxp BitDefender = Trojan.Generic.KDV.281671 NOD32 = a variant of Win32/Kryptik.OXP
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:01:23 05:31:25-05:00 PE Type : PE32 Linker Version : 5.12 Code Size : 28672 Initialized Data Size : 118784 Uninitialized Data Size : 0 Entry Point : 0x3b6a OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 7.0.0.0 Product Version Number : 5.2.3790.1230 File Flags Mask : 0x003f File Flags : Private build File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Unicode Company Name : Adaptec, Inc. File Description : Adaptec Jfccjbr Ultra320 Driver File Version : 7.0.000.000 (NT.040809-2325) Internal Name : PH 3.0 MS_V98 V564 bw01 - RTC03 Legal Copyright : Copyright © 2003 Adaptec, Inc. All rights reserved. Original Filename : adpu320.sys Product Name : Adaptec Uvsvqsj Ultra320 Family Driver Product Version : 5.2.3790.1230
VirusTotal Report submitted 2011-10-21 13:56:41
VirusShare info last updated 2012-07-25 06:57:24

	MD5	95f9f22112b2720e1be00894268c299b
	SHA1	c7c37769d829cf7d89277db22a34a1c4cd11adc5
	SHA256	97728c527b51ac1b7141fd01ca12e535ef61198b45c537f4904803462af7afa0
SSDeep	1536:WSpNxV+OWxmHK/+S4NFEOqcOFb+DE4EQ:WKwx4KP4NFEOqtQ
Size	52224 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Suspicious file nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Trojan VBA32 = AdWare.SuperJuan.heur eTrust-Vet = Win32/Monder.A!generic TrendMicro-HouseCall = TROJ_GEN.R4FC1F3 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Monder.miyt McAfee-GW-Edition = Generic.dx!zoz DrWeb = Trojan.Virtumod.9769 Kaspersky = Trojan.Win32.Monder.miyt Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Monder.gqx McAfee = Generic.dx!zoz F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CI.gen!Eldorado AVG = Generic23.ADFH Norman = W32/Suspicious_Gen2.MOKOK Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen.2 Commtouch = W32/Virtumonde.CI.gen!Eldorado TheHacker = Trojan/DownloaderMonder.miyt BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LFR
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:31 05:48:34-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 12288 Initialized Data Size : 86016 Uninitialized Data Size : 0 Entry Point : 0x357e OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 7.5.7000.0 Product Version Number : 7.5.7000.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Microsoft Windows BITS Managed Library File Version : 7.5.7000.0 (winmain_win7beta.081212-1400) Internal Name : Microsoft.Windows.BackgroundIntelligentTransfer.dll Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : Microsoft.Windows.BackgroundIntelligentTransfer.dll Product Name : Microsoft® Windows® Operating System Product Version : 7.5.7000.0
VirusTotal Report submitted 2011-10-20 17:04:18
VirusShare info last updated 2012-07-25 06:57:37

	MD5	9638ed74bb5b25f79f74f0d31bb0ae91
	SHA1	4b4fc4c89bb53b694637f4cfee555a78bc88a069
	SHA256	a00f6c82dbd42a618d064c2162c9bd2029c2cad249a6dae2c9707ba66bd5305c
SSDeep	3072:qT8A8Me7T/ncIwdd8SVORTN1hCXn1wMwHyaXnTcRJGOg+wTLtQxt7IPRZZ9fx:qTmMe7gIsVfwMwpOg91IIX
Size	150016 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:MalOb-GD Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Gen Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.13 K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_GEN.R72C2F8 Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Agent.Gen SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Artemis!9638ED74BB5B TrendMicro = TROJ_GEN.R72C2F8 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo PCTools = Trojan.Gen Jiangmin = Trojan/Generic.gdwr McAfee = Vundo!iy F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-GD AVG = Generic22.BDTE Norman = W32/Suspicious_Gen2.MYMMN Symantec = Trojan.Gen GData = Gen:Variant.Vundo.13 TheHacker = Trojan/Kryptik.ndf BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.NDF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2007:02:25 23:57:15-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 139264 Initialized Data Size : 53248 Uninitialized Data Size : 0 Entry Point : 0x22691 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Sqdxuwjyv Jtzvdxwxyfz File Description : RD Gateway QEC File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : tsgqec.dll Legal Copyright : © Pfsomcmvl Jfkoqfylawb. All rights reserved. Original Filename : tsgqec.dll Product Name : Qidllkosj® Windows® Mphwnomth Jumiqu Product Version : 6.1.7600.16385
VirusTotal Report submitted 2011-06-25 14:03:14
VirusShare info last updated 2012-07-25 06:57:49

	MD5	9777d169c0fb7f6cc4f95236f4aaa973
	SHA1	de340569a831c7a6d2ecd1dff0ca152dfc3376cf
	SHA256	5573dd32f5413a894e3ddeeb8721301ee36c9c753fdef3c722aed2a2c621c2f6
SSDeep	3072:Hsb1IVLs05WNzmn+O2OEXR/KXBGfK/e08uhxXGqCSAPD3px:oI20okf8rfKmSb30D3T
Size	115200 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-GD [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Vundo Panda = Trj/Genetic.gen nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!ZjDRpT0hjYw TrendMicro-HouseCall = TROJ_GEN.R72C2FH Comodo = TrojWare.Win32.Kryptik.LLT Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Artemis!9777D169C0FB TrendMicro = TROJ_GEN.R72C2FH Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo PCTools = Trojan.Gen McAfee = Artemis!9777D169C0FB F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-GD [Cryp] AVG = Generic22.CJJW Norman = W32/Suspicious_Gen2.NITGM Symantec = Trojan.Gen GData = Gen:Variant.Vundo.4 TheHacker = Trojan/Kryptik.llt BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LLT
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:06:11 15:18:07-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 102400 Initialized Data Size : 49152 Uninitialized Data Size : 0 Entry Point : 0x19601 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.0.0.3422 Product Version Number : 2.0.0.3422 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : Rlikrttkj Ibietanazzz File Description : Jugqectay Character Animation Data Provider File Version : 2.00.0.3422 Internal Name : AgentDataProvider2 Legal Copyright : Copyright (C) Bhgtbibxy Corp. 1997-98 Legal Trademarks : Original Filename : AgentDp2.dll Private Build : Product Name : Nrrmupjma Character Animation Data Provider Product Version : 2.00.0.3422 Special Build :
VirusTotal Report submitted 2011-07-09 11:50:14
VirusShare info last updated 2012-07-25 06:59:17

	MD5	983843db8708177a6e3da3536362a5f0
	SHA1	d9b133d858a5e984b3118b702a760e5c4200c4f6
	SHA256	80492da5f56b1e127846f7e31d2157c35e50a47f43c7f520c8d4c004dd2007f5
SSDeep	6144:K9Wo3oBIuIbUf0ktBOKzfXYsMD7+zYBqQ1AD4dYA9:KweprYD2KzXYsQ7+zYt1Y69
Size	295047 bytes
File Type	MS-DOS executable
Detections	Avast = Win32:Trojan-gen Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan-Downloader.Win32.Ponmocup Panda = Trj/CI.A K7AntiVirus = Trojan VBA32 = Trojan.Pirminay.aza Comodo = UnclassifiedMalware McAfee-GW-Edition = Artemis!983843DB8708 ViRobot = Trojan.Win32.Pirminay.326144 Fortinet = W32/Pirminay.AZA!tr PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.fl McAfee = Artemis!983843DB8708 Prevx = High Risk Cloaked Malware Avast5 = Win32:Trojan-gen AVG = FakeAV.FEI Symantec = Trojan.Gen GData = Trojan.Generic.KDV.62138 TheHacker = Trojan/Kryptik.hzv BitDefender = Trojan.Generic.KDV.62138 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	Error : Unknown file type
VirusTotal Report submitted 2011-02-22 15:01:44
VirusShare info last updated 2012-07-25 07:00:02

	MD5	990ac88338bfebb7d5489641059c5468
	SHA1	18fd94c069465b6e93fa479d56935386b21adc5f
	SHA256	a8d2cff55b113d36a88c036ffcf33b41ac52073cf365962ca2285e28fc06749f
SSDeep	6144:b/VJmfC0G9r69IUjJIBb59VOI27P+kgGws62uZukRX4iMyVPzXfVvE5YEdJWqU:b/VJmfC0GkpJIt59VOI2j+/GXduu6X4+
Size	365101 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:Pirminay-W [Trj] Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Pirminay.365101 Panda = Trj/CI.A nProtect = Trojan/W32.Pirminay.365101 K7AntiVirus = Riskware VirusBuster = Trojan.Agent!wWzOKfPZuS4 VBA32 = Trojan.Pirminay.gyb TrendMicro-HouseCall = TROJ_GEN.R21C2F3 Comodo = TrojWare.Win32.Trojan.Agent.Gen Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Heuristic.BehavesLike.Win32.Downloader.H TrendMicro = TROJ_GEN.R21C2F3 Kaspersky = Trojan.Win32.Pirminay.gyb Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Ponmocup.A PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.xg McAfee = Generic Downloader.x!fyt ClamAV = Trojan.Pirminay-1 F-Secure = Trojan.Generic.5867365 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Pirminay-W [Trj] F-Prot = W32/Ponmocup.A.gen!Eldorado AVG = Generic22.AFGV Norman = W32/Suspicious_Gen2.MPFAK Sophos = Mal/Ponmocup-A Symantec = Trojan.Gen GData = Trojan.Generic.5867365 Commtouch = W32/Ponmocup.A.gen!Eldorado TheHacker = Trojan/Pirminay.giu BitDefender = Trojan.Generic.5867365 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:18 11:12:37-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 57344 Initialized Data Size : 593920 Uninitialized Data Size : 0 Entry Point : 0xae8f OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 9.1.1.3841 Product Version Number : 9.1.1.3841 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Ijlmnyuen Caxlrympeju File Description : Kbhqrel Media Services HTTP Control Protocol Plugin Property Page File Version : 9.01.01.3841 (srv03_sp2_rtm.070216-1710) Internal Name : WMSHTTPControlPropPage.Dll Legal Copyright : © Ylqzeicer Peheyysfnid. All rights reserved. Original Filename : WMSHTTPControlPropPage.Dll Product Name : Qehnslxou® Ctogeij Media Services Product Version : 9.01.01.3841
VirusTotal Report submitted 2011-08-16 15:47:07
VirusShare info last updated 2012-07-25 07:00:56

	MD5	999758eb44e1ee1a95556dd28027a394
	SHA1	2d3966a435b02ffe5c582bd6e44a89b6c1d2fd97
	SHA256	b58ec5c2107bb19df50c481007256fdd52e18d87a5fb261b9473b5297877810b
SSDeep	3072:FnhCM2lU2ZMhMnoSMqqDLy/+AOcWKCdzJe757HG:XCMkURdqqDLuTOXd9
Size	126976 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-HF [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.16 K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_GEN.R4FC2IL Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Artemis!999758EB44E1 DrWeb = Trojan.WinSpy.1207 TrendMicro = TROJ_GEN.R4FC2IL Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen McAfee = Artemis!999758EB44E1 F-Secure = Gen:Variant.Vundo.16 F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.AOOB Norman = W32/Kryptik.AIF Sophos = Mal/Generic-L Symantec = Trojan.Gen GData = Gen:Variant.Vundo.16 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.oxp BitDefender = Gen:Variant.Vundo.16 NOD32 = a variant of Win32/Kryptik.OXP
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:03:12 03:17:07-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 40960 Initialized Data Size : 126976 Uninitialized Data Size : 0 Entry Point : 0x72b2 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.6914.0 Product Version Number : 6.1.6914.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 1 Language Code : English (U.S.) Character Set : Unicode Company Name : SEIKO EPSON CORPORATION File Description : EPSON Printer Driver File Version : 6.1.6914.0 (fbl_dox_dev_ihvs.081001-2123) Internal Name : ep0lvr1g.dll Legal Copyright : Copyright (c) SEIKO EPSON CORPORATION 2003-2004. All rights reserved. Original Filename : ep0lvr1g.dll Product Name : EPSON Printer Driver Product Version : 6.1.6914.0
VirusTotal Report submitted 2011-10-31 13:00:23
VirusShare info last updated 2012-07-25 07:01:28

	MD5	9998a4d3c94f01f7fcd6c75a28d18006
	SHA1	a5c660bbc381a62ef9649045c21e7ce206abc46b
	SHA256	88316e037ef622c4360150043a2e6f01c538ed2691b18489423d29a9bda99a66
SSDeep	1536:hznYj4dtNJu3G8fNCbfwamFILh01Y3hyNSbY6Y9l/MqqU+NV23S2ZMnew:xn81CbfwSyyJ7Cl/MqqDLy/ZZw
Size	115712 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-HF [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Trj/Genetic.gen nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware VirusBuster = Adware.Virtumonde.Gen.2 eTrust-Vet = Win32/Monder.A!generic TrendMicro-HouseCall = TROJ_GEN.R4FC1IL Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Win32.Trojan.Monder.co.5 SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Generic Malware.j!pec TrendMicro = TROJ_GEN.R4FC1IL Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.ijpf McAfee = Generic Malware.j!pec F-Secure = Gen:Variant.Vundo.4 F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.BHWY Norman = W32/Crypt.AWAT Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.qgj BitDefender = Gen:Variant.Vundo.4 NOD32 = Win32/Adware.Virtumonde.NHD
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:07:28 14:37:02-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 73728 Initialized Data Size : 90112 Uninitialized Data Size : 0 Entry Point : 0xe9c6 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.0.5.53 Product Version Number : 2.0.5.53 File Flags Mask : 0x30003f File Flags : Pre-release, Private build File OS : Windows 16-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Windows, Latin1 Active Movie : Filter dll OLE Self Register : AM20 Company Name : Intel Ereuuuegcnp File Description : Indeo® audio software File Version : 2.05.53 Internal Name : iac25_32.ax Legal Copyright : Copyright © Intel Corp. 1997 Original Filename : iac25_32.ax Product Name : Indeo® audio software Product Version : 2.05.53
VirusTotal Report submitted 2011-10-28 13:06:47
VirusShare info last updated 2012-07-25 07:01:28

	MD5	9a02a24a4ee55f715366a39525f953b4
	SHA1	438823e7bdad4a7bc7ac5de7ca3e3d602c1b1961
	SHA256	56effaf46a880544cf0be5b4e31526de34b2c70317244a2e4fb2cbfe9a661c0c
SSDeep	6144:IZKTCDjPmESoRDswAaOtrGHzBFBb0RBJXsgiGU3nEcN6zgti4aUTG8m7Hj:GKqyTX/1CBFBb0RD1L0n/tNDmH
Size	353408 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.11.16 Avast = Win32:Dropper-gen [Drp] Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Pirminay.353408 Panda = Trj/CI.A nProtect = Trojan/W32.Pirminay.353408 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!/uuunvRnHlc TrendMicro-HouseCall = TROJ_GEN.R21C2F3 Comodo = TrojWare.Win32.Trojan.Agent.Gen Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Heuristic.BehavesLike.Win32.Downloader.H TrendMicro = TROJ_GEN.R21C2F3 Kaspersky = Trojan.Win32.Pirminay.gws Microsoft = TrojanDownloader:Win32/Ponmocup.A PCTools = Trojan.Milicenso Jiangmin = Trojan/Pirminay.xh McAfee = Generic Downloader.x!fys F-Secure = Gen:Variant.Riern.1 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Dropper-gen [Drp] AVG = Generic22.AFVT Norman = W32/Suspicious_Gen2.MPFJA Sophos = Mal/Generic-L Symantec = Trojan.Milicenso GData = Gen:Variant.Riern.1 TheHacker = Trojan/Pirminay.gjb BitDefender = Gen:Variant.Riern.1 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:04:24 15:26:31-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 40960 Initialized Data Size : 614400 Uninitialized Data Size : 0 Entry Point : 0x6ea7 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.6914.0 Product Version Number : 6.1.6914.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 1 Language Code : English (U.S.) Character Set : Unicode Company Name : SEIKO EPSON CORPORATION File Description : EPSON Printer Driver File Version : 6.1.6914.0 (fbl_dox_dev_ihvs.081001-2123) Internal Name : ep0lvr1i.dll Legal Copyright : Copyright (c) SEIKO EPSON CORPORATION 2003-2004. All rights reserved. Original Filename : ep0lvr1i.dll Product Name : EPSON Printer Driver Product Version : 6.1.6914.0
VirusTotal Report submitted 2011-08-04 09:01:47
VirusShare info last updated 2012-07-25 07:01:52

	MD5	9a68120e811e8681ff5bf716a465fcb7
	SHA1	ace9c51554199cdd0a45d8cfb181cc4b01713a50
	SHA256	e7b04cc88e4010b8cd5c570323677f5789ced9fdb46abf1bcdc618a846c98bba
SSDeep	12288:PRPq3pNUk7+2xObwM/XaLGuK4oXKTKHq0Hw:oMF/bwM/XkK4oae6
Size	487976 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	Avast = Win32:Pirminay-W Antiy-AVL = Trojan/win32.agent.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.ADH Panda = Trj/CI.A TrendMicro-HouseCall = TROJ_GEN.R01C2FF Comodo = UnclassifiedMalware McAfee-GW-Edition = Heuristic.BehavesLike.Win32.Suspicious.H TrendMicro = TROJ_GEN.R01C2FF Microsoft = TrojanDownloader:Win32/Ponmocup.A PCTools = Trojan.ADH McAfee = Artemis!9A68120E811E F-Secure = Trojan.Generic.KDV.236720 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Pirminay-W eSafe = Win32.Kryptik.Lxf AVG = SHeur3.CBUH Norman = W32/Obfuscated.L Sophos = Mal/Generic-L Symantec = Trojan.ADH GData = Trojan.Generic.KDV.236720 TheHacker = Trojan/Kryptik.lxf BitDefender = Trojan.Generic.KDV.236720 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:07:31 20:14:36-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 462848 Initialized Data Size : 327680 Uninitialized Data Size : 0 Entry Point : 0x6e16f OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.0.50727.312 Product Version Number : 2.0.50727.312 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Pyskzrqbp Oqpdwhrdwwk File Description : .NET Framework File Version : 2.0.50727.312 (rtmLHS.050727-3100) Internal Name : system.transactions.dll Legal Copyright : © Qjvowuxqf Mxgfkkpsufy. All rights reserved. Original Filename : system.transactions.dll Product Name : Rjrkdblfu® .NET Framework Product Version : 2.0.50727.312 Comments : Flavor=Retail
VirusTotal Report submitted 2011-06-23 18:02:11
VirusShare info last updated 2012-07-25 07:02:18

	MD5	9ae0b1a298e260138c8660e8d0cbe726
	SHA1	5a6f82f5429ab8e812647bbd31dd31d7bd5c03c9
	SHA256	a0c6c0f30f04f3f902a1aa44eaee572dc227e241a6d6e54017581e87a65dd555
SSDeep	6144:o3LN/JyVAvDOXkRfLf8AECeiO7h4qJ5ElWaEqxYtYlnZUI4muZCU:ALNByVAiURfLfV5HMKqJ5El3sGChmuV
Size	327065 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dldr.Ponmocup.A.59 Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Pirminay.gen Panda = Suspicious file nProtect = Trojan.Generic.5543445 VBA32 = SScope.Trojan.Pirminay.chc McAfee-GW-Edition = Downloader-CEW.ag Microsoft = TrojanDownloader:Win32/Renos.KC PCTools = Trojan.Gen McAfee = Downloader-CEW.ag F-Secure = Trojan.Generic.5543445 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Pirminay-H AVG = Downloader.Generic10.CCNZ Sophos = Mal/Ponmocup-A Symantec = Trojan.Gen GData = Trojan.Generic.5543445 BitDefender = Trojan.Generic.5543445 NOD32 = probably a variant of Win32/TrojanDownloader.Agent.JHUVMSL
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:08:19 16:51:54-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 69632 Initialized Data Size : 512000 Uninitialized Data Size : 0 Entry Point : 0x10d70 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7000.0 Product Version Number : 6.1.7000.0 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : Neutral Character Set : Unicode Comments : Tablet and Ink Services and Controls Company Name : Microsoft Corporation File Description : Microsoft Tablet PC API Publisher Policy File Version : 6.1.7000.0 Internal Name : Policy.1.0.Microsoft.Ink.dll Legal Copyright : Copyright (c) Microsoft Corporation. All rights reserved. Original Filename : Policy.1.0.Microsoft.Ink.dll Product Name : Microsoft (R) Windows (R) Operating System Product Version : 6.1.7000.0 Assembly Version : 6.1.0.0
VirusTotal Report submitted 2011-06-21 19:41:53
VirusShare info last updated 2012-07-25 07:02:50

	MD5	9bf8ca9d55ba9d3090902bd41d2a8db8
	SHA1	069e081947b6e5e966a0d60430d96b61850fa6fa
	SHA256	28b54148fd2cdf0fd778be9aa670c6255f1dd6f20337718b2124228c41d00ea9
SSDeep	6144:zF94M0MnugheDYP8wKTVlvK+6nJYg1KTtDQtVZRVfuWD7lhQz7lXmzDz13m:f4T/DaKZlv761KTtD2Z7fh7lhaXmz9W
Size	347298 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Pirminay.bvf Avast = Win32:Trojan-gen Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Suspicious file Rising = Trojan.Win32.Generic.1272F491 nProtect = Gen:Variant.Buzy.1711 K7AntiVirus = Riskware VBA32 = SScope.Trojan.Pirminay.chc TrendMicro-HouseCall = TROJ_GEN.R3EC1AS Comodo = UnclassifiedMalware Emsisoft = Trojan.Pirminay!IK CAT-QuickHeal = TrojanDownloader.Ponmocup.a McAfee-GW-Edition = Heuristic.BehavesLike.Win32.Suspicious.H TrendMicro = TROJ_GEN.R3EC1AS Kaspersky = Trojan.Win32.Pirminay.djf Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = PossibleThreat PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.hw McAfee = Downloader-CEW.ag F-Secure = Trojan.Generic.KDV.113490 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Trojan-gen eSafe = Win32.TRPirminay.Bvf AVG = FakeAV.IGG Norman = W32/Obfuscated.L Sophos = Mal/Generic-L Symantec = Trojan.Gen GData = Trojan.Generic.KDV.113490 TheHacker = Trojan/Downloader.Agent.pxo BitDefender = Trojan.Generic.KDV.113490 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2004:10:30 05:06:34-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 331776 Initialized Data Size : 307200 Uninitialized Data Size : 0 Entry Point : 0x51c5c OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Network object shell UI File Version : 6.0.6000.16386 (vista_rtm.061101-2205) Internal Name : ntlanui2 Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : ntlanui2.dll Product Name : Microsoft® Windows® Operating System Product Version : 6.0.6000.16386
VirusTotal Report submitted 2011-07-10 01:37:07
VirusShare info last updated 2012-07-25 07:04:07

	MD5	9c8d54aad9c1fc060ee9cc615e120ce4
	SHA1	58b497c7f8b822f17066f7d74184ac5f05df19be
	SHA256	3f44c1c8578ee7ee7d4ddc4e4f62fdcbc93cd5d30638e61c8e516e091a2de6d8
SSDeep	3072:u+Yy1qopFi0MKZZeKrwEuhZhwHJValiljMqqDLy/BUK:/Yy1biZKZq9hwgnqqDLuB
Size	166400 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.A.946 Avast = Win32:Kryptik-ELX [Trj] Antiy-AVL = Trojan/Win32.Monder.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Trj/Genetic.gen Rising = Trojan.Win32.Generic.12899D94 nProtect = Trojan/W32.Monder.166400 K7AntiVirus = Riskware VBA32 = Trojan.Monder.drjy eTrust-Vet = Win32/Vundo.HQK TrendMicro-HouseCall = TROJ_GEN.R1BC1HO Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Monder.drjy McAfee-GW-Edition = Vundo!kf DrWeb = Trojan.Smardec.75 TrendMicro = TROJ_GEN.R1BC1HO Kaspersky = Trojan.Win32.Monder.drjy Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen Jiangmin = Trojan/Monder.aapz McAfee = Vundo!kf ClamAV = Trojan.Vundo-35532 F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Generic!BT F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.ANJ Norman = W32/Suspicious_Gen2.QFHEA Sophos = Mal/Generic-L GData = Gen:Variant.Vundo.13 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.oxq BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.OXQ
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:12:07 01:22:53-05:00 PE Type : PE32 Linker Version : 5.12 Code Size : 98304 Initialized Data Size : 118784 Uninitialized Data Size : 0 Entry Point : 0x148ca OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.3790.3959 Product Version Number : 6.0.3790.3959 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Microsoft IIS Common Logging Interface DLL File Version : 6.0.3790.3959 (srv03_sp2_rtm.070216-1710) Internal Name : ISCOMLOG.DLL Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : ISCOMLOG.DLL Product Name : Internet Information Services Product Version : 6.0.3790.3959
VirusTotal Report submitted 2011-10-21 14:44:39
VirusShare info last updated 2012-07-25 07:04:44

	MD5	9d0f724955773986cb9d72d76ea99fff
	SHA1	adbb19ddd4706d430aee1db86d7239e26371e0a7
	SHA256	26557ebb06f3b8b99cc0c67cbd76be7eb899e1285368e374a5154358341cef59
SSDeep	1536:5445LOB6yW+Nm3unr3ATfTFTo/37VszBNq7b9BkpH/rBGjxi81TgjNRK:5ZlOPNNm3u7w5M+3qXqgjkT
Size	110592 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:MalOb-HH [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Gen Panda = Trj/CI.A Rising = Trojan.Win32.Generic.129A61ED nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!LKLRlf3ffjI TrendMicro-HouseCall = TROJ_GEN.R30C2IK Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[RE] McAfee-GW-Edition = Generic Malware.ms TrendMicro = TROJ_GEN.R30C2IK Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.iopt McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) eSafe = Win32.TRATRAPS F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic24.COOA Norman = W32/Kryptik.AIF Sophos = Mal/Generic-L GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen.2 Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.NDF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:06:23 14:57:46-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 90112 Initialized Data Size : 53248 Uninitialized Data Size : 0 Entry Point : 0x16431 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6001.18000 Product Version Number : 6.0.6001.18000 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 6 Language Code : English (U.S.) Character Set : Unicode Company Name : Vynscpnwk Qdpqwzrbrar File Description : Link-Layer Topology Mapper I/O Driver File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840) Internal Name : LLTDIO.SYS Legal Copyright : © Jgldoeybd Pyuktpugexx. All rights reserved. Original Filename : LLTDIO.SYS Product Name : Ddpxfkawy® Kdzjwwd® Qgkpqffwa Chkikl Product Version : 6.0.6001.18000
VirusTotal Report submitted 2011-10-29 07:01:43
VirusShare info last updated 2012-07-25 07:05:22

	MD5	9dc9a59cf39fbb11ad860b86e911c116
	SHA1	ffb3591e5345054704c19ce4720ccdd6e9fd305f
	SHA256	7cf61368b263c3ec03b335597578effc185364bac35b9a9f858c1a58f365baa7
SSDeep	6144:qbr47+qinstMgQgRnyoFz8Nr9XFFxTH+likQojkfiIrqsusJX5NLAk:oFq+sGYyo6RZFF9HcQfluaXLLL
Size	334950 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Pirminay.bjk Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Pirminay.334950 Panda = Trj/Agent.OLO nProtect = Gen:Variant.Buzy.552 K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_AGENT.SPRO Comodo = TrojWare.Win32.Pirminay.biz CAT-QuickHeal = Trojan.Pirminay.biz McAfee-GW-Edition = Kryp.b DrWeb = Trojan.MulDrop1.60277 TrendMicro = TROJ_AGENT.SPRO Kaspersky = Trojan.Win32.Pirminay.biz Microsoft = TrojanDownloader:Win32/Renos.KC Fortinet = PossibleThreat PCTools = Trojan.Milicenso Jiangmin = Trojan/Pirminay.gy McAfee = Kryp.b ClamAV = Trojan.Agent-183368 F-Secure = Backdoor.Generic.550445 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Malware-gen eSafe = Win32.TRPirminay.Bjk F-Prot = W32/FakeAlert.LP.gen!Eldorado AVG = Generic20.BEEO Norman = W32/Obfuscated.L Sophos = Mal/Generic-L Symantec = Trojan.Milicenso GData = Backdoor.Generic.550445 Commtouch = W32/FakeAlert.LP.gen!Eldorado TheHacker = Trojan/Pirminay.bih BitDefender = Backdoor.Generic.550445 NOD32 = a variant of Win32/Kryptik.JIB
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:08:30 13:56:32-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 23040 Initialized Data Size : 603648 Uninitialized Data Size : 0 Entry Point : 0x6552 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.0.0.3422 Product Version Number : 2.0.0.3422 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : Hebrew Character Set : Unicode Comments : Company Name : Microsoft Corporation File Description : Microsoft Agent International Dll File Version : 2.00.0.3422 Internal Name : agt040d Legal Copyright : Copyright (C) Microsoft Corp. 1998 Legal Trademarks : Original Filename : agt040d.dll Private Build : Product Name : Microsoft Agent International Dll Product Version : 2.00.0.3422 Special Build :
VirusTotal Report submitted 2011-06-22 11:12:40
VirusShare info last updated 2012-07-25 07:06:06

	MD5	9ebd7893505b2f1f6630a3df9aae3927
	SHA1	1c928bf138253df7584c60ced748115600c0274f
	SHA256	3646a94a3a847188a78322e5cb69ad7213fc767967250b0484cd94a0f5e24e95
SSDeep	12288:A8SfS+LlAXLGNxxJROWRJzYDOTa0/oqgk:wfS+LlCaxROE9aO
Size	393860 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:Trojan-gen Antiy-AVL = Trojan/Win32.Agent.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Pirminay.393860 Panda = Trj/Swisyn.I nProtect = Trojan-Downloader/W32.Agent.393860 K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_GEN.R21C2F3 Comodo = TrojWare.Win32.Trojan.Agent.Gen Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = TrojanDownloader.Agent.gnkp McAfee-GW-Edition = Heuristic.BehavesLike.Win32.Downloader.H TrendMicro = TROJ_GEN.R21C2F3 Kaspersky = Trojan-Downloader.Win32.Agent.gnkp Microsoft = TrojanDownloader:Win32/Ponmocup.A PCTools = Trojan.Gen Jiangmin = TrojanDownloader.Agent.dndg McAfee = Generic Downloader.x!fys F-Secure = Trojan.Generic.5857800 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Downloader-GXM [Trj] AVG = SHeur3.BXXH Norman = W32/Suspicious_Gen2.MQCSC Sophos = Mal/Generic-L Symantec = Trojan.Gen GData = Trojan.Generic.5857800 TheHacker = Trojan/Downloader.Agent.gloy BitDefender = Trojan.Generic.5857800 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:22 16:23:41-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 61440 Initialized Data Size : 643072 Uninitialized Data Size : 0 Entry Point : 0xc4db OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7000.0 Product Version Number : 6.1.7000.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 2 Language Code : Neutral Character Set : Unicode Company Name : Microsoft Corporation File Description : Bengali Keyboard Layout File Version : 6.1.7000.0 (winmain_win7beta.081212-1400) Internal Name : kbdinben (3.13) Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : kbdinben.dll Product Name : Microsoft® Windows® Operating System Product Version : 6.1.7000.0
VirusTotal Report submitted 2011-08-13 16:50:50
VirusShare info last updated 2012-07-25 07:07:04

	MD5	9f1ee8c43b739c9e6fdac9fea9435203
	SHA1	a5076bc40f8baa3768891941dc586eaa129bed85
	SHA256	22faf834fbc7c4a4b4b4d4729d9ff48626e3e6ef98ef2f39d06e2e87f2e5c9c9
SSDeep	1536:+f81hoMSYowD4wzQMZ3XSfbpz1g98YlpZtal7QYBsPBEYxoMNa:+UoM+wMta3XSfb3MdkPmfxoMNa
Size	102400 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-GD [Cryp] Antiy-AVL = Trojan/Win32.Monder.gen Ikarus = Trojan.Win32.Pirminay Panda = Trj/CI.A nProtect = Trojan/W32.Monder.102400.AP VirusBuster = Trojan.Kryptik!0JPa+yeOvdw Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Faldesc[RE] DrWeb = Trojan.Smardec.81 Kaspersky = Trojan.Win32.Monder.drjy Microsoft = Trojan:Win32/Vundo.gen!AV Jiangmin = Trojan/Monder.aamr F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-GD [Cryp] AVG = Generic22.CCLS GData = Gen:Variant.Vundo.13 TheHacker = Trojan/Kryptik.ndc BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.NDC
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:31 08:33:56-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 36864 Initialized Data Size : 98304 Uninitialized Data Size : 0 Entry Point : 0x69ba OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 4.0.2.5322 Product Version Number : 4.0.2.5322 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Woemdqhqe Fmofvoszgiq File Description : Kzfqkkzsg FrontPage Server Extensions File Version : 4.0.2.5322 Original Filename : RPCTEST.DLL Legal Copyright : Copyright © 1995-1999 Rcvycbopu Gnlqirukhop, All rights reserved. Legal Trademark 1 : Hrfmdfkkk®, Kjcfasn®, and FrontPage® are registered trademarks of Xsrqrzwdw Pkfczysbhke, and WebBot is a trademark of Mrxuzjvif Xmhhvkvybse, in the United States and/or other countries. Product Name : Mdfdcdymy® FrontPage® 2000 Product Version : 4.0.2.5322
VirusTotal Report submitted 2011-07-23 01:38:42
VirusShare info last updated 2012-07-25 07:07:28

	MD5	9f9b65aaafbd0e32a603a0e35bbbe347
	SHA1	6dfa37627bd05392594e7c6755284e1dfcbf22cc
	SHA256	46fb288b3820097147a0bfcc2c22772e4f7ff1e8fe50d5ec7f7e52437bafc9f2
SSDeep	1536:oWJ2C7lGEMUnt7z5mrdWH/YwoUVn8Xta3ns34:ZJ2C7lJMUnRQdBwaM3s3
Size	62976 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Packed/Win32.Generic Panda = Suspicious file nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!xVRHm0B6NZk TrendMicro-HouseCall = TROJ_GEN.R72C2FC Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Artemis!9F9B65AAAFBD TrendMicro = TROJ_GEN.R72C2FC Microsoft = Trojan:Win32/Vundo.gen!AV PCTools = HeurEngine.MaliciousPacker Jiangmin = Trojan/Genome.aamh McAfee = Artemis!9F9B65AAAFBD F-Secure = Gen:Variant.Vundo.4 VIPRE = Virtumonde Avast5 = Win32:Malware-gen F-Prot = W32/Virtumonde.BZ.gen!Eldorado AVG = Generic22.CPES Symantec = Packed.Generic.305 GData = Gen:Variant.Vundo.4 Commtouch = W32/Virtumonde.BZ.gen!Eldorado BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.GND
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:08:23 17:57:28-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 25088 Initialized Data Size : 68608 Uninitialized Data Size : 0 Entry Point : 0x70c3 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Windows SideBySide Ole Automation File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : sxsoa.dll Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : sxsoa.dll Product Name : Microsoft® Windows® Operating System Product Version : 6.1.7600.16385
VirusTotal Report submitted 2011-07-23 03:50:29
VirusShare info last updated 2012-07-25 07:08:06

	MD5	9fa3029641cac110f80f41a707f92f03
	SHA1	a529a1e98790fd298b3849499d64e13f2f633dd7
	SHA256	6edb5b236a08b84abd0638c94aa9f5438718f8bd1cc8d5a8055c9695709218ef
SSDeep	3072:6db1IVLs05WNzmn+O+lEsi7bDKXBGfK/o8uzxXIqC+AsD3/x:4I20okfVrfKOtBLD35
Size	115200 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.XPACK.Gen Avast = Win32:MalOb-GD [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Vundo Panda = Trj/Genetic.gen nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_GEN.R72C7IT Emsisoft = Trojan.Win32.Pirminay!IK Comodo = TrojWare.Win32.Kryptik.LLT SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Vundo!mg TrendMicro = TROJ_GEN.R72C7IT Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.fnxb McAfee = Vundo!mg F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic25.FBI Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen.2 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.llt BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LLT
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:06:11 15:18:07-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 102400 Initialized Data Size : 49152 Uninitialized Data Size : 0 Entry Point : 0x19601 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.0.0.3422 Product Version Number : 2.0.0.3422 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : Rlikrttkj Ibietanazzz File Description : Jugqectay Character Animation Data Provider File Version : 2.00.0.3422 Internal Name : AgentDataProvider2 Legal Copyright : Copyright (C) Bhgtbibxy Corp. 1997-98 Legal Trademarks : Original Filename : AgentDp2.dll Private Build : Product Name : Nrrmupjma Character Animation Data Provider Product Version : 2.00.0.3422 Special Build :
VirusTotal Report submitted 2011-10-03 11:13:36
VirusShare info last updated 2012-07-25 07:08:07

	MD5	a050f2e0b9ed447a855b62d1d9559978
	SHA1	439394a14ef0b6ebbf7691d04fa33d699f8ecbf3
	SHA256	e302a7c3136a6520e31a7833384907f0b6493bbee3c778cdb08d05e6187c6047
SSDeep	6144:+IGqWWcKC+hIp0nCeuQDIRIc6ciNLviND1B3cwwGwfhwOr1+Fwb66OEvkHU:pGS8+h1C7Rv0LviND73/vgwWWwHOEkHU
Size	358476 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dldr.Ponmocup.A.290 Avast = Win32:Downloader-HYX [Trj] Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/CI.A nProtect = Trojan/W32.Pirminay.358476 K7AntiVirus = Riskware VirusBuster = Trojan.Agent!Uv4gB6tHgY4 VBA32 = SScope.Trojan.Pirminay.chc TrendMicro-HouseCall = TROJ_GEN.R72C2FL Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Pirminay.ium SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[RE] McAfee-GW-Edition = Artemis!A050F2E0B9ED DrWeb = Trojan.DownLoader4.6538 TrendMicro = TROJ_GEN.R72C2FL Kaspersky = Trojan.Win32.Pirminay.ium Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Pirminay.IUM!tr PCTools = Trojan.ADH Jiangmin = Trojan/Pirminay.adr McAfee = Artemis!A050F2E0B9ED F-Secure = Gen:Trojan.Heur.RP.vmLfaeODjfii VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Downloader-HYX [Trj] eSafe = Win32.TRDldr.Ponmocu AVG = Generic23.DTJ Norman = W32/Suspicious_Gen2.NISDD Sophos = Mal/Generic-L Symantec = Trojan.ADH GData = Gen:Trojan.Heur.RP.vmLfaeODjfii TheHacker = Trojan/Pirminay.ihb BitDefender = Gen:Trojan.Heur.RP.vmLfaeODjfii NOD32 = probably a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2007:03:01 02:34:56-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 356352 Initialized Data Size : 4096 Uninitialized Data Size : 458752 Entry Point : 0xc7950 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.3959 Product Version Number : 5.2.3790.3959 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 262148 Language Code : English (U.S.) Character Set : Unicode Company Name : Ajkpojekw Uzuihmqmpwc File Description : Terminal Server Connection Configuration Extension for the RDP protocol File Version : 5.2.3790.3959 (srv03_sp2_rtm.070216-1710) Internal Name : RDPCFGEX Legal Copyright : © Sdethfxus Bdmwacpoosa. All rights reserved. Original Filename : RDPCFGEX.DLL Product Name : Hsayolbwf® Mmeejdr® Wbcyivftk Tkqmlq Product Version : 5.2.3790.3959
VirusTotal Report submitted 2011-07-21 09:30:06
VirusShare info last updated 2012-07-25 07:08:48

	MD5	a1e72117bec3d228ee11a0761ac4bb47
	SHA1	8942fce7b2e3afd443a22b38c6a7363f4bf72d88
	SHA256	1182688c740a9e706e52aa6c2d5b7ba070cf7b845839d7c911ca52c4216c79fa
SSDeep	1536:FKoHAUZGHQHyyhRJEApbWgaE/GSwIdWwgoUD4vA7jnmDwRfojeouLoZW0y:AogUMHQaApbvulIPIDWA7jneHjeoeo/
Size	91136 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-GD Antiy-AVL = AdWare/Win32.SuperJuan.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Adware/Win32.SuperJuan Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.13 K7AntiVirus = Adware VirusBuster = Adware.SuperJuan!zCZiTCCMjHw VBA32 = AdWare.SuperJuan.heur Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[RE] McAfee-GW-Edition = Generic PUP.z!fu DrWeb = Trojan.Juan.432 Kaspersky = not-a-virus:AdWare.Win32.SuperJuan.abfl Microsoft = Trojan:Win32/Vundo Fortinet = W32/Agent.XO Jiangmin = Adware/SuperJuan.mz McAfee = Generic PUP.z!fu F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-GD AVG = Generic21.CORW Norman = W32/Suspicious_Gen2.MNTPK Sophos = Mal/Agent-XO GData = Gen:Variant.Vundo.13 TheHacker = Trojan/Kryptik.ndc BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.NDC
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:04:23 08:31:46-04:00 PE Type : PE32 Linker Version : 5.0 Code Size : 36864 Initialized Data Size : 98304 Uninitialized Data Size : 0 Entry Point : 0x68da OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 8.1.3124.0 Product Version Number : 8.1.3124.0 File Flags Mask : 0x003f File Flags : Pre-release, Private build File OS : Win32 Object File Type : Executable application File Subtype : 0 Language Code : Neutral Character Set : Unicode Company Name : Ejlwccyyz Drksjuvlnje File Description : Drslhxwea IME 2002 File Version : 8.1.3124.0 Internal Name : MS-IME 2002 Legal Copyright : Copyright (C) 1995-2000 Qfcjsgkmv Zmsfkjxzypx. All rights reserved. Legal Trademarks : XruycnsnrR is a registered trademark of Nikighixo Euphcltvnkl. Xqfinny(TM) is a trademark of Eymmzioeq Wqkjbukmmtj Original Filename : IMEPADSM.DLL Product Name : Rwweklwyu IME 2002 Product Version : 8.1.3124.0
VirusTotal Report submitted 2011-06-22 14:44:56
VirusShare info last updated 2012-07-25 07:10:33

	MD5	a2057baab35ac0844f3ebdc373c9b67f
	SHA1	a45a8e849f15a4e1d8c973e157869b29bed0f43c
	SHA256	b2c7a17659d664b47596dd667e3ba456e39ad05fbaae84e08607f17f23216cef
SSDeep	6144:BWlTvMIor27eYO0tarC6nSOulm1B8IYZeSsI/rABvc:EzL7aVnSJm1tYZ9sUrABU
Size	320011 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.11.27 Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Packed/Win32.Generic Panda = Generic Trojan K7AntiVirus = Trojan VBA32 = Trojan.Pirminay.iaa TrendMicro-HouseCall = TROJ_GEN.R4FC1IK Comodo = TrojWare.Win32.Trojan.Agent.Gen Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Pirminay.iaa SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Generic Downloader.x!fyy DrWeb = Trojan.DownLoader4.60303 TrendMicro = TROJ_GEN.R4FC1IK Kaspersky = Trojan.Win32.Pirminay.iaa Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Kryptik.ANL!tr PCTools = HeurEngine.MaliciousPacker Jiangmin = Trojan/Pirminay.afd McAfee = Generic Downloader.x!fyy F-Secure = Gen:Variant.Vundo.11 VIPRE = Trojan.Win32.Generic!BT eSafe = Win32.GenVariant.Vun AVG = Generic22.CGKM Norman = W32/Obfuscated.L Sophos = Mal/Generic-L Symantec = Packed.Generic.305 GData = Gen:Variant.Vundo.11 TheHacker = Trojan/Pirminay.iaa BitDefender = Gen:Variant.Vundo.11 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2004:08:06 15:50:45-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 12288 Initialized Data Size : 593920 Uninitialized Data Size : 0 Entry Point : 0x3026 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Unicode Company Name : Yyzxdwrgr Uidbxjsajsr File Description : FIPS Crypto Driver File Version : 5.1.2600.0 (bimjkrgj.010817-1148) Internal Name : fips.sys Legal Copyright : © Gbocaqjuo Gbxizzxmscz. All rights reserved. Original Filename : fips.sys Product Name : Uadmvcwxm® Vuobbye® Operating System Product Version : 5.1.2600.0
VirusTotal Report submitted 2011-10-18 23:37:16
VirusShare info last updated 2012-07-25 07:10:42

	MD5	a47bfed547d550d8b1798428fca8b371
	SHA1	a170f821fab4006a3c1a90542f26b1656772534b
	SHA256	affa51cd7605c4a53b8c3edb52eaae77854d1a1efe64592a3f177526dabc8d98
SSDeep	1536:pKqow2uIR+hoPMqqU+NV23S2n8VkFS+FcHmCnzuaUkYUhnQFOo0UT6PpYiD:pGTn4oPMqqDLy/QVzLSkYHFO5ui
Size	102400 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.AV.573 Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Gen Panda = Trj/CI.A VirusBuster = Adware.Virtumonde!JoH3JINvIbY TrendMicro-HouseCall = TROJ_GEN.R47C2FH Emsisoft = Trojan.Win32.Pirminay!IK TrendMicro = TROJ_GEN.R47C2FH Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo PCTools = Trojan.Gen F-Secure = Application.Generic.371115 VIPRE = Virtumonde AVG = Generic23.NJ Norman = Vundo.UUS Symantec = Trojan.Gen.2 GData = Application.Generic.371115 TheHacker = Trojan/Kryptik.oxp BitDefender = Application.Generic.371115 NOD32 = Win32/Adware.Virtumonde.NHD
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:01:23 05:31:25-05:00 PE Type : PE32 Linker Version : 5.12 Code Size : 28672 Initialized Data Size : 118784 Uninitialized Data Size : 0 Entry Point : 0x3b6a OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 7.0.0.0 Product Version Number : 5.2.3790.1230 File Flags Mask : 0x003f File Flags : Private build File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Unicode Company Name : Adaptec, Inc. File Description : Adaptec Jfccjbr Ultra320 Driver File Version : 7.0.000.000 (NT.040809-2325) Internal Name : PH 3.0 MS_V98 V564 bw01 - RTC03 Legal Copyright : Copyright © 2003 Adaptec, Inc. All rights reserved. Original Filename : adpu320.sys Product Name : Adaptec Uvsvqsj Ultra320 Family Driver Product Version : 5.2.3790.1230
VirusTotal Report submitted 2011-07-22 21:49:03
VirusShare info last updated 2012-07-25 07:13:26

	MD5	a48eca2a996b3174cd2519b841fcf5b2
	SHA1	d2c38753f42a5332e5ebb8334eb6c343b722c293
	SHA256	2e006b5030a66444fe940b2a8733f26df8c422447015dc811cd046df35dddbaf
SSDeep	6144:SAmfx39AJeR5ijxHqXeYIWe5zE87VaEgDat:54eeR5ijxKXNIWizEQG
Size	202752 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.4.130 Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Gen Panda = Trj/CI.A K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!NUjgbCywBMw TrendMicro-HouseCall = TROJ_GEN.R72C2DA Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Vundo McAfee-GW-Edition = Artemis!A48ECA2A996B TrendMicro = TROJ_GEN.R72C2DA Microsoft = Trojan:Win32/Vundo PCTools = Trojan.Gen McAfee = Artemis!A48ECA2A996B VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Malware-gen eSafe = Win32.TRVundo AVG = Generic21.CFQV Norman = W32/Suspicious_Gen2.KSYZH Symantec = Trojan.Gen.2 GData = Gen:Variant.Vundo.4 TheHacker = Trojan/Kryptik.llt BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LLT
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:12:10 14:14:21-05:00 PE Type : PE32 Linker Version : 5.12 Code Size : 151552 Initialized Data Size : 94208 Uninitialized Data Size : 0 Entry Point : 0x21ffd OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.6.3790.1830 Product Version Number : 6.6.3790.1830 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Hjyehbrcy Ckjmxqzqtka File Description : Background Intelligent Transfer Service Proxy File Version : 6.6.3790.1830 (srv03_sp1_rtm.050324-1447) Internal Name : qmgrprxy.dll Legal Copyright : © Wjykopnfn Sdrxjpmhpkf. All rights reserved. Original Filename : qmgrprxy.dll Product Name : Gxpukylpu® Mvlsvop® Tzvzutacd Zouwws Product Version : 6.6.3790.1830
VirusTotal Report submitted 2011-04-21 08:37:35
VirusShare info last updated 2012-07-25 07:13:32

	MD5	a60918c6d8b60606b06e91f687beadf5
	SHA1	8720b1d13b607d8389aff2d85c3399d1a0a39241
	SHA256	dd3136d2c051cb1901bb589c94e7823800b35bebcfb979e0b0cece885681e6b6
SSDeep	1536:YH2//w+Eu82IB5ZK/YCOFOKi5Azg8BttSYQz7sb3NMQa+dddC3kzP2:YHdB5ZK/SMKvzDBzBQ/sb9MLkzP2
Size	72704 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.13 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!xKbRnh3+6Y0 TrendMicro-HouseCall = TROJ_GEN.R49C7JO Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Artemis!A60918C6D8B6 DrWeb = Trojan.Virtumod.10524 TrendMicro = TROJ_GEN.R49C7JO Kaspersky = Trojan.Win32.Monder.myip Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr McAfee = Artemis!A60918C6D8B6 F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.BZ.gen!Eldorado AVG = Generic25.AJUA Norman = W32/Vundo.UUW GData = Gen:Variant.Vundo.13 Commtouch = W32/Virtumonde.BZ.gen!Eldorado TheHacker = Trojan/Kryptik.ito BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.ITO
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:11:15 08:48:59-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 25600 Initialized Data Size : 80896 Uninitialized Data Size : 0 Entry Point : 0x71ad OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.0.32 Product Version Number : 6.0.5487.0 File Flags Mask : 0x003f File Flags : Private build File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Unicode Company Name : Hewlett-Packard Company File Description : Smart Array Storport Driver File Version : 6.0.0.32 Build 4 (x86) (NT.060726-2054) Internal Name : HpCISSs.sys Legal Copyright : Copyright (c) 2003-06 Hewlett-Packard Development Company, L.P. ALL RIGHTS RESERVED. Original Filename : HpCISSs.sys Product Name : Smart Array Storport Driver Product Version : 6.0.0.32 Build 4 (x86)
VirusTotal Report submitted 2011-10-30 13:09:39
VirusShare info last updated 2012-07-25 07:15:11

	MD5	a614043bc9adf67cc0a7f1369997f298
	SHA1	c7543b275ffa9937df5b3bee7e9374fe81d7740b
	SHA256	119b832cfc91f973e74d861216020dc8ead54ee3a9d6cdc28ad020f1c3c0335d
SSDeep	1536:4YYTQjtNpB7SOK0yJ9xKEikpjH8kZXj9cBwBnXNJ5PkA/SUHLEpFHXcuLcI1TN6q:8MNB7SOrCnKGFH8kZX5cB2d/SU8FHXdB
Size	96256 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.96256.AV.1 Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Gen Panda = Suspicious file Rising = Trojan.Win32.Generic.1252212F nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!Gbuxte/GQ8c TrendMicro-HouseCall = TROJ_GEN.R4FC1AV Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Vundo!gx TrendMicro = TROJ_GEN.R4FC1AV Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Vundo.GX!tr PCTools = Trojan.Gen McAfee = Vundo!gx F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:Malware-gen F-Prot = W32/Virtumonde.BZ.gen!Eldorado AVG = Crypt_c.BDN Norman = W32/Suspicious_Gen2.JYJSK Sophos = Mal/Generic-L Symantec = Trojan.Gen.2 GData = Gen:Variant.Vundo.4 Commtouch = W32/Virtumonde.BZ.gen!Eldorado BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.GND
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:10 20:09:01-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 44544 Initialized Data Size : 87552 Uninitialized Data Size : 0 Entry Point : 0xbd21 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.3959 Product Version Number : 5.2.3790.3959 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : HSM Recall Service File Version : 5.2.3790.3959 (srv03_sp2_rtm.070216-1710) Internal Name : RsFilter.sys Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : RsFilter.sys Product Name : Microsoft® Windows® Operating System Product Version : 5.2.3790.3959
VirusTotal Report submitted 2011-05-19 03:34:14
VirusShare info last updated 2012-07-25 07:15:15

	MD5	a75d9318fa4afe5ad02543ef1cb1b9cc
	SHA1	f973a1b42034009e89d6fa90e3f6a033fa9079ba
	SHA256	77e4fe0975ab29ea991b83f97eadbcf549133fbb0958fa2499e8a654fe6d9dc6
SSDeep	3072:Z9ILhKMUv2KsWh4oTeQ1gu9peH2Kxoi9TCoAZfARjxos7jI:ZCWDdeseWKHBIoJxo
Size	131072 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-EI Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Gen Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.13 VirusBuster = Trojan.Kryptik!KsRWElUX7X0 TrendMicro-HouseCall = TROJ_GEN.R47C1F3 Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Generic.dx!zsh TrendMicro = TROJ_GEN.R47C1F3 Microsoft = Trojan:Win32/Vundo Fortinet = W32/Dx.ZSH!tr PCTools = Trojan.Gen McAfee = Generic.dx!zsh F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-EI AVG = Generic22.BKGL Norman = W32/Suspicious_Gen2.MHKZN Symantec = Trojan.Gen GData = Gen:Variant.Vundo.13 TheHacker = Trojan/Kryptik.lxf BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:09:29 14:44:39-04:00 PE Type : PE32 Linker Version : 5.12 Code Size : 69632 Initialized Data Size : 94208 Uninitialized Data Size : 0 Entry Point : 0xdefe OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.5512 Product Version Number : 5.1.2600.5512 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Bxufqhusc Lsyvnozowtk File Description : USB Miniport Driver for Input Devices File Version : 5.1.2600.5512 (xpsp.080413-2108) Internal Name : HIDUSB.SYS Legal Copyright : © Kkwhopsnl Rujmohcknfq. All rights reserved. Original Filename : HIDUSB.SYS Product Name : Fzvycrpqx® Lpjnpml® Lkuzhsgyu Aezppw Product Version : 5.1.2600.5512
VirusTotal Report submitted 2011-06-25 23:22:12
VirusShare info last updated 2012-07-25 07:16:33

	MD5	a845120b84bba56214bc52f9b5419371
	SHA1	aee3cd619b820d042a8752c149c41f9f69a58730
	SHA256	dc852d906c983b22a8559c53d2758df3d7164b3e3175398a60cfc49e7af976a9
SSDeep	3072:RKE5gg0hoOweiOLVC7kXYV7Gr7519/yOYhsv6IfLvjKQd0QKL9Uw:8ER0yvuVI87515fYhsv/Djd0b+w
Size	130560 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/VB.Downloader.Gen Avast = Win32:Hosts-J Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Swisyn Panda = Trj/Qhost.LU Rising = Trojan.Win32.QHost.awf nProtect = Trojan/W32.QHosts.130560 K7AntiVirus = Trojan VirusBuster = Trojan.Swisyn!whPY1JLc4mw VBA32 = SScope.Trojan.VB.0609 eTrust-Vet = Win32/Swisyn.R TrendMicro-HouseCall = TROJ_FAM_00001e3.TOMA Comodo = TrojWare.Win32.Swisyn.C CAT-QuickHeal = TrojanDownloader.Ponmocup.A3 SUPERAntiSpyware = Trojan.Agent/Gen-HackHost McAfee-GW-Edition = Heuristic.BehavesLike.Win32.Downloader.A DrWeb = Trojan.Hosts.303 TrendMicro = TROJ_FAM_00001e3.TOMA Kaspersky = Trojan.Win32.Swisyn.jyb Microsoft = TrojanDownloader:Win32/Ponmocup.A ViRobot = Trojan.Win32.Swisyn.65024 Fortinet = W32/Swisyn.CQV!tr PCTools = Malware.Changeup Jiangmin = Trojan/Swisyn.cby McAfee = Swisyn.s F-Secure = Trojan.QHosts.AVD VIPRE = Trojan.Win32.Swisyn.jyb (v) Avast5 = Win32:Hosts-J F-Prot = W32/Swisyn.E.gen!Eldorado AVG = Dropper.VB.CMD Norman = W32/DLoader.ACMAD Sophos = Mal/Swisyn-D Symantec = W32.Changeup!gen GData = Trojan.QHosts.AVD Commtouch = W32/Swisyn.E.gen!Eldorado TheHacker = Trojan/Swisyn.jyb BitDefender = Trojan.QHosts.AVD NOD32 = Win32/Qhost.NRX
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:13 10:28:38-04:00 PE Type : PE32 Linker Version : 6.0 Code Size : 8192 Initialized Data Size : 8192 Uninitialized Data Size : 0 Entry Point : 0x1088 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2011-07-03 22:56:49
VirusShare info last updated 2012-07-25 07:17:37

	MD5	a8d0ff375fe4a06fecee6159882bba85
	SHA1	83d17e32ff1df6a80e985adb3eb69ea0a7568183
	SHA256	905b9cdead636346f610f00089c2964c5508cf3e32e6fcf0044adc9fb48cfbd1
SSDeep	6144:Dt1zky81aQBqRuogHlshnM28lRb5w8R9Ij2Ny81toqisS0SWDByhL:pCRlFsm9RbE2hTfSwUL
Size	319884 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Spy.ZBot.34.54 Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Pirminay.319884 Panda = Trj/CI.A Rising = Trojan.Win32.Generic.128D84D1 nProtect = Trojan/W32.Pirminay.319884 K7AntiVirus = Riskware VirusBuster = Trojan.Injector!cUdcFsr/ePY VBA32 = Trojan.Pirminay.kaj TrendMicro-HouseCall = TROJ_GEN.R21C2HA Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Pirminay.iln McAfee-GW-Edition = Artemis!A8D0FF375FE4 DrWeb = Trojan.DownLoader4.46304 TrendMicro = TROJ_GEN.R21C2HA Kaspersky = Trojan.Win32.Pirminay.iln Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Pirminay.ILN!tr PCTools = Trojan.Gen McAfee = Artemis!A8D0FF375FE4 F-Secure = Gen:Variant.Zbot.34 VIPRE = Trojan.Win32.Generic!BT F-Prot = W32/Ponmocup.A.gen!Eldorado AVG = Dropper.Generic3.CDRU Norman = W32/Obfuscated.L Sophos = Mal/Generic-L GData = Gen:Variant.Zbot.34 Symantec = Trojan.Gen Commtouch = W32/Ponmocup.A.gen!Eldorado TheHacker = Trojan/Pirminay.kaj BitDefender = Gen:Variant.Zbot.34 NOD32 = a variant of Win32/Injector.FXK
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:04:09 23:11:22-04:00 PE Type : PE32 Linker Version : 6.0 Code Size : 299008 Initialized Data Size : 290816 Uninitialized Data Size : 0 Entry Point : 0x45e03 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1.0.0.49 Product Version Number : 1.0.0.49 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 6 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : Marvell Semiconductor, Inc File Description : ExtSta NDIS 6.0 driver File Version : 1.00.00.49 Product Version : 1.00.00.49 Internal Name : MRVW13B.SYS Original Filename : MRVW13B.SYS Legal Copyright : Copyright 2005-2006, Marvell All Rights Reserved. Legal Trademarks : Private Build : Product Name : Device driver for Marvell 802.11 NIC Special Build :
VirusTotal Report submitted 2011-09-28 23:27:53
VirusShare info last updated 2012-07-25 07:18:07

	MD5	a9264c0f74e0411b67533bf52b9e5f59
	SHA1	bfb4b43a9f67b598d2795096aad15d0687478f67
	SHA256	dd33f9fb44578839bbbe3681435d1b5b0cffa52942bfe9ba0587ebf37c5dcf91
SSDeep	1536:NKdTBtSiEtQnCqhuPp5VpKRyYQ9nVZrl7Y2Lj8syR2G6M03r4fgCdi:NKdjEeC22FpKRIZrlFLAH0Pp3r4fgki
Size	101376 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-EI Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Gen Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!1wM2JBLGzqc TrendMicro-HouseCall = TROJ_GEN.R4FC1FQ Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Generic.dx!zop TrendMicro = TROJ_GEN.R4FC1FQ Microsoft = Trojan:Win32/Vundo Fortinet = W32/Dx.ZOP!tr PCTools = Trojan.Gen McAfee = Generic.dx!zop F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-EI AVG = Generic21.BTDY Norman = W32/Suspicious_Gen2.MKYNT Symantec = Trojan.Gen.2 GData = Gen:Variant.Vundo.4 TheHacker = Trojan/Kryptik.lxf BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:18 10:20:10-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 53248 Initialized Data Size : 90112 Uninitialized Data Size : 0 Entry Point : 0xa3bd OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 0.3.0.0 Product Version Number : 5.2.3790.1224 File Flags Mask : 0x003f File Flags : Private build File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 1 Language Code : English (U.S.) Character Set : Unicode Company Name : Xqbdjpbjx Hsynvzpzogj File Description : Canon BJ Mini Printer Driver File Version : 5.2.3790.1224 (dnsrv(skatari).040514-1058) Internal Name : CNB5500.DLL Legal Copyright : © Ziqifawwk Crigajsfypr. All rights reserved. Original Filename : CNB5500.DLL Product Name : Jmaxkvzpg® Nktukvk® Asgykhcda Fhqwzo Product Version : 5.2.3790.1224
VirusTotal Report submitted 2011-06-30 08:38:14
VirusShare info last updated 2012-07-25 07:18:32

	MD5	a9c0ad1336c2c7e41d7ac0e885185b85
	SHA1	7dc50baf5a0da40641e3ec1cc7ff623e5b99a2cd
	SHA256	6372122be6dbfb78c00192a14f5d0ad4194a107f6431f6bbd936540d4f24d79f
SSDeep	6144:c19zHEQWexIGeWV3anZOxJGpn/34tgF405yTigTkhqI9cBJBYPWpkLfYDn:crkHexIdwaAJW/otg405yT7khuBJB26
Size	349198 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dldr.Ponmocup.A.285 Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay Rising = Trojan.Win32.Generic.128A66DE nProtect = Trojan/W32.Pirminay.349198 VBA32 = Trojan.Pirminay.ifp TrendMicro-HouseCall = TROJ_GEN.R47C2FJ Comodo = TrojWare.Win32.Trojan.Agent.Gen Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Pirminay.ifp DrWeb = Trojan.DownLoader3.31121 TrendMicro = TROJ_GEN.R47C2FJ Kaspersky = Trojan.Win32.Pirminay.ifp Microsoft = TrojanDownloader:Win32/Ponmocup.A PCTools = Downloader.Generic McAfee = Downloader.a!k F-Secure = Trojan.Generic.6188836 VIPRE = FraudTool.Win32.AVSoft (v) Avast5 = Win32:Malware-gen Sophos = Mal/Generic-L Symantec = Downloader GData = Trojan.Generic.6188836 BitDefender = Trojan.Generic.6188836 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2007:01:23 17:34:15-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 348160 Initialized Data Size : 4096 Uninitialized Data Size : 475136 Entry Point : 0xc9510 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2001.12.4414.42 Product Version Number : 3.0.0.4414 File Flags Mask : 0x003f File Flags : Special build File OS : Win32 Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Windows, Latin1 Company Name : Hovobxtio Bfnyvtepbwj File Version : 2001.12.4414.42 Internal Name : MTXREPL.EXE Legal Copyright : Copyright (C) Qzjxyowrw Corp. 1995-1999 Legal Trademarks : Iwuvusifc(R) is a registered trademark of Suskizwir Rbexstccxuz. Xgipaqk(TM) is a trademark of Anlmmsrta Vgtryincodh Product Name : COM Services Product Version : 03.00.00.4414
VirusTotal Report submitted 2011-08-23 19:36:35
VirusShare info last updated 2012-07-25 07:19:13

	MD5	aaaa1a3f401e6232228c30d1aab77da9
	SHA1	73407c51f1d0506193b904a45de76e6545da6515
	SHA256	845286bfcf40be60c36cd1cc1ed1cfa3867b0340dfcbbd4e007bbdaa2b127d6c
SSDeep	6144:ZoVIO49LESqym1ffun2N2Zk4lZht+jbpCmD2pv7:ZsIz9B241t+PD2pv7
Size	288286 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen2 Avast = Win32:Zbot-NDK Ikarus = Trojan.Win32.Pirminay nProtect = Gen:Variant.Zbot.34 Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Faldesc[RE] PCTools = HeurEngine.MaliciousPacker F-Secure = Gen:Variant.Zbot.34 Avast5 = Win32:Zbot-NDK AVG = SHeur3.CAYM GData = Gen:Variant.Zbot.34 BitDefender = Gen:Variant.Zbot.34
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:03:20 22:28:27-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 16384 Initialized Data Size : 544768 Uninitialized Data Size : 0 Entry Point : 0x3fd0 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 3.70.6.23 Product Version Number : 3.70.6.23 File Flags Mask : 0x0003 File Flags : (none) File OS : Windows 16-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Windows, Latin1 Company Name : Cuemqeocs Lnxhvvqxnxi File Description : Npgwyzwwq BCP for ODBC File Version : 3.70.0623 Internal Name : ODBCBCP Legal Copyright : Copyright © Bmmacysah Iyaelpngrzi 1990-1998 Legal Trademarks : ODBC(TM) is a trademark of Hptglqect Akdcdvlowpf. Fsnazwqcb® and Srmwqee® are registered trademarks of Rojskziyl Qorqllqabir. Original Filename : ODBCBCP.DLL Product Name : Tsbcggkaa SQL Server Product Version : 3.70.0623
VirusTotal Report submitted 2011-05-26 01:02:38
VirusShare info last updated 2012-07-25 07:20:17

	MD5	ac08e805e284b626b8af5023d67b1a2a
	SHA1	1cd84b3e87fc8486e6447ea73a8f25d0ec67d7e7
	SHA256	e59bc0ffed949d9f6cf2bca426fb8e8892d151cb916c3a696329466e5debff98
SSDeep	3072:F8VN/73lrKtsQ26SzQMInljENzKAZoB4:+N/rF2s76lDCm
Size	121856 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-GD Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Gen Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.13 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!v4vZTNlR3OY TrendMicro-HouseCall = TROJ_GEN.R72C2F8 Comodo = UnclassifiedMalware McAfee-GW-Edition = Artemis!AC08E805E284 TrendMicro = TROJ_GEN.R72C2F8 Microsoft = Trojan:Win32/Stration.A!dll PCTools = Trojan.Gen McAfee = Artemis!AC08E805E284 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:MalOb-GD AVG = Generic22.BDRG Norman = W32/Suspicious_Gen2.MYLAK Symantec = Trojan.Gen GData = Gen:Variant.Vundo.13 BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.NDI
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:17 18:59:34-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 73728 Initialized Data Size : 90112 Uninitialized Data Size : 0 Entry Point : 0xf4c1 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6002.18005 Product Version Number : 6.0.6002.18005 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Gydqundhr Ltwzexdxfro File Description : USB 1.1 & 2.0 Port Driver File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830) Internal Name : usbport.sys Legal Copyright : © Iercncmyj Sliyyeczwau. All rights reserved. Original Filename : usbport.sys Product Name : Valvqglsy® Riwihub® Mukbsxeeg Yciioq Product Version : 6.0.6002.18005
VirusTotal Report submitted 2011-06-25 22:12:01
VirusShare info last updated 2012-07-25 07:21:41

	MD5	ac37696449d3648c5eab5ffdd8bbf4f7
	SHA1	11f641236bb3e2957dbf0a0185d64b167a637723
	SHA256	0b1a2fec57e65ee7d4c1bea93f2376c4f43e2208dd8d87100270f1573709e655
SSDeep	1536:BqjfsjOJcovRdydePeR11l6KUZNdXL520Nam6Gqk7H1vIIF:BqjkjtovjydePeoZNd120NXP7H1II
Size	71168 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Genome Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.13 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!0MXt1QoiW+E TrendMicro-HouseCall = TROJ_GEN.R72C2FN Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Vundo!kl TrendMicro = TROJ_GEN.R72C2FN Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.jghp McAfee = Vundo!kl F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:MalOb-EI [Cryp] F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.AWC Norman = W32/Suspicious_Gen2.PYIPH Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.13 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.OXO
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:01:05 08:10:29-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 28672 Initialized Data Size : 86016 Uninitialized Data Size : 0 Entry Point : 0x7be1 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Mekvxtekr Hfrotebpexl File Description : ODBC (3.0) driver for Paradox File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : odpdx32.dll Legal Copyright : © Vuzcsnqxm Dndyymppdbl. All rights reserved. Original Filename : odpdx32.dll Product Name : Mzukzgmcq® Bzmkjjm® Cfguzaskn Kumztv Product Version : 6.1.7600.16385
VirusTotal Report submitted 2011-09-12 09:21:13
VirusShare info last updated 2012-07-25 07:21:59

	MD5	ac89882ac014d841134415f11b328330
	SHA1	d04f18d8519d79138a4ff39424e253580722de87
	SHA256	04cd455eb00ed94b3ad46ed41f62cec412db998b45b1f8e2692e7d61288bcd53
SSDeep	6144:00bzWMBY9iLFLwQ1eIr1B22G7qddog4qWUWOCT/o5alf/sjP13bTMG:zop8ENq0965i0j1P
Size	393746 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dldr.Ponmocup.A.253 Avast = Win32:Kryptik-CNK Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay nProtect = Trojan.Generic.5950420 Microsoft = TrojanDownloader:Win32/Ponmocup.A Avast5 = Win32:Kryptik-CNK AVG = SHeur3.BZVF GData = Trojan.Generic.5950420 TheHacker = Trojan/Pirminay.hge BitDefender = Trojan.Generic.5950420 NOD32 = a variant of Win32/Kryptik.NDZ
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:10:31 23:14:28-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 32768 Initialized Data Size : 692224 Uninitialized Data Size : 0 Entry Point : 0x5dd6 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.4.22.0 Product Version Number : 0.4.22.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : Intel Corp./ICP vortex GmbH File Description : Intel/ICP Raid Storport Driver File Version : 5.4.22.0 Internal Name : iirsp.sys Legal Copyright : Copyright © 2002-05 Intel Corp./ICP vortex GmbH Legal Trademarks : Original Filename : iirsp.sys Private Build : Product Name : Intel/ICP Raid Storport Driver Product Version : 4.22.0 Special Build :
VirusTotal Report submitted 2011-05-25 21:56:18
VirusShare info last updated 2012-07-25 07:22:18

	MD5	acd56cd8852529dd5352a6795295f5ff
	SHA1	06786f1cb3570475bf0579bec5c86da95b98a1bf
	SHA256	70277ca9781e115b05bc276fd5ecb6813a8cebfe083d548acf1f3b70b20aa202
SSDeep	3072:Q/b1IVLs05WNzmn+OrBE9O79KXBGfK/Tv8uJxXRqCTAGD3ex:II20okfJ9rfKrjvJD3O
Size	115200 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-GD Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Vundo Panda = Trj/Genetic.gen nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware Comodo = TrojWare.Win32.Kryptik.LLT SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Artemis!ACD56CD88525 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo Jiangmin = Trojan/Generic.fnxb McAfee = Artemis!ACD56CD88525 F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-GD AVG = Generic22.CFIC GData = Gen:Variant.Vundo.4 TheHacker = Trojan/Kryptik.llt BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LLT
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:06:11 15:18:07-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 102400 Initialized Data Size : 49152 Uninitialized Data Size : 0 Entry Point : 0x19601 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.0.0.3422 Product Version Number : 2.0.0.3422 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : Rlikrttkj Ibietanazzz File Description : Jugqectay Character Animation Data Provider File Version : 2.00.0.3422 Internal Name : AgentDataProvider2 Legal Copyright : Copyright (C) Bhgtbibxy Corp. 1997-98 Legal Trademarks : Original Filename : AgentDp2.dll Private Build : Product Name : Nrrmupjma Character Animation Data Provider Product Version : 2.00.0.3422 Special Build :
VirusTotal Report submitted 2011-07-04 08:35:01
VirusShare info last updated 2012-07-25 07:22:41

	MD5	ad86954d9d4b2938cf5aa64c2166cc95
	SHA1	5435bab4972457ad5b57a65c695517a2ce9a3c4d
	SHA256	6d701edeaa8488ed7093921a1098c93cd4fb9aa85cbdbd94abd51971b959382e
SSDeep	3072:gXrHakAH7HtjqoV9nxweCrf7fTimMQfULm+bEo7jj1F:gXrakg2oV9xweu7zMQ8Lm+BB
Size	120832 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-GD [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Gen Panda = Trj/CI.A VirusBuster = Trojan.Kryptik.Gen.16 TrendMicro-HouseCall = TROJ_GEN.R1BC2FI Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Artemis!AD86954D9D4B TrendMicro = TROJ_GEN.R1BC2FI Microsoft = Trojan:Win32/Vundo PCTools = Trojan.Gen McAfee = Artemis!AD86954D9D4B F-Secure = Trojan.Generic.KDV.281755 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-GD [Cryp] AVG = Generic23.AXAQ Symantec = Trojan.Gen GData = Trojan.Generic.KDV.281755 TheHacker = Trojan/Kryptik.npn BitDefender = Trojan.Generic.KDV.281755 NOD32 = a variant of Win32/Kryptik.NPN
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:14 13:39:47-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 69632 Initialized Data Size : 94208 Uninitialized Data Size : 0 Entry Point : 0x11a81 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1.3.0.3130 Product Version Number : 1.3.0.3130 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Jywyluocc Vhpbrgajfmp File Description : TDC ActiveX Control File Version : 1, 3, 0, 3130 Internal Name : TDC Legal Copyright : Copyright © 1996, 1997 Original Filename : TDC.OCX Product Name : Tabular Data Control Product Version : 1, 3, 0, 3130
VirusTotal Report submitted 2011-07-09 11:45:37
VirusShare info last updated 2012-07-25 07:23:28

	MD5	b0d466660b20ce82ac15a4dab748f5e7
	SHA1	1cb00e67b831ac4e07cf0a125dd8ed7077a2f87a
	SHA256	41f5b353dab7ce51293e89e0ae08e5b1b2975d291d544d8c765ff5d1b0be63fc
SSDeep	768:PxlFFJbl6XVYGLkT7h21tycL/kPHkCxA8Eucr+MJyObRDSYYpNrCsI:PZFJbU8E1AjprcsOtFYpNr4
Size	69632 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.4.253 Avast = Win32:MalOb-EI Antiy-AVL = Trojan/Win32.Monder.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Vundo Panda = Trj/CI.A nProtect = Trojan/W32.Monder.69632.L K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_GEN.R72C2FG Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Faldesc[RE] McAfee-GW-Edition = Artemis!B0D466660B20 DrWeb = Trojan.Smardec.58 TrendMicro = TROJ_GEN.R72C2FG Kaspersky = Trojan.Win32.Monder.mjjj Microsoft = Trojan:Win32/Vundo PCTools = Trojan.Gen Jiangmin = Trojan/Monder.aahh McAfee = Artemis!B0D466660B20 F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-EI AVG = Generic22.CGQJ Norman = W32/Suspicious_Gen2.NDSRL Sophos = Mal/Generic-L Symantec = Trojan.Gen GData = Gen:Variant.Vundo.4 TheHacker = Trojan/Monder.mjbr BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.NDF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:11:23 16:38:47-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 49152 Initialized Data Size : 49152 Uninitialized Data Size : 0 Entry Point : 0xbf81 OS Version : 4.0 Image Version : 9.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.1106 Product Version Number : 5.1.2600.1106 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Nimybltgr Xypkzmsxjwz File Description : Cplffpxds DirectMusic Scripting File Version : 5.1.2600.1106 (xpsp1.020828-1920) Internal Name : Lqlbuiifh DirectMusic Scripting Legal Copyright : © Xpmyvicde Nuzgyszckie. All rights reserved. Original Filename : dmscript.dll Product Name : Ehrtaizdy® Xkyordn® Fpyueukmy System Product Version : 5.1.2600.1106
VirusTotal Report submitted 2011-07-03 21:56:15
VirusShare info last updated 2012-07-25 07:27:01

	MD5	b26ce9338d177adba79b016c101f76e9
	SHA1	cb5039aa63ecfa17899f1294320eb48c3f3ceb2d
	SHA256	be75080e013f6293c4c64b5d707f4deaceff36ece29252dbc9e7bb16302bbb50
SSDeep	3072:Nvu2mHwCw0sKpKRxZrlGLAH0Pp3rhfgki:Ru27UKRxZxUPF
Size	101376 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-EI Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Gen Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!8NwU5oHD3oM TrendMicro-HouseCall = TROJ_GEN.R4FC1FQ Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Generic.dx!zns TrendMicro = TROJ_GEN.R4FC1FQ Microsoft = Trojan:Win32/Vundo Fortinet = W32/Dx.ZNS!tr PCTools = Trojan.Gen McAfee = Generic.dx!zns F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-EI AVG = Generic21.BTDY Norman = W32/Suspicious_Gen2.MLIHF Symantec = Trojan.Gen.2 GData = Gen:Variant.Vundo.4 TheHacker = Trojan/Kryptik.lxf BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:18 10:20:10-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 53248 Initialized Data Size : 90112 Uninitialized Data Size : 0 Entry Point : 0xa3bd OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 0.3.0.0 Product Version Number : 5.2.3790.1224 File Flags Mask : 0x003f File Flags : Private build File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 1 Language Code : English (U.S.) Character Set : Unicode Company Name : Xqbdjpbjx Hsynvzpzogj File Description : Canon BJ Mini Printer Driver File Version : 5.2.3790.1224 (dnsrv(skatari).040514-1058) Internal Name : CNB5500.DLL Legal Copyright : © Ziqifawwk Crigajsfypr. All rights reserved. Original Filename : CNB5500.DLL Product Name : Jmaxkvzpg® Nktukvk® Asgykhcda Fhqwzo Product Version : 5.2.3790.1224
VirusTotal Report submitted 2011-06-30 09:28:44
VirusShare info last updated 2012-07-25 07:28:54

	MD5	b31a6b986e6e2894fd9c732dc4335155
	SHA1	128aca169e90bf1a36dbdd4382307d4e5f403a8b
	SHA256	27083593fb18bcb0754fa0efaf5244f54d9c97c9a54d17a01c8e4739f0f961d1
SSDeep	3072:kEohQNgl+BUqJ2r7e2VuF+IN5NgoHOTBKfXxi0DB:CKaYxJOVegouTBKvjD
Size	113664 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:MalOb-EI Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Gen Panda = Suspicious file Rising = Trojan.Win32.Generic.1260AC87 nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!Eeev4F6Ezp8 TrendMicro-HouseCall = TROJ_GEN.R72C2F9 Comodo = UnclassifiedMalware McAfee-GW-Edition = Artemis!B31A6B986E6E TrendMicro = TROJ_GEN.R72C2F9 Microsoft = Trojan:Win32/Vundo PCTools = Trojan.Gen Jiangmin = Trojan/Genome.hzo McAfee = Artemis!B31A6B986E6E F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-EI F-Prot = W32/Virtumonde.BZ.gen!Eldorado AVG = Generic22.BUVS Symantec = Trojan.Gen GData = Gen:Variant.Vundo.4 Commtouch = W32/Virtumonde.BZ.gen!Eldorado BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2004:07:11 16:53:25-04:00 PE Type : PE32 Linker Version : 6.0 Code Size : 69632 Initialized Data Size : 80896 Uninitialized Data Size : 0 Entry Point : 0x11eed OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Microsoft® Windows(TM) RSVP Performance Monitor File Version : 5.1.2600.0 (xpclient.010817-1148) Internal Name : RSVP Performance Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : RSVPPERF.DLL Product Name : Microsoft® Windows® Operating System Product Version : 5.1.2600.0
VirusTotal Report submitted 2011-06-30 13:08:16
VirusShare info last updated 2012-07-25 07:29:39

	MD5	b37b55ef84664f0d3ce75531f3d26d65
	SHA1	a9e1f9399dea66a07de56f8dadfdb059c86a5803
	SHA256	b5fd0458a41867721d4700a1334e2b3967b4fc5166d4e6413cbd9d082d802d8c
SSDeep	6144:kXXM0vN4Sj2jsHdD0qn+kgY4xUDdLuwJPzs30N9UJZDc64O8hIpaWwtbBlO4grcN:CISHGejDxJPzkgGJZDchOT1Wari
Size	434625 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Spy.ZBot.34.33 Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Jorik.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Pirminay.434625.B Panda = Trj/CI.A nProtect = Gen:Variant.Zbot.34 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!J/hNUFicRhk TrendMicro-HouseCall = TROJ_GEN.R3EC2HA Emsisoft = Trojan.Win32.Pirminay!IK Comodo = TrojWare.Win32.Kryptik.NHM SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[RE] McAfee-GW-Edition = Heuristic.BehavesLike.Win32.Downloader.H DrWeb = Trojan.DownLoader4.45401 TrendMicro = TROJ_GEN.R3EC2HA Kaspersky = UDS:DangerousObject.Multi.Generic Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = PossibleThreat PCTools = Trojan.ADH Jiangmin = Trojan/Generic.fhom F-Secure = Gen:Variant.Zbot.34 VIPRE = Trojan.Win32.Generic!SB.0 Avast5 = Win32:Malware-gen AVG = SHeur3.BYHL Norman = W32/Obfuscated.L Sophos = Mal/Generic-L GData = Gen:Variant.Zbot.34 Symantec = Trojan.ADH.2 TheHacker = Trojan/Kryptik.nhm BitDefender = Gen:Variant.Zbot.34 NOD32 = a variant of Win32/Kryptik.NHM
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:20 15:12:15-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 413696 Initialized Data Size : 356352 Uninitialized Data Size : 0 Entry Point : 0x65c9c OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Ddrswdyit Jztrfwchxgo File Description : DHCP Client Service File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : dhcpcsvc.dll Legal Copyright : © Gglqpmdrt Qmtqbeilwoi. All rights reserved. Original Filename : dhcpcsvc.dll Product Name : Lvvivotwg® Dmeiktz® Aukpzsdct Ivhogt Product Version : 6.1.7600.16385
VirusTotal Report submitted 2011-08-26 18:36:48
VirusShare info last updated 2012-07-25 07:30:06

	MD5	b39b8dfb162ae0eb3982ea865c3c9139
	SHA1	f9fdc3108208e08caa63e30f9eb55cf3b8306709
	SHA256	833ab8c23a40efee107ffc4bf6f22760db2b43a1ab66d5598ef8e92bf7e0b916
SSDeep	3072:FmOMgKBlUquw+MnowMqqDLy/sOcWKCdzue757HG:PMgiUbHqqDLusOXd+
Size	126976 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Ikarus = Trojan.Win32.Pirminay Panda = Suspicious file Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Artemis!B39B8DFB162A McAfee = Artemis!B39B8DFB162A AVG = Generic23.AOOB NOD32 = a variant of Win32/Kryptik.OXP
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:03:12 03:17:07-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 40960 Initialized Data Size : 126976 Uninitialized Data Size : 0 Entry Point : 0x72b2 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.6914.0 Product Version Number : 6.1.6914.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 1 Language Code : English (U.S.) Character Set : Unicode Company Name : SEIKO EPSON CORPORATION File Description : EPSON Printer Driver File Version : 6.1.6914.0 (fbl_dox_dev_ihvs.081001-2123) Internal Name : ep0lvr1g.dll Legal Copyright : Copyright (c) SEIKO EPSON CORPORATION 2003-2004. All rights reserved. Original Filename : ep0lvr1g.dll Product Name : EPSON Printer Driver Product Version : 6.1.6914.0
VirusTotal Report submitted 2011-07-11 10:49:34
VirusShare info last updated 2012-07-25 07:30:13

	MD5	b46034122ac94c28eccc901196c00d4b
	SHA1	56b32e2f9d795175607dec5b6c663719bfbf4f2b
	SHA256	ff1446c51b41a7ec4c75edf2bc115fa8c398d4cbfc7123d70723ce11747c0c7a
SSDeep	1536:TPGz7YOI63wieTNVtNmz5UGG6XijYlLERpK2iKAXM3QGodC/1tJ:KYOfnf5pXizfQGodC/fJ
Size	114176 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.AV.572 Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/Win32.Monder.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Trj/Genetic.gen nProtect = Trojan/W32.Monder.114176.J TrendMicro-HouseCall = TROJ_GEN.R1BC2FI Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Artemis!B46034122AC9 DrWeb = Trojan.Virtumod.9851 TrendMicro = TROJ_GEN.R1BC2FI Kaspersky = Trojan.Win32.Monder.drjy Microsoft = Trojan:Win32/Vundo Fortinet = W32/Monder.DRJY!tr PCTools = Trojan.Gen Jiangmin = Trojan/Monder.aamm McAfee = Artemis!B46034122AC9 F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-EI [Cryp] AVG = Generic22.CFBI Norman = Monder.M Symantec = Trojan.Gen GData = Gen:Variant.Vundo.13 TheHacker = Trojan/Kryptik.lxf BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:06:17 01:37:32-04:00 PE Type : PE32 Linker Version : 5.12 Code Size : 57344 Initialized Data Size : 102400 Uninitialized Data Size : 0 Entry Point : 0xafd6 OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 9.0.32.3 Product Version Number : 9.0.32.3 File Flags Mask : 0x003f File Flags : Pre-release File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 6 Language Code : English (U.S.) Character Set : Unicode Company Name : Marvell File Description : NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller File Version : 9.0.32.3 built by: WinDDK Internal Name : YK60X86.sys Legal Copyright : ©Copyright 2002-2006 Marvell®. All rights reserved. Original Filename : YK60X86.sys Product Name : Marvell Yukon Ethernet Controller Product Version : 9.0.32.3
VirusTotal Report submitted 2011-07-09 11:29:24
VirusShare info last updated 2012-07-25 07:31:02

	MD5	b4e2dc2573d640412a85c898f5aab6b5
	SHA1	a79fce5c91cdcad4f9c675fc534ae5ceac92965f
	SHA256	97427db1c25d51dbcec056f16017903b1b80b8b688d31099aff6aa0a939d7bbf
SSDeep	3072:ODwRZ9PCUo2BTxWnZmsFlwTAV2J6IkOsN:O6piQTwLAO2rC
Size	143872 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	Avast = Win32:MalOb-EI Ikarus = Trojan.Win32.Pirminay VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-EI GData = Win32:MalOb-EI NOD32 = a variant of Win32/Kryptik.NDI
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:01:04 11:25:00-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 73728 Initialized Data Size : 114688 Uninitialized Data Size : 0 Entry Point : 0xee21 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 0.3.1536.1 Product Version Number : 1.10.2.11 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : CANON INC. File Description : Canon Inkjet Printer Driver File Version : 1.10.2.11 (fbl_dox_dev_ihvs.081016-1807) Internal Name : CNBBRxxx.DLL Legal Copyright : Copyright CANON INC. 2008 All Rights Reserved Original Filename : CNBBRxxx.DLL Product Name : Canon Inkjet Printer Driver Product Version : 1.10.2.11
VirusTotal Report submitted 2011-06-01 20:45:07
VirusShare info last updated 2012-07-25 07:31:33

	MD5	b4f669a272c0fa77837ed507f3a38582
	SHA1	a89e5e8da939292e38cc40bd77cf9a412460d3ef
	SHA256	bef167a529c992a5e89eac49b7aeb544922d4aebcbee5948924373f5b75ab3ae
SSDeep	1536:8pi65iQKoNhgMl/YHbZmR/wTwuhZnuyvccCK+N/0zhQ2+clBWcWdo:d6g+hgMl/YFCMnuy1CT4hQGlBWcWdo
Size	93696 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.aba.1 Avast = Win32:MalOb-EI Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Gen Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.13 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!2PQosTlQneM TrendMicro-HouseCall = TROJ_GEN.R4FC1FQ Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[Cont] McAfee-GW-Edition = Generic.dx!zri TrendMicro = TROJ_GEN.R4FC1FQ Microsoft = Trojan:Win32/Vundo Fortinet = W32/Dx.ZRI!tr PCTools = Trojan.Gen McAfee = Generic.dx!zri F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-EI F-Prot = W32/Virtumonde.CD.gen!Eldorado AVG = Generic21.BEPF Norman = W32/Suspicious_Gen2.MKVDK Sophos = Mal/Generic-L Symantec = Trojan.Gen GData = Gen:Variant.Vundo.13 Commtouch = W32/Virtumonde.CD.gen!Eldorado TheHacker = Trojan/Kryptik.lxf BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:03:29 13:20:18-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 45056 Initialized Data Size : 90112 Uninitialized Data Size : 0 Entry Point : 0x8079 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Tczlgayud Lashwdryrso File Description : TPM WMI Provider File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : Win32_Tpm.DLL Legal Copyright : © Uqyrnikyv Corporation. All rights reserved. Original Filename : Win32_Tpm.DLL Product Name : Mctvsxyca® Sjfzjzy® Dacrqbvzf Ndhpdj Product Version : 6.1.7600.16385
VirusTotal Report submitted 2011-06-30 05:18:13
VirusShare info last updated 2012-07-25 07:31:39

	MD5	b584316196414846a7510c4bee382a0a
	SHA1	1ae768161db34d038f2378231c466fd508e87d63
	SHA256	db11d473c8e4f30caeba7d2309ebac86b88d527ce58487477de360e5fd682fb8
SSDeep	3072:RWysui0wHIOp+TtsduYlvvOpY1sqtB9N6fr:2ui0wodTWvv9RtB9
Size	110592 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-GD Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Gen Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!T01BFDN3+QI TrendMicro-HouseCall = TROJ_GEN.R72C2FJ Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[RE] McAfee-GW-Edition = Artemis!B58431619641 TrendMicro = TROJ_GEN.R72C2FJ Microsoft = Trojan:Win32/Vundo PCTools = Trojan.Gen McAfee = Artemis!B58431619641 F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-GD AVG = Generic22.COKN Symantec = Trojan.Gen GData = Gen:Variant.Vundo.4 TheHacker = Trojan/Kryptik.npn BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.NPN
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:01:18 12:40:54-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 77824 Initialized Data Size : 73728 Uninitialized Data Size : 0 Entry Point : 0x13721 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 8.0.6001.18000 Product Version Number : 8.0.6001.18000 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Utfqnpffp Tmcvicqbytv File Description : Fycfhkzof Speech Recognition Engine Extensions File Version : 8.0.6001.18000 (longhorn_rtm.080118-1840) Internal Name : spsrx.dll Legal Copyright : © Rltrmfixs Hcbfifzaiou. All rights reserved. Original Filename : spsrx.dll Product Name : Mfwsmhdoa® Oycenav® Niqcutlec Omlftm Product Version : 8.0.6001.18000
VirusTotal Report submitted 2011-06-30 23:37:17
VirusShare info last updated 2012-07-25 07:32:20

	MD5	b5b9e1a0e447bb9f43d591f49ece7cca
	SHA1	549bd2f161dc9ea3997a91bdcbeed92432968e1d
	SHA256	ebb0266e1507b0aae42832b7d863d5c64d0eea752921d783ac161d41d36c45b0
SSDeep	1536:Vpih5iRLXNyKoUhguy/YHbZmR/wPwuhZnuyvccCK+N/0zhQ2IclEWcWdo:ShgRDHhguy/YFWMnuy1CT4hQ0lEWcWdo
Size	93696 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.aba.1 Avast = Win32:MalOb-EI Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Gen Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.13 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!VEZT5hx0xms TrendMicro-HouseCall = TROJ_GEN.R4FC1FQ Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[Cont] McAfee-GW-Edition = Generic.dx!znx TrendMicro = TROJ_GEN.R4FC1FQ Microsoft = Trojan:Win32/Vundo Fortinet = W32/Dx.ZNX!tr PCTools = Trojan.Gen McAfee = Generic.dx!znx F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-EI F-Prot = W32/Virtumonde.CD.gen!Eldorado AVG = Generic21.BEPF Norman = W32/Suspicious_Gen2.MLDNK Sophos = Mal/Generic-L Symantec = Trojan.Gen GData = Gen:Variant.Vundo.13 Commtouch = W32/Virtumonde.CD.gen!Eldorado TheHacker = Trojan/Kryptik.lxf BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:03:29 13:20:18-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 45056 Initialized Data Size : 90112 Uninitialized Data Size : 0 Entry Point : 0x8079 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Tczlgayud Lashwdryrso File Description : TPM WMI Provider File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : Win32_Tpm.DLL Legal Copyright : © Uqyrnikyv Corporation. All rights reserved. Original Filename : Win32_Tpm.DLL Product Name : Mctvsxyca® Sjfzjzy® Dacrqbvzf Ndhpdj Product Version : 6.1.7600.16385
VirusTotal Report submitted 2011-06-30 10:23:39
VirusShare info last updated 2012-07-25 07:32:34

	MD5	b72f908ddc16683d03c03a2c019df9b6
	SHA1	1d4d0dbae0199eef0f9e229cdcd4bca5632d15fc
	SHA256	5c90c4f01d4747dd1b18bbfc3f0afcc3292a38389afaa69ff33b1fba04626c16
SSDeep	3072:lWbI4qoplMwmKhMmKrwEuJZhwHJValiljMqqDLy/qDK:obI4fMvKhLNhwgnqqDLuq
Size	166400 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.A.946 Avast = Win32:Kryptik-ELX [Trj] Antiy-AVL = Trojan/Win32.Monder.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Trj/Genetic.gen nProtect = Trojan/W32.Monder.166400.B K7AntiVirus = Riskware VBA32 = Trojan.Monder.drjy eTrust-Vet = Win32/Vundo.HQK TrendMicro-HouseCall = TROJ_GEN.R47C2FJ Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Monder.drjy McAfee-GW-Edition = Vundo!ke DrWeb = Trojan.Smardec.75 TrendMicro = TROJ_GEN.R47C2FJ Kaspersky = Trojan.Win32.Monder.drjy Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen Jiangmin = Trojan/Monder.aapz McAfee = Vundo!ke F-Secure = Gen:Variant.Vundo.13 VIPRE = Virtumonde F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.ANJ Norman = W32/Kryptik.AIF Sophos = Mal/Generic-L GData = Gen:Variant.Vundo.13 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.oxq BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.OXQ
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:12:07 01:22:53-05:00 PE Type : PE32 Linker Version : 5.12 Code Size : 98304 Initialized Data Size : 118784 Uninitialized Data Size : 0 Entry Point : 0x148ca OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.3790.3959 Product Version Number : 6.0.3790.3959 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Microsoft IIS Common Logging Interface DLL File Version : 6.0.3790.3959 (srv03_sp2_rtm.070216-1710) Internal Name : ISCOMLOG.DLL Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : ISCOMLOG.DLL Product Name : Internet Information Services Product Version : 6.0.3790.3959
VirusTotal Report submitted 2011-10-21 20:57:32
VirusShare info last updated 2012-07-25 07:34:10

	MD5	b773a8e0d789fdfd1c81d43b2f8bb8d8
	SHA1	d127403002249add55f2899d32f7b2742b407cc7
	SHA256	e98e682fdbfc43cb9bedaba1a5d05498a18ccf96be0dea7ff3e74817a5ce18db
SSDeep	6144:vUk4bz7IgExJWrIekKPi0fpkB+i+xB/Gb63mJAuRRDAGWRjElsvzRa4EjlciIn:vUk43klxJdeLZ463mJycEaMiIn
Size	362859 bytes
File Type	MS-DOS executable
Detections	AntiVir = TR/Dldr.Renos.KC.33 Avast = Win32:Kryptik-AQC [Trj] Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Fakeav.362859 Panda = Trj/CI.A nProtect = Trojan/W32.Pirminay.362859 K7AntiVirus = Trojan VirusBuster = Trojan.Agent!HHNakEbko5k TrendMicro-HouseCall = TROJ_GEN.R28C2DC Comodo = TrojWare.Win32.Trojan.Agent.Gen Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Pirminay.iwp SUPERAntiSpyware = Trojan.Agent/Gen-Faldesc[RE] McAfee-GW-Edition = Downloader.a!ca TrendMicro = TROJ_GEN.R28C2DC Kaspersky = Trojan.Win32.Pirminay.iwp Microsoft = TrojanDownloader:Win32/Renos.KC Fortinet = PossibleThreat PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.nk McAfee = Downloader.a!ca F-Secure = Trojan.Generic.5574758 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Kryptik-AQC [Trj] AVG = Cryptic.QN Norman = W32/Obfuscated.L Sophos = Mal/Generic-L Symantec = Trojan.Gen GData = Trojan.Generic.5574758 TheHacker = Trojan/Pirminay.dxb BitDefender = Trojan.Generic.5574758 NOD32 = a variant of Win32/Injector.FXK
ExIF Data	Error : Unknown file type
VirusTotal Report submitted 2011-08-21 13:23:50
VirusShare info last updated 2012-07-25 07:34:32

	MD5	b79bdb4a495af551190732dd93e4f4f1
	SHA1	3bc837ba19e8fdb983bf58f071964ec1a4e06a6b
	SHA256	217260dc05be714ac440dc8c8de636b0f48d2db322b4c9500fd6b83b7642ecf9
SSDeep	3072:KWVYw9pctfWB9IvlJDvKZGWAoJClo0p+e+z4mRBDjyWG:KM9ytf1mZjCYz4mRBny
Size	133120 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-GD [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.FakeAV Panda = Suspicious file nProtect = Gen:Variant.Vundo.4 VirusBuster = Trojan.Kryptik!+Wi5eC4nUf8 TrendMicro-HouseCall = TROJ_GEN.R47C2FE Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware TrendMicro = TROJ_GEN.R47C2FE Microsoft = Trojan:Win32/Vundo PCTools = Trojan.Gen F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:MalOb-GD [Cryp] AVG = Generic22.AUNW Norman = W32/Suspicious_Gen2.MPNAY Symantec = Trojan.Gen GData = Gen:Variant.Vundo.4 BitDefender = Gen:Variant.Vundo.4 NOD32 = probably a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:09 21:06:46-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 73728 Initialized Data Size : 98304 Uninitialized Data Size : 0 Entry Point : 0xfd9a OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 4.6.3.518 Product Version Number : 4.6.3.518 File Flags Mask : 0x30003f File Flags : (none) File OS : Windows 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Windows, Latin1 Company Name : Microsoft Corporation File Description : Microsoft DirectDraw File Version : 4.06.03.0518 Internal Name : ddraw.dll Legal Copyright : Copyright © Microsoft Corp. 1994-1999 Original Filename : ddraw.dll Product Name : Microsoft® DirectX for Windows® 95 and 98 Product Version : 4.06.03.0518
VirusTotal Report submitted 2011-07-09 10:14:35
VirusShare info last updated 2012-07-25 07:34:43

	MD5	b848813e19d1c5653f11cded6441dd22
	SHA1	bc4f3f5eeb5e8b4cfebb3710bdd1dde4ac35f9c2
	SHA256	9680c5834db387243d2f05b424bdbf2603156c80e95af9f4d460898fd861f961
SSDeep	6144:wvRTT8iwlz7IK/gEpQGAC3yVjChP06uBgqQhQxLY6m+RprldcrcgD8T:YIf+vQyVA0jBtLY6dldcjD8T
Size	421287 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dldr.Ponmocup.A.306 Avast = Win32:Pirminay-BW [Trj] Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Pirminay.421287 Panda = Generic Trojan nProtect = Trojan/W32.Pirminay.421287 VirusBuster = Trojan.DL.Agent!HY1NJHX9A1M VBA32 = Trojan.Pirminay.ipl TrendMicro-HouseCall = TROJ_GEN.R47C2FQ Emsisoft = Trojan.Win32.Pirminay!IK Comodo = TrojWare.Win32.Trojan.Agent.Gen CAT-QuickHeal = Trojan.Pirminay.ipl McAfee-GW-Edition = Downloader.a!ep DrWeb = Trojan.DownLoader3.34130 TrendMicro = TROJ_GEN.R47C2FQ Kaspersky = Trojan.Win32.Pirminay.ipl Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Pirminay.IPL!tr PCTools = Adware.Lop!rem Jiangmin = Trojan/Pirminay.age McAfee = Downloader.a!ep F-Secure = Trojan.Generic.6157487 VIPRE = Trojan.Win32.Generic!SB.0 Avast5 = Win32:Pirminay-BW [Trj] AVG = SHeur3.CFLF Norman = W32/Obfuscated.L Sophos = Mal/Generic-L GData = Trojan.Generic.6157487 Symantec = Trojan.ADH TheHacker = Trojan/Pirminay.ipl BitDefender = Trojan.Generic.6157487 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:22 22:41:03-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 413696 Initialized Data Size : 8192 Uninitialized Data Size : 503808 Entry Point : 0xe0a00 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.0.2195.6628 Product Version Number : 5.0.2195.6628 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Sokzyppoa Bfncstqjuag File Description : ADs IIS Provider DLL File Version : 5.00.2195.6628 Internal Name : IIS Legal Copyright : Copyright (C) Aiazcfcdk Corp. 1981-1999 Original Filename : IIS Product Name : Ffmzgottq(R) Sjtmfjk (R) 2000 Operating Ifhdig Product Version : 5.00.2195.6628
VirusTotal Report submitted 2011-09-13 09:37:45
VirusShare info last updated 2012-07-25 07:35:34

	MD5	b8e34c28cadf11f483675f6ddbfd05bf
	SHA1	e27f131d5218cbccaf49269e0b5b14df0fbca93d
	SHA256	222de3ef16a1fcc381159e0d372d8e73256d7b0ad03691ad1f037ea094270d48
SSDeep	3072:EBpZcWfOslnqK40BKrluKnBHwdnMRwaDdSO:EesNqK7BKRBQVonN
Size	114688 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-GD [Cryp] Antiy-AVL = Trojan/Win32.Agent2.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.FakeAV Panda = Generic Trojan nProtect = Gen:Variant.Vundo.13 K7AntiVirus = Riskware eTrust-Vet = Win32/Monder.A!generic TrendMicro-HouseCall = TROJ_GEN.R21C1HI Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Vundo.av SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Vundo!id DrWeb = Trojan.Siggen2.28609 TrendMicro = TROJ_GEN.R21C1HI Kaspersky = Trojan.Win32.Agent2.dtek Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Vundo.ID!tr PCTools = Trojan.Gen Jiangmin = Trojan/Agent.evtk McAfee = Vundo!id F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-GD [Cryp] F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.ONM Norman = W32/Suspicious_Gen2.LPVBI Sophos = Mal/Generic-L GData = Gen:Variant.Vundo.13 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.ndi BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.NDI
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:09:23 03:29:11-04:00 PE Type : PE32 Linker Version : 5.12 Code Size : 45056 Initialized Data Size : 102400 Uninitialized Data Size : 0 Entry Point : 0x8131 OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.0.2134.1 Product Version Number : 5.0.2134.1 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Drdqvcasxqo File Description : Control Panel Console Applet File Version : 5.00.2134.1 Internal Name : Console Legal Copyright : Copyright (C) Tpfkytyvm Corp. 1981-1999 Original Filename : CONSOLE.DLL Product Name : Vhnvgfrur(R) Pnqxxto (R) 2000 Wqrkstcaa Jqirqf Product Version : 5.00.2134.1
VirusTotal Report submitted 2011-09-12 10:16:44
VirusShare info last updated 2012-07-25 07:36:22

	MD5	ba0821c70fbd2a8a61d392ac2f70f39c
	SHA1	3f4be5f0e2fea3cbddd3bcd0eade763f70769f6f
	SHA256	31d720e0bed98ec42f68c7621f8188c2876eedfaf59476ef51fcec8a94467ad2
SSDeep	6144:+6tONKkzGXOT8749jB/mCGdyIEyVh5GIjeX3f/Hc2dVStg5Aqpqf3rzr:+6tON3zG+T8E9N4Jv5GIq//Bd4l7f7zr
Size	335999 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/CI.A Rising = Trojan.Win32.Generic.128DE73F nProtect = Trojan/W32.Agent.335999 K7AntiVirus = Riskware VirusBuster = Trojan.Agent!4DjjY6wyUv0 VBA32 = Trojan.Pirminay.kuu TrendMicro-HouseCall = TROJ_GEN.R72C2FJ Comodo = TrojWare.Win32.Trojan.Agent.Gen Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Pirminay.kuu McAfee-GW-Edition = Downloader.a!fh DrWeb = Trojan.DownLoader4.46438 TrendMicro = TROJ_GEN.R72C2FJ Kaspersky = Trojan.Win32.Pirminay.kuu Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Ponmocup.A PCTools = Trojan.Gen Jiangmin = Trojan/Generic.gowm McAfee = Downloader.a!fh F-Secure = Trojan.Generic.6147116 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Malware-gen AVG = Generic22.CNFT Norman = W32/Suspicious_Gen2.OVTBK Sophos = Mal/Ponmocup-A GData = Trojan.Generic.6147116 Symantec = Trojan.Gen TheHacker = Trojan/Kryptik.llt BitDefender = Trojan.Generic.6147116 NOD32 = a variant of Win32/Kryptik.LLT
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2002:08:22 12:28:08-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 335872 Initialized Data Size : 4096 Uninitialized Data Size : 409600 Entry Point : 0xb60c0 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Jyhguogah Qfxydluqvxx File Description : DHCP Client Service File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : dhcpcsvc.dll Legal Copyright : © Fsicgstyd Qalyarmxnoi. All rights reserved. Original Filename : dhcpcsvc.dll Product Name : Isjsosxzm® Bybilfm® Kqhxswhoi Adkrxv Product Version : 6.1.7600.16385
VirusTotal Report submitted 2011-09-19 17:22:16
VirusShare info last updated 2012-07-25 07:37:52

	MD5	bac1872f8163504f17b1cda8ca5fc091
	SHA1	5894db450a9d3bccfe21f05c954d1f8e6c01778a
	SHA256	987c0d280510b0b9abf7ecc9dfccecbe3b32bd992d3d008e7ea2585767458680
SSDeep	6144:8YMzNIyGf7cUrOIHyKKfsVOv53ffR21a8+FgvJoF+xkLMHrjxvKO86XpOAA:8LzeF7c48KK0VK3fflgvJv0Krjxd5ZX
Size	344576 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Pirminay.igs Avast = Win32:Pirminay-AA Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.FakeAV Panda = Generic Trojan nProtect = Trojan/W32.Agent.344576.AQ K7AntiVirus = Trojan VirusBuster = Trojan.Pirminay!yJGxhA2K544 VBA32 = Trojan.Pirminay.igs Emsisoft = Trojan.Win32.Pirminay!IK Comodo = TrojWare.Win32.Trojan.Agent.Gen CAT-QuickHeal = Trojan.Pirminay.igs McAfee-GW-Edition = Generic.dx!zvl DrWeb = Trojan.DownLoader3.30191 Kaspersky = Trojan.Win32.Pirminay.igs Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Pirminay.A!tr PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.acq McAfee = Generic.dx!zvl F-Secure = Trojan.Generic.KDV.252040 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Pirminay-AA AVG = SHeur3.CEQZ Norman = W32/Obfuscated.L Sophos = Mal/Ponmocup-A Symantec = Trojan.Gen GData = Trojan.Generic.KDV.252040 TheHacker = Trojan/Pirminay.igs BitDefender = Trojan.Generic.KDV.252040 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2002:02:13 09:36:38-05:00 PE Type : PE32 Linker Version : 5.12 Code Size : 344064 Initialized Data Size : 4096 Uninitialized Data Size : 430080 Entry Point : 0xbd4a0 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.1830 Product Version Number : 5.2.3790.1830 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Hijffjufz Dnbpisvdfad File Description : Uottukvca® Lqpuylp(TM) PSched Performance Monitor File Version : 5.2.3790.1830 (srv03_sp1_rtm.050324-1447) Internal Name : PSched Performance Legal Copyright : © Iyenoyxhc Qdqncncmfyp. All rights reserved. Original Filename : PschdPrf.dll Product Name : Ezplbzazc® Yibljap® Sbpkvopbi Fgdthc Product Version : 5.2.3790.1830
VirusTotal Report submitted 2011-07-04 15:15:32
VirusShare info last updated 2012-07-25 07:38:39

	MD5	bca5ab9f454f98dec14085f35151b414
	SHA1	ed5f47626919b0196b05cc2f8980d90b221d42df
	SHA256	c53b911b119c9aa412a8ad48aea4ce7048e5df190bb82130ad5ede3acf020bc5
SSDeep	768:DpL5acteXnMJzR5vcmiwHKnNHB6vwcCkqPTDYUbKx5NldwlV+nMrE4lrz7+hfLzc:DpMc4XMJt5p0nNnhIrxXYlonMA4lr7
Size	73728 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-EI Antiy-AVL = Trojan/Win32.Monder Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Suspicious file nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Trojan VBA32 = AdWare.SuperJuan.heur TrendMicro-HouseCall = TROJ_GEN.R4FC1FQ Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Monder.mixh McAfee-GW-Edition = Generic.dx!zpi DrWeb = Trojan.Virtumod.9770 TrendMicro = TROJ_GEN.R4FC1FQ Kaspersky = Trojan.Win32.Monder.mixh Microsoft = Trojan:Win32/Vundo Fortinet = W32/Monder.MIXH!tr PCTools = Trojan.Gen Jiangmin = Trojan/Monder.aagc McAfee = Generic.dx!zpi F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-EI AVG = Generic23.RMD Norman = W32/Suspicious_Gen2.MLAWX Sophos = Mal/Generic-L Symantec = Trojan.Gen.2 GData = Gen:Variant.Vundo.4 BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LFR
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:08:18 11:28:08-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 20480 Initialized Data Size : 86016 Uninitialized Data Size : 0 Entry Point : 0x545e OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.0.50727.312 Product Version Number : 2.0.50727.312 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Microsoft OleAut helper APIs File Version : 2.0.50727.312 (rtmLHS.050727-3100) Internal Name : TlbRef.dll Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : TlbRef.dll Product Name : Microsoft® .NET Framework Product Version : 2.0.50727.312 Comments : Flavor=Retail
VirusTotal Report submitted 2011-06-29 16:23:57
VirusShare info last updated 2012-07-25 07:40:48

	MD5	bcc6315c2ebb91f75f09ca29e0298b89
	SHA1	28e2dd88303b9fdc975294c79012351109bb30b8
	SHA256	2609c27288b70767db5471ce70aa198543a0d3237046b2a0988e78cfcc146662
SSDeep	3072:eLdia6fRQdVmdU9vkZbmocjcEBicZcyrG+PsNuP/pYe6yqq0J4q6H0AfEggOeLdf:ewfCdcdUaZaoh4icZ9vsNuP/ueNqRJ4g
Size	188416 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/Win32.Monder.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Suspicious file nProtect = Trojan/W32.Monder.188416.D K7AntiVirus = Riskware VBA32 = AdWare.SuperJuan.heur eTrust-Vet = Win32/Monder.A!generic TrendMicro-HouseCall = TROJ_GEN.R1BC2FA Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Monder.miym McAfee-GW-Edition = Vundo!ke DrWeb = Trojan.Virtumod.9886 TrendMicro = TROJ_GEN.R1BC2FA Kaspersky = Trojan.Win32.Monder.miym Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Menti.fam!tr PCTools = Trojan.Gen Jiangmin = Trojan/Monder.gwr McAfee = Vundo!ke F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) eSafe = Win32.TRVundo F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic21.VHD Norman = W32/Suspicious_Gen2.QFILZ Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.HUO
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:11:22 10:20:46-05:00 PE Type : PE32 Linker Version : 5.12 Code Size : 131072 Initialized Data Size : 90112 Uninitialized Data Size : 0 Entry Point : 0x2029e OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 4.4.0.4000 Product Version Number : 4.4.0.4000 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Application Sharing Display Driver File Version : 4.4.4000 Internal Name : mnmdd Legal Copyright : Copyright © Microsoft Corporation 1996-2001 Legal Trademarks : Microsoft® , Windows® and NetMeeting® are registered trademarks of Microsoft Corporation in the U.S. and/or other countries. Original Filename : mnmdd.dll Product Name : Windows® NetMeeting® Product Version : 3.01
VirusTotal Report submitted 2011-10-20 22:43:18
VirusShare info last updated 2012-07-25 07:40:53

	MD5	bd96b0d92c3fba0214ee40d1f32949c5
	SHA1	57139165ec247d0a586dfead73bcf53afa93b59f
	SHA256	45034498af110bdae803ff7fbdcee8f60f803198b1f92114f6e5e594c2fa5e32
SSDeep	3072:S+236rU50oY8ACCOlQcXD2SfYadFz9MqqDLy/OoDbc:YekBy0D2w3FzuqqDLuO
Size	131072 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:Vundo-JX [Trj] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/Genetic.gen nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware VirusBuster = Trojan.Vundo.AKMH eTrust-Vet = Win32/Vundo.HPV!genus TrendMicro-HouseCall = TROJ_GEN.R72C2G1 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Artemis!BD96B0D92C3F TrendMicro = TROJ_GEN.R72C2G1 Microsoft = Trojan:Win32/Vundo.gen!AV McAfee = Artemis!BD96B0D92C3F F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Vundo-JX [Trj] eSafe = Win32.TRVundo AVG = Generic23.VPX Norman = W32/Suspicious_Gen2.MZQWW GData = Gen:Variant.Vundo.4 BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:05 18:48:40-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 86016 Initialized Data Size : 86016 Uninitialized Data Size : 0 Entry Point : 0x151a7 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.1.4026.0 Product Version Number : 2.0.0.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : Ncpniezam Kdqqjqacykd File Description : Movie Maker Filters File Version : 2, 1, 4026, 0 Internal Name : WMM2FILT Legal Copyright : Copyright (C) Lfwckqjlh Corp, 2004 Legal Trademarks : Original Filename : WMM2FILT.DLL Private Build : Product Name : Windows Movie Maker Product Version : 2.1.4026.0 Special Build :
VirusTotal Report submitted 2011-07-11 23:54:51
VirusShare info last updated 2012-07-25 07:41:48

	MD5	bdc8f2bae4a90abee35032a41706005e
	SHA1	06792c385dd2e6c84537852a002bd8835fdd7a22
	SHA256	8a56a18a3653b0e0faf9c6db8a25432ac6bb3f8065360fe5eefa88a573f40eae
SSDeep	6144:ADJUJivhzqzut+p+ISuVs6NeRK5D/U8hOR3KSPCuUxL1IOUX/5zs+4xGUHvU8/79:8UJiEauVs6nlUH95o1Ix/mEUHvj77rjp
Size	429248 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen2 Avast = Win32:Pirminay-BW [Trj] Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Pirminay.429248 Panda = Trj/CI.A nProtect = Trojan/W32.Pirminay.429248 K7AntiVirus = Riskware VirusBuster = Trojan.DR.Agent!sJ8f8lX+aR4 VBA32 = Trojan.Pirminay.ipw TrendMicro-HouseCall = TROJ_GEN.R72C3FJ Emsisoft = Trojan.Win32.Pirminay!IK Comodo = TrojWare.Win32.Trojan.Agent.Gen CAT-QuickHeal = Trojan.Pirminay.ipw McAfee-GW-Edition = Downloader.a!cx DrWeb = Trojan.MulDrop2.36782 TrendMicro = TROJ_GEN.R72C3FJ Kaspersky = Trojan.Win32.Pirminay.ipw Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.ADH Jiangmin = Trojan/Pirminay.ahg McAfee = Downloader.a!cx F-Secure = Trojan.Generic.6194514 VIPRE = Trojan.Win32.Generic!BT eSafe = Win32.TRDropper AVG = Dropper.Generic3.CHWC Norman = W32/Obfuscated.L Sophos = Troj/Virtum-Gen GData = Trojan.Generic.6194514 Symantec = Trojan.ADH.2 TheHacker = Trojan/Pirminay.ipw BitDefender = Trojan.Generic.6194514 NOD32 = probably a variant of Win32/Agent.HJKVWIE
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:03:27 05:48:37-05:00 PE Type : PE32 Linker Version : 5.12 Code Size : 425984 Initialized Data Size : 4096 Uninitialized Data Size : 532480 Entry Point : 0xead40 OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : Neutral Character Set : Unicode Company Name : Jspeaajbn Corporation File Description : JP Japanese Keyboard Layout for (NEC PC-9800 on PC98-NX) File Version : 5.1.2600.0 (uqxwemxg.010817-1148) Internal Name : kbdnecAT Legal Copyright : © Haftdgrbk Ztylgtrrqha. All rights reserved. Original Filename : kbdnecAT.dll Product Name : Ywiskrabi® Jfirpbj® Ulwdcjrif Nbkyzs Product Version : 5.1.2600.0
VirusTotal Report submitted 2011-10-21 17:52:20
VirusShare info last updated 2012-07-25 07:41:59

	MD5	be4caaceea94633bbc186a28775d3871
	SHA1	66fd52259a7716ec9ccecd281ed02d0f8c10aecc
	SHA256	ec7b83892eb8ca7dd6387c363bf39117022510ca85afcac86d6dc71c303fa923
SSDeep	6144:kbwA9xEbcqOjl+HzH+OZm5yUz8XEnqIuYyABEzjcgyy7+d3BHrVfGwdw:wwA9Cgqt+J5lz8XEnZyCEznCx1r9dG
Size	315904 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dldr.Ponmocup.A.293 Avast = Win32:Pirminay-BW [Trj] Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Pirminay.315904.B nProtect = Trojan/W32.Pirminay.315904 VirusBuster = Trojan.Pirminay!XaimYa6875s VBA32 = Trojan.Pirminay.ilu TrendMicro-HouseCall = TROJ_GEN.RC1C2FN Emsisoft = Trojan.Win32.Pirminay!IK Comodo = TrojWare.Win32.Trojan.Agent.Gen CAT-QuickHeal = Trojan.Pirminay.ilu SUPERAntiSpyware = Trojan.Agent/Gen-Faldesc[RE] McAfee-GW-Edition = Artemis!BE4CAACEEA94 DrWeb = Trojan.DownLoader3.33531 TrendMicro = TROJ_GEN.RC1C2FN Kaspersky = Trojan.Win32.Pirminay.ilu Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Pirminay.ILU!tr PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.adm McAfee = Artemis!BE4CAACEEA94 F-Secure = Trojan.Generic.6153327 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Pirminay-BW [Trj] eSafe = Win32.Kryptik.Llt AVG = Generic23.LPA Norman = W32/Obfuscated.L Sophos = Mal/Generic-L GData = Trojan.Generic.6153327 Symantec = Trojan.Gen.2 TheHacker = Trojan/Pirminay.ilu BitDefender = Trojan.Generic.6153327 NOD32 = a variant of Win32/Kryptik.LLT
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:15 01:48:23-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 307200 Initialized Data Size : 12288 Uninitialized Data Size : 446464 Entry Point : 0xb8800 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.5512 Product Version Number : 5.1.2600.5512 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Aesktmyeb Plxltpnvfcm File Description : Hnjothsmh Remote Assistance File Version : 5.1.2600.5512 (xpsp.080413-2108) Internal Name : RACPLDLG.DLL Legal Copyright : © Jyoevuubu Oapsxarkymt. All rights reserved. Original Filename : RACPLDLG.DLL Product Name : Mmhulndsy® Nohrqco® Kbpsqoofz Hqusis Product Version : 5.1.2600.5512
VirusTotal Report submitted 2011-09-13 09:49:18
VirusShare info last updated 2012-07-25 07:42:32

	MD5	c061952c43ca769dc1f9449510bb7aa9
	SHA1	ec10cd350d4f419808f18024349f535aebe11524
	SHA256	12d9797297d58c1438972a476656bb00265283822bcf865633a3523791d9cc54
SSDeep	12288:A8SfS+LlAXLGNxxJROWRJzYDOTa0/oqgV:wfS+LlCaxROE9a/
Size	393802 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:Trojan-gen Antiy-AVL = Trojan/Win32.Agent.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Pirminay.393802 Panda = Trj/Swisyn.I nProtect = Gen:Variant.Riern.1 K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_GEN.R21C2F3 Comodo = TrojWare.Win32.Trojan.Agent.Gen Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Heuristic.BehavesLike.Win32.Downloader.H TrendMicro = TROJ_GEN.R21C2F3 Kaspersky = Trojan-Downloader.Win32.Agent.gnku Microsoft = TrojanDownloader:Win32/Ponmocup.A PCTools = Trojan.Gen Jiangmin = TrojanDownloader.Agent.dndg McAfee = Generic Downloader.x!fys F-Secure = Trojan.Generic.5857800 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Downloader-GXM [Trj] AVG = SHeur3.BXXH Norman = W32/Suspicious_Gen2.MPFEU Sophos = Mal/Generic-L Symantec = Trojan.Gen GData = Trojan.Generic.5857800 TheHacker = Trojan/Downloader.Agent.gloy BitDefender = Trojan.Generic.5857800 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:22 16:23:41-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 61440 Initialized Data Size : 643072 Uninitialized Data Size : 0 Entry Point : 0xc4db OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7000.0 Product Version Number : 6.1.7000.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 2 Language Code : Neutral Character Set : Unicode Company Name : Microsoft Corporation File Description : Bengali Keyboard Layout File Version : 6.1.7000.0 (winmain_win7beta.081212-1400) Internal Name : kbdinben (3.13) Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : kbdinben.dll Product Name : Microsoft® Windows® Operating System Product Version : 6.1.7000.0
VirusTotal Report submitted 2011-08-16 15:36:34
VirusShare info last updated 2012-07-25 07:44:53

	MD5	c0dda0f88975afc13bfe0beba799d965
	SHA1	a463349058ae478e65a145beb4bbc98f8c607e2e
	SHA256	5ed0c975d9c546fc10562ef75ce47d93d14f976b85d0478a3091c80b77c183e5
SSDeep	1536:Vz1Cw2uIR+moPMqqU+NV23S2n8VkFS+FcHmCnzuaUkYUhnQFOo0UT6PpPiD:VzkTn/oPMqqDLy/QVzLSkYHFO5di
Size	102400 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.AV.573 Avast = Win32:Malware-gen Antiy-AVL = Trojan/win32.agent.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Malware/Win32.Generic Panda = Suspicious file VirusBuster = Trojan.Kryptik!FDNyL/lhsHQ TrendMicro-HouseCall = TROJ_GEN.R1BC2FT Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Artemis!C0DDA0F88975 TrendMicro = TROJ_GEN.R1BC2FT Microsoft = Trojan:Win32/Vundo.gen!AV McAfee = Artemis!C0DDA0F88975 F-Secure = Trojan.Generic.KDV.289337 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Malware-gen AVG = Generic23.NJ Norman = Vundo.UUS GData = Trojan.Generic.KDV.289337 TheHacker = Trojan/Kryptik.oxp BitDefender = Trojan.Generic.KDV.289337 NOD32 = a variant of Win32/Kryptik.OXP
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:01:23 05:31:25-05:00 PE Type : PE32 Linker Version : 5.12 Code Size : 28672 Initialized Data Size : 118784 Uninitialized Data Size : 0 Entry Point : 0x3b6a OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 7.0.0.0 Product Version Number : 5.2.3790.1230 File Flags Mask : 0x003f File Flags : Private build File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Unicode Company Name : Adaptec, Inc. File Description : Adaptec Jfccjbr Ultra320 Driver File Version : 7.0.000.000 (NT.040809-2325) Internal Name : PH 3.0 MS_V98 V564 bw01 - RTC03 Legal Copyright : Copyright © 2003 Adaptec, Inc. All rights reserved. Original Filename : adpu320.sys Product Name : Adaptec Uvsvqsj Ultra320 Family Driver Product Version : 5.2.3790.1230
VirusTotal Report submitted 2011-07-18 09:02:08
VirusShare info last updated 2012-07-25 07:45:29

	MD5	c1b1b2c24be8e937496d244ca5e05348
	SHA1	3e3c73ec90114db5e84c2efeb5d319750496e088
	SHA256	b7215f4568bd9b3bcecef2aaca95a2d4b098ccbed45fb1784291bd147a5ac2c0
SSDeep	6144:z0Sg6n0gjQndVMqFvyfUdze/LCFjEV7zpr1Ay+N5wBRZ+ChAtTSaqbV1EWo:zm6nvUdXmqm+OV7zlN+zsf+ChAEnVex
Size	391110 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	Ikarus = Trojan.Win32.Pirminay Panda = Suspicious file nProtect = Gen:Variant.Vundo.6 K7AntiVirus = Riskware Emsisoft = Trojan.Win32.Pirminay!IK PCTools = HeurEngine.MaliciousPacker F-Secure = Gen:Variant.Vundo.6 VIPRE = Packed.Win32.Pirminay.a (v) F-Prot = W32/FakeAlert.LP.gen!Eldorado Symantec = Packed.Generic.305 GData = Gen:Variant.Vundo.6 Commtouch = W32/FakeAlert.LP.gen!Eldorado BitDefender = Gen:Variant.Vundo.6 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:22 06:59:19-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 28672 Initialized Data Size : 716800 Uninitialized Data Size : 0 Entry Point : 0x77c6 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : Debug File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : System Shutdown Utility File Version : 5.1.2600.0 (xpclient.010817-1148) Internal Name : tsshutdn Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : tsshutdn.exe Product Name : Microsoft® Windows® Operating System Product Version : 5.1.2600.0
VirusTotal Report submitted 2011-05-19 15:44:05
VirusShare info last updated 2012-07-25 07:46:21

	MD5	c2042c27b10025ba7ed6bd8787296a40
	SHA1	527783167b9c1d55b2957d2378d97e39e01cc09a
	SHA256	16f954103257b8c83f40c7e1be8bf28977574e0c61a3052ebdd94eeb5983e304
SSDeep	3072:htNwakbH7VtjVoS0/UxweCrf7CTil4fULmcbEo7js1F:htaakz5oS0Sweue848LmABy
Size	120832 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-GD Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Gen Panda = Trj/CI.A K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!aJjgM3GjMfE TrendMicro-HouseCall = TROJ_GEN.R72C2FN Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Artemis!C2042C27B100 TrendMicro = TROJ_GEN.R72C2FN Microsoft = Trojan:Win32/Vundo PCTools = Trojan.Gen McAfee = Artemis!C2042C27B100 F-Secure = Trojan.Generic.6104955 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-GD AVG = Generic22.BUPU Symantec = Trojan.Gen GData = Trojan.Generic.6104955 TheHacker = Trojan/Kryptik.npn BitDefender = Trojan.Generic.6104955 NOD32 = a variant of Win32/Kryptik.NPN
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:14 13:39:47-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 69632 Initialized Data Size : 94208 Uninitialized Data Size : 0 Entry Point : 0x11a81 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1.3.0.3130 Product Version Number : 1.3.0.3130 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Jywyluocc Vhpbrgajfmp File Description : TDC ActiveX Control File Version : 1, 3, 0, 3130 Internal Name : TDC Legal Copyright : Copyright © 1996, 1997 Original Filename : TDC.OCX Product Name : Tabular Data Control Product Version : 1, 3, 0, 3130
VirusTotal Report submitted 2011-06-30 04:13:35
VirusShare info last updated 2012-07-25 07:46:44

	MD5	c2b8e328c8a179f35fc914398b442fc9
	SHA1	addeb9d6a621f25c085d4516cfb03df23b745973
	SHA256	d571f54c840f4a6cb9507792687827f49b6929a76b97cb76f68ab6a785f8876c
SSDeep	6144:4uFvDx1mSbGydmgOckqys9LTiVsRmP9bN1Hz+HtNX68e:4ixoaJmgNkqBTfmVx1Hz+Ht6
Size	298980 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.XPACK.Gen2 Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Generic Trojan VirusBuster = Trojan.Agent!t0Lrbbl1OiI TrendMicro-HouseCall = TROJ_GEN.R28C2G8 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Pirminay.ktv McAfee-GW-Edition = Artemis!C2B8E328C8A1 DrWeb = Trojan.DownLoader3.35229 TrendMicro = TROJ_GEN.R28C2G8 Kaspersky = Trojan.Win32.Pirminay.ktv Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Pirminay.KTV!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.gysr McAfee = Artemis!C2B8E328C8A1 F-Secure = Trojan.Generic.6166149 VIPRE = Trojan.Win32.Generic!SB.0 Avast5 = Win32:Malware-gen AVG = SHeur3.CFNT Norman = W32/Obfuscated.L GData = Trojan.Generic.6166149 Symantec = Trojan.Gen TheHacker = Trojan/Pirminay.iqb BitDefender = Trojan.Generic.6166149 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:04:22 20:40:50-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 294912 Initialized Data Size : 4096 Uninitialized Data Size : 413696 Entry Point : 0xad880 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 9.1.1.3841 Product Version Number : 9.1.1.3841 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Xpuktrlys Nnwgehxbljy File Description : Gwgzlxt Media Services WMI Plugin Property Page File Version : 9.01.01.3841 (srv03_sp2_rtm.070216-1710) Internal Name : WMSWMIPropPage.Dll Legal Copyright : © Yevwzwsew Coqoqwuicvi. All rights reserved. Original Filename : WMSWMIPropPage.Dll Product Name : Hretnhsfq® Meplgue Media Services Product Version : 9.01.01.3841
VirusTotal Report submitted 2011-09-05 19:48:55
VirusShare info last updated 2012-07-25 07:47:33

	MD5	c34394ebd31cbac92fd8b2afbc568403
	SHA1	c1064faa69953e94cff42ccc08eddafaecd5932b
	SHA256	393fb8c799e35db2d3c711b449d371839ea980b2caa037998af603eb12fcef73
SSDeep	1536:XAK+VmGbs09shlGiYsWboVLQ3Fq1CnCRJZuZMqqU+NV23S2B:wkGbsVzGiYnbow8kZMqqDLy/B
Size	86528 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:Vundo-JW [Trj] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Fakeav.86528.R Panda = Trj/Genetic.gen nProtect = Trojan/W32.Agent.86528.MA K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!IPaUFSHTUbQ eTrust-Vet = Win32/Vundo.HSC TrendMicro-HouseCall = TROJ_GEN.R72C2FN Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Artemis!C34394EBD31C DrWeb = Trojan.WinSpy.1072 TrendMicro = TROJ_GEN.R72C2FN Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr Jiangmin = Trojan/Generic.gije McAfee = Artemis!C34394EBD31C F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Vundo-JW [Trj] F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.AVJ Norman = W32/Suspicious_Gen2.POKGX GData = Gen:Variant.Vundo.4 Symantec = WS.Reputation.1 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.owy BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.OWY
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:13 09:32:51-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 32768 Initialized Data Size : 106496 Uninitialized Data Size : 0 Entry Point : 0x8a87 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Softpub Forwarder DLL File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : Softpub Forwarder DLL Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : Softpub Forwarder DLL Product Name : Microsoft® Windows® Operating System Product Version : 6.1.7600.16385
VirusTotal Report submitted 2011-09-12 09:56:43
VirusShare info last updated 2012-07-25 07:48:16

	MD5	c3a29958481b07b56bf613f8a0e18362
	SHA1	6daaf3b10accd9c45b76f9a9a9c79e965f5b7aef
	SHA256	2d42754199128966bf23cf52ec212c5c7252ef3800d140d26a61d401e239d8ce
SSDeep	768:OY7sWg8F9QNZ00GvuhSnZ6ttEre9cTnjGa3yMuoIfopzZYiCG1voNP:j7sd8zcZ5SZfrA4n6a3yXw4UVEP
Size	45056 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-EI Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Malware/Win32.Generic Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.5 K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_GEN.R72C2F7 Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[RE] McAfee-GW-Edition = Artemis!C3A29958481B TrendMicro = TROJ_GEN.R72C2F7 Microsoft = Trojan:Win32/Vundo McAfee = Artemis!C3A29958481B F-Secure = Gen:Variant.Vundo.5 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-EI AVG = Generic22.BDDU Norman = W32/Suspicious_Gen2.MXREC GData = Gen:Variant.Vundo.5 BitDefender = Gen:Variant.Vundo.5 NOD32 = a variant of Win32/Kryptik.NDF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:06:29 08:26:07-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 8192 Initialized Data Size : 81920 Uninitialized Data Size : 0 Entry Point : 0x21bb OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Rrwzemgyf Haethwaimyw File Description : Vfgpnzr Shell Obsolete APIs File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : SHUNIMPL Legal Copyright : © Yogxmvoen Corporation. All rights reserved. Original Filename : SHUNIMPL.DLL Product Name : Onncmrceu® Mchcgeg® Vqbgvfzrf System Product Version : 6.1.7600.16385
VirusTotal Report submitted 2011-06-22 10:27:48
VirusShare info last updated 2012-07-25 07:48:39

	MD5	c3a4aa9c082301d98367b7ac8936c21e
	SHA1	a03be7fee37815d3c8fe74143a95cb3b3f1e2dbf
	SHA256	4881bceb5eaffb544c20c9b59fb8adab031d5511fa5db227d73212eb862f299a
SSDeep	12288:A8SfS+LlAXLGNxxJROWRJzYDOTa0/oqgg:wfS+LlCaxROE9ai
Size	393796 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:Trojan-gen Antiy-AVL = Trojan/Win32.Agent.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Pirminay.393796 Panda = Trj/Swisyn.I nProtect = Gen:Variant.Riern.1 K7AntiVirus = Riskware Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Heuristic.BehavesLike.Win32.Downloader.H Microsoft = TrojanDownloader:Win32/Ponmocup.A PCTools = Trojan.Gen Jiangmin = TrojanDownloader.Agent.dndg F-Secure = Trojan.Generic.5857800 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Downloader-GXM [Trj] AVG = SHeur3.BXXH Norman = W32/Obfuscated.L Sophos = Mal/Generic-L Symantec = Trojan.Gen GData = Trojan.Generic.5857800 TheHacker = Trojan/Downloader.Agent.gloy BitDefender = Trojan.Generic.5857800 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:22 16:23:41-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 61440 Initialized Data Size : 643072 Uninitialized Data Size : 0 Entry Point : 0xc4db OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7000.0 Product Version Number : 6.1.7000.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 2 Language Code : Neutral Character Set : Unicode Company Name : Microsoft Corporation File Description : Bengali Keyboard Layout File Version : 6.1.7000.0 (winmain_win7beta.081212-1400) Internal Name : kbdinben (3.13) Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : kbdinben.dll Product Name : Microsoft® Windows® Operating System Product Version : 6.1.7000.0
VirusTotal Report submitted 2011-08-17 23:20:58
VirusShare info last updated 2012-07-25 07:48:41

	MD5	c540f745ceffff94b38c1cad7a9bd012
	SHA1	74146eb0f0c236dd1c0d87698ea1184853766740
	SHA256	b62c92a2d22158a35de3ff184b81bd3784c101bee287b5557a3bc88be61b9cc5
SSDeep	1536:bSYv0G2yXJ/m7dlAkf+0BGIjjJUTYGQehLzto+767FWWXZZWxXIoDdze:bX2HlAijjWTRztrUXpZW5xDdze
Size	97792 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Pirminay Panda = Suspicious file Rising = Trojan.Win32.Generic.128F3A54 nProtect = Trojan/W32.Agent.97792.FK K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_GEN.R4FC2LV Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Vundo!hs DrWeb = Trojan.Click1.43075 TrendMicro = TROJ_GEN.R4FC2LV Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Vundo.HS!tr PCTools = Trojan.Gen Jiangmin = Trojan/Genome.ipb McAfee = Vundo!hs F-Secure = Trojan.Agent.AQPW VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-EI [Cryp] F-Prot = W32/Virtumonde.BZ.gen!Eldorado AVG = Crypt_c.BDQ Norman = W32/Suspicious_Gen2.FXEDG GData = Trojan.Agent.AQPW Symantec = Trojan.Gen Commtouch = W32/Virtumonde.BZ.gen!Eldorado BitDefender = Trojan.Agent.AQPW NOD32 = a variant of Win32/Kryptik.GND
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:01 07:51:19-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 88064 Initialized Data Size : 45056 Uninitialized Data Size : 0 Entry Point : 0x165f7 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Windows Media Video Decoder File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : wmvdecod.dll Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : wmvdecod.dll Product Name : Microsoft® Windows® Operating System Product Version : 6.1.7600.16385 Ole Self Register :
VirusTotal Report submitted 2011-09-10 05:21:03
VirusShare info last updated 2012-07-25 07:50:30

	MD5	c54d7d92f280cca573257575188dec14
	SHA1	73d1d0313e984f5740ec7ba7df3591602745504c
	SHA256	b1596e2b3896f1ec1a3fc4b8ea0fd801cc060a26a0dab02ddf95b4f5f060ec35
SSDeep	1536:1AoGmGpK59shukiYG1bo+LQ3Fa1CnCRJZuLMqqU+NV23S2Ec:15GpKMYkiYWbo78kLMqqDLy/Ec
Size	86528 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:Vundo-JW Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.FakeAV Panda = Suspicious file McAfee-GW-Edition = Artemis!C54D7D92F280 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo PCTools = Trojan.Gen McAfee = Artemis!C54D7D92F280 F-Secure = Gen:Trojan.Heur.LP.fu8@aKJP5vmi VIPRE = Virtumonde Avast5 = Win32:Vundo-JW eSafe = Win32.TRVundo AVG = Generic23.PJJ Symantec = Trojan.Gen GData = Gen:Trojan.Heur.LP.fu8@aKJP5vmi TheHacker = Trojan/Kryptik.owy BitDefender = Gen:Trojan.Heur.LP.fu8@aKJP5vmi NOD32 = a variant of Win32/Kryptik.OWY
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:13 09:32:51-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 32768 Initialized Data Size : 106496 Uninitialized Data Size : 0 Entry Point : 0x8a87 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Softpub Forwarder DLL File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : Softpub Forwarder DLL Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : Softpub Forwarder DLL Product Name : Microsoft® Windows® Operating System Product Version : 6.1.7600.16385
VirusTotal Report submitted 2011-06-23 08:59:03
VirusShare info last updated 2012-07-25 07:50:32

	MD5	c70598f1a02ad045bd8856aec05566d0
	SHA1	bf266cef7ed567cf9b8b30cf0bae3fec586ffdca
	SHA256	53ff08ea1dcc19abc9ba2203e9c722b306afeb5570498b6dbb6eeb72e1e6911b
SSDeep	6144:qApHMG/Kj3lpJDQBLUYoPSqI6S81bEo20hyy5OL5tRNz+:VRMGiTlpdQ1VoPrcsw3iyy5OLfC
Size	365301 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Pirminay.edp Avast = Win32:Trojan-gen Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Pirminay.365301 Panda = Trj/CI.A K7AntiVirus = Riskware VirusBuster = Trojan.Pirminay!bLvDdl+LNU4 TrendMicro-HouseCall = TROJ_GEN.R28C2F5 Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Downloader.a!cr TrendMicro = TROJ_GEN.R28C2F5 Kaspersky = Trojan.Win32.Pirminay.jiq Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Pirminay.JIQ!tr PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.ov McAfee = Downloader.a!cr F-Secure = Trojan.Generic.KDV.162507 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Vundo-JU [Trj] F-Prot = W32/Ponmocup.A.gen!Eldorado AVG = Generic21.AVTC Norman = W32/Obfuscated.L Symantec = Trojan.Gen GData = Trojan.Generic.KDV.162507 Commtouch = W32/Ponmocup.A.gen!Eldorado TheHacker = Trojan/Pirminay.efs BitDefender = Trojan.Generic.KDV.162507 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:10:19 13:51:31-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 69632 Initialized Data Size : 569344 Uninitialized Data Size : 0 Entry Point : 0xe66f OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Awbatnjju Xlkzgqyeanc File Description : Remote Procedure Call Name Service Client File Version : 5.1.2600.0 (XPClient.010817-1148) Internal Name : rpcns4.dll Legal Copyright : © Wvkbswjbu Jslshmhtxcg. All rights reserved. Original Filename : rpcns4.dll Product Name : Iwqxqyqra® Oegogdo® Celoyuhfz Zydbus Product Version : 5.1.2600.0
VirusTotal Report submitted 2011-08-13 16:54:51
VirusShare info last updated 2012-07-25 07:52:30

	MD5	c9f4377905d4d32f2588195ee308f646
	SHA1	ac7d65bb9ed880ccef7935edc53a9924a18560c7
	SHA256	7eedb7582551b4a9e14a50f8267fdc16f3ccf3e7f3e00145febae11308601671
SSDeep	12288:TJzq2VX1a2TuYGXSod0GTNmR3Aa4WBVvjv+:TJzqiLGXSodZMGWBVC
Size	424960 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dldr.Renos.KC.51 Avast = Win32:Dropper-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Pirminay.424960 Panda = Suspicious file nProtect = Trojan.Generic.KDV.219751 TrendMicro-HouseCall = TROJ_RENOS.AOW Emsisoft = Trojan.Win32.Pirminay!IK Comodo = TrojWare.Win32.Trojan.Agent.Gen CAT-QuickHeal = TrojanDownloader.Renos.kc McAfee-GW-Edition = Heuristic.BehavesLike.Win32.Suspicious.H DrWeb = Trojan.DownLoader2.55172 TrendMicro = TROJ_RENOS.AOW Kaspersky = Trojan.Win32.Pirminay.hfo Microsoft = TrojanDownloader:Win32/Renos.KC Fortinet = W32/Agent.EBF8!tr PCTools = Trojan.Gen McAfee = Generic Downloader.x!fvh F-Secure = Trojan.Generic.KDV.219751 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Kryptik-CKJ eSafe = Win32.TrojanDownload AVG = Generic22.AQAA Norman = W32/Obfuscated.L Sophos = Mal/Generic-L Symantec = Trojan.Gen.2 GData = Trojan.Generic.KDV.219751 BitDefender = Trojan.Generic.KDV.219751 NOD32 = probably a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:22 07:21:25-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 413696 Initialized Data Size : 360448 Uninitialized Data Size : 0 Entry Point : 0x61aab OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Internet Print Provider DLL File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : inetpp.dll Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : inetpp.dll Product Name : Microsoft® Windows® Operating System Product Version : 6.1.7600.16385
VirusTotal Report submitted 2011-05-18 06:46:21
VirusShare info last updated 2012-07-25 07:55:42

	MD5	cae6ac149ae0df6aae5c5bbb7979d78a
	SHA1	c9b99edff0591cf45e2a2c38486efc9678118fad
	SHA256	e40195dc56f0a8f4a0e133801a0f31f4baa7c504b93b65953f47972c770b2ee1
SSDeep	1536:BLiPsLQC7E0auVv1DN8CdOt8Ns7559mgcItv6txf4jiVmiEQyWUMsXKukPi+psI1:BGPskC7E0FlrrxQjiAizUMsXKukPi+pp
Size	98304 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-EI Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Gen Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.13 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!SFxRc2dRpps TrendMicro-HouseCall = TROJ_GEN.R72C1F9 Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[RE] McAfee-GW-Edition = Vundo!ix DrWeb = Trojan.Smardec.79 TrendMicro = TROJ_GEN.R72C1F9 Microsoft = Trojan:Win32/Vundo Fortinet = W32/Vundo.IX!tr PCTools = Trojan.Gen McAfee = Vundo!ix F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-EI eSafe = Win32.TRVundo AVG = Generic22.BVLX Norman = W32/Suspicious_Gen2.MSRKO Symantec = Trojan.Gen GData = Gen:Variant.Vundo.13 TheHacker = Trojan/Kryptik.ndf BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.NDF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:08:30 21:54:27-04:00 PE Type : PE32 Linker Version : 6.0 Code Size : 32768 Initialized Data Size : 98304 Uninitialized Data Size : 0 Entry Point : 0x86d1 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Unicode Company Name : Updhtwtvi Ruivycwxfwr File Description : Platform Specific Hardware Error Driver File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : pshed.dll Legal Copyright : © Pscomdbey Etlzzzaqrax. All rights reserved. Original Filename : pshed.dll Product Name : Cihplvzyu® Owrvvcy® Amdfatsht Chhvwn Product Version : 6.1.7600.16385
VirusTotal Report submitted 2011-06-30 11:17:51
VirusShare info last updated 2012-07-25 07:56:49

	MD5	cbb901d23a4d05fba095d74b37799d39
	SHA1	e01bd06d3c9a38162b31e483aa03d444731d78fe
	SHA256	411844752b861de18636c269f646e210fdbac87d501e7ed7b7901daf84d3413f
SSDeep	6144:ntqAtyQTlskkIB8agSd+/3KTliqpiAG4X/A/HWQhD4Doj+Cu:ntNtyUl7kALd4ilBpi/44F/2
Size	363030 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Pirminay.gkn Avast = Win32:Kryptik-CEF [Trj] Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan-Downloader.Win32.Ponmocup AhnLab-V3 = Win-Trojan/Pirminay.363030 Panda = Trj/CI.A Rising = Trojan.Win32.Generic.128D8405 nProtect = Gen:Variant.Riern.1 K7AntiVirus = Riskware VirusBuster = Trojan.Agent!TKmNTE+h7G4 TrendMicro-HouseCall = TROJ_GEN.R21C2F3 Comodo = TrojWare.Win32.Trojan.Agent.Gen Emsisoft = Trojan-Downloader.Win32.Ponmocup!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Heuristic.BehavesLike.Win32.Downloader.H DrWeb = Trojan.DownLoader4.46159 TrendMicro = TROJ_GEN.R21C2F3 Kaspersky = Trojan.Win32.Pirminay.grr Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = PossibleThreat PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.xx McAfee = Generic Downloader.x!fys F-Secure = Trojan.Generic.5869931 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Vundo-JU [Trj] AVG = Generic22.AEHK Norman = W32/Suspicious_Gen2.MPFJH Sophos = Mal/Generic-L GData = Trojan.Generic.5869931 Symantec = Trojan.Gen TheHacker = Trojan/Pirminay.hay BitDefender = Trojan.Generic.5869931 NOD32 = probably a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:05:30 00:10:26-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 61440 Initialized Data Size : 598016 Uninitialized Data Size : 0 Entry Point : 0xbf1a OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 2 Language Code : Neutral Character Set : Unicode Company Name : Vpuwdzsie Oqfohvphedj File Description : German_IBM Keyboard Layout File Version : 6.0.6000.16386 (qotyg_rtm.061101-2205) Internal Name : kbdgr1 (3.13) Legal Copyright : © Sxoppxnwq Sllsgiltlnl. All rights reserved. Original Filename : kbdgr1.dll Product Name : Ntvcxggbe® Umcwupb® Tuulpvxkb Iaktfo Product Version : 6.0.6000.16386
VirusTotal Report submitted 2011-08-24 02:54:13
VirusShare info last updated 2012-07-25 07:57:43

	MD5	cc383d2a7d10f080d7329f2ce4fc0a7b
	SHA1	5d3982865d0c1928ca0d5c19f57318cde28efa50
	SHA256	6e18a890f61a563b82743c4e4e67bb7db0d5b22082e0e4b47ed8c9b5dcceba2e
SSDeep	1536:QNoJe5Zs4EwmmbeyVA3plMt0/AvuGmLsypi:QNoJ2ZswreyV0plMyY8YyI
Size	53760 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/win32.agent.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Gen Panda = Generic Trojan VirusBuster = Trojan.Kryptik!YLK8wnLhOs4 VBA32 = AdWare.SuperJuan.heur TrendMicro-HouseCall = TROJ_GEN.R1BC2GA Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Artemis!CC383D2A7D10 TrendMicro = TROJ_GEN.R1BC2GA Microsoft = Trojan:Win32/Vundo PCTools = Trojan.Gen McAfee = Artemis!CC383D2A7D10 F-Secure = Trojan.Generic.KDV.275065 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-EI [Cryp] eSafe = Win32.TRVundo AVG = Generic23.AELE Norman = W32/Suspicious_Gen2.NCPJW Symantec = Trojan.Gen.2 GData = Trojan.Generic.KDV.275065 TheHacker = Trojan/Kryptik.lfr BitDefender = Trojan.Generic.KDV.275065 NOD32 = a variant of Win32/Kryptik.LFR
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:31 06:08:21-05:00 PE Type : PE32 Linker Version : 4.20 Code Size : 12288 Initialized Data Size : 81920 Uninitialized Data Size : 0 Entry Point : 0x35c4 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1.1.1.0 Product Version Number : 1.1.1.0 File Flags Mask : 0x003f File Flags : Private build, Special build File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : NikeDrv.sys Company Name : S3/Diamond Multimedia Systems File Description : NikeDrv Usb Driver File Version : 1.00.0001.0 Internal Name : NikeDrv.sys Legal Copyright : Coyright (C) S3/Diamond Multimedia Systems 2000 Legal Trademarks : S3/Diamond Multimsdia Systems Original Filename : NikeDrv.sys Private Build : 0 Product Name : NikeDrv Product Version : 1.00.0001.0 Special Build : 0
VirusTotal Report submitted 2011-07-15 22:53:44
VirusShare info last updated 2012-07-25 07:58:12

	MD5	cd845ecaa50ebff8e46f90c00bcfa015
	SHA1	d779dd166058fa1960992b5d8d8af0526dc38c6e
	SHA256	f2dd5585547029cd7ca80fc337579f3e09762e128258952abc32baee8964928b
SSDeep	3072:dEm8QRlA3aNkRAXTddoNxARag44LJ3Jh9ypXcdJ9XfUfCwhw:dESeyqxJspJip
Size	127488 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Pirminay.air Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Suspicious file Rising = Trojan.Win32.Generic.1253726C nProtect = Trojan/W32.Pirminay.127488 K7AntiVirus = Riskware VirusBuster = Trojan.Pirminay!tXNHDSBG+D8 TrendMicro-HouseCall = TROJ_GEN.R47C3KG Comodo = UnclassifiedMalware McAfee-GW-Edition = Generic.dx!vwg DrWeb = Trojan.Siggen2.15308 TrendMicro = TROJ_GEN.R47C3KG Kaspersky = Trojan.Win32.Pirminay.aid PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.ff McAfee = Generic.dx!vwg F-Secure = Trojan.Generic.5022290 VIPRE = Trojan.Win32.Generic!BT Prevx = Medium Risk Malware Avast5 = Win32:Malware-gen F-Prot = W32/Virtumonde.BZ.gen!Eldorado AVG = Pakes.HQM Norman = W32/Suspicious_Gen2.FIYUW Sophos = Mal/Generic-L Symantec = Trojan.Gen GData = Trojan.Generic.5022290 Commtouch = W32/Virtumonde.BZ.gen!Eldorado TheHacker = Trojan/Kryptik.hny BitDefender = Trojan.Generic.5022290 NOD32 = a variant of Win32/Kryptik.HNY
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:10:24 13:20:26-04:00 PE Type : PE32 Linker Version : 5.12 Code Size : 52736 Initialized Data Size : 108544 Uninitialized Data Size : 0 Entry Point : 0xdbfd OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.1830 Product Version Number : 5.2.3790.1830 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : System Information File Version : 5.2.3790.1830 (srv03_sp1_rtm.050324-1447) Internal Name : msinfo32.exe Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : msinfo32.exe Product Name : Microsoft® Windows® Operating System Product Version : 5.2.3790.1830
VirusTotal Report submitted 2011-05-18 21:21:30
VirusShare info last updated 2012-07-25 07:59:32

	MD5	cdb37af10e41a453217a3e765c6797e1
	SHA1	d523711c0346c236e0619c0ae5eed257884d53e9
	SHA256	cf58bcd60c455a31fd311d659fa524467e3f9e091adc4e91f14e72e44361c16c
SSDeep	1536:iUsAbmGGQQ/9shHAiYCHbo+oLQ3Fc1CnCRJZuNMqqU+NV23S2+:9GGGQQO9AiYMbo+D8kNMqqDLy/+
Size	86528 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:Vundo-JW Antiy-AVL = Trojan/win32.agent.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.FakeAV Panda = Suspicious file Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Vundo!iy Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo Jiangmin = Trojan/Generic.gije McAfee = Vundo!iy VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Vundo-JW eSafe = Win32.TRVundo AVG = Generic23.TAW Norman = W32/Suspicious_Gen2.MYTZW GData = Gen:Trojan.Heur.LP.fu8@aKJP5vmi TheHacker = Trojan/Kryptik.owy BitDefender = Gen:Trojan.Heur.LP.fu8@aKJP5vmi NOD32 = a variant of Win32/Kryptik.OWY
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:13 09:32:51-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 32768 Initialized Data Size : 106496 Uninitialized Data Size : 0 Entry Point : 0x8a87 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Softpub Forwarder DLL File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : Softpub Forwarder DLL Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : Softpub Forwarder DLL Product Name : Microsoft® Windows® Operating System Product Version : 6.1.7600.16385
VirusTotal Report submitted 2011-06-25 15:42:11
VirusShare info last updated 2012-07-25 07:59:47

	MD5	ce3c129f85c5e137c44a3cc6d1660773
	SHA1	0d3e653fcda6c8fca1a12be8a58116cf531e3619
	SHA256	80a2094cc45918e9a73b25646d2f6a5e6ae99301de4aa7776c2f94ed91a90b59
SSDeep	1536:o7kw2uIR+AoPMqqU+NV23S2n8VkFS+FcHmCnzuaUkYUhnQFOo0UT6PpGiD:ooTnFoPMqqDLy/QVzLSkYHFO5si
Size	102400 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.AV.573 Avast = Win32:Malware-gen Antiy-AVL = Trojan/win32.agent.gen Ikarus = Trojan.Win32.Pirminay Panda = Suspicious file VirusBuster = Trojan.Kryptik!+Ay3qSGiM38 Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Artemis!CE3C129F85C5 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV McAfee = Artemis!CE3C129F85C5 F-Secure = Trojan.Generic.6324002 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Malware-gen AVG = Generic23.NJ Norman = Vundo.UUS GData = Trojan.Generic.6324002 TheHacker = Trojan/Kryptik.oxp BitDefender = Trojan.Generic.6324002 NOD32 = a variant of Win32/Kryptik.OXP
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:01:23 05:31:25-05:00 PE Type : PE32 Linker Version : 5.12 Code Size : 28672 Initialized Data Size : 118784 Uninitialized Data Size : 0 Entry Point : 0x3b6a OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 7.0.0.0 Product Version Number : 5.2.3790.1230 File Flags Mask : 0x003f File Flags : Private build File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Unicode Company Name : Adaptec, Inc. File Description : Adaptec Jfccjbr Ultra320 Driver File Version : 7.0.000.000 (NT.040809-2325) Internal Name : PH 3.0 MS_V98 V564 bw01 - RTC03 Legal Copyright : Copyright © 2003 Adaptec, Inc. All rights reserved. Original Filename : adpu320.sys Product Name : Adaptec Uvsvqsj Ultra320 Family Driver Product Version : 5.2.3790.1230
VirusTotal Report submitted 2011-07-22 16:10:41
VirusShare info last updated 2012-07-25 08:00:25

	MD5	cf185d5ae0cfef5c46a9a00b0f107b0c
	SHA1	f2dee5a948529e10313643b38e39d04bf8336533
	SHA256	2eeae6e1570da0086f1218ce92e76d970439d466b5af9ec46371397858eef3ac
SSDeep	6144:/LdUAW0zwcofOzN9IP3WqpSji06FBRlaCQtoYf+Qx9Xa9c6m6y9OidtXM/eUXi:hUAHoWkVSOtBiCzFQx9qaH3M
Size	372736 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Pirminay.hpu Ikarus = Trojan.Win32.Pirminay DrWeb = Trojan.DownLoader3.2424 Kaspersky = Trojan.Win32.Pirminay.hpu Microsoft = TrojanDownloader:Win32/Renos.KC VIPRE = Trojan.Win32.Generic!SB.0 Avast5 = Win32:Vundo-JU AVG = SHeur3.CAWY Norman = W32/Obfuscated.L NOD32 = a variant of Win32/Injector.FXK
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:31 01:20:38-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 352256 Initialized Data Size : 303104 Uninitialized Data Size : 0 Entry Point : 0x52cbb OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : Neutral Character Set : Unicode Company Name : Microsoft Corporation File Description : JP Japanese Keyboard Layout for 106 File Version : 6.0.6000.16386 (vista_rtm.061101-2205) Internal Name : kbd106 Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : kbd106.dll Product Name : Microsoft® Windows® Operating System Product Version : 6.0.6000.16386
VirusTotal Report submitted 2011-05-24 21:37:28
VirusShare info last updated 2012-07-25 08:01:23

	MD5	cfcb8e8f9d8cb53eac96315c7f8cebb2
	SHA1	19e5a91ba214ff445e7ac58c2bc1be70a42f9389
	SHA256	4e48ae170bdd5f11efdede577dbafd36e7f4e6bdf0e9abe1fe69899f547e00b3
SSDeep	768:PolFnMkbl6XVYGLkT7h21tycL/kPHkCxA8Eucr+MJyObRDSrvpN7CsI:P4MkbU8E1AjprcsOtqvpN74
Size	69632 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/Win32.Monder.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Vundo Panda = Trj/CI.A nProtect = Trojan/W32.Monder.69632.L K7AntiVirus = Trojan VirusBuster = Trojan.Kryptik!84xCTiAHZJU TrendMicro-HouseCall = TROJ_GEN.R47C1FP Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Monder.miue SUPERAntiSpyware = Trojan.Agent/Gen-Faldesc[RE] McAfee-GW-Edition = Vundo!iq DrWeb = Trojan.Smardec.58 TrendMicro = TROJ_GEN.R47C1FP Kaspersky = Trojan.Win32.Monder.miue Microsoft = Trojan:Win32/Vundo PCTools = Trojan.Gen Jiangmin = Trojan/Monder.aahh McAfee = Vundo!iq F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-EI [Cryp] AVG = Generic22.CETP Symantec = Trojan.Gen GData = Gen:Variant.Vundo.4 TheHacker = Trojan/Monder.mjbr BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.NDF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:11:23 16:38:47-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 49152 Initialized Data Size : 49152 Uninitialized Data Size : 0 Entry Point : 0xbf81 OS Version : 4.0 Image Version : 9.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.1106 Product Version Number : 5.1.2600.1106 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Nimybltgr Xypkzmsxjwz File Description : Cplffpxds DirectMusic Scripting File Version : 5.1.2600.1106 (xpsp1.020828-1920) Internal Name : Lqlbuiifh DirectMusic Scripting Legal Copyright : © Xpmyvicde Nuzgyszckie. All rights reserved. Original Filename : dmscript.dll Product Name : Ehrtaizdy® Xkyordn® Fpyueukmy System Product Version : 5.1.2600.1106
VirusTotal Report submitted 2011-07-05 11:29:20
VirusShare info last updated 2012-07-25 08:02:03

	MD5	d087f9faf740bd550b1016e7f5b2df5b
	SHA1	f3c5c5b3e9c4b409dac9e4694f528e48c5045d46
	SHA256	709ea82469391153debf9a997aefb5cc5b68a4b19d42066fbc7626da564a333a
SSDeep	3072:wjZLS95gpq17fBZF063FpO4I/N8h/f0sz59:yy063FlI/N8hf
Size	122880 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Gen Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.4 VirusBuster = Trojan.Kryptik!xwDhzPsrcss TrendMicro-HouseCall = TROJ_GEN.R47C2FB Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Artemis!D087F9FAF740 TrendMicro = TROJ_GEN.R47C2FB Microsoft = Trojan:Win32/Vundo PCTools = Trojan.Gen McAfee = Artemis!D087F9FAF740 F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:Malware-gen AVG = Generic22.BKFF Norman = W32/Suspicious_Gen2.MHFFB Symantec = Trojan.Gen GData = Gen:Variant.Vundo.4 TheHacker = Trojan/Kryptik.npn BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.NPN
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:08:13 05:18:23-04:00 PE Type : PE32 Linker Version : 6.0 Code Size : 65536 Initialized Data Size : 90112 Uninitialized Data Size : 0 Entry Point : 0x10601 OS Version : 4.0 Image Version : 4.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.0 Product Version Number : 5.2.3790.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Hsdvqnyoh Cpcesubqphb File Description : Multicast Information File Version : 5.2.3790.0 (srv03_rtm.030324-2048) Internal Name : mrinfo.exe Legal Copyright : © Microsoft Dvypfayrpii. All rights reserved. Original Filename : mrinfo.exe Product Name : Rtoifpmee® Xiqutyy® Zyxcszupj System Product Version : 5.2.3790.0
VirusTotal Report submitted 2011-07-03 12:39:39
VirusShare info last updated 2012-07-25 08:02:52

	MD5	d08ddec5a6b03ea594a22bb896ee7c82
	SHA1	9ec3d2d04034629bd8e639cd975909e12c65c5af
	SHA256	92a6004aa64119e643b60d30ebfd91e67a09e2e6cf0e33e59d722acec52247bc
SSDeep	3072:RmW8dM1A8oRwCC8lxJPslWM06BadT/ctadb3PA4Hg7j7z38WA:oTV8oRHzPiladbflQ7zW
Size	139264 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/VB.Downloader.Gen Avast = Win32:Hosts-J Antiy-AVL = Trojan/Win32.Swisyn.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Swisyn Panda = Trj/Qhost.LU Rising = Trojan.Win32.QHost.awf nProtect = Trojan/W32.QHosts.139264 K7AntiVirus = Trojan VirusBuster = Trojan.Swisyn!whPY1JLc4mw VBA32 = SScope.Trojan.VB.0609 eTrust-Vet = Win32/Swisyn.R TrendMicro-HouseCall = TROJ_FAM_00001e3.TOMA Comodo = TrojWare.Win32.Swisyn.C CAT-QuickHeal = TrojanDownloader.Ponmocup.A3 SUPERAntiSpyware = Trojan.Agent/Gen-HackHost McAfee-GW-Edition = Heuristic.BehavesLike.Win32.Downloader.A DrWeb = Trojan.Hosts.303 TrendMicro = TROJ_FAM_00001e3.TOMA Kaspersky = Trojan.Win32.Swisyn.jyb Microsoft = TrojanDownloader:Win32/Ponmocup.A ViRobot = Trojan.Win32.Swisyn.65024 Fortinet = W32/Swisyn.CQV!tr PCTools = Malware.Changeup Jiangmin = Trojan/Swisyn.cby McAfee = Swisyn.s F-Secure = Trojan.QHosts.AVD VIPRE = Trojan.Win32.Swisyn.jyb (v) Avast5 = Win32:Hosts-J eSafe = Win32.TRVB.Downloade F-Prot = W32/Swisyn.E.gen!Eldorado AVG = Dropper.VB.CMD Norman = W32/DLoader.ACMAD Sophos = Mal/Swisyn-D Symantec = W32.Changeup!gen GData = Trojan.QHosts.AVD Commtouch = W32/Swisyn.E.gen!Eldorado TheHacker = Trojan/Swisyn.jyb BitDefender = Trojan.QHosts.AVD NOD32 = Win32/Qhost.NRX
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:13 10:28:38-04:00 PE Type : PE32 Linker Version : 6.0 Code Size : 8192 Initialized Data Size : 8192 Uninitialized Data Size : 0 Entry Point : 0x1088 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2011-06-25 22:36:01
VirusShare info last updated 2012-07-25 08:02:53

	MD5	d15f8fdbdb4018f7d8740b79abb1c1f3
	SHA1	5255a2cf38a62e130711b3d8e30e47d0f8c8721b
	SHA256	982020e7953d72c5badc51cf99d6252f8185907bdacf12e0940f59eaad9a7eb8
SSDeep	6144:TJS//bwefFtij8x3u5oedX7tB2bRI98T+IWqAmqme8KBTDt1az99j2Rrv56AdOos:sEeNhuKedXhB2aZ+PefJx6A1a7p7
Size	451045 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Pirminay.hob Ikarus = Trojan.Win32.Pirminay Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Heuristic.BehavesLike.Win32.Suspicious.H Microsoft = TrojanDownloader:Win32/Ponmocup.A F-Secure = Trojan.Generic.KDV.230505 AVG = SHeur3.CASG GData = Trojan.Generic.KDV.230505 BitDefender = Trojan.Generic.KDV.230505 NOD32 = a variant of Win32/Kryptik.LLT
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:04:20 04:44:27-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 151552 Initialized Data Size : 577536 Uninitialized Data Size : 0 Entry Point : 0x21ee7 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 4.0.2.6513 Product Version Number : 4.0.2.6513 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Bkrwvdhep Ztnqubrmvgu File Description : Jcwhuhvop FrontPage CGI Server Administrator File Version : 4.0.2.6513 Original Filename : FPSRVCGI.EXE Legal Copyright : Copyright © 1995-1999 Kzmtyqsaq Zvqtxsphbdl, All rights reserved. Legal Trademark 1 : Pjhaxahcx®, Soripfs®, and FrontPage® are registered trademarks of Cmysfkmmw Axeazertkyi, and WebBot is a trademark of Dtpyzxmjc Vsiivqtnfgk, in the United States and/or other countries. Product Name : Gflwlpggq® FrontPage® 2000 Product Version : 4.0.2.6513
VirusTotal Report submitted 2011-05-24 05:57:46
VirusShare info last updated 2012-07-25 08:03:48

	MD5	d1b829977788206ba99ae92ef12ec466
	SHA1	424a7dae757c3d64adde0b5502d6047c4756428c
	SHA256	5c3852cf1425ba6ede1ab37ec7b3670be83630beded55f25dcab0b64336579b9
SSDeep	1536:6rXaP0oRs83Li2toXSFvWAEVZ7km5lrpih:6rY0Sr3W2wEWAEV/5lUh
Size	59904 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:Malware-gen Antiy-AVL = Trojan/win32.agent.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Packed/Win32.Generic Panda = Spyware/Virtumonde Rising = Trojan.Win32.Generic.125D75E7 nProtect = Gen:Variant.Vundo.6 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!DvVwBa71xJM TrendMicro-HouseCall = TROJ_GEN.R72C2FJ Comodo = UnclassifiedMalware McAfee-GW-Edition = Artemis!D1B829977788 TrendMicro = TROJ_GEN.R72C2FJ ViRobot = Trojan.Win32.Vundo.59904 Microsoft = Trojan:Win32/Vundo.gen!AV PCTools = HeurEngine.MaliciousPacker Jiangmin = Trojan/Genome.lwp McAfee = Artemis!D1B829977788 F-Secure = Gen:Variant.Vundo.6 VIPRE = Virtumonde Avast5 = Win32:Malware-gen eSafe = Win32.TRVundo F-Prot = W32/Virtumonde.BZ.gen!Eldorado AVG = Generic23.NZH Norman = W32/Suspicious_Gen2.MXLJW Symantec = Packed.Generic.305 GData = Gen:Variant.Vundo.6 Commtouch = W32/Virtumonde.BZ.gen!Eldorado BitDefender = Gen:Variant.Vundo.6 NOD32 = a variant of Win32/Kryptik.ITQ
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:11:15 18:50:56-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 52224 Initialized Data Size : 43008 Uninitialized Data Size : 0 Entry Point : 0xdb27 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 0.3.7000.0 Product Version Number : 6.1.7000.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 12 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Windows Journal Print Processor DLL File Version : 6.1.7000.0 (winmain_win7beta.081212-1400) Internal Name : Jnwppr Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : Jnwppr.DLL Product Name : Microsoft® Windows® Operating System Product Version : 6.1.7000.0
VirusTotal Report submitted 2011-06-22 05:08:45
VirusShare info last updated 2012-07-25 08:04:08

	MD5	d1ee73f2cad08108e1efa2848b9d76a0
	SHA1	5b0bcd2f3a375547c725a653a95724c3fbdfad4b
	SHA256	87ca64f14febae242298fd5757ac99a5a271ef3d04207fca2dc51b0864b22fda
SSDeep	1536:lvB8XiNa9rPQXn2cwEv8Kdc2Jy58dUe/Y/vE7Jp/8YMQHjHQV:kXiQJ8VwEkgcsoUI/M7Jp/1MQDw
Size	83968 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:MalOb-EI Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Gen Panda = Suspicious file Rising = Trojan.Win32.Generic.125E02EF nProtect = Gen:Variant.Vundo.13 K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_GEN.R72C2EP McAfee-GW-Edition = Artemis!D1EE73F2CAD0 TrendMicro = TROJ_GEN.R72C2EP Microsoft = Trojan:Win32/Vundo.gen!AV Jiangmin = Trojan/Genome.adqo McAfee = Artemis!D1EE73F2CAD0 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-EI F-Prot = W32/Virtumonde.BZ.gen!Eldorado AVG = Generic22.BGQX Symantec = Trojan.Gen.2 GData = Gen:Variant.Vundo.13 Commtouch = W32/Virtumonde.BZ.gen!Eldorado BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.IRI
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2007:02:21 01:17:10-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 73216 Initialized Data Size : 48128 Uninitialized Data Size : 0 Entry Point : 0x12ccd OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 2 Language Code : Neutral Character Set : Unicode Company Name : Microsoft Corporation File Description : Greek IBM 319 Keyboard Layout File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : kbdhe319 (3.13) Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : kbdhe319.dll Product Name : Microsoft® Windows® Operating System Product Version : 6.1.7600.16385
VirusTotal Report submitted 2011-05-29 05:20:39
VirusShare info last updated 2012-07-25 08:04:23

	MD5	d22f3142edd63bb111688eac085201d5
	SHA1	2f8f5240dcbf23f12e9537d5502eaa692ac0b427
	SHA256	dc458de1a6c3b1daa0a998e518237f4d2fbe71467a20c5c8bdc14abd68e3284d
SSDeep	6144:qbr47+qinstMgQgRnyoFz8Nr9XFFxTH+likQojkfiIrqsusJX5NLAfz:oFq+sGYyo6RZFF9HcQfluaXLLuz
Size	334951 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Pirminay.bjk Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay Panda = Trj/Agent.OLO nProtect = Gen:Variant.Buzy.552 K7AntiVirus = Riskware VBA32 = SScope.Trojan.Pirminay.chc eTrust-Vet = Win32/Ponmocup.A TrendMicro-HouseCall = TROJ_SPYPRO.SM Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = TrojanDownloader.Ponmocup.a McAfee-GW-Edition = Heuristic.BehavesLike.Win32.Suspicious.H DrWeb = Trojan.MulDrop1.60277 TrendMicro = TROJ_SPYPRO.SM Kaspersky = Trojan.Win32.Pirminay.dku Microsoft = TrojanDownloader:Win32/Renos.KC Fortinet = PossibleThreat PCTools = Trojan.Milicenso Jiangmin = Trojan/Pirminay.gy McAfee = Kryp.b ClamAV = Trojan.Agent-183368 F-Secure = Trojan.Generic.6537674 VIPRE = Trojan.Win32.Generic!BT F-Prot = W32/FakeAlert.LP.gen!Eldorado AVG = Generic20.BEEO Sophos = Troj/Virtum-Gen Symantec = Trojan.Milicenso GData = Trojan.Generic.6537674 Commtouch = W32/FakeAlert.LP.gen!Eldorado TheHacker = Trojan/Pirminay.bih BitDefender = Trojan.Generic.6537674 NOD32 = a variant of Win32/Kryptik.JIB
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:08:30 13:56:32-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 23040 Initialized Data Size : 603648 Uninitialized Data Size : 0 Entry Point : 0x6552 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.0.0.3422 Product Version Number : 2.0.0.3422 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : Hebrew Character Set : Unicode Comments : Company Name : Microsoft Corporation File Description : Microsoft Agent International Dll File Version : 2.00.0.3422 Internal Name : agt040d Legal Copyright : Copyright (C) Microsoft Corp. 1998 Legal Trademarks : Original Filename : agt040d.dll Private Build : Product Name : Microsoft Agent International Dll Product Version : 2.00.0.3422 Special Build :
VirusTotal Report submitted 2011-11-03 17:17:55
VirusShare info last updated 2012-07-25 08:04:38

	MD5	d2851e9a6a3b9efd77108819f0b0c31d
	SHA1	8fab25420f92abddc5109b49015cae34b0d6e192
	SHA256	75dae90f2db20ede9bd41725185871c2beccd35317a3b0aac42203deb1004d2c
SSDeep	1536:bSYv0G2yXJ/m7dlAkf+0BGIjjJUTYGQehLzto+767FWWXZZWxXIgDdze:bX2HlAijjWTRztrUXpZW55Ddze
Size	97792 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Pirminay Panda = Suspicious file nProtect = Trojan/W32.Agent.97792.FK K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_GEN.R4FC2A3 Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Vundo!hs DrWeb = Trojan.Click1.43075 TrendMicro = TROJ_GEN.R4FC2A3 Kaspersky = Trojan.Win32.Monder.mrry Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Vundo.HS!tr PCTools = Trojan.Gen Jiangmin = Trojan/Genome.ipb McAfee = Vundo!hs F-Secure = Trojan.Agent.AQPW VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-EI [Cryp] F-Prot = W32/Virtumonde.BZ.gen!Eldorado AVG = Crypt_c.BDQ Norman = W32/Suspicious_Gen2.FSOQK Sophos = Mal/Generic-L GData = Trojan.Agent.AQPW Symantec = Trojan.Gen Commtouch = W32/Virtumonde.BZ.gen!Eldorado BitDefender = Trojan.Agent.AQPW NOD32 = a variant of Win32/Kryptik.GND
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:01 07:51:19-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 88064 Initialized Data Size : 45056 Uninitialized Data Size : 0 Entry Point : 0x165f7 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Windows Media Video Decoder File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : wmvdecod.dll Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : wmvdecod.dll Product Name : Microsoft® Windows® Operating System Product Version : 6.1.7600.16385 Ole Self Register :
VirusTotal Report submitted 2011-09-11 11:57:14
VirusShare info last updated 2012-07-25 08:05:02

	MD5	d2b13a6b6b0dd3ca4490d3010c5382ff
	SHA1	e048190dd8a3159cba9093a186c63000c6e414c6
	SHA256	ea557701d371ef420637c6a638542638403277a48eb8dabf80ae0d667e2643f7
SSDeep	12288:a+e97/lyTe3akGIzV2IQOD8q0vslXda24Nk:anvzGtIQAfWv
Size	429056 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Ikarus = Trojan.Win32.Pirminay Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Heuristic.BehavesLike.Win32.Suspicious.H Avast5 = Win32:Vundo-JU Sophos = Mal/Ponmocup-A NOD32 = a variant of Win32/Injector.FXK
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:09:03 05:36:07-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 32768 Initialized Data Size : 790528 Uninitialized Data Size : 0 Entry Point : 0x49a3 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 3.0.6920.1820 Product Version Number : 3.0.6920.1820 File Flags Mask : 0x003f File Flags : Private build File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Lvleaadqo Kvzcsvqofwr File Description : PresentationFramework.Luna.dll File Version : 3.0.6920.1820 built by: NetFXw7 Internal Name : PresentationFramework.Luna.dll Legal Copyright : © Uypueijqy Lcnoxepbfqf. All rights reserved. Original Filename : PresentationFramework.Luna.dll Product Name : Qstehzzmb® .NET Framework Product Version : 3.0.6920.1820 Comments : Flavor=Retail Private Build : DDBLD228
VirusTotal Report submitted 2011-05-27 22:43:29
VirusShare info last updated 2012-07-25 08:05:14

	MD5	d3179a02dc426b5e328772a3a65ce3bc
	SHA1	7da4cd068834fc56f8406f9de55120c29ec54470
	SHA256	1e1f1824f059650377f129119fc0efc4a01994a4d7bf68f975bc379a18a3807a
SSDeep	12288:XU2n1LjxAxbmzruM0bOl26KzBZZq+Gzvm:XBvmJs5lKZizvm
Size	406010 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:Inject-AGX [Trj] Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Pirminay.406010 Panda = Trj/CI.A Rising = Trojan.Win32.Generic.128D02CF nProtect = Gen:Variant.Riern.1 K7AntiVirus = Trojan VirusBuster = Trojan.Agent!oDQKQmIjUeM VBA32 = Trojan.Pirminay.hfx TrendMicro-HouseCall = TROJ_GEN.R21C1FR Comodo = TrojWare.Win32.Trojan.Agent.Gen Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Pirminay.hfx SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[RE] McAfee-GW-Edition = Generic Downloader.x!fyg DrWeb = Trojan.DownLoader4.40390 TrendMicro = TROJ_GEN.R21C1FR Kaspersky = Trojan.Win32.Pirminay.hfx Microsoft = TrojanDownloader:Win32/Ponmocup.A PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.xb McAfee = Generic Downloader.x!fyg F-Secure = Trojan.Generic.5895088 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Inject-AGX [Trj] F-Prot = W32/Ponmocup.A.gen!Eldorado AVG = Dropper.Generic3.BOQX Norman = W32/Suspicious_Gen2.MCSEP Sophos = Mal/Generic-L GData = Trojan.Generic.5895088 Symantec = Trojan.Gen Commtouch = W32/Ponmocup.A.gen!Eldorado TheHacker = Trojan/Pirminay.gna BitDefender = Trojan.Generic.5895088 NOD32 = a variant of Win32/Injector.FXK
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:12:03 02:35:57-05:00 PE Type : PE32 Linker Version : 5.12 Code Size : 20480 Initialized Data Size : 753664 Uninitialized Data Size : 0 Entry Point : 0x2133 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 8 Language Code : English (U.S.) Character Set : Unicode Company Name : Kzntvrbfw Tfjszysdhzw File Description : MCI driver for cdaudio devices File Version : 5.1.2600.0 (xpclient.010817-1148) Internal Name : mcicda Legal Copyright : © Tdfbiltcd Zazxshwpani. All rights reserved. Original Filename : mcicda.dll Product Name : Heucpfpva® Lqeaaqr® Vlsvvkonq Fdlqmd Product Version : 5.1.2600.0
VirusTotal Report submitted 2011-08-26 07:50:45
VirusShare info last updated 2012-07-25 08:05:43

	MD5	d3c072b721fbc0d53dd75e1e59238020
	SHA1	8a21b2eea085874c14554538cafbe1a99acaf10d
	SHA256	67b059bd1eb166b8aa77519605a44d4a13963dc3a24aeac952726db5e315becd
SSDeep	6144:XRobyqO195qa8gjAh+jq203vATD2NLDa48An2N2FSmksqtB9:XWbyqO19D8gjBjmukXx5pesqr9
Size	366592 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dldr.Renos.KC.50 Avast = Win32:Dropper-gen Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Pirminay.366592.C Rising = Trojan.Win32.Generic.1288EE6F nProtect = Trojan/W32.Agent.366592.BY K7AntiVirus = Trojan VBA32 = Trojan.Pirminay.goh TrendMicro-HouseCall = TROJ_GEN.R29C2EN Comodo = TrojWare.Win32.Trojan.Agent.Gen CAT-QuickHeal = Trojan.Pirminay.goh McAfee-GW-Edition = Heuristic.BehavesLike.Win32.Suspicious.H DrWeb = Trojan.DownLoader2.54547 TrendMicro = TROJ_GEN.R29C2EN Kaspersky = Trojan.Win32.Pirminay.goh Microsoft = TrojanDownloader:Win32/Renos.KC Fortinet = W32/Pirminay.A!tr PCTools = Downloader.Generic Jiangmin = Trojan/Pirminay.wu McAfee = Generic Downloader.x!fyi F-Secure = Trojan.Generic.KDV.218163 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Kryptik-CIZ eSafe = Win32.TRDldr.Renos.K AVG = SHeur3.BYYV Norman = W32/Suspicious_Gen2.LWEEJ Sophos = Mal/Ponmocup-A Symantec = Downloader GData = Trojan.Generic.KDV.218163 TheHacker = Trojan/Pirminay.goh BitDefender = Trojan.Generic.KDV.218163 NOD32 = probably a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:11:14 23:21:37-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 327680 Initialized Data Size : 348160 Uninitialized Data Size : 0 Entry Point : 0x4d1a6 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 8.0.7600.16385 Product Version Number : 8.0.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Microsoft Speech Recognition Engine Extensions File Version : 8.0.7600.16385 (win7_rtm.090713-1255) Internal Name : spsrx.dll Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : spsrx.dll Product Name : Microsoft® Windows® Operating System Product Version : 8.0.7600.16385
VirusTotal Report submitted 2011-06-27 07:21:31
VirusShare info last updated 2012-07-25 08:06:33

	MD5	d3c8c072eb4549fd42e523eb59ca177a
	SHA1	29c65b95e257eb2615a1c3d7a451d16e454ed753
	SHA256	9e971ae12da16fb4e138a4fe50b3d94066a351b52fd7feb8684bedb0fa2ccb6d
SSDeep	1536:2IyW6OeyoZGRBS1tk+WqkBDXzQ7aeZ8dKENrAabHcOIDvvwAdjqP:ReJyo4cM+2bzQmtKupLODXnq
Size	94208 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/VB.Downloader.Gen Avast = Win32:Hosts-J Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Swisyn Panda = Trj/Qhost.LU Rising = Trojan.Win32.QHost.awf nProtect = Trojan/W32.QHosts.94208 K7AntiVirus = Trojan VirusBuster = Trojan.Swisyn!whPY1JLc4mw VBA32 = SScope.Trojan.VB.0609 eTrust-Vet = Win32/Swisyn.R TrendMicro-HouseCall = TROJ_FAM_00001e3.TOMA Comodo = TrojWare.Win32.Swisyn.C Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = TrojanDownloader.Ponmocup.A3 SUPERAntiSpyware = Trojan.Agent/Gen-HackHost McAfee-GW-Edition = Heuristic.BehavesLike.Win32.Downloader.D DrWeb = Trojan.Hosts.303 TrendMicro = TROJ_FAM_00001e3.TOMA Kaspersky = Trojan.Win32.Swisyn.jyb Microsoft = TrojanDownloader:Win32/Ponmocup.A ViRobot = Trojan.Win32.Swisyn.65024 Fortinet = W32/Swisyn.CQV!tr PCTools = Malware.Changeup Jiangmin = Trojan/Swisyn.cby McAfee = Swisyn.s F-Secure = Trojan.QHosts.AVD VIPRE = Trojan.Win32.Swisyn.jyb (v) Avast5 = Win32:Hosts-J F-Prot = W32/Swisyn.E.gen!Eldorado AVG = Dropper.VB.CMD Norman = W32/DLoader.ACMAD Sophos = Mal/Swisyn-D Symantec = W32.Changeup!gen GData = Trojan.QHosts.AVD Commtouch = W32/Swisyn.E.gen!Eldorado TheHacker = Trojan/Swisyn.jyb BitDefender = Trojan.QHosts.AVD NOD32 = Win32/Qhost.NRX
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:13 10:28:38-04:00 PE Type : PE32 Linker Version : 6.0 Code Size : 8192 Initialized Data Size : 8192 Uninitialized Data Size : 0 Entry Point : 0x1088 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2011-07-05 08:30:09
VirusShare info last updated 2012-07-25 08:06:37

	MD5	d3d6e7dbee6444496965036876259e43
	SHA1	a010fd03abe8993a89cc3216f3c4fde587671bbd
	SHA256	57315735d24e15af275023b68ad4e8fea1873dd550b551c2d34475acdee0088c
SSDeep	6144:Hv4H7u7NzXOvzK3y8f18noGMb0GhloqZGw0Mz2htiYGnylMh0nXD7CFWBwT:Pk7u79OLKCzM7hlRZS5tGylMSnXDuFp
Size	335845 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	Ikarus = Trojan.Win32.Pirminay F-Secure = Gen:Trojan.Heur.RP.umLfa0YoHdai Norman = W32/Obfuscated.L GData = Gen:Trojan.Heur.RP.umLfa0YoHdai BitDefender = Gen:Trojan.Heur.RP.umLfa0YoHdai NOD32 = a variant of Win32/Kryptik.LLT
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:11:05 16:26:51-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 335872 Initialized Data Size : 4096 Uninitialized Data Size : 430080 Entry Point : 0xbafe0 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.0 Product Version Number : 5.2.3790.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Jxupduxfy Bplskmrmniz File Description : Displays NIC MAC information File Version : 5.2.3790.0 (srv03_rtm.030324-2048) Internal Name : GetMac.exe Legal Copyright : © Wncctafyu Urbbzwwnktc. All rights reserved. Original Filename : GetMac.exe Product Name : Qdzldxwlt® Vycbdbi® Zwuxlavqf Sgljoi Product Version : 5.2.3790.0
VirusTotal Report submitted 2011-06-15 00:03:21
VirusShare info last updated 2012-07-25 08:06:41

	MD5	d521e17ea6322213f62f378c16b03eb6
	SHA1	f6414e07587cbbfb7db86955bc5f440f2c3778e4
	SHA256	fd93fe361c942d7551f3cb207e0cd3600707c54d264d1151beb70c1784811bde
SSDeep	1536:k/dw2uIR+8oPMqqU+NV23S2n8VkFS+FcHmCnzuaUkYUhnQFOo0UT6PpGiD:kVTnRoPMqqDLy/QVzLSkYHFO5si
Size	102400 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.AV.573 Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Malware/Win32.Generic Panda = Suspicious file nProtect = Gen:Variant.Vundo.16 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!8NTjGkHVihI TrendMicro-HouseCall = TROJ_GEN.R1BC2H8 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Vundo!kf DrWeb = Trojan.WinSpy.238 TrendMicro = TROJ_GEN.R1BC2H8 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr McAfee = Vundo!kf F-Secure = Trojan.Generic.6323627 VIPRE = Trojan.Win32.Generic!BT AVG = Generic23.NJ Norman = Vundo.UUS Sophos = Troj/Virtum-Gen GData = Trojan.Generic.6323627 Symantec = WS.Reputation.1 TheHacker = Trojan/Kryptik.oxp BitDefender = Trojan.Generic.6323627 NOD32 = a variant of Win32/Kryptik.OXP
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:01:23 05:31:25-05:00 PE Type : PE32 Linker Version : 5.12 Code Size : 28672 Initialized Data Size : 118784 Uninitialized Data Size : 0 Entry Point : 0x3b6a OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 7.0.0.0 Product Version Number : 5.2.3790.1230 File Flags Mask : 0x003f File Flags : Private build File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Unicode Company Name : Adaptec, Inc. File Description : Adaptec Jfccjbr Ultra320 Driver File Version : 7.0.000.000 (NT.040809-2325) Internal Name : PH 3.0 MS_V98 V564 bw01 - RTC03 Legal Copyright : Copyright © 2003 Adaptec, Inc. All rights reserved. Original Filename : adpu320.sys Product Name : Adaptec Uvsvqsj Ultra320 Family Driver Product Version : 5.2.3790.1230
VirusTotal Report submitted 2011-10-21 21:09:52
VirusShare info last updated 2012-07-25 08:08:21

	MD5	d58753e5445ddf00adbbee984ea1dc3c
	SHA1	19a9ce6c15e964c3adecf086b73b6eaf52605d6a
	SHA256	587ef315cb42feb725ad95a5a16a9f3719f5dd8fdb3c8e8fe32e34903d30887b
SSDeep	3072:CKlRnakrH7ytj7oiA8ZxweCrf7JTi4ffULmJbEo7j01F:CKlpakWnoiA8XweuJVf8LmpBK
Size	120832 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-GD Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Gen Panda = Generic Trojan nProtect = Trojan.Generic.KDV.237690 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Generic.dx!ztz Fortinet = W32/Kryptik.NPN!tr PCTools = Trojan.Gen McAfee = Generic.dx!ztz VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-GD AVG = Generic22.BSZS Symantec = Trojan.Gen GData = Trojan.Generic.KDV.237690 TheHacker = Trojan/Kryptik.npn BitDefender = Trojan.Generic.KDV.237690 NOD32 = a variant of Win32/Kryptik.NPN
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:14 13:39:47-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 69632 Initialized Data Size : 94208 Uninitialized Data Size : 0 Entry Point : 0x11a81 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1.3.0.3130 Product Version Number : 1.3.0.3130 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Jywyluocc Vhpbrgajfmp File Description : TDC ActiveX Control File Version : 1, 3, 0, 3130 Internal Name : TDC Legal Copyright : Copyright © 1996, 1997 Original Filename : TDC.OCX Product Name : Tabular Data Control Product Version : 1, 3, 0, 3130
VirusTotal Report submitted 2011-06-17 05:02:32
VirusShare info last updated 2012-07-25 08:08:45

	MD5	d601ddc05189acbea03eef347b46c46f
	SHA1	1a909f9820442da9bb5e8fcaa90a09553c102931
	SHA256	6552006ab962ecebd71912b6f50ea97f3878ba937eaca476472678cf68b1b4bd
SSDeep	1536:8LEJ/3N1Ez5tYYBbTx4EirMeUNgVnVhHfQD8tEzQu/wrri66lM9pL:8aNoaMTmrSkVpoAwND66lM9F
Size	94208 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.abb Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Genome Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.13 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!22kQp3ZeRg0 eTrust-Vet = Win32/Monder.A!generic TrendMicro-HouseCall = TROJ_GEN.R1BC2FI Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Vundo McAfee-GW-Edition = Vundo!ja DrWeb = Trojan.Click1.58119 TrendMicro = TROJ_GEN.R1BC2FI Kaspersky = Trojan.Win32.Genome.tvip Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen McAfee = Vundo!ja F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) eSafe = Win32.TRVundo.Abb F-Prot = W32/Virtumonde.CD.gen!Eldorado AVG = Generic22.BOII Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.13 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CD.gen!Eldorado TheHacker = Trojan/Kryptik.myj BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.MYJ
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:08:20 19:19:56-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 69632 Initialized Data Size : 57344 Uninitialized Data Size : 0 Entry Point : 0xe869 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Dxiggpsmt Vnvxjytrslg File Description : Internet TCP/IP and IPX Connection For DirectPlay File Version : 6.0.6000.16386 (iehyy_rtm.061101-2205) Internal Name : dpwsockx.dll Legal Copyright : © Fyfjcwcwq Refhrfxdrpr. All rights reserved. Original Filename : dpwsockx.dll Product Name : Pjdcuirok® Veknzbh® Hlcletgmv Xmagbo Product Version : 6.0.6000.16386
VirusTotal Report submitted 2011-10-21 21:11:56
VirusShare info last updated 2012-07-25 08:09:16

	MD5	d646a77816110e11505de6c9925fc361
	SHA1	5e5d483d7d3907d6f78402a0560c79ea5649222b
	SHA256	b0a7d4e9692da5b32b97703db1df061484c416e3a44a4cb20fb883f3984c5610
SSDeep	1536:U4VgwSC/UXuY28bQJjml9I3k3lQ36QDkUwP:U3wx8b20QJj83lQ39k
Size	49664 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:MalOb-GH [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Malware/Win32.Generic Panda = Trj/CI.A K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!Q/U7qByw7mk eTrust-Vet = Win32/Vundo.A!generic TrendMicro-HouseCall = TROJ_GEN.R72C2FJ Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Artemis!D646A7781611 TrendMicro = TROJ_GEN.R72C2FJ ViRobot = Trojan.Win32.Vundo.49664 Microsoft = Trojan:Win32/Vundo.gen!AV McAfee = Artemis!D646A7781611 F-Secure = Trojan.Generic.6145274 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-GH [Cryp] AVG = Generic22.CNWY Norman = W32/Suspicious_Gen2.NJCQO GData = Trojan.Generic.6145274 TheHacker = Trojan/Kryptik.ocu BitDefender = Trojan.Generic.6145274 NOD32 = a variant of Win32/Kryptik.OCU
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2004:08:16 10:16:46-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 40960 Initialized Data Size : 49152 Uninitialized Data Size : 0 Entry Point : 0xaeb1 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2001.12.4414.258 Product Version Number : 3.0.0.4414 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Windows, Latin1 Company Name : Yzwibhlqj Ewifvhxbtkz File Description : Simple Kernel-mode File-based Log File Version : 2001.12.4414.258 Internal Name : txflog.sys Legal Copyright : Copyright (C) Microsoft Corp. 1995-1999 Legal Trademarks : Qfvwqsgxa(R) is a registered trademark of Ighyzngxg Psbzwdzhbpn. Pbnyczd(TM) is a trademark of Zlpagiibr Klpywuagrfb Product Name : COM Services Product Version : 03.00.00.4414
VirusTotal Report submitted 2011-07-09 07:18:46
VirusShare info last updated 2012-07-25 08:09:28

	MD5	d6eb7e4fd1844f25c774c747f702def0
	SHA1	3e5b12f68463cd55050276d2af16dc3c483f0772
	SHA256	15e20d4e3ef7586112691c9a91e0d426cc0d3418225a84ac52981147b6218548
SSDeep	6144:ntqAtyQTlskkIB8agSd+/3KTliqpiAG4X/A/HWQhD4Doj+CX:ntNtyUl7kALd4ilBpi/44F/v
Size	363094 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Pirminay.gkn Avast = Win32:Kryptik-CEF [Trj] Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan-Downloader.Win32.Ponmocup AhnLab-V3 = Win-Trojan/Pirminay.363094 Panda = Trj/CI.A nProtect = Gen:Variant.Riern.1 K7AntiVirus = Riskware VirusBuster = Trojan.Agent!TKmNTE+h7G4 TrendMicro-HouseCall = TROJ_GEN.R21C2F3 Emsisoft = Trojan-Downloader.Win32.Ponmocup!IK Comodo = TrojWare.Win32.Trojan.Agent.Gen SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Heuristic.BehavesLike.Win32.Downloader.H TrendMicro = TROJ_GEN.R21C2F3 Kaspersky = Trojan.Win32.Pirminay.gsa Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = PossibleThreat PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.xx McAfee = Generic Downloader.x!fys F-Secure = Trojan.Generic.5869931 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Vundo-JU [Trj] AVG = Generic22.AEHK Norman = W32/Obfuscated.L Sophos = Mal/Generic-L Symantec = Trojan.Gen GData = Trojan.Generic.5869931 TheHacker = Trojan/Pirminay.hay BitDefender = Trojan.Generic.5869931 NOD32 = probably a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:05:30 00:10:26-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 61440 Initialized Data Size : 598016 Uninitialized Data Size : 0 Entry Point : 0xbf1a OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 2 Language Code : Neutral Character Set : Unicode Company Name : Vpuwdzsie Oqfohvphedj File Description : German_IBM Keyboard Layout File Version : 6.0.6000.16386 (qotyg_rtm.061101-2205) Internal Name : kbdgr1 (3.13) Legal Copyright : © Sxoppxnwq Sllsgiltlnl. All rights reserved. Original Filename : kbdgr1.dll Product Name : Ntvcxggbe® Umcwupb® Tuulpvxkb Iaktfo Product Version : 6.0.6000.16386
VirusTotal Report submitted 2011-08-19 04:06:18
VirusShare info last updated 2012-07-25 08:10:09

	MD5	d7b04178f4aa7bd9d47823fbad181e8d
	SHA1	95c657f5b952b88779944dfe2cde2f8ffdf26961
	SHA256	23e861737cfbae06699551602bf89350fb5640e0f3574395bf67cacdf608cdf1
SSDeep	3072:9QRRMvODYzSPcfUUiIjgizjzoFlRMqqDLy/R7wXGB4KMrp:hvpocgiHjqqDLuR7wsDm
Size	126976 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:Pirminay-BU [Trj] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Malware/Win32.Generic Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.13 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!P9/GzkBTqdY TrendMicro-HouseCall = TROJ_GEN.R72C2GG Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware TrendMicro = TROJ_GEN.R72C2GG Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:Pirminay-BU [Trj] F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.Q Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.13 Symantec = WS.Reputation.1 Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:04:10 12:45:39-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 57344 Initialized Data Size : 110592 Uninitialized Data Size : 0 Entry Point : 0xa0f2 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Bmconfnbt Rmytnjbbxqu File Description : Associated Device Presence Proxy Dll File Version : 6.0.6000.16386 (oozrg_rtm.061101-2205) Internal Name : IPBusEnumProxy Legal Copyright : © Sspdicmwx Vakeywfwlzz. All rights reserved. Original Filename : IPBusEnumProxy.dll Product Name : Digcdkqlq® Rzmzvym® Cxytubgma Mevzaf Product Version : 6.0.6000.16386
VirusTotal Report submitted 2011-08-21 12:47:34
VirusShare info last updated 2012-07-25 08:11:03

	MD5	d837c751f7b63e9480bbf8d383f79129
	SHA1	4ae329add47724383ebacd77ae812ecf44f41e37
	SHA256	1e93a1e4bf32babf6a992dec80b14ad45583888409e9dcbd2bc48551517067df
SSDeep	3072:R2kvVivN8w3LE4XwBI7YfqNdot7bS8Solhj76iSrRQKTeY8RH:vMN8+XMIw32szf6HddTe5RH
Size	131072 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/VB.Downloader.Gen Avast = Win32:Hosts-J [Trj] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Swisyn Panda = Trj/Qhost.LU Rising = Trojan.Win32.QHost.awf nProtect = Trojan/W32.Swisyn.131072.T K7AntiVirus = Trojan VirusBuster = Trojan.Swisyn!whPY1JLc4mw VBA32 = SScope.Trojan.VB.0609 eTrust-Vet = Win32/Swisyn.R TrendMicro-HouseCall = TROJ_FAM_00001e3.TOMA Emsisoft = Trojan.Win32.Pirminay!IK Comodo = TrojWare.Win32.Swisyn.C CAT-QuickHeal = TrojanDownloader.Ponmocup.A3 SUPERAntiSpyware = Trojan.Agent/Gen-HackHost McAfee-GW-Edition = Heuristic.BehavesLike.Win32.Downloader.A DrWeb = Trojan.Hosts.303 TrendMicro = TROJ_FAM_00001e3.TOMA Kaspersky = Trojan.Win32.Swisyn.jyb ViRobot = Trojan.Win32.Swisyn.65024 Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Swisyn.CQV!tr PCTools = Malware.Changeup Jiangmin = Trojan/Swisyn.cby McAfee = Swisyn.s ClamAV = Trojan.VB-43290 F-Secure = Trojan.QHosts.AVD VIPRE = Trojan.Win32.Swisyn.jyb (v) Avast5 = Win32:Hosts-J [Trj] eSafe = Win32.TRVB.Downloade F-Prot = W32/Swisyn.E.gen!Eldorado AVG = Dropper.VB.CMD Norman = W32/Suspicious_Gen2.MTKWO Sophos = Mal/Swisyn-D Symantec = W32.Changeup!gen GData = Trojan.QHosts.AVD Commtouch = W32/Swisyn.E.gen!Eldorado TheHacker = Trojan/Swisyn.jyb BitDefender = Trojan.QHosts.AVD NOD32 = Win32/Qhost.NRX
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:13 10:28:38-04:00 PE Type : PE32 Linker Version : 6.0 Code Size : 8192 Initialized Data Size : 8192 Uninitialized Data Size : 0 Entry Point : 0x1088 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2011-08-02 00:03:45
VirusShare info last updated 2012-07-25 08:11:37

	MD5	d8aaa1aedca518b88246816d4e61fc91
	SHA1	6be0b3d66112e77a98a66ffc94bad1ddea5563de
	SHA256	b38e46508426e77d4e5df06e35c0fac83618c9c5c992e0f5410879077dc2a896
SSDeep	1536:EJHjf0Rkih8ucEUQy8uIXqugg1Gq652cC9qK3OdpGeOAcTyYmddK8YyHJkRCU6iT:EJHjfCcdQyn6qugg1GB2yK3OdcePtYmK
Size	94720 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.94720.AV.3 Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Adware/Win32.SuperJuan Panda = Suspicious file Rising = Trojan.Win32.Generic.125B29DE nProtect = Trojan/W32.Vundo.94720.H K7AntiVirus = Riskware VirusBuster = Adware.SuperJuan!H30z5ylNFGM TrendMicro-HouseCall = TROJ_GEN.R72C2EV Comodo = UnclassifiedMalware McAfee-GW-Edition = Artemis!D8AAA1AEDCA5 DrWeb = Trojan.Juan.499 TrendMicro = TROJ_GEN.R72C2EV Kaspersky = not-a-virus:AdWare.Win32.SuperJuan.abfa Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = Adware/SuperJuan McAfee = Generic PUP.x!pa F-Secure = Gen:Variant.Vundo.4 VIPRE = Virtumonde Avast5 = Win32:Malware-gen F-Prot = W32/Virtumonde.BZ.gen!Eldorado AVG = Generic22.BCZJ Norman = W32/Suspicious_Gen2.MZAXX GData = Gen:Variant.Vundo.4 Commtouch = W32/Virtumonde.BZ.gen!Eldorado BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.PLI
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:06:18 12:21:03-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 42496 Initialized Data Size : 88064 Uninitialized Data Size : 0 Entry Point : 0xb4f9 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.0.2147.1 Product Version Number : 5.0.2147.1 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Pentium Floating Point Divide Error Utility File Version : 5.00.2147.1 Internal Name : pentnt Legal Copyright : Copyright (C) Microsoft Corp. 1981-1999 Original Filename : pentnt.exe Product Name : Microsoft(R) Windows (R) 2000 Operating System Product Version : 5.00.2147.1
VirusTotal Report submitted 2011-06-25 14:13:16
VirusShare info last updated 2012-07-25 08:12:03

	MD5	d9a81452b755ecc38118e8db21429129
	SHA1	0a2c45f0ea11e96bcff7c5492b780c6107232f41
	SHA256	deb581cccb578601ea1dbd97bc21e719ce282298819f9ff3b259024e9b8c8506
SSDeep	1536:2IwrilzkO6Qj478xoGYR6PoYef9NslWGKpGj2FQMQ7JLaQMQRQKA7qVRAsj5e:Rwulzl6Qj043efMlDKIqViaQMQ6KAoyb
Size	94208 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/VB.Downloader.Gen Avast = Win32:Hosts-J [Trj] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Swisyn Panda = Trj/Qhost.LU Rising = Trojan.Win32.QHost.awf nProtect = Trojan/W32.QHosts.94208 K7AntiVirus = Trojan VirusBuster = Trojan.Swisyn!whPY1JLc4mw VBA32 = SScope.Trojan.VB.0609 eTrust-Vet = Win32/Swisyn.R TrendMicro-HouseCall = TROJ_FAM_00001e3.TOMA Comodo = TrojWare.Win32.Swisyn.C Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = TrojanDownloader.Ponmocup.A3 SUPERAntiSpyware = Trojan.Agent/Gen-HackHost McAfee-GW-Edition = Heuristic.BehavesLike.Win32.Downloader.D DrWeb = Trojan.Hosts.303 TrendMicro = TROJ_FAM_00001e3.TOMA Kaspersky = Trojan.Win32.Swisyn.jyb Microsoft = TrojanDownloader:Win32/Ponmocup.A ViRobot = Trojan.Win32.Swisyn.65024 Fortinet = W32/Swisyn.CQV!tr PCTools = Malware.Changeup Jiangmin = Trojan/Swisyn.cby McAfee = Swisyn.s ClamAV = Trojan.VB-43290 F-Secure = Trojan.QHosts.AVD VIPRE = Trojan.Win32.Swisyn.jyb (v) Avast5 = Win32:Hosts-J [Trj] eSafe = Win32.TRVB.Downloade F-Prot = W32/Swisyn.E.gen!Eldorado AVG = Dropper.VB.CMD Norman = W32/Suspicious_Gen2.MTKMJ Sophos = Mal/Swisyn-D Symantec = W32.Changeup!gen GData = Trojan.QHosts.AVD Commtouch = W32/Swisyn.E.gen!Eldorado TheHacker = Trojan/Swisyn.jyb BitDefender = Trojan.QHosts.AVD NOD32 = Win32/Qhost.NRX
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:13 10:28:38-04:00 PE Type : PE32 Linker Version : 6.0 Code Size : 8192 Initialized Data Size : 8192 Uninitialized Data Size : 0 Entry Point : 0x1088 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2011-08-02 00:08:10
VirusShare info last updated 2012-07-25 08:13:07

	MD5	da76776c9ce007a4e8078020f0ed2f86
	SHA1	5bc3041e84e33bc85fcbde2ddbb96fcb331e914c
	SHA256	1b1c96eb50053a586b4dc100d61a4206ad58105f4f3edbdd1abbfdc466911962
SSDeep	3072:txkn/Ov03lrMqqDLy/39JylPxsI3ToTRMe:Wc1qqDLutJOz3sd
Size	110592 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Monder.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware VirusBuster = Trojan.Monder!O+MLuqvOjNY eTrust-Vet = Win32/Monder.A!generic TrendMicro-HouseCall = TROJ_GEN.R47C1FQ Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Generic.dx!zvh TrendMicro = TROJ_GEN.R47C1FQ Kaspersky = Trojan.Win32.Monder.drjy Microsoft = Trojan:Win32/Vundo Fortinet = W32/Monder.DRJY!tr PCTools = Trojan.Gen Jiangmin = Trojan/Monder.aamb McAfee = Generic.dx!zvh F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Monder.gen Avast5 = Win32:Malware-gen AVG = Generic23.LPD Norman = W32/Suspicious_Gen2.MWTSJ Symantec = Trojan.Gen GData = Gen:Variant.Vundo.4 TheHacker = Trojan/Monder.drjy BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.OXQ
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2005:04:06 18:39:13-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 36864 Initialized Data Size : 118784 Uninitialized Data Size : 0 Entry Point : 0x556e OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Beicdpcut Mnzzaarjswe File Description : Ohdhkiw Sockets Helper DLL for PGM File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : wshrm.dll Legal Copyright : © Xqsuraizv Haciwdbykys. All rights reserved. Original Filename : wshrm.dll Product Name : Csunswwxs® Allcnel® Hxozugebj Izsnff Product Version : 6.1.7600.16385
VirusTotal Report submitted 2011-06-30 19:38:31
VirusShare info last updated 2012-07-25 08:14:02

	MD5	db71814da4f2396af1805f792c67b2c7
	SHA1	646b7211cfc2c225183b7d5837c0a498498baaea
	SHA256	94f40d8c364f6a346ba915f15fdff3768f17483ab5c9c298b6d14d409de5497b
SSDeep	6144:syuTlIs2Cdg/loXVYv4g03LBDD7QggI+4gG0sG324MuQrzjG8VAgVNfh+gvtB9O:s3TlFJQJQgYBDD7oI3gG0ZG4JWzjGfEs
Size	373857 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.XPACK.Gen3 Avast = Win32:Vundo-JU [Trj] Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Pirminay.373857 Panda = Trj/CI.A nProtect = Trojan/W32.Pirminay.373857 K7AntiVirus = Riskware VirusBuster = Trojan.Agent!hlnj35hXlTM VBA32 = Trojan.Pirminay.ign TrendMicro-HouseCall = TROJ_GEN.R72C1FF Comodo = TrojWare.Win32.Trojan.Agent.Gen Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Generic Downloader.x!fyw DrWeb = Trojan.DownLoader4.10097 TrendMicro = TROJ_GEN.R72C1FF Kaspersky = Trojan.Win32.Pirminay.ign Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.ADH Jiangmin = Trojan/Pirminay.afh McAfee = Generic Downloader.x!fyw F-Secure = Gen:Variant.Graftor.840 VIPRE = Trojan.Win32.Generic!BT eSafe = Win32.TRCrypt.XPACK AVG = Downloader.Generic11.AJSX Norman = W32/Suspicious_Gen2.MUIMS Sophos = Mal/Generic-L GData = Gen:Variant.Graftor.840 Symantec = Trojan.ADH.2 TheHacker = Trojan/Downloader.Agent.pxo BitDefender = Gen:Variant.Graftor.840 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2002:08:19 14:28:48-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 28672 Initialized Data Size : 671744 Uninitialized Data Size : 0 Entry Point : 0x720c OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 8.0.7000.0 Product Version Number : 8.0.7000.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Zjkuehate Hahthgdvnro File Description : Zgqvqmvxj Speech Recognition Engine Extensions File Version : 8.0.7000.0 (winmain_win7beta.081212-1400) Internal Name : spsrx.dll Legal Copyright : © Erqasvbcs Crgsknwonkr. All rights reserved. Original Filename : spsrx.dll Product Name : Gafulzxnr® Cuhfllt® Bgmddrvjn Ennerx Product Version : 8.0.7000.0
VirusTotal Report submitted 2011-10-21 03:49:40
VirusShare info last updated 2012-07-25 08:15:16

	MD5	db9263a35873c5fa57e7c6aa17aa412d
	SHA1	6873068f9adab512598c887812946d34ef001842
	SHA256	c1c6abf649039f8b01c3fb8612be57a016273a0b7ea249511ae40d3295367fb4
SSDeep	1536:xoIljDCB3NeOegBnKANnX4soslav/GUBohnoXZtO1SUi2JWEPy9ZJglx:xoIp89ewKonXy4a3GFOZf12By9Z2l
Size	94208 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/Win32.Monder.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Monder.94208.DT Panda = Trj/CI.A nProtect = Trojan/W32.Monder.94208.Z K7AntiVirus = Riskware VirusBuster = Adware.Virtumonde!xMXIedr4TDY VBA32 = AdWare.SuperJuan.heur eTrust-Vet = Win32/Monder.A!generic TrendMicro-HouseCall = TROJ_GEN.R72C2FJ Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Vundo.Gen McAfee-GW-Edition = Vundo!mm DrWeb = Trojan.Virtumod.9773 TrendMicro = TROJ_GEN.R72C2FJ Kaspersky = Trojan.Win32.Monder.mjbc Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Menti.fam!tr Jiangmin = Trojan/Monder.aafv McAfee = Vundo!mm F-Secure = Application.Generic.365070 VIPRE = Trojan.Win32.Kryptik.laq (v) eSafe = Win32.TRVundo F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.CMXN Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Application.Generic.365070 Symantec = WS.Reputation.1 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/DownloaderMonder.mjbc BitDefender = Application.Generic.365070 NOD32 = a variant of Win32/Adware.Virtumonde.NKN
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:09:30 19:02:04-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 40960 Initialized Data Size : 86016 Uninitialized Data Size : 0 Entry Point : 0xa8a4 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.0.43.24229 Product Version Number : 2.0.43.24229 File Flags Mask : 0x30001f File Flags : Pre-release, Private build File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Windows, Latin1 Active Movie : Hauppauge WinTV Color Format Converter 2 Company Name : Hauppauge Computer Works, Inc. File Description : Hauppauge WinTV Color Format Converter 2 File Version : 2.0.43.24229 Internal Name : hcwCCnv2.ax Legal Copyright : Copyright (C) 2004-2006 Hauppauge Computer Works, Inc. OLE Self Register : AM20 Original Filename : hcwCCnv2.ax Product Name : Hauppauge WinTV Color Format Converter 2 Product Version : 2.0.43.24229
VirusTotal Report submitted 2011-10-21 22:28:09
VirusShare info last updated 2012-07-25 08:15:25

	MD5	dbbd503795e46a13d81c0b8a574ad58d
	SHA1	a5db2dba07a282ea14648a998cb18c46a54e5f99
	SHA256	cd11172a1c51f0b4556eb10ffe2b94bdf597505d0ed7db5afd506d650ec15a6e
SSDeep	3072:S+LA6rU50oY8ACmP11cXroRmdFzZMqqDLy/roDbc:iekof0rvFzyqqDLur
Size	131072 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:Vundo-JX Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.4 VirusBuster = Trojan.Vundo.AKMH eTrust-Vet = Win32/Vundo.HPV!genus SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Generic.evx!a Microsoft = Trojan:Win32/Vundo.gen!AV PCTools = Trojan.Gen McAfee = Generic.evx!a F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Vundo-JX AVG = Generic23.ABOQ Norman = W32/Suspicious_Gen2.NAXGD Symantec = Trojan.Gen.2 GData = Gen:Variant.Vundo.4 BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:05 18:48:40-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 86016 Initialized Data Size : 86016 Uninitialized Data Size : 0 Entry Point : 0x151a7 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.1.4026.0 Product Version Number : 2.0.0.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : Ncpniezam Kdqqjqacykd File Description : Movie Maker Filters File Version : 2, 1, 4026, 0 Internal Name : WMM2FILT Legal Copyright : Copyright (C) Lfwckqjlh Corp, 2004 Legal Trademarks : Original Filename : WMM2FILT.DLL Private Build : Product Name : Windows Movie Maker Product Version : 2.1.4026.0 Special Build :
VirusTotal Report submitted 2011-06-30 13:12:07
VirusShare info last updated 2012-07-25 08:15:37

	MD5	dbe0ef3e1fbdb535ab4c0a97ec2c953f
	SHA1	b2d8aed61c38999ecf8880c81d3ecaa605da29a9
	SHA256	5606debdaf5f1602c8d9959eeddc674fbad8a671893fd058ada6ce73c82b9cb2
SSDeep	3072:fvmXpvDiKv1hneGmCRAzBG60kHo2MqqDLy/41oiAL/heKoDR:fspvprneGmCqz+qqDLu4T+/gKAR
Size	233472 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.233472 Avast = Win32:Trojan-gen Antiy-AVL = Trojan/win32.agent.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Fakeav.233472.BW Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.13 VirusBuster = Trojan.Kryptik!qJhTNFLDHFo TrendMicro-HouseCall = TROJ_GEN.R47C1G1 Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Generic.dx!zwa DrWeb = Trojan.Smardec.75 TrendMicro = TROJ_GEN.R47C1G1 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo Fortinet = W32/Dx.ZWA!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.gicd McAfee = Generic.dx!zwa F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:Trojan-gen eSafe = Win32.TRVundo AVG = Generic23.JDC Norman = W32/Suspicious_Gen2.MYYLA Symantec = Trojan.Gen GData = Gen:Variant.Vundo.13 TheHacker = Trojan/Kryptik.npr BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.NPR
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2007:03:30 12:45:09-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 155648 Initialized Data Size : 118784 Uninitialized Data Size : 0 Entry Point : 0x22bc2 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7000.0 Product Version Number : 6.1.7000.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Jlvijhced Rzpfwelvimd File Description : Myslwzm OCR Engine - Reverse Video Detection for Asian OCR File Version : 6.1.7000.0 (winmain_win7beta.081212-1400) Internal Name : reverse Legal Copyright : © Jtfeaoojh Ksnvaabflio. All rights reserved. Original Filename : reverse.dll Product Name : Pdxakpbrk® Voxzkpw® Lztauuaav Cttnfv Product Version : 6.1.7000.0
VirusTotal Report submitted 2011-07-06 11:31:08
VirusShare info last updated 2012-07-25 08:15:42

	MD5	decb05c52743c2f8337f4edf819e98dd
	SHA1	2c112dce74aac915f8445a5b5aaa9ffe207c3e87
	SHA256	25f9e157b480576cc529ed61bb97c4a1a267ec63cb5640733920c0b7b42fc0e3
SSDeep	768:I7sWg8F9QNZ7r0GvuhSnZ6ttEre9cTnjGa3yMuoIfopzZYiCG1voND:Osd8zcZ70SZfrA4n6a3yXw4UVED
Size	45056 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-EI Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Gen Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.5 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!sDtgjGYGwlw TrendMicro-HouseCall = TROJ_GEN.R72C2F8 Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Agent.ni SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[RE] TrendMicro = TROJ_GEN.R72C2F8 Microsoft = Trojan:Win32/Vundo PCTools = Trojan.Gen F-Secure = Gen:Variant.Vundo.5 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-EI AVG = Generic22.BDUI Symantec = Trojan.Gen GData = Gen:Variant.Vundo.5 BitDefender = Gen:Variant.Vundo.5 NOD32 = a variant of Win32/Kryptik.NDF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:06:29 08:26:07-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 8192 Initialized Data Size : 81920 Uninitialized Data Size : 0 Entry Point : 0x21bb OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Rrwzemgyf Haethwaimyw File Description : Vfgpnzr Shell Obsolete APIs File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : SHUNIMPL Legal Copyright : © Yogxmvoen Corporation. All rights reserved. Original Filename : SHUNIMPL.DLL Product Name : Onncmrceu® Mchcgeg® Vqbgvfzrf System Product Version : 6.1.7600.16385
VirusTotal Report submitted 2011-06-10 15:24:24
VirusShare info last updated 2012-07-25 08:18:57

	MD5	defa80fff6ede42c414c7f4ad1e5f0d4
	SHA1	c064243a914f1b21eb0df2a32e8ef407d4e09f98
	SHA256	3efa91ba7ebf3fe3b8e141c8a27bb9e30a73c1f4c8a36fb2e9f210780f8e5e75
SSDeep	1536:fLR9V4mGG/y9shkCuhiYQ5boqqLQ3FS1CnCRJZu4MqqU+NV23S26:flGG/X6CGiYEboq78k4MqqDLy/6
Size	86528 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:Vundo-JW Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.FakeAV Panda = Suspicious file nProtect = Gen:Variant.Vundo.4 TrendMicro-HouseCall = TROJ_GEN.R47C2FT Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Artemis!DEFA80FFF6ED TrendMicro = TROJ_GEN.R47C2FT Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Jiangmin = Trojan/Generic.gije McAfee = Artemis!DEFA80FFF6ED F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Vundo-JW AVG = Generic23.GJY GData = Gen:Variant.Vundo.4 TheHacker = Trojan/Kryptik.owy BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.OWY
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:13 09:32:51-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 32768 Initialized Data Size : 106496 Uninitialized Data Size : 0 Entry Point : 0x8a87 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Softpub Forwarder DLL File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : Softpub Forwarder DLL Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : Softpub Forwarder DLL Product Name : Microsoft® Windows® Operating System Product Version : 6.1.7600.16385
VirusTotal Report submitted 2011-07-04 23:34:58
VirusShare info last updated 2012-07-25 08:19:09

	MD5	df5bfa7a94f2fc635a25c554b7b1a09c
	SHA1	2a83e5d56dd8312275df479fdf4cf663c116f5ef
	SHA256	be4263abedfaaa3ddf5a42df10f5e74abe545a9c5e4ebbf7572b34e76f594824
SSDeep	6144:uMC0piyHhoYmipPq3dzlTYjUZNogL9Smn4oTT0IIXnCIarq//Gy8hDW6uVdxzlBv:uMBphhNxelTYjUZrshosIUCIaqL8hD2H
Size	327247 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dldr.Ponmocup.A.284 Avast = Win32:Kryptik-DCA [Trj] Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Pirminay.442368.G Panda = Generic Trojan nProtect = Gen:Variant.Kazy.26405 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!9smv22MGvB0 TrendMicro-HouseCall = TROJ_GEN.R72C3FJ Comodo = TrojWare.Win32.Trojan.Agent.Gen Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = TrojanDownloader.Ponmocup.a SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] TrendMicro = TROJ_GEN.R72C3FJ Kaspersky = Trojan.Win32.Pirminay.kum Microsoft = TrojanDownloader:Win32/Ponmocup.A PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.acp F-Secure = Trojan.Generic.6142029 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Kryptik-DCA [Trj] AVG = Generic22.CPDZ Norman = W32/Obfuscated.L Sophos = Mal/Generic-L GData = Trojan.Generic.6142029 Symantec = Trojan.Gen TheHacker = Trojan/Pirminay.ifj BitDefender = Trojan.Generic.6142029 NOD32 = a variant of Win32/Kryptik.ILE
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:05 08:50:16-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 323584 Initialized Data Size : 4096 Uninitialized Data Size : 450560 Entry Point : 0xbddb0 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Zevtxrdlb Nkmoyyjmsdi File Description : WMI Performance Reverse Adapter Resources File Version : 5.1.2600.0 (uxcdnjto.010817-1148) Internal Name : WmiApRes.dll Legal Copyright : © Dasvojmrp Vqgsjfpoxzt. All rights reserved. Original Filename : WmiApRes.dll Product Name : Ulpqoxski® Gnisvoh® Bbmxfxbza Zawdxs Product Version : 5.1.2600.0
VirusTotal Report submitted 2011-08-23 18:57:25
VirusShare info last updated 2012-07-25 08:19:33

	MD5	dfd651705dddc774ab6e0d88198d7040
	SHA1	06a41ce65d95f4057da70a386b69f3bdec071738
	SHA256	5ee8ee01b215675fe949b18646798fa502c5522ccd8df718157a95d19ec5aec8
SSDeep	1536:Fdmc6ge8S0/gpbue8UaYx6dmj8oGs1frpWAuUVY9B5Ng43zj20varWgIIR5m:Fcc6yLe8F06YIA1zpWmO9B533zj20AWj
Size	82432 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.ATRAPS AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/Vundo.R nProtect = Trojan/W32.Pirminay.82432 K7AntiVirus = Riskware VirusBuster = Trojan.Pirminay!qxxjKXTPvIk VBA32 = Trojan.Pirminay.aqi Comodo = UnclassifiedMalware McAfee-GW-Edition = Generic.dx!zto DrWeb = Trojan.Siggen2.13811 Kaspersky = Trojan.Win32.Pirminay.hvq Fortinet = W32/Pirminay.HVQ!tr PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.eh McAfee = Generic.dx!zto F-Secure = Gen:Variant.Vundo.6 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:Malware-gen F-Prot = W32/Virtumonde.BZ.gen!Eldorado AVG = Generic22.BXWL Norman = W32/Suspicious_Gen2.MOWSB GData = Gen:Variant.Vundo.6 Commtouch = W32/Virtumonde.BZ.gen!Eldorado TheHacker = Trojan/Pirminay.axd BitDefender = Gen:Variant.Vundo.6 NOD32 = a variant of Win32/Kryptik.ITN
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2002:08:09 13:59:32-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 72192 Initialized Data Size : 46592 Uninitialized Data Size : 0 Entry Point : 0x12787 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.1106 Product Version Number : 5.1.2600.1106 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : DLL Interface to TermDD Device Driver File Version : 5.1.2600.1106 (xpsp1.020828-1920) Internal Name : icaapi.dll Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : icaapi.dll Product Name : Microsoft® Windows® Operating System Product Version : 5.1.2600.1106
VirusTotal Report submitted 2011-06-10 08:50:18
VirusShare info last updated 2012-07-25 08:20:06

	MD5	e1a84c7e86494f87e530e3ace4740490
	SHA1	aaf829ea8a2f0cefb3f9c280d0433ac37686f4bd
	SHA256	df212c122a87e3dda16b7d66ea9bc7ca4130a7f4b078298355b6d752e22cd5d4
SSDeep	1536:R1TwNvtf/zSnAvNe7Gctw624RojfDbxoSqJAdHV+TrPJNLPivSYVEQLl+7:R1inzSnAle3bpADbxDqJAd1+PP3PySsK
Size	85504 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/win32.agent.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Suspicious file Rising = Trojan.Win32.Generic.1233082B nProtect = Trojan/W32.Agent.85504.KB K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!qs1gsx50ZGQ VBA32 = Trojan.Monder.mlmg TrendMicro-HouseCall = TROJ_GEN.R1BC2H7 Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Vundo.av McAfee-GW-Edition = Vundo!mm DrWeb = Trojan.Virtumod.10452 TrendMicro = TROJ_GEN.R1BC2H7 Kaspersky = Trojan.Win32.Monder.mlmg Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = HeurEngine.MaliciousPacker Jiangmin = Trojan/Genome.mmf McAfee = Vundo!mm F-Secure = Gen:Variant.Vundo.4 VIPRE = Virtumonde F-Prot = W32/Virtumonde.BZ.gen!Eldorado AVG = Generic24.XFV Norman = W32/Kryptik.AIF GData = Gen:Variant.Vundo.4 Symantec = Packed.Generic.305 Commtouch = W32/Virtumonde.BZ.gen!Eldorado TheHacker = Trojan/Monder.mlmg BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.ITU
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:11:01 03:23:43-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 39936 Initialized Data Size : 82944 Uninitialized Data Size : 0 Entry Point : 0xa9cd OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7000.0 Product Version Number : 6.1.7000.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : ActiveX Data Objects Resources File Version : 6.1.7000.0 (winmain_win7beta.081212-1400) Internal Name : msader15.dll Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : msader15.dll Product Name : Microsoft® Windows® Operating System Product Version : 6.1.7000.0
VirusTotal Report submitted 2011-10-22 00:44:20
VirusShare info last updated 2012-07-25 08:22:12

	MD5	e2a36eeb7eed7c8aaa143a469a452dcc
	SHA1	571fb4d6f24733b837b46ef9d8c29862d7e0e884
	SHA256	c336646f09d1e2118ac01b6a8130432871bf1043a44e1d692102e5cc76e8d234
SSDeep	6144:TTUyAs15d/3BfydG/wyBMUyAg8jId0a3kPx/GA6UerC26ie+T5SvCtWRI:/53B6GnBMUQyaUZGAjLvC8q
Size	363402 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.5.18 Avast = Win32:Dropper-gen [Drp] Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Pirminay.363402 Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.5 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!SwtpIwwljRQ TrendMicro-HouseCall = TROJ_GEN.R21C2F4 Emsisoft = Trojan.Win32.Pirminay!IK Comodo = TrojWare.Win32.Trojan.Agent.Gen CAT-QuickHeal = Trojan.Pirminay.hmk SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[RE] McAfee-GW-Edition = Generic Downloader.x!fzl TrendMicro = TROJ_GEN.R21C2F4 Kaspersky = Trojan.Win32.Pirminay.hmk Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Ponmocup.A Jiangmin = Trojan/Pirminay.agv McAfee = Generic Downloader.x!fzl F-Secure = Gen:Variant.Vundo.5 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Dropper-gen [Drp] AVG = Generic22.ANYC Norman = W32/Obfuscated.L Sophos = Mal/Ponmocup-A GData = Gen:Variant.Vundo.5 TheHacker = Trojan/Pirminay.goj BitDefender = Gen:Variant.Vundo.5 NOD32 = a variant of Win32/Kryptik.LLT
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:03:30 21:37:48-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 65536 Initialized Data Size : 589824 Uninitialized Data Size : 0 Entry Point : 0xcc6b OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.0.2195.6620 Product Version Number : 5.0.2195.6620 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Gthapoftv Nkvupyqcxix File Description : IIS Log File Conversion Utility File Version : 5.00.2195.6620 Internal Name : convlog.exe Legal Copyright : Copyright (C) Rpruciyyz Corp. 1981-1999 Original Filename : convlog.exe Product Name : Nihezboez(R) Jsfokgn (R) 2000 Xwnmsixqj Rzhtlp Product Version : 5.00.2195.6620
VirusTotal Report submitted 2011-08-19 04:07:11
VirusShare info last updated 2012-07-25 08:23:14

	MD5	e3068b8ac8d0d4840bdfa3e6f8a4b343
	SHA1	26a5e158e39f39bdd9fe413681d49098dbf37a8b
	SHA256	cdf0eb2daec90934865111b15b16a57de01c827b5dfd1af6c49df1b3759e5075
SSDeep	1536:p441L3YzNdW+Nm3unr3ATfTFTo/37VszBNv7ws5kVm0ry1jxd+1Tgj+FK:pZh3YzNNm3u7w5M+3v0Lo1jBI
Size	110592 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Gen Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_GEN.R72C2FG Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[RE] McAfee-GW-Edition = Artemis!E3068B8AC8D0 TrendMicro = TROJ_GEN.R72C2FG Microsoft = Trojan:Win32/Vundo PCTools = Trojan.Gen McAfee = Artemis!E3068B8AC8D0 F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:Vundo-JU AVG = Generic22.CFVE Symantec = Trojan.Gen GData = Gen:Variant.Vundo.4 BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.NDF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:06:23 14:57:46-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 90112 Initialized Data Size : 53248 Uninitialized Data Size : 0 Entry Point : 0x16431 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6001.18000 Product Version Number : 6.0.6001.18000 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 6 Language Code : English (U.S.) Character Set : Unicode Company Name : Vynscpnwk Qdpqwzrbrar File Description : Link-Layer Topology Mapper I/O Driver File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840) Internal Name : LLTDIO.SYS Legal Copyright : © Jgldoeybd Pyuktpugexx. All rights reserved. Original Filename : LLTDIO.SYS Product Name : Ddpxfkawy® Kdzjwwd® Qgkpqffwa Chkikl Product Version : 6.0.6001.18000
VirusTotal Report submitted 2011-07-04 11:38:14
VirusShare info last updated 2012-07-25 08:23:36

	MD5	e30fc1f21762fb51a326c1b2863985d3
	SHA1	e6b5d9d117fee0353c9f50a610e25995963677c1
	SHA256	95536706fa5105d8ed13cab5984e4b8b8b19c2468e9a20e9c805d710eb2ac78a
SSDeep	3072:MdT3NjB/1eCejlEMqqDLy/BG5t7Gj4RHuhj:mNV93eNqqDLuBQk
Size	118784 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.HDC Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.16 K7AntiVirus = Riskware eTrust-Vet = Win32/Monder.A!generic Emsisoft = Trojan.Win32.Pirminay!IK Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr F-Secure = Gen:Variant.Vundo.16 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.AKTA Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.16 Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Gen:Variant.Vundo.16 NOD32 = Win32/Adware.Virtumonde.NHD
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:12:01 00:34:32-05:00 PE Type : PE32 Linker Version : 5.12 Code Size : 45056 Initialized Data Size : 114688 Uninitialized Data Size : 0 Entry Point : 0x7aca OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1.0.0.1 Product Version Number : 1.0.0.1 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : File Description : weldata MFC Application File Version : 1, 0, 0, 1 Internal Name : weldata Legal Copyright : Copyright (C) 1998 Legal Trademarks : Original Filename : weldata.EXE Product Name : weldata Application Product Version : 1, 0, 0, 1
VirusTotal Report submitted 2011-10-20 17:04:18
VirusShare info last updated 2012-07-25 08:23:39

	MD5	e40420b9c58a5d08a7aebac2fbefcd13
	SHA1	5ede74dee9a66788eced25a90237c28e36038990
	SHA256	8edbf2ca036b3827e8dd7386d2420406fd8ccb7f252229917698f43e0033cc6e
SSDeep	12288:RFF/IA2pmyR0hJ3BlbovUR9PqKQjmbHqGyxXe:RT/f2WhJHo7j8XyxXe
Size	479665 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dldr.Ponmocup.A.223 Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay nProtect = Trojan.Generic.5815059 K7AntiVirus = Riskware Emsisoft = Trojan.Win32.Pirminay!IK PCTools = Downloader.Generic F-Secure = Trojan.Generic.5815059 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Malware-gen AVG = Downloader.Generic11.TUK Sophos = Mal/Ponmocup-A Symantec = Downloader GData = Trojan.Generic.5815059 TheHacker = Trojan/Downloader.Agent.pxo BitDefender = Trojan.Generic.5815059 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:11:09 22:30:14-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 90112 Initialized Data Size : 745472 Uninitialized Data Size : 0 Entry Point : 0x13222 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.0.0.3422 Product Version Number : 2.0.0.3422 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : Ydwnyedwh Cqezrxrndbh File Description : Microsoft Character Animation Data Provider File Version : 2.00.0.3422 Internal Name : AgentDataProvider2 Legal Copyright : Copyright (C) Dollwhwhh Corp. 1997-98 Legal Trademarks : Original Filename : AgentDp2.dll Private Build : Product Name : Olomakzsy Character Animation Data Provider Product Version : 2.00.0.3422 Special Build :
VirusTotal Report submitted 2011-05-23 09:09:26
VirusShare info last updated 2012-07-25 08:24:46

	MD5	e66b408ebc196bd18a9d2e8adf101fdf
	SHA1	aa7a9b91d7e66018028abdda9451063c65798720
	SHA256	2c2b4f23dbb52df9db3b2d29ebd8b5424fad5f3bf75d133e78524701c583457e
SSDeep	1536:m6F8O59K+PdpDteVvS2mVNI+fMqqU+NV23S2/oIh5ClHG3cTGc5jsrtXtez2:BF759K+PbteZS2mUyMqqDLy//oyGWcTD
Size	94208 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Malware/Win32.Generic Panda = Trj/CI.A K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!qwufXiTCrz8 TrendMicro-HouseCall = TROJ_GEN.R72C2GB Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Artemis!E66B408EBC19 TrendMicro = TROJ_GEN.R72C2GB Microsoft = Trojan:Win32/Vundo.gen!AV McAfee = Artemis!E66B408EBC19 F-Secure = Gen:Heur.Ranpax.1 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Malware-gen eSafe = Win32.TRVundo AVG = Generic23.AKVN Norman = W32/Suspicious_Gen2.NHMFD GData = Gen:Heur.Ranpax.1 BitDefender = Gen:Heur.Ranpax.1 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:01:11 03:46:07-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 28672 Initialized Data Size : 106496 Uninitialized Data Size : 0 Entry Point : 0x7b01 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Unicode Company Name : Xlfqmbeli Uedprnvwcjp File Description : Tjlsmjo Driver Foundation - User-mode Driver Framework Reflector File Version : 6.0.6000.16386 (bevhs_rtm.061101-2205) Internal Name : WUDFRd.sys Legal Copyright : © Uevyddwpw Corporation. All rights reserved. Original Filename : WUDFRd.sys Product Name : Shzuzigfg® Xrnmjnz® Xypptpvxi Wvszdg Product Version : 6.0.6000.16386
VirusTotal Report submitted 2011-07-20 06:12:08
VirusShare info last updated 2012-07-25 08:27:22

	MD5	e76bd49ea032ae50367dacff37ff5caa
	SHA1	723261afb45501701aeda9923c34c87c50fa42e1
	SHA256	57fb6652aeab11d6f3e11d7b78559d98df242358222cdc3c51386e6e3548d86a
SSDeep	6144:zGJCR1Hrg3IEYMq0vmrx8x4Deumxhi8/qmtYwIN4:z3R1HQ54x8qDezji8S1
Size	274432 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.XPACK.Gen3 Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Genome Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.13 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!cTxoSMaLvnE eTrust-Vet = Win32/Monder.A!generic TrendMicro-HouseCall = TROJ_GEN.R4FC1JN Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[RE] McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.Smardec.77 TrendMicro = TROJ_GEN.R4FC1JN Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Genome.ahhm McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.BIER Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.13 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.llt BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.LLT
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:03:20 13:02:11-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 208896 Initialized Data Size : 94208 Uninitialized Data Size : 0 Entry Point : 0x30831 OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.0 Product Version Number : 5.2.3790.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Vnriirkvy Pzgzmklipsm File Description : Lvgbpubuh Wkxwugi Sockets 2.0 Service Provider File Version : 5.2.3790.0 (srv03_rtm.030324-2048) Internal Name : msafd.dll Legal Copyright : © Rxasimrum Xemlecbmvvo. All rights reserved. Original Filename : msafd.dll Product Name : Sqhficqmq® Jewjzty® Hinvlpseh Tkmprt Product Version : 5.2.3790.0
VirusTotal Report submitted 2011-10-29 23:39:58
VirusShare info last updated 2012-07-25 08:28:33

	MD5	e7b46d27ceedaf2902b6e22cf8412981
	SHA1	9b1d0d65f3f9b0e31b7d6bced59b93853d1e592c
	SHA256	d051e7558ee1d2d44db081efb77ed35005443b41f7de8a08184a1277ed53a48e
SSDeep	768:PblF1tYbl6XVYGLkT7h21tycL/kPHkCxA8Eucr+MJyObRDSb7pN1CsI:Pj7YbU8E1AjprcsOtK7pN14
Size	69632 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.4.187 Avast = Win32:MalOb-EI Antiy-AVL = Trojan/Win32.Monder.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Vundo Panda = Trj/CI.A nProtect = Trojan/W32.Monder.69632.L K7AntiVirus = Trojan VirusBuster = Trojan.Monder!mqvfsCrRRkI TrendMicro-HouseCall = TROJ_GEN.R72C2EC Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Monder.mirn SUPERAntiSpyware = Trojan.Agent/Gen-Faldesc[RE] McAfee-GW-Edition = Vundo!iz DrWeb = Trojan.Smardec.58 TrendMicro = TROJ_GEN.R72C2EC Kaspersky = Trojan.Win32.Monder.mirn Microsoft = Trojan:Win32/Vundo Fortinet = W32/Monder.MIRN!tr PCTools = Trojan.Gen Jiangmin = Trojan/Monder.aahh McAfee = Vundo!iz F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-EI AVG = Generic22.AKIP Norman = W32/Suspicious_Gen2.MQSVW Sophos = Mal/Generic-L Symantec = Trojan.Gen GData = Gen:Variant.Vundo.4 TheHacker = Trojan/Monder.mjbr BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.NDF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:11:23 16:38:47-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 49152 Initialized Data Size : 49152 Uninitialized Data Size : 0 Entry Point : 0xbf81 OS Version : 4.0 Image Version : 9.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.1106 Product Version Number : 5.1.2600.1106 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Nimybltgr Xypkzmsxjwz File Description : Cplffpxds DirectMusic Scripting File Version : 5.1.2600.1106 (xpsp1.020828-1920) Internal Name : Lqlbuiifh DirectMusic Scripting Legal Copyright : © Xpmyvicde Nuzgyszckie. All rights reserved. Original Filename : dmscript.dll Product Name : Ehrtaizdy® Xkyordn® Fpyueukmy System Product Version : 5.1.2600.1106
VirusTotal Report submitted 2011-06-30 00:42:00
VirusShare info last updated 2012-07-25 08:28:49

	MD5	e916a32af6f0efd314181c3bbe0363cf
	SHA1	4868ecd1abb45df7f23f61290cbaa924903eb4e0
	SHA256	e5d54fd7d7209673bbc2a78d73dce39550f20680a9ed2f5300ba2c82b289a381
SSDeep	1536:lPGz7YoR6Ev+iWTNzt9BrYbG6XijYNLERpK2iKAXM3QGoRC/1tJ:wYo80tArIXijfQGoRC/fJ
Size	114176 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.AV.572 Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/Win32.Monder.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.FakeAV Panda = Trj/Genetic.gen nProtect = Trojan/W32.Monder.114176.N K7AntiVirus = Riskware VirusBuster = Trojan.Monder!ZfAge7EfLnU TrendMicro-HouseCall = TROJ_MONDR.SMUM Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Vundo!kf DrWeb = Trojan.Virtumod.9851 TrendMicro = TROJ_MONDR.SMUM Kaspersky = Trojan.Win32.Monder.drjy Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Monder.BMF!tr PCTools = Trojan.Gen Jiangmin = Trojan/Monder.aamm McAfee = Vundo!kf F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) Prevx = Medium Risk Malware F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.CFBI Norman = Monder.M Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.13 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.lxf BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:06:17 01:37:32-04:00 PE Type : PE32 Linker Version : 5.12 Code Size : 57344 Initialized Data Size : 102400 Uninitialized Data Size : 0 Entry Point : 0xafd6 OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 9.0.32.3 Product Version Number : 9.0.32.3 File Flags Mask : 0x003f File Flags : Pre-release File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 6 Language Code : English (U.S.) Character Set : Unicode Company Name : Marvell File Description : NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller File Version : 9.0.32.3 built by: WinDDK Internal Name : YK60X86.sys Legal Copyright : ©Copyright 2002-2006 Marvell®. All rights reserved. Original Filename : YK60X86.sys Product Name : Marvell Yukon Ethernet Controller Product Version : 9.0.32.3
VirusTotal Report submitted 2011-10-22 00:36:27
VirusShare info last updated 2012-07-25 08:30:18

	MD5	e9796b0aec2c4bc598eed381badab0c0
	SHA1	703c398984268bf77f76aecfed11c97ab3988b84
	SHA256	bd227155c5d51f759c471821e779623a73c4e83879688b1ebcc7323d34e854fe
SSDeep	6144:12YCMrpmfPHkcHYX7Cr63TTcp3gAF4z9Cv+KSUQ32ry/Kmd4WVCLhKne0B82Ec:1HCwrUI7g6jYS64zUvDSjuWjH77Wbc
Size	393759 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Spy.393643 Avast = Win32:Spyware-gen [Spy] Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Generic Trojan nProtect = Trojan/W32.Pirminay.393759 K7AntiVirus = Trojan VirusBuster = TrojanSpy.Agent!N4s9M8aSyjY VBA32 = Trojan.Pirminay.iha TrendMicro-HouseCall = TROJ_GEN.R47C2FL Emsisoft = Trojan.Win32.Pirminay!IK Comodo = TrojWare.Win32.Trojan.Agent.Gen CAT-QuickHeal = Trojan.Pirminay.iha SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[RE] McAfee-GW-Edition = Artemis!E9796B0AEC2C TrendMicro = TROJ_GEN.R47C2FL Kaspersky = Trojan.Win32.Pirminay.iha Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Pirminay.IHA!tr PCTools = Trojan.ADH Jiangmin = Trojan/Pirminay.acs McAfee = Artemis!E9796B0AEC2C F-Secure = Gen:Trojan.Heur.RP.ymLfamRySpdi VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Spyware-gen [Spy] eSafe = Win32.TRSpy AVG = SHeur3.CERD Norman = W32/Obfuscated.L Sophos = Mal/Generic-L Symantec = Trojan.ADH GData = Gen:Trojan.Heur.RP.ymLfamRySpdi TheHacker = Trojan/Pirminay.iha BitDefender = Gen:Trojan.Heur.RP.ymLfamRySpdi NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:25 17:24:29-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 393216 Initialized Data Size : 4096 Uninitialized Data Size : 487424 Entry Point : 0xd7010 OS Version : 4.0 Image Version : 21315.20512 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.5512 Product Version Number : 5.1.2600.5512 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Bwvwoqvlf Ehscgqxswrs File Description : Yanaoab NT MARTA provider File Version : 5.1.2600.5512 (xpsp.080413-2113) Internal Name : ntmarta.dll Legal Copyright : © Grqpskjaw Jisqfrwdtfo. All rights reserved. Original Filename : ntmarta.dll Product Name : Mqtosrgiz® Psctysy® Operating Jgcrjk Product Version : 5.1.2600.5512
VirusTotal Report submitted 2011-07-20 21:26:09
VirusShare info last updated 2012-07-25 08:30:39

	MD5	e99fe619ec05b49aa91bfb32f75e8da4
	SHA1	8b086dffc1526bd8af84512f30ffd988a4c6a402
	SHA256	7f2b50b3531f45e6c824e14479aa6bed1bf50de08d4dd8b99da16b0e0cf595fd
SSDeep	1536:Yd2mPmG9wP9shTK+iYIrboMLQ3F21CnCRJZuGMqqU+NV23S2q:YsnG9w+1K+iYCbo58kGMqqDLy/q
Size	86528 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:Vundo-JW [Trj] Ikarus = Trojan.Win32.Pirminay Panda = Trj/Genetic.gen Rising = Trojan.Win32.Generic.128AE513 nProtect = Trojan/W32.Agent.86528.MA K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!TMJTGmTCKzw eTrust-Vet = Win32/Vundo.HSC TrendMicro-HouseCall = TROJ_GEN.R1BC2GG Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Vundo!kf DrWeb = Trojan.WinSpy.1072 TrendMicro = TROJ_GEN.R1BC2GG Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.gije McAfee = Vundo!kf F-Secure = Gen:Variant.Vundo.4 VIPRE = Virtumonde Avast5 = Win32:Vundo-JW [Trj] eSafe = Win32.TRVundo F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.BNQO Norman = W32/Suspicious_Gen2.NRVQH Sophos = Mal/Generic-L GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.owy BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.OWY
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:13 09:32:51-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 32768 Initialized Data Size : 106496 Uninitialized Data Size : 0 Entry Point : 0x8a87 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Softpub Forwarder DLL File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : Softpub Forwarder DLL Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : Softpub Forwarder DLL Product Name : Microsoft® Windows® Operating System Product Version : 6.1.7600.16385
VirusTotal Report submitted 2011-09-14 20:05:12
VirusShare info last updated 2012-07-25 08:30:53

	MD5	e9e21392a6b85fc6e8c186785f4e2478
	SHA1	92eed57fe18155db62804ab2e241a2a4bfa2f969
	SHA256	18e16bbae6a1ec020026a32dcb720e52a24913258107036f9028cb19f2370f97
SSDeep	6144:zkroC63y01bcCgMh5TodqJIxzm7ENbwc0FH01FvLaKZuAGP0pV/:zkcicbcCg2JIx/8FUzZAa
Size	320037 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen2 Ikarus = Trojan.Win32.Pirminay nProtect = Gen:Variant.Zbot.34 K7AntiVirus = Trojan PCTools = HeurEngine.MaliciousPacker F-Secure = Gen:Variant.Zbot.34 VIPRE = Trojan.FakeAlert Avast5 = Win32:Vundo-JU F-Prot = W32/FakeAlert.LP.gen!Eldorado AVG = SHeur3.CAWO Symantec = Packed.Generic.305 GData = Gen:Variant.Zbot.34 Commtouch = W32/FakeAlert.LP.gen!Eldorado BitDefender = Gen:Variant.Zbot.34 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:01:17 12:40:52-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 12288 Initialized Data Size : 593920 Uninitialized Data Size : 0 Entry Point : 0x35f0 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6001.18000 Product Version Number : 6.0.6001.18000 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : USB Audio Class Driver File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840) Internal Name : USBAudio.sys Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : USBAudio.sys Product Name : Microsoft® Windows® Operating System Product Version : 6.0.6001.18000
VirusTotal Report submitted 2011-05-25 23:55:07
VirusShare info last updated 2012-07-25 08:31:12

	MD5	ea6ecdb219b80d85b984b4fb32153a9d
	SHA1	a58483b517f17a524b5f814ae0691f8d49bad204
	SHA256	2a3cd8c2766f46c6c66ee46e860c5a088c384bfccf3a05f3f79a212b4491990c
SSDeep	768:tPVA2HWDmxy7BvOFnjGx+uJgCR6OxSUNgi9Z/BJTP7K+fZM4gU1S9HKKVBWZL7q:tPGIWuks/uJg0t7TjKuM4LY8KVBM3
Size	55296 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay Panda = Suspicious file nProtect = Trojan/W32.Pirminay.55296 K7AntiVirus = Riskware VirusBuster = Trojan.Pirminay!UzHEqKgnJqA VBA32 = Trojan.Pirminay.te TrendMicro-HouseCall = TROJ_GEN.R4FC2DK Emsisoft = Trojan.Win32.Pirminay!IK Comodo = TrojWare.Win32.Trojan.Generic.KDV_453160 McAfee-GW-Edition = Vundo!ia DrWeb = Trojan.Siggen2.5145 TrendMicro = TROJ_GEN.R4FC2DK Kaspersky = Trojan.Win32.Pirminay.te Microsoft = Trojan:Win32/Vundo.gen!AV PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.cs McAfee = Vundo!ia ClamAV = Trojan.Agent-183956 F-Secure = Trojan.Generic.KDV.45316 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:Malware-gen F-Prot = W32/Virtumonde.BZ.gen!Eldorado AVG = Generic19.AAPJ Norman = W32/Suspicious_Gen2.LGILH Sophos = Troj/Agent-RIE Symantec = Trojan.Gen GData = Trojan.Generic.KDV.45316 Commtouch = W32/Virtumonde.BZ.gen!Eldorado TheHacker = Trojan/Pirminay.te BitDefender = Trojan.Generic.KDV.45316 NOD32 = a variant of Win32/Kryptik.HKB
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:11:03 21:34:35-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 47616 Initialized Data Size : 44544 Uninitialized Data Size : 0 Entry Point : 0xc94d OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.0.2180.1 Product Version Number : 5.0.2180.1 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 4 Language Code : Neutral Character Set : Unicode Company Name : Microsoft Corporation File Description : ModeX Display Driver File Version : 5.00.2180.1 Internal Name : modex.dll Legal Copyright : Copyright (C) Microsoft Corp. 1981-1999 Original Filename : modex.dll Product Name : Microsoft(R) Windows (R) 2000 Operating System Product Version : 5.00.2180.1
VirusTotal Report submitted 2011-07-23 01:43:55
VirusShare info last updated 2012-07-25 08:31:48

	MD5	ea917cb748c7f5095ff0f6573ed57764
	SHA1	5a9b7ef7a4273118120ec8fa25bdefe5323a6220
	SHA256	020402f2253c231661321d0661a8387a1fb43e68e5b330b55a88e15f8c42855d
SSDeep	1536:U4cwSC/UXuY28bQJjml9I3k3lQ36QDkUwuYj:UBwx8b20QJj83lQ39koY
Size	49664 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.AV.617 Avast = Win32:MalOb-GH [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Gen Panda = Trj/CI.A Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Vundo!jb ViRobot = Trojan.Win32.Vundo.49664 Microsoft = Trojan:Win32/Vundo.gen!AV PCTools = Trojan.Gen McAfee = Vundo!jb F-Secure = Trojan.Generic.KDV.279193 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-GH [Cryp] AVG = Generic23.AQMZ Norman = W32/Suspicious_Gen2.NHCDM Symantec = Trojan.Gen GData = Trojan.Generic.KDV.279193 TheHacker = Trojan/Kryptik.ocu BitDefender = Trojan.Generic.KDV.279193 NOD32 = a variant of Win32/Kryptik.OCU
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2004:08:16 10:16:46-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 40960 Initialized Data Size : 49152 Uninitialized Data Size : 0 Entry Point : 0xaeb1 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2001.12.4414.258 Product Version Number : 3.0.0.4414 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Windows, Latin1 Company Name : Yzwibhlqj Ewifvhxbtkz File Description : Simple Kernel-mode File-based Log File Version : 2001.12.4414.258 Internal Name : txflog.sys Legal Copyright : Copyright (C) Microsoft Corp. 1995-1999 Legal Trademarks : Qfvwqsgxa(R) is a registered trademark of Ighyzngxg Psbzwdzhbpn. Pbnyczd(TM) is a trademark of Zlpagiibr Klpywuagrfb Product Name : COM Services Product Version : 03.00.00.4414
VirusTotal Report submitted 2011-07-07 13:14:49
VirusShare info last updated 2012-07-25 08:31:59

	MD5	eb40dfcb7bf5e5e4ef341b80f1d053ae
	SHA1	1820e72bc48323d323b21a458ebcdccab2c0759b
	SHA256	edf7a4e97170009ad3a16bd44937ac58f10f56788b94a9db1ad4c9221e917bbb
SSDeep	3072:gEEhI+bevbxg7/hXMyvKrqlE3h5esHGarptMKw+C3/6lJZb:/1wSqs5ZGaFtnwP3/g
Size	126464 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/win32.agent.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Gen Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.4 VirusBuster = Trojan.Kryptik!R1PCIU9ZQQo TrendMicro-HouseCall = TROJ_GEN.R1BC2FI Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Artemis!EB40DFCB7BF5 TrendMicro = TROJ_GEN.R1BC2FI Microsoft = Trojan:Win32/Vundo PCTools = Trojan.Gen McAfee = Artemis!EB40DFCB7BF5 F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-EI [Cryp] AVG = Generic22.AG Symantec = Trojan.Gen GData = Gen:Variant.Vundo.4 BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2005:03:14 09:03:46-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 77824 Initialized Data Size : 94208 Uninitialized Data Size : 0 Entry Point : 0xff29 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.13.1.3198 Product Version Number : 6.13.1.3198 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 4 Language Code : English (U.S.) Character Set : Unicode Company Name : Intel(R) Vdigjpuwacr File Description : Digital Display Minidriver for Intel(R) Graphics Driver File Version : 6.13.01.3198 Internal Name : Ch7xxnt5.dll Legal Copyright : Copyright (c) 1998-2001 Intel(R) Jtvjbebzjlz. Original Filename : Ch7xxnt5.dll Product Name : Intel(R) Graphics Accelerator Drivers for Windows NT(R) Product Version : 6.13.01.3198
VirusTotal Report submitted 2011-07-09 14:19:43
VirusShare info last updated 2012-07-25 08:32:47

	MD5	ed183bb8e657e2b2f9c231842b55702b
	SHA1	4e0abc9f63f509d0e77e9ef6d41492a5c8b43624
	SHA256	19c623808ba8ddd817c5d49db6399ef2358a3bf2825302e174c31a9adea820ce
SSDeep	3072:srH8YqopZqbwK8lkKrwEuSZhwHJValiljMqqDLy/3AK:cH8YDqcK88mhwgnqqDLu3
Size	166400 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.A.946 Avast = Win32:Kryptik-ELX [Trj] Antiy-AVL = Trojan/Win32.Monder.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Trj/Genetic.gen Rising = Trojan.Win32.Generic.12899D94 nProtect = Trojan/W32.Monder.166400.F K7AntiVirus = Riskware eTrust-Vet = Win32/Vundo.HQK TrendMicro-HouseCall = TROJ_GEN.R47CRFJ Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Vundo!kl DrWeb = Trojan.Smardec.75 TrendMicro = TROJ_GEN.R47CRFJ Kaspersky = Trojan.Win32.Monder.drjy Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen Jiangmin = Trojan/Monder.aapz McAfee = Vundo!kl F-Secure = Gen:Variant.Vundo.13 VIPRE = Virtumonde Avast5 = Win32:Kryptik-ELX [Trj] F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.ANJ Norman = W32/Suspicious_Gen2.NPXJZ Sophos = Mal/Generic-L GData = Gen:Variant.Vundo.13 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.oxq BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.OXQ
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:12:07 01:22:53-05:00 PE Type : PE32 Linker Version : 5.12 Code Size : 98304 Initialized Data Size : 118784 Uninitialized Data Size : 0 Entry Point : 0x148ca OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.3790.3959 Product Version Number : 6.0.3790.3959 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Microsoft IIS Common Logging Interface DLL File Version : 6.0.3790.3959 (srv03_sp2_rtm.070216-1710) Internal Name : ISCOMLOG.DLL Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : ISCOMLOG.DLL Product Name : Internet Information Services Product Version : 6.0.3790.3959
VirusTotal Report submitted 2011-09-19 21:25:54
VirusShare info last updated 2012-07-25 08:34:51

	MD5	ed1cb2947d07de5c1899c9ccf6de4605
	SHA1	b995ddfa7af6518e4a2e1367b4b9e4ee79bcd917
	SHA256	5e32dd770a304d744c38e76960385f80aaaeb626afad28ca5d8988cdfe3e3ac2
SSDeep	1536:Gy7vdqo3VVxEkHKK4b0rj9leTJJhabHLWB2vDhBEQtaekQf:XdqSnxLKfw9leFJhcLRreekQf
Size	76800 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-EI Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Malware/Win32.Generic Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.4 Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Artemis!ED1CB2947D07 Microsoft = Trojan:Win32/Vundo McAfee = Vundo!ja F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-EI AVG = Generic22.YJO Norman = W32/Suspicious_Gen2.NDNNI GData = Gen:Variant.Vundo.4 TheHacker = Trojan/Kryptik.ndi BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.NDI
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:06:29 07:32:37-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 32768 Initialized Data Size : 90112 Uninitialized Data Size : 0 Entry Point : 0x4add OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 2 Language Code : Neutral Character Set : Unicode Company Name : Microsoft Feyzmogvamr File Description : Greenlandic Keyboard Layout File Version : 6.0.6000.16386 (edkrn_rtm.061101-2205) Internal Name : kbdgrlnd (3.13) Legal Copyright : © Oscyawtxx Pxpucqjdtev. All rights reserved. Original Filename : kbdgrlnd.dll Product Name : Vhrnqseir® Eipvpsk® Bxmonqxom Vrwqts Product Version : 6.0.6000.16386
VirusTotal Report submitted 2011-07-03 08:43:30
VirusShare info last updated 2012-07-25 08:34:51

	MD5	ed6540227da5e278dcfd9fea10c0522c
	SHA1	5b0f0a2d9c280e53ed390136ff93e26c18726ab2
	SHA256	504e9d978c66600239c539ef0c27f33ea4f4bf542bbd0315f413235404b22044
SSDeep	3072:U5JNakHH76tjEov/IxweCrf7oTijyfULmdbEo7jI81F:U5Dakygov/eweuIay8LmNBIC
Size	120832 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-GD Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Gen Panda = Trj/CI.A K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!PO37HEOp48s TrendMicro-HouseCall = TROJ_GEN.R72C2FH Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Artemis!ED6540227DA5 TrendMicro = TROJ_GEN.R72C2FH Microsoft = Trojan:Win32/Vundo PCTools = Trojan.Gen McAfee = Artemis!ED6540227DA5 F-Secure = Trojan.Generic.6133552 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-GD AVG = Generic22.CJWD Symantec = Trojan.Gen GData = Trojan.Generic.6133552 TheHacker = Trojan/Kryptik.npn BitDefender = Trojan.Generic.6133552 NOD32 = a variant of Win32/Kryptik.NPN
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:14 13:39:47-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 69632 Initialized Data Size : 94208 Uninitialized Data Size : 0 Entry Point : 0x11a81 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1.3.0.3130 Product Version Number : 1.3.0.3130 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Jywyluocc Vhpbrgajfmp File Description : TDC ActiveX Control File Version : 1, 3, 0, 3130 Internal Name : TDC Legal Copyright : Copyright © 1996, 1997 Original Filename : TDC.OCX Product Name : Tabular Data Control Product Version : 1, 3, 0, 3130
VirusTotal Report submitted 2011-07-04 11:38:30
VirusShare info last updated 2012-07-25 08:35:08

	MD5	edbb307205339cd70debb64804bc537f
	SHA1	33f8432e49a12fa06835ca1178429b0db93de79f
	SHA256	7077479a6f60eb771de464486257dc1284b64f5141da13e59ccc2e3adf33c581
SSDeep	6144:xH1YJJIaFipHIFx9hbwIFCAZHI2oHU6b3UE66VtdRTYrjNNr6H1I7wRnK8548FFt:DYJepobrwIAco2ub+6VlYrjTM1fp88my
Size	371712 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.XPACK.Gen2 Avast = Win32:Dropper-gen [Drp] Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/CI.A nProtect = Trojan/W32.Pirminay.371712 K7AntiVirus = Trojan VirusBuster = Trojan.Pirminay!d6woub+XMXM VBA32 = Trojan.Pirminay.hux TrendMicro-HouseCall = TROJ_AGENT.JNAZ Emsisoft = Trojan.Win32.Pirminay!IK Comodo = TrojWare.Win32.Trojan.Agent.Gen CAT-QuickHeal = Trojan.Pirminay.hux McAfee-GW-Edition = Artemis!EDBB30720533 DrWeb = Trojan.DownLoader3.10211 TrendMicro = TROJ_AGENT.JNAZ Kaspersky = Trojan.Win32.Pirminay.hux Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Ponmocup.A!tr PCTools = Trojan.Gen McAfee = Artemis!EDBB30720533 F-Secure = Gen:Variant.Zbot.34 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Kryptik-CWP [Trj] eSafe = Win32.TRCrypt.XPACK AVG = Generic22.BVOK Norman = W32/Obfuscated.L Sophos = Mal/Ponmocup-A GData = Gen:Variant.Zbot.34 Symantec = Trojan.Gen TheHacker = Trojan/Pirminay.hux BitDefender = Gen:Variant.Zbot.34 NOD32 = a variant of Win32/Kryptik.LLT
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:02:16 22:07:41-05:00 PE Type : PE32 Linker Version : 6.0 Code Size : 360448 Initialized Data Size : 348160 Uninitialized Data Size : 0 Entry Point : 0x54ae3 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.0.1050 Product Version Number : 5.1.0.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Windows, Latin1 Comments : Release Company Name : Inso Corporation File Description : SCC Utility File Version : 5.1.0.1050 [Nov.15.1997] Internal Name : SCMSUT Legal Copyright : Copyright © Inso Corporation 1991-1997 Original Filename : SCMSUT.DLL Product Name : Outside In® Viewer Technology Product Version : 5.1
VirusTotal Report submitted 2011-09-12 07:06:55
VirusShare info last updated 2012-07-25 08:35:28

	MD5	ee1c7fa6c1abb0514abd1b2fb7310206
	SHA1	455a059773336faaf3eaebea18793d09e293a71d
	SHA256	ee8cecfde7cfae5d6fb7440647c02f7359ff174090e38202dc6dde1e8eed6cb8
SSDeep	6144:b/VJmfC0G9r69IUjJIBb59VOI27P+kgGws62uZukRX4iMyVPzXfVvE5YEdJWqU:b/VJmfC0GkpJIt59VOI2j+/GXduu6X4q
Size	365128 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:Pirminay-W Antiy-AVL = Trojan/Win32.Pirminay Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Pirminay.365128.B Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.5 K7AntiVirus = Riskware VirusBuster = Trojan.Agent!wWzOKfPZuS4 TrendMicro-HouseCall = TROJ_GEN.R21C1F3 Comodo = TrojWare.Win32.Trojan.Agent.Gen SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Generic Downloader.x!fyg TrendMicro = TROJ_GEN.R21C1F3 Kaspersky = Trojan.Win32.Pirminay.gzz Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Pirminay.A!tr PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.xg McAfee = Generic Downloader.x!fyg ClamAV = Trojan.Pirminay-1 F-Secure = Trojan.Generic.5867365 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Pirminay-W eSafe = Win32.TRDropper AVG = Generic22.AFGV Norman = W32/Suspicious_Gen2.MQHFD Sophos = Mal/Ponmocup-A Symantec = Trojan.Gen GData = Trojan.Generic.5867365 TheHacker = Trojan/Pirminay.giu BitDefender = Trojan.Generic.5867365 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:18 11:12:37-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 57344 Initialized Data Size : 593920 Uninitialized Data Size : 0 Entry Point : 0xae8f OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 9.1.1.3841 Product Version Number : 9.1.1.3841 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Ijlmnyuen Caxlrympeju File Description : Kbhqrel Media Services HTTP Control Protocol Plugin Property Page File Version : 9.01.01.3841 (srv03_sp2_rtm.070216-1710) Internal Name : WMSHTTPControlPropPage.Dll Legal Copyright : © Ylqzeicer Peheyysfnid. All rights reserved. Original Filename : WMSHTTPControlPropPage.Dll Product Name : Qehnslxou® Ctogeij Media Services Product Version : 9.01.01.3841
VirusTotal Report submitted 2011-06-30 19:46:56
VirusShare info last updated 2012-07-25 08:35:51

	MD5	ee7d5402fd99909175ade6addf49b45c
	SHA1	36e2bfafe8cbdc0b3d0aa617a699ad80be0780c8
	SHA256	6cc06e89768615c496045a5a01f7247c392bb884bce42fe34ffdc9c69e6072b9
SSDeep	6144:sc8ybgoKQK5vln4GRwk6t9Zf6F774vNw10+GdLj5abhh0FCKfAaapJY:sfLZTb4GakMvof4VNfdLjq2s
Size	329728 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Kazy.23594 Avast = Win32:Pirminay-BD [Trj] Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Pirminay.329728 Panda = Generic Trojan nProtect = Trojan/W32.Pirminay.329728 K7AntiVirus = Trojan VirusBuster = Trojan.Pirminay!yjF85I6tHrc VBA32 = Trojan.Pirminay.iph TrendMicro-HouseCall = TROJ_GEN.R47C2G5 Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Pirminay.iph SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Generic.dx!zwh DrWeb = Trojan.DownLoader3.35201 TrendMicro = TROJ_GEN.R47C2G5 Kaspersky = Trojan.Win32.Pirminay.iph Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Pirminay.IPH!tr Jiangmin = Trojan/Pirminay.aid McAfee = Generic.dx!zwh F-Secure = Trojan.Generic.6154485 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Pirminay-BD [Trj] eSafe = Win32.GenVariant.Kaz AVG = SHeur3.CFKZ Norman = W32/Obfuscated.L Sophos = Mal/Generic-L GData = Trojan.Generic.6154485 Symantec = WS.Reputation.1 TheHacker = Trojan/Pirminay.iph BitDefender = Trojan.Generic.6154485 NOD32 = Win32/Qhost.NRX
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:08:25 13:56:47-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 327680 Initialized Data Size : 4096 Uninitialized Data Size : 401408 Entry Point : 0xb2b00 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.0.2134.1 Product Version Number : 5.0.2134.1 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Unzzhvxko Ytbcupwrljs File Description : Yqhbfwe Font Viewer File Version : 5.00.2134.1 Internal Name : fontview Legal Copyright : Copyright (C) Xmcbjnlyl Corp. 1991-1995 Original Filename : FONTVIEW.EXE Product Name : Lbdgfecwt(R) Oitgjsi (R) 2000 Lswlfchmc Agvajd Product Version : 5.00.2134.1
VirusTotal Report submitted 2011-09-13 11:06:10
VirusShare info last updated 2012-07-25 08:36:18

	MD5	ef9552b7f929b6d88fc45a673a867056
	SHA1	11e778337d73d3e46f63e0f60fd6fac4947aee20
	SHA256	0284c08c2b4f645ec7e0e28c6944099d626b9163e2c031fa92bce46b27c5721b
SSDeep	1536:wc0AjflfcC8Tsj0J3+B7WGl1/AAqypHuZm1vV6hoFtDi9TlSugv2NvIi7:IqfCXJYWGl1obkuZqvV6C8lSuQsJ7
Size	102400 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-EI Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Gen Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.13 K7AntiVirus = Riskware VirusBuster = Adware.Virtumonde!ZHOep6UmnVI TrendMicro-HouseCall = TROJ_GEN.R1BC3F4 Comodo = UnclassifiedMalware McAfee-GW-Edition = Vundo!is TrendMicro = TROJ_GEN.R1BC3F4 Microsoft = Trojan:Win32/Vundo Fortinet = W32/Vundo.IS!tr PCTools = Trojan.Gen McAfee = Vundo!is F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-EI AVG = Generic21.ARII Norman = W32/Suspicious_Gen2.MKRCS Symantec = Trojan.Gen.2 GData = Gen:Variant.Vundo.13 BitDefender = Gen:Variant.Vundo.13 NOD32 = Win32/Adware.Virtumonde
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:01:31 10:36:12-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 45056 Initialized Data Size : 90112 Uninitialized Data Size : 0 Entry Point : 0x89d1 OS Version : 4.0 Image Version : 21315.20512 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Lcdarmnfp Bbvykntnwyg File Description : SQL Client Configuration Utility DLL File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : cliconfg.dll Legal Copyright : © Yjbxucpjz Bvpsnpmsisr. All rights reserved. Original Filename : cliconfg.dll Product Name : Ktbxtkunr® Emetvyc® Yfsagmsjl Gggstp Product Version : 6.1.7600.16385
VirusTotal Report submitted 2011-06-30 07:07:50
VirusShare info last updated 2012-07-25 08:37:32

	MD5	efe407c30522d3688b77ff8432bacfe5
	SHA1	ea91abacf0ba828fb78f29afb164c0b975779566
	SHA256	06a14a655dfc7bd7d6c3b10f31d872919a65d66269a98536b00c65e12f934a90
SSDeep	3072:qr8A8Me7T/nXNo2HSVORTN1hCXn1wMwHyaXnTcRJG5awjFH5xt4IPRZZoGZ:qrmMe7jNEVfwMwp5h1uI6
Size	150016 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:MalOb-GD Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Gen Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.13 K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_GEN.R72C2F8 Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Agent.Gen SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Vundo!iz TrendMicro = TROJ_GEN.R72C2F8 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo PCTools = Trojan.Gen Jiangmin = Trojan/Generic.gdwr McAfee = Vundo!iz F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-GD eSafe = Win32.TRATRAPS AVG = Generic22.BEMG Norman = W32/Suspicious_Gen2.MYJEW Symantec = Trojan.Gen GData = Gen:Variant.Vundo.13 TheHacker = Trojan/Kryptik.ndf BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.NDF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2007:02:25 23:57:15-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 139264 Initialized Data Size : 53248 Uninitialized Data Size : 0 Entry Point : 0x22691 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Sqdxuwjyv Jtzvdxwxyfz File Description : RD Gateway QEC File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : tsgqec.dll Legal Copyright : © Pfsomcmvl Jfkoqfylawb. All rights reserved. Original Filename : tsgqec.dll Product Name : Qidllkosj® Windows® Mphwnomth Jumiqu Product Version : 6.1.7600.16385
VirusTotal Report submitted 2011-06-25 17:42:38
VirusShare info last updated 2012-07-25 08:37:51

	MD5	f0a963c9be6d51f26982ff3435886304
	SHA1	c688588b16fe2f9e648699d75378e1b201ad1a48
	SHA256	bda4bfa2e1efab8f9fb6044748846c6a0f2fb755543f06e1525da694d4713db9
SSDeep	6144:Hv4H7u7NzXOvzK3y8f18noGMb0GhloqZGw0Mz2htiYGnylMh0nXD7CFWBw9:Pk7u79OLKCzM7hlRZS5tGylMSnXDuFL
Size	335827 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Spy.335845 Avast = Win32:Pirminay-BC [Trj] Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Pirminay.335827 Panda = Trj/CI.A nProtect = Trojan/W32.Pirminay.335827 VirusBuster = Trojan.Kryptik!K8ziuVYXhI4 TrendMicro-HouseCall = TROJ_GEN.R21C2G6 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Pirminay.iif SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Downloader.a!ez TrendMicro = TROJ_GEN.R21C2G6 Kaspersky = Trojan.Win32.Pirminay.iif Fortinet = PossibleThreat PCTools = Trojan.ADH Jiangmin = Trojan/Pirminay.adv McAfee = Downloader.a!ez F-Secure = Gen:Trojan.Heur.RP.umLfa0YoHdai VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Pirminay-BC [Trj] AVG = Generic23.GGN Norman = W32/Obfuscated.L Sophos = Mal/Generic-L Symantec = Trojan.ADH GData = Gen:Trojan.Heur.RP.umLfa0YoHdai TheHacker = Trojan/Pirminay.iho BitDefender = Gen:Trojan.Heur.RP.umLfa0YoHdai NOD32 = a variant of Win32/Kryptik.LLT
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:11:05 16:26:51-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 335872 Initialized Data Size : 4096 Uninitialized Data Size : 430080 Entry Point : 0xbafe0 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.0 Product Version Number : 5.2.3790.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Jxupduxfy Bplskmrmniz File Description : Displays NIC MAC information File Version : 5.2.3790.0 (srv03_rtm.030324-2048) Internal Name : GetMac.exe Legal Copyright : © Wncctafyu Urbbzwwnktc. All rights reserved. Original Filename : GetMac.exe Product Name : Qdzldxwlt® Vycbdbi® Zwuxlavqf Sgljoi Product Version : 5.2.3790.0
VirusTotal Report submitted 2011-08-23 19:01:02
VirusShare info last updated 2012-07-25 08:38:41

	MD5	f0b13b77dec8ebe1e255fb8ff2a5692f
	SHA1	f77ed1c8057b56697d46d3a752bbc72cfa3cac5c
	SHA256	6a7e0ec9f4d2ef828300b1021941be54c259263d412d59d0a12f14b073d96a34
SSDeep	6144:CGMRzkGlUKQryU8ej6M17RZVmigfflZkORnPPB1lOfGio:CGMRkKQV+MtRcfbp51lOfW
Size	311296 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Spy.ZBot.34.51 Avast = Win32:Pirminay-V Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Pirminay.311296.I Panda = Generic Trojan nProtect = Gen:Variant.Zbot.34 K7AntiVirus = Trojan VirusBuster = Trojan.Pirminay!3c031/6UyM0 VBA32 = Trojan.Pirminay.hxr TrendMicro-HouseCall = TROJ_GEN.R01C2FD Comodo = TrojWare.Win32.Trojan.Agent.Gen DrWeb = Trojan.DownLoader3.13029 TrendMicro = TROJ_GEN.R01C2FD Kaspersky = Trojan.Win32.Pirminay.hxr Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Pirminay.HXR!tr PCTools = HeurEngine.MaliciousPacker F-Secure = Gen:Variant.Zbot.34 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Pirminay-V eSafe = Win32.GenVariant.Zbo AVG = SHeur3.CCVM Norman = W32/Obfuscated.L Sophos = Mal/Generic-L Symantec = Packed.Generic.305 GData = Gen:Variant.Zbot.34 TheHacker = Trojan/Pirminay.hxr BitDefender = Gen:Variant.Zbot.34 NOD32 = a variant of Win32/Kryptik.NHM
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:12:10 11:47:18-05:00 PE Type : PE32 Linker Version : 5.12 Code Size : 294912 Initialized Data Size : 282624 Uninitialized Data Size : 0 Entry Point : 0x48816 OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.398.613.2003 Product Version Number : 5.398.613.2003 File Flags Mask : 0x003f File Flags : Private build File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 6 Language Code : English (U.S.) Character Set : Unicode Company Name : Realtek Semiconductor Corporation File Description : Realtek RTL8139 NDIS 5.0 Driver File Version : 5.398.613.2003 built by: WinDDK Internal Name : RTL8139.SYS Legal Copyright : Copyright (C) 1994-2003 Realtek Semiconductor Uawxklfledv Original Filename : RTL8139.SYS Product Name : Realtek RTL8139 Family Fast Ethernet Adapter Product Version : 5.398.613.2003
VirusTotal Report submitted 2011-06-20 22:57:44
VirusShare info last updated 2012-07-25 08:38:43

	MD5	f1a1c11ab4cc45bac3e1e92e2875aad0
	SHA1	9ad4f8a0f7b6fe010fafdeb38cee3a838d1170b2
	SHA256	da723591653eed629452ec3ee217a897296ccaca1bb5fae8dceb8ae3a855c352
SSDeep	768:wEsWg8F9QNZF0GvuhSnZ6ttEre9cTnjGa3yMuoIfopzZYiCG1voN6:xsd8zcZqSZfrA4n6a3yXw4UVE6
Size	45056 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-EI Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Malware/Win32.Generic Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.5 K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_GEN.R72C2EV Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[RE] McAfee-GW-Edition = Artemis!F1A1C11AB4CC TrendMicro = TROJ_GEN.R72C2EV Microsoft = Trojan:Win32/Vundo McAfee = Artemis!F1A1C11AB4CC F-Secure = Gen:Variant.Vundo.5 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-EI eSafe = Win32.TRVundo AVG = Generic22.BCXT GData = Gen:Variant.Vundo.5 BitDefender = Gen:Variant.Vundo.5 NOD32 = a variant of Win32/Kryptik.NDF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:06:29 08:26:07-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 8192 Initialized Data Size : 81920 Uninitialized Data Size : 0 Entry Point : 0x21bb OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Rrwzemgyf Haethwaimyw File Description : Vfgpnzr Shell Obsolete APIs File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : SHUNIMPL Legal Copyright : © Yogxmvoen Corporation. All rights reserved. Original Filename : SHUNIMPL.DLL Product Name : Onncmrceu® Mchcgeg® Vqbgvfzrf System Product Version : 6.1.7600.16385
VirusTotal Report submitted 2011-06-23 09:22:35
VirusShare info last updated 2012-07-25 08:39:47

	MD5	f242f30fd23373ac2c572a6c0b39bed4
	SHA1	9931db18f143a6a49ddcf9cca4716bba088989a5
	SHA256	6ff5663548ea876a555c3d50d8adb0fd8428f7259573080d5af1c07a282281e1
SSDeep	1536:SX3DoRv8XZ2SlWOQKraJItivDD81TnkMmvcWjcSE+:SXzs8XQS0vKramtSD81TnZmvbj9E+
Size	65536 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.65536.AV Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Suspicious file nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!K5BoISg/22c TrendMicro-HouseCall = TROJ_GEN.R11C2K9 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Vundo!hc DrWeb = Trojan.Virtumod.9889 TrendMicro = TROJ_GEN.R11C2K9 Kaspersky = Trojan.Win32.Monder.drjy Microsoft = Trojan:Win32/Vundo.gen!AV PCTools = Trojan.Gen Jiangmin = Trojan/Monder.aaqe McAfee = Vundo!hc VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:Malware-gen eSafe = Win32.TRVundo.Av F-Prot = W32/Virtumonde.BZ.gen!Eldorado AVG = Generic23.WEE Norman = W32/Suspicious_Gen2.HEMML Sophos = Mal/Generic-L Symantec = Trojan.Gen GData = Trojan.Generic.5013168 Commtouch = W32/Virtumonde.BZ.gen!Eldorado BitDefender = Trojan.Generic.5013168 NOD32 = a variant of Win32/Kryptik.GND
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:24 10:46:16-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 58368 Initialized Data Size : 43520 Uninitialized Data Size : 0 Entry Point : 0xf189 OS Version : 4.0 Image Version : 8.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6001.18000 Product Version Number : 6.0.6001.18000 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Windows IPsec SPD Client DLL File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840) Internal Name : winipsec.dll Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : winipsec.dll Product Name : Microsoft® Windows® Operating System Product Version : 6.0.6001.18000
VirusTotal Report submitted 2011-06-26 03:26:44
VirusShare info last updated 2012-07-25 08:40:28

	MD5	f36598971c14f357c5ce1b1ee10f17cf
	SHA1	1502690308f26b2e603ab65972bf0418833f9dde
	SHA256	e118e699cf195f84ff3f9af8949b2cffb93f9fe253eeb9dc1ecb205b146a7a38
SSDeep	6144:0dkR8bA7oTmzu44d9uXa+x9G9+AFSn/mkrh/HjMR6o6047cGmB1M0kMlha8jylvt:Ak8KaXuK+v2vFSFh/Hzo+Qz1oM7awYgs
Size	373285 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.XPACK.Gen3 Avast = Win32:Pirminay-W [Trj] Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Pirminay.373285 Panda = Trj/CI.A nProtect = Gen:Variant.Buzy.3411 K7AntiVirus = Riskware VirusBuster = Trojan.Agent!hPsfQIXzQQc TrendMicro-HouseCall = TROJ_GEN.R21C2F3 Comodo = TrojWare.Win32.Trojan.Agent.Gen Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Generic.dx!zuh TrendMicro = TROJ_GEN.R21C2F3 Kaspersky = Trojan.Win32.Pirminay.gtc Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Ponmocup.A PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.abz McAfee = Generic.dx!zuh F-Secure = Trojan.Generic.5869945 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Pirminay-W [Trj] F-Prot = W32/Ponmocup.A.gen!Eldorado AVG = Dropper.Generic3.BNGS Norman = W32/Suspicious_Gen2.MPFCV Sophos = Mal/Ponmocup-A Symantec = Trojan.Gen GData = Trojan.Generic.5869945 Commtouch = W32/Ponmocup.A.gen!Eldorado TheHacker = Trojan/Pirminay.gun BitDefender = Trojan.Generic.5869945 NOD32 = a variant of Win32/Injector.FXK
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:06:06 14:24:37-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 40960 Initialized Data Size : 630784 Uninitialized Data Size : 0 Entry Point : 0x72bf OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1.1.0.0 Product Version Number : 1.1.0.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Unicode Company Name : Advanced Micro Devices File Description : AMD Processor Driver File Version : 1.1.0 (srv03_sp1_rtm.050324-1447) Internal Name : AmdK8.sys Legal Copyright : Copyright © AMD, Inc.2002-2003 Original Filename : AmdK8.sys Product Name : AMD Processor Driver Product Version : 1.1.0
VirusTotal Report submitted 2011-08-19 04:15:41
VirusShare info last updated 2012-07-25 08:41:38

	MD5	f42473920ecb447cd4c0454ffab19b5e
	SHA1	8afa4c495c4c02720225600b1e99e2a9eb16c8f3
	SHA256	75b6ca695abe218034993a0ef6ca9c99fdbc794ab42a496561aae84d098e89de
SSDeep	6144:naOV76gJ56nopQ9LBBMaWtf+YU5LRCifD2mN/C2sXzomgEQasEN5/yZS+JbU9m7:aAWLopQ1D2xe9fD362uzomgba1z/y4m7
Size	438940 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dldr.Ponmocup.A.320 Avast = Win32:Vundo-JU [Trj] Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Pirminay.438940 Panda = Trj/CI.A nProtect = Trojan/W32.Pirminay.438940 K7AntiVirus = Riskware VirusBuster = Trojan.Agent!v6N2FDA/+3Y VBA32 = Trojan.Pirminay.iis TrendMicro-HouseCall = TROJ_GEN.R72C2FG Comodo = TrojWare.Win32.Trojan.Agent.Gen Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Pirminay.iis McAfee-GW-Edition = Heuristic.BehavesLike.Win32.Suspicious.H DrWeb = Trojan.DownLoader5.4391 TrendMicro = TROJ_GEN.R72C2FG Kaspersky = Trojan.Win32.Pirminay.iis Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.afj McAfee = Generic.dx!zvf F-Secure = Trojan.Generic.6189967 VIPRE = Trojan.Win32.Generic!BT eSafe = Win32.TRDldr.Ponmocu AVG = Generic22.CEWQ Norman = W32/Obfuscated.L Sophos = Mal/Generic-L GData = Trojan.Generic.6189967 Symantec = Trojan.Gen TheHacker = Trojan/Pirminay.iis BitDefender = Trojan.Generic.6189967 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:11:18 18:27:26-05:00 PE Type : PE32 Linker Version : 5.12 Code Size : 126976 Initialized Data Size : 593920 Uninitialized Data Size : 0 Entry Point : 0x1c896 OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.0 Product Version Number : 5.2.3790.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 6 Language Code : English (U.S.) Character Set : Unicode Company Name : Meseerzlx Etkyyxjysle File Description : Baqagir NT Macintosh File Server Driver File Version : 5.2.3790.0 (srv03_rtm.030324-2048) Internal Name : sfmsrv.sys Legal Copyright : © Dpnslhdnm Spdlowlblrp. All rights reserved. Original Filename : sfmsrv.sys Product Name : Crbphecnk® Azemsbw® Xosqpjado Lgqwms Product Version : 5.2.3790.0
VirusTotal Report submitted 2011-10-21 03:24:25
VirusShare info last updated 2012-07-25 08:42:35

	MD5	f4391dd07668ed3d9ee5b7e1834f9648
	SHA1	bdfb0209345f059714f8c2498f2390865c315fb2
	SHA256	0092d1441dd8bdb95cf0bc4edd241e00e40f91c768d7189711b4cb98e281fae8
SSDeep	1536:GthaWmGT1a9shZCiY9mboiLQ3FL1CnCRJZutMqqU+NV23S2xw:Gt+GT1/rCiYcboc8ktMqqDLy/xw
Size	86528 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:Vundo-JW [Trj] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Fakeav.86528.R Panda = Trj/Genetic.gen nProtect = Trojan/W32.Agent.86528.MA K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!saSckcm2XHY eTrust-Vet = Win32/Vundo.HSC TrendMicro-HouseCall = TROJ_GEN.R47C2GR Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Vundo.av McAfee-GW-Edition = Artemis!F4391DD07668 DrWeb = Trojan.WinSpy.1072 TrendMicro = TROJ_GEN.R47C2GR Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr Jiangmin = Trojan/Generic.gije McAfee = Artemis!F4391DD07668 F-Secure = Gen:Variant.Vundo.4 VIPRE = Virtumonde eSafe = Win32.TRVundo F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic24.CIMU Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = WS.Reputation.1 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.owy BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.OWY
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:13 09:32:51-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 32768 Initialized Data Size : 106496 Uninitialized Data Size : 0 Entry Point : 0x8a87 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Softpub Forwarder DLL File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : Softpub Forwarder DLL Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : Softpub Forwarder DLL Product Name : Microsoft® Windows® Operating System Product Version : 6.1.7600.16385
VirusTotal Report submitted 2011-10-22 00:13:36
VirusShare info last updated 2012-07-25 00:33:01

	MD5	f4e06aa9ac6eca0362a90fbb268c00b9
	SHA1	0d985e01f404a76ba314623030b3ec7a3331c0d0
	SHA256	bc276b0a75f05630e24de029b36c9e2286c6349d1c2898c034f71f1190d35680
SSDeep	1536:DgFOPTq/+LeLylOtJIUyv/a/tUptXWi6E1KdyqQ7xH8PAo:G1HIUexUAKdyBxH8Ao
Size	61952 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay Panda = Suspicious file nProtect = Gen:Variant.Vundo.5 K7AntiVirus = Riskware Emsisoft = Trojan.Win32.Pirminay!IK Kaspersky = Trojan.Win32.Monder.mqji Microsoft = Trojan:Win32/Vundo.gen!AV F-Secure = Gen:Variant.Vundo.5 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-EI [Cryp] F-Prot = W32/Virtumonde.BZ.gen!Eldorado AVG = Crypt_c.BBY GData = Gen:Variant.Vundo.5 Commtouch = W32/Virtumonde.BZ.gen!Eldorado BitDefender = Gen:Variant.Vundo.5 NOD32 = a variant of Win32/Kryptik.GND
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:03:14 17:16:24-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 54784 Initialized Data Size : 43520 Uninitialized Data Size : 0 Entry Point : 0xe45d OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.2180 Product Version Number : 5.1.2600.2180 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 6 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : MS Remote Access serial network driver File Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Internal Name : ASYNCMAC.SYS Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : ASYNCMAC.SYS Product Name : Microsoft® Windows® Operating System Product Version : 5.1.2600.2180
VirusTotal Report submitted 2011-09-02 11:23:53
VirusShare info last updated 2012-07-25 08:43:31

	MD5	f53c17f0738fa46901e85fd4f59d7083
	SHA1	3c19d8393f6ebc625afe37861806fa1cbce49d30
	SHA256	195e5145ed75346a9f6ccbf22ce9bffc430fc2a803dda2e974a958d1e4731ce0
SSDeep	1536:BLiosLB7q0a93vNDN8fdO/YFNs7z+295gcItv6txf4jiVmiEQ1UMsXKukPi+psI1:BGos97q0Yt6+lrxQjiAilUMsXKukPi+n
Size	98304 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Gen Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.13 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!68JbWGtT2Vw TrendMicro-HouseCall = TROJ_GEN.R72C2FR Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[RE] DrWeb = Trojan.Smardec.79 TrendMicro = TROJ_GEN.R72C2FR Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo PCTools = Trojan.Gen F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-EI [Cryp] F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.CPAQ Symantec = Trojan.Gen GData = Gen:Variant.Vundo.13 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.ndf BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.NDF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:08:30 21:54:27-04:00 PE Type : PE32 Linker Version : 6.0 Code Size : 32768 Initialized Data Size : 98304 Uninitialized Data Size : 0 Entry Point : 0x86d1 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Unicode Company Name : Updhtwtvi Ruivycwxfwr File Description : Platform Specific Hardware Error Driver File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : pshed.dll Legal Copyright : © Pscomdbey Etlzzzaqrax. All rights reserved. Original Filename : pshed.dll Product Name : Cihplvzyu® Owrvvcy® Amdfatsht Chhvwn Product Version : 6.1.7600.16385
VirusTotal Report submitted 2011-07-22 21:53:51
VirusShare info last updated 2012-07-25 08:43:59

	MD5	f565677db5c45c522a4db32340f8ed74
	SHA1	65fb8292f37991dba7c46e7ebfa60e95f1c322da
	SHA256	fcb7e0cd59a55f718736773c2219dfe4e1c42b6f5bf1b02d188226d8047d86c0
SSDeep	1536:TpVWHyEdZopy+j5/5oeLPO+rklq5Vok9:CSEnoj/5PWs4Wok9
Size	75776 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-EI Ikarus = Trojan.Win32.Pirminay nProtect = Gen:Variant.Vundo.4 SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[RE] F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-EI AVG = Generic22.CDDO Symantec = Suspicious.Cloud.5 GData = Gen:Variant.Vundo.4 BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.NDC
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:16 21:09:18-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 57344 Initialized Data Size : 61440 Uninitialized Data Size : 0 Entry Point : 0xb78a OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.10.1.5012 Product Version Number : 5.10.1.5012 File Flags Mask : 0x003f File Flags : Private build File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 9 Language Code : English (U.S.) Character Set : Unicode Company Name : Nlrdkdj (R) Server 2003 DDK provider File Description : High Definition Audio Function Driver v1.0a File Version : 5.10.01.5012 built by: WinDDK Internal Name : HDAudio.sys Legal Copyright : © Lkaesnevv Zjjmwqnzrlk. All rights reserved. Original Filename : HDAudio.sys Product Name : Rnaiezbwr® Kksnhbr® Gswfoptcl Ulxdbd Product Version : 5.10.01.5012
VirusTotal Report submitted 2011-06-06 19:09:42
VirusShare info last updated 2012-07-25 08:44:10

	MD5	f5e904e9abf533d2feb71db8270f6077
	SHA1	73deb42cc7d75320fe14b18f476cc44c0311744c
	SHA256	5f30cbda6d52156374f03b33918a99a98267635da3e0033d7a042f39a86ba6ff
SSDeep	3072:IxILoaEUUE5m04E0MeS1dkAeH2KxoM9TCoAZfARjxos7PI:IeWLUeWeWKtBIoJxo
Size	131072 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-EI Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Gen Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.13 TrendMicro-HouseCall = TROJ_GEN.R45C2FG Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Artemis!F5E904E9ABF5 TrendMicro = TROJ_GEN.R45C2FG Microsoft = Trojan:Win32/Vundo PCTools = Trojan.Gen McAfee = Artemis!F5E904E9ABF5 F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-EI eSafe = Win32.TRVundo AVG = Generic22.BKGL Symantec = Trojan.Gen GData = Gen:Variant.Vundo.13 TheHacker = Trojan/Kryptik.lxf BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:09:29 14:44:39-04:00 PE Type : PE32 Linker Version : 5.12 Code Size : 69632 Initialized Data Size : 94208 Uninitialized Data Size : 0 Entry Point : 0xdefe OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.5512 Product Version Number : 5.1.2600.5512 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Bxufqhusc Lsyvnozowtk File Description : USB Miniport Driver for Input Devices File Version : 5.1.2600.5512 (xpsp.080413-2108) Internal Name : HIDUSB.SYS Legal Copyright : © Kkwhopsnl Rujmohcknfq. All rights reserved. Original Filename : HIDUSB.SYS Product Name : Fzvycrpqx® Lpjnpml® Lkuzhsgyu Aezppw Product Version : 5.1.2600.5512
VirusTotal Report submitted 2011-07-04 08:59:30
VirusShare info last updated 2012-07-25 08:44:45

	MD5	f90f7cd0574a7e904c6b5dfa5182e413
	SHA1	07a689f0ae038c8b63485cf1b1b533dff7dd2539
	SHA256	84144b4fc9a73a9266c0c187aee629c2c9d6e51a090cd52c7055f282974f8641
SSDeep	1536:U4lAwSC/UXuY28bQJjml9I3k3lQ36QDkUP:Uzwx8b20QJj83lQ39k
Size	49664 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:MalOb-GH Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Gen Panda = Trj/CI.A K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_GEN.R72C2FI Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Artemis!F90F7CD0574A TrendMicro = TROJ_GEN.R72C2FI Microsoft = Trojan:Win32/Vundo.gen!AV ViRobot = Trojan.Win32.Vundo.49664 PCTools = Trojan.Gen McAfee = Artemis!F90F7CD0574A F-Secure = Trojan.Generic.6136920 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-GH AVG = Generic22.CLHF Symantec = Trojan.Gen GData = Trojan.Generic.6136920 TheHacker = Trojan/Kryptik.ocu BitDefender = Trojan.Generic.6136920 NOD32 = a variant of Win32/Kryptik.OCU
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2004:08:16 10:16:46-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 40960 Initialized Data Size : 49152 Uninitialized Data Size : 0 Entry Point : 0xaeb1 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2001.12.4414.258 Product Version Number : 3.0.0.4414 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Windows, Latin1 Company Name : Yzwibhlqj Ewifvhxbtkz File Description : Simple Kernel-mode File-based Log File Version : 2001.12.4414.258 Internal Name : txflog.sys Legal Copyright : Copyright (C) Microsoft Corp. 1995-1999 Legal Trademarks : Qfvwqsgxa(R) is a registered trademark of Ighyzngxg Psbzwdzhbpn. Pbnyczd(TM) is a trademark of Zlpagiibr Klpywuagrfb Product Name : COM Services Product Version : 03.00.00.4414
VirusTotal Report submitted 2011-07-04 18:05:26
VirusShare info last updated 2012-07-25 08:49:02

	MD5	f9b529095109b27a505955bba0848cae
	SHA1	1dd4a78c276ba53a7054218cc6b06990c5b482c7
	SHA256	17340c3f7e0cbba9ca34f7bf218cac9b5e6f0856053c225b1a52da71d7a78f80
SSDeep	6144:+twkvAAF7R68zr7P3PM0doI+PDHgP4HWCcugv7ND3jhLI6OujqiNuKHKU6h:+tXvAAd5zr7P3PM0oPbgMWCav7JzhLTc
Size	389901 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Riern.1.12 Avast = Win32:Kryptik-CCN [Trj] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Pirminay.389901 Panda = Trj/CI.A nProtect = Gen:Variant.Riern.1 VirusBuster = Trojan.Riern!Eo3fiUdDrD8 Comodo = TrojWare.Win32.Trojan.Agent.Gen Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Generic.dx!bacc Kaspersky = Trojan.Win32.Pirminay.gom McAfee = Generic.dx!bacc F-Secure = Gen:Variant.Riern.1 Avast5 = Win32:Vundo-JU [Trj] AVG = SHeur3.CDCC Norman = W32/Obfuscated.L Sophos = Mal/Ponmocup-A Symantec = WS.Reputation.1 GData = Gen:Variant.Riern.1 BitDefender = Gen:Variant.Riern.1
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:06:25 16:05:36-04:00 PE Type : PE32 Linker Version : 5.12 Code Size : 69632 Initialized Data Size : 614400 Uninitialized Data Size : 0 Entry Point : 0xddde OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.2600.5512 Product Version Number : 6.0.2600.5512 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Dlozeiwtr Hvxdksyfapd File Description : Eofljwvvl FE Character Set Conversion Library File Version : 6.0.2600.5512 (xpsp.080413-0852) Internal Name : festrcnv.dll Legal Copyright : © Rfgfrzksg Zcwgszpoewv. All rights reserved. Original Filename : festrcnv.dll Product Name : Internet Information Services Product Version : 6.0.2600.5512
VirusTotal Report submitted 2011-08-14 08:13:48
VirusShare info last updated 2012-07-25 08:49:56

	MD5	f9c6229740b80f63144221c3a7665b5e
	SHA1	18e3b0ac0d3d436d6a8decfbecbb710a5ab95754
	SHA256	08fdb317240ae02bd142b14d183fb54676afafde3fa5ebfd5d4cd1f6c341be25
SSDeep	1536:U4s8wSC/UXuY28bQJjml9I3k3lQ36QDkUy:Uwwx8b20QJj83lQ39k
Size	49664 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:MalOb-GH Ikarus = Trojan.Win32.Pirminay Panda = Suspicious file nProtect = Trojan/W32.Small.49664.EE K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!QhWXVNy/xNk eTrust-Vet = Win32/Vundo.A!generic TrendMicro-HouseCall = TROJ_GEN.R72C2FJ Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] DrWeb = Trojan.WinSpy.1071 TrendMicro = TROJ_GEN.R72C2FJ Microsoft = Trojan:Win32/Vundo.gen!AV ViRobot = Trojan.Win32.Vundo.49664 F-Secure = Trojan.Generic.6323709 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-GH AVG = Generic23.OO GData = Trojan.Generic.6323709 TheHacker = Trojan/Kryptik.ocu BitDefender = Trojan.Generic.6323709 NOD32 = a variant of Win32/Kryptik.OCU
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2004:08:16 10:16:46-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 40960 Initialized Data Size : 49152 Uninitialized Data Size : 0 Entry Point : 0xaeb1 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2001.12.4414.258 Product Version Number : 3.0.0.4414 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Windows, Latin1 Company Name : Yzwibhlqj Ewifvhxbtkz File Description : Simple Kernel-mode File-based Log File Version : 2001.12.4414.258 Internal Name : txflog.sys Legal Copyright : Copyright (C) Microsoft Corp. 1995-1999 Legal Trademarks : Qfvwqsgxa(R) is a registered trademark of Ighyzngxg Psbzwdzhbpn. Pbnyczd(TM) is a trademark of Zlpagiibr Klpywuagrfb Product Name : COM Services Product Version : 03.00.00.4414
VirusTotal Report submitted 2011-07-22 22:05:11
VirusShare info last updated 2012-07-25 08:50:01

	MD5	fb02f78e8413f8aeb4dac7f15c01a87e
	SHA1	7fce08b0dc3afb718f8ee06ed63f646e80782225
	SHA256	4ccce67212b368b8cd904f28fffcf33052e1f963dbe4a2d2f3a60e77a593da69
SSDeep	6144:IZKTCDjPmESoRDswAaOtrGHzBFBb0RBJXsgiGU3nEcN6zgti4aUTG8m7HB:GKqyTX/1CBFBb0RD1L0n/tNDm9
Size	353183 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.11.16 Avast = Win32:Dropper-gen [Drp] Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Pirminay.353183 Panda = Trj/CI.A nProtect = Gen:Variant.Riern.1 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!/uuunvRnHlc TrendMicro-HouseCall = TROJ_GEN.R21C2F3 Comodo = TrojWare.Win32.Trojan.Agent.Gen Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Heuristic.BehavesLike.Win32.Downloader.H TrendMicro = TROJ_GEN.R21C2F3 Kaspersky = Trojan.Win32.Pirminay.gwb Microsoft = TrojanDownloader:Win32/Ponmocup.A PCTools = Trojan.Milicenso Jiangmin = Trojan/Pirminay.xh McAfee = Generic Downloader.x!fys F-Secure = Gen:Variant.Riern.1 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Dropper-gen [Drp] F-Prot = W32/Ponmocup.A.gen!Eldorado AVG = Generic22.AFVT Norman = W32/Obfuscated.L Symantec = Trojan.Milicenso GData = Gen:Variant.Riern.1 Commtouch = W32/Ponmocup.A.gen!Eldorado TheHacker = Trojan/Pirminay.gjb BitDefender = Gen:Variant.Riern.1 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:04:24 15:26:31-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 40960 Initialized Data Size : 614400 Uninitialized Data Size : 0 Entry Point : 0x6ea7 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.6914.0 Product Version Number : 6.1.6914.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 1 Language Code : English (U.S.) Character Set : Unicode Company Name : SEIKO EPSON CORPORATION File Description : EPSON Printer Driver File Version : 6.1.6914.0 (fbl_dox_dev_ihvs.081001-2123) Internal Name : ep0lvr1i.dll Legal Copyright : Copyright (c) SEIKO EPSON CORPORATION 2003-2004. All rights reserved. Original Filename : ep0lvr1i.dll Product Name : EPSON Printer Driver Product Version : 6.1.6914.0
VirusTotal Report submitted 2011-08-19 04:06:33
VirusShare info last updated 2012-07-25 08:51:35

	MD5	fcd901b0c5066ef084ac70a95b7e104e
	SHA1	d6d61571ae175564501bfc5548120936b39a1f18
	SHA256	b34386bcb07350f0a8ef13824555314635156ea4c89ccd8463cb2ffefa8901f2
SSDeep	6144:US5cLKGt4vobsCJtivQXN5CF19QcGpMb24VZEPDItBk5FjuUU1:UG9GFYqjCFYcUg2IZEPctBwFjuU2
Size	364852 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Pirminay.bvt Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan-Downloader.Win32.Ponmocup AhnLab-V3 = Trojan/Win32.Pirminay Panda = Suspicious file nProtect = Trojan.Generic.KDV.118065 K7AntiVirus = Trojan VBA32 = SScope.Trojan.Pirminay.chc TrendMicro-HouseCall = TROJ_GEN.R47C2AL Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Pirminay.bwd McAfee-GW-Edition = Generic Downloader.x!eif TrendMicro = TROJ_GEN.R47C2AL Kaspersky = Trojan.Win32.Pirminay.bwd Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = PossibleThreat PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.hx McAfee = Generic Downloader.x!eif VIPRE = Trojan.Win32.Generic!BT Prevx = Medium Risk Malware Avast5 = Win32:Malware-gen AVG = Generic20.CAOV Norman = W32/Obfuscated.L Sophos = Mal/Ponmocup-A Symantec = Trojan.Gen GData = Trojan.Generic.KDV.118065 TheHacker = Trojan/Kryptik.jzc BitDefender = Trojan.Generic.KDV.118065 NOD32 = probably a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2004:11:24 15:42:57-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 348160 Initialized Data Size : 323584 Uninitialized Data Size : 0 Entry Point : 0x5531c OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Associated Device Presence Proxy Dll File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : IPBusEnumProxy Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : IPBusEnumProxy.dll Product Name : Microsoft® Windows® Operating System Product Version : 6.1.7600.16385
VirusTotal Report submitted 2011-05-25 19:40:51
VirusShare info last updated 2012-07-25 08:53:44

	MD5	fd4b87d54ea3f3ab7491689a087f9ea3
	SHA1	6f0694f0faf79c2c446c0e89bc4018d1d4a5c846
	SHA256	82c8d02cac64593a2983c3ddace646b182551de4352f88553022ec364e62d7cd
SSDeep	1536:5PGz7YWr6byioTNntIiCG/0G6XijYVLERpK2iKAXM3QGoE4C/1tJ:EYWetVGwXiTfQGovC/fJ
Size	114176 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.AV.572 Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/Win32.Monder.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.FakeAV Panda = Trj/Genetic.gen nProtect = Trojan/W32.Monder.114176.P K7AntiVirus = Trojan VirusBuster = Trojan.Monder!p3dQslFU3Ek TrendMicro-HouseCall = TROJ_GEN.R47C2FG Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Generic.dx!zuk DrWeb = Trojan.Virtumod.9851 TrendMicro = TROJ_GEN.R47C2FG Kaspersky = Trojan.Win32.Monder.drjy Microsoft = Trojan:Win32/Vundo Fortinet = W32/Dx.ZUK!tr PCTools = Trojan.Gen Jiangmin = Trojan/Monder.aamm McAfee = Generic.dx!zuk F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-EI [Cryp] F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.CFBI Norman = Monder.M Sophos = Mal/Generic-L Symantec = Trojan.Gen GData = Gen:Variant.Vundo.13 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.lxf BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:06:17 01:37:32-04:00 PE Type : PE32 Linker Version : 5.12 Code Size : 57344 Initialized Data Size : 102400 Uninitialized Data Size : 0 Entry Point : 0xafd6 OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 9.0.32.3 Product Version Number : 9.0.32.3 File Flags Mask : 0x003f File Flags : Pre-release File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 6 Language Code : English (U.S.) Character Set : Unicode Company Name : Marvell File Description : NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller File Version : 9.0.32.3 built by: WinDDK Internal Name : YK60X86.sys Legal Copyright : ©Copyright 2002-2006 Marvell®. All rights reserved. Original Filename : YK60X86.sys Product Name : Marvell Yukon Ethernet Controller Product Version : 9.0.32.3
VirusTotal Report submitted 2011-07-23 05:14:56
VirusShare info last updated 2012-07-25 08:54:16

	MD5	fde777eab2b8442ba6890e68f5354120
	SHA1	f17e32a52f1923b1583999be7dfab7637fb61971
	SHA256	2b97642d9d2a5c4ff435d057ae385e2da8313dc10e27e2f1efc892d6ffe33d7c
SSDeep	1536:aPGz7YSF65wCiiTNqLtQjeGp7G6XijYZLERpK2iKAXM3QGotvC/1tJ:/YSQ2hRqKG5Xi3fQGohC/fJ
Size	114176 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.AV.572 Avast = Win32:MalOb-EI Antiy-AVL = Trojan/Win32.Monder.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.13 TrendMicro-HouseCall = TROJ_GEN.R30C2G1 CAT-QuickHeal = Trojan.Monder.drjy McAfee-GW-Edition = Vundo!ja DrWeb = Trojan.Virtumod.9851 TrendMicro = TROJ_GEN.R30C2G1 Kaspersky = Trojan.Win32.Monder.drjy Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Monder.DRJY!tr Jiangmin = Trojan/Monder.aamm McAfee = Vundo!ja F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-EI AVG = Generic22.CFBI Norman = Monder.M GData = Gen:Variant.Vundo.13 TheHacker = Trojan/Kryptik.lxf BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:06:17 01:37:32-04:00 PE Type : PE32 Linker Version : 5.12 Code Size : 57344 Initialized Data Size : 102400 Uninitialized Data Size : 0 Entry Point : 0xafd6 OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 9.0.32.3 Product Version Number : 9.0.32.3 File Flags Mask : 0x003f File Flags : Pre-release File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 6 Language Code : English (U.S.) Character Set : Unicode Company Name : Marvell File Description : NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller File Version : 9.0.32.3 built by: WinDDK Internal Name : YK60X86.sys Legal Copyright : ©Copyright 2002-2006 Marvell®. All rights reserved. Original Filename : YK60X86.sys Product Name : Marvell Yukon Ethernet Controller Product Version : 9.0.32.3
VirusTotal Report submitted 2011-07-04 10:44:12
VirusShare info last updated 2012-07-25 08:54:54

	MD5	fe0ecbf5810b6b1cb053544eb5e874bc
	SHA1	41aa11f0485607ac71dbb994319dda8c47b7361c
	SHA256	e42504b48b18750ee602ca87dde4362dd727a696d9a4503a5e55915f9c2f7f14
SSDeep	1536:1Dxiw4WdS9wBmTlNJ6qUEDCOUCs4uT69LCyP1Jh015Q1:1Ew4lrlNxUEDlsd69LYTQ1
Size	81920 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.307200 Avast = Win32:MalOb-EI Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Gen Panda = Generic Trojan nProtect = Gen:Variant.Vundo.5 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!o0N2M9FvYCo TrendMicro-HouseCall = TROJ_GEN.R47C1FH Comodo = UnclassifiedMalware McAfee-GW-Edition = Vundo!ix TrendMicro = TROJ_GEN.R47C1FH Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Virtum!tr PCTools = Trojan.Gen McAfee = Vundo!ix F-Secure = Trojan.Vundo.5085 VIPRE = Virtumonde Avast5 = Win32:MalOb-EI F-Prot = W32/Virtumonde.CD.gen!Eldorado AVG = Generic22.BPAX Norman = W32/Suspicious_Gen2.MWJVQ Sophos = Troj/Virtum-Gen Symantec = Trojan.Gen GData = Trojan.Vundo.5085 Commtouch = W32/Virtumonde.CD.gen!Eldorado TheHacker = Trojan/Kryptik.ndi BitDefender = Trojan.Vundo.5085 NOD32 = a variant of Win32/Kryptik.NDI
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:08:10 15:31:04-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 24576 Initialized Data Size : 90112 Uninitialized Data Size : 0 Entry Point : 0x3815 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 0.3.0.0 Product Version Number : 5.2.3790.1224 File Flags Mask : 0x003f File Flags : Private build File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 1 Language Code : English (U.S.) Character Set : Unicode Company Name : Iskevzody Eejmjfkekcs File Description : Canon BJ Mini Printer Driver File Version : 5.2.3790.1224 (dnsrv(skatari).040514-1058) Internal Name : CNB600.DLL Legal Copyright : © Cddkrpwvz Xjuqvqpjlue. All rights reserved. Original Filename : CNB600.DLL Product Name : Dqxhvjrid® Xonmayd® Xxmgojpla Ewipwc Product Version : 5.2.3790.1224
VirusTotal Report submitted 2011-06-28 04:35:08
VirusShare info last updated 2012-07-25 08:55:06

	MD5	ffe8c66b9b5f60e2abb670a832b368f2
	SHA1	f5ecf01f9a7daad367262f2d3bb040b896630e5e
	SHA256	62191d8fa07eaf233f623e12534113ce3e4adfea7c6e62c11ef7ac4db36b7ce5
SSDeep	6144:2jON4bmgCdzmzjxdzbqOelTiiwOxNzJZbqDRBXDKPS254YLiViutRGncoSuWj3c:2j0JgOAzbqOelnw4zT0RBXD2Es2GnDJb
Size	348562 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.11.25 Avast = Win32:Adware-gen Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/CI.A nProtect = Trojan/W32.Vundo.348562 K7AntiVirus = Virus VBA32 = Trojan.Pirminay.hte TrendMicro-HouseCall = TROJ_GEN.R01C2F7 Comodo = TrojWare.Win32.Trojan.Agent.Gen CAT-QuickHeal = Trojan.Pirminay.hsp McAfee-GW-Edition = Generic.dx!zue DrWeb = Trojan.DownLoader3.7752 TrendMicro = TROJ_GEN.R01C2F7 Kaspersky = Trojan.Win32.Pirminay.hsp Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Pirminay.A!tr McAfee = Generic.dx!zue F-Secure = Gen:Variant.Vundo.11 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Adware-gen eSafe = Win32.GenVariant.Vun F-Prot = W32/Skintrim.1!Generic AVG = SHeur3.CBXK Norman = W32/Obfuscated.L Sophos = Mal/Ponmocup-A GData = Gen:Variant.Vundo.11 Commtouch = W32/Skintrim.1!Generic TheHacker = Trojan/Pirminay.hsp BitDefender = Gen:Variant.Vundo.11 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:14 10:20:59-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 8192 Initialized Data Size : 663552 Uninitialized Data Size : 0 Entry Point : 0x2b56 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.5512 Product Version Number : 5.1.2600.5512 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Orzyenpel Xtdajxndrrn File Description : Aslqcsjhz PCHealth Service Holder File Version : 5.1.2600.5512 (xpsp.080413-2108) Internal Name : PCHSVC.DLL Legal Copyright : © Microsoft Rgjyunmsgcp. All rights reserved. Original Filename : PCHSVC.DLL Product Name : Fmbabfvdm® Iixdbrb® Tkboialdb Hntwzo Product Version : 5.1.2600.5512
VirusTotal Report submitted 2011-06-18 01:54:31
VirusShare info last updated 2012-07-25 08:56:56

	MD5	047aa161639aa6729ec5c63b7ca1c065
	SHA1	f1903693d0d8139dad6159164b525ee5ff07e948
	SHA256	99b328f23f25a199e68a544a0b5a0e050fe8cb605ecf1a7ae62f8e0b8cf4837b
SSDeep	6144:4gBj1PQmUcwt+6j9c5AmI6vYzvzkZ+HxKc72Rzm4nK/gHuCNrNLDvtCfQkTzLF:4jm3sigvKc7b4KSrJMfQyF
Size	397312 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:Vundo-JU [Trj] Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Pirminay.397312.E Panda = Generic Trojan nProtect = Trojan/W32.Agent.397312.GI K7AntiVirus = Trojan VirusBuster = Trojan.Pirminay!faich/lQYeA VBA32 = Trojan.Pirminay.ewl eTrust-Vet = Win32/Renos.CKJ TrendMicro-HouseCall = TROJ_GEN.R4FC2EI Emsisoft = Trojan.Win32.Pirminay!IK Comodo = TrojWare.Win32.Trojan.Agent.Gen SUPERAntiSpyware = Trojan.Agent/Gen-Falleg[RE] McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.Hosts.4380 TrendMicro = TROJ_GEN.R4FC2EI Kaspersky = Trojan.Win32.Pirminay.ewl Microsoft = TrojanDownloader:Win32/Renos.KC Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Milicenso Jiangmin = Trojan/Pirminay.sb McAfee = Generic Malware.ms ClamAV = Trojan.Agent-248226 F-Secure = Trojan.Generic.6133660 VIPRE = Trojan.Win32.Generic!BT AVG = Generic22.CP Norman = W32/Obfuscated.L Sophos = Troj/Virtum-Gen Symantec = Trojan.Milicenso GData = Trojan.Generic.6133660 TheHacker = Trojan/Pirminay.ewl BitDefender = Trojan.Generic.6133660 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:12:11 03:47:40-05:00 PE Type : PE32 Linker Version : 5.12 Code Size : 20480 Initialized Data Size : 733184 Uninitialized Data Size : 0 Entry Point : 0x2453 OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6001.18000 Product Version Number : 6.0.6001.18000 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Nlrynqulr Rlbmthudbfl File Description : Ncegmicnw Neutral Natural Language Server Data and Code File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840) Internal Name : NlsData0010 Legal Copyright : © Qucqiszdn Egyauyqhitv. All rights reserved. Original Filename : NlsData0010.dll Product Name : Xgcwjlkoi® Sxgwevq® Lmodrtvqu Psztqc Product Version : 6.0.6001.18000
VirusTotal Report submitted 2011-11-15 06:49:00
VirusShare info last updated 2012-07-25 08:58:20

	MD5	0b2090c01d9c5b75ba263104f82ab42f
	SHA1	2bc6fba826a8404cf4aa4e50022610cfdd138279
	SHA256	720ac823f922dc45098562bc8dacc75bda500d6b0c7651a76fbf30504c4cbe14
SSDeep	3072:ojbgxfuyNagtv7EII/Z7ztJvIvdPHqhZQjW+JJP0VO1hyEY0KEqA5V49RzKdhJDJ:oj+fnb7GLmuQ
Size	149504 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.AV.576 Avast = Win32:MalOb-GD [Cryp] Antiy-AVL = Trojan/Win32.Agent.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Vundo Panda = Generic Trojan nProtect = Trojan/W32.Vundo.149504 K7AntiVirus = Riskware VirusBuster = Trojan.Monder.Gen.6 eTrust-Vet = Win32/Vundo.HQN TrendMicro-HouseCall = TROJ_GEN.R72C2EB Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Vundo!kj DrWeb = Trojan.Smardec.60 TrendMicro = TROJ_GEN.R72C2EB Kaspersky = Trojan.Win32.Monder.drjy Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr Jiangmin = Trojan/Agent.eusf McAfee = Vundo!kj F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CC.gen!Eldorado AVG = Generic22.APSW Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen Symantec = WS.Reputation.1 GData = Gen:Variant.Vundo.4 Commtouch = W32/Virtumonde.CC.gen!Eldorado TheHacker = Trojan/Agent.hqlc BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Adware.Virtumonde.NHL
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:04:03 21:19:31-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 81920 Initialized Data Size : 106496 Uninitialized Data Size : 0 Entry Point : 0x14441 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 0.2.2.3 Product Version Number : 0.2.2.2 File Flags Mask : 0x003f File Flags : (none) File OS : Windows 16-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : Arabic Character Set : Unicode Company Name : Brother Industries,Ltd. File Description : ‎‎Brother PortMonitor الخاص بـ MFC File Version : 2.23 Internal Name : brmfpmon.dll Legal Copyright : Copyright (C) Brother Industries,Ltd. 2000-2006 Original Filename : brmfpmon.dll Product Name : مراقبة المنفذ لـ Brother MFC Product Version : 2.23
VirusTotal Report submitted 2011-11-15 10:34:26
VirusShare info last updated 2012-07-25 09:01:01

	MD5	1c6395172ca67f213bee198d8f9fc767
	SHA1	588391344af5a117e243bfbdd2b27ca855252e29
	SHA256	6d7b2e467f90756b68c32f9b57b85ddbe168a1dd323d013363b114db9cb29c8d
SSDeep	3072:ojbg6fhyNagtO7EBIh57ztJvIvdPHqhZYgW+JJP0VO1hyEY0KEqA5V49RzKdhJDJ:ojhfeK7jZmuL
Size	149504 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.AV.576 Avast = Win32:MalOb-GD [Cryp] Antiy-AVL = Trojan/Win32.Agent.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Vundo Panda = Generic Trojan nProtect = Trojan/W32.Vundo.149504 K7AntiVirus = Riskware VirusBuster = Trojan.Monder.Gen.6 eTrust-Vet = Win32/Vundo.HQN TrendMicro-HouseCall = TROJ_MNDR.SMUT Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Vundo!ke DrWeb = Trojan.Smardec.60 TrendMicro = TROJ_MNDR.SMUT Kaspersky = Trojan.Win32.Monder.drjy Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr Jiangmin = Trojan/Agent.eusf McAfee = Vundo!ke F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CC.gen!Eldorado AVG = Generic22.CICI Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Commtouch = W32/Virtumonde.CC.gen!Eldorado TheHacker = Trojan/Agent.hqlc BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Adware.Virtumonde.NHL
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:04:03 21:19:31-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 81920 Initialized Data Size : 106496 Uninitialized Data Size : 0 Entry Point : 0x14441 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 0.2.2.3 Product Version Number : 0.2.2.2 File Flags Mask : 0x003f File Flags : (none) File OS : Windows 16-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : Arabic Character Set : Unicode Company Name : Brother Industries,Ltd. File Description : ‎‎Brother PortMonitor الخاص بـ MFC File Version : 2.23 Internal Name : brmfpmon.dll Legal Copyright : Copyright (C) Brother Industries,Ltd. 2000-2006 Original Filename : brmfpmon.dll Product Name : مراقبة المنفذ لـ Brother MFC Product Version : 2.23
VirusTotal Report submitted 2011-11-15 15:05:23
VirusShare info last updated 2012-07-25 09:06:39

	MD5	1eb236e696e59a76f352a2050413bd9c
	SHA1	82ba8b62c64ebd76dcd560624a1930e832c1d72f
	SHA256	f72833de1be918cc772773e2a17201a9af781a1bac19f5025f0028d1a79f648b
SSDeep	3072:qV8A8Me7T/nGwOnfSVORTN1hCXn1wMwHyaXnTcRJGRVwqIFnxteIPRZZ5l83s:qVmMe7awjVfwMwpRarCIz23
Size	150016 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:MalOb-GD [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.HDC Panda = Generic Trojan K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!9PPWovlPXc8 TrendMicro-HouseCall = TROJ_GEN.R72C2G7 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.WinSpy.1313 TrendMicro = TROJ_GEN.R72C2G7 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr Jiangmin = Trojan/Generic.gdwr McAfee = Generic Malware.ms F-Secure = Gen:Heur.Ranpax.1 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.DRF Norman = W32/Kryptik.AIF Sophos = Mal/Generic-L GData = Gen:Heur.Ranpax.1 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.ndf BitDefender = Gen:Heur.Ranpax.1 NOD32 = a variant of Win32/Kryptik.NDF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2007:02:25 23:57:15-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 139264 Initialized Data Size : 53248 Uninitialized Data Size : 0 Entry Point : 0x22691 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Sqdxuwjyv Jtzvdxwxyfz File Description : RD Gateway QEC File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : tsgqec.dll Legal Copyright : © Pfsomcmvl Jfkoqfylawb. All rights reserved. Original Filename : tsgqec.dll Product Name : Qidllkosj® Windows® Mphwnomth Jumiqu Product Version : 6.1.7600.16385
VirusTotal Report submitted 2011-11-15 15:40:04
VirusShare info last updated 2012-07-25 09:07:23

	MD5	1f72c229135e89051aab657267ea51db
	SHA1	f86a1230ad21eb087d11648aa6f865404657fbf9
	SHA256	92906acd35b59ab8cfe9a68adab37c4adfb198f9496ee6ebb480f9ed4e85d921
SSDeep	3072:q3f+eks/YdLaJ+JZvlKMqqDLy/4qtKhKTVWgD:O+FFvLqqDLu4qAhp
Size	139264 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-HF [Cryp] Antiy-AVL = Trojan/Win32.Monder.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Generic Trojan nProtect = Gen:Variant.Vundo.13 K7AntiVirus = Riskware VirusBuster = Trojan.Monder!qDCEepQPwFE eTrust-Vet = Win32/Monder.A!generic TrendMicro-HouseCall = TROJ_GEN.R4FC1K5 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.Virtumod.10341 TrendMicro = TROJ_GEN.R4FC1K5 Kaspersky = Trojan.Win32.Monder.drjy Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Monder.aaml McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.13 VIPRE = Virtumonde F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.HDO Sophos = Troj/Virtum-Gen Symantec = Trojan.Gen GData = Gen:Variant.Vundo.13 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Monder.drjy BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:11:03 22:58:19-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 61440 Initialized Data Size : 118784 Uninitialized Data Size : 0 Entry Point : 0xb516 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Inhxbzzft Twqasxcwcww File Description : IPv6 Ping Command File Version : 5.1.2600.0 (zzqppjqk.010817-1148) Internal Name : ping6.exe Legal Copyright : © Ndhddwcyo Cmixpmfxrzi. All rights reserved. Original Filename : ping6.exe Product Name : Ekbbnadyl® Ulttupe® Csiuiaaix Ysmjro Product Version : 5.1.2600.0
VirusTotal Report submitted 2011-11-15 15:52:00
VirusShare info last updated 2012-07-25 09:07:40

	MD5	35c5da8537ca04c1efec5d828bd85296
	SHA1	108e52f570ccafcd7846b6bee700180f38af0b28
	SHA256	facd07e963be2c76765db828dd1e3472c4b35b2e06970c7fa45de159dbc42133
SSDeep	12288:m+kdOPWLXkTK1nWoYEcNLEHX4LFkhSVkuVGX:mLgDKB/lvXs2X
Size	475532 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:Trojan-gen Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/CI.A K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!6obbGLky9B8 TrendMicro-HouseCall = TROJ_GEN.R72C2EV Comodo = TrojWare.Win32.Trojan.Agent.Gen Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.DownLoader3.33663 TrendMicro = TROJ_GEN.R72C2EV Kaspersky = Trojan.Win32.Pirminay.icl Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.ze McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.11 VIPRE = Trojan.Win32.Generic!BT AVG = Generic22.BCXF Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen Symantec = Trojan.Gen GData = Gen:Variant.Vundo.11 TheHacker = Trojan/Pirminay.how BitDefender = Gen:Variant.Vundo.11 NOD32 = a variant of Win32/Kryptik.NHO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:08 05:39:28-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 45056 Initialized Data Size : 839680 Uninitialized Data Size : 0 Entry Point : 0x876b OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 2 Language Code : Neutral Character Set : Unicode Company Name : Jbvbailol Ljlvvsrnhbz File Description : Yakut - Russia Keyboard Layout File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : kbdyak (3.13) Legal Copyright : © Kkfudtdqm Dllwpylpvtu. All rights reserved. Original Filename : kbdyak.dll Product Name : Pkwnsfvru® Jabbilg® Oplnuaelg Sbjymf Product Version : 6.1.7600.16385
VirusTotal Report submitted 2011-11-15 22:26:07
VirusShare info last updated 2012-07-25 09:14:58

	MD5	36a5c62f792be3c2a4470e138cfc1073
	SHA1	fbbe92e95e72a648fa469d8625617e4b7e66a67c
	SHA256	05769104c59445b8a01029554436ca0d55c62efc5bc9ba583eac2ebe3c13300f
SSDeep	6144:G59cHU9rkK9OyRA+8ic3+ibKwLKxXYxPj1tHi9dT3fQIfKczf9Ye3r2ZHnKFA02g:VHiky/XwGexPj1tC5VKwYe3rKnGXVgha
Size	372736 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Pirminay.ggy.1 Avast = Win32:Downloader-GWW [Trj] Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Pirminay.372736.U Panda = Generic Trojan Rising = Trojan.Win32.Generic.1286DAA4 nProtect = Trojan/W32.Agent.372736.KH K7AntiVirus = Trojan VirusBuster = Trojan.Pirminay!xsQtNAFQJP0 TrendMicro-HouseCall = TROJ_GEN.R31C2EJ Comodo = TrojWare.Win32.Trojan.Agent.Gen Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[RE] McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.DownLoader2.48770 TrendMicro = TROJ_GEN.R31C2EJ Kaspersky = Trojan.Win32.Pirminay.ggy Microsoft = TrojanDownloader:Win32/Renos.KC Fortinet = W32/Kryptik.ANL!tr PCTools = HeurEngine.MaliciousPacker Jiangmin = Trojan/Pirminay.wm McAfee = Generic Malware.ms F-Secure = Trojan.Generic.KDV.209118 VIPRE = Trojan.Win32.Generic!BT AVG = SHeur3.BXXL Norman = W32/Kryptik.AIF Sophos = Troj/Agent-RKZ Symantec = Packed.Generic.305 GData = Trojan.Generic.KDV.209118 TheHacker = Trojan/Pirminay.ggy BitDefender = Trojan.Generic.KDV.209118 NOD32 = a variant of Win32/Kryptik.NHM
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2004:02:09 08:15:23-05:00 PE Type : PE32 Linker Version : 5.0 Code Size : 40960 Initialized Data Size : 638976 Uninitialized Data Size : 0 Entry Point : 0xae06 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.3959 Product Version Number : 5.2.3790.3959 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Fjzzcdyrw Dzetkxzxmvr File Description : Message Utility File Version : 5.2.3790.3959 (srv03_sp2_rtm.070216-1710) Internal Name : msg Legal Copyright : © Iicoozzjf Forjwfbbavb. All rights reserved. Original Filename : msg.exe Product Name : Enyittmgx® Fumkivn® Cwwuuxutf Puihbz Product Version : 5.2.3790.3959
VirusTotal Report submitted 2011-11-15 23:08:59
VirusShare info last updated 2012-07-25 09:15:14

	MD5	3c698dffdf0a1b8e7a6f458cccb092ae
	SHA1	9a5392c559142e8ce65a1385687b129bfb10d2ed
	SHA256	1ccc4d471bd284268563d713b5973bd62925a648a44f89c594bdda0f17de00d5
SSDeep	3072:PutgakeH7Atjco61sxweCrf7LTiVDfULmNbEo7jN1F:Pueak74o61yweuf4D8LmdBj
Size	120832 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-GD [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Gen Panda = Trj/CI.A nProtect = Gen:Variant.Graftor.1575 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!QM1ebVp/fzs TrendMicro-HouseCall = TROJ_GEN.R72C2FJ Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Vundo!kl DrWeb = Trojan.WinSpy.1073 TrendMicro = TROJ_GEN.R72C2FJ Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.imrk McAfee = Vundo!kl F-Secure = Trojan.Generic.6143380 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.CNGZ Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen Symantec = Trojan.Gen GData = Trojan.Generic.6143380 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.npn BitDefender = Trojan.Generic.6143380 NOD32 = a variant of Win32/Kryptik.NPN
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:14 13:39:47-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 69632 Initialized Data Size : 94208 Uninitialized Data Size : 0 Entry Point : 0x11a81 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1.3.0.3130 Product Version Number : 1.3.0.3130 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Jywyluocc Vhpbrgajfmp File Description : TDC ActiveX Control File Version : 1, 3, 0, 3130 Internal Name : TDC Legal Copyright : Copyright © 1996, 1997 Original Filename : TDC.OCX Product Name : Tabular Data Control Product Version : 1, 3, 0, 3130
VirusTotal Report submitted 2011-11-16 01:05:26
VirusShare info last updated 2012-07-25 09:17:11

	MD5	3e7753bf55dfa46d5cc866e17d504c9d
	SHA1	148426442c3e6bc8600385cddde5ccd8b3ce0f2b
	SHA256	712098ddac8a7bb03d608cb8a3059758f8ec5276185848ef0e85964cf9636108
SSDeep	3072:BclRaklH7xtjloasAxweCrf79Ti4FfULmbbEo7jT1F:BcHakBBoasmweuV9F8LmvBx
Size	120832 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-GD [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Gen Panda = Trj/CI.A nProtect = Gen:Variant.Graftor.1575 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!KRSZBrE8/QE TrendMicro-HouseCall = TROJ_GEN.R72C2FR Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Vundo!kl DrWeb = Trojan.WinSpy.1073 TrendMicro = TROJ_GEN.R72C2FR Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.imrk McAfee = Vundo!kl F-Secure = Trojan.Generic.6246240 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.CPOX Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen Symantec = Trojan.Gen GData = Trojan.Generic.6246240 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.npn BitDefender = Trojan.Generic.6246240 NOD32 = a variant of Win32/Kryptik.NPN
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:14 13:39:47-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 69632 Initialized Data Size : 94208 Uninitialized Data Size : 0 Entry Point : 0x11a81 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1.3.0.3130 Product Version Number : 1.3.0.3130 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Jywyluocc Vhpbrgajfmp File Description : TDC ActiveX Control File Version : 1, 3, 0, 3130 Internal Name : TDC Legal Copyright : Copyright © 1996, 1997 Original Filename : TDC.OCX Product Name : Tabular Data Control Product Version : 1, 3, 0, 3130
VirusTotal Report submitted 2011-11-16 01:46:24
VirusShare info last updated 2012-07-25 09:17:50

	MD5	42a3901c7d8641527072ffdd89915a84
	SHA1	f464acb91e95c8594c35091123c4bfa531d72d81
	SHA256	cddd0b0254262c5c1e880161d9fcc8756952b715e40e78f5ae295a36006a0c25
SSDeep	1536:/448LKqH5W+Nm3unr3ATfTFTo/37VszBNo7unlPkkkVi4rSjxB+1Tgjp2K:/Z0KGNNm3u7w5M+3oylPoAj9w
Size	110592 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:MalOb-HH [Cryp] Ikarus = Trojan.Win32.Pirminay Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!0vT7sX0V0NI TrendMicro-HouseCall = TROJ_GEN.R72C2F7 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[RE] McAfee-GW-Edition = Generic Malware.ms TrendMicro = TROJ_GEN.R72C2F7 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr Jiangmin = Trojan/Generic.iopt McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.BCZQ Norman = W32/Kryptik.AIF Symantec = WS.Reputation.1 GData = Gen:Variant.Vundo.4 Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.NDF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:06:23 14:57:46-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 90112 Initialized Data Size : 53248 Uninitialized Data Size : 0 Entry Point : 0x16431 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6001.18000 Product Version Number : 6.0.6001.18000 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 6 Language Code : English (U.S.) Character Set : Unicode Company Name : Vynscpnwk Qdpqwzrbrar File Description : Link-Layer Topology Mapper I/O Driver File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840) Internal Name : LLTDIO.SYS Legal Copyright : © Jgldoeybd Pyuktpugexx. All rights reserved. Original Filename : LLTDIO.SYS Product Name : Ddpxfkawy® Kdzjwwd® Qgkpqffwa Chkikl Product Version : 6.0.6001.18000
VirusTotal Report submitted 2011-11-16 03:23:02
VirusShare info last updated 2012-07-25 09:19:15

	MD5	4dd978ca5514e2ae91133a4e2cb61cf0
	SHA1	1e5728d8b7a3256f7654b395fd528010557b8773
	SHA256	798f8eca9600ed88603df742fcc0efa0417b3c099d4e1a8894a8be705da614e1
SSDeep	3072:jH7LmvTNl+tJzGQWER5wVbgO1HeLsvvklS1voA:jqpl+t1GQW5bgOp3v4M
Size	109568 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = AdWare/Win32.SuperJuan.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Gen Panda = Suspicious file nProtect = Trojan/W32.Vundo.109568.F K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!y7ZLhdtk1+M TrendMicro-HouseCall = TROJ_GEN.R72C2FH Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Generic PUP.z!gg DrWeb = Trojan.Virtumod.based.34 TrendMicro = TROJ_GEN.R72C2FH Kaspersky = not-a-virus:AdWare.Win32.SuperJuan.aczp Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Malware_fam.NB PCTools = Trojan.Gen McAfee = Generic PUP.z!gg F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.BZ.gen!Eldorado AVG = Generic22.CJKC Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen Symantec = Trojan.Gen GData = Gen:Variant.Vundo.4 Commtouch = W32/Virtumonde.BZ.gen!Eldorado BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:12:03 23:02:33-05:00 PE Type : PE32 Linker Version : 5.12 Code Size : 92160 Initialized Data Size : 52224 Uninitialized Data Size : 0 Entry Point : 0x1767d OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : Debug File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Message Utility File Version : 5.1.2600.0 (xpclient.010817-1148) Internal Name : msg Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : msg.exe Product Name : Microsoft® Windows® Operating System Product Version : 5.1.2600.0
VirusTotal Report submitted 2011-11-16 06:22:40
VirusShare info last updated 2012-07-25 09:22:49

	MD5	51b42279c3f367daa1babfe85ca87cc8
	SHA1	403e22b76389b63774d943213e7fdf7952a5dbfc
	SHA256	086c834a72997f7d26c8abb9151a02d7dd6e8ffa841b3e2353770bff13df25bb
SSDeep	3072:/E8dEZsUI0FM0qsrhG8Dug1Y6tSNmxLitqP8lRlXMqqDLy/y+QwzHuGvM7DtMD:b6e0JtCTeLheIqqDLuy
Size	180224 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-HF [Cryp] Ikarus = Trojan.Win32.Pirminay Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.13 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!3VcJ7dfoTtM eTrust-Vet = Win32/Monder.A!generic TrendMicro-HouseCall = TROJ_GEN.R4FC1K4 Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Vundo!mq TrendMicro = TROJ_GEN.R4FC1K4 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen McAfee = Vundo!mq F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.AAAI Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen Symantec = Trojan.Gen GData = Gen:Variant.Vundo.13 Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Gen:Variant.Vundo.13 NOD32 = probably a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:08:07 16:33:07-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 98304 Initialized Data Size : 126976 Uninitialized Data Size : 0 Entry Point : 0x14642 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1.0.0.6 Product Version Number : 1.0.0.6 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 1 Language Code : German Character Set : Unicode Company Name : Brother Industries LTD. File Description : File Version : 1, 0, 0, 6 (vbl_wcp_d2_drivers.060809-0623) Internal Name : brmzui03.dll Legal Copyright : Copyright © Brother Industries LTD., 2003 Original Filename : brmzui03.dll Product Name : BR HB UI Product Version : 1.00.0000.6
VirusTotal Report submitted 2011-11-16 07:23:44
VirusShare info last updated 2012-07-25 09:24:03

	MD5	5323094b3ee8c850288058938556f7e7
	SHA1	0e998e2c152d65d2fa6301f71d819906f9270c11
	SHA256	19829cddd2abdc23c316f24621d1a846e303190f71871d7d87c4e3a2c5787905
SSDeep	3072:RJbcakeH7VtjyoCxTxweCrf7dTiGmfULmObEo7jO1F:RJgak42oCxdweu1Hm8LmuBk
Size	120832 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-GD [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Gen Panda = Trj/CI.A nProtect = Gen:Variant.Graftor.1575 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!hYhAXhVsAjQ Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Vundo!kl DrWeb = Trojan.WinSpy.1073 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.imrk McAfee = Vundo!kl F-Secure = Trojan.Generic.6246644 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.BTT Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen Symantec = Trojan.Gen GData = Trojan.Generic.6246644 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.npn BitDefender = Trojan.Generic.6246644 NOD32 = a variant of Win32/Kryptik.NPN
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:14 13:39:47-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 69632 Initialized Data Size : 94208 Uninitialized Data Size : 0 Entry Point : 0x11a81 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1.3.0.3130 Product Version Number : 1.3.0.3130 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Jywyluocc Vhpbrgajfmp File Description : TDC ActiveX Control File Version : 1, 3, 0, 3130 Internal Name : TDC Legal Copyright : Copyright © 1996, 1997 Original Filename : TDC.OCX Product Name : Tabular Data Control Product Version : 1, 3, 0, 3130
VirusTotal Report submitted 2011-11-16 07:48:14
VirusShare info last updated 2012-07-25 09:24:35

	MD5	537473d0dad7869567e6269910034ded
	SHA1	337ed62fdec07334af8234c88259b3595f5a379e
	SHA256	ecd14069759a538f99a9d0a6ec1c96cc0a3f9eafdcd6516800221558fa14b5e2
SSDeep	3072:Xpag6akqH77tjVo0YOxweCrf7rTi5qfULmpbEo7jm1F:XpaZakSpo0YQweu/Uq8LmJBM
Size	120832 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-GD [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Gen Panda = Trj/CI.A nProtect = Gen:Variant.Graftor.1575 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!A9TwTHsdNdY TrendMicro-HouseCall = TROJ_GEN.R72C2H4 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Vundo!lw DrWeb = Trojan.WinSpy.1073 TrendMicro = TROJ_GEN.R72C2H4 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.imrk McAfee = Vundo!lw F-Secure = Trojan.Generic.6147241 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.CUB Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen Symantec = Trojan.Gen GData = Trojan.Generic.6147241 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.npn BitDefender = Trojan.Generic.6147241 NOD32 = a variant of Win32/Kryptik.NPN
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:14 13:39:47-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 69632 Initialized Data Size : 94208 Uninitialized Data Size : 0 Entry Point : 0x11a81 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1.3.0.3130 Product Version Number : 1.3.0.3130 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Jywyluocc Vhpbrgajfmp File Description : TDC ActiveX Control File Version : 1, 3, 0, 3130 Internal Name : TDC Legal Copyright : Copyright © 1996, 1997 Original Filename : TDC.OCX Product Name : Tabular Data Control Product Version : 1, 3, 0, 3130
VirusTotal Report submitted 2011-11-16 07:52:23
VirusShare info last updated 2012-07-25 09:24:39

	MD5	5b9ece2e5d16bdcb86e3ad8b3259991a
	SHA1	ed67dc00375486af54e06a14600c8d276ee68275
	SHA256	6f7c5d8be97aecc1f250ea3d0aba457c217146705efb5c86f6865836f609eb39
SSDeep	6144:k5cr1KeVJi95w0tsWWWgyclaV6yU2cxb/0iTU+OCKWV3OIlFaSzG9/lraHMC:k5mceVM95weqBlaLYb/njJ9gUI1aZ
Size	438601 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Spy.438876.1 Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Pirminay.438601 Panda = Trj/CI.A nProtect = Trojan/W32.Pirminay.438601 K7AntiVirus = Riskware VirusBuster = TrojanSpy.Agent!jdleA1Gsspg VBA32 = Trojan.Pirminay.fwz TrendMicro-HouseCall = TROJ_GEN.R21C2FE Emsisoft = Trojan.Win32.Pirminay!IK Comodo = TrojWare.Win32.Trojan.Agent.Gen McAfee-GW-Edition = Heuristic.BehavesLike.Win32.Downloader.H DrWeb = Trojan.Hosts.303 TrendMicro = TROJ_GEN.R21C2FE Kaspersky = Trojan.Win32.Pirminay.hlu Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Ponmocup.A PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.up McAfee = Downloader.a!bu F-Secure = Gen:Variant.Vundo.11 AVG = Generic22.JDH Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen Symantec = Trojan.Gen GData = Gen:Variant.Vundo.11 TheHacker = Trojan/Pirminay.fwy BitDefender = Gen:Variant.Vundo.11 NOD32 = a variant of Win32/Kryptik.LLT
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:02:05 19:07:07-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 110592 Initialized Data Size : 630784 Uninitialized Data Size : 0 Entry Point : 0x17e86 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : Neutral Character Set : Unicode Comments : Tablet and Ink Services and Controls Company Name : Gghjtprol Qndjcjrmbac File Description : Zxolteaja Tablet PC API Publisher Policy File Version : 6.0.6000.16386 Internal Name : Policy.1.7.Lxtqdinae.Ink.dll Legal Copyright : Copyright (c) Nwhfuhwsd Surmttcbapw. All rights reserved. Original Filename : Policy.1.7.Tgrykozkp.Ink.dll Product Name : Plhwitoxf (R) Cmnqeqr (R) Mstmglhhr Bcfqxk Product Version : 6.0.6000.16386 Assembly Version : 6.0.0.0
VirusTotal Report submitted 2011-11-16 10:41:10
VirusShare info last updated 2012-07-25 09:27:30

	MD5	6339cdf257926b1ad98b5996eba91b41
	SHA1	440e677263934c7991ce075d83c1aa766b188208
	SHA256	2904e842dad840e13a9ac7f284d5d3f5f92e507e906bef2ffd442681213dfc90
SSDeep	1536:kAVupyFe3hb9MehQ/OQMV36JhdfebbknHNM2/P23sqCW/:Ly3hb9rEO3VKhYGNM628pW/
Size	66048 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/win32.agent Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Suspicious file Rising = Trojan.Win32.Generic.124CC4EF nProtect = Trojan/W32.Vundo.66048 K7AntiVirus = Riskware VirusBuster = Trojan.Monder!mE4YortlT/A VBA32 = AdWare.SuperJuan.xhb TrendMicro-HouseCall = TROJ_GEN.R21C7J2 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Vundo!kh DrWeb = Trojan.Juan.504 TrendMicro = TROJ_GEN.R21C7J2 Kaspersky = Trojan.Win32.Monder.mtgc Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Adware/SuperJuan.gf McAfee = Vundo!kh F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.BZ.gen!Eldorado AVG = Generic25.NWI Norman = W32/Vundo.UUW Sophos = Troj/Virtum-Gen Symantec = Trojan.Gen GData = Gen:Variant.Vundo.13 Commtouch = W32/Virtumonde.BZ.gen!Eldorado BitDefender = Gen:Variant.Vundo.13 NOD32 = probably a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2004:07:20 11:10:58-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 24576 Initialized Data Size : 78336 Uninitialized Data Size : 0 Entry Point : 0x6e0d OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.3959 Product Version Number : 5.2.3790.3959 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : SENS Connectivity API DLL File Version : 5.2.3790.3959 (srv03_sp2_rtm.070216-1710) Internal Name : SensApi.dll Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : SensApi.dll Product Name : Microsoft® Windows® Operating System Product Version : 5.2.3790.3959
VirusTotal Report submitted 2011-11-18 23:38:21
VirusShare info last updated 2012-07-25 09:29:52

	MD5	6561eb9c422c0356cd7b9640d7d7ac3c
	SHA1	9405aca97182d160a8f37c3edf0a77f70eba84cd
	SHA256	51e47702e188d9950707cb53fcc075fd1f1dc39932b69906be094f382ab264e7
SSDeep	3072:Yh2an/WJjXOlksV/PNBmdFZMKN0o9WZ2efx8:vanKekIPNB6PusQ2Wx
Size	105984 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:MalOb-FA [Cryp] Antiy-AVL = Trojan/Win32.Agent.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Vundo Panda = Trj/Vundo.I nProtect = Trojan/W32.Vundo.105984.B K7AntiVirus = Trojan VirusBuster = Trojan.Agent!PAzmoqb2xWE VBA32 = Trojan.Agent.hodh eTrust-Vet = Win32/Agent.BFJ!genus TrendMicro-HouseCall = TROJ_VUNDO.SMIA Comodo = TrojWare.Win32.Agent.hodh Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Vonder McAfee-GW-Edition = Vundo!ic DrWeb = Trojan.Siggen2.26773 TrendMicro = TROJ_VUNDO.SMIA Kaspersky = Trojan.Win32.Agent.hodh Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Genome.ihm McAfee = Vundo!ic F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.BZ.gen!Eldorado AVG = Injector.AAJ Norman = W32/Kryptik.AIF Sophos = Troj/Agent-PKR Symantec = Trojan.Gen GData = Gen:Variant.Vundo.4 Commtouch = W32/Virtumonde.BZ.gen!Eldorado TheHacker = Trojan/Injector.dse BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Injector.DSE
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:02:02 03:17:08-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 57856 Initialized Data Size : 83968 Uninitialized Data Size : 0 Entry Point : 0xf06d OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1.1.4322.573 Product Version Number : 1.1.4322.573 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : netfxperf.lib File Version : 1.1.4322.573 Internal Name : netfxperf.lib Legal Copyright : Copyright (C) Microsoft Corporation 1998-2002. All rights reserved. Legal Trademarks : Microsoft and Windows are either registered trademarks or trademarks of Microsoft Corporation in the U.S. and/or other countries. Original Filename : netfxperf.lib Product Name : Microsoft (R) .NET Framework Product Version : 1.1.4322.573 Comments : Microsoft .NET Framework build environement is Retail. SafeSync counter=0
VirusTotal Report submitted 2011-11-16 13:20:11
VirusShare info last updated 2012-07-25 09:30:36

	MD5	6659aa5acdc3197777565ee498d5c9ed
	SHA1	e0c296bd4fcc5b0e1d69b0918f047b7185787ebd
	SHA256	f1964b291314e76256f12cbdf3b737bf2f348f36ae57d8912e526dc384da9d05
SSDeep	3072:AnOVSakH9H7Ltj5oYotrQxweCrf7knTi2SfULm7bEo7jf1F:AnxakTFoYotKweukTDS8LmPBd
Size	120832 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-GD [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Gen Panda = Trj/CI.A nProtect = Gen:Variant.Graftor.1575 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!gJVAH4FUKak TrendMicro-HouseCall = TROJ_GEN.R72C2H6 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Vundo!kl DrWeb = Trojan.WinSpy.1073 TrendMicro = TROJ_GEN.R72C2H6 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.imrk McAfee = Vundo!kl F-Secure = Trojan.Generic.6245601 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.BFM Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen Symantec = Trojan.Gen GData = Trojan.Generic.6245601 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.npn BitDefender = Trojan.Generic.6245601 NOD32 = a variant of Win32/Kryptik.NPN
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:14 13:39:47-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 69632 Initialized Data Size : 94208 Uninitialized Data Size : 0 Entry Point : 0x11a81 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1.3.0.3130 Product Version Number : 1.3.0.3130 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Jywyluocc Vhpbrgajfmp File Description : TDC ActiveX Control File Version : 1, 3, 0, 3130 Internal Name : TDC Legal Copyright : Copyright © 1996, 1997 Original Filename : TDC.OCX Product Name : Tabular Data Control Product Version : 1, 3, 0, 3130
VirusTotal Report submitted 2011-11-16 13:35:38
VirusShare info last updated 2012-07-25 09:30:56

	MD5	683dd6fbc6c86b24863d2a54016fb94f
	SHA1	0f9c319a5c4c9c91310113af221a8777064d4fae
	SHA256	96ccf04bd84f96359a2876d3204697ce5aa20dbb62365fa17d265511d6f7c9a6
SSDeep	3072:kajVVWR9a39WuNN26E0Rc8pusobWKQh+srJ1gkip6jby88:lVMHiN24Xuj5QQ8JmY8
Size	109056 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = AdWare/Win32.SuperJuan.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Trj/Vundo.R nProtect = Trojan/W32.Vundo.109056.G K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!J/MsunYY0wE VBA32 = AdWare.SuperJuan.xfp TrendMicro-HouseCall = TROJ_GEN.R4FC1IQ Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Vundo McAfee-GW-Edition = Generic.dx!zcc DrWeb = Trojan.Virtumod.10242 TrendMicro = TROJ_GEN.R4FC1IQ Kaspersky = not-a-virus:AdWare.Win32.SuperJuan.acuh Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Adware/SuperJuan.gx McAfee = Generic.dx!zcc F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.BZ.gen!Eldorado AVG = Cryptic.BVC Norman = W32/Kryptik.AIF Symantec = Trojan.Gen GData = Gen:Variant.Vundo.13 Commtouch = W32/Virtumonde.BZ.gen!Eldorado TheHacker = Trojan/Kryptik.jgy BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.JGY
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:08:15 05:12:53-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 57344 Initialized Data Size : 88064 Uninitialized Data Size : 0 Entry Point : 0xedcd OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.3959 Product Version Number : 5.2.3790.3959 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Windows System Performance Objects DLL File Version : 5.2.3790.3959 (srv03_sp2_rtm.070216-1710) Internal Name : PERFOS.DLL Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : PERFOS.DLL Product Name : Microsoft® Windows® Operating System Product Version : 5.2.3790.3959
VirusTotal Report submitted 2011-11-16 14:04:30
VirusShare info last updated 2012-07-25 09:31:34

	MD5	68d2f7c590277eb30bb45207865a7536
	SHA1	5300181d3c6e32812fccef462dac624c8e34ea32
	SHA256	5b4b2111bffdb68e4dc8d8040d012266aafdfb8a174829248916ee414cc19cc3
SSDeep	3072:w31LPqopKHCTKPMxKrwEu2ZhwHJValiljMqqDLy/GVK:01LPsHgKPCChwgnqqDLuG
Size	166400 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.A.946 Avast = Win32:Kryptik-ELX [Trj] Antiy-AVL = Trojan/Win32.Monder.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Trj/Genetic.gen Rising = Trojan.Win32.Generic.12899D94 nProtect = Trojan/W32.Monder.166400.D K7AntiVirus = Riskware eTrust-Vet = Win32/Vundo.HQK TrendMicro-HouseCall = TROJ_GEN.R72C2H5 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Vundo!kf DrWeb = Trojan.Smardec.75 TrendMicro = TROJ_GEN.R72C2H5 Kaspersky = Trojan.Win32.Monder.drjy Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr Jiangmin = Trojan/Monder.aapz McAfee = Vundo!kf F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Generic!BT F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.ANJ Norman = W32/Kryptik.AIF Symantec = WS.Reputation.1 GData = Gen:Variant.Vundo.13 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.oxq BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.OXQ
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:12:07 01:22:53-05:00 PE Type : PE32 Linker Version : 5.12 Code Size : 98304 Initialized Data Size : 118784 Uninitialized Data Size : 0 Entry Point : 0x148ca OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.3790.3959 Product Version Number : 6.0.3790.3959 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Microsoft IIS Common Logging Interface DLL File Version : 6.0.3790.3959 (srv03_sp2_rtm.070216-1710) Internal Name : ISCOMLOG.DLL Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : ISCOMLOG.DLL Product Name : Internet Information Services Product Version : 6.0.3790.3959
VirusTotal Report submitted 2011-11-16 14:15:02
VirusShare info last updated 2012-07-25 09:31:52

	MD5	69a46b69e35c436e899f2d22e29e5632
	SHA1	b5486ad421c97395a12d1c1128e5469eeb9d0899
	SHA256	6e232d9d25edc20c52b37ff11556350cd54251585b476b8c076cb0736bc358c8
SSDeep	3072:fxch0QRNxM5hRl/m2bxyMtkcVKVs2T4SIdN1:JchnR3ghR5J82OV3ed
Size	121856 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = AdWare/Win32.SuperJuan.gen Ikarus = Trojan.Win32.Pirminay Panda = Suspicious file nProtect = Trojan/W32.Agent.121856.EP K7AntiVirus = Riskware VBA32 = AdWare.SuperJuan.yht TrendMicro-HouseCall = TROJ_GEN.R4FC3EA Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Generic.dx!zcc DrWeb = Trojan.Virtumod.10476 TrendMicro = TROJ_GEN.R4FC3EA Kaspersky = Trojan.Win32.Monder.myas Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Dx.ZCC!tr PCTools = Trojan.Gen Jiangmin = Adware/SuperJuan.if McAfee = Generic.dx!zcc F-Secure = Trojan.Generic.5889503 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Cryptic.BTF Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen Symantec = Trojan.Gen.2 GData = Win32:MalOb-EI Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Trojan.Generic.5889503 NOD32 = a variant of Win32/Kryptik.JHE
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:22 04:35:55-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 107008 Initialized Data Size : 51200 Uninitialized Data Size : 0 Entry Point : 0x1af6e OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 8.0.50727.312 Product Version Number : 8.0.50727.312 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : Neutral Character Set : Unicode Comments : Microsoft.Vsa.dll Company Name : Microsoft Corporation File Description : Microsoft.Vsa.dll File Version : 8.0.50727.312 Internal Name : Microsoft.Vsa.dll Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : Microsoft.Vsa.dll Product Name : Microsoft (R) Visual Studio (R) 2005 Product Version : 8.0.50727.312 Assembly Version : 8.0.0.0
VirusTotal Report submitted 2011-11-16 14:29:40
VirusShare info last updated 2012-07-25 09:32:07

	MD5	69d158604a0d1fe28aa4b415d65c0d9f
	SHA1	1faee96aa0e255887fc18f57d3909f74172a3245
	SHA256	0d46fca73899ffdb59614a5b7eeaa59ab2f140a0c4344f66fe46b75092d2cb90
SSDeep	3072:fhkan/WVj8HlkE7/nm2JOrFZMKN0o9W32/fx8:qan+Kkmnm2yPusu23x
Size	105984 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:MalOb-FA [Cryp] Antiy-AVL = Trojan/Win32.Agent.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Vundo Panda = Trj/Vundo.I nProtect = Trojan/W32.Vundo.105984.B K7AntiVirus = Trojan VirusBuster = Trojan.Agent!jGNs5UA071Y eTrust-Vet = Win32/Agent.BFJ!genus TrendMicro-HouseCall = TROJ_VUNDO.SMIA Emsisoft = Trojan.Win32.Pirminay!IK Comodo = TrojWare.Win32.Agent.hodh SUPERAntiSpyware = Trojan.Agent/Gen-Vonder TrendMicro = TROJ_VUNDO.SMIA Kaspersky = Trojan.Win32.Agent.hodh Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Genome.ihm F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.BZ.gen!Eldorado AVG = Injector.AAJ Norman = W32/Kryptik.AIF Sophos = Troj/Agent-PKR Symantec = Trojan.Gen GData = Gen:Variant.Vundo.4 Commtouch = W32/Virtumonde.BZ.gen!Eldorado TheHacker = Trojan/Injector.dse BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Injector.DSE
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:02:02 03:17:08-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 57856 Initialized Data Size : 83968 Uninitialized Data Size : 0 Entry Point : 0xf06d OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1.1.4322.573 Product Version Number : 1.1.4322.573 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : netfxperf.lib File Version : 1.1.4322.573 Internal Name : netfxperf.lib Legal Copyright : Copyright (C) Microsoft Corporation 1998-2002. All rights reserved. Legal Trademarks : Microsoft and Windows are either registered trademarks or trademarks of Microsoft Corporation in the U.S. and/or other countries. Original Filename : netfxperf.lib Product Name : Microsoft (R) .NET Framework Product Version : 1.1.4322.573 Comments : Microsoft .NET Framework build environement is Retail. SafeSync counter=0
VirusTotal Report submitted 2011-11-16 14:32:02
VirusShare info last updated 2012-07-25 09:32:11

	MD5	69ff94438439f82231f0f037cb380914
	SHA1	c156231bd5997c705eff463c194aaa3e2de4f891
	SHA256	b8a99d5c3f4d7c7120301ff60f8d5e19765d8b6a126214c3bc3b5519b1bb1576
SSDeep	1536:BloY9TCmaFMdf0MAcqP6ag4wQyajxxV6oq4j:BloY9TCLMT9qyag45yadxrq
Size	80896 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.AV.802 Avast = Win32:MalOb-GD [Cryp] Antiy-AVL = Trojan/Win32.Monder.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!DUcG5bGQIvg TrendMicro-HouseCall = TROJ_GEN.R21C1K2 Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Faldesc[RE] McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.Virtumod.10571 TrendMicro = TROJ_GEN.R21C1K2 Kaspersky = Trojan.Win32.Monder.mxwn Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.inoj McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.4 VIPRE = Virtumonde F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic25.BGBV Norman = W32/Kryptik.AIF Symantec = Trojan.Gen GData = Gen:Variant.Vundo.4 Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.OCU
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:09:18 17:05:04-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 61440 Initialized Data Size : 57344 Uninitialized Data Size : 0 Entry Point : 0xf621 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6001.18000 Product Version Number : 6.0.6001.18000 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Bpvzsoopi Nskvvnbnlcg File Description : Yiykmbwpy® InfoTech Storage Yhtfxj Library File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840) Internal Name : APSS Legal Copyright : © Mtxyltvhu Corporation. All rights reserved. Original Filename : APSS.DLL Product Name : Ftjrxowtm® Mhkdvnj® Bniobijdq Brxvdg Product Version : 6.0.6001.18000
VirusTotal Report submitted 2011-11-16 14:34:59
VirusShare info last updated 2012-07-25 09:32:14

	MD5	6aef8e1bcb9f7e74c3b173e58b7c9419
	SHA1	10cf724fa52c76256221ff800bfb705e04ece614
	SHA256	13d4a1fd647c02a361d8928e0298969b05b6f501b9388debbab40c11b51870ae
SSDeep	3072:3o0tooBB/wYzVK4DC0nuAzZvYLTnDGdRJE6ZLUmggpok5aiaKy:3VooBBRhrVnuAu/DIRJEjXgptR
Size	167424 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/Win32.Monder.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Suspicious file nProtect = Gen:Variant.Renos.61 K7AntiVirus = Riskware VBA32 = AdWare.SuperJuan.xfx TrendMicro-HouseCall = TROJ_GEN.R21C1K4 Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Vundo McAfee-GW-Edition = Generic.dx!zcd DrWeb = Trojan.Virtumod.10230 TrendMicro = TROJ_GEN.R21C1K4 Kaspersky = Trojan.Win32.Monder.myai Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Monder.abdm McAfee = Generic.dx!zcd F-Secure = Gen:Variant.Renos.61 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Cryptic.BPO Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen Symantec = Trojan.Gen.2 GData = Gen:Variant.Renos.61 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Monder.mmfz BitDefender = Gen:Variant.Renos.61 NOD32 = a variant of Win32/Kryptik.IZC
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:01:20 08:32:59-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 116736 Initialized Data Size : 86528 Uninitialized Data Size : 0 Entry Point : 0x1d5d4 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Windows Management Interface for ACPI File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : wmiacpi.sys Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : wmiacpi.sys Product Name : Microsoft® Windows® Operating System Product Version : 6.1.7600.16385
VirusTotal Report submitted 2011-11-16 14:48:15
VirusShare info last updated 2012-07-25 09:32:31

	MD5	72ac23630f4038208bf0cc245a825cbd
	SHA1	81c65625a6cb8b81fbbcbe447022b58140c59e30
	SHA256	4891a628255e11dbd1e64814208f661683bd5d9e0f1d1febed0145d01a9852fc
SSDeep	1536:kAVupyFe3hb9MehQ/OQMV3lJhdfebbknHNM2/P23sqCW/:Ly3hb9rEO3V1hYGNM628pW/
Size	66048 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Suspicious file Rising = Trojan.Win32.Generic.124CC4EF nProtect = Trojan/W32.Vundo.66048 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!g7TOyaguAds VBA32 = AdWare.SuperJuan.xhb TrendMicro-HouseCall = TROJ_GEN.R72C2EC Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Generic PUP.x!pj DrWeb = Trojan.Juan.504 TrendMicro = TROJ_GEN.R72C2EC Kaspersky = not-a-virus:AdWare.Win32.SuperJuan.abba Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Adware/SuperJuan.gf McAfee = Generic PUP.x!pj F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.BZ.gen!Eldorado AVG = Generic22.AMJO Norman = W32/Vundo.UUW Sophos = Troj/Virtum-Gen Symantec = Trojan.Gen GData = Gen:Variant.Vundo.13 Commtouch = W32/Virtumonde.BZ.gen!Eldorado BitDefender = Gen:Variant.Vundo.13 NOD32 = probably a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2004:07:20 11:10:58-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 24576 Initialized Data Size : 78336 Uninitialized Data Size : 0 Entry Point : 0x6e0d OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.3959 Product Version Number : 5.2.3790.3959 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : SENS Connectivity API DLL File Version : 5.2.3790.3959 (srv03_sp2_rtm.070216-1710) Internal Name : SensApi.dll Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : SensApi.dll Product Name : Microsoft® Windows® Operating System Product Version : 5.2.3790.3959
VirusTotal Report submitted 2011-11-16 21:50:16
VirusShare info last updated 2012-07-25 09:35:07

	MD5	7435175cb9797dcaecb162935b6e57dd
	SHA1	78e7bcfbbde3d87743a5f7e0ae516d081ad6c9f3
	SHA256	8a7679b2c9720125ab65c444b76c93ab20714109a9d0b56edadd797075d6a145
SSDeep	3072:q28A8Me7T/n5DpvESVORTN1hCXn1wMwHyaXnTcRJGnswYsQSxtTIPRZZLM5:q2mMe7VDfVfwMwpnP06IR
Size	150016 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:MalOb-GD [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.HDC Panda = Generic Trojan K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!ICDlcM7rftk TrendMicro-HouseCall = TROJ_GEN.R72C2F8 Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.WinSpy.1313 TrendMicro = TROJ_GEN.R72C2F8 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.gdwr McAfee = Generic Malware.ms F-Secure = Gen:Heur.Ranpax.1 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.BDUL Norman = W32/Kryptik.AIF Symantec = Trojan.Gen GData = Gen:Heur.Ranpax.1 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.ndf BitDefender = Gen:Heur.Ranpax.1 NOD32 = a variant of Win32/Kryptik.NDF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2007:02:25 23:57:15-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 139264 Initialized Data Size : 53248 Uninitialized Data Size : 0 Entry Point : 0x22691 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Sqdxuwjyv Jtzvdxwxyfz File Description : RD Gateway QEC File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : tsgqec.dll Legal Copyright : © Pfsomcmvl Jfkoqfylawb. All rights reserved. Original Filename : tsgqec.dll Product Name : Qidllkosj® Windows® Mphwnomth Jumiqu Product Version : 6.1.7600.16385
VirusTotal Report submitted 2011-11-17 07:05:41
VirusShare info last updated 2012-07-25 09:35:41

	MD5	78062dece5a68b52e137e2846a68069b
	SHA1	20fabf5eeece72e93eeeca42825babfc630739ee
	SHA256	0a0d31f8218a820b5838db7a60c2579ec193cce99c751b42a5ce890f3e9a8b7d
SSDeep	12288:wgF6d6Ds7tL2Hhrh7l7LycsDVHUwLLaAokBP/:H6dIs7xchrh7kDZUWLa+
Size	567296 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Spy.ZBot.34.42 Avast = Win32:Zbot-NDA [Trj] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Generic Trojan Rising = Trojan.Win32.Generic.1287C8CD nProtect = Trojan/W32.Agent.567296.AF K7AntiVirus = Trojan TrendMicro-HouseCall = TROJ_GEN.R31C2EV Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.DownLoader2.62631 TrendMicro = TROJ_GEN.R31C2EV Kaspersky = Trojan.Win32.Pirminay.hjb Microsoft = TrojanDownloader:Win32/Renos.KC Fortinet = W32/Kryptik.ANL!tr PCTools = Adware.Lop!rem Jiangmin = Trojan/Pirminay.acw McAfee = Generic Malware.ms F-Secure = Gen:Variant.Zbot.34 VIPRE = Trojan.Win32.Generic!BT F-Prot = W32/Swizzor-based.2!Maximus AVG = SHeur3.CAHS Norman = W32/Obfuscated.L Sophos = Troj/Virtum-Gen Symantec = Adware.Lop GData = Gen:Variant.Zbot.34 Commtouch = W32/Swizzor-based.2!Maximus TheHacker = Trojan/Pirminay.hjb BitDefender = Gen:Variant.Zbot.34 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2007:02:16 12:20:03-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 548864 Initialized Data Size : 524288 Uninitialized Data Size : 0 Entry Point : 0x83036 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7000.0 Product Version Number : 6.1.7000.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Hmoikncpp Fxwperllbqt File Description : Netbios Kpglxvh Sockets Helper DLL File Version : 6.1.7000.0 (winmain_win7beta.081212-1400) Internal Name : wshnetbs.dll Legal Copyright : © Rgxbbzenw Aesgeopgokn. All rights reserved. Original Filename : wshnetbs.dll Product Name : Microsoft® Quofwae® Uopqdezfq Boqnhe Product Version : 6.1.7000.0
VirusTotal Report submitted 2011-11-17 10:00:57
VirusShare info last updated 2012-07-25 09:37:13

	MD5	94793c51e345a74b7ab5019665f08d59
	SHA1	9789cdbe342174e0561da12083fa9398dd7fad7d
	SHA256	65872dc622305ad4123efb05452387023a93c24b1e769a34a9b6ff61750d5530
SSDeep	3072:j0b1IVLs05WNzmn+OgUEsk/KXBGfK/g8uoxXXqC0AAD3Qx:UI20okf4rfKGc+zD3Y
Size	115200 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.XPACK.Gen Avast = Win32:MalOb-GD [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Vundo Panda = Trj/Genetic.gen nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!4I9mDA+V31g TrendMicro-HouseCall = TROJ_GEN.R72C2F1 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Vundo!kb DrWeb = Trojan.WinSpy.1276 TrendMicro = TROJ_GEN.R72C2F1 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.fnxb McAfee = Vundo!kb F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.BERV Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen Symantec = Trojan.Gen GData = Gen:Variant.Vundo.4 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.llt BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LLT
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:06:11 15:18:07-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 102400 Initialized Data Size : 49152 Uninitialized Data Size : 0 Entry Point : 0x19601 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.0.0.3422 Product Version Number : 2.0.0.3422 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : Rlikrttkj Ibietanazzz File Description : Jugqectay Character Animation Data Provider File Version : 2.00.0.3422 Internal Name : AgentDataProvider2 Legal Copyright : Copyright (C) Bhgtbibxy Corp. 1997-98 Legal Trademarks : Original Filename : AgentDp2.dll Private Build : Product Name : Nrrmupjma Character Animation Data Provider Product Version : 2.00.0.3422 Special Build :
VirusTotal Report submitted 2011-11-17 17:50:08
VirusShare info last updated 2012-07-25 09:46:50

	MD5	97f806dd27c33185af4e3c0e08ce2892
	SHA1	be88dd0c8d3f68cd1f4952a1c5a0a0c3d72a27bd
	SHA256	e3916a7d13e26fd9b48b747c7ed9d9d04679fa50830ffaf6480c56afed21b85e
SSDeep	768:PUlFQcbl6XVYGLkT7h21tycL/kPHkCxA8Eucr+MJyObRDSepNPCsI:PEQcbU8E1AjprcsOtZpNP4
Size	69632 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.ghi Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/Win32.Monder.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Vundo Panda = Trj/CI.A nProtect = Trojan/W32.Monder.69632.L K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!rmcn4pRGgQI TrendMicro-HouseCall = TROJ_VUNDO.SMP1 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Faldesc[RE] McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.Smardec.58 TrendMicro = TROJ_VUNDO.SMP1 Kaspersky = Trojan.Win32.Monder.miya Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Monder.aahh McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.CLBD Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen Symantec = Trojan.Gen GData = Gen:Variant.Vundo.4 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Monder.mjbr BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.NDF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:11:23 16:38:47-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 49152 Initialized Data Size : 49152 Uninitialized Data Size : 0 Entry Point : 0xbf81 OS Version : 4.0 Image Version : 9.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.1106 Product Version Number : 5.1.2600.1106 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Nimybltgr Xypkzmsxjwz File Description : Cplffpxds DirectMusic Scripting File Version : 5.1.2600.1106 (xpsp1.020828-1920) Internal Name : Lqlbuiifh DirectMusic Scripting Legal Copyright : © Xpmyvicde Nuzgyszckie. All rights reserved. Original Filename : dmscript.dll Product Name : Ehrtaizdy® Xkyordn® Fpyueukmy System Product Version : 5.1.2600.1106
VirusTotal Report submitted 2011-11-17 18:46:16
VirusShare info last updated 2012-07-25 09:48:05

	MD5	a79edf7738c495ae9e6a3b8d0bafc9bc
	SHA1	235a50a7f9159e3f0a891e22fe6ae8d8965005ab
	SHA256	78e3225a687c03d33342c8c81abe8d36918a4cb1e5d268ec7602f8b62c2e9fec
SSDeep	1536:MSumlX4Ap92+LIT4NGMc7SeoSM5oUSzhiTPU:7ueX4Ap9vL2X5xMEhiTc
Size	64000 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:MalOb-HH [Cryp] Ikarus = Trojan.Win32.Vundo AhnLab-V3 = Trojan/Win32.Pirminay Panda = Suspicious file nProtect = Trojan/W32.Vundo.64000.B K7AntiVirus = Riskware VirusBuster = Trojan.Pirminay!jRJsdar4nBY VBA32 = Trojan.Pirminay.gha TrendMicro-HouseCall = TROJ_GEN.R72C2EN Emsisoft = Trojan.Win32.Vundo!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Vundo!kk DrWeb = Trojan.Hosts.4546 TrendMicro = TROJ_GEN.R72C2EN Kaspersky = Trojan.Win32.Pirminay.gha Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Virtumonde.BZS!tr PCTools = Trojan.Gen Jiangmin = Adware/SuperJuan.ew McAfee = Vundo!kk F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.BZ.gen!Eldorado AVG = Generic22.BDQM Norman = W32/Suspicious_Gen2.PVKLD Sophos = Troj/Virtum-Gen Symantec = Trojan.Gen GData = Gen:Variant.Vundo.13 Commtouch = W32/Virtumonde.BZ.gen!Eldorado TheHacker = Trojan/Pirminay.gha BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.GND
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:21 04:45:54-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 24064 Initialized Data Size : 76288 Uninitialized Data Size : 0 Entry Point : 0x6bd3 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7000.0 Product Version Number : 6.1.7000.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 2 Language Code : Neutral Character Set : Unicode Company Name : Microsoft Corporation File Description : Western Armenian Keyboard Layout File Version : 6.1.7000.0 (winmain_win7beta.081212-1400) Internal Name : kbdarmw (3.13) Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : kbdarmw.dll Product Name : Microsoft® Windows® Operating System Product Version : 6.1.7000.0
VirusTotal Report submitted 2011-11-17 23:37:23
VirusShare info last updated 2012-07-25 09:54:15

	MD5	b6babab0cbcc42a07d89df325ddeccdf
	SHA1	c405921664bd8382afa34a3702e517017bf822eb
	SHA256	5c37a984dc2be04d81a6e502baaab944fa0a05ff9e82aa84d4155c27272fe925
SSDeep	6144:455IJzJznrggsdgz1Jo5H9PnNUxBqczZcuhBzQYvYPuvK09:4HI1dS8Jw9/axhNPBz1QPmKE
Size	294341 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Pirminay.bhf Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/Agent.OLO nProtect = Backdoor/W32.Agent.294341 K7AntiVirus = Riskware VBA32 = SScope.Trojan.Pirminay.chc TrendMicro-HouseCall = TROJ_GEN.R3BCRBR Comodo = UnclassifiedMalware Emsisoft = Trojan.Pirminay!IK McAfee-GW-Edition = Kryp.b DrWeb = Trojan.MulDrop1.59103 TrendMicro = TROJ_GEN.R3BCRBR Kaspersky = Trojan.Win32.Pirminay.cub Microsoft = TrojanDownloader:Win32/Renos.KC Fortinet = PossibleThreat PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.gs McAfee = Kryp.b ClamAV = Trojan.Agent-183385 F-Secure = Backdoor.Generic.542938 VIPRE = Trojan.Win32.Generic!BT AVG = Downloader.Generic10.BOLE Norman = W32/Kryptik.AIF Sophos = Mal/Ponmocup-A Symantec = Trojan.Gen GData = Backdoor.Generic.542938 TheHacker = Trojan/Pirminay.bhf BitDefender = Backdoor.Generic.542938 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:04:01 19:14:40-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 24064 Initialized Data Size : 531968 Uninitialized Data Size : 0 Entry Point : 0x69a6 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2001.12.4414.42 Product Version Number : 3.0.0.4414 File Flags Mask : 0x003f File Flags : Special build File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Windows, Latin1 Company Name : Microsoft Corporation File Version : 2001.12.4414.42 Internal Name : COMADDIN.DLL Legal Copyright : Copyright (C) Microsoft Corp. 1995-1999 Legal Trademarks : Microsoft(R) is a registered trademark of Microsoft Corporation. Windows(TM) is a trademark of Microsoft Corporation Product Name : COM Services Product Version : 03.00.00.4414
VirusTotal Report submitted 2011-11-18 04:44:09
VirusShare info last updated 2012-07-25 10:00:30

	MD5	b9fd3c228e87518a54ced56f50c95be5
	SHA1	28d39f37f0d41ae57336804e9aba94ded3fe1165
	SHA256	a0fdad44d8fcd937705663f899a34677990cfa2755801c936b097a7e08d212be
SSDeep	768:UFFFyuaZEoXNlOsmH8mnq58eoLF57TehFzppnx01fY9XyCeG4jvIy:8FTaZEoXHO5a7oZ57Te3/nMg9XyPs
Size	44544 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.AV.338 Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = AdWare/Win32.SuperJuan.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Adware/Win32.SuperJuan Panda = Generic Trojan nProtect = Trojan-Clicker/W32.SuperJuan.44544 K7AntiVirus = Riskware VirusBuster = Adware.SuperJuan!Uk3TCRKYL+U TrendMicro-HouseCall = TROJ_GEN.R07C1EJ Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Vundo!hq DrWeb = Trojan.Virtumod.10487 TrendMicro = TROJ_GEN.R07C1EJ Kaspersky = not-a-virus:AdWare.Win32.SuperJuan.abdw Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen McAfee = Vundo!hq F-Secure = Trojan.Generic.5783794 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.BZ.gen!Eldorado AVG = Crypt_c.AYB Norman = W32/Vundo.UUW Sophos = Mal/Generic-L Symantec = Trojan.Gen.2 GData = Trojan.Generic.5783794 Commtouch = W32/Virtumonde.BZ.gen!Eldorado BitDefender = Trojan.Generic.5783794 NOD32 = a variant of Win32/Kryptik.GND
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:08:06 20:59:44-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 3584 Initialized Data Size : 75776 Uninitialized Data Size : 0 Entry Point : 0x1d07 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1.0.0.6 Product Version Number : 1.0.0.6 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 1 Language Code : English (U.S.) Character Set : Unicode Company Name : Brother Industries LTD. File Description : File Version : 1, 0, 0, 6 (fbl_dox_dev_ihvs.081017-0249) Internal Name : brmzui13.dll Legal Copyright : Copyright © Brother Industries LTD., 2006 Original Filename : brmzui13.dll Product Name : BR HB UI Product Version : 1.00.0000.6
VirusTotal Report submitted 2011-11-18 05:50:00
VirusShare info last updated 2012-07-25 10:01:35

	MD5	be84c71ef34336f2449b5ffe2cd284b8
	SHA1	2bdaf71824e01faf47ef9e4496b927760a7221cb
	SHA256	e4d721f9c6de0dc0e330090b5dc03f036ba964cade5c8e5f650b4fb5fbf9db92
SSDeep	1536:X7+Zb2h20qJdeBrVH6vPmihJNvzq/4DkIygDAuiGl4xeVE0KyJrUDgiLN+wPqXc2:KZbTxdhz7qAoALKr0KM3WnSXcgxxl+
Size	114688 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.307200 Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/Win32.Monder.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Trj/Agent.OOF nProtect = Trojan/W32.Vundo.114688 K7AntiVirus = Riskware eTrust-Vet = Win32/Monder.A!generic Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] DrWeb = Trojan.Virtumod.9883 Kaspersky = Trojan.Win32.Monder.drjy Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr Jiangmin = Trojan/Monder.abli F-Secure = Gen:Variant.Vundo.4 F-Prot = W32/Virtumonde.CD.gen!Eldorado AVG = Generic22.BNJE Norman = W32/Kryptik.AIF GData = Gen:Variant.Vundo.4 Commtouch = W32/Virtumonde.CD.gen!Eldorado TheHacker = Trojan/Kryptik.ndp BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.NDP
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:09:30 09:06:57-04:00 PE Type : PE32 Linker Version : 5.12 Code Size : 61440 Initialized Data Size : 94208 Uninitialized Data Size : 0 Entry Point : 0xbed5 OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.0.2163.1 Product Version Number : 5.0.2163.1 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Yexmzwzgt Xuzfxidzbkv File Description : Fax routing extension File Version : 5.00.2163.1 Internal Name : routeext.dll Legal Copyright : Copyright (C) Whobakcht Corp. 1981-1999 Original Filename : routeext.dll Product Name : Xjpbsxesg(R) Qujgfpc (R) 2000 Zcxtaejjv Halffi Product Version : 5.00.2163.1
VirusTotal Report submitted 2011-11-18 07:06:22
VirusShare info last updated 2012-07-25 10:03:15

	MD5	c2e619477d19a51b0d261c9297caa810
	SHA1	4dff0eeb1f60548ee29620f171eeddbca4b0aa68
	SHA256	7f01fa8ad44ba5aceb84aec302dbf2e293171d01099d5ce528a9747de6c3ad26
SSDeep	3072:Fpb1IVLs05WNzmn+OtxE7BPKXBGfK/c8uzxX2qCJAeD3mFx:hI20okfarfKyt0tD3u
Size	115200 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.XPACK.Gen Avast = Win32:MalOb-GD [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Vundo Panda = Trj/Genetic.gen nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!q53wfzS4pog TrendMicro-HouseCall = TROJ_GEN.R72C2FT Emsisoft = Trojan.Win32.Pirminay!IK Comodo = TrojWare.Win32.Kryptik.LLT SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Vundo!lw DrWeb = Trojan.WinSpy.1276 TrendMicro = TROJ_GEN.R72C2FT Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr Jiangmin = Trojan/Generic.fnxb McAfee = Vundo!lw F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.DES Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen Symantec = WS.Reputation.1 GData = Gen:Variant.Vundo.4 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.llt BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LLT
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:06:11 15:18:07-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 102400 Initialized Data Size : 49152 Uninitialized Data Size : 0 Entry Point : 0x19601 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.0.0.3422 Product Version Number : 2.0.0.3422 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : Rlikrttkj Ibietanazzz File Description : Jugqectay Character Animation Data Provider File Version : 2.00.0.3422 Internal Name : AgentDataProvider2 Legal Copyright : Copyright (C) Bhgtbibxy Corp. 1997-98 Legal Trademarks : Original Filename : AgentDp2.dll Private Build : Product Name : Nrrmupjma Character Animation Data Provider Product Version : 2.00.0.3422 Special Build :
VirusTotal Report submitted 2011-11-18 08:21:59
VirusShare info last updated 2012-07-25 10:04:48

	MD5	ce832051053c0011d41ee4ec723cb5a8
	SHA1	25968b6c5f3e46391d6f17c50ffd02e4e5f1e3d8
	SHA256	1d221717068cb5f54efbab01f0d3eb4310fc23becebeb8680cae46307432ba14
SSDeep	1536:WvleR4XCQFYV8k5CgW4OH3gjn/ZZyGf5ZwaqzbTSOA+oVWV52cxz:WvlZSik8gN8gb/ZZyGBobP/v2cxz
Size	84480 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dldr.Tracur.AG.9 Avast = Win32:MalOb-HO [Cryp] Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan-Downloader.Win32.Tracur AhnLab-V3 = Trojan/Win32.HDC Panda = Trj/CI.A Rising = Suspicious nProtect = Gen:Variant.Kazy.40446 K7AntiVirus = Trojan VBA32 = Trojan.Rundup.q eTrust-Vet = Win32/Tracur.GD TrendMicro-HouseCall = TROJ_GEN.R4FC7K5 Comodo = UnclassifiedMalware Emsisoft = Trojan-Downloader.Win32.Tracur!IK SUPERAntiSpyware = Trojan.Agent/Gen-MSFake McAfee-GW-Edition = Artemis!CE832051053C DrWeb = Trojan.Hosts.5080 TrendMicro = TROJ_GEN.R4FC7K5 Kaspersky = Trojan.Win32.Rundup.q Microsoft = TrojanDownloader:Win32/Tracur.AI Fortinet = W32/Pirminay.PBV!tr PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.aok McAfee = Artemis!CE832051053C F-Secure = Gen:Variant.Kazy.40446 VIPRE = Trojan.Win32.Generic!BT F-Prot = W32/SuspPack.DW.gen!Eldorado AVG = Generic25.AGKO Norman = W32/Suspicious_Gen2.RRZRP Sophos = Mal/Generic-L Symantec = Trojan.Gen.2 GData = Gen:Variant.Kazy.40446 Commtouch = W32/SuspPack.DW.gen!Eldorado TheHacker = Trojan/Kryptik.ucc BitDefender = Gen:Variant.Kazy.40446 NOD32 = a variant of Win32/Kryptik.UCC
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2007:02:06 13:43:34-05:00 PE Type : PE32 Linker Version : 5.1 Code Size : 57856 Initialized Data Size : 16384 Uninitialized Data Size : 126976 Entry Point : 0x2b62 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Unimodem Service Provider AT Mini Driver File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : UNIMDMAT Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : UNIMDMAT.DLL Product Name : Microsoft® Windows® Operating System Product Version : 6.1.7600.16385
VirusTotal Report submitted 2011-11-18 11:33:39
VirusShare info last updated 2012-07-25 10:09:05

	MD5	d8162e668e3177a619964b113f53c45f
	SHA1	28ff0cbb31bcef073744b40f7962a7807a11404a
	SHA256	ae4fc63acc8e60f30b364ff9af17fea209db0fe9b7031ee4bc17b0ca1abd2fe2
SSDeep	1536:U4PwSC/UXuY28bQJjml9I3k3lQ36QDkUt:U6wx8b20QJj83lQ39k
Size	49664 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.AV.520 Avast = Win32:MalOb-GH [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Trj/Genetic.gen nProtect = Trojan/W32.Small.49664.EE K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!49njzLi1Nq4 eTrust-Vet = Win32/Vundo.A!generic TrendMicro-HouseCall = TROJ_GEN.R72C2FJ Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Vundo!ke DrWeb = Trojan.WinSpy.1071 TrendMicro = TROJ_GEN.R72C2FJ Kaspersky = Trojan.Win32.Monder.mpeg ViRobot = Trojan.Win32.Vundo.49664 Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.isio McAfee = Vundo!ke F-Secure = Trojan.Generic.6144562 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.ST AVG = Generic22.COIK Norman = W32/Kryptik.AKE Sophos = Troj/Virtum-Gen Symantec = Trojan.Gen GData = Trojan.Generic.6144562 Commtouch = W32/Virtumonde.ST TheHacker = Trojan/Kryptik.ocu BitDefender = Trojan.Generic.6144562 NOD32 = a variant of Win32/Kryptik.OCU
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2004:08:16 10:16:46-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 40960 Initialized Data Size : 49152 Uninitialized Data Size : 0 Entry Point : 0xaeb1 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2001.12.4414.258 Product Version Number : 3.0.0.4414 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Windows, Latin1 Company Name : Yzwibhlqj Ewifvhxbtkz File Description : Simple Kernel-mode File-based Log File Version : 2001.12.4414.258 Internal Name : txflog.sys Legal Copyright : Copyright (C) Microsoft Corp. 1995-1999 Legal Trademarks : Qfvwqsgxa(R) is a registered trademark of Ighyzngxg Psbzwdzhbpn. Pbnyczd(TM) is a trademark of Zlpagiibr Klpywuagrfb Product Name : COM Services Product Version : 03.00.00.4414
VirusTotal Report submitted 2011-11-18 14:12:46
VirusShare info last updated 2012-07-25 10:12:37

	MD5	e2ece3706c621396ab275a90c6ea9296
	SHA1	85682af5343089242ff9ea1b4602298f8a4fdc34
	SHA256	83281aa8184492254d53c7d247fd7a5b47d5669f8e242429a98684f4cb3064f4
SSDeep	1536:U4gwSC/UXuY28bQJjml9I3k3lQ36QDkUHbr:U1wx8b20QJj83lQ39k
Size	49664 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.AV.519 Avast = Win32:MalOb-GH [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Trj/Genetic.gen nProtect = Trojan/W32.Small.49664.EE K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!x7wm7mdtWn8 eTrust-Vet = Win32/Vundo.A!generic TrendMicro-HouseCall = TROJ_GEN.R72C2GC Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Vundo!kl DrWeb = Trojan.WinSpy.1071 TrendMicro = TROJ_GEN.R72C2GC Kaspersky = Trojan.Win32.Monder.mpee Microsoft = Trojan:Win32/Vundo.gen!AV ViRobot = Trojan.Win32.Vundo.49664 Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.isio McAfee = Vundo!kl F-Secure = Trojan.Generic.6271861 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.ST AVG = Generic22.COLV Norman = W32/Kryptik.AKE Sophos = Troj/Virtum-Gen Symantec = Trojan.Gen GData = Trojan.Generic.6271861 Commtouch = W32/Virtumonde.ST TheHacker = Trojan/Kryptik.ocu BitDefender = Trojan.Generic.6271861 NOD32 = a variant of Win32/Kryptik.OCU
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2004:08:16 10:16:46-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 40960 Initialized Data Size : 49152 Uninitialized Data Size : 0 Entry Point : 0xaeb1 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2001.12.4414.258 Product Version Number : 3.0.0.4414 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Windows, Latin1 Company Name : Yzwibhlqj Ewifvhxbtkz File Description : Simple Kernel-mode File-based Log File Version : 2001.12.4414.258 Internal Name : txflog.sys Legal Copyright : Copyright (C) Microsoft Corp. 1995-1999 Legal Trademarks : Qfvwqsgxa(R) is a registered trademark of Ighyzngxg Psbzwdzhbpn. Pbnyczd(TM) is a trademark of Zlpagiibr Klpywuagrfb Product Name : COM Services Product Version : 03.00.00.4414
VirusTotal Report submitted 2011-11-18 17:31:13
VirusShare info last updated 2012-07-25 10:16:41

	MD5	e5dfa7c6ef3b2853a98f02178ffbfed8
	SHA1	c847769d4bbae74683b24b817469676473019bc6
	SHA256	0a21f2a472cae4b5a0d0976b218566b78fc4c3c5da5a00aaacebd9581e5ef830
SSDeep	6144:W1F00rpPU0FQkk8EbpbkP+IJ124PUmmz0AxYqMEfUm4No3yhioy:SU0FQog1gzjzAxYqRsW3Yioy
Size	266032 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay Panda = Suspicious file K7AntiVirus = Riskware Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware DrWeb = Trojan.WinSpy.origin Fortinet = W32/Pirminay.A!tr F-Secure = Trojan.Generic.6270838 F-Prot = W32/FakeAlert.FT.gen!Eldorado AVG = Suspicion: unknown virus Norman = W32/Obfuscated.L GData = Trojan.Generic.6270838 Commtouch = W32/FakeAlert.FT.gen!Eldorado BitDefender = Trojan.Generic.6270838 NOD32 = a variant of Win32/Ponmocup.AA
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 65536 Initialized Data Size : 536576 Uninitialized Data Size : 0 Entry Point : 0x109aa OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2011-11-18 18:31:30
VirusShare info last updated 2012-07-25 10:17:47

	MD5	edf380c2b7526cf521818af7d1ea6727
	SHA1	aa0a0269d54cc0f8ad4a1ec22bb462959a249b40
	SHA256	8d63308377e804c033f4b64b86067b2e906743f4f28251cd17b00a3df37327c9
SSDeep	192:85+q+PXcQS/t31VJ8qD6wiLn18XECzH7a7Vs9un:85H+O3138qDSr1UE17VAu
Size	17176 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Pirminay.bg.2 Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Pirminay Ikarus = not-a-virus:AdWare.Win32.SuperJuan AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/CI.A nProtect = Trojan/W32.Pirminay.17176 VBA32 = Trojan.Pirminay.bg Comodo = UnclassifiedMalware Emsisoft = Riskware.AdWare.Win32.SuperJuan!IK DrWeb = Trojan.WinSpy.1014 Kaspersky = Trojan.Win32.Pirminay.bg Jiangmin = TrojanDownloader.Agent.ctuc F-Secure = Trojan.Generic.6148391 VIPRE = Trojan-Downloader.Win32.Agent.ecjo (v) AVG = Downloader.Small.62.D Sophos = Sus/Behav-278 GData = Trojan.Generic.6148391 BitDefender = Trojan.Generic.6148391 NOD32 = a variant of Win32/Ponmocup.AA
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 3072 Initialized Data Size : 2048 Uninitialized Data Size : 0 Entry Point : 0x197f OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2011-11-18 21:02:26
VirusShare info last updated 2012-07-25 10:21:13

	MD5	ffe728d69c233b6f09b016084be62270
	SHA1	5c58e5d675b96b698eb83104144444ff92d083a3
	SHA256	686b415ded60ba421740be9748b35c2d60c8552ba001cd561c830c6b9abc5fdc
SSDeep	6144:wE16D38FFiAYK5g2K3aqd8/LK99g4+jyxkCuitN+eg6:u38FYAN5g2Oaq12uxNuONdr
Size	243712 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Graftor.3421.1 Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Jorik.gen Ikarus = Trojan-Downloader.Win32.Ponmocup AhnLab-V3 = Trojan/Win32.Jorik Panda = Generic Trojan nProtect = Trojan/W32.Jorik.243712.D K7AntiVirus = Trojan VirusBuster = Trojan.Ponmocup!lGJTkqsZNdg TrendMicro-HouseCall = TROJ_GEN.R11C7KB Comodo = TrojWare.Win32.Trojan.Agent.Gen Emsisoft = Trojan-Downloader.Win32.Ponmocup!IK McAfee-GW-Edition = Generic Downloader.x!g2z DrWeb = Trojan.WinSpy.1014 ByteHero = Trojan.Win32.Heur.Gen TrendMicro = TROJ_GEN.R11C7KB Kaspersky = Trojan.Win32.Jorik.Pirminay.avy Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Ponmocup.AA Jiangmin = Trojan/Generic.knvv McAfee = Generic Downloader.x!g2z F-Secure = Gen:Variant.Graftor.3421 VIPRE = Trojan.Win32.Generic!BT eSafe = Win32.TRGraftor AVG = Generic25.BTHJ Norman = W32/Obfuscated.L GData = Gen:Variant.Graftor.3421 BitDefender = Gen:Variant.Graftor.3421 NOD32 = Win32/Ponmocup.AA
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:30 02:01:14-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 241664 Initialized Data Size : 4096 Uninitialized Data Size : 45056 Entry Point : 0x46670 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 0.3.1536.1 Product Version Number : 1.10.2.20 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : CANON INC. File Description : Canon Inkjet Printer Driver File Version : 1.10.2.20 (fbl_dox_dev_ihvs.090312-0520) Internal Name : CNBBRxxx.DLL Legal Copyright : Copyright CANON INC. 2008 All Rights Reserved Original Filename : CNBBRxxx.DLL Product Name : Canon Inkjet Printer Driver Product Version : 1.10.2.20
VirusTotal Report submitted 2011-11-17 14:28:44
VirusShare info last updated 2012-07-25 10:38:32

	MD5	f6d520d71a226b8a165a0dff826c67fb
	SHA1	c67ff1e06afcc0eb72f2f6c7300c7f799fb92c97
	SHA256	ada8433e89ca06e65b494dd14edacfeaed8046a913a5cabf828ece8e54023dab
SSDeep	1536:iPGz7YqX6QPiwTNltk5Zy7GROG6XijY2LERpK2iKAXM3QGotC/1tJ:3YqKFD07GEXiyfQGotC/fJ
Size	114176 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.AV.572 Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/Win32.Monder.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.FakeAV Panda = Trj/Genetic.gen nProtect = Trojan/W32.Monder.114176.K K7AntiVirus = Riskware VirusBuster = Trojan.Monder!s/WILjE9rtA TrendMicro-HouseCall = TROJ_MONDR.SMUM Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Vundo!kl DrWeb = Trojan.Virtumod.9851 TrendMicro = TROJ_MONDR.SMUM Kaspersky = Trojan.Win32.Monder.drjy Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Monder.BMF!tr PCTools = Trojan.Gen Jiangmin = Trojan/Monder.aamm McAfee = Vundo!kl F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.CFBI Norman = Monder.M Sophos = Troj/Virtum-Gen Symantec = Trojan.Gen GData = Gen:Variant.Vundo.13 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.lxf BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:06:17 01:37:32-04:00 PE Type : PE32 Linker Version : 5.12 Code Size : 57344 Initialized Data Size : 102400 Uninitialized Data Size : 0 Entry Point : 0xafd6 OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 9.0.32.3 Product Version Number : 9.0.32.3 File Flags Mask : 0x003f File Flags : Pre-release File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 6 Language Code : English (U.S.) Character Set : Unicode Company Name : Marvell File Description : NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller File Version : 9.0.32.3 built by: WinDDK Internal Name : YK60X86.sys Legal Copyright : ©Copyright 2002-2006 Marvell®. All rights reserved. Original Filename : YK60X86.sys Product Name : Marvell Yukon Ethernet Controller Product Version : 9.0.32.3
VirusTotal Report submitted 2011-11-20 07:24:27
VirusShare info last updated 2012-07-25 11:19:00

	MD5	f6f9f5f6a9514e2f1c27a75bfdef1270
	SHA1	fb118203edb7e41a891907a9ae316d05a7d9fcde
	SHA256	2ce6cec209ff5ebcd4990d541cf57b60444693d6501b6a82fc85e2630ae64857
SSDeep	1536:5PGz7Y5V6hai7TNOthPqQ8G6XijYZLERpK2iKAXM3QGoLC/1tJ:EY5AbMqTXi7fQGoLC/fJ
Size	114176 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.AV.572 Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/Win32.Monder.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.FakeAV Panda = Trj/Genetic.gen nProtect = Trojan/W32.Monder.114176.M K7AntiVirus = Riskware VirusBuster = Trojan.Monder!gGgenLTQoGg TrendMicro-HouseCall = TROJ_MONDR.SMUM Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Generic.dx!zyx DrWeb = Trojan.Virtumod.9851 TrendMicro = TROJ_MONDR.SMUM Kaspersky = Trojan.Win32.Monder.drjy Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Monder.BMF!tr PCTools = Trojan.Gen Jiangmin = Trojan/Monder.aamm McAfee = Generic.dx!zyx F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.CFBI Norman = Monder.M Sophos = Troj/Virtum-Gen Symantec = Trojan.Gen GData = Gen:Variant.Vundo.13 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.lxf BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:06:17 01:37:32-04:00 PE Type : PE32 Linker Version : 5.12 Code Size : 57344 Initialized Data Size : 102400 Uninitialized Data Size : 0 Entry Point : 0xafd6 OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 9.0.32.3 Product Version Number : 9.0.32.3 File Flags Mask : 0x003f File Flags : Pre-release File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 6 Language Code : English (U.S.) Character Set : Unicode Company Name : Marvell File Description : NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller File Version : 9.0.32.3 built by: WinDDK Internal Name : YK60X86.sys Legal Copyright : ©Copyright 2002-2006 Marvell®. All rights reserved. Original Filename : YK60X86.sys Product Name : Marvell Yukon Ethernet Controller Product Version : 9.0.32.3
VirusTotal Report submitted 2011-11-20 07:25:19
VirusShare info last updated 2012-07-25 11:19:02

	MD5	f7020445d523b567bfffeb8f1431561e
	SHA1	9936b2baf5412693babcd3b7a848c94ef6b60f6a
	SHA256	8b9a89120a9eb030376676f7ce144809bdd3ed77f9462068bf643f47ff2973ca
SSDeep	3072:yhOan/WJj78lkzm/Ksyo/FZMKN0o9WK2Afx8:tanaIkaKsySPusD20x
Size	105984 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:MalOb-FA [Cryp] Antiy-AVL = Trojan/Win32.Agent.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Vundo Panda = Trj/Vundo.I nProtect = Trojan/W32.Vundo.105984.B K7AntiVirus = Trojan VirusBuster = Trojan.Injector!z11pWmpFzwE VBA32 = Trojan.Agent.hodh eTrust-Vet = Win32/Agent.BFJ!genus TrendMicro-HouseCall = TROJ_VUNDO.SMIA Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Vonder McAfee-GW-Edition = Vundo!ht DrWeb = Trojan.Siggen2.26773 TrendMicro = TROJ_VUNDO.SMIA Kaspersky = Trojan.Win32.Agent.hodh Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Genome.ihm McAfee = Vundo!ht F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.BZ.gen!Eldorado AVG = Injector.AAJ Norman = W32/Kryptik.AIF Sophos = Troj/Agent-PKR Symantec = Trojan.Gen GData = Gen:Variant.Vundo.4 Commtouch = W32/Virtumonde.BZ.gen!Eldorado TheHacker = Trojan/Injector.dse BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Injector.DSE
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:02:02 03:17:08-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 57856 Initialized Data Size : 83968 Uninitialized Data Size : 0 Entry Point : 0xf06d OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1.1.4322.573 Product Version Number : 1.1.4322.573 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : netfxperf.lib File Version : 1.1.4322.573 Internal Name : netfxperf.lib Legal Copyright : Copyright (C) Microsoft Corporation 1998-2002. All rights reserved. Legal Trademarks : Microsoft and Windows are either registered trademarks or trademarks of Microsoft Corporation in the U.S. and/or other countries. Original Filename : netfxperf.lib Product Name : Microsoft (R) .NET Framework Product Version : 1.1.4322.573 Comments : Microsoft .NET Framework build environement is Retail. SafeSync counter=0
VirusTotal Report submitted 2011-11-20 07:25:57
VirusShare info last updated 2012-07-25 11:19:03

	MD5	fcac6af96d814f68c9a48d9cc5ad91ed
	SHA1	36b08b55610672aa0559b54af52012d5c69528ab
	SHA256	03779c90de7c1f241a905db8f7537b36b66dcf31ddf8ff78f68a1eafbcfffa75
SSDeep	6144:W1F00rpPU0FQkk8EbpbkP+IJ124PUmmz0AxYqMEfUm4No3yhio1:SU0FQog1gzjzAxYqRsW3Yio
Size	294912 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Downloader.Gen Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/CI.A K7AntiVirus = Riskware VirusBuster = Trojan.Pirminay!1T9hymiWPH0 TrendMicro-HouseCall = TROJ_GEN.R21C2F4 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Downloader.a!cc DrWeb = Trojan.WinSpy.origin TrendMicro = TROJ_GEN.R21C2F4 Kaspersky = Trojan.Win32.Pirminay.hjy Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Pirminay.A!tr PCTools = Trojan.Gen McAfee = Downloader.a!cc F-Secure = Trojan.Generic.6270838 eSafe = Win32.Trojan F-Prot = W32/FakeAlert.FT.gen!Eldorado Norman = W32/Obfuscated.L Sophos = Mal/Generic-L Symantec = Trojan.Gen GData = Trojan.Generic.6270838 Commtouch = W32/FakeAlert.FT.gen!Eldorado BitDefender = Trojan.Generic.6270838 NOD32 = a variant of Win32/Ponmocup.AA
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 65536 Initialized Data Size : 536576 Uninitialized Data Size : 0 Entry Point : 0x109aa OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2011-11-20 08:11:16
VirusShare info last updated 2012-07-25 11:21:32

	MD5	fd12c25a5a869623388d96691837578c
	SHA1	412b6cc219735edd23a099e6f8810649bef213a1
	SHA256	8a91f4b2ff0a98ee17b859acf1cf89772f262709a8fd04aee4975f933dc35f13
SSDeep	6144:HLdUAW0zwcofOzN9IP3WqpSji06FBRlaCQtoYf+Qx9Xa9c6m6y9OidtXM/eUXi:pUAHoWkVSOtBiCzFQx9qaH3M
Size	372736 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Pirminay.hpu Avast = Win32:Vundo-JU [Trj] Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Pirminay.372736.AV Panda = Suspicious file nProtect = Trojan/W32.Pirminay.372736 K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_GEN.R1CC2EP Emsisoft = Trojan.Win32.Pirminay!IK Comodo = TrojWare.Win32.Trojan.Agent.Gen McAfee-GW-Edition = Generic Downloader.x!fyr DrWeb = Trojan.DownLoader3.2424 TrendMicro = TROJ_GEN.R1CC2EP Kaspersky = Trojan.Win32.Pirminay.hpu Microsoft = TrojanDownloader:Win32/Renos.KC Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.aer McAfee = Generic Downloader.x!fyr F-Secure = Trojan.Generic.6043760 VIPRE = Trojan.Win32.Generic!BT AVG = SHeur3.CAWY Norman = W32/Obfuscated.L Sophos = Troj/Virtum-Gen Symantec = Trojan.Gen GData = Trojan.Generic.6043760 TheHacker = Trojan/Pirminay.hpu BitDefender = Trojan.Generic.6043760 NOD32 = a variant of Win32/Injector.FXK
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:31 01:20:38-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 352256 Initialized Data Size : 303104 Uninitialized Data Size : 0 Entry Point : 0x52cbb OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : Neutral Character Set : Unicode Company Name : Microsoft Corporation File Description : JP Japanese Keyboard Layout for 106 File Version : 6.0.6000.16386 (vista_rtm.061101-2205) Internal Name : kbd106 Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : kbd106.dll Product Name : Microsoft® Windows® Operating System Product Version : 6.0.6000.16386
VirusTotal Report submitted 2011-11-20 08:14:43
VirusShare info last updated 2012-07-25 11:21:43

	MD5	ff475ac1adaa1a1aced399850edfa464
	SHA1	d5e38689995acea60befbf4b429550493283f9fc
	SHA256	3a767035645860a7940536d75000b8caaa1b4e2e43ae9937ffd82f877ae32be6
SSDeep	3072:crHMak+H7/tjSoUVXAxweCrf7zTiDhfULm3bEo7jI1F:crsakaOoUVXmweuXOh8LmLBe
Size	120832 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-GD [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Gen Panda = Trj/Genetic.gen nProtect = Gen:Variant.Graftor.1575 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!MxDS5kZVF6o TrendMicro-HouseCall = TROJ_GEN.R72C2FH Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Vundo!kl DrWeb = Trojan.WinSpy.1073 TrendMicro = TROJ_GEN.R72C2FH Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.imrk McAfee = Vundo!kl F-Secure = Trojan.Generic.6136652 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.CJKU Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen Symantec = Trojan.Gen GData = Trojan.Generic.6136652 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.npn BitDefender = Trojan.Generic.6136652 NOD32 = a variant of Win32/Kryptik.NPN
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:14 13:39:47-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 69632 Initialized Data Size : 94208 Uninitialized Data Size : 0 Entry Point : 0x11a81 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1.3.0.3130 Product Version Number : 1.3.0.3130 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Jywyluocc Vhpbrgajfmp File Description : TDC ActiveX Control File Version : 1, 3, 0, 3130 Internal Name : TDC Legal Copyright : Copyright © 1996, 1997 Original Filename : TDC.OCX Product Name : Tabular Data Control Product Version : 1, 3, 0, 3130
VirusTotal Report submitted 2011-11-20 08:35:45
VirusShare info last updated 2012-07-25 11:22:41

	MD5	4734169e48df4fea56bce65ec0e56066
	SHA1	23e5aca994b234df994bdec7dc06b2d10bb5f64a
	SHA256	8eaafa238000082cee759d6adcb9bc374323c187c4daf5827d1f85122bccee6b
SSDeep	6144:mc43TDDEFHar/cyd8B5WoMxudGteJPIRjry:d43TDDERBB5WJxuLJgRjr
Size	236032 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Graftor.1139.2 Avast = Win32:Pirminay-DW [Trj] Antiy-AVL = Trojan/Win32.Jorik Ikarus = Trojan-Downloader.Win32.Ponmocup AhnLab-V3 = Trojan/Win32.Pirminay Panda = Generic Trojan Rising = Trojan.Win32.Generic.129CDFF1 nProtect = Trojan/W32.Jorik.236032.B K7AntiVirus = Trojan VBA32 = Trojan.Jorik.Pirminay.ano TrendMicro-HouseCall = TROJ_PONMOCUP.AB Comodo = TrojWare.Win32.Trojan.Agent.Gen Emsisoft = Trojan-Downloader.Win32.Ponmocup!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[RE] McAfee-GW-Edition = Generic.evx!bd DrWeb = Trojan.DownLoader5.4289 ByteHero = Trojan.Win32.Heur.Gen TrendMicro = TROJ_PONMOCUP.AB Kaspersky = Trojan.Win32.Jorik.Pirminay.ano Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Jorik_Pirminay.ANO!tr Jiangmin = Trojan/Generic.kfzm McAfee = Generic.evx!bd F-Secure = Gen:Variant.Graftor.1139 VIPRE = Trojan.Win32.Generic!BT eSafe = Win32.GenVariant.Gra AVG = Generic25.AFPK Norman = W32/Obfuscated.L Symantec = WS.Reputation.1 GData = Gen:Variant.Graftor.1139 TheHacker = Trojan/Downloader.Agent.pxo BitDefender = Gen:Variant.Graftor.1139 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 16384 Initialized Data Size : 229376 Uninitialized Data Size : 0 Entry Point : 0x1296 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.0.0.3422 Product Version Number : 2.0.0.3422 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : Russian Character Set : Unicode Comments : Company Name : Wjycuwhze Igtonaskxnw File Description : Wxhqplrne Agent International Dll File Version : 2.00.0.3422 Internal Name : agt0419 Legal Copyright : Copyright (C) Microsoft Corp. 1998 Legal Trademarks : Original Filename : agt0419.dll Private Build : Product Name : Jmvnqaipp Agent International Dll Product Version : 2.00.0.3422 Special Build :
VirusTotal Report submitted 2011-11-16 08:51:25
VirusShare info last updated 2012-07-25 11:38:10

	MD5	26c70d030450ad897aeefbd9027ef18a
	SHA1	099ec2a5535bab6b3a4e661cad73c897def74d8b
	SHA256	3a3b98639b7d9d5d548d8940f2e75f70e4e3f038a36d41f1ccc652503952e933
SSDeep	3072:/kxG1c7m09fPmNLKG2j3dc8PCWkhsPganGVKrNH1HezTHN+q0:/kP7D9fCLnCrCfsPgsbNH1mt+
Size	167424 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Drop.Yakes.A Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Yakes.gen Ikarus = Win32.SuspectCrc AhnLab-V3 = Trojan/Win32.Yakes Panda = Trj/Mystic.a Rising = Trojan.Win32.Generic.128D74D4 nProtect = Trojan/W32.Yakes.167424 K7AntiVirus = Trojan VirusBuster = Trojan.Kryptik!wbzKdwT+nOM VBA32 = Trojan.Yakes.brz eTrust-Vet = Win32/Zbot.EWS TrendMicro-HouseCall = TROJ_YAKES.DF Comodo = Heur.Suspicious Emsisoft = Win32.SuspectCrc!IK CAT-QuickHeal = Trojan.Yakes.brz McAfee-GW-Edition = PWS-Zbot.gen.ju DrWeb = Trojan.PWS.Panda.835 TrendMicro = TROJ_YAKES.DF Kaspersky = Trojan.Win32.Yakes.brz Microsoft = PWS:Win32/Zbot.ABY ViRobot = Trojan.Win32.S.Yakes.167424 Fortinet = W32/Pirminay.BMF!tr PCTools = Trojan.Gen Jiangmin = Trojan/Yakes.pv McAfee = PWS-Zbot.gen.ju ClamAV = Trojan.Agent-247736 F-Secure = Gen:Variant.Kazy.33493 VIPRE = Trojan.Win32.Ransom.do (v) eSafe = Win32.TRKazy AVG = Generic24.NMS Norman = W32/Kryptik.AFR Sophos = Mal/Generic-L GData = Gen:Variant.Kazy.33493 Symantec = Trojan.Gen TheHacker = Trojan/Kryptik.rrn BitDefender = Gen:Variant.Kazy.33493 NOD32 = a variant of Win32/Kryptik.RRN
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:10:14 05:41:07-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 34304 Initialized Data Size : 132096 Uninitialized Data Size : 0 Entry Point : 0x8002 OS Version : 5.1 Image Version : 1.0 Subsystem Version : 5.1 Subsystem : Windows GUI File Version Number : 0.12.57882.13168 Product Version Number : 0.12.57882.13168 File Flags Mask : 0x0000 File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Ritlabs S.R.L. File Description : K5PTCCGWSO889G File Version : 77cUIfSdyyi Internal Name : zMTo Legal Copyright : HbmR0H5 Original Filename : C1JJ Product Name : 1JinjOQC Product Version : mg9ThV0bX1CVVS Warning : Possibly corrupt Version resource
VirusTotal Report submitted 2011-11-26 20:35:30
VirusShare info last updated 2012-07-25 11:54:25

	MD5	bb479a7e69c5e1c503aa6dd506c732f3
	SHA1	550b2827bfd558ec86ec015a03252d773f6da632
	SHA256	ccc5d07f6a0359d65d3efc488bb4beb8b283ca92f20b2c8633f746ebf80e0e2b
SSDeep	6144:39QObFoJkXxdS3v0rlHcwikgnEEbuMXEL6ECXwTmb+:3hbFgkhU2onEEbuKECXwTmS
Size	219136 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dldr.Ponmocup.A.393 Avast = Win32:Trojan-gen Antiy-AVL = Trojan/Win32.Jorik Ikarus = Trojan-Downloader.Win32.Ponmocup AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/CI.A nProtect = Trojan/W32.Jorik.219136.B K7AntiVirus = Trojan VirusBuster = Trojan.Kryptik!XPYaFkgQJuY TrendMicro-HouseCall = TROJ_PONMOCUP.AC Emsisoft = Trojan-Downloader.Win32.Ponmocup!IK Comodo = TrojWare.Win32.Trojan.Agent.Gen CAT-QuickHeal = Trojan.Jorik.Pirminay.aoq McAfee-GW-Edition = Heuristic.LooksLike.Trojan.Dropper.B DrWeb = Trojan.DownLoader5.5892 ByteHero = Trojan.Win32.Heur.Gen TrendMicro = TROJ_PONMOCUP.AC Kaspersky = Trojan.Win32.Jorik.Pirminay.aoq Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Malware_fam.NB PCTools = Trojan.Milicenso Jiangmin = Trojan/Generic.kfzm McAfee = Downloader.a!vz F-Secure = Trojan.Generic.6764589 VIPRE = Trojan.Win32.Generic!BT eSafe = Win32.Milicenso AVG = Generic25.AIJK Norman = W32/Obfuscated.L Sophos = Troj/Ponmo-A GData = Trojan.Generic.6764589 Symantec = Trojan.Milicenso BitDefender = Trojan.Generic.6764589 NOD32 = a variant of Win32/Kryptik.UFA
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 16384 Initialized Data Size : 208896 Uninitialized Data Size : 0 Entry Point : 0x12b2 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.0.4615 Product Version Number : 5.1.0.4615 File Flags Mask : 0x0003 File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Vzejjibgm Uhtumvognhy File Description : Ukbaujjlf (r) Shell Extension for Cryexfj Script Host File Version : 5.1.0.4615 Internal Name : wshext.dll Legal Copyright : Copyright © Aqsqdinmo Corp. 1999 Original Filename : wshext.dll Product Name : Xpppgbrsv (r) Windows Script Host Product Version : 5.1.0.4615
VirusTotal Report submitted 2011-10-28 10:07:33
VirusShare info last updated 2012-07-25 12:02:14

	MD5	7e2728369bbc6218659507cec2c17a64
	SHA1	5a3a32008af06d040a87822894d71680669604ed
	SHA256	67bd0f11407cf4b356f920b855837c314555e153565ef393657a74f51dea2eaf
SSDeep	6144:dB/20reUB5aLlO9Wnmj7xHIGKPKZA3ByPmWCKSMJxmNMYpmf4Y+PeA9Pp/8TfRKs:dIds5q+KLyaRySkY+4LvPufRq3AHO
Size	415744 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Pirminay.bri Avast = Win32:Pirminay-F [Trj] Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Suspicious file nProtect = Trojan/W32.Pirminay.415744 K7AntiVirus = Trojan VBA32 = Trojan.Pirminay.brj eTrust-Vet = Win32/Renos.CMW TrendMicro-HouseCall = TROJ_GEN.R4CC3B5 Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Kryp.b DrWeb = Trojan.Hosts.2811 TrendMicro = TROJ_GEN.R4CC3B5 Kaspersky = Trojan.Win32.Pirminay.bri Microsoft = TrojanDownloader:Win32/Renos.KC Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.hq McAfee = Kryp.b F-Secure = Gen:Variant.Vundo.11 VIPRE = Trojan.Win32.Generic!BT AVG = Generic20.BUSR Norman = W32/Obfuscated.L Sophos = Mal/Generic-L GData = Gen:Variant.Vundo.11 Symantec = Trojan.Gen TheHacker = Trojan/Pirminay.bri BitDefender = Gen:Variant.Vundo.11 NOD32 = a variant of Win32/Kryptik.SWI
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:11:30 08:45:48-05:00 PE Type : PE32 Linker Version : 5.12 Code Size : 73728 Initialized Data Size : 675840 Uninitialized Data Size : 0 Entry Point : 0x12230 OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.0 Product Version Number : 5.2.3790.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Network object shell UI File Version : 5.2.3790.0 (srv03_rtm.030324-2048) Internal Name : ntlanui2 Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : ntlanui2.dll Product Name : Microsoft® Windows® Operating System Product Version : 5.2.3790.0
VirusTotal Report submitted 2011-12-01 10:26:09
VirusShare info last updated 2012-07-25 12:18:30

	MD5	c23425f852e3ad188effc205317142fc
	SHA1	2619aa2e34d658549a1eaac95aa6b94a2cac5d17
	SHA256	e7738118d9ed0a708df6b8a53f3984e040d0a2bad83b0a53894f926a47afb740
SSDeep	6144:yS2SRa6UoMErprFqpEWaoZcHyGQu0EVljubkmSqO1JJNTctfN3efh+z46gvaz:WSi2prFKbuHfh0kmkJJT2fN38h+z46a
Size	313344 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Pirminay.bhy Avast = Win32:Kryptik-WL [Trj] Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Pirminay.313344.M Panda = Suspicious file nProtect = Trojan/W32.Pirminay.313344 K7AntiVirus = Riskware VBA32 = Trojan.Pirminay.cta TrendMicro-HouseCall = TROJ_GEN.R23C3BD Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Generic.dx!yak DrWeb = Trojan.Hosts.2582 TrendMicro = TROJ_GEN.R23C3BD Kaspersky = Trojan.Win32.Pirminay.bhy Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.gr McAfee = Generic.dx!yak F-Secure = Trojan.Generic.5274711 VIPRE = Trojan.Win32.Generic!BT F-Prot = W32/FakeAlert.LP.gen!Eldorado AVG = Downloader.Generic10.BMDC Norman = W32/Kryptik.AIF Sophos = Mal/Generic-L GData = Trojan.Generic.5274711 Symantec = Trojan.Gen Commtouch = W32/FakeAlert.LP.gen!Eldorado TheHacker = Trojan/Pirminay.bhy BitDefender = Trojan.Generic.5274711 NOD32 = a variant of Win32/Kryptik.SWI
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:11:08 19:50:42-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 15360 Initialized Data Size : 587264 Uninitialized Data Size : 0 Entry Point : 0x47ac OS Version : 4.0 Image Version : 8.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 4.1.0.3936 Product Version Number : 4.1.0.3936 File Flags Mask : 0x003f File Flags : Pre-release File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Windows Media Services Streamer Dll File Version : 4.1.00.3936 Internal Name : STRMDLL Legal Copyright : Copyright (C) Microsoft Corp. 1992-1999 Original Filename : STRMDLL Product Name : Microsoft® Windows Media Services Product Version : 4.1.00.3936
VirusTotal Report submitted 2011-12-01 15:16:05
VirusShare info last updated 2012-07-25 12:20:05

	MD5	5ee8ff7c595db41df4d4232411e1b9d8
	SHA1	9861dea2e5a3680e6fab08973ff7186421bd9228
	SHA256	6afc07cb0bc50848d11746f7b461d8e1e03bc5f5e9e5d3f4183d9f42f2a4efde
SSDeep	1536:43ESCOoGFfygdVPzvdYblHNw+LOJnk45Px9:2EdOoGFPdBuBu+LukQr
Size	70144 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Vundo AhnLab-V3 = Trojan/Win32.Pirminay Panda = Suspicious file Rising = Trojan.Win32.Generic.124E1B90 nProtect = Trojan/W32.Vundo.70144.O VirusBuster = Trojan.Pirminay!8YIfRybDqnQ VBA32 = Trojan.Pirminay.acf TrendMicro-HouseCall = TROJ_GEN.R3EC2AU Emsisoft = Trojan.Win32.Vundo!IK DrWeb = Trojan.Siggen2.7799 TrendMicro = TROJ_GEN.R3EC2AU Kaspersky = Trojan.Win32.Pirminay.cgy Microsoft = Trojan:Win32/Vundo Fortinet = W32/Pirminay.CGY!tr PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.dv F-Secure = Gen:Variant.Vundo.5 VIPRE = Trojan.Win32.Generic!BT Prevx = High Risk Cloaked Malware Avast5 = Win32:Malware-gen AVG = Generic20.CDKE Symantec = Trojan.Gen BitDefender = Gen:Variant.Vundo.5 NOD32 = a variant of Win32/Kryptik.IRI
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2005:03:15 21:46:18-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 28672 Initialized Data Size : 77312 Uninitialized Data Size : 0 Entry Point : 0x7e07 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6001.18000 Product Version Number : 6.0.6001.18000 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Link-Layer Topology Mapper Service File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840) Internal Name : LLTDSVC.DLL Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : LLTDSVC.DLL Product Name : Microsoft® Windows® Operating System Product Version : 6.0.6001.18000
VirusTotal Report submitted 2011-01-31 05:55:34
VirusShare info last updated 2012-07-25 16:50:18

	MD5	02dec39e9768b15e493b2159825bffd9
	SHA1	aa929ad0ca27627a158c84a6061b70201c9b9b03
	SHA256	12dfbbef78b1e74f6039d74606b5b2b04ee848d24d5623353331f0fd9fbacbec
SSDeep	3072:+0Q0dOUCOo9ix//aMFA/7rl133OninJRkadyM:+t0dhlo9ixnk/7LHOiXkA
Size	106496 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-GD [Cryp] Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Genome Panda = Suspicious file K7AntiVirus = Riskware VirusBuster = Riskware.Adware!vtAriidhu/U eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R21CDE2 Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Artemis!02DEC39E9768 DrWeb = Trojan.Click1.63025 TrendMicro = TROJ_GEN.R21CDE2 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Vundo Jiangmin = Trojan/Genome.akzv McAfee = Artemis!02DEC39E9768 F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.PNO Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.13 Symantec = Trojan.Vundo!gen9 Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Adware.Virtumonde.NKO
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:01:06 17:18:11-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 49152 Initialized Data Size : 90112 Uninitialized Data Size : 0 Entry Point : 0x96dd OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.0.0.3422 Product Version Number : 2.0.0.3422 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : Qfvcysofc Corporation File Description : Mjpfshyda Agent Data Provider File Version : 2.00.0.3422 Internal Name : AgentDataProvider Legal Copyright : Copyright (C) Udxuqhanw Corp. 1997-98 Legal Trademarks : Original Filename : AgentDpv.dll Private Build : Product Name : Zkfnzoylw Agent Data Provider Product Version : 2.00.0.3422 Special Build :
VirusTotal Report submitted 2012-05-08 11:23:47
VirusShare info last updated 2012-07-25 23:28:59

	MD5	4e1a6905d976d5e662603d3b2af74531
	SHA1	a84c8c1ac4a472474a9d335799c26ec130b662ce
	SHA256	a837f32b78b88cf29a671c5508f41ebebb3bbcbebaea536ab34561adcdc7b256
SSDeep	3072:ebxbhK1prkS+yDef7b+CaBCUiycUy/ebZDLiSlQtOT1OM:CW/TgW3TczeGS1TL
Size	212992 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay Panda = Trj/Genetic.gen nProtect = Trojan/W32.Agent.212992.AIR K7AntiVirus = Riskware VBA32 = Trojan.Pirminay.rez Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Artemis!4E1A6905D976 DrWeb = Trojan.Hosts.5800 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Mediyes.C Fortinet = W32/Mediyes.FA!tr PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.aqj McAfee = Artemis!4E1A6905D976 F-Secure = Gen:Variant.Barys.1155 VIPRE = Trojan.Win32.Generic!BT F-Prot = W32/Mediyes.D2.gen!Eldorado Norman = W32/Troj_Generic.BLKKM GData = Gen:Variant.Barys.1155 Symantec = Trojan.Gen TheHacker = Trojan/Pirminay.rfk BitDefender = Gen:Variant.Barys.1155 NOD32 = probably a variant of Win32/Mediyes.F
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2012:01:23 12:26:00-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 147456 Initialized Data Size : 61440 Uninitialized Data Size : 0 Entry Point : 0x1363a OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-05-02 18:55:04
VirusShare info last updated 2012-07-25 23:29:40

	MD5	76c563356431b54d3532d0fd787a0536
	SHA1	2deddf0d6bddd31f60b8106daff28ebdff9a21ff
	SHA256	bf99bb5d7762cb56a76ba2ed25efa6eb59ae7715a7405fc86e7865d14150bd2b
SSDeep	3072:6O0Whq1drk+NlyD1LWtv0aHa5pyckynXo5jk2QMwwI7tRRDM:A/fmSdzcTQmMwwg+
Size	212992 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Mediyes Panda = Trj/Genetic.gen nProtect = Trojan/W32.Agent.212992.AIR K7AntiVirus = Riskware VBA32 = Trojan.Pirminay.rga eTrust-Vet = Win32/Mediyes.A!generic Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Artemis!76C563356431 DrWeb = Trojan.Hosts.5800 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Mediyes.C Fortinet = W32/Mediyes.FA!tr Jiangmin = Trojan/Pirminay.aqj McAfee = Artemis!76C563356431 F-Secure = Gen:Variant.Barys.1155 VIPRE = Trojan.Win32.Generic!BT F-Prot = W32/Mediyes.D2.gen!Eldorado AVG = Agent3.BLOQ Norman = W32/Troj_Generic.BOOEH GData = Gen:Variant.Barys.1155 Commtouch = W32/Mediyes.D2.gen!Eldorado TheHacker = Trojan/Pirminay.rga BitDefender = Gen:Variant.Barys.1155 NOD32 = probably a variant of Win32/Mediyes.F
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2011:12:28 21:36:30-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 147456 Initialized Data Size : 61440 Uninitialized Data Size : 0 Entry Point : 0x1363a OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-05-07 21:40:04
VirusShare info last updated 2012-07-25 23:30:01

	MD5	afd0af0c004f91f4fef53875f3162d8b
	SHA1	7c3a174909b97f3665283871dee4433064307ad2
	SHA256	6b8be15e7b1b22f7a65051385d3359abbc5eff3d871e91a5876c26b2293b1760
SSDeep	12288:gHIE6lDaPo+x62E8cJgM2ZnwVUWoUDILZgHR/wHT06be/:gHIEqOPo+x7E8cJghZwVUawgx4H7e
Size	404992 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.ZPACK.Gen2 Avast = Win32:Diller-AF [Trj] Ikarus = Trojan.Win32.Pirminay Panda = Generic Trojan nProtect = Trojan.Generic.KDV.606098 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!Ajehu31DZSI Comodo = TrojWare.Win32.Trojan.Agent.Gen Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Artemis!AFD0AF0C004F DrWeb = Trojan.PWS.Panda.2121 Kaspersky = HEUR:Trojan.Win32.Generic Fortinet = W32/Kryptik.AAKJ Jiangmin = Trojan/Generic.abyev McAfee = Artemis!AFD0AF0C004F F-Secure = Trojan.Generic.KDV.606098 VIPRE = Trojan.Win32.Generic!BT AVG = Generic28.HKI Norman = W32/Kryptik.AIF GData = Trojan.Generic.KDV.606098 BitDefender = Trojan.Generic.KDV.606098 NOD32 = a variant of Win32/Kryptik.AAKJ
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:11:21 19:00:00-05:00 PE Type : PE32 Linker Version : 5.12 Code Size : 405504 Initialized Data Size : 4096 Uninitialized Data Size : 77824 Entry Point : 0x76080 OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.3.3790.3959 Product Version Number : 5.3.3790.3959 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : Neutral Character Set : Unicode Company Name : Lrufoptcr Airkbwedgny File Description : WDM CODEC Class Device Driver 2.0 File Version : 5.3.3790.3959 (srv03_sp2_rtm.070216-1710) Internal Name : stream.sys Legal Copyright : © Bjpgnhibd Toflsngcelq. All rights reserved. Original Filename : stream.sys Product Name : Pgsjbrhwi(R) Yyefnss(R) Vakkkioeo Rzfbkt Product Version : 5.3.3790.3959
VirusTotal Report submitted 2012-05-10 18:45:01
VirusShare info last updated 2012-07-25 23:30:34

	MD5	e173bd322a9397ed33270fd78e79b5c8
	SHA1	7797b34f886d383c406d6accd0a0242086d4ae51
	SHA256	57034598071166a00323e8454013453930658ae24f3adbbeccf4523f50c6ffde
SSDeep	3072:06DwRZ9PCUo2B0n5K+JZqsMlghTAV2J6IkOsN:L6piQgKSLO2rC
Size	143872 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.4.12 Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Suspicious file nProtect = Trojan/W32.Monder.143872 K7AntiVirus = Riskware VirusBuster = Trojan.Monder!yNc9GLSu/mg eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R4FCDBL Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Artemis!E173BD322A93 DrWeb = Trojan.WinSpy.1463 TrendMicro = TROJ_GEN.R4FCDBL Kaspersky = Trojan.Win32.Monder.drjy Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Vundo McAfee = Artemis!E173BD322A93 ClamAV = Trojan.Vundo-38284 F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.BXQR Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = Trojan.Vundo!gen9 Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.NDI
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:01:04 11:25:00-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 73728 Initialized Data Size : 114688 Uninitialized Data Size : 0 Entry Point : 0xee21 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 0.3.1536.1 Product Version Number : 1.10.2.11 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : CANON INC. File Description : Canon Inkjet Printer Driver File Version : 1.10.2.11 (fbl_dox_dev_ihvs.081016-1807) Internal Name : CNBBRxxx.DLL Legal Copyright : Copyright CANON INC. 2008 All Rights Reserved Original Filename : CNBBRxxx.DLL Product Name : Canon Inkjet Printer Driver Product Version : 1.10.2.11
VirusTotal Report submitted 2012-04-30 23:16:55
VirusShare info last updated 2012-07-25 23:31:03

	MD5	81d9b81ce7aeaf10095753cd425a7916
	SHA1	6fe26ffa524cbf8207d915eeb202006ace68c241
	SHA256	c0d66b552ade1427f0b6e6acc9cc20e3d6a593cc753d0f72d7432c7336ea50b2
SSDeep	3072:Q9oTu1/vCgtu5hBWolN3tCVWxz6K5ozCxeMhPG+LIup:ZTuh6goN3oVWxzLauG+n
Size	157184 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-GD [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Genome Panda = Suspicious file nProtect = Trojan/W32.Vundo.157184.B K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!/I3AAd5mC3M eTrust-Vet = Win32/Vundo.H!generic Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[Cont] DrWeb = Trojan.Click1.54681 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Vundo Jiangmin = Trojan/Genome.akwc F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.XIB Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = Trojan.Vundo!gen9 Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Gen:Variant.Vundo.4 NOD32 = probably a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2002:08:30 20:37:39-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 81920 Initialized Data Size : 122880 Uninitialized Data Size : 0 Entry Point : 0x116ca OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1.0.7000.0 Product Version Number : 1.0.7000.0 File Flags Mask : 0x0003 File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Nuafasjto Qyqlfxefiap File Description : Oxoolhuhi ® Script Control File Version : 1.0.7000.0 Internal Name : msscript.dll Legal Copyright : © Microsoft Izfzbyenwcn. All rights reserved. Original Filename : msscript.dll Product Name : Tqcnjrlom ® Script Control Product Version : 1.0.7000.0
VirusTotal Report submitted 2012-05-05 23:43:10
VirusShare info last updated 2012-07-25 23:31:49

	MD5	e87ad7a19da5e4dfcfd38d23d4bba841
	SHA1	88d6f699e6b495cbeeb77965cf74b2bb51bbbdca
	SHA256	83dd30b3f8fe6959ba024b27077155b867166d94c754bc0927ec186ac78c6503
SSDeep	3072:4+Nhi1VrktOyDAC6mBuaj8pA4yab+ww+DEcma63UVtVaSM:snAO0rjxaCrGma6ag
Size	212992 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Webprefix Panda = Suspicious file nProtect = Trojan/W32.Agent.212992.AIR VBA32 = Trojan.Pirminay.rez Emsisoft = Trojan.Win32.Webprefix!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Artemis!E87AD7A19DA5 DrWeb = Trojan.Hosts.5800 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Mediyes.C Fortinet = W32/Mediyes.FA!tr Jiangmin = Trojan/Pirminay.aqj McAfee = Artemis!E87AD7A19DA5 F-Secure = Gen:Variant.Barys.1155 VIPRE = Trojan.Win32.Generic!BT AVG = Agent3.BLOQ Norman = W32/Troj_Generic.BMLDC GData = Gen:Variant.Barys.1155 TheHacker = Trojan/Pirminay.rhm BitDefender = Gen:Variant.Barys.1155 NOD32 = probably a variant of Win32/Mediyes.F
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2011:12:28 21:43:28-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 147456 Initialized Data Size : 61440 Uninitialized Data Size : 0 Entry Point : 0x1363a OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-04-29 11:29:10
VirusShare info last updated 2012-07-25 23:31:58

	MD5	010049b9c741c7a95de9024b63266c26
	SHA1	58747781edcee0fa489340b107e1293ded303bba
	SHA256	1b32525c207df5eff4d6a18bfe5be040aa4d23a1718fad95bd81e6970fb51f36
SSDeep	3072:EBpZ9WfgjG00K0LKrl6KnBHwdnMRwaDdSO:EDjG00NLKBBQVonN
Size	114688 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-GD [Cryp] Antiy-AVL = Trojan/Win32.Agent2.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.FakeAV Panda = Trj/Genetic.gen K7AntiVirus = Riskware VBA32 = Trojan.Agent2.dlmx eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R3CC2DR Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[Cont] McAfee-GW-Edition = Vundo!iv DrWeb = Trojan.Siggen3.42285 TrendMicro = TROJ_GEN.R3CC2DR Kaspersky = Trojan.Win32.Agent2.dlmx Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Agent.evtk McAfee = Vundo!iv F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.ONM Norman = W32/Suspicious_Gen2.QQNSI Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.13 Symantec = Trojan.Gen TheHacker = Trojan/Kryptik.ndi BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.NDI
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:09:23 03:29:11-04:00 PE Type : PE32 Linker Version : 5.12 Code Size : 45056 Initialized Data Size : 102400 Uninitialized Data Size : 0 Entry Point : 0x8131 OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.0.2134.1 Product Version Number : 5.0.2134.1 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Drdqvcasxqo File Description : Control Panel Console Applet File Version : 5.00.2134.1 Internal Name : Console Legal Copyright : Copyright (C) Tpfkytyvm Corp. 1981-1999 Original Filename : CONSOLE.DLL Product Name : Vhnvgfrur(R) Pnqxxto (R) 2000 Wqrkstcaa Jqirqf Product Version : 5.00.2134.1
VirusTotal Report submitted 2012-02-12 11:44:16
VirusShare info last updated 2012-07-25 23:33:26

	MD5	25ff4bc25c23468a911d2990a6aaefa5
	SHA1	061423db86b71f9c8acdd975d3eeb291d50ce9bb
	SHA256	eda0f6957ca0fde8313fe7b105feebbaaf485895a215f9b2841ee2e131c2d1f8
SSDeep	24576:uohPYM+iMtSYnP9phFEW6nFIb0mlZkCWLl:ngizYn1PF7EFIwmOh
Size	848384 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:MalOb-GW [Cryp] Ikarus = Backdoor.Win32.Kelihos AhnLab-V3 = Win-Trojan/Fakeav.848384.AE K7AntiVirus = Trojan VBA32 = Trojan.Jorik.Hlux.az eTrust-Vet = Win32/Kelihos.B!generic TrendMicro-HouseCall = TROJ_JORIK.YR Comodo = Heur.Suspicious Emsisoft = Backdoor.Win32.Kelihos!IK CAT-QuickHeal = Trojan.Jorik.Hlux.az McAfee-GW-Edition = FakeAlert-SecurityTool.cv DrWeb = Trojan.PWS.Siggen.25312 TrendMicro = TROJ_JORIK.YR Kaspersky = Trojan.Win32.Jorik.Hlux.az Microsoft = Backdoor:Win32/Kelihos.B Fortinet = W32/Pirminay.BMF!tr PCTools = Adware.DateManager!rem Jiangmin = Trojan/Jorik.mnn McAfee = FakeAlert-SecurityTool.cv F-Secure = Gen:Variant.Kazy.33535 eSafe = Win32.GenVariant.Kaz F-Prot = W32/FakeAlert.QW.gen!Eldorado AVG = SHeur3.CNTD Norman = W32/Kryptik.AFR Sophos = Mal/ZbotPk-AE Symantec = Packed.Mystic!gen9 GData = Gen:Variant.Kazy.33535 Commtouch = W32/FakeAlert.QW.gen!Eldorado TheHacker = Trojan/Jorik.Hlux.az BitDefender = Gen:Variant.Kazy.33535 NOD32 = a variant of Win32/Kryptik.RLI
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2005:06:19 11:18:53-04:00 PE Type : PE32 Linker Version : 6.0 Code Size : 25088 Initialized Data Size : 821760 Uninitialized Data Size : 0 Entry Point : 0x613e OS Version : 5.0 Image Version : 0.0 Subsystem Version : 5.0 Subsystem : Windows GUI File Version Number : 0.256.22174.16623 Product Version Number : 0.256.22174.16623 File Flags Mask : 0x0000 File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Ritlabs S.R.L. File Description : ql8OkJA File Version : KdqFaJJesNTW0h Internal Name : lsUwmJbd2 Legal Copyright : OqpRALz Original Filename : 7lZlSat Product Name : 21E9moLrcc Product Version : Ix8z Warning : Possibly corrupt Version resource
VirusTotal Report submitted 2012-04-02 14:16:09
VirusShare info last updated 2012-07-25 23:37:28

	MD5	36b715b1bf068ce955772b9d751ed05a
	SHA1	2863a5c06bfd323f79fa7b49301ade29407f5577
	SHA256	872bec62c9fca39812adf7c3091c53ba71ebfc4e54bfef6a739e3851d4e5943e
SSDeep	24576:6SxXdTtHXvJ9Nm6v8NzXGsjmJqZMAdlfzv6c8xC:9xf3vjNjv8dXGbQ+AdFzck
Size	847360 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Felegi.B Avast = Win32:Kelihos-D [Trj] Ikarus = Win32.SuspectCrc AhnLab-V3 = Trojan/Win32.Menti Panda = Trj/Mystic.a K7AntiVirus = Trojan VirusBuster = Backdoor.Bredolab!RbNCNDii+lw VBA32 = Backdoor.Bredolab.pji eTrust-Vet = Win32/Kelihos.B!generic TrendMicro-HouseCall = BKDR_BREDOLAB.HG Emsisoft = Win32.SuspectCrc!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Backdoor.Bredolab.pji McAfee-GW-Edition = FakeAlert-SecurityTool.cv DrWeb = Trojan.PWS.Siggen.25568 TrendMicro = BKDR_BREDOLAB.HG Kaspersky = Backdoor.Win32.Bredolab.pji Microsoft = Backdoor:Win32/Kelihos.B Fortinet = W32/Pirminay.BMF!tr PCTools = Backdoor.Trojan Jiangmin = Backdoor/Bredolab.jkf McAfee = FakeAlert-SecurityTool.cv ClamAV = Trojan.Agent-246935 F-Secure = Gen:Variant.Kazy.33973 VIPRE = Trojan.Win32.Generic.pak!cobra F-Prot = W32/FakeAlert.QW.gen!Eldorado AVG = Win32/Cryptor Norman = W32/Kryptik.AFR Sophos = Mal/ZbotPk-AE GData = Gen:Variant.Kazy.33973 Symantec = Backdoor.Trojan Commtouch = W32/FakeAlert.QW.gen!Eldorado TheHacker = Backdoor/Bredolab.pji BitDefender = Gen:Variant.Kazy.33973 NOD32 = a variant of Win32/Kryptik.RPV
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2007:10:22 17:42:33-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 80384 Initialized Data Size : 765952 Uninitialized Data Size : 0 Entry Point : 0x13b9a OS Version : 5.0 Image Version : 0.0 Subsystem Version : 5.0 Subsystem : Windows GUI File Version Number : 0.14.39354.40180 Product Version Number : 0.14.39354.40180 File Flags Mask : 0x0000 File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Ritlabs S.R.L. File Description : OVUsq File Version : HtyeWJNJW Internal Name : Uwrb838 Legal Copyright : Vrg80 Original Filename : TRk8osNv0 Product Name : sgQLJOzUGIS9 Product Version : sW2puQBcf4zzLP Warning : Possibly corrupt Version resource
VirusTotal Report submitted 2012-03-31 00:20:17
VirusShare info last updated 2012-07-25 23:37:41

	MD5	470d1f717f76dddd2311ca166d7acc58
	SHA1	44749c9eab69e2e9edf58378c7b734072e280ed9
	SHA256	18cd18c2d070ad1605595658f8bfa35417ed5c6e994ee332b95ef934d79f5c89
SSDeep	12288:FKHERWHDo5on6asr6AAWo+VwGSUyjvgkriZ94gGlPLnskCAfOsaLADncLPB:IHPDowsrxo+LSr4kriZ94TCkpfMAn4P
Size	851968 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:MalOb-GW [Cryp] Ikarus = Win32.SuspectCrc AhnLab-V3 = Trojan/Win32.Menti Panda = Trj/Mystic.a K7AntiVirus = Trojan VirusBuster = Trojan.Kryptik!u2tK7+HgL7A VBA32 = Trojan.Menti.htbq eTrust-Vet = Win32/Kelihos.B!generic TrendMicro-HouseCall = TROJ_GEN.R3EC2HH Comodo = Heur.Suspicious Emsisoft = Win32.SuspectCrc!IK CAT-QuickHeal = Trojan.Menti.htbq McAfee-GW-Edition = Heuristic.LooksLike.Win32.FakeYak.E DrWeb = Trojan.PWS.Siggen.25341 TrendMicro = TROJ_GEN.R3EC2HH Kaspersky = Trojan.Win32.Menti.htbq Microsoft = Backdoor:Win32/Kelihos.B Fortinet = W32/Pirminay.BMF!tr PCTools = HeurEngine.Mystic Jiangmin = Trojan/Menti.goc McAfee = FakeAlert-SecurityTool.cv F-Secure = Gen:Variant.Kazy.33535 VIPRE = Trojan.Win32.Ransom.do (v) eSafe = Win32.BDSKelihos.B F-Prot = W32/FakeAlert.QW.gen!Eldorado AVG = Generic24.SGJ Norman = W32/Kryptik.AFR Sophos = Mal/Generic-L GData = Gen:Variant.Kazy.33535 Symantec = Packed.Mystic!gen9 Commtouch = W32/FakeAlert.QW.gen!Eldorado TheHacker = Trojan/Menti.htbq BitDefender = Gen:Variant.Kazy.33535 NOD32 = a variant of Win32/Kryptik.RPV
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2005:03:06 16:34:45-05:00 PE Type : PE32 Linker Version : 6.0 Code Size : 27136 Initialized Data Size : 823296 Uninitialized Data Size : 0 Entry Point : 0x6e90 OS Version : 5.0 Image Version : 0.0 Subsystem Version : 5.0 Subsystem : Windows GUI File Version Number : 176.0.48302.21650 Product Version Number : 176.0.48302.21650 File Flags Mask : 0x0000 File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Ritlabs S.R.L. File Description : hQMam File Version : hdb5Cpx Internal Name : tq62Yo Legal Copyright : jIbF8J0q Original Filename : qSZTN7f41 Product Name : SR06Fr6P Product Version : 9NswwCufU
VirusTotal Report submitted 2012-04-05 17:41:40
VirusShare info last updated 2012-07-25 23:37:53

	MD5	558294707a3774cbd4eda8b09591493f
	SHA1	dd1d90e00b8a555bbfa5fdde5f0a520e502ae23a
	SHA256	d3cc87baba834acab64d7a5e29581fa59850b62d2311316a2017d2e96fb23196
SSDeep	12288:sLgo54YtipSuu4KWVvVxy6dw7MP6K5f+E4hGlzAqCUCtQzNDohYvC1N9B5Po:sLl5/tiAu0WNVs6Ed1UgQ5D41pdo
Size	844288 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:MalOb-GW [Cryp] Ikarus = Backdoor.Win32.Kelihos AhnLab-V3 = Win-Trojan/Fakeav.844288.AD Panda = Trj/Mystic.a K7AntiVirus = Trojan VirusBuster = Trojan.Kryptik!0DIsv31Zg7k VBA32 = Backdoor.Bredolab.pjp TrendMicro-HouseCall = TROJ_GEN.R01C2HI Comodo = UnclassifiedMalware Emsisoft = Backdoor.Win32.Kelihos!IK CAT-QuickHeal = Backdoor.Bredolab.pjp McAfee-GW-Edition = FakeAlert-SecurityTool.cv DrWeb = Trojan.PWS.Siggen.25462 TrendMicro = TROJ_GEN.R01C2HI Kaspersky = Backdoor.Win32.Bredolab.pjp Microsoft = Backdoor:Win32/Kelihos.B Fortinet = W32/Pirminay.BMF!tr PCTools = Backdoor.Trojan Jiangmin = Backdoor/Bredolab.jip McAfee = FakeAlert-SecurityTool.cv F-Secure = Gen:Variant.Kazy.33535 VIPRE = Trojan.Win32.Generic.pak!cobra eSafe = Win32.GenVariant.Kaz F-Prot = W32/FakeAlert.QW.gen!Eldorado AVG = Downloader.Crypter.O Norman = W32/Kryptik.AFR Sophos = Mal/ZbotPk-AE GData = Gen:Variant.Kazy.33535 Symantec = Backdoor.Trojan Commtouch = W32/FakeAlert.QW.gen!Eldorado TheHacker = Backdoor/Bredolab.pjp BitDefender = Gen:Variant.Kazy.33535 NOD32 = a variant of Win32/Kryptik.RPV
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2004:12:23 13:10:14-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 23040 Initialized Data Size : 819712 Uninitialized Data Size : 0 Entry Point : 0x5a61 OS Version : 5.0 Image Version : 0.0 Subsystem Version : 5.0 Subsystem : Windows GUI File Version Number : 0.512.34645.6451 Product Version Number : 0.512.34645.6451 File Flags Mask : 0x0000 File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Ritlabs S.R.L. File Description : 5DPJXYBQjdRJ File Version : 0djTDDZNm Internal Name : HiTX4MBMiTXKd7 Legal Copyright : 8VTW3ULBbe Original Filename : ifR3mDc0RGOpzi Product Name : FSmn1XN91 Product Version : 5F4tnRBuHkz8Sg Warning : Possibly corrupt Version resource
VirusTotal Report submitted 2012-03-31 08:27:00
VirusShare info last updated 2012-07-25 23:38:04

	MD5	5be6028f87f8441b73d058173899f7e5
	SHA1	ea3aafbfae86044552b62cf11719109c3f3116de
	SHA256	f17689c481ded7d532f534d10d7414b0ccfca13a454129fa38023ca1b23e8017
SSDeep	12288:wszxi5fs5b6nm0/qiX+EOgExxdUDTOrxjZVETdtn85v8BsAAL:H6nmajNOUDTExzWdu5v8mA
Size	846336 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:MalOb-GW [Cryp] Ikarus = Win32.SuspectCrc AhnLab-V3 = Trojan/Win32.Menti Panda = Trj/Mystic.a K7AntiVirus = Trojan VirusBuster = Trojan.Kryptik!VVznaromZOI VBA32 = Backdoor.Bredolab.pjq TrendMicro-HouseCall = TROJ_SPNR.15JQ11 Emsisoft = Win32.SuspectCrc!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Backdoor.Bredolab.pjq McAfee-GW-Edition = Heuristic.LooksLike.Win32.FakeYak.E DrWeb = Trojan.PWS.Siggen.25449 TrendMicro = TROJ_SPNR.15JQ11 Kaspersky = Backdoor.Win32.Bredolab.pjq Microsoft = Backdoor:Win32/Kelihos.B Fortinet = W32/Pirminay.BMF!tr Jiangmin = Backdoor/Bredolab.jiq McAfee = FakeAlert-SecurityTool.cv F-Secure = Gen:Variant.Kazy.33535 VIPRE = Trojan.Win32.Generic.pak!cobra eSafe = Win32.TRCrypt.XPACK F-Prot = W32/FakeAlert.QW.gen!Eldorado AVG = Generic24.RMQ Norman = W32/Kryptik.AFR Sophos = Mal/Generic-L GData = Gen:Variant.Kazy.33535 Commtouch = W32/FakeAlert.QW.gen!Eldorado TheHacker = Backdoor/Bredolab.pjq BitDefender = Gen:Variant.Kazy.33535 NOD32 = a variant of Win32/Kryptik.RPV
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2007:07:28 17:21:22-04:00 PE Type : PE32 Linker Version : 6.0 Code Size : 22528 Initialized Data Size : 822272 Uninitialized Data Size : 0 Entry Point : 0x5871 OS Version : 5.0 Image Version : 0.0 Subsystem Version : 5.0 Subsystem : Windows GUI File Version Number : 61440.0.48238.17649 Product Version Number : 61440.0.48238.17649 File Flags Mask : 0x0000 File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Ritlabs S.R.L. File Description : 5rnFAuk File Version : EjvsOGino Internal Name : dTFecrndaYVTd Legal Copyright : mdegpMTlcy1 Original Filename : 3i2e5U6fsaF4M Product Name : ltNmM Product Version : spZv3A2b3J Warning : Possibly corrupt Version resource
VirusTotal Report submitted 2012-04-05 21:03:07
VirusShare info last updated 2012-07-25 23:38:08

	MD5	d559a9e659ac0f750e98099676f627d5
	SHA1	f95dd0c7efe598738b350876fd6f1a0a6e58c799
	SHA256	db013c2b7e3ecfa91d8068ea9c14c8881beaaf9d357506c89e7ea2d959ae06a1
SSDeep	6144:XwNXsAilKmcjMHWOSRdMzBrv9KNc1yCBo3VJnZJYH3nuXfK:Adsh/9idMxlIc1yX3LZJYXnaK
Size	279422 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Jorik AhnLab-V3 = Trojan/Win32.Jorik Panda = Suspicious file nProtect = Trojan.Generic.KDV.317534 K7AntiVirus = Riskware VirusBuster = Trojan.Injector!SSPQX1MRnq0 VBA32 = TrojanDownloader.CodecPack.sjt TrendMicro-HouseCall = TROJ_JORIK.ZV Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Jorik!IK CAT-QuickHeal = TrojanDownloader.Ponmocup.a McAfee-GW-Edition = Generic.dx!bags DrWeb = Trojan.WinSpy.1014 TrendMicro = TROJ_JORIK.ZV Kaspersky = Trojan.Win32.Jorik.Pirminay.ku Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Jorik.K!tr PCTools = Trojan.ADH Jiangmin = Trojan/Generic.hxys McAfee = Generic.dx!bags F-Secure = Trojan.Generic.KDV.317534 VIPRE = Trojan.Win32.Generic!BT eSafe = Win32.TRDropper AVG = Dropper.Generic4.AAKS Norman = W32/Obfuscated.L Sophos = Troj/Virtum-Gen GData = Trojan.Generic.KDV.317534 Symantec = Trojan.ADH TheHacker = Trojan/Jorik.Pirminay.acq BitDefender = Trojan.Generic.KDV.317534 NOD32 = a variant of Win32/Injector.HZU
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 278528 Initialized Data Size : 4096 Uninitialized Data Size : 40960 Entry Point : 0x4e330 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 0.3.1536.1 Product Version Number : 1.10.2.11 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : CANON INC. File Description : Canon Inkjet Printer Driver File Version : 1.10.2.11 (fbl_dox_dev_ihvs.081016-1807) Internal Name : CNBBRxxx.DLL Legal Copyright : Copyright CANON INC. 2008 All Rights Reserved Original Filename : CNBBRxxx.DLL Product Name : Canon Inkjet Printer Driver Product Version : 1.10.2.11
VirusTotal Report submitted 2012-04-13 07:58:53
VirusShare info last updated 2012-07-25 23:39:37

	MD5	13c9ea0abd27079931a33eb2c2815858
	SHA1	741a30f0f27e8eaefce915a252e65273c051fdc6
	SHA256	8d7713d6d1384b2ba4a3865e88788c83cbf6324683eb9d7ccf019de50a60c2f9
SSDeep	3072:SkU22tomi5aLvW1maMwpTh894ZQSXDm5G5galrQQyWlOQ3:SkU2jmIaq1m96g4hT4YgBWlOQ
Size	155648 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.307200 Avast = Win32:MalOb-GD [Cryp] Antiy-AVL = AdWare/Win32.SuperJuan.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Variant.155648.BN Panda = Trj/Genetic.gen nProtect = Trojan/W32.Agent.155648.YZ K7AntiVirus = Trojan VirusBuster = Adware.SuperJuan!5HjCuIKLLwY VBA32 = AdWare.SuperJuan.zwl eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R25C2DC Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[Cont] McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.Juan.431 TrendMicro = TROJ_GEN.R25C2DC Kaspersky = not-a-virus:AdWare.Win32.SuperJuan.zwl Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Moder.DRJY!tr PCTools = Trojan.Vundo Jiangmin = Adware/SuperJuan.me McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.4 VIPRE = Virtumonde F-Prot = W32/Virtumonde.CD.gen!Eldorado AVG = Cryptic.DQQ Norman = W32/Vundo.UTX Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = Trojan.Vundo!gen9 Commtouch = W32/Virtumonde.CD.gen!Eldorado BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Adware.Virtumonde.NHN
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:02 11:26:41-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 94208 Initialized Data Size : 94208 Uninitialized Data Size : 0 Entry Point : 0x13d85 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7000.0 Product Version Number : 6.1.7000.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 2 Language Code : Neutral Character Set : Unicode Company Name : Zgctqjuhl Ufgitmzmetc File Description : Azeri-Latin Keyboard Layout File Version : 6.1.7000.0 (winmain_win7beta.081212-1400) Internal Name : kbdazel (3.13) Legal Copyright : © Zfsoqeftj Idmmgpdsrsv. All rights reserved. Original Filename : kbdazel.dll Product Name : Gbxsssaag® Yfjydck® Dxjnbnulb Yvutlr Product Version : 6.1.7000.0
VirusTotal Report submitted 2012-02-11 18:58:43
VirusShare info last updated 2012-07-25 23:41:52

	MD5	3eb68e4565b9fec31d83046dd26878de
	SHA1	0dd83667594009419430d2c9065ebf53ec01d1af
	SHA256	97be7a526b57c0e722d1a90bf079c2982179ca3ac96ec9009b3458c0f1a9a46b
SSDeep	3072:+eNFewvOObqPyrw6bbnH25LVoev52b8IJIYKC:+4FK96MEbnHELR2j4
Size	155648 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:Vundo-JU [Trj] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Vundo Panda = Trj/CI.A nProtect = Trojan/W32.Vundo.155648.F K7AntiVirus = Riskware VirusBuster = Adware.Virtumonde!LETl0wFDDIs eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R26C1AV Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Vundo.av McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.WinSpy.1252 TrendMicro = TROJ_GEN.R26C1AV Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.irik McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.4 VIPRE = Virtumonde F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic21.BBCB Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen.2 Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Gen:Variant.Vundo.4 NOD32 = Win32/Adware.Virtumonde.NHD
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:26 16:41:31-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 86016 Initialized Data Size : 102400 Uninitialized Data Size : 0 Entry Point : 0x1244e OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7000.0 Product Version Number : 6.1.7000.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 4 Language Code : English (U.S.) Character Set : Unicode Company Name : Uxthhdeui Psowbxeuwxd File Description : RDP Reflector Driver Miniport File Version : 6.1.7000.0 (winmain_win7beta.081212-1400) Internal Name : RDPREFMP.SYS Legal Copyright : © Rbnymbats Evjtimdxzbh. All rights reserved. Original Filename : RDPREFMP.SYS Product Name : Rfntuzsvd® Uxyqfjg® Gedouunyk Imlqkx Product Version : 6.1.7000.0
VirusTotal Report submitted 2012-03-05 23:18:03
VirusShare info last updated 2012-07-25 23:43:56

	MD5	a21458ade1cc8727217bbe9b90fecf95
	SHA1	f384fa054b5a95719c52fecf37f5d3c50c8ade55
	SHA256	f0a616ce023ccffb790226ce0774a1e39f740412cf992cef0af3809aa97f7064
SSDeep	1536:BLiSsLB7z0aUYv3DN8UdOOGNs7fh9QgcItv6txf4jiVmiEQkUMsXKukPi+psIuLG:BGSsF7z0mbcrxQjiAiUUMsXKukPi+psA
Size	98304 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Vundo Panda = Suspicious file K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!xEtBG+38wFc eTrust-Vet = Win32/Vundo.H!generic Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Vundo.av McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.Smardec.79 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.regm McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Vundo.MH Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.13 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.ndf BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.NDF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:08:30 21:54:27-04:00 PE Type : PE32 Linker Version : 6.0 Code Size : 32768 Initialized Data Size : 98304 Uninitialized Data Size : 0 Entry Point : 0x86d1 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Unicode Company Name : Updhtwtvi Ruivycwxfwr File Description : Platform Specific Hardware Error Driver File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : pshed.dll Legal Copyright : © Pscomdbey Etlzzzaqrax. All rights reserved. Original Filename : pshed.dll Product Name : Cihplvzyu® Owrvvcy® Amdfatsht Chhvwn Product Version : 6.1.7600.16385
VirusTotal Report submitted 2012-05-20 12:46:52
VirusShare info last updated 2012-07-25 23:45:45

	MD5	04cf61b1b626ee33d472d1741f4272d4
	SHA1	c1550cf081327f09e71515fc8d9bf6fded9e34f8
	SHA256	569e9b53b98e9183ec203cb5c7234d3220fa138c8940e0a91dcd7efaab2d1f3d
SSDeep	3072:sUWq+UMWVE+f7y0PiRvsyQaYMVo4aYJkxYkl6ZyYZdt6a+3:KFUMq97mVBYy8MHZyYZq9
Size	221184 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Mediyes Panda = Generic Trojan K7AntiVirus = Trojan VirusBuster = Trojan.Pirminay!a2sYm+eZQcs VBA32 = Trojan.Pirminay.rdh TrendMicro-HouseCall = TROJ_GEN.R21CDDK Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Generic.dx!b2ax DrWeb = Trojan.Hosts.5792 TrendMicro = TROJ_GEN.R21CDDK Kaspersky = Trojan.Win32.Pirminay.rek Microsoft = Trojan:Win32/Mediyes.C Fortinet = W32/Mediyes.FA!tr Jiangmin = Trojan/Pirminay.aqi McAfee = Generic.dx!b2ax F-Secure = Gen:Variant.Barys.596 VIPRE = Trojan.Win32.Generic!BT F-Prot = W32/Mediyes.D.gen!Eldorado AVG = Agent.7.G Norman = W32/Troj_Generic.BHNLF Sophos = Mal/Mediyes-D GData = Gen:Variant.Barys.596 Symantec = Trojan.Gen Commtouch = W32/Mediyes.D.gen!Eldorado TheHacker = Trojan/Pirminay.rek BitDefender = Gen:Variant.Barys.596 NOD32 = a variant of Win32/Mediyes.F
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2012:03:23 01:18:55-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 151552 Initialized Data Size : 65536 Uninitialized Data Size : 0 Entry Point : 0x14a1a OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.3.0.0 Product Version Number : 2.3.0.0 File Flags Mask : 0x0017 File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Works Ltd. File Description : Workstation Service Loader File Version : 2.3.0.0 Internal Name : wssl.dll Legal Copyright : (c) 2009 Works Ltd. Original Filename : wssl.dll Product Name : Workstation Service Loader Product Version : 2.3.0.0
VirusTotal Report submitted 2012-04-26 05:37:12
VirusShare info last updated 2012-07-25 23:59:08

	MD5	13f7f7f2344a84ec924e11df0f34ac03
	SHA1	113081c84e14d3167297898ccf8ebba468ec950d
	SHA256	a07875c543ba51ba14a52c9bddbc08afee140b638230dd3e5f184fd8fe10747c
SSDeep	3072:s9wMYqopkvSxKP9+KrwEu4ZhwHJValiljMqqDLy/QAK:KwMY2viKPu0hwgnqqDLuQ
Size	166400 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.A.946 Avast = Win32:Kryptik-ELX [Trj] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Trj/Genetic.gen Rising = Trojan.Win32.Generic.12899D94 K7AntiVirus = Riskware eTrust-Vet = Win32/Vundo.HQK TrendMicro-HouseCall = TROJ_GEN.R4FC1L5 Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Vundo!li DrWeb = Trojan.Smardec.75 TrendMicro = TROJ_GEN.R4FC1L5 Kaspersky = Trojan.Win32.Monder.drjy Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen Jiangmin = Trojan/Monder.aapz McAfee = Vundo!li F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.ANJ Norman = W32/Kryptik.AIF Sophos = Mal/Generic-L Symantec = Trojan.Gen GData = Gen:Variant.Vundo.13 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.oxq BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.OXQ
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:12:07 01:22:53-05:00 PE Type : PE32 Linker Version : 5.12 Code Size : 98304 Initialized Data Size : 118784 Uninitialized Data Size : 0 Entry Point : 0x148ca OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.3790.3959 Product Version Number : 6.0.3790.3959 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Microsoft IIS Common Logging Interface DLL File Version : 6.0.3790.3959 (srv03_sp2_rtm.070216-1710) Internal Name : ISCOMLOG.DLL Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : ISCOMLOG.DLL Product Name : Internet Information Services Product Version : 6.0.3790.3959
VirusTotal Report submitted 2012-03-30 06:56:08
VirusShare info last updated 2012-07-26 00:00:14

	MD5	88f2048601e8815102fea757657c4a54
	SHA1	5d0031e0c9b4aa71587f63e024fe6c90e1a4a14b
	SHA256	a50bd34667321260e091ef6edea32551fca5be26a42ebc059d0ab1ed73cc0e8e
SSDeep	3072:fhoan/WQjigkAlkiV/yP4FEFZMKN0o9W22qfx8:KanfnkGyP40PusX2ix
Size	105984 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:MalOb-FA [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Vundo Panda = Trj/Vundo.I nProtect = Trojan/W32.Vundo.105984.B K7AntiVirus = Trojan VirusBuster = Trojan.Agent!z+TO2SkQpvM VBA32 = Trojan.Agent.hodh eTrust-Vet = Win32/Vundo.HTF!genus TrendMicro-HouseCall = TROJ_VUNDO.SMIA Comodo = TrojWare.Win32.Agent.hodh Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Win32.Trojan.Vundo.5 SUPERAntiSpyware = Trojan.Agent/Gen-Vonder McAfee-GW-Edition = Vundo!lb DrWeb = Trojan.Siggen2.26773 TrendMicro = TROJ_VUNDO.SMIA Kaspersky = Trojan.Win32.Agent.hodh Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Genome.ihm McAfee = Vundo!lb F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.BZ.gen!Eldorado AVG = Injector.AAJ Norman = W32/Kryptik.AIF Sophos = Troj/Agent-PKR GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.BZ.gen!Eldorado TheHacker = Trojan/Injector.dse BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Injector.DSE
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:02:02 03:17:08-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 57856 Initialized Data Size : 83968 Uninitialized Data Size : 0 Entry Point : 0xf06d OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1.1.4322.573 Product Version Number : 1.1.4322.573 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : netfxperf.lib File Version : 1.1.4322.573 Internal Name : netfxperf.lib Legal Copyright : Copyright (C) Microsoft Corporation 1998-2002. All rights reserved. Legal Trademarks : Microsoft and Windows are either registered trademarks or trademarks of Microsoft Corporation in the U.S. and/or other countries. Original Filename : netfxperf.lib Product Name : Microsoft (R) .NET Framework Product Version : 1.1.4322.573 Comments : Microsoft .NET Framework build environement is Retail. SafeSync counter=0
VirusTotal Report submitted 2012-03-29 10:29:02
VirusShare info last updated 2012-07-26 00:02:49

	MD5	47162e174669a58075616bb5fa6d6d3e
	SHA1	8bf5e66d17c51fae7d715a72d040b69da373f9d9
	SHA256	bb149fddc17c3c6354e31bff0d6e5b150085c637d4bb06ac11253a83661fa09b
SSDeep	1536:uRumggek1m8qfx+66KO3fm131s2pPIPQB3ZvvmckPxJYmpgMuuoNz0+fFlqJ:upgM1qfx+63Sfq1nBIcpv+ckPxem6r7q
Size	92160 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.307200 Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/Win32.Monder.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Vundo Panda = Trj/Genetic.gen nProtect = Trojan/W32.Monder.92160.BB K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!ZQ6o85NDENs VBA32 = AdWare.SuperJuan.yox eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R11C2FB Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Monder.nlng McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.Virtumod.10448 TrendMicro = TROJ_GEN.R11C2FB Kaspersky = Trojan.Win32.Monder.nlng Microsoft = Trojan:Win32/Vundo.gen!AV ViRobot = Trojan.Win32.Vundo.92160 Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Monder.acbo McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CD.gen!Eldorado AVG = Generic21.AEMF Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.13 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CD.gen!Eldorado TheHacker = Trojan/Kryptik.gnd BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.GND
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:13 18:54:53-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 77824 Initialized Data Size : 57344 Uninitialized Data Size : 0 Entry Point : 0x10635 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6001.18000 Product Version Number : 6.0.6001.18000 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Occsuxmnx Afgqkhlrldo File Description : Network Policy Server File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840) Internal Name : IAS.DLL Legal Copyright : © Flrtrdzsk Abkngwstchl. All rights reserved. Original Filename : IAS.DLL Product Name : Zradnbevw® Tehokqj® Kamtxzehe Zmjhhs Product Version : 6.0.6001.18000
VirusTotal Report submitted 2012-04-11 16:42:51
VirusShare info last updated 2012-07-26 00:06:10

	MD5	6481a7e5bb00d270dd03b48a71196d93
	SHA1	61f21a504c9d71fb5a80d2498e2836a9180a6be6
	SHA256	0950df23c686a13092bb7eaf485a311ed0a0ceb86c0da1c2de8534d2a1b6b497
SSDeep	384:ljBS3caTD71SHWVSRDYfFXbDjye6Rd9lLj4ESBgadkubXYZ+GBfXw775RxDc9No8:lHaxSUSSpbDjyFdfn2F9XYgAfX2UNoL
Size	32768 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Spy.Gen Avast = Win32:Pirminay-EE [Trj] Ikarus = not-a-virus:AdWare.Win32.SuperJuan AhnLab-V3 = Trojan/Win32.Variant Panda = Suspicious file K7AntiVirus = Riskware VirusBuster = Trojan.Ponmocup!TYSZzg4+x4M TrendMicro-HouseCall = TROJ_GEN.R47CDDE Comodo = UnclassifiedMalware Emsisoft = Riskware.AdWare.Win32.SuperJuan!IK McAfee-GW-Edition = Artemis!6481A7E5BB00 DrWeb = Trojan.WinSpy.1558 TrendMicro = TROJ_GEN.R47CDDE Kaspersky = not-a-virus:AdWare.Win32.SuperJuan.heur Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Ponmocup.AA Jiangmin = Adware/SuperJuan.hk McAfee = Generic PUP.z!nd F-Secure = Gen:Variant.Vundo.10 VIPRE = Virtumonde AVG = Generic25.CLPV Norman = W32/Troj_Generic.AYICR GData = Gen:Variant.Vundo.10 BitDefender = Gen:Variant.Vundo.10 NOD32 = a variant of Win32/Ponmocup.AA
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 8704 Initialized Data Size : 23040 Uninitialized Data Size : 0 Entry Point : 0x2f6a OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-04-14 23:05:23
VirusShare info last updated 2012-07-26 00:06:34

	MD5	2b2685574f75ae35f40fd074e9ad03c4
	SHA1	589ae594091266f78e7b29dfda94bfdd63e6c892
	SHA256	d47d544aebae4ec6f9337a1d8eb15a4f381b33b242c8df6e83ea933d4a67c49e
SSDeep	6144:/s2W1fP41l3uWBpaMU/sEOSdFoWby3/XwpbCSRk/SIpybzcdMxiElUO:/nAP4b3hBpahoKFotIpbli61i8
Size	377764 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:Vundo-JU [Trj] Ikarus = Trojan.Win32.Pirminay Panda = Suspicious file nProtect = Trojan.Generic.6074040 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!iIj013cNUsw TrendMicro-HouseCall = TROJ_RENOS.BMC Emsisoft = Trojan.Win32.Pirminay!IK Comodo = TrojWare.Win32.Trojan.Agent.Gen CAT-QuickHeal = Trojan.Pirminay.qrf McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.DownLoader5.25003 TrendMicro = TROJ_RENOS.BMC Kaspersky = Trojan.Win32.Pirminay.qrf Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.xc McAfee = Generic Malware.ms F-Secure = Trojan.Generic.6074040 VIPRE = Trojan.Win32.Generic!BT F-Prot = W32/Ponmocup.A.gen!Eldorado AVG = Generic22.AMJP Norman = W32/Kryptik.AIF Sophos = Mal/Ponmocup-A GData = Trojan.Generic.6074040 Symantec = Trojan.Gen Commtouch = W32/Ponmocup.A.gen!Eldorado TheHacker = Trojan/Pirminay.gnd BitDefender = Trojan.Generic.6074040 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:05:21 21:17:45-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 65536 Initialized Data Size : 618496 Uninitialized Data Size : 0 Entry Point : 0xd1d3 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Unicode Company Name : Eryduwifz Hmurngryhfm File Description : Bluetooth Communications Driver File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : bthmodem.sys Legal Copyright : © Fcazatwtn Ubkoniyrbok. All rights reserved. Original Filename : bthmodem.sys Product Name : Pakwqcvwx® Cqtaohn® Vbjzmuigl Wnwjrm Product Version : 6.1.7600.16385
VirusTotal Report submitted 2012-04-12 08:13:54
VirusShare info last updated 2012-07-26 00:08:35

	MD5	078a5ab725704f6afa4167739980f345
	SHA1	3925c1caa2a288b874193b9a0b48f2721c7f476c
	SHA256	c6593bc05e23d409e00c57d743a2e50639515e117f9a96a4abcebbcce97ea05d
SSDeep	6144:KTqqS+GVqGLDlVdeZH2ovwMKg0ShXYhPk9MzdRgu2Q3g8JoK6FWDtS:kRSvVqGLDl3eYGbGC9Md139oKJDt
Size	349184 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Kazy.15607.11 Avast = Win32:Pirminay-Y [Trj] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay nProtect = Trojan.Generic.6313120 K7AntiVirus = Trojan VirusBuster = Trojan.DL.Agent!0uIOUzA70Xk VBA32 = Trojan.Pirminay.jxg Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Pirminay.jxg McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.DownLoader4.14377 Kaspersky = Trojan.Win32.Pirminay.jxg Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Kryptik.ANL!tr Jiangmin = Trojan/Generic.hpwf McAfee = Generic Malware.ms F-Secure = Trojan.Generic.6313120 VIPRE = Trojan.Win32.Generic!BT AVG = SHeur3.CIQI Norman = W32/Obfuscated.L GData = Trojan.Generic.6313120 TheHacker = Trojan/Pirminay.jxg BitDefender = Trojan.Generic.6313120 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:03:28 14:43:40-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 348160 Initialized Data Size : 4096 Uninitialized Data Size : 425984 Entry Point : 0xbd510 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6001.18000 Product Version Number : 6.0.6001.18000 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Aifktvgek Qlrduostdas File Description : User-Mode Bus Enumerator File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840) Internal Name : umbus.sys Legal Copyright : © Ismscmays Acgzkydljfk. All rights reserved. Original Filename : umbus.sys Product Name : Uubfzqusz® Amrbrrt® Sgufmwpls Exsqhr Product Version : 6.0.6001.18000
VirusTotal Report submitted 2012-04-25 15:44:22
VirusShare info last updated 2012-07-26 00:09:18

	MD5	704abc4977cd52549e917245cf873f54
	SHA1	767b6ba4ed52b0fb7493aa3a417793282ba1de2b
	SHA256	03a00cda0e5bdb497448f01b847251a1e753e8b743c02b7122905d286361f2ea
SSDeep	3072:H9KvITjQmm9AlUf7QE1cwwa2EpZVYicp+VYM6bu73FTYkl/MtUuz:d/TEzNQwh2M8c73FTY4E
Size	221184 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Pirminay Ikarus = Trojan.Win32.Pirminay K7AntiVirus = Trojan Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Artemis!704ABC4977CD Kaspersky = Trojan.Win32.Pirminay.rku Fortinet = W32/Pirminay.RKU!tr McAfee = Artemis!704ABC4977CD F-Secure = Trojan.Generic.KD.592235 VIPRE = Trojan.Win32.Generic!BT AVG = Agent3.BLOO Norman = W32/Troj_Generic.AXADD GData = Trojan.Generic.KD.592235 BitDefender = Trojan.Generic.KD.592235 NOD32 = a variant of Win32/Mediyes.F
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2012:03:16 21:08:33-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 151552 Initialized Data Size : 65536 Uninitialized Data Size : 0 Entry Point : 0x1470a OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.3.0.0 Product Version Number : 2.3.0.0 File Flags Mask : 0x0017 File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Works Ltd. File Description : Workstation Service Loader File Version : 2.3.0.0 Internal Name : wssl.dll Legal Copyright : (c) 2009 Works Ltd. Original Filename : wssl.dll Product Name : Workstation Service Loader Product Version : 2.3.0.0
VirusTotal Report submitted 2012-04-08 04:53:37
VirusShare info last updated 2012-07-26 00:10:37

	MD5	afe6799c2dc465a250c5458b2a2d39cf
	SHA1	9f4c7aea1232e42f93d95be7748e5de17259dc17
	SHA256	bcea8bb3a585ddbd48837c49a5f10845d5437ee33c7bf134a0a0351ae5f2528e
SSDeep	3072:RscGZEAPyiKbk/q71C6GvhA8l1XAglmOS6/SxG+XKcDocAX01Pxa4ybgVICaIxmY:r5VO+OOXuJal
Size	196608 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:Trojan-gen Antiy-AVL = Trojan/Win32.Pirminay Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Mediyes Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Artemis!AFE6799C2DC4 Kaspersky = Trojan.Win32.Pirminay.rth Fortinet = W32/Pirminay.RTH!tr Jiangmin = Trojan/Pirminay.aqt McAfee = Generic.dx!bdzx F-Secure = Gen:Variant.Barys.596 F-Prot = W32/Mediyes.D.gen!Eldorado AVG = Generic27.CLAZ GData = Gen:Variant.Barys.596 BitDefender = Gen:Variant.Barys.596 NOD32 = probably a variant of Win32/Mediyes.F
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2011:12:05 09:20:57-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 135168 Initialized Data Size : 57344 Uninitialized Data Size : 0 Entry Point : 0x116ca OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.3.0.0 Product Version Number : 2.3.0.0 File Flags Mask : 0x0017 File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Works Ltd. File Description : Workstation Service Loader File Version : 2.3.0.0 Internal Name : wssl.dll Legal Copyright : (c) 2009 Works Ltd. Original Filename : wssl.dll Product Name : Workstation Service Loader Product Version : 2.3.0.0
VirusTotal Report submitted 2012-04-18 08:32:50
VirusShare info last updated 2012-07-26 00:11:19

	MD5	b3959c24d5414e17fd071d7ab4c285e1
	SHA1	e0a1a5f1c837e274aaa2ad50d1f6a7204e7bfa69
	SHA256	3ddc255de226a10472fb30cdd46fa092baf5bdeb57e73fd417108b5cf7e41b80
SSDeep	6144:zfqKkeRBE3Yx9IfVTOOWwpLv6kBh9GtPXG0DcLwqeDGknp0ElvRM53M8HKYipj:TfBE3qKfVJDFHEPXntbDGSy+JMyd55
Size	408064 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.XPACK.Gen Avast = Win32:Kryptik-BQX [Trj] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Suspicious file nProtect = Trojan/W32.Agent.408064.CC VirusBuster = Trojan.Pirminay!aa2A7Fs/3Xk TrendMicro-HouseCall = TROJ_GEN.RFFC3HT Comodo = TrojWare.Win32.Trojan.Agent.Gen Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[Cont] McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.DownLoader2.35585 TrendMicro = TROJ_GEN.RFFC3HT Kaspersky = Trojan.Win32.Pirminay.fkc Microsoft = TrojanDownloader:Win32/Renos.KC Fortinet = W32/Kryptik.ANL!tr PCTools = Downloader.Generic Jiangmin = Trojan/Pirminay.tf McAfee = Generic Malware.ms F-Secure = Trojan.Generic.KDV.191915 VIPRE = Trojan.Win32.Generic!BT AVG = Generic22.HXC Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Trojan.Generic.KDV.191915 Symantec = Downloader TheHacker = Trojan/Pirminay.fkc BitDefender = Trojan.Generic.KDV.191915 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:12:23 05:35:19-05:00 PE Type : PE32 Linker Version : 5.12 Code Size : 94208 Initialized Data Size : 618496 Uninitialized Data Size : 0 Entry Point : 0x13703 OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Nnsdvrpxd Smirlowioew File Description : WMI ICMP Echo Provider File Version : 5.1.2600.0 (fvfciksa.010817-1148) Internal Name : wmipicmp.dll Legal Copyright : © Vrslwnsef Zfvakliegvx. All rights reserved. Original Filename : wmipicmp.dll Product Name : Bgftdtted® Gmolyhe® Olibmzdye Sowaku Product Version : 5.1.2600.0
VirusTotal Report submitted 2012-03-29 09:05:17
VirusShare info last updated 2012-07-26 00:11:22

	MD5	d98af350a9db48ae5d5f4be33a8d60f9
	SHA1	75463da9f5b047192b455e457dea655eac9b43a2
	SHA256	b856c7d7d816a3aad066e9d17b1120761016b84010e58326ed554dfc326ccf5d
SSDeep	1536:grYj4dtNJu3G8fNL+wamFILh01Y3hyNSyY6Y9l/MqqU+NV23S2wMnew:gj81L+wSyys7Cl/MqqDLy/wZw
Size	115712 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-HF [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Trj/Genetic.gen nProtect = Trojan/W32.Monder.115712.D K7AntiVirus = Riskware VirusBuster = Adware.Virtumonde.Gen.2 eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R4FC1IM Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Win32.Trojan.Monder.co.5 McAfee-GW-Edition = Generic Malware.j!pec DrWeb = Trojan.WinSpy.1176 TrendMicro = TROJ_GEN.R4FC1IM Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.ijpf McAfee = Generic Malware.j!pec F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.BHWY Norman = W32/Crypt.AWAT Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.qgj BitDefender = Gen:Variant.Vundo.4 NOD32 = Win32/Adware.Virtumonde.NHD
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:07:28 14:37:02-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 73728 Initialized Data Size : 90112 Uninitialized Data Size : 0 Entry Point : 0xe9c6 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.0.5.53 Product Version Number : 2.0.5.53 File Flags Mask : 0x30003f File Flags : Pre-release, Private build File OS : Windows 16-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Windows, Latin1 Active Movie : Filter dll OLE Self Register : AM20 Company Name : Intel Ereuuuegcnp File Description : Indeo® audio software File Version : 2.05.53 Internal Name : iac25_32.ax Legal Copyright : Copyright © Intel Corp. 1997 Original Filename : iac25_32.ax Product Name : Indeo® audio software Product Version : 2.05.53
VirusTotal Report submitted 2012-04-19 06:46:29
VirusShare info last updated 2012-07-26 00:11:43

	MD5	01e828d28ab8915d8badec6161b4f354
	SHA1	d77abdf1c81ecdcde8dfe712fc62d04bfe6e841c
	SHA256	521bd6c276e742ef65537f414cd2f02e0367a83e17ee3076cc917a1fd9b2507d
SSDeep	3072:x7UR5IDfCg4JA9oce5/HbkL6Zo6Pfi7ZR5Ex32669cm0y2N9:HfKIe5PbkLcPfi
Size	155648 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-GD [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.HDC K7AntiVirus = Riskware eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R21CDD7 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Vundo!oz DrWeb = Trojan.WinSpy.1554 TrendMicro = TROJ_GEN.R21CDD7 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Vundo Jiangmin = Trojan/Generic.vcof McAfee = Vundo!oz F-Secure = Gen:Variant.Vundo.13 F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic21.COHM Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen Symantec = Trojan.Vundo!gen9 GData = Gen:Variant.Vundo.13 Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Gen:Variant.Vundo.13 NOD32 = probably a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2005:03:27 20:29:25-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 49152 Initialized Data Size : 139264 Uninitialized Data Size : 0 Entry Point : 0x933a OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1.0.13.0 Product Version Number : 1.0.13.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 1 Language Code : Danish Character Set : Unicode Comments : Company Name : Crjnqwpap Fnzjoqtkgdl File Description : Lexmark 3200 Color Jetprinter File Version : 1, 0, 13, 0 Internal Name : LXSYSRES.DLL Legal Copyright : Copyright (C) Fzcdjmecz Corp. 1981-1997 Legal Trademarks : Original Filename : OEMRES Private Build : Product Name : Tbhsuckgp(R) Hzzhyzz NT(R) Operativsystem Product Version : 1, 0, 13, 0 Special Build :
VirusTotal Report submitted 2012-04-14 22:33:01
VirusShare info last updated 2012-07-26 00:12:09

	MD5	0d693a3dacc7cd23067680205503626e
	SHA1	69145c38ee8b8a7809ac171df027e83e5a5609cc
	SHA256	9c3c7a92ab291f1535447db6829563a1c33718f10aace7add7e27f3f80fd2dfe
SSDeep	1536:ranzdTq6o8N3qQcSS5W1yiWhvwBRqIz1x:r0PoyaRDwqI5x
Size	106496 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-GD [Cryp] Antiy-AVL = Trojan/Win32.Monder.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Variant.106496.CH Panda = Suspicious file K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!VNsDXH71bcs eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R4FC2HN Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Win32.Trojan.Monder.cc.5 SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[Cont] McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.Smardec.76 TrendMicro = TROJ_GEN.R4FC2HN Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Monder.BMF!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.ipss McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CP.gen!Eldorado AVG = Generic22.ACPU Norman = W32/Kryptik.AIF Sophos = Mal/Generic-L GData = Gen:Variant.Vundo.13 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CP.gen!Eldorado TheHacker = Trojan/Kryptik.ndc BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.NDC
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:11:03 15:11:13-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 20480 Initialized Data Size : 118784 Uninitialized Data Size : 0 Entry Point : 0x285e OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Ctwzhcunz Yqkslirlifg File Description : SCardDlg - Smart Card Common Dialog File Version : 6.0.6000.16386 (oyzlh_rtm.061101-2205) Internal Name : SCardDlg.dll Legal Copyright : © Aaidkyfuy Sphxtbjtbyu. All rights reserved. Original Filename : SCardDlg.dll Product Name : Rdwsfslrj® Irdlbjv® Fppgzaies Fdfkwz Product Version : 6.0.6000.16386
VirusTotal Report submitted 2012-03-29 09:46:58
VirusShare info last updated 2012-07-26 00:12:17

	MD5	5233fc46f50c6f0b9730629727a2987d
	SHA1	563b14bcb2c55c213175d3a2502370d440fd117e
	SHA256	b7d0341295a2c246d226693e80a629c3bbc3a8aeb6f35da420da4ff0652ca205
SSDeep	3072:1OTZvDi3v1hneGmCRQeRBG60keosMqqDLy/51oiAL/heK2DR:18ZvGrneGmCiatqqDLu5T+/gKmR
Size	233472 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.233472 Avast = Win32:MalOb-HH [Cryp] Antiy-AVL = Trojan/Win32.Genome Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Fakeav.233472.BW Rising = Trojan.Win32.Generic.128ADA15 nProtect = Trojan/W32.Genome.233472.B K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!qJhTNFLDHFo eTrust-Vet = Win32/Vundo.HRX TrendMicro-HouseCall = TROJ_GEN.R4FC2IL Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Genome.accis McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.Smardec.75 TrendMicro = TROJ_GEN.R4FC2IL Kaspersky = Trojan.Win32.Genome.accis Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.gicd McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) eSafe = Win32.TRVundo F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.JDC Norman = W32/Kryptik.AIF Sophos = Mal/Generic-L GData = Gen:Variant.Vundo.13 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.npr BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.NPR
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2007:03:30 12:45:09-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 155648 Initialized Data Size : 118784 Uninitialized Data Size : 0 Entry Point : 0x22bc2 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7000.0 Product Version Number : 6.1.7000.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Jlvijhced Rzpfwelvimd File Description : Myslwzm OCR Engine - Reverse Video Detection for Asian OCR File Version : 6.1.7000.0 (winmain_win7beta.081212-1400) Internal Name : reverse Legal Copyright : © Jtfeaoojh Ksnvaabflio. All rights reserved. Original Filename : reverse.dll Product Name : Pdxakpbrk® Voxzkpw® Lztauuaav Cttnfv Product Version : 6.1.7000.0
VirusTotal Report submitted 2012-04-04 14:21:31
VirusShare info last updated 2012-07-26 00:13:01

	MD5	08a8ff9b243cf91c30dfff1eff06a8c1
	SHA1	78b27a030cb6707694ea3b698347cbc0bf375276
	SHA256	5378dda709944e2f3f3f808368edba3a67692898114572100ffb96cfc230eef0
SSDeep	6144:zGJUR1nUg3IxrOM0vmrx8x4DMZKxhidVqAtYwI:zpR1nnj4x8qDMcjidc7
Size	274432 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay nProtect = Trojan/W32.Genome.274432.D K7AntiVirus = Riskware eTrust-Vet = Win32/Monder.A!generic TrendMicro-HouseCall = TROJ_GEN.R21CDDB Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Artemis!08A8FF9B243C DrWeb = Trojan.Smardec.77 TrendMicro = TROJ_GEN.R21CDDB Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Virtum!tr PCTools = Trojan.Vundo Jiangmin = Trojan/Genome.ahhm McAfee = Vundo!pc F-Secure = Trojan.Vundo.6081 VIPRE = Virtumonde AVG = Generic22.BIER Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Trojan.Vundo.6081 Symantec = Trojan.Vundo!gen9 TheHacker = Trojan/Kryptik.llt BitDefender = Trojan.Vundo.6081 NOD32 = a variant of Win32/Kryptik.LLT
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:03:20 13:02:11-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 208896 Initialized Data Size : 94208 Uninitialized Data Size : 0 Entry Point : 0x30831 OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-04-17 22:11:43
VirusShare info last updated 2012-07-26 00:15:03

	MD5	7ae146efb38fd374147fdc27f1257d2e
	SHA1	e0d2541e7425714e1d996ab0b52e80013c48f93f
	SHA256	355f5a1f2962aa2cb28ef74e3fc853604939ccca2a1a13000933fb624ffe2f7e
SSDeep	6144:pekbiQCNmfxNx11xPMn+WoMfIT0nZqKUGZtTthrxX0CqNea8WrOnWrigHwKtngG:pVbOU5N/qg8bZV1X0CqNea8WKWAKhgG
Size	336384 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan-Downloader.Win32.Renos AhnLab-V3 = Trojan/Win32.Pirminay Panda = Suspicious file nProtect = Trojan/W32.Agent.336384.BA K7AntiVirus = Riskware VBA32 = Trojan.Agent.eigo TrendMicro-HouseCall = TROJ_RENOS.BMC Comodo = UnclassifiedMalware Emsisoft = Trojan-Downloader.Win32.Renos!IK CAT-QuickHeal = Trojan.Pirminay.beu McAfee-GW-Edition = Kryp.b DrWeb = Trojan.Hosts.2504 TrendMicro = TROJ_RENOS.BMC Kaspersky = Trojan.Win32.Pirminay.beu Microsoft = TrojanDownloader:Win32/Renos.KC Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.gk McAfee = Kryp.b ClamAV = Trojan.Agent-248234 F-Secure = Trojan.Generic.5241024 VIPRE = Trojan.Win32.Generic!BT eSafe = Win32.TRDldr.Renos.K F-Prot = W32/FakeAlert.LP.gen!Eldorado AVG = Downloader.Generic10.BDCK Norman = W32/Obfuscated.L Sophos = Troj/Virtum-Gen Symantec = Trojan.Gen GData = Trojan.Generic.5241024 Commtouch = W32/FakeAlert.LP.gen!Eldorado TheHacker = Trojan/Pirminay.beu BitDefender = Trojan.Generic.5241024 NOD32 = a variant of Win32/Kryptik.JCQ
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:01:07 11:55:40-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 3584 Initialized Data Size : 648704 Uninitialized Data Size : 0 Entry Point : 0x19a0 OS Version : 4.0 Image Version : 21315.20512 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.0 Product Version Number : 5.2.3790.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Microsoft Sdpblb File Version : 5.2.3790.0 (srv03_rtm.030324-2048) Internal Name : sdpblb.dll Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : sdpblb.dll Product Name : Microsoft® Windows® Operating System Product Version : 5.2.3790.0
VirusTotal Report submitted 2012-03-30 02:53:01
VirusShare info last updated 2012-07-26 00:16:05

	MD5	a324cf8b725eb3f07f4d604d3e1ef9e5
	SHA1	c15c8572ccc9733de3fcf77a037f4b4c6d341e51
	SHA256	2d0e112eefc0d5e4fad72d32ad952a9b04a6c13e19fc3aa26a55e07c99d2a63b
SSDeep	3072:+utha1MrkXRyDXRRLjeUa5ilvysUyAbfpnNNSyzRkktT0bNcI:+ueCu9bsTUxb17oNr
Size	212992 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Pirminay Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Mediyes Panda = Trj/CI.A VBA32 = Trojan.Pirminay.rez Emsisoft = Trojan.Win32.Pirminay!IK Kaspersky = Trojan.Win32.Pirminay.rfj Fortinet = W32/Pirminay.RFJ!tr Jiangmin = Trojan/Pirminay.aqj McAfee = Generic.dx!bdzp F-Secure = Gen:Variant.Barys.596 F-Prot = W32/Mediyes.D.gen!Eldorado AVG = Agent3.BLOQ Norman = W32/Troj_Generic.BDRRE GData = Gen:Variant.Barys.596 Commtouch = W32/Mediyes.D.gen!Eldorado BitDefender = Gen:Variant.Barys.596 NOD32 = probably a variant of Win32/Mediyes.F
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2012:01:23 12:40:01-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 147456 Initialized Data Size : 61440 Uninitialized Data Size : 0 Entry Point : 0x1363a OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.3.0.0 Product Version Number : 2.3.0.0 File Flags Mask : 0x0017 File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Works Ltd. File Description : Workstation Service Loader File Version : 2.3.0.0 Internal Name : wssl.dll Legal Copyright : (c) 2009 Works Ltd. Original Filename : wssl.dll Product Name : Workstation Service Loader Product Version : 2.3.0.0
VirusTotal Report submitted 2012-04-17 08:52:12
VirusShare info last updated 2012-07-26 00:16:38

	MD5	e0771a6677336b8a941df6834b4fb8b3
	SHA1	b76a21d0ec4cddc141f93ff2de3ff45cc63e2fb6
	SHA256	6c048bfb4e947175ef8be6580e38da552ed06a7362afb2d66de231b203c3c744
SSDeep	6144:vTqqS+GVqGLDlVdeZH2ovwMKg0ShXYhPk9MzdRgu2Q3g8JoK6FWDtS:bRSvVqGLDl3eYGbGC9Md139oKJDt
Size	349184 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Kazy.15607.11 Avast = Win32:Pirminay-Y [Trj] Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay nProtect = Trojan.Generic.6313120 K7AntiVirus = Trojan VirusBuster = Trojan.DL.Agent!0uIOUzA70Xk TrendMicro-HouseCall = TROJ_GEN.R4FC3IE Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.DownLoader4.14377 TrendMicro = TROJ_GEN.R4FC3IE Kaspersky = Trojan.Win32.Pirminay.jxg Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.hpwf McAfee = Generic Malware.ms F-Secure = Trojan.Generic.6313120 VIPRE = Trojan.Win32.Generic!BT eSafe = Win32.TRKazy AVG = SHeur3.CIQI Norman = W32/Obfuscated.L GData = Trojan.Generic.6313120 Symantec = Trojan.Gen TheHacker = Trojan/Pirminay.jxg BitDefender = Trojan.Generic.6313120 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:03:28 14:43:40-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 348160 Initialized Data Size : 4096 Uninitialized Data Size : 425984 Entry Point : 0xbd510 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6001.18000 Product Version Number : 6.0.6001.18000 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Aifktvgek Qlrduostdas File Description : User-Mode Bus Enumerator File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840) Internal Name : umbus.sys Legal Copyright : © Ismscmays Acgzkydljfk. All rights reserved. Original Filename : umbus.sys Product Name : Uubfzqusz® Amrbrrt® Sgufmwpls Exsqhr Product Version : 6.0.6001.18000
VirusTotal Report submitted 2012-04-14 16:48:15
VirusShare info last updated 2012-07-26 00:17:44

	MD5	3d51f026809b813d73041ca59b1540a4
	SHA1	9d6ec55ffd2f6be1cb32d659600dec6e2fcabaf9
	SHA256	491009b6eaf63eaf4d50f6b28fb8ab438a425053fdfd923ab073edd0ce376926
SSDeep	3072:sx+hl1CrkSMyDadhS2Q6faViZLxy8/yAqHsHi9ywJmm0tfIbNcIA:v4zydhBCeo8KY2XmnsNrA
Size	212992 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:Trojan-gen Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Mediyes nProtect = Trojan/W32.Agent.212992.AIR K7AntiVirus = Trojan VirusBuster = Trojan.Mediyes!aerrZFz+ZHU VBA32 = Trojan.Pirminay.rez eTrust-Vet = Win32/Mediyes.A!generic Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Artemis!3D51F026809B DrWeb = Trojan.Hosts.5800 Kaspersky = Trojan.Win32.Pirminay.rfu Microsoft = Trojan:Win32/Mediyes.C Fortinet = W32/Mediyes.FA!tr PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.aqj McAfee = Artemis!3D51F026809B F-Secure = Gen:Variant.Barys.596 VIPRE = Trojan.Win32.Generic!BT F-Prot = W32/Mediyes.D.gen!Eldorado AVG = Agent3.BLOQ Norman = W32/Troj_Generic.BPICO Sophos = Mal/Mediyes-D GData = Gen:Variant.Barys.596 Symantec = Trojan.Gen Commtouch = W32/Mediyes.D.gen!Eldorado TheHacker = Trojan/Pirminay.rfu BitDefender = Gen:Variant.Barys.596 NOD32 = probably a variant of Win32/Mediyes.F
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2011:12:28 22:20:45-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 147456 Initialized Data Size : 61440 Uninitialized Data Size : 0 Entry Point : 0x1363a OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.3.0.0 Product Version Number : 2.3.0.0 File Flags Mask : 0x0017 File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Works Ltd. File Description : Workstation Service Loader File Version : 2.3.0.0 Internal Name : wssl.dll Legal Copyright : (c) 2009 Works Ltd. Original Filename : wssl.dll Product Name : Workstation Service Loader Product Version : 2.3.0.0
VirusTotal Report submitted 2012-05-09 09:18:46
VirusShare info last updated 2012-07-26 00:18:40

	MD5	1bbc45715b5eaca0fe89e39fb24a06f7
	SHA1	a422bd92f2892ae0cbbfa61b8a4658adc73ca851
	SHA256	dc86e9deb77fa680936a9f35dfbcc407b22eb06712498e9da20a3dbfd98fcab3
SSDeep	6144:aCp1ASOGGOUZUn76o3EFAWdJtAcTjAdnUmXwKHJE6VlfTUoFfH2KU44IHXOmA:7p1AzjT6nO5FBdJmkjsnbVtVNU1I3Om
Size	401408 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	Avast = Win32:Diller-AF [Trj] Ikarus = Trojan.Win32.Pirminay nProtect = Trojan.Generic.KDV.596147 Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Artemis!1BBC45715B5E DrWeb = Trojan.PWS.Panda.2023 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Adware:Win32/EoRezo Fortinet = W32/Kryptik.ADVX Jiangmin = Trojan/Generic.abdif McAfee = Generic.dx!bdx4 ClamAV = Trojan.Pirminay-7 F-Secure = Trojan.Generic.KDV.596147 VIPRE = Trojan.Win32.Generic!BT AVG = Generic27.CAVC Norman = W32/Kryptik.AIF GData = Trojan.Generic.KDV.596147 Symantec = Trojan.Gen BitDefender = Trojan.Generic.KDV.596147 NOD32 = a variant of Win32/Kryptik.ADVX
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2106:02:06 02:36:32-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 401408 Initialized Data Size : 4096 Uninitialized Data Size : 90112 Entry Point : 0x787d0 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-04-11 04:48:49
VirusShare info last updated 2012-07-26 00:20:09

	MD5	9213c078c682dc5bad2bf3b0a0252c67
	SHA1	97bb385a808be04b50169c7657a2843b6a3b5d7c
	SHA256	2da6758d5ffb90c4bf1f9b148d09a35ed84dea154ed3ebfbaf392399a1f94692
SSDeep	3072:XpillSXkJf1wnS/38lhwPr6S/1wH9dG7/Fdie2DkK3OB8r:XTXwP3
Size	106496 bytes
File Type	MS-DOS executable
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay Panda = Suspicious file nProtect = Trojan/W32.Vundo.106496.AK K7AntiVirus = Trojan VirusBuster = Trojan.Kryptik!ZQzRT8S3Gqg VBA32 = Trojan.Monder.mzev TrendMicro-HouseCall = TROJ_GEN.R21C7K9 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Monder.mzev McAfee-GW-Edition = Vundo!lv DrWeb = Trojan.Virtumod.10312 TrendMicro = TROJ_GEN.R21C7K9 Kaspersky = Trojan.Win32.Monder.mzev Microsoft = Trojan:Win32/Vundo.gen!AV ViRobot = Trojan.Win32.A.Monder.106496.AM Fortinet = W32/Monder.BMF!tr TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Generic.irmc McAfee = Vundo!lv F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) AVG = Generic22.SYM Norman = W32/Kryptik.AIF GData = Gen:Variant.Vundo.13 TheHacker = Trojan/Monder.mzev BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.MYJ
ExIF Data	Error : Unknown file type
VirusTotal Report submitted 2012-05-27 16:27:49
VirusShare info last updated 2012-07-26 00:22:16

	MD5	19701f7c543697042329dbb0608aa35f
	SHA1	29e6ef52f23baebe955a42703ada4f4f93d22f39
	SHA256	088fd46a330cb1aad756c195087e3640ccb57e9538147b7b37e5e6049b7abde4
SSDeep	6144:wXdN7KiLGSQzzqZWpbpGRyuhGCeqqDLu:AGHz0vEC7qnu
Size	208896 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-HF [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Fakeav.208896.PG Panda = Trj/CI.A nProtect = Trojan/W32.Agent.208896.YW K7AntiVirus = Riskware eTrust-Vet = Win32/Monder.A!generic TrendMicro-HouseCall = TROJ_GEN.R4FC1KU Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.WinSpy.1226 TrendMicro = TROJ_GEN.R4FC1KU Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Virtum!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.ijym McAfee = Generic Malware.ms F-Secure = Gen:Variant.Hiloti.2 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.AXWT Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen Symantec = Trojan.Gen GData = Gen:Variant.Hiloti.2 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.qgj BitDefender = Gen:Variant.Hiloti.2 NOD32 = a variant of Win32/Kryptik.QGJ
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:13 18:16:12-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 126976 Initialized Data Size : 122880 Uninitialized Data Size : 0 Entry Point : 0x1b92a OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Kiouiidar Xflboxjarey File Description : Wvnhiblnh Phzfnrn HotStart User Agent File Version : 6.0.6000.16386 (rjfnh_rtm.061101-2205) Internal Name : HotStartUserAgent.dll Legal Copyright : Copyright © 1998-2006 Vyvwbwown Corp. Original Filename : HotStartUserAgent.dll Product Name : Aoesxhzoh® Lpgtxbw® Opwyyadca Wznxts Product Version : 6.0.6000.16386 Ole Self Register :
VirusTotal Report submitted 2012-03-30 06:57:14
VirusShare info last updated 2012-07-26 00:24:45

	MD5	98d54c963712792015fcaa8677a144b6
	SHA1	db194e088988ddaddb4d380493073f709aa55ef2
	SHA256	b3c02c8580c8d4866c1e76a21f5861ce41221b90c8e8b3d13f0181b191fb9d1d
SSDeep	6144:0371kXidyxZOyUug8AZuIBVTMuc93XOTvhAGpyjC7HevmGRgPX35:M71qEyPIu1khVTgoA+y+CvKPX35
Size	334858 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.ULPM.Gen Avast = Win32:Pirminay-BW [Trj] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Zbot Panda = Suspicious file nProtect = Trojan.Fakealert.26831 K7AntiVirus = Riskware VirusBuster = Trojan.Fakealert!RYFLMedaw3M TrendMicro-HouseCall = TROJ_GEN.R4FC3GG Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[Cont] McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.MulDrop2.36782 TrendMicro = TROJ_GEN.R4FC3GG Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.akk McAfee = Generic Malware.ms F-Secure = Trojan.Fakealert.26831 VIPRE = FraudTool.Win32.AVSoft (v) AVG = Generic23.JGC Norman = W32/Suspicious_Gen2.QFEZJ Sophos = Mal/Ponmocup-A Symantec = Trojan.Gen GData = Trojan.Fakealert.26831 TheHacker = Trojan/Pirminay.ijm BitDefender = Trojan.Fakealert.26831 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:17 14:45:15-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 335872 Initialized Data Size : 4096 Uninitialized Data Size : 446464 Entry Point : 0xbf020 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.3959 Product Version Number : 5.2.3790.3959 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Nxqwtdafx Ifdhviiyhxk File Description : Server Appliance Shutdown Executable File Version : 5.2.3790.3959 (srv03_sp2_rtm.070216-1710) Internal Name : taskshutdown.exe Legal Copyright : © Zhzjdvrud Tqnpkqgivov. All rights reserved. Original Filename : taskshutdown.exe Product Name : Htbfjvqxs® Windows® Kcxxvgfyq Bsurle Product Version : 5.2.3790.3959
VirusTotal Report submitted 2012-04-20 11:46:22
VirusShare info last updated 2012-07-26 00:26:14

	MD5	cf9d32c5075ec27854e84c68166c7af6
	SHA1	5d723c35ecbcd09ac6a13e254f1c4f071fab8040
	SHA256	3b65618b06e536d0e35ec4a1e0daa0ffdfc4752958319777957a9a6799a69923
SSDeep	3072:O6BT0D6ATYWfx1ujctcIjuJnfqxxBVl6i:Og+6APZYjct9qJnCxxB
Size	122880 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-GD [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Genome Panda = Suspicious file nProtect = Trojan/W32.Vundo.122880.P K7AntiVirus = Riskware eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R47CCDL Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[Cont] McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.Click1.63470 TrendMicro = TROJ_GEN.R47CCDL Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Vundo Jiangmin = Trojan/Genome.akns McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic21.ALYC Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen Symantec = Trojan.Vundo!gen9 GData = Gen:Variant.Vundo.13 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.llt BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.LLT
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:08:03 21:51:55-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 98304 Initialized Data Size : 57344 Uninitialized Data Size : 0 Entry Point : 0x149bd OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Qcfjrffwv Goniltyuaqw File Description : Todypdrme® InfoTech IR Local DLL File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : ITIRCL Legal Copyright : © Innghrpfk Fwsdatwywoy. All rights reserved. Original Filename : ITIRCL.DLL Product Name : Yyvmvgswn® Cttnpjc® Xgadslian System Product Version : 6.1.7600.16385
VirusTotal Report submitted 2012-04-24 08:15:47
VirusShare info last updated 2012-07-26 00:26:43

	MD5	80d6c6233a0bf691445154a5c856d33f
	SHA1	af277c2b53de0b502988a99b7ce3cff2cc72e52d
	SHA256	3c9074f48eaaf608126b5046a4fd5f256312148b3334d0718aed59fdb51b937c
SSDeep	1536:GZOvd8Tg27EoHKK4b0r39lwTJJhabHLWB2vDhBEQtadLkQf:Bd8T177Kfk9lwFJhcLRreBkQf
Size	76800 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder nProtect = Trojan/W32.Monder.76800.C K7AntiVirus = Riskware VirusBuster = Trojan.Monder.Gen.7 eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R4FC1KM Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.Click1.61036 TrendMicro = TROJ_GEN.R4FC1KM Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Monder.BMF!tr PCTools = Trojan.Gen Jiangmin = Trojan/Monder.abee McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.YJO Norman = W32/Kryptik.AIF Symantec = Trojan.Gen.2 GData = Gen:Variant.Vundo.4 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.ndi BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.NDI
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:06:29 07:32:37-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 32768 Initialized Data Size : 90112 Uninitialized Data Size : 0 Entry Point : 0x4add OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 2 Language Code : Neutral Character Set : Unicode Company Name : Microsoft Feyzmogvamr File Description : Greenlandic Keyboard Layout File Version : 6.0.6000.16386 (edkrn_rtm.061101-2205) Internal Name : kbdgrlnd (3.13) Legal Copyright : © Oscyawtxx Pxpucqjdtev. All rights reserved. Original Filename : kbdgrlnd.dll Product Name : Vhrnqseir® Eipvpsk® Bxmonqxom Vrwqts Product Version : 6.0.6000.16386
VirusTotal Report submitted 2012-04-17 21:48:17
VirusShare info last updated 2012-07-26 00:28:39

	MD5	97d257f737b86c1f23bee47f88ba4f9e
	SHA1	b09929998b8ea8340ca8d03d2fdf8d3a9361b4fb
	SHA256	2723ae2f9231abd565b1b5d014ba4b1eca7c17a6191a5110736c98d03463419c
SSDeep	1536:celEmGDB79shL2miYMU6boxLQ3FP1CnCRJZuZMqqU+NV23S2V:cMGDB6YmiY2boD8kZMqqDLy/V
Size	86528 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-HH [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Fakeav.86528.R Panda = Trj/Genetic.gen nProtect = Trojan/W32.Agent.86528.MA K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!Gp75rue1XEo eTrust-Vet = Win32/Vundo.HSC TrendMicro-HouseCall = TROJ_GEN.R47C2GV Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Vundo McAfee-GW-Edition = Vundo!lv DrWeb = Trojan.WinSpy.1072 TrendMicro = TROJ_GEN.R47C2GV Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Vundo Jiangmin = Trojan/Generic.gije McAfee = Vundo!lv F-Secure = Gen:Variant.Vundo.4 VIPRE = Virtumonde F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Vundo.MH Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = Trojan.Vundo!gen9 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.owy BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.OWY
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:13 09:32:51-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 32768 Initialized Data Size : 106496 Uninitialized Data Size : 0 Entry Point : 0x8a87 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Softpub Forwarder DLL File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : Softpub Forwarder DLL Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : Softpub Forwarder DLL Product Name : Microsoft® Windows® Operating System Product Version : 6.1.7600.16385
VirusTotal Report submitted 2012-04-08 02:44:54
VirusShare info last updated 2012-07-26 00:28:49

	MD5	9efd72763113f21092a54b62c7520b8d
	SHA1	31a7709e4d39b26c70f9e68b5b85c62bb7654acf
	SHA256	e81d6f82ecb5dc792cb2b1341c31abd8d59b179a012bef4567255d65632f903e
SSDeep	3072:sx+hl1CrkSMyDadhS2Q6faViZLxy8/yAqHsHi9ywJmm0tfZbNcIA:v4zydhBCeo8KY2XmnBNrA
Size	212992 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:Trojan-gen Ikarus = Trojan.Win32.Pirminay VirusBuster = Trojan.Mediyes!aerrZFz+ZHU VBA32 = Trojan.Pirminay.rez Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Generic.dx!bd3s Kaspersky = Trojan.Win32.Pirminay.rfu Fortinet = W32/Pirminay.RFU!tr Jiangmin = Trojan/Pirminay.aqj McAfee = Generic.dx!bd3s F-Secure = Gen:Variant.Graftor.19514 AVG = Agent3.BLOQ GData = Gen:Variant.Graftor.19514 BitDefender = Gen:Variant.Graftor.19514 NOD32 = probably a variant of Win32/Mediyes.F
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2011:12:28 22:20:45-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 147456 Initialized Data Size : 61440 Uninitialized Data Size : 0 Entry Point : 0x1363a OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.3.0.0 Product Version Number : 2.3.0.0 File Flags Mask : 0x0017 File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Works Ltd. File Description : Workstation Service Loader File Version : 2.3.0.0 Internal Name : wssl.dll Legal Copyright : (c) 2009 Works Ltd. Original Filename : wssl.dll Product Name : Workstation Service Loader Product Version : 2.3.0.0
VirusTotal Report submitted 2012-04-15 09:39:33
VirusShare info last updated 2012-07-26 00:28:55

	MD5	17c4981f2d7cba82243643b7e5bc69b6
	SHA1	0d0de46cf4b1b886dc0843bb3c3292fc65f7d2b9
	SHA256	7420254e65a2c27366e686f1f65643351604059239e61cdae5337dde85eacccd
SSDeep	3072:48ORL7/eUpeG3i1p6gbAAWBWirwffl+cIACjg0YcYmbRIryLcfBq8TOOW:c62qgIWCscaYJmbRrGBqgW
Size	102912 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.307200 Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Vundo Panda = Trj/Genetic.gen nProtect = Trojan/W32.Vundo.102912.C K7AntiVirus = Riskware eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R4FC2I7 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.Smardec.82 TrendMicro = TROJ_GEN.R4FC2I7 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV ViRobot = Trojan.Win32.Vundo.102912 Fortinet = W32/Virtum!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.gddy McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CD.gen!Eldorado AVG = Generic22.BFHJ Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen Symantec = Trojan.Gen GData = Gen:Variant.Vundo.13 Commtouch = W32/Virtumonde.CD.gen!Eldorado TheHacker = Trojan/Kryptik.lxf BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:08:15 19:44:32-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 53248 Initialized Data Size : 90112 Uninitialized Data Size : 0 Entry Point : 0xa8a5 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6001.18000 Product Version Number : 6.0.6001.18000 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Crspatyrt Iiavhzuekfy File Description : Inttonhuv EAPHost Peer Client DLL File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840) Internal Name : eappprxy.dll Legal Copyright : © Tmzeezucf Orpcjqwwmcj. All rights reserved. Original Filename : eappprxy.dll Product Name : Egasnptin® Klrcaac® Cbpvxbcoj Nvuogg Product Version : 6.0.6001.18000
VirusTotal Report submitted 2012-03-30 06:57:05
VirusShare info last updated 2012-07-26 00:32:23

	MD5	466e0f1012511123639c08c9299fb8aa
	SHA1	951a8eac769d8b7d438d5fde8e1cf8c926da6eea
	SHA256	f19f3af31c102bb600bdd5f71dad9d95846a981671db68f35daa9d24055e422a
SSDeep	3072:S+4bMXkhr/qsZ8TZMfvft5zh/y1XeuoSMqqDLy/1yd:SvbMXM8T+NpyXeDqqDLu1y
Size	138240 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.AB.13 Avast = Win32:MalOb-HH [Cryp] Antiy-AVL = Trojan/win32.agent.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder nProtect = Trojan/W32.Vundo.138240 K7AntiVirus = Riskware VirusBuster = Trojan.Monder!rjn3FVIFZdg eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R4FC1ID Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Vundo!lb DrWeb = Trojan.Smardec.75 TrendMicro = TROJ_GEN.R4FC1ID Kaspersky = Trojan.Win32.Monder.drjy Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen Jiangmin = Trojan/Monder.aaul McAfee = Vundo!lb ClamAV = W32.Trojan.Vundo-273 F-Secure = Gen:Variant.Vundo.13 F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.AWRX Norman = W32/Kryptik.AIF Sophos = Mal/Generic-L Symantec = Trojan.Gen GData = Gen:Variant.Vundo.13 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Monder.drjy BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.NPR
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:04:19 03:02:20-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 102400 Initialized Data Size : 94208 Uninitialized Data Size : 0 Entry Point : 0x15972 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.0.2614.3500 Product Version Number : 5.0.2614.3500 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Okumxwyle Mmuoitperrd File Description : ActiveX License Manager File Version : 5.00.2614.3500 Internal Name : licmgr.dll Legal Copyright : Copyright (C) Ksgcdkmsm Corp. 1981-1999 Original Filename : licmgr Product Name : Ovraunhds(R) Cnnslgm (R) 2000 Operating Zemccq Product Version : 5.00.2614.3500 Ole Self Register :
VirusTotal Report submitted 2012-04-18 12:51:33
VirusShare info last updated 2012-07-26 00:32:45

	MD5	dfe39b08d5fe1365853ec71865c8f44f
	SHA1	858a75be72a9cf94b3c1d3e14212155c4c09c140
	SHA256	ea9191db2d968f815621bdb76b0589d90d8a3b82689dac48e2584b1a552bbb5d
SSDeep	3072:EBpZAWfl8R+Wlz3AQ0IKrl/KnBHwdnMRwaDdSO:EF8R+qz3AjIKkBQVonN
Size	114688 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-GD [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.FakeAV Panda = Trj/Genetic.gen K7AntiVirus = Riskware eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R11C2FF Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Agent2.erbc McAfee-GW-Edition = Vundo!jj DrWeb = Trojan.Siggen3.42285 TrendMicro = TROJ_GEN.R11C2FF Kaspersky = Trojan.Win32.Agent2.erbc Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Agent.evtk McAfee = Vundo!jj F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.ONM Norman = W32/Suspicious_Gen2.NLGHQ Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.13 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.ndi BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.NDI
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:09:23 03:29:11-04:00 PE Type : PE32 Linker Version : 5.12 Code Size : 45056 Initialized Data Size : 102400 Uninitialized Data Size : 0 Entry Point : 0x8131 OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.0.2134.1 Product Version Number : 5.0.2134.1 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Drdqvcasxqo File Description : Control Panel Console Applet File Version : 5.00.2134.1 Internal Name : Console Legal Copyright : Copyright (C) Tpfkytyvm Corp. 1981-1999 Original Filename : CONSOLE.DLL Product Name : Vhnvgfrur(R) Pnqxxto (R) 2000 Wqrkstcaa Jqirqf Product Version : 5.00.2134.1
VirusTotal Report submitted 2012-04-14 23:19:55
VirusShare info last updated 2012-07-26 00:33:48

	MD5	8cf5f5c39d2c9081dedb4ba95571592b
	SHA1	b0afcecffb3cc7c6668f4c8d6191cffafe182efe
	SHA256	81bf0cd4ed32c76b9baf132de966473033a294c3df5c15bb8bb557ef04b7befa
SSDeep	6144:tv3lWHb8jZTBLaJ+1DPUBiEdQZOMbe0qJF2dw3VwoRMWhHiZ7J3tAtOzzbR:tv32b8jiuUBT+thqJF2AjhHoJ39t
Size	361047 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dldr.Ponmocup.A.203 Avast = Win32:Kryptik-BLH [Trj] Ikarus = Trojan-Downloader.Win32.Ponmocup nProtect = Trojan.Generic.5790831 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!38gmZSmqulE VBA32 = Trojan.Pirminay.ewt TrendMicro-HouseCall = TROJ_GEN.R49CDCV Emsisoft = Trojan-Downloader.Win32.Ponmocup!IK Comodo = TrojWare.Win32.Trojan.Agent.Gen CAT-QuickHeal = TrojanDownloader.Ponmocup McAfee-GW-Edition = Downloader.a!bnp DrWeb = Trojan.DownLoader5.49605 TrendMicro = TROJ_GEN.R49CDCV Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Kryptik.ANL!tr PCTools = HeurEngine.MaliciousPacker Jiangmin = Trojan/Pirminay.ta McAfee = Downloader.a!bnp F-Secure = Trojan.Generic.5790831 VIPRE = Trojan.Win32.Generic!BT AVG = Generic21.CPBA Norman = W32/Troj_Generic.AVPIJ GData = Trojan.Generic.5790831 Symantec = Packed.Generic.305 TheHacker = Trojan/Pirminay.ews BitDefender = Trojan.Generic.5790831 NOD32 = a variant of Win32/Kryptik.LLT
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:08:14 00:33:39-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 32768 Initialized Data Size : 638976 Uninitialized Data Size : 0 Entry Point : 0x8b96 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1.0.0.3 Product Version Number : 1.0.0.1 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Developped for Wimettztg Ldgqfhuboot by ECO Kommunikation Company Name : Ibebtszgk Hbispmbooft File Description : UManDlg DLL File Version : 1, 0, 0, 3 Internal Name : UManDlg Legal Copyright : Copyright © 1997-1999 Nkbdvrwwy Xyhdxepdpdu Original Filename : UManDlg.DLL Product Name : UManDlg Dynamic Link Library Product Version : 1, 0, 0, 1
VirusTotal Report submitted 2012-04-04 13:00:24
VirusShare info last updated 2012-07-26 00:34:50

	MD5	af3d3626ebc4523413292643ec3bb388
	SHA1	38cc75cad9b331122105b473e96cf3695557f80e
	SHA256	e8bedb7f09f51a1429ee5b6aa4b71b5ed71b17a768694aebc691f38138a1c6de
SSDeep	3072:792qecMWCE+f5k0PO+/JHQaSAN18HY4iFCEWjtjkg3n:clcM995AABSRHEWFkY
Size	221184 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:Trojan-gen Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Mediyes Panda = Generic Malware nProtect = Trojan.Generic.KDV.591775 K7AntiVirus = Trojan VirusBuster = Trojan.Pirminay!zyW3yvnC5jw VBA32 = Trojan.Pirminay.rdg Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Artemis!AF3D3626EBC4 DrWeb = Trojan.Hosts.5792 Kaspersky = Trojan.Win32.Pirminay.rdx Microsoft = Trojan:Win32/Mediyes.C Fortinet = W32/Pirminay.D!tr Jiangmin = Trojan/Pirminay.aqi McAfee = Artemis!AF3D3626EBC4 F-Secure = Trojan.Generic.KDV.591775 F-Prot = W32/Mediyes.D.gen!Eldorado AVG = Generic27.BSSP Sophos = Mal/Mediyes-D GData = Trojan.Generic.KDV.591775 TheHacker = Trojan/Pirminay.rdx BitDefender = Trojan.Generic.KDV.591775 NOD32 = a variant of Win32/Mediyes.F
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2012:03:23 01:15:08-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 151552 Initialized Data Size : 65536 Uninitialized Data Size : 0 Entry Point : 0x14a1a OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.3.0.0 Product Version Number : 2.3.0.0 File Flags Mask : 0x0017 File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Works Ltd. File Description : Workstation Service Loader File Version : 2.3.0.0 Internal Name : wssl.dll Legal Copyright : (c) 2009 Works Ltd. Original Filename : wssl.dll Product Name : Workstation Service Loader Product Version : 2.3.0.0
VirusTotal Report submitted 2012-04-19 06:48:16
VirusShare info last updated 2012-07-26 00:35:03

	MD5	3c16100739ca034f8783fe76f5e2ef8a
	SHA1	69321a956bda7816624d2992b7f3543dc88e4044
	SHA256	4d0e927a83c09280e60405065ea436ab54e9ae0697e68d690b31f829c5ef5bfc
SSDeep	1536:oqCw2uIR+FoPMqqU+NV23S2n8VkFS+FcHmCnzuaUkYUhnQFOo0UT6PpIiD:ofTnEoPMqqDLy/QVzLSkYHFO5Si
Size	102400 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.AV.573 Avast = Win32:MalOb-HH [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Vundo Panda = Trj/CI.A K7AntiVirus = Riskware VirusBuster = Trojan.Vundo!8InwJjNDVQY eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R45C2HP Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Vundo!lg DrWeb = Trojan.WinSpy.238 TrendMicro = TROJ_GEN.R45C2HP Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen McAfee = Vundo!lg F-Secure = Gen:Variant.Vundo.16 F-Prot = W32/Virtumonde.CP.gen!Eldorado AVG = Generic23.NJ Norman = Vundo.UUS Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.16 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CP.gen!Eldorado TheHacker = Trojan/Kryptik.oxp BitDefender = Gen:Variant.Vundo.16 NOD32 = Win32/Adware.Virtumonde.NHD
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:01:23 05:31:25-05:00 PE Type : PE32 Linker Version : 5.12 Code Size : 28672 Initialized Data Size : 118784 Uninitialized Data Size : 0 Entry Point : 0x3b6a OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 7.0.0.0 Product Version Number : 5.2.3790.1230 File Flags Mask : 0x003f File Flags : Private build File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Unicode Company Name : Adaptec, Inc. File Description : Adaptec Jfccjbr Ultra320 Driver File Version : 7.0.000.000 (NT.040809-2325) Internal Name : PH 3.0 MS_V98 V564 bw01 - RTC03 Legal Copyright : Copyright © 2003 Adaptec, Inc. All rights reserved. Original Filename : adpu320.sys Product Name : Adaptec Uvsvqsj Ultra320 Family Driver Product Version : 5.2.3790.1230
VirusTotal Report submitted 2012-03-12 15:32:54
VirusShare info last updated 2012-07-26 00:36:51

	MD5	57c62a3a15d76e4b37a09cb7a7b85737
	SHA1	b1483b4b2f764fb7c257bddbb1517ef16d2f2f4a
	SHA256	bcb3f74a2600e91d9fd02995aeb97e7c9a5795ab1a6efa36d1410e4737c716b5
SSDeep	6144:TNXJz6ZQw9FsL57G2/+C+7VXfhSoSWmTh7dnc4z4Q/IueNfn1g5TzAZl:ZZzQps7G2/j+BX+W8JnX0buehK5/Yl
Size	365629 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:Vundo-JU [Trj] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Suspicious file nProtect = Trojan.Generic.5789340 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!8H/KoZEbglc TrendMicro-HouseCall = TROJ_GEN.R11C1H3 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.DownLoader4.53997 TrendMicro = TROJ_GEN.R11C1H3 Kaspersky = Trojan.Win32.Pirminay.qvg Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.sd McAfee = Generic Malware.ms F-Secure = Trojan.Generic.5789340 VIPRE = Trojan.Win32.Generic!BT AVG = Generic22.AGU Norman = W32/Kryptik.AIF Sophos = Mal/Generic-L GData = Trojan.Generic.5789340 Symantec = Trojan.Gen TheHacker = Trojan/Pirminay.eym BitDefender = Trojan.Generic.5789340 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:06 23:57:14-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 69632 Initialized Data Size : 569344 Uninitialized Data Size : 0 Entry Point : 0xe6df OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Tbrdnhtwi Yokkgxtgoyd File Description : Qylhjvlfn Identity Manager File Version : 6.0.6000.16386 (hfihv_rtm.061101-2205) Internal Name : MSIDENT.DLL Legal Copyright : © Tghmywfyc Nxbwjducrgd. All rights reserved. Original Filename : MSIDENT.DLL Product Name : Bjyvkbzqp® Xeccakr® Oboaophvo Swzjnq Product Version : 6.0.6000.16386
VirusTotal Report submitted 2012-04-11 17:52:54
VirusShare info last updated 2012-07-26 00:37:29

	MD5	5a8fe68e23d121495f5a42d6ee87a3cd
	SHA1	414488df7a6f23cc79f18c32ecccc600e0e6994b
	SHA256	6247dca6115c4f348bda243270c914493798b48a92e3ebe070bdd520885787c0
SSDeep	3072:vOS74KHRhS83oO81ZYXhQ8ebnZ3nnd6GON/:GVcx816Qd3YGO
Size	126976 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-GD [Cryp] Antiy-AVL = Trojan/Win32.Monder.gen Ikarus = Trojan.Win32.Pirminay K7AntiVirus = Riskware eTrust-Vet = Win32/Vundo.H!generic Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.WinSpy.1558 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Vundo Jiangmin = Trojan/Generic.jebs McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.13 F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.ADAD Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen Symantec = Trojan.Vundo!gen9 GData = Gen:Variant.Vundo.13 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.ndc BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.NDC
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:22 18:06:30-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 28672 Initialized Data Size : 131072 Uninitialized Data Size : 0 Entry Point : 0x479e OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 10.1.7600.16385 Product Version Number : 10.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : Neutral Character Set : Unicode Company Name : Pnlhjydat Nclyeobtiny File Description : Jjdqikajd IME File Version : 10.1.7600.16385 (win7_rtm.090713-1255) Internal Name : imetip.dll Legal Copyright : © Kidfbbruu Fvvypdgzpsn. All rights reserved. Original Filename : imetip.dll Product Name : Ykiyjkswc® Niifhpp® Ulzhozywx System Product Version : 10.1.7600.16385
VirusTotal Report submitted 2012-04-14 23:04:36
VirusShare info last updated 2012-07-26 00:37:32

	MD5	83f492a8ffe04f4846f79abe169011b4
	SHA1	62b423161aeda37fb0b8ba30d5d0d203fc8f18ba
	SHA256	3b4828d6ea9187f85ee6a3b4539922ab48e53a4c228759e944cac2d737b6cdaf
SSDeep	3072:5o0tooB8/wY1VHsbA0nkAmZOgLTnLG3RJu6ZLUmggpok5aiHKy:5VooB8RfADnkAy/LeRJujXgptR
Size	167424 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/Win32.Monder.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Suspicious file K7AntiVirus = Riskware VBA32 = AdWare.SuperJuan.xfx eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R47CDDH Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Vundo McAfee-GW-Edition = Artemis!83F492A8FFE0 DrWeb = Trojan.Virtumod.10230 Kaspersky = Trojan.Win32.Monder.nryt Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Virtum!tr Jiangmin = Trojan/Monder.abdm McAfee = Vundo!pc F-Secure = Gen:Variant.Vundo.6 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Cryptic.BPO Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.6 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Monder.mmfz BitDefender = Gen:Variant.Vundo.6 NOD32 = a variant of Win32/Kryptik.IZC
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:01:20 08:32:59-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 116736 Initialized Data Size : 86528 Uninitialized Data Size : 0 Entry Point : 0x1d5d4 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Windows Management Interface for ACPI File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : wmiacpi.sys Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : wmiacpi.sys Product Name : Microsoft® Windows® Operating System Product Version : 6.1.7600.16385
VirusTotal Report submitted 2012-04-17 22:03:43
VirusShare info last updated 2012-07-26 00:38:05

	MD5	83f73cc9bc96a74021d88aeb702b2f7f
	SHA1	90cb9090f706d8960f1820420de5efa630c3722d
	SHA256	fe80b16fbe48bbcf840d630a5e5eb1a1b25e763d0fbc8464c887deed317f9188
SSDeep	3072:pj2qe4MWeE+fTV0PlrPEXaa64Gy4IHCS9c/NEPudtp63:ol4Mp9Tg+f69Ufc/NEGZe
Size	221184 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Mediyes VirusBuster = Trojan.Pirminay!jRlC9/algWY VBA32 = Trojan.Pirminay.rdh Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Artemis!83F73CC9BC96 DrWeb = Trojan.Hosts.5792 Kaspersky = Trojan.Win32.Pirminay.rdr Fortinet = W32/Pirminay.RDR!tr Jiangmin = Trojan/Pirminay.aqi McAfee = Artemis!83F73CC9BC96 F-Secure = Gen:Variant.Barys.596 F-Prot = W32/Mediyes.D.gen!Eldorado AVG = Agent.7.G Norman = W32/Troj_Generic.BDLSX GData = Gen:Variant.Barys.596 Symantec = Trojan.Gen BitDefender = Gen:Variant.Barys.596 NOD32 = a variant of Win32/Mediyes.F
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2012:03:23 01:46:22-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 151552 Initialized Data Size : 65536 Uninitialized Data Size : 0 Entry Point : 0x14a1a OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.3.0.0 Product Version Number : 2.3.0.0 File Flags Mask : 0x0017 File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Works Ltd. File Description : Workstation Service Loader File Version : 2.3.0.0 Internal Name : wssl.dll Legal Copyright : (c) 2009 Works Ltd. Original Filename : wssl.dll Product Name : Workstation Service Loader Product Version : 2.3.0.0
VirusTotal Report submitted 2012-04-17 07:50:43
VirusShare info last updated 2012-07-26 00:38:06

	MD5	a5a881e5ae1ae989d1163d9d427fa23a
	SHA1	7ec3d34750560f61b5d44e2ea327055510023b89
	SHA256	9dd055c973ac07591283eea78d9475911e02716635f2bc671e2bd2c6e157c1a3
SSDeep	3072:9nWvIrjYmm8flUfb6y/obaswiPM4cFsOZADNCV/6lAcBettzzB:5rMWiums751UVQAcEP
Size	221184 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Ikarus = Trojan.Win32.Webprefix nProtect = Trojan.Generic.KDV.596712 VBA32 = Trojan.Pirminay.rfi Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Webprefix!IK McAfee-GW-Edition = Artemis!A5A881E5AE1A Kaspersky = Trojan.Win32.Pirminay.rfz Fortinet = W32/Pirminay.RFZ!tr Jiangmin = Trojan/Pirminay.aqm McAfee = Generic.dx!bdxf F-Secure = Trojan.Generic.KDV.596712 AVG = Agent3.BLOO GData = Trojan.Generic.KDV.596712 BitDefender = Trojan.Generic.KDV.596712 NOD32 = a variant of Win32/Mediyes.F
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2012:03:16 21:39:11-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 151552 Initialized Data Size : 65536 Uninitialized Data Size : 0 Entry Point : 0x1470a OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.3.0.0 Product Version Number : 2.3.0.0 File Flags Mask : 0x0017 File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Works Ltd. File Description : Workstation Service Loader File Version : 2.3.0.0 Internal Name : wssl.dll Legal Copyright : (c) 2009 Works Ltd. Original Filename : wssl.dll Product Name : Workstation Service Loader Product Version : 2.3.0.0
VirusTotal Report submitted 2012-04-11 04:08:38
VirusShare info last updated 2012-07-26 00:38:37

	MD5	4de56288ad7516ac7c8d42f944b85283
	SHA1	827675f58241ff576f30054245e328486f1a2d31
	SHA256	dd0c991b0252dae0a087a2920bbd8c281f7fc4149465e690c15a4e6a8ae9158f
SSDeep	1536:x5nzdTqcokN3qQcSS5W1yiWhvwByqIz1x:jZo6aRDrqI5x
Size	106496 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-GD [Cryp] Antiy-AVL = Trojan/Win32.Monder.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Variant.106496.CH Panda = Generic Trojan K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!y8ti4nKI4wM eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R4FC2GF Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Win32.Trojan.Monder.cc.5 SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[Cont] McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.Smardec.76 TrendMicro = TROJ_GEN.R4FC2GF Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Monder.BMF!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.ipss McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CP.gen!Eldorado AVG = Generic22.ACPU Norman = W32/Kryptik.AIF Sophos = Mal/Generic-L GData = Gen:Variant.Vundo.13 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CP.gen!Eldorado TheHacker = Trojan/Kryptik.ndc BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.NDC
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:11:03 15:11:13-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 20480 Initialized Data Size : 118784 Uninitialized Data Size : 0 Entry Point : 0x285e OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Ctwzhcunz Yqkslirlifg File Description : SCardDlg - Smart Card Common Dialog File Version : 6.0.6000.16386 (oyzlh_rtm.061101-2205) Internal Name : SCardDlg.dll Legal Copyright : © Aaidkyfuy Sphxtbjtbyu. All rights reserved. Original Filename : SCardDlg.dll Product Name : Rdwsfslrj® Irdlbjv® Fppgzaies Fdfkwz Product Version : 6.0.6000.16386
VirusTotal Report submitted 2012-04-04 14:20:57
VirusShare info last updated 2012-07-26 00:41:20

	MD5	29147b9a75d5225a3a2047d8734b1af9
	SHA1	b83815c0f679266392d1aa382d985f46f816ce25
	SHA256	90da274b5428776a5e184f8e6ba8e17fdbbf05a95861cf34455066ac8af19aee
SSDeep	3072:RYIL2trUnAq374vEec1gh/eH2Kxoj9TCoAZfARjxos72I:RPBRzePeWKuBIoJxo
Size	131072 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.HDC Panda = Trj/CI.A nProtect = Trojan/W32.Vundo.131072.D K7AntiVirus = Riskware eTrust-Vet = Win32/Vundo.H!generic Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[Cont] McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.WinSpy.1217 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Vundo Jiangmin = Trojan/Generic.jfgg McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.BKGL Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen Symantec = Trojan.Vundo!gen9 GData = Gen:Variant.Vundo.13 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.lxf BitDefender = Gen:Variant.Vundo.13 NOD32 = probably a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:09:29 14:44:39-04:00 PE Type : PE32 Linker Version : 5.12 Code Size : 69632 Initialized Data Size : 94208 Uninitialized Data Size : 0 Entry Point : 0xdefe OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.5512 Product Version Number : 5.1.2600.5512 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Bxufqhusc Lsyvnozowtk File Description : USB Miniport Driver for Input Devices File Version : 5.1.2600.5512 (xpsp.080413-2108) Internal Name : HIDUSB.SYS Legal Copyright : © Kkwhopsnl Rujmohcknfq. All rights reserved. Original Filename : HIDUSB.SYS Product Name : Fzvycrpqx® Lpjnpml® Lkuzhsgyu Aezppw Product Version : 5.1.2600.5512
VirusTotal Report submitted 2012-03-29 23:38:37
VirusShare info last updated 2012-07-26 00:44:54

	MD5	291af76ff5abe75e975dce9aa84bf09b
	SHA1	cefec09e7ccd1df2171f2bb1de40bb9070965cdd
	SHA256	319ad64d26fd58dd3fb67dc6866eb68e4e20ef140fa992b3229e95c11b4679b2
SSDeep	3072:aZsfakoFH7TtjaofcoxweCrf7LTiEMfULmjbEo7jc1F:aZIak82ofc+weuf9M8Lm3Bi
Size	120832 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-GD [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Vundo Panda = Trj/Genetic.gen K7AntiVirus = Trojan eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R4FC1KP Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[Cont] McAfee-GW-Edition = Vundo!lg DrWeb = Trojan.WinSpy.1073 TrendMicro = TROJ_GEN.R4FC1KP Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.imrk McAfee = Vundo!lg F-Secure = Gen:Variant.Graftor.Elzob.230 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Cryptic.DXA Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen Symantec = Trojan.Gen GData = Gen:Variant.Graftor.Elzob.230 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.npn BitDefender = Gen:Variant.Graftor.Elzob.230 NOD32 = a variant of Win32/Kryptik.NPN
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:14 13:39:47-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 69632 Initialized Data Size : 94208 Uninitialized Data Size : 0 Entry Point : 0x11a81 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1.3.0.3130 Product Version Number : 1.3.0.3130 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Jywyluocc Vhpbrgajfmp File Description : TDC ActiveX Control File Version : 1, 3, 0, 3130 Internal Name : TDC Legal Copyright : Copyright © 1996, 1997 Original Filename : TDC.OCX Product Name : Tabular Data Control Product Version : 1, 3, 0, 3130
VirusTotal Report submitted 2012-03-30 07:50:00
VirusShare info last updated 2012-07-26 00:44:55

	MD5	4007f60dcf1919f7f66c76b1c9251a9c
	SHA1	d033207c0b4dcf0d2cbed5169901465bfd5ffc56
	SHA256	252e7db0e690f60750b190490e066723df531b17621a8df9c31935cf8abb7ac8
SSDeep	3072:GQYuNGFytd561Tkjx/TYG2o5MqqDLy/Bf6fHNyXs4WRGsxs:cDwz6Wj3cqqDLuV6lyX
Size	155648 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-HH [Cryp] Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Genome Panda = Suspicious file K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!p+C6Gf4mAgY eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R72C2G5 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Vundo!lw DrWeb = Trojan.MulDrop2.36782 TrendMicro = TROJ_GEN.R72C2G5 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Vundo Jiangmin = Trojan/Generic.iyny McAfee = Vundo!lw F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.LAR Norman = W32/Suspicious_Gen2.POBTT Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = Trojan.Vundo!gen9 Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.NPR
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2005:03:26 20:23:13-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 65536 Initialized Data Size : 131072 Uninitialized Data Size : 0 Entry Point : 0xcb9a OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.70.7713.0 Product Version Number : 2.70.7713.0 File Flags Mask : 0x0003 File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Microsoft Data Access - OLE DB Data Shape Provider Resources File Version : 2.70.7713.0 built by: Lab06_N(dagbuild) Internal Name : msaddsr.dll Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : msaddsr.dll Product Name : Microsoft Data Access Components Product Version : 2.70.7713.0
VirusTotal Report submitted 2012-04-17 21:39:52
VirusShare info last updated 2012-07-26 00:45:14

	MD5	40552bdbddc7f1726e6afe4159e44120
	SHA1	43e4042896c7ff7252bdb9c58da900a9234540da
	SHA256	9953defcd46cebd6b5ce7bf893f6661b73c32362477b71aa126a5feb349f13aa
SSDeep	6144:DCp1ASOGGOUZUn76o3EFAWdJtAcTjAdnUmXwKHJE6VlfTUoFfH2KU44IHXOmA:Wp1AzjT6nO5FBdJmkjsnbVtVNU1I3Om
Size	401408 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Offend.kdv.596147.1 Avast = Win32:Diller-AF [Trj] Antiy-AVL = Trojan/win32.agent Ikarus = Trojan.Win32.Pirminay nProtect = Trojan.Generic.KDV.596147 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!IZlyRU5Zr8Y TrendMicro-HouseCall = TROJ_GEN.R3EC1DC Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Generic.dx!bdxf DrWeb = Trojan.PWS.Panda.2023 TrendMicro = TROJ_GEN.R3EC1DC Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Adware:Win32/EoRezo Fortinet = W32/Kryptik.ADVX Jiangmin = Trojan/Generic.abdif McAfee = Generic.dx!bdxf ClamAV = Trojan.Pirminay-7 F-Secure = Trojan.Generic.KDV.596147 VIPRE = Trojan.Win32.Generic!BT eSafe = Win32.Kryptik.Advx AVG = Generic27.CAVC Norman = W32/Kryptik.AIF Sophos = Mal/Generic-L GData = Trojan.Generic.KDV.596147 Symantec = Trojan.Milicenso BitDefender = Trojan.Generic.KDV.596147 NOD32 = a variant of Win32/Kryptik.ADVX
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2106:02:06 02:36:32-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 401408 Initialized Data Size : 4096 Uninitialized Data Size : 90112 Entry Point : 0x787d0 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-04-14 14:10:09
VirusShare info last updated 2012-07-26 00:45:15

	MD5	457604f4ba180666a67d2642b5a9d335
	SHA1	bb4682a21e04f6dfc67412383a9866aaf7806658
	SHA256	fe94930e0db0d615255da9eacfc7964dabdce4d2091798f8753f73ba126af7e7
SSDeep	3072:Ld3qYk2mKs6aSNXq4KFRoGon/81W/oz/HbiaISICsldd:B3qRKTaP4KFqGq/8ImDeWU
Size	125952 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.HDC Panda = Suspicious file nProtect = Trojan/W32.Agent.125952.JO K7AntiVirus = Riskware VBA32 = AdWare.SuperJuan.aauz eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R4FC2IL Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Vundo!oj DrWeb = Trojan.Juan.482 TrendMicro = TROJ_GEN.R4FC2IL Kaspersky = Trojan.Win32.Monder.nijx Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Adware/SuperJuan.np McAfee = Vundo!oj F-Secure = Trojan.Generic.6829791 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Cryptic.BTF Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Trojan.Generic.6829791 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Trojan.Generic.6829791 NOD32 = a variant of Win32/Kryptik.JHE
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:04:14 22:02:58-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 62464 Initialized Data Size : 98304 Uninitialized Data Size : 0 Entry Point : 0x100be OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.0.0.3422 Product Version Number : 2.0.0.3422 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : Spanish (Modern) Character Set : Unicode Comments : Company Name : Microsoft Corporation File Description : Microsoft Agent International Dll File Version : 2.00.0.3422 Internal Name : agt0c0a Legal Copyright : Copyright (C) Microsoft Corp. 1998 Legal Trademarks : Original Filename : agt0c0a.dll Private Build : Product Name : Microsoft Agent International Dll Product Version : 2.00.0.3422 Special Build :
VirusTotal Report submitted 2012-04-11 16:42:41
VirusShare info last updated 2012-07-26 00:45:22

	MD5	cfcd1be57c54494408f929fc1e0c2d28
	SHA1	9c09680057758bddaaf84355eacfd997e3008fb3
	SHA256	0511ac9b302b5a99e48e6aecb27c077810e435c7c7404c38e60f4dcd28697684
SSDeep	3072:EBpZHWfx3ykUr0iKrl7KnBHwdnMRwaDdSO:Ew3yJAiKsBQVonN
Size	114688 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-GD [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.FakeAV Panda = Trj/Genetic.gen K7AntiVirus = Riskware eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R4FC1KO Comodo = TrojWare.Win32.Agent.onm Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Vundo!lj DrWeb = Trojan.Siggen3.42285 TrendMicro = TROJ_GEN.R4FC1KO Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Agent.evtk McAfee = Vundo!lj F-Secure = Gen:Variant.Vundo.13 F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.ONM Norman = W32/Suspicious_Gen2.QHSNJ Sophos = Troj/Virtum-Gen Symantec = Trojan.Gen GData = Gen:Variant.Vundo.13 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.ndi BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.NDI
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:09:23 03:29:11-04:00 PE Type : PE32 Linker Version : 5.12 Code Size : 45056 Initialized Data Size : 102400 Uninitialized Data Size : 0 Entry Point : 0x8131 OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.0.2134.1 Product Version Number : 5.0.2134.1 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Drdqvcasxqo File Description : Control Panel Console Applet File Version : 5.00.2134.1 Internal Name : Console Legal Copyright : Copyright (C) Tpfkytyvm Corp. 1981-1999 Original Filename : CONSOLE.DLL Product Name : Vhnvgfrur(R) Pnqxxto (R) 2000 Wqrkstcaa Jqirqf Product Version : 5.00.2134.1
VirusTotal Report submitted 2012-04-19 10:51:40
VirusShare info last updated 2012-07-26 00:47:29

	MD5	365dc122515caadff67278c47f087a45
	SHA1	9ea06c32d8b48c4fe1d4d8565ecb6c6e521ebc93
	SHA256	4938b8cb3a2e69c120164d953fe4f981b151893020a6b319f4ea658aef24e532
SSDeep	6144:8QUIE0T+Kd8Y43Wsqo5VeRv51bprEKqqDLuT:xUDO+T7Te15mqnu
Size	198144 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-HF [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Genome Panda = Suspicious file Rising = Trojan.Win32.Generic.128A3FAC K7AntiVirus = Riskware VirusBuster = Trojan.Vundo.Gen!Pac.49 eTrust-Vet = Win32/Vundo.HRV TrendMicro-HouseCall = TROJ_GEN.R26C1CL Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[Cont] McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.MulDrop2.36782 TrendMicro = TROJ_GEN.R26C1CL Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.ijhx McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.ZIY Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Genome.srgh BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2004:07:22 18:10:03-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 131072 Initialized Data Size : 122880 Uninitialized Data Size : 0 Entry Point : 0x1bcf6 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Zgvxntnwz Jxhzogygshl File Description : Microsoft Neutral Natural Language Server Data and Code File Version : 6.0.6000.16386 (xnqcc_rtm.061101-2205) Internal Name : NlsLexicons002a Legal Copyright : © Xwfsiggvy Zgrxvguvkdl. All rights reserved. Original Filename : NlsLexicons002a.dll Product Name : Bzerkenxk® Nblymkf® Uvvjzzptj Akowjw Product Version : 6.0.6000.16386
VirusTotal Report submitted 2012-03-29 09:54:22
VirusShare info last updated 2012-07-26 00:50:12

	MD5	54076a69c4d5d17494a3ac892197e07c
	SHA1	6ea9ab2ca550ad998ff21eee4cddcf9158ced538
	SHA256	f7630288d02803c5741acbac99af538656b51147021804f9ada29344fa13d603
SSDeep	3072:4+Nhi1VrktOyDAC6mBuaj8pA4yab+ww+D9cma63UVtV4bNcI:snAO0rjxaCrhma6a8Nr
Size	212992 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Pirminay Ikarus = Trojan.Win32.Webprefix AhnLab-V3 = Trojan/Win32.Mediyes K7AntiVirus = Trojan VBA32 = Trojan.Pirminay.rez Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Webprefix!IK McAfee-GW-Edition = Artemis!54076A69C4D5 DrWeb = Trojan.Hosts.5800 Kaspersky = Trojan.Win32.Pirminay.rhm Microsoft = Trojan:Win32/Mediyes.C Fortinet = W32/Pirminay.RHM!tr Jiangmin = Trojan/Pirminay.aqj McAfee = Generic.dx!b2a4 F-Secure = Gen:Variant.Barys.596 F-Prot = W32/Mediyes.D.gen!Eldorado AVG = Agent3.BLOQ Sophos = Mal/Mediyes-D GData = Gen:Variant.Barys.596 BitDefender = Gen:Variant.Barys.596 NOD32 = probably a variant of Win32/Mediyes.F
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2011:12:28 21:43:28-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 147456 Initialized Data Size : 61440 Uninitialized Data Size : 0 Entry Point : 0x1363a OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.3.0.0 Product Version Number : 2.3.0.0 File Flags Mask : 0x0017 File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Works Ltd. File Description : Workstation Service Loader File Version : 2.3.0.0 Internal Name : wssl.dll Legal Copyright : (c) 2009 Works Ltd. Original Filename : wssl.dll Product Name : Workstation Service Loader Product Version : 2.3.0.0
VirusTotal Report submitted 2012-04-19 06:46:38
VirusShare info last updated 2012-07-26 00:50:30

	MD5	65f4f65cdb11ce9d6c3eff976fc013b0
	SHA1	26f244c46c07527b1adf9269591c38254350d1e6
	SHA256	2492632ebadc481dd1776d74ce55c6e608f8ddb1fcd4565ab96b525c4ff5262d
SSDeep	1536:GjdvdXfyCtEnHKK4b0rB9lfTJJhabHLWB2vDhBEQtaw5kQf:OdvbtAKfW9lfFJhcLRrew5kQf
Size	76800 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Trj/Genetic.gen nProtect = Trojan/W32.Monder.76800.C K7AntiVirus = Riskware VirusBuster = Trojan.Monder.Gen.7 eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R4FC2G6 Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.Click1.61036 TrendMicro = TROJ_GEN.R4FC2G6 Kaspersky = Trojan.Win32.Monder.njwq Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Monder.BMF!tr PCTools = Trojan.Gen Jiangmin = Trojan/Monder.abee McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.YJO Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.ndi BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.NDI
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:06:29 07:32:37-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 32768 Initialized Data Size : 90112 Uninitialized Data Size : 0 Entry Point : 0x4add OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 2 Language Code : Neutral Character Set : Unicode Company Name : Microsoft Feyzmogvamr File Description : Greenlandic Keyboard Layout File Version : 6.0.6000.16386 (edkrn_rtm.061101-2205) Internal Name : kbdgrlnd (3.13) Legal Copyright : © Oscyawtxx Pxpucqjdtev. All rights reserved. Original Filename : kbdgrlnd.dll Product Name : Vhrnqseir® Eipvpsk® Bxmonqxom Vrwqts Product Version : 6.0.6000.16386
VirusTotal Report submitted 2012-04-11 16:44:43
VirusShare info last updated 2012-07-26 00:50:52

	MD5	d60ff3160f9059615761f9baa2698870
	SHA1	d9e881d6d5aff04212efcfb9e97bec7d0e2690cd
	SHA256	3484c165205c3c7fd263c827e4ec0b65ddde8f2aa863afbb8d34e1553c6ded0d
SSDeep	3072:QG9zkL+5/hvwd6IOHsCUIqjofETpWT9JlrinCXc3ACO:ZK+bvwd7UUIqsfkpWT9PinCXcQC
Size	119296 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.aba.1 Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Trj/Genetic.gen nProtect = Trojan/W32.Monder.119296 K7AntiVirus = Riskware eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_VUNDO.SMUM9 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.Virtumod.9910 TrendMicro = TROJ_VUNDO.SMUM9 Kaspersky = Trojan.Win32.Monder.drjy Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Monder.aanz McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CD.gen!Eldorado AVG = Generic21.BLNB Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen Symantec = Trojan.Gen GData = Gen:Variant.Vundo.13 Commtouch = W32/Virtumonde.CD.gen!Eldorado TheHacker = Trojan/Kryptik.lxf BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2005:04:14 22:44:38-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 65536 Initialized Data Size : 98304 Uninitialized Data Size : 0 Entry Point : 0xcf39 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Hvbvnkbmo Imcpacdlicy File Description : IAS Pipeline File Version : 5.1.2600.0 (rwwdvpwo.010817-1148) Internal Name : IASPOLCY.DLL Legal Copyright : © Miluracvn Fpyproycska. All rights reserved. Original Filename : IASPOLCY.DLL Product Name : Ppqvspivk® Qpiulya® Epfsbzvsb Abjzsx Product Version : 5.1.2600.0
VirusTotal Report submitted 2012-04-17 22:59:22
VirusShare info last updated 2012-07-26 00:52:19

	MD5	00373aefb43c867dd139a309ec8c0c5b
	SHA1	cada1026ec4d9028f97a683fdd6aaeed0932f761
	SHA256	e8c7c6ff8ba5e40234d930ef213b56ca40cae2273785feee1cb15b3f90263a28
SSDeep	3072:vv7Ys/Ov0fl3MqqDLy/39JylPxsI3ToTRI:hcZqqDLutJOz3sd
Size	110592 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-HF [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Suspicious file K7AntiVirus = Riskware VirusBuster = Trojan.Monder!0wBX5pP3rIg eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R4FC2IC Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.WinSpy.1558 TrendMicro = TROJ_GEN.R4FC2IC Kaspersky = Trojan.Win32.Monder.drjy Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Vundo Jiangmin = Trojan/Monder.abxo McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.16 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.LPD Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.16 Symantec = Trojan.Vundo!gen9 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Monder.drjy BitDefender = Gen:Variant.Vundo.16 NOD32 = a variant of Win32/Kryptik.OXQ
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2005:04:06 18:39:13-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 36864 Initialized Data Size : 118784 Uninitialized Data Size : 0 Entry Point : 0x556e OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Beicdpcut Mnzzaarjswe File Description : Ohdhkiw Sockets Helper DLL for PGM File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : wshrm.dll Legal Copyright : © Xqsuraizv Haciwdbykys. All rights reserved. Original Filename : wshrm.dll Product Name : Csunswwxs® Allcnel® Hxozugebj Izsnff Product Version : 6.1.7600.16385
VirusTotal Report submitted 2012-04-03 23:07:12
VirusShare info last updated 2012-07-26 00:52:55

	MD5	1fea2091f80599ea3e128d2bd38986bf
	SHA1	87ee3583dd62fb57f2215c5d1965926ef00b178f
	SHA256	9f920ebb75fc2237f98f2f709b77d07ac3852b6792346d8259165965303f5e26
SSDeep	3072:GsAoAqopa/5ZSdK0Z/KrwEuSZhwHJValiljMqqDLy/v6K:dAoA0/5ZmK0tKhwgnqqDLuv
Size	166400 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.A.946 Avast = Win32:Kryptik-ELX [Trj] Antiy-AVL = Trojan/Win32.Monder Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Trj/Genetic.gen Rising = Trojan.Win32.Generic.12899D94 nProtect = Trojan/W32.Vundo.166400.AC K7AntiVirus = Riskware eTrust-Vet = Win32/Vundo.HQK TrendMicro-HouseCall = TROJ_GEN.R4FC2HN Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Monder.drjy McAfee-GW-Edition = Vundo!lh DrWeb = Trojan.Smardec.75 TrendMicro = TROJ_GEN.R4FC2HN Kaspersky = Trojan.Win32.Monder.drjy Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen Jiangmin = Trojan/Monder.aapz McAfee = Vundo!lh F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.ANJ Norman = W32/Kryptik.AIF Sophos = Mal/Generic-L GData = Gen:Variant.Vundo.13 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.oxq BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.OXQ
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:12:07 01:22:53-05:00 PE Type : PE32 Linker Version : 5.12 Code Size : 98304 Initialized Data Size : 118784 Uninitialized Data Size : 0 Entry Point : 0x148ca OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.3790.3959 Product Version Number : 6.0.3790.3959 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Microsoft IIS Common Logging Interface DLL File Version : 6.0.3790.3959 (srv03_sp2_rtm.070216-1710) Internal Name : ISCOMLOG.DLL Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : ISCOMLOG.DLL Product Name : Internet Information Services Product Version : 6.0.3790.3959
VirusTotal Report submitted 2012-04-04 14:15:16
VirusShare info last updated 2012-07-26 00:54:37

	MD5	3ba5ba91351c02fbfdc782c60e7edf0b
	SHA1	9411ee5366fce2056cacc8697ef85a3156a6d227
	SHA256	03daa52dd2ae5afb838f94fe1b277538d9a0864fcf600f971b6c9a49ae8ceda8
SSDeep	6144:oI+W5S2jB1ixfafmPV0tpXnMj9hw3Tv87Wy08Rq9QUk15q29Lt+PRCZLO:oI82jBI/6DUPwjv8da7IA29B+PRB
Size	362496 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Spy.362496.36 Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan-Downloader.Win32.Renos K7AntiVirus = Trojan VBA32 = Trojan.Genome.lqly Emsisoft = Trojan-Downloader.Win32.Renos!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Genome.lqly McAfee-GW-Edition = Heuristic.LooksLike.Win32.FakeVimes.I DrWeb = Trojan.Click2.18872 Kaspersky = Trojan.Win32.Genome.lqly Microsoft = TrojanDownloader:Win32/Renos.KC Fortinet = W32/Kryptik.ANL!tr PCTools = HeurEngine.MaliciousPacker Jiangmin = Trojan/Genome.eva McAfee = Artemis!3BA5BA91351C F-Secure = Gen:Variant.Vundo.6 VIPRE = Packed.Win32.Pirminay.a (v) AVG = Downloader.Generic9.CAVD Norman = W32/Suspicious_Gen2.CIBWB GData = Gen:Variant.Vundo.6 Symantec = Packed.Generic.305 TheHacker = Trojan/Genome.lqly BitDefender = Gen:Variant.Vundo.6 NOD32 = probably a variant of Win32/TrojanDownloader.Agent.MWHNMBX
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:10:09 09:28:47-04:00 PE Type : PE32 Linker Version : 5.12 Code Size : 27136 Initialized Data Size : 667136 Uninitialized Data Size : 0 Entry Point : 0x7726 OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 8.0.50727.312 Product Version Number : 8.0.50727.312 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : Neutral Character Set : Unicode Comments : Microsoft.Vsa.dll Company Name : Microsoft Corporation File Description : Microsoft.Vsa.dll File Version : 8.0.50727.312 Internal Name : Microsoft.Vsa.dll Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : Microsoft.Vsa.dll Product Name : Microsoft (R) Visual Studio (R) 2005 Product Version : 8.0.50727.312 Assembly Version : 8.0.0.0
VirusTotal Report submitted 2012-04-26 13:04:29
VirusShare info last updated 2012-07-26 00:55:44

	MD5	3ed8f1e38d7157d97e16e5b89df74c05
	SHA1	e13f5d0215b70aab5aaa31cc2feffdcf10f971b5
	SHA256	8c1f3ae60c654f91da70559a3878d7df4167345899d8bca0cb38a2363bb0b27c
SSDeep	1536:sNfEHZL04gqFw1yqDh/0Yxlgc/JwwAUDN0pvuWHa1q/WcD+Ym:sNfsZL04Hw1yq7lgOwwAKYvuWHa1Pc
Size	122880 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.AV.577 Avast = Win32:MalOb-GD [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Suspicious file K7AntiVirus = Riskware eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R4FCCDL Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Monder.npoz McAfee-GW-Edition = Vundo!ok DrWeb = Trojan.Virtumod.10251 TrendMicro = TROJ_GEN.R4FCCDL Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Vundo Jiangmin = Trojan/Monder.abyi McAfee = Vundo!ok F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.SW AVG = Generic22.VZI Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen Symantec = Trojan.Vundo!gen9 GData = Gen:Variant.Vundo.4 Commtouch = W32/Virtumonde.SW TheHacker = Trojan/Monder.mkog BitDefender = Gen:Variant.Vundo.4 NOD32 = probably a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:31 12:52:00-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 28672 Initialized Data Size : 126976 Uninitialized Data Size : 0 Entry Point : 0x4191 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.6.0.8820 Product Version Number : 5.6.0.8820 File Flags Mask : 0x0003 File Flags : (none) File OS : Win32 Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Zrrvjhlxa Xxkkdbbfipg File Description : Tzgjeklgi (r) Ubvnnpr Based Script Host File Version : 5.6.0.8820 Internal Name : wscript.exe Legal Copyright : Copyright © Iuhodjotu Corp. 2002 Original Filename : wscript.exe Product Name : Chdwcsmae (r) Wukkftq Script Host Product Version : 5.6.0.8820
VirusTotal Report submitted 2012-04-26 06:36:58
VirusShare info last updated 2012-07-26 00:55:50

	MD5	4d32031b92ce80066d01332a053d9c86
	SHA1	303fa5b39790963a3201d775f99a710b85a3149c
	SHA256	68d3708da02eb5c30b3a7793d4a0cc3204b5a7336e107306d308536690b79b9f
SSDeep	3072:cXkTS/Ov0ZlBMqqDLy/39JylPxsI3ToTRJB:2cZqqDLutJOz3sd
Size	110592 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-HF [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Trj/CI.A K7AntiVirus = Riskware eTrust-Vet = Win32/Vundo.H!generic Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Monder.drjy SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[Cont] McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.WinSpy.1558 Kaspersky = Trojan.Win32.Monder.drjy Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.LPD Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen Symantec = Trojan.Gen GData = Gen:Variant.Vundo.4 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Monder.drjy BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.OXQ
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2005:04:06 18:39:13-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 36864 Initialized Data Size : 118784 Uninitialized Data Size : 0 Entry Point : 0x556e OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Beicdpcut Mnzzaarjswe File Description : Ohdhkiw Sockets Helper DLL for PGM File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : wshrm.dll Legal Copyright : © Xqsuraizv Haciwdbykys. All rights reserved. Original Filename : wshrm.dll Product Name : Csunswwxs® Allcnel® Hxozugebj Izsnff Product Version : 6.1.7600.16385
VirusTotal Report submitted 2012-03-30 07:05:15
VirusShare info last updated 2012-07-26 00:56:24

	MD5	5678510f0050da45267400c24deb9ab4
	SHA1	0f7b0550dcb83b17253c764f40dfffff92be6f23
	SHA256	190e4c025b4a9c89e8d893583da3cb82ba28ed76fd0774d26df2770a9c2bdbf7
SSDeep	6144:2zAfN9tKSbAuIkfi19RoqaTOOK0hNmZvDaWBIKSpt4zLGE2W4xMlskoVtXsDsBcx:2cfNOSbAgiOqJO9uxSKSv4HGxVxMWkoG
Size	367616 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:Dropper-GZY [Drp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Dropper/Win32.Drooptroop Panda = Suspicious file nProtect = Trojan/W32.Pirminay.367616 VirusBuster = Trojan.Pirminay!dHa9F3nblnA TrendMicro-HouseCall = TROJ_GEN.R4FC3GF Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falint[Cont] McAfee-GW-Edition = Generic.dx!baqy DrWeb = Trojan.DownLoader3.33469 TrendMicro = TROJ_GEN.R4FC3GF Kaspersky = Trojan.Win32.Pirminay.ikf Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.adg McAfee = Generic.dx!baqy F-Secure = Trojan.Generic.6154931 VIPRE = Trojan.Win32.Generic!BT AVG = Generic23.KBF Norman = W32/Obfuscated.L Sophos = Troj/Virtum-Gen GData = Trojan.Generic.6154931 Symantec = Trojan.Gen TheHacker = Trojan/Pirminay.ikf BitDefender = Trojan.Generic.6154931 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:11:12 13:26:02-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 368640 Initialized Data Size : 4096 Uninitialized Data Size : 540672 Entry Point : 0xde020 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7000.0 Product Version Number : 6.1.7000.0 File Flags Mask : 0x0017 File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Xczembsiu Zowhmyamvvc File Description : File Version : 6.1.7000.0 Internal Name : Eihsqjpxx.Byduyqa.Diagnosis.Commands.WriteDiagProgress.resources.dll Legal Copyright : Copyright (c) Ngkozaydl Wdlcanwellv. All rights reserved. Original Filename : Wwjxelbvl.Dxexqua.Diagnosis.Commands.WriteDiagProgress.resources.dll Product Name : Lcqpwtiev (R) Oqinrcj (R) Kgxbmaeau Cfqbwz Product Version : 6.1.7000.0
VirusTotal Report submitted 2012-04-19 08:56:41
VirusShare info last updated 2012-07-26 00:56:55

	MD5	58a29b1800d1b790f2b2991db326f5e2
	SHA1	0b530eb50f9ecfca6ec5d132fbc49c6095672df6
	SHA256	8aaaddbe7b54b77714a538485bd67bb5a6ed79a9a77319a425de892aea2326b0
SSDeep	3072:jGNbYagYSq6xcUS/uNPsj15oNRJq6GYyInzPA+OAcflcH:6NbYJ6qNPuzuxyeTOjq
Size	135168 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.AV.574 Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Genome Panda = Suspicious file nProtect = Trojan/W32.Vundo.135168.B K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!l5Dtsyz3OcM eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R4FC2I7 Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[Cont] McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.WinSpy.1229 TrendMicro = TROJ_GEN.R4FC2I7 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.irkc McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.13 VIPRE = Virtumonde F-Prot = W32/Virtumonde.CD.gen!Eldorado AVG = Generic22.BZCG Norman = W32/Suspicious_Gen2.QDOGG Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.13 Symantec = Trojan.Gen.2 Commtouch = W32/Virtumonde.CD.gen!Eldorado TheHacker = Trojan/Kryptik.llt BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.LLT
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:11:23 12:22:02-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 106496 Initialized Data Size : 61440 Uninitialized Data Size : 0 Entry Point : 0x17889 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.0 Product Version Number : 5.2.3790.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Neshbidro Gdaeuxfmozv File Description : WIA Video File Version : 5.2.3790.0 (srv03_rtm.030324-2048) Internal Name : WIA Video Legal Copyright : © Urbjjpmzq Gjltvmzbric. All rights reserved. Original Filename : WIAVIDEO.DLL Product Name : Ujanimkrv® Acjdkou® Tgwygwffc Lgwmsd Product Version : 5.2.3790.0
VirusTotal Report submitted 2012-04-08 08:01:30
VirusShare info last updated 2012-07-26 00:57:03

	MD5	5d801e9990a95359b343285a71ee97a7
	SHA1	c3fe03dc90688ef3f0a181b83a2205d734dd97b2
	SHA256	df6d1f54088a8e5df0d5251792308da3ca6df1479da0e673e16013ab836cfd7e
SSDeep	6144:SVtisu1+wTe+owFK2nAZrgnLsqT2A/te9YJcnqpd+2AqkysHBg82JWXH:SVtiB1+oFUrSIU2xzqz+2AqkDHIJUH
Size	336424 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Spy.ZBot.34.67 Avast = Win32:Zbot-NDZ [Trj] Ikarus = Trojan-Downloader.Win32.Ponmocup AhnLab-V3 = Trojan/Win32.Pirminay Panda = Generic Trojan K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_GEN.R11C2FS Comodo = UnclassifiedMalware Emsisoft = Trojan-Downloader.Win32.Ponmocup!IK CAT-QuickHeal = Trojan.Pirminay.qmp McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.DownLoader5.63020 TrendMicro = TROJ_GEN.R11C2FS Kaspersky = Trojan.Win32.Pirminay.qmp Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Kryptik.ANL!tr Jiangmin = Trojan/Generic.jhnq McAfee = Generic Malware.ms ClamAV = Trojan.Agent-248125 F-Secure = Gen:Variant.Zbot.34 VIPRE = Trojan.Win32.Generic!BT eSafe = Win32.TRSpy.Zbot AVG = Generic22.CDWM Norman = W32/Obfuscated.L Sophos = Troj/Virtum-Gen Symantec = WS.Reputation.1 GData = Gen:Variant.Zbot.34 TheHacker = Trojan/Kryptik.lxf BitDefender = Gen:Variant.Zbot.34 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2007:02:03 21:49:44-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 327680 Initialized Data Size : 323584 Uninitialized Data Size : 0 Entry Point : 0x50320 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6001.18000 Product Version Number : 6.0.6001.18000 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Nalsdpqlw Dyvneekmzyn File Description : WDM Streaming Crossbar File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840) Internal Name : ksxbar.ax Legal Copyright : © Dcpdfeojw Mkhegegqkax. All rights reserved. Original Filename : ksxbar.ax Product Name : Niebhswqb® Yqzzeyu® Lvuovyooh Sefyyz Product Version : 6.0.6001.18000
VirusTotal Report submitted 2012-04-04 13:24:06
VirusShare info last updated 2012-07-26 00:57:20

	MD5	798f9227c19e39b2b89583ebc558b65e
	SHA1	528f2f4734b7424445d7fcdf460857b35bad983b
	SHA256	3e1160c7207cb715be219c939dbf5dd9bfa681f196eca6190cb039936285775d
SSDeep	1536:YDci4ZuWdS9wBmElNm6qUEDCOUCs4uT69LCyP1Jh01aQ1:YB4ZulMlNcUEDlsd69LY0Q1
Size	81920 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.307200 Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Generic Trojan nProtect = Trojan/W32.Vundo.81920.BF K7AntiVirus = Riskware VirusBuster = Trojan.Monder!GHkW5Iejr8w VBA32 = Trojan.Monder.mvbx eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_VNDO.SMUS1 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Monder.nqdm SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[Cont] McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.Virtumod.10219 TrendMicro = TROJ_VNDO.SMUS1 Kaspersky = Trojan.Win32.Monder.nqdm Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr Jiangmin = Trojan/Monder.abon McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.5 VIPRE = Virtumonde F-Prot = W32/Virtumonde.CD.gen!Eldorado AVG = Generic22.BPAX Norman = W32/VirtuMonde.EPXS Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.5 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CD.gen!Eldorado TheHacker = Trojan/Monder.nqdm BitDefender = Gen:Variant.Vundo.5 NOD32 = a variant of Win32/Kryptik.NDI
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:08:10 15:31:04-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 24576 Initialized Data Size : 90112 Uninitialized Data Size : 0 Entry Point : 0x3815 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 0.3.0.0 Product Version Number : 5.2.3790.1224 File Flags Mask : 0x003f File Flags : Private build File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 1 Language Code : English (U.S.) Character Set : Unicode Company Name : Iskevzody Eejmjfkekcs File Description : Canon BJ Mini Printer Driver File Version : 5.2.3790.1224 (dnsrv(skatari).040514-1058) Internal Name : CNB600.DLL Legal Copyright : © Cddkrpwvz Xjuqvqpjlue. All rights reserved. Original Filename : CNB600.DLL Product Name : Dqxhvjrid® Xonmayd® Xxmgojpla Ewipwc Product Version : 5.2.3790.1224
VirusTotal Report submitted 2012-05-07 13:22:42
VirusShare info last updated 2012-07-26 00:59:18

	MD5	8c15699682d3160529734a0e3a9ced75
	SHA1	13cd1ceec0cb99b57ceb84f7049bfc2914527f94
	SHA256	b7baeb0f605a0982b55d7ee8a37875e435726f95844fbd8e4a84106c17a08838
SSDeep	3072:5AFILvIXUtcI5+i4HXez1xCSeH2KxoO9TCoAZfARjxos7q4I:5A6PKrefeWKHBIoJxoX
Size	131072 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/Win32.Monder.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.HDC Panda = Suspicious file nProtect = Trojan/W32.Vundo.131072.D K7AntiVirus = Riskware eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R30CCD6 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Vundo McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.WinSpy.1217 TrendMicro = TROJ_GEN.R30CCD6 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Vundo Jiangmin = Trojan/Generic.jfgg McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.BKGL Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.13 Symantec = Trojan.Vundo!gen9 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.lxf BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.NDC
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:09:29 14:44:39-04:00 PE Type : PE32 Linker Version : 5.12 Code Size : 69632 Initialized Data Size : 94208 Uninitialized Data Size : 0 Entry Point : 0xdefe OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.5512 Product Version Number : 5.1.2600.5512 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Bxufqhusc Lsyvnozowtk File Description : USB Miniport Driver for Input Devices File Version : 5.1.2600.5512 (xpsp.080413-2108) Internal Name : HIDUSB.SYS Legal Copyright : © Kkwhopsnl Rujmohcknfq. All rights reserved. Original Filename : HIDUSB.SYS Product Name : Fzvycrpqx® Lpjnpml® Lkuzhsgyu Aezppw Product Version : 5.1.2600.5512
VirusTotal Report submitted 2012-04-07 16:46:14
VirusShare info last updated 2012-07-26 01:00:32

	MD5	91222b1463fa62b7f953347ec27c157d
	SHA1	325e3ddced6bcc0728dfdb53f744930cb6382413
	SHA256	654f9ad510bfc01a2922d744f92a83333fb1b77b37085aabf40a7f308a2683c9
SSDeep	6144:4uGzv2I+SmQDfzVnjUj5TM+HvbLNFLZ024lxeeidtxp/fQhAuLF:4zvF+SbDf5niRrv1FLZfKxeeidtH/duh
Size	261725 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:Pirminay-CU [Trj] Ikarus = Trojan.Win32.Jorik AhnLab-V3 = Trojan/Win32.Jorik Panda = Suspicious file nProtect = Trojan.Generic.6380082 K7AntiVirus = Riskware VirusBuster = Trojan.Injector!yIJOnAq2u4E VBA32 = TrojanDownloader.Qhost.jw TrendMicro-HouseCall = TROJ_RENOS.BMC Emsisoft = Trojan.Win32.Jorik!IK Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[Cont] McAfee-GW-Edition = Generic.dx!bapj DrWeb = Trojan.WinSpy.1014 TrendMicro = TROJ_RENOS.BMC Kaspersky = Trojan.Win32.Jorik.Pirminay.beh Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Jorik.K!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.hxys McAfee = Generic.dx!bapj F-Secure = Trojan.Generic.6380082 VIPRE = Trojan.Win32.Generic!BT AVG = Dropper.Generic4.RTM Norman = W32/Obfuscated.L Sophos = Troj/Virtum-Gen GData = Trojan.Generic.6380082 Symantec = Trojan.Gen TheHacker = Trojan/Jorik.Pirminay.dg BitDefender = Trojan.Generic.6380082 NOD32 = a variant of Win32/Injector.HZU
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 245760 Initialized Data Size : 16384 Uninitialized Data Size : 40960 Entry Point : 0x46d50 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 8.1.2327.0 Product Version Number : 8.1.2327.0 File Flags Mask : 0x003f File Flags : Pre-release, Private build File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : Neutral Character Set : Unicode Company Name : Pjxdvuviy Orlrbwtlnlr File Description : Xbhmasnkw IME 2002 File Version : 8.1.2327.0 Internal Name : IMESKDIC Legal Copyright : Copyright (C) 1995-2000 Tzwduwvbx Funekxjkvef. All rights reserved. Legal Trademarks : CejkvztjmQ is a registered trademark of Wmhwyymnf Mzrcpotropv. Cwuxmwn(TM) is a trademark of Dptzwbgex Isqjyjgagbx Original Filename : IMESKDIC.DLL Product Name : Qijapgdmv IME 2002 Product Version : 8.1.2327.0
VirusTotal Report submitted 2012-03-29 09:05:08
VirusShare info last updated 2012-07-26 01:01:06

	MD5	9609a957c286eca3b7f9b66acb423e13
	SHA1	e3e837aebac890e8df2b1458ac7b028ed129cd98
	SHA256	5bd7f46d679aca6a64451c5ddd393acd51e6a394c25c83e8a7eedf6f060784fd
SSDeep	1536:+2/QDdx4BzwIcnVYJoIXfecX0Fn2pwYlAE4Dtvjn/AnvE:7KdedwXVSoVcXsKdAE6tDAvE
Size	106496 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:Vundo-JU [Trj] Antiy-AVL = Trojan/Win32.Monder.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Suspicious file nProtect = Trojan/W32.Vundo.106496.AB K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!YpsHIEMkFws eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R11C2GT Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Vundo!lx DrWeb = Trojan.WinSpy.1558 TrendMicro = TROJ_GEN.R11C2GT Kaspersky = Trojan.Win32.Monder.nhkt Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.jgtx McAfee = Vundo!lx F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.CJRW Norman = W32/Kryptik.AIF Sophos = Mal/Generic-L GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.QGS
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2002:08:30 19:17:27-04:00 PE Type : PE32 Linker Version : 6.22 Code Size : 36864 Initialized Data Size : 102400 Uninitialized Data Size : 0 Entry Point : 0x70ce OS Version : 4.0 Image Version : 4.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 8.0.1.20 Product Version Number : 8.0.1.20 File Flags Mask : 0x0000 File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Msehmhvlm Jzmqhgamcdi File Description : Windows CE WMDM Service Provider File Version : 8.0.1.20 Internal Name : CEWMDM.DLL Legal Copyright : Copyright (C) Pndtybzge Corp. Original Filename : CEWMDM.DLL Product Name : Muicvrf Media Device Manager Product Version : 8.0.1.20 OLE Self Register :
VirusTotal Report submitted 2012-04-11 16:49:21
VirusShare info last updated 2012-07-26 01:01:25

	MD5	a7a1e227f4a6cdaa4841f29e5b75fbfd
	SHA1	ac9cceb4cf7bceb4602b6dc220a1ca0bc2d904ae
	SHA256	a6393b811790306b1ae13373ea81914f504cd9e853407276ea348ebd3d739506
SSDeep	3072:sx+hl1CrkSMyDadhS2Q6faViZLxy8/yAqHsHi9ywJmm0tf4bNcIA:v4zydhBCeo8KY2Xmn8NrA
Size	212992 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:Trojan-gen Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Mediyes VirusBuster = Trojan.Mediyes!aerrZFz+ZHU VBA32 = Trojan.Pirminay.rez Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Artemis!A7A1E227F4A6 Kaspersky = Trojan.Win32.Pirminay.rfu Fortinet = W32/Pirminay.RFU!tr Jiangmin = Trojan/Pirminay.aqj McAfee = Artemis!A7A1E227F4A6 F-Secure = Gen:Variant.Barys.596 F-Prot = W32/Mediyes.D.gen!Eldorado AVG = Agent3.BLOQ Norman = W32/Troj_Generic.BDLOQ GData = Gen:Variant.Barys.596 Symantec = Trojan.Gen.2 BitDefender = Gen:Variant.Barys.596 NOD32 = probably a variant of Win32/Mediyes.F
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2011:12:28 22:20:45-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 147456 Initialized Data Size : 61440 Uninitialized Data Size : 0 Entry Point : 0x1363a OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.3.0.0 Product Version Number : 2.3.0.0 File Flags Mask : 0x0017 File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Works Ltd. File Description : Workstation Service Loader File Version : 2.3.0.0 Internal Name : wssl.dll Legal Copyright : (c) 2009 Works Ltd. Original Filename : wssl.dll Product Name : Workstation Service Loader Product Version : 2.3.0.0
VirusTotal Report submitted 2012-04-17 08:43:00
VirusShare info last updated 2012-07-26 01:03:19

	MD5	accefdc9b400e098ab2be22b589d268e
	SHA1	17b2a096f495ce2fbeb6a51cb422a88b88567d11
	SHA256	b690f373c9845c3ae9bf0f20895c24f0a8bc150165ac3f1a9669738a96bd5c86
SSDeep	3072:DT20HtF+KQTtgHz1axCJz/ayL2hpPFrpveXGFDRWEUG:D1kTtgHBaUcysrpvU1XG
Size	121180 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	Avast = Win32:Trojan-gen Antiy-AVL = Trojan/Win32.Jorik Ikarus = Trojan.Win32.Jorik AhnLab-V3 = Trojan/Win32.Jorik Panda = Generic Trojan K7AntiVirus = Riskware Emsisoft = Trojan.Win32.Jorik!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Artemis!ACCEFDC9B400 DrWeb = Trojan.Fakealert.26952 Kaspersky = HEUR:Trojan.Win32.Generic Jiangmin = Trojan/Jorik.srx McAfee = Artemis!ACCEFDC9B400 F-Secure = Gen:Variant.Graftor.3065 eSafe = Win32.GenVariant.Gra AVG = Generic25.AHEV Norman = W32/Suspicious_Gen4.dam GData = Gen:Variant.Graftor.3065 TheHacker = Trojan/Jorik.Pirminay.anv BitDefender = Gen:Variant.Graftor.3065 NOD32 = a variant of Win32/Kryptik.UEO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 28672 Initialized Data Size : 204800 Uninitialized Data Size : 0 Entry Point : 0x154b OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI Warning : Error processing PE data dictionary
VirusTotal Report submitted 2012-05-14 20:14:26
VirusShare info last updated 2012-07-26 01:04:49

	MD5	e37ccb021b0cec9bfd0866d5f4902ae4
	SHA1	410237f75e74313e8c2c8f31a223e19fd4ef8498
	SHA256	80e7aaf747b3c856dc08e365f05f85f280534fd7c889fb0aadb5506b603767a9
SSDeep	3072:RNykJ8s7j4MVd5m8cu/KV6App/HrhH9oZ8jZ1lNcSwoZFYfO:Xv/jBwSYV8wZNcSEfO
Size	167936 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.307200 Avast = Win32:MalOb-GD [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.FakeAV Panda = Suspicious file K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!zKQgcrm1dD0 eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R4FC1HS Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[Cont] McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.Virtumod.10325 TrendMicro = TROJ_GEN.R4FC1HS Kaspersky = Trojan.Win32.Monder.njip Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Monder.ackh McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.4 F-Prot = W32/Virtumonde.CD.gen!Eldorado AVG = Generic22.ANCC Norman = W32/Kryptik.AIF Sophos = Mal/Generic-L GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CD.gen!Eldorado TheHacker = Trojan/Kryptik.ndi BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.NDI
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:01:18 00:19:53-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 102400 Initialized Data Size : 98304 Uninitialized Data Size : 0 Entry Point : 0x163c5 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6001.18000 Product Version Number : 6.0.6001.18000 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 8 Language Code : English (U.S.) Character Set : Unicode Company Name : Xztfevbqv Kbgbrtftghg File Description : Flnsgrboy ACM Audio Filter File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840) Internal Name : Jhyddtqsf ACM Audio Filter Legal Copyright : © Inorznyop Corporation. All rights reserved. Original Filename : msfltr32.acm Product Name : Xcsltbhjn® Zqtcvkp® Pgkevtdwi Lrgelv Product Version : 6.0.6001.18000
VirusTotal Report submitted 2012-04-12 09:32:11
VirusShare info last updated 2012-07-26 01:09:05

	MD5	e767bbd734476e0f72736c5cf28e7288
	SHA1	c8db4353f6a86c7e42ff14a60c229b6611348b57
	SHA256	a6ae1de00680a0ee8cd2bad610b83b2f33dce8cec4b1556d82d02da58bb0cab6
SSDeep	3072:2O3Wq+pvMWmE+f7k0PXD49irhaY5357YrYrH1z9vS/3tQgEM:uFNM997FFUYvl1wuo
Size	221184 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:Trojan-gen Ikarus = Trojan.Win32.Pirminay Panda = Suspicious file nProtect = Trojan/W32.Agent.221184.ABY K7AntiVirus = Trojan VBA32 = Trojan.Pirminay.rdg TrendMicro-HouseCall = TROJ_GEN.R47CDDP Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Artemis!E767BBD73447 DrWeb = Trojan.Hosts.5792 TrendMicro = TROJ_GEN.R47CDDP Kaspersky = Trojan.Win32.Pirminay.reg Microsoft = Trojan:Win32/Mediyes.C Fortinet = W32/Mediyes.FA!tr Jiangmin = Trojan/Pirminay.aqi McAfee = Generic.dx!b2cg F-Secure = Trojan.Generic.KDV.607232 VIPRE = Trojan.Win32.Generic!BT AVG = Agent.7.G Norman = W32/Troj_Generic.BKVJM GData = Trojan.Generic.KDV.607232 Symantec = Trojan.Gen TheHacker = Trojan/Pirminay.ref BitDefender = Trojan.Generic.KDV.607232 NOD32 = a variant of Win32/Mediyes.F
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2012:03:23 00:15:08-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 151552 Initialized Data Size : 65536 Uninitialized Data Size : 0 Entry Point : 0x14a1a OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-04-27 05:08:20
VirusShare info last updated 2012-07-26 01:09:25

	MD5	f2556597bac15c52c4cabbb128069470
	SHA1	24447057a58989815b2efaf7dad1fc6b60ee1a17
	SHA256	6a1d2ca113eae263a146d3f9c250177dc05d3692f3a6ec5b97982daf95f0efcc
SSDeep	3072:ABpo75UlmOFk81yDdSWqEa1ZoRyXsa/QYjiaSbmt5AGYrH:5FHWNnt1/8gxiaSbKnYr
Size	212992 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Pirminay Ikarus = Trojan.Win32.Pirminay Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Artemis!F2556597BAC1 Kaspersky = Trojan.Win32.Pirminay.rti Fortinet = W32/Pirminay.RTI!tr McAfee = Generic.dx!bd3x F-Secure = Gen:Variant.Graftor.19514 AVG = Generic27.CLAU GData = Gen:Variant.Graftor.19514 BitDefender = Gen:Variant.Graftor.19514 NOD32 = probably a variant of Win32/Mediyes.F
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2011:12:17 21:54:10-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 147456 Initialized Data Size : 61440 Uninitialized Data Size : 0 Entry Point : 0x1356a OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.3.0.0 Product Version Number : 2.3.0.0 File Flags Mask : 0x0017 File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Works Ltd. File Description : Workstation Service Loader File Version : 2.3.0.0 Internal Name : wssl.dll Legal Copyright : (c) 2009 Works Ltd. Original Filename : wssl.dll Product Name : Workstation Service Loader Product Version : 2.3.0.0
VirusTotal Report submitted 2012-04-15 09:41:20
VirusShare info last updated 2012-07-26 01:10:23

	MD5	f28822c3008ff4d07aa980dfb8b5049b
	SHA1	fe81571c4758b71523d263ce450ca06c7df026b4
	SHA256	ca43c51f611cef5439af82768d2a59e3ee5a108cea46528469c1521002c52d88
SSDeep	3072:OO3Wq+pvMWmE+f7k0PXD49irhaY5357YrY5H1z9vS/3tQvA:WFNM997FFUYvv1wuY
Size	221184 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:Trojan-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Mediyes nProtect = Trojan/W32.Agent.221184.ABY K7AntiVirus = Riskware VirusBuster = Trojan.Pirminay!EDokfyotzpM Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Artemis!F28822C3008F DrWeb = Trojan.Hosts.5792 Kaspersky = HEUR:Trojan.Win32.Generic Fortinet = W32/Mediyes.F Jiangmin = Trojan/Pirminay.aqi McAfee = Generic.dx!bdzf F-Secure = Gen:Variant.Barys.596 F-Prot = W32/Mediyes.D.gen!Eldorado AVG = Agent.7.G Norman = W32/Troj_Generic.BDBKV GData = Gen:Variant.Zusy.4597 BitDefender = Gen:Variant.Barys.596 NOD32 = a variant of Win32/Mediyes.F
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2012:03:23 00:15:08-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 151552 Initialized Data Size : 65536 Uninitialized Data Size : 0 Entry Point : 0x14a1a OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.3.0.0 Product Version Number : 2.3.0.0 File Flags Mask : 0x0017 File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Works Ltd. File Description : Workstation Service Loader File Version : 2.3.0.0 Internal Name : wssl.dll Legal Copyright : (c) 2009 Works Ltd. Original Filename : wssl.dll Product Name : Workstation Service Loader Product Version : 2.3.0.0
VirusTotal Report submitted 2012-04-17 06:11:26
VirusShare info last updated 2012-07-26 01:10:26

	MD5	fb12798b3284f3e716b970c229d53f1c
	SHA1	e4a9b2acb8429cf90c2e806a11b884df90588537
	SHA256	b46481df9b4e688f8b376f3cacdbe4bb8dd5df54921a5b5db7da9c34a431c029
SSDeep	6144:UdZwMwfFOInjZ5O/ETBz7owfbzS+ZXaFqqDLuI0:UdZwMwflnaS7pzS+ZxqnuI0
Size	201728 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.XPACK.Gen Avast = Win32:MalOb-HH [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Vundo Panda = Suspicious file Rising = Trojan.Win32.Generic.1289B667 nProtect = Trojan-Clicker/W32.SuperJuan.201728 K7AntiVirus = Adware VirusBuster = Adware.SuperJuan!vC14Bi2dd+g eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R4FC1IE Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-MSFake McAfee-GW-Edition = Generic PUP.z!gp DrWeb = Trojan.Juan.522 TrendMicro = TROJ_GEN.R4FC1IE Kaspersky = not-a-virus:AdWare.Win32.SuperJuan.acnr Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen Jiangmin = Adware/SuperJuan.abs McAfee = Generic PUP.z!gp F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.BHDT Norman = Vundo.UVP Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Gen:Variant.Vundo.4 NOD32 = probably a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2005:04:06 01:46:12-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 167936 Initialized Data Size : 86016 Uninitialized Data Size : 0 Entry Point : 0x29657 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.3.2600.5512 Product Version Number : 5.3.2600.5512 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : Neutral Character Set : Unicode Company Name : Microsoft Corporation File Description : WDM Tee/Communication Transform Filter File Version : 5.3.2600.5512 (xpsp.080413-2108) Internal Name : mstee.sys Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : mstee.sys Product Name : Microsoft(R) Windows(R) Operating System Product Version : 5.3.2600.5512
VirusTotal Report submitted 2012-04-25 00:50:49
VirusShare info last updated 2012-07-26 01:11:00

	MD5	febfcf85150f1923d4d146bae543a68d
	SHA1	0466f66bde31e88531d851898ef52f0092254cc2
	SHA256	4038010384bbc834eeb41f7c91bc55f7e89d1558e57b2efb759106b934e78083
SSDeep	3072:EBpZMWffUMzI00KrlAKnBHwdnMRwaDdSO:ELUMzL0KnBQVonN
Size	114688 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-GD [Cryp] Antiy-AVL = Trojan/Win32.Agent2 Ikarus = Trojan.Win32.Pirminay Panda = Trj/Genetic.gen K7AntiVirus = Riskware eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R4FCDA4 Emsisoft = Trojan.Win32.Pirminay!IK Comodo = TrojWare.Win32.Agent.onm CAT-QuickHeal = Trojan.Agent2.enpb DrWeb = Trojan.Siggen3.42285 TrendMicro = TROJ_GEN.R4FCDA4 Kaspersky = Trojan.Win32.Agent2.enpb Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Vundo Jiangmin = Trojan/Agent.evtk McAfee = Artemis!FEBFCF85150F F-Secure = Gen:Variant.Vundo.13 F-Prot = W32/Virtumonde.CH.gen!Eldorado Norman = W32/Suspicious_Gen2.UOBFX Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.13 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.ndi BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.NDI
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:09:23 03:29:11-04:00 PE Type : PE32 Linker Version : 5.12 Code Size : 45056 Initialized Data Size : 102400 Uninitialized Data Size : 0 Entry Point : 0x8131 OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.0.2134.1 Product Version Number : 5.0.2134.1 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Drdqvcasxqo File Description : Control Panel Console Applet File Version : 5.00.2134.1 Internal Name : Console Legal Copyright : Copyright (C) Tpfkytyvm Corp. 1981-1999 Original Filename : CONSOLE.DLL Product Name : Vhnvgfrur(R) Pnqxxto (R) 2000 Wqrkstcaa Jqirqf Product Version : 5.00.2134.1
VirusTotal Report submitted 2012-04-14 23:24:16
VirusShare info last updated 2012-07-26 01:11:26

	MD5	2b088e5f836796ea7ed5e609ed98a5aa
	SHA1	8c175c3e9f2a467f293046ce0177d1c47331aba6
	SHA256	82aa3b09812ace44f5be46710202163dd137ca961ae770070e48cb8ed2104888
SSDeep	1536:wPGz7YRN63fiRTNZtTWzSteG6XijY/LERpK2iKAXM3QGopC/1tJ:hYRY6CzRXixfQGopC/fJ
Size	114176 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.AV.572 Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.FakeAV Panda = Trj/Genetic.gen K7AntiVirus = Riskware eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_MONDR.SMUM Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Vundo!lg DrWeb = Trojan.Virtumod.9851 TrendMicro = TROJ_MONDR.SMUM Kaspersky = Trojan.Win32.Monder.drjy Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Monder.BMF!tr PCTools = Trojan.Gen Jiangmin = Trojan/Monder.aamm McAfee = Vundo!lg F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.CFBI Norman = Monder.M Sophos = Troj/Virtum-Gen Symantec = Trojan.Gen GData = Gen:Variant.Vundo.13 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.lxf BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:06:17 01:37:32-04:00 PE Type : PE32 Linker Version : 5.12 Code Size : 57344 Initialized Data Size : 102400 Uninitialized Data Size : 0 Entry Point : 0xafd6 OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 9.0.32.3 Product Version Number : 9.0.32.3 File Flags Mask : 0x003f File Flags : Pre-release File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 6 Language Code : English (U.S.) Character Set : Unicode Company Name : Marvell File Description : NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller File Version : 9.0.32.3 built by: WinDDK Internal Name : YK60X86.sys Legal Copyright : ©Copyright 2002-2006 Marvell®. All rights reserved. Original Filename : YK60X86.sys Product Name : Marvell Yukon Ethernet Controller Product Version : 9.0.32.3
VirusTotal Report submitted 2012-03-30 07:49:00
VirusShare info last updated 2012-07-26 01:19:56

	MD5	43322e1e53041815d5c5b72cda4c58e8
	SHA1	ea19b164a2857d3beff652c77e920a85780d1e6d
	SHA256	89b5368923bc2746b293004bde0b25027efb9cfacdaab442039ab23cafc59a5f
SSDeep	3072:tcR67mh6YVYFnaR2BOrDICnlMl9NlC3sse3OqdSct:S5rCSsqg9acR3V
Size	112128 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-GD [Cryp] Antiy-AVL = Trojan/Win32.Genome Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.HDC Panda = Suspicious file nProtect = Trojan/W32.Vundo.112128.B K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!dQSBi+1mYlE eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R4FC1IF Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Genome.xbol McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.WinSpy.1261 TrendMicro = TROJ_GEN.R4FC1IF Kaspersky = Trojan.Win32.Genome.xbol Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/VUNDO.LB!tr PCTools = Trojan.Gen McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.13 VIPRE = Virtumonde eSafe = Win32.TRVundo F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.ZVC Norman = W32/Kryptik.AIF Sophos = Mal/Generic-L GData = Gen:Variant.Vundo.13 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.NDI
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:18 16:37:34-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 61440 Initialized Data Size : 94208 Uninitialized Data Size : 0 Entry Point : 0xc171 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 0.3.0.0 Product Version Number : 6.0.5479.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 1 Language Code : English (U.S.) Character Set : Unicode Company Name : Mujugavzr Ipyszyqabbe File Description : Canon BJ Mini Printer Driver File Version : 6.0.5479.0 (vbl_wcp_d2_drivers.060616-1619) Internal Name : CNB80.DLL Legal Copyright : © Ckepiclsx Uzudgoymaxf. All rights reserved. Original Filename : CNB80.DLL Product Name : Xlzuhwnww® Qcleyez® Cqlthejky Zxanjr Product Version : 6.0.5479.0
VirusTotal Report submitted 2012-04-04 14:19:05
VirusShare info last updated 2012-07-26 01:22:13

	MD5	5c724289284eec28150d750a6b8432ae
	SHA1	15536b1beb77eeeb7d921180776a11fc6b768eca
	SHA256	0fda6c2cef1386ee66e038a0a34cf399807b441d9e409293ecd46dc8ce965907
SSDeep	1536:tPGz7YYX6koi60TNZtEH/MhG6XijYFLERpK2iKAXM3QGoh6C/1tJ:oYYKMc/mXivfQGoh6C/fJ
Size	114176 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.AV.572 Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.FakeAV Panda = Trj/Genetic.gen nProtect = Trojan/W32.Vundo.114176.C K7AntiVirus = Riskware VirusBuster = Trojan.Monder!XopjhkIouLY VBA32 = Trojan.Monder.drjy eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_MONDR.SMUM Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Monder.drjy McAfee-GW-Edition = Vundo!ox DrWeb = Trojan.Virtumod.9851 TrendMicro = TROJ_MONDR.SMUM Kaspersky = Trojan.Win32.Monder.drjy Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Monder.DRJY!tr PCTools = Trojan.Vundo Jiangmin = Trojan/Monder.aamm McAfee = Vundo!ox ClamAV = W32.Trojan.Vundo-320 F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) eSafe = Win32.TRVundo.Av F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.CFBI Norman = Monder.M Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.13 Symantec = Trojan.Vundo!gen9 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.lxf BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:06:17 01:37:32-04:00 PE Type : PE32 Linker Version : 5.12 Code Size : 57344 Initialized Data Size : 102400 Uninitialized Data Size : 0 Entry Point : 0xafd6 OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 9.0.32.3 Product Version Number : 9.0.32.3 File Flags Mask : 0x003f File Flags : Pre-release File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 6 Language Code : English (U.S.) Character Set : Unicode Company Name : Marvell File Description : NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller File Version : 9.0.32.3 built by: WinDDK Internal Name : YK60X86.sys Legal Copyright : ©Copyright 2002-2006 Marvell®. All rights reserved. Original Filename : YK60X86.sys Product Name : Marvell Yukon Ethernet Controller Product Version : 9.0.32.3
VirusTotal Report submitted 2012-04-23 17:06:51
VirusShare info last updated 2012-07-26 01:24:04

	MD5	6edec15dc565265e443ba75950b05376
	SHA1	2a763d477c12eb1327dd2c737f9ac103ea41459b
	SHA256	b4c6a73ed231bd09ead8f919f1a7960cc4cd44dd4fb72badc0dd30eb2bb26228
SSDeep	1536:Ga9vdlEGHFYEjHKK4b0rF9leTJJhabHLWB2vDhBEQta9ukQf:RdlEiFYAKfa9leFJhcLRreEkQf
Size	76800 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Trj/Genetic.gen nProtect = Trojan/W32.Monder.76800.C K7AntiVirus = Riskware VirusBuster = Trojan.Monder.Gen.7 eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R4FC1H8 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Monder.noxa McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.Click1.61036 TrendMicro = TROJ_GEN.R4FC1H8 Kaspersky = Trojan.Win32.Monder.noxa Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Monder.BMF!tr PCTools = Trojan.Gen Jiangmin = Trojan/Monder.abee McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.YJO Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.ndi BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.NDI
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:06:29 07:32:37-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 32768 Initialized Data Size : 90112 Uninitialized Data Size : 0 Entry Point : 0x4add OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 2 Language Code : Neutral Character Set : Unicode Company Name : Microsoft Feyzmogvamr File Description : Greenlandic Keyboard Layout File Version : 6.0.6000.16386 (edkrn_rtm.061101-2205) Internal Name : kbdgrlnd (3.13) Legal Copyright : © Oscyawtxx Pxpucqjdtev. All rights reserved. Original Filename : kbdgrlnd.dll Product Name : Vhrnqseir® Eipvpsk® Bxmonqxom Vrwqts Product Version : 6.0.6000.16386
VirusTotal Report submitted 2012-04-26 06:13:21
VirusShare info last updated 2012-07-26 01:24:47

	MD5	740dccc851fb693641d4881c00a6ae53
	SHA1	ac9805af54b2bbc5bb768eeeeb907ca2e90551f4
	SHA256	9ff3f9ca52e0e2260e829b2b8604f54c43a63fb97a8833477acc34ed22baa7d0
SSDeep	3072:SFdACarROxQQBE8TzQlhTDa8UgdnYqeRBJzN:mdACagxQMTzKTDautYqOBN
Size	121344 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.307200 Avast = Win32:MalOb-GD [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Vundo Panda = Suspicious file K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!bVIHp5qOn84 eTrust-Vet = Win32/Vundo.H!generic Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Vundo McAfee-GW-Edition = Artemis!740DCCC851FB Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Vundo Jiangmin = Trojan/Generic.jgbm McAfee = Vundo!ou F-Secure = Gen:Variant.Vundo.13 F-Prot = W32/Virtumonde.CD.gen!Eldorado AVG = Generic22.AAHO Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen Symantec = Trojan.Vundo!gen9 GData = Gen:Variant.Vundo.13 Commtouch = W32/Virtumonde.CD.gen!Eldorado BitDefender = Gen:Variant.Vundo.13 NOD32 = probably a variant of Win32/Kryptik.SYI
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:11 08:19:23-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 40960 Initialized Data Size : 122880 Uninitialized Data Size : 0 Entry Point : 0x7565 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 4.0.0.0 Product Version Number : 4.0.0.0 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Zilrghjkm Lurtfjpgopq File Description : License Compliance Wizard File Version : 4.00 Internal Name : LCWIZ.EXE Legal Copyright : Copyright © 1996 Entqyjqhw Corporation Original Filename : LCWIZ.EXE Product Name : License Compliance Wizard Product Version : 4.00
VirusTotal Report submitted 2012-03-29 10:14:35
VirusShare info last updated 2012-07-26 01:24:56

	MD5	95390a723d6768215a98fa682cfb7dad
	SHA1	2699f687abfae443ba2d1b24f7696321eca0232f
	SHA256	a38e7d66b303ba324834af732929bc5bede915da80a9ef8468af8499ab878eb0
SSDeep	3072:6O0Whq1drk+NlyD1LWtv0aHa5pyckynXodjk2QMwwI7tRObNcI:A/fmSdzcT0mMwwguNr
Size	212992 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Pirminay Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Mediyes K7AntiVirus = Trojan VBA32 = Trojan.Pirminay.rga Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Artemis!95390A723D67 DrWeb = Trojan.Hosts.5800 Kaspersky = Trojan.Win32.Pirminay.rga Microsoft = Trojan:Win32/Mediyes.C Fortinet = W32/Pirminay.RGA!tr Jiangmin = Trojan/Pirminay.aqj McAfee = Generic.dx!b2ad F-Secure = Gen:Variant.Barys.596 F-Prot = W32/Mediyes.D.gen!Eldorado AVG = Agent3.BLOQ Sophos = Mal/Mediyes-D GData = Gen:Variant.Barys.596 BitDefender = Gen:Variant.Barys.596 NOD32 = probably a variant of Win32/Mediyes.F
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2011:12:28 21:36:30-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 147456 Initialized Data Size : 61440 Uninitialized Data Size : 0 Entry Point : 0x1363a OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.3.0.0 Product Version Number : 2.3.0.0 File Flags Mask : 0x0017 File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Works Ltd. File Description : Workstation Service Loader File Version : 2.3.0.0 Internal Name : wssl.dll Legal Copyright : (c) 2009 Works Ltd. Original Filename : wssl.dll Product Name : Workstation Service Loader Product Version : 2.3.0.0
VirusTotal Report submitted 2012-04-19 06:09:56
VirusShare info last updated 2012-07-26 01:26:06

	MD5	a3c20ebcdb64c25a2cd038491a5db891
	SHA1	506421468afc62b7e29553b4b45718af286b80fc
	SHA256	948290de56a5bdd3ca1c1a3d056b2ce7af6bfbfbcf36ac483714a4acabcaaf7e
SSDeep	3072:s/inI2Lh3lsgQHqfjVFufHPV91sZ6Pl0bGbdLrMvKY8akH7:s/iI291sgz2Px46fbdMvRQ7
Size	150016 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.307200 Avast = Win32:Vundo-JU [Trj] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Vundo Panda = Generic Trojan nProtect = Trojan/W32.Vundo.150016.B K7AntiVirus = Riskware eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R26CCD6 Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[Cont] McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.Virtumod.10208 TrendMicro = TROJ_GEN.R26CCD6 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Monder.abyl McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Cryptic.DSU Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen Symantec = Trojan.Gen GData = Gen:Variant.Vundo.4 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.lxf BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:04:14 23:19:50-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 94208 Initialized Data Size : 102400 Uninitialized Data Size : 0 Entry Point : 0x13f35 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 2 Language Code : Neutral Character Set : Unicode Company Name : Wdtozaoqi Wnrxmqwlglv File Description : Arabic_French_102 Keyboard Layout File Version : 6.0.6000.16386 (tvvmg_rtm.061101-2205) Internal Name : kbda3 (3.13) Legal Copyright : © Vcnhbzhqo Yhetcarnakf. All rights reserved. Original Filename : kbda3.dll Product Name : Juionegxd® Wphxkgi® Yxfjtgdks Ygmtbf Product Version : 6.0.6000.16386
VirusTotal Report submitted 2012-04-19 10:44:36
VirusShare info last updated 2012-07-26 01:26:42

	MD5	b5470c56a561d7a48dbe1564dc8c29b4
	SHA1	a696651d56db7b3b502aa1db3c85b5c02270e42a
	SHA256	7ae4e3332b381289683d346871f080061ba0cc5c67a78a97b47bafb3c336507d
SSDeep	3072:d83UjwlaOzkmMyDmgPGPFacACKHdKwmr8P+E/mXtaOtGX2zGYrH:vTkb0U/9i4P+EOwXvYr
Size	212992 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Mediyes K7AntiVirus = Trojan VirusBuster = Trojan.Mediyes!uOlbhLRSzYM Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Artemis!B5470C56A561 DrWeb = Trojan.Hosts.5800 Kaspersky = Trojan.Win32.Pirminay.rva Microsoft = Trojan:Win32/Mediyes.C Fortinet = W32/Pirminay.D!tr Jiangmin = Trojan/Pirminay.aqr McAfee = Artemis!B5470C56A561 F-Secure = Gen:Variant.Barys.596 F-Prot = W32/Mediyes.D.gen!Eldorado AVG = Generic27.CLQM Sophos = Mal/Mediyes-D GData = Gen:Variant.Barys.596 BitDefender = Gen:Variant.Barys.596 NOD32 = probably a variant of Win32/Mediyes.F
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2011:12:17 21:29:44-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 147456 Initialized Data Size : 61440 Uninitialized Data Size : 0 Entry Point : 0x1356a OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.3.0.0 Product Version Number : 2.3.0.0 File Flags Mask : 0x0017 File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Works Ltd. File Description : Workstation Service Loader File Version : 2.3.0.0 Internal Name : wssl.dll Legal Copyright : (c) 2009 Works Ltd. Original Filename : wssl.dll Product Name : Workstation Service Loader Product Version : 2.3.0.0
VirusTotal Report submitted 2012-04-19 04:42:05
VirusShare info last updated 2012-07-26 01:27:35

	MD5	c1afd0de18dede11b2aa83b5d6f932d2
	SHA1	8eaf4e96d586cdd2fcaa6a3600244df7688f63bf
	SHA256	f9f0ec299b741c5dff66743971055f9480fecbfdf65dc92280f9806e7ddf6bdb
SSDeep	3072:NJhEKlKOakEAyD1SHaUaFiRy6saAEN+KbCtR0GYrHPv:pmxNr9RDw+Kb+bYrvv
Size	212992 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Mediyes Rising = Trojan.Win32.Generic.12C1296E VirusBuster = Trojan.Mediyes!o20cxHYmn58 Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Artemis!C1AFD0DE18DE Kaspersky = Trojan.Win32.Pirminay.rmr Fortinet = W32/Pirminay.RMR!tr Jiangmin = Trojan/Pirminay.aqr McAfee = Generic.dx!bdzn F-Secure = Gen:Variant.Barys.596 F-Prot = W32/Mediyes.D.gen!Eldorado AVG = Generic27.CPQS Norman = W32/Suspicious_Gen4.AAYTR GData = Gen:Variant.Barys.596 BitDefender = Gen:Variant.Barys.596 NOD32 = probably a variant of Win32/Mediyes.F
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2011:12:17 21:19:13-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 147456 Initialized Data Size : 61440 Uninitialized Data Size : 0 Entry Point : 0x1356a OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.3.0.0 Product Version Number : 2.3.0.0 File Flags Mask : 0x0017 File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Works Ltd. File Description : Workstation Service Loader File Version : 2.3.0.0 Internal Name : wssl.dll Legal Copyright : (c) 2009 Works Ltd. Original Filename : wssl.dll Product Name : Workstation Service Loader Product Version : 2.3.0.0
VirusTotal Report submitted 2012-04-17 08:14:54
VirusShare info last updated 2012-07-26 01:28:10

	MD5	c51bf504cef184beb24ed5ee689f7b49
	SHA1	0cd28b54d7a758b4b8c9d421fe91fd5d5a9eb9d5
	SHA256	92a1c181de4a25b8ad0077a5e491129861d956ebe6b590c508c07a8d98b900d4
SSDeep	3072:EKdfDp1SP5EZWXsfxovRJQF1oxMqqDLy/xX0:hl127R6DqqDLu
Size	155648 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-HH [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Vundo Panda = Trj/Genetic.gen nProtect = Trojan/W32.Vundo.155648.D K7AntiVirus = Riskware eTrust-Vet = Win32/Vundo.H!generic Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Artemis!C51BF504CEF1 DrWeb = Trojan.Click1.54924 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Vundo Jiangmin = Trojan/Generic.iqrf McAfee = Vundo!ow F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Cryptic.CZO Norman = W32/Vundo.BGVN Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = Trojan.Vundo!gen9 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Genome.sqdx BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:22 10:44:33-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 110592 Initialized Data Size : 86016 Uninitialized Data Size : 0 Entry Point : 0x17802 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 2 Language Code : Neutral Character Set : Unicode Company Name : Microsoft Corporation File Description : Ukrainian (Enhanced) Keyboard Layout File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : kbdur1 (3.13) Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : kbdur1.dll Product Name : Microsoft® Windows® Operating System Product Version : 6.1.7600.16385
VirusTotal Report submitted 2012-04-04 00:32:47
VirusShare info last updated 2012-07-26 01:28:19

	MD5	c7765d9c90ff10144cc6d711bd0c14d4
	SHA1	3e1578d7089b9bf298ee1ae8a1c6d09e5131be50
	SHA256	9dbec39d1148ed2297b69d222179155232ad8ba311ae16b7acdd31ae70308ff5
SSDeep	3072:sRJllQ0+Lma4/8jQl63x2kk4DzIqJiM+BCqJhrcoLzQxd5Rc7tJ7wotv0XQd:srFMma4/am63x2kkezItHL0A7L7wR8
Size	207301 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Jorik Ikarus = Trojan-Downloader.Win32.Ponmocup AhnLab-V3 = Trojan/Win32.Pirminay Panda = Suspicious file nProtect = Trojan.Generic.6471002 K7AntiVirus = Riskware VirusBuster = Trojan.Injector!oYqzTkRGDHw VBA32 = Trojan.Jorik.Pirminay.agx TrendMicro-HouseCall = TROJ_SPNR.2FAC12 Comodo = UnclassifiedMalware Emsisoft = Trojan-Downloader.Win32.Ponmocup!IK CAT-QuickHeal = Trojan.Jorik.Pirminay.asu McAfee-GW-Edition = Generic Malware.ms TrendMicro = TROJ_SPNR.2FAC12 Kaspersky = Trojan.Win32.Jorik.Pirminay.asu Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Malware_fam.NB PCTools = Trojan.ADH Jiangmin = Trojan/Generic.kfzm McAfee = Generic Malware.ms F-Secure = Trojan.Generic.6471002 VIPRE = Trojan.Win32.Generic!BT eSafe = Win32.TRDropper AVG = Dropper.Generic4.AGCC Norman = W32/Suspicious_Gen2.RTCXX Sophos = Troj/Virtum-Gen GData = Trojan.Generic.6471002 Symantec = Trojan.ADH.2 TheHacker = Trojan/Injector.ivb BitDefender = Trojan.Generic.6471002 NOD32 = a variant of Win32/Kryptik.UFA
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 16384 Initialized Data Size : 200704 Uninitialized Data Size : 0 Entry Point : 0x128a OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.0 Product Version Number : 5.2.3790.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 2 Language Code : Neutral Character Set : Unicode Company Name : Ybbilpirn Nffnjwnvion File Description : Greek IBM 220 Keyboard Layout File Version : 5.2.3790.0 (srv03_rtm.030324-2048) Internal Name : kbdhe220 (3.12) Legal Copyright : © Cfaqrdcll Xtfahgmpgno. All rights reserved. Original Filename : kbdhe220.dll Product Name : Wjkjumarx® Dmyhfkv® Uxgdmjzwa Tesldj Product Version : 5.2.3790.0
VirusTotal Report submitted 2012-04-17 11:42:34
VirusShare info last updated 2012-07-26 01:28:31

	MD5	d34d8fbd72296522f75bee16b023ad66
	SHA1	98cd879ea50230abab4e0d885ab8aa03e5d80c28
	SHA256	7609c870d1128e1d00ae00bb88a714992eaa7082df78c97d6892ab376d6d8404
SSDeep	6144:FLNRxiwP07qfthLz6eyXvsepNZxeUVGX+fAVOZ5g:FBDP07qfPz5yXvboVAAVOZ5g
Size	231424 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.XPACK.Gen Avast = Win32:Downloader-JOJ [Trj] Ikarus = Trojan.Win32.Jorik AhnLab-V3 = Trojan/Win32.Jorik Panda = Trj/CI.A K7AntiVirus = Trojan-Downloader VirusBuster = Trojan.Injector!MXAkSl8QdDI VBA32 = TrojanDownloader.Qhost.jw TrendMicro-HouseCall = TROJ_RENOS.BMC Comodo = TrojWare.Win32.Trojan.Agent.Gen Emsisoft = Trojan.Win32.Jorik!IK CAT-QuickHeal = Trojan.Jorik.Pirminay.jd McAfee-GW-Edition = Downloader.a!zl DrWeb = Trojan.DownLoader4.37379 TrendMicro = TROJ_RENOS.BMC Kaspersky = Trojan.Win32.Jorik.Pirminay.jd Microsoft = TrojanDownloader:Win32/Renos.KC Fortinet = W32/Jorik.K!tr PCTools = Downloader.Generic Jiangmin = Trojan/Generic.hxys McAfee = Downloader.a!zl F-Secure = Gen:Variant.Graftor.314 VIPRE = Trojan.Win32.Generic!BT F-Prot = W32/Renos.HQ AVG = Dropper.Generic4.ZCB Norman = W32/Obfuscated.L Sophos = Troj/Virtum-Gen GData = Gen:Variant.Graftor.314 Symantec = Downloader Commtouch = W32/Renos.HQ TheHacker = Trojan/Jorik.Pirminay.jd BitDefender = Gen:Variant.Graftor.314 NOD32 = a variant of Win32/Injector.HZU
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 229376 Initialized Data Size : 4096 Uninitialized Data Size : 32768 Entry Point : 0x40950 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 0.3.1536.1 Product Version Number : 1.10.2.11 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : CANON INC. File Description : Canon Inkjet Printer Driver File Version : 1.10.2.11 (fbl_dox_dev_ihvs.081016-1807) Internal Name : CNBBRxxx.DLL Legal Copyright : Copyright CANON INC. 2008 All Rights Reserved Original Filename : CNBBRxxx.DLL Product Name : Canon Inkjet Printer Driver Product Version : 1.10.2.11
VirusTotal Report submitted 2012-04-19 02:17:54
VirusShare info last updated 2012-07-26 01:29:03

	MD5	e0925528278f54d1a1617ef5aa1b090e
	SHA1	de6186ceddddf8133e7a0013cfe46583444aaf7d
	SHA256	ef23322da354ae4b8abfff93e9f6ebae6b4ae7688c8ac17b14d27fe5e49c01f6
SSDeep	3072:po9SNHlH7stBHG3kur4usaO2pgodR88yPwsUPzjiIVsT:pASfsPm3kurzsaNbdR88yPiPzj1s
Size	132608 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:MalOb-HH [Cryp] Ikarus = Trojan.Win32.Pirminay nProtect = Trojan/W32.Vundo.132608 K7AntiVirus = Riskware VirusBuster = Trojan.Monder!7vMBgNShvwI eTrust-Vet = Win32/Vundo.H!generic Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Monder.nplo McAfee-GW-Edition = Artemis!E0925528278F DrWeb = Trojan.Juan.581 Kaspersky = Trojan.Win32.Monder.nplo Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = HeurEngine.MaliciousPacker Jiangmin = Adware/SuperJuan.aef McAfee = Artemis!E0925528278F F-Secure = Gen:Variant.Vundo.4 F-Prot = W32/Virtumonde.BZ.gen!Eldorado AVG = Vundo.MH Norman = W32/Troj_Generic.ASXMY Symantec = Packed.Generic.305 GData = Gen:Variant.Vundo.4 Commtouch = W32/Virtumonde.BZ.gen!Eldorado BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.PLI
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:01:06 22:52:27-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 123392 Initialized Data Size : 45056 Uninitialized Data Size : 0 Entry Point : 0x1f099 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : VC 4.x CRT DLL (Forwarded to msvcrt.dll) File Version : 6.0.6000.16386 (vista_rtm.061101-2205) Internal Name : msvcrt40.dll Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : msvcrt40.dll Product Name : Microsoft® Windows® Operating System Product Version : 6.0.6000.16386
VirusTotal Report submitted 2012-04-04 18:10:40
VirusShare info last updated 2012-07-26 01:29:37

	MD5	ee449240bdf0577bb6c5d466f0d0625e
	SHA1	c093f0063861fd58b7fa376578b2b6c8597e874b
	SHA256	16a58f1af4cafeeed966eda1ad137339dc9ba4625fc70004313d5a80405da549
SSDeep	3072:s0cWRMAvyimbEuz7qC6GvhA851XAgwSiS6/SMGuiKcDocAX01Xxq+yb4VICammdU:pkF5OLXb6lvLL
Size	196608 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay Panda = Suspicious file nProtect = Trojan.Generic.KDV.607355 K7AntiVirus = Riskware VBA32 = Trojan.Pirminay.rrw TrendMicro-HouseCall = TROJ_GEN.R3EC7DR Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Generic.dx!b2c4 DrWeb = Trojan.Hosts.5824 TrendMicro = TROJ_GEN.R3EC7DR Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Mediyes.C Fortinet = W32/Mediyes.FA!tr Jiangmin = Trojan/Pirminay.ara McAfee = Generic.dx!b2c4 F-Secure = Trojan.Generic.KDV.607355 VIPRE = Trojan.Win32.Generic!BT AVG = Generic27.COAR Norman = W32/Troj_Generic.BKQWS GData = Trojan.Generic.KDV.607355 TheHacker = Trojan/Pirminay.rrw BitDefender = Trojan.Generic.KDV.607355 NOD32 = probably a variant of Win32/Mediyes.F
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2011:11:29 19:07:48-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 135168 Initialized Data Size : 57344 Uninitialized Data Size : 0 Entry Point : 0x116ca OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-04-28 18:25:27
VirusShare info last updated 2012-07-26 01:29:59

	MD5	fce1b85b54d4ba974522e196172e6924
	SHA1	4ee35d4ae2a4980cfba21c18f2f312df19814ac8
	SHA256	4f3d131e10bb1f22c8141c61a90aba20da958ec1a3086fca8686269e34876d15
SSDeep	768:4GCMkuFRaRzdTq5G8r1od5NQoqQ2RTVut9y90q5W1yRM6/dT1bb1vaBfBof:cnzdTqnoLN3qQcSS5W1yiWhvwB
Size	106496 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/Win32.Monder.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Variant.106496.CH Panda = Suspicious file Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Win32.Trojan.Monder.cc.5 McAfee-GW-Edition = Artemis!FCE1B85B54D4 DrWeb = Trojan.Smardec.76 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Monder.BMF!tr Jiangmin = Trojan/Generic.ipss McAfee = Artemis!FCE1B85B54D4 F-Secure = Gen:Variant.Vundo.13 VIPRE = Virtumonde AVG = Generic22.ACPU Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.13 TheHacker = Trojan/Kryptik.ndc BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.NDC
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:11:03 15:11:13-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 20480 Initialized Data Size : 118784 Uninitialized Data Size : 0 Entry Point : 0x285e OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-04-20 12:52:56
VirusShare info last updated 2012-07-26 01:30:31

	MD5	0308d2b0770277ca437a2ebbb4f6defa
	SHA1	e157ff0848fa6c5df1fbbefad59797ccfe785cd7
	SHA256	63292f4cf4f0dd1cd6d8c0bd668ed9c89a85b604c032c37d3d217a3e81286e99
SSDeep	1536:CycLrRVZmrY6IAwCTNF0LlLw0H6ei5giItuc:YrRSrY6gCulU0H635giyuc
Size	86016 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-GD [Cryp] Ikarus = Trojan.Win32.Pirminay Panda = Trj/CI.A K7AntiVirus = Riskware eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R47CDDL Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Vundo!pd DrWeb = Trojan.WinSpy.1014 TrendMicro = TROJ_GEN.R47CDDL Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Vundo Jiangmin = Trojan/Monder.aben McAfee = Vundo!pd F-Secure = Gen:Variant.Vundo.5 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.ZPI Norman = W32/Vundo.BMHU Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.5 Symantec = Trojan.Vundo!gen9 Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Gen:Variant.Vundo.5 NOD32 = a variant of Win32/Kryptik.NDI
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:04:29 00:39:18-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 28672 Initialized Data Size : 90112 Uninitialized Data Size : 0 Entry Point : 0x3ebd OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2000.81.7713.0 Product Version Number : 8.0.7713.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Windows, Latin1 Platform : NT INTEL X86 Company Name : Fjalmlyaa Mtocnjdavqi File Description : ConnectTo VINES Net Library File Version : 2000.081.7713 Internal Name : DBMSVINN Legal Copyright : © 1988-2000 Wlkksqrlg Corp. All rights reserved. Legal Trademarks : Microsoft® is a registered trademark of Fbqeluxti Fsyvprppkwl. Uifruqk(TM) is a trademark of Vtmznvcjk Kavhqdghclm Original Filename : DBMSVINN.DLL Product Name : Uhfixktpl SQL Server Product Version : 08.00.7713 Comments : NT INTEL X86
VirusTotal Report submitted 2012-04-24 08:13:33
VirusShare info last updated 2012-07-26 01:31:16

	MD5	03d2cea82a11c9e52e1240a94db100d0
	SHA1	2f7a9debb432be950ca7ca8a4fe374a9cfd5e28d
	SHA256	7f7b244494f1ea683ed3fa479c1318b733937b601b94329f58cf8b37540d46fd
SSDeep	3072:d83UjwlaOzkmMyDmgPGPFacACKHdKwmr8P+E/mXtaOtGXoGYrH:vTkb0U/9i4P+EOwXfYr
Size	212992 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Pirminay Ikarus = Trojan.Win32.Pirminay VirusBuster = Trojan.Mediyes!uOlbhLRSzYM Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Artemis!03D2CEA82A11 Kaspersky = Trojan.Win32.Pirminay.rva Fortinet = W32/Pirminay.RVA!tr McAfee = Artemis!03D2CEA82A11 F-Secure = Gen:Variant.Graftor.19514 AVG = Generic27.CLQM GData = Gen:Variant.Graftor.19514 BitDefender = Gen:Variant.Graftor.19514 NOD32 = probably a variant of Win32/Mediyes.F
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2011:12:17 21:29:44-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 147456 Initialized Data Size : 61440 Uninitialized Data Size : 0 Entry Point : 0x1356a OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.3.0.0 Product Version Number : 2.3.0.0 File Flags Mask : 0x0017 File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Works Ltd. File Description : Workstation Service Loader File Version : 2.3.0.0 Internal Name : wssl.dll Legal Copyright : (c) 2009 Works Ltd. Original Filename : wssl.dll Product Name : Workstation Service Loader Product Version : 2.3.0.0
VirusTotal Report submitted 2012-04-15 09:41:36
VirusShare info last updated 2012-07-26 01:31:18

	MD5	0717b4dec1e9399f3b61cde593f228a3
	SHA1	d7f730314f99a1dbdbfc9ba250977cd8b11841ae
	SHA256	867389bad8c9bdc8aa3420dce01a83839ade7bf838aec4efe0ba5b795e02503d
SSDeep	1536:G5/vdt5RrESHKK4b0rf9leTJJhabHLWB2vDhBEQta6kQf:OdtTrtKfM9leFJhcLRre6kQf
Size	76800 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Trj/Genetic.gen nProtect = Trojan/W32.Monder.76800.C K7AntiVirus = Riskware VirusBuster = Trojan.Monder.Gen.7 eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R4FC1IE Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Monder.mvvj SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[Cont] McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.Click1.61036 TrendMicro = TROJ_GEN.R4FC1IE Kaspersky = Trojan.Win32.Monder.mvvj Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Monder.BMF!tr PCTools = Trojan.Gen Jiangmin = Trojan/Monder.abee McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.YJO Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.ndi BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.NDI
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:06:29 07:32:37-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 32768 Initialized Data Size : 90112 Uninitialized Data Size : 0 Entry Point : 0x4add OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 2 Language Code : Neutral Character Set : Unicode Company Name : Microsoft Feyzmogvamr File Description : Greenlandic Keyboard Layout File Version : 6.0.6000.16386 (edkrn_rtm.061101-2205) Internal Name : kbdgrlnd (3.13) Legal Copyright : © Oscyawtxx Pxpucqjdtev. All rights reserved. Original Filename : kbdgrlnd.dll Product Name : Vhrnqseir® Eipvpsk® Bxmonqxom Vrwqts Product Version : 6.0.6000.16386
VirusTotal Report submitted 2012-03-29 04:42:02
VirusShare info last updated 2012-07-26 01:31:28

	MD5	073cb46ea2b67058491f6fd6148e0f3f
	SHA1	9125c45fc99ca124d34e9f22176ba48a8f8e1516
	SHA256	24faaac3b2867d1454d1357f505b8d37478a236c1e402be2c467853a6376f1e6
SSDeep	1536:7GytkHXdwGwhhtS9KX+x5NKGeTdGh38aZl0EkKV:7GQkHN8hPiKdTdZREkK
Size	61440 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Menti Panda = Suspicious file nProtect = Trojan/W32.Agent.61440.BYZ K7AntiVirus = Riskware eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_KRYPTK.SMUW Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Menti.josn SUPERAntiSpyware = Trojan.Agent/Gen-Vundo McAfee-GW-Edition = Vundo!lm TrendMicro = TROJ_KRYPTK.SMUW Kaspersky = Trojan.Win32.Menti.josn Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.ctws F-Secure = Gen:Variant.Vundo.6 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Cryptic.BTF Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen Symantec = Trojan.Gen GData = Gen:Variant.Vundo.6 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.jhe BitDefender = Gen:Variant.Vundo.6 NOD32 = a variant of Win32/Kryptik.JHE
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:03:24 08:50:40-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 18944 Initialized Data Size : 78336 Uninitialized Data Size : 0 Entry Point : 0x5784 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.1830 Product Version Number : 5.2.3790.1830 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 6 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : MS Remote Access and Routing ARP Driver File Version : 5.2.3790.1830 (srv03_sp1_rtm.050324-1447) Internal Name : WANARP.SYS Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : WANARP.SYS Product Name : Microsoft® Windows® Operating System Product Version : 5.2.3790.1830
VirusTotal Report submitted 2012-04-04 09:47:14
VirusShare info last updated 2012-07-26 01:31:29

	MD5	0f7e333cc1e0e16a5fe235cf4aa69ef0
	SHA1	95985e314c523e6da0c2f0056d60ed7d060b3c91
	SHA256	6d2edd45e3db75f5ada3b8df28f2e7fdb6d4eac74de5624cc6f820936dcfa60f
SSDeep	1536:skzsOh+sg9x1pCAqT8JZMxMyHjX5l1AHy/KWUl8NqE3li/ZUiWzF:3450rTUfyHjXnyQUl8g6ohW
Size	110592 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-GD [Cryp] Antiy-AVL = Trojan/win32.agent.gen Ikarus = Trojan.Win32.Pirminay Panda = Suspicious file K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_GEN.R4FC3I7 Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Vundo McAfee-GW-Edition = Generic Malware.ms TrendMicro = TROJ_GEN.R4FC3I7 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Monder.BMF!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Generic.abawi McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) eSafe = Win32.TRVundo F-Prot = W32/Virtumonde.CD.gen!Eldorado AVG = Generic22.FJU Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CD.gen!Eldorado TheHacker = Trojan/Kryptik.llt BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LLT
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:04:17 16:01:18-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 53248 Initialized Data Size : 90112 Uninitialized Data Size : 0 Entry Point : 0xa589 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Umurgtliesc File Description : USB Consumer IR Driver for eHome File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : usbcir.sys Legal Copyright : © Memdxoahc Ebdlycklrog. All rights reserved. Original Filename : usbcir.sys Product Name : Microsoft® Eaxrtqf® Aulrnqkqx Rnshds Product Version : 6.1.7600.16385
VirusTotal Report submitted 2012-06-05 15:39:20
VirusShare info last updated 2012-07-26 01:31:58

	MD5	1382426a62bea795f0f379f8dbba2de9
	SHA1	4c730b2cdd6d467b5d2a28a37fbb0c3a475528b6
	SHA256	21c9afe21028b8c3e44077d447898c2d51bee9ea8cf019aa496532503b51733e
SSDeep	3072:RWky2nNDrQFKVlyMqqDLy/r57IgQkLQ+9edmX:R9PxqqDLurp9Qk+d
Size	135168 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-HH [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Gen Panda = Trj/CI.A K7AntiVirus = Riskware eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R11C1IE Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.WinSpy.1423 TrendMicro = TROJ_GEN.R11C1IE Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.ijyf McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.BFFM Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen Symantec = Trojan.Gen GData = Gen:Variant.Vundo.4 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.oxq BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.OXQ
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:11:13 09:36:23-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 61440 Initialized Data Size : 114688 Uninitialized Data Size : 0 Entry Point : 0xafca OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : Neutral Character Set : Unicode Company Name : Hewcyxdxd Tzsrnnhhrlc File Description : JP Japanese Keyboard Layout for (NEC PC-9800 on PC98-NX) File Version : 5.1.2600.0 (dawabqnj.010817-1148) Internal Name : kbdnecAT Legal Copyright : © Qlwybsatr Ktvyeyxsirh. All rights reserved. Original Filename : kbdnecAT.dll Product Name : Igxoirmth® Oqweavl® Zjbbkaltr Xfcbqv Product Version : 5.1.2600.0
VirusTotal Report submitted 2012-03-30 06:55:52
VirusShare info last updated 2012-07-26 01:32:11

	MD5	207063c5a97bc5fcde8152e3d49c8d33
	SHA1	6fa518f5975e9e48d2b621f00649397825395759
	SHA256	133939f690aa07aeb6581bf852168fe678c5226a93c2b3d912e17719de790851
SSDeep	3072:S+4q6rU50oY8ACndo3KcX0fxn9dFzdMqqDLy/:3ekvj00xFzOqqDLu
Size	131072 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:MalOb-HH [Cryp] Ikarus = Trojan.Win32.Pirminay Panda = Suspicious file nProtect = Trojan/W32.Genome.131072.E K7AntiVirus = Riskware VirusBuster = Trojan.Vundo.AKMH TrendMicro-HouseCall = TROJ_GEN.R47CDDE Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Artemis!207063C5A97B DrWeb = Trojan.WinSpy.1185 TrendMicro = TROJ_GEN.R47CDDE Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr Jiangmin = Trojan/Generic.oazs McAfee = Artemis!207063C5A97B F-Secure = Gen:Variant.Vundo.4 VIPRE = Virtumonde AVG = Vundo.MH Norman = Vundo.UVS Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 TheHacker = Trojan/Kryptik.lxf BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:05 18:48:40-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 86016 Initialized Data Size : 86016 Uninitialized Data Size : 0 Entry Point : 0x151a7 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-04-14 22:56:23
VirusShare info last updated 2012-07-26 01:32:52

	MD5	5da4ae3339d7924acb5a665c1a9d0dd2
	SHA1	3ccd5f87258c2e48502120bd1fd3531c29d7e344
	SHA256	d5ed0c793a1e4945f20013eb59547b468aaa43c1ecce6ad19b271ff665f7d9f4
SSDeep	1536:/ZqEfMucXU4jQaLkyMlWvg/kLlQSFH7Ow0WjdxxgPdJ8srdhH48HUlqim3oPUfL:/nM/k4jQaLk+4/WNxgPd93ULm3oPKL
Size	131072 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Vundo Panda = Generic Trojan K7AntiVirus = Riskware VirusBuster = Trojan.Vundo!6ABCOWgIhQ8 VBA32 = Trojan.Genome.ueob eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R45C2F7 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Vundo McAfee-GW-Edition = Vundo!mi DrWeb = Trojan.Click2.194 TrendMicro = TROJ_GEN.R45C2F7 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Virtumonde.MCZ!tr PCTools = Trojan.Gen McAfee = Vundo!mi F-Secure = Gen:Variant.Vundo.13 VIPRE = Virtumonde eSafe = Win32.TRVundo F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.BRYM Norman = W32/Kryptik.AIF GData = Gen:Variant.Vundo.13 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.ndc BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.NDC
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:09:07 16:43:52-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 65536 Initialized Data Size : 98304 Uninitialized Data Size : 0 Entry Point : 0xceaa OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.10.2600.822 Product Version Number : 5.10.2600.822 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Unicode Company Name : NVIDIA Corporation File Description : NVIDIA® nForce(TM) Sata Performance Driver File Version : 5.10.2600.0822 (NT.060926-1359) Internal Name : NVIDIA nForce(TM) SATA Driver Legal Copyright : Copyright(C) 2001-2006 NVIDIA Corporation Original Filename : nvstor.sys Product Name : NVIDIA nForce(TM) SATA Driver Product Version : 5.10.2600.0822
VirusTotal Report submitted 2012-04-23 22:19:09
VirusShare info last updated 2012-07-26 01:35:04

	MD5	9cf530e85ba87ccc83cd34cf18f6d7dd
	SHA1	0f3eeed92637282ca65a39bdaed318dbf1296bc8
	SHA256	96a11232c3e1efa721374453ec98f3a8676088080b7d53c963d859d0a6b6d07a
SSDeep	3072:1EiJ2qepvMWmE+fAb0PR5Iyh4ea6vIb5TfbYlJTD9rqN/3t7t+M:9E1NM99Aiho6vs6DlqNxL
Size	221184 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay Panda = Suspicious file VBA32 = Trojan.Pirminay.rdg Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Artemis!9CF530E85BA8 DrWeb = Trojan.Hosts.5792 Kaspersky = Trojan.Win32.Pirminay.rdm Microsoft = Trojan:Win32/Mediyes.C Fortinet = W32/Mediyes.FA!tr Jiangmin = Trojan/Pirminay.aqi McAfee = Artemis!9CF530E85BA8 F-Secure = Trojan.Generic.KDV.607335 VIPRE = Trojan.Win32.Generic!BT AVG = Agent.7.G Norman = W32/Troj_Generic.BJMQI Symantec = Trojan.Gen GData = Trojan.Generic.KDV.607335 TheHacker = Trojan/Pirminay.rdl BitDefender = Trojan.Generic.KDV.607335 NOD32 = a variant of Win32/Mediyes.F
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2012:03:23 01:28:44-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 151552 Initialized Data Size : 65536 Uninitialized Data Size : 0 Entry Point : 0x14a1a OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-04-26 01:38:33
VirusShare info last updated 2012-07-26 01:37:23

	MD5	b256832f85b58fcadcacf4b54b4c1db2
	SHA1	cda5b37951106e76ceda082057c1588b6ec78a67
	SHA256	85f35019137d5e485fa6b07686d67ca4addb5719efbb64dbaf1c4f4bec0350b9
SSDeep	3072:snVMo1LTMQqu9QEtb2IGlYjyJcwvTj2Mjj:Holu0QEt6Ib6sMH
Size	108032 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-GD [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Genome Panda = Suspicious file K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!UIZQOckm8wQ eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R4FC1IE Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[Cont] McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.Smardec.76 TrendMicro = TROJ_GEN.R4FC1IE Kaspersky = Trojan.Win32.Genome.vrtz Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Genome.akxn McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CD.gen!Eldorado AVG = Generic22.BYHN Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.13 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CD.gen!Eldorado BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.OXQ
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:06:19 13:18:21-04:00 PE Type : PE32 Linker Version : 5.12 Code Size : 57344 Initialized Data Size : 94208 Uninitialized Data Size : 0 Entry Point : 0xad49 OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Btxmalesx Qspoakhbhnb File Description : Shell scrap object handler File Version : 5.1.2600.0 (nfunjbyq.010817-1148) Internal Name : shole Legal Copyright : © Hcsqowbmc Gehywoayxwc. All rights reserved. Original Filename : SHSCRAP.DLL Product Name : Usvzfyxox® Bydffez® Makrhcoel Kkzetx Product Version : 5.1.2600.0
VirusTotal Report submitted 2012-03-29 10:21:44
VirusShare info last updated 2012-07-26 01:38:07

	MD5	b5ed69ab1bdea1aa0f440d107e1c9bc4
	SHA1	e0f1b2d4ea7436e8f9267c8e9ce592b654f5c11a
	SHA256	3778fc238e00ae08405372a7f8ecd02c06ed00980e8bf8bc1f62d93b37d308ee
SSDeep	3072:q3LJZJ7v+PhfmncasIYJD1VA/CAoYNKckLjHJYZqbY489YrRlynlHSk9:SRvKXa/5owIjHJxYbkJ
Size	233472 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.XPACK.Gen3 Avast = Win32:MalOb-HH [Cryp] Antiy-AVL = Trojan/Win32.Menti.gen Ikarus = Trojan.Win32.Pirminay Panda = Suspicious file K7AntiVirus = Riskware VBA32 = AdWare.SuperJuan.heur eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R72CDCF Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Menti.mzmd McAfee-GW-Edition = Vundo!oq DrWeb = Trojan.Click2.3751 TrendMicro = TROJ_GEN.R72CDCF Kaspersky = Trojan.Win32.Menti.mzmd Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Menti.fam!tr PCTools = Trojan.Vundo McAfee = Vundo!oq F-Secure = Gen:Variant.Vundo.7 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic27.AUOW Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.7 Symantec = Trojan.Vundo!gen9 Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Gen:Variant.Vundo.7 NOD32 = a variant of Win32/Adware.Virtumonde.NKN
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:11:14 16:10:09-05:00 PE Type : PE32 Linker Version : 5.12 Code Size : 176128 Initialized Data Size : 90112 Uninitialized Data Size : 0 Entry Point : 0x2b784 OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.0.2134.1 Product Version Number : 5.0.2134.1 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 8 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Microsoft ACM Audio Filter File Version : 5.00.2134.1 Internal Name : Microsoft ACM Audio Filter Legal Copyright : Copyright (C) Microsoft Corp. 1981-1999 Original Filename : msfltr32.acm Product Name : Microsoft(R) Windows (R) 2000 Operating System Product Version : 5.00.2134.1
VirusTotal Report submitted 2012-04-19 10:55:43
VirusShare info last updated 2012-07-26 01:38:14

	MD5	cac8e7f2c131eaca8f52aded90ec1aad
	SHA1	608c5f99c087452c6c4cd578cf66cf9f221f3759
	SHA256	7faaef17973684305a9bce51ed61deb53bdc0db45ee2064cc2256180cfcb0028
SSDeep	3072:S+oPZ6rU50oY8AC2buhcX+ETodFz6MqqDLy/EoDbc:8ekke0+3FzpqqDLuE
Size	131072 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-HF [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/Genetic.gen nProtect = Trojan/W32.Genome.131072.E K7AntiVirus = Riskware VirusBuster = Trojan.Vundo.AKMH eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R11C2GR Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[Cont] McAfee-GW-Edition = Vundo!ku DrWeb = Trojan.WinSpy.1185 TrendMicro = TROJ_GEN.R11C2GR Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr Jiangmin = Trojan/Generic.oazs McAfee = Vundo!ku F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Vundo.MH Norman = Vundo.UVS Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.lxf BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:05 18:48:40-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 86016 Initialized Data Size : 86016 Uninitialized Data Size : 0 Entry Point : 0x151a7 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.1.4026.0 Product Version Number : 2.0.0.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : Ncpniezam Kdqqjqacykd File Description : Movie Maker Filters File Version : 2, 1, 4026, 0 Internal Name : WMM2FILT Legal Copyright : Copyright (C) Lfwckqjlh Corp, 2004 Legal Trademarks : Original Filename : WMM2FILT.DLL Private Build : Product Name : Windows Movie Maker Product Version : 2.1.4026.0 Special Build :
VirusTotal Report submitted 2012-03-29 10:23:59
VirusShare info last updated 2012-07-26 01:38:51

	MD5	d86fd3833e4311ae6d75c37c9a0c9266
	SHA1	7746fdb43ac76257f52a46a7e8683a7591977461
	SHA256	3218d6e4706b61962e4d36c692cc12fe3d10310d7f7d6bbd118b30ce5db4153f
SSDeep	3072:321o02JenmKVrvfORp8TgKbbiyvVIRGkRgzoN1e4FhsuSBLvc:+2JenOp8TZsnHNI4Ps5BLv
Size	133632 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay Panda = Suspicious file Rising = Trojan.Win32.Generic.1253B0AD nProtect = Trojan/W32.Agent.133632.GJ K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!5PgzSJvU0nM VBA32 = Trojan.Monder.mqnu eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R29C1IL Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Monder.mqnu McAfee-GW-Edition = Vundo!lg DrWeb = Trojan.Virtumod.10460 TrendMicro = TROJ_GEN.R29C1IL Kaspersky = Trojan.Win32.Monder.mqnu Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen McAfee = Vundo!lg F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.BZ.gen!Eldorado AVG = Generic24.BPJJ Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.13 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.BZ.gen!Eldorado BitDefender = Gen:Variant.Vundo.13 NOD32 = probably a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:08:20 23:06:56-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 120832 Initialized Data Size : 49664 Uninitialized Data Size : 0 Entry Point : 0x1e5f7 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.0.0.74 Product Version Number : 5.0.0.74 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Created by VIONA Development Company Name : RAVISENT Technologies Inc. File Description : CineMaster C WDM DVD Minidriver File Version : 5.0.00.0074 Internal Name : VDMINDVD.SYS Legal Copyright : Copyright 1999 RAVISENT Technologies Inc. Original Filename : VDMINDVD.SYS Product Name : CineMaster C WDM Product Version : 5.0.00.0074
VirusTotal Report submitted 2012-04-14 07:05:40
VirusShare info last updated 2012-07-26 01:39:21

	MD5	e6c930412763b72feba2940cae00c26f
	SHA1	cf00c2b9f343d62d6bb161430710563321f688f7
	SHA256	4dfa40326b92bd789f4d6a0c34999deba8ed0e29a2acc97e506032e32f03a639
SSDeep	96:mVFrSqarTX2C6+qacYSAxp8EBsr4jCfv41VArxtABBirowEVlC9FLe:0r0rjVcYS8xCrgwQ1VqXABBFRlCPq
Size	8064 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	Avast = Sf:Renos-D [Trj] Ikarus = not-a-virus:AdWare.Win32.SuperJuan AhnLab-V3 = Trojan/Win32.Pirminay Panda = Suspicious file VBA32 = Trojan.Pirminay.rbz Comodo = UnclassifiedMalware Emsisoft = Riskware.AdWare.Win32.SuperJuan!IK McAfee-GW-Edition = Artemis!E6C930412763 DrWeb = Trojan.WinSpy.1014 Kaspersky = Trojan.Win32.Pirminay.rbz Jiangmin = TrojanDownloader.Agent.ctuc McAfee = Artemis!E6C930412763 F-Secure = Gen:Variant.Graftor.1013 VIPRE = Trojan-Downloader.Win32.Agent.ecjo (v) AVG = Downloader.Small.62.D GData = Gen:Variant.Graftor.1013 BitDefender = Gen:Variant.Graftor.1013 NOD32 = a variant of Win32/Ponmocup.AA
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 3072 Initialized Data Size : 2560 Uninitialized Data Size : 0 Entry Point : 0x199f OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-04-26 06:33:31
VirusShare info last updated 2012-07-26 01:39:45

	MD5	052e2f441b4d74a4170034a0f5ba7b17
	SHA1	8ff8bc0ef7d6b80cd51cbee59e640ae39bec29af
	SHA256	54e2b45d0c9e7bbbc41756ff652de9b814d37f891bb2c906fe0d227425db4f5c
SSDeep	1536:wijpmqT93l1rI6o2Z367VK3poitBuo4nZMUU40:BP3M6oU7uo4nZMUa
Size	71168 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Genome Panda = Suspicious file Rising = Trojan.Win32.Generic.1251DF1D nProtect = Trojan/W32.Agent.71168.GZ K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!mtfa2EItNLI eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R21CDC6 Comodo = TrojWare.Win32.Genome.~BS Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Vundo!ol DrWeb = Trojan.Click1.36029 TrendMicro = TROJ_GEN.R21CDC6 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr McAfee = Vundo!ol F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.BZ.gen!Eldorado AVG = Crypt_c.BCO Norman = W32/Vundo.UUW GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.BZ.gen!Eldorado TheHacker = Trojan/Genome.sndl BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.GND
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:11:10 16:09:10-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 19968 Initialized Data Size : 84992 Uninitialized Data Size : 0 Entry Point : 0x5c3d OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.0.2144.1 Product Version Number : 5.0.2144.1 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Schlumberger Cryptoflex (TM) Key Generation Service File Version : 5.00.2144.1 Internal Name : slbkeygen.dll Legal Copyright : Copyright (C) Microsoft Corp. 1981-1999 Original Filename : slbkeygen.dll Product Name : Microsoft(R) Windows (R) 2000 Operating System Product Version : 5.00.2144.1
VirusTotal Report submitted 2012-04-01 08:52:52
VirusShare info last updated 2012-07-26 01:41:27

	MD5	05526beab3cad3e9a5e3f1cb96709c27
	SHA1	67a9178114e5443849613db7d10aa462f4ba8c22
	SHA256	4e641b28c7f5aa054ca82e4ae16d5d0b9d00fa0975ef8dbb7de8d90108593c41
SSDeep	3072:nKU8/Ov0Al+MqqDLy/39JylPxsI3ToTRz:QcnqqDLutJOz3sd
Size	110592 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-HF [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Generic Trojan nProtect = Trojan/W32.Vundo.110592.S K7AntiVirus = Riskware VirusBuster = Trojan.Monder!2UomX+r2Obc VBA32 = Trojan.Monder.drjy TrendMicro-HouseCall = TROJ_GEN.R4FC2IC Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Generic Malware.ms TrendMicro = TROJ_GEN.R4FC2IC Kaspersky = Trojan.Win32.Monder.drjy Microsoft = Trojan:Win32/Vundo.gen!AV ViRobot = Trojan.Win32.A.Monder.110592 Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Vundo TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Monder.abvf McAfee = Generic Malware.ms ClamAV = W32.Trojan.Vundo-163 F-Secure = Gen:Variant.Vundo.16 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.LPD Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.16 Symantec = Trojan.Vundo!gen9 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Monder.drjy BitDefender = Gen:Variant.Vundo.16 NOD32 = a variant of Win32/Kryptik.OXQ
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2005:04:06 18:39:13-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 36864 Initialized Data Size : 118784 Uninitialized Data Size : 0 Entry Point : 0x556e OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Beicdpcut Mnzzaarjswe File Description : Ohdhkiw Sockets Helper DLL for PGM File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : wshrm.dll Legal Copyright : © Xqsuraizv Haciwdbykys. All rights reserved. Original Filename : wshrm.dll Product Name : Csunswwxs® Allcnel® Hxozugebj Izsnff Product Version : 6.1.7600.16385
VirusTotal Report submitted 2012-06-01 03:44:37
VirusShare info last updated 2012-07-26 01:41:27

	MD5	12f9e48ff0eb1fd842c40baba9a791d1
	SHA1	5eb4454ddfc2245a0dc705400821fc7e3e01bb50
	SHA256	880529ea428cd10a552134d8e9029701c875be33237357755685b8c5de6ff330
SSDeep	6144:q2sWlGwiM5k27bHvLaZhdiNd+Hy/XsbJSJD9pM:qZWlFi8k2/Ta/6ASfsbJa9a
Size	340480 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Rogue.kdv.605037 Avast = Win32:Diller-AF [Trj] Ikarus = Trojan.Win32.Pirminay Panda = Trj/CI.A nProtect = Trojan.Generic.KDV.605037 Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Generic.tfr!cj DrWeb = Trojan.PWS.Panda.2118 Kaspersky = HEUR:Trojan.Win32.Generic Fortinet = W32/Kryptik.AAKJ Jiangmin = Trojan/Generic.abyev McAfee = Artemis!12F9E48FF0EB F-Secure = Trojan.Generic.KDV.605037 VIPRE = Trojan.Win32.Generic!BT AVG = Generic28.FUY Norman = W32/Kryptik.AIF GData = Win32:Diller-AF BitDefender = Trojan.Generic.KDV.605037 NOD32 = a variant of Win32/Kryptik.AAKJ
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:11:21 19:00:00-05:00 PE Type : PE32 Linker Version : 5.12 Code Size : 339968 Initialized Data Size : 4096 Uninitialized Data Size : 81920 Entry Point : 0x67930 OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-04-24 00:51:06
VirusShare info last updated 2012-07-26 01:42:01

	MD5	184abc180bdc2abe0b0eed0ef5cfebf9
	SHA1	2bf3ac4679f604a6ed550e3eefb6d8e5d33354eb
	SHA256	6ae9bc06506398364763e03a75a5db015188d3da8032fa0a48a4b13e5b8044a9
SSDeep	3072:dKkWq+oAMWyE+fbfR0PyDGzaGaaYvGl3e64R5TvLuO/FjitIX3:UFTM19bHJzaBG5vuIF7H
Size	221184 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Pirminay Ikarus = Trojan.Win32.Pirminay Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Artemis!184ABC180BDC DrWeb = Trojan.Hosts.5792 Kaspersky = Trojan.Win32.Pirminay.rdz Jiangmin = Trojan/Pirminay.aqi McAfee = Generic.dx!bd3z F-Secure = Gen:Variant.Graftor.19514 AVG = Agent.7.G GData = Gen:Variant.Graftor.19514 TheHacker = Trojan/Pirminay.rdz BitDefender = Gen:Variant.Graftor.19514 NOD32 = a variant of Win32/Mediyes.F
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2012:03:23 01:03:47-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 151552 Initialized Data Size : 65536 Uninitialized Data Size : 0 Entry Point : 0x14a1a OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.3.0.0 Product Version Number : 2.3.0.0 File Flags Mask : 0x0017 File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Works Ltd. File Description : Workstation Service Loader File Version : 2.3.0.0 Internal Name : wssl.dll Legal Copyright : (c) 2009 Works Ltd. Original Filename : wssl.dll Product Name : Workstation Service Loader Product Version : 2.3.0.0
VirusTotal Report submitted 2012-04-15 09:42:31
VirusShare info last updated 2012-07-26 01:42:20

	MD5	1aeef8b940eb89ec11ef3e6b98c175d3
	SHA1	2e5290d8cba2f40977e1f6362d6d10d347ce76fc
	SHA256	8391b3f7676f989d5c70e1cd2a7c81162c17b0abc3d8af79e6051726521c3c76
SSDeep	3072:7HahS1SrkaeyDg62Olca3KFsyMrS31VSk+TS87fzt1yMNcI1:ZobGYVaMG+TSafZNr
Size	212992 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Mediyes VBA32 = Trojan.Pirminay.rez Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Artemis!1AEEF8B940EB Kaspersky = HEUR:Trojan.Win32.Generic Fortinet = W32/Mediyes.F Jiangmin = Trojan/Pirminay.aqj McAfee = Generic.dx!bdzn F-Secure = Gen:Variant.Barys.596 F-Prot = W32/Mediyes.D.gen!Eldorado AVG = Agent3.BLOQ Norman = W32/Troj_Generic.BDNGL GData = Gen:Variant.Barys.596 Symantec = Trojan.Gen.2 BitDefender = Gen:Variant.Barys.596 NOD32 = probably a variant of Win32/Mediyes.F
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2012:01:23 12:04:56-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 147456 Initialized Data Size : 61440 Uninitialized Data Size : 0 Entry Point : 0x1363a OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.3.0.0 Product Version Number : 2.3.0.0 File Flags Mask : 0x0017 File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Works Ltd. File Description : Workstation Service Loader File Version : 2.3.0.0 Internal Name : wssl.dll Legal Copyright : (c) 2009 Works Ltd. Original Filename : wssl.dll Product Name : Workstation Service Loader Product Version : 2.3.0.0
VirusTotal Report submitted 2012-04-17 06:57:27
VirusShare info last updated 2012-07-26 01:42:23

	MD5	340600567038ba5435772131aef6c724
	SHA1	e470978f045eab2b2e8a816c852fc827c003842d
	SHA256	f250c9d137646055132349048f97c0f3faca5b1b93dfb3966d93ffd5ff173cf8
SSDeep	1536:O1nzdTq2o6N3qQcSS5W1yiWhvwBIqIz1x:eHoEaRD9qI5x
Size	106496 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-GD [Cryp] Antiy-AVL = Trojan/Win32.Monder.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Variant.106496.CH Panda = Suspicious file K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!WsVl9XKEyWk eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R47CCDD Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Win32.Trojan.Monder.cc.5 SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[Cont] McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.Smardec.76 TrendMicro = TROJ_GEN.R47CCDD Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Monder.BMF!tr Jiangmin = Trojan/Generic.ipss McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) eSafe = Win32.TRVundo F-Prot = W32/Virtumonde.CP.gen!Eldorado AVG = Generic22.ACPU Norman = W32/Kryptik.AIF Symantec = Trojan.Gen GData = Gen:Variant.Vundo.13 Commtouch = W32/Virtumonde.CP.gen!Eldorado TheHacker = Trojan/Kryptik.ndc BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.NDC
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:11:03 15:11:13-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 20480 Initialized Data Size : 118784 Uninitialized Data Size : 0 Entry Point : 0x285e OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Ctwzhcunz Yqkslirlifg File Description : SCardDlg - Smart Card Common Dialog File Version : 6.0.6000.16386 (oyzlh_rtm.061101-2205) Internal Name : SCardDlg.dll Legal Copyright : © Aaidkyfuy Sphxtbjtbyu. All rights reserved. Original Filename : SCardDlg.dll Product Name : Rdwsfslrj® Irdlbjv® Fppgzaies Fdfkwz Product Version : 6.0.6000.16386
VirusTotal Report submitted 2012-04-26 09:34:48
VirusShare info last updated 2012-07-26 01:43:29

	MD5	3ddf2e19c94861be154ba4e90983752d
	SHA1	21a59eb84f8a6a0bd270fe2dfaac71d4912f00fb
	SHA256	2d02ee4a70ef18b6b29dbf818889e53a3cf7e18168de5917db833be21d88719c
SSDeep	3072:lvZH8Z+JbA8cck0Oy5DCOKFFrYolEMqqDLy/Pn+Pe/4NKCnsR:lvXG9kOy5Vw1YeqqDLuPsOuKqs
Size	160768 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-HF [Cryp] Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Vundo Panda = Generic Trojan Rising = Trojan.Win32.Generic.1289ABC8 nProtect = Trojan/W32.Genome.160768 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!4OpO7Jrai9Y eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R11C2HD Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[Cont] McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.Click1.64012 TrendMicro = TROJ_GEN.R11C2HD Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV ViRobot = Trojan.Win32.Vundo.160768 Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.ijxo McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.AZQC Norman = W32/Suspicious_Gen2.SSPRD Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.lxf BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:08:19 09:46:42-04:00 PE Type : PE32 Linker Version : 5.12 Code Size : 94208 Initialized Data Size : 118784 Uninitialized Data Size : 0 Entry Point : 0x13a32 OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.6.7000.0 Product Version Number : 6.6.7000.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Vnrmgjtri Lpzybpvwlac File Description : DirectShow Runtime. File Version : 6.6.7000.0 (winmain_win7beta.081212-1400) Internal Name : QCap.dll Legal Copyright : © Uytnvwlob Dbtjrslawzr. All rights reserved. Original Filename : QCap.dll Product Name : Rkathmooi® Rufbqqx® Vnvlhzjpv Gjyxup Product Version : 6.6.7000.0 Ole Self Register :
VirusTotal Report submitted 2012-03-29 09:55:21
VirusShare info last updated 2012-07-26 01:43:47

	MD5	46a92a54cc978e3c56f2573ecaed4ed1
	SHA1	e172da47fe0e0718e91e33f087c758e4f8752048
	SHA256	21093c7239b97eb3c354847ac3450d5358d398f8168f16cf8140784236bbe213
SSDeep	3072:LZPhC12rkB7yDBsWjF6aWqlpyso+4pVdUr2z6wKvitXHbNcIM:28kmJ/0sD3C6wKc7NrM
Size	212992 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Pirminay Ikarus = Trojan.Win32.Webprefix K7AntiVirus = Trojan VBA32 = Trojan.Pirminay.rez Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Webprefix!IK McAfee-GW-Edition = Artemis!46A92A54CC97 Kaspersky = Trojan.Win32.Pirminay.rjt Fortinet = W32/Pirminay.RJT!tr Jiangmin = Trojan/Pirminay.aqj McAfee = Generic.dx!bdzf F-Secure = Gen:Variant.Barys.596 F-Prot = W32/Mediyes.D.gen!Eldorado AVG = Agent3.BLOQ Norman = W32/Troj_Generic.BDBWG GData = Gen:Variant.Barys.596 BitDefender = Gen:Variant.Barys.596 NOD32 = probably a variant of Win32/Mediyes.F
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2012:01:23 12:01:24-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 147456 Initialized Data Size : 61440 Uninitialized Data Size : 0 Entry Point : 0x1363a OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.3.0.0 Product Version Number : 2.3.0.0 File Flags Mask : 0x0017 File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Works Ltd. File Description : Workstation Service Loader File Version : 2.3.0.0 Internal Name : wssl.dll Legal Copyright : (c) 2009 Works Ltd. Original Filename : wssl.dll Product Name : Workstation Service Loader Product Version : 2.3.0.0
VirusTotal Report submitted 2012-04-17 05:09:28
VirusShare info last updated 2012-07-26 01:44:05

	MD5	4cc2cd4b05ced982f1cad998c3d4257e
	SHA1	f5da286ae8be6d83b442a62ae32320074d909bac
	SHA256	51fb95f7b43cce3dfb702f2ba595cefa8f4405501d64c387ee8a7eb3d6ad04c7
SSDeep	3072:4q/oUrqop0xng3KDpVqEKrwEuJZhwHJValiljMqqDLy/4CK:zoUryxniKDKaxhwgnqqDLu4
Size	166400 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.A.946 Avast = Win32:Kryptik-ELX [Trj] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Trj/Genetic.gen Rising = Trojan.Win32.Generic.12899D94 K7AntiVirus = Riskware eTrust-Vet = Win32/Vundo.HQK TrendMicro-HouseCall = TROJ_GEN.R4FC1IL Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Vundo!li DrWeb = Trojan.Smardec.75 TrendMicro = TROJ_GEN.R4FC1IL Kaspersky = Trojan.Win32.Monder.drjy Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen Jiangmin = Trojan/Monder.aapz McAfee = Vundo!li F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.ANJ Norman = W32/Kryptik.AIF Sophos = Mal/Generic-L Symantec = Trojan.Gen GData = Gen:Variant.Vundo.13 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.oxq BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.OXQ
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:12:07 01:22:53-05:00 PE Type : PE32 Linker Version : 5.12 Code Size : 98304 Initialized Data Size : 118784 Uninitialized Data Size : 0 Entry Point : 0x148ca OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.3790.3959 Product Version Number : 6.0.3790.3959 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Microsoft IIS Common Logging Interface DLL File Version : 6.0.3790.3959 (srv03_sp2_rtm.070216-1710) Internal Name : ISCOMLOG.DLL Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : ISCOMLOG.DLL Product Name : Internet Information Services Product Version : 6.0.3790.3959
VirusTotal Report submitted 2012-03-30 07:05:07
VirusShare info last updated 2012-07-26 01:44:16

	MD5	5530c31527a7fa7c552a909bbb715bc4
	SHA1	a6ff72e1d7c7203f091cd07834efc95ac6dc709e
	SHA256	f22bf16400f587cd224ba5aa8ab3268f4016b738df20888d18b09aa9cb662382
SSDeep	3072:Qy0I0oOUUVfKixLq/aMFAE7rlo33OninJRkad:Qyp0ohgfKixIkE7WHOiXk
Size	106496 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Pirminay Panda = Suspicious file K7AntiVirus = Riskware eTrust-Vet = Win32/Monder.A!generic Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Artemis!5530C31527A7 DrWeb = Trojan.Click1.63025 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Virtum!tr PCTools = Trojan.Vundo Jiangmin = Trojan/Genome.akzv McAfee = Artemis!5530C31527A7 F-Secure = Gen:Variant.Vundo.13 VIPRE = Virtumonde AVG = Generic22.PNO Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.13 Symantec = Trojan.Vundo!gen9 BitDefender = Gen:Variant.Vundo.13 NOD32 = probably a variant of Win32/Agent.KQOWZQ
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:01:06 17:18:11-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 49152 Initialized Data Size : 90112 Uninitialized Data Size : 0 Entry Point : 0x96dd OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-04-27 00:21:30
VirusShare info last updated 2012-07-26 01:44:36

	MD5	5a452826c67de859f2c8677df755420b
	SHA1	739ab98cf4e53df9941cecae3132f4b12dcc93b6
	SHA256	a879accb83385abe5c36dbf06f6f1cd45141ec345b6263b7680758c9d9cda68e
SSDeep	1536:LPGz7YdE6OSiRTNCtgDIav1G6XijYKLERpK2iKAXM3QGoh1C/1tJ:SYdr8V/ZXiGfQGoh1C/fJ
Size	114176 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.AV.572 Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.FakeAV Panda = Trj/Genetic.gen nProtect = Trojan/W32.Vundo.114176.P K7AntiVirus = Riskware VirusBuster = Trojan.Monder!WCakOp8/THs eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_MONDR.SMUM Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Monder.drjy McAfee-GW-Edition = Vundo!ox DrWeb = Trojan.Virtumod.9851 TrendMicro = TROJ_MONDR.SMUM Kaspersky = Trojan.Win32.Monder.drjy Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Monder.BMF!tr PCTools = Trojan.Vundo Jiangmin = Trojan/Monder.aamm McAfee = Vundo!ox ClamAV = W32.Trojan.Vundo-735 F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) eSafe = Win32.TRVundo.Av F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.CFBI Norman = Monder.M Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.13 Symantec = Trojan.Vundo!gen9 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.lxf BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:06:17 01:37:32-04:00 PE Type : PE32 Linker Version : 5.12 Code Size : 57344 Initialized Data Size : 102400 Uninitialized Data Size : 0 Entry Point : 0xafd6 OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 9.0.32.3 Product Version Number : 9.0.32.3 File Flags Mask : 0x003f File Flags : Pre-release File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 6 Language Code : English (U.S.) Character Set : Unicode Company Name : Marvell File Description : NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller File Version : 9.0.32.3 built by: WinDDK Internal Name : YK60X86.sys Legal Copyright : ©Copyright 2002-2006 Marvell®. All rights reserved. Original Filename : YK60X86.sys Product Name : Marvell Yukon Ethernet Controller Product Version : 9.0.32.3
VirusTotal Report submitted 2012-04-23 10:01:29
VirusShare info last updated 2012-07-26 01:44:46

	MD5	5dc064647a8852707c6b53df3481370c
	SHA1	b4108becd09d8738ee64a46f2a80442dfdf930d6
	SHA256	1d7f64e92ca4376b90a5deb3ef499a9536981cd7378da4f656da78965e7aaf45
SSDeep	1536:fa3I3AzWHWUYe3wgKh6/69QR4WboU0YH5WPsBDdW3wgXSLK50fvl89vo0n7u6yD1:fII3FHW9e3HQ6/6CRgkWwZWFiG8lCvBD
Size	95744 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder K7AntiVirus = Riskware eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R47CCDH Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.WinSpy.1328 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Vundo Jiangmin = Trojan/Generic.imne McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Vundo.MH Symantec = Trojan.Vundo!gen9 GData = Gen:Variant.Vundo.4 Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Gen:Variant.Vundo.4 NOD32 = probably a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:10 16:32:48-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 81920 Initialized Data Size : 49152 Uninitialized Data Size : 0 Entry Point : 0x14ab1 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.0 Product Version Number : 5.2.3790.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Xaaxgyesi Pewwrcilsmz File Description : Session Remote Control Utility File Version : 5.2.3790.0 (srv03_rtm.030324-2048) Internal Name : shadow Legal Copyright : © Dvituzzow Tqvhfjhgqcd. All rights reserved. Original Filename : shadow.exe Product Name : Ifimxlxgb® Dpbfokk® Hwwwivmmo Vlmpmg Product Version : 5.2.3790.0
VirusTotal Report submitted 2012-04-17 23:06:29
VirusShare info last updated 2012-07-26 01:44:53

	MD5	63dd2bab94ecd5d9185ad5a25bcc62bc
	SHA1	9a8d34b767acae0b144e3e31424d2eafabe42fe7
	SHA256	69f67a1fad2f56ba7de6815b306d3324dee7257835605ebd836d12b9dcd7f0eb
SSDeep	6144:GtsxBA9v/+DMVF2Nvq2oR7mtoANeKq5o3sG5/LujZ8xPJWsJSmzIAwQ62le6tFT:GOxm+QEvqD1FKCmL/KCnAmz/D6TGT
Size	492383 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Suspicious file nProtect = Backdoor.Generic.590318 K7AntiVirus = Riskware VirusBuster = Backdoor.Agent!GMaihcJvib8 VBA32 = Trojan.Pirminay.dxw Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falleg[Cont] McAfee-GW-Edition = Downloader.a!bkh DrWeb = Trojan.DownLoader4.61850 Kaspersky = Trojan.Win32.Pirminay.rco Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.od McAfee = Downloader.a!bkh F-Secure = Backdoor.Generic.590318 VIPRE = Trojan.Win32.Generic!BT AVG = Generic21.AODG Norman = W32/Kryptik.AIF Sophos = Mal/Ponmocup-A GData = Backdoor.Generic.590318 Symantec = Trojan.Gen TheHacker = Trojan/Pirminay.dyy BitDefender = Backdoor.Generic.590318 NOD32 = a variant of Win32/Kryptik.LOV
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:11:02 16:39:03-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 24576 Initialized Data Size : 917504 Uninitialized Data Size : 0 Entry Point : 0x305b OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.3.2600.5512 Product Version Number : 5.3.2600.5512 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : Neutral Character Set : Unicode Company Name : Dwownikon Juiohpwtxjw File Description : WDM Tee/Communication Transform Filter File Version : 5.3.2600.5512 (xpsp.080413-2108) Internal Name : mstee.sys Legal Copyright : © Oxfxrjnqx Wphbjlqhbve. All rights reserved. Original Filename : mstee.sys Product Name : Cqnsomgbx(R) Wcfijky(R) Sjgeoequx Chfoec Product Version : 5.3.2600.5512
VirusTotal Report submitted 2012-04-25 22:06:45
VirusShare info last updated 2012-07-26 01:45:07

	MD5	697f72335172bc9275ea6ecca72fb8c7
	SHA1	e3c6f6e6bb128a25e2b22f3a91f80b36c6e875c5
	SHA256	9b6ede95b2bc73d764ea3886556109b422547e6ac3e0f25c322b83250ba2cad3
SSDeep	1536:o3D1czaDVwTq9U5j0hdJaIDPhUX8XUoWjvEBxuqiUIwbrnjSU2GaWvXd4buOG5Ot:o2zaAq960PqMXUoW7EBsZ+ScFXd4buO
Size	135168 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-HH [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Generic Trojan K7AntiVirus = Riskware eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R4FC1IE Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[Cont] McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.Virtumod.9953 TrendMicro = TROJ_GEN.R4FC1IE Kaspersky = Trojan.Win32.Monder.drjy Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Monder.DRJY!tr PCTools = Trojan.Gen Jiangmin = Trojan/Monder.aaqb McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Crypt.AHYC Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen Symantec = Trojan.Gen GData = Gen:Variant.Vundo.13 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.ndc BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.NDC
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2005:03:13 15:50:51-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 49152 Initialized Data Size : 118784 Uninitialized Data Size : 0 Entry Point : 0x94ae OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Gvwogolrp Mffjiwjfkrw File Description : Ghkzwmhdm PSS Notification Flag File Version : 5.1.2600.0 (niceufnz.010817-1148) Internal Name : NOTIFLAG.EXE Legal Copyright : © Pfmuzgesv Vgaieateqhr. All rights reserved. Original Filename : NOTIFLAG.EXE Product Name : Ymqnpcfto® Ubpcfaf® Ckrtqdgoc Hqmssa Product Version : 5.1.2600.0
VirusTotal Report submitted 2012-03-30 07:50:41
VirusShare info last updated 2012-07-26 01:45:21

	MD5	6f665bdab0d6c46a0d804c9fb77fe05c
	SHA1	3acc1df7bcd7a5b91d5fd7d8c51d215bcd6d5dac
	SHA256	0bb3a4c0379acbc69c6019ac41f1548021329776553343b263f83772151085f8
SSDeep	1536:9fba5DZLNE+AzkpX5ya8SMzCmxJSZPxvx3ExjcWg:9ja5tLNE+AzkpX5ya8XzcZJJUZ
Size	70144 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/Win32.Menti.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Menti Panda = Suspicious file nProtect = Trojan/W32.Vundo.70144.P K7AntiVirus = Riskware VBA32 = AdWare.SuperJuan.heur eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R01CDDF Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Menti.nccc SUPERAntiSpyware = Trojan.Agent/Gen-Vonder McAfee-GW-Edition = Vundo!pb DrWeb = Trojan.Siggen2.34690 TrendMicro = TROJ_GEN.R01CDDF Kaspersky = Trojan.Win32.Menti.nccc Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr Jiangmin = Trojan/Generic.dnpg McAfee = Vundo!pb F-Secure = Gen:Variant.Vundo.6 VIPRE = Trojan.Win32.Kryptik.laq (v) eSafe = Win32.TRVundo F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Cryptic.BTF Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.6 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Menti.hznl BitDefender = Gen:Variant.Vundo.6 NOD32 = a variant of Win32/Kryptik.JHE
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:12:12 13:42:30-05:00 PE Type : PE32 Linker Version : 5.12 Code Size : 26624 Initialized Data Size : 79872 Uninitialized Data Size : 0 Entry Point : 0x74aa OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7000.0 Product Version Number : 6.1.7000.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : SSDP Service DLL File Version : 6.1.7000.0 (winmain_win7beta.081212-1400) Internal Name : ssdpsrv.dll Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : ssdpsrv.dll Product Name : Microsoft® Windows® Operating System Product Version : 6.1.7000.0
VirusTotal Report submitted 2012-04-27 11:57:21
VirusShare info last updated 2012-07-26 01:45:37

	MD5	896fe66d99a1da920cde491390e5eca5
	SHA1	546ff0015b2ce6891af288d5cd854bd2528ef42f
	SHA256	9a1ba9d9addcdbf36dccb6d6b36a3b7ed667aeabe9e7a2b699517687571da3ab
SSDeep	1536:/Zq4bcMuOaUEj+aLkyYDv4/yLiQrFH7Ow0OfdxxgPdJ8srdhH48HUlqim3oLUfL:/4MtpEj+aLk/Q/oNxgPd93ULm3oLKL
Size	131072 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Vundo Panda = Suspicious file K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!bUDgpFdNlhk VBA32 = Trojan.Genome.ueob eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R4FC2GF Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Vundo McAfee-GW-Edition = Vundo!lw DrWeb = Trojan.Click2.194 TrendMicro = TROJ_GEN.R4FC2GF Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Virtumonde.MCZ!tr PCTools = Trojan.Gen McAfee = Vundo!lw F-Secure = Gen:Variant.Vundo.13 VIPRE = Virtumonde F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.BRYM Norman = W32/Kryptik.AIF GData = Gen:Variant.Vundo.13 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.ndc BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.NDC
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:09:07 16:43:52-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 65536 Initialized Data Size : 98304 Uninitialized Data Size : 0 Entry Point : 0xceaa OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.10.2600.822 Product Version Number : 5.10.2600.822 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Unicode Company Name : NVIDIA Corporation File Description : NVIDIA® nForce(TM) Sata Performance Driver File Version : 5.10.2600.0822 (NT.060926-1359) Internal Name : NVIDIA nForce(TM) SATA Driver Legal Copyright : Copyright(C) 2001-2006 NVIDIA Corporation Original Filename : nvstor.sys Product Name : NVIDIA nForce(TM) SATA Driver Product Version : 5.10.2600.0822
VirusTotal Report submitted 2012-04-19 10:55:31
VirusShare info last updated 2012-07-26 01:46:45

	MD5	943f18a7d6bfe4402aeefe8753059e66
	SHA1	b5b686a8d6f082bb27b81b99732693b1ca36e680
	SHA256	32ad18d96aef75753b4cb4d8257d26f3078a8a2ed1eec5bb0a2d176e2cdfcb90
SSDeep	3072:khTan/W5jZCjlkhS/pUlksFZMKN0o9We2pfx8:Waned8kMpUl1Pus/2Vx
Size	105984 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:MalOb-FA [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Vundo nProtect = Trojan/W32.Vundo.105984.B K7AntiVirus = Trojan VirusBuster = Trojan.Agent!TtM0whuaSDI VBA32 = Trojan.Agent.hodh eTrust-Vet = Win32/Vundo.HTF!genus TrendMicro-HouseCall = TROJ_VUNDO.SMIA Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Win32.Trojan.Vundo.5 SUPERAntiSpyware = Trojan.Agent/Gen-Vonder McAfee-GW-Edition = Vundo!lw DrWeb = Trojan.Siggen2.26773 TrendMicro = TROJ_VUNDO.SMIA Kaspersky = Trojan.Win32.Agent.hodh Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Genome.ihm McAfee = Vundo!lw F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) eSafe = Win32.TRATRAPS F-Prot = W32/Virtumonde.BZ.gen!Eldorado AVG = Injector.AAJ Norman = W32/Kryptik.AIF Symantec = Trojan.Gen GData = Gen:Variant.Vundo.4 Commtouch = W32/Virtumonde.BZ.gen!Eldorado TheHacker = Trojan/Injector.dse BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Injector.DSE
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:02:02 03:17:08-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 57856 Initialized Data Size : 83968 Uninitialized Data Size : 0 Entry Point : 0xf06d OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1.1.4322.573 Product Version Number : 1.1.4322.573 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : netfxperf.lib File Version : 1.1.4322.573 Internal Name : netfxperf.lib Legal Copyright : Copyright (C) Microsoft Corporation 1998-2002. All rights reserved. Legal Trademarks : Microsoft and Windows are either registered trademarks or trademarks of Microsoft Corporation in the U.S. and/or other countries. Original Filename : netfxperf.lib Product Name : Microsoft (R) .NET Framework Product Version : 1.1.4322.573 Comments : Microsoft .NET Framework build environement is Retail. SafeSync counter=0
VirusTotal Report submitted 2012-04-19 06:44:33
VirusShare info last updated 2012-07-26 01:47:06

	MD5	a9ec29c3153e44bea14eaef05a7f0dc2
	SHA1	9e4602ac142f0499e3abdcd5e77924e9a4b689d7
	SHA256	30d222bb342db747ce1a13358e6e04edffc6f61651486b25c7d0b184bcfabeed
SSDeep	12288:ObbA8pZ5+az0oY3ZbtAQDPZE+loKv0t74328QEeb:sbAAH+iudtAGOOJ3pDeb
Size	450639 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:Pirminay-Y [Trj] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay nProtect = Trojan.Generic.6236848 VirusBuster = Trojan.DL.Agent!RK2+BB42qUs TrendMicro-HouseCall = TROJ_GEN.R26CCCN Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.Virtumod.11469 TrendMicro = TROJ_GEN.R26CCCN Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.agk McAfee = Generic Malware.ms F-Secure = Trojan.Generic.6236848 VIPRE = Trojan.Win32.Generic!BT AVG = Dropper.Generic3.COTI Norman = W32/Obfuscated.L Sophos = Mal/Generic-L GData = Trojan.Generic.6236848 Symantec = Trojan.Gen BitDefender = Trojan.Generic.6236848 NOD32 = probably a variant of Win32/TrojanDownloader.Agent.LEHXVMY
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:30 15:43:04-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 450560 Initialized Data Size : 4096 Uninitialized Data Size : 577536 Entry Point : 0xfb200 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : Neutral Character Set : Unicode Company Name : Ixipgmnyw Bimfzsnoamo File Description : MagFile Medium changer driver File Version : 6.0.6000.16386 (rsxkw_rtm.061101-2205) Internal Name : m4mc.sys Legal Copyright : © Ollupjaxq Vfzxejgqtyb. All rights reserved. Original Filename : m4mc.sys Product Name : Owtfhpfjt® Xrmoqwt® Xjxnmjvyh Pvkigq Product Version : 6.0.6000.16386
VirusTotal Report submitted 2012-03-29 09:05:41
VirusShare info last updated 2012-07-26 01:47:58

	MD5	d01bff03855c20fcc8790ebb2103490b
	SHA1	0cff5bb78c946c9b7537e0b62255608a2de72555
	SHA256	ad5ae3e3def302ad16bf80e2b6a983e8f7fdbddda77d1d412c6f276884f6e94b
SSDeep	6144:jKGRwFJkWWCPIdDfHeDK+bSArqQzj5e8eOk:jK1xv/ITUeJ
Size	229449 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:Downloader-JEH [Trj] Ikarus = Trojan.Win32.Jorik AhnLab-V3 = Trojan/Win32.Jorik Panda = Suspicious file nProtect = Trojan.Generic.6411322 K7AntiVirus = Riskware VirusBuster = Trojan.Injector!RnRC6TivcGI VBA32 = TrojanDownloader.CodecPack.sjt TrendMicro-HouseCall = TROJ_RENOS.BMC Emsisoft = Trojan.Win32.Jorik!IK McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.WinSpy.1014 TrendMicro = TROJ_RENOS.BMC Kaspersky = Trojan.Win32.Jorik.Pirminay.bay Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Jorik.K!tr PCTools = Trojan.ADH Jiangmin = Trojan/Generic.hxys McAfee = Generic Malware.ms F-Secure = Trojan.Generic.6411322 VIPRE = Trojan.Win32.Generic!BT AVG = Dropper.Generic4.TYV Norman = W32/Suspicious_Gen2.QIMAG Sophos = Mal/Generic-L GData = Trojan.Generic.6411322 Symantec = Trojan.ADH TheHacker = Trojan/Jorik.Pirminay.gn BitDefender = Trojan.Generic.6411322 NOD32 = a variant of Win32/Injector.HZU
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 225280 Initialized Data Size : 4096 Uninitialized Data Size : 45056 Entry Point : 0x42c00 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.1106 Product Version Number : 5.1.2600.1106 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Uhaaruimv Corporation File Description : Schedule Tasks File Version : 5.1.2600.1106 (xpsp1.020828-1920) Internal Name : SchTasks.exe Legal Copyright : © Hvszzqzko Ayjiatrrgab. All rights reserved. Original Filename : ScTasks.exe Product Name : Sppufspos® Jucjimo® Lzfcssxbv Belchn Product Version : 5.1.2600.1106
VirusTotal Report submitted 2012-04-11 09:34:15
VirusShare info last updated 2012-07-26 01:49:07

	MD5	d2996244112adc0eda49c0718a413522
	SHA1	af5b357b3d3e1210b41d25e476765f051d8c924e
	SHA256	5547c28108f59d9d761716c9d26c23db360329581f2a5debea72da644311fc0c
SSDeep	6144:a0CB7r2LuX4Jpi2CggbYzTLhU3Ij7nlK6j0rL9Ue73RRdLmNuJ:a0s7ruuSpiUTusnrI9VrJ
Size	329156 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Ikarus = Trojan.Win32.Pirminay Panda = Suspicious file nProtect = Trojan.Generic.6155824 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!cuvBS/bq5Pk TrendMicro-HouseCall = TROJ_GEN.R4FC2GG Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[Cont] McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.Hosts.4809 TrendMicro = TROJ_GEN.R4FC2GG Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.ajt McAfee = Generic Malware.ms F-Secure = Trojan.Generic.6155824 VIPRE = Trojan.Win32.Generic!BT AVG = Generic23.NCZ Norman = W32/Suspicious_Gen2.QHEWS Sophos = Mal/Ponmocup-A Symantec = Trojan.Gen GData = Trojan.Generic.6155824 TheHacker = Trojan/Pirminay.iqu BitDefender = Trojan.Generic.6155824 NOD32 = probably a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:19 22:00:50-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 327680 Initialized Data Size : 4096 Uninitialized Data Size : 405504 Entry Point : 0xb37a0 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Jbkwtqvbl Corporation File Description : AMD NT AGP Filter File Version : 6.0.6000.16386 (jwvcu_rtm.061101-2205) Internal Name : amdagp.sys Legal Copyright : © Mqjvymiot Hplidrsfmcw. All rights reserved. Original Filename : amdagp.sys Product Name : Uxpwaasmp® Ozbhlhq® Ruqprhzua Ycycjj Product Version : 6.0.6000.16386
VirusTotal Report submitted 2012-04-19 08:54:57
VirusShare info last updated 2012-07-26 01:49:11

	MD5	d2c00029ca3d494fcd5453af1dca07e8
	SHA1	edf43d43ac8d7e3cdaccc8e250ad7af11c5942a3
	SHA256	32272a1deb27f76f4b81125e3d8c5d2eaf6fa1816fd6f8afa6b0d6c55714e2da
SSDeep	6144:KCNQVFhjRBgMkeU5N02AcA7hipEsJZn2wIxe7AfhRYKjFGPDrBypoJviQWDph6Yp:cFhjJUL1e0pEsJZnt7aYZQTQ6li8P
Size	384397 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.XPACK.Gen Avast = Win32:Pirminay-H [Trj] Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Pirminay Panda = Suspicious file K7AntiVirus = Trojan VBA32 = SScope.Trojan.Pirminay.chc TrendMicro-HouseCall = TROJ_DLOADR.SMWQ Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Genome.abzwp McAfee-GW-Edition = Downloader-CEW.ag DrWeb = Trojan.Hosts.5775 TrendMicro = TROJ_DLOADR.SMWQ Kaspersky = Trojan.Win32.Genome.abzwp Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen McAfee = Downloader-CEW.ag F-Secure = Gen:Variant.Riern.1 VIPRE = Trojan.Win32.Generic!BT eSafe = Win32.TRCrypt.XPACK AVG = Crypt.AFNS Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Riern.1 Symantec = Trojan.Gen TheHacker = Trojan/Genome.abzwp BitDefender = Gen:Variant.Riern.1 NOD32 = a variant of Win32/Kryptik.JZC
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:06:30 13:00:28-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 102400 Initialized Data Size : 561152 Uninitialized Data Size : 0 Entry Point : 0x190ac OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Named Pipes Net DLL for SQL Clients File Version : 6.0.6000.16386 (vista_rtm.061101-2205) Internal Name : dbnmpntw.dll Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : dbnmpntw.dll Product Name : Microsoft® Windows® Operating System Product Version : 6.0.6000.16386
VirusTotal Report submitted 2012-04-04 15:40:15
VirusShare info last updated 2012-07-26 01:49:11

	MD5	e64429aa29e2d4a6a49de05ea209ae28
	SHA1	33ef5be3cd17b0434db6cedfb0b8809a569e1581
	SHA256	a3bf1ab9391c0b1ae22decaa57db27effe56b0c322adb04ea8c09426b2d26ba3
SSDeep	1536:oYD1AagV3+qui5PRU2PtUbaIDPhUXLXUoNjvEBxuqiUIwbrnjSU2GaWvXrbuOG5o:oNapquyRUof7XUoN7EBsZ+ScFXrbuO
Size	135168 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-HH [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Generic Trojan nProtect = Trojan/W32.Vundo.135168.E K7AntiVirus = Riskware VirusBuster = Trojan.Monder!AM/NgJscQSM eTrust-Vet = Win32/Vundo.H!generic Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[Cont] McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.Virtumod.9953 Kaspersky = Trojan.Win32.Monder.drjy Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Vundo Jiangmin = Trojan/Monder.aaqb McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Crypt.AHYC Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.13 Symantec = Trojan.Vundo!gen9 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.ndc BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.NDC
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2005:03:13 15:50:51-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 49152 Initialized Data Size : 118784 Uninitialized Data Size : 0 Entry Point : 0x94ae OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Gvwogolrp Mffjiwjfkrw File Description : Ghkzwmhdm PSS Notification Flag File Version : 5.1.2600.0 (niceufnz.010817-1148) Internal Name : NOTIFLAG.EXE Legal Copyright : © Pfmuzgesv Vgaieateqhr. All rights reserved. Original Filename : NOTIFLAG.EXE Product Name : Ymqnpcfto® Ubpcfaf® Ckrtqdgoc Hqmssa Product Version : 5.1.2600.0
VirusTotal Report submitted 2012-03-29 06:13:27
VirusShare info last updated 2012-07-26 01:49:47

	MD5	e96a922a2c9b96469c7b14940f0fa81c
	SHA1	5751ab7bd83463bd4de325608079b801e5e3d47c
	SHA256	b0031023b2a9cad6930c83617847c3ceda2bc77e4ff9bace101166f6d5a4b531
SSDeep	3072:H0OvITjammsRlUfEy7M3UYa2hxM7Yy5uojZc5XJ8LtNWjM:UzTm+2F52XsK5a9
Size	221184 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:Trojan-gen Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Webprefix Panda = Trj/CI.A nProtect = Trojan.Generic.KDV.607339 K7AntiVirus = Trojan VBA32 = Trojan.Pirminay.rfi TrendMicro-HouseCall = TROJ_GEN.R1BCDDP Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Webprefix!IK McAfee-GW-Edition = Artemis!E96A922A2C9B DrWeb = Trojan.Hosts.5806 TrendMicro = TROJ_GEN.R1BCDDP Kaspersky = Trojan.Win32.Pirminay.rks Microsoft = Trojan:Win32/Mediyes.C Fortinet = W32/Mediyes.FA!tr Jiangmin = Trojan/Pirminay.aqo McAfee = Generic.dx!b2cg F-Secure = Trojan.Generic.KDV.607339 VIPRE = Trojan.Win32.Generic!BT AVG = Agent3.BLOO Norman = W32/Troj_Generic.BKQYA GData = Trojan.Generic.KDV.607339 Symantec = WS.Reputation.1 BitDefender = Trojan.Generic.KDV.607339 NOD32 = a variant of Win32/Mediyes.F
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2012:03:16 20:59:41-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 151552 Initialized Data Size : 65536 Uninitialized Data Size : 0 Entry Point : 0x1470a OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-04-27 05:09:27
VirusShare info last updated 2012-07-26 01:49:55

	MD5	ee0eb221771e8146a2c5efe38168bfe5
	SHA1	989a450df35439f078a1f0f090e10e7838830cf6
	SHA256	6add26759ecadfa971063fc9345f7aa226dfc5539188fa47544f01afb2776202
SSDeep	3072:/5OSN4KHiHJOo/81ZYXhQ8ebnZ3nnd6GON/:/cztb816Qd3YGO
Size	126976 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-GD [Cryp] Antiy-AVL = Trojan/Win32.Monder.gen Ikarus = Trojan.Win32.Pirminay Panda = Generic Trojan K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!WqAWdHRcka8 eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R4FC1KO Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Vundo McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.WinSpy.1558 TrendMicro = TROJ_GEN.R4FC1KO Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.jebs McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.ADAD Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.13 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.ndc BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.NDC
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:22 18:06:30-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 28672 Initialized Data Size : 131072 Uninitialized Data Size : 0 Entry Point : 0x479e OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 10.1.7600.16385 Product Version Number : 10.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : Neutral Character Set : Unicode Company Name : Pnlhjydat Nclyeobtiny File Description : Jjdqikajd IME File Version : 10.1.7600.16385 (win7_rtm.090713-1255) Internal Name : imetip.dll Legal Copyright : © Kidfbbruu Fvvypdgzpsn. All rights reserved. Original Filename : imetip.dll Product Name : Ykiyjkswc® Niifhpp® Ulzhozywx System Product Version : 10.1.7600.16385
VirusTotal Report submitted 2012-04-04 15:05:20
VirusShare info last updated 2012-07-26 01:50:09

	MD5	0a60692de8eace972b4cb77f7cfdbb44
	SHA1	f4f455d41d7583a633676caf77b2a4fa216ff4e1
	SHA256	18b3f21924518a26ada84c42d3e2514d239d7d868947113ec8189a454400ee52
SSDeep	3072:9K+zgB1H7oKmxSlGMqqDLy/7uYdA7tQZj07k:9f4H/m8qqDLu7itQZ+k
Size	118784 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:Pirminay-EE [Trj] Ikarus = Gen.Variant.Vundo eTrust-Vet = Win32/Monder.A!generic TrendMicro-HouseCall = TROJ_GEN.R21C7DD Emsisoft = Gen.Variant.Vundo!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Artemis!0A60692DE8EA DrWeb = Trojan.WinSpy.1558 TrendMicro = TROJ_GEN.R21C7DD Kaspersky = Trojan.Win32.Monder.nqth Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Monder.NQTH!tr Jiangmin = Trojan/Generic.jsfd McAfee = Vundo!pc F-Secure = Gen:Variant.Vundo.4 VIPRE = Virtumonde AVG = Generic28.ATC Norman = W32/Troj_Generic.BDLUT GData = Gen:Variant.Vundo.4 BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.AQF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:22 11:18:13-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 49152 Initialized Data Size : 110592 Uninitialized Data Size : 0 Entry Point : 0x7dba OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI Warning : Error processing PE data dictionary
VirusTotal Report submitted 2012-04-17 21:28:16
VirusShare info last updated 2012-07-26 01:52:00

	MD5	227f34364d92fb1d49ac59aa9e84877b
	SHA1	f9744b942dea0737608b735e158942a09c6a2256
	SHA256	ae3e87af86946d7d6f80d08ce989acb6b0eb8dcc272a859410fa453515cf86cb
SSDeep	6144:0CgGl9qqBRZ8b0OCEz0vaSbcEmY+YgWLePyKg0BRPYQ1Tzm6F/Hbag+sN:rDq/4XEzPSDmY7lelzBRPYQJiYfbagh
Size	396800 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Offend.kdv.593895 Avast = Win32:Diller-AF [Trj] Antiy-AVL = Trojan/win32.agent Ikarus = Trojan.Win32.Pirminay Panda = Generic Trojan nProtect = Trojan.Generic.KDV.593895 K7AntiVirus = Riskware VirusBuster = Trojan.Ponmocup!XUBzpQNT5Gs TrendMicro-HouseCall = TROJ_GEN.R30CCDN Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Adware.EoRezo (Not a Virus) McAfee-GW-Edition = Generic.tfr!ch DrWeb = Trojan.PWS.Panda.2021 TrendMicro = TROJ_GEN.R30CCDN Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Adware:Win32/EoRezo Fortinet = W32/Ponmocup.AA Jiangmin = Trojan/Generic.aaypn McAfee = Generic.tfr!ch F-Secure = Trojan.Generic.KDV.593895 VIPRE = Trojan.Win32.Generic!BT AVG = Crypt.AUTI Norman = W32/Kryptik.AIF Symantec = Trojan.Gen GData = Trojan.Generic.KDV.593895 TheHacker = Trojan/Ponmocup.aa BitDefender = Trojan.Generic.KDV.593895 NOD32 = Win32/Ponmocup.AA
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2106:02:06 02:36:32-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 397312 Initialized Data Size : 4096 Uninitialized Data Size : 90112 Entry Point : 0x775d0 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-04-25 11:47:47
VirusShare info last updated 2012-07-26 01:52:58

	MD5	5400509c0b84ff70164f5b9962e73c21
	SHA1	cf5751fd8d875af319514e5333cc31216ec7a8b6
	SHA256	90e9d6b5d65b65d20a733cbc3d78f3009027a224604214a6af530e17c97aac8c
SSDeep	1536:oXyYHjc3mTDJLk182CyxJdVgqWmaOalOG6J2sc46o3SJ0sM2aIJOpvFqW4YoSglG:oXymjX2CyxobmJ2ZoCOJO8sWeS+b0/
Size	104448 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Suspicious file nProtect = Trojan/W32.Agent.104448.KE K7AntiVirus = Riskware eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R4FC2HL Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Win32.Trojan.Monder.cj.6 McAfee-GW-Edition = Vundo!ll DrWeb = Trojan.Virtumod.10154 TrendMicro = TROJ_GEN.R4FC2HL Kaspersky = Trojan.Win32.Monder.mxad Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Monder.abop McAfee = Vundo!ll F-Secure = Trojan.Generic.6631441 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Cryptic.BTF Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen Symantec = Trojan.Gen.2 GData = Trojan.Generic.6631441 Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Trojan.Generic.6631441 NOD32 = probably a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:11:05 18:00:14-05:00 PE Type : PE32 Linker Version : 5.12 Code Size : 55808 Initialized Data Size : 83968 Uninitialized Data Size : 0 Entry Point : 0xe79e OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Web Service Security Package File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : TSpkg.dll Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : TSpkg.dll Product Name : Microsoft® Windows® Operating System Product Version : 6.1.7600.16385
VirusTotal Report submitted 2012-03-30 07:06:41
VirusShare info last updated 2012-07-26 01:54:53

	MD5	5d63d7f1a8b1466f03e882ff60d54ae1
	SHA1	050a3c0f324273b11309c13d38ffc08e2ae134ed
	SHA256	4671c960c2b652dc373abac03ed0886fbcba45a38f8fbbfbb5b4a47c81665379
SSDeep	1536:CoYj4dtNJu3G8fNwkvwamFILh01Y3hyNS5Y6Y9l/MqqU+NV23S2qMnew:CA81wKwSyyn7Cl/MqqDLy/qZw
Size	115712 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-HF [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Trj/Genetic.gen nProtect = Trojan/W32.Monder.115712.D K7AntiVirus = Riskware VirusBuster = Adware.Virtumonde.Gen.2 eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R01CCD8 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Win32.Trojan.Monder.co.5 McAfee-GW-Edition = Generic Malware.j!pec DrWeb = Trojan.WinSpy.1176 TrendMicro = TROJ_GEN.R01CCD8 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Vundo Jiangmin = Trojan/Generic.ijpf McAfee = Generic Malware.j!pec F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) eSafe = Win32.TRVundo F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.BHWY Norman = W32/Crypt.AWAT Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = Trojan.Vundo!gen9 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.qgj BitDefender = Gen:Variant.Vundo.4 NOD32 = Win32/Adware.Virtumonde.NHD
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:07:28 14:37:02-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 73728 Initialized Data Size : 90112 Uninitialized Data Size : 0 Entry Point : 0xe9c6 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.0.5.53 Product Version Number : 2.0.5.53 File Flags Mask : 0x30003f File Flags : Pre-release, Private build File OS : Windows 16-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Windows, Latin1 Active Movie : Filter dll OLE Self Register : AM20 Company Name : Intel Ereuuuegcnp File Description : Indeo® audio software File Version : 2.05.53 Internal Name : iac25_32.ax Legal Copyright : Copyright © Intel Corp. 1997 Original Filename : iac25_32.ax Product Name : Indeo® audio software Product Version : 2.05.53
VirusTotal Report submitted 2012-04-23 21:04:31
VirusShare info last updated 2012-07-26 01:55:13

	MD5	662c87bd6227f145e8b2f6fb736dc6a5
	SHA1	e88c2689514ba01795559ec5cb3218e634811cc1
	SHA256	fad4b2e84700ab1b95984e4176eeae91c2cf9dae1d6be4f6507e589ac851766b
SSDeep	1536:r+0qa7XQMJkQSQjwdW+BhIKFhNsKMfbcKNaOJ7xJcu:6B6dk1QjMWohI2hNefbpxJc
Size	72704 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/Win32.Monder.gen Ikarus = Trojan.Win32.Pirminay Panda = Suspicious file nProtect = Trojan/W32.Agent.72704.KC K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!Vcr/KYO/GoQ VBA32 = AdWare.SuperJuan.xfg eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R21C2H1 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Vundo!mb DrWeb = Trojan.Virtumod.10198 TrendMicro = TROJ_GEN.R21C2H1 Kaspersky = Trojan.Win32.Monder.mkbx Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen McAfee = Vundo!mb F-Secure = Trojan.Generic.6413304 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Cryptic.BPO Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Trojan.Generic.6413304 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Trojan.Generic.6413304 NOD32 = a variant of Win32/Kryptik.JHE
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:09:26 09:07:13-04:00 PE Type : PE32 Linker Version : 5.12 Code Size : 27648 Initialized Data Size : 80896 Uninitialized Data Size : 0 Entry Point : 0x792a OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.5600.613 Product Version Number : 6.0.5600.613 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : VIA Technologies Inc.,Ltd Internal Name : vsraid Original Filename : vsraid Product Name : VIA RAID driver File Description : VIA RAID DRIVER FOR X86-32 File Version : 6.0.5600,613 Product Version : 6.0.5600,613 Legal Copyright : Copyright (C) VIA Technologies 1992-2006 Legal Trademarks : Private Build : Special Build :
VirusTotal Report submitted 2012-04-12 09:06:28
VirusShare info last updated 2012-07-26 01:55:30

	MD5	6f981e574ba4bbf6dde8d1b95b69744e
	SHA1	71764ce5df8146b956befec5d6e39b5727aaf78c
	SHA256	1e23caa0600e6f2628a8b129f55736be30f835b43cd7eb6254e7f055efcaa860
SSDeep	3072:ZzYZClZKaHpjQZFwn3Po7FODcksCx7ymtlrpQoaAmlmyB7Hn:Z4YZK2BQfw3lDcksU7ymon
Size	146432 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.aba.1 Avast = Win32:MalOb-GD [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Generic Malware K7AntiVirus = Riskware eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R2EC2GL Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Vundo!ku DrWeb = Trojan.Virtumod.10409 TrendMicro = TROJ_GEN.R2EC2GL Kaspersky = Trojan.Win32.Monder.drjy Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen McAfee = Vundo!ku F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CD.gen!Eldorado AVG = Generic21.BEQD Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen Symantec = Trojan.Gen GData = Gen:Variant.Vundo.13 Commtouch = W32/Virtumonde.CD.gen!Eldorado BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2007:02:18 12:52:54-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 73728 Initialized Data Size : 114688 Uninitialized Data Size : 0 Entry Point : 0xee59 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1.0.35.0 Product Version Number : 1.0.35.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 1 Language Code : German Character Set : Unicode Comments : Company Name : Hewlett-Packard Bvhtqihodem File Description : File Version : 1.0.35.0 Internal Name : Legal Copyright : Copyright (C) Hewlett-Packard Corp. 1997-2002 Legal Trademarks : Original Filename : Private Build : Product Name : HP LaserJet Druckertreiber-Benutzeroberflächenerweiterung (hpcabout.dll) Product Version : 1.0.35.0 Special Build :
VirusTotal Report submitted 2012-03-30 07:31:57
VirusShare info last updated 2012-07-26 01:55:54

	MD5	75252ae88ddb53caeb3a644ea9c190da
	SHA1	924511fc2b041942db16ac0c6ae4fed868b8b8cf
	SHA256	c7180d7720e14f5c0a850f9bc769448f17ad9ab9dff71299c17d48e538daf67a
SSDeep	3072:weNgU/w3OObqPhqa6bbnH20LVoav52b8IJeOKC:w4Vb9ptEbnH5LF2jw
Size	155648 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:Vundo-JU [Trj] Antiy-AVL = Trojan/Win32.Monder.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Vundo Panda = Trj/CI.A nProtect = Trojan/W32.Vundo.155648.F K7AntiVirus = Riskware eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R47CDDK Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.WinSpy.1252 TrendMicro = TROJ_GEN.R47CDDK Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr Jiangmin = Trojan/Generic.irik McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.4 F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic21.BBCB Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = WS.Reputation.1 Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Gen:Variant.Vundo.4 NOD32 = Win32/Adware.Virtumonde.NHD
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:26 16:41:31-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 86016 Initialized Data Size : 102400 Uninitialized Data Size : 0 Entry Point : 0x1244e OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7000.0 Product Version Number : 6.1.7000.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 4 Language Code : English (U.S.) Character Set : Unicode Company Name : Uxthhdeui Psowbxeuwxd File Description : RDP Reflector Driver Miniport File Version : 6.1.7000.0 (winmain_win7beta.081212-1400) Internal Name : RDPREFMP.SYS Legal Copyright : © Rbnymbats Evjtimdxzbh. All rights reserved. Original Filename : RDPREFMP.SYS Product Name : Rfntuzsvd® Uxyqfjg® Gedouunyk Imlqkx Product Version : 6.1.7000.0
VirusTotal Report submitted 2012-04-21 08:31:44
VirusShare info last updated 2012-07-26 01:56:11

	MD5	c44f6a9600b0c8e84acf899d7d5e705a
	SHA1	6315d802250cc23d6b90847b56ce3bcee03b2710
	SHA256	a94cbf232a88b310dcc09df8ee50c2447575f7678aced24d7ee12cea2456fec9
SSDeep	1536:OxihC5DN/rDXYD9MAgHrZYWDep/pyd2TTfaKasYz6pa2Jn16QsOVaqlxxBVlUpd2:d6BT0D6ACYWSuYX/aBEbJnsq1xBVlUi
Size	122880 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-GD [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Genome Panda = Suspicious file nProtect = Trojan/W32.Vundo.122880.P K7AntiVirus = Riskware eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R4FC1IK Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[Cont] McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.Click1.63470 TrendMicro = TROJ_GEN.R4FC1IK Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Genome.akns McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic21.ALYC Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.13 Symantec = Trojan.Gen.2 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.llt BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.LLT
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:08:03 21:51:55-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 98304 Initialized Data Size : 57344 Uninitialized Data Size : 0 Entry Point : 0x149bd OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Qcfjrffwv Goniltyuaqw File Description : Todypdrme® InfoTech IR Local DLL File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : ITIRCL Legal Copyright : © Innghrpfk Fwsdatwywoy. All rights reserved. Original Filename : ITIRCL.DLL Product Name : Yyvmvgswn® Cttnpjc® Xgadslian System Product Version : 6.1.7600.16385
VirusTotal Report submitted 2012-04-19 10:49:49
VirusShare info last updated 2012-07-26 01:59:06

	MD5	fa99630244462f49a4801125fe0056fa
	SHA1	48400130d3fdf1cff02d298b24a8d3d8d79dd4fa
	SHA256	16149339e7eb252349788cc48ffffe1d6875e312504b31d6f47475b5eb27e452
SSDeep	6144:4uGzv2I+SmQDfzVnjUj5TM+HvbLNFLZ024lxeeidtxp/fQhAuL3:4zvF+SbDf5niRrv1FLZfKxeeidtH/du7
Size	261610 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:Pirminay-CU [Trj] Ikarus = Trojan.Win32.Jorik AhnLab-V3 = Trojan/Win32.Jorik Panda = Suspicious file nProtect = Trojan.Generic.6380082 K7AntiVirus = Riskware VirusBuster = Trojan.Injector!yIJOnAq2u4E VBA32 = TrojanDownloader.Qhost.jw TrendMicro-HouseCall = TROJ_GEN.R4FC3IC Emsisoft = Trojan.Win32.Jorik!IK McAfee-GW-Edition = Generic Malware.ap!pec DrWeb = Trojan.WinSpy.1014 TrendMicro = TROJ_GEN.R4FC3IC Kaspersky = Trojan.Win32.Jorik.Pirminay.bcv Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Jorik.K!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.hxys McAfee = Generic Malware.ap!pec F-Secure = Trojan.Generic.6380082 VIPRE = Trojan.Win32.Generic!BT AVG = Dropper.Generic4.RTM Norman = W32/Obfuscated.L Sophos = Troj/Virtum-Gen GData = Trojan.Generic.6380082 Symantec = Trojan.Gen TheHacker = Trojan/Jorik.Pirminay.dg BitDefender = Trojan.Generic.6380082 NOD32 = a variant of Win32/Injector.HZU
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 245760 Initialized Data Size : 16384 Uninitialized Data Size : 40960 Entry Point : 0x46d50 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 8.1.2327.0 Product Version Number : 8.1.2327.0 File Flags Mask : 0x003f File Flags : Pre-release, Private build File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : Neutral Character Set : Unicode Company Name : Pjxdvuviy Orlrbwtlnlr File Description : Xbhmasnkw IME 2002 File Version : 8.1.2327.0 Internal Name : IMESKDIC Legal Copyright : Copyright (C) 1995-2000 Tzwduwvbx Funekxjkvef. All rights reserved. Legal Trademarks : CejkvztjmQ is a registered trademark of Wmhwyymnf Mzrcpotropv. Cwuxmwn(TM) is a trademark of Dptzwbgex Isqjyjgagbx Original Filename : IMESKDIC.DLL Product Name : Qijapgdmv IME 2002 Product Version : 8.1.2327.0
VirusTotal Report submitted 2012-04-12 08:51:49
VirusShare info last updated 2012-07-26 02:00:59

	MD5	230e2f9d8e6c42e0e1dac61e780a1d2f
	SHA1	1c427ffe59b64683777ef9778f2de19a29e93513
	SHA256	310b05fabeb07f7bd23880c0f9cfe0ba77dedf00ac0f5302f64412a1bd48c26b
SSDeep	3072:0yWer0iCTGf6+1+aEwzxY8jV2ahxY+v60PnJ1gHDYaZjN7Lb9ZeKd4R1/1erm:0peILdA+dwemY+v60PsH7N3xZeKd4N
Size	234496 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = ADWARE/Adware.Gen Avast = Win32:Pirminay-CU [Trj] Antiy-AVL = Trojan/Win32.Qhost Ikarus = Trojan.Win32.Jorik AhnLab-V3 = Trojan/Win32.Jorik Panda = Generic Trojan nProtect = Trojan/W32.Agent.234496.CT K7AntiVirus = Trojan-Downloader VBA32 = TrojanDownloader.Qhost.jw TrendMicro-HouseCall = TROJ_GEN.R3FC3H3 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Jorik!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[Cont] McAfee-GW-Edition = Downloader.a!ht DrWeb = Trojan.DownLoader4.25488 ByteHero = Trojan.Win32.Heur.Gen TrendMicro = TROJ_GEN.R3FC3H3 Kaspersky = Trojan-Downloader.Win32.Qhost.jw Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Jorik.K!tr PCTools = Downloader.Generic Jiangmin = Trojan/Generic.hxys McAfee = Downloader.a!ht ClamAV = Trojan.Downloader-131470 F-Secure = Trojan.Generic.KDV.303177 VIPRE = Trojan.Win32.Generic!BT AVG = Dropper.Generic4.ROR Norman = W32/Obfuscated.L Sophos = Troj/Virtum-Gen Symantec = Downloader GData = Trojan.Generic.KDV.303177 TheHacker = Trojan/Downloader.Qhost.jw BitDefender = Trojan.Generic.KDV.303177 NOD32 = a variant of Win32/Injector.HZU
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 221184 Initialized Data Size : 16384 Uninitialized Data Size : 40960 Entry Point : 0x40610 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 8.1.2327.0 Product Version Number : 8.1.2327.0 File Flags Mask : 0x003f File Flags : Pre-release, Private build File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : Neutral Character Set : Unicode Company Name : Pjxdvuviy Orlrbwtlnlr File Description : Xbhmasnkw IME 2002 File Version : 8.1.2327.0 Internal Name : IMESKDIC Legal Copyright : Copyright (C) 1995-2000 Tzwduwvbx Funekxjkvef. All rights reserved. Legal Trademarks : CejkvztjmQ is a registered trademark of Wmhwyymnf Mzrcpotropv. Cwuxmwn(TM) is a trademark of Dptzwbgex Isqjyjgagbx Original Filename : IMESKDIC.DLL Product Name : Qijapgdmv IME 2002 Product Version : 8.1.2327.0
VirusTotal Report submitted 2012-03-30 02:51:33
VirusShare info last updated 2012-07-26 02:03:14

	MD5	2cc380ee9d3c3941c8c15755ba023625
	SHA1	3d4b7a2e85cd06353b26a6d2adb535a45e5dd177
	SHA256	1b77c7a8a6d41ca931ae069ed29338e6f5f76f9639dce4e5ec3335462942ca02
SSDeep	3072:vJvI2jJmmwVlUfm1sJhPaWUGJ8YU4RQjdWl9C9uKxTtAEz:m2li9gyWDHXC9uTu
Size	221184 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Pirminay Ikarus = Trojan.Win32.Pirminay K7AntiVirus = Trojan VirusBuster = Trojan.Mediyes!4o44lAQWqxw Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Artemis!2CC380EE9D3C Kaspersky = Trojan.Win32.Pirminay.rkk Fortinet = W32/Pirminay.RKK!tr McAfee = Artemis!2CC380EE9D3C F-Secure = Trojan.Generic.KDV.591516 VIPRE = Trojan.Win32.Generic!BT AVG = Agent3.BLOO Norman = W32/Troj_Generic.AXADE GData = Trojan.Generic.KDV.591516 BitDefender = Trojan.Generic.KDV.591516 NOD32 = a variant of Win32/Mediyes.F
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2012:03:16 22:11:11-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 151552 Initialized Data Size : 65536 Uninitialized Data Size : 0 Entry Point : 0x1470a OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.3.0.0 Product Version Number : 2.3.0.0 File Flags Mask : 0x0017 File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Works Ltd. File Description : Workstation Service Loader File Version : 2.3.0.0 Internal Name : wssl.dll Legal Copyright : (c) 2009 Works Ltd. Original Filename : wssl.dll Product Name : Workstation Service Loader Product Version : 2.3.0.0
VirusTotal Report submitted 2012-04-08 04:48:33
VirusShare info last updated 2012-07-26 02:03:48

	MD5	3035d3a89075af5c4e2b0af1572229bc
	SHA1	bda1e8523bbab60b2128453b15a68ad6da61ed09
	SHA256	a6dc9e335f65b68f3bcb3a5860243de0703327154a72d02e1c60fe82a5fbfd37
SSDeep	3072:BGVvIHj8immTQlUfcJDTzpamAlNs4cs5ZOsiK7udggzfGt+Xz:AaHIiNKRQmA35nCR9j
Size	221184 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Pirminay Ikarus = Trojan.Win32.Webprefix AhnLab-V3 = Trojan/Win32.Mediyes K7AntiVirus = Trojan VirusBuster = Trojan.Mediyes!yatZ9f7rjQ0 VBA32 = Trojan.Pirminay.rfi Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Webprefix!IK McAfee-GW-Edition = Artemis!3035D3A89075 Kaspersky = Trojan.Win32.Pirminay.rmt Fortinet = W32/Pirminay.RMT!tr McAfee = Generic.dx!bdzf F-Secure = Gen:Variant.Barys.596 F-Prot = W32/Mediyes.D.gen!Eldorado AVG = Agent3.BLOO Norman = W32/Troj_Generic.BDBOY GData = Gen:Variant.Zusy.4597 BitDefender = Gen:Variant.Barys.596 NOD32 = a variant of Win32/Mediyes.F
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2012:03:16 21:55:58-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 151552 Initialized Data Size : 65536 Uninitialized Data Size : 0 Entry Point : 0x1470a OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.3.0.0 Product Version Number : 2.3.0.0 File Flags Mask : 0x0017 File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Works Ltd. File Description : Workstation Service Loader File Version : 2.3.0.0 Internal Name : wssl.dll Legal Copyright : (c) 2009 Works Ltd. Original Filename : wssl.dll Product Name : Workstation Service Loader Product Version : 2.3.0.0
VirusTotal Report submitted 2012-04-17 05:00:02
VirusShare info last updated 2012-07-26 02:03:55

	MD5	432138a4241c4e34ad40c26ef8047ff1
	SHA1	272333205d1ecedf1d1b39303ad802b10aa3f21b
	SHA256	b64a60b0ed36645fdd06977c3eb230d473dbdcf0ed1b015ba6d31cc56c8f9c2c
SSDeep	3072:ys6Ohk+S9fhUnS7vKhguTLa1zVW2fwspd:h6OhjSphUWsgu/a9VTf7d
Size	109056 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Suspicious file Rising = Trojan.Win32.Generic.12477DBF K7AntiVirus = Riskware eTrust-Vet = Win32/Vundo.H!generic Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK DrWeb = Trojan.Virtumod.10109 Kaspersky = Trojan.Win32.Monder.nqcj Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr Jiangmin = Trojan/Genome.irc McAfee = Artemis!432138A4241C F-Secure = Gen:Variant.Vundo.13 VIPRE = Virtumonde F-Prot = W32/Virtumonde.BZ.gen!Eldorado Norman = W32/Kryptik.AIF GData = Gen:Variant.Vundo.13 Commtouch = W32/Virtumonde.BZ.gen!Eldorado BitDefender = Gen:Variant.Vundo.13 NOD32 = Win32/Adware.Virtumonde.NHD
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:07:31 01:52:33-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 94208 Initialized Data Size : 50688 Uninitialized Data Size : 0 Entry Point : 0x17e87 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Microsoft Smartcard Certificate Propagation Service File Version : 6.0.6000.16386 (vista_rtm.061101-2205) Internal Name : certprop.dll Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : certprop.dll Product Name : Microsoft® Windows® Operating System Product Version : 6.0.6000.16386
VirusTotal Report submitted 2012-04-07 16:37:43
VirusShare info last updated 2012-07-26 02:04:21

	MD5	6bec845b92db496dbd06b304536eb6e4
	SHA1	6635a95358184a82434af1615e964c88664753a8
	SHA256	4ad02354f276889d4e487de416b4592cd7f2359f30c7eda2810215efdd89c48c
SSDeep	3072:unlatxcjFrnySKdexohMqqDLy/z3leb3StwBP3:Gjrq2qqDLuz3YC
Size	163840 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-HF [Cryp] Antiy-AVL = Trojan/Win32.Agentb Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Genome Panda = Generic Trojan Rising = Trojan.Win32.Generic.1289D4A6 nProtect = Trojan/W32.Vundo.163840 K7AntiVirus = Riskware VirusBuster = Trojan.Vundo!KYwrH1Dfd2s eTrust-Vet = Win32/Vundo.HSA TrendMicro-HouseCall = TROJ_GEN.R01CCDG Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Agentb.o SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[Cont] McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.MulDrop2.36782 TrendMicro = TROJ_GEN.R01CCDG Kaspersky = Trojan.Win32.Agentb.o Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Vundo Jiangmin = Trojan/Agentb.cx McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.13 VIPRE = Virtumonde eSafe = Win32.TRVundo F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.XKR Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.13 Symantec = Trojan.Vundo!gen9 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Genome.sqnn BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:11:21 12:22:13-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 86016 Initialized Data Size : 118784 Uninitialized Data Size : 0 Entry Point : 0x11a2e OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2006.0.6002.18005 Product Version Number : 2006.0.6002.18005 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Bmegpaqab Mfcusoydrec File Description : XML Filter File Version : 2006.0.6002.18005 (lh_sp2rtm.090410-1830) Internal Name : XmlFilter.dll Legal Copyright : © Ylseaasvc Trxfagykvyt. All rights reserved. Original Filename : XmlFilter.dll Product Name : Gxbclscqv® Lnouggl® Anoekhhks Trbozz Product Version : 2006.0.6002.18005
VirusTotal Report submitted 2012-04-25 23:56:46
VirusShare info last updated 2012-07-26 02:05:50

	MD5	93232705c84a85d38a24cad9862c554e
	SHA1	421743948caa9590a4fb0229552d1d1859c59bcf
	SHA256	e2f53711fd191734899237a610abc9b8a4cde5a8a9989ae5a1bede6d47def28d
SSDeep	3072:2cI67ohXYVYFn9R9BOrDcCnW03lvNlC3sse3OqdScR:jgoCoQqDvacR3V
Size	112128 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-GD [Cryp] Antiy-AVL = Trojan/Win32.Genome Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.HDC Panda = Suspicious file nProtect = Trojan/W32.Vundo.112128.B K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!EMyg2izjmBU eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R29C1IA Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Genome.yyew McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.WinSpy.1261 TrendMicro = TROJ_GEN.R29C1IA Kaspersky = Trojan.Win32.Genome.yyew Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Genome.YYEW!tr PCTools = Trojan.Gen McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.13 VIPRE = Virtumonde F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.ZVC Norman = W32/Kryptik.AIF Sophos = Mal/Generic-L GData = Gen:Variant.Vundo.13 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Genome.yyew BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.NDI
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:18 16:37:34-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 61440 Initialized Data Size : 94208 Uninitialized Data Size : 0 Entry Point : 0xc171 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 0.3.0.0 Product Version Number : 6.0.5479.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 1 Language Code : English (U.S.) Character Set : Unicode Company Name : Mujugavzr Ipyszyqabbe File Description : Canon BJ Mini Printer Driver File Version : 6.0.5479.0 (vbl_wcp_d2_drivers.060616-1619) Internal Name : CNB80.DLL Legal Copyright : © Ckepiclsx Uzudgoymaxf. All rights reserved. Original Filename : CNB80.DLL Product Name : Xlzuhwnww® Qcleyez® Cqlthejky Zxanjr Product Version : 6.0.5479.0
VirusTotal Report submitted 2012-04-04 14:54:10
VirusShare info last updated 2012-07-26 02:08:52

	MD5	a9f2a90670e5bdc0f23d74abf072a491
	SHA1	475c170a582f2565a19ede6ab1c1d0c0a16d1332
	SHA256	02dce9c797720514c556ccdd7ab1ea25eab5c21512f9f7e0da4c74d3c8e7aff7
SSDeep	3072:8VssWq+3MWZE+fVT0Pjpp/bdZiaSZUGVb4q4GGFBHi0MvU2VtpJ80M:TF3MG9VWppDXS3bHABHi0McC2
Size	221184 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay Panda = Trj/CI.A nProtect = Trojan/W32.Agent.221184.ACB VBA32 = Trojan.Pirminay.rdg Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Artemis!A9F2A90670E5 DrWeb = Trojan.Hosts.5792 Kaspersky = Trojan.Win32.Pirminay.rdt Microsoft = Trojan:Win32/Mediyes.C Fortinet = W32/Mediyes.FA!tr Jiangmin = Trojan/Pirminay.aqi McAfee = Artemis!A9F2A90670E5 VIPRE = Trojan.Win32.Generic!BT AVG = Agent.7.G Norman = W32/Troj_Generic.BIEYQ GData = Win32:Malware-gen Symantec = Trojan.Gen TheHacker = Trojan/Pirminay.rdo NOD32 = a variant of Win32/Mediyes.F
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2012:03:23 00:06:38-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 151552 Initialized Data Size : 65536 Uninitialized Data Size : 0 Entry Point : 0x14a1a OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-04-26 06:24:12
VirusShare info last updated 2012-07-26 02:10:46

	MD5	abd53d00afe618ba4277599b556fa0c4
	SHA1	5afe51c4b5da03acbac9b2366cb875076e6916f6
	SHA256	6a1f3c6e5c9aedcc00de013bf0a8865e46fe84ba876d059d5b38c6806d72b068
SSDeep	1536:b+9ShfuqM45OM4HG+GaV5g7XolN7gyQzBE9C2ejLn8Zd8NG+I:bH5OMuGPolN7vK2QYZd8NpI
Size	70656 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!qeVUYdmv+BA eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R4FC2GG Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Vundo!lg DrWeb = Trojan.Click1.60688 TrendMicro = TROJ_GEN.R4FC2GG Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen McAfee = Vundo!lg F-Secure = Gen:Variant.Graftor.310 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.APVO Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Graftor.310 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.ndp BitDefender = Gen:Variant.Graftor.310 NOD32 = probably a variant of Win32/Kryptik.SYI
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:05:10 03:51:51-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 24576 Initialized Data Size : 90112 Uninitialized Data Size : 0 Entry Point : 0x32e1 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.44.2.32 Product Version Number : 6.44.2.32 File Flags Mask : 0x003f File Flags : Private build File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Unicode Company Name : LSI Logic Corporation File Description : MegaRAID RAID Controller Driver for Qikzzbt Server 2003 for x86 File Version : 6.44.2.32 (NT.040809-2325) Internal Name : mraid35x.sys Legal Copyright : Copyright © LSI Logic Jofzefivxlc Original Filename : mraid35x.sys Product Name : MegaRAID Miniport Driver for Gviblmu Server 2003 for x86 Product Version : 6.44.2.32
VirusTotal Report submitted 2012-04-04 09:47:22
VirusShare info last updated 2012-07-26 02:11:02

	MD5	da4abf3b1946c2417b054318dce5ecca
	SHA1	f4fd2fc24ed8482281f287c099de9ce3d3f24038
	SHA256	545214e52b85f3f22bf5f6dc404da40d01ab05a1c93ca0ae58bb8b4b178ac7bc
SSDeep	3072:pD26hpfKsEo2pvnFZPCMW5LNPCVpXUt1hMfD:ZZZEo2DW5FL
Size	118784 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay Panda = Suspicious file nProtect = Trojan.Generic.KDV.605265 K7AntiVirus = Riskware VBA32 = AdWare.SuperJuan.heur eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R01CDDM Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Vundo!pe DrWeb = Trojan.WinSpy.1558 TrendMicro = TROJ_GEN.R01CDDM Kaspersky = Trojan.Win32.Genome.afbod Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Menti.fam!tr PCTools = Trojan.Vundo Jiangmin = Trojan/Genome.bkse McAfee = Vundo!pe F-Secure = Trojan.Generic.KDV.605265 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic21.VBK Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen Symantec = Trojan.Vundo!gen9 GData = Trojan.Generic.KDV.605265 Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Trojan.Generic.KDV.605265 NOD32 = a variant of Win32/Kryptik.HUO
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:24 01:10:51-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 61440 Initialized Data Size : 90112 Uninitialized Data Size : 0 Entry Point : 0xf5ae OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Microsoft DHCP Server Migration Lib File Version : 6.0.6000.16386 (vista_rtm.061101-2205) Internal Name : DhcpSrvMigPlugin Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : DhcpSrvMigPlugin.DLL Product Name : Microsoft® Windows® Operating System Product Version : 6.0.6000.16386
VirusTotal Report submitted 2012-04-24 16:04:59
VirusShare info last updated 2012-07-26 02:13:52

	MD5	e77fa43f7ed7740c59d77613fbb76c25
	SHA1	f532e7341e7dcc59f4494e19a4609096f6ebaead
	SHA256	8b3507986953bd23adede969a34724c6a33555b0b88256d505f39f86d66d25fc
SSDeep	1536:FBoTYRZHZdQWd1JxRJECpbWgaE/GSwIdWwgoUD4vA7jnmDwRfojeomoZW0y:fosRBZdVRqCpbvulIPIDWA7jneHjeoma
Size	91136 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-GD [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder K7AntiVirus = Riskware eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R4FC2GH Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[Cont] McAfee-GW-Edition = Vundo!lj DrWeb = Trojan.Juan.432 TrendMicro = TROJ_GEN.R4FC2GH Kaspersky = Trojan.Win32.Monder.drjy Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Monder.BMF!tr PCTools = Trojan.Gen Jiangmin = Adware/SuperJuan.mz McAfee = Vundo!lj F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic21.CORW Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.13 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Monder.drjy BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.NDC
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:04:23 08:31:46-04:00 PE Type : PE32 Linker Version : 5.0 Code Size : 36864 Initialized Data Size : 98304 Uninitialized Data Size : 0 Entry Point : 0x68da OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 8.1.3124.0 Product Version Number : 8.1.3124.0 File Flags Mask : 0x003f File Flags : Pre-release, Private build File OS : Win32 Object File Type : Executable application File Subtype : 0 Language Code : Neutral Character Set : Unicode Company Name : Ejlwccyyz Drksjuvlnje File Description : Drslhxwea IME 2002 File Version : 8.1.3124.0 Internal Name : MS-IME 2002 Legal Copyright : Copyright (C) 1995-2000 Qfcjsgkmv Zmsfkjxzypx. All rights reserved. Legal Trademarks : XruycnsnrR is a registered trademark of Nikighixo Euphcltvnkl. Xqfinny(TM) is a trademark of Eymmzioeq Wqkjbukmmtj Original Filename : IMEPADSM.DLL Product Name : Rwweklwyu IME 2002 Product Version : 8.1.3124.0
VirusTotal Report submitted 2012-04-08 08:19:49
VirusShare info last updated 2012-07-26 02:14:43

	MD5	f6b082d9699512a5fdd30ee245d3111e
	SHA1	e355c5ce2079290e9ddbfa1e39c67b995a42d916
	SHA256	b1ab2876e463cf083fd0c151abdc54387a8e6d7263fefd4a0b8124263efe66e5
SSDeep	3072:ol7Vt2ChrKgCWf3ztf3HVsMBCxn5R8ZEXz:QUErssz1VLBCp5cE
Size	102400 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/Win32.Monder.gen Ikarus = Trojan.Win32.Pirminay Rising = Trojan.Win32.Generic.12477A1D nProtect = Trojan/W32.Agent.102400.AGU K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!lvyNdfzEwUM VBA32 = Trojan.Monder.mrwp eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R4FC2DL Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Artemis!F6B082D96995 DrWeb = Trojan.Virtumod.10344 TrendMicro = TROJ_GEN.R4FC2DL Kaspersky = Trojan.Win32.Monder.nmvp Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Monder.adnt McAfee = Artemis!F6B082D96995 F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.BZ.gen!Eldorado AVG = Vundo.MH Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.BZ.gen!Eldorado BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.GND
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:04:08 08:39:21-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 51200 Initialized Data Size : 86528 Uninitialized Data Size : 0 Entry Point : 0xd651 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 3.2.0.27 Product Version Number : 3.2.0.27 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : File Description : TSHOOT Module File Version : 3.2.0.27 Internal Name : TSHOOT Legal Copyright : Copyright 2000 Legal Trademarks : OLE Self Register : Original Filename : TSHOOT.DLL Private Build : Product Name : TSHOOT Module Product Version : 3.2.0.27 Special Build :
VirusTotal Report submitted 2012-04-11 16:53:10
VirusShare info last updated 2012-07-26 02:15:50

	MD5	1697d0f7597ca0d647b9f37954823f6a
	SHA1	9828432e974c201043c49fc4f079bcc537b2d461
	SHA256	50c09b6b5274c3f844eaeb0265927e13e612f8c7f91c4cee6ccaca44e696693d
SSDeep	3072:dEm8QRlA3aNkRAyTddoNxARag44LJ3Jh9ypXcdJ9XfUfCwhw:dESeZqxJspJip
Size	127488 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-HH [Cryp] Ikarus = Gen.Variant.Vundo AhnLab-V3 = Trojan/Win32.Pirminay Rising = Trojan.Win32.Generic.1253726C nProtect = Trojan/W32.Pirminay.127488 K7AntiVirus = Riskware VBA32 = Trojan.Pirminay.jxo eTrust-Vet = Win32/Vundo.H!generic Emsisoft = Gen.Variant.Vundo!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Vundo!pj DrWeb = Trojan.Siggen2.15308 Kaspersky = Trojan.Win32.Monder.nthg Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr Jiangmin = Trojan/Pirminay.ff McAfee = Vundo!pj F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.BZ.gen!Eldorado AVG = Vundo.MH Norman = Pirminay.A GData = Gen:Variant.Vundo.13 Commtouch = W32/Virtumonde.BZ.gen!Eldorado TheHacker = Trojan/Pirminay.mdp BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.HNY
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:10:24 13:20:26-04:00 PE Type : PE32 Linker Version : 5.12 Code Size : 52736 Initialized Data Size : 108544 Uninitialized Data Size : 0 Entry Point : 0xdbfd OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.1830 Product Version Number : 5.2.3790.1830 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : System Information File Version : 5.2.3790.1830 (srv03_sp1_rtm.050324-1447) Internal Name : msinfo32.exe Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : msinfo32.exe Product Name : Microsoft® Windows® Operating System Product Version : 5.2.3790.1830
VirusTotal Report submitted 2012-05-10 10:42:25
VirusShare info last updated 2012-07-26 02:19:41

	MD5	2926c74c1d49e7452b5c6ffdf8635996
	SHA1	91753e6f7ae11707db68f1f19e6bf50b17c5af3d
	SHA256	2b69171cafbf89c57ab7b8225d6302090d83168f63e82addb6889215bd33997a
SSDeep	3072:kCXgrq7T+N9b/8Ly83dE+rQdLtlUxloY1ZD:kBqi50Ly0dEOmXUxlL
Size	176128 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.ZPACK.Gen2 Avast = Win32:Diller-AF [Trj] Ikarus = Trojan.Win32.Pirminay K7AntiVirus = Riskware Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Artemis!2926C74C1D49 Fortinet = W32/Ponmocup.AZ!tr McAfee = Artemis!2926C74C1D49 VIPRE = Trojan.Win32.Generic!BT AVG = Agent3.BNVL Norman = W32/Kryptik.AIF GData = Gen:Variant.Barys.2146 TheHacker = Trojan/Ponmocup.cf BitDefender = Gen:Variant.Barys.2146 NOD32 = a variant of Win32/Ponmocup.CF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2012:04:23 20:00:00-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 118784 Initialized Data Size : 53248 Uninitialized Data Size : 0 Entry Point : 0x13c3b OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-05-05 14:00:32
VirusShare info last updated 2012-07-26 02:20:23

	MD5	2d188ad0c6b6f701aa97eb807387f754
	SHA1	699cbb49ae4e6881e9badb3beabe00162a16c56b
	SHA256	5a19ee5db2510b731ffd3296ca7c6856bb47f7389d44591b0267475e7de9e8ea
SSDeep	3072:hzjnfsD31Oc9HpDdIFv3KvvZR1QbHessfo78Zx:hzrC319HD4A+b+7Fx
Size	139264 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-GD [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Vundo nProtect = Trojan/W32.Vundo.139264.H K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!MsUZ3JbpNzk eTrust-Vet = Win32/Vundo.H!generic Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.WinSpy.1558 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Vundo Jiangmin = Trojan/Generic.iyhg McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.AHIF Norman = W32/Kryptik.AIF Symantec = Trojan.Vundo!gen9 GData = Gen:Variant.Vundo.4 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.lxf BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:15 15:57:49-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 110592 Initialized Data Size : 61440 Uninitialized Data Size : 0 Entry Point : 0x187fe OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Oofliulhg Qhdxsrckdmy File Description : Function Discovery Proxy Dll File Version : 6.0.6000.16386 (hujgw_rtm.061101-2205) Internal Name : fdProxy Legal Copyright : © Olfpaijju Pqznqjacapz. All rights reserved. Original Filename : fdProxy.dll Product Name : Tulfxhygq® Nruxsns® Vckhgghxa Cgkxrj Product Version : 6.0.6000.16386
VirusTotal Report submitted 2012-05-09 21:27:36
VirusShare info last updated 2012-07-26 02:20:31

	MD5	47cc23eca235e578909063eb1aa6ec93
	SHA1	802ca10eef9673c305f272cf2faf78fd72976e9f
	SHA256	0dd610d0cf3a6896148498efdf57276d4a708089a727709ba0c8e3d5dfa3e39f
SSDeep	3072:pItTnbiIv2rUnvjfgVhhqFArie0/0NkFfUldMqqDLy/YR+9:pquav8qFw0skFffqqDLuV
Size	137216 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-HF [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Genome Panda = Suspicious file Rising = Trojan.Win32.Generic.129C5DC5 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!SXbVSzAc/YY eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R4FC2IE Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Vundo.av SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[Cont] McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.Click2.286 TrendMicro = TROJ_GEN.R4FC2IE Kaspersky = Trojan.Win32.Genome.vveo Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.iptc McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.4 VIPRE = Virtumonde eSafe = Win32.TRVundo F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.AUN Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.llt BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LLT
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:05 17:20:27-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 73728 Initialized Data Size : 114688 Uninitialized Data Size : 0 Entry Point : 0xe2ca OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.2180 Product Version Number : 5.1.2600.2180 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 6 Language Code : English (U.S.) Character Set : Unicode Company Name : Keixqbqdc Bwvleejxlrx File Description : IPv6 Tfwssbn Firewall Driver File Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Internal Name : ip6fw.sys Legal Copyright : © Capanacsh Bngdmkceeph. All rights reserved. Original Filename : ip6fw.sys Product Name : Kdgurrwrx® Bddpqkb® Xxzlbjwzi System Product Version : 5.1.2600.2180
VirusTotal Report submitted 2012-05-07 04:23:56
VirusShare info last updated 2012-07-26 02:21:50

	MD5	63f804a1dfc77ff047ecaea0d0df5f9a
	SHA1	702f1713ac76569233081054480ab0b1bdc24003
	SHA256	34110c8b1000d8877a9c2d9fc839e017d689a39189cffc5fea078089d3e24421
SSDeep	3072:Jj2qe4MWeE+fTV0PlrPEXaa64Gy4IHCA9c/NEPudtpZ5:Il4Mp9Tg+f69UFc/NEGZj
Size	221184 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay Panda = Trj/CI.A nProtect = Trojan/W32.Agent.221184.ACT VBA32 = Trojan.Pirminay.rdg Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Artemis!63F804A1DFC7 DrWeb = Trojan.Hosts.5792 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Mediyes.C Fortinet = W32/Mediyes.FA!tr Jiangmin = Trojan/Pirminay.aqi McAfee = Artemis!63F804A1DFC7 F-Secure = Trojan.Generic.KDV.608292 VIPRE = Trojan.Win32.Generic!BT F-Prot = W32/Mediyes.D2.gen!Eldorado AVG = Agent.7.G Norman = W32/Troj_Generic.BLLWW GData = Trojan.Generic.KDV.608292 Symantec = Trojan.Gen BitDefender = Trojan.Generic.KDV.608292 NOD32 = a variant of Win32/Mediyes.F
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2012:03:23 01:46:22-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 151552 Initialized Data Size : 65536 Uninitialized Data Size : 0 Entry Point : 0x14a1a OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-04-30 03:22:54
VirusShare info last updated 2012-07-26 02:23:17

	MD5	65ec0ca41a86c1902e375228741dc5f0
	SHA1	2fd9c401579351b6235c50d8de70f75c7ed615cf
	SHA256	6e3ccda387d64e9ee9dd602da1ade08292e32af579a58590b823f6347f5b2df3
SSDeep	3072:h8KRlZ/eJpeo3k1Uh883HqtW3girRfflgcIACjg0YcYmbRIryLcfBq8vOOW:ZkVAAtKtuJecaYJmbRrGBqQW
Size	102912 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.307200 Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Vundo Panda = Trj/Genetic.gen nProtect = Trojan/W32.Vundo.102912.C K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!c8qpbpH2rAI eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R4FC2GT Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Generic Malware.ms TrendMicro = TROJ_GEN.R4FC2GT Kaspersky = HEUR:Trojan.Win32.Generic ViRobot = Trojan.Win32.Vundo.102912 Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.gddy McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CD.gen!Eldorado AVG = Generic22.BFHJ Norman = W32/Kryptik.AIF Symantec = Trojan.Gen.2 GData = Gen:Variant.Vundo.13 Commtouch = W32/Virtumonde.CD.gen!Eldorado TheHacker = Trojan/Kryptik.lxf BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:08:15 19:44:32-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 53248 Initialized Data Size : 90112 Uninitialized Data Size : 0 Entry Point : 0xa8a5 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6001.18000 Product Version Number : 6.0.6001.18000 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Crspatyrt Iiavhzuekfy File Description : Inttonhuv EAPHost Peer Client DLL File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840) Internal Name : eappprxy.dll Legal Copyright : © Tmzeezucf Orpcjqwwmcj. All rights reserved. Original Filename : eappprxy.dll Product Name : Egasnptin® Klrcaac® Cbpvxbcoj Nvuogg Product Version : 6.0.6001.18000
VirusTotal Report submitted 2012-04-15 21:14:13
VirusShare info last updated 2012-07-26 02:23:27

	MD5	77a66176948a59fbc96b28a6bafd2ec3
	SHA1	878b406d6cbca46dfc89981b868a906774ad42d5
	SHA256	7190e0f7b6569bfa75b9b57e9058f6d7e4fb6dbeec846cb9632448eb83283ff8
SSDeep	3072:0231hN1hrkyqyDTa2m233a0DS1hyE8SvTP1J6cBLdG74LKjtzMoM:dpT7xaaqSEb1B9qo
Size	212992 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay Panda = Trj/Genetic.gen nProtect = Trojan/W32.Agent.212992.AIR K7AntiVirus = Riskware VBA32 = Trojan.Pirminay.rez Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Artemis!77A66176948A DrWeb = Trojan.Hosts.5800 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Mediyes.C Fortinet = W32/Mediyes.FA!tr PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.aqj McAfee = Artemis!77A66176948A F-Secure = Gen:Variant.Barys.1155 VIPRE = Trojan.Win32.Generic!BT F-Prot = W32/Mediyes.D2.gen!Eldorado AVG = Agent3.BLOQ Norman = W32/Troj_Generic.BLNCT GData = Gen:Variant.Barys.1155 Symantec = Trojan.Gen TheHacker = Trojan/Pirminay.rfl BitDefender = Gen:Variant.Barys.1155 NOD32 = probably a variant of Win32/Mediyes.F
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2011:12:28 21:04:28-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 147456 Initialized Data Size : 61440 Uninitialized Data Size : 0 Entry Point : 0x1363a OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-05-02 19:17:35
VirusShare info last updated 2012-07-26 02:24:21

	MD5	83db3be9a54323ce96abb5753deb4144
	SHA1	99586fd748bf4802cf98f17fda305802262173eb
	SHA256	885dcfcc543282b3d677ab037499073c67cc82100583033cf57e32f5b98f4d3a
SSDeep	3072:tpI3altOdknYyDRuyrqlaNIgS3R1h4Fp+tZbGYrH:wG+CdA04hIcaYr
Size	212992 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Mediyes nProtect = Trojan.Generic.KDV.607327 K7AntiVirus = Trojan VirusBuster = Trojan.Mediyes!rMALVkbZHZY VBA32 = Trojan.Pirminay.rti eTrust-Vet = Win32/Mediyes.A!generic Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Artemis!83DB3BE9A543 DrWeb = Trojan.Hosts.5800 Kaspersky = Trojan.Win32.Pirminay.rps Microsoft = Trojan:Win32/Mediyes.C Fortinet = W32/Pirminay.D!tr PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.aqr McAfee = Artemis!83DB3BE9A543 F-Secure = Trojan.Generic.KDV.607327 VIPRE = Trojan.Win32.Generic!BT F-Prot = W32/Mediyes.D.gen!Eldorado AVG = Generic27.CLAS Norman = W32/Troj_Generic.BOUGK Sophos = Mal/Mediyes-D GData = Trojan.Generic.KDV.607327 Symantec = Trojan.Gen Commtouch = W32/Mediyes.D.gen!Eldorado BitDefender = Trojan.Generic.KDV.607327 NOD32 = probably a variant of Win32/Mediyes.F
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2011:12:17 22:25:53-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 147456 Initialized Data Size : 61440 Uninitialized Data Size : 0 Entry Point : 0x1356a OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.3.0.0 Product Version Number : 2.3.0.0 File Flags Mask : 0x0017 File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Works Ltd. File Description : Workstation Service Loader File Version : 2.3.0.0 Internal Name : wssl.dll Legal Copyright : (c) 2009 Works Ltd. Original Filename : wssl.dll Product Name : Workstation Service Loader Product Version : 2.3.0.0
VirusTotal Report submitted 2012-05-09 21:36:03
VirusShare info last updated 2012-07-26 02:24:53

	MD5	8c8ecd2fb299736b11f3c0ac81f6528f
	SHA1	65fa1bf468d0e34bca5f0930c6f46bbdfb14652d
	SHA256	d6f321f9d957e1a1abd9d4a9e1569cdeb313d21dfcc56a62ae24b19a6dc7553a
SSDeep	1536:tnzdTqkodN3qQcSS5W1yiWhvwBOqIz1x:phoPaRDzqI5x
Size	106496 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-GD [Cryp] Antiy-AVL = Trojan/Win32.Monder.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Variant.106496.CH Panda = Trj/CI.A K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!uTa231N4wyA eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R4FC2GF Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Win32.Trojan.Monder.cc.5 SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[Cont] McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.Smardec.76 TrendMicro = TROJ_GEN.R4FC2GF Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Monder.BMF!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.ipss McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CP.gen!Eldorado AVG = Generic22.ACPU Norman = W32/Kryptik.AIF Sophos = Mal/Generic-L GData = Gen:Variant.Vundo.13 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CP.gen!Eldorado TheHacker = Trojan/Kryptik.ndc BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.NDC
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:11:03 15:11:13-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 20480 Initialized Data Size : 118784 Uninitialized Data Size : 0 Entry Point : 0x285e OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Ctwzhcunz Yqkslirlifg File Description : SCardDlg - Smart Card Common Dialog File Version : 6.0.6000.16386 (oyzlh_rtm.061101-2205) Internal Name : SCardDlg.dll Legal Copyright : © Aaidkyfuy Sphxtbjtbyu. All rights reserved. Original Filename : SCardDlg.dll Product Name : Rdwsfslrj® Irdlbjv® Fppgzaies Fdfkwz Product Version : 6.0.6000.16386
VirusTotal Report submitted 2012-04-29 06:30:15
VirusShare info last updated 2012-07-26 02:25:16

	MD5	a41e49d42c52f7dc648412b560958564
	SHA1	cfb80153db05e4344983c0656de6bf1509c1a488
	SHA256	5f239adf4c275435b4dc82c079ae43903135712382282ade6e1e1be0a6655868
SSDeep	3072:QDEUwzGZdU9X2S7q43QOdJPLhuUL7No2lkNM99vE4L2vj+sdABOWcntZipr5TUPJ:5t0dkX2pUNTaQ5E4Svj+s6BDcnR
Size	159744 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Vundo Panda = Suspicious file nProtect = Trojan/W32.Monder.159744.B K7AntiVirus = Riskware VBA32 = AdWare.SuperJuan.heur eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R4FC2GG Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Vundo.Gen SUPERAntiSpyware = Trojan.Agent/Gen-Vundo McAfee-GW-Edition = Vundo!lu DrWeb = Trojan.Virtumod.10300 TrendMicro = TROJ_GEN.R4FC2GG Kaspersky = Trojan.Win32.Genome.afdvh Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.iuwy McAfee = Vundo!lu F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic27.CDQY Norman = W32/Suspicious_Gen2.QEOZW Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen.2 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.laq BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LAQ
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:20 15:09:33-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 102400 Initialized Data Size : 90112 Uninitialized Data Size : 0 Entry Point : 0x19814 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Program Compatibility Assistant File Version : 6.0.6000.16386 (vista_rtm.061101-2205) Internal Name : Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : Product Name : Microsoft® Windows® Operating System Product Version : 6.0.6000.16386
VirusTotal Report submitted 2012-05-09 09:48:06
VirusShare info last updated 2012-07-26 02:26:15

	MD5	b3048adadebeca0fbd1278db4e3ed601
	SHA1	302e6f09290cbfe7419d565a58a9a5c983eb8ccd
	SHA256	82b80608c7263720e0d767535a0cc081a631da7f5d06e4fa4480716a1e1a57ae
SSDeep	3072:9nWvIrjYmm8flUfb6y/obaswiPM4cFsOZADNCV/6lAcBettLzB:5rMWiums751UVQAcEn
Size	221184 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Webprefix AhnLab-V3 = Trojan/Win32.Mediyes nProtect = Trojan/W32.Agent.221184.ACU K7AntiVirus = Trojan VirusBuster = Trojan.Mediyes!awi3hs4899E VBA32 = Trojan.Pirminay.rfz eTrust-Vet = Win32/Mediyes.A!generic Emsisoft = Trojan.Win32.Webprefix!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Artemis!B3048ADADEBE DrWeb = Trojan.Hosts.5806 Kaspersky = Trojan.Win32.Pirminay.rfz Microsoft = Trojan:Win32/Mediyes.C Fortinet = W32/Mediyes.FA!tr Jiangmin = Trojan/Pirminay.aqm McAfee = Artemis!B3048ADADEBE F-Secure = Gen:Variant.Barys.596 VIPRE = Trojan.Win32.Generic!BT F-Prot = W32/Mediyes.D.gen!Eldorado AVG = Agent3.BLOO Sophos = Mal/Mediyes-D GData = Gen:Variant.Barys.596 Commtouch = W32/Mediyes.D.gen!Eldorado TheHacker = Trojan/Mediyes.f BitDefender = Gen:Variant.Barys.596 NOD32 = a variant of Win32/Mediyes.F
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2012:03:16 21:39:11-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 151552 Initialized Data Size : 65536 Uninitialized Data Size : 0 Entry Point : 0x1470a OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.3.0.0 Product Version Number : 2.3.0.0 File Flags Mask : 0x0017 File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Works Ltd. File Description : Workstation Service Loader File Version : 2.3.0.0 Internal Name : wssl.dll Legal Copyright : (c) 2009 Works Ltd. Original Filename : wssl.dll Product Name : Workstation Service Loader Product Version : 2.3.0.0
VirusTotal Report submitted 2012-05-06 08:42:16
VirusShare info last updated 2012-07-26 02:26:38

	MD5	b4785a6545f336fe46cb7b3f7ba940b7
	SHA1	42f21252b397360f39bcff89409b9fa616997ed3
	SHA256	3e5e48ff029cf5775af3315d8fb590829b9ce9bad50a4cabc00ad0af163453ce
SSDeep	3072:7FfwvIWjzmmzWlUfzm8bvmalxsseYveeTVYMWOS6kxzNo/Mta6W:hpW3dTHTl+v/O/kj0X
Size	221184 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Webprefix Panda = Suspicious file nProtect = Trojan.Generic.KDV.609032 K7AntiVirus = Trojan VBA32 = Trojan.Pirminay.rfi Emsisoft = Trojan.Win32.Webprefix!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Artemis!B4785A6545F3 DrWeb = Trojan.Hosts.5806 Kaspersky = Trojan.Win32.Pirminay.rtq Microsoft = Trojan:Win32/Mediyes.C Fortinet = W32/Mediyes.FA!tr Jiangmin = Trojan/Pirminay.aqo McAfee = Artemis!B4785A6545F3 F-Secure = Trojan.Generic.KDV.609032 VIPRE = Trojan.Win32.Generic!BT AVG = Agent3.BLOO Norman = W32/Troj_Generic.BLPCN GData = Trojan.Generic.KDV.609032 BitDefender = Trojan.Generic.KDV.609032 NOD32 = a variant of Win32/Mediyes.F
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2012:03:16 21:51:57-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 151552 Initialized Data Size : 65536 Uninitialized Data Size : 0 Entry Point : 0x1470a OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-04-28 08:12:33
VirusShare info last updated 2012-07-26 02:26:40

	MD5	e9451b4df3ef31e057838214e59a73ef
	SHA1	3925c241891f43711bdffd6d7e2c8de9f1cce7df
	SHA256	97c4e3a8a64210080ff55dff27702f80a70f150537ac151c514007d1bc4ced38
SSDeep	3072:7ZWq+1MWnE+fwyV0PXrnGyp/aJ0j4nQxF6MwDMWd4t9DwM:w11Mw9w9XpiJdhMwAEAz
Size	221184 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay VBA32 = Trojan.Pirminay.rdg Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK DrWeb = Trojan.Hosts.5792 Microsoft = Trojan:Win32/Mediyes.C Fortinet = W32/Mediyes.F!tr Jiangmin = Trojan/Pirminay.aqi VIPRE = Trojan.Win32.Generic!BT AVG = Agent.7.G GData = Win32:Malware-gen TheHacker = Trojan/Pirminay.rds NOD32 = a variant of Win32/Mediyes.F
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2012:03:23 01:11:21-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 151552 Initialized Data Size : 65536 Uninitialized Data Size : 0 Entry Point : 0x14a1a OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-04-29 11:29:25
VirusShare info last updated 2012-07-26 02:28:39

	MD5	f70ac2fff0b673fec6eeee466ca78946
	SHA1	74f764b934e821fdadfea02ad90b8ea4d19115bc
	SHA256	a6ebcd87033f1d34bf98ef9d106fb83e7aebad47b804cd2cb4724ff2ce0c8280
SSDeep	3072:Fomh916rkuxyDNIXdLsC9sa9yFxysASP55pegcCrvitS+YM:7Avf99l9sP8gcCrle
Size	212992 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay Panda = Trj/CI.A nProtect = Trojan/W32.Agent.212992.AIR VBA32 = Trojan.Pirminay.rez Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Artemis!F70AC2FFF0B6 DrWeb = Trojan.Hosts.5800 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Mediyes.C Fortinet = W32/Mediyes.FA!tr Jiangmin = Trojan/Pirminay.aqj McAfee = Artemis!F70AC2FFF0B6 F-Secure = Gen:Variant.Barys.1155 VIPRE = Trojan.Win32.Generic!BT F-Prot = W32/Mediyes.D2.gen!Eldorado AVG = Agent3.BLOQ Norman = W32/Troj_Generic.BLTRO GData = Gen:Variant.Barys.1155 TheHacker = Trojan/Pirminay.rhb BitDefender = Gen:Variant.Barys.1155 NOD32 = probably a variant of Win32/Mediyes.F
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2011:12:28 20:57:13-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 147456 Initialized Data Size : 61440 Uninitialized Data Size : 0 Entry Point : 0x1363a OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-04-30 23:20:09
VirusShare info last updated 2012-07-26 02:29:13

	MD5	0b396b233e6b91d478caf1ad65ccabab
	SHA1	f4c2f13da2ff02688cd7a5759694d6ec7a845db7
	SHA256	8925182a02b6b4a145675ac3cddcdefefa5ac681ffa4cd57b0ebc1b7332e9849
SSDeep	3072:ale765kCgFtntCYkIaW/3fAiRlKxYsgFQIDIBvuIl:VvbFCIP/fhnNsgKIwu
Size	147456 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.aba.1 Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Pirminay K7AntiVirus = Riskware eTrust-Vet = Win32/Monder.A!generic TrendMicro-HouseCall = TROJ_GEN.R21CDE3 Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Artemis!0B396B233E6B DrWeb = Trojan.WinSpy.1237 TrendMicro = TROJ_GEN.R21CDE3 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Virtum!tr PCTools = Trojan.Gen Jiangmin = Trojan/Genome.assf McAfee = Artemis!0B396B233E6B F-Secure = Gen:Variant.Vundo.13 VIPRE = Virtumonde AVG = Generic22.AITF Norman = W32/Kryptik.AIF Symantec = Trojan.Gen GData = Gen:Variant.Vundo.13 BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:11:02 17:09:10-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 90112 Initialized Data Size : 90112 Uninitialized Data Size : 0 Entry Point : 0x12ed1 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-05-09 21:23:21
VirusShare info last updated 2012-07-26 02:30:46

	MD5	147f6e872c87e50c478321b9464ac750
	SHA1	1bd484e96d6b953884ba22f0cc353154b7c56ad3
	SHA256	19d6e705eb4c26d926bcc1659945bd36c2190c708b4f7a5a11b37518372c2d77
SSDeep	3072:RMOh91BrkGayD1Jr1Puea0pKepyj0S3exthNLWaztBbbNcI:PTPrnyBjjoWyfNr
Size	212992 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Mediyes nProtect = Trojan/W32.Agent.212992.AIR K7AntiVirus = Trojan VirusBuster = Trojan.Pirminay!WT4uIJ6gxDI VBA32 = Trojan.Mediyes.sh eTrust-Vet = Win32/Mediyes.A!generic TrendMicro-HouseCall = TROJ_GEN.R21CDE1 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Artemis!147F6E872C87 DrWeb = Trojan.Hosts.5800 TrendMicro = TROJ_GEN.R21CDE1 Kaspersky = Trojan.Win32.Pirminay.rfb Microsoft = Trojan:Win32/Mediyes.C Fortinet = W32/Mediyes.FA!tr Jiangmin = Trojan/Pirminay.aqj McAfee = Artemis!147F6E872C87 F-Secure = Gen:Variant.Barys.596 VIPRE = Trojan.Win32.Generic!BT F-Prot = W32/Mediyes.D.gen!Eldorado AVG = Agent3.BLOQ Norman = W32/Troj_Generic.BPIOM Sophos = Mal/Mediyes-D GData = Gen:Variant.Barys.596 Commtouch = W32/Mediyes.D.gen!Eldorado TheHacker = Trojan/Pirminay.rfb BitDefender = Gen:Variant.Barys.596 NOD32 = probably a variant of Win32/Mediyes.F
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2011:12:28 21:25:44-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 147456 Initialized Data Size : 61440 Uninitialized Data Size : 0 Entry Point : 0x1363a OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.3.0.0 Product Version Number : 2.3.0.0 File Flags Mask : 0x0017 File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Works Ltd. File Description : Workstation Service Loader File Version : 2.3.0.0 Internal Name : wssl.dll Legal Copyright : (c) 2009 Works Ltd. Original Filename : wssl.dll Product Name : Workstation Service Loader Product Version : 2.3.0.0
VirusTotal Report submitted 2012-05-06 08:32:31
VirusShare info last updated 2012-07-26 02:31:13

	MD5	15668928738c3740095593ececc070ad
	SHA1	377ea421b92201762a41eda41934d91f51ae2258
	SHA256	b358831e129127a7cfff6de5ff8671ee12ee97e0f8326b12fd9a638f38041912
SSDeep	6144:Jru7dSTOxCygPz+5TdsB0fovzFDOGhn/:JyVxj8+5NgRDD
Size	211968 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:Pirminay-CS [Trj] Ikarus = Trojan.Win32.Jorik AhnLab-V3 = Trojan/Win32.Jorik Panda = Trj/CI.A K7AntiVirus = Trojan VirusBuster = Trojan.Injector!FhbJwurWWGo VBA32 = Trojan.Jorik.Pirminay.be TrendMicro-HouseCall = TROJ_GEN.R4FC1KG Emsisoft = Trojan.Win32.Jorik!IK McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.DownLoader4.27619 TrendMicro = TROJ_GEN.R4FC1KG Kaspersky = Trojan.Win32.Jorik.Pirminay.jy Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Jorik.K!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.hxys McAfee = Generic Malware.ms ClamAV = Trojan.Jorik-425 F-Secure = Gen:Variant.Renos.106 VIPRE = Trojan.Win32.Generic!BT AVG = Dropper.Generic4.SYU Norman = W32/Kryptik.ALS Sophos = Mal/Generic-L GData = Gen:Variant.Renos.106 Symantec = Trojan.Gen TheHacker = Trojan/Injector.hzu BitDefender = Gen:Variant.Renos.106 NOD32 = a variant of Win32/Kryptik.UFA
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 16384 Initialized Data Size : 200704 Uninitialized Data Size : 0 Entry Point : 0x135e OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Txkiipzae Lwariveryos File Description : Ndcjasupc Neutral Natural Language Server Data and Code File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : NlsData0019 Legal Copyright : © Hnlgdwxrg Ynbrkqnuwos. All rights reserved. Original Filename : NlsData0019.dll Product Name : Rhipogzpn® Ppasnas® Jfyttahsm Gcoyal Product Version : 6.1.7600.16385
VirusTotal Report submitted 2012-04-30 00:12:01
VirusShare info last updated 2012-07-26 02:31:16

	MD5	2724e3e280c835f07bc44ec2335377d2
	SHA1	91cfa514e4fc020753c964f20c4e0020d22cc64d
	SHA256	40fa75f3aedb776d3a6ac0ffa07f2cb02535aa4076eff7c549a5463164dd38be
SSDeep	3072:1GvIvjNmmA2lUfxkMWqsa2wXsMLYV9J46yCsZvo3sBtY4M:VvBqxfl2h3FevZEX
Size	221184 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:Trojan-gen Ikarus = Trojan.Win32.Webprefix Panda = Suspicious file VBA32 = Trojan.Pirminay.rkf TrendMicro-HouseCall = TROJ_GEN.R21C7DN Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Webprefix!IK McAfee-GW-Edition = Artemis!2724E3E280C8 DrWeb = Trojan.Hosts.5806 TrendMicro = TROJ_GEN.R21C7DN Kaspersky = Trojan.Win32.Pirminay.rmc Microsoft = Trojan:Win32/Mediyes.C Fortinet = W32/Mediyes.FA!tr McAfee = Artemis!2724E3E280C8 F-Secure = Trojan.Generic.KDV.608347 VIPRE = Trojan.Win32.Generic!BT AVG = Agent3.BLOO Norman = W32/Troj_Generic.BIKTS GData = Trojan.Generic.KDV.608347 BitDefender = Trojan.Generic.KDV.608347 NOD32 = a variant of Win32/Mediyes.F
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2012:03:16 20:55:01-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 151552 Initialized Data Size : 65536 Uninitialized Data Size : 0 Entry Point : 0x1470a OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-04-27 05:43:31
VirusShare info last updated 2012-07-26 02:32:04

	MD5	2b8383bc91f4a8237daa63554a64e21b
	SHA1	251501086b479c735f0e1214a8881ab43d887ceb
	SHA256	293164c65cd3a1482db39a42f062f44488d2231b70f438a3969ccfc875330b30
SSDeep	3072:H0OvITjammsRlUfEy7M3UYa2hxM7Yy5uojZc5XJ8LtNWcM:UzTm+2F52XsK5aC
Size	221184 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:Trojan-gen Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Webprefix Panda = Suspicious file VBA32 = Trojan.Pirminay.rfi Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Webprefix!IK McAfee-GW-Edition = Artemis!2B8383BC91F4 DrWeb = Trojan.Hosts.5806 Kaspersky = Trojan.Win32.Pirminay.rks Microsoft = Trojan:Win32/Mediyes.C Fortinet = W32/Mediyes.F!tr Jiangmin = Trojan/Pirminay.aqo McAfee = Artemis!2B8383BC91F4 VIPRE = Trojan.Win32.Generic!BT AVG = Agent3.BLOO GData = Win32:Trojan-gen NOD32 = a variant of Win32/Mediyes.F
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2012:03:16 20:59:41-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 151552 Initialized Data Size : 65536 Uninitialized Data Size : 0 Entry Point : 0x1470a OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-04-28 07:38:58
VirusShare info last updated 2012-07-26 02:32:16

	MD5	32b48218b7afb1109a931a3516405d20
	SHA1	972d07dd2ca1a972f089a361f2da8e98d44cfa5b
	SHA256	78472ff7c22b11d92ac846e0f1036623462793c64126ea68d197d31a0e587ee5
SSDeep	3072:kXjIVVgBa3yFENN2sETOi8pusZUbUKQh+srJ1gkSpuOMy88:CIz4KN2RWu+m3QQ8JqS8
Size	109056 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Suspicious file nProtect = Trojan/W32.Vundo.109056.G K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!eFiOT1kp7bs VBA32 = AdWare.SuperJuan.xfp eTrust-Vet = Win32/Vundo.HTJ!genus TrendMicro-HouseCall = TROJ_GEN.R4FC2I7 Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Vundo McAfee-GW-Edition = Vundo!ln DrWeb = Trojan.Juan.413 TrendMicro = TROJ_GEN.R4FC2I7 Kaspersky = Trojan.Win32.Monder.ntax Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Adware/SuperJuan.gx McAfee = Vundo!ln F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.BZ.gen!Eldorado AVG = Cryptic.BVC Norman = W32/Kryptik.AIF GData = Gen:Variant.Vundo.13 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.BZ.gen!Eldorado TheHacker = Trojan/Kryptik.jgy BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.JGY
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:08:15 05:12:53-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 57344 Initialized Data Size : 88064 Uninitialized Data Size : 0 Entry Point : 0xedcd OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.3959 Product Version Number : 5.2.3790.3959 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Windows System Performance Objects DLL File Version : 5.2.3790.3959 (srv03_sp2_rtm.070216-1710) Internal Name : PERFOS.DLL Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : PERFOS.DLL Product Name : Microsoft® Windows® Operating System Product Version : 5.2.3790.3959
VirusTotal Report submitted 2012-05-09 21:28:56
VirusShare info last updated 2012-07-26 02:32:33

	MD5	34a105b3475fc6b163a8e580693194ef
	SHA1	ba214f03a5cd849d66b4e9c5089e282388c3e5cf
	SHA256	a5940a3fda718150a58829790c08d40e0fa0e16055a257c1cf41c2e0c52bff9b
SSDeep	3072:iMN3hS12rk6JyDff7qXB5aRZa9Jy8I+I1/kbVm0Qt8o2W:mcjmf6gR98j5ZmC0
Size	212992 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:Trojan-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Mediyes Panda = Trj/Genetic.gen nProtect = Trojan/W32.Agent.212992.AIR VBA32 = Trojan.Pirminay.rez eTrust-Vet = Win32/Mediyes.A!generic TrendMicro-HouseCall = TROJ_GEN.R47CDE3 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Artemis!34A105B3475F DrWeb = Trojan.Hosts.5800 TrendMicro = TROJ_GEN.R47CDE3 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Mediyes.C Fortinet = W32/Mediyes.FA!tr Jiangmin = Trojan/Pirminay.aqj McAfee = Artemis!34A105B3475F F-Secure = Gen:Variant.Barys.1155 VIPRE = Trojan.Win32.Generic!BT F-Prot = W32/Mediyes.D2.gen!Eldorado AVG = Agent3.BLOQ Norman = W32/Troj_Generic.BMTVK GData = Gen:Variant.Barys.1155 Commtouch = W32/Mediyes.D2.gen!Eldorado BitDefender = Gen:Variant.Barys.1155 NOD32 = probably a variant of Win32/Mediyes.F
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2011:12:28 22:03:59-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 147456 Initialized Data Size : 61440 Uninitialized Data Size : 0 Entry Point : 0x1363a OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-05-04 01:16:10
VirusShare info last updated 2012-07-26 02:32:37

	MD5	35c0607e6b84ed3da8cfe8d6fbe86cec
	SHA1	3c0f7912902f8a7089c63f1dbc2f939566a5e3a2
	SHA256	60c02e0184f320bb5f01be834f62caffa1f68f27d6b9655fae93b6594ecd6b8b
SSDeep	6144:bzJi8KQQjruhShnCasx5zU0ti/+sxyhO6vDptfOsXKei7z7:HtKh+hcnyzUtEhO6VtfkTz7
Size	306589 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Fakealert.39.22 Avast = Win32:Trojan-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/CI.A nProtect = Trojan.Generic.6175009 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!n6H89CPMoQA TrendMicro-HouseCall = TROJ_RENOS.BMC Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Artemis!35C0607E6B84 DrWeb = Trojan.WinSpy.1647 TrendMicro = TROJ_RENOS.BMC Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Jorik.lup McAfee = Artemis!35C0607E6B84 F-Secure = Trojan.Generic.6175009 VIPRE = Trojan.Win32.Generic!BT AVG = Generic23.MYN Norman = W32/Suspicious_Gen2.QFENA Sophos = Mal/Ponmocup-A GData = Trojan.Generic.6175009 Symantec = Trojan.Gen TheHacker = Trojan/Jorik.Pirminay.kq BitDefender = Trojan.Generic.6175009 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2005:03:22 23:15:54-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 307200 Initialized Data Size : 4096 Uninitialized Data Size : 421888 Entry Point : 0xb1f20 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.0.2179.1 Product Version Number : 5.0.2179.1 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Cjeylsnie Pjwvjmknkte File Description : Cluster Command Line Utility File Version : 5.00.2179.1 Internal Name : cluster Legal Copyright : Copyright (C) Orycczycf Corp. 1981-1999 Original Filename : cluster Product Name : Aquowkrti(R) Windows (R) 2000 Tvqfmipma Powvkd Product Version : 5.00.2179.1
VirusTotal Report submitted 2012-04-29 21:32:51
VirusShare info last updated 2012-07-26 02:32:40

	MD5	389772e491b24135a5e5349340b7ade9
	SHA1	6f2039e66d8337ddbef559ee94cafff1a9857eee
	SHA256	25695559710ec67fbe0ff40b9f0ae1a82e280150a1aff6ab7022a5984f7dc8c9
SSDeep	3072:j2xbhR16rk6xyDaElWRDNaIGIaA8yMUeIGFUr/M5fztDoYbNcIJ:wAj6AMZWMvsjM59jNr
Size	212992 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Mediyes nProtect = Trojan/W32.Agent.212992.AIR K7AntiVirus = Trojan VBA32 = Trojan.Pirminay.rez eTrust-Vet = Win32/Mediyes.A!generic Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Artemis!389772E491B2 DrWeb = Trojan.Hosts.5800 Kaspersky = Trojan.Win32.Pirminay.rfe Microsoft = Trojan:Win32/Mediyes.C Fortinet = W32/Mediyes.FA!tr Jiangmin = Trojan/Pirminay.aqj McAfee = Artemis!389772E491B2 F-Secure = Gen:Variant.Barys.596 VIPRE = Trojan.Win32.Generic!BT F-Prot = W32/Mediyes.D.gen!Eldorado AVG = Agent3.BLOQ Norman = W32/Troj_Generic.BMUGO Sophos = Mal/Mediyes-D GData = Gen:Variant.Barys.596 Commtouch = W32/Mediyes.D.gen!Eldorado TheHacker = Trojan/Pirminay.rfe BitDefender = Gen:Variant.Barys.596 NOD32 = probably a variant of Win32/Mediyes.F
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2011:12:28 22:16:22-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 147456 Initialized Data Size : 61440 Uninitialized Data Size : 0 Entry Point : 0x1363a OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.3.0.0 Product Version Number : 2.3.0.0 File Flags Mask : 0x0017 File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Works Ltd. File Description : Workstation Service Loader File Version : 2.3.0.0 Internal Name : wssl.dll Legal Copyright : (c) 2009 Works Ltd. Original Filename : wssl.dll Product Name : Workstation Service Loader Product Version : 2.3.0.0
VirusTotal Report submitted 2012-05-04 01:18:06
VirusShare info last updated 2012-07-26 02:32:48

	MD5	3d770b5c58030217411887a97765529c
	SHA1	afe8f988a5fd7f3fc7936450636436fa462383d4
	SHA256	896b18d88b7ef65eb516ba2b6b969ad5f72e0962dac4ee63b2792d22361f33c9
SSDeep	6144:V0eyo6gUt/Zs6UTiGjO+114VIgvPQ2MDNEE+sognkT3JYckCe:V0eyoByWvVg3Q9JEAonz
Size	311296 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:Kryptik-DEK [Trj] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Suspicious file nProtect = Trojan-Clicker/W32.Fakealert.311296.C VirusBuster = Trojan.Pirminay!VM4B3l6mVsY TrendMicro-HouseCall = TROJ_GEN.R4FC3HK Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falleg[Cont] McAfee-GW-Edition = Generic.dx!baqb DrWeb = Trojan.DownLoader3.32380 TrendMicro = TROJ_GEN.R4FC3HK Kaspersky = Trojan.Win32.Pirminay.ihk Microsoft = TrojanDownloader:Win32/Renos.KC Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.adu McAfee = Generic.dx!baqb F-Secure = Trojan.Generic.6148258 VIPRE = Trojan.Win32.Generic!BT AVG = Generic23.GFX Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Trojan.Generic.6148258 Symantec = Trojan.Gen TheHacker = Trojan/Pirminay.ihk BitDefender = Trojan.Generic.6148258 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:11:14 22:09:53-05:00 PE Type : PE32 Linker Version : 5.12 Code Size : 311296 Initialized Data Size : 4096 Uninitialized Data Size : 393216 Entry Point : 0xac400 OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 4.11.21.0 Product Version Number : 4.11.21.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : U.S. Robotics Ogelakbqpag File Description : 3csdpi File Version : 4. 11. 21 Internal Name : 3csdpi Legal Copyright : Copyright © 2000 U.S. Robotics Xibapwwzbst Legal Trademarks : Original Filename : 3csdpi.dll Private Build : Product Name : U.S. Robotics Modem Driver Product Version : 4. 11. 21 Special Build :
VirusTotal Report submitted 2012-05-04 04:55:42
VirusShare info last updated 2012-07-26 02:32:59

	MD5	4262b54104bf4de5f0b652b5115f1b23
	SHA1	e1c26b8d8bb5b58d035da326034d687c8ed9103d
	SHA256	ceae75ba46810767a3cb77a8bcd3f148e62d98a38bc93b695696eff375862403
SSDeep	3072:T2dhK1urk8NyD86YX2E6ba5q4JyM3+4l//axm5txzQM:vEJVMmEMu9x4b
Size	212992 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Webprefix Panda = Suspicious file nProtect = Trojan/W32.Agent.212992.AIR VBA32 = Trojan.Pirminay.rez Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Webprefix!IK McAfee-GW-Edition = Artemis!4262B54104BF DrWeb = Trojan.Hosts.5800 Microsoft = Trojan:Win32/Mediyes.C Fortinet = W32/Mediyes.FA!tr Jiangmin = Trojan/Pirminay.aqj McAfee = Artemis!4262B54104BF F-Secure = Gen:Variant.Barys.1155 VIPRE = Trojan.Win32.Generic!BT F-Prot = W32/Mediyes.D2.gen!Eldorado AVG = Agent3.BLOQ Norman = W32/Troj_Generic.BNBFS Symantec = Trojan.Gen GData = Gen:Variant.Barys.1155 TheHacker = Trojan/Pirminay.riw BitDefender = Gen:Variant.Barys.1155 NOD32 = probably a variant of Win32/Mediyes.F
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2011:12:28 21:11:31-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 147456 Initialized Data Size : 61440 Uninitialized Data Size : 0 Entry Point : 0x1363a OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-04-30 23:03:14
VirusShare info last updated 2012-07-26 02:33:12

	MD5	44f2d5a6d53ef6c0ab566de613bc016a
	SHA1	078a5598eea5fe708d320060daeb5fe5d803cb87
	SHA256	8f90a604e5f4d4b2c1efb5c5aacf3bc478ead99a569ec7864beeeba7b3ee2a28
SSDeep	6144:wvIcJzj2PbZPUL4p04u+rl9r8DvCXVY9QRACk:wv1BOPULeHYqRF
Size	236032 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.XPACK.Gen Avast = Win32:Crypt-KPK [Trj] Antiy-AVL = Trojan/Win32.Jorik Ikarus = Trojan.Win32.Jorik AhnLab-V3 = Trojan/Win32.Jorik K7AntiVirus = Trojan VirusBuster = Trojan.Kryptik!JXsMegD8+48 VBA32 = Trojan.Jorik.Pirminay.ajz TrendMicro-HouseCall = TROJ_GEN.R11C7K9 Emsisoft = Trojan.Win32.Jorik!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Jorik.Pirminay.amo McAfee-GW-Edition = Heuristic.LooksLike.Win32.FakeXPA.B DrWeb = Trojan.Fakealert.25675 TrendMicro = TROJ_GEN.R11C7K9 Kaspersky = Trojan.Win32.Jorik.Pirminay.amo Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Jorik_Pirminay.A!tr PCTools = Trojan.Gen Jiangmin = Trojan/Jorik.teo McAfee = Generic Malware.ms F-Secure = Gen:Variant.Graftor.1488 VIPRE = Trojan.Win32.Generic!BT AVG = Generic25.ADAE Norman = W32/Obfuscated.L Symantec = Trojan.Gen GData = Gen:Variant.Graftor.1488 TheHacker = Trojan/Kryptik.tyo BitDefender = Gen:Variant.Graftor.1488 NOD32 = a variant of Win32/Kryptik.TYO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 28672 Initialized Data Size : 217088 Uninitialized Data Size : 0 Entry Point : 0x153b OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.1830 Product Version Number : 5.2.3790.1830 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Ajvmqifkw Yyeaqzcwilw File Description : Remote Access AutoDial Helper File Version : 5.2.3790.1830 (srv03_sp1_rtm.050324-1447) Internal Name : rasadhlp.dll Legal Copyright : © Hltjautja Itynznljjua. All rights reserved. Original Filename : rasadhlp.dll Product Name : Ayopfgudl® Brgdfxt® Wtiguqxpk Zbrlhr Product Version : 5.2.3790.1830
VirusTotal Report submitted 2012-05-17 03:55:22
VirusShare info last updated 2012-07-26 02:33:17

	MD5	47e69c933119be3f178ae1cc030eac7d
	SHA1	df54c7dd8631534564d0a92c678cd58f09734a13
	SHA256	4050d4d9d35f8b65452a2efe5595c59484f19ad84a8e0e80d4dbac0b9e7c5ecb
SSDeep	6144:zGJvR1UHg3IWV9E0vmrx8x4DvdkxhiEi4vqwtYwI94:zGR1UmL4x8qDvKji+Cr
Size	274432 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.XPACK.Gen3 Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Vundo Panda = Trj/Genetic.gen Rising = Trojan.Win32.Generic.1288F76F nProtect = Trojan/W32.Genome.274432.D K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!cTxoSMaLvnE eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R4FC1IE Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.Smardec.77 TrendMicro = TROJ_GEN.R4FC1IE Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Genome.ahhm McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.BIER Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.13 Symantec = Trojan.Gen.2 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.llt BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.LLT
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:03:20 13:02:11-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 208896 Initialized Data Size : 94208 Uninitialized Data Size : 0 Entry Point : 0x30831 OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.0 Product Version Number : 5.2.3790.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Vnriirkvy Pzgzmklipsm File Description : Lvgbpubuh Wkxwugi Sockets 2.0 Service Provider File Version : 5.2.3790.0 (srv03_rtm.030324-2048) Internal Name : msafd.dll Legal Copyright : © Rxasimrum Xemlecbmvvo. All rights reserved. Original Filename : msafd.dll Product Name : Sqhficqmq® Jewjzty® Hinvlpseh Tkmprt Product Version : 5.2.3790.0
VirusTotal Report submitted 2012-05-10 19:49:25
VirusShare info last updated 2012-07-26 02:33:25

	MD5	4a69d8786bf58e615fec87aed422e4e5
	SHA1	87c01c4cc1a47c4db89b32f86d061d13747f550e
	SHA256	8f9f0fe0378f41942b86b3b40e40f5db28d93b89dbe7538bc581ef0fc03e195e
SSDeep	3072:8VssWq+3MWZE+fVT0Pjpp/bdZiaSZUGVb4q4GGFBHi0MvU2VtpJ8yM:TF3MG9VWppDXS3bHABHi0McCQ
Size	221184 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Mediyes Panda = Trj/Genetic.gen nProtect = Trojan/W32.Agent.221184.ACB K7AntiVirus = Trojan VBA32 = Trojan.Pirminay.rdg eTrust-Vet = Win32/Mediyes.A!generic Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Artemis!4A69D8786BF5 DrWeb = Trojan.Hosts.5792 Kaspersky = Trojan.Win32.Pirminay.rdt Microsoft = Trojan:Win32/Mediyes.C Fortinet = W32/Mediyes.FA!tr Jiangmin = Trojan/Pirminay.aqi McAfee = Artemis!4A69D8786BF5 F-Secure = Gen:Variant.Barys.1155 VIPRE = Trojan.Win32.Generic!BT F-Prot = W32/Mediyes.D2.gen!Eldorado AVG = Agent.7.G Norman = W32/Troj_Generic.BNYAH GData = Gen:Variant.Barys.1155 Commtouch = W32/Mediyes.D2.gen!Eldorado TheHacker = Trojan/Pirminay.rdo BitDefender = Gen:Variant.Barys.1155 NOD32 = a variant of Win32/Mediyes.F
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2012:03:23 00:06:38-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 151552 Initialized Data Size : 65536 Uninitialized Data Size : 0 Entry Point : 0x14a1a OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-05-09 21:32:58
VirusShare info last updated 2012-07-26 02:33:30

	MD5	4dcccef9dc37e2abed2715aa764357d3
	SHA1	73a2b78540cb108debe7a4a0a64e83ca48ff935f
	SHA256	978ff4cf8d70d1d9696870369215da879c6ce967c0c170912b03b06070222dd4
SSDeep	1536:UHJjTpttYSlsNnKZHbc1hm7BYTwB5aLDvBO9Q+ZQMkXqsnmHLIip+:Uzt/21KdReTwB5aLlO9Q+ZQMk6snmO
Size	100000 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	Avast = Win32:Pirminay-F [Trj] Ikarus = Trojan.Win32.Pirminay eTrust-Vet = Win32/Renos.CMW Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Kryp.b Microsoft = TrojanDownloader:Win32/Renos.KC Fortinet = W32/Kryptik.ANL!tr Jiangmin = Trojan/Pirminay.hq McAfee = Kryp.b AVG = Generic20.BUSR Norman = W32/Troj_Generic.dam GData = Win32:Pirminay-F TheHacker = Trojan/Pirminay.bri
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:11:30 08:45:48-05:00 PE Type : PE32 Linker Version : 5.12 Code Size : 73728 Initialized Data Size : 675840 Uninitialized Data Size : 0 Entry Point : 0x12230 OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI Warning : Error processing PE data dictionary
VirusTotal Report submitted 2012-05-11 00:21:29
VirusShare info last updated 2012-07-26 02:33:37

	MD5	503b11256129aeef26560e1b38f85297
	SHA1	6c72a9adfd04af3660502ce17f44fa2d66927e91
	SHA256	9ac074b441278aff00ea2644cbea3a75f8d6948bbf947615af4535802e6375b7
SSDeep	3072:tpI3altOdknYyDRuyrqlaNIgS3R1h9Fp+tZqRW:wG+CdA04hjc9
Size	212992 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay Panda = Trj/Genetic.gen nProtect = Trojan.Generic.KDV.607327 K7AntiVirus = Riskware VBA32 = Trojan.Pirminay.rti Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Artemis!503B11256129 DrWeb = Trojan.Hosts.5800 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Mediyes.C Fortinet = W32/Mediyes.FA!tr PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.aqr McAfee = Artemis!503B11256129 F-Secure = Trojan.Generic.KDV.607327 VIPRE = Trojan.Win32.Generic!BT F-Prot = W32/Mediyes.D2.gen!Eldorado AVG = Generic27.CLAS Norman = W32/Troj_Generic.BLKMM GData = Trojan.Generic.KDV.607327 Symantec = Trojan.Gen BitDefender = Trojan.Generic.KDV.607327 NOD32 = probably a variant of Win32/Mediyes.F
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2011:12:17 22:25:53-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 147456 Initialized Data Size : 61440 Uninitialized Data Size : 0 Entry Point : 0x1356a OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-05-02 18:55:30
VirusShare info last updated 2012-07-26 02:33:41

	MD5	6070122064de54d11d7ffcc9094fbf2a
	SHA1	a8427884e367457ec76dc4a99146b2fcfc4a5b0c
	SHA256	27d78b287d51f5986b72e98ef4653e84a1df92f89bd1c8d1524b4952b597b791
SSDeep	3072:OlBhq1srkmQyDt2xvbTeuaLikiyf0CAX1XRHyKbtiGW:luHJ4erVfDmHy1L
Size	212992 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Webprefix Panda = Trj/Genetic.gen nProtect = Trojan/W32.Agent.212992.AIR K7AntiVirus = Riskware VBA32 = Trojan.Pirminay.rez Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Webprefix!IK McAfee-GW-Edition = Artemis!6070122064DE DrWeb = Trojan.Hosts.5800 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Mediyes.C Fortinet = W32/Mediyes.FA!tr PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.aqj McAfee = Artemis!6070122064DE F-Secure = Gen:Variant.Barys.1155 VIPRE = Trojan.Win32.Generic!BT F-Prot = W32/Mediyes.D2.gen!Eldorado AVG = Agent3.BLOQ Norman = W32/Troj_Generic.BLLQL GData = Gen:Variant.Barys.1155 Symantec = Trojan.Gen BitDefender = Gen:Variant.Barys.1155 NOD32 = probably a variant of Win32/Mediyes.F
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2012:02:29 19:36:23-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 147456 Initialized Data Size : 61440 Uninitialized Data Size : 0 Entry Point : 0x1363a OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-05-02 19:01:13
VirusShare info last updated 2012-07-26 02:34:17

	MD5	6359af8cfd1700d9b36b537341f19726
	SHA1	636e913c2a7e2a25a097880b77cdd3c3e51fc837
	SHA256	de88982d2dd49d4f677dc29175a933683ee96b78b7427a2da8db296e86ee16aa
SSDeep	3072:805hq18rk+WyDV1yLbWnhav8qHEyZsSXvfEwDFkjdZRkktiZZNcI:C+nD1bYvNZb/t5kjH6PNr
Size	212992 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:Trojan-gen Ikarus = Trojan.Win32.Webprefix AhnLab-V3 = Trojan/Win32.Mediyes Panda = Generic Trojan nProtect = Trojan/W32.Agent.212992.AIR K7AntiVirus = Trojan VirusBuster = Trojan.Pirminay!IVTh24rPERU Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Webprefix!IK McAfee-GW-Edition = Artemis!6359AF8CFD17 DrWeb = Trojan.Hosts.5800 Kaspersky = Trojan.Win32.Pirminay.rfc Microsoft = Trojan:Win32/Mediyes.C Fortinet = W32/Mediyes.FA!tr Jiangmin = Trojan/Pirminay.aqj McAfee = Artemis!6359AF8CFD17 F-Secure = Gen:Variant.Barys.596 VIPRE = Trojan.Win32.Generic!BT F-Prot = W32/Mediyes.D.gen!Eldorado AVG = Agent3.BLOQ Norman = W32/Troj_Generic.BIUEV Sophos = Mal/Mediyes-D GData = Gen:Variant.Barys.596 Commtouch = W32/Mediyes.D.gen!Eldorado BitDefender = Gen:Variant.Barys.596 NOD32 = probably a variant of Win32/Mediyes.F
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2011:12:28 21:08:00-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 147456 Initialized Data Size : 61440 Uninitialized Data Size : 0 Entry Point : 0x1363a OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.3.0.0 Product Version Number : 2.3.0.0 File Flags Mask : 0x0017 File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Works Ltd. File Description : Workstation Service Loader File Version : 2.3.0.0 Internal Name : wssl.dll Legal Copyright : (c) 2009 Works Ltd. Original Filename : wssl.dll Product Name : Workstation Service Loader Product Version : 2.3.0.0
VirusTotal Report submitted 2012-04-27 05:54:27
VirusShare info last updated 2012-07-26 02:34:25

	MD5	6859ef724fb8bb4496f8fc9664a45324
	SHA1	b15e4cf970b74f1b741132f82c40d12118809e1d
	SHA256	13f0d2c5c6813def9184cfbf0f022662672162eaf949ad4507b6e1328a9bc3e1
SSDeep	3072:jsWq+kMWKE+fs40PV6WOY0Wayhj4rYiaIrjzf7YotrI6M:HFkM19sDJEySlrjr7Y6e
Size	221184 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:Trojan-gen Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay Panda = Suspicious file VBA32 = Trojan.Pirminay.rdg Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Artemis!6859EF724FB8 DrWeb = Trojan.Hosts.5792 Kaspersky = Trojan.Win32.Pirminay.rdi Microsoft = Trojan:Win32/Mediyes.C Fortinet = W32/Mediyes.FA!tr Jiangmin = Trojan/Pirminay.aqi McAfee = Artemis!6859EF724FB8 F-Secure = Gen:Variant.Barys.1155 VIPRE = Trojan.Win32.Generic!BT AVG = Agent.7.G Norman = W32/Troj_Generic.BIUYZ GData = Gen:Variant.Barys.1155 Symantec = Trojan.Gen TheHacker = Trojan/Pirminay.rdh BitDefender = Gen:Variant.Barys.1155 NOD32 = a variant of Win32/Mediyes.F
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2012:03:23 01:32:31-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 151552 Initialized Data Size : 65536 Uninitialized Data Size : 0 Entry Point : 0x14a1a OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-04-29 11:14:13
VirusShare info last updated 2012-07-26 02:34:38

	MD5	6be979d9b1d1aa127d2a5fcc26e37ef4
	SHA1	156db717715b6b2cee07fcae620fd4b72d3babb6
	SHA256	644f147ab3837b93921472432e61c08fb27aacd06a95d7077f4449c1af8a8245
SSDeep	3072:pj2qe4MWeE+fTV0PlrPEXaa64Gy4IHCg9c/NEPudtph5M:ol4Mp9Tg+f69U1c/NEGZA
Size	221184 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay Panda = Trj/CI.A nProtect = Trojan/W32.Agent.221184.ACT VBA32 = Trojan.Pirminay.rdg Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Artemis!6BE979D9B1D1 DrWeb = Trojan.Hosts.5792 Kaspersky = Trojan.Win32.Pirminay.rdu Microsoft = Trojan:Win32/Mediyes.C Fortinet = W32/Mediyes.FA!tr Jiangmin = Trojan/Pirminay.aqi McAfee = Artemis!6BE979D9B1D1 F-Secure = Trojan.Generic.KDV.608292 VIPRE = Trojan.Win32.Generic!BT AVG = Agent.7.G Norman = W32/Troj_Generic.BIVMR GData = Trojan.Generic.KDV.608292 Symantec = Trojan.Gen TheHacker = Trojan/Pirminay.rdr BitDefender = Trojan.Generic.KDV.608292 NOD32 = a variant of Win32/Mediyes.F
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2012:03:23 01:46:22-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 151552 Initialized Data Size : 65536 Uninitialized Data Size : 0 Entry Point : 0x14a1a OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-04-29 11:14:45
VirusShare info last updated 2012-07-26 02:34:47

	MD5	72a6e86f8d2ba0f4ba2d6caa240aa860
	SHA1	2e54c848b4bef96a2ca5a71d250025aabdb69cf4
	SHA256	a3c5a19493962494e9ac98d51dc0479ddca90ef678d71aa246933abba422f424
SSDeep	6144:Mbd5VpJ8BvLSg9k0tQxgneH8je//44yHG5tK+DTveZmwq+:sdLpYv2IVtK4eII/fyHGTxeZmH+
Size	317343 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Spy.317417.1 Avast = Win32:Pirminay-AX [Trj] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Tdss Panda = Suspicious file Rising = Trojan.Win32.Generic.12C3959C nProtect = Trojan.Generic.6150826 K7AntiVirus = Riskware VirusBuster = Trojan.DL.Agent!gykBjQS62E8 TrendMicro-HouseCall = TROJ_GEN.R47CCDS Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = TrojanDownloader.Ponmocup SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[Cont] McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.WinSpy.1014 TrendMicro = TROJ_GEN.R47CCDS Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.aeb McAfee = Generic Malware.ms ClamAV = Trojan.Agent-248208 F-Secure = Trojan.Generic.6150826 VIPRE = Trojan.Win32.Generic!BT eSafe = Win32.TRSpy AVG = Generic23.ISD Norman = W32/Troj_Generic.BLWKD Sophos = Troj/Virtum-Gen GData = Trojan.Generic.6150826 Symantec = Trojan.Gen TheHacker = Trojan/Pirminay.ijy BitDefender = Trojan.Generic.6150826 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:11:08 23:34:28-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 315392 Initialized Data Size : 4096 Uninitialized Data Size : 421888 Entry Point : 0xb4890 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 8 Language Code : English (U.S.) Character Set : Unicode Company Name : Tursqgktx Rwqouldyzaf File Description : MCI driver for MIDI sequencer File Version : 6.0.6000.16386 (wrglo_rtm.061101-2205) Internal Name : mciseq Legal Copyright : © Mtjpzynxn Xcomzohjmfl. All rights reserved. Original Filename : mciseq.dll Product Name : Udikhdyzn® Hxlliob® Ptzkfpizr Mdrgda Product Version : 6.0.6000.16386
VirusTotal Report submitted 2012-05-03 05:50:11
VirusShare info last updated 2012-07-26 02:35:03

	MD5	7f8302292073ee803b02fb783e725e8a
	SHA1	5a9726189f1ae0361055b3d839685dc52dc7bc40
	SHA256	1a13a6bc3268982cc295e8dbe8bbe9ef489a03b5bca7f33b684b5dca2dc3649b
SSDeep	3072:2O3Wq+pvMWmE+f7k0PXD49irhaY5357YrY5H1z9vS/3tQ23:uFNM997FFUYvv1wuy
Size	221184 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:Trojan-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Mediyes nProtect = Trojan/W32.Agent.221184.ABY K7AntiVirus = Trojan VirusBuster = Trojan.Pirminay!EDokfyotzpM VBA32 = Trojan.Pirminay.rdg Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Artemis!7F8302292073 DrWeb = Trojan.Hosts.5792 Kaspersky = Trojan.Win32.Pirminay.ref Microsoft = Trojan:Win32/Mediyes.C Fortinet = W32/Mediyes.FA!tr Jiangmin = Trojan/Pirminay.aqi McAfee = Artemis!7F8302292073 F-Secure = Trojan.Generic.KDV.609005 VIPRE = Trojan.Win32.Generic!BT F-Prot = W32/Mediyes.D.gen!Eldorado AVG = Agent.7.G Norman = W32/Troj_Generic.BIZBX Symantec = Trojan.Gen GData = Trojan.Generic.KDV.609005 Commtouch = W32/Mediyes.D.gen!Eldorado TheHacker = Trojan/Pirminay.ref BitDefender = Trojan.Generic.KDV.609005 NOD32 = a variant of Win32/Mediyes.F
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2012:03:23 00:15:08-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 151552 Initialized Data Size : 65536 Uninitialized Data Size : 0 Entry Point : 0x14a1a OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.3.0.0 Product Version Number : 2.3.0.0 File Flags Mask : 0x0017 File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Works Ltd. File Description : Workstation Service Loader File Version : 2.3.0.0 Internal Name : wssl.dll Legal Copyright : (c) 2009 Works Ltd. Original Filename : wssl.dll Product Name : Workstation Service Loader Product Version : 2.3.0.0
VirusTotal Report submitted 2012-04-29 11:19:26
VirusShare info last updated 2012-07-26 02:35:40

	MD5	823a186ed320b8b10b56fa5f936893f4
	SHA1	814ceea4f83509d58096a08f14f7a7a7bd9fc746
	SHA256	1c9e7f3608ad5afd9e545558584fba5a1f98546d91e6a6c2c2ae9f592f5ec133
SSDeep	3072:rJmAWZXxIiAnd9VbmifR9rgJ1FbEZktr2IM:J6uDVbhoFbyWW
Size	192512 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay Panda = Trj/Genetic.gen nProtect = Trojan/W32.Agent.192512.AQD K7AntiVirus = Trojan VBA32 = Trojan.Pirminay.rko Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Artemis!823A186ED320 DrWeb = Trojan.Hosts.5828 Kaspersky = Trojan.Win32.Pirminay.rkp Fortinet = W32/Mediyes.FA!tr PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.aqx McAfee = Artemis!823A186ED320 F-Secure = Gen:Variant.Barys.1155 VIPRE = Trojan.Win32.Generic!BT F-Prot = W32/Mediyes.D2.gen!Eldorado AVG = Generic27.CPQP Norman = W32/Suspicious_Gen4.ADFHH GData = Gen:Variant.Barys.1155 Symantec = Trojan.Gen BitDefender = Gen:Variant.Barys.1155
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2011:10:01 11:09:04-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 131072 Initialized Data Size : 57344 Uninitialized Data Size : 0 Entry Point : 0xfdfa OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-05-02 19:45:21
VirusShare info last updated 2012-07-26 02:35:49

	MD5	844c9ec3f28a3617b7bd8968b251c0cb
	SHA1	3b98fa2ee4e94ae1b2c781315b858f3ccb2c980f
	SHA256	967ac29d2edceff76b4cb62c0dea90c7d0f8612acc6fa52d652eba3e20d51903
SSDeep	3072:oQnvR4N5n3UbIhszzTPML6rwy3zgDeNmCdKlUMmfgHPFsirMqqDLy/O2dJm:9KNpkbUrLByXtMmfgH2rqqDLuOm
Size	184320 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-HH [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Vundo Panda = Suspicious file Rising = Trojan.Win32.Generic.1298E493 VirusBuster = Trojan.Vundo.Gen!Pac.49 eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R47C2IF Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware DrWeb = Trojan.Click1.54577 TrendMicro = TROJ_GEN.R47C2IF Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.mtxo McAfee = Vundo!lu F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) eSafe = Win32.TRVundo F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.ACTC Norman = W32/Suspicious_Gen2.QSYJP Sophos = Troj/Virtum-Gen Symantec = Trojan.Gen GData = Gen:Variant.Vundo.4 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.llt BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LLT
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2007:02:28 11:10:14-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 106496 Initialized Data Size : 118784 Uninitialized Data Size : 0 Entry Point : 0x162e2 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Disk Management DCOM Interface Stub File Version : 6.0.6000.16386 (vista_rtm.061101-2205) Internal Name : dmintf.dll Legal Copyright : Copyright© 1985-2002 Microsoft Corporation. All rights reserved. .Portions Copyright © 1997-2002 Veritas Software. All rights reserved. Original Filename : dmintf.dll Product Name : Microsoft® Windows® Operating System Product Version : 6.0.6000.16386
VirusTotal Report submitted 2012-05-02 23:21:47
VirusShare info last updated 2012-07-26 02:35:55

	MD5	8bca84dbfc1b7cf9df84d581800777bf
	SHA1	aff23830444dee5abaf6bb742c8ed410e608791f
	SHA256	8f9a7f6d1d6c047059229e64ef5af9440e83830af56a5cfc2e4ece6e6af28139
SSDeep	3072:YjvImj2mm3slUfkflQsXa8Us8zYO5mDhbBh/DKh0Kttlg5:hmKxuLK8tAch2zs
Size	221184 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Webprefix AhnLab-V3 = Trojan/Win32.Mediyes Panda = Trj/Genetic.gen VBA32 = Trojan.Pirminay.rkf eTrust-Vet = Win32/Mediyes.A!generic Emsisoft = Trojan.Win32.Webprefix!IK McAfee-GW-Edition = Artemis!8BCA84DBFC1B DrWeb = Trojan.Hosts.5806 Microsoft = Trojan:Win32/Mediyes.C Fortinet = W32/Mediyes.FA!tr Jiangmin = Trojan/Pirminay.aqw McAfee = Artemis!8BCA84DBFC1B F-Secure = Gen:Variant.Barys.1155 VIPRE = Trojan.Win32.Generic!BT F-Prot = W32/Mediyes.D2.gen!Eldorado AVG = Agent3.BLOO Norman = W32/Troj_Generic.BLOTU GData = Gen:Variant.Barys.1155 Commtouch = W32/Mediyes.D2.gen!Eldorado BitDefender = Gen:Variant.Barys.1155 NOD32 = a variant of Win32/Mediyes.F
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2012:03:16 22:14:46-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 151552 Initialized Data Size : 65536 Uninitialized Data Size : 0 Entry Point : 0x1470a OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-05-05 21:17:07
VirusShare info last updated 2012-07-26 02:36:15

	MD5	8d8fae6188c936e1b5730a6b4b541f8e
	SHA1	374d848574b56db4c534548fbfd5280640fec160
	SHA256	7a5b2d48894d5133b7b36f288697f9c3e11e4f002b5e0b362d5449bf629d02b8
SSDeep	3072:J2yhF1mrkGiyDaf79aQaRiXcyZzyfYcWM0ui7t6TY5:RMPgUBOZud5xK
Size	212992 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Webprefix AhnLab-V3 = Trojan/Win32.Mediyes Panda = Trj/Genetic.gen nProtect = Trojan/W32.Agent.212992.AIR VBA32 = Trojan.Mediyes.sh eTrust-Vet = Win32/Mediyes.A!generic Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Webprefix!IK McAfee-GW-Edition = Artemis!8D8FAE6188C9 DrWeb = Trojan.Hosts.5800 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Mediyes.C Fortinet = W32/Mediyes.FA!tr Jiangmin = Trojan/Pirminay.aqj McAfee = Artemis!8D8FAE6188C9 F-Secure = Gen:Variant.Barys.1155 VIPRE = Trojan.Win32.Generic!BT F-Prot = W32/Mediyes.D2.gen!Eldorado AVG = Agent3.BLOQ GData = Gen:Variant.Barys.1155 Commtouch = W32/Mediyes.D2.gen!Eldorado BitDefender = Gen:Variant.Barys.1155 NOD32 = probably a variant of Win32/Mediyes.F
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2012:01:23 12:36:30-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 147456 Initialized Data Size : 61440 Uninitialized Data Size : 0 Entry Point : 0x1363a OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-05-05 21:17:27
VirusShare info last updated 2012-07-26 02:36:19

	MD5	954d7c7e8cd2a27a3a8446b3df34f695
	SHA1	e220a8f4ec6f01c90ee2528bdfff6f8269ce3a66
	SHA256	3698f1842e2bad35ccaeaca0b166b942305bd1374e99b6a8c8262cdfc9eb0ffe
SSDeep	3072:sx+hl1CrkSMyDadhS2Q6faViZLxy8/yAqHs4i9ywJmm0tfocM:v4zydhBCeo8KX2XmnY
Size	212992 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:Trojan-gen Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Mediyes Panda = Trj/Genetic.gen nProtect = Trojan/W32.Agent.212992.AIR K7AntiVirus = Riskware VBA32 = Trojan.Pirminay.rez eTrust-Vet = Win32/Mediyes.A!generic Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Artemis!954D7C7E8CD2 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Mediyes.C Fortinet = W32/Mediyes.FA!tr Jiangmin = Trojan/Pirminay.aqj F-Secure = Gen:Variant.Barys.1155 F-Prot = W32/Mediyes.D2.gen!Eldorado AVG = Agent3.BLOQ GData = Gen:Variant.Barys.1155 Commtouch = W32/Mediyes.D2.gen!Eldorado TheHacker = Trojan/Pirminay.rfu BitDefender = Gen:Variant.Barys.1155 NOD32 = probably a variant of Win32/Mediyes.F
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2011:12:28 22:20:45-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 147456 Initialized Data Size : 61440 Uninitialized Data Size : 0 Entry Point : 0x1363a OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-05-07 21:44:25
VirusShare info last updated 2012-07-26 02:36:38

	MD5	a59d104340996ac74fcb9f3eb9bd30b4
	SHA1	19484e0a945458e090b070dd08f696dea29cd99d
	SHA256	87ff7276d5abe09929854c1b42e454a7a25e749a23773413d058b6f3b65ce493
SSDeep	6144:b0eyo6gUt/Zs6UTiGjO+114VIgvPQ2MDNEE+sognkT3JYckCe:b0eyoByWvVg3Q9JEAonz
Size	311296 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:Kryptik-DEK [Trj] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Suspicious file nProtect = Trojan-Clicker/W32.Fakealert.311296.C VirusBuster = Trojan.Pirminay!VM4B3l6mVsY TrendMicro-HouseCall = TROJ_GEN.R4FC3GG Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falleg[Cont] McAfee-GW-Edition = Generic.dx!bapx DrWeb = Trojan.DownLoader3.32380 TrendMicro = TROJ_GEN.R4FC3GG Kaspersky = Trojan.Win32.Pirminay.ihk Microsoft = TrojanDownloader:Win32/Renos.KC Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.adu McAfee = Generic.dx!bapx F-Secure = Trojan.Generic.6148258 VIPRE = Trojan.Win32.Generic!BT AVG = Generic23.GFX Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Trojan.Generic.6148258 Symantec = Trojan.Gen TheHacker = Trojan/Pirminay.ihk BitDefender = Trojan.Generic.6148258 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:11:14 22:09:53-05:00 PE Type : PE32 Linker Version : 5.12 Code Size : 311296 Initialized Data Size : 4096 Uninitialized Data Size : 393216 Entry Point : 0xac400 OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 4.11.21.0 Product Version Number : 4.11.21.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : U.S. Robotics Ogelakbqpag File Description : 3csdpi File Version : 4. 11. 21 Internal Name : 3csdpi Legal Copyright : Copyright © 2000 U.S. Robotics Xibapwwzbst Legal Trademarks : Original Filename : 3csdpi.dll Private Build : Product Name : U.S. Robotics Modem Driver Product Version : 4. 11. 21 Special Build :
VirusTotal Report submitted 2012-04-29 03:25:49
VirusShare info last updated 2012-07-26 02:37:15

	MD5	abf0814452e76e96e1a349bb37b65ccb
	SHA1	89e0d10dc3a30026dabab96da995ee93fda4d203
	SHA256	c3a0046c391e500c931e15fa207aa25739b06a70657b962717ba05ce0729bc81
SSDeep	6144:TTNP6KfUYq2NT27kPSb8iGzZwf7t/VwpALbN6ehVvQB7YHZaTFVSek3lnxiVy5:Z6UlJ27ASblKZct/V4WbZQ8eSlnxp
Size	416768 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.XPACK.Gen Avast = Win32:Pirminay-AO [Trj] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.FakeAV nProtect = Trojan/W32.Agent.416768.BI VirusBuster = Trojan.Pirminay!8TCDfMRiUeY TrendMicro-HouseCall = TROJ_PIRM.SMUT Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Generic.dx!baqu DrWeb = Trojan.DownLoader3.60604 TrendMicro = TROJ_PIRM.SMUT Kaspersky = Trojan.Win32.Pirminay.iiv Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.adz McAfee = Generic.dx!baqu F-Secure = Trojan.Generic.6151391 VIPRE = Trojan.Win32.Generic!BT AVG = Generic23.IPT Norman = W32/Suspicious_Gen2.MVYRT Symantec = Trojan.Gen GData = Trojan.Generic.6151391 TheHacker = Trojan/Pirminay.iiv BitDefender = Trojan.Generic.6151391 NOD32 = a variant of Win32/Kryptik.NQS
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2007:02:15 02:15:16-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 417792 Initialized Data Size : 4096 Uninitialized Data Size : 565248 Entry Point : 0xf0020 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.4.2600.0 Product Version Number : 6.4.2600.0 File Flags Mask : 0x30003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Windows, Latin1 Company Name : Rlkjoovld Plnpgtjdwrn File Description : DirectShow ASF Support. File Version : 6.04.2600.0 Internal Name : QASF.dll Legal Copyright : Copyright (C) 1992-2001 Xntnmrcsw Corp. Original Filename : QASF.dll Product Name : DirectShow Product Version : 6.04.2600.0 Direct Show : Core OLE Self Register : DXM20
VirusTotal Report submitted 2012-04-29 23:02:59
VirusShare info last updated 2012-07-26 02:37:28

	MD5	adca43a2b4a444b83b8d3cc958592a29
	SHA1	066c2b605a9ebe286426569d10d28b09be561ca5
	SHA256	5c875f574db0732702c50709aa7fd37a478cabe3c626df1bcfc4d60c82b9e7c0
SSDeep	1536:gEEZb2N2eade2rh6gzPmiDJNUh/4DkIygDAubGl4xeVE0KyJrUDgiLN+wPqXcgUb:4ZbfGgpDzUhAoACKr0KM3WnSXcgxxlV
Size	114688 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.307200 Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Trj/Genetic.gen Rising = Trojan.Win32.Generic.12A01875 nProtect = Trojan/W32.Vundo.114688 K7AntiVirus = Riskware VirusBuster = Trojan.Monder!xlErCJdHe/o VBA32 = Trojan.Monder.drjy eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_SPNR.15KH11 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Vundo!mc DrWeb = Trojan.Virtumod.9883 TrendMicro = TROJ_SPNR.15KH11 Kaspersky = Trojan.Win32.Monder.drjy Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Monder.abli McAfee = Vundo!mc ClamAV = Trojan.Vundo-37592 F-Secure = Gen:Variant.Vundo.4 VIPRE = Virtumonde eSafe = Win32.TRVundo F-Prot = W32/Virtumonde.CD.gen!Eldorado AVG = Generic22.BNJE Norman = W32/Kryptik.AIF Sophos = Mal/Generic-L GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CD.gen!Eldorado TheHacker = Trojan/Kryptik.ndp BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.NDP
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:09:30 09:06:57-04:00 PE Type : PE32 Linker Version : 5.12 Code Size : 61440 Initialized Data Size : 94208 Uninitialized Data Size : 0 Entry Point : 0xbed5 OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.0.2163.1 Product Version Number : 5.0.2163.1 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Yexmzwzgt Xuzfxidzbkv File Description : Fax routing extension File Version : 5.00.2163.1 Internal Name : routeext.dll Legal Copyright : Copyright (C) Whobakcht Corp. 1981-1999 Original Filename : routeext.dll Product Name : Xjpbsxesg(R) Qujgfpc (R) 2000 Zcxtaejjv Halffi Product Version : 5.00.2163.1
VirusTotal Report submitted 2012-05-07 03:37:31
VirusShare info last updated 2012-07-26 02:37:33

	MD5	b313a492265969e85e5ef6fc448cd1a1
	SHA1	308c605cc8d9c795359397172c5ad12ffc37126d
	SHA256	543cbb306f9baf310f0b05dddec222e958b9ed53b69a21d58facaefe3a5923a1
SSDeep	3072:AOthS1orkJ5yDOzEpZpKEa3iAny1A+AYUn9k6XpH6HFtQwcM:MO0ZqKtE1zkps4Q
Size	212992 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:Trojan-gen Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Webprefix AhnLab-V3 = Trojan/Win32.Mediyes Panda = Trj/Genetic.gen nProtect = Trojan/W32.Agent.212992.AIR VBA32 = Trojan.Pirminay.rez eTrust-Vet = Win32/Mediyes.A!generic Emsisoft = Trojan.Win32.Webprefix!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Artemis!B313A4922659 DrWeb = Trojan.Hosts.5800 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Mediyes.C Fortinet = W32/Mediyes.FA!tr Jiangmin = Trojan/Pirminay.aqj McAfee = Artemis!B313A4922659 F-Secure = Gen:Variant.Barys.1155 VIPRE = Trojan.Win32.Generic!BT F-Prot = W32/Mediyes.D2.gen!Eldorado AVG = Agent3.BLOQ GData = Gen:Variant.Barys.1155 Commtouch = W32/Mediyes.D2.gen!Eldorado TheHacker = Trojan/Pirminay.rfp BitDefender = Gen:Variant.Barys.1155 NOD32 = probably a variant of Win32/Mediyes.F
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2011:12:28 22:38:18-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 147456 Initialized Data Size : 61440 Uninitialized Data Size : 0 Entry Point : 0x1363a OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-05-06 18:36:07
VirusShare info last updated 2012-07-26 02:37:44

	MD5	b7008dbb7346f22eb04135edcfa87790
	SHA1	b62987a82452a1c08130faa76ede9696215eb719
	SHA256	3b1a1aa1d3a18d81ce5c0d3df44d94c2f90d753d498cd762a6b2131182b060f7
SSDeep	3072:792qecMWCE+f5k0PO+/JHQaSAN18HYviFCEWjtjHmNM:clcM995AABSRwEWFHD
Size	221184 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:Trojan-gen Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay nProtect = Trojan/W32.Agent.221184.ACI VBA32 = Trojan.Pirminay.rdg Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Artemis!B7008DBB7346 DrWeb = Trojan.Hosts.5792 Kaspersky = Trojan.Win32.Pirminay.rdy Microsoft = Trojan:Win32/Mediyes.C Fortinet = W32/Mediyes.F!tr Jiangmin = Trojan/Pirminay.aqi McAfee = Artemis!B7008DBB7346 F-Secure = Trojan.Generic.KDV.591775 VIPRE = Trojan.Win32.Generic!BT AVG = Generic27.BSSP GData = Trojan.Generic.KDV.591775 TheHacker = Trojan/Pirminay.rdx BitDefender = Trojan.Generic.KDV.591775 NOD32 = a variant of Win32/Mediyes.F
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2012:03:23 01:15:08-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 151552 Initialized Data Size : 65536 Uninitialized Data Size : 0 Entry Point : 0x14a1a OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-04-29 11:23:40
VirusShare info last updated 2012-07-26 02:37:54

	MD5	b88de2cca30d3a90a9e196d280336733
	SHA1	37e82a863de7ac9d4290f532f7e3ff9cc161c777
	SHA256	85fb11e5bb510df9ec69f090f601dfb1ee90fff0bd4bf042c7a772713ab41126
SSDeep	1536:Fdmc6ge8S0/gpbue8UaYx6dmj8oGt+VoDUfpWIqCVRWB53r4CrG0UaDWgIIOm:Fcc6yLe8F06YIR+VoDipWUPWB5kCrG09
Size	82432 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:MalOb-HH [Cryp] Ikarus = Trojan.ATRAPS AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/Genetic.gen nProtect = Trojan/W32.Pirminay.82432 K7AntiVirus = Riskware VirusBuster = Trojan.Monder!d+i4IC7s05k VBA32 = Trojan.Pirminay.aqi eTrust-Vet = Win32/Vundo.HQJ TrendMicro-HouseCall = TROJ_GEN.R4FC1I8 Emsisoft = Trojan.ATRAPS!IK CAT-QuickHeal = Trojan.Vundo.Gen SUPERAntiSpyware = Trojan.Agent/Gen-Vundo McAfee-GW-Edition = Artemis!B88DE2CCA30D DrWeb = Trojan.Siggen2.13811 TrendMicro = TROJ_GEN.R4FC1I8 Kaspersky = Trojan.Win32.Monder.drjy Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Monder.BMF!tr PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.eh McAfee = Artemis!B88DE2CCA30D F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.BZ.gen!Eldorado AVG = Generic27.CAQA Norman = W32/Kryptik.AIF GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.BZ.gen!Eldorado TheHacker = Trojan/Pirminay.axd BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.ITN
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2002:08:09 13:59:32-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 72192 Initialized Data Size : 46592 Uninitialized Data Size : 0 Entry Point : 0x12787 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.1106 Product Version Number : 5.1.2600.1106 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : DLL Interface to TermDD Device Driver File Version : 5.1.2600.1106 (xpsp1.020828-1920) Internal Name : icaapi.dll Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : icaapi.dll Product Name : Microsoft® Windows® Operating System Product Version : 5.1.2600.1106
VirusTotal Report submitted 2012-05-10 20:10:10
VirusShare info last updated 2012-07-26 02:37:57

	MD5	bade5caee65906ba4dde9127245439e4
	SHA1	baf3635abec6b8fecb9b7ec2aa764d72af8e6a08
	SHA256	37167eb882f5369e404d91ffa62dbc24f7152e771ac8ef36c4a8b60c30542fb4
SSDeep	1536:77+7r2Jfl8PgbPSQNeWj24G0XLxaWRt93X6N4GPNN7DxHdb14ATQcd+ED:+fAl8PgbPSQo6bXLxJtx3GlN7tHBdr+E
Size	91648 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Generic Trojan nProtect = Trojan/W32.Agent.91648.PM K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!nfRpXjJbGsc VBA32 = AdWare.SuperJuan.aazx eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R4FC2GJ Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Vundo!lh DrWeb = Trojan.Virtumod.10268 TrendMicro = TROJ_GEN.R4FC2GJ Kaspersky = Trojan.Win32.Monder.nroz Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Menti.fam!tr PCTools = Trojan.Gen McAfee = Vundo!lh F-Secure = Trojan.Generic.7460219 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Cryptic.BQF Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Trojan.Generic.7460219 Symantec = Trojan.Gen.2 Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Trojan.Generic.7460219 NOD32 = a variant of Win32/Kryptik.IZC
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:06:10 07:21:15-04:00 PE Type : PE32 Linker Version : 5.12 Code Size : 47104 Initialized Data Size : 80384 Uninitialized Data Size : 0 Entry Point : 0xc4d4 OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.5479.0 Product Version Number : 6.0.5479.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 1 Language Code : English (U.S.) Character Set : Unicode Company Name : SEIKO EPSON CORPORATION File Description : EPSON Printer Driver File Version : 6.0.5479.0 (vbl_wcp_d2_drivers.060616-1619) Internal Name : EP0NAR00.DLL Legal Copyright : Copyright (c) SEIKO EPSON CORPORATION 2004. All rights reserved. Original Filename : EP0NAR00.DLL Product Name : EPSON Printer Driver Product Version : 6.0.5479.0
VirusTotal Report submitted 2012-04-28 08:13:33
VirusShare info last updated 2012-07-26 02:38:01

	MD5	c22b7b787a10e9f10b4bbaf48f2d502e
	SHA1	b85bbd494b985b77c4e3b4140c7677bf327619d4
	SHA256	2101eeccd59777dc60e3d3719ed0e13eb5b7183e1011975cdb37ac9abc3ebce7
SSDeep	3072:sO7sVP1Oe8xtxo/agxHZayWXJ+VUdcyXAlnh7Z8Zr+xuSUdm:sjfOprgVzyXgh12S
Size	169472 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.307200 Avast = Win32:MalOb-GD [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Genome Panda = Suspicious file K7AntiVirus = Riskware eTrust-Vet = Win32/Vundo.H!generic Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Artemis!C22B7B787A10 DrWeb = Trojan.Smardec.82 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr McAfee = Artemis!C22B7B787A10 F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CD.gen!Eldorado AVG = Generic22.UEE Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.13 Commtouch = W32/Virtumonde.CD.gen!Eldorado BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.LLT
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:12:07 08:18:18-05:00 PE Type : PE32 Linker Version : 5.12 Code Size : 118784 Initialized Data Size : 94208 Uninitialized Data Size : 0 Entry Point : 0x1a675 OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 4.30.62.2 Product Version Number : 4.30.62.2 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Intel Dorrzbwvtgm. File Description : Intel Indeo® Video Interactive Quick Compressor File Version : 4.30.62.02 Internal Name : ir41_qc Legal Copyright : Copyright© Intel Sjwyirasojb 1994-1997 Legal Trademarks : Indeo® is a registered trademark of Intel Lhiyzdfsvyz Original Filename : ir41_qc.dll Product Name : Intel Indeo® Video Interactive Quick Compressor Product Version : 4.30.62.02
VirusTotal Report submitted 2012-05-05 07:30:00
VirusShare info last updated 2012-07-26 02:38:14

	MD5	c8c801c4b3f04c220be76b10250394c2
	SHA1	7a9a4230c86fe7d4207aebd6fe357a76d8d86e69
	SHA256	3c30bfa639e254f1b65a39a77ef3ee4de142e1592f482223c0a9991965cfa3c7
SSDeep	3072:uBOkOTAXQSao4lmaO1yOsLxxNlchKFYPih:uHcAASahl3O1WUhKf
Size	139264 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.AV.102 Avast = Win32:MalOb-GD [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Suspicious file nProtect = Trojan/W32.Vundo.139264.T K7AntiVirus = Trojan VirusBuster = Adware.Virtumonde!MmQJwnwDdPs eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R26C1E1 Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Artemis!C8C801C4B3F0 DrWeb = Trojan.Virtumod.9935 TrendMicro = TROJ_GEN.R26C1E1 Kaspersky = Trojan.Win32.Monder.drjy Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Monder.aaru McAfee = Artemis!C8C801C4B3F0 F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CD.gen!Eldorado AVG = Generic22.AQTQ Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.13 Symantec = Trojan.Gen.2 Commtouch = W32/Virtumonde.CD.gen!Eldorado BitDefender = Gen:Variant.Vundo.13 NOD32 = Win32/Adware.Virtumonde.NHD
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:06:28 05:56:38-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 86016 Initialized Data Size : 86016 Uninitialized Data Size : 0 Entry Point : 0x12799 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1.3.1.1 Product Version Number : 1.3.1.1 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Windows, Latin1 Company Name : Xerox File Description : Xerox WorkCentre Pro File Version : 1.03.01.1 Legal Copyright : © 2000-2006 Xerox Legal Trademarks : Xerox®, WorkCentre/Pro Original Filename : XRWCTMGT.DLL Product Name : Xerox WorkCentre/Pro Product Version : 1.03.01.1 2006.08.26
VirusTotal Report submitted 2012-05-07 21:50:38
VirusShare info last updated 2012-07-26 02:38:26

	MD5	c9e60edf258fd971c6f39eeac3a58798
	SHA1	30a73b4bc29e7b8f4076a2758c077f54589fec0a
	SHA256	ff8e9de0c31e620522f86482fd39508a19a91d23e4b697370e7757fc5cba6f28
SSDeep	3072:b96qTFef12NyqBxu2n57ZPNMayXT8DePC2U+l0MqqDLy/AK9yw:b9NTFetKbuuFPWa7DUUAqqDLuR9
Size	208896 bytes
File Type	MS-DOS executable
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay Panda = Trj/CI.A K7AntiVirus = Riskware eTrust-Vet = Win32/Vundo.H!generic Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Artemis!C9E60EDF258F DrWeb = Trojan.WinSpy.1558 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr McAfee = Artemis!C9E60EDF258F F-Secure = Trojan.Generic.KDV.610648 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.IHD Norman = W32/Troj_Generic.BLYIE Sophos = Troj/Virtum-Gen GData = Trojan.Generic.KDV.610648 Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Trojan.Generic.KDV.610648 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	Error : Unknown file type
VirusTotal Report submitted 2012-04-30 03:49:50
VirusShare info last updated 2012-07-26 02:38:28

	MD5	cb9053a96092b96636a131416baced8d
	SHA1	743d20bf77293113b16ba996d6cdda5c162b0ad5
	SHA256	b7fd0ccd4ff94e47c32c8b9cbc3fc5ab1b609a4e4f5193c490c4fa87e0c71d17
SSDeep	3072:0231hN1hrkyqyDTa2m233a0DS1hyE8SvTP1J6cBLdG74LKjtzM4M:dpT7xaaqSEb1B9qo
Size	212992 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Mediyes Panda = Trj/Genetic.gen nProtect = Trojan/W32.Agent.212992.AIR VBA32 = Trojan.Pirminay.rez eTrust-Vet = Win32/Mediyes.A!generic Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware DrWeb = Trojan.Hosts.5800 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Mediyes.C Fortinet = W32/Mediyes.FA!tr Jiangmin = Trojan/Pirminay.aqj F-Secure = Gen:Variant.Barys.1155 VIPRE = Trojan.Win32.Generic!BT F-Prot = W32/Mediyes.D2.gen!Eldorado AVG = Agent3.BLOQ GData = Gen:Variant.Barys.1155 Commtouch = W32/Mediyes.D2.gen!Eldorado TheHacker = Trojan/Pirminay.rfl BitDefender = Gen:Variant.Barys.1155 NOD32 = probably a variant of Win32/Mediyes.F
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2011:12:28 21:04:28-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 147456 Initialized Data Size : 61440 Uninitialized Data Size : 0 Entry Point : 0x1363a OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-05-06 18:41:28
VirusShare info last updated 2012-07-26 02:38:32

	MD5	ce1bac35a766e1410929006104f2f013
	SHA1	9d23258613dbfaa299a47830b0c3e5130f1e0921
	SHA256	2c8fbf08e3fe71315ff29d9d59561f2c494e5af3435b25cafdb0ed4549a55dc4
SSDeep	384:/K1ZKqdOLwNWINrmrLHMRDYf+Yw9sbEIjT2TPOCMY32n2P5fIDGtGKXMjtGtVdP/:/K1VdWHUSatIjYj5XsTA1O55y
Size	32768 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Spy.Gen Avast = Win32:Pirminay-EE [Trj] Ikarus = not-a-virus:AdWare.Win32.SuperJuan AhnLab-V3 = Trojan/Win32.Variant Panda = Suspicious file VirusBuster = Trojan.Ponmocup!HmXGOr307QA Comodo = UnclassifiedMalware Emsisoft = Riskware.AdWare.Win32.SuperJuan!IK McAfee-GW-Edition = Artemis!CE1BAC35A766 DrWeb = Trojan.WinSpy.1558 Kaspersky = not-a-virus:AdWare.Win32.SuperJuan.heur Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Ponmocup.AA Jiangmin = Adware/SuperJuan.hk McAfee = Artemis!CE1BAC35A766 F-Secure = Gen:Variant.Vundo.10 VIPRE = Virtumonde AVG = Generic_s.CL GData = Gen:Variant.Vundo.10 BitDefender = Gen:Variant.Vundo.10 NOD32 = a variant of Win32/Ponmocup.AA
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 8192 Initialized Data Size : 23552 Uninitialized Data Size : 0 Entry Point : 0x2f2a OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-05-07 21:52:12
VirusShare info last updated 2012-07-26 02:38:38

	MD5	ebe91ea22eb6fc41fece544119bdb0cd
	SHA1	79405b2c7891fc350fffee50b82299b0b8dcc764
	SHA256	9655c635dd8e12b06850359f632d2315c8ccf9d73e742c2ea909b810a1e1b17c
SSDeep	3072:FQWq+QMWGE+fhB20Pr+noCxXaYEt4L4bUPVUWK7oeottJ8OM:5FQMB9hBjmxKYPhvK7oe4M
Size	221184 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:Trojan-gen Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay Panda = Trj/Genetic.gen nProtect = Trojan/W32.Agent.221184.ACB K7AntiVirus = Trojan VBA32 = Trojan.Pirminay.rdg Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK DrWeb = Trojan.Hosts.5792 Kaspersky = Trojan.Win32.Pirminay.rdk Microsoft = Trojan:Win32/Mediyes.C Fortinet = W32/Mediyes.FA!tr Jiangmin = Trojan/Pirminay.aqi McAfee = Artemis!EBE91EA22EB6 F-Secure = Trojan.Generic.KDV.607345 VIPRE = Trojan.Win32.Generic!BT F-Prot = W32/Mediyes.D2.gen!Eldorado AVG = Generic27.BSVS Norman = W32/Troj_Generic.BLTDP GData = Trojan.Generic.KDV.607345 Symantec = WS.Reputation.1 TheHacker = Trojan/Pirminay.rdj BitDefender = Trojan.Generic.KDV.607345 NOD32 = a variant of Win32/Mediyes.F
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2012:03:23 00:56:06-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 151552 Initialized Data Size : 65536 Uninitialized Data Size : 0 Entry Point : 0x14a1a OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-05-02 20:32:07
VirusShare info last updated 2012-07-26 02:39:42

	MD5	fef76ebed4adf6fcb783b4ddc7d0158f
	SHA1	8ad5653bf7aa152cda495e737b3d3a1faa059631
	SHA256	500dcb9ba77a1bb2653e234dd31ca877ede770999306f2ff96c1377416d5eae7
SSDeep	3072:o8hhV1irkijyD8o1GMK/aW6Y5yMnyoFjPKdZapzm5t+AbNcIN:R4LroKipMy2CaJDUNrN
Size	212992 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Mediyes nProtect = Trojan/W32.Agent.212992.AIR K7AntiVirus = Trojan VirusBuster = Trojan.Mediyes!CCl6xr+GWhA VBA32 = Trojan.Pirminay.rez Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Artemis!FEF76EBED4AD DrWeb = Trojan.Hosts.5800 Kaspersky = Trojan.Win32.Pirminay.rfs Microsoft = Trojan:Win32/Mediyes.C Fortinet = W32/Mediyes.FA!tr PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.aqj McAfee = Artemis!FEF76EBED4AD F-Secure = Gen:Variant.Barys.596 VIPRE = Trojan.Win32.Generic!BT F-Prot = W32/Mediyes.D.gen!Eldorado AVG = Agent3.BLOQ Norman = W32/Troj_Generic.BLVVY Sophos = Mal/Mediyes-D GData = Gen:Variant.Barys.596 Symantec = Trojan.Gen Commtouch = W32/Mediyes.D.gen!Eldorado TheHacker = Trojan/Pirminay.rfs BitDefender = Gen:Variant.Barys.596 NOD32 = probably a variant of Win32/Mediyes.F
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2011:12:28 21:46:56-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 147456 Initialized Data Size : 61440 Uninitialized Data Size : 0 Entry Point : 0x1363a OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.3.0.0 Product Version Number : 2.3.0.0 File Flags Mask : 0x0017 File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Works Ltd. File Description : Workstation Service Loader File Version : 2.3.0.0 Internal Name : wssl.dll Legal Copyright : (c) 2009 Works Ltd. Original Filename : wssl.dll Product Name : Workstation Service Loader Product Version : 2.3.0.0
VirusTotal Report submitted 2012-05-02 20:37:28
VirusShare info last updated 2012-07-26 02:40:30

	MD5	115008f3e7959a7e7bbab1187eb5d181
	SHA1	0a3ad657db3a7c5c29431026ab29f789d9b57abc
	SHA256	109068964f9c964e0fce246978672f074e85cd0f14aa454fec17990bb26280ca
SSDeep	3072:HnVMLkLTiQwublQEP21GlzjyJcwvTj2MRj:CLazZQEO1I6sM9
Size	108032 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-GD [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Genome Panda = Suspicious file K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!/YF3eMQHy60 eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R4FC1KM Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.Smardec.76 TrendMicro = TROJ_GEN.R4FC1KM Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Genome.akxn McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CD.gen!Eldorado AVG = Generic22.BYHN Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.13 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CD.gen!Eldorado BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.OXQ
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:06:19 13:18:21-04:00 PE Type : PE32 Linker Version : 5.12 Code Size : 57344 Initialized Data Size : 94208 Uninitialized Data Size : 0 Entry Point : 0xad49 OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Btxmalesx Qspoakhbhnb File Description : Shell scrap object handler File Version : 5.1.2600.0 (nfunjbyq.010817-1148) Internal Name : shole Legal Copyright : © Hcsqowbmc Gehywoayxwc. All rights reserved. Original Filename : SHSCRAP.DLL Product Name : Usvzfyxox® Bydffez® Makrhcoel Kkzetx Product Version : 5.1.2600.0
VirusTotal Report submitted 2012-04-30 22:59:06
VirusShare info last updated 2012-07-26 02:41:55

	MD5	16f39ca0cb8acc846ded74718ffc640a
	SHA1	1219354210a23d9f722c54f96f0a8ed37406ff48
	SHA256	e9d4ecb98703b71da75464360719b6c67202bd5c87700c971088c915f64cd436
SSDeep	768:b/SCMkuFRaRzdTqZG8r1oT5NQoqQ2RTVut9y90q5W1yRM6/dT1bb1vaBfBof:tnzdTqHodN3qQcSS5W1yiWhvwB
Size	106496 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/Win32.Monder.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Variant.106496.CH Panda = Suspicious file K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_GEN.R21CDDS Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Win32.Trojan.Monder.cc.5 McAfee-GW-Edition = Artemis!16F39CA0CB8A DrWeb = Trojan.Smardec.76 TrendMicro = TROJ_GEN.R21CDDS Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Monder.BMF!tr Jiangmin = Trojan/Generic.ipss McAfee = Artemis!16F39CA0CB8A F-Secure = Gen:Variant.Vundo.13 VIPRE = Virtumonde AVG = Generic22.ACPU Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.13 TheHacker = Trojan/Kryptik.ndc BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.NDC
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:11:03 15:11:13-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 20480 Initialized Data Size : 118784 Uninitialized Data Size : 0 Entry Point : 0x285e OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-05-02 18:38:12
VirusShare info last updated 2012-07-26 02:42:10

	MD5	19f2e73e9adc1265760b6aebbdd8e762
	SHA1	b174b98dedb1a50e7d39a215739d3e0f1e2357c4
	SHA256	aaf1dbaa6f81f14ca18ed05ef18eac0c18765ddc62550dcc1d5fc5187f44cc68
SSDeep	3072:jsWq+kMWKE+fs40PV6WOY0Wayhj4rYiaIrjzf7YotrIgM:HFkM19sDJEySlrjr7Y6c
Size	221184 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:Trojan-gen Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay Panda = Trj/Genetic.gen Rising = Trojan.Win32.Generic.12C3FCAF K7AntiVirus = Trojan VBA32 = Trojan.Pirminay.rdg TrendMicro-HouseCall = TROJ_GEN.R21CDDM Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Artemis!19F2E73E9ADC DrWeb = Trojan.Hosts.5792 TrendMicro = TROJ_GEN.R21CDDM Kaspersky = Trojan.Win32.Pirminay.rdi Microsoft = Trojan:Win32/Mediyes.C Fortinet = W32/Pirminay.RDI!tr PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.aqi McAfee = Artemis!19F2E73E9ADC F-Secure = Gen:Variant.Barys.1155 VIPRE = Trojan.Win32.Generic!BT F-Prot = W32/Mediyes.D2.gen!Eldorado AVG = Agent.7.G Norman = W32/Troj_Generic.BLGSI GData = Gen:Variant.Barys.1155 Symantec = Trojan.Gen TheHacker = Trojan/Pirminay.rdh BitDefender = Gen:Variant.Barys.1155 NOD32 = a variant of Win32/Mediyes.F
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2012:03:23 01:32:31-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 151552 Initialized Data Size : 65536 Uninitialized Data Size : 0 Entry Point : 0x14a1a OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-05-02 18:38:31
VirusShare info last updated 2012-07-26 02:42:18

	MD5	1c63866f26dc9c5e84d98f0aee84072b
	SHA1	b92ad4510a4cc5d46b9aff1da0cb12418495f5a8
	SHA256	8c54ef3dd104e4c21651c63eac6983ecb1028bf4e05c3f894cbea539130db0ff
SSDeep	3072:QKXk/Ov0aljMqqDLy/39JylPxsI3ToTR8:wcUqqDLutJOz3sd
Size	110592 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-HF [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Suspicious file K7AntiVirus = Riskware VirusBuster = Trojan.Monder!dgrWTtD+6VA eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R4FC2I7 Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.WinSpy.1558 TrendMicro = TROJ_GEN.R4FC2I7 Kaspersky = Trojan.Win32.Monder.drjy Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.16 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.LPD Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.16 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Monder.drjy BitDefender = Gen:Variant.Vundo.16 NOD32 = a variant of Win32/Kryptik.OXQ
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2005:04:06 18:39:13-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 36864 Initialized Data Size : 118784 Uninitialized Data Size : 0 Entry Point : 0x556e OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Beicdpcut Mnzzaarjswe File Description : Ohdhkiw Sockets Helper DLL for PGM File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : wshrm.dll Legal Copyright : © Xqsuraizv Haciwdbykys. All rights reserved. Original Filename : wshrm.dll Product Name : Csunswwxs® Allcnel® Hxozugebj Izsnff Product Version : 6.1.7600.16385
VirusTotal Report submitted 2012-05-09 21:25:23
VirusShare info last updated 2012-07-26 02:42:24

	MD5	224c5dca8a9f365aba607ee0911fe11d
	SHA1	9263985857895b20ca14a0629be2cae3f5fc38c3
	SHA256	43a02dab7a0673eba0ca14fe00ea2916fe6d06d261b07166ecb0256cb0862cad
SSDeep	3072:BGVvIHj8immTQlUfcJDTzpamAlNs4cs5ZOsaK7udggzfGt+4Ln:AaHIiNKRQmA35XCR90
Size	221184 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Webprefix Panda = Trj/Genetic.gen K7AntiVirus = Riskware VBA32 = Trojan.Pirminay.rfi TrendMicro-HouseCall = TROJ_GEN.R21C7DR Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Webprefix!IK McAfee-GW-Edition = Artemis!224C5DCA8A9F DrWeb = Trojan.Hosts.5806 TrendMicro = TROJ_GEN.R21C7DR Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Mediyes.C Fortinet = W32/Mediyes.FA!tr PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.aqy McAfee = Artemis!224C5DCA8A9F F-Secure = Gen:Variant.Barys.1155 VIPRE = Trojan.Win32.Generic!BT F-Prot = W32/Mediyes.D2.gen!Eldorado AVG = Agent3.BLOO Norman = W32/Troj_Generic.BLHEQ GData = Gen:Variant.Barys.1155 Symantec = Trojan.Gen BitDefender = Gen:Variant.Barys.1155 NOD32 = a variant of Win32/Mediyes.F
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2012:03:16 21:55:58-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 151552 Initialized Data Size : 65536 Uninitialized Data Size : 0 Entry Point : 0x1470a OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-05-02 18:42:17
VirusShare info last updated 2012-07-26 02:42:42

	MD5	226e3ce9b50fcf513514c78b3ead8f4e
	SHA1	23a21b5f432e79655d67234f5f8120c7ab7314cf
	SHA256	06bc01d24f76cea8a9b20affc975bcd2b45a2df9381f1d3aedc53c3b1af955f5
SSDeep	3072:d6Xm3Zi0X14+qckxEOd4FhCYt3OcB+c1JDzcY7H51933Dg:IeZiG11ExEW4XrJNB+cNH51d
Size	114176 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Suspicious file K7AntiVirus = Riskware eTrust-Vet = Win32/Vundo.H!generic Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Vundo.AV6 SUPERAntiSpyware = Trojan.Agent/Gen-Carberp McAfee-GW-Edition = Artemis!226E3CE9B50F DrWeb = Trojan.Virtumod.10080 Kaspersky = Trojan.Win32.Monder.ntcq Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr Jiangmin = Trojan/Monder.abbr McAfee = Artemis!226E3CE9B50F F-Secure = Gen:Variant.Renos.61 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CI.gen!Eldorado AVG = Cryptic.BQF Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Renos.61 Commtouch = W32/Virtumonde.CI.gen!Eldorado TheHacker = Trojan/Monder.mkhb BitDefender = Gen:Variant.Renos.61 NOD32 = a variant of Win32/Kryptik.JHE
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:03:22 14:25:14-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 66048 Initialized Data Size : 84992 Uninitialized Data Size : 0 Entry Point : 0x10e14 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : WMI Performance Reverse Adapter Resources File Version : 5.1.2600.0 (xpclient.010817-1148) Internal Name : WmiApRes.dll Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : WmiApRes.dll Product Name : Microsoft® Windows® Operating System Product Version : 5.1.2600.0
VirusTotal Report submitted 2012-05-07 21:34:36
VirusShare info last updated 2012-07-26 02:42:42

	MD5	34ef1bba5f54f7030c05377592f3d3e9
	SHA1	67d38b7f59a8f0c77ed8f6a2f8dd638839f67df5
	SHA256	02bbbf22760c839402f0159cd8692249ec2a2b7b27ed55347bc3bef8a618f35b
SSDeep	3072:ZVUPPqopbj/gK/abKrwEuYZhwHJValiljMqqDLy/bjK:fUPPxj4K/CwhwgnqqDLub
Size	166400 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.A.946 Avast = Win32:Kryptik-ELX [Trj] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Trj/Genetic.gen Rising = Trojan.Win32.Generic.12899D94 K7AntiVirus = Trojan eTrust-Vet = Win32/Vundo.HQK TrendMicro-HouseCall = TROJ_GEN.R11C2G6 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Artemis!34EF1BBA5F54 DrWeb = Trojan.Smardec.75 TrendMicro = TROJ_GEN.R11C2G6 Kaspersky = Trojan.Win32.Monder.drjy Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Vundo Jiangmin = Trojan/Monder.aapz McAfee = Artemis!34EF1BBA5F54 F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.ANJ Norman = W32/Kryptik.AIF Sophos = Mal/Generic-L GData = Gen:Variant.Vundo.13 Symantec = Trojan.Vundo!gen9 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.oxq BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.OXQ
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:12:07 01:22:53-05:00 PE Type : PE32 Linker Version : 5.12 Code Size : 98304 Initialized Data Size : 118784 Uninitialized Data Size : 0 Entry Point : 0x148ca OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.3790.3959 Product Version Number : 6.0.3790.3959 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Microsoft IIS Common Logging Interface DLL File Version : 6.0.3790.3959 (srv03_sp2_rtm.070216-1710) Internal Name : ISCOMLOG.DLL Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : ISCOMLOG.DLL Product Name : Internet Information Services Product Version : 6.0.3790.3959
VirusTotal Report submitted 2012-05-02 18:47:37
VirusShare info last updated 2012-07-26 02:43:25

	MD5	3be20e3076ecebb3ff730305a4c91c10
	SHA1	af29257241ad3f91ca57a0ba257136d90f78750b
	SHA256	d9c24cbff6d74199159f7a17218deffed219958dff05c0de443cdd53b9e05839
SSDeep	3072:VCmDWYX6Iiyar9Ccr4pfvdfYdZGt0KyP:H3K5CcrgQ/Z
Size	192512 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Mediyes AhnLab-V3 = Trojan/Win32.Mediyes Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Mediyes!IK McAfee-GW-Edition = Artemis!3BE20E3076EC Kaspersky = Trojan.Win32.Pirminay.rui Fortinet = W32/Mediyes.F!tr Jiangmin = Trojan/Pirminay.aqu McAfee = Artemis!3BE20E3076EC F-Secure = Gen:Variant.Barys.596 VIPRE = Trojan.Win32.Generic!BT F-Prot = W32/Mediyes.D.gen!Eldorado AVG = Generic27.CLCP GData = Gen:Variant.Barys.596 Commtouch = W32/Mediyes.D.gen!Eldorado BitDefender = Gen:Variant.Barys.596
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2011:10:01 11:04:07-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 131072 Initialized Data Size : 57344 Uninitialized Data Size : 0 Entry Point : 0xfdfa OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.3.0.0 Product Version Number : 2.3.0.0 File Flags Mask : 0x0017 File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Works Ltd. File Description : Workstation Service Loader File Version : 2.3.0.0 Internal Name : wssl.dll Legal Copyright : (c) 2009 Works Ltd. Original Filename : wssl.dll Product Name : Workstation Service Loader Product Version : 2.3.0.0
VirusTotal Report submitted 2012-04-28 07:40:47
VirusShare info last updated 2012-07-26 02:43:42

	MD5	469e2a7dfaadab1587198df73f05783b
	SHA1	1bd12c471d3ba75665066d13c0d00c032384cf78
	SHA256	4560bf1aad79da95ed385a2d9a0da42224854e27c36eaa005e7db47b2fb850a8
SSDeep	3072:AOthS1orkJ5yDOzEpZpKEa3iAny1A+AYUn6k6XpH6HFtQsbNcIA:MO0ZqKtE1zkws4QNrA
Size	212992 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:Trojan-gen Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Webprefix AhnLab-V3 = Trojan/Win32.Mediyes nProtect = Trojan/W32.Agent.212992.AIR K7AntiVirus = Trojan VirusBuster = Trojan.Mediyes!Crphn/ACKo8 VBA32 = Trojan.Pirminay.rez eTrust-Vet = Win32/Mediyes.A!generic Emsisoft = Trojan.Win32.Webprefix!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Generic.dx!b2fm DrWeb = Trojan.Hosts.5800 Kaspersky = Trojan.Win32.Pirminay.rfp Microsoft = Trojan:Win32/Mediyes.C Fortinet = W32/Mediyes.FA!tr Jiangmin = Trojan/Pirminay.aqj McAfee = Generic.dx!b2fm F-Secure = Gen:Variant.Barys.596 VIPRE = Trojan.Win32.Generic!BT F-Prot = W32/Mediyes.D.gen!Eldorado AVG = Agent3.BLOQ Norman = W32/Troj_Generic.BNCTV Sophos = Troj/Mediyes-L GData = Gen:Variant.Barys.596 Commtouch = W32/Mediyes.D.gen!Eldorado TheHacker = Trojan/Pirminay.rfp BitDefender = Gen:Variant.Barys.596 NOD32 = probably a variant of Win32/Mediyes.F
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2011:12:28 22:38:18-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 147456 Initialized Data Size : 61440 Uninitialized Data Size : 0 Entry Point : 0x1363a OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.3.0.0 Product Version Number : 2.3.0.0 File Flags Mask : 0x0017 File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Works Ltd. File Description : Workstation Service Loader File Version : 2.3.0.0 Internal Name : wssl.dll Legal Copyright : (c) 2009 Works Ltd. Original Filename : wssl.dll Product Name : Workstation Service Loader Product Version : 2.3.0.0
VirusTotal Report submitted 2012-05-10 19:48:51
VirusShare info last updated 2012-07-26 02:44:03

	MD5	4ebe02fcfae196f7a113c454a035e1ab
	SHA1	120065fc99826b31558cfc38ddae2a35ff8f8f27
	SHA256	30bf8f6821ecc3fe2290ae9ecb7232412d1aec1a4924e5033858a971bd942fec
SSDeep	3072:IJNeWq+hMWxE+fno0Pzzu/vN6aCYok453XFx0c/0aMt9zOM:IX5FhMW9nN8/Ct7F/0L6
Size	221184 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:Trojan-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Mediyes Panda = Generic Trojan nProtect = Trojan/W32.Agent.221184.ACM K7AntiVirus = Trojan VirusBuster = Trojan.Pirminay!D/VxYyjlALA VBA32 = Trojan.Pirminay.rdg Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Artemis!4EBE02FCFAE1 DrWeb = Trojan.Hosts.5792 Kaspersky = Trojan.Win32.Pirminay.rss Microsoft = Trojan:Win32/Mediyes.C Fortinet = W32/Mediyes.FA!tr Jiangmin = Trojan/Pirminay.aqi McAfee = Artemis!4EBE02FCFAE1 F-Secure = Gen:Variant.Barys.596 VIPRE = Trojan.Win32.Generic!BT F-Prot = W32/Mediyes.D.gen!Eldorado AVG = Agent.7.G Norman = W32/Troj_Generic.BLUDG Sophos = Mal/Mediyes-D GData = Gen:Variant.Barys.596 Commtouch = W32/Mediyes.D.gen!Eldorado BitDefender = Gen:Variant.Barys.596 NOD32 = a variant of Win32/Mediyes.F
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2012:03:23 00:59:57-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 151552 Initialized Data Size : 65536 Uninitialized Data Size : 0 Entry Point : 0x14a1a OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.3.0.0 Product Version Number : 2.3.0.0 File Flags Mask : 0x0017 File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Works Ltd. File Description : Workstation Service Loader File Version : 2.3.0.0 Internal Name : wssl.dll Legal Copyright : (c) 2009 Works Ltd. Original Filename : wssl.dll Product Name : Workstation Service Loader Product Version : 2.3.0.0
VirusTotal Report submitted 2012-04-28 07:42:47
VirusShare info last updated 2012-07-26 02:44:20

	MD5	6ae96667253679ae4ea34d6d03e0a288
	SHA1	ced48b23377aa57849a3903b0df4927ff357500d
	SHA256	9e7f7fda7a961feef943a596e0f57ecf28d233f687b6d7a2f96a40ef98faeed7
SSDeep	3072:0231hN1hrkyqyDTa2m233a0DS1hyE8SvTP1J6cBLdG74LKjtzMUM:dpT7xaaqSEb1B9qM
Size	212992 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Mediyes Panda = Trj/Genetic.gen nProtect = Trojan/W32.Agent.212992.AIR K7AntiVirus = Riskware VBA32 = Trojan.Pirminay.rez eTrust-Vet = Win32/Mediyes.A!generic Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Artemis!6AE966672536 DrWeb = Trojan.Hosts.5800 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Mediyes.C Fortinet = W32/Mediyes.FA!tr Jiangmin = Trojan/Pirminay.aqj McAfee = Artemis!6AE966672536 F-Secure = Gen:Variant.Barys.1155 VIPRE = Trojan.Win32.Generic!BT F-Prot = W32/Mediyes.D2.gen!Eldorado AVG = Agent3.BLOQ Norman = W32/Troj_Generic.BQIXF GData = Gen:Variant.Barys.1155 Commtouch = W32/Mediyes.D2.gen!Eldorado TheHacker = Trojan/Pirminay.rfl BitDefender = Gen:Variant.Barys.1155 NOD32 = probably a variant of Win32/Mediyes.F
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2011:12:28 21:04:28-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 147456 Initialized Data Size : 61440 Uninitialized Data Size : 0 Entry Point : 0x1363a OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-05-08 11:33:54
VirusShare info last updated 2012-07-26 02:45:15

	MD5	6c27b8a2eb1008673549ffb357d400e7
	SHA1	98a64ae91aba32a398337ddf4c400d5ce7f85784
	SHA256	a616f9ac37c0a1ed6f291cab72457c887f1713a41a2ed171836564a3b6de74a7
SSDeep	3072:jsWq+kMWKE+fs40PV6WOY0Wayhj4rYiaIrjzf7YotrIfM:HFkM19sDJEySlrjr7Y63
Size	221184 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:Trojan-gen Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Mediyes Panda = Trj/Genetic.gen Rising = Trojan.Win32.Generic.12C3FCAF VBA32 = Trojan.Pirminay.rdg eTrust-Vet = Win32/Mediyes.A!generic TrendMicro-HouseCall = TROJ_GEN.R47CDE3 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Artemis!6C27B8A2EB10 DrWeb = Trojan.Hosts.5792 TrendMicro = TROJ_GEN.R47CDE3 Kaspersky = Trojan.Win32.Pirminay.rdi Microsoft = Trojan:Win32/Mediyes.C Fortinet = W32/Mediyes.FA!tr Jiangmin = Trojan/Pirminay.aqi McAfee = Artemis!6C27B8A2EB10 F-Secure = Gen:Variant.Barys.1155 VIPRE = Trojan.Win32.Generic!BT F-Prot = W32/Mediyes.D2.gen!Eldorado AVG = Agent.7.G Norman = W32/Troj_Generic.BLMMM GData = Gen:Variant.Barys.1155 Commtouch = W32/Mediyes.D2.gen!Eldorado TheHacker = Trojan/Pirminay.rdh BitDefender = Gen:Variant.Barys.1155 NOD32 = a variant of Win32/Mediyes.F
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2012:03:23 01:32:31-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 151552 Initialized Data Size : 65536 Uninitialized Data Size : 0 Entry Point : 0x14a1a OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-05-04 01:31:36
VirusShare info last updated 2012-07-26 02:45:18

	MD5	6dac9814983cbed04cb23ef93e1b3c79
	SHA1	6bad1cf14835fb9c6a3b77010fe2d7b6d9dfb37d
	SHA256	62461c13f8a4baf6a099be436ca478b4ffbcc6a3faa0c6ccd21466aae75157c1
SSDeep	3072:BGVvIHj8immTQlUfcJDTzpamAlNs4cs5ZOsMK7udggzfGt+Gn:AaHIiNKRQmA35tCR9a
Size	221184 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Webprefix Panda = Trj/CI.A VBA32 = Trojan.Pirminay.rfi Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Webprefix!IK McAfee-GW-Edition = Artemis!6DAC9814983C DrWeb = Trojan.Hosts.5806 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Mediyes.C Fortinet = W32/Mediyes.FA!tr Jiangmin = Trojan/Pirminay.aqy McAfee = Artemis!6DAC9814983C F-Secure = Gen:Variant.Barys.1155 VIPRE = Trojan.Win32.Generic!BT AVG = Agent3.BLOO Norman = W32/Troj_Generic.BLMOL GData = Gen:Variant.Barys.1155 Symantec = Trojan.Gen BitDefender = Gen:Variant.Barys.1155 NOD32 = a variant of Win32/Mediyes.F
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2012:03:16 21:55:58-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 151552 Initialized Data Size : 65536 Uninitialized Data Size : 0 Entry Point : 0x1470a OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-04-29 06:14:03
VirusShare info last updated 2012-07-26 02:45:22

	MD5	8817d6978599909f47e8c8fadf6be153
	SHA1	22c3a5b4e0cc2e8d78f08f4cebafabad84cc2e73
	SHA256	9b965819374d2222e002b24c484d5cb464faa186829024d8b497f6de0bce6528
SSDeep	3072:rbFGhl12rkenyDhsOmytmja1S/kyMjSvhtKJBXc/ynfztjkoM:c8fNgr6M+J/yn9g
Size	212992 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay Panda = Trj/CI.A nProtect = Trojan/W32.Agent.212992.AIR K7AntiVirus = Riskware VBA32 = Trojan.Pirminay.rez Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Artemis!8817D6978599 DrWeb = Trojan.Hosts.5800 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Mediyes.C Fortinet = W32/Mediyes.FA!tr Jiangmin = Trojan/Pirminay.aqj McAfee = Artemis!8817D6978599 F-Secure = Gen:Variant.Barys.1155 VIPRE = Trojan.Win32.Generic!BT F-Prot = W32/Mediyes.D2.gen!Eldorado AVG = Agent3.BLOQ Norman = W32/Troj_Generic.BLONB GData = Gen:Variant.Barys.1155 BitDefender = Gen:Variant.Barys.1155 NOD32 = probably a variant of Win32/Mediyes.F
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2011:12:28 21:33:01-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 147456 Initialized Data Size : 61440 Uninitialized Data Size : 0 Entry Point : 0x1363a OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-05-01 04:10:24
VirusShare info last updated 2012-07-26 02:46:34

	MD5	8e85afc7cebb1eb37c54947a442fcff2
	SHA1	905ff4dc9005a9d495289d0aa308b48775af42fd
	SHA256	220744681b23325d23fcec02eff857eac6743ef0977f603fff2f3bc011f87bb3
SSDeep	1536:aJ9v14s61TdoaaiL5W2yLnu2k2UXl5pRn:a/tn6TdotcZJ2SXlh
Size	49664 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Menti Panda = Suspicious file K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!xXAeS/he4Qc VBA32 = AdWare.SuperJuan.heur eTrust-Vet = Win32/vundo.HTO!genus TrendMicro-HouseCall = TROJ_GEN.R26C1DN Emsisoft = Trojan.Win32.Pirminay!IK Comodo = TrojWare.Win32.Genome.~BS CAT-QuickHeal = Trojan.Vundo.AV6 McAfee-GW-Edition = Vundo!lk DrWeb = Trojan.Siggen2.12319 TrendMicro = TROJ_GEN.R26C1DN Kaspersky = Trojan.Win32.Menti.njjz Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Menti.qcr McAfee = Vundo!lk F-Secure = Gen:Variant.Vundo.5 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.SU AVG = Cryptic.BTF Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen Symantec = Trojan.Gen GData = Gen:Variant.Vundo.5 Commtouch = W32/Virtumonde.SU TheHacker = Trojan/Menti.hisl BitDefender = Gen:Variant.Vundo.5 NOD32 = a variant of Win32/Kryptik.JHE
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2002:08:22 22:50:22-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 6656 Initialized Data Size : 78848 Uninitialized Data Size : 0 Entry Point : 0x2654 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1.2.0.6 Product Version Number : 1.2.0.6 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Unicode Company Name : VMware, Inc. File Description : VMware SCSI Controller Driver File Version : 1.2.0.6 Internal Name : vmscsi.sys Legal Copyright : Copyright © 1998-2006 VMware, Inc. Original Filename : vmscsi.sys Product Name : VMware SCSI Controller Driver Product Version : 1.2.0.6
VirusTotal Report submitted 2012-05-02 20:38:17
VirusShare info last updated 2012-07-26 02:46:49

	MD5	9804ed35b74306d43ac75ec3cbb1b9c4
	SHA1	e93a73d48f7d1fcbb4eeb0ac24efe0d781fc86df
	SHA256	39d288428fa1b1e718d1dfa33e3e943f9fd787305c0994dc80391a362c096258
SSDeep	3072:H9KvITjQmm9AlUf7QE1cwwa2EpZVYicp+VYYbu73FTYkl/MtUD9M:d/TEzNQwh2M8B73FTY4u
Size	221184 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Webprefix Panda = Trj/CI.A nProtect = Trojan/W32.Agent.221184.ACK VBA32 = Trojan.Pirminay.rkf Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Webprefix!IK McAfee-GW-Edition = Artemis!9804ED35B743 DrWeb = Trojan.Hosts.5806 Kaspersky = Trojan.Win32.Pirminay.rkw Microsoft = Trojan:Win32/Mediyes.C Fortinet = W32/Mediyes.FA!tr Jiangmin = Trojan/Pirminay.aqk McAfee = Artemis!9804ED35B743 F-Secure = Trojan.Generic.KDV.608369 VIPRE = Trojan.Win32.Generic!BT AVG = Agent3.BLOO Norman = W32/Troj_Generic.BJKIZ GData = Trojan.Generic.KDV.608369 TheHacker = Trojan/Mediyes.f BitDefender = Trojan.Generic.KDV.608369 NOD32 = a variant of Win32/Mediyes.F
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2012:03:16 21:08:33-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 151552 Initialized Data Size : 65536 Uninitialized Data Size : 0 Entry Point : 0x1470a OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-04-27 06:13:32
VirusShare info last updated 2012-07-26 02:47:11

	MD5	a80cbef2d20b3fc0d97b4d72d64ec2e1
	SHA1	4647b1692380d45d62114bbe70d7cc66a02206e0
	SHA256	296be29ee5ab6dc20596015220f73b14e3c28a488df5a117a5533b0973c86f03
SSDeep	6144:B0eDc/OFiJqXD4xZaXQ1jTxUyd7SyBAbky8ffAffKVpTbpixZeSVnjHAGKMs1OD:Btg/+XD4TamRT7vAwy8ffcBhnbAGmED
Size	422265 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.ZPACK.Gen2 Avast = Win32:Zbot-NCY [Trj] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Pirminay.422265 Panda = Suspicious file K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!yMEs/f6hmHk TrendMicro-HouseCall = TROJ_SPNR.30DJ12 Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.DownLoader3.64509 TrendMicro = TROJ_SPNR.30DJ12 Kaspersky = Trojan.Win32.Pirminay.qct Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.yp McAfee = Generic Malware.ms F-Secure = Gen:Variant.Zbot.34 VIPRE = Trojan.Win32.Generic!BT AVG = Generic22.AUVC Norman = W32/Kryptik.AIF GData = Gen:Variant.Zbot.34 Symantec = Trojan.Gen TheHacker = Trojan/Pirminay.hgj BitDefender = Gen:Variant.Zbot.34 NOD32 = a variant of Win32/Kryptik.LLT
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:04:02 17:25:27-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 401408 Initialized Data Size : 331776 Uninitialized Data Size : 0 Entry Point : 0x5e89b OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Sfnmmjmbo Skhwxekjawx File Description : A tool to aid in developing services for CrqwrdcNT File Version : 5.1.2600.0 (bphvxfpq.010817-1148) Internal Name : sc.exe Legal Copyright : © Jwgmgrheo Rrxibwkfswj. All rights reserved. Original Filename : sc.exe Product Name : Ognhyeglj® Ampfcwq® Egwfgpmgs Bpntbe Product Version : 5.1.2600.0
VirusTotal Report submitted 2012-05-05 13:00:17
VirusShare info last updated 2012-07-26 02:47:44

	MD5	abb0e59259881fd09b7e981d1e15861c
	SHA1	118dc6697dcb0c88fbc559beab41367b7f672a57
	SHA256	833e5f84d6035debcda025c2ac8af1a0119721169a3eee33cf8284d4989eb4c9
SSDeep	3072:dEm8QRlA3aNkRAsTddoNxARag44LJ3Jh9ypXcdJ9XfUfCwhw:dESeXqxJspJip
Size	127488 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-HH [Cryp] Ikarus = Gen.Variant.Vundo AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/Sinowal.WXO Rising = Trojan.Win32.Generic.1253726C nProtect = Trojan/W32.Pirminay.127488 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!lGNi7+ZJ8Ws VBA32 = Trojan.Pirminay.jxo eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R21C2IE Comodo = UnclassifiedMalware Emsisoft = Gen.Variant.Vundo!IK CAT-QuickHeal = Trojan.Monder.mqhn McAfee-GW-Edition = Vundo!lh DrWeb = Trojan.Siggen2.15308 TrendMicro = TROJ_GEN.R21C2IE Kaspersky = Trojan.Win32.Monder.mqhn Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.ff McAfee = Vundo!lh F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) eSafe = Win32.TRPirminay.Air F-Prot = W32/Virtumonde.BZ.gen!Eldorado AVG = Generic24.BPOB Norman = Pirminay.A Sophos = Mal/Generic-L GData = Gen:Variant.Vundo.13 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.BZ.gen!Eldorado TheHacker = Trojan/Pirminay.mdp BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.HNY
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:10:24 13:20:26-04:00 PE Type : PE32 Linker Version : 5.12 Code Size : 52736 Initialized Data Size : 108544 Uninitialized Data Size : 0 Entry Point : 0xdbfd OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.1830 Product Version Number : 5.2.3790.1830 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : System Information File Version : 5.2.3790.1830 (srv03_sp1_rtm.050324-1447) Internal Name : msinfo32.exe Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : msinfo32.exe Product Name : Microsoft® Windows® Operating System Product Version : 5.2.3790.1830
VirusTotal Report submitted 2012-05-06 09:14:45
VirusShare info last updated 2012-07-26 02:47:49

	MD5	b357a4126df54f7f7a467d5856f2106e
	SHA1	bba0afcf172f1e06154460c23fba395e2a725883
	SHA256	12c14aba428ccf0b9664793dd1d647ecbc44d74513538e72289bdae0bc048d28
SSDeep	3072:6v2hG1GrkO/yDzJmJiy1aJqf8y8oSX0FKZ3efbxV9tVNrW:4svkltG8XMfbxg
Size	212992 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Kazy.KR Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Mediyes Panda = Trj/Genetic.gen nProtect = Trojan/W32.Agent.212992.AIR K7AntiVirus = Riskware VBA32 = Trojan.Pirminay.rez eTrust-Vet = Win32/Mediyes.A!generic Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Artemis!B357A4126DF5 DrWeb = Trojan.Hosts.5800 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Mediyes.C Fortinet = W32/Mediyes.FA!tr Jiangmin = Trojan/Pirminay.aqj McAfee = Artemis!B357A4126DF5 F-Secure = Gen:Variant.Barys.1155 VIPRE = Trojan.Win32.Generic!BT F-Prot = W32/Mediyes.D2.gen!Eldorado AVG = Agent3.BLOQ Norman = W32/Troj_Generic.BLQXI GData = Gen:Variant.Barys.1155 Commtouch = W32/Mediyes.D2.gen!Eldorado BitDefender = Gen:Variant.Barys.1155 NOD32 = probably a variant of Win32/Mediyes.F
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2012:01:23 12:50:33-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 147456 Initialized Data Size : 61440 Uninitialized Data Size : 0 Entry Point : 0x1363a OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-05-07 21:48:13
VirusShare info last updated 2012-07-26 02:48:04

	MD5	b55d0b6ef7a5140fbb0949a7f0277a44
	SHA1	3a667051ff4161679062edc7c0a842800b6a082b
	SHA256	3362442264f95cb299aaabb8f30ad9bb70b5045fa8fb6293d8f89aba48899186
SSDeep	3072:nO0dvEuIU55yDEnQ7JaeWhjzJK0s63bkEhoHtroM:3zV5iw7w0JOln
Size	212992 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay Panda = Trj/Genetic.gen K7AntiVirus = Riskware VBA32 = Trojan.Pirminay.rur Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Mediyes.C Fortinet = W32/Mediyes.FA!tr Jiangmin = Trojan/Pirminay.aqq McAfee = Artemis!B55D0B6EF7A5 F-Secure = Gen:Variant.Barys.1155 VIPRE = Trojan.Win32.Generic!BT F-Prot = W32/Mediyes.D2.gen!Eldorado GData = Gen:Variant.Barys.1155 BitDefender = Gen:Variant.Barys.1155 NOD32 = probably a variant of Win32/Mediyes.F
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2011:12:16 15:59:21-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 147456 Initialized Data Size : 61440 Uninitialized Data Size : 0 Entry Point : 0x1391a OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-05-02 20:24:30
VirusShare info last updated 2012-07-26 02:48:09

	MD5	c0d474ae87027046d8e1589109d9a4dc
	SHA1	ce96a81716b293fcda93d1c16d0807c6c013ee6e
	SHA256	597f4531d8c35711fadeddbc98b65af0939ade6682bae6245c84d6ac58adf6e4
SSDeep	1536:hTiMJWZk4HshrsS1RyLwfz8N6NF5+0piPl24sxd2VXIm010TlBovffJnC:sMJwDkrJkb6NF2l2p+hE3hC
Size	94208 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.AV.579 Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Vundo Panda = Generic Trojan nProtect = Trojan/W32.Vundo.94208.ATS K7AntiVirus = Riskware VirusBuster = Trojan.Monder!W9cD8x6FiOI eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R4FC1L6 Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Vundo!lb DrWeb = Trojan.Virtumod.10211 TrendMicro = TROJ_GEN.R4FC1L6 Kaspersky = Trojan.Win32.Monder.drjy Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Monder.BMF!tr PCTools = Trojan.Gen Jiangmin = Trojan/Monder.aamt McAfee = Vundo!lb F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.BYAV Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.llt BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LLT
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:04:26 06:34:44-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 36864 Initialized Data Size : 90112 Uninitialized Data Size : 0 Entry Point : 0x6021 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 3.2.0.28 Product Version Number : 3.2.0.28 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : File Description : SStub Module File Version : 3, 2, 0, 28 Internal Name : SStub Legal Copyright : Copyright 1999 Legal Trademarks : OLE Self Register : Original Filename : SStub.DLL Private Build : Product Name : SStub Module Product Version : 3, 2, 0, 28 Special Build :
VirusTotal Report submitted 2012-05-10 20:10:32
VirusShare info last updated 2012-07-26 02:48:29

	MD5	c79cca41e8fae653c751936e6671a708
	SHA1	a080ec9b750c5a1e79872ae51a8cf179af3b9cd4
	SHA256	9575248aa29052cc227fcd209f4b309362fd31ba32bfd673b57c3e32b72c887f
SSDeep	3072:pj2qe4MWeE+fTV0PlrPEXaa64Gy4IHCg9c/NEPudtph8M:ol4Mp9Tg+f69U1c/NEGZR
Size	221184 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Mediyes Panda = Trj/Genetic.gen Rising = Trojan.Win32.Generic.12C34975 nProtect = Trojan/W32.Agent.221184.ACT VBA32 = Trojan.Pirminay.rdg eTrust-Vet = Win32/Mediyes.A!generic Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Artemis!C79CCA41E8FA DrWeb = Trojan.Hosts.5792 Kaspersky = Trojan.Win32.Pirminay.rdu Microsoft = Trojan:Win32/Mediyes.C Fortinet = W32/Mediyes.FA!tr Jiangmin = Trojan/Pirminay.aqi McAfee = Artemis!C79CCA41E8FA F-Secure = Trojan.Generic.KDV.608292 VIPRE = Trojan.Win32.Generic!BT F-Prot = W32/Mediyes.D2.gen!Eldorado AVG = Agent.7.G GData = Trojan.Generic.KDV.608292 Commtouch = W32/Mediyes.D2.gen!Eldorado TheHacker = Trojan/Pirminay.rdr BitDefender = Trojan.Generic.KDV.608292 NOD32 = a variant of Win32/Mediyes.F
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2012:03:23 01:46:22-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 151552 Initialized Data Size : 65536 Uninitialized Data Size : 0 Entry Point : 0x14a1a OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-05-06 18:40:10
VirusShare info last updated 2012-07-26 02:48:41

	MD5	c88c8100e637f4b7ef800fbcade64444
	SHA1	fd030cb866f5d874bc4a4e0e571654d3df79af2b
	SHA256	b41a1f00f62f6c42992f314840b30312e04ff72897d886f143e7fb8da1fbb5a2
SSDeep	3072:VFhdhy10rkj2yDxLtAbsWpatT6eqyuciHuKxMnanjutZkZNcIx:D8Wi5EQtrurO6nq6Nrx
Size	212992 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:Trojan-gen Ikarus = Trojan.Win32.Webprefix AhnLab-V3 = Trojan/Win32.Mediyes Panda = Generic Trojan nProtect = Trojan/W32.Agent.212992.AIR K7AntiVirus = Trojan VirusBuster = Trojan.Pirminay!nVD+C3wlFWo VBA32 = Trojan.Pirminay.rez eTrust-Vet = Win32/Mediyes.A!generic Emsisoft = Trojan.Win32.Webprefix!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Artemis!C88C8100E637 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Mediyes.C Fortinet = W32/Mediyes.FA!tr Jiangmin = Trojan/Pirminay.aqj McAfee = Artemis!C88C8100E637 F-Secure = Gen:Variant.Barys.596 F-Prot = W32/Mediyes.D.gen!Eldorado AVG = Agent3.BLOQ Sophos = Mal/Mediyes-D GData = Gen:Variant.Barys.596 Commtouch = W32/Mediyes.D.gen!Eldorado BitDefender = Gen:Variant.Barys.596 NOD32 = probably a variant of Win32/Mediyes.F
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2011:12:28 21:00:54-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 147456 Initialized Data Size : 61440 Uninitialized Data Size : 0 Entry Point : 0x1363a OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.3.0.0 Product Version Number : 2.3.0.0 File Flags Mask : 0x0017 File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Works Ltd. File Description : Workstation Service Loader File Version : 2.3.0.0 Internal Name : wssl.dll Legal Copyright : (c) 2009 Works Ltd. Original Filename : wssl.dll Product Name : Workstation Service Loader Product Version : 2.3.0.0
VirusTotal Report submitted 2012-05-06 18:40:19
VirusShare info last updated 2012-07-26 02:48:43

	MD5	c9f8c773f56ba1c18a523d3d5f881272
	SHA1	c66c20eaf37ffb63397eadc00c61f889b289b2db
	SHA256	60137a8b1c5cff942210912050cb61c6d56f4781865edf37696cc88cefce86bf
SSDeep	3072:UKrfDp1SP5EDXSsfR7vD9qFVouMqqDLy/jt0:nl1hhQ4qqDLu
Size	155648 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-HH [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Vundo nProtect = Trojan/W32.Genome.155648.K K7AntiVirus = Trojan VirusBuster = Trojan.Kryptik!7CAmE8sQ+cY eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R4FC2IF Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Vundo McAfee-GW-Edition = Vundo!lw DrWeb = Trojan.Click1.54924 TrendMicro = TROJ_GEN.R4FC2IF Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.iqrf McAfee = Vundo!lw F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Cryptic.CZO Norman = W32/Suspicious_Gen2.QTUPX Symantec = Trojan.Gen GData = Gen:Variant.Vundo.4 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Genome.sqdx BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:22 10:44:33-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 110592 Initialized Data Size : 86016 Uninitialized Data Size : 0 Entry Point : 0x17802 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 2 Language Code : Neutral Character Set : Unicode Company Name : Microsoft Corporation File Description : Ukrainian (Enhanced) Keyboard Layout File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : kbdur1 (3.13) Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : kbdur1.dll Product Name : Microsoft® Windows® Operating System Product Version : 6.1.7600.16385
VirusTotal Report submitted 2012-05-08 08:09:25
VirusShare info last updated 2012-07-26 02:48:45

	MD5	e2dea71aaf7fb8098dfb142cdcac36da
	SHA1	ce1b59efe55ed0c2d6dca75f8da6adfb25d15a60
	SHA256	05c3d7d8bc43cdbafd7845212d2c56115df09bc623eb9664d00fa29c4313cdb2
SSDeep	3072:FFhdhy10rkj2yDxLtAbsWpatT6eqyuciHuKx0nanjutZyh5:z8Wi5EQtrurOKnqi
Size	212992 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:Trojan-gen Ikarus = Trojan.Win32.Webprefix AhnLab-V3 = Trojan/Win32.Mediyes Panda = Trj/Genetic.gen nProtect = Trojan/W32.Agent.212992.AIR K7AntiVirus = Trojan VBA32 = Trojan.Pirminay.rez eTrust-Vet = Win32/Mediyes.A!generic Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Webprefix!IK DrWeb = Trojan.Hosts.5800 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Mediyes.C Fortinet = W32/Mediyes.FA!tr Jiangmin = Trojan/Pirminay.aqj F-Secure = Gen:Variant.Barys.1155 VIPRE = Trojan.Win32.Generic!BT F-Prot = W32/Mediyes.D2.gen!Eldorado AVG = Agent3.BLOQ Norman = W32/Mediyes.G GData = Gen:Variant.Barys.1155 Commtouch = W32/Mediyes.D2.gen!Eldorado BitDefender = Gen:Variant.Barys.1155 NOD32 = probably a variant of Win32/Mediyes.F
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2011:12:28 21:00:54-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 147456 Initialized Data Size : 61440 Uninitialized Data Size : 0 Entry Point : 0x1363a OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-05-09 21:40:50
VirusShare info last updated 2012-07-26 02:49:33

	MD5	f77e9442e62ecfbf73778f3be6783b0b
	SHA1	a0ef79d626269f1f270d29a45542511074058d5a
	SHA256	c523fd9785f968df01f4a76f2219727b093ceef483c5f6dfcdefccae2d9d8125
SSDeep	3072:8VssWq+3MWZE+fVT0Pjpp/bdZiaSZUGVb4q48GFBHi0MvU2VtpIl3:TF3MG9VWppDXS3bNABHi0McC8
Size	221184 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Mediyes Panda = Generic Trojan nProtect = Trojan/W32.Agent.221184.ACB K7AntiVirus = Trojan VirusBuster = Trojan.Pirminay!D1S41jR3FNM VBA32 = Trojan.Pirminay.rdg eTrust-Vet = Win32/Mediyes.A!generic Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Artemis!F77E9442E62E DrWeb = Trojan.Hosts.5792 Kaspersky = Trojan.Win32.Pirminay.rdo Microsoft = Trojan:Win32/Mediyes.C Fortinet = W32/Mediyes.FA!tr Jiangmin = Trojan/Pirminay.aqi McAfee = Artemis!F77E9442E62E F-Secure = Gen:Variant.Barys.596 VIPRE = Trojan.Win32.Generic!BT eSafe = Win32.TRATRAPS F-Prot = W32/Mediyes.D.gen!Eldorado AVG = Agent.7.G Norman = W32/Troj_Generic.BPFSC Sophos = Mal/Mediyes-D GData = Gen:Variant.Barys.596 Commtouch = W32/Mediyes.D.gen!Eldorado TheHacker = Trojan/Pirminay.rdo BitDefender = Gen:Variant.Barys.596 NOD32 = a variant of Win32/Mediyes.F
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2012:03:23 00:06:38-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 151552 Initialized Data Size : 65536 Uninitialized Data Size : 0 Entry Point : 0x14a1a OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.3.0.0 Product Version Number : 2.3.0.0 File Flags Mask : 0x0017 File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Works Ltd. File Description : Workstation Service Loader File Version : 2.3.0.0 Internal Name : wssl.dll Legal Copyright : (c) 2009 Works Ltd. Original Filename : wssl.dll Product Name : Workstation Service Loader Product Version : 2.3.0.0
VirusTotal Report submitted 2012-05-07 04:18:18
VirusShare info last updated 2012-07-26 02:50:17

	MD5	fe36cec10fe086e8dc463d4300014882
	SHA1	b6d052d4ea453867ef945fb016fa1a5b3c627713
	SHA256	c448e7a4228e69f89916e9760f073cae1631c48dc33aaeda82b40fb93f7b85a0
SSDeep	3072:xTOILzJR/UmyjNJ4I5ep1MQXH2Kxo49TCoAZfARjxos7:xTpJEre7WKZBIoJxo
Size	131072 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/Win32.Monder.gen Ikarus = Trojan.Win32.Pirminay Panda = Suspicious file nProtect = Trojan/W32.Vundo.131072.D K7AntiVirus = Riskware Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Artemis!FE36CEC10FE0 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV PCTools = Trojan.Vundo Jiangmin = Trojan/Generic.jfgg McAfee = Artemis!FE36CEC10FE0 F-Secure = Gen:Variant.Vundo.13 VIPRE = Virtumonde AVG = Generic22.BKGL Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen Symantec = Trojan.Vundo!gen9 GData = Gen:Variant.Vundo.13 TheHacker = Trojan/Kryptik.lxf BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:09:29 14:44:39-04:00 PE Type : PE32 Linker Version : 5.12 Code Size : 69632 Initialized Data Size : 94208 Uninitialized Data Size : 0 Entry Point : 0xdefe OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-05-02 20:37:19
VirusShare info last updated 2012-07-26 02:50:34

	MD5	076b23ab8502028af248d12aee2ab88c
	SHA1	2272080240c879f45e60b43f05f01505eb49552f
	SHA256	5216b83a7c82f3e707a8a1772607af4934466d03871f6b11ca1547a7261057a1
SSDeep	3072:SVIHUz57tZzYH3Df2hJVlrMqqDLy/YeX:SzztXUooqqDLuz
Size	106496 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-HH [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Vundo Panda = Generic Trojan K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!3z6gOCHBK+Y eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R11C2GO Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.Smardec.75 TrendMicro = TROJ_GEN.R11C2GO Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.ikcs McAfee = Generic Malware.ms F-Secure = Gen:Heur.Ranpax.1 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.AHYR Norman = W32/Crypt.AWAV Sophos = Mal/Generic-L GData = Gen:Heur.Ranpax.1 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.qgj BitDefender = Gen:Heur.Ranpax.1 NOD32 = a variant of Win32/Kryptik.QGJ
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:15 03:11:02-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 45056 Initialized Data Size : 114688 Uninitialized Data Size : 0 Entry Point : 0x71b6 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7000.0 Product Version Number : 6.1.7000.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Dqobcighi Wexdayufmti File Description : Jbwdkjait DirectMusic Wave File Version : 6.1.7000.0 (winmain_win7beta.081212-1400) Internal Name : Qvunieave DirectMusic Wave Legal Copyright : © Mjkuhcxyt Fdynyqlkbfc. All rights reserved. Original Filename : dsave.dll Product Name : Regkuctuq® Hndhxzt® Wzqbwbzfu Fmiopt Product Version : 6.1.7000.0
VirusTotal Report submitted 2012-05-04 01:05:27
VirusShare info last updated 2012-07-26 02:51:47

	MD5	094d9a8ea65051a1ce4c4259380cf79e
	SHA1	af4f8fd752e6fab1af9ea812d8d4befac78ceb24
	SHA256	86e99772ae159aa09da8cf825b381b8870c09601e22dc63e1dcf04c9cd56b2d6
SSDeep	3072:FQWq+QMWGE+fhB20Pr+noCxXaYEt4L4bqPVUWK7oeottIK3x:5FQMB9hBjmxKYPnvK7oe4nx
Size	221184 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:Trojan-gen Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Mediyes Panda = Generic Trojan nProtect = Trojan/W32.Agent.221184.ACB K7AntiVirus = Trojan VirusBuster = Trojan.Pirminay!PGgB+KDhYnw VBA32 = Trojan.Pirminay.rdg eTrust-Vet = Win32/Mediyes.A!generic Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Artemis!094D9A8EA650 DrWeb = Trojan.Hosts.5792 Kaspersky = Trojan.Win32.Pirminay.rdj Microsoft = Trojan:Win32/Mediyes.C Fortinet = W32/Mediyes.FA!tr Jiangmin = Trojan/Pirminay.aqi McAfee = Artemis!094D9A8EA650 F-Secure = Trojan.Generic.KDV.607345 VIPRE = Trojan.Win32.Generic!BT F-Prot = W32/Mediyes.D.gen!Eldorado AVG = Generic27.BSVS Norman = W32/Troj_Generic.BORKN Sophos = Mal/Mediyes-D GData = Trojan.Generic.KDV.607345 Commtouch = W32/Mediyes.D.gen!Eldorado TheHacker = Trojan/Pirminay.rdj BitDefender = Trojan.Generic.KDV.607345 NOD32 = a variant of Win32/Mediyes.F
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2012:03:23 00:56:06-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 151552 Initialized Data Size : 65536 Uninitialized Data Size : 0 Entry Point : 0x14a1a OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.3.0.0 Product Version Number : 2.3.0.0 File Flags Mask : 0x0017 File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Works Ltd. File Description : Workstation Service Loader File Version : 2.3.0.0 Internal Name : wssl.dll Legal Copyright : (c) 2009 Works Ltd. Original Filename : wssl.dll Product Name : Workstation Service Loader Product Version : 2.3.0.0
VirusTotal Report submitted 2012-05-08 11:24:39
VirusShare info last updated 2012-07-26 02:51:52

	MD5	09c9deb36d61c5bee7c3329099410a23
	SHA1	0a1e6f0074ea522aed1d8dd8931b5b5b853b340f
	SHA256	93fec3ecdae5ca4247944c246319c97435971584e53c05ceef8830555ca85423
SSDeep	3072:vsRyklqOjkv/yD8hf63RauuB9nta6Ym9XZWitBA5YrHy:YCUqTGIptycZWCoYrS
Size	212992 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:Trojan-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Mediyes K7AntiVirus = Trojan VirusBuster = Trojan.Mediyes!X4Rf06dwQxw TrendMicro-HouseCall = TROJ_GEN.R21CDDO Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Artemis!09C9DEB36D61 DrWeb = Trojan.Hosts.5800 TrendMicro = TROJ_GEN.R21CDDO Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Mediyes.C Fortinet = W32/Mediyes.FA!tr PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.aqr McAfee = Artemis!09C9DEB36D61 F-Secure = Gen:Variant.Barys.596 VIPRE = Trojan.Win32.Generic!BT F-Prot = W32/Mediyes.D.gen!Eldorado AVG = Mediyes Norman = W32/Troj_Generic.BLEVZ Sophos = Mal/Mediyes-D GData = Gen:Variant.Barys.596 Symantec = Trojan.Gen Commtouch = W32/Mediyes.D.gen!Eldorado BitDefender = Gen:Variant.Barys.596 NOD32 = probably a variant of Win32/Mediyes.F
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2011:12:17 22:21:55-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 147456 Initialized Data Size : 61440 Uninitialized Data Size : 0 Entry Point : 0x1356a OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.3.0.0 Product Version Number : 2.3.0.0 File Flags Mask : 0x0017 File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Works Ltd. File Description : Workstation Service Loader File Version : 2.3.0.0 Internal Name : wssl.dll Legal Copyright : (c) 2009 Works Ltd. Original Filename : wssl.dll Product Name : Workstation Service Loader Product Version : 2.3.0.0
VirusTotal Report submitted 2012-05-02 18:33:17
VirusShare info last updated 2012-07-26 02:51:54

	MD5	1355720c73ae9245974e0cebd8b8a001
	SHA1	39e9ca7417680eb83de4f12ff7060493e78687e1
	SHA256	37f6cf0b5ddc14e3f43239cb0b477891cb7a8e138ecc8030c290ce4139517905
SSDeep	3072:9cfGbldO2kLxyD0fKwPa6fLaX3FSR0qQttNGYrH:c+lWny6QV2UUYr
Size	212992 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:Trojan-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Mediyes K7AntiVirus = Trojan VirusBuster = Trojan.Mediyes!26RPTtnbzNc VBA32 = Trojan.Pirminay.rmr eTrust-Vet = Win32/Mediyes.A!generic Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Generic.dx!b2av DrWeb = Trojan.Hosts.5800 Kaspersky = Trojan.Win32.Pirminay.rsu Microsoft = Trojan:Win32/Mediyes.C Fortinet = W32/Mediyes.FA!tr PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.aqr McAfee = Generic.dx!b2av F-Secure = Gen:Variant.Barys.596 VIPRE = Trojan.Win32.Generic!BT F-Prot = W32/Mediyes.D.gen!Eldorado AVG = Mediyes Norman = W32/Suspicious_Gen5.DOCG Sophos = Mal/Mediyes-D GData = Gen:Variant.Barys.596 Symantec = Trojan.Gen.2 Commtouch = W32/Mediyes.D.gen!Eldorado TheHacker = Trojan/Pirminay.rsu BitDefender = Gen:Variant.Barys.596 NOD32 = probably a variant of Win32/Mediyes.F
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2011:12:17 22:11:17-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 147456 Initialized Data Size : 61440 Uninitialized Data Size : 0 Entry Point : 0x1356a OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.3.0.0 Product Version Number : 2.3.0.0 File Flags Mask : 0x0017 File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Works Ltd. File Description : Workstation Service Loader File Version : 2.3.0.0 Internal Name : wssl.dll Legal Copyright : (c) 2009 Works Ltd. Original Filename : wssl.dll Product Name : Workstation Service Loader Product Version : 2.3.0.0
VirusTotal Report submitted 2012-05-05 23:57:37
VirusShare info last updated 2012-07-26 02:52:16

	MD5	183f4127ee431fa658160967967663c6
	SHA1	588802d1147f5b75272f047797c3a5241d964331
	SHA256	deb3745ea50263a8a44cc1fed2b4ba8cb3e8c13f4b4be83d6ac56b7c7cb012fe
SSDeep	3072:jH7Z2uNl+tJzGQNER2BVQO1UFLsvWk8O1voA:jUkl+t1GQNxQO6+W9g
Size	109568 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Suspicious file nProtect = Trojan/W32.Vundo.109568.F K7AntiVirus = Riskware VirusBuster = Trojan.Monder!1yKC5nK5K7I eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R47CDE3 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Kryptik McAfee-GW-Edition = Vundo!ow DrWeb = Trojan.Virtumod.based.34 TrendMicro = TROJ_GEN.R47CDE3 Kaspersky = Trojan.Win32.Monder.nrru Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Monder.NRRU!tr McAfee = Vundo!ow F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.BZ.gen!Eldorado AVG = Generic28.SLJ Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Commtouch = W32/Virtumonde.BZ.gen!Eldorado BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:12:03 23:02:33-05:00 PE Type : PE32 Linker Version : 5.12 Code Size : 92160 Initialized Data Size : 52224 Uninitialized Data Size : 0 Entry Point : 0x1767d OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : Debug File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Message Utility File Version : 5.1.2600.0 (xpclient.010817-1148) Internal Name : msg Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : msg.exe Product Name : Microsoft® Windows® Operating System Product Version : 5.1.2600.0
VirusTotal Report submitted 2012-05-04 01:57:33
VirusShare info last updated 2012-07-26 02:52:27

	MD5	1d63113e1bedc48f3eecba78e59059c8
	SHA1	7f43d1ad12832ab03be9c558d03177de4ddf6c7a
	SHA256	1df5ceb24f04ab393180350233f1ecb8b1e1374942346efa349b1d35c7f9903c
SSDeep	1536:Eb5PjVZ+4Wfx3lQkUrK/FI+amXUrl7PpInBXt1wdBNMvWdG1oHyf:EBpZHWfx3ykUr00rl7KnBHwdnMRwa
Size	114688 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay Panda = Suspicious file K7AntiVirus = Riskware eTrust-Vet = Win32/Monder.A!generic Comodo = TrojWare.Win32.Agent.onm Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Artemis!1D63113E1BED DrWeb = Trojan.Siggen3.42285 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Virtum!tr PCTools = Trojan.Vundo Jiangmin = Trojan/Agent.evtk McAfee = Artemis!1D63113E1BED F-Secure = Gen:Variant.Vundo.13 VIPRE = Virtumonde AVG = Generic22.ONM Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.13 Symantec = Trojan.Vundo!gen9 TheHacker = Trojan/Kryptik.ndi BitDefender = Gen:Variant.Vundo.13
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:09:23 03:29:11-04:00 PE Type : PE32 Linker Version : 5.12 Code Size : 45056 Initialized Data Size : 102400 Uninitialized Data Size : 0 Entry Point : 0x8131 OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-05-05 20:59:22
VirusShare info last updated 2012-07-26 02:52:39

	MD5	23995b6fe0c8eaa2edcd7d66627edfd9
	SHA1	c34e78e4c4e2976d1f86f0ab0c09da9eb3e37d8b
	SHA256	74f829a447d4b69262d570d7dec2696b44c625ca4d14177d3e692e6aaae04c25
SSDeep	3072:GajS/Ov0jlBMqqDLy/39JylPxsI3ToTRN:AcfqqDLutJOz3sd
Size	110592 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-HF [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Suspicious file K7AntiVirus = Trojan VirusBuster = Trojan.Monder!9U4aCZ1lbYs eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R4FC1IJ Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.WinSpy.1558 TrendMicro = TROJ_GEN.R4FC1IJ Kaspersky = Trojan.Win32.Monder.drjy Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.LPD Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Monder.drjy BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.OXQ
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2005:04:06 18:39:13-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 36864 Initialized Data Size : 118784 Uninitialized Data Size : 0 Entry Point : 0x556e OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Beicdpcut Mnzzaarjswe File Description : Ohdhkiw Sockets Helper DLL for PGM File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : wshrm.dll Legal Copyright : © Xqsuraizv Haciwdbykys. All rights reserved. Original Filename : wshrm.dll Product Name : Csunswwxs® Allcnel® Hxozugebj Izsnff Product Version : 6.1.7600.16385
VirusTotal Report submitted 2012-05-02 18:42:36
VirusShare info last updated 2012-07-26 02:52:53

	MD5	239aa4ec239872ec8b16506ff6cdac16
	SHA1	69fea5a849b3c99a1648625d34e0823be87971c5
	SHA256	13e04f23ced4063b8c0e62d0bbc2a4e37277a9efd4baa80447e749e2d3e2febc
SSDeep	3072:78K2IlrOmkfPyDuvF/0arWZbYWijixi6zYOtjbW:fbpqxdy/XDzhC
Size	212992 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay Panda = Trj/Genetic.gen K7AntiVirus = Riskware VBA32 = Trojan.Pirminay.rmr TrendMicro-HouseCall = TROJ_GEN.R49C7DS Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Artemis!239AA4EC2398 DrWeb = Trojan.Hosts.5800 TrendMicro = TROJ_GEN.R49C7DS Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Mediyes.C Fortinet = W32/Mediyes.FA!tr Jiangmin = Trojan/Pirminay.aqr McAfee = Generic.dx!b2dc F-Secure = Gen:Variant.Barys.1155 VIPRE = Trojan.Win32.Generic!BT F-Prot = W32/Mediyes.D2.gen!Eldorado AVG = Mediyes Norman = W32/Troj_Generic.BLHIU GData = Gen:Variant.Barys.1155 BitDefender = Gen:Variant.Barys.1155 NOD32 = probably a variant of Win32/Mediyes.F
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2011:12:17 21:22:45-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 147456 Initialized Data Size : 61440 Uninitialized Data Size : 0 Entry Point : 0x1356a OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-05-02 18:42:45
VirusShare info last updated 2012-07-26 02:52:53

	MD5	3512712ae5bcd986d61238610be674fc
	SHA1	af9f1a1fce9a537c57e2d01c7f88359047d00250
	SHA256	98193bb04d9e4d8c918a68baf7723e21365b88a445a1d0be848abd6a4e20519d
SSDeep	3072:Qhmmhq1drkSyyDvIbL9faax6xJy1EyHApuQQi2I7tahbNcI:F/bRifR1zri2D5Nr
Size	212992 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:Trojan-gen Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Mediyes Panda = Trj/CI.A nProtect = Trojan/W32.Agent.212992.AIR K7AntiVirus = Trojan VirusBuster = Trojan.Pirminay!DUs9JXO6ulU VBA32 = Trojan.Pirminay.rez eTrust-Vet = Win32/Mediyes.A!generic Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware DrWeb = Trojan.Hosts.5800 Kaspersky = Trojan.Win32.Pirminay.rfq Microsoft = Trojan:Win32/Mediyes.C Fortinet = W32/Mediyes.FA!tr Jiangmin = Trojan/Pirminay.aqj McAfee = Artemis!3512712AE5BC F-Secure = Gen:Variant.Barys.596 VIPRE = Trojan.Win32.Generic!BT F-Prot = W32/Mediyes.D.gen!Eldorado AVG = Agent3.BLOQ Norman = W32/Troj_Generic.BPGHX Sophos = Mal/Mediyes-D GData = Gen:Variant.Barys.596 Symantec = WS.Reputation.1 Commtouch = W32/Mediyes.D.gen!Eldorado TheHacker = Trojan/Pirminay.rfq BitDefender = Gen:Variant.Barys.596 NOD32 = probably a variant of Win32/Mediyes.F
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2011:12:28 21:15:02-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 147456 Initialized Data Size : 61440 Uninitialized Data Size : 0 Entry Point : 0x1363a OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.3.0.0 Product Version Number : 2.3.0.0 File Flags Mask : 0x0017 File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Works Ltd. File Description : Workstation Service Loader File Version : 2.3.0.0 Internal Name : wssl.dll Legal Copyright : (c) 2009 Works Ltd. Original Filename : wssl.dll Product Name : Workstation Service Loader Product Version : 2.3.0.0
VirusTotal Report submitted 2012-05-09 21:29:14
VirusShare info last updated 2012-07-26 02:53:25

	MD5	3a155bf6fe6e594e1a05243f0d02e27d
	SHA1	16cac1fc668f355cc3f4f61ec3c541c31b2b360e
	SHA256	7a809e0f462f00f0cceae79c4555f87f8796ca3e779cffa3d26b0dfbf6fc5663
SSDeep	6144:8lPIqfhlWZ9EvaytVsbTHAN/Hv0QX+GqTrZyoEP91CLuO8FQ+ldUt3F2TN3:8lAqxvayvwTgNfv0Ql04x91fOmQedUZa
Size	355840 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Rogue.kdv.619864 Avast = Win32:Diller-AF [Trj] Ikarus = Trojan.Win32.Pirminay nProtect = Trojan.Generic.KDV.619864 Emsisoft = Trojan.Win32.Pirminay!IK Comodo = TrojWare.Win32.Trojan.Agent.Gen McAfee-GW-Edition = Artemis!3A155BF6FE6E DrWeb = Trojan.PWS.Panda.2205 Kaspersky = HEUR:Trojan.Win32.Generic Jiangmin = Trojan/Generic.acano McAfee = Artemis!3A155BF6FE6E F-Secure = Trojan.Generic.KDV.619864 VIPRE = Trojan.Win32.Generic!BT AVG = Generic28.ACPC Norman = W32/Kryptik.AIF GData = Trojan.Generic.KDV.619864 BitDefender = Trojan.Generic.KDV.619864 NOD32 = a variant of Win32/Kryptik.AAKJ
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:03:29 15:45:47-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 69632 Initialized Data Size : 294912 Uninitialized Data Size : 0 Entry Point : 0xb1a9 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-05-11 03:27:15
VirusShare info last updated 2012-07-26 02:53:34

	MD5	3a32791799f0353ebea18a8894f1bf11
	SHA1	80f0a1ab840c8bdebdb37d99681db2f604cf1997
	SHA256	107ea17644c34ab97b4f1ef533968a66da148a7b6c5c04ee0db08a9fb4cdd6a6
SSDeep	3072:qCIHdny44be1xXeXUFHZDa7taxsg0NxilsHxoxMqqDLy/led:Wly44be1peX0Du35NxRHvqqDLu+
Size	147456 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-HF [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Genome Panda = Generic Trojan K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!deBL11ze3gU eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R29C1IP Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.WinSpy.1329 TrendMicro = TROJ_GEN.R29C1IP Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.ksty McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.BOQ Norman = W32/Suspicious_Gen2.QSKKX Sophos = Mal/Generic-L GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen.2 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.npr BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.NPR
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2007:02:28 20:53:57-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 69632 Initialized Data Size : 118784 Uninitialized Data Size : 0 Entry Point : 0xd5ea OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6001.18000 Product Version Number : 6.0.6001.18000 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Fqlifkznz Xwesldjhoce File Description : E-mail Naming Shim Provider File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840) Internal Name : napinsp.dll Legal Copyright : © Vdslhwcqh Asatkkddilf. All rights reserved. Original Filename : napinsp.dll Product Name : Microsoft® Usptfzd® Hnruqnawm Ctlskd Product Version : 6.0.6001.18000
VirusTotal Report submitted 2012-05-10 09:09:22
VirusShare info last updated 2012-07-26 02:53:34

	MD5	3ed1f41c3f1558e470a099569c8af2a6
	SHA1	c3f5e0062406c20be5f36e7c6342406ea6a45661
	SHA256	d1335e1836062be6d9382f6f19a03b786e3d8bc7c924f0d826d66df22f62d550
SSDeep	1536:zjeLiHfEtPnp0vaI5BsxMFLfct62RHxfk5rAs/hiJjcN3qG2q3qKQtoPccNewfAf:z0Mgnal/LHoRr2kjcl/2ytQtoPcw3fy
Size	110080 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.HDC Panda = Suspicious file K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!1V4ZWuO2Jrg eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R4FC1IC Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Genome.abeus McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.WinSpy.1411 TrendMicro = TROJ_GEN.R4FC1IC Kaspersky = Trojan.Win32.Genome.abeus Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Genome.bdxs McAfee = Generic Malware.ms F-Secure = Gen:Heur.Ranpax.1 VIPRE = Virtumonde F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.BBCB Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen Symantec = Trojan.Gen GData = Gen:Heur.Ranpax.1 Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Gen:Heur.Ranpax.1 NOD32 = a variant of Win32/Kryptik.NDS
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:03:16 00:53:38-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 40960 Initialized Data Size : 114688 Uninitialized Data Size : 0 Entry Point : 0x746e OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Hwbcklcgx Ontsdtenmkp File Description : MSDVDOpt Module File Version : 5.1.2600.0 (ooboawkm.010817-1148) Internal Name : MSDVDOpt Legal Copyright : © Hjkrfvbbz Aizjpzqdnog. All rights reserved. Original Filename : MSDVDOpt Product Name : Rdmikafec® Itfawfr® Ensinqiql Mapept Product Version : 5.1.2600.0 Ole Self Register :
VirusTotal Report submitted 2012-05-04 01:20:17
VirusShare info last updated 2012-07-26 02:53:42

	MD5	47e0d9e53b45cf5ab1b1e4840d26ce8a
	SHA1	7634eb491ea095f86683ecf30546764301137361
	SHA256	85d2fde59ff179a5cd9950ffb553fbb09e775cc76e13fd424d44a34b8fc6196b
SSDeep	3072:f8fjElWOXkJ5yDxftYgahOKvn1yCwqU1kEitwXmGYrHk:erQ8PRF1aD1kE7FYrE
Size	212992 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Mediyes Panda = Trj/CI.A K7AntiVirus = Trojan VirusBuster = Trojan.Mediyes!E/TeuCWj3y8 TrendMicro-HouseCall = TROJ_GEN.R47CDDQ Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Artemis!47E0D9E53B45 DrWeb = Trojan.Hosts.5800 Kaspersky = Trojan.Win32.Pirminay.rpr Microsoft = Trojan:Win32/Mediyes.C Fortinet = W32/Mediyes.FA!tr Jiangmin = Trojan/Pirminay.aqr McAfee = Artemis!47E0D9E53B45 F-Secure = Gen:Variant.Barys.596 VIPRE = Trojan.Win32.Generic!BT F-Prot = W32/Mediyes.D.gen!Eldorado AVG = Generic27.CDVL Norman = W32/Troj_Generic.BIQKU Sophos = Mal/Mediyes-D GData = Gen:Variant.Barys.596 Commtouch = W32/Mediyes.D.gen!Eldorado BitDefender = Gen:Variant.Barys.596 NOD32 = probably a variant of Win32/Mediyes.F
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2011:12:17 21:57:35-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 147456 Initialized Data Size : 61440 Uninitialized Data Size : 0 Entry Point : 0x1356a OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.3.0.0 Product Version Number : 2.3.0.0 File Flags Mask : 0x0017 File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Works Ltd. File Description : Workstation Service Loader File Version : 2.3.0.0 Internal Name : wssl.dll Legal Copyright : (c) 2009 Works Ltd. Original Filename : wssl.dll Product Name : Workstation Service Loader Product Version : 2.3.0.0
VirusTotal Report submitted 2012-04-27 05:49:28
VirusShare info last updated 2012-07-26 02:53:58

	MD5	4b66aaeb6ee382015e06771922d4b6ca
	SHA1	30c35be7a385bf81bdb8d061bc97a9fdbe262091
	SHA256	2585ff9e7e41c34bbfeb22dd863362119a2577fe986cad1195dc7fe7148d5856
SSDeep	3072:P/2qelMW9E+fnC0P01Cvw/+aSRu45/bkpzYMWG7BoStx53:m1lMC9nI1X7SL4lDLVf9
Size	221184 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay Panda = Generic Trojan K7AntiVirus = Trojan VirusBuster = Trojan.Pirminay!ZRv4c6PPDvs VBA32 = Trojan.Pirminay.rdg Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Artemis!4B66AAEB6EE3 DrWeb = Trojan.Hosts.5792 Kaspersky = Trojan.Win32.Pirminay.rdn Microsoft = Trojan:Win32/Mediyes.C Fortinet = W32/Mediyes.FA!tr Jiangmin = Trojan/Pirminay.aqi McAfee = Artemis!4B66AAEB6EE3 F-Secure = Gen:Variant.Barys.596 VIPRE = Trojan.Win32.Generic!BT F-Prot = W32/Mediyes.D.gen!Eldorado AVG = Agent.7.G Norman = W32/Troj_Generic.BLKFS Sophos = Mal/Mediyes-D GData = Gen:Variant.Barys.596 Symantec = Trojan.Gen Commtouch = W32/Mediyes.D.gen!Eldorado BitDefender = Gen:Variant.Barys.596 NOD32 = a variant of Win32/Mediyes.F
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2012:03:23 00:23:44-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 151552 Initialized Data Size : 65536 Uninitialized Data Size : 0 Entry Point : 0x14a1a OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.3.0.0 Product Version Number : 2.3.0.0 File Flags Mask : 0x0017 File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Works Ltd. File Description : Workstation Service Loader File Version : 2.3.0.0 Internal Name : wssl.dll Legal Copyright : (c) 2009 Works Ltd. Original Filename : wssl.dll Product Name : Workstation Service Loader Product Version : 2.3.0.0
VirusTotal Report submitted 2012-05-02 18:54:14
VirusShare info last updated 2012-07-26 02:54:04

	MD5	5408d88dbf463cbc20fe94601fa40360
	SHA1	4826be2a2744d3b82f3b9b9113ee989d3c85d826
	SHA256	62d95da7fb24c33667d95c28dd38fb165f48712ce5eb6e17631a8d804b93ace4
SSDeep	3072:L8+EhS1lrklDyDRi1bb5Xssa/yPBy8cSPUQ9Ic515VfI7tSAbNcIY:P/3oDHsld87PIcbfrUNr
Size	212992 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Mediyes Panda = Trj/CI.A nProtect = Trojan/W32.Agent.212992.AIR K7AntiVirus = Trojan VirusBuster = Trojan.Pirminay!DkqsuHIpDXk VBA32 = Trojan.Pirminay.rez eTrust-Vet = Win32/Mediyes.A!generic TrendMicro-HouseCall = TROJ_GEN.R29CCDR Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Generic.dx!b2bq DrWeb = Trojan.Hosts.5800 TrendMicro = TROJ_GEN.R29CCDR Kaspersky = Trojan.Win32.Pirminay.rjm Microsoft = Trojan:Win32/Mediyes.C Fortinet = W32/Mediyes.FA!tr PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.aqj McAfee = Generic.dx!b2bq F-Secure = Gen:Variant.Barys.596 VIPRE = Trojan.Win32.Generic!BT F-Prot = W32/Mediyes.D.gen!Eldorado AVG = Agent3.BLOQ Norman = W32/Mediyes.G Sophos = Troj/Mediyes-L GData = Gen:Variant.Barys.596 Symantec = Trojan.Gen.2 Commtouch = W32/Mediyes.D.gen!Eldorado TheHacker = Trojan/Pirminay.rjm BitDefender = Gen:Variant.Barys.596 NOD32 = probably a variant of Win32/Mediyes.F
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2012:01:23 13:04:43-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 147456 Initialized Data Size : 61440 Uninitialized Data Size : 0 Entry Point : 0x1363a OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.3.0.0 Product Version Number : 2.3.0.0 File Flags Mask : 0x0017 File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Works Ltd. File Description : Workstation Service Loader File Version : 2.3.0.0 Internal Name : wssl.dll Legal Copyright : (c) 2009 Works Ltd. Original Filename : wssl.dll Product Name : Workstation Service Loader Product Version : 2.3.0.0
VirusTotal Report submitted 2012-05-10 19:51:33
VirusShare info last updated 2012-07-26 02:54:20

	MD5	6032ff177f9819a97098da3b285de840
	SHA1	aa2e677edd09130b559a4fe35259250a38156af9
	SHA256	1efc2c675e9512fc7a73e773437a2237aac2092c0489c7e1c78bc49085cef58c
SSDeep	3072:792qecMWCE+f5k0PO+/JHQaSAN18HY4iFCEWjtjkz3n:clcM995AABSRHEWFkL
Size	221184 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:Trojan-gen Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Mediyes Panda = Generic Malware nProtect = Trojan/W32.Agent.221184.ACI K7AntiVirus = Trojan VirusBuster = Trojan.Pirminay!zyW3yvnC5jw VBA32 = Trojan.Pirminay.rdg Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Artemis!6032FF177F98 DrWeb = Trojan.Hosts.5792 Kaspersky = Trojan.Win32.Pirminay.rdx Microsoft = Trojan:Win32/Mediyes.C Fortinet = W32/Mediyes.FA!tr Jiangmin = Trojan/Pirminay.aqi McAfee = Artemis!6032FF177F98 F-Secure = Trojan.Generic.KDV.591775 VIPRE = Trojan.Win32.Generic!BT F-Prot = W32/Mediyes.D.gen!Eldorado AVG = Generic27.BSSP Norman = W32/Troj_Generic.BITUL Sophos = Mal/Mediyes-D GData = Trojan.Generic.KDV.591775 Symantec = Trojan.Gen Commtouch = W32/Mediyes.D.gen!Eldorado TheHacker = Trojan/Pirminay.rdx BitDefender = Trojan.Generic.KDV.591775 NOD32 = a variant of Win32/Mediyes.F
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2012:03:23 01:15:08-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 151552 Initialized Data Size : 65536 Uninitialized Data Size : 0 Entry Point : 0x14a1a OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.3.0.0 Product Version Number : 2.3.0.0 File Flags Mask : 0x0017 File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Works Ltd. File Description : Workstation Service Loader File Version : 2.3.0.0 Internal Name : wssl.dll Legal Copyright : (c) 2009 Works Ltd. Original Filename : wssl.dll Product Name : Workstation Service Loader Product Version : 2.3.0.0
VirusTotal Report submitted 2012-04-29 11:13:33
VirusShare info last updated 2012-07-26 02:54:42

	MD5	64edaf8a9ff3ab1241322258305dcd71
	SHA1	28770ca491522fa1b81574cd7449b2ded516c4f1
	SHA256	fc64877be1fecf14dad08fdd292e1229ea71b70e2459dfd1b6f1d7a0e4b30655
SSDeep	1536:7LC7e+kdWmwlzIZd3Pb6GqgdQptUmk6QJCk1f:7GSLwlAPbQWcOXCkJ
Size	90112 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.307200 Avast = Win32:MalOb-GD [Cryp] Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Pirminay nProtect = Trojan/W32.Vundo.90112.NI K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!RGP9FHZAy40 eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R4FC2GF Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Vundo McAfee-GW-Edition = Vundo!lm DrWeb = Trojan.WinSpy.1274 TrendMicro = TROJ_GEN.R4FC2GF Kaspersky = not-a-virus:AdWare.Win32.SuperJuan.aidi Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = DangerousObject.Multi.img McAfee = Vundo!lm F-Secure = Gen:Variant.Buzy.3199 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CD.gen!Eldorado AVG = Cryptic.DSS Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Buzy.3199 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CD.gen!Eldorado BitDefender = Gen:Variant.Buzy.3199 NOD32 = a variant of Win32/Kryptik.NDI
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:04:08 23:05:16-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 32768 Initialized Data Size : 90112 Uninitialized Data Size : 0 Entry Point : 0x5695 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1.0.6.1 Product Version Number : 1.0.6.1 File Flags Mask : 0x30003f File Flags : Pre-release, Private build File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Windows, Latin1 Active Movie : Conexant Color Converter Company Name : Conexant File Description : Conexant Color Converter File Version : 1.0.6.1 Internal Name : ColorCvt_raphd_IBV32.ax Legal Copyright : Copyright (C) 2006 Conexant, Inc. OLE Self Register : AM20 Original Filename : ColorCvt.ax Product Name : Conexant Color Converter Product Version : 1.0.6.1
VirusTotal Report submitted 2012-05-06 18:44:39
VirusShare info last updated 2012-07-26 02:54:51

	MD5	702e6e56bcd8b3551a1a234611ca9abb
	SHA1	889dd3eab9d683414c37c8a652acd1be62f1f0ea
	SHA256	46cf70aaa01bff86d68d56801d358d10fc6ebbc88947a7851f54b9acc775d214
SSDeep	1536:A2Zu/dO4zBaGqIcnVYNoYXfecX0Fn2pwYlAE4DtvjnpAnvE:BOdPz5qXV+olcXsKdAE6tVAvE
Size	106496 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:Vundo-JU [Trj] Antiy-AVL = Trojan/Win32.Monder.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Suspicious file nProtect = Trojan/W32.Vundo.106496.AB eTrust-Vet = Win32/Vundo.H!generic Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Artemis!702E6E56BCD8 DrWeb = Trojan.WinSpy.1558 Kaspersky = Trojan.Win32.Monder.nsyh Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Vundo McAfee = Artemis!702E6E56BCD8 F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.CJRW Norman = W32/Kryptik.AIF Symantec = Trojan.Vundo!gen9 GData = Gen:Variant.Vundo.4 Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.QGS
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2002:08:30 19:17:27-04:00 PE Type : PE32 Linker Version : 6.22 Code Size : 36864 Initialized Data Size : 102400 Uninitialized Data Size : 0 Entry Point : 0x70ce OS Version : 4.0 Image Version : 4.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 8.0.1.20 Product Version Number : 8.0.1.20 File Flags Mask : 0x0000 File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Msehmhvlm Jzmqhgamcdi File Description : Windows CE WMDM Service Provider File Version : 8.0.1.20 Internal Name : CEWMDM.DLL Legal Copyright : Copyright (C) Pndtybzge Corp. Original Filename : CEWMDM.DLL Product Name : Muicvrf Media Device Manager Product Version : 8.0.1.20 OLE Self Register :
VirusTotal Report submitted 2012-05-09 09:34:03
VirusShare info last updated 2012-07-26 02:55:13

	MD5	7275a4039bc1c038763ef1ee433af828
	SHA1	9bf80acaa0eb81df01bd31ef9e2f7d307ebf3121
	SHA256	97498bc8fd5b9fb99c1ae35430002779669bb0862fa155dfdaafab0e73198c65
SSDeep	3072:b0cmhMAPyi1bLAY72C6GvhA8C1XAgZn1S6/SJGevKcDocAX01Lx+VybIVICaQmd4:INZ3E+zTwV77Eq5
Size	196608 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay Panda = Trj/CI.A Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Artemis!7275A4039BC1 DrWeb = Trojan.Hosts.5824 TrendMicro = TROJ_GEN.R47CDDU Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Mediyes.C Fortinet = W32/Mediyes.FA!tr Jiangmin = Trojan/Generic.abnla McAfee = Artemis!7275A4039BC1 F-Secure = Gen:Variant.Barys.1155 VIPRE = Trojan.Win32.Generic!BT F-Prot = W32/Mediyes.D2.gen!Eldorado AVG = Generic28.DOZ Norman = W32/Troj_Generic.BMKDA GData = Gen:Variant.Barys.1155 BitDefender = Gen:Variant.Barys.1155 NOD32 = probably a variant of Win32/Mediyes.F
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2011:12:06 22:56:19-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 135168 Initialized Data Size : 57344 Uninitialized Data Size : 0 Entry Point : 0x116ca OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-04-30 23:08:54
VirusShare info last updated 2012-07-26 02:55:17

	MD5	76c0a2a2e57152c3b3e7837b14def38a
	SHA1	eb865b5d56990fce04e6e7d8e7a6ce1845174f82
	SHA256	8bf450c491f073764e6b8094dc58a0a1a58450b8feaa2ffbac43f161463fad56
SSDeep	3072:qDiMqpQAdVOx4sHyig5rnBclAMqqDLy/Y:lQ9asShqqqDLu
Size	106496 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-HH [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.HDC Panda = Trj/CI.A Rising = Trojan.Win32.Generic.12951962 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!h3M1snczx/w eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R4FC1IL Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.WinSpy.1388 TrendMicro = TROJ_GEN.R4FC1IL Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.lvjd McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.CIXA Norman = W32/Suspicious_Gen2.PUCWQ Sophos = Troj/Virtum-Gen Symantec = Trojan.Gen GData = Gen:Variant.Vundo.4 Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.QGJ
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:03:16 16:30:54-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 36864 Initialized Data Size : 110592 Uninitialized Data Size : 0 Entry Point : 0x4d0e OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.0 Product Version Number : 5.2.3790.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Dyujnrcxh Gansbikrzke File Description : Bvdhtzcny® Fzdqfaf(TM) TAPI Administration DLL File Version : 5.2.3790.0 (srv03_rtm.030324-2048) Internal Name : tsec Legal Copyright : © Jwnpgzreu Huimluvbdvh. All rights reserved. Original Filename : TSEC.DLL Product Name : Qnudbbxgw® Ompqjwd® Wyzcwikle Khbvvv Product Version : 5.2.3790.0
VirusTotal Report submitted 2012-05-02 02:59:04
VirusShare info last updated 2012-07-26 02:55:26

	MD5	7f1eb1099df0c3339017a18768a6b633
	SHA1	892cee12e12c7a2f4ec092f8ed2b050bd9d06e1a
	SHA256	13bfdd97de9e30c4a0fffc5f3857fab8622d8017ca2928b9b360b2cd8e9a3495
SSDeep	3072:hfH2qeCMW1E+fDq0PHpCOClPa5xOG7g4G7RqVbCCFwQt033E:41CMy9DzgM5Xrb9whnE
Size	221184 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Mediyes nProtect = Trojan/W32.Agent.221184.ACO K7AntiVirus = Trojan VirusBuster = Trojan.Pirminay!sRmXouBd0ps VBA32 = Trojan.Pirminay.rdg Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Artemis!7F1EB1099DF0 DrWeb = Trojan.Hosts.5792 Kaspersky = Trojan.Win32.Pirminay.reh Microsoft = Trojan:Win32/Mediyes.C Fortinet = W32/Mediyes.FA!tr Jiangmin = Trojan/Pirminay.aqi McAfee = Artemis!7F1EB1099DF0 F-Secure = Gen:Variant.Barys.596 VIPRE = Trojan.Win32.Generic!BT F-Prot = W32/Mediyes.D.gen!Eldorado AVG = Agent.7.G Norman = W32/Troj_Generic.BIYYJ Symantec = Trojan.Gen GData = Gen:Variant.Barys.596 Commtouch = W32/Mediyes.D.gen!Eldorado TheHacker = Trojan/Pirminay.reh BitDefender = Gen:Variant.Barys.596 NOD32 = a variant of Win32/Mediyes.F
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2012:03:23 00:27:52-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 151552 Initialized Data Size : 65536 Uninitialized Data Size : 0 Entry Point : 0x14a1a OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.3.0.0 Product Version Number : 2.3.0.0 File Flags Mask : 0x0017 File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Works Ltd. File Description : Workstation Service Loader File Version : 2.3.0.0 Internal Name : wssl.dll Legal Copyright : (c) 2009 Works Ltd. Original Filename : wssl.dll Product Name : Workstation Service Loader Product Version : 2.3.0.0
VirusTotal Report submitted 2012-04-29 11:19:17
VirusShare info last updated 2012-07-26 02:55:44

	MD5	8e1b98698bf4a7561a86f84c584017ca
	SHA1	8a196bcd7069ba03b20b37c97f0a6d04c3c3b03c
	SHA256	c3526def0662488fac44f53355be717b05857fcca91ba6e5c009033cf3a8ecef
SSDeep	1536:G21vdiChkEHHKK4b0rd9lBTJJhabHLWB2vDhBEQtaPtoOkQf:VdikkoKfm9lBFJhcLRreVkQf
Size	76800 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Trj/Genetic.gen nProtect = Trojan/W32.Monder.76800.C K7AntiVirus = Riskware VirusBuster = Trojan.Monder.Gen.7 eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R4FC2GF Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.Click1.61036 TrendMicro = TROJ_GEN.R4FC2GF Kaspersky = Trojan.Win32.Monder.nswu Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Monder.BMF!tr PCTools = Trojan.Gen Jiangmin = Trojan/Monder.abee McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.YJO Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.ndi BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.NDI
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:06:29 07:32:37-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 32768 Initialized Data Size : 90112 Uninitialized Data Size : 0 Entry Point : 0x4add OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 2 Language Code : Neutral Character Set : Unicode Company Name : Microsoft Feyzmogvamr File Description : Greenlandic Keyboard Layout File Version : 6.0.6000.16386 (edkrn_rtm.061101-2205) Internal Name : kbdgrlnd (3.13) Legal Copyright : © Oscyawtxx Pxpucqjdtev. All rights reserved. Original Filename : kbdgrlnd.dll Product Name : Vhrnqseir® Eipvpsk® Bxmonqxom Vrwqts Product Version : 6.0.6000.16386
VirusTotal Report submitted 2012-05-04 01:39:06
VirusShare info last updated 2012-07-26 02:56:16

	MD5	97f7f3edd4e7ec203c0fafd5207339fb
	SHA1	54f87dd9ea1ff2feda6c59e39acd2585b7dd660f
	SHA256	9f99dcc5dff5ecdfb85ada4124fc4c48d80daa62cd9709f9d78dcbcc1081ed14
SSDeep	3072:aQ2GEhi1FrkxryDfPLWeI5aG6LZy0EyoQrk+16VUtuHWM:R5P3EgPQgG0zt699
Size	212992 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Mediyes Panda = Trj/Genetic.gen nProtect = Trojan/W32.Agent.212992.AIR VBA32 = Trojan.Pirminay.rez eTrust-Vet = Win32/Mediyes.A!generic Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Artemis!97F7F3EDD4E7 DrWeb = Trojan.Hosts.5800 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Mediyes.C Fortinet = W32/Mediyes.FA!tr McAfee = Artemis!97F7F3EDD4E7 F-Secure = Gen:Variant.Barys.1155 VIPRE = Trojan.Win32.Generic!BT F-Prot = W32/Mediyes.D2.gen!Eldorado AVG = Agent3.BLOQ Norman = W32/Troj_Generic.BOLTB GData = Gen:Variant.Barys.1155 Commtouch = W32/Mediyes.D2.gen!Eldorado BitDefender = Gen:Variant.Barys.1155 NOD32 = probably a variant of Win32/Mediyes.F
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2012:01:23 12:29:30-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 147456 Initialized Data Size : 61440 Uninitialized Data Size : 0 Entry Point : 0x1363a OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-05-04 01:41:30
VirusShare info last updated 2012-07-26 02:56:35

	MD5	9e31cdbfa1459c7013665f1ef6718677
	SHA1	1d76739b05deb8913166e9d7aaaaa30effc5ce88
	SHA256	a284ad1d4d4bf4dad38678478517841911ccc3f89f1f2fc179fa2436e5aa58ef
SSDeep	3072:AOthS1orkJ5yDOzEpZpKEa3iAny1A+AYUn9k6XpH6HFtQw8M:MO0ZqKtE1zkps4w
Size	212992 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:Trojan-gen Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Webprefix Panda = Trj/CI.A nProtect = Trojan/W32.Agent.212992.AIR K7AntiVirus = Riskware VBA32 = Trojan.Pirminay.rez Emsisoft = Trojan.Win32.Webprefix!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Artemis!9E31CDBFA145 DrWeb = Trojan.Hosts.5800 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Mediyes.C Fortinet = W32/Mediyes.FA!tr Jiangmin = Trojan/Pirminay.aqj McAfee = Artemis!9E31CDBFA145 F-Secure = Trojan.Generic.KDV.609051 VIPRE = Trojan.Win32.Generic!BT AVG = Agent3.BLOQ Norman = W32/Troj_Generic.BLPKF GData = Trojan.Generic.KDV.609051 Symantec = WS.Reputation.1 TheHacker = Trojan/Pirminay.rfp BitDefender = Trojan.Generic.KDV.609051 NOD32 = probably a variant of Win32/Mediyes.F
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2011:12:28 22:38:18-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 147456 Initialized Data Size : 61440 Uninitialized Data Size : 0 Entry Point : 0x1363a OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-04-28 08:09:40
VirusShare info last updated 2012-07-26 02:56:46

	MD5	c35d7dcd23d0e20b230d9d9ee604ac18
	SHA1	e43456596d67ace35503b3f29a0e13705d1a756f
	SHA256	7942c840b99d2ad0f402d8b02eeecd31aa6846ac0923b3ac9e6b449600fdc013
SSDeep	3072:j2xbhR16rk6xyDaElWRDNaIGIaA8yMUeIGFIr/M5fztDoo0M:wAj6AMZWMvAjM59H
Size	212992 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Mediyes Panda = Trj/Genetic.gen nProtect = Trojan/W32.Agent.212992.AIR VBA32 = Trojan.Pirminay.rez eTrust-Vet = Win32/Mediyes.A!generic Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Artemis!C35D7DCD23D0 DrWeb = Trojan.Hosts.5800 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Mediyes.C Fortinet = W32/Mediyes.FA!tr Jiangmin = Trojan/Pirminay.aqj McAfee = Artemis!C35D7DCD23D0 F-Secure = Gen:Variant.Barys.1155 VIPRE = Trojan.Win32.Generic!BT F-Prot = W32/Mediyes.D2.gen!Eldorado AVG = Agent3.BLOQ GData = Gen:Variant.Barys.1155 Commtouch = W32/Mediyes.D2.gen!Eldorado TheHacker = Trojan/Pirminay.rfe BitDefender = Gen:Variant.Barys.1155 NOD32 = probably a variant of Win32/Mediyes.F
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2011:12:28 22:16:22-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 147456 Initialized Data Size : 61440 Uninitialized Data Size : 0 Entry Point : 0x1363a OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-05-06 18:39:11
VirusShare info last updated 2012-07-26 02:57:44

	MD5	f39237136804d3726a67eda6b4801902
	SHA1	461111897904cdebbefcc63f0fe8b0e04b87f40d
	SHA256	401a4b4ef9a15651d0864b0bf676fd6c504eefbc1e9d9b50bd2977ed9c6842c8
SSDeep	3072:bhxoUDnqdgDpyH8hdYKsJFpp25pwgoNB4UFXsu:XqdbgdMmvW4UF
Size	106496 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-HH [Cryp] Antiy-AVL = Trojan/Win32.Monder.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Suspicious file nProtect = Trojan/W32.Agent.106496.ALQ K7AntiVirus = Riskware VBA32 = AdWare.SuperJuan.heur eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R4FC1IG Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Vundo.Gen McAfee-GW-Edition = Vundo!lm DrWeb = Trojan.Virtumod.10437 TrendMicro = TROJ_GEN.R4FC1IG Kaspersky = Trojan.Win32.Genome.afany Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Pakes.ntp McAfee = Vundo!lm F-Secure = Gen:Variant.Graftor.Elzob.201 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic28.VYC Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Graftor.Elzob.201 Symantec = Trojan.Gen.2 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Monder.nlwk BitDefender = Gen:Variant.Graftor.Elzob.201 NOD32 = a variant of Win32/Adware.Virtumonde.NKN
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:03:30 20:45:38-05:00 PE Type : PE32 Linker Version : 4.20 Code Size : 86016 Initialized Data Size : 49152 Uninitialized Data Size : 0 Entry Point : 0x14ff4 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.0 Product Version Number : 5.2.3790.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Default Screen Saver File Version : 5.2.3790.0 (srv03_rtm.030324-2048) Internal Name : scrnsave Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : scrnsave Product Name : Microsoft® Windows® Operating System Product Version : 5.2.3790.0
VirusTotal Report submitted 2012-05-09 21:43:06
VirusShare info last updated 2012-07-26 02:59:03

	MD5	f927ddcaed90af6cefafec82aeb93e1a
	SHA1	dca2a15cf23ea24e0f59ff83bf507a0124aa66ed
	SHA256	3c1dd834b7753be4f398c0af80261f26a7268dbde818c4349c3ef2b619541022
SSDeep	3072:evoyGak1yHH7wtjSoEjgQxweCrf7YTiarfULmabEo7j91F:ev2ak0AGoEjgWweu47r8Lm6BT
Size	120832 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-GD [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Vundo Panda = Trj/Genetic.gen K7AntiVirus = Trojan VirusBuster = Trojan.Kryptik.Gen.16 eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R4FC2GM Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Vundo!lk DrWeb = Trojan.WinSpy.1073 TrendMicro = TROJ_GEN.R4FC2GM Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.imrk McAfee = Vundo!lk F-Secure = Gen:Variant.Graftor.Elzob.230 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Cryptic.DXA Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Graftor.Elzob.230 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.npn BitDefender = Gen:Variant.Graftor.Elzob.230 NOD32 = a variant of Win32/Kryptik.NPN
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:14 13:39:47-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 69632 Initialized Data Size : 94208 Uninitialized Data Size : 0 Entry Point : 0x11a81 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1.3.0.3130 Product Version Number : 1.3.0.3130 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Jywyluocc Vhpbrgajfmp File Description : TDC ActiveX Control File Version : 1, 3, 0, 3130 Internal Name : TDC Legal Copyright : Copyright © 1996, 1997 Original Filename : TDC.OCX Product Name : Tabular Data Control Product Version : 1, 3, 0, 3130
VirusTotal Report submitted 2012-05-02 20:39:25
VirusShare info last updated 2012-07-26 02:59:15

	MD5	0277b5610e0cc04a639e49026b40ad17
	SHA1	895a4be935cd16bd2aa1065b6814563842947403
	SHA256	b8eb921e70e2c9f5c88fe80143b99e6400054406f9dce2d53e820c669b043595
SSDeep	6144:sIX2D9oMCdXWAN4WQ8DMXpHuUI7T7Gxl:5X2DGM+NtVMXpOz7Ta
Size	215552 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.XPACK.Gen Avast = Win32:Dropper-HIM [Drp] Ikarus = Trojan.Win32.Jorik AhnLab-V3 = Trojan/Win32.Jorik Panda = Trj/Sinowal.WXO nProtect = Trojan/W32.Agent.215552.EA VBA32 = Trojan.Jorik.Pirminay.ba TrendMicro-HouseCall = TROJ_GEN.R4FC1IE Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Jorik!IK CAT-QuickHeal = Trojan.Jorik.Pirminay.ba McAfee-GW-Edition = Generic Downloader.x!gba DrWeb = Trojan.DownLoader4.13033 TrendMicro = TROJ_GEN.R4FC1IE Kaspersky = Trojan.Win32.Jorik.Pirminay.ba Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Jorik_Pirminay.BA!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.hxys McAfee = Generic Downloader.x!gba F-Secure = Trojan.Generic.KDV.292494 VIPRE = Trojan.Win32.Generic!BT AVG = Dropper.Generic4.KBS Norman = W32/Kryptik.ALS Sophos = Mal/Generic-L Symantec = Trojan.Gen GData = Trojan.Generic.KDV.292494 TheHacker = Trojan/Jorik.Pirminay.ba BitDefender = Trojan.Generic.KDV.292494 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 16384 Initialized Data Size : 204800 Uninitialized Data Size : 0 Entry Point : 0x136e OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.6.6001.18000 Product Version Number : 6.6.6001.18000 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : DMO Runtime File Version : 6.6.6001.18000 (longhorn_rtm.080118-1840) Internal Name : msdmo.dll Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : msdmo.dll Product Name : Microsoft® Windows® Operating System Product Version : 6.6.6001.18000 Ole Self Register :
VirusTotal Report submitted 2012-05-06 17:37:27
VirusShare info last updated 2012-07-26 03:00:24

	MD5	05d91aa101c8526eb8daf84672a3cf2f
	SHA1	2ba3dbbc6a0cdf0e98ce83f4be82701c75c750b8
	SHA256	f2d240699fe1688b21b433dcee76f74b330a37b422f5a7222861052633aecc8a
SSDeep	3072:QTnhp1BrkSJyDj7wLz/+aaiYkyyKUCA3blnafUfLUpXt/bbNcI:A3by7w7nKD8aMzifNr
Size	212992 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Webprefix AhnLab-V3 = Trojan/Win32.Mediyes Panda = Trj/CI.A nProtect = Trojan/W32.Agent.212992.AIR K7AntiVirus = Trojan VirusBuster = Trojan.Mediyes!su5V1VMqSEA VBA32 = Trojan.Pirminay.rez TrendMicro-HouseCall = TROJ_GEN.R21CDDM Emsisoft = Trojan.Win32.Webprefix!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Generic.dx!b2bs DrWeb = Trojan.Hosts.5800 TrendMicro = TROJ_GEN.R21CDDM Kaspersky = Trojan.Win32.Pirminay.rhn Microsoft = Trojan:Win32/Mediyes.C Fortinet = W32/Mediyes.FA!tr Jiangmin = Trojan/Pirminay.aqj McAfee = Generic.dx!b2bs F-Secure = Gen:Variant.Barys.596 VIPRE = Trojan.Win32.Generic!BT F-Prot = W32/Mediyes.D.gen!Eldorado AVG = Agent3.BLOQ Norman = W32/Troj_Generic.BIBCK Sophos = Mal/Mediyes-D GData = Gen:Variant.Barys.596 Commtouch = W32/Mediyes.D.gen!Eldorado TheHacker = Trojan/Pirminay.rhn BitDefender = Gen:Variant.Barys.596 NOD32 = probably a variant of Win32/Mediyes.F
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2011:12:28 21:18:32-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 147456 Initialized Data Size : 61440 Uninitialized Data Size : 0 Entry Point : 0x1363a OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.3.0.0 Product Version Number : 2.3.0.0 File Flags Mask : 0x0017 File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Works Ltd. File Description : Workstation Service Loader File Version : 2.3.0.0 Internal Name : wssl.dll Legal Copyright : (c) 2009 Works Ltd. Original Filename : wssl.dll Product Name : Workstation Service Loader Product Version : 2.3.0.0
VirusTotal Report submitted 2012-04-28 07:33:55
VirusShare info last updated 2012-07-26 03:01:03

	MD5	18656a812c03be04e07dfd148f215b54
	SHA1	2582f567338b2ff417c162aca295c1033cd1d173
	SHA256	1dad6e730d5c249b9ed1217a4cc8e9b14efb9e3a8e12773bc6fea43760f8cc5b
SSDeep	3072:4+Nhi1VrktOyDAC6mBuaj8pA4yab+ww+DEcma63UVtVacM:snAO0rjxaCrGma6au
Size	212992 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	Fortinet = W32/Mediyes.FA!tr Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Webprefix AhnLab-V3 = Trojan/Win32.Mediyes F-Secure = Gen:Variant.Barys.1155 nProtect = Trojan/W32.Agent.212992.AIR eTrust-Vet = Win32/Mediyes.A!generic AVG = Agent3.BLOQ Emsisoft = Trojan.Win32.Webprefix!IK Commtouch = W32/Mediyes.D2.gen!Eldorado TheHacker = Trojan/Pirminay.rhm BitDefender = Gen:Variant.Barys.1155
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2011:12:28 21:43:28-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 147456 Initialized Data Size : 61440 Uninitialized Data Size : 0 Entry Point : 0x1363a OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-05-06 07:43:36
VirusShare info last updated 2012-07-26 03:03:20

	MD5	2ad6654e6cea336aa2b3771ceec6ce06
	SHA1	fa92e0ad5a4e2fbffdd8e7fb2ebebb9cc3571940
	SHA256	d0b8b279c3694d4f4183802128062d9db4a1fdd32d96bac443f8c2273b5ec2f6
SSDeep	3072:gn1hG1MrkCkyD/VJcFyaupo2yw/awYwTlUHFtwag5M:VKj/wnRwSWUY4
Size	212992 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:Trojan-gen Ikarus = Trojan.Win32.Webprefix AhnLab-V3 = Trojan/Win32.Mediyes Panda = Trj/Genetic.gen nProtect = Trojan/W32.Agent.212992.AIR VBA32 = Trojan.Pirminay.rez eTrust-Vet = Win32/Mediyes.A!generic Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Webprefix!IK McAfee-GW-Edition = Artemis!2AD6654E6CEA DrWeb = Trojan.Hosts.5800 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Mediyes.C Fortinet = W32/Mediyes.FA!tr Jiangmin = Trojan/Pirminay.aqj McAfee = Artemis!2AD6654E6CEA F-Secure = Gen:Variant.Barys.1155 VIPRE = Trojan.Win32.Generic!BT F-Prot = W32/Mediyes.D2.gen!Eldorado AVG = Agent3.BLOQ Norman = W32/Troj_Generic.BMSNL GData = Gen:Variant.Barys.1155 Commtouch = W32/Mediyes.D2.gen!Eldorado TheHacker = Trojan/Pirminay.rgt BitDefender = Gen:Variant.Barys.1155 NOD32 = probably a variant of Win32/Mediyes.F
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2012:01:23 13:08:19-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 147456 Initialized Data Size : 61440 Uninitialized Data Size : 0 Entry Point : 0x1363a OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-05-06 00:01:03
VirusShare info last updated 2012-07-26 03:05:39

	MD5	36cfa1ca77dc7ad01374dc92c1871fbf
	SHA1	48cb6390f4b6d026032fc2fe5d6ddd742aa91786
	SHA256	902b47f1468d2a5b99e167cfbfd07698a8747bd7c4fd0da99c972e42c71ed833
SSDeep	3072:ByQvIjjTmmPolUfj2qzf3mNaWczM7Y76OsdjoNctZE2xt027W:0BjPRJ2kmMWKyUctZQn
Size	221184 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Webprefix Panda = Trj/Genetic.gen K7AntiVirus = Riskware VBA32 = Trojan.Pirminay.rfi Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Webprefix!IK McAfee-GW-Edition = Artemis!36CFA1CA77DC DrWeb = Trojan.Hosts.5806 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Mediyes.C Fortinet = W32/Mediyes.FA!tr PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.aqk McAfee = Artemis!36CFA1CA77DC F-Secure = Gen:Variant.Barys.1155 VIPRE = Trojan.Win32.Generic!BT F-Prot = W32/Mediyes.D2.gen!Eldorado AVG = Agent3.BLOO Norman = W32/Troj_Generic.BLISA GData = Gen:Variant.Barys.1155 Symantec = Trojan.Gen BitDefender = Gen:Variant.Barys.1155 NOD32 = a variant of Win32/Mediyes.F
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2012:03:16 20:49:44-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 151552 Initialized Data Size : 65536 Uninitialized Data Size : 0 Entry Point : 0x1470a OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-05-02 18:47:49
VirusShare info last updated 2012-07-26 03:07:56

	MD5	39b069d5664cf0c8dd012da155d4a999
	SHA1	84512f927d7870f566c147c5f7025ac9bbd7239a
	SHA256	6b2d95b451fb0bba454f5e2e158683513e3d8a51cfccae6618ba1fad720cb65d
SSDeep	3072:/0z221luyw8GiRHlyKtZDUe/Bj0/9bIF6vSiUN:/I2kVGiRlRmlbk6tU
Size	126976 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay Rising = Trojan.Win32.Generic.1230574D nProtect = Trojan/W32.Monder.126976.H K7AntiVirus = Riskware eTrust-Vet = Win32/Vundo.H!generic Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Artemis!39B069D5664C DrWeb = Trojan.Virtumod.10530 Kaspersky = Trojan.Win32.Monder.nrpk Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = HeurEngine.MaliciousPacker Jiangmin = Trojan/Generic.jwtm McAfee = Artemis!39B069D5664C F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.BZ.gen!Eldorado AVG = Crypt_c.BEC Norman = W32/Kryptik.AIF Symantec = Packed.Generic.305 GData = Gen:Variant.Vundo.4 Commtouch = W32/Virtumonde.BZ.gen!Eldorado BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Injector.DSE
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:09 10:50:23-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 113664 Initialized Data Size : 49152 Uninitialized Data Size : 0 Entry Point : 0x1ca21 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.6.7000.0 Product Version Number : 6.6.7000.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Microsoft Teletext Server File Version : 6.6.7000.0 (winmain_win7beta.081212-1400) Internal Name : WSTPager.ax Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : WSTPager.ax Product Name : Microsoft® Windows® Operating System Product Version : 6.6.7000.0 Ole Self Register :
VirusTotal Report submitted 2012-04-29 11:34:02
VirusShare info last updated 2012-07-26 03:08:21

	MD5	53724d0eac72fd2fdf2174161155375b
	SHA1	92e2786756039df81c25f82faf4b195e156d8e72
	SHA256	94b1b78470c99b9a81317b70b5f291168f0297251f9ec7ce5bce9026c75939c3
SSDeep	3072:f8fjElWOXkJ5yDxftYgahOKvn1yCwqU1kEitwXgoGYrHk:erQ8PRF1aD1kE7wfYrE
Size	212992 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Mediyes Panda = Trj/CI.A K7AntiVirus = Trojan VirusBuster = Trojan.Mediyes!E/TeuCWj3y8 eTrust-Vet = Win32/Mediyes.A!generic TrendMicro-HouseCall = TROJ_GEN.R29CCDR Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware DrWeb = Trojan.Hosts.5800 TrendMicro = TROJ_GEN.R29CCDR Kaspersky = Trojan.Win32.Pirminay.rpr Fortinet = W32/Mediyes.FA!tr PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.aqr F-Secure = Gen:Variant.Barys.596 VIPRE = Trojan.Win32.Generic!BT F-Prot = W32/Mediyes.D.gen!Eldorado AVG = Generic27.CDVL Norman = W32/Mediyes.G Sophos = Troj/Mediyes-L Symantec = Trojan.Gen.2 GData = Gen:Variant.Barys.596 Commtouch = W32/Mediyes.D.gen!Eldorado TheHacker = Trojan/Pirminay.rpr BitDefender = Gen:Variant.Barys.596 NOD32 = probably a variant of Win32/Mediyes.F
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2011:12:17 21:57:35-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 147456 Initialized Data Size : 61440 Uninitialized Data Size : 0 Entry Point : 0x1356a OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.3.0.0 Product Version Number : 2.3.0.0 File Flags Mask : 0x0017 File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Works Ltd. File Description : Workstation Service Loader File Version : 2.3.0.0 Internal Name : wssl.dll Legal Copyright : (c) 2009 Works Ltd. Original Filename : wssl.dll Product Name : Workstation Service Loader Product Version : 2.3.0.0
VirusTotal Report submitted 2012-05-10 19:51:24
VirusShare info last updated 2012-07-26 03:11:50

	MD5	5968d1c8ab829d8764299a59a1c419d7
	SHA1	32ac2570be60221367fffa1476da708a4ecb9f23
	SHA256	94d12b5ebd3a3da80f2bf1ea3faf44762a8aac5810b4319c96a6afba43c9bf87
SSDeep	3072:u5dXzbwtHnH7WUKdewohMqqDLy/13leb3StwBg03:QoHKnXqqDLu13YC5
Size	163840 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-HF [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Genome Panda = Generic Trojan Rising = Trojan.Win32.Generic.1289D4A6 nProtect = Trojan/W32.Vundo.163840 K7AntiVirus = Riskware VirusBuster = Trojan.Vundo!KYwrH1Dfd2s eTrust-Vet = Win32/Vundo.HSA TrendMicro-HouseCall = TROJ_GEN.R4FC2GF Comodo = TrojWare.Win32.Agentb.o Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[Cont] McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.MulDrop2.36782 TrendMicro = TROJ_GEN.R4FC2GF Kaspersky = Trojan.Win32.Agentb.o Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen Jiangmin = Trojan/Agentb.do McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.13 VIPRE = Virtumonde F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.XKR Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.13 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Genome.sqnn BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:11:21 12:22:13-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 86016 Initialized Data Size : 118784 Uninitialized Data Size : 0 Entry Point : 0x11a2e OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2006.0.6002.18005 Product Version Number : 2006.0.6002.18005 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Bmegpaqab Mfcusoydrec File Description : XML Filter File Version : 2006.0.6002.18005 (lh_sp2rtm.090410-1830) Internal Name : XmlFilter.dll Legal Copyright : © Ylseaasvc Trxfagykvyt. All rights reserved. Original Filename : XmlFilter.dll Product Name : Gxbclscqv® Lnouggl® Anoekhhks Trbozz Product Version : 2006.0.6002.18005
VirusTotal Report submitted 2012-04-29 11:12:51
VirusShare info last updated 2012-07-26 03:12:28

	MD5	6357383b87398924adc5fb80b91309f4
	SHA1	537d47de0c9d1933ad7a8fb0e004a242ca1886b7
	SHA256	a57e31e46609f014224463f9a0dc1d9286df56592242f9d5de27a6348c7d0f2b
SSDeep	3072:W8MRXC/eppeO3a1XJfvl3W0RirzfflOcIACjg0YcYmbRIryLcfBq8vOOW:wP/SZteLIcaYJmbRrGBqwW
Size	102912 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.307200 Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Vundo Panda = Trj/Genetic.gen nProtect = Trojan/W32.Vundo.102912.C K7AntiVirus = Riskware eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R4FC2HO Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.Smardec.82 TrendMicro = TROJ_GEN.R4FC2HO ViRobot = Trojan.Win32.Vundo.102912 Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.gddy McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CD.gen!Eldorado AVG = Generic22.BFHJ Sophos = Troj/Virtum-Gen Symantec = Trojan.Gen GData = Gen:Variant.Vundo.13 Commtouch = W32/Virtumonde.CD.gen!Eldorado TheHacker = Trojan/Kryptik.lxf BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:08:15 19:44:32-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 53248 Initialized Data Size : 90112 Uninitialized Data Size : 0 Entry Point : 0xa8a5 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6001.18000 Product Version Number : 6.0.6001.18000 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Crspatyrt Iiavhzuekfy File Description : Inttonhuv EAPHost Peer Client DLL File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840) Internal Name : eappprxy.dll Legal Copyright : © Tmzeezucf Orpcjqwwmcj. All rights reserved. Original Filename : eappprxy.dll Product Name : Egasnptin® Klrcaac® Cbpvxbcoj Nvuogg Product Version : 6.0.6001.18000
VirusTotal Report submitted 2012-05-04 01:29:58
VirusShare info last updated 2012-07-26 03:13:19

	MD5	657998ce3a0534dbde58c7e04abffa43
	SHA1	763f800c0e28f7e3581b235efa7f00a4d9b14f2d
	SHA256	ceb6ff700a39c24bcf3414c034b42e018dec41f0c738d4aa2633c21a035613ba
SSDeep	3072:H9KvITjQmm9AlUf7QE1cwwa2EpZVYicp+VYYbu73FTYkl/MtUD0M:d/TEzNQwh2M8B73FTY4f
Size	221184 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Webprefix AhnLab-V3 = Trojan/Win32.Mediyes Panda = Trj/Genetic.gen nProtect = Trojan/W32.Agent.221184.ACK K7AntiVirus = Trojan VBA32 = Trojan.Pirminay.rkf eTrust-Vet = Win32/Mediyes.A!generic Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Webprefix!IK McAfee-GW-Edition = Artemis!657998CE3A05 DrWeb = Trojan.Hosts.5806 Kaspersky = Trojan.Win32.Pirminay.rkw Microsoft = Trojan:Win32/Mediyes.C Fortinet = W32/Mediyes.FA!tr Jiangmin = Trojan/Pirminay.aqk McAfee = Artemis!657998CE3A05 F-Secure = Gen:Variant.Barys.1155 VIPRE = Trojan.Win32.Generic!BT F-Prot = W32/Mediyes.D2.gen!Eldorado AVG = Agent3.BLOO Norman = W32/Troj_Generic.BNOBB GData = Gen:Variant.Barys.1155 Commtouch = W32/Mediyes.D2.gen!Eldorado TheHacker = Trojan/Mediyes.f BitDefender = Gen:Variant.Barys.1155 NOD32 = a variant of Win32/Mediyes.F
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2012:03:16 21:08:33-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 151552 Initialized Data Size : 65536 Uninitialized Data Size : 0 Entry Point : 0x1470a OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-05-05 14:24:55
VirusShare info last updated 2012-07-26 03:13:31

	MD5	747bd1a30c9e29ebc86262e362a7686d
	SHA1	87f049cf419ebc4f4f3986b03668a17b168fdfb3
	SHA256	cffd779181be319b91d6007377e79c47597598baa13941d4f484c0c4df1a0799
SSDeep	3072:FvZH89qJbA8lNklOeOLClKFFrZolEMqqDLy/fn+Pe/4NKCnsD:FvvGEMOeOGw1ZeqqDLufsOuKqs
Size	160768 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-HF [Cryp] Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Vundo Panda = Suspicious file Rising = Trojan.Win32.Generic.1289ABC8 nProtect = Trojan/W32.Genome.160768 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!4OpO7Jrai9Y eTrust-Vet = Win32/Vundo.H!generic Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.Click1.64012 Kaspersky = HEUR:Trojan.Win32.Generic ViRobot = Trojan.Win32.Vundo.160768 Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Vundo Jiangmin = Trojan/Generic.ijxo McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.AZQC Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = Trojan.Vundo!gen9 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.lxf BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:08:19 09:46:42-04:00 PE Type : PE32 Linker Version : 5.12 Code Size : 94208 Initialized Data Size : 118784 Uninitialized Data Size : 0 Entry Point : 0x13a32 OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.6.7000.0 Product Version Number : 6.6.7000.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Vnrmgjtri Lpzybpvwlac File Description : DirectShow Runtime. File Version : 6.6.7000.0 (winmain_win7beta.081212-1400) Internal Name : QCap.dll Legal Copyright : © Uytnvwlob Dbtjrslawzr. All rights reserved. Original Filename : QCap.dll Product Name : Rkathmooi® Rufbqqx® Vnvlhzjpv Gjyxup Product Version : 6.6.7000.0 Ole Self Register :
VirusTotal Report submitted 2012-04-28 05:47:17
VirusShare info last updated 2012-07-26 03:14:55

	MD5	7d1d5f8708e68bea9d1c8e92b0bed095
	SHA1	66d62911a5d81481b265cf9eddaf4b0bb5044ae6
	SHA256	1c737355b6b3748233c3c589450eadbb9cb9e1e56c3bf74446a5e25e3b192811
SSDeep	3072:sx+hl1CrkSMyDadhS2Q6faViZLxy8/yAqHs4i9ywJmm0tfocM:v4zydhBCeo8KX2Xmn4
Size	212992 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:Trojan-gen Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Mediyes Panda = Trj/Genetic.gen nProtect = Trojan/W32.Agent.212992.AIR K7AntiVirus = Riskware VBA32 = Trojan.Pirminay.rez eTrust-Vet = Win32/Mediyes.A!generic Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Artemis!7D1D5F8708E6 DrWeb = Trojan.Hosts.5800 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Mediyes.C Fortinet = W32/Mediyes.FA!tr Jiangmin = Trojan/Pirminay.aqj McAfee = Artemis!7D1D5F8708E6 F-Secure = Gen:Variant.Barys.1155 VIPRE = Trojan.Win32.Generic!BT F-Prot = W32/Mediyes.D2.gen!Eldorado AVG = Agent3.BLOQ Norman = W32/Mediyes.G GData = Gen:Variant.Barys.1155 Commtouch = W32/Mediyes.D2.gen!Eldorado TheHacker = Trojan/Pirminay.rfu BitDefender = Gen:Variant.Barys.1155 NOD32 = probably a variant of Win32/Mediyes.F
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2011:12:28 22:20:45-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 147456 Initialized Data Size : 61440 Uninitialized Data Size : 0 Entry Point : 0x1363a OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-05-08 11:35:56
VirusShare info last updated 2012-07-26 03:15:44

	MD5	7fa8e08c849a3216ee39285b56894268
	SHA1	710a5d8d3f5d44f149367fd8b1ab65664378c3d1
	SHA256	5337995cb51d7f35d76220e837c7a090ad752f69fa2a42a37c76af2eff172fd6
SSDeep	3072:3d+GhZ1Srk+JyDlCtWGwQagafMy84yn0BqVB7kxV9tGRYM:tI/ICCBJ8HBB7kal
Size	212992 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay Panda = Suspicious file nProtect = Trojan/W32.Agent.212992.AIR VBA32 = Trojan.Pirminay.rez TrendMicro-HouseCall = TROJ_GEN.R47CDDU Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Artemis!7FA8E08C849A DrWeb = Trojan.Hosts.5800 TrendMicro = TROJ_GEN.R47CDDU Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Mediyes.C Fortinet = W32/Mediyes.FA!tr Jiangmin = Trojan/Pirminay.aqj McAfee = Artemis!7FA8E08C849A F-Secure = Gen:Variant.Barys.1155 VIPRE = Trojan.Win32.Generic!BT F-Prot = W32/Mediyes.D2.gen!Eldorado AVG = Agent3.BLOQ Norman = W32/Troj_Generic.BMKOV GData = Gen:Variant.Barys.1155 TheHacker = Trojan/Pirminay.rgq BitDefender = Gen:Variant.Barys.1155 NOD32 = probably a variant of Win32/Mediyes.F
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2011:12:28 21:22:02-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 147456 Initialized Data Size : 61440 Uninitialized Data Size : 0 Entry Point : 0x1363a OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-04-30 23:10:59
VirusShare info last updated 2012-07-26 03:16:01

	MD5	801cafd276d6382ffd612a4d603af476
	SHA1	14451623ce16cf8d5eeafd1041dc3d9487768fc1
	SHA256	a049ab822e4bb81911fc91056e0cb2c32f2014b4b7038f4d352bea5ad5a093a4
SSDeep	3072:1hAvIyjUmmUFlUfvxmLZFPas+PXs7uuV+w/Qs/N8/T4rZt4PZ:17ywmYYys+vqnQV/TdB
Size	221184 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Webprefix AhnLab-V3 = Trojan/Win32.Mediyes K7AntiVirus = Trojan VirusBuster = Trojan.Pirminay!vdtSJv/BtWA VBA32 = Trojan.Pirminay.rfi eTrust-Vet = Win32/Mediyes.A!generic Emsisoft = Trojan.Win32.Webprefix!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Artemis!801CAFD276D6 DrWeb = Trojan.Hosts.5806 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Mediyes.C Fortinet = W32/Mediyes.FA!tr Jiangmin = Trojan/Pirminay.aqo McAfee = Artemis!801CAFD276D6 F-Secure = Gen:Variant.Barys.596 VIPRE = Trojan.Win32.Generic!BT F-Prot = W32/Mediyes.D.gen!Eldorado AVG = Agent3.BLOO Norman = W32/Troj_Generic.BNRSF Sophos = Mal/Mediyes-D GData = Gen:Variant.Barys.596 Commtouch = W32/Mediyes.D.gen!Eldorado BitDefender = Gen:Variant.Barys.596 NOD32 = a variant of Win32/Mediyes.F
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2012:03:16 21:30:14-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 151552 Initialized Data Size : 65536 Uninitialized Data Size : 0 Entry Point : 0x1470a OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.3.0.0 Product Version Number : 2.3.0.0 File Flags Mask : 0x0017 File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Works Ltd. File Description : Workstation Service Loader File Version : 2.3.0.0 Internal Name : wssl.dll Legal Copyright : (c) 2009 Works Ltd. Original Filename : wssl.dll Product Name : Workstation Service Loader Product Version : 2.3.0.0
VirusTotal Report submitted 2012-05-09 21:35:40
VirusShare info last updated 2012-07-26 03:16:05

	MD5	80d85ec657237cdbb6292f28426c32b6
	SHA1	9f88fe8287ead229b89d57d436c61aa851bac14c
	SHA256	a9f024351ed14f2a510710e9f41a29622aef7d3d078309ee70aa49f7a95b8a55
SSDeep	3072:qVLLjawG9dh7Ht6972HY9bemkvwxey06SZ0x4MhSgtWz5QPtbREChCTaeLdlw7:q1LjaFpHG7QYReh+LhSgUitbRhCe9
Size	211500 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:Downloader-IRS [Trj] Antiy-AVL = Trojan/Win32.Jorik Ikarus = Trojan.Win32.Jorik AhnLab-V3 = Trojan/Win32.Jorik Panda = Suspicious file nProtect = Trojan.Generic.6315415 K7AntiVirus = Trojan TrendMicro-HouseCall = TROJ_RENOS.BMC Emsisoft = Trojan.Win32.Jorik!IK McAfee-GW-Edition = Generic.evx!u DrWeb = Trojan.DownLoader6.5029 TrendMicro = TROJ_RENOS.BMC Kaspersky = Trojan.Win32.Jorik.Pirminay.bey Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Evx.U!tr PCTools = Trojan.ADH Jiangmin = Trojan/Generic.hxys McAfee = Generic.evx!u F-Secure = Trojan.Generic.6315415 VIPRE = Trojan.Win32.Generic!BT AVG = Dropper.Generic4.MXQ Norman = W32/Kryptik.ALS GData = Trojan.Generic.6315415 Symantec = Trojan.ADH.2 TheHacker = Trojan/Jorik.Pirminay.bdb BitDefender = Trojan.Generic.6315415 NOD32 = a variant of Win32/Kryptik.UFA
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 16384 Initialized Data Size : 200704 Uninitialized Data Size : 0 Entry Point : 0x134e OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.3.3790.3959 Product Version Number : 5.3.3790.3959 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Unknown File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Txlxtvvyw Fbgwyodatnz File Description : Microsoft DirectPlay Helper File Version : 5.3.3790.3959 (srv03_sp2_rtm.070216-1710) Internal Name : dplaysvr.exe Legal Copyright : © Yutcmwlac Ogsklohcjcf. All rights reserved. Original Filename : dplaysvr.exe Product Name : Ujcywwqxj(R) Pcznege(R) Fldmessil Jltztf Product Version : 5.3.3790.3959
VirusTotal Report submitted 2012-05-02 17:59:49
VirusShare info last updated 2012-07-26 03:16:11

	MD5	824bf4c8826c936d2b964bb843c01c7b
	SHA1	24e53a5f198faa94e318f3dc6c145a1bb99d8970
	SHA256	2ab5785e6cf491e872486258d12f6c7de0aa1e1ab6181e0a134299e17c2ddb6b
SSDeep	3072:P/2qelMW9E+fnC0P01Cvw/+aSRu45/bk+zYMWG7BoStxhDM:m1lMC9nI1X7SL4IDLVfu
Size	221184 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay Panda = Trj/Genetic.gen K7AntiVirus = Trojan VBA32 = Trojan.Pirminay.rdg Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Artemis!824BF4C8826C DrWeb = Trojan.Hosts.5792 Kaspersky = Trojan.Win32.Pirminay.rdp Microsoft = Trojan:Win32/Mediyes.C Fortinet = W32/Mediyes.FA!tr Jiangmin = Trojan/Pirminay.aqi F-Secure = Gen:Variant.Barys.1155 VIPRE = Trojan.Win32.Generic!BT F-Prot = W32/Mediyes.D2.gen!Eldorado AVG = Agent.7.G Norman = W32/Troj_Generic.BMVXS GData = Gen:Variant.Barys.1155 BitDefender = Gen:Variant.Barys.1155 NOD32 = a variant of Win32/Mediyes.F
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2012:03:23 00:23:44-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 151552 Initialized Data Size : 65536 Uninitialized Data Size : 0 Entry Point : 0x14a1a OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-05-02 19:45:44
VirusShare info last updated 2012-07-26 03:16:20

	MD5	83392660d04f19575b7175fc5e140eb5
	SHA1	e54d51a66baf9fb901ea9249392dc941bfa598b7
	SHA256	2766274d35a31f087ab4d4d3954a80d59a04e49f86b4430a3dc053169581f625
SSDeep	3072:JyBWq+tMW2E+fnW0P80y+imayVlGhw9Ad4ea1MnPteh3:Ic1tM59nE1Ty4vACEF
Size	221184 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Mediyes Panda = Generic Trojan nProtect = Trojan/W32.Agent.221184.ACC K7AntiVirus = Trojan VBA32 = Trojan.Pirminay.rdg Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Artemis!83392660D04F DrWeb = Trojan.Hosts.5792 Kaspersky = Trojan.Win32.Pirminay.rej Microsoft = Trojan:Win32/Mediyes.C Fortinet = W32/Mediyes.FA!tr Jiangmin = Trojan/Pirminay.aqi McAfee = Artemis!83392660D04F F-Secure = Gen:Variant.Barys.596 VIPRE = Trojan.Win32.Generic!BT F-Prot = W32/Mediyes.D.gen!Eldorado AVG = Generic27.BRCO Norman = W32/Troj_Generic.BJAYF Sophos = Mal/Mediyes-D Symantec = Trojan.Gen GData = Gen:Variant.Barys.596 Commtouch = W32/Mediyes.D.gen!Eldorado TheHacker = Trojan/Pirminay.rej BitDefender = Gen:Variant.Barys.596 NOD32 = a variant of Win32/Mediyes.F
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2012:03:23 00:19:21-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 151552 Initialized Data Size : 65536 Uninitialized Data Size : 0 Entry Point : 0x14a1a OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.3.0.0 Product Version Number : 2.3.0.0 File Flags Mask : 0x0017 File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Works Ltd. File Description : Workstation Service Loader File Version : 2.3.0.0 Internal Name : wssl.dll Legal Copyright : (c) 2009 Works Ltd. Original Filename : wssl.dll Product Name : Workstation Service Loader Product Version : 2.3.0.0
VirusTotal Report submitted 2012-04-30 23:11:40
VirusShare info last updated 2012-07-26 03:16:26

	MD5	836bac11c3dcf8330ba67afd9c74c5b1
	SHA1	846e5201e42b5b70f0c1a2bdb9d0fc7c30ea74f8
	SHA256	9b0cb1b036faf80833f5bb81914da197149682d2a24291ea4f3a47d958326127
SSDeep	3072:PwMkdXEtIcsIyDtu/CFBIa6mAkmQQTxQZO8f+vtsXM:IRMdsRugp1QVIPmyc
Size	212992 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Artemis!836BAC11C3DC DrWeb = Trojan.Hosts.5800 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Mediyes.C Fortinet = W32/Mediyes.FA!tr Jiangmin = Trojan/Pirminay.aqq McAfee = Artemis!836BAC11C3DC F-Secure = Gen:Variant.Barys.1155 VIPRE = Trojan.Win32.Generic!BT AVG = Agent.7.G Norman = W32/Troj_Generic.BLOCF GData = Gen:Variant.Barys.1155 BitDefender = Gen:Variant.Barys.1155 NOD32 = probably a variant of Win32/Mediyes.F
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2011:12:16 15:55:55-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 147456 Initialized Data Size : 61440 Uninitialized Data Size : 0 Entry Point : 0x1391a OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-04-29 11:20:09
VirusShare info last updated 2012-07-26 03:16:27

	MD5	9eb0f3031edd2a9897837c356a2e4c9a
	SHA1	e8ccd97e73ca2008d1a5022a1f6562275e43f88a
	SHA256	9c5cbae77abe25f7ee77e85689bd639db3c70cea78472256e080e4797ef78f29
SSDeep	3072:WPdhW1IrkvWyDnTbkeGaKiLCyz0CfM8nsGJPHst8WbM:niuVnzhzD19PVF
Size	212992 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Webprefix AhnLab-V3 = Trojan/Win32.Mediyes Panda = Trj/Genetic.gen nProtect = Trojan/W32.Agent.212992.AIR VBA32 = Trojan.Pirminay.rez eTrust-Vet = Win32/Mediyes.A!generic TrendMicro-HouseCall = TROJ_GEN.R47CDE3 Emsisoft = Trojan.Win32.Webprefix!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Artemis!9EB0F3031EDD DrWeb = Trojan.Hosts.5800 TrendMicro = TROJ_GEN.R47CDE3 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Mediyes.C Fortinet = W32/Mediyes.FA!tr Jiangmin = Trojan/Pirminay.aqj McAfee = Artemis!9EB0F3031EDD F-Secure = Gen:Variant.Barys.1155 VIPRE = Trojan.Win32.Generic!BT F-Prot = W32/Mediyes.D2.gen!Eldorado AVG = Agent3.BLOQ Norman = W32/Troj_Generic.BOLUX GData = Gen:Variant.Barys.1155 Commtouch = W32/Mediyes.D2.gen!Eldorado BitDefender = Gen:Variant.Barys.1155 NOD32 = probably a variant of Win32/Mediyes.F
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2012:01:18 21:03:50-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 147456 Initialized Data Size : 61440 Uninitialized Data Size : 0 Entry Point : 0x1363a OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-05-04 01:43:48
VirusShare info last updated 2012-07-26 03:19:06

	MD5	a3e59f3f74edb5ed150697d5ef55e67b
	SHA1	6d1d129d2b71d6665aa79fc36f1965205ca10561
	SHA256	1e9217c1e594b86d3179587193af3fa94a4bd890a8043e9cb93ffd508d23df50
SSDeep	3072:/eILEswUnZiVfq4AEeE1hJhneH2Kxo89TCoAZfARjxos77I:/ZPWDeAteWKNBIoJxo
Size	131072 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/Win32.Monder.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.HDC Panda = Suspicious file nProtect = Trojan/W32.Vundo.131072.D K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!kUqSuWeqqvU eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R4FC2I2 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Generic Malware.ms TrendMicro = TROJ_GEN.R4FC2I2 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.jfgg F-Secure = Gen:Variant.Vundo.13 F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.BKGL Sophos = Troj/Virtum-Gen Symantec = Trojan.Gen GData = Gen:Variant.Vundo.13 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.lxf BitDefender = Gen:Variant.Vundo.13 NOD32 = probably a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:09:29 14:44:39-04:00 PE Type : PE32 Linker Version : 5.12 Code Size : 69632 Initialized Data Size : 94208 Uninitialized Data Size : 0 Entry Point : 0xdefe OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.5512 Product Version Number : 5.1.2600.5512 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Bxufqhusc Lsyvnozowtk File Description : USB Miniport Driver for Input Devices File Version : 5.1.2600.5512 (xpsp.080413-2108) Internal Name : HIDUSB.SYS Legal Copyright : © Kkwhopsnl Rujmohcknfq. All rights reserved. Original Filename : HIDUSB.SYS Product Name : Fzvycrpqx® Lpjnpml® Lkuzhsgyu Aezppw Product Version : 5.1.2600.5512
VirusTotal Report submitted 2012-05-07 22:03:33
VirusShare info last updated 2012-07-26 03:19:30

	MD5	a6016496b400bd6f736e0bfa96b43b4b
	SHA1	cf75cde639acd04707e3a56fd7570689ea9d1a92
	SHA256	fed13a1a2cb2fae031f672ea68e12ea04924a90cc06e554cf27b9b1adf2848b4
SSDeep	3072:tpI3altOdknYyDRuyrqlaNIgS3R1h9Fp+tZq2M:wG+CdA04hjcU
Size	212992 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Mediyes Panda = Trj/Genetic.gen nProtect = Trojan.Generic.KDV.607327 K7AntiVirus = Trojan VBA32 = Trojan.Pirminay.rti eTrust-Vet = Win32/Mediyes.A!generic Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Artemis!A6016496B400 DrWeb = Trojan.Hosts.5800 Microsoft = Trojan:Win32/Mediyes.C Fortinet = W32/Mediyes.FA!tr Jiangmin = Trojan/Pirminay.aqr McAfee = Artemis!A6016496B400 F-Secure = Trojan.Generic.KDV.607327 VIPRE = Trojan.Win32.Generic!BT F-Prot = W32/Mediyes.D2.gen!Eldorado AVG = Generic27.CLAS Norman = W32/Troj_Generic.BPWNC Sophos = Troj/Mediyes-L GData = Trojan.Generic.KDV.607327 Commtouch = W32/Mediyes.D2.gen!Eldorado BitDefender = Trojan.Generic.KDV.607327 NOD32 = probably a variant of Win32/Mediyes.F
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2011:12:17 22:25:53-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 147456 Initialized Data Size : 61440 Uninitialized Data Size : 0 Entry Point : 0x1356a OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-05-11 15:30:34
VirusShare info last updated 2012-07-26 03:19:40

	MD5	a89b56c00306fe7fad5bb554de4c3de0
	SHA1	1767179626258fb2849139704488e3bff56ff05d
	SHA256	6c28ab0feb514202a4e24767b8006b56dd3158cd4f1d7328e9f5255a154021ae
SSDeep	3072:jhdan/WUjV1lkPn/NJdwcUFZMKN0o9WC2xfx8:janjpkHNJdWPusT29x
Size	105984 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:MalOb-FA [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Vundo Panda = Trj/Vundo.I nProtect = Trojan/W32.Vundo.105984.B K7AntiVirus = Trojan VirusBuster = Trojan.Agent!XCPEP8sM1rg VBA32 = Trojan.Agent.hodh eTrust-Vet = Win32/Vundo.HTF!genus TrendMicro-HouseCall = TROJ_VUNDO.SMIA Comodo = TrojWare.Win32.Agent.hodh Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Win32.Trojan.Vundo.5 SUPERAntiSpyware = Trojan.Agent/Gen-Vonder McAfee-GW-Edition = Artemis!A89B56C00306 DrWeb = Trojan.Siggen2.26773 TrendMicro = TROJ_VUNDO.SMIA Kaspersky = Trojan.Win32.Agent.hodh Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Genome.ihm McAfee = Artemis!A89B56C00306 F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.BZ.gen!Eldorado AVG = Injector.AAJ Norman = W32/Kryptik.AIF Sophos = Troj/Agent-PKR GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.BZ.gen!Eldorado TheHacker = Trojan/Injector.dse BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Injector.DSE
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:02:02 03:17:08-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 57856 Initialized Data Size : 83968 Uninitialized Data Size : 0 Entry Point : 0xf06d OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1.1.4322.573 Product Version Number : 1.1.4322.573 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : netfxperf.lib File Version : 1.1.4322.573 Internal Name : netfxperf.lib Legal Copyright : Copyright (C) Microsoft Corporation 1998-2002. All rights reserved. Legal Trademarks : Microsoft and Windows are either registered trademarks or trademarks of Microsoft Corporation in the U.S. and/or other countries. Original Filename : netfxperf.lib Product Name : Microsoft (R) .NET Framework Product Version : 1.1.4322.573 Comments : Microsoft .NET Framework build environement is Retail. SafeSync counter=0
VirusTotal Report submitted 2012-05-02 20:38:01
VirusShare info last updated 2012-07-26 03:19:55

	MD5	abd8a9efdc10b6b9c8f11c38a5cb571e
	SHA1	253ed44b1783746d0a0cef10f91f2986ef634545
	SHA256	973f2cc1157085a7ce1286e450b366fa9371384915c533fea99290178a322896
SSDeep	3072:lQWq+QMWGE+fhB20Pr+noCxXaYEt4L4bUPVUWK7oeottJ8pn:ZFQMB9hBjmxKYPhvK7oe40
Size	221184 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:Trojan-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Mediyes Panda = Trj/Genetic.gen nProtect = Trojan/W32.Agent.221184.ACB VBA32 = Trojan.Pirminay.rdg eTrust-Vet = Win32/Mediyes.A!generic Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Artemis!ABD8A9EFDC10 DrWeb = Trojan.Hosts.5792 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Mediyes.C Fortinet = W32/Mediyes.FA!tr Jiangmin = Trojan/Pirminay.aqi McAfee = Artemis!ABD8A9EFDC10 F-Secure = Trojan.Generic.KDV.607345 VIPRE = Trojan.Win32.Generic!BT F-Prot = W32/Mediyes.D2.gen!Eldorado AVG = Generic27.BSVS GData = Trojan.Generic.KDV.607345 Commtouch = W32/Mediyes.D2.gen!Eldorado TheHacker = Trojan/Mediyes.f BitDefender = Trojan.Generic.KDV.607345 NOD32 = a variant of Win32/Mediyes.F
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2012:03:23 00:56:06-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 151552 Initialized Data Size : 65536 Uninitialized Data Size : 0 Entry Point : 0x14a1a OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-05-06 18:34:34
VirusShare info last updated 2012-07-26 03:20:11

	MD5	c27652a48b2382dea5bca19cbc37b0c6
	SHA1	272f2cba505f58e56110d28d63fdc4fa4e5faf00
	SHA256	56796923842c2bdb03bbeac8654ba8688cefa410d2283ff46492325b7150acbe
SSDeep	3072:j2xbhR16rk6xyDaElWRDNaIGIaA8yMUeIGFIr/M5fztDoo3M:wAj6AMZWMvAjM59I
Size	212992 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Mediyes Panda = Trj/Genetic.gen nProtect = Trojan/W32.Agent.212992.AIR VBA32 = Trojan.Pirminay.rez eTrust-Vet = Win32/Mediyes.A!generic Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Artemis!C27652A48B23 DrWeb = Trojan.Hosts.5800 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Mediyes.C Fortinet = W32/Mediyes.FA!tr Jiangmin = Trojan/Pirminay.aqj McAfee = Artemis!C27652A48B23 F-Secure = Gen:Variant.Barys.1155 VIPRE = Trojan.Win32.Generic!BT F-Prot = W32/Mediyes.D2.gen!Eldorado AVG = Agent3.BLOQ Norman = W32/Troj_Generic.BLRRC GData = Gen:Variant.Barys.1155 Commtouch = W32/Mediyes.D2.gen!Eldorado TheHacker = Trojan/Pirminay.rfe BitDefender = Gen:Variant.Barys.1155 NOD32 = probably a variant of Win32/Mediyes.F
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2011:12:28 22:16:22-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 147456 Initialized Data Size : 61440 Uninitialized Data Size : 0 Entry Point : 0x1363a OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-05-05 07:30:09
VirusShare info last updated 2012-07-26 03:22:06

	MD5	d549ff509ec476a4124d39d0d09eb720
	SHA1	5a191f433eb5a43dd2ba5c1f19927e04048a3413
	SHA256	7862fa27268f4f13e9949017c493dc23a2afe4e490b0fea504c1af795d79e7fe
SSDeep	3072:Jj2qe4MWeE+fTV0PlrPEXaa64Gy4IHCg9c/NEPudtpho5:Il4Mp9Tg+f69U1c/NEGZg
Size	221184 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay nProtect = Trojan/W32.Agent.221184.ACT K7AntiVirus = Riskware VBA32 = Trojan.Pirminay.rdg TrendMicro-HouseCall = TROJ_GEN.R47C7DR Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Generic.dx!b2cn DrWeb = Trojan.Hosts.5792 TrendMicro = TROJ_GEN.R47C7DR Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Mediyes.C Fortinet = W32/Mediyes.FA!tr Jiangmin = Trojan/Pirminay.aqi McAfee = Generic.dx!b2cn F-Secure = Trojan.Generic.KDV.608292 VIPRE = Trojan.Win32.Generic!BT AVG = Agent.7.G Norman = W32/Troj_Generic.BLCNO GData = Trojan.Generic.KDV.608292 BitDefender = Trojan.Generic.KDV.608292 NOD32 = a variant of Win32/Mediyes.F
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2012:03:23 01:46:22-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 151552 Initialized Data Size : 65536 Uninitialized Data Size : 0 Entry Point : 0x14a1a OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-04-29 06:42:23
VirusShare info last updated 2012-07-26 03:23:37

	MD5	dc5b868f94e1f26e92f14d6a82d32333
	SHA1	c2e16c947a8161a19bae74c36a16e6d7cf620d85
	SHA256	a8d54660c973124b891a2268713e757fdf4700c837c8b30720c719760df8dba0
SSDeep	1536:W2f3pg/KFuyW7aGu5Fj2L+sxbGtDGZao2TlBDGIglhy05WVM/8+NZW0m:XfRFUnunKCDDto2TqIg3KM/JNZW0
Size	122880 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-GD [Cryp] Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Genome Panda = Suspicious file K7AntiVirus = Trojan eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R4FC2GG Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.Click1.63023 TrendMicro = TROJ_GEN.R4FC2GG Kaspersky = Trojan.Win32.Monder.ntby Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Genome.ahcz McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.ZJX Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.13 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Genome.twso BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.NDS
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:08:29 01:32:30-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 57344 Initialized Data Size : 98304 Uninitialized Data Size : 0 Entry Point : 0xb70a OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Kcssvwbkk Mpoiygxoupe File Description : Llrxajq Write File Version : 5.1.2600.0 (uxozrtxg.010817-1148) Internal Name : write Legal Copyright : © Lerxelvhk Xwronziumui. All rights reserved. Original Filename : write Product Name : Uprgknoah® Ngtbofq® Mucsciuya Reywjr Product Version : 5.1.2600.0
VirusTotal Report submitted 2012-05-07 21:55:55
VirusShare info last updated 2012-07-26 03:24:10

	MD5	dd8a5fb3674354a6df27f62c217ae4fa
	SHA1	decbd95edbbd166bb0086b01c75d24055cd0bc15
	SHA256	5651cf351e1e7c43ff99915320b5b1f72bed874291ddbe819f690b6f859d2f36
SSDeep	3072:fhoan/WQjigkAlkiV/yP/FEFZMKN0o9W22kfx8:KanfnkGyP/0PusX2Yx
Size	105984 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:MalOb-FA [Cryp] Antiy-AVL = Trojan/Win32.Agent.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Vundo Panda = Trj/Vundo.I nProtect = Trojan/W32.Vundo.105984.B K7AntiVirus = Trojan VirusBuster = Trojan.Agent!z+TO2SkQpvM VBA32 = Trojan.Agent.hodh eTrust-Vet = Win32/Vundo.HTF!genus TrendMicro-HouseCall = TROJ_VUNDO.SMIA Comodo = TrojWare.Win32.Agent.hodh Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Win32.Trojan.Vundo.5 SUPERAntiSpyware = Trojan.Agent/Gen-Vonder McAfee-GW-Edition = Vundo!lf DrWeb = Trojan.Siggen2.26773 TrendMicro = TROJ_VUNDO.SMIA Kaspersky = Trojan.Win32.Agent.hodh Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Genome.ihm McAfee = Vundo!lf F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.BZ.gen!Eldorado AVG = Injector.AAJ Norman = W32/Kryptik.AIF Sophos = Troj/Agent-PKR GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.BZ.gen!Eldorado TheHacker = Trojan/Injector.dse BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Injector.DSE
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:02:02 03:17:08-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 57856 Initialized Data Size : 83968 Uninitialized Data Size : 0 Entry Point : 0xf06d OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1.1.4322.573 Product Version Number : 1.1.4322.573 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : netfxperf.lib File Version : 1.1.4322.573 Internal Name : netfxperf.lib Legal Copyright : Copyright (C) Microsoft Corporation 1998-2002. All rights reserved. Legal Trademarks : Microsoft and Windows are either registered trademarks or trademarks of Microsoft Corporation in the U.S. and/or other countries. Original Filename : netfxperf.lib Product Name : Microsoft (R) .NET Framework Product Version : 1.1.4322.573 Comments : Microsoft .NET Framework build environement is Retail. SafeSync counter=0
VirusTotal Report submitted 2012-05-02 20:38:10
VirusShare info last updated 2012-07-26 03:24:18

	MD5	e0ddb8612e6f2bf1756da8245920452d
	SHA1	622b6f3113d8d0b69743e1e629c1824a789ef8e6
	SHA256	5152ce5083643bcf0ea0340851ee91dd3a446e86e06375fd32ed54d18effaf23
SSDeep	3072:o8hhV1irkijyD8o1GMK/aW6Y5yMnyoFj/KdZapzm5t+HGM:R4LroKipMyuCaJDN
Size	212992 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Mediyes nProtect = Trojan/W32.Agent.212992.AIR K7AntiVirus = Riskware VBA32 = Trojan.Pirminay.rez eTrust-Vet = Win32/Mediyes.A!generic Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware DrWeb = Trojan.Hosts.5800 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Mediyes.C Fortinet = W32/Mediyes.FA!tr Jiangmin = Trojan/Pirminay.aqj F-Secure = Gen:Variant.Barys.1155 VIPRE = Trojan.Win32.Generic!BT F-Prot = W32/Mediyes.D2.gen!Eldorado AVG = Agent3.BLOQ Norman = W32/Mediyes.G GData = Gen:Variant.Barys.1155 Commtouch = W32/Mediyes.D2.gen!Eldorado TheHacker = Trojan/Pirminay.rfs BitDefender = Gen:Variant.Barys.1155 NOD32 = probably a variant of Win32/Mediyes.F
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2011:12:28 21:46:56-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 147456 Initialized Data Size : 61440 Uninitialized Data Size : 0 Entry Point : 0x1363a OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-05-08 11:45:46
VirusShare info last updated 2012-07-26 03:24:40

	MD5	fbc491e026a10be1d10f26df11b99ca0
	SHA1	a6761c54e6bc64f5ff4abf331a8480beeb0b34ff
	SHA256	8a6f0e520d35c1309ea5b47ad6e8dc45f2c7235f3ea8ddb1fc2168e91e1d7041
SSDeep	3072:dKkWq+oAMWyE+fbfR0PyDGzaGaaYvGl3e64R5TvLuO/FjitI13:UFTM19bHJzaBG5vuIF7h
Size	221184 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Mediyes Panda = Generic Trojan nProtect = Trojan.Generic.KDV.607292 K7AntiVirus = Trojan VirusBuster = Trojan.Pirminay!39NSurrqB90 VBA32 = Trojan.Pirminay.rdg eTrust-Vet = Win32/Mediyes.A!generic Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Artemis!FBC491E026A1 DrWeb = Trojan.Hosts.5792 Kaspersky = Trojan.Win32.Pirminay.rdz Microsoft = Trojan:Win32/Mediyes.C Fortinet = W32/Mediyes.FA!tr Jiangmin = Trojan/Pirminay.aqi McAfee = Artemis!FBC491E026A1 F-Secure = Trojan.Generic.KDV.607292 VIPRE = Trojan.Win32.Generic!BT F-Prot = W32/Mediyes.D.gen!Eldorado AVG = Agent.7.G Norman = W32/Troj_Generic.BNVDN Sophos = Mal/Mediyes-D GData = Trojan.Generic.KDV.607292 Commtouch = W32/Mediyes.D.gen!Eldorado TheHacker = Trojan/Pirminay.rdz BitDefender = Trojan.Generic.KDV.607292 NOD32 = a variant of Win32/Mediyes.F
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2012:03:23 01:03:47-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 151552 Initialized Data Size : 65536 Uninitialized Data Size : 0 Entry Point : 0x14a1a OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.3.0.0 Product Version Number : 2.3.0.0 File Flags Mask : 0x0017 File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Works Ltd. File Description : Workstation Service Loader File Version : 2.3.0.0 Internal Name : wssl.dll Legal Copyright : (c) 2009 Works Ltd. Original Filename : wssl.dll Product Name : Workstation Service Loader Product Version : 2.3.0.0
VirusTotal Report submitted 2012-05-04 01:54:43
VirusShare info last updated 2012-07-26 03:27:39

	MD5	fbcaa30674f5e383d5e6fdc4d5a72b34
	SHA1	0c3fbd9d8580b28e6062ef6ecc9d236b8999f3ad
	SHA256	9feab45dd2ea5d9b6c6ecb0295807a6421fe93f7bd4c2f39176b13a396b63452
SSDeep	3072:teNUswnOObqPX8I6bbnH2tLVoBv52b8IJc6KC:t4U09fdEbnHQLE2j6
Size	155648 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:Vundo-JU [Trj] Antiy-AVL = Trojan/Win32.Monder.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Vundo nProtect = Trojan/W32.Vundo.155648.F K7AntiVirus = Riskware VirusBuster = Adware.Virtumonde!63dxpgpfF5Q eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R4FC2GG Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.WinSpy.1252 TrendMicro = TROJ_GEN.R4FC2GG Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.irik McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.4 VIPRE = Virtumonde F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic21.BBCB Norman = W32/Kryptik.AIF Symantec = Trojan.Gen.2 GData = Gen:Variant.Vundo.4 Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Gen:Variant.Vundo.4 NOD32 = Win32/Adware.Virtumonde.NHD
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:26 16:41:31-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 86016 Initialized Data Size : 102400 Uninitialized Data Size : 0 Entry Point : 0x1244e OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7000.0 Product Version Number : 6.1.7000.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 4 Language Code : English (U.S.) Character Set : Unicode Company Name : Uxthhdeui Psowbxeuwxd File Description : RDP Reflector Driver Miniport File Version : 6.1.7000.0 (winmain_win7beta.081212-1400) Internal Name : RDPREFMP.SYS Legal Copyright : © Rbnymbats Evjtimdxzbh. All rights reserved. Original Filename : RDPREFMP.SYS Product Name : Rfntuzsvd® Uxyqfjg® Gedouunyk Imlqkx Product Version : 6.1.7000.0
VirusTotal Report submitted 2012-04-29 11:33:50
VirusShare info last updated 2012-07-26 03:27:39

	MD5	07e69f228b2d8acea7b54b6e870e0651
	SHA1	b8d1efe8b862f750ef7fe3c090d9ef437af47045
	SHA256	42b759b3c3f8d013fe72f76fc0261833e1479de9e8a41e62984ec82e12cb4257
SSDeep	3072:usuTlJ51PnWqcKdeyohMqqDLy/A3leb3StwBM3:UrPx9qqDLuA3YC
Size	163840 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-HF [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Genome Panda = Suspicious file Rising = Trojan.Win32.Generic.1289D4A6 nProtect = Trojan/W32.Vundo.163840 K7AntiVirus = Trojan VirusBuster = Trojan.Vundo!KYwrH1Dfd2s TrendMicro-HouseCall = TROJ_GEN.R11C2G4 Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.MulDrop2.36782 TrendMicro = TROJ_GEN.R11C2G4 Microsoft = Trojan:Win32/Vundo.gen!AV ViRobot = Trojan.Win32.A.Agent.163840.A Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.HSA Jiangmin = Trojan/Agentb.fl McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.13 VIPRE = Virtumonde F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.XKR Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen Symantec = Trojan.Gen GData = Gen:Variant.Vundo.13 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Genome.sqnn BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:11:21 12:22:13-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 86016 Initialized Data Size : 118784 Uninitialized Data Size : 0 Entry Point : 0x11a2e OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2006.0.6002.18005 Product Version Number : 2006.0.6002.18005 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Bmegpaqab Mfcusoydrec File Description : XML Filter File Version : 2006.0.6002.18005 (lh_sp2rtm.090410-1830) Internal Name : XmlFilter.dll Legal Copyright : © Ylseaasvc Trxfagykvyt. All rights reserved. Original Filename : XmlFilter.dll Product Name : Gxbclscqv® Lnouggl® Anoekhhks Trbozz Product Version : 2006.0.6002.18005
VirusTotal Report submitted 2012-06-06 13:15:00
VirusShare info last updated 2012-07-26 03:31:11

	MD5	47e21a5ee1930902eb73843d182911c0
	SHA1	0ea8820f4b7ba86b1ce355fface2fb2ca6d9970e
	SHA256	af64534ce4ab2766d73227bdc3729ab299dfa110b5cc73d6ab51201aaf085f20
SSDeep	6144:wvIcJzj2PbZPUL4p04u+rl9r8DvCXVY9QRACk:wv1BOPULeHYqRF
Size	236032 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.XPACK.Gen Avast = Win32:Crypt-KPK [Trj] Antiy-AVL = Trojan/Win32.Jorik Ikarus = Trojan.Win32.Jorik AhnLab-V3 = Trojan/Win32.Jorik K7AntiVirus = Trojan VirusBuster = Trojan.Kryptik!JXsMegD8+48 VBA32 = Trojan.Jorik.Pirminay.ajz TrendMicro-HouseCall = TROJ_GEN.R11C7K9 Emsisoft = Trojan.Win32.Jorik!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Heuristic.LooksLike.Suspicious.B DrWeb = Trojan.Fakealert.25675 TrendMicro = TROJ_GEN.R11C7K9 Kaspersky = Trojan.Win32.Jorik.Pirminay.amo Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Jorik_Pirminay.A!tr PCTools = Trojan.Gen Jiangmin = Trojan/Jorik.teo McAfee = Generic Malware.ms F-Secure = Gen:Variant.Graftor.1488 VIPRE = Trojan.Win32.Generic!BT AVG = Generic25.ADAE Norman = W32/Obfuscated.L GData = Gen:Variant.Graftor.1488 Symantec = Trojan.Gen TheHacker = Trojan/Kryptik.tyo BitDefender = Gen:Variant.Graftor.1488 NOD32 = a variant of Win32/Kryptik.TYO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 28672 Initialized Data Size : 217088 Uninitialized Data Size : 0 Entry Point : 0x153b OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.1830 Product Version Number : 5.2.3790.1830 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Ajvmqifkw Yyeaqzcwilw File Description : Remote Access AutoDial Helper File Version : 5.2.3790.1830 (srv03_sp1_rtm.050324-1447) Internal Name : rasadhlp.dll Legal Copyright : © Hltjautja Itynznljjua. All rights reserved. Original Filename : rasadhlp.dll Product Name : Ayopfgudl® Brgdfxt® Wtiguqxpk Zbrlhr Product Version : 5.2.3790.1830
VirusTotal Report submitted 2012-05-24 15:36:45
VirusShare info last updated 2012-07-26 03:37:54

	MD5	4ae7ccb6ac418355480fe8e0022ee782
	SHA1	84db9e14c4781669f238293673e5edd8337239a3
	SHA256	11d8d4c667f371833a34afcee5c2e285e28ddf09fb6c1aa7bbd544a285f2f26e
SSDeep	6144:gJILJgJw/uaDzLKri9eQl+CFR2uv8uX9RuDb:gygiGiN9eQUCaOy
Size	253122 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	Avast = Win32:Pirminay-DY [Trj] Antiy-AVL = Trojan/Win32.Jorik Ikarus = Trojan.Win32.Jorik AhnLab-V3 = Trojan/Win32.Jorik Panda = Generic Trojan nProtect = Trojan/W32.Agent.253122.B K7AntiVirus = Riskware Emsisoft = Trojan.Win32.Jorik!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Heuristic.LooksLike.Suspicious.B DrWeb = Trojan.Fakealert.25679 Kaspersky = HEUR:Trojan.Win32.Generic Fortinet = W32/Jorik_Pirminay.A!tr Jiangmin = Trojan/Jorik.shp McAfee = Artemis!4AE7CCB6AC41 F-Secure = Gen:Variant.Graftor.3065 AVG = Generic25.AFUL Norman = W32/Troj_Generic.BWMCO GData = Gen:Variant.Graftor.3065 TheHacker = Trojan/Jorik.Pirminay.anr BitDefender = Gen:Variant.Graftor.3065 NOD32 = a variant of Win32/Kryptik.TYO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 28672 Initialized Data Size : 237568 Uninitialized Data Size : 0 Entry Point : 0x153b OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI Warning : Error processing PE data dictionary
VirusTotal Report submitted 2012-05-24 17:06:41
VirusShare info last updated 2012-07-26 03:38:06

	MD5	54d67b513f22d60ae81afdd7275d284b
	SHA1	f1d57c0d5cf93289e059c664dfb776a43b3042b8
	SHA256	b2d4d87ebeaed3a3bcde3a2d3f35d380b4eb893a357e59e1bf60e4b7bdc52ac6
SSDeep	3072:qRDS2xJJGdjtRrZImVVOrsIlAvVSbu/yf3P:SDSKc/ZFEsKum3
Size	131072 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Trj/Genetic.gen nProtect = Trojan/W32.Agent.131072.ALD K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!TlpFNMhgjyQ TrendMicro-HouseCall = TROJ_GEN.R4FC2G6 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Vundo McAfee-GW-Edition = Artemis!54D67B513F22 DrWeb = Trojan.Virtumod.10435 TrendMicro = TROJ_GEN.R4FC2G6 Kaspersky = Trojan.Win32.Monder.npzc Microsoft = Trojan:Win32/Vundo.gen!AV ViRobot = Trojan.Win32.Vundo.131072 Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Monder.adnn McAfee = Artemis!54D67B513F22 F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Vundo.pa (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.AQDY Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen.2 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.llt BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LLT
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:14 23:59:26-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 61440 Initialized Data Size : 102400 Uninitialized Data Size : 0 Entry Point : 0xc09d OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1.0.0.1 Product Version Number : 1.0.0.1 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode File Description : igfxTMM Module File Version : 1, 0, 0, 1 Internal Name : igfxTMM Legal Copyright : Copyright 2006 Original Filename : igfxTMM.DLL Product Name : igfxTMM Module Product Version : 1, 0, 0, 1
VirusTotal Report submitted 2012-05-24 18:46:52
VirusShare info last updated 2012-07-26 03:38:52

	MD5	617757d5f45ccfc5058588d6ecfa8841
	SHA1	34e4ed53f4b72d38a2227d8a8212dfc4977f233f
	SHA256	2607379cd4d256d88ae6037108b3bab53ac9683ab4504218ecd3f73af7c6f0c7
SSDeep	3072:nVSI/l5fiEez9juZ/DJM8G9ti0tsHkmp1LLmk8MkwNf4w3dhOFytlNTvGpVGlrC:nMUt5Z/GJ+BEmp1bDf4wcmNTw3
Size	210364 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Jorik AhnLab-V3 = Trojan/Win32.Jorik Panda = Trj/CI.A nProtect = Trojan.Generic.6386964 K7AntiVirus = Riskware VirusBuster = Trojan.Injector!Knt+Q9reJ6I VBA32 = Trojan.Jorik.Pirminay.bu TrendMicro-HouseCall = TROJ_GEN.R47CCET Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Jorik!IK CAT-QuickHeal = TrojanDownloader.Ponmocup McAfee-GW-Edition = Heuristic.LooksLike.Win32.Suspicious.B DrWeb = Trojan.DownLoader4.28021 ByteHero = Trojan.Win32.Heur.Gen TrendMicro = TROJ_GEN.R47CCET Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Jorik.K!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.hxys McAfee = Downloader.a!or ClamAV = Trojan.Agent-264053 F-Secure = Trojan.Generic.6386964 VIPRE = Trojan.Win32.Generic!BT eSafe = Win32.TRDropper AVG = Dropper.Generic4.SXS Norman = W32/Kryptik.ALS GData = Trojan.Generic.6386964 Symantec = Trojan.Gen TheHacker = Trojan/Injector.hzu BitDefender = Trojan.Generic.6386964 NOD32 = a variant of Win32/Kryptik.UFA
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 16384 Initialized Data Size : 200704 Uninitialized Data Size : 0 Entry Point : 0x137e OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.0.0.74 Product Version Number : 5.0.0.74 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Created by VIONA Development Company Name : RAVISENT Technologies Inc. File Description : CineMaster C WDM DVD Minidriver File Version : 5.0.00.0074 Internal Name : VDMINDVD.SYS Legal Copyright : Copyright 1999 RAVISENT Technologies Inc. Original Filename : VDMINDVD.SYS Product Name : CineMaster C WDM Product Version : 5.0.00.0074
VirusTotal Report submitted 2012-06-13 22:47:21
VirusShare info last updated 2012-07-26 03:39:47

	MD5	67898e145a5db697eb30e37069b46c41
	SHA1	923aab1870bb6454b75d5d6074df09f7f88ec1ea
	SHA256	f4a296a224226a86469ee438462d231e2bf7585ae0808fda893cace744e827d2
SSDeep	3072:jRr3TB4jviEZCLfN171BY4NQEu672uR7mzdYfMxJ0YWpCQBMYRlkkniXlkz3iCSy:jN94eEMLf/XHfc0IyAkniW6O5AXA0
Size	262144 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.XPACK.Gen3 Avast = Win32:MalOb-GD [Cryp] Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Vundo Panda = Suspicious file Rising = Trojan.Win32.Generic.12D40504 nProtect = Trojan/W32.Vundo.262144.B K7AntiVirus = Riskware Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.Click1.57208 Kaspersky = Trojan-Dropper.Win32.Agent.gtuk Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Virtum.MS!tr TotalDefense = Win32/Vundo.H!generic Jiangmin = DangerousObject.Multi.ffq McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.BFIS Norman = W32/Troj_Generic.BZBRG Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.13 Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:10 00:18:10-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 200704 Initialized Data Size : 94208 Uninitialized Data Size : 0 Entry Point : 0x2db3d OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Tsspbkhsl Uxnefljtowt File Description : DS Authorization for Services File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : DSAUTH.DLL Legal Copyright : © Tczifqmhh Kxkqtdjmkxp. All rights reserved. Original Filename : DSAUTH.DLL Product Name : Cnommjtcg® Pjgdmzq® Avenyfbft Xqomua Product Version : 6.1.7600.16385
VirusTotal Report submitted 2012-05-31 11:45:18
VirusShare info last updated 2012-07-26 03:40:17

	MD5	933a2aca1c3f47c9405d103636b1efbe
	SHA1	c9e9d77a1b3e7b0ffada9bfd1fc1b141f73c30eb
	SHA256	91bfd07aa55c82b4b95b9a522659b5d48f056ac92991f96e065bc3581a17df47
SSDeep	3072:hyQvIjjTmmPolUfj2qzf3mNaWczM7Y76Osd0oNctZE2xt0mzB:UBjPRJ2kmMWKyXctZQ8B
Size	221184 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:Mediyes-Q [Trj] Ikarus = Trojan.Win32.Webprefix AhnLab-V3 = Trojan/Win32.Mediyes Panda = Generic Trojan K7AntiVirus = Trojan VirusBuster = Trojan.Pirminay!UMjVJuFrcIE VBA32 = Trojan.Pirminay.rfi Emsisoft = Trojan.Win32.Webprefix!IK Comodo = TrojWare.Win32.Mediyes.FA CAT-QuickHeal = Trojan.Pirminay.rff McAfee-GW-Edition = Trojan-FAHZ!933A2ACA1C3F DrWeb = Trojan.Hosts.5806 Kaspersky = Trojan.Win32.Pirminay.rff ViRobot = Trojan.Win32.A.Pirminay.221184.N Microsoft = Trojan:Win32/Mediyes.C Fortinet = W32/Mediyes.FA!tr PCTools = Trojan.Gen TotalDefense = Win32/Mediyes.A!generic Jiangmin = Trojan/Pirminay.aqk McAfee = Trojan-FAHZ!933A2ACA1C3F F-Secure = Gen:Variant.Barys.596 VIPRE = Trojan.Win32.Generic!BT AVG = Agent3.BLOO Sophos = Troj/Mediyes-L GData = Gen:Variant.Barys.596 Symantec = Trojan.Gen BitDefender = Gen:Variant.Barys.596 NOD32 = a variant of Win32/Mediyes.F
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2012:03:16 20:49:44-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 151552 Initialized Data Size : 65536 Uninitialized Data Size : 0 Entry Point : 0x1470a OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.3.0.0 Product Version Number : 2.3.0.0 File Flags Mask : 0x0017 File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Works Ltd. File Description : Workstation Service Loader File Version : 2.3.0.0 Internal Name : wssl.dll Legal Copyright : (c) 2009 Works Ltd. Original Filename : wssl.dll Product Name : Workstation Service Loader Product Version : 2.3.0.0
VirusTotal Report submitted 2012-05-30 08:28:35
VirusShare info last updated 2012-07-26 03:44:18

	MD5	973d92a4eb6854b7d3a74b54637940b2
	SHA1	94a650fd2a16e9fb3cd4031b009456539096b90b
	SHA256	f741db6af493adddf5896aed2511d37f2efa96793dabc8de341adacacb828be5
SSDeep	1536:t7LvP49FjzgfltmG+8nsfVk4JxsKuTCrpypTLhje/0dZE:Vjytsfltz4kctpUh6MdZE
Size	70144 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/Win32.Menti.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Menti Panda = Suspicious file nProtect = Trojan/W32.Agent.70144.KJ K7AntiVirus = Riskware VirusBuster = Trojan.Menti!7DqWCYpx62s VBA32 = AdWare.SuperJuan.heur TrendMicro-HouseCall = TROJ_GEN.R11C2GU Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Menti.ifpu SUPERAntiSpyware = Trojan.Agent/Gen-Vundo McAfee-GW-Edition = Artemis!973D92A4EB68 DrWeb = Trojan.Siggen2.46156 TrendMicro = TROJ_GEN.R11C2GU Kaspersky = Trojan.Win32.Menti.ifpu Microsoft = Trojan:Win32/Vundo.gen!AV ViRobot = Trojan.Win32.Vundo.70144 Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Menti.y McAfee = Artemis!973D92A4EB68 F-Secure = Gen:Variant.Vundo.6 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CI.gen!Eldorado AVG = Generic25.AQGS Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.6 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CI.gen!Eldorado TheHacker = Trojan/Menti.gufq BitDefender = Gen:Variant.Vundo.6 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:12:13 23:23:45-05:00 PE Type : PE32 Linker Version : 5.12 Code Size : 24576 Initialized Data Size : 81920 Uninitialized Data Size : 0 Entry Point : 0x6674 OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.5479.0 Product Version Number : 6.0.5479.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 1 Language Code : English (U.S.) Character Set : Unicode Company Name : SEIKO EPSON CORPORATION File Description : EPSON Printer Driver File Version : 6.0.5479.0 (vbl_wcp_d2_drivers.060616-1619) Internal Name : ep0lvrae.dll Legal Copyright : Copyright (c) SEIKO EPSON CORPORATION 2003-2004. All rights reserved. Original Filename : ep0lvrae.dll Product Name : EPSON Printer Driver Product Version : 6.0.5479.0
VirusTotal Report submitted 2012-06-01 00:44:38
VirusShare info last updated 2012-07-26 03:44:41

	MD5	a26c2c76e6a49f537c35b59238fd17ad
	SHA1	c79da5ac5f968c2456bb0dfce57036112cf0cd06
	SHA256	166006c5e6e82cd6168685b59350ca10e34b73c75c72e61c8d104026b68b444e
SSDeep	6144:9JIWt9LFdDZ+SlUDNkZqOHPXi7cpyfAJhCSAEhMx96:9JPDVlSKfy7ccJSAo
Size	344024 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dldr.Ponmocup.A.271 Avast = Win32:Kryptik-CSZ [Trj] Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan-Downloader.Win32.Ponmocup AhnLab-V3 = Packed/Win32.Generic K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_RENOS.BMC Comodo = UnclassifiedMalware Emsisoft = Trojan-Downloader.Win32.Ponmocup!IK McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.WinSpy.1014 TrendMicro = TROJ_RENOS.BMC Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Kryptik.ANL!tr PCTools = HeurEngine.MaliciousPacker Jiangmin = Trojan/Generic.gnfz McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.11 VIPRE = Trojan.Win32.Generic!BT AVG = Generic22.BKGR Norman = W32/Troj_Generic.BXGZW GData = Gen:Variant.Vundo.11 Symantec = Packed.Generic.305 BitDefender = Gen:Variant.Vundo.11 NOD32 = a variant of Win32/Kryptik.NHM
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:07:30 20:23:39-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 20480 Initialized Data Size : 638976 Uninitialized Data Size : 0 Entry Point : 0x5d10 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Pkrztsxhl Knglhhciria File Description : Czjwleo Media Video DSP Components - Advanced File Version : 6.1.7600.16385 Internal Name : wmvdspa.dll Legal Copyright : © Microsoft Fhvrrgehbkj. All rights reserved. Original Filename : wmvdspa.dll Product Name : Rguyxgutn® Ttgcdzy® Zrtivzyig Txwmey Product Version : 6.1.7600.16385
VirusTotal Report submitted 2012-06-06 08:47:42
VirusShare info last updated 2012-07-26 03:45:32

	MD5	b43ef555be55edd6a02f38cc7ebe3c38
	SHA1	707fb5d07afd70145ec1891be21e624a14270681
	SHA256	19295db7e7d013e227679fb8ea639959a8f16bae46e2a79d8d6fbe3305f2ef8a
SSDeep	1536:Lgz+mGp4Z9sh5yiYtXVboTLQ3Fk1CnCRJZu1MqqU+NV23S2D:LuGp4sXyiYtFboE8k1MqqDLy/D
Size	86528 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-HH [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Fakeav.86528.R Panda = Trj/Genetic.gen nProtect = Trojan/W32.Agent.86528.MA K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_GEN.R47CDF4 Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Win32.Vundo.av5.ML SUPERAntiSpyware = Trojan.Agent/Gen-Vundo McAfee-GW-Edition = Artemis!B43EF555BE55 DrWeb = Trojan.WinSpy.1072 TrendMicro = TROJ_GEN.R47CDF4 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Vundo TotalDefense = Win32/Vundo.HSC Jiangmin = Trojan/Generic.gije McAfee = Artemis!B43EF555BE55 ClamAV = PUA.Win32.Packer.Armadillo-93 F-Secure = Gen:Variant.Vundo.4 VIPRE = Virtumonde eSafe = Win32.TRVundo F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Vundo.MH Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = Trojan.Vundo!gen9 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.owy BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.OWY
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:13 09:32:51-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 32768 Initialized Data Size : 106496 Uninitialized Data Size : 0 Entry Point : 0x8a87 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Softpub Forwarder DLL File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : Softpub Forwarder DLL Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : Softpub Forwarder DLL Product Name : Microsoft® Windows® Operating System Product Version : 6.1.7600.16385
VirusTotal Report submitted 2012-06-07 16:00:29
VirusShare info last updated 2012-07-26 03:47:13

	MD5	da85184cff75b3fa3a115246bb4b346e
	SHA1	9ed7c366890f4b6ddd740d8b70bf3760694154ff
	SHA256	ddd16140a30b826e1117dd7fb08214fa0b10bd027b33a9ed3467c43f0cd75648
SSDeep	6144:455IJzJznrggsdgz1Jo5H9PnNUxBqczZcuhBzQYvYPuvK01:4HI1dS8Jw9/axhNPBz1QPmKo
Size	294411 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Pirminay.bhf Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/Agent.OLO nProtect = Trojan.Generic.5382285 K7AntiVirus = Riskware VBA32 = SScope.Trojan.Pirminay.chc TrendMicro-HouseCall = TROJ_GEN.R4FH1IN Emsisoft = Trojan.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = TrojanDownloader.Renos McAfee-GW-Edition = Kryp.b DrWeb = Trojan.MulDrop1.59103 Microsoft = TrojanDownloader:Win32/Renos.KC Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.gs McAfee = Kryp.b ClamAV = Trojan.Agent-183385 F-Secure = Trojan.Generic.5382285 VIPRE = Trojan.Win32.Generic!BT AVG = Downloader.Generic10.BOLE Norman = W32/Kryptik.AIF Sophos = Mal/Ponmocup-A Symantec = Trojan.Gen TheHacker = Trojan/Pirminay.bhf BitDefender = Trojan.Generic.5382285 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:04:01 19:14:40-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 24064 Initialized Data Size : 531968 Uninitialized Data Size : 0 Entry Point : 0x69a6 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2001.12.4414.42 Product Version Number : 3.0.0.4414 File Flags Mask : 0x003f File Flags : Special build File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Windows, Latin1 Company Name : Microsoft Corporation File Version : 2001.12.4414.42 Internal Name : COMADDIN.DLL Legal Copyright : Copyright (C) Microsoft Corp. 1995-1999 Legal Trademarks : Microsoft(R) is a registered trademark of Microsoft Corporation. Windows(TM) is a trademark of Microsoft Corporation Product Name : COM Services Product Version : 03.00.00.4414
VirusTotal Report submitted 2012-06-05 17:35:31
VirusShare info last updated 2012-07-26 03:50:23

	MD5	f952c1e3c1a11ffb477cb14e6b930bea
	SHA1	40b5005febabe41a6e52dbeb784579f671c7eb90
	SHA256	c4e31820a77fb3b2c5ff3854b73cbda20667b5ef503eac4d1c54c592eed842c2
SSDeep	1536:rjUkPHQOr6fPhIr71oq8fNXMOQwKeZHflfcpxzKgONH8SJ+14H+3C:jHQOr6s71/y+e5OKEf4cC
Size	100000 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	Avast = Win32:Pirminay-G [Trj] Ikarus = Trojan.Win32.Pirminay TrendMicro-HouseCall = TROJ_DLOADR.SMWQ Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Downloader-CEW.ag TrendMicro = TROJ_DLOADR.SMWQ Microsoft = TrojanDownloader:Win32/Renos.KC Fortinet = W32/Kryptik.ANL!tr Jiangmin = Trojan/Pirminay.hz McAfee = Downloader-CEW.ag F-Secure = Gen:Variant.Graftor.6659 AVG = Generic20.BYQX Norman = W32/Kryptik.AIF Sophos = Mal/Ponmocup-A GData = Gen:Variant.Graftor.6659 TheHacker = Trojan/Pirminay.bwf BitDefender = Gen:Variant.Graftor.6659
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:08:31 20:40:09-04:00 PE Type : PE32 Linker Version : 5.12 Code Size : 16384 Initialized Data Size : 532480 Uninitialized Data Size : 0 Entry Point : 0x40f6 OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI Warning : Error processing PE data dictionary
VirusTotal Report submitted 2012-05-15 05:03:02
VirusShare info last updated 2012-07-26 03:53:34

	MD5	2396e1e6fdf1864f2e695f76d61e333f
	SHA1	46b23d77c66e559d4290fe9ef93170d2c302c0b9
	SHA256	a6cacc627e8a78e767ec929af4a35de80e0ee0e079cc501c9a617cbc634684fc
SSDeep	3072:DfSDPqf13Vz/irrfqmg/b2Ue78aVm/kdwEi903ZUfVmNU1NiL8wKcXH/p2jUHASu:mDaFWPqmO4+/kdyxMN4ipzRMIAX
Size	166912 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:MalOb-HH [Cryp] Ikarus = Trojan.Win32.Pirminay Panda = Suspicious file nProtect = Trojan/W32.Agent.166912.EK K7AntiVirus = Riskware VBA32 = AdWare.SuperJuan.xvk Emsisoft = Trojan.Win32.Pirminay!IK Comodo = TrojWare.Win32.Genome.~BS McAfee-GW-Edition = Artemis!2396E1E6FDF1 DrWeb = Trojan.Siggen2.27905 Kaspersky = Trojan.Win32.Monder.ntik Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr TotalDefense = Win32/Vundo.H!generic Jiangmin = Adware/SuperJuan.ew McAfee = Artemis!2396E1E6FDF1 F-Secure = Gen:Variant.Vundo.5 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.BZ.gen!Eldorado AVG = Crypt_c.BEG GData = Gen:Variant.Vundo.5 Commtouch = W32/Virtumonde.BZ.gen!Eldorado BitDefender = Gen:Variant.Vundo.5 NOD32 = probably a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:11:09 02:40:29-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 152576 Initialized Data Size : 50176 Uninitialized Data Size : 0 Entry Point : 0x26239 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.0.2614.3500 Product Version Number : 5.0.2614.3500 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : ActiveX Interface Marshaling Library File Version : 5.00.2614.3500 Internal Name : ActXPrxy.dll Legal Copyright : Copyright (C) Microsoft Corp. 1981-1999 Original Filename : ActXPrxy.dll Product Name : Microsoft(R) Windows (R) 2000 Operating System Product Version : 5.00.2614.3500 Ole Self Register :
VirusTotal Report submitted 2012-06-06 10:10:37
VirusShare info last updated 2012-07-26 03:59:32

	MD5	481e9ba2510ecc6a2dc2da217d4ac590
	SHA1	23f175f03e189502c628ba521415cdb40299f421
	SHA256	24002a42a65ca9e73c87351a5fdd3ebc94adcd7c87100e04409eef7f5ad537a7
SSDeep	1536:GE1vdlrQoPEcHKK4b0rd9lITJJhabHLWB2vDhBEQtaHkQf:DdZrPDKfe9lIFJhcLRreHkQf
Size	76800 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Trj/Genetic.gen nProtect = Trojan/W32.Monder.76800.C K7AntiVirus = Riskware VirusBuster = Trojan.Monder.Gen.7 TrendMicro-HouseCall = TROJ_GEN.R4FC1IK Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.Click1.61036 TrendMicro = TROJ_GEN.R4FC1IK Kaspersky = Trojan.Win32.Monder.ngty Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Monder.BMF!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Monder.abee McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.YJO Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.ndi BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.NDI
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:06:29 07:32:37-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 32768 Initialized Data Size : 90112 Uninitialized Data Size : 0 Entry Point : 0x4add OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 2 Language Code : Neutral Character Set : Unicode Company Name : Microsoft Feyzmogvamr File Description : Greenlandic Keyboard Layout File Version : 6.0.6000.16386 (edkrn_rtm.061101-2205) Internal Name : kbdgrlnd (3.13) Legal Copyright : © Oscyawtxx Pxpucqjdtev. All rights reserved. Original Filename : kbdgrlnd.dll Product Name : Vhrnqseir® Eipvpsk® Bxmonqxom Vrwqts Product Version : 6.0.6000.16386
VirusTotal Report submitted 2012-05-19 12:18:30
VirusShare info last updated 2012-07-26 04:02:56

	MD5	5e0afc369497785209cd35abe972aa20
	SHA1	c4965a6bc7c2ed99db903d14051448177e6eb179
	SHA256	ae94667457f8953e346539599df1d3612d604618026699fa2007f8d640e7c9f5
SSDeep	3072:ouQF8/qopGxfwK5ZTKrwEu2ZhwHJValiljMqqDLy/T0K:4F8/ExYK51yhwgnqqDLuT
Size	166400 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.A.946 Avast = Win32:Kryptik-ELX [Trj] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Trj/Genetic.gen Rising = Trojan.Win32.Generic.12899D94 K7AntiVirus = Riskware eTrust-Vet = Win32/Vundo.HQK TrendMicro-HouseCall = TROJ_GEN.R4FC2GF Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Vundo!lo DrWeb = Trojan.Smardec.75 TrendMicro = TROJ_GEN.R4FC2GF Kaspersky = Trojan.Win32.Monder.drjy Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen Jiangmin = Trojan/Monder.aapz McAfee = Vundo!lo F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.ANJ Norman = W32/Kryptik.AIF Sophos = Mal/Generic-L GData = Gen:Variant.Vundo.13 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.oxq BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.OXQ
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:12:07 01:22:53-05:00 PE Type : PE32 Linker Version : 5.12 Code Size : 98304 Initialized Data Size : 118784 Uninitialized Data Size : 0 Entry Point : 0x148ca OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.3790.3959 Product Version Number : 6.0.3790.3959 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Microsoft IIS Common Logging Interface DLL File Version : 6.0.3790.3959 (srv03_sp2_rtm.070216-1710) Internal Name : ISCOMLOG.DLL Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : ISCOMLOG.DLL Product Name : Internet Information Services Product Version : 6.0.3790.3959
VirusTotal Report submitted 2012-05-12 07:01:18
VirusShare info last updated 2012-07-26 04:04:52

	MD5	8410034b7677ec8816fb74913ad85630
	SHA1	c7ae1e12436611d561b3baf0b1262a000fd75a69
	SHA256	343544e9ee074089fc8fecb40a350bf46879482ce1f2e0716925f6d01992dab2
SSDeep	1536:nHW87gmGl6H9shtliYAnT2bo1LQ3Fp1CnCRJZu4MqqU+NV23S2i:nHWoGl6WjliYAiboB8k4MqqDLy/i
Size	86528 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-HH [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Fakeav.86528.R Panda = Trj/Genetic.gen nProtect = Trojan/W32.Agent.86528.MA K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!jVlyuXc0l1w eTrust-Vet = Win32/Vundo.HSC TrendMicro-HouseCall = TROJ_GEN.R72C2G1 Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Vundo McAfee-GW-Edition = Vundo!lw DrWeb = Trojan.WinSpy.1072 TrendMicro = TROJ_GEN.R72C2G1 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Vundo Jiangmin = Trojan/Generic.gije McAfee = Vundo!lw F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Generic!BT F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.JHQ Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = Trojan.Vundo!gen9 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.owy BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.OWY
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:13 09:32:51-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 32768 Initialized Data Size : 106496 Uninitialized Data Size : 0 Entry Point : 0x8a87 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Softpub Forwarder DLL File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : Softpub Forwarder DLL Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : Softpub Forwarder DLL Product Name : Microsoft® Windows® Operating System Product Version : 6.1.7600.16385
VirusTotal Report submitted 2012-05-15 00:03:28
VirusShare info last updated 2012-07-26 04:08:21

	MD5	99757bbc2b1833ed8f0c076f72aed0b6
	SHA1	022511d8f1baf4ad7222560dd383b839295b8f37
	SHA256	2ab44b553935b32f4b11d0e48f73a17e470f36f8d127f5f0620f2a8e7f738aee
SSDeep	1536:2qcC5oMGaG5xrIUh/UrmXZgoKGfJZKAcAEcm6hbD93ugyk5e4U7n5Iu:2G5Ax/crmXZgVIqATH9eg/5eXz5Iu
Size	100000 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	Avast = Win32:Pirminay-H [Trj] Ikarus = Trojan-Downloader.Win32.Ponmocup Panda = Trj/CI.A nProtect = Trojan.Generic.5384705 TrendMicro-HouseCall = TROJ_DLOADR.SMWQ Emsisoft = Trojan-Downloader.Win32.Ponmocup!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Downloader-CEW.ag TrendMicro = TROJ_DLOADR.SMWQ Fortinet = W32/Ponmocup.A!tr Jiangmin = Trojan/Generic.duhi McAfee = Downloader-CEW.ag F-Secure = Trojan.Generic.5384705 AVG = Downloader.Generic10.BUYR Norman = W32/Troj_Generic.dam Sophos = Mal/Ponmocup-A GData = Trojan.Generic.5384705 TheHacker = Trojan/Kryptik.kwl BitDefender = Trojan.Generic.5384705 NOD32 = a variant of Win32/Kryptik.KWL
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:08:16 05:58:39-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 57344 Initialized Data Size : 614400 Uninitialized Data Size : 0 Entry Point : 0xe142 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI Warning : Error processing PE data dictionary
VirusTotal Report submitted 2012-05-16 15:35:21
VirusShare info last updated 2012-07-26 04:10:20

	MD5	b284969df5a86417e91ea2837ae72895
	SHA1	60dc723d040954ae357ab49c32b7a0a2d23f0483
	SHA256	0880d2e0247af011aa946d3f8fc3941d9e7fdaff8ad5f0a23e7b69c8574f7164
SSDeep	1536:0/fls2Y9TCmaLUMdf0MAcqP6ag4wWqAjnxV4oq4j:0/fl9Y9TCZUMT9qyag4vqA7x5q
Size	80896 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.AV.531 Avast = Win32:MalOb-GD [Cryp] Antiy-AVL = Trojan/win32.agent.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Generic Trojan K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_GEN.R2ECCES Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.Virtumod.10571 TrendMicro = TROJ_GEN.R2ECCES Kaspersky = Trojan.Win32.Monder.ntvn Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Vundo TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Generic.inoj McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.4 VIPRE = Virtumonde F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Cryptic.EBN Norman = W32/Kryptik.AIF GData = Gen:Variant.Vundo.4 Symantec = Trojan.Vundo!gen9 Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.OCU
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:09:18 17:05:04-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 61440 Initialized Data Size : 57344 Uninitialized Data Size : 0 Entry Point : 0xf621 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6001.18000 Product Version Number : 6.0.6001.18000 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Bpvzsoopi Nskvvnbnlcg File Description : Yiykmbwpy® InfoTech Storage Yhtfxj Library File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840) Internal Name : APSS Legal Copyright : © Mtxyltvhu Corporation. All rights reserved. Original Filename : APSS.DLL Product Name : Ftjrxowtm® Mhkdvnj® Bniobijdq Brxvdg Product Version : 6.0.6001.18000
VirusTotal Report submitted 2012-06-01 00:46:22
VirusShare info last updated 2012-07-26 04:12:45

	MD5	d608b8f39fdfa2b0a73ffd72f09e49e2
	SHA1	994462c04cde95d39fb06ccc48a49c74e5472a62
	SHA256	177e6ec869e4bd377a77c4598ec103a103e9f21760f1b763feb40e7a6cf03602
SSDeep	3072:nQgoQuUsvG30Wf8LAaQk0TFZXM7fYu4TsfqwlPllfyZ:pnAi0n8k0TFO7gElLf
Size	139776 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Rogue.kdv.626973 Avast = Win32:Diller-AF [Trj] Ikarus = Trojan.Win32.Pirminay nProtect = Trojan.Generic.KDV.626973 K7AntiVirus = Riskware Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK Fortinet = W32/Ponmocup.AZ!tr F-Secure = Trojan.Generic.KDV.626973 VIPRE = Trojan.Win32.Generic!BT AVG = Generic28.AAWF Norman = W32/Kryptik.AIF GData = Trojan.Generic.KDV.626973 BitDefender = Trojan.Generic.KDV.626973 NOD32 = a variant of Win32/Kryptik.ADVZ
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2012:05:05 20:00:00-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 90112 Initialized Data Size : 53248 Uninitialized Data Size : 0 Entry Point : 0xd5b9 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-05-22 06:40:32
VirusShare info last updated 2012-07-26 04:15:31

	MD5	ef4ba9b92ff2527b3dd05dd1f2188b74
	SHA1	e65a44a44d5454c1963e77bc4db6491f50fe2f8a
	SHA256	cd810392795dd66accce6cd6a1618872cb3047cb6029343382a45f9cd6fcc9a1
SSDeep	1536:jNiZdb6BOgLdvOzOXF1h4un0/kq8Dx+897Fz35kxmDjISYwXg+WjhUHK:5iZdb6B9hvZfh4f8oC35MmDjIa1W
Size	106496 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.ZPACK.Gen2 Avast = Win32:Diller-DK [Trj] Ikarus = Trojan.Win32.Pirminay Panda = Suspicious file K7AntiVirus = Riskware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Artemis!EF4BA9B92FF2 Microsoft = Trojan:Win32/Vundo.gen!CB Fortinet = W32/Ponmocup.AZ!tr McAfee = Artemis!EF4BA9B92FF2 F-Secure = Gen:Variant.Barys.2838 VIPRE = Virtumonde AVG = Generic_s.EZ Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Barys.2838 BitDefender = Gen:Variant.Barys.2838 NOD32 = Win32/Ponmocup.AA
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:10:31 07:30:40-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 53248 Initialized Data Size : 53248 Uninitialized Data Size : 0 Entry Point : 0x39bb OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-05-27 18:28:58
VirusShare info last updated 2012-07-26 04:17:14

	MD5	159ea918a75b731f6d3104743158ee8c
	SHA1	0797ca1f6d84d4980eb9cea30ecf15ae57ffde98
	SHA256	43017be10862f405fe1a461d280b39301ae3a5dc97691e61854130718d61a83c
SSDeep	6144:7wMVWVP8NQ+dMD1hwwcHOokoTxvGpyhZ+Uam6iOsB7RcMI1kGykVrr06NyfOA79t:7wMVWVENLS0wI1nVRVIlyGr/I3
Size	364544 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Riern.1.4 Avast = Win32:Vundo-JU [Trj] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay nProtect = Trojan/W32.Vundo.364544 K7AntiVirus = Trojan VirusBuster = Trojan.Pirminay!HlA/rsv0v80 VBA32 = Trojan.Pirminay.hvw TrendMicro-HouseCall = TROJ_PIRMI.SMUM1 Emsisoft = Trojan.Win32.Pirminay!IK Comodo = TrojWare.Win32.Trojan.Agent.Gen McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.DownLoader3.11082 TrendMicro = TROJ_PIRMI.SMUM1 Kaspersky = Trojan.Win32.Pirminay.hvw Microsoft = TrojanDownloader:Win32/Renos.KC ViRobot = Trojan.Win32.A.Pirminay.364544 Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.afb McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.11 VIPRE = Trojan.Win32.Generic!BT AVG = SHeur3.CCKO Norman = W32/Suspicious_Gen2.MQRRZ Sophos = Mal/Generic-L GData = Gen:Variant.Vundo.11 Symantec = Trojan.Gen TheHacker = Trojan/Pirminay.hvw BitDefender = Gen:Variant.Vundo.11 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:12:02 18:24:12-05:00 PE Type : PE32 Linker Version : 6.0 Code Size : 65536 Initialized Data Size : 581632 Uninitialized Data Size : 0 Entry Point : 0xd63f OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.0 Product Version Number : 5.2.3790.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Pzgsszgdt Dksukulyvsf File Description : Sort Utility File Version : 5.2.3790.0 (srv03_rtm.030324-2048) Internal Name : Sort Legal Copyright : © Uifqazqou Nvuaakpupxj. All rights reserved. Original Filename : Sort.EXE Product Name : Rwrynhcig® Dhcfnul® Cmwbebzrp Nmkgdm Product Version : 5.2.3790.0
VirusTotal Report submitted 2012-05-24 12:23:29
VirusShare info last updated 2012-07-26 04:21:01

	MD5	1abfcbd33ba021ff884f1784f27adf24
	SHA1	267412e9c8a9a7194f389742ea537eaeca637382
	SHA256	403fafe40f0d86570fc81bb833716f1121c13d0161d098952a211c58d825bc73
SSDeep	3072:jsWq+kMWKE+fs40PV6WOY0Wayhj4rYiaIrjzf7YotrI6M:HFkM19sDJEySlrjr7Y6+
Size	221184 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:Mediyes-Q [Trj] Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Mediyes Panda = Trj/Genetic.gen Rising = Trojan.Win32.Generic.12C3FCAF nProtect = Trojan/W32.Pirminay.221184.B K7AntiVirus = Trojan VBA32 = Trojan.Pirminay.rdg TrendMicro-HouseCall = TROJ_GEN.R01CDF1 Comodo = TrojWare.Win32.Mediyes.FC Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Artemis!1ABFCBD33BA0 DrWeb = Trojan.Hosts.5792 TrendMicro = TROJ_GEN.R01CDF1 Kaspersky = Trojan.Win32.Pirminay.rdi Microsoft = Trojan:Win32/Mediyes.C ViRobot = Trojan.Win32.A.Pirminay.221184.O Fortinet = W32/Mediyes.FA!tr TotalDefense = Win32/Mediyes.A!generic Jiangmin = Trojan/Pirminay.aqi McAfee = Artemis!1ABFCBD33BA0 F-Secure = Gen:Variant.Barys.1155 VIPRE = Trojan.Win32.Generic!BT F-Prot = W32/Mediyes.D.gen!Eldorado AVG = Agent.7.G Norman = W32/Troj_Generic.BZNVB Sophos = Troj/Mediyes-L GData = Gen:Variant.Barys.1155 Commtouch = W32/Mediyes.D.gen!Eldorado TheHacker = Trojan/Pirminay.rdh BitDefender = Gen:Variant.Barys.1155 NOD32 = a variant of Win32/Mediyes.F
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2012:03:23 01:32:31-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 151552 Initialized Data Size : 65536 Uninitialized Data Size : 0 Entry Point : 0x14a1a OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-06-05 22:35:24
VirusShare info last updated 2012-07-26 04:21:35

	MD5	978f7a05d4fbc4c6f434f00e83711d7a
	SHA1	2bfca37cb907204f22a6dab0c4678c6e509febb8
	SHA256	e74e15a1016e48bd2727946a49273c2fabe7874f2a363ddf84b639eb1597f8a5
SSDeep	3072:fQnGXp4N5n3UbubszzAPq96lwS7gFjNmCdQlUMmfgHPFsiyMqqDLy/kdJm:5KNpkb8w9TFDMmfgH2OqqDLuw
Size	184320 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-HH [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Vundo Panda = Suspicious file K7AntiVirus = Riskware VirusBuster = Trojan.Vundo.Gen!Pac.49 TrendMicro-HouseCall = TROJ_GEN.R47CDEO Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Vundo McAfee-GW-Edition = Artemis!978F7A05D4FB DrWeb = Trojan.Click1.54577 TrendMicro = TROJ_GEN.R47CDEO Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Vundo TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Generic.aeemt McAfee = Artemis!978F7A05D4FB F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.ACTC Norman = W32/Vundo.BQGO Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = Trojan.Vundo!gen9 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.llt BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LLT
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2007:02:28 11:10:14-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 106496 Initialized Data Size : 118784 Uninitialized Data Size : 0 Entry Point : 0x162e2 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Disk Management DCOM Interface Stub File Version : 6.0.6000.16386 (vista_rtm.061101-2205) Internal Name : dmintf.dll Legal Copyright : Copyright© 1985-2002 Microsoft Corporation. All rights reserved. .Portions Copyright © 1997-2002 Veritas Software. All rights reserved. Original Filename : dmintf.dll Product Name : Microsoft® Windows® Operating System Product Version : 6.0.6000.16386
VirusTotal Report submitted 2012-05-27 03:04:55
VirusShare info last updated 2012-07-26 04:32:30

	MD5	e1dc88090e58326c96706c448e242ed8
	SHA1	2ede4dffa96de7d718ee48a223073852a887da3f
	SHA256	2e2a00d2c37e01b54d9cd02e2bb889cdf27b3dc17bff402dd814186f5127a47c
SSDeep	3072:fhknA79ae0XJIRQ0ydh8qQ5JQnglMMqqDLy/ihmGTWp41AJd/H:f6n4NryI5SKqqDLuCmGTWcAb
Size	163840 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-HH [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Fakeav.163840.EV nProtect = Trojan/W32.Agent.163840.AFN K7AntiVirus = Trojan VirusBuster = Trojan.Monder!tTAtorR5lh8 TrendMicro-HouseCall = TROJ_GEN.R4FCDF3 Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Vundo McAfee-GW-Edition = Artemis!E1DC88090E58 DrWeb = Trojan.Click2.449 TrendMicro = TROJ_GEN.R4FCDF3 Kaspersky = Trojan.Win32.Monder.ntic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Vundo TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Monder.aeqo McAfee = Artemis!E1DC88090E58 F-Secure = Gen:Variant.TDss.65 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.YXL Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.TDss.65 Symantec = Trojan.Vundo!gen9 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Genome.sufl BitDefender = Gen:Variant.TDss.65 NOD32 = Win32/Adware.Virtumonde.NHD
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:14 06:08:13-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 86016 Initialized Data Size : 118784 Uninitialized Data Size : 0 Entry Point : 0x1147a OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.5479.0 Product Version Number : 6.0.5479.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : SEIKO EPSON CORPORATION File Description : EPSON Print Processor ESC/Page-S File Version : 6.0.5479.0 (vbl_wcp_d2_drivers.060616-1619) Internal Name : ep0lpp01.dll Legal Copyright : Copyright (c) SEIKO EPSON CORPORATION 2006. All rights reserved. Original Filename : ep0lpp01.dll Product Name : EPSON Print Processor ESC/Page-S Product Version : 6.0.5479.0
VirusTotal Report submitted 2012-06-06 13:41:58
VirusShare info last updated 2012-07-26 04:39:37

	MD5	032efc8478a24ccdeb8facddd8363d8d
	SHA1	c82aa909c8782f093a2b10dfc27ed4e5ca7fd717
	SHA256	6e5dbc848b415e4126d4e3bdb6a2574572a2a5585b952181258d70dc5b989f20
SSDeep	3072:4xg/vTQZ3410tiJvqJ6UNnJ4YCBCimczxq1i4gPr3:XHTQZo10tiK4YW3zx4iF
Size	122880 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Menti Panda = Suspicious file nProtect = Trojan/W32.Agent.122880.ZK K7AntiVirus = Trojan VBA32 = AdWare.SuperJuan.heur eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R37CDEE Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Vundo.Gen McAfee-GW-Edition = Artemis!032EFC8478A2 DrWeb = Trojan.Siggen2.27947 TrendMicro = TROJ_GEN.R37CDEE Kaspersky = Trojan.Win32.Genome.affju Microsoft = Trojan:Win32/Vundo.gen!AV ViRobot = Trojan.Win32.A.Menti.122880 Fortinet = W32/Menti.fam!tr PCTools = Trojan.Vundo Jiangmin = Trojan/Menti.aok McAfee = Artemis!032EFC8478A2 F-Secure = Gen:Variant.Buzy.3628 VIPRE = Trojan.Win32.Kryptik.laq (v) eSafe = Win32.TRVundo F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic28.ALRJ Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Buzy.3628 Symantec = Trojan.Vundo!gen9 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.kfj BitDefender = Gen:Variant.Buzy.3628 NOD32 = a variant of Win32/Kryptik.KFJ
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:11:29 03:13:55-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 65536 Initialized Data Size : 90112 Uninitialized Data Size : 0 Entry Point : 0x10ab4 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1.0.33.0 Product Version Number : 1.0.33.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : Hewlett Packard Corporation File Description : JobRetention Render Plug-In module File Version : 1.0.33.0 Internal Name : HPCJOBRETR Legal Copyright : Copyright © 1997 - 2001 Legal Trademarks : Original Filename : Private Build : Product Name : Hewlett Packard JobRetention render module Product Version : 1.0.33.0 Special Build :
VirusTotal Report submitted 2012-05-16 03:03:18
VirusShare info last updated 2012-07-26 04:44:54

	MD5	03edf5d7675d68e90930797c9dac6a4d
	SHA1	f9ec8de08b15f329d30f472bcdf3506df9ec2be2
	SHA256	2aadce06ac0303f866a02a8f9a8f26496a13e7260a3054d68497fd60c5901806
SSDeep	3072:quNjlGI7ru0kaHVEMcNC3trrRtWbcvEkbrrbtwRg6lnMqqDLy/nqdW4qhblZ:7jln7C0kaHVFcNC3trVQb2Ekb5wRg7q3
Size	175104 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-HH [Cryp] Ikarus = Trojan.Win32.Pirminay Panda = Generic Trojan K7AntiVirus = Riskware VirusBuster = Trojan.Vundo.Gen!Pac.49 eTrust-Vet = Win32/Vundo.H!generic Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.WinSpy.1246 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Vundo Jiangmin = Trojan/Generic.ikhf McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.PHL Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.13 Symantec = Trojan.Vundo!gen9 Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Gen:Variant.Vundo.13 NOD32 = probably a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2005:03:16 15:07:21-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 114688 Initialized Data Size : 118784 Uninitialized Data Size : 0 Entry Point : 0x18112 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 12 Language Code : English (U.S.) Character Set : Unicode Company Name : Oqxscvscm Cqwohydmllc File Description : Ybzoqqqdg Fax TIFF library File Version : 6.0.6000.16386 (wnxop_rtm.061101-2205) Internal Name : FXSTIFF.DLL Legal Copyright : © Ovovhpusx Corporation. All rights reserved. Original Filename : FXSTIFF.DLL Product Name : Phlfrzxjd® Kvhzovi® Oxonrjslv Whyjca Product Version : 6.0.6000.16386
VirusTotal Report submitted 2012-05-16 20:58:02
VirusShare info last updated 2012-07-26 04:44:59

	MD5	26a8b954f9d5629d059a28555f161815
	SHA1	b3b63a2b81f3ca040275d745d5974287aed3bfa1
	SHA256	be007dfc772cfa6299550f7a978f854a065d3a262a92049c5439d13e603280b2
SSDeep	3072:L8+EhS1lrklDyDRi1bb5Xssa/yPBy8cSPUQ5Ic515VfI7tS+KM:P/3oDHsld87rIcbfr0
Size	212992 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Mediyes Panda = Trj/Genetic.gen nProtect = Trojan/W32.Agent.212992.AIR K7AntiVirus = Trojan VBA32 = Trojan.Pirminay.rez TrendMicro-HouseCall = H2_AGENT_010671.TOMB Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Mediyes McAfee-GW-Edition = Artemis!26A8B954F9D5 DrWeb = Trojan.Hosts.5800 TrendMicro = H2_AGENT_010671.TOMB Kaspersky = HEUR:Trojan.Win32.Generic ViRobot = Trojan.Win32.A.Pirminay.212992 Microsoft = Trojan:Win32/Mediyes.C Fortinet = W32/Mediyes.FA!tr TotalDefense = Win32/Mediyes.A!generic Jiangmin = Trojan/Pirminay.aqj McAfee = Artemis!26A8B954F9D5 F-Secure = Gen:Variant.Barys.1155 VIPRE = Trojan.Win32.Generic!BT F-Prot = W32/Mediyes.D.gen!Eldorado AVG = Agent3.BLOQ Norman = W32/Mediyes.G Sophos = Troj/Mediyes-L GData = Gen:Variant.Barys.1155 Commtouch = W32/Mediyes.D.gen!Eldorado TheHacker = Trojan/Pirminay.rjm BitDefender = Gen:Variant.Barys.1155 NOD32 = probably a variant of Win32/Mediyes.F
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2012:01:23 13:04:43-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 147456 Initialized Data Size : 61440 Uninitialized Data Size : 0 Entry Point : 0x1363a OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-05-30 02:58:45
VirusShare info last updated 2012-07-26 04:49:43

	MD5	3185da26d1b4524c45d5d2778dbfd1f8
	SHA1	c9a5a84d2e499de3e220519c494657b2ae09f0aa
	SHA256	c6ec7986d25edb884f7bbe7dc0b592305ba70c52a01603e9d43da3a5573b171c
SSDeep	3072:Q5BdIEqI7MRyDdP0H2aBWJMwDyrJa9rXjZQ3bSt9vnM:9f+MvjKy9aRmWvM
Size	212992 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Mediyes Panda = Trj/Genetic.gen K7AntiVirus = Trojan eTrust-Vet = Win32/Mediyes.A!generic Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Artemis!3185DA26D1B4 DrWeb = Trojan.Hosts.5800 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Mediyes.C ViRobot = Trojan.Win32.A.Pirminay.212992.B Fortinet = W32/Mediyes.FA!tr PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.aqq McAfee = Artemis!3185DA26D1B4 F-Secure = Gen:Variant.Barys.1155 VIPRE = Trojan.Win32.Generic!BT F-Prot = W32/Mediyes.D2.gen!Eldorado AVG = Agent.7.G Norman = W32/Troj_Generic.BPAPR Sophos = Troj/Mediyes-L Symantec = Trojan.Gen GData = Gen:Variant.Barys.1155 Commtouch = W32/Mediyes.D2.gen!Eldorado BitDefender = Gen:Variant.Barys.1155 NOD32 = probably a variant of Win32/Mediyes.F
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2011:12:16 16:02:47-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 147456 Initialized Data Size : 61440 Uninitialized Data Size : 0 Entry Point : 0x1391a OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-05-16 10:37:44
VirusShare info last updated 2012-07-26 04:51:06

	MD5	4d5b045332e694abde8df4da897b5d35
	SHA1	e931a8f3c28f7f4cefa61e50313cbe3827c23da6
	SHA256	548330fd0f70971d6271e38641c21be57c40b72694fff1fa7fd691bfe1f8d679
SSDeep	12288:TwciAYBhG6h8QXgBzw+f6o2cqF4+I66sfF:EnA96tXgBM+fJt+I66OF
Size	425951 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.XPACK.Gen Avast = Win32:Malware-gen Antiy-AVL = Trojan/win32.agent.gen Ikarus = Trojan.Win32.Pirminay K7AntiVirus = Trojan VirusBuster = Trojan.DL.Agent!K4cco6WJ/c0 TrendMicro-HouseCall = TROJ_GEN.RFFC8E1 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = AdWare.Lop (Not a Virus) McAfee-GW-Edition = Artemis!4D5B045332E6 DrWeb = Trojan.Hosts.5875 TrendMicro = TROJ_GEN.RFFC8E1 Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Kryptik.ANL!tr PCTools = Adware.Lop!rem McAfee = Artemis!4D5B045332E6 F-Secure = Gen:Variant.Zbot.34 VIPRE = Trojan.Win32.Generic!BT AVG = Downloader.Generic12.BKKO Norman = W32/Kryptik.AIF Symantec = Adware.Lop GData = Gen:Variant.Zbot.34 BitDefender = Gen:Variant.Zbot.34 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:11:01 14:42:11-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 417792 Initialized Data Size : 397312 Uninitialized Data Size : 0 Entry Point : 0x66b26 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1.10.0.2 Product Version Number : 6.0.5479.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Brother Industries, Ltd. File Description : Dgsmeqd ME USB Mass-Storage Bulk-Only Lower Filter Driver File Version : 1.10.000 (vbl_wcp_d2_drivers.060616-1619) Internal Name : Legal Copyright : Copyright (C) Brother Industries, Ltd. 2001-2003 Original Filename : BrFiltLo.sys Product Name : RemovableDisk Product Version : 1.10.000
VirusTotal Report submitted 2012-06-02 21:47:12
VirusShare info last updated 2012-07-26 04:54:26

	MD5	58bf4fbe2d9341fb978af44aee8795a4
	SHA1	13a26ee5f45aadd9cca39f531038e099f2ee6828
	SHA256	da2ca2421ced0b86750a78d8a13868f89ff52b678e8399ad8a4f83a7259e6b61
SSDeep	3072:Qa2wE0pLlVPTaPxeE9e5lAMqqDLy/fme+UWv4b:QarpLrPM0E9e3qqDLufme+F
Size	139264 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay Panda = Suspicious file K7AntiVirus = Riskware eTrust-Vet = Win32/Vundo.H!generic Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Artemis!58BF4FBE2D93 DrWeb = Trojan.WinSpy.1455 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.iwzl McAfee = Artemis!58BF4FBE2D93 F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) eSafe = Win32.TRVundo F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.AAAA Norman = W32/Troj_Generic.BSBFA GData = Gen:Variant.Vundo.13 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.plf BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.PLF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:03:03 09:29:38-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 69632 Initialized Data Size : 110592 Uninitialized Data Size : 0 Entry Point : 0xd9fa OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : Neutral Character Set : Unicode Company Name : Microsoft Corporation File Description : HP DLT/Optical Medium changer driver File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : hpmc.sys Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : hpmc.sys Product Name : Microsoft® Windows® Operating System Product Version : 6.1.7600.16385
VirusTotal Report submitted 2012-05-15 00:47:19
VirusShare info last updated 2012-07-26 04:55:33

	MD5	6178c31be20ecadda5aa678e6d03b78a
	SHA1	d343ce60ab1d76c3dca5d0533486ac09ec0dac1e
	SHA256	2af9d1ced906058289317521150f2d97982be7be13be537fcd93c4f8756a2c91
SSDeep	6144:HPbQW8OrEHxpXyxTG8VAE+Z0lGeavJyf5R6IUIws1:HDQWZEHxpixIEplGjvC6VZY
Size	207966 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Jorik Ikarus = Trojan-Downloader.Win32.Ponmocup AhnLab-V3 = Trojan/Win32.Pirminay Panda = Suspicious file nProtect = Trojan.Generic.6460972 K7AntiVirus = Riskware VirusBuster = Trojan.DL.Agent!k8+I1R26onA VBA32 = Trojan.Jorik.Pirminay.asg TrendMicro-HouseCall = TROJ_GEN.R4FC7JF Emsisoft = Trojan-Downloader.Win32.Ponmocup!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Jorik.Pirminay.aqz McAfee-GW-Edition = Heuristic.LooksLike.Win32.Suspicious.B DrWeb = Trojan.DownLoader5.12521 TrendMicro = TROJ_GEN.R4FC7JF Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Agent.PXO!tr.dldr PCTools = Trojan.ADH Jiangmin = Trojan/Generic.kkfx McAfee = Artemis!6178C31BE20E F-Secure = Trojan.Generic.6460972 VIPRE = Trojan.Win32.Generic!BT AVG = Dropper.Generic4.ADSX Norman = W32/Suspicious_Gen2.RPJDM Sophos = Mal/Generic-L Symantec = Trojan.ADH GData = Trojan.Generic.6460972 TheHacker = Trojan/Downloader.Agent.pxo BitDefender = Trojan.Generic.6460972 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 16384 Initialized Data Size : 200704 Uninitialized Data Size : 0 Entry Point : 0x12a2 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2001.7.25.0 Product Version Number : 10.0.0.0 File Flags Mask : 0x003f File Flags : Pre-release, Private build File OS : Windows 16-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Windows, Latin1 Company Name : Iadgkddnq Rflbhymotsm File Description : Mzfnvpzjo Character Encoder File Version : 2001072500 Internal Name : msencode Legal Copyright : Copyright © 1996-2001 Dpwokgyty Rnuuwdvkidm. Legal Trademarks : Fsfspgeah® is a registered trademark of Nmvbsghsk Ovftffwlszh. Product Name : Bsrvjmvzb Character Encoder Product Version : 10.0 Comments :
VirusTotal Report submitted 2012-06-05 15:41:30
VirusShare info last updated 2012-07-26 04:56:19

	MD5	77e1b51323c5ddad580970521d957931
	SHA1	0ef1e9c49e47095766f57099c7be0c3e595d1090
	SHA256	cc9c6fbf923f365a6eaf880f0aab8c4bafb99c6d1845173508099411836a49be
SSDeep	1536:SA+faKKEDMqqU+NV23S2ELo6CJcRt6ctVGqvUo85/Nc:SrfkAMqqDLy/T6CaT6cmqY/Nc
Size	86016 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-HF [Cryp] Antiy-AVL = Trojan/win32.agent.gen Ikarus = Trojan.Win32.Pirminay Panda = Generic Trojan K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_GEN.R2ECDEV Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Artemis!77E1B51323C5 DrWeb = Trojan.WinSpy.1188 TrendMicro = TROJ_GEN.R2ECDEV Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Generic.uxse McAfee = Artemis!77E1B51323C5 F-Secure = Gen:Variant.Vundo.16 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Vundo.MH Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.16 Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Gen:Variant.Vundo.16 NOD32 = a variant of Win32/Kryptik.QGU
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:03:22 12:44:10-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 20480 Initialized Data Size : 106496 Uninitialized Data Size : 0 Entry Point : 0x4f87 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1.0.0.1 Product Version Number : 1.0.0.1 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : File Description : ScriptPW Module File Version : 1, 0, 0, 1 Internal Name : ScriptPW Legal Copyright : Copyright 2000 Original Filename : ScriptPW.DLL Product Name : ScriptPW Module Product Version : 1, 0, 0, 1 OLE Self Register :
VirusTotal Report submitted 2012-06-02 07:00:08
VirusShare info last updated 2012-07-26 04:58:33

	MD5	8612e1250468477385b1c0a0615f419b
	SHA1	ffd61e161a1d2a6671caa71916bcf597713858a4
	SHA256	5f9d8a6fe993ebdff7b266d8ee24d720fe6243381dfe7cb66ab11ee73c3563c9
SSDeep	12288:nvRFi55LuGwFJQOnAJdWkW0Ht5BmZUQeR3Sc1Vq1Ttj2WAndI:n5FivLuGGJQbXHoA3at6WQd
Size	425984 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Spy.425984.58 Avast = Win32:Diller-DK [Trj] Antiy-AVL = Trojan/win32.agent Ikarus = Trojan.Win32.Pirminay Panda = Generic Malware K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_GEN.R47C8EU Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Artemis!8612E1250468 DrWeb = Trojan.DownLoader6.9824 TrendMicro = TROJ_GEN.R47C8EU Kaspersky = HEUR:Trojan.Win32.Generic Fortinet = W32/Ponmocup.AA PCTools = Trojan.Milicenso Jiangmin = Trojan/Generic.aebmr McAfee = Generic.dx!b2p4 F-Secure = Gen:Trojan.Heur.Hype.AmW@a8fVHsc VIPRE = Trojan.Win32.Generic!BT AVG = Agent3.BQDW Norman = W32/Suspicious_Gen5.ECJV GData = Gen:Trojan.Heur.Hype.AmW@a8fVHsc Symantec = Trojan.Milicenso TheHacker = Trojan/Ponmocup.aa BitDefender = Gen:Trojan.Heur.Hype.AmW@a8fVHsc NOD32 = Win32/Ponmocup.AA
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 8.0 Code Size : 131072 Initialized Data Size : 294912 Uninitialized Data Size : 0 Entry Point : 0x1a862 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-06-05 10:50:16
VirusShare info last updated 2012-07-26 04:59:56

	MD5	a8a984726e39acfd2d71af427c27fa10
	SHA1	6089f3d0de03f8419d202016d2fc8ca4d95bff30
	SHA256	5dd8d0d6d2f03d96a74c2acb6ed5da5e2fbfe2e22fd320b79321862770a5cd91
SSDeep	1536:OWgYj4dtNJu3G8fN1awamFILh01Y3hyNSRY6Y9l/MqqU+NV23S2GMnew:OWY811awSyyz7Cl/MqqDLy/GZw
Size	115712 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-HF [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Trj/Genetic.gen nProtect = Trojan/W32.Monder.115712.D K7AntiVirus = Riskware VirusBuster = Trojan.Vundo!vvwJ0RPU/cU TrendMicro-HouseCall = TROJ_GEN.R01CCF1 Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Win32.Trojan.Monder.co.5 McAfee-GW-Edition = Generic Malware.j!pec DrWeb = Trojan.WinSpy.1176 TrendMicro = TROJ_GEN.R01CCF1 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Vundo TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Generic.ijpf McAfee = Generic Malware.j!pec F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) eSafe = Win32.TRVundo F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.BHWY Norman = W32/Crypt.AWAT Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = Trojan.Vundo!gen9 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.qgj BitDefender = Gen:Variant.Vundo.4 NOD32 = Win32/Adware.Virtumonde.NHD
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:07:28 14:37:02-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 73728 Initialized Data Size : 90112 Uninitialized Data Size : 0 Entry Point : 0xe9c6 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.0.5.53 Product Version Number : 2.0.5.53 File Flags Mask : 0x30003f File Flags : Pre-release, Private build File OS : Windows 16-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Windows, Latin1 Active Movie : Filter dll OLE Self Register : AM20 Company Name : Intel Ereuuuegcnp File Description : Indeo® audio software File Version : 2.05.53 Internal Name : iac25_32.ax Legal Copyright : Copyright © Intel Corp. 1997 Original Filename : iac25_32.ax Product Name : Indeo® audio software Product Version : 2.05.53
VirusTotal Report submitted 2012-06-07 02:25:41
VirusShare info last updated 2012-07-26 05:03:18

	MD5	ae3c072a23faab5cee8a54734a76ff6a
	SHA1	fd6e2f8fed522c509d71ffc0ba3848e37173ebb0
	SHA256	112022fa24711f8f3dae4e804428631a0db1fda44a938b20d3a53348a9beb6b7
SSDeep	3072:vEGuwq7uHzaH82qZ8TPxcZvdu9RLTDhNJoqmz/s1GaE:YwYhHqCJgvdu9hTDhNJEydE
Size	132096 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-HF [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Genome Panda = Suspicious file Rising = Trojan.Win32.Generic.1252E35C nProtect = Trojan/W32.Agent.132096.LG K7AntiVirus = Riskware VirusBuster = Trojan.Injector!oWZ3UY56Emk VBA32 = AdWare.SuperJuan.xxm eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R4FC2EJ Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Vundo!ir DrWeb = Trojan.Siggen2.41718 TrendMicro = TROJ_GEN.R4FC2EJ Kaspersky = Trojan.Win32.Monder.npfj Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Genome.ios McAfee = Vundo!ir F-Secure = Gen:Trojan.Heur.LP.iu8@aW7giFk VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.BZ.gen!Eldorado AVG = Generic26.AJER Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Trojan.Heur.LP.iu8@aW7giFk Symantec = Trojan.Gen.2 Commtouch = W32/Virtumonde.BZ.gen!Eldorado BitDefender = Gen:Trojan.Heur.LP.iu8@aW7giFk NOD32 = a variant of Win32/Injector.DSE
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:09:17 04:35:47-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 74752 Initialized Data Size : 94208 Uninitialized Data Size : 0 Entry Point : 0x13269 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1.3.0.3130 Product Version Number : 1.3.0.3130 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : TDC ActiveX Control File Version : 1, 3, 0, 3130 Internal Name : TDC Legal Copyright : Copyright © 1996, 1997 Original Filename : TDC.OCX Product Name : Tabular Data Control Product Version : 1, 3, 0, 3130
VirusTotal Report submitted 2012-05-19 12:48:41
VirusShare info last updated 2012-07-26 05:03:53

	MD5	b12086d03e751178cde37f79c00190c0
	SHA1	6c4a6af656db4312a71b175a7bfd6ab6fdc595e2
	SHA256	d63b2e267e1a3f44df1a7f383603356f417e0d12d4fa43ed195dc8077c0bbf2f
SSDeep	1536:wJnzdTqNogN3qQcSS5W1yiWhvwBuqIz1x:+womaRDnqI5x
Size	106496 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-GD [Cryp] Antiy-AVL = Trojan/Win32.Monder.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Variant.106496.CH Panda = Generic Trojan K7AntiVirus = Riskware eTrust-Vet = Win32/Vundo.H!generic Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Win32.Trojan.Monder.cc.5 McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.Smardec.76 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Monder.BMF!tr Jiangmin = Trojan/Generic.ipss McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CP.gen!Eldorado AVG = Generic22.ACPU Norman = W32/Kryptik.AIF GData = Gen:Variant.Vundo.13 Commtouch = W32/Virtumonde.CP.gen!Eldorado TheHacker = Trojan/Kryptik.ndc BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.NDC
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:11:03 15:11:13-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 20480 Initialized Data Size : 118784 Uninitialized Data Size : 0 Entry Point : 0x285e OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Ctwzhcunz Yqkslirlifg File Description : SCardDlg - Smart Card Common Dialog File Version : 6.0.6000.16386 (oyzlh_rtm.061101-2205) Internal Name : SCardDlg.dll Legal Copyright : © Aaidkyfuy Sphxtbjtbyu. All rights reserved. Original Filename : SCardDlg.dll Product Name : Rdwsfslrj® Irdlbjv® Fppgzaies Fdfkwz Product Version : 6.0.6000.16386
VirusTotal Report submitted 2012-05-17 01:08:02
VirusShare info last updated 2012-07-26 05:04:09

	MD5	b4abbbc2a9be79914fd29ccc719a4a8d
	SHA1	c59d76d43badd94c4ac3716f7e174eaff990a7ed
	SHA256	0ad51e8092489afea129f9e4b05a04c79ef7a4231db25023d940453a9ad7a8ad
SSDeep	3072:bIIL03FUrFE+C4RseSj1lGMeH2KxoY9TCoAZfARjxos7sI:bfvv6eSFeWKRBIoJxo
Size	131072 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/Win32.Monder.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.HDC Panda = Trj/CI.A nProtect = Trojan/W32.Vundo.131072.D K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!AovlMdLynZk eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R4FC2GG Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.WinSpy.1217 TrendMicro = TROJ_GEN.R4FC2GG Kaspersky = HEUR:Trojan.Win32.Generic ViRobot = Trojan.Win32.A.Monder.131072.AV Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.jfgg McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.BKGL Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.13 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.lxf BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:09:29 14:44:39-04:00 PE Type : PE32 Linker Version : 5.12 Code Size : 69632 Initialized Data Size : 94208 Uninitialized Data Size : 0 Entry Point : 0xdefe OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.5512 Product Version Number : 5.1.2600.5512 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Bxufqhusc Lsyvnozowtk File Description : USB Miniport Driver for Input Devices File Version : 5.1.2600.5512 (xpsp.080413-2108) Internal Name : HIDUSB.SYS Legal Copyright : © Kkwhopsnl Rujmohcknfq. All rights reserved. Original Filename : HIDUSB.SYS Product Name : Fzvycrpqx® Lpjnpml® Lkuzhsgyu Aezppw Product Version : 5.1.2600.5512
VirusTotal Report submitted 2012-05-17 08:53:37
VirusShare info last updated 2012-07-26 05:04:27

	MD5	0125e28090355edcc2ef9407d6052ae7
	SHA1	0919ce70f2efde68acc1dee807132bd5fba065c1
	SHA256	e08cb43124d087f197a59ca41f9dea2aec03c2875cfed047a3640b08593e297c
SSDeep	3072:rUuI+svImjDmmDHlUfc1chVwJaGUsMbYOnOjr1OS4IPeOp7tHYz8:C+NmnNh0rG16y1P9C
Size	221184 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:Mediyes-Q [Trj] Ikarus = Trojan.Win32.Webprefix AhnLab-V3 = Trojan/Win32.Mediyes Panda = Trj/Genetic.gen nProtect = Trojan/W32.Agent.221184.ADJ K7AntiVirus = Trojan VirusBuster = Trojan.Mediyes!2qvtQHVobgo VBA32 = Trojan.Pirminay.rkf TrendMicro-HouseCall = TROJ_GEN.R29C7DJ Emsisoft = Trojan.Win32.Webprefix!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Pirminay.rlp McAfee-GW-Edition = Trojan-FAHZ!0125E2809035 DrWeb = Trojan.Hosts.5806 TrendMicro = TROJ_GEN.R29C7DJ Kaspersky = Trojan.Win32.Pirminay.rlp Microsoft = Trojan:Win32/Mediyes.C ViRobot = Trojan.Win32.A.Pirminay.221184.Q Fortinet = W32/Mediyes.FA!tr TotalDefense = Win32/Mediyes.A!generic Jiangmin = Trojan/Pirminay.aqv McAfee = Trojan-FAHZ!0125E2809035 VIPRE = Trojan.Win32.Generic!BT AVG = Agent3.BLOO Norman = W32/Troj_Generic.BABDH Sophos = Troj/Mediyes-L GData = Gen:Variant.Barys.596 BitDefender = Gen:Variant.Barys.596 NOD32 = a variant of Win32/Mediyes.F
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2012:03:16 22:03:55-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 151552 Initialized Data Size : 65536 Uninitialized Data Size : 0 Entry Point : 0x1470a OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.3.0.0 Product Version Number : 2.3.0.0 File Flags Mask : 0x0017 File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Works Ltd. File Description : Workstation Service Loader File Version : 2.3.0.0 Internal Name : wssl.dll Legal Copyright : (c) 2009 Works Ltd. Original Filename : wssl.dll Product Name : Workstation Service Loader Product Version : 2.3.0.0
VirusTotal Report submitted 2012-05-29 21:34:39
VirusShare info last updated 2012-07-26 05:12:50

	MD5	4678daaccdc7f14dbf10a52b89d2f88d
	SHA1	f7a0eb4c47b75ccdc884e87326c7bd9b0965135a
	SHA256	c51091043828d97a535f7c5a853489c6c6c5965d8bce5577e2c50e4cc9c1f74d
SSDeep	1536:BLi/sLb7y0aBk+vSDN8EdOq9kUNs7LY9sgcItv6txf4jiVmiEQCUMsXKukPi+psA:BG/sv7y0O6VkrrxQjiAiyUMsXKukPi+n
Size	98304 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Vundo Panda = Generic Malware K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!90xmkm+2sL8 TrendMicro-HouseCall = TROJ_GEN.R2EC2GI Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.Smardec.79 TrendMicro = TROJ_GEN.R2EC2GI Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Vundo TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Generic.ovmd McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) eSafe = Win32.TRVundo F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Vundo.MH Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.13 Symantec = Trojan.Vundo!gen9 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.ndf BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.NDF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:08:30 21:54:27-04:00 PE Type : PE32 Linker Version : 6.0 Code Size : 32768 Initialized Data Size : 98304 Uninitialized Data Size : 0 Entry Point : 0x86d1 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Unicode Company Name : Updhtwtvi Ruivycwxfwr File Description : Platform Specific Hardware Error Driver File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : pshed.dll Legal Copyright : © Pscomdbey Etlzzzaqrax. All rights reserved. Original Filename : pshed.dll Product Name : Cihplvzyu® Owrvvcy® Amdfatsht Chhvwn Product Version : 6.1.7600.16385
VirusTotal Report submitted 2012-05-22 05:53:46
VirusShare info last updated 2012-07-26 05:17:39

	MD5	926a6f6af9f7748f5fc5b6f99b475d66
	SHA1	1b66526223112f5a4ba0de1311a8bd6a45fc4983
	SHA256	04660c94de58b92618ec77387abf7f180afc2e85025e42e80d8036ac672352b3
SSDeep	3072:gn1hG1MrkCkyD/VJcFyaupo2yw/awYwTlUHFtwaI5:VKj/wnRwSWUYH
Size	212992 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:Trojan-gen Ikarus = Trojan.Win32.Webprefix AhnLab-V3 = Trojan/Win32.Mediyes Panda = Trj/Genetic.gen nProtect = Trojan/W32.Agent.212992.AIR K7AntiVirus = Trojan VBA32 = Trojan.Pirminay.rez TrendMicro-HouseCall = H2_AGENT_010671.TOMB Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Webprefix!IK McAfee-GW-Edition = Artemis!926A6F6AF9F7 DrWeb = Trojan.Hosts.5800 TrendMicro = H2_AGENT_010671.TOMB Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Mediyes.C ViRobot = Trojan.Win32.A.Pirminay.212992 Fortinet = W32/Mediyes.FA!tr PCTools = Trojan.Gen TotalDefense = Win32/Mediyes.A!generic Jiangmin = Trojan/Pirminay.aqj McAfee = Artemis!926A6F6AF9F7 F-Secure = Gen:Variant.Barys.1155 VIPRE = Trojan.Win32.Generic!BT F-Prot = W32/Mediyes.D.gen!Eldorado AVG = Agent3.BLOQ Norman = W32/Mediyes.G Sophos = Troj/Mediyes-L GData = Gen:Variant.Barys.1155 Symantec = Trojan.Gen Commtouch = W32/Mediyes.D.gen!Eldorado BitDefender = Gen:Variant.Barys.1155 NOD32 = probably a variant of Win32/Mediyes.F
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2012:01:23 13:08:19-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 147456 Initialized Data Size : 61440 Uninitialized Data Size : 0 Entry Point : 0x1363a OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-06-01 00:43:38
VirusShare info last updated 2012-07-26 05:22:32

	MD5	a4830486ea07c574818d946f35b1c66a
	SHA1	ee0d6aac3a27f24d93f0e1bb7544a323bfba2e29
	SHA256	2b97fbf0de2a88ab01cf02de064d0fc8a9b2a2674368561bf4c03ea64546aae9
SSDeep	1536:JPGz7Yf766Fi6TNCtTWbn0Qr4G6XijYdLERpK2iKAXM3QGo4C/1tJ:0YfOpi0QQXivfQGo4C/fJ
Size	114176 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.AV.572 Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.FakeAV Panda = Trj/Genetic.gen K7AntiVirus = Riskware VirusBuster = Trojan.Monder!zLi20TwMaro TrendMicro-HouseCall = TROJ_MONDR.SMUM Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Artemis!A4830486EA07 DrWeb = Trojan.Virtumod.9851 TrendMicro = TROJ_MONDR.SMUM Kaspersky = Trojan.Win32.Monder.drjy Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Monder.BMF!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Monder.aamm McAfee = Artemis!A4830486EA07 F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.CFBI Norman = Monder.M Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.13 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.lxf BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:06:17 01:37:32-04:00 PE Type : PE32 Linker Version : 5.12 Code Size : 57344 Initialized Data Size : 102400 Uninitialized Data Size : 0 Entry Point : 0xafd6 OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 9.0.32.3 Product Version Number : 9.0.32.3 File Flags Mask : 0x003f File Flags : Pre-release File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 6 Language Code : English (U.S.) Character Set : Unicode Company Name : Marvell File Description : NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller File Version : 9.0.32.3 built by: WinDDK Internal Name : YK60X86.sys Legal Copyright : ©Copyright 2002-2006 Marvell®. All rights reserved. Original Filename : YK60X86.sys Product Name : Marvell Yukon Ethernet Controller Product Version : 9.0.32.3
VirusTotal Report submitted 2012-06-06 10:34:00
VirusShare info last updated 2012-07-26 05:23:39

	MD5	c2012710c7741ef1b642d34d9bf7169f
	SHA1	1ea6e0d6ac260db7f0b430eadf8bd0945cb70bee
	SHA256	d0a668114102491c30ede5e48b5b0ff952805aa7f93f9533c2f4dbfb5a5b008d
SSDeep	6144:lCZhSiRik+P7QPgonoTrNNk7BKJDNPDBEUJsMel7FT54Wdo/t04/3u:AZhS5P7QW3NqTSUld5Z2yL
Size	287274 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dldr.Renos.KC.43 Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay Panda = Generic Malware K7AntiVirus = Riskware VBA32 = Trojan.Pirminay.amy TrendMicro-HouseCall = TROJ_GEN.R2ECDF5 Emsisoft = Trojan.Win32.Pirminay!IK Comodo = TrojWare.Win32.Renos.~AM CAT-QuickHeal = TrojanDownloader.Renos SUPERAntiSpyware = Trojan.Agent/Gen-Renos McAfee-GW-Edition = Artemis!C2012710C774 DrWeb = Trojan.MulDrop1.54177 TrendMicro = TROJ_GEN.R2ECDF5 Microsoft = TrojanDownloader:Win32/Renos.KC Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.eo McAfee = Artemis!C2012710C774 ClamAV = Trojan.Pirminay-12 F-Secure = Gen:Variant.Zbot.34 VIPRE = Trojan.Win32.Generic!SB.0 F-Prot = W32/FakeAlert.LP.gen!Eldorado AVG = Downloader.Generic10.ALIJ Norman = W32/Troj_Generic.CBGBD Sophos = Mal/Ponmocup-A GData = Gen:Variant.Zbot.34 Symantec = Trojan.Gen Commtouch = W32/FakeAlert.LP.gen!Eldorado TheHacker = Trojan/Pirminay.aor BitDefender = Gen:Variant.Zbot.34 NOD32 = a variant of Win32/Kryptik.JHJ
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:06:21 07:07:45-04:00 PE Type : PE32 Linker Version : 5.12 Code Size : 280576 Initialized Data Size : 273408 Uninitialized Data Size : 0 Entry Point : 0x45512 OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.53.6200.0 Product Version Number : 2.53.6200.0 File Flags Mask : 0x0003 File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : Neutral Character Set : Unicode Company Name : Microsoft Corporation File Description : Microsoft Data Access - OLE DB Data Conversion Stub File Version : 2.53.6200.0 Internal Name : msdadc.dll Legal Copyright : Copyright (C) Microsoft Corp. 1994-1999 Original Filename : msdadc.dll Product Name : Microsoft Data Access Components Product Version : 2.53.6200.0 Ole Self Register :
VirusTotal Report submitted 2012-06-11 16:36:02
VirusShare info last updated 2012-07-26 05:25:35

	MD5	ec5989c950da18534ed5625afb26952a
	SHA1	fd2fd7e58cd01bd77f6a2777e057cc265bf579fd
	SHA256	8fbfa7a213df0f318850db57d8cde570ea8b078e0cab3ef10ec742600bbdb2ee
SSDeep	3072:792qecMWCE+f5k0PO+/JHQaSAN18HYviFCEWjtjHmrM:clcM995AABSRwEWFHt
Size	221184 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:Trojan-gen Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Mediyes Panda = Trj/Genetic.gen nProtect = Trojan/W32.Agent.221184.ACI K7AntiVirus = Trojan VBA32 = Trojan.Pirminay.rdg eTrust-Vet = Win32/Mediyes.A!generic Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Artemis!EC5989C950DA DrWeb = Trojan.Hosts.5792 Kaspersky = Trojan.Win32.Pirminay.rdy Microsoft = Trojan:Win32/Mediyes.C ViRobot = Trojan.Win32.A.Pirminay.221184.A Fortinet = W32/Mediyes.FA!tr Jiangmin = Trojan/Pirminay.aqi McAfee = Artemis!EC5989C950DA F-Secure = Trojan.Generic.KDV.591775 VIPRE = Trojan.Win32.Generic!BT F-Prot = W32/Mediyes.D2.gen!Eldorado AVG = Generic27.BSSP Norman = W32/Troj_Generic.BTWDK Sophos = Troj/Mediyes-L GData = Trojan.Generic.KDV.591775 Commtouch = W32/Mediyes.D2.gen!Eldorado TheHacker = Trojan/Pirminay.rdx BitDefender = Trojan.Generic.KDV.591775 NOD32 = a variant of Win32/Mediyes.F
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2012:03:23 01:15:08-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 151552 Initialized Data Size : 65536 Uninitialized Data Size : 0 Entry Point : 0x14a1a OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-05-16 22:18:46
VirusShare info last updated 2012-07-26 05:28:18

	MD5	06d303f254189dc18858f940292afa36
	SHA1	e5fb91b996e28f51e5e4dec943755cd0701528b7
	SHA256	6e01d3979077e2c67fa79b1f81ef9ab7f48852468d12dd0eae4a7cdeaf85e979
SSDeep	3072:FQWq+QMWGE+fhB20Pr+noCxXaYEt4L4bUPVUWK7oeottJ8YM:5FQMB9hBjmxKYPhvK7oe46
Size	221184 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:Trojan-gen Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Mediyes Panda = Trj/Genetic.gen nProtect = Trojan/W32.Agent.221184.ACB K7AntiVirus = Trojan VBA32 = Trojan.Pirminay.rdg eTrust-Vet = Win32/Mediyes.A!generic TrendMicro-HouseCall = TROJ_GEN.R21CDEA Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Artemis!06D303F25418 DrWeb = Trojan.Hosts.5792 TrendMicro = TROJ_GEN.R21CDEA Kaspersky = Trojan.Win32.Pirminay.rdk ViRobot = Trojan.Win32.A.Pirminay.221184.B Microsoft = Trojan:Win32/Mediyes.C Fortinet = W32/Mediyes.FA!tr Jiangmin = Trojan/Pirminay.aqi McAfee = Artemis!06D303F25418 F-Secure = Trojan.Generic.KDV.607345 VIPRE = Trojan.Win32.Generic!BT F-Prot = W32/Mediyes.D2.gen!Eldorado AVG = Generic27.BSVS Norman = W32/Troj_Generic.BRWBW Sophos = Troj/Mediyes-L GData = Trojan.Generic.KDV.607345 Commtouch = W32/Mediyes.D2.gen!Eldorado TheHacker = Trojan/Pirminay.rdj BitDefender = Trojan.Generic.KDV.607345 NOD32 = a variant of Win32/Mediyes.F
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2012:03:23 00:56:06-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 151552 Initialized Data Size : 65536 Uninitialized Data Size : 0 Entry Point : 0x14a1a OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-05-16 21:02:33
VirusShare info last updated 2012-07-26 05:33:10

	MD5	0c5e86a7b6f521c6a8fed97491465a0d
	SHA1	30a9745211cb13ead45ea92b5313df6b029fe330
	SHA256	6393e0d3f07648e3f83c29c4596b351fe3dba9f49f677da41c26f0e4528dba85
SSDeep	3072:umnvIvjsmmhclUfrECdq6pamg3srY6H5GTfrFFzTUN+AtgU5M:avon5bQmeeE5FzTk81
Size	221184 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:Mediyes-Q [Trj] Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Webprefix AhnLab-V3 = Trojan/Win32.Mediyes Panda = Trj/Genetic.gen K7AntiVirus = Trojan VBA32 = Trojan.Pirminay.rkf Emsisoft = Trojan.Win32.Webprefix!IK Comodo = TrojWare.Win32.Mediyes.FA McAfee-GW-Edition = Artemis!0C5E86A7B6F5 DrWeb = Trojan.Hosts.5806 TrendMicro = TROJ_GEN.R49CDET Kaspersky = Trojan.Win32.Pirminay.rio Microsoft = Trojan:Win32/Mediyes.C ViRobot = Trojan.Win32.A.Pirminay.221184.AG Fortinet = W32/Mediyes.FA!tr TotalDefense = Win32/Mediyes.A!generic Jiangmin = Trojan/Pirminay.aqm McAfee = Artemis!0C5E86A7B6F5 F-Secure = Gen:Variant.Barys.1155 VIPRE = Trojan.Win32.Generic!BT F-Prot = W32/Mediyes.D.gen!Eldorado AVG = Agent3.BLOO Norman = W32/Troj_Generic.BYTNE Sophos = Troj/Mediyes-L GData = Gen:Variant.Barys.1155 Commtouch = W32/Mediyes.D.gen!Eldorado TheHacker = Trojan/Pirminay.rim BitDefender = Gen:Variant.Barys.1155 NOD32 = a variant of Win32/Mediyes.F
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2012:03:16 22:25:36-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 151552 Initialized Data Size : 65536 Uninitialized Data Size : 0 Entry Point : 0x1470a OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-05-30 08:05:41
VirusShare info last updated 2012-07-26 05:33:50

	MD5	33348fedf11122620a70a45d99f5a04d
	SHA1	599b9e2c1e2827497b45d00e3e2a5e58620b0d7d
	SHA256	8646a039b24915e52975c8bb506a3b7f4fa9101195652927833cf05d1eb8d7ad
SSDeep	3072:uBOkOTAXQSao4mva811RssxxZl9hKFYPih:uHcAASahmS81j5hKf
Size	139264 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	Avast = Win32:MalOb-GD [Cryp] Ikarus = Trojan.Win32.Pirminay Panda = Suspicious file nProtect = Trojan/W32.Vundo.139264.T K7AntiVirus = Riskware VirusBuster = Adware.Virtumonde!MmQJwnwDdPs TrendMicro-HouseCall = TROJ_GEN.R2EC7IO Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Artemis!33348FEDF111 TrendMicro = TROJ_GEN.R2EC7IO Kaspersky = Trojan.Win32.Monder.drjy Microsoft = Trojan:Win32/Vundo.gen!AV ViRobot = Trojan.Win32.A.Monder.139264.AE Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Vundo TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Monder.aaru McAfee = Artemis!33348FEDF111 F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CD.gen!Eldorado AVG = Generic22.AQTQ Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen Symantec = Trojan.Vundo!gen9 GData = Gen:Variant.Vundo.13 Commtouch = W32/Virtumonde.CD.gen!Eldorado BitDefender = Gen:Variant.Vundo.13 NOD32 = Win32/Adware.Virtumonde.NHD
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:06:28 05:56:38-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 86016 Initialized Data Size : 86016 Uninitialized Data Size : 0 Entry Point : 0x12799 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1.3.1.1 Product Version Number : 1.3.1.1 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Windows, Latin1 Company Name : Xerox File Description : Xerox WorkCentre Pro File Version : 1.03.01.1 Legal Copyright : © 2000-2006 Xerox Legal Trademarks : Xerox®, WorkCentre/Pro Original Filename : XRWCTMGT.DLL Product Name : Xerox WorkCentre/Pro Product Version : 1.03.01.1 2006.08.26
VirusTotal Report submitted 2012-06-06 10:12:34
VirusShare info last updated 2012-07-26 05:38:00

	MD5	8d58bc4e3abc2b03c40e46aba1da1a26
	SHA1	f7da908e497e44b393874f532023ca94b09b0d19
	SHA256	55ce07e4d4d67dd1b82bb1ebc0ddb624dd8786c9a9d1cd56e5f48acdeac3b295
SSDeep	3072:8PHlfsBkhqGPVgtSQS8JtwOrbOCqZl7vhape:QHlfjqxM+JtwyuMp
Size	188416 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:Pirminay-EE [Trj] Ikarus = Trojan.Win32.Pirminay Panda = Suspicious file Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Artemis!8D58BC4E3ABC Kaspersky = Trojan.Win32.Monder.ntfj Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Monder.NTFJ!tr PCTools = Trojan.Gen TotalDefense = Win32/Monder.A!generic Jiangmin = Trojan/Monder.abcg McAfee = Artemis!8D58BC4E3ABC F-Secure = Gen:Variant.Graftor.310 VIPRE = Virtumonde AVG = Generic28.BCFD GData = Gen:Variant.Graftor.310 Symantec = Trojan.Gen TheHacker = Trojan/Kryptik.llt BitDefender = Gen:Variant.Graftor.310 NOD32 = a variant of Win32/Kryptik.EVB
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:08:22 03:39:28-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 135168 Initialized Data Size : 86016 Uninitialized Data Size : 0 Entry Point : 0x1e4a1 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-05-31 00:41:44
VirusShare info last updated 2012-07-26 05:46:37

	MD5	9d7e6c1c7fb0d2b38c069ae637778a73
	SHA1	cd49a3d9a9e0ccf614302348fb66e8903dcdd660
	SHA256	0b3f6beaf3eccf8604466faba436c3b38ace951678a70472008fe593f9985eb8
SSDeep	3072:fDkXKKoKPhPiSZGnCj0MaTKUEfTkoclcjqEOTjp:bkaK3p1zvjIj
Size	147456 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-GD [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Vundo Panda = Suspicious file K7AntiVirus = Riskware VBA32 = AdWare.SuperJuan.heur TrendMicro-HouseCall = TROJ_GEN.R4FCCC1 Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Vundo!of DrWeb = Trojan.Virtumod.10262 TrendMicro = TROJ_GEN.R4FCCC1 Kaspersky = Trojan.Win32.Monder.npzx Microsoft = Trojan:Win32/Vundo.gen!AV ViRobot = Trojan.Win32.A.Monder.147456 Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Vundo TotalDefense = Win32/Vundo.H!generic Jiangmin = TrojanDownloader.Delf.abmz McAfee = Vundo!of F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic21.ASCK Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.13 Symantec = Trojan.Vundo!gen9 Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.GND
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:26 13:42:50-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 86016 Initialized Data Size : 94208 Uninitialized Data Size : 0 Entry Point : 0x12651 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 4.10.0.1998 Product Version Number : 4.10.0.1998 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Windows, Latin1 Company Name : Elacfsggt Trnahxywymp File Description : Bezier Screen Saver File Version : 4.10.1998 Internal Name : BEZIER Legal Copyright : Copyright (C) Lorrkjfen Corp. 1991-1998 Original Filename : BEZIER.SCR Product Name : Jsoucuwow(R) Lexflgo(R) Oxzkzsbet Uqggiz Product Version : 4.10.1998
VirusTotal Report submitted 2012-05-24 19:24:13
VirusShare info last updated 2012-07-26 05:48:14

	MD5	a2e3fc5170b0eda4db316a9956766b2d
	SHA1	7071e8e89013244b4af4f22fb40760a782d9cb88
	SHA256	c5c0e75c49b2d008f6ba7ed8f07416b26a2abcd1eac17281ea337991138c07e0
SSDeep	6144:j3aDmiUstwQ0pcWZ38IotqfFeUw56nImyzGA3M55L4fw:j3aDmbsbPWZKtqfFE6IvzG8w
Size	377856 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Rogue.kdv.626095 Avast = Win32:Diller-DK [Trj] Antiy-AVL = Trojan/Win32.Agent Ikarus = Trojan.Win32.Pirminay nProtect = Trojan/W32.Agent_Packed.377856.H K7AntiVirus = Trojan Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware DrWeb = Trojan.DownLoader6.8737 Kaspersky = Trojan.Win32.Agent.sgel Microsoft = Trojan:Win32/Sisron ViRobot = Trojan.Win32.A.Agent.377856.K[UPX] Fortinet = W32/Agent.SGEL!tr Jiangmin = Trojan/Generic.aebmr F-Secure = Trojan.Generic.KDV.626095 VIPRE = Trojan.Win32.Generic!BT AVG = Generic28.AQYF Norman = W32/Suspicious_Gen4.AGMVZ GData = Trojan.Generic.KDV.626095 BitDefender = Trojan.Generic.KDV.626095 NOD32 = a variant of Win32/Kryptik.ADAZ
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2106:02:06 02:36:32-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 376832 Initialized Data Size : 4096 Uninitialized Data Size : 77824 Entry Point : 0x6fb40 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-05-22 01:47:37
VirusShare info last updated 2012-07-26 05:48:49

	MD5	de380a6bb89202aa6366d22874ec295f
	SHA1	b4014b3f0817afecb7c89c8f518eacd37884d777
	SHA256	684e08dfe214168d466431cd33d044e50c26e70f364d48189c56d43dd7d98a0a
SSDeep	3072:fhRn1AYae0Gex10jBda2qQ5RQnglMMqqDLy/6hmGTWp41AJCm/H:f/nz0QFt5qKqqDLuamGTWcAUq
Size	163840 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-HH [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Fakeav.163840.EV nProtect = Trojan/W32.Agent.163840.AFN K7AntiVirus = Riskware VirusBuster = Adware.Virtumonde!uvfuqN36jk0 eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R47C2HB Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Vundo McAfee-GW-Edition = Artemis!DE380A6BB892 DrWeb = Trojan.Click2.449 TrendMicro = TROJ_GEN.R47C2HB Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen McAfee = Artemis!DE380A6BB892 F-Secure = Application.Generic.370510 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.YXL Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Application.Generic.370510 Symantec = Trojan.Gen.2 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Genome.sufl BitDefender = Application.Generic.370510 NOD32 = Win32/Adware.Virtumonde.NHD
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:14 06:08:13-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 86016 Initialized Data Size : 118784 Uninitialized Data Size : 0 Entry Point : 0x1147a OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.5479.0 Product Version Number : 6.0.5479.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : SEIKO EPSON CORPORATION File Description : EPSON Print Processor ESC/Page-S File Version : 6.0.5479.0 (vbl_wcp_d2_drivers.060616-1619) Internal Name : ep0lpp01.dll Legal Copyright : Copyright (c) SEIKO EPSON CORPORATION 2006. All rights reserved. Original Filename : ep0lpp01.dll Product Name : EPSON Print Processor ESC/Page-S Product Version : 6.0.5479.0
VirusTotal Report submitted 2012-05-15 00:38:22
VirusShare info last updated 2012-07-26 05:54:14

	MD5	0febee1575e6190b1ddc653722e7aa92
	SHA1	392ca66455507b58a3c941adb819b556ac752757
	SHA256	ec8abc801d83a996f185aaf3fa3e17dd5a5a4a48e9dcd479cf1bf99e068131f2
SSDeep	6144:M0UmWMq8cgGxST6XIrR2hr9JaZ0B5HDmZh4o8X6YXg97:MVXMqPgGIr12FH4A5jmKly
Size	364800 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	Avast = Win32:Kryptik-HTI [Trj] Ikarus = Trojan.Win32.Pirminay nProtect = Trojan.Generic.KDV.550123 K7AntiVirus = Trojan Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Artemis!0FEBEE1575E6 Kaspersky = Trojan.Win32.Pirminay.rcg Fortinet = W32/Pirminay.RCG!tr McAfee = Artemis!0FEBEE1575E6 F-Secure = Trojan.Generic.KDV.550123 AVG = Generic27.AFHF Norman = W32/Suspicious_Gen2.dam GData = Trojan.Generic.KDV.550123 BitDefender = Trojan.Generic.KDV.550123
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:08:07 20:00:00-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 331776 Initialized Data Size : 53248 Uninitialized Data Size : 69632 Entry Point : 0x62ab0 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI Warning : Error processing PE data dictionary
VirusTotal Report submitted 2012-05-24 19:31:39
VirusShare info last updated 2012-07-26 06:00:39

	MD5	1cf4b375cc7e9c6050d7d743e74971b6
	SHA1	b67bd05318f31e1f2be8d2f0a40f0849308e44b7
	SHA256	d4aa9ed26b1f373394e149492b7e1fcd34a34a7ae78242392ac7dbe5ba203c75
SSDeep	3072:mKYfDp1SP5ESADsfipvEFHFrouMqqDLy/0:Gl1tHalqqqDLu
Size	155648 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-HH [Cryp] Ikarus = Trojan.Win32.Pirminay Panda = Trj/CI.A K7AntiVirus = Riskware Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Vundo McAfee-GW-Edition = Artemis!1CF4B375CC7E DrWeb = Trojan.WinSpy.1558 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Vundo Jiangmin = Trojan/Generic.iqrf McAfee = Artemis!1CF4B375CC7E F-Secure = Gen:Variant.Vundo.4 VIPRE = Virtumonde AVG = Cryptic.CZO Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = Trojan.Vundo!gen9 TheHacker = Trojan/Genome.sqdx BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:22 10:44:33-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 110592 Initialized Data Size : 86016 Uninitialized Data Size : 0 Entry Point : 0x17802 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-05-29 02:04:10
VirusShare info last updated 2012-07-26 06:02:22

	MD5	2096d59b29f0fcb75d93e6af58537192
	SHA1	89746cb060cfed25560f7094eda703aa3054a9a2
	SHA256	5e929e748ee223d1a9d5134381b01fb5254068f6c5cdbc6b6e21c70efc6a84a5
SSDeep	6144:cDfzfUbyeW4gGFMcXdK3LCofz3BnAm4Mtg:cDfzf8yeW/GF1Xd8OozBnv4Mt
Size	214016 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dldr.Ponmocup.A.394 Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Jorik Ikarus = Trojan-Downloader.Win32.Ponmocup AhnLab-V3 = Trojan/Win32.Pirminay Panda = Suspicious file nProtect = Trojan.Generic.7281853 K7AntiVirus = Trojan VBA32 = Trojan.Jorik.Pirminay.arx Comodo = UnclassifiedMalware Emsisoft = Trojan-Downloader.Win32.Ponmocup!IK McAfee-GW-Edition = Artemis!2096D59B29F0 DrWeb = Trojan.DownLoader5.7171 Kaspersky = Trojan.Win32.Jorik.Pirminay.arx Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Jorik_Pirminay.ARX!tr Jiangmin = Trojan/Generic.kfzm McAfee = Artemis!2096D59B29F0 F-Secure = Trojan.Generic.7281853 VIPRE = Trojan.Win32.Generic!BT AVG = Generic25.ALUT Norman = W32/Suspicious_Gen2.RMQOE Sophos = Troj/Ponmocup-E GData = Trojan.Generic.7281853 TheHacker = Trojan/Kryptik.ufa BitDefender = Trojan.Generic.7281853 NOD32 = a variant of Win32/Kryptik.UFA
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 16384 Initialized Data Size : 204800 Uninitialized Data Size : 0 Entry Point : 0x12b6 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.0.50727.1434 Product Version Number : 2.0.50727.1434 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Rtcpnmjjz Ldlubmabonm File Description : Isdimsoer .NET Services Native Thunks File Version : 2.0.50727.1434 (REDBITS.050727-1400) Internal Name : Hexjpn.EnterpriseServices.Thunk.dll Legal Copyright : © Microsoft Osguqlrtxcj. All rights reserved. Original Filename : Wfntzx.EnterpriseServices.Thunk.dll Product Name : Mffzrwnbb® .NET Framework Product Version : 2.0.50727.1434 Comments : Flavor=Retail
VirusTotal Report submitted 2012-05-19 03:30:58
VirusShare info last updated 2012-07-26 06:02:47

	MD5	287de0cb28be96deee4529cef8af1e2f
	SHA1	5d41d39cb95cc8123db3ddd973d2340ad073de99
	SHA256	aaf2ce04f520a7cb3fc843c5749b98bc4a7c69656d551f576281ab7d168bcad7
SSDeep	1536:W2BQt0BpecTOJtClMYH6C75VEkU2aN2eFlFJHrXeEaMRfJa1Q+vpVCqX+f:WczecTOTC2YH6C7n6fFlXHSETRffApyf
Size	100000 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay Panda = Suspicious file K7AntiVirus = Riskware eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_VUNDO.SMUB Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Artemis!287DE0CB28BE TrendMicro = TROJ_VUNDO.SMUB Fortinet = W32/VUNDO.SMUB!tr PCTools = Trojan.Vundo Jiangmin = Trojan/Generic.cttb McAfee = Artemis!287DE0CB28BE VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CI.gen!Eldorado AVG = Cryptic.BTF Norman = W32/Kryptik.AIF Sophos = Mal/EncPk-XI GData = Win32:MalOb-EI Symantec = Trojan.Vundo!gen9 Commtouch = W32/Virtumonde.CI.gen!Eldorado TheHacker = Trojan/Kryptik.jhe
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:08:12 22:23:24-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 61440 Initialized Data Size : 81408 Uninitialized Data Size : 0 Entry Point : 0xfd34 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI Warning : Error processing PE data dictionary
VirusTotal Report submitted 2012-05-16 18:29:27
VirusShare info last updated 2012-07-26 06:03:50

	MD5	38896434586faf9c1acad7ab1d9f82d0
	SHA1	ebe32eebbbd937e2bac2075d7bf6049e3ce7e8d9
	SHA256	b2e20e2be9f0ab15f1197d58b7e0742c8e6d318955af3a0da091f8adde73f9a7
SSDeep	96:cCbzAOvBbP1p6+1qcSSA+pAwscq+phX41VAppU/jMT:6OvBj1qcSSjw/1VbMT
Size	6144 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Graftor.1013.58 Avast = Sf:Renos-D [Trj] Antiy-AVL = Trojan/win32.agent Ikarus = not-a-virus:AdWare.Win32.SuperJuan AhnLab-V3 = Trojan/Win32.Pirminay Panda = Suspicious file K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_GEN.R01H1F1 Comodo = UnclassifiedMalware Emsisoft = Riskware.AdWare.Win32.SuperJuan!IK McAfee-GW-Edition = Artemis!38896434586F DrWeb = Trojan.WinSpy.1014 Kaspersky = HEUR:Trojan.Win32.Generic Fortinet = W32/Ponmocup.AA Jiangmin = TrojanDownloader.Agent.ctuc McAfee = Artemis!38896434586F F-Secure = Gen:Variant.Graftor.1013 VIPRE = Trojan-Downloader.Win32.Agent.ecjo (v) eSafe = Win32.GenVariant.Gra AVG = Downloader.Small.62.D GData = Gen:Variant.Graftor.1013 BitDefender = Gen:Variant.Graftor.1013 NOD32 = a variant of Win32/Ponmocup.AA
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 3072 Initialized Data Size : 2048 Uninitialized Data Size : 0 Entry Point : 0x19af OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-06-05 14:08:56
VirusShare info last updated 2012-07-26 06:05:38

	MD5	f20f4595edaff2313a7c1e597759ea00
	SHA1	cc948955b4750702276e1d76c2ef9c378a475fd7
	SHA256	b95f3c8b5833dcfc9d08fdbbd249d288fdf6a8fa6339382187a3995d71b66a87
SSDeep	1536:Y+J7kPNFkCSDFVmkdW3A6df/BYCljxmGU1pFzXo6g67g:BJMbWXBowgX/l9mxFzXo1
Size	91648 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Menti AhnLab-V3 = Trojan/Win32.Pirminay Panda = Suspicious file nProtect = Trojan/W32.Vundo.91648.DM K7AntiVirus = Trojan VBA32 = AdWare.SuperJuan.heur TrendMicro-HouseCall = TROJ_GEN.R30CDEQ Emsisoft = Trojan.Win32.Menti!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Vundo McAfee-GW-Edition = Artemis!F20F4595EDAF DrWeb = Trojan.Siggen3.11248 TrendMicro = TROJ_GEN.R30CDEQ Kaspersky = Trojan.Win32.Monder.ntsj Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Virtum!tr TotalDefense = Win32/Vundo.H!generic McAfee = Artemis!F20F4595EDAF F-Secure = Gen:Variant.Vundo.6 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Cryptic.BTF Norman = W32/Vundo.BQOL Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.6 Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Gen:Variant.Vundo.6 NOD32 = a variant of Win32/Kryptik.JHE
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:01:20 04:55:08-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 45568 Initialized Data Size : 80896 Uninitialized Data Size : 0 Entry Point : 0xbfce OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.6914.0 Product Version Number : 6.1.6914.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 1 Language Code : English (U.S.) Character Set : Unicode Company Name : SEIKO EPSON CORPORATION File Description : EPSON Printer Driver File Version : 6.1.6914.0 (fbl_dox_dev_ihvs.081001-2123) Internal Name : ep0lvrac.dll Legal Copyright : Copyright (c) SEIKO EPSON CORPORATION 2003-2004. All rights reserved. Original Filename : ep0lvrac.dll Product Name : EPSON Printer Driver Product Version : 6.1.6914.0
VirusTotal Report submitted 2012-05-27 18:29:21
VirusShare info last updated 2012-07-26 06:24:55

	MD5	f8ea129ce54d13ee41b814eb38f66107
	SHA1	d0693d8da4ce8e97eac9b2b06de39ae156ca7a74
	SHA256	18271d07f430aaae3fd3b898d42ca245796447d6103c3fcff744188a3d29367a
SSDeep	1536:EClBY9TCma5Mdf0MAcqP6ag4w2V1jQxV6oq4j:EClBY9TCDMT9qyag4nrExHq
Size	80896 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.4.277 Avast = Win32:MalOb-GD [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Suspicious file K7AntiVirus = Trojan VirusBuster = Trojan.Kryptik!qqConmgjNR4 eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R4FC2H6 Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.Virtumod.10571 TrendMicro = TROJ_GEN.R4FC2H6 Kaspersky = Trojan.Win32.Monder.ntgy Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.inoj McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.4 VIPRE = Virtumonde F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Cryptic.EBN Norman = W32/Kryptik.AIF Sophos = Mal/Generic-L GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.OCU
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:09:18 17:05:04-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 61440 Initialized Data Size : 57344 Uninitialized Data Size : 0 Entry Point : 0xf621 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6001.18000 Product Version Number : 6.0.6001.18000 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Bpvzsoopi Nskvvnbnlcg File Description : Yiykmbwpy® InfoTech Storage Yhtfxj Library File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840) Internal Name : APSS Legal Copyright : © Mtxyltvhu Corporation. All rights reserved. Original Filename : APSS.DLL Product Name : Ftjrxowtm® Mhkdvnj® Bniobijdq Brxvdg Product Version : 6.0.6001.18000
VirusTotal Report submitted 2012-05-15 17:07:51
VirusShare info last updated 2012-07-26 06:25:40

	MD5	f973a3fe28ea919d232a64b9b5f8376f
	SHA1	84d0399d99b12d4871a18daee551337702e1d729
	SHA256	5218ea89ecde3b8630b1f248090959e687fed744ddf32caa9b5beb8b30a00f01
SSDeep	3072:bF2qeEMWqE+fIc0PCOWtvIaSV/4jfXuoVgk07/5f7tidAM:c1EMV9IU3pSKuk0z5sB
Size	221184 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:Mediyes-Q [Trj] Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay Panda = Trj/Genetic.gen nProtect = Trojan/W32.Agent.221184.ACJ K7AntiVirus = Trojan VBA32 = Trojan.Pirminay.rdg eTrust-Vet = Win32/Mediyes.A!generic Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Artemis!F973A3FE28EA DrWeb = Trojan.Hosts.5792 Kaspersky = Trojan.Win32.Pirminay.rdv ViRobot = Trojan.Win32.A.Pirminay.221184.E Microsoft = Trojan:Win32/Mediyes.C Fortinet = W32/Mediyes.FA!tr Jiangmin = Trojan/Pirminay.aqi McAfee = Artemis!F973A3FE28EA F-Secure = Trojan.Generic.KDV.607305 VIPRE = Trojan.Win32.Generic!BT F-Prot = W32/Mediyes.D2.gen!Eldorado AVG = Agent.7.G Norman = W32/Troj_Generic.BTWQO Sophos = Troj/Mediyes-L GData = Trojan.Generic.KDV.607305 Commtouch = W32/Mediyes.D2.gen!Eldorado TheHacker = Trojan/Pirminay.rdq BitDefender = Trojan.Generic.KDV.607305 NOD32 = a variant of Win32/Mediyes.F
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2012:03:23 01:24:50-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 151552 Initialized Data Size : 65536 Uninitialized Data Size : 0 Entry Point : 0x14a1a OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-05-16 22:24:35
VirusShare info last updated 2012-07-26 06:25:44

	MD5	03803881beecfe8a9959c0176a2a6289
	SHA1	f01f468a7d0e7e065f4050ad18ef0134b2966bc9
	SHA256	ea01369d0b3095b24ea11d0212a4286e4338557e63c6e2ca3ff4641bb58158b1
SSDeep	6144:jPhiVceLgNtXJJXdV54p8ijpJ3X+B/lcHRRYN3Ei5SqAv/ywlQHkJRD4ra64J102:1Wc9JKbX+fcxRMUR3n84J4rasnZy
Size	437248 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.XPACK.Gen Avast = Win32:Kryptik-CQY [Trj] Ikarus = Gen.Variant.Zbot AhnLab-V3 = Win-Trojan/Pirminay.437248.L Panda = Trj/CI.A nProtect = Trojan.Generic.KDV.232585 VirusBuster = Trojan.Pirminay!MbAMjBmtsC0 TrendMicro-HouseCall = TROJ_GEN.RFFCDE1 Emsisoft = Gen.Variant.Zbot!IK SUPERAntiSpyware = Trojan.Agent/Gen-Kryptik DrWeb = Trojan.DownLoader3.1927 TrendMicro = TROJ_GEN.RFFCDE1 Kaspersky = Trojan.Win32.Pirminay.hpc Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.zg McAfee = Artemis!03803881BEEC F-Secure = Trojan.Generic.KDV.232585 VIPRE = Trojan.Win32.Generic!BT AVG = SHeur3.CAUF Norman = W32/Obfuscated.L GData = Trojan.Generic.KDV.232585 Symantec = Trojan.Gen TheHacker = Trojan/Pirminay.hpc BitDefender = Trojan.Generic.KDV.232585 NOD32 = a variant of Win32/Kryptik.LVH
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:03 16:46:48-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 73728 Initialized Data Size : 716800 Uninitialized Data Size : 0 Entry Point : 0xefae OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.10.2600.822 Product Version Number : 5.10.2600.822 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Unicode Company Name : NVIDIA Corporation File Description : NVIDIA® nForce(TM) Sata Performance Driver File Version : 5.10.2600.0822 (NT.060926-1359) Internal Name : NVIDIA nForce(TM) SATA Driver Legal Copyright : Copyright(C) 2001-2006 NVIDIA Lhhgsvflctp Original Filename : nvstor.sys Product Name : NVIDIA nForce(TM) SATA Driver Product Version : 5.10.2600.0822
VirusTotal Report submitted 2012-05-27 12:35:44
VirusShare info last updated 2012-07-26 06:28:26

	MD5	176a53d4be81ac4f081726caf171602a
	SHA1	d082f346f9229f110a1bdfc9c9ac6bb523b40607
	SHA256	e9934af149d6539d03702d7ed6e96d95e7f4b5e6e333cb1473fc6d2855213cea
SSDeep	3072:ROykNNryNA4MFR5Q8ce/KV6jppgiAhHqzS8j41lNcSwoZ6k:wvqAJeClO8V4NcS1
Size	167936 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.307200 Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.FakeAV Panda = Generic Trojan Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Vundo McAfee-GW-Edition = Artemis!176A53D4BE81 DrWeb = Trojan.WinSpy.1558 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Moder.DRJY!tr PCTools = Trojan.Vundo TotalDefense = Win32/Monder.A!generic Jiangmin = Trojan/Monder.ackh McAfee = Artemis!176A53D4BE81 F-Secure = Gen:Variant.Graftor.310 VIPRE = Virtumonde AVG = Generic22.ANCC Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen Symantec = Trojan.Vundo!gen9 GData = Gen:Variant.Graftor.310 TheHacker = Trojan/Kryptik.ndi BitDefender = Gen:Variant.Graftor.310
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:01:18 00:19:53-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 102400 Initialized Data Size : 98304 Uninitialized Data Size : 0 Entry Point : 0x163c5 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-06-07 04:41:28
VirusShare info last updated 2012-07-26 06:30:28

	MD5	1d9005bafbb5f81a73f4311d548dbfce
	SHA1	cf64bf865948bc4ddd546d026dc6975c6740d1b3
	SHA256	bb959c53db1b934b7b4f14c30febcf5edf79bf5c9c4b046cb14f7109b54405ec
SSDeep	1536:xSPsLC7e+kdWOwlwIZd3Pb6GqgdQptUmk6QJ:MACSbwlpPbQWcOX
Size	90112 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.307200 Avast = Win32:MalOb-GD [Cryp] Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Pirminay Panda = Trj/CI.A nProtect = Trojan/W32.Vundo.90112.NI K7AntiVirus = Adware eTrust-Vet = Win32/Monder.A!generic TrendMicro-HouseCall = TROJ_GEN.R21CEED Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware DrWeb = Trojan.WinSpy.1274 TrendMicro = TROJ_GEN.R21CEED Kaspersky = not-a-virus:AdWare.Win32.SuperJuan.aidi Fortinet = W32/Moder.DRJY!tr PCTools = Trojan.Vundo Jiangmin = DangerousObject.Multi.img McAfee = Artemis!1D9005BAFBB5 F-Secure = Gen:Variant.Vundo.4 VIPRE = Adware.SuperJuan AVG = Cryptic.DSS Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = Trojan.Vundo!gen9 BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.AFEC
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:04:08 23:05:16-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 32768 Initialized Data Size : 90112 Uninitialized Data Size : 0 Entry Point : 0x5695 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-05-15 16:47:22
VirusShare info last updated 2012-07-26 06:31:02

	MD5	45af819c7b3ce19bd1a479e9110c450e
	SHA1	e039dfcb72d882c4213c7f0f8848de4628be594b
	SHA256	fc0aba33f94fe2f9ff2172c58477cf28195dc96f280e432b87c44fab158e362c
SSDeep	6144:ED7xmRHoUyumDyJvc7MlcCQXAuonBGvPIV9Rkp9qbFNxjmV3:wxm5fKytPl2wupYVMqbFNxjmV3
Size	334336 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Sisron.A.1013 Avast = Win32:Malware-gen Antiy-AVL = Trojan/win32.agent.gen Ikarus = Trojan.Win32.Pirminay nProtect = Trojan.Generic.KDV.559150 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!mhIMv/MB99Y TrendMicro-HouseCall = TROJ_GEN.R3EC7CE Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Generic.dx!bdkp DrWeb = Trojan.DownLoader5.55760 TrendMicro = TROJ_GEN.R3EC7CE Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Sisron Fortinet = W32/Dx.BDKP!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.zjbo McAfee = Generic.dx!bdkp F-Secure = Trojan.Generic.KDV.559150 VIPRE = Trojan.Win32.Generic!BT AVG = Generic27.AMON Norman = W32/Kryptik.AIF Sophos = Mal/Generic-L GData = Trojan.Generic.KDV.559150 Symantec = Trojan.Gen BitDefender = Trojan.Generic.KDV.559150 NOD32 = a variant of Win32/Kryptik.AAKJ
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2012:03:03 19:00:00-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 335872 Initialized Data Size : 4096 Uninitialized Data Size : 45056 Entry Point : 0x5d330 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-05-27 03:10:00
VirusShare info last updated 2012-07-26 06:34:20

	MD5	4c539c5004f954c5f747c3f0d3a382c5
	SHA1	66279b0aab6ccf82997fd8fba9140f3e1c2f860e
	SHA256	51c6c27d4553149d0cbdf6821fcf052d5eeef5093eb5f7b8bc0757afdc1e202e
SSDeep	1536:M6Q4hNpCrl/Vyiv3cl6JXTs8gTkIamx9xnv239c4nmJV0C64ITszJlq:Mv4hNpCJ/VykEpkBy+3zmJuP4l1lq
Size	89088 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.307200 Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.HDC Panda = Suspicious file K7AntiVirus = Riskware eTrust-Vet = Win32/Vundo.H!generic Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Artemis!4C539C5004F9 DrWeb = Trojan.WinSpy.1338 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Vundo McAfee = Artemis!4C539C5004F9 F-Secure = Gen:Variant.Graftor.310 VIPRE = Virtumonde F-Prot = W32/Virtumonde.CD.gen!Eldorado AVG = Generic23.AIOZ Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Graftor.310 Symantec = Trojan.Vundo!gen9 Commtouch = W32/Virtumonde.CD.gen!Eldorado TheHacker = Trojan/Kryptik.qgs BitDefender = Gen:Variant.Graftor.310 NOD32 = a variant of Win32/Kryptik.QGS
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:26 09:39:40-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 40960 Initialized Data Size : 90112 Uninitialized Data Size : 0 Entry Point : 0x7a05 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.0.0.16 Product Version Number : 5.0.0.16 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 1 Language Code : English (U.S.) Character Set : Unicode Company Name : Brother Industries, Ltd. File Description : Brother Color Inkjet Printer Driver File Version : 5.0.0.16 (vbl_wcp_d2_drivers.060616-1619) Internal Name : brci02.dll Legal Copyright : Copyright © Brother Industries, Ltd. 2002 Original Filename : brci02.dll Product Name : Vjciplsok® Mhkpnvl® Woucgawij Yddvln Product Version : 5.0.0.16
VirusTotal Report submitted 2012-05-16 10:43:00
VirusShare info last updated 2012-07-26 06:34:50

	MD5	56fe449879235b14b850de26e19bc408
	SHA1	4cc3e012ea58ec768d7d9f20e72d17578cf4e91d
	SHA256	7fbfc45dd5099897bbce688c20de3261c65a477a561610d40b3f43c1c2f07ec8
SSDeep	3072:mOYSAWlPt+IUFUlkcJzZunC0TmZkoGIo9:mN0t+IULOITKkT
Size	102400 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-GD [Cryp] Ikarus = Trojan.Win32.Pirminay Panda = Suspicious file K7AntiVirus = Riskware eTrust-Vet = Win32/Vundo.H!generic Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.WinSpy.1223 Kaspersky = Trojan.Win32.Monder.drjy Microsoft = Trojan:Win32/Vundo.gen!AV ViRobot = Trojan.Win32.A.Monder.102400.B Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Vundo Jiangmin = Trojan/Monder.aaup McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic21.AYDI Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen Symantec = Trojan.Vundo!gen9 GData = Gen:Variant.Vundo.13 Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Adware.Virtumonde.NKO
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:06 08:58:16-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 45056 Initialized Data Size : 90112 Uninitialized Data Size : 0 Entry Point : 0x7acd OS Version : 4.0 Image Version : 21315.20512 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6001.18000 Product Version Number : 6.0.6001.18000 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Sivjypwtj Amrnclqkvzz File Description : Twgucae Terminal Server SDK APIs File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840) Internal Name : wtsapi32.dll Legal Copyright : © Ikqgrajeq Frlidtwvojh. All rights reserved. Original Filename : wtsapi32.dll Product Name : Fijtiakhm® Chsssox® Xndgetkeg System Product Version : 6.0.6001.18000
VirusTotal Report submitted 2012-05-16 21:15:50
VirusShare info last updated 2012-07-26 06:35:37

	MD5	9b8993f57939bd493b8b3adca3341c20
	SHA1	67eab7009959e233c558f2c4c1f84f081e09dbb5
	SHA256	99fd9d36d3fbdbc6f8dae867a3344b612e75a7707baed726a3bf79e35911e848
SSDeep	3072:Mc092A7BB9g6CtUzZExQ0H/f4FO8hutkwD2v+nLjttaT7HFbJsRDyzlQGdltxEDh:lq17b9a+ZEK0HAhu++2+Ljt89biECP
Size	249275 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Ikarus = Trojan.Win32.Jorik AhnLab-V3 = Trojan/Win32.Jorik Panda = Trj/Hosts.BY nProtect = Trojan.Generic.6403102 K7AntiVirus = Riskware VirusBuster = Trojan.Injector!PVx1VVD6T6E VBA32 = TrojanDownloader.Qhost.jw Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Jorik!IK McAfee-GW-Edition = Generic Malware.ap!pec DrWeb = Trojan.WinSpy.1014 Kaspersky = Trojan.Win32.Jorik.Pirminay.bha Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Jorik.K!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.hxys McAfee = Generic Malware.ap!pec F-Secure = Trojan.Generic.6403102 VIPRE = Trojan.Win32.Generic!BT AVG = Dropper.Generic4.TIK Norman = W32/Kryptik.ALS Sophos = Troj/Virtum-Gen Symantec = Trojan.Gen GData = Trojan.Generic.6403102 TheHacker = Trojan/Jorik.Pirminay.gu BitDefender = Trojan.Generic.6403102 NOD32 = a variant of Win32/Injector.HZU
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 233472 Initialized Data Size : 16384 Uninitialized Data Size : 40960 Entry Point : 0x43c60 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 8.1.2327.0 Product Version Number : 8.1.2327.0 File Flags Mask : 0x003f File Flags : Pre-release, Private build File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : Neutral Character Set : Unicode Company Name : Pjxdvuviy Orlrbwtlnlr File Description : Xbhmasnkw IME 2002 File Version : 8.1.2327.0 Internal Name : IMESKDIC Legal Copyright : Copyright (C) 1995-2000 Tzwduwvbx Funekxjkvef. All rights reserved. Legal Trademarks : CejkvztjmQ is a registered trademark of Wmhwyymnf Mzrcpotropv. Cwuxmwn(TM) is a trademark of Dptzwbgex Isqjyjgagbx Original Filename : IMESKDIC.DLL Product Name : Qijapgdmv IME 2002 Product Version : 8.1.2327.0
VirusTotal Report submitted 2012-05-19 11:22:49
VirusShare info last updated 2012-07-26 06:41:16

	MD5	a54571249a56c64299eb87cd8030b6ea
	SHA1	cf8ce22e8d25998c19156e8f634336ebd41e41ad
	SHA256	ed82bfb4bada5a04c699383a775f5b1425a81d3ce5603b7c32004d6d40b863b9
SSDeep	3072:j2xbhR16rk6xyDaElWRDNaIGIaA8yMUeIGFIr/M5fztDooUM:wAj6AMZWMvAjM593
Size	212992 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Mediyes Panda = Trj/Genetic.gen nProtect = Trojan/W32.Agent.212992.AIR K7AntiVirus = Trojan VBA32 = Trojan.Pirminay.rez TrendMicro-HouseCall = H2_AGENT_010671.TOMB Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Mediyes McAfee-GW-Edition = Artemis!A54571249A56 DrWeb = Trojan.Hosts.5800 TrendMicro = H2_AGENT_010671.TOMB Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Mediyes.C ViRobot = Trojan.Win32.A.Pirminay.212992 Fortinet = W32/Mediyes.FA!tr TotalDefense = Win32/Mediyes.A!generic Jiangmin = Trojan/Pirminay.aqj McAfee = Artemis!A54571249A56 F-Secure = Gen:Variant.Barys.1155 VIPRE = Trojan.Win32.Generic!BT F-Prot = W32/Mediyes.D.gen!Eldorado AVG = Agent3.BLOQ Norman = W32/Mediyes.G Sophos = Troj/Mediyes-L GData = Gen:Variant.Barys.1155 Commtouch = W32/Mediyes.D.gen!Eldorado TheHacker = Trojan/Pirminay.rfe BitDefender = Gen:Variant.Barys.1155 NOD32 = probably a variant of Win32/Mediyes.F
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2011:12:28 22:16:22-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 147456 Initialized Data Size : 61440 Uninitialized Data Size : 0 Entry Point : 0x1363a OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-05-30 03:10:22
VirusShare info last updated 2012-07-26 06:41:58

	MD5	b98f745a1b40f067e97b4ffe6ab94f2e
	SHA1	33672ef062386bd18a4b78a750f2ac1e56457bc7
	SHA256	f36115f751afe15e5b5893e601939683f345caebb1627acfd3879e1b76d62658
SSDeep	1536:QpvnEDHXsGPRtS9KX+x5NKGeTdGh38aZl0OkKV:QpvEDHffiKdTdZROkK
Size	61440 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/Win32.Menti.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Menti Panda = Suspicious file nProtect = Trojan/W32.Agent.61440.BYZ K7AntiVirus = Riskware VBA32 = AdWare.SuperJuan.heur TrendMicro-HouseCall = TROJ_KRYPTK.SMUW Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Vundo McAfee-GW-Edition = Artemis!B98F745A1B40 DrWeb = Trojan.Siggen2.31637 TrendMicro = TROJ_KRYPTK.SMUW Kaspersky = Trojan.Win32.Menti.gfph Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Generic.ctws McAfee = Artemis!B98F745A1B40 ClamAV = Trojan.Agent-289803 F-Secure = Gen:Variant.Barys.1942 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Cryptic.BTF Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Barys.1942 Symantec = Trojan.Gen.2 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.jhe BitDefender = Gen:Variant.Barys.1942 NOD32 = a variant of Win32/Kryptik.JHE
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:03:24 08:50:40-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 18944 Initialized Data Size : 78336 Uninitialized Data Size : 0 Entry Point : 0x5784 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.1830 Product Version Number : 5.2.3790.1830 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 6 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : MS Remote Access and Routing ARP Driver File Version : 5.2.3790.1830 (srv03_sp1_rtm.050324-1447) Internal Name : WANARP.SYS Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : WANARP.SYS Product Name : Microsoft® Windows® Operating System Product Version : 5.2.3790.1830
VirusTotal Report submitted 2012-05-24 05:52:42
VirusShare info last updated 2012-07-26 06:43:31

	MD5	f7a1f5cedd98fe6ef6dfca501b9036d3
	SHA1	f7b8e05639eae791c3e5653c97e85824fdccbdb0
	SHA256	73cc65a48ac8f99bb2b9597067c4b5782a9356581319fe304b6c0080d6656f5d
SSDeep	1536:+qcC5oMGaG5xrIUh/UrmXZgoKGfJZKAcAEcm6hbD93ugyk5e4U7n5Iu:+G5Ax/crmXZgVIqATH9eg/5eXz5Iu
Size	100000 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	Avast = Win32:Pirminay-H [Trj] Ikarus = Trojan-Downloader.Win32.Ponmocup nProtect = Trojan.Generic.5384705 TrendMicro-HouseCall = TROJ_DLOADR.SMWQ Emsisoft = Trojan-Downloader.Win32.Ponmocup!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Downloader-CEW.ag TrendMicro = TROJ_DLOADR.SMWQ Fortinet = W32/Ponmocup.A!tr Jiangmin = Trojan/Generic.duhi McAfee = Downloader-CEW.ag F-Secure = Trojan.Generic.5384705 AVG = Downloader.Generic10.BUYR Norman = W32/Troj_Generic.dam GData = Trojan.Generic.5384705 TheHacker = Trojan/Kryptik.kwl BitDefender = Trojan.Generic.5384705 NOD32 = a variant of Win32/Kryptik.KWL
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:08:16 05:58:39-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 57344 Initialized Data Size : 614400 Uninitialized Data Size : 0 Entry Point : 0xe142 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI Warning : Error processing PE data dictionary
VirusTotal Report submitted 2012-05-14 21:02:22
VirusShare info last updated 2012-07-26 06:47:56

	MD5	0217a82d5217c6b9f7ea9ae4f60051c2
	SHA1	a85f92bde6dc939b945b6ba61bdecaa66ec692c6
	SHA256	26f546d26cad5eb9c90d1449d3fd5e6f98cdb665158640fb03007933d68c5478
SSDeep	12288:vkTVunLEusvlaCQv1XgZJy8q2o5mOP6pB3z:vkRunL3svlaCG1XgZJB72mOP6R
Size	407040 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:Kryptik-DOT [Trj] Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Suspicious file nProtect = Trojan.Generic.6566515 K7AntiVirus = Trojan VirusBuster = Trojan.DL.Agent!UgZRH1AEd2c TrendMicro-HouseCall = TROJ_GEN.R03C2I7 Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.DownLoader4.5742 TrendMicro = TROJ_GEN.R03C2I7 Kaspersky = Trojan.Win32.Genome.vejz Microsoft = TrojanDownloader:Win32/Renos.KC Jiangmin = Trojan/Generic.hqgs McAfee = Generic Malware.ms F-Secure = Trojan.Generic.6566515 VIPRE = Trojan.Win32.Generic!BT AVG = Dropper.Generic4.GMM Norman = W32/Obfuscated.L Sophos = Troj/Virtum-Gen GData = Trojan.Generic.6566515 TheHacker = Trojan/Downloader.Agent.pxo BitDefender = Trojan.Generic.6566515 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2004:08:10 14:49:06-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 405504 Initialized Data Size : 4096 Uninitialized Data Size : 491520 Entry Point : 0xdb930 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : Neutral Character Set : Unicode Company Name : Xfaydkirt Cathowclocg File Description : JP Japanese Keyboard Layout for (NEC PC-9800 on PC98-NX) File Version : 5.1.2600.0 (pypgnnli.010817-1148) Internal Name : kbdnecAT Legal Copyright : © Atbbdsfia Funebvzuhbp. All rights reserved. Original Filename : kbdnecAT.dll Product Name : Lfdjzfwvn® Fplzzyn® Wluhcbczz Fzaarv Product Version : 5.1.2600.0
VirusTotal Report submitted 2012-06-06 08:46:04
VirusShare info last updated 2012-07-26 06:51:37

	MD5	06f09c8192dd13775c8bd6111e1b89b0
	SHA1	46779521d1a823febe001bc51512e96febc8107e
	SHA256	1dcf9d4118ca7d8d56d247e0e8938fdfa5559e11d09cbda165ffb026ce39dc82
SSDeep	1536:Eb5PjVZU4Wf24pvoqK/FI+amXTrlUPpInBXt1wdBNMvWdG1oHyf:EBpZtWf22voq0zrlUKnBHwdnMRwa
Size	114688 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay Panda = Suspicious file K7AntiVirus = Riskware eTrust-Vet = Win32/Monder.A!generic TrendMicro-HouseCall = TROJ_GEN.R1BCDEG Emsisoft = Trojan.Win32.Pirminay!IK Comodo = TrojWare.Win32.Agent.onm McAfee-GW-Edition = Artemis!06F09C8192DD DrWeb = Trojan.Siggen3.42285 TrendMicro = TROJ_GEN.R1BCDEG Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Virtum!tr PCTools = Trojan.Vundo Jiangmin = Trojan/Agent.evtk McAfee = Artemis!06F09C8192DD F-Secure = Gen:Variant.Vundo.13 VIPRE = Virtumonde eSafe = Win32.TRVundo AVG = Generic22.ONM Norman = W32/Troj_Generic.BTJSH Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.13 Symantec = Trojan.Vundo!gen9 TheHacker = Trojan/Kryptik.ndi BitDefender = Gen:Variant.Vundo.13
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:09:23 03:29:11-04:00 PE Type : PE32 Linker Version : 5.12 Code Size : 45056 Initialized Data Size : 102400 Uninitialized Data Size : 0 Entry Point : 0x8131 OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-05-17 00:24:35
VirusShare info last updated 2012-07-26 06:52:06

	MD5	0b231e3ff3cff37ca0eda822ad5400a5
	SHA1	9a147a30bc130f7ff7d597467cf2d8c68a07358d
	SHA256	23c326033e5dbc6a032b181a13ca906f026e4d1d458280c56e04ec9727f05fc0
SSDeep	3072:YIc/q1ZvSmKnKZhpyusC8mAStTpUcTQzJ+l8ntEmuUCwa3mt5q:xc/ySeyusZpStiVn5Kt3m
Size	237568 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.307200 Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.HDC Panda = Suspicious file K7AntiVirus = Riskware eTrust-Vet = Win32/Vundo.H!generic Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.WinSpy.1558 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Vundo Jiangmin = Trojan/Generic.mihi McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.13 VIPRE = Virtumonde F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic21.BKRD Norman = W32/Vundo.BPPW Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.13 Symantec = Trojan.Vundo!gen9 Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Gen:Variant.Vundo.13 NOD32 = probably a variant of Win32/Kryptik.SYI
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:04:18 05:46:03-04:00 PE Type : PE32 Linker Version : 5.12 Code Size : 167936 Initialized Data Size : 102400 Uninitialized Data Size : 0 Entry Point : 0x26255 OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.2900.5512 Product Version Number : 6.0.2900.5512 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Hfbxfifqm Sqvzfejlbkf File Description : BrowseWM Player File Version : 6.00.2900.5512 (xpsp.080413-2105) Internal Name : BROWSEWM Legal Copyright : © Kvrmloniu Aksyifjrmtw. All rights reserved. Original Filename : BROWSEWM.DLL Product Name : Gpriacuhq® Hrmlzjb® Hydfphzbo Gldsbd Product Version : 6.00.2900.5512 Ole Self Register :
VirusTotal Report submitted 2012-05-18 08:22:27
VirusShare info last updated 2012-07-26 06:52:31

	MD5	0bd2eed163ef1f8b37800f52f751cc99
	SHA1	24d6eea8c625309f916e63cfd84a902d9fe74c33
	SHA256	3dee98ffe42c0e285efebbae5560edd4a994d1ee63df746db9579aee2733e2aa
SSDeep	3072:pj2qe4MWeE+fTV0PlrPEXaa64Gy4IHCg9c/NEPudtph8M:ol4Mp9Tg+f69U1c/NEGZR
Size	221184 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:Mediyes-Q [Trj] Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Mediyes Panda = Trj/Genetic.gen Rising = Trojan.Win32.Generic.12C34975 nProtect = Trojan/W32.Agent.221184.ACT K7AntiVirus = Trojan VBA32 = Trojan.Pirminay.rdg TrendMicro-HouseCall = TROJ_GEN.R01CDF1 Emsisoft = Trojan.Win32.Pirminay!IK Comodo = TrojWare.Win32.Mediyes.FC DrWeb = Trojan.Hosts.5792 TrendMicro = TROJ_GEN.R01CDF1 Kaspersky = Trojan.Win32.Pirminay.rdu Microsoft = Trojan:Win32/Mediyes.C ViRobot = Trojan.Win32.A.Pirminay.221184.T Fortinet = W32/Mediyes.FA!tr TotalDefense = Win32/Mediyes.A!generic Jiangmin = Trojan/Pirminay.aqi McAfee = Artemis!0BD2EED163EF F-Secure = Trojan.Generic.KDV.608292 VIPRE = Trojan.Win32.Generic!BT eSafe = Win32.TRATRAPS F-Prot = W32/Mediyes.D.gen!Eldorado AVG = Agent.7.G Norman = W32/Troj_Generic.BZNSO Sophos = Troj/Mediyes-L GData = Trojan.Generic.KDV.608292 Commtouch = W32/Mediyes.D.gen!Eldorado TheHacker = Trojan/Pirminay.rdr BitDefender = Trojan.Generic.KDV.608292
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2012:03:23 01:46:22-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 151552 Initialized Data Size : 65536 Uninitialized Data Size : 0 Entry Point : 0x14a1a OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-06-05 22:36:24
VirusShare info last updated 2012-07-26 06:52:35

	MD5	3b6caed492a1560fa4086b2061e63752
	SHA1	8f2b081aed9b1eef402cdc57522ee431e4dc3786
	SHA256	c987e9a9313629bb4ff14726c1fffca95cb2f6f13dc98642a7def996f67cb4c6
SSDeep	3072:sTObXpxVAcR4enPgAO2b937g2elSMqqDLy/g5kS:sqbZYcR4ePPx3CqqDLuU
Size	136704 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-HF [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Fakeav.136704.AN nProtect = Trojan/W32.Agent.136704.HD K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_GEN.R4FCDA5 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Vundo SUPERAntiSpyware = Trojan.Agent/Gen-Falleg[Cont] McAfee-GW-Edition = Artemis!3B6CAED492A1 DrWeb = Trojan.Virtumod.10084 TrendMicro = TROJ_GEN.R4FCDA5 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV ViRobot = Trojan.Win32.A.Monder.136704 Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Vundo TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Generic.ineh McAfee = Artemis!3B6CAED492A1 F-Secure = Gen:Variant.Graftor.671 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.DKB Norman = W32/Suspicious_Gen2.UPCPQ Symantec = Trojan.Vundo!gen9 GData = Gen:Variant.Graftor.671 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.myj BitDefender = Gen:Variant.Graftor.671 NOD32 = a variant of Win32/Kryptik.MYJ
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:20 09:51:04-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 106496 Initialized Data Size : 86016 Uninitialized Data Size : 0 Entry Point : 0x1649a OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 0.90.16.16384 Product Version Number : 0.90.16.16384 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Unicode Company Name : N-trig Innovative Technologies File Description : N-trig tablet digitizer in-box driver File Version : 0.90.16.16384 (Vista_RC1.060509-2219) Internal Name : ntrigdigi.sys Legal Copyright : © Crhnesmrg Reogypswwyj. All rights reserved. Original Filename : ntrigdigi.sys Product Name : N-trig tablet digitizer in-box driver Product Version : 0.90.16.16384
VirusTotal Report submitted 2012-05-29 02:28:40
VirusShare info last updated 2012-07-26 06:56:28

	MD5	525b48d999f19ed58642aa3018793262
	SHA1	d5a3e1a4c39a5e39ebc860fe923c8b06f208ede7
	SHA256	f9393fe839478d8ba33d1d51ed1b922ee355091746e5bcadafd1c999090122b5
SSDeep	6144:C0OKaZBIAG+t9YLeJ4bvUPt7q0nGn6uuTTgobQUiZU/n9Kqy:2KaZBIA1/sO4TWPGn6upoiZU/n9
Size	336316 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	Avast = Win32:Diller-AF [Trj] Ikarus = Trojan.Win32.Pirminay Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Artemis!525B48D999F1 McAfee = Artemis!525B48D999F1 F-Secure = Gen:Variant.Swizzor.6 AVG = Agent_s.DI Norman = W32/Kryptik.AIF GData = Gen:Variant.Swizzor.6 BitDefender = Gen:Variant.Swizzor.6
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:03:29 15:45:47-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 98304 Initialized Data Size : 315392 Uninitialized Data Size : 0 Entry Point : 0x12dcf OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI Warning : Error processing PE data dictionary
VirusTotal Report submitted 2012-05-18 02:10:46
VirusShare info last updated 2012-07-26 06:58:11

	MD5	644c9d95432b530b55910dd0d637544b
	SHA1	778aa381c13532cab5376cdfd369730467f63ecd
	SHA256	10fa459ab09fd2b4acc2700629f9388694159d78e64fa7874bf19854f4d82afc
SSDeep	3072:T2dhK1urk8NyD86YX2E6ba5q4JyM3+4l/Xaxm5txQbNcIx:vEJVMmEMu1x4ENrx
Size	212992 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Webprefix AhnLab-V3 = Trojan/Win32.Mediyes Panda = Suspicious file nProtect = Trojan/W32.Agent.212992.AIR K7AntiVirus = Trojan VirusBuster = Trojan.Pirminay!bNc4BYJYyYU VBA32 = Trojan.Pirminay.rez eTrust-Vet = Win32/Mediyes.A!generic TrendMicro-HouseCall = TROJ_GEN.R0ECDEF Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Webprefix!IK McAfee-GW-Edition = Artemis!644C9D95432B DrWeb = Trojan.Hosts.5800 Kaspersky = Trojan.Win32.Pirminay.riw Microsoft = Trojan:Win32/Mediyes.C ViRobot = Trojan.Win32.A.Pirminay.212992 Fortinet = W32/Mediyes.FA!tr PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.aqj McAfee = Trojan-FAHZ!644C9D95432B F-Secure = Gen:Variant.Barys.596 VIPRE = Trojan.Win32.Generic!BT F-Prot = W32/Mediyes.D.gen!Eldorado AVG = Agent3.BLOQ Norman = W32/Troj_Generic.BNVEP Sophos = Troj/Mediyes-L GData = Gen:Variant.Barys.596 Symantec = Trojan.Gen Commtouch = W32/Mediyes.D.gen!Eldorado TheHacker = Trojan/Pirminay.riw BitDefender = Gen:Variant.Barys.596 NOD32 = probably a variant of Win32/Mediyes.F
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2011:12:28 21:11:31-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 147456 Initialized Data Size : 61440 Uninitialized Data Size : 0 Entry Point : 0x1363a OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.3.0.0 Product Version Number : 2.3.0.0 File Flags Mask : 0x0017 File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Works Ltd. File Description : Workstation Service Loader File Version : 2.3.0.0 Internal Name : wssl.dll Legal Copyright : (c) 2009 Works Ltd. Original Filename : wssl.dll Product Name : Workstation Service Loader Product Version : 2.3.0.0
VirusTotal Report submitted 2012-05-15 19:08:52
VirusShare info last updated 2012-07-26 06:59:28

	MD5	6ecc13f877c6a86f4ea04acbf985eedd
	SHA1	dfd93796fc37c532db8abb9972a8567dac700171
	SHA256	3789d21af78d253d852ddef09701acd5ed404aee31e14f8eb7ec013c6a0f7838
SSDeep	3072:Z7Ohp1Arky/yDg3WKJ0a+hvAyhT+YwnvQGIYZVUtsFbNcI:4Gbb5doha0GIYZ79Nr
Size	212992 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:Trojan-gen Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Webprefix AhnLab-V3 = Trojan/Win32.Mediyes Panda = Trj/Genetic.gen nProtect = Trojan/W32.Agent.212992.AIR K7AntiVirus = Trojan VirusBuster = Trojan.Mediyes!/YGlCtr8whU VBA32 = Trojan.Pirminay.rez TrendMicro-HouseCall = H2_AGENT_010671.TOMB Emsisoft = Trojan.Win32.Webprefix!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Pirminay.rez McAfee-GW-Edition = Trojan-FAHZ!6ECC13F877C6 DrWeb = Trojan.Hosts.5800 TrendMicro = H2_AGENT_010671.TOMB Kaspersky = Trojan.Win32.Pirminay.rez Microsoft = Trojan:Win32/Mediyes.C ViRobot = Trojan.Win32.A.Pirminay.212992 Fortinet = W32/Mediyes.FA!tr TotalDefense = Win32/Mediyes.A!generic Jiangmin = Trojan/Pirminay.aqj McAfee = Trojan-FAHZ!6ECC13F877C6 F-Secure = Gen:Variant.Barys.596 VIPRE = Trojan.Win32.Generic!BT AVG = Agent3.BLOQ Norman = W32/Mediyes.G Sophos = Troj/Mediyes-L GData = Gen:Variant.Barys.596 TheHacker = Trojan/Pirminay.rez BitDefender = Gen:Variant.Barys.596 NOD32 = probably a variant of Win32/Mediyes.F
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2011:12:28 21:54:10-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 147456 Initialized Data Size : 61440 Uninitialized Data Size : 0 Entry Point : 0x1363a OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.3.0.0 Product Version Number : 2.3.0.0 File Flags Mask : 0x0017 File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Works Ltd. File Description : Workstation Service Loader File Version : 2.3.0.0 Internal Name : wssl.dll Legal Copyright : (c) 2009 Works Ltd. Original Filename : wssl.dll Product Name : Workstation Service Loader Product Version : 2.3.0.0
VirusTotal Report submitted 2012-05-29 22:38:04
VirusShare info last updated 2012-07-26 07:00:14

	MD5	922ff128df013e77f052d3632763a90c
	SHA1	9e83f851ccb74d821b8cdb585fa5424be4809817
	SHA256	0a1c8ef322b5e6538b222b6b896ab2c092dd06fa0a6995708547e1eab8aa34af
SSDeep	3072:ojbgkfLyNagtF7ECIVm7ztJvIvdPHqhZwooW+JJP0VO1hyEY0KEqA5V49RzKdhJN:oj/fUR78gmuY
Size	149504 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.AV.576 Avast = Win32:MalOb-GD [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Vundo Panda = Generic Trojan nProtect = Trojan/W32.Vundo.149504 K7AntiVirus = Riskware VirusBuster = Trojan.Monder.Gen.6 VBA32 = Trojan.Monder.drjy eTrust-Vet = Win32/Vundo.HQN TrendMicro-HouseCall = TROJ_MNDR.SMUT Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Vundo.AV5 McAfee-GW-Edition = Artemis!922FF128DF01 DrWeb = Trojan.Smardec.60 TrendMicro = TROJ_MNDR.SMUT Kaspersky = Trojan.Win32.Monder.drjy Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Vundo Jiangmin = Trojan/Agent.eusf McAfee = Artemis!922FF128DF01 F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CC.gen!Eldorado Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = Trojan.Vundo!gen9 Commtouch = W32/Virtumonde.CC.gen!Eldorado TheHacker = Trojan/Agent.hqlc BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Adware.Virtumonde.NHL
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:04:03 21:19:31-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 81920 Initialized Data Size : 106496 Uninitialized Data Size : 0 Entry Point : 0x14441 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 0.2.2.3 Product Version Number : 0.2.2.2 File Flags Mask : 0x003f File Flags : (none) File OS : Windows 16-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : Arabic Character Set : Unicode Company Name : Brother Industries,Ltd. File Description : ‎‎Brother PortMonitor الخاص بـ MFC File Version : 2.23 Internal Name : brmfpmon.dll Legal Copyright : Copyright (C) Brother Industries,Ltd. 2000-2006 Original Filename : brmfpmon.dll Product Name : مراقبة المنفذ لـ Brother MFC Product Version : 2.23
VirusTotal Report submitted 2012-05-15 19:28:23
VirusShare info last updated 2012-07-26 07:03:03

	MD5	c40c17224207401343e6d9820a3cb09f
	SHA1	77e9088a07ef10428234e21adddad6c460138d0f
	SHA256	3ef6e6cbc08770a8ed09a0b48da52bf306f990bf25b466a6476ce09bff38dd1c
SSDeep	3072:FQWq+QMWGE+fhB20Pr+noCxXaYEt4L4bUPVUWK7oeottJ80M:5FQMB9hBjmxKYPhvK7oe4W
Size	221184 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:Trojan-gen Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Mediyes Panda = Trj/Genetic.gen nProtect = Trojan/W32.Agent.221184.ACB K7AntiVirus = Trojan VBA32 = Trojan.Pirminay.rdg eTrust-Vet = Win32/Mediyes.A!generic Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Artemis!C40C17224207 DrWeb = Trojan.Hosts.5792 Kaspersky = Trojan.Win32.Pirminay.rdk Microsoft = Trojan:Win32/Mediyes.C ViRobot = Trojan.Win32.A.Pirminay.221184.B Fortinet = W32/Mediyes.FA!tr Jiangmin = Trojan/Pirminay.aqi McAfee = Artemis!C40C17224207 F-Secure = Trojan.Generic.KDV.607345 VIPRE = Trojan.Win32.Generic!BT F-Prot = W32/Mediyes.D2.gen!Eldorado AVG = Generic27.BSVS Norman = W32/Troj_Generic.BTEVW Sophos = Troj/Mediyes-L GData = Trojan.Generic.KDV.607345 Commtouch = W32/Mediyes.D2.gen!Eldorado TheHacker = Trojan/Pirminay.rdj BitDefender = Trojan.Generic.KDV.607345 NOD32 = a variant of Win32/Mediyes.F
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2012:03:23 00:56:06-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 151552 Initialized Data Size : 65536 Uninitialized Data Size : 0 Entry Point : 0x14a1a OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-05-15 19:29:48
VirusShare info last updated 2012-07-26 07:07:05

	MD5	f5f893bbba0d03152a07b5bd9a7f25c2
	SHA1	7391974039e01c097a84ebd88648e3ac5b242598
	SHA256	60a0ccbb400ae1620d531d368d24ff648328199ca0f0805c396e5aed47801cf0
SSDeep	3072:68iRRl/eWupeP3/1HA1EU1W0rirLfflpcIACjg0YcYmbRIryLcfBq8TOOW:QAKtgRszzcaYJmbRrGBq0W
Size	102912 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.307200 Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Vundo Panda = Trj/Genetic.gen nProtect = Trojan/W32.Vundo.102912.C K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!XUQjsTQhOyU eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R4FC2GG Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.Smardec.82 TrendMicro = TROJ_GEN.R4FC2GG Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV ViRobot = Trojan.Win32.Vundo.102912 Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.gddy McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CD.gen!Eldorado AVG = Generic22.BFHJ Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.13 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CD.gen!Eldorado TheHacker = Trojan/Kryptik.lxf BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:08:15 19:44:32-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 53248 Initialized Data Size : 90112 Uninitialized Data Size : 0 Entry Point : 0xa8a5 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6001.18000 Product Version Number : 6.0.6001.18000 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Crspatyrt Iiavhzuekfy File Description : Inttonhuv EAPHost Peer Client DLL File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840) Internal Name : eappprxy.dll Legal Copyright : © Tmzeezucf Orpcjqwwmcj. All rights reserved. Original Filename : eappprxy.dll Product Name : Egasnptin® Klrcaac® Cbpvxbcoj Nvuogg Product Version : 6.0.6001.18000
VirusTotal Report submitted 2012-05-15 17:07:28
VirusShare info last updated 2012-07-26 07:10:58

	MD5	3fd313fb87b2487e7b6a23d8fcbb18da
	SHA1	af4b5a5afe39434c6f2a570b7a15676f5ce111cc
	SHA256	0206a95d984b2c9571cf8c2d5b6cde62740357f28841dd204d359d8a68dc2b8f
SSDeep	3072:RFykeLfHq4Mqaw5m8cF/KV6/ppA+VRhHdgXu8jd1lNcSwoZUYfO:HvaqME/he+7UpdNcSpfO
Size	167936 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.307200 Avast = Win32:MalOb-GD [Cryp] Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.FakeAV Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware eTrust-Vet = Win32/Monder.A!generic TrendMicro-HouseCall = TROJ_GEN.R4FC1GD Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[RE] McAfee-GW-Edition = Vundo!je DrWeb = Trojan.Virtumod.10325 TrendMicro = TROJ_GEN.R4FC1GD Kaspersky = Trojan.Win32.Monder.mttm Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Monder.ackh McAfee = Vundo!je F-Secure = Gen:Variant.Vundo.4 F-Prot = W32/Virtumonde.CD.gen!Eldorado AVG = Generic22.ANCC Norman = W32/Kryptik.AIF Sophos = Mal/Generic-L GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CD.gen!Eldorado TheHacker = Trojan/Kryptik.ndi BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.NDI
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:01:18 00:19:53-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 102400 Initialized Data Size : 98304 Uninitialized Data Size : 0 Entry Point : 0x163c5 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6001.18000 Product Version Number : 6.0.6001.18000 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 8 Language Code : English (U.S.) Character Set : Unicode Company Name : Xztfevbqv Kbgbrtftghg File Description : Flnsgrboy ACM Audio Filter File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840) Internal Name : Jhyddtqsf ACM Audio Filter Legal Copyright : © Inorznyop Corporation. All rights reserved. Original Filename : msfltr32.acm Product Name : Xcsltbhjn® Zqtcvkp® Pgkevtdwi Lrgelv Product Version : 6.0.6001.18000
VirusTotal Report submitted 2011-10-07 22:16:10
VirusShare info last updated 2012-07-26 07:22:38

	MD5	5c4db05ad39a038848242177a0af629b
	SHA1	a2f7f87f890edbe87779534b3b84b5c89963e1bc
	SHA256	024e8c56ca94bfd730a356e413f4683631448e19a4c268442dc8e8dcbf874cd3
SSDeep	3072:iQV7z7U8K8zM97tu1G31fyuCorMqqDLy/24SV8:5Vi8zqha8eqqDLuoV8
Size	118784 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-HH [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Genome Panda = Trj/Genetic.gen Rising = Trojan.Win32.Generic.128A765D K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!uL/Tj0Y6aMo eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R01C2GK Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Genome.vdzq SUPERAntiSpyware = Trojan.Agent/Gen-Kundo McAfee-GW-Edition = Vundo!js DrWeb = Trojan.Click1.63787 TrendMicro = TROJ_GEN.R01C2GK Kaspersky = Trojan.Win32.Genome.vdzq Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen McAfee = Vundo!js F-Secure = Gen:Variant.Vundo.16 VIPRE = Virtumonde eSafe = Win32.TRVundo F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.AGKM Norman = W32/Suspicious_Gen2.NPNNC Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.16 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Genome.srdh BitDefender = Gen:Variant.Vundo.16 NOD32 = probably a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:16 03:31:27-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 40960 Initialized Data Size : 118784 Uninitialized Data Size : 0 Entry Point : 0x6ec2 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1998.11.13.0 Product Version Number : 7.0.6.23 File Flags Mask : 0x003f File Flags : (none) File OS : Win16 Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Windows, Latin1 Platform : Windows Company Name : Microsoft Corporation File Description : SQL Client Configuration Utility. File Version : 1998.11.13 Internal Name : CLICONFG. Legal Copyright : Copyright © Microsoft Corp. 1988-1998 Legal Trademarks : Microsoft® is a registered trademark of Microsoft Corporation. Windows(TM) is a trademark of Microsoft Corporation Original Filename : CLICONFG.EXE. Product Name : Microsoft SQL Server Product Version : 7.00.623 Comments : Windows
VirusTotal Report submitted 2012-04-06 02:39:37
VirusShare info last updated 2012-07-26 07:22:54

	MD5	cf3e28daa9f6519f50671c301ce20a53
	SHA1	291d0082170e5074bf40dbef5c17ecab12a698f3
	SHA256	02b9b97b34eab424dba03934ea5dd17c209f76996b99623ed4633097b33948d2
SSDeep	3072:NMOYns7NUEJBa/EIyvdzU3m6AhIfYl3/YGlnMqqDLy/ClK1pn:eOYs77BjUWNhIfYOLqqDLuCgn
Size	135168 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.HDC Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_GEN.R1BC7J9 Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Artemis!CF3E28DAA9F6 DrWeb = Trojan.Click1.64150 TrendMicro = TROJ_GEN.R1BC7J9 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.jcad McAfee = Artemis!CF3E28DAA9F6 F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.AHPF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:09:03 01:15:01-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 65536 Initialized Data Size : 122880 Uninitialized Data Size : 0 Entry Point : 0xc7a6 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : Neutral Character Set : Unicode Company Name : Emekzebcd Jujfaearnvf File Description : Remote Data Services Data Factory File Version : 6.0.6000.16386 (pkqna_rtm.061101-2205) Internal Name : msadcf.dll Legal Copyright : © Pjvnyiaqn Nsflkcrxbph. All rights reserved. Original Filename : msadcf.dll Product Name : Jdftqbwno® Unswqff® Nbimykihm Futoth Product Version : 6.0.6000.16386 Ole Self Register :
VirusTotal Report submitted 2011-10-11 06:23:30
VirusShare info last updated 2012-07-26 07:23:19

	MD5	4105a61675fe4cfc5d3dc59ff338e0f9
	SHA1	97609655f8d4882bdc0a9cbac944ec6c7e5b7641
	SHA256	03fed2b186b1dee7c35d25021fd23afa44d1a3be31030907379dff9c8d826ef1
SSDeep	6144:Ha1N1f/ENm7YcpQbv5HhXXaDpbFhXlbR6H9LGuZhB:6P1f/B7Y+iv59Ab3l8HJ7B
Size	295116 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:Downloader-HDL Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Pirminay.295116 Panda = Suspicious file K7AntiVirus = Riskware TrendMicro-HouseCall = Cryp_Spypro Comodo = TrojWare.Win32.Trojan.Agent.Gen TrendMicro = Cryp_Spypro Microsoft = TrojanDownloader:Win32/Ponmocup.A F-Secure = Gen:Trojan.Heur.RP.sq1@aW2Va8di VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Downloader-HDL AVG = Dropper.Generic3.BSPK Norman = W32/Obfuscated.L Sophos = Mal/Ponmocup-A GData = Gen:Trojan.Heur.RP.sq1@aW2Va8di BitDefender = Gen:Trojan.Heur.RP.sq1@aW2Va8di NOD32 = a variant of Win32/Injector.FXK
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:04:07 21:43:44-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 20480 Initialized Data Size : 532480 Uninitialized Data Size : 0 Entry Point : 0x28af OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Protected Storage COM interfaces File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : pstorec.dll Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : pstorec.dll Product Name : Microsoft® Windows® Operating System Product Version : 6.1.7600.16385
VirusTotal Report submitted 2011-05-23 03:42:13
VirusShare info last updated 2012-07-26 07:24:41

	MD5	2c622e17e99902be78881eb3512e634b
	SHA1	17647dcc737ac4d316d4a924dc161cacca166146
	SHA256	051509f214e270d305cd9caae537cab8cf9cfbc4ec4ed186956cb003eebd1cd8
SSDeep	6144:lCZhSiRik+P7QPgonoTrNNk7BKJDNPDBEUJsMel7FT54Wdo/t04/3p:AZhS5P7QW3NqTSUld5Z2ya
Size	287215 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dldr.Renos.KC.43 Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Dropper/Malware.287215.B Panda = Suspicious file K7AntiVirus = Riskware VBA32 = Trojan.Pirminay.amy TrendMicro-HouseCall = TROJ_GEN.R4FC3AS Comodo = TrojWare.Win32.Renos.~AM Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Downloader.a!vc DrWeb = Trojan.MulDrop1.54177 TrendMicro = TROJ_GEN.R4FC3AS Kaspersky = Trojan.Win32.Pirminay.fck Microsoft = TrojanDownloader:Win32/Renos.KC Fortinet = PossibleThreat PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.eo McAfee = Downloader.a!vc F-Secure = Gen:Variant.Zbot.34 VIPRE = Packed.Win32.Pirminay.a (v) F-Prot = W32/FakeAlert.LP.gen!Eldorado AVG = Downloader.Generic10.ALIJ Norman = W32/Suspicious_Gen2.JXZAB Sophos = Mal/Ponmocup-A GData = Gen:Variant.Zbot.34 Symantec = Trojan.Gen Commtouch = W32/FakeAlert.LP.gen!Eldorado TheHacker = Trojan/Pirminay.aor BitDefender = Gen:Variant.Zbot.34 NOD32 = a variant of Win32/Kryptik.JHJ
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:06:21 07:07:45-04:00 PE Type : PE32 Linker Version : 5.12 Code Size : 280576 Initialized Data Size : 273408 Uninitialized Data Size : 0 Entry Point : 0x45512 OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.53.6200.0 Product Version Number : 2.53.6200.0 File Flags Mask : 0x0003 File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : Neutral Character Set : Unicode Company Name : Microsoft Corporation File Description : Microsoft Data Access - OLE DB Data Conversion Stub File Version : 2.53.6200.0 Internal Name : msdadc.dll Legal Copyright : Copyright (C) Microsoft Corp. 1994-1999 Original Filename : msdadc.dll Product Name : Microsoft Data Access Components Product Version : 2.53.6200.0 Ole Self Register :
VirusTotal Report submitted 2012-03-11 07:12:47
VirusShare info last updated 2012-07-26 07:25:39

	MD5	b07f00e66232df54206577c9202b9975
	SHA1	ba56da6a705c9bec322242776b395acd76a34b45
	SHA256	0544e41680647aa66e4f075b6e1a4610313446d3829aafde297b5bc91a266631
SSDeep	3072:EBpZ96WfPwn760ZKrlaKnBHwdnMRwaDdSO:Effwn79ZK9BQVonN
Size	114688 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-GD [Cryp] Ikarus = Trojan.Win32.Pirminay Panda = Trj/Genetic.gen nProtect = Trojan/W32.Agent2.114688.S K7AntiVirus = Riskware VBA32 = Trojan.Agent2.dlue TrendMicro-HouseCall = TROJ_GEN.R72CRDM Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Artemis!B07F00E66232 DrWeb = Trojan.Siggen3.42285 TrendMicro = TROJ_GEN.R72CRDM Kaspersky = Trojan.Win32.Agent2.dlue Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Agent.evtk McAfee = Artemis!B07F00E66232 F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) eSafe = Win32.TRVundo.Av F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.ONM Norman = W32/Suspicious_Gen2.LESIM Sophos = Troj/Virtum-Gen Symantec = Trojan.Gen GData = Gen:Variant.Vundo.13 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.ndi BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.NDI
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:09:23 03:29:11-04:00 PE Type : PE32 Linker Version : 5.12 Code Size : 45056 Initialized Data Size : 102400 Uninitialized Data Size : 0 Entry Point : 0x8131 OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.0.2134.1 Product Version Number : 5.0.2134.1 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Drdqvcasxqo File Description : Control Panel Console Applet File Version : 5.00.2134.1 Internal Name : Console Legal Copyright : Copyright (C) Tpfkytyvm Corp. 1981-1999 Original Filename : CONSOLE.DLL Product Name : Vhnvgfrur(R) Pnqxxto (R) 2000 Wqrkstcaa Jqirqf Product Version : 5.00.2134.1
VirusTotal Report submitted 2012-06-05 05:27:27
VirusShare info last updated 2012-07-26 07:25:51

	MD5	f9666b986466807c854fa19a4bd37599
	SHA1	585e20a4c0bfbba52e14b3a46fdf8b1448862811
	SHA256	05dc80f4367fa441dd7c02f88d17116e26d6cde2507a389f9a493af3a2c8ad58
SSDeep	3072:iGy6ekU868zM97tu1G31fyuAo5MqqDLy/X4SV8:TyT8zqha8SqqDLupV8
Size	118784 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Malware/Win32.Generic Panda = Suspicious file nProtect = Gen:Variant.Vundo.7 Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Vundo!ji Microsoft = Trojan:Win32/Vundo.gen!AV McAfee = Vundo!ji F-Secure = Gen:Variant.Vundo.7 VIPRE = Virtumonde Avast5 = Win32:Malware-gen AVG = Generic23.AGKM Norman = W32/Suspicious_Gen2.NNSAA GData = Gen:Variant.Vundo.7 BitDefender = Gen:Variant.Vundo.7 NOD32 = probably a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:16 03:31:27-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 40960 Initialized Data Size : 118784 Uninitialized Data Size : 0 Entry Point : 0x6ec2 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1998.11.13.0 Product Version Number : 7.0.6.23 File Flags Mask : 0x003f File Flags : (none) File OS : Win16 Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Windows, Latin1 Platform : Windows Company Name : Microsoft Corporation File Description : SQL Client Configuration Utility. File Version : 1998.11.13 Internal Name : CLICONFG. Legal Copyright : Copyright © Microsoft Corp. 1988-1998 Legal Trademarks : Microsoft® is a registered trademark of Microsoft Corporation. Windows(TM) is a trademark of Microsoft Corporation Original Filename : CLICONFG.EXE. Product Name : Microsoft SQL Server Product Version : 7.00.623 Comments : Windows
VirusTotal Report submitted 2011-07-14 19:51:27
VirusShare info last updated 2012-07-26 07:26:29

	MD5	b9d34406ee175bd1078e509ca1e0c15f
	SHA1	0abba22ecc5c791148f3945050ba54e86e010d40
	SHA256	068383a076b07573aae531ca57423ce5de09a87f11f86cc6fdc82cff1942e5a5
SSDeep	6144:Kx/pL0HVVlb/dwn80rDVz/IMCZT/E0r0riWjycJ1ACysuOHEqHRzRS0:Kx/pLaVJ/uNgMCZRrIe3nOHEqH9RS0
Size	313278 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Spy.313365 Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Dropper/Malware.313278 Panda = Trj/CI.A nProtect = Gen:Variant.Riern.1 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!Z5atj01Vu+Q VBA32 = Trojan.Pirminay.akk TrendMicro-HouseCall = TROJ_GEN.R4FC3AV Comodo = TrojWare.Win32.Trojan.Agent.Gen CAT-QuickHeal = Trojan.Pirminay.fqu McAfee-GW-Edition = Generic.dx!yob TrendMicro = TROJ_GEN.R4FC3AV Kaspersky = Trojan.Win32.Pirminay.fqu Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Pirminay.FQU!tr PCTools = Trojan.ADH McAfee = Generic.dx!yob F-Secure = Gen:Variant.Riern.1 VIPRE = Packed.Win32.Pirminay.a (v) Avast5 = Win32:Malware-gen AVG = Pakes.HSR Norman = W32/Obfuscated.L Sophos = Mal/Generic-L Symantec = Trojan.ADH.2 GData = Gen:Variant.Riern.1 TheHacker = Trojan/Kryptik.hpo BitDefender = Gen:Variant.Riern.1 NOD32 = a variant of Win32/Kryptik.ITO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:08:10 04:33:31-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 7168 Initialized Data Size : 609792 Uninitialized Data Size : 0 Entry Point : 0x28ec OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.3.73.0 Product Version Number : 2.3.73.0 File Flags Mask : 0x003f File Flags : Private build File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Conexant Systems, Inc. File Description : cx88enc_IBV32.sys: MPEG-2 Encoder Driver File Version : 2.3.73.0 (winmain(a-karenp).060801-1910) Internal Name : cx88enc_IBV32.sys Legal Copyright : Copyright © Conexant Systems, Inc. 2001 Original Filename : cx88enc_IBV32.sys Product Name : cx88enc_IBV32.sys Product Version : 2.3.73.0
VirusTotal Report submitted 2011-06-17 20:38:04
VirusShare info last updated 2012-07-26 07:27:13

	MD5	6ae20034002c8e41e8fc28490b93cc48
	SHA1	5e1830769cd1b87b1474e7bd7088bf4cf619cea8
	SHA256	09ff28ac334918b89120097c567edbbab1c04d9c5093ea90cae34f58d34419cf
SSDeep	3072:+kU2Su5mrUauJvbSma3w9TI50Q94Z0ShD25G5galJQQyWlOQ2:+kU2Rmgau5SmqSUx4dNoYgnWlOQ
Size	155648 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.307200 Avast = Win32:MalOb-GD Antiy-AVL = AdWare/Win32.SuperJuan.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Vundo Panda = Spyware/Virtumonde nProtect = Trojan/W32.Agent.155648.YZ K7AntiVirus = Riskware VirusBuster = Adware.Virtumonde!2eM0YNNMp2A TrendMicro-HouseCall = TROJ_GEN.R4FC2EP Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[Cont] McAfee-GW-Edition = Artemis!6AE20034002C DrWeb = Trojan.Juan.431 TrendMicro = TROJ_GEN.R4FC2EP Kaspersky = not-a-virus:AdWare.Win32.SuperJuan.abgn Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Virtum!tr PCTools = Trojan.Gen Jiangmin = Adware/SuperJuan.me McAfee = Artemis!6AE20034002C F-Secure = Gen:Variant.Vundo.4 VIPRE = Virtumonde Avast5 = Win32:MalOb-GD F-Prot = W32/Virtumonde.CD.gen!Eldorado AVG = Generic21.BBBK Norman = W32/Suspicious_Gen2.MKYBP Sophos = Troj/Virtum-Gen Symantec = Trojan.Gen.2 GData = Gen:Variant.Vundo.4 Commtouch = W32/Virtumonde.CD.gen!Eldorado BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Adware.Virtumonde.NHN
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:02 11:26:41-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 94208 Initialized Data Size : 94208 Uninitialized Data Size : 0 Entry Point : 0x13d85 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7000.0 Product Version Number : 6.1.7000.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 2 Language Code : Neutral Character Set : Unicode Company Name : Zgctqjuhl Ufgitmzmetc File Description : Azeri-Latin Keyboard Layout File Version : 6.1.7000.0 (winmain_win7beta.081212-1400) Internal Name : kbdazel (3.13) Legal Copyright : © Zfsoqeftj Idmmgpdsrsv. All rights reserved. Original Filename : kbdazel.dll Product Name : Gbxsssaag® Yfjydck® Dxjnbnulb Yvutlr Product Version : 6.1.7000.0
VirusTotal Report submitted 2011-07-03 22:41:12
VirusShare info last updated 2012-07-26 07:30:36

	MD5	40611633efb0391b8de706148df2587d
	SHA1	1a61d0892859f0d98e488fbc7868e669f865feba
	SHA256	0cd07a67a159b6f088e03aadaf443038de5f63e3950ddbcf9832d7b7d41deb5f
SSDeep	1536:h3fUyAsIUgNXq4AP6Pgf9aL9qOzfiwCOtWX438Rr3Hth:hvUFsIFXq41gY0OzqzOtWX43y3Hz
Size	74240 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Suspicious file Rising = Trojan.Win32.Generic.1252BB11 nProtect = Trojan/W32.Vundo.74240.C K7AntiVirus = Riskware VirusBuster = Trojan.Vundo!A6pq3+GWHRM VBA32 = Trojan.Monder.mkso eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R72C2CU Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Vundo McAfee-GW-Edition = Vundo!hq DrWeb = Trojan.Click1.35194 TrendMicro = TROJ_GEN.R72C2CU Kaspersky = Trojan.Win32.Monder.mrjz Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Genome.ilf McAfee = Vundo!hq F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) eSafe = Win32.TRVundo F-Prot = W32/Virtumonde.BZ.gen!Eldorado AVG = Generic21.AZLH Norman = W32/Kryptik.AIF Sophos = Mal/Generic-L GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen.2 Commtouch = W32/Virtumonde.BZ.gen!Eldorado TheHacker = Trojan/Monder.mpyi BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.HZV
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:06:24 00:33:54-04:00 PE Type : PE32 Linker Version : 5.12 Code Size : 23040 Initialized Data Size : 88064 Uninitialized Data Size : 0 Entry Point : 0x6931 OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.2180 Product Version Number : 5.1.2600.2180 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Processor Device Driver File Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Internal Name : amdk7.sys Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : amdk7.sys Product Name : Microsoft® Windows® Operating System Product Version : 5.1.2600.2180
VirusTotal Report submitted 2012-03-13 08:45:08
VirusShare info last updated 2012-07-26 07:32:27

	MD5	8eb558739c19364b4ee1e6c3371aef2c
	SHA1	62e1c88c34bde0d4b34fa854a0bd195f7c0cad1f
	SHA256	0dd4e573d4f686105233ce34df9b4465775fc98b599263393f265c87c751a1bf
SSDeep	3072:lxBJ8bRDAwT8f6H4XCVdkzEJ3p5w8qJZvUrdlovU:l0DT7PQ451qDww
Size	172032 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-HH [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Genome Panda = Suspicious file nProtect = Gen:Variant.Vundo.16 K7AntiVirus = Riskware eTrust-Vet = Win32/Monder.A!generic TrendMicro-HouseCall = TROJ_GEN.R30CCLK Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Vundo.av SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[Cont] McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.WinSpy.1409 Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Monder.BMF!tr PCTools = Trojan.Vundo McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.16 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.ZOW Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.16 Symantec = Trojan.Vundo!gen9 Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Gen:Variant.Vundo.16 NOD32 = a variant of Win32/Kryptik.NDI
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2007:12:30 12:36:30-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 81920 Initialized Data Size : 122880 Uninitialized Data Size : 0 Entry Point : 0x11521 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Pcwwwkpunkz File Description : Telephony Control Panel File Version : 5.1.2600.0 (lxhmkswv.010817-1148) Internal Name : telephon.cpl Legal Copyright : © Kssungatd Corporation. All rights reserved. Original Filename : telephon.cpl Product Name : Ortclhbwm® Kcktrbn® Lvcbhoiox Azobxg Product Version : 5.1.2600.0
VirusTotal Report submitted 2011-12-22 13:16:12
VirusShare info last updated 2012-07-26 07:33:04

	MD5	241a72def9433851778309e3caa42994
	SHA1	1b9c436137f8a9ff7bfda6794ac18711cf9bff53
	SHA256	10f517881bc1a8064a32f527266a1c4a74dfd1094886040249d73d4da2b8aed3
SSDeep	3072:/HF+hSHfcNU8sW13ULtIz02E+Iy+5Td5ZKgjGFmkuZ2rfIblo1y:P84ci8BgI42kL44orfI4y
Size	176128 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.HDC Rising = Trojan.Win32.Generic.128E9A28 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!uUo3EJri2t4 eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R72C2F2 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Vundo!kk DrWeb = Trojan.WinSpy.1558 TrendMicro = TROJ_GEN.R72C2F2 Kaspersky = Trojan.Win32.Genome.syui Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen McAfee = Vundo!kk F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.BGUE Norman = W32/Suspicious_Gen2.PRGFI Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.13 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Genome.syui BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.NDP
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2007:07:10 23:24:58-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 147456 Initialized Data Size : 61440 Uninitialized Data Size : 0 Entry Point : 0x21831 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1.0.0.1 Product Version Number : 1.0.0.1 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : File Description : Isolation Automation Proxy-stub File Version : 1, 0, 0, 1 Internal Name : sxsoaps Legal Copyright : Copyright 2001 Original Filename : sxsoaps.dll Product Name : Lzvulcrvw Tbcgsqa Product Version : 1, 0, 0, 1 OLE Self Register :
VirusTotal Report submitted 2012-02-23 10:20:52
VirusShare info last updated 2012-07-26 07:35:14

	MD5	72683abcc766ebe39afe5501bf0b641d
	SHA1	02795a490c622343121631040a451f830c352ee8
	SHA256	10f63c1ce75a379e8764749e32b2743d1642dca2204ddb07526745343cc9547b
SSDeep	3072:+2nw3C9d2HIUdWjdR75QKWUDO8st7pYpo2:pwy9w/dWjTlXjDHsz
Size	103424 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:Trojan-gen Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Agent Panda = Suspicious file Rising = Trojan.Win32.Generic.12535B02 K7AntiVirus = Riskware VirusBuster = Trojan.Renos!MMXpJvt0Zek VBA32 = Trojan.Genome.qzfj TrendMicro-HouseCall = TROJ_GEN.R4FC1AS Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Vundo SUPERAntiSpyware = Trojan.Agent/Gen-Redirect McAfee-GW-Edition = Generic.dx!upi DrWeb = Trojan.Click1.32891 TrendMicro = TROJ_GEN.R4FC1AS Kaspersky = Trojan.Win32.Agent.myfa Microsoft = Trojan:Win32/Vundo PCTools = RogueAntiSpyware.SpywareStrike!rem Jiangmin = Trojan/Genome.ihm McAfee = Generic.dx!upi F-Secure = Trojan.Renos.PJY VIPRE = Trojan.Win32.Generic!BT Prevx = Medium Risk Malware Avast5 = Win32:Trojan-gen F-Prot = W32/MalwareF.SODI AVG = Crypt_c.CEV Norman = W32/Suspicious_Gen2.EQFIC Sophos = Mal/Agent-PG Symantec = SpywareStrike GData = Trojan.Renos.PJY Commtouch = W32/MalwareF.SODI TheHacker = Trojan/Kryptik.hhf BitDefender = Trojan.Renos.PJY NOD32 = a variant of Win32/Kryptik.HHF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:17 15:51:36-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 92160 Initialized Data Size : 48640 Uninitialized Data Size : 0 Entry Point : 0x17649 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : Neutral Character Set : Unicode Company Name : Microsoft Corporation File Description : KO Hangeul Keyboard Layout for 101 (Type A) File Version : 6.0.6000.16386 (vista_rtm.061101-2205) Internal Name : kbd101a Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : kbd101a.dll Product Name : Microsoft® Windows® Operating System Product Version : 6.0.6000.16386
VirusTotal Report submitted 2011-05-02 03:46:13
VirusShare info last updated 2012-07-26 07:35:14

	MD5	6c644cbeb5cae6494dd870500f620ce7
	SHA1	0a904a2f400687b0d35fd0c8a5a8dd5aa6d1c2cc
	SHA256	148d5232bd41f33cefc19e4dd448dd360c1ea9cd52143b768ceaf50f7f12e4f5
SSDeep	1536:OIhc3NHPCvtHNc4/TM4JHlCLYo0tl4NEzOFXYDOWie0XwQlqfLvjYlAMqqU+NV21:Or3NH6vti4o4JEGzFOz9llAMqqDLy/B
Size	106496 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-HH [Cryp] Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Vundo Panda = Suspicious file Rising = Trojan.Win32.Generic.129BB1E8 nProtect = Trojan/W32.Genome.106496.O K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!fuh1WEq+pVc VBA32 = Trojan.Genome.vboh eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R11C2H5 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Genome.vboh McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.Click1.63759 TrendMicro = TROJ_GEN.R11C2H5 Kaspersky = Trojan.Win32.Genome.vboh Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.imqp McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.BIGV Norman = W32/Suspicious_Gen2.RJEHF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.13 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.qgj BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.QGJ
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2007:02:27 09:16:06-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 69632 Initialized Data Size : 77824 Uninitialized Data Size : 0 Entry Point : 0xd122 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6001.18000 Product Version Number : 6.0.6001.18000 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Akpnpwrcr Pexeeulhuca File Description : LSM interfaces proxy Dll File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840) Internal Name : lsmproxy Legal Copyright : © Tastipylf Ipxebkcrbut. All rights reserved. Original Filename : lsmproxy.dll Product Name : Rrgtnesae® Tymuurc® Qmgdoyonk Qtzlas Product Version : 6.0.6001.18000
VirusTotal Report submitted 2012-04-25 13:41:41
VirusShare info last updated 2012-07-26 07:37:33

	MD5	5e2fba630a7728aaa9145aa8b9c3e81c
	SHA1	b7f5d9cc78f00c122b7ea03a1ba521fe744f28c5
	SHA256	152fe0a687b6fb7429b2ad104fddce076e0dc894f919b82bd85992ff7e97f1ca
SSDeep	1536:U4VwSC/UXuY28bQJjml9I3k3lQ36QDkUs4:UIwx8b20QJj83lQ39kZ
Size	49664 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.AV.522 Avast = Win32:MalOb-GH [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Trj/Genetic.gen Rising = Trojan.Win32.Generic.129644ED nProtect = Trojan/W32.Small.49664.EE K7AntiVirus = Riskware eTrust-Vet = Win32/Vundo.A!generic TrendMicro-HouseCall = TROJ_GEN.R47C2FB Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Artemis!5E2FBA630A77 DrWeb = Trojan.WinSpy.1071 TrendMicro = TROJ_GEN.R47C2FB Kaspersky = UDS:DangerousObject.Multi.Generic ViRobot = Trojan.Win32.Vundo.49664 Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.isio McAfee = Artemis!5E2FBA630A77 F-Secure = Trojan.Generic.KDV.249144 F-Prot = W32/Virtumonde.ST AVG = Generic22.COOO Sophos = Troj/Virtum-Gen Symantec = Trojan.Gen GData = Trojan.Generic.KDV.249144 Commtouch = W32/Virtumonde.ST TheHacker = Trojan/Kryptik.ocu BitDefender = Trojan.Generic.KDV.249144 NOD32 = a variant of Win32/Kryptik.OCU
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2004:08:16 10:16:46-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 40960 Initialized Data Size : 49152 Uninitialized Data Size : 0 Entry Point : 0xaeb1 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2001.12.4414.258 Product Version Number : 3.0.0.4414 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Windows, Latin1 Company Name : Yzwibhlqj Ewifvhxbtkz File Description : Simple Kernel-mode File-based Log File Version : 2001.12.4414.258 Internal Name : txflog.sys Legal Copyright : Copyright (C) Microsoft Corp. 1995-1999 Legal Trademarks : Qfvwqsgxa(R) is a registered trademark of Ighyzngxg Psbzwdzhbpn. Pbnyczd(TM) is a trademark of Zlpagiibr Klpywuagrfb Product Name : COM Services Product Version : 03.00.00.4414
VirusTotal Report submitted 2011-11-03 04:42:24
VirusShare info last updated 2012-07-26 07:37:55

	MD5	e3621c94ace9e11cd5e95fc4b9e3be5b
	SHA1	76e5602f06a94b6eb6f8e726fa2c715bec177a02
	SHA256	167573f0531739eb26abc46b17d934990ff4108f1c0e93cfeadeeada272b56f8
SSDeep	1536:Ub5o9ZTBCP6W5IXrEOwn61zdVbaMd259G20qmCqZ8WWnc7cSmGHdAiNGsNP0iNcI:6u9ZTBCP6i0rPeMd259GbtA4cSmCdNNb
Size	91648 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Gen Panda = Suspicious file Rising = Trojan.Win32.Generic.128EE18A nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!vaUi/YqhvNA TrendMicro-HouseCall = TROJ_GEN.R72C2HP Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Vundo!ma TrendMicro = TROJ_GEN.R72C2HP Kaspersky = UDS:DangerousObject.Multi.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen McAfee = Vundo!ma F-Secure = Gen:Variant.Vundo.4 VIPRE = Virtumonde F-Prot = W32/Virtumonde.BZ.gen!Eldorado AVG = Generic24.CRD Norman = W32/Suspicious_Gen2.PSPXI GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen.2 Commtouch = W32/Virtumonde.BZ.gen!Eldorado BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.NHN
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:08:08 04:18:47-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 55296 Initialized Data Size : 56320 Uninitialized Data Size : 0 Entry Point : 0xe617 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : BRPINFO Module File Version : 5.1.2600.0 (xpclient.010817-1148) Internal Name : brpinfo.DLL Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : brpinfo.DLL Product Name : Microsoft® Windows® Operating System Product Version : 5.1.2600.0
VirusTotal Report submitted 2011-10-13 05:50:35
VirusShare info last updated 2012-07-26 07:38:51

	MD5	6311d3697c567e02d055deaab55f4940
	SHA1	eb5cdf25bd2f082a9b3357f9e38d94c00bdf4b10
	SHA256	16819cc7fc8df2bc92d09631778e898f56dd8ee58d881a84c9f9a42b8b56bb27
SSDeep	3072:h/357kgdlRXEfNHHJyM5vOBTDNy2aJ/7e2/u3NoX/5o/MqqDLy/4FP:h/pAgfRXEFJxo1eJ/pz/FqqDLuQ
Size	195072 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.ghj Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Genome Panda = Suspicious file Rising = Trojan.Win32.Generic.12960ADE nProtect = Trojan/W32.Diple.195072.B K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!zWni2HBidzM eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.USCN25 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Diple.dmvt SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[Cont] McAfee-GW-Edition = Vundo!ln DrWeb = Trojan.WinSpy.1296 TrendMicro = TROJ_GEN.USCN25 Kaspersky = Trojan.Win32.Diple.dmvt Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.iltg McAfee = Vundo!ln F-Secure = Gen:Variant.Vundo.4 VIPRE = Virtumonde F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.BHZJ Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen.2 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.qgj BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.QGJ
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2005:03:25 21:57:08-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 155648 Initialized Data Size : 90112 Uninitialized Data Size : 0 Entry Point : 0x22cdf OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.0.50727.4927 Product Version Number : 2.0.50727.4927 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Iyljphate Oxuequheeij File Description : IE Remoting Interface File Version : 2.0.50727.4927 (NetFXspW7.050727-4900) Internal Name : IIEHost.dll Legal Copyright : © Mcqycqzrc Kwawvxqozwh. All rights reserved. Original Filename : IIEHost.dll Product Name : Qkvamnjuw® .NET Framework Product Version : 2.0.50727.4927 Comments : Flavor=Retail
VirusTotal Report submitted 2012-04-13 14:47:53
VirusShare info last updated 2012-07-26 07:38:54

	MD5	e275343586d9635924d9da40669d7122
	SHA1	ee522e51d7f5a8f3ebd68759d22e5777a0447e0c
	SHA256	16c5e3d5b26fbd2d2458f5cd135e04d0e9799cf97eea7a3c810cc6f283260e42
SSDeep	1536:43ESCOoGFfygdVPzvdAblHNw+LOJnk45Px9:2EdOoGFPdBiBu+LukQr
Size	70144 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-HH [Cryp] Ikarus = Trojan.Win32.Vundo AhnLab-V3 = Trojan/Win32.Pirminay Panda = Suspicious file Rising = Trojan.Win32.Generic.124E1B90 nProtect = Trojan/W32.Vundo.70144.O K7AntiVirus = Riskware VirusBuster = Trojan.Monder!dDwAK7dcrZE VBA32 = Trojan.Pirminay.acf eTrust-Vet = Win32/Vundo.HTN!genus TrendMicro-HouseCall = TROJ_GEN.R4FC1KM Emsisoft = Trojan.Win32.Vundo!IK Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Vundo McAfee-GW-Edition = Vundo!lg DrWeb = Trojan.Siggen2.7799 TrendMicro = TROJ_GEN.R4FC1KM Kaspersky = Trojan.Win32.Monder.mkxs Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.dv McAfee = Vundo!lg F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.BZ.gen!Eldorado AVG = Generic24.LLJ Norman = W32/Suspicious_Gen2.QAFNY GData = Gen:Variant.Vundo.13 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.BZ.gen!Eldorado TheHacker = Trojan/Monder.mkeo BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.IRI
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2005:03:15 21:46:18-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 28672 Initialized Data Size : 77312 Uninitialized Data Size : 0 Entry Point : 0x7e07 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6001.18000 Product Version Number : 6.0.6001.18000 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Link-Layer Topology Mapper Service File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840) Internal Name : LLTDSVC.DLL Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : LLTDSVC.DLL Product Name : Microsoft® Windows® Operating System Product Version : 6.0.6001.18000
VirusTotal Report submitted 2012-04-30 03:50:08
VirusShare info last updated 2012-07-26 07:39:04

	MD5	c75dffa52b109489adc18d4ea608599c
	SHA1	8dc100690d170f7a55fbcce7935f032f090cf8f9
	SHA256	16e63e688053ddd62dd865cb5ba0840114083b64880ef6aee11da6adb0663989
SSDeep	1536:6iSQt0Bpec6OFjvClMY/2C75Q9cUSaN2eqFKdJHrXeEaMRfJa1Q+vpVCqX+Mi:6Jzec6OJC2YuC7yvjqIPHSETRffApyM
Size	108032 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/Win32.Menti.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Menti Panda = Trj/Genetic.gen nProtect = Gen:Variant.Renos.61 K7AntiVirus = Riskware VBA32 = AdWare.SuperJuan.heur Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Vundo.av McAfee-GW-Edition = Artemis!C75DFFA52B10 DrWeb = Trojan.Siggen2.29520 Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr Jiangmin = Trojan/Generic.cttb McAfee = Vundo!mr F-Secure = Gen:Variant.Renos.61 F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Cryptic.BTF Norman = W32/Kryptik.AIF Sophos = Mal/EncPk-XI GData = Gen:Variant.Renos.61 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.jhe BitDefender = Gen:Variant.Renos.61 NOD32 = a variant of Win32/Kryptik.JHE
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:08:12 22:23:24-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 61440 Initialized Data Size : 81408 Uninitialized Data Size : 0 Entry Point : 0xfd34 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.0 Product Version Number : 5.2.3790.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : ACPI Embedded Controller Driver File Version : 5.2.3790.0 (srv03_rtm.030324-2048) Internal Name : acpiec.sys Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : acpiec.sys Product Name : Microsoft® Windows® Operating System Product Version : 5.2.3790.0
VirusTotal Report submitted 2011-10-28 05:09:56
VirusShare info last updated 2012-07-26 07:39:08

	MD5	7da9aa7642ef6c83a4b89f67dee5da46
	SHA1	8de32699cf0c2fa4d478efb9fa042d1b5fa1b26f
	SHA256	18088040b33c35adedd7533b37df54ed92c8472ab057e1d4fad367dc4a229495
SSDeep	3072:i69QG6U8B8zM97tu1G31fyu6oTMqqDLy/a4SV8:T9g8zqha8mqqDLuUV8
Size	118784 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-HH [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Genome Panda = Trj/Genetic.gen Rising = Trojan.Win32.Generic.128D7B26 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!IwmjotsYabA eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R47C2G4 Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Vundo.av SUPERAntiSpyware = Trojan.Agent/Gen-Kundo McAfee-GW-Edition = Vundo!ja DrWeb = Trojan.Click1.63787 TrendMicro = TROJ_GEN.R47C2G4 Kaspersky = Trojan.Win32.Genome.vgvq Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Vundo Jiangmin = Trojan/Generic.aaznh McAfee = Vundo!ja F-Secure = Gen:Variant.Vundo.16 VIPRE = Trojan.Win32.Kryptik.laq (v) eSafe = Win32.TRVundo F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.AGKM Norman = W32/Suspicious_Gen2.NIOQL Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.16 Symantec = Trojan.Vundo!gen9 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Genome.srdh BitDefender = Gen:Variant.Vundo.16 NOD32 = probably a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:16 03:31:27-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 40960 Initialized Data Size : 118784 Uninitialized Data Size : 0 Entry Point : 0x6ec2 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1998.11.13.0 Product Version Number : 7.0.6.23 File Flags Mask : 0x003f File Flags : (none) File OS : Win16 Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Windows, Latin1 Platform : Windows Company Name : Microsoft Corporation File Description : SQL Client Configuration Utility. File Version : 1998.11.13 Internal Name : CLICONFG. Legal Copyright : Copyright © Microsoft Corp. 1988-1998 Legal Trademarks : Microsoft® is a registered trademark of Microsoft Corporation. Windows(TM) is a trademark of Microsoft Corporation Original Filename : CLICONFG.EXE. Product Name : Microsoft SQL Server Product Version : 7.00.623 Comments : Windows
VirusTotal Report submitted 2012-05-03 15:12:21
VirusShare info last updated 2012-07-26 07:39:43

	MD5	d885f379a02bd8e4df43c5b191ecd275
	SHA1	0697412d6366604e278a86f4420716d9d45c81f3
	SHA256	190b3a22baa21dde4176157927fb7d9373b568d342bd9b0142417c376333b2d3
SSDeep	6144:FyMsJzVrZ2MW3kyDhZI/NnAHZaeKmeGdEjlbZebhrRBPMB+v:F8JyvUyDbMnA56f2hFBPMq
Size	250419 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:Trojan-gen Antiy-AVL = Trojan/Win32.Jorik Ikarus = Trojan.Win32.Jorik AhnLab-V3 = Dropper/Malware.250419 Panda = Trj/CI.A nProtect = Gen:Variant.Downloader.10 K7AntiVirus = Riskware VirusBuster = Trojan.Injector!M/8mCdETuGI VBA32 = Trojan.Jorik.Pirminay.bu TrendMicro-HouseCall = TROJ_GEN.R28C2I9 Emsisoft = Trojan.Win32.Jorik!IK Comodo = TrojWare.Win32.Trojan.Agent.Gen SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Generic Downloader.x!gby ByteHero = Trojan.Win32.Heur.Gen TrendMicro = TROJ_GEN.R28C2I9 Kaspersky = Trojan.Win32.Jorik.Pirminay.xu Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Jorik.K!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.hxys McAfee = Generic Downloader.x!gby F-Secure = Trojan.Generic.KDV.303242 VIPRE = Trojan.Win32.Generic!BT AVG = Dropper.Generic4.RTQ Norman = W32/Obfuscated.L GData = Trojan.Generic.KDV.303242 Symantec = Trojan.Gen TheHacker = Trojan/Jorik.Pirminay.kn BitDefender = Trojan.Generic.KDV.303242 NOD32 = a variant of Win32/Injector.HZU
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 229376 Initialized Data Size : 24576 Uninitialized Data Size : 40960 Entry Point : 0x42510 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1.0.13.0 Product Version Number : 1.0.13.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 1 Language Code : Danish Character Set : Unicode Comments : Company Name : Igztgvurp Rvsmlsadwvg File Description : Lexmark 3200 Color Jetprinter File Version : 1, 0, 13, 0 Internal Name : LXSYSRES.DLL Legal Copyright : Copyright (C) Gkwziauas Corp. 1981-1997 Legal Trademarks : Original Filename : OEMRES Private Build : Product Name : Psyhpqmts(R) Nwoaxuy NT(R) Operativsystem Product Version : 1, 0, 13, 0 Special Build :
VirusTotal Report submitted 2011-10-05 04:51:12
VirusShare info last updated 2012-07-26 07:40:19

	MD5	31bb5354376d78b0b5c1a404196a7f5c
	SHA1	55850a1aa81755ef3965df2bcdb1c04982cba329
	SHA256	1b51ab8d73427e3e3f82894409366c71a49b4fac69630a89e5ae794aa42950ab
SSDeep	1536:VhK3f5hiCWWMd5GiLlFGYR2l9F1SdWfnF+Qn85uRlEMqqU+NV23S2lo:VUP5hdvuFGJlQdW9f8kRlEMqqDLy/lo
Size	106496 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:Pirminay-BU [Trj] Antiy-AVL = Trojan/Win32.Delf.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Genome Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.4 VirusBuster = Trojan.Kryptik!XXKVEbmXbhw eTrust-Vet = Win32/Monder.A!generic TrendMicro-HouseCall = TROJ_GEN.R11C2GO Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Vundo!mj DrWeb = Trojan.MulDrop2.36782 TrendMicro = TROJ_GEN.R11C2GO Kaspersky = Trojan.Win32.Genome.vdco Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen Jiangmin = TrojanDownloader.Delf.abna McAfee = Vundo!mj F-Secure = Gen:Variant.Vundo.4 VIPRE = Virtumonde AVG = Generic23.AOVK Norman = W32/Obfuscated.C2!genr GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen TheHacker = Trojan/Genome.sqcu BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.QGJ
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:09:07 22:36:33-04:00 PE Type : PE32 Linker Version : 6.0 Code Size : 36864 Initialized Data Size : 110592 Uninitialized Data Size : 0 Entry Point : 0x4c8e OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Skpmzzglk Corporation File Description : Japwccd Write File Version : 5.1.2600.0 (lusplhbl.010817-1148) Internal Name : write Legal Copyright : © Cgjeupiyp Pllcycjuauu. All rights reserved. Original Filename : write Product Name : Mvfgrdqcn® Ovzuisr® Optfepazy Mexelr Product Version : 5.1.2600.0
VirusTotal Report submitted 2011-10-08 00:18:10
VirusShare info last updated 2012-07-26 07:41:33

	MD5	676e6b938826eb9bd0c4d62f32db0395
	SHA1	269bc54b9759ceb377bb61edbe07c5f6eeb9fe72
	SHA256	201ace47a5ebc75743974af85b519f9d40df6187e8d37b9fe9f9441eaf1815ec
SSDeep	12288:HqsfPxh006aCUnFW3ebiEhW/m8ksZpaj/L:Hqg00YuMDG
Size	473510 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	Ikarus = Trojan.Win32.Pirminay nProtect = Gen:Variant.Zbot.34 VIPRE = Packed.Win32.Pirminay.a (v) AVG = SHeur3.CCSV GData = Gen:Variant.Zbot.34 BitDefender = Gen:Variant.Zbot.34 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:04:18 12:44:41-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 16384 Initialized Data Size : 909312 Uninitialized Data Size : 0 Entry Point : 0x44d0 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.5512 Product Version Number : 5.1.2600.5512 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Ocrjhpnph Zwlhwyrtfiq File Description : WMI Performance Reverse Adapter Resources File Version : 5.1.2600.5512 (xpsp.080413-2108) Internal Name : WmiApRes.dll Legal Copyright : © Pphdsczhk Pelncsfchhq. All rights reserved. Original Filename : WmiApRes.dll Product Name : Hbwocjreq® Uaxskmd® Favmhwfcn Kyrnlj Product Version : 5.1.2600.5512
VirusTotal Report submitted 2011-06-04 07:07:01
VirusShare info last updated 2012-07-26 07:44:02

	MD5	9b0094336bc62a16285cbd0be0664026
	SHA1	670f206df718f46d17ccc555fc23b066bae2aec0
	SHA256	232f6dff5e77391d249c6d58d413845908b94b7df63c08edbca9e0a660c871ed
SSDeep	1536:D7bxgqYg1Jgfqwwl5bHqYiyBt9d39LUt5rj3+R:D7mqYg3dHIyBt9d3M2
Size	70144 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-EI [Cryp] Ikarus = Virus.Win32.Vundo AhnLab-V3 = Trojan/Win32.Pirminay Panda = Suspicious file Rising = Trojan.Win32.Generic.125F85A2 nProtect = Trojan/W32.Vundo.70144.R K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!ZB7aJ7ziKUQ TrendMicro-HouseCall = TROJ_SPNR.15KL11 Comodo = UnclassifiedMalware Emsisoft = Virus.Win32.Vundo!IK DrWeb = Trojan.Virtumod.10451 TrendMicro = TROJ_SPNR.15KL11 Kaspersky = Trojan.Win32.Pirminay.ope Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Pirminay.fo F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.BZ.gen!Eldorado AVG = Generic24.COPD Norman = W32/Suspicious_Gen2.QVYHR Sophos = Mal/Generic-L Symantec = Trojan.Gen.2 GData = Gen:Variant.Vundo.4 Commtouch = W32/Virtumonde.BZ.gen!Eldorado BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.ITN
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:04 13:24:47-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 23040 Initialized Data Size : 83968 Uninitialized Data Size : 0 Entry Point : 0x679d OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : DHCP Client Service File Version : 5.1.2600.0 (xpclient.010817-1148) Internal Name : dhcpcsvc.dll Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : dhcpcsvc.dll Product Name : Microsoft® Windows® Operating System Product Version : 5.1.2600.0
VirusTotal Report submitted 2012-05-22 02:23:47
VirusShare info last updated 2012-07-26 07:45:36

	MD5	97e41a82f9664cbd7eaf2542cab997c0
	SHA1	f4c4be6399230ccc9ba3f8a1f489f49c64229365
	SHA256	2467d31b5817d339b849bb25fc13db9c705b39eb6962f739a40dd955dc3c2495
SSDeep	6144:ACgdGXXbaRrYVjDhIRLnRzhTOspw84GYsCaBwEmPdJyNJczf9br9uPWfSh3B3PEa:udGnuRI/hILhTOsO84GVB/ufsfEa
Size	433676 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dldr.Ponmocup.A.203 Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Generic Trojan VirusBuster = Trojan.Qhost!Z52KWsAUqBg VBA32 = Trojan.Pirminay.euw TrendMicro-HouseCall = TROJ_GEN.R3EC2DA Comodo = TrojWare.Win32.Trojan.Agent.Gen McAfee-GW-Edition = Artemis!97E41A82F966 TrendMicro = TROJ_GEN.R3EC2DA Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Pirminay.EVF!tr Jiangmin = Trojan/Pirminay.rg McAfee = Artemis!97E41A82F966 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Malware-gen AVG = Generic21.CMLF Norman = W32/Obfuscated.L Sophos = Mal/Ponmocup-A GData = Trojan.Generic.KDV.178521 TheHacker = Trojan/Qhost.nrx BitDefender = Trojan.Generic.KDV.178521 NOD32 = Win32/Qhost.NRX
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:11:03 00:24:02-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 57344 Initialized Data Size : 745472 Uninitialized Data Size : 0 Entry Point : 0xaac7 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.5512 Product Version Number : 5.1.2600.5512 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Btgivyxyt Duhypwpsfod File Description : 802.3 Autoconfiguration API File Version : 5.1.2600.5512 (xpsp.080413-0852) Internal Name : dot3api.dll Legal Copyright : © Xeedcjyia Swbeosbjapn. All rights reserved. Original Filename : dot3api.dll Product Name : Vghwqemlg® Windows® Obmkcfcrx Nuigfn Product Version : 5.1.2600.5512
VirusTotal Report submitted 2011-04-22 08:36:34
VirusShare info last updated 2012-07-26 07:46:15

	MD5	a2f76f115b14015e9c3803df2642917b
	SHA1	167ef7076dc4ca0e052112d355ae53616ef5647c
	SHA256	24faed1ad2d9915c50c5ddfe6fc2be4395e1f7fff5c976550360bb5d93a9a0e6
SSDeep	3072:+2nw3C9d2HIUdWjdR75QKWUDO8st7pKpo2:pwy9w/dWjTlXjDHsR
Size	103424 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:Trojan-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Genome Panda = Suspicious file Rising = Trojan.Win32.Generic.12535B02 nProtect = Joke/W32.Renos.103424.C K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!Pznz1/qwDE0 TrendMicro-HouseCall = TROJ_GEN.R47C2K8 Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Redirect McAfee-GW-Edition = Generic.dx!uno TrendMicro = TROJ_GEN.R47C2K8 Kaspersky = Trojan.Win32.Genome.rnab Microsoft = Trojan:Win32/Vundo PCTools = RogueAntiSpyware.SpywareStrike!rem Jiangmin = Trojan/Genome.ihm McAfee = Generic.dx!uno F-Secure = Trojan.Renos.PJY VIPRE = Trojan.Win32.Generic!BT Prevx = Medium Risk Malware Avast5 = Win32:Trojan-gen F-Prot = W32/Virtumonde.BZ.gen!Eldorado AVG = Crypt_c.CEV Norman = W32/Suspicious_Gen2.GEONP Sophos = Mal/Agent-PG Symantec = SpywareStrike GData = Trojan.Renos.PJY Commtouch = W32/Virtumonde.BZ.gen!Eldorado TheHacker = Trojan/Kryptik.hhf BitDefender = Trojan.Renos.PJY NOD32 = a variant of Win32/Kryptik.HHF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:17 15:51:36-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 92160 Initialized Data Size : 48640 Uninitialized Data Size : 0 Entry Point : 0x17649 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : Neutral Character Set : Unicode Company Name : Microsoft Corporation File Description : KO Hangeul Keyboard Layout for 101 (Type A) File Version : 6.0.6000.16386 (vista_rtm.061101-2205) Internal Name : kbd101a Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : kbd101a.dll Product Name : Microsoft® Windows® Operating System Product Version : 6.0.6000.16386
VirusTotal Report submitted 2011-03-09 18:46:31
VirusShare info last updated 2012-07-26 07:46:34

	MD5	6a6e020fd9e3a47cc119f01fd5fee61c
	SHA1	732864bf0a8d4dd83184a498009b5310e3db91d1
	SHA256	2a172698dbd9902b2f96590fce150e71dd50ff4fb749e85a38cbfbbeeb8e2918
SSDeep	1536:bSYv0G2yXJ/m7dlAkf+0BGIjjJUTYGQehLzto+767FWWXZZWxXICDdze:bX2HlAijjWTRztrUXpZW5bDdze
Size	97792 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay Panda = Suspicious file Rising = Trojan.Win32.Generic.128F3A54 nProtect = Trojan/W32.Agent.97792.FK K7AntiVirus = Riskware VirusBuster = Trojan.Monder!iMzavG1LERM eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R08C2JS Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Artemis!6A6E020FD9E3 DrWeb = Trojan.Click1.43075 TrendMicro = TROJ_GEN.R08C2JS Kaspersky = Trojan.Win32.Monder.mkjy Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Genome.ipb McAfee = Artemis!6A6E020FD9E3 F-Secure = Trojan.Agent.AQPW VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.BZ.gen!Eldorado AVG = Crypt_c.BDQ Norman = W32/Kryptik.AIF Sophos = Mal/Generic-L GData = Trojan.Agent.AQPW Symantec = Trojan.Gen Commtouch = W32/Virtumonde.BZ.gen!Eldorado TheHacker = Trojan/Kryptik.gnd BitDefender = Trojan.Agent.AQPW NOD32 = a variant of Win32/Kryptik.GND
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:01 07:51:19-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 88064 Initialized Data Size : 45056 Uninitialized Data Size : 0 Entry Point : 0x165f7 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Windows Media Video Decoder File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : wmvdecod.dll Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : wmvdecod.dll Product Name : Microsoft® Windows® Operating System Product Version : 6.1.7600.16385 Ole Self Register :
VirusTotal Report submitted 2012-04-14 03:30:58
VirusShare info last updated 2012-07-26 07:49:40

	MD5	32f53482b24c16149f47b21c9d74b1cd
	SHA1	446069e726b1affadbd294de532811f2c2566f6c
	SHA256	316f36aedd9e7c569f3940f0a27bca6c93c0bc2b079347e65a5c6bfc7f1773a1
SSDeep	768:v25LRu5T9Up1IlQV7QcRwHc4lopRN+R5+JxJv4xBEu6onsXKhX:v25LRrIlQV8UwHdqpr+R5+JxJwxBua5
Size	52224 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Suspicious file Rising = Trojan.Win32.Generic.128A4A3D nProtect = Trojan/W32.Monder.52224.HU K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!s5EryAqt8/E VBA32 = Trojan.Genome.odci eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R4FC2LV Comodo = TrojWare.Win32.Trojan.Genome.~AWI Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Vundo McAfee-GW-Edition = Vundo!gy DrWeb = Trojan.Virtumod.10214 TrendMicro = TROJ_GEN.R4FC2LV Kaspersky = Trojan.Win32.Genome.odci Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Genome.ipd McAfee = Vundo!gy F-Secure = Trojan.Generic.4927487 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.BZ.gen!Eldorado AVG = Crypt_c.AYG Norman = W32/Kryptik.AIF Sophos = Mal/Generic-L GData = Trojan.Generic.4927487 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.BZ.gen!Eldorado TheHacker = Trojan/Genome.odci BitDefender = Trojan.Generic.4927487 NOD32 = a variant of Win32/Kryptik.GND
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:03:22 11:31:02-05:00 PE Type : PE32 Linker Version : 6.0 Code Size : 12288 Initialized Data Size : 74240 Uninitialized Data Size : 0 Entry Point : 0x3d7d OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1.1.2427.0 Product Version Number : 1.0.0.0 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : Neutral Character Set : Unicode Company Name : Microsoft Corporation File Description : Windows Movie Maker File Version : 1, 1, 2427, 0 Internal Name : WMMFilt Legal Copyright : Copyright © 1987-2001 Microsoft Corporation. Original Filename : WMMFilt.DLL Product Name : Windows Movie Maker Product Version : 1.1.2427.0 OLE Self Register :
VirusTotal Report submitted 2012-02-21 13:32:40
VirusShare info last updated 2012-07-26 07:53:48

	MD5	19155646f265d5bd716506b3c58d49ef
	SHA1	545d686f2eb01b57a89a8adeba521408e908a3ab
	SHA256	31c72dfebf6ae689d9e430612ed501e4f25d2f799ab3dd22611c98f29b4f6b62
SSDeep	768:07lUj9kGQSLdZ+9S5BbJBFRMG7Ff4HmSU5jgYLMAvCiHLZcS7T/IKT5:0RyQSLr+E5BbJBFRMG7FPtgJlqySAKT5
Size	49152 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Menti K7AntiVirus = Riskware VBA32 = AdWare.SuperJuan.heur eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R4FC2IJ Emsisoft = Trojan.Win32.Pirminay!IK Comodo = TrojWare.Win32.Genome.~BS McAfee-GW-Edition = Vundo!od TrendMicro = TROJ_GEN.R4FC2IJ Kaspersky = Trojan.Win32.Menti.jhss Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Menti.gql McAfee = Vundo!od F-Secure = Gen:Variant.Vundo.5 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Cryptic.BTF Norman = W32/Kryptik.AIF Symantec = Trojan.Gen.2 GData = Gen:Variant.Vundo.5 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.jhe BitDefender = Gen:Variant.Vundo.5 NOD32 = a variant of Win32/Kryptik.JHE
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:07:30 17:36:22-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 7168 Initialized Data Size : 79360 Uninitialized Data Size : 0 Entry Point : 0x285e OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.5512 Product Version Number : 5.1.2600.5512 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : Neutral Character Set : Unicode Company Name : Microsoft Corporation File Description : JP Japanese Keyboard Layout for IBM 5576-002/003 File Version : 5.1.2600.5512 (xpsp.080413-2105) Internal Name : kbdibm02 Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : kbdibm02.dll Product Name : Microsoft® Windows® Operating System Product Version : 5.1.2600.5512
VirusTotal Report submitted 2012-03-07 10:43:43
VirusShare info last updated 2012-07-26 07:54:00

	MD5	2d7b6392d73177a0468d2578416596ac
	SHA1	22177a3b4511dd2f1f47e20c7b47e29ca2411fb1
	SHA256	3376fb2b7de0728c672f93d39f86ff9739e55a4a0edd337a80b6ad76a0f2000f
SSDeep	6144:/4wOicvxO1X+rHh1W+R81AFWubEAFztZDf1:7dWO1X6c+JNwARrD9
Size	286716 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.FKM.Gen Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Pirminay.286716 Panda = Suspicious file nProtect = Trojan.Generic.4830822 K7AntiVirus = Riskware VBA32 = Trojan.Pirminay.bjp TrendMicro-HouseCall = TROJ_GEN.R34E1CI Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Pirminay.bjp McAfee-GW-Edition = Generic.dx!vis DrWeb = Trojan.Hosts.2628 TrendMicro = TROJ_GEN.R34E1CI Kaspersky = Trojan.Win32.Pirminay.bjp Microsoft = TrojanDownloader:Win32/Ponmocup.A PCTools = HeurEngine.MaliciousPacker Jiangmin = Trojan/Pirminay.dn McAfee = Generic.dx!vis VIPRE = Packed.Win32.Pirminay.a (v) Avast5 = Win32:Malware-gen eSafe = Win32.TRCrypt.Fkm F-Prot = W32/FakeAlert.LP.gen!Eldorado AVG = Generic18.AWLV Norman = W32/Obfuscated.L Sophos = Mal/Generic-L Symantec = Packed.Generic.305 GData = Trojan.Generic.4830822 Commtouch = W32/FakeAlert.LP.gen!Eldorado TheHacker = Trojan/Pirminay.nf BitDefender = Trojan.Generic.4830822 NOD32 = a variant of Win32/Kryptik.HKC
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2007:02:22 02:41:33-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 279040 Initialized Data Size : 268288 Uninitialized Data Size : 0 Entry Point : 0x44f58 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.0 Product Version Number : 5.2.3790.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Windows Write File Version : 5.2.3790.0 (srv03_rtm.030324-2048) Internal Name : write Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : write Product Name : Microsoft® Windows® Operating System Product Version : 5.2.3790.0
VirusTotal Report submitted 2011-05-18 06:18:36
VirusShare info last updated 2012-07-26 07:55:12

	MD5	e4ece3aad05d646af318d12786ad7202
	SHA1	641c891d8f1b9c29dab15505b06e5221e04a1f3e
	SHA256	36afdcd497188e14f5e22690278d7d328df96b07067826b632ce56340630e4e4
SSDeep	1536:Kpio5iQKo2hgt0/YHbZmR/wfwuhZnuyvccCK+N/0zhQ2AclcWcWdo:vogFhgt0/YFGMnuy1CT4hQ8lcWcWdo
Size	93696 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.aba.1 Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/Win32.Monder.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Vundo Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.13 K7AntiVirus = Riskware VirusBuster = Trojan.Monder!NTRlaqm7GtQ TrendMicro-HouseCall = TROJ_GEN.R11C2FF Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[Cont] McAfee-GW-Edition = Vundo!kc DrWeb = Trojan.Click1.54948 TrendMicro = TROJ_GEN.R11C2FF Kaspersky = Trojan.Win32.Monder.mpjk Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Vundo!rem Jiangmin = Trojan/Monder.abyk McAfee = Vundo!kc F-Secure = Trojan.Vundo.5167 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CD.gen!Eldorado AVG = Generic21.BEPF Norman = W32/Suspicious_Gen2.QLXIL Sophos = Troj/Virtum-Gen GData = Trojan.Vundo.5167 Symantec = Trojan.Vundo Commtouch = W32/Virtumonde.CD.gen!Eldorado TheHacker = Trojan/Kryptik.lxf BitDefender = Trojan.Vundo.5167 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:03:29 13:20:18-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 45056 Initialized Data Size : 90112 Uninitialized Data Size : 0 Entry Point : 0x8079 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Tczlgayud Lashwdryrso File Description : TPM WMI Provider File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : Win32_Tpm.DLL Legal Copyright : © Uqyrnikyv Corporation. All rights reserved. Original Filename : Win32_Tpm.DLL Product Name : Mctvsxyca® Sjfzjzy® Dacrqbvzf Ndhpdj Product Version : 6.1.7600.16385
VirusTotal Report submitted 2011-09-28 15:51:22
VirusShare info last updated 2012-07-26 07:57:14

	MD5	fcd5d6114b18f8c17aa79a80fe58d655
	SHA1	1bfb260db48427ee414cff1e0f304b803fb46421
	SHA256	3a0a451b7b9aaf94e93b90912c7cb3fd3c25724067b5ce66cbbbe1521ba09f6c
SSDeep	1536:2nLmLcSMVO1hvt6xqCdzkB2KiZrllIh+0:4mQbOl6x9k4KiZrlO7
Size	51200 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-HH [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Menti Panda = Suspicious file Rising = Trojan.Win32.Generic.1240F523 nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware VirusBuster = Trojan.Menti!qKPNvEgBOf0 TrendMicro-HouseCall = TROJ_GEN.R11C7K8 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Menti.irub McAfee-GW-Edition = Artemis!FCD5D6114B18 TrendMicro = TROJ_GEN.R11C7K8 Kaspersky = Trojan.Win32.Menti.irub Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = HeurEngine.MaliciousPacker McAfee = Artemis!FCD5D6114B18 F-Secure = Gen:Variant.Vundo.4 VIPRE = Virtumonde F-Prot = W32/Virtumonde.BZ.gen!Eldorado AVG = Generic25.CHOY Norman = W32/Kryptik.AIF GData = Gen:Variant.Vundo.4 Symantec = Packed.Generic.305 Commtouch = W32/Virtumonde.BZ.gen!Eldorado BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.OXN
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:11:19 20:48:22-05:00 PE Type : PE32 Linker Version : 5.12 Code Size : 9728 Initialized Data Size : 76800 Uninitialized Data Size : 0 Entry Point : 0x336d OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6001.18000 Product Version Number : 6.0.6001.18000 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Microsoft Neutral Natural Language Server Data and Code File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840) Internal Name : NlsData0026 Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : NlsData0026.dll Product Name : Microsoft® Windows® Operating System Product Version : 6.0.6001.18000
VirusTotal Report submitted 2012-01-08 15:25:06
VirusShare info last updated 2012-07-26 07:59:05

	MD5	a5e34fc3746e2edf22352b66b8fd0e9f
	SHA1	1170c26e0c74b4d9a3516e143392adf1c3cac457
	SHA256	3ba91581383f5019d69c47bece265c0f2dc40fe25c0609fa93be80387f9c3149
SSDeep	3072:WrAdPBoUyxX0+AR7092SSh3fxEfYGEMiME9gHA5VZR8FPFeOLiaI0lttGIZjOqHD:JjyVdARQjSdfZaiv9HVcFbtjOqR71gc
Size	312358 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Pirminay.bks Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Swisyn.312358 Panda = Suspicious file nProtect = Gen:Variant.Buzy.550 VBA32 = SScope.Trojan.Pirminay.chc TrendMicro-HouseCall = TROJ_GEN.R28C2BE McAfee-GW-Edition = Artemis!A5E34FC3746E TrendMicro = TROJ_GEN.R28C2BE Kaspersky = Trojan.Win32.Pirminay.dla Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = PossibleThreat Jiangmin = Trojan/Pirminay.hc McAfee = Artemis!A5E34FC3746E VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Malware-gen AVG = Generic20.BGDN Norman = W32/Obfuscated.L Symantec = Packed.Generic.305 GData = Backdoor.Generic.552986 TheHacker = Trojan/Downloader.Agent.pxo BitDefender = Backdoor.Generic.552986 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:11:10 10:19:14-05:00 PE Type : PE32 Linker Version : 5.12 Code Size : 24576 Initialized Data Size : 564736 Uninitialized Data Size : 0 Entry Point : 0x6b12 OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.4.3790.0 Product Version Number : 6.4.3790.0 File Flags Mask : 0x30003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Windows, Latin1 Company Name : Microsoft Corporation File Description : DirectShow Runtime. File Version : 6.04.3790.0 Internal Name : QCap.dll Legal Copyright : Copyright (C) 1992-2001 Microsoft Corp. Original Filename : QCap.dll Product Name : DirectShow Product Version : 6.04.3790.0 Direct Show : Core OLE Self Register : DXM20
VirusTotal Report submitted 2011-03-13 05:32:57
VirusShare info last updated 2012-07-26 07:59:49

	MD5	97c2bac7f209a388ebf16daa2786c252
	SHA1	37be822d9bc567c0579824ba9753a665291b84f9
	SHA256	3ce2ac18e923ec7e690e254ec4e746664f2c1b2ead2c6adc20ba8205757bd7a9
SSDeep	6144:9oTklPdxzMl3UQBPQGs7QdqfqqDLuIbCU:9+kUUQaGs7Q0CqnuIbC
Size	237568 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-HF [Cryp] Antiy-AVL = Trojan/Win32.Monder.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Genome Panda = Trj/Sinowal.WXO nProtect = Trojan/W32.Monder.237568.Y K7AntiVirus = Riskware VirusBuster = Trojan.Monder!fPQZqtS/FF0 eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R21C7IU Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Monder.msdq McAfee-GW-Edition = Vundo!mg DrWeb = Trojan.Virtumod.10400 TrendMicro = TROJ_GEN.R21C7IU Kaspersky = Trojan.Win32.Monder.msdq ViRobot = Trojan.Win32.A.Monder.237568 Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.mjxv McAfee = Vundo!mg F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.AYBO Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LLT
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:03:27 14:27:20-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 184320 Initialized Data Size : 98304 Uninitialized Data Size : 0 Entry Point : 0x29f6e OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.5.3790.3959 Product Version Number : 6.5.3790.3959 File Flags Mask : 0x30003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Windows, Latin1 Company Name : Ziqpuenif Cibyzzgcyha File Description : DirectShow DVD PlayBack Runtime. File Version : 6.05.3790.3959 Internal Name : Qdvd.dll Legal Copyright : Copyright (C) 1992-2001 Npjufhkqe Corp. Original Filename : Qdvd.dll Product Name : DirectShow Product Version : 6.05.3790.3959 Direct Show : Core OLE Self Register : DXM20
VirusTotal Report submitted 2012-05-20 03:16:36
VirusShare info last updated 2012-07-26 08:00:22

	MD5	a237927137b827d993f10e28e88a95ab
	SHA1	ae5d704bd51f4190d0424c6502f380e1c95cb0be
	SHA256	3d9ac0cb715c443d07f568fef5dc84f18dec56b505c9f0ee31f95ce911bd5ef5
SSDeep	3072:dCwuLMaI/73j5O45uGcyL37eWeKhblBh4U9dhXebpRXiLTq:dCwlaY3j5OwPdhd4oWbpZF
Size	163840 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.307200 Avast = Win32:MalOb-GD [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Genome Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!LSvf7sqyShU eTrust-Vet = Win32/Monder.A!generic TrendMicro-HouseCall = TROJ_GEN.R4FC2IM Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Genome.wcww McAfee-GW-Edition = Artemis!A237927137B8 TrendMicro = TROJ_GEN.R4FC2IM Kaspersky = Trojan.Win32.Genome.wcww Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen McAfee = Artemis!A237927137B8 F-Secure = Gen:Variant.Vundo.4 VIPRE = Virtumonde F-Prot = W32/Virtumonde.CD.gen!Eldorado AVG = Generic22.CHAB Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CD.gen!Eldorado BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.NDI
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:11:10 01:18:25-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 81920 Initialized Data Size : 114688 Uninitialized Data Size : 0 Entry Point : 0x10ca5 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1.1.4322.573 Product Version Number : 1.1.4322.573 File Flags Mask : 0x003f File Flags : Special build File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Windows, Latin1 Company Name : Iljsidhns Vhzinfklvkk File Description : Rggjttivu .NET Runtime Execution Engine Starter for MMC File Version : 1.1.4322.573 Internal Name : MSCORMMC11.DLL Legal Copyright : Copyright © Ersjwdnke Uwuzyqsjhfy 1998-2002. All rights reserved. Legal Trademarks : Gdipkfrjo® is a registered trademark of Fmmaegkme Yhugqkordci. Qnwalld(TM) is a trademark of Agulcdvac Corporation Original Filename : mscormmc11.dll Product Name : Dhagepefn .NET Framework Product Version : 1.1.4322.573 Comments : Fwfjmsasp .NET Runtime Execution Engine Starter for MMC
VirusTotal Report submitted 2011-12-01 17:59:30
VirusShare info last updated 2012-07-26 08:00:47

	MD5	a1e51c6f477ec00ab62303fc9f09f681
	SHA1	abefdee08a00cdc8765599d16bc0597217e855c1
	SHA256	4059de72ff171b928805ade7600d48bcff806231e2c4ac75988a9c6a53c303dd
SSDeep	1536:JzxvhGbSSnIsTyXRQwTEoIVjrSwtCTT0FvOKZKe4eP:JZhGb1Is2XywTBIwwHvOqKenP
Size	86016 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Genome Panda = Suspicious file nProtect = Gen:Variant.Vundo.13 K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_GEN.R30C7JS Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Vundo.av SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[RE] McAfee-GW-Edition = Generic Malware.ms TrendMicro = TROJ_GEN.R30C7JS Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr Jiangmin = Trojan/Genome.ahry McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.13 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.npn BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.NPN
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2007:02:22 06:10:05-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 32768 Initialized Data Size : 81920 Uninitialized Data Size : 0 Entry Point : 0x8411 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7000.0 Product Version Number : 6.1.7000.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 4 Language Code : Neutral Character Set : Unicode Company Name : Ltmzfgyoq Ekatfnrniky File Description : 32K/64K color VGA\SVGA Display Driver File Version : 6.1.7000.0 (winmain_win7beta.081212-1400) Internal Name : vga64k.dll Legal Copyright : © Pwscrgghj Iwviidjoqnq. All rights reserved. Original Filename : vga64k.dll Product Name : Avxrwgrmw® Mhykzmm® Ujnmpkqdk System Product Version : 6.1.7000.0
VirusTotal Report submitted 2011-10-29 04:40:10
VirusShare info last updated 2012-07-26 08:02:15

	MD5	27cb41ca6f6178f0b6d8074553eb3838
	SHA1	e0a68c841d5458cca67c35c1679a6fbeaedd4ffd
	SHA256	41faed9606d441bbefd71467bdc36dd0285491626b5f8c5fc9e172a89b43d343
SSDeep	1536:IZumdQ7Ws/GopbklE2ImaiYuund/2TAbO2KASMqqU+NV23S2g:Iu6sOo1klEoaRuEcAF4MqqDLy/g
Size	102400 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:Pirminay-BU [Trj] Ikarus = Trojan.Win32.Pirminay Emsisoft = Trojan.Win32.Pirminay!IK Kaspersky = HEUR:Trojan.Win32.Generic F-Secure = Gen:Heur.Ranpax.1 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Pirminay-BU [Trj] AVG = Generic23.AMSR GData = Gen:Heur.Ranpax.1 BitDefender = Gen:Heur.Ranpax.1 NOD32 = a variant of Win32/Kryptik.NPR
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:11:06 19:48:49-05:00 PE Type : PE32 Linker Version : 5.12 Code Size : 28672 Initialized Data Size : 114688 Uninitialized Data Size : 0 Entry Point : 0x3a2e OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Jelkimdvz Pwikzbnerpo File Description : Lcznfrl OCR Engine - Layout Analysis for Asian OCR File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : twlaykr Legal Copyright : © Bwmfggmqg Qxtadrzojvx. All rights reserved. Original Filename : twlaykr.dll Product Name : Rdfdromnk® Fpketyi® Sjfqcxwid Multjd Product Version : 6.1.7600.16385
VirusTotal Report submitted 2011-08-15 02:14:12
VirusShare info last updated 2012-07-26 08:03:14

	MD5	3ff8327b4795832ff3a6456b66556fb5
	SHA1	db350f97ea66606c6f94d52a57ce0a45fd14198a
	SHA256	42417026e1a365505697e8d49482b32bcda87e93fe7f276cd00111f0e34d54a8
SSDeep	3072:ol7Vt2ChrKgCWf3ltf3HVsMBCxn5R8ZEXz:QUErssl1VLBCp5cE
Size	102400 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/Win32.Monder.gen Ikarus = Trojan.Win32.Pirminay Rising = Trojan.Win32.Generic.12477A1D nProtect = Trojan/W32.Agent.102400.AGU K7AntiVirus = Riskware VirusBuster = Trojan.Monder!gfRatZWxIgI VBA32 = Trojan.Monder.mrwp eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R01C7IN Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Monder.mrzt McAfee-GW-Edition = Vundo!mb DrWeb = Trojan.Virtumod.10344 TrendMicro = TROJ_GEN.R01C7IN Kaspersky = Trojan.Win32.Monder.mrzt Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Monder.adnt McAfee = Vundo!mb F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) eSafe = Win32.TRVundo.Av F-Prot = W32/Virtumonde.BZ.gen!Eldorado AVG = Generic25.OE Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.BZ.gen!Eldorado TheHacker = Trojan/Kryptik.gnd BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.GND
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:04:08 08:39:21-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 51200 Initialized Data Size : 86528 Uninitialized Data Size : 0 Entry Point : 0xd651 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 3.2.0.27 Product Version Number : 3.2.0.27 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : File Description : TSHOOT Module File Version : 3.2.0.27 Internal Name : TSHOOT Legal Copyright : Copyright 2000 Legal Trademarks : OLE Self Register : Original Filename : TSHOOT.DLL Private Build : Product Name : TSHOOT Module Product Version : 3.2.0.27 Special Build :
VirusTotal Report submitted 2012-03-06 18:38:28
VirusShare info last updated 2012-07-26 08:03:26

	MD5	9b75a78f6068cdff755802f404263b11
	SHA1	7cae163112ab2387ba1b957e144f81f2f4efcf2b
	SHA256	4343a27acec0b755a1aab061ce6a50ea65322643b2aa60ca14caa7e44572c1b2
SSDeep	1536:kMTTUQKXgby+5JY3aEDgKaZlyRCsy2BtNwOcdnDB64kEbHtLc0ZnKGc9:kUTmg153Es7ZlyRHD8OcdnDMaI0Zlc
Size	84480 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Gen Panda = Suspicious file K7AntiVirus = Riskware VBA32 = AdWare.SuperJuan.heur TrendMicro-HouseCall = TROJ_GEN.R21C1GT Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Kryptik DrWeb = Trojan.Hosts.4846 TrendMicro = TROJ_GEN.R21C1GT Kaspersky = Trojan.Win32.Menti.hhnr Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Menti.cpa McAfee = Artemis!9B75A78F6068 F-Secure = Gen:Variant.Barys.1942 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Cryptic.BTF Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen Symantec = Trojan.Gen.2 GData = Gen:Variant.Barys.1942 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Menti.hhnr BitDefender = Gen:Variant.Barys.1942 NOD32 = a variant of Win32/Kryptik.JHE
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:11:16 06:26:58-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 38400 Initialized Data Size : 82944 Uninitialized Data Size : 0 Entry Point : 0xa2f4 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.5512 Product Version Number : 5.1.2600.5512 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Internet Print Provider DLL File Version : 5.1.2600.5512 (xpsp.080413-0852) Internal Name : inetpp.dll Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : inetpp.dll Product Name : Microsoft® Windows® Operating System Product Version : 5.1.2600.5512
VirusTotal Report submitted 2012-05-27 16:29:25
VirusShare info last updated 2012-07-26 08:04:15

	MD5	0ac1ff994acd0c4161e31da4f1106840
	SHA1	6d74147711dfca0014b57cfd6f1d7e010ebccd74
	SHA256	43f854968201fd2ea8dd99665fee622c5593d849eea624180f31bee2f3025e8d
SSDeep	3072:s/inb62Lj3llJgQafjPaumIP951sZiPlrbGbdLrMvKYWakH7:s/ib62v1lJgnRVN4iIbdMvRu7
Size	150016 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.307200 Avast = Win32:Vundo-JU [Trj] Antiy-AVL = Trojan/Win32.Monder.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Vundo Panda = Generic Trojan nProtect = Trojan/W32.Vundo.150016.B K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!gxyIzvTdSfQ eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R4FC1KM Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Monder.moai SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[Cont] McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.Virtumod.10208 TrendMicro = TROJ_GEN.R4FC1KM Kaspersky = Trojan.Win32.Monder.moai Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Monder.abyl McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Cryptic.DSU Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.lxf BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:04:14 23:19:50-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 94208 Initialized Data Size : 102400 Uninitialized Data Size : 0 Entry Point : 0x13f35 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 2 Language Code : Neutral Character Set : Unicode Company Name : Wdtozaoqi Wnrxmqwlglv File Description : Arabic_French_102 Keyboard Layout File Version : 6.0.6000.16386 (tvvmg_rtm.061101-2205) Internal Name : kbda3 (3.13) Legal Copyright : © Vcnhbzhqo Yhetcarnakf. All rights reserved. Original Filename : kbda3.dll Product Name : Juionegxd® Wphxkgi® Yxfjtgdks Ygmtbf Product Version : 6.0.6000.16386
VirusTotal Report submitted 2012-02-03 14:26:18
VirusShare info last updated 2012-07-26 08:04:42

	MD5	d3160344e083c0c6a699ee044cf2953f
	SHA1	071384ff991b8a5931f524acce5147da93f8ec19
	SHA256	47aec0b31b1643555f785dbbf96a4c95c5643ab44e3a7a0d2816813a8ea4b103
SSDeep	3072:c0t0BOUNsqlix7/aMFAj7rls33OninJRkadgM:cc0BhGqlix7kj7SHOiXkO
Size	106496 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-GD [Cryp] Ikarus = Trojan.Win32.Pirminay Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.13 K7AntiVirus = Riskware eTrust-Vet = Win32/Monder.A!generic Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Vundo.av SUPERAntiSpyware = Trojan.Agent/Gen-Faldesc[RE] McAfee-GW-Edition = Vundo!kl Microsoft = Trojan:Win32/Vundo.gen!AV PCTools = Trojan.Gen McAfee = Vundo!kl F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-GD [Cryp] F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.PNO Symantec = Trojan.Gen.2 GData = Gen:Variant.Vundo.13 Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Adware.Virtumonde.NKO
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:01:06 17:18:11-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 49152 Initialized Data Size : 90112 Uninitialized Data Size : 0 Entry Point : 0x96dd OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.0.0.3422 Product Version Number : 2.0.0.3422 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : Qfvcysofc Corporation File Description : Mjpfshyda Agent Data Provider File Version : 2.00.0.3422 Internal Name : AgentDataProvider Legal Copyright : Copyright (C) Udxuqhanw Corp. 1997-98 Legal Trademarks : Original Filename : AgentDpv.dll Private Build : Product Name : Zkfnzoylw Agent Data Provider Product Version : 2.00.0.3422 Special Build :
VirusTotal Report submitted 2011-08-17 18:18:59
VirusShare info last updated 2012-07-26 08:07:03

	MD5	b1fe64dc5ca77f1fc7190d8d997ec8d2
	SHA1	96950d2e65bf6deccd87d7793ad11bc444a5b893
	SHA256	480b7e163d22244aa9922f35ecbb5948aa3f9f225e7c558340a3214a2379f0b0
SSDeep	1536:CLOQKmAUOi0Q+M4isz8sbWc5a1diNtpfbSF4om93AXJ4TBziaGnlx:CLYmlgzecrpmi9w6Nynlx
Size	77824 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.307200 Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Vundo Panda = Suspicious file Rising = Trojan.Win32.Generic.1296BE22 nProtect = Trojan/W32.Monder.77824.F K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!UKUSefKzmP4 VBA32 = Trojan.Monder.mrrs TrendMicro-HouseCall = TROJ_GEN.R21C2IH Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Win32.Trojan.Monder.cm.5 McAfee-GW-Edition = Artemis!B1FE64DC5CA7 DrWeb = Trojan.Virtumod.10270 TrendMicro = TROJ_GEN.R21C2IH Kaspersky = Trojan.Win32.Monder.mrrs Microsoft = Trojan:Win32/Vundo.gen!AV ViRobot = Trojan.Win32.A.Monder.77824.AF Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Vundo TotalDefense = Win32/Vundo.H!generic McAfee = Artemis!B1FE64DC5CA7 ClamAV = PUA.Win32.Packer.Hideprotect F-Secure = Trojan.Vundo.6315 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.YLY Norman = W32/Suspicious_Gen2.QJMWI Sophos = Troj/Virtum-Gen GData = Trojan.Vundo.6315 Symantec = Trojan.Vundo!gen9 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.ndi BitDefender = Trojan.Vundo.6315 NOD32 = a variant of Win32/Kryptik.NDI
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:11:12 19:46:07-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 28672 Initialized Data Size : 90112 Uninitialized Data Size : 0 Entry Point : 0x4885 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.1.1.51 Product Version Number : 2.1.1.51 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : Hewlett-Packard Company File Description : hpboidPS Module Internal Name : Proxy stub for status server Legal Copyright : Copyright © 2006, 2007 Hewlett-Packard Company Legal Trademarks : OLE Self Register : File Version : 2,1,1,51 Original Filename : hpboidps.DLL Private Build : Product Name : Bidi (Missile) User Mode Product Version : 2,1,1,51 Special Build :
VirusTotal Report submitted 2012-06-08 16:56:34
VirusShare info last updated 2012-07-26 08:07:13

	MD5	7144df6e8cbda3e10bdf8c67e700d03d
	SHA1	319584d83daeabeeeaf3c7e9d5ceb224cfbeee9d
	SHA256	481cfae0602746a80ee2072c34c13ed8f715967008d13d8567828e6f4970c1c7
SSDeep	6144:pjGMiVBe7+4oN7Xfcc+WDnX8pTfC1qqr:xGMiIhoN7XkmIpTpI
Size	253952 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.7692 Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.HDC Panda = Suspicious file nProtect = Trojan.Vundo.7692 K7AntiVirus = Riskware VirusBuster = Trojan.Vundo!2Ce7mkdQMNI eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R45CDAI Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Genome.aelxo McAfee-GW-Edition = Artemis!7144DF6E8CBD DrWeb = Trojan.WinSpy.1558 TrendMicro = TROJ_GEN.R45CDAI Kaspersky = Trojan.Win32.Genome.aelxo Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Vundo!rem Jiangmin = Trojan/Genome.axhk McAfee = Artemis!7144DF6E8CBD F-Secure = Trojan.Vundo.7692 VIPRE = Virtumonde F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.CDMS Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Trojan.Vundo.7692 Symantec = Trojan.Vundo Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.llt BitDefender = Trojan.Vundo.7692 NOD32 = a variant of Win32/Kryptik.LLT
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:08:10 01:57:50-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 176128 Initialized Data Size : 110592 Uninitialized Data Size : 0 Entry Point : 0x280fe OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.0.2154.1 Product Version Number : 5.0.2154.1 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Ampdtyfig Kuyehgxwrub File Description : Microsoft Privilege Translations File Version : 5.00.2154.1 Internal Name : mspriv.dll Legal Copyright : Copyright (C) Hyykcocae Corp. 1981-1999 Original Filename : mspriv.dll Product Name : Microsoft(R) Fgztoax (R) 2000 Uknpimufb Ekrmpj Product Version : 5.00.2154.1
VirusTotal Report submitted 2012-04-18 04:07:34
VirusShare info last updated 2012-07-26 08:07:14

	MD5	874abef103e5fa57c546ba6eba30f30e
	SHA1	bd7425938e8d456ccd6f6c2e4f1483f2da7b7649
	SHA256	4a680778fc0e3cd5cb273733e1fe553da71e19108e02bacac07688592a41b632
SSDeep	1536:t7VyY9FY1yz4tmG+8nsfVk4JxsKuTCrpypTLhje/0DtE:VgauAz4tz4kctpUh6MDtE
Size	70144 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Menti Panda = Suspicious file nProtect = Trojan/W32.Agent.70144.KJ K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!8WULLBkKpvk VBA32 = AdWare.SuperJuan.heur eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R11C2GI Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Menti.idxq SUPERAntiSpyware = Trojan.Agent/Gen-Vundo McAfee-GW-Edition = Artemis!874ABEF103E5 DrWeb = Trojan.Siggen2.46156 TrendMicro = TROJ_GEN.R11C2GI Kaspersky = Trojan.Win32.Menti.idxq Microsoft = Trojan:Win32/Vundo.gen!AV ViRobot = Trojan.Win32.Vundo.70144 Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Menti.y McAfee = Artemis!874ABEF103E5 F-Secure = Gen:Variant.Vundo.6 VIPRE = Trojan.Win32.Kryptik.laq (v) eSafe = Win32.TRVundo F-Prot = W32/Virtumonde.CI.gen!Eldorado AVG = Generic25.TJJ Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.6 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CI.gen!Eldorado TheHacker = Trojan/Menti.gufq BitDefender = Gen:Variant.Vundo.6 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:12:13 23:23:45-05:00 PE Type : PE32 Linker Version : 5.12 Code Size : 24576 Initialized Data Size : 81920 Uninitialized Data Size : 0 Entry Point : 0x6674 OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.5479.0 Product Version Number : 6.0.5479.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 1 Language Code : English (U.S.) Character Set : Unicode Company Name : SEIKO EPSON CORPORATION File Description : EPSON Printer Driver File Version : 6.0.5479.0 (vbl_wcp_d2_drivers.060616-1619) Internal Name : ep0lvrae.dll Legal Copyright : Copyright (c) SEIKO EPSON CORPORATION 2003-2004. All rights reserved. Original Filename : ep0lvrae.dll Product Name : EPSON Printer Driver Product Version : 6.0.5479.0
VirusTotal Report submitted 2012-05-09 01:13:04
VirusShare info last updated 2012-07-26 08:08:47

	MD5	77b46d401957e7873157677bc586f253
	SHA1	31d73e506b1f57625426830aee0218df207cc6f7
	SHA256	4d9478c249280123d95820e68cd38e884b8c3196231fd45f63b6c0bfa1f4fa06
SSDeep	3072:fB9HrpXQ3OTkmuZkxIKsLwlZMqqDLy//myqW:7LlTtIKsLvqqDLu/n
Size	124928 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Genome Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!JmW/wG0ksME eTrust-Vet = Win32/Monder.A!generic TrendMicro-HouseCall = TROJ_GEN.R11C2GP Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Vundo!ln TrendMicro = TROJ_GEN.R11C2GP Kaspersky = Trojan.Win32.Genome.vbof Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.ijvl McAfee = Vundo!ln F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.ALCY Norman = W32/Kryptik.AIF Sophos = Mal/Generic-L GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.QGJ
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2005:03:16 17:19:07-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 73728 Initialized Data Size : 102400 Uninitialized Data Size : 0 Entry Point : 0xe442 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.5512 Product Version Number : 5.1.2600.5512 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Buprzhqzl Ytyfrwxuddn File Description : Event Create File Version : 5.1.2600.5512 (xpsp.080413-2108) Internal Name : EventCreate.exe Legal Copyright : © Vqcolnrmg Cmwwwvutglr. All rights reserved. Original Filename : EvCreate.exe Product Name : Qcaceajzp® Usctste® Tzsrbgmns Cjlzio Product Version : 5.1.2600.5512
VirusTotal Report submitted 2011-10-07 19:23:12
VirusShare info last updated 2012-07-26 08:11:09

	MD5	9b607087ceb595dac211bec4da274068
	SHA1	9fa45c6c18f78d6f1079346943c3b5559f1c6a08
	SHA256	4efec55cf066e34ff706630580fb079e8e9e2f959868762a6cdd9ef5374dda15
SSDeep	1536:ng6oXD33OSeC9AOPi/SC+jajAJ7xkcl+tiYk3Q6JECogdFvJ/IFK1jIy:ng6+6SdNkp2J7xkAYk6Cog7
Size	135168 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-HH [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Genome Panda = Suspicious file nProtect = Trojan.Generic.6892293 K7AntiVirus = Riskware VirusBuster = Trojan.Genome!DrA44fRiLVk TrendMicro-HouseCall = TROJ_GEN.R28C2GE Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Vundo McAfee-GW-Edition = Artemis!9B607087CEB5 DrWeb = Trojan.WinSpy.1558 TrendMicro = TROJ_GEN.R28C2GE Kaspersky = Trojan.Win32.Genome.twfm Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Genome.bhiw McAfee = Artemis!9B607087CEB5 F-Secure = Trojan.Generic.6892293 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.ABYJ Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen Symantec = Trojan.Gen GData = Trojan.Generic.6892293 Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Trojan.Generic.6892293 NOD32 = a variant of Win32/Kryptik.NDS
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:24 10:58:27-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 40960 Initialized Data Size : 126976 Uninitialized Data Size : 0 Entry Point : 0x80ae OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Network Connections Control-Panel Stub File Version : 5.1.2600.0 (xpclient.010817-1148) Internal Name : ncpa.cpl Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : ncpa.cpl Product Name : Microsoft® Windows® Operating System Product Version : 5.1.2600.0
VirusTotal Report submitted 2012-05-27 16:14:56
VirusShare info last updated 2012-07-26 08:11:58

	MD5	28b8448d6f8b8ed83cc155e16f55fa6c
	SHA1	ee03c985a1e256ca379d73394a1d0a285ca1b984
	SHA256	5059554bac44a45c7ce168e05b0cd696e1515ac3d676019f5394fa6095303f3f
SSDeep	3072:+23mk4MohbfHMDlB01OzpXpjrMZPY2lWC3incj3r68lb:f3mk4vhjHgY4zdJp2lWCio
Size	101376 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:MalOb-HH [Cryp] Ikarus = Trojan.Win32.Pirminay Rising = Trojan.Win32.Generic.12529F77 nProtect = Trojan/W32.Agent.101376.DZ K7AntiVirus = Riskware VirusBuster = Trojan.ATRAPS!BlwhZpHp36Q eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R72C2AH Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Vundo!gw DrWeb = Trojan.Click1.35228 TrendMicro = TROJ_GEN.R72C2AH Kaspersky = Trojan.Win32.Monder.mtrz Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Genome.ixi McAfee = Vundo!gw F-Secure = Trojan.Generic.KDV.103717 VIPRE = Trojan.Win32.Kryptik.laq (v) eSafe = Win32.TRATRAPS F-Prot = W32/Virtumonde.BZ.gen!Eldorado AVG = Generic20.BIXA Norman = W32/Kryptik.AIF Symantec = Trojan.Gen GData = Trojan.Generic.KDV.103717 Commtouch = W32/Virtumonde.BZ.gen!Eldorado TheHacker = Trojan/Kryptik.hkb BitDefender = Trojan.Generic.KDV.103717 NOD32 = a variant of Win32/Kryptik.HKB
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:08:22 22:15:06-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 88576 Initialized Data Size : 49664 Uninitialized Data Size : 0 Entry Point : 0x1689d OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.3790.1830 Product Version Number : 6.0.3790.1830 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Microsoft (R) IMimeFilter Persistent Handler DLL File Version : 6.0.3790.1830 (srv03_sp1_rtm.050324-1447) Internal Name : mimefilt.dll Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : mimefilt.dll Product Name : Internet Information Services Product Version : 6.0.3790.1830
VirusTotal Report submitted 2012-02-24 17:06:46
VirusShare info last updated 2012-07-26 08:12:48

	MD5	27e804afe865c6b20a788cc2afabc994
	SHA1	347e2df18d0662316aba5e93164d6f4a07e5325d
	SHA256	5304b0294fdb59fdc03fe7d672e0182ce31e4651832c74cfd04d622c7e29fdb3
SSDeep	1536:tXad3NYIetHNc4/TM4JHlCLYo0tl4NEzOFXYDOWie0XwQlqfLvuYl4MqqU+NV23Q:tG3NYIeti4o4JEGzFOz9ql4MqqDLy/G
Size	106496 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-HH [Cryp] Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.HDC Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.13 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!fuh1WEq+pVc eTrust-Vet = Win32/Monder.A!generic TrendMicro-HouseCall = TROJ_GEN.R4FC2IF Emsisoft = Trojan.Win32.Pirminay!IK Comodo = TrojWare.Win32.Agent.bigv SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.Click1.63759 TrendMicro = TROJ_GEN.R4FC2IF Kaspersky = Trojan.Win32.Genome.wuvk Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.imqp McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.BIGV Sophos = Troj/Virtum-Gen Symantec = Trojan.Gen GData = Gen:Variant.Vundo.13 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.qgj BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.QGJ
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2007:02:27 09:16:06-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 69632 Initialized Data Size : 77824 Uninitialized Data Size : 0 Entry Point : 0xd122 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6001.18000 Product Version Number : 6.0.6001.18000 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Akpnpwrcr Pexeeulhuca File Description : LSM interfaces proxy Dll File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840) Internal Name : lsmproxy Legal Copyright : © Tastipylf Ipxebkcrbut. All rights reserved. Original Filename : lsmproxy.dll Product Name : Rrgtnesae® Tymuurc® Qmgdoyonk Qtzlas Product Version : 6.0.6001.18000
VirusTotal Report submitted 2011-11-18 07:44:02
VirusShare info last updated 2012-07-26 08:14:25

	MD5	0f431bbbf74e6c9dc8bb51f8c51ce2f1
	SHA1	5bfe65cfe5c837b45d9a3b86313cce86805fe2df
	SHA256	55eccb21d6f6370fafdfd8e07be80d4331053ee1e28df5e01b275c5f1d81b19d
SSDeep	1536:h3fUyAsIUgNXq4APWPgf9aL9qOzfiwCOtWX438Rr3Hth:hvUFsIFXq41gY0OzqzOtWX43y3Hz
Size	74240 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.4 Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/win32.agent.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Suspicious file Rising = Trojan.Win32.Generic.1252BB11 nProtect = Trojan/W32.Vundo.74240.C K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!o9tBPExcNKg VBA32 = Trojan.Win32.Monder.mkso TrendMicro-HouseCall = TROJ_GEN.R1CC2JS Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Vundo McAfee-GW-Edition = Vundo!gz DrWeb = Trojan.Click1.35194 TrendMicro = TROJ_GEN.R1CC2JS Kaspersky = Trojan.Win32.Genome.rnbn Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Vundo.GZ!tr PCTools = Trojan.Gen Jiangmin = Trojan/Genome.ilf McAfee = Vundo!gz F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-EI [Cryp] F-Prot = W32/Virtumonde.BZ.gen!Eldorado AVG = Generic19.BLIR Norman = W32/Suspicious_Gen2.FJFWB Sophos = Mal/Generic-L GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen.2 Commtouch = W32/Virtumonde.BZ.gen!Eldorado TheHacker = Trojan/Monder.mpyi BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.HZV
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:06:24 00:33:54-04:00 PE Type : PE32 Linker Version : 5.12 Code Size : 23040 Initialized Data Size : 88064 Uninitialized Data Size : 0 Entry Point : 0x6931 OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.2180 Product Version Number : 5.1.2600.2180 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Processor Device Driver File Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Internal Name : amdk7.sys Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : amdk7.sys Product Name : Microsoft® Windows® Operating System Product Version : 5.1.2600.2180
VirusTotal Report submitted 2011-09-08 12:12:41
VirusShare info last updated 2012-07-26 08:15:53

	MD5	046314a8843161717dd79060710e1903
	SHA1	ba893c716d0e49ae68edc30d97d2860b0c9c1ba2
	SHA256	56fd27ed48f47b8fdec1dffeb8e35524e430ff27f7cab9e4a4a7efa39de96b55
SSDeep	3072:+2nw3C9d2HIUdWjdR75QKWUDO8st7pgpo2:pwy9w/dWjTlXjDHs7
Size	103424 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-HH [Cryp] Ikarus = Trojan.Win32.Pirminay Panda = Trj/Genetic.gen Rising = Trojan.Win32.Generic.12535B02 nProtect = Joke/W32.Renos.103424.C K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!k0efwf/Y1L8 VBA32 = Trojan.Genome.qzfj TrendMicro-HouseCall = TROJ_GEN.R47C2K5 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Win32.Vundo.gen5.ML SUPERAntiSpyware = Trojan.Agent/Gen-Redirect McAfee-GW-Edition = Generic.dx!unc DrWeb = Trojan.Click1.32891 TrendMicro = TROJ_GEN.R47C2K5 Kaspersky = Trojan.Win32.Genome.pezt Microsoft = Trojan:Win32/Vundo Fortinet = W32/Kryptik.ANL!tr PCTools = RogueAntiSpyware.SpywareStrike!rem TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Genome.ihm McAfee = Generic.dx!unc ClamAV = PUA.Win32.Packer.Armadillo-93 F-Secure = Trojan.Renos.PJY VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.BZ.gen!Eldorado AVG = Crypt_c.CEV Norman = W32/Suspicious_Gen2.GEZFB Sophos = Mal/Agent-PG Symantec = SpywareStrike GData = Trojan.Renos.PJY Commtouch = W32/Virtumonde.BZ.gen!Eldorado TheHacker = Trojan/Kryptik.hhf BitDefender = Trojan.Renos.PJY NOD32 = a variant of Win32/Kryptik.HHF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:17 15:51:36-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 92160 Initialized Data Size : 48640 Uninitialized Data Size : 0 Entry Point : 0x17649 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : Neutral Character Set : Unicode Company Name : Microsoft Corporation File Description : KO Hangeul Keyboard Layout for 101 (Type A) File Version : 6.0.6000.16386 (vista_rtm.061101-2205) Internal Name : kbd101a Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : kbd101a.dll Product Name : Microsoft® Windows® Operating System Product Version : 6.0.6000.16386
VirusTotal Report submitted 2012-06-11 11:02:25
VirusShare info last updated 2012-07-26 08:16:23

	MD5	8f2663cf04fd0c359d7ecb0a8fc10c59
	SHA1	a98c78147e2c926a320e61606abbd44cac67a070
	SHA256	57d4ff4c58541f39a866137cc15a4098f0c8eb10542e34e7f98b75d4b060d606
SSDeep	3072:yFjKLbzSPrWctp9PVdfC4wBAYzKWzgo6PuAGDiX:xG3VMBqnU
Size	126976 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Vundo Panda = Suspicious file K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!q5BiUU6uYyA eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R30CDAH Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Vundo.av McAfee-GW-Edition = Vundo!nq DrWeb = Trojan.Click1.60787 TrendMicro = TROJ_GEN.R30CDAH Kaspersky = Trojan.Win32.Genome.advzg Microsoft = Trojan:Win32/Vundo.gen!AV PCTools = Trojan.Vundo Jiangmin = Trojan/Genome.aqsw McAfee = Vundo!nq F-Secure = Gen:Variant.Graftor.3215 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.ABAX Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Graftor.3215 Symantec = Trojan.Vundo!gen9 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.ndc BitDefender = Gen:Variant.Graftor.3215 NOD32 = a variant of Win32/Kryptik.NDC
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:12:03 07:46:59-05:00 PE Type : PE32 Linker Version : 5.12 Code Size : 45056 Initialized Data Size : 114688 Uninitialized Data Size : 0 Entry Point : 0x8c1a OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 0.3.81.1 Product Version Number : 7.6.81.1 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 12 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : ThinPrint GmbH File Description : TPOG Printer Driver File Version : 7,6,81,1 Internal Name : tpprn.dll Legal Copyright : Copyright © 2000 - 2007 ThinPrint GmbH Legal Trademarks : Original Filename : tpprn.dll Private Build : Product Name : ThinPrint Output Gateway Product Version : 7,6,81,1 Special Build :
VirusTotal Report submitted 2012-05-13 15:03:22
VirusShare info last updated 2012-07-26 08:17:01

	MD5	3f5dd06b93e5eb8a812bbae3ba66d767
	SHA1	22b36f39ad4ae0860c6831e2d4b53540504de739
	SHA256	57f879cf67b291e3f3f110e6111cb6a9ed1626a2c59bee132156c8bafba8f896
SSDeep	3072:MKUfDp1SP5E7XZ/sf2hvhlrF9oDMqqDLy/j00:wl1JRhfJqqDLu
Size	155648 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Ikarus = Trojan.Win32.Pirminay Panda = Suspicious file nProtect = Gen:Variant.Vundo.4 Emsisoft = Trojan.Win32.Pirminay!IK Microsoft = Trojan:Win32/Vundo.gen!AV F-Secure = Gen:Variant.Vundo.4 VIPRE = Virtumonde AVG = Cryptic.CZO GData = Gen:Variant.Vundo.4 BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:22 10:44:33-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 110592 Initialized Data Size : 86016 Uninitialized Data Size : 0 Entry Point : 0x17802 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 2 Language Code : Neutral Character Set : Unicode Company Name : Microsoft Corporation File Description : Ukrainian (Enhanced) Keyboard Layout File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : kbdur1 (3.13) Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : kbdur1.dll Product Name : Microsoft® Windows® Operating System Product Version : 6.1.7600.16385
VirusTotal Report submitted 2011-07-19 01:14:57
VirusShare info last updated 2012-07-26 08:17:05

	MD5	d8001fc58726d80a78201faf1d7c6616
	SHA1	03f0a88c74b89a46b7fd7108cf29186799a0fad5
	SHA256	58f4d105c5980e22dcd5edb9ad3e15afa2bf4cca3cc616b928d1a69c0272b3da
SSDeep	3072:yDlMLGiPECp82VdfC4wBcYzKWzgo6VuAGDiX:/RVMBmni
Size	126976 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Gen Panda = Generic Trojan K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!w5LbJtXiFa0 TrendMicro-HouseCall = TROJ_GEN.R30C2IF Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Vundo.av McAfee-GW-Edition = Vundo!lu DrWeb = Trojan.Click1.60787 TrendMicro = TROJ_GEN.R30C2IF Microsoft = Trojan:Win32/Vundo.gen!AV PCTools = Trojan.Gen McAfee = Vundo!lu VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-EI [Cryp] F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.ABAX Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Win32:MalOb-EI Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.ndc NOD32 = a variant of Win32/Kryptik.NDC
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:12:03 07:46:59-05:00 PE Type : PE32 Linker Version : 5.12 Code Size : 45056 Initialized Data Size : 114688 Uninitialized Data Size : 0 Entry Point : 0x8c1a OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 0.3.81.1 Product Version Number : 7.6.81.1 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 12 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : ThinPrint GmbH File Description : TPOG Printer Driver File Version : 7,6,81,1 Internal Name : tpprn.dll Legal Copyright : Copyright © 2000 - 2007 ThinPrint GmbH Legal Trademarks : Original Filename : tpprn.dll Private Build : Product Name : ThinPrint Output Gateway Product Version : 7,6,81,1 Special Build :
VirusTotal Report submitted 2011-09-23 08:01:54
VirusShare info last updated 2012-07-26 08:17:34

	MD5	523f171881b436b047f79710d7f1a228
	SHA1	72061107eb13703e57dd8911d4a650f96cbf6e5c
	SHA256	596e6cf52af6c333c77882b8c8a4666d7fcf2dacf8fa84fd7c42f5259a6406fe
SSDeep	3072:+2nw3C9d2HIUdWjdR75QKWUDO8st7pvpo2:pwy9w/dWjTlXjDHsa
Size	103424 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Renos.PJY Avast = Win32:Trojan-gen Ikarus = Trojan.Win32.Pirminay Panda = Suspicious file nProtect = Trojan.Renos.PJY F-Secure = Trojan.Renos.PJY Prevx = High Risk Cloaked Malware Avast5 = Win32:Trojan-gen AVG = Crypt_c.CEV GData = Trojan.Renos.PJY TheHacker = Trojan/Kryptik.hhf BitDefender = Trojan.Renos.PJY NOD32 = a variant of Win32/Kryptik.HHF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:17 15:51:36-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 92160 Initialized Data Size : 48640 Uninitialized Data Size : 0 Entry Point : 0x17649 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : Neutral Character Set : Unicode Company Name : Microsoft Corporation File Description : KO Hangeul Keyboard Layout for 101 (Type A) File Version : 6.0.6000.16386 (vista_rtm.061101-2205) Internal Name : kbd101a Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : kbd101a.dll Product Name : Microsoft® Windows® Operating System Product Version : 6.0.6000.16386
VirusTotal Report submitted 2010-10-31 19:50:28
VirusShare info last updated 2012-07-26 08:17:47

	MD5	6445872cfa1754bd0149ba0cc77ed554
	SHA1	80879c5b48cd6123fd19d1e61f8c4a8445bccf4b
	SHA256	59dc74aafe874a91c222dd3684735b6d69e223e04691cd83b2269651427a06b9
SSDeep	3072:fWjmG1Gz16+qDkpEOd4FhCYpucTl1JD1cY7H519/3Dg:q71Gz1XdpEW4XrptTlzH51V
Size	114176 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Suspicious file nProtect = Gen:Variant.Renos.61 K7AntiVirus = Riskware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Vundo.AV6 SUPERAntiSpyware = Trojan.Agent/Gen-Carberp McAfee-GW-Edition = Artemis!6445872CFA17 DrWeb = Trojan.Virtumod.10080 Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Monder.abbr McAfee = Artemis!6445872CFA17 F-Secure = Gen:Variant.Renos.61 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CI.gen!Eldorado AVG = Cryptic.BQF Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Renos.61 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CI.gen!Eldorado TheHacker = Trojan/Monder.mkhb BitDefender = Gen:Variant.Renos.61 NOD32 = a variant of Win32/Kryptik.JHE
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:03:22 14:25:14-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 66048 Initialized Data Size : 84992 Uninitialized Data Size : 0 Entry Point : 0x10e14 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : WMI Performance Reverse Adapter Resources File Version : 5.1.2600.0 (xpclient.010817-1148) Internal Name : WmiApRes.dll Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : WmiApRes.dll Product Name : Microsoft® Windows® Operating System Product Version : 5.1.2600.0
VirusTotal Report submitted 2011-12-19 21:08:39
VirusShare info last updated 2012-07-26 08:17:55

	MD5	bfeab97fbc409e9860c3110c0365df92
	SHA1	c5fb10a02a8515744fa8a1b8f7fc2e9cd59612fb
	SHA256	5a19153f228841ba82a9a58b3855031d00c9614ec741a2a699f585c8b4766eaa
SSDeep	6144:YQ8ZgqGb4Yq9mVgQo49E7w13ZiV2/fkhCvX0HpTTSJFZ7ABAQSr9NKoryd:42qGb4Z0S7wtf2IXxjZSquRd
Size	323083 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	Comodo = TrojWare.Win32.Trojan.Agent.Gen DrWeb = Trojan.Siggen2.361 Kaspersky = Trojan.Win32.Pirminay.hi AVG = SHeur3.ARXY
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:12:10 00:44:49-05:00 PE Type : PE32 Linker Version : 5.12 Code Size : 50176 Initialized Data Size : 540160 Uninitialized Data Size : 0 Entry Point : 0xd0c4 OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.5479.0 Product Version Number : 6.0.5479.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 1 Language Code : English (U.S.) Character Set : Unicode Company Name : SEIKO EPSON CORPORATION File Description : EPSON Printer Driver File Version : 6.0.5479.0 (vbl_wcp_d2_drivers.060616-1619) Internal Name : ep0lvr11.dll Legal Copyright : Copyright (c) SEIKO EPSON CORPORATION 2003-2004. All rights reserved. Original Filename : ep0lvr11.dll Product Name : EPSON Printer Driver Product Version : 6.0.5479.0
VirusTotal Report submitted 2010-08-07 05:17:21
VirusShare info last updated 2012-07-26 08:18:02

	MD5	c697f59539a15a4c478efe03d0387093
	SHA1	e3bbaf0e377b4ab1c7348ce82dd4cfc635970894
	SHA256	600944fc4c1b822d05ce4970967f3c7b5b63067182b562f1b3176a48506887d0
SSDeep	3072:yAb8WyX8YOG3530XimzSjx/WaFtOodo6Akf:yu8WyX8YdG3zSjxvw6n
Size	104960 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.A.164 Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Vundo AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/Genetic.gen Rising = Trojan.Win32.Generic.124C78D1 nProtect = Trojan/W32.Pirminay.104960 K7AntiVirus = Riskware VirusBuster = Trojan.Monder!Z9KKk3E06M0 VBA32 = Trojan.Agent.fpet TrendMicro-HouseCall = TROJ_GEN.R21C2IG Comodo = TrojWare.Win32.Kryptik.RVH Emsisoft = Trojan.Vundo!IK CAT-QuickHeal = Trojan.Monder.mrpf SUPERAntiSpyware = Trojan.Agent/Gen-Vonder McAfee-GW-Edition = Vundo!lz DrWeb = Trojan.Siggen2.6361 TrendMicro = TROJ_GEN.R21C2IG Kaspersky = Trojan.Win32.Monder.mrpf Microsoft = Trojan:Win32/Vundo Fortinet = W32/Monder.BMF!tr PCTools = Trojan.Gen Jiangmin = Trojan/Agent.emsx McAfee = Vundo!lz F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) eSafe = Win32.TRVundo.A F-Prot = W32/Virtumonde.BZ.gen!Eldorado AVG = Generic24.CJLI Norman = W32/Kryptik.AIF Sophos = Mal/Vundo-G GData = Gen:Variant.Vundo.13 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.BZ.gen!Eldorado TheHacker = Trojan/Kryptik.hny BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.HNY
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:11:02 12:10:18-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 58368 Initialized Data Size : 82944 Uninitialized Data Size : 0 Entry Point : 0xf1cd OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7000.0 Product Version Number : 6.1.7000.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Virtual WiFi Bus Driver File Version : 6.1.7000.0 (winmain_win7beta.081212-1400) Internal Name : VWiFiBus.sys Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : VWiFiBus.sys Product Name : Microsoft® Windows® Operating System Product Version : 6.1.7000.0
VirusTotal Report submitted 2011-10-02 12:14:00
VirusShare info last updated 2012-07-26 08:20:45

	MD5	2698cc090bfcc4810782751baedbe56f
	SHA1	9eeaa2ccb7b294bbe473bb31c941b0b8af7d4b0d
	SHA256	63ef84c8c31d7b61b9be281fa64c8181d9cb122378802854dcf8645e3975453a
SSDeep	3072:ACRIByqyg5kSCbFUTTWNrB0leMqqDLy/QINFB91yahm3JYVj:NeByqyOkSC2TSN10qqDLuNKp6j
Size	140800 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-HF [Cryp] Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Genome Panda = Suspicious file Rising = Trojan.Win32.Generic.12997776 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!rVf79exaD5c eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R45C2G8 Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Vundo!ju DrWeb = Trojan.WinSpy.1167 TrendMicro = TROJ_GEN.R45C2G8 Kaspersky = Trojan.Win32.Genome.acujs Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen Jiangmin = Trojan/Genome.babq McAfee = Vundo!ju F-Secure = Gen:Variant.Vundo.16 VIPRE = Trojan.Win32.Kryptik.laq (v) eSafe = Win32.TRVundo F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.JJF Norman = W32/Suspicious_Gen2.NPUSN Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.16 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Gen:Variant.Vundo.16 NOD32 = a variant of Win32/Kryptik.OXQ
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:29 01:09:05-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 61440 Initialized Data Size : 126976 Uninitialized Data Size : 0 Entry Point : 0xba6a OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.5.124 Product Version Number : 6.1.5.124 File Flags Mask : 0x003f File Flags : (none) File OS : Windows 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Windows, Latin1 Company Name : Ajmictewh Kejggmikocc File Description : TIME File Version : 6.01.05.0124 Internal Name : DATIME Legal Copyright : Copyright © Guazqqisw Corp. 1998-1999 Original Filename : DATIME.DLL Product Name : Xoqsezfmy® Ellzasr(TM) Operating Frdpdd Product Version : 6.01.05.0124
VirusTotal Report submitted 2012-02-21 11:09:02
VirusShare info last updated 2012-07-26 08:22:35

	MD5	ccef596d1ded35346df0f082a49d1e20
	SHA1	9db5c612e30d7f4ec8a3489d945cce207a289c07
	SHA256	67ba703e556fdd04e560171ea10d0f95c160d28645552c2e4219eb56dffecd53
SSDeep	3072:WrAdPBoUyxX0+AR7092SSh3fxEfYGEMiME9gHA5VZR8FPFeOLiaI0lttGIZjOqHi:JjyVdARQjSdfZaiv9HVcFbtjOqR71gKG
Size	312215 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Pirminay.bks Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Suspicious file nProtect = Gen:Variant.Buzy.550 K7AntiVirus = Trojan VBA32 = SScope.Trojan.Pirminay.chc TrendMicro-HouseCall = TROJ_GEN.R28C2AQ McAfee-GW-Edition = Artemis!CCEF596D1DED DrWeb = Trojan.Hosts.4027 TrendMicro = TROJ_GEN.R28C2AQ Kaspersky = Trojan.Win32.Pirminay.dea Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = PossibleThreat PCTools = Trojan.ADH Jiangmin = Trojan/Pirminay.hc McAfee = Artemis!CCEF596D1DED VIPRE = Trojan.Win32.Generic!BT Prevx = Medium Risk Malware Avast5 = Win32:Malware-gen eSafe = Win32.TRPirminay.Bks AVG = Generic20.BGDN Norman = W32/Obfuscated.L Sophos = Mal/Generic-L Symantec = Trojan.ADH GData = Backdoor.Generic.552986 TheHacker = Trojan/Downloader.Agent.pxo BitDefender = Backdoor.Generic.552986 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:11:10 10:19:14-05:00 PE Type : PE32 Linker Version : 5.12 Code Size : 24576 Initialized Data Size : 564736 Uninitialized Data Size : 0 Entry Point : 0x6b12 OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.4.3790.0 Product Version Number : 6.4.3790.0 File Flags Mask : 0x30003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Windows, Latin1 Company Name : Microsoft Corporation File Description : DirectShow Runtime. File Version : 6.04.3790.0 Internal Name : QCap.dll Legal Copyright : Copyright (C) 1992-2001 Microsoft Corp. Original Filename : QCap.dll Product Name : DirectShow Product Version : 6.04.3790.0 Direct Show : Core OLE Self Register : DXM20
VirusTotal Report submitted 2011-03-19 19:51:20
VirusShare info last updated 2012-07-26 08:24:34

	MD5	665b772add97f9300fb1456bf09ba7d0
	SHA1	790384cd06fa0ae569625ac97588214e768a403b
	SHA256	6849c81cb9d401e9aea41f2326e54af2ad581910e0c0176487a654304a89d920
SSDeep	3072:zKbfDp1SP5ED6NAsfu4vSNFkocMqqDLy/jj0:cl1oZk/qqDLu
Size	155648 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Pirminay Panda = Suspicious file nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!01GQYnLZyLw TrendMicro-HouseCall = TROJ_GEN.R11C2GE Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware DrWeb = Trojan.Click1.54924 TrendMicro = TROJ_GEN.R11C2GE Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr Jiangmin = Trojan/Generic.iqrf F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Cryptic.CZO Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Genome.sqdx BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:22 10:44:33-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 110592 Initialized Data Size : 86016 Uninitialized Data Size : 0 Entry Point : 0x17802 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 2 Language Code : Neutral Character Set : Unicode Company Name : Microsoft Corporation File Description : Ukrainian (Enhanced) Keyboard Layout File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : kbdur1 (3.13) Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : kbdur1.dll Product Name : Microsoft® Windows® Operating System Product Version : 6.1.7600.16385
VirusTotal Report submitted 2011-09-22 07:37:02
VirusShare info last updated 2012-07-26 08:24:48

	MD5	20018ba1cbc1a14d2252f5fda5e789c6
	SHA1	77ca1b3e57013ec7f3ad028ba580023f0adf55ed
	SHA256	73b2338ab9d9e07c74000f2b1b8b98c6c2622b2ed11fc6a1bf848626668e3329
SSDeep	6144:dYqoQCE9Yfk7fBCCRgzip0LTgRZxbS0Ql81Z8RArorhLasMGw1T:dYV1pAhWziS6T0e1uAs1VRcT
Size	291694 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Ag.294254 Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Swisyn.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/CI.A nProtect = Trojan.Generic.4449207 K7AntiVirus = Trojan VirusBuster = Trojan.DL.Agent!2n+ewaUPG6g VBA32 = Trojan.Win32.Pirminay.az TrendMicro-HouseCall = TROJ_GEN.R74C2GA Comodo = TrojWare.Win32.Trojan.Agent.Gen CAT-QuickHeal = Trojan.Pirminay.ay McAfee-GW-Edition = Artemis!20018BA1CBC1 DrWeb = Trojan.Siggen1.52063 TrendMicro = TROJ_GEN.R74C2GA Kaspersky = Trojan.Win32.Pirminay.ay Microsoft = TrojanDownloader:Win32/Ponmocup.A PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.c McAfee = Suspect-BA!20018BA1CBC1 F-Secure = Trojan-Dropper:W32/Meredrop.AL VIPRE = Trojan.Win32.Meredrop Avast5 = Win32:Malware-gen F-Prot = W32/MalwareF.DUTD AVG = SHeur3.AFOY Norman = W32/Obfuscated.L Sophos = Mal/Generic-L Symantec = Trojan.Gen GData = Trojan.Generic.4449207 Commtouch = W32/MalwareF.DUTD TheHacker = Trojan/Dropper.gen BitDefender = Trojan.Generic.4449207 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:02 13:59:34-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 278528 Initialized Data Size : 16384 Uninitialized Data Size : 299008 Entry Point : 0x8d730 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2011-06-11 06:35:17
VirusShare info last updated 2012-07-26 08:30:43

	MD5	9c7f3346e4169840fae7ff32d34a9b6d
	SHA1	e408a74c6827667c4e2422d48d1b56083cb26689
	SHA256	75aec685123025f14f791b2c0b6d2e4f7de81d75253eaac99d213e2cb1f9fa37
SSDeep	1536:ujfKa3Oi/+CYisz8sbWc5a1dPNtpfbSF4om93AXJ4TBziaPnlTG:ujCGozecOpmi9w6NDnlTG
Size	77824 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.307200 Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Vundo Panda = Suspicious file Rising = Trojan.Win32.Generic.129240D4 nProtect = Trojan/W32.Monder.77824.F K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!rS6DCm7i6p4 TrendMicro-HouseCall = TROJ_GEN.R45C2G8 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Monder.mpvo McAfee-GW-Edition = Artemis!9C7F3346E416 DrWeb = Trojan.Virtumod.10270 TrendMicro = TROJ_GEN.R45C2G8 Kaspersky = Trojan.Win32.Monder.mpvo Microsoft = Trojan:Win32/Vundo.gen!AV ViRobot = Trojan.Win32.A.Monder.77824 Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.H!generic McAfee = Artemis!9C7F3346E416 F-Secure = Trojan.Vundo.5668 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.YLY Norman = W32/Suspicious_Gen2.PZPZT Sophos = Troj/Virtum-Gen GData = Trojan.Vundo.5668 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Monder.mpvo BitDefender = Trojan.Vundo.5668 NOD32 = a variant of Win32/Kryptik.NDI
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:11:12 19:46:07-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 28672 Initialized Data Size : 90112 Uninitialized Data Size : 0 Entry Point : 0x4885 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.1.1.51 Product Version Number : 2.1.1.51 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : Hewlett-Packard Company File Description : hpboidPS Module Internal Name : Proxy stub for status server Legal Copyright : Copyright © 2006, 2007 Hewlett-Packard Company Legal Trademarks : OLE Self Register : File Version : 2,1,1,51 Original Filename : hpboidps.DLL Private Build : Product Name : Bidi (Missile) User Mode Product Version : 2,1,1,51 Special Build :
VirusTotal Report submitted 2012-05-23 04:04:45
VirusShare info last updated 2012-07-26 08:31:43

	MD5	c4022dec6d91f5ef3fba69bbcb6de302
	SHA1	ace7422e151954d02d6f86cdeb554b53949b5923
	SHA256	7cd96f239d7ecb27c0dbea39c5e21101cd60c3c76f10998c49fba1e5cf8ec10f
SSDeep	24576:yfVt69FqjAxhvJAQSxfmLHChK0Ef0DZP9xqQ9aUxWFUGZDntBO:yfV+ojgANxf7k/f059bghRntBO
Size	856064 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:MalOb-GW [Cryp] Antiy-AVL = Trojan/Win32.Timer.gen Ikarus = Backdoor.Win32.Kelihos AhnLab-V3 = Trojan/Win32.Menti Panda = Trj/Mystic.a nProtect = Trojan.Generic.KD.314264 K7AntiVirus = Trojan VirusBuster = Trojan.Timer!9hMi4ElvtVo VBA32 = Hoax.Timer.hen TrendMicro-HouseCall = TROJ_GEN.R74C2IC Comodo = Heur.Suspicious Emsisoft = Backdoor.Win32.Kelihos!IK CAT-QuickHeal = TrojanRansom.Timer.hen McAfee-GW-Edition = FakeAlert-SecurityTool.cv DrWeb = Trojan.Packed.2251 TrendMicro = TROJ_GEN.R74C2IC Kaspersky = Trojan.Win32.FakeAV.emef Microsoft = Backdoor:Win32/Kelihos.B Fortinet = W32/Pirminay.BMF!tr PCTools = HeurEngine.Mystic Jiangmin = Trojan/Timer.cyn McAfee = FakeAlert-SecurityTool.cv F-Secure = Trojan.Generic.KD.314264 VIPRE = Trojan.Win32.Ransom.do (v) eSafe = Win32.Packed.Mystic F-Prot = W32/FakeAlert.QW.gen!Eldorado AVG = Generic24.AQHU Norman = W32/Suspicious_Gen2.QRVYI Sophos = Mal/EncPk-ADY GData = Trojan.Generic.KD.314264 Symantec = Packed.Mystic!gen9 Commtouch = W32/FakeAlert.QW.gen!Eldorado TheHacker = Trojan/Timer.hen BitDefender = Trojan.Generic.KD.314264 NOD32 = a variant of Win32/Kryptik.RLI
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:08:10 23:04:43-04:00 PE Type : PE32 Linker Version : 6.0 Code Size : 28160 Initialized Data Size : 826368 Uninitialized Data Size : 0 Entry Point : 0x5e6b OS Version : 5.0 Image Version : 0.0 Subsystem Version : 5.0 Subsystem : Windows GUI File Version Number : 7.0.29293.55905 Product Version Number : 7.0.29293.55905 File Flags Mask : 0x0000 File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Ritlabs S.R.L. File Description : BahVI9J File Version : vvYuzvPXg Internal Name : 4VY7S6rk Legal Copyright : ZaLVsQ2ZoF Original Filename : MJM5xpXqCKv Product Name : UrPwWlAI7iea9z Product Version : 6myE2JcI Warning : Possibly corrupt Version resource
VirusTotal Report submitted 2012-04-28 20:58:26
VirusShare info last updated 2012-07-26 08:36:09

	MD5	2aead005c6be8e4a50f1bffcb8b585ae
	SHA1	5417890e2dbd18e51a7aada6787705eb19be2abd
	SHA256	7f85ca804b3ae498b3fbef7232e2cc1e567fee94032e7729d88dec5888657455
SSDeep	3072:zotVrq3m6fauz7e72H2Zo9B3K72UoMqswYXif08MqqDLy/+d0ded93OTI:zsrqWAlea2Zonn33sHi8PqqDLunT
Size	163840 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-HF [Cryp] Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Pirminay Panda = Suspicious file K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!g2glV/xjEvM eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R72C2FM Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[Cont] McAfee-GW-Edition = Vundo!lw DrWeb = Trojan.Click1.54693 TrendMicro = TROJ_GEN.R72C2FM Kaspersky = Trojan.Win32.Genome.vmrz Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen McAfee = Vundo!lw F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Generic!BT eSafe = Win32.TRVundo F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.FUA Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.13 Symantec = Trojan.Gen.2 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.oxo BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.OXO
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:14 14:58:26-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 106496 Initialized Data Size : 98304 Uninitialized Data Size : 0 Entry Point : 0x1af37 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 3.0.6920.1820 Product Version Number : 3.0.6920.1820 File Flags Mask : 0x003f File Flags : Private build File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Ykodchwab Wnzebbnlxzw File Description : PresentationFramework.Luna.dll File Version : 3.0.6920.1820 built by: NetFXw7 Internal Name : PresentationFramework.Luna.dll Legal Copyright : © Wgeudarkd Ohcpevdikur. All rights reserved. Original Filename : PresentationFramework.Luna.dll Product Name : Fjgjgypbf® .NET Framework Product Version : 3.0.6920.1820 Comments : Flavor=Retail Private Build : DDBLD228
VirusTotal Report submitted 2012-02-25 20:45:54
VirusShare info last updated 2012-07-26 08:38:27

	MD5	39234c96803f0bc8489df7d1e2c10e10
	SHA1	50e2905abfcf007610593deee5c37b362837c72c
	SHA256	805906486f0fb60d23277da5000a910ac4ba7a7c964024bf0d8c93ee95ab3058
SSDeep	3072:ZZG8/m7p7ICftZRfCl+LblysFHO1SMqqDLy/8e91L2wCBs:PduNUClrfCm0sw1xqqDLub91L
Size	163840 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:Pirminay-BU [Trj] Antiy-AVL = Trojan/win32.agent.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Malware/Win32.Generic Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_GEN.R72C2FR Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp McAfee-GW-Edition = Artemis!39234C96803F TrendMicro = TROJ_GEN.R72C2FR Microsoft = Trojan:Win32/Vundo McAfee = Artemis!39234C96803F F-Secure = Trojan.Generic.KDV.259760 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:Pirminay-BU [Trj] eSafe = Win32.TRVundo AVG = Generic23.NJH GData = Trojan.Generic.KDV.259760 TheHacker = Trojan/Kryptik.llt BitDefender = Trojan.Generic.KDV.259760 NOD32 = a variant of Win32/Kryptik.LLT
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:01:22 20:14:16-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 90112 Initialized Data Size : 114688 Uninitialized Data Size : 0 Entry Point : 0x162e7 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.10.1027 Product Version Number : 5.1.0.0 File Flags Mask : 0x001f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Ggvpzttbj File Description : robocopy File Version : 5, 1, 10, 1027 Internal Name : robocopy Legal Copyright : Copyright ⌐ 1995-2004 Original Filename : robocopy.exe Product Name : Dhkrabwoj Robocopy Product Version : XP027
VirusTotal Report submitted 2011-07-06 20:27:54
VirusShare info last updated 2012-07-26 08:38:58

	MD5	524c517b38fe236050ce2fd26ecc733e
	SHA1	04a78a0bec829ebc5788306f2d7d86eadc8292c0
	SHA256	80b2542366b1a9c17bee7c1b73bc23712e981bee68169b26e332a473a6a1de01
SSDeep	3072:dEm8QRlA3aNkRAoTddoNxARag44LJ3Jh9ypXcdJ9XfUfCwhw:dESeLqxJspJip
Size	127488 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Pirminay.air Avast = Win32:Malware-gen Ikarus = Gen.Variant.Vundo AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/Sinowal.WXO Rising = Trojan.Win32.Generic.1253726C nProtect = Trojan/W32.Pirminay.127488 K7AntiVirus = Riskware VirusBuster = Trojan.Monder!tEvPs6/bgH8 VBA32 = Trojan.Pirminay.jxo TrendMicro-HouseCall = TROJ_GEN.R4FC2IG Emsisoft = Gen.Variant.Vundo!IK McAfee-GW-Edition = Vundo!mj TrendMicro = TROJ_GEN.R4FC2IG Kaspersky = Trojan.Win32.Monder.mtvc Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.ff McAfee = Vundo!mj F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.BZ.gen!Eldorado AVG = Generic25.TLD Norman = Pirminay.A Sophos = Mal/Generic-L GData = Gen:Variant.Vundo.13 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.BZ.gen!Eldorado TheHacker = Trojan/Pirminay.mdp BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.HNY
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:10:24 13:20:26-04:00 PE Type : PE32 Linker Version : 5.12 Code Size : 52736 Initialized Data Size : 108544 Uninitialized Data Size : 0 Entry Point : 0xdbfd OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.1830 Product Version Number : 5.2.3790.1830 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : System Information File Version : 5.2.3790.1830 (srv03_sp1_rtm.050324-1447) Internal Name : msinfo32.exe Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : msinfo32.exe Product Name : Microsoft® Windows® Operating System Product Version : 5.2.3790.1830
VirusTotal Report submitted 2011-10-14 15:05:29
VirusShare info last updated 2012-07-26 08:39:14

	MD5	f8e86a8bdc8699168a9f3cc186d76059
	SHA1	8170aef338bc3934f60e9235718c511c506afe0a
	SHA256	81089935a84f0e967681c1fbaed2d67d7601adbdd22fcb8e9515080f354e2015
SSDeep	6144:yeKX/o67DN35TasGyfUn/y611mqbGqKql3FGy5qGS/cjBNVJzIM:yz/NFPGeUFmxq9VR32M
Size	393271 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.XPACK.Gen Avast = Win32:Trojan-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Swisyn.393271 Panda = Suspicious file nProtect = Trojan.Downloader.JNWJ K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_GEN.R72C2BR Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Downloader-CEW.ag DrWeb = Trojan.Hosts.5508 TrendMicro = TROJ_GEN.R72C2BR Kaspersky = Trojan.Win32.Pirminay.dgy Microsoft = TrojanDownloader:Win32/Renos.KC Fortinet = W32/Kryptik.ANL!tr PCTools = Downloader.Generic Jiangmin = Trojan/Pirminay.ln McAfee = Downloader-CEW.ag F-Secure = Trojan.Downloader.JNWJ VIPRE = Trojan.Win32.Generic!BT F-Prot = W32/MalwareF.YBCO AVG = Generic21.MQE Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen Symantec = Downloader GData = Trojan.Downloader.JNWJ Commtouch = W32/MalwareF.YBCO TheHacker = Trojan/Kryptik.jzc BitDefender = Trojan.Downloader.JNWJ NOD32 = probably a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:28 16:32:32-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 385024 Initialized Data Size : 307200 Uninitialized Data Size : 0 Entry Point : 0x5e1ac OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6001.18000 Product Version Number : 6.0.6001.18000 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Microsoft NLS Core Migration Lib File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840) Internal Name : NLSCoreMig Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : NLSCoreMig.DLL Product Name : Microsoft® Windows® Operating System Product Version : 6.0.6001.18000
VirusTotal Report submitted 2012-05-30 05:03:43
VirusShare info last updated 2012-07-26 08:39:30

	MD5	59d3336174a6f429bf915437d9f3d612
	SHA1	6acbe2fc4e3e2ad3925a70ee9ca2120beedbdbd8
	SHA256	8688b7a248fd02194bc8dc97b752d546d4c72778a4a86024f90a8307fe082a72
SSDeep	6144:vAyBCP4AMXczo5gtiQWGVARqXaMqtWoSeFytpcwg/79zv09WuFNO/:Y+CP4tyntiQTVAkPqtWoSeFy7IBT0xFc
Size	348574 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.XPACK.Gen Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Swisyn.348574 Panda = Suspicious file K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_GEN.R72CRBR Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Downloader-CEW.ag DrWeb = Trojan.Hosts.5338 TrendMicro = TROJ_GEN.R72CRBR Kaspersky = Trojan.Win32.Pirminay.dhg Microsoft = TrojanDownloader:Win32/Renos.KC Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.ADH Jiangmin = Trojan/Pirminay.kl McAfee = Downloader-CEW.ag F-Secure = Gen:Variant.Vundo.11 VIPRE = Trojan.Win32.Generic!BT F-Prot = W32/MalwareF.YAFW AVG = Generic21.MHJ Norman = W32/Kryptik.AIF Sophos = Mal/Ponmocup-A GData = Gen:Variant.Vundo.11 Symantec = Trojan.ADH.2 Commtouch = W32/MalwareF.YAFW TheHacker = Trojan/Kryptik.jzc BitDefender = Gen:Variant.Vundo.11 NOD32 = a variant of Win32/Kryptik.JZC
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:08:25 06:11:39-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 53248 Initialized Data Size : 581632 Uninitialized Data Size : 0 Entry Point : 0xd732 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6001.18000 Product Version Number : 6.0.6001.18000 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : SecureDigital Bus Driver File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840) Internal Name : sdbus.sys Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : sdbus.sys Product Name : Microsoft® Windows® Operating System Product Version : 6.0.6001.18000
VirusTotal Report submitted 2012-05-27 00:53:48
VirusShare info last updated 2012-07-26 08:43:23

	MD5	9db7b1eca125bc5d3dc5859f8ced3970
	SHA1	bf2b0b207efe23aa5175a0ff6dae3f1739a506d5
	SHA256	869cb21f2ed0b8a38d5a1a309ac4fdf9c36fabca99000ed30ba3b08a33873fa5
SSDeep	1536:6rXaP0oRs83Li2toXSFvWAEVZ7km5lroih:6rY0Sr3W2wEWAEV/5lfh
Size	59904 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Packed/Win32.Generic Panda = Suspicious file Rising = Trojan.Win32.Generic.125D75E7 nProtect = Gen:Variant.Vundo.6 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!YA3amthDF0U Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Vundo.gen Microsoft = Trojan:Win32/Vundo.gen!AV ViRobot = Trojan.Win32.Vundo.59904 PCTools = HeurEngine.MaliciousPacker Jiangmin = Trojan/Genome.lwp F-Secure = Gen:Variant.Vundo.6 VIPRE = Virtumonde Avast5 = Win32:Malware-gen F-Prot = W32/Virtumonde.BZ.gen!Eldorado AVG = Generic22.AQNJ Symantec = Packed.Generic.305 GData = Gen:Variant.Vundo.6 Commtouch = W32/Virtumonde.BZ.gen!Eldorado BitDefender = Gen:Variant.Vundo.6 NOD32 = a variant of Win32/Kryptik.ITQ
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:11:15 18:50:56-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 52224 Initialized Data Size : 43008 Uninitialized Data Size : 0 Entry Point : 0xdb27 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 0.3.7000.0 Product Version Number : 6.1.7000.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 12 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Windows Journal Print Processor DLL File Version : 6.1.7000.0 (winmain_win7beta.081212-1400) Internal Name : Jnwppr Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : Jnwppr.DLL Product Name : Microsoft® Windows® Operating System Product Version : 6.1.7000.0
VirusTotal Report submitted 2011-05-14 02:40:46
VirusShare info last updated 2012-07-26 08:43:25

	MD5	af8e206a05558b4d96520447a320aba5
	SHA1	d15d5269908678174508e00105bedbe87668485f
	SHA256	8a271232d106311871df7ab989652d9c068f1695289ebc75fbb9ca5bfc3a1031
SSDeep	6144:+WaZCtxqPsAu5TVFYJgYJXmvoSgiY9NYgdizAe1wEJ219nDnxpOqp1ih2XEwBGY/:+W6CtJ5TVyCk2HZAP89ty1rTp1ibr6
Size	442820 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Pirminay.fxk Avast = Win32:Trojan-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Pirminay.442820 Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.5 K7AntiVirus = Riskware VirusBuster = Trojan.Agent!vnqU+3ksOhY VBA32 = Trojan.Pirminay.fxf TrendMicro-HouseCall = TROJ_GEN.R47C2DT Emsisoft = Trojan.Win32.Pirminay!IK Comodo = TrojWare.Win32.Trojan.Agent.Gen CAT-QuickHeal = Trojan.Pirminay.fxf SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Heuristic.BehavesLike.Win32.Suspicious.H DrWeb = Trojan.DownLoader2.40164 TrendMicro = TROJ_GEN.R47C2DT Kaspersky = Trojan.Win32.Pirminay.fxf Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Ponmocup.A PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.ve McAfee = Generic Downloader.x!fya F-Secure = Trojan.Generic.5810950 Avast5 = Win32:Kryptik-BWR [Trj] AVG = SHeur3.BVXT Norman = W32/Obfuscated.L Sophos = Mal/Ponmocup-A Symantec = Trojan.Gen GData = Trojan.Generic.5810950 TheHacker = Trojan/Pirminay.fxf BitDefender = Trojan.Generic.5810950 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:08:22 08:02:28-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 114688 Initialized Data Size : 638976 Uninitialized Data Size : 0 Entry Point : 0x18dc3 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.3959 Product Version Number : 5.2.3790.3959 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Hvgavpaib Mdatmpcqhgh File Description : Event Translator Configuration Tool File Version : 5.2.3790.3959 (srv03_sp2_rtm.070216-1710) Internal Name : eventcmd.exe Legal Copyright : © Mdprzwmqs Qwbllocmahr. All rights reserved. Original Filename : eventcmd.exe Product Name : Hxtewnnzf® Wypmyfj® Swollspwk Ocpnzm Product Version : 5.2.3790.3959
VirusTotal Report submitted 2011-07-20 22:02:32
VirusShare info last updated 2012-07-26 08:45:55

	MD5	5a563d7396434d33ff7e2374a1a7d379
	SHA1	7abea9a0ba5e8986d7bf280e700de387f0cfd387
	SHA256	8e435116edda733d39739cc662bbe4094b94aad3705fa07396659475c78aeab7
SSDeep	3072:8KBfDp1SP5EFzfsfZ4vtZ8FjoGMqqDLy/Qd0:9l1vDw2qqDLu
Size	155648 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Pirminay Panda = Suspicious file nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!niZGC8YRe3Q TrendMicro-HouseCall = TROJ_GEN.R11C2GH Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware TrendMicro = TROJ_GEN.R11C2GH Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr Jiangmin = Trojan/Generic.iqrf F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Cryptic.CZO Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Genome.sqdx BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:22 10:44:33-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 110592 Initialized Data Size : 86016 Uninitialized Data Size : 0 Entry Point : 0x17802 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 2 Language Code : Neutral Character Set : Unicode Company Name : Microsoft Corporation File Description : Ukrainian (Enhanced) Keyboard Layout File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : kbdur1 (3.13) Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : kbdur1.dll Product Name : Microsoft® Windows® Operating System Product Version : 6.1.7600.16385
VirusTotal Report submitted 2011-09-22 07:38:26
VirusShare info last updated 2012-07-26 08:48:59

	MD5	1c652b10f071db5f8027b2b1997f908d
	SHA1	9b0302955372f817dd934ed3b7e763f832137055
	SHA256	90b9d8d2d2172e31b3f7558d78cbdec98d5979da1ad884102cbd741a890ea01c
SSDeep	3072:mRWmXSaq1e+q/kbEOd4FhCY/fScvA1JDzcY7H519p3Dg:bWSaq1bRbEW4Xr/JvANH51/
Size	114176 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Suspicious file nProtect = Gen:Variant.Renos.61 K7AntiVirus = Riskware VBA32 = Trojan.Monder.mtra TrendMicro-HouseCall = TROJ_GEN.R30C2IK Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Vundo.AV6 McAfee-GW-Edition = Vundo!lz DrWeb = Trojan.Virtumod.10080 TrendMicro = TROJ_GEN.R30C2IK Kaspersky = Trojan.Win32.Monder.mtra Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Monder.abbr McAfee = Vundo!lz F-Secure = Gen:Variant.Renos.61 VIPRE = Trojan.Win32.Kryptik.laq (v) eSafe = Win32.TRVundo F-Prot = W32/Virtumonde.CI.gen!Eldorado AVG = Cryptic.BQF Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Renos.61 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CI.gen!Eldorado TheHacker = Trojan/Monder.mkhb BitDefender = Gen:Variant.Renos.61 NOD32 = a variant of Win32/Kryptik.JHE
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:03:22 14:25:14-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 66048 Initialized Data Size : 84992 Uninitialized Data Size : 0 Entry Point : 0x10e14 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : WMI Performance Reverse Adapter Resources File Version : 5.1.2600.0 (xpclient.010817-1148) Internal Name : WmiApRes.dll Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : WmiApRes.dll Product Name : Microsoft® Windows® Operating System Product Version : 5.1.2600.0
VirusTotal Report submitted 2011-10-22 23:05:29
VirusShare info last updated 2012-07-26 08:50:57

	MD5	c4d290c35e035361b86b2d4a93c5a8af
	SHA1	aff292307eb5a27f615c47dba6c09d4986d77599
	SHA256	925cf21a0fedf1d38f22d6d20218832697aecb7795ad237398a548bd63f2d05b
SSDeep	1536:43ESCOoGFfygdVPzvdablHNw+LOJnk45Px9:2EdOoGFPdBUBu+LukQr
Size	70144 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Vundo AhnLab-V3 = Trojan/Win32.Pirminay Panda = Suspicious file Rising = Trojan.Win32.Generic.124E1B90 nProtect = Trojan/W32.Vundo.70144.O K7AntiVirus = Riskware VBA32 = Trojan.Pirminay.acf TrendMicro-HouseCall = TROJ_GEN.R4FC2IH Emsisoft = Trojan.Win32.Vundo!IK McAfee-GW-Edition = Artemis!C4D290C35E03 DrWeb = Trojan.Siggen2.7799 TrendMicro = TROJ_GEN.R4FC2IH Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.dv McAfee = Artemis!C4D290C35E03 F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.BZ.gen!Eldorado Norman = W32/Suspicious_Gen2.QTWOM GData = Gen:Variant.Vundo.13 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.BZ.gen!Eldorado TheHacker = Trojan/Monder.mkeo BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.IRI
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2005:03:15 21:46:18-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 28672 Initialized Data Size : 77312 Uninitialized Data Size : 0 Entry Point : 0x7e07 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6001.18000 Product Version Number : 6.0.6001.18000 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Link-Layer Topology Mapper Service File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840) Internal Name : LLTDSVC.DLL Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : LLTDSVC.DLL Product Name : Microsoft® Windows® Operating System Product Version : 6.0.6001.18000
VirusTotal Report submitted 2011-10-17 09:12:45
VirusShare info last updated 2012-07-26 08:52:18

	MD5	aa177ce31097262b82c814f16a1dfa5d
	SHA1	060e71d3725a7265741355ba5fee4d7261b124bf
	SHA256	940047937a08845ce5a460e6459633c7f195899aa59f9460405bbb4975fa88f7
SSDeep	1536:7hool8dkgbPdQ3Ne9js1G0/LtaWRo9TA6/4GPNN7DxHdb14ATQcd4YD:ll8dkgbPdQ3oob/LtJoFEGlN7tHBdr4Y
Size	91648 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/win32.agent.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Suspicious file nProtect = Trojan/W32.Agent.91648.QX K7AntiVirus = Riskware VirusBuster = Trojan.Vundo!byg5BUCIIF4 VBA32 = AdWare.SuperJuan.aazx TrendMicro-HouseCall = TROJ_SPNR.2FAC12 Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Monder.mszb McAfee-GW-Edition = Vundo!mh DrWeb = Trojan.Virtumod.10268 TrendMicro = TROJ_SPNR.2FAC12 Kaspersky = Trojan.Win32.Monder.mszb Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Menti.fam!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.H!generic McAfee = Vundo!mh F-Secure = Trojan.Generic.KDV.369116 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Cryptic.BQF Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Trojan.Generic.KDV.369116 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.izc BitDefender = Trojan.Generic.KDV.369116 NOD32 = a variant of Win32/Kryptik.IZC
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:06:10 07:21:15-04:00 PE Type : PE32 Linker Version : 5.12 Code Size : 47104 Initialized Data Size : 80384 Uninitialized Data Size : 0 Entry Point : 0xc4d4 OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.5479.0 Product Version Number : 6.0.5479.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 1 Language Code : English (U.S.) Character Set : Unicode Company Name : SEIKO EPSON CORPORATION File Description : EPSON Printer Driver File Version : 6.0.5479.0 (vbl_wcp_d2_drivers.060616-1619) Internal Name : EP0NAR00.DLL Legal Copyright : Copyright (c) SEIKO EPSON CORPORATION 2004. All rights reserved. Original Filename : EP0NAR00.DLL Product Name : EPSON Printer Driver Product Version : 6.0.5479.0
VirusTotal Report submitted 2012-06-02 09:49:34
VirusShare info last updated 2012-07-26 08:53:29

	MD5	ded71a50b35a483efd2649e62b0741d9
	SHA1	3f74ebdde2bb6c5eea511cdc87f16e499e58a958
	SHA256	98d04efccf0382d33921091a15bc8c06602c393b33be12c3b5e0ee92acd95020
SSDeep	3072:mBWDol/3ZyZHSktk/dMCxEw4TfHhH81uKZ0S9ZFlCz1K:mBWDuyZyke/dSxT4ZlfY1
Size	117760 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Adware/Win32.SuperJuan nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!b1Py0std/MY TrendMicro-HouseCall = TROJ_GEN.R21C2GT Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware TrendMicro = TROJ_GEN.R21C2GT Kaspersky = not-a-virus:AdWare.Win32.SuperJuan.acbs Microsoft = Trojan:Win32/Vundo Fortinet = Adware/SuperJuan PCTools = Trojan.Gen Jiangmin = Trojan/Genome.ios F-Secure = Gen:Variant.Vundo.4 VIPRE = Virtumonde Avast5 = Win32:Malware-gen F-Prot = W32/Virtumonde.BZ.gen!Eldorado AVG = Generic4.BSET Symantec = Trojan.Gen.2 GData = Gen:Variant.Vundo.4 Commtouch = W32/Virtumonde.BZ.gen!Eldorado BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.GND
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:11:05 01:10:20-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 51200 Initialized Data Size : 101888 Uninitialized Data Size : 0 Entry Point : 0xd6d3 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.0 Product Version Number : 5.2.3790.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : WIA Scripting Layer File Version : 5.2.3790.0 (srv03_rtm.030324-2048) Internal Name : WIAScripting Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : WIAScr.DLL Product Name : Microsoft® Windows® Operating System Product Version : 5.2.3790.0
VirusTotal Report submitted 2011-08-15 03:50:13
VirusShare info last updated 2012-07-26 08:56:49

	MD5	8fb009f5313f6b30231d1558dd28f2cb
	SHA1	e8338ba4323dd33f57558f95574482d85bdf2455
	SHA256	9cf7cfe8b1f1c559f2984972833f366453d1bf6e02d78a1d6cf8360f06bbafde
SSDeep	6144:Z5QioRT/ryfr1tR8PFgHu3WIvi0hGz0plscPC2fTOShhnz:ZmioxO8cuGIJGg3jCGTOC
Size	394024 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Spy.ZBot.34.25 Avast = Win32:Zbot-NBP Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Suspicious file nProtect = Gen:Variant.Zbot.34 K7AntiVirus = Trojan VirusBuster = TrojanSpy.ZBot!AyyQPRIXTEo VBA32 = Trojan.Pirminay.gei TrendMicro-HouseCall = TROJ_GEN.R3EC2E2 Comodo = TrojWare.Win32.Trojan.Agent.Gen Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Pirminay.gau McAfee-GW-Edition = Heuristic.BehavesLike.Win32.Suspicious.H TrendMicro = TROJ_GEN.R3EC2E2 Kaspersky = Trojan.Win32.Pirminay.gau Microsoft = TrojanDownloader:Win32/Ponmocup.A PCTools = Trojan.ADH Jiangmin = Trojan/Pirminay.vn McAfee = Artemis!8FB009F5313F VIPRE = Trojan.Win32.Generic!SB.0 Avast5 = Win32:Vundo-JU eSafe = Win32.TRSpy.Zbot AVG = SHeur3.BWRC Norman = W32/Obfuscated.L Sophos = Mal/Generic-L Symantec = Trojan.ADH GData = Gen:Variant.Zbot.34 TheHacker = Trojan/Pirminay.gaj BitDefender = Gen:Variant.Zbot.34 NOD32 = a variant of Win32/Kryptik.NDZ
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:11 00:41:40-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 49152 Initialized Data Size : 659456 Uninitialized Data Size : 0 Entry Point : 0x9106 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 11.0.6001.7000 Product Version Number : 11.0.6001.7000 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Windows Media Audio 10 Encoder/Transcoder File Version : 11.0.6001.7000 (longhorn_rtm.080118-1840) Internal Name : wmadmoe.dll Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : wmadmoe.dll Product Name : Microsoft® Windows® Operating System Product Version : 11.0.6001.7000 Ole Self Register :
VirusTotal Report submitted 2011-06-20 14:37:49
VirusShare info last updated 2012-07-26 08:59:35

	MD5	288ecb0a0f63865ad7a1af870d0b0b64
	SHA1	9c8b38f212ab080c37278c3cf24374f6905f1169
	SHA256	9e17985ca1619b4e2a4bf4b3dfba506b4ffe4a13cca7c346c38b78cf471ae5f5
SSDeep	6144:ye/d6MQSsEkshGE+seGCsAjtsmDoTcejx8V5cTaILj8TwU:LH1sfs5+fG/AjtsmEL+mTa9wU
Size	277374 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Meredrop.A.10101 Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Swisyn.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Securisk Panda = Trj/Pirminary.B Rising = Dropper.Win32.Qhost.b nProtect = Trojan/W32.Agent.277374 K7AntiVirus = Trojan VBA32 = Win32.TrojanDownloader.Agent.PXO eTrust-Vet = Win32/Swisyn.CQ TrendMicro-HouseCall = TROJ_GEN.R26E1G4 Comodo = TrojWare.Win32.Trojan.Agent.Gen CAT-QuickHeal = Win32.Packed.Katusha.j.4 Command = W32/DropperX.AFZW McAfee-GW-Edition = Generic Downloader.x!dyq DrWeb = Trojan.Siggen1.58509 TrendMicro = TROJ_GEN.R26E1G4 Microsoft = TrojanDownloader:Win32/Ponmocup.A PCTools = Trojan.ADH Jiangmin = Trojan/Swisyn.jgw McAfee = Generic Downloader.x!dyq F-Secure = Trojan.Generic.4128374 VIPRE = Trojan.Win32.Generic!SB.0 Avast5 = Win32:Malware-gen F-Prot = W32/DropperX.AFZW AVG = Downloader.Generic9.BZRM Norman = W32/Obfuscated.L Sophos = Mal/Generic-L Symantec = Trojan.ADH GData = Trojan.Generic.4128374 BitDefender = Trojan.Generic.4128374 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:22 22:41:21-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 8192 Initialized Data Size : 535040 Uninitialized Data Size : 0 Entry Point : 0x2de8 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.0.2195.6601 Product Version Number : 5.0.2195.6601 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 6 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Windows NT Appletalk protocol stack/router File Version : 5.00.2195.6601 Internal Name : sfmatalk.sys Legal Copyright : Copyright (C) Microsoft Corp. 1981-1999 Original Filename : sfmatalk.sys Product Name : Microsoft(R) Windows (R) 2000 Operating System Product Version : 5.00.2195.6601
VirusTotal Report submitted 2010-11-18 11:22:21
VirusShare info last updated 2012-07-26 09:00:15

	MD5	8f5151a6c2482236e4264162c65db037
	SHA1	995d0f660809da0de9926ac573edbd242dfaf984
	SHA256	9e9cfbda355ccccc632cdd4eec3e9347543962dcc7ada8e5e3ca37eb382c832e
SSDeep	1536:xD5i/XWdS9wBmrlN86qUEDCOUCs4uT69LCyP1Jh01JQ1:xc/XlTlNOUEDlsd69LY/Q1
Size	81920 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.307200 Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Generic Trojan nProtect = Trojan/W32.Vundo.81920.BF K7AntiVirus = Riskware VirusBuster = Trojan.Vundo!95obnD65ot8 VBA32 = Trojan.Monder.mvbx eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_VNDO.SMUS1 Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[Cont] McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.Virtumod.10219 TrendMicro = TROJ_VNDO.SMUS1 Kaspersky = Trojan.Win32.Monder.nqzb Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Monder.abon McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.5 VIPRE = Virtumonde F-Prot = W32/Virtumonde.CD.gen!Eldorado AVG = Generic22.BPAX Norman = W32/Suspicious_Gen2.QHNDV Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.5 Symantec = Trojan.Gen.2 Commtouch = W32/Virtumonde.CD.gen!Eldorado BitDefender = Gen:Variant.Vundo.5 NOD32 = a variant of Win32/Kryptik.NDI
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:08:10 15:31:04-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 24576 Initialized Data Size : 90112 Uninitialized Data Size : 0 Entry Point : 0x3815 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 0.3.0.0 Product Version Number : 5.2.3790.1224 File Flags Mask : 0x003f File Flags : Private build File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 1 Language Code : English (U.S.) Character Set : Unicode Company Name : Iskevzody Eejmjfkekcs File Description : Canon BJ Mini Printer Driver File Version : 5.2.3790.1224 (dnsrv(skatari).040514-1058) Internal Name : CNB600.DLL Legal Copyright : © Cddkrpwvz Xjuqvqpjlue. All rights reserved. Original Filename : CNB600.DLL Product Name : Dqxhvjrid® Xonmayd® Xxmgojpla Ewipwc Product Version : 5.2.3790.1224
VirusTotal Report submitted 2012-04-01 09:21:42
VirusShare info last updated 2012-07-26 09:00:41

	MD5	c7b04f2e9dcb8f57e2b3d9967b0f4e55
	SHA1	2ad2b24ecda7ec2dbfedc6095f5cddb8995e0ce3
	SHA256	9e9ebd462cfb4931e8f1c87e6cb1cae6b84594f75ee9ddde80ae659110b8adbe
SSDeep	1536:ronqa7VzJkQSQjg9zriwIKFhNsKMfbcKNaOJ7x+cu:Uqok1QjszriwI2hNefbpx+c
Size	72704 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Trj/CI.A nProtect = Trojan/W32.Agent.72704.KC K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!VIC0T21G2IU VBA32 = AdWare.SuperJuan.xfg TrendMicro-HouseCall = TROJ_GEN.R21C2ID Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Monder.mrcp McAfee-GW-Edition = Vundo!lu DrWeb = Trojan.Virtumod.10198 Kaspersky = Trojan.Win32.Monder.mrcp Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen McAfee = Vundo!lu F-Secure = Trojan.Generic.6648556 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Cryptic.BPO Sophos = Troj/Virtum-Gen Symantec = Trojan.Gen GData = Trojan.Generic.6648556 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Monder.mrcp BitDefender = Trojan.Generic.6648556 NOD32 = a variant of Win32/Kryptik.JHE
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:09:26 09:07:13-04:00 PE Type : PE32 Linker Version : 5.12 Code Size : 27648 Initialized Data Size : 80896 Uninitialized Data Size : 0 Entry Point : 0x792a OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.5600.613 Product Version Number : 6.0.5600.613 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : VIA Technologies Inc.,Ltd Internal Name : vsraid Original Filename : vsraid Product Name : VIA RAID driver File Description : VIA RAID DRIVER FOR X86-32 File Version : 6.0.5600,613 Product Version : 6.0.5600,613 Legal Copyright : Copyright (C) VIA Technologies 1992-2006 Legal Trademarks : Private Build : Special Build :
VirusTotal Report submitted 2011-11-08 13:32:31
VirusShare info last updated 2012-07-26 09:00:42

	MD5	c01be5bc8c34c3855c834ffffb1c538f
	SHA1	efd351a3004279fdd26c123eb40224125c9e3785
	SHA256	a1065aa75e9c4bd2819425d70a9dc69b99d2d7a0df09ae406961fc6a112dfebf
SSDeep	1536:AM8rXrWtot3K+/4CvNMYFJldG/Q1rJVOkZbOCSsBaZ04/aSiZLMUpw03LlXZfyw:xLtgz4cTHc/QN2CSl08Olpw03LlXZfZ
Size	114688 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Ikarus = Trojan.Win32.Pirminay VIPRE = Trojan.Win32.Kryptik.laq (v) AVG = Generic21.COGT NOD32 = probably a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2005:03:31 12:17:45-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 57344 Initialized Data Size : 90112 Uninitialized Data Size : 0 Entry Point : 0xaf95 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.0.0.16 Product Version Number : 5.0.0.16 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 1 Language Code : English (U.S.) Character Set : Unicode Company Name : Brother Industries, Ltd. File Description : Brother Color Inkjet Printer Driver File Version : 5.0.0.16 (fbl_dox_dev_ihvs.080124-2043) Internal Name : brci06.dll Legal Copyright : Copyright © Brother Industries, Ltd. 2006 Original Filename : brci06.dll Product Name : Kdbonklks® Lraclky® Vwxdbfgpl Hgwmrv Product Version : 5.0.0.16
VirusTotal Report submitted 2011-04-20 19:51:15
VirusShare info last updated 2012-07-26 09:02:23

	MD5	510e5b35601387ca766ef7f33693e2da
	SHA1	5474ba5a84cc256b6a3a1c5aeb34ce1e83cb282a
	SHA256	a1b6da1c7df0fec5103a7ee6442f4ba02e537ca4288b586dd71ce7d37b3a7a87
SSDeep	3072:gK+fDp1SP5ErnL0sfZuvBnF5oGMqqDLy/j20:Ol19uzgqqDLu
Size	155648 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Pirminay Panda = Suspicious file nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!AX89uq1ZWnA TrendMicro-HouseCall = TROJ_GEN.R11C2GN Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware DrWeb = Trojan.Click1.54924 TrendMicro = TROJ_GEN.R11C2GN Kaspersky = Trojan.Win32.Genome.vdex Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr Jiangmin = Trojan/Generic.iqrf F-Secure = Gen:Variant.Vundo.4 VIPRE = Virtumonde F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Cryptic.CZO Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Genome.sqdx BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:22 10:44:33-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 110592 Initialized Data Size : 86016 Uninitialized Data Size : 0 Entry Point : 0x17802 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 2 Language Code : Neutral Character Set : Unicode Company Name : Microsoft Corporation File Description : Ukrainian (Enhanced) Keyboard Layout File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : kbdur1 (3.13) Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : kbdur1.dll Product Name : Microsoft® Windows® Operating System Product Version : 6.1.7600.16385
VirusTotal Report submitted 2011-10-01 05:32:59
VirusShare info last updated 2012-07-26 09:02:56

	MD5	f365962ab7d734ba943853ea0a7ce7d0
	SHA1	f82f80713fcf4848f13d3993d47b90a0e084986d
	SHA256	a1f9c8eb78f34c79a50d3df78ba4bca84f1678b7f18d1180281dd0203f3559bc
SSDeep	3072:Vy05hdv/FGJlQdW9f8kRlrpMqqDLy/Eo:bvtGYw9oqqDLu
Size	106496 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:Pirminay-BU [Trj] Antiy-AVL = Trojan/Win32.Delf.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Genome Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Trojan VirusBuster = Trojan.Kryptik!bcnKoKGsbWI eTrust-Vet = Win32/Monder.A!generic TrendMicro-HouseCall = TROJ_GEN.R11C2H6 Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Vundo!lx TrendMicro = TROJ_GEN.R11C2H6 Kaspersky = Trojan.Win32.Genome.vavr Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen Jiangmin = TrojanDownloader.Delf.abna McAfee = Vundo!lx F-Secure = Gen:Variant.Vundo.4 VIPRE = Virtumonde AVG = Generic23.AOVK Norman = W32/Obfuscated.C2!genr Sophos = Mal/Generic-L GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen TheHacker = Trojan/Genome.sqcu BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.QGJ
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:09:07 22:36:33-04:00 PE Type : PE32 Linker Version : 6.0 Code Size : 36864 Initialized Data Size : 110592 Uninitialized Data Size : 0 Entry Point : 0x4c8e OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Skpmzzglk Corporation File Description : Japwccd Write File Version : 5.1.2600.0 (lusplhbl.010817-1148) Internal Name : write Legal Copyright : © Cgjeupiyp Pllcycjuauu. All rights reserved. Original Filename : write Product Name : Mvfgrdqcn® Ovzuisr® Optfepazy Mexelr Product Version : 5.1.2600.0
VirusTotal Report submitted 2011-10-15 13:38:54
VirusShare info last updated 2012-07-26 09:03:04

	MD5	bead5a0aeee9c6b6e2512124c1e8964a
	SHA1	afad91cf0078791ea74e72a6fcf910b2270f4083
	SHA256	a3d31975fbe224d1abc90b6b22767d44f28f7e75e421d2fb7bed0931f95b0b05
SSDeep	6144:zGJuR1M8g3IK6qQ0vmrx8x4DhfXxhiPbqwtYwIt4:zLR1MLH4x8qDhfjiP2r
Size	274432 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.XPACK.Gen3 Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Genome Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.13 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!cTxoSMaLvnE eTrust-Vet = Win32/Monder.A!generic Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[RE] DrWeb = Trojan.Smardec.77 Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Genome.ahhm F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.BIER Norman = W32/Kryptik.AIF GData = Gen:Variant.Vundo.13 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.llt BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.LLT
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:03:20 13:02:11-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 208896 Initialized Data Size : 94208 Uninitialized Data Size : 0 Entry Point : 0x30831 OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.0 Product Version Number : 5.2.3790.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Vnriirkvy Pzgzmklipsm File Description : Lvgbpubuh Wkxwugi Sockets 2.0 Service Provider File Version : 5.2.3790.0 (srv03_rtm.030324-2048) Internal Name : msafd.dll Legal Copyright : © Rxasimrum Xemlecbmvvo. All rights reserved. Original Filename : msafd.dll Product Name : Sqhficqmq® Jewjzty® Hinvlpseh Tkmprt Product Version : 5.2.3790.0
VirusTotal Report submitted 2011-10-07 08:11:12
VirusShare info last updated 2012-07-26 09:04:24

	MD5	f7d2ae2a10d966865644edf0153c12cc
	SHA1	3259d97cb9be0c9367bd10cf846ebd8cc1306661
	SHA256	a45a167b8f8ebe59317ed525b851ff5557bcca66cb7f10a635877064db47f843
SSDeep	768:wtVRoLx8DUNxeTZ7yqw/UMz35ddSE3ewZvHB0GSQuEhQXs53xQIZjwWz:wXmODUfuZeqw9kwZvHBo3+ZjZz
Size	51200 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Spy.51200.102 Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Genome Panda = Trj/Inject.JW Rising = Trojan.Win32.Generic.123C60DC K7AntiVirus = Riskware VirusBuster = Trojan.Genome!JK162MZpkBc TrendMicro-HouseCall = TROJ_GEN.R21C2AU Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Vundo!gy TrendMicro = TROJ_GEN.R21C2AU Kaspersky = Trojan.Win32.Genome.otwr Microsoft = Trojan:Win32/Vundo.gen!AV PCTools = HeurEngine.MaliciousPacker Jiangmin = Trojan/Genome.ich McAfee = Vundo!gy F-Secure = Gen:Trojan.Heur.LP.du8@a4O2dtbi Prevx = High Risk Cloaked Malware Avast5 = Win32:Malware-gen F-Prot = W32/Virtumonde.BZ.gen!Eldorado Norman = W32/Suspicious_Gen2.HPRYN Sophos = Mal/Generic-L Symantec = Packed.Generic.305 GData = Gen:Trojan.Heur.LP.du8@a4O2dtbi Commtouch = W32/Virtumonde.BZ.gen!Eldorado BitDefender = Gen:Trojan.Heur.LP.du8@a4O2dtbi NOD32 = a variant of Win32/Injector.DSI
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:24 09:51:18-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 41472 Initialized Data Size : 47104 Uninitialized Data Size : 0 Entry Point : 0xb12d OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : NPS Datastore server File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : IASDATASTORE.DLL Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : IASDATASTORE.DLL Product Name : Microsoft® Windows® Operating System Product Version : 6.1.7600.16385
VirusTotal Report submitted 2011-03-28 04:02:57
VirusShare info last updated 2012-07-26 09:04:38

	MD5	88877b03965990392ef30e4ac2519a6d
	SHA1	2ec1e3aad054b504d1aef656b12891946c4f1a67
	SHA256	a5df19993ec97710af1d0830fc80a8d878e34a14f0e735fc236964602994e68d
SSDeep	1536:/ShLUKbTGOi9+CBisz8sbWc5a1d6NtpfbSF4om93AXJ4TBziagnl/+Z:/ShL1bYfzec7pmi9w6NknlWZ
Size	77824 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.307200 Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Vundo Panda = Suspicious file nProtect = Trojan/W32.Monder.77824.F K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!PvL0NeEznqk eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R45C2G8 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Win32.Trojan.Monder.cm.5 McAfee-GW-Edition = Artemis!88877B039659 DrWeb = Trojan.Virtumod.10270 TrendMicro = TROJ_GEN.R45C2G8 Kaspersky = Trojan.Win32.Monder.mpco Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen McAfee = Artemis!88877B039659 F-Secure = Trojan.Vundo.5907 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.YLY Norman = W32/Suspicious_Gen2.SVYEI Sophos = Troj/Virtum-Gen GData = Trojan.Vundo.5907 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.ndi BitDefender = Trojan.Vundo.5907 NOD32 = a variant of Win32/Kryptik.NDI
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:11:12 19:46:07-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 28672 Initialized Data Size : 90112 Uninitialized Data Size : 0 Entry Point : 0x4885 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.1.1.51 Product Version Number : 2.1.1.51 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : Hewlett-Packard Company File Description : hpboidPS Module Internal Name : Proxy stub for status server Legal Copyright : Copyright © 2006, 2007 Hewlett-Packard Company Legal Trademarks : OLE Self Register : File Version : 2,1,1,51 Original Filename : hpboidps.DLL Private Build : Product Name : Bidi (Missile) User Mode Product Version : 2,1,1,51 Special Build :
VirusTotal Report submitted 2012-05-09 18:15:59
VirusShare info last updated 2012-07-26 09:05:22

	MD5	2cadb567f34753f5e9a5831231934c90
	SHA1	d4ec69114c3bc8ef7a3346ff66b2ff2d56f96e0f
	SHA256	a9a0590772b9a25fafc1215b2a5369e9c74cf63459426bb6eb007c655efbd197
SSDeep	24576:tHcquManplGiiHx9Ch6gB2dDAv5tX1SI4:t8MaPex9Csfqg
Size	844288 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:MalOb-GW [Cryp] Ikarus = Backdoor.Win32.Kelihos AhnLab-V3 = Trojan/Win32.Menti Panda = Trj/Mystic.a nProtect = Gen:Variant.Kazy.33535 K7AntiVirus = Trojan VirusBuster = Trojan.Kryptik!yC0M5BMPoUI TrendMicro-HouseCall = TROJ_GEN.R11C2HJ Emsisoft = Backdoor.Win32.Kelihos!IK Comodo = Heur.Suspicious McAfee-GW-Edition = FakeAlert-SecurityTool.cv DrWeb = Trojan.Packed.2251 ByteHero = Trojan.Win32.Heur.Gen TrendMicro = TROJ_GEN.R11C2HJ Kaspersky = Trojan-Ransom.Win32.Timer.iga Microsoft = Backdoor:Win32/Kelihos.B Fortinet = W32/Pirminay.BMF!tr PCTools = Trojan.Gen McAfee = FakeAlert-SecurityTool.cv F-Secure = Trojan.Generic.KD.314396 VIPRE = Trojan.Win32.Ransom.do (v) F-Prot = W32/FakeAlert.QW.gen!Eldorado AVG = Generic24.CCTR Norman = W32/Kryptik.AFR Sophos = Mal/FakeAV-MR GData = Trojan.Generic.KD.314396 Symantec = Trojan.Gen Commtouch = W32/FakeAlert.QW.gen!Eldorado BitDefender = Trojan.Generic.KD.314396 NOD32 = a variant of Win32/Kryptik.OBX
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2005:02:21 22:26:05-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 24064 Initialized Data Size : 818688 Uninitialized Data Size : 0 Entry Point : 0x5edd OS Version : 5.0 Image Version : 0.0 Subsystem Version : 5.0 Subsystem : Windows GUI File Version Number : 0.0.10444.16470 Product Version Number : 0.0.10444.16470 File Flags Mask : 0x0000 File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Ritlabs S.R.L. File Description : Rngzysbspm3vQ File Version : DQM6WAQa Internal Name : kWuYz Legal Copyright : KryHV1zz Original Filename : PoV7GkpQ5 Product Name : h1bkOmECL Product Version : gxo4eU Warning : Possibly corrupt Version resource
VirusTotal Report submitted 2011-10-07 22:32:32
VirusShare info last updated 2012-07-26 09:07:37

	MD5	e142deab54f42205653d2502b63842ff
	SHA1	4e8faa73263a3d2696e0aba6dfa9ea81113b149a
	SHA256	a9dfa3c9e5ca4c10d1daa4d045492b3337e48ed454bc5376bd32bb8711febda3
SSDeep	12288:ROifG+IXwZyTRfpNPJHuyoiH9cFSGELajyUTAvoLl5pz/eK:++IXwQRVHuxi+5+0HMW/eK
Size	487932 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:Pirminay-V [Trj] Antiy-AVL = Trojan/win32.agent.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.ADH Panda = Generic Trojan nProtect = Gen:Variant.Zbot.34 VirusBuster = Trojan.DL.Agent!WMlWuU/1jFA VBA32 = TrojanDownloader.Agent.pxo TrendMicro-HouseCall = TROJ_GEN.R3EC2FE Comodo = TrojWare.Win32.Trojan.Agent.Gen Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Artemis!E142DEAB54F4 DrWeb = Trojan.DownLoader3.13912 TrendMicro = TROJ_GEN.R3EC2FE Microsoft = TrojanDownloader:Win32/Ponmocup.A PCTools = Trojan.ADH McAfee = Artemis!E142DEAB54F4 F-Secure = Gen:Variant.Zbot.34 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Pirminay-V [Trj] eSafe = Win32.TRDropper AVG = Dropper.Generic3.CBTE Norman = W32/Suspicious_Gen2.MQGBC Sophos = Mal/Generic-L Symantec = Trojan.ADH GData = Gen:Variant.Zbot.34 TheHacker = Trojan/Downloader.Agent.pxo BitDefender = Gen:Variant.Zbot.34 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:11 04:04:30-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 94208 Initialized Data Size : 757760 Uninitialized Data Size : 0 Entry Point : 0x13e4b OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.0.2134.1 Product Version Number : 5.0.2134.1 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Unicode Company Name : Bsskxnsdb Wfbbjfawwlz File Description : Bus Mouse Port Driver File Version : 5.00.2134.1 Internal Name : busmouse.sys Legal Copyright : Copyright (C) Jpffrdzou Corp. 1981-1999 Original Filename : busmouse.sys Product Name : Ardtreayi(R) Kkmnqhj (R) 2000 Wdzhfrbcx Rnuspj Product Version : 5.00.2134.1
VirusTotal Report submitted 2011-07-20 20:15:39
VirusShare info last updated 2012-07-26 09:07:45

	MD5	52f80e72410491296eb655aa9cea77be
	SHA1	325a497729b45aaef239136139e84510d8e50dea
	SHA256	aaddae8da97bdd126131f8a95fe645317ea6f2c09a40aff517043e5756983550
SSDeep	6144:XcnO73krGmg4PVlM8jqxVl3Tbtgi1/AOmlV:sO73bp4PY82F3TBT/AOmD
Size	319501 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Pirminay.DK Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay Panda = Trj/CI.A Rising = Trojan.Win32.Generic.5221FE56 Emsisoft = Trojan.Win32.Pirminay!IK DrWeb = Trojan.MulDrop1.40220 Kaspersky = Trojan.Win32.Pirminay.dk Microsoft = TrojanDownloader:Win32/Ponmocup.A Sunbelt = Trojan.Win32.Generic!BT McAfee = Suspect-1B!52F80E724104 Avast5 = Win32:Malware-gen AVG = SHeur3.AOOS Norman = W32/Obfuscated.L GData = Win32:Malware-gen
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:04:13 19:16:50-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 278528 Initialized Data Size : 45056 Uninitialized Data Size : 380928 Entry Point : 0xa0f50 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2010-07-28 16:21:28
VirusShare info last updated 2012-07-26 09:08:12

	MD5	4c0df28fc8322e9c32b5d9e887545c70
	SHA1	9fdd2d7c974881f73d5b7d2a85b18d62c47d056f
	SHA256	ad336fa6e937a95bfc7020e4b875048a8f6ca59e05ec9d271b62c50f69dac127
SSDeep	6144:AqlxLS+CQ2bpfpzJlNnBl9E/ADOGAbrzHJZb24Yph24d2DLPbs2IEjy4AwUcefpL:AqAzxnt4rXjbvy4AQqmre
Size	247808 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.ghk Avast = Win32:MalOb-GD [Cryp] Ikarus = Trojan.Win32.Pirminay Panda = Suspicious file Rising = Trojan.Win32.Generic.1296BCBC K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!ks/KEMGNqMI eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R1CC1I6 Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Win32.Trojan.Monder.cv.5 SUPERAntiSpyware = Trojan.Agent/Gen-Faker McAfee-GW-Edition = Vundo!lh DrWeb = Trojan.WinSpy.1248 TrendMicro = TROJ_GEN.R1CC1I6 Kaspersky = Trojan.Win32.Genome.weno Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = DangerousObject.Multi.boe McAfee = Vundo!lh F-Secure = Gen:Variant.Vundo.4 VIPRE = Virtumonde eSafe = Win32.TRVundo.Ghk F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic21.BESV Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.lxf BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2005:03:15 06:36:59-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 172032 Initialized Data Size : 118784 Uninitialized Data Size : 0 Entry Point : 0x2724e OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.0.0.3422 Product Version Number : 2.0.0.3422 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : Dutch Character Set : Unicode Comments : Company Name : Epmaxbdkg Upciyksupla File Description : Nodfqaxsu Agent International Dll File Version : 2.00.0.3422 Internal Name : agt0413 Legal Copyright : Copyright (C) Dwjrmbzjv Corp. 1999 Legal Trademarks : Original Filename : agt0413.dll Private Build : Product Name : Dgrobozpq Agent International Dll Product Version : 2.00.0.3422 Special Build :
VirusTotal Report submitted 2012-03-20 03:31:10
VirusShare info last updated 2012-07-26 09:09:29

	MD5	f6d3ca3c978b29a2d7818ac0cc8e939e
	SHA1	da0d8499d0851fc7228713a1ca64e92ded8820c9
	SHA256	ae23a3d4d158f9d69776aaa8f777baa3d0bbaf4efe4c45939ef16bb2a0989c47
SSDeep	3072:bwo0tooB0/wYtVwd8e0nMAIZMjLTnaGiRJG6ZLUmggpok5ailKy:MVooB0RX/JnMAF/aDRJGjXgptR
Size	167424 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay Panda = Suspicious file nProtect = Gen:Variant.Renos.61 K7AntiVirus = Riskware VBA32 = AdWare.SuperJuan.xfx TrendMicro-HouseCall = TROJ_GEN.R4FC2IG Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Artemis!F6D3CA3C978B TrendMicro = TROJ_GEN.R4FC2IG Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Monder.abdm McAfee = Artemis!F6D3CA3C978B F-Secure = Gen:Variant.Renos.61 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Cryptic.BPO Symantec = Trojan.Gen.2 GData = Gen:Variant.Renos.61 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Monder.mmfz BitDefender = Gen:Variant.Renos.61 NOD32 = a variant of Win32/Kryptik.IZC
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:01:20 08:32:59-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 116736 Initialized Data Size : 86528 Uninitialized Data Size : 0 Entry Point : 0x1d5d4 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Windows Management Interface for ACPI File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : wmiacpi.sys Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : wmiacpi.sys Product Name : Microsoft® Windows® Operating System Product Version : 6.1.7600.16385
VirusTotal Report submitted 2011-10-15 02:23:05
VirusShare info last updated 2012-07-26 09:10:06

	MD5	0c79bc7c5a7f0b30b26f1d64b9464f3b
	SHA1	cf8f873515e9987c223462811e490665e5cd32ad
	SHA256	b05acd7c282d34ac213aa8d3b1c87eeb026d579fc169d2e950d94bec5b32c89d
SSDeep	6144:wjdYbaWqiJkc+cDXdN6+YhSzLRs3Kvlj4M7O5vj:wWbvhp+m6nSHRs347OBj
Size	211951 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:Malware-gen Ikarus = Gen.Trojan.Heur AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/CI.A TrendMicro-HouseCall = TROJ_GEN.R01C2HO Emsisoft = Gen.Trojan.Heur!IK Comodo = TrojWare.Win32.Trojan.Agent.Gen DrWeb = Trojan.DownLoader4.48071 ByteHero = Trojan.Win32.Heur.Gen Microsoft = TrojanDownloader:Win32/Ponmocup.A Jiangmin = Trojan/Generic.kfzm F-Secure = Gen:Trojan.Heur.BDT.mq1@baoExJhi VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Malware-gen AVG = Dropper.Generic4.AGSK Norman = W32/Obfuscated.L GData = Gen:Trojan.Heur.BDT.mq1@baoExJhi BitDefender = Gen:Trojan.Heur.BDT.mq1@baoExJhi NOD32 = a variant of Win32/Injector.IVB
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 16384 Initialized Data Size : 204800 Uninitialized Data Size : 0 Entry Point : 0x128a OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.3959 Product Version Number : 5.2.3790.3959 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Thsbvetwula File Description : NetMeeting Interface Marshaling Library File Version : 5.2.3790.3959 Internal Name : confmrsl Legal Copyright : Copyright © Aozzvrygn Oouzivrnhtm 1996-2001 Legal Trademarks : Qblbnihfh® is a registered trademark of Aksckwwwy Zpjidynupdu. Fddrecf® is a registered trademark of Biberylai Clppyovqajf. Original Filename : confmrsl.dll Product Name : Jwukfbdnm® Joidcbh® Oyofvyczh Prrqqy Product Version : 3.01
VirusTotal Report submitted 2011-08-30 21:38:35
VirusShare info last updated 2012-07-26 09:11:07

	MD5	65181cacae803356afd5ff8700eb3d3a
	SHA1	10897d0ec142fdb51bb564a7b66561f03150e661
	SHA256	b186bbfb0aecbad00270be04f1597e7176b024ba961131b9b86bbf53bc1b71d8
SSDeep	3072:AwDCByq3VSCUWTpNrBdlRMqqDLy/QINFB91yahm3wYVj:HmByq3VSCvTpN1iqqDLuNKpdj
Size	140800 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-HF [Cryp] Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Genome Panda = Trj/CI.A Rising = Trojan.Win32.Generic.12AE7976 nProtect = Gen:Variant.Vundo.16 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!ZeYHt/nwNFQ TrendMicro-HouseCall = TROJ_GEN.R4FCDLN Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Vundo!nn DrWeb = Trojan.WinSpy.1167 TrendMicro = TROJ_GEN.R4FCDLN Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen McAfee = Vundo!nn F-Secure = Gen:Variant.Vundo.16 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.JJF Norman = W32/Suspicious_Gen2.UGZDG Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.16 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Gen:Variant.Vundo.16 NOD32 = a variant of Win32/Kryptik.OXQ
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:29 01:09:05-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 61440 Initialized Data Size : 126976 Uninitialized Data Size : 0 Entry Point : 0xba6a OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.5.124 Product Version Number : 6.1.5.124 File Flags Mask : 0x003f File Flags : (none) File OS : Windows 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Windows, Latin1 Company Name : Ajmictewh Kejggmikocc File Description : TIME File Version : 6.01.05.0124 Internal Name : DATIME Legal Copyright : Copyright © Guazqqisw Corp. 1998-1999 Original Filename : DATIME.DLL Product Name : Xoqsezfmy® Ellzasr(TM) Operating Frdpdd Product Version : 6.01.05.0124
VirusTotal Report submitted 2012-01-16 02:47:18
VirusShare info last updated 2012-07-26 09:11:53

	MD5	24a3adb43009c79fdc9509055133b57a
	SHA1	0e4e7df6c01abe73453d8068c6d4881e2e7e7116
	SHA256	b38a43f0e1a856ac3fb7d1fb0cb6fc522d85de90dd42ca25f8a66700b5d9a0ad
SSDeep	3072:+2nw3C9d2HIUdWjdR75QKWUDO8st7pFpo2:pwy9w/dWjTlXjDHsk
Size	103424 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Renos.PJY Avast = Win32:Trojan-gen Ikarus = Trojan.Win32.Pirminay Panda = Suspicious file Rising = Trojan.Win32.Generic.5241ECF9 nProtect = Joke/W32.Renos.103424.C F-Secure = Trojan.Renos.PJY Prevx = High Risk Cloaked Malware Avast5 = Win32:Trojan-gen AVG = Crypt_c.CEV GData = Trojan.Renos.PJY TheHacker = Trojan/Kryptik.hhf BitDefender = Trojan.Renos.PJY NOD32 = a variant of Win32/Kryptik.HHF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:17 15:51:36-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 92160 Initialized Data Size : 48640 Uninitialized Data Size : 0 Entry Point : 0x17649 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : Neutral Character Set : Unicode Company Name : Microsoft Corporation File Description : KO Hangeul Keyboard Layout for 101 (Type A) File Version : 6.0.6000.16386 (vista_rtm.061101-2205) Internal Name : kbd101a Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : kbd101a.dll Product Name : Microsoft® Windows® Operating System Product Version : 6.0.6000.16386
VirusTotal Report submitted 2010-11-03 14:55:29
VirusShare info last updated 2012-07-26 09:12:49

	MD5	1a64e801a690eb1561836282815cca3b
	SHA1	aa513ac014a817d80270cfd683eebde979f4e45a
	SHA256	b67ad9c353a8b388283d4d99173847243f319bb279d35ce6595840a1edb2fd46
SSDeep	3072:igZMSiQxsJD7DHDD9fQq+6AW0gBlEoCf601B78MXWxRs/99:igViQGJDHDDStvW0gBsH7xWXW
Size	135680 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Rising = Trojan.Win32.Generic.1234D078 nProtect = Trojan/W32.Pirminay.135680 K7AntiVirus = Riskware VirusBuster = Trojan.Pirminay!X6ca48tai/o VBA32 = Trojan.Pirminay.bvs eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R21C2H3 Emsisoft = Trojan.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Pirminay.kdz McAfee-GW-Edition = Vundo!kp DrWeb = Trojan.Hosts.4535 TrendMicro = TROJ_GEN.R21C2H3 Kaspersky = Trojan.Win32.Pirminay.kdz Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = HeurEngine.MaliciousPacker Jiangmin = Trojan/Pirminay.en McAfee = Vundo!kp F-Secure = Gen:Variant.Vundo.4 VIPRE = Virtumonde F-Prot = W32/Virtumonde.BZ.gen!Eldorado AVG = Generic23.CASV Norman = W32/Kryptik.AIF Symantec = Packed.Generic.305 GData = Gen:Variant.Vundo.4 Commtouch = W32/Virtumonde.BZ.gen!Eldorado TheHacker = Trojan/Pirminay.clm BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.HNY
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:09:07 10:15:53-04:00 PE Type : PE32 Linker Version : 5.12 Code Size : 121344 Initialized Data Size : 50688 Uninitialized Data Size : 0 Entry Point : 0x1e8c3 OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.1830 Product Version Number : 5.2.3790.1830 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Microsoft® InfoTech IR Local DLL File Version : 5.2.3790.1830 (srv03_sp1_rtm.050324-1447) Internal Name : ITIRCL Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : ITIRCL.DLL Product Name : Microsoft® Windows® Operating System Product Version : 5.2.3790.1830
VirusTotal Report submitted 2012-02-15 14:18:29
VirusShare info last updated 2012-07-26 09:14:47

	MD5	a838a974bc8e53a58341253f6a547350
	SHA1	c12f4105192f7f82d2d2d622673f6a6123a2126d
	SHA256	b752bdeb1099ba204dcddb7063c3ebf5a604f0f2b877ea8b4d291fb5eb60de8b
SSDeep	3072:S+Cx6rU50oY8ACNoGRcXYfdl4dFzRMqqDLy/PoDbc:WekoC0Y2Fz6qqDLuP
Size	131072 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:Vundo-JX Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.4 VirusBuster = Trojan.Vundo.AKMH eTrust-Vet = Win32/Vundo.HPV!genus Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Artemis!A838A974BC8E Microsoft = Trojan:Win32/Vundo.gen!AV PCTools = Trojan.Gen McAfee = Artemis!A838A974BC8E F-Secure = Gen:Variant.Vundo.4 VIPRE = Virtumonde Avast5 = Win32:Vundo-JX eSafe = Win32.TRVundo AVG = Generic23.AEJQ Symantec = Trojan.Gen GData = Gen:Variant.Vundo.4 BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:05 18:48:40-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 86016 Initialized Data Size : 86016 Uninitialized Data Size : 0 Entry Point : 0x151a7 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.1.4026.0 Product Version Number : 2.0.0.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : Ncpniezam Kdqqjqacykd File Description : Movie Maker Filters File Version : 2, 1, 4026, 0 Internal Name : WMM2FILT Legal Copyright : Copyright (C) Lfwckqjlh Corp, 2004 Legal Trademarks : Original Filename : WMM2FILT.DLL Private Build : Product Name : Windows Movie Maker Product Version : 2.1.4026.0 Special Build :
VirusTotal Report submitted 2011-07-01 17:13:17
VirusShare info last updated 2012-07-26 09:15:15

	MD5	1e1df771777af4f7b5867d65682ff892
	SHA1	78ad0cf9bb2afadfadc6d83f7f0483ab86417fab
	SHA256	bacc9ae37f17706bdc750797371600d739e4cfb0611d6d9bbd5de94f93ab5426
SSDeep	768:yxi7LuwkJGtJv9Ltv7ugMr9mSrZ+pbjPnamne2CGkONFVVMdeVXQ6y3:8i7awkovv9Rv7unr9/Z+pb7nhne2CGkH
Size	46080 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay Panda = Suspicious file Rising = Trojan.Win32.Generic.125F6B72 K7AntiVirus = Riskware VirusBuster = Trojan.Vundo!vH8dDR8bF8Y VBA32 = Trojan.Pirminay.kam TrendMicro-HouseCall = TROJ_GEN.R42C2AR Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Artemis!1E1DF771777A DrWeb = Trojan.Hosts.4574 TrendMicro = TROJ_GEN.R42C2AR Kaspersky = Trojan.Win32.Pirminay.dmh Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Pirminay.fr McAfee = Artemis!1E1DF771777A ClamAV = PUA.Win32.Packer.Armadillo-93 F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) eSafe = Win32.TRVundo F-Prot = W32/Virtumonde.BZ.gen!Eldorado AVG = Generic22.BMCA Norman = W32/Kryptik.AIF Symantec = Trojan.Gen.2 GData = Gen:Variant.Vundo.13 Commtouch = W32/Virtumonde.BZ.gen!Eldorado TheHacker = Trojan/Pirminay.dmh BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.NPN
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:07:21 20:26:09-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 6656 Initialized Data Size : 74752 Uninitialized Data Size : 0 Entry Point : 0x2887 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2600.0.503.0 Product Version Number : 1.0.0.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Windows, Latin1 Company Name : Microsoft Corp., Veritas Software. File Description : NT Disk Manager Startup Driver File Version : 2600.0.503.0 Internal Name : dmload.sys Legal Copyright : Copyright© 1985-2000 Microsoft Corporation. All rights reserved. .Portions Copyright © 1997-2000 Veritas Software. All rights reserved. Original Filename : dmload.sys Product Name : Logical Disk Manager for Windows NT Product Version : 1.0
VirusTotal Report submitted 2012-06-08 22:17:58
VirusShare info last updated 2012-07-26 09:16:57

	MD5	bce1192c3e3719ca1e5596b92e69fec8
	SHA1	7a4f8d463a4042bddf4ffb752ed71c2a1c116f51
	SHA256	bd7a22b122a2f3eaba46fde0defcc4f496bcef931790b5521732ef58bd53b060
SSDeep	6144:bywCrsWIYqMfaokVaRzy5Saxev4H5gR4UCmr88GZkbyWNJn:OhIdfMSokQxAEvqKu5AhYyzV
Size	314696 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Kazy.27030 Avast = Win32:Trojan-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Generic Trojan nProtect = Gen:Variant.Kazy.27030 VirusBuster = Trojan.DL.Agent!4rInx2f4Rfo SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Generic Downloader.x!fzm DrWeb = Trojan.DownLoader3.46799 Kaspersky = Trojan.Win32.Pirminay.jkx Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Pirminay.JKX!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.gkxo McAfee = Generic Downloader.x!fzm F-Secure = Trojan.Generic.6164592 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Downloader-IDN eSafe = Win32.TRKazy AVG = SHeur3.CGEY Norman = W32/Suspicious_Gen2.MZJBK Sophos = Mal/Generic-L Symantec = Trojan.Gen GData = Trojan.Generic.6164592 TheHacker = Trojan/Pirminay.jab BitDefender = Trojan.Generic.6164592 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:11:23 15:50:45-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 311296 Initialized Data Size : 4096 Uninitialized Data Size : 401408 Entry Point : 0xae920 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.0.2134.1 Product Version Number : 5.0.2134.1 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 8 Language Code : English (U.S.) Character Set : Unicode Company Name : Gagvrylqb Kgijrswgxrk File Description : Gwqvmlzda ACM Audio Filter File Version : 5.00.2134.1 Internal Name : Ujjbafrgf ACM Audio Filter Legal Copyright : Copyright (C) Mndxuteda Corp. 1981-1999 Original Filename : msfltr32.acm Product Name : Pklkhigfo(R) Wwvnjda (R) 2000 Operating Ujytgc Product Version : 5.00.2134.1
VirusTotal Report submitted 2011-07-01 00:57:52
VirusShare info last updated 2012-07-26 09:18:14

	MD5	c80efd42fa2600079f87d2b2cceba38b
	SHA1	6224cbe69b33539b5cefebf79ba394860979fa81
	SHA256	bed5184a25582d84bca4cdecfb0d445334d463c20550a1e7bb9b909ab1d61c3e
SSDeep	3072:sRJllQ0+Lma4/8jQl63x2kk4DzIqJiM+BCqJhrcoLzQxd5Rc7tJ7wotv0XQM:srFMma4/am63x2kkezItHL0A7L7wRB
Size	207257 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Jorik Ikarus = Trojan-Downloader.Win32.Ponmocup AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/CI.A nProtect = Gen:Variant.Graftor.1139 VirusBuster = Trojan.Injector!oYqzTkRGDHw VBA32 = Trojan.Jorik.Pirminay.agx TrendMicro-HouseCall = TROJ_GEN.R4FC8J5 Emsisoft = Trojan-Downloader.Win32.Ponmocup!IK ByteHero = Trojan.Win32.Heur.Gen TrendMicro = TROJ_GEN.R4FC8J5 Kaspersky = Trojan.Win32.Jorik.Pirminay.atn Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Malware_fam.NB PCTools = Trojan.ADH Jiangmin = Trojan/Generic.kfzm McAfee = Generic Malware.ms F-Secure = Trojan.Generic.6471002 VIPRE = Trojan.Win32.Generic!BT AVG = Dropper.Generic4.AGCC Norman = W32/Suspicious_Gen2.RONWV Sophos = Troj/Virtum-Gen GData = Trojan.Generic.6471002 Symantec = Trojan.ADH TheHacker = Trojan/Injector.ivb BitDefender = Trojan.Generic.6471002 NOD32 = a variant of Win32/Kryptik.UFA
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 16384 Initialized Data Size : 200704 Uninitialized Data Size : 0 Entry Point : 0x128a OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.0 Product Version Number : 5.2.3790.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 2 Language Code : Neutral Character Set : Unicode Company Name : Ybbilpirn Nffnjwnvion File Description : Greek IBM 220 Keyboard Layout File Version : 5.2.3790.0 (srv03_rtm.030324-2048) Internal Name : kbdhe220 (3.12) Legal Copyright : © Cfaqrdcll Xtfahgmpgno. All rights reserved. Original Filename : kbdhe220.dll Product Name : Wjkjumarx® Dmyhfkv® Uxgdmjzwa Tesldj Product Version : 5.2.3790.0
VirusTotal Report submitted 2011-11-12 05:34:16
VirusShare info last updated 2012-07-26 09:18:48

	MD5	75c23849510e24db3244c941f671fb0b
	SHA1	e92df13de670ccd67cac35484fdc19d62096a04e
	SHA256	bf7b6f31247f832d486b799f17937dbca291eb6a539d4230f7359daa749e447e
SSDeep	6144:egFvrMa2BWJYHI4irL8jX/GNuzHd5Z5anG47QI4SnYP4XuDiJuN2ZDch98myhn1N:5FvriBkYOOX/G+KG4M8nrup2Z+98mcme
Size	381333 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Spy.ZBot.34 Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Fakeav.381333 Panda = Generic Trojan nProtect = Gen:Variant.Zbot.34 K7AntiVirus = Trojan VirusBuster = Trojan.Kryptik!bS6ENtiunCM VBA32 = Trojan.Pirminay.exa TrendMicro-HouseCall = TROJ_GEN.R3EC2DE Emsisoft = Trojan.Win32.Pirminay!IK Comodo = TrojWare.Win32.Trojan.Agent.Gen CAT-QuickHeal = Trojan.Pirminay.exa McAfee-GW-Edition = Artemis!75C23849510E DrWeb = Trojan.Hosts.4391 TrendMicro = TROJ_GEN.R3EC2DE Kaspersky = Trojan.Win32.Pirminay.exa Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = PossibleThreat PCTools = Trojan-PSW.Banker McAfee = Artemis!75C23849510E F-Secure = Gen:Variant.Zbot.34 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Malware-gen eSafe = Win32.GenVariant.Zbo AVG = Generic22.HX Sophos = Mal/Generic-L Symantec = Infostealer.Banker.C GData = Gen:Variant.Zbot.34 TheHacker = Trojan/Pirminay.exa BitDefender = Gen:Variant.Zbot.34 NOD32 = a variant of Win32/Kryptik.LNR
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2007:02:18 01:43:19-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 339968 Initialized Data Size : 344064 Uninitialized Data Size : 0 Entry Point : 0x506b2 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.0.3000.11 Product Version Number : 5.0.3000.11 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 1 Language Code : Czech Character Set : Unicode Company Name : Brother Industries, Ltd. File Description : brclr0ui.dll File Version : 5.0.3000.11 (vbl_wcp_d2_drivers.060616-1619) Internal Name : brclr0ui.dll Legal Copyright : Copyright © Brother Industries, Ltd. 2002 Original Filename : brclr0ui.dll Product Name : Operacni system Jkhsxjnpm® Qnzlvhf® Product Version : 5.0.3000.11
VirusTotal Report submitted 2011-07-20 11:34:51
VirusShare info last updated 2012-07-26 09:19:09

	MD5	723b2a7368eb85dc9746ca7ce771e0ab
	SHA1	f38df6eabc0b082d75fe661d474bbd559beda8b9
	SHA256	c015e1d71c92bfb3cea766739ebecfd14f176a38e18c23a77610a5d12c3aa0eb
SSDeep	3072:gQtFkTa3xCtmdK1vyKSOvaRsCu8GMovZ0a1n8DOnQMqqDLy/6nqR8b:1kTzmdKvxSVGgGJ0jDObqqDLu6
Size	180224 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-HF [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Genome Panda = Suspicious file Rising = Trojan.Win32.Generic.1289D33E nProtect = Trojan/W32.Vundo.180224 K7AntiVirus = Riskware VirusBuster = Trojan.Genome!BXALZZT4IkI eTrust-Vet = Win32/Vundo.HRU TrendMicro-HouseCall = TROJ_GEN.R47CDDJ Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Vundo McAfee-GW-Edition = Vundo!pc DrWeb = Trojan.MulDrop2.36782 TrendMicro = TROJ_GEN.R47CDDJ Kaspersky = Trojan.Win32.Monder.nrhm Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Vundo Jiangmin = Trojan/Monder.addk McAfee = Vundo!pc F-Secure = Gen:Variant.Vundo.4 VIPRE = Virtumonde eSafe = Win32.TRVundo F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.KBG Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = Trojan.Vundo!gen9 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.oxp BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.OXP
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2004:07:11 15:22:28-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 86016 Initialized Data Size : 135168 Uninitialized Data Size : 0 Entry Point : 0x119ca OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.3959 Product Version Number : 5.2.3790.3959 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Microsoft Server Appliance Services File Version : 5.2.3790.3959 (srv03_sp2_rtm.070216-1710) Internal Name : APPSRVCS.DLL Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : APPSRVCS.DLL Product Name : Microsoft® Windows® Operating System Product Version : 5.2.3790.3959
VirusTotal Report submitted 2012-04-27 01:22:10
VirusShare info last updated 2012-07-26 09:19:27

	MD5	6d2665aed224456ab948906a4afb0076
	SHA1	7ca1b34030e618ed32237cbb098b74ec8611ae54
	SHA256	c205e3cb1d187d03637b299181f2845e42b95aa5cad02ec856aecf6193eb2213
SSDeep	1536:Tkxp3NSw3tHNc4/TM4JHlCLYo0tl4NEzOFXYDOWie0XwQlqfLvCYlLMqqU+NV23h:Ty3NSw3ti4o4JEGzFOz9KlLMqqDLy/1
Size	106496 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.HDC Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.13 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!fuh1WEq+pVc eTrust-Vet = Win32/Monder.A!generic TrendMicro-HouseCall = TROJ_GEN.R11C2H8 Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Vundo!lo DrWeb = Trojan.Click1.63759 TrendMicro = TROJ_GEN.R11C2H8 Kaspersky = Trojan.Win32.Genome.vdgv Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.imqp McAfee = Vundo!lo F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.BIGV Sophos = Mal/Generic-L GData = Gen:Variant.Vundo.13 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.qgj BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.QGJ
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2007:02:27 09:16:06-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 69632 Initialized Data Size : 77824 Uninitialized Data Size : 0 Entry Point : 0xd122 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6001.18000 Product Version Number : 6.0.6001.18000 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Akpnpwrcr Pexeeulhuca File Description : LSM interfaces proxy Dll File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840) Internal Name : lsmproxy Legal Copyright : © Tastipylf Ipxebkcrbut. All rights reserved. Original Filename : lsmproxy.dll Product Name : Rrgtnesae® Tymuurc® Qmgdoyonk Qtzlas Product Version : 6.0.6001.18000
VirusTotal Report submitted 2011-10-07 21:50:17
VirusShare info last updated 2012-07-26 09:20:26

	MD5	c89ce76b99a4eaa216511139c92c5562
	SHA1	013918502c1e2ecbde7f52731b3879f359fd811d
	SHA256	c2fc239ab672d40093d5884c704f4fb2426eacdf685f7316431102090bccdbc6
SSDeep	3072:BKKo6PhPiXJPQCy0FVT7EWfTkoIl9jqEOTjm:EKzpbeGjIj
Size	147456 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-GD Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Gen Panda = Generic Trojan nProtect = Gen:Variant.Vundo.13 K7AntiVirus = Riskware VBA32 = AdWare.SuperJuan.heur TrendMicro-HouseCall = TROJ_GEN.R47C2FN Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[Cont] McAfee-GW-Edition = Vundo!iy TrendMicro = TROJ_GEN.R47C2FN Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Vundo.IY!tr PCTools = Trojan.Gen McAfee = Vundo!iy F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-GD eSafe = Win32.TRVundo AVG = Generic21.ASCK Norman = W32/Suspicious_Gen2.MYROZ Symantec = Trojan.Gen GData = Gen:Variant.Vundo.13 TheHacker = Trojan/Kryptik.gnd BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.GND
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:26 13:42:50-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 86016 Initialized Data Size : 94208 Uninitialized Data Size : 0 Entry Point : 0x12651 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 4.10.0.1998 Product Version Number : 4.10.0.1998 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Windows, Latin1 Company Name : Elacfsggt Trnahxywymp File Description : Bezier Screen Saver File Version : 4.10.1998 Internal Name : BEZIER Legal Copyright : Copyright (C) Lorrkjfen Corp. 1991-1998 Original Filename : BEZIER.SCR Product Name : Jsoucuwow(R) Lexflgo(R) Oxzkzsbet Uqggiz Product Version : 4.10.1998
VirusTotal Report submitted 2011-06-30 23:02:50
VirusShare info last updated 2012-07-26 09:20:58

	MD5	e1df26d9b53f345b8f7fef5c4f34b142
	SHA1	3ea7d399c8f687a098920b79f3004eae98c039f1
	SHA256	c64410cb960b3854c81fbfe1d3b3013f76f4ac1ff26ef45e7f25bf4253edf2bf
SSDeep	1536:gtNVIfbF2QsQk/Wv6GtyHpH8gC6M+EGzG+BhHk4StYMtd4K+pm4s6LRZG:gZIfbFfsXzHh8gC6M+EreHk47Pa4z/G
Size	83968 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Menti Panda = Suspicious file nProtect = Gen:Variant.Vundo.6 K7AntiVirus = Riskware VBA32 = AdWare.SuperJuan.heur TrendMicro-HouseCall = TROJ_GEN.R30C7JS Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Vundo.Gen DrWeb = Trojan.Siggen2.56183 TrendMicro = TROJ_GEN.R30C7JS Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Menti.fam!tr Jiangmin = Trojan/Menti.bea F-Secure = Gen:Variant.Vundo.6 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Cryptic.BTF Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.6 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.izc BitDefender = Gen:Variant.Vundo.6 NOD32 = a variant of Win32/Kryptik.IZC
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:05:11 05:10:22-04:00 PE Type : PE32 Linker Version : 5.0 Code Size : 33280 Initialized Data Size : 85504 Uninitialized Data Size : 0 Entry Point : 0x8eca OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.0.2920.0 Product Version Number : 5.0.2920.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Internet Connection Wizard Trial Reminder Helper File Version : 5.00.2920.0000 Internal Name : trialoc Legal Copyright : Copyright (C) Microsoft Corp. 1991-1999 Original Filename : trialoc.dll Product Name : Microsoft(R) Windows (R) 2000 Operating System Product Version : 5.00.2920.0000 Ole Self Register :
VirusTotal Report submitted 2011-10-29 04:41:09
VirusShare info last updated 2012-07-26 09:23:19

	MD5	709042daf566c10da6d28b6b5169f374
	SHA1	8c62788bec73c5076cbd19153a9eaacdf3875020
	SHA256	c697d0553f3f95d32f3bc945e59a9be0ebd0dd47ddf52daf0936c101a4e502bf
SSDeep	3072:R5ZGzRTDU5y1u5JGh9mWWjaNECCtPqQQ0onQ/gwyoLOgj6qLFbliJKS1:R5PmMWVNUPcQlnB+8FQKS1
Size	221184 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Suspicious file Rising = Trojan.Win32.Generic.128E5FC2 nProtect = Trojan/W32.Vundo.221184.B K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!kDaOkxmxbe8 eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R47C1GE Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Win32.Trojan.Monder.cd.5 SUPERAntiSpyware = Trojan.Agent/Gen-Vundo McAfee-GW-Edition = Generic.dx!zvu DrWeb = Trojan.Virtumod.10275 TrendMicro = TROJ_GEN.R47C1GE Kaspersky = Trojan.Win32.Monder.mvsj Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Monder.BMF!tr PCTools = Trojan.Gen McAfee = Generic.dx!zvu F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic21.BJOR Norman = W32/Suspicious_Gen2.MXYRT Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.13 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Genome.aduiw BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.NDI
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2007:10:04 21:39:34-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 155648 Initialized Data Size : 98304 Uninitialized Data Size : 0 Entry Point : 0x22d41 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.0.10384 Product Version Number : 5.2.0.10384 File Flags Mask : 0x003f File Flags : Private build File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Unicode Company Name : Adaptec, Inc. File Description : Adaptec RAID Storport Driver File Version : 5.2.0.10384 (NT.070222-1720) Internal Name : arc.sys.B10384.mcb Legal Copyright : Copyright 2007 Adaptec, Inc. All rights reserved. Original Filename : arc.sys Product Name : Adaptec RAID Controller Product Version : 5.2.0.10384
VirusTotal Report submitted 2012-04-17 18:09:10
VirusShare info last updated 2012-07-26 09:23:28

	MD5	6b376a0fa167870b2d15eacef5a0a622
	SHA1	88b0295057d42d84634c89f7f15765fecafdc8a9
	SHA256	c78831fcb074c5a0c7c55e6070eb339ce3f02ff876af30ab1bb2062fc0dc85e7
SSDeep	1536:lpYEQt0BpecVOoRClMYvC75GIUZaN2exQJHrXeEaMRfJa1Q+vpVCqX+qi:lHzecVO0C2YvC7YRGxgHSETRffApyq
Size	108032 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.A.520 Avast = Win32:MalOb-EI Antiy-AVL = Trojan/Win32.Menti.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Menti Panda = Suspicious file Rising = Trojan.Win32.Generic.127C6B3C nProtect = Trojan.Generic.KDV.105851 K7AntiVirus = Trojan VBA32 = AdWare.SuperJuan.heur TrendMicro-HouseCall = TROJ_GEN.R47C1AJ Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Vundo McAfee-GW-Edition = Vundo!gw DrWeb = Trojan.Siggen2.29520 TrendMicro = TROJ_GEN.R47C1AJ Kaspersky = Trojan.Win32.Menti.bhv Microsoft = Trojan:Win32/Vundo PCTools = Trojan.Gen Jiangmin = Trojan/Generic.cttb McAfee = Vundo!gw VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:MalOb-EI AVG = Cryptic.BTF Norman = W32/Suspicious_Gen2.IXVEF Sophos = Mal/EncPk-XI Symantec = Trojan.Gen.2 GData = Trojan.Generic.KDV.105851 TheHacker = Trojan/Kryptik.jhe BitDefender = Trojan.Generic.KDV.105851 NOD32 = a variant of Win32/Kryptik.JHE
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:08:12 22:23:24-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 61440 Initialized Data Size : 81408 Uninitialized Data Size : 0 Entry Point : 0xfd34 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.0 Product Version Number : 5.2.3790.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : ACPI Embedded Controller Driver File Version : 5.2.3790.0 (srv03_rtm.030324-2048) Internal Name : acpiec.sys Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : acpiec.sys Product Name : Microsoft® Windows® Operating System Product Version : 5.2.3790.0
VirusTotal Report submitted 2011-06-08 14:21:11
VirusShare info last updated 2012-07-26 09:23:59

	MD5	7c959d521e722d2882bc69732f69ae01
	SHA1	9de6decf2c3033d146be56e8983ce00b9085ff7a
	SHA256	c82976b02bb42ad28ffbd9018ed376d72e46d346cf6e4731aea670bf04e131c2
SSDeep	3072:YDECw8JGddU9X2S7q53TOdPOLhvUL7Bo2lkN899vLKbqvj+s6ABOWcntZipr5TUx:h4wdkX2XzN8Wg5LKOvj+slBDcnR
Size	159744 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Vundo Panda = Suspicious file nProtect = Trojan/W32.Monder.159744.B K7AntiVirus = Riskware VBA32 = AdWare.SuperJuan.heur eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R29CCLP Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Vundo.Gen SUPERAntiSpyware = Trojan.Agent/Gen-Vundo McAfee-GW-Edition = Vundo!nk DrWeb = Trojan.Virtumod.10300 TrendMicro = TROJ_GEN.R29CCLP Kaspersky = Trojan.Win32.Monder.nflc Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Vundo Jiangmin = Trojan/Generic.iuwy McAfee = Vundo!nk F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic26.AMGA Norman = W32/Vundo.UYZ Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = Trojan.Vundo!gen9 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.laq BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LAQ
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:20 15:09:33-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 102400 Initialized Data Size : 90112 Uninitialized Data Size : 0 Entry Point : 0x19814 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Program Compatibility Assistant File Version : 6.0.6000.16386 (vista_rtm.061101-2205) Internal Name : Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : Product Name : Microsoft® Windows® Operating System Product Version : 6.0.6000.16386
VirusTotal Report submitted 2012-05-03 00:31:39
VirusShare info last updated 2012-07-26 09:24:23

	MD5	5d88adf13c12fae98776817b039ce8c2
	SHA1	ec84e316dd6fa7924a31e59e8fd802184dc0b5cf
	SHA256	ccd85f28c4caa6bf40e95e8ce313f99328addd53d1b516b84a0f51f31c4073a5
SSDeep	6144:kXXM0vN4Sj2jsHdD0qn+kgY4xUDdLuwJPzs30N9UJZDc64O8hIpaWwtbBlO4grcn:CISHGejDxJPzkgGJZDchOT1WarE
Size	434577 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Spy.ZBot.34.33 Avast = Win32:Pirminay-V [Trj] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Pirminay.434577 Panda = Trj/CI.A nProtect = Gen:Variant.Zbot.34 VirusBuster = Trojan.Kryptik!J/hNUFicRhk Comodo = TrojWare.Win32.Kryptik.NHM Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[RE] McAfee-GW-Edition = Heuristic.BehavesLike.Win32.Downloader.H Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = PossibleThreat Jiangmin = Trojan/Generic.fhom F-Secure = Gen:Variant.Zbot.34 VIPRE = Trojan.Win32.Generic!SB.0 Avast5 = Win32:Pirminay-V [Trj] AVG = SHeur3.BYHL Norman = W32/Obfuscated.L Sophos = Mal/Generic-L GData = Gen:Variant.Zbot.34 TheHacker = Trojan/Kryptik.nhm BitDefender = Gen:Variant.Zbot.34 NOD32 = a variant of Win32/Kryptik.NHM
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:20 15:12:15-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 413696 Initialized Data Size : 356352 Uninitialized Data Size : 0 Entry Point : 0x65c9c OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Ddrswdyit Jztrfwchxgo File Description : DHCP Client Service File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : dhcpcsvc.dll Legal Copyright : © Gglqpmdrt Qmtqbeilwoi. All rights reserved. Original Filename : dhcpcsvc.dll Product Name : Lvvivotwg® Dmeiktz® Aukpzsdct Ivhogt Product Version : 6.1.7600.16385
VirusTotal Report submitted 2011-07-16 15:34:47
VirusShare info last updated 2012-07-26 09:26:38

	MD5	26078ae924d92b814d899175bce08b5c
	SHA1	4c4a3a59898e946bf7bb3889ff70f97c1f7e1cdc
	SHA256	cd19d05f3bbf5ef61e5235f42b454d5eb1043b5ca982db4106857fcf1fccafa1
SSDeep	6144:xnhg9xr8hUnTkTkONGbfNG975DN+mTk6E+mNk6Ued9PcrpHFOA3t03GTqwV74M:EnTkTkged9PeFrt2GTzV4
Size	368128 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.368128.AV Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Pirminay Panda = Suspicious file Rising = Trojan.Win32.Generic.1259D0F9 nProtect = Gen:Variant.Vundo.6 K7AntiVirus = Riskware Emsisoft = Trojan.Win32.Pirminay!IK Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen F-Secure = Gen:Variant.Vundo.6 Avast5 = Win32:Malware-gen F-Prot = W32/Virtumonde.BZ.gen!Eldorado Norman = W32/Kryptik.AIF GData = Gen:Variant.Vundo.6 Symantec = Trojan.Gen.2 Commtouch = W32/Virtumonde.BZ.gen!Eldorado BitDefender = Gen:Variant.Vundo.6 NOD32 = a variant of Win32/Kryptik.NHN
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2007:02:03 02:15:08-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 259584 Initialized Data Size : 148480 Uninitialized Data Size : 0 Entry Point : 0x404c7 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6001.18000 Product Version Number : 6.0.6001.18000 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Platform Specific Hardware Error Driver File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840) Internal Name : pshed.dll Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : pshed.dll Product Name : Microsoft® Windows® Operating System Product Version : 6.0.6001.18000
VirusTotal Report submitted 2011-09-13 21:06:39
VirusShare info last updated 2012-07-26 09:26:47

	MD5	1e156a8bac10f722759df75909762401
	SHA1	66ba36eefea4ccdc07519b7b95b1aaeaa07f713b
	SHA256	ce3c44da60ba4d7df761be920a045bc01ae629c40a2341ab1b76dc2d92f6048d
SSDeep	6144:aZEvrGIDUB7fLyw/huwDavdm5KgtJdSKZo0jg5ID:aUvDO7Ly4uLvdm5TJQeo0U2
Size	234419 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:Downloader-JIF [Trj] Antiy-AVL = Trojan/Win32.Jorik Ikarus = Trojan.Win32.Jorik AhnLab-V3 = Trojan/Win32.Jorik Panda = Trj/CI.A nProtect = Trojan.Generic.6427141 K7AntiVirus = Riskware VBA32 = TrojanDownloader.Qhost.jw TrendMicro-HouseCall = TROJ_RENOS.BMC Emsisoft = Trojan.Win32.Jorik!IK Comodo = TrojWare.Win32.Trojan.Agent.Gen CAT-QuickHeal = Trojan.Jorik.Pirminay.ade SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[Cont] McAfee-GW-Edition = Generic Malware.ms TrendMicro = TROJ_RENOS.BMC Kaspersky = Trojan.Win32.Jorik.Pirminay.ade Fortinet = W32/Jorik.K!tr PCTools = Trojan.ADH Jiangmin = Trojan/Generic.hxys McAfee = Generic Malware.ms ClamAV = Trojan.Agent-246257 F-Secure = Trojan.Generic.6427141 VIPRE = Trojan.Win32.Generic!BT eSafe = Win32.TRDropper AVG = Dropper.Generic4.XMH Norman = W32/Suspicious_Gen2.OWUJK Sophos = Mal/Generic-L Symantec = Trojan.ADH GData = Trojan.Generic.6427141 TheHacker = Trojan/Injector.hzu BitDefender = Trojan.Generic.6427141 NOD32 = a variant of Win32/Kryptik.UFA
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 16384 Initialized Data Size : 221184 Uninitialized Data Size : 0 Entry Point : 0x138e OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.1830 Product Version Number : 5.2.3790.1830 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Ehetqqxmp Olrfxxonoit File Description : Run a DLL as an App File Version : 5.2.3790.1830 (srv03_sp1_rtm.050324-1447) Internal Name : rundll Legal Copyright : © Bvtlfzxbv Xblqmaqusxt. All rights reserved. Original Filename : RUNDLL.EXE Product Name : Microsoft® Crhnmna® Fdedxtfdy Rzegly Product Version : 5.2.3790.1830
VirusTotal Report submitted 2012-02-18 19:21:03
VirusShare info last updated 2012-07-26 09:27:25

	MD5	07c90198de64b2bfa1529514006a499b
	SHA1	841ddebe2ad7c838c4c84f077610aee870effeaf
	SHA256	d36e1cee4b66158a1661949b90604a6b9c0117509124c24ab632654f0ddc3025
SSDeep	3072:+2nw3C9d2HIUdWjdR75QKWUDO8st7pOpo2:pwy9w/dWjTlXjDHsl
Size	103424 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	Ikarus = Trojan.Win32.Pirminay Emsisoft = Trojan.Win32.Pirminay!IK AVG = Crypt_c.CEV NOD32 = a variant of Win32/Kryptik.HHF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:17 15:51:36-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 92160 Initialized Data Size : 48640 Uninitialized Data Size : 0 Entry Point : 0x17649 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : Neutral Character Set : Unicode Company Name : Microsoft Corporation File Description : KO Hangeul Keyboard Layout for 101 (Type A) File Version : 6.0.6000.16386 (vista_rtm.061101-2205) Internal Name : kbd101a Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : kbd101a.dll Product Name : Microsoft® Windows® Operating System Product Version : 6.0.6000.16386
VirusTotal Report submitted 2010-10-27 02:06:48
VirusShare info last updated 2012-07-26 09:30:05

	MD5	b80638eeaec10931648fb79c0e4adbcb
	SHA1	cdcf06b96d0cef96e3bc7b1b4aa17dec79a84d1c
	SHA256	d4db3958e4eced01fa492e079f0f1dfa31ee720284a4fa9a8513aca9556bf53d
SSDeep	3072:PHA8LhGgyxkzhYuEx3mRzfJjK/YncCWe7:/A8LhG6NYuExiphcCWe
Size	124928 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.XPACK.Gen Avast = Win32:MalOb-GD [Cryp] Antiy-AVL = Trojan/win32.agent.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Genome Panda = Generic Trojan nProtect = Gen:Variant.Vundo.13 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!X8Kso/R6dIk TrendMicro-HouseCall = TROJ_GEN.R49C2HU Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Vundo!lb Microsoft = Trojan:Win32/Vundo.gen!AV PCTools = Trojan.Gen McAfee = Vundo!lb F-Secure = Gen:Variant.Vundo.13 VIPRE = Virtumonde Avast5 = Win32:MalOb-GD [Cryp] F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic24.BAPU GData = Gen:Variant.Vundo.13 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.QGU
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2007:02:19 04:46:48-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 45056 Initialized Data Size : 126976 Uninitialized Data Size : 0 Entry Point : 0xb401 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.0.2178.1 Product Version Number : 5.0.2178.1 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Vxsfopfqd Corporation File Description : WMI service core functionality File Version : 5.00.2178.1 Internal Name : wmicore Legal Copyright : Copyright (C) Pjskrmttx Corp. 1981-1999 Original Filename : wmicore.DLL Product Name : Ebqxpdgzf(R) Fjawkyf (R) 2000 Vrhsvnaab Aqvnht Product Version : 5.00.2178.1
VirusTotal Report submitted 2011-09-04 07:34:17
VirusShare info last updated 2012-07-26 09:30:53

	MD5	4af9190d51327aae222416fd62a44c7c
	SHA1	0c527cf2365fed60177f1b3d43c43e2bd6854608
	SHA256	d677f883f67b004af0818e2d63f429c6bf94d2a675cb5346c8dee09031c1c60b
SSDeep	3072:E6vZH8j4JbA8HEkBOYQ7CaKFFr/olEMqqDLy/Un+Pe/4NKCnsy:E6vXGmpOYQRw1/eqqDLuUsOuKqs
Size	160768 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-HF [Cryp] Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Vundo Panda = Suspicious file Rising = Trojan.Win32.Generic.1289ABC8 nProtect = Trojan/W32.Genome.160768 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!4OpO7Jrai9Y eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R47C2GF Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Monder.nmbn McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.Click1.64012 TrendMicro = TROJ_GEN.R47C2GF ViRobot = Trojan.Win32.Vundo.160768 Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.ijxo McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Generic!BT eSafe = Win32.TRVundo F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.AZQC Norman = W32/Suspicious_Gen2.NNHDJ Sophos = Troj/Virtum-Gen Symantec = Trojan.Gen GData = Gen:Variant.Vundo.4 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.lxf BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:08:19 09:46:42-04:00 PE Type : PE32 Linker Version : 5.12 Code Size : 94208 Initialized Data Size : 118784 Uninitialized Data Size : 0 Entry Point : 0x13a32 OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.6.7000.0 Product Version Number : 6.6.7000.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Vnrmgjtri Lpzybpvwlac File Description : DirectShow Runtime. File Version : 6.6.7000.0 (winmain_win7beta.081212-1400) Internal Name : QCap.dll Legal Copyright : © Uytnvwlob Dbtjrslawzr. All rights reserved. Original Filename : QCap.dll Product Name : Rkathmooi® Rufbqqx® Vnvlhzjpv Gjyxup Product Version : 6.6.7000.0 Ole Self Register :
VirusTotal Report submitted 2012-04-29 08:50:24
VirusShare info last updated 2012-07-26 09:31:47

	MD5	3febedd5f03fe74c846242999d84f352
	SHA1	7e9b645b623674e9c2b8b074658111478db22fcd
	SHA256	dc3e122736c216f93c834e05dc16f5dc26e9e07f7eea1ae6f3280c1521d264da
SSDeep	6144:pzhU+v8NFYQP1QNWfbqePv66Bbk5vcBixDukEv2mfr/S4FMsRs1JZW:pzhFv8HT1r1v6U38Du1uS/S4Csgm
Size	352723 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.XPACK.Gen2 Avast = Win32:Vundo-JU [Trj] Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Hupigon.352723 Panda = Trj/CI.A Rising = Trojan.Win32.Generic.128E2211 nProtect = Trojan/W32.Agent.352723.B K7AntiVirus = Riskware VirusBuster = Trojan.Agent!vNgbN1wwQS4 VBA32 = Trojan.Pirminay.gcb TrendMicro-HouseCall = TROJ_GEN.R3EC2E7 Comodo = TrojWare.Win32.Trojan.Agent.Gen Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.DownLoader5.42813 TrendMicro = TROJ_GEN.R3EC2E7 Kaspersky = Trojan.Win32.Pirminay.gcb Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.ADH Jiangmin = Trojan/Pirminay.uh McAfee = Generic Malware.ms F-Secure = Trojan.Generic.5833030 VIPRE = Trojan.Win32.Generic!BT eSafe = Win32.TRCrypt.XPACK AVG = SHeur3.BVPY Norman = W32/Kryptik.AIF Sophos = Mal/Ponmocup-A GData = Trojan.Generic.5833030 Symantec = Trojan.ADH TheHacker = Trojan/Pirminay.fwf BitDefender = Trojan.Generic.5833030 NOD32 = a variant of Win32/Kryptik.NDZ
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:08:07 12:16:07-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 32768 Initialized Data Size : 614400 Uninitialized Data Size : 0 Entry Point : 0x58ee OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : Neutral Character Set : Unicode Company Name : Uslwdwuev Hwqoxfsmcvf File Description : PCI IDE Bus Driver Extension File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : pciidex.sys Legal Copyright : © Msnakbqky Pxiuvqomqxw. All rights reserved. Original Filename : pciidex.sys Product Name : Ssruqjyae® Lgjftin® Okoktenls Qfrnpr Product Version : 6.1.7600.16385
VirusTotal Report submitted 2012-02-23 18:37:34
VirusShare info last updated 2012-07-26 09:35:07

	MD5	78096be42a203793e23cb8b0fe2501d5
	SHA1	3b2b1b99da0ac571ff5cc7b347ae2429da7ebcb6
	SHA256	dfbffd59078a7e7839982dae088034cdc963698f1cb67b39734d0f884bf8e924
SSDeep	768:y4Q/y29MUdXkhMmdT4iscZtg6rBxIqWZ4dfQCjfelE5th35:yz/y9gXIx41c3pxddylE5x
Size	52224 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Menti Panda = Suspicious file nProtect = Trojan/W32.Agent.52224.WG K7AntiVirus = Riskware VBA32 = AdWare.SuperJuan.heur eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_VUNDO.SMEO2 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Vundo.Gen SUPERAntiSpyware = Trojan.Agent/Gen-MSFake McAfee-GW-Edition = Vundo!lv DrWeb = Trojan.Siggen2.31732 TrendMicro = TROJ_VUNDO.SMEO2 Kaspersky = Trojan.Win32.Menti.hzyw Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Menti.fam!tr PCTools = Trojan.Gen McAfee = Vundo!lv F-Secure = Gen:Variant.Vundo.6 VIPRE = Trojan.Win32.Kryptik.laq (v) eSafe = Win32.TRVundo F-Prot = W32/Virtumonde.CP.gen!Eldorado AVG = Cryptic.BTF Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.6 Symantec = Trojan.Gen.2 Commtouch = W32/Virtumonde.CP.gen!Eldorado TheHacker = Trojan/Kryptik.jhe BitDefender = Gen:Variant.Vundo.6 NOD32 = a variant of Win32/Kryptik.JHE
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:02 21:41:26-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 11264 Initialized Data Size : 77312 Uninitialized Data Size : 0 Entry Point : 0x381e OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.0.1020 Product Version Number : 5.1.0.1020 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Windows NT Certificate Dialogs File Version : 5.01.1020 Legal Copyright : Copyright (C) Microsoft Corporation. 1981-2000 Legal Trademarks : Microsoft(R) is a registered trademark of Microsoft Corporation. Windows NT(TM) is a trademark of Microsoft Corporation Original Filename : mqcertui.dll Product Name : Microsoft Message Queue Product Version : 5.01.1020
VirusTotal Report submitted 2012-04-30 08:13:08
VirusShare info last updated 2012-07-26 09:36:54

	MD5	072dffac60887723670b3bc57efe8703
	SHA1	ce803cd0fc578fe6d63ad790c03c368520a7c0ea
	SHA256	e039593aadbbd62a583b5428cfd2f2358744b6e3681454928419f95e05a2ff18
SSDeep	1536:rx0zzKwiEZ7oIIpNEo5RsNB9uBXLBHJ45fQTZAbKjUAffcTjtboYDjx:V+zKwvdgfc9uBXL4AmKfUTjdBDj
Size	79872 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Menti Panda = Suspicious file K7AntiVirus = Riskware VBA32 = AdWare.SuperJuan.yfo eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R30C2IK Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Vundo.Gen SUPERAntiSpyware = Trojan.Agent/Gen-FraudSec McAfee-GW-Edition = Vundo!lz DrWeb = Trojan.Siggen2.31811 TrendMicro = TROJ_GEN.R30C2IK Kaspersky = Trojan.Win32.Menti.ibsx Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Menti.fam!tr PCTools = Trojan.Gen McAfee = Vundo!lz F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CI.gen!Eldorado AVG = Generic21.AIHT Norman = W32/Suspicious_Gen2.QWFGD Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CI.gen!Eldorado TheHacker = Trojan/Kryptik.lfr BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LFR
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:08:12 03:42:19-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 69632 Initialized Data Size : 49152 Uninitialized Data Size : 0 Entry Point : 0x118ee OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.0 Product Version Number : 5.2.3790.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Security Support Provider Interface File Version : 5.2.3790.0 (srv03_rtm.030324-2048) Internal Name : security.dll Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : security.dll Product Name : Microsoft® Windows® Operating System Product Version : 5.2.3790.0
VirusTotal Report submitted 2012-02-15 04:24:52
VirusShare info last updated 2012-07-26 09:37:08

	MD5	f55c8915e43727d5efd07bf02ba71105
	SHA1	c19402b0e4d00b27f6dbb7bac8f3929414d351d4
	SHA256	e0baea59e60ebe7314040be8ea38d205475610fb32d1ec626df6093953d766fe
SSDeep	1536:rTIQjfhCHXAGqb7tS9KX+x5NKGeTdGh38aZl05kKV:XIQzhCHuFiKdTdZR5kK
Size	61440 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Menti Panda = Suspicious file Rising = Trojan.Win32.Generic.127B9006 nProtect = Trojan/W32.Agent.61440.BYZ K7AntiVirus = Riskware VBA32 = AdWare.SuperJuan.heur eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_KRYPTK.SMUW Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Vundo McAfee-GW-Edition = Artemis!F55C8915E437 DrWeb = Trojan.Siggen2.31637 TrendMicro = TROJ_KRYPTK.SMUW Kaspersky = Trojan.Win32.Menti.bdw Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr Jiangmin = Trojan/Generic.ctws McAfee = Artemis!F55C8915E437 F-Secure = Trojan.Generic.5362323 VIPRE = Trojan.Win32.Kryptik.laq (v) eSafe = Win32.TRVundo F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Cryptic.BTF Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Trojan.Generic.5362323 Symantec = Trojan.Gen.2 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.jhe BitDefender = Trojan.Generic.5362323 NOD32 = a variant of Win32/Kryptik.JHE
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:03:24 08:50:40-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 18944 Initialized Data Size : 78336 Uninitialized Data Size : 0 Entry Point : 0x5784 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.1830 Product Version Number : 5.2.3790.1830 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 6 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : MS Remote Access and Routing ARP Driver File Version : 5.2.3790.1830 (srv03_sp1_rtm.050324-1447) Internal Name : WANARP.SYS Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : WANARP.SYS Product Name : Microsoft® Windows® Operating System Product Version : 5.2.3790.1830
VirusTotal Report submitted 2012-05-14 07:52:21
VirusShare info last updated 2012-07-26 09:37:21

	MD5	8e84995274fb66bb1ef1b9524109c4eb
	SHA1	2620d3796878802f6ca3c016d001baf00b45f2d7
	SHA256	e28ada155e2c28ca83b2c344199970d4a124d7a776317c72a87451f76ce011a9
SSDeep	3072:FEJAEZsaI0FM0qsrhG8DIFzy6tSNSRtGStqP8BRlbMqqDLy/5+QwzHuGvM7DtMD:Q/e0JtgGuGx6MqqDLu5
Size	180224 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-HF [Cryp] Ikarus = Trojan.Win32.Pirminay Panda = Suspicious file Rising = Trojan.Win32.Generic.1299F9BA K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!tIra4zOI8TA eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R01C7IQ Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Genome.wtui McAfee-GW-Edition = Artemis!8E84995274FB DrWeb = Trojan.WinSpy.1254 TrendMicro = TROJ_GEN.R01C7IQ Kaspersky = Trojan.Win32.Genome.wtui Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen McAfee = Artemis!8E84995274FB F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) eSafe = Win32.TRVundo F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.AAAI Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.13 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Gen:Variant.Vundo.13 NOD32 = probably a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:08:07 16:33:07-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 98304 Initialized Data Size : 126976 Uninitialized Data Size : 0 Entry Point : 0x14642 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1.0.0.6 Product Version Number : 1.0.0.6 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 1 Language Code : German Character Set : Unicode Company Name : Brother Industries LTD. File Description : File Version : 1, 0, 0, 6 (vbl_wcp_d2_drivers.060809-0623) Internal Name : brmzui03.dll Legal Copyright : Copyright © Brother Industries LTD., 2003 Original Filename : brmzui03.dll Product Name : BR HB UI Product Version : 1.00.0000.6
VirusTotal Report submitted 2012-05-13 06:06:53
VirusShare info last updated 2012-07-26 09:38:10

	MD5	689617e682665d1bb33577e73ce257de
	SHA1	4e4431ab8049623c14169bda39f18e8279cfd466
	SHA256	e3ca31d0a8a720bee1f2105c8ed14795670866f6a7df2fc0d838358cf6fde921
SSDeep	1536:4vziHCH6FOX4qM6evs/Vdc/SYUGDvPMpB5pLXn4T0w3QRuo+PEkZb:4WiagXpQSYUCMpBHXn4wwouo+Eab
Size	97792 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:MalOb-GD [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.HDC Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.13 K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_GEN.R01C2HM Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Generic.dx!bajv TrendMicro = TROJ_GEN.R01C2HM Kaspersky = UDS:DangerousObject.Multi.Generic Microsoft = Trojan:Win32/Vundo Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) eSafe = Win32.TRATRAPS F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic21.BEYM Norman = W32/Suspicious_Gen2.OWKML Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.13 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.nds BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.NDS
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:10 21:34:49-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 69632 Initialized Data Size : 69632 Uninitialized Data Size : 0 Entry Point : 0xe552 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 8.1.2714.0 Product Version Number : 8.1.2714.0 File Flags Mask : 0x003f File Flags : Pre-release, Private build File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : Neutral Character Set : Unicode Company Name : Stpyknuia Biydqgqpryk File Description : MS-IME IMEPad resource file(Traditional Chinese) File Version : 8.1.2714.0 Internal Name : IMEPADRS.DLL Legal Copyright : Copyright (C) 1995-2002 Cgtmawqbq Lgicizcbrbh. All rights reserved. Legal Trademarks : IdwahdlhzR is a registered trademark of Hijcobord Dgkogxkcmdc. Neawgiw(TM) is a trademark of Dseqrrjii Jvuthnnnatr Original Filename : IMEPADRS.DLL Product Name : Mghuwxmhn IME 2002a Product Version : 8.1.2714.0
VirusTotal Report submitted 2011-10-20 05:46:50
VirusShare info last updated 2012-07-26 09:38:50

	MD5	bfdea8e504095485304799b438ab0db1
	SHA1	a1252163d64ef4f79061116ce7729f6d05d37832
	SHA256	e5f57bf080830549713bb5a6d4531b4d52ed6125a03cc03baf8612fe1bba581c
SSDeep	1536:U4AwSC/UXuY28bQJjml9I3k3lQ36QDkUh1Jm:UBwx8b20QJj83lQ39kw
Size	49664 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.AV.472 Avast = Win32:MalOb-GH [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Trj/Genetic.gen nProtect = Trojan/W32.Small.49664.EE K7AntiVirus = Riskware VirusBuster = Trojan.Monder!FfjwZSnE3kI eTrust-Vet = Win32/Vundo.A!generic TrendMicro-HouseCall = TROJ_GEN.R72C2FI Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Vundo!kd DrWeb = Trojan.WinSpy.1071 TrendMicro = TROJ_GEN.R72C2FI Kaspersky = Trojan.Win32.Monder.mmiy Microsoft = Trojan:Win32/Vundo.gen!AV ViRobot = Trojan.Win32.Vundo.49664 Fortinet = W32/Kryptik.ANL!tr Jiangmin = Trojan/Generic.isio McAfee = Vundo!kd F-Secure = Trojan.Generic.6351717 VIPRE = Trojan.Win32.Kryptik.laq (v) AVG = Generic22.BIMA Norman = W32/Suspicious_Gen2.PZNKM Sophos = Troj/Virtum-Gen GData = Trojan.Generic.6351717 Symantec = WS.Reputation.1 TheHacker = Trojan/Kryptik.ocu BitDefender = Trojan.Generic.6351717 NOD32 = a variant of Win32/Kryptik.OCU
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2004:08:16 10:16:46-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 40960 Initialized Data Size : 49152 Uninitialized Data Size : 0 Entry Point : 0xaeb1 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2001.12.4414.258 Product Version Number : 3.0.0.4414 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Windows, Latin1 Company Name : Yzwibhlqj Ewifvhxbtkz File Description : Simple Kernel-mode File-based Log File Version : 2001.12.4414.258 Internal Name : txflog.sys Legal Copyright : Copyright (C) Microsoft Corp. 1995-1999 Legal Trademarks : Qfvwqsgxa(R) is a registered trademark of Ighyzngxg Psbzwdzhbpn. Pbnyczd(TM) is a trademark of Zlpagiibr Klpywuagrfb Product Name : COM Services Product Version : 03.00.00.4414
VirusTotal Report submitted 2011-09-28 15:35:52
VirusShare info last updated 2012-07-26 09:39:54

	MD5	ccc543c1fbe7c6f5de8b39ba6a2e4b22
	SHA1	f78263fb98d5c43160a2ff70f1461d71aef9fe31
	SHA256	e6e3e4cffc2ec0d7f3bd9043e7d912fd57e00ac95eb6cd1f481fe2d2a178feaf
SSDeep	3072:EBpZ4WfA+9Gt0OKrlZ/KnBHwdnMRwaDdSO:EE+9GSOKqBQVonN
Size	114688 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-GD [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.FakeAV Panda = Trj/Genetic.gen Rising = Trojan.Win32.Generic.128DACC0 K7AntiVirus = Riskware VBA32 = Trojan.Agent2.dtip eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R4FC2GB Emsisoft = Trojan.Win32.Pirminay!IK Comodo = TrojWare.Win32.Agent.onm CAT-QuickHeal = Trojan.Agent2.dtip SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[Cont] McAfee-GW-Edition = Vundo!kc DrWeb = Trojan.Siggen3.42285 TrendMicro = TROJ_GEN.R4FC2GB Kaspersky = Trojan.Win32.Agent2.dtip Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Agent.evtk McAfee = Vundo!kc F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) eSafe = Win32.TRVundo F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.ONM Norman = W32/Suspicious_Gen2.PRFOB Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.13 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.ndi BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.NDI
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:09:23 03:29:11-04:00 PE Type : PE32 Linker Version : 5.12 Code Size : 45056 Initialized Data Size : 102400 Uninitialized Data Size : 0 Entry Point : 0x8131 OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.0.2134.1 Product Version Number : 5.0.2134.1 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Drdqvcasxqo File Description : Control Panel Console Applet File Version : 5.00.2134.1 Internal Name : Console Legal Copyright : Copyright (C) Tpfkytyvm Corp. 1981-1999 Original Filename : CONSOLE.DLL Product Name : Vhnvgfrur(R) Pnqxxto (R) 2000 Wqrkstcaa Jqirqf Product Version : 5.00.2134.1
VirusTotal Report submitted 2012-02-25 00:02:59
VirusShare info last updated 2012-07-26 09:40:22

	MD5	ac2b577c3964081f3fba1cada7537802
	SHA1	bbe18d1a75ff64bebd992626532e1bb81aed8067
	SHA256	e851e2642775c0f1132edcd63523268e2a81abe4b1eb622aa8a930fac9bcf2cf
SSDeep	1536:3R2v14s61TdoaaiL5W2yLnu2k2UXl5pTn:ktn6TdotcZJ2SXlD
Size	49664 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.A.423 Avast = Win32:MalOb-EI Antiy-AVL = Trojan/win32.agent.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Menti Panda = Trj/CI.A Rising = Trojan.Win32.Generic.12704923 nProtect = Gen:Variant.Vundo.5 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!jp2gGBN0NtY VBA32 = AdWare.SuperJuan.heur TrendMicro-HouseCall = TROJ_GEN.R47C2A8 Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Vundo McAfee-GW-Edition = Vundo!gw DrWeb = Trojan.Siggen2.12319 TrendMicro = TROJ_GEN.R47C2A8 Kaspersky = Trojan.Win32.Menti.akr Microsoft = Trojan:Win32/Vundo PCTools = Trojan.Gen McAfee = Vundo!gw F-Secure = Trojan.Generic.5325416 VIPRE = Trojan.Win32.Vundo Avast5 = Win32:MalOb-EI AVG = Cryptic.BTF Norman = W32/Suspicious_Gen2.IBFES Sophos = Mal/Generic-L Symantec = Trojan.Gen GData = Trojan.Generic.5325416 BitDefender = Trojan.Generic.5325416 NOD32 = a variant of Win32/Kryptik.JHE
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2002:08:22 22:50:22-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 6656 Initialized Data Size : 78848 Uninitialized Data Size : 0 Entry Point : 0x2654 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1.2.0.6 Product Version Number : 1.2.0.6 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Unicode Company Name : VMware, Inc. File Description : VMware SCSI Controller Driver File Version : 1.2.0.6 Internal Name : vmscsi.sys Legal Copyright : Copyright © 1998-2006 VMware, Inc. Original Filename : vmscsi.sys Product Name : VMware SCSI Controller Driver Product Version : 1.2.0.6
VirusTotal Report submitted 2011-06-30 14:03:39
VirusShare info last updated 2012-07-26 09:41:14

	MD5	4b18b0241df205d76ba9c2fbaceb31d5
	SHA1	255f17a247dcaf373f74aa6fb3b10dc8500938b6
	SHA256	ea1dd4737f29bdb8211e0f25256babbe1bb495a36acfc4e3d77681c504d3d9d4
SSDeep	6144:N5GWL7weEqLuXsIUP7txm0zzVlu+la9auw6JLZ6yeTC4IgIW4y:MLsIuXmoBo+6aQtneT8gZb
Size	333813 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Pirminay.day VBA32 = SScope.Trojan.Pirminay.chc AVG = Generic21.KJA GData = Gen:Trojan.Heur.RP.uq1@aq8!VXji BitDefender = Gen:Trojan.Heur.RP.uq1@aq8!VXji NOD32 = a variant of Win32/Kryptik.JVO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:02:01 11:22:13-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 32768 Initialized Data Size : 593920 Uninitialized Data Size : 0 Entry Point : 0x874c OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6001.18000 Product Version Number : 6.0.6001.18000 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Windows Firewal ICF Settings Upgrade File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840) Internal Name : icfupgd.dll Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : icfupgd.dll Product Name : Microsoft® Windows® Operating System Product Version : 6.0.6001.18000
VirusTotal Report submitted 2011-02-17 21:04:05
VirusShare info last updated 2012-07-26 09:42:13

	MD5	d893ba7706ea63e6e9bc27f3a236bed8
	SHA1	6e269cb7530f9a660b3c303333f6b5c503bfa553
	SHA256	eac241eaba7463a657277595c90b87216d6dbe201170bfecef1edb581b9e7482
SSDeep	3072:WrAdPBoUyxX0+AR7092SSh3fxEfYGEMiME9gHA5VZR8FPFeOLiaI0lttGIZjOqHc:JjyVdARQjSdfZaiv9HVcFbtjOqR71gF
Size	312369 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Pirminay.bks Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Swisyn.312369 Panda = Suspicious file nProtect = Gen:Variant.Buzy.550 VBA32 = SScope.Trojan.Pirminay.chc TrendMicro-HouseCall = TROJ_GEN.R28C2BE TrendMicro = TROJ_GEN.R28C2BE Kaspersky = Trojan.Win32.Pirminay.djp Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = PossibleThreat PCTools = HeurEngine.MaliciousPacker Jiangmin = Trojan/Pirminay.hc VIPRE = Trojan.Win32.Generic!BT Prevx = Medium Risk Malware Avast5 = Win32:Malware-gen AVG = Generic20.BGDN Norman = W32/Obfuscated.L Symantec = Packed.Generic.305 GData = Backdoor.Generic.552986 TheHacker = Trojan/Downloader.Agent.pxo BitDefender = Backdoor.Generic.552986 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:11:10 10:19:14-05:00 PE Type : PE32 Linker Version : 5.12 Code Size : 24576 Initialized Data Size : 564736 Uninitialized Data Size : 0 Entry Point : 0x6b12 OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.4.3790.0 Product Version Number : 6.4.3790.0 File Flags Mask : 0x30003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Windows, Latin1 Company Name : Microsoft Corporation File Description : DirectShow Runtime. File Version : 6.04.3790.0 Internal Name : QCap.dll Legal Copyright : Copyright (C) 1992-2001 Microsoft Corp. Original Filename : QCap.dll Product Name : DirectShow Product Version : 6.04.3790.0 Direct Show : Core OLE Self Register : DXM20
VirusTotal Report submitted 2011-03-17 00:35:38
VirusShare info last updated 2012-07-26 09:42:33

	MD5	1adf8cb67e949332a92419719910593e
	SHA1	70f3ba59fa81631af47540ebfbb66180a69c45e4
	SHA256	eaf324166f7f805984fa5d7b91876323255c122c91f0dd52c69da481da0a7f9e
SSDeep	1536:8c0kol538QTkij0J3+B7XGl1/AAqypHuZm1vV6hoFtDi9TlSugv2NvIY7:MxnTkVJYXGl1obkuZqvV6C8lSuQsn7
Size	102400 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/Win32.Monder.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Suspicious file K7AntiVirus = Riskware VirusBuster = Adware.Virtumonde!IZqhVcyNFrs VBA32 = Trojan.Monder.mubf eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R30C2IK Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Vundo.av McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.Virtumod.10517 TrendMicro = TROJ_GEN.R30C2IK Kaspersky = Trojan.Win32.Monder.mubf Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.jfwo McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) eSafe = Win32.TRVundo F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic21.ARII Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.13 Symantec = Trojan.Gen.2 Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Gen:Variant.Vundo.13 NOD32 = Win32/Adware.Virtumonde
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:01:31 10:36:12-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 45056 Initialized Data Size : 90112 Uninitialized Data Size : 0 Entry Point : 0x89d1 OS Version : 4.0 Image Version : 21315.20512 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Lcdarmnfp Bbvykntnwyg File Description : SQL Client Configuration Utility DLL File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : cliconfg.dll Legal Copyright : © Yjbxucpjz Bvpsnpmsisr. All rights reserved. Original Filename : cliconfg.dll Product Name : Ktbxtkunr® Emetvyc® Yfsagmsjl Gggstp Product Version : 6.1.7600.16385
VirusTotal Report submitted 2012-02-14 23:26:49
VirusShare info last updated 2012-07-26 09:42:39

	MD5	f7b5e9a8d76e0ac2156552ba0e97bf7e
	SHA1	28bfbf7aa7779f9113248e82fd3677795c947b27
	SHA256	ebdfb0efdbc6f1ad108614a079c50fda8e7a93d63ab7fed96734b24307211549
SSDeep	3072:gQBrkuy3lCumhB1SX1ShleRNAuhGMovZ0a1n8DOn/MqqDLy/7nqR8b:jkucmhjSlS2rfGJ0jDOUqqDLu7
Size	180224 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:Pirminay-BU Ikarus = Trojan.Win32.Pirminay Panda = Suspicious file Rising = Trojan.Win32.Generic.1289D33E nProtect = Gen:Variant.Vundo.4 VirusBuster = Trojan.Vundo.Gen!Pac.49 TrendMicro-HouseCall = TROJ_GEN.R04C2GF Emsisoft = Trojan.Win32.Pirminay!IK DrWeb = Trojan.MulDrop2.36782 TrendMicro = TROJ_GEN.R04C2GF Microsoft = Trojan:Win32/Vundo.gen!AV F-Secure = Gen:Variant.Vundo.4 VIPRE = Virtumonde Avast5 = Win32:Pirminay-BU AVG = Generic23.KBG GData = Gen:Variant.Vundo.4 TheHacker = Trojan/Kryptik.oxp BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.OXP
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2004:07:11 15:22:28-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 86016 Initialized Data Size : 135168 Uninitialized Data Size : 0 Entry Point : 0x119ca OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.3959 Product Version Number : 5.2.3790.3959 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Microsoft Server Appliance Services File Version : 5.2.3790.3959 (srv03_sp2_rtm.070216-1710) Internal Name : APPSRVCS.DLL Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : APPSRVCS.DLL Product Name : Microsoft® Windows® Operating System Product Version : 5.2.3790.3959
VirusTotal Report submitted 2011-07-18 19:22:28
VirusShare info last updated 2012-07-26 09:43:08

	MD5	54146319a487aad54080c403ef2daf33
	SHA1	7fd639c84e73aadb649b3e32277a4f7f4806a7c1
	SHA256	ec19bf8cff42b49dbff659d7c9f1109514f55dccef3262f5cf087670b59a43a2
SSDeep	12288:8KxCvJdTkIHsAFjWiIMDkXxlRNGbo9f6wDnJMs:8K8PvsojWyDkXXqo11Ms
Size	401846 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.ZPACK.Gen2 Avast = Win32:Malware-gen Ikarus = Gen.Variant.Vundo AhnLab-V3 = Win-Trojan/Swisyn.401846 Panda = Suspicious file K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_DLOADR.SMWQ Emsisoft = Gen.Variant.Vundo!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Downloader-CEW.ag TrendMicro = TROJ_DLOADR.SMWQ Kaspersky = Trojan.Win32.Pirminay.dhc Microsoft = TrojanDownloader:Win32/Renos.KC Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen McAfee = Downloader-CEW.ag F-Secure = Gen:Variant.Riern.1 VIPRE = Trojan.Win32.Generic!BT F-Prot = W32/MalwareF.XZTK AVG = Generic21.MAV Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen Symantec = Trojan.Gen GData = Gen:Variant.Riern.1 Commtouch = W32/MalwareF.XZTK BitDefender = Gen:Variant.Riern.1 NOD32 = a variant of Win32/Kryptik.JZC
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:11:15 16:47:22-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 106496 Initialized Data Size : 569344 Uninitialized Data Size : 0 Entry Point : 0x1a46c OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 3.520.7713.0 Product Version Number : 3.520.7713.0 File Flags Mask : 0x0003 File Flags : (none) File OS : Win32 Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Microsoft Data Access - ODBC Code Page Translator File Version : 3.520.7713.0 built by: Lab06_N(dagbuild) Internal Name : mscxpl32.dll Legal Copyright : Copyright (C) Microsoft Corporation 1990-2000 Original Filename : mscxpl32.dll Product Name : Microsoft Open Database Connectivity Product Version : 3.520.7713.0
VirusTotal Report submitted 2012-05-26 22:17:29
VirusShare info last updated 2012-07-26 09:43:14

	MD5	4e8d0d027f377286bb3405be1749073d
	SHA1	a9725971e4a2d73304bbf591716d6638fe31f06f
	SHA256	ec7ed7aaa6374e90e7ef816351d6394ea8f19a964c396b6378ca029d48857824
SSDeep	6144:WC1iaLZTc3ttvMc1C/FSbB1ampKSbPyfbxjid:WC15ql1C/FS/ppHbP2bx+d
Size	220217 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:Trojan-gen Ikarus = Trojan-Downloader.Win32.Ponmocup AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/CI.A TrendMicro-HouseCall = TROJ_GEN.R3EC2HR Emsisoft = Trojan-Downloader.Win32.Ponmocup!IK Comodo = TrojWare.Win32.Trojan.Agent.Gen McAfee-GW-Edition = Generic.evx!r DrWeb = Trojan.DownLoader4.48633 Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Evx.R!tr Jiangmin = Trojan/Generic.kfzm McAfee = Generic.evx!r VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Trojan-gen AVG = Dropper.Generic4.AGTC Norman = W32/Obfuscated.L GData = Win32:Trojan-gen NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 16384 Initialized Data Size : 208896 Uninitialized Data Size : 0 Entry Point : 0x12b2 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.0.0.3422 Product Version Number : 2.0.0.3422 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : Arabic Character Set : Unicode Comments : Company Name : Wjkmhcrli Smzkytjdmob File Description : Rlalnaciy Agent International Dll File Version : 2.00.0.3422 Internal Name : agt0401 Legal Copyright : Copyright (C) Microsoft Corp. 1998 Legal Trademarks : Original Filename : agt0401.dll Private Build : Product Name : Ugwfssxnv Agent International Dll Product Version : 2.00.0.3422 Special Build :
VirusTotal Report submitted 2011-08-31 23:50:37
VirusShare info last updated 2012-07-26 09:43:29

	MD5	3558804e5a8ef43ccb5f17b8f38ce78d
	SHA1	076ce775e99baf12172a7b730c1bc9c602ad889d
	SHA256	ece613d00907df45a614d9cff1b99bcc54a57c5071740b57db0fe29e9c817f9e
SSDeep	1536:eq4vR0WFckIKid62fl/wWbesHFfhZVPiFjkYNZ1:iWK187RTLiFjkYNZ1
Size	69632 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.A.180 Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Adware/Win32.SuperJuan Panda = Suspicious file Rising = Trojan.Win32.Generic.1252E1E0 nProtect = Trojan/W32.Agent.69632.AQL K7AntiVirus = Riskware VirusBuster = Trojan.Agent!aaMBitd0oeA VBA32 = Trojan.Agent.rsm TrendMicro-HouseCall = TROJ_GEN.R47C1LI Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Vundo.av McAfee-GW-Edition = Generic.dx!uol DrWeb = Trojan.Juan.425 TrendMicro = TROJ_GEN.R47C1LI Kaspersky = not-a-virus:AdWare.Win32.SuperJuan.xpu Microsoft = Trojan:Win32/Vundo.gen!AV PCTools = Trojan.Gen Jiangmin = Adware/SuperJuan.gm McAfee = Generic.dx!uol F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Vundo Prevx = High Risk Fraudulent Security Program Avast5 = Win32:Malware-gen F-Prot = W32/Virtumonde.BZ.gen!Eldorado AVG = Agent2.BSYW Norman = W32/Suspicious_Gen2.EUKGH Sophos = Mal/Generic-L Symantec = Trojan.Gen GData = Gen:Variant.Vundo.13 Commtouch = W32/Virtumonde.BZ.gen!Eldorado TheHacker = Trojan/Agent.rsm BitDefender = Gen:Variant.Vundo.13 NOD32 = Win32/Agent.RSM
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:21 18:33:19-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 27648 Initialized Data Size : 74752 Uninitialized Data Size : 0 Entry Point : 0x7a31 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.1830 Product Version Number : 5.2.3790.1830 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : OpenGL Utility Library DLL File Version : 5.2.3790.1830 (srv03_sp1_rtm.050324-1447) Internal Name : glu32 Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : glu32 Product Name : Microsoft® Windows® Operating System Product Version : 5.2.3790.1830
VirusTotal Report submitted 2011-05-19 04:21:46
VirusShare info last updated 2012-07-26 09:43:39

	MD5	2c818f721d4a1835d1a0e9b0906c9c06
	SHA1	a4e3d86e20de7f4c5f349ed85d5386efdf4f58aa
	SHA256	f14e612463b4001c0e6fc57c0ba66f409f31844ca7bec55d95e2c2cf23a649dd
SSDeep	1536:bSYv0G2yXJ/m7dlAkf+0BGIjjJUTYGQehLzto+767FWWXZZWxXI8Ddze:bX2HlAijjWTRztrUXpZW5JDdze
Size	97792 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Pirminay Panda = Suspicious file Rising = Trojan.Win32.Generic.128F3A54 nProtect = Trojan/W32.Agent.97792.FK K7AntiVirus = Riskware VirusBuster = Trojan.Genome!Iancszs3JqU VBA32 = Trojan.Genome.obwb eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R2FC2IO Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Vundo!ha DrWeb = Trojan.Click1.43075 TrendMicro = TROJ_GEN.R2FC2IO Kaspersky = Trojan.Win32.Genome.obwb Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Genome.ipb McAfee = Vundo!ha F-Secure = Trojan.Agent.AQPW VIPRE = Trojan.Win32.Kryptik.laq (v) eSafe = Win32.TRVundo F-Prot = W32/Virtumonde.BZ.gen!Eldorado AVG = Crypt_c.BDQ Norman = W32/Kryptik.AIF Sophos = Mal/Generic-L GData = Trojan.Agent.AQPW Symantec = Trojan.Gen Commtouch = W32/Virtumonde.BZ.gen!Eldorado TheHacker = Trojan/Genome.obwb BitDefender = Trojan.Agent.AQPW NOD32 = a variant of Win32/Kryptik.GND
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:01 07:51:19-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 88064 Initialized Data Size : 45056 Uninitialized Data Size : 0 Entry Point : 0x165f7 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Windows Media Video Decoder File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : wmvdecod.dll Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : wmvdecod.dll Product Name : Microsoft® Windows® Operating System Product Version : 6.1.7600.16385 Ole Self Register :
VirusTotal Report submitted 2012-02-26 16:41:30
VirusShare info last updated 2012-07-26 09:45:58

	MD5	c643e2f86a91ce3f85801fec8f2a4542
	SHA1	894fbd22d403c4072207198a42b0ea32a5aa7715
	SHA256	f2718a8452d335f2e8ba2dc02e69ef7ce4997c913b2ec5153bc237058511116a
SSDeep	3072:eo0tooB1/wYTVXafb0nNRAOZdBLTntGqRJys6ZLUmggpok5aiZKy:eVooB1RByQnHAm/tPRJysjXgptR
Size	167424 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay Panda = Suspicious file nProtect = Gen:Variant.Renos.61 K7AntiVirus = Riskware VBA32 = AdWare.SuperJuan.xfx TrendMicro-HouseCall = TROJ_GEN.R4FC2IL Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Vundo McAfee-GW-Edition = Artemis!C643E2F86A91 DrWeb = Trojan.Virtumod.10230 TrendMicro = TROJ_GEN.R4FC2IL Kaspersky = Trojan.Win32.Monder.myxu Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Monder.abdm McAfee = Artemis!C643E2F86A91 F-Secure = Gen:Variant.Renos.61 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Cryptic.BPO Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Renos.61 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Monder.mmfz BitDefender = Gen:Variant.Renos.61 NOD32 = a variant of Win32/Kryptik.IZC
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:01:20 08:32:59-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 116736 Initialized Data Size : 86528 Uninitialized Data Size : 0 Entry Point : 0x1d5d4 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Windows Management Interface for ACPI File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : wmiacpi.sys Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : wmiacpi.sys Product Name : Microsoft® Windows® Operating System Product Version : 6.1.7600.16385
VirusTotal Report submitted 2011-10-30 05:41:01
VirusShare info last updated 2012-07-26 09:46:38

	MD5	3909fab98a6a6c8b4e4e4f550127b8e7
	SHA1	b2b2457e5e4ecbc147cef67397205d2b003f5c06
	SHA256	f7df1568cd414bb0a157a98524ffd4626554512acf0d22226010aad6a91614d4
SSDeep	6144:idsFsLB3GbOnTFPv5vWh2B2MMSMzvkVktn5MYPH2V1ZWlR9:cLNNTVIsAPSMb04MMeqlR9
Size	299591 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Pirminay.cqn Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Malware.299591 Panda = Trj/CI.A nProtect = Gen:Variant.Zbot.34 K7AntiVirus = Riskware VirusBuster = Trojan.Pirminay!Y/QETZYNb3k VBA32 = SScope.Trojan.Pirminay.chc TrendMicro-HouseCall = TROJ_DLOADR.SMWQ Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Agent.bgen McAfee-GW-Edition = Downloader-CEW.ag DrWeb = Trojan.DownLoader4.48509 TrendMicro = TROJ_DLOADR.SMWQ Kaspersky = Trojan.Win32.Pirminay.mdb Microsoft = TrojanDownloader:Win32/Renos.KC Fortinet = PossibleThreat PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.ju McAfee = Downloader-CEW.ag F-Secure = Gen:Variant.Zbot.34 VIPRE = Trojan.Win32.Generic!BT AVG = Generic21.JAY Norman = W32/Obfuscated.L Sophos = Troj/Virtum-Gen GData = Gen:Variant.Zbot.34 Symantec = Trojan.Gen TheHacker = Trojan/Pirminay.csm BitDefender = Gen:Variant.Zbot.34 NOD32 = probably a variant of Win32/TrojanDownloader.Agent.FPVULED
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:03:09 19:32:23-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 266240 Initialized Data Size : 286720 Uninitialized Data Size : 0 Entry Point : 0x41a90 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 0.3.1536.0 Product Version Number : 1.0.2.82 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 1 Language Code : English (U.S.) Character Set : Unicode Company Name : CANON INC. File Description : Canon Inkjet Printer Driver File Version : 1.00.2.82 (vbl_wcp_d2_drivers.060831-0027) Internal Name : CNBO157.DLL Legal Copyright : Copyright CANON INC. 2006 All Rights Reserved Original Filename : CNBO157.DLL Product Name : Canon Inkjet Printer Driver Product Version : 1.00.2.82
VirusTotal Report submitted 2011-12-01 16:39:01
VirusShare info last updated 2012-07-26 09:49:32

	MD5	43d0448cf0d4b9027ed9b1cbc189a641
	SHA1	4cc576be1be7922be6662f474bf107fd607df51f
	SHA256	f8739190f9ecba50944e8fcf07f9aff98ed36c4808c6b9d0aeb7eae82c3d7cdf
SSDeep	3072:DzNoiw/RbywYBjJNvc/CNe1XvKlYoWQoZSwnrDyYIN4dY6Gax6qmLvpKsSGS22Lt:NBjHlNe1D52DqmvpKhGS22Lwq
Size	147456 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/Win32.Monder.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Suspicious file nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware VBA32 = AdWare.SuperJuan.heur eTrust-Vet = Win32/Monder.A!generic Emsisoft = Trojan.Win32.Pirminay!IK DrWeb = Trojan.Virtumod.10280 Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Menti.fam!tr PCTools = Trojan.Gen F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-EI [Cryp] F-Prot = W32/Virtumonde.CH.gen!Eldorado Norman = W32/Kryptik.AIF GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen.2 Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Adware.Virtumonde.NKL
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:06 00:32:23-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 90112 Initialized Data Size : 90112 Uninitialized Data Size : 0 Entry Point : 0x16584 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.0.2134.1 Product Version Number : 5.0.2134.1 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : TCP/IP Lpq Command File Version : 5.00.2134.1 Internal Name : lpq.exe Legal Copyright : Copyright (C) Microsoft Corp. 1981-1999 Original Filename : lpq.exe Product Name : Microsoft(R) Windows (R) 2000 Operating System Product Version : 5.00.2134.1
VirusTotal Report submitted 2011-09-13 02:53:41
VirusShare info last updated 2012-07-26 09:49:49

	MD5	070ef22e5204f93f7e801867e1fbda65
	SHA1	95596fe989fa09e6272fc3ca3ec6e0c0c14e722b
	SHA256	fb48f5f5ef182334f414c99d23aad86745b691ff5afda665dbff028ba280be05
SSDeep	3072:1QBRzdhoFHpLoAp5USplYz+P7A+VsHI6ESK92hljrvCddQnY5R8eInsNyjUhA1UY:1QBRzuoK8+Pt5F4hhY8eMYywhLZm
Size	233472 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Pirminay Panda = Suspicious file nProtect = Trojan/W32.Agent.233472.TZ K7AntiVirus = Riskware VBA32 = AdWare.SuperJuan.heur eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R28C2FJ Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Genome.tpob McAfee-GW-Edition = Vundo!jy DrWeb = Trojan.Click1.63476 TrendMicro = TROJ_GEN.R28C2FJ Kaspersky = Trojan.Win32.Genome.tpob Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Genome.aqsi McAfee = Vundo!jy F-Secure = Trojan.Generic.6146655 VIPRE = Trojan.Win32.Kryptik.laq (v) eSafe = Win32.Trojan F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic21.ALYS Norman = W32/Suspicious_Gen2.RESTM Sophos = Troj/Virtum-Gen GData = Trojan.Generic.6146655 Symantec = Trojan.Gen.2 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Genome.tpob BitDefender = Trojan.Generic.6146655 NOD32 = a variant of Win32/Kryptik.LLT
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:09:02 10:03:56-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 200704 Initialized Data Size : 65536 Uninitialized Data Size : 0 Entry Point : 0x31a6e OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 2 Language Code : Neutral Character Set : Unicode Company Name : Microsoft Corporation File Description : Bengali - Inscript (Legacy) Keyboard Layout File Version : 6.0.6000.16386 (vista_rtm.061101-2205) Internal Name : kbdinbe1 (3.13) Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : kbdinbe1.dll Product Name : Microsoft® Windows® Operating System Product Version : 6.0.6000.16386
VirusTotal Report submitted 2012-03-07 23:32:27
VirusShare info last updated 2012-07-26 09:51:00

	MD5	bc29123cc04bb053297bf6d0dfebc143
	SHA1	1c33f1ae821578a0028a2ecaf008c158be1d0270
	SHA256	fb75c781aa0d2d9fb455c965e8c429b76ded3e0c0f02a22bc1722e7996fbd54e
SSDeep	3072:GKKo+PhPiTx1fC50ScTKX54Tko8lnjqEOTjd:JKfprqIjIj
Size	147456 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-GD [Cryp] Antiy-AVL = Trojan/Win32.Delf.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Generic Trojan nProtect = Gen:Variant.Vundo.13 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!UYmmu4i6FGc VBA32 = AdWare.SuperJuan.heur eTrust-Vet = Win32/Monder.A!generic TrendMicro-HouseCall = TROJ_GEN.R11C2ER Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[Cont] McAfee-GW-Edition = Vundo!jr DrWeb = Trojan.Virtumod.10262 TrendMicro = TROJ_GEN.R11C2ER Kaspersky = Trojan.Win32.Monder.mmcs Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Monder.MMCS!tr PCTools = Trojan.Gen Jiangmin = TrojanDownloader.Delf.abmz McAfee = Vundo!jr F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic21.ASCK Norman = W32/Kryptik.AIF Sophos = Mal/Generic-L GData = Gen:Variant.Vundo.13 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.GND
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:26 13:42:50-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 86016 Initialized Data Size : 94208 Uninitialized Data Size : 0 Entry Point : 0x12651 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 4.10.0.1998 Product Version Number : 4.10.0.1998 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Windows, Latin1 Company Name : Elacfsggt Trnahxywymp File Description : Bezier Screen Saver File Version : 4.10.1998 Internal Name : BEZIER Legal Copyright : Copyright (C) Lorrkjfen Corp. 1991-1998 Original Filename : BEZIER.SCR Product Name : Jsoucuwow(R) Lexflgo(R) Oxzkzsbet Uqggiz Product Version : 4.10.1998
VirusTotal Report submitted 2011-09-28 15:29:54
VirusShare info last updated 2012-07-26 09:51:05

	MD5	d47d710282f266881283d8db5e522e91
	SHA1	67e97dacd82ecafa9f7db2673696ff0cd4382023
	SHA256	fd84fe6270380bcb5150ff3a8249fbe60007defc2f32e656ec48757384e4d18e
SSDeep	3072:1kimkOQo1v+qIkEEOd4FhCYpkcha1JDzcY7H519j3Dg:TBOQo12UEEW4XrprhaNH515
Size	114176 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Suspicious file K7AntiVirus = Riskware eTrust-Vet = Win32/Vundo.H!generic Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Vundo.AV6 SUPERAntiSpyware = Trojan.Agent/Gen-Carberp DrWeb = Trojan.Virtumod.10080 Kaspersky = Trojan.Win32.Monder.nqgj Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr Jiangmin = Trojan/Monder.abbr F-Secure = Gen:Variant.Renos.61 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CI.gen!Eldorado AVG = Cryptic.BQF Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Renos.61 Commtouch = W32/Virtumonde.CI.gen!Eldorado TheHacker = Trojan/Monder.mkhb BitDefender = Gen:Variant.Renos.61 NOD32 = a variant of Win32/Kryptik.JHE
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:03:22 14:25:14-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 66048 Initialized Data Size : 84992 Uninitialized Data Size : 0 Entry Point : 0x10e14 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : WMI Performance Reverse Adapter Resources File Version : 5.1.2600.0 (xpclient.010817-1148) Internal Name : WmiApRes.dll Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : WmiApRes.dll Product Name : Microsoft® Windows® Operating System Product Version : 5.1.2600.0
VirusTotal Report submitted 2012-03-26 23:44:50
VirusShare info last updated 2012-07-26 09:52:00

	MD5	0636879ee993e264b041d8d3d312702a
	SHA1	f04534bd6cfa31277be3f613f93689cf8ee9e584
	SHA256	fef40d006eafee8fa39fc9b72c952e91e65b15a254bbbd5bd2589293b46409a1
SSDeep	1536:Vw4Npf5hiCWWMd5GiLjFGYR2l9F1SdWfnF+Qn85uRlyMqqU+NV23S2Po:VbR5hdvcFGJlQdW9f8kRlyMqqDLy/Po
Size	106496 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:Pirminay-BU [Trj] Antiy-AVL = Trojan/Win32.Delf.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Genome Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.4 VirusBuster = Trojan.Kryptik!uQfJIcV3tcQ eTrust-Vet = Win32/Monder.A!generic TrendMicro-HouseCall = TROJ_GEN.R11C2IK Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Vundo!mj DrWeb = Trojan.MulDrop2.36782 TrendMicro = TROJ_GEN.R11C2IK Kaspersky = Trojan.Win32.Genome.vbgf Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen Jiangmin = TrojanDownloader.Delf.abna McAfee = Vundo!mj F-Secure = Gen:Variant.Vundo.4 VIPRE = Virtumonde AVG = Generic23.AOVK Norman = W32/Obfuscated.C2!genr GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen TheHacker = Trojan/Genome.sqcu BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.QGJ
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:09:07 22:36:33-04:00 PE Type : PE32 Linker Version : 6.0 Code Size : 36864 Initialized Data Size : 110592 Uninitialized Data Size : 0 Entry Point : 0x4c8e OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Skpmzzglk Corporation File Description : Japwccd Write File Version : 5.1.2600.0 (lusplhbl.010817-1148) Internal Name : write Legal Copyright : © Cgjeupiyp Pllcycjuauu. All rights reserved. Original Filename : write Product Name : Mvfgrdqcn® Ovzuisr® Optfepazy Mexelr Product Version : 5.1.2600.0
VirusTotal Report submitted 2011-10-07 19:20:08
VirusShare info last updated 2012-07-26 09:52:33

	MD5	2ae7768c93f537e6f6842cf837c885b7
	SHA1	dfecdcc69d86cbf5372240095ea187b5db521dfa
	SHA256	ff8fa1ba963008d87ef328ff2936fc457588365c90d90bc7b733e074d8b7fac0
SSDeep	12288:cYpP1o+I4kQIWEX1X+JczFygeSIkj85aES7aSlf+lCEn:BPq+zkDWvJEFTIkj85aES7/Glvn
Size	515102 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.XPACK.Gen Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Jorik.gen Ikarus = Trojan.Win32.Pirminay Panda = Suspicious file Rising = Trojan.Win32.Generic.1289B631 nProtect = Trojan.Generic.6246542 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!CnG7kPpyogs TrendMicro-HouseCall = TROJ_GEN.R72C2GH Comodo = TrojWare.Win32.Trojan.Agent.Gen Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[Cont] McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.Virtumod.10510 TrendMicro = TROJ_GEN.R72C2GH Kaspersky = Trojan.Win32.Jorik.Pirminay.pd Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Ponmocup.A PCTools = Trojan.Gen Jiangmin = Trojan/Generic.hrfr McAfee = Generic Malware.ms F-Secure = Trojan.Generic.6246542 VIPRE = Trojan.Win32.Generic!BT AVG = Generic23.AYFW Norman = W32/Kryptik.AIF Sophos = Mal/Ponmocup-A GData = Trojan.Generic.6246542 Symantec = Trojan.Gen TheHacker = Trojan/Kryptik.llt BitDefender = Trojan.Generic.6246542 NOD32 = a variant of Win32/Kryptik.LLT
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:06:19 03:19:42-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 491520 Initialized Data Size : 28672 Uninitialized Data Size : 585728 Entry Point : 0x106ee0 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Ptyzsuwud Ksiknauxiqf File Description : Run a DLL as an App File Version : 5.1.2600.0 (roumnrxn.010817-1148) Internal Name : rundll Legal Copyright : © Ifmpejuyw Kggvfyrtmut. All rights reserved. Original Filename : RUNDLL.EXE Product Name : Ryyxoyfog® Gkzppqa® Cgehoujor Tjjruj Product Version : 5.1.2600.0
VirusTotal Report submitted 2012-02-25 20:35:35
VirusShare info last updated 2012-07-26 09:52:51

	MD5	f6d656fecd5cc4559b9c1163a243a7c6
	SHA1	dfbe657982222e6735beee582549aafbbfdf3565
	SHA256	09326f60896940187441de2af41f875410b5f105e932b5327e5a18fe1d07b3b4
SSDeep	1536:pvv7NegBYUhirXQCz/bl+6iOyKDr2hYtMU7w7YwR3:5hYUdMl12K5Q
Size	98304 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-GD [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder K7AntiVirus = Riskware VirusBuster = Trojan.Monder!pIcFzaYdYJs TrendMicro-HouseCall = TROJ_GEN.R28C2G8 Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Vundo McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.WinSpy.1558 TrendMicro = TROJ_GEN.R28C2G8 Kaspersky = Trojan.Win32.Monder.mpll Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Monder.abef McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CD.gen!Eldorado AVG = Generic22.ZNK Norman = W32/Suspicious_Gen2.PNNKV Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CD.gen!Eldorado TheHacker = Trojan/Kryptik.ndi BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.NDI
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:06:30 10:11:52-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 20480 Initialized Data Size : 110592 Uninitialized Data Size : 0 Entry Point : 0x20c9 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7000.0 Product Version Number : 6.1.7000.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Ttbmtwjsq Magziqauxla File Description : Zwgmzsaid Base Smart Card Crypto Provider File Version : 6.1.7000.0 (winmain_win7beta.081212-1400) Internal Name : basecsp.dll Legal Copyright : © Vrznvwwzv Dboyduehdmp. All rights reserved. Original Filename : basecsp.dll Product Name : Jbfhhzscm® Jtdaxgv® Qvisjwtag Mivnrv Product Version : 6.1.7000.0
VirusTotal Report submitted 2012-06-19 18:34:11
VirusShare info last updated 2012-07-26 09:55:58

	MD5	dd5e5224725226fd73c4bf5cd871f4f7
	SHA1	1e9692a552162108748cd40677c9aa8c52a586b8
	SHA256	095d1781fb634fbb19080f851768281e4988297b107245fbeb21b60e634e6d9e
SSDeep	1536:LlQVCo93NhKhyMY1gIncjMYeDea4nAXHZUdWZl/+1X38Rr3:Ly3jKhnwnncjEeAX3lW1X3y3
Size	90112 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Suspicious file K7AntiVirus = Trojan TrendMicro-HouseCall = TROJ_GEN.R4FC3HO Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Monder.mvtu McAfee-GW-Edition = Vundo!ll DrWeb = Trojan.Virtumod.10493 TrendMicro = TROJ_GEN.R4FC3HO Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Monder.BMF!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Monder.abhh McAfee = Vundo!ll F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) AVG = Generic22.ZYH Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen Symantec = Trojan.Gen GData = Gen:Variant.Vundo.4 BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.NDI
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:01:18 20:20:46-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 57344 Initialized Data Size : 65536 Uninitialized Data Size : 0 Entry Point : 0xb4a1 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.5512 Product Version Number : 5.1.2600.5512 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Processor Device Driver File Version : 5.1.2600.5512 (xpsp.080413-2111) Internal Name : p3.sys Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : p3.sys Product Name : Microsoft® Windows® Operating System Product Version : 5.1.2600.5512
VirusTotal Report submitted 2012-06-19 18:36:06
VirusShare info last updated 2012-07-26 09:55:59

	MD5	780c8fdb17bb9c2b126cbeeb585276b0
	SHA1	d5b84886047597e3155d9c20ad9a0438104585a3
	SHA256	0fa7f23e7675f4544f9def7e57ef0167acc078237d8605eef8648a3e3c48fed8
SSDeep	3072:+wEJPf4yD874AxgqzO523/WjNwMRIFT0LHHRPy/ZFbipT8BLwCYBkuH0NNmqWn:fQf4y47Fgqz5WjNnLHIRFbipT8dwIuH9
Size	142336 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Menti Panda = Suspicious file nProtect = Trojan/W32.Agent.142336.DZ K7AntiVirus = Riskware VirusBuster = Trojan.Menti!XB4pK2CPkNY VBA32 = AdWare.SuperJuan.yiy TrendMicro-HouseCall = TROJ_GEN.R72C2F1 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Artemis!780C8FDB17BB DrWeb = Trojan.Siggen3.2677 TrendMicro = TROJ_GEN.R72C2F1 Kaspersky = Trojan.Win32.Menti.goyb Microsoft = Trojan:Win32/Vundo.gen!AV ViRobot = Trojan.Win32.A.Menti.142336 Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Menti.rw McAfee = Artemis!780C8FDB17BB F-Secure = Application.Generic.363226 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.BEXW Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Application.Generic.363226 Symantec = Trojan.Gen.2 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Menti.hfmc BitDefender = Application.Generic.363226 NOD32 = a variant of Win32/Adware.Virtumonde.NHH
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:08:17 13:29:23-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 126976 Initialized Data Size : 57344 Uninitialized Data Size : 0 Entry Point : 0x1fbea OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1.1.0.0 Product Version Number : 1.1.0.0 File Flags Mask : 0x003f File Flags : Private build, Special build File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : NikeDrv.sys Company Name : S3/Diamond Multimedia Systems File Description : NikeDrv Usb Driver File Version : 1.00.0000.0 Internal Name : NikeDrv.sys Legal Copyright : Coyright (C) S3/Diamond Multimedia Systems 2000 Legal Trademarks : S3/Diamond Multimsdia Systems Original Filename : NikeDrv.sys Private Build : 0 Product Name : NikeDrv Product Version : 1.00.0000.0 Special Build : 0
VirusTotal Report submitted 2012-06-19 20:13:31
VirusShare info last updated 2012-07-26 09:57:55

	MD5	dab3683e8b7dc356faa74921b5acf510
	SHA1	4661d27995ab96b52b1eb3a3a06238a8b05272a1
	SHA256	12bcd7fc5dd5a0dcff7269c01762b4783b493dc8d8be1ec1774ad1efd0ea13f1
SSDeep	3072:fxN0QRNxM5hRl6Tx3/mVkcZ0VxHHTe5/dM1:JNnR3ghRmgAVVzid
Size	121856 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay Panda = Suspicious file nProtect = Trojan/W32.Agent.121856.EP K7AntiVirus = Riskware VBA32 = AdWare.SuperJuan.yht TrendMicro-HouseCall = TROJ_GEN.R4FC3GL Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Monder.mtjl McAfee-GW-Edition = Generic.dx!baai DrWeb = Trojan.Virtumod.10476 TrendMicro = TROJ_GEN.R4FC3GL Kaspersky = Trojan.Win32.Monder.mtjl Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Dx.BAAI!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.H!generic Jiangmin = Adware/SuperJuan.if McAfee = Generic.dx!baai F-Secure = Trojan.Generic.6318761 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Cryptic.BTF Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen Symantec = Trojan.Gen.2 GData = Trojan.Generic.6318761 Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Trojan.Generic.6318761 NOD32 = a variant of Win32/Kryptik.JHE
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:22 04:35:55-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 107008 Initialized Data Size : 51200 Uninitialized Data Size : 0 Entry Point : 0x1af6e OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 8.0.50727.312 Product Version Number : 8.0.50727.312 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : Neutral Character Set : Unicode Comments : Microsoft.Vsa.dll Company Name : Microsoft Corporation File Description : Microsoft.Vsa.dll File Version : 8.0.50727.312 Internal Name : Microsoft.Vsa.dll Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : Microsoft.Vsa.dll Product Name : Microsoft (R) Visual Studio (R) 2005 Product Version : 8.0.50727.312 Assembly Version : 8.0.0.0
VirusTotal Report submitted 2012-06-19 21:02:56
VirusShare info last updated 2012-07-26 09:59:08

	MD5	eba0b13ebf02037473d485d48668777d
	SHA1	4b85a47bd3660a322cd12c6953b4850776ac31ca
	SHA256	1573deb4d56bc7e2836cda460889c9ca4a267e2cd77039f2984758f6ef4f15b5
SSDeep	1536:b/yU3NLVqhtHNc4/TM4JHlCLYo0tl4NEzOFXYDOWie0XwQlqfLvKYlgMqqU+NV2y:bD3NLchti4o4JEGzFOz9ylgMqqDLy/g
Size	106496 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-HH [Cryp] Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Vundo Panda = Suspicious file nProtect = Trojan/W32.Genome.106496.O K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!fuh1WEq+pVc TrendMicro-HouseCall = TROJ_GEN.R11C2GM Comodo = TrojWare.Win32.Agent.bigv Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Genome.vare McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.Click1.63759 TrendMicro = TROJ_GEN.R11C2GM Kaspersky = Trojan.Win32.Genome.vare Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Generic.imqp McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.BIGV Norman = W32/Suspicious_Gen2.TJLIS Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.13 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.qgj BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.QGJ
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2007:02:27 09:16:06-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 69632 Initialized Data Size : 77824 Uninitialized Data Size : 0 Entry Point : 0xd122 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6001.18000 Product Version Number : 6.0.6001.18000 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Akpnpwrcr Pexeeulhuca File Description : LSM interfaces proxy Dll File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840) Internal Name : lsmproxy Legal Copyright : © Tastipylf Ipxebkcrbut. All rights reserved. Original Filename : lsmproxy.dll Product Name : Rrgtnesae® Tymuurc® Qmgdoyonk Qtzlas Product Version : 6.0.6001.18000
VirusTotal Report submitted 2012-06-19 21:40:05
VirusShare info last updated 2012-07-26 09:59:42

	MD5	8d4846958b7fb0a2098150639675d399
	SHA1	752360af94c9d8365ca6f08b31de636fd81aa4d8
	SHA256	185bff7792289984f27668880c2a0e370c1f9835da1064593fbd8a9198637037
SSDeep	6144:z6ABWw6K4bAqR9qun8w/LJTq32o/4GgLF03:z6eJ4bAqrvnxdO32s1qW
Size	275989 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dldr.Ponmocup.A.17 Avast = Win32:Malware-gen Ikarus = Trojan-Downloader.Win32.Ponmocup AhnLab-V3 = Trojan/Win32.Pirminay Rising = Trojan.Win32.QHost.awg nProtect = Trojan.Generic.3883591 K7AntiVirus = Riskware VBA32 = Trojan-Downloader.Win32.Agent.dqpy TrendMicro-HouseCall = GRAY_Gen.CX46U3I Emsisoft = Trojan-Downloader.Win32.Ponmocup!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Win32.TrojanDownloader.Renos.KC.4 McAfee-GW-Edition = Generic Downloader.x!ebz TrendMicro = TROJ_GEN.R3BC2A9 Kaspersky = Trojan.Win32.Pirminay.zy Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Kryptik.ANL!tr PCTools = Downloader.Generic Jiangmin = TrojanDownloader.Ponmocup.a McAfee = Generic Downloader.x!ebz F-Secure = Trojan.Generic.3883591 VIPRE = Packed.Win32.Pirminay.a (v) F-Prot = W32/FakeAlert.LP.gen!Eldorado AVG = SHeur3.VXL Norman = W32/Kryptik.AIF GData = Trojan.Generic.3883591 Symantec = Downloader Commtouch = W32/FakeAlert.LP.gen!Eldorado TheHacker = Trojan/Agent.rdg BitDefender = Trojan.Generic.3883591 NOD32 = a variant of Win32/Agent.RDG
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:04:02 11:27:15-05:00 PE Type : PE32 Linker Version : 4.20 Code Size : 37888 Initialized Data Size : 465920 Uninitialized Data Size : 0 Entry Point : 0xa0a8 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6002.18005 Product Version Number : 6.0.6002.18005 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 6 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Remote NDIS Miniport File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830) Internal Name : RNDISMP.SYS Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : RNDISMP.SYS Product Name : Microsoft® Windows® Operating System Product Version : 6.0.6002.18005
VirusTotal Report submitted 2012-06-19 22:25:16
VirusShare info last updated 2012-07-26 10:00:51

	MD5	bbbb34849b4b4c1d4d9fda2de3e5eb71
	SHA1	8f56f0415a0fe93126da43049da7a52c95147a6f
	SHA256	24c4c5335cf53945fc0822f3a84fddd909f8aac9db00d65818dc3bf42cbd6541
SSDeep	1536:fCbZbS53mgCUSucoK5FWnew1DxCOrw7xi8/nP4Pa8jXLmoc:CW59CRuMQeQtFrCxVQC8jbnc
Size	64000 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/Win32.Monder.gen Ikarus = Trojan.Win32.Pirminay Panda = Suspicious file Rising = Trojan.Win32.Generic.125FDFD0 nProtect = Trojan/W32.Pirminay.64000 K7AntiVirus = Riskware VirusBuster = Trojan.Monder!0/wHy6VchXY VBA32 = Trojan.Pirminay.jwn TrendMicro-HouseCall = TROJ_GEN.R4FC2IC Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Vundo!mb Kaspersky = Trojan.Win32.Monder.mkfc Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr TotalDefense = Win32/Vundo.H!generic PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.gd McAfee = Vundo!mb VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.BZ.gen!Eldorado Norman = W32/Kryptik.AIF Symantec = Trojan.Gen GData = Gen:Variant.Vundo.13 Commtouch = W32/Virtumonde.BZ.gen!Eldorado BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.JHJ
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:04:28 23:26:36-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 23552 Initialized Data Size : 76288 Uninitialized Data Size : 0 Entry Point : 0x69bd OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.2600.0 Product Version Number : 6.0.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : ActiveX Interface Marshaling Library File Version : 6.00.2600.0000 (XPClient.010817-1148) Internal Name : ActXPrxy.dll Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : ActXPrxy.dll Product Name : Microsoft® Windows® Operating System Product Version : 6.00.2600.0000 Ole Self Register :
VirusTotal Report submitted 2012-06-21 19:49:17
VirusShare info last updated 2012-07-26 10:03:49

	MD5	4e3da4506f415e8c4b7231465a947b11
	SHA1	d72d7c54febdc0efdc3ba24e1cde17f88ad76aca
	SHA256	4055fbc2c15066cb6007879eb46868c63e2fc268e0adabb055ffa0d7a68fa88a
SSDeep	1536:Gs6vdkE1yEjHKK4b0rq9lmTJJhabHLWB2vDhBEQta0kQf:CdkayUKfB9lmFJhcLRre0kQf
Size	76800 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Trj/Genetic.gen nProtect = Trojan/W32.Monder.76800.C K7AntiVirus = Riskware VirusBuster = Trojan.Monder.Gen.7 TrendMicro-HouseCall = TROJ_GEN.R4FC2G6 Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Monder.mtuh McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.Click1.61036 TrendMicro = TROJ_GEN.R4FC2G6 Kaspersky = Trojan.Win32.Monder.mtuh Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Monder.BMF!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Monder.abee McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.YJO Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.ndi BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.NDI
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:06:29 07:32:37-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 32768 Initialized Data Size : 90112 Uninitialized Data Size : 0 Entry Point : 0x4add OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 2 Language Code : Neutral Character Set : Unicode Company Name : Microsoft Feyzmogvamr File Description : Greenlandic Keyboard Layout File Version : 6.0.6000.16386 (edkrn_rtm.061101-2205) Internal Name : kbdgrlnd (3.13) Legal Copyright : © Oscyawtxx Pxpucqjdtev. All rights reserved. Original Filename : kbdgrlnd.dll Product Name : Vhrnqseir® Eipvpsk® Bxmonqxom Vrwqts Product Version : 6.0.6000.16386
VirusTotal Report submitted 2012-06-20 06:43:21
VirusShare info last updated 2012-07-26 10:12:06

	MD5	0d473935a7462a217087d56686dcd22a
	SHA1	e902acfd3e542898109a779b23150c03c364a931
	SHA256	462141e1df29861160befb72b60e9abb2f275f8e81955fc7cd2c340d4ddfee67
SSDeep	1536:BgBfWnkJHXjGhttS9KX+x5NKGeTdGh38aZl0XkKV:BgB+nkJH6ziKdTdZRXkK
Size	61440 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/Win32.Menti.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Menti Panda = Suspicious file nProtect = Trojan/W32.Agent.61440.BYZ K7AntiVirus = Riskware VBA32 = AdWare.SuperJuan.heur TrendMicro-HouseCall = TROJ_KRYPTK.SMUW Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Menti.hnif SUPERAntiSpyware = Trojan.Agent/Gen-Vundo McAfee-GW-Edition = Artemis!0D473935A746 DrWeb = Trojan.Siggen2.31637 TrendMicro = TROJ_KRYPTK.SMUW Kaspersky = Trojan.Win32.Menti.hnif Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Generic.ctws McAfee = Artemis!0D473935A746 F-Secure = Gen:Variant.Vundo.6 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Cryptic.BTF Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.6 Symantec = Trojan.Gen.2 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.jhe BitDefender = Gen:Variant.Vundo.6 NOD32 = a variant of Win32/Kryptik.JHE
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:03:24 08:50:40-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 18944 Initialized Data Size : 78336 Uninitialized Data Size : 0 Entry Point : 0x5784 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.1830 Product Version Number : 5.2.3790.1830 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 6 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : MS Remote Access and Routing ARP Driver File Version : 5.2.3790.1830 (srv03_sp1_rtm.050324-1447) Internal Name : WANARP.SYS Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : WANARP.SYS Product Name : Microsoft® Windows® Operating System Product Version : 5.2.3790.1830
VirusTotal Report submitted 2012-06-20 08:07:55
VirusShare info last updated 2012-07-26 10:14:40

	MD5	0e4980a2d492cadeab862fd20e42b698
	SHA1	c98c2ca4513272b4f44fe01f861f67f82cb22aca
	SHA256	4c2d56f982092432cf172fd75d757543bef7767737233b76461ccaab0169be9a
SSDeep	768:sqcsJzCHstbxfniNvmYAVFixrNN58uliZ+0cGoGbmx1GLlKMPoJKMlkjCW/xOHZQ:s0JRni5mtaVJhcYGo4hfP4ejlw/+t
Size	63488 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Genome Panda = Suspicious file Rising = Trojan.Win32.Generic.1252D7BD nProtect = Trojan/W32.Agent.63488.JD K7AntiVirus = Riskware VirusBuster = Adware.Virtumonde!ILMt7LoHfSg TrendMicro-HouseCall = TROJ_GEN.R21C1HK Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Genome.tqze McAfee-GW-Edition = Artemis!0E4980A2D492 DrWeb = Trojan.Smardec.54 TrendMicro = TROJ_GEN.R21C1HK Kaspersky = Trojan.Win32.Genome.tqze Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Genome.ijs McAfee = Artemis!0E4980A2D492 F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.BZ.gen!Eldorado AVG = Generic24.AJOU Norman = W32/Kryptik.AIF Sophos = Mal/Generic-L GData = Gen:Variant.Vundo.13 Symantec = Trojan.Gen.2 Commtouch = W32/Virtumonde.BZ.gen!Eldorado BitDefender = Gen:Variant.Vundo.13 NOD32 = Win32/Adware.Virtumonde.NHD
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:11:01 16:54:42-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 24064 Initialized Data Size : 75264 Uninitialized Data Size : 0 Entry Point : 0x6c6d OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 2 Language Code : Neutral Character Set : Unicode Company Name : Microsoft Corporation File Description : Georgian Keyboard Layout File Version : 6.0.6000.16386 (vista_rtm.061101-2205) Internal Name : kbdgeo (3.13) Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : kbdgeo.dll Product Name : Microsoft® Windows® Operating System Product Version : 6.0.6000.16386
VirusTotal Report submitted 2012-06-20 09:26:17
VirusShare info last updated 2012-07-26 10:17:08

	MD5	c7ad51732aa729f32695bd0f40ae15de
	SHA1	c470728b425f69c19bf862f22d890ff72dd6ed3b
	SHA256	4e2acffae00d151d91fdcca93487fd7408c5f4ab92eceabe46b8490c2a92ec82
SSDeep	6144:DPqo97zVRqsZnoaZP+MS9dCOPr1ZVZWoqkqX8gmefozdAxY:DP99NRqOoaZ2H3dPpZHZqX8KAmxY
Size	229270 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.ZPACK.Gen Avast = Win32:Downloader-JIF [Trj] Ikarus = Trojan.Win32.Jorik AhnLab-V3 = Trojan/Win32.Jorik Panda = Trj/Genetic.gen K7AntiVirus = Riskware VirusBuster = Trojan.Injector!rVLSmH1rlY8 VBA32 = TrojanDownloader.Qhost.jw TrendMicro-HouseCall = TROJ_RENOS.BMC Emsisoft = Trojan.Win32.Jorik!IK Comodo = TrojWare.Win32.Trojan.Agent.Gen CAT-QuickHeal = Trojan.Jorik.Pirminay.wx McAfee-GW-Edition = Generic Malware.ms TrendMicro = TROJ_RENOS.BMC Kaspersky = Trojan.Win32.Jorik.Pirminay.wx Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Jorik.K!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.hxys McAfee = Generic Malware.ms F-Secure = Trojan.Generic.6638696 VIPRE = Trojan.Win32.Generic!BT AVG = Dropper.Generic4.SBY Norman = W32/Obfuscated.L Sophos = Troj/Virtum-Gen Symantec = Trojan.Gen GData = Trojan.Generic.6638696 TheHacker = Trojan/Jorik.Pirminay.lh BitDefender = Trojan.Generic.6638696 NOD32 = a variant of Win32/Injector.HZU
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 221184 Initialized Data Size : 8192 Uninitialized Data Size : 32768 Entry Point : 0x3ea90 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Atdrtupku Cykchlnuhhu File Description : SCardDlg - Smart Card Common Dialog File Version : 5.1.2600.0 (lzxetkox.010817-1148) Internal Name : SCardDlg.dll Legal Copyright : © Xdvkdwplm Lthztkvuilh. All rights reserved. Original Filename : SCardDlg.dll Product Name : Cpscxhoyh® Uqltgvo® Tncqthbhx Jrypnh Product Version : 5.1.2600.0
VirusTotal Report submitted 2012-06-20 09:48:59
VirusShare info last updated 2012-07-26 10:17:55

	MD5	e4549258c6c4afdfa474b29ca0ce92c0
	SHA1	57d91ea0e4b757adc5b4b0464e91dd31eef6cc7c
	SHA256	50ae4743ade7783482006ae528c52ba194ec2f569b3cec67f530a2c4b8d43bb5
SSDeep	1536:43ESCOoGFfygdVPzvdfblHNw+LOJnk45Px9:2EdOoGFPdBBBu+LukQr
Size	70144 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-HH [Cryp] Antiy-AVL = Trojan/Win32.Monder.gen Ikarus = Trojan.Win32.Vundo AhnLab-V3 = Trojan/Win32.Pirminay Panda = Suspicious file Rising = Trojan.Win32.Generic.124E1B90 K7AntiVirus = Riskware VirusBuster = Trojan.Monder!oXeI+GuwT9A VBA32 = Trojan.Pirminay.acf TrendMicro-HouseCall = TROJ_GEN.R4FC2IF Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Vundo!IK CAT-QuickHeal = Trojan.Monder.myrx SUPERAntiSpyware = Trojan.Agent/Gen-Vundo McAfee-GW-Edition = Vundo!pt DrWeb = Trojan.Siggen2.7799 TrendMicro = TROJ_GEN.R4FC2IF Kaspersky = Trojan.Win32.Monder.myrx Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.HTN!genus Jiangmin = Trojan/Pirminay.dv McAfee = Vundo!pt F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.BZ.gen!Eldorado AVG = Generic_s.DA Norman = W32/Suspicious_Gen2.QTWAR Symantec = Trojan.Gen GData = Gen:Variant.Vundo.13 Commtouch = W32/Virtumonde.BZ.gen!Eldorado TheHacker = Trojan/Monder.mkeo BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.IRI
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2005:03:15 21:46:18-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 28672 Initialized Data Size : 77312 Uninitialized Data Size : 0 Entry Point : 0x7e07 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6001.18000 Product Version Number : 6.0.6001.18000 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Link-Layer Topology Mapper Service File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840) Internal Name : LLTDSVC.DLL Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : LLTDSVC.DLL Product Name : Microsoft® Windows® Operating System Product Version : 6.0.6001.18000
VirusTotal Report submitted 2012-06-20 10:18:58
VirusShare info last updated 2012-07-26 10:18:42

	MD5	ce795234fb2215bab3e58e8a56893b34
	SHA1	6de353d83155a49294b1b921cf256547123a3923
	SHA256	50bec6368d8700f377a49a286862ab9baeab54fd5640704283b6b111ae87ea22
SSDeep	1536:zkfrHoqpmggqFw1yqDh/5Yxlsc/JwwAUDN0pvuWHi1q/WcD+Ym:zkfzoqpmgHw1yqIlsOwwAKYvuWHi1Pc
Size	122880 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.AV.577 Avast = Win32:MalOb-GD [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Suspicious file K7AntiVirus = Riskware VirusBuster = Trojan.Vundo!c48DmoxerPE TrendMicro-HouseCall = TROJ_GEN.R45C2G8 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Monder.mkyb McAfee-GW-Edition = Artemis!CE795234FB22 DrWeb = Trojan.Virtumod.10251 TrendMicro = TROJ_GEN.R45C2G8 Kaspersky = Trojan.Win32.Monder.mkyb Microsoft = Trojan:Win32/Vundo.gen!AV ViRobot = Trojan.Win32.A.Monder.122880.N Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Monder.abyi McAfee = Artemis!CE795234FB22 F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.SW AVG = Generic22.VZI Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen Symantec = Trojan.Gen GData = Gen:Variant.Vundo.4 Commtouch = W32/Virtumonde.SW TheHacker = Trojan/Monder.mkog BitDefender = Gen:Variant.Vundo.4 NOD32 = probably a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:31 12:52:00-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 28672 Initialized Data Size : 126976 Uninitialized Data Size : 0 Entry Point : 0x4191 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.6.0.8820 Product Version Number : 5.6.0.8820 File Flags Mask : 0x0003 File Flags : (none) File OS : Win32 Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Zrrvjhlxa Xxkkdbbfipg File Description : Tzgjeklgi (r) Ubvnnpr Based Script Host File Version : 5.6.0.8820 Internal Name : wscript.exe Legal Copyright : Copyright © Iuhodjotu Corp. 2002 Original Filename : wscript.exe Product Name : Chdwcsmae (r) Wukkftq Script Host Product Version : 5.6.0.8820
VirusTotal Report submitted 2012-06-20 10:19:21
VirusShare info last updated 2012-07-26 10:18:42

	MD5	85ca5fcda1b99ca60c88103c2825769e
	SHA1	9124c5db2289fae03eb16f77fd74ceba710e8ddf
	SHA256	513d230cc73948a226e2d18132978fc71191807d951ee5076ec41e6abee27d17
SSDeep	6144:5/qcaa+E1TpJ2sOsTA3GpvcDZ4aUw12dY7dyCuz6NzbeqS:5icaaH2saEvc/QS7YF7qS
Size	293427 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dldr.Ponmocup.A.112 Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Dropper/Malware.293427 Panda = Trj/CI.A nProtect = Trojan.Generic.4974244 K7AntiVirus = Trojan VirusBuster = Trojan.Kryptik!2N4FThiFOX0 TrendMicro-HouseCall = TROJ_GEN.R11C2K9 Emsisoft = Trojan.Win32.Pirminay!IK Comodo = TrojWare.Win32.Trojan.Agent.Gen McAfee-GW-Edition = Generic Downloader.x!enh DrWeb = Trojan.WinSpy.945 TrendMicro = TROJ_GEN.R11C2K9 Kaspersky = Trojan.Win32.Pirminay.asb Microsoft = TrojanDownloader:Win32/Renos.KC Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen TotalDefense = Win32/Swisyn.ES Jiangmin = Trojan/Pirminay.fm McAfee = Generic Downloader.x!enh F-Secure = Trojan.Generic.4974244 VIPRE = Trojan.Win32.Generic!BT F-Prot = W32/MalwareF.RXTH AVG = Generic19.BHNE Norman = W32/Obfuscated.L GData = Trojan.Generic.4974244 Symantec = Trojan.Gen Commtouch = W32/MalwareF.RXTH TheHacker = Trojan/Pirminay.ase BitDefender = Trojan.Generic.4974244 NOD32 = a variant of Win32/Kryptik.HJZ
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:11:13 11:27:00-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 66560 Initialized Data Size : 445440 Uninitialized Data Size : 0 Entry Point : 0x11240 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 0.3.1536.0 Product Version Number : 1.0.2.82 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 1 Language Code : English (U.S.) Character Set : Unicode Company Name : CANON INC. File Description : Canon Inkjet Printer Driver File Version : 1.00.2.82 (vbl_wcp_d2_drivers.060831-0027) Internal Name : CNBO172.DLL Legal Copyright : Copyright CANON INC. 2006 All Rights Reserved Original Filename : CNBO172.DLL Product Name : Canon Inkjet Printer Driver Product Version : 1.00.2.82
VirusTotal Report submitted 2012-06-20 10:24:46
VirusShare info last updated 2012-07-26 10:18:47

	MD5	15d37286372ed0d2698619dae27d90e8
	SHA1	20d8565048c2799668f374d7ed41e5ba0b8d2c5a
	SHA256	5b8ad62b2f516f0e4cbc05aea55bc9c493b6bd5574adc1a29a231723c82779a2
SSDeep	3072:kR0l+1rYOHnhK66FyJSEMjvyR47jpqpQ4iR6Cprti8M0VCU0ArBYXZ14qFUJbmZm:k0NFUSHv/NjMgr1+wrBvqFUxmw
Size	211987 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Jorik Ikarus = Trojan-Downloader.Win32.Ponmocup AhnLab-V3 = Trojan/Win32.Pirminay Panda = Suspicious file nProtect = Trojan.Generic.6467575 K7AntiVirus = Trojan VirusBuster = Trojan.Injector!CEeHGBzq2ZE TrendMicro-HouseCall = TROJ_GEN.R28C2IL Emsisoft = Trojan-Downloader.Win32.Ponmocup!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Jorik.Pirminay.afc McAfee-GW-Edition = Heuristic.LooksLike.Win32.Suspicious.B DrWeb = Trojan.DownLoader4.48593 TrendMicro = TROJ_GEN.R28C2IL Kaspersky = Trojan.Win32.Jorik.Pirminay.afc Microsoft = Trojan:Win32/Vundo.gen!CD Fortinet = W32/Malware_fam.NB PCTools = Trojan.Gen Jiangmin = Trojan/Generic.kfqc McAfee = Artemis!15D37286372E F-Secure = Trojan.Generic.6467575 VIPRE = Trojan.Win32.Generic!BT AVG = Dropper.Generic4.AHWL Norman = W32/Suspicious_Gen2.RFDLI Sophos = Mal/Generic-L GData = Trojan.Generic.6467575 Symantec = Trojan.Gen TheHacker = Trojan/Injector.ivb BitDefender = Trojan.Generic.6467575 NOD32 = a variant of Win32/Kryptik.UFA
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 16384 Initialized Data Size : 204800 Uninitialized Data Size : 0 Entry Point : 0x1282 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 8.0.50727.1434 Product Version Number : 8.0.50727.1434 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : Neutral Character Set : Unicode Comments : Zlfdezknh.Vsa.Vb.CodeDOMProcessor.dll Company Name : Hkasntxbi Koucnnwkecu File Description : Vaqpopqvq.Vsa.Vb.CodeDOMProcessor.dll File Version : 8.0.50727.1434 Internal Name : Zxoxrkozp.Vsa.Vb.CodeDOMProcessor.dll Legal Copyright : © Vbzbatuuu Corporation. All rights reserved. Original Filename : Pgczwsegj.Vsa.Vb.CodeDOMProcessor.dll Product Name : Xjpsifdqc (R) Visual Studio (R) 2005 Product Version : 8.0.50727.1434 Assembly Version : 8.0.0.0
VirusTotal Report submitted 2012-06-20 12:24:39
VirusShare info last updated 2012-07-26 10:22:40

	MD5	b4364022474e0db686f9077b28b0a386
	SHA1	08da4b55cc215f6f373a92ac5c7f8c93cfc97e59
	SHA256	5e413f17ae4815ba761f66acef19d0ea7a6296592c0a4e28774047764700faf3
SSDeep	1536:CwO0BvWAI+tZaVyzcjwW3fwjRzekiJRORtQijPgKHLaD:9O0BvFIgaVyztW3fwjRzoC7rjPlH
Size	102400 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Agent.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Dropper/Win32.Agent Rising = Trojan.Win32.Generic.129A2DBE nProtect = Trojan/W32.Vundo.102400.DS K7AntiVirus = Riskware VirusBuster = Trojan.DR.Agent!NupU2iFLLhs TrendMicro-HouseCall = TROJ_GEN.R21C7K9 Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = TrojanDropper.Agent.gana McAfee-GW-Edition = Artemis!B4364022474E DrWeb = Trojan.MulDrop3.3976 TrendMicro = TROJ_GEN.R21C7K9 Kaspersky = Trojan-Dropper.Win32.Agent.gana Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = HeurEngine.MaliciousPacker TotalDefense = Win32/Vundo.H!generic Jiangmin = TrojanDropper.Agent.bmen McAfee = Artemis!B4364022474E F-Secure = Gen:Variant.Vundo.6 F-Prot = W32/Virtumonde.BZ.gen!Eldorado AVG = Dropper.Agent.ATBX Norman = W32/Kryptik.AIF GData = Gen:Variant.Vundo.6 Symantec = Packed.Generic.305 Commtouch = W32/Virtumonde.BZ.gen!Eldorado BitDefender = Gen:Variant.Vundo.6 NOD32 = a variant of Win32/Kryptik.NHN
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:01:13 23:22:19-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 12800 Initialized Data Size : 125440 Uninitialized Data Size : 0 Entry Point : 0x4051 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Windows Portable Device (Parameter) Types Component File Version : 6.0.6000.16386 (vista_rtm.061101-2205) Internal Name : Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : PORTABLEDEVICETYPES.DLL Product Name : Microsoft® Windows® Operating System Product Version : 6.0.6000.16386
VirusTotal Report submitted 2012-06-20 13:00:10
VirusShare info last updated 2012-07-26 10:23:28

	MD5	879d35f8407b63de48aab29c2b31d2db
	SHA1	e02f087ca81d4958a5fa78e8395bcd1bc806a284
	SHA256	5f4621ec293dba3ae04792503a1d5bb1819c9ed1c1c093e036052464ba2c861d
SSDeep	3072:ydwcDYLw9hLPvXxd0K1l3HW5gpqzEMFS:ydwLwPXxGK32R
Size	139264 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.aba.1 Avast = Win32:MalOb-GD [Cryp] Antiy-AVL = Trojan/Win32.Monder.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Suspicious file nProtect = Trojan/W32.Vundo.139264.C K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!Yyv+V+bH9Ao TrendMicro-HouseCall = TROJ_SPNR.15KH11 Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Vundo.av McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.Virtumod.10519 TrendMicro = TROJ_SPNR.15KH11 Kaspersky = Trojan.Win32.Monder.mxvz Microsoft = Trojan:Win32/Vundo.gen!AV ViRobot = Trojan.Win32.A.Monder.139264.H Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Monder.abyu McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.AKPS Norman = W32/Suspicious_Gen2.SOSYN Sophos = Troj/Virtum-Gen Symantec = Trojan.Gen GData = Gen:Variant.Vundo.4 Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:03:06 08:12:43-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 94208 Initialized Data Size : 90112 Uninitialized Data Size : 0 Entry Point : 0x13a2d OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : Neutral Character Set : Unicode Company Name : Ryxcqwfux Budwcijgstz File Description : Elms DVL Medium changer driver File Version : 6.0.6000.16386 (zntts_rtm.061101-2205) Internal Name : elmsmc.sys Legal Copyright : © Hhyloxrsm Ekdxgdxnizz. All rights reserved. Original Filename : elmsmc.sys Product Name : Cgoedofzj® Lqjrsuc® Gksdcbhrn Axjwjq Product Version : 6.0.6000.16386
VirusTotal Report submitted 2012-06-20 13:13:19
VirusShare info last updated 2012-07-26 10:23:46

	MD5	bdd21c6672f710db1947ee2f63c607a7
	SHA1	4232a240e15d92645a25856150d56a3cbebf81c9
	SHA256	670a70908032f769cd792de3e7c9d5824f492da790f3409942585c19996e03ff
SSDeep	6144:CeOgy6gu/Trk1h6/eUA9bNuok5HlYVMOW1FtAv0y8B:CePylu/Uh6/iV0/YhW1FtAvP8
Size	304128 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.XPACK.Gen2 Avast = Win32:Pirminay-Y [Trj] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/CI.A nProtect = Trojan/W32.Agent.304128.BQ K7AntiVirus = Trojan VirusBuster = Trojan.Pirminay!tWovJiUqws0 TrendMicro-HouseCall = TROJ_GEN.R3EC3G1 Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Artemis!BDD21C6672F7 DrWeb = Trojan.DownLoader3.49233 TrendMicro = TROJ_GEN.R3EC3G1 Kaspersky = Trojan.Win32.Pirminay.jlj Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Kryptik.ANL!tr PCTools = Downloader.Generic McAfee = Artemis!BDD21C6672F7 F-Secure = Trojan.Generic.KDV.268038 VIPRE = Trojan.Win32.Generic!BT AVG = Generic23.AAMD Norman = W32/Obfuscated.L GData = Trojan.Generic.KDV.268038 Symantec = Downloader TheHacker = Trojan/Dropper.gen BitDefender = Trojan.Generic.KDV.268038 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2007:02:09 18:28:41-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 303104 Initialized Data Size : 4096 Uninitialized Data Size : 376832 Entry Point : 0xa6350 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1.5.0.50 Product Version Number : 1.5.0.50 File Flags Mask : 0x30003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Windows, Latin1 Company Name : Fraunhofer Institut Integrierte Schaltungen IIS File Description : MPEG Layer-3 Audio Decoder File Version : 1, 5, 0, 50 Internal Name : L3CODECX.AX Legal Copyright : Copyright (C) 1997 Fraunhofer IIS Original Filename : L3CODECX.AX Product Name : MPEG Layer-3 Audio Codec for Vompaoyux DirectShow Product Version : 1, 5, 0, 50 Active Movie : Filter dll OLE Self Register : AM20
VirusTotal Report submitted 2012-06-20 14:41:16
VirusShare info last updated 2012-07-26 10:25:45

	MD5	f22bc8f35e0889ae3a4e16cdf432632e
	SHA1	71b807226e389af902f3bf42b9ab513bd4c0cb1e
	SHA256	69f7c081e7b16c8ae07ef05b6543449401854d8a140eeda12a04ad16fd32f796
SSDeep	3072:POSx4KHq8vzoYA81ZYXhQ8ebnZ3nnd6GON/:mjz816Qd3YGO
Size	126976 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-GD [Cryp] Antiy-AVL = Trojan/Win32.Monder.gen Ikarus = Trojan.Win32.Pirminay Panda = Suspicious file K7AntiVirus = Trojan VirusBuster = Trojan.Monder!F0mMFw5S+4E TrendMicro-HouseCall = TROJ_GEN.R4FCCE5 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Generic Malware.ms TrendMicro = TROJ_GEN.R4FCCE5 Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Vundo TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Generic.jebs McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.ADAD Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen Symantec = Trojan.Vundo!gen9 GData = Gen:Variant.Vundo.13 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.ndc BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.NDC
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:22 18:06:30-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 28672 Initialized Data Size : 131072 Uninitialized Data Size : 0 Entry Point : 0x479e OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 10.1.7600.16385 Product Version Number : 10.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : Neutral Character Set : Unicode Company Name : Pnlhjydat Nclyeobtiny File Description : Jjdqikajd IME File Version : 10.1.7600.16385 (win7_rtm.090713-1255) Internal Name : imetip.dll Legal Copyright : © Kidfbbruu Fvvypdgzpsn. All rights reserved. Original Filename : imetip.dll Product Name : Ykiyjkswc® Niifhpp® Ulzhozywx System Product Version : 10.1.7600.16385
VirusTotal Report submitted 2012-06-20 15:15:06
VirusShare info last updated 2012-07-26 10:26:16

	MD5	aa81e184a24055d06a6adef807b27996
	SHA1	d43748be565b0cc22825a1d58e0e6ae6d17e87ce
	SHA256	713dba4d4bde507ca5e1883739ebd9f20c42db75e22dac17f8e0092cd83f1d77
SSDeep	768:PXtlFLwbl6XVYGLkT7h21tycL/kPHkCxA8Eucr+MJyObRDS8pNlCsI:PlLwbU8E1AjprcsOtXpNl4
Size	69632 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.ghi Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Vundo Panda = Suspicious file nProtect = Trojan/W32.Monder.69632.L K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!qSpRuZzGLhc TrendMicro-HouseCall = TROJ_VUNDO.SMP1 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Vundo.AV5 McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.Smardec.58 Kaspersky = Trojan.Win32.Monder.nrqz Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Monder.aahh F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Cryptic.DXA Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen Symantec = Trojan.Gen GData = Gen:Variant.Vundo.4 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Monder.mjbr BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.NDF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:11:23 16:38:47-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 49152 Initialized Data Size : 49152 Uninitialized Data Size : 0 Entry Point : 0xbf81 OS Version : 4.0 Image Version : 9.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.1106 Product Version Number : 5.1.2600.1106 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Nimybltgr Xypkzmsxjwz File Description : Cplffpxds DirectMusic Scripting File Version : 5.1.2600.1106 (xpsp1.020828-1920) Internal Name : Lqlbuiifh DirectMusic Scripting Legal Copyright : © Xpmyvicde Nuzgyszckie. All rights reserved. Original Filename : dmscript.dll Product Name : Ehrtaizdy® Xkyordn® Fpyueukmy System Product Version : 5.1.2600.1106
VirusTotal Report submitted 2012-06-20 16:40:08
VirusShare info last updated 2012-07-26 10:28:23

	MD5	6dd7e5ea7c828cd22133d98091e82c24
	SHA1	5d5e8dddc31cf72835ca2b4d580b37fac1acaa47
	SHA256	71407a1d2828f0a931d1382a0fda6b9cf498c477c3b0d5b328ced55cdda1565e
SSDeep	6144:/4wOicvxO1X+rHh1W+R81AFWubEAFztZDfP:7dWO1X6c+JNwARrD3
Size	286721 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.FKM.Gen Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay Panda = Suspicious file nProtect = Trojan.Generic.4830822 K7AntiVirus = Riskware VBA32 = Trojan.Win32.Agent.eigo TrendMicro-HouseCall = TROJ_GEN.R3BC3A8 Emsisoft = Trojan.Win32.Pirminay!IK Comodo = TrojWare.Win32.Trojan.Agent.Gen McAfee-GW-Edition = Artemis!6DD7E5EA7C82 TrendMicro = TROJ_GEN.R3BC3A8 Kaspersky = Trojan.Win32.Pirminay.xq Fortinet = W32/Kryptik.ANL!tr PCTools = HeurEngine.MaliciousPacker Jiangmin = Trojan/Pirminay.dn McAfee = Artemis!6DD7E5EA7C82 F-Secure = Trojan.Generic.4830822 VIPRE = Packed.Win32.Pirminay.a (v) F-Prot = W32/FakeAlert.LP.gen!Eldorado AVG = Generic18.AWLV Norman = W32/Obfuscated.L Sophos = Mal/Generic-L GData = Trojan.Generic.4830822 Symantec = Packed.Generic.305 Commtouch = W32/FakeAlert.LP.gen!Eldorado TheHacker = Trojan/Pirminay.nf BitDefender = Trojan.Generic.4830822 NOD32 = a variant of Win32/Kryptik.HKC
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2007:02:22 02:41:33-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 279040 Initialized Data Size : 268288 Uninitialized Data Size : 0 Entry Point : 0x44f58 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.0 Product Version Number : 5.2.3790.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Windows Write File Version : 5.2.3790.0 (srv03_rtm.030324-2048) Internal Name : write Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : write Product Name : Microsoft® Windows® Operating System Product Version : 5.2.3790.0
VirusTotal Report submitted 2012-06-20 16:40:20
VirusShare info last updated 2012-07-26 10:28:23

	MD5	c782f33d85add3b6676bf2cf5604e6a0
	SHA1	90ef2b3b10a329e46b4451778e7f2c990f351e27
	SHA256	723d3d6465f1f9081aedd719430d9a777c8103f20fa0b585110b48f05def58f0
SSDeep	3072:qcu/2x62J8dWtWZ+ImmVOrsIlHvVSbu/yf33:7u/K6hv+Fxsnum3
Size	131072 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Trj/Genetic.gen nProtect = Trojan/W32.Agent.131072.ALD K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!DUEFNHYf96o TrendMicro-HouseCall = TROJ_GEN.R45C2H6 Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Monder.mppp SUPERAntiSpyware = Trojan.Agent/Gen-Vundo McAfee-GW-Edition = Vundo!ma DrWeb = Trojan.Virtumod.10435 TrendMicro = TROJ_GEN.R45C2H6 Kaspersky = Trojan.Win32.Monder.mppp Microsoft = Trojan:Win32/Vundo.gen!AV ViRobot = Trojan.Win32.Vundo.131072 Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Monder.adnn McAfee = Vundo!ma F-Secure = Gen:Variant.Vundo.4 F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.AQDY Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen Symantec = Trojan.Gen GData = Gen:Variant.Vundo.4 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.llt BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LLT
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:14 23:59:26-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 61440 Initialized Data Size : 102400 Uninitialized Data Size : 0 Entry Point : 0xc09d OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1.0.0.1 Product Version Number : 1.0.0.1 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode File Description : igfxTMM Module File Version : 1, 0, 0, 1 Internal Name : igfxTMM Legal Copyright : Copyright 2006 Original Filename : igfxTMM.DLL Product Name : igfxTMM Module Product Version : 1, 0, 0, 1
VirusTotal Report submitted 2012-06-20 16:52:34
VirusShare info last updated 2012-07-26 10:28:52

	MD5	aecb7a43c0361ef0dd1c79013c280785
	SHA1	7c1db20e4e7bdfef7c6261eaa00673286712d433
	SHA256	72fc0bced81f96aed4245b5dfdadbbb338de42781befeb063824e0bfdf3f5339
SSDeep	3072:gH497Mbjn6Ba/EIyvdzq3m6AhIfYl3/YGlnMqqDLy/6lK1pn:s4970+BjqWNhIfYOLqqDLu6gn
Size	135168 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-HF [Cryp] Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.HDC K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!qTNbnRb4nho TrendMicro-HouseCall = TROJ_GEN.R72C2G9 Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Vundo McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.Click1.64150 TrendMicro = TROJ_GEN.R72C2G9 Kaspersky = Trojan.Win32.Genome.uzuz Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Generic.jcad McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.AHPF Norman = W32/Suspicious_Gen2.PMOJI Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:09:03 01:15:01-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 65536 Initialized Data Size : 122880 Uninitialized Data Size : 0 Entry Point : 0xc7a6 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : Neutral Character Set : Unicode Company Name : Emekzebcd Jujfaearnvf File Description : Remote Data Services Data Factory File Version : 6.0.6000.16386 (pkqna_rtm.061101-2205) Internal Name : msadcf.dll Legal Copyright : © Pjvnyiaqn Nsflkcrxbph. All rights reserved. Original Filename : msadcf.dll Product Name : Jdftqbwno® Unswqff® Nbimykihm Futoth Product Version : 6.0.6000.16386 Ole Self Register :
VirusTotal Report submitted 2012-06-20 17:01:22
VirusShare info last updated 2012-07-26 10:29:00

	MD5	687c4e4a960b71444e80677eaa355f1d
	SHA1	c36d862120d3b1fb76b8853f4792d4dedaa7e07d
	SHA256	773aecde6f927b32124dbdfcd5b17dea541c5e517c6f061a8e712db9dbf4d4f1
SSDeep	6144:pxNEPtda4WDYyC5mRpMXin20SACqWJBXp81BRr:y3yCYRd20SXfXSZ
Size	316845 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Pirminay.bcs Avast = Win32:Malware-gen Ikarus = Trojan-Downloader.Win32.Ponmocup Panda = Suspicious file nProtect = Backdoor.Generic.327931 K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_FAM_0001afb.TOMA Comodo = TrojWare.Win32.Trojan.Agent.Gen Emsisoft = Trojan-Downloader.Win32.Ponmocup!IK McAfee-GW-Edition = Artemis!687C4E4A960B TrendMicro = TROJ_FAM_0001afb.TOMA Kaspersky = Trojan.Win32.Pirminay.xp Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Kryptik.ANL!tr PCTools = HeurEngine.MaliciousPacker Jiangmin = Trojan/Agent.dtms McAfee = Artemis!687C4E4A960B F-Secure = Backdoor.Generic.327931 VIPRE = Packed.Win32.Pirminay.a (v) F-Prot = W32/FakeAlert.LP.gen!Eldorado AVG = Crypt.UMK Norman = W32/Suspicious_Gen2.BBWBW Sophos = Mal/Generic-E GData = Backdoor.Generic.327931 Symantec = Packed.Generic.305 Commtouch = W32/FakeAlert.LP.gen!Eldorado TheHacker = Trojan/Agent.rdg BitDefender = Backdoor.Generic.327931 NOD32 = Win32/TrojanDownloader.Agent.PXG
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2005:03:04 15:54:20-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 15360 Initialized Data Size : 595456 Uninitialized Data Size : 0 Entry Point : 0x48f8 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 4 Language Code : Neutral Character Set : Unicode Company Name : Microsoft Corporation File Description : ModeX Display Driver File Version : 5.1.2600.0 (XPClient.010817-1148) Internal Name : modex.dll Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : modex.dll Product Name : Microsoft® Windows® Operating System Product Version : 5.1.2600.0
VirusTotal Report submitted 2012-06-20 17:51:19
VirusShare info last updated 2012-07-26 10:30:07

	MD5	c7cb0ecf242f761bfab1b046f7c6b4f0
	SHA1	66e058f93c7652e80874f74ac6e1cfb7fee89189
	SHA256	958f7cb4d6912d488ba00addaff0fc7cf9da7186f42378321cfb7269aadbc72a
SSDeep	3072:gQm1kIh93eCumTV1o7lSH1RzdudGMovZ0a1n8DOncMqqDLy/AnqR8b:ekIhQmTvoRSV9CGJ0jDOvqqDLuA
Size	180224 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-HF [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Genome Panda = Suspicious file Rising = Trojan.Win32.Generic.1289D33E nProtect = Trojan/W32.Vundo.180224 K7AntiVirus = Riskware VirusBuster = Trojan.Genome!BXALZZT4IkI TrendMicro-HouseCall = TROJ_SPNR.15L511 Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Monder.mynb SUPERAntiSpyware = Trojan.Agent/Gen-Vundo McAfee-GW-Edition = Artemis!C7CB0ECF242F DrWeb = Trojan.MulDrop2.36782 TrendMicro = TROJ_SPNR.15L511 Kaspersky = Trojan.Win32.Monder.mynb Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.HRU Jiangmin = Trojan/Monder.addk McAfee = Artemis!C7CB0ECF242F F-Secure = Gen:Variant.Vundo.4 F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.KBG Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.oxp BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.OXP
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2004:07:11 15:22:28-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 86016 Initialized Data Size : 135168 Uninitialized Data Size : 0 Entry Point : 0x119ca OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.3959 Product Version Number : 5.2.3790.3959 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Microsoft Server Appliance Services File Version : 5.2.3790.3959 (srv03_sp2_rtm.070216-1710) Internal Name : APPSRVCS.DLL Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : APPSRVCS.DLL Product Name : Microsoft® Windows® Operating System Product Version : 5.2.3790.3959
VirusTotal Report submitted 2012-06-21 00:19:20
VirusShare info last updated 2012-07-26 10:37:39

	MD5	d7ea1972a99121c98522a0aae98a2c00
	SHA1	48b0bd873f0b205b214549196bd4c054dc780ee5
	SHA256	9866af49fbb6c08c9aec00bc7f8a2b656971db73a1ef5f6c07055ca8fa9da9f3
SSDeep	3072:O0o0vOUnfsSixO/aMFAZ7rlc33OninJRkadGM:OJ0vhfsSixgkZ7KHOiXk4
Size	106496 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-GD [Cryp] Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Genome Panda = Generic Trojan nProtect = Trojan.Vundo.6874 K7AntiVirus = Riskware VirusBuster = Adware.Virtumonde!mGKcpKLLepo TrendMicro-HouseCall = TROJ_GEN.R4FC1IE Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware DrWeb = Trojan.Click1.63025 TrendMicro = TROJ_GEN.R4FC1IE Kaspersky = Trojan.Win32.Genome.addel Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Genome.akzv McAfee = Artemis!D7EA1972A991 F-Secure = Trojan.Vundo.6874 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.PNO Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Trojan.Vundo.6874 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Trojan.Vundo.6874 NOD32 = a variant of Win32/Adware.Virtumonde.NKO
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:01:06 17:18:11-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 49152 Initialized Data Size : 90112 Uninitialized Data Size : 0 Entry Point : 0x96dd OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.0.0.3422 Product Version Number : 2.0.0.3422 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : Qfvcysofc Corporation File Description : Mjpfshyda Agent Data Provider File Version : 2.00.0.3422 Internal Name : AgentDataProvider Legal Copyright : Copyright (C) Udxuqhanw Corp. 1997-98 Legal Trademarks : Original Filename : AgentDpv.dll Private Build : Product Name : Zkfnzoylw Agent Data Provider Product Version : 2.00.0.3422 Special Build :
VirusTotal Report submitted 2012-06-21 01:01:44
VirusShare info last updated 2012-07-26 10:37:51

	MD5	ebe08c88f6adaf9d3ace35fa76f9c2a0
	SHA1	50582dbcf4245ddf29f2f7302cac63222c1d09da
	SHA256	9b4ebe91157685cb6c86d3faf83161454746708680c25d7f44473dd4e94b1e2c
SSDeep	12288:y/WQd+hbvmpq4hNIVIlu1HGjxc5Em5shebBbeR:y/WMM7mzhmIoH8ymmqkb9e
Size	471040 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.ZPACK.Gen2 Avast = Win32:Dropper-gen [Drp] Antiy-AVL = Trojan/Win32.Hrup.gen Ikarus = Trojan.Win32.Wintrim AhnLab-V3 = Trojan/Win32.Pirminay K7AntiVirus = Riskware VirusBuster = Trojan.Skintrim!wPq/iMKsGVc TrendMicro-HouseCall = TROJ_GEN.R4FC1K3 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Wintrim!IK CAT-QuickHeal = Trojan.Hrup.evq McAfee-GW-Edition = Downloader.a!uo DrWeb = Trojan.Wintrim.44 TrendMicro = TROJ_GEN.R4FC1K3 Kaspersky = Trojan.Win32.Hrup.evq Microsoft = TrojanDownloader:Win32/Wintrim.BL Fortinet = W32/Skintrim.B!tr PCTools = Trojan.Gen McAfee = Downloader.a!uo F-Secure = Gen:Heur.NaviPromo.3 VIPRE = Trojan-Downloader.Win32.Wintrim.bl (v) F-Prot = W32/Wintrim.N.gen!Eldorado AVG = Skintrim Norman = W32/Skintrim.DVYD Sophos = Mal/SkinTrim-A GData = Gen:Heur.NaviPromo.3 Symantec = Trojan.Gen Commtouch = W32/Wintrim.N.gen!Eldorado BitDefender = Gen:Heur.NaviPromo.3 NOD32 = a variant of Win32/Skintrim.IS
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:05:13 15:04:40-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 24576 Initialized Data Size : 446464 Uninitialized Data Size : 0 Entry Point : 0x27b5 OS Version : 5.0 Image Version : 0.0 Subsystem Version : 5.0 Subsystem : Windows GUI File Version Number : 7.1.4.0 Product Version Number : 7.1.4.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Bergerac Company Name : s'expatriassent File Description : flottation File Version : 7, 1, 4, 0 Legal Copyright : wormwood Product Name : avoid Product Version : 7, 1, 4, 0
VirusTotal Report submitted 2012-06-21 01:43:54
VirusShare info last updated 2012-07-26 10:38:12

	MD5	35b2a78618acefcdd872cc2b6ad1fe2d
	SHA1	ca5b4fb4cd2864d26fe56d95fda894da8e111b20
	SHA256	9ba49e06a502c2982bdf378eb559e1ebd2ebe5700097ad8deddbc82630b795ab
SSDeep	6144:DZPQ1i+kW3bF7P2XfYXbhnan3LikwheEYuYUg:5Q1SW3wXA9an3LipheEYuYv
Size	232448 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:Pirminay-CY [Trj] Ikarus = Trojan.Win32.Jorik AhnLab-V3 = Trojan/Win32.Jorik Panda = Suspicious file nProtect = Trojan.Generic.6547110 K7AntiVirus = Riskware VirusBuster = Trojan.Injector!eYGWZhNT3CI VBA32 = TrojanDownloader.CodecPack.sjt TrendMicro-HouseCall = TROJ_GEN.R11C2HK Comodo = TrojWare.Win32.Trojan.Agent.Gen Emsisoft = Trojan.Win32.Jorik!IK CAT-QuickHeal = Trojan.Jorik.Pirminay.aam McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.WinSpy.1014 TrendMicro = TROJ_GEN.R11C2HK Kaspersky = Trojan.Win32.Jorik.Pirminay.aam Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Jorik.K!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.hxys McAfee = Generic Malware.ms F-Secure = Trojan.Generic.6547110 VIPRE = Trojan.Win32.Generic!BT AVG = Dropper.Generic4.URO Norman = W32/Obfuscated.L GData = Trojan.Generic.6547110 Symantec = Trojan.Gen BitDefender = Trojan.Generic.6547110 NOD32 = a variant of Win32/Injector.HZU
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 229376 Initialized Data Size : 4096 Uninitialized Data Size : 40960 Entry Point : 0x42700 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.1106 Product Version Number : 5.1.2600.1106 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Uhaaruimv Corporation File Description : Schedule Tasks File Version : 5.1.2600.1106 (xpsp1.020828-1920) Internal Name : SchTasks.exe Legal Copyright : © Hvszzqzko Ayjiatrrgab. All rights reserved. Original Filename : ScTasks.exe Product Name : Sppufspos® Jucjimo® Lzfcssxbv Belchn Product Version : 5.1.2600.1106
VirusTotal Report submitted 2012-06-21 01:46:58
VirusShare info last updated 2012-07-26 10:38:13

	MD5	be5253a2eb79d8db439a7585d98e3b4f
	SHA1	c067ba25cb0e8ae1fd53e49b8f7a64fea11d6e82
	SHA256	9e9c1abaed812464334e1e5ec2d23e5ac132c0e5998b982e8f300c196c10a2c8
SSDeep	6144:MElAY1UvaSh8uT5x5J0lBatB2LaWO36hTGE6NApTL1qm+:MEYSPuTo6fUat3aTGE6Q1
Size	304128 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Spy.304732 Avast = Win32:Trojan-gen Ikarus = Trojan.Win32.Pirminay K7AntiVirus = Riskware VBA32 = Trojan.Pirminay.wh TrendMicro-HouseCall = TROJ_GEN.R3BC3AC Comodo = TrojWare.Win32.Trojan.Agent.Gen Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Artemis!BE5253A2EB79 TrendMicro = TROJ_GEN.R3BC3AC Kaspersky = Trojan.Win32.Pirminay.crf Fortinet = W32/Kryptik.ANL!tr PCTools = HeurEngine.MaliciousPacker Jiangmin = Trojan/Pirminay.adq McAfee = Artemis!BE5253A2EB79 F-Secure = Gen:Variant.Vundo.6 VIPRE = Packed.Win32.Pirminay.a (v) F-Prot = W32/FakeAlert.LP.gen!Eldorado AVG = Generic19.ALGX Norman = W32/Suspicious_Gen2.PGAWE GData = Gen:Variant.Vundo.6 Symantec = Packed.Generic.305 Commtouch = W32/FakeAlert.LP.gen!Eldorado TheHacker = Trojan/Pirminay.cff BitDefender = Gen:Variant.Vundo.6 NOD32 = a variant of Win32/Kryptik.PMF
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:04:06 21:47:19-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 10240 Initialized Data Size : 535040 Uninitialized Data Size : 0 Entry Point : 0x3502 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.0.2159.1 Product Version Number : 5.0.2159.1 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Server Extension Objects DLL File Version : 5.00.0984 Internal Name : SEO Legal Copyright : Copyright (C) Microsoft Corp. 1981-1999 Original Filename : SEO.DLL Product Name : Internet Information Services Product Version : 5.00.0984
VirusTotal Report submitted 2012-06-21 02:29:23
VirusShare info last updated 2012-07-26 10:38:35

	MD5	19ae06b9a8154a5c177a1a854e1edf8b
	SHA1	0fbc79a32a5ca1a5ee1dd0e2ae8b1f212d0c62a8
	SHA256	a25b295c5640530e38e85fbfaed51e90aba625f44f63888009240641301cf989
SSDeep	3072:dKKo9PhPiQqH1Ca0krTF1WNTkowlJjqEOTjXb:gKopyyajIjX
Size	147456 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-GD [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Vundo Panda = Generic Trojan K7AntiVirus = Riskware VirusBuster = Trojan.Monder!+XTUuIlcTWE VBA32 = AdWare.SuperJuan.heur TrendMicro-HouseCall = TROJ_GEN.R4FC1KP Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Artemis!19AE06B9A815 DrWeb = Trojan.Virtumod.10262 TrendMicro = TROJ_GEN.R4FC1KP Kaspersky = Trojan.Win32.Monder.nqyz Microsoft = Trojan:Win32/Vundo.gen!AV ViRobot = Trojan.Win32.A.Monder.147456 Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.H!generic Jiangmin = TrojanDownloader.Delf.abmz McAfee = Artemis!19AE06B9A815 F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic21.ASCK Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.13 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.GND
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:26 13:42:50-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 86016 Initialized Data Size : 94208 Uninitialized Data Size : 0 Entry Point : 0x12651 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 4.10.0.1998 Product Version Number : 4.10.0.1998 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Windows, Latin1 Company Name : Elacfsggt Trnahxywymp File Description : Bezier Screen Saver File Version : 4.10.1998 Internal Name : BEZIER Legal Copyright : Copyright (C) Lorrkjfen Corp. 1991-1998 Original Filename : BEZIER.SCR Product Name : Jsoucuwow(R) Lexflgo(R) Oxzkzsbet Uqggiz Product Version : 4.10.1998
VirusTotal Report submitted 2012-06-21 03:14:50
VirusShare info last updated 2012-07-26 10:38:54

	MD5	156733be21efac4777082c9c2caf51cd
	SHA1	cd396721463e45b248875a268684a3014429b75a
	SHA256	a6e65e612a17738a29d15e9140872be17526bc934b04d02851e038d229c1515c
SSDeep	6144:pxNEPtda4WDYyC5mRpMXin20SACqWJBXp81BR2:y3yCYRd20SXfXSI
Size	316830 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Pirminay.bcs Avast = Win32:Malware-gen Ikarus = Trojan-Downloader.Win32.Ponmocup Panda = Suspicious file nProtect = Backdoor.Generic.327931 K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_FAM_0001afb.TOMA Emsisoft = Trojan-Downloader.Win32.Ponmocup!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Artemis!156733BE21EF DrWeb = Trojan.DownLoader6.20605 TrendMicro = TROJ_FAM_0001afb.TOMA Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Kryptik.ANL!tr PCTools = HeurEngine.MaliciousPacker Jiangmin = Trojan/Agent.dtms McAfee = Artemis!156733BE21EF F-Secure = Backdoor.Generic.327931 VIPRE = Packed.Win32.Pirminay.a (v) F-Prot = W32/FakeAlert.LP.gen!Eldorado AVG = Crypt.UMK Norman = W32/Suspicious_Gen2.BBWBW Sophos = Mal/Generic-L Symantec = Packed.Generic.305 GData = Backdoor.Generic.327931 Commtouch = W32/FakeAlert.LP.gen!Eldorado TheHacker = Trojan/Agent.rdg BitDefender = Backdoor.Generic.327931 NOD32 = Win32/TrojanDownloader.Agent.PXG
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2005:03:04 15:54:20-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 15360 Initialized Data Size : 595456 Uninitialized Data Size : 0 Entry Point : 0x48f8 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 4 Language Code : Neutral Character Set : Unicode Company Name : Microsoft Corporation File Description : ModeX Display Driver File Version : 5.1.2600.0 (XPClient.010817-1148) Internal Name : modex.dll Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : modex.dll Product Name : Microsoft® Windows® Operating System Product Version : 5.1.2600.0
VirusTotal Report submitted 2012-06-21 04:07:18
VirusShare info last updated 2012-07-26 10:39:15

	MD5	0fbd0331b3a80bef7d71e5ca7d09e248
	SHA1	889816945603d4e1a94e15997a3e86cb19201133
	SHA256	aae3995c660de8beaa7bf687f9c11993f10d96f5700eee1aaef7dec497822d51
SSDeep	3072:yAb8WyX8YOG3530XiYzSjx/WaFtOodo6Akf:yu8WyX8YdGhzSjxvw6n
Size	104960 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Vundo AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/Genetic.gen Rising = Trojan.Win32.Generic.124C78D1 nProtect = Trojan/W32.Pirminay.104960 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!QcI0hjgGkV0 VBA32 = Trojan.Agent.fpet TrendMicro-HouseCall = TROJ_GEN.R4FC2DT Comodo = TrojWare.Win32.Kryptik.RVH Emsisoft = Trojan.Vundo!IK CAT-QuickHeal = Trojan.Monder.moke SUPERAntiSpyware = Trojan.Agent/Gen-Vonder McAfee-GW-Edition = Artemis!0FBD0331B3A8 DrWeb = Trojan.Siggen3.62938 TrendMicro = TROJ_GEN.R4FC2DT Kaspersky = Trojan.Win32.Monder.moke Microsoft = Trojan:Win32/Vundo Fortinet = W32/Monder.BMF!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Agent.emsx McAfee = Artemis!0FBD0331B3A8 F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.BZ.gen!Eldorado AVG = Generic24.AKAK Norman = W32/Kryptik.AIF Sophos = Mal/Vundo-G GData = Gen:Variant.Vundo.13 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.BZ.gen!Eldorado TheHacker = Trojan/Kryptik.hny BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.HNY
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:11:02 12:10:18-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 58368 Initialized Data Size : 82944 Uninitialized Data Size : 0 Entry Point : 0xf1cd OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7000.0 Product Version Number : 6.1.7000.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Virtual WiFi Bus Driver File Version : 6.1.7000.0 (winmain_win7beta.081212-1400) Internal Name : VWiFiBus.sys Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : VWiFiBus.sys Product Name : Microsoft® Windows® Operating System Product Version : 6.1.7000.0
VirusTotal Report submitted 2012-06-21 05:24:20
VirusShare info last updated 2012-07-26 10:39:32

	MD5	d719475a08938214d8722a2ae8192d1a
	SHA1	3880478466fbae774dcf684186fdaa5dc822adb5
	SHA256	ae9963b23341c77543ed95856cc7ffd001a7031bdb10f8266ee4cfe48bbb519e
SSDeep	1536:GW3vdbGXe/kVEMHKK4b0rC9leTJJhabHLWB2vDhBEQtaFkQf:DdbP/+bKft9leFJhcLRreFkQf
Size	76800 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Trj/Genetic.gen nProtect = Trojan/W32.Monder.76800.C K7AntiVirus = Riskware VirusBuster = Trojan.Monder.Gen.7 TrendMicro-HouseCall = TROJ_GEN.R4FC1IL Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Monder.nmro McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.Click1.61036 TrendMicro = TROJ_GEN.R4FC1IL Kaspersky = Trojan.Win32.Monder.nmro Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Monder.BMF!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Monder.abee McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.YJO Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.ndi BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.NDI
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:06:29 07:32:37-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 32768 Initialized Data Size : 90112 Uninitialized Data Size : 0 Entry Point : 0x4add OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 2 Language Code : Neutral Character Set : Unicode Company Name : Microsoft Feyzmogvamr File Description : Greenlandic Keyboard Layout File Version : 6.0.6000.16386 (edkrn_rtm.061101-2205) Internal Name : kbdgrlnd (3.13) Legal Copyright : © Oscyawtxx Pxpucqjdtev. All rights reserved. Original Filename : kbdgrlnd.dll Product Name : Vhrnqseir® Eipvpsk® Bxmonqxom Vrwqts Product Version : 6.0.6000.16386
VirusTotal Report submitted 2012-06-21 06:08:29
VirusShare info last updated 2012-07-26 10:39:50

	MD5	de4dd960e8565ca4c9fb2a0986145d7d
	SHA1	1087818f163e1b4cbc9671d94605f577137bc321
	SHA256	c22466f5509e68440d05a959eb0b4c2f7abc252855cb929784035519e4997afc
SSDeep	1536:hPP83NQistHNc4/TM4JHlCLYo0tl4NEzOFXYDOWie0XwQlqfLvcYl+MqqU+NV236:hM3NQisti4o4JEGzFOz9ol+MqqDLy/o
Size	106496 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-HH [Cryp] Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Vundo Panda = Suspicious file nProtect = Trojan/W32.Genome.106496.O K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!fuh1WEq+pVc TrendMicro-HouseCall = TROJ_GEN.R11C2H7 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.Click1.63759 TrendMicro = TROJ_GEN.R11C2H7 Kaspersky = Trojan.Win32.Genome.aavgo Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Generic.imqp McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.BIGV Norman = W32/Suspicious_Gen2.TRWSW Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.13 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.qgj BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.QGJ
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2007:02:27 09:16:06-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 69632 Initialized Data Size : 77824 Uninitialized Data Size : 0 Entry Point : 0xd122 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6001.18000 Product Version Number : 6.0.6001.18000 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Akpnpwrcr Pexeeulhuca File Description : LSM interfaces proxy Dll File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840) Internal Name : lsmproxy Legal Copyright : © Tastipylf Ipxebkcrbut. All rights reserved. Original Filename : lsmproxy.dll Product Name : Rrgtnesae® Tymuurc® Qmgdoyonk Qtzlas Product Version : 6.0.6001.18000
VirusTotal Report submitted 2012-06-21 10:50:58
VirusShare info last updated 2012-07-26 10:41:34

	MD5	a808dba843f852b89db5857199a8b6f6
	SHA1	d2a238a617dad2a2583ac8cd67b5c9a5750bb1e3
	SHA256	c864c01678daea303ff6aaf47cb76ebf29133bda3330bb686914acce451d2c35
SSDeep	3072:V0z0OOUwm/whrixp/aMFAq7rla33OninJRkadwM:Vi0Oh9/grixlkq7gHOiXkm
Size	106496 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-GD [Cryp] Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Genome Panda = Suspicious file nProtect = Trojan.Vundo.6798 K7AntiVirus = Riskware VirusBuster = Trojan.Genome!v1zLMIuSuew TrendMicro-HouseCall = TROJ_GEN.R4FC1IB Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Genome.wgjl McAfee-GW-Edition = Artemis!A808DBA843F8 DrWeb = Trojan.Click1.63025 TrendMicro = TROJ_GEN.R4FC1IB Kaspersky = Trojan.Win32.Genome.wgjl Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Genome.akzv McAfee = Artemis!A808DBA843F8 F-Secure = Trojan.Vundo.6798 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.PNO Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Trojan.Vundo.6798 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Trojan.Vundo.6798 NOD32 = a variant of Win32/Adware.Virtumonde.NKO
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:01:06 17:18:11-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 49152 Initialized Data Size : 90112 Uninitialized Data Size : 0 Entry Point : 0x96dd OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.0.0.3422 Product Version Number : 2.0.0.3422 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : Qfvcysofc Corporation File Description : Mjpfshyda Agent Data Provider File Version : 2.00.0.3422 Internal Name : AgentDataProvider Legal Copyright : Copyright (C) Udxuqhanw Corp. 1997-98 Legal Trademarks : Original Filename : AgentDpv.dll Private Build : Product Name : Zkfnzoylw Agent Data Provider Product Version : 2.00.0.3422 Special Build :
VirusTotal Report submitted 2012-06-21 12:14:33
VirusShare info last updated 2012-07-26 10:42:11

	MD5	e919c4a925083f747673d7b7bc7af0d5
	SHA1	0e63a7f382b46741c26cbbf8fabd9f367f3c8489
	SHA256	ce51e97324fb56a5c8a283d18958c7905436e870de87ac038c5cff32eb2dfe6c
SSDeep	3072:DKwfDp1SP5EFdCQ2sfkevZv+FkoGMqqDLy/jT0:Ll1bbZadqqDLu
Size	155648 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-HH [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Vundo Panda = Trj/Genetic.gen nProtect = Trojan/W32.Genome.155648.K K7AntiVirus = Riskware VirusBuster = Trojan.Genome!UNL3UX4HoCI TrendMicro-HouseCall = TROJ_GEN.R4FC2IH Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Genome.will McAfee-GW-Edition = Artemis!E919C4A92508 DrWeb = Trojan.Click1.54924 TrendMicro = TROJ_GEN.R4FC2IH Kaspersky = Trojan.Win32.Genome.will Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Generic.iqrf McAfee = Artemis!E919C4A92508 F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Cryptic.CZO Norman = W32/Suspicious_Gen2.QTFJF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Genome.sqdx BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:22 10:44:33-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 110592 Initialized Data Size : 86016 Uninitialized Data Size : 0 Entry Point : 0x17802 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 2 Language Code : Neutral Character Set : Unicode Company Name : Microsoft Corporation File Description : Ukrainian (Enhanced) Keyboard Layout File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : kbdur1 (3.13) Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : kbdur1.dll Product Name : Microsoft® Windows® Operating System Product Version : 6.1.7600.16385
VirusTotal Report submitted 2012-06-21 13:21:13
VirusShare info last updated 2012-07-26 10:42:47

	MD5	c53359b02499e82bfc00e44803dd8f86
	SHA1	b189c5ef38ea6368985d4fc02711f9cc798f8ff3
	SHA256	cfd03ca5013d8ba56393d4a02ebe0ae1bca22d99729c474a126fc236ced8b1d4
SSDeep	3072:nVSI/l5fiEez9juZ/DJM8G9ti0tsHkmp1LLmk8MkwNf4w3dhOFytlNTvGpVGlrU:nMUt5Z/GJ+BEmp1bDf4wcmNTwN
Size	210576 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Jorik AhnLab-V3 = Trojan/Win32.Jorik Panda = Trj/CI.A nProtect = Trojan.Generic.6386964 K7AntiVirus = Riskware VirusBuster = Trojan.Injector!Knt+Q9reJ6I VBA32 = Trojan.Jorik.Pirminay.bu TrendMicro-HouseCall = TROJ_GEN.R4FC3IG Emsisoft = Trojan.Win32.Jorik!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Jorik.Pirminay.aui McAfee-GW-Edition = Heuristic.LooksLike.Win32.Suspicious.B DrWeb = Trojan.WinSpy.origin ByteHero = Trojan.Win32.Heur.Gen TrendMicro = TROJ_GEN.R4FC3IG Kaspersky = Trojan.Win32.Jorik.Pirminay.aui Microsoft = Trojan:Win32/Vundo.gen!CD Fortinet = W32/Jorik.K!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.hxys McAfee = Artemis!C53359B02499 ClamAV = Trojan.Agent-264053 F-Secure = Trojan.Generic.6386964 VIPRE = Trojan.Win32.Generic!BT AVG = Dropper.Generic4.SXS Norman = W32/Kryptik.ALS GData = Trojan.Generic.6386964 Symantec = Trojan.Gen TheHacker = Trojan/Injector.hzu BitDefender = Trojan.Generic.6386964 NOD32 = a variant of Win32/Kryptik.UFA
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 16384 Initialized Data Size : 200704 Uninitialized Data Size : 0 Entry Point : 0x137e OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.0.0.74 Product Version Number : 5.0.0.74 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Created by VIONA Development Company Name : RAVISENT Technologies Inc. File Description : CineMaster C WDM DVD Minidriver File Version : 5.0.00.0074 Internal Name : VDMINDVD.SYS Legal Copyright : Copyright 1999 RAVISENT Technologies Inc. Original Filename : VDMINDVD.SYS Product Name : CineMaster C WDM Product Version : 5.0.00.0074
VirusTotal Report submitted 2012-06-21 13:39:19
VirusShare info last updated 2012-07-26 10:42:55

	MD5	4e6d59bf05248bb7e5738a06531564e9
	SHA1	552a1e9782577fc9ceb93fdf2c3fb68f2938ad8b
	SHA256	d0303ae6acfd727e6594e4355522823708aa63e6f81208fbcac1e340ce4937f6
SSDeep	3072:Vl9YjJf5LK+4SlmG7ROywYXePhBoyLElmvBlHrNo9Gp6+Mcidz9/3EAKmvvOlDxJ:VlW5LR7MyhuJBLLESTOgVNidz9/d4lJ
Size	237655 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:Downloader-JME [Trj] Ikarus = Trojan.Win32.Jorik AhnLab-V3 = Trojan/Win32.Jorik Panda = Suspicious file nProtect = Trojan.Generic.6434611 K7AntiVirus = Riskware VirusBuster = Trojan.Injector!55pphTnahyw VBA32 = TrojanDownloader.Qhost.jw TrendMicro-HouseCall = TROJ_SPNR.2FAC12 Emsisoft = Trojan.Win32.Jorik!IK Comodo = TrojWare.Win32.Trojan.Agent.Gen CAT-QuickHeal = Trojan.Jorik.Pirminay.uy McAfee-GW-Edition = Artemis!4E6D59BF0524 DrWeb = Trojan.WinSpy.1014 TrendMicro = TROJ_SPNR.2FAC12 Kaspersky = Trojan.Win32.Jorik.Pirminay.uy Microsoft = TrojanDownloader:Win32/Ponmocup.A ViRobot = Trojan.Win32.Generic.213555[UPX] Fortinet = W32/Jorik.K!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.hxys McAfee = Artemis!4E6D59BF0524 F-Secure = Trojan.Generic.6434611 VIPRE = Trojan.Win32.Generic!BT AVG = Dropper.Generic4.XWL Norman = W32/Obfuscated.L Sophos = Troj/Virtum-Gen GData = Trojan.Generic.6434611 Symantec = Trojan.Gen TheHacker = Trojan/Jorik.Pirminay.jq BitDefender = Trojan.Generic.6434611 NOD32 = a variant of Win32/Injector.HZU
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 237568 Initialized Data Size : 4096 Uninitialized Data Size : 49152 Entry Point : 0x45eb0 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 0.3.1536.1 Product Version Number : 1.10.2.11 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : CANON INC. File Description : Canon Inkjet Printer Driver File Version : 1.10.2.11 (fbl_dox_dev_ihvs.081016-1807) Internal Name : CNBBRxxx.DLL Legal Copyright : Copyright CANON INC. 2008 All Rights Reserved Original Filename : CNBBRxxx.DLL Product Name : Canon Inkjet Printer Driver Product Version : 1.10.2.11
VirusTotal Report submitted 2012-06-21 13:44:22
VirusShare info last updated 2012-07-26 10:43:00

	MD5	acce7afb2575b4ca49a48b37ba0729ba
	SHA1	966a4cdabcd837c32ff19e3ca0b826bf2a219c74
	SHA256	d0aa5b36c417d2e6d1faafb195b72a84a3a18d7c47c54a02dd94db0b0655b94d
SSDeep	3072:EBpZHWfcPbqHtZQCX0CKrlTRKnBHwdnMRwaDdSO:EVPbUQCkCKiBQVonN
Size	114688 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-GD [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.FakeAV Panda = Trj/Genetic.gen K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_GEN.R4FC2G7 Emsisoft = Trojan.Win32.Pirminay!IK Comodo = TrojWare.Win32.Agent.onm CAT-QuickHeal = Trojan.Agent2.elhs McAfee-GW-Edition = Vundo!je DrWeb = Trojan.Siggen3.42285 TrendMicro = TROJ_GEN.R4FC2G7 Kaspersky = Trojan.Win32.Agent2.elhs Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Agent.evtk McAfee = Vundo!je F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.ONM Norman = W32/Suspicious_Gen2.QOGWD Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.13 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.ndi BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.NDI
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:09:23 03:29:11-04:00 PE Type : PE32 Linker Version : 5.12 Code Size : 45056 Initialized Data Size : 102400 Uninitialized Data Size : 0 Entry Point : 0x8131 OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.0.2134.1 Product Version Number : 5.0.2134.1 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Drdqvcasxqo File Description : Control Panel Console Applet File Version : 5.00.2134.1 Internal Name : Console Legal Copyright : Copyright (C) Tpfkytyvm Corp. 1981-1999 Original Filename : CONSOLE.DLL Product Name : Vhnvgfrur(R) Pnqxxto (R) 2000 Wqrkstcaa Jqirqf Product Version : 5.00.2134.1
VirusTotal Report submitted 2012-06-21 13:49:41
VirusShare info last updated 2012-07-26 10:43:02

	MD5	7d4a986bfe4d8e19103fb9b86169d5d2
	SHA1	7c15d68e53263498016f40530c672b1fe6d944fa
	SHA256	d9934be5930786fde2c7047555572c972e69fa4ad02d45519549cc317dcd9878
SSDeep	6144:+aj3A5G0ZBqDLh4DUktcVbC7xF7rjZSGriXqyMPQi/XDrhi87f76Q2lCZBx:dbCG0XsLsUk8kxjZXrGMPQi/Xvc6rZBx
Size	306076 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dldr.Ponmocup.A.89 Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay nProtect = Trojan.Generic.4126990 K7AntiVirus = Riskware VBA32 = Trojan.Pirmidrop.k TrendMicro-HouseCall = TROJ_GEN.R3BCRA8 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Generic Downloader.x!ech TrendMicro = TROJ_GEN.R26E1JS Kaspersky = Trojan.Win32.Pirminay.zd Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Kryptik.ANL!tr PCTools = HeurEngine.MaliciousPacker Jiangmin = Trojan/Agent.dvhx McAfee = Generic Downloader.x!ech F-Secure = Trojan.Generic.4126990 VIPRE = Packed.Win32.Pirminay.a (v) F-Prot = W32/FakeAlert.LP.gen!Eldorado AVG = SHeur3.WDG Norman = W32/Suspicious_Gen2.BTEBN GData = Trojan.Generic.4126990 Symantec = Packed.Generic.305 Commtouch = W32/FakeAlert.LP.gen!Eldorado TheHacker = Trojan/Injector.blv BitDefender = Trojan.Generic.4126990 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:09:15 14:27:16-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 4096 Initialized Data Size : 600064 Uninitialized Data Size : 0 Entry Point : 0x1dd6 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.3.3790.1830 Product Version Number : 5.3.3790.1830 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Microsoft DirectPlay Voice ACM Provider File Version : 5.3.3790.1830 (srv03_sp1_rtm.050324-1447) Internal Name : dpvacm.dll Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : dpvacm.dll Product Name : Microsoft(R) Windows(R) Operating System Product Version : 5.3.3790.1830
VirusTotal Report submitted 2012-06-21 15:31:57
VirusShare info last updated 2012-07-26 10:43:45

	MD5	e245fab5ca20aef3fbe7f07a6b123c53
	SHA1	ac8027b2ff1ef08f8b7f63af80aa746e84cf5c5a
	SHA256	e2d6b1e05f943f0794a1b07b9d80eef6c6b0080bf2aa29ee68acc0c1d93fbcbe
SSDeep	6144:co7Rl16N8B7058DWC0PyjGIjCQghTpLgCtUjvGRDhXBCs:3P16N8kWWSj1CQghTpLeKRhBCs
Size	231911 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:Malware-gen Ikarus = Trojan-Downloader.Win32.Ponmocup AhnLab-V3 = Trojan/Win32.Jorik Panda = Suspicious file nProtect = Trojan.Generic.6575837 K7AntiVirus = Trojan VirusBuster = Trojan.Qhost!w15e6TdXnr0 VBA32 = Trojan.Jorik.Pirminay.agg TrendMicro-HouseCall = TROJ_GEN.R4FC8J6 Comodo = UnclassifiedMalware Emsisoft = Trojan-Downloader.Win32.Ponmocup!IK CAT-QuickHeal = Trojan.Jorik.Pirminay.auk SUPERAntiSpyware = Trojan.Agent/Gen-Faker McAfee-GW-Edition = Generic Malware.ms TrendMicro = TROJ_GEN.R4FC8J6 Microsoft = Trojan:Win32/Vundo.gen!CD Fortinet = W32/Malware_fam.NB PCTools = Trojan.ADH Jiangmin = Trojan/Generic.klre McAfee = Generic Malware.ms F-Secure = Trojan.Generic.6575837 VIPRE = Trojan.Win32.Generic!BT AVG = Dropper.Generic4.AINJ Norman = W32/Suspicious_Gen2.RMEVC Symantec = Trojan.ADH.2 GData = Trojan.Generic.6575837 TheHacker = Trojan/Kryptik.ufa BitDefender = Trojan.Generic.6575837 NOD32 = a variant of Win32/Kryptik.UFA
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 229376 Initialized Data Size : 4096 Uninitialized Data Size : 28672 Entry Point : 0x3fbd0 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Dszwsnynh Corporation File Description : Event Create File Version : 5.1.2600.0 (zionrkak.010817-1148) Internal Name : EventCreate.exe Legal Copyright : © Oegxrecue Fgbzejkeiph. All rights reserved. Original Filename : EvCreate.exe Product Name : Fywzmpihw® Ukxtqkg® Jhdzlgalx Rzelau Product Version : 5.1.2600.0
VirusTotal Report submitted 2012-06-21 17:27:50
VirusShare info last updated 2012-07-26 10:44:35

	MD5	5f96c241c0b9ef61b5b05b6b6fa0af04
	SHA1	008f0b51ed80c82ce4aefee2a3c48c5eddc9e41d
	SHA256	e3408a1ba47ea72496e20445de542dde9f95b31605431ec778f53817cc49a51b
SSDeep	1536:HFdRrdbd2QCQCWv9GtyHpF8ca2M+EGzG+BhHk4StYMtd4K+pmEs6D+G:HHtdbdfCqHj8ca2M+EreHk47PaEaG
Size	83968 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Menti Panda = Suspicious file nProtect = Trojan/W32.Vundo.83968.CM K7AntiVirus = Riskware VBA32 = AdWare.SuperJuan.heur TrendMicro-HouseCall = TROJ_GEN.R4FC2G6 Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Vundo.Gen McAfee-GW-Edition = Vundo!mm DrWeb = Trojan.Siggen2.56183 TrendMicro = TROJ_GEN.R4FC2G6 Kaspersky = Trojan.Win32.Menti.kpqd Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Menti.fam!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Menti.bea McAfee = Vundo!mm F-Secure = Gen:Variant.Vundo.6 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Cryptic.BTF Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.6 Symantec = Trojan.Gen.2 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.izc BitDefender = Gen:Variant.Vundo.6 NOD32 = a variant of Win32/Kryptik.IZC
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:05:11 05:10:22-04:00 PE Type : PE32 Linker Version : 5.0 Code Size : 33280 Initialized Data Size : 85504 Uninitialized Data Size : 0 Entry Point : 0x8eca OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.0.2920.0 Product Version Number : 5.0.2920.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Internet Connection Wizard Trial Reminder Helper File Version : 5.00.2920.0000 Internal Name : trialoc Legal Copyright : Copyright (C) Microsoft Corp. 1991-1999 Original Filename : trialoc.dll Product Name : Microsoft(R) Windows (R) 2000 Operating System Product Version : 5.00.2920.0000 Ole Self Register :
VirusTotal Report submitted 2012-06-21 17:33:02
VirusShare info last updated 2012-07-26 10:44:37

	MD5	d50866daac79021a44a360153d676416
	SHA1	09b6ead59a62a5568bf0c94c3626294a107168e3
	SHA256	e55af9fcc9f733b15f32dd594884b24762910477bf0efb3b5f80121117e1d94f
SSDeep	1536:VIDrvf5hiCWWMd5GiLeFGYR2l9F1SdWfnF+Qn85uRlcMqqU+NV23S27o:V835hdvNFGJlQdW9f8kRlcMqqDLy/7o
Size	106496 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-HH [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Genome Panda = Suspicious file nProtect = Trojan/W32.Vundo.106496.AA K7AntiVirus = Trojan VirusBuster = Trojan.Kryptik!Oq5gjKsYAYg TrendMicro-HouseCall = TROJ_GEN.R11C2GS Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Genome.vzzn McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.MulDrop2.36782 TrendMicro = TROJ_GEN.R11C2GS Kaspersky = Trojan.Win32.Genome.vzzn Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.H!generic Jiangmin = TrojanDownloader.Delf.abna McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) AVG = Generic23.AOVK Norman = W32/Obfuscated.C2!genr Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen TheHacker = Trojan/Genome.sqcu BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.QGJ
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:09:07 22:36:33-04:00 PE Type : PE32 Linker Version : 6.0 Code Size : 36864 Initialized Data Size : 110592 Uninitialized Data Size : 0 Entry Point : 0x4c8e OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Skpmzzglk Corporation File Description : Japwccd Write File Version : 5.1.2600.0 (lusplhbl.010817-1148) Internal Name : write Legal Copyright : © Cgjeupiyp Pllcycjuauu. All rights reserved. Original Filename : write Product Name : Mvfgrdqcn® Ovzuisr® Optfepazy Mexelr Product Version : 5.1.2600.0
VirusTotal Report submitted 2012-06-21 18:01:11
VirusShare info last updated 2012-07-26 10:44:47

	MD5	66093bb7b7197af5f9d9da554afa8a73
	SHA1	bca858a3b94b739eea042ae8e014d606274ed560
	SHA256	00b50743280e7837833352d47cfa04c1cace00f01bda76ecf8b9b813360d03c7
SSDeep	1536:xwfVH1nwggqFw1yqDh/RYxlWc/JwwAUDN0pvuWHv1q/WcD+Ym:xwfV1nwgHw1yqclWOwwAKYvuWHv1Pc
Size	122880 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.AV.577 Avast = Win32:MalOb-GD [Cryp] Antiy-AVL = Trojan/Win32.Monder.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Spyware/Virtumonde nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Trojan eTrust-Vet = Win32/Monder.A!generic TrendMicro-HouseCall = TROJ_GEN.RC1C2FG Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Faldesc[RE] McAfee-GW-Edition = Vundo!kz DrWeb = Trojan.Virtumod.10251 TrendMicro = TROJ_GEN.RC1C2FG Kaspersky = Trojan.Win32.Monder.mtsy Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Monder.abyi McAfee = Vundo!kz F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) AVG = Generic22.VZI Norman = W32/Suspicious_Gen2.QBJNZ Sophos = Mal/Generic-L GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen TheHacker = Trojan/Monder.mkog BitDefender = Gen:Variant.Vundo.4 NOD32 = probably a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:31 12:52:00-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 28672 Initialized Data Size : 126976 Uninitialized Data Size : 0 Entry Point : 0x4191 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.6.0.8820 Product Version Number : 5.6.0.8820 File Flags Mask : 0x0003 File Flags : (none) File OS : Win32 Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Zrrvjhlxa Xxkkdbbfipg File Description : Tzgjeklgi (r) Ubvnnpr Based Script Host File Version : 5.6.0.8820 Internal Name : wscript.exe Legal Copyright : Copyright © Iuhodjotu Corp. 2002 Original Filename : wscript.exe Product Name : Chdwcsmae (r) Wukkftq Script Host Product Version : 5.6.0.8820
VirusTotal Report submitted 2011-10-07 18:36:10
VirusShare info last updated 2012-07-25 00:38:27

	MD5	7757b5c6bb256b46916685626ed57960
	SHA1	859134d9326b64874791d934bcf2d7b4dd8e9e45
	SHA256	00d86784b8dd9d2b5daef51e2b99ad371e38c44aef95cc3c7c1181ff6bce3d13
SSDeep	1536:oXoHDc3mHDA1c82CyKQMVg/WmaOalO16J2sc4+fSST0s6YXj5BOpvFqW4YoSglB8:oX2e2CyKRbdJ2dfNQTO0sWeS+Rm/
Size	104448 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Suspicious file nProtect = Trojan/W32.Agent.104448.KE K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_GEN.R30C7IR Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Vundo.av McAfee-GW-Edition = Artemis!7757B5C6BB25 DrWeb = Trojan.Virtumod.10154 TrendMicro = TROJ_GEN.R30C7IR Kaspersky = Trojan.Win32.Monder.mupc Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Monder.abop McAfee = Artemis!7757B5C6BB25 F-Secure = Gen:Variant.Vundo.6 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Cryptic.BTF Norman = W32/Kryptik.AIF GData = Gen:Variant.Vundo.6 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Gen:Variant.Vundo.6 NOD32 = probably a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:11:05 18:00:14-05:00 PE Type : PE32 Linker Version : 5.12 Code Size : 55808 Initialized Data Size : 83968 Uninitialized Data Size : 0 Entry Point : 0xe79e OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Web Service Security Package File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : TSpkg.dll Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : TSpkg.dll Product Name : Microsoft® Windows® Operating System Product Version : 6.1.7600.16385
VirusTotal Report submitted 2011-10-05 11:29:10
VirusShare info last updated 2012-07-25 00:41:11

	MD5	f79cf775d1c86680edbcf085ffc1f372
	SHA1	fc7bf17d64a711e9552b12ab533c8adfeecdc498
	SHA256	01112df0e28f8746b1897d8d77a79126410e5a12aca3edf031d2685f23f7a8fb
SSDeep	3072:yAb8WyX8YOG3530XihzSjx/WaFtOodo6Akf:yu8WyX8YdGQzSjxvw6n
Size	104960 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.A.164 Avast = Win32:Trojan-gen Antiy-AVL = Trojan/Win32.Pirminay.gen Panda = Suspicious file Rising = Trojan.Win32.Generic.523AF565 Avast5 = Win32:Trojan-gen GData = Win32:Trojan-gen
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:11:02 12:10:18-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 58368 Initialized Data Size : 82944 Uninitialized Data Size : 0 Entry Point : 0xf1cd OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7000.0 Product Version Number : 6.1.7000.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Virtual WiFi Bus Driver File Version : 6.1.7000.0 (winmain_win7beta.081212-1400) Internal Name : VWiFiBus.sys Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : VWiFiBus.sys Product Name : Microsoft® Windows® Operating System Product Version : 6.1.7000.0
VirusTotal Report submitted 2010-10-18 17:05:31
VirusShare info last updated 2012-07-25 00:48:04

	MD5	74d50cd652f42d741919ff64b2851840
	SHA1	65847324453aec04320afea4464e28ac3148b059
	SHA256	0127090652011d621f14500e99a782912514c90a81ba6c70008d92c357fb0f55
SSDeep	3072:VAmy5hdv9FGJlQdW9f8kRlGMqqDLy/Vo:JGvTGYw9bqqDLu
Size	106496 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:Pirminay-BU [Trj] Antiy-AVL = Trojan/Win32.Delf.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Genome Panda = Suspicious file nProtect = Gen:Variant.Vundo.4 VirusBuster = Trojan.Kryptik!9d4+qAizBWs eTrust-Vet = Win32/Monder.A!generic TrendMicro-HouseCall = TROJ_GEN.R4FC2IK Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Artemis!74D50CD652F4 DrWeb = Trojan.MulDrop2.36782 TrendMicro = TROJ_GEN.R4FC2IK Kaspersky = Trojan.Win32.Genome.uxwd Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr Jiangmin = TrojanDownloader.Delf.abna McAfee = Artemis!74D50CD652F4 F-Secure = Gen:Variant.Vundo.4 VIPRE = Virtumonde AVG = Generic23.AOVK Norman = W32/Obfuscated.C2!genr GData = Gen:Variant.Vundo.4 TheHacker = Trojan/Genome.sqcu BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.QGJ
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:09:07 22:36:33-04:00 PE Type : PE32 Linker Version : 6.0 Code Size : 36864 Initialized Data Size : 110592 Uninitialized Data Size : 0 Entry Point : 0x4c8e OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Skpmzzglk Corporation File Description : Japwccd Write File Version : 5.1.2600.0 (lusplhbl.010817-1148) Internal Name : write Legal Copyright : © Cgjeupiyp Pllcycjuauu. All rights reserved. Original Filename : write Product Name : Mvfgrdqcn® Ovzuisr® Optfepazy Mexelr Product Version : 5.1.2600.0
VirusTotal Report submitted 2011-10-04 22:05:55
VirusShare info last updated 2012-07-25 00:51:02

	MD5	0736ce394c11750fadf16cc8ddadda3d
	SHA1	6b118c90c59818d337792eb19cdbaeaf3a870d27
	SHA256	017282b1970211d55c95ad8ea2ee88c68648a1a32b17327559d0b778182e633b
SSDeep	6144:FyMsJzVrZ2MW3kyDhZI/NnAHZaeKmeGdEjlbZebhrRBPMB++:F8JyvUyDbMnA56f2hFBPMv
Size	250339 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:Trojan-gen Antiy-AVL = Trojan/Win32.Jorik Ikarus = Trojan.Win32.Jorik AhnLab-V3 = Trojan/Win32.Jorik nProtect = Trojan.Generic.KDV.303237 K7AntiVirus = Riskware VirusBuster = Trojan.Injector!M/8mCdETuGI VBA32 = Trojan.Jorik.Pirminay.bu TrendMicro-HouseCall = TROJ_RENOS.BMC Emsisoft = Trojan.Win32.Jorik!IK Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[Cont] McAfee-GW-Edition = Generic.evx!k DrWeb = Trojan.DownLoader4.25851 TrendMicro = TROJ_RENOS.BMC Kaspersky = Trojan.Win32.Jorik.Pirminay.rh Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Jorik.K!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.hxys McAfee = Generic.evx!k F-Secure = Trojan.Generic.KDV.303237 VIPRE = Trojan.Win32.Generic!BT eSafe = Win32.Milicenso AVG = Dropper.Generic4.RTQ Norman = W32/Obfuscated.L Symantec = Trojan.Gen GData = Trojan.Generic.KDV.303237 TheHacker = Trojan/Jorik.Pirminay.kn BitDefender = Trojan.Generic.KDV.303237 NOD32 = a variant of Win32/Injector.HZU
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 229376 Initialized Data Size : 24576 Uninitialized Data Size : 40960 Entry Point : 0x42510 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1.0.13.0 Product Version Number : 1.0.13.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 1 Language Code : Danish Character Set : Unicode Comments : Company Name : Igztgvurp Rvsmlsadwvg File Description : Lexmark 3200 Color Jetprinter File Version : 1, 0, 13, 0 Internal Name : LXSYSRES.DLL Legal Copyright : Copyright (C) Gkwziauas Corp. 1981-1997 Legal Trademarks : Original Filename : OEMRES Private Build : Product Name : Psyhpqmts(R) Nwoaxuy NT(R) Operativsystem Product Version : 1, 0, 13, 0 Special Build :
VirusTotal Report submitted 2012-02-15 17:34:49
VirusShare info last updated 2012-07-26 10:47:11

	MD5	9f85d9bed3739f4838c4c5be0f426bed
	SHA1	e14c0d4f0ee2f984f5f149088e282262177d75c9
	SHA256	01a06b702661e3f41435fc9b4d08bbe7f39f61480950ff071ac73b3dc25de6a4
SSDeep	1536:NSLXkHE2sOBM55FtRubD0NkkVHZBSOC954R44TkFQVCtv7vA5yral0cLWTkgTnj:4kk2sO2FubC9G5O44Tk6msacLWXTn
Size	116224 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Suspicious file K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!bRXdyu6MU50 VBA32 = Trojan.Monder.mrri TrendMicro-HouseCall = TROJ_GEN.R45C2G8 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Kryptik McAfee-GW-Edition = Vundo!kt DrWeb = Trojan.Virtumod.10179 TrendMicro = TROJ_GEN.R45C2G8 Kaspersky = Trojan.Win32.Monder.mnai Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.H!generic McAfee = Vundo!kt F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.BZ.gen!Eldorado AVG = Generic23.BBMV Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen.2 Commtouch = W32/Virtumonde.BZ.gen!Eldorado BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.OXO
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:11:22 02:00:08-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 102912 Initialized Data Size : 49152 Uninitialized Data Size : 0 Entry Point : 0x19f81 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.0.2134.1 Product Version Number : 5.0.2134.1 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 8 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : MCI driver for cdaudio devices File Version : 5.00.2134.1 Internal Name : mcicda Legal Copyright : Copyright (C) Microsoft Corp. 1981-1999 Original Filename : mcicda.dll Product Name : Microsoft(R) Windows (R) 2000 Operating System Product Version : 5.00.2134.1
VirusTotal Report submitted 2012-05-25 03:38:40
VirusShare info last updated 2012-07-26 10:47:16

	MD5	43fea030497bf2695733d960c10f7d6d
	SHA1	d70992d3288245185d3063d405551684ac383c61
	SHA256	021625e14a8aa53ae1ba3e35753abd91100b8928f7a7b4df3cd34b4f1fe268d2
SSDeep	6144:ikDC8MGtIXGE3wN0qb6cNGtbd9boe4PYujJH/iFG8jwPqAOnfc1tFbUzYrakJQxE:P+8MqOQxwT9UA2fiLEifnU1tCEQxE
Size	427522 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dldr.Ponmocup.A.382 Avast = Win32:Crypt-JHM [Trj] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Pirminay.427522 Panda = Generic Trojan Rising = Trojan.Win32.Generic.128DCE83 nProtect = Trojan/W32.Agent.427522 K7AntiVirus = Riskware VirusBuster = Trojan.DL.Agent!aI/dsX7bHRc VBA32 = Trojan.Agent.nknc eTrust-Vet = Win32/Ponmocup.H TrendMicro-HouseCall = TROJ_DLOADR.BH Emsisoft = Trojan.Win32.Pirminay!IK Comodo = TrojWare.Win32.Trojan.Agent.Gen McAfee-GW-Edition = Swisyn.w DrWeb = Trojan.DownLoader4.44785 TrendMicro = TROJ_DLOADR.BH Kaspersky = Trojan.Win32.Agent.huto Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Swisyn.W!tr PCTools = Trojan.Gen Jiangmin = Trojan/Agent.fbhj McAfee = Swisyn.w ClamAV = Trojan.Agent-245622 F-Secure = Trojan.Generic.5924315 VIPRE = Trojan.Win32.Generic!BT eSafe = Win32.Milicenso F-Prot = W32/Trojan!ceb3 AVG = SHeur3.BZES Norman = W32/Kryptik.AIF Sophos = Troj/DwnLdr-IYO GData = Trojan.Generic.5924315 Symantec = Trojan.Gen Commtouch = W32/Trojan!ceb3 TheHacker = Trojan/Agent.nknb BitDefender = Trojan.Generic.5924315 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:03:20 17:00:13-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 73728 Initialized Data Size : 692224 Uninitialized Data Size : 0 Entry Point : 0xef42 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.0.0.3422 Product Version Number : 2.0.0.3422 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : Hbkstuqku Yogfmzhyeqt File Description : Axtxdwnon Agent Data Provider File Version : 2.00.0.3422 Internal Name : AgentDataProvider Legal Copyright : Copyright (C) Fgvwhojrg Corp. 1997-98 Legal Trademarks : Original Filename : AgentDpv.dll Private Build : Product Name : Jidmkzxxp Agent Data Provider Product Version : 2.00.0.3422 Special Build :
VirusTotal Report submitted 2012-03-15 11:04:19
VirusShare info last updated 2012-07-26 10:47:28

	MD5	f5124eadd055179557df2fcc363690a0
	SHA1	598fe0fdd307978a46e9d4d8cf0c4e8709434fe1
	SHA256	021e781c0c882ba0d4d47c4322845688e238924814c4364cb60ffaf6d0840593
SSDeep	1536:W2f3pg/K2MT0ynf7aGu6si7jwHHgbGtDGZ6oHTlBDGIglhy05WVM/8+NZL0m:XfRnTbfnuqUHvDhoHTqIg3KM/JNZL0
Size	122880 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-GD [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Genome Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.13 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!EqfM4WdjWMg Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Vundo!js Kaspersky = Trojan.Win32.Genome.sqwa Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Genome.ahcz McAfee = Vundo!js F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-GD [Cryp] F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.ZJX Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.13 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.NDS
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:08:29 01:32:30-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 57344 Initialized Data Size : 98304 Uninitialized Data Size : 0 Entry Point : 0xb70a OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Kcssvwbkk Mpoiygxoupe File Description : Llrxajq Write File Version : 5.1.2600.0 (uxozrtxg.010817-1148) Internal Name : write Legal Copyright : © Lerxelvhk Xwronziumui. All rights reserved. Original Filename : write Product Name : Uprgknoah® Ngtbofq® Mucsciuya Reywjr Product Version : 5.1.2600.0
VirusTotal Report submitted 2011-09-15 19:03:25
VirusShare info last updated 2012-07-26 10:47:29

	MD5	9d7f07835c8de8bf0aee404300c65197
	SHA1	e50d8b6fefeec4fbeb6c4588f6f9b08fdc77261f
	SHA256	024a4628ce0a279258ef0d1ed01b0ad38bd61934985f0001333c3589c3d4d9d3
SSDeep	3072:+2nw3C9d2HIUdWjdR75QKWUDO8st7pJpo2:pwy9w/dWjTlXjDHso
Size	103424 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-HH [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Genome Panda = Trj/Genetic.gen Rising = Trojan.Win32.Generic.12535B02 nProtect = Joke/W32.Renos.103424.C K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!/noIjRnF5WE VBA32 = Trojan.Genome.qzfj TrendMicro-HouseCall = TROJ_GEN.R47C2L2 Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Redirect McAfee-GW-Edition = Artemis!9D7F07835C8D DrWeb = Trojan.Click1.32891 TrendMicro = TROJ_GEN.R47C2L2 Kaspersky = Trojan.Win32.Genome.nofe Microsoft = Trojan:Win32/Vundo Fortinet = W32/Kryptik.ANL!tr PCTools = RogueAntiSpyware.SpywareStrike!rem TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Genome.ihm McAfee = Artemis!9D7F07835C8D F-Secure = Trojan.Renos.PJY VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.BZ.gen!Eldorado AVG = Crypt_c.CEV Norman = W32/Suspicious_Gen2.FCYYC Sophos = Mal/Agent-PG GData = Trojan.Renos.PJY Symantec = SpywareStrike Commtouch = W32/Virtumonde.BZ.gen!Eldorado TheHacker = Trojan/Kryptik.hhf BitDefender = Trojan.Renos.PJY NOD32 = a variant of Win32/Kryptik.HHF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:17 15:51:36-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 92160 Initialized Data Size : 48640 Uninitialized Data Size : 0 Entry Point : 0x17649 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : Neutral Character Set : Unicode Company Name : Microsoft Corporation File Description : KO Hangeul Keyboard Layout for 101 (Type A) File Version : 6.0.6000.16386 (vista_rtm.061101-2205) Internal Name : kbd101a Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : kbd101a.dll Product Name : Microsoft® Windows® Operating System Product Version : 6.0.6000.16386
VirusTotal Report submitted 2012-05-23 20:57:18
VirusShare info last updated 2012-07-26 10:47:35

	MD5	1082c742a02831bc9b13ed53834d2069
	SHA1	b534fb87eb8ce449f0878adbc94a589274e28c29
	SHA256	0362f699d42f58e00cf50850828dfc0d848b08fbf902bdc57a4110e3eafd0154
SSDeep	1536:djJc5/0DwEwmmbeyVA3plMt0/AvuGmLsyph:djJY/6YreyV0plMyY8YyP
Size	53760 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-EI Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Malware/Win32.Generic Panda = Trj/CI.A K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!U0jJ9hrLXBw TrendMicro-HouseCall = TROJ_GEN.R72C2DC Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Vundo McAfee-GW-Edition = Artemis!1082C742A028 TrendMicro = TROJ_GEN.R72C2DC Microsoft = Trojan:Win32/Vundo McAfee = Artemis!1082C742A028 F-Secure = Trojan.Generic.KDV.187113 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:MalOb-EI eSafe = Win32.TRVundo AVG = Generic21.CNXW Norman = W32/Suspicious_Gen2.KVQXR GData = Trojan.Generic.KDV.187113 Commtouch = W32/GenBl.1082C742!Olympus TheHacker = Trojan/Kryptik.lfr BitDefender = Trojan.Generic.KDV.187113 NOD32 = a variant of Win32/Kryptik.LFR
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:31 06:08:21-05:00 PE Type : PE32 Linker Version : 4.20 Code Size : 12288 Initialized Data Size : 81920 Uninitialized Data Size : 0 Entry Point : 0x35c4 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1.1.1.0 Product Version Number : 1.1.1.0 File Flags Mask : 0x003f File Flags : Private build, Special build File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : NikeDrv.sys Company Name : S3/Diamond Multimedia Systems File Description : NikeDrv Usb Driver File Version : 1.00.0001.0 Internal Name : NikeDrv.sys Legal Copyright : Coyright (C) S3/Diamond Multimedia Systems 2000 Legal Trademarks : S3/Diamond Multimsdia Systems Original Filename : NikeDrv.sys Private Build : 0 Product Name : NikeDrv Product Version : 1.00.0001.0 Special Build : 0
VirusTotal Report submitted 2011-04-27 09:27:18
VirusShare info last updated 2012-07-26 10:48:08

	MD5	77c9c927b1ee88d9fb6847642b68f682
	SHA1	c317bca8e50a19e6d5f6232742d4c1c28227a002
	SHA256	03cb36a5aecebca8ec1c4d43ca08cc3932ffba6e0fa13a73989894a7e0b18481
SSDeep	3072:yAb8WyX8YOG3530Xi2zSjx/WaFtOodo6Akf:yu8WyX8YdGfzSjxvw6n
Size	104960 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Vundo AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/Genetic.gen Rising = Trojan.Win32.Generic.124C78D1 nProtect = Trojan/W32.Pirminay.104960 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!zVp2qWDykpc VBA32 = Trojan.Agent.fpet eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R4FC2LV Comodo = TrojWare.Win32.Kryptik.RVH Emsisoft = Trojan.Vundo!IK CAT-QuickHeal = Trojan.Vundo SUPERAntiSpyware = Trojan.Agent/Gen-Vonder McAfee-GW-Edition = Artemis!77C9C927B1EE DrWeb = Trojan.Siggen2.6361 TrendMicro = TROJ_GEN.R4FC2LV Kaspersky = Trojan.Win32.Monder.mujs Microsoft = Trojan:Win32/Vundo Fortinet = W32/Monder.BMF!tr PCTools = Trojan.Gen Jiangmin = Trojan/Agent.emsx McAfee = Artemis!77C9C927B1EE F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.BZ.gen!Eldorado AVG = Generic23.CPVB Norman = W32/Kryptik.AIF Sophos = Mal/Vundo-G GData = Gen:Variant.Vundo.13 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.BZ.gen!Eldorado TheHacker = Trojan/Kryptik.hny BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.HNY
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:11:02 12:10:18-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 58368 Initialized Data Size : 82944 Uninitialized Data Size : 0 Entry Point : 0xf1cd OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7000.0 Product Version Number : 6.1.7000.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Virtual WiFi Bus Driver File Version : 6.1.7000.0 (winmain_win7beta.081212-1400) Internal Name : VWiFiBus.sys Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : VWiFiBus.sys Product Name : Microsoft® Windows® Operating System Product Version : 6.1.7000.0
VirusTotal Report submitted 2012-04-30 04:38:44
VirusShare info last updated 2012-07-26 10:48:19

	MD5	63ee4d3311b0616a46a9dfac1f65b236
	SHA1	b9e102fa4b445641b4f4507cc05013f358a5bd36
	SHA256	03ff86ca52d3397c57bd4472935a7d3f8e00bb0f15cdb59c555d841f0c66a35f
SSDeep	1536:U4jIwSC/UXuY28bQJjml9I3k3lQ36QDkUl:UyIwx8b20QJj83lQ39k
Size	49664 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:MalOb-GH [Cryp] Antiy-AVL = Trojan/win32.agent.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Trj/Genetic.gen nProtect = Trojan/W32.Small.49664.EE K7AntiVirus = Trojan VirusBuster = Trojan.Kryptik.Gen.26 eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R21C2IE Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Vundo!mk DrWeb = Trojan.WinSpy.1071 TrendMicro = TROJ_GEN.R21C2IE Kaspersky = Trojan.Win32.Monder.mqjp Microsoft = Trojan:Win32/Vundo.gen!AV ViRobot = Trojan.Win32.Vundo.49664 Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Vundo Jiangmin = Trojan/Generic.isio McAfee = Vundo!mk F-Secure = Gen:Variant.Buzy.4423 VIPRE = Trojan.Win32.Kryptik.laq (v) eSafe = Win32.TRDropper F-Prot = W32/Virtumonde.ST AVG = Cryptic.DQQ Norman = W32/Kryptik.AKE Sophos = Troj/Virtum-Gen GData = Gen:Variant.Buzy.4423 Symantec = Trojan.Vundo!gen9 Commtouch = W32/Virtumonde.ST TheHacker = Trojan/Kryptik.ocu BitDefender = Gen:Variant.Buzy.4423 NOD32 = a variant of Win32/Kryptik.OCU
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2004:08:16 10:16:46-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 40960 Initialized Data Size : 49152 Uninitialized Data Size : 0 Entry Point : 0xaeb1 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2001.12.4414.258 Product Version Number : 3.0.0.4414 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Windows, Latin1 Company Name : Yzwibhlqj Ewifvhxbtkz File Description : Simple Kernel-mode File-based Log File Version : 2001.12.4414.258 Internal Name : txflog.sys Legal Copyright : Copyright (C) Microsoft Corp. 1995-1999 Legal Trademarks : Qfvwqsgxa(R) is a registered trademark of Ighyzngxg Psbzwdzhbpn. Pbnyczd(TM) is a trademark of Zlpagiibr Klpywuagrfb Product Name : COM Services Product Version : 03.00.00.4414
VirusTotal Report submitted 2012-04-24 20:25:14
VirusShare info last updated 2012-07-26 10:48:24

	MD5	0e89e18ec05741c02d81c876389adac0
	SHA1	33dab2708f1962226fbd7913f140dc834d194e58
	SHA256	05e8653a19149ac27f22a32a193d34f019e558e4dd77bec7171df0ae1ccc6389
SSDeep	3072:ZGZKvDiyv1hneGmCRtRBG60kEo3MqqDLy/G1oiAL/heK7DR:ZmKvlrneGmCzRgqqDLuGT+/gKvR
Size	233472 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.233472 Avast = Win32:MalOb-HH [Cryp] Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Fakeav.233472.BW Panda = Trj/CI.A Rising = Trojan.Win32.Generic.128E5E66 nProtect = Trojan/W32.Genome.233472.B K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!qJhTNFLDHFo VBA32 = Trojan.Genome.tatm eTrust-Vet = Win32/Vundo.HRX TrendMicro-HouseCall = TROJ_GEN.R01CRFO Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Genome.tatm McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.Smardec.75 TrendMicro = TROJ_GEN.R01CRFO Kaspersky = Trojan.Win32.Genome.tatm Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.gicd McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) eSafe = Win32.TRVundo F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.JDC Norman = W32/Kryptik.AIF Sophos = Mal/Generic-L Symantec = Trojan.Gen GData = Gen:Variant.Vundo.13 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.npr BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.NPR
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2007:03:30 12:45:09-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 155648 Initialized Data Size : 118784 Uninitialized Data Size : 0 Entry Point : 0x22bc2 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7000.0 Product Version Number : 6.1.7000.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Jlvijhced Rzpfwelvimd File Description : Myslwzm OCR Engine - Reverse Video Detection for Asian OCR File Version : 6.1.7000.0 (winmain_win7beta.081212-1400) Internal Name : reverse Legal Copyright : © Jtfeaoojh Ksnvaabflio. All rights reserved. Original Filename : reverse.dll Product Name : Pdxakpbrk® Voxzkpw® Lztauuaav Cttnfv Product Version : 6.1.7000.0
VirusTotal Report submitted 2012-04-26 09:30:02
VirusShare info last updated 2012-07-26 10:49:18

	MD5	09ce28b702219ab1c8f20c4d2e3160e3
	SHA1	c75a05b5aba80270456c032b4c601ecbf9701ae7
	SHA256	062fcf8e6de8bdc6e8ab0f815b056d36b8aeba968c828d931433c57e11013352
SSDeep	3072:2tvt8oqDoceC7EfcorOQqH4M5pvO8alL+ah8HRrUT:ANqDozCQZE5RO8Kz
Size	115200 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.307200 Avast = Win32:Pirminay-W [Trj] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Genome Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.13 K7AntiVirus = Riskware eTrust-Vet = Win32/Monder.A!generic TrendMicro-HouseCall = TROJ_GEN.R30C7IR Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Vundo.av DrWeb = Trojan.Smardec.114 TrendMicro = TROJ_GEN.R30C7IR Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:Pirminay-W [Trj] F-Prot = W32/Virtumonde.CD.gen!Eldorado AVG = Generic23.BBOY Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.13 Commtouch = W32/Virtumonde.CD.gen!Eldorado BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.SYI
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:03:18 08:40:08-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 86016 Initialized Data Size : 69632 Uninitialized Data Size : 0 Entry Point : 0x12385 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.3790.1830 Product Version Number : 6.0.3790.1830 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Azjaarcrx Xbehblljrmg File Description : Configuration DLL File Version : 6.0.3790.1830 (srv03_sp1_rtm.050324-1447) Internal Name : Configuration Components Legal Copyright : © Zusngdsne Jwzjnlgtnom. All rights reserved. Original Filename : cnfgprts.ocx Product Name : Internet Information Services Product Version : 6.0.3790.1830
VirusTotal Report submitted 2011-09-28 04:34:35
VirusShare info last updated 2012-07-26 10:49:26

	MD5	654993683d57f27611c5ae041318a02c
	SHA1	b3ebc65115bf24ae12ad9bac794e214c49a94faf
	SHA256	06a73db19c8162d51e3ee1a2cb63cfdfe688d8d6f8dd3c6aa73f891b0104581d
SSDeep	1536:GclWvdRkcRSEvHKK4b0r29l9TJJhabHLWB2vDhBEQtaokQf:LUdRfSsKf59l9FJhcLRreokQf
Size	76800 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/Win32.Monder.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Trj/Genetic.gen Rising = Trojan.Win32.Generic.12AB0F3F nProtect = Trojan/W32.Monder.76800.C K7AntiVirus = Riskware eTrust-Vet = Win32/Monder.A!generic TrendMicro-HouseCall = TROJ_GEN.R4FCCLP Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[Cont] McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.Click1.61036 TrendMicro = TROJ_GEN.R4FCCLP Kaspersky = Trojan.Win32.Monder.nerv Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Monder.BMF!tr PCTools = Trojan.Gen Jiangmin = Trojan/Monder.abee McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.YJO Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.ndi BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.NDI
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:06:29 07:32:37-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 32768 Initialized Data Size : 90112 Uninitialized Data Size : 0 Entry Point : 0x4add OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 2 Language Code : Neutral Character Set : Unicode Company Name : Microsoft Feyzmogvamr File Description : Greenlandic Keyboard Layout File Version : 6.0.6000.16386 (edkrn_rtm.061101-2205) Internal Name : kbdgrlnd (3.13) Legal Copyright : © Oscyawtxx Pxpucqjdtev. All rights reserved. Original Filename : kbdgrlnd.dll Product Name : Vhrnqseir® Eipvpsk® Bxmonqxom Vrwqts Product Version : 6.0.6000.16386
VirusTotal Report submitted 2011-12-31 20:39:20
VirusShare info last updated 2012-07-26 10:49:40

	MD5	a0dbdd510e6dd31cf1b9980db0ad11f6
	SHA1	528353cd01c7f4922c8bfe8c89bf47752bc67fd0
	SHA256	070b63a83a2bced930e6a70596a4db32810dbc5f12c2b76c2fcfbcbc12b864f8
SSDeep	1536:GgvvdI/gyE8HKK4b0r99lBTJJhabHLWB2vDhBEQta0kQf:xdI4yjKfS9lBFJhcLRre0kQf
Size	76800 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Trj/Genetic.gen nProtect = Trojan/W32.Monder.76800.C K7AntiVirus = Riskware VirusBuster = Trojan.Monder.Gen.7 eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R4FC2GB Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.Click1.61036 TrendMicro = TROJ_GEN.R4FC2GB Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Monder.BMF!tr PCTools = Trojan.Gen Jiangmin = Trojan/Monder.abee McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.YJO Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen Symantec = Trojan.Gen GData = Gen:Variant.Vundo.4 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.ndi BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.NDI
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:06:29 07:32:37-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 32768 Initialized Data Size : 90112 Uninitialized Data Size : 0 Entry Point : 0x4add OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 2 Language Code : Neutral Character Set : Unicode Company Name : Microsoft Feyzmogvamr File Description : Greenlandic Keyboard Layout File Version : 6.0.6000.16386 (edkrn_rtm.061101-2205) Internal Name : kbdgrlnd (3.13) Legal Copyright : © Oscyawtxx Pxpucqjdtev. All rights reserved. Original Filename : kbdgrlnd.dll Product Name : Vhrnqseir® Eipvpsk® Bxmonqxom Vrwqts Product Version : 6.0.6000.16386
VirusTotal Report submitted 2012-05-19 18:36:29
VirusShare info last updated 2012-07-26 10:49:50

	MD5	b3636e8caf485e5874c9f844d06820cf
	SHA1	b55cd4bfbd399f14ddf34a5d4d06e452716f8fa2
	SHA256	07d91832dcf2ce7b8d5670e76e6e2ddd1043b6e232bed087c11fddb9cc2cd3b2
SSDeep	6144:FbrAGfogA4yvxeFyohk5I/RZjr2lTmyPEjX69is5jBrbPhYLaz71/:lr4Fvtak5IH3zyUX6XThx/
Size	276321 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Spy.276446 Avast = Win32:Spyware-gen Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Suspicious file nProtect = Gen:Variant.Riern.1 K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_GEN.R28C2II Comodo = TrojWare.Win32.Trojan.Agent.Gen Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Win32.TrojanDownloader.Renos.KC.4 McAfee-GW-Edition = Generic Downloader.x!elt TrendMicro = TROJ_GEN.R28C2II Kaspersky = Trojan.Win32.Pirminay.cgr Microsoft = TrojanDownloader:Win32/Ponmocup.A PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.ea McAfee = Generic Downloader.x!elt VIPRE = Packed.Win32.Pirminay.a (v) Avast5 = Win32:Spyware-gen F-Prot = W32/FakeAlert.LP.gen!Eldorado AVG = Generic18.BXTN Norman = W32/Obfuscated.L Sophos = Mal/Generic-L Symantec = Trojan.Gen GData = Gen:Variant.Riern.1 Commtouch = W32/FakeAlert.LP.gen!Eldorado TheHacker = Trojan/Pirminay.eti BitDefender = Gen:Variant.Riern.1 NOD32 = a variant of Win32/Kryptik.HAQ
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:11:14 08:08:52-05:00 PE Type : PE32 Linker Version : 5.12 Code Size : 29696 Initialized Data Size : 487936 Uninitialized Data Size : 0 Entry Point : 0x8274 OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 12.0.7000.7000 Product Version Number : 12.0.7000.7000 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Windows Media Indexer DLL File Version : 12.0.7000.7000 (winmain_win7beta.081212-1400) Internal Name : wmidx.dll Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : wmidx.dll Product Name : Microsoft® Windows® Operating System Product Version : 12.0.7000.7000
VirusTotal Report submitted 2011-06-10 04:54:41
VirusShare info last updated 2012-07-26 10:50:15

	MD5	403df94bfd7abee2c0e75c2a3e1830c8
	SHA1	897b2e20adf79c0c53de145ad6c2186dbace7576
	SHA256	0910d7bd5c4af76e9c86a12aa8864b31cd509150086b34362842fda9b884326c
SSDeep	6144:Il90jhLbM1uWhiE7/fUaAa9MrztbA+mt7dkyE2NIYKdQszOMiEFg9t9YBPh:9cUWhz7MaAeMry+8E1mB+G7
Size	442880 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.XPACK.Gen3 Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay Rising = Trojan.Win32.Generic.12527556 nProtect = Trojan/W32.Pirminay.442880 K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_GEN.R1BC2JS Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Generic Downloader.x!ejn DrWeb = Trojan.Hosts.1844 TrendMicro = TROJ_GEN.R1BC2JS Kaspersky = Trojan.Win32.Pirminay.xt Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.cw McAfee = Generic Downloader.x!ejn F-Secure = Trojan.Generic.4930180 VIPRE = Trojan.Win32.Generic!SB.0 F-Prot = W32/FakeAlert.LP.gen!Eldorado AVG = Generic19.BVHB Norman = W32/Kryptik.AIF Sophos = Mal/Generic-L GData = Trojan.Generic.4930180 Symantec = Trojan.Gen Commtouch = W32/FakeAlert.LP.gen!Eldorado TheHacker = Trojan/Pirminay.xt BitDefender = Trojan.Generic.4930180 NOD32 = a variant of Win32/Kryptik.JHG
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:08:20 04:08:02-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 65024 Initialized Data Size : 750592 Uninitialized Data Size : 0 Entry Point : 0x10ae8 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 4 Language Code : Neutral Character Set : Unicode Company Name : Microsoft Corporation File Description : VGA 16 Colour Display Driver File Version : 5.1.2600.0 (XPClient.010817-1148) Internal Name : vga.dll Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : vga.dll Product Name : Microsoft® Windows® Operating System Product Version : 5.1.2600.0
VirusTotal Report submitted 2012-03-13 06:36:18
VirusShare info last updated 2012-07-26 10:50:52

	MD5	4a03c1162eef760ea6f3a7f26079618b
	SHA1	797c53a90795aed0f3724d71f30e57603324f96d
	SHA256	098c30b5e0ce796a1c58c49556cb7c80c1c04dafb34450657e233f23cc22c5d3
SSDeep	6144:mSy7Gl2DOacHJbmnCRHFBDAvzcuVWLDQpovd128W7:JMfasCZFBYcuVuPj2D7
Size	256376 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:Malware-gen Ikarus = Trojan-Dropper AhnLab-V3 = Trojan/Win32.FakeAV nProtect = Gen:Variant.Graftor.1232 K7AntiVirus = Trojan TrendMicro-HouseCall = TROJ_GEN.R4FC2IM Comodo = TrojWare.Win32.Trojan.Agent.Gen Emsisoft = Trojan-Dropper!IK CAT-QuickHeal = Trojan.Jorik.Pirminay.uq McAfee-GW-Edition = Artemis!4A03C1162EEF ByteHero = Trojan.Win32.Heur.Gen TrendMicro = TROJ_GEN.R4FC2IM Kaspersky = Trojan.Win32.Jorik.Pirminay.uq Microsoft = TrojanDownloader:Win32/Ponmocup.A Jiangmin = Trojan/Generic.kkfx McAfee = Artemis!4A03C1162EEF F-Secure = Trojan.Generic.6506798 VIPRE = Trojan.Win32.Generic!SB.0 AVG = Dropper.Generic4.AGSP Norman = W32/Obfuscated.L Sophos = Troj/Virtum-Gen GData = Trojan.Generic.6506798 Symantec = WS.Reputation.1 BitDefender = Trojan.Generic.6506798
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 229376 Initialized Data Size : 28672 Uninitialized Data Size : 57344 Entry Point : 0x46860 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.0.0.19 Product Version Number : 5.0.0.19 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 1 Language Code : Arabic Character Set : Unicode Company Name : Brother Industries, Ltd. File Description : برنامج تشغيل Brother MFC3100C File Version : 5.0.0.19 (vbl_wcp_d2_drivers.060616-1619) Internal Name : brclr01.dll Legal Copyright : Copyright (C) Brother Industries, Ltd. 2004 Original Filename : brclr01.dll Product Name : Kgjrghfhq® Savnoml® Omgpiwueb Xurlaf Product Version : 5.0.0.19
VirusTotal Report submitted 2011-10-20 09:29:06
VirusShare info last updated 2012-07-26 10:51:05

	MD5	ba6cee39428deb8387bc3a36e8bb5f92
	SHA1	099de13bd8eb0b02bb78aec7595ecc24dacf5342
	SHA256	fd8a537c0ba657dc752bbb6f0f4d4833a5c383e42ce3ccfdddf95fc2a76f06db
SSDeep	1536:GbvvdfUOXE+HKK4b0r89leTJJhabHLWB2vDhBEQtaokQf:wdfxXxKfT9leFJhcLRreokQf
Size	76800 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/Win32.Monder.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Trj/Genetic.gen nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware eTrust-Vet = Win32/Monder.A!generic Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Artemis!BA6CEE39428D Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Monder.BMF!tr PCTools = Trojan.Gen Jiangmin = Trojan/Monder.abee McAfee = Artemis!BA6CEE39428D F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.YJO Norman = W32/Kryptik.AIF GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen.2 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.ndi BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.NDI
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:06:29 07:32:37-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 32768 Initialized Data Size : 90112 Uninitialized Data Size : 0 Entry Point : 0x4add OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 2 Language Code : Neutral Character Set : Unicode Company Name : Microsoft Feyzmogvamr File Description : Greenlandic Keyboard Layout File Version : 6.0.6000.16386 (edkrn_rtm.061101-2205) Internal Name : kbdgrlnd (3.13) Legal Copyright : © Oscyawtxx Pxpucqjdtev. All rights reserved. Original Filename : kbdgrlnd.dll Product Name : Vhrnqseir® Eipvpsk® Bxmonqxom Vrwqts Product Version : 6.0.6000.16386
VirusTotal Report submitted 2011-10-15 20:50:28
VirusShare info last updated 2012-07-26 10:51:08

	MD5	348795f86e7d28f3dc02dc0fc31052c6
	SHA1	626e92e261f0ba9497af4f1616e8046e52dc908e
	SHA256	0af9a04faa8ac2064da0d95cacea82f221350be680e16217beb850df6cb56bbe
SSDeep	6144:qbr47+qinstMgQgRnyoFz8Nr9XFFxTH+likQojkfiIrqsusJX5NLAz:oFq+sGYyo6RZFF9HcQfluaXLLm
Size	334859 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Pirminay.bjk Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Suspicious file nProtect = Gen:Variant.Buzy.552 K7AntiVirus = Riskware TrendMicro-HouseCall = Cryp_Spypro Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK DrWeb = Trojan.MulDrop1.60277 TrendMicro = Cryp_Spypro Kaspersky = Trojan.Win32.Pirminay.dva Microsoft = TrojanDownloader:Win32/Renos.KC Fortinet = PossibleThreat PCTools = Trojan.Milicenso Jiangmin = Trojan/Pirminay.gy ClamAV = Trojan.Agent-183368 F-Secure = Backdoor.Generic.550445 VIPRE = Trojan.Win32.Generic!BT Prevx = Medium Risk Malware Avast5 = Win32:Malware-gen AVG = Generic20.BEEO Norman = W32/Obfuscated.L Sophos = Mal/Generic-L Symantec = Trojan.Milicenso GData = Backdoor.Generic.550445 TheHacker = Trojan/Pirminay.bih BitDefender = Backdoor.Generic.550445 NOD32 = a variant of Win32/Kryptik.JIB
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:08:30 13:56:32-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 23040 Initialized Data Size : 603648 Uninitialized Data Size : 0 Entry Point : 0x6552 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.0.0.3422 Product Version Number : 2.0.0.3422 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : Hebrew Character Set : Unicode Comments : Company Name : Microsoft Corporation File Description : Microsoft Agent International Dll File Version : 2.00.0.3422 Internal Name : agt040d Legal Copyright : Copyright (C) Microsoft Corp. 1998 Legal Trademarks : Original Filename : agt040d.dll Private Build : Product Name : Microsoft Agent International Dll Product Version : 2.00.0.3422 Special Build :
VirusTotal Report submitted 2011-03-21 14:02:20
VirusShare info last updated 2012-07-26 10:51:44

	MD5	3a853fb76d6ab4464e692d0bb57b9021
	SHA1	0632254862dbdb3e29173d1407c896b7929561a5
	SHA256	0ccbba1b4fcfc64d3a47b2101a42b9518087396edd220f58c70c2feb8d4ff303
SSDeep	6144:NKIMyitoaW8IIEt5nYyUmYfuR92cB5YxTyj7OnXFb3+UzM7k+ZXZ:LWhyU9GBKxTKG1BIo+
Size	358400 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Downloader.Gen Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Pirminay.358400 Panda = Generic Trojan K7AntiVirus = Riskware VirusBuster = Trojan.Pirminay!YeCL9eAPGTk VBA32 = SScope.Trojan.Pirminay.chc TrendMicro-HouseCall = TROJ_GEN.R4FC2BD Emsisoft = Trojan.Win32.Pirminay!IK Comodo = TrojWare.Win32.Trojan.Agent.Gen CAT-QuickHeal = Trojan.Pirminay.dwg McAfee-GW-Edition = Generic Downloader.x!emz DrWeb = Trojan.WinSpy.origin TrendMicro = TROJ_GEN.R4FC2BD Kaspersky = Trojan.Win32.Pirminay.dwg Microsoft = TrojanDownloader:Win32/Ponmocup.A PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.nh McAfee = Generic Downloader.x!emz F-Secure = Gen:Trojan.Heur.RP.vqW@aa6URqf VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Malware-gen eSafe = Win32.TRDownloader F-Prot = W32/FakeAlert.FT.gen!Eldorado AVG = Dropper.VB.CMD.dropper Norman = W32/Suspicious_Gen2.IGDKM Sophos = Mal/Generic-L Symantec = Trojan.Gen GData = Gen:Trojan.Heur.RP.vqW@aa6URqf Commtouch = W32/FakeAlert.FT.gen!Eldorado TheHacker = Trojan/Downloader.Agent.pxo BitDefender = Gen:Trojan.Heur.RP.vqW@aa6URqf NOD32 = a variant of Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 65536 Initialized Data Size : 602112 Uninitialized Data Size : 0 Entry Point : 0x101da OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2011-07-12 00:14:58
VirusShare info last updated 2012-07-26 10:52:40

	MD5	a1c6c5e50d46344af8ff7db4e217724e
	SHA1	6317088b1f018b79e4e7b35affec64dffd29377e
	SHA256	0d6c4e9bfb5a01b750247330dce80e7ba18f7921d8334e2630968a27097cc62f
SSDeep	6144:Oh/x8NDUG0VFQQCGv9srhKrdVllXccDg4tXtFM2AGRVrcx9ixIQC9MVH5RIWHNcI:OhpCDUOQvlsFKrDdg462AmVM2rZWWtcI
Size	376270 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:Kryptik-CEC [Trj] Ikarus = Gen.Variant.Vundo AhnLab-V3 = Trojan/Win32.Pirminay Panda = Suspicious file nProtect = Trojan.Generic.KDV.210632 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!Cc5OBtSbLDQ VBA32 = Trojan.Pirminay.obq TrendMicro-HouseCall = TROJ_SPNR.15KL11 Comodo = TrojWare.Win32.Trojan.Agent.Gen Emsisoft = Gen.Variant.Vundo!IK CAT-QuickHeal = TrojanDownloader.Ponmocup.a McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.DownLoader4.61017 TrendMicro = TROJ_SPNR.15KL11 Kaspersky = Trojan.Win32.Pirminay.obq Microsoft = TrojanDownloader:Win32/Ponmocup.A ViRobot = Trojan.Win32.A.Pirminay.376270 Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.yl McAfee = Generic Malware.ms F-Secure = Trojan.Generic.KDV.210632 VIPRE = Trojan.Win32.Generic!BT F-Prot = W32/Ponmocup.A.gen!Eldorado AVG = Generic22.AEJL Norman = W32/Kryptik.AIF Sophos = Mal/Generic-L GData = Trojan.Generic.KDV.210632 Symantec = Trojan.Gen Commtouch = W32/Ponmocup.A.gen!Eldorado TheHacker = Trojan/Pirminay.ghx BitDefender = Trojan.Generic.KDV.210632 NOD32 = a variant of Win32/Kryptik.LLT
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1998:05:04 00:21:28-04:00 PE Type : PE32 Linker Version : 2.60 Code Size : 86016 Initialized Data Size : 581632 Uninitialized Data Size : 0 Entry Point : 0x116d3 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.131.2600.0 Product Version Number : 5.131.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Sfgecuckz Ecfofnnkbty File Description : Softpub Forwarder DLL File Version : 5.131.2600.0 (pqqabaab.010817-1148) Internal Name : Softpub Forwarder DLL Legal Copyright : © Gptwrymhq Cfygrtfofrq. All rights reserved. Original Filename : Softpub Forwarder DLL Product Name : Ikenpvbee® Tosypkm® Operating Kypokw Product Version : 5.131.2600.0
VirusTotal Report submitted 2012-05-20 08:18:49
VirusShare info last updated 2012-07-26 10:53:02

	MD5	8672d584153dfeed529781923ada79ba
	SHA1	6d53c9f091de0726226537aacd6a4ab061ba8d79
	SHA256	0d89580dbc8fae277df5b61d8be46cc92ac7bd349e62b8123a0cc3582895e715
SSDeep	3072:fhpnmlhae0UhVB0hdOqqQ5sQnglMMqqDLy/JhmGTWp41AJe/H:fnns1ghZ5bKqqDLujmGTWcA0
Size	163840 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-HH [Cryp] Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Fakeav.163840.EV Panda = Trj/CI.A nProtect = Trojan/W32.Agent.163840.AFN K7AntiVirus = Riskware VirusBuster = Adware.Virtumonde!n6D2kxcbjEQ VBA32 = Adware.Virtumonde.nhd eTrust-Vet = Win32/Monder.A!generic TrendMicro-HouseCall = TROJ_GEN.R30C2IE Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Vundo!lt DrWeb = Trojan.Click2.449 TrendMicro = TROJ_GEN.R30C2IE Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen McAfee = Vundo!lt F-Secure = Gen:Variant.TDss.65 VIPRE = Virtumonde F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.YXL Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen Symantec = Trojan.Gen.2 GData = Gen:Variant.TDss.65 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Genome.sufl BitDefender = Gen:Variant.TDss.65 NOD32 = Win32/Adware.Virtumonde.NHD
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:14 06:08:13-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 86016 Initialized Data Size : 118784 Uninitialized Data Size : 0 Entry Point : 0x1147a OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.5479.0 Product Version Number : 6.0.5479.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : SEIKO EPSON CORPORATION File Description : EPSON Print Processor ESC/Page-S File Version : 6.0.5479.0 (vbl_wcp_d2_drivers.060616-1619) Internal Name : ep0lpp01.dll Legal Copyright : Copyright (c) SEIKO EPSON CORPORATION 2006. All rights reserved. Original Filename : ep0lpp01.dll Product Name : EPSON Print Processor ESC/Page-S Product Version : 6.0.5479.0
VirusTotal Report submitted 2011-11-18 10:04:55
VirusShare info last updated 2012-07-26 10:53:06

	MD5	564bc8ee4c151f0ef1efaca9c7138781
	SHA1	26e861f27e905fcfe63714b7267b85488140ea62
	SHA256	0e2a714e3e6e5f72f39fcea4c0bd15f4fb8ecbbbb737ca4fe9d8cea67bff8fa7
SSDeep	3072:7r3G9vDiov1hneGmCRJABG60kFoxMqqDLy/z1oiAL/heKADR:7y9vXrneGmCfAzqqDLuzT+/gK4R
Size	233472 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.233472 Avast = Win32:MalOb-HH [Cryp] Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Fakeav.233472.BW nProtect = Trojan/W32.Genome.233472.B K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!qJhTNFLDHFo eTrust-Vet = Win32/Vundo.HRX TrendMicro-HouseCall = TROJ_GEN.R47C2G5 Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Genome.uuxl SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[Cont] McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.Smardec.75 TrendMicro = TROJ_GEN.R47C2G5 Kaspersky = Trojan.Win32.Genome.uuxl Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.gicd McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.JDC Norman = W32/Kryptik.AIF Sophos = Mal/Generic-L GData = Gen:Variant.Vundo.13 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.npr BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.NPR
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2007:03:30 12:45:09-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 155648 Initialized Data Size : 118784 Uninitialized Data Size : 0 Entry Point : 0x22bc2 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7000.0 Product Version Number : 6.1.7000.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Jlvijhced Rzpfwelvimd File Description : Myslwzm OCR Engine - Reverse Video Detection for Asian OCR File Version : 6.1.7000.0 (winmain_win7beta.081212-1400) Internal Name : reverse Legal Copyright : © Jtfeaoojh Ksnvaabflio. All rights reserved. Original Filename : reverse.dll Product Name : Pdxakpbrk® Voxzkpw® Lztauuaav Cttnfv Product Version : 6.1.7000.0
VirusTotal Report submitted 2012-03-25 20:45:39
VirusShare info last updated 2012-07-26 10:53:26

	MD5	265b475b2d8a14f58419789554b97a3d
	SHA1	1d6365f1aa399274cb563120dbccdbbc4bf06f90
	SHA256	0f131f9c5df41f7e2c97c85c5a557a842dea74f017755d864b4920c0595dea29
SSDeep	1536:KtksrtrHu1s1olTCylJpoVZCDE+hznlJf6w0k0T9cG7Udnnf3:Rsrth1ul8VMA+hznlJSw0ki9cddnnf
Size	94208 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-HF [Cryp] Ikarus = Trojan.Win32.Pirminay Panda = Trj/CI.A K7AntiVirus = Riskware eTrust-Vet = Win32/Monder.A!generic TrendMicro-HouseCall = TROJ_GEN.R4FCDLM Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Artemis!265B475B2D8A TrendMicro = TROJ_GEN.R4FCDLM Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen McAfee = Artemis!265B475B2D8A VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.AHOS Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Win32:MalOb-HF Symantec = Trojan.Gen.2 Commtouch = W32/Virtumonde.CH.gen!Eldorado NOD32 = a variant of Win32/Kryptik.NDI
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2004:08:09 23:56:17-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 36864 Initialized Data Size : 90112 Uninitialized Data Size : 0 Entry Point : 0x6705 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1.23.24.3 Product Version Number : 6.0.5713.0 File Flags Mask : 0x003f File Flags : Private build File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Unicode Company Name : LSI Logic File Description : LSI Logic Fusion-MPT FC Driver (StorPort) File Version : 1.23.24.03 (NT.060824-1234) Internal Name : LSI_FC-1.23.24.03 (Vista 32-bit) Legal Copyright : Copyright © LSI Logic 2006 Original Filename : LSI_FC.SYS Product Name : Yfmsguyhy® Okqxflo® Eksbockow Puvqvy Product Version : 6.0.5713.0
VirusTotal Report submitted 2011-12-31 23:53:06
VirusShare info last updated 2012-07-26 10:53:54

	MD5	d97ac214759f6df5789fee095e629b4a
	SHA1	b03ff656be58eefd5834e6fb3a9fd0d86f73ab9c
	SHA256	0f71f647d76d951363c86d9ac573abde4b448d8dbcdf10f29eda14ccbddf10b2
SSDeep	1536:eq4vR0WFckIKid22fl/wWbesHFfhZVPiFjkYNZ1:iWKd87RTLiFjkYNZ1
Size	69632 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.A.180 Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Adware/Win32.SuperJuan Panda = Suspicious file Rising = Trojan.Win32.Generic.1252E1E0 nProtect = Trojan/W32.Agent.69632.AQL K7AntiVirus = Riskware VirusBuster = Trojan.Agent!vaDXbu3qFRI VBA32 = Trojan.Agent.rsm TrendMicro-HouseCall = TROJ_GEN.R47C2L2 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Vundo.av McAfee-GW-Edition = Generic.dx!uxs DrWeb = Trojan.Juan.425 TrendMicro = TROJ_GEN.R47C2L2 Kaspersky = not-a-virus:AdWare.Win32.SuperJuan.ydy Microsoft = Trojan:Win32/Vundo.gen!AV PCTools = Trojan.Gen Jiangmin = Adware/SuperJuan.gm McAfee = Generic.dx!uxs F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Vundo Prevx = High Risk Fraudulent Security Program Avast5 = Win32:Malware-gen F-Prot = W32/Virtumonde.BZ.gen!Eldorado AVG = Agent2.BVJB Norman = W32/Suspicious_Gen2.ETDSG Sophos = Mal/Generic-L Symantec = Trojan.Gen GData = Gen:Variant.Vundo.13 Commtouch = W32/Virtumonde.BZ.gen!Eldorado TheHacker = Trojan/Agent.rsm BitDefender = Gen:Variant.Vundo.13 NOD32 = Win32/Agent.RSM
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:21 18:33:19-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 27648 Initialized Data Size : 74752 Uninitialized Data Size : 0 Entry Point : 0x7a31 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.1830 Product Version Number : 5.2.3790.1830 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : OpenGL Utility Library DLL File Version : 5.2.3790.1830 (srv03_sp1_rtm.050324-1447) Internal Name : glu32 Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : glu32 Product Name : Microsoft® Windows® Operating System Product Version : 5.2.3790.1830
VirusTotal Report submitted 2011-05-11 14:11:24
VirusShare info last updated 2012-07-26 10:54:04

	MD5	d3ccff591afb701477170c9de35bd578
	SHA1	52da2daed627bde90b0369ca407c29e443ebc272
	SHA256	0fd034d683fa9ed06f827b16f39fae840119ecd0f780621f92f35a768059a3a7
SSDeep	1536:eewQOXDjLQBSVoXMqqU+NV23S2LLWBTd3OQSWWfTzG:eHlDASVoXMqqDLy/LLW1dLSFzG
Size	114688 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Ikarus = Trojan.Win32.Pirminay Panda = Suspicious file nProtect = Gen:Variant.Vundo.13 K7AntiVirus = Riskware Emsisoft = Trojan.Win32.Pirminay!IK Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV F-Secure = Gen:Variant.Vundo.13 F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.CPFB GData = Gen:Variant.Vundo.13 Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.NPR
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:23 10:13:41-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 36864 Initialized Data Size : 122880 Uninitialized Data Size : 0 Entry Point : 0x627e OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.2180 Product Version Number : 5.1.2600.2180 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Kwzbpwynb Vwxvxksczdm File Description : Shell scrap object handler File Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Internal Name : shole Legal Copyright : © Csarxlvoc Obtjsewcdep. All rights reserved. Original Filename : SHSCRAP.DLL Product Name : Mdynjxyct® Windows® Usfncdval Ltagjy Product Version : 5.1.2600.2180
VirusTotal Report submitted 2011-08-12 02:47:05
VirusShare info last updated 2012-07-26 10:54:17

	MD5	95b8312543f2010ede1067c7835c0bf2
	SHA1	0154d020c366da0173eb57431ec7e19f0e292743
	SHA256	1001cf248152f14d1bec898dbc1b7b79efd8729b230af236a69fc5490f918035
SSDeep	6144:kioeEO36rXdrjCAtkJ99w1YBCGo4HvXk9Y61pXVFHiEenBl3c:ZiU/n9Pc5VFCECxc
Size	340577 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Spy.340561 Avast = Win32:Spyware-gen [Spy] Antiy-AVL = Trojan/Win32.Agent.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Fakeav.340577 Panda = Trj/CI.A nProtect = Gen:Variant.Zbot.34 K7AntiVirus = Trojan-Downloader VirusBuster = TrojanSpy.Agent!uqbvFmUpGzk VBA32 = SScope.Trojan.Pirminay.chc eTrust-Vet = Win32/Swisyn.R TrendMicro-HouseCall = TROJ_GEN.R4FC2CH Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = TrojanDownloader.Agent.gjvo McAfee-GW-Edition = Downloader-CEW.ag TrendMicro = TROJ_GEN.R4FC2CH Kaspersky = Trojan-Downloader.Win32.Agent.gjvo Microsoft = TrojanDownloader:Win32/Renos.KC Fortinet = PossibleThreat PCTools = Trojan.ADH McAfee = Downloader-CEW.ag F-Secure = Gen:Variant.Zbot.34 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Pirminay-H [Trj] AVG = Downloader.Agent2.AIMN Norman = W32/Obfuscated.L Sophos = Mal/Generic-L Symantec = Trojan.ADH.2 GData = Gen:Variant.Zbot.34 TheHacker = Trojan/Downloader.Agent.pxo BitDefender = Gen:Variant.Zbot.34 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:04:03 05:35:13-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 16384 Initialized Data Size : 618496 Uninitialized Data Size : 0 Entry Point : 0x49ec OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.10.0.3650 Product Version Number : 5.10.0.3650 File Flags Mask : 0x003f File Flags : Private build File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 9 Language Code : English (U.S.) Character Set : Unicode Company Name : Intel Corporation File Description : Intel(r) Integrated Controller Hub Audio Driver File Version : 5.10.3650 built by: WinDDK Internal Name : ichaud.sys Legal Copyright : Copyright (C) Intel Corporation 1998-2001 Original Filename : ichaud.sys Product Name : Intel(r) Integrated Controller Hub Audio Driver Product Version : 5.10.3650
VirusTotal Report submitted 2011-07-10 17:38:52
VirusShare info last updated 2012-07-26 10:54:24

	MD5	545a10238ac0c58c0b0b75beab57d996
	SHA1	2c8b0732916b34097fcef262c62c7bcb4f68592d
	SHA256	116f214216bd039cb849771ab4b8c31a218b5fb9180e0cf5398aa3a686fa7828
SSDeep	3072:QSRb9HsGbW43xDJoyO5ucIPc3zMc6a24oQMqqDLy/t5:5p7BDJoyO1IPc3zMRXqqDLu
Size	150528 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:Pirminay-BU [Trj] Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Genome Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware VirusBuster = Trojan.Vundo.Gen!Pac.49 eTrust-Vet = Win32/Vundo.HRW Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] DrWeb = Trojan.MulDrop2.36782 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr Jiangmin = Trojan/Generic.ired F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:Pirminay-BU [Trj] F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.KXO Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.llt BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LLT
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:29 12:41:54-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 114688 Initialized Data Size : 94208 Uninitialized Data Size : 0 Entry Point : 0x182fe OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Fjkowyapj Ieymnbmybtk File Description : Access Control List Editor File Version : 6.0.6000.16386 (vista_rtm.061101-2205) Internal Name : acledit.dll Legal Copyright : © Skrbuebzf Oeorvihtbfl. All rights reserved. Original Filename : acledit.dll Product Name : Akposljut® Jovquhu® Ezyhxqwfb Fobexb Product Version : 6.0.6000.16386
VirusTotal Report submitted 2011-09-12 08:19:45
VirusShare info last updated 2012-07-26 10:55:07

	MD5	43dff74677663436190415d146deee33
	SHA1	a44be873480abf479807c7ce6564041098594ba4
	SHA256	117881dd2a73095b2f95165c0b2e994c187446f71158478ac344d733f031da5c
SSDeep	3072:gQCLKktW3CCMm7h1vfrSD2R3MCuKGMovZ0a1n8DOnoMqqDLy/snqR8b:8Gktzm7DvzSqJPGJ0jDODqqDLus
Size	180224 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-HF [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Genome Panda = Suspicious file Rising = Trojan.Win32.Generic.1289D33E nProtect = Trojan/W32.Vundo.180224 K7AntiVirus = Riskware VirusBuster = Trojan.Genome!BXALZZT4IkI eTrust-Vet = Win32/Vundo.HRU TrendMicro-HouseCall = TROJ_GEN.R1BC2FR Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Monder.nneg SUPERAntiSpyware = Trojan.Agent/Gen-Vundo McAfee-GW-Edition = Artemis!43DFF7467766 DrWeb = Trojan.MulDrop2.36782 TrendMicro = TROJ_GEN.R1BC2FR Kaspersky = Trojan.Win32.Monder.nneg Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Vundo Jiangmin = Trojan/Monder.addk McAfee = Artemis!43DFF7467766 F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Generic!BT eSafe = Win32.TRVundo F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.KBG Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = Trojan.Vundo!gen9 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.oxp BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.OXP
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2004:07:11 15:22:28-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 86016 Initialized Data Size : 135168 Uninitialized Data Size : 0 Entry Point : 0x119ca OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.3959 Product Version Number : 5.2.3790.3959 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Microsoft Server Appliance Services File Version : 5.2.3790.3959 (srv03_sp2_rtm.070216-1710) Internal Name : APPSRVCS.DLL Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : APPSRVCS.DLL Product Name : Microsoft® Windows® Operating System Product Version : 5.2.3790.3959
VirusTotal Report submitted 2012-04-13 07:32:08
VirusShare info last updated 2012-07-26 10:55:08

	MD5	cf7fd40f81857dc07826764c5e95e81f
	SHA1	3e64a46bf459bd3d9980fd3a176ef44e686dfc08
	SHA256	118fc1605078804d9ffc12e7e3a4520abf427c16ee753fd9f1e1c2d9ffac176a
SSDeep	6144:dne/d6MQSsEkshGE+seGCsAjtsmDoTcejx8V5cTaILj8TwIl0kZbC6mMGl:dmH1sfs5+fG/AjtsmEL+mTa9wm4zr
Size	882176 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = PCK/Dumped Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Gen Panda = Trj/WL-heur.A Rising = Dropper.Win32.Qhost.b nProtect = Trojan.Generic.4128374 K7AntiVirus = Riskware VBA32 = Win32.TrojanDownloader.Agent.PXO TrendMicro-HouseCall = TROJ_GEN.R47C2IJ Emsisoft = Trojan.Win32.Pirminay!IK Comodo = TrojWare.Win32.Trojan.Agent.Gen CAT-QuickHeal = TrojanDownloader.Ponmocup.a McAfee-GW-Edition = Heuristic.BehavesLike.Win32.ModifiedUPX.J TrendMicro = TROJ_GEN.R47C2IJ Microsoft = TrojanDownloader:Win32/Ponmocup.A PCTools = Trojan.Gen Sunbelt = Trojan.Win32.Generic!SB.0 Jiangmin = Trojan/Swisyn.jgw McAfee = Suspect-BA!CF7FD40F8185 F-Secure = Trojan.Generic.4128374 Prevx = Medium Risk Malware Avast5 = Win32:Malware-gen eSafe = Win32.PCKDumped AVG = Downloader.Generic9.BZRM Norman = W32/Obfuscated.L Sophos = Mal/Generic-L Symantec = Trojan.Gen GData = Trojan.Generic.4128374 TheHacker = Trojan/Downloader.Agent.pxo BitDefender = Trojan.Generic.4128374 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:22 22:41:21-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 245760 Initialized Data Size : 163840 Uninitialized Data Size : 466944 Entry Point : 0x2de8 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2010-10-14 16:54:44
VirusShare info last updated 2012-07-26 10:55:11

	MD5	dca17baf4d3900219b16a28cb884a934
	SHA1	576bd149576086f9927713f51f7b34746aa0c95f
	SHA256	11c4f3cb1681d83225b62668a27d8f91016d70396dfd932acdd10b4e0baa25a9
SSDeep	6144:LLYLy5zogD+ehTkcF2w6cvkdW0BSEsTQOLCr0l1lCH:/YknWcMlksOLCc1Y
Size	298441 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dldr.Ponmocup.A.337 Avast = Win32:Spyware-gen [Spy] Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan-Downloader.Win32.Ponmocup AhnLab-V3 = Trojan/Win32.Pirminay Panda = Suspicious file nProtect = Gen:Variant.Riern.1 K7AntiVirus = Riskware VBA32 = Trojan.Pirminay.aeo TrendMicro-HouseCall = TROJ_GEN.R4FC3B1 Comodo = UnclassifiedMalware Emsisoft = Trojan-Downloader.Win32.Ponmocup!IK CAT-QuickHeal = Win32.TrojanDownloader.Renos.KC.4 McAfee-GW-Edition = Generic.dx!yov TrendMicro = TROJ_GEN.R4FC3B1 Kaspersky = Trojan.Win32.Pirminay.fow Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = PossibleThreat PCTools = Trojan.ADH Jiangmin = Trojan/Pirminay.lh McAfee = Generic.dx!yov F-Secure = Trojan.Generic.5531693 VIPRE = Trojan.Win32.Generic!SB.0 Avast5 = Win32:Spyware-gen [Spy] F-Prot = W32/FakeAlert.LP.gen!Eldorado AVG = Generic19.BUCQ Norman = W32/Suspicious_Gen2.IWXUY Sophos = Mal/Ponmocup-A Symantec = Trojan.ADH.2 GData = Trojan.Generic.5531693 Commtouch = W32/FakeAlert.LP.gen!Eldorado TheHacker = Trojan/Skintrim.cu BitDefender = Trojan.Generic.5531693 NOD32 = a variant of Win32/Kryptik.JHJ
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:04:24 12:16:19-04:00 PE Type : PE32 Linker Version : 5.12 Code Size : 45056 Initialized Data Size : 499200 Uninitialized Data Size : 0 Entry Point : 0xbd2c OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.0 Product Version Number : 5.2.3790.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Unknown File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Windows NT Macintosh File Server Service File Version : 5.2.3790.0 (srv03_rtm.030324-2048) Internal Name : sfmsvc.exe Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : sfmsvc.exe Product Name : Microsoft® Windows® Operating System Product Version : 5.2.3790.0
VirusTotal Report submitted 2011-07-20 21:55:58
VirusShare info last updated 2012-07-26 10:55:17

	MD5	585686a08913c5c8e160f2c22859166f
	SHA1	6be7a3daa41c028848bb7d645819eace3e84d4ef
	SHA256	12ac204aa38cd74a55408f6884c4653078e8f93e0d9a654d26d7443555faf54c
SSDeep	3072:ZDTeGF7Ms6wUDrhou9pFaN9tEowIzS8zlXZU54JZIJmM2U6k2X94hW2otKUgwXYN:8iMs6Bhouj/o1OA5ZUabMX29vOUgwI
Size	179200 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Genome Panda = Spyware/Virtumonde Rising = Trojan.Win32.Generic.125E6DF2 nProtect = Trojan/W32.Vundo.179200 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!BKVYyh6d+1U VBA32 = Trojan.Monder.mksn eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R29C1IL Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Monder.mrwl McAfee-GW-Edition = Vundo!lv DrWeb = Trojan.Click1.34896 TrendMicro = TROJ_GEN.R29C1IL Kaspersky = Trojan.Win32.Monder.mrwl Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Monder.MRWL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Genome.ivt McAfee = Vundo!lv F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.BZ.gen!Eldorado AVG = Generic24.CHVP Norman = W32/Suspicious_Gen2.QPRAI Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.13 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.BZ.gen!Eldorado TheHacker = Trojan/Kryptik.hny BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.HNY
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:23 16:20:10-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 105472 Initialized Data Size : 110080 Uninitialized Data Size : 0 Entry Point : 0x1a98d OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.3959 Product Version Number : 5.2.3790.3959 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Microsoft Fax Server COM Client Interface File Version : 5.2.3790.3959 (srv03_sp2_rtm.070216-1710) Internal Name : FXSCOM.DLL Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : FXSCOM.DLL Product Name : Microsoft® Windows® Operating System Product Version : 5.2.3790.3959
VirusTotal Report submitted 2012-03-27 01:52:36
VirusShare info last updated 2012-07-26 10:55:44

	MD5	915506f0ac752f1be7c6cfd2a36c1759
	SHA1	8d79515167808965037ee4912e7cf0b04b9e5e41
	SHA256	1311d76f1643adc569949181081c0be9bbb81d7ec51579461551a7f25368ae5a
SSDeep	3072:gQDNkk53GCgmdj19uSSYpRkN9ujGMovZ0a1n8DOneMqqDLy/lnqR8b:/kkemdJ9BS6C8GJ0jDOVqqDLul
Size	180224 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-HF [Cryp] Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Genome Panda = Suspicious file Rising = Trojan.Win32.Generic.1289D33E nProtect = Trojan/W32.Vundo.180224 K7AntiVirus = Riskware VirusBuster = Trojan.Genome!BXALZZT4IkI eTrust-Vet = Win32/Vundo.HRU TrendMicro-HouseCall = TROJ_GEN.R4FC7JO Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Vundo McAfee-GW-Edition = Artemis!915506F0AC75 DrWeb = Trojan.MulDrop2.36782 TrendMicro = TROJ_GEN.R4FC7JO Kaspersky = Trojan.Win32.Monder.mzwf Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen McAfee = Artemis!915506F0AC75 F-Secure = Gen:Variant.Vundo.4 VIPRE = Virtumonde F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.KBG Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen Symantec = Trojan.Gen GData = Gen:Variant.Vundo.4 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.oxp BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.OXP
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2004:07:11 15:22:28-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 86016 Initialized Data Size : 135168 Uninitialized Data Size : 0 Entry Point : 0x119ca OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.3959 Product Version Number : 5.2.3790.3959 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Microsoft Server Appliance Services File Version : 5.2.3790.3959 (srv03_sp2_rtm.070216-1710) Internal Name : APPSRVCS.DLL Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : APPSRVCS.DLL Product Name : Microsoft® Windows® Operating System Product Version : 5.2.3790.3959
VirusTotal Report submitted 2011-11-17 10:45:19
VirusShare info last updated 2012-07-26 10:55:53

	MD5	aa2948b87bbf5a2185f2ce54fba10129
	SHA1	22418767f0e0db7b433c6a4ab2d6970ca7dd007c
	SHA256	1316f212b3a73442e32f6042c452204d5172ae1f32a5c327371b9c0585bf74e6
SSDeep	1536:QCA6fKyeBD3oaPJ0lwKuNAC8YQihVIHLisvY5FWb2LC2F7rNLP6Omu:9xKxAk2C8eaigMFQ2LC2FBP6Ov
Size	73216 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay Panda = Suspicious file Rising = Trojan.Win32.Generic.1265DCE4 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!yCBkFjRzXRQ VBA32 = AdWare.SuperJuan.xxe TrendMicro-HouseCall = TROJ_GEN.R21C2II Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Monder.mrsn McAfee-GW-Edition = Artemis!AA2948B87BBF DrWeb = Trojan.WinSpy.894 TrendMicro = TROJ_GEN.R21C2II Kaspersky = Trojan.Win32.Monder.mrsn Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Monder.MRSN!tr PCTools = HeurEngine.MaliciousPacker TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Monder.acce McAfee = Artemis!AA2948B87BBF F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) eSafe = Win32.TRVundo F-Prot = W32/Virtumonde.BZ.gen!Eldorado AVG = Generic24.CMDL Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = Packed.Generic.305 Commtouch = W32/Virtumonde.BZ.gen!Eldorado TheHacker = Trojan/Kryptik.gnd BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.GND
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:10:13 05:12:37-04:00 PE Type : PE32 Linker Version : 5.12 Code Size : 64000 Initialized Data Size : 46080 Uninitialized Data Size : 0 Entry Point : 0x10931 OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.0 Product Version Number : 5.2.3790.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 2 Language Code : Neutral Character Set : Unicode Company Name : Microsoft Corporation File Description : Hungarian 101-key Keyboard Layout File Version : 5.2.3790.0 (srv03_rtm.030324-2048) Internal Name : kbdhu1 (3.12) Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : kbdhu1.dll Product Name : Microsoft® Windows® Operating System Product Version : 5.2.3790.0
VirusTotal Report submitted 2012-06-02 10:51:14
VirusShare info last updated 2012-07-26 10:55:54

	MD5	e865d3f0966a6a75cc6f6f33955513b0
	SHA1	54442bf74477ad44fe9bf215cf7774db319565b9
	SHA256	135bb1d5ef480509366e0a99137dec2fa2c33a725e0166688783a9421df6e5de
SSDeep	1536:oXcHZc3m5D7982CyJigVgFWmaOalOs6J2sc4jBIS60s0sM4XOpvFqW4YoSglB2cm:oXi82CyJlbAJ2cBfD1G2sWeS+tA/
Size	104448 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Suspicious file Rising = Trojan.Win32.Generic.12942FF6 nProtect = Trojan/W32.Agent.104448.KE K7AntiVirus = Riskware VBA32 = Trojan.Monder.mqyu eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R05C2I7 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Vundo.av McAfee-GW-Edition = Vundo!ld DrWeb = Trojan.Virtumod.10154 TrendMicro = TROJ_GEN.R05C2I7 Kaspersky = Trojan.Win32.Monder.mqyu Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr Jiangmin = Trojan/Monder.abop McAfee = Vundo!ld F-Secure = Gen:Variant.Barys.1942 VIPRE = Trojan.Win32.Kryptik.laq (v) eSafe = Win32.TRVundo F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Cryptic.BTF Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Barys.1942 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Monder.mqyu BitDefender = Gen:Variant.Barys.1942 NOD32 = probably a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:11:05 18:00:14-05:00 PE Type : PE32 Linker Version : 5.12 Code Size : 55808 Initialized Data Size : 83968 Uninitialized Data Size : 0 Entry Point : 0xe79e OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Web Service Security Package File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : TSpkg.dll Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : TSpkg.dll Product Name : Microsoft® Windows® Operating System Product Version : 6.1.7600.16385
VirusTotal Report submitted 2012-04-30 14:41:30
VirusShare info last updated 2012-07-26 10:56:03

	MD5	0f0ab2e4559ac5db84310d58f904ab7b
	SHA1	2cd08a29212c1039f66d5bd5753ee6e62a8f3908
	SHA256	135bf46679944995ae3fde338623e270dbbfae40e10ab9191d3226886be78ff5
SSDeep	6144:T7ajaEA4AnlivJtcYIZ0rvdY+S0jogL9p42JtKtSqj:n4vAvlicYrZhjog4AtHqj
Size	207355 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Ikarus = Trojan-Downloader.Win32.Ponmocup AhnLab-V3 = Trojan/Win32.Pirminay Panda = Suspicious file Emsisoft = Trojan-Downloader.Win32.Ponmocup!IK Jiangmin = Trojan/Generic.kkfx Norman = W32/Obfuscated.L
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 16384 Initialized Data Size : 196608 Uninitialized Data Size : 0 Entry Point : 0x12a6 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : Neutral Character Set : Unicode Company Name : Efnvnkewt Uboxgiylgxr File Description : Qualstar 2xxxx and 4xxx Medium changer driver File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : qlstrmc.sys Legal Copyright : © Xouiscrjp Cavjewpceqt. All rights reserved. Original Filename : qlstrmc.sys Product Name : Abggtapna® Sarytgi® Tysebfkdm Lxywdd Product Version : 6.1.7600.16385
VirusTotal Report submitted 2011-08-21 16:51:32
VirusShare info last updated 2012-07-26 10:56:03

	MD5	a67a2d6596b3e3641a249288cafa4396
	SHA1	cc878684a892212aee2501b2f6e86b0f2ccdbb81
	SHA256	138e9c945b4370bd843c0b63c62b25ba9e7dea17afff0e0d03e2814a9f98ba78
SSDeep	6144:/EAFkxMk0mGNt78oDCyIRZMtoDstZKAKZ+obEPNye99i3fNn4cXnEBKjz/ZnC9:/SQmGNycCyIRZkKfY6A9Yx4cXnEBKjzm
Size	385638 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.XPACK.Gen3 Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay Panda = Generic Trojan nProtect = Gen:Variant.Riern.1 VirusBuster = Trojan.Kryptik!XbN80Pl2CNM TrendMicro-HouseCall = TROJ_GEN.R2EC7IN Emsisoft = Trojan.Win32.Pirminay!IK TrendMicro = TROJ_GEN.R2EC7IN Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Kryptik.ANL!tr Jiangmin = Trojan/Pirminay.zi F-Secure = Trojan.Generic.5900379 VIPRE = Trojan.Win32.Generic!BT AVG = SHeur3.BXNZ Norman = W32/Kryptik.AIF Sophos = Mal/Ponmocup-A GData = Trojan.Generic.5900379 TheHacker = Trojan/Pirminay.gel BitDefender = Trojan.Generic.5900379 NOD32 = a variant of Win32/Kryptik.NDZ
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:03:30 16:55:58-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 20480 Initialized Data Size : 679936 Uninitialized Data Size : 0 Entry Point : 0x20c2 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.5.3790.1830 Product Version Number : 6.5.3790.1830 File Flags Mask : 0x30003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Windows, Latin1 Company Name : Qwfdwnhbv Egqnlhvbsgm File Description : Ipkvvtwhk SI/PSI parser for MPEG2 based networks. File Version : 6.05.3790.1830 Internal Name : psisdecd.dll Legal Copyright : Copyright (C) 1992-2001 Ibaqjhkxt Corp. Original Filename : psisdecd.dll Product Name : DirectShow Product Version : 6.05.3790.1830 Direct Show : Core OLE Self Register : DXM20
VirusTotal Report submitted 2011-10-06 17:30:50
VirusShare info last updated 2012-07-26 10:56:08

	MD5	0ed0fd8495b99e378714b2313d6b5e9e
	SHA1	e7093a12304a0752daf566ae84d8e3b43f4ae86c
	SHA256	15373bbc3f584fbe246253d048e1d22b0415645470fc1a7f1557b8224e2e392a
SSDeep	6144:fKwkGfMz1uopMO0Y4NhCon7gAIeZWHf3VFKU2ph+UnFIX/pgufMpFrVex5vTNAL:yYvO0YgGAVZW/E+UnqPhWFrVENQ
Size	365967 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.XPACK.Gen Avast = Win32:Trojan-gen Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Gen Panda = Trj/CI.A nProtect = Gen:Variant.Kazy.15607 VirusBuster = Trojan.XPACK!u5zRUMLgafk VBA32 = Trojan.Pirminay.itd TrendMicro-HouseCall = TROJ_GEN.R4FC2IE Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Heuristic.LooksLike.Win32.Suspicious.C TrendMicro = TROJ_GEN.R4FC2IE Kaspersky = Trojan.Win32.Pirminay.oeo Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.afr McAfee = Downloader.a!mh F-Secure = Trojan.Generic.6212102 VIPRE = Trojan.Win32.Generic!BT AVG = SHeur3.CGAT Norman = W32/Obfuscated.L GData = Trojan.Generic.6212102 Symantec = Trojan.Gen TheHacker = Trojan/Pirminay.itn BitDefender = Trojan.Generic.6212102
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:06:27 23:30:47-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 364544 Initialized Data Size : 4096 Uninitialized Data Size : 458752 Entry Point : 0xc97f0 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Xmcfldgox Fdcyviofnaj File Description : Bnbihfxpd DirectMusic Wave File Version : 5.1.2600.0 (kmqijvec.010817-1148) Internal Name : Thbekuyuj DirectMusic Wave Legal Copyright : © Microsoft Qjiyzmbjgyn. All rights reserved. Original Filename : dsave.dll Product Name : Fqjejdmmj® Adgvkfb® Lmfscnphm Bsvlrl Product Version : 5.1.2600.0
VirusTotal Report submitted 2011-10-03 07:58:10
VirusShare info last updated 2012-07-26 10:56:53

	MD5	c8ee289acc32f6c9b74c6e15cb9cad70
	SHA1	43e6becff78c757785ce902c3d2eeb95b630d68d
	SHA256	154ed390e556e94544d31d22ee37151774f0e64976338dd5cc3e95c9da3314be
SSDeep	6144:k1E+okbSqPJDm13ScDT9RCUh6YH2jaJ9Ykx+DzCTezlqbxHezu:kfomNmgcDxPDVrYm+DzCTiqb4zu
Size	270347 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Agent.259083 Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/CI.A Rising = Trojan.Win32.Generic.5229109C nProtect = Backdoor.Generic.412930 VBA32 = Trojan.Pirminay.jz TrendMicro-HouseCall = TROJ_GEN.R23C2IH Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Artemis!C8EE289ACC32 TrendMicro = TROJ_GEN.R23C2IH Kaspersky = Trojan.Win32.Pirminay.jb Microsoft = Trojan:Win32/Meredrop Fortinet = W32/Pirminay.JB!tr Sunbelt = Trojan.Win32.Generic.pak!cobra Jiangmin = Trojan/Pirminay.aa McAfee = Suspect-BA!C8EE289ACC32 ClamAV = Trojan.Generic.Bredolab-2 F-Secure = Backdoor.Generic.412930 Avast5 = Win32:Malware-gen AVG = SHeur3.ASOJ Norman = W32/Obfuscated.D2!genr Sophos = Mal/Generic-L GData = Backdoor.Generic.412930 BitDefender = Backdoor.Generic.412930 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:21 10:45:48-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 253952 Initialized Data Size : 16384 Uninitialized Data Size : 331776 Entry Point : 0x8f6a0 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2010-10-29 13:33:15
VirusShare info last updated 2012-07-26 10:56:55

	MD5	b47bc847ad1f4bb12ccc3eaa392ee5ac
	SHA1	96c53e30cd9e4cad4ce5340c469ea24f2b1d3511
	SHA256	155f58ada32d4c547ac167c440d96829ee7ebf1ac9b47244690b177b89923b8b
SSDeep	12288:PdNU33VR6fypBUuXYgKK+9CpHzTDO51nQi:P3UHOKpbognpHXK11
Size	420970 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Pirminay.bhg Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Suspicious file VBA32 = SScope.Trojan.Pirminay.chc TrendMicro-HouseCall = TROJ_GEN.R28C2AQ Emsisoft = Trojan.Pirminay!IK McAfee-GW-Edition = Artemis!B47BC847AD1F TrendMicro = TROJ_GEN.R28C2AQ Kaspersky = Trojan.Win32.Pirminay.ddx Microsoft = TrojanDownloader:Win32/Ponmocup.A PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.gp McAfee = Artemis!B47BC847AD1F F-Secure = Trojan.Generic.5319181 VIPRE = Trojan.Win32.Generic!SB.0 Avast5 = Win32:Malware-gen AVG = Generic20.BMJY Norman = W32/Obfuscated.L Sophos = Mal/Generic-L Symantec = Trojan.Gen GData = Trojan.Generic.5319181 TheHacker = Trojan/Pirminay.bce BitDefender = Trojan.Generic.5319181 NOD32 = a variant of Win32/Kryptik.JIW
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:08:08 21:52:15-04:00 PE Type : PE32 Linker Version : 6.22 Code Size : 16384 Initialized Data Size : 803840 Uninitialized Data Size : 0 Entry Point : 0x4ae2 OS Version : 4.0 Image Version : 4.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.2180 Product Version Number : 5.1.2600.2180 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Remote Access AutoDial Helper File Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Internal Name : rasadhlp.dll Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : rasadhlp.dll Product Name : Microsoft® Windows® Operating System Product Version : 5.1.2600.2180
VirusTotal Report submitted 2011-03-08 22:07:40
VirusShare info last updated 2012-07-26 10:56:56

	MD5	eb8dfbe6ec9d93114950d98ce843419e
	SHA1	ab651ea7a48f1ebc9445a96150b7175bcaf29594
	SHA256	15d05acb50e95d000de31f4ca01d86cc23e6098634e7066399222889cd6e71fa
SSDeep	6144:HPbQW8OrEHxpXyxTG8VAE+Z0lGeavJyf5R6IUIws6:HDQWZEHxpixIEplGjvC6VZ5
Size	207957 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:Malware-gen Antiy-AVL = Trojan/win32.agent Ikarus = Trojan-Downloader.Win32.Ponmocup AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/CI.A Comodo = TrojWare.Win32.Trojan.Agent.Gen Emsisoft = Trojan-Downloader.Win32.Ponmocup!IK McAfee-GW-Edition = Artemis!EB8DFBE6EC9D DrWeb = Trojan.DownLoader4.51202 Microsoft = TrojanDownloader:Win32/Ponmocup.A PCTools = Trojan.ADH Jiangmin = Trojan/Generic.kkfx McAfee = Artemis!EB8DFBE6EC9D F-Secure = Trojan.Generic.6460972 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Malware-gen AVG = Dropper.Generic4.ADSX Norman = W32/Obfuscated.L Sophos = Mal/Generic-L GData = Trojan.Generic.6460972 Symantec = Trojan.ADH.2 TheHacker = Trojan/Downloader.Agent.pxo BitDefender = Trojan.Generic.6460972 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 16384 Initialized Data Size : 200704 Uninitialized Data Size : 0 Entry Point : 0x12a2 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2001.7.25.0 Product Version Number : 10.0.0.0 File Flags Mask : 0x003f File Flags : Pre-release, Private build File OS : Windows 16-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Windows, Latin1 Company Name : Iadgkddnq Rflbhymotsm File Description : Mzfnvpzjo Character Encoder File Version : 2001072500 Internal Name : msencode Legal Copyright : Copyright © 1996-2001 Dpwokgyty Rnuuwdvkidm. Legal Trademarks : Fsfspgeah® is a registered trademark of Nmvbsghsk Ovftffwlszh. Product Name : Bsrvjmvzb Character Encoder Product Version : 10.0 Comments :
VirusTotal Report submitted 2011-09-05 02:39:14
VirusShare info last updated 2012-07-26 10:57:07

	MD5	67d7c1ba9bb60882573deab66fb86c56
	SHA1	e85e66947cc76661e8c99ca45ad555324d53367d
	SHA256	161551b79ea3b6f0f440af3385b583d9db144ff90beb60c3a55b230d75835084
SSDeep	1536:LJhU9FCrg6r83LGq8yPeS9wvigGC5DJ53398tqYzz0ni2RAM8fqEtJ:LQJ62O8eSKihsDT3gEniAYtJ
Size	98304 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Menti.gen Ikarus = Trojan.Win32.Pirminay Panda = Suspicious file VBA32 = AdWare.SuperJuan.heur Emsisoft = Trojan.Win32.Pirminay!IK Jiangmin = Trojan/Generic.cxtq VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:Malware-gen GData = Win32:Malware-gen NOD32 = a variant of Win32/Adware.Virtumonde.NKN
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:11:09 09:47:32-05:00 PE Type : PE32 Linker Version : 5.12 Code Size : 77824 Initialized Data Size : 53248 Uninitialized Data Size : 0 Entry Point : 0x13cde OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.1241 Product Version Number : 5.2.3790.1241 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : Microsoft Corporation File Description : Microsoft Linguistically Enhanced Wave File Output Engine File Version : 5.2.3790.1241 Internal Name : MSLWVTTS Legal Copyright : Copyright (C) Microsoft Corp. 1997-98 Legal Trademarks : Original Filename : MSLWVTTS.DLL Private Build : Product Name : Microsoft Linguistically Enhanced Wave File Output Engine Product Version : 5.2.3790.1241 Special Build :
VirusTotal Report submitted 2011-04-30 04:59:39
VirusShare info last updated 2012-07-26 10:57:14

	MD5	32270824612e03cf0bafe916a6aa2687
	SHA1	c0f21d35af3ddf7443ae38f4b1453f0f8abf3393
	SHA256	165f98b1e581dc8905c2037241f77b19c8209c20d5cf41af66c3cf42cecac356
SSDeep	3072:i/yIeI3U8u8zM97tu1G31fyuAo7MqqDLy/o4SV8:+748zqha84qqDLuaV8
Size	118784 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Genome Panda = Trj/Genetic.gen nProtect = Gen:Variant.Vundo.16 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!1XMo6ONwW94 TrendMicro-HouseCall = TROJ_GEN.R4FC2IL Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Kundo McAfee-GW-Edition = Vundo!mj TrendMicro = TROJ_GEN.R4FC2IL Kaspersky = Trojan.Win32.Genome.vdck Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen McAfee = Vundo!mj F-Secure = Gen:Variant.Vundo.16 VIPRE = Virtumonde F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.AGKM Sophos = Troj/Virtum-Gen Symantec = Trojan.Gen GData = Gen:Variant.Vundo.16 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Genome.srdh BitDefender = Gen:Variant.Vundo.16 NOD32 = probably a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:16 03:31:27-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 40960 Initialized Data Size : 118784 Uninitialized Data Size : 0 Entry Point : 0x6ec2 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1998.11.13.0 Product Version Number : 7.0.6.23 File Flags Mask : 0x003f File Flags : (none) File OS : Win16 Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Windows, Latin1 Platform : Windows Company Name : Microsoft Corporation File Description : SQL Client Configuration Utility. File Version : 1998.11.13 Internal Name : CLICONFG. Legal Copyright : Copyright © Microsoft Corp. 1988-1998 Legal Trademarks : Microsoft® is a registered trademark of Microsoft Corporation. Windows(TM) is a trademark of Microsoft Corporation Original Filename : CLICONFG.EXE. Product Name : Microsoft SQL Server Product Version : 7.00.623 Comments : Windows
VirusTotal Report submitted 2011-10-07 18:03:06
VirusShare info last updated 2012-07-26 10:57:22

	MD5	bfd43a0cb15b51128547c271f947d344
	SHA1	486834cdbf0d9f55469c7ba36a009deb42413cea
	SHA256	1746ca7d8210b031500bf33c45c27f76ad0063f80310b8ebacb9d1b6901ad5a0
SSDeep	3072:Ujn48F3EEhJ/5MJp2Mpyn6H1U2eA6xQPIfRqm1AHBrJoDMqqDLy/BS06qz4m:UD48F3E+wJp2MplVU6PIfwmyhZqqDLuU
Size	152576 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.AV.777 Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.HDC Panda = Generic Trojan nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!R/AF3Qkx7XM TrendMicro-HouseCall = TROJ_GEN.R47C7JC Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[RE] McAfee-GW-Edition = Vundo!mm DrWeb = Trojan.Smardec.75 TrendMicro = TROJ_GEN.R47C7JC Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr Jiangmin = Trojan/Generic.gotg McAfee = Vundo!mm F-Secure = Gen:Variant.Vundo.4 VIPRE = Virtumonde F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.HYA Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Gen:Variant.Vundo.4 NOD32 = Win32/Adware.Virtumonde.NHD
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2005:03:13 16:11:35-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 118784 Initialized Data Size : 86016 Uninitialized Data Size : 0 Entry Point : 0x1975e OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Lywnftwdo Rrcxmilpplk File Description : WS Discovery Service File Version : 6.0.6000.16386 (lydkb_rtm.061101-2205) Internal Name : fdPHost.dll Legal Copyright : © Uxnnegsah Wpkqhppamhl. All rights reserved. Original Filename : fdPHost.dll Product Name : Pcdckoeuq® Tmhsubi® Operating Cfxyit Product Version : 6.0.6000.16386
VirusTotal Report submitted 2011-10-20 22:49:58
VirusShare info last updated 2012-07-26 10:57:53

	MD5	ce80989e4bae4ef2d0bec3f92aecb63b
	SHA1	09d01bc708c2a0c951f1c56f5a26a52e0bcd7c77
	SHA256	18f6858ef9ca841f0badcdd448dec6bcf3da2bba3bef07926edd1325d0133c54
SSDeep	3072:p4S0nbiW/G2rUnvjfBEShh2FArie0/0NkFfuldMqqDLy/jR+9:psurvt2Fw0skFf1qqDLuM
Size	137216 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-HF [Cryp] Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Genome Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!19E4nI5sudU eTrust-Vet = Win32/Monder.A!generic TrendMicro-HouseCall = TROJ_GEN.R1BC2FT Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Genome.vfwg SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[RE] McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.Click2.286 TrendMicro = TROJ_GEN.R1BC2FT Kaspersky = Trojan.Win32.Genome.vfwg Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr Jiangmin = Trojan/Generic.iptc McAfee = Generic Malware.ms VIPRE = Trojan.Win32.Generic!BT F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.AUN Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = WS.Reputation.1 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.llt BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LLT
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:05 17:20:27-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 73728 Initialized Data Size : 114688 Uninitialized Data Size : 0 Entry Point : 0xe2ca OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.2180 Product Version Number : 5.1.2600.2180 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 6 Language Code : English (U.S.) Character Set : Unicode Company Name : Keixqbqdc Bwvleejxlrx File Description : IPv6 Tfwssbn Firewall Driver File Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Internal Name : ip6fw.sys Legal Copyright : © Capanacsh Bngdmkceeph. All rights reserved. Original Filename : ip6fw.sys Product Name : Kdgurrwrx® Bddpqkb® Xxzlbjwzi System Product Version : 5.1.2600.2180
VirusTotal Report submitted 2011-11-27 07:26:03
VirusShare info last updated 2012-07-26 10:58:35

	MD5	f7fceb74db34db930351e86fdb5b501b
	SHA1	af8767ac6ff3a8cd993abcc187cfc1d0507d1aa5
	SHA256	19ea0e7cc79a946559cebbd035010af8acc31184e32deac040d49efa831ceb49
SSDeep	3072:+2nw3C9d2HIUdWjdR75QKWUDO8st7phpo2:pwy9w/dWjTlXjDHsg
Size	103424 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Renos.PJY Avast = Win32:Trojan-gen Ikarus = Trojan.Win32.Pirminay Panda = Suspicious file nProtect = Trojan.Renos.PJY Emsisoft = Trojan.Win32.Pirminay!IK F-Secure = Trojan.Renos.PJY Prevx = High Risk Cloaked Malware Avast5 = Win32:Trojan-gen AVG = Crypt_c.CEV GData = Trojan.Renos.PJY TheHacker = Trojan/Kryptik.hhf BitDefender = Trojan.Renos.PJY NOD32 = a variant of Win32/Kryptik.HHF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:17 15:51:36-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 92160 Initialized Data Size : 48640 Uninitialized Data Size : 0 Entry Point : 0x17649 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : Neutral Character Set : Unicode Company Name : Microsoft Corporation File Description : KO Hangeul Keyboard Layout for 101 (Type A) File Version : 6.0.6000.16386 (vista_rtm.061101-2205) Internal Name : kbd101a Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : kbd101a.dll Product Name : Microsoft® Windows® Operating System Product Version : 6.0.6000.16386
VirusTotal Report submitted 2010-10-31 16:47:34
VirusShare info last updated 2012-07-26 10:59:01

	MD5	8aa717711f8d752283fecf8ce4034170
	SHA1	643abadf5bc5fd868af65a0fca267be8fe640e3d
	SHA256	1a4544ab596ba452d06f495e66e7364c225e7e8d016e346774b556da920341ee
SSDeep	768:G+lUj9kGQSLdZ+9S5BbJBFRMG7Ff4HmSU5jgYLMAvCiHLZcS7T/IKf5:GmyQSLr+E5BbJBFRMG7FPtgJlqySAKf5
Size	49152 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Menti Panda = Suspicious file Rising = Trojan.Win32.Generic.12745E9E K7AntiVirus = Riskware VBA32 = AdWare.SuperJuan.heur TrendMicro-HouseCall = TROJ_GEN.R1CCRAN Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Generic.dx!vou TrendMicro = TROJ_GEN.R1CCRAN Kaspersky = Trojan.Win32.Menti.bsa Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Generic.cxeq McAfee = Generic.dx!vou F-Secure = Gen:Variant.Vundo.5 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Cryptic.BTF Norman = W32/Kryptik.AIF GData = Gen:Variant.Vundo.5 Symantec = Trojan.Gen.2 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.jhe BitDefender = Gen:Variant.Vundo.5 NOD32 = a variant of Win32/Kryptik.JHE
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:07:30 17:36:22-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 7168 Initialized Data Size : 79360 Uninitialized Data Size : 0 Entry Point : 0x285e OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.5512 Product Version Number : 5.1.2600.5512 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : Neutral Character Set : Unicode Company Name : Microsoft Corporation File Description : JP Japanese Keyboard Layout for IBM 5576-002/003 File Version : 5.1.2600.5512 (xpsp.080413-2105) Internal Name : kbdibm02 Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : kbdibm02.dll Product Name : Microsoft® Windows® Operating System Product Version : 5.1.2600.5512
VirusTotal Report submitted 2012-06-06 16:17:20
VirusShare info last updated 2012-07-26 10:59:09

	MD5	9ee592dfa02a95a6053b05de924e2025
	SHA1	1a470f484edb40acfac262f1203d76e650482fa9
	SHA256	2dc2f5032714072218e4f74bb4659fdd60cbff162a0973d56bb243a9de67c980
SSDeep	3072:0+13t9VAcR4enPgA9l8b93Og2el0MqqDLy/i5kS:023acR4ePXexEsqqDLua
Size	136704 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Fakeav.136704.AN Panda = Trj/CI.A nProtect = Trojan/W32.Agent.136704.HD K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_GEN.R4FC2IF Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falleg[RE] McAfee-GW-Edition = Artemis!9EE592DFA02A DrWeb = Trojan.Virtumod.10084 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.ineh McAfee = Artemis!9EE592DFA02A F-Secure = Gen:Variant.Graftor.671 F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.DKB Norman = W32/Suspicious_Gen2.QTRWV Sophos = Mal/Generic-L GData = Gen:Variant.Graftor.671 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.myj BitDefender = Gen:Variant.Graftor.671 NOD32 = a variant of Win32/Kryptik.MYJ
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:20 09:51:04-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 106496 Initialized Data Size : 86016 Uninitialized Data Size : 0 Entry Point : 0x1649a OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 0.90.16.16384 Product Version Number : 0.90.16.16384 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Unicode Company Name : N-trig Innovative Technologies File Description : N-trig tablet digitizer in-box driver File Version : 0.90.16.16384 (Vista_RC1.060509-2219) Internal Name : ntrigdigi.sys Legal Copyright : © Crhnesmrg Reogypswwyj. All rights reserved. Original Filename : ntrigdigi.sys Product Name : N-trig tablet digitizer in-box driver Product Version : 0.90.16.16384
VirusTotal Report submitted 2011-10-20 20:53:35
VirusShare info last updated 2012-07-26 10:59:10

	MD5	1609247fab63e1129a70f6a85da8f154
	SHA1	96d7ac195f0f439b3718671677bcdb67cb75ea2d
	SHA256	1a589c76f17365e9b5940a7ca4942a5d2f7cf1a2d8b4f480a58dfd6a0fdc836e
SSDeep	1536:lffaKD5AOiF+Q8isz8sbWc5a1dUNtpfbSF4om93AXJ4TBziaQnl4:lffnDMIzecdpmi9w6NEnl4
Size	77824 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.307200 Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/Win32.Monder.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Vundo Panda = Trj/CI.A nProtect = Trojan/W32.Monder.77824.F K7AntiVirus = Riskware VirusBuster = Trojan.Monder!KI3E0WlvUtM eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R28C2GE Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Win32.Trojan.Monder.cm.5 McAfee-GW-Edition = Vundo!ko DrWeb = Trojan.Virtumod.10270 TrendMicro = TROJ_GEN.R28C2GE Kaspersky = Trojan.Win32.Monder.mplt Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen McAfee = Vundo!ko F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.YLY Norman = W32/Suspicious_Gen2.PNOSC Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.13 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.ndi BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.NDI
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:11:12 19:46:07-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 28672 Initialized Data Size : 90112 Uninitialized Data Size : 0 Entry Point : 0x4885 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.1.1.51 Product Version Number : 2.1.1.51 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : Hewlett-Packard Company File Description : hpboidPS Module Internal Name : Proxy stub for status server Legal Copyright : Copyright © 2006, 2007 Hewlett-Packard Company Legal Trademarks : OLE Self Register : File Version : 2,1,1,51 Original Filename : hpboidps.DLL Private Build : Product Name : Bidi (Missile) User Mode Product Version : 2,1,1,51 Special Build :
VirusTotal Report submitted 2012-02-17 11:25:59
VirusShare info last updated 2012-07-26 10:59:10

	MD5	98ae3e3313865c6918aa89fe110430c1
	SHA1	747db29e74dad481aee2466288e59df1f4f2252c
	SHA256	1aa72860c4f80f2ddf72f131354596723b69f6fa9cea061accd1a1f7edcc37d2
SSDeep	1536:VrjYt+0CGX0ZXIxPFAY7DL77sz/23oLjk027CJ68TdbQfJKshETkLqfATX7:Vrjc9nGX+FAI8zLH2WJ7dbczEO0Ar7
Size	112128 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay Panda = Trj/CI.A nProtect = Trojan.Generic.KDV.577828 K7AntiVirus = Riskware eTrust-Vet = Win32/Vundo.H!generic Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK DrWeb = Trojan.Siggen3.55077 Kaspersky = Trojan.Win32.Menti.kzeo Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = HeurEngine.MaliciousPacker McAfee = Artemis!98AE3E331386 F-Secure = Trojan.Generic.KDV.577828 VIPRE = Virtumonde F-Prot = W32/Virtumonde.BZ.gen!Eldorado AVG = Cryptic.DQQ Norman = W32/Kryptik.AIF GData = Trojan.Generic.KDV.577828 Symantec = Packed.Generic.305 Commtouch = W32/Virtumonde.BZ.gen!Eldorado BitDefender = Trojan.Generic.KDV.577828 NOD32 = a variant of Win32/Kryptik.IAC
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:07:28 13:39:23-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 58368 Initialized Data Size : 89088 Uninitialized Data Size : 0 Entry Point : 0xf32d OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 0.3.1536.1 Product Version Number : 1.10.2.20 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : CANON INC. File Description : Canon Inkjet Printer Driver File Version : 1.10.2.20 (fbl_dox_dev_ihvs.090312-0520) Internal Name : CNBBRxxx.DLL Legal Copyright : Copyright CANON INC. 2008 All Rights Reserved Original Filename : CNBBRxxx.DLL Product Name : Canon Inkjet Printer Driver Product Version : 1.10.2.20
VirusTotal Report submitted 2012-03-23 19:11:13
VirusShare info last updated 2012-07-26 10:59:16

	MD5	0e3aaa301b14143318ffa2e05e743f34
	SHA1	05a51416bc920ecc3a63087006b1e57efcbc075c
	SHA256	1ab0027cd16b0132ec7cf5f6819b1c915a1aac3604a2657a19fd8d26b29000d0
SSDeep	6144:vDleF/55iPJNiCtrJ4ObeKUpy0mLyrzYhvEb05kObHoRq:vDlE5iP/iCPfbeKUpfy2zYhMb05dUA
Size	267143 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:Malware-gen Ikarus = Trojan-Downloader.Win32.Ponmocup AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/CI.A Comodo = TrojWare.Win32.Trojan.Agent.Gen Emsisoft = Trojan-Downloader.Win32.Ponmocup!IK McAfee-GW-Edition = Heuristic.LooksLike.Trojan.Crypt.ZPACK.B DrWeb = Trojan.DownLoader4.47441 ByteHero = Trojan.Win32.Heur.Gen Microsoft = TrojanDownloader:Win32/Ponmocup.A Jiangmin = Trojan/Generic.kfzm McAfee = Generic Downloader.x!gas VIPRE = Trojan.Win32.Generic!SB.0 Avast5 = Win32:Malware-gen AVG = Dropper.Generic4.AFLZ Norman = W32/Obfuscated.L Sophos = Mal/Generic-L GData = Win32:Malware-gen NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 16384 Initialized Data Size : 258048 Uninitialized Data Size : 0 Entry Point : 0x12ae OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.0 Product Version Number : 5.2.3790.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Sfefdynny Uiyfuapywio File Description : Keyring Manager Application File Version : 5.2.3790.0 (srv03_rtm.030324-2048) Internal Name : keymgr.cpl Legal Copyright : © Ecprhxhtf Kmwtvvffozp. All rights reserved. Original Filename : keymgr.cpl Product Name : Gducodeqm® Lnfacqy® Yguzcjiyy Yxehwj Product Version : 5.2.3790.0
VirusTotal Report submitted 2011-08-25 00:54:15
VirusShare info last updated 2012-07-26 10:59:17

	MD5	edeb19bec9bf8b5d9e1bccfb6bd4ca3f
	SHA1	1efed5c1e76b269fbc507fad19caa1c66e719fcd
	SHA256	1b85e317e31ec88d743f04d7e7406507cb3e6dbdcbd74a3e395c12c9e3602c39
SSDeep	3072:zoZVyKzh0ka+zPe7+H2Zo9B3K72UoLX2wYxRif0bMqqDLy/Qd0ded93OTI:zkyKtxlea2Zonn372Hi8YqqDLutT
Size	163840 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.13 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!tOYFGoEuiLY TrendMicro-HouseCall = TROJ_GEN.R1BC2H3 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Vundo!kl DrWeb = Trojan.Click1.54693 TrendMicro = TROJ_GEN.R1BC2H3 Kaspersky = Trojan.Win32.Genome.vfzu Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr McAfee = Vundo!kl F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Generic!BT F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.JXW Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.13 Symantec = WS.Reputation.1 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.oxo BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.OXO
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:14 14:58:26-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 106496 Initialized Data Size : 98304 Uninitialized Data Size : 0 Entry Point : 0x1af37 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 3.0.6920.1820 Product Version Number : 3.0.6920.1820 File Flags Mask : 0x003f File Flags : Private build File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Ykodchwab Wnzebbnlxzw File Description : PresentationFramework.Luna.dll File Version : 3.0.6920.1820 built by: NetFXw7 Internal Name : PresentationFramework.Luna.dll Legal Copyright : © Wgeudarkd Ohcpevdikur. All rights reserved. Original Filename : PresentationFramework.Luna.dll Product Name : Fjgjgypbf® .NET Framework Product Version : 3.0.6920.1820 Comments : Flavor=Retail Private Build : DDBLD228
VirusTotal Report submitted 2011-10-21 01:46:23
VirusShare info last updated 2012-07-26 10:59:34

	MD5	7e472a6ee0388506eef207c05cb5282d
	SHA1	dfa3385e0a65155bb5f5263398b3ecac92b2354e
	SHA256	1cba11c9e036e5429f62eec29d65b0016c70e0469f71ceaa2242417575f9f8a6
SSDeep	3072:co0tooBl/wYvVL9LI0nkAoZCRLTnkGZRJle6ZLUmggpok5aigKy:cVooBlRddLnkAV/kgRJ4jXgptR
Size	167424 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Suspicious file nProtect = Trojan/W32.Vundo.167424.B K7AntiVirus = Riskware VBA32 = AdWare.SuperJuan.xfx eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R47C2AT Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Monder.mukn SUPERAntiSpyware = Trojan.Agent/Gen-Vundo McAfee-GW-Edition = Artemis!7E472A6EE038 DrWeb = Trojan.Virtumod.10230 TrendMicro = TROJ_GEN.R47C2AT Kaspersky = Trojan.Win32.Monder.mukn Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Monder.abdm McAfee = Artemis!7E472A6EE038 F-Secure = Gen:Variant.Barys.1942 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Cryptic.BPO Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Barys.1942 Symantec = Trojan.Gen.2 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Monder.mmfz BitDefender = Gen:Variant.Barys.1942 NOD32 = a variant of Win32/Kryptik.IZC
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:01:20 08:32:59-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 116736 Initialized Data Size : 86528 Uninitialized Data Size : 0 Entry Point : 0x1d5d4 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Windows Management Interface for ACPI File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : wmiacpi.sys Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : wmiacpi.sys Product Name : Microsoft® Windows® Operating System Product Version : 6.1.7600.16385
VirusTotal Report submitted 2012-05-03 23:43:30
VirusShare info last updated 2012-07-26 11:00:01

	MD5	2c85a3c9d1c3a5911c016871e00382c6
	SHA1	5745745d4496ef7041011d7cd83269186c245740
	SHA256	1e59250c05ab7fde4c08d08037889004c10d3b1641c6bca5acbf52a7d127d20a
SSDeep	3072:REyk2xbcAA4M68518cv/KV6oppTHahH4djP8jp1lNcSwoZZYfO:OvvAAJjpgx1ypNcSIfO
Size	167936 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.307200 Avast = Win32:MalOb-GD [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.FakeAV Panda = Suspicious file Rising = Trojan.Win32.Generic.1299201A K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!8MNBPk3V/ZQ eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R45C2FG Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[Cont] McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.Virtumod.10325 TrendMicro = TROJ_GEN.R45C2FG Kaspersky = Trojan.Win32.Monder.mvbe Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr Jiangmin = Trojan/Monder.ackh McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.4 VIPRE = Virtumonde eSafe = Win32.TRVundo F-Prot = W32/Virtumonde.CD.gen!Eldorado AVG = Generic22.ANCC Norman = W32/Kryptik.AIF Sophos = Mal/Generic-L GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CD.gen!Eldorado TheHacker = Trojan/Kryptik.ndi BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.NDI
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:01:18 00:19:53-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 102400 Initialized Data Size : 98304 Uninitialized Data Size : 0 Entry Point : 0x163c5 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6001.18000 Product Version Number : 6.0.6001.18000 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 8 Language Code : English (U.S.) Character Set : Unicode Company Name : Xztfevbqv Kbgbrtftghg File Description : Flnsgrboy ACM Audio Filter File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840) Internal Name : Jhyddtqsf ACM Audio Filter Legal Copyright : © Inorznyop Corporation. All rights reserved. Original Filename : msfltr32.acm Product Name : Xcsltbhjn® Zqtcvkp® Pgkevtdwi Lrgelv Product Version : 6.0.6001.18000
VirusTotal Report submitted 2012-02-26 16:54:21
VirusShare info last updated 2012-07-26 11:00:36

	MD5	f9e9958568fa5a816647f7b419e1bf60
	SHA1	6505b914c3e90e4edc074cf9c13795be98f1593d
	SHA256	1eace16d38f3efde46ffea45b798e72e902e03a0eab65436ea2d8d3f58ba0b64
SSDeep	1536:qvnV04qDSiTY7NwU7MFRLZE2bu94vL9W:5IiT+TgFRLG2bF
Size	54784 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Genome Panda = Suspicious file Rising = Trojan.Win32.Generic.1234CB89 nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = (Suspicious) - DNAScan DrWeb = Trojan.Click1.39930 Kaspersky = Trojan.Win32.Monder.myoq Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr Jiangmin = Trojan/Genome.aagx F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.BZ.gen!Eldorado Norman = W32/Kryptik.AIF GData = Gen:Variant.Vundo.4 Commtouch = W32/Virtumonde.BZ.gen!Eldorado BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.GND
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:03:31 23:58:45-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 15360 Initialized Data Size : 75264 Uninitialized Data Size : 0 Entry Point : 0x4add OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Windows Media CodecDSP Proxy Stub Dll File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : wmcodecdspps.dll Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : wmcodecdspps.dll Product Name : Microsoft® Windows® Operating System Product Version : 6.1.7600.16385 Ole Self Register :
VirusTotal Report submitted 2011-11-04 22:11:55
VirusShare info last updated 2012-07-26 11:00:43

	MD5	f7d6def702068fdc9a89c3e61b9f1b10
	SHA1	21cbb59bddf1d5611b1354fd1ed2be9a4068dbc7
	SHA256	1fe9687cb3e4b3cd493bcd9ac6259ed3d580b86ff5aa19434f95b5cecc1d9222
SSDeep	1536:yO9z1Imlj2HekpWrngbcNPkcujaMu5ehKv7zf3laIjMQJSLpO1teS4XGEBBhF25X:TJImlj2e58b3uMuCKnlXpSVCehZ25JI
Size	114688 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-GD [Cryp] Antiy-AVL = Trojan/Win32.Monder.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Generic Trojan nProtect = Gen:Variant.Graftor.310 K7AntiVirus = Riskware eTrust-Vet = Win32/Monder.A!generic Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Vundo.av McAfee-GW-Edition = Artemis!F7D6DEF70206 DrWeb = Trojan.Virtumod.10499 Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr McAfee = Vundo!mr F-Secure = Gen:Variant.Graftor.310 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CD.gen!Eldorado AVG = Generic22.APDD Sophos = Troj/Virtum-Gen GData = Gen:Variant.Graftor.310 Commtouch = W32/Virtumonde.CD.gen!Eldorado BitDefender = Gen:Variant.Graftor.310 NOD32 = a variant of Win32/Kryptik.NDI
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2007:02:11 20:48:32-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 57344 Initialized Data Size : 90112 Uninitialized Data Size : 0 Entry Point : 0xae19 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.0.0.3422 Product Version Number : 2.0.0.3422 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : Clcdkfhdh Vdvesxebiba File Description : Bbyuczhtl Agent Data Provider File Version : 2.00.0.3422 Internal Name : AgentDataProvider Legal Copyright : Copyright (C) Microsoft Corp. 1997-98 Legal Trademarks : Original Filename : AgentDpv.dll Private Build : Product Name : Zqbtqzuvw Agent Data Provider Product Version : 2.00.0.3422 Special Build :
VirusTotal Report submitted 2011-10-28 04:58:56
VirusShare info last updated 2012-07-26 11:01:12

	MD5	1b4a789866e33d5ffc2dc156a0bb09d2
	SHA1	a41315683d01ca3ce3bad3bc3ef998fb93c7c266
	SHA256	20091fe576d61dec8a917ae49494bd38ef01659a18dede926e56bf82835ffa87
SSDeep	1536:7/djN3NfQMtHNc4/TM4JHlCLYo0tl4NEzOFXYDOWie0XwQlqfLv/YlhMqqU+NV2H:7f3NfQMti4o4JEGzFOz9NlhMqqDLy/7
Size	106496 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-HH [Cryp] Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Vundo Panda = Trj/CI.A Rising = Trojan.Win32.Generic.129BD301 nProtect = Trojan/W32.Genome.106496.O K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!fuh1WEq+pVc VBA32 = Trojan.Genome.vbgb eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R11C2GM Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Genome.vbgb McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.Click1.63759 TrendMicro = TROJ_GEN.R11C2GM Kaspersky = Trojan.Win32.Genome.vbgb Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.imqp McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.BIGV Norman = W32/Suspicious_Gen2.RJEIW Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.13 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.qgj BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.QGJ
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2007:02:27 09:16:06-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 69632 Initialized Data Size : 77824 Uninitialized Data Size : 0 Entry Point : 0xd122 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6001.18000 Product Version Number : 6.0.6001.18000 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Akpnpwrcr Pexeeulhuca File Description : LSM interfaces proxy Dll File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840) Internal Name : lsmproxy Legal Copyright : © Tastipylf Ipxebkcrbut. All rights reserved. Original Filename : lsmproxy.dll Product Name : Rrgtnesae® Tymuurc® Qmgdoyonk Qtzlas Product Version : 6.0.6001.18000
VirusTotal Report submitted 2012-04-25 13:31:43
VirusShare info last updated 2012-07-26 11:01:15

	MD5	2b2bbae3cb302a364bb4b482ba8a6ff6
	SHA1	227c27d7ff6503446de174475f0559f6cf515eb2
	SHA256	203a6de500d44f958a0d35fae72c9d35971f64abd0750b4f0d55b607495320ce
SSDeep	3072:lE0M9Mc1u+8oGKeHqLIufvp2HZwtmI92/YcrveU39fxvj74Fg1vhXUdbbEj0mNLJ:y9MlN5K8IL56Zwd2gEvd9h7jvhXU
Size	172032 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Suspicious file nProtect = Trojan/W32.Vundo.172032 VBA32 = AdWare.SuperJuan.heur Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Artemis!2B2BBAE3CB30 DrWeb = Trojan.Virtumod.9877 Kaspersky = Trojan.Win32.Monder.mjkj Microsoft = Trojan:Win32/Vundo.gen!AV Jiangmin = Trojan/Monder.grc McAfee = Artemis!2B2BBAE3CB30 F-Secure = Gen:Variant.Vundo.13 VIPRE = Virtumonde Avast5 = Win32:MalOb-EI [Cryp] AVG = Generic23.AQQL Norman = W32/Suspicious_Gen2.NHCZU GData = Gen:Variant.Vundo.13 TheHacker = Trojan/Monder.mimg BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Adware.Virtumonde.NKN
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:08:01 02:42:48-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 77824 Initialized Data Size : 131072 Uninitialized Data Size : 0 Entry Point : 0x134a4 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 0.3.1281.0 Product Version Number : 6.0.5479.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 12 Language Code : Arabic Character Set : Unicode Company Name : Microsoft Corporation File Description : برنامج تشغيل SEIKOSH9 File Version : 6.0.5479.0 (vbl_wcp_d2_drivers.060616-1619) Internal Name : SEK9RES.dll Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : SEK9RES.dll Product Name : Microsoft® Windows® Operating System Product Version : 6.0.5479.0
VirusTotal Report submitted 2011-07-08 00:08:00
VirusShare info last updated 2012-07-26 11:01:18

	MD5	1db9ec89336d8b135105b6f93347ff44
	SHA1	bf69520a60826ab15b2d12e349136e6916f65cc3
	SHA256	2114509fa759544f4b5b8d1ddc5cf6f1531cd9bf51983913640ac563a5dc0aa7
SSDeep	1536:58beS9bIYoJuxopVKGxUm07MpXqva6eCs4UOro9STYCKAWbb27PMIGGwiug:Oe4bIYoJuxopVKQUmAMECF47U9CKZFI5
Size	81920 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Suspicious file nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!5JlHMbzjFnQ VBA32 = Trojan.Monder.mkfd TrendMicro-HouseCall = TROJ_GEN.R21C7J4 Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Monder.mtrg McAfee-GW-Edition = Vundo!mj DrWeb = Trojan.Click1.35193 TrendMicro = TROJ_GEN.R21C7J4 Kaspersky = Trojan.Win32.Monder.mtrg Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Monder.abep McAfee = Vundo!mj F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.BZ.gen!Eldorado AVG = Generic25.RJN Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.BZ.gen!Eldorado TheHacker = Trojan/Kryptik.oxo BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.OXO
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:08:31 13:10:46-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 35328 Initialized Data Size : 82944 Uninitialized Data Size : 0 Entry Point : 0x98a1 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 2 Language Code : Neutral Character Set : Unicode Company Name : Microsoft Corporation File Description : Vietnamese Keyboard Layout File Version : 6.0.6000.16386 (vista_rtm.061101-2205) Internal Name : kbdvntc (3.13) Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : kbdvntc.dll Product Name : Microsoft® Windows® Operating System Product Version : 6.0.6000.16386
VirusTotal Report submitted 2011-10-21 18:29:34
VirusShare info last updated 2012-07-26 11:01:37

	MD5	1e13976c1f898faabaf75ff119b693e4
	SHA1	6c3f970912a590beeb080ad964d00b34542b20e6
	SHA256	23a0a1be9efebad0a04521f9be0791284dc2623c49430f0935aa687f0e038953
SSDeep	3072:IvZH8CVJbA8qDk8O2mmCY3KFFr9olEMqqDLy/un+Pe/4NKCnsn:IvzGn/O2mMw19eqqDLuusOuKqs
Size	160768 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:Trojan-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Vundo Panda = Generic Trojan nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!4OpO7Jrai9Y eTrust-Vet = Win32/Monder.A!generic Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Artemis!1E13976C1F89 DrWeb = Trojan.Click1.64012 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV ViRobot = Trojan.Win32.Vundo.160768 Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.ijxo McAfee = Vundo!mp F-Secure = Gen:Variant.Vundo.4 F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.AZQC Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.lxf BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:08:19 09:46:42-04:00 PE Type : PE32 Linker Version : 5.12 Code Size : 94208 Initialized Data Size : 118784 Uninitialized Data Size : 0 Entry Point : 0x13a32 OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.6.7000.0 Product Version Number : 6.6.7000.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Vnrmgjtri Lpzybpvwlac File Description : DirectShow Runtime. File Version : 6.6.7000.0 (winmain_win7beta.081212-1400) Internal Name : QCap.dll Legal Copyright : © Uytnvwlob Dbtjrslawzr. All rights reserved. Original Filename : QCap.dll Product Name : Rkathmooi® Rufbqqx® Vnvlhzjpv Gjyxup Product Version : 6.6.7000.0 Ole Self Register :
VirusTotal Report submitted 2011-10-17 21:15:21
VirusShare info last updated 2012-07-26 11:02:34

	MD5	dcfb51f186549cbcf447a161eec17ebf
	SHA1	3e885762801d70c3b2c41017994e283a154df32f
	SHA256	24058e2d51423ab2efcdbe805fcea25578503d3360ba2c452a7eadb11ba2d960
SSDeep	6144:78MFQ95jHkB4SVPW84peFEpqXjj0qqDLuG1GP:nCDEB1VPTCeypW5qnuDP
Size	286720 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.HDC Panda = Suspicious file nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!CaMbxtCzn1g Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Generic Malware.ms Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.HHN Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen.2 Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:08:07 23:47:57-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 192512 Initialized Data Size : 135168 Uninitialized Data Size : 0 Entry Point : 0x2b90e OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Rimkfbumw Hiquikzvjle File Description : Swjcnel Management Instrumentation (WMI) File Version : 5.1.2600.0 (bbbjaraa.010817-1148) Internal Name : winmgmt Legal Copyright : © Nhtsbfywg Imjxlkcndew. All rights reserved. Original Filename : winmgmt.exe Product Name : Glrzlzatm® Lfvxhmk® Ulrlglboz Axyidn Product Version : 5.1.2600.0
VirusTotal Report submitted 2011-10-25 16:20:41
VirusShare info last updated 2012-07-26 11:02:43

	MD5	7e90d034fc646dc14b1f5bcbd74df917
	SHA1	fd3273d822843d63fb1664dba3ef62c20d707d96
	SHA256	2421f2a2ad37d318a20806011e003952306064a826a2a4a00e240da8303318b3
SSDeep	3072:+2nw3C9d2HIUdWjdR75QKWUDO8st7plpo2:pwy9w/dWjTlXjDHsE
Size	103424 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Renos.PJY Avast = Win32:Trojan-gen Ikarus = Trojan.Win32.Pirminay Panda = Suspicious file Rising = Trojan.Win32.Generic.5241ECF9 nProtect = Joke/W32.Renos.103424.C F-Secure = Trojan.Renos.PJY Prevx = High Risk Cloaked Malware Avast5 = Win32:Trojan-gen AVG = Crypt_c.CEV GData = Trojan.Renos.PJY TheHacker = Trojan/Kryptik.hhf BitDefender = Trojan.Renos.PJY NOD32 = a variant of Win32/Kryptik.HHF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:17 15:51:36-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 92160 Initialized Data Size : 48640 Uninitialized Data Size : 0 Entry Point : 0x17649 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : Neutral Character Set : Unicode Company Name : Microsoft Corporation File Description : KO Hangeul Keyboard Layout for 101 (Type A) File Version : 6.0.6000.16386 (vista_rtm.061101-2205) Internal Name : kbd101a Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : kbd101a.dll Product Name : Microsoft® Windows® Operating System Product Version : 6.0.6000.16386
VirusTotal Report submitted 2010-11-07 19:18:18
VirusShare info last updated 2012-07-26 11:02:45

	MD5	10bba3e893d8d99411fb25e19d5761df
	SHA1	cea6d88f1ee93c98c3ea508ae4c232bb8bcfe1b4
	SHA256	249df1fcc3ae946be9fa9f3f16b1cc3eec4011d8a36204491955b2d04b106edf
SSDeep	1536:GYAYBaltrWi6b1+R2gnsMBpuNsg+FRSc6CdWN5:G04Oi6b1Q2kNBpgL+jS4i
Size	86016 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Suspicious file nProtect = Trojan/W32.Vundo.86016.DE K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!Xeg2JBY9Utc VBA32 = AdWare.SuperJuan.heur eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R42C2DA Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Monder.mokm McAfee-GW-Edition = Artemis!10BBA3E893D8 TrendMicro = TROJ_GEN.R42C2DA Kaspersky = Trojan.Win32.Monder.mokm Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Menti.fam!tr PCTools = Trojan.Gen McAfee = Artemis!10BBA3E893D8 F-Secure = Trojan.Generic.KDV.140077 F-Prot = W32/Virtumonde.CI.gen!Eldorado AVG = Generic24.AKAO Norman = W32/Kryptik.AIF GData = Trojan.Generic.KDV.140077 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CI.gen!Eldorado BitDefender = Trojan.Generic.KDV.140077 NOD32 = a variant of Win32/Kryptik.LFR
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:09:01 17:52:10-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 32768 Initialized Data Size : 86016 Uninitialized Data Size : 0 Entry Point : 0x8a94 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.5479.0 Product Version Number : 6.0.5479.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 1 Language Code : English (U.S.) Character Set : Unicode Company Name : SEIKO EPSON CORPORATION File Description : EPSON Printer Driver File Version : 6.0.5479.0 (vbl_wcp_d2_drivers.060616-1619) Internal Name : EP0NAR00.DLL Legal Copyright : Copyright (c) SEIKO EPSON CORPORATION 2004. All rights reserved. Original Filename : EP0NAR00.DLL Product Name : EPSON Printer Driver Product Version : 6.0.5479.0
VirusTotal Report submitted 2012-05-12 20:43:11
VirusShare info last updated 2012-07-26 11:02:55

	MD5	bb6c062a6fced5197a9bca83b8217f0e
	SHA1	383f9ad5f0570c278c33f09d83dd0ff5f8e96a04
	SHA256	25f04c621ce2e6cc4e17b428df3e93cc76b9593bc02329fe9ab2d59adbe191ea
SSDeep	1536:Nbv14s61TdoaaiL5W2yLnu2k2UXl5pIn:5tn6TdotcZJ2SXlY
Size	49664 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Menti Panda = Suspicious file K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!BDMM/thZFPY VBA32 = AdWare.SuperJuan.heur TrendMicro-HouseCall = TROJ_SUPERJUAN_0000006.TOMA Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Vundo.AV6 McAfee-GW-Edition = Artemis!BB6C062A6FCE DrWeb = Trojan.Siggen2.12319 Kaspersky = Trojan.Win32.Menti.hjnv Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen TotalDefense = Win32/vundo.HTO!genus Jiangmin = Trojan/Menti.qcr McAfee = Artemis!BB6C062A6FCE F-Secure = Gen:Variant.Vundo.5 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.SU AVG = Cryptic.BTF Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.5 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.SU TheHacker = Trojan/Menti.hisl BitDefender = Gen:Variant.Vundo.5 NOD32 = a variant of Win32/Kryptik.JHE
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2002:08:22 22:50:22-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 6656 Initialized Data Size : 78848 Uninitialized Data Size : 0 Entry Point : 0x2654 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1.2.0.6 Product Version Number : 1.2.0.6 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Unicode Company Name : VMware, Inc. File Description : VMware SCSI Controller Driver File Version : 1.2.0.6 Internal Name : vmscsi.sys Legal Copyright : Copyright © 1998-2006 VMware, Inc. Original Filename : vmscsi.sys Product Name : VMware SCSI Controller Driver Product Version : 1.2.0.6
VirusTotal Report submitted 2012-06-21 14:35:51
VirusShare info last updated 2012-07-26 11:03:26

	MD5	fe9fe54a4fa8c6dbc6565ddb5b83769f
	SHA1	6f91868a690e959d1c855324ff542790ff2ca5fa
	SHA256	290062560917161297fd4ad89c3b6b930e3784cf7cc7bfbe291d7df40c34c779
SSDeep	6144:/th1N8ETtzzKibnbz/S/4DnX6uvyXOH3IVo95jK/:/th5KgnbLRXOe4t/
Size	211424 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:Malware-gen Ikarus = Trojan-Downloader.Win32.Ponmocup AhnLab-V3 = Trojan/Win32.Pirminay Panda = Suspicious file Emsisoft = Trojan-Downloader.Win32.Ponmocup!IK McAfee-GW-Edition = Generic Downloader.x!gbc ByteHero = Trojan.Win32.Heur.Gen Microsoft = TrojanDownloader:Win32/Ponmocup.A PCTools = Trojan.ADH Jiangmin = Trojan/Generic.klre McAfee = Generic Downloader.x!gbc F-Secure = Trojan.Generic.6471082 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Malware-gen AVG = Dropper.Generic4.AJKE Norman = W32/Obfuscated.L GData = Trojan.Generic.6471082 Symantec = Trojan.ADH.2 BitDefender = Trojan.Generic.6471082 NOD32 = a variant of Win32/Injector.IVB
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 16384 Initialized Data Size : 200704 Uninitialized Data Size : 0 Entry Point : 0x12a6 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 4.30.62.2 Product Version Number : 4.30.62.2 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Intel Neqjhqfsftp. File Description : Intel Indeo® Video Interactive Quick Compressor File Version : 4.30.62.02 Internal Name : ir41_qc Legal Copyright : Copyright© Intel Hmnhrzcfpui 1994-1997 Legal Trademarks : Indeo® is a registered trademark of Intel Xhkocrbcvkm Original Filename : ir41_qc.dll Product Name : Intel Indeo® Video Interactive Quick Compressor Product Version : 4.30.62.02
VirusTotal Report submitted 2011-09-02 12:50:59
VirusShare info last updated 2012-07-26 11:04:33

	MD5	fbe6dc4f7aa7614a0d906d0a8c6e6704
	SHA1	b22b49a4b3dca7e6901bfe255be80a29ae1762fa
	SHA256	2a000a6d941f0b16748e904a0d78d642ce0491acf96db99677d591353c1984f6
SSDeep	1536:YLkA3NR/ItHNc4/TM4JHlCLYo0tl4NEzOFXYDOWie0XwQlqfLvxYl2MqqU+NV238:YB3NR/Iti4o4JEGzFOz97l2MqqDLy/K
Size	106496 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.HDC Panda = Trj/CI.A Rising = Trojan.Win32.Generic.128A163E nProtect = Gen:Variant.Vundo.13 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!fuh1WEq+pVc eTrust-Vet = Win32/Monder.A!generic TrendMicro-HouseCall = TROJ_GEN.R29C7IP Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Vundo!md TrendMicro = TROJ_GEN.R29C7IP Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.imqp McAfee = Vundo!md VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:Malware-gen F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.BIGV Norman = W32/Suspicious_Gen2.QSZDZ Sophos = Mal/Generic-L Symantec = Trojan.Gen GData = Gen:Variant.Vundo.13 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.qgj BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.QGJ
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2007:02:27 09:16:06-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 69632 Initialized Data Size : 77824 Uninitialized Data Size : 0 Entry Point : 0xd122 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6001.18000 Product Version Number : 6.0.6001.18000 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Akpnpwrcr Pexeeulhuca File Description : LSM interfaces proxy Dll File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840) Internal Name : lsmproxy Legal Copyright : © Tastipylf Ipxebkcrbut. All rights reserved. Original Filename : lsmproxy.dll Product Name : Rrgtnesae® Tymuurc® Qmgdoyonk Qtzlas Product Version : 6.0.6001.18000
VirusTotal Report submitted 2011-09-28 02:18:37
VirusShare info last updated 2012-07-26 11:04:53

	MD5	f8943e1b9f90a241f72e1dc773b987a6
	SHA1	baa2177514cf2132dbc7f2d3140fbe6724f6158e
	SHA256	2b68feb0fde4f2f390b7bc37e941948de226136f4a5f47eb76e7af63642560ed
SSDeep	6144:CSSg+nAua1yRObE6wxRXpP7w4Jl1P+T2L9o+xIn66728Qtz2F:CSdSOb/wbXp1Jl1WT2S+UtS8QN2F
Size	348854 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Pirminay.dai Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan-PWS.SuspectCRC AhnLab-V3 = Malware/Win32.Downadup Panda = Trj/CI.A VirusBuster = Trojan.Qhost!uq5BapCcNoQ VBA32 = SScope.Trojan.Pirminay.chc TrendMicro-HouseCall = TROJ_GEN.R3EC3BI Emsisoft = Trojan-PWS.SuspectCRC!IK Comodo = UnclassifiedMalware DrWeb = Trojan.Hosts.3416 TrendMicro = TROJ_GEN.R3EC3BI Microsoft = TrojanDownloader:Win32/Ponmocup.A PCTools = Net-Worm.Conficker!rem F-Secure = Trojan.Generic.KDV.135327 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Pirminay-H AVG = PSW.Generic8.AVZB Norman = W32/Obfuscated.L Symantec = W32.Downadup.B GData = Trojan.Generic.KDV.135327 TheHacker = Trojan/Qhost.nrx BitDefender = Trojan.Generic.KDV.135327 NOD32 = Win32/Qhost.NRX
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:04:07 21:32:32-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 278528 Initialized Data Size : 315392 Uninitialized Data Size : 0 Entry Point : 0x44898 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 3.9.0.0 Product Version Number : 2.0.0.0 File Flags Mask : 0x003f File Flags : Private build File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Unicode Company Name : AVM Berlin File Description : Driver for FRITZ!Card PCMCIA File Version : 3.9 Internal Name : fpcmbase.sys Legal Copyright : AVM Berlin 2005 Original Filename : fpcmbase.sys Product Name : Driver for FRITZ!Card PCMCIA Product Version : 2.0
VirusTotal Report submitted 2011-02-24 17:27:16
VirusShare info last updated 2012-07-26 11:05:27

	MD5	2873033c9d46d52f878ec124ed8115a9
	SHA1	16f6cb3168ce8364162716980e1c8537da880b5d
	SHA256	2b81566fe58f74063cf8a3c95d81bf96da54be5ad9a4a36ab9c08ee4fff5aa69
SSDeep	1536:h3fUyAsIUgNXq4APKPgf9aL9qOzfiwCOtWX438Rr3Hth:hvUFsIFXq49gY0OzqzOtWX43y3Hz
Size	74240 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.4 Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Genome Panda = Suspicious file Rising = Trojan.Win32.Generic.1252BB11 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!G7xm6dbGXTM VBA32 = AdWare.SuperJuan.xcw TrendMicro-HouseCall = TROJ_GEN.R72C2KR Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Vundo McAfee-GW-Edition = Generic.dx!uxv TrendMicro = TROJ_GEN.R72C2KR Kaspersky = Trojan.Win32.Genome.pihs Microsoft = Trojan:Win32/Vundo PCTools = Trojan.Gen Jiangmin = Trojan/Genome.ilf McAfee = Generic.dx!uxv VIPRE = Trojan.Win32.Vundo Avast5 = Win32:Malware-gen eSafe = Win32.TRVundo F-Prot = W32/MalwareF.SNAA AVG = Generic20.IVY Norman = W32/Suspicious_Gen2.EQXIF Sophos = Mal/Generic-L Symantec = Trojan.Gen.2 GData = Gen:Variant.Vundo.4 Commtouch = W32/MalwareF.SNAA TheHacker = Trojan/Kryptik.hzv BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.HZV
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:06:24 00:33:54-04:00 PE Type : PE32 Linker Version : 5.12 Code Size : 23040 Initialized Data Size : 88064 Uninitialized Data Size : 0 Entry Point : 0x6931 OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.2180 Product Version Number : 5.1.2600.2180 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Processor Device Driver File Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Internal Name : amdk7.sys Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : amdk7.sys Product Name : Microsoft® Windows® Operating System Product Version : 5.1.2600.2180
VirusTotal Report submitted 2011-04-17 03:45:52
VirusShare info last updated 2012-07-26 11:05:29

	MD5	966b1e12b21712115ff724ee9b44bcbc
	SHA1	0526d654770258958433e00ac74d6a608179bd77
	SHA256	2bb7032982bf48b8621a8b29cd05411e9afd65d8b71ca9b3637ba02de4f92b0f
SSDeep	3072:+2nw3C9d2HIUdWjdR75QKWUDO8st7p4po2:pwy9w/dWjTlXjDHsT
Size	103424 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:Trojan-gen Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Genome Panda = Suspicious file Rising = Trojan.Win32.Generic.12535B02 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!GvS4dc5JVH0 VBA32 = Trojan.Genome.qzfj TrendMicro-HouseCall = TROJ_GEN.R47C2K9 Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Genome.rduu SUPERAntiSpyware = Trojan.Agent/Gen-Redirect McAfee-GW-Edition = Generic.dx!uln DrWeb = Trojan.Click1.32891 TrendMicro = TROJ_GEN.R47C2K9 Kaspersky = Trojan.Win32.Genome.rduu Microsoft = Trojan:Win32/Vundo PCTools = RogueAntiSpyware.SpywareStrike!rem Jiangmin = Trojan/Genome.ihm McAfee = Generic.dx!uln VIPRE = Trojan.Win32.Vundo Prevx = Medium Risk Malware Avast5 = Win32:Trojan-gen F-Prot = W32/Virtumonde.BZ.gen!Eldorado AVG = Crypt_c.CEV Norman = W32/Suspicious_Gen2.EJAUC Sophos = Mal/Agent-PG Symantec = SpywareStrike GData = Trojan.Renos.PJY Commtouch = W32/Virtumonde.BZ.gen!Eldorado TheHacker = Trojan/Kryptik.hhf BitDefender = Trojan.Renos.PJY NOD32 = a variant of Win32/Kryptik.HHF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:17 15:51:36-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 92160 Initialized Data Size : 48640 Uninitialized Data Size : 0 Entry Point : 0x17649 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : Neutral Character Set : Unicode Company Name : Microsoft Corporation File Description : KO Hangeul Keyboard Layout for 101 (Type A) File Version : 6.0.6000.16386 (vista_rtm.061101-2205) Internal Name : kbd101a Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : kbd101a.dll Product Name : Microsoft® Windows® Operating System Product Version : 6.0.6000.16386
VirusTotal Report submitted 2011-05-07 09:40:01
VirusShare info last updated 2012-07-26 11:05:33

	MD5	a6c19e1043ffa37bb61cccd480acb874
	SHA1	25f55ab24267979f9102d80763e9e5b6fd8bf5f1
	SHA256	2d63b57bc7bfce87a13b7a08db46a3667bdd0c2957c7dc4a1c1dfe9ac6a358f1
SSDeep	3072:KQknHMdSCOSKmERalq3VwZQ55iql/FehEb2cYFzcfxhxrx+:6nszOSKmEwluVwZmD/FX2cYX
Size	136704 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Genome Panda = Suspicious file nProtect = Gen:Variant.Vundo.5 K7AntiVirus = Riskware Emsisoft = Trojan.Win32.Pirminay!IK DrWeb = Trojan.Click1.60539 Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr Jiangmin = Trojan/Genome.ahco F-Secure = Gen:Variant.Vundo.5 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-EI [Cryp] F-Prot = W32/Virtumonde.BZ.gen!Eldorado AVG = Cryptic.BRJ Norman = W32/Vundo.UUW GData = Gen:Variant.Vundo.5 Commtouch = W32/Virtumonde.BZ.gen!Eldorado BitDefender = Gen:Variant.Vundo.5 NOD32 = a variant of Win32/Kryptik.ITU
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2005:04:06 03:35:39-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 116224 Initialized Data Size : 54272 Uninitialized Data Size : 0 Entry Point : 0x1d48d OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.0 Product Version Number : 5.2.3790.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : IPv6 Security Configuration Utility File Version : 5.2.3790.0 (srv03_rtm.030324-2048) Internal Name : ipsec.exe Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : ipsec.exe Product Name : Microsoft® Windows® Operating System Product Version : 5.2.3790.0
VirusTotal Report submitted 2011-09-12 08:44:00
VirusShare info last updated 2012-07-26 11:06:09

	MD5	4563ffaeb75e2abf95edc047a564922f
	SHA1	150845c9b55a79221a2b6e722947c7f6f9851eae
	SHA256	2dfe63f61806963a11343120137b77ebafa837934f7fab876de26f20571dd83a
SSDeep	1536:7mv7NegBYUhirXQCK/blh6iOyKDr2hYtMU7x7YwR3:KhYUdXlc2K5z
Size	98304 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-GD [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder nProtect = Trojan.Generic.5922601 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!KBvnM8K2SHU eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R28C2EC Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Monder.nhzx SUPERAntiSpyware = Trojan.Agent/Gen-Faldesc[Cont] McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.Virtumod.10119 TrendMicro = TROJ_GEN.R28C2EC Kaspersky = Trojan.Win32.Monder.nhzx Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Monder.abef McAfee = Generic Malware.ms F-Secure = Trojan.Generic.5922601 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CD.gen!Eldorado AVG = Generic22.ZNK Norman = W32/Suspicious_Gen2.NMJMX Sophos = Troj/Virtum-Gen GData = Trojan.Generic.5922601 Symantec = Trojan.Gen.2 Commtouch = W32/Virtumonde.CD.gen!Eldorado TheHacker = Trojan/Kryptik.ndi BitDefender = Trojan.Generic.5922601 NOD32 = a variant of Win32/Kryptik.NDI
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:06:30 10:11:52-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 20480 Initialized Data Size : 110592 Uninitialized Data Size : 0 Entry Point : 0x20c9 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7000.0 Product Version Number : 6.1.7000.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Ttbmtwjsq Magziqauxla File Description : Zwgmzsaid Base Smart Card Crypto Provider File Version : 6.1.7000.0 (winmain_win7beta.081212-1400) Internal Name : basecsp.dll Legal Copyright : © Vrznvwwzv Dboyduehdmp. All rights reserved. Original Filename : basecsp.dll Product Name : Jbfhhzscm® Jtdaxgv® Qvisjwtag Mivnrv Product Version : 6.1.7000.0
VirusTotal Report submitted 2012-03-16 09:44:21
VirusShare info last updated 2012-07-26 11:06:20

	MD5	2b8d9a566e884f66db5863648e57cd8b
	SHA1	2863b54c05dd12e019e6d107dac3a3d07fbe8272
	SHA256	2efa4809c173b12a363495ca8d77af72302f2775c60c689497f18e4431addfd2
SSDeep	6144:4OHZW6iH7Dq4tq1dxWBwn+a8VGeWCUrZUJpLsYxpq/1dUZjl2odg5HxBM1Z:grbDqN3MWn+dVGePaZUDs4pZldg5R+
Size	342016 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Pirminay.BF Antiy-AVL = Trojan/Win32.Swisyn.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Suspicious file VBA32 = Trojan.Win32.Pirminay.bf CAT-QuickHeal = Trojan.Pirminay.bf McAfee-GW-Edition = Artemis!2B8D9A566E88 Kaspersky = Trojan.Win32.Pirminay.bf Microsoft = Trojan:Win32/Meredrop PCTools = Trojan.Gen Sunbelt = Trojan.Win32.Generic!BT Jiangmin = TrojanDropper.Agent.ajqi McAfee = Artemis!2B8D9A566E88 a-squared = Trojan.Win32.Pirminay!IK AVG = Generic18.TSP Norman = W32/Obfuscated.L Sophos = Mal/Generic-L Symantec = Trojan.Gen NOD32 = probably a variant of Win32/Agent
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2002:08:26 21:22:46-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 10752 Initialized Data Size : 658944 Uninitialized Data Size : 0 Entry Point : 0x3842 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : PNRP Auto Service Dll File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : pnrpauto.dll Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : pnrpauto.dll Product Name : Microsoft® Windows® Operating System Product Version : 6.1.7600.16385
VirusTotal Report submitted 2010-07-12 17:19:47
VirusShare info last updated 2012-07-26 11:06:42

	MD5	5ce925fd97473c71956353dca4cd2020
	SHA1	6bcdb1adce7f2b63e1650474b93926d2ba39bca8
	SHA256	2f6e255241516a51635013144a7bb445250eedfb831d1600993d7a0fdb5776ec
SSDeep	1536:IZ+WoyiknK8LkeHt4U0Jrc91TZT3mAe9sraCSj/h2WIoP1d3q:I4WzhNS491TdWAgeaCoh2WIoP1d3q
Size	84992 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Suspicious file nProtect = Trojan/W32.Vundo.84992.DS K7AntiVirus = Riskware VBA32 = AdWare.SuperJuan.heur eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R72C2D9 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Vundo!io DrWeb = Trojan.Click1.60740 TrendMicro = TROJ_GEN.R72C2D9 Kaspersky = Trojan.Win32.Monder.ndet Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Menti.fam!tr PCTools = Trojan.Gen McAfee = Vundo!io F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) eSafe = Win32.TRVundo F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic21.BSRO Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.13 Symantec = Trojan.Gen.2 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.huo BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.HUO
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:04:09 05:23:39-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 73728 Initialized Data Size : 49152 Uninitialized Data Size : 0 Entry Point : 0x1295a OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.0 Product Version Number : 5.2.3790.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Security Support Provider Interface File Version : 5.2.3790.0 (srv03_rtm.030324-2048) Internal Name : security.dll Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : security.dll Product Name : Microsoft® Windows® Operating System Product Version : 5.2.3790.0
VirusTotal Report submitted 2012-04-06 10:57:08
VirusShare info last updated 2012-07-26 11:06:53

	MD5	c5b5357ffaa67155df22181b5c8ffd26
	SHA1	3c4f45383ee37489d954bb8eab1cac9a74530a2f
	SHA256	2fd16faa50e1e37e029da0bbbd79976b7837a47c19a21220f43335e07fcf2898
SSDeep	3072:plmInbieC2rUnvjfLhhqFArie0/0NkFfBldMqqDLy/wR+9:pFujvDqFw0skFfyqqDLut
Size	137216 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-HF [Cryp] Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Genome Panda = Trj/CI.A Rising = Trojan.Win32.Generic.12944C1F nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!Xo0agKmWwgU eTrust-Vet = Win32/Monder.A!generic TrendMicro-HouseCall = TROJ_GEN.R1BC2FM Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[RE] McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.Click2.286 TrendMicro = TROJ_GEN.R1BC2FM Kaspersky = Trojan.Win32.Genome.vgzu Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr Jiangmin = Trojan/Generic.iptc McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Generic!BT eSafe = Win32.TRVundo F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.AUN Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = WS.Reputation.1 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.llt BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LLT
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:05 17:20:27-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 73728 Initialized Data Size : 114688 Uninitialized Data Size : 0 Entry Point : 0xe2ca OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.2180 Product Version Number : 5.1.2600.2180 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 6 Language Code : English (U.S.) Character Set : Unicode Company Name : Keixqbqdc Bwvleejxlrx File Description : IPv6 Tfwssbn Firewall Driver File Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Internal Name : ip6fw.sys Legal Copyright : © Capanacsh Bngdmkceeph. All rights reserved. Original Filename : ip6fw.sys Product Name : Kdgurrwrx® Bddpqkb® Xxzlbjwzi System Product Version : 5.1.2600.2180
VirusTotal Report submitted 2011-11-24 02:45:36
VirusShare info last updated 2012-07-26 11:07:03

	MD5	09b06bdaed15cf6256ee0ae4b2358a8e
	SHA1	535f9b8fbb6be81dbef2e0cf02d5b2db99ab138e
	SHA256	3034dbe6b332c55bd7dab424055fc7b639e7b9b91ef341584e21289266712cb5
SSDeep	6144:Nl66ETZBuw94Im5GQS3I3p2IaYbCLLHAPQke/QuiTQ:K6AZBuDIfr3ipxCLb9AQ
Size	241664 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Meredrop.A.10134 Avast = Win32:Dropper-gen [Drp] Ikarus = Trojan.Win32.Pirmidrop AhnLab-V3 = Trojan/Win32.Pirmidrop Rising = Trojan.Win32.Generic.128913F0 K7AntiVirus = Trojan TrendMicro-HouseCall = TROJ_GEN.R05E1I9 Comodo = TrojWare.Win32.Trojan.Agent.Gen Emsisoft = Trojan.Win32.Pirmidrop!IK McAfee-GW-Edition = Generic Downloader.x!ene DrWeb = Trojan.Hosts.781 TrendMicro = TROJ_GEN.R05E1I9 Kaspersky = Trojan.Win32.Pirmidrop.l Microsoft = TrojanDownloader:Win32/Renos.KC Fortinet = W32/Kryptik.ANL!tr PCTools = HeurEngine.MaliciousPacker Jiangmin = Trojan/Generic.piy McAfee = Generic Downloader.x!ene F-Secure = Gen:Variant.Vundo.6 VIPRE = Packed.Win32.Pirminay.a (v) eSafe = Win32.TRMeredrop.A F-Prot = W32/Trojan2.NACV AVG = Crypt.VZY Norman = W32/Suspicious_Gen2.BNJEW Sophos = Mal/Generic-L GData = Gen:Variant.Vundo.6 Symantec = Packed.Generic.305 Commtouch = W32/Trojan2.NACV TheHacker = Trojan/Pirmidrop.l BitDefender = Gen:Variant.Vundo.6 NOD32 = a variant of Win32/Kryptik.NHN
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:04:09 04:34:21-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 7168 Initialized Data Size : 466432 Uninitialized Data Size : 0 Entry Point : 0x28a6 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6002.18005 Product Version Number : 6.0.6002.18005 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Web Service Based Scan Device Driver File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830) Internal Name : WSDScan.sys Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : WSDScan.sys Product Name : Microsoft® Windows® Operating System Product Version : 6.0.6002.18005
VirusTotal Report submitted 2012-04-25 16:35:58
VirusShare info last updated 2012-07-26 11:07:14

	MD5	550db9c23f789bb27477d9be691bf8a5
	SHA1	02fba824490877b40bd0639c61985837ac72715b
	SHA256	311777d9ed18c1c2d82f3f1e4a03c180d07604aa31093b8845f82231b9086ee3
SSDeep	3072:gQGOkAb3tCxm0u1kCKwSReRVD1uCGMovZ0a1n8DOn5MqqDLy/FnqR8b:BkAkm0W9jSwbpGJ0jDOSqqDLuF
Size	180224 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-HF [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Genome Panda = Suspicious file Rising = Trojan.Win32.Generic.1289D33E nProtect = Trojan/W32.Vundo.180224 K7AntiVirus = Riskware VirusBuster = Trojan.Genome!BXALZZT4IkI VBA32 = Trojan.Monder.mtyt eTrust-Vet = Win32/Vundo.HRU TrendMicro-HouseCall = TROJ_GEN.R21C7J7 Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Monder.mtyt SUPERAntiSpyware = Trojan.Agent/Gen-Vundo McAfee-GW-Edition = Vundo!mk DrWeb = Trojan.MulDrop2.36782 TrendMicro = TROJ_GEN.R21C7J7 Kaspersky = Trojan.Win32.Monder.mtyt Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen Jiangmin = Trojan/Monder.acze McAfee = Vundo!mk F-Secure = Gen:Variant.Vundo.4 VIPRE = Virtumonde F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.KBG Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.oxp BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.OXP
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2004:07:11 15:22:28-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 86016 Initialized Data Size : 135168 Uninitialized Data Size : 0 Entry Point : 0x119ca OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.3959 Product Version Number : 5.2.3790.3959 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Microsoft Server Appliance Services File Version : 5.2.3790.3959 (srv03_sp2_rtm.070216-1710) Internal Name : APPSRVCS.DLL Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : APPSRVCS.DLL Product Name : Microsoft® Windows® Operating System Product Version : 5.2.3790.3959
VirusTotal Report submitted 2012-03-25 03:50:03
VirusShare info last updated 2012-07-26 11:07:33

	MD5	e8933fa3f4d5c9d6fb4dce05556b3e30
	SHA1	e0ea9ae614a41b3d436e977ef450892a4abbb705
	SHA256	31afba3624470b4913ef54f04f75dccf2fbb6c381c3dc3203532b5306967ad6f
SSDeep	768:MFFXKegsv2mvTB5dxykOj3Z+2KqWuMvgMamDTFOPiVe4Ojuxc2aptGr+:MFIeXRl1bOjJ+db4MN7e4haOr+
Size	52736 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Suspicious file nProtect = Gen:Variant.Renos.61 VBA32 = AdWare.SuperJuan.abxh TrendMicro-HouseCall = TROJ_GEN.R21C2IB Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Monder.mqzh McAfee-GW-Edition = Vundo!lx DrWeb = Trojan.Juan.545 TrendMicro = TROJ_GEN.R21C2IB Kaspersky = Trojan.Win32.Monder.mqzh Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen McAfee = Vundo!lx F-Secure = Gen:Variant.Renos.61 VIPRE = Trojan.Win32.Kryptik.laq (v) AVG = Cryptic.BPO Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Renos.61 Symantec = Trojan.Gen TheHacker = Trojan/Kryptik.jhe BitDefender = Gen:Variant.Renos.61 NOD32 = a variant of Win32/Kryptik.JHE
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:25 08:09:15-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 8192 Initialized Data Size : 80384 Uninitialized Data Size : 0 Entry Point : 0x2c54 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.3959 Product Version Number : 5.2.3790.3959 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Microsoft Server Appliance Services File Version : 5.2.3790.3959 (srv03_sp2_rtm.070216-1710) Internal Name : APPSRVCS.DLL Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : APPSRVCS.DLL Product Name : Microsoft® Windows® Operating System Product Version : 5.2.3790.3959
VirusTotal Report submitted 2011-10-21 19:57:40
VirusShare info last updated 2012-07-26 11:07:46

	MD5	71efe6c87e44e0ee38f8bfa800daf3ce
	SHA1	a91a7db0f3ebd7de168629fa6e51ae08a8110a2e
	SHA256	34f6a8cb70d0f72261240acd8d93c9a71bbdd05f5727bf56f4f5e8409518f7a1
SSDeep	3072:mKvfDp1SP5EyxZpsfe7vCHFxokMqqDLy/j50:xl1WDmOqqDLu
Size	155648 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-HH [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Vundo Panda = Trj/Genetic.gen Rising = Trojan.Win32.Generic.129A670A nProtect = Trojan/W32.Genome.155648.K K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!lljzVaHzO/k VBA32 = Trojan.Genome.uxpp eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R11C2H3 Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Genome.uxpp SUPERAntiSpyware = Trojan.Agent/Gen-Vundo McAfee-GW-Edition = Artemis!71EFE6C87E44 DrWeb = Trojan.Click1.54924 TrendMicro = TROJ_GEN.R11C2H3 Kaspersky = Trojan.Win32.Genome.uxpp Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.iqrf McAfee = Artemis!71EFE6C87E44 F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) eSafe = Win32.TRVundo F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Cryptic.CZO Norman = W32/Suspicious_Gen2.RBNFK Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Genome.sqdx BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:22 10:44:33-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 110592 Initialized Data Size : 86016 Uninitialized Data Size : 0 Entry Point : 0x17802 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 2 Language Code : Neutral Character Set : Unicode Company Name : Microsoft Corporation File Description : Ukrainian (Enhanced) Keyboard Layout File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : kbdur1 (3.13) Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : kbdur1.dll Product Name : Microsoft® Windows® Operating System Product Version : 6.1.7600.16385
VirusTotal Report submitted 2012-04-27 12:49:57
VirusShare info last updated 2012-07-26 11:08:48

	MD5	a4436f0ccd7cd1edfa5068378bf58a6e
	SHA1	e4bdb7a9d9c12a1a3fd67423779cd40a88b6e74e
	SHA256	3523e91369cd589eb39a8bb41f3c126fa932b699b4def85b2461a133300ada2d
SSDeep	768:Yrtc8tZkNEU0jLfiRbqLgGp7f3T3WdnBsWzySxHWJpnbYM+41d437BO5HkDHhE:gc6aqHrDkHzvhWJpnbYM+M27UGh
Size	47104 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.XPACK.Gen3 Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Genome Panda = Suspicious file nProtect = Trojan/W32.Genome.47104.B K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!pCgapb0bKdo VBA32 = Trojan.Genome.moxm TrendMicro-HouseCall = TROJ_GEN.R47C2JT Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK DrWeb = Trojan.Click1.36136 TrendMicro = TROJ_GEN.R47C2JT Kaspersky = Trojan.Win32.Genome.moxm Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Genome.aent F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Vundo eSafe = Win32.GenVariant.Vun F-Prot = W32/Virtumonde.BZ.gen!Eldorado AVG = Generic19.BSJX Norman = W32/Kryptik.AIF Sophos = Mal/Generic-L Symantec = Trojan.Gen GData = Gen:Variant.Vundo.4 Commtouch = W32/Virtumonde.BZ.gen!Eldorado TheHacker = Trojan/Kryptik.gnd BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.NHN
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:06:30 16:39:08-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 9216 Initialized Data Size : 66048 Uninitialized Data Size : 0 Entry Point : 0x32a7 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.6.0.8820 Product Version Number : 5.6.0.8820 File Flags Mask : 0x0003 File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Microsoft (r) Windows Script Controller File Version : 5.6.0.8820 Internal Name : wshcon.dll Legal Copyright : Copyright © Microsoft Corp. 2002 Original Filename : wshcon.dll Product Name : Microsoft (r) Windows Script Controller Product Version : 5.6.0.8820
VirusTotal Report submitted 2012-05-21 20:50:11
VirusShare info last updated 2012-07-26 11:08:52

	MD5	afae70e7dfba24e28ab91e5d7d7e79ba
	SHA1	15c616ff6aeb9ce14b411dd1d8511f71f5efc351
	SHA256	35c6e23f6516353189893af573cd919f060626d90a8c2dab3ca2c755133dc6bd
SSDeep	3072:OsNzuyMolvloVn2dU5u1CfuyGy+vdrKUgwXgL:OHnofDUVY4UgwQ
Size	123392 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-GD [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Malware/Win32.Generic Panda = Generic Trojan nProtect = Gen:Variant.Vundo.13 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!wWTrndUxITY TrendMicro-HouseCall = TROJ_GEN.R30C7IQ Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Vundo.av McAfee-GW-Edition = Vundo!mh DrWeb = Trojan.Click1.62078 TrendMicro = TROJ_GEN.R30C7IQ Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr Jiangmin = Trojan/Genome.allv McAfee = Vundo!mh F-Secure = Trojan.Vundo.6432 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic21.AWRO Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Trojan.Vundo.6432 Symantec = WS.Reputation.1 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.lxf BitDefender = Trojan.Vundo.6432 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:22 18:40:47-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 45056 Initialized Data Size : 118784 Uninitialized Data Size : 0 Entry Point : 0x8cca OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.0.2134.1 Product Version Number : 5.0.2134.1 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Lbszaewoq Yxzthbcsxaw File Description : Fax Service COM Client Interface File Version : 5.00.2134.1 Internal Name : faxcom.dll Legal Copyright : Copyright (C) Uezqdytkv Corp. 1981-1999 Original Filename : faxcom.dll Product Name : Vosamrrfv(R) Wrlkgmt (R) 2000 Fpsrxssub Lyqihv Product Version : 5.00.2134.1
VirusTotal Report submitted 2011-11-10 13:05:01
VirusShare info last updated 2012-07-26 11:09:07

	MD5	5207c8b0052e312ca055229297d2522c
	SHA1	dcdb139d4fe9e85cd92dc5c59b086494332d045f
	SHA256	35dac825c597c9e949aadff171c858dc150afdb32e1cee3f900e16366114e05d
SSDeep	3072:6NHI3N0Lbti4o4JEGzFOz9VlXMqqDLy/7:6y9mhJEH98qqDLu
Size	106496 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.HDC Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.13 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!fuh1WEq+pVc eTrust-Vet = Win32/Monder.A!generic TrendMicro-HouseCall = TROJ_GEN.R11C2GP Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Vundo!mj DrWeb = Trojan.Click1.63759 TrendMicro = TROJ_GEN.R11C2GP Kaspersky = Trojan.Win32.Genome.vbnu Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.imqp McAfee = Vundo!mj F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.BIGV Sophos = Mal/Generic-L GData = Gen:Variant.Vundo.13 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.qgj BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.QGJ
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2007:02:27 09:16:06-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 69632 Initialized Data Size : 77824 Uninitialized Data Size : 0 Entry Point : 0xd122 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6001.18000 Product Version Number : 6.0.6001.18000 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Akpnpwrcr Pexeeulhuca File Description : LSM interfaces proxy Dll File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840) Internal Name : lsmproxy Legal Copyright : © Tastipylf Ipxebkcrbut. All rights reserved. Original Filename : lsmproxy.dll Product Name : Rrgtnesae® Tymuurc® Qmgdoyonk Qtzlas Product Version : 6.0.6001.18000
VirusTotal Report submitted 2011-10-07 19:23:13
VirusShare info last updated 2012-07-26 11:09:08

	MD5	ffc05c11bb6425569205793c440ffe28
	SHA1	31fac2b2a26e5ab5c37e9f03030c0a20ab622af7
	SHA256	35ff7bc39684f8b7196a193fd27cec0b7a7ebdc1ebb906a44de5119f5e794d52
SSDeep	3072:ZDTeGF7Ms6wUDrhou9pFaN9tEowIzS8zlXZU54JZIbmM2U6k2X94hW2otKUgwXYN:8iMs6Bhouj/o1OA5ZUaRMX29vOUgwI
Size	179200 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.A.185 Avast = Win32:MalOb-EI Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Genome Panda = Spyware/Virtumonde Rising = Trojan.Win32.Generic.125E6DF2 nProtect = Trojan/W32.Vundo.179200 K7AntiVirus = Riskware VirusBuster = Trojan.Vundo!d0MtcOae2zA TrendMicro-HouseCall = TROJ_GEN.R72C2AA Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Vundo McAfee-GW-Edition = Vundo!gw DrWeb = Trojan.Click1.34896 TrendMicro = TROJ_GEN.R72C2AA Kaspersky = Trojan.Win32.Genome.rsby Microsoft = Trojan:Win32/Vundo PCTools = Trojan.Gen Jiangmin = Trojan/Genome.ivt McAfee = Vundo!gw F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:MalOb-EI eSafe = Win32.TRVundo.A F-Prot = W32/Virtumonde.BZ.gen!Eldorado AVG = Generic20.BKPA Norman = W32/Suspicious_Gen2.GBBYH Symantec = Trojan.Gen.2 GData = Gen:Variant.Vundo.13 Commtouch = W32/Virtumonde.BZ.gen!Eldorado TheHacker = Trojan/Kryptik.hny BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.HNY
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:23 16:20:10-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 105472 Initialized Data Size : 110080 Uninitialized Data Size : 0 Entry Point : 0x1a98d OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.3959 Product Version Number : 5.2.3790.3959 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Microsoft Fax Server COM Client Interface File Version : 5.2.3790.3959 (srv03_sp2_rtm.070216-1710) Internal Name : FXSCOM.DLL Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : FXSCOM.DLL Product Name : Microsoft® Windows® Operating System Product Version : 5.2.3790.3959
VirusTotal Report submitted 2011-05-19 01:46:01
VirusShare info last updated 2012-07-26 11:09:11

	MD5	7aafbabf287b37ebbbbbe6dc3154d1bd
	SHA1	2a7bcfc11a1e51a9f686d9523665cb481d18086b
	SHA256	37097ec6789aba0dc67cf4f322cbf7f0c53dadeae165d668a04e7f402dffdd8e
SSDeep	3072:yAb8WyX8YOG3530XizzSjx/WaFtOodo6Akf:yu8WyX8YdGyzSjxvw6n
Size	104960 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.A.164 Avast = Win32:MalOb-EI Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Vundo AhnLab-V3 = Trojan/Win32.Pirminay Panda = Suspicious file Rising = Trojan.Win32.Generic.124C78D1 nProtect = Trojan/W32.Pirminay.104960 K7AntiVirus = Riskware VirusBuster = Trojan.Pirminay!s0KImqoSs18 VBA32 = Trojan.Agent.fpet TrendMicro-HouseCall = TROJ_GEN.R72C2K4 Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Vundo SUPERAntiSpyware = Trojan.Agent/Gen-Vonder McAfee-GW-Edition = Vundo!gz DrWeb = Trojan.Siggen2.6361 TrendMicro = TROJ_GEN.R72C2K4 Kaspersky = Trojan.Win32.Pirminay.ahq Microsoft = Trojan:Win32/Vundo PCTools = Trojan.Gen Jiangmin = Trojan/Agent.emsx McAfee = Vundo!gz F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:MalOb-EI F-Prot = W32/Virtumonde.BZ.gen!Eldorado AVG = Generic19.BSQZ Norman = W32/Suspicious_Gen2.FITKF Sophos = Mal/Generic-L Symantec = Trojan.Gen GData = Gen:Variant.Vundo.13 Commtouch = W32/Virtumonde.BZ.gen!Eldorado TheHacker = Trojan/Kryptik.hny BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.HNY
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:11:02 12:10:18-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 58368 Initialized Data Size : 82944 Uninitialized Data Size : 0 Entry Point : 0xf1cd OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7000.0 Product Version Number : 6.1.7000.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Virtual WiFi Bus Driver File Version : 6.1.7000.0 (winmain_win7beta.081212-1400) Internal Name : VWiFiBus.sys Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : VWiFiBus.sys Product Name : Microsoft® Windows® Operating System Product Version : 6.1.7000.0
VirusTotal Report submitted 2011-05-27 00:02:39
VirusShare info last updated 2012-07-26 11:09:33

	MD5	40c436b85356637ae6f03f9a1cb20a47
	SHA1	4f79956253243155ca838441cb1d937bdc7fac31
	SHA256	37c65d322c2d0c735f29c25900f66e1ac5c15bb49e414d5dd207fe40e895b247
SSDeep	6144:RYYZ7m/JVKcx2EMc7UmRHxEJe+fnuHxvU+u:R5Z7m/nxMcAyEJb+u
Size	210941 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:Trojan-gen Antiy-AVL = Trojan/Win32.Jorik Ikarus = Trojan.Win32.Jorik AhnLab-V3 = Trojan/Win32.Jorik Panda = Suspicious file VBA32 = Trojan.Jorik.Pirminay.ea TrendMicro-HouseCall = Cryp_Spypro Emsisoft = Trojan.Win32.Jorik!IK DrWeb = Trojan.DownLoader4.34977 TrendMicro = Cryp_Spypro Fortinet = W32/Jorik.K!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.hxys F-Secure = Trojan.Generic.6426688 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Trojan-gen AVG = Dropper.Generic4.XEC Norman = W32/Obfuscated.L Symantec = Trojan.Gen GData = Trojan.Generic.6426688 TheHacker = Trojan/Jorik.Pirminay.ea BitDefender = Trojan.Generic.6426688 NOD32 = a variant of Win32/Injector.HZU
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 16384 Initialized Data Size : 200704 Uninitialized Data Size : 0 Entry Point : 0x134e OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7000.0 Product Version Number : 6.1.7000.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Network Diagnostic Engine Proxy/Stub File Version : 6.1.7000.0 (winmain_win7beta.081212-1400) Internal Name : ndproxystub.dll Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : ndproxystub.dll Product Name : Microsoft® Windows® Operating System Product Version : 6.1.7000.0
VirusTotal Report submitted 2011-08-17 04:50:27
VirusShare info last updated 2012-07-26 11:09:47

	MD5	0fc83ae3bdf8d7429ac7a985b86dd8c2
	SHA1	90bcbf159d222194bfe84f6c8dbe523ea7c0e569
	SHA256	38f09ba519285aa27b09a7f788a0ccbc427da903ca4970bcf22a500728be99bd
SSDeep	6144:idsFsLB3GbOnTFPv5vWh2B2MMSMzvkVktn5MYPH2V1ZWlV:cLNNTVIsAPSMb04MMeqlV
Size	299461 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.XPACK.Gen3 Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Suspicious file K7AntiVirus = Riskware VirusBuster = Trojan.Pirminay!Y/QETZYNb3k VBA32 = SScope.Trojan.Pirminay.chc TrendMicro-HouseCall = TROJ_GEN.R3BC1DA Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Pirminay.nfi McAfee-GW-Edition = Downloader-CEW.ag DrWeb = Trojan.DownLoader4.48509 TrendMicro = TROJ_GEN.R3BC1DA Kaspersky = Trojan.Win32.Pirminay.nfi Microsoft = TrojanDownloader:Win32/Renos.KC Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.ju McAfee = Downloader-CEW.ag F-Secure = Gen:Variant.Zbot.34 VIPRE = Trojan.Win32.Generic!BT eSafe = Win32.TRCrypt.XPACK AVG = Generic21.JAY Norman = W32/Obfuscated.L Sophos = Troj/Virtum-Gen GData = Gen:Variant.Zbot.34 Symantec = Trojan.Gen TheHacker = Trojan/Pirminay.csm BitDefender = Gen:Variant.Zbot.34 NOD32 = probably a variant of Win32/TrojanDownloader.Agent.FPVULED
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:03:09 19:32:23-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 266240 Initialized Data Size : 286720 Uninitialized Data Size : 0 Entry Point : 0x41a90 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 0.3.1536.0 Product Version Number : 1.0.2.82 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 1 Language Code : English (U.S.) Character Set : Unicode Company Name : CANON INC. File Description : Canon Inkjet Printer Driver File Version : 1.00.2.82 (vbl_wcp_d2_drivers.060831-0027) Internal Name : CNBO157.DLL Legal Copyright : Copyright CANON INC. 2006 All Rights Reserved Original Filename : CNBO157.DLL Product Name : Canon Inkjet Printer Driver Product Version : 1.00.2.82
VirusTotal Report submitted 2012-04-25 19:37:06
VirusShare info last updated 2012-07-26 11:10:05

	MD5	1806a8f955c03ba3ceb32db7490da746
	SHA1	302d64f934d47e4bc7e38f184d08b7fe45bf21b0
	SHA256	39c711e5bb93aa99ffe438e815fcea4d0b9e4d4ab0ffe6c7b5c1372a47845ecf
SSDeep	6144:yqqmDC5lQgaqEf48lMmLvi6FmN67MPO1bDdMw1nheh9vS:EmDCMF7lMmj2GKw1nwhQ
Size	315904 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AhnLab-V3 = Win-Trojan/Downloader.315904.C Panda = Suspicious file Comodo = TrojWare.Win32.Trojan.Agent.Gen Kaspersky = Trojan.Win32.Pirminay.bq Microsoft = Trojan:Win32/Meredrop Sophos = Mal/Generic-L
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:08:31 09:33:05-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 44544 Initialized Data Size : 538624 Uninitialized Data Size : 0 Entry Point : 0xbc42 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6002.18005 Product Version Number : 6.0.6002.18005 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : WMI Performance Reverse Adapter File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830) Internal Name : WMIApRpl.dll Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : WMIApRpl.dll Product Name : Microsoft® Windows® Operating System Product Version : 6.0.6002.18005
VirusTotal Report submitted 2010-07-09 16:32:22
VirusShare info last updated 2012-07-26 11:10:21

	MD5	045b00875955698854c9682309e6c420
	SHA1	d565eff0a47b00808c4956144b1ddc32d9f88ea9
	SHA256	3ad95f26d7f1634bae229ec24dfef9a7a36fab2586825298b6d3c3dc100441fd
SSDeep	3072:JQmzUwicrq1Sb1E5Ydux/Ev4c2zdA64focq6Al/IZgQ2:JHzUSrbb1E5YduxcH2ogcq6A5I2
Size	134144 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-HF [Cryp] Ikarus = Trojan.Win32.Pirminay Panda = Suspicious file Rising = Trojan.Win32.Generic.12A43A96 K7AntiVirus = Riskware VBA32 = Trojan.Monder.mutn eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_SPNR.15KH11 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Vundo!mm DrWeb = Trojan.Virtumod.10575 TrendMicro = TROJ_SPNR.15KH11 Kaspersky = Trojan.Win32.Monder.mutn Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Monder.addl McAfee = Vundo!mm F-Secure = Gen:Variant.Vundo.14 VIPRE = Trojan.Win32.Kryptik.laq (v) eSafe = Win32.TRVundo F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Cryptic.BPO Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.14 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.jhe BitDefender = Gen:Variant.Vundo.14 NOD32 = a variant of Win32/Kryptik.JHE
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:08:17 09:05:40-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 54272 Initialized Data Size : 116224 Uninitialized Data Size : 0 Entry Point : 0xe1f4 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : SCardDlg - Smart Card Common Dialog File Version : 5.1.2600.0 (xpclient.010817-1148) Internal Name : SCardDlg.dll Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : SCardDlg.dll Product Name : Microsoft® Windows® Operating System Product Version : 5.1.2600.0
VirusTotal Report submitted 2012-02-13 19:52:15
VirusShare info last updated 2012-07-26 11:10:39

	MD5	b03d0e804acf025090b9ce3465aa74c9
	SHA1	aed8521ce0724054871072b4d350162c7a157265
	SHA256	3b2895f9264abb2674c5a237103cb6de4fd011ced9ef1e10e0739bf4cd4c2265
SSDeep	1536:iM0zS2EZ7oIIpNEo5RsNB9uBXLBHJ45fQTAAbKj5xfcTjqvoaKjx:V+adgfc9uBXL4AbK/UTjEXKj
Size	79872 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Menti Panda = Suspicious file Rising = Trojan.Win32.Generic.128A4280 K7AntiVirus = Riskware VBA32 = AdWare.SuperJuan.yfo TrendMicro-HouseCall = TROJ_GEN.R21C2H3 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Vundo.Gen SUPERAntiSpyware = Trojan.Agent/Gen-FraudSec McAfee-GW-Edition = Vundo!mo DrWeb = Trojan.Siggen2.31811 TrendMicro = TROJ_GEN.R21C2H3 Kaspersky = Trojan.Win32.Menti.hdwc Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Menti.fam!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.H!generic McAfee = Vundo!mo F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) eSafe = Win32.TRVundo F-Prot = W32/Virtumonde.CI.gen!Eldorado AVG = Generic21.AIHT Norman = W32/Suspicious_Gen2.NQVKL Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CI.gen!Eldorado TheHacker = Trojan/Menti.hdwc BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LFR
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:08:12 03:42:19-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 69632 Initialized Data Size : 49152 Uninitialized Data Size : 0 Entry Point : 0x118ee OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.0 Product Version Number : 5.2.3790.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Security Support Provider Interface File Version : 5.2.3790.0 (srv03_rtm.030324-2048) Internal Name : security.dll Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : security.dll Product Name : Microsoft® Windows® Operating System Product Version : 5.2.3790.0
VirusTotal Report submitted 2012-06-05 01:33:15
VirusShare info last updated 2012-07-26 11:10:44

	MD5	d4ac6b1aa8bb6c8d81a41b9ecf0cbc9d
	SHA1	3d4bef0c630dfec66cd35fbe34dfbdd303ce36e2
	SHA256	f73e326b266304a957daa98c1fe008e50789ec172b195fe5bdd7d1393a400971
SSDeep	3072:lKxfDp1SP5Eo9HsfYAbvQ7F3obMqqDLy/jO0:Yl1iA7wrqqDLu
Size	155648 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Pirminay Panda = Suspicious file nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_GEN.R4FC2IH Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Artemis!D4AC6B1AA8BB TrendMicro = TROJ_GEN.R4FC2IH Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.iqrf McAfee = Artemis!D4AC6B1AA8BB F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Cryptic.CZO Norman = W32/Suspicious_Gen2.QIRJJ Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Genome.sqdx BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:22 10:44:33-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 110592 Initialized Data Size : 86016 Uninitialized Data Size : 0 Entry Point : 0x17802 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 2 Language Code : Neutral Character Set : Unicode Company Name : Microsoft Corporation File Description : Ukrainian (Enhanced) Keyboard Layout File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : kbdur1 (3.13) Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : kbdur1.dll Product Name : Microsoft® Windows® Operating System Product Version : 6.1.7600.16385
VirusTotal Report submitted 2011-10-14 15:55:22
VirusShare info last updated 2012-07-26 11:11:17

	MD5	37810e138fdf8cd347a781acf07a3354
	SHA1	62841c41a43d19ffc22f5dc99b4d77e09d14cd10
	SHA256	3f674c3bfc28d782cff8ee55bca9db1f15b780caac1be00cf5aa072fe0a27426
SSDeep	1536:tVofht4HXOG/RtS9KX+x5NKGeTdGh38aZl0cPkKV:tSJt4HFfiKdTdZRcPkK
Size	61440 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Menti Panda = Suspicious file nProtect = Trojan/W32.Agent.61440.BYZ K7AntiVirus = Riskware VBA32 = AdWare.SuperJuan.heur TrendMicro-HouseCall = TROJ_GEN.R4FC2IF Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Vundo!mj DrWeb = Trojan.Siggen2.31637 TrendMicro = TROJ_GEN.R4FC2IF Kaspersky = Trojan.Win32.Menti.idtt Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.ctws McAfee = Vundo!mj F-Secure = Gen:Variant.Vundo.6 F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Cryptic.BTF Norman = W32/Kryptik.AIF Sophos = Mal/Agent-UB GData = Gen:Variant.Vundo.6 Symantec = Trojan.Gen.2 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.jhe BitDefender = Gen:Variant.Vundo.6 NOD32 = a variant of Win32/Kryptik.JHE
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:03:24 08:50:40-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 18944 Initialized Data Size : 78336 Uninitialized Data Size : 0 Entry Point : 0x5784 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.1830 Product Version Number : 5.2.3790.1830 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 6 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : MS Remote Access and Routing ARP Driver File Version : 5.2.3790.1830 (srv03_sp1_rtm.050324-1447) Internal Name : WANARP.SYS Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : WANARP.SYS Product Name : Microsoft® Windows® Operating System Product Version : 5.2.3790.1830
VirusTotal Report submitted 2011-10-07 20:23:20
VirusShare info last updated 2012-07-26 11:11:54

	MD5	ff1084d7d9fa7cd2d071eeef0c36bf3f
	SHA1	c6cf1719dc7b6dcb345b27a19310edbf3f832e09
	SHA256	3f8ea5fe14fba99e936b55c96c018fb1b93dfd56ca196a2edc8d2f953311b05b
SSDeep	3072:KVv58vZuZ1d9Yj/FtjHaVv1nXw3p5wHWZb7Q79vxxtfcyCOQzLhrQAG29pPlyJ:KB//uhWnXw7pM9FNCOOQB2Q
Size	208231 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:Downloader-JIF [Trj] Antiy-AVL = Trojan/Win32.Jorik Ikarus = Trojan.Win32.Jorik AhnLab-V3 = Trojan/Win32.Jorik Panda = Generic Trojan nProtect = Trojan/W32.Agent.208231 K7AntiVirus = Riskware VBA32 = TrojanDownloader.Qhost.jw TrendMicro-HouseCall = TROJ_GEN.R21C1IE Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Jorik!IK CAT-QuickHeal = TrojanDownloader.Ponmocup.a McAfee-GW-Edition = Generic.evx!i DrWeb = Trojan.DownLoader4.20577 ByteHero = Trojan.Win32.Heur.Gen TrendMicro = TROJ_GEN.R21C1IE Kaspersky = Trojan.Win32.Jorik.Pirminay.mg Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Jorik.K!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.hxys McAfee = Generic.evx!i F-Secure = Trojan.Generic.KDV.297459 VIPRE = Trojan.Win32.Generic!BT eSafe = Win32.TRDropper AVG = Dropper.Generic4.NUT Norman = W32/Suspicious_Gen2.NRADH Sophos = Mal/Generic-L GData = Trojan.Generic.KDV.297459 Symantec = Trojan.Gen TheHacker = Trojan/Jorik.Pirminay.ch BitDefender = Trojan.Generic.KDV.297459 NOD32 = a variant of Win32/Kryptik.UFA
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 16384 Initialized Data Size : 196608 Uninitialized Data Size : 0 Entry Point : 0x138e OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.2600.1 Product Version Number : 6.0.2600.1 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Cfcyhlmfh Qyosmxxshap File Description : Internet Service Location protocol library File Version : 6.0.2600.0 (taeyoxcz.010817-1148) Internal Name : INETSLOC.DLL Legal Copyright : © Microsoft Zjumnmujlcs. All rights reserved. Original Filename : INETSLOC.DLL Product Name : Internet Information Services Product Version : 6.0.2600.0
VirusTotal Report submitted 2011-10-21 02:56:14
VirusShare info last updated 2012-07-26 11:11:56

	MD5	c401ebb6279bb79c54562c7424ce9f27
	SHA1	0112dfcc4f7fe424f11aebdc1656d09fbda5ca92
	SHA256	4086136460f4323ac1a888d036f8e4f0730b7106dcb7d81db4a5ee8301bd0a7f
SSDeep	1536:8MV74Nr/DCicEsaaJVFTWa2VMdbJdB/dC5MVGBpdnd9EalHjq3KeSfEJphbD4IC2:vV7ar/ejaaJVFTWa2VMdbJdB/dC5MVGo
Size	95744 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Generic Trojan nProtect = Gen:Variant.Vundo.13 K7AntiVirus = Riskware VBA32 = AdWare.SuperJuan.heur TrendMicro-HouseCall = TROJ_GEN.R30C7KT Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Vundo.av McAfee-GW-Edition = Vundo!nd DrWeb = Trojan.Virtumod.9805 TrendMicro = TROJ_GEN.R30C7KT Kaspersky = Trojan.Win32.Monder.ncjp Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr Jiangmin = Trojan/Monder.aafw McAfee = Vundo!nd F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic21.AKVL Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.13 Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Adware.Virtumonde.NHJ
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:04:20 04:03:03-04:00 PE Type : PE32 Linker Version : 5.12 Code Size : 49152 Initialized Data Size : 86016 Uninitialized Data Size : 0 Entry Point : 0xbe4e OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 3.2.0.25 Product Version Number : 3.2.0.25 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : File Description : PPServer Module File Version : 3, 2, 0, 25 Internal Name : PPServer Legal Copyright : Copyright 1999 Legal Trademarks : OLE Self Register : Original Filename : PPServer.DLL Private Build : Product Name : PPServer Module Product Version : 3, 2, 0, 25 Special Build :
VirusTotal Report submitted 2011-11-30 23:11:35
VirusShare info last updated 2012-07-26 11:12:15

	MD5	d2d83c8484840156ba92df4d23ab87cb
	SHA1	0378b644579693dbc3bddfd6afb808ef256203bc
	SHA256	41c80ab056fb478e1fa6d0e124d045110ededce7c745b028049ef5d150c2d3b6
SSDeep	6144:zGJWR13Bg3IYUL60vmrx8x4D/A9xhiyLqotYwIo4:zzR13FJ4x8qD/GjiymT
Size	274432 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.XPACK.Gen3 Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.13 VirusBuster = Trojan.Kryptik!cTxoSMaLvnE eTrust-Vet = Win32/Monder.A!generic Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[RE] DrWeb = Trojan.Smardec.77 Microsoft = Trojan:Win32/Vundo.gen!AV F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-EI [Cryp] F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.BIER GData = Gen:Variant.Vundo.13 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.llt BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.LLT
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:03:20 13:02:11-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 208896 Initialized Data Size : 94208 Uninitialized Data Size : 0 Entry Point : 0x30831 OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.0 Product Version Number : 5.2.3790.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Vnriirkvy Pzgzmklipsm File Description : Lvgbpubuh Wkxwugi Sockets 2.0 Service Provider File Version : 5.2.3790.0 (srv03_rtm.030324-2048) Internal Name : msafd.dll Legal Copyright : © Rxasimrum Xemlecbmvvo. All rights reserved. Original Filename : msafd.dll Product Name : Sqhficqmq® Jewjzty® Hinvlpseh Tkmprt Product Version : 5.2.3790.0
VirusTotal Report submitted 2011-07-25 06:02:25
VirusShare info last updated 2012-07-26 11:12:44

	MD5	71602cb742f4581deb06a9d47dd6373c
	SHA1	593c2153386b5ab226e2c9e81c9937e29c8bbd4e
	SHA256	41edd060029b4dad3d7addfa1ff915a3b0bdd793034452073558dc6e7c78c524
SSDeep	3072:VKufDp1SP5EMsIBsfqIv+r/XFAoVMqqDLy/GR0:Dl12p0+BKqqDLu
Size	155648 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Ikarus = Trojan.Win32.Pirminay Panda = Suspicious file nProtect = Gen:Variant.Vundo.4 Emsisoft = Trojan.Win32.Pirminay!IK Microsoft = Trojan:Win32/Vundo.gen!AV F-Secure = Gen:Variant.Vundo.4 VIPRE = Virtumonde AVG = Cryptic.CZO GData = Gen:Variant.Vundo.4 BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:22 10:44:33-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 110592 Initialized Data Size : 86016 Uninitialized Data Size : 0 Entry Point : 0x17802 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 2 Language Code : Neutral Character Set : Unicode Company Name : Microsoft Corporation File Description : Ukrainian (Enhanced) Keyboard Layout File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : kbdur1 (3.13) Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : kbdur1.dll Product Name : Microsoft® Windows® Operating System Product Version : 6.1.7600.16385
VirusTotal Report submitted 2011-07-18 01:54:54
VirusShare info last updated 2012-07-26 11:12:47

	MD5	bed05b6a6ab1b1db10e48f60c94ff2bc
	SHA1	92beaa54d315c99791582fe1d1d37c62e9021ca9
	SHA256	422cb08233f2a9992f1cff69d7cec617db07d915810fbfd4ca545434a93d2fb4
SSDeep	3072:Dbs3Ne61ti4o4JEGzFOz9SlZMqqDLy/9:U9rhJEH9RqqDLu
Size	106496 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay nProtect = Gen:Variant.Vundo.5 eTrust-Vet = Win32/Monder.A!generic Emsisoft = Trojan.Win32.Pirminay!IK Microsoft = Trojan:Win32/Vundo.gen!AV F-Secure = Gen:Variant.Vundo.5 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:Malware-gen AVG = Generic23.BIGV GData = Gen:Variant.Vundo.5 BitDefender = Gen:Variant.Vundo.5 NOD32 = a variant of Win32/Kryptik.QGJ
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2007:02:27 09:16:06-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 69632 Initialized Data Size : 77824 Uninitialized Data Size : 0 Entry Point : 0xd122 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6001.18000 Product Version Number : 6.0.6001.18000 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Akpnpwrcr Pexeeulhuca File Description : LSM interfaces proxy Dll File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840) Internal Name : lsmproxy Legal Copyright : © Tastipylf Ipxebkcrbut. All rights reserved. Original Filename : lsmproxy.dll Product Name : Rrgtnesae® Tymuurc® Qmgdoyonk Qtzlas Product Version : 6.0.6001.18000
VirusTotal Report submitted 2011-07-18 13:22:04
VirusShare info last updated 2012-07-26 11:12:52

	MD5	45cd8df4e74b19d83d64fbc2f874df00
	SHA1	b04dfdf199047450de9d144f6625452578516d37
	SHA256	423a91f52250dea1df27c82426a0ba8853b1818e62b33d61822f1f90d744d2ce
SSDeep	3072:+2nw3C9d2HIUdWjdR75QKWUDO8st7pVpo2:pwy9w/dWjTlXjDHsU
Size	103424 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	Avast = Win32:Trojan-gen Ikarus = Trojan.Win32.Pirminay Panda = Suspicious file Emsisoft = Trojan.Win32.Pirminay!IK F-Secure = Trojan.Renos.PJY Prevx = High Risk Cloaked Malware Avast5 = Win32:Trojan-gen AVG = Crypt_c.CEV GData = Trojan.Renos.PJY TheHacker = Trojan/Kryptik.hhf BitDefender = Trojan.Renos.PJY NOD32 = a variant of Win32/Kryptik.HHF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:17 15:51:36-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 92160 Initialized Data Size : 48640 Uninitialized Data Size : 0 Entry Point : 0x17649 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : Neutral Character Set : Unicode Company Name : Microsoft Corporation File Description : KO Hangeul Keyboard Layout for 101 (Type A) File Version : 6.0.6000.16386 (vista_rtm.061101-2205) Internal Name : kbd101a Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : kbd101a.dll Product Name : Microsoft® Windows® Operating System Product Version : 6.0.6000.16386
VirusTotal Report submitted 2010-10-28 21:57:01
VirusShare info last updated 2012-07-26 11:12:52

	MD5	d1d19de30d876224bd2c65ff54c86018
	SHA1	a798e7ce2f293d6a7203baef7f154c02110b6f04
	SHA256	42633ddd51f4a0f70ffafb752b273a86befe9e2ffd98f4338008e57a6d233ad8
SSDeep	1536:PlEWcY9TCmaLMdf0MAcqP6ag4wx2hvjWxV/oq4j:PlEWcY9TCNMT9qyag4U256xyq
Size	80896 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.A.625 Avast = Win32:MalOb-GD Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Gen Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.4 Comodo = UnclassifiedMalware McAfee-GW-Edition = Generic.dx!zvr Microsoft = Trojan:Win32/Vundo PCTools = Trojan.Gen McAfee = Generic.dx!zvr F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:MalOb-GD eSafe = Win32.GenVariant.Vun AVG = Generic23.NEI Norman = W32/Suspicious_Gen2.MXLCM Symantec = Trojan.Gen GData = Gen:Variant.Vundo.4 BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.OCU
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:09:18 17:05:04-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 61440 Initialized Data Size : 57344 Uninitialized Data Size : 0 Entry Point : 0xf621 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6001.18000 Product Version Number : 6.0.6001.18000 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Bpvzsoopi Nskvvnbnlcg File Description : Yiykmbwpy® InfoTech Storage Yhtfxj Library File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840) Internal Name : APSS Legal Copyright : © Mtxyltvhu Corporation. All rights reserved. Original Filename : APSS.DLL Product Name : Ftjrxowtm® Mhkdvnj® Bniobijdq Brxvdg Product Version : 6.0.6001.18000
VirusTotal Report submitted 2011-06-22 03:48:17
VirusShare info last updated 2012-07-26 11:12:56

	MD5	6a1212e0df76c28e9708fa010fbab21b
	SHA1	c6abd6a19f5830067433a5b95fea9a72a17f0d95
	SHA256	427dead0f75928c248462d083f7faacbc21db4e3c2c1e4395cca4414222b7d53
SSDeep	3072:+YAyLhXOsXKzENZExXmRzfsjK/YncCWe7:hAyLhXOfANZExCChcCWe
Size	124928 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.XPACK.Gen Avast = Win32:MalOb-GD [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Genome Panda = Suspicious file nProtect = Trojan/W32.Vundo.124928.E K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!k/PuGdC5TB0 eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R47CDB8 Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Agent.rglz SUPERAntiSpyware = Trojan.Agent/Gen-Kryptik McAfee-GW-Edition = Vundo!nw DrWeb = Trojan.WinSpy.1558 TrendMicro = TROJ_GEN.R47CDB8 Kaspersky = Trojan.Win32.Agent.rglz Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr Jiangmin = Trojan/Genome.anby McAfee = Vundo!nw F-Secure = Gen:Variant.Vundo.13 VIPRE = Virtumonde eSafe = Win32.TRCrypt.XPACK F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic27.BNP Norman = W32/Kryptik.AIF Symantec = Trojan.Gen GData = Gen:Variant.Vundo.13 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.qgu BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.QGU
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2007:02:19 04:46:48-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 45056 Initialized Data Size : 126976 Uninitialized Data Size : 0 Entry Point : 0xb401 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.0.2178.1 Product Version Number : 5.0.2178.1 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Vxsfopfqd Corporation File Description : WMI service core functionality File Version : 5.00.2178.1 Internal Name : wmicore Legal Copyright : Copyright (C) Pjskrmttx Corp. 1981-1999 Original Filename : wmicore.DLL Product Name : Ebqxpdgzf(R) Fjawkyf (R) 2000 Vrhsvnaab Aqvnht Product Version : 5.00.2178.1
VirusTotal Report submitted 2012-04-05 07:43:19
VirusShare info last updated 2012-07-26 11:12:58

	MD5	a2eefe5364c8e66440399f58063cd312
	SHA1	a5f05df91c6001f44e65af9e620980a7281a0a75
	SHA256	43863e2d73e872f8688a8c2012561772590eac91e0b7d0fc040f36908c6b8e79
SSDeep	1536:qvnV04qDSiTYKNwU7MFRLZE2bu94vL9W:5IiTvTgFRLG2bF
Size	54784 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Genome Panda = Suspicious file Rising = Trojan.Win32.Generic.1234CB89 nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware Emsisoft = Trojan.Win32.Pirminay!IK Kaspersky = Trojan.Win32.Monder.mrww Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr Jiangmin = Trojan/Genome.aagx F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-EI [Cryp] F-Prot = W32/Virtumonde.BZ.gen!Eldorado Norman = W32/Kryptik.AIF GData = Gen:Variant.Vundo.4 Commtouch = W32/Virtumonde.BZ.gen!Eldorado BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.GND
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:03:31 23:58:45-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 15360 Initialized Data Size : 75264 Uninitialized Data Size : 0 Entry Point : 0x4add OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Windows Media CodecDSP Proxy Stub Dll File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : wmcodecdspps.dll Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : wmcodecdspps.dll Product Name : Microsoft® Windows® Operating System Product Version : 6.1.7600.16385 Ole Self Register :
VirusTotal Report submitted 2011-09-23 10:20:50
VirusShare info last updated 2012-07-26 11:13:17

	MD5	831c7dca36071f709241b7c96de2f83e
	SHA1	9ea993980a9a258c8351cc868dc84c987dc05252
	SHA256	440f221663f9b13d0c16f897359d236d3a2643e5327143986bdd79b48231aa2e
SSDeep	1536:Lpltj0fMZ4Ov0Hk/kdRr1XhCCThYusK2mQBvoL/ARVhgRf0AVZmMwLgx:4GGHsMnC2CIqskDgRMAVZmMwEx
Size	114688 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Genome Panda = Suspicious file nProtect = Trojan/W32.Vundo.114688.R K7AntiVirus = Riskware VBA32 = AdWare.SuperJuan.heur eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_SPNR.15KM11 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Vundo.Gen McAfee-GW-Edition = Vundo!mf DrWeb = Trojan.Click2.6769 TrendMicro = TROJ_SPNR.15KM11 Kaspersky = Trojan.Win32.Genome.zvrm Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = DangerousObject.Multi.fbd McAfee = Vundo!mf F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) eSafe = Win32.TRVundo F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic25.BPM Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen.2 Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Adware.Virtumonde.NHH
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:11:24 12:21:27-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 57344 Initialized Data Size : 86016 Uninitialized Data Size : 0 Entry Point : 0xea6a OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.0.1.1 Product Version Number : 5.0.1.1 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Media Foundation Crash Dump Encryption DLL File Version : 5.00 (win7_rtm.090713-1255) Internal Name : Media Foundation Crash Dump Encryption DLL Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : EncDump.DLL Product Name : Microsoft® Windows Media Product Version : 5.00
VirusTotal Report submitted 2012-05-06 15:59:48
VirusShare info last updated 2012-07-26 11:13:28

	MD5	c24e286cc479bc683e6cfe4e96f3d3a2
	SHA1	ff819b590ef8e6df1b673867afd0a25009dbb401
	SHA256	44320aa88d725e83f09582a64cb12773b1d360efd36e4107c17f71ca6cc97f16
SSDeep	3072:onVMloLTkQzxDQEu22hGlMjyJcwvTj2Mrj:7lOXlQEMhP6sM/
Size	108032 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-GD [Cryp] Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Genome Panda = Trj/CI.A Rising = Trojan.Win32.Generic.128D95BF nProtect = Gen:Variant.Vundo.13 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!j9DSYHWfpGw eTrust-Vet = Win32/Monder.A!generic TrendMicro-HouseCall = TROJ_GEN.R01C2HP Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] TrendMicro = TROJ_GEN.R01C2HP Kaspersky = Trojan.Win32.Genome.vjmj Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Genome.akxn McAfee = Vundo!kn F-Secure = Trojan.Vundo.6095 VIPRE = Virtumonde F-Prot = W32/Virtumonde.CD.gen!Eldorado AVG = Generic22.BYHN Norman = W32/Suspicious_Gen2.OWBOE Sophos = Mal/Generic-L GData = Trojan.Vundo.6095 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CD.gen!Eldorado TheHacker = Trojan/Kryptik.oxq BitDefender = Trojan.Vundo.6095 NOD32 = a variant of Win32/Kryptik.OXQ
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:06:19 13:18:21-04:00 PE Type : PE32 Linker Version : 5.12 Code Size : 57344 Initialized Data Size : 94208 Uninitialized Data Size : 0 Entry Point : 0xad49 OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Btxmalesx Qspoakhbhnb File Description : Shell scrap object handler File Version : 5.1.2600.0 (nfunjbyq.010817-1148) Internal Name : shole Legal Copyright : © Hcsqowbmc Gehywoayxwc. All rights reserved. Original Filename : SHSCRAP.DLL Product Name : Usvzfyxox® Bydffez® Makrhcoel Kkzetx Product Version : 5.1.2600.0
VirusTotal Report submitted 2011-10-14 02:14:37
VirusShare info last updated 2012-07-26 11:13:31

	MD5	46e414f44add321c754e73591461f31a
	SHA1	fdab51da93e3d12f988b05f34a9357c66a060933
	SHA256	4449330d3047b91005d3c2b354b7febf714675f175cc5e4efa8f94158eef29c7
SSDeep	3072:TPLqT+vDiGv1hneGmCRcCBG60kAotMqqDLy/z1oiAL/heK5DR:TPWSvxrneGmCCCuqqDLuzT+/gKdR
Size	233472 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.233472 Avast = Win32:MalOb-HH [Cryp] Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Fakeav.233472.BW Panda = Generic Trojan nProtect = Trojan/W32.Genome.233472.B K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!qJhTNFLDHFo eTrust-Vet = Win32/Vundo.HRX TrendMicro-HouseCall = TROJ_GEN.R47C2FP Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[Cont] McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.Smardec.75 TrendMicro = TROJ_GEN.R47C2FP Kaspersky = Trojan.Win32.Genome.vixg Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Vundo Jiangmin = Trojan/Generic.gicd McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.JDC Norman = W32/Kryptik.AIF Sophos = Mal/Generic-L GData = Gen:Variant.Vundo.13 Symantec = Trojan.Vundo!gen9 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.npr BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.NPR
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2007:03:30 12:45:09-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 155648 Initialized Data Size : 118784 Uninitialized Data Size : 0 Entry Point : 0x22bc2 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7000.0 Product Version Number : 6.1.7000.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Jlvijhced Rzpfwelvimd File Description : Myslwzm OCR Engine - Reverse Video Detection for Asian OCR File Version : 6.1.7000.0 (winmain_win7beta.081212-1400) Internal Name : reverse Legal Copyright : © Jtfeaoojh Ksnvaabflio. All rights reserved. Original Filename : reverse.dll Product Name : Pdxakpbrk® Voxzkpw® Lztauuaav Cttnfv Product Version : 6.1.7000.0
VirusTotal Report submitted 2012-03-17 08:25:21
VirusShare info last updated 2012-07-26 11:13:33

	MD5	e13da7e9f105827c1c7d3f1f5c721fec
	SHA1	dc1d6ebefdcae46175bbcc917c1b1b6a7d137056
	SHA256	4637aa82c6e3812b99238d55c0dfb3fef93114fb85ae9f451799ca3145004b90
SSDeep	6144:yo8MhiPQAp13LHVj69atCVHMoex+IV2/MvnuOas0RlBin7m0wgHf7YLi2No:yoxh0z3JIu9dv8JRIasHjYLi2No
Size	303605 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Pirminay.PL Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Gen.Variant.Vundo Panda = Suspicious file nProtect = Backdoor.Generic.486598 VBA32 = Trojan.Pirminay.wy Emsisoft = Gen.Variant.Vundo!IK PCTools = Trojan.ADH Jiangmin = Trojan/Pirminay.ct F-Secure = Backdoor.Generic.486598 VIPRE = Packed.Win32.Pirminay.a (v) Avast5 = Win32:Malware-gen AVG = Generic19.BGAZ GData = Backdoor.Generic.486598 Symantec = Trojan.ADH.2 TheHacker = Trojan/Pirminay.wy BitDefender = Backdoor.Generic.486598 NOD32 = a variant of Win32/Kryptik.HKC
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:28 11:11:30-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 16384 Initialized Data Size : 554496 Uninitialized Data Size : 0 Entry Point : 0x4cd6 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7000.0 Product Version Number : 6.1.7000.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Speech TIP File Version : 6.1.7000.0 (winmain_win7beta.081212-1400) Internal Name : SpTip.dll Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : SpTip.dll Product Name : Microsoft® Windows® Operating System Product Version : 6.1.7000.0
VirusTotal Report submitted 2010-12-29 20:21:28
VirusShare info last updated 2012-07-26 11:14:12

	MD5	aa314850c384c0ca2d00ca394cabc39c
	SHA1	5f34f53a691c308862e310602962a674d9fb5d40
	SHA256	46f6e5a06184919e50bd145052c403b3fa8b575eda7b1204387d40c2704414a5
SSDeep	3072:zwZmHSsJ41u+q/klEOd4FhCY6Zjcxl1JDzcY7H519a3Dg:y3sJ41LRlEW4Xr6ZIxlNH51I
Size	114176 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Suspicious file Rising = Trojan.Win32.Generic.128C46FB K7AntiVirus = Riskware VBA32 = Trojan.Monder.mlpm TrendMicro-HouseCall = TROJ_GEN.R29C1HI Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Vundo.AV6 SUPERAntiSpyware = Trojan.Agent/Gen-Carberp McAfee-GW-Edition = Vundo!kh DrWeb = Trojan.Virtumod.10080 TrendMicro = TROJ_GEN.R29C1HI Kaspersky = Trojan.Win32.Monder.mlpm Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Monder.abbr McAfee = Vundo!kh F-Secure = Gen:Variant.Renos.61 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CI.gen!Eldorado AVG = Cryptic.BQF Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Renos.61 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CI.gen!Eldorado TheHacker = Trojan/Monder.mkhb BitDefender = Gen:Variant.Renos.61 NOD32 = a variant of Win32/Kryptik.JHE
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:03:22 14:25:14-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 66048 Initialized Data Size : 84992 Uninitialized Data Size : 0 Entry Point : 0x10e14 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : WMI Performance Reverse Adapter Resources File Version : 5.1.2600.0 (xpclient.010817-1148) Internal Name : WmiApRes.dll Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : WmiApRes.dll Product Name : Microsoft® Windows® Operating System Product Version : 5.1.2600.0
VirusTotal Report submitted 2012-06-02 11:17:12
VirusShare info last updated 2012-07-26 11:14:27

	MD5	464daca5696e934bcb763f4135a9c2e5
	SHA1	9dc07e2b5dce55ef384f1147dd7a9f66c85b870c
	SHA256	4c32c391d5cc5bc06fd225c432614d5619178426b75dbe59b99d65dc651edc15
SSDeep	1536:aZ+WoyiknK8LkeHt4U0Jrc91TZT37hE8rajSX538WIkq+3q:a4WzhNS491TdrTajq38WIkq+3q
Size	84992 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/win32.agent.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Suspicious file nProtect = Gen:Variant.Vundo.13 K7AntiVirus = Riskware VBA32 = AdWare.SuperJuan.heur eTrust-Vet = Win32/Monder.A!generic TrendMicro-HouseCall = TROJ_GEN.R4FC2IF Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Vundo.av McAfee-GW-Edition = Artemis!464DACA5696E DrWeb = Trojan.Click1.60740 TrendMicro = TROJ_GEN.R4FC2IF Kaspersky = Trojan.Win32.Monder.mwym Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Menti.fam!tr PCTools = Trojan.Gen McAfee = Artemis!464DACA5696E F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.13 Symantec = Trojan.Gen.2 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.huo BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.HUO
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:04:09 05:23:39-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 73728 Initialized Data Size : 49152 Uninitialized Data Size : 0 Entry Point : 0x1295a OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.0 Product Version Number : 5.2.3790.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Security Support Provider Interface File Version : 5.2.3790.0 (srv03_rtm.030324-2048) Internal Name : security.dll Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : security.dll Product Name : Microsoft® Windows® Operating System Product Version : 5.2.3790.0
VirusTotal Report submitted 2011-10-18 20:15:10
VirusShare info last updated 2012-07-26 11:16:23

	MD5	beefeb74d14a81473744066698f53fc8
	SHA1	5ea34d4a7ece25bb1bd401f9601b62b099bb46b6
	SHA256	4d11d6c4577755a62ab26843afb033773efdb34e15c3178531b62b85de3c5e70
SSDeep	3072:unVM//LTEUFQhGqQEP2+GldjyJcwvTj2MIj:p/fLarQEO+u6sMw
Size	108032 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-GD [Cryp] Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Genome Panda = Suspicious file nProtect = Gen:Variant.Vundo.13 K7AntiVirus = Riskware VirusBuster = Trojan.Genome!E0fNK7tVoxs eTrust-Vet = Win32/Monder.A!generic TrendMicro-HouseCall = TROJ_GEN.R4FC2HM Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Artemis!BEEFEB74D14A DrWeb = Trojan.Smardec.76 TrendMicro = TROJ_GEN.R4FC2HM Kaspersky = Trojan.Win32.Genome.tfdw Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Genome.akxn McAfee = Artemis!BEEFEB74D14A F-Secure = Gen:Variant.Vundo.13 VIPRE = Virtumonde F-Prot = W32/Virtumonde.CD.gen!Eldorado AVG = Generic22.BYHN Norman = W32/Suspicious_Gen2.PXCHW Sophos = Mal/Generic-L GData = Gen:Variant.Vundo.13 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CD.gen!Eldorado BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.OXQ
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:06:19 13:18:21-04:00 PE Type : PE32 Linker Version : 5.12 Code Size : 57344 Initialized Data Size : 94208 Uninitialized Data Size : 0 Entry Point : 0xad49 OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Btxmalesx Qspoakhbhnb File Description : Shell scrap object handler File Version : 5.1.2600.0 (nfunjbyq.010817-1148) Internal Name : shole Legal Copyright : © Hcsqowbmc Gehywoayxwc. All rights reserved. Original Filename : SHSCRAP.DLL Product Name : Usvzfyxox® Bydffez® Makrhcoel Kkzetx Product Version : 5.1.2600.0
VirusTotal Report submitted 2011-09-28 15:34:06
VirusShare info last updated 2012-07-26 11:16:41

	MD5	16fd250aca647d2ebec5609a461e0898
	SHA1	465ba5760dcd59ee8e0f394bb140bcfe47f6088f
	SHA256	4d6eb9027a4b9558b5b9a06a2f3cbfaf57a2de60cec28746aae7f52471fbd10b
SSDeep	6144:eoZ1uk30dbJ9kd9Bc1hKs1zPrkaQi3ykwKy/xrdAPZ8PAQTNOoxPy2PBvnmmrY:eobukkdbnO21h7bpzwKqxAPy9xP/mmrY
Size	403860 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dldr.Ponmocup.A.340 Avast = Win32:Pirminay-V [Trj] Ikarus = Trojan.Win32.Pirminay Panda = Trj/CI.A Comodo = TrojWare.Win32.Trojan.Agent.Gen Emsisoft = Trojan.Win32.Pirminay!IK DrWeb = Trojan.Smardec.75 Microsoft = TrojanDownloader:Win32/Ponmocup.A VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Pirminay-V [Trj] AVG = Generic23.BLDW Norman = W32/Obfuscated.L GData = Win32:Pirminay-V NOD32 = a variant of Win32/Kryptik.LNR
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:15 10:29:29-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 401408 Initialized Data Size : 4096 Uninitialized Data Size : 491520 Entry Point : 0xdac20 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 2 Language Code : Neutral Character Set : Unicode Company Name : Hvyzymjqj Pgscgwvqhil File Description : FYROMacedonian_Cyrillic Keyboard Layout File Version : 5.1.2600.0 (abafasin.010817-1148) Internal Name : kbdmac (3.11) Legal Copyright : © Xktwcioxs Vbdjfujfnfb. All rights reserved. Original Filename : kbdmac.dll Product Name : Nvitddzjt® Xoamqmr® Jmudxcshd Bcipfs Product Version : 5.1.2600.0
VirusTotal Report submitted 2011-07-18 20:11:12
VirusShare info last updated 2012-07-26 11:16:49

	MD5	520502489d9453b7ae7fa3e5f55c4a37
	SHA1	c7c7a48a7a2f9ac885511e87bae5f519321b1915
	SHA256	4e364091b9c75e7382b20f0ce0aec6451118b4c99df616aef2361ac3da1b4110
SSDeep	192:z+b3Ol0FJTcgSXeUIp1V1A41HgSZc3hfVjmikR3rNAUv20xfLu9zNxXR:zu3Ol8VDp1A41HT++R3120xapjXR
Size	21016 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Offend.5523425 Avast = Win32:Malware-gen Ikarus = not-a-virus:AdWare.Win32.SuperJuan AhnLab-V3 = Trojan/Win32.Pirminay Panda = Suspicious file nProtect = Trojan.Generic.5523425 K7AntiVirus = Trojan VBA32 = Trojan.Pirminay.baz Emsisoft = Riskware.AdWare.Win32.SuperJuan!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Generic.dx!bcwf DrWeb = Trojan.WinSpy.1014 Kaspersky = Trojan.Win32.Pirminay.baz Fortinet = W32/Pirminay.BAZ!tr Jiangmin = TrojanDownloader.Agent.ctuc McAfee = Generic.dx!bcwf F-Secure = Trojan.Generic.5523425 VIPRE = Trojan.Win32.Generic!BT AVG = Downloader.Small.62.D Norman = W32/Troj_Generic.OYFS Sophos = Sus/Behav-278 GData = Trojan.Generic.5523425 BitDefender = Trojan.Generic.5523425 NOD32 = a variant of Win32/Ponmocup.AA
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 3072 Initialized Data Size : 2048 Uninitialized Data Size : 0 Entry Point : 0x196f OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-02-18 20:51:24
VirusShare info last updated 2012-07-26 11:17:05

	MD5	ef80833decdf3ba72c054cea90140180
	SHA1	349c8453c9b72fa8c7ba1e90381391fed4d4e637
	SHA256	4f870b4ee3c6af11e74bea80071c89e5dbc082fa2a9bbea82e0ebb89e9ce50ff
SSDeep	3072:s/inM2Lb3lMgQefjIjvuOjPcQ1sZPPlgbGbdLrMvKYdakH7:s/iM2X1Mgjkm6T4PvbdMvR17
Size	150016 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.307200 Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Gen Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!gxyIzvTdSfQ eTrust-Vet = Win32/Monder.A!generic TrendMicro-HouseCall = TROJ_GEN.R72C2DD Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Vundo SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[RE] McAfee-GW-Edition = Vundo!ip TrendMicro = TROJ_GEN.R72C2DD Kaspersky = UDS:DangerousObject.Multi.Generic Microsoft = Trojan:Win32/Vundo Fortinet = W32/Moder.DRJY!tr PCTools = Trojan.Gen McAfee = Vundo!ip F-Secure = Gen:Variant.Vundo.4 VIPRE = Virtumonde Avast5 = Win32:Vundo-JU [Trj] AVG = Generic21.CPYP Norman = W32/Suspicious_Gen2.LGYGM Sophos = Mal/Generic-L Symantec = Trojan.Gen GData = Gen:Variant.Vundo.4 TheHacker = Trojan/Kryptik.lxf BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:04:14 23:19:50-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 94208 Initialized Data Size : 102400 Uninitialized Data Size : 0 Entry Point : 0x13f35 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 2 Language Code : Neutral Character Set : Unicode Company Name : Wdtozaoqi Wnrxmqwlglv File Description : Arabic_French_102 Keyboard Layout File Version : 6.0.6000.16386 (tvvmg_rtm.061101-2205) Internal Name : kbda3 (3.13) Legal Copyright : © Vcnhbzhqo Yhetcarnakf. All rights reserved. Original Filename : kbda3.dll Product Name : Juionegxd® Wphxkgi® Yxfjtgdks Ygmtbf Product Version : 6.0.6000.16386
VirusTotal Report submitted 2011-07-19 02:48:31
VirusShare info last updated 2012-07-26 11:17:36

	MD5	ba377d6905f7d57082a5fc0a8f8199df
	SHA1	b85662bcf59a0b63147d25fedefa651b8696aac6
	SHA256	501643fdd3f60d55066a58ce549733e9b7e88ddc5a0de60f1a0cf9a3ab7314d7
SSDeep	6144:jKGRwFJkWWCPIdDfHeDK+bSArqQzj5e8eOu:jK1xv/ITUej
Size	229355 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:Downloader-JEH [Trj] Antiy-AVL = Trojan/Win32.Jorik Ikarus = Trojan.Win32.Jorik AhnLab-V3 = Trojan/Win32.Jorik Panda = Trj/CI.A nProtect = Gen:Variant.Downloader.10 K7AntiVirus = Riskware VirusBuster = Trojan.Injector!RnRC6TivcGI VBA32 = TrojanDownloader.CodecPack.sjt TrendMicro-HouseCall = TROJ_GEN.R4FC3IF Emsisoft = Trojan.Win32.Jorik!IK CAT-QuickHeal = Trojan.Jorik.Pirminay.arz SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.WinSpy.1014 ByteHero = Trojan.Win32.Heur.Gen TrendMicro = TROJ_GEN.R4FC3IF Kaspersky = Trojan.Win32.Jorik.Pirminay.arz Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Jorik.K!tr PCTools = Trojan.ADH Jiangmin = Trojan/Generic.hxys McAfee = Generic Malware.ms F-Secure = Trojan.Generic.6411322 VIPRE = Trojan.Win32.Generic!BT AVG = Dropper.Generic4.TYV Norman = W32/Obfuscated.L GData = Trojan.Generic.6411322 Symantec = Trojan.ADH TheHacker = Trojan/Jorik.Pirminay.gn BitDefender = Trojan.Generic.6411322 NOD32 = a variant of Win32/Injector.HZU
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 225280 Initialized Data Size : 4096 Uninitialized Data Size : 45056 Entry Point : 0x42c00 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.1106 Product Version Number : 5.1.2600.1106 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Uhaaruimv Corporation File Description : Schedule Tasks File Version : 5.1.2600.1106 (xpsp1.020828-1920) Internal Name : SchTasks.exe Legal Copyright : © Hvszzqzko Ayjiatrrgab. All rights reserved. Original Filename : ScTasks.exe Product Name : Sppufspos® Jucjimo® Lzfcssxbv Belchn Product Version : 5.1.2600.1106
VirusTotal Report submitted 2011-12-02 09:16:29
VirusShare info last updated 2012-07-26 11:17:51

	MD5	b1c50409e4cbc2b201e3437297ee7f9a
	SHA1	e686dc52099dc28b4277605ddaa15354341ed633
	SHA256	506dc0a5dd9fc84513cd40c80cb31e93b61ba0680975c16072f9e3972eb89d36
SSDeep	3072:s9dgfbZJdM/P2jI8QpDL8bFKOik9+AOIFnJ5gG3moqjU:sobZJxju8JJibAlnJ5g6AY
Size	180224 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/Win32.Monder.gen Ikarus = Trojan.Win32.Pirminay Rising = Trojan.Win32.Generic.12996088 K7AntiVirus = Riskware VirusBuster = Trojan.Monder!NH97qu+mnuc VBA32 = Trojan.Monder.msru TrendMicro-HouseCall = TROJ_GEN.R30C2IF Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Vundo.av McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.Virtumod.10447 TrendMicro = TROJ_GEN.R30C2IF Kaspersky = Trojan.Win32.Monder.msru Microsoft = Trojan:Win32/Vundo.gen!AV ViRobot = Trojan.Win32.A.Monder.180224 Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Generic.mnjr McAfee = Generic Malware.ms ClamAV = PUA.Win32.Packer.Armadillo-93 F-Secure = Gen:Variant.Hiloti.2 VIPRE = Trojan.Win32.Kryptik.laq (v) eSafe = Win32.TRVundo F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.CCVJ Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Hiloti.2 Symantec = Trojan.Gen.2 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.ndt BitDefender = Gen:Variant.Hiloti.2 NOD32 = a variant of Win32/Kryptik.NDT
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2005:11:08 22:24:03-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 106496 Initialized Data Size : 106496 Uninitialized Data Size : 0 Entry Point : 0x170fe OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.3959 Product Version Number : 5.2.3790.3959 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Knjhdwmua Ovzlylxsnrp File Description : ISCII Code Page Translation DLL File Version : 5.2.3790.3959 (srv03_sp2_rtm.070216-1710) Internal Name : c_iscii Legal Copyright : © Sxyezpawe Kitqitdkggz. All rights reserved. Original Filename : c_iscii.dll Product Name : Jqhbqugwt® Qutjele® Rpzmisown Aztgqi Product Version : 5.2.3790.3959
VirusTotal Report submitted 2012-06-08 14:31:12
VirusShare info last updated 2012-07-26 11:17:59

	MD5	617a87f54146a054e64c554527ae5831
	SHA1	3c0ce575e797a3810d29feb3c7b9e967a244e85e
	SHA256	50a2bd293cc4cbe3990bc4fc55d10ce8a1ceb5c67e62c1e49bbe612634e5d25c
SSDeep	3072:MKYfDp1SP5EILHsfKZv8OFzo1MqqDLy/jn0:kl1ArvdqqDLu
Size	155648 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Pirminay Panda = Suspicious file nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_GEN.R11C2GD Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK DrWeb = Trojan.Click1.54924 TrendMicro = TROJ_GEN.R11C2GD Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr Jiangmin = Trojan/Generic.iqrf F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Cryptic.CZO Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Genome.sqdx BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:22 10:44:33-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 110592 Initialized Data Size : 86016 Uninitialized Data Size : 0 Entry Point : 0x17802 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 2 Language Code : Neutral Character Set : Unicode Company Name : Microsoft Corporation File Description : Ukrainian (Enhanced) Keyboard Layout File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : kbdur1 (3.13) Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : kbdur1.dll Product Name : Microsoft® Windows® Operating System Product Version : 6.1.7600.16385
VirusTotal Report submitted 2011-09-21 22:59:22
VirusShare info last updated 2012-07-26 11:18:04

	MD5	669d99336303b9901f91f4ef0df1b357
	SHA1	c6afcc3d8aeb95827e0fdb0c8c30e4d0d0c39e36
	SHA256	50b269d3409bc9245b941197dd8fff65eedac51248edab34957afb6206c53bc8
SSDeep	1536:FuWv7NegBYUhirXQCR/blh6iOyKDr2hYtMU7xY7YwR3:DhYUdilc2K5W
Size	98304 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-GD [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Rising = Trojan.Win32.Generic.129DD1D8 nProtect = Trojan.Generic.5921802 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!bKjNDeiw4HY VBA32 = Trojan.Monder.mxaw eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R47C2EE Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.Virtumod.10119 TrendMicro = TROJ_GEN.R47C2EE Kaspersky = Trojan.Win32.Monder.mxaw Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Monder.abef McAfee = Generic Malware.ms F-Secure = Trojan.Generic.5921802 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CD.gen!Eldorado AVG = Generic22.ZNK Norman = W32/Suspicious_Gen2.RSTEN Sophos = Troj/Virtum-Gen GData = Trojan.Generic.5921802 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CD.gen!Eldorado TheHacker = Trojan/Kryptik.ndi BitDefender = Trojan.Generic.5921802 NOD32 = a variant of Win32/Kryptik.NDI
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:06:30 10:11:52-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 20480 Initialized Data Size : 110592 Uninitialized Data Size : 0 Entry Point : 0x20c9 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7000.0 Product Version Number : 6.1.7000.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Ttbmtwjsq Magziqauxla File Description : Zwgmzsaid Base Smart Card Crypto Provider File Version : 6.1.7000.0 (winmain_win7beta.081212-1400) Internal Name : basecsp.dll Legal Copyright : © Vrznvwwzv Dboyduehdmp. All rights reserved. Original Filename : basecsp.dll Product Name : Jbfhhzscm® Jtdaxgv® Qvisjwtag Mivnrv Product Version : 6.1.7000.0
VirusTotal Report submitted 2012-04-11 20:42:51
VirusShare info last updated 2012-07-26 11:18:05

	MD5	7b3fc07b299a08f347b5a4de8b6bd89f
	SHA1	208ad4dfdfc1c1e2894e154ca6892cfa9af246c3
	SHA256	532b37f8cf2b6d1718d26aaef9cd178afd24a69c2f7c485378207813dca36bef
SSDeep	3072:qvZH8tFJbA81CkAOtDyCvKFFrHolEMqqDLy/Xn+Pe/4NKCnsr5:qvgGwSOtD/w1HeqqDLuXsOuKqsr
Size	160768 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-HF [Cryp] Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Vundo Panda = Generic Trojan Rising = Trojan.Win32.Generic.1289ABC8 nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!4OpO7Jrai9Y eTrust-Vet = Win32/Monder.A!generic TrendMicro-HouseCall = TROJ_GEN.R4FC2IJ Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.Click1.64012 TrendMicro = TROJ_GEN.R4FC2IJ Kaspersky = Trojan.Win32.Genome.wuvt Microsoft = Trojan:Win32/Vundo.gen!AV ViRobot = Trojan.Win32.Vundo.160768 Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.ijxo McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.4 VIPRE = Virtumonde F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.AZQC Norman = W32/Suspicious_Gen2.QGPRK Sophos = Troj/Virtum-Gen Symantec = Trojan.Gen GData = Gen:Variant.Vundo.4 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.lxf BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:08:19 09:46:42-04:00 PE Type : PE32 Linker Version : 5.12 Code Size : 94208 Initialized Data Size : 118784 Uninitialized Data Size : 0 Entry Point : 0x13a32 OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.6.7000.0 Product Version Number : 6.6.7000.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Vnrmgjtri Lpzybpvwlac File Description : DirectShow Runtime. File Version : 6.6.7000.0 (winmain_win7beta.081212-1400) Internal Name : QCap.dll Legal Copyright : © Uytnvwlob Dbtjrslawzr. All rights reserved. Original Filename : QCap.dll Product Name : Rkathmooi® Rufbqqx® Vnvlhzjpv Gjyxup Product Version : 6.6.7000.0 Ole Self Register :
VirusTotal Report submitted 2011-11-18 05:04:31
VirusShare info last updated 2012-07-26 11:18:59

	MD5	11135af7d22eef36752963d57ac1ec45
	SHA1	092f92d8da2fd1d6334b1905ab3b7a4bfc762743
	SHA256	560bfbc81b12321554eaf5023d59ca7686414f6cdf9dacba4b3b545a5f05879d
SSDeep	1536:GesG0tYsfwEhXRISKrbBB72FimYFrm6V:GeVEYsoEdRCdB7oWK6V
Size	57856 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-HH [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Suspicious file Rising = Trojan.Win32.Generic.125330A3 nProtect = Trojan/W32.Pirminay.57856 K7AntiVirus = Riskware VirusBuster = Trojan.Pirminay!1oiZ+FdYoXM VBA32 = Trojan.Pirminay.knz eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R42CRAO Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Artemis!11135AF7D22E DrWeb = Trojan.WinSpy.952 TrendMicro = TROJ_GEN.R42CRAO Kaspersky = Trojan.Win32.Pirminay.cyv Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.ed McAfee = Artemis!11135AF7D22E F-Secure = Trojan.Generic.KDV.115437 VIPRE = Trojan.Win32.Kryptik.laq (v) eSafe = Win32.TRATRAPS F-Prot = W32/Virtumonde.BZ.gen!Eldorado AVG = Crypt_c.CDR Norman = W32/Kryptik.AIF Sophos = Mal/Generic-L GData = Trojan.Generic.KDV.115437 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.BZ.gen!Eldorado TheHacker = Trojan/Kryptik.hhf BitDefender = Trojan.Generic.KDV.115437 NOD32 = a variant of Win32/Kryptik.HHF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:08:26 15:09:38-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 50688 Initialized Data Size : 41984 Uninitialized Data Size : 0 Entry Point : 0xd439 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Remote Access Device DLL for modems, PADs and switches File Version : 6.0.6000.16386 (vista_rtm.061101-2205) Internal Name : RASMXS.DLL Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : RASMXS.DLL Product Name : Microsoft® Windows® Operating System Product Version : 6.0.6000.16386
VirusTotal Report submitted 2012-05-11 16:07:30
VirusShare info last updated 2012-07-26 11:20:06

	MD5	bc619f00f81939c6498d8717b404d110
	SHA1	c5e91affe6ff74495b8ce0e3253cfbb93ebce2b8
	SHA256	5665927073802c80eebbd5d4d1d602e8a5e5871b916172a8a96096a6c948eb69
SSDeep	3072:FIatfslUQCRlMnogMqqDLy/COcWKCdzCe757HG:RtfOUdPqqDLuCOXdC
Size	126976 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Ikarus = Trojan.Win32.Pirminay nProtect = Gen:Variant.Vundo.16 K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_GEN.R4FC2IG Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Artemis!BC619F00F819 TrendMicro = TROJ_GEN.R4FC2IG Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen McAfee = Artemis!BC619F00F819 F-Secure = Gen:Variant.Vundo.16 F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.AOOB Norman = W32/Kryptik.AIF Sophos = Mal/Generic-L GData = Gen:Variant.Vundo.16 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.oxp BitDefender = Gen:Variant.Vundo.16 NOD32 = a variant of Win32/Kryptik.OXP
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:03:12 03:17:07-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 40960 Initialized Data Size : 126976 Uninitialized Data Size : 0 Entry Point : 0x72b2 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.6914.0 Product Version Number : 6.1.6914.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 1 Language Code : English (U.S.) Character Set : Unicode Company Name : SEIKO EPSON CORPORATION File Description : EPSON Printer Driver File Version : 6.1.6914.0 (fbl_dox_dev_ihvs.081001-2123) Internal Name : ep0lvr1g.dll Legal Copyright : Copyright (c) SEIKO EPSON CORPORATION 2003-2004. All rights reserved. Original Filename : ep0lvr1g.dll Product Name : EPSON Printer Driver Product Version : 6.1.6914.0
VirusTotal Report submitted 2011-10-13 19:18:56
VirusShare info last updated 2012-07-26 11:20:13

	MD5	ddaee3deaf6ac7201896edcd0ada89d9
	SHA1	8a28920c51da9bfbfbe77f7bbb084a02c4b045c1
	SHA256	5706d6cf520cf7fcffcd0d2abdf6baab319e7200b5340c6450f574d0be06f73b
SSDeep	1536:cEqR5DtwLNE+AzklnryMySMzCmxJSZPxvx3EnWg:cEk5ZwLNE+AzkBryMyXzcZJJUW
Size	70144 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Menti Panda = Suspicious file nProtect = Trojan/W32.Vundo.70144.P K7AntiVirus = Riskware VBA32 = AdWare.SuperJuan.heur TrendMicro-HouseCall = TROJ_GEN.R30C2HU Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Vundo.av SUPERAntiSpyware = Trojan.Agent/Gen-Vonder McAfee-GW-Edition = Vundo!lf DrWeb = Trojan.Siggen2.34690 TrendMicro = TROJ_GEN.R30C2HU Kaspersky = Trojan.Win32.Menti.hxed Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Virtum!tr Jiangmin = Trojan/Generic.dnpg McAfee = Vundo!lf F-Secure = Gen:Variant.Vundo.6 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-EI [Cryp] F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Cryptic.BTF Norman = W32/Suspicious_Gen2.PPHJF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.6 Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Gen:Variant.Vundo.6 NOD32 = a variant of Win32/Kryptik.JHE
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:12:12 13:42:30-05:00 PE Type : PE32 Linker Version : 5.12 Code Size : 26624 Initialized Data Size : 79872 Uninitialized Data Size : 0 Entry Point : 0x74aa OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7000.0 Product Version Number : 6.1.7000.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : SSDP Service DLL File Version : 6.1.7000.0 (winmain_win7beta.081212-1400) Internal Name : ssdpsrv.dll Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : ssdpsrv.dll Product Name : Microsoft® Windows® Operating System Product Version : 6.1.7000.0
VirusTotal Report submitted 2011-09-13 12:36:30
VirusShare info last updated 2012-07-26 11:20:28

	MD5	1434ad86fb3adb39d5d8f90cb5a9f21f
	SHA1	b6a8579f78a15d0a6596fd3ed3714832f97d129c
	SHA256	586558ca25a60bf3ee5c80c5dbe65dda011b6ff4ee60779247b15ced2c5587bb
SSDeep	1536:w9+mrh6iWfDqFeSj5/gbFg8AHJehrtMSZEeJ77oqNIoJQUlnc+fKUYr5fSB+X/oO:BWANAHitMl90IWK0KUgaB+Xxp/
Size	84480 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Variant.84480.AZ Panda = Suspicious file Rising = Trojan.Win32.Generic.125FE208 nProtect = Trojan/W32.Agent.84480.IA K7AntiVirus = Riskware VirusBuster = Trojan.Vundo!ve7DjaVNeW4 eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R72C2A4 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Vundo!gw TrendMicro = TROJ_GEN.R72C2A4 Kaspersky = Trojan.Win32.Monder.mzzz Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = HeurEngine.MaliciousPacker McAfee = Vundo!gw F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Vundo eSafe = Win32.TRVundo F-Prot = W32/Virtumonde.BZ.gen!Eldorado AVG = Generic20.BKIA Norman = W32/Kryptik.AIF Sophos = Mal/Generic-L GData = Gen:Variant.Vundo.4 Symantec = Packed.Generic.305 Commtouch = W32/Virtumonde.BZ.gen!Eldorado TheHacker = Trojan/Kryptik.hzv BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.HZV
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:10:28 06:27:42-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 40448 Initialized Data Size : 80384 Uninitialized Data Size : 0 Entry Point : 0xacb1 OS Version : 4.0 Image Version : 8.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 0.0.0.0 Product Version Number : 0.0.0.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Intel Corporation. File Description : Intel Indeo® Video Interactive Quick Compressor File Version : 4.30.64.01 Internal Name : ir41_qcx Legal Copyright : Copyright© Intel Corporation 1994-1997 Legal Trademarks : Indeo® is a registered trademark of Intel Corporation Original Filename : ir41_qcx.dll Product Name : Intel Indeo® Video Interactive Quick Compressor Product Version : 4.30.64.01
VirusTotal Report submitted 2012-02-20 12:48:01
VirusShare info last updated 2012-07-26 11:20:56

	MD5	e44daa3323bdb8a09fe4694387aaa3b2
	SHA1	42c3330243f978520e9b38213ee457585645918a
	SHA256	5ae3de015d3abc464b78869a5b0ac253b4b05ac92c4470fd79bb8b854369a652
SSDeep	3072:ZIMfvDiBv1hneGmCR0GBG60kloUMqqDLy/z1oiAL/heKLDR:ZFfv8rneGmCWG6qqDLuzT+/gKfR
Size	233472 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.233472 Avast = Win32:Trojan-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Fakeav.233472.BW Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.13 VirusBuster = Trojan.Kryptik!qJhTNFLDHFo TrendMicro-HouseCall = TROJ_GEN.R47C2G5 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Artemis!E44DAA3323BD DrWeb = Trojan.Smardec.75 TrendMicro = TROJ_GEN.R47C2G5 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo PCTools = Trojan.Gen Jiangmin = Trojan/Generic.gicd McAfee = Artemis!E44DAA3323BD F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:Trojan-gen AVG = Generic23.JDC Norman = W32/Suspicious_Gen2.NGOXB Symantec = Trojan.Gen GData = Gen:Variant.Vundo.13 TheHacker = Trojan/Kryptik.npr BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.NPR
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2007:03:30 12:45:09-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 155648 Initialized Data Size : 118784 Uninitialized Data Size : 0 Entry Point : 0x22bc2 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7000.0 Product Version Number : 6.1.7000.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Jlvijhced Rzpfwelvimd File Description : Myslwzm OCR Engine - Reverse Video Detection for Asian OCR File Version : 6.1.7000.0 (winmain_win7beta.081212-1400) Internal Name : reverse Legal Copyright : © Jtfeaoojh Ksnvaabflio. All rights reserved. Original Filename : reverse.dll Product Name : Pdxakpbrk® Voxzkpw® Lztauuaav Cttnfv Product Version : 6.1.7000.0
VirusTotal Report submitted 2011-07-06 08:19:18
VirusShare info last updated 2012-07-26 11:21:49

	MD5	c98714f7aa87fb17f19a076efc6217fe
	SHA1	a5fc7e256b2da9258dcc03bbe911050904081f67
	SHA256	5d0e958691d538bc78f0a981f6d956a112f546090af074f6c1bcf4a616d33d47
SSDeep	3072:irWnHceU8U8zM97tu1G31fyuAoRMqqDLy/54SV8:DnQ8zqha86qqDLuDV8
Size	118784 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Ikarus = Trojan.Win32.Pirminay NOD32 = probably a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:16 03:31:27-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 40960 Initialized Data Size : 118784 Uninitialized Data Size : 0 Entry Point : 0x6ec2 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1998.11.13.0 Product Version Number : 7.0.6.23 File Flags Mask : 0x003f File Flags : (none) File OS : Win16 Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Windows, Latin1 Platform : Windows Company Name : Microsoft Corporation File Description : SQL Client Configuration Utility. File Version : 1998.11.13 Internal Name : CLICONFG. Legal Copyright : Copyright © Microsoft Corp. 1988-1998 Legal Trademarks : Microsoft® is a registered trademark of Microsoft Corporation. Windows(TM) is a trademark of Microsoft Corporation Original Filename : CLICONFG.EXE. Product Name : Microsoft SQL Server Product Version : 7.00.623 Comments : Windows
VirusTotal Report submitted 2011-06-29 12:34:53
VirusShare info last updated 2012-07-26 11:23:11

	MD5	9068a012f53d2a6debeb53d4db5bca68
	SHA1	b0945d16a7f4f009fb0b3dbb342ac91da355d00c
	SHA256	5e31900b9fbbf9f34839d63bbc789a32277fe09ba867cfc8fa07787d141aed21
SSDeep	1536:W2f3pg/KRtyUNQDaGuQsj+QcsTbGtDGZeolTlBDGIglhy05WVM/8+NZN0m:XfRRRguNaLxDlolTqIg3KM/JNZN0
Size	122880 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-GD [Cryp] Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Genome Panda = Suspicious file Rising = Trojan.Win32.Generic.129752B6 K7AntiVirus = Riskware VirusBuster = Trojan.Genome!X/sjpkYtGAI eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R4FCRG4 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Genome.smta McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.Click1.63023 TrendMicro = TROJ_GEN.R4FCRG4 Kaspersky = Trojan.Win32.Genome.smta Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr Jiangmin = Trojan/Genome.ahcz McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.ZJX Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.13 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Genome.twso BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.NDS
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:08:29 01:32:30-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 57344 Initialized Data Size : 98304 Uninitialized Data Size : 0 Entry Point : 0xb70a OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Kcssvwbkk Mpoiygxoupe File Description : Llrxajq Write File Version : 5.1.2600.0 (uxozrtxg.010817-1148) Internal Name : write Legal Copyright : © Lerxelvhk Xwronziumui. All rights reserved. Original Filename : write Product Name : Uprgknoah® Ngtbofq® Mucsciuya Reywjr Product Version : 5.1.2600.0
VirusTotal Report submitted 2012-05-14 08:50:50
VirusShare info last updated 2012-07-26 11:24:17

	MD5	069ab02e8778527c4eef4db7afedc9c5
	SHA1	4386fcf78dae4a61e9143869d11ba2223e9e4486
	SHA256	5f177a9af39f592816fe0635599dc703709a55b631821c11e04200c3ce752161
SSDeep	3072:R5ZjCTDU5y18BJGh9mWWjENECCtPqQQ0oNP/yzyg/Oge6qLablQJKS1:R5TmMWrNUPchQLV18aWKS1
Size	221184 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/Win32.Monder.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Suspicious file nProtect = Trojan/W32.Vundo.221184.B K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!X17DhDc6mlY eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R28C1EC Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Win32.Trojan.Monder.cd.5 SUPERAntiSpyware = Trojan.Agent/Gen-Vundo McAfee-GW-Edition = Generic.dx!zbq DrWeb = Trojan.Virtumod.10275 TrendMicro = TROJ_GEN.R28C1EC Kaspersky = Trojan.Win32.Monder.mnvr Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Monder.BMF!tr PCTools = Trojan.Gen McAfee = Generic.dx!zbq F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic21.BJOR Norman = W32/Suspicious_Gen2.LPWNW Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.13 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.NDI
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2007:10:04 21:39:34-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 155648 Initialized Data Size : 98304 Uninitialized Data Size : 0 Entry Point : 0x22d41 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.0.10384 Product Version Number : 5.2.0.10384 File Flags Mask : 0x003f File Flags : Private build File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Unicode Company Name : Adaptec, Inc. File Description : Adaptec RAID Storport Driver File Version : 5.2.0.10384 (NT.070222-1720) Internal Name : arc.sys.B10384.mcb Legal Copyright : Copyright 2007 Adaptec, Inc. All rights reserved. Original Filename : arc.sys Product Name : Adaptec RAID Controller Product Version : 5.2.0.10384
VirusTotal Report submitted 2012-02-14 15:39:22
VirusShare info last updated 2012-07-26 11:24:59

	MD5	19b96361a958bee5a1ba2dae036eeaa7
	SHA1	b3ddcd71c92115e2db74c55da6e79f70920ea52e
	SHA256	5fa5c02a727f3949d2428fd55ce7c82468ad454f03b819fff060da705f4ecea3
SSDeep	6144:Xa6fpqH834iaZNuVbpBxSJjYW24iAA8445af68IH6tIlMLEjc+N9u2wPY4wqomtB:XaU3FaDuVbpBcJnzDQfAHwIJ9u2wP6GT
Size	323021 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.XPACK.Gen Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/CI.A nProtect = Gen:Variant.Kazy.29755 K7AntiVirus = Trojan VirusBuster = Trojan.Kryptik!ve93BbQGaOA TrendMicro-HouseCall = TROJ_GEN.R28C2I9 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Pirminay.okn McAfee-GW-Edition = Generic Downloader.x!gby TrendMicro = TROJ_GEN.R28C2I9 Kaspersky = Trojan.Win32.Pirminay.okn Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.ajb McAfee = Generic Downloader.x!gby F-Secure = Trojan.Generic.6220171 VIPRE = Trojan.Win32.Generic!BT AVG = Generic23.AKTP Norman = W32/Kryptik.AIF Sophos = Mal/Generic-L GData = Trojan.Generic.6220171 Symantec = Trojan.Gen TheHacker = Trojan/Pirminay.jsp BitDefender = Trojan.Generic.6220171 NOD32 = a variant of Win32/Kryptik.LNR
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:24 23:48:36-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 319488 Initialized Data Size : 4096 Uninitialized Data Size : 405504 Entry Point : 0xb1c40 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.0.0.3422 Product Version Number : 2.0.0.3422 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : Hungarian Character Set : Unicode Comments : Company Name : Dtptfvhbg Duyzgajkbjz File Description : Fbwfnblrz Agent International Dll File Version : 2.00.0.3422 Internal Name : agt040E Legal Copyright : Copyright (C) Vabpmlabc Corp. 1999 Legal Trademarks : Original Filename : agt040E.dll Private Build : Product Name : Liarfvqba Agent International Dll Product Version : 2.00.0.3422 Special Build :
VirusTotal Report submitted 2011-11-30 04:16:53
VirusShare info last updated 2012-07-26 11:25:30

	MD5	857a28945c8d7a745c8d784a473817ab
	SHA1	226aa6193c2ec6a71d54d54c71fcba1bd8835f87
	SHA256	6135ef7159184913554a2317e634f2cd353752938ce090f7dd6b34f49fa66955
SSDeep	768:qToQFgh0pP7XkhMmdT4iscZtg6rBxIqWZ4dfQCjfelE5th4u:qTjFRFXIx41c3pxddylE5b
Size	52224 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Menti Panda = Suspicious file nProtect = Trojan/W32.Agent.52224.WG K7AntiVirus = Riskware VBA32 = AdWare.SuperJuan.heur TrendMicro-HouseCall = TROJ_GEN.R47C2A4 Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Menti.ajx SUPERAntiSpyware = Trojan.Agent/Gen-MSFake McAfee-GW-Edition = Vundo!hs DrWeb = Trojan.Siggen2.31732 TrendMicro = TROJ_GEN.R47C2A4 Kaspersky = Trojan.Win32.Menti.ajx Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Menti.fam!tr PCTools = Trojan.Gen McAfee = Vundo!hs F-Secure = Trojan.Generic.5343923 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-EI [Cryp] F-Prot = W32/MalwareF.VFJT AVG = Cryptic.BTF Norman = W32/Suspicious_Gen2.IVDHH Sophos = Mal/Generic-L GData = Trojan.Generic.5343923 Symantec = Trojan.Gen.2 Commtouch = W32/MalwareF.VFJT TheHacker = Trojan/Kryptik.jhe BitDefender = Trojan.Generic.5343923 NOD32 = a variant of Win32/Kryptik.JHE
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:02 21:41:26-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 11264 Initialized Data Size : 77312 Uninitialized Data Size : 0 Entry Point : 0x381e OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.0.1020 Product Version Number : 5.1.0.1020 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Windows NT Certificate Dialogs File Version : 5.01.1020 Legal Copyright : Copyright (C) Microsoft Corporation. 1981-2000 Legal Trademarks : Microsoft(R) is a registered trademark of Microsoft Corporation. Windows NT(TM) is a trademark of Microsoft Corporation Original Filename : mqcertui.dll Product Name : Microsoft Message Queue Product Version : 5.01.1020
VirusTotal Report submitted 2011-09-17 05:06:07
VirusShare info last updated 2012-07-26 11:26:08

	MD5	eb2e59b411a37ba3218a9a704e63820e
	SHA1	663620903966ba97466bbf31ba0cf9cc6631a9af
	SHA256	621e5bfce0cebe58321106b98c33ecadebe6399f2f284403e730ec7c2485cb4e
SSDeep	3072:+K9fDp1SP5ETNqsfwFvdhFQoAMqqDLy/oW0:bl1DQpHqqDLu
Size	155648 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Pirminay Panda = Suspicious file nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!gBrLHJEVd6E TrendMicro-HouseCall = TROJ_GEN.R11C2GS Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Vundo!mj DrWeb = Trojan.Click1.54924 TrendMicro = TROJ_GEN.R11C2GS Kaspersky = Trojan.Win32.Genome.vdfm Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.iqrf McAfee = Vundo!mj F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Cryptic.CZO Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Genome.sqdx BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:22 10:44:33-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 110592 Initialized Data Size : 86016 Uninitialized Data Size : 0 Entry Point : 0x17802 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 2 Language Code : Neutral Character Set : Unicode Company Name : Microsoft Corporation File Description : Ukrainian (Enhanced) Keyboard Layout File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : kbdur1 (3.13) Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : kbdur1.dll Product Name : Microsoft® Windows® Operating System Product Version : 6.1.7600.16385
VirusTotal Report submitted 2011-10-07 19:25:15
VirusShare info last updated 2012-07-26 11:26:29

	MD5	432bfdda359524feb57e107d20d97383
	SHA1	bed199b352cf8619834a8d83312b05630badb6c8
	SHA256	623e69fbe8595f871a4af0193f18279102725ce2bdaf9091e6735ec4ffcb0dbd
SSDeep	6144:Txfjwu3qHNTc2Rpvszs2n/FJfUerdZLod5E:Zf3qac32sMLode
Size	241105 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Meredrop.A.8437 Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Jorik Ikarus = Trojan-Downloader.Win32.Ponmocup AhnLab-V3 = Trojan/Win32.HDC Panda = Trj/CI.A nProtect = Gen:Variant.Graftor.1232 K7AntiVirus = Trojan VirusBuster = Trojan.Meredrop!NlVl7wjc8ec TrendMicro-HouseCall = TROJ_GEN.R28C2IH Emsisoft = Trojan-Downloader.Win32.Ponmocup!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Jorik.Pirminay.ace McAfee-GW-Edition = Generic Malware.ms ByteHero = Trojan.Win32.Heur.Gen TrendMicro = TROJ_GEN.R28C2IH Kaspersky = Trojan.Win32.Jorik.Pirminay.ace Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Downloader_x.GBY!tr PCTools = Trojan.ADH Jiangmin = Trojan/Generic.kkfx McAfee = Generic Malware.ms F-Secure = Gen:Variant.Graftor.1232 VIPRE = Trojan.Win32.Generic!BT AVG = Generic25.PSG Norman = W32/Suspicious_Gen2.RFDAT Sophos = Troj/Virtum-Gen GData = Gen:Variant.Graftor.1232 Symantec = Trojan.ADH TheHacker = Trojan/Kryptik.ufa BitDefender = Gen:Variant.Graftor.1232 NOD32 = a variant of Win32/Kryptik.UFA
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 233472 Initialized Data Size : 12288 Uninitialized Data Size : 32768 Entry Point : 0x40fb0 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Ginurmapb Ghyrymrcktr File Description : Nxsktivvd Internet Account Manager Resources File Version : 6.0.6000.16386 (rkrvg_rtm.061101-2205) Internal Name : ACCTRES.DLL Legal Copyright : © Vsdeixdxn Jocofcxyhnl. All rights reserved. Original Filename : ACCTRES.DLL Product Name : Znvxuvbsk® Windows® Rnpchgglr Vivelf Product Version : 6.0.6000.16386 Ole Self Register :
VirusTotal Report submitted 2011-11-30 04:15:34
VirusShare info last updated 2012-07-26 11:26:32

	MD5	b36493383b589230b36ae4a8a372639d
	SHA1	3c370c7895227c5c40ae43fa406c9dacf2a08089
	SHA256	646f5f37c5d46c24bd5a99ef87219a2cc73dc2baf8b679b036d905ba0212915e
SSDeep	6144:wyAKZZf+ftQ2lQccTpi4m6OUtmIP+ORaGxT9dueGOw7IR0oC5FE5CA:tf+1Q2lQdi4RtAORaIuYXWEJ
Size	308465 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.XPACK.Gen2 Ikarus = Trojan.Pirminay Panda = Suspicious file nProtect = Gen:Variant.Vundo.6 VBA32 = SScope.Trojan.Pirminay.chc Emsisoft = Trojan.Pirminay!IK Microsoft = TrojanDownloader:Win32/Ponmocup.A PCTools = Trojan.ADH F-Secure = Gen:Variant.Vundo.6 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Pirminay-H AVG = Generic21.KEO Symantec = Trojan.ADH.2 GData = Gen:Variant.Vundo.6 BitDefender = Gen:Variant.Vundo.6 NOD32 = a variant of Win32/Kryptik.JZC
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:27 21:37:03-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 49152 Initialized Data Size : 507904 Uninitialized Data Size : 0 Entry Point : 0xcc8c OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.5512 Product Version Number : 5.1.2600.5512 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Microsoft T2Embed Font Embedding File Version : 5.1.2600.5512 (xpsp.080413-2105) Internal Name : T2EMBED.DLL Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : T2EMBED.DLL Product Name : Microsoft® Windows® Operating System Product Version : 5.1.2600.5512
VirusTotal Report submitted 2011-02-19 08:48:29
VirusShare info last updated 2012-07-26 11:27:29

	MD5	938cdbfb4a36a7880a2bf6d2dcdcecbb
	SHA1	673be0a0756f66bcc72b02b9aa7ab588a14b61bc
	SHA256	64959ada5a757980cbf7211d90216aed8e2d02539c3a7ef9332f01e6fdaad498
SSDeep	1536:FnNg53N3jstHNc4/TM4JHlCLYo0tl4NEzOFXYDOWie0XwQlqfLvFYl2MqqU+NV2U:FG3N3jsti4o4JEGzFOz9Xl2MqqDLy/i
Size	106496 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.HDC Panda = Trj/CI.A Rising = Trojan.Win32.Generic.128A163E nProtect = Gen:Variant.Vundo.13 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!fuh1WEq+pVc eTrust-Vet = Win32/Monder.A!generic TrendMicro-HouseCall = TROJ_GEN.R11C2GP Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Vundo!lo DrWeb = Trojan.Click1.63759 TrendMicro = TROJ_GEN.R11C2GP Kaspersky = Trojan.Win32.Genome.vdfo Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.imqp McAfee = Vundo!lo F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.BIGV Sophos = Mal/Generic-L GData = Gen:Variant.Vundo.13 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.qgj BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.QGJ
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2007:02:27 09:16:06-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 69632 Initialized Data Size : 77824 Uninitialized Data Size : 0 Entry Point : 0xd122 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6001.18000 Product Version Number : 6.0.6001.18000 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Akpnpwrcr Pexeeulhuca File Description : LSM interfaces proxy Dll File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840) Internal Name : lsmproxy Legal Copyright : © Tastipylf Ipxebkcrbut. All rights reserved. Original Filename : lsmproxy.dll Product Name : Rrgtnesae® Tymuurc® Qmgdoyonk Qtzlas Product Version : 6.0.6001.18000
VirusTotal Report submitted 2011-10-07 19:25:15
VirusShare info last updated 2012-07-26 11:27:33

	MD5	6bc63baa819757db66a7e56c202cec0c
	SHA1	753d8f099e30a31678b92a747ba1bc058791d676
	SHA256	653641ed0073673b12e87ada94022410bd159d96c8864da035b036ab828d141b
SSDeep	6144:pmyGCQxXlyDw2c0bkkmem2t4ux1x2FbjwAa4vhMO:pmyGF5lyDw2c0bY2t4q1KZMO
Size	228904 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:Pirminay-CY [Trj] Antiy-AVL = Trojan/win32.agent Ikarus = Trojan.Win32.Jorik AhnLab-V3 = Trojan/Win32.Jorik Panda = Trj/CI.A nProtect = Gen:Variant.Downloader.10 K7AntiVirus = Riskware VirusBuster = Trojan.Injector!BcCvnnEp8Uo VBA32 = TrojanDownloader.CodecPack.sjt TrendMicro-HouseCall = TROJ_GEN.R28C1I9 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Jorik!IK CAT-QuickHeal = TrojanDownloader.Ponmocup.a SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] ByteHero = Trojan.Win32.Heur.Gen TrendMicro = TROJ_GEN.R28C1I9 Kaspersky = Trojan.Win32.Jorik.Pirminay.vm Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Jorik.K!tr PCTools = Trojan.ADH Jiangmin = Trojan/Generic.hxys McAfee = Downloader.a!ds VIPRE = Trojan.Win32.Generic!BT AVG = Dropper.Generic4.UHL Norman = W32/Obfuscated.L Sophos = Mal/Generic-L GData = Trojan.Generic.6433564 Symantec = Trojan.ADH.2 BitDefender = Trojan.Generic.6433564 NOD32 = a variant of Win32/Injector.HZU
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 225280 Initialized Data Size : 4096 Uninitialized Data Size : 45056 Entry Point : 0x42970 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.1106 Product Version Number : 5.1.2600.1106 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Uhaaruimv Corporation File Description : Schedule Tasks File Version : 5.1.2600.1106 (xpsp1.020828-1920) Internal Name : SchTasks.exe Legal Copyright : © Hvszzqzko Ayjiatrrgab. All rights reserved. Original Filename : ScTasks.exe Product Name : Sppufspos® Jucjimo® Lzfcssxbv Belchn Product Version : 5.1.2600.1106
VirusTotal Report submitted 2011-10-16 21:15:11
VirusShare info last updated 2012-07-26 11:27:50

	MD5	b893b75561278c60cac46fbaf738316a
	SHA1	a52eda4a6acd1e5e4dce72d85b7c2f2a18a5558b
	SHA256	670c3a0650fcbc4db85de3d1ce4241cb22787f8512dc3c53e106366a2736fe40
SSDeep	3072:vLgte0qEG5ze+1RAyo1cmnnSVQXelnK60t:vcteTDoGmnNXys
Size	135168 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-GD [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.HDC Panda = Generic Trojan nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware eTrust-Vet = Win32/Monder.A!generic TrendMicro-HouseCall = TROJ_GEN.R4FC3IL Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[RE] McAfee-GW-Edition = Artemis!B893B7556127 TrendMicro = TROJ_GEN.R4FC3IL Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen McAfee = Artemis!B893B7556127 F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.JBY Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LLT
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:22 08:32:03-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 49152 Initialized Data Size : 118784 Uninitialized Data Size : 0 Entry Point : 0x93c5 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 4.72.3110.0 Product Version Number : 4.72.3110.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Vjubpwjoe Qqzupynwthr File Description : Customize Folder Wizard File Version : 4.72.3110.0 Internal Name : SHWIZARD Legal Copyright : Copyright (C) Faztdkrnf Corp. 1981-1997 Original Filename : IESHWIZ.EXE Product Name : Yzzdoktkv(R) Ggwgvnx NT(R) Operating Ejyrdj Product Version : 4.72.3110.0
VirusTotal Report submitted 2011-10-26 20:59:12
VirusShare info last updated 2012-07-26 11:28:32

	MD5	f7cc7ff7bc35847f53395317a878372e
	SHA1	75e40eed9a1c907d0da0a278efb81b935eaa6833
	SHA256	67ed904a282a04f25a780871046e5f4788274b5c5b921a7e073c88bafdc4fcd6
SSDeep	3072:EBpZCWfySkMV0WKrl2KnBHwdnMRwaDdSO:EsSkMKWK1BQVonN
Size	114688 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-GD [Cryp] Antiy-AVL = Trojan/Win32.Agent2.gen Ikarus = Trojan.Win32.Pirminay Panda = Generic Trojan nProtect = Gen:Variant.Vundo.13 K7AntiVirus = Riskware eTrust-Vet = Win32/Monder.A!generic TrendMicro-HouseCall = TROJ_GEN.R4FC2IL Emsisoft = Trojan.Win32.Pirminay!IK Comodo = TrojWare.Win32.Agent.onm SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Artemis!F7CC7FF7BC35 DrWeb = Trojan.Siggen2.28609 TrendMicro = TROJ_GEN.R4FC2IL Kaspersky = Trojan.Win32.Agent2.emlz Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Agent.evtk McAfee = Artemis!F7CC7FF7BC35 F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.ONM Sophos = Troj/Virtum-Gen Symantec = Trojan.Gen GData = Gen:Variant.Vundo.13 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.ndi BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.NDI
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:09:23 03:29:11-04:00 PE Type : PE32 Linker Version : 5.12 Code Size : 45056 Initialized Data Size : 102400 Uninitialized Data Size : 0 Entry Point : 0x8131 OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.0.2134.1 Product Version Number : 5.0.2134.1 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Drdqvcasxqo File Description : Control Panel Console Applet File Version : 5.00.2134.1 Internal Name : Console Legal Copyright : Copyright (C) Tpfkytyvm Corp. 1981-1999 Original Filename : CONSOLE.DLL Product Name : Vhnvgfrur(R) Pnqxxto (R) 2000 Wqrkstcaa Jqirqf Product Version : 5.00.2134.1
VirusTotal Report submitted 2011-11-02 23:31:29
VirusShare info last updated 2012-07-26 11:28:58

	MD5	42deb276da30e832b4fb85fc2fe58242
	SHA1	3ddbe96683c220458a879b538c0dabdde1868618
	SHA256	682943da10e8b417ba2f4a1bc5ff15502ead05487d703488d61a9e60b51f6dce
SSDeep	3072:iNk0vxU8H8zM97tu1G31fyuAo+MqqDLy/L4SV8:cki8zqha81qqDLuVV8
Size	118784 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Genome Panda = Suspicious file nProtect = Gen:Variant.Vundo.16 K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_GEN.R4FC2IG Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Kundo McAfee-GW-Edition = Vundo!lx TrendMicro = TROJ_GEN.R4FC2IG Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen McAfee = Vundo!lx F-Secure = Gen:Variant.Vundo.16 VIPRE = Virtumonde Avast5 = Win32:Malware-gen eSafe = Win32.TRVundo F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.AGKM Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.16 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Genome.srdh BitDefender = Gen:Variant.Vundo.16 NOD32 = probably a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:16 03:31:27-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 40960 Initialized Data Size : 118784 Uninitialized Data Size : 0 Entry Point : 0x6ec2 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1998.11.13.0 Product Version Number : 7.0.6.23 File Flags Mask : 0x003f File Flags : (none) File OS : Win16 Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Windows, Latin1 Platform : Windows Company Name : Microsoft Corporation File Description : SQL Client Configuration Utility. File Version : 1998.11.13 Internal Name : CLICONFG. Legal Copyright : Copyright © Microsoft Corp. 1988-1998 Legal Trademarks : Microsoft® is a registered trademark of Microsoft Corporation. Windows(TM) is a trademark of Microsoft Corporation Original Filename : CLICONFG.EXE. Product Name : Microsoft SQL Server Product Version : 7.00.623 Comments : Windows
VirusTotal Report submitted 2011-09-20 17:12:20
VirusShare info last updated 2012-07-26 11:29:05

	MD5	89adffdf1dee3c267e233e19861e98e2
	SHA1	fa98db64df904dc4a989f18b58dda8cf0efb1f73
	SHA256	6a41202e19a123d0a54d1151e2cc69b0b5635974fd439456d399a00b2307e124
SSDeep	3072:vjtRL2OlMCI+R17v5WF/63ipO4I/N8h/f0szK9:JR6/63ilI/N8hf
Size	122880 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Gen Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!a5qgt2sZA70 TrendMicro-HouseCall = TROJ_GEN.R72C7JH Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Vundo!mp DrWeb = Trojan.Click1.60738 TrendMicro = TROJ_GEN.R72C7JH Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Genome.ahsn McAfee = Vundo!mp F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic25.AFQE Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.npn BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.NPN
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:08:13 05:18:23-04:00 PE Type : PE32 Linker Version : 6.0 Code Size : 65536 Initialized Data Size : 90112 Uninitialized Data Size : 0 Entry Point : 0x10601 OS Version : 4.0 Image Version : 4.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.0 Product Version Number : 5.2.3790.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Hsdvqnyoh Cpcesubqphb File Description : Multicast Information File Version : 5.2.3790.0 (srv03_rtm.030324-2048) Internal Name : mrinfo.exe Legal Copyright : © Microsoft Dvypfayrpii. All rights reserved. Original Filename : mrinfo.exe Product Name : Rtoifpmee® Xiqutyy® Zyxcszupj System Product Version : 5.2.3790.0
VirusTotal Report submitted 2011-10-21 12:55:48
VirusShare info last updated 2012-07-26 11:30:08

	MD5	a8de25b77163fb5418589a4fe3ebe101
	SHA1	5d5fba46994dff90bc29a7b2b813973f7e4919a4
	SHA256	6abb904b876724329b33dff8e70e83e1bc24faf0d939aaee1838cffcce5c32ba
SSDeep	1536:10frx4ozCNEVgDLE04dJs5vJt4bCjXo/y+sH8C+xmANvgW7Ct2:2t4ozCyVd0wJs5vzVjY/LFAivgW7Ct2
Size	95744 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Suspicious file Rising = Trojan.Win32.Generic.12325C37 nProtect = Trojan/W32.Vundo.95744.H K7AntiVirus = Riskware VirusBuster = Adware.Virtumonde!EkOluDQPAP0 VBA32 = Trojan.Monder.msvn eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R01C1HI Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Monder.nckp McAfee-GW-Edition = Vundo!ki DrWeb = Trojan.Click1.35441 TrendMicro = TROJ_GEN.R01C1HI Kaspersky = Trojan.Win32.Monder.nckp Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = HeurEngine.MaliciousPacker Jiangmin = Trojan/Genome.acjg McAfee = Vundo!ki F-Secure = Gen:Variant.Vundo.4 VIPRE = Virtumonde eSafe = Win32.TRATRAPS F-Prot = W32/Virtumonde.BZ.gen!Eldorado AVG = Generic24.QVY Norman = W32/Kryptik.AIF GData = Gen:Variant.Vundo.4 Symantec = Packed.Generic.305 Commtouch = W32/Virtumonde.BZ.gen!Eldorado BitDefender = Gen:Variant.Vundo.4 NOD32 = Win32/Adware.Virtumonde.NHD
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:11 06:29:07-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 52736 Initialized Data Size : 79360 Uninitialized Data Size : 0 Entry Point : 0xdc5d OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6002.18005 Product Version Number : 6.0.6002.18005 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Internet Print Provider DLL File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830) Internal Name : inetpp.dll Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : inetpp.dll Product Name : Microsoft® Windows® Operating System Product Version : 6.0.6002.18005
VirusTotal Report submitted 2012-04-12 07:10:16
VirusShare info last updated 2012-07-26 11:30:24

	MD5	ce5fef108ba91bb54898ec65eb3eb065
	SHA1	39598c35c9ac33db41f2d9017215caedb3cc3ea3
	SHA256	6bc63ed177ef979f16802017cb4168fd4b3bb798aca4c3027fbd9e83d00085cd
SSDeep	6144:wjdYbaWqiJkc+cDXdN6+YhSzLRs3Kvlj4M7O5vM:wWbvhp+m6nSHRs347OBM
Size	212050 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Jorik Ikarus = Gen.Trojan.Heur AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/CI.A nProtect = Gen:Variant.Graftor.1139 K7AntiVirus = Riskware VBA32 = Trojan.Jorik.Pirminay.amw TrendMicro-HouseCall = TROJ_GEN.R21C1K9 Emsisoft = Gen.Trojan.Heur!IK DrWeb = Trojan.DownLoader4.53444 ByteHero = Trojan.Win32.Heur.Gen TrendMicro = TROJ_GEN.R21C1K9 Kaspersky = Trojan.Win32.Jorik.Pirminay.auc Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Jorik_Pirminay.AUC!tr PCTools = Trojan.ADH Jiangmin = Trojan/Generic.kfzm McAfee = Generic Downloader.x!gbz F-Secure = Gen:Variant.Graftor.1139 VIPRE = Trojan.Win32.Generic!BT AVG = Dropper.Generic4.AGSK Norman = W32/Suspicious_Gen2.RPQAO Sophos = Mal/Generic-L Symantec = Trojan.ADH GData = Gen:Variant.Graftor.1139 TheHacker = Trojan/Injector.ivb BitDefender = Gen:Variant.Graftor.1139 NOD32 = a variant of Win32/Kryptik.UFA
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 16384 Initialized Data Size : 204800 Uninitialized Data Size : 0 Entry Point : 0x128a OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.3959 Product Version Number : 5.2.3790.3959 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Thsbvetwula File Description : NetMeeting Interface Marshaling Library File Version : 5.2.3790.3959 Internal Name : confmrsl Legal Copyright : Copyright © Aozzvrygn Oouzivrnhtm 1996-2001 Legal Trademarks : Qblbnihfh® is a registered trademark of Aksckwwwy Zpjidynupdu. Fddrecf® is a registered trademark of Biberylai Clppyovqajf. Original Filename : confmrsl.dll Product Name : Jwukfbdnm® Joidcbh® Oyofvyczh Prrqqy Product Version : 3.01
VirusTotal Report submitted 2011-11-13 17:30:44
VirusShare info last updated 2012-07-26 11:30:59

	MD5	b005511d82c858a194ee9b91ba41f117
	SHA1	3b368da2ceaaf0932f9b58ad3f8ea372dece61c3
	SHA256	6c178bb2587a7ffdba7f91102f973067def412a46ef723aad6daef3e74aec73b
SSDeep	3072:go0tooBf/wYRPVKQ8l0nQAKZwaLTnhG3RJK6ZLUmggpok5aiXKy:gVooBfRR9AqnQA2/hiRJKjXgptR
Size	167424 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Suspicious file nProtect = Gen:Variant.Renos.61 K7AntiVirus = Riskware VBA32 = AdWare.SuperJuan.xfx TrendMicro-HouseCall = TROJ_GEN.R4FC2IL Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Vundo McAfee-GW-Edition = Artemis!B005511D82C8 DrWeb = Trojan.Virtumod.10230 TrendMicro = TROJ_GEN.R4FC2IL Kaspersky = Trojan.Win32.Monder.myof Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Monder.abdm McAfee = Artemis!B005511D82C8 F-Secure = Gen:Variant.Renos.61 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Cryptic.BPO Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Renos.61 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Monder.mmfz BitDefender = Gen:Variant.Renos.61 NOD32 = a variant of Win32/Kryptik.IZC
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:01:20 08:32:59-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 116736 Initialized Data Size : 86528 Uninitialized Data Size : 0 Entry Point : 0x1d5d4 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Windows Management Interface for ACPI File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : wmiacpi.sys Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : wmiacpi.sys Product Name : Microsoft® Windows® Operating System Product Version : 6.1.7600.16385
VirusTotal Report submitted 2011-11-12 00:10:58
VirusShare info last updated 2012-07-26 11:31:09

	MD5	3f15454c7e3c1b42ec8c31a9506e51e6
	SHA1	35b180f388a90c4e4a330c53a786986b6af54a9b
	SHA256	6d7239cbcf314835c009dde6e8ad3bf0d401a6edd12c5953cce59e00d54dfedc
SSDeep	6144:BGow5TI25teoXej7w23yb3msGUfJ43EE+i+Fzdh:Y1juiejqb3fGUfJVEin
Size	247119 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Gendal.6393477 Avast = Win32:Downloader-JDZ [Trj] Antiy-AVL = Trojan/Win32.Jorik Ikarus = Trojan.Win32.Jorik AhnLab-V3 = Trojan/Win32.Jorik Panda = Trj/Genetic.gen nProtect = Gen:Variant.Graftor.262 K7AntiVirus = Riskware VirusBuster = Trojan.Injector!r1Tot8G7Pd0 VBA32 = TrojanDownloader.Qhost.jw TrendMicro-HouseCall = TROJ_GEN.R29C1HR Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Jorik!IK CAT-QuickHeal = Trojan.Jorik.Pirminay.abo SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Generic.dx!bafg DrWeb = Trojan.DownLoader4.34368 ByteHero = Trojan.Win32.Heur.Gen TrendMicro = TROJ_GEN.R29C1HR Kaspersky = Trojan.Win32.Jorik.Pirminay.abo Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Jorik.K!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.hxys McAfee = Generic.dx!bafg F-Secure = Trojan.Generic.6393477 VIPRE = Trojan.Win32.Generic!BT eSafe = Win32.TRGendal AVG = Dropper.Generic4.TIL Norman = W32/Suspicious_Gen2.NWUMQ Sophos = Mal/Generic-L GData = Trojan.Generic.6393477 Symantec = Trojan.Gen TheHacker = Trojan/Jorik.Pirminay.lt BitDefender = Trojan.Generic.6393477 NOD32 = a variant of Win32/Injector.HZU
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 241664 Initialized Data Size : 8192 Uninitialized Data Size : 28672 Entry Point : 0x421f0 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Atdrtupku Cykchlnuhhu File Description : SCardDlg - Smart Card Common Dialog File Version : 5.1.2600.0 (lzxetkox.010817-1148) Internal Name : SCardDlg.dll Legal Copyright : © Xdvkdwplm Lthztkvuilh. All rights reserved. Original Filename : SCardDlg.dll Product Name : Cpscxhoyh® Uqltgvo® Tncqthbhx Jrypnh Product Version : 5.1.2600.0
VirusTotal Report submitted 2011-10-18 20:31:28
VirusShare info last updated 2012-07-26 11:31:53

	MD5	f85269fec065d09b1773497015b4f71a
	SHA1	db71b816ac0127c45154d65100e086359d04bbfe
	SHA256	6dc76ebb334577ad90aa1dc433f64e5a8e253add480ee967eee9d3139db3a365
SSDeep	1536:NVAYBoC0phrWiTr+RcxnsMBpuNsg+FRSc6CdWNe:NzKCiIiTrQcNNBpgL+jS4F
Size	86016 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-EI Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Malware/Win32.Generic Panda = Trj/CI.A K7AntiVirus = Riskware VirusBuster = Trojan.Vundo!js8W+7UlFVk VBA32 = AdWare.SuperJuan.heur TrendMicro-HouseCall = TROJ_GEN.R72C2CH Comodo = UnclassifiedMalware McAfee-GW-Edition = Artemis!F85269FEC065 TrendMicro = TROJ_GEN.R72C2CH Microsoft = Trojan:Win32/Vundo McAfee = Artemis!F85269FEC065 F-Secure = Trojan.Generic.5575483 VIPRE = Virtumonde Avast5 = Win32:MalOb-EI eSafe = Win32.TRVundo AVG = Generic21.AKGY Norman = W32/Suspicious_Gen2.JJJAW GData = Trojan.Generic.5575483 TheHacker = Trojan/Kryptik.lfr BitDefender = Trojan.Generic.5575483 NOD32 = a variant of Win32/Kryptik.LFR
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:09:01 17:52:10-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 32768 Initialized Data Size : 86016 Uninitialized Data Size : 0 Entry Point : 0x8a94 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.5479.0 Product Version Number : 6.0.5479.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 1 Language Code : English (U.S.) Character Set : Unicode Company Name : SEIKO EPSON CORPORATION File Description : EPSON Printer Driver File Version : 6.0.5479.0 (vbl_wcp_d2_drivers.060616-1619) Internal Name : EP0NAR00.DLL Legal Copyright : Copyright (c) SEIKO EPSON CORPORATION 2004. All rights reserved. Original Filename : EP0NAR00.DLL Product Name : EPSON Printer Driver Product Version : 6.0.5479.0
VirusTotal Report submitted 2011-04-13 17:53:45
VirusShare info last updated 2012-07-26 11:32:04

	MD5	438bf6a35c434f3ca219c16faa8799ef
	SHA1	8a3f470286acb75cdf000c3c35926160c0df5f68
	SHA256	6efb24857f30d94c609563975dafdbab5f7666955e1698caa338c053d5d9b798
SSDeep	3072:oTEyPcCLremeGOlTMqqDLy/HJMmJNEUKyJ7r:0cCfeGTqqDLuHJDEw
Size	122880 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:Pirminay-BU [Trj] Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Pirminay Panda = Generic Malware nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware eTrust-Vet = Win32/Monder.A!generic Emsisoft = Trojan.Win32.Pirminay!IK DrWeb = Trojan.MulDrop2.36782 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:Pirminay-BU [Trj] F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.JGY GData = Gen:Variant.Vundo.4 Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.OXQ
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:06:27 07:12:21-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 53248 Initialized Data Size : 114688 Uninitialized Data Size : 0 Entry Point : 0x989e OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.4.0.32 Product Version Number : 2.4.0.32 File Flags Mask : 0x003f File Flags : Private build File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Unicode Company Name : LSI Logic Kfycosyqcuu File Description : MEGASAS RAID Controller Driver for Mouwuaa Vista/Longhorn for x86 File Version : 2.4.0.32 (NT.060824-1234) Internal Name : megasas.sys Legal Copyright : Copyright © LSI Logic Irdymvhxwmq Original Filename : megasas.sys Product Name : MEGASAS Storport Driver for Ggtwnuj Vista/Longhorn for x86 Product Version : 2.4.0.32
VirusTotal Report submitted 2011-08-23 10:50:56
VirusShare info last updated 2012-07-26 11:32:44

	MD5	47134cae50b571b777e4ead61fc51a4c
	SHA1	18b98ca34118494cc21993c8718e2050c3812863
	SHA256	7032d73a43997ad648ca6df904cc3206e5f32b4e3d41d5945d8d8a97a77da65c
SSDeep	6144:j+0Q6o8AHAurkEsS/aDfhTUlvie6scjOz:j+/6o88UuatTUrxcj2
Size	225907 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:Downloader-JIF [Trj] Ikarus = Trojan.Win32.Jorik AhnLab-V3 = Trojan/Win32.ADH Panda = Trj/CI.A nProtect = Gen:Variant.Downloader.10 VirusBuster = Trojan.Injector!ryBYBBed64c VBA32 = Trojan.Jorik.Pirminay.ba TrendMicro-HouseCall = TROJ_GEN.R29C1HI Emsisoft = Trojan.Win32.Jorik!IK Comodo = TrojWare.Win32.Trojan.Agent.Gen McAfee-GW-Edition = Generic.dx!bafh ByteHero = Trojan.Win32.Heur.Gen Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Jorik.K!tr PCTools = Trojan.ADH Jiangmin = Trojan/Generic.hxys McAfee = Generic.dx!bafh F-Secure = Gen:Variant.Downloader.10 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Downloader-JIF [Trj] eSafe = Win32.TRDropper AVG = Dropper.Generic4.XFJ Norman = W32/Suspicious_Gen2.NWVSD GData = Gen:Variant.Downloader.10 Symantec = Trojan.ADH.2 BitDefender = Gen:Variant.Downloader.10 NOD32 = a variant of Win32/Injector.HZU
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 221184 Initialized Data Size : 8192 Uninitialized Data Size : 24576 Entry Point : 0x3c6c0 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1.0.0.1 Product Version Number : 1.0.0.1 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Hdtzdrawq File Description : Dgnet Module File Version : 1, 0, 0, 1 Internal Name : Dgnet Legal Copyright : Copyright 2000 Original Filename : Dgnet.dll Product Name : Dgnet Module Product Version : 1, 0, 0, 1 OLE Self Register :
VirusTotal Report submitted 2011-08-26 22:08:24
VirusShare info last updated 2012-07-26 11:33:19

	MD5	b9b517247431b3cc19b53141a8512bbb
	SHA1	35645aa922539f962ec93e0c7623da6796c48cf1
	SHA256	724eeb2a66a65d913d4b6b2bc5ed171e76c95900328ddff5e8a345a93d353e15
SSDeep	768:MkpNXKz19gsv2mvTB5dxykOj3Z+2KqWuMvgMamDTFOPiVe4Ojuxc2apPGr+:MWwjXRl1bOjJ+db4MN7e4hagr+
Size	52736 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Suspicious file TrendMicro-HouseCall = TROJ_GEN.R4FC2IL Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Win32.Trojan.Monder.cs.6 McAfee-GW-Edition = Artemis!B9B517247431 DrWeb = Trojan.Juan.587 TrendMicro = TROJ_GEN.R4FC2IL Kaspersky = Trojan.Win32.Monder.mynn Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen McAfee = Artemis!B9B517247431 F-Secure = Gen:Variant.Renos.61 VIPRE = Trojan.Win32.Kryptik.laq (v) AVG = Cryptic.BPO Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen Symantec = Trojan.Gen GData = Gen:Variant.Renos.61 TheHacker = Trojan/Kryptik.jhe BitDefender = Gen:Variant.Renos.61 NOD32 = a variant of Win32/Kryptik.JHE
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:25 08:09:15-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 8192 Initialized Data Size : 80384 Uninitialized Data Size : 0 Entry Point : 0x2c54 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.3959 Product Version Number : 5.2.3790.3959 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Microsoft Server Appliance Services File Version : 5.2.3790.3959 (srv03_sp2_rtm.070216-1710) Internal Name : APPSRVCS.DLL Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : APPSRVCS.DLL Product Name : Microsoft® Windows® Operating System Product Version : 5.2.3790.3959
VirusTotal Report submitted 2011-11-09 02:29:49
VirusShare info last updated 2012-07-26 11:34:17

	MD5	ce9830e8c98701826ca417d180fd7bfb
	SHA1	3bafdb03ef8115e0478ea3ff00a898f84c517733
	SHA256	731d1b73667edb10473ecbaad91f9b6f7a42c21d82d9bb3ee3741c55d71d8ff4
SSDeep	1536:cZ3mk4k5tWjSmhUQfSA44h+nGJD2hKSmu4wIAYW3IJX6I2Qe/w5Cy8IicSoCmjTe:S3mk4UEzSChJBtJ9Qgxq
Size	106496 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Suspicious file K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_GEN.R21C3HI Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Artemis!CE9830E8C987 DrWeb = Trojan.Virtumod.10299 TrendMicro = TROJ_GEN.R21C3HI Kaspersky = Trojan.Win32.Monder.mlef Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Menti.fam!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.jika McAfee = Artemis!CE9830E8C987 F-Secure = Gen:Trojan.Heur.LP.gu8@aetI8loi VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-EI [Cryp] F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic24.MDP Norman = W32/Suspicious_Gen2.MIMTF Sophos = Troj/Virtum-Gen GData = Gen:Trojan.Heur.LP.gu8@aetI8loi Symantec = Trojan.Gen.2 Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Gen:Trojan.Heur.LP.gu8@aetI8loi NOD32 = a variant of Win32/Adware.Virtumonde.NKL
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1998:12:02 04:21:11-05:00 PE Type : PE32 Linker Version : 6.0 Code Size : 12288 Initialized Data Size : 122880 Uninitialized Data Size : 0 Entry Point : 0x301a OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.72.9589 Product Version Number : 6.0.72.9589 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : Neutral Character Set : Unicode Comments : Company Name : Microsoft Corporation File Description : Visual Basic for Applications Runtime - Expression Service File Version : 6.0.9589 Internal Name : EXPSRV.DLL Legal Copyright : Copyright © Microsoft Corp. 1993-1998 Legal Trademarks : Original Filename : EXPSRV.DLL Private Build : Product Name : Microsoft Visual Basic for Applications Product Version : 6.0 Special Build :
VirusTotal Report submitted 2011-09-09 12:08:30
VirusShare info last updated 2012-07-26 11:34:38

	MD5	524af48b2a83450d6fa844b73a1cb1dc
	SHA1	9b18ccf9e1a349f132351354f8350c596d49a928
	SHA256	74081ac73d923531d366bfe9c1d62d345c3d6b838e63d9f8c5879aad44c80520
SSDeep	24576:Hc7343+Hl0nQ3z942NqQ3j/u5nALGBYJsBej:U30i4KqQ3j/u5nALvkej
Size	840704 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:MalOb-GW [Cryp] Ikarus = Backdoor.Win32.Kelihos AhnLab-V3 = Trojan/Win32.Menti Panda = Trj/Mystic.a nProtect = Gen:Variant.Kazy.33535 K7AntiVirus = Trojan VirusBuster = Trojan.Kryptik!lu6TpPt/e94 TrendMicro-HouseCall = TROJ_GEN.R11C2HO Comodo = Heur.Suspicious Emsisoft = Backdoor.Win32.Kelihos!IK McAfee-GW-Edition = FakeAlert-SecurityTool.cv ByteHero = Trojan.Win32.Heur.Gen TrendMicro = TROJ_GEN.R11C2HO Kaspersky = Trojan.Win32.Menti.idgm Microsoft = Backdoor:Win32/Kelihos.B Fortinet = W32/Pirminay.BMF!tr McAfee = FakeAlert-SecurityTool.cv F-Secure = Gen:Variant.Kazy.33535 VIPRE = Trojan.Win32.Ransom.do (v) F-Prot = W32/FakeAlert.QW.gen!Eldorado Norman = W32/Kryptik.AFR Sophos = Mal/Generic-L GData = Gen:Variant.Kazy.33535 Symantec = Trojan.Gen.2 Commtouch = W32/FakeAlert.QW.gen!Eldorado BitDefender = Gen:Variant.Kazy.33535 NOD32 = a variant of Win32/Kryptik.RPV
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2005:10:09 22:14:04-04:00 PE Type : PE32 Linker Version : 6.0 Code Size : 22528 Initialized Data Size : 816640 Uninitialized Data Size : 0 Entry Point : 0x5937 OS Version : 5.0 Image Version : 0.0 Subsystem Version : 5.0 Subsystem : Windows GUI File Version Number : 0.14.15978.41301 Product Version Number : 0.14.15978.41301 File Flags Mask : 0x0000 File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Ritlabs S.R.L. File Description : yVfFKV File Version : SkPF4FsrnWeQZ Internal Name : AxjetXCSHNV5 Legal Copyright : 9tgWdEOU0 Original Filename : 6pS3ektKjFS1K Product Name : gLouGuOioC Product Version : dZ6xTkV1 Warning : Possibly corrupt Version resource
VirusTotal Report submitted 2011-10-04 22:48:50
VirusShare info last updated 2012-07-26 11:35:03

	MD5	5c7bd289ee4a117fdc7d3d1fefb312a5
	SHA1	a5429ee624e3cf03bb7b953399de66d819458899
	SHA256	74108aa12514134b19ccd5b1c0f7c53942d082eb17aae3743e10488da83e2ec7
SSDeep	12288:pbfU388mu9zKFoKYHDmQHIRgdPz6X62vM9hCKkKIcY:5ICTVRgdLlzCPB
Size	483855 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Spy.ZBot.34.7 Avast = Win32:Malware-gen Panda = Trj/CI.A VBA32 = SScope.Trojan.Pirminay.chc VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Malware-gen AVG = Generic21.AHCB Sophos = Mal/Generic-L BitDefender = Gen:Variant.Zbot.34 NOD32 = a variant of Win32/Kryptik.LED
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:04:24 02:44:28-04:00 PE Type : PE32 Linker Version : 5.0 Code Size : 69632 Initialized Data Size : 806912 Uninitialized Data Size : 0 Entry Point : 0x10fc0 OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.5600.613 Product Version Number : 6.0.5600.613 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : VIA Technologies Inc.,Ltd Internal Name : vsraid Original Filename : vsraid Product Name : VIA RAID driver File Description : VIA RAID DRIVER FOR X86-32 File Version : 6.0.5600,613 Product Version : 6.0.5600,613 Legal Copyright : Copyright (C) VIA Technologies 1992-2006 Legal Trademarks : Private Build : Special Build :
VirusTotal Report submitted 2011-03-09 19:55:28
VirusShare info last updated 2012-07-26 11:35:04

	MD5	2d39e4224761563768691b7c2e0f9869
	SHA1	ef9b377848ecb50b76f1ae9519eb49b2deb0ca9b
	SHA256	76ae6feb21481c5477ccd3bae08cbe959c862926b2f387d5d081dabcb288a714
SSDeep	3072:gQhvktyz3zCjmBE1GWrSLsRFJqulGMovZ0a1n8DOnnMqqDLy/knqR8b:rkY0mBQGMSonJpGJ0jDOMqqDLuk
Size	180224 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-HF [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Genome Panda = Suspicious file Rising = Trojan.Win32.Generic.1289D33E nProtect = Trojan/W32.Vundo.180224 K7AntiVirus = Riskware VirusBuster = Trojan.Genome!BXALZZT4IkI eTrust-Vet = Win32/Vundo.HRU TrendMicro-HouseCall = TROJ_GEN.R47C2G6 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Monder.nlqm McAfee-GW-Edition = Generic.dx!zvp DrWeb = Trojan.MulDrop2.36782 TrendMicro = TROJ_GEN.R47C2G6 Kaspersky = Trojan.Win32.Monder.nlqm Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Vundo Jiangmin = Trojan/Monder.addk McAfee = Generic.dx!zvp F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Generic!BT F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.KBG Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = Trojan.Vundo!gen9 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.oxp BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.OXP
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2004:07:11 15:22:28-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 86016 Initialized Data Size : 135168 Uninitialized Data Size : 0 Entry Point : 0x119ca OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.3959 Product Version Number : 5.2.3790.3959 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Microsoft Server Appliance Services File Version : 5.2.3790.3959 (srv03_sp2_rtm.070216-1710) Internal Name : APPSRVCS.DLL Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : APPSRVCS.DLL Product Name : Microsoft® Windows® Operating System Product Version : 5.2.3790.3959
VirusTotal Report submitted 2012-04-13 07:02:51
VirusShare info last updated 2012-07-26 11:36:20

	MD5	153dc5600909cd1aa661ad6c7200a016
	SHA1	fd51f3899d64bee27633d1c298af25ab25dd77f1
	SHA256	76b0c29f145ba6621be71ee1b3d84e847db781e4af326e3eafb0def34c19cff2
SSDeep	3072:pioanbijq2rUnvjfqhhLFArie0/0NkFfuldMqqDLy/RR+9:p+u6vcLFw0skFf1qqDLuu
Size	137216 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-HF [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Genome Panda = Trj/CI.A Rising = Trojan.Win32.Generic.12B7B1FC nProtect = Trojan/W32.Vundo.137216 K7AntiVirus = Riskware VirusBuster = Trojan.Monder!ZdUZaUm3k+Y VBA32 = Trojan.Monder.nmxp eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R28C2GN Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Monder.nmxp SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[Cont] McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.Click2.286 TrendMicro = TROJ_GEN.R28C2GN Kaspersky = Trojan.Win32.Monder.nmxp Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.iptc McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.4 VIPRE = Virtumonde eSafe = Win32.TRVundo F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.AUN Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.llt BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LLT
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:05 17:20:27-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 73728 Initialized Data Size : 114688 Uninitialized Data Size : 0 Entry Point : 0xe2ca OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.2180 Product Version Number : 5.1.2600.2180 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 6 Language Code : English (U.S.) Character Set : Unicode Company Name : Keixqbqdc Bwvleejxlrx File Description : IPv6 Tfwssbn Firewall Driver File Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Internal Name : ip6fw.sys Legal Copyright : © Capanacsh Bngdmkceeph. All rights reserved. Original Filename : ip6fw.sys Product Name : Kdgurrwrx® Bddpqkb® Xxzlbjwzi System Product Version : 5.1.2600.2180
VirusTotal Report submitted 2012-04-25 15:59:57
VirusShare info last updated 2012-07-26 11:36:22

	MD5	466baddadd6fa401b2ca086db52d8ecb
	SHA1	b0a6348c22b92d8ac1c25fcdd3d87a3359efae3e
	SHA256	76d52da4e1cd8d50db9917043ae70200d5191316aa87303bc63798008fdb825b
SSDeep	3072:bh/flKl7FZKRjDue5UNH8KVDd1SSG4Ljj2jCEA9uWPQrzW6V6h7xGn5u8Myn93uz:bpEAFDju6KVuO3KSdPQrnq7xd2xhE
Size	212063 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:Trojan-gen Ikarus = Trojan-Downloader.Win32.Ponmocup AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/CI.A nProtect = Gen:Variant.Graftor.1139 K7AntiVirus = Trojan VirusBuster = Trojan.Injector!Gnqedqxaxa8 TrendMicro-HouseCall = TROJ_GEN.R47C2HT Emsisoft = Trojan-Downloader.Win32.Ponmocup!IK Comodo = TrojWare.Win32.Trojan.Agent.Gen SUPERAntiSpyware = Trojan.Agent/Gen-Faldesc[RE] ByteHero = Trojan.Win32.Heur.Gen TrendMicro = TROJ_GEN.R47C2HT Kaspersky = Trojan.Win32.Jorik.Pirminay.ael Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Malware_fam.NB Jiangmin = Trojan/Generic.kads McAfee = Generic Downloader.x!gch F-Secure = Trojan.Generic.6467197 VIPRE = Trojan.Win32.Generic!BT eSafe = Win32.TRDropper AVG = Dropper.Generic4.ABMW Norman = W32/Obfuscated.L Sophos = Mal/Generic-L GData = Trojan.Generic.6467197 BitDefender = Trojan.Generic.6467197 NOD32 = a variant of Win32/Injector.IVB
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 16384 Initialized Data Size : 200704 Uninitialized Data Size : 0 Entry Point : 0x1282 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Tmerpqndc Tfiobdklvpb File Description : Icndakful Cluster Resource Utility DLL File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : resutils Legal Copyright : © Xeqopdcev Qlrdoktfzsj. All rights reserved. Original Filename : resutils Product Name : Eyevwsbln® Pixkxwu® Elksjwqnz Cedyfp Product Version : 6.1.7600.16385
VirusTotal Report submitted 2011-10-17 18:17:40
VirusShare info last updated 2012-07-26 11:36:24

	MD5	04a0f4f67c46ffba850139e9f72d65e2
	SHA1	a54fb39fa6572b596498619aeb06895ccecf739e
	SHA256	76d9bda5f3d564a3dc0d2084d6c6b43febdceced16fd056c6078593ca177ecc7
SSDeep	6144:s1Xx4k43wvueIYY3BuQtmsUVmf2rEzMNaDTEhNBjc:s1Xqk43MueIz3SsUVmeQz0jhNBg
Size	209440 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Jorik Ikarus = Trojan-Downloader.Win32.Ponmocup AhnLab-V3 = Trojan/Win32.Pirminay Panda = Generic Trojan nProtect = Gen:Variant.Graftor.1139 K7AntiVirus = Riskware VirusBuster = Trojan.Injector!Ky3tyrFcvLo VBA32 = Trojan.Jorik.Pirminay.agd TrendMicro-HouseCall = TROJ_GEN.R47C8IR Comodo = UnclassifiedMalware Emsisoft = Trojan-Downloader.Win32.Ponmocup!IK DrWeb = Trojan.DownLoader4.61012 ByteHero = Trojan.Win32.Heur.Gen TrendMicro = TROJ_GEN.R47C8IR Kaspersky = Trojan.Win32.Jorik.Pirminay.agd Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Jorik_Pirminay.AGD!tr PCTools = Trojan.ADH Jiangmin = Trojan/Generic.kfzm McAfee = Generic Malware.ms F-Secure = Trojan.Generic.6468278 VIPRE = Trojan.Win32.Generic!BT AVG = Dropper.Generic4.AJFT Norman = W32/Suspicious_Gen2.QWHOR Sophos = Mal/Generic-L Symantec = Trojan.ADH GData = Trojan.Generic.6468278 TheHacker = Trojan/Injector.ivb BitDefender = Trojan.Generic.6468278 NOD32 = a variant of Win32/Kryptik.UFA
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 16384 Initialized Data Size : 200704 Uninitialized Data Size : 0 Entry Point : 0x1296 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 0.3.0.0 Product Version Number : 5.2.3790.1224 File Flags Mask : 0x003f File Flags : Private build File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 1 Language Code : English (U.S.) Character Set : Unicode Company Name : Oexxzhsxi Lpszbfliobe File Description : Canon BJ Mini Printer Driver File Version : 5.2.3790.1224 (dnsrv(skatari).040514-1058) Internal Name : CNB240.DLL Legal Copyright : © Vvfhtlxae Enaqsfctnyd. All rights reserved. Original Filename : CNB240.DLL Product Name : Mmohmepxx® Hrlbyje® Flzivwqke Hrxnne Product Version : 5.2.3790.1224
VirusTotal Report submitted 2011-11-13 21:40:15
VirusShare info last updated 2012-07-26 11:36:24

	MD5	30ce2715d5f061fc5747c948b19fad0a
	SHA1	58b065e22aa1af87de267268e299171c4fe59861
	SHA256	770520055e1af71a6591d422de1389b436d9196e2dff4c157c02a70b7dcc65ad
SSDeep	3072:xytjw4EIJdHc/QN2CSl08Olpw03Ll8WfZ:ItzlN2x0xp/3
Size	114688 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-GD [Cryp] Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Pirminay Rising = Trojan.Win32.Generic.12A27206 nProtect = Trojan.Generic.KDV.372755 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!nDqhYMK4xsM eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_SPNR.15KL11 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Vundo SUPERAntiSpyware = Trojan.Agent/Gen-Kryptik McAfee-GW-Edition = Generic.dx!bbbf DrWeb = Trojan.WinSpy.1267 TrendMicro = TROJ_SPNR.15KL11 Kaspersky = Trojan.Win32.Genome.abvey Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Monder.BMF!tr PCTools = Trojan.Gen McAfee = Generic.dx!bbbf F-Secure = Trojan.Generic.KDV.372755 VIPRE = Trojan.Win32.Kryptik.laq (v) eSafe = Win32.TRVundo F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic21.COGT Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Trojan.Generic.KDV.372755 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Trojan.Generic.KDV.372755 NOD32 = probably a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2005:03:31 12:17:45-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 57344 Initialized Data Size : 90112 Uninitialized Data Size : 0 Entry Point : 0xaf95 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.0.0.16 Product Version Number : 5.0.0.16 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 1 Language Code : English (U.S.) Character Set : Unicode Company Name : Brother Industries, Ltd. File Description : Brother Color Inkjet Printer Driver File Version : 5.0.0.16 (fbl_dox_dev_ihvs.080124-2043) Internal Name : brci06.dll Legal Copyright : Copyright © Brother Industries, Ltd. 2006 Original Filename : brci06.dll Product Name : Kdbonklks® Lraclky® Vwxdbfgpl Hgwmrv Product Version : 5.0.0.16
VirusTotal Report submitted 2012-02-24 22:03:03
VirusShare info last updated 2012-07-26 11:36:29

	MD5	97944f10eaffde500120aa9244d94c49
	SHA1	1ae3677ce7a698773924e27c0b77789e5db2d56e
	SHA256	78af0032e9987973c9d329c17ff0ec0bbd661fc1d2e1bd44e70a01ebcf8f7b76
SSDeep	1536:pp2AYBTtrArWizIG0P+RsxnsMBpuNsg+FRSc6CdWNW:ppqttPizIdPQsNNBpgL+jS4N
Size	86016 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Trj/CI.A nProtect = Trojan/W32.Vundo.86016.DE K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!oWos7dbhLyo VBA32 = AdWare.SuperJuan.heur eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R72CDAB Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Vundo!nq TrendMicro = TROJ_GEN.R72CDAB Kaspersky = Trojan.Win32.Genome.adwba Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Menti.fam!tr PCTools = Trojan.Vundo McAfee = Vundo!nq F-Secure = Gen:Variant.Vundo.5 VIPRE = Virtumonde F-Prot = W32/Virtumonde.CI.gen!Eldorado AVG = Generic26.BMAK Norman = W32/Kryptik.AIF GData = Gen:Variant.Vundo.5 Symantec = Trojan.Vundo!gen9 Commtouch = W32/Virtumonde.CI.gen!Eldorado BitDefender = Gen:Variant.Vundo.5 NOD32 = a variant of Win32/Kryptik.LFR
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:09:01 17:52:10-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 32768 Initialized Data Size : 86016 Uninitialized Data Size : 0 Entry Point : 0x8a94 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.5479.0 Product Version Number : 6.0.5479.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 1 Language Code : English (U.S.) Character Set : Unicode Company Name : SEIKO EPSON CORPORATION File Description : EPSON Printer Driver File Version : 6.0.5479.0 (vbl_wcp_d2_drivers.060616-1619) Internal Name : EP0NAR00.DLL Legal Copyright : Copyright (c) SEIKO EPSON CORPORATION 2004. All rights reserved. Original Filename : EP0NAR00.DLL Product Name : EPSON Printer Driver Product Version : 6.0.5479.0
VirusTotal Report submitted 2012-05-07 18:03:25
VirusShare info last updated 2012-07-26 11:37:39

	MD5	cca7cc97a284c69c85ef1d0a71f16360
	SHA1	41cc65bad509460c0d1effbab6c93324e6741341
	SHA256	7939211f9f8ba06cfe7bdd2e342220e3337434716ce22846660ec01d91eea8f6
SSDeep	1536:fYDZi0amWdS9wBmnlNm6qUEDCOUCs4uT69LCyP1Jh01BQ1:QM0aml/lNcUEDlsd69LYvQ1
Size	81920 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.307200 Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/Win32.Monder.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Generic Trojan nProtect = Trojan/W32.Vundo.81920.BF K7AntiVirus = Riskware VBA32 = Trojan.Win32.Monder.mvbx eTrust-Vet = Win32/Monder.A!generic TrendMicro-HouseCall = TROJ_VNDO.SMUS1 Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[RE] McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.Virtumod.10219 TrendMicro = TROJ_VNDO.SMUS1 Kaspersky = Trojan.Win32.Monder.mynr Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Monder.abon McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.5 F-Prot = W32/Virtumonde.CD.gen!Eldorado AVG = Generic22.BPAX Norman = W32/Suspicious_Gen2.RNVYA Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.5 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CD.gen!Eldorado BitDefender = Gen:Variant.Vundo.5 NOD32 = a variant of Win32/Kryptik.NDI
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:08:10 15:31:04-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 24576 Initialized Data Size : 90112 Uninitialized Data Size : 0 Entry Point : 0x3815 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 0.3.0.0 Product Version Number : 5.2.3790.1224 File Flags Mask : 0x003f File Flags : Private build File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 1 Language Code : English (U.S.) Character Set : Unicode Company Name : Iskevzody Eejmjfkekcs File Description : Canon BJ Mini Printer Driver File Version : 5.2.3790.1224 (dnsrv(skatari).040514-1058) Internal Name : CNB600.DLL Legal Copyright : © Cddkrpwvz Xjuqvqpjlue. All rights reserved. Original Filename : CNB600.DLL Product Name : Dqxhvjrid® Xonmayd® Xxmgojpla Ewipwc Product Version : 5.2.3790.1224
VirusTotal Report submitted 2011-10-29 18:10:17
VirusShare info last updated 2012-07-26 11:37:58

	MD5	bcfdac7479d3d6bba6875616dbab002d
	SHA1	3db46625f7167ea476865aab20b716e95037199f
	SHA256	79664d602260e7eee202ad9aa26d021a687a65a9012734a5369c258ea1d7be10
SSDeep	6144:DRNIHCgaZAxxiQKmYIN53cjIPqzB02DnPFBspq5ZWOZ78eMppn1gLvkGc3pTtxuu:DRNRgakxLKmYIAIqzB02Xg0ZWK8fgLvy
Size	364991 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Pirminay.hfj.1 Avast = Win32:Pirminay-W [Trj] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Suspicious file nProtect = Trojan.Generic.KDV.223150 K7AntiVirus = Riskware VirusBuster = Trojan.Agent!u3/P2DXySRc TrendMicro-HouseCall = TROJ_GEN.R21C1H6 Emsisoft = Trojan.Win32.Pirminay!IK Comodo = TrojWare.Win32.Trojan.Agent.Gen McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.DownLoader4.45597 TrendMicro = TROJ_GEN.R21C1H6 Kaspersky = Trojan.Win32.Pirminay.meo Microsoft = TrojanDownloader:Win32/Ponmocup.A ViRobot = Trojan.Win32.Generic.365028 Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.alz McAfee = Generic Malware.ms ClamAV = Trojan.Agent-248085 F-Secure = Trojan.Generic.KDV.223150 VIPRE = Trojan.Win32.Generic!BT AVG = Generic22.ATCZ Norman = W32/Obfuscated.L Sophos = Mal/Ponmocup-A GData = Trojan.Generic.KDV.223150 Symantec = Trojan.Gen TheHacker = Trojan/Pirminay.hfj BitDefender = Trojan.Generic.KDV.223150 NOD32 = a variant of Win32/Kryptik.LNR
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:22 13:03:23-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 339968 Initialized Data Size : 307200 Uninitialized Data Size : 0 Entry Point : 0x504e6 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.2180 Product Version Number : 5.1.2600.2180 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Unicode Company Name : Gnfivrjgy Bpuwpckefsk File Description : Control Method Battery Driver File Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Internal Name : cmbatt.sys Legal Copyright : © Gszlxylwj Jcavetxiddb. All rights reserved. Original Filename : cmbatt.sys Product Name : Zehsvgyfp® Dsnxavt® Ncsbwixgd Salneo Product Version : 5.1.2600.2180
VirusTotal Report submitted 2012-06-22 16:15:04
VirusShare info last updated 2012-07-26 11:38:04

	MD5	d302774dfd9e3006f24aa65cbfdfd7a2
	SHA1	5a9fe240a33c12c0d7a06d0de27e53db2c4b2bed
	SHA256	79a77256349d7d982e3064d0e194f04d4fe79cb3894c8151cf1b75940c22264e
SSDeep	3072:+2nw3C9d2HIUdWjdR75QKWUDO8st7pZpo2:pwy9w/dWjTlXjDHsY
Size	103424 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:Trojan-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Genome Panda = Suspicious file Rising = Trojan.Win32.Generic.12535B02 nProtect = Joke/W32.Renos.103424.C K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!mesU8sR/V+8 TrendMicro-HouseCall = TROJ_GEN.R47C2K9 Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Vundo SUPERAntiSpyware = Trojan.Agent/Gen-Redirect McAfee-GW-Edition = Generic.dx!umy TrendMicro = TROJ_GEN.R47C2K9 Kaspersky = Trojan.Win32.Genome.npdz Microsoft = Trojan:Win32/Vundo PCTools = RogueAntiSpyware.SpywareStrike!rem Jiangmin = Trojan/Genome.ihm McAfee = Generic.dx!umy VIPRE = Trojan.Win32.Vundo Prevx = High Risk Cloaked Malware Avast5 = Win32:Trojan-gen F-Prot = W32/Virtumonde.BZ.gen!Eldorado AVG = Crypt_c.CEV Norman = W32/Suspicious_Gen2.EJIDI Symantec = SpywareStrike GData = Trojan.Renos.PJY Commtouch = W32/Virtumonde.BZ.gen!Eldorado TheHacker = Trojan/Kryptik.hhf BitDefender = Trojan.Renos.PJY NOD32 = a variant of Win32/Kryptik.HHF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:17 15:51:36-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 92160 Initialized Data Size : 48640 Uninitialized Data Size : 0 Entry Point : 0x17649 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : Neutral Character Set : Unicode Company Name : Microsoft Corporation File Description : KO Hangeul Keyboard Layout for 101 (Type A) File Version : 6.0.6000.16386 (vista_rtm.061101-2205) Internal Name : kbd101a Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : kbd101a.dll Product Name : Microsoft® Windows® Operating System Product Version : 6.0.6000.16386
VirusTotal Report submitted 2011-02-24 10:51:16
VirusShare info last updated 2012-07-26 11:38:12

	MD5	d269aaa204588a180d4ce4b7be5de3e7
	SHA1	30a70939858f2a225969a13ffb51aef164ddffca
	SHA256	7aaca2f1217781cbf64671a8ed9e9804660badc4668a1cb79101e05f79406908
SSDeep	3072:0vZH8sbJbA8kfkUO+EM8CQKFFrYolEMqqDLy/Pn+Pe/4NKCns6:0vbGJrOFMGw1YeqqDLuPsOuKqs
Size	160768 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:Trojan-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Vundo Panda = Generic Trojan Rising = Trojan.Win32.Generic.1289ABC8 nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!4OpO7Jrai9Y eTrust-Vet = Win32/Monder.A!generic Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV ViRobot = Trojan.Win32.Vundo.160768 Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.ijxo F-Secure = Gen:Variant.Vundo.4 Avast5 = Win32:Trojan-gen F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.AZQC Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.lxf BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:08:19 09:46:42-04:00 PE Type : PE32 Linker Version : 5.12 Code Size : 94208 Initialized Data Size : 118784 Uninitialized Data Size : 0 Entry Point : 0x13a32 OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.6.7000.0 Product Version Number : 6.6.7000.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Vnrmgjtri Lpzybpvwlac File Description : DirectShow Runtime. File Version : 6.6.7000.0 (winmain_win7beta.081212-1400) Internal Name : QCap.dll Legal Copyright : © Uytnvwlob Dbtjrslawzr. All rights reserved. Original Filename : QCap.dll Product Name : Rkathmooi® Rufbqqx® Vnvlhzjpv Gjyxup Product Version : 6.6.7000.0 Ole Self Register :
VirusTotal Report submitted 2011-09-15 14:24:13
VirusShare info last updated 2012-07-26 11:38:41

	MD5	e03cfc2d8d097d92431a98ab31aac8dd
	SHA1	f14552b7112dcfe2e431a0fcdc1b979035668a0a
	SHA256	7c036d213fc40ef8c244700cc63c3521711849e71516407b5dbaf2e424a4df67
SSDeep	3072:zo9VRPdWkbaKz2e7bH2Zo9B3K72UoMS7wYXif07MqqDLy/ld0ded93OTI:zoRPACoev2Zonn3f7Hi84qqDLueT
Size	163840 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-HF [Cryp] Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Gen Panda = Generic Trojan Rising = Trojan.Win32.Generic.129A8975 nProtect = Gen:Variant.Vundo.13 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!19HbFWLPx/8 TrendMicro-HouseCall = TROJ_GEN.R30C2IL Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Vundo!mg DrWeb = Trojan.Click1.54693 TrendMicro = TROJ_GEN.R30C2IL Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen McAfee = Vundo!mg F-Secure = Gen:Variant.Vundo.13 VIPRE = Virtumonde eSafe = Win32.TRVundo F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic24.CPKX Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen Symantec = Trojan.Gen GData = Gen:Variant.Vundo.13 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.oxo BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.OXO
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:14 14:58:26-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 106496 Initialized Data Size : 98304 Uninitialized Data Size : 0 Entry Point : 0x1af37 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 3.0.6920.1820 Product Version Number : 3.0.6920.1820 File Flags Mask : 0x003f File Flags : Private build File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Ykodchwab Wnzebbnlxzw File Description : PresentationFramework.Luna.dll File Version : 3.0.6920.1820 built by: NetFXw7 Internal Name : PresentationFramework.Luna.dll Legal Copyright : © Wgeudarkd Ohcpevdikur. All rights reserved. Original Filename : PresentationFramework.Luna.dll Product Name : Fjgjgypbf® .NET Framework Product Version : 3.0.6920.1820 Comments : Flavor=Retail Private Build : DDBLD228
VirusTotal Report submitted 2011-11-18 00:04:53
VirusShare info last updated 2012-07-26 11:39:18

	MD5	37a2b57c1787fa9d6e651bdddcb63642
	SHA1	036225352565082eed417af3cf161b16d618ba56
	SHA256	7ca6b9fd5a174dd27f2c02b5ea3a4bf4a3951f812d8d55660e479e52d669eefc
SSDeep	3072:b9xJU+0nqdgDpyH8hdYKsJFypzugmwmNB4kFXku:UqdbgdM0uz4kF
Size	106496 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-HH [Cryp] Antiy-AVL = Trojan/Win32.Monder.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Suspicious file nProtect = Trojan/W32.Agent.106496.ALQ K7AntiVirus = Riskware VBA32 = AdWare.SuperJuan.heur eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R30C2IK Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Vundo.Gen McAfee-GW-Edition = Vundo!lz DrWeb = Trojan.Virtumod.10437 TrendMicro = TROJ_GEN.R30C2IK Kaspersky = Trojan.Win32.Monder.mubd Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr Jiangmin = Trojan/Pakes.ntp McAfee = Vundo!lz F-Secure = Trojan.Generic.KDV.362874 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic24.CONU Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Trojan.Generic.KDV.362874 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Monder.nlwk BitDefender = Trojan.Generic.KDV.362874 NOD32 = a variant of Win32/Adware.Virtumonde.NKN
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:03:30 20:45:38-05:00 PE Type : PE32 Linker Version : 4.20 Code Size : 86016 Initialized Data Size : 49152 Uninitialized Data Size : 0 Entry Point : 0x14ff4 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.0 Product Version Number : 5.2.3790.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Default Screen Saver File Version : 5.2.3790.0 (srv03_rtm.030324-2048) Internal Name : scrnsave Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : scrnsave Product Name : Microsoft® Windows® Operating System Product Version : 5.2.3790.0
VirusTotal Report submitted 2012-03-01 21:54:22
VirusShare info last updated 2012-07-26 11:39:38

	MD5	f7c8cdb3e6bd71326300a9f951a69e0f
	SHA1	74852f8ab1453f661de5bb22ed632439a9c8dc1c
	SHA256	7e5f6d110db4e5acbdb0d4b11d35bbda2be75082afbdae4b95f6ce872e3a6d2e
SSDeep	3072:lmwTfs863rWPbLqtmIAXTEXpqo55NaY9cviesJPwiw4yUW:lmCs863gLqtm9TEXpx55NaYcAwiZ
Size	133632 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.133632.AV Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Securisk Panda = Suspicious file Rising = Trojan.Win32.Generic.12320B3C nProtect = Trojan/W32.Agent.133632.DY K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!JC42dyqUpsk TrendMicro-HouseCall = TROJ_GEN.R4FC1L8 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Genome.myuu McAfee-GW-Edition = Generic.dx!uex TrendMicro = TROJ_GEN.R4FC1L8 Kaspersky = Trojan.Win32.Genome.myuu Microsoft = Trojan:Win32/Vundo.gen!AV PCTools = HeurEngine.MaliciousPacker Jiangmin = Trojan/Genome.mkc McAfee = Generic.dx!uex F-Secure = Trojan.Generic.KDV.47695 VIPRE = Trojan.Win32.Vundo Prevx = High Risk Fraudulent Security Program Avast5 = Win32:Malware-gen F-Prot = W32/Virtumonde.BZ.gen!Eldorado AVG = Crypt_c.BEE Norman = W32/Suspicious_Gen2.DVACR Sophos = Mal/Generic-L Symantec = Packed.Generic.305 GData = Trojan.Generic.KDV.47695 Commtouch = W32/Virtumonde.BZ.gen!Eldorado TheHacker = Trojan/Kryptik.gnd BitDefender = Trojan.Generic.KDV.47695 NOD32 = a variant of Win32/Kryptik.GND
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:02:03 20:48:20-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 119808 Initialized Data Size : 49152 Uninitialized Data Size : 0 Entry Point : 0x1e2a1 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Windows System Performance Objects DLL File Version : 6.0.6000.16386 (vista_rtm.061101-2205) Internal Name : PERFOS.DLL Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : PERFOS.DLL Product Name : Microsoft® Windows® Operating System Product Version : 6.0.6000.16386
VirusTotal Report submitted 2011-05-11 14:10:51
VirusShare info last updated 2012-07-26 11:40:24

	MD5	5688957612d3c039bb94d6bc636814ec
	SHA1	ae3fbc3d10ebd0d0bd83af9a5c6a26c448b78312
	SHA256	7f53107ee88728cc0e73e446e7c98ce1ab9ddba54023d6b608f685c1832c0b2b
SSDeep	6144:GQIp2UlmTSAKJ+qlaLxYZAmKVyeHiWCeF94Uf0GdgkuwZb0:GllOwAmfSisFSUJdgn
Size	343439 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	Ikarus = Gen.Variant.Vundo Panda = Suspicious file nProtect = Gen:Variant.Vundo.6 VBA32 = SScope.Trojan.Pirminay.chc TrendMicro-HouseCall = TROJ_FAKEMS.AE Emsisoft = Gen.Variant.Vundo!IK McAfee-GW-Edition = Artemis!5688957612D3 TrendMicro = TROJ_FAKEMS.AE Kaspersky = Trojan.Win32.Pirminay.dhw Microsoft = TrojanDownloader:Win32/Ponmocup.A McAfee = Artemis!5688957612D3 F-Secure = Gen:Variant.Vundo.6 Prevx = High Risk Cloaked Malware GData = Gen:Variant.Vundo.6 BitDefender = Gen:Variant.Vundo.6
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2005:10:24 21:08:52-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 16384 Initialized Data Size : 643072 Uninitialized Data Size : 0 Entry Point : 0x4ab8 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2001.12.4414.700 Product Version Number : 3.0.0.4414 File Flags Mask : 0x003f File Flags : Special build File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Windows, Latin1 Company Name : Microsoft Corporation File Version : 2001.12.4414.700 Internal Name : COMADDIN.DLL Legal Copyright : Copyright (C) Microsoft Corp. 1995-1999 Legal Trademarks : Microsoft(R) is a registered trademark of Microsoft Corporation. Windows(TM) is a trademark of Microsoft Corporation Product Name : COM Services Product Version : 03.00.00.4414
VirusTotal Report submitted 2011-02-24 06:38:42
VirusShare info last updated 2012-07-26 11:40:52

	MD5	eddf8a33045db544d91098cb3d264559
	SHA1	896597b64163c0fdb7f12d672981c79dbf5a132a
	SHA256	7fb25ad47da01654bc018cf801cdb9166f78d3a6c9502f32ae6e98c91165fee5
SSDeep	1536:RdXPNHPVB7JJOZ3JFd26+Avh8jO1XeCJOA4kxHZ4giCHRogZTAsE0ByL5:RdXh0Zm6+7jO1XeiHxHxJu0Bo5
Size	110080 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:MalOb-EI Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Genome Panda = Suspicious file nProtect = Trojan/W32.Vundo.110080.C K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_GEN.R72C2LI Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Vundo McAfee-GW-Edition = Vundo!gu DrWeb = Trojan.Click1.34359 TrendMicro = TROJ_GEN.R72C2LI Kaspersky = Trojan.Win32.Genome.rdfg Microsoft = Trojan:Win32/Vundo PCTools = Trojan.Gen McAfee = Vundo!gu F-Secure = Gen:Variant.Vundo.5 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:MalOb-EI eSafe = Win32.TRATRAPS F-Prot = W32/Virtumonde.BZ.gen!Eldorado AVG = Generic20.AOPJ Sophos = Mal/Generic-L Symantec = Trojan.Gen GData = Gen:Variant.Vundo.5 Commtouch = W32/Virtumonde.BZ.gen!Eldorado TheHacker = Trojan/Kryptik.itt BitDefender = Gen:Variant.Vundo.5 NOD32 = a variant of Win32/Kryptik.JGY
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:21 03:03:20-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 97792 Initialized Data Size : 48640 Uninitialized Data Size : 0 Entry Point : 0x18d17 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.0.2180.1 Product Version Number : 5.0.2180.1 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 4 Language Code : Neutral Character Set : Unicode Company Name : Microsoft Corporation File Description : ModeX Display Driver File Version : 5.00.2180.1 Internal Name : modex.dll Legal Copyright : Copyright (C) Microsoft Corp. 1981-1999 Original Filename : modex.dll Product Name : Microsoft(R) Windows (R) 2000 Operating System Product Version : 5.00.2180.1
VirusTotal Report submitted 2011-05-18 22:21:14
VirusShare info last updated 2012-07-26 11:41:02

	MD5	fa1168c6e807d9fb8bfcab9a8a2d81bc
	SHA1	9f30d76332beda2333352bf161f9daf7b5e9d27a
	SHA256	7fcdefa84266b6104a1c2e8af4e1df603fe7d14c2002e253fbaf4ce689c645ea
SSDeep	6144:I85PWKK1EcJlKdUAY0Dk0bVXbGADqc7bEbGqlsvu++VR/UFd+6i43PHHy5h4mt/O:rD+qmJ0DF8Tbsu+aRp5h40XbT8RWA
Size	640010 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Agent.640010 Avast = Win32:Trojan-gen Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay Panda = Trj/CI.A Rising = Worm.Win32.Autorun.GEN nProtect = Trojan/W32.Pirminay.640010 VirusBuster = Trojan.DL.Agent.YIUF VBA32 = Trojan.Pirminay.gn TrendMicro-HouseCall = TROJ_GEN.R47C2HA Emsisoft = Trojan.Win32.Pirminay!IK Comodo = TrojWare.Win32.Trojan.Agent.Gen CAT-QuickHeal = Trojan.Pirminay.gw McAfee-GW-Edition = Artemis!FA1168C6E807 DrWeb = Trojan.Hosts.1446 TrendMicro = TROJ_GEN.R47C2HA Kaspersky = Trojan.Win32.Pirminay.gw Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Pirminay.GW!tr Sunbelt = Trojan.Win32.Generic.pak!cobra Jiangmin = Trojan/Pirminay.p McAfee = Suspect-BA!FA1168C6E807 F-Secure = Trojan.Agent.AQKY Avast5 = Win32:Trojan-gen AVG = Dropper.Generic2.AILC Norman = W32/Obfuscated.H!genr Sophos = Mal/Generic-L GData = Trojan.Agent.AQKY BitDefender = Trojan.Agent.AQKY NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2000:12:19 01:38:05-05:00 PE Type : PE32 Linker Version : 6.0 Code Size : 146944 Initialized Data Size : 754176 Uninitialized Data Size : 0 Entry Point : 0x24c7c OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2010-09-26 02:26:33
VirusShare info last updated 2012-07-26 11:41:05

	MD5	cc582dac3a28cb1dc4bb8221d5251eb0
	SHA1	fe725f0a661e51057fbc3329f60aab9b06a60777
	SHA256	8051f518b4f3e16abcecc31e1f0edc3c891f575e75e6ab26c5c6066e72c8ab03
SSDeep	1536:HWv14s61TdoaaiL5W2yLnu2k2UXl5pGn:HWtn6TdotcZJ2SXlW
Size	49664 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Menti Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.5 VirusBuster = Trojan.Vundo!pNSNWEZHwoE VBA32 = AdWare.SuperJuan.heur Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Vundo.av DrWeb = Trojan.Siggen2.12319 Kaspersky = Trojan.Win32.Menti.hthh Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Virtum!tr PCTools = Trojan.Gen F-Secure = Gen:Variant.Vundo.5 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-EI [Cryp] AVG = Cryptic.BTF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.5 Symantec = Trojan.Gen TheHacker = Trojan/Menti.hisl BitDefender = Gen:Variant.Vundo.5 NOD32 = a variant of Win32/Kryptik.JHE
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2002:08:22 22:50:22-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 6656 Initialized Data Size : 78848 Uninitialized Data Size : 0 Entry Point : 0x2654 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1.2.0.6 Product Version Number : 1.2.0.6 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Unicode Company Name : VMware, Inc. File Description : VMware SCSI Controller Driver File Version : 1.2.0.6 Internal Name : vmscsi.sys Legal Copyright : Copyright © 1998-2006 VMware, Inc. Original Filename : vmscsi.sys Product Name : VMware SCSI Controller Driver Product Version : 1.2.0.6
VirusTotal Report submitted 2011-09-06 01:02:08
VirusShare info last updated 2012-07-26 11:41:27

	MD5	d182a7ee55e5a551c369ceab14984850
	SHA1	c3182f6386b31d7390e474d06c22f2f52c8aea5c
	SHA256	80676e585e3b1c7cac997f448d3938a1ce9af9bff9ad6652f8fc8590c299113d
SSDeep	1536:VfMQf5hiCWWMd5GiLGFGYR2l9F1SdWfnF+Qn85uRlcMqqU+NV23S23o:V0e5hdvBFGJlQdW9f8kRlcMqqDLy/3o
Size	106496 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:Pirminay-BU [Trj] Antiy-AVL = Trojan/Win32.Delf.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Genome Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.4 eTrust-Vet = Win32/Monder.A!generic TrendMicro-HouseCall = TROJ_GEN.R4FC2IG Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Artemis!D182A7EE55E5 TrendMicro = TROJ_GEN.R4FC2IG Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen Jiangmin = TrojanDownloader.Delf.abna McAfee = Artemis!D182A7EE55E5 F-Secure = Gen:Variant.Vundo.4 AVG = Generic23.AOVK Norman = W32/Obfuscated.C2!genr GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen TheHacker = Trojan/Genome.sqcu BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.QGJ
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:09:07 22:36:33-04:00 PE Type : PE32 Linker Version : 6.0 Code Size : 36864 Initialized Data Size : 110592 Uninitialized Data Size : 0 Entry Point : 0x4c8e OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Skpmzzglk Corporation File Description : Japwccd Write File Version : 5.1.2600.0 (lusplhbl.010817-1148) Internal Name : write Legal Copyright : © Cgjeupiyp Pllcycjuauu. All rights reserved. Original Filename : write Product Name : Mvfgrdqcn® Ovzuisr® Optfepazy Mexelr Product Version : 5.1.2600.0
VirusTotal Report submitted 2011-10-15 09:25:47
VirusShare info last updated 2012-07-26 11:41:29

	MD5	cda127739f66bdf2518523e82ab233ee
	SHA1	25fbba36592e1ed78075e09070213f247dc5abc3
	SHA256	807edcc568c92abcf7162ebb82fa275d0ca339a301becfbb534391f9f6fa30dc
SSDeep	3072:S+be6rU50oY8ACQTbEqcXUQV3dFzODMqqDLy/boDbc:oek2f0UGFzLqqDLub
Size	131072 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:Vundo-JX [Trj] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/Genetic.gen nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware VirusBuster = Trojan.Vundo.AKMH eTrust-Vet = Win32/Vundo.HPV!genus TrendMicro-HouseCall = TROJ_GEN.R72C2G4 Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Artemis!CDA127739F66 TrendMicro = TROJ_GEN.R72C2G4 Microsoft = Trojan:Win32/Vundo.gen!AV PCTools = Trojan.Gen McAfee = Artemis!CDA127739F66 F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Vundo-JX [Trj] eSafe = Win32.TRVundo AVG = Generic23.WUB Norman = W32/Suspicious_Gen2.MZQJB Symantec = Trojan.Gen GData = Gen:Variant.Vundo.4 BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:05 18:48:40-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 86016 Initialized Data Size : 86016 Uninitialized Data Size : 0 Entry Point : 0x151a7 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.1.4026.0 Product Version Number : 2.0.0.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : Ncpniezam Kdqqjqacykd File Description : Movie Maker Filters File Version : 2, 1, 4026, 0 Internal Name : WMM2FILT Legal Copyright : Copyright (C) Lfwckqjlh Corp, 2004 Legal Trademarks : Original Filename : WMM2FILT.DLL Private Build : Product Name : Windows Movie Maker Product Version : 2.1.4026.0 Special Build :
VirusTotal Report submitted 2011-07-11 23:58:37
VirusShare info last updated 2012-07-26 11:41:34

	MD5	9c2c279934580b5d50d29c3b5846f63e
	SHA1	63f4251e9fef8fff1415581a4460d1c87e20cd2b
	SHA256	80d009a7f3936ae569ea20c0b2bcfb213af0a194d88e9b02362e060b9c9d200b
SSDeep	6144:JU6fdZOequ70zUXn4kilp+J02lxIxiYcfnJnhVeQLe/:JUgZb0zUXn49lp+m+IAfnJnh8QLO
Size	331274 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dldr.Agent.sfj.1 Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/CI.A Rising = Trojan.Win32.Generic.522764A1 nProtect = Trojan/W32.Pirminay.331274 VirusBuster = Trojan.Pirminay.AI VBA32 = Trojan.Pirminay.ff Emsisoft = Trojan.Win32.Pirminay!IK Comodo = TrojWare.Win32.Trojan.Agent.Gen DrWeb = Trojan.Siggen2.326 Kaspersky = Trojan.Win32.Pirminay.fv Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Pirminay.FV!tr Sunbelt = Trojan.Win32.Generic!BT Jiangmin = Trojan/Pirminay.o McAfee = Suspect-BA!9C2C27993458 Avast5 = Win32:Malware-gen AVG = Dropper.Generic2.AHXK Norman = W32/Obfuscated.L Sophos = Mal/Generic-L GData = Win32:Malware-gen TheHacker = Trojan/Pirminay.fv NOD32 = Win32/TrojanDropper.Agent.OVJ
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:15 07:40:53-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 303104 Initialized Data Size : 28672 Uninitialized Data Size : 393216 Entry Point : 0xaa780 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2010-08-19 01:10:48
VirusShare info last updated 2012-07-26 11:41:45

	MD5	fa5a459c28fd813075a5087bd267c410
	SHA1	c74c4f0dc125d95412e0714efcfd2e166083b7bd
	SHA256	81087e3b7b40a14025715f1ca91f3993936698ea4eba784aab9df976d5d1f4ed
SSDeep	3072:R5ZjZcTDU5y1UNJGh9mWWjsNECCtPqQQ0opq/N+yU7Oga6qLIblrJKS1:R5bmMWnNUPcEoXRZ8ILKS1
Size	221184 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/Win32.Monder.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.13 K7AntiVirus = Riskware VirusBuster = Trojan.Monder!oeQ8P9NZeN0 eTrust-Vet = Win32/Monder.A!generic TrendMicro-HouseCall = TROJ_GEN.R30C2HU Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Vundo.av McAfee-GW-Edition = Vundo!lf TrendMicro = TROJ_GEN.R30C2HU Kaspersky = Trojan.Win32.Monder.mqvk Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Monder.BMF!tr McAfee = Vundo!lf F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic21.BJOR Norman = W32/Suspicious_Gen2.PPLHS Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.13 Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.NDI
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2007:10:04 21:39:34-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 155648 Initialized Data Size : 98304 Uninitialized Data Size : 0 Entry Point : 0x22d41 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.0.10384 Product Version Number : 5.2.0.10384 File Flags Mask : 0x003f File Flags : Private build File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Unicode Company Name : Adaptec, Inc. File Description : Adaptec RAID Storport Driver File Version : 5.2.0.10384 (NT.070222-1720) Internal Name : arc.sys.B10384.mcb Legal Copyright : Copyright 2007 Adaptec, Inc. All rights reserved. Original Filename : arc.sys Product Name : Adaptec RAID Controller Product Version : 5.2.0.10384
VirusTotal Report submitted 2011-10-13 15:09:51
VirusShare info last updated 2012-07-26 11:41:54

	MD5	c03027bd521c3a536d7f6f93ad019d0c
	SHA1	676ebbe3d3e1fcad9907f7820bed091549ed2951
	SHA256	83491c618b8c6ab1afcaa9dbfb8e13301bc7cf5a4baef605c9272a7b3bd7117b
SSDeep	1536:Gr4vdHv2X4d+7EpHKK4b0r+9l7TJJhabHLWB2vDhBEQtaT7kQf:1deGSKKfZ9l7FJhcLRreT7kQf
Size	76800 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/Win32.Monder.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Trj/Genetic.gen Error scanning file nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware eTrust-Vet = Win32/Monder.A!generic TrendMicro-HouseCall = TROJ_GEN.R4FC1GB Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Generic.evx!e DrWeb = Trojan.Click1.61036 TrendMicro = TROJ_GEN.R4FC1GB Kaspersky = Trojan.Win32.Monder.mmjf Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Monder.BMF!tr PCTools = Trojan.Gen Jiangmin = Trojan/Monder.abee McAfee = Generic.evx!e F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.YJO Norman = W32/Suspicious_Gen2.QAMOQ Sophos = Mal/Generic-L GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.ndi BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.NDI
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:06:29 07:32:37-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 32768 Initialized Data Size : 90112 Uninitialized Data Size : 0 Entry Point : 0x4add OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 2 Language Code : Neutral Character Set : Unicode Company Name : Microsoft Feyzmogvamr File Description : Greenlandic Keyboard Layout File Version : 6.0.6000.16386 (edkrn_rtm.061101-2205) Internal Name : kbdgrlnd (3.13) Legal Copyright : © Oscyawtxx Pxpucqjdtev. All rights reserved. Original Filename : kbdgrlnd.dll Product Name : Vhrnqseir® Eipvpsk® Bxmonqxom Vrwqts Product Version : 6.0.6000.16386
VirusTotal Report submitted 2011-09-28 15:29:07
VirusShare info last updated 2012-07-26 11:43:04

	MD5	08c46d933fda8e63b12d532659949210
	SHA1	9f1c111f405d43084632b4c910e9a648b14c5697
	SHA256	8367b6d1bd4520644437f384ed050286bdd954f33d708f6abd25ea4a90c958f2
SSDeep	3072:R5Zo3sTDU5y16iFJGh9mWWjlNECCtPqQQ0ocy/R1yBBOgi6qLBbl+JKS1:R5CqmMWGNUPctvSnh8B8KS1
Size	221184 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/Win32.Monder.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Trj/CI.A nProtect = Trojan/W32.Vundo.221184.B K7AntiVirus = Riskware VirusBuster = Trojan.Monder!ayWyppciP4s eTrust-Vet = Win32/Monder.A!generic TrendMicro-HouseCall = TROJ_GEN.R4FC2IK Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Win32.Trojan.Monder.cd.5 McAfee-GW-Edition = Vundo!lz DrWeb = Trojan.Virtumod.10275 TrendMicro = TROJ_GEN.R4FC2IK Kaspersky = Trojan.Win32.Monder.msgl Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Monder.BMF!tr PCTools = Trojan.Gen McAfee = Vundo!lz F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic21.BJOR Norman = W32/Suspicious_Gen2.RBYSZ Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.13 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.NDI
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2007:10:04 21:39:34-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 155648 Initialized Data Size : 98304 Uninitialized Data Size : 0 Entry Point : 0x22d41 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.0.10384 Product Version Number : 5.2.0.10384 File Flags Mask : 0x003f File Flags : Private build File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Unicode Company Name : Adaptec, Inc. File Description : Adaptec RAID Storport Driver File Version : 5.2.0.10384 (NT.070222-1720) Internal Name : arc.sys.B10384.mcb Legal Copyright : Copyright 2007 Adaptec, Inc. All rights reserved. Original Filename : arc.sys Product Name : Adaptec RAID Controller Product Version : 5.2.0.10384
VirusTotal Report submitted 2011-10-28 09:39:57
VirusShare info last updated 2012-07-26 11:43:09

	MD5	e4d30d1490dbe411f764fcffefcd54b0
	SHA1	af4e1b3a83eccbc78d1e045435f960023ff5c362
	SHA256	84ff25280797694f06e18f018398febeac89f4055dd82231487b8b9d74113595
SSDeep	3072:/fMcRVjXaLkvtwz/NxxxgPd93ULm3o6KL:nFhZvKJfy4mq
Size	131072 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Vundo Panda = Suspicious file Rising = Trojan.Win32.Generic.129600E3 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!ork3JLqx/L4 VBA32 = Trojan.Genome.ueob eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R47C2IA Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Genome.xhfe SUPERAntiSpyware = Trojan.Agent/Gen-Vundo McAfee-GW-Edition = Vundo!ll DrWeb = Trojan.Click2.194 TrendMicro = TROJ_GEN.R47C2IA Kaspersky = Trojan.Win32.Genome.xhfe Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Virtumonde.MCZ!tr PCTools = Trojan.Gen McAfee = Vundo!ll F-Secure = Gen:Variant.Vundo.13 VIPRE = Virtumonde F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.BRYM Norman = W32/Kryptik.AIF GData = Gen:Variant.Vundo.13 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.ndc BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.NDC
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:09:07 16:43:52-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 65536 Initialized Data Size : 98304 Uninitialized Data Size : 0 Entry Point : 0xceaa OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.10.2600.822 Product Version Number : 5.10.2600.822 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Unicode Company Name : NVIDIA Corporation File Description : NVIDIA® nForce(TM) Sata Performance Driver File Version : 5.10.2600.0822 (NT.060926-1359) Internal Name : NVIDIA nForce(TM) SATA Driver Legal Copyright : Copyright(C) 2001-2006 NVIDIA Corporation Original Filename : nvstor.sys Product Name : NVIDIA nForce(TM) SATA Driver Product Version : 5.10.2600.0822
VirusTotal Report submitted 2012-04-21 12:40:49
VirusShare info last updated 2012-07-26 11:44:03

	MD5	75743c520b2c1ab8723b20db9afab7cc
	SHA1	3be3c987b9de0cac1144ba9aca2e9e4b9466f7d3
	SHA256	8529667c7c463feb5929f10cbbcb56d40eefcf750373494f01975cb68b255b9c
SSDeep	6144:ULixO3ott7g08Q1GD4p3DesKOLnieivd1dXETsA6UpK1VX5Xv:KGvJUD8zesKQTSAhp+1v
Size	336317 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dldr.Ponmocup.A.57 Avast = Win32:Trojan-gen Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Suspicious file nProtect = Gen:Variant.Riern.1 K7AntiVirus = Trojan VBA32 = SScope.Trojan.Pirminay.chc TrendMicro-HouseCall = TROJ_GEN.R3EC2BP Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Pirminay.dhi McAfee-GW-Edition = Downloader-CEW.ag TrendMicro = TROJ_GEN.R3EC2BP Kaspersky = Trojan.Win32.Pirminay.dhi Microsoft = TrojanDownloader:Win32/Renos.KC Fortinet = W32/CEW.AG!tr.dldr PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.akm McAfee = Downloader-CEW.ag F-Secure = Gen:Variant.Riern.1 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Trojan-gen AVG = Generic23.BILK Norman = W32/Suspicious_Gen2.JCUIN Sophos = Mal/Ponmocup-A Symantec = Trojan.Gen GData = Gen:Variant.Riern.1 TheHacker = Trojan/Pirminay.dhi BitDefender = Gen:Variant.Riern.1 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:08:08 02:54:19-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 20480 Initialized Data Size : 610304 Uninitialized Data Size : 0 Entry Point : 0x54e8 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7000.0 Product Version Number : 6.1.7000.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : 802.3 Netsh Helper File Version : 6.1.7000.0 (winmain_win7beta.081212-1400) Internal Name : dot3cfg.dll Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : dot3cfg.dll Product Name : Microsoft® Windows® Operating System Product Version : 6.1.7000.0
VirusTotal Report submitted 2011-07-20 21:46:22
VirusShare info last updated 2012-07-26 11:44:07

	MD5	9e0b779baa0b9d5495101f6323741ba5
	SHA1	bd9b8b29187079a65b308bae64ddc75be5b208a3
	SHA256	870318e19a745d38f2ed566033347ed082e6030eef5ec6e7ac6c1722cc964172
SSDeep	768:H/x4augYS1M1fCTZ7acPbj5jHF6i50owVwXjQ7KKMd/TLaoONIJ6Krb8iCnJg:f6ff0/JlF32wsl0vaoOCJ6+b8iCnS
Size	56320 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay Panda = Suspicious file Rising = Trojan.Win32.Generic.127C0E7B nProtect = Trojan/W32.Agent.56320.OQ K7AntiVirus = Riskware VBA32 = Trojan.Menti.ccy TrendMicro-HouseCall = TROJ_GEN.R08C2AR Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Vundo!gy DrWeb = Trojan.Siggen2.47075 TrendMicro = TROJ_GEN.R08C2AR Kaspersky = Trojan.Win32.Menti.ccy Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Menti.sy McAfee = Vundo!gy F-Secure = Trojan.Generic.5409774 VIPRE = Trojan.Win32.Vundo F-Prot = W32/Virtumonde.CI.gen!Eldorado AVG = Cryptic.BTF Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Trojan.Generic.5409774 Symantec = Trojan.Gen.2 Commtouch = W32/Virtumonde.CI.gen!Eldorado TheHacker = Trojan/Kryptik.jhe BitDefender = Trojan.Generic.5409774 NOD32 = a variant of Win32/Kryptik.JHE
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2004:08:02 02:33:39-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 13824 Initialized Data Size : 79872 Uninitialized Data Size : 0 Entry Point : 0x4214 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.5512 Product Version Number : 5.1.2600.5512 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 2 Language Code : Neutral Character Set : Unicode Company Name : Microsoft Corporation File Description : Maltese 47-key Keyboard Layout File Version : 5.1.2600.5512 (xpsp.080413-2105) Internal Name : kbdmlt47 (3.12) Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : kbdmlt47.dll Product Name : Microsoft® Windows® Operating System Product Version : 5.1.2600.5512
VirusTotal Report submitted 2012-05-24 05:27:46
VirusShare info last updated 2012-07-26 11:44:54

	MD5	cb9e4717fff7608a0361c846b47fbc0e
	SHA1	a11a49c7a5c848630c53e947ebdd05e0a3e8dd40
	SHA256	87563f648318afd3509ecfd926a1c588dd5d83395c9bb0f03931f9a8dd0cb61d
SSDeep	3072:mQIp4RlaN5bdWWR8HMlMgQ9UiCFjhlJMqqDLy/lWRhJbfktonBfM:ETcBHMHOsFjOqqDLuMRhJIuJM
Size	176640 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-HF [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.HDC Panda = Suspicious file nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!s721XZkqVuo TrendMicro-HouseCall = TROJ_GEN.R4FCCLO Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.MulDrop2.36782 TrendMicro = TROJ_GEN.R4FCCLO Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.4 F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.ASYP Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LLT
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2007:02:02 13:54:26-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 106496 Initialized Data Size : 118784 Uninitialized Data Size : 0 Entry Point : 0x164e6 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.2600.0 Product Version Number : 6.0.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Qabkxfsvb Corporation File Description : Internet Connection Wizard Trial Reminder Helper File Version : 6.00.2600.0000 (xpclient.010817-1148) Internal Name : trialoc Legal Copyright : © Zxedhcopf Yfdtwhhdcmm. All rights reserved. Original Filename : trialoc.dll Product Name : Apxohncqw® Henxmvj® Vfqdxyado Moeqgu Product Version : 6.00.2600.0000 Ole Self Register :
VirusTotal Report submitted 2011-12-30 14:49:04
VirusShare info last updated 2012-07-26 11:45:01

	MD5	77068ba695f5c3db1ccae1273f99ba91
	SHA1	d92a0b8f1aad212f8b402897d9408106653222b3
	SHA256	87b034703b194a5fdd9501f175403a9f2cd63f6065a4bbd6a8dec8995a48dd0e
SSDeep	1536:zdXPNHPVB7JJOZ3JFd26+svKOyP/EOA4O/OzZ4p7CHRogZTAQj0BUm6:zdXh0Zm6+1OyPC1/aAo10BT6
Size	110080 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:MalOb-EI Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Genome Panda = Suspicious file K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!dnwQ+pSMJnM TrendMicro-HouseCall = TROJ_GEN.R72C2LF Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Vundo McAfee-GW-Edition = Vundo!gu TrendMicro = TROJ_GEN.R72C2LF Kaspersky = Trojan.Win32.Genome.npho Microsoft = Trojan:Win32/Vundo PCTools = Trojan.Gen McAfee = Vundo!gu F-Secure = Gen:Variant.Vundo.5 VIPRE = Trojan.Win32.Vundo Prevx = Medium Risk Malware Avast5 = Win32:MalOb-EI eSafe = Win32.TRATRAPS F-Prot = W32/MalwareF.RXOD AVG = Generic20.ALIN Norman = W32/Suspicious_Gen2.GAHLQ Sophos = Mal/Generic-L Symantec = Trojan.Gen GData = Gen:Variant.Vundo.5 Commtouch = W32/MalwareF.RXOD TheHacker = Trojan/Kryptik.itt BitDefender = Gen:Variant.Vundo.5 NOD32 = a variant of Win32/Kryptik.JGY
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:21 03:03:20-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 97792 Initialized Data Size : 48640 Uninitialized Data Size : 0 Entry Point : 0x18d17 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.0.2180.1 Product Version Number : 5.0.2180.1 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 4 Language Code : Neutral Character Set : Unicode Company Name : Microsoft Corporation File Description : ModeX Display Driver File Version : 5.00.2180.1 Internal Name : modex.dll Legal Copyright : Copyright (C) Microsoft Corp. 1981-1999 Original Filename : modex.dll Product Name : Microsoft(R) Windows (R) 2000 Operating System Product Version : 5.00.2180.1
VirusTotal Report submitted 2011-05-02 06:20:47
VirusShare info last updated 2012-07-26 11:45:10

	MD5	42b25adc8275c43cae862f136ba8a943
	SHA1	6aae59e6ab9a5beb3060af4c137f8a01493253d4
	SHA256	889ba4d9dab601a4d9d18cea0160b08278f3e1c227a9d7ec39f60bda4789d3a7
SSDeep	1536:zfaHAqHXaGJq4tS9KX+x5NKGeTdGh38aZl0nkKV:zfSAqH2uiKdTdZRnkK
Size	61440 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Menti Panda = Suspicious file Rising = Trojan.Win32.Generic.127038BF nProtect = Trojan/W32.Agent.61440.BYZ K7AntiVirus = Trojan VBA32 = AdWare.SuperJuan.heur eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_KRYPTK.SMUW Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Vundo McAfee-GW-Edition = Artemis!42B25ADC8275 DrWeb = Trojan.Siggen2.31637 TrendMicro = TROJ_KRYPTK.SMUW Kaspersky = Trojan.Win32.Menti.amu Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.ctws McAfee = Artemis!42B25ADC8275 F-Secure = Trojan.Generic.5316210 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Trojan4.UFR AVG = Cryptic.BTF Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Trojan.Generic.5316210 Symantec = Trojan.Gen.2 Commtouch = W32/Trojan4.UFR TheHacker = Trojan/Kryptik.jhe BitDefender = Trojan.Generic.5316210 NOD32 = a variant of Win32/Kryptik.JHE
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:03:24 08:50:40-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 18944 Initialized Data Size : 78336 Uninitialized Data Size : 0 Entry Point : 0x5784 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.1830 Product Version Number : 5.2.3790.1830 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 6 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : MS Remote Access and Routing ARP Driver File Version : 5.2.3790.1830 (srv03_sp1_rtm.050324-1447) Internal Name : WANARP.SYS Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : WANARP.SYS Product Name : Microsoft® Windows® Operating System Product Version : 5.2.3790.1830
VirusTotal Report submitted 2012-03-14 16:54:49
VirusShare info last updated 2012-07-26 11:45:32

	MD5	19df787422255ec6dd158e6148576016
	SHA1	88eb4a993a18ff8f74c888f2c2aa63dd6e2fb50a
	SHA256	4752b4784b5df9e88305933af4f8d55393caed59dcbd2bb522602aae013e9267
SSDeep	1536:JsU82uvtenY1hZEsqomsjt+cp1KokHLE0o7QANTFrJfXJuWK4jlGacP32farLGHq:49eaqomotj+hA/H1jka+ZrWd7B3o
Size	131072 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Gen Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.13 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!gpKq3QiO9QM TrendMicro-HouseCall = TROJ_GEN.R47C1H8 Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Generic.dx!bacz TrendMicro = TROJ_GEN.R47C1H8 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.irzd McAfee = Generic.dx!bacz F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.BRSJ Norman = W32/Suspicious_Gen2.NTGED Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.13 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.ndc BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.NDC
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:11:29 16:38:38-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 65536 Initialized Data Size : 98304 Uninitialized Data Size : 0 Entry Point : 0xd18e OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1997.5.27.0 Product Version Number : 1.0.0.0 File Flags Mask : 0x003f File Flags : Pre-release, Private build File OS : Windows 16-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Windows, Latin1 Company Name : Microsoft Rbfpawchmgf File Description : Jttykhvbd Character Encoder File Version : 97052700 Internal Name : msencode Legal Copyright : Copyright © 1996-97 Dnkusmnzp Zzlqxwcvnvu. Legal Trademarks : Vrzhtgfqz® is a registered trademark of Isjexllrq Aschermetql. Product Name : Vnaloeakt Character Encoder Product Version : 1.0 Comments :
VirusTotal Report submitted 2011-10-21 00:35:26
VirusShare info last updated 2012-07-26 11:45:39

	MD5	4de5d2870c6a32e3e5567aaa495782ce
	SHA1	93ccf28f6208a5c8b9b4e0074308ee120dd0f469
	SHA256	890f45d946bb6e401d537ddc42e98917d80cf32cf5dc46e0bd3849bb6973d94f
SSDeep	3072:kR+Je3vDivv1hneGmCRaTBG60kBohMqqDLy/A1oiAL/heKfDR:kkJivqrneGmCsTXqqDLuAT+/gK7R
Size	233472 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.233472 Avast = Win32:Trojan-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Fakeav.233472.BW Panda = Generic Trojan nProtect = Gen:Variant.Vundo.13 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!qJhTNFLDHFo eTrust-Vet = Win32/Vundo.HRX TrendMicro-HouseCall = TROJ_GEN.R47C2G4 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Vundo!kj DrWeb = Trojan.Smardec.75 TrendMicro = TROJ_GEN.R47C2G4 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Monder.BMF!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.gicd McAfee = Vundo!kj F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:Trojan-gen F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.JDC GData = Gen:Variant.Vundo.13 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.npr BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.NPR
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2007:03:30 12:45:09-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 155648 Initialized Data Size : 118784 Uninitialized Data Size : 0 Entry Point : 0x22bc2 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7000.0 Product Version Number : 6.1.7000.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Jlvijhced Rzpfwelvimd File Description : Myslwzm OCR Engine - Reverse Video Detection for Asian OCR File Version : 6.1.7000.0 (winmain_win7beta.081212-1400) Internal Name : reverse Legal Copyright : © Jtfeaoojh Ksnvaabflio. All rights reserved. Original Filename : reverse.dll Product Name : Pdxakpbrk® Voxzkpw® Lztauuaav Cttnfv Product Version : 6.1.7000.0
VirusTotal Report submitted 2011-08-26 12:21:30
VirusShare info last updated 2012-07-26 11:45:43

	MD5	5d2dfaf0bcf7a4d3699058a839fce0ce
	SHA1	450ef91fa4e7df1e9659c26ab9593d67142f8d03
	SHA256	895cefe344cacd8de0f080cad7d8751ef23d5fcf16b2cb121e2a24c99cb3967c
SSDeep	1536:h3fUyAsIUgNXq4APTPgf9aL9qOzfiwCOtWX438Rr3Hth:hvUFsIFXq42gY0OzqzOtWX43y3Hz
Size	74240 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.4 Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Genome Panda = Suspicious file Rising = Trojan.Win32.Generic.1252BB11 nProtect = Trojan/W32.Vundo.74240.C K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!Sr5kLQOzhqc VBA32 = AdWare.SuperJuan.xcw TrendMicro-HouseCall = TROJ_GEN.R47C2LK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Vundo McAfee-GW-Edition = Vundo!gz DrWeb = Trojan.Click1.35194 TrendMicro = TROJ_GEN.R47C2LK Kaspersky = Trojan.Win32.Genome.rneg Microsoft = Trojan:Win32/Vundo Fortinet = W32/Vundo.GZ!tr PCTools = Trojan.Gen Jiangmin = Trojan/Genome.ilf McAfee = Vundo!gz F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Vundo Avast5 = Win32:Malware-gen F-Prot = W32/Virtumonde.BZ.gen!Eldorado AVG = Generic19.BOFZ Norman = W32/Suspicious_Gen2.FOWFR Sophos = Mal/Generic-L Symantec = Trojan.Gen GData = Gen:Variant.Vundo.4 Commtouch = W32/Virtumonde.BZ.gen!Eldorado BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.HZV
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:06:24 00:33:54-04:00 PE Type : PE32 Linker Version : 5.12 Code Size : 23040 Initialized Data Size : 88064 Uninitialized Data Size : 0 Entry Point : 0x6931 OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.2180 Product Version Number : 5.1.2600.2180 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Processor Device Driver File Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Internal Name : amdk7.sys Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : amdk7.sys Product Name : Microsoft® Windows® Operating System Product Version : 5.1.2600.2180
VirusTotal Report submitted 2011-05-27 14:33:57
VirusShare info last updated 2012-07-26 11:45:52

	MD5	0441fb1c2e1f3a1f4a9fff270c2e39c7
	SHA1	eb225e191e96c8749e497679209d338996159a5c
	SHA256	89d2b739e64dfe86ff1e2fe224123b59c04cf4920a8b0e29bd275e2026ebd1b1
SSDeep	3072:sBIlhbS+hkC0qjzNlbdnCZLzFjrnps2EFdxmUpklOuj0Pwo3LvMpR2caST40wz0Z:skWE0ONlbdnadWF3pTuj0Io3jAzTa0BT
Size	222293 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:Malware-gen Ikarus = Trojan-Downloader.Win32.Ponmocup AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/CI.A nProtect = Gen:Variant.Graftor.1232 K7AntiVirus = Riskware VBA32 = TrojanDownloader.Agent.pxo TrendMicro-HouseCall = TROJ_GEN.R47C2HS Emsisoft = Trojan-Downloader.Win32.Ponmocup!IK Comodo = TrojWare.Win32.Trojan.Agent.Gen McAfee-GW-Edition = Generic Downloader.x!gas ByteHero = Trojan.Win32.Heur.Gen TrendMicro = TROJ_GEN.R47C2HS Kaspersky = Trojan.Win32.Jorik.Pirminay.zw Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Downloader_x.GAS!tr Jiangmin = Trojan/Generic.kfzm McAfee = Generic Downloader.x!gas F-Secure = Trojan.Generic.6468032 VIPRE = Trojan.Win32.Generic!BT AVG = Dropper.Generic4.AGTV Norman = W32/Obfuscated.L Sophos = Mal/Generic-L GData = Trojan.Generic.6468032 TheHacker = Trojan/Downloader.Agent.pxo BitDefender = Trojan.Generic.6468032 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 16384 Initialized Data Size : 208896 Uninitialized Data Size : 0 Entry Point : 0x12b2 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.0.0.3422 Product Version Number : 2.0.0.3422 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : Arabic Character Set : Unicode Comments : Company Name : Wjkmhcrli Smzkytjdmob File Description : Rlalnaciy Agent International Dll File Version : 2.00.0.3422 Internal Name : agt0401 Legal Copyright : Copyright (C) Microsoft Corp. 1998 Legal Trademarks : Original Filename : agt0401.dll Private Build : Product Name : Ugwfssxnv Agent International Dll Product Version : 2.00.0.3422 Special Build :
VirusTotal Report submitted 2011-10-15 00:23:34
VirusShare info last updated 2012-07-26 11:46:04

	MD5	aebbb8289e318109bf0574ed6010a3a1
	SHA1	9573055b1dd8f4bcf6a496c5c832529f0c19505f
	SHA256	89fecfb2c61efbd0cd5d2aaa107362894ca0d165f4f49157c8b8a260cb3aa92d
SSDeep	3072:sPmKNvwUN6bGelPhps/4wucbw4MqqDLy/n:8WRGEhpshucbwzqqDLu
Size	110592 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Ikarus = Trojan.Win32.Pirminay Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware eTrust-Vet = Win32/Monder.A!generic TrendMicro-HouseCall = TROJ_GEN.R4FC2IG Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] TrendMicro = TROJ_GEN.R4FC2IG Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.iwvk McAfee = Artemis!AEBBB8289E31 F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.AABJ Norman = W32/Kryptik.AIF Sophos = Mal/Generic-L GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.PLF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:11:17 02:15:29-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 40960 Initialized Data Size : 110592 Uninitialized Data Size : 0 Entry Point : 0x6502 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6001.18000 Product Version Number : 6.0.6001.18000 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Wnkilzlbf Ldsnmnlqxra File Description : Microsoft Neutral Natural Language Server Data and Code File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840) Internal Name : NlsData004b Legal Copyright : © Kselyxawq Ihtlsngasio. All rights reserved. Original Filename : NlsData004b.dll Product Name : Uhgvucile® Iaqztki® Lagotyqut System Product Version : 6.0.6001.18000
VirusTotal Report submitted 2011-10-14 13:28:18
VirusShare info last updated 2012-07-26 11:46:09

	MD5	0791211b00d24cc1590f59353ec72a37
	SHA1	c750af65c2614fb1e9a3952cafe2fb636a0ad2a9
	SHA256	8a5c2cce4b9d18f67c12b5cdba19d4d597865ccbc8d7c0e16f2451f4287b5d31
SSDeep	24576:UzQmpKjKcuO8lIJsrpKS24uyi5TM0dGE5a8p:UzQmkG2VJSpKTDyy4015a8p
Size	846336 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:Kelihos-D [Trj] AhnLab-V3 = Win-Trojan/Fakeav.846336.AS Panda = Suspicious file nProtect = Gen:Variant.Kazy.34199 CAT-QuickHeal = (Suspicious) - DNAScan ByteHero = Trojan.Win32.Heur.098 Microsoft = Backdoor:Win32/Kelihos.B Fortinet = W32/Pirminay.BMF!tr PCTools = HeurEngine.Mystic F-Secure = Gen:Variant.Kazy.34199 VIPRE = Trojan.Win32.Generic.pak!cobra Avast5 = Win32:Kelihos-D [Trj] Norman = W32/Kryptik.AFR Sophos = Mal/ZbotPk-AE GData = Gen:Variant.Kazy.34199 Symantec = Packed.Mystic!gen9 BitDefender = Gen:Variant.Kazy.34199 NOD32 = a variant of Win32/Kryptik.RVW
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:04:25 09:58:21-04:00 PE Type : PE32 Linker Version : 6.0 Code Size : 93184 Initialized Data Size : 752128 Uninitialized Data Size : 0 Entry Point : 0x1705a OS Version : 5.0 Image Version : 0.0 Subsystem Version : 5.0 Subsystem : Windows GUI File Version Number : 1280.0.1118.9834 Product Version Number : 1280.0.1118.9834 File Flags Mask : 0x0000 File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Ritlabs S.R.L. File Description : rtSYQO File Version : 8qf39OEwaqFn3z Internal Name : OaaRE5Fzzuhao Legal Copyright : XOZStg3ql Original Filename : Tkt2Uh3cj9duAg Product Name : 8zgyQKoQKMgxJj Product Version : V9SIGzzlp7zp6B Warning : Possibly corrupt Version resource
VirusTotal Report submitted 2011-09-12 04:05:29
VirusShare info last updated 2012-07-26 11:46:17

	MD5	70399d66c0559db8391e13e5855d42df
	SHA1	8e913c34bd3c1c47556b85733a36228ee204d807
	SHA256	8cb5919cae62e6398708f5c86251da1c60670fa17de6d10970be1fa668bfd033
SSDeep	6144:YVTNtq+0a7sv1LxPR0T4cw5u4KoeyZ1UCzp4G4VV9bQigE9bZatW42KVC4n:cq+nsv1Lr03AlebCELT4V
Size	422329 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.ZPACK.Gen2 Avast = Win32:Malware-gen Ikarus = Trojan.Pirminay AhnLab-V3 = Win-Trojan/Swisyn.422329 Panda = Suspicious file nProtect = Trojan.Generic.5493166 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!G/87nX3xaOk TrendMicro-HouseCall = TROJ_DLOADR.SMWQ Emsisoft = Trojan.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Downloader-CEW.ag TrendMicro = TROJ_DLOADR.SMWQ Kaspersky = Trojan.Win32.Pirminay.dqc ViRobot = Trojan.Win32.Generic.422376 Microsoft = TrojanDownloader:Win32/Renos.KC Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.mf McAfee = Downloader-CEW.ag F-Secure = Trojan.Generic.5493166 VIPRE = Trojan.Win32.Generic!BT F-Prot = W32/MalwareF.XZYN AVG = Generic21.PXU Norman = W32/Obfuscated.L Sophos = Mal/Ponmocup-A GData = Trojan.Generic.5493166 Symantec = Trojan.Gen Commtouch = W32/MalwareF.XZYN TheHacker = Trojan/Pirminay.dpp BitDefender = Trojan.Generic.5493166 NOD32 = a variant of Win32/Kryptik.JZC
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:14 07:51:56-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 36864 Initialized Data Size : 745472 Uninitialized Data Size : 0 Entry Point : 0x911c OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.0.0.74 Product Version Number : 5.0.0.74 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Created by VIONA Development Company Name : RAVISENT Technologies Inc. File Description : CineMaster C WDM DVD Minidriver File Version : 5.0.00.0074 Internal Name : VDMINDVD.SYS Legal Copyright : Copyright 1999 RAVISENT Technologies Inc. Original Filename : VDMINDVD.SYS Product Name : CineMaster C WDM Product Version : 5.0.00.0074
VirusTotal Report submitted 2012-05-27 07:15:04
VirusShare info last updated 2012-07-26 11:47:15

	MD5	a0780eeb134e8d8569886391241ecc27
	SHA1	8834a8d14a99f0f354ce01e3506ac3fffa45919a
	SHA256	8ce4db56747f29f7ba125c9ee26c51b787ddae51e684a30313c01942493e72df
SSDeep	1536:JLAG3N+HAtHNc4/TM4JHlCLYo0tl4NEzOFXYDOWie0XwQlqfLv7YlaMqqU+NV23V:Jv3N+HAti4o4JEGzFOz9RlaMqqDLy/x
Size	106496 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.HDC Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.13 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!fuh1WEq+pVc eTrust-Vet = Win32/Monder.A!generic TrendMicro-HouseCall = TROJ_GEN.R4FC2IG Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Vundo!md TrendMicro = TROJ_GEN.R4FC2IG Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.imqp McAfee = Vundo!md F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:Malware-gen F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.BIGV Norman = W32/Suspicious_Gen2.QSYTV Sophos = Mal/Generic-L GData = Gen:Variant.Vundo.13 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.qgj BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.QGJ
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2007:02:27 09:16:06-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 69632 Initialized Data Size : 77824 Uninitialized Data Size : 0 Entry Point : 0xd122 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6001.18000 Product Version Number : 6.0.6001.18000 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Akpnpwrcr Pexeeulhuca File Description : LSM interfaces proxy Dll File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840) Internal Name : lsmproxy Legal Copyright : © Tastipylf Ipxebkcrbut. All rights reserved. Original Filename : lsmproxy.dll Product Name : Rrgtnesae® Tymuurc® Qmgdoyonk Qtzlas Product Version : 6.0.6001.18000
VirusTotal Report submitted 2011-09-27 23:24:04
VirusShare info last updated 2012-07-26 11:47:22

	MD5	7236ea4809dcb6890f3861669200496f
	SHA1	459a52eb275d2c5563d440cf28b405eaca3318d1
	SHA256	8d1ba9def5e9dac8750cc836137fcc617962ef87e7bf8b388a4a88affa0e4669
SSDeep	3072:irumeo6U8b8zM97tu1G31fyuWo0MqqDLy/v4SV8:2ume8zqha8xqqDLuBV8
Size	118784 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-HH [Cryp] Ikarus = Trojan.Win32.Pirminay Panda = Trj/Genetic.gen Rising = Trojan.Win32.Generic.129A2D2A K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!EiXaDBgdMVo eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R4FC2IH Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Vundo.av SUPERAntiSpyware = Trojan.Agent/Gen-Kundo McAfee-GW-Edition = Vundo!ly DrWeb = Trojan.Click1.63787 TrendMicro = TROJ_GEN.R4FC2IH Kaspersky = Trojan.Win32.Genome.vvxz Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.aaznh McAfee = Vundo!ly F-Secure = Gen:Variant.Vundo.16 VIPRE = Virtumonde eSafe = Win32.TRVundo F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.AGKM Norman = W32/Suspicious_Gen2.QTXNW Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.16 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Genome.srdh BitDefender = Gen:Variant.Vundo.16 NOD32 = probably a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:16 03:31:27-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 40960 Initialized Data Size : 118784 Uninitialized Data Size : 0 Entry Point : 0x6ec2 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1998.11.13.0 Product Version Number : 7.0.6.23 File Flags Mask : 0x003f File Flags : (none) File OS : Win16 Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Windows, Latin1 Platform : Windows Company Name : Microsoft Corporation File Description : SQL Client Configuration Utility. File Version : 1998.11.13 Internal Name : CLICONFG. Legal Copyright : Copyright © Microsoft Corp. 1988-1998 Legal Trademarks : Microsoft® is a registered trademark of Microsoft Corporation. Windows(TM) is a trademark of Microsoft Corporation Original Filename : CLICONFG.EXE. Product Name : Microsoft SQL Server Product Version : 7.00.623 Comments : Windows
VirusTotal Report submitted 2012-04-18 17:22:36
VirusShare info last updated 2012-07-26 11:47:27

	MD5	a3db74577b26696f1b91753991636794
	SHA1	d4f4fd850f4313bbbc2270501c7177a5bd80dd97
	SHA256	8d33cec1d8f2ac031b254d375004e10ef10d4032b8ef4480893f2116d77fa9d8
SSDeep	1536:fCbUbS53mgCUSucCK5FWnew1DxCOrw7xi8/nP4Pa8jXLmoc:vW59CRuyQeQtFrCxVQC8jbnc
Size	64000 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Suspicious file Rising = Trojan.Win32.Generic.128EE908 nProtect = Trojan/W32.Pirminay.64000 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!ylcDQ3Vqotc VBA32 = Trojan.Monder.mszd TrendMicro-HouseCall = TROJ_GEN.R21C7IU Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Monder.mszd DrWeb = Trojan.Hosts.5119 TrendMicro = TROJ_GEN.R21C7IU Kaspersky = Trojan.Win32.Monder.mszd Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Pirminay.gd F-Secure = Gen:Variant.Vundo.5 VIPRE = Trojan.Win32.Kryptik.laq (v) eSafe = Win32.TRVundo F-Prot = W32/Virtumonde.BZ.gen!Eldorado AVG = Generic25.TRB Norman = W32/Kryptik.AIF GData = Gen:Variant.Vundo.5 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.BZ.gen!Eldorado TheHacker = Trojan/Kryptik.jhj BitDefender = Gen:Variant.Vundo.5 NOD32 = a variant of Win32/Kryptik.JHJ
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:04:28 23:26:36-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 23552 Initialized Data Size : 76288 Uninitialized Data Size : 0 Entry Point : 0x69bd OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.2600.0 Product Version Number : 6.0.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : ActiveX Interface Marshaling Library File Version : 6.00.2600.0000 (XPClient.010817-1148) Internal Name : ActXPrxy.dll Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : ActXPrxy.dll Product Name : Microsoft® Windows® Operating System Product Version : 6.00.2600.0000 Ole Self Register :
VirusTotal Report submitted 2012-05-21 14:21:46
VirusShare info last updated 2012-07-26 11:47:29

	MD5	07844888a3e7b9358f488dfd8f7d8e8b
	SHA1	85f3a49ad8142a0f1622c567501dc927b2ce0786
	SHA256	8de128dbd8c83b21cba5a64f1f98719e26ace680306fba42d0c81081d79a0509
SSDeep	3072:3kJreYiZ0R702SnZdfbutN1qKeZeDJ5r981SBrH3/tCslnSdW28bMUfy6d9p0o:3UaZ0RA2kdfbupqm9MajvY+n5VfVd9
Size	237509 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:Pirminay-CU [Trj] Antiy-AVL = Trojan/Win32.Jorik Ikarus = Trojan.Win32.Jorik AhnLab-V3 = Trojan/Win32.Jorik Panda = Trj/Hosts.BY nProtect = Gen:Variant.Downloader.10 K7AntiVirus = Trojan VirusBuster = Trojan.Injector!P628HudggLI VBA32 = TrojanDownloader.Qhost.jw TrendMicro-HouseCall = TROJ_GEN.R28C2I9 Emsisoft = Trojan.Win32.Jorik!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Generic Downloader.x!gby ByteHero = Trojan.Win32.Heur.Gen TrendMicro = TROJ_GEN.R28C2I9 Kaspersky = Trojan.Win32.Jorik.Pirminay.afm Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Jorik.K!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.hxys McAfee = Generic Downloader.x!gby F-Secure = Trojan.Generic.6401624 VIPRE = Trojan.Win32.Generic!BT AVG = Dropper.Generic4.RSM Norman = W32/Suspicious_Gen2.RFDDQ Sophos = Mal/Generic-L GData = Trojan.Generic.6401624 Symantec = Trojan.Gen TheHacker = Trojan/Jorik.Pirminay.fo BitDefender = Trojan.Generic.6401624 NOD32 = a variant of Win32/Injector.HZU
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 225280 Initialized Data Size : 16384 Uninitialized Data Size : 45056 Entry Point : 0x41f10 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 8.1.2327.0 Product Version Number : 8.1.2327.0 File Flags Mask : 0x003f File Flags : Pre-release, Private build File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : Neutral Character Set : Unicode Company Name : Pjxdvuviy Orlrbwtlnlr File Description : Xbhmasnkw IME 2002 File Version : 8.1.2327.0 Internal Name : IMESKDIC Legal Copyright : Copyright (C) 1995-2000 Tzwduwvbx Funekxjkvef. All rights reserved. Legal Trademarks : CejkvztjmQ is a registered trademark of Wmhwyymnf Mzrcpotropv. Cwuxmwn(TM) is a trademark of Dptzwbgex Isqjyjgagbx Original Filename : IMESKDIC.DLL Product Name : Qijapgdmv IME 2002 Product Version : 8.1.2327.0
VirusTotal Report submitted 2011-10-08 08:01:22
VirusShare info last updated 2012-07-26 11:47:45

	MD5	28ceb84cdb162673b8f281a88fb88b18
	SHA1	fa9b01f24e475a67da5036c4d32d64e1f4c9fe97
	SHA256	8f06154532b0c9cc4abf11e426bf31fd90680dec7610b1cc8dae427d067a30a6
SSDeep	6144:SMbzyMhxCZICLyQCxGt1Hg15bSjnJ8tD963yUXpasOMYDEtW+a5f9:SMbmMWOAtCHSjnJ8tDoFaxZAtC1
Size	346574 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dldr.Ponmocup.A.159 Panda = Suspicious file nProtect = Trojan.Generic.KDV.80140 TrendMicro-HouseCall = TROJ_GEN.R3EC2L3 CAT-QuickHeal = TrojanDownloader.Ponmocup.a DrWeb = Trojan.Hosts.2306 TrendMicro = TROJ_GEN.R3EC2L3 Kaspersky = Trojan.Win32.Pirminay.bkm Microsoft = TrojanDownloader:Win32/Ponmocup.A PCTools = Trojan.ADH F-Secure = Trojan.Generic.KDV.80140 VIPRE = Trojan.Win32.Generic!BT Norman = W32/Obfuscated.L Symantec = Trojan.ADH GData = Trojan.Generic.KDV.80140 BitDefender = Trojan.Generic.KDV.80140
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:08:19 12:05:22-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 339968 Initialized Data Size : 332800 Uninitialized Data Size : 0 Entry Point : 0x53cc6 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Microsoft ODBC Desktop Driver Pack 3.5 File Version : 6.0.6000.16386 (vista_rtm.061101-2205) Internal Name : odbcji32.dll Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : odbcji32.dll Product Name : Microsoft® Windows® Operating System Product Version : 6.0.6000.16386
VirusTotal Report submitted 2011-01-01 04:21:54
VirusShare info last updated 2012-07-26 11:48:14

	MD5	16dd5d58cc9ba698812d544dd39777ba
	SHA1	a86bbc1040ff2ef93ff8edb63f9385026f9d5da3
	SHA256	8f548f1034cd47c60c2255dbbda9d37c2872afbec76e71c574b1dca490d8879f
SSDeep	6144:uSFn7F8T9RVd5VACJNRQD8yXJodHO1FkUMegQnh3fOem:puXYCJNO4bcAU/nhrm
Size	293828 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.XPACK.Gen3 Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay nProtect = Trojan.Generic.4778731 K7AntiVirus = Riskware VBA32 = Trojan.Pirminay.bvb TrendMicro-HouseCall = TROJ_GEN.R28CRII Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Generic Dropper!dic DrWeb = Trojan.DownLoader5.10372 TrendMicro = TROJ_RENOS.BMC Kaspersky = Trojan.Win32.Pirminay.cfv Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = PossibleThreat PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.aku McAfee = Generic Dropper!dic F-Secure = Trojan.Generic.4778731 VIPRE = Trojan.Win32.Generic!SB.0 eSafe = Win32.TRCrypt.XPACK F-Prot = W32/FakeAlert.LP.gen!Eldorado AVG = Generic22.BNSE Sophos = Mal/Generic-L GData = Trojan.Generic.4778731 Symantec = Trojan.Gen Commtouch = W32/FakeAlert.LP.gen!Eldorado TheHacker = Trojan/Pirminay.cvf BitDefender = Trojan.Generic.4778731 NOD32 = a variant of Win32/Kryptik.HAQ
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:01:14 04:01:26-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 23040 Initialized Data Size : 516608 Uninitialized Data Size : 0 Entry Point : 0x6822 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.5512 Product Version Number : 5.1.2600.5512 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : 802.3 Netsh Helper File Version : 5.1.2600.5512 (xpsp.080413-0852) Internal Name : dot3cfg.dll Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : dot3cfg.dll Product Name : Microsoft® Windows® Operating System Product Version : 5.1.2600.5512
VirusTotal Report submitted 2012-02-16 15:26:42
VirusShare info last updated 2012-07-26 11:48:20

	MD5	b705cbe38b2864f6b8003f585a9c16ec
	SHA1	8f5f9e9c00c6bd7972292f456c7cde8b1d23bb1e
	SHA256	6e453df1840378ddb433073cf1cab481493bee8435b76cbe79d21d5bb8a1050b
SSDeep	1536:qTYj4dtNJu3G8fNy6wamFILh01Y3hyNS5Y6Y9l/MqqU+NV23S22Mnew:qr81y6wSyy77Cl/MqqDLy/2Zw
Size	115712 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:Vundo-KF [Trj] Ikarus = Trojan.Win32.Pirminay Panda = Trj/Genetic.gen Rising = Trojan.Win32.Generic.129D56CC nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware VirusBuster = Adware.Virtumonde.Gen.2 eTrust-Vet = Win32/Monder.A!generic TrendMicro-HouseCall = TROJ_GEN.R4FC1IG Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Win32.Trojan.Monder.co.5 SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] TrendMicro = TROJ_GEN.R4FC1IG Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV PCTools = Trojan.Gen Fortinet = W32/Kryptik.QGJ!tr Jiangmin = Trojan/Generic.ijpf F-Secure = Gen:Variant.Vundo.4 VIPRE = Virtumonde eSafe = Win32.TRVundo F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.BHWY Sophos = Troj/Virtum-Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.qgj BitDefender = Gen:Variant.Vundo.4
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:07:28 14:37:02-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 73728 Initialized Data Size : 90112 Uninitialized Data Size : 0 Entry Point : 0xe9c6 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.0.5.53 Product Version Number : 2.0.5.53 File Flags Mask : 0x30003f File Flags : Pre-release, Private build File OS : Windows 16-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Windows, Latin1 Active Movie : Filter dll OLE Self Register : AM20 Company Name : Intel Ereuuuegcnp File Description : Indeo® audio software File Version : 2.05.53 Internal Name : iac25_32.ax Legal Copyright : Copyright © Intel Corp. 1997 Original Filename : iac25_32.ax Product Name : Indeo® audio software Product Version : 2.05.53
VirusTotal Report submitted 2011-10-26 16:58:48
VirusShare info last updated 2012-07-26 11:48:22

	MD5	712e46f2b2cb40b9013292147b14bf18
	SHA1	02074c95e953c38320686e644a24b32e2cac1e07
	SHA256	900f2ee7a04560da2f4773f5762e7bf9ce28eca928fed2ed59f38dc15d89adf8
SSDeep	1536:t7nOk9FRfgxtmG+8nsfVk4JxsKuTCrpypTLhje/09HQE:VOuDgxtz4kctpUh6M9wE
Size	70144 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Gen Panda = Trj/CI.A nProtect = Trojan/W32.Agent.70144.KJ VBA32 = AdWare.SuperJuan.heur eTrust-Vet = Win32/Monder.A!generic TrendMicro-HouseCall = TROJ_GEN.R72C2IM Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Artemis!712E46F2B2CB DrWeb = Trojan.Siggen2.46156 TrendMicro = TROJ_GEN.R72C2IM Microsoft = Trojan:Win32/Vundo.gen!AV ViRobot = Trojan.Win32.Vundo.70144 Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Menti.y McAfee = Vundo!mc F-Secure = Gen:Variant.Vundo.6 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-EI [Cryp] AVG = Generic24.CPQS Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.6 Symantec = Trojan.Gen TheHacker = Trojan/Menti.gufq BitDefender = Gen:Variant.Vundo.6 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:12:13 23:23:45-05:00 PE Type : PE32 Linker Version : 5.12 Code Size : 24576 Initialized Data Size : 81920 Uninitialized Data Size : 0 Entry Point : 0x6674 OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.5479.0 Product Version Number : 6.0.5479.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 1 Language Code : English (U.S.) Character Set : Unicode Company Name : SEIKO EPSON CORPORATION File Description : EPSON Printer Driver File Version : 6.0.5479.0 (vbl_wcp_d2_drivers.060616-1619) Internal Name : ep0lvrae.dll Legal Copyright : Copyright (c) SEIKO EPSON CORPORATION 2003-2004. All rights reserved. Original Filename : ep0lvrae.dll Product Name : EPSON Printer Driver Product Version : 6.0.5479.0
VirusTotal Report submitted 2011-09-25 14:34:33
VirusShare info last updated 2012-07-26 11:48:39

	MD5	8e4a9202db74f35c37fe94bf9e78bb53
	SHA1	dced4df2059f696cb8b2bdee8278627b408cae02
	SHA256	90c4a250556c7cb6f61647e3ed7b7634a20a09f208e425f887d811023b1d8e7c
SSDeep	3072:zPHlfsBkMvW4+w0ox1ZwVfUkiEujfJSgdjtu/x3Ys6jkcwYbJACqZlDyln5I1LDX:jHlfaTh581B6jkcRVwq5IZcw
Size	188416 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-GD [Cryp] Antiy-AVL = Trojan/Win32.Monder.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Trj/CI.A nProtect = Trojan/W32.Agent.188416.VE K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!wx3efYrXEaQ eTrust-Vet = Win32/Monder.A!generic TrendMicro-HouseCall = TROJ_GEN.R4FC2I9 Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Monder.mzud SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.Virtumod.10120 TrendMicro = TROJ_GEN.R4FC2I9 Kaspersky = Trojan.Win32.Monder.mzud Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Monder.abcg McAfee = Generic Malware.ms F-Secure = Gen:Trojan.Heur.RX.lu8@Xu0q6Ahi VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.ATVZ Norman = W32/Suspicious_Gen2.QORAQ Sophos = Troj/Virtum-Gen GData = Gen:Trojan.Heur.RX.lu8@Xu0q6Ahi Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.llt BitDefender = Gen:Trojan.Heur.RX.lu8@Xu0q6Ahi NOD32 = a variant of Win32/Kryptik.LLT
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:08:22 03:39:28-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 135168 Initialized Data Size : 86016 Uninitialized Data Size : 0 Entry Point : 0x1e4a1 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.2180 Product Version Number : 5.1.2600.2180 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Cfpjaphhb Eaisoumnwjs File Description : Run a DLL as an App File Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Internal Name : rundll Legal Copyright : © Ospkwlhiq Ubxjgcvkbzd. All rights reserved. Original Filename : RUNDLL.EXE Product Name : Ctqayyqjy® Ywsrrwm® Dmogcpvga Twmpeg Product Version : 5.1.2600.2180
VirusTotal Report submitted 2011-12-02 11:05:06
VirusShare info last updated 2012-07-26 11:48:53

	MD5	234a7971d142d900e23db85fc954e6d8
	SHA1	42691ee2b7a9773feffaf947ea667725e6363e01
	SHA256	92b8c7cb8da7d111992a99fe1ef9d756a952f763c7d0bc215be5ec880c9cb9da
SSDeep	3072:+2nw3C9d2HIUdWjdR75QKWUDO8st7pLpo2:pwy9w/dWjTlXjDHsW
Size	103424 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:Trojan-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Genome Panda = Suspicious file Rising = Trojan.Win32.Generic.12535B02 nProtect = Joke/W32.Renos.103424.C K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!5hPT22IK8MU TrendMicro-HouseCall = TROJ_GEN.R28C2K9 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Redirect McAfee-GW-Edition = Generic.dx!unp TrendMicro = TROJ_GEN.R28C2K9 Kaspersky = Trojan.Win32.Genome.nrlh Microsoft = Trojan:Win32/Vundo PCTools = RogueAntiSpyware.SpywareStrike!rem Jiangmin = Trojan/Genome.ihm McAfee = Generic.dx!unp F-Secure = Trojan.Renos.PJY VIPRE = Trojan.Win32.Vundo Prevx = Medium Risk Malware Avast5 = Win32:Trojan-gen F-Prot = W32/MalwareF.UHIT AVG = Crypt_c.CEV Norman = W32/Suspicious_Gen.NIWX Sophos = Mal/Agent-PG Symantec = SpywareStrike GData = Trojan.Renos.PJY Commtouch = W32/MalwareF.UHIT TheHacker = Trojan/Kryptik.hhf BitDefender = Trojan.Renos.PJY NOD32 = a variant of Win32/Kryptik.HHF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:17 15:51:36-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 92160 Initialized Data Size : 48640 Uninitialized Data Size : 0 Entry Point : 0x17649 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : Neutral Character Set : Unicode Company Name : Microsoft Corporation File Description : KO Hangeul Keyboard Layout for 101 (Type A) File Version : 6.0.6000.16386 (vista_rtm.061101-2205) Internal Name : kbd101a Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : kbd101a.dll Product Name : Microsoft® Windows® Operating System Product Version : 6.0.6000.16386
VirusTotal Report submitted 2011-03-04 01:25:23
VirusShare info last updated 2012-07-26 11:49:47

	MD5	42f5786561a101714617d6c2f5caec64
	SHA1	75bbb72298531ecec73ef933844ada783de3cd9a
	SHA256	952c01cbd40c9e776f9d3e42564c3788f7c6503c3fdcf297ec511e5b422d3311
SSDeep	3072:yAb8WyX8YOG3530XilzSjx/WaFtOodo6Akf:yu8WyX8YdG8zSjxvw6n
Size	104960 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.A.164 Avast = Win32:Trojan-gen Antiy-AVL = Trojan/Win32.Pirminay.gen Panda = Suspicious file Rising = Trojan.Win32.Generic.523AF565 Prevx = High Risk Cloaked Malware Avast5 = Win32:Trojan-gen GData = Win32:Trojan-gen
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:11:02 12:10:18-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 58368 Initialized Data Size : 82944 Uninitialized Data Size : 0 Entry Point : 0xf1cd OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7000.0 Product Version Number : 6.1.7000.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Virtual WiFi Bus Driver File Version : 6.1.7000.0 (winmain_win7beta.081212-1400) Internal Name : VWiFiBus.sys Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : VWiFiBus.sys Product Name : Microsoft® Windows® Operating System Product Version : 6.1.7000.0
VirusTotal Report submitted 2010-10-18 19:12:34
VirusShare info last updated 2012-07-26 11:51:23

	MD5	afca9924c39a7813ec321820544d424c
	SHA1	4de56911ea1f059a93d9013866fef36278af760a
	SHA256	952cddb2873b6060a82b61194a1d2be4b92bcd2c827bfa70ed3590e7d88a94d2
SSDeep	6144:SeQ6cgQCiX1TcKvYzpSiEDNevSXqNBcSP4ldTPUnBBkHL4/kZOW:SeQ6cglilAK+gJuSpSid4oHskZOW
Size	339367 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:Kryptik-BHS [Trj] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.HDC Panda = Trj/CI.A K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!rzI0bcQc20Y VBA32 = Trojan.Pirminay.ltl TrendMicro-HouseCall = TROJ_RENOS.BMC Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Pirminay.ltl McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.Hosts.4823 TrendMicro = TROJ_RENOS.BMC Kaspersky = Trojan.Win32.Pirminay.ltl Microsoft = TrojanDownloader:Win32/Ponmocup.A ViRobot = Trojan.Win32.A.Pirminay.339367 Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.rc McAfee = Generic Malware.ms F-Secure = Gen:Variant.Zbot.34 VIPRE = Trojan.Win32.Generic!BT eSafe = Win32.TRDropper AVG = Generic21.CKKK Norman = W32/Obfuscated.L Sophos = Troj/Virtum-Gen GData = Gen:Variant.Zbot.34 Symantec = Trojan.Gen TheHacker = Trojan/Pirminay.eun BitDefender = Gen:Variant.Zbot.34 NOD32 = probably a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:08:29 11:12:31-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 45056 Initialized Data Size : 581632 Uninitialized Data Size : 0 Entry Point : 0x7fbb OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Ylvvctpwd Hjjgrgxxjvq File Description : JP Japanese Keyboard Layout for (NEC PC-9800 Npryefh 95) File Version : 6.0.6000.16386 (chgxk_rtm.061101-2205) Internal Name : kbdnec95 Legal Copyright : © Zrgpyhkpw Zetormqzqxq. All rights reserved. Original Filename : kbdnec95.dll Product Name : Fhcydlmrl® Qijbsmw® Omksoilwh Wjprdv Product Version : 6.0.6000.16386
VirusTotal Report submitted 2012-06-06 01:59:46
VirusShare info last updated 2012-07-26 11:51:23

	MD5	6b8cc170c266088400fa23f9d78f9d8c
	SHA1	496509375a90bb5690d005f25e93a00fccf9c210
	SHA256	970fd9e08c6789f43d629973a58666defbba2d1765ff4c3155223dfbc893cccf
SSDeep	3072:+2nw3C9d2HIUdWjdR75QKWUDO8st7p7po2:pwy9w/dWjTlXjDHsm
Size	103424 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	Ikarus = Trojan.Win32.Pirminay Emsisoft = Trojan.Win32.Pirminay!IK AVG = Crypt_c.CEV NOD32 = a variant of Win32/Kryptik.HHF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:17 15:51:36-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 92160 Initialized Data Size : 48640 Uninitialized Data Size : 0 Entry Point : 0x17649 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : Neutral Character Set : Unicode Company Name : Microsoft Corporation File Description : KO Hangeul Keyboard Layout for 101 (Type A) File Version : 6.0.6000.16386 (vista_rtm.061101-2205) Internal Name : kbd101a Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : kbd101a.dll Product Name : Microsoft® Windows® Operating System Product Version : 6.0.6000.16386
VirusTotal Report submitted 2010-10-27 03:57:46
VirusShare info last updated 2012-07-26 11:53:20

	MD5	fe2d4968586b8b4e1a589268edd8edeb
	SHA1	f9ac437dd8b338c7d2862663ae0531f72f515c73
	SHA256	98611bf4942da8dfd384e155aa69b7e4a976180ed0c5a9cfcc635f92284e7969
SSDeep	6144:VYqoQCE9Yfk7fBCCRgzip0LTgRZxbS0Ql81Z8RArorhLasMG+1f:VYV1pAhWziS6T0e1uAs1VROf
Size	297326 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Ag.294254 Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Pirminay.297326 Panda = Trj/CI.A Rising = Trojan.Win32.Generic.52098949 nProtect = Trojan/W32.Agent.297326.B K7AntiVirus = Trojan VirusBuster = Trojan.DL.Agent.WTJY VBA32 = Trojan.Win32.Pirminay.ax TrendMicro-HouseCall = TROJ_GEN.R47E1HE Emsisoft = Trojan.Win32.Pirminay!IK Comodo = TrojWare.Win32.TrojanDropper.Agent.~EJL CAT-QuickHeal = Trojan.Pirminay.aw McAfee-GW-Edition = Generic Dropper!dev DrWeb = Trojan.Siggen1.52060 TrendMicro = TROJ_GEN.R47E1HE Kaspersky = Trojan.Win32.Pirminay.aw Microsoft = Trojan:Win32/Meredrop PCTools = Trojan.ADH Sunbelt = Trojan.Win32.Generic.pak!cobra Jiangmin = Trojan/Pirminay.c McAfee = Generic Dropper!dev F-Secure = Trojan-Dropper:W32/Meredrop.AL Avast5 = Win32:Malware-gen eSafe = Win32.Suspect.B AVG = SHeur3.AFOY Norman = W32/Obfuscated.L Sophos = Mal/Generic-L Symantec = Trojan.ADH GData = Trojan.Generic.4311505 TheHacker = Trojan/Dropper.gen BitDefender = Trojan.Generic.4311505 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:02 13:59:34-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 278528 Initialized Data Size : 20480 Uninitialized Data Size : 303104 Entry Point : 0x8e730 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2010-09-26 03:09:55
VirusShare info last updated 2012-07-26 11:54:36

	MD5	4b920565aa13ac8ff5333bbb5ec136a1
	SHA1	330bb6f7997b7e0556d6334e450f93dfa57d7aeb
	SHA256	98a5c1ed04eacee444a4c2e53a10fd1305bd45a2c4f03c55cd5061d7388b5043
SSDeep	1536:S+J7RfNFkzXA0F3mkrW3Rldf/BYCljxmGU1pFzXo6g679:bJZ2XHRByBHX/l9mxFzXoQ
Size	91648 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Crypt.BTF AhnLab-V3 = Trojan/Win32.Pirminay Panda = Suspicious file K7AntiVirus = Riskware VirusBuster = Trojan.Menti!C3pTXaAowXg VBA32 = AdWare.SuperJuan.heur eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_SPNR.15KL11 Emsisoft = Trojan.Crypt.BTF!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Vundo.av McAfee-GW-Edition = Vundo!mk DrWeb = Trojan.Siggen3.11248 TrendMicro = TROJ_SPNR.15KL11 Kaspersky = Trojan.Win32.Menti.ihfm Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen McAfee = Vundo!mk F-Secure = Gen:Variant.Vundo.6 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Cryptic.BTF Norman = W32/Suspicious_Gen2.RLAYM Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.6 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.jhe BitDefender = Gen:Variant.Vundo.6 NOD32 = a variant of Win32/Kryptik.JHE
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:01:20 04:55:08-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 45568 Initialized Data Size : 80896 Uninitialized Data Size : 0 Entry Point : 0xbfce OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.6914.0 Product Version Number : 6.1.6914.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 1 Language Code : English (U.S.) Character Set : Unicode Company Name : SEIKO EPSON CORPORATION File Description : EPSON Printer Driver File Version : 6.1.6914.0 (fbl_dox_dev_ihvs.081001-2123) Internal Name : ep0lvrac.dll Legal Copyright : Copyright (c) SEIKO EPSON CORPORATION 2003-2004. All rights reserved. Original Filename : ep0lvrac.dll Product Name : EPSON Printer Driver Product Version : 6.1.6914.0
VirusTotal Report submitted 2012-03-19 20:49:52
VirusShare info last updated 2012-07-26 11:54:51

	MD5	b276161602f65241829252fc27f1b8b2
	SHA1	451e7662bd6291c8fc07ca47ad3882493716b520
	SHA256	98b12adbf5fe215ca22aad1d22f910a35e476cb7d7be70305e8b82d1c3bf9c51
SSDeep	12288:IRHkLNkvwC6L3sQCjwemN2fmwJLd69TjZE:Juo8VPmNq9L8lK
Size	422392 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dldr.Ponmocup.A.194 Avast = Win32:Rootkit-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Swisyn.422392 Panda = Trj/CI.A nProtect = Gen:Variant.Zbot.34 K7AntiVirus = Riskware VirusBuster = Trojan.DL.Ponmocup!2ey+s21MM38 VBA32 = Trojan.Pirminay.enp TrendMicro-HouseCall = TROJ_GEN.R3EC2CU Comodo = TrojWare.Win32.Trojan.Agent.Gen CAT-QuickHeal = Trojan.Pirminay.enp SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[Cont] McAfee-GW-Edition = Artemis!B276161602F6 TrendMicro = TROJ_GEN.R3EC2CU Kaspersky = Trojan.Win32.Pirminay.enp Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = PossibleThreat Jiangmin = Trojan/Pirminay.qb McAfee = Artemis!B276161602F6 F-Secure = Gen:Variant.Zbot.34 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Rootkit-gen AVG = Generic21.BITY Norman = W32/Obfuscated.L Sophos = Mal/Generic-L Symantec = WS.Reputation.1 GData = Gen:Variant.Zbot.34 TheHacker = Trojan/Pirminay.eky BitDefender = Gen:Variant.Zbot.34 NOD32 = a variant of Win32/Kryptik.LLT
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2005:03:18 07:43:45-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 401408 Initialized Data Size : 327680 Uninitialized Data Size : 0 Entry Point : 0x5f6ab OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Czljntpuy Iuemakitdex File Description : Network Diagnostic Engine Proxy/Stub File Version : 6.0.6000.16386 (swgdv_rtm.061101-2205) Internal Name : ndproxystub.dll Legal Copyright : © Uqlaxuhip Huvfvrnuapp. All rights reserved. Original Filename : ndproxystub.dll Product Name : Idppiqnde® Jbmefbd® Operating Dysnkt Product Version : 6.0.6000.16386
VirusTotal Report submitted 2011-06-21 08:57:43
VirusShare info last updated 2012-07-26 11:54:52

	MD5	e4332587034f11a5dd308ab6dc58c03d
	SHA1	36288a5ff705ab110c0b48129fdf30802f5ab750
	SHA256	98fa7b96427728d1458e4063363266cae4cd4cf6b96b932b2c5cf94435f8ddb0
SSDeep	6144:hTmPgHnNCuH41onTWPCXdRPFGC+/iqaCc4PxMPLMb+jDvJLrhkR/i2C:PW6zbqaUqlbdhkR/i2C
Size	337472 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Pirminay.bub Ikarus = Trojan.Win32.Pirminay Panda = Trj/CI.A Comodo = TrojWare.Win32.Pirminay.bub CAT-QuickHeal = Trojan.Pirminay.bub McAfee-GW-Edition = Artemis!E4332587034F Kaspersky = Trojan.Win32.Pirminay.bub McAfee = Artemis!E4332587034F VIPRE = Packed.Win32.Pirminay.a (v) Norman = W32/Obfuscated.L Sophos = Mal/Generic-L
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:06:20 10:41:08-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 332288 Initialized Data Size : 322048 Uninitialized Data Size : 0 Entry Point : 0x5206e OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1.1.0.0 Product Version Number : 1.1.0.0 File Flags Mask : 0x003f File Flags : Private build, Special build File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : NikeDrv.sys Company Name : S3/Diamond Multimedia Systems File Description : NikeDrv Usb Driver File Version : 1.00.0000.0 Internal Name : NikeDrv.sys Legal Copyright : Coyright (C) S3/Diamond Multimedia Systems 2000 Legal Trademarks : S3/Diamond Multimsdia Systems Original Filename : NikeDrv.sys Private Build : 0 Product Name : NikeDrv Product Version : 1.00.0000.0 Special Build : 0
VirusTotal Report submitted 2011-06-09 22:13:41
VirusShare info last updated 2012-07-26 11:55:07

	MD5	5c5d01b167b5850c1dc3c12c24c4a152
	SHA1	af9e3c8960a8972ba0fa63c23c341bee03d68d71
	SHA256	99f82f0c92ec7fa74da09857228ee98657e20d3027214ff19802e3eb6612f0a9
SSDeep	6144:KWwLXZK77q9hgrm4EFGvx7jcCNKqs4OILdgcd/moqXW9rO3zhshDGQ:atKzrm4MIPNM4Hrm1AS3ziQQ
Size	387479 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.XPACK.Gen2 Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Downloader.387479 Panda = Suspicious file nProtect = Trojan/W32.Agent.387479 K7AntiVirus = Trojan VirusBuster = Trojan.Agent!/xErdl4l79E VBA32 = Trojan.Pirminay.nud TrendMicro-HouseCall = TROJ_GEN.R47C2GB Emsisoft = Trojan.Win32.Pirminay!IK Comodo = TrojWare.Win32.Trojan.Agent.Gen SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[Cont] McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.DownLoader4.567 TrendMicro = TROJ_GEN.R47C2GB Kaspersky = Trojan.Win32.Pirminay.jtg Microsoft = TrojanDownloader:Win32/Ponmocup.A ViRobot = Trojan.Win32.FakeAV.387479 Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.herr McAfee = Generic Malware.ms F-Secure = Trojan.Generic.6212402 VIPRE = Trojan.Win32.Generic!SB.0 AVG = Generic23.AMZG Norman = W32/Obfuscated.L Sophos = Troj/Virtum-Gen GData = Trojan.Generic.6212402 Symantec = Trojan.Gen TheHacker = Trojan/Pirminay.jtg BitDefender = Trojan.Generic.6212402 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:04:09 10:17:46-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 385024 Initialized Data Size : 4096 Uninitialized Data Size : 471040 Entry Point : 0xd1bd0 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.0 Product Version Number : 5.2.3790.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 2 Language Code : Neutral Character Set : Unicode Company Name : Ozbemzvoc Jyjuhllxtbn File Description : Hungarian 101-key Keyboard Layout File Version : 5.2.3790.0 (srv03_rtm.030324-2048) Internal Name : kbdhu1 (3.12) Legal Copyright : © Zegisbkfj Bvrrzqvaajb. All rights reserved. Original Filename : kbdhu1.dll Product Name : Srrgmzehj® Cbdodzr® Xexldngnj Etpbsa Product Version : 5.2.3790.0
VirusTotal Report submitted 2012-04-06 03:31:13
VirusShare info last updated 2012-07-26 11:56:05

	MD5	06ec8444e2bb59ae2bbd50be97f8b194
	SHA1	18a27d4c0610f2014978bf547ee45efedc9258e9
	SHA256	9a0d63c718a9b01216e5f7155f85105b2e0443ac15b36657642a21c4561240a3
SSDeep	3072:aB3elP3AgXneKvwqdQ7qNFwipBpVZOM46OYRWBkba+WhhPsXMbsCh5xT1fToc+Be:aGwgXneKvnHpDy6OYRWe3MYCh50ZBhU
Size	213492 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen AhnLab-V3 = Trojan/Win32.Pirminay Panda = Suspicious file Norman = W32/Obfuscated.L
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 16384 Initialized Data Size : 204800 Uninitialized Data Size : 0 Entry Point : 0x12be OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Icufjoxmc Corporation File Description : Grouping Helper Class File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : GroupingHC.dll Legal Copyright : © Ssldevbfq Qeohyhwlrjj. All rights reserved. Original Filename : GroupingHC.dll Product Name : Wfxkdxxej® Bpybzyz® Pfqeiuhlx Fsimjy Product Version : 6.1.7600.16385
VirusTotal Report submitted 2011-08-18 13:38:32
VirusShare info last updated 2012-07-26 11:56:09

	MD5	a5ab4c813d623bef4d65a5fc2a3ec1de
	SHA1	94ffa22e4b65bcc17cdaafe03f5194d2c869a2bb
	SHA256	9a10f16e47dfe5e734b9f50983d439f03c2885ab8e4b518d6501467d9de9b182
SSDeep	3072:B3Ril2h1bo7beJ+Q9+TSwfxmjKUEmlQMqqDLy/cl+J:R/oQ+QY2wf02UEkqqDLucw
Size	103936 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay Panda = Generic Trojan eTrust-Vet = Win32/Monder.A!generic Emsisoft = Trojan.Win32.Pirminay!IK Microsoft = Trojan:Win32/Vundo.gen!AV VIPRE = Virtumonde Avast5 = Win32:Malware-gen AVG = Generic23.AMXD GData = Win32:Malware-gen NOD32 = a variant of Win32/Kryptik.QGJ
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:12:16 08:52:00-05:00 PE Type : PE32 Linker Version : 5.12 Code Size : 45056 Initialized Data Size : 110592 Uninitialized Data Size : 0 Entry Point : 0x733e OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1.0.13.0 Product Version Number : 1.0.13.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Written by Lexmark CPD Btcbjr Drivers Company Name : Lexmark File Description : Lexmark Z12 System Driver Rendering Plug-in File Version : 1, 0, 13, 0 Internal Name : OEMUNI Legal Copyright : Copyright © 2000 Legal Trademarks : Vlxsuhtxd® is a registered trademark of Kibhempkl Qjxhpuywdoa. Idfsplr(TM) is a trademark of Dbeqtmmqk Dvdlmsrmyce Original Filename : LXADSRDR.DLL Private Build : Product Name : Lexmark Z12 Color Jetprinter Product Version : 1, 0, 13, 0 Special Build :
VirusTotal Report submitted 2011-07-18 12:22:35
VirusShare info last updated 2012-07-26 11:56:09

	MD5	78d63c48fff928cebf809cdadf83c4d2
	SHA1	809aad0ca6c3393bdeac4344aba2697757a6d5f7
	SHA256	9b9f6542746c394518547f6356d8c00de4f175b3db4d34a9aae113a12f4d70dd
SSDeep	1536:VnSpf5hiCWWMd5GiLFFGYR2l9F1SdWfnF+Qn85uRlBMqqU+NV23S2co:VSR5hdveFGJlQdW9f8kRlBMqqDLy/co
Size	106496 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:Pirminay-BU [Trj] Antiy-AVL = Trojan/Win32.Delf.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Genome Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.4 VirusBuster = Trojan.Kryptik!qMRHdFpHHvM eTrust-Vet = Win32/Monder.A!generic TrendMicro-HouseCall = TROJ_GEN.R11C2GP Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Vundo!mj DrWeb = Trojan.MulDrop2.36782 TrendMicro = TROJ_GEN.R11C2GP Kaspersky = Trojan.Win32.Genome.vboa Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen Jiangmin = TrojanDownloader.Delf.abna McAfee = Vundo!mj F-Secure = Gen:Variant.Vundo.4 VIPRE = Virtumonde AVG = Generic23.AOVK Norman = W32/Obfuscated.C2!genr GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen TheHacker = Trojan/Genome.sqcu BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.QGJ
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:09:07 22:36:33-04:00 PE Type : PE32 Linker Version : 6.0 Code Size : 36864 Initialized Data Size : 110592 Uninitialized Data Size : 0 Entry Point : 0x4c8e OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Skpmzzglk Corporation File Description : Japwccd Write File Version : 5.1.2600.0 (lusplhbl.010817-1148) Internal Name : write Legal Copyright : © Cgjeupiyp Pllcycjuauu. All rights reserved. Original Filename : write Product Name : Mvfgrdqcn® Ovzuisr® Optfepazy Mexelr Product Version : 5.1.2600.0
VirusTotal Report submitted 2011-10-07 19:23:13
VirusShare info last updated 2012-07-26 11:56:44

	MD5	0b1cd95f06e741834921a5e25b34aa3e
	SHA1	29a67ddfba8be3b7b8c7d253ef50f709df637fd2
	SHA256	9d99f8e8e47fdb437935db17d5e5842472c4e93a8d3056bb1838265b247fb6a6
SSDeep	3072:NVcjj2AXnriOS0p8+jeOb5Lb3Z+EjefZiJyzaCx7L/2H1OZG80by9LDSSnsD/P4h:NmjrXr9vpzb19+EiBuoNrk5EhWIh
Size	231827 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Jorik Ikarus = Trojan.Win32.Jorik AhnLab-V3 = Win-Trojan/Fakeav.231827 Panda = Trj/CI.A nProtect = Gen:Variant.Renos.106 VirusBuster = Trojan.Injector!1I9KKzpdhIk VBA32 = TrojanDownloader.CodecPack.sjt Emsisoft = Trojan.Win32.Jorik!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Heuristic.LooksLike.Trojan.Crypt.ZPACK.B DrWeb = Trojan.DownLoader4.33410 ByteHero = Trojan.Win32.Heur.Gen Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Jorik.K!tr PCTools = Trojan.ADH Jiangmin = Trojan/Generic.hxys F-Secure = Gen:Variant.Renos.106 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Malware-gen AVG = Dropper.Generic4.WNY Norman = W32/Obfuscated.L GData = Gen:Variant.Renos.106 Symantec = Trojan.ADH TheHacker = Trojan/Jorik.Pirminay.dz BitDefender = Gen:Variant.Renos.106 NOD32 = a variant of Win32/Injector.HZU
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 16384 Initialized Data Size : 221184 Uninitialized Data Size : 0 Entry Point : 0x139e OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.0.1020 Product Version Number : 5.1.0.1020 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Ztimzbfig Ajcosaglimg File Description : Lbgcyev NT Certificate Dialogs File Version : 5.01.1020 Legal Copyright : Copyright (C) Hymzaquww Ocfmtvuuvan. 1981-2000 Legal Trademarks : Vdxadxlqf(R) is a registered trademark of Xxerqsgit Lpurmyzuuos. Vizmzgu NT(TM) is a trademark of Clacptlmz Qkvedrvcywh Original Filename : mqcertui.dll Product Name : Xgplgokjp Message Queue Product Version : 5.01.1020
VirusTotal Report submitted 2011-08-28 09:07:59
VirusShare info last updated 2012-07-26 11:57:25

	MD5	10a6a73249599003529bbf04d667f76e
	SHA1	81ab972622478b6da4d81a44a9e6aa12e96454fb
	SHA256	9e1d8130f831b9d58f7a870ef03f686319ba22c9b3c36e11f9908ac49cad5447
SSDeep	1536:PZM4F6sek1Ig1jQbq3SyuBCZUga3phK18zT2UFPNH39bsfqXjbx6X:VF6sek1/BQISyueJKrz6UFFXVsjX
Size	74752 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Suspicious file nProtect = Trojan/W32.Agent.74752.NI K7AntiVirus = Riskware VBA32 = AdWare.SuperJuan.aaan eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R1BC2G7 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Monder.moks McAfee-GW-Edition = Vundo!mn DrWeb = Trojan.WinSpy.1087 TrendMicro = TROJ_GEN.R1BC2G7 Kaspersky = Trojan.Win32.Monder.moks Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen McAfee = Vundo!mn F-Secure = Trojan.Generic.6387022 VIPRE = Trojan.Win32.Kryptik.laq (v) eSafe = Win32.TRVundo F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Cryptic.BTF Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Trojan.Generic.6387022 Symantec = Trojan.Gen.2 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Monder.moks BitDefender = Trojan.Generic.6387022 NOD32 = a variant of Win32/Kryptik.JHE
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:08:04 03:43:26-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 47104 Initialized Data Size : 64512 Uninitialized Data Size : 0 Entry Point : 0xc564 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.0.2153.1 Product Version Number : 5.0.2153.1 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : CIC - MMC controls for Taskpad File Version : 5.00.2153.1 Internal Name : cic.dll Legal Copyright : Copyright (C) Microsoft Corp. 1981-1999 Original Filename : cic.dll Product Name : Microsoft(R) Windows (R) 2000 Operating System Product Version : 5.00.2153.1
VirusTotal Report submitted 2012-01-23 00:42:48
VirusShare info last updated 2012-07-26 11:57:35

	MD5	64ebd2a9c3880892d116543d879a9123
	SHA1	3187bdc2a3f9b87da79fdc54b2eb97b913b06e42
	SHA256	9e7ed9876ccdc6f42cab3c52f8ad54dd1ded63418b6b08d47eb74219fc61b545
SSDeep	6144:BGow5TI25teoXej7w23yb3msGUfJ43EE+i+FzdW:Y1juiejqb3fGUfJVEik
Size	247300 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.XPACK.Gen Avast = Win32:Downloader-JDZ [Trj] Ikarus = Trojan.Win32.Jorik AhnLab-V3 = Win-Trojan/Fakeav.247300 Panda = Trj/Genetic.gen nProtect = Trojan.Generic.6567068 K7AntiVirus = Riskware VirusBuster = Trojan.Injector!r1Tot8G7Pd0 VBA32 = TrojanDownloader.Qhost.jw TrendMicro-HouseCall = TROJ_RENOS.BMC Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Jorik!IK CAT-QuickHeal = Trojan.Jorik.Pirminay.agj McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.DownLoader4.31226 TrendMicro = TROJ_RENOS.BMC Kaspersky = Trojan.Win32.Jorik.Pirminay.agj Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Jorik.K!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.hxys McAfee = Generic Malware.ms ClamAV = Trojan.Agent-264105 F-Secure = Trojan.Generic.6567068 VIPRE = Trojan.Win32.Generic!BT AVG = Dropper.Generic4.TIL Norman = W32/Suspicious_Gen2.NVDSZ Sophos = Troj/Virtum-Gen GData = Trojan.Generic.6567068 Symantec = Trojan.Gen TheHacker = Trojan/Jorik.Pirminay.lt BitDefender = Trojan.Generic.6567068 NOD32 = a variant of Win32/Injector.HZU
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 241664 Initialized Data Size : 8192 Uninitialized Data Size : 28672 Entry Point : 0x421f0 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Atdrtupku Cykchlnuhhu File Description : SCardDlg - Smart Card Common Dialog File Version : 5.1.2600.0 (lzxetkox.010817-1148) Internal Name : SCardDlg.dll Legal Copyright : © Xdvkdwplm Lthztkvuilh. All rights reserved. Original Filename : SCardDlg.dll Product Name : Cpscxhoyh® Uqltgvo® Tncqthbhx Jrypnh Product Version : 5.1.2600.0
VirusTotal Report submitted 2012-04-10 19:57:37
VirusShare info last updated 2012-07-26 11:57:41

	MD5	b3dd20ccce353b9e0cf492e98cbf4b9c
	SHA1	1feddfdbb5197a72cf4049e3e5c79e01f9e0e715
	SHA256	9f9d2d3138f8be5a0481b746ffa0d23ef7e4559bc8b37061d43a9a9b6bd7e0ed
SSDeep	3072:ylTnLGhPPc6ip73VdfC4wBdYzKWzgo66uAGDiX:baVMBRnH
Size	126976 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Gen Panda = Generic Trojan Rising = Trojan.Win32.Generic.1291FF31 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!6cEj3IpLzZs TrendMicro-HouseCall = TROJ_GEN.R31C1IN Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Vundo.av McAfee-GW-Edition = Vundo!kk DrWeb = Trojan.Click1.60787 TrendMicro = TROJ_GEN.R31C1IN Kaspersky = Trojan.Win32.Genome.weam Microsoft = Trojan:Win32/Vundo.gen!AV PCTools = Trojan.Gen McAfee = Vundo!kk F-Secure = Trojan.Generic.6516794 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.ABAX Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Trojan.Generic.6516794 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.ndc BitDefender = Trojan.Generic.6516794 NOD32 = a variant of Win32/Kryptik.NDC
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:12:03 07:46:59-05:00 PE Type : PE32 Linker Version : 5.12 Code Size : 45056 Initialized Data Size : 114688 Uninitialized Data Size : 0 Entry Point : 0x8c1a OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 0.3.81.1 Product Version Number : 7.6.81.1 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 12 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : ThinPrint GmbH File Description : TPOG Printer Driver File Version : 7,6,81,1 Internal Name : tpprn.dll Legal Copyright : Copyright © 2000 - 2007 ThinPrint GmbH Legal Trademarks : Original Filename : tpprn.dll Private Build : Product Name : ThinPrint Output Gateway Product Version : 7,6,81,1 Special Build :
VirusTotal Report submitted 2011-10-30 22:03:38
VirusShare info last updated 2012-07-26 11:58:04

	MD5	d2d87dbd438927c8af5d876efab8fb7a
	SHA1	b4ffc23a54c310a06763d8a2f88e7b82d5e8b2c1
	SHA256	9fe21194898e95229a3b204d0c95008c9ad37939ebb958916e50b645cf926f22
SSDeep	6144:EBCeOIYCP10XuEQ5YAEOdZ4MYQmQJExlQzc4uK3Z6KA6y:EweO7CPW+E7wdZ4MRm+MlNgAx
Size	344498 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Kazy.15607.3 Avast = Win32:Pirminay-AW [Trj] Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Pirminay.344498 Panda = Trj/CI.A nProtect = Gen:Variant.Kazy.15607 K7AntiVirus = Trojan VirusBuster = Trojan.DL.Agent!Piay18egSoA eTrust-Vet = Win32/Ransom.UG TrendMicro-HouseCall = TROJ_GEN.R21CRG4 Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Downloader.a!eo TrendMicro = TROJ_GEN.R21CRG4 Kaspersky = Trojan.Win32.Pirminay.iuu Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Pirminay.IHV!tr PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.adx McAfee = Downloader.a!eo F-Secure = Trojan.Generic.6148262 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Pirminay-AW [Trj] F-Prot = W32/Trojan2.NNWS AVG = Generic23.HAV Norman = W32/Suspicious_Gen2.NKBOV Sophos = Mal/Generic-L GData = Trojan.Generic.6148262 Symantec = Trojan.Gen Commtouch = W32/Trojan2.NNWS TheHacker = Trojan/Pirminay.ihv BitDefender = Trojan.Generic.6148262 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:05 21:47:18-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 344064 Initialized Data Size : 4096 Uninitialized Data Size : 434176 Entry Point : 0xbe0e0 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.70.7713.0 Product Version Number : 2.70.7713.0 File Flags Mask : 0x0003 File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Tgpgtyzko Ohoyuibetta File Description : Genbrdxvn Data Access - OLE DB Data Shape Provider Resources File Version : 2.70.7713.0 built by: Lab06_N(dagbuild) Internal Name : msaddsr.dll Legal Copyright : © Bejlactid Wzroihkuboc. All rights reserved. Original Filename : msaddsr.dll Product Name : Qegynjslp Data Access Components Product Version : 2.70.7713.0
VirusTotal Report submitted 2011-08-30 15:17:54
VirusShare info last updated 2012-07-26 11:58:09

	MD5	e9ef6aa6cb43af70f25ddeacbc56254b
	SHA1	f3304ba04b292237ea9568efa7131e49c8b237f0
	SHA256	a0eba8c660062cfb5284bbd591e863c236a5c246e7c5541b0994e5ef2ef971df
SSDeep	3072:WrAdPBoUyxX0+AR7092SSh3fxEfYGEMiME9gHA5VZR8FPFeOLiaI0lttGIZjOqH8:JjyVdARQjSdfZaiv9HVcFbtjOqR71gX
Size	312380 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Pirminay.bks Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/Agent.OLO nProtect = Gen:Variant.Buzy.550 K7AntiVirus = Riskware VBA32 = SScope.Trojan.Pirminay.chc eTrust-Vet = Win32/Renos.CLI TrendMicro-HouseCall = TROJ_GEN.R4FCRBQ Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Kryp.b DrWeb = Trojan.DownLoader4.45794 TrendMicro = TROJ_GEN.R4FCRBQ Kaspersky = Trojan.Win32.Pirminay.oac Microsoft = TrojanDownloader:Win32/Renos.KC Fortinet = PossibleThreat PCTools = Trojan.ADH Jiangmin = Trojan/Pirminay.hc McAfee = Kryp.b ClamAV = Trojan.Agent-248187 F-Secure = Backdoor.Generic.552986 VIPRE = Trojan.Win32.Generic!BT F-Prot = W32/FakeAlert.LP.gen!Eldorado AVG = Generic20.BGDN Norman = W32/Suspicious_Gen2.INICS Sophos = Mal/Ponmocup-A GData = Backdoor.Generic.552986 Symantec = Trojan.ADH.2 Commtouch = W32/FakeAlert.LP.gen!Eldorado TheHacker = Trojan/Downloader.Agent.pxo BitDefender = Backdoor.Generic.552986 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:11:10 10:19:14-05:00 PE Type : PE32 Linker Version : 5.12 Code Size : 24576 Initialized Data Size : 564736 Uninitialized Data Size : 0 Entry Point : 0x6b12 OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.4.3790.0 Product Version Number : 6.4.3790.0 File Flags Mask : 0x30003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Windows, Latin1 Company Name : Microsoft Corporation File Description : DirectShow Runtime. File Version : 6.04.3790.0 Internal Name : QCap.dll Legal Copyright : Copyright (C) 1992-2001 Microsoft Corp. Original Filename : QCap.dll Product Name : DirectShow Product Version : 6.04.3790.0 Direct Show : Core OLE Self Register : DXM20
VirusTotal Report submitted 2011-10-17 20:11:28
VirusShare info last updated 2012-07-26 11:58:31

	MD5	aa8ee15edee7f7276edf750f64404d47
	SHA1	32e4244708d1f3ce3deffda39a5f3a267b76c5d3
	SHA256	a48c9ce5a0d9f96f0fd731b3b6f0ba111da759767d0dd241a40045b7eb303237
SSDeep	3072:R3yk1le1w4MBw5i8cB/KV6Kppr7FhH++j8jn1lNcSwoZefYfO:dvOwEwb6ZfSnNcSVfO
Size	167936 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.307200 Avast = Win32:MalOb-GD [Cryp] Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.FakeAV Panda = Trj/CI.A Rising = Trojan.Win32.Generic.1294F1B4 nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!Qu0mn+kF+Rk eTrust-Vet = Win32/Monder.A!generic TrendMicro-HouseCall = TROJ_GEN.R1BC2FO Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[RE] McAfee-GW-Edition = Vundo!kf DrWeb = Trojan.Virtumod.10325 TrendMicro = TROJ_GEN.R1BC2FO Kaspersky = Trojan.Win32.Monder.must Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Monder.ackh McAfee = Vundo!kf F-Secure = Gen:Variant.Vundo.4 VIPRE = Virtumonde F-Prot = W32/Virtumonde.CD.gen!Eldorado AVG = Generic22.ANCC Norman = W32/Suspicious_Gen2.NKTPB Sophos = Mal/Generic-L GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen.2 Commtouch = W32/Virtumonde.CD.gen!Eldorado TheHacker = Trojan/Kryptik.ndi BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.NDI
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:01:18 00:19:53-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 102400 Initialized Data Size : 98304 Uninitialized Data Size : 0 Entry Point : 0x163c5 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6001.18000 Product Version Number : 6.0.6001.18000 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 8 Language Code : English (U.S.) Character Set : Unicode Company Name : Xztfevbqv Kbgbrtftghg File Description : Flnsgrboy ACM Audio Filter File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840) Internal Name : Jhyddtqsf ACM Audio Filter Legal Copyright : © Inorznyop Corporation. All rights reserved. Original Filename : msfltr32.acm Product Name : Xcsltbhjn® Zqtcvkp® Pgkevtdwi Lrgelv Product Version : 6.0.6001.18000
VirusTotal Report submitted 2011-10-21 18:36:28
VirusShare info last updated 2012-07-26 11:59:42

	MD5	efeff5e603ad3dd1d5e6500ad564d6d1
	SHA1	2aa14a1c04c33ae7f1dbc7231f8b3af9c3ddd5eb
	SHA256	a4c61e4913b2aa88d1b6a509bacc2af525c5d9eeff045d23281360d8bc627932
SSDeep	6144:US5cLKGt4vobsCJtivQXN5CF19QcGpMb24VZEPDItBk5FjuUU6:UG9GFYqjCFYcUg2IZEPctBwFjuUd
Size	364976 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.ZPACK.Gen2 Avast = Win32:Malware-gen Ikarus = Trojan-Downloader.Win32.Ponmocup AhnLab-V3 = Trojan/Win32.Pirminay Panda = Suspicious file nProtect = Trojan.Generic.KDV.118065 K7AntiVirus = Riskware VBA32 = SScope.Trojan.Pirminay.chc TrendMicro-HouseCall = TROJ_SPNR.15KL11 Comodo = UnclassifiedMalware Emsisoft = Trojan-Downloader.Win32.Ponmocup!IK CAT-QuickHeal = TrojanDownloader.Ponmocup.a McAfee-GW-Edition = Downloader.a!pd DrWeb = Trojan.Hosts.4898 TrendMicro = TROJ_SPNR.15KL11 Kaspersky = Trojan.Win32.Pirminay.oor Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.hx McAfee = Downloader.a!pd F-Secure = Trojan.Generic.KDV.118065 VIPRE = Trojan.Win32.Generic!BT eSafe = Win32.TRPirminay.Bvt AVG = Generic20.CAOV Norman = W32/Suspicious_Gen2.REVIA Sophos = Troj/Virtum-Gen GData = Trojan.Generic.KDV.118065 Symantec = Trojan.Gen TheHacker = Trojan/Kryptik.jzc BitDefender = Trojan.Generic.KDV.118065 NOD32 = probably a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2004:11:24 15:42:57-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 348160 Initialized Data Size : 323584 Uninitialized Data Size : 0 Entry Point : 0x5531c OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Associated Device Presence Proxy Dll File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : IPBusEnumProxy Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : IPBusEnumProxy.dll Product Name : Microsoft® Windows® Operating System Product Version : 6.1.7600.16385
VirusTotal Report submitted 2012-04-30 16:26:25
VirusShare info last updated 2012-07-26 11:59:47

	MD5	d5ad6bb62af60b1d50e2f8d9d55770c0
	SHA1	88f7b568dc5cb23cdbac0f0cf68dfb2c0fa36802
	SHA256	a518d801b66df33f1f525b75dd514c3d77246f32dd4519777578e2e1f13629f8
SSDeep	6144:bvJ58AXev47W4ghRYX80cTvcPFHMMnxygGdECb6PVNFORgbisU71F9zAgnwhDSaf:3xeeWTc8040FHMMxy5dE62HFORgbiL9u
Size	376832 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Spy.376832.228 Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Suspicious file nProtect = Gen:Variant.Zbot.34 K7AntiVirus = Trojan TrendMicro-HouseCall = TROJ_GEN.R28C2IJ Comodo = TrojWare.Win32.Trojan.Agent.Gen McAfee-GW-Edition = Generic Dropper!djb TrendMicro = TROJ_GEN.R28C2IJ Kaspersky = Trojan.Win32.Pirminay.cbj Microsoft = Trojan:Win32/Meredrop PCTools = HeurEngine.MaliciousPacker McAfee = Generic Dropper!djb F-Secure = Gen:Variant.Zbot.34 VIPRE = Packed.Win32.Pirminay.a (v) Avast5 = Win32:Malware-gen F-Prot = W32/FakeAlert.LP.gen!Eldorado AVG = Generic22.CJFF Norman = W32/Suspicious_Gen2.HIBAI Sophos = Mal/Generic-L Symantec = Packed.Generic.305 GData = Gen:Variant.Zbot.34 Commtouch = W32/FakeAlert.LP.gen!Eldorado BitDefender = Gen:Variant.Zbot.34 NOD32 = a variant of Win32/Kryptik.HNY
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2007:02:02 14:03:33-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 359936 Initialized Data Size : 278528 Uninitialized Data Size : 0 Entry Point : 0x58ad8 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.3959 Product Version Number : 5.2.3790.3959 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Serial Device Driver File Version : 5.2.3790.3959 (srv03_sp2_rtm.070216-1710) Internal Name : serial.sys Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : serial.sys Product Name : Microsoft® Windows® Operating System Product Version : 5.2.3790.3959
VirusTotal Report submitted 2011-06-10 08:45:51
VirusShare info last updated 2012-07-26 11:59:54

	MD5	01438ca3afc983a7640d3a03f64da449
	SHA1	cff3be6c9fe16796baddd220c7a323d9c6fceee5
	SHA256	a5a87bb5a5ec6364447d76092ef5138e886fe6ebaaad5f4c1decdb7d1f0befcd
SSDeep	3072:86glOEe5zqv1aAyL1cmnnSVuXelIK60t:8N7WLGmnPXds
Size	135168 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-GD [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.HDC Panda = Suspicious file nProtect = Trojan.Generic.KDV.199637 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!9huxqeh/mBo eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R47C2EE Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Genome.tmjn SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[Cont] McAfee-GW-Edition = Vundo!nf DrWeb = Trojan.Smardec.76 TrendMicro = TROJ_GEN.R47C2EE Kaspersky = Trojan.Win32.Genome.tmjn Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Genome.aqjp McAfee = Vundo!nf F-Secure = Trojan.Generic.KDV.199637 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.JBY Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Trojan.Generic.KDV.199637 Symantec = Trojan.Gen TheHacker = Trojan/Kryptik.llt BitDefender = Trojan.Generic.KDV.199637 NOD32 = a variant of Win32/Kryptik.LLT
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:22 08:32:03-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 49152 Initialized Data Size : 118784 Uninitialized Data Size : 0 Entry Point : 0x93c5 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 4.72.3110.0 Product Version Number : 4.72.3110.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Vjubpwjoe Qqzupynwthr File Description : Customize Folder Wizard File Version : 4.72.3110.0 Internal Name : SHWIZARD Legal Copyright : Copyright (C) Faztdkrnf Corp. 1981-1997 Original Filename : IESHWIZ.EXE Product Name : Yzzdoktkv(R) Ggwgvnx NT(R) Operating Ejyrdj Product Version : 4.72.3110.0
VirusTotal Report submitted 2012-02-12 04:12:19
VirusShare info last updated 2012-07-26 12:00:06

	MD5	7ae5c7fb063d5a7c34f32360a9c04775
	SHA1	140870c11e711e61fed22392c21c5ae99a7030b1
	SHA256	a5ac9a2b8af20f0879839a8aff5ad613aeb432ec0da8b50767b5650a3e243304
SSDeep	24576:xi9yPobycSaV4geHG1M64XWBeZybEA8j9Kmk:0rGL364XW8ZybR85
Size	840192 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:MalOb-GW [Cryp] Ikarus = Backdoor.Win32.Kelihos AhnLab-V3 = Trojan/Win32.Menti Panda = Trj/Mystic.a nProtect = Trojan.Generic.KD.313664 K7AntiVirus = Trojan VirusBuster = Trojan.Menti!U1UccWLqNcI VBA32 = Trojan.Menti.ickx TrendMicro-HouseCall = TROJ_GEN.R07C2IA Comodo = Heur.Suspicious Emsisoft = Backdoor.Win32.Kelihos!IK CAT-QuickHeal = Trojan.Menti.ickx McAfee-GW-Edition = FakeAlert-SecurityTool.cv DrWeb = BackDoor.Slym.25 TrendMicro = TROJ_GEN.R07C2IA Kaspersky = Trojan.Win32.Menti.ickx Microsoft = Backdoor:Win32/Kelihos.B Fortinet = W32/Pirminay.BMF!tr PCTools = HeurEngine.Mystic McAfee = FakeAlert-SecurityTool.cv F-Secure = Trojan.Generic.KD.313664 VIPRE = Trojan.Win32.Ransom.do (v) eSafe = Win32.TRDropper F-Prot = W32/FakeAlert.QW.gen!Eldorado AVG = Generic24.CCYZ Norman = W32/Kryptik.AFR Sophos = Mal/EncPk-ADY GData = Trojan.Generic.KD.313664 Symantec = Packed.Mystic!gen9 Commtouch = W32/FakeAlert.QW.gen!Eldorado BitDefender = Trojan.Generic.KD.313664 NOD32 = a variant of Win32/Kryptik.OBX
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:11:14 23:24:53-05:00 PE Type : PE32 Linker Version : 7.0 Code Size : 20480 Initialized Data Size : 818176 Uninitialized Data Size : 0 Entry Point : 0x5232 OS Version : 5.0 Image Version : 0.0 Subsystem Version : 5.0 Subsystem : Windows GUI File Version Number : 0.16384.8206.38519 Product Version Number : 0.16384.8206.38519 File Flags Mask : 0x0000 File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Ritlabs S.R.L. File Description : RwR2zFQ0fy File Version : uihp0S Internal Name : O4JTwnPR26 Legal Copyright : AuiIepAMxVg Original Filename : EgGfn Product Name : KB96sN65LFWp3 Product Version : o0AX Warning : Possibly corrupt Version resource
VirusTotal Report submitted 2012-05-02 01:19:15
VirusShare info last updated 2012-07-26 12:00:06

	MD5	b95c1bdd200a9c4874d8ce9d7f04f890
	SHA1	7bd34da7feac39e9ab6dcb1bc682f51e517d127e
	SHA256	a88eb9392e186b5f2b3d2b09e90fc47e2a65e5425f265ff7e154994a8efbd888
SSDeep	6144:455IJzJznrggsdgz1Jo5H9PnNUxBqczZcuhBzQYvYPuvK0Z:4HI1dS8Jw9/axhNPBz1QPmK8
Size	294345 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Pirminay.bhf Avast = Win32:Pirminay-C Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Suspicious file nProtect = Backdoor/W32.Agent.294345 K7AntiVirus = Riskware VBA32 = SScope.Trojan.Pirminay.chc TrendMicro-HouseCall = TROJ_GEN.R3BC2CE Comodo = UnclassifiedMalware DrWeb = Trojan.MulDrop1.59103 TrendMicro = TROJ_GEN.R3BC2CE Microsoft = TrojanDownloader:Win32/Renos.KC Fortinet = PossibleThreat PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.gs ClamAV = Trojan.Agent-183385 VIPRE = Trojan.Win32.Generic!SB.0 Avast5 = Win32:Pirminay-C AVG = Downloader.Generic10.BOLE Norman = W32/Obfuscated.L Sophos = Mal/Generic-L Symantec = Trojan.Gen GData = Backdoor.Generic.542938 TheHacker = Trojan/Pirminay.bhf BitDefender = Backdoor.Generic.542938 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:04:01 19:14:40-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 24064 Initialized Data Size : 531968 Uninitialized Data Size : 0 Entry Point : 0x69a6 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2001.12.4414.42 Product Version Number : 3.0.0.4414 File Flags Mask : 0x003f File Flags : Special build File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Windows, Latin1 Company Name : Microsoft Corporation File Version : 2001.12.4414.42 Internal Name : COMADDIN.DLL Legal Copyright : Copyright (C) Microsoft Corp. 1995-1999 Legal Trademarks : Microsoft(R) is a registered trademark of Microsoft Corporation. Windows(TM) is a trademark of Microsoft Corporation Product Name : COM Services Product Version : 03.00.00.4414
VirusTotal Report submitted 2011-03-21 14:30:59
VirusShare info last updated 2012-07-26 12:01:00

	MD5	7055ae5755e7f0e3a1b6971bd42da7d7
	SHA1	eb2a0b2009b48870972e4b9def356d3414ee7faa
	SHA256	aa51a456554409c8f0c9b73d41f82f56701ff2527d9d05d509df9fcb57c98364
SSDeep	6144:SeQ6cgQCiX1TcKvYzpSiEDNevSXqNBcSP4ldTPUnBBkHL4/kZOd:SeQ6cglilAK+gJuSpSid4oHskZOd
Size	339347 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:Kryptik-BHS [Trj] Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.HDC Panda = Trj/CI.A nProtect = Gen:Variant.Zbot.34 VirusBuster = Trojan.Kryptik!rzI0bcQc20Y Comodo = TrojWare.Win32.Trojan.Agent.Gen Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Artemis!7055AE5755E7 DrWeb = Trojan.Hosts.4823 Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Ponmocup.A PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.rc McAfee = Artemis!7055AE5755E7 F-Secure = Gen:Variant.Zbot.34 VIPRE = Trojan.Win32.Generic!BT AVG = Generic21.CKKK Sophos = Mal/Ponmocup-A GData = Gen:Variant.Zbot.34 Symantec = Trojan.Gen TheHacker = Trojan/Pirminay.eun BitDefender = Gen:Variant.Zbot.34 NOD32 = probably a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:08:29 11:12:31-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 45056 Initialized Data Size : 581632 Uninitialized Data Size : 0 Entry Point : 0x7fbb OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Ylvvctpwd Hjjgrgxxjvq File Description : JP Japanese Keyboard Layout for (NEC PC-9800 Npryefh 95) File Version : 6.0.6000.16386 (chgxk_rtm.061101-2205) Internal Name : kbdnec95 Legal Copyright : © Zrgpyhkpw Zetormqzqxq. All rights reserved. Original Filename : kbdnec95.dll Product Name : Fhcydlmrl® Qijbsmw® Omksoilwh Wjprdv Product Version : 6.0.6000.16386
VirusTotal Report submitted 2011-10-01 06:14:19
VirusShare info last updated 2012-07-26 12:01:36

	MD5	fd2f20012b61bb198ea25f46e906a541
	SHA1	a461791097d729e927da7a3e7e293e7e0b8496ad
	SHA256	aa73ccfb400d7d0fac5f905623b422985993852af9ba26a4fb6f33dbc575c30c
SSDeep	1536:lvB8XiNa9rPQXn2cwEv8Kdc2Jy58dUe/Y/vE7Jp/8YMQHFHQV:kXiQJ8VwEkgcsoUI/M7Jp/1MQlw
Size	83968 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Suspicious file nProtect = Gen:Variant.Vundo.13 K7AntiVirus = Riskware VirusBuster = Trojan.Monder!iBZJ55338G8 VBA32 = Trojan.Monder.mkjo TrendMicro-HouseCall = TROJ_GEN.R4FC1IE Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Vundo!kz DrWeb = Trojan.Smardec.92 TrendMicro = TROJ_GEN.R4FC1IE Kaspersky = Trojan.Win32.Monder.mkjo Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Genome.adqo McAfee = Vundo!kz F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.BZ.gen!Eldorado AVG = Generic24.LP Norman = W32/Suspicious_Gen2.PSFNT Sophos = Mal/Generic-L GData = Gen:Variant.Vundo.13 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.BZ.gen!Eldorado TheHacker = Trojan/Monder.mkjo BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.IRI
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2007:02:21 01:17:10-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 73216 Initialized Data Size : 48128 Uninitialized Data Size : 0 Entry Point : 0x12ccd OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 2 Language Code : Neutral Character Set : Unicode Company Name : Microsoft Corporation File Description : Greek IBM 319 Keyboard Layout File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : kbdhe319 (3.13) Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : kbdhe319.dll Product Name : Microsoft® Windows® Operating System Product Version : 6.1.7600.16385
VirusTotal Report submitted 2011-10-21 02:49:05
VirusShare info last updated 2012-07-26 12:01:40

	MD5	ceef64f2b93d4a0da429eb95e3154c68
	SHA1	15c1f57713515cc71060ac0ff32eeb07547951ac
	SHA256	abb6ebf0d0d3710f405556447117cc7f51c1f6cb422aefcdfce1ae18f21bcff0
SSDeep	3072:NU4Qrqmh8Nh5iz/TRBfVlLgh5Nhhuu8lal8skzmM4Pjie:NU4MdhlrVdUTuu1ye
Size	176128 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/Win32.Monder.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.HDC Panda = Generic Trojan nProtect = Trojan/W32.Vundo.176128 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!QfX7Cvk7kmM VBA32 = Trojan.Monder.mzcc eTrust-Vet = Win32/Monder.A!generic TrendMicro-HouseCall = TROJ_SPNR.15KL11 Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Vundo.av McAfee-GW-Edition = Vundo!mt DrWeb = Trojan.Virtumod.10319 TrendMicro = TROJ_SPNR.15KL11 Kaspersky = Trojan.Win32.Monder.mzcc Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Monder.BMF!tr PCTools = Trojan.Gen Jiangmin = Trojan/Monder.acld McAfee = Vundo!mt F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.BSJP Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.13 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Gen:Variant.Vundo.13 NOD32 = probably a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:08:02 21:37:02-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 114688 Initialized Data Size : 94208 Uninitialized Data Size : 0 Entry Point : 0x196c1 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2001.12.4414.42 Product Version Number : 3.0.0.4414 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Windows, Latin1 Company Name : Lnonahzxm Wcpcpvypcwh File Description : Simple Kernel-mode File-based Log File Version : 2001.12.4414.42 Internal Name : txflog.sys Legal Copyright : Copyright (C) Gkwyhtadd Corp. 1995-1999 Legal Trademarks : Lzthrmpka(R) is a registered trademark of Kbkqbjtqv Pytvogluvdb. Uvjgebk(TM) is a trademark of Hsgmwgkuh Vjanbptcsuu Product Name : COM Services Product Version : 03.00.00.4414
VirusTotal Report submitted 2011-11-29 17:10:19
VirusShare info last updated 2012-07-26 12:02:11

	MD5	13716868c35dc495b4887c593951372b
	SHA1	268d0f6084f96c16a5062a7463a23a178af66670
	SHA256	aca4dae02fc1abfe32999748e47a39fa6dc01de844208f36e86de5dc0f34768b
SSDeep	6144:idsFsLB3GbOnTFPv5vWh2B2MMSMzvkVktn5MYPH2V1ZWlh:cLNNTVIsAPSMb04MMeqlh
Size	299397 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Pirminay.cqn Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Malware.299397 Panda = Trj/CI.A nProtect = Gen:Variant.Zbot.34 K7AntiVirus = Riskware VirusBuster = Trojan.Pirminay!Y/QETZYNb3k VBA32 = SScope.Trojan.Pirminay.chc TrendMicro-HouseCall = TROJ_DLOADR.SMWQ Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Agent.bgen McAfee-GW-Edition = Downloader-CEW.ag DrWeb = Trojan.DownLoader4.48509 TrendMicro = TROJ_DLOADR.SMWQ Kaspersky = Trojan.Win32.Pirminay.mgp Microsoft = TrojanDownloader:Win32/Renos.KC Fortinet = PossibleThreat PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.ju McAfee = Downloader-CEW.ag F-Secure = Gen:Variant.Zbot.34 VIPRE = Trojan.Win32.Generic!BT AVG = Generic21.JAY Norman = W32/Obfuscated.L Sophos = Troj/Virtum-Gen GData = Gen:Variant.Zbot.34 Symantec = Trojan.Gen TheHacker = Trojan/Pirminay.csm BitDefender = Gen:Variant.Zbot.34 NOD32 = probably a variant of Win32/TrojanDownloader.Agent.FPVULED
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:03:09 19:32:23-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 266240 Initialized Data Size : 286720 Uninitialized Data Size : 0 Entry Point : 0x41a90 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 0.3.1536.0 Product Version Number : 1.0.2.82 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 1 Language Code : English (U.S.) Character Set : Unicode Company Name : CANON INC. File Description : Canon Inkjet Printer Driver File Version : 1.00.2.82 (vbl_wcp_d2_drivers.060831-0027) Internal Name : CNBO157.DLL Legal Copyright : Copyright CANON INC. 2006 All Rights Reserved Original Filename : CNBO157.DLL Product Name : Canon Inkjet Printer Driver Product Version : 1.00.2.82
VirusTotal Report submitted 2011-12-01 15:38:28
VirusShare info last updated 2012-07-26 12:02:32

	MD5	d92cedc75cfb868f9aa1176a6e7c10ef
	SHA1	778ae3011c375bcb7e8f706f3c99e36315c3b37e
	SHA256	ad4861fada0172c4fe9a2c846e3bd17c4e76ce7c64acd60537e99d3157d9a539
SSDeep	1536:sHzv/joB7zwTdgHcCdiuG6mEG+FanTaHlO2XlPbKdBpPzncJ05Cl5qFp44ZqUMZO:sTvEpw50AulOTfa2XpPyZl5qFpxqUMZ
Size	75264 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Suspicious file nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!Z/OJpiwr94s VBA32 = Trojan.Monder.mrbq TrendMicro-HouseCall = TROJ_GEN.R21C2IC Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Monder.mrbq McAfee-GW-Edition = Vundo!lt DrWeb = Trojan.Virtumod.10471 TrendMicro = TROJ_GEN.R21C2IC Kaspersky = Trojan.Win32.Monder.mrbq Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = HeurEngine.MaliciousPacker Jiangmin = Trojan/Monder.acmd McAfee = Vundo!lt F-Secure = Gen:Variant.Vundo.4 VIPRE = Virtumonde eSafe = Win32.TRVundo F-Prot = W32/Virtumonde.BZ.gen!Eldorado AVG = Generic24.CDSZ Norman = W32/Kryptik.AIF Sophos = Mal/Generic-L GData = Gen:Variant.Vundo.4 Symantec = Packed.Generic.305 Commtouch = W32/Virtumonde.BZ.gen!Eldorado TheHacker = Trojan/Monder.mrbq BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.PLI
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:08:14 08:08:28-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 31744 Initialized Data Size : 78336 Uninitialized Data Size : 0 Entry Point : 0x8ab3 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 6 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Remote NDIS Miniport File Version : 6.0.6000.16386 (vista_rtm.061101-2205) Internal Name : RNDISMP.SYS Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : RNDISMP.SYS Product Name : Microsoft® Windows® Operating System Product Version : 6.0.6000.16386
VirusTotal Report submitted 2011-10-02 02:33:57
VirusShare info last updated 2012-07-26 12:02:47

	MD5	40ece957ee82b8ed40d48cf531ae723a
	SHA1	cc6f23d69de7b8e45d795ab0c388b82f175cde32
	SHA256	b08591b6c4cfc1b0e35d596d737895b1ed05849078d8524ad279d1fbb15ecc00
SSDeep	1536:XDyiZbJWdS9wBmOlNN6qUEDCOUCs4uT69LCyP1Jh01KQ1:XzZbJlWlNtUEDlsd69LYYQ1
Size	81920 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.307200 Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Generic Trojan nProtect = Trojan/W32.Vundo.81920.BF K7AntiVirus = Riskware VirusBuster = Trojan.Monder!1H9k5EOa4e0 VBA32 = Trojan.Monder.mvbx eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_VNDO.SMUS1 Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Monder.mpdf SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[Cont] McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.Virtumod.10219 TrendMicro = TROJ_VNDO.SMUS1 Kaspersky = Trojan.Win32.Monder.mpdf Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr Jiangmin = Trojan/Monder.abon McAfee = Generic Malware.ms F-Secure = Trojan.Vundo.5505 VIPRE = Virtumonde F-Prot = W32/Virtumonde.CD.gen!Eldorado AVG = Generic22.BPAX Norman = W32/Suspicious_Gen2.PNVEV Sophos = Troj/Virtum-Gen GData = Trojan.Vundo.5505 Commtouch = W32/Virtumonde.CD.gen!Eldorado TheHacker = Trojan/Monder.mpdf BitDefender = Trojan.Vundo.5505 NOD32 = a variant of Win32/Kryptik.NDI
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:08:10 15:31:04-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 24576 Initialized Data Size : 90112 Uninitialized Data Size : 0 Entry Point : 0x3815 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 0.3.0.0 Product Version Number : 5.2.3790.1224 File Flags Mask : 0x003f File Flags : Private build File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 1 Language Code : English (U.S.) Character Set : Unicode Company Name : Iskevzody Eejmjfkekcs File Description : Canon BJ Mini Printer Driver File Version : 5.2.3790.1224 (dnsrv(skatari).040514-1058) Internal Name : CNB600.DLL Legal Copyright : © Cddkrpwvz Xjuqvqpjlue. All rights reserved. Original Filename : CNB600.DLL Product Name : Dqxhvjrid® Xonmayd® Xxmgojpla Ewipwc Product Version : 5.2.3790.1224
VirusTotal Report submitted 2012-04-01 06:41:16
VirusShare info last updated 2012-07-26 12:04:05

	MD5	d97e6d5763e8fe0943bb71d4d7daa9dd
	SHA1	41901057762cb4a1bda59ee93d44acc7e36f39b1
	SHA256	b0914f0bba8740b951320a3a4948ef30c79264859978fc87483144c7242ae271
SSDeep	24576:VfR8CXu5OxDiNrsEwZzPUV0/TtCZhZemi:1RXyYiNrsE69bcZh4
Size	846336 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:Kelihos-D [Trj] Ikarus = Backdoor.Win32.Kelihos AhnLab-V3 = Trojan/Win32.Menti Panda = Trj/Mystic.a nProtect = Gen:Variant.Kazy.34199 K7AntiVirus = Trojan TrendMicro-HouseCall = TROJ_GEN.R74C1IK Emsisoft = Backdoor.Win32.Kelihos!IK McAfee-GW-Edition = Generic BackDoor!dnq ByteHero = Trojan.Win32.Heur.Gen TrendMicro = TROJ_GEN.R74C1IK Microsoft = Backdoor:Win32/Kelihos.B Fortinet = W32/Pirminay.BMF!tr PCTools = Trojan.Gen McAfee = Generic BackDoor!dnq F-Secure = Gen:Variant.Kazy.34199 VIPRE = Trojan.Win32.Generic.pak!cobra F-Prot = W32/FakeAlert.QW.gen!Eldorado AVG = Generic24.CDRQ Sophos = Mal/Generic-L Symantec = Trojan.Gen.2 GData = Gen:Variant.Kazy.34199 Commtouch = W32/FakeAlert.QW.gen!Eldorado BitDefender = Gen:Variant.Kazy.34199 NOD32 = a variant of Win32/Kryptik.RRD
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:11:03 05:11:07-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 112128 Initialized Data Size : 733184 Uninitialized Data Size : 0 Entry Point : 0x1b8b7 OS Version : 5.0 Image Version : 0.0 Subsystem Version : 5.0 Subsystem : Windows GUI File Version Number : 0.4096.18929.2724 Product Version Number : 0.4096.18929.2724 File Flags Mask : 0x0000 File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Ritlabs S.R.L. File Description : VZCt6f7 File Version : tyKgiE Internal Name : 6rkVkefWXa Legal Copyright : guvbyleIk2r Original Filename : vvxTHQ1NDE8S Product Name : 69bstJ Product Version : ICSJRVzf Warning : Possibly corrupt Version resource
VirusTotal Report submitted 2011-10-21 18:53:15
VirusShare info last updated 2012-07-26 12:04:06

	MD5	7c07a86c7468685e5eccbbfb831cee0a
	SHA1	a7b92f7c2623c9a444de5323ae8299808d4d1596
	SHA256	b1ab19551e232c4ba2e42fb0c762f50b19eaa31c7e92d8d9f79a43822bc61b4d
SSDeep	1536:t7t7t9F6KK/5tmG+8nsfVk4JxsKuTCrpypTLhje/0wZE:VljAKK/5tz4kctpUh6MwZE
Size	70144 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Menti.70144.F Panda = Suspicious file Rising = Trojan.Win32.Generic.126F935C nProtect = Trojan/W32.Agent.70144.KJ K7AntiVirus = Riskware VirusBuster = Trojan.Vundo!poHxSmfPKTc VBA32 = AdWare.SuperJuan.heur eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R42C2AM Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Vundo McAfee-GW-Edition = Artemis!7C07A86C7468 DrWeb = Trojan.Siggen2.46156 TrendMicro = TROJ_GEN.R42C2AM Kaspersky = Trojan.Win32.Menti.ftt ViRobot = Trojan.Win32.Vundo.70144 Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Menti.y McAfee = Artemis!7C07A86C7468 F-Secure = Trojan.Generic.5396545 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CI.gen!Eldorado AVG = Generic20.BWGN Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Trojan.Generic.5396545 Symantec = Trojan.Gen.2 Commtouch = W32/Virtumonde.CI.gen!Eldorado TheHacker = Trojan/Menti.gufq BitDefender = Trojan.Generic.5396545 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:12:13 23:23:45-05:00 PE Type : PE32 Linker Version : 5.12 Code Size : 24576 Initialized Data Size : 81920 Uninitialized Data Size : 0 Entry Point : 0x6674 OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.5479.0 Product Version Number : 6.0.5479.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 1 Language Code : English (U.S.) Character Set : Unicode Company Name : SEIKO EPSON CORPORATION File Description : EPSON Printer Driver File Version : 6.0.5479.0 (vbl_wcp_d2_drivers.060616-1619) Internal Name : ep0lvrae.dll Legal Copyright : Copyright (c) SEIKO EPSON CORPORATION 2003-2004. All rights reserved. Original Filename : ep0lvrae.dll Product Name : EPSON Printer Driver Product Version : 6.0.5479.0
VirusTotal Report submitted 2012-05-13 21:32:24
VirusShare info last updated 2012-07-26 12:04:27

	MD5	f5b373648b2502bcb54abfb5aaf48b25
	SHA1	9349660e5d2fc793a5a9ea837363453c023584c0
	SHA256	b2557e50330e243caadaf7659f13b145df907d663a32c571e854214233999252
SSDeep	6144:c0CvZTJ/KX39zucJXCd6eEpWuJw8lFCEOxICGPZuEF5:6Z9/KHQiX6EpWu9dp7PZuC
Size	305664 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.ULPM.Gen Avast = Win32:Pirminay-BW [Trj] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Pirminay.305664.Y Rising = Trojan.Win32.Generic.128944F5 nProtect = Trojan/W32.Pirminay.305664.B K7AntiVirus = Riskware VirusBuster = Trojan.Pirminay!re6LHcmwZZA VBA32 = Trojan.Pirminay.kcy TrendMicro-HouseCall = TROJ_PIRMINAY.BR Emsisoft = Trojan.Win32.Pirminay!IK Comodo = TrojWare.Win32.Trojan.Agent.Gen McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.MulDrop2.36782 TrendMicro = TROJ_PIRMINAY.BR Kaspersky = Trojan.Win32.Pirminay.jlv Microsoft = TrojanDownloader:Win32/Ponmocup.A ViRobot = Trojan.Win32.S.Pirminay.305664 Fortinet = W32/Kryptik.ANL!tr PCTools = Adware.Lop!rem Jiangmin = Trojan/Pirminay.ahi McAfee = Generic Malware.ms F-Secure = Trojan.Generic.6177722 VIPRE = Trojan.Win32.Generic!SB.0 eSafe = Win32.GenVariant.Fak F-Prot = W32/Zbot.DA.gen!Eldorado AVG = Generic23.AGLL Norman = W32/Obfuscated.L Sophos = Mal/Ponmocup-A GData = Trojan.Generic.6177722 Symantec = Adware.Lop Commtouch = W32/Zbot.DA.gen!Eldorado TheHacker = Trojan/Downloader.Agent.pxo BitDefender = Trojan.Generic.6177722 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:03:17 13:24:10-05:00 PE Type : PE32 Linker Version : 5.12 Code Size : 303104 Initialized Data Size : 4096 Uninitialized Data Size : 393216 Entry Point : 0xaa750 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.2900.5512 Product Version Number : 6.0.2900.5512 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Ianfrccex Hylmxmqqexv File Description : Internet Connection Wizard File Version : 6.00.2900.5512 (xpsp.080413-2105) Internal Name : INETWIZ Legal Copyright : © Swvmphglr Oklxjwsdjxp. All rights reserved. Original Filename : INETWIZ.EXE Product Name : Dfjddmpgu® Qxlltiv® Tdesftvhr System Product Version : 6.00.2900.5512
VirusTotal Report submitted 2012-06-12 14:48:04
VirusShare info last updated 2012-07-26 12:04:41

	MD5	3d7ab8e287499a34063e54251e6d565b
	SHA1	b32c52a7389521a831795bee1a5e12f53f1abeed
	SHA256	15d2b7cbfa587d72853ae467888b0acfb8ce05496ccf86b1ade43d6b441c1f55
SSDeep	3072:PvZH8E3JbA8Qck5OQonpCFuKFFrholEMqqDLy/zn+Pe/4NKCns1:PvLGxJOQon2uw1heqqDLuzsOuKqs
Size	160768 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-HF [Cryp] Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Vundo Panda = Generic Trojan Rising = Trojan.Win32.Generic.1289ABC8 nProtect = Trojan/W32.Genome.160768 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!4OpO7Jrai9Y eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R47C1HV Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Vundo.av SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[Cont] McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.Click1.64012 TrendMicro = TROJ_GEN.R47C1HV Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV ViRobot = Trojan.Win32.Vundo.160768 Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.ijxo McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.4 VIPRE = Virtumonde eSafe = Win32.TRVundo F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.AZQC Norman = W32/Suspicious_Gen2.NXSTO Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.lxf BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:08:19 09:46:42-04:00 PE Type : PE32 Linker Version : 5.12 Code Size : 94208 Initialized Data Size : 118784 Uninitialized Data Size : 0 Entry Point : 0x13a32 OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.6.7000.0 Product Version Number : 6.6.7000.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Vnrmgjtri Lpzybpvwlac File Description : DirectShow Runtime. File Version : 6.6.7000.0 (winmain_win7beta.081212-1400) Internal Name : QCap.dll Legal Copyright : © Uytnvwlob Dbtjrslawzr. All rights reserved. Original Filename : QCap.dll Product Name : Rkathmooi® Rufbqqx® Vnvlhzjpv Gjyxup Product Version : 6.6.7000.0 Ole Self Register :
VirusTotal Report submitted 2012-03-05 03:46:28
VirusShare info last updated 2012-07-26 12:04:57

	MD5	d6c5005e072e024b63737044142b7738
	SHA1	923b9da3e922088da0239ed875b719f0aeed4bfb
	SHA256	b778876e79138d3d3e2c3d4ce80a0c2f40dc3b4cd20b0a8df51592cf6881ca9c
SSDeep	3072:fz55l8rBsWyuajAvDiZEkTyZP+hPBDm5OthP6dERz8AGDkkhxnW7d4oJd:mls7nTOu0+hi2hyyYAGb7W7R
Size	259093 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.XPACK.Gen3 Avast = Win32:Trojan-gen Antiy-AVL = Trojan/Win32.Jorik.gen Ikarus = Trojan-Downloader.Win32.Ponmocup AhnLab-V3 = Win-Trojan/Securisk Panda = Suspicious file K7AntiVirus = Riskware TrendMicro-HouseCall = Cryp_Spypro Comodo = TrojWare.Win32.Trojan.Agent.Gen CAT-QuickHeal = Trojan.Meredrop McAfee-GW-Edition = Generic Dropper!dge TrendMicro = Cryp_Spypro Kaspersky = Trojan.Win32.Genome.myzj Microsoft = Trojan:Win32/Meredrop Fortinet = W32/Dropper.DGE!tr PCTools = HeurEngine.MaliciousPacker Jiangmin = Trojan/Jorik.bkb McAfee = Generic Dropper!dge VIPRE = Packed.Win32.Pirminay.a (v) Avast5 = Win32:Trojan-gen F-Prot = W32/FakeAlert.LP.gen!Eldorado AVG = Generic19.ALIO Norman = W32/Suspicious_Gen2.EYGRH Sophos = Mal/Generic-L Symantec = Packed.Generic.305 GData = Gen:Trojan.Heur.RP.pq1@aiYVxgii TheHacker = Trojan/Genome.myzj BitDefender = Gen:Trojan.Heur.RP.pq1@aiYVxgii NOD32 = probably a variant of Win32/Agent.EDPJVDC
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:31 10:04:45-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 14336 Initialized Data Size : 480256 Uninitialized Data Size : 0 Entry Point : 0x4550 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Get MAC Address File Version : 5.1.2600.0 (xpclient.010817-1148) Internal Name : GetMac.exe Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : GetMac.exe Product Name : Microsoft® Windows® Operating System Product Version : 5.1.2600.0
VirusTotal Report submitted 2011-04-05 22:06:38
VirusShare info last updated 2012-07-26 12:06:50

	MD5	35149a1c76935a1b6ccf71b1393a73e9
	SHA1	bc0f248c18dae442bec2dc899510faedf4f1f3b7
	SHA256	b8930970997fe19a087f90865b99f550abe2e1534409eace1031697a1cc5cc05
SSDeep	6144:PYKNtnvP4C8dEBnWNtIm3KSffYcN1ySdMh85t0seR6o0YtJ:PJnYC8CBHm3KUoSdMxseR6o04J
Size	299003 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Kazy.15607.15 Avast = Win32:Trojan-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Gen Panda = Trj/CI.A nProtect = Gen:Variant.Kazy.15607 VirusBuster = Trojan.Qhost!/DxPuQNmPmA TrendMicro-HouseCall = TROJ_GEN.R4FC2IB Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Artemis!35149A1C7693 TrendMicro = TROJ_GEN.R4FC2IB Kaspersky = Trojan.Win32.Jorik.Pirminay.qn Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Ponmocup.A PCTools = Trojan.Gen Jiangmin = Trojan/Generic.lbwx McAfee = Artemis!35149A1C7693 F-Secure = Gen:Variant.Kazy.15607 VIPRE = Trojan.Win32.Generic!BT AVG = Downloader.Generic11.CNCM Norman = W32/Obfuscated.L Sophos = Mal/Ponmocup-A GData = Gen:Variant.Kazy.15607 Symantec = Trojan.Gen BitDefender = Gen:Variant.Kazy.15607 NOD32 = probably a variant of Win32/Qhost.IJAGUUQ
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:06:19 19:53:31-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 299008 Initialized Data Size : 4096 Uninitialized Data Size : 389120 Entry Point : 0xa7f30 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7000.0 Product Version Number : 6.1.7000.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Hzkswssek Osxhgxlxfav File Description : Network Diagnostic Engine Event Interface File Version : 6.1.7000.0 (winmain_win7beta.081212-1400) Internal Name : ndfetw.dll Legal Copyright : © Xqwtjltcv Sgvblotgdvv. All rights reserved. Original Filename : ndfetw.dll Product Name : Tkwbfotbj® Myooisz® Qonpmodnn Kyvdtt Product Version : 6.1.7000.0
VirusTotal Report submitted 2011-10-03 08:04:07
VirusShare info last updated 2012-07-26 12:07:20

	MD5	14317d72702d3fb7a673ed93fd787f32
	SHA1	ca0c3d36ff2bd29dab865d005d2fb9cd63510309
	SHA256	b9d27c9e9b3afc0e3ab8fb0595f723f0f0425a1ea7773dcce1c17b29ff7eb102
SSDeep	3072:zoYVxt7O2ka2zxe7NH2Zo9B3K72UoUF3wYcif0qMqqDLy/9d0ded93OTI:zxxtSLzeN2Zonn3c3Mi85qqDLu2T
Size	163840 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Gen Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.13 K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_GEN.R72C7JB Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] TrendMicro = TROJ_GEN.R72C7JB Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen McAfee = Vundo!mm F-Secure = Gen:Variant.Vundo.13 VIPRE = Virtumonde F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic25.ZIB Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.13 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.oxo BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.OXO
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:14 14:58:26-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 106496 Initialized Data Size : 98304 Uninitialized Data Size : 0 Entry Point : 0x1af37 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 3.0.6920.1820 Product Version Number : 3.0.6920.1820 File Flags Mask : 0x003f File Flags : Private build File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Ykodchwab Wnzebbnlxzw File Description : PresentationFramework.Luna.dll File Version : 3.0.6920.1820 built by: NetFXw7 Internal Name : PresentationFramework.Luna.dll Legal Copyright : © Wgeudarkd Ohcpevdikur. All rights reserved. Original Filename : PresentationFramework.Luna.dll Product Name : Fjgjgypbf® .NET Framework Product Version : 3.0.6920.1820 Comments : Flavor=Retail Private Build : DDBLD228
VirusTotal Report submitted 2011-10-16 08:35:54
VirusShare info last updated 2012-07-26 12:07:50

	MD5	126707851a8ef966aa74e25644293f1f
	SHA1	a3995a818954d937b6d29c1f07092b2744e488d2
	SHA256	ba295ba22d419f0e6218b192bf5ee80efb73496b46e97c78f49f3118c73d44ba
SSDeep	3072:vEGuwq7uHzaH82qZ8TPxcZvNu9RLTDhNJoqmz/s1GaE:YwYhHqCJgvNu9hTDhNJEydE
Size	132096 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-HF [Cryp] Antiy-AVL = Trojan/Win32.Agent.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Genome Panda = Suspicious file Rising = Trojan.Win32.Generic.1252E35C nProtect = Trojan/W32.Agent.132096.LG K7AntiVirus = Riskware VirusBuster = Trojan.Injector!oNNCpwri7yY VBA32 = AdWare.SuperJuan.xxm eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R4FC2A4 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Vundo!ha DrWeb = Trojan.Siggen2.41718 TrendMicro = TROJ_GEN.R4FC2A4 Kaspersky = Trojan.Win32.Genome.nvhk Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Genome.ios McAfee = Vundo!ha F-Secure = Gen:Trojan.Heur.LP.iu8@aW7giFk VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.BZ.gen!Eldorado AVG = Generic23.XPF Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Trojan.Heur.LP.iu8@aW7giFk Symantec = Trojan.Gen Commtouch = W32/Virtumonde.BZ.gen!Eldorado BitDefender = Gen:Trojan.Heur.LP.iu8@aW7giFk NOD32 = a variant of Win32/Injector.DSE
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:09:17 04:35:47-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 74752 Initialized Data Size : 94208 Uninitialized Data Size : 0 Entry Point : 0x13269 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1.3.0.3130 Product Version Number : 1.3.0.3130 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : TDC ActiveX Control File Version : 1, 3, 0, 3130 Internal Name : TDC Legal Copyright : Copyright © 1996, 1997 Original Filename : TDC.OCX Product Name : Tabular Data Control Product Version : 1, 3, 0, 3130
VirusTotal Report submitted 2012-02-11 13:05:11
VirusShare info last updated 2012-07-26 12:07:59

	MD5	c2cb2d89694734a991366f566e55a1ad
	SHA1	8d49440282ac568ea2c6839d5e383649bc9e389f
	SHA256	bbf23ca08918c6c738799a34c956c1e9ad76e6494a5925fce9807b683343163a
SSDeep	1536:qH2Hsw+RaJ2IBrGKlwAFOFOKA5Azg8BttSYQz7sb3NMQa+ddPPP3kzP2:qHQBrGKloMKpzDBzBQ/sb9MmkzP2
Size	72704 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Suspicious file nProtect = Trojan/W32.Agent.72704.KL K7AntiVirus = Riskware Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Artemis!C2CB2D896947 DrWeb = Trojan.Virtumod.10524 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr McAfee = Artemis!C2CB2D896947 F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.BZ.gen!Eldorado Norman = W32/Vundo.UUW GData = Gen:Variant.Vundo.13 Symantec = WS.Reputation.1 Commtouch = W32/Virtumonde.BZ.gen!Eldorado TheHacker = Trojan/Kryptik.ito BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.ITO
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:11:15 08:48:59-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 25600 Initialized Data Size : 80896 Uninitialized Data Size : 0 Entry Point : 0x71ad OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.0.32 Product Version Number : 6.0.5487.0 File Flags Mask : 0x003f File Flags : Private build File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Unicode Company Name : Hewlett-Packard Company File Description : Smart Array Storport Driver File Version : 6.0.0.32 Build 4 (x86) (NT.060726-2054) Internal Name : HpCISSs.sys Legal Copyright : Copyright (c) 2003-06 Hewlett-Packard Development Company, L.P. ALL RIGHTS RESERVED. Original Filename : HpCISSs.sys Product Name : Smart Array Storport Driver Product Version : 6.0.0.32 Build 4 (x86)
VirusTotal Report submitted 2011-12-21 09:30:21
VirusShare info last updated 2012-07-26 12:08:43

	MD5	9cef155b692805b99d826e04919c6ac9
	SHA1	bc41c56481fb5f7258e49868397e44d0a098bf49
	SHA256	2f6a48eb802ae331cc12fe32e1c3620bb63af3b266a36127083202727c2efa32
SSDeep	3072:AVNZLT57uZzYH3Df2hJylOMqqDLy/YeX:ANTt0UoeqqDLuz
Size	106496 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Monder.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Generic Trojan K7AntiVirus = Riskware VirusBuster = Adware.KXRVLNQ!KKAn7rFt2cA eTrust-Vet = Win32/Monder.A!generic Comodo = TrojWare.Win32.Agent.ahyr Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Faldesc[RE] DrWeb = Trojan.Smardec.75 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.ikcs F-Secure = Gen:Heur.Ranpax.1 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.AHYR Norman = W32/Crypt.AWAV GData = Gen:Heur.Ranpax.1 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Gen:Heur.Ranpax.1 NOD32 = a variant of Win32/Kryptik.QGJ
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:15 03:11:02-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 45056 Initialized Data Size : 114688 Uninitialized Data Size : 0 Entry Point : 0x71b6 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7000.0 Product Version Number : 6.1.7000.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Dqobcighi Wexdayufmti File Description : Jbwdkjait DirectMusic Wave File Version : 6.1.7000.0 (winmain_win7beta.081212-1400) Internal Name : Qvunieave DirectMusic Wave Legal Copyright : © Mjkuhcxyt Fdynyqlkbfc. All rights reserved. Original Filename : dsave.dll Product Name : Regkuctuq® Hndhxzt® Wzqbwbzfu Fmiopt Product Version : 6.1.7000.0
VirusTotal Report submitted 2011-10-17 16:02:55
VirusShare info last updated 2012-07-26 12:08:51

	MD5	dec49fce393c02029c84fa6dd21e2607
	SHA1	1cd85d708258fe203befc301f85adcb8a38d5fc3
	SHA256	c031a86a4cf1d9524f371cd2ecc5399b4df0aa0b45ea33642a98b5331ad77c38
SSDeep	3072:JDhbkzG4TqrJY9Wmeiv7tIeH6cT2y5XblFq45umf:FhbkzWm17CeCyLFZ
Size	104448 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Suspicious file K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!LYds3FQTvEY VBA32 = AdWare.SuperJuan.aaxw TrendMicro-HouseCall = TROJ_GEN.R4FC3IG Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Vundo!mc DrWeb = Trojan.Virtumod.10509 TrendMicro = TROJ_GEN.R4FC3IG Kaspersky = Trojan.Win32.Monder.mqha Microsoft = Trojan:Win32/Vundo Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Adware/SuperJuan.ky F-Secure = Trojan.Generic.6709067 VIPRE = Trojan.Win32.Monder.gen eSafe = Win32.TRVundo F-Prot = W32/Virtumonde.BZ.gen!Eldorado AVG = Generic24.BNKC Norman = W32/Suspicious_Gen2.QUMLV Sophos = Mal/Generic-L GData = Trojan.Generic.6709067 Commtouch = W32/Virtumonde.BZ.gen!Eldorado TheHacker = Trojan/Monder.mqha BitDefender = Trojan.Generic.6709067 NOD32 = a variant of Win32/Kryptik.GND
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:04:01 10:55:22-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 91648 Initialized Data Size : 47616 Uninitialized Data Size : 0 Entry Point : 0x174d7 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 4.1.0.3928 Product Version Number : 4.1.0.3928 File Flags Mask : 0x003f File Flags : Pre-release File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Windows Media Services Streamer Dll File Version : 4.1.00.3928 Internal Name : STRMDLL Legal Copyright : Copyright (C) Microsoft Corp. 1992-1999 Original Filename : STRMDLL Product Name : Microsoft® Windows Media Services Product Version : 4.1.00.3928
VirusTotal Report submitted 2011-10-18 20:46:47
VirusShare info last updated 2012-07-26 12:10:35

	MD5	04c20629bfb022e537ec3a41a9ba227b
	SHA1	7347ebec7efa6b1ef0166571d54a27a1a632bdba
	SHA256	c04b97fa0679b5a9670137148d12804fde57689e801c8e8e4b2900d2cc24ba4d
SSDeep	1536:71crl8hgbPft0Nehj+5G0sLkaWRx99I6Z4GPNN7DxHdb14ATQcdsnD:il8hgbPfeo2bsLkJx7+GlN7tHBdrsn
Size	91648 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Generic Trojan nProtect = Trojan/W32.Agent.91648.QX K7AntiVirus = Riskware VirusBuster = Trojan.Monder!YNAi0oxGFmY VBA32 = AdWare.SuperJuan.aazx TrendMicro-HouseCall = TROJ_GEN.R4FC2IH Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK TrendMicro = TROJ_GEN.R4FC2IH Kaspersky = Trojan.Win32.Monder.mtte Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Menti.fam!tr PCTools = Trojan.Gen McAfee = Vundo!mj F-Secure = Trojan.Generic.6700614 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Cryptic.BQF Norman = W32/Kryptik.AIF Sophos = Mal/Generic-L GData = Trojan.Generic.6700614 Symantec = Trojan.Gen.2 Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Trojan.Generic.6700614 NOD32 = a variant of Win32/Kryptik.IZC
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:06:10 07:21:15-04:00 PE Type : PE32 Linker Version : 5.12 Code Size : 47104 Initialized Data Size : 80384 Uninitialized Data Size : 0 Entry Point : 0xc4d4 OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.5479.0 Product Version Number : 6.0.5479.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 1 Language Code : English (U.S.) Character Set : Unicode Company Name : SEIKO EPSON CORPORATION File Description : EPSON Printer Driver File Version : 6.0.5479.0 (vbl_wcp_d2_drivers.060616-1619) Internal Name : EP0NAR00.DLL Legal Copyright : Copyright (c) SEIKO EPSON CORPORATION 2004. All rights reserved. Original Filename : EP0NAR00.DLL Product Name : EPSON Printer Driver Product Version : 6.0.5479.0
VirusTotal Report submitted 2011-10-16 08:48:35
VirusShare info last updated 2012-07-26 12:10:38

	MD5	20ecd568c3cf6db3ed15071f52d3ec3f
	SHA1	67b866c4df86a3c911f4ba35e9ea1db9f76e2416
	SHA256	c1b1cc5442a0fe5bfd6655e355b03a7661b62264bb57c4b57e83a59000e573ff
SSDeep	1536:/Zq8jRMu4oUCjraLkyW+vyk/ILKAQmFH7Ow0X0dxxgPdJ8srdhH48HUlqim3ocUD:/PMf7CjraLk03/qrxgPd93ULm3ocKL
Size	131072 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Genome Panda = Generic Trojan nProtect = Gen:Variant.Vundo.13 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!ztfTO+MOzu4 TrendMicro-HouseCall = TROJ_GEN.R11C2H3 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Artemis!20ECD568C3CF TrendMicro = TROJ_GEN.R11C2H3 Kaspersky = Trojan.Win32.Genome.vcsn Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Virtumonde.MCZ!tr PCTools = Trojan.Gen McAfee = Artemis!20ECD568C3CF F-Secure = Gen:Variant.Vundo.13 F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.BRYM Norman = W32/Kryptik.AIF GData = Gen:Variant.Vundo.13 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.ndc BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.NDC
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:09:07 16:43:52-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 65536 Initialized Data Size : 98304 Uninitialized Data Size : 0 Entry Point : 0xceaa OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.10.2600.822 Product Version Number : 5.10.2600.822 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Unicode Company Name : NVIDIA Corporation File Description : NVIDIA® nForce(TM) Sata Performance Driver File Version : 5.10.2600.0822 (NT.060926-1359) Internal Name : NVIDIA nForce(TM) SATA Driver Legal Copyright : Copyright(C) 2001-2006 NVIDIA Corporation Original Filename : nvstor.sys Product Name : NVIDIA nForce(TM) SATA Driver Product Version : 5.10.2600.0822
VirusTotal Report submitted 2011-10-08 04:59:03
VirusShare info last updated 2012-07-26 12:11:11

	MD5	b162368648e226069d528929d741865e
	SHA1	ccff30e18fa163488622822933ee7b72147739df
	SHA256	c1d2a26d391db340f4ef8aca390e6c2526a786e52fac674e58a9592fb628d818
SSDeep	3072:noGgGFiH6Tc/8PBUwLmu0bnOD8S/0fxUB7AhapJxrJmpIsVXm:oGLFia/BUwH0bA3b6e9
Size	192512 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Genome Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_GEN.R72C7JB Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Vundo!mm TrendMicro = TROJ_GEN.R72C7JB Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen McAfee = Vundo!mm F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic25.ZYD Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.OXO
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:11:01 11:21:33-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 131072 Initialized Data Size : 94208 Uninitialized Data Size : 0 Entry Point : 0x20891 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Txicdokpp Lalymdgwxap File Description : Itfsykosc File Patch Application API File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : mspatcha.dll Legal Copyright : © Bukpuqsua Xpiwmkpqaxa. All rights reserved. Original Filename : mspatcha.dll Product Name : Tbghwsnyf® Ntvalzo® Operating Bwacaw Product Version : 6.1.7600.16385
VirusTotal Report submitted 2011-10-13 12:44:54
VirusShare info last updated 2012-07-26 12:11:14

	MD5	75f29a959bc34b179eed617ec755b521
	SHA1	601951ac5ecc9ad866279a5a14e51e426e9d185f
	SHA256	c2f898fe538fe9d574eeeef9b8b839c5b0be2c170c2a75168d8bc5acbfe57925
SSDeep	1536:rBo/qa7xJJkQSQjJcZFc4H6IKFhNsKMfbcKNaOJ7xQ9cu:lvKk1QjSFc4H6I2hNefbpxac
Size	72704 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Trj/CI.A nProtect = Trojan/W32.Agent.72704.KC K7AntiVirus = Riskware VBA32 = AdWare.SuperJuan.xfg TrendMicro-HouseCall = TROJ_GEN.R4FC2GF Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Vundo!ll DrWeb = Trojan.Virtumod.10198 TrendMicro = TROJ_GEN.R4FC2GF Kaspersky = Trojan.Win32.Monder.mtxs Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Malware_fam.NB PCTools = Trojan.Gen McAfee = Vundo!ll F-Secure = Trojan.Generic.6626715 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Cryptic.BPO Norman = W32/Kryptik.AIF Sophos = Mal/Generic-L GData = Trojan.Generic.6626715 Symantec = Trojan.Gen.2 Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Trojan.Generic.6626715 NOD32 = a variant of Win32/Kryptik.JHE
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:09:26 09:07:13-04:00 PE Type : PE32 Linker Version : 5.12 Code Size : 27648 Initialized Data Size : 80896 Uninitialized Data Size : 0 Entry Point : 0x792a OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.5600.613 Product Version Number : 6.0.5600.613 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : VIA Technologies Inc.,Ltd Internal Name : vsraid Original Filename : vsraid Product Name : VIA RAID driver File Description : VIA RAID DRIVER FOR X86-32 File Version : 6.0.5600,613 Product Version : 6.0.5600,613 Legal Copyright : Copyright (C) VIA Technologies 1992-2006 Legal Trademarks : Private Build : Special Build :
VirusTotal Report submitted 2011-10-08 01:21:35
VirusShare info last updated 2012-07-26 12:11:42

	MD5	6cc78f5790dc7c55efd35fa0547b5f8b
	SHA1	06d6a8963848b9c55711159aa8f80124f382b932
	SHA256	c38018fbc259ed837f2b04004d68be5c3eabf23ec3e33ab002082f2dee1da113
SSDeep	6144:ARfh/7pJbcK8BQzd4pxqHqtNCIJoIHlef83YvFaYehfE:ih/7Xbc9eqpAHqfCIJTHS834aYehf
Size	403968 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Pirmidrop.G Avast = Win32:Malware-gen Ikarus = Gen.Variant.Vundo Rising = Trojan.Win32.Generic.1234CCB7 nProtect = Trojan/W32.Pirmidrop.403968 K7AntiVirus = Riskware VirusBuster = Trojan.Pirmidrop.B TrendMicro-HouseCall = TROJ_GEN.R47CRH4 Emsisoft = Gen.Variant.Vundo!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Artemis!6CC78F5790DC DrWeb = Trojan.DownLoader2.34051 TrendMicro = TROJ_GEN.R47CRH4 Kaspersky = Trojan.Win32.Pirmidrop.g Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Kryptik.ANL!tr PCTools = HeurEngine.MaliciousPacker Jiangmin = Trojan/Pirmidrop.b McAfee = Artemis!6CC78F5790DC F-Secure = Trojan.Generic.4546575 VIPRE = Packed.Win32.Pirminay.a (v) eSafe = Win32.TRPirmidrop.G F-Prot = W32/FakeAlert.LP.gen!Eldorado AVG = Crypt.WFH Norman = W32/Suspicious_Gen2.PFPRZ Symantec = Packed.Generic.305 GData = Trojan.Generic.4546575 Commtouch = W32/FakeAlert.LP.gen!Eldorado TheHacker = Trojan/Pirmidrop.g BitDefender = Trojan.Generic.4546575 NOD32 = a variant of Win32/Kryptik.NHN
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:04:12 11:56:10-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 390144 Initialized Data Size : 365056 Uninitialized Data Size : 0 Entry Point : 0x60112 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : TCP/IP Remote Shell Command File Version : 5.1.2600.0 (xpclient.010817-1148) Internal Name : rsh.exe Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : rsh.exe Product Name : Microsoft® Windows® Operating System Product Version : 5.1.2600.0
VirusTotal Report submitted 2012-04-15 12:11:04
VirusShare info last updated 2012-07-26 12:11:55

	MD5	889f0a3816cf97da04212291a5de4485
	SHA1	20e47d4c24549e2b7e09fa560021843becc3376b
	SHA256	c4cb989ab9b8762bcfe83fd5b9d8985ea5917207b799bb3b5e638ddbf40b2435
SSDeep	3072:ol7Vt2ChrKgCWf3Ltf3HVsMBCxn5R8ZEXz:QUErssL1VLBCp5cE
Size	102400 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/Win32.Monder.gen Ikarus = Trojan.Win32.Pirminay Rising = Trojan.Win32.Generic.12477A1D nProtect = Trojan/W32.Agent.102400.AGU VirusBuster = Trojan.Monder!Nha7XWz7KME VBA32 = Trojan.Monder.mrwp eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R21C7IT Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Monder.mrwq McAfee-GW-Edition = Vundo!mg DrWeb = Trojan.Virtumod.10344 TrendMicro = TROJ_GEN.R21C7IT Kaspersky = Trojan.Win32.Monder.mrwq Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr Jiangmin = Trojan/Monder.adnt McAfee = Vundo!mg F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.BZ.gen!Eldorado AVG = Generic25.HXS Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.BZ.gen!Eldorado TheHacker = Trojan/Kryptik.gnd BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.GND
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:04:08 08:39:21-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 51200 Initialized Data Size : 86528 Uninitialized Data Size : 0 Entry Point : 0xd651 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 3.2.0.27 Product Version Number : 3.2.0.27 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : File Description : TSHOOT Module File Version : 3.2.0.27 Internal Name : TSHOOT Legal Copyright : Copyright 2000 Legal Trademarks : OLE Self Register : Original Filename : TSHOOT.DLL Private Build : Product Name : TSHOOT Module Product Version : 3.2.0.27 Special Build :
VirusTotal Report submitted 2012-05-09 19:29:24
VirusShare info last updated 2012-07-26 12:12:25

	MD5	3836fc9c2d2b3097d374a30ff75ed82f
	SHA1	e9019506187b2db381375c06787e0042be69f4eb
	SHA256	c5db80d81c1906697b12fc9f1ab01e22ecdfdd676b5396915bfbafac893f2d9f
SSDeep	6144:jquxkS+CQ2bpfa2lNn7l9nyADOGAbrzHJ+b24Yph24d2DmBbs2IEjy4tqU8efpuX:jqZun/yrXvbvy4t6qmrVf
Size	247808 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.ghk Avast = Win32:MalOb-GD [Cryp] Antiy-AVL = Trojan/win32.agent.gen Ikarus = Trojan.Win32.Pirminay Panda = Suspicious file Rising = Trojan.Win32.Generic.129A300C K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!E/gKvqSKNsw eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R30C2IK Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Win32.Trojan.Monder.cv.5 SUPERAntiSpyware = Trojan.Agent/Gen-Faker McAfee-GW-Edition = Vundo!lz DrWeb = Trojan.WinSpy.1248 TrendMicro = TROJ_GEN.R30C2IK Kaspersky = Trojan.Win32.Genome.yutj Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = DangerousObject.Multi.boe McAfee = Vundo!lz F-Secure = Gen:Variant.Vundo.4 VIPRE = Virtumonde eSafe = Win32.TRVundo.Ghk F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic21.BESV Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen.2 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.lxf BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2005:03:15 06:36:59-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 172032 Initialized Data Size : 118784 Uninitialized Data Size : 0 Entry Point : 0x2724e OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.0.0.3422 Product Version Number : 2.0.0.3422 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : Dutch Character Set : Unicode Comments : Company Name : Epmaxbdkg Upciyksupla File Description : Nodfqaxsu Agent International Dll File Version : 2.00.0.3422 Internal Name : agt0413 Legal Copyright : Copyright (C) Dwjrmbzjv Corp. 1999 Legal Trademarks : Original Filename : agt0413.dll Private Build : Product Name : Dgrobozpq Agent International Dll Product Version : 2.00.0.3422 Special Build :
VirusTotal Report submitted 2012-03-02 05:50:18
VirusShare info last updated 2012-07-26 12:12:48

	MD5	75a53b43df086967e61f8c6ae3bb3ba4
	SHA1	a281726e07df971476f24ba7a23997c7bbc3d2a0
	SHA256	c94abe8168a14889494fd6ee79a8c58d212e70a18fea5d5fe9c8620eff26eeec
SSDeep	3072:KVv58vZuZ1d9Yj/FtjHaVv1nXw3p5wHWZb7Q79vxxtfcyCOQzLhrQAG29pPlZg2c:KB//uhWnXw7pM9FNCOOQB2Ifh
Size	238951 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:Downloader-JIF [Trj] Ikarus = Trojan.Win32.Jorik AhnLab-V3 = Trojan/Win32.Jorik Panda = Suspicious file Rising = Trojan.Win32.FakeFolder.z nProtect = Trojan/W32.Agent.238951 K7AntiVirus = Riskware VirusBuster = Trojan.Injector!uc7l10Z9kYs VBA32 = TrojanDownloader.Qhost.jw TrendMicro-HouseCall = Mal_OtorunO Emsisoft = Trojan.Win32.Jorik!IK Comodo = TrojWare.Win32.Trojan.Agent.Gen CAT-QuickHeal = Trojan.Jorik.Pirminay.mh McAfee-GW-Edition = W32/YahLover.worm.gen DrWeb = Trojan.WinSpy.1014 TrendMicro = Mal_OtorunO Kaspersky = Trojan.Win32.Jorik.Pirminay.mh Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Jorik.K!tr PCTools = Net-Worm.SillyFDC!rem Jiangmin = Trojan/Generic.hxys McAfee = W32/YahLover.worm.gen F-Secure = Trojan.Generic.KDV.297459 VIPRE = Trojan.Win32.Generic.pak!cobra eSafe = Win32.TRDropper AVG = Dropper.Generic4.NUT Norman = W32/Kryptik.ALS Sophos = Mal/Generic-L GData = Trojan.Generic.KDV.297459 Symantec = W32.SillyFDC TheHacker = Trojan/Injector.hzu BitDefender = Trojan.Generic.KDV.297459 NOD32 = a variant of Win32/Kryptik.UFA
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 16384 Initialized Data Size : 227328 Uninitialized Data Size : 0 Entry Point : 0x138e OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-04-28 22:06:18
VirusShare info last updated 2012-07-26 12:13:51

	MD5	e322768b7ee728d7d36a7488fbffcd06
	SHA1	904e1e409337155a88d2af9e25c877910c969ed0
	SHA256	c9cde0f8412bb3be7266b0796f6698d0993bfd3fb6762951fde10fd42f44c92c
SSDeep	1536:LJhU9FCrg6r83LGq8yPeS9wvigKmxW33nZtqYQz1nYARnMifqThtJ:LQJ62O8eSKiTmG3HknY1vtJ
Size	98304 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-GD [Cryp] Antiy-AVL = Trojan/Win32.Menti.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Menti Panda = Suspicious file nProtect = Trojan/W32.Agent.98304.AIM K7AntiVirus = Riskware VBA32 = AdWare.SuperJuan.heur eTrust-Vet = Win32/Monder.A!generic Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Vundo.Gen McAfee-GW-Edition = Vundo!mm Kaspersky = Trojan.Win32.Menti.ihqr Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Menti.fam!tr Jiangmin = Trojan/Generic.cxtq McAfee = Vundo!mm F-Secure = Gen:Variant.Katusha.5 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Katusha.5 Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Gen:Variant.Katusha.5 NOD32 = a variant of Win32/Adware.Virtumonde.NKN
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:11:09 09:47:32-05:00 PE Type : PE32 Linker Version : 5.12 Code Size : 77824 Initialized Data Size : 53248 Uninitialized Data Size : 0 Entry Point : 0x13cde OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.1241 Product Version Number : 5.2.3790.1241 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : Microsoft Corporation File Description : Microsoft Linguistically Enhanced Wave File Output Engine File Version : 5.2.3790.1241 Internal Name : MSLWVTTS Legal Copyright : Copyright (C) Microsoft Corp. 1997-98 Legal Trademarks : Original Filename : MSLWVTTS.DLL Private Build : Product Name : Microsoft Linguistically Enhanced Wave File Output Engine Product Version : 5.2.3790.1241 Special Build :
VirusTotal Report submitted 2011-10-15 16:42:51
VirusShare info last updated 2012-07-26 12:14:01

	MD5	7d7baf457ca5c91810841e92b0ddf876
	SHA1	da51c808445af09164b5926f35bf866d3892d230
	SHA256	ca42bbbba4439f63229a8da6094645d29fab92ec06162f26479e72d6e75dbe5c
SSDeep	1536:R0UDIgo9KEvnkFItL4JgQ/tZyxOfi48hbmIC/hAm:09fnkFCql/+ci4UbmICKm
Size	62464 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/win32.agent.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Suspicious file Rising = Trojan.Win32.Generic.1253C9FE nProtect = Trojan/W32.Genome.62464.H K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!/fUM74lfaXw eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R72C2G4 Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Monder.mqlp SUPERAntiSpyware = Trojan.Agent/Gen-Vundo McAfee-GW-Edition = Vundo!ja DrWeb = Trojan.Virtumod.10090 TrendMicro = TROJ_GEN.R72C2G4 Kaspersky = Trojan.Win32.Monder.mqlp Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr Jiangmin = Trojan/Genome.noe McAfee = Vundo!ja F-Secure = Gen:Variant.Vundo.5 VIPRE = Trojan.Win32.Kryptik.laq (v) eSafe = Win32.TRVundo F-Prot = W32/Virtumonde.BZ.gen!Eldorado AVG = Generic23.ANBU Norman = W32/Kryptik.AIF GData = Gen:Variant.Vundo.5 Commtouch = W32/Virtumonde.BZ.gen!Eldorado TheHacker = Trojan/Kryptik.itu BitDefender = Gen:Variant.Vundo.5 NOD32 = a variant of Win32/Kryptik.ITU
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:03:11 18:25:55-05:00 PE Type : PE32 Linker Version : 6.22 Code Size : 20992 Initialized Data Size : 78336 Uninitialized Data Size : 0 Entry Point : 0x604d OS Version : 4.0 Image Version : 4.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 8.0.7000.0 Product Version Number : 8.0.7000.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : IE plugin image decoder support DLL File Version : 8.00.7000.0 (winmain_win7beta.081212-1400) Internal Name : IMGUTIL Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : IMGUTIL.DLL Product Name : Windows® Internet Explorer Product Version : 8.00.7000.0 Ole Self Register :
VirusTotal Report submitted 2012-05-03 12:46:56
VirusShare info last updated 2012-07-26 12:14:12

	MD5	0ac1c092e0e21a97f1379878024bdd1b
	SHA1	c39e59fd2f13fdbbb8925cb64e954c176628080b
	SHA256	cb1520fdd73c7f97a8e0aea614bbf4cc623ba984144e5b80cfe745d11e94ea51
SSDeep	1536:U4AwSC/UXuY28bQJjml9I3k3lQ36QDkU2n:UZwx8b20QJj83lQ39kh
Size	49664 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:MalOb-GH [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Trj/Genetic.gen nProtect = Trojan/W32.Small.49664.EE K7AntiVirus = Trojan VirusBuster = Trojan.Monder!gn5XUyN3QRk eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R72C2FB Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Monder.moaj SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[Cont] McAfee-GW-Edition = Vundo!kd DrWeb = Trojan.WinSpy.1071 TrendMicro = TROJ_GEN.R72C2FB Kaspersky = Trojan.Win32.Monder.moaj ViRobot = Trojan.Win32.Vundo.49664 Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Vundo Jiangmin = Trojan/Generic.isio McAfee = Vundo!kd F-Secure = Gen:Variant.Buzy.4423 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.ST AVG = Cryptic.DQQ Norman = W32/Kryptik.AKE Sophos = Troj/Virtum-Gen GData = Gen:Variant.Buzy.4423 Symantec = Trojan.Vundo!gen9 Commtouch = W32/Virtumonde.ST TheHacker = Trojan/Kryptik.ocu BitDefender = Gen:Variant.Buzy.4423 NOD32 = a variant of Win32/Kryptik.OCU
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2004:08:16 10:16:46-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 40960 Initialized Data Size : 49152 Uninitialized Data Size : 0 Entry Point : 0xaeb1 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2001.12.4414.258 Product Version Number : 3.0.0.4414 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Windows, Latin1 Company Name : Yzwibhlqj Ewifvhxbtkz File Description : Simple Kernel-mode File-based Log File Version : 2001.12.4414.258 Internal Name : txflog.sys Legal Copyright : Copyright (C) Microsoft Corp. 1995-1999 Legal Trademarks : Qfvwqsgxa(R) is a registered trademark of Ighyzngxg Psbzwdzhbpn. Pbnyczd(TM) is a trademark of Zlpagiibr Klpywuagrfb Product Name : COM Services Product Version : 03.00.00.4414
VirusTotal Report submitted 2012-02-03 14:29:59
VirusShare info last updated 2012-07-26 12:14:27

	MD5	a275ba3e93afb34fe7142ccb95afb442
	SHA1	849a90dbb0961980d51831565b1d4e32f88fa799
	SHA256	cbd9eedf40c2145e2f669b204aad1cd3b00035c2be9b5da94b7171b92cc9b494
SSDeep	6144:O/lYbbxZc2ArOLbddIo0mwRTvDZ9CFyfgdEOxC8ddT316HnZgo:TVRf2NvDvCqgfCYdTlMr
Size	274432 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dldr.Ponmocup.A.28 Ikarus = Trojan.SuspectCRC AhnLab-V3 = Trojan/Win32.Gen Panda = Trj/CI.A K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!GTlX8tefmJY VBA32 = SScope.Trojan.Pirminay.chc Emsisoft = Trojan.SuspectCRC!IK McAfee-GW-Edition = Artemis!A275BA3E93AF DrWeb = Trojan.Hosts.3682 Microsoft = TrojanDownloader:Win32/Ponmocup.A PCTools = Trojan.Gen McAfee = Artemis!A275BA3E93AF F-Secure = Trojan.Generic.5488335 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Pirminay-H eSafe = Win32.Trojan AVG = Generic21.MUS Norman = W32/Obfuscated.L Sophos = Mal/Generic-L Symantec = Trojan.Gen.2 GData = Trojan.Generic.5488335 TheHacker = Trojan/Kryptik.jvo BitDefender = Trojan.Generic.5488335 NOD32 = a variant of Win32/Kryptik.JVO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:05 17:40:34-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 36864 Initialized Data Size : 479232 Uninitialized Data Size : 0 Entry Point : 0x8f12 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 7.0.0.0 Product Version Number : 5.2.3790.1230 File Flags Mask : 0x003f File Flags : Private build File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Unicode Company Name : Adaptec, Inc. File Description : Adaptec Windows Ultra320 Driver File Version : 7.0.000.000 (NT.040809-2325) Internal Name : PH 3.0 MS_V98 V564 bw01 - RTC03 Legal Copyright : Copyright © 2003 Adaptec, Inc. All rights reserved. Original Filename : adpu320.sys Product Name : Adaptec Windows Ultra320 Family Driver Product Version : 5.2.3790.1230
VirusTotal Report submitted 2011-03-08 03:46:23
VirusShare info last updated 2012-07-26 12:14:44

	MD5	8136cb4a0ea199d1ff0e8d165bdc6cfb
	SHA1	11b50c26591b62ab4822d051b356d0a776416add
	SHA256	cee8813942cd444cbdcb611bd870c175243df11bf44197cdb36c62d685e55f9e
SSDeep	6144:94sLurrigkRSsRo+1liyGJ4Q6cv0/67WIqgUcAGiKXEt8+LXvSK9lDIcyI6Un:qsLoo8+a3J4qc29BIRL/DvDjyI6Un
Size	383558 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.6.24 Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Swisyn.383558 Panda = Trj/CI.A K7AntiVirus = Riskware VBA32 = Trojan.Pirminay.dqd TrendMicro-HouseCall = TROJ_DLOADR.SMWQ Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Downloader-CEW.ag DrWeb = Trojan.PWS.Wsgame.28668 TrendMicro = TROJ_DLOADR.SMWQ Kaspersky = Trojan.Win32.Pirminay.dqb Microsoft = TrojanDownloader:Win32/Renos.KC Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.ADH Jiangmin = Trojan/Pirminay.mb McAfee = Downloader-CEW.ag F-Secure = Gen:Variant.Zbot.34 VIPRE = Trojan.Win32.Generic!BT F-Prot = W32/MalwareF.YBEY AVG = Generic21.PXC Norman = W32/Obfuscated.L Symantec = Trojan.ADH.2 GData = Gen:Variant.Zbot.34 Commtouch = W32/MalwareF.YBEY TheHacker = Trojan/Pirminay.nsy BitDefender = Gen:Variant.Zbot.34 NOD32 = a variant of Win32/Kryptik.KWL
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:08:05 16:37:46-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 28672 Initialized Data Size : 700416 Uninitialized Data Size : 0 Entry Point : 0x7a30 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 3.0.6920.1109 Product Version Number : 3.0.6920.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Adobe Systems Incorporated File Description : WinFX OpenType/CFF Rasterizer File Version : 3.0.6920.1109 (lh_tools_devdiv_wpf.071009-1109) Internal Name : PresentationCFFRasterizerNative Legal Copyright : Copyright 1983-2005 Adobe Systems Incorporated. All rights reserved. Original Filename : PresentationCFFRasterizerNative.dll Product Name : Microsoft® Windows® Operating System Product Version : 3.0.6920.0
VirusTotal Report submitted 2012-05-27 11:29:41
VirusShare info last updated 2012-07-26 12:15:53

	MD5	db620626e3273c60db19f68c6c1a1f0c
	SHA1	8e295a355d1f58dfb00cad4264a00b8040e9e001
	SHA256	ceeb4118de88d2c3508051a96f049b406d43f611833a45d952fcb8dc36729cc1
SSDeep	3072:+2nw3C9d2HIUdWjdR75QKWUDO8st7pdpo2:pwy9w/dWjTlXjDHsc
Size	103424 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Renos.PJY Avast = Win32:Trojan-gen Ikarus = Trojan.Win32.Pirminay Panda = Suspicious file nProtect = Joke/W32.Renos.103424.C F-Secure = Trojan.Renos.PJY Avast5 = Win32:Trojan-gen AVG = Crypt_c.CEV GData = Trojan.Renos.PJY TheHacker = Trojan/Kryptik.hhf BitDefender = Trojan.Renos.PJY NOD32 = a variant of Win32/Kryptik.HHF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:17 15:51:36-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 92160 Initialized Data Size : 48640 Uninitialized Data Size : 0 Entry Point : 0x17649 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : Neutral Character Set : Unicode Company Name : Microsoft Corporation File Description : KO Hangeul Keyboard Layout for 101 (Type A) File Version : 6.0.6000.16386 (vista_rtm.061101-2205) Internal Name : kbd101a Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : kbd101a.dll Product Name : Microsoft® Windows® Operating System Product Version : 6.0.6000.16386
VirusTotal Report submitted 2010-11-03 00:00:45
VirusShare info last updated 2012-07-26 12:15:53

	MD5	125e96188fdd0ef5b48ce471e3766a6d
	SHA1	a40309a891b26f622ceadac8b026a9dd67bb929c
	SHA256	cf1824dbdb09d9c7539f9b1f343aa2b32201ce38a5a4bc8edbba9fc17bc5e1e9
SSDeep	6144:ulI/IVr3DBqFQGiitHS/SXHp0+n54lOAyvsS5mcad0C0eZ:ulI/KELiWy/SXhLfq0C7
Size	297472 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dldr.Zlob.iyw Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Malware.297472.D Panda = Trj/CI.A nProtect = Gen:Variant.Riern.1 K7AntiVirus = Trojan VirusBuster = Trojan.Genome!aqJs6lLwtj8 eTrust-Vet = Win32/Qhosts.FA Emsisoft = Trojan.Win32.Pirminay!IK Comodo = TrojWare.Win32.Trojan.Agent.Gen CAT-QuickHeal = Win32.TrojanDownloader.Renos.KC.4 McAfee-GW-Edition = Generic Downloader.x!dby DrWeb = Trojan.Click1.17956 Kaspersky = Trojan.Win32.Genome.gsin Microsoft = TrojanDownloader:Win32/Renos.KC PCTools = Trojan.Generic McAfee = Generic Downloader.x!dby F-Secure = Backdoor.Generic.250538 VIPRE = Packed.Win32.Pirminay.a (v) Avast5 = Win32:Malware-gen eSafe = Win32.Downloader F-Prot = W32/FakeAlert.LP.gen!Eldorado AVG = Downloader.Generic9.ARRX Norman = W32/DLoader.AHRSB Sophos = Mal/Ponmocup-A GData = Backdoor.Generic.250538 Symantec = Trojan Horse Commtouch = W32/FakeAlert.LP.gen!Eldorado BitDefender = Backdoor.Generic.250538 NOD32 = a variant of Win32/Kryptik.NHN
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2004:08:10 10:25:12-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 52224 Initialized Data Size : 485888 Uninitialized Data Size : 0 Entry Point : 0xd91c OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 2 Language Code : Neutral Character Set : Unicode Company Name : Microsoft Corporation File Description : Azerbaijan_Cyrillic Keyboard Layout File Version : 5.1.2600.0 (xpclient.010817-1148) Internal Name : kbdaze (3.11) Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : kbdaze.dll Product Name : Microsoft® Windows® Operating System Product Version : 5.1.2600.0
VirusTotal Report submitted 2011-08-27 04:15:19
VirusShare info last updated 2012-07-26 12:15:58

	MD5	0e89c945c90bd41128fe4d7633f4c82f
	SHA1	8841649b7b1c9220757c7211e2a044b57b5d3ad6
	SHA256	cfa5702e61cfdcca556cf230a8abdf9a0b6e1dc344bc04adb6e488a9b04d4190
SSDeep	1536:XQGrcjb62QEKFQ/RWvvGtyHp2880SM+EGzG+BhHk4StYMtd4K+pm3s6nBG:X7rcjb6fLkCH4880SM+EreHk47Pa3ZG
Size	83968 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Menti Panda = Suspicious file nProtect = Gen:Variant.Vundo.6 K7AntiVirus = Riskware VBA32 = AdWare.SuperJuan.heur Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Vundo.av DrWeb = Trojan.Siggen2.56183 Kaspersky = Trojan.Win32.Menti.hxjy Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Menti.fam!tr Jiangmin = Trojan/Menti.bea F-Secure = Gen:Variant.Vundo.6 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-EI [Cryp] F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Cryptic.BTF GData = Gen:Variant.Vundo.6 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.izc BitDefender = Gen:Variant.Vundo.6 NOD32 = a variant of Win32/Kryptik.IZC
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:05:11 05:10:22-04:00 PE Type : PE32 Linker Version : 5.0 Code Size : 33280 Initialized Data Size : 85504 Uninitialized Data Size : 0 Entry Point : 0x8eca OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.0.2920.0 Product Version Number : 5.0.2920.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Internet Connection Wizard Trial Reminder Helper File Version : 5.00.2920.0000 Internal Name : trialoc Legal Copyright : Copyright (C) Microsoft Corp. 1991-1999 Original Filename : trialoc.dll Product Name : Microsoft(R) Windows (R) 2000 Operating System Product Version : 5.00.2920.0000 Ole Self Register :
VirusTotal Report submitted 2011-09-01 13:43:58
VirusShare info last updated 2012-07-26 12:16:13

	MD5	f1a8e2b77df2c9ad000e8c3ce849bf01
	SHA1	18661245d333a6f967de4465d2282a72be1f0d0e
	SHA256	cfcafaa1a47c315dee7cbb979ebf103dd2bf6d56ba2ac105087e2a212ae8e122
SSDeep	3072:+2nw3C9d2HIUdWjdR75QKWUDO8st7p1po2:pwy9w/dWjTlXjDHs0
Size	103424 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	Avast = Win32:Trojan-gen Ikarus = Trojan.Win32.Pirminay Panda = Suspicious file Emsisoft = Trojan.Win32.Pirminay!IK F-Secure = Trojan.Renos.PJY Prevx = High Risk Cloaked Malware Avast5 = Win32:Trojan-gen AVG = Crypt_c.CEV GData = Trojan.Renos.PJY TheHacker = Trojan/Kryptik.hhf BitDefender = Trojan.Renos.PJY NOD32 = a variant of Win32/Kryptik.HHF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:17 15:51:36-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 92160 Initialized Data Size : 48640 Uninitialized Data Size : 0 Entry Point : 0x17649 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : Neutral Character Set : Unicode Company Name : Microsoft Corporation File Description : KO Hangeul Keyboard Layout for 101 (Type A) File Version : 6.0.6000.16386 (vista_rtm.061101-2205) Internal Name : kbd101a Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : kbd101a.dll Product Name : Microsoft® Windows® Operating System Product Version : 6.0.6000.16386
VirusTotal Report submitted 2010-10-28 22:36:48
VirusShare info last updated 2012-07-26 12:16:16

	MD5	d84bb5d3bb83ced1b8ef3fb82aa89341
	SHA1	f0b7f684398a7f68068b5b3a0d82843b163372ca
	SHA256	cff1fc227fb7e00308e2e29f1397237423cea76a9cbef6929df606004551e462
SSDeep	3072:yAb8WyX8YOG3530XimzSjx/WaFtOodo6Akf:yu8WyX8YdGDzSjxvw6n
Size	104960 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.A.164 Avast = Win32:Trojan-gen Antiy-AVL = Trojan/Win32.Pirminay.gen Rising = Trojan.Win32.Generic.523AF565 Prevx = High Risk Cloaked Malware Avast5 = Win32:Trojan-gen GData = Win32:Trojan-gen
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:11:02 12:10:18-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 58368 Initialized Data Size : 82944 Uninitialized Data Size : 0 Entry Point : 0xf1cd OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7000.0 Product Version Number : 6.1.7000.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Virtual WiFi Bus Driver File Version : 6.1.7000.0 (winmain_win7beta.081212-1400) Internal Name : VWiFiBus.sys Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : VWiFiBus.sys Product Name : Microsoft® Windows® Operating System Product Version : 6.1.7000.0
VirusTotal Report submitted 2010-10-18 08:40:21
VirusShare info last updated 2012-07-26 12:16:20

	MD5	10be3e0bd42deb8171bd9b7d6219e575
	SHA1	21c442343f281d28cbb805aa8e9ae34e687e7873
	SHA256	d0f5e9fbb184759750637ceb493ab068b2609cb14086a489cb7539cb031e1372
SSDeep	3072:R5ZaObTDU5y1d6nJGh9mWWjxNECCtPqQQ0oyb/GPybNOgB6qLjbliJKS1:R5UtmMWGNUPcCQITU8jUKS1
Size	221184 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/Win32.Monder.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Trj/CI.A nProtect = Trojan/W32.Vundo.221184.B K7AntiVirus = Riskware eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R4FC2HR Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Win32.Trojan.Monder.cd.5 McAfee-GW-Edition = Artemis!10BE3E0BD42D DrWeb = Trojan.Virtumod.10275 TrendMicro = TROJ_GEN.R4FC2HR Kaspersky = Trojan.Win32.Monder.mokn Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Monder.BMF!tr PCTools = Trojan.Gen McAfee = Artemis!10BE3E0BD42D F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic21.BJOR Norman = W32/Suspicious_Gen2.POWHD Sophos = Troj/Virtum-Gen Symantec = Trojan.Gen GData = Gen:Variant.Vundo.13 Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.NDI
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2007:10:04 21:39:34-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 155648 Initialized Data Size : 98304 Uninitialized Data Size : 0 Entry Point : 0x22d41 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.0.10384 Product Version Number : 5.2.0.10384 File Flags Mask : 0x003f File Flags : Private build File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Unicode Company Name : Adaptec, Inc. File Description : Adaptec RAID Storport Driver File Version : 5.2.0.10384 (NT.070222-1720) Internal Name : arc.sys.B10384.mcb Legal Copyright : Copyright 2007 Adaptec, Inc. All rights reserved. Original Filename : arc.sys Product Name : Adaptec RAID Controller Product Version : 5.2.0.10384
VirusTotal Report submitted 2012-01-24 01:37:40
VirusShare info last updated 2012-07-26 12:16:48

	MD5	b428aa2ea1d6d6e09e4781bce2323680
	SHA1	8736775413aed1fb145b082afde3d3f09848e2af
	SHA256	d17ad8c234f9bb7653b3abe62135a5712230dc61c0d6ebe7ea9759a2985c578b
SSDeep	3072:S+7R6rU50oY8AC3E4DcXSMWQXdFztMqqDLy/6oDbc:rek+i0S+Fz+qqDLu6
Size	131072 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:Vundo-JX Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.4 VirusBuster = Trojan.Vundo.AKMH eTrust-Vet = Win32/Vundo.HPV!genus Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Artemis!B428AA2EA1D6 Microsoft = Trojan:Win32/Vundo.gen!AV PCTools = Trojan.Gen McAfee = Artemis!B428AA2EA1D6 F-Secure = Gen:Variant.Vundo.4 VIPRE = Virtumonde Avast5 = Win32:Vundo-JX eSafe = Win32.TRVundo AVG = Generic23.ZNB Norman = W32/Suspicious_Gen2.NAPYS Symantec = Trojan.Gen.2 GData = Gen:Variant.Vundo.4 BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:05 18:48:40-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 86016 Initialized Data Size : 86016 Uninitialized Data Size : 0 Entry Point : 0x151a7 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.1.4026.0 Product Version Number : 2.0.0.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : Ncpniezam Kdqqjqacykd File Description : Movie Maker Filters File Version : 2, 1, 4026, 0 Internal Name : WMM2FILT Legal Copyright : Copyright (C) Lfwckqjlh Corp, 2004 Legal Trademarks : Original Filename : WMM2FILT.DLL Private Build : Product Name : Windows Movie Maker Product Version : 2.1.4026.0 Special Build :
VirusTotal Report submitted 2011-07-01 00:23:34
VirusShare info last updated 2012-07-26 12:17:02

	MD5	a2c91e433582b5fb61e9fd2dfa15e685
	SHA1	e353f08605bc2359127ef1dea46c5a7b0092407f
	SHA256	d247dee2fbc86fd0445373251f2c905120b4b5a74ff67348bbdb96837be492f7
SSDeep	12288:fNa0vfDnbzkSCJf96hw/ww9VxlxHCHaoeHNiP4Nc:fNpDbzkSrwL9/7HCH9etiANc
Size	457716 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Fakealert.39.14 Avast = Win32:Pirminay-BW [Trj] Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Gen Panda = Trj/CI.A nProtect = Gen:Variant.FakeAlert.39 VirusBuster = Trojan.Kryptik!IeVZwlZSOTA TrendMicro-HouseCall = TROJ_GEN.R11C3GI Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Downloader.a!ma DrWeb = Trojan.MulDrop2.36782 TrendMicro = TROJ_GEN.R11C3GI Kaspersky = Trojan.Win32.Pirminay.ofl Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = PossibleThreat PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.alj McAfee = Downloader.a!ma F-Secure = Gen:Variant.FakeAlert.39 VIPRE = Trojan.Win32.Generic!BT AVG = Generic23.AZVP Norman = W32/Obfuscated.L Sophos = Mal/Generic-L GData = Gen:Variant.FakeAlert.39 Symantec = Trojan.Gen TheHacker = Trojan/Pirminay.jzg BitDefender = Gen:Variant.FakeAlert.39 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:18 12:11:07-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 454656 Initialized Data Size : 4096 Uninitialized Data Size : 548864 Entry Point : 0xf5b10 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.5492.0 Product Version Number : 6.0.5492.0 File Flags Mask : 0x003f File Flags : Private build File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Unicode Company Name : Integrated Technology Express, Inc. File Description : ITE IT8211 ATA/ATAPI SCSI miniport File Version : v1.3.2.7 (NT.060726-2054) Internal Name : IT8211 WIN2000/XP driver v1.3.2.7 Legal Copyright : Copyright (C) Integrated Technology Express, Inc. 2005 Original Filename : iteatapi.sys Product Name : Cnhopprux® Qgqpdpi® Lkenhoyrm Ckufcb Product Version : 6.0.5492.0
VirusTotal Report submitted 2011-10-03 07:51:57
VirusShare info last updated 2012-07-26 12:17:19

	MD5	bd01126264c62e02caeaed0abf6b3f5a
	SHA1	01776d9346910cdf163d11290370088c07acc229
	SHA256	d3c795b54782388b78d212e7f90befcf8de7909437c0697d2b7b89b0a3c2a59f
SSDeep	1536:XxT2uQKXDP2Zy+55PFG3aybKnsyzPtdwOcdnDB64kEbHtLc0ZnKGu9:XR2EDU55PF7C5IsOcdnDMaI0Zlu
Size	84480 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay Panda = Suspicious file nProtect = Trojan/W32.Menti.84480.C K7AntiVirus = Riskware VBA32 = AdWare.SuperJuan.heur TrendMicro-HouseCall = TROJ_GEN.R47C1HF Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Menti.hfms SUPERAntiSpyware = Trojan.Agent/Gen-Kryptik McAfee-GW-Edition = Artemis!BD01126264C6 DrWeb = Trojan.Hosts.4846 TrendMicro = TROJ_GEN.R47C1HF Kaspersky = Trojan.Win32.Menti.hfms Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Menti.cpa McAfee = Artemis!BD01126264C6 F-Secure = Gen:Variant.Vundo.6 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Cryptic.BTF Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.6 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.jhe BitDefender = Gen:Variant.Vundo.6 NOD32 = a variant of Win32/Kryptik.JHE
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:11:16 06:26:58-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 38400 Initialized Data Size : 82944 Uninitialized Data Size : 0 Entry Point : 0xa2f4 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.5512 Product Version Number : 5.1.2600.5512 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Internet Print Provider DLL File Version : 5.1.2600.5512 (xpsp.080413-0852) Internal Name : inetpp.dll Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : inetpp.dll Product Name : Microsoft® Windows® Operating System Product Version : 5.1.2600.5512
VirusTotal Report submitted 2012-06-22 16:28:27
VirusShare info last updated 2012-07-26 12:17:56

	MD5	f2541b4021cc1e30deaad3ef13dc2cd0
	SHA1	83d0b524f5729117f647bb458e0cd47f8a127b15
	SHA256	d4c1b8edb52fcdf8f1954adab898f6222f19c19f29b96bbc16494ea2d3e6d5d9
SSDeep	3072:WrAdPBoUyxX0+AR7092SSh3fxEfYGEMiME9gHA5VZR8FPFeOLiaI0lttGIZjOqHM:JjyVdARQjSdfZaiv9HVcFbtjOqR71gv
Size	312230 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Pirminay.bks Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Malware/Win32.Generic Panda = Suspicious file nProtect = Gen:Variant.Buzy.550 VBA32 = SScope.Trojan.Pirminay.chc TrendMicro-HouseCall = TROJ_GEN.R21C2CF Comodo = UnclassifiedMalware TrendMicro = TROJ_GEN.R21C2CF Kaspersky = Trojan.Win32.Pirminay.dvd Microsoft = TrojanDownloader:Win32/Renos.KC Fortinet = PossibleThreat PCTools = HeurEngine.MaliciousPacker Jiangmin = Trojan/Pirminay.hc VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Malware-gen AVG = Generic20.BGDN Norman = W32/Obfuscated.L Sophos = Mal/Generic-L Symantec = Packed.Generic.305 GData = Backdoor.Generic.552986 TheHacker = Trojan/Downloader.Agent.pxo BitDefender = Backdoor.Generic.552986 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:11:10 10:19:14-05:00 PE Type : PE32 Linker Version : 5.12 Code Size : 24576 Initialized Data Size : 564736 Uninitialized Data Size : 0 Entry Point : 0x6b12 OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.4.3790.0 Product Version Number : 6.4.3790.0 File Flags Mask : 0x30003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Windows, Latin1 Company Name : Microsoft Corporation File Description : DirectShow Runtime. File Version : 6.04.3790.0 Internal Name : QCap.dll Legal Copyright : Copyright (C) 1992-2001 Microsoft Corp. Original Filename : QCap.dll Product Name : DirectShow Product Version : 6.04.3790.0 Direct Show : Core OLE Self Register : DXM20
VirusTotal Report submitted 2011-03-21 14:43:38
VirusShare info last updated 2012-07-26 12:18:19

	MD5	b6cc473f79617f994468346dd1bae3eb
	SHA1	3b09ca54ce3310e3784637ae67ddb48be7174202
	SHA256	d4fe71b68958a5d2140c5c4df726e011165de15dc5b259a887477514627f00d8
SSDeep	6144:qbr47+qinstMgQgRnyoFz8Nr9XFFxTH+likQojkfiIrqsusJX5NLAy:oFq+sGYyo6RZFF9HcQfluaXLLX
Size	334801 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Pirminay.bjk Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Milicenso Panda = Suspicious file nProtect = Gen:Variant.Buzy.552 K7AntiVirus = Riskware VBA32 = SScope.Trojan.Pirminay.chc TrendMicro-HouseCall = Cryp_Spypro Comodo = UnclassifiedMalware DrWeb = Trojan.MulDrop1.60277 TrendMicro = Cryp_Spypro Microsoft = TrojanDownloader:Win32/Renos.KC Fortinet = PossibleThreat PCTools = Trojan.Milicenso Jiangmin = Trojan/Pirminay.gy ClamAV = Trojan.Agent-183368 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Malware-gen AVG = Generic20.BEEO Norman = W32/Obfuscated.L Sophos = Mal/Generic-L Symantec = Trojan.Milicenso GData = Backdoor.Generic.550445 TheHacker = Trojan/Pirminay.bih BitDefender = Backdoor.Generic.550445 NOD32 = a variant of Win32/Kryptik.JIB
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:08:30 13:56:32-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 23040 Initialized Data Size : 603648 Uninitialized Data Size : 0 Entry Point : 0x6552 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.0.0.3422 Product Version Number : 2.0.0.3422 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : Hebrew Character Set : Unicode Comments : Company Name : Microsoft Corporation File Description : Microsoft Agent International Dll File Version : 2.00.0.3422 Internal Name : agt040d Legal Copyright : Copyright (C) Microsoft Corp. 1998 Legal Trademarks : Original Filename : agt040d.dll Private Build : Product Name : Microsoft Agent International Dll Product Version : 2.00.0.3422 Special Build :
VirusTotal Report submitted 2011-03-21 14:30:00
VirusShare info last updated 2012-07-26 12:18:23

	MD5	2366e6b781f2621df4873ebe0f299a16
	SHA1	423fd10080139672c1991385a5a07d49c585abbc
	SHA256	d5da85e04ea6cefc3a65e20bbfbba57afe6a249443e12eaf25bd4169e513ac96
SSDeep	3072:oe0+CQ2bpfKXZ1zC/WfsOGAbrzHJ+h4Yph24d2kfyIiukSBGafogriC9BDMqqDLU:o9+CQ2bpfM1u/WfsOGAbrzHJ+h4Yph2i
Size	183808 bytes
File Type	MS-DOS executable
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:Malware-gen Antiy-AVL = Trojan/win32.agent.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Vundo Panda = Suspicious file K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!HzRe+cwojxU eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R01C2GD Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Vundo.av SUPERAntiSpyware = Trojan.Agent/Gen-Falleg[Cont] McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.WinSpy.1242 TrendMicro = TROJ_GEN.R01C2GD Kaspersky = Trojan.Win32.Monder.mpuo Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen Jiangmin = Trojan/Monder.abbt McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Generic!BT eSafe = Win32.TRVundo F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.BHKK Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.npn BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.NPN
ExIF Data	Error : Unknown file type
VirusTotal Report submitted 2012-02-19 12:41:06
VirusShare info last updated 2012-07-26 12:18:43

	MD5	903c97f30ba96a495d6038fcb8df38b2
	SHA1	92662b5009a665a2eb5823138ca8b0794ba9f2e9
	SHA256	d8705a3b3edb58e0737bb7ea3516463c909ce3b5de3bef154aafc75c3c90d8d7
SSDeep	6144:P/CjrpmDeyA0hrDEiW+Eqgzk1oTpsjQerCfrsHhTjAhW0M9TetYlGfaUC:nCjLqh3EiW5g1oTejQ140Lt6uaUC
Size	302564 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.XPACK.Gen Avast = Win32:Vundo-JU [Trj] Antiy-AVL = Trojan/win32.agent.gen Ikarus = Trojan-Downloader.Win32.Ponmocup Panda = Suspicious file K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!XQC83ScHLAg VBA32 = Trojan.Pirminay.lgu TrendMicro-HouseCall = TROJ_RENOS.BMC Comodo = TrojWare.Win32.Trojan.Agent.Gen Emsisoft = Trojan-Downloader.Win32.Ponmocup!IK CAT-QuickHeal = Trojan.Pirminay.lgu McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.DownLoader4.56877 TrendMicro = TROJ_RENOS.BMC Kaspersky = Trojan.Win32.Pirminay.lgu Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Kryptik.ANL!tr Jiangmin = Trojan/Pirminay.sn McAfee = Generic Malware.ms F-Secure = Gen:Variant.Zbot.34 VIPRE = Trojan.Win32.Generic!BT AVG = Generic21.CLPX Norman = W32/Suspicious_Gen2.QVKSP Sophos = Mal/Generic-L GData = Gen:Variant.Zbot.34 Symantec = Packed.Generic.305 TheHacker = Trojan/Pirminay.eyw BitDefender = Gen:Variant.Zbot.34 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2002:08:22 03:39:20-04:00 PE Type : PE32 Linker Version : 5.12 Code Size : 32768 Initialized Data Size : 536576 Uninitialized Data Size : 0 Entry Point : 0x7ea6 OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.2180 Product Version Number : 5.1.2600.2180 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : Neutral Character Set : Unicode Company Name : Iujbywkiy Pcyhmqylket File Description : SCSI Port Driver File Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Internal Name : scsiport.sys Legal Copyright : © Wmzzvydud Tnxkdnjuzct. All rights reserved. Original Filename : scsiport.sys Product Name : Gzwdwjawk® Sfthzzp® Bfryqqudy Wvwniu Product Version : 5.1.2600.2180
VirusTotal Report submitted 2012-05-14 06:18:18
VirusShare info last updated 2012-07-26 12:19:38

	MD5	bb71b2acbcc78216b62c7c3351eae406
	SHA1	3c349f0b97191f27d8049fab7004552cb016d6be
	SHA256	d93a9f1c71b0f479416c87c233bcdf7e617fb3898fde84cc5582b695bd6e1daa
SSDeep	1536:U42wSC/UXuY28bQJjml9I3k3lQ36QDkUb:Ufwx8b20QJj83lQ39k
Size	49664 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:MalOb-GH Antiy-AVL = Trojan/win32.agent.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Gen Panda = Trj/CI.A TrendMicro-HouseCall = TROJ_GEN.R72C2FM Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Vundo!iy TrendMicro = TROJ_GEN.R72C2FM ViRobot = Trojan.Win32.Vundo.49664 Microsoft = Trojan:Win32/Vundo.gen!AV PCTools = Trojan.Gen McAfee = Vundo!iy VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-GH AVG = Generic23.THV Norman = W32/Suspicious_Gen2.MYTYL Symantec = Trojan.Gen GData = Trojan.Generic.KDV.264394 BitDefender = Trojan.Generic.KDV.264394 NOD32 = a variant of Win32/Kryptik.OCU
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2004:08:16 10:16:46-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 40960 Initialized Data Size : 49152 Uninitialized Data Size : 0 Entry Point : 0xaeb1 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2001.12.4414.258 Product Version Number : 3.0.0.4414 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Windows, Latin1 Company Name : Yzwibhlqj Ewifvhxbtkz File Description : Simple Kernel-mode File-based Log File Version : 2001.12.4414.258 Internal Name : txflog.sys Legal Copyright : Copyright (C) Microsoft Corp. 1995-1999 Legal Trademarks : Qfvwqsgxa(R) is a registered trademark of Ighyzngxg Psbzwdzhbpn. Pbnyczd(TM) is a trademark of Zlpagiibr Klpywuagrfb Product Name : COM Services Product Version : 03.00.00.4414
VirusTotal Report submitted 2011-06-25 10:48:15
VirusShare info last updated 2012-07-26 12:19:56

	MD5	ba4e95405fbe23954bcff255fec292d0
	SHA1	2fc7e71bcd6c463e6b1c4531abdee06c92bf79e7
	SHA256	dc09366f506a339d56e24278b3a28fd134b8d9903e63d35842e727e8658726ba
SSDeep	1536:FMV7dNrMuCicEsaaJVFTWa2VMdbJdB/dC5MVGBpdnd9ojUBTioVdEJphbD4ICddP:KV7zrMJjaaJVFTWa2VMdbJdB/dC5MVGV
Size	95744 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/Win32.Monder.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Suspicious file nProtect = Trojan/W32.Vundo.95744.N K7AntiVirus = Riskware VirusBuster = Trojan.Monder!OlJBrmr78Ks VBA32 = AdWare.SuperJuan.heur TrendMicro-HouseCall = TROJ_GEN.R11C2FR Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Monder.mjpq McAfee-GW-Edition = Artemis!BA4E95405FBE DrWeb = Trojan.Virtumod.9805 TrendMicro = TROJ_GEN.R11C2FR Microsoft = Trojan:Win32/Vundo.gen!AV ViRobot = Trojan.Win32.A.Monder.95744 Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Vundo TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Monder.aafw McAfee = Artemis!BA4E95405FBE F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic21.AKVL Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen Symantec = Trojan.Vundo!gen9 GData = Gen:Variant.Vundo.13 Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Adware.Virtumonde.NHJ
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:04:20 04:03:03-04:00 PE Type : PE32 Linker Version : 5.12 Code Size : 49152 Initialized Data Size : 86016 Uninitialized Data Size : 0 Entry Point : 0xbe4e OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 3.2.0.25 Product Version Number : 3.2.0.25 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : File Description : PPServer Module File Version : 3, 2, 0, 25 Internal Name : PPServer Legal Copyright : Copyright 1999 Legal Trademarks : OLE Self Register : Original Filename : PPServer.DLL Private Build : Product Name : PPServer Module Product Version : 3, 2, 0, 25 Special Build :
VirusTotal Report submitted 2012-06-20 20:07:36
VirusShare info last updated 2012-07-26 12:20:57

	MD5	4be83e250038d9b6eebd138ec47b756c
	SHA1	0a6082ec1c06c69d12558061cca7614a4ed5c69c
	SHA256	dc324eefb6a941165853dfa178d48f2d295a658ae48ac42d00944f5bdccc33f7
SSDeep	3072:yNNU2/Lx5PuYpC+VdfC4wBBYzKWzgo6muAGDiX:mHVMBFnT
Size	126976 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-EI Ikarus = Trojan.Win32.Pirminay Panda = Suspicious file Emsisoft = Trojan.Win32.Pirminay!IK VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-EI AVG = Generic22.ABAX GData = Win32:MalOb-EI NOD32 = a variant of Win32/Kryptik.NDC
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:12:03 07:46:59-05:00 PE Type : PE32 Linker Version : 5.12 Code Size : 45056 Initialized Data Size : 114688 Uninitialized Data Size : 0 Entry Point : 0x8c1a OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 0.3.81.1 Product Version Number : 7.6.81.1 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 12 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : ThinPrint GmbH File Description : TPOG Printer Driver File Version : 7,6,81,1 Internal Name : tpprn.dll Legal Copyright : Copyright © 2000 - 2007 ThinPrint GmbH Legal Trademarks : Original Filename : tpprn.dll Private Build : Product Name : ThinPrint Output Gateway Product Version : 7,6,81,1 Special Build :
VirusTotal Report submitted 2011-06-06 13:18:26
VirusShare info last updated 2012-07-26 12:21:00

	MD5	c3f8cec2ffa3e86f99fcffd526e97d87
	SHA1	e6d30bcb0a5506c68c6a3f9a7d992a66359916fc
	SHA256	dc3520d69851614adbd6c64d177d80482175e33c7327f25dc826f9065beee8a2
SSDeep	6144:bywCrsWIYqMfaokVaRzy5Saxev4H5gR4UCmr88GZkbyWNJW:OhIdfMSokQxAEvqKu5AhYyzg
Size	314979 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Kazy.27030 Avast = Win32:Trojan-gen Antiy-AVL = Trojan/win32.agent.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/CI.A nProtect = Gen:Variant.Kazy.27030 VirusBuster = Trojan.DL.Agent!4rInx2f4Rfo Comodo = TrojWare.Win32.Trojan.Agent.Gen SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Downloader.a!e DrWeb = Trojan.DownLoader3.41896 Kaspersky = Trojan.Win32.Pirminay.jds Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Pirminay.JDS!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.gkxo McAfee = Downloader.a!e F-Secure = Trojan.Generic.6164592 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Downloader-IDN AVG = SHeur3.CGEY Norman = W32/Obfuscated.L Symantec = Trojan.Gen GData = Trojan.Generic.6164592 TheHacker = Trojan/Pirminay.jab BitDefender = Trojan.Generic.6164592 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:11:23 15:50:45-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 311296 Initialized Data Size : 4096 Uninitialized Data Size : 401408 Entry Point : 0xae920 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.0.2134.1 Product Version Number : 5.0.2134.1 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 8 Language Code : English (U.S.) Character Set : Unicode Company Name : Gagvrylqb Kgijrswgxrk File Description : Gwqvmlzda ACM Audio Filter File Version : 5.00.2134.1 Internal Name : Ujjbafrgf ACM Audio Filter Legal Copyright : Copyright (C) Mndxuteda Corp. 1981-1999 Original Filename : msfltr32.acm Product Name : Pklkhigfo(R) Wwvnjda (R) 2000 Operating Ujytgc Product Version : 5.00.2134.1
VirusTotal Report submitted 2011-07-01 19:08:29
VirusShare info last updated 2012-07-26 12:21:00

	MD5	e8a3741d700a13a2d8013b0085520d51
	SHA1	76958afa5b8cb15c0d8c01e1f41fbd2edba75032
	SHA256	dd7e7780618c5c575ed6d8ea074da41d85a84f131757634b7e7328e6e23ed4b9
SSDeep	6144:ezCotqTz8we9UqRlP9jBpD+BIX+Vyi/Nn7+SgqhYybDM0hObYlCO4F:Qt+tQBXpDgV5/9bYCgie
Size	349712 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Pirminay.ayk Avast = Win32:Trojan-gen Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan-Downloader.Win32.Ponmocup AhnLab-V3 = Win-Trojan/Swisyn.349712 Panda = Suspicious file VBA32 = suspected of Trojan.Pirminay.ayl TrendMicro-HouseCall = TROJ_GEN.R28C2BE Emsisoft = Trojan-Downloader.Win32.Ponmocup!IK McAfee-GW-Edition = Generic Downloader.x!eln TrendMicro = TROJ_GEN.R28C2BE Kaspersky = Trojan.Win32.Pirminay.dll Microsoft = TrojanDownloader:Win32/Ponmocup.A PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.nd McAfee = Generic Downloader.x!eln F-Secure = Trojan.Generic.5200338 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Trojan-gen AVG = Generic20.BFSY Norman = W32/Obfuscated.L Sophos = Mal/Generic-L Symantec = Trojan.Gen GData = Trojan.Generic.5200338 TheHacker = Trojan/Pirminay.ayk BitDefender = Trojan.Generic.5200338 NOD32 = a variant of Win32/Kryptik.IZC
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:02:10 09:55:22-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 342016 Initialized Data Size : 290304 Uninitialized Data Size : 0 Entry Point : 0x543cc OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6001.18000 Product Version Number : 6.0.6001.18000 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Microsoft User Experience Session Management Service File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840) Internal Name : UxSms.dll Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : UxSms.dll Product Name : Microsoft® Windows® Operating System Product Version : 6.0.6001.18000
VirusTotal Report submitted 2011-03-17 01:11:37
VirusShare info last updated 2012-07-26 12:21:27

	MD5	2a0e7d2a1c96b8c17fd619dc7937fd18
	SHA1	89c98f6b34459206da1dc8d1866a2713c16a50a2
	SHA256	dee997c1c28037afa67cd7ba4b428c4d9a9eb527f5e45b78420fb826030eb54c
SSDeep	3072:0KHfDp1SP5ENyMd4tvasfPvvJ6heFjoGMqqDLy/Q60:Dl1frEvfEM2qqDLu
Size	155648 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-HH [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Vundo Panda = Trj/Genetic.gen K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!HPZ7lmEVEKw eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R29C2IG Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Vundo McAfee-GW-Edition = Vundo!ll DrWeb = Trojan.Click1.54924 TrendMicro = TROJ_GEN.R29C2IG Kaspersky = Trojan.Win32.Genome.yuwk Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.iqrf McAfee = Vundo!ll F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Cryptic.CZO Norman = W32/Suspicious_Gen2.QKVRO Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Genome.sqdx BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:22 10:44:33-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 110592 Initialized Data Size : 86016 Uninitialized Data Size : 0 Entry Point : 0x17802 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 2 Language Code : Neutral Character Set : Unicode Company Name : Microsoft Corporation File Description : Ukrainian (Enhanced) Keyboard Layout File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : kbdur1 (3.13) Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : kbdur1.dll Product Name : Microsoft® Windows® Operating System Product Version : 6.1.7600.16385
VirusTotal Report submitted 2012-03-07 10:46:50
VirusShare info last updated 2012-07-26 12:21:54

	MD5	e67354adaffa7bb0f896e8e2465db0b8
	SHA1	2a46e88b4f182c19677471c97cabb438aa814193
	SHA256	df1e47864b48a2cf113093b4eb75feb3f06f951b2a66f829828198ede8ad8cb5
SSDeep	3072:R5Z4jcTDU5y1xEJGh9mWWjuNECCtPqQQ0o4F/hOyRiOgS6qL0blyJKS1:R5KmMWtNUPcOEyoR80kKS1
Size	221184 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/Win32.Monder.gen Ikarus = Trojan.Win32.Pirminay Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.13 K7AntiVirus = Riskware eTrust-Vet = Win32/Monder.A!generic Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Vundo.av Kaspersky = Trojan.Win32.Monder.mqxt Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Monder.BMF!tr F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-EI [Cryp] F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic21.BJOR GData = Gen:Variant.Vundo.13 Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.NDI
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2007:10:04 21:39:34-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 155648 Initialized Data Size : 98304 Uninitialized Data Size : 0 Entry Point : 0x22d41 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.0.10384 Product Version Number : 5.2.0.10384 File Flags Mask : 0x003f File Flags : Private build File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Unicode Company Name : Adaptec, Inc. File Description : Adaptec RAID Storport Driver File Version : 5.2.0.10384 (NT.070222-1720) Internal Name : arc.sys.B10384.mcb Legal Copyright : Copyright 2007 Adaptec, Inc. All rights reserved. Original Filename : arc.sys Product Name : Adaptec RAID Controller Product Version : 5.2.0.10384
VirusTotal Report submitted 2011-09-01 13:45:34
VirusShare info last updated 2012-07-26 12:22:00

	MD5	be7dd4d09fd6b575c340e821d98f5bd9
	SHA1	388a88a5abefd59707306e35514c335859e7f51c
	SHA256	df510298bb2a0897669ed1be2f05d41189e254022b26d44419b9d9e2966bd274
SSDeep	3072:no90GFBMjSu8PWyUQLmucG2fOD1SW0XlJZ7shapJxrJmpIlVXm:o9HFBuCXUQHctJ7b6eq
Size	192512 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Genome Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_GEN.R4FC2IL Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Artemis!BE7DD4D09FD6 TrendMicro = TROJ_GEN.R4FC2IL Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen McAfee = Artemis!BE7DD4D09FD6 F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado Sophos = Troj/Virtum-Gen Symantec = Trojan.Gen GData = Gen:Variant.Vundo.4 Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.OXO
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:11:01 11:21:33-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 131072 Initialized Data Size : 94208 Uninitialized Data Size : 0 Entry Point : 0x20891 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Txicdokpp Lalymdgwxap File Description : Itfsykosc File Patch Application API File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : mspatcha.dll Legal Copyright : © Bukpuqsua Xpiwmkpqaxa. All rights reserved. Original Filename : mspatcha.dll Product Name : Tbghwsnyf® Ntvalzo® Operating Bwacaw Product Version : 6.1.7600.16385
VirusTotal Report submitted 2011-10-23 20:00:07
VirusShare info last updated 2012-07-26 12:22:03

	MD5	0142e8ac236fdd71f42419bb6cd3bc5d
	SHA1	6bb537da76d37b6c889701ad1d8ecc9fccdfdc44
	SHA256	df652b873eabb625e2457eb494eddec682b0f5553e451289e750680667c31a10
SSDeep	3072:qtTiN/vRgtN/enWX3Smd3CVWxz6d5o8CxeMhPG+LIap:mTiZ5gfsmdSVWxzAZuG+r
Size	157184 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-GD [Cryp] Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Genome Panda = Suspicious file K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!/I3AAd5mC3M eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R4FC2II Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[Cont] McAfee-GW-Edition = Vundo!ly DrWeb = Trojan.Click1.54681 TrendMicro = TROJ_GEN.R4FC2II Kaspersky = Trojan.Win32.Genome.yjtf Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Genome.akwc McAfee = Vundo!ly F-Secure = Gen:Variant.Vundo.4 F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.XIB Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen Symantec = Trojan.Gen GData = Gen:Variant.Vundo.4 Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Gen:Variant.Vundo.4 NOD32 = probably a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2002:08:30 20:37:39-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 81920 Initialized Data Size : 122880 Uninitialized Data Size : 0 Entry Point : 0x116ca OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1.0.7000.0 Product Version Number : 1.0.7000.0 File Flags Mask : 0x0003 File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Nuafasjto Qyqlfxefiap File Description : Oxoolhuhi ® Script Control File Version : 1.0.7000.0 Internal Name : msscript.dll Legal Copyright : © Microsoft Izfzbyenwcn. All rights reserved. Original Filename : msscript.dll Product Name : Tqcnjrlom ® Script Control Product Version : 1.0.7000.0
VirusTotal Report submitted 2012-02-12 03:22:06
VirusShare info last updated 2012-07-26 12:22:04

	MD5	643bb7c4f4d48f8389a515ced99bee4d
	SHA1	db883616b557e841d72b0aada83dc1298630cdfa
	SHA256	df92840e2d91962339ce663797a8b0ea3b3dcf2cd7521927f49aaa3957f6d972
SSDeep	6144:yeKX/o67DN35TasGyfUn/y611mqbGqKql3FGy5qGS/cjBNVJzIg:yz/NFPGeUFmxq9VR32g
Size	393179 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	Panda = Suspicious file VBA32 = SScope.Trojan.Pirminay.chc F-Secure = Trojan.Downloader.JNWJ GData = Trojan.Downloader.JNWJ BitDefender = Trojan.Downloader.JNWJ NOD32 = a variant of Win32/Kryptik.JZC
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:28 16:32:32-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 385024 Initialized Data Size : 307200 Uninitialized Data Size : 0 Entry Point : 0x5e1ac OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6001.18000 Product Version Number : 6.0.6001.18000 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Microsoft NLS Core Migration Lib File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840) Internal Name : NLSCoreMig Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : NLSCoreMig.DLL Product Name : Microsoft® Windows® Operating System Product Version : 6.0.6001.18000
VirusTotal Report submitted 2011-02-19 11:29:13
VirusShare info last updated 2012-07-26 12:22:07

	MD5	8e17cd4ce5339467e4d7ee91ba6ad5f0
	SHA1	df34d8dcd687e9092f40e9137c9f22da9fe6063a
	SHA256	dfa6ebf1c3611129e13d98b8ece002ef41883d55d161fe99c727709d5056c985
SSDeep	6144:P1YlubkDIe20YfactSsf3uTIQnBFN8AxiGirSZ8Xo/Kd:PGvJYieSsWTRnBF9iGeSZ8Xo/K
Size	387584 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dldr.Ponmocup.A.27 Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Malware.387584.I Panda = Suspicious file nProtect = Trojan.Generic.3987521 K7AntiVirus = Trojan TrendMicro-HouseCall = TROJ_GEN.R21C1DO McAfee-GW-Edition = Generic Downloader.x!ehg TrendMicro = TROJ_GEN.R21C1DO Kaspersky = Trojan.Win32.Pirminay.cnk Microsoft = TrojanDownloader:Win32/Ponmocup.A PCTools = HeurEngine.MaliciousPacker McAfee = Generic Downloader.x!ehg VIPRE = Trojan.Win32.Generic!SB.0 Avast5 = Win32:Malware-gen F-Prot = W32/FakeAlert.LP.gen!Eldorado AVG = Generic22.BCAN Norman = W32/Suspicious_Gen2.CGTGJ Sophos = Mal/Generic-L Symantec = Packed.Generic.305 GData = Trojan.Generic.3987521 Commtouch = W32/FakeAlert.LP.gen!Eldorado BitDefender = Trojan.Generic.3987521 NOD32 = a variant of Win32/Kryptik.JJR
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2007:12:28 03:04:49-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 20992 Initialized Data Size : 727040 Uninitialized Data Size : 0 Entry Point : 0x5eac OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : TCPIP Finger Command File Version : 5.1.2600.0 (xpclient.010817-1148) Internal Name : finger.exe Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : finger.exe Product Name : Microsoft® Windows® Operating System Product Version : 5.1.2600.0
VirusTotal Report submitted 2011-05-24 06:13:03
VirusShare info last updated 2012-07-26 12:22:09

	MD5	db690d6dd0d42f7b3d1988083a34d5a2
	SHA1	1a395f031943de209f436ffd25faac56374592e7
	SHA256	dfb14e7dd078de6cf8360ed076279d85c02b9f244d33c39bf8bf13acf77a5d90
SSDeep	3072:igkIdDU8y8zM97tu1G31fyuAozMqqDLy/T4SV8:1kH8zqha8AqqDLudV8
Size	118784 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Genome Panda = Suspicious file nProtect = Gen:Variant.Vundo.16 K7AntiVirus = Riskware Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Kundo Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen F-Secure = Gen:Variant.Vundo.16 Avast5 = Win32:Malware-gen F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.AGKM Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.16 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Genome.srdh BitDefender = Gen:Variant.Vundo.16 NOD32 = probably a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:16 03:31:27-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 40960 Initialized Data Size : 118784 Uninitialized Data Size : 0 Entry Point : 0x6ec2 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1998.11.13.0 Product Version Number : 7.0.6.23 File Flags Mask : 0x003f File Flags : (none) File OS : Win16 Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Windows, Latin1 Platform : Windows Company Name : Microsoft Corporation File Description : SQL Client Configuration Utility. File Version : 1998.11.13 Internal Name : CLICONFG. Legal Copyright : Copyright © Microsoft Corp. 1988-1998 Legal Trademarks : Microsoft® is a registered trademark of Microsoft Corporation. Windows(TM) is a trademark of Microsoft Corporation Original Filename : CLICONFG.EXE. Product Name : Microsoft SQL Server Product Version : 7.00.623 Comments : Windows
VirusTotal Report submitted 2011-09-12 17:00:04
VirusShare info last updated 2012-07-26 12:22:10

	MD5	c1773af63026ff9cd912fee852e5fb87
	SHA1	66a7f8225d09daa3d53d93016fe7fab725716702
	SHA256	e554f52d0e9dba2db556aab6a3a250d2d24f837c1afe22d21cb436adc09f8363
SSDeep	1536:xIpV1SGNm2HekpWrngbcNPkcW2Ju5ehKv7zf/l0IjMQJSLpO1teS4XGEBBhF25J5:ap7SGNm2e58bz0uCKPlFpSVCehZ25JI
Size	114688 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-GD [Cryp] Antiy-AVL = Trojan/Win32.Monder.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Generic Trojan nProtect = Gen:Variant.Graftor.310 K7AntiVirus = Riskware eTrust-Vet = Win32/Monder.A!generic TrendMicro-HouseCall = TROJ_GEN.R4FC7JN Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Artemis!C1773AF63026 DrWeb = Trojan.Virtumod.10499 TrendMicro = TROJ_GEN.R4FC7JN Kaspersky = Trojan.Win32.Monder.mzbo Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Monder.acxx McAfee = Artemis!C1773AF63026 F-Secure = Gen:Variant.Graftor.310 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CD.gen!Eldorado AVG = Generic22.APDD Sophos = Troj/Virtum-Gen Symantec = Trojan.Gen.2 GData = Gen:Variant.Graftor.310 Commtouch = W32/Virtumonde.CD.gen!Eldorado BitDefender = Gen:Variant.Graftor.310 NOD32 = a variant of Win32/Kryptik.NDI
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2007:02:11 20:48:32-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 57344 Initialized Data Size : 90112 Uninitialized Data Size : 0 Entry Point : 0xae19 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.0.0.3422 Product Version Number : 2.0.0.3422 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : Clcdkfhdh Vdvesxebiba File Description : Bbyuczhtl Agent Data Provider File Version : 2.00.0.3422 Internal Name : AgentDataProvider Legal Copyright : Copyright (C) Microsoft Corp. 1997-98 Legal Trademarks : Original Filename : AgentDpv.dll Private Build : Product Name : Zqbtqzuvw Agent Data Provider Product Version : 2.00.0.3422 Special Build :
VirusTotal Report submitted 2011-11-14 01:17:00
VirusShare info last updated 2012-07-26 12:24:14

	MD5	19f2d3bfeeb343100fbb1108b4d47bbd
	SHA1	1f452815c1e6eea35552fbef1cddad8a1c233795
	SHA256	e7c91ef7ebc94ace0afb9eb3c833f7e108258a733d99207512d3f04e813c8a31
SSDeep	6144:XmRll46LCLMPKZuZuTTTiSg7fSGF7i/RxunGoNx1QKO9hOrCGR4:WRTTLbCZuqTG7f8unrFO9hOrT4
Size	315940 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dldr.Ponmocup.A.154 Ikarus = Trojan-Downloader.Win32.Ponmocup AhnLab-V3 = Trojan/Win32.ADH Panda = Suspicious file nProtect = Trojan.Generic.5341697 VBA32 = suspected of Trojan.Pirminay.bg TrendMicro-HouseCall = TROJ_GEN.R29C2A3 Comodo = UnclassifiedMalware Emsisoft = Trojan-Downloader.Win32.Ponmocup!IK McAfee-GW-Edition = Heuristic.BehavesLike.Win32.Downloader.H DrWeb = Trojan.Hosts.2688 TrendMicro = TROJ_GEN.R29C2A3 Microsoft = TrojanDownloader:Win32/Ponmocup.A PCTools = Trojan.Gen F-Secure = Trojan.Generic.5341697 VIPRE = Trojan.Win32.Generic!BT AVG = Pakes.IEA Norman = W32/Obfuscated.L Sophos = Mal/Generic-L GData = Trojan.Generic.5341697 Symantec = Trojan.Gen BitDefender = Trojan.Generic.5341697 NOD32 = a variant of Win32/Kryptik.JIW
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:11:27 15:01:27-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 49664 Initialized Data Size : 525824 Uninitialized Data Size : 0 Entry Point : 0xcd26 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 6 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : MS Remote Access and Routing ARP Driver File Version : 6.0.6000.16386 (vista_rtm.061101-2205) Internal Name : WANARP.SYS Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : WANARP.SYS Product Name : Microsoft® Windows® Operating System Product Version : 6.0.6000.16386
VirusTotal Report submitted 2011-01-14 08:50:57
VirusShare info last updated 2012-07-26 12:25:08

	MD5	cbd042cd17d14aef3fe50a9ccd8398f9
	SHA1	8ad0de6f72b57df6ac2dcb4a376ee3b4f8a13333
	SHA256	e96b744e56d0d593e65ab162ac376ec6b1912fb6758fc9772dd4885acc6f34b4
SSDeep	1536:R0UDIgo9KEvnkFItL4Jgm/tZyxOfi48hbmIC/hAm:09fnkFCqn/+ci4UbmICKm
Size	62464 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Suspicious file Rising = Trojan.Win32.Generic.1253C9FE nProtect = Trojan/W32.Genome.62464.H K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!fUYdEu7/Zyo TrendMicro-HouseCall = TROJ_GEN.R26C1H3 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Monder.mncz SUPERAntiSpyware = Trojan.Agent/Gen-Vundo McAfee-GW-Edition = Artemis!CBD042CD17D1 DrWeb = Trojan.Virtumod.10090 TrendMicro = TROJ_GEN.R26C1H3 Kaspersky = Trojan.Win32.Monder.mncz Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Genome.noe McAfee = Artemis!CBD042CD17D1 ClamAV = PUA.Win32.Packer.Armadillo-93 F-Secure = Gen:Variant.Vundo.5 VIPRE = Trojan.Win32.Kryptik.laq (v) eSafe = Win32.TRATRAPS F-Prot = W32/Virtumonde.BZ.gen!Eldorado AVG = Generic20.BPBQ Norman = W32/Kryptik.AIF Sophos = Mal/Generic-L GData = Gen:Variant.Vundo.5 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.BZ.gen!Eldorado TheHacker = Trojan/Kryptik.itu BitDefender = Gen:Variant.Vundo.5 NOD32 = a variant of Win32/Kryptik.ITU
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:03:11 18:25:55-05:00 PE Type : PE32 Linker Version : 6.22 Code Size : 20992 Initialized Data Size : 78336 Uninitialized Data Size : 0 Entry Point : 0x604d OS Version : 4.0 Image Version : 4.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 8.0.7000.0 Product Version Number : 8.0.7000.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : IE plugin image decoder support DLL File Version : 8.00.7000.0 (winmain_win7beta.081212-1400) Internal Name : IMGUTIL Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : IMGUTIL.DLL Product Name : Windows® Internet Explorer Product Version : 8.00.7000.0 Ole Self Register :
VirusTotal Report submitted 2012-06-08 09:12:58
VirusShare info last updated 2012-07-26 12:26:04

	MD5	cf7cd66f74dfb13ef55ae661c180954e
	SHA1	b8df5ebe2b799a32b19403d91771ebbba8d320ff
	SHA256	edaf67fa359c407009eb44570d567fd577bac213041474eb94df6d76639df6b7
SSDeep	3072:QgzecJZtOrC2YmC7IojvbpPHSETRffApyq:QgzeIZBdmC7ZYM
Size	108032 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/Win32.Menti.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Menti Panda = Trj/Genetic.gen nProtect = Gen:Variant.Renos.61 K7AntiVirus = Riskware VBA32 = AdWare.SuperJuan.heur TrendMicro-HouseCall = TROJ_GEN.R4FC2IK Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Artemis!CF7CD66F74DF DrWeb = Trojan.Siggen2.29520 TrendMicro = TROJ_GEN.R4FC2IK Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.cttb McAfee = Artemis!CF7CD66F74DF F-Secure = Gen:Variant.Renos.61 F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Cryptic.BTF Norman = W32/Kryptik.AIF Sophos = Mal/EncPk-XI GData = Gen:Variant.Renos.61 Symantec = Trojan.Gen.2 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.jhe BitDefender = Gen:Variant.Renos.61 NOD32 = a variant of Win32/Kryptik.JHE
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:08:12 22:23:24-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 61440 Initialized Data Size : 81408 Uninitialized Data Size : 0 Entry Point : 0xfd34 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.0 Product Version Number : 5.2.3790.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : ACPI Embedded Controller Driver File Version : 5.2.3790.0 (srv03_rtm.030324-2048) Internal Name : acpiec.sys Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : acpiec.sys Product Name : Microsoft® Windows® Operating System Product Version : 5.2.3790.0
VirusTotal Report submitted 2011-10-17 09:36:01
VirusShare info last updated 2012-07-26 12:29:35

	MD5	a8a1540476f14e6925cc77039cf4d124
	SHA1	eb102471e3923e1f98232c402b7f4daf3ef5bcae
	SHA256	ee661bb84d820d112244a437d54c056dce21ae21653e5508bd2627641f077adf
SSDeep	3072:onVMvsLT3QwjhQET2kGlIjyJcwvTj2MIj:7vihdQECkL6sMw
Size	108032 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-GD [Cryp] Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Genome Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.13 K7AntiVirus = Riskware eTrust-Vet = Win32/Monder.A!generic Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] DrWeb = Trojan.Smardec.76 Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr Jiangmin = Trojan/Genome.akxn F-Secure = Gen:Variant.Vundo.13 Avast5 = Win32:MalOb-GD [Cryp] F-Prot = W32/Virtumonde.CD.gen!Eldorado AVG = Generic22.BYHN Norman = W32/Kryptik.AIF GData = Gen:Variant.Vundo.13 Commtouch = W32/Virtumonde.CD.gen!Eldorado BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.OXQ
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:06:19 13:18:21-04:00 PE Type : PE32 Linker Version : 5.12 Code Size : 57344 Initialized Data Size : 94208 Uninitialized Data Size : 0 Entry Point : 0xad49 OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Btxmalesx Qspoakhbhnb File Description : Shell scrap object handler File Version : 5.1.2600.0 (nfunjbyq.010817-1148) Internal Name : shole Legal Copyright : © Hcsqowbmc Gehywoayxwc. All rights reserved. Original Filename : SHSCRAP.DLL Product Name : Usvzfyxox® Bydffez® Makrhcoel Kkzetx Product Version : 5.1.2600.0
VirusTotal Report submitted 2011-09-27 14:03:55
VirusShare info last updated 2012-07-26 12:29:56

	MD5	aad68cc63095f97a0092dd7847097ed2
	SHA1	ae334a1dbcf0b052acc927592e56c70ba4578404
	SHA256	ef4d5e75bcf703093ca6b1845e6a021c14d698549bce0b8514ced36a0b03cf19
SSDeep	12288:4oU92dMpWEi1lcH+N9jFF95O4nNTNZDvw:k2si1l2+N9RF9k4nlE
Size	470992 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	Ikarus = Trojan.Win32.Pirminay K7AntiVirus = Trojan NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:03:31 15:03:57-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 458752 Initialized Data Size : 286720 Uninitialized Data Size : 0 Entry Point : 0x6d333 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7000.0 Product Version Number : 6.1.7000.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Ujqpzfctl Movzendwpek File Description : Wkzpnnw Branding Resources File Version : 6.1.7000.0 (winmain_win7beta.081212-1400) Internal Name : winbrand.dll Legal Copyright : © Zsvxsollr Iqwhuercauh. All rights reserved. Original Filename : winbrand.dll Product Name : Jtgpjpbww® Jwjjijl® Vrphhdpbi Vvmoup Product Version : 6.1.7000.0
VirusTotal Report submitted 2011-04-06 14:52:09
VirusShare info last updated 2012-07-26 12:30:25

	MD5	eb866245a96e03e20b3aa72a5da8a4cf
	SHA1	3e39bb130f2398ddeae961c9a9c0e69babb2ec4d
	SHA256	f07b47ecd15d34360734a43ddf9714bc01a28e52777d4c1b697b11fded80b554
SSDeep	1536:kI0z3EZ7oIIpNEo5RsNB9uBXLBHJ45fQTAAbKjvWdfcTjyZo7/jx:7+sdgfc9uBXL4AbKSdUTjSG/j
Size	79872 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Menti Panda = Suspicious file nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware VBA32 = AdWare.SuperJuan.yfo eTrust-Vet = Win32/Monder.A!generic TrendMicro-HouseCall = TROJ_GEN.R30C2IL Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-FraudSec McAfee-GW-Edition = Vundo!mb DrWeb = Trojan.Siggen2.31811 TrendMicro = TROJ_GEN.R30C2IL Kaspersky = Trojan.Win32.Menti.ierh Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Menti.fam!tr PCTools = Trojan.Gen McAfee = Vundo!mb F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) eSafe = Win32.TRVundo F-Prot = W32/Virtumonde.CI.gen!Eldorado AVG = Generic21.AIHT Norman = W32/Suspicious_Gen2.QWCZW Sophos = Troj/Virtum-Gen Symantec = Trojan.Gen GData = Gen:Variant.Vundo.4 Commtouch = W32/Virtumonde.CI.gen!Eldorado TheHacker = Trojan/Kryptik.lfr BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LFR
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:08:12 03:42:19-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 69632 Initialized Data Size : 49152 Uninitialized Data Size : 0 Entry Point : 0x118ee OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.0 Product Version Number : 5.2.3790.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Security Support Provider Interface File Version : 5.2.3790.0 (srv03_rtm.030324-2048) Internal Name : security.dll Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : security.dll Product Name : Microsoft® Windows® Operating System Product Version : 5.2.3790.0
VirusTotal Report submitted 2011-11-13 12:24:40
VirusShare info last updated 2012-07-26 12:31:04

	MD5	aa26fd29789fca4784c53b8817562251
	SHA1	2acf8eb265d865b2262a86d272a1a7d390ba9bcd
	SHA256	f09a0a71afb585484e908206f5c96fe9c619bc0db7b3a80eaf750fdfbc3090ae
SSDeep	3072:+2nw3C9d2HIUdWjdR75QKWUDO8st7popo2:pwy9w/dWjTlXjDHsj
Size	103424 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:Trojan-gen Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Genome Panda = Suspicious file Rising = Trojan.Win32.Generic.12535B02 nProtect = Joke/W32.Renos.103424.C K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!OVEw9kmC9dM VBA32 = Trojan.Genome.qzfj TrendMicro-HouseCall = TROJ_GEN.R47C2K2 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Vundo SUPERAntiSpyware = Trojan.Agent/Gen-Redirect McAfee-GW-Edition = Vundo!gw DrWeb = Trojan.Click1.32891 TrendMicro = TROJ_GEN.R47C2K2 Kaspersky = Trojan.Win32.Genome.rhzh Microsoft = Trojan:Win32/Vundo Fortinet = W32/Agent.PG!tr PCTools = RogueAntiSpyware.SpywareStrike!rem Jiangmin = Trojan/Genome.ihm McAfee = Vundo!gw F-Secure = Trojan.Renos.PJY VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:Trojan-gen F-Prot = W32/Virtumonde.BZ.gen!Eldorado AVG = Crypt_c.CEV Norman = W32/Suspicious_Gen2.FOPQL Sophos = Mal/Agent-PG Symantec = SpywareStrike GData = Trojan.Renos.PJY Commtouch = W32/Virtumonde.BZ.gen!Eldorado TheHacker = Trojan/Kryptik.hhf BitDefender = Trojan.Renos.PJY NOD32 = a variant of Win32/Kryptik.HHF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:17 15:51:36-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 92160 Initialized Data Size : 48640 Uninitialized Data Size : 0 Entry Point : 0x17649 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : Neutral Character Set : Unicode Company Name : Microsoft Corporation File Description : KO Hangeul Keyboard Layout for 101 (Type A) File Version : 6.0.6000.16386 (vista_rtm.061101-2205) Internal Name : kbd101a Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : kbd101a.dll Product Name : Microsoft® Windows® Operating System Product Version : 6.0.6000.16386
VirusTotal Report submitted 2011-06-04 10:51:33
VirusShare info last updated 2012-07-26 12:31:06

	MD5	625d8a5411974cd69a6abe263d7e36a7
	SHA1	803ea49c50fed10ddb60b2cd043fe442a23f47fa
	SHA256	f271c0f109277d20933e4f272c212c75504eb85e34f7a13ea12ec97108df5922
SSDeep	1536:8/Za+oHXFGrDtS9KX+x5NKGeTdGh38aZl08kKV:2ZvoHSRiKdTdZR8kK
Size	61440 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/win32.agent.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Menti Panda = Suspicious file Rising = Trojan.Win32.Generic.12703CEF nProtect = Trojan/W32.Agent.61440.BYZ K7AntiVirus = Riskware VBA32 = AdWare.SuperJuan.heur eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_KRYPTK.SMUW Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Vundo McAfee-GW-Edition = Artemis!625D8A541197 DrWeb = Trojan.Siggen2.31637 TrendMicro = TROJ_KRYPTK.SMUW Kaspersky = Trojan.Win32.Menti.air Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.ctws McAfee = Artemis!625D8A541197 F-Secure = Trojan.Generic.5275281 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Cryptic.BTF Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Trojan.Generic.5275281 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.jhe BitDefender = Trojan.Generic.5275281 NOD32 = a variant of Win32/Kryptik.JHE
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:03:24 08:50:40-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 18944 Initialized Data Size : 78336 Uninitialized Data Size : 0 Entry Point : 0x5784 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.1830 Product Version Number : 5.2.3790.1830 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 6 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : MS Remote Access and Routing ARP Driver File Version : 5.2.3790.1830 (srv03_sp1_rtm.050324-1447) Internal Name : WANARP.SYS Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : WANARP.SYS Product Name : Microsoft® Windows® Operating System Product Version : 5.2.3790.1830
VirusTotal Report submitted 2012-04-09 09:04:17
VirusShare info last updated 2012-07-26 12:32:04

	MD5	efa342c12c989004fb15aa75e321cd33
	SHA1	afde34aeafd0d4926b3652ee13121f010be2f83f
	SHA256	f34f38daba036d509fdf69e77e22735ca27113947489a0c6dd98eca64c2b0254
SSDeep	6144:vVVCrJmoUBwUgb1S8w0W/E5eg8M3yS54IB0vYDsjRlkTJZndJ+V1UbIRzh:7gMoUb6S8w0cmjz3XJ0Cs3kTjdJ+Umh
Size	434157 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dldr.Ponmocup.A.116 Avast = Win32:Dropper-gen Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Suspicious file nProtect = Gen:Variant.Zbot.34 K7AntiVirus = Riskware VBA32 = SScope.Trojan.Pirminay.chc TrendMicro-HouseCall = TROJ_GEN.R3EC2C8 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Pirminay.dpb McAfee-GW-Edition = Downloader-CEW.ag DrWeb = Trojan.Hosts.3917 TrendMicro = TROJ_GEN.R3EC2C8 Kaspersky = Trojan.Win32.Pirminay.dpb Microsoft = TrojanDownloader:Win32/Renos.KC Fortinet = W32/CEW.AG!tr.dldr PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.mj McAfee = Downloader-CEW.ag F-Secure = Trojan.Generic.5503139 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Dropper-gen AVG = FakeAV.KIK Norman = W32/Suspicious_Gen2.JBDVH Sophos = Mal/Ponmocup-A Symantec = Trojan.Gen GData = Trojan.Generic.5503139 TheHacker = Trojan/Pirminay.doi BitDefender = Trojan.Generic.5503139 NOD32 = a variant of Win32/Kryptik.JVO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:08:19 03:24:09-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 421888 Initialized Data Size : 368640 Uninitialized Data Size : 0 Entry Point : 0x671d6 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6002.18005 Product Version Number : 6.0.6002.18005 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : 802.11 Group Policy Client File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830) Internal Name : wlgpclnt.dll Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : wlgpclnt.dll Product Name : Microsoft® Windows® Operating System Product Version : 6.0.6002.18005
VirusTotal Report submitted 2011-07-20 21:55:08
VirusShare info last updated 2012-07-26 12:32:30

	MD5	7c961c7f070b7a7d832d3b2f3c7dde92
	SHA1	0905a2a8670655821d6e772abf4e269754beaccb
	SHA256	f352ef0345c2e56d718ae3a7d8d615b5f6fda899e1c7adb8080a58d108a116df
SSDeep	3072:0et8oMTSa7EfcorOQqH4MUpv08aly+Ph8HRrUT:0KMTSaQZEUR08cz
Size	115200 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.307200 Avast = Win32:MalOb-HF [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Genome Panda = Suspicious file Rising = Trojan.Win32.Generic.129C89E9 nProtect = Trojan.Generic.6876960 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!pT0zERRjKIE VBA32 = Trojan.Genome.xsyz eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_SPNR.15KK11 Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Artemis!7C961C7F070B DrWeb = Trojan.Smardec.114 TrendMicro = TROJ_SPNR.15KK11 Kaspersky = Trojan.Win32.Genome.xsyz Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen McAfee = Artemis!7C961C7F070B F-Secure = Trojan.Generic.6876960 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CD.gen!Eldorado AVG = Generic23.BBOY Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Trojan.Generic.6876960 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CD.gen!Eldorado TheHacker = Trojan/Kryptik.syi BitDefender = Trojan.Generic.6876960 NOD32 = a variant of Win32/Kryptik.SYI
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:03:18 08:40:08-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 86016 Initialized Data Size : 69632 Uninitialized Data Size : 0 Entry Point : 0x12385 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.3790.1830 Product Version Number : 6.0.3790.1830 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Azjaarcrx Xbehblljrmg File Description : Configuration DLL File Version : 6.0.3790.1830 (srv03_sp1_rtm.050324-1447) Internal Name : Configuration Components Legal Copyright : © Zusngdsne Jwzjnlgtnom. All rights reserved. Original Filename : cnfgprts.ocx Product Name : Internet Information Services Product Version : 6.0.3790.1830
VirusTotal Report submitted 2012-05-03 00:32:44
VirusShare info last updated 2012-07-26 12:32:30

	MD5	0319f20da9b26f22c153b86d99c50fd8
	SHA1	1226353fdf61db401f03d79ac0c3eacf4f85a506
	SHA256	f357543d6f54b05dfa318b98e94dbe6c217dcb6c835d43c4473e746a228ab782
SSDeep	6144:hLvEOVAhg9Xv1rKiqxcQhhpFCmjVXHsCRrzb4VAUQiJC4:1sOiiN3qnRCmjVXHsaxUdV
Size	287108 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Meredrop.A.8406 Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay nProtect = Trojan.Generic.3791476 K7AntiVirus = Riskware VBA32 = Trojan.Agent.dyqh TrendMicro-HouseCall = TROJ_AGENT.AWOR Comodo = TrojWare.Win32.Trojan.Agent.Gen Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Win32.TrojanDownloader.Renos.KC.4 McAfee-GW-Edition = Artemis!0319F20DA9B2 DrWeb = Trojan.Siggen1.60794 TrendMicro = TROJ_AGENT.AWOR Kaspersky = Trojan.Win32.Agent.dyqh Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.ADH Jiangmin = Trojan/Agent.dulo McAfee = Artemis!0319F20DA9B2 F-Secure = Trojan.Generic.3791476 VIPRE = Packed.Win32.Pirminay.a (v) F-Prot = W32/FakeAlert.LP.gen!Eldorado AVG = Generic17.BCSN Norman = W32/Kryptik.AIF Sophos = Mal/Generic-L GData = Trojan.Generic.3791476 Symantec = Trojan.ADH Commtouch = W32/FakeAlert.LP.gen!Eldorado TheHacker = Trojan/Agent.ehig BitDefender = Trojan.Generic.3791476 NOD32 = probably a variant of Win32/Agent.HGJSUFH
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:08:27 09:21:50-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 20992 Initialized Data Size : 523264 Uninitialized Data Size : 0 Entry Point : 0x5fce OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 4.4.0.3400 Product Version Number : 4.4.0.3400 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : NMMKCERT Library File Version : 4.4.3400 Internal Name : NMMKCERT Legal Copyright : Copyright © Microsoft Corporation 1996-2001 Legal Trademarks : Microsoft® , Windows® and NetMeeting® are registered trademarks of Microsoft Corporation in the U.S. and/or other countries. Original Filename : NMMKCERT.DLL Product Name : Windows® NetMeeting® Product Version : 3.01
VirusTotal Report submitted 2012-06-10 11:52:26
VirusShare info last updated 2012-07-26 12:32:31

	MD5	958a99aaba7656d63094d051129aa35c
	SHA1	e3991463e0668ae53501e5b7ec80fe17d026dceb
	SHA256	f50b875c2fb4eeef5d3cb343476e4ef2400846f86a4c40ae49cebf8f1af6762c
SSDeep	3072:DzNoiw/RbywbBBjJNRCWC+e1XYZlYtWQoZRAnpDyYUJbY6Gqx6qmLvpKsSGS22LF:sBjZo+e1D5LzqmvpKhGS22L4q
Size	147456 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-EI Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Malware/Win32.Generic Panda = Suspicious file K7AntiVirus = Riskware VBA32 = suspected of AdWare.SuperJuan.heur Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Artemis!958A99AABA76 McAfee = Artemis!958A99AABA76 F-Secure = Gen:Variant.Vundo.4 VIPRE = Virtumonde Avast5 = Win32:MalOb-EI eSafe = Win32.TRVundo AVG = Generic21.APUP Norman = W32/Suspicious_Gen2.JJOTW GData = Gen:Variant.Vundo.4 BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Adware.Virtumonde.NKL
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:06 00:32:23-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 90112 Initialized Data Size : 90112 Uninitialized Data Size : 0 Entry Point : 0x16584 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.0.2134.1 Product Version Number : 5.0.2134.1 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : TCP/IP Lpq Command File Version : 5.00.2134.1 Internal Name : lpq.exe Legal Copyright : Copyright (C) Microsoft Corp. 1981-1999 Original Filename : lpq.exe Product Name : Microsoft(R) Windows (R) 2000 Operating System Product Version : 5.00.2134.1
VirusTotal Report submitted 2011-04-12 23:32:48
VirusShare info last updated 2012-07-26 12:33:18

	MD5	c90ebb3dd4aa2db7b715638bccb4865f
	SHA1	1239bb5134144fbb5883c48f89cea73f695fd50a
	SHA256	f58a95e4e13d38302aa141b67e1f269e010f8c316231bc3623377938c68538fb
SSDeep	1536:8H2c2w+4DD2IBTSKy/jOFOKD5Azg8BttSYQz7sb3NMQa+ddqd3kzP2:8HhBTSKyyMKmzDBzBQ/sb9MTkzP2
Size	72704 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Suspicious file Rising = Trojan.Win32.Generic.126D7B10 nProtect = Trojan.Generic.KDV.104385 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!l1DiTXWlC10 TrendMicro-HouseCall = TROJ_GEN.R72C2AK Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Artemis!C90EBB3DD4AA DrWeb = Trojan.Virtumod.10524 TrendMicro = TROJ_GEN.R72C2AK Kaspersky = Trojan.Win32.Monder.mmwb Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Monder.aesg McAfee = Artemis!C90EBB3DD4AA ClamAV = PUA.Win32.Packer.Armadillo-93 F-Secure = Trojan.Generic.KDV.104385 VIPRE = Trojan.Win32.Kryptik.laq (v) eSafe = Win32.TRATRAPS F-Prot = W32/Virtumonde.BZ.gen!Eldorado AVG = Generic20.BHHC Norman = W32/Vundo.UUW GData = Trojan.Generic.KDV.104385 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.BZ.gen!Eldorado TheHacker = Trojan/Kryptik.ito BitDefender = Trojan.Generic.KDV.104385 NOD32 = a variant of Win32/Kryptik.ITO
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:11:15 08:48:59-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 25600 Initialized Data Size : 80896 Uninitialized Data Size : 0 Entry Point : 0x71ad OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.0.32 Product Version Number : 6.0.5487.0 File Flags Mask : 0x003f File Flags : Private build File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Unicode Company Name : Hewlett-Packard Company File Description : Smart Array Storport Driver File Version : 6.0.0.32 Build 4 (x86) (NT.060726-2054) Internal Name : HpCISSs.sys Legal Copyright : Copyright (c) 2003-06 Hewlett-Packard Development Company, L.P. ALL RIGHTS RESERVED. Original Filename : HpCISSs.sys Product Name : Smart Array Storport Driver Product Version : 6.0.0.32 Build 4 (x86)
VirusTotal Report submitted 2012-06-08 04:42:36
VirusShare info last updated 2012-07-26 12:33:29

	MD5	66130535d0c78590facf81d4eca98a67
	SHA1	2962ff1885d043788bed9e5259799cd0cf88a79b
	SHA256	f5a018233031ba6e467a0fde8f1a7558210e9ef75719f8fd531b87f4c7d7641b
SSDeep	1536:OYp1kV4rsis8EX6K0FlucxrClSK5H0OXYv4Koas3dompJRQ+80xYMLrP:OYXrW8E/0f+lSKSOXEHQxNrP
Size	98304 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.307200 Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Genome Panda = Suspicious file Rising = Trojan.Win32.Generic.128E9049 nProtect = Trojan.Vundo.5106 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!HYP30wO5szs VBA32 = Trojan.Genome.sywb eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R72C2E8 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Artemis!66130535D0C7 DrWeb = Trojan.WinSpy.1164 TrendMicro = TROJ_GEN.R72C2E8 Kaspersky = Trojan.Win32.Genome.sywb Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Genome.ahru McAfee = Artemis!66130535D0C7 F-Secure = Trojan.Vundo.5106 VIPRE = Virtumonde F-Prot = W32/Virtumonde.CD.gen!Eldorado AVG = Generic22.ACMG Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Trojan.Vundo.5106 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CD.gen!Eldorado TheHacker = Trojan/Genome.sywb BitDefender = Trojan.Vundo.5106 NOD32 = a variant of Win32/Kryptik.NDI
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:03:17 08:30:47-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 40960 Initialized Data Size : 90112 Uninitialized Data Size : 0 Entry Point : 0x6e35 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.0.2147.1 Product Version Number : 5.0.2147.1 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Nmzmhvazq Qovovtzygqd File Description : Xweqjohet® CAB File Extract Utility File Version : 5.00.2147.1 Internal Name : extrac32.exe Legal Copyright : Copyright (C) Hpbwhsoua Corp. 1981-1999 Original Filename : extrac32.exe Product Name : Btqimeyca(R) Windows (R) 2000 Iglmkrekc Hyzycq Product Version : 5.00.2147.1
VirusTotal Report submitted 2012-04-11 12:36:56
VirusShare info last updated 2012-07-26 12:33:32

	MD5	a77ecb9e0df6e079ee4dbf658e6170b3
	SHA1	ebd239050e30c0c78cec8bb8fc33a577a8f98d78
	SHA256	f755c0f851e1ea95b9b4f185350f9a275f54effdc52fd7b56457dba666c536f3
SSDeep	1536:AO0BvW6I+tZaVyzcjwW3fwjRzekiJRORtQijPgKHLaD:AO0BvTIgaVyztW3fwjRzoC7rjPlH
Size	102400 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:Malware-gen Antiy-AVL = Trojan/win32.agent.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Dropper/Win32.Agent nProtect = Trojan/W32.Vundo.102400.DS K7AntiVirus = Riskware VirusBuster = Trojan.DR.Agent!yV2sDUA29P0 VBA32 = TrojanDropper.Agent.ftzo TrendMicro-HouseCall = TROJ_GEN.R21C2IH Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = TrojanDropper.Agent.ftzo McAfee-GW-Edition = Vundo!ly DrWeb = Trojan.MulDrop3.3976 TrendMicro = TROJ_GEN.R21C2IH Kaspersky = Trojan-Dropper.Win32.Agent.ftzo Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = HeurEngine.MaliciousPacker TotalDefense = Win32/Vundo.H!generic Jiangmin = TrojanDropper.Agent.bmwp McAfee = Vundo!ly F-Secure = Gen:Variant.Vundo.6 VIPRE = Virtumonde eSafe = Win32.TRVundo F-Prot = W32/Virtumonde.BZ.gen!Eldorado AVG = Dropper.Agent.ARNF Norman = W32/Kryptik.AIF Sophos = Mal/Generic-L GData = Gen:Variant.Vundo.6 Symantec = Packed.Generic.305 Commtouch = W32/Virtumonde.BZ.gen!Eldorado BitDefender = Gen:Variant.Vundo.6 NOD32 = a variant of Win32/Kryptik.NHN
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:01:13 23:22:19-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 12800 Initialized Data Size : 125440 Uninitialized Data Size : 0 Entry Point : 0x4051 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Windows Portable Device (Parameter) Types Component File Version : 6.0.6000.16386 (vista_rtm.061101-2205) Internal Name : Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : PORTABLEDEVICETYPES.DLL Product Name : Microsoft® Windows® Operating System Product Version : 6.0.6000.16386
VirusTotal Report submitted 2012-05-31 16:00:40
VirusShare info last updated 2012-07-26 12:34:10

	MD5	1f611c3a9483001a9cb28b3f4f307281
	SHA1	85c08317d0be8a8efd70837fc19a84554998f9a4
	SHA256	f7b2d7ac3976c2a379e8453c919b243f3bbe1319fdc7b66ccc075a0a7c5640ba
SSDeep	1536:U4MwSC/UXuY28bQJjml9I3k3lQ36QDkU1:U9wx8b20QJj83lQ39k
Size	49664 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:MalOb-GH [Cryp] Antiy-AVL = Trojan/win32.agent.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Trj/Genetic.gen nProtect = Trojan/W32.Small.49664.EE K7AntiVirus = Trojan VirusBuster = Trojan.Kryptik.Gen.26 VBA32 = Trojan.Monder.mqiv eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R21C2IE Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[Cont] McAfee-GW-Edition = Vundo!mk DrWeb = Trojan.WinSpy.1071 TrendMicro = TROJ_GEN.R21C2IE Kaspersky = Trojan.Win32.Monder.mqiv Microsoft = Trojan:Win32/Vundo.gen!AV ViRobot = Trojan.Win32.Vundo.49664 Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Vundo Jiangmin = Trojan/Generic.isio McAfee = Vundo!mk F-Secure = Trojan.Generic.6750848 VIPRE = Trojan.Win32.Kryptik.laq (v) eSafe = Win32.TRDropper F-Prot = W32/Virtumonde.ST AVG = Cryptic.DQQ Norman = W32/Kryptik.AKE Sophos = Troj/Virtum-Gen GData = Trojan.Generic.6750848 Symantec = Trojan.Vundo!gen9 Commtouch = W32/Virtumonde.ST TheHacker = Trojan/Kryptik.ocu BitDefender = Trojan.Generic.6750848 NOD32 = a variant of Win32/Kryptik.OCU
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2004:08:16 10:16:46-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 40960 Initialized Data Size : 49152 Uninitialized Data Size : 0 Entry Point : 0xaeb1 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2001.12.4414.258 Product Version Number : 3.0.0.4414 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Windows, Latin1 Company Name : Yzwibhlqj Ewifvhxbtkz File Description : Simple Kernel-mode File-based Log File Version : 2001.12.4414.258 Internal Name : txflog.sys Legal Copyright : Copyright (C) Microsoft Corp. 1995-1999 Legal Trademarks : Qfvwqsgxa(R) is a registered trademark of Ighyzngxg Psbzwdzhbpn. Pbnyczd(TM) is a trademark of Zlpagiibr Klpywuagrfb Product Name : COM Services Product Version : 03.00.00.4414
VirusTotal Report submitted 2012-03-10 01:16:27
VirusShare info last updated 2012-07-26 12:34:17

	MD5	2b4480561f22542d66ac7871b9616fce
	SHA1	2c3392ed82fddd95286dc2135d8073e6e4080b28
	SHA256	faefb013d41795de379a507675934aa6ec45dbcab5c782d69829fd6185dc7ae9
SSDeep	1536:1yFAtby2QgMQKWvCGtyHpD8XsM6M+EGzG+BhHk4StYMtd4K+pmEs6e0G:1KAtbyf7nHZ88M6M+EreHk47PaEvG
Size	83968 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Menti Panda = Suspicious file nProtect = Trojan/W32.Vundo.83968.BX K7AntiVirus = Riskware VBA32 = AdWare.SuperJuan.heur TrendMicro-HouseCall = TROJ_GEN.R30C2IL Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Vundo!me DrWeb = Trojan.Siggen2.56183 TrendMicro = TROJ_GEN.R30C2IL Kaspersky = Trojan.Win32.Menti.iecn Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Menti.fam!tr PCTools = Trojan.Gen Jiangmin = Trojan/Menti.bea McAfee = Vundo!me F-Secure = Gen:Variant.Vundo.6 VIPRE = Trojan.Win32.Kryptik.laq (v) eSafe = Win32.TRVundo F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Cryptic.BTF Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen Symantec = Trojan.Gen GData = Gen:Variant.Vundo.6 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.izc BitDefender = Gen:Variant.Vundo.6 NOD32 = a variant of Win32/Kryptik.IZC
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:05:11 05:10:22-04:00 PE Type : PE32 Linker Version : 5.0 Code Size : 33280 Initialized Data Size : 85504 Uninitialized Data Size : 0 Entry Point : 0x8eca OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.0.2920.0 Product Version Number : 5.0.2920.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Internet Connection Wizard Trial Reminder Helper File Version : 5.00.2920.0000 Internal Name : trialoc Legal Copyright : Copyright (C) Microsoft Corp. 1991-1999 Original Filename : trialoc.dll Product Name : Microsoft(R) Windows (R) 2000 Operating System Product Version : 5.00.2920.0000 Ole Self Register :
VirusTotal Report submitted 2011-11-18 23:43:46
VirusShare info last updated 2012-07-26 12:35:58

	MD5	a46c8f58d05d939ca0c8903f2f7f4413
	SHA1	e68ed08c1b4a891d78630fe2a0b83fc6afe2801b
	SHA256	fe110edda3a42017ff31633d7cb6f4afa6ce8579c26396ce766c61925edfad35
SSDeep	12288:XnX1NiVV9aqgvYTgyt2GoZYD5jOXUh3iEB3l:Xn4V9egkyemD1OXCXB1
Size	589324 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dldr.Ponmocup.A.237 Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Pirminay.589324 Panda = Trj/CI.A nProtect = Trojan.Generic.5804171 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!JvA3FbNJkaY VBA32 = Trojan.SpyEye.xc TrendMicro-HouseCall = TROJ_GEN.R3EC1DT Comodo = TrojWare.Win32.Trojan.Agent.Gen CAT-QuickHeal = Trojan.Pirminay.fwx SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Generic Downloader.x!flj DrWeb = Trojan.DownLoader2.39556 TrendMicro = TROJ_GEN.R3EC1DT Kaspersky = Trojan.Win32.Pirminay.fwx Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/DwnLdr.IXA!tr PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.uf McAfee = Generic Downloader.x!flj F-Secure = Trojan.Generic.5804171 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Vundo-JU AVG = Generic22.LPH Norman = W32/Obfuscated.L Sophos = Troj/DwnLdr-IXA Symantec = Trojan.Gen GData = Trojan.Generic.5804171 TheHacker = Trojan/Pirminay.fsz BitDefender = Trojan.Generic.5804171 NOD32 = probably a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:15 19:01:22-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 262144 Initialized Data Size : 647168 Uninitialized Data Size : 0 Entry Point : 0x3d092 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.3959 Product Version Number : 5.2.3790.3959 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Coowhvusg Ohzzuaonsyl File Description : MTF (Vrclibfhl Tape Format) Media Label Library File Version : 5.2.3790.3959 (srv03_sp2_rtm.070216-1710) Internal Name : mll_mtf.DLL Legal Copyright : © Dpalwclpk Anqdchnqwyk. All rights reserved. Original Filename : mll_mtf.DLL Product Name : Gibgmocqq® Xkbruhs® Uyisechpo Zawzqn Product Version : 5.2.3790.3959
VirusTotal Report submitted 2011-06-21 08:56:15
VirusShare info last updated 2012-07-26 12:37:14

	MD5	0e264d6c036e1b998d242e31a9c2788a
	SHA1	c6dd1e51551437ce4ef9955b388d95b716f29f1e
	SHA256	00f899605baee2007d5230d7ad0e2d1355d9094b45392edd2d3af557466ee902
SSDeep	3072:Do0tooB3/wYtVFA190n4A+ZEyLTnuGQRJw6ZLUmggpok5aiFKy:DVooB3RXMin4Aq/uBRJwjXgptR
Size	167424 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/Win32.Monder.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Suspicious file nProtect = Trojan/W32.Vundo.167424 K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_GEN.R4FC1KB Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Monder.mohk SUPERAntiSpyware = Trojan.Agent/Gen-Vundo McAfee-GW-Edition = Artemis!0E264D6C036E TrendMicro = TROJ_GEN.R4FC1KB Kaspersky = Trojan.Win32.Monder.mohk Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Monder.abdm McAfee = Artemis!0E264D6C036E F-Secure = Gen:Variant.Vundo.6 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Cryptic.BPO Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen Symantec = Trojan.Gen.2 GData = Gen:Variant.Vundo.6 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Monder.mmfz BitDefender = Gen:Variant.Vundo.6 NOD32 = a variant of Win32/Kryptik.IZC
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:01:20 08:32:59-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 116736 Initialized Data Size : 86528 Uninitialized Data Size : 0 Entry Point : 0x1d5d4 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Windows Management Interface for ACPI File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : wmiacpi.sys Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : wmiacpi.sys Product Name : Microsoft® Windows® Operating System Product Version : 6.1.7600.16385
VirusTotal Report submitted 2012-06-22 12:51:51
VirusShare info last updated 2012-07-25 00:45:31

	MD5	8ce2a87f701c58e138d54054973ea81f
	SHA1	02747c652996735a1767865effa6f11e96fc0be8
	SHA256	011dcb69604a4be9c9a104b9b64ae63a86cb58baea2275c668bcb59f9a73c6d7
SSDeep	1536:OPamL0XWL3ofeHsIo0bdO3p3S0nTne0ipUK4NAlmdodZPtSRnkZaaRH+v4mx+H5:OfLScIgs68Y0nLe0ipUvA4qPtSG08evS
Size	92672 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.92672.AV Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Vundo Panda = Suspicious file Rising = Trojan.Win32.Generic.1251E911 nProtect = Trojan/W32.Agent.92672.HZ K7AntiVirus = Riskware VirusBuster = Trojan.Vundo!8xqvjFauAyk VBA32 = Trojan.Pirminay.ahu TrendMicro-HouseCall = TROJ_GEN.R72C2CT Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Vundo!im DrWeb = Trojan.Siggen2.10779 TrendMicro = TROJ_GEN.R72C2CT Kaspersky = Trojan.Win32.Monder.nbkz Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.ee McAfee = Vundo!im F-Secure = Gen:Variant.Vundo.5 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.BZ.gen!Eldorado AVG = Generic21.ATZH Norman = W32/Suspicious_Gen2.LDNPJ Sophos = Mal/Generic-L GData = Gen:Variant.Vundo.5 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.BZ.gen!Eldorado TheHacker = Trojan/Pirminay.boc BitDefender = Gen:Variant.Vundo.5 NOD32 = a variant of Win32/Kryptik.HNY
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:03:27 13:46:39-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 78336 Initialized Data Size : 50176 Uninitialized Data Size : 0 Entry Point : 0x13f5d OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.0.2144.1 Product Version Number : 5.0.2144.1 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Gemplus Cryptographic Service Provider Resources File Version : 5.00.2144.1 Internal Name : gpkrsrc.dll Legal Copyright : Copyright (C) Microsoft Corp. 1981-1999 Original Filename : gpkrsrc.dll Product Name : Microsoft(R) Windows (R) 2000 Operating System Product Version : 5.00.2144.1
VirusTotal Report submitted 2011-11-24 11:32:02
VirusShare info last updated 2012-07-25 00:49:45

	MD5	606a2154d708716078d02e6a63a26ab7
	SHA1	02a9b29f8a5413e625bf3aaf49779fc8d255e282
	SHA256	dd53f27eec37098dd4fa76f58fd7ed645cc3dadb34a72736d3f9c82cd48a0bac
SSDeep	3072:QQRR88LPRVSIVfwUidjgQzjzoFl2MqqDLy/B7wXGB4Kdrp:G8LHclgQHQqqDLuB7wsDT
Size	126976 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-HF [Cryp] Antiy-AVL = Trojan/win32.agent.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.HDC Panda = Suspicious file Rising = Trojan.Win32.Generic.12A2E38D K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!zpJPRSfyWJg eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R2EC7KB Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Vundo.av McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.WinSpy.1356 TrendMicro = TROJ_GEN.R2EC7KB Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.qzuf McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.Q Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.13 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.lxf BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:04:10 12:45:39-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 57344 Initialized Data Size : 110592 Uninitialized Data Size : 0 Entry Point : 0xa0f2 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Bmconfnbt Rmytnjbbxqu File Description : Associated Device Presence Proxy Dll File Version : 6.0.6000.16386 (oozrg_rtm.061101-2205) Internal Name : IPBusEnumProxy Legal Copyright : © Sspdicmwx Vakeywfwlzz. All rights reserved. Original Filename : IPBusEnumProxy.dll Product Name : Digcdkqlq® Rzmzvym® Cxytubgma Mevzaf Product Version : 6.0.6000.16386
VirusTotal Report submitted 2012-03-21 18:37:11
VirusShare info last updated 2012-07-26 12:40:13

	MD5	9f15bf463407cb1293b39fe3c4d88e34
	SHA1	031200d2ae84be09c28b93e85f07f7dd80e7208a
	SHA256	7c2273b3b44aff031e49c10ead42565407ff8b919e3d98922f849a3cac405ef0
SSDeep	1536:NlKHHOig+uaisz8sbWc5a1drNtpfbSF4om93AXJ4TBziaAnlj:NMTJzecKpmi9w6N8nlj
Size	77824 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.307200 Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/Win32.Monder.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Vundo Panda = Generic Trojan nProtect = Trojan/W32.Monder.77824.F K7AntiVirus = Riskware eTrust-Vet = Win32/Monder.A!generic TrendMicro-HouseCall = TROJ_GEN.R01C7K7 Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Win32.Trojan.Monder.cm.5 McAfee-GW-Edition = Artemis!9F15BF463407 DrWeb = Trojan.Virtumod.10270 TrendMicro = TROJ_GEN.R01C7K7 Kaspersky = Trojan.Win32.Monder.mzup Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen McAfee = Artemis!9F15BF463407 F-Secure = Trojan.Vundo.7161 VIPRE = Trojan.Win32.Kryptik.laq (v) eSafe = Win32.Trojan F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.YLY Norman = W32/Suspicious_Gen2.SMOZN Sophos = Troj/Virtum-Gen GData = Trojan.Vundo.7161 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.ndi BitDefender = Trojan.Vundo.7161 NOD32 = a variant of Win32/Kryptik.NDI
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:11:12 19:46:07-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 28672 Initialized Data Size : 90112 Uninitialized Data Size : 0 Entry Point : 0x4885 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.1.1.51 Product Version Number : 2.1.1.51 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : Hewlett-Packard Company File Description : hpboidPS Module Internal Name : Proxy stub for status server Legal Copyright : Copyright © 2006, 2007 Hewlett-Packard Company Legal Trademarks : OLE Self Register : File Version : 2,1,1,51 Original Filename : hpboidps.DLL Private Build : Product Name : Bidi (Missile) User Mode Product Version : 2,1,1,51 Special Build :
VirusTotal Report submitted 2011-11-27 16:25:24
VirusShare info last updated 2012-07-26 12:40:38

	MD5	85f93790618f7150b177953fca151744
	SHA1	0466ff202be0d4126bd72ace0757f1efa6e2cb57
	SHA256	f9b7bb6eed20efdac5ee0e062d97ce1706347d9414222012f0e6891ccf31cff6
SSDeep	1536:xuQ5D6aLNE+AzkcBy4mSMzCmxJSZPxvx3ELWg:xl5fLNE+AzkcBy4mXzcZJJUK
Size	70144 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/Win32.Menti.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Menti Panda = Suspicious file nProtect = Trojan/W32.Vundo.70144.P K7AntiVirus = Riskware VBA32 = AdWare.SuperJuan.heur eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R26C1KB Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Vonder McAfee-GW-Edition = Generic.dx!zcm DrWeb = Trojan.Siggen2.34690 TrendMicro = TROJ_GEN.R26C1KB Kaspersky = Trojan.Win32.Menti.itwy Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.dnpg McAfee = Generic.dx!zcm F-Secure = Gen:Variant.Vundo.6 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Cryptic.BTF Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen Symantec = Trojan.Gen.2 GData = Gen:Variant.Vundo.6 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Menti.hznl BitDefender = Gen:Variant.Vundo.6 NOD32 = a variant of Win32/Kryptik.JHE
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:12:12 13:42:30-05:00 PE Type : PE32 Linker Version : 5.12 Code Size : 26624 Initialized Data Size : 79872 Uninitialized Data Size : 0 Entry Point : 0x74aa OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7000.0 Product Version Number : 6.1.7000.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : SSDP Service DLL File Version : 6.1.7000.0 (winmain_win7beta.081212-1400) Internal Name : ssdpsrv.dll Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : ssdpsrv.dll Product Name : Microsoft® Windows® Operating System Product Version : 6.1.7000.0
VirusTotal Report submitted 2012-05-08 06:36:33
VirusShare info last updated 2012-07-26 12:41:28

	MD5	feddf5fa03db4d3d9c97fcb1399d9cc2
	SHA1	05c1c63b6af519e6c2c3c65d0277541a75728033
	SHA256	672ba55dfbc80e5fa9562684955c4fe9a3e08b3b005ea33b1d16078a77b03c5f
SSDeep	3072:tniIleJKSmFltPuV2PP1JaQ2/M2AA6kGb7ak2wA9ZY1QVnJEC3mJTg:tnqu9GVA1k0q6X2wA9SqFJB3S8
Size	139264 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.307200 Avast = Win32:Pirminay-W [Trj] Antiy-AVL = Trojan/win32.agent.gen Ikarus = Trojan.Win32.Vundo AhnLab-V3 = Trojan/Win32.HDC Panda = Trj/CI.A Rising = Trojan.Win32.Generic.129C10A4 nProtect = Gen:Variant.Vundo.13 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!1NbkHOMcOn4 eTrust-Vet = Win32/Monder.A!generic TrendMicro-HouseCall = TROJ_GEN.R30C1J5 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Vundo!IK McAfee-GW-Edition = Vundo!mi DrWeb = Trojan.WinSpy.1184 TrendMicro = TROJ_GEN.R30C1J5 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.omzc McAfee = Vundo!mi F-Secure = Trojan.Vundo.6497 VIPRE = Virtumonde F-Prot = W32/Virtumonde.CD.gen!Eldorado AVG = Generic23.ANXV Norman = W32/Suspicious_Gen2.RKEYF Sophos = Troj/Virtum-Gen GData = Trojan.Vundo.6497 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CD.gen!Eldorado BitDefender = Trojan.Vundo.6497 NOD32 = a variant of Win32/Kryptik.PLF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:09 05:02:22-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 28672 Initialized Data Size : 143360 Uninitialized Data Size : 0 Entry Point : 0x4b05 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7000.0 Product Version Number : 6.1.7000.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Oltsxqphp Nkwxuoudila File Description : OLE DB Provider for ODBC Drivers Resources File Version : 6.1.7000.0 (winmain_win7beta.081212-1400) Internal Name : msdasqlr.dll Legal Copyright : © Cmkryfyva Uioeelsfjgb. All rights reserved. Original Filename : msdasqlr.dll Product Name : Fbycmfdwm® Ranyoiy® Thsiupdcz Antnfz Product Version : 6.1.7000.0
VirusTotal Report submitted 2011-10-19 20:31:34
VirusShare info last updated 2012-07-26 12:42:24

	MD5	9cdcd5ce13677e8997be3ccf8ac619cb
	SHA1	07943596a8ad594811d4ff2aee7fa2096477e68c
	SHA256	ce9e20fdfef1801d029701bd50403eb171f764554418a3c08539d5ab8f6a0f42
SSDeep	3072:h7wLf1o0JE0IsqjOs/sqB/qTnSqzC916FgFFX59jl/U5c82:FkmcGlOR21Wc
Size	155648 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.307200 Avast = Win32:MalOb-GD [Cryp] Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Genome Panda = Suspicious file Rising = Trojan.Win32.Generic.12A45534 nProtect = Trojan/W32.Vundo.155648.H K7AntiVirus = Riskware VBA32 = Trojan.Genome.aakmz TrendMicro-HouseCall = TROJ_SPNR.15L511 Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.WinSpy.1558 TrendMicro = TROJ_SPNR.15L511 Kaspersky = Trojan.Win32.Genome.aakmz Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Genome.alyk McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CD.gen!Eldorado AVG = Generic21.BPGE Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen Symantec = Trojan.Gen GData = Gen:Variant.Vundo.4 Commtouch = W32/Virtumonde.CD.gen!Eldorado TheHacker = Trojan/Genome.twha BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:03:28 13:38:54-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 81920 Initialized Data Size : 106496 Uninitialized Data Size : 0 Entry Point : 0x110a5 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Jbkcngxppow File Description : TCP/IP PathPing Command File Version : 5.1.2600.0 (pmplscxv.010817-1148) Internal Name : pathping.exe Legal Copyright : © Hxbjbazrk Quehsaawbwb. All rights reserved. Original Filename : pathping.exe Product Name : Lnpirfbly® Pbkbnse® Kezefwzyv Nrztot Product Version : 5.1.2600.0
VirusTotal Report submitted 2012-05-23 10:19:17
VirusShare info last updated 2012-07-26 12:43:51

	MD5	724608d620b6507575d9929c44d120f9
	SHA1	080cf95ae0c736c559c370dd9a4d6478eb5859d1
	SHA256	1ab7ee71b9b3d6badb7425f26499cb1ff840dba6afe52513269b3c1efdd9be46
SSDeep	3072:D+SUvzWLmgn7gnFswhMm6hk8zSVczfPXE2WFME:DKzWxk6hkUSQeF
Size	109056 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Genome Panda = Suspicious file Rising = Trojan.Win32.Generic.1244F72A nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!srsWWUoGjls TrendMicro-HouseCall = TROJ_GEN.R47C7KJ Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Artemis!724608D620B6 DrWeb = Trojan.Smardec.87 TrendMicro = TROJ_GEN.R47C7KJ Kaspersky = Trojan.Win32.Genome.zxsw Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = HeurEngine.MaliciousPacker McAfee = Artemis!724608D620B6 F-Secure = Gen:Variant.Vundo.4 VIPRE = Virtumonde F-Prot = W32/Virtumonde.BZ.gen!Eldorado AVG = Generic25.CNAC Norman = W32/Kryptik.AIF Sophos = Mal/Generic-L GData = Gen:Variant.Vundo.4 Symantec = Packed.Generic.305 Commtouch = W32/Virtumonde.BZ.gen!Eldorado TheHacker = Trojan/Kryptik.nhn BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.NHN
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:06:24 09:28:27-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 90112 Initialized Data Size : 55808 Uninitialized Data Size : 0 Entry Point : 0x16e21 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.0 Product Version Number : 5.2.3790.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : InUse - replaces files currently in use by OS File Version : 5.2.3790.0 (srv03_rtm.030324-2048) Internal Name : inuse.exe Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : inuse.exe Product Name : Microsoft® Windows® Operating System Product Version : 5.2.3790.0
VirusTotal Report submitted 2012-01-08 07:59:57
VirusShare info last updated 2012-07-26 12:44:15

	MD5	5bd6991149a56e0a90800c2194c9e712
	SHA1	df49d8957d14c685cd1e5272a89cd5ada33a85fe
	SHA256	080e8d233c7a47274756d22c28a6229a4e87d3f474e630fbaa6b984e4faafc0a
SSDeep	1536:Gf4svd0/kUvEYHKK4b0rt9lHTJJhabHLWB2vDhBEQtahDkQf:cd0/vvzKf69lHFJhcLRrehDkQf
Size	76800 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Trj/Genetic.gen nProtect = Trojan/W32.Monder.76800.C K7AntiVirus = Riskware VirusBuster = Trojan.Monder.Gen.7 TrendMicro-HouseCall = TROJ_GEN.R4FC2H5 Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Monder.nkbd McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.Click1.61036 TrendMicro = TROJ_GEN.R4FC2H5 Kaspersky = Trojan.Win32.Monder.nkbd Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Monder.BMF!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Monder.abee McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.YJO Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.ndi BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.NDI
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:06:29 07:32:37-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 32768 Initialized Data Size : 90112 Uninitialized Data Size : 0 Entry Point : 0x4add OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 2 Language Code : Neutral Character Set : Unicode Company Name : Microsoft Feyzmogvamr File Description : Greenlandic Keyboard Layout File Version : 6.0.6000.16386 (edkrn_rtm.061101-2205) Internal Name : kbdgrlnd (3.13) Legal Copyright : © Oscyawtxx Pxpucqjdtev. All rights reserved. Original Filename : kbdgrlnd.dll Product Name : Vhrnqseir® Eipvpsk® Bxmonqxom Vrwqts Product Version : 6.0.6000.16386
VirusTotal Report submitted 2012-06-22 16:46:07
VirusShare info last updated 2012-07-26 12:44:15

	MD5	9a57c15bc9ee7064cd564d38882977e4
	SHA1	f359efbbd5b59609b68600d3a5d7489fbbe34d4e
	SHA256	0842fc38e180580435f937cba9dfec81d9f66b483cb82a225fe60db9ffa41b6f
SSDeep	6144:Tyqyg0ntYKLvwi5AzujVhIyA85ORl7SBPI:+qMtzLYAcujoyj8LSi
Size	238445 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.CFI.Gen Avast = Win32:Malware-gen Antiy-AVL = Trojan/win32.agent.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Malware.238445 Panda = Trj/CI.A Rising = Worm.Win32.Autorun.eyr nProtect = Trojan.Generic.4296753 K7AntiVirus = Trojan-Downloader VirusBuster = Trojan.Agent!BjyyvzSA8Rw VBA32 = Win32.TrojanDownloader.Agent.PXO TrendMicro-HouseCall = TROJ_GEN.R9DC2IK Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = W32/YahLover.worm.gen DrWeb = Trojan.MulDrop1.24583 TrendMicro = Mal_OtorunO Kaspersky = Trojan.Win32.Agent.egll Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.ADH Jiangmin = TrojanDropper.Agent.ajqi McAfee = W32/YahLover.worm.gen F-Secure = Trojan.Generic.4296753 VIPRE = Trojan.Win32.Generic.pak!cobra AVG = SHeur3.AAYQ Norman = W32/Obfuscated.H!genr GData = Trojan.Generic.4296753 Symantec = Trojan.ADH BitDefender = Trojan.Generic.4296753 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:12 13:55:09-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 225280 Initialized Data Size : 16384 Uninitialized Data Size : 307200 Entry Point : 0x82180 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-06-22 16:55:17
VirusShare info last updated 2012-07-26 12:44:28

	MD5	4b0cbad0f3083fb00fc54e2dc15b0799
	SHA1	0881f5300df1de72b9e6644897830f3f63d57626
	SHA256	227b3ef791427722b46bb99cd16f8713b21684e5887caf1a2d5118ed047cd37d
SSDeep	1536:Ck4vWmG5Zp9shiOEiYUYboFLQ3FY1CnCRJZuZMqqU+NV23S2xF:CkSG5ZcAOEiYBboa8kZMqqDLy/xF
Size	86528 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-HH [Cryp] Antiy-AVL = Trojan/win32.agent.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Fakeav.86528.R Panda = Trj/Genetic.gen Rising = Trojan.Win32.Generic.12A861E1 nProtect = Trojan/W32.Agent.86528.MA K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!0OEYswIWEtk eTrust-Vet = Win32/Vundo.HSC TrendMicro-HouseCall = TROJ_GEN.R72C7KR Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Vundo McAfee-GW-Edition = Vundo!nf DrWeb = Trojan.WinSpy.1072 TrendMicro = TROJ_GEN.R72C7KR Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Vundo Jiangmin = Trojan/Generic.gije McAfee = Vundo!nf F-Secure = Gen:Variant.Vundo.4 VIPRE = Virtumonde eSafe = Win32.TRVundo F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic26.FOI Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = Trojan.Vundo!gen9 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.owy BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.OWY
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:13 09:32:51-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 32768 Initialized Data Size : 106496 Uninitialized Data Size : 0 Entry Point : 0x8a87 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Softpub Forwarder DLL File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : Softpub Forwarder DLL Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : Softpub Forwarder DLL Product Name : Microsoft® Windows® Operating System Product Version : 6.1.7600.16385
VirusTotal Report submitted 2011-12-22 15:00:36
VirusShare info last updated 2012-07-26 12:44:40

	MD5	606fc57c18715c3af4fac6c6a700accd
	SHA1	cbdecae98c72798c395e101626f56dafc885ac4c
	SHA256	08ec2748827bdfd17a2835f6816d26cc53366996173b5df7a14fffb8d591567e
SSDeep	3072:+2nw3C9d2HIUdWjdR75QKWUDO8st7p0po2:pwy9w/dWjTlXjDHsP
Size	103424 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-HH [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Genome Panda = Trj/Genetic.gen Rising = Trojan.Win32.Generic.12535B02 nProtect = Joke/W32.Renos.103424.C K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!vF3vhKzq+4o VBA32 = Trojan.Genome.qzfj TrendMicro-HouseCall = TROJ_GEN.R4FC2GF Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Win32.Vundo.gen5.AD SUPERAntiSpyware = Trojan.Agent/Gen-Redirect McAfee-GW-Edition = Artemis!606FC57C1871 DrWeb = Trojan.Click1.32891 TrendMicro = TROJ_GEN.R4FC2GF Kaspersky = Trojan.Win32.Monder.nqza Microsoft = Trojan:Win32/Vundo Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Genome.ihm McAfee = Artemis!606FC57C1871 F-Secure = Trojan.Renos.PJY VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.BZ.gen!Eldorado AVG = Crypt_c.CEV Norman = W32/Suspicious_Gen2.QELPZ Sophos = Mal/Agent-PG GData = Trojan.Renos.PJY Symantec = Trojan.Gen Commtouch = W32/Virtumonde.BZ.gen!Eldorado TheHacker = Trojan/Kryptik.hhf BitDefender = Trojan.Renos.PJY NOD32 = a variant of Win32/Kryptik.HHF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:17 15:51:36-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 92160 Initialized Data Size : 48640 Uninitialized Data Size : 0 Entry Point : 0x17649 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : Neutral Character Set : Unicode Company Name : Microsoft Corporation File Description : KO Hangeul Keyboard Layout for 101 (Type A) File Version : 6.0.6000.16386 (vista_rtm.061101-2205) Internal Name : kbd101a Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : kbd101a.dll Product Name : Microsoft® Windows® Operating System Product Version : 6.0.6000.16386
VirusTotal Report submitted 2012-06-22 17:29:18
VirusShare info last updated 2012-07-26 12:45:16

	MD5	b41b6bf678694e1a18978db77c757a01
	SHA1	bb9e6616cd1df28373c3d0f0c8e50d66c3a8577b
	SHA256	09c69c246ea0afd71a236d8a2d88429faa0c375cf4f3a503b0e93d50d7ad9237
SSDeep	6144:dKxlWdEJxh8RXmWt8refjp/gTaYnAULYJwg9at2eP/duJr0MX6Mk8JuSRG4J:IxMdET1WCrefjKZdg9oP/gJr0LgVJ
Size	404464 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.ZPACK.Gen2 Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay Panda = Suspicious file nProtect = Trojan.Generic.4628625 K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_RENOS.BMC Emsisoft = Trojan.Win32.Pirminay!IK Comodo = TrojWare.Win32.Trojan.Agent.Gen CAT-QuickHeal = Win32.TrojanDownloader.Renos.KC.4 McAfee-GW-Edition = Generic.dx!twh TrendMicro = TROJ_RENOS.BMC Kaspersky = Trojan.Win32.Pirminay.tm Microsoft = Trojan:Win32/Vundo.gen!CD Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.af McAfee = Generic.dx!twh F-Secure = Trojan.Generic.4628625 VIPRE = Packed.Win32.Pirminay.a (v) F-Prot = W32/FakeAlert.LP.gen!Eldorado AVG = Generic18.BKWH Norman = W32/Kryptik.AIF Sophos = Mal/Ponmocup-A GData = Trojan.Generic.4628625 Symantec = Trojan.Gen Commtouch = W32/FakeAlert.LP.gen!Eldorado BitDefender = Trojan.Generic.4628625 NOD32 = probably a variant of Win32/Agent.KFWWXWP
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:11:18 01:59:55-05:00 PE Type : PE32 Linker Version : 5.12 Code Size : 48128 Initialized Data Size : 698368 Uninitialized Data Size : 0 Entry Point : 0xc8d2 OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.0 Product Version Number : 5.2.3790.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Multicast Information File Version : 5.2.3790.0 (srv03_rtm.030324-2048) Internal Name : mrinfo.exe Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : mrinfo.exe Product Name : Microsoft® Windows® Operating System Product Version : 5.2.3790.0
VirusTotal Report submitted 2012-06-22 17:59:13
VirusShare info last updated 2012-07-26 12:45:57

	MD5	f48d72b7e3692edb138b6a3b05474285
	SHA1	0bffc9fd1c72bf13c5cafa75604202878d046389
	SHA256	9e973ac7f3037e15f5070a817c23db2aea632dcb9281d680ccb20e2558bd7726
SSDeep	3072:/j5aIGQLg8ZRVKEHvoH+N0p1J5vrlFZsXK6l6//E9A:/l7omRVxyXvHZsa6lG
Size	172032 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Generic Trojan nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware eTrust-Vet = Win32/Monder.A!generic Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.Virtumod.10282 Kaspersky = Trojan.Win32.Monder.mynu Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Monder.BMF!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.jglm McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic21.BCVW Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen Symantec = Trojan.Gen GData = Gen:Variant.Vundo.4 Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LLT
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2002:09:17 07:54:25-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 106496 Initialized Data Size : 98304 Uninitialized Data Size : 0 Entry Point : 0x176d1 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.0 Product Version Number : 5.2.3790.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 2 Language Code : Neutral Character Set : Unicode Company Name : Wgwqlbosk Iolyupaxaww File Description : Belgian Dutch Keyboard Layout File Version : 5.2.3790.0 (srv03_rtm.030324-2048) Internal Name : kbdbene (3.12) Legal Copyright : © Pmtkwehpq Zjllbypberr. All rights reserved. Original Filename : kbdbene.dll Product Name : Flevjhslt® Nbmvqls® Ixpueokvp Tpxmfc Product Version : 5.2.3790.0
VirusTotal Report submitted 2011-11-08 16:36:46
VirusShare info last updated 2012-07-26 12:47:53

	MD5	11bdbabe609f1eb629c783b6614f513a
	SHA1	0c3a067e8967ea0846f9523d0406c466f40c556f
	SHA256	a9390abc41750f3ba9a191e863dcf48f06ccdeb59a0089be87354e6ca92053c8
SSDeep	6144:63l2K0MLh7B23K30nFN7Wel51fU+oX8Tpb8P5JoGOl:63lft7B10D1M+okO5Wp
Size	270750 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Jorik Ikarus = Trojan-Downloader.Win32.Ponmocup AhnLab-V3 = Trojan/Win32.Pirminay Panda = Generic Malware nProtect = Gen:Variant.Graftor.1139 K7AntiVirus = Riskware VirusBuster = Trojan.DL.Agent!ZoT8zAPpPzc VBA32 = Trojan.Jorik.Pirminay.awg TrendMicro-HouseCall = TROJ_GEN.R2EC7KB Emsisoft = Trojan-Downloader.Win32.Ponmocup!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Jorik.Pirminay.awg McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.DownLoader5.15559 ByteHero = Trojan.Win32.Heur.Gen TrendMicro = TROJ_GEN.R2EC7KB Kaspersky = Trojan.Win32.Jorik.Pirminay.awg Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Agent.PXO!tr PCTools = Trojan.ADH Jiangmin = Trojan/Generic.kfzm McAfee = Generic Malware.ms F-Secure = Trojan.Generic.6462910 VIPRE = Trojan.Win32.Generic!BT eSafe = Win32.TRDropper AVG = Dropper.Generic4.ACRQ Norman = W32/Obfuscated.L GData = Trojan.Generic.6462910 Symantec = Trojan.ADH TheHacker = Trojan/Downloader.Agent.pxo BitDefender = Trojan.Generic.6462910 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 16384 Initialized Data Size : 262144 Uninitialized Data Size : 0 Entry Point : 0x1296 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 10.0.6002.18005 Product Version Number : 10.0.6002.18005 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : Neutral Character Set : Unicode Company Name : Xwawvtsej Ntblbiphfad File Description : Ynblehubp IME File Version : 10.0.6002.18005 (lh_sp2rtm.090410-1830) Internal Name : imetip.dll Legal Copyright : © Vfohwbvrg Rjrtxnrtxrk. All rights reserved. Original Filename : imetip.dll Product Name : Mxvbeobrc® Bwxvvjl® Ebnohzmgd Todynn Product Version : 10.0.6002.18005
VirusTotal Report submitted 2012-01-05 17:54:45
VirusShare info last updated 2012-07-26 12:48:04

	MD5	af0d4e47001672c21fb15cce4aced48f
	SHA1	0d7993563fe7dc41d454977765fe53ecfb9c8c0c
	SHA256	099b1c7369a1a123b77d8cedf634deabd9864f85b7e3019214d8e1a27b1e1693
SSDeep	3072:JvZH8gLJbA87rMkcOQLaChKFFrpolEMqqDLy/en+Pe/4NKCnsj:JvrGSrcOQL5w1peqqDLuesOuKqs
Size	160768 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-HF [Cryp] Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Vundo Panda = Suspicious file Rising = Trojan.Win32.Generic.1289ABC8 nProtect = Trojan/W32.Genome.160768 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!4OpO7Jrai9Y TrendMicro-HouseCall = TROJ_GEN.R4FC2IE Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Genome.wgut McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.Click1.64012 TrendMicro = TROJ_GEN.R4FC2IE Kaspersky = Trojan.Win32.Genome.wgut Microsoft = Trojan:Win32/Vundo.gen!AV ViRobot = Trojan.Win32.Vundo.160768 Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Generic.ijxo McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.AZQC Norman = W32/Suspicious_Gen2.QTOEK Sophos = Troj/Virtum-Gen Symantec = Trojan.Gen GData = Gen:Variant.Vundo.4 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.lxf BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:08:19 09:46:42-04:00 PE Type : PE32 Linker Version : 5.12 Code Size : 94208 Initialized Data Size : 118784 Uninitialized Data Size : 0 Entry Point : 0x13a32 OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.6.7000.0 Product Version Number : 6.6.7000.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Vnrmgjtri Lpzybpvwlac File Description : DirectShow Runtime. File Version : 6.6.7000.0 (winmain_win7beta.081212-1400) Internal Name : QCap.dll Legal Copyright : © Uytnvwlob Dbtjrslawzr. All rights reserved. Original Filename : QCap.dll Product Name : Rkathmooi® Rufbqqx® Vnvlhzjpv Gjyxup Product Version : 6.6.7000.0 Ole Self Register :
VirusTotal Report submitted 2012-06-05 15:06:24
VirusShare info last updated 2012-07-26 12:49:09

	MD5	5fe3d6748aa99eec944649ed4686eceb
	SHA1	0d87ebcaad44538aefd74f72f8976609a639bc60
	SHA256	c6170e1e19a4dcd2b4df6c92e093de318929464a5457a8df3c0d8f0d546d2d37
SSDeep	3072:2wcbYdUPU6bkXkAMAhedwBLjcqKqOAk6lF6SY2rrsj9DhLh7heR1:7cbYAU9MAMiBtKqOAkPj9DhLh7he
Size	188416 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.AV.665 Avast = Win32:MalOb-GD [Cryp] Antiy-AVL = Trojan/Win32.Monder.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Trj/CI.A Rising = Trojan.Win32.Generic.12956A84 nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware eTrust-Vet = Win32/Monder.A!generic TrendMicro-HouseCall = TROJ_GEN.R47C2ID Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Monder.msmc McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.Virtumod.10525 TrendMicro = TROJ_GEN.R47C2ID Kaspersky = Trojan.Win32.Monder.msmc Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Virtum!tr PCTools = Trojan.Gen Jiangmin = Trojan/Monder.acan McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.4 VIPRE = Virtumonde F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.SXP Norman = W32/Suspicious_Gen2.QNTUT Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen.2 Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Gen:Variant.Vundo.4 NOD32 = Win32/Adware.Virtumonde.NHD
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:11:12 02:59:57-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 118784 Initialized Data Size : 114688 Uninitialized Data Size : 0 Entry Point : 0x19f71 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Aczalshrrbt File Description : Sidebar droptarget File Version : 6.0.6000.16386 (irvhr_rtm.061101-2205) Internal Name : sbdrop Legal Copyright : © Qlmtxvypn Eopviixisth. All rights reserved. Original Filename : sbdrop Product Name : Pxlpfstxi® Yakwvrm® Vsswpdasi Nwwcfl Product Version : 6.0.6000.16386
VirusTotal Report submitted 2011-10-31 18:03:52
VirusShare info last updated 2012-07-26 12:49:13

	MD5	a13ea0ce22a2eb54b52b21956743568e
	SHA1	0dde037cda33529a2ffe992d0dd4e901e72de4b9
	SHA256	38020bac7229d072dfc1abfd6ae343e988ddfe9be4332736a4036341a80a0b78
SSDeep	1536:t77UHvG9FFpQ55ttmG+8nsfVk4JxsKuTCrpypTLhje/0sZE:V7Cw/pa5ttz4kctpUh6MsZE
Size	70144 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Menti Panda = Generic Trojan nProtect = Trojan/W32.Agent.70144.KJ K7AntiVirus = Trojan VirusBuster = Trojan.Kryptik!356ErQ7w0P8 eTrust-Vet = Win32/Monder.A!generic TrendMicro-HouseCall = TROJ_GEN.R11C2IC Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Menti.ipjv SUPERAntiSpyware = Trojan.Agent/Gen-Vundo McAfee-GW-Edition = Vundo!ln TrendMicro = TROJ_GEN.R11C2IC Kaspersky = Trojan.Win32.Menti.ipjv ViRobot = Trojan.Win32.Vundo.70144 Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Menti.y McAfee = Vundo!ln F-Secure = Gen:Variant.Vundo.6 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CI.gen!Eldorado AVG = Generic25.BTVX Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen Symantec = Trojan.Gen GData = Gen:Variant.Vundo.6 Commtouch = W32/Virtumonde.CI.gen!Eldorado TheHacker = Trojan/Menti.gufq BitDefender = Gen:Variant.Vundo.6 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:12:13 23:23:45-05:00 PE Type : PE32 Linker Version : 5.12 Code Size : 24576 Initialized Data Size : 81920 Uninitialized Data Size : 0 Entry Point : 0x6674 OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.5479.0 Product Version Number : 6.0.5479.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 1 Language Code : English (U.S.) Character Set : Unicode Company Name : SEIKO EPSON CORPORATION File Description : EPSON Printer Driver File Version : 6.0.5479.0 (vbl_wcp_d2_drivers.060616-1619) Internal Name : ep0lvrae.dll Legal Copyright : Copyright (c) SEIKO EPSON CORPORATION 2003-2004. All rights reserved. Original Filename : ep0lvrae.dll Product Name : EPSON Printer Driver Product Version : 6.0.5479.0
VirusTotal Report submitted 2011-11-30 16:28:36
VirusShare info last updated 2012-07-26 12:49:28

	MD5	92972a1ac5a14627fa69a128a302d6cc
	SHA1	b630de177ace5765babf9c6a8e8e40cdcc84483e
	SHA256	0e8a473d5a29b33b40f3c7f3820eec08b673b3e99ccdd9309c7165d8de668b7c
SSDeep	1536:2quKxOOi5+ooisz8sbWc5a1dKNtpfbSF4om93AXJ4TBzia/nlY:2qzWQzec7pmi9w6NTnlY
Size	77824 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.307200 Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Vundo Panda = Suspicious file nProtect = Trojan/W32.Monder.77824.F K7AntiVirus = Riskware VirusBuster = Trojan.Monder!DzlNiivyWhE TrendMicro-HouseCall = TROJ_GEN.R4FC2G7 Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Win32.Trojan.Monder.cm.5 McAfee-GW-Edition = Vundo!jw DrWeb = Trojan.Virtumod.10270 TrendMicro = TROJ_GEN.R4FC2G7 Kaspersky = Trojan.Win32.Monder.mpfc Microsoft = Trojan:Win32/Vundo.gen!AV ViRobot = Trojan.Win32.A.Monder.77824 Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Monder.aeth McAfee = Vundo!jw F-Secure = Trojan.Vundo.5514 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.YLY Norman = W32/Suspicious_Gen2.PNOJQ Sophos = Troj/Virtum-Gen GData = Trojan.Vundo.5514 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.ndi BitDefender = Trojan.Vundo.5514 NOD32 = a variant of Win32/Kryptik.NDI
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:11:12 19:46:07-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 28672 Initialized Data Size : 90112 Uninitialized Data Size : 0 Entry Point : 0x4885 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.1.1.51 Product Version Number : 2.1.1.51 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : Hewlett-Packard Company File Description : hpboidPS Module Internal Name : Proxy stub for status server Legal Copyright : Copyright © 2006, 2007 Hewlett-Packard Company Legal Trademarks : OLE Self Register : File Version : 2,1,1,51 Original Filename : hpboidps.DLL Private Build : Product Name : Bidi (Missile) User Mode Product Version : 2,1,1,51 Special Build :
VirusTotal Report submitted 2012-06-22 20:36:53
VirusShare info last updated 2012-07-26 12:50:04

	MD5	ac743902988496befda0df4ee0518b00
	SHA1	0f53f8ab94e1ea6b9ea5cd7e47d54ba0402e085e
	SHA256	3d36a01cc28e556ab5744a889a407a997ccfea5641b3023b63b156ab691c7d21
SSDeep	12288:BV5Ml8Z9AbuiQKyRGyxMizjrmxE1BQDF1mGDAVxuKbAkZycuQx507GLRVrLa:BVWLRmIszPPPQDitDFbAkce07mzq
Size	647168 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.ZPACK.Gen2 Avast = Win32:Adware-gen [Adw] Antiy-AVL = Trojan/Win32.Hrup.gen Ikarus = Trojan.Win32.Hrup AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/CI.A K7AntiVirus = Riskware VirusBuster = Trojan.Hrup!T7/KMgyAjIw TrendMicro-HouseCall = TROJ_GEN.R4FC7K4 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Hrup!IK McAfee-GW-Edition = Artemis!AC7439029884 DrWeb = Trojan.Siggen3.21890 TrendMicro = TROJ_GEN.R4FC7K4 Kaspersky = Trojan.Win32.Hrup.etv Microsoft = TrojanDownloader:Win32/Wintrim.BL Fortinet = W32/Hrup.ETV!tr PCTools = Trojan.Gen Jiangmin = Trojan/Hrup.bzse McAfee = Artemis!AC7439029884 VIPRE = Trojan-Downloader.Win32.Wintrim.bl (v) F-Prot = W32/Wintrim.N.gen!Eldorado AVG = Skintrim Norman = W32/Skintrim.DVYD Sophos = Mal/Generic-L Symantec = Trojan.Gen.2 GData = Trojan.Generic.6819739 Commtouch = W32/Wintrim.N.gen!Eldorado TheHacker = Trojan/Skintrim.iv BitDefender = Trojan.Generic.6819739 NOD32 = a variant of Win32/Skintrim.IV
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2010:02:22 04:04:00-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 20480 Initialized Data Size : 626688 Uninitialized Data Size : 0 Entry Point : 0x1e30 OS Version : 5.0 Image Version : 0.0 Subsystem Version : 5.0 Subsystem : Windows GUI File Version Number : 9.5.0.3 Product Version Number : 9.5.0.3 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : diastrofia File Description : aciemar File Version : 9, 5, 0, 3 Internal Name : sweetening Legal Copyright : naftalina Legal Trademarks : Inez Product Name : favoreced Product Version : 9, 5, 0, 3
VirusTotal Report submitted 2011-11-25 16:15:43
VirusShare info last updated 2012-07-26 12:50:45

	MD5	10a2216fa1ab166f4a83abf26413c650
	SHA1	8fc32f971ee9eb6fbbcf5a77ec37e2c4f40c391e
	SHA256	0f6e1a1b4d33febb69d1aa366c76753a03ac84b299e5c8448532a828ae1ab363
SSDeep	1536:VZbm2OnRNco3UuYuk3/axoTTHJh1DA8qI7KeETS9wBpl6cvLePaOKa5scybennn1:vbGn0o3Qixo3HJnDAVHSeBpQiYataabp
Size	82944 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.XPACK.Gen Avast = Win32:MalOb-GW [Cryp] Antiy-AVL = Backdoor/Win32.DarkHole.gen Ikarus = Backdoor.Win32.DarkHole Panda = Suspicious file nProtect = Trojan.Generic.6820186 K7AntiVirus = Trojan VirusBuster = Backdoor.DarkHole!7AZcfk7uiAs TrendMicro-HouseCall = TROJ_GEN.R4FH1IK Comodo = UnclassifiedMalware Emsisoft = Backdoor.Win32.DarkHole!IK CAT-QuickHeal = Backdoor.DarkHole.ap McAfee-GW-Edition = Generic BackDoor!dr3 DrWeb = BackDoor.DarkNess.40 TrendMicro = TROJ_GEN.R4FC9J8 Kaspersky = Backdoor.Win32.DarkHole.ap Microsoft = Backdoor:Win32/Votwup.D Fortinet = W32/Pirminay.BMF!tr Jiangmin = Trojan/Generic.kmsm McAfee = Generic BackDoor!dr3 F-Secure = Trojan.Generic.6820186 VIPRE = Trojan.Win32.Generic!BT AVG = BackDoor.Generic14.AAOU Norman = W32/Kryptik.AFR Sophos = Mal/EncPk-ADY GData = Trojan.Generic.6820186 TheHacker = Trojan/Kryptik.rpv BitDefender = Trojan.Generic.6820186 NOD32 = a variant of Win32/Kryptik.RPV
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2007:06:05 07:40:23-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 20992 Initialized Data Size : 60416 Uninitialized Data Size : 0 Entry Point : 0x560d OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 0.160.3093.24853 Product Version Number : 0.160.3093.24853 File Flags Mask : 0x0000 File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Ritlabs S.R.L. File Description : aYRnT8n56Y6 File Version : 5lp28qut Internal Name : yyjhENs Legal Copyright : EEXEZV5xz Original Filename : 2lbpCTjM7Tlry Product Name : ry1Ce1rPKV Product Version : ImangzeHh9gMi
VirusTotal Report submitted 2012-06-22 21:08:29
VirusShare info last updated 2012-07-26 12:50:50

	MD5	2354e9e53917c05abb989bba1c4d1cf1
	SHA1	0fe84be9851258bfc1ba583ab507d44b149640c0
	SHA256	b43bfe05b6e5b31677baac3fa43ac83ff33709231fce475e87d28b71d35be6ab
SSDeep	6144:gqXcMZjfw9Ed6ydeSWST8MqP/IaDK9je:FXcMZjNkydl3bqP/IaDb
Size	278528 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = ADWARE/Adware.Gen Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Jorik AhnLab-V3 = Trojan/Win32.FakeAV Panda = Trj/CI.A nProtect = Gen:Variant.Downloader.10 VirusBuster = Trojan.Injector!91aRSm8Tw04 VBA32 = Trojan.Jorik.Pirminay.be TrendMicro-HouseCall = TROJ_GEN.R4FC3IH Emsisoft = Trojan.Win32.Jorik!IK SUPERAntiSpyware = Adware.Vundo/Variant-MSFake McAfee-GW-Edition = Heuristic.LooksLike.Win32.Suspicious.C DrWeb = Trojan.DownLoader4.17985 ByteHero = Trojan.Win32.Heur.Gen TrendMicro = TROJ_GEN.R4FC3IH Kaspersky = Trojan.Win32.Jorik.Pirminay.nc Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Jorik.K!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.hxys McAfee = Generic.evx!v F-Secure = Trojan.Generic.6573909 VIPRE = Trojan.Win32.Generic!BT AVG = SHeur3.CKGC Norman = W32/Obfuscated.L Sophos = Troj/Virtum-Gen Symantec = Trojan.Gen.2 GData = Trojan.Generic.6573909 BitDefender = Trojan.Generic.6573909 NOD32 = a variant of Win32/Injector.HZU
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 253952 Initialized Data Size : 28672 Uninitialized Data Size : 40960 Entry Point : 0x489e0 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 0.3.1281.0 Product Version Number : 6.0.5479.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 12 Language Code : Arabic Character Set : Unicode Company Name : Microsoft Corporation File Description : برنامج تشغيل الطابعة Oksidm9 File Version : 6.0.5479.0 (vbl_wcp_d2_drivers.060616-1619) Internal Name : Oksidm9.dll Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : Oksidm9.dll Product Name : Microsoft® Windows® Operating System Product Version : 6.0.5479.0
VirusTotal Report submitted 2011-11-18 18:45:08
VirusShare info last updated 2012-07-26 12:51:16

	MD5	effc35d1f835f936047e7cb34de94a98
	SHA1	109ed103a3f4a66eea09ddab0ca7e348ce053c24
	SHA256	5d2909a89c6b9c3d025e90794d3797697d1482b9f094fb281190f4d6874af770
SSDeep	3072:NOSC4KHWTEo+81ZYXhQ8ebnZ3nnd6GON/:g8w816Qd3YGO
Size	126976 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	Ikarus = Trojan.Win32.Pirminay Panda = Suspicious file SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] VIPRE = Trojan.Win32.Kryptik.laq (v) AVG = Generic22.ADAD NOD32 = a variant of Win32/Kryptik.NDC
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:22 18:06:30-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 28672 Initialized Data Size : 131072 Uninitialized Data Size : 0 Entry Point : 0x479e OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 10.1.7600.16385 Product Version Number : 10.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : Neutral Character Set : Unicode Company Name : Pnlhjydat Nclyeobtiny File Description : Jjdqikajd IME File Version : 10.1.7600.16385 (win7_rtm.090713-1255) Internal Name : imetip.dll Legal Copyright : © Kidfbbruu Fvvypdgzpsn. All rights reserved. Original Filename : imetip.dll Product Name : Ykiyjkswc® Niifhpp® Ulzhozywx System Product Version : 10.1.7600.16385
VirusTotal Report submitted 2011-05-04 13:47:45
VirusShare info last updated 2012-07-26 12:52:00

	MD5	cc1558f084ec762963ec6542296f8d94
	SHA1	328e7be02c32f94e662d140778ea344b4df4f8d2
	SHA256	11765d9879e14ce7893a0f3e4d8483c4ab93f223321c63148c82b500fe636e41
SSDeep	1536:BP6/HlZSpNkTE8z2IHJmrPdhWQUeofTv/k:BP6dmN77juTv/
Size	69120 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/Win32.Monder.gen Ikarus = Trojan.Win32.Pirminay Panda = Suspicious file nProtect = Trojan/W32.Vundo.69120.F K7AntiVirus = Riskware VirusBuster = Trojan.Monder!Q5Oan1a3snw TrendMicro-HouseCall = TROJ_GEN.R4FCDA7 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Vundo!pt DrWeb = Trojan.Virtumod.10320 TrendMicro = TROJ_GEN.R4FCDA7 Kaspersky = Trojan.Win32.Monder.nckd Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = HeurEngine.MaliciousPacker TotalDefense = Win32/Vundo.H!generic McAfee = Vundo!pt F-Secure = Gen:Variant.Vundo.4 VIPRE = Virtumonde F-Prot = W32/Virtumonde.BZ.gen!Eldorado AVG = Generic26.AFSL Norman = W32/Kryptik.AIF GData = Gen:Variant.Vundo.4 Symantec = Packed.Generic.305 Commtouch = W32/Virtumonde.BZ.gen!Eldorado BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.PLI
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:03 11:31:28-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 25600 Initialized Data Size : 77824 Uninitialized Data Size : 0 Entry Point : 0x71fb OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1.0.0.1 Product Version Number : 1.0.0.1 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Windows, Latin1 Company Name : Microsoft File Description : SMB (File Sharing) Helper Class for Network Diagnostic Framework File Version : 1.0.0.1 Legal Copyright : (c) Microsoft. All rights reserved. Internal Name : SMBHelperClass.dll Original Filename : SMBHelperClass.dll Product Name : SMB Helper Class for NDF Product Version : 1.0.0.1 OLE Self Register :
VirusTotal Report submitted 2012-06-22 22:26:14
VirusShare info last updated 2012-07-26 12:52:44

	MD5	4f2fc22cb78b792c84348aa6da7910dc
	SHA1	13bd147e21ccc76db3335316321e0607094e6d75
	SHA256	36d3533a6a206f48cf574590a4b2da43df66ef873f487387d317e108544ad1b6
SSDeep	1536:1sWtx5YoJ154HiJYbYpBGh59354RGlysSx973Ohijk6PyjL2+Dx:1sWFYoJ14iJYbYpoh59sySx1zzy/2Y
Size	69120 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:MalOb-HH [Cryp] Antiy-AVL = Trojan/Win32.Menti.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Menti Panda = Suspicious file Rising = Trojan.Win32.Generic.123C59CF nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!iLtXiPOBmQc VBA32 = Trojan.Menti.iuhl TrendMicro-HouseCall = TROJ_GEN.R72C7KB Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Menti.iuhl McAfee-GW-Edition = Vundo!my DrWeb = Win32.HLLW.Autoruner1.2777 TrendMicro = TROJ_GEN.R72C7KB Kaspersky = Trojan.Win32.Menti.iuhl Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = HeurEngine.MaliciousPacker Jiangmin = Trojan/Genome.ios McAfee = Vundo!my F-Secure = Gen:Variant.Vundo.4 VIPRE = Virtumonde eSafe = Win32.TRATRAPS F-Prot = W32/Virtumonde.BZ.gen!Eldorado AVG = Generic25.BUFM Norman = W32/Kryptik.AIF Sophos = Mal/Generic-L GData = Gen:Variant.Vundo.4 Symantec = Packed.Generic.305 Commtouch = W32/Virtumonde.BZ.gen!Eldorado TheHacker = Trojan/Kryptik.nhv BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.NHV
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:08:16 04:20:08-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 24576 Initialized Data Size : 80384 Uninitialized Data Size : 0 Entry Point : 0x6ebd OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Softpub Forwarder DLL File Version : 6.0.6000.16386 (vista_rtm.061101-2205) Internal Name : Softpub Forwarder DLL Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : Softpub Forwarder DLL Product Name : Microsoft® Windows® Operating System Product Version : 6.0.6000.16386
VirusTotal Report submitted 2012-01-02 05:49:29
VirusShare info last updated 2012-07-26 12:54:48

	MD5	182e2093516e55f01405ac831855eeee
	SHA1	c4dc87b08172414a55adabb5d876d2cbc118360f
	SHA256	1551a4c754aaa2940f417710cf7422bd5b7a7e2318a999d7c889645167afc383
SSDeep	1536:W3iJFKDTwTxcI4bos4PCdzp/uJSOwTYw3Q3nCjUDxu1rlK8J+p1RFWp87HATbE0k:W3SFMTPR4PCd+BBpZ6rNm1z08sTIx
Size	128123 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.XPACK.Gen Avast = Win32:MalOb-HX [Cryp] Ikarus = Virus.Win32.Heri Panda = Trj/Mystic.a K7AntiVirus = Trojan VirusBuster = TrojanSpy.Zbot!SlYwNCgMF5U VBA32 = TrojanSpy.Zbot.cbar TrendMicro-HouseCall = TROJ_GEN.R37CDLP Emsisoft = Virus.Win32.Heri!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = PWS-Zbot.gen.ju TrendMicro = TROJ_GEN.R37CDLP Kaspersky = Trojan-Spy.Win32.Zbot.cbar Microsoft = PWS:Win32/Zbot.gen!Y Fortinet = W32/Pirminay.BMF!tr PCTools = Trojan-PSW.Generic McAfee = PWS-Zbot.gen.ju F-Secure = Gen:Variant.Kazy.33688 VIPRE = Trojan.Win32.Ransom.do (v) AVG = Win32/Heri Norman = W32/Kryptik.AFR Sophos = Mal/EncPk-ADY Symantec = Infostealer GData = Gen:Variant.Kazy.33688 BitDefender = Gen:Variant.Kazy.33688 NOD32 = a variant of Win32/Kryptik.RPV
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2007:04:12 20:59:55-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 22016 Initialized Data Size : 104448 Uninitialized Data Size : 0 Entry Point : 0x4ec3 OS Version : 5.1 Image Version : 1.0 Subsystem Version : 5.1 Subsystem : Windows GUI File Version Number : 0.53248.57321.40184 Product Version Number : 0.53248.57321.40184 File Flags Mask : 0x0000 File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Ritlabs S.R.L. File Description : ziMkzE4x72w File Version : J7pbJVkpImE Internal Name : sLItViJ Legal Copyright : Z6w0u5OuI Original Filename : isiU Product Name : HJ6Puk4aaHAn Product Version : Hs4sWMX
VirusTotal Report submitted 2012-06-23 00:50:15
VirusShare info last updated 2012-07-26 12:56:05

	MD5	c08b469727f1b87e7dac13c1c8625b7d
	SHA1	155c8c5050587286b67426f8e4e4441a27ea0147
	SHA256	9c1dcadb64d591aee9243a3099ec9aad838dd21aa30c6b687db4966787809482
SSDeep	6144:M4M0gAAlL480GI/prDREQ3qx5i73ZtQ8vN19a4TNBFM:M4M0g9684pPo+7k8vbzTu
Size	361385 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dldr.Ponmocup.A.180 Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Fakeav.361385 Panda = Generic Trojan Rising = Trojan.Win32.Generic.1289CFD6 nProtect = Trojan/W32.Agent.361385.B K7AntiVirus = Riskware VirusBuster = Trojan.Agent!6aJ4BhwcvSE VBA32 = SScope.Trojan.Pirminay.chc TrendMicro-HouseCall = TROJ_GEN.R3EC2D6 Emsisoft = Trojan.Win32.Pirminay!IK Comodo = TrojWare.Win32.Trojan.Agent.Gen CAT-QuickHeal = Trojan.Pirminay.eed McAfee-GW-Edition = Generic Downloader.x!fum DrWeb = Trojan.Hosts.4142 TrendMicro = TROJ_GEN.R3EC2D6 Kaspersky = Trojan.Win32.Pirminay.eed Microsoft = TrojanDownloader:Win32/Ponmocup.A PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.ok McAfee = Generic Downloader.x!fum F-Secure = Trojan.Generic.KDV.158633 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Vundo-JU eSafe = Win32.TrojanDownload AVG = Generic21.AWJN Norman = W32/Suspicious_Gen2.JJIIM Sophos = Mal/Ponmocup-A Symantec = Trojan.Gen GData = Trojan.Generic.KDV.158633 TheHacker = Trojan/Pirminay.eed BitDefender = Trojan.Generic.KDV.158633 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:11:18 23:20:31-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 57344 Initialized Data Size : 593920 Uninitialized Data Size : 0 Entry Point : 0xa6f3 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Wawcufmps Qhntvluiirx File Description : Updilfyst Rendezvous Control File Version : 5.1.2600.0 (lnduoreo.010817-1148) Internal Name : rend.dll Legal Copyright : © Kcjhjntlc Xvcvqoavlub. All rights reserved. Original Filename : rend.dll Product Name : Wgxcdcfel® Bnchrla® Dnbgilomt Pdewhz Product Version : 5.1.2600.0
VirusTotal Report submitted 2011-07-21 21:12:12
VirusShare info last updated 2012-07-26 12:56:07

	MD5	5e1b8c45bb42e49d3c12d45c66bb29f6
	SHA1	0ed892a29e928b012e8fd03e50485f7acd139be5
	SHA256	15876b8ba1b047aef9e9375f213eb67b9c57693daf949153d39e707b65ba514e
SSDeep	1536:GGVvd6FKKBREJHKK4b0rB9lRTJJhabHLWB2vDhBEQtazW1kQf:Bd65RSKfW9lRFJhcLRrezkkQf
Size	76800 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Trj/Genetic.gen nProtect = Trojan/W32.Monder.76800.C K7AntiVirus = Riskware VirusBuster = Trojan.Monder.Gen.7 TrendMicro-HouseCall = TROJ_GEN.R4FC2G6 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Monder.nfza McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.Click1.61036 TrendMicro = TROJ_GEN.R4FC2G6 Kaspersky = Trojan.Win32.Monder.nfza Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Monder.BMF!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Monder.abee McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.YJO Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen.2 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.ndi BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.NDI
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:06:29 07:32:37-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 32768 Initialized Data Size : 90112 Uninitialized Data Size : 0 Entry Point : 0x4add OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 2 Language Code : Neutral Character Set : Unicode Company Name : Microsoft Feyzmogvamr File Description : Greenlandic Keyboard Layout File Version : 6.0.6000.16386 (edkrn_rtm.061101-2205) Internal Name : kbdgrlnd (3.13) Legal Copyright : © Oscyawtxx Pxpucqjdtev. All rights reserved. Original Filename : kbdgrlnd.dll Product Name : Vhrnqseir® Eipvpsk® Bxmonqxom Vrwqts Product Version : 6.0.6000.16386
VirusTotal Report submitted 2012-06-23 00:57:01
VirusShare info last updated 2012-07-26 12:56:14

	MD5	4537cb4d687ce695b2548b95dc774f09
	SHA1	b57c71cf469117fa2c791a3c7eb89cd3fb944d3b
	SHA256	16b511e6844fe2d184704b730eaa29825cf380ba913b0d4192b1bcdcac8e15d2
SSDeep	6144:g0oZsNG2MsmP6TStzmdOpvr+eeTcTPNsmv0yaQDs6QiA/t7jyMCNzKy3L:aZsG23Y6TSFqOzveeVjsyxs6DAF7BeTL
Size	395700 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Jorik.Pirminay.aj Avast = Win32:Pirminay-BW [Trj] Ikarus = Trojan.Win32.Pirminay Panda = Suspicious file nProtect = Trojan.Generic.6252220 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!1ayp26x1NnI TrendMicro-HouseCall = TROJ_GEN.R28C2I9 Comodo = TrojWare.Win32.Trojan.Agent.Gen Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Jorik.Pirminay.zk McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.MulDrop2.36782 TrendMicro = TROJ_GEN.R28C2I9 Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Jorik.iln McAfee = Generic Malware.ms F-Secure = Trojan.Generic.6252220 VIPRE = Trojan.Win32.Generic!BT AVG = Generic23.BCQH Norman = W32/Obfuscated.L Sophos = Troj/Virtum-Gen Symantec = Trojan.Gen GData = Trojan.Generic.6252220 TheHacker = Trojan/Jorik.Pirminay.an BitDefender = Trojan.Generic.6252220 NOD32 = a variant of Win32/Kryptik.LLT
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:16 07:53:57-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 393216 Initialized Data Size : 4096 Uninitialized Data Size : 483328 Entry Point : 0xd6b60 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2003.1.2600.2180 Product Version Number : 5.1.2600.2180 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Ocojjtdla Yhbzjywzntq File Description : Evfxfkzqa COM Runtime Execution Engine File Version : 2003.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Internal Name : CORPOL.DLL Legal Copyright : © Sggofrahr Wagnqtlgajn. All rights reserved. Original Filename : CORPOL.DLL Product Name : Ixnmreuqq® Qahvhda® Iehbbvbki Uajzhn Product Version : 5.1.2600.2180
VirusTotal Report submitted 2012-06-23 01:40:25
VirusShare info last updated 2012-07-26 12:57:14

	MD5	16c4d88c0c6f67ecdd3a6ba236bfea1e
	SHA1	496e09492f9b707981880b97a79849e1c1111d32
	SHA256	16cf4f3e7ba0bc812f65e478242b20805406da8505f2ce9b717550f5474870be
SSDeep	1536:FbKnHOig+Oxisz8sbWc5a1dfNtpfbSF4om93AXJ4TBziarnl8:F2zOzecipmi9w6N3nl8
Size	77824 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.307200 Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Vundo Panda = Suspicious file nProtect = Trojan/W32.Monder.77824.F K7AntiVirus = Riskware VirusBuster = Trojan.Monder!zcS4o5mu68w TrendMicro-HouseCall = TROJ_GEN.R29CDAK Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Win32.Trojan.Monder.cm.5 McAfee-GW-Edition = Vundo!ny DrWeb = Trojan.Virtumod.10270 TrendMicro = TROJ_GEN.R29CDAK Kaspersky = Trojan.Win32.Monder.neht Microsoft = Trojan:Win32/Vundo.gen!AV ViRobot = Trojan.Win32.A.Monder.77824.A Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Vundo TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Monder.aeth McAfee = Vundo!ny F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.YLY Norman = W32/Troj_Generic.DZZV Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.13 Symantec = Trojan.Vundo!gen9 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.ndi BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.NDI
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:11:12 19:46:07-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 28672 Initialized Data Size : 90112 Uninitialized Data Size : 0 Entry Point : 0x4885 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.1.1.51 Product Version Number : 2.1.1.51 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : Hewlett-Packard Company File Description : hpboidPS Module Internal Name : Proxy stub for status server Legal Copyright : Copyright © 2006, 2007 Hewlett-Packard Company Legal Trademarks : OLE Self Register : File Version : 2,1,1,51 Original Filename : hpboidps.DLL Private Build : Product Name : Bidi (Missile) User Mode Product Version : 2,1,1,51 Special Build :
VirusTotal Report submitted 2012-06-23 01:43:33
VirusShare info last updated 2012-07-26 12:57:19

	MD5	b525056f70001087732bf7f5aadf1543
	SHA1	f3c693c8153434075a62ea6c9c3b9ad9ce997046
	SHA256	1911a1b71746dce71cffeacce7fd3dd924d61d632ed20fdfb562f7585832d0c4
SSDeep	3072:R6ykTxkta4Mf55Z8cL/KV6+ppflihHRyj8jh1lNcSwoZiYfO:0veanXFe9hShNcSffO
Size	167936 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.307200 Avast = Win32:MalOb-GD [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.FakeAV Panda = Suspicious file K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!eBiyPPtS9d8 TrendMicro-HouseCall = TROJ_GEN.R11C2H1 Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Monder.nehg McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.WinSpy.1558 TrendMicro = TROJ_GEN.R11C2H1 Kaspersky = Trojan.Win32.Monder.nehg Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Monder.ackh McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.4 VIPRE = Virtumonde F-Prot = W32/Virtumonde.CD.gen!Eldorado AVG = Generic22.ANCC Norman = W32/Kryptik.AIF Sophos = Mal/Generic-L GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CD.gen!Eldorado TheHacker = Trojan/Kryptik.ndi BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.AGXH
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:01:18 00:19:53-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 102400 Initialized Data Size : 98304 Uninitialized Data Size : 0 Entry Point : 0x163c5 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6001.18000 Product Version Number : 6.0.6001.18000 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 8 Language Code : English (U.S.) Character Set : Unicode Company Name : Xztfevbqv Kbgbrtftghg File Description : Flnsgrboy ACM Audio Filter File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840) Internal Name : Jhyddtqsf ACM Audio Filter Legal Copyright : © Inorznyop Corporation. All rights reserved. Original Filename : msfltr32.acm Product Name : Xcsltbhjn® Zqtcvkp® Pgkevtdwi Lrgelv Product Version : 6.0.6001.18000
VirusTotal Report submitted 2012-06-23 02:57:38
VirusShare info last updated 2012-07-26 12:59:03

	MD5	173bc8af86e1c275b7d493223f03af2c
	SHA1	1a6a1548a93d8f2ff1f9651b6d4eaad3665fb766
	SHA256	02e86eac7375fbf64356fbe23cd83a670a5c36b9e62b341f065a7c716854c98f
SSDeep	1536:/IBUaHYj4dtNJu3G8fN7cAwamFILh01Y3hyNScY6Y9l/MqqU+NV23S2jMnew:/IBUg817cAwSyyK7Cl/MqqDLy/jZw
Size	115712 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-HF [Cryp] Antiy-AVL = Trojan/win32.agent.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Trj/Genetic.gen K7AntiVirus = Riskware VirusBuster = Adware.Virtumonde.Gen.2 eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R4FC1KG Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Win32.Trojan.Monder.co.5 SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[Cont] McAfee-GW-Edition = Generic Malware.j!pec DrWeb = Trojan.WinSpy.1176 TrendMicro = TROJ_GEN.R4FC1KG Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.ijpf F-Secure = Gen:Variant.Vundo.4 VIPRE = Virtumonde F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.BHWY Norman = W32/Crypt.AWAT Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen.2 TheHacker = Trojan/Kryptik.qgj BitDefender = Gen:Variant.Vundo.4 NOD32 = Win32/Adware.Virtumonde.NHD
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:07:28 14:37:02-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 73728 Initialized Data Size : 90112 Uninitialized Data Size : 0 Entry Point : 0xe9c6 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.0.5.53 Product Version Number : 2.0.5.53 File Flags Mask : 0x30003f File Flags : Pre-release, Private build File OS : Windows 16-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Windows, Latin1 Active Movie : Filter dll OLE Self Register : AM20 Company Name : Intel Ereuuuegcnp File Description : Indeo® audio software File Version : 2.05.53 Internal Name : iac25_32.ax Legal Copyright : Copyright © Intel Corp. 1997 Original Filename : iac25_32.ax Product Name : Indeo® audio software Product Version : 2.05.53
VirusTotal Report submitted 2012-02-16 21:19:45
VirusShare info last updated 2012-07-26 12:59:56

	MD5	0ef47c801aa5e1d06b54d72915062692
	SHA1	1aea22b968d409bff1a695772724538b5f61f3d6
	SHA256	b608ec7840878d255d573d0267f6230590e19605e962f91f52e72231b19cea52
SSDeep	6144:D1kTtgHBaUcysrpvU1X1UsmYd7VO861R1ayuL:DCZg1orpvQ1UH8SA
Size	223744 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.XPACK.Gen Avast = Win32:Pirminay-DV [Trj] Antiy-AVL = Trojan/Win32.Jorik Ikarus = Trojan.Win32.Jorik AhnLab-V3 = Trojan/Win32.Jorik Panda = Trj/CI.A nProtect = Gen:Variant.Zbot.10 K7AntiVirus = Trojan VirusBuster = Trojan.Kryptik!aiIDghgnViI VBA32 = Trojan.Jorik.Pirminay.air TrendMicro-HouseCall = TROJ_GEN.RC1C8JK Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Jorik!IK CAT-QuickHeal = Trojan.Jorik.Pirminay.anv SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[Cont] McAfee-GW-Edition = Heuristic.LooksLike.Win32.FakeXPA.B DrWeb = Trojan.Fakealert.26952 ByteHero = Trojan.Malware.Win32.xPack.l TrendMicro = TROJ_GEN.RC1C8JK Kaspersky = Trojan.Win32.Jorik.Pirminay.anv Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Jorik_Pirminay.A!tr PCTools = Trojan.Gen Jiangmin = Trojan/Jorik.srx McAfee = Generic Malware.ms F-Secure = Gen:Variant.Zbot.10 VIPRE = Trojan.Win32.Generic!BT eSafe = Win32.TRCrypt.XPACK AVG = Generic25.AHEV Norman = W32/Obfuscated.L Sophos = Mal/Generic-L GData = Gen:Variant.Zbot.10 Symantec = Trojan.Gen.2 TheHacker = Trojan/Jorik.Pirminay.anv BitDefender = Gen:Variant.Zbot.10 NOD32 = a variant of Win32/Kryptik.UEO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 28672 Initialized Data Size : 204800 Uninitialized Data Size : 0 Entry Point : 0x154b OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Flekpofxa Ebskhzkzcej File Description : Fynrcckua DirectPlay NAT Helper PAST File Version : 6.0.6000.16386 (whmpx_rtm.061101-2205) Internal Name : dpnhpast.dll Legal Copyright : © Mlmbfgkqg Wfgxoqvyiko. All rights reserved. Original Filename : dpnhpast.dll Product Name : Zusofvzye® Hokzioj® Obellzgeb Twtbdv Product Version : 6.0.6000.16386
VirusTotal Report submitted 2011-12-27 01:11:15
VirusShare info last updated 2012-07-26 13:00:26

	MD5	4334f2ae922493a949fd8fb0c7a9e5a2
	SHA1	1b76879c36ebb7afe0afde6f886d90ffd7f25cec
	SHA256	c9be9ce0cf39c3d069c3c8941d32358e6b61a5384ef27f384499f77e0aa04966
SSDeep	1536:b8eY9QDI4FhY3XNUw4BP9zclZzWSc1ynSoeVr:VLY3OfR9F7ndR
Size	69120 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Suspicious file nProtect = Trojan/W32.Pirminay.69120 K7AntiVirus = Riskware VirusBuster = Trojan.Pirminay!QXyqncUMM94 VBA32 = Trojan.Pirminay.phm TrendMicro-HouseCall = TROJ_GEN.R72C7KB Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Vundo.Gen McAfee-GW-Edition = Vundo!ni DrWeb = Trojan.Hosts.4545 TrendMicro = TROJ_GEN.R72C7KB Kaspersky = Trojan.Win32.Pirminay.phm Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.bx McAfee = Vundo!ni F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) eSafe = Win32.TRVundo F-Prot = W32/Virtumonde.BZ.gen!Eldorado AVG = Generic25.BSEL Norman = W32/Kryptik.AIF GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.BZ.gen!Eldorado TheHacker = Trojan/Kryptik.hkb BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.HKB
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:28 04:56:51-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 27136 Initialized Data Size : 78336 Uninitialized Data Size : 0 Entry Point : 0x7857 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 11.0.6001.7000 Product Version Number : 11.0.6001.7000 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Windows Media MPEG-4 S Video Decoder File Version : 11.0.6001.7000 (longhorn_rtm.080118-1840) Internal Name : mp4sdmod.dll Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : mp4sdmod.dll Product Name : Microsoft® Windows® Operating System Product Version : 11.0.6001.7000 Ole Self Register :
VirusTotal Report submitted 2012-01-06 01:59:16
VirusShare info last updated 2012-07-26 13:00:48

	MD5	8a6acc53c6182fa46954090a765b3c45
	SHA1	a22eac30e6d16fd0b36af31792315950fb430d11
	SHA256	1c07912e791c53cd1d9accbbdcc18d6080ac7aa71d99d11fc0e6b0398b4369e6
SSDeep	1536:bjwPXBrkpESDdXjdmrx/F2YHGcAy9NsM8tosRuF9F83QHeoOVzz:gXGWStENHGcNzscFv8311z
Size	61440 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Monder.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Spyware/Virtumonde Rising = Trojan.Win32.Generic.1246E2F3 nProtect = Trojan/W32.Agent.61440.AKN K7AntiVirus = Riskware VirusBuster = Adware.Virtumonde!yWTWYfULZNU VBA32 = Trojan.Monder.mmkt TrendMicro-HouseCall = TROJ_SPNR.30EF12 Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Monder.nctz SUPERAntiSpyware = Trojan.Agent/Gen-Monder McAfee-GW-Edition = Artemis!8A6ACC53C618 DrWeb = Trojan.Virtumod.10128 TrendMicro = TROJ_SPNR.30EF12 Kaspersky = Trojan.Win32.Monder.nctz Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Genome.aazr McAfee = Artemis!8A6ACC53C618 F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.BZ.gen!Eldorado AVG = Generic26.ADBO Norman = W32/Kryptik.AIF GData = Gen:Variant.Vundo.13 Symantec = Trojan.Gen.2 Commtouch = W32/Virtumonde.BZ.gen!Eldorado TheHacker = Trojan/Monder.motp BitDefender = Gen:Variant.Vundo.13 NOD32 = Win32/Adware.Virtumonde.NHD
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:06:20 20:36:36-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 19968 Initialized Data Size : 78336 Uninitialized Data Size : 0 Entry Point : 0x5ced OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7000.0 Product Version Number : 6.1.7000.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Control Method Battery Driver File Version : 6.1.7000.0 (winmain_win7beta.081212-1400) Internal Name : cmbatt.sys Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : cmbatt.sys Product Name : Microsoft® Windows® Operating System Product Version : 6.1.7000.0
VirusTotal Report submitted 2012-06-23 04:17:42
VirusShare info last updated 2012-07-26 13:01:13

	MD5	eb4b228e1b50a8c1b6ae7688968ab59b
	SHA1	8fe756341e2330321994795af027dfa3d5193a1a
	SHA256	1c4f2674bcd717fa20f203e3a01c304347c2ffc0a447a0c5bd9dfb6f7edb78a7
SSDeep	3072:kVF0UKt+V/+twxV4OridDatGQ/xT2EbjcG6H+FQOpoO9JhXGoz98iaMqqDLy/+fz:CK+dFj4ORNJ6EaWbJp4iJqqDLuOb/oI
Size	221184 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-HF [Cryp] Antiy-AVL = Trojan/Win32.Monder.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.HDC K7AntiVirus = Riskware VirusBuster = Trojan.Vundo.Gen!Pac.49 TrendMicro-HouseCall = TROJ_GEN.R21C7K9 Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Monder.myzi McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.MulDrop2.36782 TrendMicro = TROJ_GEN.R21C7K9 Kaspersky = Trojan.Win32.Monder.myzi Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Generic.qgir McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.4 F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.ARZU Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Gen:Variant.Vundo.4 NOD32 = Win32/Adware.Virtumonde.NHD
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2007:12:23 13:58:27-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 122880 Initialized Data Size : 139264 Uninitialized Data Size : 0 Entry Point : 0x1abc2 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Qsdypstch Odbkmwzgkin File Description : Xfalpzo Media Video DSP Components - Advanced File Version : 6.1.7600.16385 Internal Name : wmvdspa.dll Legal Copyright : © Iusmgthbc Corporation. All rights reserved. Original Filename : wmvdspa.dll Product Name : Onvxgalfc® Eonagah® Ugkemegsu Fkxwpo Product Version : 6.1.7600.16385
VirusTotal Report submitted 2012-06-23 04:25:02
VirusShare info last updated 2012-07-26 13:01:24

	MD5	c638ecf3cea001c5605de1dee3c50b10
	SHA1	beb363dffe02170878837978fce89607e2690c84
	SHA256	1ce8a38cccbc7e1ca07c24c7987edca0001f4e1f73001fa6e3edc3eaa66dc8a9
SSDeep	1536:ElrQ4bx2QdQ/WvGGtyHpS8Z4NDM+EGzG+BhHk4StYMtd4K+pmWs6l+XG:E5Q4bxfdkH88eNDM+EreHk47PaWyG
Size	83968 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Menti Panda = Suspicious file nProtect = Trojan/W32.Vundo.83968.CM K7AntiVirus = Riskware VBA32 = AdWare.SuperJuan.heur TrendMicro-HouseCall = TROJ_GEN.R4FC2IM Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Vundo.Gen McAfee-GW-Edition = Artemis!C638ECF3CEA0 DrWeb = Trojan.Siggen2.56183 TrendMicro = TROJ_GEN.R4FC2IM Kaspersky = Trojan.Win32.Menti.inhc Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Menti.fam!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Menti.bea McAfee = Artemis!C638ECF3CEA0 F-Secure = Gen:Variant.Vundo.6 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Cryptic.BTF Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.6 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.izc BitDefender = Gen:Variant.Vundo.6 NOD32 = a variant of Win32/Kryptik.IZC
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:05:11 05:10:22-04:00 PE Type : PE32 Linker Version : 5.0 Code Size : 33280 Initialized Data Size : 85504 Uninitialized Data Size : 0 Entry Point : 0x8eca OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.0.2920.0 Product Version Number : 5.0.2920.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Internet Connection Wizard Trial Reminder Helper File Version : 5.00.2920.0000 Internal Name : trialoc Legal Copyright : Copyright (C) Microsoft Corp. 1991-1999 Original Filename : trialoc.dll Product Name : Microsoft(R) Windows (R) 2000 Operating System Product Version : 5.00.2920.0000 Ole Self Register :
VirusTotal Report submitted 2012-06-23 04:41:45
VirusShare info last updated 2012-07-26 13:01:49

	MD5	b87784bb813e1f24af71896433832eb4
	SHA1	bc3bbbcf94545be470001a938e9dd7bb93bbc9b0
	SHA256	1d634d0b9ac184bfe0388fa3d816bf671bf4534158654d857d0a1b6b041e119d
SSDeep	3072:A3QJqSNVh/apBcL10nQ50TYM4e8KRWRIu8+oBMqqDLy/L:+QTNVhL/ovDWRIWqqDLu
Size	143360 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-HF [Cryp] Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Pirminay Panda = Suspicious file K7AntiVirus = Riskware VirusBuster = Trojan.Genome!8mygfmMCe6s TrendMicro-HouseCall = TROJ_GEN.R4FC2IK Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Genome.wimg McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.WinSpy.1273 TrendMicro = TROJ_GEN.R4FC2IK Kaspersky = Trojan.Win32.Genome.wimg Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Generic.pbiy McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.AEWW Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Gen:Variant.Vundo.4 NOD32 = Win32/Adware.Virtumonde.NHD
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:01:23 03:09:22-05:00 PE Type : PE32 Linker Version : 5.12 Code Size : 98304 Initialized Data Size : 90112 Uninitialized Data Size : 0 Entry Point : 0x14306 OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6001.18000 Product Version Number : 6.0.6001.18000 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Wjjzouqpe Yevcphqclgw File Description : Quarantine Agent Proxy File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840) Internal Name : QAgent.DLL Legal Copyright : © Rhlsgnfcy Onoibcwiiuy. All rights reserved. Original Filename : QAgent.DLL Product Name : Vjazusapg® Ziuwqsb® Gaovmuqph Hlswnz Product Version : 6.0.6001.18000
VirusTotal Report submitted 2012-06-23 04:55:40
VirusShare info last updated 2012-07-26 13:02:08

	MD5	65724dddf5f14ab382000024a707d5d4
	SHA1	67807fc0fc2b82c78310c39172b844432902c075
	SHA256	1d77bda60e7b204082d9356c451294a7329dca18877639afed5f11e4d54b51bc
SSDeep	3072:iwhg5sU8m8zM97tu1G31fyuDosMqqDLy/h4SV8:xhm8zqha8gqqDLuLV8
Size	118784 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-HH [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Genome Panda = Trj/Genetic.gen K7AntiVirus = Riskware VirusBuster = Trojan.Genome!zyyw9zL8CQo TrendMicro-HouseCall = TROJ_GEN.R11C2G7 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Genome.uxja SUPERAntiSpyware = Trojan.Agent/Gen-Kundo McAfee-GW-Edition = Artemis!65724DDDF5F1 DrWeb = Trojan.Click1.63787 TrendMicro = TROJ_GEN.R11C2G7 Kaspersky = Trojan.Win32.Genome.uxja Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Generic.aaznh McAfee = Artemis!65724DDDF5F1 F-Secure = Gen:Variant.Vundo.16 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.AGKM Norman = W32/Suspicious_Gen2.TYQGX Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.16 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Genome.srdh BitDefender = Gen:Variant.Vundo.16 NOD32 = probably a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:16 03:31:27-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 40960 Initialized Data Size : 118784 Uninitialized Data Size : 0 Entry Point : 0x6ec2 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1998.11.13.0 Product Version Number : 7.0.6.23 File Flags Mask : 0x003f File Flags : (none) File OS : Win16 Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Windows, Latin1 Platform : Windows Company Name : Microsoft Corporation File Description : SQL Client Configuration Utility. File Version : 1998.11.13 Internal Name : CLICONFG. Legal Copyright : Copyright © Microsoft Corp. 1988-1998 Legal Trademarks : Microsoft® is a registered trademark of Microsoft Corporation. Windows(TM) is a trademark of Microsoft Corporation Original Filename : CLICONFG.EXE. Product Name : Microsoft SQL Server Product Version : 7.00.623 Comments : Windows
VirusTotal Report submitted 2012-06-23 04:59:21
VirusShare info last updated 2012-07-26 13:02:13

	MD5	e4db8d6953e74186bdaad99d859568cd
	SHA1	7fb6bad2f9097899d2f597036bce8443c5e2abba
	SHA256	1d899d587c52a362a8c1c3be660da016fc44b7a9d0b1fb8d081a5ef9ebf5cb23
SSDeep	1536:omQx2bA2QcQTWvBGtyHp88E96M+EGzG+BhHk4StYMtd4K+pmEs6C7G:orx2bAfcNHK8E96M+EreHk47PaEsG
Size	83968 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/Win32.Menti.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Menti Panda = Suspicious file nProtect = Trojan/W32.Vundo.83968.BY K7AntiVirus = Riskware VBA32 = AdWare.SuperJuan.heur TrendMicro-HouseCall = TROJ_GEN.R30C2HU Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Vundo.Gen McAfee-GW-Edition = Vundo!mb DrWeb = Trojan.Siggen2.56183 TrendMicro = TROJ_GEN.R30C2HU Kaspersky = Trojan.Win32.Menti.hxdt Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Menti.fam!tr PCTools = Trojan.Vundo TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Menti.bea McAfee = Vundo!mb F-Secure = Gen:Variant.Vundo.6 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Cryptic.BTF Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.6 Symantec = Trojan.Vundo!gen9 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.izc BitDefender = Gen:Variant.Vundo.6 NOD32 = a variant of Win32/Kryptik.IZC
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:05:11 05:10:22-04:00 PE Type : PE32 Linker Version : 5.0 Code Size : 33280 Initialized Data Size : 85504 Uninitialized Data Size : 0 Entry Point : 0x8eca OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.0.2920.0 Product Version Number : 5.0.2920.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Internet Connection Wizard Trial Reminder Helper File Version : 5.00.2920.0000 Internal Name : trialoc Legal Copyright : Copyright (C) Microsoft Corp. 1991-1999 Original Filename : trialoc.dll Product Name : Microsoft(R) Windows (R) 2000 Operating System Product Version : 5.00.2920.0000 Ole Self Register :
VirusTotal Report submitted 2012-06-23 05:00:38
VirusShare info last updated 2012-07-26 13:02:15

	MD5	3ab53bb85abb19438f5ff0d0a777ae16
	SHA1	1eeec7a97a6392fd3d470c1b37186db0c860f42a
	SHA256	c42503ea6ac3a53c6dd4021d825e6f5742207b363f42367ff5224a94c47ff4e6
SSDeep	3072:ol7Vt2ChrKgCWf3Dtf3HVsMBCxn5R8ZEXz:QUErssD1VLBCp5cE
Size	102400 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.102400.AV Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/win32.agent.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Gen Panda = Trj/CI.A Rising = Trojan.Win32.Generic.12477A1D nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!dVBB5uiV/Zo TrendMicro-HouseCall = TROJ_GEN.R4FC2CV Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Heuristic.BehavesLike.Win32.Suspicious.H TrendMicro = TROJ_GEN.R4FC2CV Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Vundo.HP!tr PCTools = Trojan.Gen McAfee = Vundo!hp F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-EI [Cryp] F-Prot = W32/Virtumonde.BZ.gen!Eldorado AVG = Generic24.AAHZ Norman = W32/Smalltroj.ZJJX Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.BZ.gen!Eldorado BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.GND
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:04:08 08:39:21-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 51200 Initialized Data Size : 86528 Uninitialized Data Size : 0 Entry Point : 0xd651 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 3.2.0.27 Product Version Number : 3.2.0.27 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : File Description : TSHOOT Module File Version : 3.2.0.27 Internal Name : TSHOOT Legal Copyright : Copyright 2000 Legal Trademarks : OLE Self Register : Original Filename : TSHOOT.DLL Private Build : Product Name : TSHOOT Module Product Version : 3.2.0.27 Special Build :
VirusTotal Report submitted 2011-09-12 15:14:50
VirusShare info last updated 2012-07-26 13:03:19

	MD5	61348a8bd29c537c4058851e897ffa97
	SHA1	b410032a759da431807b44151d6e69dbf10cdc0d
	SHA256	20257cbc9f8777c495526bed63fcaeea5091557d3488ef294e6387b9dc631955
SSDeep	1536:cHNv7NegBYUhirXQCK/blh6iOyKDr2hYtMU7N7YwR3:yhYUdrlc2K5L
Size	98304 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-GD [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder K7AntiVirus = Riskware VirusBuster = Trojan.Monder!R2ibkYsSE3w TrendMicro-HouseCall = TROJ_GEN.R3FC2GK Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Monder.mswu McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.WinSpy.1558 TrendMicro = TROJ_GEN.R3FC2GK Kaspersky = Trojan.Win32.Monder.mswu Microsoft = Trojan:Win32/Vundo.gen!AV ViRobot = Trojan.Win32.A.Monder.98304.T Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Monder.abef McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CD.gen!Eldorado AVG = Generic22.ZNK Norman = W32/Troj_Generic.SYNZ Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CD.gen!Eldorado TheHacker = Trojan/Kryptik.ndi BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.NDI
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:06:30 10:11:52-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 20480 Initialized Data Size : 110592 Uninitialized Data Size : 0 Entry Point : 0x20c9 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7000.0 Product Version Number : 6.1.7000.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Ttbmtwjsq Magziqauxla File Description : Zwgmzsaid Base Smart Card Crypto Provider File Version : 6.1.7000.0 (winmain_win7beta.081212-1400) Internal Name : basecsp.dll Legal Copyright : © Vrznvwwzv Dboyduehdmp. All rights reserved. Original Filename : basecsp.dll Product Name : Jbfhhzscm® Jtdaxgv® Qvisjwtag Mivnrv Product Version : 6.1.7000.0
VirusTotal Report submitted 2012-06-23 06:14:13
VirusShare info last updated 2012-07-26 13:04:13

	MD5	f12f1ffa1c3a99626cfb3d011b03338e
	SHA1	212c4be31cd84002c6aab04a1bef1e6852197ee2
	SHA256	90912578486c2922be637b23a88992bcb13415e691deb572196da57a2d3571d2
SSDeep	1536:Uysv14s61TdoaaiL5W2yLnu2k2UXl5pNn:tstn6TdotcZJ2SXl9
Size	49664 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/Win32.Menti.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Menti Panda = Suspicious file K7AntiVirus = Riskware VirusBuster = Trojan.Menti!LVguInRdUB8 VBA32 = AdWare.SuperJuan.heur TrendMicro-HouseCall = TROJ_GEN.R4FC2IH Comodo = TrojWare.Win32.Genome.~BS Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Vundo.AV6 McAfee-GW-Edition = Vundo!pw DrWeb = Trojan.Siggen2.12319 TrendMicro = TROJ_GEN.R4FC2IH Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen TotalDefense = Win32/vundo.HTO!genus Jiangmin = Trojan/Menti.qcr McAfee = Vundo!pw F-Secure = Gen:Variant.Vundo.5 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.SU AVG = Cryptic.BTF Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen Symantec = Trojan.Gen GData = Gen:Variant.Vundo.5 Commtouch = W32/Virtumonde.SU TheHacker = Trojan/Menti.hisl BitDefender = Gen:Variant.Vundo.5 NOD32 = a variant of Win32/Kryptik.JHE
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2002:08:22 22:50:22-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 6656 Initialized Data Size : 78848 Uninitialized Data Size : 0 Entry Point : 0x2654 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1.2.0.6 Product Version Number : 1.2.0.6 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Unicode Company Name : VMware, Inc. File Description : VMware SCSI Controller Driver File Version : 1.2.0.6 Internal Name : vmscsi.sys Legal Copyright : Copyright © 1998-2006 VMware, Inc. Original Filename : vmscsi.sys Product Name : VMware SCSI Controller Driver Product Version : 1.2.0.6
VirusTotal Report submitted 2012-06-25 08:16:07
VirusShare info last updated 2012-07-26 13:04:58

	MD5	bbae12d5a12a4a6076d03ff0994b9fbc
	SHA1	d9b498d8eccf35427f7183eec0aa5a245d41074c
	SHA256	22547317534dcc6ed25a7dc86a8e33c1ca3482f9b004a709c732758024540007
SSDeep	6144:dKxlWdEJxh8RXmWt8refjp/gTaYnAULYJwg9at2eP/duJr0MX6Mk8JuSRG4q:IxMdET1WCrefjKZdg9oP/gJr0LgVq
Size	404547 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.ZPACK.Gen2 Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Securisk Panda = Suspicious file nProtect = Trojan.Generic.4628625 K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_RENOS.BMC Emsisoft = Trojan.Win32.Pirminay!IK Comodo = TrojWare.Win32.Trojan.Agent.Gen CAT-QuickHeal = Win32.TrojanDownloader.Renos.KC.4 McAfee-GW-Edition = Artemis!BBAE12D5A12A TrendMicro = TROJ_RENOS.BMC Kaspersky = Trojan.Win32.Pirminay.tz Microsoft = Trojan:Win32/Meredrop Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.af McAfee = Artemis!BBAE12D5A12A F-Secure = Trojan.Generic.4628625 VIPRE = Packed.Win32.Pirminay.a (v) F-Prot = W32/FakeAlert.LP.gen!Eldorado AVG = Generic18.BKWH Norman = W32/Kryptik.AIF Sophos = Mal/Ponmocup-A Symantec = Trojan.Gen GData = Trojan.Generic.4628625 Commtouch = W32/FakeAlert.LP.gen!Eldorado BitDefender = Trojan.Generic.4628625 NOD32 = probably a variant of Win32/Agent.GPQCGDE
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:11:18 01:59:55-05:00 PE Type : PE32 Linker Version : 5.12 Code Size : 48128 Initialized Data Size : 698368 Uninitialized Data Size : 0 Entry Point : 0xc8d2 OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.0 Product Version Number : 5.2.3790.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Multicast Information File Version : 5.2.3790.0 (srv03_rtm.030324-2048) Internal Name : mrinfo.exe Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : mrinfo.exe Product Name : Microsoft® Windows® Operating System Product Version : 5.2.3790.0
VirusTotal Report submitted 2012-06-23 07:15:12
VirusShare info last updated 2012-07-26 13:05:45

	MD5	995834d90d184a871bfafcba491690e7
	SHA1	2258ef86ee2f0125f19539601064d8a6e44e010b
	SHA256	483c750573cfd72d112e6c0cfe38850b83aac5283a2d801250a2e7aa13904f91
SSDeep	1536:+ozkHTrYbJa3f0si0Pp0kgh0XjaQaBe7/H:JIrYbJacspPpfg97MD
Size	62976 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/Win32.Agent.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Dropper/Win32.Agent Panda = Suspicious file nProtect = Trojan-Dropper/W32.Agent.62976.AQ K7AntiVirus = Riskware VirusBuster = Trojan.DR.Agent!/8pCirZuy4U VBA32 = TrojanDropper.Agent.gbrv TrendMicro-HouseCall = TROJ_GEN.R72C7KB Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = TrojanDropper.Agent.gbrv McAfee-GW-Edition = Vundo!nb DrWeb = Trojan.MulDrop1.55981 TrendMicro = TROJ_GEN.R72C7KB Kaspersky = Trojan-Dropper.Win32.Agent.gbrv Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = HeurEngine.MaliciousPacker Jiangmin = TrojanDropper.Agent.baao McAfee = Vundo!nb F-Secure = Gen:Trojan.Heur.LP.du8@amVLpUo VIPRE = Virtumonde F-Prot = W32/Virtumonde.BZ.gen!Eldorado AVG = Generic25.BSEE Norman = W32/Kryptik.AIF Sophos = Mal/Generic-L GData = Gen:Trojan.Heur.LP.du8@amVLpUo Symantec = Packed.Generic.305 Commtouch = W32/Virtumonde.BZ.gen!Eldorado TheHacker = Trojan/Kryptik.nhn BitDefender = Gen:Trojan.Heur.LP.du8@amVLpUo NOD32 = a variant of Win32/Kryptik.NHN
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:06:05 19:04:02-04:00 PE Type : PE32 Linker Version : 5.12 Code Size : 55808 Initialized Data Size : 43008 Uninitialized Data Size : 0 Entry Point : 0xe807 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 8.0.50727.4927 Product Version Number : 8.0.50727.4927 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : Neutral Character Set : Unicode Comments : Microsoft.Vsa.Vb.CodeDOMProcessor.dll Company Name : Microsoft Corporation File Description : Microsoft.Vsa.Vb.CodeDOMProcessor.dll File Version : 8.0.50727.4927 Internal Name : Microsoft.Vsa.Vb.CodeDOMProcessor.dll Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : Microsoft.Vsa.Vb.CodeDOMProcessor.dll Product Name : Microsoft (R) Visual Studio (R) 2005 Product Version : 8.0.50727.4927 Assembly Version : 8.0.0.0
VirusTotal Report submitted 2011-12-03 22:44:03
VirusShare info last updated 2012-07-26 13:05:46

	MD5	f45df6ba274e231ac7341f67794495c0
	SHA1	2320812c80bf9ca44e98e4958703bb023927d448
	SHA256	a93326f8401aca55dbe16fff6fe3ddb98f8b3fc654a573f12adac1b5d297dcbf
SSDeep	3072:azkE4YH+TbCiAI++HAKdnbDRuRqfq0KrkYHDDy9ct1DS/LpV:a4q+TbCiVZHAKdS
Size	141824 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.XPACK.Gen Avast = Win32:MalOb-GD [Cryp] Antiy-AVL = Trojan/Win32.Monder.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Generic Trojan nProtect = Gen:Variant.Vundo.13 K7AntiVirus = Riskware VirusBuster = Trojan.Monder!l95HFiUO/rY VBA32 = Trojan.Monder.drjy TrendMicro-HouseCall = TROJ_SPNR.15L511 Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Artemis!F45DF6BA274E DrWeb = Trojan.Virtumod.9879 TrendMicro = TROJ_SPNR.15L511 Kaspersky = Trojan.Win32.Monder.drjy Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Monder.aamc McAfee = Artemis!F45DF6BA274E F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) eSafe = Win32.TRCrypt.XPACK F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic25.BTZJ Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.13 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Monder.drjy BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.NDF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:03:03 18:06:55-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 61440 Initialized Data Size : 114688 Uninitialized Data Size : 0 Entry Point : 0xf7fb OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.0.3000.18 Product Version Number : 5.0.3000.18 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 1 Language Code : Danish Character Set : Unicode Company Name : Brother Industries, Ltd. File Description : Brother MFC7000 driver File Version : 5.0.3000.18 (vbl_wcp_d2_drivers.060616-1619) Internal Name : brclr0.dll Legal Copyright : Copyright (C) Brother Industries, Ltd. 2002 Original Filename : brclr0.dll Product Name : Uhmnmizom® Jxxzmhm® Operativsystem Product Version : 5.0.3000.18
VirusTotal Report submitted 2011-12-13 22:44:31
VirusShare info last updated 2012-07-26 13:06:22

	MD5	b8b3721a701fb716046d212d83185ee3
	SHA1	237551399e6953f8c9e896398275815f1bbb3f9a
	SHA256	0cc2602df739f5dd02556600b3ce5268a914f168e937960f675107223a956bf5
SSDeep	6144:7Q2Iw5SDQ9d55PMbsmms/Lzf2AZbCo5adL3SuWMbRt1paS0iHYA3CwRca3:4wQk55OtTT2ARTadTSDWDjHVhca3
Size	419328 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:Vundo-JU [Trj] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Pirminay.419328.N Rising = Trojan.Win32.Generic.128EA0EB nProtect = Trojan/W32.Agent.419328.CV K7AntiVirus = Trojan VirusBuster = Trojan.Pirminay!63+rIEpcDRU VBA32 = Trojan.Pirminay.eds TrendMicro-HouseCall = TROJ_GEN.R3BCRDE Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Pirminay.eds McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.Hosts.4485 TrendMicro = TROJ_GEN.R3BCRDE Kaspersky = Trojan.Win32.Pirminay.eds Microsoft = TrojanDownloader:Win32/Renos.KC ViRobot = Trojan.Win32.A.Pirminay.419328 Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.nx McAfee = Generic Malware.ms F-Secure = Trojan.Generic.6999179 VIPRE = Trojan.Win32.Generic!BT AVG = Generic21.AUQT Norman = W32/Suspicious_Gen2.JJHVP Sophos = Troj/Virtum-Gen GData = Trojan.Generic.6999179 Symantec = Trojan.Gen TheHacker = Trojan/Pirminay.eds BitDefender = Trojan.Generic.6999179 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:11:15 20:17:28-05:00 PE Type : PE32 Linker Version : 5.12 Code Size : 45056 Initialized Data Size : 749568 Uninitialized Data Size : 0 Entry Point : 0x7fe3 OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7000.0 Product Version Number : 6.1.7000.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 2 Language Code : Neutral Character Set : Unicode Company Name : Arlrfcwxl Yhtbolnekld File Description : Sami Extended Norway Keyboard Layout File Version : 6.1.7000.0 (winmain_win7beta.081212-1400) Internal Name : kbdsmsno (3.13) Legal Copyright : © Rljwyledh Corporation. All rights reserved. Original Filename : kbdsmsno.dll Product Name : Jjmkkypfh® Nuqoesr® Ophtqmoyt Ixgmdb Product Version : 6.1.7000.0
VirusTotal Report submitted 2012-06-19 20:20:36
VirusShare info last updated 2012-07-26 13:06:35

	MD5	9300bf4c51169a80abb47bed7554dedb
	SHA1	a4e082b82d94d5c0b3c6823ed858646706450134
	SHA256	2452e962a0991bf5a7efbf50526537c957d4aa3234e10b9fa59e8be9d8738246
SSDeep	6144:Ha1N1f/ENm7YcpQbv5HhXXaDpbFhXlbR6H9LGuZhi:6P1f/B7Y+iv59Ab3l8HJ7i
Size	295082 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:Pirminay-W [Trj] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/Genetic.gen K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_GEN.R11C2FQ Emsisoft = Trojan.Win32.Pirminay!IK Comodo = TrojWare.Win32.Trojan.Agent.Gen CAT-QuickHeal = Trojan.Pirminay.raf McAfee-GW-Edition = Downloader.a!cb DrWeb = Trojan.WinSpy.1014 TrendMicro = TROJ_GEN.R11C2FQ Kaspersky = Trojan.Win32.Pirminay.raf Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.ADH Jiangmin = Trojan/Pirminay.acv McAfee = Downloader.a!cb F-Secure = Gen:Variant.Graftor.13626 VIPRE = Trojan.Win32.Generic!BT F-Prot = W32/Ponmocup.A.gen!Eldorado AVG = Dropper.Generic3.BSPK Norman = W32/Crypt.AVSS Sophos = Troj/Virtum-Gen GData = Gen:Variant.Graftor.13626 Symantec = Trojan.ADH Commtouch = W32/Ponmocup.A.gen!Eldorado TheHacker = Trojan/Pirminay.icy BitDefender = Gen:Variant.Graftor.13626 NOD32 = a variant of Win32/Injector.FXK
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:04:07 21:43:44-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 20480 Initialized Data Size : 532480 Uninitialized Data Size : 0 Entry Point : 0x28af OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Protected Storage COM interfaces File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : pstorec.dll Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : pstorec.dll Product Name : Microsoft® Windows® Operating System Product Version : 6.1.7600.16385
VirusTotal Report submitted 2012-06-23 08:17:50
VirusShare info last updated 2012-07-26 13:07:04

	MD5	d368f20bbb423e4869c798a33289e843
	SHA1	24c826bd7f208821cc355628c971671f856f0d27
	SHA256	5056a49b23ed84b842b73da3f1bd5bee74b08dce1234945dd373ac40351d5b6e
SSDeep	1536:E8T9hHX6GGcPtS9KX+x5NKGeTdGh38aZl0gkKV:E8ZhH4cFiKdTdZRgkK
Size	61440 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/Win32.Menti.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Menti Panda = Suspicious file nProtect = Trojan/W32.Agent.61440.BYZ K7AntiVirus = Riskware VBA32 = AdWare.SuperJuan.heur TrendMicro-HouseCall = TROJ_KRYPTK.SMUW Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Menti.inng SUPERAntiSpyware = Trojan.Agent/Gen-Vundo McAfee-GW-Edition = Vundo!nk DrWeb = Trojan.Siggen2.31637 TrendMicro = TROJ_KRYPTK.SMUW Kaspersky = Trojan.Win32.Menti.inng Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Generic.ctws McAfee = Vundo!nk F-Secure = Gen:Variant.Vundo.6 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Cryptic.BTF Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.6 Symantec = Trojan.Gen.2 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.jhe BitDefender = Gen:Variant.Vundo.6 NOD32 = a variant of Win32/Kryptik.JHE
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:03:24 08:50:40-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 18944 Initialized Data Size : 78336 Uninitialized Data Size : 0 Entry Point : 0x5784 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.1830 Product Version Number : 5.2.3790.1830 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 6 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : MS Remote Access and Routing ARP Driver File Version : 5.2.3790.1830 (srv03_sp1_rtm.050324-1447) Internal Name : WANARP.SYS Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : WANARP.SYS Product Name : Microsoft® Windows® Operating System Product Version : 5.2.3790.1830
VirusTotal Report submitted 2012-06-24 04:48:28
VirusShare info last updated 2012-07-26 13:07:18

	MD5	6e68598a7b56caf889d779adcb1ab1a0
	SHA1	266a10b4b83dd5dbf1e00134503b47e9b9833a26
	SHA256	f3dcd4550fe804681eae700e44598aa9f5e47814790337aa5c87bad23ee2d1ae
SSDeep	1536:0fPQt0BpecJOlAdatxeClMYHC75reG08UVaN2eakKJHrXeEaMRfJa1Q+vpVCqX+o:0LzecJOcC2YHC7l+aaxHSETRffApy1v
Size	108032 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/Win32.Menti.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Menti Panda = Trj/Genetic.gen nProtect = Gen:Variant.Renos.61 K7AntiVirus = Riskware VBA32 = AdWare.SuperJuan.heur TrendMicro-HouseCall = TROJ_GEN.R4FC3D1 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Generic.dx!xdq DrWeb = Trojan.Siggen2.29520 TrendMicro = TROJ_GEN.R4FC3D1 Kaspersky = Trojan.Win32.Menti.hewt Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.cttb McAfee = Generic.dx!xdq F-Secure = Gen:Variant.Vundo.6 VIPRE = Virtumonde F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Cryptic.BTF Norman = W32/Kryptik.AIF Sophos = Mal/EncPk-XI GData = Gen:Variant.Vundo.6 Symantec = Trojan.Gen.2 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.jhe BitDefender = Gen:Variant.Vundo.6 NOD32 = a variant of Win32/Kryptik.JHE
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:08:12 22:23:24-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 61440 Initialized Data Size : 81408 Uninitialized Data Size : 0 Entry Point : 0xfd34 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.0 Product Version Number : 5.2.3790.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : ACPI Embedded Controller Driver File Version : 5.2.3790.0 (srv03_rtm.030324-2048) Internal Name : acpiec.sys Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : acpiec.sys Product Name : Microsoft® Windows® Operating System Product Version : 5.2.3790.0
VirusTotal Report submitted 2011-12-01 05:59:05
VirusShare info last updated 2012-07-26 13:08:28

	MD5	ad1d73428f4160ce3bcfcc6c5f700313
	SHA1	0e37f37e303f216b364a6d9000bc8c4f53535a89
	SHA256	28200713fa36f9a8afe014cb71d54c875299ac71565b80592b1df4751c9a30eb
SSDeep	6144:dKxlWdEJxh8RXmWt8refjp/gTaYnAULYJwg9at2eP/duJr0MX6Mk8JuSRG4l:IxMdET1WCrefjKZdg9oP/gJr0LgVl
Size	404453 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.ZPACK.Gen2 Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Suspicious file nProtect = Trojan.Generic.4628625 K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_RENOS.BMC Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Win32.TrojanDownloader.Renos.KC.4 McAfee-GW-Edition = Artemis!AD1D73428F41 DrWeb = Trojan.Hosts.5944 TrendMicro = TROJ_RENOS.BMC Kaspersky = Trojan.Win32.Pirminay.ty Microsoft = Trojan:Win32/Vundo.gen!CD Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.af McAfee = Artemis!AD1D73428F41 F-Secure = Trojan.Generic.4628625 VIPRE = Packed.Win32.Pirminay.a (v) F-Prot = W32/FakeAlert.LP.gen!Eldorado AVG = Generic18.BKWH Norman = W32/Kryptik.AIF Sophos = Mal/Ponmocup-A GData = Trojan.Generic.4628625 Symantec = Trojan.Gen Commtouch = W32/FakeAlert.LP.gen!Eldorado BitDefender = Trojan.Generic.4628625 NOD32 = probably a variant of Win32/Agent.JIBBVRP
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:11:18 01:59:55-05:00 PE Type : PE32 Linker Version : 5.12 Code Size : 48128 Initialized Data Size : 698368 Uninitialized Data Size : 0 Entry Point : 0xc8d2 OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.0 Product Version Number : 5.2.3790.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Multicast Information File Version : 5.2.3790.0 (srv03_rtm.030324-2048) Internal Name : mrinfo.exe Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : mrinfo.exe Product Name : Microsoft® Windows® Operating System Product Version : 5.2.3790.0
VirusTotal Report submitted 2012-06-23 10:33:48
VirusShare info last updated 2012-07-26 13:09:45

	MD5	f1cd8a686a2bfdb75bd133b577154879
	SHA1	2ae4343b500079c18acf1ab20b9521c803357ed5
	SHA256	f2fc61feb09cd72f991c83ee54f6f76a71ae91741a0f3005a3146ed493ddbcd5
SSDeep	6144:WC1iaLZTc3ttvMc1C/FSbB1ampKSbPyfbxjiW:WC15ql1C/FS/ppHbP2bx+W
Size	220048 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Gendal.kdv.331827 Avast = Win32:Trojan-gen Antiy-AVL = Trojan/Win32.Agent Ikarus = Trojan-Downloader.Win32.Ponmocup AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/CI.A nProtect = Gen:Variant.Graftor.1232 K7AntiVirus = Riskware VirusBuster = Trojan.DL.Ponmocup!vO86DgttbQQ VBA32 = Trojan.Jorik.Pirminay.afy eTrust-Vet = Win32/Ponmocup.BS TrendMicro-HouseCall = TROJ_GEN.R4FC2IL Emsisoft = Trojan-Downloader.Win32.Ponmocup!IK Comodo = TrojWare.Win32.Trojan.Agent.Gen McAfee-GW-Edition = Artemis!F1CD8A686A2B ByteHero = Trojan.Win32.Heur.Gen TrendMicro = TROJ_GEN.R4FC2IL Kaspersky = Trojan.Win32.Jorik.Pirminay.aue Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Malware_fam.NB PCTools = Trojan.ADH Jiangmin = Trojan/Generic.kfzm McAfee = Artemis!F1CD8A686A2B F-Secure = Gen:Variant.Graftor.1232 VIPRE = Trojan.Win32.Generic!BT F-Prot = W32/Downldr2.IXEA AVG = Dropper.Generic4.AGTC Norman = W32/Suspicious_Gen2.RTFGQ Sophos = Troj/Swisyn-AN GData = Gen:Variant.Graftor.1232 Symantec = Trojan.ADH Commtouch = W32/Downldr2.IXEA TheHacker = Trojan/Downloader.Agent.pxo BitDefender = Gen:Variant.Graftor.1232 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 16384 Initialized Data Size : 208896 Uninitialized Data Size : 0 Entry Point : 0x12b2 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.0.0.3422 Product Version Number : 2.0.0.3422 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : Arabic Character Set : Unicode Comments : Company Name : Wjkmhcrli Smzkytjdmob File Description : Rlalnaciy Agent International Dll File Version : 2.00.0.3422 Internal Name : agt0401 Legal Copyright : Copyright (C) Microsoft Corp. 1998 Legal Trademarks : Original Filename : agt0401.dll Private Build : Product Name : Ugwfssxnv Agent International Dll Product Version : 2.00.0.3422 Special Build :
VirusTotal Report submitted 2011-11-25 04:05:24
VirusShare info last updated 2012-07-26 13:11:25

	MD5	67083a1c9805ff239d9c6fd67a6c41ea
	SHA1	2b2f25d096ba3e42777258d38aa71c33cf94effc
	SHA256	b50ab9f8df2c487391c5092fa03b78bdfa0d3cb13b7d76ee46376f50c1fa01d5
SSDeep	3072:gQjvkae3dCMmoS+15v8StDRwCuhGMovZ0a1n8DOnU0MqqDLy/enqR8b:JkaqmoZ5ESlq9GJ0jDOIqqDLue
Size	180224 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-HF [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Genome Panda = Suspicious file Rising = Trojan.Win32.Generic.1289D33E nProtect = Trojan/W32.Vundo.180224 K7AntiVirus = Riskware VBA32 = Trojan.Monder.mwhh eTrust-Vet = Win32/Vundo.HRU TrendMicro-HouseCall = TROJ_GEN.R01C7J6 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Monder.mwhh SUPERAntiSpyware = Trojan.Agent/Gen-Vundo McAfee-GW-Edition = Vundo!ml DrWeb = Trojan.MulDrop2.36782 TrendMicro = TROJ_GEN.R01C7J6 Kaspersky = Trojan.Win32.Monder.mwhh Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.orvd McAfee = Vundo!ml F-Secure = Gen:Variant.Vundo.4 VIPRE = Virtumonde eSafe = Win32.Trojan F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.KBG Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen Symantec = Trojan.Gen GData = Gen:Variant.Vundo.4 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.oxp BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.OXP
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2004:07:11 15:22:28-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 86016 Initialized Data Size : 135168 Uninitialized Data Size : 0 Entry Point : 0x119ca OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.3959 Product Version Number : 5.2.3790.3959 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Microsoft Server Appliance Services File Version : 5.2.3790.3959 (srv03_sp2_rtm.070216-1710) Internal Name : APPSRVCS.DLL Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : APPSRVCS.DLL Product Name : Microsoft® Windows® Operating System Product Version : 5.2.3790.3959
VirusTotal Report submitted 2012-04-12 02:14:02
VirusShare info last updated 2012-07-26 13:11:34

	MD5	843307b9c9b4e1fc9dd454f92ffcff6c
	SHA1	2c25baaca4feb62bd714f8ce8575b77dd58b3c0d
	SHA256	bb5f36cf210b1344cfba9e33adce52e289330a7736844224a5d64e1ecee3a638
SSDeep	6144:oJBTFnxfqx94VvcuBtjox79ItnrvFBb11Hq4tdKJ0VtfuIvflPqOz6gtzJvPfiO:cZxqIm9INrvFRjHq4TKqVR9nl1Ogt1vt
Size	368513 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Pirminay.bdm Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Pirminay.368513 Panda = Trj/Agent.OLO nProtect = Trojan/W32.Qhosts.368513 K7AntiVirus = Riskware VBA32 = SScope.Trojan.Pirminay.chc eTrust-Vet = Win32/Ponmocup.A TrendMicro-HouseCall = TROJ_GEN.R3BCRCM Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Kryp.b DrWeb = Trojan.MulDrop1.57569 TrendMicro = TROJ_GEN.R3BCRCM Kaspersky = Trojan.Win32.Pirminay.ehq Microsoft = TrojanDownloader:Win32/Renos.KC Fortinet = PossibleThreat PCTools = Trojan.Milicenso Jiangmin = Trojan/Pirminay.gm McAfee = Kryp.b ClamAV = Trojan.Agent-248228 F-Secure = Trojan.Generic.6861778 VIPRE = Trojan.Win32.Generic!BT F-Prot = W32/FakeAlert.LP.gen!Eldorado AVG = Downloader.Generic10.BDCW Norman = W32/Kryptik.AIF Sophos = Mal/Ponmocup-A GData = Trojan.Generic.6861778 Symantec = Trojan.Milicenso Commtouch = W32/FakeAlert.LP.gen!Eldorado TheHacker = Trojan/Pirminay.bdq BitDefender = Trojan.Generic.6861778 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:08:23 21:41:03-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 50176 Initialized Data Size : 590848 Uninitialized Data Size : 0 Entry Point : 0xd008 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1.0.13.0 Product Version Number : 1.0.13.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 1 Language Code : Danish Character Set : Unicode Comments : Company Name : Microsoft Corporation File Description : Lexmark 5700 Color Jetprinter File Version : 1, 0, 13, 0 Internal Name : LXMASRES.DLL Legal Copyright : Copyright (C) Microsoft Corp. 1981-1997 Legal Trademarks : Original Filename : OEMRES Private Build : Product Name : Microsoft(R) Windows NT(R) Operativsystem Product Version : 1, 0, 13, 0 Special Build :
VirusTotal Report submitted 2011-12-01 06:10:37
VirusShare info last updated 2012-07-26 13:12:09

	MD5	465d0c61dfed5a53194e9d28db94c7e0
	SHA1	2ceb2ecf200175fbe2856619d5e855b76d7ed24d
	SHA256	1aad94d491b3d2f2927a6205ea5b194b7d9cc59ff304a1cd60f7463f74ec4ade
SSDeep	1536:FJDAFWyj5lHIkNCvd2a2dxlMVUNmjnRPZLhNyMZcUJBmBZXTdOTRmN:zDAlldTMVdnTLhNJlWndOTRmN
Size	94720 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.94720.AV.2 Avast = Win32:Rootkit-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Vundo Panda = Suspicious file Rising = Trojan.Win32.Generic.12497C72 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!Vl+R39b4lt8 TrendMicro-HouseCall = TROJ_GEN.R30C2D6 Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Vundo.av TrendMicro = TROJ_GEN.R30C2D6 Microsoft = Trojan:Win32/Vundo.gen!AV PCTools = Trojan.Vundo.B!rem F-Secure = Gen:Variant.Vundo.13 VIPRE = Virtumonde Prevx = High Risk Fraudulent Security Program Avast5 = Win32:Rootkit-gen F-Prot = W32/Virtumonde.BZ.gen!Eldorado Symantec = Trojan.Vundo.B GData = Gen:Variant.Vundo.13 Commtouch = W32/Virtumonde.BZ.gen!Eldorado BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.HHF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:31 15:09:55-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 49152 Initialized Data Size : 81408 Uninitialized Data Size : 0 Entry Point : 0xcf23 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 2 Language Code : Neutral Character Set : Unicode Company Name : Microsoft Corporation File Description : Greek IBM 319 Keyboard Layout File Version : 6.0.6000.16386 (vista_rtm.061101-2205) Internal Name : kbdhe319 (3.13) Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : kbdhe319.dll Product Name : Microsoft® Windows® Operating System Product Version : 6.0.6000.16386
VirusTotal Report submitted 2011-04-13 20:31:22
VirusShare info last updated 2012-07-26 13:12:39

	MD5	3fb9ec704947fb6c4641bf8a9d40e5de
	SHA1	2d05a27818b1b8b030c843568f2660db22f9c522
	SHA256	daf92507c15cc6f2b3369d2c405701e9ce1549abce77674c6784d9b2747fdb70
SSDeep	3072:tXt/ehVAcR4enPgAFi4b93qg2el4MqqDLy/B5kS:t9XcR4eP24xQAqqDLuZ
Size	136704 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-HF [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Fakeav.136704.AN Panda = Trj/CI.A K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_GEN.R4FC2IL Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falleg[RE] McAfee-GW-Edition = Artemis!3FB9EC704947 DrWeb = Trojan.Virtumod.10084 TrendMicro = TROJ_GEN.R4FC2IL Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.ineh McAfee = Artemis!3FB9EC704947 F-Secure = Gen:Variant.Graftor.671 F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.DKB Norman = W32/Suspicious_Gen2.RNQTK Sophos = Mal/Generic-L Symantec = Trojan.Gen GData = Gen:Variant.Graftor.671 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.myj BitDefender = Gen:Variant.Graftor.671 NOD32 = a variant of Win32/Kryptik.MYJ
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:20 09:51:04-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 106496 Initialized Data Size : 86016 Uninitialized Data Size : 0 Entry Point : 0x1649a OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 0.90.16.16384 Product Version Number : 0.90.16.16384 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Unicode Company Name : N-trig Innovative Technologies File Description : N-trig tablet digitizer in-box driver File Version : 0.90.16.16384 (Vista_RC1.060509-2219) Internal Name : ntrigdigi.sys Legal Copyright : © Crhnesmrg Reogypswwyj. All rights reserved. Original Filename : ntrigdigi.sys Product Name : N-trig tablet digitizer in-box driver Product Version : 0.90.16.16384
VirusTotal Report submitted 2011-10-27 14:29:56
VirusShare info last updated 2012-07-26 13:12:44

	MD5	90a2fb3963880adfa68216655cc21145
	SHA1	0293f9d9372e898e428ac0d16fbacf432e9d4e88
	SHA256	2deb3a5a238032808899c11e7c84ee75f49f3bb262b3592e58d83e361e19dc94
SSDeep	1536:mN1FCQ5ZbNI8l5+PyGW4J5Emljy8LMfFuIkE6LqzKJFolF:Y1FCuj+Kxorjy8LM9uIeq4ol
Size	84480 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Trj/CI.A nProtect = Trojan/W32.Vundo.84480.CH K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!nLRcnvoupJc TrendMicro-HouseCall = TROJ_GEN.R30CCAH Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Vundo.av McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.Click1.62091 TrendMicro = TROJ_GEN.R30CCAH Kaspersky = Trojan.Win32.Genome.adwcb Microsoft = Trojan:Win32/Vundo.gen!AV ViRobot = Trojan.Win32.A.Monder.84480.A Fortinet = W32/Monder.BMF!tr PCTools = Trojan.Vundo TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Genome.ahrx McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CP.gen!Eldorado AVG = Generic22.AQUW Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.13 Symantec = Trojan.Vundo!gen9 Commtouch = W32/Virtumonde.CP.gen!Eldorado BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.NPR
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:19 17:14:22-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 32768 Initialized Data Size : 94208 Uninitialized Data Size : 0 Entry Point : 0x53fa OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 2 Language Code : Neutral Character Set : Unicode Company Name : Uzjxjtqkw Epvlszlvwob File Description : Greek IBM 220 Latin Keyboard Layout File Version : 5.1.2600.0 (pbtplamy.010817-1148) Internal Name : kbdhela2 (3.11) Legal Copyright : © Ofnhryavz Corporation. All rights reserved. Original Filename : kbdhela2.dll Product Name : Uohmfwwoi® Krgzgdq® Nnxucdiph Gnusyd Product Version : 5.1.2600.0
VirusTotal Report submitted 2012-06-23 13:22:41
VirusShare info last updated 2012-07-26 13:13:22

	MD5	70bd0ccb6884d79d98e83b35ebd523ce
	SHA1	2ed54ebbf04e0f1ae34d091d6a77d6af4bea8279
	SHA256	999dd738275ee1836cfb7efdbff8845f6f6d30abaaf7b735b04ee3664825f2f0
SSDeep	3072:dEm8QRlA3aNkRAcTddoNxARag44LJ3Jh9ypXcdJ9XfUfCwhw:dESe/qxJspJip
Size	127488 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Pirminay.air Avast = Win32:Malware-gen Antiy-AVL = Trojan/win32.agent.gen Ikarus = Gen.Variant.Vundo AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/Sinowal.WXO Rising = Trojan.Win32.Generic.1253726C nProtect = Trojan/W32.Pirminay.127488 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!M+qL/8LYwjQ VBA32 = Trojan.Pirminay.jxo TrendMicro-HouseCall = TROJ_GEN.R4FC3DT Emsisoft = Gen.Variant.Vundo!IK McAfee-GW-Edition = Generic.dx!xda DrWeb = Trojan.Siggen2.15308 TrendMicro = TROJ_GEN.R4FC3DT Kaspersky = UDS:DangerousObject.Multi.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Dx.XDA!tr PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.ff McAfee = Generic.dx!xda F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:Malware-gen F-Prot = W32/Virtumonde.BZ.gen!Eldorado AVG = Generic24.AALA Norman = Pirminay.A Sophos = Mal/Generic-L GData = Gen:Variant.Vundo.13 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.BZ.gen!Eldorado BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.HNY
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:10:24 13:20:26-04:00 PE Type : PE32 Linker Version : 5.12 Code Size : 52736 Initialized Data Size : 108544 Uninitialized Data Size : 0 Entry Point : 0xdbfd OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.1830 Product Version Number : 5.2.3790.1830 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : System Information File Version : 5.2.3790.1830 (srv03_sp1_rtm.050324-1447) Internal Name : msinfo32.exe Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : msinfo32.exe Product Name : Microsoft® Windows® Operating System Product Version : 5.2.3790.1830
VirusTotal Report submitted 2011-09-13 09:32:23
VirusShare info last updated 2012-07-26 13:14:01

	MD5	e3251170a2b216c2b513b9ebc1a245aa
	SHA1	f445042597eab2a1022d8f9aaf0ace9be0944c10
	SHA256	2eddd5d274774b8b474669cd040e9f568406a93cf4fc75b9c4c57870697537c7
SSDeep	6144:8nE2HSt0+8cBpT9bhxpUcj8wkZn+i4RWwBa1bXc87QkJD9bbKN52dSjsKPA:8+t0+9zb38wkBJa4r5x3j9F
Size	356962 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Suspicious file nProtect = Trojan.Generic.5782924 K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_GEN.R11C2FD Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Pirminay.low McAfee-GW-Edition = Artemis!E3251170A2B2 DrWeb = Trojan.DownLoader5.32337 TrendMicro = TROJ_GEN.R11C2FD Kaspersky = Trojan.Win32.Pirminay.low Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.sc McAfee = Artemis!E3251170A2B2 F-Secure = Trojan.Generic.5782924 VIPRE = Trojan.Win32.Generic!BT AVG = Generic21.CMBT Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Trojan.Generic.5782924 Symantec = Trojan.Gen TheHacker = Trojan/Pirminay.eux BitDefender = Trojan.Generic.5782924 NOD32 = a variant of Win32/Kryptik.LLT
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:10 15:41:38-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 73728 Initialized Data Size : 544768 Uninitialized Data Size : 0 Entry Point : 0xebcf OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : ActiveX Data Objects Resources File Version : 6.0.6000.16386 (vista_rtm.061101-2205) Internal Name : msader15.dll Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : msader15.dll Product Name : Microsoft® Windows® Operating System Product Version : 6.0.6000.16386
VirusTotal Report submitted 2012-06-23 13:46:12
VirusShare info last updated 2012-07-26 13:14:03

	MD5	3f1db4985c2f7ca71353eb88dc172f0d
	SHA1	2f4a20412a53e32f80aa448cdb0298351835f50e
	SHA256	7c4c5993535f163a5bd073deafa12817fbfa59d932839eb5d424496576d18ac6
SSDeep	1536:38aQ5QjCD/sntOeEbaGpYj5Uwj/JFXcCBz8HZIFuUY2Z:38aQ5QjCD/sVEYj5UwjzMKzPFrY2Z
Size	69632 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Packed/Win32.Generic Panda = Suspicious file Rising = Trojan.Win32.Generic.12A1EFC0 nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware VirusBuster = Trojan.Vundo!TpE8EIDxH1E TrendMicro-HouseCall = TROJ_GEN.R72C2CI Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Vundo!im DrWeb = Trojan.WinSpy.1441 TrendMicro = TROJ_GEN.R72C2CI Kaspersky = Trojan.Win32.Monder.nbks Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = HeurEngine.MaliciousPacker Jiangmin = Trojan/Generic.qrbu McAfee = Vundo!im F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.BZ.gen!Eldorado AVG = Generic21.AVKE Norman = W32/Kryptik.AIF Sophos = Mal/Generic-L GData = Gen:Variant.Vundo.4 Symantec = Packed.Generic.305 Commtouch = W32/Virtumonde.BZ.gen!Eldorado BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.GND
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:02:10 06:48:56-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 26624 Initialized Data Size : 78336 Uninitialized Data Size : 0 Entry Point : 0x76b1 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Microsoft Fax Print Monitor File Version : 6.0.6000.16386 (vista_rtm.061101-2205) Internal Name : FXSMON.DLL Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : FXSMON.DLL Product Name : Microsoft® Windows® Operating System Product Version : 6.0.6000.16386
VirusTotal Report submitted 2011-11-24 11:54:00
VirusShare info last updated 2012-07-26 13:14:16

	MD5	141d6bfd3b1aee44074673ea1da43bd1
	SHA1	3217446fbe1b196b3d23dda8b620fe5b9d356851
	SHA256	85c1e29c8faf118fec36de857d6c2151170d649978da948db362333b054907b3
SSDeep	6144:oKUmkyrqW43X82MBJliNoQ2pZKrqXkrWG5EIFduY2HN6kvUWVcW+Rx:o4Jrql83HiWcJrWKzFd52HtqRx
Size	414251 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Pirminay.gqa Avast = Win32:Vundo-JU [Trj] Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/CI.A K7AntiVirus = Riskware VirusBuster = Trojan.Agent!ApHO/Gjh4SE TrendMicro-HouseCall = TROJ_GEN.R11C2FB Comodo = TrojWare.Win32.Trojan.Agent.Gen Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Faldesc[RE] McAfee-GW-Edition = Downloader.a!s TrendMicro = TROJ_GEN.R11C2FB Kaspersky = Trojan.Win32.Pirminay.oov Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.aai McAfee = Downloader.a!s F-Secure = Trojan.Generic.5910408 VIPRE = Trojan.Win32.Generic!BT F-Prot = W32/Ponmocup.A.gen!Eldorado AVG = Generic22.AOJJ Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Trojan.Generic.5910408 Symantec = Trojan.Gen Commtouch = W32/Ponmocup.A.gen!Eldorado TheHacker = Trojan/Pirminay.gpt BitDefender = Trojan.Generic.5910408 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2004:08:14 16:02:39-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 393216 Initialized Data Size : 376832 Uninitialized Data Size : 0 Entry Point : 0x5d13f OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.0.0.3422 Product Version Number : 2.0.0.3422 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : Rwpzfnuen Ixenjcpailv File Description : Tuqoacgjy Character Animation Data Provider File Version : 2.00.0.3422 Internal Name : AgentDataProvider2 Legal Copyright : Copyright (C) Wdwyviyca Corp. 1997-98 Legal Trademarks : Original Filename : AgentDp2.dll Private Build : Product Name : Iwfmdayhn Character Animation Data Provider Product Version : 2.00.0.3422 Special Build :
VirusTotal Report submitted 2011-11-28 20:32:37
VirusShare info last updated 2012-07-26 13:16:09

	MD5	76912b7816ba21951a3a083277a7eba5
	SHA1	339952f5e25f973a142e0ac01f14837086f892a5
	SHA256	44affddb49abc9f4ad4bd258a83afa7a7a5c81abfe3f3ab47a3f3ac4611aacc1
SSDeep	6144:rHpG/keYEuHk0Wll0GwgkfUT0QgIJitfZkrvoh6son/JFYlN:rHAseYE30WlwcQRGiYjo0n
Size	305664 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Spy.305664.30 Avast = Win32:Spyware-gen Antiy-AVL = Trojan/Win32.Swisyn.gen Ikarus = Trojan.Win32.Pirminay Panda = Suspicious file nProtect = Trojan/W32.Pirminay.305664 K7AntiVirus = Trojan Authentium = W32/Trojan2.NDVV VBA32 = Trojan.Pirminay.ka TrendMicro-HouseCall = TROJ_GEN.R2FE1HS Emsisoft = Trojan.Win32.Pirminay!IK Comodo = TrojWare.Win32.Trojan.Agent.Gen CAT-QuickHeal = Trojan.Pirminay.ka McAfee-GW-Edition = Heuristic.BehavesLike.Win32.Suspicious.H DrWeb = Trojan.Hosts.1324 TrendMicro = TROJ_GEN.R2FE1HS Kaspersky = Trojan.Win32.Pirminay.ka Microsoft = TrojanDownloader:Win32/Renos.KC Fortinet = W32/Pirminay.KA!tr PCTools = Trojan.Gen Sunbelt = Trojan.Win32.Generic!SB.0 Jiangmin = Trojan/Pirminay.ad McAfee = Generic.dx!tpu F-Secure = Gen:Trojan.Heur.RP.sq0@aWgbIVoi Avast5 = Win32:Spyware-gen F-Prot = W32/Trojan2.NDVV AVG = Generic18.BTKP Norman = W32/Obfuscated.L Sophos = Mal/Generic-L Symantec = Trojan.Gen GData = Gen:Trojan.Heur.RP.sq0@aWgbIVoi TheHacker = Trojan/Pirminay.ka BitDefender = Gen:Trojan.Heur.RP.sq0@aWgbIVoi NOD32 = probably a variant of Win32/Agent.BBXKVHS
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:11 15:34:01-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 28672 Initialized Data Size : 550400 Uninitialized Data Size : 0 Entry Point : 0x7cac OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : MsCtfMonitor DLL File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : MsCtfMonitor Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : MsCtfMonitor.DLL Product Name : Microsoft® Windows® Operating System Product Version : 6.1.7600.16385 Ole Self Register :
VirusTotal Report submitted 2010-09-24 02:48:00
VirusShare info last updated 2012-07-26 13:17:13

	MD5	9d2fab92406a1b92ae9772b9dc43b3ac
	SHA1	34e83cc55156b8537302996550ab00dc55f89073
	SHA256	10e65c2784f76dd03e1f77c0d32b518a03b75ac485133441d4f34af9f08234ce
SSDeep	3072:iUVRAMU838zM97tu1G31fyu5o0MqqDLy/L4SV8:9VH8zqha8mqqDLuVV8
Size	118784 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-HH [Cryp] Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Genome Panda = Trj/Genetic.gen nProtect = Gen:Variant.Vundo.16 K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_GEN.R4FC2IE Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Kundo McAfee-GW-Edition = Artemis!9D2FAB92406A DrWeb = Trojan.Click1.63787 TrendMicro = TROJ_GEN.R4FC2IE Kaspersky = Trojan.Win32.Genome.wpzj Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen McAfee = Artemis!9D2FAB92406A F-Secure = Gen:Variant.Vundo.16 VIPRE = Virtumonde F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.AGKM Norman = W32/Suspicious_Gen2.QTSHC Sophos = Troj/Virtum-Gen Symantec = Trojan.Gen GData = Gen:Variant.Vundo.16 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Genome.srdh BitDefender = Gen:Variant.Vundo.16 NOD32 = probably a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:16 03:31:27-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 40960 Initialized Data Size : 118784 Uninitialized Data Size : 0 Entry Point : 0x6ec2 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1998.11.13.0 Product Version Number : 7.0.6.23 File Flags Mask : 0x003f File Flags : (none) File OS : Win16 Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Windows, Latin1 Platform : Windows Company Name : Microsoft Corporation File Description : SQL Client Configuration Utility. File Version : 1998.11.13 Internal Name : CLICONFG. Legal Copyright : Copyright © Microsoft Corp. 1988-1998 Legal Trademarks : Microsoft® is a registered trademark of Microsoft Corporation. Windows(TM) is a trademark of Microsoft Corporation Original Filename : CLICONFG.EXE. Product Name : Microsoft SQL Server Product Version : 7.00.623 Comments : Windows
VirusTotal Report submitted 2011-11-15 04:39:52
VirusShare info last updated 2012-07-26 13:18:08

	MD5	3bf753868fd4e344e64fd219a402b530
	SHA1	351c57dde773d753645c63c342de2fc98686a31f
	SHA256	f4a491f5445d65cb6e075a393317d2d809d4b09010a0807e1bb17911ca0832f9
SSDeep	6144:abQJLHL1MXfeM2hxBUhs2NjuSOCQ4pR8I/qiOEK7lkYq2Tl:pFHWXfl2hxBm5NCnATvqiOE8Nl
Size	360851 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:Vundo-JU [Trj] Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Generic Trojan nProtect = Gen:Variant.Riern.1 K7AntiVirus = Riskware VirusBuster = Trojan.DL.Agent!qW5ggLgTYDo VBA32 = Trojan.Pirminay.orm TrendMicro-HouseCall = TROJ_SPNR.15KL11 Emsisoft = Trojan.Win32.Pirminay!IK Comodo = TrojWare.Win32.Trojan.Agent.Gen CAT-QuickHeal = Trojan.Pirminay.orm McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.DownLoader5.2497 TrendMicro = TROJ_SPNR.15KL11 Kaspersky = Trojan.Win32.Pirminay.orm Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.ADH Jiangmin = Trojan/Generic.gtgo McAfee = Generic Malware.ms F-Secure = Gen:Variant.Riern.1 VIPRE = Trojan.Win32.Generic!BT F-Prot = W32/Ponmocup.A.gen!Eldorado AVG = SHeur3.CBBK Norman = W32/Suspicious_Gen2.RHSRJ Sophos = Mal/Generic-L GData = Gen:Variant.Riern.1 Symantec = Trojan.ADH.2 Commtouch = W32/Ponmocup.A.gen!Eldorado TheHacker = Trojan/Pirminay.hqn BitDefender = Gen:Variant.Riern.1 NOD32 = probably a variant of Win32/TrojanDownloader.Agent.MOCPWJD
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:11:01 03:17:06-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 24576 Initialized Data Size : 651264 Uninitialized Data Size : 0 Entry Point : 0x365f OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.1716.0 Product Version Number : 5.2.1716.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Agiivkwja Wzqdjywtvjq File Description : Message Queuing Trigger Generic Object File Version : 5.2.1716.0 (srv03_rtm.030324-2048) Internal Name : MQGENTR.DLL Legal Copyright : © Twmqsmopf Dhfwrhcyzqz. All rights reserved. Original Filename : MQGENTR.DLL Product Name : Ybaobmzwl® Yauhzsb® Lrhggkauz Ajtpqr Product Version : 5.2.1716.0
VirusTotal Report submitted 2011-11-29 17:30:15
VirusShare info last updated 2012-07-26 13:18:15

	MD5	a95f91bb1794ea865102f5a2c99649ae
	SHA1	37d76a23f8e30f751d0cfa5d959114b645083abb
	SHA256	788f401fd23d05cd3c4527d022ff075d30badd06a68ffd958b480590551ae51b
SSDeep	3072:3EJgLtlkF8qwO8B9HjRzRRkyBo+jIOUPid79/Q4FOZUBNo+3B5XdnqTcSBXuZaJv:36YqwO8B5JV6uWE7K4oZh+3BfqpXyYv
Size	212044 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Jorik Ikarus = Trojan-Downloader.Win32.Ponmocup AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/CI.A nProtect = Gen:Variant.Graftor.1139 K7AntiVirus = Riskware VirusBuster = Trojan.DL.Agent!vMKq//i+FVk VBA32 = TrojanDownloader.Agent.pxo TrendMicro-HouseCall = TROJ_GEN.R4FC8J2 Emsisoft = Trojan-Downloader.Win32.Ponmocup!IK McAfee-GW-Edition = Generic Malware.ms ByteHero = Trojan.Win32.Heur.Gen TrendMicro = TROJ_GEN.R4FC8J2 Kaspersky = Trojan.Win32.Jorik.Pirminay.asr Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Malware_fam.NB PCTools = Trojan.ADH Jiangmin = Trojan/Generic.kkfx McAfee = Generic Malware.ms F-Secure = Trojan.Generic.6460712 VIPRE = Trojan.Win32.Generic!BT AVG = Dropper.Generic4.AGDM Norman = W32/Suspicious_Gen2.ROOAY Sophos = Mal/Generic-L GData = Trojan.Generic.6460712 Symantec = Trojan.ADH TheHacker = Trojan/Downloader.Agent.pxo BitDefender = Trojan.Generic.6460712 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 16384 Initialized Data Size : 200704 Uninitialized Data Size : 0 Entry Point : 0x12be OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7000.0 Product Version Number : 6.1.7000.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Lnzncvdps Dyxwvkczndo File Description : WMI Dhkynkc Job Object Provider File Version : 6.1.7000.0 (winmain_win7beta.081212-1400) Internal Name : wmipjobj.dll Legal Copyright : © Onyknlrpy Dxlxzkzgeic. All rights reserved. Original Filename : wmipjobj.dll Product Name : Ffqbxqiis® Eomgcos® Fltcyfwrt Szilgn Product Version : 6.1.7000.0
VirusTotal Report submitted 2011-10-30 03:07:05
VirusShare info last updated 2012-07-26 13:20:10

	MD5	d9252941a94ee0e84f7625aed037e844
	SHA1	37e386d5ac0fe56180cbd504f8305f992adfa897
	SHA256	4120a9517ace032ac992dda1bbe58061598e1d3cfcb3831b6e4c21559f4201a4
SSDeep	3072:FRjtcxCpK5kU1qwZpMYqz6SfdCW35PaTXALUlKrln5INXu:/jWm4Hqz66CW35Pi0lp5Ihu
Size	147456 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.aba.1 Avast = Win32:MalOb-GD [Cryp] Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Genome Panda = Trj/CI.A nProtect = Trojan/W32.Agent.147456.AML K7AntiVirus = Riskware VirusBuster = Trojan.Genome!ZCpmQwFFS3g TrendMicro-HouseCall = TROJ_GEN.R4FC2IG Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Genome.weyu McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.Click1.64115 TrendMicro = TROJ_GEN.R4FC2IG Kaspersky = Trojan.Win32.Genome.weyu Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Monder.DRJY!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Genome.amdj McAfee = Generic Malware.ms F-Secure = Trojan.Vundo.6795 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.AUWS Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen Symantec = Trojan.Gen GData = Trojan.Vundo.6795 Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Trojan.Vundo.6795 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:05:14 23:57:04-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 98304 Initialized Data Size : 81920 Uninitialized Data Size : 0 Entry Point : 0x155fd OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.3959 Product Version Number : 5.2.3790.3959 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Nrduwfqtk Zcxcnlznnfx File Description : Run a DLL as an App File Version : 5.2.3790.3959 (srv03_sp2_rtm.070216-1710) Internal Name : rundll Legal Copyright : © Oppsyznlf Ngnfzwdhwyk. All rights reserved. Original Filename : RUNDLL.EXE Product Name : Cesyqfpir® Hgjoaqk® Jrugksejc Oujgct Product Version : 5.2.3790.3959
VirusTotal Report submitted 2012-06-23 21:17:20
VirusShare info last updated 2012-07-26 13:20:13

	MD5	8fa0411c16a582b66033e8415b056a9d
	SHA1	386c58d60e9b8a491eac928941d14ff22ea2412c
	SHA256	646814b24fa30aba518b7a2bd5561d31aecfce7473e4ae098eb9644d20774ee6
SSDeep	1536:GiQxYMK9jqfRqA3xudicKPfsogApxgxtWy:LQx8jqfkA3odhKXAc8W
Size	102400 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-GD [Cryp] Antiy-AVL = Trojan/win32.agent.gen Ikarus = Trojan.Win32.Pirminay Panda = Trj/CI.A K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_GEN.R4FC2IF Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Artemis!8FA0411C16A5 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen McAfee = Artemis!8FA0411C16A5 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Win32:MalOb-GD Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado NOD32 = a variant of Win32/Kryptik.NDF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:06:22 16:11:05-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 16384 Initialized Data Size : 114688 Uninitialized Data Size : 0 Entry Point : 0x4581 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 0.3.1536.0 Product Version Number : 1.0.2.82 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : CANON INC. File Description : Canon Inkjet Printer Driver File Version : 1.00.2.82 (vbl_wcp_d2_drivers.060831-0027) Internal Name : CNBSMSD.DLL Legal Copyright : Copyright CANON INC. 2006 All Rights Reserved Original Filename : CNBSMSD.DLL Product Name : Canon Inkjet Printer Driver Product Version : 1.00.2.82
VirusTotal Report submitted 2011-10-20 15:17:19
VirusShare info last updated 2012-07-26 13:20:39

	MD5	a018a81bcc13ba38291f657a332e38ff
	SHA1	3a3732de6836a742a84ccf3b378c9b3d77ee86eb
	SHA256	aedfcb1196c48dfad9a79f49d9ebfb6e5a1dd5a618c9a115c1a338d6cc10cad4
SSDeep	1536:DrKdj2IOiK+eZisz8sbWc5a1d+NtpfbSF4om93AXJ4TBziafnlV:DmdjHczecfpmi9w6NLnlV
Size	77824 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.307200 Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/Win32.Monder.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Vundo Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.13 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!TM5+UjnsxsU eTrust-Vet = Win32/Monder.A!generic TrendMicro-HouseCall = TROJ_GEN.R4FC7K2 Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Artemis!A018A81BCC13 DrWeb = Trojan.Virtumod.10270 TrendMicro = TROJ_GEN.R4FC7K2 Kaspersky = Trojan.Win32.Monder.mzxk Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen McAfee = Artemis!A018A81BCC13 F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.YLY Sophos = Troj/Virtum-Gen Symantec = Trojan.Gen GData = Gen:Variant.Vundo.13 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.ndi BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.NDI
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:11:12 19:46:07-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 28672 Initialized Data Size : 90112 Uninitialized Data Size : 0 Entry Point : 0x4885 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.1.1.51 Product Version Number : 2.1.1.51 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : Hewlett-Packard Company File Description : hpboidPS Module Internal Name : Proxy stub for status server Legal Copyright : Copyright © 2006, 2007 Hewlett-Packard Company Legal Trademarks : OLE Self Register : File Version : 2,1,1,51 Original Filename : hpboidps.DLL Private Build : Product Name : Bidi (Missile) User Mode Product Version : 2,1,1,51 Special Build :
VirusTotal Report submitted 2011-11-13 01:33:48
VirusShare info last updated 2012-07-26 13:22:00

	MD5	cc678c69a0b4a8fc0e22d4ccdd34851d
	SHA1	25b014e4d70d4857d12ce38d8fc531aa78e6327a
	SHA256	3b4721bf28a0fecc289475cd76f261095a033681573f8aec7b3fe3e66ce9ee81
SSDeep	1536:rT4vQKXblHy+5Rq3a8tKYsybetswOcdXDB64kEbHtLc0ZnKGp9:X4rblp5ZeMhZOcdXDMaI0Zlp
Size	84480 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/Win32.Menti.gen Ikarus = Trojan.Win32.Pirminay Panda = Suspicious file nProtect = Trojan/W32.Menti.84480.B K7AntiVirus = Riskware VBA32 = AdWare.SuperJuan.heur TrendMicro-HouseCall = TROJ_GEN.R4FC2GB Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Kryptik McAfee-GW-Edition = Artemis!CC678C69A0B4 DrWeb = Trojan.Hosts.4846 TrendMicro = TROJ_GEN.R4FC2GB Kaspersky = Trojan.Win32.Menti.herb Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Menti.cpa McAfee = Artemis!CC678C69A0B4 F-Secure = Gen:Variant.Vundo.6 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Cryptic.BTF Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.6 Symantec = Trojan.Gen.2 Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Gen:Variant.Vundo.6 NOD32 = a variant of Win32/Kryptik.JHE
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:11:16 06:26:58-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 38400 Initialized Data Size : 82944 Uninitialized Data Size : 0 Entry Point : 0xa2f4 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.5512 Product Version Number : 5.1.2600.5512 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Internet Print Provider DLL File Version : 5.1.2600.5512 (xpsp.080413-0852) Internal Name : inetpp.dll Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : inetpp.dll Product Name : Microsoft® Windows® Operating System Product Version : 5.1.2600.5512
VirusTotal Report submitted 2012-06-23 18:42:49
VirusShare info last updated 2012-07-26 13:22:41

	MD5	7e03a86b7369a8b0c5ae6d724d0ec0a9
	SHA1	3c93a19b1207d1f692c0e4e43878ec0d27e62268
	SHA256	5a7d732ea6267049c7e8c2ca13859c7214cc1ee03633e42f1cb46a78fdf2db73
SSDeep	3072:XNWUizsj1uHRvy6thMLDC4094xe0JuJxY5Pohdq0IFDpdbEUh9HBklHuIM:XITsj1yRyiWL+D5hdmDp5j9ClH
Size	166400 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Renos.16640061.2 Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/Win32.Monder.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Suspicious file nProtect = Gen:Variant.Renos.61 K7AntiVirus = Riskware VBA32 = AdWare.SuperJuan.aaao TrendMicro-HouseCall = TROJ_GEN.R26C1KB Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Generic.dx!zck DrWeb = Trojan.Virtumod.10389 TrendMicro = TROJ_GEN.R26C1KB Kaspersky = Trojan.Win32.Monder.nakw Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.jsnd McAfee = Generic.dx!zck F-Secure = Gen:Variant.Renos.61 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Cryptic.BTF Norman = W32/Suspicious_Gen2.MFFYR Sophos = Troj/Virtum-Gen Symantec = Trojan.Gen.2 GData = Gen:Variant.Renos.61 Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Gen:Variant.Renos.61 NOD32 = a variant of Win32/Kryptik.IZC
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:01:28 15:08:13-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 115712 Initialized Data Size : 83968 Uninitialized Data Size : 0 Entry Point : 0x1d0ae OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Bidispl DLL File Version : 6.0.6000.16386 (vista_rtm.061101-2205) Internal Name : bidispl.dll Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : bidispl.dll Product Name : Microsoft® Windows® Operating System Product Version : 6.0.6000.16386
VirusTotal Report submitted 2011-11-20 10:11:49
VirusShare info last updated 2012-07-26 13:23:37

	MD5	3cddaf5d8e415a1fc61b80406225b258
	SHA1	3dbc5f947e1a26dffbbc3ed6b0e859715dbe0f2b
	SHA256	b81e6c71aeb9c02b957cb9ec17df44a1f3f6baef920e2f74b6e6ed142fd5cf6a
SSDeep	1536:GesG0tYsfwEhXRISKrbBB72FimYFrU6V:GeVEYsoEdRCdB7oWo6V
Size	57856 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-HH [Cryp] Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Suspicious file nProtect = Trojan/W32.Pirminay.57856 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!skYH5iAqZdA VBA32 = Trojan.Pirminay.knz TrendMicro-HouseCall = TROJ_GEN.R4FC3DN Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Generic.dx!yet DrWeb = Trojan.WinSpy.952 TrendMicro = TROJ_GEN.R4FC3DN Kaspersky = Trojan.Win32.Pirminay.phh Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.ed McAfee = Generic.dx!yet F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.BZ.gen!Eldorado AVG = Crypt_c.CDR Norman = W32/Kryptik.AIF GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.BZ.gen!Eldorado BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.HHF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:08:26 15:09:38-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 50688 Initialized Data Size : 41984 Uninitialized Data Size : 0 Entry Point : 0xd439 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Remote Access Device DLL for modems, PADs and switches File Version : 6.0.6000.16386 (vista_rtm.061101-2205) Internal Name : RASMXS.DLL Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : RASMXS.DLL Product Name : Microsoft® Windows® Operating System Product Version : 6.0.6000.16386
VirusTotal Report submitted 2011-12-01 05:22:46
VirusShare info last updated 2012-07-26 13:24:25

	MD5	79d7be419f3d57167e78408cccc3bc2a
	SHA1	9f00d46dfa6af0e34fe04cb214824f5b3840e4ab
	SHA256	3f872e3cc0ad2d0b2701de00e467f90faf0e59c5f5b71e19ae0511f8e1046acc
SSDeep	6144:4uGzv2I+SmQDfzVnjUj5TM+HvbLNFLZ024lxeeidtxp/fQhAuLz:4zvF+SbDf5niRrv1FLZfKxeeidtH/du3
Size	261701 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:Pirminay-CU [Trj] Ikarus = Trojan.Win32.Jorik AhnLab-V3 = Win-Trojan/Fakeav.261701 Panda = Suspicious file nProtect = Trojan.Generic.6380082 K7AntiVirus = Riskware VirusBuster = Trojan.Injector!yIJOnAq2u4E VBA32 = TrojanDownloader.Qhost.jw TrendMicro-HouseCall = TROJ_RENOS.BMC Emsisoft = Trojan.Win32.Jorik!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Jorik.Pirminay.zd McAfee-GW-Edition = Artemis!79D7BE419F3D DrWeb = Trojan.WinSpy.1014 TrendMicro = TROJ_RENOS.BMC Kaspersky = Trojan.Win32.Jorik.Pirminay.zd Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Jorik.K!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.hxys McAfee = Artemis!79D7BE419F3D F-Secure = Trojan.Generic.6380082 VIPRE = Trojan.Win32.Generic!BT AVG = Dropper.Generic4.RTM Norman = W32/Kryptik.ALS Sophos = Troj/Virtum-Gen GData = Trojan.Generic.6380082 Symantec = Trojan.Gen TheHacker = Trojan/Jorik.Pirminay.dg BitDefender = Trojan.Generic.6380082 NOD32 = a variant of Win32/Injector.HZU
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 245760 Initialized Data Size : 16384 Uninitialized Data Size : 40960 Entry Point : 0x46d50 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 8.1.2327.0 Product Version Number : 8.1.2327.0 File Flags Mask : 0x003f File Flags : Pre-release, Private build File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : Neutral Character Set : Unicode Company Name : Pjxdvuviy Orlrbwtlnlr File Description : Xbhmasnkw IME 2002 File Version : 8.1.2327.0 Internal Name : IMESKDIC Legal Copyright : Copyright (C) 1995-2000 Tzwduwvbx Funekxjkvef. All rights reserved. Legal Trademarks : CejkvztjmQ is a registered trademark of Wmhwyymnf Mzrcpotropv. Cwuxmwn(TM) is a trademark of Dptzwbgex Isqjyjgagbx Original Filename : IMESKDIC.DLL Product Name : Qijapgdmv IME 2002 Product Version : 8.1.2327.0
VirusTotal Report submitted 2012-06-23 20:17:48
VirusShare info last updated 2012-07-26 13:25:48

	MD5	c745b3600a65f3da70c4bfd0a546a3dd
	SHA1	513a3a1101b258819d5b8cbd24a4df3d38573947
	SHA256	407cfa39992ce80dbbfb18013b7bea8a88ca5fd6d1c041a755c77be46ecf8a09
SSDeep	12288:HqsfPxh006aCUnFW3ebiEhW/m8ksZpaj/X:Hqg00YuMDc
Size	473673 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.XPACK.Gen Avast = Win32:Zbot-NDV [Trj] AhnLab-V3 = Trojan/Win32.Pirminay Rising = Trojan.DL.Win32.DownLoad.lw nProtect = Trojan.Generic.6140722 K7AntiVirus = Riskware VirusBuster = Trojan.DL.Agent!TmVSelPsnGI TrendMicro-HouseCall = TROJ_GEN.R28C2G8 Comodo = UnclassifiedMalware McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.DownLoader5.18266 TrendMicro = TROJ_GEN.R28C2G8 Kaspersky = Trojan.Win32.Pirminay.lyh Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.abv McAfee = Generic Malware.ms F-Secure = Trojan.Generic.6140722 VIPRE = Packed.Win32.Pirminay.a (v) AVG = SHeur3.CCSV Norman = W32/Suspicious_Gen2.PPDJF GData = Trojan.Generic.6140722 Symantec = Trojan.Gen TheHacker = Trojan/Pirminay.hxn BitDefender = Trojan.Generic.6140722 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:04:18 12:44:41-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 16384 Initialized Data Size : 909312 Uninitialized Data Size : 0 Entry Point : 0x44d0 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.5512 Product Version Number : 5.1.2600.5512 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Ocrjhpnph Zwlhwyrtfiq File Description : WMI Performance Reverse Adapter Resources File Version : 5.1.2600.5512 (xpsp.080413-2108) Internal Name : WmiApRes.dll Legal Copyright : © Pphdsczhk Pelncsfchhq. All rights reserved. Original Filename : WmiApRes.dll Product Name : Hbwocjreq® Uaxskmd® Favmhwfcn Kyrnlj Product Version : 5.1.2600.5512
VirusTotal Report submitted 2012-06-23 20:44:40
VirusShare info last updated 2012-07-26 13:26:34

	MD5	6ecbc59d1fa2a566cca034d84a7eee94
	SHA1	411f8b86bdb4412d91f1cff9515c211eb9b32bd0
	SHA256	50a5716157fcc2bcba8395f0afd32493528e30426fda0d04f8a12bfa8c8100f4
SSDeep	3072:+wEJPf4yD874nkgNw523/IjNqAMRI7TlGnA4RPTO4FbipT8UlwCzBkuw0NNmSWn:fQf4y47pgN/IjNqoGnA81FbipT8WwHuW
Size	142336 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Menti Panda = Suspicious file nProtect = Trojan/W32.Agent.142336.DZ K7AntiVirus = Riskware VirusBuster = Trojan.Menti!/NOpS2Txha8 VBA32 = AdWare.SuperJuan.yiy eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R72C2GP Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Vundo!kt DrWeb = Trojan.Siggen3.2677 TrendMicro = TROJ_GEN.R72C2GP Kaspersky = Trojan.Win32.Menti.hjdp Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Menti.rw McAfee = Vundo!kt F-Secure = Trojan.Generic.KDV.299486 VIPRE = Trojan.Win32.Kryptik.laq (v) eSafe = Win32.TRVundo F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.BUGQ Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Trojan.Generic.KDV.299486 Symantec = Trojan.Gen.2 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Menti.hjdp BitDefender = Trojan.Generic.KDV.299486 NOD32 = a variant of Win32/Adware.Virtumonde.NHH
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:08:17 13:29:23-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 126976 Initialized Data Size : 57344 Uninitialized Data Size : 0 Entry Point : 0x1fbea OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1.1.0.0 Product Version Number : 1.1.0.0 File Flags Mask : 0x003f File Flags : Private build, Special build File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : NikeDrv.sys Company Name : S3/Diamond Multimedia Systems File Description : NikeDrv Usb Driver File Version : 1.00.0000.0 Internal Name : NikeDrv.sys Legal Copyright : Coyright (C) S3/Diamond Multimedia Systems 2000 Legal Trademarks : S3/Diamond Multimsdia Systems Original Filename : NikeDrv.sys Private Build : 0 Product Name : NikeDrv Product Version : 1.00.0000.0 Special Build : 0
VirusTotal Report submitted 2012-04-16 17:23:01
VirusShare info last updated 2012-07-26 13:27:06

	MD5	300c18d042efcfb4d20a361e3e5ffcf5
	SHA1	413fc48205fcbac233aac07c1595109aadad8ee2
	SHA256	e46f3fa23629730a433424ed0e70779b2eebf108d1d0eed8ee7b447327eed951
SSDeep	3072:VYdo/BVeeraZep+Dam4s1nR5wGRbC0/wBMqqDLy/MKFt97HutX:VBj6VnRiGdR/wKqqDLuMKFXm
Size	172032 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Ikarus = Trojan.Win32.Pirminay Panda = Generic Trojan K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_GEN.R4FC2IH Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[RE] TrendMicro = TROJ_GEN.R4FC2IH Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen McAfee = Artemis!300C18D042EF VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado Sophos = Troj/Virtum-Gen Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado NOD32 = a variant of Win32/Kryptik.QGU
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2007:02:18 13:48:51-05:00 PE Type : PE32 Linker Version : 6.0 Code Size : 98304 Initialized Data Size : 114688 Uninitialized Data Size : 0 Entry Point : 0x184a7 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Zkwfwcpbv Gktmhtuaqur File Description : Wlroodvof® Group Policy Management Utility File Version : 6.0.6000.16386 (fxidy_rtm.061101-2205) Internal Name : Brjnpkbhq.GroupPolicy.InterOp.dll Legal Copyright : © Mpbbcqlqb Mzfbqvexnoy. All rights reserved. Original Filename : Nwbsmjsti.GroupPolicy.InterOp.dll Product Name : Xvisvgqfa® Kwyaumd® Acelxdcvg Saiaqt Product Version : 6.0.6000.16386
VirusTotal Report submitted 2011-10-17 19:57:24
VirusShare info last updated 2012-07-26 13:27:10

	MD5	fe2a5da17b1ba31d7418930b41ff4425
	SHA1	417ac0f492dd31d0328c16b01b0908a204a8ab85
	SHA256	366792660bb455aba1f5287d152775852544080c4637e59435c2945136ba20fa
SSDeep	1536:bjwPXBrkpESDdXjdmrx/R2YHGcAy9NsM8tosRuF9F83QHeoOVzz:gXGWStENHGcNzscFv8311z
Size	61440 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Spyware/Virtumonde Rising = Trojan.Win32.Generic.1246E2F3 nProtect = Trojan/W32.Agent.61440.AKN K7AntiVirus = Riskware VBA32 = Trojan.Monder.mmkt Emsisoft = Trojan.Win32.Pirminay!IK DrWeb = Trojan.Virtumod.10128 Kaspersky = Trojan.Win32.Monder.myng Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr Jiangmin = Trojan/Genome.aazr F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.BZ.gen!Eldorado Norman = W32/Kryptik.AIF GData = Gen:Variant.Vundo.13 Commtouch = W32/Virtumonde.BZ.gen!Eldorado TheHacker = Trojan/Monder.motp BitDefender = Gen:Variant.Vundo.13 NOD32 = Win32/Adware.Virtumonde.NHD
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:06:20 20:36:36-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 19968 Initialized Data Size : 78336 Uninitialized Data Size : 0 Entry Point : 0x5ced OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7000.0 Product Version Number : 6.1.7000.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Control Method Battery Driver File Version : 6.1.7000.0 (winmain_win7beta.081212-1400) Internal Name : cmbatt.sys Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : cmbatt.sys Product Name : Microsoft® Windows® Operating System Product Version : 6.1.7000.0
VirusTotal Report submitted 2011-11-04 17:58:22
VirusShare info last updated 2012-07-26 13:27:18

	MD5	bea6fdbbee703d5f568dd4b1fada6e7b
	SHA1	41eb3339f650bfc3f42d7abecfaac0abf1e78245
	SHA256	6d3a9d339620a03d39b9ef50726fdf91b85ba867b67b6d84583dafb0b6494097
SSDeep	1536:R0UDIgo9KEvnkFItL4Jgz/tZyxOfi48hbmIC/hAm:09fnkFCqi/+ci4UbmICKm
Size	62464 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/Win32.Monder.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Suspicious file nProtect = Trojan/W32.Genome.62464.H K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!rGnFwKnO4Bg TrendMicro-HouseCall = TROJ_GEN.R26C1I9 Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Vundo.av SUPERAntiSpyware = Trojan.Agent/Gen-Vundo McAfee-GW-Edition = Generic.dx!xwk DrWeb = Trojan.Virtumod.10090 TrendMicro = TROJ_GEN.R26C1I9 Kaspersky = Trojan.Win32.Monder.myor Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Virtumonde.BZF!tr PCTools = Trojan.Gen Jiangmin = Trojan/Genome.noe McAfee = Generic.dx!xwk F-Secure = Gen:Variant.Vundo.5 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.BZ.gen!Eldorado AVG = Generic24.BWXC Norman = W32/Kryptik.AIF Sophos = Mal/Generic-L GData = Gen:Variant.Vundo.5 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.BZ.gen!Eldorado TheHacker = Trojan/Kryptik.itu BitDefender = Gen:Variant.Vundo.5 NOD32 = a variant of Win32/Kryptik.ITU
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:03:11 18:25:55-05:00 PE Type : PE32 Linker Version : 6.22 Code Size : 20992 Initialized Data Size : 78336 Uninitialized Data Size : 0 Entry Point : 0x604d OS Version : 4.0 Image Version : 4.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 8.0.7000.0 Product Version Number : 8.0.7000.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : IE plugin image decoder support DLL File Version : 8.00.7000.0 (winmain_win7beta.081212-1400) Internal Name : IMGUTIL Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : IMGUTIL.DLL Product Name : Windows® Internet Explorer Product Version : 8.00.7000.0 Ole Self Register :
VirusTotal Report submitted 2011-12-04 12:33:20
VirusShare info last updated 2012-07-26 13:27:38

	MD5	e2ede42349a4560222970ee474214727
	SHA1	69cd6cfcc799fe19d612ecaa2d90d1545046a368
	SHA256	41eff1c0aeec365c8b52c60b9c20766e1b1ccf116d4ee11c74118ff8ae133af9
SSDeep	3072:YK6fDp1SP5E7R8PsfMivwDFzoUMqqDLy/v00:Cl1pWKM0qqDLu
Size	155648 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-HH [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Vundo Panda = Trj/Genetic.gen nProtect = Trojan/W32.Vundo.155648.D K7AntiVirus = Riskware VirusBuster = Trojan.Genome!at+b/ZsBb0k TrendMicro-HouseCall = TROJ_GEN.R4FC2IF Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Genome.weys SUPERAntiSpyware = Trojan.Agent/Gen-Vundo McAfee-GW-Edition = Vundo!pj DrWeb = Trojan.Click1.54924 TrendMicro = TROJ_GEN.R4FC2IF Kaspersky = Trojan.Win32.Genome.weys Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Generic.iqrf McAfee = Vundo!pj F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Cryptic.CZO Norman = W32/Suspicious_Gen2.QTUEW Sophos = Troj/Virtum-Gen Symantec = Trojan.Gen GData = Gen:Variant.Vundo.4 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Genome.sqdx BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:22 10:44:33-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 110592 Initialized Data Size : 86016 Uninitialized Data Size : 0 Entry Point : 0x17802 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 2 Language Code : Neutral Character Set : Unicode Company Name : Microsoft Corporation File Description : Ukrainian (Enhanced) Keyboard Layout File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : kbdur1 (3.13) Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : kbdur1.dll Product Name : Microsoft® Windows® Operating System Product Version : 6.1.7600.16385
VirusTotal Report submitted 2012-06-23 22:09:01
VirusShare info last updated 2012-07-26 13:27:39

	MD5	b0f18fb3b7de27b1a4af392656c89d2a
	SHA1	42130eeceec99f734d786368439939f6814644c3
	SHA256	dc962ad0e8308fc1b0481e5b7659ba4bf54c96e59a20d30e1b0727a07231c4f7
SSDeep	12288:+vMPPRLrJhCFfAKIWClz4enJ0sDdmX9oNk+yaX7oJXBqPqQNY+wLdhpgLK:WMDhXHWCl8QyskX9oi+3lyQNY+yha
Size	847360 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	Avast = Win32:Kelihos-D [Trj] Ikarus = Win32.SuspectCrc AhnLab-V3 = Trojan/Win32.Menti Panda = Trj/Mystic.a nProtect = Gen:Variant.Kazy.34199 K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_GEN.R4FC2IM Emsisoft = Win32.SuspectCrc!IK CAT-QuickHeal = Backdoor.Kelihos.b McAfee-GW-Edition = Artemis!B0F18FB3B7DE DrWeb = Trojan.PWS.Siggen.25700 TrendMicro = TROJ_GEN.R4FC2IM Kaspersky = Trojan.Win32.Jorik.Hlux.agx Microsoft = Backdoor:Win32/Kelihos.B Fortinet = W32/Pirminay.BMF!tr PCTools = Trojan.Gen McAfee = Generic BackDoor!dth F-Secure = Gen:Variant.Kazy.34199 VIPRE = Trojan.Win32.Generic.pak!cobra F-Prot = W32/FakeAlert.QW.gen!Eldorado Norman = W32/Kryptik.AFR Sophos = Mal/Generic-L GData = Gen:Variant.Kazy.34199 Symantec = Trojan.Gen Commtouch = W32/FakeAlert.QW.gen!Eldorado BitDefender = Gen:Variant.Kazy.34199 NOD32 = a variant of Win32/Kryptik.RRD
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2007:01:27 13:03:07-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 119296 Initialized Data Size : 727040 Uninitialized Data Size : 0 Entry Point : 0x1d0e4 OS Version : 5.0 Image Version : 0.0 Subsystem Version : 5.0 Subsystem : Windows GUI File Version Number : 0.14.37474.43589 Product Version Number : 0.14.37474.43589 File Flags Mask : 0x0000 File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Ritlabs S.R.L. File Description : HerRXwfQxvM File Version : aGHdL82 Internal Name : 4ifV Legal Copyright : PMHYeQSdS Original Filename : VUWL23PJUUV Product Name : deYqwlHKQV5 Product Version : pf6r4KS
VirusTotal Report submitted 2011-10-30 15:49:35
VirusShare info last updated 2012-07-26 13:27:45

	MD5	cc7f8b0552dc9ab01df8d10c1014aec5
	SHA1	435f5be14e22d7f23f03ec9de6fc4db4f50b65aa
	SHA256	10919d5369913b1e128cb0ccebdb56bec4d110843af95e7c7b5352ab5136d6ad
SSDeep	3072:+2nw3C9d2HIUdWjdR75QKWUDO8st7pIpo2:pwy9w/dWjTlXjDHsD
Size	103424 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-HH [Cryp] Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Pirminay Panda = Trj/Genetic.gen Rising = Trojan.Win32.Generic.12535B02 nProtect = Joke/W32.Renos.103424.C K7AntiVirus = Riskware VBA32 = Trojan.Genome.qzfj TrendMicro-HouseCall = TROJ_GEN.R4FC2D2 Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Redirect McAfee-GW-Edition = Vundo!hq DrWeb = Trojan.Click1.32891 TrendMicro = TROJ_GEN.R4FC2D2 Kaspersky = Trojan.Win32.Monder.myyr Microsoft = Trojan:Win32/Vundo Fortinet = W32/Kryptik.ANL!tr PCTools = RogueAntiSpyware.SpywareStrike!rem Jiangmin = Trojan/Genome.ihm McAfee = Vundo!hq F-Secure = Trojan.Renos.PJY VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.BZ.gen!Eldorado AVG = Crypt_c.CEV Sophos = Mal/Agent-PG Symantec = SpywareStrike GData = Trojan.Renos.PJY Commtouch = W32/Virtumonde.BZ.gen!Eldorado TheHacker = Trojan/Kryptik.hhf BitDefender = Trojan.Renos.PJY NOD32 = a variant of Win32/Kryptik.HHF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:17 15:51:36-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 92160 Initialized Data Size : 48640 Uninitialized Data Size : 0 Entry Point : 0x17649 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : Neutral Character Set : Unicode Company Name : Microsoft Corporation File Description : KO Hangeul Keyboard Layout for 101 (Type A) File Version : 6.0.6000.16386 (vista_rtm.061101-2205) Internal Name : kbd101a Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : kbd101a.dll Product Name : Microsoft® Windows® Operating System Product Version : 6.0.6000.16386
VirusTotal Report submitted 2011-10-30 13:53:09
VirusShare info last updated 2012-07-26 13:28:48

	MD5	5b689e59bb8e8853801f35888d7544be
	SHA1	4412a898e57e03a4bf9664ae2d4db42866e5c4dc
	SHA256	a240c1b56de37161ec0012e522b603af01cd3c564cb88ba983c9f9744ff9eeb7
SSDeep	1536:JXCRw7f1QIXaFovCL73mzjgucttHirY286WfIYdlAT17M/2KLK5q+kZK5lE+CdPy:JXnPW32cph3wpK6dL5lE+KbgW
Size	134656 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.307200 Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/Win32.Monder.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.5 K7AntiVirus = Riskware eTrust-Vet = Win32/Monder.A!generic TrendMicro-HouseCall = TROJ_GEN.R21C7IU Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[RE] McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.Virtumod.10591 TrendMicro = TROJ_GEN.R21C7IU Kaspersky = Trojan.Win32.Monder.msgv Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr Jiangmin = Trojan/Monder.acem McAfee = Generic Malware.ms F-Secure = Trojan.Generic.6689731 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CD.gen!Eldorado AVG = Generic21.BESP Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen Symantec = Suspicious.Cloud.5 GData = Trojan.Generic.6689731 Commtouch = W32/Virtumonde.CD.gen!Eldorado BitDefender = Trojan.Generic.6689731 NOD32 = a variant of Win32/Adware.Virtumonde.NKO
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:01:04 11:49:58-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 32768 Initialized Data Size : 143360 Uninitialized Data Size : 0 Entry Point : 0x50d5 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Ugelvqjit Yuhuvgehrln File Description : GuideStore Module File Version : 5.1.2600.0 (luaziuor.010817-1148) Internal Name : GuideStore Legal Copyright : © Microsoft Zklqppxolqw. All rights reserved. Original Filename : GuideStore Product Name : Fxvpvqjpm® Asrwlfh® Vrdesqnoz Yoyvtv Product Version : 5.1.2600.0 Ole Self Register :
VirusTotal Report submitted 2011-11-18 23:29:00
VirusShare info last updated 2012-07-26 13:29:20

	MD5	2bf1a7192ed86df709e67fc79463e5c2
	SHA1	442ae1975aa2e27c5606e0e83a71482feab05eb7
	SHA256	5834bc68053d455c32a9d724b739e5b57920c30be0663be43da898bfbeab1ad5
SSDeep	6144:455IJzJznrggsdgz1Jo5H9PnNUxBqczZcuhBzQYvYPuvK0Y:4HI1dS8Jw9/axhNPBz1QPmKt
Size	294613 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Pirminay.bhf Avast = Win32:Pirminay-C Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Suspicious file nProtect = Backdoor.Generic.542938 VBA32 = suspected of Trojan.Pirminay.bg TrendMicro-HouseCall = TROJ_GEN.R47C2A4 Emsisoft = Trojan.Pirminay!IK McAfee-GW-Edition = Artemis!2BF1A7192ED8 DrWeb = Trojan.MulDrop1.59103 TrendMicro = TROJ_GEN.R47C2A4 Kaspersky = Trojan.Win32.Pirminay.bki Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Pirminay.BKI!tr PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.gs McAfee = Artemis!2BF1A7192ED8 ClamAV = Trojan.Agent-183385 F-Secure = Backdoor.Generic.542938 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Pirminay-C eSafe = Win32.TRPirminay.Bhf AVG = Downloader.Generic10.BOLE GData = Backdoor.Generic.542938 Symantec = Trojan.Gen TheHacker = Trojan/Pirminay.bhf BitDefender = Backdoor.Generic.542938 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:04:01 19:14:40-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 24064 Initialized Data Size : 531968 Uninitialized Data Size : 0 Entry Point : 0x69a6 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2001.12.4414.42 Product Version Number : 3.0.0.4414 File Flags Mask : 0x003f File Flags : Special build File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Windows, Latin1 Company Name : Microsoft Corporation File Version : 2001.12.4414.42 Internal Name : COMADDIN.DLL Legal Copyright : Copyright (C) Microsoft Corp. 1995-1999 Legal Trademarks : Microsoft(R) is a registered trademark of Microsoft Corporation. Windows(TM) is a trademark of Microsoft Corporation Product Name : COM Services Product Version : 03.00.00.4414
VirusTotal Report submitted 2011-01-05 17:11:53
VirusShare info last updated 2012-07-26 13:29:24

	MD5	41c7c841ba87d8f0a8177bb0364f28c3
	SHA1	443226ae93e8757a4e511d9493ff8216429fbc73
	SHA256	194d6064cc90fbc62e9e46bac22a0fe060fc4186ca44a0a94901c4d8a106aae7
SSDeep	6144:tY69NIULsi/q5F3GxfJll5THXjoCnKT0HpHZVL7otIePOeODjkEpNCSRv:tYmiULs+yF3GVJVTXjrzJHZ1stIePzOL
Size	385504 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dldr.Ponmocup.A.173 Avast = Win32:Trojan-gen Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Swisyn.385504 Panda = Trj/CI.A Comodo = TrojWare.Win32.Trojan.Agent.Gen Emsisoft = Trojan.Win32.Pirminay!IK Kaspersky = Trojan.Win32.Pirminay.dyj Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Pirminay.DYJ!tr PCTools = Trojan.Gen F-Secure = Trojan.Generic.5585408 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Trojan-gen AVG = Generic21.AQBH Norman = W32/Obfuscated.L Sophos = Mal/Generic-L Symantec = Trojan.Gen GData = Trojan.Generic.5585408 TheHacker = Trojan/Pirminay.dyj BitDefender = Trojan.Generic.5585408
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:02:11 23:32:30-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 49152 Initialized Data Size : 651264 Uninitialized Data Size : 0 Entry Point : 0x9503 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Oqabczedg Corporation File Description : MTF (Fcgkvnedk Tape Format) Media Label Library File Version : 5.1.2600.0 (XPClient.010817-1148) Internal Name : mll_mtf.DLL Legal Copyright : © Edqhefstw Srlbxpwyyfy. All rights reserved. Original Filename : mll_mtf.DLL Product Name : Dagkfbbvx® Olcufom® Vkkwlubtb Nppgfp Product Version : 5.1.2600.0
VirusTotal Report submitted 2011-03-18 06:51:47
VirusShare info last updated 2012-07-26 13:29:26

	MD5	18b38df0d9f6dd424f035540bb2c6444
	SHA1	9f28c8c3b41354f85a2cddfa6d92283de0b586ac
	SHA256	443c29a9e6b56c6186497f6270fa92ac7c13cdcc9a772e7cb344ed91dad50ac2
SSDeep	6144:oaRIAMaLoEOyMS2iXBzAkqMkoj/aS8gRbSY:RRIAMaLfOyJ2wkoj/T8G
Size	258160 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Jorik Ikarus = Trojan.Win32.Jorik AhnLab-V3 = Trojan/Win32.ADH Panda = Suspicious file K7AntiVirus = Trojan VirusBuster = Trojan.Injector!ZSHDE2PR05Q VBA32 = Trojan.Jorik.Pirminay.ba TrendMicro-HouseCall = TROJ_GEN.R28C2I9 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Jorik!IK CAT-QuickHeal = Trojan.Jorik.Pirminay.zp McAfee-GW-Edition = Generic Downloader.x!gby TrendMicro = TROJ_GEN.R28C2I9 Kaspersky = Trojan.Win32.Jorik.Pirminay.zp Microsoft = Trojan:Win32/Vundo.gen!CD Fortinet = W32/Jorik.K!tr PCTools = Trojan.ADH Jiangmin = Trojan/Generic.hxys McAfee = Generic Downloader.x!gby F-Secure = Gen:Variant.Graftor.262 VIPRE = Trojan.Win32.Generic!BT AVG = Dropper.Generic4.ABKV Norman = W32/Suspicious_Gen2.RFCZE Sophos = Troj/Virtum-Gen GData = Gen:Variant.Graftor.262 Symantec = Trojan.ADH BitDefender = Gen:Variant.Graftor.262 NOD32 = a variant of Win32/Injector.HZU
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 237568 Initialized Data Size : 24576 Uninitialized Data Size : 36864 Entry Point : 0x43570 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 3.0.0.0 Product Version Number : 3.0.0.0 File Flags Mask : 0x003f File Flags : Private build File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : Arabic Character Set : Unicode Company Name : Lexmark International Inc. File Description : معالج طباعة Lexmark PS&SD In-Box File Version : 3.0.0.0 Internal Name : lmprtprc.dll Legal Copyright : Copyright © 1996-2004 Legal Trademarks : Lexmark® is a registered trademark of Lexmark International Inc. Original Filename : lmprtprc.dll Product Name : Lexmark Print Processor Product Version : 3.0
VirusTotal Report submitted 2012-06-23 23:18:58
VirusShare info last updated 2012-07-26 13:29:29

	MD5	44494b9f185a4ac277e09f8ed05c350f
	SHA1	45c5f3aaebf0ee08c96a32e9c5f1dafd531eb982
	SHA256	1d8810b9f4e565d39926c931ec4c6f97a4de028aaeab7f00d05b0faf50905d48
SSDeep	6144:fQLHwAGKsO5dxYoPqa2HpByIQ6hxApa1R/4aCcRJphoHRYjDju3UboG9H3UcVBe:f6Q5Kxd7yPHaJYz4aCOsK/Sk8Gx3UEBe
Size	373359 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.XPACK.Gen2 Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Swisyn.373359 Panda = Generic Trojan VirusBuster = Backdoor.Bot!7ini1Zc+BdM VBA32 = Trojan.Pirminay.eet TrendMicro-HouseCall = TROJ_GEN.R01C2CU Comodo = TrojWare.Win32.Trojan.Agent.Gen CAT-QuickHeal = Trojan.Pirminay.eet McAfee-GW-Edition = Artemis!44494B9F185A TrendMicro = TROJ_GEN.R01C2CU Microsoft = TrojanDownloader:Win32/Ponmocup.A PCTools = Trojan.ADH Jiangmin = Trojan/Pirminay.op McAfee = Artemis!44494B9F185A VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Malware-gen eSafe = Win32.TRCrypt.XPACK AVG = Generic21.BAMU Norman = W32/Obfuscated.L Symantec = Trojan.ADH GData = Backdoor.Bot.135962 TheHacker = Trojan/Pirminay.ejk BitDefender = Backdoor.Bot.135962
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2002:08:08 02:41:04-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 65536 Initialized Data Size : 589824 Uninitialized Data Size : 0 Entry Point : 0x1032c OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.3959 Product Version Number : 5.2.3790.3959 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 2 Language Code : Neutral Character Set : Unicode Company Name : Ctuvkifpm Dtfrvbkrsma File Description : Bosnian (Cyrillic) Keyboard Layout File Version : 5.2.3790.3959 (srv03_sp2_rtm.070216-1710) Internal Name : kbdbhc (3.12) Legal Copyright : © Trgwqmnst Rmeoclfaaif. All rights reserved. Original Filename : kbdbhc.dll Product Name : Tcpoyymwn® Ydlqcso® Qefwmflse Mgyjcg Product Version : 5.2.3790.3959
VirusTotal Report submitted 2011-04-12 22:11:47
VirusShare info last updated 2012-07-26 13:30:40

	MD5	b2c5784cc9ab4af10a17ae875757de70
	SHA1	afed9c589b3af961282161e70c66554cb0ce224b
	SHA256	463f377777fed480403cb7df5245be250aa772e07525745b3134de1780c7ea6b
SSDeep	1536:m6pefYwflhKDjLQ6SVofMqqU+NV23S2LLWBTd3OQSWWfTMG:m6pgxlhW7SVofMqqDLy/LLW1dLSFMG
Size	114688 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-HH [Cryp] Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.HDC Panda = Suspicious file K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_GEN.R28C2GS Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Generic Malware.ms TrendMicro = TROJ_GEN.R28C2GS Kaspersky = Trojan.Win32.Genome.adjld Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.H!generic McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.CPFB Norman = W32/Kryptik.AIF GData = Gen:Variant.Vundo.13 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.NPR
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:23 10:13:41-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 36864 Initialized Data Size : 122880 Uninitialized Data Size : 0 Entry Point : 0x627e OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.2180 Product Version Number : 5.1.2600.2180 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Kwzbpwynb Vwxvxksczdm File Description : Shell scrap object handler File Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Internal Name : shole Legal Copyright : © Csarxlvoc Obtjsewcdep. All rights reserved. Original Filename : SHSCRAP.DLL Product Name : Mdynjxyct® Windows® Usfncdval Ltagjy Product Version : 5.1.2600.2180
VirusTotal Report submitted 2012-06-24 00:13:56
VirusShare info last updated 2012-07-26 13:31:03

	MD5	9bff974dc860b19c580eacbc01459e6d
	SHA1	4643c652816d6bbbfaa6b1f2bfbdfdcec7175503
	SHA256	1674462ac4231321c237a25ee8abdf19e1d5be9b7f4145b6679960b2d8d9384c
SSDeep	3072:Fxml7OlUCOqvMnofMqqDLy/XOcWKCdzfe757HG:ml7cUMwqqDLuXOXd3
Size	126976 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Generic Trojan Rising = Trojan.Win32.Generic.129C3FFD nProtect = Gen:Variant.Vundo.16 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!gw3Ecg7W9lI TrendMicro-HouseCall = TROJ_GEN.R4FC2IE Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Vundo!mp DrWeb = Trojan.WinSpy.1207 TrendMicro = TROJ_GEN.R4FC2IE Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen McAfee = Vundo!mp F-Secure = Gen:Variant.Vundo.16 VIPRE = Virtumonde F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.AOOB Norman = W32/Kryptik.AIF Sophos = Mal/Generic-L GData = Gen:Variant.Vundo.16 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.oxp BitDefender = Gen:Variant.Vundo.16 NOD32 = a variant of Win32/Kryptik.OXP
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:03:12 03:17:07-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 40960 Initialized Data Size : 126976 Uninitialized Data Size : 0 Entry Point : 0x72b2 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.6914.0 Product Version Number : 6.1.6914.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 1 Language Code : English (U.S.) Character Set : Unicode Company Name : SEIKO EPSON CORPORATION File Description : EPSON Printer Driver File Version : 6.1.6914.0 (fbl_dox_dev_ihvs.081001-2123) Internal Name : ep0lvr1g.dll Legal Copyright : Copyright (c) SEIKO EPSON CORPORATION 2003-2004. All rights reserved. Original Filename : ep0lvr1g.dll Product Name : EPSON Printer Driver Product Version : 6.1.6914.0
VirusTotal Report submitted 2011-10-26 15:15:20
VirusShare info last updated 2012-07-26 13:31:04

	MD5	e952e459ef2b11270d8ef84b2479b160
	SHA1	469c7203fda5ec6681fada736e0061a9ad368d30
	SHA256	5b5e6510980c0e9f93c2b3bee5b7d2f3729cb2e602629ab2e4a6faacaaff2af4
SSDeep	1536:1TaYj4dtNJu3G8fNQLwwamFILh01Y3hyNS0Y6Y9l/MqqU+NV23S2GMnew:1a818wwSyya7Cl/MqqDLy/GZw
Size	115712 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:Vundo-KF [Trj] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Trj/Genetic.gen nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware VirusBuster = Adware.Virtumonde.Gen.2 eTrust-Vet = Win32/Monder.A!generic TrendMicro-HouseCall = TROJ_GEN.R4FC1IG Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Win32.Trojan.Monder.co.5 SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Generic Malware.j!pec TrendMicro = TROJ_GEN.R4FC1IG Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.ijpf McAfee = Generic Malware.j!pec F-Secure = Gen:Variant.Vundo.4 F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.BHWY Norman = W32/Crypt.AWAT Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.qgj BitDefender = Gen:Variant.Vundo.4 NOD32 = Win32/Adware.Virtumonde.NHD
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:07:28 14:37:02-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 73728 Initialized Data Size : 90112 Uninitialized Data Size : 0 Entry Point : 0xe9c6 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.0.5.53 Product Version Number : 2.0.5.53 File Flags Mask : 0x30003f File Flags : Pre-release, Private build File OS : Windows 16-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Windows, Latin1 Active Movie : Filter dll OLE Self Register : AM20 Company Name : Intel Ereuuuegcnp File Description : Indeo® audio software File Version : 2.05.53 Internal Name : iac25_32.ax Legal Copyright : Copyright © Intel Corp. 1997 Original Filename : iac25_32.ax Product Name : Indeo® audio software Product Version : 2.05.53
VirusTotal Report submitted 2011-10-21 01:32:30
VirusShare info last updated 2012-07-26 13:31:19

	MD5	64754af0a922d278adaa9df8d06447f1
	SHA1	47e62a9cfbbf7fcba9fb215015a8d44a9ad223e7
	SHA256	440f79f962eb138328f313c7c230fbbdf46acb942c5b556843c2168afbbf4815
SSDeep	768:tPVA2HWDmxy7BvOFnjGx+uJgCR6OxSUNgi9Z/BJTP7K+fZM4gU1S9HKKVBWZv7q:tPGIWuks/uJg0t7TjKuM4LY8KVBMD
Size	55296 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-HH [Cryp] Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay Panda = Spyware/Virtumonde nProtect = Trojan/W32.Pirminay.55296 K7AntiVirus = Riskware VirusBuster = Trojan.Pirminay!e9zNFR1KC6g VBA32 = Trojan.Pirminay.te TrendMicro-HouseCall = TROJ_VUNDOX.SMUM Emsisoft = Trojan.Win32.Pirminay!IK Comodo = TrojWare.Win32.Trojan.Generic.KDV_453160 CAT-QuickHeal = Trojan.Pirminay.te McAfee-GW-Edition = Vundo!ic DrWeb = Trojan.Siggen3.19123 TrendMicro = TROJ_VUNDOX.SMUM Kaspersky = Trojan.Win32.Monder.myuj Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.cs McAfee = Vundo!ic ClamAV = Trojan.Agent-183956 F-Secure = Trojan.Generic.KDV.45316 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.BZ.gen!Eldorado AVG = Generic19.AAPJ Norman = W32/Kryptik.AIF Sophos = Troj/Agent-RIE GData = Trojan.Generic.KDV.45316 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.BZ.gen!Eldorado TheHacker = Trojan/Pirminay.te BitDefender = Trojan.Generic.KDV.45316 NOD32 = a variant of Win32/Kryptik.HKB
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:11:03 21:34:35-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 47616 Initialized Data Size : 44544 Uninitialized Data Size : 0 Entry Point : 0xc94d OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.0.2180.1 Product Version Number : 5.0.2180.1 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 4 Language Code : Neutral Character Set : Unicode Company Name : Microsoft Corporation File Description : ModeX Display Driver File Version : 5.00.2180.1 Internal Name : modex.dll Legal Copyright : Copyright (C) Microsoft Corp. 1981-1999 Original Filename : modex.dll Product Name : Microsoft(R) Windows (R) 2000 Operating System Product Version : 5.00.2180.1
VirusTotal Report submitted 2011-12-01 05:50:47
VirusShare info last updated 2012-07-26 13:32:18

	MD5	d2445ff696965246bbd4bb2dcd5d2024
	SHA1	48f702eb700baff57d412816e544f2187d3293b8
	SHA256	d458c6cbcc9b0d165c39fdddea16f69df8b711072ce6856281ff4b726e30ebcf
SSDeep	3072:vKKoxPhPiHsM0iCA0PoT3VqIzTkoHlBjqEOTjf:CK8pxmPPLjIj
Size	147456 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-GD [Cryp] Antiy-AVL = Trojan/Win32.Delf.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Generic Trojan nProtect = Gen:Variant.Vundo.13 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!ot2yXnCC5p0 VBA32 = AdWare.SuperJuan.heur eTrust-Vet = Win32/Monder.A!generic TrendMicro-HouseCall = TROJ_GEN.R01C1IT Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[Cont] McAfee-GW-Edition = Vundo!me DrWeb = Trojan.Virtumod.10262 TrendMicro = TROJ_GEN.R01C1IT Kaspersky = Trojan.Win32.Monder.myum Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = TrojanDownloader.Delf.abmz McAfee = Vundo!me VIPRE = Trojan.Win32.Kryptik.laq (v) eSafe = Win32.TRVundo F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic21.ASCK Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen Symantec = Trojan.Gen GData = Gen:Variant.Vundo.13 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.gnd BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.GND
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:26 13:42:50-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 86016 Initialized Data Size : 94208 Uninitialized Data Size : 0 Entry Point : 0x12651 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 4.10.0.1998 Product Version Number : 4.10.0.1998 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Windows, Latin1 Company Name : Elacfsggt Trnahxywymp File Description : Bezier Screen Saver File Version : 4.10.1998 Internal Name : BEZIER Legal Copyright : Copyright (C) Lorrkjfen Corp. 1991-1998 Original Filename : BEZIER.SCR Product Name : Jsoucuwow(R) Lexflgo(R) Oxzkzsbet Uqggiz Product Version : 4.10.1998
VirusTotal Report submitted 2011-11-17 19:55:57
VirusShare info last updated 2012-07-26 13:33:16

	MD5	ec22366ea2c24230ba3999f1f7adf64e
	SHA1	4a50d1d2c941b127f5c37398a79cc41cca2c6159
	SHA256	50d1639eca7ddd8941760684a0dde5b6c8ebe98f31b3a2890f4a65e7e50fcfbd
SSDeep	1536:6MlpIHbU2Q3cQu9WvJGtyHp+8a+LM+EGzG+BhHk4StYMtd4K+pm+s65XG:6OIHbUf3cxQHg8a+LM+EreHk47Pa+tG
Size	83968 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/Win32.Menti.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Menti Panda = Suspicious file nProtect = Trojan/W32.Vundo.83968.CM K7AntiVirus = Riskware VBA32 = AdWare.SuperJuan.heur TrendMicro-HouseCall = TROJ_GEN.R4FC2IF Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Vundo.Gen McAfee-GW-Edition = Vundo!pt DrWeb = Trojan.Siggen2.56183 TrendMicro = TROJ_GEN.R4FC2IF Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Menti.fam!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Menti.bea McAfee = Vundo!pt F-Secure = Gen:Variant.Vundo.6 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Cryptic.BTF Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen Symantec = Trojan.Gen.2 GData = Gen:Variant.Vundo.6 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.izc BitDefender = Gen:Variant.Vundo.6 NOD32 = a variant of Win32/Kryptik.IZC
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:05:11 05:10:22-04:00 PE Type : PE32 Linker Version : 5.0 Code Size : 33280 Initialized Data Size : 85504 Uninitialized Data Size : 0 Entry Point : 0x8eca OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.0.2920.0 Product Version Number : 5.0.2920.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Internet Connection Wizard Trial Reminder Helper File Version : 5.00.2920.0000 Internal Name : trialoc Legal Copyright : Copyright (C) Microsoft Corp. 1991-1999 Original Filename : trialoc.dll Product Name : Microsoft(R) Windows (R) 2000 Operating System Product Version : 5.00.2920.0000 Ole Self Register :
VirusTotal Report submitted 2012-06-24 05:01:23
VirusShare info last updated 2012-07-26 13:34:13

	MD5	444177ccf31c7810d1af0933ab0b4c12
	SHA1	4a76fb3440f82160389eae34887238727abea2e6
	SHA256	f2f560f215447bd57424c8f64478be5e5d1c9408fbdbace43b566f52dc193579
SSDeep	3072:Z4wUt8OzqRqhGBjvOeJI9Xo6PfiZy+lKkxdM/2GK0FXR6:9UpzMiGBjvjQPfi
Size	114176 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Suspicious file nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware VBA32 = AdWare.SuperJuan.heur eTrust-Vet = Win32/Monder.A!generic TrendMicro-HouseCall = TROJ_GEN.R26C1KL Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Generic.dx!zjz DrWeb = Trojan.Virtumod.10229 TrendMicro = TROJ_GEN.R26C1KL Kaspersky = Trojan.Win32.Monder.drdv Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Monder.grb McAfee = Generic.dx!zjz F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.BTQR Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.KFJ
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:04:10 22:57:10-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 28672 Initialized Data Size : 131072 Uninitialized Data Size : 0 Entry Point : 0x709e OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1.0.13.0 Product Version Number : 1.0.13.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 1 Language Code : Danish Character Set : Unicode Comments : Company Name : Microsoft Corporation File Description : Lexmark 3200 Color Jetprinter File Version : 1, 0, 13, 0 Internal Name : LXSYSRES.DLL Legal Copyright : Copyright (C) Microsoft Corp. 1981-1997 Legal Trademarks : Original Filename : OEMRES Private Build : Product Name : Microsoft(R) Windows NT(R) Operativsystem Product Version : 1, 0, 13, 0 Special Build :
VirusTotal Report submitted 2011-11-24 10:41:50
VirusShare info last updated 2012-07-26 13:34:21

	MD5	0ed286076b38aec4a7edcd0e60555de9
	SHA1	4b0fa5b9b5ada65569a48148456496daa9632563
	SHA256	f0067f3ff32df96573ea7cba42a85d848758122420dcee285942667d4d229a80
SSDeep	1536:UmJsE34dtCxckCzVSECIGc0lUSPyV1Jmj3oI8kznBF3+:UmJsE38CxazVLtGcxShYIF3
Size	81920 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Vundo Panda = Suspicious file nProtect = Trojan/W32.Vundo.81920.BD K7AntiVirus = Riskware VBA32 = AdWare.SuperJuan.heur eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R42C2D2 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Monder McAfee-GW-Edition = Artemis!0ED286076B38 DrWeb = Trojan.Virtumod.10252 TrendMicro = TROJ_GEN.R42C2D2 Kaspersky = Trojan.Win32.Menti.bwg Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Menti.fam!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.dxnd McAfee = Artemis!0ED286076B38 F-Secure = Trojan.Generic.5523191 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CI.gen!Eldorado AVG = Generic25.LGC Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Trojan.Generic.5523191 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CI.gen!Eldorado TheHacker = Trojan/Menti.hscl BitDefender = Trojan.Generic.5523191 NOD32 = a variant of Win32/Kryptik.LFR
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2005:03:10 19:02:39-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 61440 Initialized Data Size : 49152 Uninitialized Data Size : 0 Entry Point : 0xfbb4 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 8 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Microsoft RLE Compressor File Version : 6.0.6000.16386 (vista_rtm.061101-2205) Internal Name : msrle32.dll Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : msrle32.dll Product Name : Microsoft® Windows® Operating System Product Version : 6.0.6000.16386
VirusTotal Report submitted 2012-05-11 06:07:35
VirusShare info last updated 2012-07-26 13:34:45

	MD5	2052f2103adabb842ff23a8db6c18e22
	SHA1	a8e758d073bc3bd56df8a3e5cbfd98bf17879579
	SHA256	4b3a0cf68566242d8f9f37eae7cd4b927a22f44a77e0fb841a5f3eeb5469a3b8
SSDeep	6144:LWbSCNtvl8RXDJNmLHpUbTmPVrazE85ECSMjW41HNU6K/AW:LWVNtvlGXWLSOrs67mFHLKYW
Size	332654 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Ag.294254 Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Pirminay.332654 Panda = Suspicious file Rising = Trojan.Win32.Generic.1299B583 nProtect = Trojan.Generic.5211923 K7AntiVirus = Riskware VirusBuster = Trojan.DL.Agent!9iRqeFwLUlQ VBA32 = Win32.TrojanDownloader.Agent.PXO TrendMicro-HouseCall = TROJ_GEN.R23E1GF Emsisoft = Trojan.Win32.Pirminay!IK Comodo = TrojWare.Win32.Trojan.Agent.Gen McAfee-GW-Edition = Generic Dropper!dfi DrWeb = Trojan.Siggen1.52062 TrendMicro = TROJ_GEN.R23E1GF Kaspersky = Trojan.Win32.Pirminay.bb Microsoft = Trojan:Win32/Meredrop Fortinet = W32/Kryptik.ANL!tr PCTools = HeurEngine.MaliciousPacker Jiangmin = Trojan/Pirminay.c McAfee = Generic Dropper!dfi F-Secure = Trojan-Dropper:W32/Meredrop.AL VIPRE = Packed.Win32.Pirminay.a (v) F-Prot = W32/MalwareF.DUVQ AVG = Generic18.YCM Norman = W32/Troj_Generic.AAPRG Sophos = Mal/Ponmocup-A GData = Trojan.Generic.5211923 Symantec = Packed.Generic.305 Commtouch = W32/MalwareF.DUVQ BitDefender = Trojan.Generic.5211923 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:02 13:59:34-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 286208 Initialized Data Size : 305152 Uninitialized Data Size : 0 Entry Point : 0x46c4c OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-06-24 02:30:57
VirusShare info last updated 2012-07-26 13:34:54

	MD5	0edc1be1b827dd668f09b007778e0c58
	SHA1	4d9b7c1c6d0afa7a8dc71fd78bc63ed94b72b3cb
	SHA256	391a6be9c9361cf886c2ad2b45ea19c81150769cc54a62cb22efd8b76c5c10e6
SSDeep	6144:ydDkH6X4GJBHWcmSpJMSAu7AGlkJipI+rOkMvE57T+j8Z:ylXtJBvmSpJMSA1GWUpNrHW67t
Size	331264 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.XPACK.Gen2 Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay Panda = Trj/Pirminay.B Rising = Trojan.Win32.Generic.126899BF nProtect = Trojan/W32.Agent.331264.AU K7AntiVirus = Riskware VBA32 = Trojan.Pirminay.bjc TrendMicro-HouseCall = TROJ_GEN.R3EC2LU Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Pirminay.bjc McAfee-GW-Edition = Kryp.b DrWeb = Trojan.Hosts.2622 TrendMicro = TROJ_GEN.R3EC2LU Kaspersky = Trojan.Win32.Pirminay.bjc Microsoft = TrojanDownloader:Win32/Renos.KC PCTools = Trojan.Gen McAfee = Kryp.b ClamAV = Trojan.Agent-183360 F-Secure = Trojan.Generic.KDV.96807 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:MalOb-EI [Cryp] F-Prot = W32/FakeAlert.LP.gen!Eldorado AVG = Downloader.Generic10.BMUO Norman = W32/Obfuscated.L Sophos = Mal/Ponmocup-A Symantec = Trojan.Gen GData = Trojan.Generic.KDV.96807 Commtouch = W32/FakeAlert.LP.gen!Eldorado TheHacker = Trojan/Pirminay.bjc BitDefender = Trojan.Generic.KDV.96807 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2002:08:01 11:11:13-04:00 PE Type : PE32 Linker Version : 6.0 Code Size : 65024 Initialized Data Size : 527872 Uninitialized Data Size : 0 Entry Point : 0x108dc OS Version : 4.0 Image Version : 4.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 7.0.6000.16386 Product Version Number : 7.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Microsoft COM Runtime Execution Engine File Version : 7.00.6000.16386 (vista_rtm.061101-2205) Internal Name : CORPOL.DLL Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : CORPOL.DLL Product Name : Windows® Internet Explorer Product Version : 7.00.6000.16386
VirusTotal Report submitted 2011-08-28 13:00:04
VirusShare info last updated 2012-07-26 13:36:30

	MD5	024d6a7e5c024f64e6db6fc19393c112
	SHA1	4db172a5d2591c2cdb68ba093747d53c587e3e47
	SHA256	883b56219a97e96d6a1e5a54efd4a0d813aea7e3089981742ef6a5ee4bddb8f5
SSDeep	6144:conV3aZ/9TSg241TWEBLzuKr238jnHee+H49/klVr0O+uKpvqirZ33dn:coVq324NWEBPur3czvArp+pxNR
Size	368640 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	Ikarus = Trojan.Win32.Pirminay VBA32 = SScope.Trojan.Pirminay.chc Microsoft = TrojanDownloader:Win32/Renos.KC F-Secure = Gen:Trojan.Heur.RP.wmKfaKPInEbb Norman = W32/Obfuscated.L GData = Gen:Trojan.Heur.RP.wmKfaKPInEbb BitDefender = Gen:Trojan.Heur.RP.wmKfaKPInEbb NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:11 21:16:52-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 364544 Initialized Data Size : 8192 Uninitialized Data Size : 471040 Entry Point : 0xcc240 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1.0.3705.6018 Product Version Number : 1.0.3705.6018 File Flags Mask : 0x003f File Flags : Special build File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : Chinese (Simplified) Character Set : Windows, Chinese (Simplified) Company Name : Dxpkjhqgf Gfyznmciwop File Description : Mupksamtm .NET Runtime resources File Version : 1.0.3705.6018 Internal Name : MSCORRC.DLL Legal Copyright : 版权所有 (C) Ynipulbth Vqlqpbqhfoa 1998-2001。保留所有权利。 Legal Trademarks : Vgjlbztff(R) 是 Baavjxupr Jmettloiipp 的注册商标。Yazyhni(TM) 是 Lqnjuwfjc Qytqhqzafal 的商标 Original Filename : mscorrc.dll Product Name : Otfjsrkme .NET Framework Product Version : 1.0.3705.6018 Comments : Omrvrijzr .NET 运行库资源
VirusTotal Report submitted 2011-06-12 03:29:32
VirusShare info last updated 2012-07-26 13:36:34

	MD5	db4bb8040640525f6aa104e4c28fb862
	SHA1	3822bba057360887296034651b306f9c58984135
	SHA256	4e3de03ca876d3b021882cff1ff8d53474a8f2049cfcabe4a3083f0663d68984
SSDeep	3072:e0C+05OUL9z7ixY/aMFAH7rlW33OninJRkad6M:eP+05h5z7ixekH74HOiXkE
Size	106496 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-GD [Cryp] Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Genome Panda = Suspicious file nProtect = Trojan.Vundo.7147 K7AntiVirus = Riskware VirusBuster = Trojan.Genome!aflG0VOuklw TrendMicro-HouseCall = TROJ_GEN.R4FC2GB Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Genome.vnij McAfee-GW-Edition = Vundo!ju DrWeb = Trojan.Click1.63025 TrendMicro = TROJ_GEN.R4FC2GB Kaspersky = Trojan.Win32.Genome.vnij Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Genome.akzv McAfee = Vundo!ju F-Secure = Trojan.Vundo.7147 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.PNO Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Trojan.Vundo.7147 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Trojan.Vundo.7147 NOD32 = a variant of Win32/Adware.Virtumonde.NKO
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:01:06 17:18:11-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 49152 Initialized Data Size : 90112 Uninitialized Data Size : 0 Entry Point : 0x96dd OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.0.0.3422 Product Version Number : 2.0.0.3422 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : Qfvcysofc Corporation File Description : Mjpfshyda Agent Data Provider File Version : 2.00.0.3422 Internal Name : AgentDataProvider Legal Copyright : Copyright (C) Udxuqhanw Corp. 1997-98 Legal Trademarks : Original Filename : AgentDpv.dll Private Build : Product Name : Zkfnzoylw Agent Data Provider Product Version : 2.00.0.3422 Special Build :
VirusTotal Report submitted 2012-06-24 03:49:41
VirusShare info last updated 2012-07-26 13:37:07

	MD5	de9ffff04e2f665148a41621033f043c
	SHA1	4f2e5d021db005524ce93de2fdb387c2ebc7d5be
	SHA256	768ffffb78a5caecbf9ab0e308a77ffdfd9797fe4abd6e8a4af8f0bfb2f1f114
SSDeep	1536:0JKnob32QvQFWveGtyHpQ82zsM+EGzG+BhHk4StYMtd4K+pm6s6pAG:0cnob3fvWHm82zsM+EreHk47Pa6iG
Size	83968 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Menti Panda = Suspicious file nProtect = Gen:Variant.Vundo.6 K7AntiVirus = Riskware VBA32 = AdWare.SuperJuan.heur TrendMicro-HouseCall = TROJ_GEN.R4FC2IF Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Vundo.Gen McAfee-GW-Edition = Artemis!DE9FFFF04E2F DrWeb = Trojan.Siggen2.56183 TrendMicro = TROJ_GEN.R4FC2IF Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Menti.fam!tr PCTools = Trojan.Gen Jiangmin = Trojan/Menti.bea McAfee = Artemis!DE9FFFF04E2F F-Secure = Gen:Variant.Vundo.6 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Cryptic.BTF Norman = W32/Kryptik.AIF GData = Gen:Variant.Vundo.6 Symantec = Trojan.Gen.2 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.izc BitDefender = Gen:Variant.Vundo.6 NOD32 = a variant of Win32/Kryptik.IZC
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:05:11 05:10:22-04:00 PE Type : PE32 Linker Version : 5.0 Code Size : 33280 Initialized Data Size : 85504 Uninitialized Data Size : 0 Entry Point : 0x8eca OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.0.2920.0 Product Version Number : 5.0.2920.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Internet Connection Wizard Trial Reminder Helper File Version : 5.00.2920.0000 Internal Name : trialoc Legal Copyright : Copyright (C) Microsoft Corp. 1991-1999 Original Filename : trialoc.dll Product Name : Microsoft(R) Windows (R) 2000 Operating System Product Version : 5.00.2920.0000 Ole Self Register :
VirusTotal Report submitted 2011-10-19 06:38:27
VirusShare info last updated 2012-07-26 13:38:23

	MD5	0f5ccb7a8edfd32cbdf1a5dd5c530e20
	SHA1	a039d377a3611aaf43bea46062cbaa83b85f2a19
	SHA256	4f7adec8465e8f265a5623805d9ea00ea6c4adda66996558d192b5101971cef4
SSDeep	3072:uUap7ojWMSxglr4ECTDJZJ98pO0B7fuM9+5BVci1p:sfTYZCTV3ek0zccG
Size	110592 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Menti Panda = Suspicious file nProtect = Trojan/W32.Agent.110592.XL K7AntiVirus = Riskware VBA32 = AdWare.SuperJuan.heur TrendMicro-HouseCall = TROJ_GEN.R4FC1KM Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Menti.hnkr McAfee-GW-Edition = Artemis!0F5CCB7A8EDF DrWeb = Trojan.Siggen2.22758 TrendMicro = TROJ_GEN.R4FC1KM Kaspersky = Trojan.Win32.Menti.hnkr Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Menti.fam!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Generic.cxbo McAfee = Artemis!0F5CCB7A8EDF F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic24.AJWE Norman = W32/Kryptik.AIF Symantec = Trojan.Gen GData = Gen:Variant.Vundo.4 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Menti.gfmj BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.KFJ
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:03:16 01:51:29-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 57344 Initialized Data Size : 86016 Uninitialized Data Size : 0 Entry Point : 0xe534 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.0 Product Version Number : 5.2.3790.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Windows NT Distributed File System Service File Version : 5.2.3790.0 (srv03_rtm.030324-2048) Internal Name : dfssvc.exe Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : dfssvc.exe Product Name : Microsoft® Windows® Operating System Product Version : 5.2.3790.0
VirusTotal Report submitted 2012-06-24 04:24:21
VirusShare info last updated 2012-07-26 13:38:44

	MD5	23d21b942b85c0386f12ceee4226fd48
	SHA1	4f89a23f3bc3eaf8b56eb161ea2ec6fe29a9efb3
	SHA256	1e7a7ea30ae7dab24c1fb5bc7c3245b0ea5c3bbae7c7a10999c4a342cd21c2d7
SSDeep	3072:BiCFb8B9JlvOUe3KEicOeChixTsQZD2H6jtkJWCqIld8JCo+MqqDLy/W1W:4CFE53eaNeCAUafIlQvqqDLugW
Size	188928 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.XPACK.Gen Avast = Win32:MalOb-HF [Cryp] Antiy-AVL = Trojan/win32.agent.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Suspicious file nProtect = Gen:Variant.Katusha.5 K7AntiVirus = Riskware VirusBuster = Trojan.Vundo.Gen!Pac.49 TrendMicro-HouseCall = TROJ_GEN.R4FC2IM Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Artemis!23D21B942B85 DrWeb = Trojan.MulDrop2.36782 TrendMicro = TROJ_GEN.R4FC2IM Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.irfm McAfee = Artemis!23D21B942B85 F-Secure = Gen:Variant.Katusha.5 F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.AELP Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen Symantec = Trojan.Gen GData = Gen:Variant.Katusha.5 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.lxf BitDefender = Gen:Variant.Katusha.5 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:11 22:43:04-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 147456 Initialized Data Size : 90112 Uninitialized Data Size : 0 Entry Point : 0x20b82 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.0.0.3422 Product Version Number : 2.0.0.3422 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : Microsoft Corporation File Description : Microsoft Agent Data Provider File Version : 2.00.0.3422 Internal Name : AgentDataProvider Legal Copyright : Copyright (C) Microsoft Corp. 1997-98 Legal Trademarks : Original Filename : AgentDpv.dll Private Build : Product Name : Microsoft Agent Data Provider Product Version : 2.00.0.3422 Special Build :
VirusTotal Report submitted 2011-11-17 03:55:24
VirusShare info last updated 2012-07-26 13:38:46

	MD5	f1611f6e5c9f8b7a4d331a6f14ddd52c
	SHA1	7561102e681398909a15129281140d4e5456e699
	SHA256	50b4d1b3d12de5f572ebfa029e87731e18acf4aadc66ff0009add11680f71307
SSDeep	1536:/QH1KUOD2px1Kt1NTEwJmmd1JmtSsn/GbloKc4:4YBDtLNX8qsbn/Gblo
Size	98304 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-GD [Cryp] Antiy-AVL = Trojan/Win32.Monder.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.HDC Panda = Suspicious file nProtect = Trojan/W32.Agent.98304.BJO K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_GEN.R4FC3IF Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Monder.myry McAfee-GW-Edition = Vundo!nx DrWeb = Trojan.WinSpy.1294 TrendMicro = TROJ_GEN.R4FC3IF Kaspersky = Trojan.Win32.Monder.myry Microsoft = Trojan:Win32/Vundo.gen!AV ViRobot = Trojan.Win32.A.Monder.98304.U Fortinet = W32/Monder.BMF!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Monder.acyi McAfee = Vundo!nx F-Secure = Trojan.Generic.6820743 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.AHLC Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Trojan.Generic.6820743 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Trojan.Generic.6820743 NOD32 = a variant of Win32/Kryptik.NDI
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:08:16 05:40:41-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 28672 Initialized Data Size : 98304 Uninitialized Data Size : 0 Entry Point : 0x4615 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.0.2195.6656 Product Version Number : 5.0.2195.6656 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Psuvjjskt Pmuemtkmlgl File Description : Still Image Devices Monitor File Version : 5.00.2195.6656 Internal Name : STIMON Legal Copyright : Copyright (C) Microsoft Corp. 1996-1997 Original Filename : STIMON.EXE Product Name : Yddkcypfk(R) Lkfxron (R) 2000 Qutwkjwda Lzkone Product Version : 5.00.2195.6656
VirusTotal Report submitted 2012-06-24 04:58:48
VirusShare info last updated 2012-07-26 13:40:23

	MD5	00027724ec0bfd2d545a7b5a84d358d3
	SHA1	5107e5c7a4d9e9ac2f3603ea4669982c7304e8d3
	SHA256	2530143656d291e86cc1facc4bd5b84dda08033daba43fcfa0026d774d6e6688
SSDeep	3072:Dg4epI2lyZCuscVVus4wVGS8Hxm9nrPOD:Ddh3CuscPus5VGMRPOD
Size	117248 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.307200 Avast = Win32:Pirminay-W [Trj] Antiy-AVL = Trojan/Win32.Monder.gen Ikarus = Trojan.Win32.Vundo AhnLab-V3 = Trojan/Win32.FakeAV Panda = Generic Trojan Rising = Trojan.Win32.Generic.12951938 nProtect = Trojan/W32.Monder.117248.E K7AntiVirus = Riskware VBA32 = Trojan.Monder.drjy eTrust-Vet = Win32/Monder.A!generic TrendMicro-HouseCall = TROJ_GEN.R47C2FI Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Vundo!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[Cont] McAfee-GW-Edition = Artemis!00027724EC0B DrWeb = Trojan.Virtumod.9786 TrendMicro = TROJ_GEN.R47C2FI Kaspersky = Trojan.Win32.Monder.drjy Microsoft = Trojan:Win32/Vundo.gen!AV ViRobot = Trojan.Win32.S.Monder.117248 Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Monder.aaia McAfee = Artemis!00027724EC0B F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) eSafe = Win32.TRVundo F-Prot = W32/Virtumonde.CD.gen!Eldorado AVG = Generic21.BBBL Norman = W32/Suspicious_Gen2.MWPOF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.13 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CD.gen!Eldorado TheHacker = Trojan/Kryptik.lxf BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:04:25 19:50:00-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 36864 Initialized Data Size : 122880 Uninitialized Data Size : 0 Entry Point : 0x64d5 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.0 Product Version Number : 5.2.3790.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Zvakkoyhz Cnuwrtngooq File Description : Client Service for NetWare Provider and Authentication Package DLL File Version : 5.2.3790.0 (srv03_rtm.030324-2048) Internal Name : nwprovau.dll Legal Copyright : © Microsoft Xbxpqnmskcp. All rights reserved. Original Filename : nwprovau.dll Product Name : Crtpxhtgw® Gwwynyh® Qpfostndn Qcmiwo Product Version : 5.2.3790.0
VirusTotal Report submitted 2011-10-19 10:34:18
VirusShare info last updated 2012-07-26 13:40:55

	MD5	ddc63fff7d568f1e82c22ba2613113e5
	SHA1	514c906ddba5e5da6a2df53054aa2da85f21b7dc
	SHA256	1b90dc9b05ec917dd7995127d0d0a525333771c6dff0d52ebef83986398b4515
SSDeep	6144:kRmCFsqAGUT+RcVD/lW+zhEAE6QKKzAEuEcbalinfBHsUj9lii7+AKCEAzB:kqJGBCD/M+06NEwnfBMmbZEAzB
Size	381445 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.6.89 Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/Win32.Jorik.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Jorik Panda = Suspicious file nProtect = Gen:Variant.Vundo.6 K7AntiVirus = Riskware VBA32 = SScope.Trojan.Pirminay.chc TrendMicro-HouseCall = TROJ_GEN.R4FC3IE Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Downloader.a!xm DrWeb = Trojan.Hosts.4953 TrendMicro = TROJ_GEN.R4FC3IE Kaspersky = Trojan.Win32.Jorik.Pirminay.api Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.ADH Jiangmin = Trojan/Jorik.tie McAfee = Downloader.a!xm F-Secure = Gen:Variant.Vundo.6 VIPRE = Trojan.Win32.Generic!BT F-Prot = W32/FakeAlert.LP.gen!Eldorado AVG = Generic25.ACZB Norman = W32/Suspicious_Gen2.QHTXY GData = Gen:Variant.Vundo.6 Commtouch = W32/FakeAlert.LP.gen!Eldorado TheHacker = Trojan/Kryptik.izc BitDefender = Gen:Variant.Vundo.6 NOD32 = a variant of Win32/Kryptik.IZC
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:04 13:18:00-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 374784 Initialized Data Size : 357888 Uninitialized Data Size : 0 Entry Point : 0x5c46c OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.2180 Product Version Number : 5.1.2600.2180 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Microsoft® License Server Interface DLL File Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Internal Name : ntlsapi.dll Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : ntlsapi.dll Product Name : Microsoft® Windows® Operating System Product Version : 5.1.2600.2180
VirusTotal Report submitted 2011-11-28 05:46:35
VirusShare info last updated 2012-07-26 13:41:20

	MD5	deb6ca3ca44c1d42cdb29da79ffbef8e
	SHA1	9ffaa3459a4a8abbe62537f49db06cc84a47d3ee
	SHA256	51c942c6dd24bcbf7bc5f46a514229783b37b13afe12452bfe8ea9b5f10b520c
SSDeep	6144:jKGRwFJkWWCPIdDfHeDK+bSArqQzj5e8eOD:jK1xv/ITUeu
Size	229413 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:Downloader-JEH [Trj] Ikarus = Trojan.Win32.Jorik AhnLab-V3 = Trojan/Win32.Jorik Panda = Suspicious file nProtect = Trojan.Generic.6411322 K7AntiVirus = Riskware VirusBuster = Trojan.Injector!RnRC6TivcGI VBA32 = TrojanDownloader.CodecPack.sjt TrendMicro-HouseCall = TROJ_RENOS.BMC Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Jorik!IK CAT-QuickHeal = Trojan.Jorik.Pirminay.atw McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.WinSpy.1014 TrendMicro = TROJ_RENOS.BMC Kaspersky = Trojan.Win32.Jorik.Pirminay.atw Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Jorik.K!tr PCTools = Trojan.ADH Jiangmin = Trojan/Generic.hxys McAfee = Generic Malware.ms F-Secure = Trojan.Generic.6411322 VIPRE = Trojan.Win32.Generic!BT AVG = Dropper.Generic4.TYV Norman = W32/Obfuscated.L GData = Trojan.Generic.6411322 Symantec = Trojan.ADH TheHacker = Trojan/Jorik.Pirminay.gn BitDefender = Trojan.Generic.6411322 NOD32 = a variant of Win32/Injector.HZU
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 225280 Initialized Data Size : 4096 Uninitialized Data Size : 45056 Entry Point : 0x42c00 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.1106 Product Version Number : 5.1.2600.1106 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Uhaaruimv Corporation File Description : Schedule Tasks File Version : 5.1.2600.1106 (xpsp1.020828-1920) Internal Name : SchTasks.exe Legal Copyright : © Hvszzqzko Ayjiatrrgab. All rights reserved. Original Filename : ScTasks.exe Product Name : Sppufspos® Jucjimo® Lzfcssxbv Belchn Product Version : 5.1.2600.1106
VirusTotal Report submitted 2012-06-24 05:28:11
VirusShare info last updated 2012-07-26 13:42:10

	MD5	e0bcce62bc17811660fdc8e882f8a119
	SHA1	8a8c5f0941a5c03e09bb5f041b47052fbcfb9b9b
	SHA256	534b748f17745ccee2f10fddbd2013b0e63b42822f1336037954b1bd99b34d0f
SSDeep	6144:qbr47+qinstMgQgRnyoFz8Nr9XFFxTH+likQojkfiIrqsusJX5NLAe:oFq+sGYyo6RZFF9HcQfluaXLLP
Size	334949 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Pirminay.bjk Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Malware.334949 Panda = Suspicious file Rising = Trojan.Win32.Generic.126DBE17 nProtect = Trojan.Generic.6537674 K7AntiVirus = Riskware VBA32 = SScope.Trojan.Pirminay.chc TrendMicro-HouseCall = TROJ_SPYPRO.SM Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Renos McAfee-GW-Edition = Kryp.b DrWeb = Trojan.MulDrop1.60277 TrendMicro = TROJ_SPYPRO.SM Kaspersky = Trojan.Win32.Pirminay.jwz Microsoft = TrojanDownloader:Win32/Renos.KC Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Milicenso TotalDefense = Win32/Ponmocup.A Jiangmin = Trojan/Pirminay.gy McAfee = Kryp.b ClamAV = Trojan.Agent-183368 F-Secure = Trojan.Generic.6537674 VIPRE = Trojan.Win32.Generic!BT F-Prot = W32/FakeAlert.LP.gen!Eldorado AVG = Generic20.BEEO Norman = Pirminay.B Sophos = Troj/Virtum-Gen GData = Trojan.Generic.6537674 Symantec = Trojan.Milicenso Commtouch = W32/FakeAlert.LP.gen!Eldorado TheHacker = Trojan/Pirminay.bih BitDefender = Trojan.Generic.6537674 NOD32 = a variant of Win32/Kryptik.JIB
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:08:30 13:56:32-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 23040 Initialized Data Size : 603648 Uninitialized Data Size : 0 Entry Point : 0x6552 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.0.0.3422 Product Version Number : 2.0.0.3422 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : Hebrew Character Set : Unicode Comments : Company Name : Microsoft Corporation File Description : Microsoft Agent International Dll File Version : 2.00.0.3422 Internal Name : agt040d Legal Copyright : Copyright (C) Microsoft Corp. 1998 Legal Trademarks : Original Filename : agt040d.dll Private Build : Product Name : Microsoft Agent International Dll Product Version : 2.00.0.3422 Special Build :
VirusTotal Report submitted 2012-06-24 06:05:49
VirusShare info last updated 2012-07-26 13:43:26

	MD5	562d1a0dca4be51e191385f86cf0479f
	SHA1	652192c819989f1bcbb0f0647ae6de177eeb78c0
	SHA256	537fcbc7baf7d122f3691c8e6825ac1128099c6f99d4af2fe4b7c81242469665
SSDeep	3072:inM7whU8q8zM97tu1G31fyuAoFMqqDLy/r4SV8:OM78zqha8mqqDLu1V8
Size	118784 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-HH [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Genome Panda = Trj/Genetic.gen K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!N+bekwzmRME TrendMicro-HouseCall = TROJ_GEN.R11C2GH Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Genome.uxgw SUPERAntiSpyware = Trojan.Agent/Gen-Kundo McAfee-GW-Edition = Artemis!562D1A0DCA4B DrWeb = Trojan.Click1.63787 TrendMicro = TROJ_GEN.R11C2GH Kaspersky = Trojan.Win32.Genome.uxgw Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Generic.aaznh McAfee = Artemis!562D1A0DCA4B F-Secure = Gen:Variant.Vundo.16 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.AGKM Norman = W32/Suspicious_Gen2.TROQC Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.16 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Genome.srdh BitDefender = Gen:Variant.Vundo.16 NOD32 = probably a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:16 03:31:27-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 40960 Initialized Data Size : 118784 Uninitialized Data Size : 0 Entry Point : 0x6ec2 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1998.11.13.0 Product Version Number : 7.0.6.23 File Flags Mask : 0x003f File Flags : (none) File OS : Win16 Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Windows, Latin1 Platform : Windows Company Name : Microsoft Corporation File Description : SQL Client Configuration Utility. File Version : 1998.11.13 Internal Name : CLICONFG. Legal Copyright : Copyright © Microsoft Corp. 1988-1998 Legal Trademarks : Microsoft® is a registered trademark of Microsoft Corporation. Windows(TM) is a trademark of Microsoft Corporation Original Filename : CLICONFG.EXE. Product Name : Microsoft SQL Server Product Version : 7.00.623 Comments : Windows
VirusTotal Report submitted 2012-06-24 06:11:48
VirusShare info last updated 2012-07-26 13:43:36

	MD5	99d73b64d36a2d609494696d9851daf9
	SHA1	923dd1869476a6836b293b8dc76b81024a2a6a6b
	SHA256	54442e87375a6f5db7df53f31a1c461d9d8e3d0d98f5af6350eb0a2553a02d0b
SSDeep	6144:HTXy/CKfN+qgUAnqMWe5F73nRlhjZi7D2:LDKlmUFELVViH2
Size	256933 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Jorik AhnLab-V3 = Trojan/Win32.FakeAV Panda = Suspicious file nProtect = Trojan.Generic.6566020 K7AntiVirus = Riskware VirusBuster = Trojan.Injector!26K9I6fPyrg VBA32 = TrojanDownloader.Qhost.jw TrendMicro-HouseCall = TROJ_GEN.R4FCDF5 Emsisoft = Trojan.Win32.Jorik!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Heuristic.LooksLike.Win32.Suspicious.F DrWeb = Trojan.WinSpy.1014 TrendMicro = TROJ_GEN.R4FCDF5 Kaspersky = Trojan.Win32.Jorik.Pirminay.bgz ViRobot = Trojan.Win32.Generic.213555[UPX] Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Jorik.K!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.hxys McAfee = Artemis!99D73B64D36A F-Secure = Trojan.Generic.6566020 VIPRE = Trojan.Win32.Generic!BT AVG = Dropper.Generic4.SZD Norman = W32/Obfuscated_L.HU Sophos = Troj/Virtum-Gen GData = Trojan.Generic.6566020 Symantec = Trojan.Gen TheHacker = Trojan/Jorik.Pirminay.gd BitDefender = Trojan.Generic.6566020 NOD32 = a variant of Win32/Injector.HZU
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 229376 Initialized Data Size : 28672 Uninitialized Data Size : 57344 Entry Point : 0x46600 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 0.3.1281.0 Product Version Number : 6.0.5479.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 12 Language Code : Arabic Character Set : Unicode Company Name : Microsoft Corporation File Description : برنامج تشغيل الطابعة panson24 File Version : 6.0.5479.0 (vbl_wcp_d2_drivers.060616-1619) Internal Name : pa24w9x.dll Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : pa24w9x.dll Product Name : Microsoft® Windows® Operating System Product Version : 6.0.5479.0
VirusTotal Report submitted 2012-06-24 06:31:22
VirusShare info last updated 2012-07-26 13:44:13

	MD5	387b471169f64638aff5674a86a995f2
	SHA1	5633df9d669c6ed9e08c6a406c7ebeeb1e669e09
	SHA256	80c94321f48c30ea534ef84ef4440ee311aa2b6ce3c2f1c24ba056066e9caff6
SSDeep	6144:gtY2nszPX5/ktKB82mR8R/gxC8VPjogqJRTlyWmCQ:gc/5xBFJj8BogMlyx
Size	237056 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:Pirminay-DT [Trj] Antiy-AVL = Trojan/Win32.Jorik Ikarus = Trojan.Win32.Jorik AhnLab-V3 = Trojan/Win32.Jorik Panda = Generic Trojan nProtect = Trojan/W32.Jorik.237056.B K7AntiVirus = Trojan VirusBuster = Trojan.DR.Agent!OWQJkQl3hlE VBA32 = Trojan.Jorik.Pirminay.ana TrendMicro-HouseCall = TROJ_GEN.R3EC7JG Comodo = TrojWare.Win32.Trojan.Agent.Gen Emsisoft = Trojan.Win32.Jorik!IK CAT-QuickHeal = Trojan.Jorik.Pirminay.ana McAfee-GW-Edition = Heuristic.LooksLike.Win32.FakeXPA.B DrWeb = Trojan.Fakealert.25677 ByteHero = Trojan.Malware.Win32.xPack.l TrendMicro = TROJ_GEN.R3EC7JG Kaspersky = Trojan.Win32.Jorik.Pirminay.ana Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Jorik_Pirminay.A!tr PCTools = Trojan.Gen Jiangmin = Trojan/Jorik.srx McAfee = Generic Malware.ms F-Secure = Gen:Variant.Graftor.1488 VIPRE = Trojan.Win32.Generic!BT AVG = Dropper.Generic4.BKRT Norman = W32/Obfuscated.L GData = Gen:Variant.Graftor.1488 Symantec = Trojan.Gen TheHacker = Trojan/Downloader.Agent.pxo BitDefender = Gen:Variant.Graftor.1488 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 28672 Initialized Data Size : 217088 Uninitialized Data Size : 0 Entry Point : 0x154b OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Sjvmpybqr Vcjvkkvgzsv File Description : Quarantine Server Management File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : QSvrMgmt.DLL Legal Copyright : © Ghckiyzrk Oyorkaasxzv. All rights reserved. Original Filename : QSvrMgmt.DLL Product Name : Umlcsoyqc® Odzhzzg® Ranjagawf Gopdjd Product Version : 6.1.7600.16385
VirusTotal Report submitted 2012-04-30 20:57:24
VirusShare info last updated 2012-07-26 13:45:53

	MD5	399691a67b7e9230d9328c1a5794df12
	SHA1	da8122e08fd3cf7a24b523850daf696f211fd961
	SHA256	582ee07a2f204889004bc3d89af3b78c402058aa6a7aeb40d4cc454eb94a2fe8
SSDeep	3072:/vZH8oFJbA832k1ORG5CppKFFrOolEMqqDLy/Pn+Pe/4NKCnsT:/vhGqXORGqpw1OeqqDLuPsOuKqs
Size	160768 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-HF [Cryp] Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Vundo Panda = Generic Trojan Rising = Trojan.Win32.Generic.1289ABC8 nProtect = Trojan/W32.Genome.160768 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!4OpO7Jrai9Y TrendMicro-HouseCall = TROJ_GEN.R11C2HA Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Genome.vdcw McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.Click1.64012 TrendMicro = TROJ_GEN.R11C2HA Kaspersky = Trojan.Win32.Genome.vdcw Microsoft = Trojan:Win32/Vundo.gen!AV ViRobot = Trojan.Win32.Vundo.160768 Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Generic.ijxo McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.AZQC Norman = W32/Suspicious_Gen2.SHCYH Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.lxf BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:08:19 09:46:42-04:00 PE Type : PE32 Linker Version : 5.12 Code Size : 94208 Initialized Data Size : 118784 Uninitialized Data Size : 0 Entry Point : 0x13a32 OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.6.7000.0 Product Version Number : 6.6.7000.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Vnrmgjtri Lpzybpvwlac File Description : DirectShow Runtime. File Version : 6.6.7000.0 (winmain_win7beta.081212-1400) Internal Name : QCap.dll Legal Copyright : © Uytnvwlob Dbtjrslawzr. All rights reserved. Original Filename : QCap.dll Product Name : Rkathmooi® Rufbqqx® Vnvlhzjpv Gjyxup Product Version : 6.6.7000.0 Ole Self Register :
VirusTotal Report submitted 2012-06-24 08:25:14
VirusShare info last updated 2012-07-26 13:47:25

	MD5	a9271c0f022d061c8e4cee985d994e33
	SHA1	5cf294d4089803ab2efc6feccf888ca319d1e24a
	SHA256	c95fad0cd271c09f2ffb11733c3cc47962f815b2702e9c924c6922e60de07e6a
SSDeep	3072:iqkJ8lPU8b8zM97tu1G31fyuAoeMqqDLy/T4SV8:XkJu8zqha8VqqDLudV8
Size	118784 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Genome Panda = Trj/Genetic.gen nProtect = Gen:Variant.Vundo.16 K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_GEN.R4FC2IG Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Kundo TrendMicro = TROJ_GEN.R4FC2IG Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen McAfee = Artemis!A9271C0F022D F-Secure = Gen:Variant.Vundo.16 F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.AGKM Norman = W32/Suspicious_Gen2.QTFSA Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.16 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Genome.srdh BitDefender = Gen:Variant.Vundo.16 NOD32 = probably a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:16 03:31:27-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 40960 Initialized Data Size : 118784 Uninitialized Data Size : 0 Entry Point : 0x6ec2 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1998.11.13.0 Product Version Number : 7.0.6.23 File Flags Mask : 0x003f File Flags : (none) File OS : Win16 Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Windows, Latin1 Platform : Windows Company Name : Microsoft Corporation File Description : SQL Client Configuration Utility. File Version : 1998.11.13 Internal Name : CLICONFG. Legal Copyright : Copyright © Microsoft Corp. 1988-1998 Legal Trademarks : Microsoft® is a registered trademark of Microsoft Corporation. Windows(TM) is a trademark of Microsoft Corporation Original Filename : CLICONFG.EXE. Product Name : Microsoft SQL Server Product Version : 7.00.623 Comments : Windows
VirusTotal Report submitted 2011-10-16 08:45:50
VirusShare info last updated 2012-07-26 13:51:58

	MD5	7bc98c627573298836ae1bcf18b573b6
	SHA1	5d32197927152e7387eb75f0d930d54caee7f3aa
	SHA256	5cb1ea0b3c4bf46aec56d2e7abea0990810064a02b3e29a4dbd7f0463dd5c65f
SSDeep	3072:gyJw5akUH7ntjuocR/xweCrf7/TiKzfULm3bEo7jv1F:gWqakoKocR5weubbz8LmLBt
Size	120832 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-GD [Cryp] Ikarus = Trojan.Win32.Pirminay Panda = Trj/Genetic.gen nProtect = Gen:Variant.Graftor.1575 K7AntiVirus = Trojan VirusBuster = Trojan.Kryptik.Gen.16 TrendMicro-HouseCall = TROJ_GEN.R72C7KR Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[Cont] McAfee-GW-Edition = Artemis!7BC98C627573 DrWeb = Trojan.WinSpy.1073 TrendMicro = TROJ_GEN.R72C7KR Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Vundo Jiangmin = Trojan/Generic.imrk McAfee = Artemis!7BC98C627573 F-Secure = Gen:Variant.Graftor.Elzob.230 VIPRE = Trojan.Win32.Kryptik.laq (v) eSafe = Win32.TRVundo F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic26.GAN Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Graftor.Elzob.230 Symantec = Trojan.Vundo!gen9 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.npn BitDefender = Gen:Variant.Graftor.Elzob.230 NOD32 = a variant of Win32/Kryptik.NPN
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:14 13:39:47-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 69632 Initialized Data Size : 94208 Uninitialized Data Size : 0 Entry Point : 0x11a81 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1.3.0.3130 Product Version Number : 1.3.0.3130 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Jywyluocc Vhpbrgajfmp File Description : TDC ActiveX Control File Version : 1, 3, 0, 3130 Internal Name : TDC Legal Copyright : Copyright © 1996, 1997 Original Filename : TDC.OCX Product Name : Tabular Data Control Product Version : 1, 3, 0, 3130
VirusTotal Report submitted 2012-01-04 18:11:35
VirusShare info last updated 2012-07-26 13:52:11

	MD5	e404472d514a7c226e3ab8a67b909697
	SHA1	5fed5f40ad3e962aac410e4fc74562b120b6a29c
	SHA256	c1c3a465ed93288154cd7088ca92a6248f7e8297e556f664676f337c7cc25131
SSDeep	6144:PA1QWhvG4AcNNX0gwdqT1oVjvKvBDgxOz7:PLWhv5hQ8oMpFX
Size	222756 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Jorik Ikarus = Trojan-Downloader.Win32.Ponmocup AhnLab-V3 = Trojan/Win32.Pirminay Panda = Suspicious file nProtect = Trojan.Generic.6696889 VirusBuster = Trojan.Injector!Ne3IOOQZRrs TrendMicro-HouseCall = TROJ_GEN.R4FC8J7 Comodo = UnclassifiedMalware Emsisoft = Trojan-Downloader.Win32.Ponmocup!IK CAT-QuickHeal = Trojan.Jorik.Pirminay.ato McAfee-GW-Edition = Heuristic.LooksLike.Win32.Suspicious.B TrendMicro = TROJ_GEN.R4FC8J7 Kaspersky = Trojan.Win32.Jorik.Pirminay.ato Microsoft = Trojan:Win32/Vundo.gen!CD Fortinet = W32/Malware_fam.NB PCTools = Trojan.ADH Jiangmin = Trojan/Generic.kfzm McAfee = Downloader.a!b2c F-Secure = Trojan.Generic.6696889 VIPRE = Trojan.Win32.Generic!BT AVG = Dropper.Generic4.AJIS Norman = W32/Vundo.UWC Sophos = Mal/Generic-L GData = Trojan.Generic.6696889 Symantec = Trojan.ADH.2 BitDefender = Trojan.Generic.6696889 NOD32 = a variant of Win32/Kryptik.UFA
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 16384 Initialized Data Size : 212992 Uninitialized Data Size : 0 Entry Point : 0x12ae OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.5512 Product Version Number : 5.1.2600.5512 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Ommsnbahf Rtvgcjagbtw File Description : NetMeeting Interface Marshaling Library File Version : 5.1.2600.5512 Internal Name : confmrsl Legal Copyright : Copyright © Ayqmqogtm Xafbbmudpzx 1996-2001 Legal Trademarks : Vaqtwbdun® is a registered trademark of Ogxizhyen Bkhxmvjgnpc. Cpqffme® is a registered trademark of Nqahsrrwg Qghhatbyjtj. Original Filename : confmrsl.dll Product Name : Bemerfc® NetMeeting® Product Version : 3.01
VirusTotal Report submitted 2012-06-26 07:07:36
VirusShare info last updated 2012-07-26 13:54:19

	MD5	aa633fb10bb5ab7915d9dcc616b8b9fe
	SHA1	61e460562b8eb76d3bc9a10a8979f606ea336a3b
	SHA256	b32b935e60482043c92c4c8e34b2d0f54b11d4661807e9ffb0c085b44635e685
SSDeep	6144:HRBVjnFIOXDPqPx1SPcWwP0yfBwfLtwvQwP1YHsJ2Rlw3GwTkO8:HQOzP+xSwB6fpwtPdOw3G3L
Size	338406 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Pirminay.bhl Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Suspicious file K7AntiVirus = Riskware VBA32 = SScope.Trojan.Pirminay.chc TrendMicro-HouseCall = TROJ_GEN.R21C1KB Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Heuristic.BehavesLike.Win32.Suspicious.H DrWeb = Trojan.DownLoader4.45530 TrendMicro = TROJ_GEN.R21C1KB Kaspersky = Trojan.Win32.Pirminay.pdd Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = PossibleThreat PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.gq McAfee = Kryp.b ClamAV = Trojan.Agent-183370 F-Secure = Backdoor.Generic.542881 VIPRE = Trojan.Win32.Generic!BT F-Prot = W32/FakeAlert.LP.gen!Eldorado AVG = Generic20.BASW Norman = W32/Suspicious_Gen2.ROALJ Sophos = Troj/Virtum-Gen Symantec = Trojan.Gen GData = Backdoor.Generic.542881 Commtouch = W32/FakeAlert.LP.gen!Eldorado TheHacker = Trojan/Pirminay.bhj BitDefender = Backdoor.Generic.542881 NOD32 = a variant of Win32/Kryptik.JIW
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:08:14 01:54:42-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 73216 Initialized Data Size : 520192 Uninitialized Data Size : 0 Entry Point : 0x12996 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.0.2134.1 Product Version Number : 5.0.2134.1 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Windows NT Macintosh Font Manager File Version : 5.00.2134.1 Internal Name : sfmpsfnt.dll Legal Copyright : Copyright (C) Microsoft Corp. 1981-1999 Original Filename : sfmpsfnt.dll Product Name : Microsoft(R) Windows (R) 2000 Operating System Product Version : 5.00.2134.1
VirusTotal Report submitted 2011-11-18 03:54:35
VirusShare info last updated 2012-07-26 13:55:50

	MD5	d262ab6c6ec4d46b0f411ae97276347a
	SHA1	49fa6188884d19c1efa89473ba7626d795e72a22
	SHA256	62f6746e3923a50cb8bc40ba1a0972b8ef2a4b58aa43088203de4f2fc3a4d467
SSDeep	3072:AJT24/vegtK0rpWJGyUmFCVWxz6M5orCxeMhPG+LIXu:YT2+2gMkmQVWxzd+uG+C
Size	157184 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-GD [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Genome Panda = Suspicious file nProtect = Trojan/W32.Vundo.157184.B K7AntiVirus = Trojan VirusBuster = Trojan.Kryptik!/I3AAd5mC3M TrendMicro-HouseCall = TROJ_GEN.R4FC2GG Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Monder.nsvs McAfee-GW-Edition = Vundo!ln DrWeb = Trojan.Click1.54681 TrendMicro = TROJ_GEN.R4FC2GG Kaspersky = Trojan.Win32.Monder.nsvs Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Genome.akwc McAfee = Vundo!ln F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.XIB Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Gen:Variant.Vundo.4 NOD32 = probably a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2002:08:30 20:37:39-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 81920 Initialized Data Size : 122880 Uninitialized Data Size : 0 Entry Point : 0x116ca OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1.0.7000.0 Product Version Number : 1.0.7000.0 File Flags Mask : 0x0003 File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Nuafasjto Qyqlfxefiap File Description : Oxoolhuhi ® Script Control File Version : 1.0.7000.0 Internal Name : msscript.dll Legal Copyright : © Microsoft Izfzbyenwcn. All rights reserved. Original Filename : msscript.dll Product Name : Tqcnjrlom ® Script Control Product Version : 1.0.7000.0
VirusTotal Report submitted 2012-06-24 12:58:59
VirusShare info last updated 2012-07-26 13:56:36

	MD5	6eaee1430bcc64c9d07f3d69ba110526
	SHA1	bc0b25d29be63a61bf0155432006715246d77331
	SHA256	63e2941db4c83f1cd943cc74e368dee94452acb9ccf122d20f413712c75fc744
SSDeep	6144:FyMsJzVrZ2MW3kyDhZI/NnAHZaeKmeGdEjlbZebhrRBPMB+y:F8JyvUyDbMnA56f2hFBPMP
Size	250445 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:Trojan-gen Ikarus = Trojan.Win32.Jorik AhnLab-V3 = Trojan/Win32.Jorik Panda = Suspicious file nProtect = Trojan.Generic.6388140 K7AntiVirus = Riskware VirusBuster = Trojan.Injector!M/8mCdETuGI VBA32 = Trojan.Jorik.Pirminay.bu TrendMicro-HouseCall = TROJ_GEN.R28C2I9 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Jorik!IK CAT-QuickHeal = Trojan.Jorik.Pirminay.zr McAfee-GW-Edition = Artemis!6EAEE1430BCC DrWeb = Trojan.WinSpy.1014 TrendMicro = TROJ_GEN.R28C2I9 Kaspersky = Trojan.Win32.Jorik.Pirminay.zr Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Jorik.K!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.hxys McAfee = Artemis!6EAEE1430BCC F-Secure = Trojan.Generic.6388140 VIPRE = Trojan.Win32.Generic!BT AVG = Dropper.Generic4.RTQ Norman = W32/Suspicious_Gen2.RFDDH GData = Trojan.Generic.6388140 Symantec = Trojan.Gen TheHacker = Trojan/Jorik.Pirminay.kn BitDefender = Trojan.Generic.6388140 NOD32 = a variant of Win32/Injector.HZU
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 229376 Initialized Data Size : 24576 Uninitialized Data Size : 40960 Entry Point : 0x42510 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1.0.13.0 Product Version Number : 1.0.13.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 1 Language Code : Danish Character Set : Unicode Comments : Company Name : Igztgvurp Rvsmlsadwvg File Description : Lexmark 3200 Color Jetprinter File Version : 1, 0, 13, 0 Internal Name : LXSYSRES.DLL Legal Copyright : Copyright (C) Gkwziauas Corp. 1981-1997 Legal Trademarks : Original Filename : OEMRES Private Build : Product Name : Psyhpqmts(R) Nwoaxuy NT(R) Operativsystem Product Version : 1, 0, 13, 0 Special Build :
VirusTotal Report submitted 2012-06-24 13:21:24
VirusShare info last updated 2012-07-26 13:57:24

	MD5	bf50d41974924c478a4f60bc150d804e
	SHA1	6761fae2591ba2aed6e085d559c16b50e7f41dc2
	SHA256	c26e027f20496a427f553445dee73f81e91a41633e885ce502661616f9c410a2
SSDeep	1536:k9yFe3hb9MehQ/OQMV3CJhdfebbknHNM2/P23sqCW/:83hb9rEO3VyhYGNM628pW/
Size	66048 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Suspicious file nProtect = Trojan/W32.Vundo.66048 K7AntiVirus = Riskware Emsisoft = Trojan.Win32.Pirminay!IK Kaspersky = Trojan.Win32.Monder.mqnd Microsoft = Trojan:Win32/Vundo.gen!AV F-Secure = Gen:Variant.Vundo.5 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-EI [Cryp] F-Prot = W32/Virtumonde.BZ.gen!Eldorado Norman = W32/Vundo.UUW Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.5 Commtouch = W32/Virtumonde.BZ.gen!Eldorado BitDefender = Gen:Variant.Vundo.5 NOD32 = probably a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2004:07:20 11:10:58-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 24576 Initialized Data Size : 78336 Uninitialized Data Size : 0 Entry Point : 0x6e0d OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.3959 Product Version Number : 5.2.3790.3959 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : SENS Connectivity API DLL File Version : 5.2.3790.3959 (srv03_sp2_rtm.070216-1710) Internal Name : SensApi.dll Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : SensApi.dll Product Name : Microsoft® Windows® Operating System Product Version : 5.2.3790.3959
VirusTotal Report submitted 2011-09-03 11:45:46
VirusShare info last updated 2012-07-26 14:02:02

	MD5	0e255cbf6dc8b76150732a117046359d
	SHA1	687c46c3a1357835de3a64fa690dbd540dc97604
	SHA256	4ebd053ff73236db570718dbb8200f4028c454f621961772c24b94d937f3fd5e
SSDeep	3072:RmykXrJFiU4MhAh5Z8cy/KV6zpp8eHhHApv8jd1lNcSwoZwYfO:UvbqUoh7WV2v2dNcSBfO
Size	167936 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.307200 Avast = Win32:MalOb-GD [Cryp] Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.FakeAV Panda = Trj/CI.A nProtect = Trojan/W32.Vundo.167936.D K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!7bKBwvYW7mo VBA32 = Trojan.Win32.Monder.muvv eTrust-Vet = Win32/Monder.A!generic TrendMicro-HouseCall = TROJ_GEN.R30C7IU Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[RE] McAfee-GW-Edition = Vundo!mh DrWeb = Trojan.Virtumod.10325 TrendMicro = TROJ_GEN.R30C7IU Kaspersky = Trojan.Win32.Monder.muvv Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Monder.ackh F-Secure = Gen:Variant.Vundo.4 VIPRE = Virtumonde F-Prot = W32/Virtumonde.CD.gen!Eldorado AVG = Generic22.ANCC Norman = W32/Kryptik.AIF Sophos = Mal/Generic-L GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CD.gen!Eldorado TheHacker = Trojan/Kryptik.ndi BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.NDI
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:01:18 00:19:53-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 102400 Initialized Data Size : 98304 Uninitialized Data Size : 0 Entry Point : 0x163c5 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6001.18000 Product Version Number : 6.0.6001.18000 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 8 Language Code : English (U.S.) Character Set : Unicode Company Name : Xztfevbqv Kbgbrtftghg File Description : Flnsgrboy ACM Audio Filter File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840) Internal Name : Jhyddtqsf ACM Audio Filter Legal Copyright : © Inorznyop Corporation. All rights reserved. Original Filename : msfltr32.acm Product Name : Xcsltbhjn® Zqtcvkp® Pgkevtdwi Lrgelv Product Version : 6.0.6001.18000
VirusTotal Report submitted 2011-10-20 04:59:07
VirusShare info last updated 2012-07-26 14:03:14

	MD5	f9675f54ca7271d33405c6f9f152ae4b
	SHA1	68a387d6f501e0c28e00d15d014400d94f7af05e
	SHA256	fa7c28330a94ee5af076ba1b6113685b6add364d817f3fd6b8a779365566aa65
SSDeep	1536:E9WN47Sy6kzXGC7FoLezHAcDzS//oQpTifbm:ErzX32ejAcCrebm
Size	77824 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.AV.734 Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/Win32.Monder.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Suspicious file nProtect = Trojan/W32.Agent.77824.ANL K7AntiVirus = Riskware VBA32 = AdWare.SuperJuan.heur eTrust-Vet = Win32/Monder.A!generic TrendMicro-HouseCall = TROJ_GEN.R4FC1JO Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Vundo.Gen McAfee-GW-Edition = Vundo!mj DrWeb = Trojan.Virtumod.9924 TrendMicro = TROJ_GEN.R4FC1JO Kaspersky = Trojan.Win32.Monder.muxt Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Menti.fam!tr PCTools = Trojan.Gen Jiangmin = Trojan/Monder.gzi McAfee = Vundo!mj F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic25.QFM Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen.2 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.kfj BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.KFJ
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:11:23 22:11:14-05:00 PE Type : PE32 Linker Version : 5.12 Code Size : 57344 Initialized Data Size : 49152 Uninitialized Data Size : 0 Entry Point : 0xe464 OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.0.2159.1 Product Version Number : 5.0.2159.1 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Metering Controls File Version : 5.00.2159.1 Internal Name : AVMETER Legal Copyright : ©1998 Active Voice Corporation. All rights reserved. Original Filename : AVMETER Product Name : Microsoft(R) Windows (R) 2000 Operating System Product Version : 5.00.2159.1
VirusTotal Report submitted 2011-11-10 21:36:01
VirusShare info last updated 2012-07-26 14:03:24

	MD5	97d83b6a46d887380bfd6337264b1d12
	SHA1	ab687924e4d7ebae816b40f36770a329cec0e68a
	SHA256	692504e4c2f1f4b3810bc8cf0800c784f33a3f50b0ecff857ddc7fdca565fcc6
SSDeep	1536:2q2quTpx/MqSBTi59ZVtod8kDwbPOldFEnmzr0PiKVnrXrlzMqqU+NV23S2kg:2ZjKTkkDwqmmzQ6SrrlzMqqDLy/kg
Size	102400 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-HH [Cryp] Ikarus = Trojan.Win32.Pirminay Panda = Suspicious file K7AntiVirus = Riskware VirusBuster = Trojan.Genome!EzLdtcRzDf8 TrendMicro-HouseCall = TROJ_GEN.R4FC8JV Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.WinSpy.1558 TrendMicro = TROJ_GEN.R4FC8JV Kaspersky = Trojan.Win32.Genome.xmvj Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.H!generic McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.4 VIPRE = Virtumonde F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Vundo.MH Norman = W32/Suspicious_Gen2.RNOGE Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen.2 Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Gen:Variant.Vundo.4 NOD32 = probably a variant of Win32/Agent.BTFXXVX
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:01:07 07:07:47-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 32768 Initialized Data Size : 110592 Uninitialized Data Size : 0 Entry Point : 0x4386 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 2 Language Code : Neutral Character Set : Unicode Company Name : Ncgvqefmh Ubulvuccdrh File Description : Azeri-Latin Keyboard Layout File Version : 6.0.6000.16386 (gqfth_rtm.061101-2205) Internal Name : kbdazel (3.13) Legal Copyright : © Nlksrxfsz Boegwxejlon. All rights reserved. Original Filename : kbdazel.dll Product Name : Yyvsapgsp® Pfjueuj® Ekfwwnwki Vlpzxg Product Version : 6.0.6000.16386
VirusTotal Report submitted 2012-06-24 15:28:46
VirusShare info last updated 2012-07-26 14:03:58

	MD5	ceba13f7826d53d0ca4f90d4ab9fc888
	SHA1	8301c8cd1b6a22a7dfc0898da1f1d5695986e9c3
	SHA256	6c2cb6315b16f8b17d9152b73b095770242a12238e39c0d4baf36fbe8bf436dd
SSDeep	6144:/PH3UairUacadWcpAHjivZJGK2mSocUWmebNBmnQ+w6NW9oMpjCWFCn5McPFnQ:nEomWciHjIRCUkBBR+wCMoY2WFCmIFnQ
Size	385630 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.ZPACK.Gen2 Avast = Win32:Vundo-JU [Trj] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.FakeAV nProtect = Trojan.Generic.5741135 K7AntiVirus = Riskware VirusBuster = Trojan.Agent!1NLcSVtF1mw TrendMicro-HouseCall = TROJ_RENOS.BMC Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Pirminay McAfee-GW-Edition = Downloader.a!bfb DrWeb = Trojan.DownLoader4.63979 TrendMicro = TROJ_RENOS.BMC Kaspersky = Trojan.Win32.Pirminay.pmy Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.edsa McAfee = Downloader.a!bfb F-Secure = Trojan:W32/Ponmocup.A VIPRE = Trojan.Win32.Generic!BT F-Prot = W32/Ponmocup.A.gen!Eldorado AVG = Startpage.NQX Norman = W32/Obfuscated_L.DE Sophos = Mal/Ponmocup-A GData = Trojan.Generic.5741135 Symantec = Trojan.Gen Commtouch = W32/Ponmocup.A.gen!Eldorado TheHacker = Trojan/Pirminay.enq BitDefender = Trojan.Generic.5741135 NOD32 = Win32/Qhost.NRX
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2002:09:01 22:59:25-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 364544 Initialized Data Size : 335872 Uninitialized Data Size : 0 Entry Point : 0x5625f OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 4.82.28.56 Product Version Number : 4.82.28.56 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 6 Language Code : Neutral Character Set : Unicode Company Name : Broadcom Gzbvnflbper File Description : BCM 802.11g Network Adapter wireless driver File Version : 4.82.28.56 built by: WinDDK Internal Name : bcmwl6.sys Legal Copyright : 1998-2006, Broadcom Corporation All Rights Reserved. Original Filename : bcmwl6.sys Product Name : BCM 802.11g Network Adapter wireless driver Product Version : 4.82.28.56
VirusTotal Report submitted 2012-06-24 16:45:28
VirusShare info last updated 2012-07-26 14:06:35

	MD5	dba29494651e3a7c36d1b9ec47b74234
	SHA1	2c65031c51cdfcf43f7a43894e737a094c13fa03
	SHA256	6cbe75ebe422dd3791859960eddee66500545c2f0e3abf732ca984a5708dcb28
SSDeep	3072:igZMSiQxsJD7DHDD9fQq+6AW0gBlEoCf601B78MXWbRs/99:igViQGJDHDDStvW0gBsH7xWVW
Size	135680 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:Malware-gen Ikarus = Trojan.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Suspicious file Rising = Trojan.Win32.Generic.1234D078 nProtect = Trojan/W32.Pirminay.135680 K7AntiVirus = Riskware VirusBuster = Trojan.Vundo!rhs4RsdKF6Y VBA32 = Trojan.Pirminay.bvs TrendMicro-HouseCall = TROJ_GEN.R45C2G8 Comodo = UnclassifiedMalware Emsisoft = Trojan.Pirminay!IK CAT-QuickHeal = Trojan.Pirminay.kby McAfee-GW-Edition = Artemis!DBA29494651E DrWeb = Trojan.Hosts.4535 TrendMicro = TROJ_GEN.R45C2G8 Kaspersky = Trojan.Win32.Pirminay.kby Microsoft = Trojan:Win32/Vundo.gen!AV ViRobot = Trojan.Win32.Vundo.135680 Fortinet = W32/Kryptik.ANL!tr PCTools = HeurEngine.MaliciousPacker TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Pirminay.en McAfee = Artemis!DBA29494651E F-Secure = Gen:Variant.Vundo.4 F-Prot = W32/Virtumonde.BZ.gen!Eldorado AVG = Generic23.BBOK Norman = W32/Kryptik.AIF GData = Gen:Variant.Vundo.4 Symantec = Packed.Generic.305 Commtouch = W32/Virtumonde.BZ.gen!Eldorado TheHacker = Trojan/Pirminay.clm BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.HNY
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:09:07 10:15:53-04:00 PE Type : PE32 Linker Version : 5.12 Code Size : 121344 Initialized Data Size : 50688 Uninitialized Data Size : 0 Entry Point : 0x1e8c3 OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.1830 Product Version Number : 5.2.3790.1830 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Microsoft® InfoTech IR Local DLL File Version : 5.2.3790.1830 (srv03_sp1_rtm.050324-1447) Internal Name : ITIRCL Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : ITIRCL.DLL Product Name : Microsoft® Windows® Operating System Product Version : 5.2.3790.1830
VirusTotal Report submitted 2012-06-24 16:59:45
VirusShare info last updated 2012-07-26 14:07:04

	MD5	09468a88d50820affe6e6647251060ca
	SHA1	c16d43fbd26f17e651d6257ca712c4d2d3e10041
	SHA256	6dc713b46c072e2920c245535b1f645c48a6b45148afa48be5d705f705b7808d
SSDeep	3072:0y0+zechO9C2Y9C7mdx3zHkHSETRffApy3:g+zeed9C7EJHDM
Size	108032 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Menti Panda = Trj/Genetic.gen K7AntiVirus = Riskware VBA32 = AdWare.SuperJuan.heur TrendMicro-HouseCall = TROJ_VUNDO.SMUB Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Menti.hhfc McAfee-GW-Edition = Artemis!09468A88D508 DrWeb = Trojan.Siggen2.29520 TrendMicro = TROJ_VUNDO.SMUB Kaspersky = Trojan.Win32.Menti.hhfc Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.HTQ!genus Jiangmin = Trojan/Generic.cttb McAfee = Artemis!09468A88D508 F-Secure = Gen:Variant.Vundo.6 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Cryptic.BTF Norman = W32/Kryptik.AIF Sophos = Mal/EncPk-XI GData = Gen:Variant.Vundo.6 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.jhe BitDefender = Gen:Variant.Vundo.6 NOD32 = a variant of Win32/Kryptik.JHE
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:08:12 22:23:24-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 61440 Initialized Data Size : 81408 Uninitialized Data Size : 0 Entry Point : 0xfd34 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.0 Product Version Number : 5.2.3790.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : ACPI Embedded Controller Driver File Version : 5.2.3790.0 (srv03_rtm.030324-2048) Internal Name : acpiec.sys Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : acpiec.sys Product Name : Microsoft® Windows® Operating System Product Version : 5.2.3790.0
VirusTotal Report submitted 2012-06-24 17:26:18
VirusShare info last updated 2012-07-26 14:07:53

	MD5	8c720e3d02e112bebb9ba2ff62233aff
	SHA1	6f3c48f622f6d49cfd10893afd58540d3f03c9d6
	SHA256	eaf4f114dd6eea3a4ea65e2d868d7ff9a3610a1d2c87f1f0155519d33b8bbc9a
SSDeep	1536:bjwPXBrkpESDdXjdmrx/n2YHGcAy9NsM8tosRuF9F83QHeoOVzz:gXGWStEbHGcNzscFv8311z
Size	61440 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Monder.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Spyware/Virtumonde Rising = Trojan.Win32.Generic.1246E2F3 nProtect = Trojan/W32.Agent.61440.AKN K7AntiVirus = Riskware VirusBuster = Adware.Virtumonde!fe4uy2ySNC0 VBA32 = Trojan.Monder.mmkt TrendMicro-HouseCall = TROJ_GEN.R01C7JB Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Vundo!mo DrWeb = Trojan.Virtumod.10128 TrendMicro = TROJ_GEN.R01C7JB Kaspersky = Trojan.Win32.Monder.mwom Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr Jiangmin = Trojan/Genome.aazr McAfee = Vundo!mo F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) eSafe = Win32.Trojan F-Prot = W32/Virtumonde.BZ.gen!Eldorado AVG = Generic25.ADEI Norman = W32/Kryptik.AIF GData = Gen:Variant.Vundo.13 Symantec = WS.Reputation.1 Commtouch = W32/Virtumonde.BZ.gen!Eldorado TheHacker = Trojan/Monder.motp BitDefender = Gen:Variant.Vundo.13 NOD32 = Win32/Adware.Virtumonde.NHD
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:06:20 20:36:36-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 19968 Initialized Data Size : 78336 Uninitialized Data Size : 0 Entry Point : 0x5ced OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7000.0 Product Version Number : 6.1.7000.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Control Method Battery Driver File Version : 6.1.7000.0 (winmain_win7beta.081212-1400) Internal Name : cmbatt.sys Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : cmbatt.sys Product Name : Microsoft® Windows® Operating System Product Version : 6.1.7000.0
VirusTotal Report submitted 2011-11-01 23:39:28
VirusShare info last updated 2012-07-26 14:09:06

	MD5	d3eb627284d33b21e3601747891045ad
	SHA1	6f703d8c2834c3182e4f085579253988511a9429
	SHA256	71ea02701dde7ae4e5bc6e8c133d5643eca67322d2663c0109f726dac0fce4e0
SSDeep	1536:bjwPXBrkpESDdXjdmrx/62YHGcAy9NsM8tosRuF9F83QHeoOVzz:gXGWStEgHGcNzscFv8311z
Size	61440 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Spyware/Virtumonde nProtect = Trojan/W32.Agent.61440.AKN K7AntiVirus = Riskware VirusBuster = Adware.Virtumonde!oAdUiPhitZw VBA32 = Trojan.Monder.mmkt TrendMicro-HouseCall = TROJ_GEN.R01C2IK Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Artemis!D3EB627284D3 DrWeb = Trojan.Virtumod.10128 TrendMicro = TROJ_GEN.R01C2IK Kaspersky = Trojan.Win32.Monder.msvy Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr Jiangmin = Trojan/Genome.aazr McAfee = Artemis!D3EB627284D3 F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) eSafe = Win32.TRVundo F-Prot = W32/Virtumonde.BZ.gen!Eldorado AVG = Generic24.CLDY Norman = W32/Kryptik.AIF GData = Gen:Variant.Vundo.13 Symantec = WS.Reputation.1 Commtouch = W32/Virtumonde.BZ.gen!Eldorado TheHacker = Trojan/Monder.motp BitDefender = Gen:Variant.Vundo.13 NOD32 = Win32/Adware.Virtumonde.NHD
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:06:20 20:36:36-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 19968 Initialized Data Size : 78336 Uninitialized Data Size : 0 Entry Point : 0x5ced OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7000.0 Product Version Number : 6.1.7000.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Control Method Battery Driver File Version : 6.1.7000.0 (winmain_win7beta.081212-1400) Internal Name : cmbatt.sys Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : cmbatt.sys Product Name : Microsoft® Windows® Operating System Product Version : 6.1.7000.0
VirusTotal Report submitted 2011-10-27 00:30:07
VirusShare info last updated 2012-07-26 14:09:20

	MD5	c9dc079ca1927ae8c4658694903fcaa5
	SHA1	ba5261ff8129d7d6781b1433f251773c4a18eac1
	SHA256	7205ea7cdb362a6fb235f52d16feb92a52e63f668722ffd89dfeb4c41217b0b1
SSDeep	1536:xKrJioL0GhhIhFxXIXCX7WQmMQcuZfXcf:cIowGhhC4CTmMQci6
Size	50176 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-HH [Cryp] Antiy-AVL = Trojan/Win32.Agent.gen Ikarus = Trojan.Win32.Pirminay Rising = Trojan.Win32.Generic.128C01C0 K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_GEN.R21CDLE Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Artemis!C9DC079CA192 DrWeb = Trojan.MulDrop3.2833 TrendMicro = TROJ_GEN.R21CDLE Kaspersky = Trojan-Dropper.Win32.Agent.gduj Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = HeurEngine.MaliciousPacker TotalDefense = Win32/Vundo.H!generic Jiangmin = TrojanDropper.Agent.bcui McAfee = Artemis!C9DC079CA192 F-Secure = Gen:Variant.Vundo.4 VIPRE = Virtumonde F-Prot = W32/Virtumonde.BZ.gen!Eldorado AVG = Dropper.Agent.AUBY Norman = W32/Kryptik.AIF Symantec = Packed.Generic.305 GData = Gen:Variant.Vundo.4 Commtouch = W32/Virtumonde.BZ.gen!Eldorado BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.NHN
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:03:18 05:48:08-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 14336 Initialized Data Size : 67072 Uninitialized Data Size : 0 Entry Point : 0x45a7 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.0 Product Version Number : 5.2.3790.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 2 Language Code : Neutral Character Set : Unicode Company Name : Microsoft Corporation File Description : Greek IBM 220 Latin Keyboard Layout File Version : 5.2.3790.0 (srv03_rtm.030324-2048) Internal Name : kbdhela2 (3.12) Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : kbdhela2.dll Product Name : Microsoft® Windows® Operating System Product Version : 5.2.3790.0
VirusTotal Report submitted 2012-06-24 19:10:54
VirusShare info last updated 2012-07-26 14:13:36

	MD5	d83b6bc4677f22a088389da66484f5fc
	SHA1	4678f6efd781a6f96c39a50680ad785efb84a329
	SHA256	721b6db4812651a629fa94a9bc1e69c2a368af4bb0c02b5a1b56fefa5c941212
SSDeep	3072:6MOKMcLH9AEXVKLndAEf+/OrmJQWsxezAAorlNSml:6MKCmYVimu4B1AAo/
Size	121856 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/Win32.Monder.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Suspicious file K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!6fha/IZDH7M TrendMicro-HouseCall = TROJ_GEN.R4FC2GG Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.WinSpy.1558 TrendMicro = TROJ_GEN.R4FC2GG Kaspersky = Trojan.Win32.Monder.nrqt Microsoft = Trojan:Win32/Vundo.gen!AV ViRobot = Trojan.Win32.A.Monder.121856 Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Monder.acix McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.4 VIPRE = Virtumonde F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.BPEU Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Gen:Variant.Vundo.4 NOD32 = probably a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:03:16 12:54:13-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 106496 Initialized Data Size : 57344 Uninitialized Data Size : 0 Entry Point : 0x173c1 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Rnsuxgtop Slvwtjrnfky File Description : Network Diagnostic Engine Event Interface File Version : 6.0.6000.16386 (ndzsl_rtm.061101-2205) Internal Name : ndfetw.dll Legal Copyright : © Kstbivhpw Exemnpigzlv. All rights reserved. Original Filename : ndfetw.dll Product Name : Vlskqoslu® Xcvejmq® Jlxwuwwvg Jmciqk Product Version : 6.0.6000.16386
VirusTotal Report submitted 2012-06-24 19:12:25
VirusShare info last updated 2012-07-26 14:13:41

	MD5	173938a44af08003b0c32c3916e33dd4
	SHA1	3642c2a9c79af391f24f1401bebe53235a821da6
	SHA256	74a2dfd12fada596b1ce304b5e068e681839624e1971a0ec760838bcbf711067
SSDeep	12288:/eTBaDppihb3acafQ6LDDT92jpSaCDqKaYHO+jS0THarMKsXJuVFHob:/6+b4V5CD1OOS0THMM5
Size	688128 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Gendal.688128.B Avast = Win32:Pirminay-EE [Trj] Ikarus = Trojan.Win32.Pirminay nProtect = Trojan.Generic.3838028 K7AntiVirus = Riskware VBA32 = Trojan.Pirminay.td TrendMicro-HouseCall = TROJ_GEN.R3BC2AA Comodo = TrojWare.Win32.Trojan.Agent.Gen Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Artemis!173938A44AF0 TrendMicro = TROJ_GEN.R26E1H6 Kaspersky = Trojan.Win32.Pirminay.asn Microsoft = TrojanDownloader:Win32/Renos.KC Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.cn McAfee = Artemis!173938A44AF0 F-Secure = Trojan.Generic.3838028 VIPRE = Trojan.Win32.Generic!BT F-Prot = W32/FakeAlert.LP.gen!Eldorado AVG = Downloader.Generic9.BTND Norman = W32/Kryptik.AIF Sophos = Mal/Generic-L Symantec = Trojan.Gen GData = Trojan.Generic.3838028 Commtouch = W32/FakeAlert.LP.gen!Eldorado TheHacker = Trojan/Pirminay.but BitDefender = Trojan.Generic.3838028 NOD32 = Win32/Agent.RDG
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:03:12 10:12:52-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 71168 Initialized Data Size : 608256 Uninitialized Data Size : 0 Entry Point : 0x1230e OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Microsoft® Windows Backup AutoPlay Integration Library File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : SDAUTOPLAY.DLL Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : SDAUTOPLAY.DLL Product Name : Microsoft® Windows® Operating System Product Version : 6.1.7600.16385
VirusTotal Report submitted 2012-06-24 20:16:34
VirusShare info last updated 2012-07-26 14:15:58

	MD5	3ffc69ea21731d87427881555bc6846e
	SHA1	7515c45a1adb792600224dadba6b6a4481d1ff33
	SHA256	1bbc9779cf4ec172ccb618f3e0e4a869b819eb59c7e3d36dc7edc956c16a8bbf
SSDeep	3072:AnWysui0wHIOp+TtsducGXvzSwcvqtB9N6fr:A4ui0wodTlXvgCtB9
Size	110592 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Ikarus = Trojan.Win32.Pirminay Panda = Suspicious file Prevx = Medium Risk Malware
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:01:18 12:40:54-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 77824 Initialized Data Size : 73728 Uninitialized Data Size : 0 Entry Point : 0x13721 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 8.0.6001.18000 Product Version Number : 8.0.6001.18000 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Utfqnpffp Tmcvicqbytv File Description : Fycfhkzof Speech Recognition Engine Extensions File Version : 8.0.6001.18000 (longhorn_rtm.080118-1840) Internal Name : spsrx.dll Legal Copyright : © Rltrmfixs Hcbfifzaiou. All rights reserved. Original Filename : spsrx.dll Product Name : Mfwsmhdoa® Oycenav® Niqcutlec Omlftm Product Version : 8.0.6001.18000
VirusTotal Report submitted 2011-04-21 02:08:35
VirusShare info last updated 2012-07-26 14:16:20

	MD5	dc1396e73d1bb75b43b30a0feaeb8fba
	SHA1	4c55d84e4911f847b2b9dc9ed6b669f3062d9672
	SHA256	771a7ddb9de7914451c2471a8768b9cc6217745aa8bddf137518663682aec92e
SSDeep	12288:U/ASUvKVOne/hrLYJXFwiEVZROAOuPwB3+Kja873Ds9846XULGX1MZNT/u8eW:pSdMe/Vo5EvROUy3++I65IXd
Size	845312 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:Kelihos-D [Trj] Antiy-AVL = Trojan/Win32.Menti.gen Ikarus = Trojan.Win32.Menti AhnLab-V3 = Win-Trojan/Fakeav.845312.AC Panda = Trj/Mystic.a K7AntiVirus = Trojan VirusBuster = Trojan.Kryptik!v2xXPxtxtWA TrendMicro-HouseCall = TROJ_GEN.R21C2IE Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Menti!IK McAfee-GW-Edition = FakeAlert-SecurityTool.cv TrendMicro = TROJ_GEN.R21C2IE Kaspersky = Trojan.Win32.Menti.hvsw Microsoft = Backdoor:Win32/Kelihos.B Fortinet = W32/Pirminay.BMF!tr PCTools = HeurEngine.Mystic TotalDefense = Win32/Kelihos.B!generic McAfee = FakeAlert-SecurityTool.cv F-Secure = Gen:Variant.Kazy.33973 VIPRE = Trojan.Win32.Generic.pak!cobra F-Prot = W32/FakeAlert.QW.gen!Eldorado AVG = Generic24.BQXT Norman = W32/Kryptik.AFR Sophos = Mal/EncPk-ADY GData = Gen:Variant.Kazy.33973 Symantec = Packed.Mystic!gen9 Commtouch = W32/FakeAlert.QW.gen!Eldorado BitDefender = Gen:Variant.Kazy.33973 NOD32 = a variant of Win32/Kryptik.RPV
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2007:02:26 23:47:21-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 85504 Initialized Data Size : 758784 Uninitialized Data Size : 0 Entry Point : 0x14eb0 OS Version : 5.0 Image Version : 0.0 Subsystem Version : 5.0 Subsystem : Windows GUI File Version Number : 0.49152.27014.14873 Product Version Number : 0.49152.27014.14873 File Flags Mask : 0x0000 File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Ritlabs S.R.L. File Description : gFzFG6fP3Nkr File Version : qCMeD Internal Name : 74nowsLGrcvS Legal Copyright : lKQfh Original Filename : BYyoSTtYrRY Product Name : CokABKQoZ Product Version : m8IVE03isHU2 Warning : Possibly corrupt Version resource
VirusTotal Report submitted 2012-06-24 21:21:09
VirusShare info last updated 2012-07-26 14:17:46

	MD5	524b784b7f07ba9c88381965ffd1e77b
	SHA1	7754f70f05e30f3be842eebb4a44412b19c5388b
	SHA256	40429ac3b22a330d8d60113a375ff1b51e97b67e4f6a551568f52850d995dc38
SSDeep	1536:riQ1Q4cx3jqfRqA3xudicKPfso7ApxgxtWy:mQhcxjqfkA3odhKXbc8W
Size	102400 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-GD [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Gen Panda = Generic Trojan Rising = Trojan.Win32.Generic.12A44A3A nProtect = Gen:Variant.Graftor.1956 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!eCXRarQdd7I TrendMicro-HouseCall = TROJ_GEN.R47C7KJ Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Artemis!524B784B7F07 DrWeb = Trojan.WinSpy.1310 TrendMicro = TROJ_GEN.R47C7KJ Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen McAfee = Artemis!524B784B7F07 F-Secure = Gen:Variant.Graftor.1956 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic25.CNAK Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Graftor.1956 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.ndf BitDefender = Gen:Variant.Graftor.1956 NOD32 = a variant of Win32/Kryptik.NDF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:06:22 16:11:05-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 16384 Initialized Data Size : 114688 Uninitialized Data Size : 0 Entry Point : 0x4581 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 0.3.1536.0 Product Version Number : 1.0.2.82 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : CANON INC. File Description : Canon Inkjet Printer Driver File Version : 1.00.2.82 (vbl_wcp_d2_drivers.060831-0027) Internal Name : CNBSMSD.DLL Legal Copyright : Copyright CANON INC. 2006 All Rights Reserved Original Filename : CNBSMSD.DLL Product Name : Canon Inkjet Printer Driver Product Version : 1.00.2.82
VirusTotal Report submitted 2011-12-16 23:29:38
VirusShare info last updated 2012-07-26 14:17:55

	MD5	5be519071c9feb4ba3aabea861b74db1
	SHA1	79ad8dd1942fb76dc4d06e7189f2eb3c91b93f54
	SHA256	60e40723b1f56cc4055ab2b2e6ee2c1361360079838d5d8ec0d5a47331f34ee6
SSDeep	3072:Jfk8dUSUqH/SsxgEY8iFyq4UJCzjV8YvRz2ymhTZS:JfkuUO/gEYNF2UGjV/t2ymhT4
Size	118272 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/PSW.Zbot.Y.1340 Avast = Win32:Trojan-gen Antiy-AVL = Trojan/Win32.Zbot.gen Ikarus = Trojan-PWS.Win32.Zbot Panda = Trj/Mystic.a nProtect = Gen:Variant.Kazy.33688 K7AntiVirus = Trojan VirusBuster = TrojanSpy.Zbot!lrKjY2g5YNM Emsisoft = Trojan-PWS.Win32.Zbot!IK McAfee-GW-Edition = Artemis!5BE519071C9F DrWeb = Trojan.Packed.2251 ByteHero = Trojan.Win32.Heur.Gen Kaspersky = Trojan-Spy.Win32.Zbot.cayu Microsoft = PWS:Win32/Zbot.gen!Y Fortinet = W32/Pirminay.BMF!tr PCTools = Trojan-PSW.Banker Jiangmin = TrojanSpy.Zbot.ahhk McAfee = Artemis!5BE519071C9F F-Secure = Gen:Variant.Kazy.33688 VIPRE = Trojan.Win32.Ransom.do (v) AVG = PSW.Generic9.GRM Norman = W32/Kryptik.AFR Sophos = Mal/ZbotPk-AE GData = Gen:Variant.Kazy.33688 Symantec = Infostealer.Banker.C TheHacker = Trojan/Spy.Zbot.cayu BitDefender = Gen:Variant.Kazy.33688 NOD32 = a variant of Win32/Kryptik.RRN
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2005:08:11 18:54:39-04:00 PE Type : PE32 Linker Version : 6.0 Code Size : 19456 Initialized Data Size : 97280 Uninitialized Data Size : 0 Entry Point : 0x4cd9 OS Version : 5.0 Image Version : 1.0 Subsystem Version : 5.0 Subsystem : Windows GUI File Version Number : 0.2048.37724.60264 Product Version Number : 0.2048.37724.60264 File Flags Mask : 0x0000 File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Ritlabs S.R.L. File Description : M44wRtGp File Version : tWkeno51HzZR Internal Name : ggUWoDm Legal Copyright : C5o62UArhGmrR Original Filename : CmnMkbHrw Product Name : 7M96jFV35 Product Version : hUlMYVxj Warning : Possibly corrupt Version resource
VirusTotal Report submitted 2011-09-30 04:21:25
VirusShare info last updated 2012-07-26 14:19:47

	MD5	47850300daf366744c448338b94c26ff
	SHA1	7a6ceb7e5b9137492e2022254379bf5b7c277be5
	SHA256	6c946ebae63106cd4404031d939844bac8f02e3b848063dabe24709627639197
SSDeep	3072:LyILhARUrTJ1f4wIem1oh+eH2Kxos9TCoAZfARjxos75I:LV9nEeYeWKBBIoJxo
Size	131072 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.HDC Panda = Suspicious file Rising = Trojan.Win32.Generic.129ACE3F nProtect = Trojan/W32.Vundo.131072.D K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!sJeFkCt9xOQ eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R47C1J2 Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Vundo.av SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[Cont] McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.WinSpy.1217 TrendMicro = TROJ_GEN.R47C1J2 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.jfgg McAfee = Generic Malware.ms F-Secure = Trojan.Vundo.7056 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.BKGL Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Trojan.Vundo.7056 Symantec = Trojan.Gen.2 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.lxf BitDefender = Trojan.Vundo.7056 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:09:29 14:44:39-04:00 PE Type : PE32 Linker Version : 5.12 Code Size : 69632 Initialized Data Size : 94208 Uninitialized Data Size : 0 Entry Point : 0xdefe OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.5512 Product Version Number : 5.1.2600.5512 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Bxufqhusc Lsyvnozowtk File Description : USB Miniport Driver for Input Devices File Version : 5.1.2600.5512 (xpsp.080413-2108) Internal Name : HIDUSB.SYS Legal Copyright : © Kkwhopsnl Rujmohcknfq. All rights reserved. Original Filename : HIDUSB.SYS Product Name : Fzvycrpqx® Lpjnpml® Lkuzhsgyu Aezppw Product Version : 5.1.2600.5512
VirusTotal Report submitted 2012-03-17 16:37:49
VirusShare info last updated 2012-07-26 14:20:25

	MD5	8d07f64cf32dbca807e7f3043c0e4322
	SHA1	7c1c836e886c6c46ee8172a60e2c184465014d61
	SHA256	580784d8b3aa958146fd9f6b91dcbfca0df8698d6522da64d3d6b8ca6ea1b2e7
SSDeep	1536:NELDkkdsOTW5lFt6uWV0HUmVHZBSOC954R44TkFQVCtv7vy5nr6lUuoTkgTnj:ikkdsO+FpWYUmG5O44Tk6mjmuoXTn
Size	116224 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/Win32.Monder.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Suspicious file nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware VBA32 = Trojan.Monder.mrri Emsisoft = Trojan.Win32.Pirminay!IK DrWeb = Trojan.Virtumod.10179 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen F-Secure = Gen:Variant.Vundo.4 F-Prot = W32/Virtumonde.BZ.gen!Eldorado Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen Symantec = Trojan.Gen GData = Gen:Variant.Vundo.4 Commtouch = W32/Virtumonde.BZ.gen!Eldorado BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.OXO
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:11:22 02:00:08-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 102912 Initialized Data Size : 49152 Uninitialized Data Size : 0 Entry Point : 0x19f81 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.0.2134.1 Product Version Number : 5.0.2134.1 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 8 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : MCI driver for cdaudio devices File Version : 5.00.2134.1 Internal Name : mcicda Legal Copyright : Copyright (C) Microsoft Corp. 1981-1999 Original Filename : mcicda.dll Product Name : Microsoft(R) Windows (R) 2000 Operating System Product Version : 5.00.2134.1
VirusTotal Report submitted 2011-10-21 18:32:33
VirusShare info last updated 2012-07-26 14:21:40

	MD5	138d68c7fad839b53b129b24fba9844d
	SHA1	7caeafaa554c3ef975dc730593f8c02a5b065c1e
	SHA256	291c6196c721e0fa5c420f8203108d42ee39e69a75be8b116cf1609ca743f421
SSDeep	1536:DduW0LHXFGLKtS9KX+x5NKGeTdGh38aZl0tkKV:DdulLHmoiKdTdZRtkK
Size	61440 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay Panda = Suspicious file nProtect = Trojan/W32.Agent.61440.BYZ K7AntiVirus = Riskware VBA32 = AdWare.SuperJuan.heur eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_KRYPTK.SMUW Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Menti.hzka SUPERAntiSpyware = Trojan.Agent/Gen-Vundo McAfee-GW-Edition = Artemis!138D68C7FAD8 DrWeb = Trojan.Siggen2.31637 TrendMicro = TROJ_KRYPTK.SMUW Kaspersky = Trojan.Win32.Menti.hzka Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.ctws McAfee = Artemis!138D68C7FAD8 F-Secure = Gen:Variant.Barys.1425 VIPRE = Virtumonde eSafe = Win32.TRVundo F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Cryptic.BTF Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Barys.1425 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.jhe BitDefender = Gen:Variant.Barys.1425 NOD32 = a variant of Win32/Kryptik.JHE
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:03:24 08:50:40-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 18944 Initialized Data Size : 78336 Uninitialized Data Size : 0 Entry Point : 0x5784 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.1830 Product Version Number : 5.2.3790.1830 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 6 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : MS Remote Access and Routing ARP Driver File Version : 5.2.3790.1830 (srv03_sp1_rtm.050324-1447) Internal Name : WANARP.SYS Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : WANARP.SYS Product Name : Microsoft® Windows® Operating System Product Version : 5.2.3790.1830
VirusTotal Report submitted 2012-05-12 19:13:03
VirusShare info last updated 2012-07-26 14:22:07

	MD5	e0c84c34fce18d0b678a322b1e11ebad
	SHA1	bd8dd97fa1bef89c2daffd4087a30592013ff863
	SHA256	7d508817c9680e214dea7814e901c8a5d43c5c6f6373f7155c209f9aaef8321b
SSDeep	1536:zAekDDHKWPnp2Nav5BsxMFLfctn2RHxfk5rAs/hiJjcN3qG2q3yKQtoKccNewfAf:z0/bnAo/LKoRr2kjcl/2ylQtoKcw3fy
Size	110080 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-GD [Cryp] Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.HDC Panda = Suspicious file K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!byUrnTsOWqs TrendMicro-HouseCall = TROJ_GEN.R30CCAH Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Vundo.av McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.WinSpy.1411 TrendMicro = TROJ_GEN.R30CCAH Kaspersky = Trojan.Win32.Genome.aethi Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Vundo TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Genome.bdxs McAfee = Generic Malware.ms F-Secure = Gen:Heur.Ranpax.1 VIPRE = Virtumonde F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.BBCB Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Heur.Ranpax.1 Symantec = Trojan.Vundo!gen9 Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Gen:Heur.Ranpax.1 NOD32 = a variant of Win32/Kryptik.NDS
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:03:16 00:53:38-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 40960 Initialized Data Size : 114688 Uninitialized Data Size : 0 Entry Point : 0x746e OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Hwbcklcgx Ontsdtenmkp File Description : MSDVDOpt Module File Version : 5.1.2600.0 (ooboawkm.010817-1148) Internal Name : MSDVDOpt Legal Copyright : © Hjkrfvbbz Aizjpzqdnog. All rights reserved. Original Filename : MSDVDOpt Product Name : Rdmikafec® Itfawfr® Ensinqiql Mapept Product Version : 5.1.2600.0 Ole Self Register :
VirusTotal Report submitted 2012-06-24 23:57:10
VirusShare info last updated 2012-07-26 14:22:36

	MD5	6f8916cdcbd3d7b56881ce11ea314581
	SHA1	441d674ab0b644b49648e63fb807a3a21cbc2135
	SHA256	7dcf18412e07d07186d8d25af3b7bcecd821b38ff98e4ce98f02f885a89b1b83
SSDeep	3072:nVNEUW3DADDHfy5ZWw4thy6sCAbO7U1ID+9DoBr+IVnl33SAjxIE80LGlrI:n4/cOWw4tJsCeO7mVkBaIVnJ3SAeiZ
Size	210749 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Jorik AhnLab-V3 = Trojan/Win32.Jorik Panda = Suspicious file nProtect = Trojan.Generic.6424003 K7AntiVirus = Riskware VirusBuster = Trojan.Injector!Dg0ID9Cdp3s VBA32 = Trojan.Jorik.Pirminay.bu TrendMicro-HouseCall = TROJ_RENOS.BMC Emsisoft = Trojan.Win32.Jorik!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Jorik.Pirminay.ze McAfee-GW-Edition = Heuristic.LooksLike.Win32.Suspicious.B DrWeb = Trojan.DownLoader4.27905 TrendMicro = TROJ_RENOS.BMC Kaspersky = Trojan.Win32.Jorik.Pirminay.ze Microsoft = Trojan:Win32/Vundo.gen!CD Fortinet = W32/Jorik.K!tr PCTools = Trojan.ADH Jiangmin = Trojan/Generic.hxys McAfee = Artemis!6F8916CDCBD3 ClamAV = Trojan.Agent-264053 F-Secure = Trojan.Generic.6424003 VIPRE = Trojan.Win32.Generic!BT AVG = Dropper.Generic4.SXS Norman = W32/Kryptik.ALS Sophos = Mal/Generic-L GData = Trojan.Generic.6424003 Symantec = Trojan.ADH TheHacker = Trojan/Injector.hzu BitDefender = Trojan.Generic.6424003 NOD32 = a variant of Win32/Kryptik.UFA
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 16384 Initialized Data Size : 200704 Uninitialized Data Size : 0 Entry Point : 0x137e OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.0.0.74 Product Version Number : 5.0.0.74 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Created by VIONA Development Company Name : RAVISENT Technologies Inc. File Description : CineMaster C WDM DVD Minidriver File Version : 5.0.00.0074 Internal Name : VDMINDVD.SYS Legal Copyright : Copyright 1999 RAVISENT Technologies Inc. Original Filename : VDMINDVD.SYS Product Name : CineMaster C WDM Product Version : 5.0.00.0074
VirusTotal Report submitted 2012-06-25 00:09:00
VirusShare info last updated 2012-07-26 14:22:57

	MD5	dd452488f1958d6f0d2a3f235df439a7
	SHA1	f517f51193d8d353f77f12f0fb9e2a6b7fb51eee
	SHA256	7fa45c4fb968be238b65c33fae038955235ba834808b506aac44b801adec9c4e
SSDeep	3072:RuykzonFP4Mg15n8c6/KV6OppKWchHxSj8jm1lNcSwoZfYfO:0vGPGxOOAGSmNcSmfO
Size	167936 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.307200 Avast = Win32:MalOb-GD [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.FakeAV Panda = Generic Trojan K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!cyMxHaHkDYE TrendMicro-HouseCall = TROJ_GEN.R45C2FG Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Monder.mpqf McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.WinSpy.1558 TrendMicro = TROJ_GEN.R45C2FG Kaspersky = Trojan.Win32.Monder.mpqf Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Monder.ackh McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.4 VIPRE = Virtumonde F-Prot = W32/Virtumonde.CD.gen!Eldorado AVG = Generic22.ANCC Norman = W32/Kryptik.AIF GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CD.gen!Eldorado TheHacker = Trojan/Kryptik.ndi BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.AGXH
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:01:18 00:19:53-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 102400 Initialized Data Size : 98304 Uninitialized Data Size : 0 Entry Point : 0x163c5 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6001.18000 Product Version Number : 6.0.6001.18000 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 8 Language Code : English (U.S.) Character Set : Unicode Company Name : Xztfevbqv Kbgbrtftghg File Description : Flnsgrboy ACM Audio Filter File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840) Internal Name : Jhyddtqsf ACM Audio Filter Legal Copyright : © Inorznyop Corporation. All rights reserved. Original Filename : msfltr32.acm Product Name : Xcsltbhjn® Zqtcvkp® Pgkevtdwi Lrgelv Product Version : 6.0.6001.18000
VirusTotal Report submitted 2012-06-25 00:55:09
VirusShare info last updated 2012-07-26 14:24:13

	MD5	250072abe9389f1cfa48d2d8187e35aa
	SHA1	e891c6925a669580b812b66fc70eada2fedf4b14
	SHA256	7fc788e2c8962616657e3c7b45f7eaf1da8420d02b76ca5c90995ca2e7b64851
SSDeep	12288:nX0nbu2wFss5NdHHr1P0bcdNx3VpzvMf+NYTsgUy2BOyY:Ua2wFss5Ndnx04XVpDtFB4
Size	409649 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.ZPACK.Gen2 Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay Panda = Suspicious file nProtect = Trojan.Generic.4335451 K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_RENOS.BMC Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Artemis!250072ABE938 TrendMicro = TROJ_GEN.R11C2H4 Kaspersky = Trojan.Win32.Pirminay.arn Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Kryptik.ANL!tr PCTools = HeurEngine.MaliciousPacker Jiangmin = Trojan/Pirminay.bq McAfee = Artemis!250072ABE938 F-Secure = Trojan.Generic.4335451 VIPRE = Trojan-Dropper.Win32.Ponmocup.QHost F-Prot = W32/FakeAlert.LP.gen!Eldorado AVG = Crypt.VXR Norman = W32/Suspicious_Gen2.CVUXI GData = Trojan.Generic.4335451 Symantec = Packed.Generic.305 Commtouch = W32/FakeAlert.LP.gen!Eldorado TheHacker = Trojan/Injector.bet BitDefender = Trojan.Generic.4335451 NOD32 = a variant of Win32/Injector.BET
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:04:01 17:51:57-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 55296 Initialized Data Size : 701952 Uninitialized Data Size : 0 Entry Point : 0xe5bc OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7000.0 Product Version Number : 6.1.7000.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Windows Security Center ISV Proxy Stub File Version : 6.1.7000.0 (winmain_win7beta.081212-1400) Internal Name : wscproxystub.dll Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : wscproxystub.dll Product Name : Microsoft® Windows® Operating System Product Version : 6.1.7000.0
VirusTotal Report submitted 2012-06-25 00:58:51
VirusShare info last updated 2012-07-26 14:24:20

	MD5	5a42c7b99651d496c3208c517ce0faef
	SHA1	80212a3fbea72e91d1cf1c730cbccc74b91fa995
	SHA256	6c6d01ba926807eaa778bb09d24aa5e96706c919d845cde7dd549508358cced6
SSDeep	3072:S+2F6rU50oY8ACLTDucXM0cmdFz4MqqDLy/XoDbc:Kek9a0MOFzzqqDLuX
Size	131072 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-HF [Cryp] Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/Genetic.gen nProtect = Trojan/W32.Genome.131072.E K7AntiVirus = Riskware VirusBuster = Trojan.Vundo.AKMH eTrust-Vet = Win32/Vundo.HPV!genus TrendMicro-HouseCall = TROJ_SPNR.15L711 Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Vundo.av SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Artemis!5A42C7B99651 DrWeb = Trojan.WinSpy.1185 TrendMicro = TROJ_SPNR.15L711 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.kpyn McAfee = Artemis!5A42C7B99651 F-Secure = Gen:Variant.Vundo.4 VIPRE = Virtumonde eSafe = Win32.TRVundo F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic25.BSGQ Norman = Vundo.UVS Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.lxf BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:05 18:48:40-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 86016 Initialized Data Size : 86016 Uninitialized Data Size : 0 Entry Point : 0x151a7 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.1.4026.0 Product Version Number : 2.0.0.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : Ncpniezam Kdqqjqacykd File Description : Movie Maker Filters File Version : 2, 1, 4026, 0 Internal Name : WMM2FILT Legal Copyright : Copyright (C) Lfwckqjlh Corp, 2004 Legal Trademarks : Original Filename : WMM2FILT.DLL Private Build : Product Name : Windows Movie Maker Product Version : 2.1.4026.0 Special Build :
VirusTotal Report submitted 2011-12-14 19:14:16
VirusShare info last updated 2012-07-26 14:24:35

	MD5	92e49237f569a7ad9c8afdc877e891de
	SHA1	7b34bcf1b54c80cfed0938a39eb864a292ef2e3f
	SHA256	83d61e4f4c3c07360bac58be3f2aa440daabee45fbd264d262d80584b332dc01
SSDeep	1536:mNiWBbDbI8l5pPyGW4J5Emljy8LMfFuIkE6LqzKJFoBlHF:YiWBb7pKxorjy8LM9uIeqYoBlH
Size	84480 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Suspicious file nProtect = Trojan/W32.Vundo.84480.CH K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!8m+rTRbDYQU TrendMicro-HouseCall = TROJ_GEN.R4FC3G7 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Monder.nlzg McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.Click1.62091 TrendMicro = TROJ_GEN.R4FC3G7 Kaspersky = Trojan.Win32.Monder.nlzg Microsoft = Trojan:Win32/Vundo.gen!AV ViRobot = Trojan.Win32.A.Monder.84480.A Fortinet = W32/Monder.BMF!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Genome.ahrx McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CP.gen!Eldorado AVG = Generic22.AQUW Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.13 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CP.gen!Eldorado BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.NPR
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:19 17:14:22-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 32768 Initialized Data Size : 94208 Uninitialized Data Size : 0 Entry Point : 0x53fa OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 2 Language Code : Neutral Character Set : Unicode Company Name : Uzjxjtqkw Epvlszlvwob File Description : Greek IBM 220 Latin Keyboard Layout File Version : 5.1.2600.0 (pbtplamy.010817-1148) Internal Name : kbdhela2 (3.11) Legal Copyright : © Ofnhryavz Corporation. All rights reserved. Original Filename : kbdhela2.dll Product Name : Uohmfwwoi® Krgzgdq® Nnxucdiph Gnusyd Product Version : 5.1.2600.0
VirusTotal Report submitted 2012-06-25 02:44:39
VirusShare info last updated 2012-07-26 14:27:05

	MD5	9c9009b638be40955b2f940e3550b971
	SHA1	85dc84cf862e8096e07b7e7068f27b06056dde48
	SHA256	46cea6f2420950a5aceab8b5cc15e42671f051e5b2bd8e108fb137863bab8bfe
SSDeep	3072:ugUpW+1Dwy+ct+aYVqOIAfkNQow49mcomYO2j:ugUpjDwywaYsOIAfkNu49m
Size	119808 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:MalOb-HH [Cryp] Antiy-AVL = Trojan/Win32.Monder.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Suspicious file Rising = Trojan.Win32.Generic.12A34206 nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware VirusBuster = Trojan.Monder!ESish14HS1s VBA32 = Trojan.Monder.drjy TrendMicro-HouseCall = TROJ_SPNR.15L511 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Monder.drjy McAfee-GW-Edition = Vundo!my DrWeb = Trojan.Virtumod.10718 TrendMicro = TROJ_SPNR.15L511 Kaspersky = Trojan.Win32.Monder.drjy Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = HeurEngine.MaliciousPacker Jiangmin = Trojan/Genome.ios McAfee = Vundo!my F-Secure = Gen:Variant.Vundo.4 VIPRE = Virtumonde eSafe = Win32.TRATRAPS F-Prot = W32/Virtumonde.BZ.gen!Eldorado AVG = Generic25.BTFC Norman = W32/Kryptik.AIF Sophos = Mal/Generic-L GData = Gen:Variant.Vundo.4 Symantec = Packed.Generic.305 Commtouch = W32/Virtumonde.BZ.gen!Eldorado TheHacker = Trojan/Monder.drjy BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Injector.DSI
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:28 20:13:59-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 71168 Initialized Data Size : 83968 Uninitialized Data Size : 0 Entry Point : 0x1251d OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.5.2600.2180 Product Version Number : 6.5.2600.2180 File Flags Mask : 0x30003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Windows, Latin1 Company Name : Microsoft Corporation File Description : Microsoft MPEG-2 Section and Table Acquisition Module File Version : 6.05.2600.2180 Internal Name : Mpeg2Data.ax Legal Copyright : Copyright (C) 1992-2001 Microsoft Corp. Original Filename : Mpeg2Data.ax Product Name : DirectShow Product Version : 6.05.2600.2180 Direct Show : Core OLE Self Register : DXM20
VirusTotal Report submitted 2011-12-16 10:43:27
VirusShare info last updated 2012-07-26 14:28:32

	MD5	ba6a1330c7f9d79b20756936ce25e29f
	SHA1	8658f3d07e71754e0613b3f96d6bd4e19b3a3df0
	SHA256	c49c5c2ca84899e7655c0763884f6ef59ed8eec8b4d3f1f77e95d7abb776453f
SSDeep	6144:rE16D38FFiAYK5g2K3aqd8/LK99g4+jyxkCuitN+eg6:V38FYAN5g2Oaq12uxNuONdr
Size	243712 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Graftor.3421.1 Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Jorik.gen Ikarus = Trojan-Downloader.Win32.Ponmocup AhnLab-V3 = Trojan/Win32.Jorik Panda = Trj/CI.A nProtect = Trojan/W32.Jorik.243712.D K7AntiVirus = Trojan VirusBuster = Trojan.Ponmocup!lGJTkqsZNdg VBA32 = Trojan.Jorik.Pirminay.avy TrendMicro-HouseCall = TROJ_SPNR.15L511 Comodo = UnclassifiedMalware Emsisoft = Trojan-Downloader.Win32.Ponmocup!IK CAT-QuickHeal = Trojan.Jorik.Pirminay.avy McAfee-GW-Edition = Generic.bfr!di DrWeb = Trojan.WinSpy.1014 ByteHero = Trojan.Win32.Heur.Gen TrendMicro = TROJ_SPNR.15L511 Kaspersky = Trojan.Win32.Jorik.Pirminay.avy Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Ponmocup.AA Jiangmin = Trojan/Generic.knvv McAfee = Generic.bfr!di F-Secure = Gen:Variant.Graftor.3421 VIPRE = Trojan.Win32.Generic!BT eSafe = Win32.TRGraftor AVG = Generic25.BTHJ Norman = W32/Obfuscated.L GData = Gen:Variant.Graftor.3421 Symantec = WS.Reputation.1 TheHacker = Trojan/Ponmocup.aa BitDefender = Gen:Variant.Graftor.3421 NOD32 = Win32/Ponmocup.AA
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:30 02:01:14-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 241664 Initialized Data Size : 4096 Uninitialized Data Size : 45056 Entry Point : 0x46670 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 0.3.1536.1 Product Version Number : 1.10.2.20 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : CANON INC. File Description : Canon Inkjet Printer Driver File Version : 1.10.2.20 (fbl_dox_dev_ihvs.090312-0520) Internal Name : CNBBRxxx.DLL Legal Copyright : Copyright CANON INC. 2008 All Rights Reserved Original Filename : CNBBRxxx.DLL Product Name : Canon Inkjet Printer Driver Product Version : 1.10.2.20
VirusTotal Report submitted 2011-12-12 02:55:24
VirusShare info last updated 2012-07-26 14:28:48

	MD5	d1dbc799b18b10db0a26bd0898e4c61a
	SHA1	89a64c9a601a461c4e80acc3d56ffa9209741088
	SHA256	4168f850db8b9d44fed2502664895121483c726c05316a6a5f6866b501db3eb8
SSDeep	6144:Kx72kU6Z55orF/8Sd62JNLjUB1iUgQh86HmEcQXHjGEDFE1EwJl1AX:KxSkn55oB/85YJkpmE5j7E3l
Size	372736 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = ADSPY/NaviPromo.3727364 Avast = Win32:Renos-ZL [Drp] Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Dropper/Malware.372736.CV Panda = Generic Trojan VirusBuster = Trojan.Pirminay!3cKg+QaW0G8 VBA32 = Trojan.Pirminay.eel TrendMicro-HouseCall = TROJ_GEN.R3BC2DA Emsisoft = Trojan.Win32.Pirminay!IK Comodo = TrojWare.Win32.Trojan.Agent.Gen McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.Hosts.4165 TrendMicro = TROJ_GEN.R3BC2DA Kaspersky = Trojan.Win32.Pirminay.eel Microsoft = TrojanDownloader:Win32/Renos.KC Fortinet = W32/Kryptik.ANL!tr Jiangmin = Trojan/Pirminay.om McAfee = Generic Malware.ms F-Secure = Gen:Heur.NaviPromo.4 VIPRE = Trojan.Win32.Generic!BT AVG = Generic21.AVVU Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Heur.NaviPromo.4 Symantec = WS.Reputation.1 TheHacker = Trojan/Pirminay.eel BitDefender = Gen:Heur.NaviPromo.4 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:06:28 20:16:12-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 57344 Initialized Data Size : 610304 Uninitialized Data Size : 0 Entry Point : 0xb03b OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Nwrwntfwg Fhsatlobkri File Description : Device Display Status Manager File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : DeviceDisplayStatus Legal Copyright : © Fyetrlgai Rrevehmivpa. All rights reserved. Original Filename : DeviceDisplayStatus.dll Product Name : Pscofgkep® Kmdtrbe® Oisxuwbnm Mkvljz Product Version : 6.1.7600.16385
VirusTotal Report submitted 2011-11-24 13:32:59
VirusShare info last updated 2012-07-26 14:30:55

	MD5	0ddf157ce68df9409060ede59aea3889
	SHA1	6d2116eb45f0152d241a341b095415bc9fb1a5be
	SHA256	8d4dcb9968535bde4f74a8bfd360b3e7969ca298359b4891e73d808cbefbb3b0
SSDeep	1536:6BXJ9tZNbZILJQV6VTfaBUgIV2YegSa9JaBgeUMqFYAoD:6B59tH+LJQMVTkAeNQzS
Size	97792 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-HF [Cryp] Antiy-AVL = Trojan/Win32.Monder.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Suspicious file nProtect = Trojan.Generic.5892127 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!FCTLmYqYKwM TrendMicro-HouseCall = TROJ_GEN.R4FC1KM Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Vundo.Gen McAfee-GW-Edition = Artemis!0DDF157CE68D DrWeb = Trojan.Juan.423 TrendMicro = TROJ_GEN.R4FC1KM Kaspersky = Trojan.Win32.Monder.mogb Microsoft = Trojan:Win32/Vundo.gen!AV ViRobot = Trojan.Win32.A.Monder.97792.H Fortinet = W32/Menti.fam!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.H!generic Jiangmin = Adware/SuperJuan.aay McAfee = Artemis!0DDF157CE68D F-Secure = Trojan.Generic.5892127 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.SV AVG = Cryptic.BPO Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Trojan.Generic.5892127 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.SV TheHacker = Trojan/Kryptik.jhe BitDefender = Trojan.Generic.5892127 NOD32 = a variant of Win32/Kryptik.JHE
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2005:03:22 21:34:58-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 41472 Initialized Data Size : 92160 Uninitialized Data Size : 0 Entry Point : 0xaf6e OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.9.1.1 Product Version Number : 2.9.1.1 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : RioPort File Description : WMDM Service Provider driver for MDM Drivers File Version : 2.9.1.1 Internal Name : mdWMDMSp Legal Copyright : Copyright © 1999- 2001 Rioport.com Legal Trademarks : Original Filename : MdWMDMSp.dll Private Build : Product Name : MDM Core Product Version : 2.9.1.1 Special Build :
VirusTotal Report submitted 2012-06-25 06:39:47
VirusShare info last updated 2012-07-26 14:33:26

	MD5	ab57e6a91bad3aa3d7303aef9c0a0f89
	SHA1	8d7f58dbbacbb2578381e54ec18f86aea6634a80
	SHA256	1eeb319c3b5b1e5b40f385b883702ab6714631a3dcafec230383dbffe19eb5f9
SSDeep	768:HIxYEAdsqG1MXDYTZ7acPbj5jHF6i50owVwXjQ7KKMd/TLaoONIJ6Krb8OnJg:oiEyDy/JlF32wsl0vaoOCJ6+b8OnS
Size	56320 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay Panda = Suspicious file nProtect = Trojan/W32.Agent.56320.OQ VBA32 = AdWare.SuperJuan.heur TrendMicro-HouseCall = TROJ_GEN.R4FC7JO Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Artemis!AB57E6A91BAD DrWeb = Trojan.Siggen2.47075 TrendMicro = TROJ_GEN.R4FC7JO Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Menti.sy McAfee = Artemis!AB57E6A91BAD F-Prot = W32/Virtumonde.CI.gen!Eldorado AVG = Cryptic.BTF Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Win32:MalOb-EI Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CI.gen!Eldorado NOD32 = a variant of Win32/Kryptik.JHE
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2004:08:02 02:33:39-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 13824 Initialized Data Size : 79872 Uninitialized Data Size : 0 Entry Point : 0x4214 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.5512 Product Version Number : 5.1.2600.5512 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 2 Language Code : Neutral Character Set : Unicode Company Name : Microsoft Corporation File Description : Maltese 47-key Keyboard Layout File Version : 5.1.2600.5512 (xpsp.080413-2105) Internal Name : kbdmlt47 (3.12) Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : kbdmlt47.dll Product Name : Microsoft® Windows® Operating System Product Version : 5.1.2600.5512
VirusTotal Report submitted 2011-10-29 06:50:59
VirusShare info last updated 2012-07-26 14:33:33

	MD5	3977c353974fd620af7a7abe4dadfb6a
	SHA1	023d2b281aa055e051fef53cc79cfdaaf3dbd702
	SHA256	8e085b2c79ebb16125fc2ed64188d28dbc04d5b79d3dd709de5a90803a17cfce
SSDeep	3072:QjzL6HXi6k17iTGrFX63rpO4I/N8h/f0szp9:YrX63rlI/N8hf
Size	122880 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-HF [Cryp] Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Vundo Panda = Suspicious file K7AntiVirus = Riskware VirusBuster = Trojan.Monder!6W4/1vEf03A TrendMicro-HouseCall = TROJ_GEN.R4FCCEQ Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.Click1.60738 TrendMicro = TROJ_GEN.R4FCCEQ Kaspersky = Trojan.Win32.Monder.nsin Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Vundo TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Genome.ahsn McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic_s.BN Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = Trojan.Vundo!gen9 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.npn BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.NPN
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:08:13 05:18:23-04:00 PE Type : PE32 Linker Version : 6.0 Code Size : 65536 Initialized Data Size : 90112 Uninitialized Data Size : 0 Entry Point : 0x10601 OS Version : 4.0 Image Version : 4.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.0 Product Version Number : 5.2.3790.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Hsdvqnyoh Cpcesubqphb File Description : Multicast Information File Version : 5.2.3790.0 (srv03_rtm.030324-2048) Internal Name : mrinfo.exe Legal Copyright : © Microsoft Dvypfayrpii. All rights reserved. Original Filename : mrinfo.exe Product Name : Rtoifpmee® Xiqutyy® Zyxcszupj System Product Version : 5.2.3790.0
VirusTotal Report submitted 2012-06-25 06:57:39
VirusShare info last updated 2012-07-26 14:33:56

	MD5	35dde923bb6c33901cdbc9da791ad53a
	SHA1	8e19dd460bb70a6f576dc3284c61f7373aa065c3
	SHA256	21788e0e024b18822cb3bd3c65c49c81c88b43472177fd7d32e05286e1fcb42b
SSDeep	3072:6TRVe/Ki5oJlF+0yABD2xuXLaSxSDKXMjapran3ZPAGv1SNyd//ilYJbJ:6Teyi5aBFBD2YbPGaon3ZPA+/D
Size	194048 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.XPACK.Gen Avast = Win32:MalOb-GD [Cryp] Antiy-AVL = Trojan/Win32.Monder.gen Ikarus = Trojan.Win32.Pirminay Panda = Generic Malware Rising = Trojan.Win32.Generic.12A342E8 nProtect = Trojan/W32.Vundo.194048 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!1osSf42eW+U VBA32 = Trojan.Monder.napx TrendMicro-HouseCall = TROJ_GEN.R2EC7KB Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Monder.napx SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[Cont] McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.Virtumod.10153 TrendMicro = TROJ_GEN.R2EC7KB Kaspersky = Trojan.Win32.Monder.napx Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Monder.BMF!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.jffz McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) eSafe = Win32.TRCrypt.XPACK F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic25.BVGN Norman = W32/Suspicious_Gen2.STQMM Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.QGU
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:01:13 12:13:25-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 139264 Initialized Data Size : 98304 Uninitialized Data Size : 0 Entry Point : 0x223ab OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Bmghwokve Iowxysdzrxz File Description : Client Service for NetWare Applet File Version : 5.1.2600.0 (zfcigrht.010817-1148) Internal Name : nwc.cpl Legal Copyright : © Aopudduef Corporation. All rights reserved. Original Filename : nwc.cpl Product Name : Xsefeefux® Hwexpsx® Wrxyrqulo Nwntgq Product Version : 5.1.2600.0
VirusTotal Report submitted 2011-12-23 14:28:12
VirusShare info last updated 2012-07-26 14:33:57

	MD5	f0b16035b7bb61e620ad664e06775de2
	SHA1	8e7d96d0af5319401f5c47e72d6849ddd345cc7a
	SHA256	d036d55ef28c23f380bdcd44cbb0b4ee3889a5218587001d20399be44a92d194
SSDeep	1536:SpKO1iH1MqqU+NV23S2TLo6CJcRt6ctVGqvUo85/Zoc:SSVMqqDLy/g6CaT6cmqY/Zoc
Size	86016 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-HF [Cryp] Antiy-AVL = Trojan/Win32.Monder.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Generic Trojan K7AntiVirus = Trojan VirusBuster = Trojan.Monder!zEqa6HQ8L3Y TrendMicro-HouseCall = TROJ_GEN.R4FC2IH Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Monder.myza McAfee-GW-Edition = Artemis!F0B16035B7BB DrWeb = Trojan.WinSpy.1188 TrendMicro = TROJ_GEN.R4FC2IH Kaspersky = Trojan.Win32.Monder.myza Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Generic.uxse McAfee = Artemis!F0B16035B7BB F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic25.BRAU Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.QGU
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:03:22 12:44:10-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 20480 Initialized Data Size : 106496 Uninitialized Data Size : 0 Entry Point : 0x4f87 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1.0.0.1 Product Version Number : 1.0.0.1 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : File Description : ScriptPW Module File Version : 1, 0, 0, 1 Internal Name : ScriptPW Legal Copyright : Copyright 2000 Original Filename : ScriptPW.DLL Product Name : ScriptPW Module Product Version : 1, 0, 0, 1 OLE Self Register :
VirusTotal Report submitted 2012-06-26 14:10:21
VirusShare info last updated 2012-07-26 14:34:14

	MD5	a3542a5f3bef98cd26629d36e033b5a1
	SHA1	fa71c40b75bb15106f243da8652af2f076e03439
	SHA256	8e868aef83f92383a9085ddc62aa78600206a919b193dccd2989e5a7bfab1aa1
SSDeep	6144:jnbSUzO/zlrDqNKfbw/dHk3SVevMfRryihYhLr7:DbE/zVwKjWHk4e5ihYt7
Size	340393 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:Kryptik-BZC [Trj] Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Gen.Variant.Vundo AhnLab-V3 = Trojan/Win32.Pirminay Panda = Suspicious file nProtect = Trojan.Generic.5837301 K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_GEN.R11C2FI Comodo = TrojWare.Win32.Trojan.Agent.Gen Emsisoft = Gen.Variant.Vundo!IK CAT-QuickHeal = Trojan.Pirminay.kqv McAfee-GW-Edition = Artemis!A3542A5F3BEF DrWeb = Trojan.DownLoader5.1717 TrendMicro = TROJ_GEN.R11C2FI Kaspersky = Trojan.Win32.Pirminay.kqv Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.wh McAfee = Artemis!A3542A5F3BEF F-Secure = Trojan.Generic.5837301 VIPRE = Trojan.Win32.Generic!BT AVG = Generic22.WAJ Norman = W32/Obfuscated.L Sophos = Troj/Virtum-Gen GData = Trojan.Generic.5837301 Symantec = Trojan.Gen TheHacker = Trojan/Pirminay.gft BitDefender = Trojan.Generic.5837301 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:05:23 16:39:35-04:00 PE Type : PE32 Linker Version : 5.12 Code Size : 53248 Initialized Data Size : 569344 Uninitialized Data Size : 0 Entry Point : 0x9e63 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1.0.0.1 Product Version Number : 1.0.0.1 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Windows, Latin1 Company Name : Gvgfootuy File Description : RPC NDF Helper Class File Version : 1.0.0.1 Internal Name : rpcndfP.dll Legal Copyright : (c) Microsoft. All rights reserved. Original Filename : rpcndfP.dll Product Name : RPC NDF Helper Class Product Version : 1.0.0.1
VirusTotal Report submitted 2012-06-25 07:12:09
VirusShare info last updated 2012-07-26 14:34:16

	MD5	101819ae30592ff02a63cb8e0535a8fe
	SHA1	f740bef4413fb94767128abf719fc6430b40c4e0
	SHA256	90169598c312ab64341ac903fc3d83f90a0cc7539b653de30302e7495fbd64a9
SSDeep	1536:XZh5DYLNE+AzknRypaSMzCmxJSZPxvx3EnWg:XD5MLNE+AzknRypaXzcZJJUW
Size	70144 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/Win32.Menti.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Menti Panda = Suspicious file nProtect = Trojan/W32.Vundo.70144.P K7AntiVirus = Riskware VBA32 = AdWare.SuperJuan.heur TrendMicro-HouseCall = TROJ_GEN.R4FC3E5 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Menti.hnny SUPERAntiSpyware = Trojan.Agent/Gen-Vonder McAfee-GW-Edition = Artemis!101819AE3059 DrWeb = Trojan.Siggen2.34690 TrendMicro = TROJ_GEN.R4FC3E5 Kaspersky = Trojan.Win32.Menti.hnny Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Generic.dnpg McAfee = Artemis!101819AE3059 F-Secure = Gen:Variant.Vundo.6 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Cryptic.BTF Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.6 Symantec = Trojan.Gen.2 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Menti.hznl BitDefender = Gen:Variant.Vundo.6 NOD32 = a variant of Win32/Kryptik.JHE
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:12:12 13:42:30-05:00 PE Type : PE32 Linker Version : 5.12 Code Size : 26624 Initialized Data Size : 79872 Uninitialized Data Size : 0 Entry Point : 0x74aa OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7000.0 Product Version Number : 6.1.7000.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : SSDP Service DLL File Version : 6.1.7000.0 (winmain_win7beta.081212-1400) Internal Name : ssdpsrv.dll Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : ssdpsrv.dll Product Name : Microsoft® Windows® Operating System Product Version : 6.1.7000.0
VirusTotal Report submitted 2012-06-25 08:02:49
VirusShare info last updated 2012-07-26 14:35:12

	MD5	5495f1216bb157d4b18c6110de552344
	SHA1	90b8022fa45b3968ce53b0dc317259fb70bcc00b
	SHA256	452b8f4eed07595529fb3a2e288cf401c51a1edf639f6b014a00902dfb2f8dc7
SSDeep	1536:5bufmG0w39sh67iY0pbo0LQ3Fs1CnCRJZudMqqU+NV23S2t:5bG0wm07iYcboX8kdMqqDLy/t
Size	86528 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-HH [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Fakeav.86528.R Panda = Trj/Genetic.gen nProtect = Trojan/W32.Agent.86528.MA K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!QPU/d03QjLQ eTrust-Vet = Win32/Vundo.HSC Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Vundo McAfee-GW-Edition = Artemis!5495F1216BB1 DrWeb = Trojan.WinSpy.1072 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.gije McAfee = Artemis!5495F1216BB1 F-Secure = Gen:Variant.Vundo.4 F-Prot = W32/Virtumonde.CH.gen!Eldorado Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen Symantec = Trojan.Gen GData = Gen:Variant.Vundo.4 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.owy BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.OWY
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:13 09:32:51-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 32768 Initialized Data Size : 106496 Uninitialized Data Size : 0 Entry Point : 0x8a87 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Softpub Forwarder DLL File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : Softpub Forwarder DLL Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : Softpub Forwarder DLL Product Name : Microsoft® Windows® Operating System Product Version : 6.1.7600.16385
VirusTotal Report submitted 2011-11-13 23:44:31
VirusShare info last updated 2012-07-26 14:35:33

	MD5	ca5ab2f019e37d9dbedb776527703beb
	SHA1	937c3011ff9b6b2f9f7eb2fb4aad2066f936c39e
	SHA256	5b8dcf8c7861c767c0158f6fd424190c6bf1b96f2aa314d51ed24cd135fbdfb8
SSDeep	3072:F7NVmclUyZY1MnohMqqDLy/jOcWKCdzke757HG:bVmeU5mqqDLujOXdw
Size	126976 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:Malware-gen Antiy-AVL = Trojan/win32.agent.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.16 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!2hO8dMF01Dk TrendMicro-HouseCall = TROJ_GEN.R4FC2IF Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Artemis!CA5AB2F019E3 DrWeb = Trojan.WinSpy.1207 TrendMicro = TROJ_GEN.R4FC2IF Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen McAfee = Artemis!CA5AB2F019E3 F-Secure = Gen:Variant.Vundo.16 VIPRE = Virtumonde F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.AOOB Norman = W32/Kryptik.AIF Sophos = Mal/Generic-L GData = Gen:Variant.Vundo.16 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.oxp BitDefender = Gen:Variant.Vundo.16 NOD32 = a variant of Win32/Kryptik.OXP
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:03:12 03:17:07-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 40960 Initialized Data Size : 126976 Uninitialized Data Size : 0 Entry Point : 0x72b2 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.6914.0 Product Version Number : 6.1.6914.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 1 Language Code : English (U.S.) Character Set : Unicode Company Name : SEIKO EPSON CORPORATION File Description : EPSON Printer Driver File Version : 6.1.6914.0 (fbl_dox_dev_ihvs.081001-2123) Internal Name : ep0lvr1g.dll Legal Copyright : Copyright (c) SEIKO EPSON CORPORATION 2003-2004. All rights reserved. Original Filename : ep0lvr1g.dll Product Name : EPSON Printer Driver Product Version : 6.1.6914.0
VirusTotal Report submitted 2011-10-26 16:46:56
VirusShare info last updated 2012-07-26 14:37:15

	MD5	73cfed04ef991145534d488aa2ff3ede
	SHA1	953627aeea676edf47310e4839b602173e90c076
	SHA256	6715b26ae928d4f4d3ae441c5974f79a01230a0bc1efa2da0362d372a43fe3bc
SSDeep	1536:38aQ5QjCD/sntOeEbaJpYj5Uwj/JFXcCBz8HZIFuUY2Z:38aQ5QjCD/sVENj5UwjzMKzPFrY2Z
Size	69632 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay Panda = Suspicious file nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware Emsisoft = Trojan.Win32.Pirminay!IK Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = HeurEngine.MaliciousPacker F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.BZ.gen!Eldorado Norman = W32/Kryptik.AIF GData = Gen:Variant.Vundo.4 Symantec = Packed.Generic.305 Commtouch = W32/Virtumonde.BZ.gen!Eldorado BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.GND
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:02:10 06:48:56-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 26624 Initialized Data Size : 78336 Uninitialized Data Size : 0 Entry Point : 0x76b1 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Microsoft Fax Print Monitor File Version : 6.0.6000.16386 (vista_rtm.061101-2205) Internal Name : FXSMON.DLL Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : FXSMON.DLL Product Name : Microsoft® Windows® Operating System Product Version : 6.0.6000.16386
VirusTotal Report submitted 2011-11-10 21:01:15
VirusShare info last updated 2012-07-26 14:38:27

	MD5	8a8027edb995938995d32716cd89c40b
	SHA1	95859fea6acb62b1923e93f3b27c04865b9dcacd
	SHA256	9659057489b12a7aaf9eec54c4392f69820260535a8604680a7ba608be8b178b
SSDeep	3072:+XOKuBVXj7BVCR1n8049IMrv7lIMqqDLy/7:EOKQ1XBVCRFYHqqDLu
Size	114688 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-HH [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.HDC Panda = Suspicious file nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!LhziiNN6I7Y eTrust-Vet = Win32/Monder.A!generic TrendMicro-HouseCall = TROJ_GEN.R11C2IB Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Genome.wtzr SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[RE] McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.Smardec.75 TrendMicro = TROJ_GEN.R11C2IB Kaspersky = Trojan.Win32.Genome.wtzr Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic24.QAZ Norman = W32/Suspicious_Gen2.RWEXJ GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.QGJ
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:17 17:09:44-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 45056 Initialized Data Size : 110592 Uninitialized Data Size : 0 Entry Point : 0x78ca OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.0 Product Version Number : 5.2.3790.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Unicode Company Name : Drpoykpnw Nqiveywtblj File Description : Kernel Security Support Provider Interface File Version : 5.2.3790.0 (srv03_rtm.030324-2048) Internal Name : ksecdd.sys Legal Copyright : © Zgerjbzqh Runbrcbkpwz. All rights reserved. Original Filename : ksecdd.sys Product Name : Nsytoxfoj® Kwzjspk® Todupmbgw Ylfudo Product Version : 5.2.3790.0
VirusTotal Report submitted 2011-12-02 11:15:35
VirusShare info last updated 2012-07-26 14:38:38

	MD5	4dcb648119c131ac7dbab8259098bec2
	SHA1	95c3ce098016f410b671190208475e55104ebb3a
	SHA256	65d57c75ffbf89a5efc9fe76e32a287b2e1c046d01fa439d25c4ab2bb73f6471
SSDeep	3072:qJua2xYJXdKtGwg1ImwVOrsIlu6vVSbu/yf34:OuaKUf1Fbstum3
Size	131072 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Trj/Genetic.gen nProtect = Trojan/W32.Agent.131072.ALD K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!k48pJp82Tsc eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R4FC1GG Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Monder.mtio SUPERAntiSpyware = Trojan.Agent/Gen-Vundo McAfee-GW-Edition = Vundo!jh DrWeb = Trojan.Virtumod.10435 TrendMicro = TROJ_GEN.R4FC1GG Kaspersky = Trojan.Win32.Monder.mtio Microsoft = Trojan:Win32/Vundo.gen!AV ViRobot = Trojan.Win32.Vundo.131072 Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Monder.adnn McAfee = Vundo!jh F-Secure = Trojan.Generic.6323162 VIPRE = Trojan.Win32.Vundo.pa (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.AQDY Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Trojan.Generic.6323162 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.llt BitDefender = Trojan.Generic.6323162 NOD32 = a variant of Win32/Kryptik.LLT
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:14 23:59:26-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 61440 Initialized Data Size : 102400 Uninitialized Data Size : 0 Entry Point : 0xc09d OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1.0.0.1 Product Version Number : 1.0.0.1 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode File Description : igfxTMM Module File Version : 1, 0, 0, 1 Internal Name : igfxTMM Legal Copyright : Copyright 2006 Original Filename : igfxTMM.DLL Product Name : igfxTMM Module Product Version : 1, 0, 0, 1
VirusTotal Report submitted 2012-03-17 18:05:47
VirusShare info last updated 2012-07-26 14:38:46

	MD5	edd86d8bbf0503be24a25e954368984e
	SHA1	960607fb609e086175795482e19aa7951dba3074
	SHA256	5619772660e3fae0050ab7ce8b9bb9526da77180320f537de3488a0ee6371737
SSDeep	1536:JPB+k14ItaFovCL73mzjgxQcttHirY286WfIYdlAT17M/2KLK5q+kZ25lS+CdP1M:JPB+KW32sph3wpK6dr5lS+KbgW
Size	134656 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.307200 Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/Win32.Monder.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Suspicious file nProtect = Gen:Variant.Vundo.5 K7AntiVirus = Riskware eTrust-Vet = Win32/Monder.A!generic Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[RE] McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.Virtumod.10591 Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Monder.acem McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.5 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CD.gen!Eldorado AVG = Generic21.BESP Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.5 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CD.gen!Eldorado BitDefender = Gen:Variant.Vundo.5 NOD32 = a variant of Win32/Adware.Virtumonde.NKO
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:01:04 11:49:58-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 32768 Initialized Data Size : 143360 Uninitialized Data Size : 0 Entry Point : 0x50d5 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Ugelvqjit Yuhuvgehrln File Description : GuideStore Module File Version : 5.1.2600.0 (luaziuor.010817-1148) Internal Name : GuideStore Legal Copyright : © Microsoft Zklqppxolqw. All rights reserved. Original Filename : GuideStore Product Name : Fxvpvqjpm® Asrwlfh® Vrdesqnoz Yoyvtv Product Version : 5.1.2600.0 Ole Self Register :
VirusTotal Report submitted 2011-10-29 16:44:03
VirusShare info last updated 2012-07-26 14:38:55

	MD5	5f11257a0fb843244a8f2df0b7bb119e
	SHA1	b9189ec436c12b4b37413c49a51667d74cd95b80
	SHA256	96c26c53303e4727bd5102f82be927940748ef4d2d3b14e7142d53ae0179ba69
SSDeep	1536:G2LvdKbElSuEJHKK4b0r39leTJJhabHLWB2vDhBEQtaGkQf:fdKbEouyKfY9leFJhcLRreGkQf
Size	76800 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Trj/Genetic.gen nProtect = Trojan/W32.Monder.76800.C K7AntiVirus = Riskware VirusBuster = Trojan.Monder.Gen.7 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Monder.nftg McAfee-GW-Edition = Generic Malware.ms Kaspersky = Trojan.Win32.Monder.nftg Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Monder.BMF!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Monder.abee McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.YJO Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen Symantec = Trojan.Gen.2 GData = Gen:Variant.Vundo.4 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.ndi BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.NDI
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:06:29 07:32:37-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 32768 Initialized Data Size : 90112 Uninitialized Data Size : 0 Entry Point : 0x4add OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 2 Language Code : Neutral Character Set : Unicode Company Name : Microsoft Feyzmogvamr File Description : Greenlandic Keyboard Layout File Version : 6.0.6000.16386 (edkrn_rtm.061101-2205) Internal Name : kbdgrlnd (3.13) Legal Copyright : © Oscyawtxx Pxpucqjdtev. All rights reserved. Original Filename : kbdgrlnd.dll Product Name : Vhrnqseir® Eipvpsk® Bxmonqxom Vrwqts Product Version : 6.0.6000.16386
VirusTotal Report submitted 2012-06-25 11:04:20
VirusShare info last updated 2012-07-26 14:39:26

	MD5	05024a5adde33c49c5314506d6f18ed4
	SHA1	96fd628caafa8d680f9c1ba5f686018799545c40
	SHA256	369e5ac287685427dc5a1db66348127d39e2fb35fc4d13226fc15b6f46e2db34
SSDeep	6144:BGow5TI25teoXej7w23yb3msGUfJ43EE+i+Fzdd:Y1juiejqb3fGUfJVEiX
Size	247290 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Gendal.6393477 Avast = Win32:Downloader-JDZ [Trj] Antiy-AVL = Trojan/Win32.Jorik Ikarus = Trojan.Win32.Jorik AhnLab-V3 = Trojan/Win32.Jorik Panda = Trj/Genetic.gen nProtect = Gen:Variant.Graftor.262 K7AntiVirus = Riskware VirusBuster = Trojan.Injector!r1Tot8G7Pd0 VBA32 = TrojanDownloader.Qhost.jw TrendMicro-HouseCall = TROJ_GEN.R30C8J3 Emsisoft = Trojan.Win32.Jorik!IK Comodo = UnclassifiedMalware CAT-QuickHeal = TrojanDownloader.Ponmocup.a SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.DownLoader5.1619 ByteHero = Trojan.Win32.Heur.Gen TrendMicro = TROJ_GEN.R30C8J3 Kaspersky = Trojan.Win32.Jorik.Pirminay.ajr Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Jorik.K!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.hxys McAfee = Generic Malware.ms F-Secure = Trojan.Generic.6393477 VIPRE = Trojan.Win32.Generic!BT AVG = Dropper.Generic4.TIL Norman = W32/Obfuscated.L Sophos = Troj/Virtum-Gen GData = Trojan.Generic.6393477 Symantec = WS.Reputation.1 TheHacker = Trojan/Jorik.Pirminay.lt BitDefender = Trojan.Generic.6393477 NOD32 = a variant of Win32/Injector.HZU
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 241664 Initialized Data Size : 8192 Uninitialized Data Size : 28672 Entry Point : 0x421f0 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Atdrtupku Cykchlnuhhu File Description : SCardDlg - Smart Card Common Dialog File Version : 5.1.2600.0 (lzxetkox.010817-1148) Internal Name : SCardDlg.dll Legal Copyright : © Xdvkdwplm Lthztkvuilh. All rights reserved. Original Filename : SCardDlg.dll Product Name : Cpscxhoyh® Uqltgvo® Tncqthbhx Jrypnh Product Version : 5.1.2600.0
VirusTotal Report submitted 2011-11-02 19:50:26
VirusShare info last updated 2012-07-26 14:39:35

	MD5	929190068c37415b1cc08c427ab9a7c3
	SHA1	cabd56b47e6c28b5c788c5719e4f009bb0e22700
	SHA256	972314e0623d638ff5312398a38e4377ef88c20d2966a06a57f821588c5df7af
SSDeep	6144:I85PWKK1EcJlKdUAY0Dk0bVXbGADqc7bEbGqlsvu++VR/UFd+6i43PHHy5h4mt/r:rD+qmJ0DF8Tbsu+aRp5h40XbT8RW
Size	639488 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Agent.640010 Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Dropper/Malware.639488.N Rising = Trojan.Win32.FakeFolder.z nProtect = Trojan.Agent.AQKY K7AntiVirus = Trojan VirusBuster = Trojan.DL.Agent!aFI8zfGFbw8 VBA32 = Trojan.Pirminay.bg TrendMicro-HouseCall = TROJ_GEN.R4FC2AR Comodo = TrojWare.Win32.Trojan.Agent.Gen Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Artemis!929190068C37 TrendMicro = TROJ_GEN.R4FC2AR Kaspersky = Trojan.Win32.Pirminay.cms Microsoft = TrojanDownloader:Win32/Renos.KC Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.p McAfee = Artemis!929190068C37 F-Secure = Trojan.Agent.AQKY VIPRE = Packed.Win32.Pirminay.a (v) AVG = Dropper.Generic2.AILC Norman = W32/Kryptik.AIF Sophos = Mal/Generic-L GData = Trojan.Agent.AQKY Symantec = Trojan.Gen TheHacker = Trojan/Pirminay.gw BitDefender = Trojan.Agent.AQKY NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2000:12:19 01:38:05-05:00 PE Type : PE32 Linker Version : 6.0 Code Size : 146944 Initialized Data Size : 754176 Uninitialized Data Size : 0 Entry Point : 0x24c7c OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-06-25 11:13:55
VirusShare info last updated 2012-07-26 14:39:42

	MD5	a4f4af215f60955d9c2566e77f90189b
	SHA1	50937808be0f4a5e2e9a854aead2321db551da96
	SHA256	99ddabcd115a3a8eecdc9d5e352f02f2c10ec539c9660a2d4707972c45dd7e9e
SSDeep	1536:dnmk0hb1p2QKQsWvEGtyHpX8XT6M+EGzG+BhHk4StYMtd4K+pmss60+G:dmkeb1pfKfHN8XT6M+EreHk47Pas7G
Size	83968 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/Win32.Menti.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Menti Panda = Suspicious file nProtect = Trojan/W32.Vundo.83968.BX K7AntiVirus = Riskware VBA32 = AdWare.SuperJuan.heur TrendMicro-HouseCall = TROJ_GEN.R30C2HU Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Vundo.Gen McAfee-GW-Edition = Vundo!mb DrWeb = Trojan.Siggen2.56183 TrendMicro = TROJ_GEN.R30C2HU Kaspersky = Trojan.Win32.Menti.hxdg Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Menti.fam!tr PCTools = Trojan.Vundo TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Menti.bea McAfee = Vundo!mb F-Secure = Gen:Variant.Vundo.6 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Cryptic.BTF Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.6 Symantec = Trojan.Vundo!gen9 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.izc BitDefender = Gen:Variant.Vundo.6 NOD32 = a variant of Win32/Kryptik.IZC
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:05:11 05:10:22-04:00 PE Type : PE32 Linker Version : 5.0 Code Size : 33280 Initialized Data Size : 85504 Uninitialized Data Size : 0 Entry Point : 0x8eca OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.0.2920.0 Product Version Number : 5.0.2920.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Internet Connection Wizard Trial Reminder Helper File Version : 5.00.2920.0000 Internal Name : trialoc Legal Copyright : Copyright (C) Microsoft Corp. 1991-1999 Original Filename : trialoc.dll Product Name : Microsoft(R) Windows (R) 2000 Operating System Product Version : 5.00.2920.0000 Ole Self Register :
VirusTotal Report submitted 2012-06-25 12:23:50
VirusShare info last updated 2012-07-26 14:41:27

	MD5	0d662e9e23021bb114efcdd4de0bbb56
	SHA1	60540004bdf444c4c18778d92f5f51d02479f2be
	SHA256	9a8f8abcc46823f6fe901b898076395f1b72686f6f590918eb8e27c5ee5dce71
SSDeep	6144:Ug6UZ/XtCjb53LIT1jx1KgVjJGu96+tnqGaVMiEouzwa:U/Yvm3OjxkgVlVthwu5
Size	315302 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.XPACK.Gen Avast = Win32:Pirminay-H [Trj] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Suspicious file K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_GEN.R4FC2CE Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Pirminay.nep McAfee-GW-Edition = Downloader-CEW.ag TrendMicro = TROJ_GEN.R4FC2CE Kaspersky = Trojan.Win32.Pirminay.nep Microsoft = TrojanDownloader:Win32/Renos.KC Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.ADH Jiangmin = Trojan/Pirminay.kt McAfee = Downloader-CEW.ag F-Secure = Gen:Variant.Zbot.34 VIPRE = Trojan.Win32.Generic!BT AVG = Generic21.KCC Norman = W32/Kryptik.AIF Sophos = Mal/Ponmocup-A GData = Gen:Variant.Zbot.34 Symantec = Trojan.ADH.2 TheHacker = Trojan/Kryptik.jzc BitDefender = Gen:Variant.Zbot.34 NOD32 = a variant of Win32/Kryptik.JZC
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2002:12:17 15:44:00-05:00 PE Type : PE32 Linker Version : 5.12 Code Size : 28672 Initialized Data Size : 565248 Uninitialized Data Size : 0 Entry Point : 0x78b6 OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : Debug File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Session Disconnection Utility File Version : 5.1.2600.0 (xpclient.010817-1148) Internal Name : tsdiscon Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : tsdiscon.exe Product Name : Microsoft® Windows® Operating System Product Version : 5.1.2600.0
VirusTotal Report submitted 2012-06-25 12:39:02
VirusShare info last updated 2012-07-26 14:41:50

	MD5	f8040c8356d96cb437e0714c331f2003
	SHA1	a183885fc250a8374fc1d2e861564bf9ba1181b7
	SHA256	2825121d05f06522425adc92e6eb490163fa45a9062c17adcb5fb56f3b56b091
SSDeep	12288:ntkgaIOMo2C75Z1ZHNGmIFgGVcoSTy7zmUxp:n6bUCz1ZHNGTnVaynmUP
Size	1417063 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.XPACK.Gen Avast = Win32:Trojan-gen Ikarus = Gen.Variant.Vundo VBA32 = SScope.Trojan.Pirminay.chc Emsisoft = Gen.Variant.Vundo!IK Comodo = Packed.Win32.MUPX.Gen McAfee-GW-Edition = Downloader-CEW.ag DrWeb = Trojan.Hosts.303 Kaspersky = Trojan.Win32.Pirminay.ces Microsoft = TrojanDownloader:Win32/Renos.KC Jiangmin = Trojan/Pirminay.im McAfee = Downloader-CEW.ag F-Secure = Trojan.Generic.KDV.116195 AVG = Downloader.Generic10.BZHX GData = Trojan.Generic.KDV.116195 BitDefender = Trojan.Generic.KDV.116195 NOD32 = Win32/TrojanDropper.Agent.PEW
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:20 14:53:00-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 266240 Initialized Data Size : 368640 Uninitialized Data Size : 786432 Entry Point : 0x8694 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 11.0.1156.0 Product Version Number : 11.0.0.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Opera Software File Description : Opera Internet Browser File Version : 1156 Internal Name : Opera Legal Copyright : Copyright © Opera Software 1995- Original Filename : Opera.exe Product Name : Opera Internet Browser Product Version : 11.00
VirusTotal Report submitted 2011-11-01 02:36:46
VirusShare info last updated 2012-07-26 14:45:55

	MD5	b70235b88f0afa3b2479556be07eae5b
	SHA1	7da1efad5e6ad5d2cf5f5ae0c81a3478a8a48dab
	SHA256	a1ebb38924023c28acd034a1f7ed218e3b46160b8ffcaefedb704b7c56db4d66
SSDeep	1536:Aan/l4baZ4N3Omwqnf9CzMtxwiWhMNEjBTCtS8kU2mUYgkD7oJAkg4+uMzGeFSe/:ln94rJF/txeOOTxqoJAJuMzGOuxFduF
Size	110592 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/Win32.Monder.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Suspicious file K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!PUepKg0Dxqw VBA32 = AdWare.SuperJuan.heur TrendMicro-HouseCall = TROJ_SPNR.15KH11 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Monder.mtyn McAfee-GW-Edition = Vundo!mj DrWeb = Trojan.Virtumod.9890 TrendMicro = TROJ_SPNR.15KH11 Kaspersky = Trojan.Win32.Monder.mtyn Microsoft = Trojan:Win32/Vundo.gen!AV ViRobot = Trojan.Win32.A.Monder.110592.B Fortinet = W32/Menti.fam!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.H!generic McAfee = Vundo!mj F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic25.SWJ Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.13 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.kfj BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.LLT
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:30 19:28:27-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 53248 Initialized Data Size : 86016 Uninitialized Data Size : 0 Entry Point : 0xd174 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 3.2.0.25 Product Version Number : 3.2.0.25 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : File Description : PPServer Module File Version : 3, 2, 0, 25 Internal Name : PPServer Legal Copyright : Copyright 1999 Legal Trademarks : OLE Self Register : Original Filename : PPServer.DLL Private Build : Product Name : PPServer Module Product Version : 3, 2, 0, 25 Special Build :
VirusTotal Report submitted 2012-06-25 15:53:19
VirusShare info last updated 2012-07-26 14:46:10

	MD5	e39e040bc6656c4eed7923547f6e0da0
	SHA1	a28d12a84ab819fa16f71723671426ec2089837c
	SHA256	b20d946c694d8f082638d98640422848bec4eef6a37fcb982c0e1cf97ef51fa4
SSDeep	3072:SNLpnR+W+lwePBS6BdFrwXppPDFo6CXHi:MOWapB7rwPDp
Size	106496 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = AdWare/Win32.SuperJuan.gen Ikarus = Trojan.Win32.Pirminay Panda = Suspicious file Rising = Trojan.Win32.Generic.1231EA1B nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware Emsisoft = Trojan.Win32.Pirminay!IK Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = HeurEngine.MaliciousPacker Jiangmin = Adware/SuperJuan.gn F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.BZ.gen!Eldorado Norman = W32/Kryptik.AIF GData = Gen:Variant.Vundo.4 Symantec = Packed.Generic.305 Commtouch = W32/Virtumonde.BZ.gen!Eldorado BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.GND
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:08:12 22:36:11-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 60928 Initialized Data Size : 82432 Uninitialized Data Size : 0 Entry Point : 0xfc8d OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Windows Driver Foundation - User-mode Driver Framework Reflector File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : WUDFRd.sys Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : WUDFRd.sys Product Name : Microsoft® Windows® Operating System Product Version : 6.1.7600.16385
VirusTotal Report submitted 2011-10-13 03:03:07
VirusShare info last updated 2012-07-26 14:46:30

	MD5	a0d809e075f8f9e0d5e7c22c6fe7a903
	SHA1	a28e1448122113f3267caad3683aaaf1e23cc45e
	SHA256	3b1520807e6803fea7f27eeb191c09caf97451c09d41d0af8376e5726a8fe068
SSDeep	3072:OQcFe/an5mhwXoxsOS2rHc3N6yaqopMqqDLy/o0Mk+WsN9YzG6L:wuan5GNS2rc9z1qqDLupWFN9wl
Size	151552 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:Pirminay-BU [Trj] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.HDC Panda = Generic Trojan nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!W2nmW55GhfY Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[RE] McAfee-GW-Edition = Artemis!A0D809E075F8 DrWeb = Trojan.MulDrop2.36782 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.jjsi McAfee = Vundo!mp F-Secure = Gen:Variant.Vundo.4 F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.AJYV Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2007:12:29 14:43:51-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 65536 Initialized Data Size : 126976 Uninitialized Data Size : 0 Entry Point : 0xc54a OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 8.0.50727.312 Product Version Number : 8.0.50727.312 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : Neutral Character Set : Unicode Comments : Rjkymdvsz.Vsa.dll Company Name : Microsoft Ywhjzxcoxnx File Description : Kvzzuphmx.Vsa.dll File Version : 8.0.50727.312 Internal Name : Klowbbdwk.Vsa.dll Legal Copyright : © Microsoft Yhxoenspolo. All rights reserved. Original Filename : Hhqanbsgd.Vsa.dll Product Name : Izzpvisya (R) Visual Studio (R) 2005 Product Version : 8.0.50727.312 Assembly Version : 8.0.0.0
VirusTotal Report submitted 2011-10-17 20:52:31
VirusShare info last updated 2012-07-26 14:46:31

	MD5	0de26ac420cf33531c4d2d159f888938
	SHA1	9f20c556b6898d0fe2f4555c34a386af6e44b7f3
	SHA256	a42bc7b9fc1a84438b84b55e8037a7e36fb7f966d0d2acb6749ca6b331489d74
SSDeep	3072:IDE8wFGFdU9X2S7qS3XOd75LhaUL7fo2lkNZ99vEdKHvj+stABOWcntZipr5TUPJ:RL0dkX2Q0NnIz5Ed4vj+sKBDcnR
Size	159744 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Vundo Panda = Suspicious file nProtect = Trojan/W32.Monder.159744.B K7AntiVirus = Trojan VBA32 = AdWare.SuperJuan.heur TrendMicro-HouseCall = TROJ_GEN.R4FC2H3 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Vundo.Gen SUPERAntiSpyware = Trojan.Agent/Gen-Vundo McAfee-GW-Edition = Vundo!my DrWeb = Trojan.Virtumod.10300 TrendMicro = TROJ_GEN.R4FC2H3 Kaspersky = Trojan.Win32.Monder.moga Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Generic.iuwy McAfee = Vundo!my F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic24.AJZR Norman = W32/Suspicious_Gen2.POUEU Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen.2 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.laq BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LAQ
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:20 15:09:33-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 102400 Initialized Data Size : 90112 Uninitialized Data Size : 0 Entry Point : 0x19814 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Program Compatibility Assistant File Version : 6.0.6000.16386 (vista_rtm.061101-2205) Internal Name : Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : Product Name : Microsoft® Windows® Operating System Product Version : 6.0.6000.16386
VirusTotal Report submitted 2012-06-25 16:49:35
VirusShare info last updated 2012-07-26 14:47:28

	MD5	df7789b5ba0cf0630437c58a9d2fbd47
	SHA1	a443743a56cb6880e45eadff2decda4231b506e7
	SHA256	8009a40578a8a6d5ed1d3aae45f9684e58e8a37f40f7c7689fbf7bdd57193854
SSDeep	3072:svZH87vJbA8EMk9OD5jCEKFFrLolEMqqDLy/Nn+Pe/4NKCnsV:sv4Gp9OD5nw1LeqqDLuNsOuKqs
Size	160768 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:Trojan-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Vundo Panda = Generic Trojan nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!4OpO7Jrai9Y eTrust-Vet = Win32/Monder.A!generic TrendMicro-HouseCall = TROJ_GEN.R4FC2IH Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Artemis!DF7789B5BA0C DrWeb = Trojan.Click1.64012 TrendMicro = TROJ_GEN.R4FC2IH Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV ViRobot = Trojan.Win32.Vundo.160768 Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.ijxo McAfee = Artemis!DF7789B5BA0C F-Secure = Gen:Variant.Vundo.4 F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.AZQC Norman = W32/Suspicious_Gen2.QTMVF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.lxf BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:08:19 09:46:42-04:00 PE Type : PE32 Linker Version : 5.12 Code Size : 94208 Initialized Data Size : 118784 Uninitialized Data Size : 0 Entry Point : 0x13a32 OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.6.7000.0 Product Version Number : 6.6.7000.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Vnrmgjtri Lpzybpvwlac File Description : DirectShow Runtime. File Version : 6.6.7000.0 (winmain_win7beta.081212-1400) Internal Name : QCap.dll Legal Copyright : © Uytnvwlob Dbtjrslawzr. All rights reserved. Original Filename : QCap.dll Product Name : Rkathmooi® Rufbqqx® Vnvlhzjpv Gjyxup Product Version : 6.6.7000.0 Ole Self Register :
VirusTotal Report submitted 2011-10-18 18:55:14
VirusShare info last updated 2012-07-26 14:47:32

	MD5	d257f78631b8bd1bb5b3cb20f64e51e4
	SHA1	be3ca889b78d93e12b569dfdf11f4dd01582f27a
	SHA256	a53de13268de58914b664accb31bf12eef338137a8044959e98efe8097364fa4
SSDeep	3072:aEmumIYvpAvxK7/hSfHyvKrql85N5esH/arptMKw+CP/6lyab:9XkCqyqu5Z/aFtnwPP/v
Size	126464 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/Win32.Monder.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Trj/Genetic.gen nProtect = Trojan/W32.Vundo.126464 K7AntiVirus = Trojan VirusBuster = Trojan.Kryptik!R1PCIU9ZQQo VBA32 = Trojan.Monder.mvip TrendMicro-HouseCall = TROJ_SPNR.15KL11 Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Artemis!D257F78631B8 DrWeb = Trojan.Virtumod.10220 TrendMicro = TROJ_SPNR.15KL11 Kaspersky = Trojan.Win32.Monder.mvip Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.H!generic McAfee = Artemis!D257F78631B8 F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.AG Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2005:03:14 09:03:46-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 77824 Initialized Data Size : 94208 Uninitialized Data Size : 0 Entry Point : 0xff29 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.13.1.3198 Product Version Number : 6.13.1.3198 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 4 Language Code : English (U.S.) Character Set : Unicode Company Name : Intel(R) Vdigjpuwacr File Description : Digital Display Minidriver for Intel(R) Graphics Driver File Version : 6.13.01.3198 Internal Name : Ch7xxnt5.dll Legal Copyright : Copyright (c) 1998-2001 Intel(R) Jtvjbebzjlz. Original Filename : Ch7xxnt5.dll Product Name : Intel(R) Graphics Accelerator Drivers for Windows NT(R) Product Version : 6.13.01.3198
VirusTotal Report submitted 2012-06-25 17:17:30
VirusShare info last updated 2012-07-26 14:48:06

	MD5	3c4fb2b963325a4f94d3054762d87036
	SHA1	a76d54d8d7ddf8deb3661d5882725534442c88f4
	SHA256	942a466f0914c7d23956b2eb15e6ad7963db69e30d848ca98120e1e0c18633a5
SSDeep	1536:U8vJUL2fOMszAksV0o0ea3fLq8cSaS2IDnuGaU+eYrX89LLRxycHe:Bv6hTszamnunuGDk89L1kc+
Size	102400 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/Win32.Monder.gen Ikarus = Trojan.Win32.Pirminay Panda = Generic Trojan nProtect = Gen:Variant.Vundo.13 K7AntiVirus = Riskware VirusBuster = Trojan.Monder!DKQr3ks81go VBA32 = AdWare.SuperJuan.heur eTrust-Vet = Win32/Monder.A!generic TrendMicro-HouseCall = TROJ_GEN.R06C7KO Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Vundo.Gen McAfee-GW-Edition = Vundo!na DrWeb = Trojan.Virtumod.9849 TrendMicro = TROJ_GEN.R06C7KO Kaspersky = Trojan.Win32.Monder.navz Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Menti.fam!tr Jiangmin = Trojan/Monder.aamf McAfee = Vundo!na F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CI.gen!Eldorado AVG = Generic21.PAK Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.13 Symantec = WS.Reputation.1 Commtouch = W32/Virtumonde.CI.gen!Eldorado BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Adware.Virtumonde.NKL
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:04:12 14:40:36-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 49152 Initialized Data Size : 86016 Uninitialized Data Size : 0 Entry Point : 0xc58e OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1.10.0.12 Product Version Number : 1.10.0.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 8 Language Code : English (U.S.) Character Set : Windows, Latin1 Company Name : Radius Inc. File Description : Cinepak® Codec File Version : 1.10.0.11 Internal Name : iccvid Legal Copyright : Copyright © 1992-1995 Radius Inc., All Rights Reserved Legal Trademarks : Cinepak® is a trademark of Radius Inc. Original Filename : iccvid.drv Product Name : Cinepak for Windows 32 Product Version : 1.10.0.0
VirusTotal Report submitted 2012-01-05 07:12:34
VirusShare info last updated 2012-07-26 14:49:27

	MD5	598062e0c2ae5e122cc38de246da4ec6
	SHA1	11db793debbed78e6149042fb4feb426437f268b
	SHA256	a7e6041ae9d71dfb50a796becde25752be8e1bac71a16f9a0a0e7cc2eab182a1
SSDeep	6144:qX2qH3IWRbEfHgUPvP1aiE/bzf3dz9DwMkKG:0bR4fRPxEX3dZm
Size	290183 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.ZPACK.Gen2 Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Suspicious file K7AntiVirus = Riskware VBA32 = Trojan.Pirminay.awj TrendMicro-HouseCall = TROJ_GEN.R3BCRCN Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Pirminay.cpg McAfee-GW-Edition = Kryp.b DrWeb = Trojan.Hosts.5202 TrendMicro = TROJ_GEN.R3BCRCN Kaspersky = Trojan.Win32.Pirminay.cpg Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Kryptik.ANL!tr PCTools = HeurEngine.MaliciousPacker Jiangmin = Trojan/Pirminay.fn McAfee = Kryp.b F-Secure = Gen:Variant.Vundo.6 VIPRE = Trojan.Win32.Generic!BT F-Prot = W32/FakeAlert.LP.gen!Eldorado AVG = Generic20.BJVS Norman = W32/Kryptik.AIF GData = Gen:Variant.Vundo.6 Symantec = Packed.Generic.305 Commtouch = W32/FakeAlert.LP.gen!Eldorado TheHacker = Trojan/Pirminay.awi BitDefender = Gen:Variant.Vundo.6 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2007:02:09 13:18:38-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 29696 Initialized Data Size : 515072 Uninitialized Data Size : 0 Entry Point : 0x803c OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.3.3790.3959 Product Version Number : 5.3.3790.3959 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : Neutral Character Set : Unicode Company Name : Microsoft Corporation File Description : WDM CODEC Class Device Driver 2.0 File Version : 5.3.3790.3959 (srv03_sp2_rtm.070216-1710) Internal Name : stream.sys Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : stream.sys Product Name : Microsoft(R) Windows(R) Operating System Product Version : 5.3.3790.3959
VirusTotal Report submitted 2012-06-25 18:25:36
VirusShare info last updated 2012-07-26 14:49:44

	MD5	6e6faea034ec750f55b6535a3c4763e1
	SHA1	7fda57b1a69bb36a9abe8ffe7e36a39c6b1e258f
	SHA256	a81a0d9ab40c0656a555ad74588e664737c5f080610073d95c955e394c447e8a
SSDeep	3072:1pFIezrZLbFy36LLS54iFVLrhlaMqqDLy/ymTgKCEU:TFIqN39LLiFVPlqqDLu
Size	118784 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-HH [Cryp] Antiy-AVL = Trojan/Win32.Monder.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.HDC Panda = Suspicious file nProtect = Trojan.Generic.6412317 K7AntiVirus = Trojan VirusBuster = Trojan.Genome!YAF3UICN4Uc TrendMicro-HouseCall = TROJ_GEN.R4FC2IE Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Kryptik McAfee-GW-Edition = Vundo!lp DrWeb = Trojan.Virtumod.10378 TrendMicro = TROJ_GEN.R4FC2IE Kaspersky = Trojan.Win32.Genome.uxsc Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.H!generic McAfee = Vundo!lp F-Secure = Trojan.Generic.6412317 VIPRE = Trojan.Win32.Kryptik.laq (v) AVG = Generic23.PNV Norman = W32/Kryptik.AIF GData = Trojan.Generic.6412317 Symantec = Trojan.Gen BitDefender = Trojan.Generic.6412317 NOD32 = a variant of Win32/Kryptik.OXQ
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:01:09 15:52:06-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 81920 Initialized Data Size : 77824 Uninitialized Data Size : 0 Entry Point : 0x101a6 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1.1.0.0 Product Version Number : 1.1.0.0 File Flags Mask : 0x003f File Flags : Private build, Special build File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : RioDrv.sys Company Name : S3/Diamond Multimedia Gmrrhgs File Description : RioDrv Usb Driver File Version : 1.00.0000.0 Internal Name : RioDrv.sys Legal Copyright : Coyright (C) S3/Diamond Multimedia Phymmns 1999 Legal Trademarks : Diamond Multimsdia Qocawws Original Filename : RioDrv.sys Private Build : 0 Product Name : RioDrv Product Version : 1.00.0000.0 Special Build : 0
VirusTotal Report submitted 2012-06-25 18:31:17
VirusShare info last updated 2012-07-26 14:49:53

	MD5	fa2abd8f17c1fffdfd34337697132044
	SHA1	a8b8d8445d4e54ebc144eab2188ac5996bcc776a
	SHA256	a9c5bef97bba3ec5add6ce136a0e35065a6204a11748241ef90a84c31d769df8
SSDeep	3072:tuXnIOOsF/7Wy07xA89q8hnQ2rL9jzgs4IVMo+4hUe:YXPOqTWy07xA89q8d/Vj8FI6e
Size	112128 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/Win32.Menti.gen Ikarus = Trojan.Win32.Pirminay Panda = Suspicious file Rising = Trojan.Win32.Generic.1263CE9C nProtect = Trojan/W32.Vundo.112128.C K7AntiVirus = Trojan VirusBuster = Trojan.Menti!aUojERaXak4 TrendMicro-HouseCall = TROJ_GEN.R21C7K9 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Menti.iniq McAfee-GW-Edition = Artemis!FA2ABD8F17C1 DrWeb = Trojan.Siggen3.50667 TrendMicro = TROJ_GEN.R21C7K9 Kaspersky = Trojan.Win32.Menti.iniq Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Menti.rvk McAfee = Artemis!FA2ABD8F17C1 F-Secure = Gen:Variant.Vundo.4 F-Prot = W32/Virtumonde.BZ.gen!Eldorado AVG = Cryptic.DQQ Norman = W32/Kryptik.AIF GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen.2 Commtouch = W32/Virtumonde.BZ.gen!Eldorado BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.IAC
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:05 00:49:25-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 77312 Initialized Data Size : 57344 Uninitialized Data Size : 0 Entry Point : 0x13bbd OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7000.0 Product Version Number : 6.1.7000.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : Neutral Character Set : Unicode Company Name : Microsoft Corporation File Description : JP Japanese Keyboard Layout for (NEC PC-9800) File Version : 6.1.7000.0 (winmain_win7beta.081212-1400) Internal Name : kbdnec Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : kbdnec.dll Product Name : Microsoft® Windows® Operating System Product Version : 6.1.7000.0
VirusTotal Report submitted 2012-06-25 19:09:11
VirusShare info last updated 2012-07-26 14:50:20

	MD5	3f2568b8339ee1add88ef4eb3951f9b0
	SHA1	b2040c1895131fc875c54e1cb0b27c51983d8128
	SHA256	a8c6d195133383ebdf1a82ce6c017d2edddefd60d891d6ca51d410e273361357
SSDeep	3072:QK9Rzzx0FocogzvLa/PQBjrpUUNBUZ+ONjjRgGGowNRJ/qCMlCIjh:Q2pN0FrvLa/POpUcBUZJdot/qCRIV
Size	254464 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.307200 Avast = Win32:MalOb-HF [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Vundo Panda = Suspicious file nProtect = Trojan/W32.Vundo.254464 K7AntiVirus = Trojan VirusBuster = Trojan.Kryptik!0E4qxj/3ZbE VBA32 = AdWare.SuperJuan.ygp TrendMicro-HouseCall = TROJ_GEN.R4FC2HP Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.Virtumod.10190 TrendMicro = TROJ_GEN.R4FC2HP Kaspersky = Trojan.Win32.Monder.nqzt Microsoft = Trojan:Win32/Vundo.gen!AV ViRobot = Trojan.Win32.Vundo.254464 Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Generic.jvrv McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.JEF Norman = W32/Suspicious_Gen2.QHRXR Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.13 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.GND
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2007:12:20 17:01:38-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 204800 Initialized Data Size : 94208 Uninitialized Data Size : 0 Entry Point : 0x2f3b5 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Jttzhhmdi Vjiiaoplctc File Description : SCardDlg - Smart Card Common Dialog File Version : 5.1.2600.0 (yvywulan.010817-1148) Internal Name : SCardDlg.dll Legal Copyright : © Snpnkzxmi Yozavscukad. All rights reserved. Original Filename : SCardDlg.dll Product Name : Kirnpcykr® Wfskfng® Sifehdeej Zccuxi Product Version : 5.1.2600.0
VirusTotal Report submitted 2012-06-25 18:47:24
VirusShare info last updated 2012-07-26 14:50:21

	MD5	6074f663844e212b6d15ebc51fd40d88
	SHA1	a8d2e02fd3827728b3e6a99f64f0811c4eba204c
	SHA256	d7b606924317080bafe410a3ca0987d5e90b847c45c1b1e69a91d06b0025c8a0
SSDeep	3072:NxblNeWs048qQXzIkia1FUHonR9ffh2AOqqafcCF5acFljfVnqyoznTEkVbwwrcE:NMuIn2FUH4fkqqafcijBqzzoUHrczoR
Size	236544 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Jorik.Pirminay.agx.1 Avast = Win32:Malware-gen Ikarus = Trojan-Downloader.Win32.Ponmocup AhnLab-V3 = Trojan/Win32.Pirminay Panda = Suspicious file Comodo = TrojWare.Win32.Trojan.Agent.Gen Emsisoft = Trojan-Downloader.Win32.Ponmocup!IK DrWeb = Trojan.DownLoader4.62803 ByteHero = Trojan.Win32.Heur.Gen Kaspersky = Trojan.Win32.Jorik.Pirminay.agx PCTools = Trojan.Gen Jiangmin = Trojan/Generic.kfzm VIPRE = Trojan.Win32.Generic!BT AVG = Generic25.GRN Norman = W32/Obfuscated.L GData = Win32:Malware-gen Symantec = Trojan.Gen
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 16384 Initialized Data Size : 225280 Uninitialized Data Size : 0 Entry Point : 0x128a OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.0 Product Version Number : 5.2.3790.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Njdudffvd Jyvenoelyaw File Description : Keyring Manager Application File Version : 5.2.3790.0 (srv03_rtm.030324-2048) Internal Name : keymgr.cpl Legal Copyright : © Fqiychnra Rmblnqxcpuq. All rights reserved. Original Filename : keymgr.cpl Product Name : Ujthbhwpu® Guluxzj® Vdcajnoha Psvvtr Product Version : 5.2.3790.0
VirusTotal Report submitted 2011-10-02 22:23:25
VirusShare info last updated 2012-07-26 14:50:23

	MD5	35d7227e0bb765555b9aa32041d08c8a
	SHA1	a95e62b9d654f2b78db20f457add147fcb0d9398
	SHA256	d28d98753e2fb6ceb4034cb4e6479d7f641a2dae2684d0efec0a63a629d44e06
SSDeep	768:eqtHA9E14s6/bCEjpZvzvnTdohIsl1p50LzFhg2yLWyuYu2kwHUXaI5KidosHnV:5v14s61TdoaaiL5W2yLnu2k2UXl5pNn
Size	49664 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/Win32.Menti.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Menti Panda = Suspicious file nProtect = Trojan/W32.Menti.49664 K7AntiVirus = Riskware VirusBuster = Trojan.Menti!phcReInxHhs VBA32 = AdWare.SuperJuan.heur eTrust-Vet = Win32/vundo.HTO!genus TrendMicro-HouseCall = TROJ_GEN.R3AC1L9 Comodo = TrojWare.Win32.Genome.~BS Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Vundo.AV6 McAfee-GW-Edition = Vundo!na DrWeb = Trojan.Siggen2.12319 TrendMicro = TROJ_GEN.R3AC1L9 Kaspersky = Trojan.Win32.Menti.iwmn Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Menti.qcr McAfee = Vundo!na F-Secure = Gen:Variant.Vundo.5 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.SU AVG = Cryptic.BTF Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.5 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.SU TheHacker = Trojan/Menti.hisl BitDefender = Gen:Variant.Vundo.5 NOD32 = a variant of Win32/Kryptik.JHE
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2002:08:22 22:50:22-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 6656 Initialized Data Size : 78848 Uninitialized Data Size : 0 Entry Point : 0x2654 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1.2.0.6 Product Version Number : 1.2.0.6 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Unicode Company Name : VMware, Inc. File Description : VMware SCSI Controller Driver File Version : 1.2.0.6 Internal Name : vmscsi.sys Legal Copyright : Copyright © 1998-2006 VMware, Inc. Original Filename : vmscsi.sys Product Name : VMware SCSI Controller Driver Product Version : 1.2.0.6
VirusTotal Report submitted 2012-02-29 21:00:17
VirusShare info last updated 2012-07-26 14:50:43

	MD5	ac809e3018164483efb832c1d1f337c1
	SHA1	a996d227cb3bbd327c773b67828898785781388b
	SHA256	ad759863a46dc68bbf8bd278b1ea1294838ab36fb864484489b187f1de110cc9
SSDeep	6144:7WJkHKzZt4rkwIIltQwajrtfb2krFW82SkHFFc+R791:7ykHC34oIjujrtBFW8vklFc+Z91
Size	249825 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Jorik AhnLab-V3 = Trojan/Win32.Jorik Panda = Trj/CI.A nProtect = Gen:Variant.Downloader.10 VirusBuster = Trojan.Injector!/9uGV7FvZSQ VBA32 = TrojanDownloader.CodecPack.sjt TrendMicro-HouseCall = TROJ_GEN.R4FC8JK Emsisoft = Trojan.Win32.Jorik!IK McAfee-GW-Edition = Artemis!AC809E301816 DrWeb = Trojan.DownLoader5.13524 ByteHero = Trojan.Win32.Heur.Gen TrendMicro = TROJ_GEN.R4FC8JK Kaspersky = Trojan.Win32.Jorik.Pirminay.atf Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Jorik.K!tr PCTools = Trojan.ADH Jiangmin = Trojan/Generic.hxys McAfee = Artemis!AC809E301816 F-Secure = Gen:Variant.Downloader.10 VIPRE = Trojan.Win32.Generic!BT AVG = Dropper.Generic4.ABKX Norman = W32/Kryptik.ALS Sophos = Troj/Virtum-Gen GData = Gen:Variant.Downloader.10 Symantec = Trojan.ADH.2 BitDefender = Gen:Variant.Downloader.10 NOD32 = a variant of Win32/Injector.HZU
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 249856 Initialized Data Size : 4096 Uninitialized Data Size : 45056 Entry Point : 0x47f10 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 0.3.1536.1 Product Version Number : 1.10.2.11 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : CANON INC. File Description : Canon Inkjet Printer Driver File Version : 1.10.2.11 (fbl_dox_dev_ihvs.081016-1807) Internal Name : CNBBRxxx.DLL Legal Copyright : Copyright CANON INC. 2008 All Rights Reserved Original Filename : CNBBRxxx.DLL Product Name : Canon Inkjet Printer Driver Product Version : 1.10.2.11
VirusTotal Report submitted 2011-11-25 03:15:07
VirusShare info last updated 2012-07-26 14:50:51

	MD5	8e83dc3a56f5e9d864f147d143d5d89e
	SHA1	ab22467865e927cf1d43da1eed9478aaeae49592
	SHA256	89c638a8e327ecf296ba5dc9127069f9828789710d12d40d7c043350546cab5e
SSDeep	1536:X4Pl3NjQxtHNc4/TM4JHlCLYo0tl4NEzOFXYDOWie0XwQlqfLvZYltMqqU+NV23C:Xc3NjQxti4o4JEGzFOz9bltMqqDLy/g
Size	106496 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-HH [Cryp] Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.HDC Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.13 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!fuh1WEq+pVc eTrust-Vet = Win32/Monder.A!generic TrendMicro-HouseCall = TROJ_GEN.R4FC2IH Emsisoft = Trojan.Win32.Pirminay!IK Comodo = TrojWare.Win32.Agent.bigv SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.Click1.63759 TrendMicro = TROJ_GEN.R4FC2IH Kaspersky = Trojan.Win32.Genome.wtlu Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.imqp McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.BIGV Norman = W32/Suspicious_Gen2.QTEZE Sophos = Troj/Virtum-Gen Symantec = Trojan.Gen GData = Gen:Variant.Vundo.13 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.qgj BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.QGJ
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2007:02:27 09:16:06-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 69632 Initialized Data Size : 77824 Uninitialized Data Size : 0 Entry Point : 0xd122 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6001.18000 Product Version Number : 6.0.6001.18000 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Akpnpwrcr Pexeeulhuca File Description : LSM interfaces proxy Dll File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840) Internal Name : lsmproxy Legal Copyright : © Tastipylf Ipxebkcrbut. All rights reserved. Original Filename : lsmproxy.dll Product Name : Rrgtnesae® Tymuurc® Qmgdoyonk Qtzlas Product Version : 6.0.6001.18000
VirusTotal Report submitted 2011-11-16 04:28:32
VirusShare info last updated 2012-07-26 14:51:46

	MD5	206d8d6bd59bfe7b7ace95bb7fd00cbf
	SHA1	ab4740fd632612f4787bab23e4f0f76b3f0c8e59
	SHA256	85ff628ca74fc8e357814c7991c6a18ddadd2212384074ae224595a8b1538818
SSDeep	6144:xekbiQCNmfxNx11xPMn+WoMfIT0nZqKUGZtTthrxX0CqNea8WrOnWrigHwKtngG:xVbOU5N/qg8bZV1X0CqNea8WKWAKhgG
Size	336384 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dldr.Renos.KC.31 Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan-Downloader.Win32.Renos AhnLab-V3 = Trojan/Win32.Pirminay Panda = Suspicious file nProtect = Trojan/W32.Agent.336384.BA K7AntiVirus = Riskware VBA32 = Trojan.Agent.eigo TrendMicro-HouseCall = TROJ_GEN.R4FC1IM Emsisoft = Trojan-Downloader.Win32.Renos!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Kryp.b TrendMicro = TROJ_GEN.R4FC1IM Kaspersky = Trojan.Win32.Pirminay.beu Microsoft = TrojanDownloader:Win32/Renos.KC Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.gk McAfee = Kryp.b ClamAV = Trojan.Agent-248234 F-Secure = Trojan.Generic.5241024 VIPRE = Trojan.Win32.Generic!BT F-Prot = W32/FakeAlert.LP.gen!Eldorado AVG = Downloader.Generic10.BDCK Norman = W32/Obfuscated.L Sophos = Troj/Virtum-Gen GData = Trojan.Generic.5241024 Commtouch = W32/FakeAlert.LP.gen!Eldorado TheHacker = Trojan/Pirminay.beu BitDefender = Trojan.Generic.5241024 NOD32 = a variant of Win32/Kryptik.JCQ
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:01:07 11:55:40-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 3584 Initialized Data Size : 648704 Uninitialized Data Size : 0 Entry Point : 0x19a0 OS Version : 4.0 Image Version : 21315.20512 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.0 Product Version Number : 5.2.3790.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Microsoft Sdpblb File Version : 5.2.3790.0 (srv03_rtm.030324-2048) Internal Name : sdpblb.dll Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : sdpblb.dll Product Name : Microsoft® Windows® Operating System Product Version : 5.2.3790.0
VirusTotal Report submitted 2011-11-16 03:07:41
VirusShare info last updated 2012-07-26 14:51:52

	MD5	f0d1cc51808518154a8cb69a910c18bc
	SHA1	adc12834682b927b61de3b55691855f1db69fef0
	SHA256	71efa931c4e083406750843febfadd50baa0f352d2fbdbf6176ec0b488aee018
SSDeep	1536:IbeUs7osYXmCbFkCOSECIGc0lUSPyV1Jmj3oI8kzny3+:IbeUs7PYWCb1OLtGcxShYH3
Size	81920 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/Win32.Menti.gen Ikarus = Trojan.Win32.Pirminay Panda = Suspicious file nProtect = Trojan/W32.Vundo.81920.BD VBA32 = AdWare.SuperJuan.heur eTrust-Vet = Win32/Monder.A!generic Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Artemis!F0D1CC518085 DrWeb = Trojan.Virtumod.10252 Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Menti.fam!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.dxnd McAfee = Artemis!F0D1CC518085 F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CI.gen!Eldorado Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CI.gen!Eldorado TheHacker = Trojan/Menti.hscl BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LFR
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2005:03:10 19:02:39-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 61440 Initialized Data Size : 49152 Uninitialized Data Size : 0 Entry Point : 0xfbb4 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 8 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Microsoft RLE Compressor File Version : 6.0.6000.16386 (vista_rtm.061101-2205) Internal Name : msrle32.dll Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : msrle32.dll Product Name : Microsoft® Windows® Operating System Product Version : 6.0.6000.16386
VirusTotal Report submitted 2011-10-26 23:46:16
VirusShare info last updated 2012-07-26 14:53:41

	MD5	cb882c8363bc97c619320a0f71e9f49f
	SHA1	af16e26897870331d62887d0f4df7877c566b5d5
	SHA256	aff7bf2098dd87e5d87e980e5c4cea855b7d90cd3153d26f7238f27d296003bd
SSDeep	6144:6dSZefLlee9XwXAMNXSaea9C6WfMGlnGiSHJjK4Q4SEkppiAtRq7YKOdx:5efx19UTNXFbCNtqHB1/Ep9WOdx
Size	341439 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.6.18 Avast = Win32:Pirminay-H [Trj] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Swisyn.341439 Panda = Suspicious file K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_DLOADR.SMWQ Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Downloader-CEW.ag DrWeb = Trojan.Virtumod.10783 TrendMicro = TROJ_DLOADR.SMWQ Kaspersky = Trojan.Win32.Pirminay.dgb Microsoft = TrojanDownloader:Win32/Renos.KC Fortinet = W32/Kryptik.ANL!tr PCTools = HeurEngine.MaliciousPacker McAfee = Downloader-CEW.ag F-Secure = Gen:Variant.Vundo.11 VIPRE = Trojan.Win32.Generic!BT F-Prot = W32/MalwareF.XYQV AVG = Generic21.LSI Norman = W32/Kryptik.AIF Sophos = Mal/Ponmocup-A GData = Gen:Variant.Vundo.11 Symantec = Packed.Generic.305 Commtouch = W32/MalwareF.XYQV BitDefender = Gen:Variant.Vundo.11 NOD32 = a variant of Win32/Kryptik.JZC
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:07:29 14:22:14-04:00 PE Type : PE32 Linker Version : 5.12 Code Size : 57344 Initialized Data Size : 561152 Uninitialized Data Size : 0 Entry Point : 0xe820 OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.0.2195.6703 Product Version Number : 5.0.2195.6703 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Version Reporter Applet File Version : 5.00.2195.6703 Internal Name : winver Legal Copyright : Copyright (C) Microsoft Corp. 1981-1999 Original Filename : WINVER.EXE Product Name : Microsoft(R) Windows (R) 2000 Operating System Product Version : 5.00.2195.6703
VirusTotal Report submitted 2012-06-25 21:54:00
VirusShare info last updated 2012-07-26 14:55:15

	MD5	7e30cd8e0461444b3a69f8fa91206d9d
	SHA1	3c2efc750843e7dd3ab0055ef5cffaed0219d326
	SHA256	b05476beffcaecb184f27ef6484c037ea50096ad1c429a74a2cae32508e6d165
SSDeep	6144:Syqyg0ntYKLvwi5AzujVhIyA85ORl7SBPuOBe7b:vqMtzLYAcujoyj8LSUF7b
Size	250221 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:Malware-gen Antiy-AVL = Trojan/win32.agent.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Agent.250221 nProtect = Trojan.Generic.4296753 K7AntiVirus = Trojan-Downloader VirusBuster = Trojan.DL.Agent!atzNuloO7XQ VBA32 = Win32.TrojanDownloader.Agent.PXO TrendMicro-HouseCall = TROJ_GEN.R21C2GH Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Artemis!7E30CD8E0461 DrWeb = Trojan.MulDrop1.24583 TrendMicro = TROJ_GEN.R21C2GH Kaspersky = Trojan.Win32.Agent.eglr Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = TrojanDropper.Agent.ajqi McAfee = Artemis!7E30CD8E0461 F-Secure = Trojan.Generic.4296753 VIPRE = Trojan.Win32.Generic!BT F-Prot = W32/TrojanX.ESBM AVG = SHeur3.AAYQ Norman = W32/Suspicious_Gen2.CDGRL Sophos = Mal/Generic-L GData = Trojan.Generic.4296753 Symantec = Trojan.Gen Commtouch = W32/TrojanX.ESBM BitDefender = Trojan.Generic.4296753 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:12 13:55:09-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 225280 Initialized Data Size : 28672 Uninitialized Data Size : 319488 Entry Point : 0x85180 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-06-25 22:15:10
VirusShare info last updated 2012-07-26 14:55:36

	MD5	255bb81f685ff44266474157e98a6156
	SHA1	b1898c6f359f90c9721c68dc5668cb51c66256ba
	SHA256	ffe2aeedd780d82a347351294f20034500418a26d2908be6ab9c513d1aaa7225
SSDeep	1536:Y5wKZq/HuRP14YzDFIgaYTi1t3vYB895wlSFsjF5zvy:YdPRKYFIgaX1JK8zx0v
Size	89600 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/win32.agent.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Suspicious file K7AntiVirus = Riskware VBA32 = AdWare.SuperJuan.heur eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_SPNR.15A912 Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Monder.drjy McAfee-GW-Edition = Vundo!ng DrWeb = Trojan.Virtumod.9988 TrendMicro = TROJ_SPNR.15A912 Kaspersky = Trojan.Win32.Monder.drjy Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Menti.fam!tr PCTools = Trojan.Vundo McAfee = Vundo!ng ClamAV = Trojan.Vundo-37556 F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) eSafe = Win32.TRVundo F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic26.GAY Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.13 Symantec = Trojan.Vundo!gen9 Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Adware.Virtumonde.NKL
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:19 20:36:36-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 45056 Initialized Data Size : 81920 Uninitialized Data Size : 0 Entry Point : 0xb67a OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.5512 Product Version Number : 5.1.2600.5512 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Security Support Provider Interface File Version : 5.1.2600.5512 (xpsp.080413-2113) Internal Name : security.dll Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : security.dll Product Name : Microsoft® Windows® Operating System Product Version : 5.1.2600.5512
VirusTotal Report submitted 2012-02-20 14:34:24
VirusShare info last updated 2012-07-26 14:56:28

	MD5	575b816482d3bc4aba0e5589be14956b
	SHA1	b3397f748d73ce8f9c3283785c1968982eb32d26
	SHA256	00849e3985fe6818b404bf9847e54ab1cd50268921a68738b0e1420f714a7fce
SSDeep	3072:mKAfDp1SP5E9c46sfeUvclFroGMqqDLy/Ox0:yl1nljueqqDLu
Size	155648 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-HH [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Vundo Panda = Suspicious file Rising = Trojan.Win32.Generic.12A7D844 nProtect = Trojan/W32.Genome.155648.K K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!L1U3esWhL4g VBA32 = Trojan.Genome.wcrl eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R4FC2IE Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Genome.wcrl McAfee-GW-Edition = Vundo!lu DrWeb = Trojan.Click1.54924 TrendMicro = TROJ_GEN.R4FC2IE Kaspersky = Trojan.Win32.Genome.wcrl Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.iqrf McAfee = Vundo!lu F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Cryptic.CZO Norman = W32/Suspicious_Gen2.QKDMX Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Genome.sqdx BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:22 10:44:33-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 110592 Initialized Data Size : 86016 Uninitialized Data Size : 0 Entry Point : 0x17802 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 2 Language Code : Neutral Character Set : Unicode Company Name : Microsoft Corporation File Description : Ukrainian (Enhanced) Keyboard Layout File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : kbdur1 (3.13) Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : kbdur1.dll Product Name : Microsoft® Windows® Operating System Product Version : 6.1.7600.16385
VirusTotal Report submitted 2012-03-26 11:08:13
VirusShare info last updated 2012-07-25 00:30:53

	MD5	30f11176abf47845cdd85dfe3e41f744
	SHA1	b5bca37c1512e9c3f549ce07c009bc5b8bedfbc2
	SHA256	809ccfe69a476da60a71814ac12bdd400bc2b1039273c2241af8b1f2cfc5b99e
SSDeep	3072:kEohQNgl+BUqJ2r7e2VuF+IN5NgoHOTBZfXxi0DB:CKaYxJOVegouTBZvjD
Size	113664 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Genome Panda = Suspicious file Rising = Trojan.Win32.Generic.1260AC87 nProtect = Trojan/W32.Genome.113664.C K7AntiVirus = Riskware VirusBuster = Trojan.Genome!g2IxCSDIp0g VBA32 = Trojan.Genome.wcsz eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R4FC2IG Emsisoft = Trojan.Win32.Pirminay!IK Comodo = TrojWare.Win32.Genome.~BS CAT-QuickHeal = Trojan.Genome.wcsz SUPERAntiSpyware = Trojan.Agent/Gen-Kryptik McAfee-GW-Edition = Artemis!30F11176ABF4 DrWeb = Trojan.Click1.58722 TrendMicro = TROJ_GEN.R4FC2IG Kaspersky = Trojan.Win32.Genome.wcsz Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Genome.hzo McAfee = Artemis!30F11176ABF4 F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.BZ.gen!Eldorado AVG = Generic25.BPNX Norman = W32/Vundo.UUW GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.BZ.gen!Eldorado BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2004:07:11 16:53:25-04:00 PE Type : PE32 Linker Version : 6.0 Code Size : 69632 Initialized Data Size : 80896 Uninitialized Data Size : 0 Entry Point : 0x11eed OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Microsoft® Windows(TM) RSVP Performance Monitor File Version : 5.1.2600.0 (xpclient.010817-1148) Internal Name : RSVP Performance Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : RSVPPERF.DLL Product Name : Microsoft® Windows® Operating System Product Version : 5.1.2600.0
VirusTotal Report submitted 2012-02-25 17:30:56
VirusShare info last updated 2012-07-26 14:59:00

	MD5	b259b2b384c85a0ae76d6ae56ae5a0e1
	SHA1	b690a07dc4fc3911922c300993fe4d94d0ee00ba
	SHA256	1ec0a235a84d174fd97d2442314542549de74d42204968b4c14ae6b95ba5a16e
SSDeep	3072:gQd8+4N5n3Ubq2szzVPVT6fvwn4g/lGNmCdrlUMmfgHPFsisMqqDLy/1dJm:3SNpkb5wTG4loqMmfgH2UqqDLuV
Size	184320 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:Pirminay-BU [Trj] Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Vundo Panda = Suspicious file nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware VirusBuster = Trojan.Vundo.Gen!Pac.49 eTrust-Vet = Win32/Monder.A!generic TrendMicro-HouseCall = TROJ_GEN.R4FC2IE Emsisoft = Trojan.Win32.Pirminay!IK TrendMicro = TROJ_GEN.R4FC2IE Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen McAfee = Artemis!B259B2B384C8 F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.ACTC Norman = W32/Suspicious_Gen2.QTUYL Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.llt BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LLT
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2007:02:28 11:10:14-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 106496 Initialized Data Size : 118784 Uninitialized Data Size : 0 Entry Point : 0x162e2 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Disk Management DCOM Interface Stub File Version : 6.0.6000.16386 (vista_rtm.061101-2205) Internal Name : dmintf.dll Legal Copyright : Copyright© 1985-2002 Microsoft Corporation. All rights reserved. .Portions Copyright © 1997-2002 Veritas Software. All rights reserved. Original Filename : dmintf.dll Product Name : Microsoft® Windows® Operating System Product Version : 6.0.6000.16386
VirusTotal Report submitted 2011-10-15 22:49:01
VirusShare info last updated 2012-07-26 14:59:31

	MD5	aa0da7c40c5e0d1ced1d9b908cf110af
	SHA1	b7c75ea2856c6483225da94bae95fc90c65d7ba5
	SHA256	c891f2f93d3a16b8270c6b6252ad8cf658c016656b69ef8eeb0b6562adad6a98
SSDeep	12288:sKDfYmDl9zpWlXkVpUju3P5rXro6VnTDH:sufYiE8Uj8BrXrdnTD
Size	494080 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dldr.Renos.KC.30 Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/Hosts.BY nProtect = Trojan/W32.Pirminay.494080 K7AntiVirus = Riskware VBA32 = Trojan.Pirminay.ese eTrust-Vet = Win32/Renos.CNJ TrendMicro-HouseCall = TROJ_GEN.R4FC1IG Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Kryp.b DrWeb = Trojan.Hosts.2485 TrendMicro = TROJ_GEN.R4FC1IG Kaspersky = Trojan.Win32.Pirminay.bca Microsoft = TrojanDownloader:Win32/Renos.KC Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.ys McAfee = Kryp.b ClamAV = Trojan.Agent-183138 F-Secure = Trojan.Generic.KDV.89400 VIPRE = Trojan.Win32.Generic!BT F-Prot = W32/FakeAlert.LP.gen!Eldorado AVG = Downloader.Generic10.BBWX Norman = W32/Obfuscated.L Sophos = Mal/Ponmocup-A GData = Trojan.Generic.KDV.89400 Symantec = Trojan.Gen Commtouch = W32/FakeAlert.LP.gen!Eldorado TheHacker = Trojan/Pirminay.bca BitDefender = Trojan.Generic.KDV.89400 NOD32 = probably a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:04 11:48:50-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 165376 Initialized Data Size : 645632 Uninitialized Data Size : 0 Entry Point : 0x29172 OS Version : 4.0 Image Version : 21315.20512 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 4.0.1381.1 Product Version Number : 4.0.1381.1 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : OpenGL Utility Library DLL File Version : 4.00 Internal Name : glu32 Legal Copyright : Copyright (C) Microsoft Corp. 1981-1996 Original Filename : glu32 Product Name : Microsoft(R) Windows NT(TM) Operating System Product Version : 4.00
VirusTotal Report submitted 2011-10-21 02:41:04
VirusShare info last updated 2012-07-26 15:00:13

	MD5	2399db642b037da91728b13282926935
	SHA1	06cabe6fd787427c0d501cf7127bbc9989309425
	SHA256	b9ef6eb37692b7963c417fba680fea0f25bfb8ca2604409d6d810d9c218de8c2
SSDeep	6144:eZf8VYKeIuxeHrXDEgN2Smb5rguzLs+X0akNGvhK:eZaYKkIzYzfxDbK
Size	301440 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.XPACK.Gen Avast = Win32:Pirminay-H [Trj] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Suspicious file K7AntiVirus = Riskware VBA32 = Trojan.Pirminay.dtz TrendMicro-HouseCall = TROJ_DLOADR.SMWQ Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Downloader-CEW.ag TrendMicro = TROJ_DLOADR.SMWQ Kaspersky = Trojan.Win32.Pirminay.dty Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Kryptik.ANL!tr PCTools = HeurEngine.MaliciousPacker Jiangmin = Trojan/Pirminay.aox McAfee = Downloader-CEW.ag F-Secure = Gen:Variant.Vundo.11 VIPRE = Trojan.Win32.Generic!BT AVG = Generic22.BHYC Norman = W32/Obfuscated.L Sophos = Mal/Ponmocup-A Symantec = Packed.Generic.305 GData = Gen:Variant.Vundo.11 BitDefender = Gen:Variant.Vundo.11 NOD32 = a variant of Win32/Kryptik.SWI
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:05:02 01:03:29-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 20480 Initialized Data Size : 565248 Uninitialized Data Size : 0 Entry Point : 0x50a0 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1.7.6001.0 Product Version Number : 1.7.6001.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : Neutral Character Set : Unicode Company Name : Microsoft Corporation File Description : WDFLDR File Version : 1.7.6001.0 (longhorn_rtm.080118-1840) Internal Name : wdfldr.sys Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : wdfldr.sys Product Name : Microsoft® Windows® Operating System Product Version : 1.7.6001.0
VirusTotal Report submitted 2012-06-26 02:44:00
VirusShare info last updated 2012-07-26 15:01:27

	MD5	f53a36bf8006c4465ba7af510ee69272
	SHA1	2f8f3615b0e571e34e5c6818763373d0ed936d7c
	SHA256	bdda1772feda28b9caf7eeea66428a75d4b6e2463ba4453edaff68639921757b
SSDeep	6144:ULixO3ott7g08Q1GD4p3DesKOLnieivd1dXETsA6UpK1VX5X0:KGvJUD8zesKQTSAhp+10
Size	336347 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dldr.Ponmocup.A.57 Avast = Win32:Trojan-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Gen Panda = Suspicious file K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_DLOADR.SMWQ Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Pirminay.kml McAfee-GW-Edition = Downloader-CEW.ag TrendMicro = TROJ_DLOADR.SMWQ Kaspersky = Trojan.Win32.Pirminay.kml Microsoft = TrojanDownloader:Win32/Renos.KC Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.akm McAfee = Downloader-CEW.ag F-Secure = Gen:Variant.Vundo.11 VIPRE = Trojan.Win32.Generic!BT AVG = Generic23.BILK Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.11 Symantec = Trojan.Gen TheHacker = Trojan/Pirminay.dhi BitDefender = Gen:Variant.Vundo.11 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:08:08 02:54:19-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 20480 Initialized Data Size : 610304 Uninitialized Data Size : 0 Entry Point : 0x54e8 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7000.0 Product Version Number : 6.1.7000.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : 802.3 Netsh Helper File Version : 6.1.7000.0 (winmain_win7beta.081212-1400) Internal Name : dot3cfg.dll Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : dot3cfg.dll Product Name : Microsoft® Windows® Operating System Product Version : 6.1.7000.0
VirusTotal Report submitted 2012-06-26 04:29:10
VirusShare info last updated 2012-07-26 15:03:54

	MD5	4b9be507e26f7360034c4293ce9b17d5
	SHA1	bdfc633ee7ce935ccd10ce706af2eaa10abf3d1d
	SHA256	5b444f94ff9842491e02156dee68319021ff88115df5a1279c4b20654a821f6a
SSDeep	3072:S+z5z6rU50oY8ACIx26cXK/sldFzSaMqqDLy/joDbc:VJekQ10KYFzsqqDLuj
Size	131072 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-HF [Cryp] Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/Genetic.gen nProtect = Trojan/W32.Genome.131072.E K7AntiVirus = Riskware VirusBuster = Trojan.Vundo.AKMH eTrust-Vet = Win32/Vundo.HPV!genus Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr Jiangmin = Trojan/Generic.imoi F-Secure = Gen:Variant.Vundo.4 F-Prot = W32/Virtumonde.CH.gen!Eldorado Norman = Vundo.UVS Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.lxf BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:05 18:48:40-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 86016 Initialized Data Size : 86016 Uninitialized Data Size : 0 Entry Point : 0x151a7 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.1.4026.0 Product Version Number : 2.0.0.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : Ncpniezam Kdqqjqacykd File Description : Movie Maker Filters File Version : 2, 1, 4026, 0 Internal Name : WMM2FILT Legal Copyright : Copyright (C) Lfwckqjlh Corp, 2004 Legal Trademarks : Original Filename : WMM2FILT.DLL Private Build : Product Name : Windows Movie Maker Product Version : 2.1.4026.0 Special Build :
VirusTotal Report submitted 2011-10-30 21:17:03
VirusShare info last updated 2012-07-26 15:03:57

	MD5	4d5afaa56cc02d782e538e423a8089b4
	SHA1	aae8cef1bd4babbe13bf73798993f9f3f9037d83
	SHA256	bfb4ddcf8d388df1a5b113f9f52a651e5e3e293a125a300d88f740790467a8bf
SSDeep	6144:IaYFkBua+ghK19dHgHl/CCdJmxqZsVsK7Nv+D5EZpROfnBH:nYKu3fpHgFCpxqqVBh+SdOfp
Size	300450 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.XPACK.Gen3 Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Xema.300450 Panda = Suspicious file nProtect = Trojan.Generic.5730552 K7AntiVirus = Backdoor VBA32 = SScope.Trojan.Pirminay.chc TrendMicro-HouseCall = TROJ_DLOADR.SMWQ Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Downloader-CEW.ag DrWeb = Trojan.MulDrop1.63795 TrendMicro = TROJ_DLOADR.SMWQ Kaspersky = Trojan.Win32.Pirminay.dac Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.it McAfee = Downloader-CEW.ag F-Secure = Trojan.Generic.5730552 VIPRE = Trojan.Win32.Generic!BT F-Prot = W32/Backdoor2.HIMT AVG = Generic20.CGVN Norman = W32/Suspicious_Gen2.ILTWR Sophos = Mal/Ponmocup-A GData = Trojan.Generic.5730552 Symantec = Trojan.Gen Commtouch = W32/Backdoor2.HIMT TheHacker = Trojan/Pirminay.fnd BitDefender = Trojan.Generic.5730552 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:05:30 22:18:49-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 290816 Initialized Data Size : 278528 Uninitialized Data Size : 0 Entry Point : 0x47b32 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.6.6000.16386 Product Version Number : 6.6.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : Neutral Character Set : Unicode Company Name : Microsoft Corporation File Description : Microsoft Network Provider for MPEG2 based networks. File Version : 6.6.6000.16386 (vista_rtm.061101-2205) Internal Name : msdvbnp.ax Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : msdvbnp.ax Product Name : Microsoft® Windows® Operating System Product Version : 6.6.6000.16386 Ole Self Register :
VirusTotal Report submitted 2012-06-26 05:44:29
VirusShare info last updated 2012-07-26 15:05:01

	MD5	e4b40af758624a7e24db80be497fabf7
	SHA1	c10af7109dd2c76ceeea2241975523df5b06f145
	SHA256	be62258807b0568eac46124169267fba99c6e9e89ad8b3e74555e18daae044b6
SSDeep	768:UFFFyua0EoXNlOsmH8mnq58eoLF57TehFzppnx01fY9XyCeG4jvIy:8FTa0EoXHO5a7oZ57Te3/nMg9XyPs
Size	44544 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay Panda = Suspicious file nProtect = Trojan-Clicker/W32.SuperJuan.44544 K7AntiVirus = Riskware Emsisoft = Trojan.Win32.Pirminay!IK DrWeb = Trojan.Virtumod.10487 Kaspersky = Trojan.Win32.Monder.myjm Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.BZ.gen!Eldorado AVG = Crypt_c.AYB Norman = W32/Vundo.UUW GData = Win32:MalOb-EI Commtouch = W32/Virtumonde.BZ.gen!Eldorado NOD32 = a variant of Win32/Kryptik.GND
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:08:06 20:59:44-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 3584 Initialized Data Size : 75776 Uninitialized Data Size : 0 Entry Point : 0x1d07 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1.0.0.6 Product Version Number : 1.0.0.6 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 1 Language Code : English (U.S.) Character Set : Unicode Company Name : Brother Industries LTD. File Description : File Version : 1, 0, 0, 6 (fbl_dox_dev_ihvs.081017-0249) Internal Name : brmzui13.dll Legal Copyright : Copyright © Brother Industries LTD., 2006 Original Filename : brmzui13.dll Product Name : BR HB UI Product Version : 1.00.0000.6
VirusTotal Report submitted 2011-11-05 06:00:07
VirusShare info last updated 2012-07-26 15:07:22

	MD5	304aa02ff24bf686cfd87c5eefebb002
	SHA1	c1c74b405a141656b9fde9b14e4e22155cb99bc2
	SHA256	ebaa29ad44f5d5c5056991c13848d739dac15c9a8eacc4fcbceee56642431f0f
SSDeep	12288:Cm8Y3+6RNde6ZFyqOcfvnuSSBWs1LPyKYqlZT2V3:KyRHFZFyNcffzKYqlZT2h
Size	426449 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.XPACK.Gen3 Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Swisyn.426449 Panda = Suspicious file nProtect = Trojan.Generic.KDV.160598 K7AntiVirus = Trojan VirusBuster = Trojan.Agent!TebOYmPOY50 VBA32 = Trojan.Pirminay.edx TrendMicro-HouseCall = TROJ_RENOS.BMC Emsisoft = Trojan.Win32.Pirminay!IK Comodo = TrojWare.Win32.Trojan.Agent.Gen McAfee-GW-Edition = Generic Malware.ed!pec DrWeb = Trojan.MulDrop2.8622 TrendMicro = TROJ_RENOS.BMC Kaspersky = Trojan.Win32.Pirminay.edx Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = PossibleThreat PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.oo McAfee = Generic Malware.ed!pec F-Secure = Trojan.Generic.KDV.160598 VIPRE = Trojan.Win32.Generic!BT AVG = Generic21.AXQF Norman = W32/Obfuscated.L Sophos = Troj/Virtum-Gen GData = Trojan.Generic.KDV.160598 Symantec = Trojan.Gen TheHacker = Trojan/Pirminay.efl BitDefender = Trojan.Generic.KDV.160598 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:08:20 14:57:36-04:00 PE Type : PE32 Linker Version : 6.0 Code Size : 405504 Initialized Data Size : 344064 Uninitialized Data Size : 0 Entry Point : 0x602fb OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Bswjksypd Okxtvfrycoe File Description : Visioneer Flatbed Scanner Still Image Device Micro Driver DLL File Version : 5.1.2600.0 (XPClient.010817-1148) Internal Name : PMXMCRO Legal Copyright : © Tsvyirjtc Rrvbjkqzxfe. All rights reserved. Original Filename : PMXMCRO.DLL Product Name : Juveowetj® Ycevujv® Vvuqiygbz Kwttqb Product Version : 5.1.2600.0
VirusTotal Report submitted 2012-02-24 15:38:09
VirusShare info last updated 2012-07-26 15:08:12

	MD5	06e677240a3e1a69bed0158452d5f1ae
	SHA1	c1e30d9cc92d7b3d4f99a21a640c5ede9f2bc4c0
	SHA256	9d183b5fff52ae4eac94574f484841c173a7fb747665412adda3a6d943c7b238
SSDeep	1536:BLiEsL/7U0appv4DN85dO59Ns79P9ogcItv6txf4jiVmiEQ1UMsXKukPi+psIuLG:BGEsb7U0G8trxQjiAilUMsXKukPi+psA
Size	98304 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/win32.agent.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Vundo Panda = Suspicious file K7AntiVirus = Riskware VirusBuster = Adware.Virtumonde!GEztojFAQ90 eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R3EC2CV Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.Smardec.79 TrendMicro = TROJ_GEN.R3EC2CV Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.sgvn McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) eSafe = Win32.TRVundo F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic21.BAOI Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.13 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.ndf BitDefender = Gen:Variant.Vundo.13 NOD32 = Win32/Adware.Virtumonde.NHD
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:08:30 21:54:27-04:00 PE Type : PE32 Linker Version : 6.0 Code Size : 32768 Initialized Data Size : 98304 Uninitialized Data Size : 0 Entry Point : 0x86d1 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Unicode Company Name : Updhtwtvi Ruivycwxfwr File Description : Platform Specific Hardware Error Driver File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : pshed.dll Legal Copyright : © Pscomdbey Etlzzzaqrax. All rights reserved. Original Filename : pshed.dll Product Name : Cihplvzyu® Owrvvcy® Amdfatsht Chhvwn Product Version : 6.1.7600.16385
VirusTotal Report submitted 2012-05-12 00:52:57
VirusShare info last updated 2012-07-26 15:08:22

	MD5	7b716a18612320ec05be2eb29aa7716c
	SHA1	47be50c498834fbce5874741b7e1a4fecfb519da
	SHA256	c326da03d49625d5beb550be8a4aca4dc2ba662e224773a7495b4ea87c97dc24
SSDeep	384:mNMn4o+A/u2IuvdcUGRMnfLrN2qLn93wCjxQ9lBxOQjcCNY5UzD8PNUwBqSqrFDt:mOnfu2vdxGWtX5FjyPxNrNYKiX/u
Size	35603 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Spy.Gen Avast = Win32:Pirminay-EE [Trj] Antiy-AVL = AdWare/Win32.SuperJuan Ikarus = not-a-virus:AdWare.Win32.SuperJuan AhnLab-V3 = Trojan/Win32.Variant Panda = Suspicious file K7AntiVirus = Adware VirusBuster = Adware.SuperJuan!c+1QrfzPQ7o VBA32 = AdWare.SuperJuan.abyw TrendMicro-HouseCall = TROJ_GEN.R3ACDED Comodo = UnclassifiedMalware Emsisoft = Riskware.AdWare.Win32.SuperJuan!IK McAfee-GW-Edition = Generic PUP.x!bcl DrWeb = Trojan.WinSpy.1558 TrendMicro = TROJ_GEN.R3ACDED Kaspersky = not-a-virus:AdWare.Win32.SuperJuan.abyw Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = Adware/SuperJuan Jiangmin = Adware/SuperJuan.hk McAfee = Generic PUP.x!bcl F-Secure = Gen:Variant.Vundo.10 VIPRE = Virtumonde AVG = Generic5.DCG Norman = W32/Troj_Generic.BKBCE GData = Gen:Variant.Vundo.10 BitDefender = Gen:Variant.Vundo.10 NOD32 = a variant of Win32/Ponmocup.AA
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 8704 Initialized Data Size : 23552 Uninitialized Data Size : 0 Entry Point : 0x303a OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-06-26 07:59:36
VirusShare info last updated 2012-07-26 15:09:58

	MD5	129292d7412470abbf5f42a8214ac17f
	SHA1	c603784f653871debbe28a9d0f817cb6dfaaa210
	SHA256	03ad6b637bcc1e3fe82c7bd8911bc28b793470b58a7c2bca57feae2271a5df47
SSDeep	3072:DVmzDQj57GZzYH3Df2hJhljMqqDLy/YeX:Damt8UoMqqDLuz
Size	106496 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-HH [Cryp] Antiy-AVL = Trojan/Win32.Monder.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Generic Trojan K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!sQcDawoPGXo eTrust-Vet = Win32/Monder.A!generic TrendMicro-HouseCall = TROJ_GEN.R4FC1JN Comodo = TrojWare.Win32.Agent.ahyr Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Faldesc[RE] McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.Smardec.75 TrendMicro = TROJ_GEN.R4FC1JN Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.ikcs McAfee = Generic Malware.ms F-Secure = Gen:Heur.Ranpax.1 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.AHYR Norman = W32/Crypt.AWAV Symantec = Trojan.Gen GData = Gen:Heur.Ranpax.1 Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Gen:Heur.Ranpax.1 NOD32 = a variant of Win32/Kryptik.QGJ
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:15 03:11:02-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 45056 Initialized Data Size : 114688 Uninitialized Data Size : 0 Entry Point : 0x71b6 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7000.0 Product Version Number : 6.1.7000.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Dqobcighi Wexdayufmti File Description : Jbwdkjait DirectMusic Wave File Version : 6.1.7000.0 (winmain_win7beta.081212-1400) Internal Name : Qvunieave DirectMusic Wave Legal Copyright : © Mjkuhcxyt Fdynyqlkbfc. All rights reserved. Original Filename : dsave.dll Product Name : Regkuctuq® Hndhxzt® Wzqbwbzfu Fmiopt Product Version : 6.1.7000.0
VirusTotal Report submitted 2011-11-17 09:34:32
VirusShare info last updated 2012-07-26 15:13:18

	MD5	12b82a76973936711247689f6c0477ff
	SHA1	c70990f65e17de613152b764708def0416d92b98
	SHA256	db88ea4d3dbac6ced34ae8d988f10c20a5973e5ff0802a7ebba059702b636bc5
SSDeep	3072:iJSXm0U8p8zM97tu1G31fyuhojMqqDLy/i4SV8:YSp8zqha8JqqDLu8V8
Size	118784 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-HH [Cryp] Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Genome Panda = Trj/Genetic.gen Rising = Trojan.Win32.Generic.129D898E nProtect = Gen:Variant.Vundo.16 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!O1Lz2Fitv7k TrendMicro-HouseCall = TROJ_GEN.R4FC2IH Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Kundo McAfee-GW-Edition = Artemis!12B82A769739 DrWeb = Trojan.Click1.63787 TrendMicro = TROJ_GEN.R4FC2IH Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen McAfee = Artemis!12B82A769739 F-Secure = Gen:Variant.Vundo.16 VIPRE = Virtumonde eSafe = Win32.TRVundo F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.AGKM Sophos = Troj/Virtum-Gen Symantec = Trojan.Gen GData = Gen:Variant.Vundo.16 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Genome.srdh BitDefender = Gen:Variant.Vundo.16 NOD32 = probably a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:16 03:31:27-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 40960 Initialized Data Size : 118784 Uninitialized Data Size : 0 Entry Point : 0x6ec2 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1998.11.13.0 Product Version Number : 7.0.6.23 File Flags Mask : 0x003f File Flags : (none) File OS : Win16 Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Windows, Latin1 Platform : Windows Company Name : Microsoft Corporation File Description : SQL Client Configuration Utility. File Version : 1998.11.13 Internal Name : CLICONFG. Legal Copyright : Copyright © Microsoft Corp. 1988-1998 Legal Trademarks : Microsoft® is a registered trademark of Microsoft Corporation. Windows(TM) is a trademark of Microsoft Corporation Original Filename : CLICONFG.EXE. Product Name : Microsoft SQL Server Product Version : 7.00.623 Comments : Windows
VirusTotal Report submitted 2011-10-31 09:09:30
VirusShare info last updated 2012-07-26 15:14:02

	MD5	8f0d7bbe6dd6e15efbd35da86f1701ca
	SHA1	c8eb9190db5550f3574b0dd929ff4ff5c63e31ce
	SHA256	be8966a969015bd1f1c176806d7f49244f81616f96fc63f6c113eca7680e5529
SSDeep	1536:RrRNks7U968zeu+1mZJ7kjGuFCfyYg7dEFadCY1smpQaDapaSwNEBlZn:RrDh7U968zeu++J7hOiWU4QaN8lZ
Size	90112 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-GD [Cryp] Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Generic Trojan nProtect = Gen:Variant.Vundo.13 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!IEZQxIb0cAo eTrust-Vet = Win32/Monder.A!generic TrendMicro-HouseCall = TROJ_GEN.R4FC2IB Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Faldesc[RE] McAfee-GW-Edition = Vundo!mb DrWeb = Trojan.WinSpy.1357 TrendMicro = TROJ_GEN.R4FC2IB Kaspersky = Trojan.Win32.Genome.wcqd Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Genome.aoqc McAfee = Vundo!mb F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.AOMD Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen Symantec = Trojan.Gen GData = Gen:Variant.Vundo.13 Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.NDI
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:08:27 01:31:00-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 32768 Initialized Data Size : 90112 Uninitialized Data Size : 0 Entry Point : 0x4f19 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1.1.4322.2300 Product Version Number : 1.1.4322.2300 File Flags Mask : 0x003f File Flags : Special build File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Windows, Latin1 Company Name : Wbvffrkmv Uhccepjqzmo File Description : Djehwvavh Remote object loader File Version : 1.1.4322.2300 Internal Name : mscorld.DLL Legal Copyright : Copyright © Megctjbiz Uyzjoireivs 1998-2002. All rights reserved. Legal Trademarks : Nnlqqfyyq® is a registered trademark of Iicmcamne Ayndgllrutb. Oojforg(TM) is a trademark of Kaxguybiy Qnhqdhxhkul Original Filename : mscorld.dll Product Name : Rvmfbzuwz .NET Framework Product Version : 1.1.4322.2300 Comments : Zjejjethj Remote object loader
VirusTotal Report submitted 2011-11-15 12:35:45
VirusShare info last updated 2012-07-26 15:15:27

	MD5	694af778dddc83398b0923d8da141aac
	SHA1	c99e75e09971cc7d349f0f278576122c6ac341eb
	SHA256	6575335a502f3560eed28219b6d43a47559c48b98b8eb5a28442e346b8b79c86
SSDeep	3072:vs/NXn3+yFcAO1hTSWt6QsXPkoQGImV9GUoorgC:vsXn3+yVmSWcfPkojuoE
Size	116224 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-GD [Cryp] Antiy-AVL = Trojan/win32.agent.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.HDC Panda = Generic Malware Rising = Trojan.Win32.Generic.12A3402A nProtect = Gen:Variant.Vundo.13 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!A4XlMAT/6Wk TrendMicro-HouseCall = TROJ_GEN.R2EC7KB Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Vundo.av SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[Cont] McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.WinSpy.1241 TrendMicro = TROJ_GEN.R2EC7KB Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.jeds McAfee = Generic Malware.ms F-Secure = Trojan.Vundo.7335 VIPRE = Trojan.Win32.Kryptik.laq (v) eSafe = Win32.TRVundo F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic21.BEPA Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Trojan.Vundo.7335 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Trojan.Vundo.7335 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:06:19 19:25:01-04:00 PE Type : PE32 Linker Version : 5.12 Code Size : 61440 Initialized Data Size : 98304 Uninitialized Data Size : 0 Entry Point : 0xbe3a OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7000.0 Product Version Number : 6.1.7000.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Zgceuifrp Tedanqfdubu File Description : Disk Space Cleaner for Vqadkih File Version : 6.1.7000.0 (winmain_win7beta.081212-1400) Internal Name : DATACLEN Legal Copyright : © Zipuvbrmi Adtganguwca. All rights reserved. Original Filename : DATACLEN.DLL Product Name : Rqbvhyqjg® Pinjtal® Ktytesrcy Yafcmd Product Version : 6.1.7000.0
VirusTotal Report submitted 2011-12-31 23:24:13
VirusShare info last updated 2012-07-26 15:16:00

	MD5	d48f6f904f0824a656aecbc0fa301b36
	SHA1	d322ac5ab83e99dc8de914e856f75891339616e8
	SHA256	ca3d1ffa3f7d31b433e0f573259b3175972ef2fa037db3b91a0db4f6e906039d
SSDeep	6144:+aj3A5G0ZBqDLh4DUktcVbC7xF7rjZSGriXqyMPQi/XDrhi87f76Q2lCZ/:dbCG0XsLsUk8kxjZXrGMPQi/Xvc6rZ/
Size	306078 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dldr.Ponmocup.A.89 Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Generic Malware nProtect = Trojan.Generic.4126990 K7AntiVirus = Riskware VBA32 = Trojan.Pirmidrop.k TrendMicro-HouseCall = TROJ_GEN.R3BCRA8 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Artemis!D48F6F904F08 DrWeb = Trojan.Hosts.5937 TrendMicro = TROJ_GEN.R3BCRA8 Kaspersky = Trojan.Win32.Pirminay.adp Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Kryptik.ANL!tr PCTools = HeurEngine.MaliciousPacker Jiangmin = Trojan/Agent.dvhx McAfee = Artemis!D48F6F904F08 F-Secure = Trojan.Generic.4126990 VIPRE = Packed.Win32.Pirminay.a (v) F-Prot = W32/FakeAlert.LP.gen!Eldorado AVG = SHeur3.WDG Norman = W32/Suspicious_Gen2.BTEBN GData = Trojan.Generic.4126990 Symantec = Packed.Generic.305 Commtouch = W32/FakeAlert.LP.gen!Eldorado TheHacker = Trojan/Injector.blv BitDefender = Trojan.Generic.4126990 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:09:15 14:27:16-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 4096 Initialized Data Size : 600064 Uninitialized Data Size : 0 Entry Point : 0x1dd6 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.3.3790.1830 Product Version Number : 5.3.3790.1830 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Microsoft DirectPlay Voice ACM Provider File Version : 5.3.3790.1830 (srv03_sp1_rtm.050324-1447) Internal Name : dpvacm.dll Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : dpvacm.dll Product Name : Microsoft(R) Windows(R) Operating System Product Version : 5.3.3790.1830
VirusTotal Report submitted 2012-06-26 11:27:02
VirusShare info last updated 2012-07-26 15:16:27

	MD5	abc846fc0eb31153eb0b4fc02df2b688
	SHA1	caae139953bf8cde48cb9e541d74f3e61025dfcf
	SHA256	3f8f7cb2fa607350eae11c4454a8cf07c97554a512758feb3af42fd27f97258d
SSDeep	3072:6MXgJvDiUv1hneGmCRNCBG60kSoUMqqDLy//1oiAL/heKoDR:6QgJvjrneGmCfCFqqDLu/T+/gKAR
Size	233472 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.233472 Avast = Win32:Trojan-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Fakeav.233472.BW Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.13 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!qJhTNFLDHFo eTrust-Vet = Win32/Vundo.HRX TrendMicro-HouseCall = TROJ_GEN.R4FC1IC Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Vundo!lb DrWeb = Trojan.Smardec.75 TrendMicro = TROJ_GEN.R4FC1IC Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.gicd McAfee = Vundo!lb F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.JDC Sophos = Mal/Generic-L Symantec = Trojan.Gen GData = Gen:Variant.Vundo.13 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.npr BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.NPR
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2007:03:30 12:45:09-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 155648 Initialized Data Size : 118784 Uninitialized Data Size : 0 Entry Point : 0x22bc2 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7000.0 Product Version Number : 6.1.7000.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Jlvijhced Rzpfwelvimd File Description : Myslwzm OCR Engine - Reverse Video Detection for Asian OCR File Version : 6.1.7000.0 (winmain_win7beta.081212-1400) Internal Name : reverse Legal Copyright : © Jtfeaoojh Ksnvaabflio. All rights reserved. Original Filename : reverse.dll Product Name : Pdxakpbrk® Voxzkpw® Lztauuaav Cttnfv Product Version : 6.1.7000.0
VirusTotal Report submitted 2011-10-20 21:39:01
VirusShare info last updated 2012-07-26 15:16:45

	MD5	f6b0f02bc95abcd404e7f1d9c3e503ab
	SHA1	056a5939d983d3e3bdf20627fc31676e784c25a3
	SHA256	cbea1b6ba909573dbd9751d5a9007c18d33d7dc7c6a29c5009574adc444c0804
SSDeep	6144:2rtKZK5W2WEwHU8LINaNybxr2hZK1mr5eNrE0sAJ3HXwh3R8Qo+QqLxfS:ktWUbfILIQNix2h0IV6rrJ38Ho+nU
Size	346548 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Spy.ZBot.34.20 Avast = Win32:Vundo-JU [Trj] Ikarus = Trojan.Win32.Pirminay Panda = Trj/CI.A K7AntiVirus = Riskware VirusBuster = TrojanSpy.ZBot!9dsSJZRxsd0 VBA32 = Trojan.Pirminay.ewg TrendMicro-HouseCall = TROJ_GEN.R44C3DB Comodo = TrojWare.Win32.Trojan.Agent.Gen Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Artemis!F6B0F02BC95A DrWeb = Trojan.DownLoader4.48204 TrendMicro = TROJ_GEN.R44C3DB Kaspersky = Trojan.Win32.Pirminay.ewg Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.rf McAfee = Artemis!F6B0F02BC95A F-Secure = Gen:Variant.Zbot.34 VIPRE = Trojan.Win32.Generic!BT AVG = Downloader.Generic11.PRZ Norman = W32/Kryptik.AIF GData = Gen:Variant.Zbot.34 Symantec = Trojan.Gen TheHacker = Trojan/Pirminay.euu BitDefender = Gen:Variant.Zbot.34 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:04:01 11:44:35-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 40960 Initialized Data Size : 593920 Uninitialized Data Size : 0 Entry Point : 0x7a62 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.70.7713.0 Product Version Number : 2.70.7713.0 File Flags Mask : 0x0003 File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Cuaqmupgw Zvdfxguhlya File Description : Fzybndxip Data Access - OLE DB Transaction Proxies/Stubs File Version : 2.70.7713.0 Internal Name : msxactps.dll Legal Copyright : Copyright (C) Hicnhxxwo Corp. 1997-2001 Original Filename : msxactps.dll Product Name : Guxlshbwc Data Access Components Product Version : 2.70.7713.0 Ole Self Register :
VirusTotal Report submitted 2012-06-26 12:10:41
VirusShare info last updated 2012-07-26 15:17:39

	MD5	6a26dccb1a80642ee60c432e659222b7
	SHA1	cc711e7737a07520cfad9e9b4449f69c333bf0a6
	SHA256	b1b54ca5d7d8697e5a4a3986862529548a48410d92cc3c4d7185d774590505db
SSDeep	3072:yAb8WyX8YOG3530XiezSjx/WaFtOodo6Akf:yu8WyX8YdG7zSjxvw6n
Size	104960 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Vundo AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/Genetic.gen Rising = Trojan.Win32.Generic.124C78D1 nProtect = Trojan/W32.Pirminay.104960 K7AntiVirus = Riskware VBA32 = Trojan.Agent.fpet eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_SPNR.15L711 Comodo = TrojWare.Win32.Kryptik.RVH Emsisoft = Trojan.Vundo!IK CAT-QuickHeal = Trojan.Monder.myiy SUPERAntiSpyware = Trojan.Agent/Gen-Vonder McAfee-GW-Edition = Vundo!mr DrWeb = Trojan.Siggen2.6361 TrendMicro = TROJ_SPNR.15L711 Kaspersky = Trojan.Win32.Monder.myiy Microsoft = Trojan:Win32/Vundo Fortinet = W32/Monder.BMF!tr PCTools = Trojan.Malcol Jiangmin = Trojan/Agent.emsx McAfee = Vundo!mr F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.BZ.gen!Eldorado AVG = Generic25.AOTJ Norman = W32/Kryptik.AIF Sophos = Mal/Vundo-G Symantec = Trojan.Malcol GData = Gen:Variant.Vundo.13 Commtouch = W32/Virtumonde.BZ.gen!Eldorado TheHacker = Trojan/Kryptik.hny BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.HNY
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:11:02 12:10:18-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 58368 Initialized Data Size : 82944 Uninitialized Data Size : 0 Entry Point : 0xf1cd OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7000.0 Product Version Number : 6.1.7000.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Virtual WiFi Bus Driver File Version : 6.1.7000.0 (winmain_win7beta.081212-1400) Internal Name : VWiFiBus.sys Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : VWiFiBus.sys Product Name : Microsoft® Windows® Operating System Product Version : 6.1.7000.0
VirusTotal Report submitted 2012-04-13 23:31:58
VirusShare info last updated 2012-07-26 15:18:02

	MD5	e27b6bfbde6828b999df350de1e2dfcd
	SHA1	ccabb322751b545d0913d1cec2878392637bac2c
	SHA256	15eb04a7879a584c52250f5d4fe201df5868489125ef28f5a8b6e980c8dd3ad6
SSDeep	3072:yAb8WyX8YOG3530XizzSjx/WaFtOodo6Akf:yu8WyX8YdGKzSjxvw6n
Size	104960 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.A.164 Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Vundo AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/Genetic.gen Rising = Trojan.Win32.Generic.124C78D1 nProtect = Trojan/W32.Pirminay.104960 K7AntiVirus = Riskware VBA32 = Trojan.Agent.fpet Comodo = TrojWare.Win32.Kryptik.RVH Emsisoft = Trojan.Vundo!IK SUPERAntiSpyware = Trojan.Agent/Gen-Vonder DrWeb = Trojan.Siggen2.6361 Microsoft = Trojan:Win32/Vundo Fortinet = W32/Monder.BMF!tr PCTools = Trojan.Gen Jiangmin = Trojan/Agent.emsx F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.BZ.gen!Eldorado Sophos = Mal/Vundo-G Symantec = Trojan.Gen GData = Gen:Variant.Vundo.13 Commtouch = W32/Virtumonde.BZ.gen!Eldorado TheHacker = Trojan/Kryptik.hny BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.HNY
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:11:02 12:10:18-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 58368 Initialized Data Size : 82944 Uninitialized Data Size : 0 Entry Point : 0xf1cd OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7000.0 Product Version Number : 6.1.7000.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Virtual WiFi Bus Driver File Version : 6.1.7000.0 (winmain_win7beta.081212-1400) Internal Name : VWiFiBus.sys Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : VWiFiBus.sys Product Name : Microsoft® Windows® Operating System Product Version : 6.1.7000.0
VirusTotal Report submitted 2011-10-23 20:58:04
VirusShare info last updated 2012-07-26 15:18:14

	MD5	e1726521b8237c004e0fe036fe887b42
	SHA1	cd553c3e97d17392b95aba8a8bc65f5d49187733
	SHA256	003176cd518ed4d51caba1baf95069d8d12e46a1441142909774e08543c6586d
SSDeep	3072:xLt284jX4Hc/QNiCSl08Olpw03LlBefZ:BttNix0xp/3
Size	114688 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-GD [Cryp] Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Pirminay nProtect = Trojan.Generic.6815516 K7AntiVirus = Riskware VirusBuster = Trojan.Genome!7Wi8c2CIaU0 eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R4FC3IE Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Genome.wcoa SUPERAntiSpyware = Trojan.Agent/Gen-Kryptik McAfee-GW-Edition = Artemis!E1726521B823 DrWeb = Trojan.WinSpy.1267 TrendMicro = TROJ_GEN.R4FC3IE Kaspersky = Trojan.Win32.Genome.wcoa Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Monder.BMF!tr PCTools = Trojan.Gen McAfee = Artemis!E1726521B823 F-Secure = Trojan.Generic.6815516 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic21.COGT Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Trojan.Generic.6815516 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Trojan.Generic.6815516 NOD32 = probably a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2005:03:31 12:17:45-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 57344 Initialized Data Size : 90112 Uninitialized Data Size : 0 Entry Point : 0xaf95 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.0.0.16 Product Version Number : 5.0.0.16 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 1 Language Code : English (U.S.) Character Set : Unicode Company Name : Brother Industries, Ltd. File Description : Brother Color Inkjet Printer Driver File Version : 5.0.0.16 (fbl_dox_dev_ihvs.080124-2043) Internal Name : brci06.dll Legal Copyright : Copyright © Brother Industries, Ltd. 2006 Original Filename : brci06.dll Product Name : Kdbonklks® Lraclky® Vwxdbfgpl Hgwmrv Product Version : 5.0.0.16
VirusTotal Report submitted 2012-04-19 14:22:46
VirusShare info last updated 2012-07-25 00:23:21

	MD5	f845f47a7c1ee4962a6d71c4a0143f92
	SHA1	cea3bf102039fa559954d6a3f8d670fa3a25db8e
	SHA256	3fd253641bf802e34aba7a9898d91af88f21adcd9914a641f01ea7bf51423713
SSDeep	3072:pqzHnbiwrl2rUnvjf0hhHFArie0/0NkFfuldMqqDLy/QR+9:pGusvuHFw0skFf1qqDLuN
Size	137216 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-HF [Cryp] Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Genome Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware eTrust-Vet = Win32/Monder.A!generic TrendMicro-HouseCall = TROJ_GEN.R4FC2IG Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[RE] McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.Click2.286 TrendMicro = TROJ_GEN.R4FC2IG Kaspersky = Trojan.Win32.Genome.wckk Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.iptc McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.4 VIPRE = Virtumonde F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.AUN Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen Symantec = Trojan.Gen GData = Gen:Variant.Vundo.4 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.llt BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LLT
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:05 17:20:27-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 73728 Initialized Data Size : 114688 Uninitialized Data Size : 0 Entry Point : 0xe2ca OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.2180 Product Version Number : 5.1.2600.2180 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 6 Language Code : English (U.S.) Character Set : Unicode Company Name : Keixqbqdc Bwvleejxlrx File Description : IPv6 Tfwssbn Firewall Driver File Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Internal Name : ip6fw.sys Legal Copyright : © Capanacsh Bngdmkceeph. All rights reserved. Original Filename : ip6fw.sys Product Name : Kdgurrwrx® Bddpqkb® Xxzlbjwzi System Product Version : 5.1.2600.2180
VirusTotal Report submitted 2011-11-15 12:17:52
VirusShare info last updated 2012-07-26 15:19:41

	MD5	cc5eae0500dbc3b345b777015b9850c4
	SHA1	cfb76326b2f393c8bc5930e723ef4739e11b8777
	SHA256	b9a73b351d479110252af61779bed6b0131ef98fe998fd84428809e63c152e08
SSDeep	3072:Mh9an/WuGj9ZlkN2/VhKMbFZMKN0o9W52ocfx8:YanBGVkEVhKOPusc2owx
Size	105984 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:MalOb-FA Antiy-AVL = Trojan/Win32.Agent Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Vundo Panda = Trj/Vundo.I Rising = Trojan.Win32.Generic.12615BE0 nProtect = Trojan/W32.Vundo.105984.B K7AntiVirus = Riskware VirusBuster = Trojan.Injector!16i7+4Ibts4 VBA32 = Trojan.Agent.hodh TrendMicro-HouseCall = TROJ_GEN.R47C2LE Comodo = UnclassifiedMalware CAT-QuickHeal = Win32.Trojan.Vundo.5 SUPERAntiSpyware = Trojan.Agent/Gen-Vonder McAfee-GW-Edition = Vundo!gu DrWeb = Trojan.Siggen2.26773 TrendMicro = TROJ_GEN.R47C2LE Kaspersky = Trojan.Win32.Agent.hodh Microsoft = Trojan:Win32/Vundo.gen!AV PCTools = Trojan.Gen Jiangmin = Trojan/Genome.ihm McAfee = Vundo!gu VIPRE = Trojan.Win32.Vundo Avast5 = Win32:MalOb-FA eSafe = Win32.TRATRAPS F-Prot = W32/Virtumonde.BZ.gen!Eldorado AVG = Injector.AAJ Norman = W32/Suspicious_Gen2.GZWGX Sophos = Troj/Agent-PKR Symantec = Trojan.Gen GData = Gen:Variant.Vundo.4 Commtouch = W32/Virtumonde.BZ.gen!Eldorado TheHacker = Trojan/Injector.dse BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Injector.DSE
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:02:02 03:17:08-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 57856 Initialized Data Size : 83968 Uninitialized Data Size : 0 Entry Point : 0xf06d OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1.1.4322.573 Product Version Number : 1.1.4322.573 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : netfxperf.lib File Version : 1.1.4322.573 Internal Name : netfxperf.lib Legal Copyright : Copyright (C) Microsoft Corporation 1998-2002. All rights reserved. Legal Trademarks : Microsoft and Windows are either registered trademarks or trademarks of Microsoft Corporation in the U.S. and/or other countries. Original Filename : netfxperf.lib Product Name : Microsoft (R) .NET Framework Product Version : 1.1.4322.573 Comments : Microsoft .NET Framework build environement is Retail. SafeSync counter=0
VirusTotal Report submitted 2011-05-26 20:07:18
VirusShare info last updated 2012-07-26 15:20:23

	MD5	e63b27ac9cd441e6ce74c7c15027a9d2
	SHA1	454d8430ef7c0ab84a9d787d1485889e2416221d
	SHA256	d00e0fde2119a81927528448171278e3f01b1a72514901b840cb6ae982c3dd09
SSDeep	3072:AqymsQX3H1H+qfkcEOd4FhCYB1l3ct/1JDzcY7H519H3Dg:OdQX31etcEW4XrB1lst/NH51h
Size	114176 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/Win32.Monder.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Suspicious file K7AntiVirus = Trojan TrendMicro-HouseCall = TROJ_GEN.R4FC2GC Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Vundo.AV6 SUPERAntiSpyware = Trojan.Agent/Gen-Carberp McAfee-GW-Edition = Vundo!kd DrWeb = Trojan.Virtumod.10080 TrendMicro = TROJ_GEN.R4FC2GC Kaspersky = Trojan.Win32.Monder.ngwt Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Monder.abbr McAfee = Vundo!kd F-Secure = Gen:Variant.Renos.61 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CI.gen!Eldorado AVG = Cryptic.BQF Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Renos.61 Symantec = Trojan.Gen.2 Commtouch = W32/Virtumonde.CI.gen!Eldorado TheHacker = Trojan/Monder.mkhb BitDefender = Gen:Variant.Renos.61 NOD32 = a variant of Win32/Kryptik.JHE
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:03:22 14:25:14-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 66048 Initialized Data Size : 84992 Uninitialized Data Size : 0 Entry Point : 0x10e14 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : WMI Performance Reverse Adapter Resources File Version : 5.1.2600.0 (xpclient.010817-1148) Internal Name : WmiApRes.dll Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : WmiApRes.dll Product Name : Microsoft® Windows® Operating System Product Version : 5.1.2600.0
VirusTotal Report submitted 2012-06-26 14:06:05
VirusShare info last updated 2012-07-26 15:20:42

	MD5	b4d689fe9e91c269fd229d8716cf4c1b
	SHA1	d032bd23ad927e9c4d9e551fba81623f6cab4943
	SHA256	9392061882f33407eae7707d192bb4bd157d19900a475c14f0f518b45f3fd356
SSDeep	3072:xBDlvHfMbIss39ZrxmHR/wUsD7bElJtq8YJmMClD0+g3IX48eLaBke6Q12ZbrrNz:xv0ITcHVwFD7w9qFMrG3IX48eLa4gG
Size	231936 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Graftor.2825.1 Avast = Win32:Malware-gen Antiy-AVL = Trojan/win32.agent Ikarus = Trojan-Downloader.Win32.Ponmocup AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/CI.A nProtect = Gen:Variant.Graftor.2825 TrendMicro-HouseCall = TROJ_SPNR.16K911 Comodo = TrojWare.Win32.Trojan.Agent.Gen Emsisoft = Trojan-Downloader.Win32.Ponmocup!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.DownLoader5.11768 ByteHero = Trojan.Win32.Heur.Gen TrendMicro = TROJ_SPNR.16K911 Kaspersky = UDS:DangerousObject.Multi.Generic Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = PossibleThreat PCTools = Trojan.Gen Jiangmin = Trojan/Generic.kfzm McAfee = Generic Malware.ms F-Secure = Gen:Variant.Graftor.2825 VIPRE = Trojan.Win32.Generic!BT eSafe = Win32.GenVariant.Gra AVG = Downloader.Generic12.XVK Norman = W32/Obfuscated.L Symantec = Trojan.Gen.2 GData = Gen:Variant.Graftor.2825 BitDefender = Gen:Variant.Graftor.2825
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 8.0 Code Size : 16384 Initialized Data Size : 221184 Uninitialized Data Size : 0 Entry Point : 0x12ae OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Lkeqjcnzg Corporation File Description : Security Support Provider Interface File Version : 5.1.2600.0 (wdlwlplx.010817-1148) Internal Name : security.dll Legal Copyright : © Sggrurfjq Gjxnxlmwmas. All rights reserved. Original Filename : security.dll Product Name : Cjvqptjlu® Vofzjhm® Uuxcxdqej Lbjwaz Product Version : 5.1.2600.0
VirusTotal Report submitted 2011-11-14 19:29:29
VirusShare info last updated 2012-07-26 15:20:50

	MD5	7c5f044e1b7345c3576a88f2f373c2df
	SHA1	d0e0d5550bedea84bcbfbd403ac71d47cea0b2b3
	SHA256	809ac828a8bde923688422d7198cbc6b6baf74685bcf349fd9aff47d91c660d2
SSDeep	1536:slDa6jmsKPTcJxkkdiz9tV5c1Mjv58BKEBnKzxSX+COwPgDalof:sta6jms8TcJxJdiz9tEMjv58BKEBnKsI
Size	80896 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Ikarus = Trojan.Win32.Pirminay Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.4 eTrust-Vet = Win32/Monder.A!generic TrendMicro-HouseCall = TROJ_GEN.R4FC2IG Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Artemis!7C5F044E1B73 TrendMicro = TROJ_GEN.R4FC2IG Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Monder.BMF!tr PCTools = Trojan.Gen McAfee = Artemis!7C5F044E1B73 F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.SZ AVG = Generic22.AEAF Norman = W32/Kryptik.AIF Sophos = Mal/Generic-L GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.SZ BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.NDI
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:11:23 08:02:06-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 69632 Initialized Data Size : 57344 Uninitialized Data Size : 0 Entry Point : 0xe1b1 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 2 Language Code : Neutral Character Set : Unicode Company Name : Microsoft Wmkqsqejbqe File Description : US Multinational Keyboard Layout File Version : 6.0.6000.16386 (rznog_rtm.061101-2205) Internal Name : kbdusx (3.13) Legal Copyright : © Csecusvpj Vlveeaztfej. All rights reserved. Original Filename : kbdusx.dll Product Name : Gdjqeqldk® Iwsezky® Xsadpwiqc Wgszpa Product Version : 6.0.6000.16386
VirusTotal Report submitted 2011-10-14 18:33:48
VirusShare info last updated 2012-07-26 15:21:23

	MD5	fecef96120d9b7a6ab7cc23012c85c4f
	SHA1	d1f8d4ccbffd59b8e6ea452831505b6b383b86b0
	SHA256	406cc9a0d8018cd188be1949a04aef520f1bdbb26a2272e750ff8b29461534ff
SSDeep	3072:DKhfDp1SP5E57AQsfKTvukFoouMqqDLy/jB0:Gl1D0KrJqqDLu
Size	155648 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Pirminay Panda = Suspicious file nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_GEN.R4FC2IG Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Artemis!FECEF96120D9 DrWeb = Trojan.Click1.54924 TrendMicro = TROJ_GEN.R4FC2IG Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.iqrf McAfee = Artemis!FECEF96120D9 F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Cryptic.CZO Norman = W32/Suspicious_Gen2.QTXXO Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Genome.sqdx BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:22 10:44:33-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 110592 Initialized Data Size : 86016 Uninitialized Data Size : 0 Entry Point : 0x17802 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 2 Language Code : Neutral Character Set : Unicode Company Name : Microsoft Corporation File Description : Ukrainian (Enhanced) Keyboard Layout File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : kbdur1 (3.13) Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : kbdur1.dll Product Name : Microsoft® Windows® Operating System Product Version : 6.1.7600.16385
VirusTotal Report submitted 2011-10-21 02:53:35
VirusShare info last updated 2012-07-26 15:22:07

	MD5	5df0d7fc50127cf9d0e8b52641c22663
	SHA1	3a4743f0bed09a895470ac38a5c9befa2f4c9b11
	SHA256	d2431b4e7235dbc8d38760766b70caad8d1cf7ad272f89fed56e7815a922075b
SSDeep	3072:R5ZkRTDU5y1QmbJGh9mWWjHNECCtPqQQ0o6s/edyPEOg16qLjbl8JKS1:R5cbmMWYNUPcxuwag8jmKS1
Size	221184 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Trj/CI.A nProtect = Trojan/W32.Vundo.221184.B K7AntiVirus = Trojan VirusBuster = Adware.Virtumonde!VkX0l5+gMas TrendMicro-HouseCall = TROJ_GEN.R4FC2G6 Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Win32.Trojan.Monder.cd.5 SUPERAntiSpyware = Trojan.Agent/Gen-Vundo McAfee-GW-Edition = Artemis!5DF0D7FC5012 DrWeb = Trojan.Virtumod.10275 TrendMicro = TROJ_GEN.R4FC2G6 Kaspersky = Trojan.Win32.Monder.nhbj Microsoft = Trojan:Win32/Vundo.gen!AV ViRobot = Trojan.Win32.A.Monder.221184 Fortinet = W32/Monder.BMF!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.H!generic McAfee = Artemis!5DF0D7FC5012 F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic21.BJOR Norman = W32/Suspicious_Gen2.PWQKY Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.13 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Genome.aduiw BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.NDI
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2007:10:04 21:39:34-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 155648 Initialized Data Size : 98304 Uninitialized Data Size : 0 Entry Point : 0x22d41 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.0.10384 Product Version Number : 5.2.0.10384 File Flags Mask : 0x003f File Flags : Private build File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Unicode Company Name : Adaptec, Inc. File Description : Adaptec RAID Storport Driver File Version : 5.2.0.10384 (NT.070222-1720) Internal Name : arc.sys.B10384.mcb Legal Copyright : Copyright 2007 Adaptec, Inc. All rights reserved. Original Filename : arc.sys Product Name : Adaptec RAID Controller Product Version : 5.2.0.10384
VirusTotal Report submitted 2012-06-26 15:01:10
VirusShare info last updated 2012-07-26 15:22:16

	MD5	78298d3434b4b32ba9f345006bdc1336
	SHA1	d27840b23970de024a709c37683eaef595aea13a
	SHA256	5f2bcca0aa9eda5e0afd6dbae7269a563ea7bd42321ada5aba73c01a23b45cd2
SSDeep	3072:Yctv/zVAcR4enPgAP7Nb93lg2elXMqqDLy/45kS:YcxmcR4ePTxVHqqDLuM
Size	136704 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-HF [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Fakeav.136704.AN Panda = Trj/CI.A nProtect = Trojan/W32.Agent.136704.HD K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!f5612ZswSK0 eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R4FC2IF Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Falleg[Cont] McAfee-GW-Edition = Vundo!mu DrWeb = Trojan.Virtumod.10084 TrendMicro = TROJ_GEN.R4FC2IF Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.ineh McAfee = Vundo!mu F-Secure = Gen:Variant.Graftor.671 VIPRE = Virtumonde eSafe = Win32.TRVundo F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.DKB Norman = W32/Suspicious_Gen2.QTQZT Sophos = Mal/Generic-L GData = Gen:Variant.Graftor.671 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.myj BitDefender = Gen:Variant.Graftor.671 NOD32 = a variant of Win32/Kryptik.MYJ
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:20 09:51:04-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 106496 Initialized Data Size : 86016 Uninitialized Data Size : 0 Entry Point : 0x1649a OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 0.90.16.16384 Product Version Number : 0.90.16.16384 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Unicode Company Name : N-trig Innovative Technologies File Description : N-trig tablet digitizer in-box driver File Version : 0.90.16.16384 (Vista_RC1.060509-2219) Internal Name : ntrigdigi.sys Legal Copyright : © Crhnesmrg Reogypswwyj. All rights reserved. Original Filename : ntrigdigi.sys Product Name : N-trig tablet digitizer in-box driver Product Version : 0.90.16.16384
VirusTotal Report submitted 2012-04-30 10:00:47
VirusShare info last updated 2012-07-26 15:22:23

	MD5	5292b5b580a9dbd31aac0f514f8d477c
	SHA1	d3035ad6451838d3133bbeaac914c0b132f72422
	SHA256	8c6657e223bfdd3f150824ab0518eeb78c906f19bc8ba7cc0ab5ebac0d4ca47e
SSDeep	1536:qxglN6hsS1U2hNH782sqKqs3O6oL0DLB:f4hsSdJ8SEdoYXB
Size	50688 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-HH [Cryp] Antiy-AVL = Trojan/Win32.Menti.gen Ikarus = Trojan.Win32.Pirminay Panda = Suspicious file Rising = Trojan.Win32.Generic.12A4466F nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware VirusBuster = Trojan.Menti!dRuXuhcoKI4 VBA32 = Trojan.Menti.iwkv TrendMicro-HouseCall = TROJ_GEN.R4FCDLN Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Menti McAfee-GW-Edition = Artemis!5292B5B580A9 DrWeb = Trojan.Click2.4004 TrendMicro = TROJ_GEN.R4FCDLN Kaspersky = Trojan.Win32.Menti.iwkv Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = HeurEngine.MaliciousPacker Jiangmin = Trojan/Genome.aamh McAfee = Artemis!5292B5B580A9 F-Secure = Gen:Variant.Vundo.4 VIPRE = Virtumonde F-Prot = W32/Virtumonde.BZ.gen!Eldorado AVG = Generic25.CLRM Norman = W32/Kryptik.AIF GData = Gen:Variant.Vundo.4 Symantec = Packed.Generic.305 Commtouch = W32/Virtumonde.BZ.gen!Eldorado TheHacker = Trojan/Kryptik.oxn BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.OXN
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:08:04 07:38:29-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 44032 Initialized Data Size : 42496 Uninitialized Data Size : 0 Entry Point : 0xb989 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.1106 Product Version Number : 5.1.2600.1106 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 6 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : MS PPP Framing Driver (Strong Encryption) File Version : 5.1.2600.1106 (xpsp1.020828-1920) Internal Name : NDISWAN.SYS Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : NDISWAN.SYS Product Name : Microsoft® Windows® Operating System Product Version : 5.1.2600.1106
VirusTotal Report submitted 2012-01-07 00:23:49
VirusShare info last updated 2012-07-26 15:22:43

	MD5	3133289acbfa534e67db91e3caad01b9
	SHA1	d3705807019a65059cdd0f1737fa11e807552409
	SHA256	17159c4d4b979148510371668c2c4a7f481609364cdea08ca646080453808e65
SSDeep	1536:hTioVZYr4HhhrsS1R5Lwfz8N6NF5+0miPlR4sxd2VXIm010TlBovffbnC:Ao7YsXrJjb6NFVlRp+hE3DC
Size	94208 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.AV.579 Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/Win32.Monder.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Vundo Panda = Generic Trojan Rising = Trojan.Win32.Generic.12A0E477 nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware VirusBuster = Trojan.Monder!1sCq31h1Rxc VBA32 = Trojan.Monder.drjy eTrust-Vet = Win32/Monder.A!generic TrendMicro-HouseCall = TROJ_GEN.R06C1KO Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Monder.drjy McAfee-GW-Edition = Vundo!mw DrWeb = Trojan.Virtumod.10211 TrendMicro = TROJ_GEN.R06C1KO Kaspersky = Trojan.Win32.Monder.drjy Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Monder.BMF!tr PCTools = Trojan.Gen Jiangmin = Trojan/Monder.aamt McAfee = Vundo!mw ClamAV = Trojan.Vundo-37889 F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) eSafe = Win32.TRVundo.Av F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.BYAV Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.llt BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LLT
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:04:26 06:34:44-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 36864 Initialized Data Size : 90112 Uninitialized Data Size : 0 Entry Point : 0x6021 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 3.2.0.28 Product Version Number : 3.2.0.28 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : File Description : SStub Module File Version : 3, 2, 0, 28 Internal Name : SStub Legal Copyright : Copyright 1999 Legal Trademarks : OLE Self Register : Original Filename : SStub.DLL Private Build : Product Name : SStub Module Product Version : 3, 2, 0, 28 Special Build :
VirusTotal Report submitted 2011-12-31 19:13:23
VirusShare info last updated 2012-07-26 15:23:02

	MD5	1aaf4fb0a092b055dd32883b9e9505a0
	SHA1	d3718bed1259df084be4d3e73763143a432ba86f
	SHA256	9a29d934aee3cd7b76216b6ac51a9b3a869e725d774cee0989ebf65332f1ee5f
SSDeep	3072:qj3U8A8Me7T/nKjNchD1SVORTN1hCXn1wMwHyaXnTcRJGYbwM+QZxtjIPRZZww/:qAmMe7GjuiVfwMwpY8axIa
Size	150016 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:MalOb-GD [Cryp] Antiy-AVL = Trojan/win32.agent.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.HDC Panda = Generic Trojan Rising = Trojan.Win32.Generic.12A34090 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!4hkVQ7QmRfc TrendMicro-HouseCall = TROJ_GEN.R72C7KB Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Agent.Gen.iw5 SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[Cont] McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.WinSpy.1313 TrendMicro = TROJ_GEN.R72C7KB Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.gdwr McAfee = Generic Malware.ms F-Secure = Gen:Heur.Ranpax.1 VIPRE = Trojan.Win32.Kryptik.laq (v) eSafe = Win32.TRATRAPS F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic25.BTFU Norman = W32/Kryptik.AIF GData = Gen:Heur.Ranpax.1 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.ndf BitDefender = Gen:Heur.Ranpax.1 NOD32 = a variant of Win32/Kryptik.NDF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2007:02:25 23:57:15-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 139264 Initialized Data Size : 53248 Uninitialized Data Size : 0 Entry Point : 0x22691 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Sqdxuwjyv Jtzvdxwxyfz File Description : RD Gateway QEC File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : tsgqec.dll Legal Copyright : © Pfsomcmvl Jfkoqfylawb. All rights reserved. Original Filename : tsgqec.dll Product Name : Qidllkosj® Windows® Mphwnomth Jumiqu Product Version : 6.1.7600.16385
VirusTotal Report submitted 2012-01-08 14:04:31
VirusShare info last updated 2012-07-26 15:23:02

	MD5	f3bea5333efe7f8645cb4ff4bfd76d80
	SHA1	d2d46d59da538e4b48b07be405be3f82f26cd097
	SHA256	d532124d1c4d7450fdd56c40c453566d2e12e03c9b6776605f36f831633f89f7
SSDeep	6144:vWI9bjDLpaPqHJ3XC/oYPgYB1Hv12nnPxFSMuQ9n0nufGL4eVT5jTvctZBKk90yw:vW2KqFy/o+FuPP7nsPL4eX3wXKz
Size	351741 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Suspicious file nProtect = Trojan/W32.Pirminay.351741 K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_GEN.R28CREC Comodo = TrojWare.Win32.Trojan.Agent.Gen Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Downloader.a!cl DrWeb = Trojan.DownLoader4.48146 TrendMicro = TROJ_GEN.R28CREC Kaspersky = Trojan.Win32.Pirminay.iof Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.sp McAfee = Downloader.a!cl F-Secure = Trojan.Generic.5793678 VIPRE = Trojan.Win32.Generic!BT F-Prot = W32/Ponmocup.A.gen!Eldorado AVG = Downloader.Generic11.RYK Norman = W32/Kryptik.AIF Sophos = Mal/Generic-L GData = Trojan.Generic.5793678 Symantec = Trojan.Gen Commtouch = W32/Ponmocup.A.gen!Eldorado TheHacker = Trojan/Pirminay.fam BitDefender = Trojan.Generic.5793678 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:02 15:20:00-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 69632 Initialized Data Size : 557056 Uninitialized Data Size : 0 Entry Point : 0xdb6f OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.5512 Product Version Number : 5.1.2600.5512 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 6 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Remote NDIS Miniport File Version : 5.1.2600.5512 (xpsp.080413-0852) Internal Name : RNDISMP.SYS Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : RNDISMP.SYS Product Name : Microsoft® Windows® Operating System Product Version : 5.1.2600.5512
VirusTotal Report submitted 2012-06-26 16:15:38
VirusShare info last updated 2012-07-26 15:24:20

	MD5	619101e194b3f53c81104c550b84056e
	SHA1	d5bc0926bb85a952054146089b84ea625aeaa480
	SHA256	8f8595c9d097c6d066daa29e40b2b85beb868b4ffddffb1db3fc7eaba55cd1b8
SSDeep	3072:6HG8/m7p7ICOuZRfCl+LUXJNWHf21SMqqDLy/6e91L2wCos:SduNUCbrfCdDd1xqqDLut91L
Size	163840 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:Pirminay-BU [Trj] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.HDC Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!ozL2E+qwRdQ TrendMicro-HouseCall = TROJ_GEN.R30C7JH Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp McAfee-GW-Edition = Vundo!mp TrendMicro = TROJ_GEN.R30C7JH Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen McAfee = Vundo!mp F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic25.AFYT Norman = W32/Suspicious_Gen2.RKKTA Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.llt BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LLT
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:01:22 20:14:16-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 90112 Initialized Data Size : 114688 Uninitialized Data Size : 0 Entry Point : 0x162e7 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.10.1027 Product Version Number : 5.1.0.0 File Flags Mask : 0x001f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Ggvpzttbj File Description : robocopy File Version : 5, 1, 10, 1027 Internal Name : robocopy Legal Copyright : Copyright ⌐ 1995-2004 Original Filename : robocopy.exe Product Name : Dhkrabwoj Robocopy Product Version : XP027
VirusTotal Report submitted 2011-10-21 00:11:49
VirusShare info last updated 2012-07-26 15:24:40

	MD5	91ea1c5c5b7254c580b907d51295d348
	SHA1	d60896494e33416c64fd6617a46ddd2c9b6c46cb
	SHA256	5288a3f32fa923ac1940b723c8033ad2a7c2a88197023cb15971d092d654f90c
SSDeep	3072:iZKsUKU808zM97tu1G31fyu5osMqqDLy/+4SV8:sKf8zqha8yqqDLuQV8
Size	118784 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-HH [Cryp] Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Genome Panda = Trj/Genetic.gen nProtect = Gen:Variant.Vundo.16 K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_GEN.R4FC2IF Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Kundo McAfee-GW-Edition = Artemis!91EA1C5C5B72 DrWeb = Trojan.Click1.63787 TrendMicro = TROJ_GEN.R4FC2IF Kaspersky = Trojan.Win32.Genome.wsrg Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen McAfee = Artemis!91EA1C5C5B72 F-Secure = Gen:Variant.Vundo.16 VIPRE = Virtumonde F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.AGKM Norman = W32/Suspicious_Gen2.QHQHY Sophos = Troj/Virtum-Gen Symantec = Trojan.Gen GData = Gen:Variant.Vundo.16 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Genome.srdh BitDefender = Gen:Variant.Vundo.16 NOD32 = probably a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:16 03:31:27-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 40960 Initialized Data Size : 118784 Uninitialized Data Size : 0 Entry Point : 0x6ec2 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1998.11.13.0 Product Version Number : 7.0.6.23 File Flags Mask : 0x003f File Flags : (none) File OS : Win16 Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Windows, Latin1 Platform : Windows Company Name : Microsoft Corporation File Description : SQL Client Configuration Utility. File Version : 1998.11.13 Internal Name : CLICONFG. Legal Copyright : Copyright © Microsoft Corp. 1988-1998 Legal Trademarks : Microsoft® is a registered trademark of Microsoft Corporation. Windows(TM) is a trademark of Microsoft Corporation Original Filename : CLICONFG.EXE. Product Name : Microsoft SQL Server Product Version : 7.00.623 Comments : Windows
VirusTotal Report submitted 2011-11-16 04:28:32
VirusShare info last updated 2012-07-26 15:24:50

	MD5	d671c8f4dc456d9f04138d981ce9f001
	SHA1	374fd13e1591a2b2cc84001bbca08cf164c2dc9c
	SHA256	d68b6eb5141a28333f8e7604f9f769598e33b11cefa8f01a4eb8362808e29d0e
SSDeep	1536:GsLvdRvGYgEsHKK4b0ry9lpTJJhabHLWB2vDhBEQtapkQf:ZdRvJgrKfR9lpFJhcLRrepkQf
Size	76800 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Trj/Genetic.gen nProtect = Trojan/W32.Monder.76800.C K7AntiVirus = Trojan VirusBuster = Trojan.Monder.Gen.7 TrendMicro-HouseCall = TROJ_GEN.R4FC1KO Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.Click1.61036 TrendMicro = TROJ_GEN.R4FC1KO Kaspersky = Trojan.Win32.Monder.nnkh Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Monder.BMF!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Monder.abee McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.YJO Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.ndi BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.NDI
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:06:29 07:32:37-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 32768 Initialized Data Size : 90112 Uninitialized Data Size : 0 Entry Point : 0x4add OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 2 Language Code : Neutral Character Set : Unicode Company Name : Microsoft Feyzmogvamr File Description : Greenlandic Keyboard Layout File Version : 6.0.6000.16386 (edkrn_rtm.061101-2205) Internal Name : kbdgrlnd (3.13) Legal Copyright : © Oscyawtxx Pxpucqjdtev. All rights reserved. Original Filename : kbdgrlnd.dll Product Name : Vhrnqseir® Eipvpsk® Bxmonqxom Vrwqts Product Version : 6.0.6000.16386
VirusTotal Report submitted 2012-06-26 16:47:09
VirusShare info last updated 2012-07-26 15:25:08

	MD5	245c80a82073593cf8f0621f742d1b32
	SHA1	9212cb90bd895fefbcfa1e5979b3ce535d748e72
	SHA256	d69f61f779b581dbc8a078769f1d6ba9b365dbb3421c4a913e77011d228517f3
SSDeep	3072:qUxM82xKJUjdiatsOBhIm2VOrsIlzvVSbu/yf3S:vxNKbxtBhFhs7um3
Size	131072 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Trj/Genetic.gen nProtect = Trojan/W32.Agent.131072.ALD K7AntiVirus = Trojan VirusBuster = Trojan.Kryptik!Eb52TysXqFw TrendMicro-HouseCall = TROJ_GEN.R45C2H6 Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Win32.Vundo.av5.AD SUPERAntiSpyware = Trojan.Agent/Gen-Vundo McAfee-GW-Edition = Heuristic.BehavesLike.Win32.Suspicious.H DrWeb = Trojan.Virtumod.10435 TrendMicro = TROJ_GEN.R45C2H6 Kaspersky = Trojan.Win32.Monder.mpqe Microsoft = Trojan:Win32/Vundo.gen!AV ViRobot = Trojan.Win32.Vundo.131072 Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Monder.adnn McAfee = Vundo!ma F-Secure = Trojan.Generic.6246179 VIPRE = Trojan.Win32.Vundo.pa (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.AQDY Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen Symantec = Trojan.Gen GData = Trojan.Generic.6246179 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.llt BitDefender = Trojan.Generic.6246179 NOD32 = a variant of Win32/Kryptik.LLT
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:14 23:59:26-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 61440 Initialized Data Size : 102400 Uninitialized Data Size : 0 Entry Point : 0xc09d OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1.0.0.1 Product Version Number : 1.0.0.1 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode File Description : igfxTMM Module File Version : 1, 0, 0, 1 Internal Name : igfxTMM Legal Copyright : Copyright 2006 Original Filename : igfxTMM.DLL Product Name : igfxTMM Module Product Version : 1, 0, 0, 1
VirusTotal Report submitted 2012-06-26 16:48:56
VirusShare info last updated 2012-07-26 15:25:11

	MD5	f4d05b1103b38bb36be6451fd5068736
	SHA1	80de08ca8167261a5674f8d9178681cab23752b2
	SHA256	d798198736027f81389991c24b51e5b1e21788cdb0b76b288b1487e3580980ab
SSDeep	6144:MElAY1UvaSh8uT5x5J0lBatB2LaWO36hTGE6NApTL1qm+u:MEYSPuTo6fUat3aTGE6Q1H
Size	304732 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Spy.304732 Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Packed/Win32.Generic Panda = Suspicious file K7AntiVirus = Riskware VBA32 = Trojan.Pirminay.wh TrendMicro-HouseCall = TROJ_GEN.R3BC3AC Emsisoft = Trojan.Win32.Pirminay!IK Comodo = TrojWare.Win32.Trojan.Agent.Gen McAfee-GW-Edition = Artemis!F4D05B1103B3 DrWeb = Trojan.DownLoader6.20777 TrendMicro = TROJ_GEN.R3BC3AC Kaspersky = Trojan.Win32.Pirminay.wg Fortinet = W32/Kryptik.ANL!tr PCTools = HeurEngine.MaliciousPacker Jiangmin = Trojan/Pirminay.adq McAfee = Artemis!F4D05B1103B3 F-Secure = Gen:Variant.Vundo.6 VIPRE = Packed.Win32.Pirminay.a (v) F-Prot = W32/FakeAlert.LP.gen!Eldorado AVG = Generic19.ALGX Sophos = Mal/Generic-L Symantec = Packed.Generic.305 GData = Gen:Variant.Vundo.6 Commtouch = W32/FakeAlert.LP.gen!Eldorado TheHacker = Trojan/Pirminay.cff BitDefender = Gen:Variant.Vundo.6 NOD32 = a variant of Win32/Kryptik.PMF
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:04:06 21:47:19-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 10240 Initialized Data Size : 535040 Uninitialized Data Size : 0 Entry Point : 0x3502 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.0.2159.1 Product Version Number : 5.0.2159.1 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Server Extension Objects DLL File Version : 5.00.0984 Internal Name : SEO Legal Copyright : Copyright (C) Microsoft Corp. 1981-1999 Original Filename : SEO.DLL Product Name : Internet Information Services Product Version : 5.00.0984
VirusTotal Report submitted 2012-06-26 17:10:47
VirusShare info last updated 2012-07-26 15:25:50

	MD5	babc1dc0ae335a8287cca36a8aaa0d28
	SHA1	d7fe3347f8dcf5ae88651575bf3b0859e7ab7e8d
	SHA256	25285d7daac5dd43852cb93875cba4fc80816cc2e368f0683de432ea9777f0d8
SSDeep	1536:8vEWFKn5Oiy+T3isz8sbWc5a1dDNtpfbSF4om93AXJ4TBziaRnl8:8vEWsVRzecapmi9w6Nlnl8
Size	77824 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.307200 Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/Win32.Monder.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Vundo Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.13 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!eT6OZZ7U9mQ eTrust-Vet = Win32/Monder.A!generic TrendMicro-HouseCall = TROJ_GEN.R47C7JB Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Vundo!mm DrWeb = Trojan.Virtumod.10270 TrendMicro = TROJ_GEN.R47C7JB Kaspersky = Trojan.Win32.Monder.mvvv Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen McAfee = Vundo!mm F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.YLY Norman = W32/Suspicious_Gen2.RIQVX Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.13 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.ndi BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.NDI
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:11:12 19:46:07-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 28672 Initialized Data Size : 90112 Uninitialized Data Size : 0 Entry Point : 0x4885 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.1.1.51 Product Version Number : 2.1.1.51 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : Hewlett-Packard Company File Description : hpboidPS Module Internal Name : Proxy stub for status server Legal Copyright : Copyright © 2006, 2007 Hewlett-Packard Company Legal Trademarks : OLE Self Register : File Version : 2,1,1,51 Original Filename : hpboidps.DLL Private Build : Product Name : Bidi (Missile) User Mode Product Version : 2,1,1,51 Special Build :
VirusTotal Report submitted 2011-10-21 00:21:26
VirusShare info last updated 2012-07-26 15:26:07

	MD5	c0f65b7af81ba550f5434fb3308369e6
	SHA1	d85e65dd55bf63d2d1393fed695ccc0c3b6647b1
	SHA256	133c0074f6cf401cb640211f89ef07ba1f4d200e58018262175b7b23dc3339eb
SSDeep	1536:8vleR4XCQFYV8k5CgW4OH3gjn/ZZyGf5ZwaqzbTSOA+oVWV52cxz:8vlZSik8gN8gb/ZZyGBobP/v2cxz
Size	84480 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dldr.Tracur.AG.9 Avast = Win32:Malware-gen Ikarus = Trojan-Downloader.Win32.Tracur AhnLab-V3 = Trojan/Win32.HDC Panda = Suspicious file nProtect = Gen:Variant.Kazy.40446 Emsisoft = Trojan-Downloader.Win32.Tracur!IK SUPERAntiSpyware = Trojan.Agent/Gen-MSFake Kaspersky = Trojan.Win32.Pirminay.pbv Microsoft = TrojanDownloader:Win32/Tracur.AG PCTools = Trojan.Gen McAfee = Suspect-AB!C0F65B7AF81B F-Secure = Gen:Variant.Kazy.40446 VIPRE = Trojan.Win32.Generic!BT AVG = Generic25.AGKO GData = Gen:Variant.Kazy.40446 Symantec = Trojan.Gen.2 BitDefender = Gen:Variant.Kazy.40446 NOD32 = a variant of Win32/Kryptik.UCC
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2007:02:06 13:43:34-05:00 PE Type : PE32 Linker Version : 5.1 Code Size : 57856 Initialized Data Size : 16384 Uninitialized Data Size : 126976 Entry Point : 0x2b62 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Unimodem Service Provider AT Mini Driver File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : UNIMDMAT Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : UNIMDMAT.DLL Product Name : Microsoft® Windows® Operating System Product Version : 6.1.7600.16385
VirusTotal Report submitted 2011-10-26 17:16:44
VirusShare info last updated 2012-07-26 15:26:20

	MD5	2b6d603f96a24445d3d42d19efa106f8
	SHA1	d9a81ab3823183bf4a44b6c5016d48eeb1712c0e
	SHA256	1ebc4d7258a155a34777ac934503feb54f914797e145dcaf68d05a844fe605cc
SSDeep	3072:880RIj/e7peW3n1Pm1/v9WqhWirMffl7cIACjg0YcYmbRIryLcfBq87OOW:li5FOv1OBcaYJmbRrGBqAW
Size	102912 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.307200 Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Vundo Panda = Trj/Genetic.gen nProtect = Trojan/W32.Vundo.102912.C K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!xVDQq83xVi4 eTrust-Vet = Win32/Monder.A!generic TrendMicro-HouseCall = TROJ_GEN.R4FC2IM Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Faldesc[RE] McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.Smardec.82 TrendMicro = TROJ_GEN.R4FC2IM Kaspersky = HEUR:Trojan.Win32.Generic ViRobot = Trojan.Win32.Vundo.102912 Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.gddy McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CD.gen!Eldorado AVG = Generic22.BFHJ Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen Symantec = Trojan.Gen GData = Gen:Variant.Vundo.13 Commtouch = W32/Virtumonde.CD.gen!Eldorado TheHacker = Trojan/Kryptik.lxf BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:08:15 19:44:32-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 53248 Initialized Data Size : 90112 Uninitialized Data Size : 0 Entry Point : 0xa8a5 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6001.18000 Product Version Number : 6.0.6001.18000 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Crspatyrt Iiavhzuekfy File Description : Inttonhuv EAPHost Peer Client DLL File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840) Internal Name : eappprxy.dll Legal Copyright : © Tmzeezucf Orpcjqwwmcj. All rights reserved. Original Filename : eappprxy.dll Product Name : Egasnptin® Klrcaac® Cbpvxbcoj Nvuogg Product Version : 6.0.6001.18000
VirusTotal Report submitted 2011-11-13 22:39:17
VirusShare info last updated 2012-07-26 15:27:13

	MD5	ded64e4bf2d8473b7bdf75c9265e8282
	SHA1	0007a452bf90e89841b44bd1028c6bc8a6c74547
	SHA256	d9d8f911e9dbb1ab1864a1e6a57283d44db66a3a221f8567a7b5612eed1663de
SSDeep	1536:U4dwSC/UXuY28bQJjml9I3k3lQ36QDkUvt4N:Ukwx8b20QJj83lQ39kC
Size	49664 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:MalOb-GH [Cryp] Antiy-AVL = Trojan/Win32.Monder.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Trj/Genetic.gen nProtect = Trojan/W32.Small.49664.EE K7AntiVirus = Trojan VirusBuster = Trojan.Kryptik.Gen.26 TrendMicro-HouseCall = TROJ_GEN.R21C2IA Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Vundo!lm DrWeb = Trojan.WinSpy.1071 TrendMicro = TROJ_GEN.R21C2IA Kaspersky = Trojan.Win32.Monder.mqvw Microsoft = Trojan:Win32/Vundo.gen!AV ViRobot = Trojan.Win32.Vundo.49664 Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Generic.isio McAfee = Vundo!lm F-Secure = Trojan.Generic.6744314 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.ST AVG = Cryptic.DQQ Norman = W32/Kryptik.AKE Sophos = Troj/Virtum-Gen GData = Trojan.Generic.6744314 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.ST TheHacker = Trojan/Kryptik.ocu BitDefender = Trojan.Generic.6744314 NOD32 = a variant of Win32/Kryptik.OCU
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2004:08:16 10:16:46-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 40960 Initialized Data Size : 49152 Uninitialized Data Size : 0 Entry Point : 0xaeb1 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2001.12.4414.258 Product Version Number : 3.0.0.4414 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Windows, Latin1 Company Name : Yzwibhlqj Ewifvhxbtkz File Description : Simple Kernel-mode File-based Log File Version : 2001.12.4414.258 Internal Name : txflog.sys Legal Copyright : Copyright (C) Microsoft Corp. 1995-1999 Legal Trademarks : Qfvwqsgxa(R) is a registered trademark of Ighyzngxg Psbzwdzhbpn. Pbnyczd(TM) is a trademark of Zlpagiibr Klpywuagrfb Product Name : COM Services Product Version : 03.00.00.4414
VirusTotal Report submitted 2012-06-26 18:08:54
VirusShare info last updated 2012-07-26 15:27:18

	MD5	10e915f874a6a1d0b1962f9282b4352e
	SHA1	dcfa582022db8100696d3e6799508ddfc973e253
	SHA256	fc5ae95a7a87beef6fb05fe1eb78313263a13de67cbabf7fcd5ee55ace0e939c
SSDeep	1536:U49wSC/UXuY28bQJjml9I3k3lQ36QDkU85x:Ukwx8b20QJj83lQ39k
Size	49664 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:MalOb-GH [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Trj/Genetic.gen nProtect = Trojan/W32.Small.49664.EE eTrust-Vet = Win32/Vundo.A!generic TrendMicro-HouseCall = TROJ_GEN.R4FC1IF Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] TrendMicro = TROJ_GEN.R4FC1IF ViRobot = Trojan.Win32.Vundo.49664 Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.isio McAfee = Vundo!ld VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.ST AVG = Cryptic.DQQ Norman = W32/Suspicious_Gen2.PZDTQ Sophos = Troj/Virtum-Gen GData = Win32:MalOb-GH Symantec = Trojan.Gen Commtouch = W32/Virtumonde.ST TheHacker = Trojan/Kryptik.ocu NOD32 = a variant of Win32/Kryptik.OCU
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2004:08:16 10:16:46-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 40960 Initialized Data Size : 49152 Uninitialized Data Size : 0 Entry Point : 0xaeb1 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2001.12.4414.258 Product Version Number : 3.0.0.4414 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Windows, Latin1 Company Name : Yzwibhlqj Ewifvhxbtkz File Description : Simple Kernel-mode File-based Log File Version : 2001.12.4414.258 Internal Name : txflog.sys Legal Copyright : Copyright (C) Microsoft Corp. 1995-1999 Legal Trademarks : Qfvwqsgxa(R) is a registered trademark of Ighyzngxg Psbzwdzhbpn. Pbnyczd(TM) is a trademark of Zlpagiibr Klpywuagrfb Product Name : COM Services Product Version : 03.00.00.4414
VirusTotal Report submitted 2011-10-18 14:17:49
VirusShare info last updated 2012-07-26 15:29:15

	MD5	030e900caac46ea324d6d362e8ba240c
	SHA1	deff6a76a6f991d9e5c8f2342bca61a80f7b7b70
	SHA256	4670d469309bdd76ba6dedf53dee0b30d75c09f37612b8084112f99328fef7a6
SSDeep	1536:ELCkDrGrkCKuJ4y2cYePu1Bcif6Me0e9jwfpVV2OHTMOQKr/XaymGLEZeeJo+i+p:EbkC2zYx9e0edwfpVV1IOQByJ2JomX
Size	126464 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-GD [Cryp] Antiy-AVL = Trojan/Win32.Monder.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Generic Malware Rising = Trojan.Win32.Generic.12A34528 nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware VirusBuster = Trojan.Monder!uLDCzyoFGmM VBA32 = Trojan.Monder.nama TrendMicro-HouseCall = TROJ_SPNR.15L511 Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Monder.nama McAfee-GW-Edition = Artemis!030E900CAAC4 DrWeb = Trojan.Virtumod.10482 TrendMicro = TROJ_SPNR.15L511 Kaspersky = Trojan.Win32.Monder.nama ViRobot = Trojan.Win32.Generic.126464.A Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Monder.BMF!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.jhve McAfee = Artemis!030E900CAAC4 F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) eSafe = Win32.TRVundo F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.AKUF Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.NDT
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:08:29 07:30:52-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 57344 Initialized Data Size : 110592 Uninitialized Data Size : 0 Entry Point : 0xbe5a OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 9.0.0.3250 Product Version Number : 9.0.0.3250 File Flags Mask : 0x0000 File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Wdxqnmkan Hworbfydfkx File Description : Tyqgmnj Media Secure Content Provider File Version : 9.00.00.3250 Internal Name : msscp.dll Legal Copyright : © Hiqtquuie Wwwunikojgw. All rights reserved. Original Filename : msscp.dll Product Name : Clpmxptvi® DRM Product Version : 9.00.00.3250 OLE Self Register :
VirusTotal Report submitted 2011-12-16 15:28:38
VirusShare info last updated 2012-07-26 15:30:33

	MD5	3fc4442e401a7f65440618f59923c8a4
	SHA1	d531ca88a26acf23e2b9aa33d659268fbde0db71
	SHA256	dfa3e85713c4ca77131e65117c99d6749c69cd651e8b21b25584929302a37010
SSDeep	6144:WIBod6T4gWg+VBe4PnwRxht4eQco3iYFaAgenmhvDje8sE5Tq/z6DZytbrJiYDQu:xyDBGx3zLYTmvVsE5T09bJ
Size	416133 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Spy.ZBot.34.34 Avast = Win32:Pirminay-W [Trj] Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/CI.A K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!2+hgcYK4xiA TrendMicro-HouseCall = TROJ_GEN.R11C2H3 Comodo = TrojWare.Win32.Trojan.Agent.Gen Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Pirminay.qzv McAfee-GW-Edition = Artemis!3FC4442E401A DrWeb = Trojan.DownLoader5.39594 TrendMicro = TROJ_GEN.R11C2H3 Kaspersky = Trojan.Win32.Pirminay.qzv Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.ADH Jiangmin = Trojan/Pirminay.zl McAfee = Artemis!3FC4442E401A F-Secure = Gen:Variant.Zbot.34 VIPRE = Trojan.Win32.Generic!BT AVG = Generic22.ALLT Norman = W32/Obfuscated.L Sophos = Troj/Virtum-Gen GData = Gen:Variant.Zbot.34 Symantec = Trojan.ADH TheHacker = Trojan/Pirminay.gpx BitDefender = Gen:Variant.Zbot.34 NOD32 = a variant of Win32/Kryptik.NDZ
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:08:09 14:57:25-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 28672 Initialized Data Size : 745472 Uninitialized Data Size : 0 Entry Point : 0x4406 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.0.0.3422 Product Version Number : 2.0.0.3422 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : Portuguese Character Set : Unicode Comments : Company Name : Oflwbmimv Nxaoeqtliub File Description : Vbniftxge Agent International Dll File Version : 2.00.0.3422 Internal Name : agt0816 Legal Copyright : Copyright (C) Joemcygqq Corp. 1999 Legal Trademarks : Original Filename : agt0816.dll Private Build : Product Name : Lbcwrywup Agent International Dll Product Version : 2.00.0.3422 Special Build :
VirusTotal Report submitted 2012-06-26 21:00:08
VirusShare info last updated 2012-07-26 15:30:58

	MD5	50631452f17d0af53eb779bfbf7672a4
	SHA1	edb6884d2e9c8e41f5158d50015ee40af3d4274b
	SHA256	e08a480ca863e0e672596146a84d97bb0fdc752e589f89b2f0a4e203c4ac5042
SSDeep	3072:InW4H/iFjtKHcTFqoJAJuMzGOuxFdu5/:QH/i9ucAHPsQ
Size	110592 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/Win32.Monder.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Trj/CI.A K7AntiVirus = Trojan VirusBuster = Trojan.Kryptik!OlBBd4Tyu8c VBA32 = AdWare.SuperJuan.heur TrendMicro-HouseCall = TROJ_GEN.R4FC2GF Comodo = TrojWare.Win32.Monder.xj Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Monder.nrso McAfee-GW-Edition = Artemis!50631452F17D DrWeb = Trojan.Virtumod.9890 TrendMicro = TROJ_GEN.R4FC2GF Kaspersky = Trojan.Win32.Monder.nrso Microsoft = Trojan:Win32/Vundo.gen!AV ViRobot = Trojan.Win32.A.Monder.110592.B Fortinet = W32/Menti.fam!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Monder.aenf McAfee = Artemis!50631452F17D F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic28.WO Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.13 Symantec = Trojan.Gen.2 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.kfj BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.LLT
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:30 19:28:27-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 53248 Initialized Data Size : 86016 Uninitialized Data Size : 0 Entry Point : 0xd174 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 3.2.0.25 Product Version Number : 3.2.0.25 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : File Description : PPServer Module File Version : 3, 2, 0, 25 Internal Name : PPServer Legal Copyright : Copyright 1999 Legal Trademarks : OLE Self Register : Original Filename : PPServer.DLL Private Build : Product Name : PPServer Module Product Version : 3, 2, 0, 25 Special Build :
VirusTotal Report submitted 2012-06-26 21:37:23
VirusShare info last updated 2012-07-26 15:31:38

	MD5	d65c05217710f3a43751520e6bf68d95
	SHA1	43ff0e39ff7bff5a0749f8c9c73c8496ef86a551
	SHA256	e2607fb212d41adb75e2991cacc232e7ac393faeeb74e72353618046a301446b
SSDeep	768:sqcsJzCHstbxfniNvmYAVFiqrNN58uliZ+0cGoGbmx1GLlKMPoJKMlkjCW/xOHZQ:s0JRni5mtagJhcYGo4hfP4ejlw/+t
Size	63488 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Genome Panda = Suspicious file Rising = Trojan.Win32.Generic.1252D7BD nProtect = Trojan/W32.Agent.63488.JD K7AntiVirus = Trojan VirusBuster = Adware.Virtumonde!180+7yQRJsw TrendMicro-HouseCall = TROJ_GEN.R4FC2FP Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Vundo!ne DrWeb = Trojan.Smardec.54 TrendMicro = TROJ_GEN.R4FC2FP Kaspersky = Trojan.Win32.Genome.sska Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Genome.ijs McAfee = Vundo!ne F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.BZ.gen!Eldorado AVG = Generic23.CINT Norman = W32/Kryptik.AIF GData = Gen:Variant.Vundo.13 Symantec = Trojan.Gen.2 Commtouch = W32/Virtumonde.BZ.gen!Eldorado BitDefender = Gen:Variant.Vundo.13 NOD32 = Win32/Adware.Virtumonde.NHD
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:11:01 16:54:42-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 24064 Initialized Data Size : 75264 Uninitialized Data Size : 0 Entry Point : 0x6c6d OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 2 Language Code : Neutral Character Set : Unicode Company Name : Microsoft Corporation File Description : Georgian Keyboard Layout File Version : 6.0.6000.16386 (vista_rtm.061101-2205) Internal Name : kbdgeo (3.13) Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : kbdgeo.dll Product Name : Microsoft® Windows® Operating System Product Version : 6.0.6000.16386
VirusTotal Report submitted 2012-06-26 22:38:52
VirusShare info last updated 2012-07-26 15:32:43

	MD5	cdf480b7a6abb0e5c77b2fdea7301a8d
	SHA1	e2643df0e69b56b3ec637505a69e83d7fbd6a7e0
	SHA256	7c43953134508185825ac7f93c1284f2b94a41d2a7abe8d26195754fea2c8565
SSDeep	3072:jIH6xlgL/Iexh2MeDV39XsshqRjW4Sm0FilVi0GSvPxBjux0r:MDL/IKzeDY0qRytbQlYDIQ
Size	1327104 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = W32/Expiro.A Avast = Win32:Expiro Antiy-AVL = Virus/Win32.Expiro.gen Ikarus = Virus.Win32.Virut AhnLab-V3 = Trojan/Win32.Pirminay Panda = W32/Expiro.gen nProtect = Win32.Kakavex.G VirusBuster = Win32.Expiro.Gen TrendMicro-HouseCall = PE_EXPIRO.CF Comodo = Packed.Win32.MUPX.Gen Emsisoft = Virus.Win32.Virut!IK McAfee-GW-Edition = PolyPatch-UPX DrWeb = Win32.Expiro.10 TrendMicro = PE_EXPIRO.CF Kaspersky = Virus.Win32.Expiro.k Fortinet = W32/Expiro.K McAfee = PolyPatch-UPX F-Secure = Win32.Kakavex.G Sophos = W32/Expiro-D GData = Win32.Kakavex.G BitDefender = Win32.Kakavex.G
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2002:06:19 15:20:22-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 106496 Initialized Data Size : 4096 Uninitialized Data Size : 1220608 Entry Point : 0xa000 OS Version : 4.0 Image Version : 13.7 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1.0.0.8 Product Version Number : 1.0.0.8 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : Andrea Electronics Corporation File Description : AEEnable File Version : 1, 0, 0, 8 Internal Name : AEEnable Legal Copyright : Copyright © 2002, Andrea Electronics Corporation Legal Trademarks : Original Filename : AEEnable.exe Private Build : Product Name : Andrea Digital Technologies AEEnable Product Version : 1, 0, 0, 8 Special Build :
VirusTotal Report submitted 2011-10-26 22:35:57
VirusShare info last updated 2012-07-26 15:32:43

	MD5	ff80b9aaa31156f3440f5737549f670c
	SHA1	e432a7dc06a99f47b850e15f91631f0f57b428ed
	SHA256	878c8084091970c84bb1d4835155792f8fd7431522fe1731df9e9e128d593318
SSDeep	3072:FBxAP5lU71CtMnokMqqDLy/0OcWKCdz/e757HG:ZAPTU8bqqDLu0OXdv
Size	126976 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-HF [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.16 K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_GEN.R47C7JT Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Artemis!FF80B9AAA311 DrWeb = Trojan.WinSpy.1207 TrendMicro = TROJ_GEN.R47C7JT Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen McAfee = Artemis!FF80B9AAA311 F-Secure = Gen:Variant.Vundo.16 VIPRE = Virtumonde F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.AOOB Norman = W32/Kryptik.AIF Sophos = Mal/Generic-L GData = Gen:Variant.Vundo.16 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.oxp BitDefender = Gen:Variant.Vundo.16 NOD32 = a variant of Win32/Kryptik.OXP
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:03:12 03:17:07-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 40960 Initialized Data Size : 126976 Uninitialized Data Size : 0 Entry Point : 0x72b2 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.6914.0 Product Version Number : 6.1.6914.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 1 Language Code : English (U.S.) Character Set : Unicode Company Name : SEIKO EPSON CORPORATION File Description : EPSON Printer Driver File Version : 6.1.6914.0 (fbl_dox_dev_ihvs.081001-2123) Internal Name : ep0lvr1g.dll Legal Copyright : Copyright (c) SEIKO EPSON CORPORATION 2003-2004. All rights reserved. Original Filename : ep0lvr1g.dll Product Name : EPSON Printer Driver Product Version : 6.1.6914.0
VirusTotal Report submitted 2011-10-31 14:50:17
VirusShare info last updated 2012-07-26 15:33:47

	MD5	9606630a255ca6273e13e2ee2c828b11
	SHA1	e4cb4816c66439ce88dcbde200d017db1f56287a
	SHA256	963a33e713c2a14186859d1ce2cebe248b480c911e9cdede015163aa2b4a6b74
SSDeep	3072:yUwDmpLx7PDegp8zVdfC4wBeYzKWzgo6quAGDiX:PaVMBEnX
Size	126976 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Pirminay Panda = Generic Trojan K7AntiVirus = Riskware Emsisoft = Trojan.Win32.Pirminay!IK DrWeb = Trojan.Click1.60787 Microsoft = Trojan:Win32/Vundo.gen!AV PCTools = Trojan.Gen VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.ABAX Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Win32:MalOb-EI Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.ndc NOD32 = a variant of Win32/Kryptik.NDC
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:12:03 07:46:59-05:00 PE Type : PE32 Linker Version : 5.12 Code Size : 45056 Initialized Data Size : 114688 Uninitialized Data Size : 0 Entry Point : 0x8c1a OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 0.3.81.1 Product Version Number : 7.6.81.1 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 12 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : ThinPrint GmbH File Description : TPOG Printer Driver File Version : 7,6,81,1 Internal Name : tpprn.dll Legal Copyright : Copyright © 2000 - 2007 ThinPrint GmbH Legal Trademarks : Original Filename : tpprn.dll Private Build : Product Name : ThinPrint Output Gateway Product Version : 7,6,81,1 Special Build :
VirusTotal Report submitted 2011-10-23 01:59:15
VirusShare info last updated 2012-07-26 15:34:10

	MD5	44e7d7ad9dd2ef8f386bc47109825c97
	SHA1	e8fc0a8b2a2287483807e797f4751b91ed02bc92
	SHA256	ff442411c11af07c25d77455d857b5707653d735ec88632774786f29e7318f76
SSDeep	1536:qeOu9BwKJQoHiX8HnzyTAGO5ME+1T5AdnBoVVl87lq:qTuvhQQsAGO5ME+1CfE87lq
Size	72192 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/Win32.Monder.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Generic Trojan Rising = Trojan.Win32.Generic.12A44735 nProtect = Trojan/W32.Monder.72192.J K7AntiVirus = Riskware VirusBuster = Trojan.Monder!+c6ZfV3dzcU VBA32 = Trojan.Monder.drjy eTrust-Vet = Win32/Monder.A!generic TrendMicro-HouseCall = TROJ_GEN.R47C7KJ Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Vundo!na DrWeb = Trojan.Virtumod.10576 TrendMicro = TROJ_GEN.R47C7KJ Kaspersky = Trojan.Win32.Monder.drjy Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen McAfee = Vundo!na F-Secure = Gen:Variant.Vundo.5 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.ACBH Norman = W32/Kryptik.AIF Sophos = Mal/Generic-L GData = Gen:Variant.Vundo.5 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Gen:Variant.Vundo.5 NOD32 = a variant of Win32/Kryptik.NDI
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:03:01 20:42:15-05:00 PE Type : PE32 Linker Version : 5.12 Code Size : 61440 Initialized Data Size : 53248 Uninitialized Data Size : 0 Entry Point : 0xbb01 OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.6904.0 Product Version Number : 6.1.6904.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : SEIKO EPSON CORPORATION File Description : EPSON Print Processor ESC/P File Version : 6.1.6904.0 (fbl_dox_dev_ihvs.080908-1556) Internal Name : ep0npp01.dll Legal Copyright : Copyright (c) SEIKO EPSON CORPORATION 2006. All rights reserved. Original Filename : ep0npp01.dll Product Name : EPSON Print Processor ESC/P Product Version : 6.1.6904.0
VirusTotal Report submitted 2011-12-27 15:23:33
VirusShare info last updated 2012-07-26 15:36:42

	MD5	9355619f56bdf2963b5546cdd90e1eb0
	SHA1	e95d0ba9354321e08e9b05c06aa29cc13271a29d
	SHA256	31bf8e27e3c27aca30320a8098b6fb669a840e989cbd6d806d033edefcf21a3d
SSDeep	3072:evZH8xlJbA8ISkdOtM/CpKFFrSolEMqqDLy/Pn+Pe/4NKCnsq:evcGhfOtMiw1SeqqDLuPsOuKqs
Size	160768 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-HF [Cryp] Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Vundo Panda = Generic Trojan nProtect = Trojan/W32.Genome.160768 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!4OpO7Jrai9Y eTrust-Vet = Win32/Monder.A!generic TrendMicro-HouseCall = TROJ_GEN.R4FC2IM Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Genome.wdax SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.Click1.64012 TrendMicro = TROJ_GEN.R4FC2IM Kaspersky = Trojan.Win32.Genome.wdax Microsoft = Trojan:Win32/Vundo.gen!AV ViRobot = Trojan.Win32.Vundo.160768 Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.ijxo McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.4 VIPRE = Virtumonde F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.AZQC Norman = W32/Suspicious_Gen2.TJHQD Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.lxf BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:08:19 09:46:42-04:00 PE Type : PE32 Linker Version : 5.12 Code Size : 94208 Initialized Data Size : 118784 Uninitialized Data Size : 0 Entry Point : 0x13a32 OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.6.7000.0 Product Version Number : 6.6.7000.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Vnrmgjtri Lpzybpvwlac File Description : DirectShow Runtime. File Version : 6.6.7000.0 (winmain_win7beta.081212-1400) Internal Name : QCap.dll Legal Copyright : © Uytnvwlob Dbtjrslawzr. All rights reserved. Original Filename : QCap.dll Product Name : Rkathmooi® Rufbqqx® Vnvlhzjpv Gjyxup Product Version : 6.6.7000.0 Ole Self Register :
VirusTotal Report submitted 2011-12-01 18:19:04
VirusShare info last updated 2012-07-26 15:36:56

	MD5	f68cab9d5d91f20e64c39ec5917a123d
	SHA1	d31deebdb909ca7945daf770dbb6185ff4b5d417
	SHA256	ea8e00a0c5451a1660d1e387af20ad8c621e08d393aa0d6618f31b9813de1785
SSDeep	6144:DNWOFgNlQTPxon8Pfs7EHkmzDdzMVbsjkV8k/qUJmLOb:JWOFg0gCpBST8k/qU0Ly
Size	256516 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.ZPACK.Gen2 Avast = Win32:Trojan-gen Ikarus = Trojan.Win32.Priminary AhnLab-V3 = Trojan/Win32.Pirminay Panda = Suspicious file nProtect = Trojan.Generic.4529322 K7AntiVirus = Riskware VBA32 = Trojan.Pirminay.qj TrendMicro-HouseCall = TROJ_RENOS.BMC Emsisoft = Trojan.Win32.Priminary!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Artemis!F68CAB9D5D91 TrendMicro = TROJ_RENOS.BMC Kaspersky = Trojan.Win32.Pirminay.adn Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Kryptik.ANL!tr PCTools = HeurEngine.MaliciousPacker Jiangmin = Trojan/Pirminay.bo McAfee = Artemis!F68CAB9D5D91 F-Secure = Trojan.Generic.4529322 VIPRE = Packed.Win32.Pirminay.a (v) F-Prot = W32/FakeAlert.LP.gen!Eldorado AVG = Downloader.Generic10.MWC Norman = W32/Suspicious_Gen2.CEJKS GData = Trojan.Generic.4529322 Symantec = Packed.Generic.305 Commtouch = W32/FakeAlert.LP.gen!Eldorado TheHacker = Trojan/Pirminay.qj BitDefender = Trojan.Generic.4529322 NOD32 = a variant of Win32/Agent.RDG
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:11:12 18:01:00-05:00 PE Type : PE32 Linker Version : 5.12 Code Size : 5120 Initialized Data Size : 496128 Uninitialized Data Size : 0 Entry Point : 0x20dc OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 8.1.3124.0 Product Version Number : 8.1.3124.0 File Flags Mask : 0x003f File Flags : Pre-release, Private build File OS : Win32 Object File Type : Executable application File Subtype : 0 Language Code : Japanese Character Set : Windows, Japan (Shift - JIS X-0208) Company Name : Microsoft Corporation File Description : Microsoft IME File Version : 8.1.3124.0 Internal Name : MS-IME Legal Copyright : Copyright (C) 1995-2001 Microsoft Corporation. All rights reserved. Legal Trademarks : MicrosoftR is a registered trademark of Microsoft Corporation. Windows(TM) is a trademark of Microsoft Corporation Original Filename : IMJPDADM.EXE Product Name : Microsoft IME 2002 Product Version : 8.1.3124.0
VirusTotal Report submitted 2012-06-27 02:34:14
VirusShare info last updated 2012-07-26 15:37:48

	MD5	e990ee22b5860ff21b5752870a347a36
	SHA1	ee279531dd8effdea9bd80a1529d9604656f8a3c
	SHA256	d19efc584b9324642626f3402b9e7903e11f816a5539a5c8a51fdda818695fc1
SSDeep	3072:mob9iZyPT3IBORTUWcK2MLvRg6QT7CLJFN0WBwX047pBg5OAiPsjUEByz:mobMZQTU/S5g6QYmVE0Bg5OA1By
Size	159744 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/Win32.Monder.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.13 K7AntiVirus = Riskware VirusBuster = Trojan.Monder!+N1YGoZdU+w VBA32 = AdWare.SuperJuan.heur TrendMicro-HouseCall = TROJ_GEN.R21C7K8 Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Monder.myix McAfee-GW-Edition = Artemis!E990EE22B586 DrWeb = Trojan.Virtumod.10533 TrendMicro = TROJ_GEN.R21C7K8 Kaspersky = Trojan.Win32.Monder.myix Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr McAfee = Artemis!E990EE22B586 F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) eSafe = Win32.Trojan F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic21.AEBC GData = Gen:Variant.Vundo.13 Symantec = WS.Reputation.1 Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Adware.Virtumonde.NHH
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:15 03:33:18-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 131072 Initialized Data Size : 57344 Uninitialized Data Size : 0 Entry Point : 0x202de OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1.10.0.6 Product Version Number : 1.10.0.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 8 Language Code : English (U.S.) Character Set : Windows, Latin1 Company Name : Radius Inc. File Description : Cinepak® Codec File Version : 1.10.0.6 Internal Name : iccvid Legal Copyright : Copyright © 1992-1995 Radius Inc., All Rights Reserved Legal Trademarks : Cinepak® is a trademark of Radius Inc. Original Filename : iccvid.drv Product Name : Cinepak for Windows 32 Product Version : 1.10.0.0
VirusTotal Report submitted 2011-12-02 09:27:16
VirusShare info last updated 2012-07-26 15:39:58

	MD5	3a2d23a6539c69b5dd90c0e4df54ece2
	SHA1	47289ce78f611f6f5fb1524b114a0ba7b2388ca0
	SHA256	f20c20540656f8e35a217c865481743afc07de268cf6984cc5b9905e54961b29
SSDeep	6144:dYqoQCE9Yfk7fBCCRgzip0LTgRZxbS0Ql81Z8RArorhLasMGw1:dYV1pAhWziS6T0e1uAs1VRc
Size	291328 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.XPACK.Gen3 Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Pirminay.291328 Panda = Trj/CI.A Rising = Suspicious nProtect = Trojan.Generic.5211923 K7AntiVirus = Trojan VirusBuster = Trojan.DL.Agent!2n+ewaUPG6g VBA32 = Win32.TrojanDownloader.Agent.PXO TrendMicro-HouseCall = TROJ_GEN.R3BC2AH Emsisoft = Trojan.Win32.Pirminay!IK Comodo = TrojWare.Win32.Trojan.Agent.Gen McAfee-GW-Edition = Artemis!3A2D23A6539C TrendMicro = TROJ_GEN.R3BC2AH Kaspersky = Trojan.Win32.Pirminay.buw Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.c McAfee = Artemis!3A2D23A6539C F-Secure = Trojan-Dropper:W32/Meredrop.AL VIPRE = Trojan.Win32.Generic!BT AVG = SHeur3.AFOY Norman = W32/Troj_Generic.AAQEQ Sophos = Mal/Ponmocup-A GData = Trojan.Generic.5211923 Symantec = Trojan.Gen TheHacker = Trojan/Dropper.gen BitDefender = Trojan.Generic.5211923 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:02 13:59:34-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 278528 Initialized Data Size : 16384 Uninitialized Data Size : 299008 Entry Point : 0x8d730 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-06-27 06:15:51
VirusShare info last updated 2012-07-26 15:42:22

	MD5	8bed7a38e7ead646157a2028c7631834
	SHA1	a1d9a442d59b5dc44e016be0d56505a54eb6022f
	SHA256	f23b73e0c3be3ac0c3ea6f71b5a5c53bc6c274ee6da2c4d55830b784bc25b219
SSDeep	3072:KDE1wUPG3dU9X2S7qPf3+4xOdmPrLhiUL7Zo2lkNO99vfLMVvj+svZABOWcntZi8:XPidkX2lhvTNPOW5fLEvj+s+BDcnR
Size	159744 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Vundo Panda = Suspicious file nProtect = Trojan/W32.Monder.159744.B K7AntiVirus = Trojan VBA32 = AdWare.SuperJuan.heur TrendMicro-HouseCall = TROJ_GEN.R4FCCA5 Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Vundo.Gen SUPERAntiSpyware = Trojan.Agent/Gen-Vundo McAfee-GW-Edition = Vundo!mq DrWeb = Trojan.Virtumod.10300 TrendMicro = TROJ_GEN.R4FCCA5 Kaspersky = Trojan.Win32.Genome.aeeme Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Vundo TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Generic.iuwy McAfee = Vundo!mq F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic25.BFEG Norman = W32/Vundo.WAM Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = Trojan.Vundo!gen9 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.laq BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LAQ
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:20 15:09:33-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 102400 Initialized Data Size : 90112 Uninitialized Data Size : 0 Entry Point : 0x19814 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Program Compatibility Assistant File Version : 6.0.6000.16386 (vista_rtm.061101-2205) Internal Name : Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : Product Name : Microsoft® Windows® Operating System Product Version : 6.0.6000.16386
VirusTotal Report submitted 2012-06-27 06:20:32
VirusShare info last updated 2012-07-26 15:42:30

	MD5	6b0e2982d164e5ea7784519fa85aa83c
	SHA1	86fc7301ff3521c3010790ca06f84e681384d1f6
	SHA256	f2bfa97e67447d367069b2039831a36c2fbff1b4d36688c9c9fef07ae8c4f476
SSDeep	3072:XqK3NocSti4o4JEGzFOz9jl2MqqDLy/7:99ehJEH9PqqDLu
Size	106496 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-HH [Cryp] Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Vundo Panda = Trj/CI.A Rising = Trojan.Win32.Generic.128A163E nProtect = Trojan/W32.Genome.106496.O K7AntiVirus = Trojan VirusBuster = Trojan.Kryptik!fuh1WEq+pVc TrendMicro-HouseCall = TROJ_GEN.R4FC2IL Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Genome.uxpd McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.Click1.63759 TrendMicro = TROJ_GEN.R4FC2IL Kaspersky = Trojan.Win32.Genome.uxpd Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Generic.imqp McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.BIGV Norman = W32/Suspicious_Gen2.RVZSD Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.13 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.qgj BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.QGJ
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2007:02:27 09:16:06-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 69632 Initialized Data Size : 77824 Uninitialized Data Size : 0 Entry Point : 0xd122 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6001.18000 Product Version Number : 6.0.6001.18000 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Akpnpwrcr Pexeeulhuca File Description : LSM interfaces proxy Dll File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840) Internal Name : lsmproxy Legal Copyright : © Tastipylf Ipxebkcrbut. All rights reserved. Original Filename : lsmproxy.dll Product Name : Rrgtnesae® Tymuurc® Qmgdoyonk Qtzlas Product Version : 6.0.6001.18000
VirusTotal Report submitted 2012-06-27 06:32:25
VirusShare info last updated 2012-07-26 15:42:47

	MD5	90f0404a6c5da0236173741bb936e579
	SHA1	f366000fab7ba77f63808d45513361bdecc8c8a8
	SHA256	06dd61cb94d8c19a78568cd952908b400693aacae711b593fb83cba0dd8b7b94
SSDeep	6144:gtY2nszPX5/ktKB82mR8R/gxC8VPjogqJRTlyWmCQc:gc/5xBFJj8BogMlyxa
Size	236302 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	Avast = Win32:Pirminay-DT [Trj] Antiy-AVL = Trojan/Win32.Jorik Ikarus = Trojan.Win32.Jorik AhnLab-V3 = Trojan/Win32.Jorik Panda = Generic Trojan nProtect = Gen:Variant.Graftor.1488 K7AntiVirus = Trojan VBA32 = Trojan.Jorik.Pirminay.ana Emsisoft = Trojan.Win32.Jorik!IK Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[Cont] McAfee-GW-Edition = Heuristic.LooksLike.Win32.FakeXPA.B DrWeb = Trojan.Fakealert.25677 ByteHero = Trojan.Malware.Win32.xPack.l Kaspersky = Trojan.Win32.Jorik.Pirminay.avh Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Jorik_Pirminay.A!tr PCTools = Trojan.Gen Jiangmin = Trojan/Jorik.srx McAfee = Generic Malware.ms F-Secure = Gen:Variant.Graftor.1488 AVG = Dropper.Generic4.BKRT Norman = W32/Suspicious_Gen2.SCHWU Sophos = Mal/Generic-L GData = Gen:Variant.Graftor.1488 Symantec = Trojan.Gen.2 TheHacker = Trojan/Downloader.Agent.pxo BitDefender = Gen:Variant.Graftor.1488 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 28672 Initialized Data Size : 217088 Uninitialized Data Size : 0 Entry Point : 0x154b OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Sjvmpybqr Vcjvkkvgzsv File Description : Quarantine Server Management File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : QSvrMgmt.DLL Legal Copyright : © Ghckiyzrk Oyorkaasxzv. All rights reserved. Original Filename : QSvrMgmt.DLL Product Name : Umlcsoyqc® Odzhzzg® Ranjagawf Gopdjd Product Version : 6.1.7600.16385
VirusTotal Report submitted 2011-12-31 06:34:24
VirusShare info last updated 2012-07-26 15:43:08

	MD5	0d806939f3168a89f5a28e9e666f2216
	SHA1	f133434edfa632e305f97e72f2f7401302f30c4f
	SHA256	f7732cc9e167cffb60da6a311f64ef65abfe5bf65d6712a4548cb8da6105690b
SSDeep	3072:yAb8WyX8YOG3530XixzSjx/WaFtOodo6Akf:yu8WyX8YdGAzSjxvw6n
Size	104960 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Vundo AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/Genetic.gen Rising = Trojan.Win32.Generic.124C78D1 nProtect = Trojan/W32.Pirminay.104960 K7AntiVirus = Trojan VirusBuster = Trojan.Monder!F2Eqf5zx+Rg VBA32 = Trojan.Agent.fpet TrendMicro-HouseCall = TROJ_GEN.USHML14 Comodo = TrojWare.Win32.Kryptik.RVH Emsisoft = Trojan.Vundo!IK CAT-QuickHeal = Trojan.Monder.mogo SUPERAntiSpyware = Trojan.Agent/Gen-Vonder McAfee-GW-Edition = Vundo!mn DrWeb = Trojan.Siggen3.62938 Kaspersky = Trojan.Win32.Monder.mogo Microsoft = Trojan:Win32/Vundo Fortinet = W32/Monder.BMF!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Agent.emsx McAfee = Vundo!mn F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.BZ.gen!Eldorado AVG = Generic24.AJZV Norman = W32/Kryptik.AIF Sophos = Mal/Vundo-G GData = Gen:Variant.Vundo.13 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.BZ.gen!Eldorado TheHacker = Trojan/Kryptik.hny BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.HNY
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:11:02 12:10:18-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 58368 Initialized Data Size : 82944 Uninitialized Data Size : 0 Entry Point : 0xf1cd OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7000.0 Product Version Number : 6.1.7000.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Virtual WiFi Bus Driver File Version : 6.1.7000.0 (winmain_win7beta.081212-1400) Internal Name : VWiFiBus.sys Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : VWiFiBus.sys Product Name : Microsoft® Windows® Operating System Product Version : 6.1.7000.0
VirusTotal Report submitted 2012-06-27 08:54:15
VirusShare info last updated 2012-07-26 15:45:27

	MD5	e938c06aa713c01ad7666872d8f51061
	SHA1	f7e7f884424176c0c6caf6109eb86491e1d844a8
	SHA256	a05f12d79077cd46529449c6b65bc19509e7d00d8ff5bbfe76e382a142c73016
SSDeep	3072:jlQhE4tkZ/UO7o+7YWmAdsDkCXmtjc0I2bqvtNOmLRXqeoTHLeKPMVRPEEN6fE:jlU47YW0Cr+MmoNrkVRPEEI
Size	158720 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Suspicious file nProtect = Gen:Variant.Vundo.13 K7AntiVirus = Riskware VBA32 = AdWare.SuperJuan.heur TrendMicro-HouseCall = TROJ_GEN.R30C7J3 Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Vundo.av McAfee-GW-Edition = Artemis!E938C06AA713 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Jiangmin = Trojan/Monder.aclb McAfee = Artemis!E938C06AA713 F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.AZZW Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.13 Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2007:02:06 17:46:01-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 98304 Initialized Data Size : 102400 Uninitialized Data Size : 0 Entry Point : 0x156da OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7000.0 Product Version Number : 6.1.7000.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 12 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Microsoft Fax TIFF library File Version : 6.1.7000.0 (winmain_win7beta.081212-1400) Internal Name : FXSTIFF.DLL Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : FXSTIFF.DLL Product Name : Microsoft® Windows® Operating System Product Version : 6.1.7000.0
VirusTotal Report submitted 2011-10-04 04:44:40
VirusShare info last updated 2012-07-26 15:45:43

	MD5	639ac96998916fa421e8cf0d18083eca
	SHA1	f848e5f022f4ea6a7af313a3827dcc16f668c40c
	SHA256	7f2fc74ed9d5198f9191bb4f061a92c58344ecfc377a57d1fb68ce84abd854c4
SSDeep	3072:NQobl4N5n3UboPszz/Pw06lwKwSegBGGNmCdolUMmfgHPFsizMqqDLy/VTdJm:lKNpkbWz0/W06rMmfgH2TqqDLuN
Size	184320 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-HH [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Vundo Panda = Suspicious file Rising = Trojan.Win32.Generic.129D9166 K7AntiVirus = Riskware VirusBuster = Trojan.Vundo.Gen!Pac.49 eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R4FC2IH Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Artemis!639AC9699891 DrWeb = Trojan.Click1.54577 TrendMicro = TROJ_GEN.R4FC2IH Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.pmcm McAfee = Artemis!639AC9699891 F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.ACTC Norman = W32/Suspicious_Gen2.QTHQY Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.llt BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LLT
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2007:02:28 11:10:14-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 106496 Initialized Data Size : 118784 Uninitialized Data Size : 0 Entry Point : 0x162e2 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Disk Management DCOM Interface Stub File Version : 6.0.6000.16386 (vista_rtm.061101-2205) Internal Name : dmintf.dll Legal Copyright : Copyright© 1985-2002 Microsoft Corporation. All rights reserved. .Portions Copyright © 1997-2002 Veritas Software. All rights reserved. Original Filename : dmintf.dll Product Name : Microsoft® Windows® Operating System Product Version : 6.0.6000.16386
VirusTotal Report submitted 2012-04-10 01:59:22
VirusShare info last updated 2012-07-26 15:45:56

	MD5	109f91c4c32eaad4030a58a76c695ca5
	SHA1	f9701f0ace5d38989f07b8dbda7baf9fe8cdb57c
	SHA256	5668dcf6be87b079e7be206174a3f5d4a19adb59740c9765e11e9b9d2b566a0a
SSDeep	6144:xBMik32MEP/puciESGPat9l+qO0N/iDa57hB1LYgqGaTS5JIcrY+DXZ4Qu41Qgu7:xBMj32XhinlGOiMTLYz65yc8G461QgC
Size	426409 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Pirminay.edz Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Swisyn.426409 Panda = Generic Trojan nProtect = Trojan/W32.Agent.426409 VirusBuster = Trojan.Pirminay!LjCA9SF9lM4 VBA32 = Trojan.Pirminay.edz TrendMicro-HouseCall = TROJ_GEN.R3EC3CS Comodo = TrojWare.Win32.Trojan.Agent.Gen Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Pirminay.edz McAfee-GW-Edition = Generic.dx!zjw DrWeb = Trojan.Hosts.4462 TrendMicro = TROJ_GEN.R3EC3CS Kaspersky = Trojan.Win32.Pirminay.edz Microsoft = TrojanDownloader:Win32/Ponmocup.A PCTools = Trojan.ADH Jiangmin = Trojan/Pirminay.qw McAfee = Generic.dx!zjw F-Secure = Trojan.Generic.6179272 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Vundo-JU [Trj] eSafe = Win32.TRPirminay.Edz AVG = Generic21.BBAM Norman = W32/Obfuscated.L Sophos = Mal/Ponmocup-A Symantec = Trojan.ADH GData = Trojan.Generic.6179272 TheHacker = Trojan/Pirminay.egg BitDefender = Trojan.Generic.6179272 NOD32 = a variant of Win32/Injector.FXK
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:06:29 05:40:37-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 57344 Initialized Data Size : 671744 Uninitialized Data Size : 0 Entry Point : 0xa66f OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 3.0.0.0 Product Version Number : 3.0.0.0 File Flags Mask : 0x003f File Flags : Private build File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : Arabic Character Set : Unicode Company Name : Lexmark International Inc. File Description : معالج طباعة Lexmark PS&SD In-Box File Version : 3.0.0.0 Internal Name : lmprtprc.dll Legal Copyright : Copyright © 1996-2004 Legal Trademarks : Lexmark® is a registered trademark of Lexmark International Inc. Original Filename : lmprtprc.dll Product Name : Lexmark Print Processor Product Version : 3.0
VirusTotal Report submitted 2011-07-12 07:27:25
VirusShare info last updated 2012-07-26 15:46:42

	MD5	aa84640076526e7a776b402b2f896131
	SHA1	fa3073645f0ff806e31b9fd1d5d63a8f6e84e0bb
	SHA256	009cde1eeda234dba19bbc5afb2b2aa19c7628e2d252659bbc4c5d93b2d74475
SSDeep	3072:p7g4nbiAe2rUnvjfThh3FArie0/0NkFf5ldMqqDLy/JR+9:pJupvz3Fw0skFfKqqDLum
Size	137216 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-HF [Cryp] Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Genome Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware VirusBuster = Trojan.Genome!IxTeZaXnVsM eTrust-Vet = Win32/Monder.A!generic TrendMicro-HouseCall = TROJ_GEN.R4FC2IE Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Genome.wcry SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[RE] McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.Click2.286 TrendMicro = TROJ_GEN.R4FC2IE Kaspersky = Trojan.Win32.Genome.wcry Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.iptc McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.4 VIPRE = Virtumonde F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.AUN Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.llt BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LLT
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:05 17:20:27-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 73728 Initialized Data Size : 114688 Uninitialized Data Size : 0 Entry Point : 0xe2ca OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.2180 Product Version Number : 5.1.2600.2180 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 6 Language Code : English (U.S.) Character Set : Unicode Company Name : Keixqbqdc Bwvleejxlrx File Description : IPv6 Tfwssbn Firewall Driver File Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Internal Name : ip6fw.sys Legal Copyright : © Capanacsh Bngdmkceeph. All rights reserved. Original Filename : ip6fw.sys Product Name : Kdgurrwrx® Bddpqkb® Xxzlbjwzi System Product Version : 5.1.2600.2180
VirusTotal Report submitted 2011-12-01 18:21:55
VirusShare info last updated 2012-07-25 00:34:42

	MD5	2a6ed7dc5a59c901c7e5398f4ea7ee5a
	SHA1	fb66f458e87629fcf38759c6dbb43850071940a2
	SHA256	e21c70fea10c2a9d75496df1d2130bedb548f31d6ff15cdc834d41275eb7d674
SSDeep	6144:cqXcMZjfw9Ed6ydeSWST8MqP/IaDK9je:pXcMZjNkydl3bqP/IaDb
Size	278528 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = ADWARE/Adware.Gen Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Jorik Ikarus = Trojan.Win32.Jorik AhnLab-V3 = Trojan/Win32.FakeAV Panda = Generic Trojan nProtect = Gen:Variant.Downloader.10 K7AntiVirus = Riskware VirusBuster = Trojan.Injector!91aRSm8Tw04 VBA32 = Trojan.Jorik.Pirminay.be Emsisoft = Trojan.Win32.Jorik!IK Comodo = UnclassifiedMalware SUPERAntiSpyware = Adware.Vundo/Variant-MSFake McAfee-GW-Edition = Heuristic.LooksLike.Win32.Suspicious.C DrWeb = Trojan.DownLoader4.17985 ByteHero = Trojan.Win32.Heur.Gen Kaspersky = Trojan.Win32.Jorik.Pirminay.nc Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Jorik.K!tr Jiangmin = Trojan/Generic.hxys McAfee = Artemis!2A6ED7DC5A59 F-Secure = Trojan.Generic.6573909 VIPRE = Trojan.Win32.Generic!BT AVG = SHeur3.CKGC Norman = W32/Obfuscated.L Sophos = Troj/Virtum-Gen GData = Trojan.Generic.6573909 Symantec = WS.Reputation.1 BitDefender = Trojan.Generic.6573909 NOD32 = a variant of Win32/Injector.HZU
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 253952 Initialized Data Size : 28672 Uninitialized Data Size : 40960 Entry Point : 0x489e0 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 0.3.1281.0 Product Version Number : 6.0.5479.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 12 Language Code : Arabic Character Set : Unicode Company Name : Microsoft Corporation File Description : برنامج تشغيل الطابعة Oksidm9 File Version : 6.0.5479.0 (vbl_wcp_d2_drivers.060616-1619) Internal Name : Oksidm9.dll Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : Oksidm9.dll Product Name : Microsoft® Windows® Operating System Product Version : 6.0.5479.0
VirusTotal Report submitted 2011-12-18 23:58:10
VirusShare info last updated 2012-07-26 15:48:10

	MD5	6554c0e8a2f86b1f9f518f71be1941d6
	SHA1	fb795ffd259a7a90eb3b177b9e2f8b1db294f6a3
	SHA256	438cd4c47682cff5fffc50700815468526bed34a42b36174f6b85b1e22bf326b
SSDeep	12288:sytEgixBQWuMEe6UU2olfqnuRJ1tkiAYG:qgixBQWuMEe6UU2olf+uRRkiAYG
Size	443392 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.ZPACK.Gen2 Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Gen Panda = Trj/CI.A Rising = Trojan.Win32.Generic.129CA074 nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_GEN.R01C7JG Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Vundo!mp DrWeb = Trojan.Siggen2.59654 TrendMicro = TROJ_GEN.R01C7JG Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Diple.dvf McAfee = Vundo!mp F-Secure = Gen:Variant.Vundo.4 VIPRE = Virtumonde eSafe = Win32.Trojan F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.BKBN Norman = W32/Suspicious_Gen2.RKMXK Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.npr BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.NPR
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:08:13 02:41:30-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 307200 Initialized Data Size : 192512 Uninitialized Data Size : 0 Entry Point : 0x4747e OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.0.2147.1 Product Version Number : 5.0.2147.1 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Lokxygtzk Jfdqwxhazcj File Description : Sort Utility File Version : 5.00.2147.1 Internal Name : Sort Legal Copyright : Copyright (C) Qxebiucic Corp. 1981-1999 Original Filename : Sort.EXE Product Name : Xhghanzsp(R) Bqogiph (R) 2000 Wugmjwbkt System Product Version : 5.00.2147.1
VirusTotal Report submitted 2011-10-21 02:41:01
VirusShare info last updated 2012-07-26 15:48:12

	MD5	344ab74970697a7d14b1bce40714f83c
	SHA1	fdf0ece6d91b8aa3447e37a651a941eee5462e25
	SHA256	c43afbb773b046f8cec0ca2d0af87c490e136dd5292f3105e2333eca440f2605
SSDeep	768:MaglXKcgsv2mvTB5dxykOj3Z+2KqWuMvgMamDTFOPiVe4Ojuxc2apUGr+:MagocXRl1bOjJ+db4MN7e4ha7r+
Size	52736 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/Win32.Monder.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Suspicious file nProtect = Gen:Variant.Renos.61 K7AntiVirus = Trojan VBA32 = AdWare.SuperJuan.abxh TrendMicro-HouseCall = TROJ_GEN.R30C7J5 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Vundo!mm DrWeb = Trojan.Juan.587 TrendMicro = TROJ_GEN.R30C7J5 Kaspersky = Trojan.Win32.Monder.muvx Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Monder.acsu McAfee = Vundo!mm F-Secure = Gen:Variant.Renos.61 VIPRE = Trojan.Win32.Kryptik.laq (v) AVG = Cryptic.BPO Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen Symantec = Trojan.Gen GData = Gen:Variant.Renos.61 TheHacker = Trojan/Kryptik.jhe BitDefender = Gen:Variant.Renos.61 NOD32 = a variant of Win32/Kryptik.JHE
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:25 08:09:15-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 8192 Initialized Data Size : 80384 Uninitialized Data Size : 0 Entry Point : 0x2c54 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.3959 Product Version Number : 5.2.3790.3959 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Microsoft Server Appliance Services File Version : 5.2.3790.3959 (srv03_sp2_rtm.070216-1710) Internal Name : APPSRVCS.DLL Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : APPSRVCS.DLL Product Name : Microsoft® Windows® Operating System Product Version : 5.2.3790.3959
VirusTotal Report submitted 2011-11-13 07:48:24
VirusShare info last updated 2012-07-26 15:49:36

	MD5	689659ebdeaae4279b8c70f5c715adba
	SHA1	fed4c09c1737f993042c1186d50af1074a49823f
	SHA256	a64b9950dc76b2a3e13f0c2687f85e58478824b9cf8929899d40dcc45bb24f35
SSDeep	1536:sgw2jbj52QdQgWvOGtyHpw8aU6M+EGzG+BhHk4StYMtd4K+pmEs6ImG:sJ2jblfdVH68aU6M+EreHk47PaEXG
Size	83968 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Menti Panda = Suspicious file nProtect = Trojan/W32.Vundo.83968.BX K7AntiVirus = Riskware VBA32 = AdWare.SuperJuan.heur TrendMicro-HouseCall = TROJ_GEN.R30C7J3 Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Vundo.Gen McAfee-GW-Edition = Artemis!689659EBDEAA DrWeb = Trojan.Siggen2.56183 TrendMicro = TROJ_GEN.R30C7J3 Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Menti.fam!tr Jiangmin = Trojan/Menti.bea McAfee = Vundo!mi F-Secure = Gen:Variant.Vundo.6 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Cryptic.BTF Norman = W32/Kryptik.AIF GData = Gen:Variant.Vundo.6 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.izc BitDefender = Gen:Variant.Vundo.6 NOD32 = a variant of Win32/Kryptik.IZC
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:05:11 05:10:22-04:00 PE Type : PE32 Linker Version : 5.0 Code Size : 33280 Initialized Data Size : 85504 Uninitialized Data Size : 0 Entry Point : 0x8eca OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.0.2920.0 Product Version Number : 5.0.2920.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Internet Connection Wizard Trial Reminder Helper File Version : 5.00.2920.0000 Internal Name : trialoc Legal Copyright : Copyright (C) Microsoft Corp. 1991-1999 Original Filename : trialoc.dll Product Name : Microsoft(R) Windows (R) 2000 Operating System Product Version : 5.00.2920.0000 Ole Self Register :
VirusTotal Report submitted 2011-10-04 04:31:45
VirusShare info last updated 2012-07-26 15:50:13

	MD5	52cc5b0f49326c7459ab0d313fd7c3fa
	SHA1	ff663d644fa2847911d6c093bb28d491f36b3b10
	SHA256	69911dc2add14d2e0a1c05d91307713d93014581285410e030a3214e02f49f12
SSDeep	1536:oXhhHgc3muD8Za82Cy05OVgJWmaOalO76J2sc4XCNSl0s+JgRBOpvFqW4YoSglBT:oXXcj2Cy0ibvJ2cCEaXU0sWeS+jr/
Size	104448 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Suspicious file nProtect = Trojan/W32.Agent.104448.KE K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_GEN.R21C7K8 Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Win32.Trojan.Monder.cj.6 McAfee-GW-Edition = Artemis!52CC5B0F4932 DrWeb = Trojan.Virtumod.10154 TrendMicro = TROJ_GEN.R21C7K8 Kaspersky = Trojan.Win32.Monder.myie Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Monder.abop McAfee = Artemis!52CC5B0F4932 F-Secure = Gen:Variant.Vundo.6 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Cryptic.BTF Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.6 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Gen:Variant.Vundo.6 NOD32 = probably a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:11:05 18:00:14-05:00 PE Type : PE32 Linker Version : 5.12 Code Size : 55808 Initialized Data Size : 83968 Uninitialized Data Size : 0 Entry Point : 0xe79e OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Web Service Security Package File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : TSpkg.dll Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : TSpkg.dll Product Name : Microsoft® Windows® Operating System Product Version : 6.1.7600.16385
VirusTotal Report submitted 2011-12-01 18:22:38
VirusShare info last updated 2012-07-26 15:50:36

	MD5	40112c6e045be5dd32f9d1fcf1279b5d
	SHA1	ff9fc6c4d03d150468c7674cef797e1d4198e2b0
	SHA256	e36e87e874110f882bb2ef93170ed822b3ae84dc508f5d01ade1d757c41907db
SSDeep	1536:eoiQt0BpecUOwwClMY1C75vaU2aN2en4kJHrXeEaMRfJa1Q+vpVCqX+hi:ebzecUOxC2Y1C7Zzfn4cHSETRffApyh
Size	108032 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/Win32.Menti.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Menti Panda = Trj/Genetic.gen nProtect = Gen:Variant.Renos.61 K7AntiVirus = Riskware VBA32 = AdWare.SuperJuan.heur TrendMicro-HouseCall = TROJ_VUNDO.SMUB Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Vundo!na DrWeb = Trojan.Siggen2.29520 TrendMicro = TROJ_VUNDO.SMUB Kaspersky = Trojan.Win32.Menti.iwmk Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.cttb McAfee = Vundo!na F-Secure = Gen:Variant.Renos.61 VIPRE = Virtumonde F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Cryptic.BTF Norman = W32/Kryptik.AIF Sophos = Mal/EncPk-XI GData = Gen:Variant.Renos.61 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.jhe BitDefender = Gen:Variant.Renos.61 NOD32 = a variant of Win32/Kryptik.JHE
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:08:12 22:23:24-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 61440 Initialized Data Size : 81408 Uninitialized Data Size : 0 Entry Point : 0xfd34 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.0 Product Version Number : 5.2.3790.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : ACPI Embedded Controller Driver File Version : 5.2.3790.0 (srv03_rtm.030324-2048) Internal Name : acpiec.sys Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : acpiec.sys Product Name : Microsoft® Windows® Operating System Product Version : 5.2.3790.0
VirusTotal Report submitted 2012-01-03 18:22:17
VirusShare info last updated 2012-07-26 15:50:47

	MD5	332f2fb5852041e9e9df3b3f1f37bd75
	SHA1	0676a3235280cb3b6f9fe2485ce3b1899844ea15
	SHA256	b78b7530bf3d109e8cb4ac24adb7b5a6ee06d2cd599fed75052846ab312bba77
SSDeep	1536:W2f3pg/Kb0yRzaGusljYqWlu+bGtDGZ5oSTlBDGIglhy05WVM/8+NZc0m:XfRbtfuQ1W6DWoSTqIg3KM/JNZc0
Size	122880 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-GD [Cryp] Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Genome Panda = Generic Trojan K7AntiVirus = Trojan VirusBuster = Trojan.Genome!Loivb7yORaE TrendMicro-HouseCall = TROJ_GEN.R4FCRG4 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Genome.smtt McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.Click1.63023 TrendMicro = TROJ_GEN.R4FCRG4 Kaspersky = Trojan.Win32.Genome.smtt Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Genome.ahcz McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.ZJX Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.13 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Genome.twso BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.NDS
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:08:29 01:32:30-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 57344 Initialized Data Size : 98304 Uninitialized Data Size : 0 Entry Point : 0xb70a OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Kcssvwbkk Mpoiygxoupe File Description : Llrxajq Write File Version : 5.1.2600.0 (uxozrtxg.010817-1148) Internal Name : write Legal Copyright : © Lerxelvhk Xwronziumui. All rights reserved. Original Filename : write Product Name : Uprgknoah® Ngtbofq® Mucsciuya Reywjr Product Version : 5.1.2600.0
VirusTotal Report submitted 2012-06-29 04:10:28
VirusShare info last updated 2012-07-26 16:03:30

	MD5	4a49fb4579bc8729013b5bc1d494a7b4
	SHA1	0ba6dba7a832a43684c8d13ec98d962700a19f8d
	SHA256	c1ff17ab604d75906bf47f666632f273978a67d1f25991aecad67ae839471d6c
SSDeep	3072:CDEnwHGudU9X2S7qb3/rOdviLhuUL74o2lkNl99vdk//vj+sOABOWcntZipr5TUx:PSTdkX2BHNTNv5dknvj+sZBDcnR
Size	159744 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Vundo Panda = Suspicious file nProtect = Trojan/W32.Monder.159744.B K7AntiVirus = Trojan VBA32 = AdWare.SuperJuan.heur TrendMicro-HouseCall = TROJ_GEN.R72C2CT Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Vundo.Gen SUPERAntiSpyware = Trojan.Agent/Gen-Vundo McAfee-GW-Edition = Artemis!4A49FB4579BC DrWeb = Trojan.Virtumod.10300 TrendMicro = TROJ_GEN.R72C2CT Kaspersky = Trojan.Win32.Monder.nbkv Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Generic.iuwy McAfee = Artemis!4A49FB4579BC F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic21.AWDZ Norman = W32/Suspicious_Gen2.LBAJJ Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen.2 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.laq BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LAQ
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:20 15:09:33-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 102400 Initialized Data Size : 90112 Uninitialized Data Size : 0 Entry Point : 0x19814 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Program Compatibility Assistant File Version : 6.0.6000.16386 (vista_rtm.061101-2205) Internal Name : Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : Product Name : Microsoft® Windows® Operating System Product Version : 6.0.6000.16386
VirusTotal Report submitted 2012-06-29 06:57:21
VirusShare info last updated 2012-07-26 16:04:27

	MD5	b7c98568e4f480bb940f00977655e40e
	SHA1	10b4571509713c984fffb4161ee6e79f2ad0172d
	SHA256	7ffa00e793ed996f981e66f727150b5762d97ee3102d31f98a75f70e5762298f
SSDeep	6144:N/lYbbxZc2ArOLbddIo0mwRTvDZ9CFyfgdEOxC8ddT316HnZgo:mVRf2NvDvCqgfCYdTlMr
Size	274432 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.XPACK.Gen Avast = Win32:Pirminay-H [Trj] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/CI.A nProtect = Trojan.Generic.5590021 K7AntiVirus = Trojan VirusBuster = Trojan.Kryptik!GTlX8tefmJY TrendMicro-HouseCall = TROJ_GEN.R3BC1CN Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Jorik.Pirminay.atv McAfee-GW-Edition = Downloader-CEW.ag DrWeb = Trojan.Hosts.3682 TrendMicro = TROJ_GEN.R3BC1CN Kaspersky = Trojan.Win32.Jorik.Pirminay.atv Microsoft = TrojanDownloader:Win32/Renos.KC Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen McAfee = Downloader-CEW.ag F-Secure = Trojan.Generic.5590021 VIPRE = Trojan.Win32.Generic!BT AVG = Generic21.MUS Norman = W32/Kryptik.AIF Sophos = Mal/Ponmocup-A GData = Trojan.Generic.5590021 Symantec = Trojan.Gen TheHacker = Trojan/Kryptik.jvo BitDefender = Trojan.Generic.5590021 NOD32 = a variant of Win32/Kryptik.JVO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:05 17:40:34-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 36864 Initialized Data Size : 479232 Uninitialized Data Size : 0 Entry Point : 0x8f12 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 7.0.0.0 Product Version Number : 5.2.3790.1230 File Flags Mask : 0x003f File Flags : Private build File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Unicode Company Name : Adaptec, Inc. File Description : Adaptec Windows Ultra320 Driver File Version : 7.0.000.000 (NT.040809-2325) Internal Name : PH 3.0 MS_V98 V564 bw01 - RTC03 Legal Copyright : Copyright © 2003 Adaptec, Inc. All rights reserved. Original Filename : adpu320.sys Product Name : Adaptec Windows Ultra320 Family Driver Product Version : 5.2.3790.1230
VirusTotal Report submitted 2012-06-29 09:03:39
VirusShare info last updated 2012-07-26 16:05:21

	MD5	da4727bafe0e76773447d685c34b0d64
	SHA1	131ddb91a67a1b25a716aeb78c6e38505b2a0c26
	SHA256	c067833c2346d2036c87e83ce92c564b4146c12069b1c1a9d8e8ccdaa36829c3
SSDeep	3072:+2nw3C9d2HIUdWjdR75QKWUDO8st7p0po2:pwy9w/dWjTlXjDHsP
Size	103424 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-HH [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Genome Panda = Trj/Genetic.gen Rising = Trojan.Win32.Generic.12535B02 nProtect = Joke/W32.Renos.103424.C K7AntiVirus = Trojan VirusBuster = Trojan.Renos!i2lXKEJ2Bt4 VBA32 = Trojan.Genome.qzfj TrendMicro-HouseCall = TROJ_GEN.R4FC1FK Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Win32.Vundo.gen5.AD SUPERAntiSpyware = Trojan.Agent/Gen-Redirect McAfee-GW-Edition = Artemis!DA4727BAFE0E DrWeb = Trojan.Click1.32891 TrendMicro = TROJ_GEN.R4FC1FK Kaspersky = Trojan.Win32.Agent.pjqe Microsoft = Trojan:Win32/Vundo Fortinet = W32/Kryptik.ANL!tr PCTools = RogueAntiSpyware.SpywareStrike!rem TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Genome.ihm McAfee = Artemis!DA4727BAFE0E F-Secure = Trojan.Renos.PJY VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.BZ.gen!Eldorado AVG = Crypt_c.CEV Norman = W32/Suspicious_Gen2.LNBJF Sophos = Mal/Agent-PG GData = Trojan.Renos.PJY Symantec = SpywareStrike Commtouch = W32/Virtumonde.BZ.gen!Eldorado TheHacker = Trojan/Kryptik.hhf BitDefender = Trojan.Renos.PJY NOD32 = a variant of Win32/Kryptik.HHF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:17 15:51:36-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 92160 Initialized Data Size : 48640 Uninitialized Data Size : 0 Entry Point : 0x17649 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : Neutral Character Set : Unicode Company Name : Microsoft Corporation File Description : KO Hangeul Keyboard Layout for 101 (Type A) File Version : 6.0.6000.16386 (vista_rtm.061101-2205) Internal Name : kbd101a Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : kbd101a.dll Product Name : Microsoft® Windows® Operating System Product Version : 6.0.6000.16386
VirusTotal Report submitted 2012-06-29 10:36:37
VirusShare info last updated 2012-07-26 16:05:47

	MD5	617d2a531fc0c17477b7991e0612f3ff
	SHA1	13bbca3b2b356992e2fb64d4bffef6051c12d418
	SHA256	99058f95fe761851ea35816e638a7b481a759c92506a3b375a24b66bc713b041
SSDeep	6144:qlTRPmXn7bVYJtBRw5UsBoy8kpdYPNkx8FdU85H0K:j7b6tBABojKybUg
Size	298496 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Renos.29849661 Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Suspicious file K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_RENOS.BMC Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Generic.dx!zjx TrendMicro = TROJ_RENOS.BMC Kaspersky = Trojan.Win32.Pirminay.cpc Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Kryptik.ANL!tr PCTools = HeurEngine.MaliciousPacker Jiangmin = Trojan/Pirminay.aoi McAfee = Generic.dx!zjx F-Secure = Gen:Variant.Vundo.6 VIPRE = Trojan.Win32.Generic!BT F-Prot = W32/FakeAlert.LP.gen!Eldorado AVG = Generic20.CABB Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.6 Symantec = Packed.Generic.305 Commtouch = W32/FakeAlert.LP.gen!Eldorado BitDefender = Gen:Variant.Vundo.6 NOD32 = a variant of Win32/Kryptik.JIW
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:08:07 02:38:05-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 20480 Initialized Data Size : 548864 Uninitialized Data Size : 0 Entry Point : 0x5cc6 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Windows Network Service Performance Objects DLL File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : PERFNET.DLL Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : PERFNET.DLL Product Name : Microsoft® Windows® Operating System Product Version : 6.1.7600.16385
VirusTotal Report submitted 2012-06-29 10:59:06
VirusShare info last updated 2012-07-26 16:05:55

	MD5	bde4b44edc5a1cab95ea890169bb207c
	SHA1	146f645c60fff5cd1eb35e0399baf009d955ae15
	SHA256	5de9c100453a3f684ec4909ffcc19b124ba76fc38dc08e3c05c968a7983dbbb5
SSDeep	1536:Fdmc6ge8S0/gpbue8UaYx6dmj8oGcW8LpWAeVgUB534B/I0maEWgII+m:Fcc6yLe8F06YIQW6pWbeUB5oB/I0iWgf
Size	82432 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:MalOb-HH [Cryp] Ikarus = Trojan.ATRAPS AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/Genetic.gen nProtect = Trojan/W32.Pirminay.82432 K7AntiVirus = Trojan VirusBuster = Trojan.Pirminay!8QB8O/0NljQ VBA32 = Trojan.Pirminay.aqi TrendMicro-HouseCall = TROJ_GEN.R72C3D6 Comodo = UnclassifiedMalware Emsisoft = Trojan.ATRAPS!IK CAT-QuickHeal = Trojan.Vundo.Gen SUPERAntiSpyware = Trojan.Agent/Gen-Vundo McAfee-GW-Edition = Artemis!BDE4B44EDC5A DrWeb = Trojan.Siggen2.13811 TrendMicro = TROJ_GEN.R72C3D6 Kaspersky = Trojan.Win32.Monder.drjy Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Monder.BMF!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.HQJ Jiangmin = Trojan/Pirminay.eh McAfee = Artemis!BDE4B44EDC5A F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.BZ.gen!Eldorado AVG = Generic21.ASQS Norman = W32/Kryptik.AIF GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.BZ.gen!Eldorado TheHacker = Trojan/Pirminay.axd BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.ITN
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2002:08:09 13:59:32-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 72192 Initialized Data Size : 46592 Uninitialized Data Size : 0 Entry Point : 0x12787 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.1106 Product Version Number : 5.1.2600.1106 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : DLL Interface to TermDD Device Driver File Version : 5.1.2600.1106 (xpsp1.020828-1920) Internal Name : icaapi.dll Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : icaapi.dll Product Name : Microsoft® Windows® Operating System Product Version : 5.1.2600.1106
VirusTotal Report submitted 2012-06-29 11:28:02
VirusShare info last updated 2012-07-26 16:06:02

	MD5	91ae0fde086a5e9bbb3546359f76a0c8
	SHA1	17d6d99b82f6b3b547c0cb3da86989c1f2b99f60
	SHA256	78a0187d4db6f3c5e94f839dc08a8565b097e749a2e7f815bea9f073a4db2640
SSDeep	1536:E9WNMseLk3FsC7FoLezHAcDzS//oQp3iJFm:EAZ2ejAcCrwFm
Size	77824 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.4.100 Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Suspicious file nProtect = Trojan/W32.Agent.77824.ANL K7AntiVirus = Trojan VBA32 = AdWare.SuperJuan.heur TrendMicro-HouseCall = TROJ_GEN.R72C3EE Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Vundo.Gen McAfee-GW-Edition = Artemis!91AE0FDE086A DrWeb = Trojan.Virtumod.9924 TrendMicro = TROJ_GEN.R72C3EE Kaspersky = Trojan.Win32.Monder.nbla Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Menti.fam!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Monder.gzi McAfee = Artemis!91AE0FDE086A F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic21.AVVT Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen.2 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.kfj BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.KFJ
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:11:23 22:11:14-05:00 PE Type : PE32 Linker Version : 5.12 Code Size : 57344 Initialized Data Size : 49152 Uninitialized Data Size : 0 Entry Point : 0xe464 OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.0.2159.1 Product Version Number : 5.0.2159.1 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Metering Controls File Version : 5.00.2159.1 Internal Name : AVMETER Legal Copyright : ©1998 Active Voice Corporation. All rights reserved. Original Filename : AVMETER Product Name : Microsoft(R) Windows (R) 2000 Operating System Product Version : 5.00.2159.1
VirusTotal Report submitted 2012-06-29 12:58:14
VirusShare info last updated 2012-07-26 16:06:38

	MD5	3f4e084a9b2d7d4234519dd839ee802c
	SHA1	1fa950f4dac9fbf0b608c7e5a2aff150651ba0e9
	SHA256	30cbb4e844ff5cea3c1202efa1d58e39c470b2ac3af17b0be5bfc173e007782e
SSDeep	3072:Uy48F3EEhJ/5MJp2Mpynxwx125eA6K+9EPRfRemqyTBgJoSMqqDLy/FS06qz4m:Uy48F3E+wJp2Mp2w/2jPRfImBFDqqDLl
Size	152576 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.AV.798 Avast = Win32:MalOb-HF [Cryp] Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.HDC Panda = Generic Trojan nProtect = Trojan/W32.Vundo.152576 K7AntiVirus = Trojan VirusBuster = Trojan.Kryptik!R/AF3Qkx7XM TrendMicro-HouseCall = TROJ_GEN.R4FC1K4 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.Smardec.75 TrendMicro = TROJ_GEN.R4FC1K4 Kaspersky = Trojan.Win32.Genome.zdaj Microsoft = Trojan:Win32/Vundo.gen!AV ViRobot = Trojan.Win32.A.Monder.152576 Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Generic.gotg McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.HYA Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen.2 Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Gen:Variant.Vundo.4 NOD32 = Win32/Adware.Virtumonde.NHD
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2005:03:13 16:11:35-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 118784 Initialized Data Size : 86016 Uninitialized Data Size : 0 Entry Point : 0x1975e OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Lywnftwdo Rrcxmilpplk File Description : WS Discovery Service File Version : 6.0.6000.16386 (lydkb_rtm.061101-2205) Internal Name : fdPHost.dll Legal Copyright : © Uxnnegsah Wpkqhppamhl. All rights reserved. Original Filename : fdPHost.dll Product Name : Pcdckoeuq® Tmhsubi® Operating Cfxyit Product Version : 6.0.6000.16386
VirusTotal Report submitted 2012-06-29 15:16:57
VirusShare info last updated 2012-07-26 16:08:03

	MD5	2898567085cd16129511b2b07b080c06
	SHA1	3615e14b9882d64721b1939490e3e030de8addee
	SHA256	3b52556fc2155c9efa96cad4b0ea6ff64f01c57e9e405cc40608ffc55ab1efe7
SSDeep	3072:Oh4an/Wtj1slkHI/PL9kCY2FZMKN0o9W52SHfx8:PanGakcPL9kCrPusw2ex
Size	105984 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:MalOb-FA [Cryp] Antiy-AVL = Trojan/Win32.Agent.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Vundo Panda = Trj/Vundo.I nProtect = Trojan/W32.Vundo.105984.B K7AntiVirus = Trojan VirusBuster = Trojan.Agent!a9h7NQzeNUI VBA32 = Trojan.Agent.hodh TrendMicro-HouseCall = TROJ_VUNDO.SMIA Emsisoft = Trojan.Win32.Pirminay!IK Comodo = TrojWare.Win32.Agent.hodh CAT-QuickHeal = Win32.Trojan.Vundo.5 SUPERAntiSpyware = Trojan.Agent/Gen-Vonder McAfee-GW-Edition = Vundo.gen.fn DrWeb = Trojan.Siggen2.26773 TrendMicro = TROJ_VUNDO.SMIA Kaspersky = Trojan.Win32.Agent.hodh Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.HTF!genus Jiangmin = Trojan/Genome.ihm McAfee = Vundo.gen.fn F-Secure = Gen:Variant.Vundo.4 F-Prot = W32/Virtumonde.BZ.gen!Eldorado AVG = Injector.AAJ Norman = W32/Kryptik.AIF Sophos = Troj/Agent-PKR Symantec = Trojan.Gen GData = Gen:Variant.Vundo.4 Commtouch = W32/Virtumonde.BZ.gen!Eldorado TheHacker = Trojan/Injector.dse BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Injector.DSE
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:02:02 03:17:08-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 57856 Initialized Data Size : 83968 Uninitialized Data Size : 0 Entry Point : 0xf06d OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1.1.4322.573 Product Version Number : 1.1.4322.573 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : netfxperf.lib File Version : 1.1.4322.573 Internal Name : netfxperf.lib Legal Copyright : Copyright (C) Microsoft Corporation 1998-2002. All rights reserved. Legal Trademarks : Microsoft and Windows are either registered trademarks or trademarks of Microsoft Corporation in the U.S. and/or other countries. Original Filename : netfxperf.lib Product Name : Microsoft (R) .NET Framework Product Version : 1.1.4322.573 Comments : Microsoft .NET Framework build environement is Retail. SafeSync counter=0
VirusTotal Report submitted 2012-06-30 00:10:31
VirusShare info last updated 2012-07-26 16:12:12

	MD5	f2c7338447daabb707bb583a7237ac60
	SHA1	38a084c7c404b96e5f80e4813de381116993a72c
	SHA256	5f76be210833477b818cb1147794e3f33dd09fdc6323b5df9730879c9ad0f6cc
SSDeep	1536:w1dHYMLihm7tWUZYUy9eR429/lBhTTQDiCU1Lifo8n6nwhKXu2NFofZToYExxD9W:wPLKo9vhTTRC5Oc23cHErI
Size	102912 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/Win32.Menti.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Menti Panda = Suspicious file nProtect = Trojan/W32.Vundo.102912.D K7AntiVirus = Trojan VBA32 = AdWare.SuperJuan.xhy TrendMicro-HouseCall = TROJ_GEN.R4FC1DT Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Vundo.Gen McAfee-GW-Edition = Artemis!F2C7338447DA DrWeb = Trojan.Smardec.8 TrendMicro = TROJ_GEN.R4FC1DT Kaspersky = Trojan.Win32.Menti.inyh Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Menti.fam!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Menti.axk McAfee = Artemis!F2C7338447DA F-Secure = Gen:Variant.Vundo.6 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.SR AVG = Cryptic.BPO Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.6 Symantec = Trojan.Gen.2 Commtouch = W32/Virtumonde.SR BitDefender = Gen:Variant.Vundo.6 NOD32 = a variant of Win32/Kryptik.JHE
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2004:08:01 21:03:11-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 55296 Initialized Data Size : 86016 Uninitialized Data Size : 0 Entry Point : 0xe4b4 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7000.0 Product Version Number : 6.1.7000.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : Neutral Character Set : Unicode Company Name : Microsoft Corporation File Description : Small Form Factor Disk Driver File Version : 6.1.7000.0 (winmain_win7beta.081212-1400) Internal Name : sffdisk.sys Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : sffdisk.sys Product Name : Microsoft® Windows® Operating System Product Version : 6.1.7000.0
VirusTotal Report submitted 2012-06-30 00:56:36
VirusShare info last updated 2012-07-26 16:12:45

	MD5	2ab0421c8bc28275f988d8235b9c89ea
	SHA1	3dede496ac1ac0dbd0077ff656d21925666f78d4
	SHA256	45eb334835358c18656e148e961f2da34f30f9632f4a342a806eb8d7ed7ea69c
SSDeep	768:hXKF++jbW7FHGdeEqb7X2uVEqNpCQ30uWs:kF+QQHw072JqNpCQ3ZB
Size	32768 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Spy.Gen Avast = Win32:Pirminay-EE [Trj] Antiy-AVL = AdWare/Win32.SuperJuan Ikarus = not-a-virus:AdWare.Win32.SuperJuan AhnLab-V3 = Trojan/Win32.Variant Panda = Trj/CI.A K7AntiVirus = Adware VirusBuster = Adware.SuperJuan!HulR+fsZJIg VBA32 = AdWare.SuperJuan.yef TrendMicro-HouseCall = TROJ_GEN.R21C2CV Emsisoft = Riskware.AdWare.Win32.SuperJuan!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Artemis!2AB0421C8BC2 DrWeb = Trojan.WinSpy.1558 TrendMicro = TROJ_GEN.R21C2CV Kaspersky = not-a-virus:AdWare.Win32.SuperJuan.yef Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/SuperJuan PCTools = Adware.Gen!rem Jiangmin = Adware/SuperJuan.hk McAfee = Artemis!2AB0421C8BC2 F-Secure = Gen:Variant.Vundo.10 VIPRE = Virtumonde AVG = Generic4.CHWF Norman = W32/Suspicious_Gen2.KKZWJ GData = Gen:Variant.Vundo.10 Symantec = Adware.Gen BitDefender = Gen:Variant.Vundo.10 NOD32 = a variant of Win32/Ponmocup.AA
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 8704 Initialized Data Size : 23040 Uninitialized Data Size : 0 Entry Point : 0x2fea OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-06-30 02:37:02
VirusShare info last updated 2012-07-26 16:13:52

	MD5	3f340da452eed2e5977105d7b490a464
	SHA1	3e9ad1ab4d5ced2f122e8eaddaf3538301dffafa
	SHA256	660c68eb957514f5ddae8b8fb8e89c6a3d9708456c787b2ef267363e24f6203a
SSDeep	6144:ix72kU6Z55orF/8Sd62JNLjUB1iUgQh86HmEcQXHjGEDFE1EwJl1AX:ixSkn55oB/85YJkpmE5j7E3l
Size	372736 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:Renos-ZL [Drp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Dropper/Malware.372736.BT Panda = Generic Trojan K7AntiVirus = Trojan VirusBuster = Trojan.Pirminay!3cKg+QaW0G8 TrendMicro-HouseCall = TROJ_RENOS.BMC Comodo = TrojWare.Win32.Trojan.Agent.Gen Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.Hosts.4165 TrendMicro = TROJ_RENOS.BMC Kaspersky = Trojan.Win32.Pirminay.eel Microsoft = TrojanDownloader:Win32/Renos.KC ViRobot = Trojan.Win32.A.Pirminay.372736 Fortinet = W32/Kryptik.ANL!tr Jiangmin = Trojan/Pirminay.om McAfee = Generic Malware.ms F-Secure = Gen:Heur.NaviPromo.4 VIPRE = Trojan.Win32.Generic!BT AVG = Generic21.AVVU Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Heur.NaviPromo.4 Symantec = WS.Reputation.1 TheHacker = Trojan/Pirminay.eel BitDefender = Gen:Heur.NaviPromo.4 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:06:28 20:16:12-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 57344 Initialized Data Size : 610304 Uninitialized Data Size : 0 Entry Point : 0xb03b OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Nwrwntfwg Fhsatlobkri File Description : Device Display Status Manager File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : DeviceDisplayStatus Legal Copyright : © Fyetrlgai Rrevehmivpa. All rights reserved. Original Filename : DeviceDisplayStatus.dll Product Name : Pscofgkep® Kmdtrbe® Oisxuwbnm Mkvljz Product Version : 6.1.7600.16385
VirusTotal Report submitted 2012-06-30 02:47:39
VirusShare info last updated 2012-07-26 16:13:58

	MD5	f4a3d10241e28022362ab5b32d1e01dc
	SHA1	40b4095609a4440c9c2c3958f2bbd4737868f53a
	SHA256	2f49ccfea087e710ef411981ef7cab3d2f387ae89720198e011cfbe75df400b3
SSDeep	12288:lwt8uP8u6pADWTm6UufICNladgSHhoCN364zWoXaIYfUSIH1ID9yPF:2tH6pADWTm6UFCSdgSRAzoX4/DAP
Size	626688 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.ZPACK.Gen2 Avast = Win32:Adware-gen [Adw] Antiy-AVL = Trojan/Win32.Hrup.gen Ikarus = Trojan.Win32.Hrup AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/CI.A nProtect = Trojan.Generic.6823757 K7AntiVirus = Riskware VirusBuster = Trojan.Skintrim!PFFrkXc+TPg TrendMicro-HouseCall = TROJ_SPNR.30EE12 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Hrup!IK CAT-QuickHeal = Trojan.Hrup.eul McAfee-GW-Edition = Downloader.a!xb TrendMicro = TROJ_SPNR.30EE12 Kaspersky = Trojan.Win32.Hrup.eul Microsoft = TrojanDownloader:Win32/Wintrim.BL Fortinet = W32/Skintrim.B!tr PCTools = Trojan.Gen McAfee = Downloader.a!xb F-Secure = Trojan.Generic.6823757 VIPRE = Trojan-Downloader.Win32.Wintrim.bl (v) F-Prot = W32/Wintrim.N.gen!Eldorado AVG = Skintrim Norman = W32/Suspicious_Gen2.RYWEU Sophos = Mal/EncPk-ACW GData = Trojan.Generic.6823757 Symantec = Trojan.Gen.2 Commtouch = W32/Wintrim.N.gen!Eldorado BitDefender = Trojan.Generic.6823757 NOD32 = a variant of Win32/Skintrim.JF
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:07:24 10:10:13-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 24576 Initialized Data Size : 602112 Uninitialized Data Size : 0 Entry Point : 0x2350 OS Version : 5.0 Image Version : 0.0 Subsystem Version : 5.0 Subsystem : Windows GUI File Version Number : 2.2.2.1 Product Version Number : 2.2.2.1 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : saladero Company Name : cubriéndole File Description : alegorizo File Version : 2, 2, 2, 1 Internal Name : andares Product Name : Faisalabad Product Version : 2, 2, 2, 1
VirusTotal Report submitted 2012-06-30 03:26:17
VirusShare info last updated 2012-07-26 16:14:21

	MD5	044f51cf5cd2fcc4185769caf07f6bcc
	SHA1	4139ba5b9f25d2c79a7c42466c233e0ee931ac30
	SHA256	6e1c098f3852eb3afeb24ef3e9b4b8bcae714e8eebe74bb4fdfadeb955f3998b
SSDeep	6144:btlpaxzMoM3l2TzgwctPVJAbvq6lRdq0i0FYN3ITW86xkuiRd:xlpaxz62TEJNWbvq6PMJ225/ud
Size	327168 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.ZPACK.Gen2 Avast = Win32:Adware-gen [Adw] Antiy-AVL = Trojan/Win32.Agent.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Dropper/Win32.Agent Panda = Trj/CI.A nProtect = Trojan/W32.Agent.327168.U K7AntiVirus = Trojan VirusBuster = Trojan.DR.Agent!eepXEKNW0gg VBA32 = Trojan-Dropper.Win32.Agent.bjst TrendMicro-HouseCall = TROJ_DLOADUP.SMA Comodo = TrojWare.Win32.Spy.327168.30 Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Win32.TrojanDownloader.Renos.KC.4 McAfee-GW-Edition = Artemis!044F51CF5CD2 DrWeb = Trojan.MulDrop.58764 TrendMicro = TROJ_DLOADUP.SMA Kaspersky = Trojan-Dropper.Win32.Agent.bjst Microsoft = TrojanDownloader:Win32/Renos.KC Fortinet = W32/Kryptik.ANL!tr PCTools = HeurEngine.MaliciousPacker TotalDefense = malicious Jiangmin = TrojanDropper.Agent.ahkt McAfee = Artemis!044F51CF5CD2 F-Secure = Gen:Variant.Vundo.6 VIPRE = Packed.Win32.Pirminay.a (v) F-Prot = W32/Dropper.ANNF AVG = Dropper.Agent.PKN Norman = W32/Kryptik.AIF Sophos = Mal/Ponmocup-A GData = Gen:Variant.Vundo.6 Symantec = Packed.Generic.305 Commtouch = W32/Dropper.ANNF TheHacker = Trojan/Dropper.Agent.bjst BitDefender = Gen:Variant.Vundo.6 NOD32 = a variant of Win32/Kryptik.NHN
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:08:07 01:49:05-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 35840 Initialized Data Size : 579072 Uninitialized Data Size : 0 Entry Point : 0x9a5c OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 2 Language Code : Neutral Character Set : Unicode Company Name : Microsoft Corporation File Description : Lithuania Keyboard Layout File Version : 6.0.6000.16386 (vista_rtm.061101-2205) Internal Name : kbdlt (3.13) Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : kbdlt.dll Product Name : Microsoft® Windows® Operating System Product Version : 6.0.6000.16386
VirusTotal Report submitted 2012-06-30 03:36:00
VirusShare info last updated 2012-07-26 16:14:28

	MD5	fc66c6fa376e3e543354fa8bd7714457
	SHA1	42ebf9b1a25bada8edc58e2a903d20870290653d
	SHA256	57ea6ec109ebb4d174cc0768407a97d613cfa2bbc088e7a71fdc988d01b91acb
SSDeep	1536:hTiyQKX0Dy+5D3af9KcSsyd4twwOcdDDB64kEbHtLc0ZnKG39:BiA0d52FfXVdOcdDDMaI0Zl3
Size	84480 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/Win32.Menti.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Menti Panda = Trj/CI.A nProtect = Trojan/W32.Menti.84480.C K7AntiVirus = Trojan VBA32 = AdWare.SuperJuan.heur TrendMicro-HouseCall = TROJ_GEN.R01C7K1 Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Menti.inxb SUPERAntiSpyware = Trojan.Agent/Gen-Kryptik McAfee-GW-Edition = Vundo!py DrWeb = Trojan.Hosts.4846 TrendMicro = TROJ_GEN.R01C7K1 Kaspersky = Trojan.Win32.Menti.inxb Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Menti.cpa McAfee = Vundo!py F-Secure = Gen:Variant.Vundo.6 VIPRE = Trojan.Win32.Kryptik.laq (v) eSafe = Win32.Trojan F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Cryptic.BTF Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.6 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Gen:Variant.Vundo.6 NOD32 = a variant of Win32/Kryptik.JHE
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:11:16 06:26:58-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 38400 Initialized Data Size : 82944 Uninitialized Data Size : 0 Entry Point : 0xa2f4 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.5512 Product Version Number : 5.1.2600.5512 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Internet Print Provider DLL File Version : 5.1.2600.5512 (xpsp.080413-0852) Internal Name : inetpp.dll Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : inetpp.dll Product Name : Microsoft® Windows® Operating System Product Version : 5.1.2600.5512
VirusTotal Report submitted 2012-06-30 04:07:07
VirusShare info last updated 2012-07-26 16:14:47

	MD5	fc30d1afe7b46ca6139edf2ba1309d34
	SHA1	4c060f5520e60d4130bab179dfb578658bd984ac
	SHA256	b3c9a67e7c7708fe4b4bcf360e041bbf3abee3a81976d54d3a088eed5d6bfe14
SSDeep	3072:lEIMVMc1r+8oGdeWqLIufvp2IZwt7I92zYcrvUU3Ofxvj74Fg1vhXBxbbEj0mNLJ:CVMAN5d9IL5tZwk2UEv36h7jvhXB
Size	172032 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.XPACK.Gen Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/Win32.Monder.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Suspicious file nProtect = Trojan/W32.Vundo.172032 K7AntiVirus = Trojan VBA32 = AdWare.SuperJuan.heur TrendMicro-HouseCall = TROJ_GEN.R26C1JR Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Monder.myys McAfee-GW-Edition = Artemis!FC30D1AFE7B4 DrWeb = Trojan.Virtumod.9877 TrendMicro = TROJ_GEN.R26C1JR Kaspersky = Trojan.Win32.Monder.myys Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Monder.grc McAfee = Artemis!FC30D1AFE7B4 F-Secure = Gen:Variant.Vundo.13 VIPRE = Virtumonde F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic25.ARPN Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.13 Symantec = Trojan.Gen.2 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Monder.mimg BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Adware.Virtumonde.NKN
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:08:01 02:42:48-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 77824 Initialized Data Size : 131072 Uninitialized Data Size : 0 Entry Point : 0x134a4 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 0.3.1281.0 Product Version Number : 6.0.5479.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 12 Language Code : Arabic Character Set : Unicode Company Name : Microsoft Corporation File Description : برنامج تشغيل SEIKOSH9 File Version : 6.0.5479.0 (vbl_wcp_d2_drivers.060616-1619) Internal Name : SEK9RES.dll Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : SEK9RES.dll Product Name : Microsoft® Windows® Operating System Product Version : 6.0.5479.0
VirusTotal Report submitted 2012-06-30 06:44:18
VirusShare info last updated 2012-07-26 16:16:22

	MD5	dc4686282742bb2aeb00aa8d13a7dbb9
	SHA1	5a465c8b4dc9148ee0487c75c12ca51ec0f3502c
	SHA256	2c1d70d5e7c11b9c7415c77e8814c4908e84de76b199c61684c7466ec6a8c427
SSDeep	1536:43ESCOoGFfygdVPzvd+blHNw+LOJnk45Px9:2EdOoGFPdBMBu+LukQr
Size	70144 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-HH [Cryp] Antiy-AVL = Trojan/Win32.Monder.gen Ikarus = Trojan.Win32.Vundo AhnLab-V3 = Trojan/Win32.Pirminay Panda = Suspicious file Rising = Trojan.Win32.Generic.124E1B90 nProtect = Trojan/W32.Vundo.70144.O K7AntiVirus = Trojan VirusBuster = Trojan.Kryptik!7dkwHy53ggE VBA32 = Trojan.Pirminay.acf TrendMicro-HouseCall = TROJ_GEN.R4FC1FK Emsisoft = Trojan.Win32.Vundo!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Monder.myyq SUPERAntiSpyware = Trojan.Agent/Gen-Vundo McAfee-GW-Edition = Artemis!DC4686282742 DrWeb = Trojan.Siggen2.7799 TrendMicro = TROJ_GEN.R4FC1FK Kaspersky = Trojan.Win32.Monder.myyq Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.HTN!genus Jiangmin = Trojan/Pirminay.dv McAfee = Artemis!DC4686282742 F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.BZ.gen!Eldorado AVG = Generic25.ARLR Norman = W32/Suspicious_Gen2.LKIVO GData = Gen:Variant.Vundo.13 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.BZ.gen!Eldorado TheHacker = Trojan/Monder.mkeo BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.IRI
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2005:03:15 21:46:18-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 28672 Initialized Data Size : 77312 Uninitialized Data Size : 0 Entry Point : 0x7e07 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6001.18000 Product Version Number : 6.0.6001.18000 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Link-Layer Topology Mapper Service File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840) Internal Name : LLTDSVC.DLL Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : LLTDSVC.DLL Product Name : Microsoft® Windows® Operating System Product Version : 6.0.6001.18000
VirusTotal Report submitted 2012-06-30 12:40:08
VirusShare info last updated 2012-07-26 16:18:35

	MD5	b777e47c72bce200a523ebaa9fdbd78f
	SHA1	5e589709fbffd37f9eca933f473929cef8ba007d
	SHA256	4bc9bbeaa9890f76b7a7b89f8a7ddcb0108cad6ab26dbf8e25c3f81cb91ad29c
SSDeep	6144:bxtgIU6JvXrwOPTkGxvmSj2fAgvWAEszudnhwnrS1/pOHzCp9nHoS9Z:bxtHPrmwmm2GAEsidhwnr+vHoSn
Size	740713 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.ULPM.Gen Avast = Win32:Trojan-gen Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/CI.A nProtect = Trojan/W32.Agent.740713 VirusBuster = Trojan.Pirminay!N6a0vRWFits VBA32 = Trojan.Pirminay.ept TrendMicro-HouseCall = TROJ_RENOS.BMC Emsisoft = Trojan.Win32.Pirminay!IK Comodo = Packed.Win32.MUPX.Gen CAT-QuickHeal = Trojan.Pirminay.ept McAfee-GW-Edition = Downloader.a!zl DrWeb = Trojan.DownLoader4.54102 TrendMicro = TROJ_RENOS.BMC Kaspersky = Trojan.Win32.Pirminay.ept Microsoft = TrojanDownloader:Win32/Ponmocup.A ViRobot = Trojan.Win32.A.Pirminay.740713 PCTools = Downloader.Generic Jiangmin = Trojan/Pirminay.pg McAfee = Downloader.a!zl F-Secure = Trojan.Generic.5727132 VIPRE = Trojan.Win32.Generic.pak!cobra AVG = SHeur3.BSCS Norman = W32/Obfuscated.L GData = Trojan.Generic.5727132 Symantec = Downloader BitDefender = Trojan.Generic.5727132 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:30 10:05:43-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 258048 Initialized Data Size : 28672 Uninitialized Data Size : 454656 Entry Point : 0x52022 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-06-30 14:12:52
VirusShare info last updated 2012-07-26 16:19:12

	MD5	fa32a79b2cc09aa6a54536badd77d798
	SHA1	697cf7beda34f1b66f1a81754c2c9f89a18217d7
	SHA256	2425edc63d9c666e1cd8f515fb52231773e6fe9067e4b6aa1dd0cf64a3cf6414
SSDeep	1536:KSRwAgSxs9F9x0NOIGwRkxPLN5blSEJyOCv/QmurdepqGBSGgw2hKSmu4wIAYW3c:KrJ9FPwkxT3blSEtClurEpqGptJ9Qg3
Size	115712 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/Win32.Monder.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Suspicious file K7AntiVirus = Trojan TrendMicro-HouseCall = TROJ_GEN.R21C8KA Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Monder.myzl McAfee-GW-Edition = Artemis!FA32A79B2CC0 TrendMicro = TROJ_GEN.R21C8KA Kaspersky = Trojan.Win32.Monder.myzl Microsoft = Trojan:Win32/Vundo Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.H!generic McAfee = Artemis!FA32A79B2CC0 F-Secure = Gen:Variant.Vundo.6 VIPRE = Trojan.Win32.Kryptik.laq (v) AVG = Cryptic.BPO Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.6 Symantec = Trojan.Gen.2 BitDefender = Gen:Variant.Vundo.6 NOD32 = a variant of Win32/Kryptik.JHE
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2007:02:09 00:45:32-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 30208 Initialized Data Size : 120320 Uninitialized Data Size : 0 Entry Point : 0x824a OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.72.9590 Product Version Number : 6.0.72.9590 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : Neutral Character Set : Unicode Company Name : Microsoft Corporation File Description : Visual Basic for Applications Runtime - Expression Service File Version : 6.0.9589 Internal Name : EXPSRV.DLL Legal Copyright : Copyright © Microsoft Corp. 1993-1998 Original Filename : EXPSRV.DLL Product Name : Microsoft Visual Basic for Applications Product Version : 6.0
VirusTotal Report submitted 2012-06-30 17:30:53
VirusShare info last updated 2012-07-26 16:21:00

	MD5	006790d7fd3a6af99f3c535554c369fd
	SHA1	6fb663725bd93346763994b63f8e5e18f0c15b73
	SHA256	3fa4362ade153834c22dd3aa78d368fe2c7f6f541b67afc19d55cf9bd1c4e510
SSDeep	6144:XQsfcoMe4Kuu8O+B8u1qH0NDP6v7Z8NZoHGSexD2:XQXe4KsPrs
Size	253952 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dldr.Tracur.AG.13 Avast = Win32:MalOb-HO [Cryp] Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan-Downloader.Win32.Tracur AhnLab-V3 = Trojan/Win32.HDC Panda = Trj/CI.A K7AntiVirus = Trojan VBA32 = Trojan.Rundup.q TrendMicro-HouseCall = TROJ_SPNR.15L611 Comodo = TrojWare.Win32.Kryptik.BMNB Emsisoft = Trojan-Downloader.Win32.Tracur!IK CAT-QuickHeal = Trojan.Tracur.Gen SUPERAntiSpyware = Trojan.Agent/Gen-MSFake McAfee-GW-Edition = Downloader-BMN.gen.e DrWeb = Trojan.Hosts.5081 TrendMicro = TROJ_SPNR.15L611 Kaspersky = Trojan.Win32.Rundup.q Microsoft = Trojan:Win32/Tracur.AI Fortinet = W32/Kryptik.UQZ!tr PCTools = Trojan.Gen TotalDefense = Win32/Tracur.GG Jiangmin = Trojan/Pirminay.aol McAfee = Downloader-BMN.gen.e F-Secure = Gen:Variant.Kazy.40365 VIPRE = Trojan.Win32.Generic!BT F-Prot = W32/SuspPack.DW.gen!Eldorado AVG = Generic25.AGRI Norman = W32/Kazy.NA Sophos = Mal/Generic-L GData = Gen:Variant.Kazy.40365 Symantec = Trojan.Gen.2 Commtouch = W32/SuspPack.DW.gen!Eldorado TheHacker = Trojan/Kryptik.ucc BitDefender = Gen:Variant.Kazy.40365 NOD32 = a variant of Win32/Kryptik.UCC
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:09:30 00:43:37-04:00 PE Type : PE32 Linker Version : 6.2 Code Size : 227328 Initialized Data Size : 16384 Uninitialized Data Size : 569344 Entry Point : 0x2b76 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Unimodem Service Provider AT Mini Driver File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : UNIMDMAT Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : UNIMDMAT.DLL Product Name : Microsoft® Windows® Operating System Product Version : 6.1.7600.16385
VirusTotal Report submitted 2012-06-30 19:16:17
VirusShare info last updated 2012-07-26 16:21:58

	MD5	79103f9e241034e1eeec7aa40a08e082
	SHA1	727dc83dd4c52bd8a9d7b909903c0f2917c7b781
	SHA256	ef09cf35f0240f627d1370848e1cfc4cc99e88bc24530de4947687b0994c3e90
SSDeep	3072:fh5an/WyjirlklQ/SWg9CRFZMKN0o9W62bfx8:nanJkkySWgUTPusz2Dx
Size	105984 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:MalOb-FA [Cryp] Antiy-AVL = Trojan/Win32.Agent.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Vundo Panda = Trj/Vundo.I nProtect = Trojan/W32.Vundo.105984.B K7AntiVirus = Trojan VirusBuster = Trojan.Agent!yzy8S34INrY VBA32 = Trojan.Agent.hodh TrendMicro-HouseCall = TROJ_VUNDO.SMIA Emsisoft = Trojan.Win32.Pirminay!IK Comodo = TrojWare.Win32.Agent.hodh CAT-QuickHeal = Win32.Trojan.Vundo.5 SUPERAntiSpyware = Trojan.Agent/Gen-Vonder McAfee-GW-Edition = Vundo.gen.fn DrWeb = Trojan.Siggen2.26773 TrendMicro = TROJ_VUNDO.SMIA Kaspersky = Trojan.Win32.Agent.hodh Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.HTF!genus Jiangmin = Trojan/Genome.ihm McAfee = Vundo.gen.fn F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.BZ.gen!Eldorado AVG = Injector.AAJ Norman = W32/Kryptik.AIF Sophos = Troj/Agent-PKR GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.BZ.gen!Eldorado TheHacker = Trojan/Injector.dse BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Injector.DSE
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:02:02 03:17:08-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 57856 Initialized Data Size : 83968 Uninitialized Data Size : 0 Entry Point : 0xf06d OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1.1.4322.573 Product Version Number : 1.1.4322.573 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : netfxperf.lib File Version : 1.1.4322.573 Internal Name : netfxperf.lib Legal Copyright : Copyright (C) Microsoft Corporation 1998-2002. All rights reserved. Legal Trademarks : Microsoft and Windows are either registered trademarks or trademarks of Microsoft Corporation in the U.S. and/or other countries. Original Filename : netfxperf.lib Product Name : Microsoft (R) .NET Framework Product Version : 1.1.4322.573 Comments : Microsoft .NET Framework build environement is Retail. SafeSync counter=0
VirusTotal Report submitted 2012-06-30 20:10:42
VirusShare info last updated 2012-07-26 16:22:27

	MD5	75d2fbe78cf79259c85b36aac0e41128
	SHA1	759db45c7c96429ff0d986bfb7328829e6be2102
	SHA256	72a444e0673f81e5a168f58fbf5cebfccc4f607dc8b3269e58fc6c3216d2477c
SSDeep	3072:Rh0an/WHjCVlkPE/wkIffFZMKN0o9Wi2rfx8:Uan8ukQwkIlPusD2zx
Size	105984 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:MalOb-FA [Cryp] Antiy-AVL = Trojan/Win32.Agent.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Vundo Panda = Trj/Vundo.I nProtect = Trojan/W32.Vundo.105984.B K7AntiVirus = Trojan VirusBuster = Trojan.Agent!HK1cWUZntls VBA32 = Trojan.Agent.hodh TrendMicro-HouseCall = TROJ_VUNDO.SMIA Emsisoft = Trojan.Win32.Pirminay!IK Comodo = TrojWare.Win32.Agent.hodh CAT-QuickHeal = Win32.Trojan.Vundo.5 SUPERAntiSpyware = Trojan.Agent/Gen-Vonder McAfee-GW-Edition = Vundo.gen.fn DrWeb = Trojan.Siggen2.26773 TrendMicro = TROJ_VUNDO.SMIA Kaspersky = Trojan.Win32.Agent.hodh Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.HTF!genus Jiangmin = Trojan/Genome.ihm McAfee = Vundo.gen.fn F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.BZ.gen!Eldorado AVG = Injector.AAJ Norman = W32/Kryptik.AIF Sophos = Troj/Agent-PKR GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.BZ.gen!Eldorado TheHacker = Trojan/Injector.dse BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Injector.DSE
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:02:02 03:17:08-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 57856 Initialized Data Size : 83968 Uninitialized Data Size : 0 Entry Point : 0xf06d OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1.1.4322.573 Product Version Number : 1.1.4322.573 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : netfxperf.lib File Version : 1.1.4322.573 Internal Name : netfxperf.lib Legal Copyright : Copyright (C) Microsoft Corporation 1998-2002. All rights reserved. Legal Trademarks : Microsoft and Windows are either registered trademarks or trademarks of Microsoft Corporation in the U.S. and/or other countries. Original Filename : netfxperf.lib Product Name : Microsoft (R) .NET Framework Product Version : 1.1.4322.573 Comments : Microsoft .NET Framework build environement is Retail. SafeSync counter=0
VirusTotal Report submitted 2012-06-30 21:06:08
VirusShare info last updated 2012-07-26 16:23:00

	MD5	f0c6d1b74580db07ebef52e6efd9f5ce
	SHA1	75e5a937aa7cfc6c20261e3c44912a5eb4128657
	SHA256	ab88550c89b3adec572aa84281071b5748313cf92e28efca39a57809e40bcc78
SSDeep	3072:1MmhoFdSFsVJA1UgLLuzf/QqZ2ZFS63QdG4EPb3rKbU1IfFRFBC:mdqswdPuzfHZSt4EPb2gUF
Size	211968 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/Win32.Monder.gen Ikarus = Trojan.Win32.Pirminay Panda = Suspicious file Rising = Trojan.Win32.Generic.12657349 K7AntiVirus = Trojan VirusBuster = Trojan.Kryptik!yH1SXIBbCOo VBA32 = Trojan.Monder.mzal TrendMicro-HouseCall = TROJ_GEN.R26C7JR Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Monder.mzal McAfee-GW-Edition = Artemis!F0C6D1B74580 DrWeb = Trojan.WinSpy.1086 TrendMicro = TROJ_GEN.R26C7JR Kaspersky = Trojan.Win32.Monder.mzal Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Generic.lgjh McAfee = Artemis!F0C6D1B74580 F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.BZ.gen!Eldorado AVG = Generic25.ARRX Norman = W32/Kryptik.AIF Symantec = WS.Reputation.1 GData = Gen:Variant.Vundo.4 Commtouch = W32/Virtumonde.BZ.gen!Eldorado BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.HZV
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2000:05:23 14:35:16-04:00 PE Type : PE32 Linker Version : 5.12 Code Size : 166400 Initialized Data Size : 81408 Uninitialized Data Size : 0 Entry Point : 0x298ab OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 4.0.2.7523 Product Version Number : 4.0.2.7523 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Microsoft FrontPage Server Extensions File Version : 4.0.2.7523 Original Filename : RPCTEST.DLL Legal Copyright : Copyright © 1995-1999 Microsoft Corporation, All rights reserved. Legal Trademark 1 : Microsoft®, Windows®, and FrontPage® are registered trademarks of Microsoft Corporation, and WebBot is a trademark of Microsoft Corporation, in the United States and/or other countries. Product Name : Microsoft® FrontPage® 2000 Product Version : 4.0.2.7523
VirusTotal Report submitted 2012-06-30 21:10:29
VirusShare info last updated 2012-07-26 16:23:01

	MD5	8c36c7460c163428c05ba1e23894161d
	SHA1	80f6ab370247f4733619958bdf018faaa7309785
	SHA256	54cdb55e0beba48ddcbe095a9505667c2783613c43deec22bcd1dfeceae6c0a0
SSDeep	1536:n7v7NegBYUhirXQCF/blh6iOyKDr2hYtMU7g7YwR3:LhYUd2lc2K50
Size	98304 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Generic Trojan VirusBuster = Trojan.Monder!LEBOrMC2RuU TrendMicro-HouseCall = TROJ_SPNR.15L511 Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Monder.mylt McAfee-GW-Edition = Generic Malware.ms TrendMicro = TROJ_SPNR.15L511 Kaspersky = Trojan.Win32.Monder.mylt Microsoft = Trojan:Win32/Vundo.gen!AV ViRobot = Trojan.Win32.A.Monder.98304.AC Fortinet = W32/Moder.DRJY!tr TotalDefense = Win32/Vundo.H!generic PCTools = Trojan.Gen Jiangmin = Trojan/Monder.abef McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CD.gen!Eldorado AVG = Generic22.ZNK Norman = W32/Suspicious_Gen2.SMPJT Symantec = Trojan.Gen GData = Gen:Variant.Vundo.4 Commtouch = W32/Virtumonde.CD.gen!Eldorado TheHacker = Trojan/Kryptik.ndi BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.NDI
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:06:30 10:11:52-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 20480 Initialized Data Size : 110592 Uninitialized Data Size : 0 Entry Point : 0x20c9 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7000.0 Product Version Number : 6.1.7000.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Ttbmtwjsq Magziqauxla File Description : Zwgmzsaid Base Smart Card Crypto Provider File Version : 6.1.7000.0 (winmain_win7beta.081212-1400) Internal Name : basecsp.dll Legal Copyright : © Vrznvwwzv Dboyduehdmp. All rights reserved. Original Filename : basecsp.dll Product Name : Jbfhhzscm® Jtdaxgv® Qvisjwtag Mivnrv Product Version : 6.1.7000.0
VirusTotal Report submitted 2012-07-01 00:15:48
VirusShare info last updated 2012-07-26 16:25:07

	MD5	8fd6709fcec1f0dd4641d188e92a1616
	SHA1	8d85cf4edc45d45da3265c81f1bd66aff1ed6a13
	SHA256	498fdab62449839a773bbcc7e9dac000cec83d3accad77f3c2f7c4890442ba56
SSDeep	6144:704DCqcXTAz49R6WynnXfoF6vEwqqDLuP:706CqcXTAAynX181qnuP
Size	245760 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.HDC Panda = Generic Trojan K7AntiVirus = Trojan VirusBuster = Trojan.Kryptik!x67hZcFXIiY TrendMicro-HouseCall = TROJ_GEN.R01C1JT Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.WinSpy.1219 TrendMicro = TROJ_GEN.R01C1JT Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Generic.juyk McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.13 VIPRE = Virtumonde eSafe = Win32.Trojan F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.ABQV Norman = W32/Suspicious_Gen2.RYFGZ Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.13 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:21 14:38:07-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 192512 Initialized Data Size : 94208 Uninitialized Data Size : 0 Entry Point : 0x2b526 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.6938.0 Product Version Number : 6.1.6938.0 File Flags Mask : 0x003f File Flags : Private build File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Yozaedtuxsv File Description : Microsoft DTV-DVD Audio Decoder File Version : 6.1.6938.0 (fbl_multimedia_media(bld4act).081031-0928) Internal Name : MSMPEG2ADEC.dll Legal Copyright : © Cuiggryah Ggtpqfspfer. All rights reserved. Original Filename : MSMPEG2ADEC.dll Product Name : Gwehwmftf® Xstvboy® Tydvqztub Awxyxz Product Version : 6.1.6938.0
VirusTotal Report submitted 2012-07-01 03:49:38
VirusShare info last updated 2012-07-26 16:27:15

	MD5	fb074062a981cd54022c4917db9cba05
	SHA1	8dd1da00561c27a907252ef737d839494668451f
	SHA256	e376612b4db8617196957811da5f037245b3e393ec494752c615c9071b37ea9a
SSDeep	6144:0+QZ5dap4P3L+LxL4mLwHxlV5hbfugwpHfLkQmOPDa:nI3LY18Rlvhbfu7d+sa
Size	273821 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.XPACK.Gen Avast = Win32:Pirminay-BB [Trj] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/CI.A K7AntiVirus = Riskware VirusBuster = Trojan.DL.Ponmocup!e2jw+4hdS5A TrendMicro-HouseCall = TROJ_RENOS.BMC Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Pirminay.pdq McAfee-GW-Edition = Downloader.a!wt DrWeb = Trojan.Hosts.5040 TrendMicro = TROJ_RENOS.BMC Kaspersky = Trojan.Win32.Pirminay.pdq Microsoft = Trojan:Win32/Vundo.gen!CD Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.ADH Jiangmin = Trojan/Pirminay.adj McAfee = Downloader.a!wt F-Secure = Gen:Variant.Kazy.29755 VIPRE = Trojan.Win32.Generic!BT eSafe = Win32.Trojan AVG = SHeur3.CFGA Norman = W32/Suspicious_Gen2.RZULB GData = Gen:Variant.Kazy.29755 Symantec = Trojan.ADH.2 TheHacker = Trojan/Pirminay.iky BitDefender = Gen:Variant.Kazy.29755 NOD32 = probably a variant of Win32/Agent.BMQHEPH
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:03:24 21:08:30-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 270336 Initialized Data Size : 4096 Uninitialized Data Size : 356352 Entry Point : 0x99970 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 4.3.0.1998 Product Version Number : 4.3.0.1998 File Flags Mask : 0x30003f File Flags : (none) File OS : Windows 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Windows, Latin1 Company Name : Ighvzfkid Cjuncfqwfiw File Description : Xyxbgspjd Audio Compression Manager File Version : 4.03.1998 Internal Name : msacm32.dll Legal Copyright : Copyright © Cwmagqccf Corp. 1991-1998 Original Filename : msacm32.dll Product Name : Iihgmndtr Vaqxwgw Product Version : 4.03.1998
VirusTotal Report submitted 2012-07-01 03:52:32
VirusShare info last updated 2012-07-26 16:27:16

	MD5	ddcdce7b03905ee3618da7f411739a71
	SHA1	9099d42e84ddfb46a033a70b2f89a2c6499e2c74
	SHA256	a0bf7f5550d33f835f2fc08b132dc2b9d18c7b2efd3c5c81e67a52636cb6c7c3
SSDeep	1536:3e86QvHXoGYBtS9KX+x5NKGeTdGh38aZl0BkKV:319vHEviKdTdZRBkK
Size	61440 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/Win32.Menti.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Menti Panda = Suspicious file nProtect = Trojan/W32.Agent.61440.BYZ K7AntiVirus = Trojan VBA32 = AdWare.SuperJuan.heur TrendMicro-HouseCall = TROJ_KRYPTK.SMUW Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Menti.hgpp SUPERAntiSpyware = Trojan.Agent/Gen-Vundo McAfee-GW-Edition = Artemis!DDCDCE7B0390 DrWeb = Trojan.Siggen2.31637 TrendMicro = TROJ_KRYPTK.SMUW Kaspersky = Trojan.Win32.Menti.hgpp Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Generic.ctws McAfee = Artemis!DDCDCE7B0390 F-Secure = Gen:Variant.Vundo.6 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Cryptic.BTF Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.6 Symantec = Trojan.Gen.2 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.jhe BitDefender = Gen:Variant.Vundo.6 NOD32 = a variant of Win32/Kryptik.JHE
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:03:24 08:50:40-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 18944 Initialized Data Size : 78336 Uninitialized Data Size : 0 Entry Point : 0x5784 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.1830 Product Version Number : 5.2.3790.1830 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 6 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : MS Remote Access and Routing ARP Driver File Version : 5.2.3790.1830 (srv03_sp1_rtm.050324-1447) Internal Name : WANARP.SYS Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : WANARP.SYS Product Name : Microsoft® Windows® Operating System Product Version : 5.2.3790.1830
VirusTotal Report submitted 2012-07-01 04:41:50
VirusShare info last updated 2012-07-26 16:27:40

	MD5	f1cf829d1ef25c2b8adb6fae4541896c
	SHA1	9daa4add1d17cb30787b2f461845d61edfd65a31
	SHA256	49b929d9be27395a05ebd6e7596cc8c846f36e3c06c63b6834cf36f7f702c041
SSDeep	1536:Ou3L6j7e+kdWzwlmIZd3Pb6GqgdQptUmk6QJ0k1f:T3MSKwlnPbQWcOX0kJ
Size	90112 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.307200 Avast = Win32:MalOb-GD [Cryp] Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Adware/Win32.SuperJuan Panda = Trj/CI.A nProtect = Trojan/W32.Vundo.90112.NI K7AntiVirus = Trojan VirusBuster = Trojan.Kryptik!PRFwy053Law TrendMicro-HouseCall = TROJ_GEN.R21C1K9 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Genome.wgiq SUPERAntiSpyware = Trojan.Agent/Gen-Vundo McAfee-GW-Edition = Artemis!F1CF829D1EF2 DrWeb = Trojan.WinSpy.1274 TrendMicro = TROJ_GEN.R21C1K9 Kaspersky = Trojan.Win32.Genome.wgiq Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Moder.DRJY!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.H!generic Jiangmin = DangerousObject.Multi.img McAfee = Artemis!F1CF829D1EF2 F-Secure = Gen:Variant.Buzy.3199 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CD.gen!Eldorado AVG = Cryptic.DSS Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Buzy.3199 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CD.gen!Eldorado BitDefender = Gen:Variant.Buzy.3199 NOD32 = a variant of Win32/Kryptik.NDI
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:04:08 23:05:16-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 32768 Initialized Data Size : 90112 Uninitialized Data Size : 0 Entry Point : 0x5695 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1.0.6.1 Product Version Number : 1.0.6.1 File Flags Mask : 0x30003f File Flags : Pre-release, Private build File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Windows, Latin1 Active Movie : Conexant Color Converter Company Name : Conexant File Description : Conexant Color Converter File Version : 1.0.6.1 Internal Name : ColorCvt_raphd_IBV32.ax Legal Copyright : Copyright (C) 2006 Conexant, Inc. OLE Self Register : AM20 Original Filename : ColorCvt.ax Product Name : Conexant Color Converter Product Version : 1.0.6.1
VirusTotal Report submitted 2012-07-01 08:36:17
VirusShare info last updated 2012-07-26 16:29:51

	MD5	6379f1da0971e82938200a2484b80209
	SHA1	972be7fa163dc92646e204961afd440265f2c384
	SHA256	01a4ced07d1c2a940faeaff465479af15e042854a38b7b7f25230df460b466f1
SSDeep	12288:Cm8Y3+6RNde6ZFyqOcfvnuSSBWs1LPyKYqlZT2V/:KyRHFZFyNcffzKYqlZT2R
Size	426562 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	Ikarus = Trojan.Win32.Pirminay Emsisoft = Trojan.Win32.Pirminay!IK
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:08:20 14:57:36-04:00 PE Type : PE32 Linker Version : 6.0 Code Size : 405504 Initialized Data Size : 344064 Uninitialized Data Size : 0 Entry Point : 0x602fb OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Bswjksypd Okxtvfrycoe File Description : Visioneer Flatbed Scanner Still Image Device Micro Driver DLL File Version : 5.1.2600.0 (XPClient.010817-1148) Internal Name : PMXMCRO Legal Copyright : © Tsvyirjtc Rrvbjkqzxfe. All rights reserved. Original Filename : PMXMCRO.DLL Product Name : Juveowetj® Ycevujv® Vvuqiygbz Kwttqb Product Version : 5.1.2600.0
VirusTotal Report submitted 2011-03-16 06:24:20
VirusShare info last updated 2012-07-26 16:30:28

	MD5	ca041f0013bb2febe36d730fad71e125
	SHA1	02ad1380630f054a45265e74168475e311e1cd0b
	SHA256	03dc32ed469db0bfd4c217444d5b84a4bd30bb99b5a6dc1f991f708084ff0c05
SSDeep	3072:S+9k6rU50oY8AC7OsNcXAtQb0dFzEsMqqDLy//oDbc:Qekcw0AyyFzEfqqDLu/
Size	131072 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:Vundo-JX [Trj] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/Genetic.gen nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!qSghR71cT4Q eTrust-Vet = Win32/Vundo.HPV!genus TrendMicro-HouseCall = TROJ_GEN.R72C2FU Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Vundo!iy TrendMicro = TROJ_GEN.R72C2FU Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Vundo.IY!tr McAfee = Vundo!iy F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Vundo-JX [Trj] eSafe = Win32.TRVundo AVG = Generic23.TMC Norman = W32/Suspicious_Gen2.MYTZH GData = Gen:Variant.Vundo.4 BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:05 18:48:40-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 86016 Initialized Data Size : 86016 Uninitialized Data Size : 0 Entry Point : 0x151a7 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.1.4026.0 Product Version Number : 2.0.0.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : Ncpniezam Kdqqjqacykd File Description : Movie Maker Filters File Version : 2, 1, 4026, 0 Internal Name : WMM2FILT Legal Copyright : Copyright (C) Lfwckqjlh Corp, 2004 Legal Trademarks : Original Filename : WMM2FILT.DLL Private Build : Product Name : Windows Movie Maker Product Version : 2.1.4026.0 Special Build :
VirusTotal Report submitted 2011-07-10 06:11:15
VirusShare info last updated 2012-07-26 16:30:43

	MD5	943b4423dd1d48fd9f91231c84185245
	SHA1	367ad781afe54c5fef6afefbccad0b24cdd92bda
	SHA256	0511e749cc8846a8d71bc2e425d126fdd1798417ea1af5f6314e6d38b3782a49
SSDeep	3072:gQln0kRr3tsCNmXy71j2GSGGRqquKGMovZ0a1n8DOn9MqqDLy/NnqR8b:j0kRhPmXyxjxSnwGGJ0jDOuqqDLuN
Size	180224 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-HF [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Genome Panda = Suspicious file Rising = Trojan.Win32.Generic.1289D33E nProtect = Trojan/W32.Vundo.180224 K7AntiVirus = Riskware VirusBuster = Trojan.Genome!BXALZZT4IkI eTrust-Vet = Win32/Vundo.HRU TrendMicro-HouseCall = TROJ_GEN.R26CCCA Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Vundo McAfee-GW-Edition = Vundo!ja DrWeb = Trojan.MulDrop2.36782 TrendMicro = TROJ_GEN.R26CCCA Kaspersky = Trojan.Win32.Monder.npuy Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Vundo Jiangmin = Trojan/Monder.addk McAfee = Vundo!ja F-Secure = Gen:Variant.Vundo.4 VIPRE = Virtumonde F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.KBG Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = Trojan.Vundo!gen9 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.oxp BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.OXP
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2004:07:11 15:22:28-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 86016 Initialized Data Size : 135168 Uninitialized Data Size : 0 Entry Point : 0x119ca OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.3959 Product Version Number : 5.2.3790.3959 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Microsoft Server Appliance Services File Version : 5.2.3790.3959 (srv03_sp2_rtm.070216-1710) Internal Name : APPSRVCS.DLL Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : APPSRVCS.DLL Product Name : Microsoft® Windows® Operating System Product Version : 5.2.3790.3959
VirusTotal Report submitted 2012-03-19 06:57:31
VirusShare info last updated 2012-07-26 16:31:26

	MD5	bfcd2f60c6ae37ef8ce4739762d7bafb
	SHA1	079f6b42abe5f6383217ca7daafc1cbec5b65f5b
	SHA256	a7d511fb519cc5ecc5025c5d6935550d6c70a2552df3bed141322c611acbeb7c
SSDeep	3072:jRr3TC4/6IECCLfz71QY4NQEu672TX6gdYfMxJ0YWpCQPHYZokkDiXlQz3iCS5Wk:jF+4nElLfnX8fc0IwkkDiK6O5AXA0
Size	262144 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.XPACK.Gen3 Avast = Win32:MalOb-GD [Cryp] Antiy-AVL = Trojan/win32.agent.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.13 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!JnV212PFjKM eTrust-Vet = Win32/Monder.A!generic TrendMicro-HouseCall = TROJ_GEN.R1BC2GK Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[RE] McAfee-GW-Edition = Vundo!kg DrWeb = Trojan.Click1.57208 TrendMicro = TROJ_GEN.R1BC2GK Kaspersky = UDS:DangerousObject.Multi.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Monder.BMF!tr PCTools = Trojan.Gen McAfee = Vundo!kg F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-GD [Cryp] F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.BFIS Norman = W32/Suspicious_Gen2.NRTDI Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.13 Symantec = Trojan.Gen.2 Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:10 00:18:10-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 200704 Initialized Data Size : 94208 Uninitialized Data Size : 0 Entry Point : 0x2db3d OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Tsspbkhsl Uxnefljtowt File Description : DS Authorization for Services File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : DSAUTH.DLL Legal Copyright : © Tczifqmhh Kxkqtdjmkxp. All rights reserved. Original Filename : DSAUTH.DLL Product Name : Cnommjtcg® Pjgdmzq® Avenyfbft Xqomua Product Version : 6.1.7600.16385
VirusTotal Report submitted 2011-09-13 09:50:32
VirusShare info last updated 2012-07-26 16:32:06

	MD5	19918345f1558b03ebba220659a68f71
	SHA1	01ed0612cf6fe36fe49355614ce27074dff14828
	SHA256	08b15cda2085b5a1f5c94200c0d28f906e825cd0f8a4d04d8bf53727893c9602
SSDeep	3072:ZzYKtlZKaHhjBvsVW3BFODcksCx7ymtlnXnpQoaAmlmyB7Hn:ZX3ZK2ZBUAODcksU7ymvXEn
Size	146432 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.aba.1 Avast = Win32:MalOb-GD [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Suspicious file nProtect = Trojan/W32.Vundo.146432.B K7AntiVirus = Riskware VirusBuster = Trojan.Monder!T/hJsSa0RUQ eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R4FC1KS Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Vundo!ll DrWeb = Trojan.Virtumod.10409 TrendMicro = TROJ_GEN.R4FC1KS Kaspersky = Trojan.Win32.Monder.drjy Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen McAfee = Vundo!ll F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CD.gen!Eldorado AVG = Generic21.BEQD Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.13 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CD.gen!Eldorado BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2007:02:18 12:52:54-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 73728 Initialized Data Size : 114688 Uninitialized Data Size : 0 Entry Point : 0xee59 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1.0.35.0 Product Version Number : 1.0.35.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 1 Language Code : German Character Set : Unicode Comments : Company Name : Hewlett-Packard Bvhtqihodem File Description : File Version : 1.0.35.0 Internal Name : Legal Copyright : Copyright (C) Hewlett-Packard Corp. 1997-2002 Legal Trademarks : Original Filename : Private Build : Product Name : HP LaserJet Druckertreiber-Benutzeroberflächenerweiterung (hpcabout.dll) Product Version : 1.0.35.0 Special Build :
VirusTotal Report submitted 2012-04-01 08:49:55
VirusShare info last updated 2012-07-26 16:32:20

	MD5	e8a2f090475d877e554e1d125b996c4d
	SHA1	0dc0587ec261b10fd4e37bae8596d42df5df357d
	SHA256	17a4f9f6ad35334898843a82d8023b3753c26e10acb14ac1da879b6654628a52
SSDeep	1536:VHGkiw2uIR+OoPMqqU+NV23S2n8VkFS+FcHmCnzuaUkYUhnQFOo0UT6PpqiD:V0TnHoPMqqDLy/QVzLSkYHFO5Ei
Size	102400 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.AV.573 Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Malware/Win32.Generic Panda = Suspicious file nProtect = Gen:Variant.Vundo.16 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!un38X6lKXD4 TrendMicro-HouseCall = TROJ_GEN.R1BC2FM Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Vundo!kf DrWeb = Trojan.WinSpy.238 TrendMicro = TROJ_GEN.R1BC2FM Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr McAfee = Vundo!kf F-Secure = Trojan.Generic.6357027 VIPRE = Trojan.Win32.Generic!BT AVG = Generic23.NJ Norman = Vundo.UUS Sophos = Troj/Virtum-Gen GData = Trojan.Generic.6357027 Symantec = WS.Reputation.1 TheHacker = Trojan/Kryptik.oxp BitDefender = Trojan.Generic.6357027 NOD32 = a variant of Win32/Kryptik.OXP
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:01:23 05:31:25-05:00 PE Type : PE32 Linker Version : 5.12 Code Size : 28672 Initialized Data Size : 118784 Uninitialized Data Size : 0 Entry Point : 0x3b6a OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 7.0.0.0 Product Version Number : 5.2.3790.1230 File Flags Mask : 0x003f File Flags : Private build File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Unicode Company Name : Adaptec, Inc. File Description : Adaptec Jfccjbr Ultra320 Driver File Version : 7.0.000.000 (NT.040809-2325) Internal Name : PH 3.0 MS_V98 V564 bw01 - RTC03 Legal Copyright : Copyright © 2003 Adaptec, Inc. All rights reserved. Original Filename : adpu320.sys Product Name : Adaptec Uvsvqsj Ultra320 Family Driver Product Version : 5.2.3790.1230
VirusTotal Report submitted 2011-10-21 23:04:25
VirusShare info last updated 2012-07-26 16:33:44

	MD5	c3dab3dc013576835b824f4b33d0ba27
	SHA1	0e92ae88cb057f269ba4f85bd6e95a9a03ee4adc
	SHA256	dd7677c522b76a057ecc0ec1b033e1872a7dcbef777be1e0e9d8ac47a9cd7cc6
SSDeep	1536:3lwY9TCmaHMdf0MAcqP6ag4wxkj0xVBoq4j:3lwY9TCdMT9qyag4YkYx8q
Size	80896 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.4.264 Avast = Win32:MalOb-GD [Cryp] Antiy-AVL = Trojan/Win32.Monder.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Suspicious file Rising = Trojan.Win32.Generic.128AE706 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!gVFCZB77J6c eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R72C2GG Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Vundo McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.Virtumod.10571 TrendMicro = TROJ_GEN.R72C2GG Kaspersky = Trojan.Win32.Monder.njxs Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Vundo Jiangmin = Trojan/Generic.inoj McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Generic!BT eSafe = Win32.TRVundo F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.CPDA Norman = W32/Kryptik.AIF Sophos = Mal/Generic-L GData = Gen:Variant.Vundo.4 Symantec = Trojan.Vundo!gen9 Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.OCU
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:09:18 17:05:04-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 61440 Initialized Data Size : 57344 Uninitialized Data Size : 0 Entry Point : 0xf621 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6001.18000 Product Version Number : 6.0.6001.18000 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Bpvzsoopi Nskvvnbnlcg File Description : Yiykmbwpy® InfoTech Storage Yhtfxj Library File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840) Internal Name : APSS Legal Copyright : © Mtxyltvhu Corporation. All rights reserved. Original Filename : APSS.DLL Product Name : Ftjrxowtm® Mhkdvnj® Bniobijdq Brxvdg Product Version : 6.0.6001.18000
VirusTotal Report submitted 2012-04-04 17:34:29
VirusShare info last updated 2012-07-26 16:33:57

	MD5	2bcfc98eef9f8a29e207f91b02aefb50
	SHA1	cac5a3a94e7f32a4ab90a51101927b3ab0f69e3d
	SHA256	13edf0cfb70cafb91731486c54a63882238d762bdcab9f2b64406ac4eec2a052
SSDeep	12288:Yh3JsN30ThyR8aXW5z1fIM3Z1OlR5iyFpegF8bXfNEH:QZe3kQGxSM3a759eAOVu
Size	497686 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dldr.Ponmocup.A.330 Avast = Win32:Rootkit-gen [Rtk] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Suspicious file nProtect = Trojan.Generic.6201815 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!XLFbCqxS2TQ VBA32 = Trojan.Jorik.Pirminay.bcu TrendMicro-HouseCall = TROJ_GEN.R11C2GB Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Jorik.Pirminay.bcu SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[Cont] McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.Click2.1103 TrendMicro = TROJ_GEN.R11C2GB Kaspersky = Trojan.Win32.Jorik.Pirminay.bcu Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Kryptik.ANL!tr PCTools = Downloader.Generic Jiangmin = Trojan/Generic.kfuz McAfee = Generic Malware.ms ClamAV = Trojan.Agent-248231 F-Secure = Trojan.Generic.6201815 VIPRE = Trojan.Win32.Generic!BT AVG = Generic23.AMJJ Norman = W32/Troj_Generic.YQUL Sophos = Troj/Virtum-Gen GData = Trojan.Generic.6201815 Symantec = Downloader TheHacker = Trojan/Pirminay.jtt BitDefender = Trojan.Generic.6201815 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:25 02:09:30-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 495616 Initialized Data Size : 4096 Uninitialized Data Size : 581632 Entry Point : 0x107960 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6001.18000 Product Version Number : 6.0.6001.18000 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Dwbxidqtc Tnnvkqcqhbx File Description : Vhwyxwr NT MARTA provider File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840) Internal Name : ntmarta.dll Legal Copyright : © Evtgxttck Birlzseuqif. All rights reserved. Original Filename : ntmarta.dll Product Name : Wseqzcrpr® Hwwldzg® Vydekfyow Tzmldp Product Version : 6.0.6001.18000
VirusTotal Report submitted 2012-03-21 07:52:29
VirusShare info last updated 2012-07-26 16:35:50

	MD5	bb58a4618e8e7cd800f27c241b004f40
	SHA1	1563b6654cc256a4e24bc7787f8f5933f24bb451
	SHA256	2ab0103c6ce12223b464e49205cc9d00c03e14e1cdd82fcb9b3d5fd3c672e0ba
SSDeep	3072:S+3g6rU50oY8ACy5b6cXGhdTdFzeMqqDLy/BoDbc:iekqe0GtFzVqqDLuB
Size	131072 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:Vundo-JX [Trj] Antiy-AVL = Trojan/win32.agent.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/Genetic.gen nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware VirusBuster = Trojan.Vundo.AKMH eTrust-Vet = Win32/Vundo.HPV!genus TrendMicro-HouseCall = TROJ_GEN.R72C2G4 Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Artemis!BB58A4618E8E TrendMicro = TROJ_GEN.R72C2G4 Microsoft = Trojan:Win32/Vundo.gen!AV PCTools = Trojan.Gen McAfee = Artemis!BB58A4618E8E F-Secure = Gen:Variant.Vundo.4 VIPRE = Virtumonde Avast5 = Win32:Vundo-JX [Trj] eSafe = Win32.TRVundo AVG = Generic23.XVJ Norman = W32/Suspicious_Gen2.MZPYI Symantec = Trojan.Gen GData = Gen:Variant.Vundo.4 BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:05 18:48:40-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 86016 Initialized Data Size : 86016 Uninitialized Data Size : 0 Entry Point : 0x151a7 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.1.4026.0 Product Version Number : 2.0.0.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : Ncpniezam Kdqqjqacykd File Description : Movie Maker Filters File Version : 2, 1, 4026, 0 Internal Name : WMM2FILT Legal Copyright : Copyright (C) Lfwckqjlh Corp, 2004 Legal Trademarks : Original Filename : WMM2FILT.DLL Private Build : Product Name : Windows Movie Maker Product Version : 2.1.4026.0 Special Build :
VirusTotal Report submitted 2011-07-11 23:59:16
VirusShare info last updated 2012-07-26 16:36:13

	MD5	dee9ae5b62e23a4f24171218c865289b
	SHA1	ec6b599f13a3ae2b2d0dbec2edd3ce25d98a81f4
	SHA256	15d0c8c149ee8b0562239087cee24e9a51f1bceb7aa49c1fc80cf3b9dadd2120
SSDeep	3072:LBCHxLSv/1vw5o6I4PsCUGqjofETpWT9JlEinCXc3ACO:cBSlvw+7iUGqsfkpWT9IinCXcQC
Size	119296 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.aba.1 Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Trj/Genetic.gen nProtect = Trojan/W32.Monder.119296 K7AntiVirus = Riskware VirusBuster = Trojan.Monder!uP6kf0PGCKg eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_VUNDO.SMUM9 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[Cont] McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.Virtumod.9910 TrendMicro = TROJ_VUNDO.SMUM9 Kaspersky = Trojan.Win32.Monder.drjy Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Monder.aanz McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CD.gen!Eldorado AVG = Generic21.BLNB Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.13 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CD.gen!Eldorado TheHacker = Trojan/Kryptik.lxf BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2005:04:14 22:44:38-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 65536 Initialized Data Size : 98304 Uninitialized Data Size : 0 Entry Point : 0xcf39 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Hvbvnkbmo Imcpacdlicy File Description : IAS Pipeline File Version : 5.1.2600.0 (rwwdvpwo.010817-1148) Internal Name : IASPOLCY.DLL Legal Copyright : © Miluracvn Fpyproycska. All rights reserved. Original Filename : IASPOLCY.DLL Product Name : Ppqvspivk® Qpiulya® Epfsbzvsb Abjzsx Product Version : 5.1.2600.0
VirusTotal Report submitted 2012-03-19 07:04:16
VirusShare info last updated 2012-07-26 16:36:18

	MD5	0317765736b228b83285d7b0b4a58da8
	SHA1	17ac49d9de60cd5f4a653cb79cd49332d2c3fd47
	SHA256	5613f1796cb8cd86491dc3e6a4cd1a381ad871a9ddf6c8da809cbc67a1bd07f4
SSDeep	6144:ViLcmhVexc2ldlVdJ94tKBYbQyFdb/65cWYPp2jXpMocq/2kwpNoz488kd+7:scmhVeNl979HmbC5cWQpY2Lc48P8
Size	374272 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.XPACK.Gen5 Avast = Win32:Pirminay-Y [Trj] Antiy-AVL = Trojan/win32.agent.gen Ikarus = Trojan.Win32.Pirminay Panda = Suspicious file Rising = Trojan.Win32.Generic.128A3A0E nProtect = Trojan.Generic.6198783 VirusBuster = Trojan.Kryptik!9AsPZOabBlA TrendMicro-HouseCall = TROJ_GEN.R01C2G8 Comodo = TrojWare.Win32.Trojan.Agent.Gen Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[Cont] McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.DownLoader3.60421 TrendMicro = TROJ_GEN.R01C2G8 Microsoft = TrojanDownloader:Win32/Renos.KC Fortinet = W32/Malware_fam.NB Jiangmin = Trojan/Generic.gzed McAfee = Generic Malware.ms F-Secure = Trojan.Generic.6198783 VIPRE = Trojan.Win32.Generic!BT eSafe = Win32.TRKazy AVG = Generic23.AHIZ Norman = W32/Obfuscated.L Sophos = Mal/Generic-L GData = Trojan.Generic.6198783 TheHacker = Trojan/Kryptik.llt BitDefender = Trojan.Generic.6198783 NOD32 = a variant of Win32/Kryptik.LLT
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1997:09:14 08:16:25-04:00 PE Type : PE32 Linker Version : 5.2 Code Size : 372736 Initialized Data Size : 4096 Uninitialized Data Size : 462848 Entry Point : 0xcc970 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.1830 Product Version Number : 5.2.3790.1830 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Unicode Company Name : Zebzzkrcm Rxaqrspowkr File Description : 1394 OpenHCI Port Driver File Version : 5.2.3790.1830 (srv03_sp1_rtm.050324-1447) Internal Name : ohci1394.sys Legal Copyright : © Evjnbhnqj Qgcbgukcyqm. All rights reserved. Original Filename : ohci1394.sys Product Name : Ykedlrmtv® Pbzxkbd® Rgrhjnsnf Ipbdqg Product Version : 5.2.3790.1830
VirusTotal Report submitted 2012-02-13 17:55:17
VirusShare info last updated 2012-07-26 16:36:46

	MD5	c0be2ec1b685a53c2578a7f03d3e99ac
	SHA1	1a40935e432720b15f154600330885e992f09652
	SHA256	2ee1e295f12ca163a51107f6a76d91388e6120b6d8fc37a47d99f65a2341ae33
SSDeep	3072:S+vt6rU50oY8ACDjNDcXJ9e2udFzDMqqDLy/LoDbc:/ekVZ0JfMFzwqqDLuL
Size	131072 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:Vundo-JX [Trj] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/Genetic.gen nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!cUtTk7uwWrU eTrust-Vet = Win32/Vundo.HPV!genus TrendMicro-HouseCall = TROJ_GEN.R72C2FU Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Vundo!iy TrendMicro = TROJ_GEN.R72C2FU Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Vundo.IY!tr McAfee = Vundo!iy F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Vundo-JX [Trj] eSafe = Win32.TRVundo AVG = Generic23.SZT Norman = W32/Suspicious_Gen2.MYUDF GData = Gen:Variant.Vundo.4 BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:05 18:48:40-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 86016 Initialized Data Size : 86016 Uninitialized Data Size : 0 Entry Point : 0x151a7 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.1.4026.0 Product Version Number : 2.0.0.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : Ncpniezam Kdqqjqacykd File Description : Movie Maker Filters File Version : 2, 1, 4026, 0 Internal Name : WMM2FILT Legal Copyright : Copyright (C) Lfwckqjlh Corp, 2004 Legal Trademarks : Original Filename : WMM2FILT.DLL Private Build : Product Name : Windows Movie Maker Product Version : 2.1.4026.0 Special Build :
VirusTotal Report submitted 2011-07-10 07:12:53
VirusShare info last updated 2012-07-26 16:37:22

	MD5	ca8e943823e3b4ff9c7d893efd490de2
	SHA1	1a52652644ec11ac38f74ec2fc697ca42f4d4421
	SHA256	d8d82fe22fd67b42e927931f15f8d8e6bece3759ada55e26c8ff3abf4fca1b03
SSDeep	3072:S+dVS6rU50oY8ACjkBCcX/tYjhdFz1MqqDLy/foDbc:v8ekmE0/iFz2qqDLuf
Size	131072 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:Vundo-JX [Trj] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/Genetic.gen nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!icvViA57g5s eTrust-Vet = Win32/Vundo.HPV!genus TrendMicro-HouseCall = TROJ_GEN.R72C2FU Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Vundo!iy TrendMicro = TROJ_GEN.R72C2FU Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Vundo.IY!tr McAfee = Vundo!iy F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Vundo-JX [Trj] eSafe = Win32.TRVundo AVG = Generic23.TDG Norman = W32/Suspicious_Gen2.MYTZJ GData = Gen:Variant.Vundo.4 BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:05 18:48:40-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 86016 Initialized Data Size : 86016 Uninitialized Data Size : 0 Entry Point : 0x151a7 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.1.4026.0 Product Version Number : 2.0.0.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : Ncpniezam Kdqqjqacykd File Description : Movie Maker Filters File Version : 2, 1, 4026, 0 Internal Name : WMM2FILT Legal Copyright : Copyright (C) Lfwckqjlh Corp, 2004 Legal Trademarks : Original Filename : WMM2FILT.DLL Private Build : Product Name : Windows Movie Maker Product Version : 2.1.4026.0 Special Build :
VirusTotal Report submitted 2011-07-10 06:29:15
VirusShare info last updated 2012-07-26 16:37:22

	MD5	df9e32758b3a8d0bcec971ce6a889e31
	SHA1	1f5f8eeb546c5f5016c0d42cf3e5198a97748bbb
	SHA256	e9747584603d4525f81c8d3333ce85a125a4ee120f32bbfc1384c4322fa38aef
SSDeep	3072:S+Hb6rU50oY8ACJPPZicXJep5CdFzzMqqDLy/XoDbc:5ekrPU0JDFzAqqDLuX
Size	131072 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:Vundo-JX [Trj] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/Genetic.gen nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!MSx0n3nxTp0 eTrust-Vet = Win32/Vundo.HPV!genus TrendMicro-HouseCall = TROJ_GEN.R72C2FU Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Generic.dx!zvy TrendMicro = TROJ_GEN.R72C2FU Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Dx.ZVY!tr McAfee = Generic.dx!zvy F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Vundo-JX [Trj] eSafe = Win32.TRVundo AVG = Generic23.TOK Norman = W32/Suspicious_Gen2.MYUCL GData = Gen:Variant.Vundo.4 BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:05 18:48:40-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 86016 Initialized Data Size : 86016 Uninitialized Data Size : 0 Entry Point : 0x151a7 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.1.4026.0 Product Version Number : 2.0.0.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : Ncpniezam Kdqqjqacykd File Description : Movie Maker Filters File Version : 2, 1, 4026, 0 Internal Name : WMM2FILT Legal Copyright : Copyright (C) Lfwckqjlh Corp, 2004 Legal Trademarks : Original Filename : WMM2FILT.DLL Private Build : Product Name : Windows Movie Maker Product Version : 2.1.4026.0 Special Build :
VirusTotal Report submitted 2011-07-10 05:31:50
VirusShare info last updated 2012-07-26 16:39:06

	MD5	4cac0bd0b2be310a6e6da856a62b01cc
	SHA1	76626bc9abd4362c3249ecddbf5123b737a81116
	SHA256	22307008668690b021fe7b5a4ab8d207902993bfc9587ce5afe8a857a4cf594f
SSDeep	6144:/U3j1scrIsFr/PDCQk78qoYjsxApCpCSR3XO+NZxZfKCEvJq2CqiW18:MT1sMIw/PuL7doHApCpxO+XxZmRvC8i
Size	394724 bytes
File Type	PE32 executable (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Crypt.XPACK.Gen3 Avast = Win32:Vundo-JU [Trj] Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Pirminay K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!5l+K8jjAZso Comodo = TrojWare.Win32.Trojan.Agent.Gen Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.DownLoader5.36152 Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = PossibleThreat McAfee = Generic Malware.ms F-Secure = Gen:Variant.Zbot.34 F-Prot = W32/Ponmocup.A.gen!Eldorado AVG = Generic21.COJO Norman = W32/Kryptik.AIF GData = Gen:Variant.Zbot.34 Commtouch = W32/Ponmocup.A.gen!Eldorado BitDefender = Gen:Variant.Zbot.34 NOD32 = probably a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:29 18:59:57-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 90112 Initialized Data Size : 593920 Uninitialized Data Size : 0 Entry Point : 0x12caf OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Uqtpuowkz Wrcxjobpgfb File Description : Kill Process File Version : 5.1.2600.0 (XPClient.010817-1148) Internal Name : TaskKill.exe Legal Copyright : © Yglnaeocz Slgttikbssa. All rights reserved. Original Filename : TaskKill.exe Product Name : Ynrjyingi® Burypzv® Qxxtgkspl Offldi Product Version : 5.1.2600.0
VirusTotal Report submitted 2012-02-04 11:24:12
VirusShare info last updated 2012-07-26 16:43:24

	MD5	ed5c44c6946479c59ed7c8f7377ff9fa
	SHA1	7bba72da460ec16c5526bf6e71fc62fc138a4c6f
	SHA256	22516b588081fb17898cc1168f839af8c72ee776708f097cdcaa296843d81dd7
SSDeep	3072:ByyVSw+AJFHW2196Z+x7nniab0UxeufeYbM9TxNXSTldMqqDLy/KN:bwMFHW8GYi4N9MDNXSwqqDLu
Size	144896 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-HF [Cryp] Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Genome Panda = Generic Malware nProtect = Trojan/W32.Genome.144896.B K7AntiVirus = Riskware VirusBuster = Trojan.Vundo.Gen!Pac.49 eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R4FC2IL Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[Cont] McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.MulDrop2.36782 TrendMicro = TROJ_GEN.R4FC2IL Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr Jiangmin = Trojan/Generic.ijxd McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.4 VIPRE = Virtumonde F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.OKC Norman = W32/Troj_Generic.AFKP Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.lxf BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:04:05 16:27:57-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 114688 Initialized Data Size : 86016 Uninitialized Data Size : 0 Entry Point : 0x17b96 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 8 Language Code : English (U.S.) Character Set : Unicode Company Name : Tdidwjbjy Lwycvszvikq File Description : Recqmufhl Sound Mapper File Version : 6.0.6000.16386 (nvpsl_rtm.061101-2205) Internal Name : Xtikbbjzg Sound Mapper Legal Copyright : © Microsoft Gkijxsdsygc. All rights reserved. Original Filename : msacm32.acm Product Name : Vywjlybww® Torzzwr® Opufkodvw Ajxsio Product Version : 6.0.6000.16386
VirusTotal Report submitted 2012-03-21 09:04:30
VirusShare info last updated 2012-07-26 16:43:27

	MD5	d39509ec6e411ce8fc5b91c34bdc1fcc
	SHA1	25f6c3c1393fdc2120b0761bf872e32e25e9c841
	SHA256	61f2fa610a02750f826e5a4ab21ae09f342368be29a62d75c80fc5b260c92f8b
SSDeep	3072:S+oF6rU50oY8ACgQYlcX7yZYdFzIMqqDLy/hoDbc:sekdw07jFzjqqDLuh
Size	131072 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:Vundo-JX [Trj] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/Genetic.gen nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!z8GpPgKDswg eTrust-Vet = Win32/Vundo.HPV!genus TrendMicro-HouseCall = TROJ_GEN.R72C2FU Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Vundo!iy TrendMicro = TROJ_GEN.R72C2FU Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Vundo.IY!tr McAfee = Vundo!iy F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Vundo-JX [Trj] eSafe = Win32.TRVundo AVG = Generic23.STZ Norman = W32/Suspicious_Gen2.MYUAI GData = Gen:Variant.Vundo.4 BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:05 18:48:40-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 86016 Initialized Data Size : 86016 Uninitialized Data Size : 0 Entry Point : 0x151a7 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.1.4026.0 Product Version Number : 2.0.0.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : Ncpniezam Kdqqjqacykd File Description : Movie Maker Filters File Version : 2, 1, 4026, 0 Internal Name : WMM2FILT Legal Copyright : Copyright (C) Lfwckqjlh Corp, 2004 Legal Trademarks : Original Filename : WMM2FILT.DLL Private Build : Product Name : Windows Movie Maker Product Version : 2.1.4026.0 Special Build :
VirusTotal Report submitted 2011-07-10 06:52:31
VirusShare info last updated 2012-07-26 16:44:51

	MD5	b0822ce94cbb38cf590f0ec5f8a893b5
	SHA1	2618e360e87316436c1a0848069773a81129d671
	SHA256	cb794e55a7830f010023a47b923e0e68bd0ad62575d103b3ab117e3a34bb975b
SSDeep	1536:RUEv14s61TdoaaiL5W2yLnu2k2UXl5p/n:Rxtn6TdotcZJ2SXlP
Size	49664 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/Win32.Menti.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Menti.49664.AA Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.5 K7AntiVirus = Riskware VirusBuster = Trojan.Menti!H9V5s/B2TRU VBA32 = AdWare.SuperJuan.heur TrendMicro-HouseCall = TROJ_GEN.R1BC2HG Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Vundo.AV6 McAfee-GW-Edition = Vundo!mn DrWeb = Trojan.Siggen2.12319 TrendMicro = TROJ_GEN.R1BC2HG Kaspersky = Trojan.Win32.Menti.guhn Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen McAfee = Vundo!mn F-Secure = Gen:Variant.Vundo.5 VIPRE = Trojan.Win32.Kryptik.laq (v) eSafe = Win32.TRVundo F-Prot = W32/Virtumonde.SU AVG = Cryptic.BTF Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.5 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.SU TheHacker = Trojan/Menti.guhn BitDefender = Gen:Variant.Vundo.5 NOD32 = a variant of Win32/Kryptik.JHE
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2002:08:22 22:50:22-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 6656 Initialized Data Size : 78848 Uninitialized Data Size : 0 Entry Point : 0x2654 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1.2.0.6 Product Version Number : 1.2.0.6 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Unicode Company Name : VMware, Inc. File Description : VMware SCSI Controller Driver File Version : 1.2.0.6 Internal Name : vmscsi.sys Legal Copyright : Copyright © 1998-2006 VMware, Inc. Original Filename : vmscsi.sys Product Name : VMware SCSI Controller Driver Product Version : 1.2.0.6
VirusTotal Report submitted 2011-10-21 21:56:40
VirusShare info last updated 2012-07-26 16:44:53

	MD5	b2b0482c7c2c224c7dcda68bf3826186
	SHA1	962fab07b418fefc97cb5a6c6dd29a5fb1e66f01
	SHA256	29ed66768fe66ded9724ab9432af1013c09308e50ae47ffbc9a03b67e34ad779
SSDeep	3072:+bTVEntdVqRqhGBjvOeJI93o6PfiZy+lKkxdM/2GK0FXR6:UWbVMiGBjvjMPfi
Size	114176 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/Win32.Monder.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Suspicious file K7AntiVirus = Riskware VBA32 = AdWare.SuperJuan.heur TrendMicro-HouseCall = TROJ_GEN.R72C2D8 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK DrWeb = Trojan.Virtumod.10229 TrendMicro = TROJ_GEN.R72C2D8 Kaspersky = Trojan.Win32.Monder.dreo Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Monder.grb McAfee = Artemis!B2B0482C7C2C F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) eSafe = Win32.TRVundo F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic21.BRPY Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen.2 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Monder.dreo BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.KFJ
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:04:10 22:57:10-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 28672 Initialized Data Size : 131072 Uninitialized Data Size : 0 Entry Point : 0x709e OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1.0.13.0 Product Version Number : 1.0.13.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 1 Language Code : Danish Character Set : Unicode Comments : Company Name : Microsoft Corporation File Description : Lexmark 3200 Color Jetprinter File Version : 1, 0, 13, 0 Internal Name : LXSYSRES.DLL Legal Copyright : Copyright (C) Microsoft Corp. 1981-1997 Legal Trademarks : Original Filename : OEMRES Private Build : Product Name : Microsoft(R) Windows NT(R) Operativsystem Product Version : 1, 0, 13, 0 Special Build :
VirusTotal Report submitted 2012-06-15 20:00:50
VirusShare info last updated 2012-07-26 16:46:33

	MD5	cbe219eb6534129b51f5bb53e0ac93a3
	SHA1	2bef8a79fbf4d24a6d3e99c44cd10e0a2e8087f1
	SHA256	7e5de99b26527a9328a8f65d75516d53b56ed6d04d5a36c79bb9836040c38216
SSDeep	1536:UnzdTqgbovN3qQcSS5W1yiWhvwBaqIz1x:2zoVaRDTqI5x
Size	106496 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.13.166 Avast = Win32:MalOb-GD [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Variant.106496.CH Panda = Generic Trojan nProtect = Gen:Variant.Vundo.13 VirusBuster = Trojan.Kryptik!A9n3/g7SnuI Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[RE] McAfee-GW-Edition = Generic.dx!zvu DrWeb = Trojan.Smardec.76 Microsoft = Trojan:Win32/Vundo McAfee = Generic.dx!zvu F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-GD [Cryp] AVG = Generic22.ACPU Norman = W32/Suspicious_Gen2.MXZGL GData = Gen:Variant.Vundo.13 TheHacker = Trojan/Kryptik.ndc BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.NDC
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:11:03 15:11:13-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 20480 Initialized Data Size : 118784 Uninitialized Data Size : 0 Entry Point : 0x285e OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Ctwzhcunz Yqkslirlifg File Description : SCardDlg - Smart Card Common Dialog File Version : 6.0.6000.16386 (oyzlh_rtm.061101-2205) Internal Name : SCardDlg.dll Legal Copyright : © Aaidkyfuy Sphxtbjtbyu. All rights reserved. Original Filename : SCardDlg.dll Product Name : Rdwsfslrj® Irdlbjv® Fppgzaies Fdfkwz Product Version : 6.0.6000.16386
VirusTotal Report submitted 2011-07-22 22:54:02
VirusShare info last updated 2012-07-26 16:47:21

	MD5	c6236a13c0bf0d2dcb68f340722dca3a
	SHA1	5b6377d7df051660245929d6b1a9b483f9032513
	SHA256	2c662fd0d6e74faa4428b22bfc157ac13faac08a565cd4f3e58205ca540c90bc
SSDeep	3072:2KrGl7O3sEuLLCT0x86XWrcblxK9wflD:2oFunk/iwcysl
Size	237568 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.307200 Avast = Win32:MalOb-HH [Cryp] Ikarus = Trojan.Win32.Pirminay K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!yy7dMpFy1h8 eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R4FC1IF Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Vundo!ky DrWeb = Trojan.WinSpy.1224 TrendMicro = TROJ_GEN.R4FC1IF Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen McAfee = Vundo!ky F-Secure = Gen:Variant.Graftor.310 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic24.AFFC Norman = W32/Kryptik.AIF Sophos = Mal/Generic-L GData = Gen:Variant.Graftor.310 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.ndp BitDefender = Gen:Variant.Graftor.310 NOD32 = a variant of Win32/Kryptik.NDP
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:03:21 14:07:29-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 143360 Initialized Data Size : 126976 Uninitialized Data Size : 0 Entry Point : 0x1fd35 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 0.3.1536.1 Product Version Number : 1.10.2.20 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : CANON INC. File Description : Canon Inkjet Printer Driver File Version : 1.10.2.20 (fbl_dox_dev_ihvs.090312-0520) Internal Name : CNBSQ4.DLL Legal Copyright : Copyright CANON INC. 2008 All Rights Reserved Original Filename : CNBSQ4.DLL Product Name : Canon Inkjet Printer Driver Product Version : 1.10.2.20
VirusTotal Report submitted 2012-03-23 09:53:28
VirusShare info last updated 2012-07-26 16:47:33

	MD5	c62b095af3b10d88751a1175c753cd14
	SHA1	2fc1e6af40465dd88a9834b42d77f42345fbc217
	SHA256	bce02b697c07e19b358600903e8e84d289d92f7e112f42b816d54d6452ff8913
SSDeep	3072:osNzYagYSq6xcUS/uRPsjO5oNR2a6GYyJlJ9F0r+WAcwl2H:osNzYJ6qRPucRxy90qWjl
Size	135168 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.AV.574 Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Genome Panda = Generic Malware nProtect = Trojan/W32.Vundo.135168.B K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!G8R9Yk4/gUM TrendMicro-HouseCall = TROJ_GEN.R1BCRFI Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[RE] McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.WinSpy.1229 TrendMicro = TROJ_GEN.R1BCRFI Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.irkc McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.13 VIPRE = Virtumonde eSafe = Win32.TRVundo F-Prot = W32/Virtumonde.CD.gen!Eldorado AVG = Generic22.BZCG Norman = W32/Suspicious_Gen2.MZHCK Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.13 Symantec = Trojan.Gen.2 Commtouch = W32/Virtumonde.CD.gen!Eldorado TheHacker = Trojan/Kryptik.llt BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.LLT
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:11:23 12:22:02-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 106496 Initialized Data Size : 61440 Uninitialized Data Size : 0 Entry Point : 0x17889 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.0 Product Version Number : 5.2.3790.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Neshbidro Gdaeuxfmozv File Description : WIA Video File Version : 5.2.3790.0 (srv03_rtm.030324-2048) Internal Name : WIA Video Legal Copyright : © Urbjjpmzq Gjltvmzbric. All rights reserved. Original Filename : WIAVIDEO.DLL Product Name : Ujanimkrv® Acjdkou® Tgwygwffc Lgwmsd Product Version : 5.2.3790.0
VirusTotal Report submitted 2011-11-24 14:08:50
VirusShare info last updated 2012-07-26 16:49:13

	MD5	b31b3f7392a7a6bb6e432fba9ec8f63a
	SHA1	327f64df414e3f615560b655b5d36eae4bf92a43
	SHA256	360c086128eb3f847f550b60f54b83778a249cf769dd91f488d82765dd408364
SSDeep	1536:k3Aw2uIR+WoPMqqU+NV23S2n8VkFS+FcHmCnzuaUkYUhnQFOo0UT6PpGiD:kQTnjoPMqqDLy/QVzLSkYHFO5Ei
Size	102400 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.AV.573 Avast = Win32:MalOb-HH [Cryp] Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Malware/Win32.Generic Panda = Generic Trojan nProtect = Gen:Variant.Vundo.16 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!JcQR0/Mo2hY TrendMicro-HouseCall = TROJ_GEN.R1BC2G1 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Artemis!B31B3F7392A7 DrWeb = Trojan.WinSpy.238 TrendMicro = TROJ_GEN.R1BC2G1 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr McAfee = Artemis!B31B3F7392A7 F-Secure = Trojan.Generic.KDV.257926 VIPRE = Trojan.Win32.Generic!BT eSafe = Win32.TRVundo F-Prot = W32/Virtumonde.CP.gen!Eldorado AVG = Generic23.NJ Norman = Vundo.UUS Sophos = Troj/Virtum-Gen GData = Trojan.Generic.KDV.257926 Symantec = WS.Reputation.1 Commtouch = W32/Virtumonde.CP.gen!Eldorado TheHacker = Trojan/Kryptik.oxp BitDefender = Trojan.Generic.KDV.257926 NOD32 = Win32/Adware.Virtumonde.NHD
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:01:23 05:31:25-05:00 PE Type : PE32 Linker Version : 5.12 Code Size : 28672 Initialized Data Size : 118784 Uninitialized Data Size : 0 Entry Point : 0x3b6a OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 7.0.0.0 Product Version Number : 5.2.3790.1230 File Flags Mask : 0x003f File Flags : Private build File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Unicode Company Name : Adaptec, Inc. File Description : Adaptec Jfccjbr Ultra320 Driver File Version : 7.0.000.000 (NT.040809-2325) Internal Name : PH 3.0 MS_V98 V564 bw01 - RTC03 Legal Copyright : Copyright © 2003 Adaptec, Inc. All rights reserved. Original Filename : adpu320.sys Product Name : Adaptec Uvsvqsj Ultra320 Family Driver Product Version : 5.2.3790.1230
VirusTotal Report submitted 2011-11-23 20:21:56
VirusShare info last updated 2012-07-26 16:50:26

	MD5	28a002ab6bd7c03603058a8af4c27897
	SHA1	c920acbf7a94c0fe567e06b181b70547e5fc3f49
	SHA256	32b271cce47c2485bb79ea5c1d6ba685002a696930920e767a28a199f72fa8b0
SSDeep	1536:R1L9hgLP/HmcAbQCM1B7vplFu/sk7oj2/WlgWUv9Hx8UpEEc+EPjVcn1z:/qPgbQ5NZWNlulj6TJDEPjOn1
Size	110592 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.307200 Avast = Win32:MalOb-GD [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Malware/Win32.Generic Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.13 K7AntiVirus = Riskware eTrust-Vet = Win32/Monder.A!generic Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Vundo.av McAfee-GW-Edition = Vundo!jt Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Moder.DRJY!tr McAfee = Vundo!jt F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-GD [Cryp] F-Prot = W32/Virtumonde.CD.gen!Eldorado AVG = Generic22.ACAA GData = Gen:Variant.Vundo.13 Commtouch = W32/Virtumonde.CD.gen!Eldorado BitDefender = Gen:Variant.Vundo.13 NOD32 = probably a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2007:01:31 16:15:15-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 53248 Initialized Data Size : 90112 Uninitialized Data Size : 0 Entry Point : 0xaac5 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1999.9.3421.3 Product Version Number : 3.0.0.3421 File Flags Mask : 0x003f File Flags : Special build File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Windows, Latin1 Company Name : Ekuoyslub Mlsuueafpiw File Version : 1999.9.3421.3 Internal Name : MFCSUBS.DLL Legal Copyright : Copyright (C) Olifjcruj Corp. 1995-1999 Legal Trademarks : Ukkghmnjl(R) is a registered trademark of Sybvdwoqx Clknkdghvgk. Tsvigxh(TM) is a trademark of Wigzrfogf Jpvvoslojml Product Name : COM Services Product Version : 03.00.00.3421
VirusTotal Report submitted 2011-07-20 02:49:20
VirusShare info last updated 2012-07-26 16:50:30

	MD5	bf1c960955fd0a80821aee62a864b513
	SHA1	339c445ecacb14a88d38ce6e9f1b959cd62de5f1
	SHA256	51eee2904deddcd6da2bd6ca74b66f9ab24342d30f81b0ae3edeb8e7c36277ec
SSDeep	6144:hzfSSuvloD1DHJXB2GX1yMX93thlyrHyG569BrEBTlo38sqMZIdTRJ5QSj3n2:FRhDHJBIe91+64BRTMETRQQ3
Size	434688 bytes
File Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Detections	AntiVir = TR/Crypt.XPACK.Gen3 Avast = Win32:Pirminay-V Antiy-AVL = Trojan/Win32.Pirminay Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/CI.A nProtect = Gen:Variant.Kazy.26862 TrendMicro-HouseCall = TROJ_GEN.R72C2FO Comodo = TrojWare.Win32.Trojan.Agent.Gen CAT-QuickHeal = Trojan.Pirminay.itg McAfee-GW-Edition = Downloader.a!e DrWeb = Trojan.DownLoader3.43831 TrendMicro = TROJ_GEN.R72C2FO Kaspersky = Trojan.Win32.Pirminay.itg Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Pirminay.ITG!tr McAfee = Downloader.a!e F-Secure = Gen:Variant.Kazy.26862 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Pirminay-V AVG = Generic23.XHY Norman = W32/Suspicious_Gen2.MZFGU Sophos = Mal/Generic-L Symantec = Trojan.Gen GData = Gen:Variant.Kazy.26862 BitDefender = Gen:Variant.Kazy.26862
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:02:05 18:31:31-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 434176 Initialized Data Size : 4096 Uninitialized Data Size : 565248 Entry Point : 0xf4530 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.0 Product Version Number : 5.2.3790.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Lpjparvls Noxsfrjuhqa File Description : Server Appliance Admin Plugin File Version : 5.2.3790.0 (srv03_rtm.030324-2048) Internal Name : ADMINWEB.DLL Legal Copyright : © Eibnutlvm Aldjxlurtkd. All rights reserved. Original Filename : ADMINWEB.DLL Product Name : Rvqavhcvw® Iiidbav® Fbygfireg Teogui Product Version : 5.2.3790.0
VirusTotal Report submitted 2011-06-27 04:31:54
VirusShare info last updated 2012-07-26 16:50:48

	MD5	7fd28ea5f3d18805afc9f356e54b854e
	SHA1	9c9e6ba15a8cc2914e2cb01430c16a969749923e
	SHA256	37cf69dbfb102725942abd2355c0a7338f95d0dc1359f61188498dcc8420fd89
SSDeep	3072:dhian/WPjwWlkzG/OTXQBFZMKN0o9We2bwfx8:eanw5kyOTXAPus/2wx
Size	105984 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:MalOb-FA [Cryp] Antiy-AVL = Trojan/Win32.Agent.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Vundo Panda = Trj/Vundo.I nProtect = Trojan/W32.Vundo.105984.B K7AntiVirus = Trojan VBA32 = Trojan.Agent.hodh eTrust-Vet = Win32/Vundo.HTF!genus TrendMicro-HouseCall = TROJ_VUNDO.SMIA Comodo = TrojWare.Win32.Agent.hodh Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Win32.Trojan.Vundo.5 SUPERAntiSpyware = Trojan.Agent/Gen-Vonder DrWeb = Trojan.Siggen2.26773 TrendMicro = TROJ_VUNDO.SMIA Kaspersky = Trojan.Win32.Agent.hodh Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr Jiangmin = Trojan/Genome.ihm McAfee = Artemis!7FD28EA5F3D1 F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.BZ.gen!Eldorado AVG = Injector.AAJ Norman = W32/Kryptik.AIF Sophos = Troj/Agent-PKR GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.BZ.gen!Eldorado TheHacker = Trojan/Injector.dse BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Injector.DSE
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:02:02 03:17:08-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 57856 Initialized Data Size : 83968 Uninitialized Data Size : 0 Entry Point : 0xf06d OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1.1.4322.573 Product Version Number : 1.1.4322.573 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : netfxperf.lib File Version : 1.1.4322.573 Internal Name : netfxperf.lib Legal Copyright : Copyright (C) Microsoft Corporation 1998-2002. All rights reserved. Legal Trademarks : Microsoft and Windows are either registered trademarks or trademarks of Microsoft Corporation in the U.S. and/or other countries. Original Filename : netfxperf.lib Product Name : Microsoft (R) .NET Framework Product Version : 1.1.4322.573 Comments : Microsoft .NET Framework build environement is Retail. SafeSync counter=0
VirusTotal Report submitted 2012-03-20 19:48:23
VirusShare info last updated 2012-07-26 16:52:08

	MD5	88c8cb4f77ef86395ce059c1cf120b90
	SHA1	1a83d39ab19be34773cff462b5b99027ec9ab765
	SHA256	3803787c318e2500cf11c3cab86fccc077ef7558b4c2940a05f702bde930d756
SSDeep	3072:8haan/W/jmgClkjX/OLAQhFZMKN0o9We25fx8:/anQokjOLAsPus/2Fx
Size	105984 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:MalOb-FA [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Vundo Panda = Trj/Vundo.I nProtect = Trojan/W32.Vundo.105984.B K7AntiVirus = Trojan VirusBuster = Trojan.Agent!IXv2uwcmkko VBA32 = Trojan.Agent.hodh eTrust-Vet = Win32/Vundo.HTF!genus TrendMicro-HouseCall = TROJ_VUNDO.SMIA Emsisoft = Trojan.Win32.Pirminay!IK Comodo = TrojWare.Win32.Agent.hodh CAT-QuickHeal = Win32.Trojan.Vundo.5 SUPERAntiSpyware = Trojan.Agent/Gen-Vonder McAfee-GW-Edition = Vundo!li DrWeb = Trojan.Siggen2.26773 TrendMicro = TROJ_VUNDO.SMIA Kaspersky = Trojan.Win32.Agent.hodh Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Genome.ihm McAfee = Vundo!li F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.BZ.gen!Eldorado AVG = Injector.AAJ Norman = W32/Kryptik.AIF Sophos = Troj/Agent-PKR GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.BZ.gen!Eldorado TheHacker = Trojan/Injector.dse BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Injector.DSE
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:02:02 03:17:08-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 57856 Initialized Data Size : 83968 Uninitialized Data Size : 0 Entry Point : 0xf06d OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1.1.4322.573 Product Version Number : 1.1.4322.573 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : netfxperf.lib File Version : 1.1.4322.573 Internal Name : netfxperf.lib Legal Copyright : Copyright (C) Microsoft Corporation 1998-2002. All rights reserved. Legal Trademarks : Microsoft and Windows are either registered trademarks or trademarks of Microsoft Corporation in the U.S. and/or other countries. Original Filename : netfxperf.lib Product Name : Microsoft (R) .NET Framework Product Version : 1.1.4322.573 Comments : Microsoft .NET Framework build environement is Retail. SafeSync counter=0
VirusTotal Report submitted 2012-04-01 09:17:53
VirusShare info last updated 2012-07-26 16:52:12

	MD5	474b90b50bf11383c11e5bfce31f0126
	SHA1	b4590cd10dfb771ebac33b676a571c44ba9821f0
	SHA256	386a213220e03c2f4a933d306949f8930edb968773096b9cdc7a82fb36dc373b
SSDeep	3072:AnQZByq88SC45T8NrBLlsMqqDLy/QINFB91yahm3AYVj:4oByq88SCMT8N19qqDLuNKpNj
Size	140800 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-HF [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Genome Panda = Trj/CI.A K7AntiVirus = Riskware eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R45C2GP Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Vundo!jy DrWeb = Trojan.WinSpy.1167 TrendMicro = TROJ_GEN.R45C2GP Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.zstc McAfee = Vundo!jy F-Secure = Gen:Variant.Vundo.16 eSafe = Win32.TRVundo F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.JJF Norman = W32/Troj_Generic.COOM Sophos = Troj/Virtum-Gen Symantec = Trojan.Gen GData = Gen:Variant.Vundo.16 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.oxq BitDefender = Gen:Variant.Vundo.16 NOD32 = a variant of Win32/Kryptik.OXQ
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:29 01:09:05-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 61440 Initialized Data Size : 126976 Uninitialized Data Size : 0 Entry Point : 0xba6a OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.5.124 Product Version Number : 6.1.5.124 File Flags Mask : 0x003f File Flags : (none) File OS : Windows 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Windows, Latin1 Company Name : Ajmictewh Kejggmikocc File Description : TIME File Version : 6.01.05.0124 Internal Name : DATIME Legal Copyright : Copyright © Guazqqisw Corp. 1998-1999 Original Filename : DATIME.DLL Product Name : Xoqsezfmy® Ellzasr(TM) Operating Frdpdd Product Version : 6.01.05.0124
VirusTotal Report submitted 2012-04-02 04:17:47
VirusShare info last updated 2012-07-26 16:52:20

	MD5	d935722f577ea3f73c191bc56c9ff2b7
	SHA1	38d933ab5dc4568b5e054fa51443130bc95c4a13
	SHA256	863384b4b728f47bd8a49153e6c9a4c8e920732346b3a7711c997c95b40c69c7
SSDeep	3072:S+Um6rU50oY8ACz1b2cXeYZedFzaMqqDLy/goDbc:TekXS0e7FzJqqDLug
Size	131072 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:Vundo-JX [Trj] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/Genetic.gen nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!f8lepXeQJOA eTrust-Vet = Win32/Vundo.HPV!genus TrendMicro-HouseCall = TROJ_GEN.R72C2FU Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Vundo!iy TrendMicro = TROJ_GEN.R72C2FU Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Vundo.IY!tr McAfee = Vundo!iy F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Vundo-JX [Trj] eSafe = Win32.TRVundo AVG = Generic23.SYA Norman = W32/Suspicious_Gen2.MYUAZ GData = Gen:Variant.Vundo.4 BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:05 18:48:40-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 86016 Initialized Data Size : 86016 Uninitialized Data Size : 0 Entry Point : 0x151a7 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.1.4026.0 Product Version Number : 2.0.0.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : Ncpniezam Kdqqjqacykd File Description : Movie Maker Filters File Version : 2, 1, 4026, 0 Internal Name : WMM2FILT Legal Copyright : Copyright (C) Lfwckqjlh Corp, 2004 Legal Trademarks : Original Filename : WMM2FILT.DLL Private Build : Product Name : Windows Movie Maker Product Version : 2.1.4026.0 Special Build :
VirusTotal Report submitted 2011-07-10 06:53:11
VirusShare info last updated 2012-07-26 16:52:28

	MD5	75c53af805c925236047b052f0304b39
	SHA1	661b1c9d61813adb6e8a60edcb85e90bb47510dc
	SHA256	39ea2bd71dab53eb0db38f22656fb0d4c67974754a236a4bfb5189f62e505586
SSDeep	3072:GWKlw4jJHoeNrhAuPvjwW6CE6LGBkHIaLuGciHuVomg3CJrITywN9llBMqqDLy/H:TJSJJouHIClLGEtnciOV/IwwN96qqDL0
Size	192512 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-HF [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Vundo Panda = Suspicious file Rising = Trojan.Win32.Generic.12898919 nProtect = Trojan/W32.Vundo.192512 K7AntiVirus = Riskware VirusBuster = Trojan.Genome!onjDThmkL6s eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R4FC1IC Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Faldesc[Cont] McAfee-GW-Edition = Vundo!la DrWeb = Trojan.MulDrop2.36782 TrendMicro = TROJ_GEN.R4FC1IC Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.ijcj McAfee = Vundo!la F-Secure = Gen:Variant.Vundo.13 VIPRE = Virtumonde F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.AJQI Norman = W32/Suspicious_Gen2.QBFHA Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.13 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Genome.sqcd BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:29 01:20:56-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 114688 Initialized Data Size : 122880 Uninitialized Data Size : 0 Entry Point : 0x1873a OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.0.2188.1 Product Version Number : 5.0.2188.1 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Bvschllnj Kwwvyoclftc File Description : Yqhtwvc NT Remote Access Perfmon Counter dll File Version : 5.00.2188.1 Internal Name : rasctrs.dll Legal Copyright : Copyright (C) Onwaffnge Corp. 1981-1999 Original Filename : rasctrs.dll Product Name : Mcwmgawgx(R) Wyelbpq (R) 2000 Hmiknycyi Zyqubl Product Version : 5.00.2188.1
VirusTotal Report submitted 2012-03-24 08:52:28
VirusShare info last updated 2012-07-26 16:52:48

	MD5	ff760a868c5246ed09e6b0c67ee0fa5d
	SHA1	c264c9d2203edf00793a89af368d8fc58dc90d3c
	SHA256	3b1b037d38d585c24465e9fa66317326297c3040f5d39af827158ad52389c0a8
SSDeep	3072:vZPPRVuo1MqqDLy/hfxgzsuOVVFlkmay0z:pZSqqDLuDecVfhU
Size	106496 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-HH [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.FakeAV Panda = Suspicious file K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!V1Op3hZ0YRA eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R21CCAQ Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[Cont] McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.MulDrop2.36782 TrendMicro = TROJ_GEN.R21CCAQ Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Vundo Jiangmin = Trojan/Generic.iqqv McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.13 VIPRE = Virtumonde F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.GEL Norman = W32/Kryptik.AIF GData = Gen:Variant.Vundo.13 Symantec = Trojan.Vundo!gen9 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.npr BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.NPR
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:08:22 16:27:15-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 36864 Initialized Data Size : 118784 Uninitialized Data Size : 0 Entry Point : 0x5e8e OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.5512 Product Version Number : 5.1.2600.5512 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 4 Language Code : English (U.S.) Character Set : Unicode Company Name : Hhkpnmodi Gztyebnxsek File Description : RDP Display Driver File Version : 5.1.2600.5512 (xpsp.080413-2111) Internal Name : RDPDD.dll Legal Copyright : © Flaqhafxi Kjvcqccrztv. All rights reserved. Original Filename : RDPDD.dll Product Name : Iaunetfay® Dljbfjb® Pbkgrfwtm Qhktdp Product Version : 5.1.2600.5512
VirusTotal Report submitted 2012-03-26 04:00:11
VirusShare info last updated 2012-07-26 16:53:12

	MD5	b8cb354de8ec283442a92551722efd8c
	SHA1	3c0f2ef32fe05e4dc62c763de45de44cd574ee5f
	SHA256	96774f459a59d58c71474a69bbeeba5dc944363a22052a92eb90c2bf239cc5d4
SSDeep	768:jGTWHmVE69ExT2ncT+dyau6mWyel1+kgsQ6YpiVf5BCjeL9156QpIrQ31lq5XxAQ:8WHyEdZopy+j5/5oeLVL+rklq5woL9
Size	75776 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/Win32.Monder.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware VirusBuster = Trojan.Monder!KldQkORcltU VBA32 = Trojan.Monder.drjy eTrust-Vet = Win32/Vundo.HRE!genus TrendMicro-HouseCall = TROJ_GEN.R1BC2FM Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[RE] McAfee-GW-Edition = Vundo!kl DrWeb = Trojan.Virtumod.10428 TrendMicro = TROJ_GEN.R1BC2FM Kaspersky = Trojan.Win32.Monder.drjy Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Monder.BMF!tr PCTools = Trojan.Gen Jiangmin = Trojan/Monder.aamo McAfee = Vundo!kl ClamAV = Trojan.Vundo-36281 F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) eSafe = Win32.TRVundo F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.CDDO Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.ndc BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.NDC
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:16 21:09:18-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 57344 Initialized Data Size : 61440 Uninitialized Data Size : 0 Entry Point : 0xb78a OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.10.1.5012 Product Version Number : 5.10.1.5012 File Flags Mask : 0x003f File Flags : Private build File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 9 Language Code : English (U.S.) Character Set : Unicode Company Name : Nlrdkdj (R) Server 2003 DDK provider File Description : High Definition Audio Function Driver v1.0a File Version : 5.10.01.5012 built by: WinDDK Internal Name : HDAudio.sys Legal Copyright : © Lkaesnevv Zjjmwqnzrlk. All rights reserved. Original Filename : HDAudio.sys Product Name : Rnaiezbwr® Kksnhbr® Gswfoptcl Ulxdbd Product Version : 5.10.01.5012
VirusTotal Report submitted 2011-11-23 20:50:06
VirusShare info last updated 2012-07-26 16:53:30

	MD5	bae3595751d2bd68598142fc136f4490
	SHA1	e8b1a5181a323d61c3f2fbf00765318602a25130
	SHA256	3eafd72286df5b685942388b6d8541ebe312a2f248563221ae53f8fea652963d
SSDeep	1536:KJPu/Ipl66EaOxQD6lvnEQfLxk435yq/JT58dEdYMaIrhqh4Z/OnBXLzy+4:wK8fE5lvnnXpyq/l58SdYMaIrEhCmnRU
Size	90112 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-EI Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Gen Panda = Suspicious file VBA32 = AdWare.SuperJuan.heur TrendMicro-HouseCall = TROJ_GEN.R28C2DC Comodo = UnclassifiedMalware McAfee-GW-Edition = Artemis!BAE3595751D2 TrendMicro = TROJ_GEN.R28C2DC Microsoft = Trojan:Win32/Vundo PCTools = Trojan.Gen McAfee = Artemis!BAE3595751D2 VIPRE = Trojan.Win32.Generic!BT Prevx = High Risk Fraudulent Security Program Avast5 = Win32:MalOb-EI eSafe = Win32.Trojan AVG = Generic21.BDYZ Symantec = Trojan.Gen.2 GData = Gen:Variant.Vundo.4 TheHacker = Trojan/Kryptik.kfj BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.KFJ
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:07 19:47:37-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 77824 Initialized Data Size : 53248 Uninitialized Data Size : 0 Entry Point : 0x137c4 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Microsoft DirectMusic Interactive Engine File Version : 6.0.6000.16386 (vista_rtm.061101-2205) Internal Name : Microsoft DirectMusic Interactive Engine Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : dmime.dll Product Name : Microsoft® Windows® Operating System Product Version : 6.0.6000.16386
VirusTotal Report submitted 2011-04-20 21:16:13
VirusShare info last updated 2012-07-26 16:54:20

	MD5	4ab8c0d31b6256b8511a95f32509108e
	SHA1	3da97f0c3872916c59cf1a04ec0ac30f5c871272
	SHA256	403437ea07b7c7a18e33bfc39dc4ebf376486971bc1d06683a88691dfbe07480
SSDeep	1536:PrLw2uIR+WoPMqqU+NV23S2n8VkFS+FcHmCnzuaUkYUhnQFOo0UT6PpniD:PvTnToPMqqDLy/QVzLSkYHFO5di
Size	102400 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.AV.573 Avast = Win32:MalOb-HH [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Vundo K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!gNGjjwMui5U eTrust-Vet = Win32/Vundo.H!generic Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Vundo McAfee-GW-Edition = Vundo!oq DrWeb = Trojan.WinSpy.238 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Vundo McAfee = Vundo!oq F-Secure = Gen:Variant.Vundo.16 VIPRE = Trojan.Win32.Kryptik.laq (v) eSafe = Win32.TRVundo.Av F-Prot = W32/Virtumonde.CP.gen!Eldorado AVG = Generic23.NJ Norman = Vundo.UUS Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.16 Symantec = Trojan.Vundo!gen9 Commtouch = W32/Virtumonde.CP.gen!Eldorado TheHacker = Trojan/Kryptik.oxp BitDefender = Gen:Variant.Vundo.16 NOD32 = Win32/Adware.Virtumonde.NHD
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:01:23 05:31:25-05:00 PE Type : PE32 Linker Version : 5.12 Code Size : 28672 Initialized Data Size : 118784 Uninitialized Data Size : 0 Entry Point : 0x3b6a OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 7.0.0.0 Product Version Number : 5.2.3790.1230 File Flags Mask : 0x003f File Flags : Private build File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Unicode Company Name : Adaptec, Inc. File Description : Adaptec Jfccjbr Ultra320 Driver File Version : 7.0.000.000 (NT.040809-2325) Internal Name : PH 3.0 MS_V98 V564 bw01 - RTC03 Legal Copyright : Copyright © 2003 Adaptec, Inc. All rights reserved. Original Filename : adpu320.sys Product Name : Adaptec Uvsvqsj Ultra320 Family Driver Product Version : 5.2.3790.1230
VirusTotal Report submitted 2012-04-02 15:47:42
VirusShare info last updated 2012-07-26 16:54:55

	MD5	be2249f553ca568419ed6184a0f09f32
	SHA1	43471f08a5d5464e834c4f1af349c08f4237e3f8
	SHA256	d3fd4500af49a47c4fbda360351e6d970d29fc10921d7c18fb898bbf7f4766af
SSDeep	6144:gNa09CI0e/C0f2UutCbLCGCFy6p5qqDLufPizLV4E:aa0Eje/C0f5uwCGCFy6p0qnufPz
Size	212992 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-HH [Cryp] Antiy-AVL = Trojan/win32.agent.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.HDC Panda = Suspicious file K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!LT3adpk7smI eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R72C2FN Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[Cont] McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.WinSpy.1558 TrendMicro = TROJ_GEN.R72C2FN Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Vundo Jiangmin = Trojan/Generic.ptem McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.BQI Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = Trojan.Vundo!gen9 Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Gen:Variant.Vundo.4 NOD32 = probably a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2004:07:24 17:53:16-04:00 PE Type : PE32 Linker Version : 5.12 Code Size : 135168 Initialized Data Size : 118784 Uninitialized Data Size : 0 Entry Point : 0x1db7a OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.0 Product Version Number : 5.2.3790.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 4 Language Code : Neutral Character Set : Unicode Company Name : Inmphgbss Purbevygzcb File Description : 32K/64K color VGA\SVGA Display Driver File Version : 5.2.3790.0 (srv03_rtm.030324-2048) Internal Name : vga64k.dll Legal Copyright : © Goahxuyuo Segxrimwour. All rights reserved. Original Filename : vga64k.dll Product Name : Whxmfxriy® Ahupokm® Rfrherlfl Ytexrq Product Version : 5.2.3790.0
VirusTotal Report submitted 2012-04-04 16:34:57
VirusShare info last updated 2012-07-26 16:55:50

	MD5	875b322a161a126480c10837eb2641df
	SHA1	f5b46ee651d69637bcdbdb1bd97b4d18ff55c179
	SHA256	45be083b5d642952d563ee70199f0e3cf526c2f45a4c4d6ddc5b4b660c92e1d2
SSDeep	3072:s/inEi2LI3lQgQSfjoTu6XPG21sZ/PlEbGbdLrMvKYaakH7:s/i3281QgXJiv4/PbdMvRK7
Size	150016 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.307200 Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Monder.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Generic Trojan nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!gxyIzvTdSfQ eTrust-Vet = Win32/Monder.A!generic TrendMicro-HouseCall = TROJ_GEN.R47C3DN Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[RE] McAfee-GW-Edition = Generic.dx!xzj DrWeb = Trojan.Virtumod.10208 TrendMicro = TROJ_GEN.R47C3DN Kaspersky = UDS:DangerousObject.Multi.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Moder.DRJY!tr PCTools = Trojan.Gen Jiangmin = Trojan/Monder.abyl McAfee = Generic.dx!xzj F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:Vundo-JU [Trj] F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic21.CPYP Norman = W32/Suspicious_Gen2.MEUAN Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.lxf BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:04:14 23:19:50-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 94208 Initialized Data Size : 102400 Uninitialized Data Size : 0 Entry Point : 0x13f35 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 2 Language Code : Neutral Character Set : Unicode Company Name : Wdtozaoqi Wnrxmqwlglv File Description : Arabic_French_102 Keyboard Layout File Version : 6.0.6000.16386 (tvvmg_rtm.061101-2205) Internal Name : kbda3 (3.13) Legal Copyright : © Vcnhbzhqo Yhetcarnakf. All rights reserved. Original Filename : kbda3.dll Product Name : Juionegxd® Wphxkgi® Yxfjtgdks Ygmtbf Product Version : 6.0.6000.16386
VirusTotal Report submitted 2011-09-01 20:02:07
VirusShare info last updated 2012-07-26 16:56:32

	MD5	f092856cb3bb7384bc46920fbaed37da
	SHA1	cdbabd699b05e3b7036d1c184c544a1e923c6ee0
	SHA256	4ad114e3e107c1016d06e4774dc55a8354ad813a0e9aa4b32686a9c86a928e2b
SSDeep	3072:Fhaan/Wxjmnlk+D/zoyiTFZMKN0o9Wr2ffx8:GanigkgzoygPusq2Xx
Size	105984 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:MalOb-FA [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Vundo Panda = Trj/Vundo.I nProtect = Trojan/W32.Vundo.105984.B K7AntiVirus = Trojan VirusBuster = Trojan.Agent!AfsL7C1khyQ VBA32 = Trojan.Agent.hodh eTrust-Vet = Win32/Vundo.HTF!genus TrendMicro-HouseCall = TROJ_VUNDO.SMIA Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Win32.Trojan.Vundo.5 SUPERAntiSpyware = Trojan.Agent/Gen-Vonder McAfee-GW-Edition = Vundo!jc DrWeb = Trojan.Siggen2.26773 TrendMicro = TROJ_VUNDO.SMIA Kaspersky = Trojan.Win32.Agent.hodh Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr Jiangmin = Trojan/Genome.ihm McAfee = Vundo!jc F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.BZ.gen!Eldorado AVG = Injector.AAJ Norman = W32/Kryptik.AIF Sophos = Troj/Agent-PKR GData = Gen:Variant.Vundo.4 Symantec = WS.Reputation.1 Commtouch = W32/Virtumonde.BZ.gen!Eldorado TheHacker = Trojan/Injector.dse BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Injector.DSE
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:02:02 03:17:08-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 57856 Initialized Data Size : 83968 Uninitialized Data Size : 0 Entry Point : 0xf06d OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1.1.4322.573 Product Version Number : 1.1.4322.573 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : netfxperf.lib File Version : 1.1.4322.573 Internal Name : netfxperf.lib Legal Copyright : Copyright (C) Microsoft Corporation 1998-2002. All rights reserved. Legal Trademarks : Microsoft and Windows are either registered trademarks or trademarks of Microsoft Corporation in the U.S. and/or other countries. Original Filename : netfxperf.lib Product Name : Microsoft (R) .NET Framework Product Version : 1.1.4322.573 Comments : Microsoft .NET Framework build environement is Retail. SafeSync counter=0
VirusTotal Report submitted 2012-03-20 04:28:42
VirusShare info last updated 2012-07-26 16:58:11

	MD5	825a9b60f415324f71350b4e930f42bd
	SHA1	dadfad597e980b94d6ef033e55f2d8389aa83f0a
	SHA256	4bf1fa26d2c56ef242455713990750e2992ac5520355d03cc8566bf283a240bb
SSDeep	6144:rwIs2d1x2MwU7r4JocqLR/6vZHek2qgV7Z8mm5LQ4wQijL7VnaJOYwI:rwyhwUHkPZB2qgV7Y5U4RE5oOY1
Size	251904 bytes
File Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Detections	AntiVir = ADWARE/Adware.Gen Avast = Win32:Dropper-JAK [Drp] Antiy-AVL = Trojan/Win32.Jorik.gen Ikarus = Trojan-Downloader.Win32.Ponmocup AhnLab-V3 = Trojan/Win32.Jorik Panda = Generic Trojan K7AntiVirus = Trojan VirusBuster = Trojan.Agent!b2PUiWJKgMo VBA32 = Trojan.Jorik.Pirminay.avw TrendMicro-HouseCall = TROJ_GEN.R72C7KB Emsisoft = Trojan-Downloader.Win32.Ponmocup!IK Comodo = TrojWare.Win32.Trojan.Agent.Gen CAT-QuickHeal = TrojanDownloader.Ponmocup.a McAfee-GW-Edition = Artemis!825A9B60F415 DrWeb = Trojan.DownLoader5.12411 TrendMicro = TROJ_GEN.R72C7KB Kaspersky = Trojan.Win32.Jorik.Pirminay.avw Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Agent.LNWZBOQ Jiangmin = Trojan/Generic.knvv McAfee = Artemis!825A9B60F415 F-Secure = Gen:Variant.Graftor.3421 VIPRE = Trojan.Win32.Generic!BT eSafe = Win32.GenVariant.Gra AVG = Generic25.BQGW Norman = W32/Obfuscated.L GData = Gen:Variant.Graftor.3421 TheHacker = Trojan/Jorik.Pirminay.avw BitDefender = Gen:Variant.Graftor.3421 NOD32 = a variant of Win32/Kryptik.XEF
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:30 02:01:14-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 249856 Initialized Data Size : 4096 Uninitialized Data Size : 45056 Entry Point : 0x48800 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 0.3.1536.1 Product Version Number : 1.10.2.20 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : CANON INC. File Description : Canon Inkjet Printer Driver File Version : 1.10.2.20 (fbl_dox_dev_ihvs.090312-0520) Internal Name : CNBBRxxx.DLL Legal Copyright : Copyright CANON INC. 2008 All Rights Reserved Original Filename : CNBBRxxx.DLL Product Name : Canon Inkjet Printer Driver Product Version : 1.10.2.20
VirusTotal Report submitted 2012-03-23 06:29:37
VirusShare info last updated 2012-07-26 16:58:34

	MD5	2b521b47cf74a1f8feb7fc5ca30c68f1
	SHA1	5119ab832faa6ef532b92fc51ecaee5843fb7115
	SHA256	4c611708efde92f9ab1ae648edd3001354196a157f98775b5b133d8caf4222aa
SSDeep	3072:S+nf6rU50oY8ACv2uP1ncXSWiZrdFzSMqqDLy/yoDbc:FekNp0SnFzxqqDLuy
Size	131072 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-HF [Cryp] Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/Genetic.gen nProtect = Trojan/W32.Genome.131072.E K7AntiVirus = Riskware VirusBuster = Trojan.Vundo.AKMH eTrust-Vet = Win32/Vundo.HPV!genus TrendMicro-HouseCall = TROJ_GEN.R4FC1IK Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Vundo!lh DrWeb = Trojan.WinSpy.1185 TrendMicro = TROJ_GEN.R4FC1IK Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.itfy McAfee = Vundo!lh F-Secure = Gen:Variant.Vundo.4 VIPRE = Virtumonde eSafe = Win32.TRVundo F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic24.BPUF Norman = Vundo.UVS Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.lxf BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:05 18:48:40-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 86016 Initialized Data Size : 86016 Uninitialized Data Size : 0 Entry Point : 0x151a7 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.1.4026.0 Product Version Number : 2.0.0.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : Ncpniezam Kdqqjqacykd File Description : Movie Maker Filters File Version : 2, 1, 4026, 0 Internal Name : WMM2FILT Legal Copyright : Copyright (C) Lfwckqjlh Corp, 2004 Legal Trademarks : Original Filename : WMM2FILT.DLL Private Build : Product Name : Windows Movie Maker Product Version : 2.1.4026.0 Special Build :
VirusTotal Report submitted 2011-10-28 21:52:20
VirusShare info last updated 2012-07-26 16:58:43

	MD5	168f834e79dd9e2c6a897cf41fa7c188
	SHA1	64d9962b836bb3bcc7680a14bbea984661ef6e23
	SHA256	4e432f10357364f8617641c071a49e8a3d37bfd05c7051f1b757171c88677585
SSDeep	768:PSlF6EIbl6XVYGLkT7h21tycL/kPHkCxA8Eucr+MJyObRDSRpNlVCsI:PC6pbU8E1AjprcsOtCpNb4
Size	69632 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.ghi Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/Win32.Monder.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Monder.69632.BD Rising = Trojan.Win32.Generic.12950E27 nProtect = Trojan/W32.Monder.69632.L K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!z6h2cO3gUdM VBA32 = Trojan.Monder.mjfh eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_VUNDO.SMP1 Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Vundo.AV5 SUPERAntiSpyware = Trojan.Agent/Gen-Faldesc[Cont] McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.Smardec.58 TrendMicro = TROJ_VUNDO.SMP1 Kaspersky = Trojan.Win32.Monder.mjfh Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Monder.aahh McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.AEJX Norman = W32/Kryptik.AIF Symantec = Trojan.Gen GData = Gen:Variant.Vundo.4 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Monder.mjbr BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.NDF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:11:23 16:38:47-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 49152 Initialized Data Size : 49152 Uninitialized Data Size : 0 Entry Point : 0xbf81 OS Version : 4.0 Image Version : 9.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.1106 Product Version Number : 5.1.2600.1106 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Nimybltgr Xypkzmsxjwz File Description : Cplffpxds DirectMusic Scripting File Version : 5.1.2600.1106 (xpsp1.020828-1920) Internal Name : Lqlbuiifh DirectMusic Scripting Legal Copyright : © Xpmyvicde Nuzgyszckie. All rights reserved. Original Filename : dmscript.dll Product Name : Ehrtaizdy® Xkyordn® Fpyueukmy System Product Version : 5.1.2600.1106
VirusTotal Report submitted 2012-02-16 19:21:03
VirusShare info last updated 2012-07-26 16:59:20

	MD5	f73523fcd33f7e276e8334a22f3a1ca4
	SHA1	ea9af9c6b214d14564934f48ed81e1b6cac7e063
	SHA256	52d897718a4188109e8dcc883f5b088e7e40338704c9244564bc3b275576a27b
SSDeep	6144:DfBCGe8ItEpn+vclOnxE8TkhDUkQXF2olD/BBLKymcrF4:DfGxEpnYwoF/N5BuBcrF
Size	393216 bytes
File Type	PE32 executable (GUI) Intel 80386, for MS Windows
Detections	Ikarus = Trojan-Downloader.Win32.Ponmocup McAfee-GW-Edition = Heuristic.BehavesLike.Win32.Suspicious.H VIPRE = Packed.Win32.Pirminay.a (v) NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:11:10 15:30:46-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 376832 Initialized Data Size : 307200 Uninitialized Data Size : 0 Entry Point : 0x5c206 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Lfthgugiw Eezuqvfdegw File Description : Remote Access AutoDial Helper File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : rasadhlp.dll Legal Copyright : © Iwahvdqbh Sgidyfrrmcv. All rights reserved. Original Filename : rasadhlp.dll Product Name : Difqvbzji® Setvzjb® Operating Ezeofz Product Version : 6.1.7600.16385
VirusTotal Report submitted 2011-04-01 00:10:24
VirusShare info last updated 2012-07-26 17:00:46

	MD5	7786349fc5f8f803cdd61e6ee276bd70
	SHA1	f8b88a0d7cc1e0d2f35bdc2b36dc5d69e47f856c
	SHA256	555a71e22adaa0264f98ee6239be184942e3d0c55d3fb47126d458f35fc71b1d
SSDeep	1536:Fqo89EZUbQhXPHRJESpbWgaE/GSwIdWwgoUD4vA7jnmDwRfojeopoZW0y:EoyESbwUSpbvulIPIDWA7jneHjeopo/
Size	91136 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.A.929 Antiy-AVL = AdWare/Win32.SuperJuan.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Adware/Win32.SuperJuan Panda = Trj/CI.A K7AntiVirus = Adware VirusBuster = Adware.SuperJuan!moqhGPtloe0 TrendMicro-HouseCall = TROJ_GEN.R72C2DC CAT-QuickHeal = Trojan.Vundo SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[RE] McAfee-GW-Edition = Artemis!7786349FC5F8 TrendMicro = TROJ_GEN.R72C2DC Kaspersky = not-a-virus:AdWare.Win32.SuperJuan.aaes Microsoft = Trojan:Win32/Vundo Fortinet = Adware/SuperJuan Jiangmin = Adware/SuperJuan.mz McAfee = Artemis!7786349FC5F8 VIPRE = Virtumonde Prevx = Medium Risk Malware Dropper AVG = Generic21.CORW Norman = W32/Suspicious_Gen2.LBOYT GData = Trojan.Generic.KDV.183073 BitDefender = Trojan.Generic.KDV.183073
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:04:23 08:31:46-04:00 PE Type : PE32 Linker Version : 5.0 Code Size : 36864 Initialized Data Size : 98304 Uninitialized Data Size : 0 Entry Point : 0x68da OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 8.1.3124.0 Product Version Number : 8.1.3124.0 File Flags Mask : 0x003f File Flags : Pre-release, Private build File OS : Win32 Object File Type : Executable application File Subtype : 0 Language Code : Neutral Character Set : Unicode Company Name : Ejlwccyyz Drksjuvlnje File Description : Drslhxwea IME 2002 File Version : 8.1.3124.0 Internal Name : MS-IME 2002 Legal Copyright : Copyright (C) 1995-2000 Qfcjsgkmv Zmsfkjxzypx. All rights reserved. Legal Trademarks : XruycnsnrR is a registered trademark of Nikighixo Euphcltvnkl. Xqfinny(TM) is a trademark of Eymmzioeq Wqkjbukmmtj Original Filename : IMEPADSM.DLL Product Name : Rwweklwyu IME 2002 Product Version : 8.1.3124.0
VirusTotal Report submitted 2011-04-23 22:51:38
VirusShare info last updated 2012-07-26 17:01:34

	MD5	925fefe63fd365f66d41bb8905eb9881
	SHA1	4e03f92549dea30d9249d77d93e4ca74d528769a
	SHA256	57698fbcce83d27b2df8a25f139d01179a4fb7ba9b5fbc2b1c1aaa5e3177c418
SSDeep	6144:qUtw3QEB0/VYNJtkopcr0fN9OjW0bQmbsQoXQposDB:qOy0/6NJPpcq9aW0MhQEHs
Size	271360 bytes
File Type	PE32 executable (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Crypt.ZPACK.Gen2 Avast = Win32:Malware-gen Ikarus = Trojan-Downloader.Win32.Renos AhnLab-V3 = Trojan/Win32.Pirminay Panda = Suspicious file nProtect = Trojan/W32.Vundo.271360 K7AntiVirus = Riskware VBA32 = Trojan.Pirminay.cnr TrendMicro-HouseCall = TROJ_RENOS.BMC Comodo = TrojWare.Win32.Trojan.Agent.Gen Emsisoft = Trojan-Downloader.Win32.Renos!IK CAT-QuickHeal = Trojan.Pirminay.bmw McAfee-GW-Edition = Downloader.a!cb DrWeb = Trojan.DownLoader3.3670 TrendMicro = TROJ_RENOS.BMC Kaspersky = Trojan.Win32.Pirminay.bmw Microsoft = TrojanDownloader:Win32/Renos.KC Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.ajn McAfee = Downloader.a!cb F-Secure = Gen:Variant.Riern.1 VIPRE = Packed.Win32.Pirminay.a (v) eSafe = Win32.TRCrypt.XPACK F-Prot = W32/FakeAlert.LP.gen!Eldorado AVG = Generic20.UMH Norman = W32/Kryptik.AIF Sophos = Mal/Ponmocup-A GData = Gen:Variant.Riern.1 Symantec = Trojan.Gen Commtouch = W32/FakeAlert.LP.gen!Eldorado TheHacker = Trojan/Pirminay.bmw BitDefender = Gen:Variant.Riern.1 NOD32 = a variant of Win32/Kryptik.ITU
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:01:17 09:01:36-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 16896 Initialized Data Size : 505344 Uninitialized Data Size : 0 Entry Point : 0x5032 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.5512 Product Version Number : 5.1.2600.5512 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Eap Peer Config File Version : 5.1.2600.5512 (xpsp.080413-0852) Internal Name : eappcfg.DLL Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : eappcfg.DLL Product Name : Microsoft® Windows® Operating System Product Version : 5.1.2600.5512
VirusTotal Report submitted 2012-05-15 12:54:35
VirusShare info last updated 2012-07-26 17:02:20

	MD5	5cfc471f2c144d772f79d5c8282dcf52
	SHA1	d4ceb90a7acea9bfc476f08c6ef400f835379c96
	SHA256	5bbed5bebef1b3fdc0856d2bd1e94fd7f89fee3bddf56ea95af63a74dc793572
SSDeep	3072:lEyMQMc1y+8oGxeWqLIufvp2qZwteI92AYcrvtU3efxvj74Fg1vhXuDHbbEj0mNV:kQMtN5xdIL53Zwt2PEvuqh7jvhXuD
Size	172032 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Crypt.XPACK.Gen3 Avast = Win32:MalOb-EI Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Suspicious file K7AntiVirus = Trojan VBA32 = AdWare.SuperJuan.heur TrendMicro-HouseCall = TROJ_GEN.R72C2D9 CAT-QuickHeal = Trojan.Vundo McAfee-GW-Edition = Artemis!5CFC471F2C14 TrendMicro = TROJ_GEN.R72C2D9 Kaspersky = Trojan.Win32.Monder.drev Microsoft = Trojan:Win32/Vundo Fortinet = W32/Monder.DREV!tr PCTools = Trojan.Gen Jiangmin = Trojan/Monder.grc McAfee = Artemis!5CFC471F2C14 VIPRE = Virtumonde Prevx = Medium Risk Malware Avast5 = Win32:MalOb-EI eSafe = Win32.TRCrypt.XPACK AVG = Generic21.BSUP Norman = W32/Suspicious_Gen2.KVDSV Symantec = Trojan.Gen.2 GData = Gen:Variant.Vundo.13 TheHacker = Trojan/Monder.drev BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Adware.Virtumonde.NKN
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:08:01 02:42:48-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 77824 Initialized Data Size : 131072 Uninitialized Data Size : 0 Entry Point : 0x134a4 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 0.3.1281.0 Product Version Number : 6.0.5479.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 12 Language Code : Arabic Character Set : Unicode Company Name : Microsoft Corporation File Description : برنامج تشغيل SEIKOSH9 File Version : 6.0.5479.0 (vbl_wcp_d2_drivers.060616-1619) Internal Name : SEK9RES.dll Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : SEK9RES.dll Product Name : Microsoft® Windows® Operating System Product Version : 6.0.5479.0
VirusTotal Report submitted 2011-04-18 09:07:54
VirusShare info last updated 2012-07-26 17:04:46

	MD5	5237bb3ed6aea2135681af210b6c9b01
	SHA1	978a8597b39002edeb9606ef9493365a4512ea2d
	SHA256	5c281ca9dc44e03cf64525e780c83138fb2f2cdd3adbf0abafedd5750dedf3e1
SSDeep	1536:KTzasKyHIqI1/eGUP38XPR5rHtgRXHzqoMIdcN2RcRM1ivZtKVsqzked6LGCPB+v:KasWqIA38vrBPIdkM1iBEVBkLwpWvoz
Size	119167 bytes
File Type	MS-DOS executable
Detections	Avast = Win32:Trojan-gen Ikarus = Trojan-Downloader.Win32.Ponmocup AhnLab-V3 = Trojan/Win32.Pirminay nProtect = Trojan.Generic.KDV.62138 K7AntiVirus = Trojan VBA32 = Trojan.Pirminay.aza Emsisoft = Trojan-Downloader.Win32.Ponmocup!IK Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-MalPE Kaspersky = Trojan.Win32.Pirminay.aza ViRobot = Trojan.Win32.Pirminay.326144 Fortinet = W32/Pirminay.AZA!tr PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.fl McAfee = Artemis!5237BB3ED6AE F-Secure = Trojan.Generic.KDV.62138 F-Prot = W32/Graftor.H.gen!Eldorado AVG = FakeAV.FEI Norman = W32/Suspicious_Gen4.dam GData = Trojan.Generic.KDV.62138 Symantec = Trojan.Gen Commtouch = W32/Graftor.H.gen!Eldorado TheHacker = Trojan/Kryptik.hzv BitDefender = Trojan.Generic.KDV.62138 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	Error : Unknown file type
VirusTotal Report submitted 2012-05-12 16:00:54
VirusShare info last updated 2012-07-26 17:05:02

	MD5	b3a0514d951ce0607ca7ba2f2dca998f
	SHA1	c266678caf4afc1305cbdca723631e114d9488fe
	SHA256	5e8d9b3f3621809cb50f8cb6ced92dff9628e0ce2107e5883f5281d093b25585
SSDeep	3072:Z3Yy5hqishRGyeE8/TEJflFb8u1fxJ93:V5hqiyAEGQQY5J
Size	131072 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Malware/Win32.Generic Panda = Trj/CI.A K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!bBy+sDp9Hw8 TrendMicro-HouseCall = TROJ_GEN.RFFC2DB Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Vundo SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Artemis!B3A0514D951C TrendMicro = TROJ_GEN.RFFC2DB Microsoft = Trojan:Win32/Vundo McAfee = Artemis!B3A0514D951C F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Generic!BT Prevx = High Risk System Back Door Avast5 = Win32:Malware-gen eSafe = Win32.TRATRAPS AVG = Generic21.BRTQ Norman = W32/Suspicious_Gen2.KQDJC GData = Gen:Variant.Vundo.4 BitDefender = Gen:Variant.Vundo.4 NOD32 = probably a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:08:08 12:20:53-04:00 PE Type : PE32 Linker Version : 5.12 Code Size : 110592 Initialized Data Size : 53248 Uninitialized Data Size : 0 Entry Point : 0x1bec1 OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7000.0 Product Version Number : 6.1.7000.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Hwlvhnnaf Hsopsnoqiga File Description : Media Foundation H264 Encoder File Version : 6.1.7000.0 (winmain_win7beta.081212-1400) Internal Name : Media Foundation H264 Encoder Legal Copyright : © Buukogwnp Qliirutbyfn. All rights reserved. Original Filename : mfH264Enc.dll Product Name : Tvzsjayqb® Odfhqkx® Tvuxpmkhy Oakqgn Product Version : 6.1.7000.0
VirusTotal Report submitted 2011-04-18 15:41:51
VirusShare info last updated 2012-07-26 17:06:50

	MD5	f357506ac24417c5424247c377c055f1
	SHA1	bc10bd58b5097579de18f858a01f9e304165d0a3
	SHA256	626b409d51f0c4d0d1aa473ffac32e1e69272ea3d987e97cf6c1d9a9e242b455
SSDeep	12288:jKZ7y8yRxTmYdjO+gC9pBemjN5aWYPC3HD8:jKETaUgYnr8WYPCXD8
Size	483624 bytes
File Type	PE32 executable (GUI) Intel 80386, for MS Windows
Detections	Ikarus = Trojan.Win32.Pirminay Emsisoft = Trojan.Win32.Pirminay!IK
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:09:03 20:34:14-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 458752 Initialized Data Size : 385024 Uninitialized Data Size : 0 Entry Point : 0x6d45f OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 4.4.0.3400 Product Version Number : 4.4.0.3400 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Windows, Latin1 Company Name : Liokqanoq Corporation File Description : RTP/RTCP Core Module File Version : 4.4.3400 Internal Name : RRCM Legal Copyright : Copyright © Mojdqrgoc Ipizoiuuqix, 1996-1999 Original Filename : RRCM.DLL Product Name : RRCM.DLL Product Version : 4.4.3400
VirusTotal Report submitted 2011-04-02 22:21:45
VirusShare info last updated 2012-07-26 17:09:58

	MD5	04b78f32f6489b9d7a2b95cadf70eead
	SHA1	de4b59fddffbe753afeecdb49a8e15135d94b231
	SHA256	62c9ab87149463daeef53438ab91afe44e26e93b8bbe2171493ebba125059c64
SSDeep	3072:JeNf0wbOObqP6Dj6bbnH2xLVo/v52b8IJUSKC:J4fI9C/EbnHkLS2jS
Size	155648 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.A.35 Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay Panda = Trj/CI.A TrendMicro-HouseCall = TROJ_GEN.R3BC2DC Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Artemis!04B78F32F648 Microsoft = Trojan:Win32/Vundo Fortinet = W32/Virtum!tr PCTools = Trojan.Gen McAfee = Artemis!04B78F32F648 F-Secure = Application.Generic.355344 VIPRE = Virtumonde Avast5 = Win32:Malware-gen AVG = Generic21.BBCB Sophos = Troj/Virtum-Gen Symantec = Trojan.Gen.2 GData = Application.Generic.355344 BitDefender = Application.Generic.355344 NOD32 = Win32/Adware.Virtumonde.NHD
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:26 16:41:31-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 86016 Initialized Data Size : 102400 Uninitialized Data Size : 0 Entry Point : 0x1244e OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7000.0 Product Version Number : 6.1.7000.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 4 Language Code : English (U.S.) Character Set : Unicode Company Name : Uxthhdeui Psowbxeuwxd File Description : RDP Reflector Driver Miniport File Version : 6.1.7000.0 (winmain_win7beta.081212-1400) Internal Name : RDPREFMP.SYS Legal Copyright : © Rbnymbats Evjtimdxzbh. All rights reserved. Original Filename : RDPREFMP.SYS Product Name : Rfntuzsvd® Uxyqfjg® Gedouunyk Imlqkx Product Version : 6.1.7000.0
VirusTotal Report submitted 2011-04-13 12:20:38
VirusShare info last updated 2012-07-26 17:10:18

	MD5	b0675ecfe5a562cf5e1003e6e752cddd
	SHA1	63b5e6186ce184189f9b3f927efc216ad92781fb
	SHA256	7acff039734aaa09292f27270bb87a203602172217784a1a3f3c20a07087593b
SSDeep	3072:ZQfXvRswGzXTeFv/pLDrVlslg/lDMqqDLy/Ev:W35FR3A2+qqDLu
Size	134656 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:Pirminay-BU [Trj] Antiy-AVL = Trojan/win32.agent.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Malware/Win32.Generic Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!+QHnpW/rKXQ TrendMicro-HouseCall = TROJ_GEN.R72C2G4 Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Artemis!B0675ECFE5A5 TrendMicro = TROJ_GEN.R72C2G4 Microsoft = Trojan:Win32/Vundo McAfee = Artemis!B0675ECFE5A5 F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Pirminay-BU [Trj] eSafe = Win32.TRVundo AVG = Generic23.XCR Norman = W32/Suspicious_Gen2.MZPUL GData = Gen:Variant.Vundo.4 TheHacker = Trojan/Kryptik.oxq BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.OXQ
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:04:25 21:13:59-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 73728 Initialized Data Size : 110592 Uninitialized Data Size : 0 Entry Point : 0xde8a OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : Debug File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Kueoglqaz Nfilrkigpwa File Description : Session Logoff Utility File Version : 5.1.2600.0 (zrlwrjad.010817-1148) Internal Name : logoff Legal Copyright : © Bjapjdvxh Wfkfjfgkvbu. All rights reserved. Original Filename : logoff.exe Product Name : Nkjypjdwn® Yhlzpbf® Gisbglhbv Hjczkk Product Version : 5.1.2600.0
VirusTotal Report submitted 2011-07-11 23:59:06
VirusShare info last updated 2012-07-26 17:11:12

	MD5	374804e98ce283b1f533f4135fb42ceb
	SHA1	2c59c259b7a51c853b01d18ceb7a6a51b13a1a8e
	SHA256	642b08c6a2b0a69bf1664fa239e15b48add7712170825f02619ba97fb29186ba
SSDeep	768:yxi7LuwnJGtJv9Ltv7ugMr9mSrZ+pbjPnamne2CGkONFVVMdeVXQ6y3:8i7awnovv9Rv7unr9/Z+pb7nhne2CGkH
Size	46080 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay Panda = Generic Trojan Rising = Trojan.Win32.Generic.125F6B72 nProtect = Gen:Variant.Vundo.13 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!bj4bXsMYJp4 VBA32 = Trojan.Pirminay.kam TrendMicro-HouseCall = TROJ_GEN.R4FCDLM Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Artemis!374804E98CE2 DrWeb = Trojan.Hosts.4574 TrendMicro = TROJ_GEN.R4FCDLM Kaspersky = Trojan.Win32.Monder.nhzk Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.fr F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.BZ.gen!Eldorado Norman = W32/Kryptik.AIF GData = Gen:Variant.Vundo.13 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.BZ.gen!Eldorado BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.NPN
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:07:21 20:26:09-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 6656 Initialized Data Size : 74752 Uninitialized Data Size : 0 Entry Point : 0x2887 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2600.0.503.0 Product Version Number : 1.0.0.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Windows, Latin1 Company Name : Microsoft Corp., Veritas Software. File Description : NT Disk Manager Startup Driver File Version : 2600.0.503.0 Internal Name : dmload.sys Legal Copyright : Copyright© 1985-2000 Microsoft Corporation. All rights reserved. .Portions Copyright © 1997-2000 Veritas Software. All rights reserved. Original Filename : dmload.sys Product Name : Logical Disk Manager for Windows NT Product Version : 1.0
VirusTotal Report submitted 2012-01-07 06:03:22
VirusShare info last updated 2012-07-26 17:11:33

	MD5	13e6cc029644d23e0d1b77930325e842
	SHA1	f2ac5cbae30c89a5d8e5bd79a65d136218b6f5e4
	SHA256	6497d33315b9f6613bd1316a9468580406e72b02973f58751f81745acb59d879
SSDeep	1536:Owdv7NegBYUhirXQCh/blh6iOyKDr2hYtMU7N7YwR3:/hYUd6lc2K5L
Size	98304 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-GD [Cryp] Antiy-AVL = Trojan/Win32.Monder.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Trj/CI.A Rising = Trojan.Win32.Generic.12924070 nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!mBN1RSka2es VBA32 = Trojan.Monder.mpvx eTrust-Vet = Win32/Monder.A!generic TrendMicro-HouseCall = TROJ_GEN.R29C1IG Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Faldesc[RE] McAfee-GW-Edition = Vundo!ka DrWeb = Trojan.Virtumod.10119 TrendMicro = TROJ_GEN.R29C1IG Kaspersky = Trojan.Win32.Monder.mpvx Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Monder.abef McAfee = Vundo!ka F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CD.gen!Eldorado AVG = Generic22.ZNK Norman = W32/Suspicious_Gen2.QDZDF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CD.gen!Eldorado TheHacker = Trojan/Kryptik.ndi BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.NDI
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:06:30 10:11:52-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 20480 Initialized Data Size : 110592 Uninitialized Data Size : 0 Entry Point : 0x20c9 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7000.0 Product Version Number : 6.1.7000.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Ttbmtwjsq Magziqauxla File Description : Zwgmzsaid Base Smart Card Crypto Provider File Version : 6.1.7000.0 (winmain_win7beta.081212-1400) Internal Name : basecsp.dll Legal Copyright : © Vrznvwwzv Dboyduehdmp. All rights reserved. Original Filename : basecsp.dll Product Name : Jbfhhzscm® Jtdaxgv® Qvisjwtag Mivnrv Product Version : 6.1.7000.0
VirusTotal Report submitted 2011-10-19 10:59:46
VirusShare info last updated 2012-07-26 17:11:50

	MD5	4dfcd493b309f6cf5004c603c0a08613
	SHA1	37acdd10ad3e416f8ec309ac43f6f75fe6ceac4a
	SHA256	65de369a5c19c5cd2375845435cb2b95a1b603b56947d1214ba30d7421e6ee07
SSDeep	3072:MaOW4LTZnXhZKTCSZF03bYRsWoIhTR24sZav/SUJ6QtQYHwxMomBKh1BI6T7:MHLTZXhZKTTAbA3oIhF2NZaHSCDQY
Size	131072 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Trj/CI.A nProtect = Trojan/W32.Agent.131072.ZH VBA32 = AdWare.SuperJuan.heur eTrust-Vet = Win32/Vundo.H!generic Emsisoft = Trojan.Win32.Pirminay!IK DrWeb = Trojan.Virtumod.9826 Kaspersky = Trojan.Win32.Monder.drjy Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Menti.fam!tr PCTools = Trojan.Vundo Jiangmin = Trojan/Monder.gyv McAfee = Artemis!4DFCD493B309 F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) Norman = W32/Kryptik.AIF GData = Gen:Variant.Vundo.13 Symantec = Trojan.Vundo!gen9 TheHacker = Trojan/Monder.drjy BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Adware.Virtumonde.NHH
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:04:10 13:45:06-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 61440 Initialized Data Size : 110592 Uninitialized Data Size : 0 Entry Point : 0xf1c4 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 4.33.7.3 Product Version Number : 4.33.7.3 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Xerox Corporation File Description : Xerox WorkCentre Pro File Version : 4.33.07.03 Legal Copyright : © 2000-2009 Xerox Legal Trademarks : Xerox®, WorkCentre Original Filename : xrWCtmg2.DLL Product Name : Xerox WorkCentre Product Version : 4.33.07.03 2008.12.02
VirusTotal Report submitted 2012-03-19 06:49:29
VirusShare info last updated 2012-07-26 17:12:53

	MD5	c08cbb81e7fc8d7b62f9be9ca9208953
	SHA1	671af4d4ee254000ec8a6720a9a03424c12b771c
	SHA256	ee5c94aa31d12af10830460f88b0cd186c1cc053807b66887dc5af523217589e
SSDeep	3072:S+fl6rU50oY8ACtuWUcX1ih8dFzpMqqDLy/BoDbc:bekyH013FziqqDLuB
Size	131072 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:Vundo-JX [Trj] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/Genetic.gen nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!+2HFmWDNiOU eTrust-Vet = Win32/Vundo.HPV!genus TrendMicro-HouseCall = TROJ_GEN.R72C2FU Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Vundo!iy TrendMicro = TROJ_GEN.R72C2FU Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Vundo.IY!tr McAfee = Vundo!iy F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Vundo-JX [Trj] eSafe = Win32.TRVundo AVG = Generic23.SUN Norman = W32/Suspicious_Gen2.MYTZB GData = Gen:Variant.Vundo.4 BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:05 18:48:40-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 86016 Initialized Data Size : 86016 Uninitialized Data Size : 0 Entry Point : 0x151a7 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.1.4026.0 Product Version Number : 2.0.0.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : Ncpniezam Kdqqjqacykd File Description : Movie Maker Filters File Version : 2, 1, 4026, 0 Internal Name : WMM2FILT Legal Copyright : Copyright (C) Lfwckqjlh Corp, 2004 Legal Trademarks : Original Filename : WMM2FILT.DLL Private Build : Product Name : Windows Movie Maker Product Version : 2.1.4026.0 Special Build :
VirusTotal Report submitted 2011-07-10 06:14:25
VirusShare info last updated 2012-07-26 17:13:31

	MD5	14c3f43d923ad6907815516e800853d9
	SHA1	b7a3bca738f924071ded9039f1271cfc82b759f7
	SHA256	69f549e8ef3efc1e6a50f8d2b820a4198e85c37f91b78381bfcd16477780f6cb
SSDeep	1536:bjwPXBrkpESDdXjdmrx/P2YHGcAy9NsM8tosRuF9F83QHeoOVzz:gXGWStErHGcNzscFv8311z
Size	61440 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Spyware/Virtumonde Rising = Trojan.Win32.Generic.1246E2F3 nProtect = Trojan/W32.Agent.61440.AKN K7AntiVirus = Riskware VirusBuster = Adware.Virtumonde!7O0YjFhqGVU VBA32 = Trojan.Monder.mmkt eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R21C2H1 Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Monder McAfee-GW-Edition = Vundo!kz DrWeb = Trojan.Virtumod.10128 TrendMicro = TROJ_GEN.R21C2H1 Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr Jiangmin = Trojan/Genome.aazr McAfee = Vundo!kz F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.BZ.gen!Eldorado AVG = Generic23.CMSP Norman = W32/Kryptik.AIF GData = Gen:Variant.Vundo.13 Commtouch = W32/Virtumonde.BZ.gen!Eldorado TheHacker = Trojan/Monder.motp BitDefender = Gen:Variant.Vundo.13 NOD32 = Win32/Adware.Virtumonde.NHD
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:06:20 20:36:36-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 19968 Initialized Data Size : 78336 Uninitialized Data Size : 0 Entry Point : 0x5ced OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7000.0 Product Version Number : 6.1.7000.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Control Method Battery Driver File Version : 6.1.7000.0 (winmain_win7beta.081212-1400) Internal Name : cmbatt.sys Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : cmbatt.sys Product Name : Microsoft® Windows® Operating System Product Version : 6.1.7000.0
VirusTotal Report submitted 2012-03-20 04:28:49
VirusShare info last updated 2012-07-26 17:14:50

	MD5	18ccb3fb61bf092a0ff81c0ebc4d2b85
	SHA1	912ebe8508b4cc0248baf9c5f3659f9816ae6a80
	SHA256	69f5ac2f916af18b0d30dd5c36b9fb2fc2c48aea514d07ba9fb9e9335c94e0af
SSDeep	3072:fVYOTU52Q6nekKb43/inI5+KWhg2bR9Uv41ZlilC8I8mccloR9zAJd7g5d0PTxz3:fJU5inqb43/5P5ERivgGocVk2dC
Size	206336 bytes
File Type	PE32 executable (GUI) Intel 80386, for MS Windows
Detections	AntiVir = ADWARE/Adware.Gen Avast = Win32:Pirminay-CM [Trj] Ikarus = Trojan.Win32.Jorik AhnLab-V3 = Trojan/Win32.Jorik Panda = Suspicious file nProtect = Trojan/W32.Agent.206336.CS VBA32 = TrojanDownloader.Qhost.jw TrendMicro-HouseCall = TROJ_GEN.R26CCCE Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Jorik!IK McAfee-GW-Edition = Generic.evx!t DrWeb = Trojan.DownLoader4.21462 TrendMicro = TROJ_GEN.R26CCCE Kaspersky = Trojan.Win32.Jorik.Pirminay.co Microsoft = TrojanDownloader:Win32/Renos.KC Fortinet = W32/Jorik.K!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.hxys McAfee = Generic.evx!t F-Secure = Trojan.Generic.KDV.298335 VIPRE = Trojan.Win32.Generic!BT AVG = Dropper.Generic4.OOY Norman = W32/Obfuscated.L GData = Trojan.Generic.KDV.298335 Symantec = Trojan.Gen TheHacker = Trojan/Jorik.Pirminay.co BitDefender = Trojan.Generic.KDV.298335 NOD32 = a variant of Win32/Kryptik.UFA
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 16384 Initialized Data Size : 196608 Uninitialized Data Size : 0 Entry Point : 0x138e OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.5.3790.3959 Product Version Number : 6.5.3790.3959 File Flags Mask : 0x30003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Windows, Latin1 Company Name : Microsoft Corporation File Description : Microsoft Network Provider for MPEG2 based networks. File Version : 6.05.3790.3959 Internal Name : msdvbnp.ax Legal Copyright : Copyright (C) 1992-2001 Microsoft Corp. Original Filename : msdvbnp.ax Product Name : DirectShow Product Version : 6.05.3790.3959 Direct Show : Core OLE Self Register : DXM20
VirusTotal Report submitted 2012-03-19 07:45:29
VirusShare info last updated 2012-07-26 17:14:50

	MD5	e79553c7c9dc8d40f2424b83f853bf8b
	SHA1	e42b2cbcc76ea8b9619a95da6cbdf3fd9b69f6ba
	SHA256	6cc1b33752d6e6f076b2a7a650892d5b78d519de5bc5bc28bbe2d438589f8141
SSDeep	3072:UB5VHUvJIn85c432dkld1dyL8COwFivWlG:708sdsyiJvWl
Size	118784 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.307200 Avast = Win32:MalOb-GD [Cryp] Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Pirminay Panda = Trj/CI.A K7AntiVirus = Riskware eTrust-Vet = Win32/Vundo.H!generic Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Win32.Trojan.Monder.cw.5 SUPERAntiSpyware = Trojan.Agent/Gen-Faker McAfee-GW-Edition = Vundo!oq DrWeb = Trojan.WinSpy.1297 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Vundo Jiangmin = Trojan/Genome.amir McAfee = Vundo!oq F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CD.gen!Eldorado AVG = Generic21.BESY Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = Trojan.Vundo!gen9 Commtouch = W32/Virtumonde.CD.gen!Eldorado BitDefender = Gen:Variant.Vundo.4 NOD32 = probably a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:09:07 01:49:22-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 57344 Initialized Data Size : 102400 Uninitialized Data Size : 0 Entry Point : 0xb805 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.2600.0 Product Version Number : 6.1.2600.0 File Flags Mask : 0x003f File Flags : Pre-release, Private build File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : Korean Character Set : Windows, Korea (Shift - KSC 5601) Company Name : Szotclbio Prvufqabcbd File Description : MS-IME IMEPad resource file (Korean) File Version : 6.1.2600.0 Internal Name : PADRS412.DLL Legal Copyright : Copyright (C) 1995-2000 Ncohvolri Vbxrmtzhagg. All rights reserved. Legal Trademarks : Microsoft (R) is a registered trademark of Eonugeyav Ewxiycfjwdi. Xxzoxzx(TM) is a trademark of Microsoft Crmpumootkc Original Filename : PADRS412.DLL Product Name : Nybizlxxw Korean IME 2002 Product Version : 6.1.2600.0
VirusTotal Report submitted 2012-03-20 04:26:41
VirusShare info last updated 2012-07-26 17:16:11

	MD5	313da57bb10d3e759e0e04b72f5896e3
	SHA1	d974e3923d358a44baf7e5bf1382bdd4abc4ec79
	SHA256	6d72ebb9edcadd7144e1bd46c5045e075f43d76a8b166529d6820694babe19b4
SSDeep	3072:sFW99Is4thw+qx0IV5pKV/d1Q+3zAH8222yQNBoEZh7LuZO:sFaIsEhwtiGXa/dSSzh222yQNBoEZhp
Size	124416 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	Avast = Win32:MalOb-EI Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Suspicious file K7AntiVirus = Trojan VBA32 = AdWare.SuperJuan.heur TrendMicro-HouseCall = TROJ_GEN.R72C2DA CAT-QuickHeal = Trojan.Monder.drfp McAfee-GW-Edition = Artemis!313DA57BB10D TrendMicro = TROJ_GEN.R72C2DA Microsoft = Trojan:Win32/Vundo Fortinet = W32/Monder.DRFP!tr Jiangmin = Trojan/Monder.aaab McAfee = Artemis!313DA57BB10D VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-EI AVG = Generic21.CGTK GData = Trojan.Generic.KDV.179217 BitDefender = Trojan.Generic.KDV.179217 NOD32 = a variant of Win32/Adware.Virtumonde.NKL
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:08:11 19:34:59-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 28672 Initialized Data Size : 135168 Uninitialized Data Size : 0 Entry Point : 0x7b24 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 8.1.7103.0 Product Version Number : 8.1.7103.0 File Flags Mask : 0x003f File Flags : Pre-release, Private build File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : Japanese Character Set : Windows, Japan (Shift - JIS X-0208) Company Name : Microsoft Corporation File Description : Microsoft IME File Version : 8.1.7103.0 Internal Name : MS-IME Legal Copyright : Copyright (C) 1995-2001 Microsoft Corporation. All rights reserved. Legal Trademarks : MicrosoftR is a registered trademark of Microsoft Corporation. Windows(TM) is a trademark of Microsoft Corporation Original Filename : IMJP8K.DLL Product Name : Microsoft IME 2002 Product Version : 8.1.7103.0
VirusTotal Report submitted 2011-04-21 08:38:02
VirusShare info last updated 2012-07-26 17:16:27

	MD5	ce3486a1a79ee764e36be3529147af0f
	SHA1	a20d2c030419fdccc87412d533cdaf66a858c8bd
	SHA256	6eb70feb14103051037863f0c63403371776b789cdd5171e74dc21f80a3a2a08
SSDeep	3072:peqvnbigPN2rUnvjfBhhRFArie0/0NkFfuldMqqDLy/rR+9:pduWnvxRFw0skFf1qqDLu0
Size	137216 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-HF [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Genome Panda = Trj/CI.A K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!OXa5HWC12iE eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R28C2IK Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[Cont] McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.Click2.286 TrendMicro = TROJ_GEN.R28C2IK Kaspersky = Trojan.Win32.Monder.nmxj Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Vundo Jiangmin = Trojan/Generic.iptc McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.4 VIPRE = Virtumonde F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.AUN Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = Trojan.Vundo!gen9 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.llt BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LLT
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:05 17:20:27-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 73728 Initialized Data Size : 114688 Uninitialized Data Size : 0 Entry Point : 0xe2ca OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.2180 Product Version Number : 5.1.2600.2180 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 6 Language Code : English (U.S.) Character Set : Unicode Company Name : Keixqbqdc Bwvleejxlrx File Description : IPv6 Tfwssbn Firewall Driver File Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Internal Name : ip6fw.sys Legal Copyright : © Capanacsh Bngdmkceeph. All rights reserved. Original Filename : ip6fw.sys Product Name : Kdgurrwrx® Bddpqkb® Xxzlbjwzi System Product Version : 5.1.2600.2180
VirusTotal Report submitted 2012-03-21 09:04:15
VirusShare info last updated 2012-07-26 17:17:00

	MD5	ae96297a4dbd3f9abba9e824a1e8ad97
	SHA1	70cc7e40eb557cfbdcd00f68b6875459240ecc44
	SHA256	7f515adaacee347aec30fe808eddbaa9462ae075777416f63ed7641fc8c61dff
SSDeep	3072:S+fD6rU50oY8ACyhaUcXzec/dFzWMqqDLy/boDbc:tekCn0zRFzdqqDLub
Size	131072 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:Vundo-JX [Trj] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/Genetic.gen Rising = Trojan.Win32.Generic.12897F2C nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!dR6VgYmrqLI eTrust-Vet = Win32/Vundo.HPV!genus TrendMicro-HouseCall = TROJ_GEN.R72C2FU Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Vundo!iy TrendMicro = TROJ_GEN.R72C2FU Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Vundo.IY!tr McAfee = Vundo!iy F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Vundo-JX [Trj] eSafe = Win32.TRVundo AVG = Generic23.TDR Norman = W32/Suspicious_Gen2.MYTYV GData = Gen:Variant.Vundo.4 BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:05 18:48:40-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 86016 Initialized Data Size : 86016 Uninitialized Data Size : 0 Entry Point : 0x151a7 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.1.4026.0 Product Version Number : 2.0.0.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : Ncpniezam Kdqqjqacykd File Description : Movie Maker Filters File Version : 2, 1, 4026, 0 Internal Name : WMM2FILT Legal Copyright : Copyright (C) Lfwckqjlh Corp, 2004 Legal Trademarks : Original Filename : WMM2FILT.DLL Private Build : Product Name : Windows Movie Maker Product Version : 2.1.4026.0 Special Build :
VirusTotal Report submitted 2011-07-10 06:30:48
VirusShare info last updated 2012-07-26 17:17:53

	MD5	877e1836ef0722467e1f0e60c2b17875
	SHA1	a5069cb0f3431eb3c32806e5322090725f65f600
	SHA256	731fb67573991adb1b9c76cd6ff7104dd9a57fa057fae6b3d0cd5cb04021edf3
SSDeep	6144:bgOviFZ3FvaZGCbuFaplyBWa2cf07oPxl9XzLDGO71iKFGOso/Qhm5Vsr8:b/iFdFv0GCbu9Wa2cf0cxLXjH4KF+lhm
Size	362496 bytes
File Type	PE32 executable (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Dldr.Ponmocup.A.191 Avast = Win32:Pirminay-R [Trj] Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Generic Trojan Rising = Trojan.Win32.Generic.1289CFC0 nProtect = Trojan/W32.Agent.362496.AR K7AntiVirus = Trojan TrendMicro-HouseCall = TROJ_GEN.R72C2D6 Comodo = TrojWare.Win32.Trojan.Agent.Gen Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = TrojanDownloader.Ponmocup.a McAfee-GW-Edition = Generic Downloader.x!fvh DrWeb = Trojan.Hosts.4225 TrendMicro = TROJ_GEN.R72C2D6 Kaspersky = Trojan.Win32.Pirminay.elu ViRobot = Trojan.Win32.Pirminay.362496 Microsoft = TrojanDownloader:Win32/Ponmocup.A Jiangmin = Trojan/Pirminay.pu McAfee = Generic Downloader.x!fvh F-Secure = Trojan.Generic.KDV.172878 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Pirminay-R [Trj] eSafe = Win32.TRDldr.Ponmocu AVG = Generic21.BLKJ Norman = W32/Obfuscated.L Sophos = Mal/Generic-L GData = Trojan.Generic.KDV.172878 TheHacker = Trojan/Pirminay.elu BitDefender = Trojan.Generic.KDV.172878 NOD32 = a variant of Win32/Injector.FXK
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:08:15 17:43:02-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 61440 Initialized Data Size : 598016 Uninitialized Data Size : 0 Entry Point : 0xb94b OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 4.0.2.7523 Product Version Number : 4.0.2.7523 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Vgfvkwmfv Oswqwhxakgj File Description : Gbjywezif FrontPage Server Administration Snapin File Version : 4.0.2.7523 Original Filename : FPMMC.DLL Legal Copyright : Copyright © 1995-1999 Microsoft Oaihhhytdam, All rights reserved. Legal Trademark 1 : Rvubgvopk®, Xbenfcb®, and FrontPage® are registered trademarks of Ouhrpajyf Dbibbqexdrv, and WebBot is a trademark of Cnntwnjac Yykamswwggp, in the United States and/or other countries. Product Name : Microsoft® FrontPage® 2000 Product Version : 4.0.2.7523
VirusTotal Report submitted 2011-07-21 20:11:19
VirusShare info last updated 2012-07-26 17:18:55

	MD5	4990259c643ee8ac4daa17cb631536d8
	SHA1	ee9aa9789abc1053b9a22994b04cffae2551a5e6
	SHA256	7904ae69a157e7f7a1a822159870365a5bfb01f2f08a028fb52e378f5c4449d1
SSDeep	3072:pauILXsqopZzHyK8x6KrwEutZhwHJValiljMqqDLy/eiK:7ILXsDzSK8WxhwgnqqDLue
Size	166400 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.A.946 Avast = Win32:Kryptik-ELX [Trj] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Trj/Genetic.gen Rising = Trojan.Win32.Generic.12899D94 nProtect = Trojan/W32.Vundo.166400.V K7AntiVirus = Riskware VBA32 = Trojan.Monder.drjy eTrust-Vet = Win32/Vundo.HQK TrendMicro-HouseCall = TROJ_GEN.R28C2G8 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Monder.drjy McAfee-GW-Edition = Artemis!4990259C643E DrWeb = Trojan.Smardec.75 TrendMicro = TROJ_GEN.R28C2G8 Kaspersky = Trojan.Win32.Monder.drjy Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen Jiangmin = Trojan/Monder.aapz McAfee = Artemis!4990259C643E F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) eSafe = Win32.TRVundo.A F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.ANJ Norman = W32/Kryptik.AIF Sophos = Mal/Generic-L GData = Gen:Variant.Vundo.13 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.oxq BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.OXQ
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:12:07 01:22:53-05:00 PE Type : PE32 Linker Version : 5.12 Code Size : 98304 Initialized Data Size : 118784 Uninitialized Data Size : 0 Entry Point : 0x148ca OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.3790.3959 Product Version Number : 6.0.3790.3959 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Microsoft IIS Common Logging Interface DLL File Version : 6.0.3790.3959 (srv03_sp2_rtm.070216-1710) Internal Name : ISCOMLOG.DLL Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : ISCOMLOG.DLL Product Name : Internet Information Services Product Version : 6.0.3790.3959
VirusTotal Report submitted 2012-04-02 12:12:29
VirusShare info last updated 2012-07-26 17:21:33

	MD5	3105f4964a5043ae078ae23757e71bc0
	SHA1	861abadd4ac2c31313167b5299f01d9aec7bcde6
	SHA256	7a1e391cdc44fd8de9ec49dd700cd11b00a3cf4b23264171e3c0aef02739b0e9
SSDeep	3072:0qLPoLEjv/hvwC6Is2ECUxqjofETpWT9JlIinCXc3ACO:ziEtvwC7XUxqsfkpWT98inCXcQC
Size	119296 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.aba.1 Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/Win32.Monder.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder nProtect = Trojan/W32.Monder.119296 K7AntiVirus = Riskware eTrust-Vet = Win32/Monder.A!generic TrendMicro-HouseCall = TROJ_VUNDO.SMUM9 Emsisoft = Trojan.Win32.Pirminay!IK Comodo = TrojWare.Win32.Agent.blnb CAT-QuickHeal = Trojan.Monder.drjy SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[Cont] McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.Virtumod.9910 TrendMicro = TROJ_VUNDO.SMUM9 Kaspersky = Trojan.Win32.Monder.drjy Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Vundo Jiangmin = Trojan/Monder.aanz McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CD.gen!Eldorado AVG = Generic21.BLNB Norman = W32/Kryptik.AIF Symantec = Trojan.Vundo!gen9 GData = Gen:Variant.Vundo.13 Commtouch = W32/Virtumonde.CD.gen!Eldorado TheHacker = Trojan/Kryptik.lxf BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2005:04:14 22:44:38-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 65536 Initialized Data Size : 98304 Uninitialized Data Size : 0 Entry Point : 0xcf39 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Hvbvnkbmo Imcpacdlicy File Description : IAS Pipeline File Version : 5.1.2600.0 (rwwdvpwo.010817-1148) Internal Name : IASPOLCY.DLL Legal Copyright : © Miluracvn Fpyproycska. All rights reserved. Original Filename : IASPOLCY.DLL Product Name : Ppqvspivk® Qpiulya® Epfsbzvsb Abjzsx Product Version : 5.1.2600.0
VirusTotal Report submitted 2012-01-18 05:03:47
VirusShare info last updated 2012-07-26 17:22:03

	MD5	b0fbf796ba189881780285f066a1b1ef
	SHA1	7aa660327aba041c89b0b7a8344d99af9715346a
	SHA256	4349e360bfe78a40c0f5d9d9a53ab74a4d9561956b1e36a7b064d1f5961e33eb
SSDeep	3072:S+Vc6rU50oY8ACroIocXD7WYC4dFzQMqqDLy/RoDbc:8ekap0D7TFzbqqDLuR
Size	131072 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-HF [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/Genetic.gen nProtect = Trojan/W32.Genome.131072.E K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!qeVmgnIR5OY TrendMicro-HouseCall = TROJ_GEN.R72C2FU Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Win32.Vundo.av5.ML McAfee-GW-Edition = Vundo!iy DrWeb = Trojan.WinSpy.1185 TrendMicro = TROJ_GEN.R72C2FU Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Generic.oazs McAfee = Vundo!iy ClamAV = PUA.Win32.Packer.Armadillo-93 F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Generic!BT eSafe = Win32.TRVundo F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.TMH Norman = Vundo.UVS Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = WS.Reputation.1 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.lxf BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:05 18:48:40-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 86016 Initialized Data Size : 86016 Uninitialized Data Size : 0 Entry Point : 0x151a7 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.1.4026.0 Product Version Number : 2.0.0.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : Ncpniezam Kdqqjqacykd File Description : Movie Maker Filters File Version : 2, 1, 4026, 0 Internal Name : WMM2FILT Legal Copyright : Copyright (C) Lfwckqjlh Corp, 2004 Legal Trademarks : Original Filename : WMM2FILT.DLL Private Build : Product Name : Windows Movie Maker Product Version : 2.1.4026.0 Special Build :
VirusTotal Report submitted 2012-06-08 07:15:23
VirusShare info last updated 2012-07-26 17:22:15

	MD5	8f9f274f7940dea36e9e9043a32a2996
	SHA1	8f9f5fde08ec4bf627e753a77313a8aa3d522e3d
	SHA256	7b7ce1e9a2e9250b1d1a32b87a80439280e536f16cca2688ac22c73599b13c11
SSDeep	1536:TOQhoPdpp+rw9O5apNHQqSTIAwkl5Y0TFTdzI3oFFPNSQ0Of:s4wMQr7STIAwklvvs3oFF8Q0O
Size	143360 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:MalOb-EI [Cryp] Ikarus = Gen.Variant.Vundo AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/Genetic.gen K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!kPKuLqAqrL4 eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_VUNDO.SMP3 Emsisoft = Gen.Variant.Vundo!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.WinSpy.1241 TrendMicro = TROJ_VUNDO.SMP3 Kaspersky = Trojan.Win32.Monder.drjy Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Monder.aanw McAfee = Generic Malware.ms ClamAV = W32.Trojan.Vundo-457 F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.ASDT Norman = W32/Kryptik.AIN Sophos = Mal/Generic-L GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen.2 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.lxf BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2005:03:04 06:26:52-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 73728 Initialized Data Size : 102400 Uninitialized Data Size : 0 Entry Point : 0xf22e OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 10.0.6000.16386 Product Version Number : 10.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Lmufmjsoy Trcmetnyfwe File Description : Bouiafwrx IME File Version : 10.0.6000.16386 (hjrdt_rtm.061101-2205) Internal Name : IMTCCORE Legal Copyright : © Gnbjfswph Oezinochskb. All rights reserved. Original Filename : IMTCCORE.DLL Product Name : Vzitbymrt® Ibcqsau® Vgqmtwoio Iiotgc Product Version : 10.0.6000.16386
VirusTotal Report submitted 2012-05-13 21:42:16
VirusShare info last updated 2012-07-26 17:22:33

	MD5	5cbd36d95b2329c02152112a957ce639
	SHA1	91e92845b83e662e127af8b046c353c4b396335d
	SHA256	81d8bd4180835a1b3fe27e4b63a683d84d9110e782b3ed99c7bff46a1f160f07
SSDeep	6144:qdNYeBb+Zbl8EhDKf100QRchpvhYt4tZrsle:6N2bw00QChpvSSYe
Size	245760 bytes
File Type	PE32 executable (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Graftor.1139.3 Avast = Win32:Trojan-gen Antiy-AVL = Trojan/Win32.Jorik Ikarus = Trojan-Downloader.Win32.Ponmocup AhnLab-V3 = Trojan/Win32.Pirminay Panda = Suspicious file K7AntiVirus = Trojan VirusBuster = Trojan.Kryptik!XfX39ngN+PI VBA32 = Trojan.Jorik.Pirminay.aor TrendMicro-HouseCall = TROJ_GEN.R42C9JL Comodo = UnclassifiedMalware Emsisoft = Trojan-Downloader.Win32.Ponmocup!IK CAT-QuickHeal = Trojan.Jorik.Pirminay.aor McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.Packed.21871 TrendMicro = TROJ_GEN.R42C9JL Kaspersky = Trojan.Win32.Jorik.Pirminay.aor Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Virtum.MS!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.knvv McAfee = Generic Malware.ms F-Secure = Gen:Variant.Graftor.1139 VIPRE = Trojan.Win32.Generic!BT eSafe = Win32.TRGraftor AVG = Generic25.AIMB Norman = W32/Obfuscated.L Sophos = Troj/Virtum-Gen GData = Gen:Variant.Graftor.1139 Symantec = Trojan.Gen TheHacker = Trojan/Kryptik.ufa BitDefender = Gen:Variant.Graftor.1139 NOD32 = a variant of Win32/Kryptik.UFA
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 16384 Initialized Data Size : 237568 Uninitialized Data Size : 0 Entry Point : 0x128e OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 2 Language Code : Neutral Character Set : Unicode Company Name : Vmwpqtsnz Itnnuuimmgt File Description : Belarusian Keyboard Layout File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : kbdblr (3.13) Legal Copyright : © Rlmfcwalb Glajkqonpdw. All rights reserved. Original Filename : kbdblr.dll Product Name : Efonsnjxj® Jixbrkx® Bjewyoqev Niilje Product Version : 6.1.7600.16385
VirusTotal Report submitted 2012-03-21 01:56:29
VirusShare info last updated 2012-07-26 17:25:03

	MD5	d1e2fe7f91af12e0425e8e24f1ebbccd
	SHA1	f4fcf4cc5b8e2ed8321c1e1ae5a9cdad31d98bf2
	SHA256	822df51bc4c12d50c55fcde51a7a42b5a23fb41eb17bcc16830e0c02f520449d
SSDeep	3072:xWVYwwp7tBWI9I7/pDWOS0WAoJC0oLp+e+z4mRBDjyDG:xMw9tBkS1Cgz4mRBny
Size	133120 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-GD [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.FakeAV Panda = Suspicious file K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!pZMvREgR4d0 eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R11C2G5 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Vundo!jb DrWeb = Trojan.WinSpy.1172 TrendMicro = TROJ_GEN.R11C2G5 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Vundo Jiangmin = Trojan/Generic.ipsf McAfee = Vundo!jb F-Secure = Gen:Variant.Vundo.4 VIPRE = Virtumonde F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.AUNW Norman = W32/Kryptik.AIF GData = Gen:Variant.Vundo.4 Symantec = Trojan.Vundo!gen9 Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Gen:Variant.Vundo.4 NOD32 = probably a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:09 21:06:46-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 73728 Initialized Data Size : 98304 Uninitialized Data Size : 0 Entry Point : 0xfd9a OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 4.6.3.518 Product Version Number : 4.6.3.518 File Flags Mask : 0x30003f File Flags : (none) File OS : Windows 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Windows, Latin1 Company Name : Microsoft Corporation File Description : Microsoft DirectDraw File Version : 4.06.03.0518 Internal Name : ddraw.dll Legal Copyright : Copyright © Microsoft Corp. 1994-1999 Original Filename : ddraw.dll Product Name : Microsoft® DirectX for Windows® 95 and 98 Product Version : 4.06.03.0518
VirusTotal Report submitted 2012-03-21 08:58:26
VirusShare info last updated 2012-07-26 17:25:11

	MD5	bc612c4ee368b59973cab193c19477d3
	SHA1	88c22fdaa8e792287e3836ef9a53878978d35785
	SHA256	8b42101af1fa44e8413d822ccc5a3a143d66ace8ef359c223b9e37812f55b494
SSDeep	3072:S+4vv6rU50oY8AC8QRscXK8QZdFzWMqqDLy/VoDbc:eektO0KFFzdqqDLuV
Size	131072 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:Vundo-JX [Trj] Antiy-AVL = Trojan/win32.agent.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/Genetic.gen nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware VirusBuster = Trojan.Vundo.AKMH eTrust-Vet = Win32/Vundo.HPV!genus TrendMicro-HouseCall = TROJ_GEN.R72C2G4 Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Artemis!BC612C4EE368 TrendMicro = TROJ_GEN.R72C2G4 Microsoft = Trojan:Win32/Vundo.gen!AV PCTools = Trojan.Gen McAfee = Artemis!BC612C4EE368 F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Vundo-JX [Trj] eSafe = Win32.TRVundo AVG = Generic23.WVK Norman = W32/Suspicious_Gen2.MZPZC Symantec = Trojan.Gen GData = Gen:Variant.Vundo.4 BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:05 18:48:40-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 86016 Initialized Data Size : 86016 Uninitialized Data Size : 0 Entry Point : 0x151a7 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.1.4026.0 Product Version Number : 2.0.0.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : Ncpniezam Kdqqjqacykd File Description : Movie Maker Filters File Version : 2, 1, 4026, 0 Internal Name : WMM2FILT Legal Copyright : Copyright (C) Lfwckqjlh Corp, 2004 Legal Trademarks : Original Filename : WMM2FILT.DLL Private Build : Product Name : Windows Movie Maker Product Version : 2.1.4026.0 Special Build :
VirusTotal Report submitted 2011-07-11 23:58:35
VirusShare info last updated 2012-07-26 17:27:53

	MD5	e3fec86b7b15f13105a59f19f91a8389
	SHA1	44f81ddc9751f167ff40d8d5144e813bd90548f9
	SHA256	8a65fb6fac1a24819d4693a26a9a99da945c9b1d615a9ab9b141c95bcfdca78a
SSDeep	6144:E0eyo6gUt/Zs6UTiGjO+114VIgvPQ2MDNEE+sognkT3JYckCe:E0eyoByWvVg3Q9JEAonz
Size	311296 bytes
File Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:Kryptik-DEK [Trj] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Suspicious file nProtect = Trojan-Clicker/W32.Fakealert.311296.C VirusBuster = Trojan.Pirminay!VM4B3l6mVsY TrendMicro-HouseCall = TROJ_GEN.R4FC3GG Comodo = TrojWare.Win32.Trojan.Agent.Gen Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falleg[Cont] McAfee-GW-Edition = Generic.dx!baft DrWeb = Trojan.DownLoader3.32380 TrendMicro = TROJ_GEN.R4FC3GG Kaspersky = Trojan.Win32.Pirminay.ihk Microsoft = TrojanDownloader:Win32/Renos.KC Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.adu McAfee = Generic.dx!baft F-Secure = Trojan.Generic.6148258 VIPRE = Trojan.Win32.Generic!BT AVG = Generic23.GFX Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Trojan.Generic.6148258 Symantec = Trojan.Gen TheHacker = Trojan/Pirminay.ihk BitDefender = Trojan.Generic.6148258 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:11:14 22:09:53-05:00 PE Type : PE32 Linker Version : 5.12 Code Size : 311296 Initialized Data Size : 4096 Uninitialized Data Size : 393216 Entry Point : 0xac400 OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 4.11.21.0 Product Version Number : 4.11.21.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : U.S. Robotics Ogelakbqpag File Description : 3csdpi File Version : 4. 11. 21 Internal Name : 3csdpi Legal Copyright : Copyright © 2000 U.S. Robotics Xibapwwzbst Legal Trademarks : Original Filename : 3csdpi.dll Private Build : Product Name : U.S. Robotics Modem Driver Product Version : 4. 11. 21 Special Build :
VirusTotal Report submitted 2012-03-19 06:11:10
VirusShare info last updated 2012-07-26 17:28:32

	MD5	b6a2591dabbdc8446206e81fea06564b
	SHA1	865538c3adeed46762fa37ed847d487c9bfb8271
	SHA256	8c0eaa84164be68ac4c78e063f70891d5d302be9622ec2bd482fc857665ea204
SSDeep	1536:W2f3pg/K34yEAaGu0SjE8cybGtDGZxolTlBDGIglhy05WVM/8+NZ00m:XfR38su3g82DWolTqIg3KM/JNZ00
Size	122880 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-GD [Cryp] Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Genome Panda = Generic Trojan Rising = Trojan.Win32.Generic.129752B6 nProtect = Trojan/W32.Vundo.122880.T K7AntiVirus = Riskware VirusBuster = Trojan.Genome!kAklGPEM1vc VBA32 = Trojan.Genome.ucgy Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Genome.ucgy McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.Click1.63023 TrendMicro = TROJ_GEN.R4FC2G7 Kaspersky = Trojan.Win32.Genome.ucgy Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Genome.ahcz McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.ZJX Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.13 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Genome.twso BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.NDS
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:08:29 01:32:30-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 57344 Initialized Data Size : 98304 Uninitialized Data Size : 0 Entry Point : 0xb70a OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Kcssvwbkk Mpoiygxoupe File Description : Llrxajq Write File Version : 5.1.2600.0 (uxozrtxg.010817-1148) Internal Name : write Legal Copyright : © Lerxelvhk Xwronziumui. All rights reserved. Original Filename : write Product Name : Uprgknoah® Ngtbofq® Mucsciuya Reywjr Product Version : 5.1.2600.0
VirusTotal Report submitted 2012-06-18 10:02:57
VirusShare info last updated 2012-07-26 17:29:11

	MD5	b9424b4ad712fca5dad614a4d508b2aa
	SHA1	8c68b85787ad5edfc6e4d2ebd7f8dd920b7d1c33
	SHA256	a385755014069e6e747752f058671d2bb7d29741aff3129f88984147e7b439c0
SSDeep	1536:QI3Q6J6O8EcJoLStwsHaYUKuc+l4zkCL4QEU0ip1gq0jbxB5/sng:Qsf6OMaStwdhKRU4zkCL4Q30ipeq0bL2
Size	75264 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-EI Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Adware/Win32.SuperJuan Panda = Suspicious file nProtect = Gen:Variant.Renos.61 K7AntiVirus = Adware VBA32 = AdWare.SuperJuan.heur TrendMicro-HouseCall = TROJ_GEN.R47C2FN McAfee-GW-Edition = Generic PUP.z!fw TrendMicro = TROJ_GEN.R47C2FN Kaspersky = not-a-virus:AdWare.Win32.SuperJuan.xxi Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = Adware/SuperJuan PCTools = Trojan.Gen McAfee = Generic PUP.z!fw F-Secure = Gen:Variant.Renos.61 VIPRE = Virtumonde Avast5 = Win32:MalOb-EI AVG = Cryptic.BTF Symantec = Trojan.Gen.2 GData = Gen:Variant.Renos.61 TheHacker = Trojan/Kryptik.jhe BitDefender = Gen:Variant.Renos.61 NOD32 = a variant of Win32/Kryptik.JHE
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:11:29 18:45:49-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 24064 Initialized Data Size : 87040 Uninitialized Data Size : 0 Entry Point : 0x6b1e OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.0.2147.1 Product Version Number : 5.0.2147.1 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Pentium Floating Point Divide Error Utility File Version : 5.00.2147.1 Internal Name : pentnt Legal Copyright : Copyright (C) Microsoft Corp. 1981-1999 Original Filename : pentnt.exe Product Name : Microsoft(R) Windows (R) 2000 Operating System Product Version : 5.00.2147.1
VirusTotal Report submitted 2011-06-29 15:29:19
VirusShare info last updated 2012-07-26 17:29:21

	MD5	8aef58f7fc01a5cf6ff6dc1bf23e5602
	SHA1	db04f21ff86fb13c9908ae1b5fdb85d06af3c71f
	SHA256	92964a62a989118baae1e10c96b96d15ea0f3b7e593a0d3a594f49d8261a798c
SSDeep	12288:wXkjfAo+00LmgYNOH0nRZPhIfpoCTJHdN+/L:mo+1mgYOH0nnhjgrN+/L
Size	401858 bytes
File Type	PE32 executable (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Spy.401845 Avast = Win32:Kryptik-BLF [Trj] Ikarus = Trojan.Win32.Pirminay K7AntiVirus = Riskware VirusBuster = Trojan.Agent!GQTD9pITbks Comodo = TrojWare.Win32.Trojan.Agent.Gen Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.DownLoader4.47727 Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Kryptik.ANL!tr Jiangmin = Trojan/Pirminay.tt McAfee = Generic Malware.ms VIPRE = Trojan.Win32.Generic!BT AVG = Generic22.BR Norman = W32/Kryptik.AIF GData = Gen:Variant.Vundo.11 Symantec = Trojan.Gen TheHacker = Trojan/Pirminay.fdt BitDefender = Gen:Variant.Vundo.11 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:12 14:13:41-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 77824 Initialized Data Size : 630784 Uninitialized Data Size : 0 Entry Point : 0x1318c OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Unicode Company Name : Nuawdfuth Vvjeavkgphw File Description : Virtual WiFi Bus Driver File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : VWiFiBus.sys Legal Copyright : © Irxrlzomg Svalqtoyspi. All rights reserved. Original Filename : VWiFiBus.sys Product Name : Rjpeyzlhi® Doeeaff® Vmkslwdyo Xhlqwh Product Version : 6.1.7600.16385
VirusTotal Report submitted 2012-04-11 17:30:44
VirusShare info last updated 2012-07-26 17:31:48

	MD5	9c1fdbbd93e10db266d9baea1f48fcbd
	SHA1	93481364831f1d23ec00d635ce8bd7f3d2e2e4ca
	SHA256	2a9ba9c344503f4a47cf7e9e7b3bda654ae4654e76a872f8585badc1f499022e
SSDeep	3072:S+0J6rU50oY8ACZ76HxVrcX5Mx8dFznMqqDLy/+oDbc:AekH7yv05FFzMqqDLu+
Size	131072 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:Vundo-JX [Trj] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/Genetic.gen nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!m824Z5AtK3o eTrust-Vet = Win32/Vundo.HPV!genus TrendMicro-HouseCall = TROJ_GEN.R72C2FU Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Vundo!iy TrendMicro = TROJ_GEN.R72C2FU Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Vundo.IY!tr McAfee = Vundo!iy F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Vundo-JX [Trj] eSafe = Win32.TRVundo AVG = Generic23.TDX Norman = W32/Suspicious_Gen2.MYUCN GData = Gen:Variant.Vundo.4 BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:05 18:48:40-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 86016 Initialized Data Size : 86016 Uninitialized Data Size : 0 Entry Point : 0x151a7 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.1.4026.0 Product Version Number : 2.0.0.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : Ncpniezam Kdqqjqacykd File Description : Movie Maker Filters File Version : 2, 1, 4026, 0 Internal Name : WMM2FILT Legal Copyright : Copyright (C) Lfwckqjlh Corp, 2004 Legal Trademarks : Original Filename : WMM2FILT.DLL Private Build : Product Name : Windows Movie Maker Product Version : 2.1.4026.0 Special Build :
VirusTotal Report submitted 2011-07-10 06:52:42
VirusShare info last updated 2012-07-26 17:32:02

	MD5	ee3a1b037715629d29ac7d98d5216738
	SHA1	a1377e6ca9853ffae4d9a8aac97c215871ce18c0
	SHA256	99c07fba83184fbeb9cc21ff2d3201cb1bb56de6e6f9730c69f932f92314a035
SSDeep	1536:RQS3YyRekhq10fcFy29kw+M9EpeERm/TEXf5FWE/k8SJ11HLxKSKqkl3:Z3Yy5hqishuGyeE8/TEXf5FW8C1rxi3
Size	131072 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Malware/Win32.Generic Panda = Trj/CI.A K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!2eHl6GMSatg TrendMicro-HouseCall = TROJ_GEN.R72C2D8 Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Vundo SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Artemis!EE3A1B037715 TrendMicro = TROJ_GEN.R72C2D8 Microsoft = Trojan:Win32/Vundo McAfee = Artemis!EE3A1B037715 F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Generic!BT Prevx = High Risk System Back Door Avast5 = Win32:Malware-gen eSafe = Win32.TRATRAPS AVG = Generic21.BRPE GData = Gen:Variant.Vundo.4 BitDefender = Gen:Variant.Vundo.4 NOD32 = probably a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:08:08 12:20:53-04:00 PE Type : PE32 Linker Version : 5.12 Code Size : 110592 Initialized Data Size : 53248 Uninitialized Data Size : 0 Entry Point : 0x1bec1 OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7000.0 Product Version Number : 6.1.7000.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Hwlvhnnaf Hsopsnoqiga File Description : Media Foundation H264 Encoder File Version : 6.1.7000.0 (winmain_win7beta.081212-1400) Internal Name : Media Foundation H264 Encoder Legal Copyright : © Buukogwnp Qliirutbyfn. All rights reserved. Original Filename : mfH264Enc.dll Product Name : Tvzsjayqb® Odfhqkx® Tvuxpmkhy Oakqgn Product Version : 6.1.7000.0
VirusTotal Report submitted 2011-04-18 09:03:08
VirusShare info last updated 2012-07-26 17:34:18

	MD5	636cd794f9bdef624b61db889514b00c
	SHA1	81f8cabdc5cf762edbcebafb702c37a8a52a0ab0
	SHA256	9bb65a98fa9f85b32b8f276c3792b42501de9744f3fcbeeb8067ae49c61d0a16
SSDeep	1536:lXV2fWdB7RmGToUllAfsWCC764BTRbk3YS8H7O8YWpSC+lXpLSIhLFypMhmWo/rp:lXVOWBlufyW64BVbk470CcNw0mWo/rG
Size	121344 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-HF [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Generic Trojan nProtect = Trojan/W32.Agent.121344.BHD K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!Oc6aM+REMu4 eTrust-Vet = Win32/Vundo.H!generic Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Faker McAfee-GW-Edition = Vundo!op DrWeb = Trojan.Virtumod.10407 Kaspersky = Trojan.Win32.Monder.drjy Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Vundo Jiangmin = Trojan/Monder.aaqk McAfee = Vundo!op VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.ALCV Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Trojan.Generic.KDV.574060 Symantec = Trojan.Vundo!gen9 Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Trojan.Generic.KDV.574060 NOD32 = a variant of Win32/Kryptik.LLT
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:03:06 00:26:37-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 98304 Initialized Data Size : 65536 Uninitialized Data Size : 0 Entry Point : 0x154d2 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.0.0.3422 Product Version Number : 2.0.0.3422 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : Jwxdjjovk Menqvzqrlas File Description : Microsoft Character Animation Data Provider File Version : 2.00.0.3422 Internal Name : AgentDataProvider2 Legal Copyright : Copyright (C) Yilawobqa Corp. 1997-98 Legal Trademarks : Original Filename : AgentDp2.dll Private Build : Product Name : Vrtciadup Character Animation Data Provider Product Version : 2.00.0.3422 Special Build :
VirusTotal Report submitted 2012-03-19 06:52:32
VirusShare info last updated 2012-07-26 17:35:01

	MD5	a9daf11dd71f0e6e2389245464bafa5f
	SHA1	952d4cbde00cd364ef81f40c6fa0f5fc3accdfc3
	SHA256	9c34ed595aaca0dc725b28ec805056087b0350b1e59ec70218ebc436db5a52f5
SSDeep	3072:G5WVYw8pNtqW59IsODgxkTWAoJCxoip+e+z4mRBDjyZG:G5M8/tq2kUCaz4mRBny
Size	133120 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-GD [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.FakeAV Panda = Suspicious file K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!ly80d9EB1AE eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_SPNR.2FAC12 Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Vundo!kz DrWeb = Trojan.WinSpy.1172 TrendMicro = TROJ_SPNR.2FAC12 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.ipsf McAfee = Vundo!kz F-Secure = Gen:Variant.Vundo.4 VIPRE = Virtumonde F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.AUNW Norman = W32/Kryptik.AIF Sophos = Mal/Generic-L GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen.2 Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Gen:Variant.Vundo.4 NOD32 = probably a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:09 21:06:46-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 73728 Initialized Data Size : 98304 Uninitialized Data Size : 0 Entry Point : 0xfd9a OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 4.6.3.518 Product Version Number : 4.6.3.518 File Flags Mask : 0x30003f File Flags : (none) File OS : Windows 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Windows, Latin1 Company Name : Microsoft Corporation File Description : Microsoft DirectDraw File Version : 4.06.03.0518 Internal Name : ddraw.dll Legal Copyright : Copyright © Microsoft Corp. 1994-1999 Original Filename : ddraw.dll Product Name : Microsoft® DirectX for Windows® 95 and 98 Product Version : 4.06.03.0518
VirusTotal Report submitted 2012-03-21 08:55:35
VirusShare info last updated 2012-07-26 17:35:12

	MD5	7791c6314afad71c9cdafec8a1025d8d
	SHA1	450d456fb77043f252160fb53d0f53d2c9f88b0c
	SHA256	9dd81662527e61fd5327cf4fab5cf45a43e42821a3ec29dc7f66ac38440f7b55
SSDeep	12288:Lr8mi+OQwrlULCS4cTqtMFWEacV3/sHEQ:/SrQIueSVqiFfaU
Size	401920 bytes
File Type	PE32 executable (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:Kryptik-CZP [Trj] Antiy-AVL = Trojan/Win32.Pirminay Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay nProtect = Trojan/W32.Agent.401920.BI K7AntiVirus = Trojan TrendMicro-HouseCall = TROJ_PIRMI.SMUM2 Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Pirminay.ici SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[Cont] McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.DownLoader3.15766 TrendMicro = TROJ_PIRMI.SMUM2 Kaspersky = Trojan.Win32.Pirminay.ici Microsoft = TrojanDownloader:Win32/Renos.KC Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.abu McAfee = Generic Malware.ms F-Secure = Trojan.Generic.KDV.244814 VIPRE = Trojan.Win32.Generic!BT AVG = Dropper.Generic3.CECW Norman = W32/Kryptik.AIF Sophos = Mal/Generic-L GData = Trojan.Generic.KDV.244814 Symantec = Trojan.Gen TheHacker = Trojan/Pirminay.ici BitDefender = Trojan.Generic.KDV.244814 NOD32 = a variant of Win32/Injector.FXK
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:09 08:52:44-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 24576 Initialized Data Size : 741376 Uninitialized Data Size : 0 Entry Point : 0x33d3 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 12.0.7000.7000 Product Version Number : 12.0.7000.7000 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Krenhizpf Wyzkcanrtzb File Description : Edstakv Media Player Launcher File Version : 12.0.7000.7000 (winmain_win7beta.081212-1400) Internal Name : wmpshell.dll Legal Copyright : © Btvvswsnp Vrwvvvwjgdi. All rights reserved. Original Filename : wmpshell.dll Product Name : Microsoft® Ilmregk® Uajcpyseh Flyxjg Product Version : 12.0.7000.7000
VirusTotal Report submitted 2012-03-24 07:48:45
VirusShare info last updated 2012-07-26 17:35:45

	MD5	b8a44dc775eb4b94a35904ed3d8649e1
	SHA1	9fbcae84a954c4a5afc5af5793c8ad99dbd7085b
	SHA256	16c3473924d6c5e954df60b11bcda7a36b6385a419edca62206ee2a5b9fbd556
SSDeep	3072:+wEJPf4yD8741CgHDN523/fjNUMRIgTg+elRPNgKxFbipT8IPzwC+BkuN0NNmYWn:fQf4y47RgHmfjN0+emAFbipT8Sw6uN0i
Size	142336 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Menti.142336.S Panda = Suspicious file Rising = Trojan.Win32.Generic.1294CF0A nProtect = Trojan/W32.Agent.142336.DZ K7AntiVirus = Riskware VirusBuster = Adware.Virtumonde!YA8eF72kxS4 VBA32 = AdWare.SuperJuan.yiy eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R72C2FR Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Vundo!jf DrWeb = Trojan.Siggen3.2677 TrendMicro = TROJ_GEN.R72C2FR Kaspersky = Trojan.Win32.Menti.guto Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Menti.rw McAfee = Vundo!jf F-Secure = Application.Generic.370315 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.BFX Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Application.Generic.370315 Symantec = Trojan.Gen.2 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Menti.hfmc BitDefender = Application.Generic.370315 NOD32 = a variant of Win32/Adware.Virtumonde.NHH
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:08:17 13:29:23-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 126976 Initialized Data Size : 57344 Uninitialized Data Size : 0 Entry Point : 0x1fbea OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1.1.0.0 Product Version Number : 1.1.0.0 File Flags Mask : 0x003f File Flags : Private build, Special build File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : NikeDrv.sys Company Name : S3/Diamond Multimedia Systems File Description : NikeDrv Usb Driver File Version : 1.00.0000.0 Internal Name : NikeDrv.sys Legal Copyright : Coyright (C) S3/Diamond Multimedia Systems 2000 Legal Trademarks : S3/Diamond Multimsdia Systems Original Filename : NikeDrv.sys Private Build : 0 Product Name : NikeDrv Product Version : 1.00.0000.0 Special Build : 0
VirusTotal Report submitted 2012-04-04 17:19:26
VirusShare info last updated 2012-07-26 17:36:18

	MD5	c55db568bc817cae1e882eb035528b8d
	SHA1	b56b2b1aa31b240628c3e4f48dd003458118f5ee
	SHA256	a048008f84fd17de0a972855eadb9467e12ced84b90fdb93ab76b8999e07d59c
SSDeep	3072:S+0M6rU50oY8ACmcCXcXA/9QQdFz+MqqDLy/0oDbc:xekPU0A/TFz1qqDLu0
Size	131072 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-HF [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/Genetic.gen nProtect = Trojan/W32.Genome.131072.E K7AntiVirus = Riskware VirusBuster = Trojan.Vundo.AKMH eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R11C2HO Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[Cont] McAfee-GW-Edition = Vundo!ks DrWeb = Trojan.WinSpy.1185 TrendMicro = TROJ_GEN.R11C2HO Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.oazs McAfee = Vundo!ks F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Vundo.MH Norman = Vundo.UVS Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.lxf BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:05 18:48:40-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 86016 Initialized Data Size : 86016 Uninitialized Data Size : 0 Entry Point : 0x151a7 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.1.4026.0 Product Version Number : 2.0.0.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : Ncpniezam Kdqqjqacykd File Description : Movie Maker Filters File Version : 2, 1, 4026, 0 Internal Name : WMM2FILT Legal Copyright : Copyright (C) Lfwckqjlh Corp, 2004 Legal Trademarks : Original Filename : WMM2FILT.DLL Private Build : Product Name : Windows Movie Maker Product Version : 2.1.4026.0 Special Build :
VirusTotal Report submitted 2012-03-19 07:01:25
VirusShare info last updated 2012-07-26 17:36:33

	MD5	a557008292507889ca24fca827af65c0
	SHA1	92d9f92b3b92d8cbdb3e52850d341d9cb8fa60bd
	SHA256	a07500b621c3571bcd259c7a51f6ce17138c9d5c585c89edf36a30dd4469f647
SSDeep	6144:ngBj1PQmUcwt+6j9c5AmI6vYzvzkZ+HxKc72Rzm4nK/gHuCNrNLDvtCfQkTzLF:njm3sigvKc7b4KSrJMfQyF
Size	397312 bytes
File Type	PE32 executable (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:Pirminay-S [Trj] Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Pirminay.397312.P Panda = Generic Trojan Rising = Trojan.Win32.Generic.128E56C5 nProtect = Trojan/W32.Agent.397312.GI VirusBuster = Trojan.Pirminay!faich/lQYeA VBA32 = Trojan.Pirminay.ewl eTrust-Vet = Win32/Renos.CKJ Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Pirminay.ewl SUPERAntiSpyware = Trojan.Agent/Gen-Falleg[RE] McAfee-GW-Edition = Downloader.a!fg DrWeb = Trojan.Hosts.4380 TrendMicro = TROJ_GEN.R3EC2H6 Kaspersky = Trojan.Win32.Pirminay.ewl Microsoft = TrojanDownloader:Win32/Renos.KC Fortinet = W32/Pirminay.EWL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.sb McAfee = Downloader.a!fg F-Secure = Trojan.Generic.5790726 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Vundo-JU [Trj] eSafe = Win32.TRDropper AVG = Generic22.CP Norman = W32/Obfuscated.L Sophos = Mal/Generic-L Symantec = Trojan.Gen GData = Trojan.Generic.5790726 TheHacker = Trojan/Pirminay.ewl BitDefender = Trojan.Generic.5790726 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:12:11 03:47:40-05:00 PE Type : PE32 Linker Version : 5.12 Code Size : 20480 Initialized Data Size : 733184 Uninitialized Data Size : 0 Entry Point : 0x2453 OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6001.18000 Product Version Number : 6.0.6001.18000 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Nlrynqulr Rlbmthudbfl File Description : Ncegmicnw Neutral Natural Language Server Data and Code File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840) Internal Name : NlsData0010 Legal Copyright : © Qucqiszdn Egyauyqhitv. All rights reserved. Original Filename : NlsData0010.dll Product Name : Xgcwjlkoi® Sxgwevq® Lmodrtvqu Psztqc Product Version : 6.0.6001.18000
VirusTotal Report submitted 2011-08-27 01:53:09
VirusShare info last updated 2012-07-26 17:36:40

	MD5	ee3b817365e81bfffb6bc0e60f00ecf3
	SHA1	a177d24a8753ea9b2b07b2270458024a0e84b2c4
	SHA256	8d34a1cf2b34b3fc7b129a3841d176f8686b58a202880fb6bb239dbe88377030
SSDeep	1536:fTNFQKXSwny+5Xt3aFgKDsyBHtpwOcdnDB64kEbHtLc0ZnKG09:LNVSO5XUqtm0OcdnDMaI0Zl0
Size	84480 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/Win32.Menti.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Menti Panda = Suspicious file nProtect = Trojan/W32.Menti.84480.B K7AntiVirus = Trojan VBA32 = AdWare.SuperJuan.heur TrendMicro-HouseCall = TROJ_GEN.R11C2I8 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Menti.iobt SUPERAntiSpyware = Trojan.Agent/Gen-Kryptik McAfee-GW-Edition = Artemis!EE3B817365E8 DrWeb = Trojan.Hosts.4846 TrendMicro = TROJ_GEN.R11C2I8 Kaspersky = Trojan.Win32.Menti.iobt Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Menti.cpa McAfee = Artemis!EE3B817365E8 F-Secure = Gen:Variant.Vundo.6 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Cryptic.BTF Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.6 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Gen:Variant.Vundo.6 NOD32 = a variant of Win32/Kryptik.JHE
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:11:16 06:26:58-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 38400 Initialized Data Size : 82944 Uninitialized Data Size : 0 Entry Point : 0xa2f4 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.5512 Product Version Number : 5.1.2600.5512 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Internet Print Provider DLL File Version : 5.1.2600.5512 (xpsp.080413-0852) Internal Name : inetpp.dll Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : inetpp.dll Product Name : Microsoft® Windows® Operating System Product Version : 5.1.2600.5512
VirusTotal Report submitted 2012-07-01 09:50:19
VirusShare info last updated 2012-07-26 17:37:13

	MD5	febd7814d94f259b4afa20fad156233a
	SHA1	ae5c42b0ad2b275e58176b017fee37ebdc81a39e
	SHA256	a1d60aa41fd424b121d1df9412d13c6d2c9fc584e0abb086ce7cf8a3630b53cc
SSDeep	1536:F9oV9iZVedQ1pRBRJEFpbWgaE/GSwIdWwgoUD4vA7jnmDwRfojeohoZW0y:LoHiredQ6FpbvulIPIDWA7jneHjeoho/
Size	91136 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-GD [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder K7AntiVirus = Riskware VirusBuster = Trojan.Monder!gIqKKFcwfbE eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R4FCRGC Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Monder.drjy SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[Cont] McAfee-GW-Edition = Vundo!jk DrWeb = Trojan.Juan.432 TrendMicro = TROJ_GEN.R4FCRGC Kaspersky = Trojan.Win32.Monder.drjy Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Monder.BMF!tr PCTools = Trojan.Gen Jiangmin = Adware/SuperJuan.mz McAfee = Vundo!jk F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic21.CORW Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.13 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Monder.drjy BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.NDC
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:04:23 08:31:46-04:00 PE Type : PE32 Linker Version : 5.0 Code Size : 36864 Initialized Data Size : 98304 Uninitialized Data Size : 0 Entry Point : 0x68da OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 8.1.3124.0 Product Version Number : 8.1.3124.0 File Flags Mask : 0x003f File Flags : Pre-release, Private build File OS : Win32 Object File Type : Executable application File Subtype : 0 Language Code : Neutral Character Set : Unicode Company Name : Ejlwccyyz Drksjuvlnje File Description : Drslhxwea IME 2002 File Version : 8.1.3124.0 Internal Name : MS-IME 2002 Legal Copyright : Copyright (C) 1995-2000 Qfcjsgkmv Zmsfkjxzypx. All rights reserved. Legal Trademarks : XruycnsnrR is a registered trademark of Nikighixo Euphcltvnkl. Xqfinny(TM) is a trademark of Eymmzioeq Wqkjbukmmtj Original Filename : IMEPADSM.DLL Product Name : Rwweklwyu IME 2002 Product Version : 8.1.3124.0
VirusTotal Report submitted 2012-03-26 03:59:50
VirusShare info last updated 2012-07-26 17:37:27

	MD5	6ee00753451a0dcd43252d112373e149
	SHA1	b8ac351f46510541c15a088fb2155ce70e88e083
	SHA256	a25d55a61a03d3f2c4bdc769c25732c24ffc0d027caf6f35efe2d975861218b8
SSDeep	1536:Floc5NZlOQpuVNRJEkpbWgaE/GSwIdWwgoUD4vA7jnmDwRfojeoPoZW0y:noCNDOxWkpbvulIPIDWA7jneHjeoPo/
Size	91136 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Antiy-AVL = AdWare/Win32.SuperJuan.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Adware/Win32.SuperJuan Panda = Suspicious file VirusBuster = Adware.SuperJuan!oD+E+MKsxa0 VBA32 = AdWare.SuperJuan.aafb Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[RE] McAfee-GW-Edition = Artemis!6EE00753451A Kaspersky = not-a-virus:AdWare.Win32.SuperJuan.aafb Microsoft = Trojan:Win32/Vundo Jiangmin = Adware/SuperJuan.mz McAfee = Artemis!6EE00753451A F-Secure = Gen:Variant.Vundo.13 VIPRE = Virtumonde Prevx = Medium Risk Malware Dropper AVG = Generic21.CORW Norman = W32/Suspicious_Gen2.KZUZV GData = Gen:Variant.Vundo.13 BitDefender = Gen:Variant.Vundo.13
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:04:23 08:31:46-04:00 PE Type : PE32 Linker Version : 5.0 Code Size : 36864 Initialized Data Size : 98304 Uninitialized Data Size : 0 Entry Point : 0x68da OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 8.1.3124.0 Product Version Number : 8.1.3124.0 File Flags Mask : 0x003f File Flags : Pre-release, Private build File OS : Win32 Object File Type : Executable application File Subtype : 0 Language Code : Neutral Character Set : Unicode Company Name : Ejlwccyyz Drksjuvlnje File Description : Drslhxwea IME 2002 File Version : 8.1.3124.0 Internal Name : MS-IME 2002 Legal Copyright : Copyright (C) 1995-2000 Qfcjsgkmv Zmsfkjxzypx. All rights reserved. Legal Trademarks : XruycnsnrR is a registered trademark of Nikighixo Euphcltvnkl. Xqfinny(TM) is a trademark of Eymmzioeq Wqkjbukmmtj Original Filename : IMEPADSM.DLL Product Name : Rwweklwyu IME 2002 Product Version : 8.1.3124.0
VirusTotal Report submitted 2011-04-22 07:51:43
VirusShare info last updated 2012-07-26 17:37:55

	MD5	95f556c6f3dcb378eafc6414b9c586c1
	SHA1	ac7f46e4137e1d133d633b19c5007641b8266688
	SHA256	a35d2f40d03e0e9372565d9dd6695866573413ad299060c5c7ee87204859d812
SSDeep	1536:RQS3YyRekhq10fcFy29kw+M9EpeERm/TE2fcFWE/38Wv1H3xGSqqZl3:Z3Yy5hqishuGyeE8/TE2fcFF8S1XxN3
Size	131072 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Malware/Win32.Generic Panda = Trj/CI.A K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!TQN/Feh8RVQ TrendMicro-HouseCall = TROJ_GEN.R72C2D7 CAT-QuickHeal = Trojan.Vundo SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Artemis!95F556C6F3DC TrendMicro = TROJ_GEN.R72C2D7 Microsoft = Trojan:Win32/Vundo McAfee = Artemis!95F556C6F3DC F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Generic!BT Prevx = High Risk System Back Door Avast5 = Win32:Malware-gen AVG = Generic21.BQLP Norman = W32/Suspicious_Gen2.KFIXI GData = Gen:Variant.Vundo.4 BitDefender = Gen:Variant.Vundo.4 NOD32 = probably a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:08:08 12:20:53-04:00 PE Type : PE32 Linker Version : 5.12 Code Size : 110592 Initialized Data Size : 53248 Uninitialized Data Size : 0 Entry Point : 0x1bec1 OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7000.0 Product Version Number : 6.1.7000.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Hwlvhnnaf Hsopsnoqiga File Description : Media Foundation H264 Encoder File Version : 6.1.7000.0 (winmain_win7beta.081212-1400) Internal Name : Media Foundation H264 Encoder Legal Copyright : © Buukogwnp Qliirutbyfn. All rights reserved. Original Filename : mfH264Enc.dll Product Name : Tvzsjayqb® Odfhqkx® Tvuxpmkhy Oakqgn Product Version : 6.1.7000.0
VirusTotal Report submitted 2011-04-18 15:51:11
VirusShare info last updated 2012-07-26 17:38:33

	MD5	c6a82a635883916aff296f723de36657
	SHA1	a81f5dd767a4f11e3c5e96d705e344764ce3fe9a
	SHA256	f73b9893be0cdfe4fc92c5c84183a05288a1cde2d382ae9e030a17452a6e1b03
SSDeep	1536:bSYv0G2yXJ/m7dlAkf+0BGIjjJUTYGQehLzto+767FWWXZZWxXIKDdze:bX2HlAijjWTRztrUXpZW5bDdze
Size	97792 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Suspicious file Rising = Trojan.Win32.Generic.128F3A54 nProtect = Trojan/W32.Agent.97792.FK K7AntiVirus = Trojan VirusBuster = Trojan.Monder!dpA5ccWaX0E TrendMicro-HouseCall = TROJ_SPNR.15L511 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Monder.myko McAfee-GW-Edition = Vundo!mq DrWeb = Trojan.Click1.43075 TrendMicro = TROJ_SPNR.15L511 Kaspersky = Trojan.Win32.Monder.myko Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Malcol TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Genome.ipb McAfee = Vundo!mq F-Secure = Trojan.Agent.AQPW VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.BZ.gen!Eldorado AVG = Crypt_c.BDQ Norman = W32/Kryptik.AIF Sophos = Mal/Generic-L GData = Trojan.Agent.AQPW Symantec = Trojan.Malcol Commtouch = W32/Virtumonde.BZ.gen!Eldorado BitDefender = Trojan.Agent.AQPW NOD32 = a variant of Win32/Kryptik.GND
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:01 07:51:19-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 88064 Initialized Data Size : 45056 Uninitialized Data Size : 0 Entry Point : 0x165f7 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Windows Media Video Decoder File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : wmvdecod.dll Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : wmvdecod.dll Product Name : Microsoft® Windows® Operating System Product Version : 6.1.7600.16385 Ole Self Register :
VirusTotal Report submitted 2012-07-01 11:52:23
VirusShare info last updated 2012-07-26 17:41:24

	MD5	0ce9fe5ce0f5c932ef65ea950161f0e2
	SHA1	e843acb61a803d7f0a0d9171d68bfa58ed4e75fd
	SHA256	a87ecf0a3628617922f180cb1f93beeabf5310e78406bf18fe6a6a0f58352193
SSDeep	3072:Z3Yy5hqishWGyeE8/TEcx6fMFO8C1Txbb3:V5hqiy/EGiMU9
Size	131072 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Malware/Win32.Generic Panda = Trj/CI.A nProtect = Trojan.Generic.5738428 K7AntiVirus = Riskware SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Artemis!0CE9FE5CE0F5 Kaspersky = HEUR:Trojan.Win32.Generic Jiangmin = Trojan/Generic.eoya McAfee = Artemis!0CE9FE5CE0F5 VIPRE = Trojan.Win32.Generic!BT Prevx = High Risk System Back Door Avast5 = Win32:Vundo-JU AVG = Generic21.BQPX Norman = W32/Suspicious_Gen2.LCHCI Symantec = WS.Reputation.1 GData = Trojan.Generic.5738428 BitDefender = Trojan.Generic.5738428 NOD32 = probably a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:08:08 12:20:53-04:00 PE Type : PE32 Linker Version : 5.12 Code Size : 110592 Initialized Data Size : 53248 Uninitialized Data Size : 0 Entry Point : 0x1bec1 OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7000.0 Product Version Number : 6.1.7000.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Hwlvhnnaf Hsopsnoqiga File Description : Media Foundation H264 Encoder File Version : 6.1.7000.0 (winmain_win7beta.081212-1400) Internal Name : Media Foundation H264 Encoder Legal Copyright : © Buukogwnp Qliirutbyfn. All rights reserved. Original Filename : mfH264Enc.dll Product Name : Tvzsjayqb® Odfhqkx® Tvuxpmkhy Oakqgn Product Version : 6.1.7000.0
VirusTotal Report submitted 2011-05-13 08:26:48
VirusShare info last updated 2012-07-26 17:41:37

	MD5	b418695ce268850d8e460739877e93a3
	SHA1	a8aaaf4c9987f9299f4193368211556ba05636be
	SHA256	13147df6eb1ab80fbdf70fafbcad3f383404a650b57eb2a530b9bf1d89348441
SSDeep	3072:+2nw3C9d2HIUdWjdR75QKWUDO8st7p7po2:pwy9w/dWjTlXjDHsm
Size	103424 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-HH [Cryp] Ikarus = Trojan.Win32.Pirminay Panda = Trj/Genetic.gen Rising = Trojan.Win32.Generic.12535B02 nProtect = Joke/W32.Renos.103424.C K7AntiVirus = Trojan VirusBuster = Trojan.Renos!aNYLjJ+bYcw VBA32 = Trojan.Genome.qzfj TrendMicro-HouseCall = TROJ_GEN.R4FC2D2 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Win32.Vundo.gen5.AD SUPERAntiSpyware = Trojan.Agent/Gen-Redirect McAfee-GW-Edition = Artemis!B418695CE268 DrWeb = Trojan.Click1.32891 TrendMicro = TROJ_GEN.R4FC2D2 Kaspersky = Trojan.Win32.Monder.mzag Microsoft = Trojan:Win32/Vundo Fortinet = W32/Kryptik.ANL!tr PCTools = RogueAntiSpyware.SpywareStrike!rem TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Genome.ihm McAfee = Artemis!B418695CE268 F-Secure = Trojan.Renos.PJY VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.BZ.gen!Eldorado AVG = Crypt_c.CEV Norman = W32/Suspicious_Gen2.LNBKT Sophos = Mal/Agent-PG Symantec = SpywareStrike GData = Trojan.Renos.PJY Commtouch = W32/Virtumonde.BZ.gen!Eldorado TheHacker = Trojan/Kryptik.hhf BitDefender = Trojan.Renos.PJY NOD32 = a variant of Win32/Kryptik.HHF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:17 15:51:36-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 92160 Initialized Data Size : 48640 Uninitialized Data Size : 0 Entry Point : 0x17649 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : Neutral Character Set : Unicode Company Name : Microsoft Corporation File Description : KO Hangeul Keyboard Layout for 101 (Type A) File Version : 6.0.6000.16386 (vista_rtm.061101-2205) Internal Name : kbd101a Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : kbd101a.dll Product Name : Microsoft® Windows® Operating System Product Version : 6.0.6000.16386
VirusTotal Report submitted 2012-07-01 12:00:26
VirusShare info last updated 2012-07-26 17:41:44

	MD5	bb20a4cc89502a8ee85386c45f6fcb52
	SHA1	ac6ca21d323210063c48877398150e063bc51f21
	SHA256	abe81fd44f277f81b1e9e85bf064b0b60b189a0fc2dcbf9006ea244b3530de7a
SSDeep	3072:8SNtXamVAcR4enPgAWd75b93Ig2elSMqqDLy/d5kS:8qtQcR4eP25x6CqqDLuN
Size	136704 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:Malware-gen Antiy-AVL = Trojan/win32.agent.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Fakeav.136704.AN Panda = Generic Trojan nProtect = Trojan/W32.Agent.136704.HD K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!qII1P1kpKNQ TrendMicro-HouseCall = TROJ_GEN.R47C2FT Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falleg[RE] McAfee-GW-Edition = Vundo!kl DrWeb = Trojan.Virtumod.10084 TrendMicro = TROJ_GEN.R47C2FT Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Moder.DRJY!tr Jiangmin = Trojan/Generic.ineh McAfee = Vundo!kl F-Secure = Trojan.Generic.KDV.252191 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Malware-gen F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.DKB GData = Trojan.Generic.KDV.252191 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.myj BitDefender = Trojan.Generic.KDV.252191 NOD32 = a variant of Win32/Kryptik.MYJ
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:20 09:51:04-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 106496 Initialized Data Size : 86016 Uninitialized Data Size : 0 Entry Point : 0x1649a OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 0.90.16.16384 Product Version Number : 0.90.16.16384 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Unicode Company Name : N-trig Innovative Technologies File Description : N-trig tablet digitizer in-box driver File Version : 0.90.16.16384 (Vista_RC1.060509-2219) Internal Name : ntrigdigi.sys Legal Copyright : © Crhnesmrg Reogypswwyj. All rights reserved. Original Filename : ntrigdigi.sys Product Name : N-trig tablet digitizer in-box driver Product Version : 0.90.16.16384
VirusTotal Report submitted 2011-08-31 21:42:08
VirusShare info last updated 2012-07-26 17:44:03

	MD5	7dbd28618a9f054e0a149b31d0faedbe
	SHA1	ad746ab2bb522fdb58e88e87ddf40f75949cc857
	SHA256	8ead3626570e1872036c40fdb1598a8e12a009f581e6b75e4baf124a807d89b8
SSDeep	3072:NjmajsWf4wJQ4sKPBcDs8BdK1tnXMhQRU688raUae2cxD:NdjQsPOrE1tnXMKZHp2
Size	116224 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Dldr.Tracur.AG.16 Avast = Win32:MalOb-HO [Cryp] Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan-Downloader.Win32.Tracur AhnLab-V3 = Trojan/Win32.HDC Panda = Trj/CI.A nProtect = Trojan/W32.Pirminay.116224 K7AntiVirus = Trojan VBA32 = Trojan.Rundup.q TrendMicro-HouseCall = TROJ_GEN.R01C7K6 Comodo = TrojWare.Win32.Kryptik.BMN Emsisoft = Trojan-Downloader.Win32.Tracur!IK CAT-QuickHeal = Trojan.Tracur.Gen SUPERAntiSpyware = Trojan.Agent/Gen-MSFake McAfee-GW-Edition = Downloader-BMN.gen.e DrWeb = Trojan.Hosts.5082 TrendMicro = TROJ_GEN.R01C7K6 Kaspersky = Trojan.Win32.Rundup.q Microsoft = Trojan:Win32/Tracur.AI Fortinet = W32/Kryptik.UQZ!tr PCTools = Trojan.Gen TotalDefense = Win32/Tracur.GE Jiangmin = Trojan/Pirminay.aom McAfee = Downloader-BMN.gen.e F-Secure = Gen:Variant.Kazy.40555 VIPRE = Trojan.Win32.Generic!BT eSafe = Win32.Trojan F-Prot = W32/SuspPack.DW.gen!Eldorado AVG = Generic25.AGKN Norman = W32/Tracur.AO Sophos = Mal/Generic-L GData = Gen:Variant.Kazy.40555 Symantec = Trojan.Gen.2 Commtouch = W32/SuspPack.DW.gen!Eldorado TheHacker = Trojan/Kryptik.ucc BitDefender = Gen:Variant.Kazy.40555 NOD32 = a variant of Win32/Kryptik.UCC
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:01:17 00:36:04-05:00 PE Type : PE32 Linker Version : 5.1 Code Size : 89600 Initialized Data Size : 16384 Uninitialized Data Size : 208896 Entry Point : 0x2b7d OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Unimodem Service Provider AT Mini Driver File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : UNIMDMAT Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : UNIMDMAT.DLL Product Name : Microsoft® Windows® Operating System Product Version : 6.1.7600.16385
VirusTotal Report submitted 2012-07-01 13:24:48
VirusShare info last updated 2012-07-26 17:44:48

	MD5	fa4793cd775e5dbc0268a83f3d6c7402
	SHA1	6093833d1e292e908d75cf8fab5d8afcae14d525
	SHA256	b0000c187fa264f7543575a86dc93aaf79fd8c7a0f0512e114e2041ceaea0447
SSDeep	1536:F6noQctRZubGQAXEyRJERpbWgaE/GSwIdWwgoUD4vA7jnmDwRfojeoMoZW0y:snoLtRgbGghRpbvulIPIDWA7jneHjeot
Size	91136 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Antiy-AVL = AdWare/Win32.SuperJuan.gen Ikarus = Trojan.Win32.Pirminay Panda = Trj/CI.A VBA32 = AdWare.SuperJuan.heur Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[RE] Kaspersky = not-a-virus:AdWare.Win32.SuperJuan.aave Microsoft = Trojan:Win32/Vundo Jiangmin = Adware/SuperJuan.mz F-Secure = Trojan.Generic.KDV.184219 VIPRE = Virtumonde Prevx = Medium Risk Malware Dropper AVG = Generic21.CORW GData = Trojan.Generic.KDV.184219 BitDefender = Trojan.Generic.KDV.184219
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:04:23 08:31:46-04:00 PE Type : PE32 Linker Version : 5.0 Code Size : 36864 Initialized Data Size : 98304 Uninitialized Data Size : 0 Entry Point : 0x68da OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 8.1.3124.0 Product Version Number : 8.1.3124.0 File Flags Mask : 0x003f File Flags : Pre-release, Private build File OS : Win32 Object File Type : Executable application File Subtype : 0 Language Code : Neutral Character Set : Unicode Company Name : Ejlwccyyz Drksjuvlnje File Description : Drslhxwea IME 2002 File Version : 8.1.3124.0 Internal Name : MS-IME 2002 Legal Copyright : Copyright (C) 1995-2000 Qfcjsgkmv Zmsfkjxzypx. All rights reserved. Legal Trademarks : XruycnsnrR is a registered trademark of Nikighixo Euphcltvnkl. Xqfinny(TM) is a trademark of Eymmzioeq Wqkjbukmmtj Original Filename : IMEPADSM.DLL Product Name : Rwweklwyu IME 2002 Product Version : 8.1.3124.0
VirusTotal Report submitted 2011-04-25 07:31:03
VirusShare info last updated 2012-07-26 17:46:46

	MD5	e99be4c0cdf17b335c4e43ad8c92eada
	SHA1	bd344009692111a90018a97e95585e6346932cb1
	SHA256	b11ca8576bbce98608924c84e4d3892d2450babc069b96f14de775033e3bc009
SSDeep	6144:X7ZSRCVrwYJ7PEduK+fvrZZxoKGpPBEbbe1fHFFYmd6ra3tOF9OnChwvtb:X7wi0E7PFK+Ltxs56IFimdlETwvtb
Size	345629 bytes
File Type	PE32 executable (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Crypt.XPACK.Gen3 Avast = Win32:Kryptik-AZJ Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Swisyn.345629 Panda = Trj/CI.A nProtect = Gen:Variant.Zbot.34 K7AntiVirus = Riskware VBA32 = Trojan.Pirminay.eor TrendMicro-HouseCall = TROJ_GEN.R3EC2DL Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Pirminay.eor McAfee-GW-Edition = Generic Downloader.x!fye TrendMicro = TROJ_GEN.R3EC2DL Kaspersky = Trojan.Win32.Pirminay.eor Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Pirminay.EOR!tr Jiangmin = Trojan/Pirminay.qs McAfee = Generic Downloader.x!fye F-Secure = Gen:Variant.Zbot.34 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Kryptik-AZJ AVG = Generic21.BFFY Norman = W32/Obfuscated.L Sophos = Mal/Ponmocup-A Symantec = WS.Reputation.1 GData = Gen:Variant.Zbot.34 TheHacker = Trojan/Pirminay.ekb BitDefender = Gen:Variant.Zbot.34 NOD32 = a variant of Win32/Kryptik.NDZ
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:08:01 18:54:42-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 327680 Initialized Data Size : 319488 Uninitialized Data Size : 0 Entry Point : 0x4db72 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Ilxdhlunh Yycvbcxpyhm File Description : Jqbblwvdb ODBC Desktop Driver Pack 3.5 File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : odbcji32.dll Legal Copyright : © Ddpjkricr Rmczqqqdhzs. All rights reserved. Original Filename : odbcji32.dll Product Name : Microsoft® Rntordq® Tnwrptaup Gquqmn Product Version : 6.1.7600.16385
VirusTotal Report submitted 2011-06-21 08:55:32
VirusShare info last updated 2012-07-26 17:47:26

	MD5	d8c4c32c36de2bfc0b33345cb46c0686
	SHA1	b2003fc5df744a686ca994f3eddfc270de634e6e
	SHA256	65a3bd636bfb616229f13a4e3bac82a8f11fbf12a01de8223460d0da253b4372
SSDeep	3072:dxlYMPG5sguMjonMqqDLy/Zn+x18S1eUn55KgS:Bku4qqDLuu18tUn50
Size	122880 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-HF [Cryp] Antiy-AVL = Trojan/Win32.Monder.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.HDC Panda = Trj/CI.A K7AntiVirus = Trojan VirusBuster = Trojan.Kryptik!EQlWX/u+j4s TrendMicro-HouseCall = TROJ_GEN.R11C2IA Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Monder.myzz SUPERAntiSpyware = Trojan.Agent/Gen-Faker McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.Virtumod.10456 TrendMicro = TROJ_GEN.R11C2IA Kaspersky = Trojan.Win32.Monder.myzz Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Monder.acly McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.4 VIPRE = Virtumonde F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.AIFI Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.oxp BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.OXP
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:11:25 20:54:04-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 45056 Initialized Data Size : 122880 Uninitialized Data Size : 0 Entry Point : 0x73aa OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Umhrgdcor Lypjkdqwdrt File Description : Rrlnymwcw Japanese Natural Language Server Data and Code File Version : 6.0.6000.16386 (gaexe_rtm.061101-2205) Internal Name : NlsData0011 Legal Copyright : © Eckrqvvnc Gfnmirtuoqg. All rights reserved. Original Filename : NlsData0011.dll Product Name : Vnmkkyksj® Jtyioex® Operating Nezxxf Product Version : 6.0.6000.16386
VirusTotal Report submitted 2012-07-01 15:42:10
VirusShare info last updated 2012-07-26 17:48:01

	MD5	c8b3106b0486c6b9305314c7fe368ae9
	SHA1	81e7fd9ee2d265f36d9ff8fc1b4e8acc9d494429
	SHA256	b3017269c069de16372fde44f2ecc34a954c295fe05647471f53fe45b1afea8e
SSDeep	6144:D1kTtgHBaUcysrpvU1X1UsmYd7VO861R1ayuF:DCZg1orpvQ1UH8SS
Size	211400 bytes
File Type	PE32 executable (GUI) Intel 80386, for MS Windows
Detections	Avast = Win32:Trojan-gen Antiy-AVL = Trojan/Win32.Jorik Ikarus = Trojan.Win32.Jorik AhnLab-V3 = Trojan/Win32.Jorik Emsisoft = Trojan.Win32.Jorik!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Artemis!C8B3106B0486 DrWeb = Trojan.Fakealert.26952 Kaspersky = HEUR:Trojan.Win32.Generic Fortinet = W32/Kryptik.UEO Jiangmin = Trojan/Jorik.srx McAfee = Artemis!C8B3106B0486 F-Secure = Gen:Variant.Graftor.3065 AVG = Generic25.AHEV Norman = W32/Suspicious_Gen4.dam GData = Gen:Variant.Graftor.3065 TheHacker = Trojan/Jorik.Pirminay.anv BitDefender = Gen:Variant.Graftor.3065 NOD32 = a variant of Win32/Kryptik.UEO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 28672 Initialized Data Size : 204800 Uninitialized Data Size : 0 Entry Point : 0x154b OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI Warning : Error processing PE data dictionary
VirusTotal Report submitted 2012-03-19 15:31:22
VirusShare info last updated 2012-07-26 17:48:31

	MD5	22f5e5a792a74da2975895eed5c81640
	SHA1	f5133302b03dc1a4421f8313eb27da55a2403a2c
	SHA256	b8879b84d3055f7e486b10d9f0fc7bcc3d9748810c21e6529c3b594c85f84aaf
SSDeep	1536:Fao/W4PZdeQauTnlbpMRJE8pbWgaE/GSwIdWwgoUD4vA7jnmDwRfojeoLoZW0y:Iou4PPew1f8pbvulIPIDWA7jneHjeoLa
Size	91136 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Antiy-AVL = AdWare/Win32.SuperJuan.gen Ikarus = Trojan.Win32.Pirminay Panda = Suspicious file VirusBuster = Trojan.Vundo!W+J83jFVc3k CAT-QuickHeal = Trojan.Vundo SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[RE] Microsoft = Trojan:Win32/Vundo Jiangmin = Adware/SuperJuan.mz VIPRE = Trojan.Win32.Kryptik.laq (v) Prevx = Medium Risk Malware Dropper AVG = Generic21.CORW GData = Gen:Variant.Vundo.13 BitDefender = Gen:Variant.Vundo.13
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:04:23 08:31:46-04:00 PE Type : PE32 Linker Version : 5.0 Code Size : 36864 Initialized Data Size : 98304 Uninitialized Data Size : 0 Entry Point : 0x68da OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 8.1.3124.0 Product Version Number : 8.1.3124.0 File Flags Mask : 0x003f File Flags : Pre-release, Private build File OS : Win32 Object File Type : Executable application File Subtype : 0 Language Code : Neutral Character Set : Unicode Company Name : Ejlwccyyz Drksjuvlnje File Description : Drslhxwea IME 2002 File Version : 8.1.3124.0 Internal Name : MS-IME 2002 Legal Copyright : Copyright (C) 1995-2000 Qfcjsgkmv Zmsfkjxzypx. All rights reserved. Legal Trademarks : XruycnsnrR is a registered trademark of Nikighixo Euphcltvnkl. Xqfinny(TM) is a trademark of Eymmzioeq Wqkjbukmmtj Original Filename : IMEPADSM.DLL Product Name : Rwweklwyu IME 2002 Product Version : 8.1.3124.0
VirusTotal Report submitted 2011-04-21 06:42:26
VirusShare info last updated 2012-07-26 17:51:35

	MD5	83df9599e4dff1ed520d0092068031fe
	SHA1	804c56c7e02fafc9c2fe79e3991e90fa1077c164
	SHA256	b9355ae287af4836968cfaf1c10da3bee6ac30993b93563057df7753a119e142
SSDeep	1536:FkoTeGZb8DQG6e1lRJE/pbWgaE/GSwIdWwgoUD4vA7jnmDwRfojeoXoZW0y:SoaGODfte/pbvulIPIDWA7jneHjeoXo/
Size	91136 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Antiy-AVL = AdWare/Win32.SuperJuan.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Adware/Win32.SuperJuan Panda = Trj/CI.A VirusBuster = Adware.SuperJuan!xxmNKcdYj/0 VBA32 = AdWare.SuperJuan.aafe Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Vundo SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[RE] McAfee-GW-Edition = Artemis!83DF9599E4DF Kaspersky = not-a-virus:AdWare.Win32.SuperJuan.aafe Microsoft = Trojan:Win32/Vundo Jiangmin = Adware/SuperJuan.mz McAfee = Artemis!83DF9599E4DF F-Secure = Trojan.Generic.KDV.182588 VIPRE = Virtumonde Prevx = Medium Risk Malware Dropper AVG = Generic21.CORW Norman = W32/Suspicious_Gen2.KZZJC GData = Trojan.Generic.KDV.182588 BitDefender = Trojan.Generic.KDV.182588
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:04:23 08:31:46-04:00 PE Type : PE32 Linker Version : 5.0 Code Size : 36864 Initialized Data Size : 98304 Uninitialized Data Size : 0 Entry Point : 0x68da OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 8.1.3124.0 Product Version Number : 8.1.3124.0 File Flags Mask : 0x003f File Flags : Pre-release, Private build File OS : Win32 Object File Type : Executable application File Subtype : 0 Language Code : Neutral Character Set : Unicode Company Name : Ejlwccyyz Drksjuvlnje File Description : Drslhxwea IME 2002 File Version : 8.1.3124.0 Internal Name : MS-IME 2002 Legal Copyright : Copyright (C) 1995-2000 Qfcjsgkmv Zmsfkjxzypx. All rights reserved. Legal Trademarks : XruycnsnrR is a registered trademark of Nikighixo Euphcltvnkl. Xqfinny(TM) is a trademark of Eymmzioeq Wqkjbukmmtj Original Filename : IMEPADSM.DLL Product Name : Rwweklwyu IME 2002 Product Version : 8.1.3124.0
VirusTotal Report submitted 2011-04-22 08:02:28
VirusShare info last updated 2012-07-26 17:52:00

	MD5	35dae33ab59c68bb14ed328a68982986
	SHA1	49be73a5d1d8e05bcfc9a8b4b62b87b5995a5b1f
	SHA256	b9b3d2a8833d7b060a0023013e452480ecb4f491dc5548f17fc2bbb2896c678b
SSDeep	3072:DzNoiw/RbywcBjJNksXC6e1XLMMlYfWQoZjQnEDyYK4RY6Gax6qmLvpKsSGS22LC:9BjsV6e1bz5YDqmvpKhGS22Lvq
Size	147456 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Suspicious file nProtect = Trojan/W32.Monder.147456.B K7AntiVirus = Riskware eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R4FC2G5 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Monder.nmum SUPERAntiSpyware = Trojan.Agent/Gen-Vundo McAfee-GW-Edition = Vundo!ji DrWeb = Trojan.Virtumod.10280 TrendMicro = TROJ_GEN.R4FC2G5 Kaspersky = Trojan.Win32.Monder.nmum Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Menti.fam!tr PCTools = Trojan.Gen McAfee = Vundo!ji F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic26.BVOE Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen.2 Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Adware.Virtumonde.NKL
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:06 00:32:23-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 90112 Initialized Data Size : 90112 Uninitialized Data Size : 0 Entry Point : 0x16584 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.0.2134.1 Product Version Number : 5.0.2134.1 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : TCP/IP Lpq Command File Version : 5.00.2134.1 Internal Name : lpq.exe Legal Copyright : Copyright (C) Microsoft Corp. 1981-1999 Original Filename : lpq.exe Product Name : Microsoft(R) Windows (R) 2000 Operating System Product Version : 5.00.2134.1
VirusTotal Report submitted 2012-03-25 23:26:01
VirusShare info last updated 2012-07-26 17:52:11

	MD5	c811c9af698af0b3d6b4a17ca870f2bd
	SHA1	ba4894b826db343bb303b111b60b43f2f8aec2cd
	SHA256	3769d00927b641790ac5fc9015ec03cfeb86c0d00e01ec721610067916be3e11
SSDeep	3072:S+jZ6rU50oY8ACTFDAVcXT6G/VdFz4MqqDLy/5oDbc:zekz80T6AFzzqqDLu5
Size	131072 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:Vundo-JX [Trj] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/Genetic.gen nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!m2z3DKTs3eg eTrust-Vet = Win32/Vundo.HPV!genus TrendMicro-HouseCall = TROJ_GEN.R72C2FU Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Vundo!iy TrendMicro = TROJ_GEN.R72C2FU Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Vundo.IY!tr McAfee = Vundo!iy F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Vundo-JX [Trj] eSafe = Win32.TRVundo AVG = Generic23.STL Norman = W32/Suspicious_Gen2.MYTZG GData = Gen:Variant.Vundo.4 BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:05 18:48:40-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 86016 Initialized Data Size : 86016 Uninitialized Data Size : 0 Entry Point : 0x151a7 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.1.4026.0 Product Version Number : 2.0.0.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : Ncpniezam Kdqqjqacykd File Description : Movie Maker Filters File Version : 2, 1, 4026, 0 Internal Name : WMM2FILT Legal Copyright : Copyright (C) Lfwckqjlh Corp, 2004 Legal Trademarks : Original Filename : WMM2FILT.DLL Private Build : Product Name : Windows Movie Maker Product Version : 2.1.4026.0 Special Build :
VirusTotal Report submitted 2011-07-10 06:52:17
VirusShare info last updated 2012-07-26 17:52:31

	MD5	f06a501aacc18b8928f3f565e9b3cbb9
	SHA1	2d17432717b676f532453a1e8e2d625ae72a2e1b
	SHA256	ba6b30d9204ea6852b59bf3789298d9e65382fcfc1d8773728324754f76278fc
SSDeep	3072:UisBjkCQebMErnQzUtsBy6RcBWLyscOkzkRzZsKl5BvwkUGO:dOjkCZQEszKsxc
Size	128000 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Suspicious file Rising = Trojan.Win32.Generic.12528B61 nProtect = Trojan/W32.Agent.128000.EH K7AntiVirus = Riskware eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R26CCC9 Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Generic.evx!d DrWeb = Trojan.Juan.568 TrendMicro = TROJ_GEN.R26CCC9 Kaspersky = Trojan.Win32.Monder.drjy Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Genome.hxf McAfee = Generic.evx!d F-Secure = Gen:Variant.Vundo.5 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.BZ.gen!Eldorado AVG = Vundo.MH Norman = W32/Vundo.UUW Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.5 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.BZ.gen!Eldorado TheHacker = Trojan/Kryptik.itv BitDefender = Gen:Variant.Vundo.5 NOD32 = a variant of Win32/Kryptik.JHF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:11:14 01:44:52-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 58368 Initialized Data Size : 104960 Uninitialized Data Size : 0 Entry Point : 0xf257 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 0.3.1281.0 Product Version Number : 6.0.5479.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 12 Language Code : Arabic Character Set : Unicode Company Name : Microsoft Corporation File Description : برنامج تشغيل الطابعة panson24 File Version : 6.0.5479.0 (vbl_wcp_d2_drivers.060616-1619) Internal Name : pa24w9x.dll Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : pa24w9x.dll Product Name : Microsoft® Windows® Operating System Product Version : 6.0.5479.0
VirusTotal Report submitted 2012-03-19 07:07:07
VirusShare info last updated 2012-07-26 17:52:36

	MD5	dcb9536688eaee3830b8bc9aa1e88f6a
	SHA1	bade43c2d2366a8799b64a6c64421699afcf60cf
	SHA256	10d07e022dbbdfa37a2e6284be32f8ca0a323a3333be7111bfc3577f131c8ac8
SSDeep	3072:dEm8QRlA3aNkRAaTddoNxARag44LJ3Jh9ypXcdJ9XfUfCwhw:dESehqxJspJip
Size	127488 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-HH [Cryp] Ikarus = Gen.Variant.Vundo AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/Sinowal.WXO Rising = Trojan.Win32.Generic.1253726C nProtect = Trojan/W32.Pirminay.127488 K7AntiVirus = Trojan VirusBuster = Trojan.Monder!AYjr3yP2nyo VBA32 = Trojan.Pirminay.jxo TrendMicro-HouseCall = TROJ_SPNR.30EE12 Emsisoft = Gen.Variant.Vundo!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Monder.myrn McAfee-GW-Edition = Vundo!or DrWeb = Trojan.Siggen2.15308 TrendMicro = TROJ_SPNR.30EE12 Kaspersky = Trojan.Win32.Monder.myrn Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Pirminay.ff McAfee = Vundo!or F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.BZ.gen!Eldorado AVG = Vundo.MH Norman = Pirminay.A GData = Gen:Variant.Vundo.13 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.BZ.gen!Eldorado TheHacker = Trojan/Pirminay.mdp BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.HNY
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:10:24 13:20:26-04:00 PE Type : PE32 Linker Version : 5.12 Code Size : 52736 Initialized Data Size : 108544 Uninitialized Data Size : 0 Entry Point : 0xdbfd OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.1830 Product Version Number : 5.2.3790.1830 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : System Information File Version : 5.2.3790.1830 (srv03_sp1_rtm.050324-1447) Internal Name : msinfo32.exe Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : msinfo32.exe Product Name : Microsoft® Windows® Operating System Product Version : 5.2.3790.1830
VirusTotal Report submitted 2012-07-01 18:13:17
VirusShare info last updated 2012-07-26 17:52:55

	MD5	e49694f240ce05a7969a36ec8a48ebc3
	SHA1	bc4aa9c283f5eb01db99a7379432347fc3e9820f
	SHA256	41b8aaf58f218b116ed8eed5958e5027563a1f185a008f739211ca829777d4ad
SSDeep	3072:iXMGFwmIU8K8zM97tu1G31fyukoXMqqDLy/T4SV8:5K98zqha8oqqDLudV8
Size	118784 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-HH [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Genome Panda = Trj/Genetic.gen K7AntiVirus = Trojan VirusBuster = Trojan.Genome!/3UsSw4Y0vk TrendMicro-HouseCall = TROJ_GEN.R4FC2IG Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Genome.wexl SUPERAntiSpyware = Trojan.Agent/Gen-Kundo McAfee-GW-Edition = Vundo!pj DrWeb = Trojan.Click1.63787 TrendMicro = TROJ_GEN.R4FC2IG Kaspersky = Trojan.Win32.Genome.wexl Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Generic.aaznh McAfee = Vundo!pj F-Secure = Gen:Variant.Vundo.16 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.AGKM Norman = W32/Suspicious_Gen2.QTXPD Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.16 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Genome.srdh BitDefender = Gen:Variant.Vundo.16 NOD32 = probably a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:16 03:31:27-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 40960 Initialized Data Size : 118784 Uninitialized Data Size : 0 Entry Point : 0x6ec2 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1998.11.13.0 Product Version Number : 7.0.6.23 File Flags Mask : 0x003f File Flags : (none) File OS : Win16 Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Windows, Latin1 Platform : Windows Company Name : Microsoft Corporation File Description : SQL Client Configuration Utility. File Version : 1998.11.13 Internal Name : CLICONFG. Legal Copyright : Copyright © Microsoft Corp. 1988-1998 Legal Trademarks : Microsoft® is a registered trademark of Microsoft Corporation. Windows(TM) is a trademark of Microsoft Corporation Original Filename : CLICONFG.EXE. Product Name : Microsoft SQL Server Product Version : 7.00.623 Comments : Windows
VirusTotal Report submitted 2012-07-01 18:39:08
VirusShare info last updated 2012-07-26 17:53:43

	MD5	4d26b86619270764fdb6d747e798403a
	SHA1	00f81e5152d1cec0df03caab6ffc77dc42b648b8
	SHA256	bcc75349e2bea8af1dd37f6dfb94b57264d4b14280a28168e3206ebaa0231876
SSDeep	1536:t7U/et9FS/zPtmG+8nsfVk4JxsKuTCrpypTLhje/04vE:VVjEzPtz4kctpUh6M4vE
Size	70144 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/Win32.Menti.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Menti Panda = Suspicious file nProtect = Trojan/W32.Agent.70144.KJ K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!srqc3VhZag0 VBA32 = AdWare.SuperJuan.heur eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R11C2GD Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Menti.lbbr McAfee-GW-Edition = Vundo!jg DrWeb = Trojan.Siggen2.46156 TrendMicro = TROJ_GEN.R11C2GD Kaspersky = Trojan.Win32.Menti.lbbr Microsoft = Trojan:Win32/Vundo.gen!AV ViRobot = Trojan.Win32.Vundo.70144 Fortinet = W32/Kryptik.ANL!tr Jiangmin = Trojan/Menti.y McAfee = Vundo!jg F-Secure = Gen:Variant.Vundo.6 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CI.gen!Eldorado AVG = Generic26.CFHL Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.6 Commtouch = W32/Virtumonde.CI.gen!Eldorado TheHacker = Trojan/Menti.gufq BitDefender = Gen:Variant.Vundo.6 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:12:13 23:23:45-05:00 PE Type : PE32 Linker Version : 5.12 Code Size : 24576 Initialized Data Size : 81920 Uninitialized Data Size : 0 Entry Point : 0x6674 OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.5479.0 Product Version Number : 6.0.5479.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 1 Language Code : English (U.S.) Character Set : Unicode Company Name : SEIKO EPSON CORPORATION File Description : EPSON Printer Driver File Version : 6.0.5479.0 (vbl_wcp_d2_drivers.060616-1619) Internal Name : ep0lvrae.dll Legal Copyright : Copyright (c) SEIKO EPSON CORPORATION 2003-2004. All rights reserved. Original Filename : ep0lvrae.dll Product Name : EPSON Printer Driver Product Version : 6.0.5479.0
VirusTotal Report submitted 2012-03-22 21:37:50
VirusShare info last updated 2012-07-26 17:54:02

	MD5	ef55f44d0ddd30f984284fd2e53d1467
	SHA1	bd876153aaae88f7baf3a61d2ed71bf59926d05a
	SHA256	1891a010b511c7cecdef916b5ca9e2801529a6b3f667be12aaba852afb035599
SSDeep	1536:a+jQdyabFZEPjKzI/nmKveNfs3Z1Hhakh+6VxK9YJR/:akQ/xZEP+z+mKveNk3TwkhxV4aD
Size	70656 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/Win32.Monder.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Suspicious file Rising = Trojan.Win32.Generic.125F7196 nProtect = Trojan/W32.Vundo.70656.S K7AntiVirus = Trojan VirusBuster = Trojan.Kryptik!1hebBYvb8Xc TrendMicro-HouseCall = TROJ_SPNR.15L511 Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Monder.myit McAfee-GW-Edition = Vundo!mq DrWeb = Trojan.Juan.564 TrendMicro = TROJ_SPNR.15L511 Kaspersky = Trojan.Win32.Monder.myit Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.H!generic Jiangmin = Adware/SuperJuan.ht McAfee = Vundo!mq F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.BZ.gen!Eldorado AVG = Generic25.BPTC Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.13 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.BZ.gen!Eldorado TheHacker = Trojan/Kryptik.itu BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.ITU
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:01:09 06:25:45-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 28160 Initialized Data Size : 78848 Uninitialized Data Size : 0 Entry Point : 0x7b7d OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 4 Language Code : Neutral Character Set : Unicode Company Name : Microsoft Corporation File Description : 32K/64K color VGA\SVGA Display Driver File Version : 5.1.2600.0 (XPClient.010817-1148) Internal Name : vga64k.dll Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : vga64k.dll Product Name : Microsoft® Windows® Operating System Product Version : 5.1.2600.0
VirusTotal Report submitted 2012-07-01 18:59:34
VirusShare info last updated 2012-07-26 17:54:28

	MD5	9c962656f1c77187900ae2924f2a48c0
	SHA1	b93fc3830db968379342bfa9227a6e319060f2d9
	SHA256	be81e1c90b8773d2750038237268558e1e3a3d7e1d211567329c3fd3190fbb1e
SSDeep	1536:F7o4/fZSHoQjVODRJEppbWgaE/GSwIdWwgoUD4vA7jnmDwRfojeomoZW0y:VocfsHo1gppbvulIPIDWA7jneHjeomo/
Size	91136 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-GD [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Variant.91136.S nProtect = Trojan/W32.Monder.91136.BK K7AntiVirus = Riskware VirusBuster = Adware.SuperJuan!PTjCexvUNbw VBA32 = AdWare.SuperJuan.aafi TrendMicro-HouseCall = TROJ_GEN.R21C2DJ Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Artemis!9C962656F1C7 DrWeb = Trojan.Juan.432 TrendMicro = TROJ_GEN.R21C2DJ Kaspersky = Trojan.Win32.Monder.drjy Microsoft = Trojan:Win32/Vundo.gen!AV ViRobot = Trojan.Win32.A.Monder.91136 Fortinet = W32/Monder.BMF!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.H!generic Jiangmin = Adware/SuperJuan.mz McAfee = Artemis!9C962656F1C7 F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic21.CORW Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.13 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Monder.drjy BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.NDC
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:04:23 08:31:46-04:00 PE Type : PE32 Linker Version : 5.0 Code Size : 36864 Initialized Data Size : 98304 Uninitialized Data Size : 0 Entry Point : 0x68da OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 8.1.3124.0 Product Version Number : 8.1.3124.0 File Flags Mask : 0x003f File Flags : Pre-release, Private build File OS : Win32 Object File Type : Executable application File Subtype : 0 Language Code : Neutral Character Set : Unicode Company Name : Ejlwccyyz Drksjuvlnje File Description : Drslhxwea IME 2002 File Version : 8.1.3124.0 Internal Name : MS-IME 2002 Legal Copyright : Copyright (C) 1995-2000 Qfcjsgkmv Zmsfkjxzypx. All rights reserved. Legal Trademarks : XruycnsnrR is a registered trademark of Nikighixo Euphcltvnkl. Xqfinny(TM) is a trademark of Eymmzioeq Wqkjbukmmtj Original Filename : IMEPADSM.DLL Product Name : Rwweklwyu IME 2002 Product Version : 8.1.3124.0
VirusTotal Report submitted 2012-05-23 05:38:04
VirusShare info last updated 2012-07-26 17:54:55

	MD5	c65abb31db8c77812a691374f8480cb6
	SHA1	c0865c5157445977ceeafb10070c412b62f05bcd
	SHA256	24175f4a2b079687aab31baaa8ec8dc0edd79a8e806cb1b2b152a315691eed54
SSDeep	3072:S+HC6rU50oY8ACa/3NcXsm0w6dFzvMqqDLy/eoDbc:UekQ90sDFzkqqDLue
Size	131072 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:Vundo-JX Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/Genetic.gen nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!dy1aLWW2epo eTrust-Vet = Win32/Vundo.HPV!genus TrendMicro-HouseCall = TROJ_GEN.R72C2FU Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Vundo!iy TrendMicro = TROJ_GEN.R72C2FU Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Vundo.IY!tr McAfee = Vundo!iy F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Vundo-JX eSafe = Win32.TRVundo AVG = Generic23.TAQ Norman = W32/Suspicious_Gen2.MYUDO GData = Gen:Variant.Vundo.4 BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:05 18:48:40-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 86016 Initialized Data Size : 86016 Uninitialized Data Size : 0 Entry Point : 0x151a7 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.1.4026.0 Product Version Number : 2.0.0.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : Ncpniezam Kdqqjqacykd File Description : Movie Maker Filters File Version : 2, 1, 4026, 0 Internal Name : WMM2FILT Legal Copyright : Copyright (C) Lfwckqjlh Corp, 2004 Legal Trademarks : Original Filename : WMM2FILT.DLL Private Build : Product Name : Windows Movie Maker Product Version : 2.1.4026.0 Special Build :
VirusTotal Report submitted 2011-07-10 06:12:51
VirusShare info last updated 2012-07-26 17:55:58

	MD5	a67a43cb741eec60b6493bd5546f3526
	SHA1	c0e7d3e97e46dcbc9482828cea5d64ef46e304bb
	SHA256	3f913498858cf54a0d9c6ecc62310366cdb00edbd5786e49cb537e74c7245ec7
SSDeep	3072:Fp/D2XPplcXMs4sZ5kNc00XsoTKl7zktgOBkppIQaS2VVwEHSsFiAZdAJnT8IaJe:n/SXBl36XRvck+YY1J4IaKdVq16
Size	248292 bytes
File Type	PE32 executable (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Crypt.XPACK.Gen2 Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Pirminay Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Dropper/Malware.248292 Panda = Suspicious file K7AntiVirus = Riskware VBA32 = Trojan.Pirminay.aea TrendMicro-HouseCall = TROJ_GEN.R11C2K9 Comodo = TrojWare.Win32.Trojan.Agent.Gen McAfee-GW-Edition = Generic Downloader.x!ens TrendMicro = TROJ_GEN.R11C2K9 Kaspersky = Trojan.Win32.Pirminay.asa Microsoft = TrojanDownloader:Win32/Ponmocup.A PCTools = Trojan.ADH Jiangmin = Trojan/Pirminay.yz McAfee = Generic Downloader.x!ens F-Secure = Gen:Trojan.Heur.RP.pq1@aaHLmhji VIPRE = Packed.Win32.Pirminay.a (v) Avast5 = Win32:Malware-gen F-Prot = W32/FakeAlert.LP.gen!Eldorado AVG = Generic19.BOLW Norman = W32/Suspicious_Gen2.FIZDV Sophos = Mal/Generic-L Symantec = Trojan.ADH GData = Gen:Trojan.Heur.RP.pq1@aaHLmhji Commtouch = W32/FakeAlert.LP.gen!Eldorado TheHacker = Trojan/Kryptik.hkb BitDefender = Gen:Trojan.Heur.RP.pq1@aaHLmhji NOD32 = a variant of Win32/Kryptik.HKB
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:04:17 20:40:52-04:00 PE Type : PE32 Linker Version : 4.20 Code Size : 11264 Initialized Data Size : 468992 Uninitialized Data Size : 0 Entry Point : 0x3a08 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 4.0.2.5322 Product Version Number : 4.0.2.5322 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Microsoft FrontPage VSS Interface DLL File Version : 4.0.2.5322 Original Filename : FP30VSS.DLL Legal Copyright : Copyright © 1995-1999 Microsoft Corporation, All rights reserved. Legal Trademark 1 : Microsoft®, Windows®, and FrontPage® are registered trademarks of Microsoft Corporation, and WebBot is a trademark of Microsoft Corporation, in the United States and/or other countries. Product Name : Microsoft® FrontPage® 2000 Product Version : 4.0.2.5322
VirusTotal Report submitted 2011-06-23 08:22:44
VirusShare info last updated 2012-07-26 17:56:10

	MD5	b91765760cf1e5abb5b9b5e186cd0cd1
	SHA1	c2fef1a17b849a7d7477fd322b757ad167cf04d2
	SHA256	a927bea531a690b4f8cac25878c29d34e2d93c7acafc76f1848fdaccce380035
SSDeep	1536:JBhf4H7G1l7gqFw1yqDh/tYxlFc/JwwAUDN0pvuWHW1q/WcD+Ym:JBhfYy1l7Hw1yqQlFOwwAKYvuWHW1Pc
Size	122880 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.AV.577 Avast = Win32:MalOb-GD [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Spyware/Virtumonde K7AntiVirus = Trojan VirusBuster = Trojan.Monder!jPl16CYViFY TrendMicro-HouseCall = TROJ_SPNR.15L511 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Monder.myxm McAfee-GW-Edition = Vundo!qa DrWeb = Trojan.Virtumod.10251 TrendMicro = TROJ_SPNR.15L511 Kaspersky = Trojan.Win32.Monder.myxm Microsoft = Trojan:Win32/Vundo.gen!AV ViRobot = Trojan.Win32.A.Monder.122880.N Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Vundo TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Monder.abyi McAfee = Vundo!qa F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) eSafe = Win32.Trojan F-Prot = W32/Virtumonde.SW AVG = Generic22.VZI Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = Trojan.Vundo!gen9 Commtouch = W32/Virtumonde.SW TheHacker = Trojan/Monder.mkog BitDefender = Gen:Variant.Vundo.4 NOD32 = probably a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:31 12:52:00-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 28672 Initialized Data Size : 126976 Uninitialized Data Size : 0 Entry Point : 0x4191 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.6.0.8820 Product Version Number : 5.6.0.8820 File Flags Mask : 0x0003 File Flags : (none) File OS : Win32 Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Zrrvjhlxa Xxkkdbbfipg File Description : Tzgjeklgi (r) Ubvnnpr Based Script Host File Version : 5.6.0.8820 Internal Name : wscript.exe Legal Copyright : Copyright © Iuhodjotu Corp. 2002 Original Filename : wscript.exe Product Name : Chdwcsmae (r) Wukkftq Script Host Product Version : 5.6.0.8820
VirusTotal Report submitted 2012-07-01 21:55:38
VirusShare info last updated 2012-07-26 17:57:22

	MD5	12220778b3b1202a452e1fa818d45214
	SHA1	0a1d9d0080bb06ef28eaeabe4f53c36ecc1f593c
	SHA256	c3b43053151cfb76b6fdba308534af53e7483f7cf55a779da7dc21ded18c82a9
SSDeep	1536:VPGz7Ysw6qJiVTN5tSUrTVG6XijYqLERpK2iKAXM3QGopC/1tJ:AYsH9PrdXiOfQGopC/fJ
Size	114176 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.AV.572 Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.FakeAV Panda = Trj/Genetic.gen K7AntiVirus = Riskware VirusBuster = Trojan.Monder!CdUuFLiPLR4 eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_MONDR.SMUM Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Vundo!ll DrWeb = Trojan.Virtumod.9851 TrendMicro = TROJ_MONDR.SMUM Kaspersky = Trojan.Win32.Monder.drjy Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Monder.BMF!tr PCTools = Trojan.Gen Jiangmin = Trojan/Monder.aamm McAfee = Vundo!ll F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.CFBI Norman = Monder.M Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.13 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.lxf BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:06:17 01:37:32-04:00 PE Type : PE32 Linker Version : 5.12 Code Size : 57344 Initialized Data Size : 102400 Uninitialized Data Size : 0 Entry Point : 0xafd6 OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 9.0.32.3 Product Version Number : 9.0.32.3 File Flags Mask : 0x003f File Flags : Pre-release File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 6 Language Code : English (U.S.) Character Set : Unicode Company Name : Marvell File Description : NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller File Version : 9.0.32.3 built by: WinDDK Internal Name : YK60X86.sys Legal Copyright : ©Copyright 2002-2006 Marvell®. All rights reserved. Original Filename : YK60X86.sys Product Name : Marvell Yukon Ethernet Controller Product Version : 9.0.32.3
VirusTotal Report submitted 2012-04-26 10:37:31
VirusShare info last updated 2012-07-26 17:58:02

	MD5	9f6d6893f587860ac65b413d6736a654
	SHA1	c41a0afd81437141c19fa6a789dcd440dc738fa3
	SHA256	09fc48de09c444aeedd93a9426f8c8508a84e0143745adaa83e65856b961a67b
SSDeep	3072:S+O96rU50oY8ACAxQqcXH6tEdFz3MqqDLy/+oDbc:aek0/0HjFz8qqDLu+
Size	131072 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-HF [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/Genetic.gen nProtect = Trojan/W32.Genome.131072.E K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!3dpqwEvO2E4 TrendMicro-HouseCall = TROJ_GEN.R72C2FU Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Artemis!9F6D6893F587 DrWeb = Trojan.WinSpy.1185 TrendMicro = TROJ_GEN.R72C2FU Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Generic.impz McAfee = Artemis!9F6D6893F587 F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Generic!BT eSafe = Win32.TRVundo F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.TBX Norman = Vundo.UVS Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.lxf BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:05 18:48:40-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 86016 Initialized Data Size : 86016 Uninitialized Data Size : 0 Entry Point : 0x151a7 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.1.4026.0 Product Version Number : 2.0.0.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : Ncpniezam Kdqqjqacykd File Description : Movie Maker Filters File Version : 2, 1, 4026, 0 Internal Name : WMM2FILT Legal Copyright : Copyright (C) Lfwckqjlh Corp, 2004 Legal Trademarks : Original Filename : WMM2FILT.DLL Private Build : Product Name : Windows Movie Maker Product Version : 2.1.4026.0 Special Build :
VirusTotal Report submitted 2012-05-25 02:20:09
VirusShare info last updated 2012-07-26 17:58:26

	MD5	bd0ae76d3e323e8889843fcbb4123a74
	SHA1	c6fe70bf73408ad8b93db6f2eb620ffa9ab56e04
	SHA256	ce5afa4442a7bc8f22c29d1dd4406cd2f8640963976581ccd74d465169fb108d
SSDeep	1536:IuDiG5DdPLNE+AzkbIy4tSMzCmxJSZPxvx3EgIWg:IKiG5dLNE+AzkbIy4tXzcZJJUgv
Size	70144 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Menti Panda = Suspicious file nProtect = Trojan/W32.Vundo.70144.P K7AntiVirus = Trojan VBA32 = AdWare.SuperJuan.heur TrendMicro-HouseCall = TROJ_GEN.R4FC2IH Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Menti.ingv SUPERAntiSpyware = Trojan.Agent/Gen-Vonder McAfee-GW-Edition = Vundo!pz DrWeb = Trojan.Siggen2.34690 TrendMicro = TROJ_GEN.R4FC2IH Kaspersky = Trojan.Win32.Menti.ingv Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Generic.dnpg McAfee = Vundo!pz F-Secure = Gen:Variant.Vundo.6 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Cryptic.BTF Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.6 Symantec = Trojan.Gen.2 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Menti.hznl BitDefender = Gen:Variant.Vundo.6 NOD32 = a variant of Win32/Kryptik.JHE
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:12:12 13:42:30-05:00 PE Type : PE32 Linker Version : 5.12 Code Size : 26624 Initialized Data Size : 79872 Uninitialized Data Size : 0 Entry Point : 0x74aa OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7000.0 Product Version Number : 6.1.7000.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : SSDP Service DLL File Version : 6.1.7000.0 (winmain_win7beta.081212-1400) Internal Name : ssdpsrv.dll Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : ssdpsrv.dll Product Name : Microsoft® Windows® Operating System Product Version : 6.1.7000.0
VirusTotal Report submitted 2012-07-01 23:02:59
VirusShare info last updated 2012-07-26 18:01:28

	MD5	c28eb96e6638bcf0c137e3907d5f9fb7
	SHA1	c811fcf40340c3da6708e1b459900efeddb8f38c
	SHA256	b319bacaf790a14f5c4f172370eb065891e52b8a7f8883cf23efa70a52b6be49
SSDeep	1536:U4UwSC/UXuY28bQJjml9I3k3lQ36QDkUhB1:U9wx8b20QJj83lQ39ku
Size	49664 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:MalOb-GH [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Trj/Genetic.gen nProtect = Trojan/W32.Small.49664.EE K7AntiVirus = Trojan VirusBuster = Trojan.Kryptik.Gen.26 TrendMicro-HouseCall = TROJ_GEN.R21C7IU Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Monder.mtaj McAfee-GW-Edition = Vundo!kg DrWeb = Trojan.WinSpy.1071 TrendMicro = TROJ_GEN.R21C7IU Kaspersky = Trojan.Win32.Monder.mtaj Microsoft = Trojan:Win32/Vundo.gen!AV ViRobot = Trojan.Win32.Vundo.49664 Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Generic.isio McAfee = Vundo!kg F-Secure = Gen:Variant.Buzy.4423 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.ST AVG = Cryptic.DQQ Norman = W32/Kryptik.AKE Sophos = Troj/Virtum-Gen GData = Gen:Variant.Buzy.4423 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.ST TheHacker = Trojan/Kryptik.ocu BitDefender = Gen:Variant.Buzy.4423 NOD32 = a variant of Win32/Kryptik.OCU
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2004:08:16 10:16:46-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 40960 Initialized Data Size : 49152 Uninitialized Data Size : 0 Entry Point : 0xaeb1 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2001.12.4414.258 Product Version Number : 3.0.0.4414 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Windows, Latin1 Company Name : Yzwibhlqj Ewifvhxbtkz File Description : Simple Kernel-mode File-based Log File Version : 2001.12.4414.258 Internal Name : txflog.sys Legal Copyright : Copyright (C) Microsoft Corp. 1995-1999 Legal Trademarks : Qfvwqsgxa(R) is a registered trademark of Ighyzngxg Psbzwdzhbpn. Pbnyczd(TM) is a trademark of Zlpagiibr Klpywuagrfb Product Name : COM Services Product Version : 03.00.00.4414
VirusTotal Report submitted 2012-07-01 23:27:34
VirusShare info last updated 2012-07-26 18:02:17

	MD5	d93a19965439fb63fa3ef345255e8e26
	SHA1	c90399fd8353efbc1ad1318ae14eb0a354e6dca1
	SHA256	1a6bf80d8f1cc8879c0cc7daa2e52ccddbecbd6629edf734a4e8dac975b01dba
SSDeep	1536:LJhU9FCrg6r83LGq8yPeS9wvigm32o33xAtqYczAnOVyiMIfqftJ:LQJ62O8eSKiH3f30JnO8vtJ
Size	98304 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-GD [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Menti Panda = Suspicious file nProtect = Trojan/W32.Agent.98304.AIM K7AntiVirus = Trojan VBA32 = AdWare.SuperJuan.heur TrendMicro-HouseCall = TROJ_SPNR.15KH11 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Vundo.Gen McAfee-GW-Edition = Vundo!pz DrWeb = Trojan.Siggen3.4389 TrendMicro = TROJ_SPNR.15KH11 Kaspersky = Trojan.Win32.Menti.imoo Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Menti.fam!tr PCTools = Trojan.Vundo TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Generic.cxtq McAfee = Vundo!pz F-Secure = Gen:Variant.Katusha.5 VIPRE = Trojan.Win32.Kryptik.laq (v) eSafe = Win32.Trojan F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic26.ALFT Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Katusha.5 Symantec = Trojan.Vundo!gen9 Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Gen:Variant.Katusha.5 NOD32 = a variant of Win32/Adware.Virtumonde.NKN
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:11:09 09:47:32-05:00 PE Type : PE32 Linker Version : 5.12 Code Size : 77824 Initialized Data Size : 53248 Uninitialized Data Size : 0 Entry Point : 0x13cde OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.1241 Product Version Number : 5.2.3790.1241 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : Microsoft Corporation File Description : Microsoft Linguistically Enhanced Wave File Output Engine File Version : 5.2.3790.1241 Internal Name : MSLWVTTS Legal Copyright : Copyright (C) Microsoft Corp. 1997-98 Legal Trademarks : Original Filename : MSLWVTTS.DLL Private Build : Product Name : Microsoft Linguistically Enhanced Wave File Output Engine Product Version : 5.2.3790.1241 Special Build :
VirusTotal Report submitted 2012-07-01 23:39:53
VirusShare info last updated 2012-07-26 18:02:51

	MD5	719d9effe23c69bae8ae5e84fe3afe30
	SHA1	c9523a0fdfe08df62e5bb8c8a239750b521a57fa
	SHA256	988e6012f024f95c3631797fb0c02a58fbd44b32051b08fe781f287e0ed67cc0
SSDeep	1536:idVysttq3pSU9NEBKwee0uLqdXuWJTctoUS+LapfvpiIAX+yC:O4sDqD9iBv0ynWJTcGUS++ppiIaC
Size	88576 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/Win32.Monder.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Suspicious file Rising = Trojan.Win32.Generic.1258B8D3 nProtect = Trojan/W32.Vundo.88576.DH K7AntiVirus = Trojan VirusBuster = Trojan.Kryptik!1k0uOr0LHBw VBA32 = Trojan.Monder.mlgh TrendMicro-HouseCall = TROJ_GEN.R4FC3D8 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Monder.msho McAfee-GW-Edition = Artemis!719D9EFFE23C DrWeb = Trojan.Virtumod.10249 TrendMicro = TROJ_GEN.R4FC3D8 Kaspersky = Trojan.Win32.Monder.msho Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Monder.abeq McAfee = Artemis!719D9EFFE23C F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.BZ.gen!Eldorado AVG = Crypt_c.CDP Norman = W32/Kryptik.AIF Sophos = Troj/MsPoser-B GData = Gen:Variant.Vundo.13 Symantec = Trojan.Gen.2 Commtouch = W32/Virtumonde.BZ.gen!Eldorado BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.JHJ
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:12:24 16:12:21-05:00 PE Type : PE32 Linker Version : 5.12 Code Size : 41984 Initialized Data Size : 80384 Uninitialized Data Size : 0 Entry Point : 0xb21d OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.2600.0 Product Version Number : 6.0.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Internet Connection Wizard Trial Reminder Helper File Version : 6.00.2600.0000 (xpclient.010817-1148) Internal Name : trialoc Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : trialoc.dll Product Name : Microsoft® Windows® Operating System Product Version : 6.00.2600.0000 Ole Self Register :
VirusTotal Report submitted 2012-07-01 23:44:46
VirusShare info last updated 2012-07-26 18:03:02

	MD5	a1c5de26dff6c0fb50214a5aa019dc0a
	SHA1	c987d08cae02da5d8914aa1614a48e4e3b705ea9
	SHA256	320195d4917a6a29c2190629c030d5ca80cffa56be78a04efe7c090562b7ab77
SSDeep	6144:v4stKngNkiF5WN+2g9MDZBANJG8qSRHy2N/LZ5vlVXxq:rtyLNTg9MDZBubDtzDxq
Size	354816 bytes
File Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Detections	AntiVir = TR/Kazy.15607.2 Avast = Win32:Pirminay-BK [Trj] Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Malware.354816.E Panda = Suspicious file nProtect = Trojan/W32.Pirminay.354816 K7AntiVirus = Riskware VirusBuster = Trojan.Pirminay!TbnERF20fL0 VBA32 = Trojan.Pirminay.irh TrendMicro-HouseCall = TROJ_RENOS.BMC Comodo = TrojWare.Win32.Trojan.Agent.Gen Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Generic.dx!zvs DrWeb = Trojan.MulDrop2.36782 TrendMicro = TROJ_RENOS.BMC Kaspersky = Trojan.Win32.Pirminay.irh Microsoft = TrojanDownloader:Win32/Renos.KC ViRobot = Trojan.Win32.A.Pirminay.354816[UPX] Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen McAfee = Generic.dx!zvs F-Secure = Trojan.Generic.KDV.594632 VIPRE = Trojan.Win32.Generic!BT eSafe = Win32.GenVariant.Kaz AVG = Generic23.QTS Norman = W32/Obfuscated.L Sophos = Troj/Virtum-Gen GData = Trojan.Generic.KDV.594632 Symantec = Trojan.Gen TheHacker = Trojan/Pirminay.irh BitDefender = Trojan.Generic.KDV.594632 NOD32 = a variant of Win32/Kryptik.LLT
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:01:05 15:24:14-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 356352 Initialized Data Size : 4096 Uninitialized Data Size : 438272 Entry Point : 0xc1f30 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 0.3.1536.0 Product Version Number : 1.0.2.82 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 1 Language Code : English (U.S.) Character Set : Unicode Company Name : CANON INC. File Description : Canon Inkjet Printer Driver File Version : 1.00.2.82 (vbl_wcp_d2_drivers.060831-0027) Internal Name : CNBO155.DLL Legal Copyright : Copyright CANON INC. 2006 All Rights Reserved Original Filename : CNBO155.DLL Product Name : Canon Inkjet Printer Driver Product Version : 1.00.2.82
VirusTotal Report submitted 2012-05-20 08:15:52
VirusShare info last updated 2012-07-26 18:03:10

	MD5	d4a37cd07309e62326fd55bc1f7c8f28
	SHA1	c9890ea98b04265e820eaa31777301cbf9f07ad3
	SHA256	232897e57b5d435689e30dcda9f2efac10e2d4eccd87a6d90153dc0a81e379fb
SSDeep	6144:3Du3oWO+SP5VAnRdduazUzkzbJTFQUQ5vnTwjin9pZlf2C:3izOzYPduaqk/IdFTd/b2
Size	231936 bytes
File Type	PE32 executable (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Crypt.XPACK.Gen Avast = Win32:Crypt-KON [Trj] Antiy-AVL = Trojan/Win32.Jorik Ikarus = Trojan.Win32.Jorik AhnLab-V3 = Trojan/Win32.Jorik Panda = Trj/CI.A K7AntiVirus = Trojan VirusBuster = Trojan.Kryptik!axYVB0vTTRY VBA32 = Trojan.Jorik.Pirminay.air TrendMicro-HouseCall = TROJ_GEN.R4FC1K3 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Jorik!IK CAT-QuickHeal = Trojan.Jorik.Pirminay.atb McAfee-GW-Edition = Heuristic.LooksLike.Win32.Suspicious.B DrWeb = Trojan.Fakealert.27881 TrendMicro = TROJ_GEN.R4FC1K3 Kaspersky = Trojan.Win32.Jorik.Pirminay.atb Microsoft = Trojan:Win32/Vundo.gen!CD Fortinet = W32/Jorik_Pirminay.A!tr PCTools = Trojan.Gen Jiangmin = Trojan/Jorik.tpj McAfee = Generic.evx!bd F-Secure = Gen:Variant.Graftor.1488 VIPRE = Trojan.Win32.Generic!BT AVG = SHeur4.ETQ Norman = W32/Suspicious_Gen2.RYSQM Sophos = Mal/Generic-L GData = Gen:Variant.Graftor.1488 Symantec = Trojan.Gen.2 TheHacker = Trojan/Jorik.Pirminay.atb BitDefender = Gen:Variant.Graftor.1488 NOD32 = a variant of Win32/Kryptik.UEO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 28672 Initialized Data Size : 212992 Uninitialized Data Size : 0 Entry Point : 0x154b OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 4.11.21.0 Product Version Number : 4.11.21.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : U.S. Robotics Zzfvsetdsnn File Description : U.S. Robotics voice pump File Version : 4. 11. 21 Internal Name : 3c1807vp Legal Copyright : Copyright © 2000 U.S. Robotics Mnagmmijkas Legal Trademarks : Original Filename : 3c1807vp.dll Private Build : Product Name : U.S. Robotics Modem Driver Product Version : 4. 11. 21 Special Build :
VirusTotal Report submitted 2012-07-01 23:48:03
VirusShare info last updated 2012-07-26 18:03:10

	MD5	b2e864a39a84f6682fbc32343ebb8ac8
	SHA1	c9b43bb7bc2901ec13015d98bb17b379aac72d91
	SHA256	668f0b183c20c00f2cc6620842fb9d24983907c622c5901c21cee1a706c9bbda
SSDeep	1536:ELjEi5smad761HeHLSui+xoXMqqU+NV23S2V9FSRc6auNsYpe0qa:/vdmV+xoXMqqDLy/cG6abYFq
Size	113664 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Gen Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.4 TrendMicro-HouseCall = TROJ_GEN.R1BC2G1 Comodo = UnclassifiedMalware McAfee-GW-Edition = Artemis!B2E864A39A84 DrWeb = Trojan.Smardec.75 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo PCTools = Trojan.Gen Jiangmin = Trojan/Generic.gtrv McAfee = Artemis!B2E864A39A84 F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Malware-gen eSafe = Win32.TRVundo AVG = Generic23.FNK Symantec = Trojan.Gen GData = Gen:Variant.Vundo.4 BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.NPR
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:01:26 01:06:21-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 36864 Initialized Data Size : 126976 Uninitialized Data Size : 0 Entry Point : 0x62b2 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.2600.1 Product Version Number : 6.0.2600.1 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Tihztqwgg Ucasiwoinfv File Description : Logging UI Components File Version : 6.0.2600.0 (ugoabswj.010817-1148) Internal Name : Logging UI Components Legal Copyright : © Nvbqnmdfs Ranckkfncha. All rights reserved. Original Filename : logui.ocx Product Name : Internet Information Services Product Version : 6.0.2600.0
VirusTotal Report submitted 2011-07-01 17:34:20
VirusShare info last updated 2012-07-26 18:03:14

	MD5	c8a88f77c49ab0341a4949ecf58919e8
	SHA1	ca4c91dc0f7029642d0298be108178aaee287a9c
	SHA256	4ea99423a327b041656f30106763ab4728fec62cbafdd1da0abbd5d88ff462c3
SSDeep	3072:S+rm6rU50oY8ACEItZlcX9q+LdFz5MqqDLy/VoDbc:Yekxp09nFzSqqDLuV
Size	131072 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:Vundo-JX [Trj] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/Genetic.gen nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!9Ja7fKorj8c eTrust-Vet = Win32/Vundo.HPV!genus TrendMicro-HouseCall = TROJ_GEN.R72C2FU Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Generic.dx!zvy TrendMicro = TROJ_GEN.R72C2FU Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Dx.ZVY!tr McAfee = Generic.dx!zvy F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Vundo-JX [Trj] eSafe = Win32.TRVundo AVG = Generic23.TEP Norman = W32/Suspicious_Gen2.MYTZC GData = Gen:Variant.Vundo.4 BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:05 18:48:40-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 86016 Initialized Data Size : 86016 Uninitialized Data Size : 0 Entry Point : 0x151a7 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.1.4026.0 Product Version Number : 2.0.0.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : Ncpniezam Kdqqjqacykd File Description : Movie Maker Filters File Version : 2, 1, 4026, 0 Internal Name : WMM2FILT Legal Copyright : Copyright (C) Lfwckqjlh Corp, 2004 Legal Trademarks : Original Filename : WMM2FILT.DLL Private Build : Product Name : Windows Movie Maker Product Version : 2.1.4026.0 Special Build :
VirusTotal Report submitted 2011-07-10 06:27:48
VirusShare info last updated 2012-07-26 18:03:32

	MD5	9afb9cf34fbe5acf9756b36cb9bb66b6
	SHA1	cbdc4479f5179f9ad2af2012a0d08474cdf23180
	SHA256	e12f278791afb84c0445a6b97aa90024df739763326ae85ef2f21183a7928483
SSDeep	3072:ONXYagYSq6xcUS/uQPsjO5oNROj6GYyiLFON+ZAc+lqH:ONXYJ6qQPuckxyTwZjL
Size	135168 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.AV.574 Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Genome Panda = Generic Malware Rising = Trojan.Win32.Generic.12944C23 nProtect = Trojan/W32.Vundo.135168.B K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!AUyB4o+TMOE TrendMicro-HouseCall = TROJ_GEN.R1BC2FH Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[RE] McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.WinSpy.1229 TrendMicro = TROJ_GEN.R1BC2FH Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.irkc McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.13 VIPRE = Virtumonde F-Prot = W32/Virtumonde.CD.gen!Eldorado AVG = Generic22.BZCG Norman = W32/Suspicious_Gen2.QFGDI Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.13 Symantec = Trojan.Gen.2 Commtouch = W32/Virtumonde.CD.gen!Eldorado TheHacker = Trojan/Kryptik.llt BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.LLT
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:11:23 12:22:02-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 106496 Initialized Data Size : 61440 Uninitialized Data Size : 0 Entry Point : 0x17889 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.0 Product Version Number : 5.2.3790.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Neshbidro Gdaeuxfmozv File Description : WIA Video File Version : 5.2.3790.0 (srv03_rtm.030324-2048) Internal Name : WIA Video Legal Copyright : © Urbjjpmzq Gjltvmzbric. All rights reserved. Original Filename : WIAVIDEO.DLL Product Name : Ujanimkrv® Acjdkou® Tgwygwffc Lgwmsd Product Version : 5.2.3790.0
VirusTotal Report submitted 2011-11-27 05:34:03
VirusShare info last updated 2012-07-26 18:04:26

	MD5	965c9d8aa7b5754ce1ce273680133f23
	SHA1	ce25007b82810bde2d776f806eac27c60375ce9b
	SHA256	ed6c36f35b3cbbc00a2144087c8dac7ef5d8ee5e1fa4d65a487d6718962844fe
SSDeep	6144:nYY6EHYNVB7Tj3oUdTC+nIUd1SlqIJ2g/FneYajtal6/:+E2VB7TEUdTCtZJ2uFJa5w6/
Size	308121 bytes
File Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Detections	AntiVir = TR/Dldr.Ponmocup.A.292 Avast = Win32:Kryptik-DEL [Trj] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/CI.A nProtect = Trojan.Generic.KDV.253107 K7AntiVirus = Riskware VirusBuster = Trojan.Agent!TVaPlnzJ4Xg TrendMicro-HouseCall = TROJ_SPNR.15L611 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Pirminay.pcd McAfee-GW-Edition = Downloader.a!vl DrWeb = Trojan.Hosts.4835 TrendMicro = TROJ_SPNR.15L611 Kaspersky = Trojan.Win32.Pirminay.pcd Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Kryptik.ANL!tr PCTools = Downloader.Generic Jiangmin = Trojan/Pirminay.adt McAfee = Downloader.a!vl F-Secure = Trojan.Generic.KDV.253107 VIPRE = Trojan.Win32.Generic!BT AVG = Generic23.FEY Norman = W32/Kryptik.AIF Sophos = Mal/Ponmocup-A GData = Trojan.Generic.KDV.253107 Symantec = Downloader TheHacker = Trojan/Pirminay.ihh BitDefender = Trojan.Generic.KDV.253107 NOD32 = probably a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:21 09:36:59-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 307200 Initialized Data Size : 4096 Uninitialized Data Size : 393216 Entry Point : 0xab470 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.5479.0 Product Version Number : 6.0.5479.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 1 Language Code : English (U.S.) Character Set : Unicode Company Name : SEIKO EPSON CORPORATION File Description : EPSON Printer Driver File Version : 6.0.5479.0 (vbl_wcp_d2_drivers.060616-1619) Internal Name : ep0lvr1f.dll Legal Copyright : Copyright (c) SEIKO EPSON CORPORATION 2003-2004. All rights reserved. Original Filename : ep0lvr1f.dll Product Name : EPSON Printer Driver Product Version : 6.0.5479.0
VirusTotal Report submitted 2012-07-02 01:12:05
VirusShare info last updated 2012-07-26 18:05:56

	MD5	bbf6b74385ac821272a352852be39003
	SHA1	ce8937218e5e59cc5c19f3fc64384e294cb6fff9
	SHA256	efa18d93c2c33b75f1d1d3c4cc91739b8015d7b0d301a1e82f052e32d3b37334
SSDeep	3072:S+Lm6rU50oY8ACBykXcXljeRJdFzWMqqDLy/3oDbc:AekGa0lwFzdqqDLu3
Size	131072 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-HF [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/Genetic.gen Rising = Trojan.Win32.Generic.12897F2C nProtect = Trojan/W32.Genome.131072.E K7AntiVirus = Riskware VirusBuster = Trojan.Vundo.AKMH TrendMicro-HouseCall = TROJ_GEN.R72C2G9 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Win32.Vundo.av5.ML McAfee-GW-Edition = Vundo!my DrWeb = Trojan.WinSpy.1185 TrendMicro = TROJ_GEN.R72C2G9 Kaspersky = Trojan.Win32.Genome.subo Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Generic.imok McAfee = Vundo!my F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Generic!BT eSafe = Win32.TRVundo F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.YDO Norman = Vundo.UVS Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.lxf BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:05 18:48:40-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 86016 Initialized Data Size : 86016 Uninitialized Data Size : 0 Entry Point : 0x151a7 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.1.4026.0 Product Version Number : 2.0.0.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : Ncpniezam Kdqqjqacykd File Description : Movie Maker Filters File Version : 2, 1, 4026, 0 Internal Name : WMM2FILT Legal Copyright : Copyright (C) Lfwckqjlh Corp, 2004 Legal Trademarks : Original Filename : WMM2FILT.DLL Private Build : Product Name : Windows Movie Maker Product Version : 2.1.4026.0 Special Build :
VirusTotal Report submitted 2012-06-21 23:43:21
VirusShare info last updated 2012-07-26 18:06:12

	MD5	fdaf422150e73ead561b2dab1c40620a
	SHA1	cec9f64ac8ba87cdd58cb685804cd89d8e3d6f5c
	SHA256	0899ee15ca3f1d83e4dd2f0742894447654713416ba738f7cf2a288c188bc209
SSDeep	1536:8DCHD3NOj2tHNc4/TM4JHlCLYo0tl4NEzOFXYDOWie0XwQlqfLvkYlwMqqU+NV2y:8A3NOj2ti4o4JEGzFOz98lwMqqDLy/g
Size	106496 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-HH [Cryp] Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Vundo Panda = Trj/CI.A nProtect = Trojan/W32.Genome.106496.O K7AntiVirus = Trojan VirusBuster = Trojan.Kryptik!fuh1WEq+pVc TrendMicro-HouseCall = TROJ_GEN.R4FC2IE Comodo = TrojWare.Win32.Agent.bigv Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Genome.wgdi McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.Click1.63759 TrendMicro = TROJ_GEN.R4FC2IE Kaspersky = Trojan.Win32.Genome.wgdi Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Generic.imqp McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.BIGV Norman = W32/Suspicious_Gen2.QTSGD Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.13 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.qgj BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.QGJ
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2007:02:27 09:16:06-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 69632 Initialized Data Size : 77824 Uninitialized Data Size : 0 Entry Point : 0xd122 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6001.18000 Product Version Number : 6.0.6001.18000 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Akpnpwrcr Pexeeulhuca File Description : LSM interfaces proxy Dll File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840) Internal Name : lsmproxy Legal Copyright : © Tastipylf Ipxebkcrbut. All rights reserved. Original Filename : lsmproxy.dll Product Name : Rrgtnesae® Tymuurc® Qmgdoyonk Qtzlas Product Version : 6.0.6001.18000
VirusTotal Report submitted 2012-07-02 01:25:16
VirusShare info last updated 2012-07-26 18:06:27

	MD5	b0dc0ccbc8cf5ab695a1c629eebec90a
	SHA1	90a1549f97a331fc1ab63d43096e48610f6375ff
	SHA256	cfb798f4972c8fde2379e60d38d1da0f6deaa116b4f0fdb5edaaf57ce3fc19fa
SSDeep	6144:2rtKZK5W2WEwHU8LINaNybxr2hZK1mr5eNrE0sAJ3HXwh3R8Qo+QqLxf0:ktWUbfILIQNix2h0IV6rrJ38Ho+nS
Size	346632 bytes
File Type	PE32 executable (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Spy.ZBot.34.20 Avast = Win32:Zbot-NAI Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/CI.A VirusBuster = TrojanSpy.ZBot!9dsSJZRxsd0 McAfee-GW-Edition = Artemis!B0DC0CCBC8CF Kaspersky = Trojan.Win32.Pirminay.euz Microsoft = TrojanDownloader:Win32/Ponmocup.A McAfee = Artemis!B0DC0CCBC8CF VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Zbot-NAI AVG = Downloader.Generic11.PRZ Norman = W32/Suspicious_Gen2.KSNCE Sophos = Mal/Generic-L Symantec = Trojan.ADH GData = Gen:Variant.Zbot.34 TheHacker = Trojan/Pirminay.euu BitDefender = Gen:Variant.Zbot.34 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:04:01 11:44:35-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 40960 Initialized Data Size : 593920 Uninitialized Data Size : 0 Entry Point : 0x7a62 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.70.7713.0 Product Version Number : 2.70.7713.0 File Flags Mask : 0x0003 File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Cuaqmupgw Zvdfxguhlya File Description : Fzybndxip Data Access - OLE DB Transaction Proxies/Stubs File Version : 2.70.7713.0 Internal Name : msxactps.dll Legal Copyright : Copyright (C) Hicnhxxwo Corp. 1997-2001 Original Filename : msxactps.dll Product Name : Guxlshbwc Data Access Components Product Version : 2.70.7713.0 Ole Self Register :
VirusTotal Report submitted 2011-04-10 08:28:14
VirusShare info last updated 2012-07-26 18:07:12

	MD5	bd5219e59caecb81c8de58b5dc3d7516
	SHA1	d643df84959a2374aae7db2b0a97f7bb2ba87bb9
	SHA256	807a28f8c865a6d5f419e4a1793effacc12459d555e34b4f49e865eb6fc8d0a1
SSDeep	6144:ubrqTmyrytq40njYb9V2ry+Bg98HPEbDXmyOT0bbhaEWGzNCdEJNu9Gg:yuTmyetqfnjYbqrBq8HPWDTOWbtCdT5
Size	314649 bytes
File Type	PE32 executable (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Dldr.Ponmocup.A.224 Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Pirminay Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Suspicious file nProtect = Gen:Variant.Riern.1 K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_GEN.R26C1FK CAT-QuickHeal = Win32.TrojanDownloader.Renos.KC.4 McAfee-GW-Edition = Generic Downloader.x!ens TrendMicro = TROJ_GEN.R26C1FK Kaspersky = Trojan.Win32.Pirminay.cdw Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Pirminay.A!tr PCTools = HeurEngine.MaliciousPacker McAfee = Generic Downloader.x!ens F-Secure = Gen:Variant.Riern.1 VIPRE = Packed.Win32.Pirminay.a (v) Avast5 = Win32:Malware-gen F-Prot = W32/FakeAlert.LP.gen!Eldorado AVG = Generic23.TAE Norman = W32/Suspicious_Gen2.MXRRV Sophos = Mal/Ponmocup-A Symantec = Packed.Generic.305 GData = Gen:Variant.Riern.1 Commtouch = W32/FakeAlert.LP.gen!Eldorado BitDefender = Gen:Variant.Riern.1 NOD32 = a variant of Win32/Kryptik.GAB
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:10:08 11:45:22-04:00 PE Type : PE32 Linker Version : 5.12 Code Size : 26112 Initialized Data Size : 570368 Uninitialized Data Size : 0 Entry Point : 0x739c OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 3.525.1022.0 Product Version Number : 3.525.1022.0 File Flags Mask : 0x0003 File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Microsoft Data Access - ODBC Driver Generic Thunk File Version : 3.525.1022.0 (srv03_rtm.030324-2048) Internal Name : ODBC32GT Legal Copyright : Copyright (C) Microsoft Corporation 1990-2000 Original Filename : ODBC32GT Product Name : Microsoft Data Access Components Product Version : 3.525.1022.0
VirusTotal Report submitted 2011-06-23 16:02:09
VirusShare info last updated 2012-07-26 18:13:03

	MD5	cf24da61e74fd122159235fdca1b218a
	SHA1	82223a873ab4d08eed1228e410bfbbb33ef9aea0
	SHA256	d7a10ac54482134f83a723591793d5088b29b6a301fc8edfd965b6811a43df78
SSDeep	1536:Fao1PFYZ5TQ+0MiRJEupbWgaE/GSwIdWwgoUD4vA7jnmDwRfojeoZoZW0y:Mo9FYfTzRupbvulIPIDWA7jneHjeoZo/
Size	91136 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.A.928 Antiy-AVL = AdWare/Win32.SuperJuan.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Adware/Win32.SuperJuan Panda = Trj/CI.A VirusBuster = Adware.SuperJuan!M5V7G/rpBec TrendMicro-HouseCall = TROJ_GEN.R21C2DJ Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[RE] McAfee-GW-Edition = Artemis!CF24DA61E74F TrendMicro = TROJ_GEN.R21C2DJ Kaspersky = not-a-virus:AdWare.Win32.SuperJuan.aafd Microsoft = Trojan:Win32/Vundo Fortinet = Adware/SuperJuan PCTools = Trojan.Gen Jiangmin = Adware/SuperJuan.mz McAfee = Artemis!CF24DA61E74F F-Secure = Trojan.Generic.KDV.183935 VIPRE = Virtumonde AVG = Generic21.CORW Norman = W32/Suspicious_Gen2.LBPBQ Symantec = Trojan.Gen GData = Trojan.Generic.KDV.183935 BitDefender = Trojan.Generic.KDV.183935
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:04:23 08:31:46-04:00 PE Type : PE32 Linker Version : 5.0 Code Size : 36864 Initialized Data Size : 98304 Uninitialized Data Size : 0 Entry Point : 0x68da OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 8.1.3124.0 Product Version Number : 8.1.3124.0 File Flags Mask : 0x003f File Flags : Pre-release, Private build File OS : Win32 Object File Type : Executable application File Subtype : 0 Language Code : Neutral Character Set : Unicode Company Name : Ejlwccyyz Drksjuvlnje File Description : Drslhxwea IME 2002 File Version : 8.1.3124.0 Internal Name : MS-IME 2002 Legal Copyright : Copyright (C) 1995-2000 Qfcjsgkmv Zmsfkjxzypx. All rights reserved. Legal Trademarks : XruycnsnrR is a registered trademark of Nikighixo Euphcltvnkl. Xqfinny(TM) is a trademark of Eymmzioeq Wqkjbukmmtj Original Filename : IMEPADSM.DLL Product Name : Rwweklwyu IME 2002 Product Version : 8.1.3124.0
VirusTotal Report submitted 2011-04-24 16:32:22
VirusShare info last updated 2012-07-26 18:14:06

	MD5	30e80e02547b63647ff845c6efd371ea
	SHA1	ebc35b362f89a0b3fafaa236b05a062d0aceeae8
	SHA256	638f9c899d0d364afd3b6215e8184961dc6b61fb0e9dfa40005d4deadaa3203a
SSDeep	1536:A2R5DmLNE+Azk7/yXBSMzCmxJSZPxvx3EAWg:As5yLNE+Azk7/yXBXzcZJJUn
Size	70144 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Menti Panda = Suspicious file Rising = Trojan.Win32.Generic.12762B54 nProtect = Trojan/W32.Vundo.70144.P K7AntiVirus = Riskware VBA32 = AdWare.SuperJuan.heur eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R47C1BC Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Vonder McAfee-GW-Edition = Generic.dx!vrp DrWeb = Trojan.Siggen2.34690 TrendMicro = TROJ_GEN.R47C1BC Kaspersky = Trojan.Win32.Menti.ivc Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.dnpg McAfee = Generic.dx!vrp F-Secure = Gen:Variant.Vundo.6 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Malware!354b AVG = Cryptic.BTF Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.6 Symantec = Trojan.Gen.2 Commtouch = W32/Malware!354b TheHacker = Trojan/Kryptik.jhe BitDefender = Gen:Variant.Vundo.6 NOD32 = a variant of Win32/Kryptik.JHE
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:12:12 13:42:30-05:00 PE Type : PE32 Linker Version : 5.12 Code Size : 26624 Initialized Data Size : 79872 Uninitialized Data Size : 0 Entry Point : 0x74aa OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7000.0 Product Version Number : 6.1.7000.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : SSDP Service DLL File Version : 6.1.7000.0 (winmain_win7beta.081212-1400) Internal Name : ssdpsrv.dll Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : ssdpsrv.dll Product Name : Microsoft® Windows® Operating System Product Version : 6.1.7000.0
VirusTotal Report submitted 2012-02-25 17:03:51
VirusShare info last updated 2012-07-26 18:17:34

	MD5	f68c042cf430bed286f4583ac8384924
	SHA1	7ee4b33573424fa67b8da5de66d7c054b545f350
	SHA256	48e5e133ff126173483475f9d82776453f92340801be9fb86ea9c0aba22b41cb
SSDeep	6144:K9Wo3oBIuIbUf0ktBOKzfXYsMD7+zYBqQ1AD4dYAz:KweprYD2KzXYsQ7+zYt1Y6z
Size	281571 bytes
File Type	MS-DOS executable
Detections	Avast = Win32:Trojan-gen Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan-Downloader.Win32.Ponmocup nProtect = Trojan.Generic.KDV.62138 Emsisoft = Trojan-Downloader.Win32.Ponmocup!IK Kaspersky = Trojan.Win32.Pirminay.aza ViRobot = Trojan.Win32.Pirminay.326144 Jiangmin = Trojan/Pirminay.fl F-Secure = Trojan.Generic.KDV.62138 Prevx = High Risk Cloaked Malware Avast5 = Win32:Trojan-gen GData = Trojan.Generic.KDV.62138 TheHacker = Trojan/Kryptik.hzv BitDefender = Trojan.Generic.KDV.62138 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	Error : Unknown file type
VirusTotal Report submitted 2011-01-21 00:20:29
VirusShare info last updated 2012-07-26 18:17:51

	MD5	e19a7461557da20e2e190cdb039426e1
	SHA1	7f154a133551c87ea85b654cb63f1ebd67db14da
	SHA256	8f04eba303a326f01be16cd71c3a59689c3def757c1952401bd4b852d407533b
SSDeep	1536:kTQNxNHX9h6wjQiM/8FmQKm+rzVlAMnxc3izUv/PyFrzq6O58UkFmyhBWxRAyGOx:kkNxtN3w/0mrrz//xsWUv3yMLvkFm7mw
Size	71680 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay Panda = Suspicious file nProtect = Gen:Variant.Vundo.14 K7AntiVirus = Riskware VBA32 = AdWare.SuperJuan.heur Comodo = TrojWare.Win32.Genome.~BS Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Artemis!E19A7461557D DrWeb = Trojan.Siggen3.485 Kaspersky = Trojan.Win32.Menti.jppn Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr Jiangmin = Trojan/Menti.lmt McAfee = Artemis!E19A7461557D F-Secure = Gen:Variant.Vundo.14 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Cryptic.BTF Norman = W32/Kryptik.AIF GData = Gen:Variant.Vundo.14 Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Gen:Variant.Vundo.14 NOD32 = a variant of Win32/Kryptik.JHE
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:09:07 22:08:08-04:00 PE Type : PE32 Linker Version : 5.12 Code Size : 27136 Initialized Data Size : 81920 Uninitialized Data Size : 0 Entry Point : 0x77be OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 3.0.0.0 Product Version Number : 3.0.0.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Lexmark PCL Plug-in Renderer Company Name : Lexmark International Inc. File Description : Lexmark PCL Plug-in Renderer File Version : 3, 0, 0, 0 Internal Name : LexPCLUni Legal Copyright : Copyright © 1996-2004 Legal Trademarks : Lexmark® is a registered trademark of Lexmark International Inc. Original Filename : LexPCLUni.DLL Private Build : Product Name : Lexmark PCL Plug-in Product Version : 3.0 Special Build :
VirusTotal Report submitted 2011-12-21 14:01:49
VirusShare info last updated 2012-07-26 18:19:03

	MD5	8ed8956189a31c288b284964b48f9ff0
	SHA1	8924e1ba29de483a5a7406e5c75ad930793eab5c
	SHA256	dc8aa4e034ecf95a13b31ff4215e49c72c65c91bb63168b86bde9da0fb1690ca
SSDeep	6144:3ENWWi0N5mF1jRDrqL2nu1RIwaqpakE3u3fBzCeT3j:U80N5w1Rpnk92j3GfBOen
Size	360546 bytes
File Type	PE32 executable (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.ADH Panda = Suspicious file K7AntiVirus = Riskware VirusBuster = Trojan.Agent!fuAmtcQ6OAM VBA32 = Trojan.Pirminay.eyk Emsisoft = Trojan.Win32.Pirminay!IK Comodo = TrojWare.Win32.Trojan.Agent.Gen SUPERAntiSpyware = Trojan.Agent/Gen-Faker McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.DownLoader5.26177 Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Kryptik.ANL!tr Jiangmin = Trojan/Pirminay.zj McAfee = Generic Malware.ms F-Secure = Gen:Variant.Riern.1 VIPRE = Trojan.Win32.Generic!BT AVG = Generic22.HH GData = Gen:Variant.Riern.1 Symantec = Trojan.Gen TheHacker = Trojan/Pirminay.eyi BitDefender = Gen:Variant.Riern.1 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:08:31 17:41:01-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 36864 Initialized Data Size : 643072 Uninitialized Data Size : 0 Entry Point : 0x65f7 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Ojnuuzdqn Nxqibwnjato File Description : OpenGL Utility Library DLL File Version : 6.0.6000.16386 (eecqk_rtm.061101-2205) Internal Name : glu32 Legal Copyright : © Cwqvrtldy Oyebmihvhbe. All rights reserved. Original Filename : glu32 Product Name : Jzuxdfsqw® Frmqskn® Ujcyrosjm Icfpjk Product Version : 6.0.6000.16386
VirusTotal Report submitted 2012-03-26 07:15:02
VirusShare info last updated 2012-07-26 18:24:35

	MD5	3fbd39ddcc8676c09618c05f8f26a9ee
	SHA1	dda37928ea4eb0aef4dad86d5647c5d6b75b06e2
	SHA256	eafdf759bcd1d7ba719ef78199694753eece16dadbf207937900b7e397c62839
SSDeep	1536:2vleR4XCQFYV8k5CgW4OH3gjn/ZZyGf5ZwaqzbTSOA+oVWV52cxz:2vlZSik8gN8gb/ZZyGBobP/v2cxz
Size	84480 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Dldr.Tracur.AG.9 Avast = Win32:MalOb-HO [Cryp] Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan-Downloader.Win32.Tracur AhnLab-V3 = Trojan/Win32.HDC Panda = Trj/CI.A K7AntiVirus = Trojan VBA32 = Trojan.Rundup.q TrendMicro-HouseCall = TROJ_GEN.R4FC7K3 Emsisoft = Trojan-Downloader.Win32.Tracur!IK Comodo = TrojWare.Win32.Kryptik.BMNB CAT-QuickHeal = Trojan.Tracur.Gen SUPERAntiSpyware = Trojan.Agent/Gen-MSFake McAfee-GW-Edition = Downloader-BMN.gen.e DrWeb = Trojan.Hosts.5080 TrendMicro = TROJ_GEN.R4FC7K3 Kaspersky = Trojan.Win32.Rundup.q Microsoft = Trojan:Win32/Tracur.AI Fortinet = W32/Kryptik.UQZ!tr PCTools = Trojan.Gen TotalDefense = Win32/Tracur.GD Jiangmin = Trojan/Pirminay.aok McAfee = Downloader-BMN.gen.e F-Secure = Gen:Variant.Kazy.40446 VIPRE = Trojan.Win32.Generic!BT F-Prot = W32/SuspPack.DW.gen!Eldorado AVG = Generic25.AGKO Norman = W32/Kazy.NA Sophos = Mal/Generic-L GData = Gen:Variant.Kazy.40446 Symantec = Trojan.Gen.2 Commtouch = W32/SuspPack.DW.gen!Eldorado TheHacker = Trojan/Kryptik.ucc BitDefender = Gen:Variant.Kazy.40446 NOD32 = a variant of Win32/Kryptik.UCC
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2007:02:06 13:43:34-05:00 PE Type : PE32 Linker Version : 5.1 Code Size : 57856 Initialized Data Size : 16384 Uninitialized Data Size : 126976 Entry Point : 0x2b62 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Unimodem Service Provider AT Mini Driver File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : UNIMDMAT Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : UNIMDMAT.DLL Product Name : Microsoft® Windows® Operating System Product Version : 6.1.7600.16385
VirusTotal Report submitted 2012-07-02 06:16:33
VirusShare info last updated 2012-07-26 18:25:33

	MD5	a0e05f3c450baadc9a5550bc4798cddd
	SHA1	e134232063eb7b43f3797b2dc2b7dea453535136
	SHA256	88b2a82f711206db518b72929f6a7fa05dc12037624f55317b68b1a934e31433
SSDeep	12288:zZV3UwHzRblv8ej9nUNJsuR6WOkP0QNigsv7Oq:z3fiTUWOkP0Q/sv7f
Size	437637 bytes
File Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Detections	AntiVir = TR/Spy.437866 Avast = Win32:Pirminay-AF [Trj] Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.ADH Panda = Suspicious file nProtect = Trojan.Generic.6143563 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!uneHLZYQHQI TrendMicro-HouseCall = TROJ_RENOS.BMC Comodo = TrojWare.Win32.Trojan.Agent.Gen Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Downloader.a!el DrWeb = Trojan.DownLoader4.60579 TrendMicro = TROJ_RENOS.BMC Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = PossibleThreat PCTools = Trojan.Gen Jiangmin = Trojan/Generic.gook McAfee = Downloader.a!el ClamAV = Trojan.Genome-278 F-Secure = Trojan.Generic.6143563 VIPRE = Trojan.Win32.Generic!BT AVG = Generic23.AWP Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Trojan.Generic.6143563 Symantec = Trojan.Gen TheHacker = Trojan/Genome.ubqm BitDefender = Trojan.Generic.6143563 NOD32 = probably a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:11:12 17:13:46-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 438272 Initialized Data Size : 4096 Uninitialized Data Size : 569344 Entry Point : 0xf5ea0 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 8.1.7502.0 Product Version Number : 8.1.7502.0 File Flags Mask : 0x003f File Flags : Private build File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Grcsghpus Tjhpdhewehv File Description : XML Resources for Win32 File Version : 8.1.7502.0 Internal Name : MSXML2R.dll Legal Copyright : © Uquwxhtdg Aiclybqecqs. All rights reserved. Original Filename : MSXML2R.dll Product Name : Yijlbpifg Data Access Components Product Version : 8.1.7502.0 Ole Self Register :
VirusTotal Report submitted 2012-04-04 17:20:01
VirusShare info last updated 2012-07-26 18:28:46

	MD5	9a2d57332aad0bda8aa1e3458ae54af8
	SHA1	e24b83fc6878622cd33b1fcaf1e3f89061352266
	SHA256	6fdede69b55d129fb140263046ee2b402fc2ef60befef057ecc70fef38ebf026
SSDeep	3072:S+zfw6rU50oY8ACKZpN8cXJkbD6SdFzbMqqDLy/9oDbc:xYek8Le0Jk9FzYqqDLu9
Size	131072 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-HF [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/Genetic.gen Rising = Trojan.Win32.Generic.128E186E nProtect = Trojan/W32.Genome.131072.E K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!Cwzs5WdEZWc eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R72C2FT Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Vundo.av McAfee-GW-Edition = Artemis!9A2D57332AAD DrWeb = Trojan.WinSpy.1185 TrendMicro = TROJ_GEN.R72C2FT Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr Jiangmin = Trojan/Generic.ksxe McAfee = Artemis!9A2D57332AAD F-Secure = Gen:Variant.Vundo.4 VIPRE = Virtumonde eSafe = Win32.TRVundo F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.SNV Norman = Vundo.UVS Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.lxf BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:05 18:48:40-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 86016 Initialized Data Size : 86016 Uninitialized Data Size : 0 Entry Point : 0x151a7 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.1.4026.0 Product Version Number : 2.0.0.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : Ncpniezam Kdqqjqacykd File Description : Movie Maker Filters File Version : 2, 1, 4026, 0 Internal Name : WMM2FILT Legal Copyright : Copyright (C) Lfwckqjlh Corp, 2004 Legal Trademarks : Original Filename : WMM2FILT.DLL Private Build : Product Name : Windows Movie Maker Product Version : 2.1.4026.0 Special Build :
VirusTotal Report submitted 2012-04-04 19:38:05
VirusShare info last updated 2012-07-26 18:29:34

	MD5	6f628d60fc96c3526c9ede441058272b
	SHA1	e32cf91e955a3647b0331f8ad4662e3b571c8c66
	SHA256	6a25269b225247917da5ece0b8f089d76911725ca62094c54bb907d3492d2af8
SSDeep	1536:GesG0tYsfwEhXRISKrbBB72FimYFr16V:GeVEYsoEdRCdB7oW56V
Size	57856 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-HH [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Suspicious file Rising = Trojan.Win32.Generic.125330A3 nProtect = Trojan/W32.Pirminay.57856 K7AntiVirus = Trojan VirusBuster = Trojan.Pirminay!GktsMv/6rSE VBA32 = Trojan.Pirminay.knz TrendMicro-HouseCall = TROJ_SPNR.15KO11 Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Pirminay.pbx McAfee-GW-Edition = Artemis!6F628D60FC96 DrWeb = Trojan.WinSpy.952 TrendMicro = TROJ_SPNR.15KO11 Kaspersky = Trojan.Win32.Pirminay.pbx Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Pirminay.ed McAfee = Artemis!6F628D60FC96 F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.BZ.gen!Eldorado AVG = Crypt_c.CDR Norman = W32/Kryptik.AIF GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.BZ.gen!Eldorado BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.HHF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:08:26 15:09:38-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 50688 Initialized Data Size : 41984 Uninitialized Data Size : 0 Entry Point : 0xd439 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Remote Access Device DLL for modems, PADs and switches File Version : 6.0.6000.16386 (vista_rtm.061101-2205) Internal Name : RASMXS.DLL Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : RASMXS.DLL Product Name : Microsoft® Windows® Operating System Product Version : 6.0.6000.16386
VirusTotal Report submitted 2012-07-02 08:13:01
VirusShare info last updated 2012-07-26 18:30:13

	MD5	c15d64e2cd88cff5fb6625500c67da91
	SHA1	e351eaac4b964337cea1448002a4cd83f8a00cd3
	SHA256	b0580202eed7311c9e29286f126d5434807d3edf623b322adac59407c1852586
SSDeep	3072:6b1JV9QC7VHcINH2jE7l6plkFSY2d7pW:6bt9pxHnWjEQvkFSY2
Size	143360 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-GD Antiy-AVL = Trojan/Win32.Monder Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Vundo Panda = Trj/CI.A nProtect = Trojan/W32.Vundo.143360.B VirusBuster = Trojan.Monder!sgx0tbpxmmQ Comodo = UnclassifiedMalware McAfee-GW-Edition = Artemis!C15D64E2CD88 Kaspersky = Trojan.Win32.Monder.drjy Microsoft = Trojan:Win32/Vundo Fortinet = W32/Monder.DRJY!tr McAfee = Artemis!C15D64E2CD88 F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-GD eSafe = Win32.TRVundo AVG = Generic21.BEPY GData = Gen:Variant.Vundo.4 BitDefender = Gen:Variant.Vundo.4 NOD32 = Win32/Adware.Virtumonde.NKO
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:12:20 14:00:13-05:00 PE Type : PE32 Linker Version : 5.0 Code Size : 81920 Initialized Data Size : 94208 Uninitialized Data Size : 0 Entry Point : 0x1181d OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.2453 Product Version Number : 5.2.3790.2453 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Iguxzowaw Cmayqvlhste File Description : Ogbphqfwy® HTML Help Executable File Version : 5.2.3790.2453 (srv03_sp1_qfe.050525-1536) Internal Name : HH 1.41 Legal Copyright : © Jawkjcpce Twablhsvktu. All rights reserved. Original Filename : HH.exe Product Name : HTML Help Product Version : 5.2.3790.2453
VirusTotal Report submitted 2011-06-29 15:34:05
VirusShare info last updated 2012-07-26 18:30:22

	MD5	4899131a50c0b78dc36f2c733f930c78
	SHA1	d4102b479244f9cae81f598b7d01f64b07a91c55
	SHA256	ec65ea5a617380d591247e389988ee79866f2ed98304d365ad4a116ca01ce303
SSDeep	3072:vVKRV5oaMqqDLy/1fxgzsuOVVFlk6ay0z:dkWqqDLunecVfFU
Size	106496 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-HH [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.FakeAV Panda = Suspicious file K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!nI3v4QM4qcQ eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R01CCCJ Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.MulDrop2.36782 TrendMicro = TROJ_GEN.R01CCCJ Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Vundo Jiangmin = Trojan/Generic.iqqv McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.13 VIPRE = Virtumonde eSafe = Win32.TRVundo F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.GEL Norman = W32/Kryptik.AIF GData = Gen:Variant.Vundo.13 Symantec = Trojan.Vundo!gen9 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.npr BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.NPR
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:08:22 16:27:15-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 36864 Initialized Data Size : 118784 Uninitialized Data Size : 0 Entry Point : 0x5e8e OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.5512 Product Version Number : 5.1.2600.5512 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 4 Language Code : English (U.S.) Character Set : Unicode Company Name : Hhkpnmodi Gztyebnxsek File Description : RDP Display Driver File Version : 5.1.2600.5512 (xpsp.080413-2111) Internal Name : RDPDD.dll Legal Copyright : © Flaqhafxi Kjvcqccrztv. All rights reserved. Original Filename : RDPDD.dll Product Name : Iaunetfay® Dljbfjb® Pbkgrfwtm Qhktdp Product Version : 5.1.2600.5512
VirusTotal Report submitted 2012-04-02 08:52:10
VirusShare info last updated 2012-07-26 18:39:16

	MD5	0ff5ed9dcfddc7c542a0e4b0e173fb99
	SHA1	19ff11c8701d72505275e466bf6834e2c266dff0
	SHA256	ecd042aa2d2cdaa30057dde2ada25bcfce4bf36e1709180d14e4848ec1bb4543
SSDeep	3072:Osrw/K8Fzlozn2dU5u1CfuyGy+vDrKUgwXgL:OTTZpDUVYqUgwQ
Size	123392 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-GD [Cryp] Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Pirminay Panda = Suspicious file K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!XEI59daeJ7U eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R21CDBR Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Vundo!oj DrWeb = Trojan.Click1.62078 TrendMicro = TROJ_GEN.R21CDBR Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Vundo Jiangmin = Trojan/Genome.allv McAfee = Vundo!oj F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic21.AWRO Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.13 Symantec = Trojan.Vundo!gen9 Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:22 18:40:47-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 45056 Initialized Data Size : 118784 Uninitialized Data Size : 0 Entry Point : 0x8cca OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.0.2134.1 Product Version Number : 5.0.2134.1 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Lbszaewoq Yxzthbcsxaw File Description : Fax Service COM Client Interface File Version : 5.00.2134.1 Internal Name : faxcom.dll Legal Copyright : Copyright (C) Uezqdytkv Corp. 1981-1999 Original Filename : faxcom.dll Product Name : Vosamrrfv(R) Wrlkgmt (R) 2000 Fpsrxssub Lyqihv Product Version : 5.00.2134.1
VirusTotal Report submitted 2012-03-19 06:42:36
VirusShare info last updated 2012-07-26 18:39:30

	MD5	8d8959d245b998181c195633acff2528
	SHA1	1a975c8665c0abb1b83b500d9743a0e66df3ad09
	SHA256	ed0ca5d841088b3b14fcd16e5cc3dfc2d0e46d151772688006c10c41f841a25d
SSDeep	6144:PROnh6IQbQrMC7TlsAwYAqzTs2ots2is4kDzGUy0psaA7okhz:ZGh6IQbytlsAwfqPs6MSUy0sj7Bh
Size	238592 bytes
File Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Detections	AntiVir = ADWARE/Adware.Gen Avast = Win32:Pirminay-CU [Trj] Antiy-AVL = Trojan/Win32.Jorik Ikarus = Trojan.Win32.Jorik AhnLab-V3 = Trojan/Win32.Jorik Panda = Trj/CI.A nProtect = Trojan/W32.Agent.238592.EU K7AntiVirus = Trojan VirusBuster = Trojan.Injector!Y8EIXgX/Qzk VBA32 = TrojanDownloader.Qhost.jw eTrust-Vet = Win32/Renos.CLJ TrendMicro-HouseCall = TROJ_GEN.R29C1HO Comodo = TrojWare.Win32.Trojan.Agent.Gen Emsisoft = Trojan.Win32.Jorik!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[Cont] McAfee-GW-Edition = Generic.evx!n DrWeb = Trojan.WinSpy.1014 ByteHero = Trojan.Win32.Heur.Gen TrendMicro = TROJ_GEN.R29C1HO Kaspersky = Trojan.Win32.Jorik.Pirminay.jw Microsoft = TrojanDownloader:Win32/Renos.KC Fortinet = W32/Jorik.K!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.hxys McAfee = Generic.evx!n ClamAV = Trojan.Agent-246954 F-Secure = Trojan.Generic.6542079 VIPRE = Trojan.Win32.Generic!BT AVG = Dropper.Generic4.TJL Norman = W32/Suspicious_Gen2.NWKVI Sophos = Troj/Virtum-Gen GData = Trojan.Generic.6542079 Symantec = Trojan.Gen.2 TheHacker = Trojan/Jorik.Pirminay.jw BitDefender = Trojan.Generic.6542079 NOD32 = a variant of Win32/Injector.HZU
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 225280 Initialized Data Size : 16384 Uninitialized Data Size : 40960 Entry Point : 0x41570 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 8.1.2327.0 Product Version Number : 8.1.2327.0 File Flags Mask : 0x003f File Flags : Pre-release, Private build File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : Neutral Character Set : Unicode Company Name : Pjxdvuviy Orlrbwtlnlr File Description : Xbhmasnkw IME 2002 File Version : 8.1.2327.0 Internal Name : IMESKDIC Legal Copyright : Copyright (C) 1995-2000 Tzwduwvbx Funekxjkvef. All rights reserved. Legal Trademarks : CejkvztjmQ is a registered trademark of Wmhwyymnf Mzrcpotropv. Cwuxmwn(TM) is a trademark of Dptzwbgex Isqjyjgagbx Original Filename : IMESKDIC.DLL Product Name : Qijapgdmv IME 2002 Product Version : 8.1.2327.0
VirusTotal Report submitted 2012-03-18 20:24:02
VirusShare info last updated 2012-07-26 18:39:39

	MD5	9c0c288d17a182e5533c94e35580f7b4
	SHA1	ed9d256fc3fd7fcb052350dc716698f333714560
	SHA256	9436f88e607c7c1e2c9f3b74813dcc40443c9f7e2640b3c6518dc04c252b9c54
SSDeep	3072:S+rOJ56rU50oY8AC96jecXCTqxdFzMMqqDLy/7oDbc:GekO60CiFz/qqDLu7
Size	131072 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:Vundo-JX Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.4 VirusBuster = Trojan.Vundo.AKMH Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Artemis!9C0C288D17A1 Microsoft = Trojan:Win32/Vundo.gen!AV PCTools = Trojan.Gen McAfee = Artemis!9C0C288D17A1 F-Secure = Gen:Variant.Vundo.4 VIPRE = Virtumonde Avast5 = Win32:Vundo-JX eSafe = Win32.TRVundo AVG = Generic23.AEFW Symantec = Trojan.Gen GData = Gen:Variant.Vundo.4 BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:05 18:48:40-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 86016 Initialized Data Size : 86016 Uninitialized Data Size : 0 Entry Point : 0x151a7 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.1.4026.0 Product Version Number : 2.0.0.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : Ncpniezam Kdqqjqacykd File Description : Movie Maker Filters File Version : 2, 1, 4026, 0 Internal Name : WMM2FILT Legal Copyright : Copyright (C) Lfwckqjlh Corp, 2004 Legal Trademarks : Original Filename : WMM2FILT.DLL Private Build : Product Name : Windows Movie Maker Product Version : 2.1.4026.0 Special Build :
VirusTotal Report submitted 2011-06-29 21:22:47
VirusShare info last updated 2012-07-26 18:40:02

	MD5	bb0c742f23295b3253b81b8d4d00198a
	SHA1	fbea204c33d8c9fbf201642eb11acf3cd9bc4e33
	SHA256	edc5a88e67bf17c331cd2c116d2d7b0f92ab1284e20c80343e03d361dae9e43d
SSDeep	12288:HkTVunLEusvlaCQv1XgZJy8q2o5mOP6pB3z:HkRunL3svlaCG1XgZJB72mOP6R
Size	407040 bytes
File Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:Kryptik-DOT [Trj] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/CI.A nProtect = Trojan.Generic.6566515 K7AntiVirus = Trojan VirusBuster = Trojan.DL.Agent!UgZRH1AEd2c TrendMicro-HouseCall = TROJ_GEN.R47C2GE Comodo = TrojWare.Win32.Trojan.Agent.Gen Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.DownLoader4.5742 TrendMicro = TROJ_GEN.R47C2GE Kaspersky = Trojan.Win32.Genome.vejz Microsoft = TrojanDownloader:Win32/Renos.KC Jiangmin = Trojan/Generic.hqgs McAfee = Generic Malware.ms F-Secure = Trojan.Generic.6566515 VIPRE = Trojan.Win32.Generic!BT AVG = Dropper.Generic4.GMM Norman = W32/Obfuscated.L Sophos = Troj/Virtum-Gen GData = Trojan.Generic.6566515 Symantec = WS.Reputation.1 TheHacker = Trojan/Downloader.Agent.pxo BitDefender = Trojan.Generic.6566515 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2004:08:10 14:49:06-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 405504 Initialized Data Size : 4096 Uninitialized Data Size : 491520 Entry Point : 0xdb930 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : Neutral Character Set : Unicode Company Name : Xfaydkirt Cathowclocg File Description : JP Japanese Keyboard Layout for (NEC PC-9800 on PC98-NX) File Version : 5.1.2600.0 (pypgnnli.010817-1148) Internal Name : kbdnecAT Legal Copyright : © Atbbdsfia Funebvzuhbp. All rights reserved. Original Filename : kbdnecAT.dll Product Name : Lfdjzfwvn® Fplzzyn® Wluhcbczz Fzaarv Product Version : 5.1.2600.0
VirusTotal Report submitted 2012-03-18 20:24:18
VirusShare info last updated 2012-07-26 18:40:07

	MD5	b1e3d1e4b82e759a04fc89a3cd981385
	SHA1	e586d561a923ed43756bba3224c7465b383b7069
	SHA256	eea9b47512547988d230222988cc63420340f865d0c04bbc0c9d69b64e11e90c
SSDeep	3072:Raw+WqopTKmrKyi1KrwEuxZhwHJValiljMqqDLy/s9K:kw+WdKwKysphwgnqqDLus
Size	166400 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.A.946 Avast = Win32:Kryptik-ELX [Trj] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Trj/Genetic.gen Rising = Trojan.Win32.Generic.12899D94 K7AntiVirus = Riskware VBA32 = Trojan.Monder.drjy eTrust-Vet = Win32/Vundo.HQK TrendMicro-HouseCall = TROJ_GEN.R11C2G4 Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Monder.drjy McAfee-GW-Edition = Vundo!kn DrWeb = Trojan.Smardec.75 TrendMicro = TROJ_GEN.R11C2G4 Kaspersky = Trojan.Win32.Monder.drjy Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen Jiangmin = Trojan/Monder.aapz McAfee = Vundo!kn ClamAV = Trojan.Vundo-35503 F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.ANJ Norman = W32/Kryptik.AIF Sophos = Mal/Generic-L GData = Gen:Variant.Vundo.13 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.oxq BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.OXQ
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:12:07 01:22:53-05:00 PE Type : PE32 Linker Version : 5.12 Code Size : 98304 Initialized Data Size : 118784 Uninitialized Data Size : 0 Entry Point : 0x148ca OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.3790.3959 Product Version Number : 6.0.3790.3959 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Microsoft IIS Common Logging Interface DLL File Version : 6.0.3790.3959 (srv03_sp2_rtm.070216-1710) Internal Name : ISCOMLOG.DLL Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : ISCOMLOG.DLL Product Name : Internet Information Services Product Version : 6.0.3790.3959
VirusTotal Report submitted 2012-03-18 23:41:54
VirusShare info last updated 2012-07-26 18:40:39

	MD5	ef001fb0f8a011d8c1c161d66446cf9f
	SHA1	e7f7b35a8b0cecd599a33d50d555667e5a8685ca
	SHA256	ef642811837b38e90ce5423669361b1f7539ba8ac159f05f61336b816c0dcfa5
SSDeep	3072:EBpZQWf7SVn70wKrl5KnBHwdnMRwaDdSO:EnSVnQwKiBQVonN
Size	114688 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-GD [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.FakeAV Panda = Trj/Genetic.gen K7AntiVirus = Riskware eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R4FC1GI Emsisoft = Trojan.Win32.Pirminay!IK Comodo = TrojWare.Win32.Agent.onm SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[Cont] McAfee-GW-Edition = Vundo!jc DrWeb = Trojan.Siggen3.42285 TrendMicro = TROJ_GEN.R4FC1GI Kaspersky = Trojan.Win32.Agent2.elou Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Agent.evtk McAfee = Vundo!jc F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.ONM Norman = W32/Suspicious_Gen2.QACVC Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.13 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.ndi BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.NDI
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:09:23 03:29:11-04:00 PE Type : PE32 Linker Version : 5.12 Code Size : 45056 Initialized Data Size : 102400 Uninitialized Data Size : 0 Entry Point : 0x8131 OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.0.2134.1 Product Version Number : 5.0.2134.1 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Drdqvcasxqo File Description : Control Panel Console Applet File Version : 5.00.2134.1 Internal Name : Console Legal Copyright : Copyright (C) Tpfkytyvm Corp. 1981-1999 Original Filename : CONSOLE.DLL Product Name : Vhnvgfrur(R) Pnqxxto (R) 2000 Wqrkstcaa Jqirqf Product Version : 5.00.2134.1
VirusTotal Report submitted 2012-03-19 07:06:04
VirusShare info last updated 2012-07-26 18:41:05

	MD5	6308feb05e7e23120bb51053d23c82c2
	SHA1	aba31aaebec62aa92d013d65c4a626b3864b056c
	SHA256	eff09f7df5cfe49ec1fb146e72141894db45a4dd2667d545018609840257aed6
SSDeep	1536:F8oKQllbZ64QLU5yRJEypbWgaE/GSwIdWwgoUD4vA7jnmDwRfojeo7oZW0y:KojtA4xhypbvulIPIDWA7jneHjeo7o/
Size	91136 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-GD [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder nProtect = Trojan/W32.Monder.91136.BI K7AntiVirus = Riskware VirusBuster = Adware.SuperJuan!TrMXWrZ/2UY VBA32 = AdWare.SuperJuan.aafl eTrust-Vet = Win32/Vundo.H!generic Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Vundo.gen SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[Cont] McAfee-GW-Edition = Vundo!ne DrWeb = Trojan.Juan.432 Kaspersky = Trojan.Win32.Monder.drjy Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Monder.BMF!tr PCTools = Trojan.Gen Jiangmin = Adware/SuperJuan.mz McAfee = Vundo!ne F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic21.CORW Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.13 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Monder.drjy BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.NDC
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:04:23 08:31:46-04:00 PE Type : PE32 Linker Version : 5.0 Code Size : 36864 Initialized Data Size : 98304 Uninitialized Data Size : 0 Entry Point : 0x68da OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 8.1.3124.0 Product Version Number : 8.1.3124.0 File Flags Mask : 0x003f File Flags : Pre-release, Private build File OS : Win32 Object File Type : Executable application File Subtype : 0 Language Code : Neutral Character Set : Unicode Company Name : Ejlwccyyz Drksjuvlnje File Description : Drslhxwea IME 2002 File Version : 8.1.3124.0 Internal Name : MS-IME 2002 Legal Copyright : Copyright (C) 1995-2000 Qfcjsgkmv Zmsfkjxzypx. All rights reserved. Legal Trademarks : XruycnsnrR is a registered trademark of Nikighixo Euphcltvnkl. Xqfinny(TM) is a trademark of Eymmzioeq Wqkjbukmmtj Original Filename : IMEPADSM.DLL Product Name : Rwweklwyu IME 2002 Product Version : 8.1.3124.0
VirusTotal Report submitted 2012-04-09 18:04:37
VirusShare info last updated 2012-07-26 18:41:25

	MD5	ae27e81fb7f9b6e40ab96a6385474a2b
	SHA1	f23b29ef9d3c2f1be92fd7c8ba36919b7f23f8a2
	SHA256	c12018956e64c9a917de4cc11edb9dd1bb28ba6c495fa134eba6744edfdb9549
SSDeep	3072:S+qD6rU50oY8ACkJc8acXfL0OfdFzoMqqDLy/5oDbc:oekFD0fxFzDqqDLu5
Size	131072 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:Vundo-JX [Trj] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/Genetic.gen nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!XFnhAy5Tw7Y eTrust-Vet = Win32/Vundo.HPV!genus TrendMicro-HouseCall = TROJ_GEN.R72C2FU Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Vundo!iy TrendMicro = TROJ_GEN.R72C2FU Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Vundo.IY!tr McAfee = Vundo!iy F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Vundo-JX [Trj] eSafe = Win32.TRVundo AVG = Generic23.TDQ Norman = W32/Suspicious_Gen2.MYTXM GData = Gen:Variant.Vundo.4 BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:05 18:48:40-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 86016 Initialized Data Size : 86016 Uninitialized Data Size : 0 Entry Point : 0x151a7 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.1.4026.0 Product Version Number : 2.0.0.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : Ncpniezam Kdqqjqacykd File Description : Movie Maker Filters File Version : 2, 1, 4026, 0 Internal Name : WMM2FILT Legal Copyright : Copyright (C) Lfwckqjlh Corp, 2004 Legal Trademarks : Original Filename : WMM2FILT.DLL Private Build : Product Name : Windows Movie Maker Product Version : 2.1.4026.0 Special Build :
VirusTotal Report submitted 2011-07-10 07:12:01
VirusShare info last updated 2012-07-26 18:43:01

	MD5	8889495733878d098f0af546664560d7
	SHA1	f394e3c5fd5685c52fe2842ff3e6e2526b6e76c2
	SHA256	41f4d3e1d43b9e4f195f6b457d009756d586c851e56edfa3dddb49b2b5d6e44d
SSDeep	1536:t718Puo9FWmFp+ItmG+8nsfVk4JxsKuTCrpypTLhje/0UDE:VuGqvp+Itz4kctpUh6MUDE
Size	70144 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Malware/Win32.Generic Panda = Trj/CI.A nProtect = Trojan/W32.Agent.70144.KJ K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!29a0sIboetM VBA32 = AdWare.SuperJuan.heur eTrust-Vet = Win32/Monder.A!generic Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Artemis!888949573387 DrWeb = Trojan.Siggen2.46156 Microsoft = Trojan:Win32/Vundo.gen!AV ViRobot = Trojan.Win32.Vundo.70144 Jiangmin = Trojan/Menti.y McAfee = Artemis!888949573387 F-Secure = Gen:Variant.Vundo.6 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-EI [Cryp] AVG = Generic22.CPQN GData = Gen:Variant.Vundo.6 TheHacker = Trojan/Menti.gufq BitDefender = Gen:Variant.Vundo.6 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:12:13 23:23:45-05:00 PE Type : PE32 Linker Version : 5.12 Code Size : 24576 Initialized Data Size : 81920 Uninitialized Data Size : 0 Entry Point : 0x6674 OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.5479.0 Product Version Number : 6.0.5479.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 1 Language Code : English (U.S.) Character Set : Unicode Company Name : SEIKO EPSON CORPORATION File Description : EPSON Printer Driver File Version : 6.0.5479.0 (vbl_wcp_d2_drivers.060616-1619) Internal Name : ep0lvrae.dll Legal Copyright : Copyright (c) SEIKO EPSON CORPORATION 2003-2004. All rights reserved. Original Filename : ep0lvrae.dll Product Name : EPSON Printer Driver Product Version : 6.0.5479.0
VirusTotal Report submitted 2011-07-22 18:45:47
VirusShare info last updated 2012-07-26 18:43:57

	MD5	71fba2bdcac161f6fbe6c9722f1c0a8a
	SHA1	face84a8b9eda8d5e7386bfd153665b877c894cc
	SHA256	f5fc985d2cacc107b37b70a4369548a12dbc398c560089bdaad37ee78c1cd0cb
SSDeep	12288:sKDfYmDl9zpWlXkVpUju3P5rXro6VnTDH:sufYiE8Uj8BrXrdnTD
Size	494080 bytes
File Type	PE32 executable (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Dldr.Renos.KC.30 Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/Hosts.BY nProtect = Trojan/W32.Pirminay.494080 K7AntiVirus = Riskware VBA32 = Trojan.Pirminay.ese eTrust-Vet = Win32/Renos.CNJ TrendMicro-HouseCall = TROJ_GEN.R4FCRC2 Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Pirminay.bca McAfee-GW-Edition = Kryp.b DrWeb = Trojan.Hosts.2485 TrendMicro = TROJ_GEN.R4FCRC2 Kaspersky = Trojan.Win32.Pirminay.bca Microsoft = TrojanDownloader:Win32/Renos.KC Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.ys McAfee = Kryp.b ClamAV = Trojan.Agent-183138 F-Secure = Trojan.Generic.KDV.89400 VIPRE = Trojan.Win32.Generic!BT F-Prot = W32/FakeAlert.LP.gen!Eldorado AVG = Downloader.Generic10.BBWX Norman = W32/Kryptik.AIF Symantec = Trojan.Gen GData = Trojan.Generic.KDV.89400 Commtouch = W32/FakeAlert.LP.gen!Eldorado TheHacker = Trojan/Pirminay.bca BitDefender = Trojan.Generic.KDV.89400 NOD32 = probably a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:04 11:48:50-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 165376 Initialized Data Size : 645632 Uninitialized Data Size : 0 Entry Point : 0x29172 OS Version : 4.0 Image Version : 21315.20512 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 4.0.1381.1 Product Version Number : 4.0.1381.1 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : OpenGL Utility Library DLL File Version : 4.00 Internal Name : glu32 Legal Copyright : Copyright (C) Microsoft Corp. 1981-1996 Original Filename : glu32 Product Name : Microsoft(R) Windows NT(TM) Operating System Product Version : 4.00
VirusTotal Report submitted 2012-03-18 19:06:02
VirusShare info last updated 2012-07-26 18:45:27

	MD5	9109bac334d8edef76c827c48f1c6d53
	SHA1	f76a8d1b9b8cedad05eafd122e0e1d6ead19a658
	SHA256	ae5c4cd138a0628ae30cc8d5897cff45ec4cfa8d846fc16133559d14355f23b0
SSDeep	3072:S+Ss6rU50oY8ACYqPxcXy5dndFzGMqqDLy//oDbc:fekD50yVFztqqDLu/
Size	131072 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:Vundo-JX [Trj] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/Genetic.gen nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!KDLBnuR8o8g eTrust-Vet = Win32/Vundo.HPV!genus TrendMicro-HouseCall = TROJ_GEN.R72C2FU Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Vundo!iy TrendMicro = TROJ_GEN.R72C2FU Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Vundo.IY!tr McAfee = Vundo!iy F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Generic!BT Prevx = Medium Risk Malware Dropper Avast5 = Win32:Vundo-JX [Trj] eSafe = Win32.TRVundo AVG = Generic23.TBY Norman = W32/Suspicious_Gen2.MYTTY GData = Gen:Variant.Vundo.4 BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:05 18:48:40-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 86016 Initialized Data Size : 86016 Uninitialized Data Size : 0 Entry Point : 0x151a7 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.1.4026.0 Product Version Number : 2.0.0.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : Ncpniezam Kdqqjqacykd File Description : Movie Maker Filters File Version : 2, 1, 4026, 0 Internal Name : WMM2FILT Legal Copyright : Copyright (C) Lfwckqjlh Corp, 2004 Legal Trademarks : Original Filename : WMM2FILT.DLL Private Build : Product Name : Windows Movie Maker Product Version : 2.1.4026.0 Special Build :
VirusTotal Report submitted 2011-07-10 06:26:40
VirusShare info last updated 2012-07-26 18:46:28

	MD5	0161933ab7bd9faeb23845cbcc41b573
	SHA1	9e74adfa71a68f89d1bb83a7b4dd0f18482f3d38
	SHA256	f8c3f963e34be823fba454e532a06cf81c8b959466016c2876147f002599f198
SSDeep	6144:zGJsR16Ag3IP393g0vmrx8x4DSb1Ixhi4mqTtYwIR4:zpR16qX4x8qDSbqji4Bu
Size	274432 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Crypt.XPACK.Gen3 Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Vundo Panda = Suspicious file nProtect = Trojan/W32.Genome.274432.D K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!cTxoSMaLvnE eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R4FC1IJ Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[Cont] McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.Smardec.77 TrendMicro = TROJ_GEN.R4FC1IJ Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Genome.ahhm McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.BIER Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.13 Symantec = Trojan.Gen.2 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.llt BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.LLT
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:03:20 13:02:11-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 208896 Initialized Data Size : 94208 Uninitialized Data Size : 0 Entry Point : 0x30831 OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.0 Product Version Number : 5.2.3790.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Vnriirkvy Pzgzmklipsm File Description : Lvgbpubuh Wkxwugi Sockets 2.0 Service Provider File Version : 5.2.3790.0 (srv03_rtm.030324-2048) Internal Name : msafd.dll Legal Copyright : © Rxasimrum Xemlecbmvvo. All rights reserved. Original Filename : msafd.dll Product Name : Sqhficqmq® Jewjzty® Hinvlpseh Tkmprt Product Version : 5.2.3790.0
VirusTotal Report submitted 2012-04-01 09:21:52
VirusShare info last updated 2012-07-26 18:47:26

	MD5	407f2a0654d574ef7c309ef1095f0107
	SHA1	d10fed54394eb1dee360ed82f173f267764e485c
	SHA256	f9163381e653a98bd0a56cc90e90db44af048bde0b028ec8c7f96cf0856a99a5
SSDeep	3072:Z3Yy5hqishFGyeE8/TExfUFt8I11xjh3:V5hqiycEGM5yPj
Size	131072 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Malware/Win32.Generic Panda = Trj/CI.A K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_GEN.R72C2DB Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Vundo SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Artemis!407F2A0654D5 TrendMicro = TROJ_GEN.R72C2DB Microsoft = Trojan:Win32/Vundo McAfee = Artemis!407F2A0654D5 VIPRE = Trojan.Win32.Generic!BT Prevx = High Risk System Back Door Avast5 = Win32:Malware-gen AVG = Generic21.BQDS Norman = W32/Suspicious_Gen2.KFODA GData = Trojan.Generic.KDV.173935 BitDefender = Trojan.Generic.KDV.173935 NOD32 = probably a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:08:08 12:20:53-04:00 PE Type : PE32 Linker Version : 5.12 Code Size : 110592 Initialized Data Size : 53248 Uninitialized Data Size : 0 Entry Point : 0x1bec1 OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7000.0 Product Version Number : 6.1.7000.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Hwlvhnnaf Hsopsnoqiga File Description : Media Foundation H264 Encoder File Version : 6.1.7000.0 (winmain_win7beta.081212-1400) Internal Name : Media Foundation H264 Encoder Legal Copyright : © Buukogwnp Qliirutbyfn. All rights reserved. Original Filename : mfH264Enc.dll Product Name : Tvzsjayqb® Odfhqkx® Tvuxpmkhy Oakqgn Product Version : 6.1.7000.0
VirusTotal Report submitted 2011-04-19 12:31:31
VirusShare info last updated 2012-07-26 18:47:39

	MD5	ca656c1fb79cfe38f2a81fd4c1a5ffbc
	SHA1	f9eed17cd24aa3557fb734a16973a4ad4d11348c
	SHA256	3e7f4fb5f498c2186288547af52981cfa8da4a203b84d5c10876251dbfb2a954
SSDeep	3072:F4a8mVAcR4enPgAEDemb93jg2elSMqqDLy/D5kS:FHecR4ePmtxvCqqDLuX
Size	136704 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Fakeav.136704.AN Panda = Generic Trojan nProtect = Trojan/W32.Agent.136704.HD K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!136B/rz1acs TrendMicro-HouseCall = TROJ_GEN.R47C2FN Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falleg[RE] McAfee-GW-Edition = Vundo!kl DrWeb = Trojan.Virtumod.10084 TrendMicro = TROJ_GEN.R47C2FN Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr Jiangmin = Trojan/Generic.ineh McAfee = Vundo!kl F-Secure = Trojan.Generic.KDV.254079 VIPRE = Trojan.Win32.Generic!BT F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.DKB GData = Trojan.Generic.KDV.254079 Symantec = WS.Reputation.1 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.myj BitDefender = Trojan.Generic.KDV.254079 NOD32 = a variant of Win32/Kryptik.MYJ
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:20 09:51:04-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 106496 Initialized Data Size : 86016 Uninitialized Data Size : 0 Entry Point : 0x1649a OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 0.90.16.16384 Product Version Number : 0.90.16.16384 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Unicode Company Name : N-trig Innovative Technologies File Description : N-trig tablet digitizer in-box driver File Version : 0.90.16.16384 (Vista_RC1.060509-2219) Internal Name : ntrigdigi.sys Legal Copyright : © Crhnesmrg Reogypswwyj. All rights reserved. Original Filename : ntrigdigi.sys Product Name : N-trig tablet digitizer in-box driver Product Version : 0.90.16.16384
VirusTotal Report submitted 2011-10-21 19:51:17
VirusShare info last updated 2012-07-26 18:48:15

	MD5	3843557d8cf850cc595b49eb114ae25c
	SHA1	fa5a0b4a3fe1d3de2b52feaa2f6f137fbd11a58a
	SHA256	6170063384ff525c734b8843a7e049ff358dc7faa3e0bba4b0de92f2b87a6f50
SSDeep	3072:gF/uuUuw5r3WLrsalOYiZ1YPE4D46IFRLxfPfkZk3QsYNcA8onbZ1onbZKd:gVuuCd3ur7lPrEdLu2DzjonbZ1onbZKd
Size	248894 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Graftor.1292.5 Avast = Win32:Malware-gen Antiy-AVL = Monitor/Win32.WebWatcher.gen Ikarus = Trojan.Win32.Skillis AhnLab-V3 = Trojan/Win32.Skillis Panda = Trj/CI.A K7AntiVirus = Riskware VirusBuster = Trojan.WebWatcher!jgjOLPNY6OU TrendMicro-HouseCall = TROJ_PIRMINAY_000000c.TOMA Emsisoft = Trojan.Win32.Skillis!IK Comodo = TrojWare.Win32.Trojan.Skillis.~AAA McAfee-GW-Edition = Heuristic.BehavesLike.Win32.Suspicious.H DrWeb = Trojan.Siggen3.1746 Kaspersky = not-a-virus:HEUR:Monitor.Win32.WebWatcher.gen PCTools = Trojan.Gen TotalDefense = Win32/WebWatcher!generic Jiangmin = Trojan/Skillis.ip F-Secure = Gen:Variant.Application.WebWatcher.4 VIPRE = Trojan.Win32.Generic!BT eSafe = Win32.Trojan AVG = Logger.XTI Sophos = WebWatcher GData = Gen:Variant.Application.WebWatcher.4 Symantec = Trojan.Gen BitDefender = Gen:Variant.Application.WebWatcher.4 NOD32 = a variant of Win32/WebWatcher.A
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2011:10:03 05:25:11-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 151552 Initialized Data Size : 65536 Uninitialized Data Size : 0 Entry Point : 0x15732 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-07-02 14:34:20
VirusShare info last updated 2012-07-26 18:48:35

	MD5	ca17146322d3fa897fe12237fae5c155
	SHA1	7c0d16c590fe0eda488e88431584162d5534c1b7
	SHA256	fb3ba194530e22335424c3a2b6154ba4a0f93771e2fa38af9edda4088640a7d0
SSDeep	768:sqcsJzCHstbxfniNvmYAVFi+rNN58uliZ+0cGoGbmx1GLlKMPoJKMlkjCW/xOHZQ:s0JRni5mtasJhcYGo4hfP4ejlw/+t
Size	63488 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/win32.agent.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Genome Panda = Suspicious file Rising = Trojan.Win32.Generic.1252D7BD nProtect = Trojan/W32.Agent.63488.JD K7AntiVirus = Riskware VirusBuster = Riskware.Adware!TLr9k/gHV7A VBA32 = Adware.Virtumonde.nhd eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R01CDB8 Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Vundo!nu DrWeb = Trojan.Smardec.54 TrendMicro = TROJ_GEN.R01CDB8 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr Jiangmin = Trojan/Genome.ijs McAfee = Vundo!nu F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) eSafe = Win32.TRATRAPS F-Prot = W32/Virtumonde.BZ.gen!Eldorado AVG = Vundo.MH Norman = W32/Kryptik.AIF GData = Gen:Variant.Vundo.13 Commtouch = W32/Virtumonde.BZ.gen!Eldorado BitDefender = Gen:Variant.Vundo.13 NOD32 = Win32/Adware.Virtumonde.NHD
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:11:01 16:54:42-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 24064 Initialized Data Size : 75264 Uninitialized Data Size : 0 Entry Point : 0x6c6d OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 2 Language Code : Neutral Character Set : Unicode Company Name : Microsoft Corporation File Description : Georgian Keyboard Layout File Version : 6.0.6000.16386 (vista_rtm.061101-2205) Internal Name : kbdgeo (3.13) Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : kbdgeo.dll Product Name : Microsoft® Windows® Operating System Product Version : 6.0.6000.16386
VirusTotal Report submitted 2012-03-25 23:47:58
VirusShare info last updated 2012-07-26 18:49:18

	MD5	f8277da09a4ab2f9d32ab109a6efab7b
	SHA1	4936386af5e36478cfa0a77debbb0ff2c87ab368
	SHA256	fb7cc7ac698f028bb33e27feeb5d324af9acbe1222858bdcb904dfbe7887d23c
SSDeep	3072:KasWqIA38vrBPIdkM1iBEVBkLwpWvonlWr:K9Wo3oBIuIbUf0kr
Size	127807 bytes
File Type	MS-DOS executable
Detections	Avast = Win32:Trojan-gen Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan-Downloader.Win32.Ponmocup AhnLab-V3 = Trojan/Win32.Pirminay VBA32 = Trojan.Pirminay.aza Emsisoft = Trojan-Downloader.Win32.Ponmocup!IK SUPERAntiSpyware = Trojan.Agent/Gen-MalPE Kaspersky = Trojan.Win32.Pirminay.aza ViRobot = Trojan.Win32.Pirminay.326144 Jiangmin = Trojan/Pirminay.fl F-Secure = Trojan.Generic.KDV.62138 AVG = FakeAV.FEI GData = Trojan.Generic.KDV.62138 TheHacker = Trojan/Kryptik.hzv BitDefender = Trojan.Generic.KDV.62138 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	Error : Unknown file type
VirusTotal Report submitted 2012-01-26 22:05:16
VirusShare info last updated 2012-07-26 18:49:29

	MD5	ac85dbaab108413c516e2ccb3a510a13
	SHA1	fe085a34b7566b450dc639ea97f4e44f07bd1bcc
	SHA256	4fafd7dbcb3a03334a4017aadc1fced06675c1ebe5f3f0aad0a749961f73b5b7
SSDeep	3072:k/VUmEVAcR4enPgAJ+b935g2elSMqqDLy/s5kS:k/O6cR4ePqxJCqqDLu4
Size	136704 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-HF [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Fakeav.136704.AN Rising = Trojan.Win32.Generic.12A5475E nProtect = Trojan/W32.Agent.136704.HD K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!sNlPX/K/6Tw TrendMicro-HouseCall = TROJ_GEN.R1BC2FN Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Falleg[Cont] McAfee-GW-Edition = Vundo!mh DrWeb = Trojan.Virtumod.10084 TrendMicro = TROJ_GEN.R1BC2FN Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV ViRobot = Trojan.Win32.A.Monder.136704 Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Vundo TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Generic.ineh McAfee = Vundo!mh F-Secure = Trojan.Generic.KDV.257929 VIPRE = Trojan.Win32.Generic!BT eSafe = Win32.TRVundo F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.DKB Norman = W32/Suspicious_Gen2.NKTJI GData = Trojan.Generic.KDV.257929 Symantec = Trojan.Vundo!gen9 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.myj BitDefender = Trojan.Generic.KDV.257929 NOD32 = a variant of Win32/Kryptik.MYJ
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:20 09:51:04-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 106496 Initialized Data Size : 86016 Uninitialized Data Size : 0 Entry Point : 0x1649a OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 0.90.16.16384 Product Version Number : 0.90.16.16384 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Unicode Company Name : N-trig Innovative Technologies File Description : N-trig tablet digitizer in-box driver File Version : 0.90.16.16384 (Vista_RC1.060509-2219) Internal Name : ntrigdigi.sys Legal Copyright : © Crhnesmrg Reogypswwyj. All rights reserved. Original Filename : ntrigdigi.sys Product Name : N-trig tablet digitizer in-box driver Product Version : 0.90.16.16384
VirusTotal Report submitted 2012-06-03 23:21:29
VirusShare info last updated 2012-07-26 18:51:23

	MD5	03ed7c6f6c801aa9b4356ee46a7c2b13
	SHA1	424fc4af4010879a4ddd28c2c0abe9fecadc8849
	SHA256	806c529ed887dd511f792cbdbdbd690c5102b0b75810654a51c0bdef703f0c5e
SSDeep	3072:qvPy2xuJkdptx10UImQVOrsIlEvVSbu/yf3V:EPyKhX0UF7s2um3
Size	131072 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Trj/Genetic.gen nProtect = Trojan/W32.Agent.131072.ALD K7AntiVirus = Riskware eTrust-Vet = Win32/Vundo.H!generic Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Vundo McAfee-GW-Edition = Artemis!03ED7C6F6C80 DrWeb = Trojan.Virtumod.10435 Kaspersky = Trojan.Win32.Monder.npgm ViRobot = Trojan.Win32.Vundo.131072 Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Vundo Jiangmin = Trojan/Monder.adnn McAfee = Artemis!03ED7C6F6C80 F-Secure = Gen:Variant.Graftor.13964 VIPRE = Trojan.Win32.Vundo.pa (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.AQDY Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Graftor.13964 Symantec = Trojan.Vundo!gen9 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.llt BitDefender = Gen:Variant.Graftor.13964 NOD32 = a variant of Win32/Kryptik.LLT
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:14 23:59:26-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 61440 Initialized Data Size : 102400 Uninitialized Data Size : 0 Entry Point : 0xc09d OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1.0.0.1 Product Version Number : 1.0.0.1 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode File Description : igfxTMM Module File Version : 1, 0, 0, 1 Internal Name : igfxTMM Legal Copyright : Copyright 2006 Original Filename : igfxTMM.DLL Product Name : igfxTMM Module Product Version : 1, 0, 0, 1
VirusTotal Report submitted 2012-03-28 21:04:08
VirusShare info last updated 2012-07-26 19:00:02

	MD5	0820b2dd05dbd730512489161811cd32
	SHA1	003e8c5af8c8db436a1e29e6eb96d890f59cbcb7
	SHA256	38a550a68a8e3fd0ee14cbf3120fc235f213567d87e8ec97e0c6c8bbfa0b2134
SSDeep	3072:yi0yLqNP8/pdJVdfC4wBAYzKWzgo6NuAGDiX:YQVMBqnK
Size	126976 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Vundo Panda = Suspicious file Rising = Trojan.Win32.Generic.12BCD833 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!VaH9/53Dsz8 eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R4FC1IC Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Vundo!la DrWeb = Trojan.Click1.60787 TrendMicro = TROJ_GEN.R4FC1IC Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV PCTools = Trojan.Gen Jiangmin = Trojan/Genome.aqsw McAfee = Vundo!la F-Secure = Gen:Variant.Graftor.3215 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.ABAX Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Graftor.3215 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.ndc BitDefender = Gen:Variant.Graftor.3215 NOD32 = a variant of Win32/Kryptik.NDC
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:12:03 07:46:59-05:00 PE Type : PE32 Linker Version : 5.12 Code Size : 45056 Initialized Data Size : 114688 Uninitialized Data Size : 0 Entry Point : 0x8c1a OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 0.3.81.1 Product Version Number : 7.6.81.1 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 12 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : ThinPrint GmbH File Description : TPOG Printer Driver File Version : 7,6,81,1 Internal Name : tpprn.dll Legal Copyright : Copyright © 2000 - 2007 ThinPrint GmbH Legal Trademarks : Original Filename : tpprn.dll Private Build : Product Name : ThinPrint Output Gateway Product Version : 7,6,81,1 Special Build :
VirusTotal Report submitted 2012-03-26 06:05:00
VirusShare info last updated 2012-07-26 19:00:32

	MD5	1456f965f5b1d6f44f0aa4fd0ebda5ef
	SHA1	2be6a2c3ad04581b3d3f9d840183a9c8e4f5eb84
	SHA256	c3aea41dd493d4438e88f4b659d42280639abd3a333116fab7663d278cdefdae
SSDeep	3072:GW/HSjJHoeNrhBuqjwW6uET1+SBkAIaLRGYi5uVmmg3CJrITywN9llBMqqDLy/go:TfcJJ5uqIuu+SPtMYigV5IwwN96qqDLC
Size	192512 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-HF [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Vundo Panda = Generic Malware Rising = Trojan.Win32.Generic.12898919 nProtect = Trojan/W32.Vundo.192512 K7AntiVirus = Riskware VirusBuster = Trojan.Genome!onjDThmkL6s eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R4FC1IB Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Faldesc[Cont] McAfee-GW-Edition = Vundo!lc DrWeb = Trojan.MulDrop2.36782 TrendMicro = TROJ_GEN.R4FC1IB Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.ijcj McAfee = Vundo!lc F-Secure = Gen:Variant.Vundo.13 VIPRE = Virtumonde F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.AJQI Norman = W32/Suspicious_Gen2.PUIZD Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.13 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Genome.sqcd BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:29 01:20:56-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 114688 Initialized Data Size : 122880 Uninitialized Data Size : 0 Entry Point : 0x1873a OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.0.2188.1 Product Version Number : 5.0.2188.1 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Bvschllnj Kwwvyoclftc File Description : Yqhtwvc NT Remote Access Perfmon Counter dll File Version : 5.00.2188.1 Internal Name : rasctrs.dll Legal Copyright : Copyright (C) Onwaffnge Corp. 1981-1999 Original Filename : rasctrs.dll Product Name : Mcwmgawgx(R) Wyelbpq (R) 2000 Hmiknycyi Zyqubl Product Version : 5.00.2188.1
VirusTotal Report submitted 2012-03-25 17:31:00
VirusShare info last updated 2012-07-26 19:01:53

	MD5	15feb2f8ceec894e2a4765ef46494d14
	SHA1	1715116014197d0974b327f3f5ba890f10aa7713
	SHA256	6b2c547ad6772ab081bae79991b1b044389dfd13e900bdc8b0bf00ba82003cda
SSDeep	3072:mhOan/Wkjaq+lkLZ/amJvelFZMKN0o9We2ofx8:RannDikBamJWHPus/2cx
Size	105984 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:MalOb-FA [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Vundo Panda = Trj/Vundo.I Rising = Trojan.Win32.Generic.125A986E nProtect = Trojan/W32.Vundo.105984.B K7AntiVirus = Trojan VirusBuster = Adware.Virtumonde!7MXOmT5T32k VBA32 = Trojan.Agent.hodh eTrust-Vet = Win32/Vundo.HTF!genus TrendMicro-HouseCall = TROJ_VUNDO.SMIA Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Win32.Trojan.Vundo.5 SUPERAntiSpyware = Trojan.Agent/Gen-Vonder McAfee-GW-Edition = Artemis!15FEB2F8CEEC DrWeb = Trojan.Siggen2.26773 TrendMicro = TROJ_VUNDO.SMIA Kaspersky = Trojan.Win32.Agent.hodh Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr Jiangmin = Trojan/Genome.ihm McAfee = Artemis!15FEB2F8CEEC F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.BZ.gen!Eldorado AVG = Injector.AAJ Norman = W32/Kryptik.AIF Sophos = Troj/Agent-PKR GData = Gen:Variant.Vundo.4 Commtouch = W32/Virtumonde.BZ.gen!Eldorado TheHacker = Trojan/Injector.dse BitDefender = Gen:Variant.Vundo.4 NOD32 = Win32/Adware.Virtumonde.NHD
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:02:02 03:17:08-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 57856 Initialized Data Size : 83968 Uninitialized Data Size : 0 Entry Point : 0xf06d OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1.1.4322.573 Product Version Number : 1.1.4322.573 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : netfxperf.lib File Version : 1.1.4322.573 Internal Name : netfxperf.lib Legal Copyright : Copyright (C) Microsoft Corporation 1998-2002. All rights reserved. Legal Trademarks : Microsoft and Windows are either registered trademarks or trademarks of Microsoft Corporation in the U.S. and/or other countries. Original Filename : netfxperf.lib Product Name : Microsoft (R) .NET Framework Product Version : 1.1.4322.573 Comments : Microsoft .NET Framework build environement is Retail. SafeSync counter=0
VirusTotal Report submitted 2012-03-27 11:55:48
VirusShare info last updated 2012-07-26 19:02:04

	MD5	16a715290ed10667808650818623e351
	SHA1	108ca45dbf176e4d2606f8d10a774c5fee00f98f
	SHA256	83cb431f8f1902821148f0c906226c6063d3c924363450ef58c60c75679819d8
SSDeep	1536:+fBloTS/RnD4wzQGZ3XSfbpz1g98YlpZtal7QYBsPBEYfo6Na:+MTunMtI3XSfb3MdkPmffo6Na
Size	102400 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-GD [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Vundo Panda = Suspicious file nProtect = Trojan/W32.Vundo.102400.DI K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!0JPa+yeOvdw eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R4FC1KU Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Faldesc[Cont] McAfee-GW-Edition = Vundo!lg DrWeb = Trojan.Smardec.81 TrendMicro = TROJ_GEN.R4FC1KU Kaspersky = Trojan.Win32.Monder.drjy Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Monder.BMF!tr PCTools = Trojan.Gen Jiangmin = Trojan/Monder.aamr McAfee = Vundo!lg F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CP.gen!Eldorado AVG = Generic22.CCLS Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.13 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CP.gen!Eldorado TheHacker = Trojan/Kryptik.ndc BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.NDC
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:31 08:33:56-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 36864 Initialized Data Size : 98304 Uninitialized Data Size : 0 Entry Point : 0x69ba OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 4.0.2.5322 Product Version Number : 4.0.2.5322 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Woemdqhqe Fmofvoszgiq File Description : Kzfqkkzsg FrontPage Server Extensions File Version : 4.0.2.5322 Original Filename : RPCTEST.DLL Legal Copyright : Copyright © 1995-1999 Rcvycbopu Gnlqirukhop, All rights reserved. Legal Trademark 1 : Hrfmdfkkk®, Kjcfasn®, and FrontPage® are registered trademarks of Xsrqrzwdw Pkfczysbhke, and WebBot is a trademark of Mrxuzjvif Xmhhvkvybse, in the United States and/or other countries. Product Name : Mdfdcdymy® FrontPage® 2000 Product Version : 4.0.2.5322
VirusTotal Report submitted 2012-03-26 08:23:43
VirusShare info last updated 2012-07-26 19:02:07

	MD5	198d6dc6b9931936f9facd2114d3025b
	SHA1	b9837daa3e94ae6081648202b6e4e59d05e8a0ab
	SHA256	06bf1b6e94c93bac911ffad9a0b1c145080cdd97389d796afa3c738b85cab8c0
SSDeep	3072:GWdT5MajJHoeXrhoujjwW6LEQjFBkeIaL7GximuV4mg3CJrITywN9llBMqqDLy/s:TFe0JJ6ujILbjFVtWxinVPIwwN96qqDj
Size	192512 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-HF [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Vundo Panda = Suspicious file Rising = Trojan.Win32.Generic.12898919 nProtect = Trojan/W32.Vundo.192512 K7AntiVirus = Riskware VirusBuster = Trojan.Genome!onjDThmkL6s eTrust-Vet = Win32/Vundo.H!generic Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Faldesc[Cont] McAfee-GW-Edition = Vundo!le DrWeb = Trojan.MulDrop2.36782 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.ijcj McAfee = Vundo!le F-Secure = Gen:Variant.Vundo.13 VIPRE = Virtumonde F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.AJQI Norman = W32/Suspicious_Gen2.QBYWC Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.13 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Genome.sqcd BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:29 01:20:56-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 114688 Initialized Data Size : 122880 Uninitialized Data Size : 0 Entry Point : 0x1873a OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.0.2188.1 Product Version Number : 5.0.2188.1 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Bvschllnj Kwwvyoclftc File Description : Yqhtwvc NT Remote Access Perfmon Counter dll File Version : 5.00.2188.1 Internal Name : rasctrs.dll Legal Copyright : Copyright (C) Onwaffnge Corp. 1981-1999 Original Filename : rasctrs.dll Product Name : Mcwmgawgx(R) Wyelbpq (R) 2000 Hmiknycyi Zyqubl Product Version : 5.00.2188.1
VirusTotal Report submitted 2012-03-26 08:24:06
VirusShare info last updated 2012-07-26 19:02:26

	MD5	1aa25e1e161ada358b11d8a153a89db1
	SHA1	45ce7d1f89b535ce5262785f20005751ac5cb2f0
	SHA256	6380f42aed67c51cbaa49dc3d7bf588626bac27670d80fdf6968aa7719fa6841
SSDeep	3072:atFtOPQX0zdXCap5ZVRsRf8LljQ3uAf4y1ss9r1KXLNHmSwLK979PlS5Y6WRYvC2:qK3ZoRUrsyCD5Y1EC
Size	155648 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.aba.1 Avast = Win32:MalOb-GD [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.HDC Panda = Suspicious file K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!jOTdzZLm0/Y eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R4FC1IC Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[Cont] McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.Virtumod.10579 TrendMicro = TROJ_GEN.R4FC1IC Kaspersky = Trojan.Win32.Genome.adydf Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.4 VIPRE = Virtumonde F-Prot = W32/Virtumonde.CD.gen!Eldorado AVG = Generic22.APMR Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen Symantec = Trojan.Gen GData = Gen:Variant.Vundo.4 Commtouch = W32/Virtumonde.CD.gen!Eldorado BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.NDI
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:24 08:52:05-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 90112 Initialized Data Size : 94208 Uninitialized Data Size : 0 Entry Point : 0x12dd9 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Lvtpzkklr Yzhmfhdlsfp File Description : PNRP Helper Class File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : PnrpHC.dll Legal Copyright : © Svtbvylgl Xuinxdzrvsd. All rights reserved. Original Filename : PnrpHC.dll Product Name : Vfkokrnpr® Ozwaysh® Jglgnalns Umjdtp Product Version : 6.1.7600.16385
VirusTotal Report submitted 2012-03-26 06:05:56
VirusShare info last updated 2012-07-26 19:02:41

	MD5	1ee5f202eae148b45321fb7e6796935d
	SHA1	8920f225bb925030c4a9522ea2448c8885e7d5cf
	SHA256	6f30d8599bf262414f2eecc5df54910b24bbc7b6eff680cde3a9f2d288e10270
SSDeep	6144:OM/2q2UnAtgxbsRVjZPPQ69/GgfLleD0buKIZNjxP9RGOikTsHO9:HuqTzRSho69/bwDnb7RCO9
Size	310674 bytes
File Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Suspicious file nProtect = Trojan.Generic.6241997 K7AntiVirus = Riskware VirusBuster = Trojan.Qhost!ItG3JU+mtNY Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.Virtumod.11252 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.heju McAfee = Generic Malware.ms F-Secure = Trojan.Generic.6241997 VIPRE = FraudTool.Win32.AVSoft (v) AVG = Dropper.Generic4.CSG Norman = W32/Kryptik.AIF GData = Trojan.Generic.6241997 Symantec = Trojan.Gen TheHacker = Trojan/Pirminay.jqv BitDefender = Trojan.Generic.6241997 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2004:07:24 13:03:17-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 311296 Initialized Data Size : 4096 Uninitialized Data Size : 376832 Entry Point : 0xa7ec0 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7000.0 Product Version Number : 6.1.7000.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : Neutral Character Set : Unicode Company Name : Hlbtzxxhw Corporation File Description : OLE DB RootBinder Stub File Version : 6.1.7000.0 (winmain_win7beta.081212-1400) Internal Name : msdaurl.dll Legal Copyright : © Zmefkunel Tsiahhnazhn. All rights reserved. Original Filename : msdaurl.dll Product Name : Xoymltouj® Eoikolj® Eqyujbzkm Mxvzer Product Version : 6.1.7000.0 Ole Self Register :
VirusTotal Report submitted 2012-03-27 20:03:16
VirusShare info last updated 2012-07-26 19:03:42

	MD5	22c91cc965ad1d81cf2df0905c0105bc
	SHA1	d22a621571bc810631d86ecfc129dbfd73fec17f
	SHA256	84bb3ac0975ae41e60e27e551c0affa8ad5c19c0fe44450bbac2833571ffddd8
SSDeep	6144:kp4rnqiHLObc+EYrQ5P2xMo7VZwU2lTl5OtLBHDwSbNTX0a+XHBl3NhoD61RRZry:trrj+EOEPWwUkMdjwE4HzfJ1/Z2
Size	410138 bytes
File Type	PE32 executable (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Dldr.Ponmocup.A.134 Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Pirminay Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.ADH Panda = Suspicious file K7AntiVirus = Riskware VirusBuster = Trojan.DL.Ponmocup!LHQW58G7ybw TrendMicro-HouseCall = TROJ_GEN.R2EC7IO Emsisoft = Trojan.Win32.Pirminay!IK Comodo = TrojWare.Win32.Trojan.Agent.Gen SUPERAntiSpyware = Trojan.Agent/Gen-FakeAlert[Rn] McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.Hosts.5689 TrendMicro = TROJ_GEN.R2EC7IO Kaspersky = Trojan.Win32.Pirminay.qaj Microsoft = TrojanDownloader:Win32/Renos.KC Fortinet = W32/Kryptik.ANL!tr Jiangmin = Trojan/Pirminay.nz McAfee = Generic Malware.ms F-Secure = Gen:Variant.Zbot.34 VIPRE = Trojan.Win32.Generic!BT AVG = Downloader.Generic10.CPWK Norman = W32/Obfuscated_L.AE Sophos = Troj/Virtum-Gen GData = Gen:Variant.Zbot.34 TheHacker = Trojan/Pirminay.dvi BitDefender = Gen:Variant.Zbot.34 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2005:03:18 03:04:41-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 376832 Initialized Data Size : 344064 Uninitialized Data Size : 0 Entry Point : 0x59a06 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Ammklclva Rmusxoikohs File Description : WIA Video File Version : 6.0.6000.16386 (zzrlk_rtm.061101-2205) Internal Name : WIA Video Legal Copyright : © Ezrizkwjq Qwuaflvoniy. All rights reserved. Original Filename : WIAVIDEO.DLL Product Name : Ceqmwgsle® Gpjwmxn® Ankucxhrb Ephlxd Product Version : 6.0.6000.16386
VirusTotal Report submitted 2012-03-30 22:39:59
VirusShare info last updated 2012-07-26 19:04:23

	MD5	2c90b26b65fd44900189d83f32ee574f
	SHA1	533a687f69eedb7a8e62ddfde042d302f8a9fc06
	SHA256	27e4693502d26962c0fbc6c20c9d46da218fab020254fcc717fc326e14364d37
SSDeep	6144:Ee07mwiRD02/YxHhObL/Y/xtvr0z+P+IjSwIClVgYlMmsYRFMqrmXh2qfQspD5QQ:EeGmBTQxBOnY/x0+623Z+QRFzY2qv+Q
Size	417381 bytes
File Type	PE32 executable (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Crypt.XPACK.Gen Avast = Win32:Pirminay-W [Trj] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay nProtect = Trojan.Generic.6138515 K7AntiVirus = Riskware VBA32 = Trojan.Pirminay.hwc TrendMicro-HouseCall = TROJ_GEN.R11C2FS Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Generic Downloader.x!gag DrWeb = Trojan.DownLoader5.47492 TrendMicro = TROJ_GEN.R11C2FS Kaspersky = Trojan.Win32.Pirminay.qei Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.akz McAfee = Generic Downloader.x!gag F-Secure = Trojan.Generic.6138515 VIPRE = Trojan.Win32.Generic!BT F-Prot = W32/Ponmocup.A.gen!Eldorado AVG = Dropper.Generic3.CCAK Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Trojan.Generic.6138515 Symantec = Trojan.Gen Commtouch = W32/Ponmocup.A.gen!Eldorado TheHacker = Trojan/Pirminay.hwc BitDefender = Trojan.Generic.6138515 NOD32 = a variant of Win32/Injector.FXK
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2007:02:13 11:30:37-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 61440 Initialized Data Size : 700416 Uninitialized Data Size : 0 Entry Point : 0xc2cf OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.3959 Product Version Number : 5.2.3790.3959 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Windows Network Service Performance Objects DLL File Version : 5.2.3790.3959 (srv03_sp2_rtm.070216-1710) Internal Name : PERFNET.DLL Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : PERFNET.DLL Product Name : Microsoft® Windows® Operating System Product Version : 5.2.3790.3959
VirusTotal Report submitted 2012-03-26 22:27:54
VirusShare info last updated 2012-07-26 19:06:23

	MD5	30ccd358784e95462e889071288fc950
	SHA1	a87edb48fc8d41ab2ec8f8ee59fd1363f9920248
	SHA256	16b685dfcea9e933fa81b88ae3f30262e7574e117f53b1020bcfd57e3553c988
SSDeep	6144:kLdUAW0zwcofOzN9IP3WqpSji06FBRlaCQtoYf+Qx9Xa9c6m6y9OidtXM/eUXi:CUAHoWkVSOtBiCzFQx9qaH3M
Size	372736 bytes
File Type	PE32 executable (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Pirminay.hpu Avast = Win32:Vundo-JU [Trj] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Pirminay.372736.AS Panda = Suspicious file Rising = Trojan.Win32.Fednu.cyg nProtect = Trojan/W32.Pirminay.372736 eTrust-Vet = Win32/Renos.COO TrendMicro-HouseCall = TROJ_RENOS.BMC Comodo = TrojWare.Win32.Trojan.Agent.Gen Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Generic Downloader.x!gbj DrWeb = Trojan.DownLoader3.2424 TrendMicro = TROJ_RENOS.BMC Kaspersky = Trojan.Win32.Pirminay.hpu Microsoft = TrojanDownloader:Win32/Renos.KC Fortinet = W32/Kryptik.ANL!tr Jiangmin = Trojan/Pirminay.aer McAfee = Generic Downloader.x!gbj F-Secure = Trojan.Generic.KDV.232591 VIPRE = Trojan.Win32.Generic!BT AVG = SHeur3.CAWY Norman = W32/Obfuscated.L Sophos = Troj/Virtum-Gen GData = Trojan.Generic.KDV.232591 TheHacker = Trojan/Pirminay.hpu BitDefender = Trojan.Generic.KDV.232591 NOD32 = a variant of Win32/Injector.FXK
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:31 01:20:38-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 352256 Initialized Data Size : 303104 Uninitialized Data Size : 0 Entry Point : 0x52cbb OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : Neutral Character Set : Unicode Company Name : Microsoft Corporation File Description : JP Japanese Keyboard Layout for 106 File Version : 6.0.6000.16386 (vista_rtm.061101-2205) Internal Name : kbd106 Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : kbd106.dll Product Name : Microsoft® Windows® Operating System Product Version : 6.0.6000.16386
VirusTotal Report submitted 2012-03-26 05:36:41
VirusShare info last updated 2012-07-26 19:07:23

	MD5	3435db5b82cc056c25a42409da4925d8
	SHA1	30c40c95446089c273feefd720e56f93d2176bd9
	SHA256	03ada3449d8fe2b3ac31eed37d57bfed19a5e65ca94b8afbc6ddfec074cc6195
SSDeep	3072:uPSClhT5Znv3SKdetohMqqDLy/A3leb3StwBI3:FqZ9GqqDLuA3YC
Size	163840 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-HF [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Genome Panda = Generic Trojan Rising = Trojan.Win32.Generic.1289D4A6 nProtect = Trojan/W32.Vundo.163840 K7AntiVirus = Riskware VirusBuster = Trojan.Vundo!KYwrH1Dfd2s eTrust-Vet = Win32/Vundo.HSA TrendMicro-HouseCall = TROJ_GEN.R4FC1IC Emsisoft = Trojan.Win32.Pirminay!IK Comodo = TrojWare.Win32.Agentb.o SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[Cont] McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.MulDrop2.36782 TrendMicro = TROJ_GEN.R4FC1IC Kaspersky = Trojan.Win32.Agentb.o Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.13 VIPRE = Virtumonde F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.XKR Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.13 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Genome.sqnn BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:11:21 12:22:13-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 86016 Initialized Data Size : 118784 Uninitialized Data Size : 0 Entry Point : 0x11a2e OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2006.0.6002.18005 Product Version Number : 2006.0.6002.18005 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Bmegpaqab Mfcusoydrec File Description : XML Filter File Version : 2006.0.6002.18005 (lh_sp2rtm.090410-1830) Internal Name : XmlFilter.dll Legal Copyright : © Ylseaasvc Trxfagykvyt. All rights reserved. Original Filename : XmlFilter.dll Product Name : Gxbclscqv® Lnouggl® Anoekhhks Trbozz Product Version : 2006.0.6002.18005
VirusTotal Report submitted 2012-03-26 08:27:25
VirusShare info last updated 2012-07-26 19:08:07

	MD5	34804a1653959a40ce5749329ac155eb
	SHA1	eca36724b1d1aa52f68a4e4f9c967b344c85492e
	SHA256	788e9af1b50b70f3b31787850272d885a25628638f756d41865711e9cafb6b03
SSDeep	1536:E0KDATHXMGZmtS9KX+x5NKGeTdGh38aZl0sAkKV:E0KcTHp8iKdTdZRsAkK
Size	61440 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/Win32.Menti.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Menti Panda = Suspicious file nProtect = Trojan/W32.Agent.61440.BYZ K7AntiVirus = Riskware VBA32 = AdWare.SuperJuan.heur eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_KRYPTK.SMUW Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Menti.jjxu SUPERAntiSpyware = Trojan.Agent/Gen-Vundo McAfee-GW-Edition = Vundo!nk DrWeb = Trojan.Siggen2.31637 TrendMicro = TROJ_KRYPTK.SMUW Kaspersky = Trojan.Win32.Menti.jjxu Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.ctws McAfee = Vundo!nk F-Secure = Gen:Variant.Vundo.6 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Cryptic.BTF Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.6 Symantec = Trojan.Gen.2 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.jhe BitDefender = Gen:Variant.Vundo.6 NOD32 = a variant of Win32/Kryptik.JHE
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:03:24 08:50:40-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 18944 Initialized Data Size : 78336 Uninitialized Data Size : 0 Entry Point : 0x5784 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.1830 Product Version Number : 5.2.3790.1830 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 6 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : MS Remote Access and Routing ARP Driver File Version : 5.2.3790.1830 (srv03_sp1_rtm.050324-1447) Internal Name : WANARP.SYS Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : WANARP.SYS Product Name : Microsoft® Windows® Operating System Product Version : 5.2.3790.1830
VirusTotal Report submitted 2012-03-27 22:06:02
VirusShare info last updated 2012-07-26 19:08:10

	MD5	3ab4160d78dd74f7b09cf1ab0a281637
	SHA1	2850533ee0979bda6ad10713c2d3dcd9b6344b2a
	SHA256	153438c30c71fa1d83e22eeccb7f332e32dc7d4612a62ab9016d6ec8c34d1ee8
SSDeep	3072:S+Uh6rU50oY8AC0IUecXtVbwdFzjMqqDLy/roDbc:YekpP0tAFzQqqDLur
Size	131072 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-HF [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/Genetic.gen nProtect = Trojan/W32.Genome.131072.E K7AntiVirus = Riskware VirusBuster = Trojan.Vundo.AKMH eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R4FC1IC Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[Cont] McAfee-GW-Edition = Vundo!lf DrWeb = Trojan.WinSpy.1185 TrendMicro = TROJ_GEN.R4FC1IC Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.oazs McAfee = Vundo!lf F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Vundo.MH Norman = Vundo.UVS Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.lxf BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:05 18:48:40-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 86016 Initialized Data Size : 86016 Uninitialized Data Size : 0 Entry Point : 0x151a7 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.1.4026.0 Product Version Number : 2.0.0.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : Ncpniezam Kdqqjqacykd File Description : Movie Maker Filters File Version : 2, 1, 4026, 0 Internal Name : WMM2FILT Legal Copyright : Copyright (C) Lfwckqjlh Corp, 2004 Legal Trademarks : Original Filename : WMM2FILT.DLL Private Build : Product Name : Windows Movie Maker Product Version : 2.1.4026.0 Special Build :
VirusTotal Report submitted 2012-03-26 08:28:02
VirusShare info last updated 2012-07-26 19:09:38

	MD5	44326a3df27f91342a724229b82490d1
	SHA1	2a28fae03304b3103c016c313dfcebac28ea3a41
	SHA256	1543a74cac22bcb08d2ceddf1aead6cef4c528cfbb905f183bc92d0af7820761
SSDeep	3072:hX3x7o5dsRIEBNHUgyM5vOBTD4yXJJ/ft/udNWX/5o0MqqDLy/pFP:hXhU5KRIEjBxo1nJJ/9j/6qqDLuf
Size	195072 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.ghj Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Genome Panda = Suspicious file nProtect = Trojan/W32.Diple.195072.B K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!/cLxZAewwdI eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R4FC1IC Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[Cont] McAfee-GW-Edition = Vundo!lf DrWeb = Trojan.WinSpy.1296 TrendMicro = TROJ_GEN.R4FC1IC Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.iltg McAfee = Vundo!lf F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.BHZJ Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen.2 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.qgj BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.QGJ
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2005:03:25 21:57:08-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 155648 Initialized Data Size : 90112 Uninitialized Data Size : 0 Entry Point : 0x22cdf OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.0.50727.4927 Product Version Number : 2.0.50727.4927 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Iyljphate Oxuequheeij File Description : IE Remoting Interface File Version : 2.0.50727.4927 (NetFXspW7.050727-4900) Internal Name : IIEHost.dll Legal Copyright : © Mcqycqzrc Kwawvxqozwh. All rights reserved. Original Filename : IIEHost.dll Product Name : Qkvamnjuw® .NET Framework Product Version : 2.0.50727.4927 Comments : Flavor=Retail
VirusTotal Report submitted 2012-03-26 06:09:07
VirusShare info last updated 2012-07-26 19:11:43

	MD5	4c12ba8f2a49bfd510fa68eab755038b
	SHA1	e643ff0c8526e90c3d9f53f3d8beb018ae386ec4
	SHA256	0c5e4cd6a0826187b34c4136deb4042e7479b21b7c5e1d2a2a6f8a20ae776f90
SSDeep	3072:qVnt8fTCFWrsDVGog9FUszfFF+BrryPWz5OWcusno9Q+PRK/6wfWEHAly:qhw0Xg9ZHWGm5OWctF+PnwfW
Size	206336 bytes
File Type	PE32 executable (GUI) Intel 80386, for MS Windows
Detections	AntiVir = ADWARE/Adware.Gen Avast = Win32:Downloader-ITR [Trj] Antiy-AVL = Trojan/Win32.Jorik Ikarus = Trojan.Win32.Jorik AhnLab-V3 = Trojan/Win32.Jorik Panda = Generic Trojan VirusBuster = Trojan.Injector!0Bg7vDHlXBk VBA32 = Trojan.Jorik.Pirminay.br TrendMicro-HouseCall = TROJ_GEN.R4FC3IC Emsisoft = Trojan.Win32.Jorik!IK Comodo = TrojWare.Win32.Trojan.Agent.Gen SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[Cont] McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.DownLoader4.17311 ByteHero = Trojan.Win32.Heur.Gen TrendMicro = TROJ_GEN.R4FC3IC Kaspersky = Trojan.Win32.Jorik.Pirminay.br Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Jorik_Pirminay.BR!tr PCTools = Downloader.Generic Jiangmin = Trojan/Generic.hxys McAfee = Generic Malware.ms F-Secure = Gen:Variant.Renos.106 VIPRE = Trojan.Win32.Generic!BT AVG = SHeur3.CKHT Norman = W32/Obfuscated.L GData = Gen:Variant.Renos.106 Symantec = Downloader TheHacker = Trojan/Jorik.Pirminay.br BitDefender = Gen:Variant.Renos.106 NOD32 = a variant of Win32/Kryptik.UFA
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 16384 Initialized Data Size : 196608 Uninitialized Data Size : 0 Entry Point : 0x134e OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6001.18000 Product Version Number : 6.0.6001.18000 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Eassdjzal Dcdndnlbaaz File Description : Hciqwjwuh® Cabinet File API File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840) Internal Name : cabinet.dll Legal Copyright : © Wefnwlhlt Kxdlrgwsdgh. All rights reserved. Original Filename : cabinet.dll Product Name : Anulejeeo® Xgpqzbz® Mwkbaxhsv Zjramn Product Version : 6.0.6001.18000
VirusTotal Report submitted 2012-03-26 05:36:49
VirusShare info last updated 2012-07-26 19:13:20

	MD5	5358dc52db61f2ecf4e8377c6cfe0624
	SHA1	aa4b23a65de41c618801567d2bdf663bec647b2c
	SHA256	3f1f285c9e5528719fc0c938e81dc92707278ec49963538d2af7b9382d0d5568
SSDeep	3072:EGmPLFPDlCoifHLV4vSUlQyb1SHGwz9lqgib5pG1KxctJ2M/ouY1aiTZ6v5lH+:EvBfP1SHn9Mgi9slB/oBaiTAv
Size	222208 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.AV.898 Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay nProtect = Trojan/W32.Vundo.222208 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!LAixJrh8UuA eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R4FC1IC Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Genome.wbls SUPERAntiSpyware = Trojan.Agent/Gen-Faker McAfee-GW-Edition = Vundo!lb DrWeb = Trojan.Click1.60281 TrendMicro = TROJ_GEN.R4FC1IC Kaspersky = Trojan.Win32.Genome.wbls Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Monder.BMF!tr PCTools = Trojan.Gen McAfee = Vundo!lb F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.BCXL Norman = W32/Suspicious_Gen2.QBMSC Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen.2 Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Gen:Variant.Vundo.4 NOD32 = probably a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:11:08 04:02:33-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 200704 Initialized Data Size : 65536 Uninitialized Data Size : 0 Entry Point : 0x2e209 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1.0.0.3 Product Version Number : 1.0.0.3 File Flags Mask : 0x003f File Flags : Private build File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : MSR DTAS: Bayesian Inference Belief Network Troubleshooting Library Company Name : Qgzwapcjd; Htcddqwej Research File Description : Belief Network Troubleshooting File Version : 1.0.0.3 Internal Name : bnts Legal Copyright : Copyright (C) 1997 Original Filename : bnts.dll Private Build : 0.0 Product Name : Mpnewzruu bnts Product Version : 1.0.0.3 Original Date : Tue Jun 10 7:17:33 1997
VirusTotal Report submitted 2012-03-26 08:30:46
VirusShare info last updated 2012-07-26 19:14:38

	MD5	55b6c66906e3fc7f90cab819250e8dd7
	SHA1	2378a15660e37961b2fe89e07e89d83b07035494
	SHA256	149c10737f4733f4a2ebb979778d4f5d7525f0b00b0458a7aae8cdf99b4ae2e3
SSDeep	3072:pP4lnbilfc2rUnvjfF5hhPFArie0/0NkFf6ldMqqDLy/Ts9R+9:p4ulUvvPFw0skFfpqqDLuTsy
Size	137216 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-HF [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Genome Panda = Suspicious file K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!mDQlWbfuhOM eTrust-Vet = Win32/Vundo.H!generic Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[Cont] McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.Click2.286 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Vundo Jiangmin = Trojan/Generic.iptc McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.4 VIPRE = Virtumonde eSafe = Win32.TRVundo F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.AUN Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = Trojan.Vundo!gen9 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.llt BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LLT
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:05 17:20:27-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 73728 Initialized Data Size : 114688 Uninitialized Data Size : 0 Entry Point : 0xe2ca OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.2180 Product Version Number : 5.1.2600.2180 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 6 Language Code : English (U.S.) Character Set : Unicode Company Name : Keixqbqdc Bwvleejxlrx File Description : IPv6 Tfwssbn Firewall Driver File Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Internal Name : ip6fw.sys Legal Copyright : © Capanacsh Bngdmkceeph. All rights reserved. Original Filename : ip6fw.sys Product Name : Kdgurrwrx® Bddpqkb® Xxzlbjwzi System Product Version : 5.1.2600.2180
VirusTotal Report submitted 2012-04-04 03:25:48
VirusShare info last updated 2012-07-26 19:15:00

	MD5	578ce4e913347efb8403b9026e62aefb
	SHA1	249a1833a95ce4d91a9b401bb1a7fdc6e72d0478
	SHA256	d7930215fb719ec6248595701d7a550b99441fe1ea5bfce7e262635e90b7c4bf
SSDeep	1536:TPGz7YGr6sLiHTNxt4az/k2WG6XijYNLERpK2iKAXM3QGoQYC/1tJ:KYGeZ9kvXi7fQGoQYC/fJ
Size	114176 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.AV.572 Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.FakeAV Panda = Trj/Genetic.gen nProtect = Trojan/W32.Vundo.114176.M K7AntiVirus = Riskware VirusBuster = Trojan.Monder!o/V7jEhLIg8 eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_MONDR.SMUM Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Vundo!ot DrWeb = Trojan.Virtumod.9851 TrendMicro = TROJ_MONDR.SMUM Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Monder.BMF!tr PCTools = Trojan.Vundo Jiangmin = Trojan/Monder.aamm McAfee = Vundo!ot F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.CFBI Norman = Monder.M Sophos = Troj/Virtum-Gen Symantec = Trojan.Vundo!gen9 GData = Gen:Variant.Vundo.13 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.lxf BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:06:17 01:37:32-04:00 PE Type : PE32 Linker Version : 5.12 Code Size : 57344 Initialized Data Size : 102400 Uninitialized Data Size : 0 Entry Point : 0xafd6 OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 9.0.32.3 Product Version Number : 9.0.32.3 File Flags Mask : 0x003f File Flags : Pre-release File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 6 Language Code : English (U.S.) Character Set : Unicode Company Name : Marvell File Description : NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller File Version : 9.0.32.3 built by: WinDDK Internal Name : YK60X86.sys Legal Copyright : ©Copyright 2002-2006 Marvell®. All rights reserved. Original Filename : YK60X86.sys Product Name : Marvell Yukon Ethernet Controller Product Version : 9.0.32.3
VirusTotal Report submitted 2012-04-04 09:23:42
VirusShare info last updated 2012-07-26 19:15:25

	MD5	57916de24a1bbacd94e10ba8a2592b31
	SHA1	891e3730ff0687744f95c42adaa0fc796d7875a0
	SHA256	c3973962f17090144bf08bd47876a1e89517ac0f12ce99f844f8f38a6f6e9f52
SSDeep	3072:52J9HrpXQ3OTC7OhkxIKCLwlNMqqDLy/UmyqW:YLlTaIKCLPqqDLuUn
Size	124928 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-HF [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Genome K7AntiVirus = Riskware eTrust-Vet = Win32/Vundo.H!generic Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.Click1.64020 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Vundo Jiangmin = Trojan/Generic.ijvl McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.ALCY Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = Trojan.Vundo!gen9 Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.QGJ
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2005:03:16 17:19:07-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 73728 Initialized Data Size : 102400 Uninitialized Data Size : 0 Entry Point : 0xe442 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.5512 Product Version Number : 5.1.2600.5512 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Buprzhqzl Ytyfrwxuddn File Description : Event Create File Version : 5.1.2600.5512 (xpsp.080413-2108) Internal Name : EventCreate.exe Legal Copyright : © Vqcolnrmg Cmwwwvutglr. All rights reserved. Original Filename : EvCreate.exe Product Name : Qcaceajzp® Usctste® Tzsrbgmns Cjlzio Product Version : 5.1.2600.5512
VirusTotal Report submitted 2012-03-28 21:49:00
VirusShare info last updated 2012-07-26 19:15:25

	MD5	583cc5edc5ea5ad17c9f27ca217c9242
	SHA1	27c63f04d3d787bd186b431f3a2124d4fb999a5b
	SHA256	3039f3dec05504abe4771f0d2a02a6763e48bfe89e45705e02f01a54a74731fb
SSDeep	3072:BUyVSw+AJFHW2196+hzUxv10YaEmUxrvf0YbMETxNXSTldMqqDLy/PN:twMFHW8xZYljHM0NXSwqqDLu
Size	144896 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-HF [Cryp] Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Genome Panda = Suspicious file nProtect = Trojan/W32.Genome.144896.B K7AntiVirus = Riskware eTrust-Vet = Win32/Vundo.H!generic Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[Cont] McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.MulDrop2.36782 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Vundo Jiangmin = Trojan/Generic.ijxd McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.OKC Norman = W32/Vundo.BFYD Sophos = Troj/Virtum-Gen Symantec = Trojan.Vundo!gen9 GData = Gen:Variant.Vundo.4 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.lxf BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:04:05 16:27:57-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 114688 Initialized Data Size : 86016 Uninitialized Data Size : 0 Entry Point : 0x17b96 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 8 Language Code : English (U.S.) Character Set : Unicode Company Name : Tdidwjbjy Lwycvszvikq File Description : Recqmufhl Sound Mapper File Version : 6.0.6000.16386 (nvpsl_rtm.061101-2205) Internal Name : Xtikbbjzg Sound Mapper Legal Copyright : © Microsoft Gkijxsdsygc. All rights reserved. Original Filename : msacm32.acm Product Name : Vywjlybww® Torzzwr® Opufkodvw Ajxsio Product Version : 6.0.6000.16386
VirusTotal Report submitted 2012-04-04 11:52:18
VirusShare info last updated 2012-07-26 19:15:33

	MD5	5b8e6b2a944767afc78fb01af28f45f8
	SHA1	b96e08c44b3a3e665483a856a79493fee11d33c0
	SHA256	65659095b6012775b0228e59f3194a559c80b2b8d8474b2b968559096167b3b8
SSDeep	6144:zGJiR11fg3I6baZ0vmrx8x4DGN6xhiLeqOtYwII4:zbR11jk4x8qDGEjiLJt
Size	274432 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Crypt.XPACK.Gen3 Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Vundo Panda = Generic Trojan nProtect = Trojan/W32.Genome.274432.D K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!cTxoSMaLvnE eTrust-Vet = Win32/Vundo.H!generic Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[Cont] McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.Smardec.77 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Vundo Jiangmin = Trojan/Genome.ahhm McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.BIER Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.13 Symantec = Trojan.Vundo!gen9 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.llt BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.LLT
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:03:20 13:02:11-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 208896 Initialized Data Size : 94208 Uninitialized Data Size : 0 Entry Point : 0x30831 OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.0 Product Version Number : 5.2.3790.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Vnriirkvy Pzgzmklipsm File Description : Lvgbpubuh Wkxwugi Sockets 2.0 Service Provider File Version : 5.2.3790.0 (srv03_rtm.030324-2048) Internal Name : msafd.dll Legal Copyright : © Rxasimrum Xemlecbmvvo. All rights reserved. Original Filename : msafd.dll Product Name : Sqhficqmq® Jewjzty® Hinvlpseh Tkmprt Product Version : 5.2.3790.0
VirusTotal Report submitted 2012-03-26 08:31:38
VirusShare info last updated 2012-07-26 19:16:08

	MD5	5bddbf182d6c5e182544867b66195d19
	SHA1	a418b73ba92e2c761a882051767e3733f51106c4
	SHA256	0b06dafc89516c217a4f36cfca1579a01a95aa9114cced733e0f4ed146f294fb
SSDeep	6144:kp4rnqiHLObc+EYrQ5P2xMo7VZwU2lTl5OtLBHDwSbNTX0a+XHBl3NhoD61RRZre:trrj+EOEPWwUkMdjwE4HzfJ1/Za
Size	410091 bytes
File Type	PE32 executable (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Dldr.Ponmocup.A.134 Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Pirminay Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.ADH Panda = Suspicious file K7AntiVirus = Riskware VirusBuster = Trojan.DL.Ponmocup!LHQW58G7ybw TrendMicro-HouseCall = TROJ_GEN.R4FC2CV Emsisoft = Trojan.Win32.Pirminay!IK Comodo = TrojWare.Win32.Trojan.Agent.Gen SUPERAntiSpyware = Trojan.Agent/Gen-FakeAlert[Rn] McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.Hosts.5689 TrendMicro = TROJ_GEN.R4FC2CV Kaspersky = Trojan.Win32.Pirminay.pvo Microsoft = TrojanDownloader:Win32/Renos.KC Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.ADH Jiangmin = Trojan/Pirminay.nz McAfee = Generic Malware.ms F-Secure = Gen:Variant.Zbot.34 VIPRE = Trojan.Win32.Generic!BT AVG = Downloader.Generic10.CPWK Norman = W32/Suspicious_Gen2.LMXNN Sophos = Troj/Virtum-Gen GData = Gen:Variant.Zbot.34 Symantec = Trojan.ADH.2 TheHacker = Trojan/Pirminay.dvi BitDefender = Gen:Variant.Zbot.34 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2005:03:18 03:04:41-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 376832 Initialized Data Size : 344064 Uninitialized Data Size : 0 Entry Point : 0x59a06 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Ammklclva Rmusxoikohs File Description : WIA Video File Version : 6.0.6000.16386 (zzrlk_rtm.061101-2205) Internal Name : WIA Video Legal Copyright : © Ezrizkwjq Qwuaflvoniy. All rights reserved. Original Filename : WIAVIDEO.DLL Product Name : Ceqmwgsle® Gpjwmxn® Ankucxhrb Ephlxd Product Version : 6.0.6000.16386
VirusTotal Report submitted 2012-04-05 20:39:24
VirusShare info last updated 2012-07-26 19:16:12

	MD5	67bf876fef091a4a4c9723d9fccfa56c
	SHA1	15f118ae84c25cbb994b698aba24afb4c5ed51d6
	SHA256	a80a2be54a448d104ad0afb2f5878b16cd88fcb0c612bce0ec102e6be5320563
SSDeep	6144:TTUyAs15d/3BfydG/wyBMUyAg8jId0a3kPx/GA6UerC26ie+T5SvCtWR+:/53B6GnBMUQyaUZGAjLvC88
Size	363451 bytes
File Type	PE32 executable (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Crypt.XPACK.Gen Avast = Win32:Dropper-gen [Drp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Pirminay.363451 Panda = Suspicious file K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!SwtpIwwljRQ TrendMicro-HouseCall = TROJ_GEN.R4FC1IA Emsisoft = Trojan.Win32.Pirminay!IK Comodo = TrojWare.Win32.Trojan.Agent.Gen SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[Cont] McAfee-GW-Edition = Downloader.a!hb DrWeb = Trojan.DownLoader4.46321 TrendMicro = TROJ_GEN.R4FC1IA Kaspersky = Trojan.Win32.Pirminay.qzh Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Kryptik.ANL!tr PCTools = Downloader.Generic Jiangmin = Trojan/Pirminay.agv McAfee = Downloader.a!hb F-Secure = Gen:Variant.Vundo.5 VIPRE = Trojan.Win32.Generic!BT AVG = Generic22.ANYC Norman = W32/Obfuscated.L Sophos = Mal/Ponmocup-A GData = Gen:Variant.Vundo.5 Symantec = Downloader TheHacker = Trojan/Pirminay.goj BitDefender = Gen:Variant.Vundo.5 NOD32 = a variant of Win32/Kryptik.LLT
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:03:30 21:37:48-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 65536 Initialized Data Size : 589824 Uninitialized Data Size : 0 Entry Point : 0xcc6b OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.0.2195.6620 Product Version Number : 5.0.2195.6620 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Gthapoftv Nkvupyqcxix File Description : IIS Log File Conversion Utility File Version : 5.00.2195.6620 Internal Name : convlog.exe Legal Copyright : Copyright (C) Rpruciyyz Corp. 1981-1999 Original Filename : convlog.exe Product Name : Nihezboez(R) Jsfokgn (R) 2000 Xwnmsixqj Rzhtlp Product Version : 5.00.2195.6620
VirusTotal Report submitted 2012-03-27 20:26:05
VirusShare info last updated 2012-07-26 19:17:50

	MD5	68da435e1700286c234fc3d612755ba5
	SHA1	16a474e7304dfbf64c5ce6a5be7763a886d40fea
	SHA256	2f2f20603befb16e4dd0bc1e97e9f4d77503b6db6f88f29dc78d09ad59da3dda
SSDeep	768:4TWHmVE69ExT2ncT+dyau6mWyel1+kgsQ6YpiVf5BCjeLlsC3DhQUpIrQ31lq5e2:GWHyEdZopy+j5/5oeLlLL+rklq5Vos9
Size	75776 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Trj/CI.A K7AntiVirus = Riskware VirusBuster = Trojan.Monder!D3wDkkgYLEM eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R4FC2IL Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Monder.drjy SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[Cont] McAfee-GW-Edition = Vundo!kt DrWeb = Trojan.Virtumod.10428 TrendMicro = TROJ_GEN.R4FC2IL Kaspersky = Trojan.Win32.Monder.drjy Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Monder.BMF!tr PCTools = Trojan.Gen Jiangmin = Trojan/Monder.aamo McAfee = Vundo!kt F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.CDDO Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.ndc BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.NDC
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:16 21:09:18-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 57344 Initialized Data Size : 61440 Uninitialized Data Size : 0 Entry Point : 0xb78a OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.10.1.5012 Product Version Number : 5.10.1.5012 File Flags Mask : 0x003f File Flags : Private build File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 9 Language Code : English (U.S.) Character Set : Unicode Company Name : Nlrdkdj (R) Server 2003 DDK provider File Description : High Definition Audio Function Driver v1.0a File Version : 5.10.01.5012 built by: WinDDK Internal Name : HDAudio.sys Legal Copyright : © Lkaesnevv Zjjmwqnzrlk. All rights reserved. Original Filename : HDAudio.sys Product Name : Rnaiezbwr® Kksnhbr® Gswfoptcl Ulxdbd Product Version : 5.10.01.5012
VirusTotal Report submitted 2012-03-27 22:06:17
VirusShare info last updated 2012-07-26 19:18:03

	MD5	6c5e5d544f96fd7a0be72311e2954b67
	SHA1	57d2a341bf33da2b1b11f321d1b71323a607d543
	SHA256	9c9ec9a23f28284101a80bb9acfb5d2892aeba82e0f1570379866ae48fd09926
SSDeep	1536:lqIjm9fy8kl/mnnDMAwnaAopMVtT9YPfl9mBnpLpSdPyvh6/rztzhFTcof:gIjm9sl/awleUTEl9mBpL2yetzrTN
Size	106496 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-HH [Cryp] Antiy-AVL = Trojan/Win32.Monder Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Suspicious file K7AntiVirus = Riskware VirusBuster = Trojan.Monder!AMt8Za79Sio eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R4FC2GF Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Vundo!lg DrWeb = Trojan.Virtumod.10011 TrendMicro = TROJ_GEN.R4FC2GF Kaspersky = Trojan.Win32.Monder.drjy Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Monder.aari McAfee = Vundo!lg F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.GQV Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:01:24 21:59:29-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 57344 Initialized Data Size : 94208 Uninitialized Data Size : 0 Entry Point : 0xae21 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 4.0.2.5322 Product Version Number : 4.0.2.5322 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Borvnotwi Nbyhzjbodhx File Description : Sksennglv FrontPage TCP/IP Tester File Version : 4.0.2.5322 Original Filename : TCPTEST.EXE Legal Copyright : Copyright © 1995-1999 Ggcijhmzo Hhhhkawoarr, All rights reserved. Legal Trademark 1 : Kgsovxwla®, Wbvoolw®, and FrontPage® are registered trademarks of Wmnuzcptl Amjevgcrmea, and WebBot is a trademark of Tjkidsxok Usbykdgxdtx, in the United States and/or other countries. Product Name : Oualxaihg® FrontPage® 2000 Product Version : 4.0.2.5322
VirusTotal Report submitted 2012-03-26 06:20:09
VirusShare info last updated 2012-07-26 19:18:40

	MD5	70e669ff6d86096b284f4d75ea2a7537
	SHA1	dc613f694838aa60743b52b25a6cf08a901d483c
	SHA256	dee785c0afc88db2772415daf04f68595487f373bdc8fc0e2f7cae68962502ef
SSDeep	1536:yDzETtM5I443axhyVC9K62tPcI5ogscEcTDm10JpTDQ5lo2DhKRa41Wlh5rrf0Gt:azEaZgsKttPV5ogDEODm1OfYoxkn5kG6
Size	96256 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/Win32.Agent.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Vundo Panda = Generic Trojan K7AntiVirus = Riskware VirusBuster = Trojan.DR.Agent!sq53HcDU19I eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_SPNR.2FAC12 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[Cont] McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.MulDrop3.3630 TrendMicro = TROJ_SPNR.2FAC12 Kaspersky = Trojan-Dropper.Win32.Agent.epyx Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = TrojanDropper.Agent.bejn McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic21.ATVB Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.13 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Dropper.Agent.epyx BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Adware.Virtumonde.NKO
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:17 18:05:28-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 81920 Initialized Data Size : 57344 Uninitialized Data Size : 0 Entry Point : 0x11311 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.2180 Product Version Number : 5.1.2600.2180 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 6 Language Code : English (U.S.) Character Set : Unicode Company Name : Pqnueksyd Kncyqfpinbn File Description : RAS PPPoE mini-port/call-manager driver File Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Internal Name : raspppoe.sys Legal Copyright : © Jfxvtoicp Vurnralymhw. All rights reserved. Original Filename : raspppoe.sys Product Name : Kyukeyjon® Abbzmkd® Fhvykzwkh Dtjmig Product Version : 5.1.2600.2180
VirusTotal Report submitted 2012-03-27 22:06:31
VirusShare info last updated 2012-07-26 19:19:18

	MD5	76cc7465f038073cb8fa2223a0a1c87b
	SHA1	2a5775bbf381646c2d844d11053b44eef4ff8ba5
	SHA256	267cfd700747f3d90269d75075b536d2c1922c85ea2ae0ad1156a1279eb48a3e
SSDeep	3072:nhPan/Wfj5Dlk+W/3Pz9+FZMKN0o9WS21fx8:1anMHkR3Pz+PusD2Rx
Size	105984 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:MalOb-FA [Cryp] Antiy-AVL = Trojan/Win32.Agent.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Vundo Panda = Trj/Vundo.I nProtect = Trojan/W32.Vundo.105984.B K7AntiVirus = Trojan VirusBuster = Trojan.Agent!fibB2pi8jXA VBA32 = Trojan.Agent.hodh eTrust-Vet = Win32/Vundo.HTF!genus TrendMicro-HouseCall = TROJ_VUNDO.SMIA Emsisoft = Trojan.Win32.Pirminay!IK Comodo = TrojWare.Win32.Agent.hodh CAT-QuickHeal = Win32.Trojan.Vundo.5 SUPERAntiSpyware = Trojan.Agent/Gen-Vonder McAfee-GW-Edition = Artemis!76CC7465F038 DrWeb = Trojan.Siggen2.26773 TrendMicro = TROJ_VUNDO.SMIA Kaspersky = Trojan.Win32.Agent.hodh Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Genome.ihm McAfee = Artemis!76CC7465F038 F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.BZ.gen!Eldorado AVG = Injector.AAJ Norman = W32/Kryptik.AIF Sophos = Troj/Agent-PKR GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.BZ.gen!Eldorado TheHacker = Trojan/Injector.dse BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Injector.DSE
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:02:02 03:17:08-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 57856 Initialized Data Size : 83968 Uninitialized Data Size : 0 Entry Point : 0xf06d OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1.1.4322.573 Product Version Number : 1.1.4322.573 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : netfxperf.lib File Version : 1.1.4322.573 Internal Name : netfxperf.lib Legal Copyright : Copyright (C) Microsoft Corporation 1998-2002. All rights reserved. Legal Trademarks : Microsoft and Windows are either registered trademarks or trademarks of Microsoft Corporation in the U.S. and/or other countries. Original Filename : netfxperf.lib Product Name : Microsoft (R) .NET Framework Product Version : 1.1.4322.573 Comments : Microsoft .NET Framework build environement is Retail. SafeSync counter=0
VirusTotal Report submitted 2012-03-26 08:46:36
VirusShare info last updated 2012-07-26 19:20:07

	MD5	8c273213e725bab3260ede64fb5bae72
	SHA1	2614cb8cb93308445d851d530ef996c219ddee79
	SHA256	6d13c750a8dc086b09b9cb47e783ad17e0742f6b0289d33b6df666d43479b3c8
SSDeep	6144:7qXcMZjfw9Ed6ydeSWST8MqP/IaDK9je:2XcMZjNkydl3bqP/IaDb
Size	278528 bytes
File Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Detections	AntiVir = ADWARE/Adware.Gen Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Jorik AhnLab-V3 = Trojan/Win32.FakeAV nProtect = Trojan.Generic.6573909 VirusBuster = Trojan.Injector!91aRSm8Tw04 VBA32 = Trojan.Jorik.Pirminay.be TrendMicro-HouseCall = TROJ_GEN.R4FC3IC Emsisoft = Trojan.Win32.Jorik!IK McAfee-GW-Edition = Heuristic.LooksLike.Win32.Suspicious.C DrWeb = Trojan.DownLoader4.17985 TrendMicro = TROJ_GEN.R4FC3IC Kaspersky = Trojan.Win32.Jorik.Pirminay.nc Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Jorik.K!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.hxys McAfee = Generic.evx!t F-Secure = Trojan.Generic.6573909 VIPRE = Trojan.Win32.Generic!BT AVG = SHeur3.CKGC Norman = W32/Obfuscated.L Symantec = Trojan.Gen.2 GData = Trojan.Generic.6573909 BitDefender = Trojan.Generic.6573909 NOD32 = a variant of Win32/Injector.HZU
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 253952 Initialized Data Size : 28672 Uninitialized Data Size : 40960 Entry Point : 0x489e0 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 0.3.1281.0 Product Version Number : 6.0.5479.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 12 Language Code : Arabic Character Set : Unicode Company Name : Microsoft Corporation File Description : برنامج تشغيل الطابعة Oksidm9 File Version : 6.0.5479.0 (vbl_wcp_d2_drivers.060616-1619) Internal Name : Oksidm9.dll Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : Oksidm9.dll Product Name : Microsoft® Windows® Operating System Product Version : 6.0.5479.0
VirusTotal Report submitted 2012-03-25 15:29:06
VirusShare info last updated 2012-07-26 19:22:59

	MD5	93439c6894ca8679c778613de77e4d39
	SHA1	73e48af94dd230b1ad81a1642b043c3a3caafaf0
	SHA256	2775ee7501167a38595df5edd07ba49e38e151191293b91fbab097a3de1bd210
SSDeep	1536:e/kdCEHX0G67tS9KX+x5NKGeTdGh38aZl0+kKV:e/3EHS5iKdTdZR+kK
Size	61440 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/win32.agent.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Menti Panda = Suspicious file nProtect = Trojan/W32.Agent.61440.BYZ K7AntiVirus = Riskware VBA32 = AdWare.SuperJuan.heur TrendMicro-HouseCall = TROJ_KRYPTK.SMUW Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Menti.jcnj SUPERAntiSpyware = Trojan.Agent/Gen-Vundo McAfee-GW-Edition = Vundo!nk DrWeb = Trojan.Siggen2.31637 TrendMicro = TROJ_KRYPTK.SMUW Kaspersky = Trojan.Win32.Menti.jcnj Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Generic.ctws McAfee = Vundo!nk F-Secure = Gen:Variant.Vundo.6 VIPRE = Trojan.Win32.Kryptik.laq (v) eSafe = Win32.TRVundo F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Cryptic.BTF Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.6 Symantec = Trojan.Gen.2 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.jhe BitDefender = Gen:Variant.Vundo.6 NOD32 = a variant of Win32/Kryptik.JHE
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:03:24 08:50:40-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 18944 Initialized Data Size : 78336 Uninitialized Data Size : 0 Entry Point : 0x5784 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.1830 Product Version Number : 5.2.3790.1830 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 6 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : MS Remote Access and Routing ARP Driver File Version : 5.2.3790.1830 (srv03_sp1_rtm.050324-1447) Internal Name : WANARP.SYS Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : WANARP.SYS Product Name : Microsoft® Windows® Operating System Product Version : 5.2.3790.1830
VirusTotal Report submitted 2012-06-18 16:21:40
VirusShare info last updated 2012-07-26 19:24:03

	MD5	973146121da6dca8ec5ddef678d24120
	SHA1	489a8b0ab0ffe165bfb866d641aaf6893999dadd
	SHA256	8ef22ef2e786d00489ca9b6ba98c2745f70924a3ef8c7edd517c569b671cb2b6
SSDeep	3072:bWMMdqop61JXKgtrKrwEuJZhwHJValiljMqqDLy/7W0K:KMMd41xKgtZhwgnqqDLu7W
Size	166400 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.A.946 Avast = Win32:Kryptik-ELX [Trj] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Trj/Genetic.gen Rising = Trojan.Win32.Generic.12899D94 K7AntiVirus = Riskware eTrust-Vet = Win32/Vundo.HQK TrendMicro-HouseCall = TROJ_GEN.R11C2G7 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Vundo!ku DrWeb = Trojan.Smardec.75 TrendMicro = TROJ_GEN.R11C2G7 Kaspersky = Trojan.Win32.Monder.drjy Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Vundo Jiangmin = Trojan/Monder.aapz McAfee = Vundo!ku F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.ANJ Norman = W32/Kryptik.AIF Sophos = Mal/Generic-L GData = Gen:Variant.Vundo.13 Symantec = Trojan.Vundo!gen9 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.oxq BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.OXQ
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:12:07 01:22:53-05:00 PE Type : PE32 Linker Version : 5.12 Code Size : 98304 Initialized Data Size : 118784 Uninitialized Data Size : 0 Entry Point : 0x148ca OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.3790.3959 Product Version Number : 6.0.3790.3959 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Microsoft IIS Common Logging Interface DLL File Version : 6.0.3790.3959 (srv03_sp2_rtm.070216-1710) Internal Name : ISCOMLOG.DLL Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : ISCOMLOG.DLL Product Name : Internet Information Services Product Version : 6.0.3790.3959
VirusTotal Report submitted 2012-03-26 06:14:27
VirusShare info last updated 2012-07-26 19:24:35

	MD5	9785205e17999807ebea5d653efb0ec7
	SHA1	a588ca35fa7cf6e629e9db066822432dec244450
	SHA256	6abfe455f6c3463ad469c3442abc559b649ba9eac59b0e2ae78e92ac546efdb3
SSDeep	1536:gv2BA1sHXLG5ctS9KX+x5NKGeTdGh38aZl08kKV:gv2i1sH+KiKdTdZR8kK
Size	61440 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/Win32.Menti.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Menti nProtect = Trojan/W32.Agent.61440.BYZ K7AntiVirus = Riskware VBA32 = AdWare.SuperJuan.heur eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_KRYPTK.SMUW Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Menti.jeup SUPERAntiSpyware = Trojan.Agent/Gen-Vundo McAfee-GW-Edition = Vundo!nk DrWeb = Trojan.Siggen2.31637 TrendMicro = TROJ_KRYPTK.SMUW Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.ctws McAfee = Vundo!nk F-Secure = Gen:Variant.Vundo.6 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Cryptic.BTF Norman = W32/Kryptik.AIF Symantec = Trojan.Gen.2 GData = Gen:Variant.Vundo.6 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.jhe BitDefender = Gen:Variant.Vundo.6 NOD32 = a variant of Win32/Kryptik.JHE
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:03:24 08:50:40-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 18944 Initialized Data Size : 78336 Uninitialized Data Size : 0 Entry Point : 0x5784 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.1830 Product Version Number : 5.2.3790.1830 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 6 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : MS Remote Access and Routing ARP Driver File Version : 5.2.3790.1830 (srv03_sp1_rtm.050324-1447) Internal Name : WANARP.SYS Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : WANARP.SYS Product Name : Microsoft® Windows® Operating System Product Version : 5.2.3790.1830
VirusTotal Report submitted 2012-03-27 04:33:49
VirusShare info last updated 2012-07-26 19:24:38

	MD5	97b16b5ea518123c92289057cc7a3b64
	SHA1	12c6fc2edb3d6ef667076c635f3629a08a386f6f
	SHA256	bd369d8d69c9209d4b414dde61787274c6ec3e4ec489bad97ecae18737d78292
SSDeep	1536:U4OwSC/UXuY28bQJjml9I3k3lQ36QDkUS9:UPwx8b20QJj83lQ39k/
Size	49664 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:MalOb-GH [Cryp] Antiy-AVL = Trojan/Win32.Monder.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Trj/Genetic.gen nProtect = Trojan/W32.Small.49664.EE K7AntiVirus = Trojan VirusBuster = Trojan.Kryptik.Gen.26 eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R21CDB6 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Monder.nnhb SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[Cont] McAfee-GW-Edition = Artemis!97B16B5EA518 DrWeb = Trojan.WinSpy.1071 TrendMicro = TROJ_GEN.R21CDB6 Kaspersky = Trojan.Win32.Monder.nnhb Microsoft = Trojan:Win32/Vundo.gen!AV ViRobot = Trojan.Win32.Vundo.49664 Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Vundo Jiangmin = Trojan/Generic.isio McAfee = Artemis!97B16B5EA518 F-Secure = Gen:Variant.Buzy.4423 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.ST AVG = Cryptic.DQQ Norman = W32/Kryptik.AKE Sophos = Troj/Virtum-Gen GData = Gen:Variant.Buzy.4423 Symantec = Trojan.Vundo!gen9 Commtouch = W32/Virtumonde.ST TheHacker = Trojan/Kryptik.ocu BitDefender = Gen:Variant.Buzy.4423 NOD32 = a variant of Win32/Kryptik.OCU
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2004:08:16 10:16:46-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 40960 Initialized Data Size : 49152 Uninitialized Data Size : 0 Entry Point : 0xaeb1 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2001.12.4414.258 Product Version Number : 3.0.0.4414 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Windows, Latin1 Company Name : Yzwibhlqj Ewifvhxbtkz File Description : Simple Kernel-mode File-based Log File Version : 2001.12.4414.258 Internal Name : txflog.sys Legal Copyright : Copyright (C) Microsoft Corp. 1995-1999 Legal Trademarks : Qfvwqsgxa(R) is a registered trademark of Ighyzngxg Psbzwdzhbpn. Pbnyczd(TM) is a trademark of Zlpagiibr Klpywuagrfb Product Name : COM Services Product Version : 03.00.00.4414
VirusTotal Report submitted 2012-03-28 21:36:45
VirusShare info last updated 2012-07-26 19:24:40

	MD5	9f97b8dd51295ec7fa3b22dd3df5dfcc
	SHA1	72437fcddcfce7416a1bd87067e8f24699f3ba58
	SHA256	8013bf0e1427a54c9896306ff5d99748468d89bc8c2945658593344e82dc00ed
SSDeep	6144:SD7xmRHoUyumDyJvc7MlcCQXAuonBGvPIV9Rkp9qbFNxjmV3:Oxm5fKytPl2wupYVMqbFNxjmV3
Size	334336 bytes
File Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Detections	AntiVir = TR/Sisron.A.1013 Avast = Win32:Malware-gen Antiy-AVL = Trojan/win32.agent.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Malware/Win32.Generic Panda = Generic Trojan nProtect = Trojan.Generic.KDV.559150 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!mhIMv/MB99Y TrendMicro-HouseCall = TROJ_GEN.R3EC9CE Emsisoft = Trojan.Win32.Pirminay!IK Comodo = TrojWare.Win32.Trojan.Agent.Gen McAfee-GW-Edition = Generic.dx!bdkm DrWeb = Trojan.DownLoader5.55760 TrendMicro = TROJ_GEN.R3EC9CE Kaspersky = HEUR:Trojan.Win32.Generic Fortinet = W32/Dx.BDKM!tr Jiangmin = Trojan/Generic.zjbo McAfee = Generic.dx!bdkm F-Secure = Trojan.Generic.KDV.559150 VIPRE = Trojan.Win32.Generic!BT AVG = Generic27.AMON Norman = W32/Kryptik.AIF Sophos = Mal/Generic-L GData = Trojan.Generic.KDV.559150 Symantec = Suspicious.Cloud BitDefender = Trojan.Generic.KDV.559150 NOD32 = a variant of Win32/Kryptik.AAKJ
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2012:03:03 19:00:00-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 335872 Initialized Data Size : 4096 Uninitialized Data Size : 45056 Entry Point : 0x5d330 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-04-28 07:50:21
VirusShare info last updated 2012-07-26 19:25:52

	MD5	a6408adf8c458d316b97c56ebf2afa2f
	SHA1	1baf6770b3f74d223d3549d5e538657dc7df58b0
	SHA256	36b63c6c2fe4b5c96f529069a59b1bcf78df80467d3a43953ea3fd536ad7a17b
SSDeep	6144:/iD7JsnFYYfpEbs5vWcqmw5qYJvTXX4Od4WPitEjNcbj9KcJ/rMBt:63J6FYBQv2Tn4JSebbGt
Size	347063 bytes
File Type	PE32 executable (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Crypt.XPACK.Gen2 Avast = Win32:MalOb-IE [Cryp] Antiy-AVL = Trojan/Win32.Pirminay Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Pirminay.347063 Panda = Suspicious file K7AntiVirus = Riskware VirusBuster = Trojan.DL.Agent!cXVFtQgnG8I TrendMicro-HouseCall = TROJ_GEN.R4FC2IA Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.DownLoader4.60383 TrendMicro = TROJ_GEN.R4FC2IA Kaspersky = Trojan.Win32.Pirminay.qic Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Kryptik.ANL!tr Jiangmin = Trojan/Pirminay.adf McAfee = Generic Malware.ms F-Secure = Gen:Variant.Riern.1 VIPRE = Trojan.Win32.Generic!BT AVG = SHeur3.CAZX Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Riern.1 Symantec = Trojan.Gen TheHacker = Trojan/Downloader.Agent.pxo BitDefender = Gen:Variant.Riern.1 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:07 22:11:25-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 45056 Initialized Data Size : 585728 Uninitialized Data Size : 0 Entry Point : 0x8e26 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Hnbvceuhl Uebhpfdxapb File Description : Ypeobejyq Direct Database API File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : DirectDB.DLL Legal Copyright : © Irfoetrzh Gdzcizqvoql. All rights reserved. Original Filename : DirectDB.DLL Product Name : Agxisdnsa® Rqgaxaj® Mgtpnjlph Rhtfcc Product Version : 6.1.7600.16385
VirusTotal Report submitted 2012-03-26 07:48:33
VirusShare info last updated 2012-07-26 19:26:50

	MD5	aeaeea0f57d8e61bf30d775eb2700005
	SHA1	c9e6800bab0b5949497731fa913ad4c4e56e5fb8
	SHA256	7345e5c40829c356008cbd80376d0a915269f7c23925f9f668ce85d110f93f7a
SSDeep	6144:syuTlIs2Cdg/loXVYv4g03LBDD7QggI+4gG0sG324MuQrzjG8VAgVNfh+gvtB9V:s3TlFJQJQgYBDD7oI3gG0ZG4JWzjGfEX
Size	373770 bytes
File Type	PE32 executable (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Crypt.XPACK.Gen3 Avast = Win32:Vundo-JU [Trj] Ikarus = Trojan.Win32.Pirminay Panda = Generic Trojan K7AntiVirus = Riskware VirusBuster = Trojan.Agent!hlnj35hXlTM Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.DownLoader5.60295 Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Kryptik.ANL!tr Jiangmin = Trojan/Pirminay.afh McAfee = Generic Malware.ms F-Secure = Gen:Variant.Rimecud.10 VIPRE = Trojan.Win32.Generic!BT eSafe = Win32.TRCrypt.XPACK AVG = Downloader.Generic11.AJSX Norman = W32/Kryptik.AIF GData = Gen:Variant.Rimecud.10 TheHacker = Trojan/Downloader.Agent.pxo BitDefender = Gen:Variant.Rimecud.10 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2002:08:19 14:28:48-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 28672 Initialized Data Size : 671744 Uninitialized Data Size : 0 Entry Point : 0x720c OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 8.0.7000.0 Product Version Number : 8.0.7000.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Zjkuehate Hahthgdvnro File Description : Zgqvqmvxj Speech Recognition Engine Extensions File Version : 8.0.7000.0 (winmain_win7beta.081212-1400) Internal Name : spsrx.dll Legal Copyright : © Erqasvbcs Crgsknwonkr. All rights reserved. Original Filename : spsrx.dll Product Name : Gafulzxnr® Cuhfllt® Bgmddrvjn Ennerx Product Version : 8.0.7000.0
VirusTotal Report submitted 2012-04-01 04:10:39
VirusShare info last updated 2012-07-26 19:27:48

	MD5	b77b12984744ded950e1430c2427ed96
	SHA1	487345c345b7bdddcb5f8697b5b0124b42e86372
	SHA256	20485aec44322407ca8f1df95a598048bcd1d44f48a0fee63912332d23c11b0c
SSDeep	3072:VpILizyUacgCYI4yZep1nW2eH2Kxos9TCoAZfARjxos7cI:VG3fCefeWKBBIoJxo
Size	131072 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.HDC Panda = Suspicious file nProtect = Trojan/W32.Vundo.131072.D K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!Cvy5zKlRP3w eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R11C2G4 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[Cont] McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.WinSpy.1217 TrendMicro = TROJ_GEN.R11C2G4 Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Vundo Jiangmin = Trojan/Generic.jfgg McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.BKGL Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen Symantec = Trojan.Vundo!gen9 GData = Gen:Variant.Vundo.13 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.lxf BitDefender = Gen:Variant.Vundo.13 NOD32 = probably a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:09:29 14:44:39-04:00 PE Type : PE32 Linker Version : 5.12 Code Size : 69632 Initialized Data Size : 94208 Uninitialized Data Size : 0 Entry Point : 0xdefe OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.5512 Product Version Number : 5.1.2600.5512 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Bxufqhusc Lsyvnozowtk File Description : USB Miniport Driver for Input Devices File Version : 5.1.2600.5512 (xpsp.080413-2108) Internal Name : HIDUSB.SYS Legal Copyright : © Kkwhopsnl Rujmohcknfq. All rights reserved. Original Filename : HIDUSB.SYS Product Name : Fzvycrpqx® Lpjnpml® Lkuzhsgyu Aezppw Product Version : 5.1.2600.5512
VirusTotal Report submitted 2012-03-27 01:49:06
VirusShare info last updated 2012-07-26 19:28:56

	MD5	b91f8ce20394aaca3fb8d163a8ae2ee1
	SHA1	42467b28b48aad2297f61deb7103d7fedb76b978
	SHA256	23264b3b0ac1979ab0ff9e80ee904be1d8fc98a1ababa790c0edd12fa05358da
SSDeep	3072:7K5D/Ov0vlzMqqDLy/39JylPxsI3ToTRs:wcNqqDLutJOz3sd
Size	110592 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-HF [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Suspicious file nProtect = Trojan/W32.Vundo.110592.K K7AntiVirus = Riskware VirusBuster = Trojan.Monder!zVCG4VN04wg VBA32 = Trojan.Monder.drjy TrendMicro-HouseCall = TROJ_GEN.R45C2G8 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Monder.drjy McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.WinSpy.1558 TrendMicro = TROJ_GEN.R45C2G8 Kaspersky = Trojan.Win32.Monder.drjy Microsoft = Trojan:Win32/Vundo.gen!AV ViRobot = Trojan.Win32.A.Monder.110592 Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Monder.abuc McAfee = Generic Malware.ms ClamAV = W32.Trojan.Vundo-23 F-Secure = Gen:Variant.Vundo.16 VIPRE = Trojan.Win32.Kryptik.laq (v) eSafe = Win32.Fakealert.Sesh F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.LPD Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.16 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Monder.drjy BitDefender = Gen:Variant.Vundo.16 NOD32 = a variant of Win32/Kryptik.OXQ
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2005:04:06 18:39:13-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 36864 Initialized Data Size : 118784 Uninitialized Data Size : 0 Entry Point : 0x556e OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Beicdpcut Mnzzaarjswe File Description : Ohdhkiw Sockets Helper DLL for PGM File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : wshrm.dll Legal Copyright : © Xqsuraizv Haciwdbykys. All rights reserved. Original Filename : wshrm.dll Product Name : Csunswwxs® Allcnel® Hxozugebj Izsnff Product Version : 6.1.7600.16385
VirusTotal Report submitted 2012-06-20 02:47:08
VirusShare info last updated 2012-07-26 19:29:05

	MD5	bee8a6c1141012b131a2ff50f71e3952
	SHA1	dce4affc24df328294e317b079a5a2c71c557387
	SHA256	167926c48b9a1d1eb395395cce2650a7a5fe42aff5933a087d9dea17c66b617b
SSDeep	3072:lQAWa4N5n3Ub7PszzaPFu67wOkgefRNmCdilUMmfgHPFsivMqqDLy/CdJm:RsNpkbD9uVF1MmfgH2LqqDLuq
Size	184320 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-HH [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Vundo Panda = Suspicious file K7AntiVirus = Riskware VirusBuster = Trojan.Vundo.Gen!Pac.49 eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R4FC1IC Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Vundo!lf DrWeb = Trojan.Click1.54577 TrendMicro = TROJ_GEN.R4FC1IC Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen McAfee = Vundo!lf F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.ACTC Norman = W32/Suspicious_Gen2.QAMWO Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.llt BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LLT
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2007:02:28 11:10:14-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 106496 Initialized Data Size : 118784 Uninitialized Data Size : 0 Entry Point : 0x162e2 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Disk Management DCOM Interface Stub File Version : 6.0.6000.16386 (vista_rtm.061101-2205) Internal Name : dmintf.dll Legal Copyright : Copyright© 1985-2002 Microsoft Corporation. All rights reserved. .Portions Copyright © 1997-2002 Veritas Software. All rights reserved. Original Filename : dmintf.dll Product Name : Microsoft® Windows® Operating System Product Version : 6.0.6000.16386
VirusTotal Report submitted 2012-03-26 08:42:16
VirusShare info last updated 2012-07-26 19:29:43

	MD5	d7d669d0501d38f41a8743352c43709d
	SHA1	3316729fe48c12719e428966c186fa69c4356944
	SHA256	cd25cc70dc8db87616140a012c382404ca7c91c19483bb317ce44e1b944de2b5
SSDeep	6144:0mqz6v2hP5ZkXHEM21Wek0dhl0NsCCi4m+TfPaw7JAum2noWm:0Bz6v2n23EME7kkwrCi4mkfPaw7yt2n2
Size	320466 bytes
File Type	PE32 executable (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Dldr.Ponmocup.A.117 Avast = Win32:MalOb-IE [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Swisyn Panda = Suspicious file nProtect = Trojan.Generic.5508171 K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_DLOADR.SMWQ Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Downloader-CEW.ag DrWeb = Trojan.WinSpy.1068 TrendMicro = TROJ_DLOADR.SMWQ Kaspersky = Trojan.Win32.Pirminay.qkt Microsoft = TrojanDownloader:Win32/Renos.KC Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.mh McAfee = Downloader-CEW.ag F-Secure = Trojan.Generic.5508171 VIPRE = Trojan.Win32.Generic!BT AVG = Generic21.ADEX Norman = W32/Suspicious_Gen2.LOOTV Sophos = Troj/Virtum-Gen GData = Trojan.Generic.5508171 Symantec = Trojan.Gen TheHacker = Trojan/Pirminay.dok BitDefender = Trojan.Generic.5508171 NOD32 = a variant of Win32/Kryptik.LED
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:13 04:15:53-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 20480 Initialized Data Size : 585728 Uninitialized Data Size : 0 Entry Point : 0x5080 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.0.0.3422 Product Version Number : 2.0.0.3422 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : Turkish Character Set : Unicode Comments : Company Name : Microsoft Corporation File Description : Microsoft Agent International Dll File Version : 2.00.0.3422 Internal Name : agt041F Legal Copyright : Copyright (C) Microsoft Corp. 1999 Legal Trademarks : Original Filename : agt041F.dll Private Build : Product Name : Microsoft Agent International Dll Product Version : 2.00.0.3422 Special Build :
VirusTotal Report submitted 2012-03-28 19:55:26
VirusShare info last updated 2012-07-26 19:32:40

	MD5	db53c646b3145407649baef1a0be1eb4
	SHA1	c08abe86558dda0af03a707a9b11e4615df74f63
	SHA256	b702c2c58a0f8b2ab67c8f989863f687543a20693553bcf58b69dd12e2ff1ad7
SSDeep	6144:2LSV4UBs2P8UwC4iWDUWwLjvh9uA0sJ5LjcdhNsJXTw:G3P2P8UymW4V0c9j4NmXTw
Size	397967 bytes
File Type	PE32 executable (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.11.21 Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!232liYuXUZM TrendMicro-HouseCall = TROJ_GEN.R11C2FB Emsisoft = Trojan.Win32.Pirminay!IK Comodo = TrojWare.Win32.Trojan.Agent.Gen McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.DownLoader5.35762 TrendMicro = TROJ_GEN.R11C2FB Kaspersky = Trojan.Win32.Pirminay.qlt Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Kryptik.ANL!tr Jiangmin = Trojan/Pirminay.agy McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.11 VIPRE = Trojan.Win32.Generic!BT AVG = Generic22.AUPJ Norman = W32/Obfuscated.L Sophos = Mal/Generic-L GData = Gen:Variant.Vundo.11 TheHacker = Trojan/Pirminay.qxf BitDefender = Gen:Variant.Vundo.11 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:05:17 15:49:55-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 24576 Initialized Data Size : 692224 Uninitialized Data Size : 0 Entry Point : 0x3916 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6001.18000 Product Version Number : 6.0.6001.18000 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Iysbwrpkq Ftaevrvqvdq File Description : Remote Sessions CPL Extension File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840) Internal Name : remotepg.dll Legal Copyright : © Tnyrknmzl Wzbjaiscrmi. All rights reserved. Original Filename : remotepg.dll Product Name : Iavvmkare® Hbmkbhf® Llqyuumqg Qcjkzc Product Version : 6.0.6001.18000
VirusTotal Report submitted 2012-03-28 20:48:27
VirusShare info last updated 2012-07-26 19:33:02

	MD5	ed77bfe6a10bd460e9bedc4722f775f7
	SHA1	307015ad93e9fec8d3e529d14a8840a435b76584
	SHA256	b39545e9109e10fe3b59b905fca9420d54f1813f00d38e8c982423ee51028314
SSDeep	6144:oKUmkyrqW43X82MBJliNoQ2pZKrqXkrWG5EIFduY2HN6kvUWVcW+Re:o4Jrql83HiWcJrWKzFd52HtqRe
Size	414362 bytes
File Type	PE32 executable (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Pirminay.gqa Avast = Win32:Vundo-JU [Trj] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Suspicious file nProtect = Trojan.Generic.5910408 K7AntiVirus = Riskware VirusBuster = Trojan.Agent!ApHO/Gjh4SE TrendMicro-HouseCall = TROJ_GEN.R11C2F3 Emsisoft = Trojan.Win32.Pirminay!IK Comodo = TrojWare.Win32.Trojan.Agent.Gen SUPERAntiSpyware = Trojan.Agent/Gen-Faldesc[Cont] McAfee-GW-Edition = Artemis!ED77BFE6A10B DrWeb = Trojan.DownLoader5.20210 TrendMicro = TROJ_GEN.R11C2F3 Kaspersky = Trojan.Win32.Pirminay.qgg Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.aai McAfee = Artemis!ED77BFE6A10B F-Secure = Trojan.Generic.5910408 VIPRE = Trojan.Win32.Generic!BT F-Prot = W32/Ponmocup.A.gen!Eldorado AVG = Generic22.AOJJ Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Trojan.Generic.5910408 Symantec = Trojan.Gen Commtouch = W32/Ponmocup.A.gen!Eldorado TheHacker = Trojan/Pirminay.gpt BitDefender = Trojan.Generic.5910408 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2004:08:14 16:02:39-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 393216 Initialized Data Size : 376832 Uninitialized Data Size : 0 Entry Point : 0x5d13f OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.0.0.3422 Product Version Number : 2.0.0.3422 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : Rwpzfnuen Ixenjcpailv File Description : Tuqoacgjy Character Animation Data Provider File Version : 2.00.0.3422 Internal Name : AgentDataProvider2 Legal Copyright : Copyright (C) Wdwyviyca Corp. 1997-98 Legal Trademarks : Original Filename : AgentDp2.dll Private Build : Product Name : Iwfmdayhn Character Animation Data Provider Product Version : 2.00.0.3422 Special Build :
VirusTotal Report submitted 2012-03-28 20:58:25
VirusShare info last updated 2012-07-26 19:35:39

	MD5	f362e88aea1080fd8580dec8fe7a208a
	SHA1	dcd0ff5ebd8238bb448761dead489b39b413c4b0
	SHA256	058861d67df72f609dfe3d68f733542360c775dd26eba5231d6bd9bbce4b3559
SSDeep	1536:31LYR9gx1BbogBLCI1B8v4FFu/sk7oj2/klgWUv9Hx8UpEEc+EPjVcn1I:O6x3NBLp4cWNlMlj6TJDEPjOn1
Size	110592 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.307200 Avast = Win32:MalOb-GD [Cryp] Antiy-AVL = Trojan/Win32.Monder.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder nProtect = Trojan.Generic.6775685 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!EmLjYTR27Nc eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R21C1JR Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Monder.mvoz McAfee-GW-Edition = Vundo!la DrWeb = Trojan.WinSpy.1558 TrendMicro = TROJ_GEN.R21C1JR Kaspersky = Trojan.Win32.Monder.mvoz Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Monder.aduk McAfee = Vundo!la F-Secure = Trojan.Generic.6775685 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CD.gen!Eldorado AVG = Generic22.ACAA Norman = W32/Kryptik.AIF Symantec = Trojan.Gen GData = Trojan.Generic.6775685 Commtouch = W32/Virtumonde.CD.gen!Eldorado BitDefender = Trojan.Generic.6775685 NOD32 = probably a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2007:01:31 16:15:15-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 53248 Initialized Data Size : 90112 Uninitialized Data Size : 0 Entry Point : 0xaac5 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1999.9.3421.3 Product Version Number : 3.0.0.3421 File Flags Mask : 0x003f File Flags : Special build File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Windows, Latin1 Company Name : Ekuoyslub Mlsuueafpiw File Version : 1999.9.3421.3 Internal Name : MFCSUBS.DLL Legal Copyright : Copyright (C) Olifjcruj Corp. 1995-1999 Legal Trademarks : Ukkghmnjl(R) is a registered trademark of Sybvdwoqx Clknkdghvgk. Tsvigxh(TM) is a trademark of Wigzrfogf Jpvvoslojml Product Name : COM Services Product Version : 03.00.00.3421
VirusTotal Report submitted 2012-03-26 08:46:20
VirusShare info last updated 2012-07-26 19:36:28

	MD5	f4a5e6c75826aaad775987cfaf2f72a0
	SHA1	58e2bc705dfa81288e3864ad363590c6287f3c7f
	SHA256	b6a2bd2c419ce4ec99e5736c4f7a6f6e408b849ca127a3afce7a098e816668e5
SSDeep	6144:rMR2JpitKSHIdY1KBnOjyFiCD6YSVAZf6a4tVIwYjg/1ev7a3xbR1wcoP/6EIO:rmYpitlIdYwOmFiCD6Puf6a4tSQFhbDU
Size	385072 bytes
File Type	PE32 executable (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Crypt.XPACK.Gen3 Avast = Win32:Kryptik-CEH [Trj] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Pirminay.385072 Panda = Suspicious file nProtect = Trojan.Generic.5860605 K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_GEN.R4FC1IB Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Generic Downloader.x!gay DrWeb = Trojan.DownLoader5.35686 TrendMicro = TROJ_GEN.R4FC1IB Kaspersky = Trojan.Win32.Pirminay.rat Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = PossibleThreat PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.aky McAfee = Generic Downloader.x!gay F-Secure = Trojan.Generic.5860605 VIPRE = Trojan.Win32.Generic!BT F-Prot = W32/Ponmocup.A.gen!Eldorado AVG = Generic22.ACWR Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Trojan.Generic.5860605 Symantec = Trojan.Gen Commtouch = W32/Ponmocup.A.gen!Eldorado TheHacker = Trojan/Pirminay.gqs BitDefender = Trojan.Generic.5860605 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:09:19 03:34:23-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 356352 Initialized Data Size : 335872 Uninitialized Data Size : 0 Entry Point : 0x5493f OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.0.0.3422 Product Version Number : 2.0.0.3422 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : Czech Character Set : Unicode Comments : Company Name : Microsoft Corporation File Description : Microsoft Agent International Dll File Version : 2.00.0.3422 Internal Name : agt0405 Legal Copyright : Copyright (C) Microsoft Corp. 1999 Legal Trademarks : Original Filename : agt0405.dll Private Build : Product Name : Microsoft Agent International Dll Product Version : 2.00.0.3422 Special Build :
VirusTotal Report submitted 2012-03-26 07:48:42
VirusShare info last updated 2012-07-26 19:36:38

	MD5	f67625605b60a6b633a58c34ec214969
	SHA1	416f9de14eadf51583e5aac0e9c07dfe923e293d
	SHA256	6687db2bc5c029881221bfe00254e211e6c213448f49adc6e6960abcf7fd8c5a
SSDeep	3072:VjwfAl71ohvLyp0cktECiHr+A+sF8QiVAAvnONUlJeN2DNxOve:VLmhDyKcbSAcQi3PONEBDNx
Size	204800 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.307200 Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.HDC Panda = Suspicious file Rising = Trojan.Win32.Generic.12BCD996 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!bIypu8Degd4 eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R29C1IA Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.WinSpy.1337 TrendMicro = TROJ_GEN.R29C1IA Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.iqzo McAfee = Generic Malware.ms F-Secure = Gen:Variant.Hiloti.2 VIPRE = Virtumonde F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.AVLF Norman = W32/Suspicious_Gen2.PZXPM Sophos = Troj/Virtum-Gen GData = Gen:Variant.Hiloti.2 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Gen:Variant.Hiloti.2 NOD32 = a variant of Win32/Kryptik.NDP
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:04:10 20:45:14-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 139264 Initialized Data Size : 94208 Uninitialized Data Size : 0 Entry Point : 0x1eed5 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.5512 Product Version Number : 5.1.2600.5512 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Pccyrhoip Tbqmbwpyydl File Description : DLL Interface to TermDD Device Driver File Version : 5.1.2600.5512 (xpsp.080413-2111) Internal Name : icaapi.dll Legal Copyright : © Wrzlkstiy Nvjrgyiwjfa. All rights reserved. Original Filename : icaapi.dll Product Name : Xwlaypwyy® Bcakvkz® Fmmfypgnn Vkqght Product Version : 5.1.2600.5512
VirusTotal Report submitted 2012-03-26 06:19:10
VirusShare info last updated 2012-07-26 19:36:48

	MD5	fb86423291d2c630be9730cc27c72e50
	SHA1	635cebad21396bdae198deff1c06426b14f11b99
	SHA256	1bbbd7c9bf1ba5ab98242adb91dccbcf3b8822150b2dca8ce02b1983eca16891
SSDeep	1536:XFn9fwfuqI45HM4HG+GaV5gxXolN7gyQzBE9C2ejLn8Zd8pG+I:1G5HMuGRolN7vK2QYZd8ppI
Size	70656 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!J3639Z+U9aw eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R29C1IA Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Vundo!kz DrWeb = Trojan.Click1.60688 TrendMicro = TROJ_GEN.R29C1IA Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen McAfee = Vundo!kz F-Secure = Gen:Variant.Graftor.310 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.APVO Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Graftor.310 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.ndp BitDefender = Gen:Variant.Graftor.310 NOD32 = probably a variant of Win32/Kryptik.SYI
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:05:10 03:51:51-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 24576 Initialized Data Size : 90112 Uninitialized Data Size : 0 Entry Point : 0x32e1 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.44.2.32 Product Version Number : 6.44.2.32 File Flags Mask : 0x003f File Flags : Private build File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Unicode Company Name : LSI Logic Corporation File Description : MegaRAID RAID Controller Driver for Qikzzbt Server 2003 for x86 File Version : 6.44.2.32 (NT.040809-2325) Internal Name : mraid35x.sys Legal Copyright : Copyright © LSI Logic Jofzefivxlc Original Filename : mraid35x.sys Product Name : MegaRAID Miniport Driver for Gviblmu Server 2003 for x86 Product Version : 6.44.2.32
VirusTotal Report submitted 2012-03-26 08:47:05
VirusShare info last updated 2012-07-26 19:37:24

	MD5	00cfde6805c70e581d5899bd469508d4
	SHA1	de5d5b2b77df530fa6dbc58100be81e32bee2760
	SHA256	5c811ddd0ec3c6593a7d376064c114e05f531aeb27ea91d38a8b8ca896df6249
SSDeep	6144:9eEGbdH+SdcZuihMljj2zqs2SPYUzS8YwCpetrg5iyZjpz8KatX7z87R:9ehvSrqpOYVRwCpAg5iyZjpgX7z4
Size	361984 bytes
File Type	PE32 executable (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Crypt.XPACK.Gen Avast = Win32:Kryptik-CGZ [Trj] Ikarus = Trojan-Downloader.Win32.Ponmocup AhnLab-V3 = Win-Trojan/Pirminay.361984.F Panda = Generic Trojan Rising = Trojan.Win32.Fednu.cel nProtect = Trojan/W32.Pirminay.361984 K7AntiVirus = Trojan VirusBuster = Trojan.Pirminay!B5Oo3g3Pn84 VBA32 = Trojan.Pirminay.glk TrendMicro-HouseCall = TROJ_RENOS.BMC Emsisoft = Trojan-Downloader.Win32.Ponmocup!IK Comodo = TrojWare.Win32.Trojan.Agent.Gen McAfee-GW-Edition = Heuristic.BehavesLike.Win32.Suspicious.H DrWeb = Trojan.DownLoader2.53233 TrendMicro = TROJ_RENOS.BMC Kaspersky = Trojan.Win32.Pirminay.glk Microsoft = TrojanDownloader:Win32/Ponmocup.A ViRobot = Trojan.Win32.A.Pirminay.361984 Fortinet = W32/Kryptik.ANL!tr PCTools = HeurEngine.MaliciousPacker TotalDefense = Win32/Agent.ARH Jiangmin = Trojan/Pirminay.wz McAfee = Generic Malware.ms F-Secure = Trojan.Generic.KDV.215061 VIPRE = Trojan.Win32.Generic!BT AVG = Generic22.AITQ Norman = W32/Obfuscated.L Sophos = Troj/Agent-RML GData = Trojan.Generic.KDV.215061 Symantec = Packed.Generic.305 TheHacker = Trojan/Pirminay.glk BitDefender = Trojan.Generic.KDV.215061 NOD32 = Win32/Qhost.NRX
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:11:08 02:25:22-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 32768 Initialized Data Size : 634880 Uninitialized Data Size : 0 Entry Point : 0x7f06 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Bnouhtuon Jtthpieyllr File Description : Modem Monitor Applet File Version : 5.1.2600.0 (yrqtwofq.010817-1148) Internal Name : LIGHTS Legal Copyright : © Ipsulggif Jzirqtswkjr. All rights reserved. Original Filename : LIGHTS.EXE Product Name : Aqbqnkhjo® Rbotyci® Pqnogelfp Klidem Product Version : 5.1.2600.0
VirusTotal Report submitted 2012-07-05 18:51:08
VirusShare info last updated 2012-07-26 19:44:32

	MD5	c37d4b26fb0369fb476289cb30568e9e
	SHA1	f9974d0692743fd392afca5317aa765ed198c16d
	SHA256	068ac5396d139f9ce2417bd97a45314cc1c1b8c6296a05e51d8f964b5a29a1c4
SSDeep	1536:E9WN7l+FJxsvhC7FoLezHAcDzS//oQpZaiA1m:EKzI2ejAcCrZK1m
Size	77824 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.AV.86 Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Suspicious file nProtect = Trojan/W32.Agent.77824.ANL K7AntiVirus = Trojan VBA32 = AdWare.SuperJuan.heur TrendMicro-HouseCall = TROJ_GEN.R72CDAD Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Vundo.Gen McAfee-GW-Edition = Artemis!C37D4B26FB03 DrWeb = Trojan.Virtumod.9924 TrendMicro = TROJ_GEN.R72CDAD Kaspersky = Trojan.Win32.Monder.nnhi Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Menti.fam!tr PCTools = Trojan.Vundo TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Monder.gzi McAfee = Artemis!C37D4B26FB03 F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic26.BODC Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = Trojan.Vundo!gen9 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.kfj BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.KFJ
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:11:23 22:11:14-05:00 PE Type : PE32 Linker Version : 5.12 Code Size : 57344 Initialized Data Size : 49152 Uninitialized Data Size : 0 Entry Point : 0xe464 OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.0.2159.1 Product Version Number : 5.0.2159.1 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Metering Controls File Version : 5.00.2159.1 Internal Name : AVMETER Legal Copyright : ©1998 Active Voice Corporation. All rights reserved. Original Filename : AVMETER Product Name : Microsoft(R) Windows (R) 2000 Operating System Product Version : 5.00.2159.1
VirusTotal Report submitted 2012-07-04 08:18:06
VirusShare info last updated 2012-07-26 19:46:40

	MD5	48d58772b3b7d2f978506de6a726c8ce
	SHA1	7e53d7c54ad2a014f03259f9b89ccd6c324828fd
	SHA256	0eb94952fdf42e45f6b6a4e7c5e3879bd86ac0c9d1710f4c1c9c9a251009f1b7
SSDeep	6144:jP9NuZSPKFF3SXFGBJnoPtsfbY2m9RJcKFf6JU1OSO:jVcs0Fi1GL3fqe+0
Size	226304 bytes
File Type	PE32 executable (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Crypt.ZPACK.Gen Avast = Win32:Downloader-ITP [Trj] Ikarus = Trojan.Win32.Jorik AhnLab-V3 = Trojan/Win32.Jorik Panda = Trj/CI.A nProtect = Trojan.Generic.KDV.294510 K7AntiVirus = Trojan VirusBuster = Trojan.DL.Agent!BTTuC3URMvk VBA32 = Trojan.Jorik.Pirminay.be TrendMicro-HouseCall = TROJ_RENOS.BMC Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Jorik!IK CAT-QuickHeal = Trojan.Jorik.Pirminay.bs McAfee-GW-Edition = Heuristic.LooksLike.Win32.Suspicious.B DrWeb = Trojan.DownLoader4.17262 TrendMicro = TROJ_RENOS.BMC Kaspersky = Trojan.Win32.Jorik.Pirminay.bs Microsoft = TrojanDownloader:Win32/Renos.KC Fortinet = W32/Jorik.K!tr PCTools = Downloader.Generic Jiangmin = Trojan/Generic.hxys McAfee = Artemis!48D58772B3B7 F-Secure = Trojan.Generic.KDV.294510 VIPRE = Trojan.Win32.Generic!BT AVG = SHeur3.CKHO Norman = W32/Kryptik.ALS Sophos = Mal/Ponmocup-C GData = Trojan.Generic.KDV.294510 Symantec = Downloader TheHacker = Trojan/Jorik.Pirminay.bs BitDefender = Trojan.Generic.KDV.294510 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 16384 Initialized Data Size : 217088 Uninitialized Data Size : 0 Entry Point : 0x135e OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : Chinese (Traditional) Character Set : Unicode Company Name : Zsrgmucrq Gvwyqwxbhck File Description : Generic IME 5.0 version File Version : 5.1.2600.0 (mfpqpkzr.010817-1148) Internal Name : Generic IME Legal Copyright : c Wpogpexsi Mndjoshejss. All rights reserved. Original Filename : UNIIME.DLL Product Name : FwfkddijzR AtyrkxwR Elpekrppu Zpuevp Product Version : 5.1.2600.0 Warning : Possibly corrupt Version resource
VirusTotal Report submitted 2012-07-04 10:23:55
VirusShare info last updated 2012-07-26 19:49:31

	MD5	1396ef46adc990be4c514ff6325162a7
	SHA1	a05bd5ac1f8e5cb3e84d436d84b1f8a091ffc0e9
	SHA256	8ec81ef6eb5d3c86af7ecf7116f417917ff90b1e2072c378a207cc55652c175f
SSDeep	1536:wBJ9M3fuqx45AM4HG+GaV5guXolN7gyQzBE9C2ejLn8Zd80G+I:A5AMuG6olN7vK2QYZd80pI
Size	70656 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/CI.A nProtect = Trojan.Generic.6376501 K7AntiVirus = Trojan VirusBuster = Trojan.Kryptik!CQjKll3Kkwk TrendMicro-HouseCall = TROJ_GEN.R4FC1KO Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Artemis!1396EF46ADC9 DrWeb = Trojan.Click1.60688 TrendMicro = TROJ_GEN.R4FC1KO Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Genome.bpac McAfee = Artemis!1396EF46ADC9 F-Secure = Trojan.Generic.6376501 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.APVO Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Trojan.Generic.6376501 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.ndp BitDefender = Trojan.Generic.6376501 NOD32 = probably a variant of Win32/Kryptik.SYI
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:05:10 03:51:51-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 24576 Initialized Data Size : 90112 Uninitialized Data Size : 0 Entry Point : 0x32e1 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.44.2.32 Product Version Number : 6.44.2.32 File Flags Mask : 0x003f File Flags : Private build File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Unicode Company Name : LSI Logic Corporation File Description : MegaRAID RAID Controller Driver for Qikzzbt Server 2003 for x86 File Version : 6.44.2.32 (NT.040809-2325) Internal Name : mraid35x.sys Legal Copyright : Copyright © LSI Logic Jofzefivxlc Original Filename : mraid35x.sys Product Name : MegaRAID Miniport Driver for Gviblmu Server 2003 for x86 Product Version : 6.44.2.32
VirusTotal Report submitted 2012-07-06 10:54:59
VirusShare info last updated 2012-07-26 19:51:27

	MD5	1f880372abd38d36478bf27892c8c71d
	SHA1	bc0e4db472842b571a3bea1dba791c621f8b2204
	SHA256	dc4103108108f9f322da10f11a02ab04f135c9217de47cf17c15429a8df6214a
SSDeep	3072:6N2YagYSq6xcUS/u7Psjv5oNRoo6GYyesdQcBMAk+gAc3leH:6N2YJ6q7PuRdxyGcBMAfgjk
Size	135168 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.AV.574 Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Genome Panda = Generic Malware nProtect = Trojan/W32.Vundo.135168.B K7AntiVirus = Trojan VirusBuster = Trojan.Kryptik!sWmVglJexxI Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.WinSpy.1229 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Moder.DRJY!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Generic.irkc McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.13 VIPRE = Virtumonde F-Prot = W32/Virtumonde.CD.gen!Eldorado AVG = Generic22.BZCG Norman = W32/Suspicious_Gen2.QDMHJ Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.13 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CD.gen!Eldorado TheHacker = Trojan/Kryptik.llt BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.LLT
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:11:23 12:22:02-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 106496 Initialized Data Size : 61440 Uninitialized Data Size : 0 Entry Point : 0x17889 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.0 Product Version Number : 5.2.3790.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Neshbidro Gdaeuxfmozv File Description : WIA Video File Version : 5.2.3790.0 (srv03_rtm.030324-2048) Internal Name : WIA Video Legal Copyright : © Urbjjpmzq Gjltvmzbric. All rights reserved. Original Filename : WIAVIDEO.DLL Product Name : Ujanimkrv® Acjdkou® Tgwygwffc Lgwmsd Product Version : 5.2.3790.0
VirusTotal Report submitted 2012-07-08 17:48:36
VirusShare info last updated 2012-07-26 19:56:03

	MD5	2295cd4509f5f79faeb56b7446ddd737
	SHA1	cff67d2824a1302e026ea3893abd1546c68fbe2e
	SHA256	55a36ab30a1a77662c4acf3323a078b96a753df78c9b15c239c9ebe5766cadef
SSDeep	1536:3PGz7Ykp6j2i5TNrtC8xEAG6XijYQLERpK2iKAXM3QGo6UC/1tJ:+YkUhpxjXiwfQGoZC/fJ
Size	114176 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.AV.572 Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.FakeAV Panda = Trj/Genetic.gen K7AntiVirus = Trojan VirusBuster = Trojan.Monder!DGuFHnygBSU VBA32 = Trojan.Monder.drjy TrendMicro-HouseCall = TROJ_MONDR.SMUM Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Artemis!2295CD4509F5 DrWeb = Trojan.Virtumod.9851 TrendMicro = TROJ_MONDR.SMUM Kaspersky = Trojan.Win32.Monder.drjy Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Monder.BMF!tr PCTools = Trojan.Vundo TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Monder.aamm McAfee = Artemis!2295CD4509F5 F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.CFBI Norman = Monder.M Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.13 Symantec = Trojan.Vundo!gen9 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.lxf BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:06:17 01:37:32-04:00 PE Type : PE32 Linker Version : 5.12 Code Size : 57344 Initialized Data Size : 102400 Uninitialized Data Size : 0 Entry Point : 0xafd6 OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 9.0.32.3 Product Version Number : 9.0.32.3 File Flags Mask : 0x003f File Flags : Pre-release File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 6 Language Code : English (U.S.) Character Set : Unicode Company Name : Marvell File Description : NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller File Version : 9.0.32.3 built by: WinDDK Internal Name : YK60X86.sys Legal Copyright : ©Copyright 2002-2006 Marvell®. All rights reserved. Original Filename : YK60X86.sys Product Name : Marvell Yukon Ethernet Controller Product Version : 9.0.32.3
VirusTotal Report submitted 2012-07-05 16:34:09
VirusShare info last updated 2012-07-26 19:57:20

	MD5	22ee4c611ab2716fd42fa79aa6323188
	SHA1	39b3702cff3d2acc50ce3b7058ce3dd3fd283efa
	SHA256	ba681e6bd8c019236e08b6056209d2d98aa54215f955c37d5fa2943a5be84cb9
SSDeep	3072:q5jQ2xIJhd7tyGrImSVOrsIl/vVSbu/yf34:yjQKy1rF1snum3
Size	131072 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Trj/Genetic.gen nProtect = Trojan/W32.Agent.131072.ALD K7AntiVirus = Trojan VirusBuster = Trojan.Monder!aoS4oxlK/R0 VBA32 = Trojan.Monder.nqzj TrendMicro-HouseCall = TROJ_GEN.R4FC1L5 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Win32.Vundo.av5.AD SUPERAntiSpyware = Trojan.Agent/Gen-Vundo McAfee-GW-Edition = Heuristic.BehavesLike.Win32.Suspicious.H DrWeb = Trojan.Virtumod.10435 TrendMicro = TROJ_GEN.R4FC1L5 Kaspersky = Trojan.Win32.Monder.nqzj Microsoft = Trojan:Win32/Vundo.gen!AV ViRobot = Trojan.Win32.Vundo.131072 Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Monder.adnn McAfee = Artemis!22EE4C611AB2 F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Vundo.pa (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.AQDY Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.llt BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LLT
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:14 23:59:26-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 61440 Initialized Data Size : 102400 Uninitialized Data Size : 0 Entry Point : 0xc09d OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1.0.0.1 Product Version Number : 1.0.0.1 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode File Description : igfxTMM Module File Version : 1, 0, 0, 1 Internal Name : igfxTMM Legal Copyright : Copyright 2006 Original Filename : igfxTMM.DLL Product Name : igfxTMM Module Product Version : 1, 0, 0, 1
VirusTotal Report submitted 2012-07-06 23:28:25
VirusShare info last updated 2012-07-26 19:57:24

	MD5	27aa08d113034eae5565fe2e8813a01e
	SHA1	9cef109fb1a73439dddca04b756e60720828819a
	SHA256	4b953e077b245de00a01173066334e65185f6bcbbfd162a3975abb46cf222449
SSDeep	6144:TTUyAs15d/3BfydG/wyBMUyAg8jId0a3kPx/GA6UerC26ie+T5SvCtWR8:/53B6GnBMUQyaUZGAjLvC8a
Size	363452 bytes
File Type	PE32 executable (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Crypt.XPACK.Gen Avast = Win32:Dropper-gen [Drp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Pirminay.363452 Panda = Trj/CI.A K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!SwtpIwwljRQ VBA32 = Trojan.Pirminay.hml TrendMicro-HouseCall = TROJ_RENOS.BMC Emsisoft = Trojan.Win32.Pirminay!IK Comodo = TrojWare.Win32.Trojan.Agent.Gen McAfee-GW-Edition = Downloader.a!ck DrWeb = Trojan.DownLoader4.46321 TrendMicro = TROJ_RENOS.BMC Kaspersky = Trojan.Win32.Pirminay.hml Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Kryptik.ANL!tr PCTools = Downloader.Generic Jiangmin = Trojan/Pirminay.agv McAfee = Downloader.a!ck F-Secure = Gen:Variant.Vundo.5 VIPRE = Trojan.Win32.Generic!BT AVG = Generic22.ANYC Norman = W32/Obfuscated.L Sophos = Mal/Ponmocup-A GData = Gen:Variant.Vundo.5 Symantec = Downloader TheHacker = Trojan/Pirminay.goj BitDefender = Gen:Variant.Vundo.5 NOD32 = a variant of Win32/Kryptik.LLT
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:03:30 21:37:48-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 65536 Initialized Data Size : 589824 Uninitialized Data Size : 0 Entry Point : 0xcc6b OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.0.2195.6620 Product Version Number : 5.0.2195.6620 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Gthapoftv Nkvupyqcxix File Description : IIS Log File Conversion Utility File Version : 5.00.2195.6620 Internal Name : convlog.exe Legal Copyright : Copyright (C) Rpruciyyz Corp. 1981-1999 Original Filename : convlog.exe Product Name : Nihezboez(R) Jsfokgn (R) 2000 Xwnmsixqj Rzhtlp Product Version : 5.00.2195.6620
VirusTotal Report submitted 2012-07-05 13:47:01
VirusShare info last updated 2012-07-26 19:58:38

	MD5	291cc332dd9356d3accb69c3055627ce
	SHA1	9a950fe0d1e4108654c2b353a74b3b9eea3273ec
	SHA256	8fbe08ee75e8ee01b95b8f595cd40c74f54904ae38475032e7b90acf1de123ed
SSDeep	3072:K8QRUX/e2peL3h1lIHXgbWhEirffflavcIACjg0YcYmbRIryLcfBq8d5VOOW:bGtj+k4nocaYJmbRrGBqeW
Size	102912 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.307200 Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Vundo Panda = Trj/Genetic.gen nProtect = Trojan/W32.Vundo.102912.C K7AntiVirus = Trojan VirusBuster = Trojan.Vundo!LZzqH3B4GcQ TrendMicro-HouseCall = TROJ_GEN.R4FC2I8 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.Smardec.82 TrendMicro = TROJ_GEN.R4FC2I8 Kaspersky = HEUR:Trojan.Win32.Generic ViRobot = Trojan.Win32.Vundo.102912 Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Generic.gddy McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CD.gen!Eldorado AVG = Generic22.BFHJ Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.13 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CD.gen!Eldorado TheHacker = Trojan/Kryptik.lxf BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:08:15 19:44:32-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 53248 Initialized Data Size : 90112 Uninitialized Data Size : 0 Entry Point : 0xa8a5 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6001.18000 Product Version Number : 6.0.6001.18000 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Crspatyrt Iiavhzuekfy File Description : Inttonhuv EAPHost Peer Client DLL File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840) Internal Name : eappprxy.dll Legal Copyright : © Tmzeezucf Orpcjqwwmcj. All rights reserved. Original Filename : eappprxy.dll Product Name : Egasnptin® Klrcaac® Cbpvxbcoj Nvuogg Product Version : 6.0.6001.18000
VirusTotal Report submitted 2012-07-06 11:19:04
VirusShare info last updated 2012-07-26 19:58:57

	MD5	4e9887a9f2aa547370fc297b34971d16
	SHA1	e5cd771249eb8e00c38fc858fab27c0b3112c833
	SHA256	c190cc1336c3ae53132d870232ce500635f346579b737d306413182d0a7878d6
SSDeep	12288:wXkjfAo+00LmgYNOH0nRZPhIfpoCTJHdN+/p:mo+1mgYOH0nnhjgrN+/p
Size	401876 bytes
File Type	PE32 executable (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Spy.401845 Avast = Win32:Kryptik-BLF [Trj] Ikarus = Trojan.Win32.Pirminay Panda = Trj/CI.A VirusBuster = Trojan.Agent!GQTD9pITbks Comodo = TrojWare.Win32.Trojan.Agent.Gen Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Heuristic.BehavesLike.Win32.Suspicious.H DrWeb = Trojan.DownLoader4.47727 Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.tt McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.11 VIPRE = Trojan.Win32.Generic!BT AVG = Generic22.BR Norman = W32/Kryptik.AIF Sophos = Mal/Ponmocup-C Symantec = Trojan.Gen GData = Gen:Variant.Vundo.11 TheHacker = Trojan/Pirminay.fdt BitDefender = Gen:Variant.Vundo.11 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:12 14:13:41-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 77824 Initialized Data Size : 630784 Uninitialized Data Size : 0 Entry Point : 0x1318c OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Unicode Company Name : Nuawdfuth Vvjeavkgphw File Description : Virtual WiFi Bus Driver File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : VWiFiBus.sys Legal Copyright : © Irxrlzomg Svalqtoyspi. All rights reserved. Original Filename : VWiFiBus.sys Product Name : Rjpeyzlhi® Doeeaff® Vmkslwdyo Xhlqwh Product Version : 6.1.7600.16385
VirusTotal Report submitted 2012-07-07 07:09:32
VirusShare info last updated 2012-07-26 20:07:28

	MD5	5130c1da2fc46cad98427e6eb372d8fc
	SHA1	bf0b8cbad420315bb61b7d8c06f3a9c7ab40b1c7
	SHA256	619aa09aed0e497a30c4988ce08af4cb46b03e6be972e9456a2a508e0f790491
SSDeep	12288:cvjCbbiWwqrN0fSQMOgWCusO0E7RzrNdnSQvgA:kj47QM2CuswzrNdjYA
Size	393627 bytes
File Type	PE32 executable (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Crypt.XPACK.Gen Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.ADH Panda = Trj/CI.A K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!yWq0J5OhxIA TrendMicro-HouseCall = TROJ_RENOS.BMC Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Agent.nq McAfee-GW-Edition = Generic Malware.ms TrendMicro = TROJ_RENOS.BMC Kaspersky = UDS:DangerousObject.Multi.Generic Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.ADH McAfee = Generic Malware.ms F-Secure = Gen:Variant.Zbot.34 VIPRE = Trojan.Win32.Generic!BT AVG = Generic27.AOIQ Norman = W32/Suspicious_Gen4.UNFX GData = Gen:Variant.Zbot.34 Symantec = Trojan.ADH BitDefender = Gen:Variant.Zbot.34 NOD32 = a variant of Win32/Kryptik.NHO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:08:07 02:21:34-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 380928 Initialized Data Size : 319488 Uninitialized Data Size : 0 Entry Point : 0x5a10b OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7000.0 Product Version Number : 6.1.7000.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 6 Language Code : English (U.S.) Character Set : Unicode Company Name : Jfszqkofp Jnjraawccyu File Description : Virtual NDIS5 Miniport File Version : 6.1.7000.0 (winmain_win7beta.081212-1400) Internal Name : netvsc50.sys Legal Copyright : © Gdkmhazqu Ksgvovdnkia. All rights reserved. Original Filename : netvsc50.SYS Product Name : Lzwcqmgkp® Syxhhvp® Fxgzlgjbl Qkkbpq Product Version : 6.1.7000.0
VirusTotal Report submitted 2012-07-05 20:17:56
VirusShare info last updated 2012-07-26 20:08:04

	MD5	571298ba35f40e6171c022e11acd5763
	SHA1	acfea6268faf1fab709a02c0bf5242413fde32f1
	SHA256	ee088b279a66da4f92583fb253072544fdb43e9cef7cee9f009c7f68fa7f5157
SSDeep	1536:g+3GnzdTq/odN3qQcSS5W1yiWhvwByqIz1x:g+wSoPaRDLqI5x
Size	106496 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-GD [Cryp] Antiy-AVL = Trojan/Win32.Monder.gen Ikarus = Trojan.Win32.Pirminay Panda = Trj/CI.A K7AntiVirus = Trojan VirusBuster = Trojan.Kryptik!vqsLYcVOJLA TrendMicro-HouseCall = TROJ_GEN.R4FC1IA Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Win32.Trojan.Monder.cc.5 McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.Smardec.76 TrendMicro = TROJ_GEN.R4FC1IA Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Monder.BMF!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Generic.ipss McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CP.gen!Eldorado AVG = Generic22.ACPU Norman = W32/Kryptik.AIF Symantec = Trojan.Gen.2 GData = Gen:Variant.Vundo.13 Commtouch = W32/Virtumonde.CP.gen!Eldorado TheHacker = Trojan/Kryptik.ndc BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.NDC
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:11:03 15:11:13-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 20480 Initialized Data Size : 118784 Uninitialized Data Size : 0 Entry Point : 0x285e OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Ctwzhcunz Yqkslirlifg File Description : SCardDlg - Smart Card Common Dialog File Version : 6.0.6000.16386 (oyzlh_rtm.061101-2205) Internal Name : SCardDlg.dll Legal Copyright : © Aaidkyfuy Sphxtbjtbyu. All rights reserved. Original Filename : SCardDlg.dll Product Name : Rdwsfslrj® Irdlbjv® Fppgzaies Fdfkwz Product Version : 6.0.6000.16386
VirusTotal Report submitted 2012-07-08 23:01:35
VirusShare info last updated 2012-07-26 20:09:10

	MD5	7ce1496bac4c81a2f54dd16caf441ea3
	SHA1	c2665dbe942f9e5cf4f9bba497275c40fa98fcae
	SHA256	aa1fa12eae4e2b93aa2019ad304943a825aaa060538ebbd920c72328c8e2068a
SSDeep	6144:/gBj1PQmUcwt+6j9c5AmI6vYzvzkZ+HxKc72Rzm4nK/gHuCNrNLDvtCfQkTzLF:/jm3sigvKc7b4KSrJMfQyF
Size	397312 bytes
File Type	PE32 executable (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:Vundo-JU [Trj] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Pirminay.397312.O Panda = Generic Trojan nProtect = Trojan/W32.Agent.397312.GI VirusBuster = Trojan.Pirminay!faich/lQYeA VBA32 = Trojan.Pirminay.ewl TrendMicro-HouseCall = TROJ_PAM_0000020289.T3 Emsisoft = Trojan.Win32.Pirminay!IK Comodo = TrojWare.Win32.Trojan.Agent.Gen McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.Hosts.4380 TrendMicro = TROJ_RENOS.BMC Kaspersky = Trojan.Win32.Pirminay.ewl Microsoft = TrojanDownloader:Win32/Renos.KC ViRobot = Trojan.Win32.A.Pirminay.397312 Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen TotalDefense = Win32/Renos.CKJ Jiangmin = Trojan/Pirminay.sb McAfee = Generic Malware.ms ClamAV = Trojan.Agent-248226 F-Secure = Trojan.Generic.5786794 VIPRE = Trojan.Win32.Generic!BT AVG = Generic22.CP Norman = W32/Obfuscated.L Sophos = Troj/Virtum-Gen GData = Trojan.Generic.5786794 Symantec = Trojan.Gen TheHacker = Trojan/Pirminay.ewl BitDefender = Trojan.Generic.5786794 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:12:11 03:47:40-05:00 PE Type : PE32 Linker Version : 5.12 Code Size : 20480 Initialized Data Size : 733184 Uninitialized Data Size : 0 Entry Point : 0x2453 OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6001.18000 Product Version Number : 6.0.6001.18000 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Nlrynqulr Rlbmthudbfl File Description : Ncegmicnw Neutral Natural Language Server Data and Code File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840) Internal Name : NlsData0010 Legal Copyright : © Qucqiszdn Egyauyqhitv. All rights reserved. Original Filename : NlsData0010.dll Product Name : Xgcwjlkoi® Sxgwevq® Lmodrtvqu Psztqc Product Version : 6.0.6001.18000
VirusTotal Report submitted 2012-07-06 19:02:34
VirusShare info last updated 2012-07-26 20:17:18

	MD5	9a095df07021edd6ae1a7143a79de4fb
	SHA1	f6a2cfc8338defa410ceeb57c79941b4b7b7fcc0
	SHA256	3eaf23460058d0505792b28ae1f541cda0c4992c9bd035004ce72e466e4de206
SSDeep	1536:De5nznSqbDjLQZSVouMqqU+NV23S2LLWBTd3OQSWWfT1G:DanOq3oSVouMqqDLy/LLW1dLSF1G
Size	114688 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-HH [Cryp] Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.HDC Panda = Generic Trojan K7AntiVirus = Trojan VirusBuster = Trojan.Kryptik!z0CJD6MZe1U TrendMicro-HouseCall = TROJ_GEN.R72C2GD Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.WinSpy.1558 TrendMicro = TROJ_GEN.R72C2GD Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Vundo TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Generic.goll McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.CPFB Norman = W32/Kryptik.AIF GData = Gen:Variant.Vundo.13 Symantec = Trojan.Vundo!gen9 Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.NPR
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:23 10:13:41-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 36864 Initialized Data Size : 122880 Uninitialized Data Size : 0 Entry Point : 0x627e OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.2180 Product Version Number : 5.1.2600.2180 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Kwzbpwynb Vwxvxksczdm File Description : Shell scrap object handler File Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Internal Name : shole Legal Copyright : © Csarxlvoc Obtjsewcdep. All rights reserved. Original Filename : SHSCRAP.DLL Product Name : Mdynjxyct® Windows® Usfncdval Ltagjy Product Version : 5.1.2600.2180
VirusTotal Report submitted 2012-07-09 02:11:41
VirusShare info last updated 2012-07-26 20:24:48

	MD5	bc28e02dca28cf1da242ad476f8f7986
	SHA1	447a1b71b4e0d6de5e2a6d43d7cf00ef742b077b
	SHA256	784ed85739f60b47ac3e0db70d890d1ff87891341c61138511f78801ffe9ccba
SSDeep	6144:/PH3UairUacadWcpAHjivZJGK2mSocUWmebNBmnQ+w6NW9oMpjCWFCn5McPFnb/:nEomWciHjIRCUkBBR+wCMoY2WFCmIFnT
Size	385478 bytes
File Type	PE32 executable (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Crypt.ZPACK.Gen2 Avast = Win32:Vundo-JU [Trj] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.FakeAV Panda = Trj/CI.A nProtect = Trojan.Generic.5741135 K7AntiVirus = Riskware VirusBuster = Trojan.Agent!1NLcSVtF1mw TrendMicro-HouseCall = TROJ_GEN.R0ECCEM Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = TrojanDownloader.Ponmocup McAfee-GW-Edition = Downloader.a!bnw DrWeb = Trojan.DownLoader4.63979 TrendMicro = TROJ_GEN.R0ECCEM Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.edsa McAfee = Downloader.a!bnw F-Secure = Trojan:W32/Ponmocup.A VIPRE = Trojan.Win32.Generic!BT F-Prot = W32/Ponmocup.A.gen!Eldorado AVG = Startpage.NQX Norman = W32/Obfuscated_L.JB Sophos = Mal/Ponmocup-A GData = Trojan.Generic.5741135 Symantec = Trojan.Gen Commtouch = W32/Ponmocup.A.gen!Eldorado TheHacker = Trojan/Pirminay.enq BitDefender = Trojan.Generic.5741135 NOD32 = Win32/Qhost.NRX
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2002:09:01 22:59:25-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 364544 Initialized Data Size : 335872 Uninitialized Data Size : 0 Entry Point : 0x5625f OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 4.82.28.56 Product Version Number : 4.82.28.56 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 6 Language Code : Neutral Character Set : Unicode Company Name : Broadcom Gzbvnflbper File Description : BCM 802.11g Network Adapter wireless driver File Version : 4.82.28.56 built by: WinDDK Internal Name : bcmwl6.sys Legal Copyright : 1998-2006, Broadcom Corporation All Rights Reserved. Original Filename : bcmwl6.sys Product Name : BCM 802.11g Network Adapter wireless driver Product Version : 4.82.28.56
VirusTotal Report submitted 2012-07-06 02:56:32
VirusShare info last updated 2012-07-26 20:34:36

	MD5	bfd3c27bb4d5d228caf6972a84b77589
	SHA1	f60a87c0c18832140a5943748eae89b3fa8f6d2c
	SHA256	e5b764276069dba2c484a8c028728293664a42129831a01b0d0cb8a0af9857b2
SSDeep	1536:PkyOtM5IzY3faMyVtRKWEPcnT5ogscEcTDm10JpTDQ5loADhKRa41Wlh5rrfmGlv:8ypyAQKWEPMT5ogDEODm1OfYo/kn5WGW
Size	96256 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Vundo Panda = Generic Trojan K7AntiVirus = Trojan VirusBuster = Trojan.DR.Agent!IQIKkZqKQHw TrendMicro-HouseCall = TROJ_GEN.R4FCCFM Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.MulDrop3.3630 TrendMicro = TROJ_GEN.R4FCCFM Kaspersky = Trojan-Dropper.Win32.Agent.epyx Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Vundo TotalDefense = Win32/Vundo.H!generic Jiangmin = TrojanDropper.Agent.bejn McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic21.ATVB Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.13 Symantec = Trojan.Vundo!gen9 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Dropper.Agent.epyx BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Adware.Virtumonde.NKO
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:17 18:05:28-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 81920 Initialized Data Size : 57344 Uninitialized Data Size : 0 Entry Point : 0x11311 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.2180 Product Version Number : 5.1.2600.2180 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 6 Language Code : English (U.S.) Character Set : Unicode Company Name : Pqnueksyd Kncyqfpinbn File Description : RAS PPPoE mini-port/call-manager driver File Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Internal Name : raspppoe.sys Legal Copyright : © Jfxvtoicp Vurnralymhw. All rights reserved. Original Filename : raspppoe.sys Product Name : Kyukeyjon® Abbzmkd® Fhvykzwkh Dtjmig Product Version : 5.1.2600.2180
VirusTotal Report submitted 2012-07-08 20:44:13
VirusShare info last updated 2012-07-26 20:35:59

	MD5	c9a9a1375a5b0e4629436c5126bc7de7
	SHA1	f66cab6e0b55be241c9df754e29b6b8185ec4204
	SHA256	a32e0c9492b5f05f409cf4c56b3aabdd529965288bb793515d660d6eb9acaa5f
SSDeep	6144:K9Wo3oBIuIbUf0ktBOKzfXYsMD7+zYBqQ1AD4dYAuvn:KweprYD2KzXYsQ7+zYt1Y6uv
Size	304291 bytes
File Type	MS-DOS executable
Detections	Avast = Win32:Trojan-gen Ikarus = Trojan-Downloader.Win32.Ponmocup AhnLab-V3 = Trojan/Win32.Pirminay nProtect = Trojan.Generic.KDV.62138 K7AntiVirus = Trojan VBA32 = Trojan.Pirminay.aza TrendMicro-HouseCall = TROJ_PIRMINAY_0000010.TOMA Emsisoft = Trojan-Downloader.Win32.Ponmocup!IK SUPERAntiSpyware = Trojan.Agent/Gen-Pirminaya Kaspersky = Trojan.Win32.Pirminay.aza ViRobot = Trojan.Win32.Pirminay.326144 Jiangmin = Trojan/Pirminay.fl F-Secure = Trojan.Generic.KDV.62138 F-Prot = W32/Graftor.H.gen!Eldorado AVG = FakeAV.FEI GData = Trojan.Generic.KDV.62138 Commtouch = W32/Graftor.H.gen!Eldorado TheHacker = Trojan/Kryptik.hzv BitDefender = Trojan.Generic.KDV.62138 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	Error : Unknown file type
VirusTotal Report submitted 2012-07-08 08:00:56
VirusShare info last updated 2012-07-26 20:38:38

	MD5	f075a701981dbfceb7bf821720eb0595
	SHA1	2bfaf400e0ea98f0d8379307733950eb8a640568
	SHA256	2a83dc031c4689709ad61345703fcf3a4f91e7f0c38122536c05a18a5ef55738
SSDeep	3072:APb1IVLs05WNzmn+OFxEjHVD5KXBGfK/O8uhxX2qCgArD3nx:UI20okfMD5rfKMbJwD3x
Size	115200 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Crypt.XPACK.Gen Avast = Win32:MalOb-GD [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Vundo Panda = Trj/Genetic.gen K7AntiVirus = Trojan VirusBuster = Trojan.Kryptik!7HsYagnGVm8 TrendMicro-HouseCall = TROJ_GEN.R4FC2GG Comodo = TrojWare.Win32.Kryptik.LLT Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Artemis!F075A701981D DrWeb = Trojan.WinSpy.1276 TrendMicro = TROJ_GEN.R4FC2GG Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Generic.fnxb McAfee = Artemis!F075A701981D F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Vundo.MH Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.llt BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LLT
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:06:11 15:18:07-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 102400 Initialized Data Size : 49152 Uninitialized Data Size : 0 Entry Point : 0x19601 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.0.0.3422 Product Version Number : 2.0.0.3422 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : Rlikrttkj Ibietanazzz File Description : Jugqectay Character Animation Data Provider File Version : 2.00.0.3422 Internal Name : AgentDataProvider2 Legal Copyright : Copyright (C) Bhgtbibxy Corp. 1997-98 Legal Trademarks : Original Filename : AgentDp2.dll Private Build : Product Name : Nrrmupjma Character Animation Data Provider Product Version : 2.00.0.3422 Special Build :
VirusTotal Report submitted 2012-07-05 00:53:30
VirusShare info last updated 2012-07-26 20:46:23

	MD5	f18f19e8345f345749d2f0e41608ed54
	SHA1	99cddc1fcfd6b810f29c41dfa760926d568727b3
	SHA256	883f2a294ab379b104bd3bbd6a1065df3fa1864d387f855d5777242d3b104397
SSDeep	1536:VX6z8FechCtT3KcqoJDOKAh6TbACySxenHl/7Qa+en0hol:VX6z8FeXV3tJNAMHACySgl/7oe0ol
Size	90112 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-GD [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.HDC Panda = Trj/CI.A K7AntiVirus = Trojan VirusBuster = Trojan.Kryptik!LsfUfMhC5Tw TrendMicro-HouseCall = TROJ_GEN.R29C1IA Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Vundo!lb DrWeb = Trojan.WinSpy.1175 TrendMicro = TROJ_GEN.R29C1IA Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.H!generic McAfee = Vundo!lb F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CP.gen!Eldorado AVG = Generic22.BKEW Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.13 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CP.gen!Eldorado BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.NDC
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:12:08 07:48:01-05:00 PE Type : PE32 Linker Version : 5.12 Code Size : 73728 Initialized Data Size : 61440 Uninitialized Data Size : 0 Entry Point : 0xf0fa OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 3.57.0.442 Product Version Number : 3.57.0.442 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 6 Language Code : English (U.S.) Character Set : Unicode Company Name : VIA Technologies, Inc. File Description : NDIS 5.0 miniport driver File Version : 3.57.00.0442 Internal Name : FETND5.SYS Legal Copyright : Copyright (C) VIA Technologies, Inc. Legal Trademarks : VIA Original Filename : FETND5.SYS Product Name : VIA Rhine Family Fast Ethernet Adapter Product Version : 3.57.00.0442
VirusTotal Report submitted 2012-07-06 08:11:10
VirusShare info last updated 2012-07-26 20:46:40

	MD5	f26c8d69f30dd6ede435d6d41b20185a
	SHA1	766234e393604a8d0fd53706b8f7159ec9a90d79
	SHA256	a418ca64057185b7632885df75b5c8a59f0063389a1c651fe43c06659d97a14a
SSDeep	1536:ISC0OrvOFyPGa/rBRy1O8payoidWqf6jDeEgiHW+JFO1/ttqbKQAvj1dX6:TjnFyP79IcwXoQ4uQWIOLkb+JdX6
Size	91136 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/Win32.Menti.gen Ikarus = Trojan.Win32.Pirminay K7AntiVirus = Trojan Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK DrWeb = Trojan.WinSpy.1558 Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = HeurEngine.MaliciousPacker TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Menti.htd F-Secure = Gen:Variant.Vundo.4 VIPRE = Virtumonde F-Prot = W32/Virtumonde.BZ.gen!Eldorado AVG = Crypt_c.BDJ Norman = W32/Kryptik.AIF GData = Gen:Variant.Vundo.4 Symantec = Packed.Generic.305 Commtouch = W32/Virtumonde.BZ.gen!Eldorado BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.GND
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:08:17 15:33:04-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 46080 Initialized Data Size : 80384 Uninitialized Data Size : 0 Entry Point : 0xc1ed OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6002.18005 Product Version Number : 6.0.6002.18005 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : MSCTFP Server DLL File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830) Internal Name : MSCTFP Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : MSCTFP.DLL Product Name : Microsoft® Windows® Operating System Product Version : 6.0.6002.18005 Ole Self Register :
VirusTotal Report submitted 2012-07-06 17:09:56
VirusShare info last updated 2012-07-26 20:46:54

	MD5	f34f713411328a6cd00427df7c65dbc0
	SHA1	128f6a1ad742a68dade575a9998f75d33299da5c
	SHA256	5af4e16c2bb4f22efa638ad07a87ed8185938fb81e7d31cf0028401f12c7fb2a
SSDeep	192:noTJiqX+4JIIbzRPjf1OVt2huG9kAPko9KT5XkJRPou:oTJ3XLJDRbWtGJk+KT50Jp
Size	8192 bytes
File Type	PE32 executable (GUI) Intel 80386, for MS Windows
Detections	Avast = Win32:Pirminay-H [Trj] Panda = Suspicious file Comodo = Heur.Corrupt.PE DrWeb = Trojan.Hosts.5775 PCTools = Trojan.Gen AVG = Suspicion: unknown virus GData = Win32:Pirminay-H Symantec = Trojan.Gen TheHacker = W32/Behav-Heuristic-CorruptFile-EP
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:06:30 13:00:28-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 102400 Initialized Data Size : 561152 Uninitialized Data Size : 0 Entry Point : 0x190ac OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI Warning : Error processing PE data dictionary
VirusTotal Report submitted 2012-07-05 18:23:30
VirusShare info last updated 2012-07-26 20:47:04

	MD5	fcfe1a0a5fa5993f25db155b85cb9051
	SHA1	2c2bb437b9093db6da36dfb503f8d59902ba0508
	SHA256	6e6a38932295d49170281eaf767f28e682840adf630840656cbd5bc8c6ba65b7
SSDeep	6144:c19zHEQWexIGeWV3anZOxJGpn/34tgF405yTigTkhqI9cBJBYPWpkLfYDs:crkHexIdwaAJW/otg405yT7khuBJB2x
Size	349158 bytes
File Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Detections	AntiVir = TR/Dldr.Ponmocup.A.285 Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/CI.A nProtect = Trojan.Generic.6188836 K7AntiVirus = Riskware VirusBuster = Trojan.Agent!P9RoGxLE2bg VBA32 = TrojanDownloader.Agent.pxo TrendMicro-HouseCall = TROJ_GEN.R4FC1IK Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Downloader.a!if DrWeb = Trojan.DownLoader3.31121 TrendMicro = TROJ_GEN.R4FC1IK Kaspersky = UDS:DangerousObject.Multi.Generic Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Kryptik.ANL!tr PCTools = Downloader.Generic Jiangmin = Trojan/Pirminay.ame McAfee = Downloader.a!if F-Secure = Trojan.Generic.6188836 VIPRE = FraudTool.Win32.AVSoft (v) AVG = SHeur3.CELY Norman = W32/Suspicious_Gen2.QGOYN Sophos = Mal/Generic-L GData = Trojan.Generic.6188836 Symantec = Downloader TheHacker = Trojan/Pirminay.ifp BitDefender = Trojan.Generic.6188836 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2007:01:23 17:34:15-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 348160 Initialized Data Size : 4096 Uninitialized Data Size : 475136 Entry Point : 0xc9510 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2001.12.4414.42 Product Version Number : 3.0.0.4414 File Flags Mask : 0x003f File Flags : Special build File OS : Win32 Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Windows, Latin1 Company Name : Hovobxtio Bfnyvtepbwj File Version : 2001.12.4414.42 Internal Name : MTXREPL.EXE Legal Copyright : Copyright (C) Qzjxyowrw Corp. 1995-1999 Legal Trademarks : Iwuvusifc(R) is a registered trademark of Suskizwir Rbexstccxuz. Xgipaqk(TM) is a trademark of Anlmmsrta Vgtryincodh Product Name : COM Services Product Version : 03.00.00.4414
VirusTotal Report submitted 2012-07-06 00:05:08
VirusShare info last updated 2012-07-26 20:49:02

	MD5	dc37749e2622b5a23aab7bf94407d3c3
	SHA1	1168cad1d39f3ef7d54cb95a803df90deea698a1
	SHA256	bdee9865d5b20100377b2084f487edaedbec55cc2de60892c90132f179db5b34
SSDeep	12288:iVGLXwTmLJgsoy7Z18prviMci/5+ELaT/zMAgNeRkqNF52T1sM5I3:AOJgsH6r3ci/5+ZEAgNe6x5p5I3
Size	757760 bytes
File Type	PE32 executable (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Spy.757760.99 Avast = Win32:Spyware-gen [Spy] Ikarus = Trojan.Win32.Pirminay TrendMicro-HouseCall = TROJ_GEN.R47H1I4 Emsisoft = Trojan.Win32.Pirminay!IK Comodo = TrojWare.Win32.Trojan.Agent.Gen Kaspersky = Trojan.Win32.Pirminay.shu ViRobot = Trojan.Win32.A.Pirminay.757760.A F-Secure = Gen:Variant.Zusy.17555 VIPRE = Trojan.Win32.Generic!BT AVG = Win32/Cryptor Norman = W32/Suspicious_Gen5.GVLH GData = Gen:Variant.Zusy.17555 ESET-NOD32 = Win32/Ponmocup.AA BitDefender = Gen:Variant.Zusy.17555
ExIF Data	File Size : 740 kB File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2010:05:05 09:12:47-04:00 PE Type : PE32 Linker Version : 6.0 Code Size : 155648 Initialized Data Size : 602112 Uninitialized Data Size : 0 Entry Point : 0x21c53 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-09-06 19:35:54
VirusShare info last updated 2012-09-09 22:00:46

	MD5	0916b2fb0900c47f34503177f7928380
	SHA1	2c8b59d5ec415dd06440309808a54c1276b33eae
	SHA256	43fdb18fa03f5615abf608455cddf83a7f739fe2106eda850777da0d44129255
SSDeep	3072:hzjnfsD31Oc9HwDdIRmKKeyoDH2nbSrsOfok8Zx:hzrC319SDc0o8bqNsx
Size	139264 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-GD [Cryp] Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Gen Panda = Trj/Genetic.gen nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!MsUZ3JbpNzk TrendMicro-HouseCall = TROJ_GEN.R29C3FA Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[RE] McAfee-GW-Edition = Generic.dx!ztb TrendMicro = TROJ_GEN.R29C3FA Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV PCTools = Trojan.Gen Jiangmin = Trojan/Generic.iyhg McAfee = Generic.dx!ztb F-Secure = Trojan.Generic.KDV.236716 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-GD [Cryp] F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.AHIF Norman = W32/Suspicious_Gen2.MLTGS Sophos = Troj/Virtum-Gen GData = Trojan.Generic.KDV.236716 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.lxf BitDefender = Trojan.Generic.KDV.236716 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Size : 136 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:15 15:57:49-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 110592 Initialized Data Size : 61440 Uninitialized Data Size : 0 Entry Point : 0x187fe OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Oofliulhg Qhdxsrckdmy File Description : Function Discovery Proxy Dll File Version : 6.0.6000.16386 (hujgw_rtm.061101-2205) Internal Name : fdProxy Legal Copyright : © Olfpaijju Pqznqjacapz. All rights reserved. Original Filename : fdProxy.dll Product Name : Tulfxhygq® Nruxsns® Vckhgghxa Cgkxrj Product Version : 6.0.6000.16386
VirusTotal Report submitted 2011-09-05 05:01:47
VirusShare info last updated 2012-09-13 00:10:02

	MD5	1e6aa9bf2283b005d158cd0db3a30259
	SHA1	a425c8c51a4de3f474a44dcce38ab55f90628550
	SHA256	2dcecf426aed864477b3e931604d0644b5ed6ee6c7b65b191e85e3e7a415c3e7
SSDeep	6144:ilDCOtVNIp3jW6tT7gFmZ0flPfxR/omKZAqqDLuvuM:ilDV5q3tT73Z0tMhlqnuvu
Size	220160 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.A.945 Avast = Win32:Trojan-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Malware/Win32.Generic Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.6 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!cwUwWT+9VwQ TrendMicro-HouseCall = TROJ_GEN.R72C2G8 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Vundo!iy DrWeb = Trojan.Smardec.75 TrendMicro = TROJ_GEN.R72C2G8 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV McAfee = Vundo!iy F-Secure = Gen:Variant.Vundo.6 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:Trojan-gen eSafe = Win32.TRVundo F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.TKD Norman = W32/Suspicious_Gen2.MYUGZ Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.6 Symantec = WS.Reputation.1 Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Gen:Variant.Vundo.6 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Size : 215 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:03:26 09:32:35-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 155648 Initialized Data Size : 118784 Uninitialized Data Size : 0 Entry Point : 0x26307 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.5479.0 Product Version Number : 6.0.5479.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 1 Language Code : English (U.S.) Character Set : Unicode Company Name : SEIKO EPSON CORPORATION File Description : EPSON Printer Driver File Version : 6.0.5479.0 (vbl_wcp_d2_drivers.060616-1619) Internal Name : ep0lvr11.dll Legal Copyright : Copyright (c) SEIKO EPSON CORPORATION 2003-2004. All rights reserved. Original Filename : ep0lvr11.dll Product Name : EPSON Printer Driver Product Version : 6.0.5479.0
VirusTotal Report submitted 2011-08-25 16:00:28
VirusShare info last updated 2012-09-13 03:51:31

	MD5	22132779946f97a2cfdda34810fe080d
	SHA1	7b241b5f78a127c5d244e3739fdad1e0d621176b
	SHA256	4016cef664deef83e1da3661cf98d6e2cee4aa897f719e75be4850a0142dedad
SSDeep	1536:W2f3pg/K76yQL5saGuDAjq0vVY5bGtDGZVolTlBDGIglhy05WVM/8+NZU0m:XfR7o5gucPtHDGolTqIg3KM/JNZU0
Size	122880 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-GD [Cryp] Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Genome Panda = Suspicious file Rising = Trojan.Win32.Generic.129752B6 nProtect = Gen:Variant.Vundo.13 K7AntiVirus = Riskware Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[Cont] McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.Click1.63023 Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Genome.ahcz McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.ZJX Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.13 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.NDS
ExIF Data	File Size : 120 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:08:29 01:32:30-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 57344 Initialized Data Size : 98304 Uninitialized Data Size : 0 Entry Point : 0xb70a OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Kcssvwbkk Mpoiygxoupe File Description : Llrxajq Write File Version : 5.1.2600.0 (uxozrtxg.010817-1148) Internal Name : write Legal Copyright : © Lerxelvhk Xwronziumui. All rights reserved. Original Filename : write Product Name : Uprgknoah® Ngtbofq® Mucsciuya Reywjr Product Version : 5.1.2600.0
VirusTotal Report submitted 2011-12-16 21:23:50
VirusShare info last updated 2012-09-13 04:54:12

	MD5	2611cc535f05beb3661e01e6bda6a727
	SHA1	31d26b43031708213993ed93c6791cf6b70d1e59
	SHA256	151300bfafeec347edf6a3748b3a1ca8f11fb5fa1f01b79dfa31543c814b1622
SSDeep	1536:10frx4ozCNEVgDLE04dJs5vJt4bzjXo/y+sH8C+xmANvgW7Ct2:2t4ozCyVd0wJs5vzYjY/LFAivgW7Ct2
Size	95744 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:MalOb-EI Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Packed/Win32.Generic Panda = Spyware/Virtumonde Rising = Trojan.Win32.Generic.12325C37 nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware VirusBuster = Adware.Virtumonde!gBecnYKm8Hg TrendMicro-HouseCall = TROJ_GEN.R72C2EF Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Artemis!2611CC535F05 DrWeb = Trojan.Click1.35441 TrendMicro = TROJ_GEN.R72C2EF Microsoft = Trojan:Win32/Vundo.gen!AV PCTools = HeurEngine.MaliciousPacker Jiangmin = Trojan/Genome.acjg McAfee = Artemis!2611CC535F05 VIPRE = Virtumonde Avast5 = Win32:MalOb-EI eSafe = Win32.TRATRAPS F-Prot = W32/Virtumonde.BZ.gen!Eldorado AVG = Generic22.ATNI Symantec = Packed.Generic.305 GData = Gen:Variant.Vundo.4 Commtouch = W32/Virtumonde.BZ.gen!Eldorado BitDefender = Gen:Variant.Vundo.4 NOD32 = Win32/Adware.Virtumonde.NHD
ExIF Data	File Size : 94 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:11 06:29:07-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 52736 Initialized Data Size : 79360 Uninitialized Data Size : 0 Entry Point : 0xdc5d OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6002.18005 Product Version Number : 6.0.6002.18005 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Internet Print Provider DLL File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830) Internal Name : inetpp.dll Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : inetpp.dll Product Name : Microsoft® Windows® Operating System Product Version : 6.0.6002.18005
VirusTotal Report submitted 2011-06-22 04:45:54
VirusShare info last updated 2012-09-13 06:13:05

	MD5	33de3cd143e38a07312d706c5bf82e9c
	SHA1	a9eaf1779d7aa7aae1f5fe6ff962c5a574827b8d
	SHA256	4466f6caa1ae7fb68d5819c3e79a1f777a3619a83a8dec3d601d4912542866b4
SSDeep	1536:6rXaP0oRs83Li2toXSFvWAEVZ7km5lrtih:6rY0Sr3W2wEWAEV/5lQh
Size	59904 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Packed/Win32.Generic Panda = Suspicious file Rising = Trojan.Win32.Generic.125D75E7 nProtect = Gen:Variant.Vundo.6 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!kTxCEwfwtGk TrendMicro-HouseCall = TROJ_GEN.R72C2L7 Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Vundo.av McAfee-GW-Edition = Vundo!gu TrendMicro = TROJ_GEN.R72C2L7 Kaspersky = UDS:DangerousObject.Multi.Generic ViRobot = Trojan.Win32.Vundo.59904 Microsoft = Trojan:Win32/Vundo.gen!AV PCTools = HeurEngine.MaliciousPacker Jiangmin = Trojan/Genome.lwp McAfee = Vundo!gu F-Secure = Gen:Variant.Vundo.6 VIPRE = Trojan.Win32.Vundo Avast5 = Win32:Malware-gen eSafe = Win32.TRVundo.Av F-Prot = W32/Virtumonde.BZ.gen!Eldorado AVG = Generic20.AFMP Norman = W32/Suspicious_Gen2.IBBKE Symantec = Packed.Generic.305 GData = Gen:Variant.Vundo.6 Commtouch = W32/Virtumonde.BZ.gen!Eldorado BitDefender = Gen:Variant.Vundo.6 NOD32 = a variant of Win32/Kryptik.ITQ
ExIF Data	File Size : 58 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:11:15 18:50:56-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 52224 Initialized Data Size : 43008 Uninitialized Data Size : 0 Entry Point : 0xdb27 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 0.3.7000.0 Product Version Number : 6.1.7000.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 12 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Windows Journal Print Processor DLL File Version : 6.1.7000.0 (winmain_win7beta.081212-1400) Internal Name : Jnwppr Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : Jnwppr.DLL Product Name : Microsoft® Windows® Operating System Product Version : 6.1.7000.0
VirusTotal Report submitted 2011-06-10 13:35:52
VirusShare info last updated 2012-09-13 08:46:12

	MD5	38f8a9d26e1476d349ae4a9ec7994168
	SHA1	65f45574cabc7497b40d6f6d9481811770bd4fe1
	SHA256	43ce176d295f0c2e8f329c60fa6b9bd274783f245b00a8c2beaa99b95211cb5e
SSDeep	3072:S+P46rU50oY8ACsFjYcXfQ1DsdFzFMqqDLy/MoDbc:uekUE0fmqFzmqqDLuM
Size	131072 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:Vundo-JX Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.4 VirusBuster = Trojan.Vundo.AKMH eTrust-Vet = Win32/Vundo.HPV!genus TrendMicro-HouseCall = TROJ_GEN.R1CC2FT SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Artemis!38F8A9D26E14 TrendMicro = TROJ_GEN.R1CC2FT Microsoft = Trojan:Win32/Vundo.gen!AV PCTools = Trojan.Gen McAfee = Artemis!38F8A9D26E14 F-Secure = Gen:Variant.Vundo.4 VIPRE = Virtumonde Avast5 = Win32:Vundo-JX AVG = Generic23.TEE Symantec = Trojan.Gen GData = Gen:Variant.Vundo.4 BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Size : 128 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:05 18:48:40-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 86016 Initialized Data Size : 86016 Uninitialized Data Size : 0 Entry Point : 0x151a7 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.1.4026.0 Product Version Number : 2.0.0.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : Ncpniezam Kdqqjqacykd File Description : Movie Maker Filters File Version : 2, 1, 4026, 0 Internal Name : WMM2FILT Legal Copyright : Copyright (C) Lfwckqjlh Corp, 2004 Legal Trademarks : Original Filename : WMM2FILT.DLL Private Build : Product Name : Windows Movie Maker Product Version : 2.1.4026.0 Special Build :
VirusTotal Report submitted 2011-07-04 04:02:25
VirusShare info last updated 2012-09-13 09:26:53

	MD5	3f0b2ff7f6baabf41b1aaa9b170d6ac5
	SHA1	65567cddb9e3064f9a19871cb1c4d615c27d62cc
	SHA256	2dd59f7ce66db253ea3100d1fc2710fbae8206519008d08340b402fe260b6cdb
SSDeep	1536:tY8R+mGU929shZwiYAKbowLQ3F01CnCRJZuTMqqU+NV23S2n:+EGU97TwiYHboD8kTMqqDLy/n
Size	86528 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:Vundo-JW Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.FakeAV Panda = Suspicious file nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_GEN.R01C2G1 McAfee-GW-Edition = Generic.dx!zvd TrendMicro = TROJ_GEN.R01C2G1 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo Fortinet = W32/Dx.ZVD!tr Jiangmin = Trojan/Generic.gije McAfee = Generic.dx!zvd F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Vundo-JW eSafe = Win32.TRVundo AVG = Generic23.LGZ GData = Gen:Variant.Vundo.4 TheHacker = Trojan/Kryptik.owy BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.OWY
ExIF Data	File Size : 84 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:13 09:32:51-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 32768 Initialized Data Size : 106496 Uninitialized Data Size : 0 Entry Point : 0x8a87 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Softpub Forwarder DLL File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : Softpub Forwarder DLL Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : Softpub Forwarder DLL Product Name : Microsoft® Windows® Operating System Product Version : 6.1.7600.16385
VirusTotal Report submitted 2011-07-03 02:29:44
VirusShare info last updated 2012-09-13 10:14:38

	MD5	4340cc8b756c580cf6e0f44ad14eda27
	SHA1	cb062a09a41c7026dac409cf82a3394108e8c061
	SHA256	450f0198f7b93f1a001729252ff12d0adf5f5b05fe19157a907339ce6bb266a0
SSDeep	6144:ilDqOBV5jptq8tb7gYT5EflVfxR/omdZxqqDLuSuM:ilDt5ltnb7l5EtCqMqnuSu
Size	220160 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.A.945 Avast = Win32:MalOb-HH [Cryp] Antiy-AVL = Trojan/win32.agent.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Genome Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.6 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!TvjntBL6Epw TrendMicro-HouseCall = TROJ_GEN.R4FCDLO Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Artemis!4340CC8B756C DrWeb = Trojan.Smardec.75 TrendMicro = TROJ_GEN.R4FCDLO Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen McAfee = Artemis!4340CC8B756C F-Secure = Gen:Variant.Vundo.6 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.6 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.lxf BitDefender = Gen:Variant.Vundo.6 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Size : 215 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:03:26 09:32:35-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 155648 Initialized Data Size : 118784 Uninitialized Data Size : 0 Entry Point : 0x26307 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.5479.0 Product Version Number : 6.0.5479.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 1 Language Code : English (U.S.) Character Set : Unicode Company Name : SEIKO EPSON CORPORATION File Description : EPSON Printer Driver File Version : 6.0.5479.0 (vbl_wcp_d2_drivers.060616-1619) Internal Name : ep0lvr11.dll Legal Copyright : Copyright (c) SEIKO EPSON CORPORATION 2003-2004. All rights reserved. Original Filename : ep0lvr11.dll Product Name : EPSON Printer Driver Product Version : 6.0.5479.0
VirusTotal Report submitted 2012-01-04 23:54:37
VirusShare info last updated 2012-09-13 10:49:36

	MD5	43ea2c2e2ea1879b75310fdebe115f25
	SHA1	cff3b5fc3adb96890f88cf59818824a11096c919
	SHA256	2f926dad55c455cb837e652b4d95c74046583cb29154ade6578d66366e27d2a1
SSDeep	3072:AQ/U84N5n3Ub+rszzRPAz6OwjLgcYzNmCdKlUMmfgHPFsigMqqDLy/3dJm:F4NpkbYNzQEBtMmfgH2EqqDLu7
Size	184320 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-HH [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Vundo Panda = Suspicious file Rising = Trojan.Win32.Generic.128A3A09 K7AntiVirus = Riskware VirusBuster = Trojan.Vundo.Gen!Pac.49 eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R04C2GF Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Vundo!jn DrWeb = Trojan.Click1.54577 TrendMicro = TROJ_GEN.R04C2GF Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.wmjk McAfee = Vundo!jn F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.ACTC Norman = W32/Suspicious_Gen2.NQYOH Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.llt BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LLT
ExIF Data	File Size : 180 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2007:02:28 11:10:14-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 106496 Initialized Data Size : 118784 Uninitialized Data Size : 0 Entry Point : 0x162e2 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Disk Management DCOM Interface Stub File Version : 6.0.6000.16386 (vista_rtm.061101-2205) Internal Name : dmintf.dll Legal Copyright : Copyright© 1985-2002 Microsoft Corporation. All rights reserved. .Portions Copyright © 1997-2002 Veritas Software. All rights reserved. Original Filename : dmintf.dll Product Name : Microsoft® Windows® Operating System Product Version : 6.0.6000.16386
VirusTotal Report submitted 2012-03-15 09:47:40
VirusShare info last updated 2012-09-13 10:55:56

	MD5	4bffbe3c835058207721f53af860d758
	SHA1	b3191389e928bb9f4aad7e763df2168c3b52dbc8
	SHA256	2f9f20d6d386b78ec45f4463465e748a0cb1c088f8a34d47d6d87ca0714b9f24
SSDeep	3072:pghSnbi/+CS2rUnvjf19Hhh6FArie0/0NkFf+ldMqqDLy/CR+9:pDu/8vx9r6Fw0skFflqqDLu7
Size	137216 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-HF [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Genome Panda = Generic Trojan K7AntiVirus = Riskware VirusBuster = Trojan.Vundo!O7DGpb0HCYg eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R1BC2G1 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[Cont] McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.Click2.286 TrendMicro = TROJ_GEN.R1BC2G1 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.iptc McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Generic!BT eSafe = Win32.TRVundo F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.AUN Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.llt BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LLT
ExIF Data	File Size : 134 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:05 17:20:27-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 73728 Initialized Data Size : 114688 Uninitialized Data Size : 0 Entry Point : 0xe2ca OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.2180 Product Version Number : 5.1.2600.2180 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 6 Language Code : English (U.S.) Character Set : Unicode Company Name : Keixqbqdc Bwvleejxlrx File Description : IPv6 Tfwssbn Firewall Driver File Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Internal Name : ip6fw.sys Legal Copyright : © Capanacsh Bngdmkceeph. All rights reserved. Original Filename : ip6fw.sys Product Name : Kdgurrwrx® Bddpqkb® Xxzlbjwzi System Product Version : 5.1.2600.2180
VirusTotal Report submitted 2012-03-20 02:46:12
VirusShare info last updated 2012-09-13 12:35:40

	MD5	4f2c630c9694b19c3979ca1e3df9da74
	SHA1	d92b75c5a8ec0d0a6b48a04dbf60963a843658bc
	SHA256	436284099b8bff08eaecaeb932e8cb6561e5a6bbe8dd66c215ccf831ba06ce4f
SSDeep	1536:Fu4O3qaDdgdM+2ewKXd4wW55dJlmx+3aql4dmcJ5kYO:I4O31DdqRwmqdZqmK5O
Size	60022 bytes
File Type	PE32 executable (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Spy.47689 Avast = Win32:Zegost-I [Drp] Ikarus = Trojan-Dropper.Win32.Swisyn AhnLab-V3 = Trojan/Win32.Pirminay Panda = Suspicious file Rising = Trojan.Win32.Generic.125A79BF nProtect = Backdoor/W32.Agent.60022 K7AntiVirus = Virus VirusBuster = Backdoor.Agent!CXNrUrqd4UY VBA32 = Backdoor.FirstInj.adp TrendMicro-HouseCall = Mal_MLWR-24 Comodo = TrojWare.Win32.Magania.~acku Emsisoft = Trojan-Dropper.Win32.Swisyn!IK CAT-QuickHeal = (Suspicious) - DNAScan McAfee-GW-Edition = Heuristic.LooksLike.Win32.SuspiciousPE.F DrWeb = Trojan.PWS.Wsgame.31611 ByteHero = Virus.Win32.Heur.c TrendMicro = Mal_MLWR-24 Kaspersky = Backdoor.Win32.FirstInj.bae Microsoft = TrojanDropper:Win32/Farfli.D ViRobot = Backdoor.Win32.S.FirstInj.60022 Fortinet = W32/Redosdru.BED!tr PCTools = Backdoor.Trojan Jiangmin = Heur:Backdoor/PcClient McAfee = Artemis!4F2C630C9694 F-Secure = Backdoor.Generic.429154 VIPRE = Trojan.Win32.OnlineGames eSafe = Win32.TRSpy F-Prot = W32/OnlineGames!Generic AVG = Win32/PEPatch Norman = W32/Suspicious_Gen2.IFKFM Sophos = Mal/Packer GData = Backdoor.Generic.429154 Symantec = Backdoor.Trojan Commtouch = W32/OnlineGames!Generic BitDefender = Backdoor.Generic.429154 NOD32 = a variant of Win32/Farfli.GX
ExIF Data	File Size : 59 kB File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2010:07:14 06:12:07-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 8704 Initialized Data Size : 49664 Uninitialized Data Size : 0 Entry Point : 0x11000 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1.0.0.1001 Product Version Number : 1.0.0.1001 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0
VirusTotal Report submitted 2012-03-21 19:53:01
VirusShare info last updated 2012-09-13 13:06:49

	MD5	53d473b706ba979887982c04d85b042c
	SHA1	5bf7db948651d8846e476da34d56e6bc8452f1a2
	SHA256	16c1d3db4701268af0a38b0749302ff520d1f1eba977912b7ef26e658d81a0e8
SSDeep	3072:zoAVnUOn+Zazzze7MH2Zo9B3K72UoyWRwY0if0OMqqDLy/yd0ded93OTI:z9nUqSaes2Zonn3pREi8lqqDLuDT
Size	163840 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Malware/Win32.Generic Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.13 K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_GEN.R72C2FU Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Artemis!53D473B706BA DrWeb = Trojan.Click1.54693 TrendMicro = TROJ_GEN.R72C2FU Kaspersky = UDS:DangerousObject.Multi.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr McAfee = Artemis!53D473B706BA F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Malware-gen F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.HAB Norman = W32/Suspicious_Gen2.POHHX Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.13 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.oxo BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.OXO
ExIF Data	File Size : 160 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:14 14:58:26-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 106496 Initialized Data Size : 98304 Uninitialized Data Size : 0 Entry Point : 0x1af37 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 3.0.6920.1820 Product Version Number : 3.0.6920.1820 File Flags Mask : 0x003f File Flags : Private build File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Ykodchwab Wnzebbnlxzw File Description : PresentationFramework.Luna.dll File Version : 3.0.6920.1820 built by: NetFXw7 Internal Name : PresentationFramework.Luna.dll Legal Copyright : © Wgeudarkd Ohcpevdikur. All rights reserved. Original Filename : PresentationFramework.Luna.dll Product Name : Fjgjgypbf® .NET Framework Product Version : 3.0.6920.1820 Comments : Flavor=Retail Private Build : DDBLD228
VirusTotal Report submitted 2011-09-16 16:13:13
VirusShare info last updated 2012-09-13 13:50:18

	MD5	6017a31e3913631183e979cd555a6fb0
	SHA1	76772f2b0d40f03b7849f8703ecaf60cfbf8bbb3
	SHA256	406d34ea789ba625163dd9cd5076e9810a52ade8aa1982476f8523addb59622a
SSDeep	1536:56F8O59xEPPJwZHeVvSKmVNI+cMqqU+NV23S2EfoIh5ClHG3cTGc5jsrtXt9z2:EF759xEP0HeZSKmUJMqqDLy/EfoyGWcy
Size	94208 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:Malware-gen Antiy-AVL = Trojan/win32.agent.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Malware/Win32.Generic Panda = Trj/CI.A VirusBuster = Trojan.Kryptik!c7rxllt2ZZY TrendMicro-HouseCall = TROJ_GEN.R72C2GB Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Artemis!6017A31E3913 TrendMicro = TROJ_GEN.R72C2GB Microsoft = Trojan:Win32/Vundo McAfee = Artemis!6017A31E3913 F-Secure = Gen:Heur.Ranpax.1 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Malware-gen eSafe = Win32.TRVundo AVG = Generic23.AJNJ Norman = W32/Suspicious_Gen2.NIVMR GData = Gen:Heur.Ranpax.1 BitDefender = Gen:Heur.Ranpax.1 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Size : 92 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:01:11 03:46:07-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 28672 Initialized Data Size : 106496 Uninitialized Data Size : 0 Entry Point : 0x7b01 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Unicode Company Name : Xlfqmbeli Uedprnvwcjp File Description : Tjlsmjo Driver Foundation - User-mode Driver Framework Reflector File Version : 6.0.6000.16386 (bevhs_rtm.061101-2205) Internal Name : WUDFRd.sys Legal Copyright : © Uevyddwpw Corporation. All rights reserved. Original Filename : WUDFRd.sys Product Name : Shzuzigfg® Xrnmjnz® Xypptpvxi Wvszdg Product Version : 6.0.6000.16386
VirusTotal Report submitted 2011-07-20 05:54:50
VirusShare info last updated 2012-09-13 16:00:43

	MD5	605fd9fb33120970686453c243f54007
	SHA1	7319c08dea0736e0c570ee354cb13baff5e3958e
	SHA256	42a0cd5678d696a3c34bb1b500907825c971b0f5661bacc8749dc7ec63255221
SSDeep	3072:S+zC6rU50oY8ACcDb8cXphoWldFzSMqqDLy//oDbc:AekCw0pyyFzxqqDLu/
Size	131072 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:Vundo-JX [Trj] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/Genetic.gen nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware VirusBuster = Trojan.Vundo.AKMH eTrust-Vet = Win32/Vundo.HPV!genus TrendMicro-HouseCall = TROJ_GEN.R72C2G4 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Artemis!605FD9FB3312 TrendMicro = TROJ_GEN.R72C2G4 Microsoft = Trojan:Win32/Vundo.gen!AV PCTools = Trojan.Gen McAfee = Artemis!605FD9FB3312 F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Vundo-JX [Trj] eSafe = Win32.TRVundo AVG = Generic23.XRQ Norman = W32/Suspicious_Gen2.MZSAM Symantec = Trojan.Gen GData = Gen:Variant.Vundo.4 BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Size : 128 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:05 18:48:40-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 86016 Initialized Data Size : 86016 Uninitialized Data Size : 0 Entry Point : 0x151a7 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.1.4026.0 Product Version Number : 2.0.0.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : Ncpniezam Kdqqjqacykd File Description : Movie Maker Filters File Version : 2, 1, 4026, 0 Internal Name : WMM2FILT Legal Copyright : Copyright (C) Lfwckqjlh Corp, 2004 Legal Trademarks : Original Filename : WMM2FILT.DLL Private Build : Product Name : Windows Movie Maker Product Version : 2.1.4026.0 Special Build :
VirusTotal Report submitted 2011-07-11 01:37:53
VirusShare info last updated 2012-09-13 16:04:00

	MD5	71b74b9ec01e5ec18fe0f44101b2ab52
	SHA1	13af06ab393b873c208e155b891420de65c64bb3
	SHA256	2fa3a5e9f4fbadaa0002cb67baad43a8fbdb5cc9746d3694a80e392eab2132c1
SSDeep	384:9pQvRdd0GodCnzwM+ERMnfC7MTFD4fkAN6+7L5yt3vGu1HTp1oefD4rXiL7v4:9fGRnH+EW8SFyZ5ypvG4fo+D4+L7A
Size	35899 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Spy.Gen Avast = Win32:Pirminay-EE [Trj] Ikarus = not-a-virus:AdWare.Win32.SuperJuan AhnLab-V3 = Trojan/Win32.Variant Panda = Trj/CI.A Rising = Trojan.Win32.Generic.12C1B873 K7AntiVirus = Riskware VirusBuster = Trojan.Ponmocup!i4vri6gVb74 VBA32 = AdWare.SuperJuan.heur TrendMicro-HouseCall = TROJ_GEN.R01CDDJ Emsisoft = Riskware.AdWare.Win32.SuperJuan!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Generic PUP.x!b2b DrWeb = Trojan.WinSpy.1558 TrendMicro = TROJ_GEN.R01CDDJ Kaspersky = not-a-virus:AdWare.Win32.SuperJuan.heur Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Ponmocup.AA Jiangmin = Adware/SuperJuan.hk McAfee = Generic PUP.x!b2b F-Secure = Gen:Variant.Vundo.10 VIPRE = Trojan.Win32.Vundo eSafe = Win32.TRSpy AVG = Generic28.CPG GData = Gen:Variant.Vundo.10 Symantec = Trojan.Gen BitDefender = Gen:Variant.Vundo.10 NOD32 = a variant of Win32/Ponmocup.AA
ExIF Data	File Size : 35 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 12288 Initialized Data Size : 28672 Uninitialized Data Size : 0 Entry Point : 0x2fda OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-04-26 23:41:39
VirusShare info last updated 2012-09-13 19:11:23

	MD5	7279f33918626434839eabf5c809a2ad
	SHA1	6071b5629598862db442d7056d0d5de19572def9
	SHA256	2eed061d80285c8421d05907ca2a82ae0f50679ee8f99f018837ba1e6f39306a
SSDeep	1536:SmhYj4dtNJu3G8fNSMwamFILh01Y3hyNSbY6Y9l/MqqU+NV23S2EJZMnew:Se81SMwSyy57Cl/MqqDLy/EJZZw
Size	115712 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:Vundo-KF [Trj] Ikarus = Trojan.Win32.Pirminay Panda = Trj/Genetic.gen nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware eTrust-Vet = Win32/Monder.A!generic TrendMicro-HouseCall = TROJ_GEN.R11C2GT Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Artemis!7279F3391862 TrendMicro = TROJ_GEN.R11C2GT Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV PCTools = Trojan.Gen Jiangmin = Trojan/Generic.ijpf McAfee = Artemis!7279F3391862 F-Secure = Gen:Variant.Vundo.4 VIPRE = Virtumonde Avast5 = Win32:Vundo-KF [Trj] F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.BHWY Norman = W32/Crypt.AWAT Symantec = Trojan.Gen GData = Gen:Variant.Vundo.4 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.qgj BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.QGJ
ExIF Data	File Size : 113 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:07:28 14:37:02-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 73728 Initialized Data Size : 90112 Uninitialized Data Size : 0 Entry Point : 0xe9c6 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.0.5.53 Product Version Number : 2.0.5.53 File Flags Mask : 0x30003f File Flags : Pre-release, Private build File OS : Windows 16-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Windows, Latin1 Active Movie : Filter dll OLE Self Register : AM20 Company Name : Intel Ereuuuegcnp File Description : Indeo® audio software File Version : 2.05.53 Internal Name : iac25_32.ax Legal Copyright : Copyright © Intel Corp. 1997 Original Filename : iac25_32.ax Product Name : Indeo® audio software Product Version : 2.05.53
VirusTotal Report submitted 2011-08-25 03:59:28
VirusShare info last updated 2012-09-13 19:18:31

	MD5	76d699fef2b8988c6d2a62f3323adab2
	SHA1	0b718ffb56491777db1d4733e35f2cea1bcaac72
	SHA256	14d9987a3bb192a7add844c4e3f379f7ad183d3963145c905fc80603de2d9ef7
SSDeep	3072:qZok8A8Me7T/nOTDbxOSVORTN1hCXn1wMwHyaXnTcRJGm0w5QkCgxtwIPRZZ4mW:qZokmMe7aTD5VfwMwpmXd6Iq
Size	150016 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:Pirminay-V Antiy-AVL = Trojan/win32.agent.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Gen Panda = Trj/CI.A K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!yLDAZNz0Jc4 TrendMicro-HouseCall = TROJ_GEN.R72C1F8 Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Agent.ni SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Vundo!ix TrendMicro = TROJ_GEN.R72C1F8 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo PCTools = Trojan.Gen McAfee = Vundo!ix F-Secure = Gen:Heur.Ranpax.1 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:Pirminay-V eSafe = Win32.TRATRAPS AVG = Generic22.BDWE Norman = W32/Suspicious_Gen2.MNUTO Symantec = Trojan.Gen GData = Gen:Heur.Ranpax.1 TheHacker = Trojan/Kryptik.ndf BitDefender = Gen:Heur.Ranpax.1 NOD32 = a variant of Win32/Kryptik.NDF
ExIF Data	File Size : 146 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2007:02:25 23:57:15-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 139264 Initialized Data Size : 53248 Uninitialized Data Size : 0 Entry Point : 0x22691 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Sqdxuwjyv Jtzvdxwxyfz File Description : RD Gateway QEC File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : tsgqec.dll Legal Copyright : © Pfsomcmvl Jfkoqfylawb. All rights reserved. Original Filename : tsgqec.dll Product Name : Qidllkosj® Windows® Mphwnomth Jumiqu Product Version : 6.1.7600.16385
VirusTotal Report submitted 2011-06-10 15:21:10
VirusShare info last updated 2012-09-13 19:46:38

	MD5	7d873b13d80a44c2a4e08aab69a7eade
	SHA1	7cb2eeb3646c8a4559522ae458edb78520eed47b
	SHA256	2d74b322197b3782def1b23d8c5e7a11b5c4d293c6d040f875b8ab15b937ffb4
SSDeep	3072:fhT9n+jHfae0uKET0VdrQqQ5SQnglMMqqDLy/JhmGTWp41AJD/H:fV9nk0jVm59KqqDLujmGTWcAt
Size	163840 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-HH [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Fakeav.163840.EV nProtect = Trojan/W32.Agent.163840.AFN K7AntiVirus = Riskware VirusBuster = Trojan.Vundo!0tRL1cf/cMM eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R45C2GK Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Vundo McAfee-GW-Edition = Vundo!jn DrWeb = Trojan.Click2.449 TrendMicro = TROJ_GEN.R45C2GK Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen McAfee = Vundo!jn F-Secure = Application.Generic.372616 VIPRE = Trojan.Win32.Kryptik.laq (v) eSafe = Win32.TRVundo F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.YXL Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Application.Generic.372616 Symantec = Trojan.Gen.2 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Genome.sufl BitDefender = Application.Generic.372616 NOD32 = Win32/Adware.Virtumonde.NHD
ExIF Data	File Size : 160 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:14 06:08:13-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 86016 Initialized Data Size : 118784 Uninitialized Data Size : 0 Entry Point : 0x1147a OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.5479.0 Product Version Number : 6.0.5479.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : SEIKO EPSON CORPORATION File Description : EPSON Print Processor ESC/Page-S File Version : 6.0.5479.0 (vbl_wcp_d2_drivers.060616-1619) Internal Name : ep0lpp01.dll Legal Copyright : Copyright (c) SEIKO EPSON CORPORATION 2006. All rights reserved. Original Filename : ep0lpp01.dll Product Name : EPSON Print Processor ESC/Page-S Product Version : 6.0.5479.0
VirusTotal Report submitted 2012-05-03 13:23:44
VirusShare info last updated 2012-09-13 20:33:34

	MD5	80bbd9f86ff2959e992d0174ebbfc723
	SHA1	0be476ee744666e6be19729e54213d500b337c72
	SHA256	13966c1a1e09326bab4acca45ccaad0de12106b03f4655dcd87862eb216a813f
SSDeep	1536:7ZXgLl8DgbP2CNe1jnfG0BLMaWRsN9Q/6u4GPNN7DxHdb14ATQcdssD:+l8DgbP2CotbBLMJsN+YGlN7tHBdrss
Size	91648 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.A.449 Avast = Win32:MalOb-EI Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Gen Panda = Trj/CI.A K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!V0jn/3aMCyI TrendMicro-HouseCall = TROJ_GEN.R47C2LV Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Vundo McAfee-GW-Edition = Vundo!gv TrendMicro = TROJ_GEN.R47C2LV Microsoft = Trojan:Win32/Vundo PCTools = Trojan.Gen McAfee = Vundo!gv F-Secure = Trojan.Generic.5301249 VIPRE = Trojan.Win32.Generic!BT Prevx = High Risk Cloaked Malware Avast5 = Win32:MalOb-EI F-Prot = W32/MalwareF.VFWB AVG = Cryptic.BQF Norman = W32/Suspicious_Gen2.IVASQ Sophos = Mal/Generic-L Symantec = Trojan.Gen GData = Trojan.Generic.5301249 Commtouch = W32/MalwareF.VFWB TheHacker = Trojan/Kryptik.izc BitDefender = Trojan.Generic.5301249 NOD32 = a variant of Win32/Kryptik.IZC
ExIF Data	File Size : 90 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:06:10 07:21:15-04:00 PE Type : PE32 Linker Version : 5.12 Code Size : 47104 Initialized Data Size : 80384 Uninitialized Data Size : 0 Entry Point : 0xc4d4 OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.5479.0 Product Version Number : 6.0.5479.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 1 Language Code : English (U.S.) Character Set : Unicode Company Name : SEIKO EPSON CORPORATION File Description : EPSON Printer Driver File Version : 6.0.5479.0 (vbl_wcp_d2_drivers.060616-1619) Internal Name : EP0NAR00.DLL Legal Copyright : Copyright (c) SEIKO EPSON CORPORATION 2004. All rights reserved. Original Filename : EP0NAR00.DLL Product Name : EPSON Printer Driver Product Version : 6.0.5479.0
VirusTotal Report submitted 2011-05-04 03:46:52
VirusShare info last updated 2012-09-13 20:54:17

	MD5	815aff2866f0b362d777b9f896fa2259
	SHA1	e388e91ce6a8a26296c3fb7080f6d120e0601540
	SHA256	2f5762d1981b5e5a40238f3c1e8ba1373527bcae33049ff54117efd6f0a618ad
SSDeep	3072:meUzAS1orpDoZeesMqqDLy/9RJ6spc1OZIRWv06:cD15fqqDLuh1
Size	106496 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-HF [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Vundo Panda = Suspicious file Rising = Trojan.Win32.Generic.129C4670 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!Qn41pmXrCYo eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R4FC1K2 Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[Cont] DrWeb = Trojan.WinSpy.1179 TrendMicro = TROJ_GEN.R4FC1K2 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.imoc F-Secure = Gen:Variant.Vundo.4 VIPRE = Virtumonde F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic25.AEIO Norman = W32/Suspicious_Gen2.RJXUH Symantec = Trojan.Gen GData = Gen:Variant.Vundo.4 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.oxo BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.OXO
ExIF Data	File Size : 104 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:05:05 17:25:25-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 20480 Initialized Data Size : 126976 Uninitialized Data Size : 0 Entry Point : 0x5691 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.0.0.3422 Product Version Number : 2.0.0.3422 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : Greek Character Set : Unicode Comments : Company Name : Nweouhwqs Zhqbxhwyili File Description : Uemxhckoe Agent International Dll File Version : 2.00.0.3422 Internal Name : agt0408 Legal Copyright : Copyright (C) Qgshcbkoy Corp. 1998 Legal Trademarks : Original Filename : agt0408.dll Private Build : Product Name : Mgpgmxiax Agent International Dll Product Version : 2.00.0.3422 Special Build :
VirusTotal Report submitted 2012-05-05 17:10:18
VirusShare info last updated 2012-09-13 20:58:14

	MD5	824761dd1e73a80aa1ed0baaab6d5f95
	SHA1	9c9ac0f3e8e13aa2e3a7728980b79e66ba8be1ba
	SHA256	401bdb90991998740aa783e85827424c46d3867e578395843d0fa17b74c61da3
SSDeep	1536:01DGmGjS09shQmiYCCbokLQ3Fe1CnCRJZuTMqqU+NV23S2gB:0nGjSVimiYhbo58kTMqqDLy/gB
Size	86528 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:Vundo-JW Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.FakeAV Panda = Suspicious file nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_GEN.R72C2FP Comodo = UnclassifiedMalware McAfee-GW-Edition = Artemis!824761DD1E73 TrendMicro = TROJ_GEN.R72C2FP Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo Jiangmin = Trojan/Generic.gije McAfee = Artemis!824761DD1E73 F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Vundo-JW eSafe = Win32.TRVundo AVG = Generic23.MIK Norman = W32/Suspicious_Gen2.NBJCE GData = Gen:Variant.Vundo.4 TheHacker = Trojan/Kryptik.owy BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.OWY
ExIF Data	File Size : 84 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:13 09:32:51-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 32768 Initialized Data Size : 106496 Uninitialized Data Size : 0 Entry Point : 0x8a87 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Softpub Forwarder DLL File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : Softpub Forwarder DLL Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : Softpub Forwarder DLL Product Name : Microsoft® Windows® Operating System Product Version : 6.1.7600.16385
VirusTotal Report submitted 2011-06-30 09:07:39
VirusShare info last updated 2012-09-13 21:03:57

	MD5	8423b78d57920f18b1b55e9f30e53fbb
	SHA1	6ddaae945cbc3251b0bcfe24ef57cc6a5d15e65d
	SHA256	44502eb800725ab168199dcf22f347dd9e3209bcdba3b9fd3184a683a02bbfb8
SSDeep	12288:IiaWxzGuy2FOyQVMB38oWTRhHzor5fiz9WPRnLGPXezpLedu2+gT/Dj1n5crwV:4WVy2FyM3p0jor56z4Lzp4hDT/Df
Size	842752 bytes
File Type	PE32 executable (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:Kelihos-D [Trj] Ikarus = Backdoor.Win32.Kelihos AhnLab-V3 = Trojan/Win32.Menti Panda = Trj/Mystic.a K7AntiVirus = Trojan VirusBuster = Trojan.Kryptik!BVyrQAqwxLI eTrust-Vet = Win32/Kelihos.B!generic TrendMicro-HouseCall = TROJ_GEN.R4FC2IG Comodo = Heur.Suspicious Emsisoft = Backdoor.Win32.Kelihos!IK McAfee-GW-Edition = Artemis!8423B78D5792 DrWeb = BackDoor.Slym.25 TrendMicro = TROJ_GEN.R4FC2IG Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Backdoor:Win32/Kelihos.B Fortinet = W32/Pirminay.BMF!tr PCTools = Trojan.Gen McAfee = Artemis!8423B78D5792 F-Secure = Gen:Variant.Kazy.34199 VIPRE = Trojan.Win32.Generic.pak!cobra F-Prot = W32/FakeAlert.QW.gen!Eldorado AVG = Win32/Heri Norman = W32/Kryptik.AFR Sophos = Mal/EncPk-ADY Symantec = Trojan.Gen.2 GData = Gen:Variant.Kazy.34199 Commtouch = W32/FakeAlert.QW.gen!Eldorado TheHacker = Trojan/DownloaderKryptik.rrd BitDefender = Gen:Variant.Kazy.34199 NOD32 = a variant of Win32/Kryptik.RRD
ExIF Data	File Size : 823 kB File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2007:01:20 03:26:26-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 87040 Initialized Data Size : 754688 Uninitialized Data Size : 0 Entry Point : 0x151ff OS Version : 5.0 Image Version : 0.0 Subsystem Version : 5.0 Subsystem : Windows GUI File Version Number : 0.49152.1825.11704 Product Version Number : 0.49152.1825.11704 File Flags Mask : 0x0000 File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Ritlabs S.R.L. File Description : p8VRPaMVR File Version : FmwqCTQCK Internal Name : HNXvnu0NBH71 Legal Copyright : uQOwyQcFPcWDw Original Filename : OsBKk34 Product Name : fAZbnjhHi Product Version : GZEct
VirusTotal Report submitted 2012-05-07 05:53:32
VirusShare info last updated 2012-09-13 21:15:42

	MD5	8450cd704bde34eca326f355f256e9e2
	SHA1	ee4b30bed7143cb6543ad12c96aa23478d14f767
	SHA256	409cf1c3ac50f7e6e7ab1e324626ae3eaa09ade5351cec9ba2b74199e191513f
SSDeep	1536:7bnzdTqhodN3qQcSS5W1yiWhvwBnqIz1x:j4oPaRDCqI5x
Size	106496 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-GD [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Variant.106496.CH Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.13 Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[RE] DrWeb = Trojan.Smardec.76 Microsoft = Trojan:Win32/Vundo.gen!AV F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-GD [Cryp] AVG = Generic22.ACPU GData = Gen:Variant.Vundo.13 TheHacker = Trojan/Kryptik.ndc BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.NDC
ExIF Data	File Size : 104 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:11:03 15:11:13-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 20480 Initialized Data Size : 118784 Uninitialized Data Size : 0 Entry Point : 0x285e OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Ctwzhcunz Yqkslirlifg File Description : SCardDlg - Smart Card Common Dialog File Version : 6.0.6000.16386 (oyzlh_rtm.061101-2205) Internal Name : SCardDlg.dll Legal Copyright : © Aaidkyfuy Sphxtbjtbyu. All rights reserved. Original Filename : SCardDlg.dll Product Name : Rdwsfslrj® Irdlbjv® Fppgzaies Fdfkwz Product Version : 6.0.6000.16386
VirusTotal Report submitted 2011-07-17 12:53:33
VirusShare info last updated 2012-09-13 21:17:02

	MD5	89a4ece68a2507f06393c00294661474
	SHA1	a4e25de2643171eadf3edefa39387249eeb23590
	SHA256	435c9fba0f414b47aafb3250a254dfc53095cc79d4929796e270e4e1516d64ff
SSDeep	3072:vT/Na3+y8c0OT3VPmp7JTSyGtpB0XPkoQGImV9GfoZFgC:vZa3+yehZSt/KPkojuEq
Size	116224 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-GD [Cryp] Ikarus = Trojan.Win32.Pirminay Panda = Suspicious file K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!DolJHQNOyoc eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R06CCLE Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.WinSpy.1241 TrendMicro = TROJ_GEN.R06CCLE Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Vundo Jiangmin = Trojan/Generic.jeds McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic21.BEPA Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.13 Symantec = Trojan.Vundo!gen9 Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Size : 114 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:06:19 19:25:01-04:00 PE Type : PE32 Linker Version : 5.12 Code Size : 61440 Initialized Data Size : 98304 Uninitialized Data Size : 0 Entry Point : 0xbe3a OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7000.0 Product Version Number : 6.1.7000.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Zgceuifrp Tedanqfdubu File Description : Disk Space Cleaner for Vqadkih File Version : 6.1.7000.0 (winmain_win7beta.081212-1400) Internal Name : DATACLEN Legal Copyright : © Zipuvbrmi Adtganguwca. All rights reserved. Original Filename : DATACLEN.DLL Product Name : Rqbvhyqjg® Pinjtal® Ktytesrcy Yafcmd Product Version : 6.1.7000.0
VirusTotal Report submitted 2012-05-10 09:08:05
VirusShare info last updated 2012-09-13 22:05:10

	MD5	8ba8bd22288cb3c129ee47758fdd49d8
	SHA1	7de99dc2ebb9c669cf07e4110f472cc95b8e86c0
	SHA256	4451824b0922f40d0dc0b5caa0857515090cfa96cae3cc73f94640aac1dd6f9e
SSDeep	1536:1HvYj4dtNJu3G8fNyYxwamFILh01Y3hyNS/Y6Y9l/MqqU+NV23S26Mnew:1HP81yYxwSyyN7Cl/MqqDLy/6Zw
Size	115712 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-HF [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Trj/Genetic.gen Rising = Trojan.Win32.Generic.129C2DC7 nProtect = Trojan/W32.Monder.115712.D K7AntiVirus = Riskware VirusBuster = Adware.Virtumonde!R8caCgPGNmY eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R4FC1IG Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Win32.Trojan.Monder.co.5 McAfee-GW-Edition = Generic Malware.j!pec DrWeb = Trojan.WinSpy.1176 TrendMicro = TROJ_GEN.R4FC1IG Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.ijpf McAfee = Generic Malware.j!pec F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.BHWY Norman = W32/Crypt.AWAT Sophos = Troj/Virtum-Gen Symantec = Trojan.Gen GData = Gen:Variant.Vundo.4 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.qgj BitDefender = Gen:Variant.Vundo.4 NOD32 = Win32/Adware.Virtumonde.NHD
ExIF Data	File Size : 113 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:07:28 14:37:02-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 73728 Initialized Data Size : 90112 Uninitialized Data Size : 0 Entry Point : 0xe9c6 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.0.5.53 Product Version Number : 2.0.5.53 File Flags Mask : 0x30003f File Flags : Pre-release, Private build File OS : Windows 16-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Windows, Latin1 Active Movie : Filter dll OLE Self Register : AM20 Company Name : Intel Ereuuuegcnp File Description : Indeo® audio software File Version : 2.05.53 Internal Name : iac25_32.ax Legal Copyright : Copyright © Intel Corp. 1997 Original Filename : iac25_32.ax Product Name : Indeo® audio software Product Version : 2.05.53
VirusTotal Report submitted 2012-05-11 14:15:31
VirusShare info last updated 2012-09-13 22:22:25

	MD5	8c952d20a7a2730eb727d444edf19494
	SHA1	d4cadd61a3299e164f93afad635a1a9b24606d4e
	SHA256	2d53505440366f592a533b6dfc21f0be94afd202293765b1f939de8a96edc143
SSDeep	3072:S+BC6rU50oY8ACaaBacX1z53dFzQMqqDLy/poDbc:SekNA01vFzbqqDLup
Size	131072 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:Vundo-JX Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.4 VirusBuster = Trojan.Vundo.AKMH eTrust-Vet = Win32/Vundo.HPV!genus SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Artemis!8C952D20A7A2 Microsoft = Trojan:Win32/Vundo.gen!AV McAfee = Artemis!8C952D20A7A2 F-Secure = Gen:Variant.Vundo.4 VIPRE = Virtumonde Avast5 = Win32:Vundo-JX AVG = Generic23.AEXX Norman = W32/Suspicious_Gen2.NCOSZ GData = Gen:Variant.Vundo.4 BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Size : 128 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:05 18:48:40-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 86016 Initialized Data Size : 86016 Uninitialized Data Size : 0 Entry Point : 0x151a7 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.1.4026.0 Product Version Number : 2.0.0.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : Ncpniezam Kdqqjqacykd File Description : Movie Maker Filters File Version : 2, 1, 4026, 0 Internal Name : WMM2FILT Legal Copyright : Copyright (C) Lfwckqjlh Corp, 2004 Legal Trademarks : Original Filename : WMM2FILT.DLL Private Build : Product Name : Windows Movie Maker Product Version : 2.1.4026.0 Special Build :
VirusTotal Report submitted 2011-07-02 08:49:39
VirusShare info last updated 2012-09-13 22:30:28

	MD5	a2e0a7b8a94d53323be805d24486d15f
	SHA1	486ac8312a540b5e821c7f79019465c91eef11ca
	SHA256	4371316d87ba372e3e9a7dafd365a15d672412fa411e5c0758203867b2c30534
SSDeep	3072:HOSN4KHkzqoB81ZYXhQ8ebnZ3nnd6GON/:uDb816Qd3YGO
Size	126976 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-GD [Cryp] Ikarus = Trojan.Win32.Pirminay Panda = Generic Trojan nProtect = Gen:Variant.Vundo.13 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!mzpyk6+3vbQ TrendMicro-HouseCall = TROJ_GEN.R31C1IS Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Generic.dx!zsx TrendMicro = TROJ_GEN.R31C1IS Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.jebs McAfee = Generic.dx!zsx F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) eSafe = Win32.TRVundo F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.ADAD Norman = W32/Suspicious_Gen2.MLNKI Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.13 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.ndc BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.NDC
ExIF Data	File Size : 124 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:22 18:06:30-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 28672 Initialized Data Size : 131072 Uninitialized Data Size : 0 Entry Point : 0x479e OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 10.1.7600.16385 Product Version Number : 10.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : Neutral Character Set : Unicode Company Name : Pnlhjydat Nclyeobtiny File Description : Jjdqikajd IME File Version : 10.1.7600.16385 (win7_rtm.090713-1255) Internal Name : imetip.dll Legal Copyright : © Kidfbbruu Fvvypdgzpsn. All rights reserved. Original Filename : imetip.dll Product Name : Ykiyjkswc® Niifhpp® Ulzhozywx System Product Version : 10.1.7600.16385
VirusTotal Report submitted 2011-10-21 16:21:09
VirusShare info last updated 2012-09-14 01:28:26

	MD5	a36c7f21d572ccdf49c42e50f9a648f5
	SHA1	d4fc30dac7a36277d992cdf8acc0c1e894a34a40
	SHA256	41fae8515e55366fde2ca10aa8ced2d7d0428c8dc87f31fee727f1db450c91a5
SSDeep	6144:PIUIA0GG78kMmWejo57eRv51bprEKqqDLuC:QUfHGxe9e15mqnu
Size	198144 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:Pirminay-BU [Trj] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Malware/Win32.Generic Panda = Generic Trojan nProtect = Gen:Variant.Vundo.4 VirusBuster = Trojan.Vundo.Gen!Pac.49 TrendMicro-HouseCall = TROJ_GEN.R47C2G4 Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Vundo!jb DrWeb = Trojan.MulDrop2.36782 TrendMicro = TROJ_GEN.R47C2G4 Microsoft = Trojan:Win32/Vundo PCTools = Trojan.Gen McAfee = Vundo!jb F-Secure = Gen:Variant.Vundo.4 VIPRE = Virtumonde Avast5 = Win32:Pirminay-BU [Trj] eSafe = Win32.TRVundo AVG = Generic23.ZIY Symantec = Trojan.Gen GData = Gen:Variant.Vundo.4 BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Size : 194 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2004:07:22 18:10:03-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 131072 Initialized Data Size : 122880 Uninitialized Data Size : 0 Entry Point : 0x1bcf6 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Zgvxntnwz Jxhzogygshl File Description : Microsoft Neutral Natural Language Server Data and Code File Version : 6.0.6000.16386 (xnqcc_rtm.061101-2205) Internal Name : NlsLexicons002a Legal Copyright : © Xwfsiggvy Zgrxvguvkdl. All rights reserved. Original Filename : NlsLexicons002a.dll Product Name : Bzerkenxk® Nblymkf® Uvvjzzptj Akowjw Product Version : 6.0.6000.16386
VirusTotal Report submitted 2011-07-06 13:40:24
VirusShare info last updated 2012-09-14 01:32:08

	MD5	a49c763dfd854d3899e9b006ac10b1b0
	SHA1	98502ae1cd238621b170f34836a5ac1e52c50031
	SHA256	2f3c6e0a254de950bc32588add1b67406018fe1bcb6b91acbdfa7d43d20bde88
SSDeep	3072:x2ILNyBURweLnj4uYex1bIYeH2KxoE9TCoAZfARjxos7cI:xh5DDuePeWKJBIoJxo
Size	131072 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-EI Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Malware/Win32.Generic Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.13 SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Artemis!A49C763DFD85 Microsoft = Trojan:Win32/Vundo McAfee = Artemis!A49C763DFD85 F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-EI eSafe = Win32.TRVundo AVG = Generic22.BKGL Norman = W32/Suspicious_Gen2.MUVAV GData = Gen:Variant.Vundo.13 TheHacker = Trojan/Kryptik.lxf BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Size : 128 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:09:29 14:44:39-04:00 PE Type : PE32 Linker Version : 5.12 Code Size : 69632 Initialized Data Size : 94208 Uninitialized Data Size : 0 Entry Point : 0xdefe OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.5512 Product Version Number : 5.1.2600.5512 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Bxufqhusc Lsyvnozowtk File Description : USB Miniport Driver for Input Devices File Version : 5.1.2600.5512 (xpsp.080413-2108) Internal Name : HIDUSB.SYS Legal Copyright : © Kkwhopsnl Rujmohcknfq. All rights reserved. Original Filename : HIDUSB.SYS Product Name : Fzvycrpqx® Lpjnpml® Lkuzhsgyu Aezppw Product Version : 5.1.2600.5512
VirusTotal Report submitted 2011-06-14 01:49:15
VirusShare info last updated 2012-09-14 01:41:34

	MD5	a6e3f36732f8e44f0adab7262bac122a
	SHA1	dfd1e9d1c11daa4d1e9e92cf0833f37bda100186
	SHA256	14e35a9b8627131a4b02d81880bc7051fbfef6b9c27c1d08c69ac260a53205e5
SSDeep	768:V2Gn75qznkWJIB/JBoTOZgTHmCX8j8d5qEKW:dkznkGIB/vzZs5zgEKW
Size	34743 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Spy.Gen Avast = Win32:Pirminay-EE [Trj] Ikarus = not-a-virus:AdWare.Win32.SuperJuan Panda = Suspicious file K7AntiVirus = Riskware VirusBuster = Adware.Virtumonde!K4kuc5IXRQo VBA32 = AdWare.SuperJuan.heur TrendMicro-HouseCall = TROJ_GEN.R4FC2H1 Comodo = UnclassifiedMalware Emsisoft = Riskware.AdWare.Win32.SuperJuan!IK McAfee-GW-Edition = Artemis!A6E3F36732F8 DrWeb = Trojan.WinSpy.1558 TrendMicro = TROJ_GEN.R4FC2H1 Kaspersky = not-a-virus:AdWare.Win32.SuperJuan.heur Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Vundo.JT!tr Jiangmin = Adware/SuperJuan.hk McAfee = Artemis!A6E3F36732F8 ClamAV = PUA.Win32.Packer.Armadillo-93 F-Secure = Gen:Variant.Vundo.10 VIPRE = Trojan.Win32.Vundo eSafe = Win32.TRSpy AVG = Generic24.CFPK Norman = W32/Suspicious_Gen2.QPIOQ GData = Gen:Variant.Vundo.10 BitDefender = Gen:Variant.Vundo.10 NOD32 = a variant of Win32/Ponmocup.AA
ExIF Data	File Size : 34 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 8704 Initialized Data Size : 23552 Uninitialized Data Size : 0 Entry Point : 0x30aa OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-06-08 10:18:44
VirusShare info last updated 2012-09-14 01:58:43

	MD5	b1bd2ba1be52cb423eba69ecb4002266
	SHA1	d79c2817ba131dd5ce642060c8127213ed6aad6d
	SHA256	419ddee714a83c15aeab698d8bfc935132d0e12ff6df18d3646cb720078e1705
SSDeep	1536:U45wSC/UXuY28bQJjml9I3k3lQ36QDkUD:UQwx8b20QJj83lQ39k
Size	49664 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.AV.535 Avast = Win32:MalOb-GH Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Malware/Win32.Generic Panda = Trj/CI.A K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_GEN.R72C2FO SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Artemis!B1BD2BA1BE52 TrendMicro = TROJ_GEN.R72C2FO Microsoft = Trojan:Win32/Vundo.gen!AV ViRobot = Trojan.Win32.Vundo.49664 McAfee = Artemis!B1BD2BA1BE52 F-Secure = Trojan.Generic.6157289 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-GH AVG = Generic23.HHG GData = Trojan.Generic.6157289 TheHacker = Trojan/Kryptik.ocu BitDefender = Trojan.Generic.6157289 NOD32 = a variant of Win32/Kryptik.OCU
ExIF Data	File Size : 48 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2004:08:16 10:16:46-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 40960 Initialized Data Size : 49152 Uninitialized Data Size : 0 Entry Point : 0xaeb1 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2001.12.4414.258 Product Version Number : 3.0.0.4414 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Windows, Latin1 Company Name : Yzwibhlqj Ewifvhxbtkz File Description : Simple Kernel-mode File-based Log File Version : 2001.12.4414.258 Internal Name : txflog.sys Legal Copyright : Copyright (C) Microsoft Corp. 1995-1999 Legal Trademarks : Qfvwqsgxa(R) is a registered trademark of Ighyzngxg Psbzwdzhbpn. Pbnyczd(TM) is a trademark of Zlpagiibr Klpywuagrfb Product Name : COM Services Product Version : 03.00.00.4414
VirusTotal Report submitted 2011-07-04 08:53:22
VirusShare info last updated 2012-09-14 03:40:30

	MD5	b462440d204fa5dcc41e7a97c7caa4e5
	SHA1	546b58031179f5dfc821d249c9fd7c4f9543732e
	SHA256	40e9abc81d373b7a7d0ec0da0a7dc1b3df462444d3a7299f44e87d23d603cb84
SSDeep	1536:Ba3I3AzWHWUYe3wgKh6/69QR4WboU0Yi5HPsBD8WpgaZLKq0fvlxosn7u6ybgu:BII3FHW9e3HQ6/6CRghHwwWS4G/lxRnz
Size	95744 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-EI Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Malware/Win32.Generic Panda = Trj/CI.A K7AntiVirus = Riskware VirusBuster = Trojan.Vundo!P9RLGHlWCK4 TrendMicro-HouseCall = TROJ_GEN.R72C2DQ SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Artemis!B462440D204F TrendMicro = TROJ_GEN.R72C2DQ Microsoft = Trojan:Win32/Vundo McAfee = Artemis!B462440D204F F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:MalOb-EI eSafe = Win32.TRVundo AVG = Generic22.JSG Norman = W32/Suspicious_Gen2.LRTJZ BitDefender = Gen:Variant.Vundo.4 NOD32 = probably a variant of Win32/Kryptik.LXF
ExIF Data	File Size : 94 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:10 16:32:48-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 81920 Initialized Data Size : 49152 Uninitialized Data Size : 0 Entry Point : 0x14ab1 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.0 Product Version Number : 5.2.3790.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Xaaxgyesi Pewwrcilsmz File Description : Session Remote Control Utility File Version : 5.2.3790.0 (srv03_rtm.030324-2048) Internal Name : shadow Legal Copyright : © Dvituzzow Tqvhfjhgqcd. All rights reserved. Original Filename : shadow.exe Product Name : Ifimxlxgb® Dpbfokk® Hwwwivmmo Vlmpmg Product Version : 5.2.3790.0
VirusTotal Report submitted 2011-05-05 19:42:36
VirusShare info last updated 2012-09-14 04:13:36

	MD5	b4b2ff3105165c40610631af360049a2
	SHA1	7b36f697ab4530a86a12e412a6f7f4ff2df1e554
	SHA256	2ed17e93b6eeb8406460b444ded2d1906432e4592581a87aae610942a20e5b22
SSDeep	3072:qr8A8Me7T/nzKG+7SVORTN1hCXn1wMwHyaXnTcRJG5kwMfHfxtlIPRZZhoJ:qrmMe73KOVfwMwp5ngBI7
Size	150016 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:MalOb-GD Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Gen Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.13 K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_GEN.R72C2F9 Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Agent.Gen SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Artemis!B4B2FF310516 TrendMicro = TROJ_GEN.R72C2F9 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo PCTools = Trojan.Gen Jiangmin = Trojan/Generic.gdwr McAfee = Vundo!iz F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-GD eSafe = Win32.TRATRAPS AVG = Generic22.BETK Norman = W32/Suspicious_Gen2.MYJMR Symantec = Trojan.Gen GData = Gen:Variant.Vundo.13 TheHacker = Trojan/Kryptik.ndf BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.NDF
ExIF Data	File Size : 146 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2007:02:25 23:57:15-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 139264 Initialized Data Size : 53248 Uninitialized Data Size : 0 Entry Point : 0x22691 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Sqdxuwjyv Jtzvdxwxyfz File Description : RD Gateway QEC File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : tsgqec.dll Legal Copyright : © Pfsomcmvl Jfkoqfylawb. All rights reserved. Original Filename : tsgqec.dll Product Name : Qidllkosj® Windows® Mphwnomth Jumiqu Product Version : 6.1.7600.16385
VirusTotal Report submitted 2011-06-25 11:58:57
VirusShare info last updated 2012-09-14 04:18:31

	MD5	bec9ad36a5dadbd183819924a5516a26
	SHA1	271919b64c046ebe51b3b31f0932dac3a96b2580
	SHA256	42de2729cc8a2a7ff1461ca1a3b4a3082b9d5b8b186eb30cf3f0c961c69682a8
SSDeep	3072:Xl6GG8/m7p7ICtQZRfCl+LX9fLHCc1SMqqDLy/mie91L2wCus:tduNUCGrfCGhuc1xqqDLuY91L
Size	163840 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:Pirminay-BU Antiy-AVL = Trojan/win32.agent.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Malware/Win32.Generic Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_GEN.R72C2FR Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp McAfee-GW-Edition = Artemis!BEC9AD36A5DA TrendMicro = TROJ_GEN.R72C2FR Microsoft = Trojan:Win32/Vundo McAfee = Artemis!BEC9AD36A5DA F-Secure = Trojan.Generic.KDV.259824 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:Pirminay-BU eSafe = Win32.TRVundo AVG = Generic23.NLA GData = Trojan.Generic.KDV.259824 TheHacker = Trojan/Kryptik.llt BitDefender = Trojan.Generic.KDV.259824 NOD32 = a variant of Win32/Kryptik.LLT
ExIF Data	File Size : 160 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:01:22 20:14:16-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 90112 Initialized Data Size : 114688 Uninitialized Data Size : 0 Entry Point : 0x162e7 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.10.1027 Product Version Number : 5.1.0.0 File Flags Mask : 0x001f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Ggvpzttbj File Description : robocopy File Version : 5, 1, 10, 1027 Internal Name : robocopy Legal Copyright : Copyright ⌐ 1995-2004 Original Filename : robocopy.exe Product Name : Dhkrabwoj Robocopy Product Version : XP027
VirusTotal Report submitted 2011-07-06 03:44:08
VirusShare info last updated 2012-09-14 06:41:23

	MD5	c11c21242a1f8213285a7f7e7099d80c
	SHA1	b1fd49eb608a8308d20dea403ca70ba73aaa8b6d
	SHA256	2f6c42ea89023c63c449baf16c4b6a86f42c548e48e5a25a74335eecf7e3d66b
SSDeep	3072:DO9SRrCHaO/I3BS8xjEldJ4mxHT6bkER5E9lvNWD:DZCT+fQHJe5EHK
Size	116736 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.HDC Panda = Trj/CI.A nProtect = Trojan.Vundo.6130 K7AntiVirus = Trojan VirusBuster = Trojan.Kryptik!N2qWTLsy2V0 TrendMicro-HouseCall = TROJ_GEN.R45C2FG Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Artemis!C11C21242A1F DrWeb = Trojan.WinSpy.1558 TrendMicro = TROJ_GEN.R45C2FG Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Generic.jezk McAfee = Artemis!C11C21242A1F F-Secure = Trojan.Vundo.6130 VIPRE = Trojan.Win32.Kryptik.laq (v) eSafe = Win32.TRVundo F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.ANEP Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Trojan.Vundo.6130 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Trojan.Vundo.6130 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Size : 114 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:03:23 11:26:14-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 102400 Initialized Data Size : 57344 Uninitialized Data Size : 0 Entry Point : 0x15bc1 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2001.12.4414.700 Product Version Number : 3.0.0.4414 File Flags Mask : 0x003f File Flags : Special build File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Windows, Latin1 Company Name : Mlkjnpewu Pjenvzsigtw File Version : 2001.12.4414.700 Internal Name : MTXLEGIH.DLL Legal Copyright : Copyright (C) Nifzwuacg Corp. 1995-1999 Legal Trademarks : Hfgeyufkn(R) is a registered trademark of Iudrtbrsi Uaeteqpwngc. Rzbnqbl(TM) is a trademark of Qsudlppwc Ylbhomwlaxg Product Name : COM Services Product Version : 03.00.00.4414
VirusTotal Report submitted 2012-07-12 02:16:59
VirusShare info last updated 2012-09-14 07:06:15

	MD5	ccfd952a68ba57b1f5d76afabdca9e07
	SHA1	12a42895446a1ade09913dd89b6331a17af92021
	SHA256	40697ba2d39f323effbbca7e43d60785859b6985a9bd9bf60e34bdf23ac852e7
SSDeep	3072:/aIv6SWljB0yKcLSKF9Sa1oKEElkoiMqqDLy/5:/aISxBR5mwkEzhqqDLu
Size	167936 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-HH [Cryp] Antiy-AVL = Trojan/Win32.Monder.gen Ikarus = Trojan.Win32.Pirminay Panda = Suspicious file K7AntiVirus = Trojan VirusBuster = Trojan.Kryptik!gXURG8fY7LM TrendMicro-HouseCall = TROJ_GEN.R29C2HI Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Vundo.gen.fy DrWeb = Trojan.WinSpy.1209 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Generic.jjjm McAfee = Vundo.gen.fy F-Secure = Gen:Variant.Vundo.4 VIPRE = Virtumonde F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.AGPT Norman = W32/Suspicious_Gen2.NXOCB Sophos = Troj/Virtum-Gen Symantec = Trojan.Gen GData = Gen:Variant.Vundo.4 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.llt ESET-NOD32 = a variant of Win32/Kryptik.LLT BitDefender = Gen:Variant.Vundo.4
ExIF Data	File Size : 164 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:01:30 02:11:28-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 81920 Initialized Data Size : 126976 Uninitialized Data Size : 0 Entry Point : 0x10ac6 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.2600.5512 Product Version Number : 6.0.2600.5512 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Lviukfxwz Qiestbeqtyh File Description : IIS UIHelper Module File Version : 6.0.2600.5512 (xpsp.080413-0852) Internal Name : uihelper.dll Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : uihelper.dll Product Name : Internet Information Services Product Version : 6.0.2600.5512
VirusTotal Report submitted 2012-08-18 12:50:02
VirusShare info last updated 2012-09-14 08:52:47

	MD5	cefc883d2bb1fcb5d044c9937e505b7d
	SHA1	488487604da48555b040d5481143f4ca2c97c739
	SHA256	16bfee2cc7834993062495ab099049b7173507cb0012763a12741b8064969812
SSDeep	12288:7U5mIa5HUUDNx1cvApshgIrzRqX3KF2SPAZ:jHUUCvApshgI+c7U
Size	393728 bytes
File Type	PE32 executable (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Crypt.XPACK.Gen Avast = Win32:Kryptik-EGJ [Trj] Ikarus = Trojan.SuspectCRC Panda = Trj/Mystic.a nProtect = Trojan.Generic.KD.318495 K7AntiVirus = Trojan VirusBuster = Trojan.Kryptik!RcTi5GqPKLw TrendMicro-HouseCall = TROJ_GEN.R01C7J6 Comodo = TrojWare.Win32.Trojan.Agent.Gen Emsisoft = Trojan.SuspectCRC!IK CAT-QuickHeal = Rogue.Winwebsec (Not a Virus) McAfee-GW-Edition = Heuristic.LooksLike.Win32.Suspicious.C!80 DrWeb = Trojan.Fakealert.24029 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Rogue:Win32/Winwebsec Fortinet = W32/Pirminay.BMF!tr Jiangmin = Win32/Virut.bv McAfee = FakeAlert-SecurityTool.cv ClamAV = W32.Trojan.Agent-356 F-Secure = Trojan.Generic.KD.318495 VIPRE = Trojan.Win32.Generic!BT eSafe = Win32.TRCrypt.XPACK F-Prot = W32/FakeAlert.SU.gen!Eldorado AVG = Generic24.TZE Norman = W32/Suspicious_Gen2.PPHWO Sophos = Mal/EncPk-ADY GData = Trojan.Generic.KD.318495 Commtouch = W32/FakeAlert.SU.gen!Eldorado TheHacker = Trojan/Kryptik.rpv ESET-NOD32 = a variant of Win32/Kryptik.RPV BitDefender = Trojan.Generic.KD.318495
ExIF Data	File Size : 384 kB File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2002:08:13 01:52:40-04:00 PE Type : PE32 Linker Version : 6.0 Code Size : 57856 Initialized Data Size : 308224 Uninitialized Data Size : 0 Entry Point : 0xd42d OS Version : 5.0 Image Version : 0.0 Subsystem Version : 5.0 Subsystem : Windows GUI File Version Number : 1280.0.6283.5496 Product Version Number : 1280.0.6283.5496 File Flags Mask : 0x0000 File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Ritlabs S.R.L. File Description : JgUgci File Version : FbTxTp47ZG Internal Name : kGjfdw Legal Copyright : qI1xsFJ9swmHw Original Filename : mYbZOR0Xf Product Name : jEC17Mr Product Version : 2QBb Warning : Possibly corrupt Version resource
VirusTotal Report submitted 2012-08-06 18:39:12
VirusShare info last updated 2012-09-14 09:16:50

	MD5	e11c7b975b296b91b037c60bdfdc17e8
	SHA1	488274122b3c8b39fca9ea2f4dadfef2a4a48119
	SHA256	14da8e0d0fdd7fa336adf1829adec397beabf011ab4d0da1b19a32a76222285f
SSDeep	1536:016nzdTqJomN3qQcSS5W1yiWhvwBnqIz1x:01U4owaRDCqI5x
Size	106496 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-GD [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Variant.106496.CH Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.13 TrendMicro-HouseCall = TROJ_GEN.R47C2G5 Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[RE] McAfee-GW-Edition = Vundo!jb DrWeb = Trojan.Smardec.76 TrendMicro = TROJ_GEN.R47C2G5 Microsoft = Trojan:Win32/Vundo McAfee = Vundo!jb F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-GD [Cryp] AVG = Generic22.ACPU Norman = W32/Suspicious_Gen2.NGNXU GData = Gen:Variant.Vundo.13 TheHacker = Trojan/Kryptik.ndc BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.NDC
ExIF Data	File Size : 104 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:11:03 15:11:13-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 20480 Initialized Data Size : 118784 Uninitialized Data Size : 0 Entry Point : 0x285e OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Ctwzhcunz Yqkslirlifg File Description : SCardDlg - Smart Card Common Dialog File Version : 6.0.6000.16386 (oyzlh_rtm.061101-2205) Internal Name : SCardDlg.dll Legal Copyright : © Aaidkyfuy Sphxtbjtbyu. All rights reserved. Original Filename : SCardDlg.dll Product Name : Rdwsfslrj® Irdlbjv® Fppgzaies Fdfkwz Product Version : 6.0.6000.16386
VirusTotal Report submitted 2011-07-06 10:59:46
VirusShare info last updated 2012-09-14 12:40:26

	MD5	e47f7b4f36e4c6b25791c2986c87f5c7
	SHA1	45ec7b4a5a196a40531c72f66e34bc79c5125efc
	SHA256	18382d8cc7f4d899eb5d017b074bb5a87cd4d4cbe2111914e43f41696a336e68
SSDeep	6144:WBqK7UEcZlQcb1K/ts/AnWN+2yhT3mRDBIqqDLus:WMK7oZH1LBNryNmRDBNqnu
Size	226816 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:Pirminay-BU [Trj] Antiy-AVL = Trojan/win32.agent.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Malware/Win32.Generic Panda = Trj/CI.A K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!7KE5+rOsuVo TrendMicro-HouseCall = TROJ_GEN.R72C2G4 Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Artemis!E47F7B4F36E4 DrWeb = Trojan.MulDrop2.36782 TrendMicro = TROJ_GEN.R72C2G4 Microsoft = Trojan:Win32/Vundo McAfee = Artemis!E47F7B4F36E4 F-Secure = Trojan.Generic.KDV.267937 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Pirminay-BU [Trj] eSafe = Win32.TRVundo AVG = Generic23.XGT Norman = W32/Suspicious_Gen2.MZQVZ GData = Trojan.Generic.KDV.267937 TheHacker = Trojan/Kryptik.llt BitDefender = Trojan.Generic.KDV.267937 NOD32 = a variant of Win32/Kryptik.LLT
ExIF Data	File Size : 222 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:31 10:04:02-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 196608 Initialized Data Size : 86016 Uninitialized Data Size : 0 Entry Point : 0x2ca8e OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.0.2134.1 Product Version Number : 5.0.0.5174 File Flags Mask : 0x003f File Flags : (none) File OS : Windows 16-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Windows, Latin1 Company Name : Eastman Software, Inc., A Kodak Business File Description : PRINT LIBRARY File Version : 5.00.2134.1 Legal Copyright : Copyright © Kodak, 1989-1997 Original Filename : OIPRT400.DLL Product Name : Imaging for Otckacm® Product Version : 5.00.2134.1
VirusTotal Report submitted 2011-07-11 23:59:09
VirusShare info last updated 2012-09-14 13:03:04

	MD5	e741672af8ad792075b7f033e9974389
	SHA1	e3a5f81da26ee722b46856dd5ac9fa50f1b79828
	SHA256	16aba308516301ec3b9441a0b0625e14b4878b925161499da46080ac3c1ef6ef
SSDeep	768:YSWCa1Obt1heSqBPB5QKSeKBjibwx+7nOzt6tQD2BNQX+GMS8puVDKhkUsoAOgb6:YSQqfhAPB5pSeQSwYnRQD2PQQDs6sRqv
Size	83545 bytes
File Type	PE32 executable (GUI) Intel 80386, for MS Windows
Detections	Avast = Win32:Trojan-gen Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Gen.Variant.Vundo eTrust-Vet = Win32/Swisyn.DT McAfee-GW-Edition = Artemis!E741672AF8AD McAfee = Artemis!E741672AF8AD Prevx = High Risk Cloaked Malware Avast5 = Win32:Trojan-gen AVG = Generic20.CKFC GData = Win32:Trojan-gen
ExIF Data	File Size : 82 kB File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2002:08:30 20:58:54-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 16384 Initialized Data Size : 618496 Uninitialized Data Size : 0 Entry Point : 0x44c0 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI Warning : Error processing PE data dictionary
VirusTotal Report submitted 2011-02-11 00:23:27
VirusShare info last updated 2012-09-14 13:18:53

	MD5	e868c1a167136503598fb80335ebdf03
	SHA1	af04f814b1d33846c9dff64182ff579d5a3c519c
	SHA256	2e1917ca467c27dc1d26722dbe76a9d9db60fb9632e99d327a39687ee06948b8
SSDeep	768:TVsWg8F9QNZ70GvuhSnZ6ttEre9cTnjGa3yMuoIfopzZYiCG1voNG:hsd8zcZESZfrA4n6a3yXw4UVEG
Size	45056 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-EI Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Malware/Win32.Generic Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.5 K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_GEN.R72C2F7 Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[RE] TrendMicro = TROJ_GEN.R72C2F7 Microsoft = Trojan:Win32/Vundo F-Secure = Gen:Variant.Vundo.5 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-EI AVG = Generic22.BCWA GData = Gen:Variant.Vundo.5 BitDefender = Gen:Variant.Vundo.5 NOD32 = a variant of Win32/Kryptik.NDF
ExIF Data	File Size : 44 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:06:29 08:26:07-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 8192 Initialized Data Size : 81920 Uninitialized Data Size : 0 Entry Point : 0x21bb OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Rrwzemgyf Haethwaimyw File Description : Vfgpnzr Shell Obsolete APIs File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : SHUNIMPL Legal Copyright : © Yogxmvoen Corporation. All rights reserved. Original Filename : SHUNIMPL.DLL Product Name : Onncmrceu® Mchcgeg® Vqbgvfzrf System Product Version : 6.1.7600.16385
VirusTotal Report submitted 2011-06-09 23:09:08
VirusShare info last updated 2012-09-14 13:27:36

	MD5	f72bab81f9c37ece06cdc1f037584637
	SHA1	2c6dc41100546f1a2aa1af3c62cecc79e1312183
	SHA256	1492dfb7a92b769e29e7e2da526df43d6f254a6ef07d667e494f186ec5b83de8
SSDeep	1536:7zr/mGBGk9shufOiYfbbo0LQ3FK1CnCRJZu8MqqU+NV23S2u:7uGBGl4WiYDboF8k8MqqDLy/u
Size	86528 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:Vundo-JW Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.FakeAV Panda = Suspicious file nProtect = Gen:Variant.Vundo.4 Comodo = UnclassifiedMalware McAfee-GW-Edition = Vundo!ja Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Jiangmin = Trojan/Generic.gije McAfee = Vundo!ja F-Secure = Gen:Variant.Vundo.4 VIPRE = Virtumonde Avast5 = Win32:Vundo-JW AVG = Generic23.AFTV GData = Gen:Variant.Vundo.4 TheHacker = Trojan/Kryptik.owy BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.OWY
ExIF Data	File Size : 84 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:13 09:32:51-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 32768 Initialized Data Size : 106496 Uninitialized Data Size : 0 Entry Point : 0x8a87 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Softpub Forwarder DLL File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : Softpub Forwarder DLL Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : Softpub Forwarder DLL Product Name : Microsoft® Windows® Operating System Product Version : 6.1.7600.16385
VirusTotal Report submitted 2011-07-02 07:00:06
VirusShare info last updated 2012-09-14 15:01:54

	MD5	f7c8e4679885a1175544801a1da2e298
	SHA1	56ade2072e07251c87c29d68956c1cd9dbba7d6f
	SHA256	43615da7a84d65f5fcb2c4b6fe832036063e05c705932a41cc4d8a68a8f7514c
SSDeep	3072:BCCFb8BbJlvOUOXuLzicOeihixJqsQZD2G6jtFJ1+b3Ilte+qCoiMqqDLy/W1W:wCF253O6EeiAvRYIlezqqDLugW
Size	188928 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:Pirminay-BU [Trj] Ikarus = Trojan.Win32.Pirminay Panda = Suspicious file nProtect = Gen:Variant.Katusha.5 VirusBuster = Trojan.Vundo.Gen!Pac.49 Emsisoft = Trojan.Win32.Pirminay!IK DrWeb = Trojan.MulDrop2.36782 Microsoft = Trojan:Win32/Vundo.gen!AV F-Secure = Gen:Variant.Katusha.5 VIPRE = Virtumonde Avast5 = Win32:Pirminay-BU [Trj] AVG = Generic23.AELP GData = Gen:Variant.Katusha.5 BitDefender = Gen:Variant.Katusha.5 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Size : 184 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:11 22:43:04-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 147456 Initialized Data Size : 90112 Uninitialized Data Size : 0 Entry Point : 0x20b82 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.0.0.3422 Product Version Number : 2.0.0.3422 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : Microsoft Corporation File Description : Microsoft Agent Data Provider File Version : 2.00.0.3422 Internal Name : AgentDataProvider Legal Copyright : Copyright (C) Microsoft Corp. 1997-98 Legal Trademarks : Original Filename : AgentDpv.dll Private Build : Product Name : Microsoft Agent Data Provider Product Version : 2.00.0.3422 Special Build :
VirusTotal Report submitted 2011-07-18 08:41:28
VirusShare info last updated 2012-09-14 15:05:21

	MD5	ff8d5e3703b6eb7164225b1556300790
	SHA1	38ab3b7c3c74900e47a34e5c3a9bfcbeb325bc98
	SHA256	404bdae9023267b335e83c804ccb478806a2b7c4b849eb024524e26708b494ce
SSDeep	3072:p4X1XnbiTip2rUnvjfXbhhwFArie0/0NkFfuldMqqDLy/1R+9:p4luTavbwFw0skFf1qqDLuK
Size	137216 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Gen Panda = Generic Trojan nProtect = Gen:Variant.Vundo.4 TrendMicro-HouseCall = TROJ_GEN.R47C1FR Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[RE] McAfee-GW-Edition = Generic.dx!zvm TrendMicro = TROJ_GEN.R47C1FR Microsoft = Trojan:Win32/Vundo Fortinet = W32/Dx.ZVM!tr PCTools = Trojan.Gen McAfee = Generic.dx!zvm F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Malware-gen eSafe = Win32.TRVundo AVG = Generic23.AUN Norman = W32/Suspicious_Gen2.MXFUE Symantec = Trojan.Gen GData = Gen:Variant.Vundo.4 TheHacker = Trojan/Kryptik.llt BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LLT
ExIF Data	File Size : 134 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:05 17:20:27-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 73728 Initialized Data Size : 114688 Uninitialized Data Size : 0 Entry Point : 0xe2ca OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.2180 Product Version Number : 5.1.2600.2180 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 6 Language Code : English (U.S.) Character Set : Unicode Company Name : Keixqbqdc Bwvleejxlrx File Description : IPv6 Tfwssbn Firewall Driver File Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Internal Name : ip6fw.sys Legal Copyright : © Capanacsh Bngdmkceeph. All rights reserved. Original Filename : ip6fw.sys Product Name : Kdgurrwrx® Bddpqkb® Xxzlbjwzi System Product Version : 5.1.2600.2180
VirusTotal Report submitted 2011-07-05 00:49:49
VirusShare info last updated 2012-09-14 15:53:03

	MD5	03bacddb0a0f7f9f8f06ca92a6533fc4
	SHA1	159db0a45be10141809f4733c3f5b8836e71787f
	SHA256	4179c9843cbfe5c2ed73a9bb16ab8ad92603a850cc8b8fd78ae95f0ed36fffaf
SSDeep	3072:YV1IYJ57ZZzYH3Df2hJ0lyMqqDLy/YeX:YrJtDUogqqDLuz
Size	106496 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-HH [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Vundo Panda = Trj/Genetic.gen nProtect = Trojan/W32.Genome.106496.AB K7AntiVirus = Trojan VirusBuster = Trojan.Kryptik!BTt8LQgAobM Comodo = TrojWare.Win32.Agent.ahyr Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Faldesc[Cont] McAfee-GW-Edition = Generic Malware.ms Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Generic.ikcs McAfee = Generic Malware.ms F-Secure = Gen:Heur.Ranpax.1 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Vundo.MH Norman = W32/Crypt.AWAV Symantec = Trojan.Gen GData = Gen:Heur.Ranpax.1 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.qgj ESET-NOD32 = a variant of Win32/Kryptik.QGJ BitDefender = Gen:Heur.Ranpax.1
ExIF Data	File Size : 104 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:15 03:11:02-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 45056 Initialized Data Size : 114688 Uninitialized Data Size : 0 Entry Point : 0x71b6 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7000.0 Product Version Number : 6.1.7000.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Dqobcighi Wexdayufmti File Description : Jbwdkjait DirectMusic Wave File Version : 6.1.7000.0 (winmain_win7beta.081212-1400) Internal Name : Qvunieave DirectMusic Wave Legal Copyright : © Mjkuhcxyt Fdynyqlkbfc. All rights reserved. Original Filename : dsave.dll Product Name : Regkuctuq® Hndhxzt® Wzqbwbzfu Fmiopt Product Version : 6.1.7000.0
VirusTotal Report submitted 2012-09-13 02:44:43
VirusShare info last updated 2012-09-14 16:14:23

	MD5	21769bc8f8054daf350ffbce7a66bf93
	SHA1	7405f989e2cef4040be8c04d97f3d5b1631b5277
	SHA256	149472a8093c90fea3ba214b9c4c3d868215e6d3643b3554a13641831fde311b
SSDeep	3072:9VTP8p57wZzYH3Df2hJAlZMqqDLy/YeX:9CptGUoXqqDLuz
Size	106496 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-HH [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Vundo Panda = Trj/Genetic.gen Rising = Trojan.Win32.Generic.128AFE01 nProtect = Trojan/W32.Genome.106496.AB K7AntiVirus = Trojan VirusBuster = Adware.KXRVLNQ!KKAn7rFt2cA TrendMicro-HouseCall = TROJ_GEN.R4FC1I2 Comodo = TrojWare.Win32.Agent.ahyr Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Faldesc[Cont] McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.Smardec.75 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Generic.ikcs McAfee = Generic Malware.ms F-Secure = Gen:Heur.Ranpax.1 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Vundo.MH Norman = W32/Crypt.AWAV Symantec = Trojan.Gen GData = Gen:Heur.Ranpax.1 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.qgj ESET-NOD32 = a variant of Win32/Kryptik.QGJ BitDefender = Gen:Heur.Ranpax.1
ExIF Data	File Size : 104 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:15 03:11:02-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 45056 Initialized Data Size : 114688 Uninitialized Data Size : 0 Entry Point : 0x71b6 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7000.0 Product Version Number : 6.1.7000.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Dqobcighi Wexdayufmti File Description : Jbwdkjait DirectMusic Wave File Version : 6.1.7000.0 (winmain_win7beta.081212-1400) Internal Name : Qvunieave DirectMusic Wave Legal Copyright : © Mjkuhcxyt Fdynyqlkbfc. All rights reserved. Original Filename : dsave.dll Product Name : Regkuctuq® Hndhxzt® Wzqbwbzfu Fmiopt Product Version : 6.1.7000.0
VirusTotal Report submitted 2012-09-13 08:46:05
VirusShare info last updated 2012-09-14 16:52:02

	MD5	2315da50169e04567aee10bad0eea772
	SHA1	c252d3bd5076b2bb5690f090923cfcc49ad0180e
	SHA256	2e2bf56668ee42300053f4d104ca60e347967f47f339d117d4dc52cd68a0666d
SSDeep	3072:fhfnbJcae0XBB30Dd6eqQ5eQnglMMqqDLy/XhmGTWp41AJO/H:fhn2++D15BKqqDLuxmGTWcAI
Size	163840 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-HH [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Trj/CI.A nProtect = Trojan/W32.Agent.163840.AFN K7AntiVirus = Trojan VirusBuster = Adware.Virtumonde!V3MgBlNA9FI TrendMicro-HouseCall = TROJ_GEN.R4FC1KP Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Vundo McAfee-GW-Edition = Vundo.gen.fy DrWeb = Trojan.Click2.449 TrendMicro = TROJ_GEN.R4FC1KP Kaspersky = Trojan.Win32.Monder.nnuv Microsoft = Trojan:Win32/Vundo.gen!AV ViRobot = Trojan.Win32.A.Monder.163840.A Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Monder.aeqo McAfee = Vundo.gen.fy F-Secure = Gen:Variant.TDss.65 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Vundo.MH Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen Symantec = Trojan.Gen.2 GData = Gen:Variant.TDss.65 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Genome.sufl ESET-NOD32 = Win32/Adware.Virtumonde.NHD BitDefender = Gen:Variant.TDss.65
ExIF Data	File Size : 160 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:14 06:08:13-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 86016 Initialized Data Size : 118784 Uninitialized Data Size : 0 Entry Point : 0x1147a OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.5479.0 Product Version Number : 6.0.5479.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : SEIKO EPSON CORPORATION File Description : EPSON Print Processor ESC/Page-S File Version : 6.0.5479.0 (vbl_wcp_d2_drivers.060616-1619) Internal Name : ep0lpp01.dll Legal Copyright : Copyright (c) SEIKO EPSON CORPORATION 2006. All rights reserved. Original Filename : ep0lpp01.dll Product Name : EPSON Print Processor ESC/Page-S Product Version : 6.0.5479.0
VirusTotal Report submitted 2012-09-13 09:08:20
VirusShare info last updated 2012-09-14 16:53:18

	MD5	4fa7149908672c889efd938664a53a85
	SHA1	f1ba20c7098aea00fe46c7e8a3cf3329455d0068
	SHA256	4481cdbbc2c49d40968c2e44a1d375ea0a30ffdb81071db2babc7c504e1efefb
SSDeep	3072:lQa2i4N5n3Ub8HszzVPuV6Awuhg6SNmCddlUMmfgHPFsiEMqqDLy/5dJm:XcNpkbGTVO1sMmfgH2wqqDLux
Size	184320 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-HH [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Vundo Panda = Suspicious file K7AntiVirus = Trojan VirusBuster = Trojan.Vundo.Gen!Pac.49 TrendMicro-HouseCall = TROJ_GEN.R4FC2IE Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Vundo McAfee-GW-Edition = Heuristic.BehavesLike.Win32.Suspicious-DTR.K DrWeb = Trojan.Click1.54577 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr TotalDefense = Win32/Vundo.H!generic McAfee = Vundo.gen.fy F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Vundo.MH Norman = W32/Suspicious_Gen2.QGMNS Sophos = Troj/Virtum-Gen Symantec = Trojan.Gen GData = Gen:Variant.Vundo.4 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.llt ESET-NOD32 = a variant of Win32/Kryptik.LLT BitDefender = Gen:Variant.Vundo.4
ExIF Data	File Size : 180 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2007:02:28 11:10:14-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 106496 Initialized Data Size : 118784 Uninitialized Data Size : 0 Entry Point : 0x162e2 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Disk Management DCOM Interface Stub File Version : 6.0.6000.16386 (vista_rtm.061101-2205) Internal Name : dmintf.dll Legal Copyright : Copyright© 1985-2002 Microsoft Corporation. All rights reserved. .Portions Copyright © 1997-2002 Veritas Software. All rights reserved. Original Filename : dmintf.dll Product Name : Microsoft® Windows® Operating System Product Version : 6.0.6000.16386
VirusTotal Report submitted 2012-09-13 17:11:32
VirusShare info last updated 2012-09-14 18:05:49

	MD5	665f76de3c4f9c0b5b06b915e9ea099b
	SHA1	fb38845b128c98cd71a7a2e50fd893753d638ad4
	SHA256	14ac2c878679f091549fc389d7a71ad89bd037c3ce29b00b3d924ca2c39f0e65
SSDeep	3072:qa8A8Me7T/nRIW645SVORTN1hCXn1wMwHyaXnTcRJG70wMFN0xt4IPRZZMLA:qamMe7tIWyVfwMwp7X0rIS
Size	150016 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:MalOb-GD [Cryp] Antiy-AVL = Trojan/win32.agent.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.HDC Panda = Suspicious file K7AntiVirus = Trojan VirusBuster = Trojan.Kryptik!thbAziBP9ZE TrendMicro-HouseCall = TROJ_GEN.R72C2F8 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[Cont] McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.WinSpy.1313 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Generic.gdwr McAfee = Generic Malware.ms F-Secure = Gen:Heur.Ranpax.1 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.BEIP Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen Symantec = Trojan.Gen GData = Gen:Heur.Ranpax.1 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.ndf ESET-NOD32 = a variant of Win32/Kryptik.NDF BitDefender = Gen:Heur.Ranpax.1
ExIF Data	File Size : 146 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2007:02:25 23:57:15-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 139264 Initialized Data Size : 53248 Uninitialized Data Size : 0 Entry Point : 0x22691 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Sqdxuwjyv Jtzvdxwxyfz File Description : RD Gateway QEC File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : tsgqec.dll Legal Copyright : © Pfsomcmvl Jfkoqfylawb. All rights reserved. Original Filename : tsgqec.dll Product Name : Qidllkosj® Windows® Mphwnomth Jumiqu Product Version : 6.1.7600.16385
VirusTotal Report submitted 2012-09-13 20:56:51
VirusShare info last updated 2012-09-14 18:31:54

	MD5	695167c365262eeca4cfdeb3f87da1c9
	SHA1	174460221972125f9d70692c403acda9d096fa67
	SHA256	2cfab7cb3928c7e81e9501e451e4ba61a9525c40f4860cac265d21612e58b955
SSDeep	3072:MMb1IVLs05WNzmn+O38ES/rKXBGfK/L8uxxXy3qCSAMD3mx:FI20okfArfK7LTrD3G
Size	115200 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Crypt.XPACK.Gen Avast = Win32:MalOb-GD [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Vundo Panda = Trj/Genetic.gen nProtect = Trojan.Generic.5966796 K7AntiVirus = Trojan VirusBuster = Trojan.Kryptik!vQSNDz7YIVE TrendMicro-HouseCall = TROJ_GEN.R72C2F2 Emsisoft = Trojan.Win32.Pirminay!IK Comodo = TrojWare.Win32.Kryptik.LLT SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[Cont] McAfee-GW-Edition = Vundo.gen.fy DrWeb = Trojan.WinSpy.1276 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Generic.fnxb McAfee = Vundo.gen.fy VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Vundo.MH Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen Symantec = Trojan.Gen GData = Trojan.Generic.5966796 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.llt ESET-NOD32 = a variant of Win32/Kryptik.LLT BitDefender = Trojan.Generic.5966796
ExIF Data	File Size : 112 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:06:11 15:18:07-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 102400 Initialized Data Size : 49152 Uninitialized Data Size : 0 Entry Point : 0x19601 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.0.0.3422 Product Version Number : 2.0.0.3422 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : Rlikrttkj Ibietanazzz File Description : Jugqectay Character Animation Data Provider File Version : 2.00.0.3422 Internal Name : AgentDataProvider2 Legal Copyright : Copyright (C) Bhgtbibxy Corp. 1997-98 Legal Trademarks : Original Filename : AgentDp2.dll Private Build : Product Name : Nrrmupjma Character Animation Data Provider Product Version : 2.00.0.3422 Special Build :
VirusTotal Report submitted 2012-09-13 21:23:54
VirusShare info last updated 2012-09-14 18:35:44

	MD5	79d8793bf8e193c530afdb6a088fb0cf
	SHA1	3d6b1accaebb0675e90706edfbf876eec5ad4cbc
	SHA256	446cdfaf5299352563d2a727f5052a8540742d1f3bf78f4d0495a504614f66ac
SSDeep	3072:IFDFGQhZ9g/Lrmi/doqsFVuL0xX5MjVbwj0CZyafQJWzvX2o5Zfqb:IbGQhmLq0YGL0xX5swjrZLwWzfJfq
Size	139776 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Microsoft = Trojan:Win32/Vundo.gen!AV Kaspersky = HEUR:Trojan.Win32.Generic Avast = Win32:MalOb-EI [Cryp] Fortinet = W32/Kryptik.ANL!tr TotalDefense = Win32/Vundo.H!generic Antiy-AVL = Trojan/win32.agent.gen Ikarus = Trojan.Win32.Pirminay Jiangmin = Trojan/Generic.mmnu McAfee = Generic Malware.ms AhnLab-V3 = Trojan/Win32.Monder Panda = Trj/Genetic.gen K7AntiVirus = Trojan VirusBuster = Trojan.Kryptik!3ZsFnCP8rEo VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Vundo.MH Norman = W32/Kryptik.AIF TrendMicro-HouseCall = TROJ_GEN.R4FC3FP Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[Cont] Commtouch = W32/Virtumonde.CH.gen!Eldorado McAfee-GW-Edition = Generic Malware.ms TheHacker = Trojan/Kryptik.llt DrWeb = Trojan.WinSpy.1396 ESET-NOD32 = a variant of Win32/Kryptik.LLT
ExIF Data	File Size : 136 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2007:12:31 08:21:02-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 86016 Initialized Data Size : 102400 Uninitialized Data Size : 0 Entry Point : 0x11e3a OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7000.0 Product Version Number : 6.1.7000.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Yufjgoqkg Lthxyltuyit File Description : Multimedia Class Scheduler Service File Version : 6.1.7000.0 (winmain_win7beta.081212-1400) Internal Name : mmcss.dll Legal Copyright : © Mzbqqmipl Mfueuwtxidl. All rights reserved. Original Filename : mmcss.dll Product Name : Rrkezhxjl® Khxauhj® Qznuguzah Dcqkhz Product Version : 6.1.7000.0
VirusTotal Report submitted 2012-09-14 00:06:17
VirusShare info last updated 2012-09-14 18:54:24

	MD5	7c37a6f1bbe8a296b8c3d0c7a95441ad
	SHA1	2e7fe4b7061d220e653449b629772b412c87b9de
	SHA256	4413d3c25335cee4dc7bbfa63474a56bd49b255394204522d9cce01a8c30e264
SSDeep	3072:zS3i7bVEnOQ5UP6hKRXuS6S9L3e2ta2OMdj3Kx8oo:zSKVEnOQ5UyhZK973aodj6g
Size	129194 bytes
File Type	PE32 executable (GUI) Intel 80386, for MS Windows
Detections	AntiVir = BDS/Zegost.lklqb Avast = Win32:Inject-AAB [Trj] Ikarus = Trojan.Win32.MMM AhnLab-V3 = Trojan/Win32.Pirminay Panda = Suspicious file Rising = Trojan.Win32.Fednu.dqy nProtect = Trojan/W32.Gofy.129194 K7AntiVirus = Riskware VirusBuster = Trojan.Fusing!LQoIvgAmeOs VBA32 = Trojan.Gofy.bg TrendMicro-HouseCall = TROJ_GAMETH.SML3 Emsisoft = Trojan.Win32.MMM!IK Comodo = TrojWare.Win32.Magania.~acku CAT-QuickHeal = (Suspicious) - DNAScan SUPERAntiSpyware = Adware.Tencent McAfee-GW-Edition = Heuristic.LooksLike.Win32.SuspiciousPE.J DrWeb = Trojan.MulDrop1.43142 TrendMicro = TROJ_GAMETH.SML3 Kaspersky = Trojan.Win32.Gofy.bg ViRobot = Trojan.Win32.A.Gofy.128857 Microsoft = Backdoor:Win32/Hupigon.ZAI Fortinet = W32/Redosdru.BED!tr TotalDefense = Win32/Gofy.J Jiangmin = Heur:Backdoor/PcClient McAfee = Artemis!7C37A6F1BBE8 ClamAV = Trojan.Agent-184133 F-Secure = Trojan.Dropper.Agent.VCD VIPRE = Trojan.Win32.Generic.pak!cobra F-Prot = W32/Gofy.A.gen!Eldorado AVG = Agent2.BHBO Norman = W32/Suspicious_Gen2.BXXWU Sophos = Mal/Generic-L Symantec = Trojan.Gen GData = Trojan.Dropper.Agent.VCD Commtouch = W32/Gofy.A.gen!Eldorado ESET-NOD32 = a variant of Win32/Farfli.GX BitDefender = Trojan.Dropper.Agent.VCD
ExIF Data	File Size : 126 kB File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2010:08:15 23:53:30-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 10240 Initialized Data Size : 117248 Uninitialized Data Size : 0 Entry Point : 0x22000 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1.0.0.1001 Product Version Number : 1.0.0.1001 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : Chinese (Simplified) Character Set : Unicode Comments : Company Name : Tencent File Description : 微软快捷方式更新漏洞补丁,如果安全软件发生阻止,请放行,否则造成任何后果微软不负责任. File Version : 1.0.16.1 Internal Name : QQImeChecker Legal Copyright : Copyright 2007-2010 Tencent. All Rights Legal Trademarks : Original Filename : QQImeChecker Private Build : Product Name : Tencent Product Version : 1.0.16.1 Special Build :
VirusTotal Report submitted 2012-09-14 00:24:53
VirusShare info last updated 2012-09-14 18:57:17

	MD5	e136b765e85142d74bf2566e112308fb
	SHA1	1336194813281564e107972f399b022dfc033652
	SHA256	2e2f2756dc0509ca01283f7395a305036d3debe6b704d9bfd1f5e2d74ee68669
SSDeep	3072:PPQs7n44N5n3UbGNszzuPDo6gw79gziNmCdblUMmfgHPFsiMMqqDLy/xhdJm:PbbNpkbKvoud6MmfgH2IqqDLuxZ
Size	184320 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-HH [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Vundo Panda = Suspicious file K7AntiVirus = Trojan VirusBuster = Trojan.Vundo.Gen!Pac.49 TrendMicro-HouseCall = TROJ_GEN.R4FC1KP SUPERAntiSpyware = Trojan.Agent/Gen-Vundo McAfee-GW-Edition = Heuristic.BehavesLike.Win32.Suspicious-DTR.K DrWeb = Trojan.Click1.54577 TrendMicro = TROJ_GEN.R4FC1KP Kaspersky = HEUR:Trojan.Win32.Generic TotalDefense = Win32/Vundo.H!generic Fortinet = W32/Kryptik.QGJ!tr McAfee = Vundo.gen.fy F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado Norman = W32/Suspicious_Gen2.QGJES AVG = Vundo.MH Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.llt ESET-NOD32 = a variant of Win32/Kryptik.LLT
ExIF Data	File Size : 180 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2007:02:28 11:10:14-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 106496 Initialized Data Size : 118784 Uninitialized Data Size : 0 Entry Point : 0x162e2 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Disk Management DCOM Interface Stub File Version : 6.0.6000.16386 (vista_rtm.061101-2205) Internal Name : dmintf.dll Legal Copyright : Copyright© 1985-2002 Microsoft Corporation. All rights reserved. .Portions Copyright © 1997-2002 Veritas Software. All rights reserved. Original Filename : dmintf.dll Product Name : Microsoft® Windows® Operating System Product Version : 6.0.6000.16386
VirusTotal Report submitted 2012-09-14 16:41:05
VirusShare info last updated 2012-09-14 20:57:11

	MD5	035dd3a8a3f16f8bf5f51e5844b9f9bc
	SHA1	118f67910e3939c266c5eab79b7a21668aeb9181
	SHA256	158ad503092009c96ddb55b7a32e6a35a9ec2ad7b6dfecb96a15259ad5e264e5
SSDeep	3072:A9ZPZwkRQE3DXgKgaF5yycuTZGisL7kLIsbr5DEhHEw+MA/ZDUW1f6yFzTC:A9XTRHTXgjaGPtXITbrxeH/+Mmvpn2
Size	233217 bytes
File Type	PE32 executable (GUI) Intel 80386, for MS Windows
Detections	Avast = Win32:Trojan-gen Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Gen.Variant.Vundo AhnLab-V3 = Malware/Win32.Generic Panda = Suspicious file K7AntiVirus = Riskware VirusBuster = Trojan.Priminay.A eTrust-Vet = Win32/Swisyn.DT Comodo = UnclassifiedMalware Emsisoft = Gen.Variant.Vundo!IK McAfee-GW-Edition = Artemis!035DD3A8A3F1 Microsoft = TrojanDownloader:Win32/Renos.KC Jiangmin = Trojan/Pirminay.jp McAfee = Artemis!035DD3A8A3F1 F-Secure = Trojan.Generic.5574285 Avast5 = Win32:Trojan-gen eSafe = Win32.Artemis AVG = Generic20.CKFC Norman = W32/Suspicious_Gen2.dam Sophos = Mal/Generic-E GData = Trojan.Generic.5574285 TheHacker = Trojan/Downloader.Agent.pxo BitDefender = Trojan.Generic.5574285 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Size : 228 kB File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2002:08:30 20:58:54-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 16384 Initialized Data Size : 618496 Uninitialized Data Size : 0 Entry Point : 0x44c0 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI Warning : Error processing PE data dictionary
VirusTotal Report submitted 2011-03-24 20:16:58
VirusShare info last updated 2012-09-15 02:29:20

	MD5	07a0e848a818cca772eda98fc1edff9a
	SHA1	6664e8f6389aa0f8ba697c92598e8f076b0b5f82
	SHA256	162f240a96fccba65870bf28501a8243669905f0e08d9fa928423343be07f516
SSDeep	1536:tuBnzdTqjoXN3qQcSS5W1yiWhvwB3qIz1x:8tmodaRDuqI5x
Size	106496 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-GD Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Malware/Win32.Generic Panda = Generic Trojan nProtect = Gen:Variant.Vundo.13 SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[RE] McAfee-GW-Edition = Artemis!07A0E848A818 DrWeb = Trojan.Smardec.76 Microsoft = Trojan:Win32/Vundo PCTools = Trojan.Gen McAfee = Artemis!07A0E848A818 F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-GD AVG = Generic22.ACPU Symantec = Trojan.Gen GData = Gen:Variant.Vundo.13 TheHacker = Trojan/Kryptik.ndc BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.NDC
ExIF Data	File Size : 104 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:11:03 15:11:13-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 20480 Initialized Data Size : 118784 Uninitialized Data Size : 0 Entry Point : 0x285e OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Ctwzhcunz Yqkslirlifg File Description : SCardDlg - Smart Card Common Dialog File Version : 6.0.6000.16386 (oyzlh_rtm.061101-2205) Internal Name : SCardDlg.dll Legal Copyright : © Aaidkyfuy Sphxtbjtbyu. All rights reserved. Original Filename : SCardDlg.dll Product Name : Rdwsfslrj® Irdlbjv® Fppgzaies Fdfkwz Product Version : 6.0.6000.16386
VirusTotal Report submitted 2011-06-29 12:24:17
VirusShare info last updated 2012-09-15 02:52:50

	MD5	173f70ad63d9365bcbf79c86c1900a14
	SHA1	146cd2b6802821f69b2e08202cc7a96f2d975c8e
	SHA256	16185d3e3b67c70158551f9197c7b8c0e114ca60f7364da80740a95961e6530d
SSDeep	3072:fnVM32LT7QxRfQEW2gGlJjyJcwvTj2MHj:a3sw1QEngS6sMD
Size	108032 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.13.9 Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Gen Panda = Generic Trojan VirusBuster = Trojan.Vundo!yjpb6jkNFKo Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Vundo McAfee-GW-Edition = Vundo!hs Microsoft = Trojan:Win32/Vundo PCTools = Trojan.Gen McAfee = Vundo!hs F-Secure = Gen:Variant.Vundo.13 VIPRE = Virtumonde Prevx = Medium Risk Malware Avast5 = Win32:Malware-gen Symantec = Trojan.Gen.2 BitDefender = Gen:Variant.Vundo.13
ExIF Data	File Size : 106 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:06:19 13:18:21-04:00 PE Type : PE32 Linker Version : 5.12 Code Size : 57344 Initialized Data Size : 94208 Uninitialized Data Size : 0 Entry Point : 0xad49 OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Btxmalesx Qspoakhbhnb File Description : Shell scrap object handler File Version : 5.1.2600.0 (nfunjbyq.010817-1148) Internal Name : shole Legal Copyright : © Hcsqowbmc Gehywoayxwc. All rights reserved. Original Filename : SHSCRAP.DLL Product Name : Usvzfyxox® Bydffez® Makrhcoel Kkzetx Product Version : 5.1.2600.0
VirusTotal Report submitted 2011-04-24 01:41:40
VirusShare info last updated 2012-09-15 04:29:16

	MD5	4b13b710d851d8500d58bcc051a31550
	SHA1	617fea83db33507cc3405bb23f8e3946d9254c5b
	SHA256	1c3637fd14d5ed92eccfa31eec9055425303e0b09e7430277e43cb784ac664e1
SSDeep	1536:RQS3YyRekhq10fcFy2Ekw+M9EpeERm/TE+fmFWE/v8qx1H+x0SxqAl3:Z3Yy5hqishNGyeE8/TE+fmFZ8I1ex53
Size	131072 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Malware/Win32.Generic Panda = Trj/CI.A K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_GEN.R72C2D6 Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Vundo SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Artemis!4B13B710D851 TrendMicro = TROJ_GEN.R72C2D6 Microsoft = Trojan:Win32/Vundo McAfee = Artemis!4B13B710D851 VIPRE = Trojan.Win32.Generic!BT Prevx = High Risk System Back Door Avast5 = Win32:Malware-gen AVG = Generic21.BKXZ GData = Trojan.Generic.5727277 BitDefender = Trojan.Generic.5727277 NOD32 = probably a variant of Win32/Kryptik.LXF
ExIF Data	File Size : 128 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:08:08 12:20:53-04:00 PE Type : PE32 Linker Version : 5.12 Code Size : 110592 Initialized Data Size : 53248 Uninitialized Data Size : 0 Entry Point : 0x1bec1 OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7000.0 Product Version Number : 6.1.7000.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Hwlvhnnaf Hsopsnoqiga File Description : Media Foundation H264 Encoder File Version : 6.1.7000.0 (winmain_win7beta.081212-1400) Internal Name : Media Foundation H264 Encoder Legal Copyright : © Buukogwnp Qliirutbyfn. All rights reserved. Original Filename : mfH264Enc.dll Product Name : Tvzsjayqb® Odfhqkx® Tvuxpmkhy Oakqgn Product Version : 6.1.7000.0
VirusTotal Report submitted 2011-04-19 23:37:39
VirusShare info last updated 2012-09-15 11:06:11

	MD5	5e3aef59eaf07a575fe6138840b29a21
	SHA1	0200aa2d4acf22e598dbadf4150d47fcbe6c754c
	SHA256	160adf213b9aa4af7906ca60cb76186bc40244386315ecb292ff1d892c94b3f7
SSDeep	3072:YcG8/m7p7ICuQZRfCl+LBvATJHC1SMqqDLy/je91L2wCps:jduNUC1rfCMKk1xqqDLua91L
Size	163840 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:Pirminay-BU [Trj] Antiy-AVL = Trojan/win32.agent.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Malware/Win32.Generic Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_GEN.R72C2FR Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp McAfee-GW-Edition = Artemis!5E3AEF59EAF0 TrendMicro = TROJ_GEN.R72C2FR Microsoft = Trojan:Win32/Vundo McAfee = Artemis!5E3AEF59EAF0 F-Secure = Trojan.Generic.KDV.259770 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:Pirminay-BU [Trj] eSafe = Win32.TRVundo AVG = Generic23.MZS GData = Trojan.Generic.KDV.259770 TheHacker = Trojan/Kryptik.llt BitDefender = Trojan.Generic.KDV.259770 NOD32 = a variant of Win32/Kryptik.LLT
ExIF Data	File Size : 160 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:01:22 20:14:16-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 90112 Initialized Data Size : 114688 Uninitialized Data Size : 0 Entry Point : 0x162e7 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.10.1027 Product Version Number : 5.1.0.0 File Flags Mask : 0x001f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Ggvpzttbj File Description : robocopy File Version : 5, 1, 10, 1027 Internal Name : robocopy Legal Copyright : Copyright ⌐ 1995-2004 Original Filename : robocopy.exe Product Name : Dhkrabwoj Robocopy Product Version : XP027
VirusTotal Report submitted 2011-07-06 20:27:48
VirusShare info last updated 2012-09-15 13:01:52

	MD5	8de4340a8682dfe2b24d57f6b740f5be
	SHA1	f29268522c940c13029aec479051a5e60c632639
	SHA256	1c387a5b0cb52a2d7c87a255e8f2afc0ef80b6e542e3c638be4642693b1b8f52
SSDeep	3072:B8CFb8B2JlvOUOhrZicOeehixQsQZD2E6jtIJaYRIlNARCoLMqqDLy/W1W:yCFD53O1KeeAzXuIl8mqqDLugW
Size	188928 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:Pirminay-BU [Trj] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Gen Panda = Suspicious file nProtect = Gen:Variant.Katusha.5 VirusBuster = Trojan.Vundo.Gen!Pac.49 TrendMicro-HouseCall = TROJ_GEN.R1BC2G2 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Vundo!ja DrWeb = Trojan.MulDrop2.36782 TrendMicro = TROJ_GEN.R1BC2G2 Microsoft = Trojan:Win32/Vundo.gen!AV PCTools = Trojan.Gen McAfee = Vundo!ja F-Secure = Gen:Variant.Katusha.5 VIPRE = Virtumonde Avast5 = Win32:Pirminay-BU [Trj] AVG = Generic23.AELP Symantec = Trojan.Gen GData = Gen:Variant.Katusha.5 BitDefender = Gen:Variant.Katusha.5 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Size : 184 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:11 22:43:04-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 147456 Initialized Data Size : 90112 Uninitialized Data Size : 0 Entry Point : 0x20b82 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.0.0.3422 Product Version Number : 2.0.0.3422 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : Microsoft Corporation File Description : Microsoft Agent Data Provider File Version : 2.00.0.3422 Internal Name : AgentDataProvider Legal Copyright : Copyright (C) Microsoft Corp. 1997-98 Legal Trademarks : Original Filename : AgentDpv.dll Private Build : Product Name : Microsoft Agent Data Provider Product Version : 2.00.0.3422 Special Build :
VirusTotal Report submitted 2011-07-17 22:58:29
VirusShare info last updated 2012-09-15 15:58:34

	MD5	91e68fabc293c9b72fb43a24215b5fd3
	SHA1	b6d1491e0c35be44c2dd64f28dc8a9c8be0e50c6
	SHA256	1643bcf34721e0c00d7ddd82ffaabcc26c3861c3a8c95a3860304ec72e5a0e56
SSDeep	3072:z3hQ79HZpiJKoQdQycBGTo0/I+fsTrJgPGrN/:z3uR5MMxS6bA+IyPGrN
Size	119296 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Packed/Win32.Generic Panda = Trj/CI.A K7AntiVirus = Riskware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Vundo.av Microsoft = Trojan:Win32/Vundo.gen!AV PCTools = HeurEngine.MaliciousPacker F-Secure = Gen:Variant.Vundo.4 VIPRE = Virtumonde Prevx = High Risk Cloaked Malware Avast5 = Win32:Malware-gen F-Prot = W32/Virtumonde.BZ.gen!Eldorado Symantec = Packed.Generic.305 GData = Gen:Variant.Vundo.4 Commtouch = W32/Virtumonde.BZ.gen!Eldorado BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Injector.DSI
ExIF Data	File Size : 116 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:08:08 04:48:59-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 75264 Initialized Data Size : 80384 Uninitialized Data Size : 0 Entry Point : 0x134bd OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.0.63.48 Product Version Number : 5.0.63.48 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Intel Indeo® video 5.10 Quick Compressor Company Name : Intel Corporation. File Description : Intel Indeo® video 5.10 Quick Compressor File Version : R.5.10.63.2.48 Internal Name : ir50_qc Legal Copyright : Copyright © 1994-1997 Intel Corp. Original Filename : ir50_qc.dll Product Name : Intel Indeo® video 5.10 Quick Compressor Product Version : R.5.10.63.2.48
VirusTotal Report submitted 2011-04-30 09:15:38
VirusShare info last updated 2012-09-15 16:21:29

	MD5	c1c3bc9d3d7c63df624c3eac301d10d3
	SHA1	7b05f8fdbd5978efd436aef5292fa08a650e3a21
	SHA256	187e0bd3ef243758df6099cae0894dbc8f5a9e6b5deb108d56641b5433ead78c
SSDeep	3072:Bq99kllosQnm8+ldS/uo77XKK7U6OOjCFehNNUhhmxxmUUvvvY++eFdbFHMqqDLj:DS/uCU6OOjCFe67sqqDLu4P7Y88
Size	262144 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.AV.927 Avast = Win32:MalOb-HF [Cryp] Antiy-AVL = Trojan/Win32.Monder.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Genome Panda = Generic Trojan Rising = Trojan.Win32.Generic.12A26D2F K7AntiVirus = Trojan VirusBuster = Trojan.Kryptik!9Oiq9UICnoM TrendMicro-HouseCall = TROJ_GEN.R4FC1JO Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.WinSpy.1477 TrendMicro = TROJ_GEN.R4FC1JO Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Monder.BMF!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Generic.inou McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) eSafe = Win32.GenVariant.Vun F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic25.BZOI Norman = W32/Suspicious_Gen2.RNRAB Sophos = Troj/Virtum-Gen Symantec = Trojan.Gen.2 GData = Gen:Variant.Vundo.4 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.sur ESET-NOD32 = a variant of Win32/Kryptik.SUR BitDefender = Gen:Variant.Vundo.4
ExIF Data	File Size : 256 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:08:21 14:57:39-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 184320 Initialized Data Size : 118784 Uninitialized Data Size : 0 Entry Point : 0x2da61 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Anzivbxzl Hjwkqrsnzvg File Description : Server Database Storage Utilities File Version : 5.1.2600.0 (tvwwiqml.010817-1148) Internal Name : esentutl.exe Legal Copyright : © Myfkdepov Lgzutvajbwy. All rights reserved. Original Filename : esentutl.exe Product Name : Wljjwniha® Vctpyhk® Juangwfex Oahwzd Product Version : 5.1.2600.0
VirusTotal Report submitted 2012-08-13 18:12:12
VirusShare info last updated 2012-09-15 19:39:34

	MD5	c66aa0551981d2b8d842c05ba53a78df
	SHA1	9157ace8495c1ceb6a8d025f23db45ffd13bdf08
	SHA256	17a41d0c23ac9fd00b7f450323dcb78f8363788769a32f8862fc5afe7b068ffb
SSDeep	3072:mkU2QLcmzua8vcL/maK+wTvT7k94Z6S4DN5G5galRQQyWlOQI:mkU2bmCadL/mf+0C4TO7YgTWlOQ
Size	155648 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.307200 Avast = Win32:MalOb-GD [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Vundo Panda = Trj/Genetic.gen nProtect = Trojan/W32.Agent.155648.YZ K7AntiVirus = Trojan VirusBuster = Adware.Virtumonde!6sdzlQBIBgk TrendMicro-HouseCall = TROJ_GEN.R47C1HC Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.Juan.431 TrendMicro = TROJ_GEN.R47C1HC Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV ViRobot = Trojan.Win32.A.Monder.155648.S Fortinet = W32/Moder.DRJY!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.H!generic Jiangmin = Adware/SuperJuan.me McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.4 VIPRE = Virtumonde F-Prot = W32/Virtumonde.CD.gen!Eldorado AVG = Cryptic.DQQ Norman = W32/Suspicious_Gen2.MKSGT Sophos = Troj/Virtum-Gen Symantec = Trojan.Gen.2 GData = Gen:Variant.Vundo.4 Commtouch = W32/Virtumonde.CD.gen!Eldorado ESET-NOD32 = a variant of Win32/Adware.Virtumonde.NHN BitDefender = Gen:Variant.Vundo.4
ExIF Data	File Size : 152 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:02 11:26:41-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 94208 Initialized Data Size : 94208 Uninitialized Data Size : 0 Entry Point : 0x13d85 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7000.0 Product Version Number : 6.1.7000.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 2 Language Code : Neutral Character Set : Unicode Company Name : Zgctqjuhl Ufgitmzmetc File Description : Azeri-Latin Keyboard Layout File Version : 6.1.7000.0 (winmain_win7beta.081212-1400) Internal Name : kbdazel (3.13) Legal Copyright : © Zfsoqeftj Idmmgpdsrsv. All rights reserved. Original Filename : kbdazel.dll Product Name : Gbxsssaag® Yfjydck® Dxjnbnulb Yvutlr Product Version : 6.1.7000.0
VirusTotal Report submitted 2012-08-15 07:05:33
VirusShare info last updated 2012-09-15 20:03:36

	MD5	cbd62177def84dbb3d559099328d7d51
	SHA1	0a806496a2d8dc0c9e9a03c1f9ee631c3606a708
	SHA256	15b414b8768b058459814ab6452a512d7d19f7ce83903914e8fdac24f8c3981f
SSDeep	1536:8TQ+XmGGLm2V9shp7iY+tbodLQ3F31CnCRJZuLMqqU+NV23S2H:8TYGGLmxr7iYKbo78kLMqqDLy/H
Size	86528 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:Vundo-JW [Trj] Antiy-AVL = Trojan/win32.agent.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Fakeav.86528.R Panda = Suspicious file nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!39w4wv2NNEY TrendMicro-HouseCall = TROJ_GEN.R72C2FR Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Generic.dx!zvr TrendMicro = TROJ_GEN.R72C2FR Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo Fortinet = W32/Dx.ZVR!tr Jiangmin = Trojan/Generic.gije McAfee = Generic.dx!zvr F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Vundo-JW [Trj] eSafe = Win32.TRVundo AVG = Generic23.OSV Norman = W32/Suspicious_Gen2.MXLCW GData = Gen:Variant.Vundo.4 TheHacker = Trojan/Kryptik.owy BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.OWY
ExIF Data	File Size : 84 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:13 09:32:51-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 32768 Initialized Data Size : 106496 Uninitialized Data Size : 0 Entry Point : 0x8a87 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Softpub Forwarder DLL File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : Softpub Forwarder DLL Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : Softpub Forwarder DLL Product Name : Microsoft® Windows® Operating System Product Version : 6.1.7600.16385
VirusTotal Report submitted 2011-07-09 21:59:49
VirusShare info last updated 2012-09-15 20:30:50

	MD5	cde5a8cb4b16ebb5c741b5a9cd10592c
	SHA1	21e427882060cb223cdb1be74f66c55dbd7242fc
	SHA256	159e3f755a76e89d16922ae059ce0307c500ca3fc671c79b2195113d6cb5cc56
SSDeep	6144:uavqQTMNrxYMRcm2cmlbyFWwv5VTinnoCr/:toEbYl5Vuno
Size	217088 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-GD [Cryp] Ikarus = Trojan.Win32.Pirminay Panda = Suspicious file K7AntiVirus = Trojan VirusBuster = Trojan.Kryptik!8ztG0Ht8g+s TrendMicro-HouseCall = TROJ_GEN.R72C2ET McAfee-GW-Edition = Artemis!CDE5A8CB4B16 DrWeb = Trojan.WinSpy.1306 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Generic.gtuz McAfee = Vundo.gen.fy F-Secure = Gen:Variant.Vundo.6 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.AYKX Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.6 Commtouch = W32/Virtumonde.CH.gen!Eldorado ESET-NOD32 = probably a variant of Win32/Kryptik.LXF
ExIF Data	File Size : 212 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:08:10 09:01:37-04:00 PE Type : PE32 Linker Version : 6.0 Code Size : 151552 Initialized Data Size : 102400 Uninitialized Data Size : 0 Entry Point : 0x25a31 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.5479.0 Product Version Number : 6.0.5479.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 1 Language Code : English (U.S.) Character Set : Unicode Company Name : SEIKO EPSON CORPORATION File Description : EPSON Printer Driver File Version : 6.0.5479.0 (vbl_wcp_d2_drivers.060616-1619) Internal Name : ep0lvr1m.dll Legal Copyright : Copyright (c) SEIKO EPSON CORPORATION 2003-2004. All rights reserved. Original Filename : ep0lvr1m.dll Product Name : EPSON Printer Driver Product Version : 6.0.5479.0
VirusTotal Report submitted 2012-08-07 12:59:01
VirusShare info last updated 2012-09-15 20:45:25

	MD5	f19a6d7d30e2a239c570a56fc1849ec0
	SHA1	2915701b6018233735756329412a684615990a4d
	SHA256	194de82ad41f3c91396d4a9ca80860b03497fce765865241eb79377e7908381a
SSDeep	3072:S+J26rU50oY8AC2aG9cXvnQ0K2dFz1MqqDLy/boDbc:qekVq0/jpFz2qqDLub
Size	131072 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:Vundo-JX [Trj] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/Genetic.gen nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware VirusBuster = Trojan.Vundo.AKMH eTrust-Vet = Win32/Vundo.HPV!genus TrendMicro-HouseCall = TROJ_GEN.R72C1GB Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Vundo!ja TrendMicro = TROJ_GEN.R72C1GB Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/VUNDO.JA!tr PCTools = Trojan.Gen F-Secure = Gen:Variant.Vundo.4 VIPRE = Virtumonde Avast5 = Win32:Vundo-JX [Trj] eSafe = Win32.TRVundo AVG = Generic23.AKII Norman = W32/Suspicious_Gen2.NIUWI Symantec = Trojan.Gen GData = Gen:Variant.Vundo.4 BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Size : 128 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:05 18:48:40-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 86016 Initialized Data Size : 86016 Uninitialized Data Size : 0 Entry Point : 0x151a7 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.1.4026.0 Product Version Number : 2.0.0.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : Ncpniezam Kdqqjqacykd File Description : Movie Maker Filters File Version : 2, 1, 4026, 0 Internal Name : WMM2FILT Legal Copyright : Copyright (C) Lfwckqjlh Corp, 2004 Legal Trademarks : Original Filename : WMM2FILT.DLL Private Build : Product Name : Windows Movie Maker Product Version : 2.1.4026.0 Special Build :
VirusTotal Report submitted 2011-07-20 09:38:12
VirusShare info last updated 2012-09-16 01:11:17

	MD5	1fa40f73045c0d21bce4e23743d248e0
	SHA1	da6288c70caad70749ffec1927f7c9cf8393c378
	SHA256	1d74f6fb4d524b20aaf49f72d653737306d492c2247bc672b6b2b00eabde5474
SSDeep	3072:Lpb1IVLs05WNzmn+O7OEtvMzKXBGfK/t8uXxX7qCDAqD3px:LI20okfsrfKNBd9D3T
Size	115200 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Crypt.XPACK.Gen Avast = Win32:MalOb-GD [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Vundo Panda = Trj/Genetic.gen K7AntiVirus = Trojan VirusBuster = Trojan.Kryptik!fZdU6wrfgIU TrendMicro-HouseCall = TROJ_GEN.R72C2F8 Comodo = TrojWare.Win32.Kryptik.LLT Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[Cont] McAfee-GW-Edition = Vundo.gen.fy DrWeb = Trojan.WinSpy.1276 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Generic.fnxb McAfee = Vundo.gen.fy F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Vundo.MH Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen Symantec = Trojan.Gen GData = Gen:Variant.Vundo.4 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.llt ESET-NOD32 = a variant of Win32/Kryptik.LLT BitDefender = Gen:Variant.Vundo.4
ExIF Data	File Size : 112 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:06:11 15:18:07-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 102400 Initialized Data Size : 49152 Uninitialized Data Size : 0 Entry Point : 0x19601 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.0.0.3422 Product Version Number : 2.0.0.3422 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : Rlikrttkj Ibietanazzz File Description : Jugqectay Character Animation Data Provider File Version : 2.00.0.3422 Internal Name : AgentDataProvider2 Legal Copyright : Copyright (C) Bhgtbibxy Corp. 1997-98 Legal Trademarks : Original Filename : AgentDp2.dll Private Build : Product Name : Nrrmupjma Character Animation Data Provider Product Version : 2.00.0.3422 Special Build :
VirusTotal Report submitted 2012-09-15 09:34:45
VirusShare info last updated 2012-09-16 02:57:24

	MD5	35c2d459b1777f508cf8de9353c8ddfb
	SHA1	cfabbb903a9e8a90ccb2b4ae644c9ddb22331f5e
	SHA256	1700dad943a8cf3a7a391b2b278304923c7d4a9ffe8dd4b05785c3f9b79ba263
SSDeep	3072:Nj0LGA/uNe917ZCvrFZ63opO4I/N8h/f0sztaNd8w9:IJk5Z63olI/N8hftaNd8
Size	122880 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Vundo Panda = Trj/Genetic.gen K7AntiVirus = Trojan VirusBuster = Trojan.Kryptik!OAE8q3Gak4Y TrendMicro-HouseCall = TROJ_GEN.R72C2F8 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[Cont] McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.Click1.60738 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Genome.ahsn McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CP.gen!Eldorado AVG = Generic22.AVHV Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen Symantec = Trojan.Gen GData = Gen:Variant.Vundo.4 Commtouch = W32/Virtumonde.CP.gen!Eldorado TheHacker = Trojan/Kryptik.npn ESET-NOD32 = a variant of Win32/Kryptik.NPN BitDefender = Gen:Variant.Vundo.4
ExIF Data	File Size : 120 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:08:13 05:18:23-04:00 PE Type : PE32 Linker Version : 6.0 Code Size : 65536 Initialized Data Size : 90112 Uninitialized Data Size : 0 Entry Point : 0x10601 OS Version : 4.0 Image Version : 4.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.0 Product Version Number : 5.2.3790.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Hsdvqnyoh Cpcesubqphb File Description : Multicast Information File Version : 5.2.3790.0 (srv03_rtm.030324-2048) Internal Name : mrinfo.exe Legal Copyright : © Microsoft Dvypfayrpii. All rights reserved. Original Filename : mrinfo.exe Product Name : Rtoifpmee® Xiqutyy® Zyxcszupj System Product Version : 5.2.3790.0
VirusTotal Report submitted 2012-09-15 12:30:13
VirusShare info last updated 2012-09-16 03:30:11

	MD5	46fbb55291d6c8b30f8c7c1a4d2f665a
	SHA1	d8ac859d7b43d2432b0cfd77254c7a5fb21eed90
	SHA256	1d6cfc3308dbb0190197f4bbda5bde4742bec9015b3559999d79f653c19e1c0e
SSDeep	3072:AQe724N5n3Ubc8szz+P4k6ZwlmgKSrNmCdplUMmfgHPFsioMqqDLy/8dJm:41NpkbFsk3rZwMmfgH2wqqDLuo
Size	184320 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Vundo Panda = Suspicious file K7AntiVirus = Trojan VirusBuster = Trojan.Vundo.Gen!Pac.49 TrendMicro-HouseCall = TROJ_GEN.R4FC2I2 Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Vundo McAfee-GW-Edition = Heuristic.BehavesLike.Win32.Suspicious-DTR.K DrWeb = Trojan.Click1.54577 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.H!generic McAfee = Vundo.gen.fy F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Vundo.MH Norman = W32/Suspicious_Gen2.QGHLX Sophos = Troj/Virtum-Gen Symantec = Trojan.Gen GData = Gen:Variant.Vundo.4 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.llt ESET-NOD32 = a variant of Win32/Kryptik.LLT BitDefender = Gen:Variant.Vundo.4
ExIF Data	File Size : 180 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2007:02:28 11:10:14-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 106496 Initialized Data Size : 118784 Uninitialized Data Size : 0 Entry Point : 0x162e2 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Disk Management DCOM Interface Stub File Version : 6.0.6000.16386 (vista_rtm.061101-2205) Internal Name : dmintf.dll Legal Copyright : Copyright© 1985-2002 Microsoft Corporation. All rights reserved. .Portions Copyright © 1997-2002 Veritas Software. All rights reserved. Original Filename : dmintf.dll Product Name : Microsoft® Windows® Operating System Product Version : 6.0.6000.16386
VirusTotal Report submitted 2012-09-15 14:33:50
VirusShare info last updated 2012-09-16 03:52:34

	MD5	56f8262e6bfe30b3ce28fb7a670deb75
	SHA1	183dd97be2ca58b8e340844641c940233771c76f
	SHA256	175140ebbd4052c9c760fa9b85e294b025265cd33bcff284832e0e0be037c433
SSDeep	3072:vjMaakKH7mtj7oG8vmxweCrf7PuTiIRfULmobEo7j31F:vjNak13oG8v4weuKRR8LmsBF
Size	120832 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-GD [Cryp] Antiy-AVL = Trojan/win32.agent.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Vundo Panda = Trj/Genetic.gen nProtect = Trojan/W32.Genome.120832 K7AntiVirus = Trojan VirusBuster = Trojan.Kryptik.Gen.16 TrendMicro-HouseCall = TROJ_GEN.R72C2G4 Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[Cont] McAfee-GW-Edition = Vundo.gen.fy DrWeb = Trojan.WinSpy.1073 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Generic.imrk McAfee = Vundo.gen.fy F-Secure = Trojan.Generic.6152344 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Cryptic.DXA Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen Symantec = Trojan.Gen GData = Trojan.Generic.6152344 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.npn ESET-NOD32 = a variant of Win32/Kryptik.NPN BitDefender = Trojan.Generic.6152344
ExIF Data	File Size : 118 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:14 13:39:47-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 69632 Initialized Data Size : 94208 Uninitialized Data Size : 0 Entry Point : 0x11a81 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1.3.0.3130 Product Version Number : 1.3.0.3130 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Jywyluocc Vhpbrgajfmp File Description : TDC ActiveX Control File Version : 1, 3, 0, 3130 Internal Name : TDC Legal Copyright : Copyright © 1996, 1997 Original Filename : TDC.OCX Product Name : Tabular Data Control Product Version : 1, 3, 0, 3130
VirusTotal Report submitted 2012-09-15 16:35:21
VirusShare info last updated 2012-09-16 04:19:15

	MD5	06dcc49f185ffe5d574477cf86bf123e
	SHA1	3896edb54f780ceac30a6b2ff2a00a86c8114b86
	SHA256	420467c81437f87ba89cf61ded4fccb6fe4336ec1166ba88927705f6dc6a89d2
SSDeep	1536:VNnzdTqUodN3qQcSS5W1yiWhvwBCqIz1x:zNoPaRDbqI5x
Size	106496 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-GD [Cryp] Antiy-AVL = Trojan/Win32.Monder.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Variant.106496.CH Panda = Suspicious file K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!/L7zh8F4fB4 eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R45C2FG Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Win32.Trojan.Monder.cc.5 SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[Cont] McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.Smardec.76 TrendMicro = TROJ_GEN.R45C2FG Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Monder.BMF!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.ipss McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) eSafe = Win32.TRVundo F-Prot = W32/Virtumonde.CP.gen!Eldorado AVG = Generic22.ACPU Norman = W32/Kryptik.AIF Sophos = Mal/Generic-L GData = Gen:Variant.Vundo.13 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CP.gen!Eldorado TheHacker = Trojan/Kryptik.ndc BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.NDC
ExIF Data	File Size : 104 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:11:03 15:11:13-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 20480 Initialized Data Size : 118784 Uninitialized Data Size : 0 Entry Point : 0x285e OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Ctwzhcunz Yqkslirlifg File Description : SCardDlg - Smart Card Common Dialog File Version : 6.0.6000.16386 (oyzlh_rtm.061101-2205) Internal Name : SCardDlg.dll Legal Copyright : © Aaidkyfuy Sphxtbjtbyu. All rights reserved. Original Filename : SCardDlg.dll Product Name : Rdwsfslrj® Irdlbjv® Fppgzaies Fdfkwz Product Version : 6.0.6000.16386
VirusTotal Report submitted 2012-02-14 11:00:21
VirusShare info last updated 2012-09-16 11:39:33

	MD5	085e6228cfe0b9f38cc8861115f7e6d2
	SHA1	2e4cab52e31f10a6cfcc48f9709e2c42d2800d42
	SHA256	1cfaa665a9b9bd41efc30a45db7fe7513b78084a395b8ab959ac5ec03f945add
SSDeep	1536:BLi3sLq7G0alvv+DN8IdOZJqNs7zm92gcItv6txf4jiVmiEQ+UMsXKukPi+psIuC:BG3s+7G0QOQrxQjiAiOUMsXKukPi+psA
Size	98304 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-EI Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Gen Panda = Suspicious file nProtect = Gen:Variant.Vundo.13 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!5ypgR7vBM3o TrendMicro-HouseCall = TROJ_GEN.R4FC2FM SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[RE] McAfee-GW-Edition = Artemis!085E6228CFE0 TrendMicro = TROJ_GEN.R4FC2FM Microsoft = Trojan:Win32/Vundo PCTools = Trojan.Gen McAfee = Artemis!085E6228CFE0 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-EI Norman = W32/Suspicious_Gen2.MRKYF Symantec = Trojan.Gen GData = Gen:Variant.Vundo.13 TheHacker = Trojan/Kryptik.oxo BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.OXO
ExIF Data	File Size : 96 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:08:30 21:54:27-04:00 PE Type : PE32 Linker Version : 6.0 Code Size : 32768 Initialized Data Size : 98304 Uninitialized Data Size : 0 Entry Point : 0x86d1 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Unicode Company Name : Updhtwtvi Ruivycwxfwr File Description : Platform Specific Hardware Error Driver File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : pshed.dll Legal Copyright : © Pscomdbey Etlzzzaqrax. All rights reserved. Original Filename : pshed.dll Product Name : Cihplvzyu® Owrvvcy® Amdfatsht Chhvwn Product Version : 6.1.7600.16385
VirusTotal Report submitted 2011-06-28 03:18:34
VirusShare info last updated 2012-09-16 11:52:10

	MD5	0a92ac60db4c77107708e003dcb35617
	SHA1	659a672bd2bdaa106e0da64d3d6f3c627a97fe8d
	SHA256	5c0612d50f7eb4c92535ddcf9e69d37256938c8712bd83275df3ab33656dbea5
SSDeep	1536:qLvl0UDzmGJttJ9shLOiYk4bomLQ3FL1CnCRJZuhMqqU+NV23S2G:qmGJtt8ROiYVboc8khMqqDLy/G
Size	86528 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:Vundo-JW [Trj] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Fakeav.86528.R Panda = Suspicious file nProtect = Gen:Variant.Vundo.4 TrendMicro-HouseCall = TROJ_GEN.R47C1G6 Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Vundo!iz DrWeb = Trojan.WinSpy.1072 TrendMicro = TROJ_GEN.R47C1G6 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo PCTools = Trojan.Gen Jiangmin = Trojan/Generic.gije McAfee = Vundo!iz F-Secure = Gen:Variant.Vundo.4 VIPRE = Virtumonde Avast5 = Win32:Vundo-JW [Trj] eSafe = Win32.TRVundo F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.ACWL Norman = W32/Suspicious_Gen2.MZWZK Symantec = Trojan.Gen GData = Gen:Variant.Vundo.4 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.owy BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.OWY
ExIF Data	File Size : 84 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:13 09:32:51-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 32768 Initialized Data Size : 106496 Uninitialized Data Size : 0 Entry Point : 0x8a87 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Softpub Forwarder DLL File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : Softpub Forwarder DLL Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : Softpub Forwarder DLL Product Name : Microsoft® Windows® Operating System Product Version : 6.1.7600.16385
VirusTotal Report submitted 2011-07-22 08:44:48
VirusShare info last updated 2012-09-16 12:08:44

	MD5	0ff61fd075a8a41b510259633beac401
	SHA1	7e6fd429188a9301cb13bafe2dbcf1b17f356337
	SHA256	1b37ea08fca396756dcfa6295da2f6070f38351487eb08df7196f0046637d0e1
SSDeep	1536:HHAfmvmGBK29sh2yiYhgBboxvLQ3FK1CnCRJZuZMqqU+NV23S2E:HH8GBK7AyiYhIbo88kZMqqDLy/E
Size	86528 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:Vundo-JW [Trj] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Fakeav.86528.R Panda = Trj/Genetic.gen nProtect = Trojan/W32.Agent.86528.MA K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!F6Nx56KD5RQ eTrust-Vet = Win32/Vundo.HSC TrendMicro-HouseCall = TROJ_GEN.R72C2GA Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Vundo!kf DrWeb = Trojan.WinSpy.1072 TrendMicro = TROJ_GEN.R72C2GA Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr Jiangmin = Trojan/Generic.gije McAfee = Vundo!kf F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Vundo-JW [Trj] F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.IVW Norman = W32/Suspicious_Gen2.NIRUC GData = Gen:Variant.Vundo.4 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.owy BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.OWY
ExIF Data	File Size : 84 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:13 09:32:51-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 32768 Initialized Data Size : 106496 Uninitialized Data Size : 0 Entry Point : 0x8a87 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Softpub Forwarder DLL File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : Softpub Forwarder DLL Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : Softpub Forwarder DLL Product Name : Microsoft® Windows® Operating System Product Version : 6.1.7600.16385
VirusTotal Report submitted 2011-09-15 07:25:23
VirusShare info last updated 2012-09-16 12:49:02

	MD5	1336491e2d7b99e8fe8bb353126b7c0d
	SHA1	fc4aaa224e5d72bde5bfcbb2719d3c4c02806ea3
	SHA256	45ca16f5b4d8bde193cd31ffd4f749d9fb94c717c70dec2b63ae7eb6d83f0cb9
SSDeep	6144:z8UIh0KX48qGPWL1o53eRv51bprEKqqDLuY:QU6bXBxNe15mqnu
Size	198144 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:Trojan-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Malware/Win32.Generic Panda = Generic Trojan nProtect = Gen:Variant.Vundo.4 VirusBuster = Trojan.Vundo.Gen!Pac.49 SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Generic.dx!zwl DrWeb = Trojan.MulDrop2.36782 Microsoft = Trojan:Win32/Vundo McAfee = Generic.dx!zwl F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Trojan-gen eSafe = Win32.TRVundo AVG = Generic23.ZIY Norman = W32/Suspicious_Gen2.MZVEC GData = Gen:Variant.Vundo.4 BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Size : 194 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2004:07:22 18:10:03-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 131072 Initialized Data Size : 122880 Uninitialized Data Size : 0 Entry Point : 0x1bcf6 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Zgvxntnwz Jxhzogygshl File Description : Microsoft Neutral Natural Language Server Data and Code File Version : 6.0.6000.16386 (xnqcc_rtm.061101-2205) Internal Name : NlsLexicons002a Legal Copyright : © Xwfsiggvy Zgrxvguvkdl. All rights reserved. Original Filename : NlsLexicons002a.dll Product Name : Bzerkenxk® Nblymkf® Uvvjzzptj Akowjw Product Version : 6.0.6000.16386
VirusTotal Report submitted 2011-06-29 12:23:15
VirusShare info last updated 2012-09-16 13:15:47

	MD5	13d0eb0a13f84484d6f2b565a5905ce3
	SHA1	fd11f760063b345a1747e9b071f759f135e77ed5
	SHA256	59d732884a0285e3bbd1e04ff1408c3cced0317a9d8ae895b244efa659b870b7
SSDeep	3072:S+7d6rU50oY8ACF0tmcXrddZedFz1MqqDLy/boDbc:rek4Q0ryFz2qqDLub
Size	131072 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:Vundo-JX [Trj] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/Genetic.gen nProtect = Gen:Variant.Vundo.4 VirusBuster = Trojan.Vundo.AKMH eTrust-Vet = Win32/Vundo.HPV!genus Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] Microsoft = Trojan:Win32/Vundo.gen!AV F-Secure = Gen:Variant.Vundo.4 VIPRE = Virtumonde Avast5 = Win32:Vundo-JX [Trj] GData = Gen:Variant.Vundo.4 BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Size : 128 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:05 18:48:40-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 86016 Initialized Data Size : 86016 Uninitialized Data Size : 0 Entry Point : 0x151a7 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.1.4026.0 Product Version Number : 2.0.0.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : Ncpniezam Kdqqjqacykd File Description : Movie Maker Filters File Version : 2, 1, 4026, 0 Internal Name : WMM2FILT Legal Copyright : Copyright (C) Lfwckqjlh Corp, 2004 Legal Trademarks : Original Filename : WMM2FILT.DLL Private Build : Product Name : Windows Movie Maker Product Version : 2.1.4026.0 Special Build :
VirusTotal Report submitted 2011-07-18 22:23:06
VirusShare info last updated 2012-09-16 13:20:47

	MD5	13fae6293ea04f32349f0c28b2cee091
	SHA1	8c6cd7168a586f1efac25e0b892f7bfd867860a3
	SHA256	46e7e392ab0b14561bb15e2667400ae1df91b19bfadd1e8c4226a86290c05700
SSDeep	1536:cuw/HmGDHK9sh5UiYJ2boaLQ3F91CnCRJZuZMqqU+NV23S26:coGDHPzUiY8boG8kZMqqDLy/6
Size	86528 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:Vundo-JW [Trj] Antiy-AVL = Trojan/win32.agent.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.FakeAV Panda = Suspicious file nProtect = Gen:Variant.Vundo.4 TrendMicro-HouseCall = TROJ_GEN.R72C2FP Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Generic.dx!zvr TrendMicro = TROJ_GEN.R72C2FP Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo Fortinet = W32/Dx.ZVR!tr Jiangmin = Trojan/Generic.gije McAfee = Generic.dx!zvr F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Vundo-JW [Trj] eSafe = Win32.TRVundo AVG = Generic23.LRC Norman = W32/Suspicious_Gen2.MZWTV GData = Gen:Variant.Vundo.4 TheHacker = Trojan/Kryptik.owy BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.OWY
ExIF Data	File Size : 84 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:13 09:32:51-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 32768 Initialized Data Size : 106496 Uninitialized Data Size : 0 Entry Point : 0x8a87 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Softpub Forwarder DLL File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : Softpub Forwarder DLL Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : Softpub Forwarder DLL Product Name : Microsoft® Windows® Operating System Product Version : 6.1.7600.16385
VirusTotal Report submitted 2011-07-06 20:27:27
VirusShare info last updated 2012-09-16 13:22:07

	MD5	151e9b545dc6dd393ce667b133f4503f
	SHA1	2ed7e87ec7a6fcc0b0d25622398834d2091cfafe
	SHA256	5a60de317a4a93b9c6bac2d15d7be4f6ef45ba9bd819038faa75289a4488c154
SSDeep	3072:pdxVnbiKrb2rUnvjfZhhhFArie0/0NkFfnldMqqDLy/KR+9:p9uIvxhFw0skFfMqqDLuj
Size	137216 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-HF [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Genome Panda = Suspicious file K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!xknxz8Hh3yI eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R47C2G4 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[Cont] McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.Click2.286 TrendMicro = TROJ_GEN.R47C2G4 Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.iptc McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.4 VIPRE = Virtumonde eSafe = Win32.TRVundo F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.AUN Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen Symantec = Trojan.Gen GData = Gen:Variant.Vundo.4 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.llt BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LLT
ExIF Data	File Size : 134 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:05 17:20:27-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 73728 Initialized Data Size : 114688 Uninitialized Data Size : 0 Entry Point : 0xe2ca OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.2180 Product Version Number : 5.1.2600.2180 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 6 Language Code : English (U.S.) Character Set : Unicode Company Name : Keixqbqdc Bwvleejxlrx File Description : IPv6 Tfwssbn Firewall Driver File Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Internal Name : ip6fw.sys Legal Copyright : © Capanacsh Bngdmkceeph. All rights reserved. Original Filename : ip6fw.sys Product Name : Kdgurrwrx® Bddpqkb® Xxzlbjwzi System Product Version : 5.1.2600.2180
VirusTotal Report submitted 2012-04-07 19:27:11
VirusShare info last updated 2012-09-16 13:33:03

	MD5	185a90383fcf827ef2407a0cd08b4f7a
	SHA1	41d2ef25a4cf295cec10448b778ca56434fa7736
	SHA256	1b969df2f06833721a57362fa4d25e4745a7c21f0913e6261f29d70eefa6fe79
SSDeep	3072:S+5l6rU50oY8ACY5JhcXbp4idFzRMqqDLy/GoDbc:deksT0b5Fz6qqDLuG
Size	131072 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-HF [Cryp] Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/Genetic.gen nProtect = Trojan/W32.Genome.131072.E K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!THJNVX6+jeI eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R72C2FU Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[Cont] McAfee-GW-Edition = Vundo!iy DrWeb = Trojan.WinSpy.1185 TrendMicro = TROJ_GEN.R72C2FU Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr Jiangmin = Trojan/Generic.lsej McAfee = Vundo!iy F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Generic!BT eSafe = Win32.TRVundo F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.STQ Norman = Vundo.UVS Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.lxf BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Size : 128 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:05 18:48:40-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 86016 Initialized Data Size : 86016 Uninitialized Data Size : 0 Entry Point : 0x151a7 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.1.4026.0 Product Version Number : 2.0.0.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : Ncpniezam Kdqqjqacykd File Description : Movie Maker Filters File Version : 2, 1, 4026, 0 Internal Name : WMM2FILT Legal Copyright : Copyright (C) Lfwckqjlh Corp, 2004 Legal Trademarks : Original Filename : WMM2FILT.DLL Private Build : Product Name : Windows Movie Maker Product Version : 2.1.4026.0 Special Build :
VirusTotal Report submitted 2012-02-12 15:57:05
VirusShare info last updated 2012-09-16 14:05:47

	MD5	193e6c80f738f96859e885439fc6fc7e
	SHA1	ded8587fadb45fc22046b4936736fc57f79fcb1d
	SHA256	46694b4536bfa2e5b72c8222699f1035a2bdca76fab20992328a453ebcbeb698
SSDeep	1536:LP6w2uIR+CoPMqqU+NV23S2n8VkFS+FcHmCnzuaUkYUhnQFOo0UT6PpGiD:LSTnfoPMqqDLy/QVzLSkYHFO5si
Size	102400 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.AV.573 Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Malware/Win32.Generic Panda = Generic Trojan TrendMicro-HouseCall = TROJ_GEN.R47C2FJ Comodo = UnclassifiedMalware TrendMicro = TROJ_GEN.R47C2FJ Microsoft = Trojan:Win32/Vundo F-Secure = Trojan.Generic.KDV.251768 VIPRE = Virtumonde Avast5 = Win32:Malware-gen AVG = Generic23.NJ Norman = Vundo.UUS GData = Trojan.Generic.KDV.251768 TheHacker = Trojan/Kryptik.oxp BitDefender = Trojan.Generic.KDV.251768 NOD32 = a variant of Win32/Kryptik.OXP
ExIF Data	File Size : 100 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:01:23 05:31:25-05:00 PE Type : PE32 Linker Version : 5.12 Code Size : 28672 Initialized Data Size : 118784 Uninitialized Data Size : 0 Entry Point : 0x3b6a OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 7.0.0.0 Product Version Number : 5.2.3790.1230 File Flags Mask : 0x003f File Flags : Private build File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Unicode Company Name : Adaptec, Inc. File Description : Adaptec Jfccjbr Ultra320 Driver File Version : 7.0.000.000 (NT.040809-2325) Internal Name : PH 3.0 MS_V98 V564 bw01 - RTC03 Legal Copyright : Copyright © 2003 Adaptec, Inc. All rights reserved. Original Filename : adpu320.sys Product Name : Adaptec Uvsvqsj Ultra320 Family Driver Product Version : 5.2.3790.1230
VirusTotal Report submitted 2011-06-28 02:39:21
VirusShare info last updated 2012-09-16 14:14:39

	MD5	289e150d929b15ab976af1cb467a8c22
	SHA1	ef27970e46d51dba181a2fd5617357e575b0ecbe
	SHA256	1ce6eecce8fc438a2eeed19515e8214da87d117e8a9974f5451959761099ef92
SSDeep	3072:S+cS6rU50oY8ACF4SVcXhE3GXdFzIMqqDLy/hoDbc:nekk+0hewFzjqqDLuh
Size	131072 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-HF [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/Genetic.gen Rising = Trojan.Win32.Generic.128E29C6 nProtect = Trojan/W32.Genome.131072.E K7AntiVirus = Riskware VirusBuster = Trojan.Vundo.AKMH eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R1BC2G1 Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Vundo.av SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[Cont] McAfee-GW-Edition = Vundo!km DrWeb = Trojan.WinSpy.1185 TrendMicro = TROJ_GEN.R1BC2G1 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.kpyn McAfee = Vundo!km F-Secure = Gen:Variant.Vundo.4 VIPRE = Virtumonde eSafe = Win32.TRVundo F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.AOUT Norman = Vundo.UVS Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen.2 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.lxf BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Size : 128 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:05 18:48:40-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 86016 Initialized Data Size : 86016 Uninitialized Data Size : 0 Entry Point : 0x151a7 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.1.4026.0 Product Version Number : 2.0.0.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : Ncpniezam Kdqqjqacykd File Description : Movie Maker Filters File Version : 2, 1, 4026, 0 Internal Name : WMM2FILT Legal Copyright : Copyright (C) Lfwckqjlh Corp, 2004 Legal Trademarks : Original Filename : WMM2FILT.DLL Private Build : Product Name : Windows Movie Maker Product Version : 2.1.4026.0 Special Build :
VirusTotal Report submitted 2012-02-24 15:44:17
VirusShare info last updated 2012-09-16 16:31:41

	MD5	2ac0ad54642bbb1ebac0aad3b79cc32b
	SHA1	46c39bc8b0b4cfb905480fb73dc51ec6a3eb05c3
	SHA256	477fcb336c989ac45d73048d180e0db78f367d431ca9148f4d3dc8f8adec7fc9
SSDeep	3072:S+AP6rU50oY8ACbmbmgcXyJQjdFzYMqqDLy/NoDbc:WekUv0y4FzTqqDLuN
Size	131072 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-HF [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/Genetic.gen nProtect = Trojan/W32.Genome.131072.E K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!oGRDeL3fvLk eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R72C2FU Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[Cont] McAfee-GW-Edition = Vundo!iy DrWeb = Trojan.WinSpy.1185 TrendMicro = TROJ_GEN.R72C2FU Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr Jiangmin = Trojan/Generic.oazs McAfee = Vundo!iy F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Generic!BT eSafe = Win32.TRVundo F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.TCM Norman = Vundo.UVS Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.lxf BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Size : 128 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:05 18:48:40-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 86016 Initialized Data Size : 86016 Uninitialized Data Size : 0 Entry Point : 0x151a7 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.1.4026.0 Product Version Number : 2.0.0.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : Ncpniezam Kdqqjqacykd File Description : Movie Maker Filters File Version : 2, 1, 4026, 0 Internal Name : WMM2FILT Legal Copyright : Copyright (C) Lfwckqjlh Corp, 2004 Legal Trademarks : Original Filename : WMM2FILT.DLL Private Build : Product Name : Windows Movie Maker Product Version : 2.1.4026.0 Special Build :
VirusTotal Report submitted 2012-02-25 18:41:11
VirusShare info last updated 2012-09-16 16:45:10

	MD5	2eb2dfacd9599755708ddefe6fd73771
	SHA1	a5be70d85c8da6eeaad81068e62c8ca4bbb877b2
	SHA256	4692e57b37470854b090334cb1ab75011faa8089c34b5e1cd66f4f45d9223d63
SSDeep	1536:BLilAsL7730amtvhDN8pdOVNNs7pi9hgcItv6txf4jiVmiEQdUMsXKukPi+psIuC:BGlAsH730NptrxQjiAiNUMsXKukPi+pp
Size	98304 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/win32.agent.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Vundo Panda = Suspicious file K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!C+5M4mIqgMU eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R72C2F8 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[Cont] McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.Smardec.79 TrendMicro = TROJ_GEN.R72C2F8 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) eSafe = Win32.TRVundo F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.AVXH Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.13 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.ndf BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.NDF
ExIF Data	File Size : 96 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:08:30 21:54:27-04:00 PE Type : PE32 Linker Version : 6.0 Code Size : 32768 Initialized Data Size : 98304 Uninitialized Data Size : 0 Entry Point : 0x86d1 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Unicode Company Name : Updhtwtvi Ruivycwxfwr File Description : Platform Specific Hardware Error Driver File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : pshed.dll Legal Copyright : © Pscomdbey Etlzzzaqrax. All rights reserved. Original Filename : pshed.dll Product Name : Cihplvzyu® Owrvvcy® Amdfatsht Chhvwn Product Version : 6.1.7600.16385
VirusTotal Report submitted 2012-03-11 13:02:44
VirusShare info last updated 2012-09-16 17:12:23

	MD5	35167dd41fdc0b35eeae45708f4fe58c
	SHA1	ad665bd4182328cadbd1985292db21c4c372c084
	SHA256	5bec794a052e6fca24460ca87945e59d4acf9cbc0a5320987f0446b5ab35e956
SSDeep	3072:S+RxY6rU50oY8ACUB9KcX7clKdFzgMqqDLy/hoDbc:DiekgM07vFzLqqDLuh
Size	131072 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-HF [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/Genetic.gen nProtect = Trojan/W32.Genome.131072.E K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!bILcez07fqY eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R72C2FU Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[Cont] McAfee-GW-Edition = Vundo!iy DrWeb = Trojan.WinSpy.1185 TrendMicro = TROJ_GEN.R72C2FU Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr Jiangmin = Trojan/Generic.imok McAfee = Vundo!iy F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Generic!BT eSafe = Win32.TRVundo F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.TAZ Norman = Vundo.UVS Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.lxf BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Size : 128 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:05 18:48:40-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 86016 Initialized Data Size : 86016 Uninitialized Data Size : 0 Entry Point : 0x151a7 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.1.4026.0 Product Version Number : 2.0.0.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : Ncpniezam Kdqqjqacykd File Description : Movie Maker Filters File Version : 2, 1, 4026, 0 Internal Name : WMM2FILT Legal Copyright : Copyright (C) Lfwckqjlh Corp, 2004 Legal Trademarks : Original Filename : WMM2FILT.DLL Private Build : Product Name : Windows Movie Maker Product Version : 2.1.4026.0 Special Build :
VirusTotal Report submitted 2012-02-29 08:43:22
VirusShare info last updated 2012-09-16 17:54:15

	MD5	3818f2bff758bfc553f150ad4cb353ca
	SHA1	0c45a3c403dbfff6f4ec71162e8924b0a04fb273
	SHA256	1db89f1438f855d5a3cd87def55204a05b4caa0da62075fe5a7063dea9e11b35
SSDeep	1536:/SQlb3NLI1xtHNc4/TM4JHlCLYo0tl4NEzOFXYDOWie0XwQlqfLvKYl5MqqU+NVQ:683Ns1xti4o4JEGzFOz9Wl5MqqDLy//
Size	106496 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.HDC Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.13 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!fuh1WEq+pVc eTrust-Vet = Win32/Monder.A!generic TrendMicro-HouseCall = TROJ_GEN.R47C2GN Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Vundo!jy TrendMicro = TROJ_GEN.R47C2GN Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Vundo.JY!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.imqp McAfee = Vundo!jy F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:Malware-gen F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.BIGV Norman = W32/Suspicious_Gen2.NQYHQ GData = Gen:Variant.Vundo.13 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.qgj BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.QGJ
ExIF Data	File Size : 104 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2007:02:27 09:16:06-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 69632 Initialized Data Size : 77824 Uninitialized Data Size : 0 Entry Point : 0xd122 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6001.18000 Product Version Number : 6.0.6001.18000 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Akpnpwrcr Pexeeulhuca File Description : LSM interfaces proxy Dll File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840) Internal Name : lsmproxy Legal Copyright : © Tastipylf Ipxebkcrbut. All rights reserved. Original Filename : lsmproxy.dll Product Name : Rrgtnesae® Tymuurc® Qmgdoyonk Qtzlas Product Version : 6.0.6001.18000
VirusTotal Report submitted 2011-09-10 12:13:04
VirusShare info last updated 2012-09-16 18:13:14

	MD5	587792d9b1711cbdc54d88f929f30d02
	SHA1	62c2bd68187588e90603724efead0bf74c8b18c9
	SHA256	5a00b2760f62f63493daa628b3e292c45af5a6aed14e050890a3389f1a09fd0f
SSDeep	768:UH2q0dGT0WBC0fT2IHM/I1PzKAtriok8h/Sf0Wl:TLdDYb2IvjHhG
Size	34111 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Spy.Gen Avast = Win32:Pirminay-EE [Trj] Antiy-AVL = AdWare/Win32.SuperJuan Ikarus = not-a-virus:AdWare.Win32.SuperJuan AhnLab-V3 = Trojan/Win32.Variant Panda = Generic Malware Rising = Trojan.Win32.Generic.12BD12FC K7AntiVirus = Riskware VBA32 = AdWare.SuperJuan.heur TrendMicro-HouseCall = TROJ_GEN.R47C7CT Comodo = UnclassifiedMalware Emsisoft = Riskware.AdWare.Win32.SuperJuan!IK McAfee-GW-Edition = Generic PUP.z!mw DrWeb = Trojan.WinSpy.1558 TrendMicro = TROJ_GEN.R47C7CT Kaspersky = not-a-virus:AdWare.Win32.SuperJuan.heur Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Ponmocup.AA Jiangmin = Adware/SuperJuan.hk McAfee = Generic PUP.z!mw F-Secure = Gen:Variant.Vundo.10 VIPRE = Trojan.Win32.Vundo AVG = Generic27.BGJR Norman = W32/Troj_Generic.ASYIS GData = Gen:Variant.Vundo.10 TheHacker = Trojan/Ponmocup.aa BitDefender = Gen:Variant.Vundo.10 NOD32 = a variant of Win32/Ponmocup.AA
ExIF Data	File Size : 33 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 8192 Initialized Data Size : 28672 Uninitialized Data Size : 0 Entry Point : 0x2f3a OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-04-10 11:29:45
VirusShare info last updated 2012-09-16 21:53:03

	MD5	6549b6fc27471b32b8ffb58d7b6cc18f
	SHA1	1d52ded93471bcf55b466786fe2bd2ab07aa81df
	SHA256	5c03c3509a94d9f7788495a2b97bc1d41fc49ae98509db40976203e94a21de35
SSDeep	3072:Z3Yy5hqishJGyeE8/TEHf7FR8xi1Jxdm3:V5hqiyIEGK0SD
Size	131072 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Malware/Win32.Generic Panda = Trj/CI.A K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_GEN.R72C2D7 Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Vundo SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Artemis!6549B6FC2747 TrendMicro = TROJ_GEN.R72C2D7 Microsoft = Trojan:Win32/Vundo McAfee = Artemis!6549B6FC2747 VIPRE = Trojan.Win32.Generic!BT Prevx = High Risk System Back Door Avast5 = Win32:Malware-gen AVG = Generic21.BPYB NOD32 = probably a variant of Win32/Kryptik.LXF
ExIF Data	File Size : 128 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:08:08 12:20:53-04:00 PE Type : PE32 Linker Version : 5.12 Code Size : 110592 Initialized Data Size : 53248 Uninitialized Data Size : 0 Entry Point : 0x1bec1 OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7000.0 Product Version Number : 6.1.7000.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Hwlvhnnaf Hsopsnoqiga File Description : Media Foundation H264 Encoder File Version : 6.1.7000.0 (winmain_win7beta.081212-1400) Internal Name : Media Foundation H264 Encoder Legal Copyright : © Buukogwnp Qliirutbyfn. All rights reserved. Original Filename : mfH264Enc.dll Product Name : Tvzsjayqb® Odfhqkx® Tvuxpmkhy Oakqgn Product Version : 6.1.7000.0
VirusTotal Report submitted 2011-04-19 12:25:58
VirusShare info last updated 2012-09-16 23:23:49

	MD5	75a38ed6034a3b85d1e62d1d21800f4e
	SHA1	d071b22771f786fd33e5b27fc0cc9d93dc9b3626
	SHA256	1aad374dd8fdf0af14d300cc1f6174d638489862b9158e2af365852f972ac4f9
SSDeep	3072:qM8A8Me7T/nRiifx6SVORTN1hCXn1wMwHyaXnTcRJGxUw9RG/xtlIPRZZByR:qMmMe7tiiNVfwMwpx325I3
Size	150016 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:MalOb-GD Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Malware/Win32.Generic Panda = Trj/CI.A Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Agent.Gen SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Vundo!jb Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo Jiangmin = Trojan/Generic.gdwr McAfee = Vundo!jb F-Secure = Gen:Heur.Ranpax.1 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-GD AVG = Generic23.AOYU GData = Gen:Heur.Ranpax.1 TheHacker = Trojan/Kryptik.ndf BitDefender = Gen:Heur.Ranpax.1 NOD32 = a variant of Win32/Kryptik.NDF
ExIF Data	File Size : 146 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2007:02:25 23:57:15-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 139264 Initialized Data Size : 53248 Uninitialized Data Size : 0 Entry Point : 0x22691 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Sqdxuwjyv Jtzvdxwxyfz File Description : RD Gateway QEC File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : tsgqec.dll Legal Copyright : © Pfsomcmvl Jfkoqfylawb. All rights reserved. Original Filename : tsgqec.dll Product Name : Qidllkosj® Windows® Mphwnomth Jumiqu Product Version : 6.1.7600.16385
VirusTotal Report submitted 2011-07-05 07:09:35
VirusShare info last updated 2012-09-17 01:22:52

	MD5	774646618f3047a84c360e853b9c4aae
	SHA1	777b607852d97d11301b0cddd043d9520458c537
	SHA256	46eefbe045b26703ae33c80ce62172668952fa4a3abe20bdd516cfbb2ad4e76d
SSDeep	3072:S+bs6rU50oY8ACGqxicXMPHedFzeMqqDLy/6oDbc:SekFI0M0FzVqqDLu6
Size	131072 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:Vundo-JX [Trj] Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/Genetic.gen Rising = Trojan.Win32.Generic.128EA812 nProtect = Trojan/W32.Genome.131072.E K7AntiVirus = Riskware VirusBuster = Trojan.Vundo.AKMH eTrust-Vet = Win32/Vundo.HPV!genus TrendMicro-HouseCall = TROJ_GEN.R72C2GT Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Vundo.av SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Vundo!kc TrendMicro = TROJ_GEN.R72C2GT Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Vundo.KC!tr Jiangmin = Trojan/Generic.imok McAfee = Vundo!kc F-Secure = Gen:Variant.Vundo.4 VIPRE = Virtumonde Avast5 = Win32:Vundo-JX [Trj] eSafe = Win32.TRVundo F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.CFIL Norman = W32/Suspicious_Gen2.PQVVW Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = WS.Reputation.1 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.lxf BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Size : 128 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:05 18:48:40-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 86016 Initialized Data Size : 86016 Uninitialized Data Size : 0 Entry Point : 0x151a7 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.1.4026.0 Product Version Number : 2.0.0.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : Ncpniezam Kdqqjqacykd File Description : Movie Maker Filters File Version : 2, 1, 4026, 0 Internal Name : WMM2FILT Legal Copyright : Copyright (C) Lfwckqjlh Corp, 2004 Legal Trademarks : Original Filename : WMM2FILT.DLL Private Build : Product Name : Windows Movie Maker Product Version : 2.1.4026.0 Special Build :
VirusTotal Report submitted 2011-09-02 02:23:38
VirusShare info last updated 2012-09-17 01:32:46

	MD5	797fa66bb577f631b27f8a7b11e0bd5b
	SHA1	cbf807bca52a0deb38869cc8c149b73584852bf8
	SHA256	45c22e5d4f526d857f131d354de4afbca084caed3aa1d41a142d04a3872783f5
SSDeep	3072:QQTio4N5n3UbizszzDPVt6Hw6QdgArNmCd/lUMmfgHPFsioMqqDLy/3dJm:t+Npkb0qtF6yWMmfgH2cqqDLu7
Size	184320 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-HH [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Vundo Panda = Suspicious file K7AntiVirus = Riskware VirusBuster = Trojan.Vundo.Gen!Pac.49 eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R04C2GF Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Vundo!ks DrWeb = Trojan.Click1.54577 TrendMicro = TROJ_GEN.R04C2GF Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.xhvd McAfee = Vundo!ks F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.ACTC Norman = W32/Suspicious_Gen2.PYVRG Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.llt BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LLT
ExIF Data	File Size : 180 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2007:02:28 11:10:14-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 106496 Initialized Data Size : 118784 Uninitialized Data Size : 0 Entry Point : 0x162e2 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Disk Management DCOM Interface Stub File Version : 6.0.6000.16386 (vista_rtm.061101-2205) Internal Name : dmintf.dll Legal Copyright : Copyright© 1985-2002 Microsoft Corporation. All rights reserved. .Portions Copyright © 1997-2002 Veritas Software. All rights reserved. Original Filename : dmintf.dll Product Name : Microsoft® Windows® Operating System Product Version : 6.0.6000.16386
VirusTotal Report submitted 2012-05-01 05:33:33
VirusShare info last updated 2012-09-17 01:48:09

	MD5	7a6629294d47e76af842d34d5d9ab11b
	SHA1	d555b1fbdf2bf17f88fcfd00d6e28b886e418a86
	SHA256	5a54c956d5046a0c434e9e2211a61bd45b97b963aaf49a447f3ebaa515a575bc
SSDeep	6144:y9XTRHTXgjaGPtXITbrxeH/+MmvpnPBRUUdNJ2f:y9VTXgjaot4q+9v5BRUWJ6
Size	286873 bytes
File Type	PE32 executable (GUI) Intel 80386, for MS Windows
Detections	Avast = Win32:Trojan-gen Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Gen.Variant.Vundo AhnLab-V3 = Malware/Win32.Generic Panda = Suspicious file K7AntiVirus = Riskware VirusBuster = Trojan.Priminay.A eTrust-Vet = Win32/Swisyn.DT Comodo = TrojWare.Win32.Pirminary.~dpk Emsisoft = Gen.Variant.Vundo!IK McAfee-GW-Edition = Artemis!7A6629294D47 Microsoft = TrojanDownloader:Win32/Renos.KC PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.jp McAfee = Artemis!7A6629294D47 F-Secure = Trojan.Generic.5553400 Avast5 = Win32:Trojan-gen eSafe = Win32.Trojan AVG = Generic20.CKFC Norman = W32/Suspicious_Gen2.dam Sophos = Mal/Generic-E Symantec = Trojan.Gen GData = Trojan.Generic.5553400 TheHacker = Trojan/Downloader.Agent.pxo BitDefender = Trojan.Generic.5553400 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Size : 280 kB File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2002:08:30 20:58:54-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 16384 Initialized Data Size : 618496 Uninitialized Data Size : 0 Entry Point : 0x44c0 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI Warning : Error processing PE data dictionary
VirusTotal Report submitted 2011-04-07 22:02:24
VirusShare info last updated 2012-09-17 01:55:02

	MD5	7d046cc346e12ad4f41a0b705aeb345c
	SHA1	ede48ced17354e23520f04d14c8344e87a942260
	SHA256	1de00bff9629b04b57a9b9e95da0f07238ac1885bccea921eb03e6f3ba4e8754
SSDeep	3072:pCb1IVLs05WNzmn+ODMESCHKXBGfK/B8uTxXpqClAZD3Sx:oI20okf9rfKhNpyD3y
Size	115200 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Crypt.XPACK.Gen Avast = Win32:MalOb-GD [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Vundo Panda = Trj/Genetic.gen nProtect = Trojan.Generic.5967059 K7AntiVirus = Trojan VirusBuster = Trojan.Kryptik!H+3mt5uPmVc TrendMicro-HouseCall = TROJ_GEN.R72C2F2 Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Artemis!7D046CC346E1 DrWeb = Trojan.WinSpy.1276 TrendMicro = TROJ_GEN.R72C2F2 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Generic.fnxb McAfee = Artemis!7D046CC346E1 F-Secure = Trojan.Generic.5967059 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.AWHX Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Trojan.Generic.5967059 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.llt BitDefender = Trojan.Generic.5967059 NOD32 = a variant of Win32/Kryptik.LLT
ExIF Data	File Size : 112 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:06:11 15:18:07-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 102400 Initialized Data Size : 49152 Uninitialized Data Size : 0 Entry Point : 0x19601 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.0.0.3422 Product Version Number : 2.0.0.3422 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : Rlikrttkj Ibietanazzz File Description : Jugqectay Character Animation Data Provider File Version : 2.00.0.3422 Internal Name : AgentDataProvider2 Legal Copyright : Copyright (C) Bhgtbibxy Corp. 1997-98 Legal Trademarks : Original Filename : AgentDp2.dll Private Build : Product Name : Nrrmupjma Character Animation Data Provider Product Version : 2.00.0.3422 Special Build :
VirusTotal Report submitted 2012-05-27 10:13:25
VirusShare info last updated 2012-09-17 02:12:01

	MD5	7d77ed49c3216e6a419051b85495896a
	SHA1	7cfb2ca8187d22fea91fdb2f3bad1b8f6ad8e989
	SHA256	464e23070fa595fc722a5d0b368d34d41356701b1c02f0c3ab993a1d63f8ef8f
SSDeep	768:Hz7PVr3BXY6YAqG/MITuib/3ctyVycIZ/mdxCidjqYz7dfjwKQGqz/HvU1OgeF:HlBUG5Jb/3c+IRrZY1wDrvUeF
Size	49152 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-HH [Cryp] Ikarus = Trojan.Win32.Pirminay K7AntiVirus = Riskware VirusBuster = Trojan.Injector!RBD/i1WfvpA eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R47C2LV Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Artemis!7D77ED49C321 TrendMicro = TROJ_GEN.R47C2LV Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Genome.ios McAfee = Artemis!7D77ED49C321 F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Vundo eSafe = Win32.TRVundo F-Prot = W32/Virtumonde.BZ.gen!Eldorado AVG = Dropper.Generic2.CMIA Norman = W32/Suspicious_Gen2.IQUNY GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen.2 Commtouch = W32/Virtumonde.BZ.gen!Eldorado TheHacker = Trojan/Injector.dsi BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Injector.DSI
ExIF Data	File Size : 48 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:03:14 21:59:34-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 9216 Initialized Data Size : 75776 Uninitialized Data Size : 0 Entry Point : 0x31dd OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7000.0 Product Version Number : 6.1.7000.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : ODBC Code Page Translator Resources File Version : 6.1.7000.0 (winmain_win7beta.081212-1400) Internal Name : mscpx32r.dll Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : mscpx32r.dll Product Name : Microsoft® Windows® Operating System Product Version : 6.1.7000.0
VirusTotal Report submitted 2012-05-14 21:28:00
VirusShare info last updated 2012-09-17 02:14:57

	MD5	82e9e18096352b42569eac69759d5edc
	SHA1	105d3b902d0a21ea988255a18199d469037b662c
	SHA256	475943dcf19debff6ac31a1b59f95babb85a07f1ac2816f7df651823cb63a403
SSDeep	3072:EIG8/m7p7ICoKZRfCl+LukV23HJ1SMqqDLy/6e91L2wCus:LduNUChrfC/ks51xqqDLut91L
Size	163840 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:Pirminay-BU [Trj] Antiy-AVL = Trojan/win32.agent.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Malware/Win32.Generic Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_GEN.R72C2FN Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp McAfee-GW-Edition = Artemis!82E9E1809635 TrendMicro = TROJ_GEN.R72C2FN Microsoft = Trojan:Win32/Vundo McAfee = Artemis!82E9E1809635 F-Secure = Trojan.Generic.KDV.259799 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:Pirminay-BU [Trj] eSafe = Win32.TRVundo AVG = Generic23.MZT GData = Trojan.Generic.KDV.259799 TheHacker = Trojan/Kryptik.llt BitDefender = Trojan.Generic.KDV.259799 NOD32 = a variant of Win32/Kryptik.LLT
ExIF Data	File Size : 160 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:01:22 20:14:16-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 90112 Initialized Data Size : 114688 Uninitialized Data Size : 0 Entry Point : 0x162e7 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.10.1027 Product Version Number : 5.1.0.0 File Flags Mask : 0x001f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Ggvpzttbj File Description : robocopy File Version : 5, 1, 10, 1027 Internal Name : robocopy Legal Copyright : Copyright ⌐ 1995-2004 Original Filename : robocopy.exe Product Name : Dhkrabwoj Robocopy Product Version : XP027
VirusTotal Report submitted 2011-07-06 02:09:38
VirusShare info last updated 2012-09-17 02:50:43

	MD5	8606679598d33f446dccad83053d6843
	SHA1	c4bba2ae1c956d02ea15a04cbecee185fd0be4ef
	SHA256	59e3b3cd193d02dbc43ad4da8bd39014f39c00c20d466d4ea557eb236489c5e9
SSDeep	3072:8IVp+9G57cZzYH3Df2hJWl8MqqDLy/YeX:rcGtiUoYqqDLuz
Size	106496 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay Panda = Generic Trojan eTrust-Vet = Win32/Monder.A!generic Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Faldesc[RE] DrWeb = Trojan.Smardec.75 Microsoft = Trojan:Win32/Vundo.gen!AV F-Secure = Gen:Heur.Ranpax.1 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:Malware-gen AVG = Generic23.AHYR GData = Gen:Heur.Ranpax.1 BitDefender = Gen:Heur.Ranpax.1 NOD32 = a variant of Win32/Kryptik.QGJ
ExIF Data	File Size : 104 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:15 03:11:02-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 45056 Initialized Data Size : 114688 Uninitialized Data Size : 0 Entry Point : 0x71b6 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7000.0 Product Version Number : 6.1.7000.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Dqobcighi Wexdayufmti File Description : Jbwdkjait DirectMusic Wave File Version : 6.1.7000.0 (winmain_win7beta.081212-1400) Internal Name : Qvunieave DirectMusic Wave Legal Copyright : © Mjkuhcxyt Fdynyqlkbfc. All rights reserved. Original Filename : dsave.dll Product Name : Regkuctuq® Hndhxzt® Wzqbwbzfu Fmiopt Product Version : 6.1.7000.0
VirusTotal Report submitted 2011-07-18 14:21:06
VirusShare info last updated 2012-09-17 03:20:19

	MD5	8e2190ecfc3f394997a712824d66af5e
	SHA1	52b4959fdefbe4ba5e3eb55528cda8907eb06a7c
	SHA256	47d6b459dccd1212dfd2de5e3fafc2b85fdde65ceab92dea1cbf2d845ed82c13
SSDeep	3072:S+BK6rU50oY8ACxTQ7cXpNJNdFz/MqqDLy/xoDbc:Oekjm0pvFzUqqDLux
Size	131072 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-HF [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/Genetic.gen nProtect = Trojan/W32.Genome.131072.E K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!kA+PpdGQawk eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R72C2FU Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK DrWeb = Trojan.WinSpy.1185 TrendMicro = TROJ_GEN.R72C2FU Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr Jiangmin = Trojan/Generic.imgh McAfee = Artemis!8E2190ECFC3F F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) eSafe = Win32.TRVundo F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.TKU Norman = Vundo.UVS Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = WS.Reputation.1 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.lxf BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Size : 128 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:05 18:48:40-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 86016 Initialized Data Size : 86016 Uninitialized Data Size : 0 Entry Point : 0x151a7 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.1.4026.0 Product Version Number : 2.0.0.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : Ncpniezam Kdqqjqacykd File Description : Movie Maker Filters File Version : 2, 1, 4026, 0 Internal Name : WMM2FILT Legal Copyright : Copyright (C) Lfwckqjlh Corp, 2004 Legal Trademarks : Original Filename : WMM2FILT.DLL Private Build : Product Name : Windows Movie Maker Product Version : 2.1.4026.0 Special Build :
VirusTotal Report submitted 2012-05-13 01:05:21
VirusShare info last updated 2012-09-17 05:18:31

	MD5	8fb80f9e1b16222c51fc241f086d04ae
	SHA1	79a90508e595fd04479e45a5b51ecf020a046de4
	SHA256	1b8b6a21a60157e73355d0f5fae55faec517d6044de2e345931db909ee21ca11
SSDeep	1536:uZmggek1m8qfx+66KO3fm131s2pDz0B3AqrHXEgMuuoNz0+iFl7J:uggM1qfx+63Sfq1ntkQqzXBrGFl7J
Size	92160 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.abb Avast = Win32:MalOb-EI Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Malware/Win32.Generic Panda = Trj/CI.AS nProtect = Trojan.Vundo.4289 VirusBuster = Trojan.Vundo!x6PGDgChTac VBA32 = AdWare.SuperJuan.yox TrendMicro-HouseCall = TROJ_GEN.R30C2EG CAT-QuickHeal = Trojan.Vundo.av SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp TrendMicro = TROJ_GEN.R30C2EG ViRobot = Trojan.Win32.Vundo.92160 Microsoft = Trojan:Win32/Vundo.gen!AV F-Secure = Trojan.Vundo.4289 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-EI AVG = Generic21.AEMF GData = Trojan.Vundo.4289 TheHacker = Trojan/Kryptik.gnd BitDefender = Trojan.Vundo.4289 NOD32 = a variant of Win32/Kryptik.GND
ExIF Data	File Size : 90 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:13 18:54:53-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 77824 Initialized Data Size : 57344 Uninitialized Data Size : 0 Entry Point : 0x10635 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6001.18000 Product Version Number : 6.0.6001.18000 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Occsuxmnx Afgqkhlrldo File Description : Network Policy Server File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840) Internal Name : IAS.DLL Legal Copyright : © Flrtrdzsk Abkngwstchl. All rights reserved. Original Filename : IAS.DLL Product Name : Zradnbevw® Tehokqj® Kamtxzehe Zmjhhs Product Version : 6.0.6001.18000
VirusTotal Report submitted 2011-05-19 01:21:48
VirusShare info last updated 2012-09-17 05:43:24

	MD5	96d941c029e2467ca22b84fd63a44264
	SHA1	f89050b398279522d52ca1e6bdee8f4d3fa4254d
	SHA256	19f66a0e65df542a3e1f8ec95a9ed9ce496e22d936861e72df1ce830e418a9ce
SSDeep	3072:SFa2KcYzkQoE8KzQl5TDa8UgdnYqeRGzN:ma2KYQsKz+TDautYqfN
Size	121344 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.307200 Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Vundo Panda = Suspicious file K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!bVIHp5qOn84 eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R30CDLF Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Vundo.av McAfee-GW-Edition = Vundo!nj DrWeb = Trojan.WinSpy.1335 TrendMicro = TROJ_GEN.R30CDLF Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Vundo Jiangmin = Trojan/Generic.jgbm McAfee = Vundo!nj F-Secure = Gen:Variant.Vundo.13 VIPRE = Virtumonde F-Prot = W32/Virtumonde.CD.gen!Eldorado AVG = Generic22.AAHO Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen Symantec = Trojan.Vundo!gen9 GData = Gen:Variant.Vundo.13 Commtouch = W32/Virtumonde.CD.gen!Eldorado BitDefender = Gen:Variant.Vundo.13 NOD32 = probably a variant of Win32/Kryptik.SYI
ExIF Data	File Size : 118 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:11 08:19:23-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 40960 Initialized Data Size : 122880 Uninitialized Data Size : 0 Entry Point : 0x7565 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 4.0.0.0 Product Version Number : 4.0.0.0 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Zilrghjkm Lurtfjpgopq File Description : License Compliance Wizard File Version : 4.00 Internal Name : LCWIZ.EXE Legal Copyright : Copyright © 1996 Entqyjqhw Corporation Original Filename : LCWIZ.EXE Product Name : License Compliance Wizard Product Version : 4.00
VirusTotal Report submitted 2012-05-18 19:54:07
VirusShare info last updated 2012-09-17 07:13:25

	MD5	a2d139a153e2c4f637c667b40013d4aa
	SHA1	2e18c28244d4f67e0303dd2ca888072c7ce0a363
	SHA256	1c8af1afc9427d6212c350870792ab77c4041b0b24d506cf7de9a0c25165ec0e
SSDeep	3072:S+BRD6rU50oY8ACo7KHcXjbB6dFzGMqqDLy//oDbc:HJekek0jWFztqqDLu/
Size	131072 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:Vundo-JX [Trj] Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/Genetic.gen nProtect = Trojan/W32.Genome.131072.E K7AntiVirus = Riskware VirusBuster = Trojan.Vundo.AKMH eTrust-Vet = Win32/Vundo.HPV!genus TrendMicro-HouseCall = TROJ_GEN.R1BC2GR Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Vundo.av SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Vundo!kb TrendMicro = TROJ_GEN.R1BC2GR Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/VUNDO.KB!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.irag McAfee = Vundo!kb VIPRE = Virtumonde Avast5 = Win32:Vundo-JX [Trj] F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.BZGM Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.lxf BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Size : 128 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:05 18:48:40-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 86016 Initialized Data Size : 86016 Uninitialized Data Size : 0 Entry Point : 0x151a7 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.1.4026.0 Product Version Number : 2.0.0.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : Ncpniezam Kdqqjqacykd File Description : Movie Maker Filters File Version : 2, 1, 4026, 0 Internal Name : WMM2FILT Legal Copyright : Copyright (C) Lfwckqjlh Corp, 2004 Legal Trademarks : Original Filename : WMM2FILT.DLL Private Build : Product Name : Windows Movie Maker Product Version : 2.1.4026.0 Special Build :
VirusTotal Report submitted 2011-09-10 00:13:44
VirusShare info last updated 2012-09-17 08:35:44

	MD5	a6c91e1035291cbe98012a0cd575ce26
	SHA1	2a0fc1e2e2754aae012409960bd7d925083acf06
	SHA256	47a51cf026ab3cf304296a3356141261852924ee5bf709fc67517809da27322c
SSDeep	3072:OVJXvW57BZzYH3Df2hJjl2MqqDLy/YeX:OLWt7UojqqDLuz
Size	106496 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-HH [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Vundo Panda = Generic Trojan K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!l4KncqJlAC8 TrendMicro-HouseCall = TROJ_SPNR.30EF12 Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.Smardec.75 TrendMicro = TROJ_SPNR.30EF12 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Generic.ikcs McAfee = Generic Malware.ms F-Secure = Gen:Heur.Ranpax.1 VIPRE = Trojan.Win32.Kryptik.laq (v) eSafe = Win32.TRVundo F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.AHYR Norman = W32/Crypt.AWAV GData = Gen:Heur.Ranpax.1 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.qgj BitDefender = Gen:Heur.Ranpax.1 NOD32 = a variant of Win32/Kryptik.QGJ
ExIF Data	File Size : 104 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:15 03:11:02-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 45056 Initialized Data Size : 114688 Uninitialized Data Size : 0 Entry Point : 0x71b6 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7000.0 Product Version Number : 6.1.7000.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Dqobcighi Wexdayufmti File Description : Jbwdkjait DirectMusic Wave File Version : 6.1.7000.0 (winmain_win7beta.081212-1400) Internal Name : Qvunieave DirectMusic Wave Legal Copyright : © Mjkuhcxyt Fdynyqlkbfc. All rights reserved. Original Filename : dsave.dll Product Name : Regkuctuq® Hndhxzt® Wzqbwbzfu Fmiopt Product Version : 6.1.7000.0
VirusTotal Report submitted 2012-05-31 02:13:25
VirusShare info last updated 2012-09-17 09:03:01

	MD5	ac0c321d04583801183d66961828c497
	SHA1	7591c1cc9852adaf684e5dbec93db376355f48bf
	SHA256	1a90a15a5b2e37ac04dde99deeb38c0998956a00605da74244e1636534a2eccf
SSDeep	6144:WBqKY6XcZl8cbm/ts7AnD2r+QyhT3mkDaHqqDLu:WMKYvZLX62rtyNmkDaKqnu
Size	226816 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:Pirminay-BU [Trj] Antiy-AVL = Trojan/win32.agent.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Malware/Win32.Generic Panda = Trj/CI.A VirusBuster = Trojan.Kryptik!7KE5+rOsuVo Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Vundo!jb DrWeb = Trojan.MulDrop2.36782 Microsoft = Trojan:Win32/Vundo McAfee = Vundo!jb F-Secure = Trojan.Generic.KDV.278577 VIPRE = Virtumonde Avast5 = Win32:Pirminay-BU [Trj] AVG = Generic23.XGT GData = Trojan.Generic.KDV.278577 BitDefender = Trojan.Generic.KDV.278577 NOD32 = a variant of Win32/Kryptik.LLT
ExIF Data	File Size : 222 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:31 10:04:02-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 196608 Initialized Data Size : 86016 Uninitialized Data Size : 0 Entry Point : 0x2ca8e OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.0.2134.1 Product Version Number : 5.0.0.5174 File Flags Mask : 0x003f File Flags : (none) File OS : Windows 16-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Windows, Latin1 Company Name : Eastman Software, Inc., A Kodak Business File Description : PRINT LIBRARY File Version : 5.00.2134.1 Legal Copyright : Copyright © Kodak, 1989-1997 Original Filename : OIPRT400.DLL Product Name : Imaging for Otckacm® Product Version : 5.00.2134.1
VirusTotal Report submitted 2011-07-06 11:19:52
VirusShare info last updated 2012-09-17 09:47:13

	MD5	b95d8d9cb4404b9f69e0eec5dc11aee7
	SHA1	09abf45066ea513dc17f01977f65f33f6b070ef6
	SHA256	19d8a507ad8c4d8eb73da61fa05d7ab5e262a795178f4e741921e9253953965b
SSDeep	3072:S+bGf6rU50oY8ACK0gZcXuDSgdFznMqqDLy/joDbc:0ekTs0u3FzMqqDLuj
Size	131072 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-HF [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/Genetic.gen nProtect = Trojan/W32.Genome.131072.E K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!PksdFIsmC4k TrendMicro-HouseCall = TROJ_GEN.R26C7D4 Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Win32.Vundo.av5.ML McAfee-GW-Edition = Artemis!B95D8D9CB440 DrWeb = Trojan.WinSpy.1185 TrendMicro = TROJ_GEN.R26C7D4 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Generic.oazs McAfee = Artemis!B95D8D9CB440 F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) eSafe = Win32.TRVundo F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.SXZ Norman = Vundo.UVS Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = WS.Reputation.1 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.lxf BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Size : 128 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:05 18:48:40-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 86016 Initialized Data Size : 86016 Uninitialized Data Size : 0 Entry Point : 0x151a7 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.1.4026.0 Product Version Number : 2.0.0.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : Ncpniezam Kdqqjqacykd File Description : Movie Maker Filters File Version : 2, 1, 4026, 0 Internal Name : WMM2FILT Legal Copyright : Copyright (C) Lfwckqjlh Corp, 2004 Legal Trademarks : Original Filename : WMM2FILT.DLL Private Build : Product Name : Windows Movie Maker Product Version : 2.1.4026.0 Special Build :
VirusTotal Report submitted 2012-06-20 06:10:01
VirusShare info last updated 2012-09-17 11:38:47

	MD5	bbbb4388695cac1281f04c39da0c1883
	SHA1	203e5cad8e92e1331c714b0a3ca0c54f276bb694
	SHA256	5a7efffd09cc9a6e28ca82a94078613efba9b54653e0815b4ce78608837ada41
SSDeep	3072:B/CFb8BVJlvOUM0Y9icOefhixXsQZD2b6jtWJdn4RIl11hCoPMqqDLy/s1W:JCFA53MLWefAoO6OIlhWqqDLuuW
Size	188928 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:Pirminay-BU Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Suspicious file nProtect = Gen:Variant.Katusha.5 VirusBuster = Trojan.Vundo.Gen!Pac.49 Emsisoft = Trojan.Win32.Pirminay!IK DrWeb = Trojan.MulDrop2.36782 Microsoft = Trojan:Win32/Vundo.gen!AV F-Secure = Gen:Variant.Katusha.5 VIPRE = Virtumonde Avast5 = Win32:Pirminay-BU AVG = Generic23.AELP GData = Gen:Variant.Katusha.5 BitDefender = Gen:Variant.Katusha.5 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Size : 184 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:11 22:43:04-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 147456 Initialized Data Size : 90112 Uninitialized Data Size : 0 Entry Point : 0x20b82 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.0.0.3422 Product Version Number : 2.0.0.3422 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : Microsoft Corporation File Description : Microsoft Agent Data Provider File Version : 2.00.0.3422 Internal Name : AgentDataProvider Legal Copyright : Copyright (C) Microsoft Corp. 1997-98 Legal Trademarks : Original Filename : AgentDpv.dll Private Build : Product Name : Microsoft Agent Data Provider Product Version : 2.00.0.3422 Special Build :
VirusTotal Report submitted 2011-07-18 19:12:05
VirusShare info last updated 2012-09-17 12:01:35

	MD5	c54b4d04cee0373fe928ee86e91a710c
	SHA1	f841a028646143e52bdaff49c35f9ddf17baefcb
	SHA256	47de8dece89beacac33d60e011cfb8414155bcf249d624aff4edb34af66a0bb6
SSDeep	3072:YaIvb7W/B06Kci0KF9Sh1o9EElkoCMqqDLy/J:YaIfYF5i0nnEzBqqDLu
Size	167936 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Malware/Win32.Generic Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!WMzR+IhCy3U TrendMicro-HouseCall = TROJ_GEN.R72C2G7 Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Generic.dx!zwx TrendMicro = TROJ_GEN.R72C2G7 Microsoft = Trojan:Win32/Vundo.gen!AV McAfee = Generic.dx!zwx F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Malware-gen AVG = Generic23.AGPT GData = Gen:Variant.Vundo.4 TheHacker = Trojan/Kryptik.llt BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LLT
ExIF Data	File Size : 164 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:01:30 02:11:28-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 81920 Initialized Data Size : 126976 Uninitialized Data Size : 0 Entry Point : 0x10ac6 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.2600.5512 Product Version Number : 6.0.2600.5512 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Lviukfxwz Qiestbeqtyh File Description : IIS UIHelper Module File Version : 6.0.2600.5512 (xpsp.080413-0852) Internal Name : uihelper.dll Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : uihelper.dll Product Name : Internet Information Services Product Version : 6.0.2600.5512
VirusTotal Report submitted 2011-07-16 17:54:41
VirusShare info last updated 2012-09-17 13:20:20

	MD5	eb2504332ac62e980d058a0192b15b6e
	SHA1	d8a2ea00a3db3b1f56770bc4c14fa9a45c922c26
	SHA256	462af12aca679d31f108f98f1099c14a5a0d57082ea41dc989fe9ccfab38ce51
SSDeep	1536:n5Dh0Xd4w7Erqrm2jWM+hSqyI1kq6oz8/Mg2NCmkfN/:n5Dh0XdAB2jWhh/n1oo2bF/
Size	79360 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.4.445 Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Packed/Win32.Generic Panda = Suspicious file Rising = Trojan.Win32.Generic.125D50F1 nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware VirusBuster = Trojan.Vundo!wuGNriRNQsw TrendMicro-HouseCall = TROJ_GEN.R30C2E7 Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Vundo.av McAfee-GW-Edition = Artemis!EB2504332AC6 TrendMicro = TROJ_GEN.R30C2E7 Microsoft = Trojan:Win32/Vundo.gen!AV PCTools = HeurEngine.MaliciousPacker McAfee = Artemis!EB2504332AC6 F-Secure = Gen:Variant.Vundo.4 VIPRE = Virtumonde Avast5 = Win32:Malware-gen F-Prot = W32/Virtumonde.BZ.gen!Eldorado AVG = Generic22.ZEP Norman = W32/Suspicious_Gen2.LRKOR Symantec = Packed.Generic.305 GData = Gen:Variant.Vundo.4 BitDefender = Gen:Variant.Vundo.4 NOD32 = Win32/Adware.Virtumonde.NHD
ExIF Data	File Size : 78 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:01:07 05:58:15-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 14848 Initialized Data Size : 98304 Uninitialized Data Size : 0 Entry Point : 0x4859 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6002.18005 Product Version Number : 6.0.6002.18005 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : NPS Services Component File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830) Internal Name : IASSVCS.DLL Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : IASSVCS.DLL Product Name : Microsoft® Windows® Operating System Product Version : 6.0.6002.18005
VirusTotal Report submitted 2011-05-13 19:06:32
VirusShare info last updated 2012-09-17 19:42:38

	MD5	efa37190b3771a8827e940a928d505b1
	SHA1	0a45d8cf7fcb50d3b483bf1a8f1f956117e66cd3
	SHA256	465ba70cee265e2d17a71d0b6c44456331009214e61fd3968416174f29d1e67d
SSDeep	1536:+a12aaa6VELWpdeuGhvPH6o2IYR32a3CJkcVQ2++63gd/sVw/Byne6ouAuZMDf:+aoaaDVfyPH6oTa37c+2OgKVwJao7ueb
Size	91722 bytes
File Type	PE32 executable (GUI) Intel 80386, for MS Windows
Detections	Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Gen Panda = Trj/CI.A nProtect = Trojan.Generic.KDV.202902 McAfee-GW-Edition = Artemis!EFA37190B377 PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.vf McAfee = Artemis!EFA37190B377 F-Secure = Trojan.Generic.KDV.202902 Avast5 = Win32:Malware-gen AVG = SHeur3.BWPL Sophos = Mal/Ponmocup-A Symantec = Trojan.Gen.2 GData = Trojan.Generic.KDV.202902 Commtouch = W32/GenBl.EFA37190!Olympus TheHacker = Trojan/Pirminay.gad BitDefender = Trojan.Generic.KDV.202902
ExIF Data	File Size : 90 kB File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:12 02:03:08-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 36864 Initialized Data Size : 622592 Uninitialized Data Size : 0 Entry Point : 0x6bd2 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI Warning : Error processing PE data dictionary
VirusTotal Report submitted 2011-05-14 09:55:39
VirusShare info last updated 2012-09-17 20:15:29

	MD5	f922be26f4e45089b70c80abcb140548
	SHA1	ac1205cd317c2fadd48a54d39e72c64946537478
	SHA256	5ad041eb4e8ea1d0df083c37da5f6eb31adfe56d8a4216a02d79efc5d6c56fa6
SSDeep	3072:41EDpRopDALz1563d3GMzVsgRBFP1i4La747xsVi9WfWTbvRveCI:41ED7oa/6SgRtrLa747xsvkvXI
Size	131072 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Gen Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.13 K7AntiVirus = Riskware Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Vundo.av McAfee-GW-Edition = Vundo!kg Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Virtum!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.imqv McAfee = Vundo!kg F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-EI [Cryp] F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic24.AII Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.13 Symantec = Trojan.Gen.2 Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.OXO
ExIF Data	File Size : 128 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:06:22 11:38:10-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 61440 Initialized Data Size : 98304 Uninitialized Data Size : 0 Entry Point : 0xf6b1 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.3.1.146 Product Version Number : 6.3.1.146 File Flags Mask : 0x003f File Flags : (none) File OS : Windows 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Windows, Latin1 Company Name : Pvtgzhytq Stbfsqdhccy File Description : TIME File Version : 6.03.01.0146 Internal Name : DATIME Legal Copyright : Copyright © Snyresdgl Corp. 1998-1999 Original Filename : DATIME.DLL Product Name : Bhhsllywf® Uhivwmo(TM) Sfuiqmllj Zlludo Product Version : 6.03.01.0146
VirusTotal Report submitted 2011-08-30 15:18:47
VirusShare info last updated 2012-09-17 21:26:19

	MD5	5dea8c096e7b2828da37c9a35e99f29d
	SHA1	fafc94b1c91ab864a5f28a1f962484c199b80262
	SHA256	5a6bf4ef11c66cf87696654518f543f4f3d96aee992a52561038c612bcb42a89
SSDeep	3072:q7U8A8Me7T/nHJ2jb1SVORTN1hCXn1wMwHyaXnTcRJGBWwYnvrxtrIPRZZCTF:q7UmMe7DJfVfwMwpBVUbII
Size	150016 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:MalOb-GD [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.HDC Panda = Trj/Genetic.gen Rising = Trojan.Vundo!3CB2 K7AntiVirus = Trojan VirusBuster = Trojan.Kryptik!9h3aTbAMnjs TrendMicro-HouseCall = TROJ_GEN.R72C1H5 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[Cont] McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.WinSpy.1313 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Generic.gdwr McAfee = Generic Malware.ms F-Secure = Gen:Heur.Ranpax.1 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Vundo.MH Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen Symantec = Trojan.Gen GData = Gen:Heur.Ranpax.1 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.ndf ESET-NOD32 = a variant of Win32/Kryptik.NDF BitDefender = Gen:Heur.Ranpax.1
ExIF Data	File Size : 146 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2007:02:25 23:57:15-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 139264 Initialized Data Size : 53248 Uninitialized Data Size : 0 Entry Point : 0x22691 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Sqdxuwjyv Jtzvdxwxyfz File Description : RD Gateway QEC File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : tsgqec.dll Legal Copyright : © Pfsomcmvl Jfkoqfylawb. All rights reserved. Original Filename : tsgqec.dll Product Name : Qidllkosj® Windows® Mphwnomth Jumiqu Product Version : 6.1.7600.16385
VirusTotal Report submitted 2012-09-17 02:26:52
VirusShare info last updated 2012-09-18 00:21:10

	MD5	b7200b6c6d3c2ebe985ec93c1ec2adb7
	SHA1	194b9898c39eb821322866b94ce8791c96977209
	SHA256	4568c57e840f63efa281b9047acc070df2d7f89527c34a652966c3d4f8d2625d
SSDeep	6144:t4r6oHkCW5RJ0ENsJrmNKGbqfIFxpD9jFlQFTMGDpv0R9YLMk:t4rTHkCyJWJSl8IVxQ1bRc9Yp
Size	401247 bytes
File Type	PE32 executable (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Spy.ZBot.34.16 Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.FakeAV Panda = Suspicious file K7AntiVirus = Riskware Emsisoft = Trojan.Win32.Pirminay!IK Comodo = TrojWare.Win32.Trojan.Agent.Gen Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Kryptik.ANL!tr Jiangmin = Trojan/Pirminay.qz F-Secure = Gen:Variant.Zbot.34 VIPRE = Trojan.Win32.Generic!BT F-Prot = W32/Ponmocup.A.gen!Eldorado AVG = Downloader.Generic11.WYS Sophos = Mal/Ponmocup-A GData = Gen:Variant.Zbot.34 Commtouch = W32/Ponmocup.A.gen!Eldorado TheHacker = Trojan/Pirminay.etq ESET-NOD32 = Win32/TrojanDownloader.Agent.PXO BitDefender = Gen:Variant.Zbot.34
ExIF Data	File Size : 392 kB File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:09:23 09:37:55-04:00 PE Type : PE32 Linker Version : 5.12 Code Size : 389120 Initialized Data Size : 290816 Uninitialized Data Size : 0 Entry Point : 0x5c06f OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : VDM Parallel Driver File Version : 5.1.2600.0 (XPClient.010817-1148) Internal Name : parvdm.sys Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : parvdm.sys Product Name : Microsoft® Windows® Operating System Product Version : 5.1.2600.0
VirusTotal Report submitted 2012-09-17 15:20:45
VirusShare info last updated 2012-09-18 02:08:10

	MD5	02acd9873863714b1808d93f5a3a6035
	SHA1	37617afc4f2af61fe79b797d6b5ce38c9c24784b
	SHA256	58c5145a3d9daf1a45d48c674fe13ea8814ae1739f4c785cabf5b50c88824af6
SSDeep	3072:S+Pm6rU50oY8ACzvM/cXBeEedFzuMqqDLy/QoDbc:QekJ60BwFzFqqDLuQ
Size	131072 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-HF [Cryp] Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/Genetic.gen nProtect = Trojan/W32.Genome.131072.E K7AntiVirus = Riskware VirusBuster = Trojan.Vundo.AKMH eTrust-Vet = Win32/Vundo.HPV!genus TrendMicro-HouseCall = TROJ_GEN.R06C1L8 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[Cont] McAfee-GW-Edition = Vundo!ne DrWeb = Trojan.WinSpy.1185 TrendMicro = TROJ_GEN.R06C1L8 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.kuzi McAfee = Vundo!ne F-Secure = Gen:Variant.Vundo.4 VIPRE = Virtumonde F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic26.KIM Norman = Vundo.UVS Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.lxf BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Size : 128 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:05 18:48:40-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 86016 Initialized Data Size : 86016 Uninitialized Data Size : 0 Entry Point : 0x151a7 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.1.4026.0 Product Version Number : 2.0.0.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : Ncpniezam Kdqqjqacykd File Description : Movie Maker Filters File Version : 2, 1, 4026, 0 Internal Name : WMM2FILT Legal Copyright : Copyright (C) Lfwckqjlh Corp, 2004 Legal Trademarks : Original Filename : WMM2FILT.DLL Private Build : Product Name : Windows Movie Maker Product Version : 2.1.4026.0 Special Build :
VirusTotal Report submitted 2011-12-16 17:40:26
VirusShare info last updated 2012-09-18 07:41:14

	MD5	0ec840873e22a4e662d2cf534d25068e
	SHA1	7411426b1bde2938162bb0bf8a627d0a0ac2a347
	SHA256	4956d401137a6f6e18ae44b35334a9432c3c1a5e922065f9fb3b5aaf7293c7e3
SSDeep	3072:iAPBEjU8b8zM97tu1G31fyulodMqqDLy/F4SV8:lPy8zqha8zqqDLuXV8
Size	118784 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-HH [Cryp] Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Genome Panda = Trj/Genetic.gen K7AntiVirus = Riskware VirusBuster = Trojan.Vundo!cixaWFrzWNI eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R4FC2GH Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Kundo McAfee-GW-Edition = Vundo!jq DrWeb = Trojan.Click1.63787 TrendMicro = TROJ_GEN.R4FC2GH Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen McAfee = Vundo!jq F-Secure = Gen:Variant.Vundo.16 VIPRE = Virtumonde eSafe = Win32.TRVundo F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.AGKM Norman = W32/Suspicious_Gen2.NOZUM Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.16 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Genome.srdh BitDefender = Gen:Variant.Vundo.16 NOD32 = probably a variant of Win32/Kryptik.LXF
ExIF Data	File Size : 116 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:16 03:31:27-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 40960 Initialized Data Size : 118784 Uninitialized Data Size : 0 Entry Point : 0x6ec2 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1998.11.13.0 Product Version Number : 7.0.6.23 File Flags Mask : 0x003f File Flags : (none) File OS : Win16 Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Windows, Latin1 Platform : Windows Company Name : Microsoft Corporation File Description : SQL Client Configuration Utility. File Version : 1998.11.13 Internal Name : CLICONFG. Legal Copyright : Copyright © Microsoft Corp. 1988-1998 Legal Trademarks : Microsoft® is a registered trademark of Microsoft Corporation. Windows(TM) is a trademark of Microsoft Corporation Original Filename : CLICONFG.EXE. Product Name : Microsoft SQL Server Product Version : 7.00.623 Comments : Windows
VirusTotal Report submitted 2012-02-10 15:23:45
VirusShare info last updated 2012-09-18 08:32:13

	MD5	1438bd83a4bd2d2c8a591fc4dc42efc1
	SHA1	84d0fbea69014687158c27962736ce57e9b3be3a
	SHA256	57a6e2292772bc7ed74616f2d4d0666ab0b5fc64ea597473f3374dd4b2ebb6bf
SSDeep	3072:ylb1IVLs05WNzmn+OHAEfihKXBGfK/78uxxXUqC1A8D3Qx:8I20okfUrfKbLqTD3Y
Size	115200 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-GD Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Vundo Panda = Trj/Genetic.gen Rising = Trojan.Win32.Generic.128737E6 nProtect = Gen:Variant.Vundo.4 Comodo = TrojWare.Win32.Kryptik.LLT SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Artemis!1438BD83A4BD Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Jiangmin = Trojan/Generic.fnxb McAfee = Artemis!1438BD83A4BD F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-GD AVG = Generic23.AGRR GData = Gen:Variant.Vundo.4 TheHacker = Trojan/Kryptik.llt BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LLT
ExIF Data	File Size : 112 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:06:11 15:18:07-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 102400 Initialized Data Size : 49152 Uninitialized Data Size : 0 Entry Point : 0x19601 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.0.0.3422 Product Version Number : 2.0.0.3422 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : Rlikrttkj Ibietanazzz File Description : Jugqectay Character Animation Data Provider File Version : 2.00.0.3422 Internal Name : AgentDataProvider2 Legal Copyright : Copyright (C) Bhgtbibxy Corp. 1997-98 Legal Trademarks : Original Filename : AgentDp2.dll Private Build : Product Name : Nrrmupjma Character Animation Data Provider Product Version : 2.00.0.3422 Special Build :
VirusTotal Report submitted 2011-07-01 06:13:46
VirusShare info last updated 2012-09-18 08:50:09

	MD5	23e05c457870587a27fb2f58393fa17d
	SHA1	bcff03d1ba8272aba1bd73fb41cd8e4873f5cb8d
	SHA256	592ffa6c87feca17666bbfbb80dd91313332f20df3377f91dc97715298d8b26e
SSDeep	3072:p7UgfjBDBUm4JD9oqe5/HbkL6Ho6Pfi7ZR5Ex32669cm0y2N9:DB6Fe5PbkL+Pfi
Size	155648 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-GD Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Malware/Win32.Generic Panda = Generic Trojan nProtect = Gen:Variant.Vundo.13 K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_GEN.R3EC3FI Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Generic.dx!zti Fortinet = W32/Dx.ZTI!tr PCTools = Trojan.Gen McAfee = Generic.dx!zti VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:MalOb-GD AVG = Generic21.COHM Norman = W32/Suspicious_Gen2.MOGGJ Symantec = Trojan.Gen GData = Gen:Variant.Vundo.13 BitDefender = Gen:Variant.Vundo.13 NOD32 = probably a variant of Win32/Kryptik.LXF
ExIF Data	File Size : 152 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2005:03:27 20:29:25-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 49152 Initialized Data Size : 139264 Uninitialized Data Size : 0 Entry Point : 0x933a OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1.0.13.0 Product Version Number : 1.0.13.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 1 Language Code : Danish Character Set : Unicode Comments : Company Name : Crjnqwpap Fnzjoqtkgdl File Description : Lexmark 3200 Color Jetprinter File Version : 1, 0, 13, 0 Internal Name : LXSYSRES.DLL Legal Copyright : Copyright (C) Fzcdjmecz Corp. 1981-1997 Legal Trademarks : Original Filename : OEMRES Private Build : Product Name : Tbhsuckgp(R) Hzzhyzz NT(R) Operativsystem Product Version : 1, 0, 13, 0 Special Build :
VirusTotal Report submitted 2011-06-18 08:03:23
VirusShare info last updated 2012-09-18 09:45:27

	MD5	2cbc3efb54092a47a3075b578adda870
	SHA1	2df9005deaf1c458a55bc17124d5c97a6952d3c0
	SHA256	57d1d414b79db37b8008e28abf3b90eb3aeb25f0414fa84f955bb5b6330cceff
SSDeep	3072:IUv0OVAcR4enPgAQNlb93Ag2el/MqqDLy/85kS:IaOcR4ePAxizqqDLuo
Size	136704 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-HF [Cryp] Antiy-AVL = Trojan/win32.agent.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Fakeav.136704.AN nProtect = Trojan/W32.Agent.136704.HD K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!dXzl6yV4HIk eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R47C2GC Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Falleg[Cont] McAfee-GW-Edition = Artemis!2CBC3EFB5409 DrWeb = Trojan.Virtumod.10084 TrendMicro = TROJ_GEN.R47C2GC Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.ineh McAfee = Artemis!2CBC3EFB5409 F-Secure = Trojan.Generic.KDV.278440 VIPRE = Trojan.Win32.Generic!BT F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.DKB Norman = W32/Suspicious_Gen2.NHEYM Sophos = Mal/Generic-L GData = Trojan.Generic.KDV.278440 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.myj BitDefender = Trojan.Generic.KDV.278440 NOD32 = a variant of Win32/Kryptik.MYJ
ExIF Data	File Size : 134 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:20 09:51:04-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 106496 Initialized Data Size : 86016 Uninitialized Data Size : 0 Entry Point : 0x1649a OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 0.90.16.16384 Product Version Number : 0.90.16.16384 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Unicode Company Name : N-trig Innovative Technologies File Description : N-trig tablet digitizer in-box driver File Version : 0.90.16.16384 (Vista_RC1.060509-2219) Internal Name : ntrigdigi.sys Legal Copyright : © Crhnesmrg Reogypswwyj. All rights reserved. Original Filename : ntrigdigi.sys Product Name : N-trig tablet digitizer in-box driver Product Version : 0.90.16.16384
VirusTotal Report submitted 2012-02-26 19:41:49
VirusShare info last updated 2012-09-18 10:16:06

	MD5	2dc52d83fee5ff7569b7c23f2fb3d4d8
	SHA1	cc81c71788088dbefe3bcb2df38e718612dc10a3
	SHA256	48db60464e0e977c79ea4d6d454fff9dc96ab5448428234d1f94fa9546e3ed5e
SSDeep	3072:i7IqP1U8d8zM97tu1G31fyuaoCMqqDLy/S4SV8:aIW8zqha8LqqDLusV8
Size	118784 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay Panda = Suspicious file nProtect = Gen:Variant.Vundo.7 Emsisoft = Trojan.Win32.Pirminay!IK Microsoft = Trojan:Win32/Vundo.gen!AV F-Secure = Gen:Variant.Vundo.7 VIPRE = Virtumonde Avast5 = Win32:Malware-gen AVG = Generic23.AGKM GData = Gen:Variant.Vundo.7 BitDefender = Gen:Variant.Vundo.7 NOD32 = probably a variant of Win32/Kryptik.LXF
ExIF Data	File Size : 116 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:16 03:31:27-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 40960 Initialized Data Size : 118784 Uninitialized Data Size : 0 Entry Point : 0x6ec2 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1998.11.13.0 Product Version Number : 7.0.6.23 File Flags Mask : 0x003f File Flags : (none) File OS : Win16 Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Windows, Latin1 Platform : Windows Company Name : Microsoft Corporation File Description : SQL Client Configuration Utility. File Version : 1998.11.13 Internal Name : CLICONFG. Legal Copyright : Copyright © Microsoft Corp. 1988-1998 Legal Trademarks : Microsoft® is a registered trademark of Microsoft Corporation. Windows(TM) is a trademark of Microsoft Corporation Original Filename : CLICONFG.EXE. Product Name : Microsoft SQL Server Product Version : 7.00.623 Comments : Windows
VirusTotal Report submitted 2011-07-17 10:04:57
VirusShare info last updated 2012-09-18 10:20:48

	MD5	4aa174d4d31cde61ef4f0718ddb3dfd6
	SHA1	238e3473e036647fbbb573187ba7d4993309f476
	SHA256	58eb149c0bbb41ccaa6eef99e143bdbfa78417f98bbe7b634694bd1f32635ff1
SSDeep	3072:41+DIRoalORz15MXdUGMdVZG3BFlr1G429747xsVi9Wf2TbvRQeCI:41+D8ozZkeG3Vxf29747xsvkv2I
Size	131072 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.13 K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_GEN.R72C7J8 Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Vundo!ml TrendMicro = TROJ_GEN.R72C7J8 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.imqv McAfee = Vundo!ml F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.13 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.OXO
ExIF Data	File Size : 128 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:06:22 11:38:10-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 61440 Initialized Data Size : 98304 Uninitialized Data Size : 0 Entry Point : 0xf6b1 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.3.1.146 Product Version Number : 6.3.1.146 File Flags Mask : 0x003f File Flags : (none) File OS : Windows 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Windows, Latin1 Company Name : Pvtgzhytq Stbfsqdhccy File Description : TIME File Version : 6.03.01.0146 Internal Name : DATIME Legal Copyright : Copyright © Snyresdgl Corp. 1998-1999 Original Filename : DATIME.DLL Product Name : Bhhsllywf® Uhivwmo(TM) Sfuiqmllj Zlludo Product Version : 6.03.01.0146
VirusTotal Report submitted 2011-10-12 12:58:42
VirusShare info last updated 2012-09-18 11:59:02

	MD5	61e3061fe8d178a9760f19631f67a2fa
	SHA1	e2cc1458ce8ad17d014e7e732b0fc8942bef30f1
	SHA256	48e24783c574f743200e5b7ef3987c4529bb5e26c7590156c2431cba4b975e78
SSDeep	3072:vGlRVUo1MqqDLy/HfxgzsuOVVFlknay0z:uLgqqDLuJecVf6U
Size	106496 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-HH [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.FakeAV Panda = Suspicious file K7AntiVirus = Riskware VirusBuster = Trojan.Vundo!wZnnEzJRMZg eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R47C2G4 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.MulDrop2.36782 TrendMicro = TROJ_GEN.R47C2G4 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.iqqv McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.13 VIPRE = Virtumonde eSafe = Win32.TRVundo F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.GEL Norman = W32/Kryptik.AIF GData = Gen:Variant.Vundo.13 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.npr BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.NPR
ExIF Data	File Size : 104 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:08:22 16:27:15-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 36864 Initialized Data Size : 118784 Uninitialized Data Size : 0 Entry Point : 0x5e8e OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.5512 Product Version Number : 5.1.2600.5512 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 4 Language Code : English (U.S.) Character Set : Unicode Company Name : Hhkpnmodi Gztyebnxsek File Description : RDP Display Driver File Version : 5.1.2600.5512 (xpsp.080413-2111) Internal Name : RDPDD.dll Legal Copyright : © Flaqhafxi Kjvcqccrztv. All rights reserved. Original Filename : RDPDD.dll Product Name : Iaunetfay® Dljbfjb® Pbkgrfwtm Qhktdp Product Version : 5.1.2600.5512
VirusTotal Report submitted 2012-04-09 02:50:58
VirusShare info last updated 2012-09-18 13:25:34

	MD5	a98352e37c51ec8fe7f7210e32cd66ca
	SHA1	862b7d6a1ed1bf4e68db273755389c2842011e02
	SHA256	57efb2f1124d2eeebc5bdcf26d0ba28341fb5b82ca03706a491b91a4a14f77c7
SSDeep	3072:e8WRgK/eTpe63j1N7V4gxW+Vir8fflHcIACjg0YcYmbRIryLcfBq8EOOW:l31ZtJ8+VcaYJmbRrGBqRW
Size	102912 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.307200 Avast = Win32:MalOb-EI Antiy-AVL = Trojan/win32.agent.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Gen Panda = Trj/CI.A Rising = Trojan.Win32.Generic.1288FA1A nProtect = Gen:Variant.Vundo.13 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!wGpkZnT4Sfg TrendMicro-HouseCall = TROJ_GEN.R29C1F4 Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Faldesc[RE] McAfee-GW-Edition = Vundo!iv TrendMicro = TROJ_GEN.R29C1F4 Kaspersky = HEUR:Trojan.Win32.Generic ViRobot = Trojan.Win32.Vundo.102912 Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Vundo.IV!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.gddy McAfee = Vundo!iv F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-EI F-Prot = W32/Virtumonde.CD.gen!Eldorado AVG = Generic22.BFHJ Norman = W32/Suspicious_Gen2.MHTDJ Symantec = Trojan.Gen GData = Gen:Variant.Vundo.13 Commtouch = W32/Virtumonde.CD.gen!Eldorado TheHacker = Trojan/Kryptik.lxf BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Size : 100 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:08:15 19:44:32-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 53248 Initialized Data Size : 90112 Uninitialized Data Size : 0 Entry Point : 0xa8a5 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6001.18000 Product Version Number : 6.0.6001.18000 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Crspatyrt Iiavhzuekfy File Description : Inttonhuv EAPHost Peer Client DLL File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840) Internal Name : eappprxy.dll Legal Copyright : © Tmzeezucf Orpcjqwwmcj. All rights reserved. Original Filename : eappprxy.dll Product Name : Egasnptin® Klrcaac® Cbpvxbcoj Nvuogg Product Version : 6.0.6001.18000
VirusTotal Report submitted 2011-06-25 13:23:04
VirusShare info last updated 2012-09-18 19:52:28

	MD5	d115353af7392d27ed14351de3c70260
	SHA1	19f05bec563c9207caad49bf1e2041e306ab0fb0
	SHA256	57ed8e012ddc1a10c9a3f326c282ea5a2e2f0ce2859587f1c6001f3b16708b68
SSDeep	3072:Ckb1IVLs05WNzmn+OHDEDKbKXBGfK/g8uqxXjqC8AfD3u2x:zI20okfBrfKWGqcD3uW
Size	115200 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-GD Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Vundo Panda = Trj/Genetic.gen nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_GEN.R72C2FP Comodo = TrojWare.Win32.Kryptik.LLT SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Artemis!D115353AF739 TrendMicro = TROJ_GEN.R72C2FP Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV PCTools = Trojan.Gen Jiangmin = Trojan/Generic.fnxb McAfee = Artemis!D115353AF739 F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-GD AVG = Generic23.LIR Symantec = Trojan.Gen GData = Gen:Variant.Vundo.4 TheHacker = Trojan/Kryptik.llt BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LLT
ExIF Data	File Size : 112 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:06:11 15:18:07-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 102400 Initialized Data Size : 49152 Uninitialized Data Size : 0 Entry Point : 0x19601 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.0.0.3422 Product Version Number : 2.0.0.3422 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : Rlikrttkj Ibietanazzz File Description : Jugqectay Character Animation Data Provider File Version : 2.00.0.3422 Internal Name : AgentDataProvider2 Legal Copyright : Copyright (C) Bhgtbibxy Corp. 1997-98 Legal Trademarks : Original Filename : AgentDp2.dll Private Build : Product Name : Nrrmupjma Character Animation Data Provider Product Version : 2.00.0.3422 Special Build :
VirusTotal Report submitted 2011-06-30 13:58:48
VirusShare info last updated 2012-09-18 22:20:17

	MD5	e6aec4f6064cabe724ef3e5e0d0e66c8
	SHA1	449f3510fe015616a4910df71b09a63e6fb62b8e
	SHA256	4975f81fe04fc1c9d1a10ba252a5433d6cfe0ae4d52fff98949007c82c3f4e22
SSDeep	768:OUGkZ49W3TzS9r4i607jUDHwNkCw4kkTRXOo:Au49IzS98i6wjBknQo
Size	35823 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Spy.Gen Avast = Win32:Pirminay-EE [Trj] Antiy-AVL = AdWare/Win32.SuperJuan Ikarus = not-a-virus:AdWare.Win32.SuperJuan AhnLab-V3 = Trojan/Win32.Variant Panda = Trj/Genetic.gen K7AntiVirus = Adware VirusBuster = Adware.Virtumonde!ZXRDCnGw74M VBA32 = AdWare.SuperJuan.heur TrendMicro-HouseCall = TROJ_GEN.R4FC2H5 Emsisoft = Riskware.AdWare.Win32.SuperJuan!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Generic PUP.x!pl DrWeb = Trojan.WinSpy.1558 Kaspersky = not-a-virus:AdWare.Win32.SuperJuan.heur Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = Riskware/PUP_x Jiangmin = Adware/SuperJuan.hk McAfee = Generic PUP.x!pl F-Secure = Gen:Variant.Vundo.10 VIPRE = Trojan.Win32.Vundo eSafe = Win32.TRSpy AVG = Generic25.JEI Norman = W32/Suspicious_Gen2.QZHGA Symantec = WS.Reputation.1 GData = Gen:Variant.Vundo.10 TheHacker = Trojan/Ponmocup.aa ESET-NOD32 = a variant of Win32/Ponmocup.AA BitDefender = Gen:Variant.Vundo.10
ExIF Data	File Size : 35 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 8704 Initialized Data Size : 24064 Uninitialized Data Size : 0 Entry Point : 0x2f5a OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-09-12 22:13:27
VirusShare info last updated 2012-09-18 23:33:31

	MD5	0deaa175268077c9cab075c6a1f86f30
	SHA1	47b6ff48e877aaee1d58f72beb02a152b8f46e43
	SHA256	58139653e3d4bac7c6641b902bee734d128580608f9ab43aa33e4fdf284abf0a
SSDeep	3072:sNFIakmH7Ctj2oYnMxweCrf71TidSfULmwbEo7j21F:sNSak5SoYnSweudUS8LmUBc
Size	120832 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-GD [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Vundo Panda = Trj/Genetic.gen Rising = Trojan.Vundo!3CB2 nProtect = Trojan/W32.Genome.120832 K7AntiVirus = Trojan TrendMicro-HouseCall = TROJ_GEN.R72C2F9 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[Cont] McAfee-GW-Edition = Vundo.gen.fy DrWeb = Trojan.WinSpy.1073 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Generic.imrk McAfee = Vundo.gen.fy F-Secure = Trojan.Generic.6092683 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Cryptic.DXA Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen Symantec = Trojan.Gen GData = Trojan.Generic.6092683 Commtouch = W32/Virtumonde.CH.gen!Eldorado Agnitum = Trojan.Kryptik!d4t/OH6lVFk TheHacker = Trojan/Kryptik.npn ESET-NOD32 = a variant of Win32/Kryptik.NPN BitDefender = Trojan.Generic.6092683
ExIF Data	File Size : 118 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:14 13:39:47-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 69632 Initialized Data Size : 94208 Uninitialized Data Size : 0 Entry Point : 0x11a81 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1.3.0.3130 Product Version Number : 1.3.0.3130 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Jywyluocc Vhpbrgajfmp File Description : TDC ActiveX Control File Version : 1, 3, 0, 3130 Internal Name : TDC Legal Copyright : Copyright © 1996, 1997 Original Filename : TDC.OCX Product Name : Tabular Data Control Product Version : 1, 3, 0, 3130
VirusTotal Report submitted 2012-09-18 12:28:49
VirusShare info last updated 2012-09-19 01:41:10

	MD5	83fc2de32d19e51017e1365ac9c5c0ed
	SHA1	ea87ac4c42df43dcb91a68e652ff282ab9619d40
	SHA256	48751b46bb0dc850ea0c2950fdece3064f933cbc6e8ed2116f39e4dde5b178f9
SSDeep	3072:1C6Z64DXM/9zefZDa7taxsg0NxilssIxo3MqqDLy/0ed:VZ64D8/9zuDu35NxRsI1qqDLuF
Size	147456 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Malware/Win32.Generic Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!vNtoip9TAUI TrendMicro-HouseCall = TROJ_GEN.R47C2GC Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Artemis!83FC2DE32D19 TrendMicro = TROJ_GEN.R47C2GC Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV PCTools = Trojan.Gen McAfee = Artemis!83FC2DE32D19 F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Malware-gen F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.BOQ Norman = W32/Suspicious_Gen2.NHDQA GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.npr BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.NPR
ExIF Data	File Size : 144 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2007:02:28 20:53:57-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 69632 Initialized Data Size : 118784 Uninitialized Data Size : 0 Entry Point : 0xd5ea OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6001.18000 Product Version Number : 6.0.6001.18000 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Fqlifkznz Xwesldjhoce File Description : E-mail Naming Shim Provider File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840) Internal Name : napinsp.dll Legal Copyright : © Vdslhwcqh Asatkkddilf. All rights reserved. Original Filename : napinsp.dll Product Name : Microsoft® Usptfzd® Hnruqnawm Ctlskd Product Version : 6.0.6001.18000
VirusTotal Report submitted 2011-08-23 06:24:36
VirusShare info last updated 2012-09-19 05:01:53

	MD5	8586d3c2d122d9d9731eb485f7498aaa
	SHA1	e6b15590d0b305b63bd518d8610ec630028114a3
	SHA256	58513cc1ee17181a62063e782d54e194cce1eb38cb61a16e184b7ef56e18dfa1
SSDeep	3072:Ef0c0gOUelqccixJ/aMFAN7rlR33OninJRkadiM:IR0ghOqJixFkN7LHOiXk0
Size	106496 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-GD [Cryp] Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Pirminay Kingsoft = Win32.Troj.Generic.(kcloud) AhnLab-V3 = Trojan/Win32.Genome Panda = Trj/Genetic.gen Rising = Trojan.Vundo!3CB2 K7AntiVirus = Trojan TrendMicro-HouseCall = TROJ_GEN.R4FC1HO Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Faldesc[Cont] McAfee-GW-Edition = Vundo.gen.fy DrWeb = Trojan.Click1.63025 TrendMicro = TROJ_GEN.R4FC1HO Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Genome.akzv McAfee = Vundo.gen.fy F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Vundo.MH Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.13 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado Agnitum = Adware.Virtumonde!6IGxMNdP/0E ESET-NOD32 = a variant of Win32/Adware.Virtumonde.NKO BitDefender = Gen:Variant.Vundo.13
ExIF Data	File Size : 104 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:01:06 17:18:11-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 49152 Initialized Data Size : 90112 Uninitialized Data Size : 0 Entry Point : 0x96dd OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.0.0.3422 Product Version Number : 2.0.0.3422 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : Qfvcysofc Corporation File Description : Mjpfshyda Agent Data Provider File Version : 2.00.0.3422 Internal Name : AgentDataProvider Legal Copyright : Copyright (C) Udxuqhanw Corp. 1997-98 Legal Trademarks : Original Filename : AgentDpv.dll Private Build : Product Name : Zkfnzoylw Agent Data Provider Product Version : 2.00.0.3422 Special Build :
VirusTotal Report submitted 2012-09-18 19:28:41
VirusShare info last updated 2012-09-19 05:05:27

	MD5	8bd5bd856b3ff48cc455bcad70f45a81
	SHA1	2ce73a21e741549c0d2d97f55f7e257f448f7c1f
	SHA256	49554efe36d11783c5045ad2e37839b712464753c433e6fe3f34c5d3458d833c
SSDeep	3072:PkU25O3mzCaJ3vefmaFwfTzx94ZSSFDN5G5galRQQyWlOQ1:PkU2kmOaJGfmgIf4LJ7YgTWlOQ
Size	155648 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.307200 Avast = Win32:MalOb-GD [Cryp] Ikarus = Trojan.Win32.Pirminay Kingsoft = Win32.Troj.Undef.(kcloud) AhnLab-V3 = Trojan/Win32.Vundo Panda = Trj/Genetic.gen Rising = Trojan.Vundo!3CB2 nProtect = Trojan/W32.Agent.155648.YZ K7AntiVirus = Trojan TrendMicro-HouseCall = TROJ_GEN.R26C1L9 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[Cont] McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.Juan.431 TrendMicro = TROJ_GEN.R26C1L9 Kaspersky = HEUR:Trojan.Win32.Generic ViRobot = Trojan.Win32.A.Monder.155648.S Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Moder.DRJY!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.H!generic Jiangmin = Adware/SuperJuan.me McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.4 VIPRE = Virtumonde F-Prot = W32/Virtumonde.CD.gen!Eldorado AVG = Cryptic.DQQ Norman = W32/Suspicious_Gen2.MOGKS Sophos = Troj/Virtum-Gen Symantec = Trojan.Gen.2 GData = Gen:Variant.Vundo.4 Commtouch = W32/Virtumonde.CD.gen!Eldorado Agnitum = Adware.Virtumonde!pCa6t+5C8bw ESET-NOD32 = a variant of Win32/Adware.Virtumonde.NHN BitDefender = Gen:Variant.Vundo.4
ExIF Data	File Size : 152 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:02 11:26:41-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 94208 Initialized Data Size : 94208 Uninitialized Data Size : 0 Entry Point : 0x13d85 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7000.0 Product Version Number : 6.1.7000.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 2 Language Code : Neutral Character Set : Unicode Company Name : Zgctqjuhl Ufgitmzmetc File Description : Azeri-Latin Keyboard Layout File Version : 6.1.7000.0 (winmain_win7beta.081212-1400) Internal Name : kbdazel (3.13) Legal Copyright : © Zfsoqeftj Idmmgpdsrsv. All rights reserved. Original Filename : kbdazel.dll Product Name : Gbxsssaag® Yfjydck® Dxjnbnulb Yvutlr Product Version : 6.1.7000.0
VirusTotal Report submitted 2012-09-18 19:50:09
VirusShare info last updated 2012-09-19 05:15:54

	MD5	0087cb3b7517cb3299e97796d9620f9c
	SHA1	fa4d399fb799d4c0e22a1b25143ff702d24253a6
	SHA256	d2748de24600437c81db122f4f9bd55992d9aff4bad02cd63bc487a3e31476a6
SSDeep	3072:S+9E6rU50oY8ACISb6cXJ6irUdFzIEMqqDLy/eoDbc:Qek3m0J6RFz4qqDLue
Size	131072 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:Vundo-JX [Trj] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/Genetic.gen nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!uI/0TA8j7Qo eTrust-Vet = Win32/Vundo.HPV!genus TrendMicro-HouseCall = TROJ_GEN.R72C2G8 Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Vundo!iy TrendMicro = TROJ_GEN.R72C2G8 Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Vundo.IY!tr McAfee = Vundo!iy F-Secure = Trojan.Generic.6168207 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Vundo-JX [Trj] eSafe = Win32.TRVundo AVG = Generic23.STU Norman = W32/Suspicious_Gen2.MYUMJ GData = Trojan.Generic.6168207 BitDefender = Trojan.Generic.6168207 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Size : 128 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:05 18:48:40-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 86016 Initialized Data Size : 86016 Uninitialized Data Size : 0 Entry Point : 0x151a7 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.1.4026.0 Product Version Number : 2.0.0.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : Ncpniezam Kdqqjqacykd File Description : Movie Maker Filters File Version : 2, 1, 4026, 0 Internal Name : WMM2FILT Legal Copyright : Copyright (C) Lfwckqjlh Corp, 2004 Legal Trademarks : Original Filename : WMM2FILT.DLL Private Build : Product Name : Windows Movie Maker Product Version : 2.1.4026.0 Special Build :
VirusTotal Report submitted 2011-07-10 06:52:48
VirusShare info last updated 2012-09-19 11:07:55

	MD5	015212214542d51da2716c715cda3306
	SHA1	460a86e5526233521c16eab2068ab9df7e1127ca
	SHA256	c8a23952c5c563abe94efd1f30edf16532d6ee94a3c1be91cc0f9db8a579f087
SSDeep	3072:S+nYQ6rU50oY8AC4sgkcXGrkVzdFzWMqqDLy/LoDbc:VzekBl0GaFzdqqDLuL
Size	131072 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-HF [Cryp] Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/Genetic.gen nProtect = Trojan/W32.Genome.131072.E K7AntiVirus = Riskware VirusBuster = Trojan.Vundo.AKMH eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R47C2GC Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[Cont] McAfee-GW-Edition = Artemis!015212214542 DrWeb = Trojan.WinSpy.1185 TrendMicro = TROJ_GEN.R47C2GC Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.nkxv McAfee = Artemis!015212214542 F-Secure = Gen:Variant.Vundo.4 VIPRE = Virtumonde eSafe = Win32.TRVundo F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.ASAO Norman = Vundo.UVS Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.lxf BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Size : 128 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:05 18:48:40-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 86016 Initialized Data Size : 86016 Uninitialized Data Size : 0 Entry Point : 0x151a7 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.1.4026.0 Product Version Number : 2.0.0.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : Ncpniezam Kdqqjqacykd File Description : Movie Maker Filters File Version : 2, 1, 4026, 0 Internal Name : WMM2FILT Legal Copyright : Copyright (C) Lfwckqjlh Corp, 2004 Legal Trademarks : Original Filename : WMM2FILT.DLL Private Build : Product Name : Windows Movie Maker Product Version : 2.1.4026.0 Special Build :
VirusTotal Report submitted 2012-02-12 08:49:14
VirusShare info last updated 2012-09-19 11:25:30

	MD5	09346f94a39589a20aefb5c1aa1ab386
	SHA1	98864b2ccedb55581fa9eee922375921072dafa2
	SHA256	9585be67f612f568d54df272194377dc59e100e75d21884e4f70d0d6f104c2b9
SSDeep	3072:S+mD6rU50oY8ACFAXNcXN7mkidFzjMqqDLy/SoDbc:Aeks90N0FzQqqDLuS
Size	131072 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:Vundo-JX Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.4 VirusBuster = Trojan.Vundo.AKMH eTrust-Vet = Win32/Vundo.HPV!genus Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Artemis!09346F94A395 Microsoft = Trojan:Win32/Vundo.gen!AV PCTools = Trojan.Gen McAfee = Artemis!09346F94A395 F-Secure = Gen:Variant.Vundo.4 VIPRE = Virtumonde Avast5 = Win32:Vundo-JX AVG = Generic23.AEKN Symantec = Trojan.Gen GData = Gen:Variant.Vundo.4 BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Size : 128 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:05 18:48:40-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 86016 Initialized Data Size : 86016 Uninitialized Data Size : 0 Entry Point : 0x151a7 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.1.4026.0 Product Version Number : 2.0.0.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : Ncpniezam Kdqqjqacykd File Description : Movie Maker Filters File Version : 2, 1, 4026, 0 Internal Name : WMM2FILT Legal Copyright : Copyright (C) Lfwckqjlh Corp, 2004 Legal Trademarks : Original Filename : WMM2FILT.DLL Private Build : Product Name : Windows Movie Maker Product Version : 2.1.4026.0 Special Build :
VirusTotal Report submitted 2011-07-01 15:14:03
VirusShare info last updated 2012-09-19 13:40:02

	MD5	0f00b8e4a66cb10f54da15b2231917cf
	SHA1	91644ab0712992efa6f4d715d6a4ff898bf376ca
	SHA256	c06f8dbed7ec3cde0dd604cc3669eb18b5521e30e02f3dfb48030b4a3aeb260e
SSDeep	3072:0aUFZXVAcR4enPgACthb935g2elsMqqDLy/p5kS:0aEYcR4ePuhxJAqqDLuh
Size	136704 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.FakeAV Panda = Trj/CI.A VirusBuster = Trojan.Kryptik!+g00opZDfNM TrendMicro-HouseCall = TROJ_GEN.R47C2GB Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Falleg[RE] McAfee-GW-Edition = Vundo!ja TrendMicro = TROJ_GEN.R47C2GB Microsoft = Trojan:Win32/Vundo Fortinet = W32/VUNDO.JA!tr McAfee = Vundo!ja F-Secure = Trojan.Generic.KDV.277031 VIPRE = Virtumonde Avast5 = Win32:Malware-gen AVG = Generic23.DKB Norman = W32/Suspicious_Gen2.NHZDN Symantec = Trojan.Gen GData = Trojan.Generic.KDV.277031 TheHacker = Trojan/Kryptik.myj BitDefender = Trojan.Generic.KDV.277031 NOD32 = a variant of Win32/Kryptik.MYJ
ExIF Data	File Size : 134 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:20 09:51:04-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 106496 Initialized Data Size : 86016 Uninitialized Data Size : 0 Entry Point : 0x1649a OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 0.90.16.16384 Product Version Number : 0.90.16.16384 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Unicode Company Name : N-trig Innovative Technologies File Description : N-trig tablet digitizer in-box driver File Version : 0.90.16.16384 (Vista_RC1.060509-2219) Internal Name : ntrigdigi.sys Legal Copyright : © Crhnesmrg Reogypswwyj. All rights reserved. Original Filename : ntrigdigi.sys Product Name : N-trig tablet digitizer in-box driver Product Version : 0.90.16.16384
VirusTotal Report submitted 2011-07-20 06:02:58
VirusShare info last updated 2012-09-19 14:48:31

	MD5	1538f086d40586631a8e659b84dd3537
	SHA1	b1888ed796cf2bfc64c0b279e999cba21530adf4
	SHA256	98402ed2a423bd302648fa2301b85c01578192a6bfb6e698798fc88477c3c045
SSDeep	1536:Zwv7NegBYUhirXQCl/blh6iOyKDr2hYtMU7P7YwR3:6hYUdelc2K59
Size	98304 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Gen Panda = Generic Trojan nProtect = Trojan.Generic.5831392 K7AntiVirus = Riskware Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Faldesc[RE] McAfee-GW-Edition = Artemis!1538F086D405 Microsoft = Trojan:Win32/Vundo PCTools = Trojan.Gen McAfee = Artemis!1538F086D405 F-Secure = Trojan.Generic.5831392 VIPRE = Trojan.Win32.Kryptik.laq (v) AVG = Generic22.ZNK Symantec = Trojan.Gen GData = Trojan.Generic.5831392 TheHacker = Trojan/Kryptik.ndi BitDefender = Trojan.Generic.5831392 NOD32 = a variant of Win32/Kryptik.NDI
ExIF Data	File Size : 96 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:06:30 10:11:52-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 20480 Initialized Data Size : 110592 Uninitialized Data Size : 0 Entry Point : 0x20c9 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7000.0 Product Version Number : 6.1.7000.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Ttbmtwjsq Magziqauxla File Description : Zwgmzsaid Base Smart Card Crypto Provider File Version : 6.1.7000.0 (winmain_win7beta.081212-1400) Internal Name : basecsp.dll Legal Copyright : © Vrznvwwzv Dboyduehdmp. All rights reserved. Original Filename : basecsp.dll Product Name : Jbfhhzscm® Jtdaxgv® Qvisjwtag Mivnrv Product Version : 6.1.7000.0
VirusTotal Report submitted 2011-05-18 12:32:23
VirusShare info last updated 2012-09-19 18:01:55

	MD5	175620e736e990578a1c9e1ef7db0154
	SHA1	6dda7fdb75063428be8b4fbf845c004d8ce5a76f
	SHA256	c1c0e408159495e857aafb75eddbdfda2762ed60a14493d9145a0d5b27be07f5
SSDeep	3072:FOba5AS1orpDoZeeyMqqDLy/9RJ6spc1OZIRWv06:bD15RqqDLuh1
Size	106496 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Malware/Win32.Generic nProtect = Gen:Variant.Vundo.4 Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Vundo!jf Microsoft = Trojan:Win32/Vundo McAfee = Vundo!jf F-Secure = Gen:Variant.Vundo.4 VIPRE = Virtumonde Avast5 = Win32:Malware-gen AVG = Generic23.AYCV Norman = W32/Suspicious_Gen2.NKQDL GData = Gen:Variant.Vundo.4 BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.OXO
ExIF Data	File Size : 104 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:05:05 17:25:25-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 20480 Initialized Data Size : 126976 Uninitialized Data Size : 0 Entry Point : 0x5691 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.0.0.3422 Product Version Number : 2.0.0.3422 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : Greek Character Set : Unicode Comments : Company Name : Nweouhwqs Zhqbxhwyili File Description : Uemxhckoe Agent International Dll File Version : 2.00.0.3422 Internal Name : agt0408 Legal Copyright : Copyright (C) Qgshcbkoy Corp. 1998 Legal Trademarks : Original Filename : agt0408.dll Private Build : Product Name : Mgpgmxiax Agent International Dll Product Version : 2.00.0.3422 Special Build :
VirusTotal Report submitted 2011-07-11 04:47:45
VirusShare info last updated 2012-09-19 19:05:10

	MD5	18c04757c2d9361d14b97f23ce9d8b24
	SHA1	a2ca94aff7aa3ca3d8c41ef7048252e832cc7e27
	SHA256	c0f256a3b7bff9d4f3b1b846c7fc353174ee5ebc84831daeadddac4612e0b358
SSDeep	3072:S+UKWO6rU50oY8ACBSgycXSbVRdFzRMqqDLy/BoDbc:tekyD0SFFz6qqDLuB
Size	131072 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:Vundo-JX [Trj] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/Genetic.gen nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware VirusBuster = Trojan.Vundo.AKMH eTrust-Vet = Win32/Vundo.HPV!genus TrendMicro-HouseCall = TROJ_GEN.R72C2G1 Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Vundo!iz TrendMicro = TROJ_GEN.R72C2G1 Microsoft = Trojan:Win32/Vundo.gen!AV McAfee = Vundo!iz F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Vundo-JX [Trj] eSafe = Win32.TRVundo AVG = Generic23.VKJ Norman = W32/Suspicious_Gen2.MZOGA GData = Gen:Variant.Vundo.4 BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Size : 128 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:05 18:48:40-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 86016 Initialized Data Size : 86016 Uninitialized Data Size : 0 Entry Point : 0x151a7 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.1.4026.0 Product Version Number : 2.0.0.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : Ncpniezam Kdqqjqacykd File Description : Movie Maker Filters File Version : 2, 1, 4026, 0 Internal Name : WMM2FILT Legal Copyright : Copyright (C) Lfwckqjlh Corp, 2004 Legal Trademarks : Original Filename : WMM2FILT.DLL Private Build : Product Name : Windows Movie Maker Product Version : 2.1.4026.0 Special Build :
VirusTotal Report submitted 2011-07-11 23:54:10
VirusShare info last updated 2012-09-19 19:47:44

	MD5	19e0febaa9eac9865bf39af377af1eca
	SHA1	23b6ab8a15e75d7f1e5154cb96fc5340cd9bcd6e
	SHA256	959a901d0c5329c48c7b8f661bc7525f26788e473f523556c5a1f4d943849b1e
SSDeep	3072:S+6a6rU50oY8AC0bhocXjvCBldFzWMqqDLy/CoDbc:NekKC0jviFzdqqDLuC
Size	131072 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-HF [Cryp] Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/Genetic.gen nProtect = Trojan/W32.Genome.131072.E K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!ULK12U5+ygs eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R72C2FU Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[Cont] McAfee-GW-Edition = Vundo!iy DrWeb = Trojan.WinSpy.1185 TrendMicro = TROJ_GEN.R72C2FU Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr Jiangmin = Trojan/Generic.oazs McAfee = Vundo!iy F-Secure = Trojan.Generic.6170825 VIPRE = Trojan.Win32.Generic!BT Prevx = Medium Risk Malware Dropper eSafe = Win32.TRVundo F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.THJ Norman = Vundo.UVS Sophos = Troj/Virtum-Gen GData = Trojan.Generic.6170825 Symantec = WS.Reputation.1 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.lxf BitDefender = Trojan.Generic.6170825 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Size : 128 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:05 18:48:40-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 86016 Initialized Data Size : 86016 Uninitialized Data Size : 0 Entry Point : 0x151a7 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.1.4026.0 Product Version Number : 2.0.0.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : Ncpniezam Kdqqjqacykd File Description : Movie Maker Filters File Version : 2, 1, 4026, 0 Internal Name : WMM2FILT Legal Copyright : Copyright (C) Lfwckqjlh Corp, 2004 Legal Trademarks : Original Filename : WMM2FILT.DLL Private Build : Product Name : Windows Movie Maker Product Version : 2.1.4026.0 Special Build :
VirusTotal Report submitted 2012-02-17 08:27:36
VirusShare info last updated 2012-09-19 20:24:48

	MD5	23eaad9d57061ff7c5b87794107d6a53
	SHA1	3cba37a764bfd1302f59af504a2a41cd3c43c742
	SHA256	d06e6d5422c75f4cb33a5f0cec709fe8e032abcdfc73748acd192f2bcb2b4c53
SSDeep	6144:7/rkCQx1u9icmkXUfxUXx4qqDLu32IKIW:7U1VksxUfqnuG3
Size	238080 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.AV.563 Avast = Win32:Rootkit-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Malware/Win32.Generic Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.13 TrendMicro-HouseCall = TROJ_GEN.R3EC2GG Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Vundo!jo TrendMicro = TROJ_GEN.R3EC2GG Microsoft = Trojan:Win32/Vundo.gen!AV ViRobot = Trojan.Win32.Vundo.238080 McAfee = Vundo!jo F-Secure = Gen:Variant.Vundo.13 VIPRE = Virtumonde Avast5 = Win32:Rootkit-gen AVG = Generic23.AJEZ Norman = W32/Suspicious_Gen2.NOQTL GData = Gen:Variant.Vundo.13 BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.LLT
ExIF Data	File Size : 232 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:11:28 07:10:00-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 147456 Initialized Data Size : 143360 Uninitialized Data Size : 0 Entry Point : 0x20fb2 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7000.0 Product Version Number : 6.1.7000.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Hwmpiekan Bvfqkqkypbi File Description : Net Event Handler File Version : 6.1.7000.0 (winmain_win7beta.081212-1400) Internal Name : NetEvent.Dll Legal Copyright : © Sfxcuyjla Glzwhsvlwmy. All rights reserved. Original Filename : NetEvent.Dll Product Name : Jqpjrtexa® Uyfmafp® Operating Fgpvjy Product Version : 6.1.7000.0
VirusTotal Report submitted 2011-07-19 13:17:43
VirusShare info last updated 2012-09-20 11:57:36

	MD5	2627357ed9cfb8e2f6cba2e076254995
	SHA1	2607b4d8f8afd7c24e04010aeee953554efa19cc
	SHA256	95d588a2da9c7c88b7b9f1ce915f9da4d10dd0709e61e0c94ab2936b23bee88e
SSDeep	3072:TQieI4N5n3Ub9lszzUPQp6PwIjXO4gJQQNmCdSlUMmfgHPFsi+MqqDLy/XdJm:RmNpkbrWptIje9FMmfgH2eqqDLub
Size	184320 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-HH [Cryp] Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Vundo Panda = Suspicious file Rising = Trojan.Win32.Generic.128A36F5 K7AntiVirus = Riskware VirusBuster = Trojan.Vundo.Gen!Pac.49 eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R1BC2G7 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Artemis!2627357ED9CF DrWeb = Trojan.Click1.54577 TrendMicro = TROJ_GEN.R1BC2G7 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen McAfee = Artemis!2627357ED9CF F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) eSafe = Win32.TRVundo F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.ACTC Norman = W32/Suspicious_Gen2.NRPSN Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.llt BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LLT
ExIF Data	File Size : 180 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2007:02:28 11:10:14-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 106496 Initialized Data Size : 118784 Uninitialized Data Size : 0 Entry Point : 0x162e2 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Disk Management DCOM Interface Stub File Version : 6.0.6000.16386 (vista_rtm.061101-2205) Internal Name : dmintf.dll Legal Copyright : Copyright© 1985-2002 Microsoft Corporation. All rights reserved. .Portions Copyright © 1997-2002 Veritas Software. All rights reserved. Original Filename : dmintf.dll Product Name : Microsoft® Windows® Operating System Product Version : 6.0.6000.16386
VirusTotal Report submitted 2012-02-20 18:01:50
VirusShare info last updated 2012-09-20 13:05:37

	MD5	2839c2a971b0a7ada19cf728a53215e8
	SHA1	911ad2c66d664418620e670963d5d64e55732380
	SHA256	9290ccb0ed5fcdc4b4fb74583e3e12f316e6eba0105011f2f04718a65b251e7b
SSDeep	3072:FwoRh3lUm2wPMnojMqqDLy/kOcWKCdzAe757HG:LRhVUaUqqDLukOXds
Size	126976 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-HF [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Suspicious file Rising = Trojan.Win32.Generic.129C6977 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!yV4ZePjRBsE eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R4FC2IG Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Vundo McAfee-GW-Edition = Artemis!2839C2A971B0 DrWeb = Trojan.WinSpy.1207 TrendMicro = TROJ_GEN.R4FC2IG Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen McAfee = Artemis!2839C2A971B0 F-Secure = Gen:Variant.Vundo.16 VIPRE = Virtumonde eSafe = Win32.TRVundo F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.AOOB Norman = W32/Kryptik.AIF GData = Gen:Variant.Vundo.16 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.oxp BitDefender = Gen:Variant.Vundo.16 NOD32 = a variant of Win32/Kryptik.OXP
ExIF Data	File Size : 124 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:03:12 03:17:07-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 40960 Initialized Data Size : 126976 Uninitialized Data Size : 0 Entry Point : 0x72b2 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.6914.0 Product Version Number : 6.1.6914.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 1 Language Code : English (U.S.) Character Set : Unicode Company Name : SEIKO EPSON CORPORATION File Description : EPSON Printer Driver File Version : 6.1.6914.0 (fbl_dox_dev_ihvs.081001-2123) Internal Name : ep0lvr1g.dll Legal Copyright : Copyright (c) SEIKO EPSON CORPORATION 2003-2004. All rights reserved. Original Filename : ep0lvr1g.dll Product Name : EPSON Printer Driver Product Version : 6.1.6914.0
VirusTotal Report submitted 2012-02-24 10:54:58
VirusShare info last updated 2012-09-20 14:18:08

	MD5	285b1926dae187fd23cd3d27ec955389
	SHA1	c32d74bfc4cbc6105e1a5997e6ad0f57d9eeb42e
	SHA256	90a1e41a7c3d63a56b74e1b26af0a36d00f8f7ecf7dd6220bd74548ee9535061
SSDeep	3072:B6CFb8BKJlvOUR/jzicOehhixssQZD2I6jtXJZS1RIIlSbeCoWMqqDLy/51W:ECFD53R7EehAPbV/Il9jqqDLuXW
Size	188928 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:Pirminay-BU [Trj] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Suspicious file nProtect = Gen:Variant.Katusha.5 VirusBuster = Trojan.Vundo.Gen!Pac.49 Emsisoft = Trojan.Win32.Pirminay!IK DrWeb = Trojan.MulDrop2.36782 Microsoft = Trojan:Win32/Vundo.gen!AV F-Secure = Gen:Variant.Katusha.5 VIPRE = Virtumonde Avast5 = Win32:Pirminay-BU [Trj] AVG = Generic23.AELP GData = Gen:Variant.Katusha.5 BitDefender = Gen:Variant.Katusha.5 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Size : 184 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:11 22:43:04-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 147456 Initialized Data Size : 90112 Uninitialized Data Size : 0 Entry Point : 0x20b82 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.0.0.3422 Product Version Number : 2.0.0.3422 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : Microsoft Corporation File Description : Microsoft Agent Data Provider File Version : 2.00.0.3422 Internal Name : AgentDataProvider Legal Copyright : Copyright (C) Microsoft Corp. 1997-98 Legal Trademarks : Original Filename : AgentDpv.dll Private Build : Product Name : Microsoft Agent Data Provider Product Version : 2.00.0.3422 Special Build :
VirusTotal Report submitted 2011-07-18 20:01:54
VirusShare info last updated 2012-09-20 14:22:23

	MD5	28c01c37c85d7f66405830860feca8ba
	SHA1	a9544f6225a1977a6189b76733c842c03115c292
	SHA256	d7bcc43ca52bc7f9af6bd9b37ffe2757e90e960d239d323aaa7774fb889f589c
SSDeep	3072:EDb1IVLs05WNzmn+OfMPEPX4KXBGfK/e8u5xXHqCYASD3Qx:YI20okffCrfKczmZD3Y
Size	115200 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Crypt.XPACK.Gen Avast = Win32:MalOb-GD [Cryp] Antiy-AVL = Trojan/win32.agent.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Vundo Panda = Trj/Genetic.gen nProtect = Trojan.Generic.5966731 K7AntiVirus = Trojan VirusBuster = Trojan.Kryptik!XSJ5x2j7Zac eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R72C2F7 Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[Cont] McAfee-GW-Edition = Artemis!28C01C37C85D DrWeb = Trojan.WinSpy.1276 TrendMicro = TROJ_GEN.R72C2F7 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.fnxb McAfee = Artemis!28C01C37C85D F-Secure = Trojan.Generic.5966731 VIPRE = Trojan.Win32.Kryptik.laq (v) eSafe = Win32.TRCrypt.XPACK F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.AWGK Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Trojan.Generic.5966731 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.llt BitDefender = Trojan.Generic.5966731 NOD32 = a variant of Win32/Kryptik.LLT
ExIF Data	File Size : 112 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:06:11 15:18:07-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 102400 Initialized Data Size : 49152 Uninitialized Data Size : 0 Entry Point : 0x19601 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.0.0.3422 Product Version Number : 2.0.0.3422 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : Rlikrttkj Ibietanazzz File Description : Jugqectay Character Animation Data Provider File Version : 2.00.0.3422 Internal Name : AgentDataProvider2 Legal Copyright : Copyright (C) Bhgtbibxy Corp. 1997-98 Legal Trademarks : Original Filename : AgentDp2.dll Private Build : Product Name : Nrrmupjma Character Animation Data Provider Product Version : 2.00.0.3422 Special Build :
VirusTotal Report submitted 2012-03-10 20:43:40
VirusShare info last updated 2012-09-20 14:39:58

	MD5	2b758ba2cb31d4d11370c5ada7b64060
	SHA1	6f62b2d3eca3dc53fda55cef495919f109807d2c
	SHA256	d59d142288111f0a73189d94b418262faffbdb5f15d89c9ddb505f427b12d884
SSDeep	3072:S+FI6rU50oY8AC/dVlcXCoBLBdFztMqqDLy/BoDbc:wekTr0CoZFz+qqDLuB
Size	131072 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:Vundo-JX Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.4 VirusBuster = Trojan.Vundo.AKMH eTrust-Vet = Win32/Vundo.HPV!genus Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Vundo!ja Microsoft = Trojan:Win32/Vundo.gen!AV McAfee = Vundo!ja F-Secure = Gen:Variant.Vundo.4 VIPRE = Virtumonde Prevx = Medium Risk Malware Dropper Avast5 = Win32:Vundo-JX AVG = Generic23.AIIP GData = Gen:Variant.Vundo.4 BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Size : 128 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:05 18:48:40-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 86016 Initialized Data Size : 86016 Uninitialized Data Size : 0 Entry Point : 0x151a7 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.1.4026.0 Product Version Number : 2.0.0.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : Ncpniezam Kdqqjqacykd File Description : Movie Maker Filters File Version : 2, 1, 4026, 0 Internal Name : WMM2FILT Legal Copyright : Copyright (C) Lfwckqjlh Corp, 2004 Legal Trademarks : Original Filename : WMM2FILT.DLL Private Build : Product Name : Windows Movie Maker Product Version : 2.1.4026.0 Special Build :
VirusTotal Report submitted 2011-07-03 08:49:08
VirusShare info last updated 2012-09-20 16:22:56

	MD5	31453224f3daa12f4215e406ef3607d3
	SHA1	95abccd1c40b806e8d2aa697b78e8f83bec1b367
	SHA256	c1baf257d7f87884cb82e4b3ede068e011a40735c350c31b992f0e72c65782fd
SSDeep	3072:fhBnIjgae0IBED0PdM8qQ5jQnglMMqqDLy/8hmGTWp41AJ7/H:fXnHFfPF5YKqqDLusmGTWcAN
Size	163840 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-HH [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Fakeav.163840.EV nProtect = Trojan/W32.Agent.163840.AFN K7AntiVirus = Riskware VirusBuster = Adware.Virtumonde!e7u3ROk86+I eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R72C1G5 Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Vundo McAfee-GW-Edition = Vundo!iz DrWeb = Trojan.Click2.449 TrendMicro = TROJ_GEN.R72C1G5 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen McAfee = Vundo!iz F-Secure = Trojan.Generic.KDV.270077 VIPRE = Virtumonde eSafe = Win32.TRVundo F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.YXL Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Trojan.Generic.KDV.270077 Symantec = Trojan.Gen.2 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Genome.sufl BitDefender = Trojan.Generic.KDV.270077 NOD32 = Win32/Adware.Virtumonde.NHD
ExIF Data	File Size : 160 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:14 06:08:13-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 86016 Initialized Data Size : 118784 Uninitialized Data Size : 0 Entry Point : 0x1147a OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.5479.0 Product Version Number : 6.0.5479.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : SEIKO EPSON CORPORATION File Description : EPSON Print Processor ESC/Page-S File Version : 6.0.5479.0 (vbl_wcp_d2_drivers.060616-1619) Internal Name : ep0lpp01.dll Legal Copyright : Copyright (c) SEIKO EPSON CORPORATION 2006. All rights reserved. Original Filename : ep0lpp01.dll Product Name : EPSON Print Processor ESC/Page-S Product Version : 6.0.5479.0
VirusTotal Report submitted 2012-02-25 21:29:07
VirusShare info last updated 2012-09-20 19:04:14

	MD5	3322307f0c170a2da018baa446935c3f
	SHA1	735a708982f4b8c1861183719f18a76d7cd093f6
	SHA256	927b9a6bb6c3d0c9a4cdc15d9200b211248ccc3e192c0ca02e83e48a7972adb8
SSDeep	1536:LVcwyVY1MEXfiAnSHrKP6PTKUQoH9B3/Cruy:5cPOC9AAOyPP9B3kV
Size	57856 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.57856.AV Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Packed/Win32.Generic Panda = Suspicious file Rising = Trojan.Win32.Generic.125B273C nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!immet4U1cnc VBA32 = AdWare.SuperJuan.xih TrendMicro-HouseCall = TROJ_GEN.R30C1L3 Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Vundo.av McAfee-GW-Edition = Generic.dx!vax DrWeb = Trojan.Click1.29844 TrendMicro = TROJ_GEN.R30C1L3 Kaspersky = UDS:DangerousObject.Multi.Generic Microsoft = Trojan:Win32/Vundo.gen!AV PCTools = HeurEngine.MaliciousPacker Jiangmin = Trojan/Genome.kjk McAfee = Generic.dx!vax F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Vundo Avast5 = Win32:Malware-gen eSafe = Win32.TRVundo.Av F-Prot = W32/Virtumonde.BZ.gen!Eldorado AVG = Generic20.QTO Norman = W32/Suspicious_Gen2.EXOQV Sophos = Mal/Generic-L Symantec = Packed.Generic.305 GData = Gen:Variant.Vundo.4 Commtouch = W32/Virtumonde.BZ.gen!Eldorado TheHacker = Trojan/Kryptik.gnd BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.GND
ExIF Data	File Size : 56 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:03:28 16:11:27-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 14848 Initialized Data Size : 78848 Uninitialized Data Size : 0 Entry Point : 0x479b OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7000.0 Product Version Number : 6.1.7000.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Windows Audit Settings CSE File Version : 6.1.7000.0 (winmain_win7beta.081212-1400) Internal Name : auditcse.dll Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : auditcse.dll Product Name : Microsoft® Windows® Operating System Product Version : 6.1.7000.0
VirusTotal Report submitted 2011-05-19 02:11:34
VirusShare info last updated 2012-09-20 19:29:28

	MD5	33ee9fa102aa6cd128070554e0d4548f
	SHA1	37a42e5fe4fa950eb57320133ebaa2594e071928
	SHA256	92e4d89688e4613b5da9af52872e917c2d9b215a433ba4313c6edc8ac5fc601b
SSDeep	3072:pOALFnbi/F84B2rUnvjf2hhJFArie0/0NkFfuldMqqDLy/OR+9:pvuHv4JFw0skFf1qqDLu/
Size	137216 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:Pirminay-BU [Trj] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Malware/Win32.Generic Panda = Generic Trojan nProtect = Gen:Variant.Vundo.4 TrendMicro-HouseCall = TROJ_GEN.R47C2FT Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[RE] McAfee-GW-Edition = Generic.dx!zvs TrendMicro = TROJ_GEN.R47C2FT Microsoft = Trojan:Win32/Vundo Fortinet = W32/Dx.ZVS!tr McAfee = Generic.dx!zvs F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Pirminay-BU [Trj] AVG = Generic23.AUN Norman = W32/Suspicious_Gen2.MXPTN GData = Gen:Variant.Vundo.4 TheHacker = Trojan/Kryptik.llt BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LLT
ExIF Data	File Size : 134 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:05 17:20:27-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 73728 Initialized Data Size : 114688 Uninitialized Data Size : 0 Entry Point : 0xe2ca OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.2180 Product Version Number : 5.1.2600.2180 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 6 Language Code : English (U.S.) Character Set : Unicode Company Name : Keixqbqdc Bwvleejxlrx File Description : IPv6 Tfwssbn Firewall Driver File Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Internal Name : ip6fw.sys Legal Copyright : © Capanacsh Bngdmkceeph. All rights reserved. Original Filename : ip6fw.sys Product Name : Kdgurrwrx® Bddpqkb® Xxzlbjwzi System Product Version : 5.1.2600.2180
VirusTotal Report submitted 2011-07-10 08:13:10
VirusShare info last updated 2012-09-20 19:39:10

	MD5	33f1926ed8b1d1686c793462bc05861e
	SHA1	789b7deaf9f3c025d646725640e7080094080c40
	SHA256	ca41f942740d74e2feca253d5b6c3a337259aa93703b168f49ba61aef4cea955
SSDeep	1536:WeNXkwmGQhW9shRQiYFh0boVLQ3Fk1CnCRJZuxMqqU+NV23S28:WeNcGQhbvQiYcboO8kxMqqDLy/8
Size	86528 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:Vundo-JW Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.FakeAV Panda = Suspicious file nProtect = Gen:Variant.Vundo.4 Comodo = UnclassifiedMalware McAfee-GW-Edition = Artemis!33F1926ED8B1 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Jiangmin = Trojan/Generic.gije McAfee = Artemis!33F1926ED8B1 F-Secure = Gen:Variant.Vundo.4 VIPRE = Virtumonde Avast5 = Win32:Vundo-JW AVG = Generic23.AHJI GData = Gen:Variant.Vundo.4 TheHacker = Trojan/Kryptik.owy BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.OWY
ExIF Data	File Size : 84 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:13 09:32:51-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 32768 Initialized Data Size : 106496 Uninitialized Data Size : 0 Entry Point : 0x8a87 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Softpub Forwarder DLL File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : Softpub Forwarder DLL Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : Softpub Forwarder DLL Product Name : Microsoft® Windows® Operating System Product Version : 6.1.7600.16385
VirusTotal Report submitted 2011-07-03 21:13:01
VirusShare info last updated 2012-09-20 19:39:16

	MD5	382de299d6f9b759110306d3ac2d0e4d
	SHA1	88fc105ac739d169d6ef8f9aa28673d8e51b3ef9
	SHA256	d0d654fa6d2528b2c45210553a4f28f31bd06dcba80a4386888fefc8cb706826
SSDeep	3072:qWVYwqpQt9WF9IzIB7kDepSaJWAoJCxoEp+e+z4mRBDjyGG:qMqyt98kauCkz4mRBny
Size	133120 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-GD [Cryp] Antiy-AVL = Trojan/win32.agent.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.FakeAV Panda = Suspicious file Rising = Trojan.Win32.Generic.128BBCAF K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!vQpRwcnb8ds eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R3AC2EV Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Agent.ni McAfee-GW-Edition = Vundo!iw DrWeb = Trojan.WinSpy.1172 TrendMicro = TROJ_GEN.R3AC2EV Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.ipsf McAfee = Vundo!iw F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Generic!BT F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.AUNW Norman = W32/Kryptik.AIF Sophos = Mal/Generic-L GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Gen:Variant.Vundo.4 NOD32 = probably a variant of Win32/Kryptik.LXF
ExIF Data	File Size : 130 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:09 21:06:46-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 73728 Initialized Data Size : 98304 Uninitialized Data Size : 0 Entry Point : 0xfd9a OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 4.6.3.518 Product Version Number : 4.6.3.518 File Flags Mask : 0x30003f File Flags : (none) File OS : Windows 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Windows, Latin1 Company Name : Microsoft Corporation File Description : Microsoft DirectDraw File Version : 4.06.03.0518 Internal Name : ddraw.dll Legal Copyright : Copyright © Microsoft Corp. 1994-1999 Original Filename : ddraw.dll Product Name : Microsoft® DirectX for Windows® 95 and 98 Product Version : 4.06.03.0518
VirusTotal Report submitted 2012-03-02 05:17:56
VirusShare info last updated 2012-09-20 20:31:26

	MD5	3a96ef7382193155bc1706f01fbd85cc
	SHA1	d6c30b36493c74d8d3e06fe31357bb8193cc331f
	SHA256	c125f373b726866fd9f58bbc6deaa712ecc1d2ca405d34d7acc3a972b7a15e17
SSDeep	1536:HjE4dhJdOOvekYLVCiycJaasd/+XtV0xZA98/tURULqHob+dNCgXFZ0oEDYd3jyf:I4d/R/YpCgl08gURAdbYNCgXFZfQf
Size	102912 bytes
File Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Detections	AntiVir = Adware/Kraddare.BA Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Danginex AhnLab-V3 = Win-Adware/KmKodec.102912 Panda = Suspicious file Rising = Trojan.Win32.Generic.1286B24D nProtect = Trojan/W32.Agent.102912.JP K7AntiVirus = Riskware VirusBuster = Adware.Kraddare!iQzckdmkIZs VBA32 = suspected of Trojan.Downloader.gen.h TrendMicro-HouseCall = TROJ_BXJX.A Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Danginex!IK CAT-QuickHeal = Trojan.Danginex McAfee-GW-Edition = Generic Downloader.x!fpb DrWeb = Trojan.DownLoader2.45952 TrendMicro = TROJ_BXJX.A Kaspersky = HEUR:Trojan-Downloader.Win32.Generic ViRobot = Trojan.Win32.Pirminay.102912 Microsoft = Trojan:Win32/Danginex Fortinet = W32/Downloader_x.FPB!tr PCTools = SecurityRisk.Downldr Jiangmin = TrojanDownloader.Generic.fdm McAfee = Generic Downloader.x!fpb F-Secure = Trojan.Generic.5824479 VIPRE = Trojan.Win32.Generic!SB.0 AVG = SHeur3.BXJX Norman = W32/Downloader.DXEO Sophos = Mal/Generic-L GData = Trojan.Generic.5824479 Symantec = SecurityRisk.Downldr TheHacker = Posible_Worm32 BitDefender = Trojan.Generic.5824479 NOD32 = Win32/Adware.Kraddare.BA
ExIF Data	File Size : 100 kB File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2011:04:27 01:56:05-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 98304 Initialized Data Size : 8192 Uninitialized Data Size : 192512 Entry Point : 0x47300 OS Version : 5.0 Image Version : 0.0 Subsystem Version : 5.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-03-03 13:42:28
VirusShare info last updated 2012-09-20 21:05:13

	MD5	457da8851019f6f35adf4c5c86155a0c
	SHA1	8a9963f9f23eaadabffa5190511ab589e8daef8f
	SHA256	95aba8aa995b1b4688efcab21f63bdffe8c65ea1ba13e36008aecc5477b1e273
SSDeep	3072:ruw+CQ2bpfKOR1zV/WfOOGAbrzHJE04Yph24d2kByOiXnSBGafogriC9BDMqqDLi:r9+CQ2bpfpR1B/WfOOGAbrzHJE04Yphp
Size	183808 bytes
File Type	MS-DOS executable
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Malware/Win32.Generic Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.4 VirusBuster = Trojan.Kryptik!/KqhlEAVISM Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Falleg[RE] McAfee-GW-Edition = Generic.dx!zxs Microsoft = Trojan:Win32/Vundo PCTools = Trojan.Gen McAfee = Generic.dx!zxs F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Malware-gen AVG = Generic23.ATHA Norman = W32/Suspicious_Gen2.NHPCT Symantec = Trojan.Gen GData = Gen:Variant.Vundo.4 BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.NPN
ExIF Data	File Size : 180 kB Error : Unknown file type
VirusTotal Report submitted 2011-07-08 20:52:38
VirusShare info last updated 2012-09-21 00:08:05

	MD5	562b9cd203179c8857e0c1b0069efcb3
	SHA1	536a96485d7a5b5f6b9e9733983d448f679b2354
	SHA256	c8e7ec039b7decc4768993f9c4d096d3f780f648887afe537d64172a461d2795
SSDeep	3072:vW+RVNo6MqqDLy/RfxgzsuOVVFlkPay0z:uoiqqDLuzecVfaU
Size	106496 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:Trojan-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.FakeAV Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.13 TrendMicro-HouseCall = TROJ_GEN.R47C2G4 Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Vundo!ja DrWeb = Trojan.MulDrop2.36782 Microsoft = Trojan:Win32/Vundo McAfee = Vundo!ja F-Secure = Gen:Variant.Vundo.13 VIPRE = Virtumonde Avast5 = Win32:Trojan-gen AVG = Generic23.GEL Symantec = Suspicious.Cloud.5 GData = Gen:Variant.Vundo.13 TheHacker = Trojan/Kryptik.npr BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.NPR
ExIF Data	File Size : 104 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:08:22 16:27:15-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 36864 Initialized Data Size : 118784 Uninitialized Data Size : 0 Entry Point : 0x5e8e OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.5512 Product Version Number : 5.1.2600.5512 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 4 Language Code : English (U.S.) Character Set : Unicode Company Name : Hhkpnmodi Gztyebnxsek File Description : RDP Display Driver File Version : 5.1.2600.5512 (xpsp.080413-2111) Internal Name : RDPDD.dll Legal Copyright : © Flaqhafxi Kjvcqccrztv. All rights reserved. Original Filename : RDPDD.dll Product Name : Iaunetfay® Dljbfjb® Pbkgrfwtm Qhktdp Product Version : 5.1.2600.5512
VirusTotal Report submitted 2011-07-04 20:07:44
VirusShare info last updated 2012-09-21 04:14:44

	MD5	57b895e5cdf044e467aefe370c1fc90d
	SHA1	e131aca276b49ba435d4e61f7fb601114d576e4c
	SHA256	d2dbbf69472402099dbcf1d5b2157270922307cfb14d59e5eb4f231e0ef1019b
SSDeep	3072:S+ZX6rU50oY8ACCYUecXM3ZIcdFziMqqDLy/UoDbc:7ek3L0MnFzhqqDLuU
Size	131072 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:Vundo-JX [Trj] Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/Genetic.gen nProtect = Trojan/W32.Genome.131072.E K7AntiVirus = Riskware VirusBuster = Trojan.Vundo.AKMH eTrust-Vet = Win32/Vundo.HPV!genus TrendMicro-HouseCall = TROJ_GEN.R1BC2FU Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Vundo!km TrendMicro = TROJ_GEN.R1BC2FU Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV PCTools = Trojan.Gen Jiangmin = Trojan/Generic.imgh McAfee = Vundo!km F-Secure = Gen:Variant.Vundo.4 VIPRE = Virtumonde Avast5 = Win32:Vundo-JX [Trj] F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.AOZG Sophos = Troj/Virtum-Gen Symantec = Trojan.Gen.2 GData = Gen:Variant.Vundo.4 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.lxf BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Size : 128 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:05 18:48:40-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 86016 Initialized Data Size : 86016 Uninitialized Data Size : 0 Entry Point : 0x151a7 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.1.4026.0 Product Version Number : 2.0.0.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : Ncpniezam Kdqqjqacykd File Description : Movie Maker Filters File Version : 2, 1, 4026, 0 Internal Name : WMM2FILT Legal Copyright : Copyright (C) Lfwckqjlh Corp, 2004 Legal Trademarks : Original Filename : WMM2FILT.DLL Private Build : Product Name : Windows Movie Maker Product Version : 2.1.4026.0 Special Build :
VirusTotal Report submitted 2011-08-23 04:13:41
VirusShare info last updated 2012-09-21 04:44:48

	MD5	59cedaf84bb2a30dd75b901e120cc9e1
	SHA1	8152e463a135999630e17a30348cacf9da2c007e
	SHA256	d4e10b9c270fcafba4fe473066165eabbd49e277f7554c173944810fbf2efa5c
SSDeep	3072:jVWUO357+ZzYH3Df2hJJlJMqqDLy/YeX:jM3tkUouqqDLuz
Size	106496 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Ikarus = Trojan.Win32.Pirminay nProtect = Gen:Variant.Vundo.13 F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) Prevx = Medium Risk Malware GData = Gen:Variant.Vundo.13 BitDefender = Gen:Variant.Vundo.13
ExIF Data	File Size : 104 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:15 03:11:02-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 45056 Initialized Data Size : 114688 Uninitialized Data Size : 0 Entry Point : 0x71b6 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7000.0 Product Version Number : 6.1.7000.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Dqobcighi Wexdayufmti File Description : Jbwdkjait DirectMusic Wave File Version : 6.1.7000.0 (winmain_win7beta.081212-1400) Internal Name : Qvunieave DirectMusic Wave Legal Copyright : © Mjkuhcxyt Fdynyqlkbfc. All rights reserved. Original Filename : dsave.dll Product Name : Regkuctuq® Hndhxzt® Wzqbwbzfu Fmiopt Product Version : 6.1.7000.0
VirusTotal Report submitted 2011-06-27 04:29:24
VirusShare info last updated 2012-09-21 05:36:29

	MD5	5adec6a0fe5cf64a048add156dfc9904
	SHA1	237080186f01ef487a01e74c66f28d2913dbba4f
	SHA256	d08e623761ec58ae751868ebb532d208ece843862c5c71c9e7e1ee44405fa8f1
SSDeep	3072:1PET3xBT1LCeBlwMqqDLy/BG5t7Gj4RHuhZ:lK7RmefqqDLuBQk
Size	118784 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-HF [Cryp] Antiy-AVL = Trojan/Win32.Monder.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.HDC Panda = Suspicious file K7AntiVirus = Riskware VirusBuster = Adware.Virtumonde!EU+S717ZxAQ eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R4FC7JO Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Artemis!5ADEC6A0FE5C DrWeb = Trojan.WinSpy.1290 TrendMicro = TROJ_GEN.R4FC7JO Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen McAfee = Artemis!5ADEC6A0FE5C F-Secure = Gen:Variant.Vundo.16 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.AKTA Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.16 Symantec = Trojan.Gen.2 Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Gen:Variant.Vundo.16 NOD32 = Win32/Adware.Virtumonde.NHD
ExIF Data	File Size : 116 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:12:01 00:34:32-05:00 PE Type : PE32 Linker Version : 5.12 Code Size : 45056 Initialized Data Size : 114688 Uninitialized Data Size : 0 Entry Point : 0x7aca OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1.0.0.1 Product Version Number : 1.0.0.1 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : File Description : weldata MFC Application File Version : 1, 0, 0, 1 Internal Name : weldata Legal Copyright : Copyright (C) 1998 Legal Trademarks : Original Filename : weldata.EXE Product Name : weldata Application Product Version : 1, 0, 0, 1
VirusTotal Report submitted 2012-04-05 06:25:55
VirusShare info last updated 2012-09-21 06:05:31

	MD5	5de07432798113561651a3595d961bf2
	SHA1	24d1165ea5075ce845b1bbf73768f2c35942f867
	SHA256	c0e0ce245c10741af756d7baf0212bf19d9dc68672ef37ca4f6cd8ca4fb0b7f3
SSDeep	3072:fh8neN9ae0uhLlp0ad0EqQ50QnglMMqqDLy/ZhmGTWp41AJg/H:f2nw/Aah5TKqqDLuTmGTWcAe
Size	163840 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-HH [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Fakeav.163840.EV Panda = Trj/CI.A Rising = Trojan.Win32.Generic.12BF53E4 nProtect = Trojan/W32.Agent.163840.AFN K7AntiVirus = Riskware VirusBuster = Trojan.Vundo!RYbERrmYIKk VBA32 = Adware.Virtumonde.nhd eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R45C2GN Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Vundo McAfee-GW-Edition = Vundo!jy DrWeb = Trojan.Click2.449 TrendMicro = TROJ_GEN.R45C2GN Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen McAfee = Vundo!jy F-Secure = Gen:Variant.TDss.65 VIPRE = Trojan.Win32.Kryptik.laq (v) eSafe = Win32.TRVundo F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.YXL Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.TDss.65 Symantec = Trojan.Gen.2 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Genome.sufl BitDefender = Gen:Variant.TDss.65 NOD32 = Win32/Adware.Virtumonde.NHD
ExIF Data	File Size : 160 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:14 06:08:13-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 86016 Initialized Data Size : 118784 Uninitialized Data Size : 0 Entry Point : 0x1147a OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.5479.0 Product Version Number : 6.0.5479.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : SEIKO EPSON CORPORATION File Description : EPSON Print Processor ESC/Page-S File Version : 6.0.5479.0 (vbl_wcp_d2_drivers.060616-1619) Internal Name : ep0lpp01.dll Legal Copyright : Copyright (c) SEIKO EPSON CORPORATION 2006. All rights reserved. Original Filename : ep0lpp01.dll Product Name : EPSON Print Processor ESC/Page-S Product Version : 6.0.5479.0
VirusTotal Report submitted 2012-04-23 23:36:39
VirusShare info last updated 2012-09-21 07:27:39

	MD5	61132630163adafa7c3b67e6a8b64936
	SHA1	6cf9c9d1aac57058937bbe5e73c994de53de1372
	SHA256	c201442901dd51e152e3c9468066878dfae47ed56aabb44769c970ae3f7edb8d
SSDeep	1536:blEgxFL4Md7o/nvXmwcxf0ymMsneVCYIm01FVDZxMHvJJFr:hZldsfvm3V9ImKrDZGJJF
Size	108032 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.108032.AV.1 Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Packed/Win32.Generic Panda = Generic Trojan K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_GEN.R3EC2DQ CAT-QuickHeal = Trojan.Vundo.av McAfee-GW-Edition = Artemis!61132630163A TrendMicro = TROJ_GEN.R3EC2DQ Microsoft = Trojan:Win32/Vundo.gen!AV PCTools = HeurEngine.MaliciousPacker McAfee = Artemis!61132630163A F-Secure = Trojan.Generic.5816118 VIPRE = Virtumonde Prevx = Medium Risk Malware Avast5 = Win32:Malware-gen F-Prot = W32/Virtumonde.BZ.gen!Eldorado AVG = Dropper.Generic3.BIVE Norman = W32/Suspicious_Gen2.LFJXI Symantec = Packed.Generic.305 GData = Trojan.Generic.5816118 Commtouch = W32/Virtumonde.BZ.gen!Eldorado TheHacker = Trojan/Injector.dsi BitDefender = Trojan.Generic.5816118 NOD32 = a variant of Win32/Injector.DSI
ExIF Data	File Size : 106 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2002:08:29 14:08:17-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 69632 Initialized Data Size : 74752 Uninitialized Data Size : 0 Entry Point : 0x11e2d OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.5479.0 Product Version Number : 6.0.5479.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 1 Language Code : English (U.S.) Character Set : Unicode Company Name : SEIKO EPSON CORPORATION File Description : EPSON Printer Driver File Version : 6.0.5479.0 (vbl_wcp_d2_drivers.060616-1619) Internal Name : ep0lvrah.dll Legal Copyright : Copyright (c) SEIKO EPSON CORPORATION 2003-2004. All rights reserved. Original Filename : ep0lvrah.dll Product Name : EPSON Printer Driver Product Version : 6.0.5479.0
VirusTotal Report submitted 2011-04-30 08:51:37
VirusShare info last updated 2012-09-21 08:48:09

	MD5	67cc2f8029e9ec926837fb74d1a031b3
	SHA1	deb08d752461b920777af5ffd03d9b7b3a5b5421
	SHA256	c091bf7c6c4ed5002f71501a3749c72b6d3d2950540dafcc69ba5b7e38594784
SSDeep	1536:zqYj4dtNJu3G8fNAAwamFILh01Y3hyNSiY6Y9l/MqqU+NV23S23Mnew:z+81AAwSyyU7Cl/MqqDLy/3Zw
Size	115712 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-HF [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Trj/Genetic.gen nProtect = Trojan/W32.Monder.115712.D K7AntiVirus = Riskware VirusBuster = Adware.Virtumonde.Gen.2 eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R4FC1JO Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Win32.Trojan.Monder.co.5 McAfee-GW-Edition = Generic Malware.j!pec DrWeb = Trojan.WinSpy.1176 TrendMicro = TROJ_GEN.R4FC1JO Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.ijpf McAfee = Generic Malware.j!pec F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.BHWY Norman = W32/Crypt.AWAT Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.qgj BitDefender = Gen:Variant.Vundo.4 NOD32 = Win32/Adware.Virtumonde.NHD
ExIF Data	File Size : 113 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:07:28 14:37:02-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 73728 Initialized Data Size : 90112 Uninitialized Data Size : 0 Entry Point : 0xe9c6 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.0.5.53 Product Version Number : 2.0.5.53 File Flags Mask : 0x30003f File Flags : Pre-release, Private build File OS : Windows 16-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Windows, Latin1 Active Movie : Filter dll OLE Self Register : AM20 Company Name : Intel Ereuuuegcnp File Description : Indeo® audio software File Version : 2.05.53 Internal Name : iac25_32.ax Legal Copyright : Copyright © Intel Corp. 1997 Original Filename : iac25_32.ax Product Name : Indeo® audio software Product Version : 2.05.53
VirusTotal Report submitted 2012-04-12 13:04:00
VirusShare info last updated 2012-09-21 10:09:04

	MD5	6c043a32652f1e259ebb5be921fa8c5a
	SHA1	fa3bb8df0d538aa07d1b752e1c6e70acffb7b062
	SHA256	d0d52f08ed674cdd584eff2ac25f5792de940853f889db00b98326acdde93284
SSDeep	3072:S++h6rU50oY8ACajZHcX0cYxSdFzrMqqDLy/6oDbc:Cekwd00jSFzIqqDLu6
Size	131072 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:Vundo-JX [Trj] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/Genetic.gen nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!Dxb3HNThSRw eTrust-Vet = Win32/Vundo.HPV!genus TrendMicro-HouseCall = TROJ_GEN.R72C2FU Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Vundo!iy TrendMicro = TROJ_GEN.R72C2FU Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Vundo.IY!tr McAfee = Vundo!iy F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Vundo-JX [Trj] eSafe = Win32.TRVundo AVG = Generic23.SWD Norman = W32/Suspicious_Gen2.MYTRL GData = Gen:Variant.Vundo.4 BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Size : 128 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:05 18:48:40-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 86016 Initialized Data Size : 86016 Uninitialized Data Size : 0 Entry Point : 0x151a7 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.1.4026.0 Product Version Number : 2.0.0.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : Ncpniezam Kdqqjqacykd File Description : Movie Maker Filters File Version : 2, 1, 4026, 0 Internal Name : WMM2FILT Legal Copyright : Copyright (C) Lfwckqjlh Corp, 2004 Legal Trademarks : Original Filename : WMM2FILT.DLL Private Build : Product Name : Windows Movie Maker Product Version : 2.1.4026.0 Special Build :
VirusTotal Report submitted 2011-07-10 06:53:43
VirusShare info last updated 2012-09-21 10:55:56

	MD5	72a4c0882162a0bd417d72a37768d44e
	SHA1	016f92fbf64ed6aca7fb0f415bc61664e12f952b
	SHA256	d8c5d3f09962d1a4de6bc6fd838000bfea6a0ac5bb4e232fa2227fca541978d0
SSDeep	3072:EyD+CQ2bpfKt1zd/WfvOGAbrzHJJA4Yph24d2kcyliCXSBGafogriC9BDMqqDLyG:Ee+CQ2bpfU15/WfvOGAbrzHJJA4Yph2a
Size	183808 bytes
File Type	MS-DOS executable
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:Malware-gen Antiy-AVL = Trojan/win32.agent.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Vundo Panda = Suspicious file K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!JFiszzxHzzg eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R47C1GD Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Falleg[Cont] McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.WinSpy.1242 TrendMicro = TROJ_GEN.R47C1GD Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen Jiangmin = Trojan/Monder.abbt McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Generic!BT eSafe = Win32.TRVundo F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.ASUB Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.NPN
ExIF Data	File Size : 180 kB Error : Unknown file type
VirusTotal Report submitted 2012-04-27 03:32:40
VirusShare info last updated 2012-09-21 12:24:06

	MD5	72e5234128c7d4818ddd1ed049af5b81
	SHA1	c5f2e4d5463c78fc39561e21f1b92a80955fbb35
	SHA256	c2ccab60677540e5aa97e4cec2e3dbeabd7d80af754405f5079b5123d789f8ad
SSDeep	1536:zcYQhgNiYJtaCAC293xdVOAlVQoeSLlOhkTXBbwCsA/SDpewUVizgkz+0NI9M:vQhgNLoCACI77lPxlOSTRbhiUVegkzN
Size	99328 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-GD [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.HDC Panda = Suspicious file K7AntiVirus = Riskware VirusBuster = Trojan.Vundo!xy/TV2YCKB8 eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R01C2EV Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Faker McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.Click1.56377 TrendMicro = TROJ_GEN.R01C2EV Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Generic Jiangmin = Trojan/Generic.jeks McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) eSafe = Win32.Horse F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.ACCG Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.13 Symantec = Trojan Horse Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.NDP
ExIF Data	File Size : 97 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:08:30 16:17:54-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 36864 Initialized Data Size : 106496 Uninitialized Data Size : 0 Entry Point : 0x6631 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Joofhcmfx Lihoivkjwbu File Description : Speech TIP File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : SpTip.dll Legal Copyright : © Rrggbvzum Pydgouhdfyy. All rights reserved. Original Filename : SpTip.dll Product Name : Iyjuhcghf® Vmhwpjt® Yzfeovdtf Wbenwz Product Version : 6.1.7600.16385
VirusTotal Report submitted 2012-04-27 07:04:35
VirusShare info last updated 2012-09-21 12:26:50

	MD5	7bc235b8db4ebceb083a45dd9bab0ad6
	SHA1	2405f42290afb7b3afaf85bb8547a50071df7591
	SHA256	c107c1c02485b17045e91a2a541377c57934cf90867900122e02c5144f42922b
SSDeep	3072:xNuYagYSq6xcUS/uGPsjX5oNR7d6GYyNQUct+tAcGlSH:xNuYJ6qGPuJjxykQtjX
Size	135168 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.AV.574 Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay Panda = Generic Malware nProtect = Gen:Variant.Vundo.13 K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_GEN.R4FC2GH Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[RE] Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Moder.DRJY!tr F-Secure = Gen:Variant.Vundo.13 VIPRE = Virtumonde Avast5 = Win32:MalOb-EI [Cryp] F-Prot = W32/Virtumonde.CD.gen!Eldorado AVG = Generic22.BZCG GData = Gen:Variant.Vundo.13 Commtouch = W32/Virtumonde.CD.gen!Eldorado TheHacker = Trojan/Kryptik.llt BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.LLT
ExIF Data	File Size : 132 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:11:23 12:22:02-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 106496 Initialized Data Size : 61440 Uninitialized Data Size : 0 Entry Point : 0x17889 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.0 Product Version Number : 5.2.3790.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Neshbidro Gdaeuxfmozv File Description : WIA Video File Version : 5.2.3790.0 (srv03_rtm.030324-2048) Internal Name : WIA Video Legal Copyright : © Urbjjpmzq Gjltvmzbric. All rights reserved. Original Filename : WIAVIDEO.DLL Product Name : Ujanimkrv® Acjdkou® Tgwygwffc Lgwmsd Product Version : 5.2.3790.0
VirusTotal Report submitted 2011-07-17 12:11:25
VirusShare info last updated 2012-09-21 14:33:05

	MD5	7f0e5e6e3e467082dc4208c63b19ece1
	SHA1	1fe27f69f18be558932e1d8ad190b64c60c3f95e
	SHA256	d2c3f1ebb988fa7e5a07b727bed3117e368035d8df66079b86b268450abf9241
SSDeep	1536:vwaPmGmaw99shn9iY3b2boZLQ3FE1CnCRJZuZMqqU+NV23S2ct:vEGmawgN9iY3KboW8kZMqqDLy/u
Size	86528 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:Vundo-JW Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.FakeAV Panda = Suspicious file nProtect = Gen:Variant.Vundo.4 TrendMicro-HouseCall = TROJ_GEN.R72C2G4 Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Artemis!7F0E5E6E3E46 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Jiangmin = Trojan/Generic.gije McAfee = Artemis!7F0E5E6E3E46 F-Secure = Gen:Variant.Vundo.4 VIPRE = Virtumonde Avast5 = Win32:Vundo-JW AVG = Generic23.AKSG GData = Gen:Variant.Vundo.4 TheHacker = Trojan/Kryptik.owy BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.OWY
ExIF Data	File Size : 84 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:13 09:32:51-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 32768 Initialized Data Size : 106496 Uninitialized Data Size : 0 Entry Point : 0x8a87 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Softpub Forwarder DLL File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : Softpub Forwarder DLL Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : Softpub Forwarder DLL Product Name : Microsoft® Windows® Operating System Product Version : 6.1.7600.16385
VirusTotal Report submitted 2011-07-05 05:02:21
VirusShare info last updated 2012-09-21 15:10:01

	MD5	8e56dd1d34e5e121f874999e2297531a
	SHA1	ba46c1882bf3ad9e338337521dc0ccd703899c7b
	SHA256	d2c1f44e9ac0f37ca6610c85f60ca53748ae63b4029327c9fec5cb6856aa464c
SSDeep	1536:BLizrsLzt7/j0azQCvLDN8tdO58Ns7ys9MgcItv6txf4jiVmiEQdUMsXKukPi+pp:BGzrst7L0vCnmrxQjiAitUMsXKukPi+n
Size	98304 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-EI Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Gen Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.13 K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_GEN.R72C2FP Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[RE] McAfee-GW-Edition = Artemis!8E56DD1D34E5 DrWeb = Trojan.Smardec.79 TrendMicro = TROJ_GEN.R72C2FP Microsoft = Trojan:Win32/Vundo PCTools = Trojan.Gen McAfee = Artemis!8E56DD1D34E5 F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-EI AVG = Generic23.KYD Norman = W32/Suspicious_Gen2.NBLAM Symantec = Trojan.Gen GData = Gen:Variant.Vundo.13 TheHacker = Trojan/Kryptik.ndf BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.NDF
ExIF Data	File Size : 96 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:08:30 21:54:27-04:00 PE Type : PE32 Linker Version : 6.0 Code Size : 32768 Initialized Data Size : 98304 Uninitialized Data Size : 0 Entry Point : 0x86d1 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Unicode Company Name : Updhtwtvi Ruivycwxfwr File Description : Platform Specific Hardware Error Driver File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : pshed.dll Legal Copyright : © Pscomdbey Etlzzzaqrax. All rights reserved. Original Filename : pshed.dll Product Name : Cihplvzyu® Owrvvcy® Amdfatsht Chhvwn Product Version : 6.1.7600.16385
VirusTotal Report submitted 2011-06-30 14:23:10
VirusShare info last updated 2012-09-21 18:18:05

	MD5	8f43cb0a0743941da09bd7fa88f49176
	SHA1	203807842824d412299b1af46f877b2c6c5ba738
	SHA256	c201a1ab8757c01b2833df890d247c8a2a79cfdef8034a7dd595bdcf5c55480e
SSDeep	3072:S+6B6rU50oY8ACpsdUcXL1nDdFzhMqqDLy//oDbc:mekAW0L3FzqqqDLu/
Size	131072 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:Vundo-JX Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.4 VirusBuster = Trojan.Vundo.AKMH eTrust-Vet = Win32/Vundo.HPV!genus SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Vundo!ja Microsoft = Trojan:Win32/Vundo.gen!AV McAfee = Vundo!ja F-Secure = Gen:Variant.Vundo.4 VIPRE = Virtumonde Avast5 = Win32:Vundo-JX AVG = Generic23.AHWU Norman = W32/Suspicious_Gen2.NDSGD GData = Gen:Variant.Vundo.4 BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Size : 128 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:05 18:48:40-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 86016 Initialized Data Size : 86016 Uninitialized Data Size : 0 Entry Point : 0x151a7 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.1.4026.0 Product Version Number : 2.0.0.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : Ncpniezam Kdqqjqacykd File Description : Movie Maker Filters File Version : 2, 1, 4026, 0 Internal Name : WMM2FILT Legal Copyright : Copyright (C) Lfwckqjlh Corp, 2004 Legal Trademarks : Original Filename : WMM2FILT.DLL Private Build : Product Name : Windows Movie Maker Product Version : 2.1.4026.0 Special Build :
VirusTotal Report submitted 2011-07-03 08:53:01
VirusShare info last updated 2012-09-21 18:28:45

	MD5	968bd197b88672da9b51188dd8697512
	SHA1	f74affa019ad400536f11faeff2160a40c7f6fb4
	SHA256	971a82503484cca6a731a7e5c2e2c63df85f738759ba75998e2b80326e3fb87b
SSDeep	3072:wob1IVLs05WNzmn+OkM6EtoLKXBGfK/O8urxXhqCdA1D37x:NI20okfKrfKMFB6D3F
Size	115200 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-GD Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Vundo Panda = Trj/Genetic.gen nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Artemis!968BD197B886 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo Jiangmin = Trojan/Generic.fnxb McAfee = Artemis!968BD197B886 F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-GD AVG = Generic22.AZLN GData = Gen:Variant.Vundo.4 TheHacker = Trojan/Kryptik.llt BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LLT
ExIF Data	File Size : 112 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:06:11 15:18:07-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 102400 Initialized Data Size : 49152 Uninitialized Data Size : 0 Entry Point : 0x19601 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.0.0.3422 Product Version Number : 2.0.0.3422 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : Rlikrttkj Ibietanazzz File Description : Jugqectay Character Animation Data Provider File Version : 2.00.0.3422 Internal Name : AgentDataProvider2 Legal Copyright : Copyright (C) Bhgtbibxy Corp. 1997-98 Legal Trademarks : Original Filename : AgentDp2.dll Private Build : Product Name : Nrrmupjma Character Animation Data Provider Product Version : 2.00.0.3422 Special Build :
VirusTotal Report submitted 2011-07-03 10:23:15
VirusShare info last updated 2012-09-21 19:52:20

	MD5	9cf9492cb514481143d818fcf228e77e
	SHA1	2b885e39ef3f07b41b97e5cc91a8da28c90754c2
	SHA256	96bffa369a1f7e7230dba0c2db0f990b9d27bf1549bf77cd137b7e44895f9152
SSDeep	6144:WBqKPCHcZlccbp/tsTAnlN+GyhT3mDDEvqqDLu:WMKPHZXIuNvyNmDDEyqnu
Size	226816 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:Pirminay-BU [Trj] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Malware/Win32.Generic Panda = Trj/CI.A VirusBuster = Trojan.Kryptik!7KE5+rOsuVo TrendMicro-HouseCall = TROJ_GEN.R47C2G4 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Vundo!jb DrWeb = Trojan.MulDrop2.36782 TrendMicro = TROJ_GEN.R47C2G4 Microsoft = Trojan:Win32/Vundo McAfee = Vundo!jb F-Secure = Trojan.Generic.KDV.277157 VIPRE = Virtumonde Avast5 = Win32:Pirminay-BU [Trj] AVG = Generic23.XGT GData = Trojan.Generic.KDV.277157 BitDefender = Trojan.Generic.KDV.277157 NOD32 = a variant of Win32/Kryptik.LLT
ExIF Data	File Size : 222 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:31 10:04:02-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 196608 Initialized Data Size : 86016 Uninitialized Data Size : 0 Entry Point : 0x2ca8e OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.0.2134.1 Product Version Number : 5.0.0.5174 File Flags Mask : 0x003f File Flags : (none) File OS : Windows 16-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Windows, Latin1 Company Name : Eastman Software, Inc., A Kodak Business File Description : PRINT LIBRARY File Version : 5.00.2134.1 Legal Copyright : Copyright © Kodak, 1989-1997 Original Filename : OIPRT400.DLL Product Name : Imaging for Otckacm® Product Version : 5.00.2134.1
VirusTotal Report submitted 2011-07-05 17:35:44
VirusShare info last updated 2012-09-21 21:12:35

	MD5	a0ba5054dfc46338161aefb11c6728ab
	SHA1	a51d4887729ab582070b6512d9ea931b708f4927
	SHA256	9023184700419bcb0e89efed9dfee6089745748d30924290911d2ef66da121fe
SSDeep	3072:h7UOlaZJer4J+9o/e5/HbkL6Io6Pfi7ZR5Ex32669cm0y2N9:eJnhe5PbkLpPfi
Size	155648 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay Panda = Trj/CI.A Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Artemis!A0BA5054DFC4 McAfee = Artemis!A0BA5054DFC4 F-Secure = Trojan.Generic.KDV.199291 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Vundo-JU AVG = Generic21.COHM GData = Trojan.Generic.KDV.199291 BitDefender = Trojan.Generic.KDV.199291 NOD32 = probably a variant of Win32/Kryptik.LXF
ExIF Data	File Size : 152 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2005:03:27 20:29:25-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 49152 Initialized Data Size : 139264 Uninitialized Data Size : 0 Entry Point : 0x933a OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1.0.13.0 Product Version Number : 1.0.13.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 1 Language Code : Danish Character Set : Unicode Comments : Company Name : Crjnqwpap Fnzjoqtkgdl File Description : Lexmark 3200 Color Jetprinter File Version : 1, 0, 13, 0 Internal Name : LXSYSRES.DLL Legal Copyright : Copyright (C) Fzcdjmecz Corp. 1981-1997 Legal Trademarks : Original Filename : OEMRES Private Build : Product Name : Tbhsuckgp(R) Hzzhyzz NT(R) Operativsystem Product Version : 1, 0, 13, 0 Special Build :
VirusTotal Report submitted 2011-05-06 17:32:25
VirusShare info last updated 2012-09-21 21:55:41

	MD5	a23e7d82e2864c476c9eee22861b5607
	SHA1	adde900b4d01de2a0529ada06615cc1495b701e7
	SHA256	ca0dc2dd9b921f632177cb7cf8d80eaef85dd8df2c3bcfecb47ef3b36725431c
SSDeep	6144:kioeEO36rXdrjCAtkJ99w1YBCGo4HvXk9Y61pXVFHiEenBl37:ZiU/n9Pc5VFCECx7
Size	340490 bytes
File Type	PE32 executable (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Spy.340561 Avast = Win32:Pirminay-H [Trj] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Downloader/Win32.Agent Panda = Suspicious file K7AntiVirus = Riskware VirusBuster = TrojanSpy.Agent!uqbvFmUpGzk VBA32 = SScope.Trojan.Pirminay.chc TrendMicro-HouseCall = TROJ_DLOADR.SMWQ Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Downloader-CEW.ag DrWeb = Trojan.DownLoader2.59309 TrendMicro = TROJ_DLOADR.SMWQ Microsoft = TrojanDownloader:Win32/Renos.KC Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.ADH TotalDefense = Win32/Swisyn.R McAfee = Downloader-CEW.ag F-Secure = Gen:Variant.Zbot.34 VIPRE = Trojan.Win32.Generic!BT AVG = Downloader.Agent2.AIMN Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen Symantec = Trojan.ADH.2 GData = Gen:Variant.Zbot.34 TheHacker = Trojan/Downloader.Agent.pxo BitDefender = Gen:Variant.Zbot.34 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Size : 333 kB File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:04:03 05:35:13-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 16384 Initialized Data Size : 618496 Uninitialized Data Size : 0 Entry Point : 0x49ec OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.10.0.3650 Product Version Number : 5.10.0.3650 File Flags Mask : 0x003f File Flags : Private build File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 9 Language Code : English (U.S.) Character Set : Unicode Company Name : Intel Corporation File Description : Intel(r) Integrated Controller Hub Audio Driver File Version : 5.10.3650 built by: WinDDK Internal Name : ichaud.sys Legal Copyright : Copyright (C) Intel Corporation 1998-2001 Original Filename : ichaud.sys Product Name : Intel(r) Integrated Controller Hub Audio Driver Product Version : 5.10.3650
VirusTotal Report submitted 2012-05-29 02:54:38
VirusShare info last updated 2012-09-21 22:15:02

	MD5	a5100975b4c388ceb438d2b94317bcdf
	SHA1	4ed1e07ce79032a058ae616090549e5360aa2c3a
	SHA256	9305bae8c893147b0a80d7da81ca8b84f829c27603b587761277db33bbf27700
SSDeep	3072:2WVYwypfthWL9IWaOD/+EGWAoJCHoLp+e+z4mRBDjyPG:2MyJth19EjCdz4mRBny
Size	133120 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-GD Antiy-AVL = Trojan/win32.agent.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.FakeAV Panda = Suspicious file nProtect = Gen:Variant.Vundo.4 VirusBuster = Trojan.Kryptik!DINzpRo1EVs TrendMicro-HouseCall = TROJ_GEN.R47C2FJ Comodo = UnclassifiedMalware McAfee-GW-Edition = Artemis!A5100975B4C3 TrendMicro = TROJ_GEN.R47C2FJ Microsoft = Trojan:Win32/Vundo PCTools = Trojan.Gen McAfee = Artemis!A5100975B4C3 F-Secure = Gen:Variant.Vundo.4 VIPRE = Virtumonde Prevx = Medium Risk Malware Dropper Avast5 = Win32:MalOb-GD AVG = Generic22.AUNW Norman = W32/Suspicious_Gen2.MUMVE Symantec = Trojan.Gen GData = Gen:Variant.Vundo.4 BitDefender = Gen:Variant.Vundo.4 NOD32 = probably a variant of Win32/Kryptik.LXF
ExIF Data	File Size : 130 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:09 21:06:46-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 73728 Initialized Data Size : 98304 Uninitialized Data Size : 0 Entry Point : 0xfd9a OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 4.6.3.518 Product Version Number : 4.6.3.518 File Flags Mask : 0x30003f File Flags : (none) File OS : Windows 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Windows, Latin1 Company Name : Microsoft Corporation File Description : Microsoft DirectDraw File Version : 4.06.03.0518 Internal Name : ddraw.dll Legal Copyright : Copyright © Microsoft Corp. 1994-1999 Original Filename : ddraw.dll Product Name : Microsoft® DirectX for Windows® 95 and 98 Product Version : 4.06.03.0518
VirusTotal Report submitted 2011-07-01 00:05:55
VirusShare info last updated 2012-09-21 22:44:20

	MD5	a62619f319a12cb8414093060908621d
	SHA1	5e9f7500da972b91c8dc3830fcf3e04c33264369
	SHA256	90ffa55cd44e3468f74819dc12eea791964cb2de6748cd5b7e56c5cfb601b0cb
SSDeep	1536:za3I3AzWHWUYe3wgKh6/69QR4WboU0Ye56GPsBDiWsg15LKw0fvlJoSn7u6ysiu:zII3FHW9e3HQ6/6CRgp6GwuWBrGVlJvy
Size	95744 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Suspicious file K7AntiVirus = Riskware VirusBuster = Trojan.Vundo!fhcd0Mw9ivE TrendMicro-HouseCall = TROJ_GEN.R72C2DS Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.WinSpy.1328 TrendMicro = TROJ_GEN.R72C2DS Kaspersky = HEUR:Trojan.Win32.Generic ViRobot = Trojan.Win32.A.Monder.95744.E Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Generic.imne McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) eSafe = Win32.TRVundo F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.LNZ Norman = W32/Suspicious_Gen2.LHHUZ Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Gen:Variant.Vundo.4 NOD32 = probably a variant of Win32/Kryptik.LXF
ExIF Data	File Size : 94 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:10 16:32:48-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 81920 Initialized Data Size : 49152 Uninitialized Data Size : 0 Entry Point : 0x14ab1 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.0 Product Version Number : 5.2.3790.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Xaaxgyesi Pewwrcilsmz File Description : Session Remote Control Utility File Version : 5.2.3790.0 (srv03_rtm.030324-2048) Internal Name : shadow Legal Copyright : © Dvituzzow Tqvhfjhgqcd. All rights reserved. Original Filename : shadow.exe Product Name : Ifimxlxgb® Dpbfokk® Hwwwivmmo Vlmpmg Product Version : 5.2.3790.0
VirusTotal Report submitted 2012-05-30 16:27:50
VirusShare info last updated 2012-09-21 22:58:12

	MD5	a6c8a03eeb9e39c6647deb03103ac5dd
	SHA1	dceed6ee438d4ca8eafcdb7a9b2a387bd9cbf66b
	SHA256	91e3b183348b05d8a07c6c305f6489a628a81ee5492e354d5dae93e26c23a59f
SSDeep	1536:J0dKSmGf9i9sh8qriYbGboELQ3Fr1CnCRJZufMqqU+NV23S2z:+2Gf9neqriY6boy8kfMqqDLy/z
Size	86528 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:Vundo-JW Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.FakeAV Panda = Suspicious file nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_GEN.R72C2FP Comodo = UnclassifiedMalware McAfee-GW-Edition = Artemis!A6C8A03EEB9E TrendMicro = TROJ_GEN.R72C2FP Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo Jiangmin = Trojan/Generic.gije McAfee = Artemis!A6C8A03EEB9E F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Vundo-JW eSafe = Win32.TRVundo AVG = Generic23.LVT Norman = W32/Suspicious_Gen2.NBLHH GData = Gen:Variant.Vundo.4 TheHacker = Trojan/Kryptik.owy BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.OWY
ExIF Data	File Size : 84 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:13 09:32:51-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 32768 Initialized Data Size : 106496 Uninitialized Data Size : 0 Entry Point : 0x8a87 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Softpub Forwarder DLL File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : Softpub Forwarder DLL Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : Softpub Forwarder DLL Product Name : Microsoft® Windows® Operating System Product Version : 6.1.7600.16385
VirusTotal Report submitted 2011-06-30 08:07:32
VirusShare info last updated 2012-09-21 23:06:12

	MD5	b2253d8340f841a0daf153e008ec258e
	SHA1	34a6ef7f159ddeb44e3806ee2636f105d68acef2
	SHA256	d56dd452b688b6dfdf3b75d7d2fb488a221a953fd827106bdcbaf0f8f9a66a53
SSDeep	1536:IFu070mGhZvw9shG9iY28bosLQ3FR1CnCRJZumMqqU+NV23S27e:IFtGhZvR09iYDbo48kmMqqDLy/7e
Size	86528 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-HH [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Fakeav.86528.R Panda = Trj/Genetic.gen nProtect = Trojan/W32.Agent.86528.MA K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!uctT7Hc18Oc TrendMicro-HouseCall = TROJ_GEN.R72C7KM Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Win32.Vundo.av5.ML SUPERAntiSpyware = Trojan.Agent/Gen-Vundo McAfee-GW-Edition = Artemis!B2253D8340F8 DrWeb = Trojan.WinSpy.1072 TrendMicro = TROJ_GEN.R72C7KM Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.HSC Jiangmin = Trojan/Generic.gije McAfee = Artemis!B2253D8340F8 ClamAV = PUA.Win32.Packer.Armadillo-93 F-Secure = Gen:Variant.Vundo.4 VIPRE = Virtumonde eSafe = Win32.TRVundo F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic25.COKL Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.owy BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.OWY
ExIF Data	File Size : 84 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:13 09:32:51-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 32768 Initialized Data Size : 106496 Uninitialized Data Size : 0 Entry Point : 0x8a87 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Softpub Forwarder DLL File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : Softpub Forwarder DLL Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : Softpub Forwarder DLL Product Name : Microsoft® Windows® Operating System Product Version : 6.1.7600.16385
VirusTotal Report submitted 2012-06-08 18:21:34
VirusShare info last updated 2012-09-22 01:23:11

	MD5	b62a2f8e6eca77bd4d73b5e6086a8f36
	SHA1	17991cc53b53760ccf5422d05c7c6425004d8d97
	SHA256	c982b845b4c40f061718201c687e8ab4aecf019b64cb24f9926671a22b595ff7
SSDeep	3072:S+H46rU50oY8ACCq4DcXQILUdFzzMqqDLy/goDbc:6ekpS0QjFzAqqDLug
Size	131072 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-HF [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/Genetic.gen nProtect = Trojan/W32.Genome.131072.E K7AntiVirus = Riskware VirusBuster = Trojan.Vundo.AKMH TrendMicro-HouseCall = TROJ_GEN.R47C2G4 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Win32.Vundo.av5.ML McAfee-GW-Edition = Vundo!jb DrWeb = Trojan.WinSpy.1185 TrendMicro = TROJ_GEN.R47C2G4 Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Generic.kpyn McAfee = Vundo!jb F-Secure = Gen:Variant.Vundo.4 VIPRE = Virtumonde F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.APGP Norman = Vundo.UVS Sophos = Troj/Virtum-Gen Symantec = Trojan.Gen GData = Gen:Variant.Vundo.4 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.lxf BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Size : 128 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:05 18:48:40-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 86016 Initialized Data Size : 86016 Uninitialized Data Size : 0 Entry Point : 0x151a7 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.1.4026.0 Product Version Number : 2.0.0.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : Ncpniezam Kdqqjqacykd File Description : Movie Maker Filters File Version : 2, 1, 4026, 0 Internal Name : WMM2FILT Legal Copyright : Copyright (C) Lfwckqjlh Corp, 2004 Legal Trademarks : Original Filename : WMM2FILT.DLL Private Build : Product Name : Windows Movie Maker Product Version : 2.1.4026.0 Special Build :
VirusTotal Report submitted 2012-06-18 02:07:06
VirusShare info last updated 2012-09-22 02:06:19

	MD5	c517916c1113feaf94758577fc921890
	SHA1	bb6a9a22e075c18daf704ef394c82ae9965433d2
	SHA256	9645c003d8a3e59acac848c02476273f252554fe8b212d1969ef702ab58cb7af
SSDeep	3072:S+606rU50oY8ACV6BUcXr2iLdFz6MqqDLy/8oDbc:TekSa0rnFzpqqDLu8
Size	131072 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:Vundo-JX [Trj] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/Genetic.gen Rising = Trojan.Win32.Generic.1289D055 nProtect = Gen:Variant.Vundo.4 VirusBuster = Trojan.Vundo.AKMH eTrust-Vet = Win32/Vundo.HPV!genus TrendMicro-HouseCall = TROJ_GEN.R47C2GD Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Vundo!ji TrendMicro = TROJ_GEN.R47C2GD Microsoft = Trojan:Win32/Vundo.gen!AV McAfee = Vundo!ji F-Secure = Gen:Variant.Vundo.4 VIPRE = Virtumonde Avast5 = Win32:Vundo-JX [Trj] AVG = Generic23.BGFT Norman = W32/Suspicious_Gen2.NNWYI GData = Gen:Variant.Vundo.4 BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Size : 128 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:05 18:48:40-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 86016 Initialized Data Size : 86016 Uninitialized Data Size : 0 Entry Point : 0x151a7 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.1.4026.0 Product Version Number : 2.0.0.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : Ncpniezam Kdqqjqacykd File Description : Movie Maker Filters File Version : 2, 1, 4026, 0 Internal Name : WMM2FILT Legal Copyright : Copyright (C) Lfwckqjlh Corp, 2004 Legal Trademarks : Original Filename : WMM2FILT.DLL Private Build : Product Name : Windows Movie Maker Product Version : 2.1.4026.0 Special Build :
VirusTotal Report submitted 2011-07-15 06:49:52
VirusShare info last updated 2012-09-22 07:24:10

	MD5	c531c6e65c3903e86ea2093a56537adb
	SHA1	315b545ebbdce05cc868d36d74bd7a1f9df4ec30
	SHA256	9641d4eae8e1625f452a5c3aed355e9fd24d3c0c1b081d0383eefe778c393960
SSDeep	3072:vfBRV+oo0MqqDLy/QfxgzsuOVVFlktay0z:3n6qqDLuCecVfwU
Size	106496 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:Pirminay-BU [Trj] Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.FakeAV Panda = Generic Trojan nProtect = Gen:Variant.Vundo.13 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!IpBooeZwKOM TrendMicro-HouseCall = TROJ_GEN.R47C2FM Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Vundo!mn DrWeb = Trojan.MulDrop2.36782 TrendMicro = TROJ_GEN.R47C2FM Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.iqqv McAfee = Vundo!mn F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Generic!BT F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.GEL Norman = W32/Kryptik.AIF GData = Gen:Variant.Vundo.13 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.npr BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.NPR
ExIF Data	File Size : 104 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:08:22 16:27:15-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 36864 Initialized Data Size : 118784 Uninitialized Data Size : 0 Entry Point : 0x5e8e OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.5512 Product Version Number : 5.1.2600.5512 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 4 Language Code : English (U.S.) Character Set : Unicode Company Name : Hhkpnmodi Gztyebnxsek File Description : RDP Display Driver File Version : 5.1.2600.5512 (xpsp.080413-2111) Internal Name : RDPDD.dll Legal Copyright : © Flaqhafxi Kjvcqccrztv. All rights reserved. Original Filename : RDPDD.dll Product Name : Iaunetfay® Dljbfjb® Pbkgrfwtm Qhktdp Product Version : 5.1.2600.5512
VirusTotal Report submitted 2011-10-21 20:50:59
VirusShare info last updated 2012-09-22 07:26:53

	MD5	c5bacc0fbad6e6091416cb62d686c719
	SHA1	a33a215a0923c815e0f3321174b55e096dabfbbb
	SHA256	97b5557eb4879d96b9f9e708ea855b6dbb2557b5ed9aa58268f1cfcf312d4ad3
SSDeep	1536:sQsTmG1Lk9shZOiYj5bo8LQ3Fv1CnCRJZuZMqqU+NV23S2P:sCG1LlzOiYdbom8kZMqqDLy/P
Size	86528 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:Vundo-JW Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.FakeAV Panda = Suspicious file nProtect = Gen:Variant.Vundo.4 Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Vundo!ja Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Jiangmin = Trojan/Generic.gije McAfee = Vundo!ja F-Secure = Gen:Variant.Vundo.4 VIPRE = Virtumonde Avast5 = Win32:Vundo-JW AVG = Generic23.AJUP GData = Gen:Variant.Vundo.4 TheHacker = Trojan/Kryptik.owy BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.OWY
ExIF Data	File Size : 84 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:13 09:32:51-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 32768 Initialized Data Size : 106496 Uninitialized Data Size : 0 Entry Point : 0x8a87 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Softpub Forwarder DLL File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : Softpub Forwarder DLL Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : Softpub Forwarder DLL Product Name : Microsoft® Windows® Operating System Product Version : 6.1.7600.16385
VirusTotal Report submitted 2011-07-04 19:23:22
VirusShare info last updated 2012-09-22 07:40:49

	MD5	cfb6eebd19566b68bf2a016580b1dab5
	SHA1	313eaa8aba1cd502d9ff5f6a5e73ca59c3f4d1ef
	SHA256	95b4f0229793202f6e23e87f23c94497371554969c131f6a79834da6280ed380
SSDeep	1536:RSQqfhAPB5pSeQSwYnRQD2PQQDs6sRqHFdSo:R9ZPZwkRQE3DXgKD
Size	88610 bytes
File Type	PE32 executable (GUI) Intel 80386, for MS Windows
Detections	Avast = Win32:Trojan-gen Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Gen.Variant.Vundo eTrust-Vet = Win32/Swisyn.DT McAfee-GW-Edition = Artemis!CFB6EEBD1956 McAfee = Artemis!CFB6EEBD1956 Avast5 = Win32:Trojan-gen AVG = Generic20.CKFC GData = Win32:Trojan-gen
ExIF Data	File Size : 87 kB File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2002:08:30 20:58:54-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 16384 Initialized Data Size : 618496 Uninitialized Data Size : 0 Entry Point : 0x44c0 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI Warning : Error processing PE data dictionary
VirusTotal Report submitted 2011-02-10 19:41:45
VirusShare info last updated 2012-09-22 12:12:08

	MD5	d955f2f612bb592e76219401dc7bd863
	SHA1	a5ce54396a83cc25db6980d3d7204ef294cb43e3
	SHA256	c8c013494203de69d07f0a57ecb889f235055f2a8ec32ff9ca9e7e031d88d530
SSDeep	1536:5ZGYIG0UD536dMk6bzUBMYbAOiTsDoFT7U70Y0XEcVCoNS:5ZGJ635k6bXOZoIg0foN
Size	85504 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-EI Ikarus = Trojan.Win32.Pirminay Panda = Suspicious file nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_GEN.R26C1FT Comodo = UnclassifiedMalware McAfee-GW-Edition = Vundo!hc TrendMicro = TROJ_GEN.R26C1FT Kaspersky = UDS:DangerousObject.Multi.Generic Microsoft = Trojan:Win32/Vundo.gen!AV PCTools = HeurEngine.MaliciousPacker McAfee = Vundo!hc F-Secure = Gen:Variant.Vundo.4 VIPRE = Virtumonde Avast5 = Win32:MalOb-EI F-Prot = W32/Virtumonde.BZ.gen!Eldorado AVG = Generic23.AJNZ Norman = W32/Suspicious_Gen2.KSBDZ Symantec = Packed.Generic.305 GData = Gen:Variant.Vundo.4 Commtouch = W32/Virtumonde.BZ.gen!Eldorado BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.NHN
ExIF Data	File Size : 84 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:08:27 00:41:58-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 32256 Initialized Data Size : 90112 Uninitialized Data Size : 0 Entry Point : 0x8b81 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.2180 Product Version Number : 5.1.2600.2180 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Microsoft PCHealth Remote Assistance File Open & Save controls File Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Internal Name : SAFRCFileDlg.DLL Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : SAFRCFileDlg.DLL Product Name : Microsoft® Windows® Operating System Product Version : 5.1.2600.2180
VirusTotal Report submitted 2011-07-02 06:13:42
VirusShare info last updated 2012-09-22 14:36:54

	MD5	d9d2cd5230a43f19c5a5809cdfa553e1
	SHA1	815de1fa131bc48d7cb91fee4aaa2e55a7263ec3
	SHA256	c2d68c2048f3a430b56ec2f51697437b7764d11fb71542e137dba0a2fe6cd508
SSDeep	3072:qs8A8Me7T/nfQX/ySVORTN1hCXn1wMwHyaXnTcRJGm6wrxgrxtGIPRZZmkuG:qsmMe7jQbVfwMwpmB+2IYk
Size	150016 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:MalOb-GD Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Gen Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.13 K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_GEN.R72C2F8 Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Agent.Gen SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Vundo!iy TrendMicro = TROJ_GEN.R72C2F8 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo PCTools = Trojan.Gen Jiangmin = Trojan/Generic.gdwr McAfee = Vundo!iy F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-GD AVG = Generic22.BECY Norman = W32/Suspicious_Gen2.MYNVW Symantec = Trojan.Gen GData = Gen:Variant.Vundo.13 TheHacker = Trojan/Kryptik.ndf BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.NDF
ExIF Data	File Size : 146 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2007:02:25 23:57:15-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 139264 Initialized Data Size : 53248 Uninitialized Data Size : 0 Entry Point : 0x22691 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Sqdxuwjyv Jtzvdxwxyfz File Description : RD Gateway QEC File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : tsgqec.dll Legal Copyright : © Pfsomcmvl Jfkoqfylawb. All rights reserved. Original Filename : tsgqec.dll Product Name : Qidllkosj® Windows® Mphwnomth Jumiqu Product Version : 6.1.7600.16385
VirusTotal Report submitted 2011-06-25 18:22:25
VirusShare info last updated 2012-09-22 14:42:32

	MD5	e1fbbc3aeb28067dd92aca96f60c4537
	SHA1	26a00f1e27e40c463b1fd18773776d1218705e70
	SHA256	d5d75329f6aeffe1940ab291a94cd949479cc628f9d94c151361fc73fe861b52
SSDeep	3072:BYGIlPveemaZ1p+D1Nm4s1cwGRnvsyuwBMqqDLy/VKFt976utX:Bs3C1MVGdvsFwKqqDLuVKFXD
Size	172032 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:MalOb-HH [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Gen Panda = Generic Trojan Rising = Trojan.Win32.Generic.129C0FEE K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!YA1H4IDYddo TrendMicro-HouseCall = TROJ_GEN.R30C7J3 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[RE] McAfee-GW-Edition = Vundo!mi TrendMicro = TROJ_GEN.R30C7J3 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.oneq McAfee = Vundo!mi F-Secure = Trojan.Generic.KDV.371706 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic25.OTC Norman = W32/Suspicious_Gen.SPNA Sophos = Troj/Virtum-Gen Symantec = Trojan.Gen GData = Trojan.Generic.KDV.371706 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.qgu BitDefender = Trojan.Generic.KDV.371706 NOD32 = a variant of Win32/Kryptik.QGU
ExIF Data	File Size : 168 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2007:02:18 13:48:51-05:00 PE Type : PE32 Linker Version : 6.0 Code Size : 98304 Initialized Data Size : 114688 Uninitialized Data Size : 0 Entry Point : 0x184a7 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Zkwfwcpbv Gktmhtuaqur File Description : Wlroodvof® Group Policy Management Utility File Version : 6.0.6000.16386 (fxidy_rtm.061101-2205) Internal Name : Brjnpkbhq.GroupPolicy.InterOp.dll Legal Copyright : © Mpbbcqlqb Mzfbqvexnoy. All rights reserved. Original Filename : Nwbsmjsti.GroupPolicy.InterOp.dll Product Name : Xvisvgqfa® Kwyaumd® Acelxdcvg Saiaqt Product Version : 6.0.6000.16386
VirusTotal Report submitted 2011-11-08 18:17:22
VirusShare info last updated 2012-09-22 16:29:33

	MD5	e232509bb20b1fc77f7e778366be4f82
	SHA1	aac84b849799e5c6c0aa7f53b393fffd22bbdbeb
	SHA256	d0a17e768e224647b049e91d812d477d814a02f8c0e0b62aeea3106109187d7f
SSDeep	3072:S+AM6rU50oY8ACouUGcXdUKLdFzwMqqDLy/noDbc:5ekvX0ddFz7qqDLun
Size	131072 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:Vundo-JX [Trj] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/Genetic.gen nProtect = Gen:Variant.Vundo.4 VirusBuster = Trojan.Vundo.AKMH eTrust-Vet = Win32/Vundo.HPV!genus TrendMicro-HouseCall = TROJ_GEN.R47C2G5 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] TrendMicro = TROJ_GEN.R47C2G5 Microsoft = Trojan:Win32/Vundo.gen!AV F-Secure = Gen:Variant.Vundo.4 VIPRE = Virtumonde Avast5 = Win32:Vundo-JX [Trj] AVG = Generic23.ASHT Norman = W32/Suspicious_Gen2.NGOWS GData = Gen:Variant.Vundo.4 BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Size : 128 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:05 18:48:40-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 86016 Initialized Data Size : 86016 Uninitialized Data Size : 0 Entry Point : 0x151a7 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.1.4026.0 Product Version Number : 2.0.0.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : Ncpniezam Kdqqjqacykd File Description : Movie Maker Filters File Version : 2, 1, 4026, 0 Internal Name : WMM2FILT Legal Copyright : Copyright (C) Lfwckqjlh Corp, 2004 Legal Trademarks : Original Filename : WMM2FILT.DLL Private Build : Product Name : Windows Movie Maker Product Version : 2.1.4026.0 Special Build :
VirusTotal Report submitted 2011-07-06 10:01:32
VirusShare info last updated 2012-09-22 16:31:28

	MD5	e356c01cb4dbe17319f000e48d495a03
	SHA1	ea9d33a30a1c0d01d96f9154daadfcbe17b4714d
	SHA256	9766b8e9ed1a0fc1f06561a3bcc451db3213830f059c582fca035efc5bc60be2
SSDeep	1536:oPYj4dtNJu3G8fNFQwamFILh01Y3hyNS4Y6Y9l/MqqU+NV23S2bMnew:ov81FQwSyy+7Cl/MqqDLy/bZw
Size	115712 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-HF [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Trj/Genetic.gen nProtect = Trojan/W32.Monder.115712.D K7AntiVirus = Trojan VirusBuster = Trojan.Vundo!/ZT9t2AbL8g TrendMicro-HouseCall = TROJ_GEN.R01CCF4 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Win32.Trojan.Monder.co.5 SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[Cont] McAfee-GW-Edition = Heuristic.BehavesLike.Win32.Suspicious-BAY.K DrWeb = Trojan.WinSpy.1176 TrendMicro = TROJ_GEN.R01CCF4 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Vundo TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Generic.ijpf McAfee = Vundo.gen.fy F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) eSafe = Win32.Vundo F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Vundo.MH Norman = W32/Crypt.AWAT Sophos = Troj/Virtum-Gen Symantec = Trojan.Vundo!gen9 GData = Gen:Variant.Vundo.4 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.qgj ESET-NOD32 = Win32/Adware.Virtumonde.NHD BitDefender = Gen:Variant.Vundo.4
ExIF Data	File Size : 113 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:07:28 14:37:02-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 73728 Initialized Data Size : 90112 Uninitialized Data Size : 0 Entry Point : 0xe9c6 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.0.5.53 Product Version Number : 2.0.5.53 File Flags Mask : 0x30003f File Flags : Pre-release, Private build File OS : Windows 16-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Windows, Latin1 Active Movie : Filter dll OLE Self Register : AM20 Company Name : Intel Ereuuuegcnp File Description : Indeo® audio software File Version : 2.05.53 Internal Name : iac25_32.ax Legal Copyright : Copyright © Intel Corp. 1997 Original Filename : iac25_32.ax Product Name : Indeo® audio software Product Version : 2.05.53
VirusTotal Report submitted 2012-09-07 06:06:58
VirusShare info last updated 2012-09-22 16:44:36

	MD5	e6827c5dddaa70392b0cd62fddf9dc1a
	SHA1	9d4cf7316c679a9fd0cab0252f54eda2ab1b6841
	SHA256	c19cfd343fee0867b187aeebbeccc3c78a4a4ad7c6a68f4fb339d26ed4863095
SSDeep	6144:UagqiwtPrx4MRTm2cmlbyFWwv54T9nnoir/:PD/bYl54pno
Size	217088 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Gen Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.6 K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_GEN.R72C2F1 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Agent.ni TrendMicro = TROJ_GEN.R72C2F1 Microsoft = Trojan:Win32/Vundo PCTools = Trojan.Gen VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:Malware-gen AVG = Generic22.BFKA Symantec = Trojan.Gen GData = Gen:Variant.Vundo.6 BitDefender = Gen:Variant.Vundo.6 NOD32 = probably a variant of Win32/Kryptik.LXF
ExIF Data	File Size : 212 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:08:10 09:01:37-04:00 PE Type : PE32 Linker Version : 6.0 Code Size : 151552 Initialized Data Size : 102400 Uninitialized Data Size : 0 Entry Point : 0x25a31 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.5479.0 Product Version Number : 6.0.5479.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 1 Language Code : English (U.S.) Character Set : Unicode Company Name : SEIKO EPSON CORPORATION File Description : EPSON Printer Driver File Version : 6.0.5479.0 (vbl_wcp_d2_drivers.060616-1619) Internal Name : ep0lvr1m.dll Legal Copyright : Copyright (c) SEIKO EPSON CORPORATION 2003-2004. All rights reserved. Original Filename : ep0lvr1m.dll Product Name : EPSON Printer Driver Product Version : 6.0.5479.0
VirusTotal Report submitted 2011-06-11 03:49:35
VirusShare info last updated 2012-09-22 17:20:10

	MD5	f4629c144c47d493dabbd5d88beeafa6
	SHA1	8b9d2a381f0c7cc7fac9a7d0ad1e3cb167185193
	SHA256	c98918ccc328c5fe4a2b7ca30c9b3e40c0eab9ee1d7d604924b3c90c9431b3d8
SSDeep	1536:Me4wUKyADjLQaSVoJMqqU+NV23S2LLWBTd3OQSWWfTvG:M79KykDSVoJMqqDLy/LLW1dLSFvG
Size	114688 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Malware/Win32.Generic Panda = Generic Trojan nProtect = Gen:Variant.Vundo.13 K7AntiVirus = Riskware Comodo = UnclassifiedMalware McAfee-GW-Edition = Generic.dx!zva Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo Fortinet = W32/Dx.ZVA!tr McAfee = Generic.dx!zva F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Malware-gen eSafe = Win32.TRVundo AVG = Generic22.CPFB Norman = W32/Suspicious_Gen2.MWHQG GData = Gen:Variant.Vundo.13 TheHacker = Trojan/Kryptik.npr BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.NPR
ExIF Data	File Size : 112 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:23 10:13:41-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 36864 Initialized Data Size : 122880 Uninitialized Data Size : 0 Entry Point : 0x627e OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.2180 Product Version Number : 5.1.2600.2180 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Kwzbpwynb Vwxvxksczdm File Description : Shell scrap object handler File Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Internal Name : shole Legal Copyright : © Csarxlvoc Obtjsewcdep. All rights reserved. Original Filename : SHSCRAP.DLL Product Name : Mdynjxyct® Windows® Usfncdval Ltagjy Product Version : 5.1.2600.2180
VirusTotal Report submitted 2011-07-02 01:47:59
VirusShare info last updated 2012-09-22 19:59:23

	MD5	fa7e4b7aceb2a1de9be16f06722645bd
	SHA1	75cbb070658a36ac5d158bbfbce012cb7e8f9184
	SHA256	d7d2230d78769df59f9aa8c42ef7e3340dc466b026a9a7c8e97dfffe32f18d58
SSDeep	3072:S+Mc6rU50oY8ACr/3eTcXXSf44dFz9XMqqDLy/loDbc:Nek1s0XSpFz9cqqDLul
Size	131072 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:Vundo-JX [Trj] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/Genetic.gen nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!PV40KU1q1Xw eTrust-Vet = Win32/Vundo.HPV!genus TrendMicro-HouseCall = TROJ_GEN.R72C2FU Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Vundo!iy TrendMicro = TROJ_GEN.R72C2FU Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Vundo.IY!tr McAfee = Vundo!iy F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Vundo-JX [Trj] eSafe = Win32.TRVundo AVG = Generic23.TCZ Norman = W32/Suspicious_Gen2.MYUDM GData = Gen:Variant.Vundo.4 BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Size : 128 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:05 18:48:40-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 86016 Initialized Data Size : 86016 Uninitialized Data Size : 0 Entry Point : 0x151a7 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.1.4026.0 Product Version Number : 2.0.0.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : Ncpniezam Kdqqjqacykd File Description : Movie Maker Filters File Version : 2, 1, 4026, 0 Internal Name : WMM2FILT Legal Copyright : Copyright (C) Lfwckqjlh Corp, 2004 Legal Trademarks : Original Filename : WMM2FILT.DLL Private Build : Product Name : Windows Movie Maker Product Version : 2.1.4026.0 Special Build :
VirusTotal Report submitted 2011-07-10 06:27:45
VirusShare info last updated 2012-09-22 21:14:15

	MD5	fdf0cb4705839aaf1342a3db8ecd97f2
	SHA1	9f3e16983b4f9e7c133d38b35f0f247be8505530
	SHA256	c2d44a2a0a3958895cf23d46e4272d8e7d8ef14620864e005c2fc731f2fc61c2
SSDeep	1536:8TFfomGlgK9shtoiYWggboG/LQ3Fm1CnCRJZuFMqqU+NV23S2i:OtGlgPToiY+boh8kFMqqDLy/i
Size	86528 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:Vundo-JW [Trj] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Fakeav.86528.R Panda = Trj/Genetic.gen nProtect = Trojan/W32.Agent.86528.MA K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!aS/3ttfAEkk eTrust-Vet = Win32/Vundo.HSC TrendMicro-HouseCall = TROJ_GEN.R72C2GE Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Vundo!kf DrWeb = Trojan.WinSpy.1072 TrendMicro = TROJ_GEN.R72C2GE Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr Jiangmin = Trojan/Generic.gije McAfee = Vundo!kf F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Vundo-JW [Trj] F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.JTO Norman = W32/Suspicious_Gen2.NKSZP GData = Gen:Variant.Vundo.4 Symantec = WS.Reputation.1 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.owy BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.OWY
ExIF Data	File Size : 84 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:13 09:32:51-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 32768 Initialized Data Size : 106496 Uninitialized Data Size : 0 Entry Point : 0x8a87 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Softpub Forwarder DLL File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : Softpub Forwarder DLL Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : Softpub Forwarder DLL Product Name : Microsoft® Windows® Operating System Product Version : 6.1.7600.16385
VirusTotal Report submitted 2011-09-15 23:44:35
VirusShare info last updated 2012-09-22 21:54:36

	MD5	20c2f75299a366a5ceb1122e177c96c0
	SHA1	c845f1272110c8c33fc92e97fb2432a70c2329f9
	SHA256	c956fd879b7c87508c07612afc17a98eebe6cfffd8c3ccda56152dc25e3863af
SSDeep	3072:gDEkw/GodU9X2S7qu3dOdnWLhqUL7fo2lkN799vp0IHvj+s+ABOWcntZipr5TUPJ:JF5dkX2WrNX4h5p0yvj+sJBDcnR
Size	159744 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay Kingsoft = Win32.Troj.Monder.(kcloud) AhnLab-V3 = Trojan/Win32.Vundo Panda = Trj/Genetic.gen Rising = Trojan.Vundo!3CB2 nProtect = Trojan/W32.Monder.159744.B K7AntiVirus = Trojan VBA32 = AdWare.SuperJuan.heur TrendMicro-HouseCall = TROJ_GEN.R72C2F8 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Vundo.Gen SUPERAntiSpyware = Trojan.Agent/Gen-Vundo McAfee-GW-Edition = Heuristic.BehavesLike.Win32.Suspicious-DTR.K DrWeb = Trojan.Virtumod.10300 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Generic.iuwy McAfee = Artemis!20C2F75299A3 F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.BEPT Norman = W32/Suspicious_Gen2.PUKXE Sophos = Troj/Virtum-Gen Symantec = Trojan.Gen.2 GData = Gen:Variant.Vundo.4 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.laq ESET-NOD32 = a variant of Win32/Kryptik.AJLG BitDefender = Gen:Variant.Vundo.4
ExIF Data	File Size : 156 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:20 15:09:33-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 102400 Initialized Data Size : 90112 Uninitialized Data Size : 0 Entry Point : 0x19814 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Program Compatibility Assistant File Version : 6.0.6000.16386 (vista_rtm.061101-2205) Internal Name : Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : Product Name : Microsoft® Windows® Operating System Product Version : 6.0.6000.16386
VirusTotal Report submitted 2012-09-20 11:11:31
VirusShare info last updated 2012-09-23 00:05:49

	MD5	3a67b90339095bde12d3dcce90089b54
	SHA1	cd16bf8fd077b75afcdad7d4f039b1b039d6711b
	SHA256	975f9d2a3ab2d99acd606b7766bd498618e2170f24595f23838a812ca48e407d
SSDeep	3072:I/DvZH/hrmi/doOeOFVuw0XX59jVbwj1CFyafQJWzvX2o6Zfqb:IDNhq0zGw0XX5fwjIFLwWzfEfq
Size	139776 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay Kingsoft = Win32.Troj.Generic.(kcloud) AhnLab-V3 = Trojan/Win32.Monder Panda = Trj/Genetic.gen Rising = Trojan.Vundo!3CB2 K7AntiVirus = Trojan TrendMicro-HouseCall = TROJ_GEN.R4FC3FH Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[Cont] McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.WinSpy.1396 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Generic.mmnu McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Vundo.MH Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.13 Symantec = Trojan.Gen.2 Commtouch = W32/Virtumonde.CH.gen!Eldorado Agnitum = Trojan.Kryptik!j9UbdOnjyFc TheHacker = Trojan/Kryptik.llt ESET-NOD32 = a variant of Win32/Kryptik.LLT BitDefender = Gen:Variant.Vundo.13
ExIF Data	File Size : 136 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2007:12:31 08:21:02-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 86016 Initialized Data Size : 102400 Uninitialized Data Size : 0 Entry Point : 0x11e3a OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7000.0 Product Version Number : 6.1.7000.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Yufjgoqkg Lthxyltuyit File Description : Multimedia Class Scheduler Service File Version : 6.1.7000.0 (winmain_win7beta.081212-1400) Internal Name : mmcss.dll Legal Copyright : © Mzbqqmipl Mfueuwtxidl. All rights reserved. Original Filename : mmcss.dll Product Name : Rrkezhxjl® Khxauhj® Qznuguzah Dcqkhz Product Version : 6.1.7000.0
VirusTotal Report submitted 2012-09-21 01:03:00
VirusShare info last updated 2012-09-23 01:12:40

	MD5	4814650e19d4a975906f304e12d7b8d4
	SHA1	2f3fbab6a72938b5c9ff7cd8c22947cacd006a31
	SHA256	97519089fb9e09ac2a937b2c376a82f5f6eef0337c7156bb3a44295d5f1f80d6
SSDeep	1536:U4uwSC/UXuY28bQJjml9I3k3lQ36QDkUthM:U3wx8b20QJj83lQ39k
Size	49664 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:MalOb-GH [Cryp] Antiy-AVL = Trojan/win32.agent.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Trj/Genetic.gen Rising = Trojan.Vundo!3CB2 nProtect = Trojan/W32.Small.49664.EE K7AntiVirus = Trojan TrendMicro-HouseCall = TROJ_GEN.R72C2G1 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[Cont] McAfee-GW-Edition = Vundo.gen.fy DrWeb = Trojan.WinSpy.1071 TrendMicro = HT_VIRTUMONDE_00001b1.TOMA Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV ViRobot = Trojan.Win32.Vundo.49664 Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Vundo TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Generic.isio McAfee = Vundo.gen.fy F-Secure = Gen:Variant.Buzy.4423 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.ST AVG = Cryptic.DQQ Norman = W32/Kryptik.AKE Sophos = Troj/Virtum-Gen Symantec = Trojan.Vundo!gen9 GData = Gen:Variant.Buzy.4423 Commtouch = W32/Virtumonde.ST Agnitum = Trojan.Kryptik.Gen.26 TheHacker = Trojan/Kryptik.ocu ESET-NOD32 = a variant of Win32/Kryptik.OCU BitDefender = Gen:Variant.Buzy.4423
ExIF Data	File Size : 48 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2004:08:16 10:16:46-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 40960 Initialized Data Size : 49152 Uninitialized Data Size : 0 Entry Point : 0xaeb1 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2001.12.4414.258 Product Version Number : 3.0.0.4414 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Windows, Latin1 Company Name : Yzwibhlqj Ewifvhxbtkz File Description : Simple Kernel-mode File-based Log File Version : 2001.12.4414.258 Internal Name : txflog.sys Legal Copyright : Copyright (C) Microsoft Corp. 1995-1999 Legal Trademarks : Qfvwqsgxa(R) is a registered trademark of Ighyzngxg Psbzwdzhbpn. Pbnyczd(TM) is a trademark of Zlpagiibr Klpywuagrfb Product Name : COM Services Product Version : 03.00.00.4414
VirusTotal Report submitted 2012-09-21 04:49:17
VirusShare info last updated 2012-09-23 01:52:16

	MD5	4e18c992ccddaa676d10ac4064f17937
	SHA1	46317e7b9f2cbf7050c04b7685c13943789db548
	SHA256	932ff5cf977bff0f23ed221ed1be606f3aabb33e3d3707d25263d184e6314fe1
SSDeep	1536:Ua3I3AzWHWUYe3wgKh6/69QR4WboU0Yz5+PsBDsWHg3oqLKv0fvlColhn7u6yK7u:UII3FHW9e3HQ6/6CRgw+wQWA3dGClCCp
Size	95744 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-EI Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Malware/Win32.Generic Panda = Trj/CI.A K7AntiVirus = Riskware VirusBuster = Trojan.Vundo!prcC6uAEXdI TrendMicro-HouseCall = TROJ_GEN.R72C2DQ SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Artemis!4E18C992CCDD TrendMicro = TROJ_GEN.R72C2DQ Microsoft = Trojan:Win32/Vundo McAfee = Artemis!4E18C992CCDD F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:MalOb-EI eSafe = Win32.TRVundo AVG = Generic22.JHB Norman = W32/Suspicious_Gen2.LRTBX GData = Gen:Variant.Vundo.4 BitDefender = Gen:Variant.Vundo.4 NOD32 = probably a variant of Win32/Kryptik.LXF
ExIF Data	File Size : 94 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:10 16:32:48-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 81920 Initialized Data Size : 49152 Uninitialized Data Size : 0 Entry Point : 0x14ab1 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.0 Product Version Number : 5.2.3790.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Xaaxgyesi Pewwrcilsmz File Description : Session Remote Control Utility File Version : 5.2.3790.0 (srv03_rtm.030324-2048) Internal Name : shadow Legal Copyright : © Dvituzzow Tqvhfjhgqcd. All rights reserved. Original Filename : shadow.exe Product Name : Ifimxlxgb® Dpbfokk® Hwwwivmmo Vlmpmg Product Version : 5.2.3790.0
VirusTotal Report submitted 2011-05-05 02:33:08
VirusShare info last updated 2012-09-23 02:11:09

	MD5	6d81c983bfd4e869493995289e5469aa
	SHA1	28ba43bf61ed7dfe2e27e30dc3b8023695084a6e
	SHA256	933fd1314a4f9574fa7e8feb6260f04ec090f9540f58381ff166e4527901cdda
SSDeep	1536:azwyjmGscY9shCJiYpdMboyLQ3FK1CnCRJZuTMqqU+NV23S2wj:a6Gsc5UJiYpWboD8kTMqqDLy/wj
Size	86528 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:Vundo-JW Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.FakeAV Panda = Suspicious file nProtect = Gen:Variant.Vundo.4 Comodo = UnclassifiedMalware McAfee-GW-Edition = Artemis!6D81C983BFD4 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Jiangmin = Trojan/Generic.gije McAfee = Artemis!6D81C983BFD4 F-Secure = Gen:Variant.Vundo.4 VIPRE = Virtumonde Avast5 = Win32:Vundo-JW AVG = Generic23.AGNG Norman = W32/Suspicious_Gen2.NCOXB GData = Gen:Variant.Vundo.4 TheHacker = Trojan/Kryptik.owy BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.OWY
ExIF Data	File Size : 84 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:13 09:32:51-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 32768 Initialized Data Size : 106496 Uninitialized Data Size : 0 Entry Point : 0x8a87 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Softpub Forwarder DLL File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : Softpub Forwarder DLL Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : Softpub Forwarder DLL Product Name : Microsoft® Windows® Operating System Product Version : 6.1.7600.16385
VirusTotal Report submitted 2011-07-02 09:05:37
VirusShare info last updated 2012-09-23 04:30:54

	MD5	7f500a2f2ff6f3be24f991b5c1846c61
	SHA1	121c54a1bcdcb3d610c9fa9f61559ab2962c807a
	SHA256	90b7b332337b9cf1630567f9d79d11f0068eda7ea128cd2f138c48d18010245d
SSDeep	1536:eekTYj4dtNJu3G8fNTcwamFILh01Y3hyNSIY6Y9l/MqqU+NV23S2BMnew:eekr81TcwSyyW7Cl/MqqDLy/BZw
Size	115712 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-HF [Cryp] Ikarus = Trojan.Win32.Pirminay Kingsoft = Win32.Troj.Undef.(kcloud) Panda = Trj/Genetic.gen Rising = Trojan.Vundo!3CB2 nProtect = Trojan/W32.Monder.115712.D K7AntiVirus = Trojan TrendMicro-HouseCall = TROJ_VIRTUMONDE_00001cf.TOMA Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Win32.Trojan.Monder.co.5 SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[Cont] McAfee-GW-Edition = Heuristic.BehavesLike.Win32.Suspicious-BAY.K DrWeb = Trojan.WinSpy.1176 TrendMicro = HT_VIRTUMONDE_00001ad.TOMA Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Generic.ijpf McAfee = Vundo.gen.fy F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Vundo.MH Norman = W32/Crypt.AWAT Sophos = Troj/Virtum-Gen Symantec = Trojan.Gen GData = Gen:Variant.Vundo.4 Commtouch = W32/Virtumonde.CH.gen!Eldorado Agnitum = Adware.Virtumonde.Gen.2 TheHacker = Trojan/Kryptik.qgj ESET-NOD32 = Win32/Adware.Virtumonde.NHD BitDefender = Gen:Variant.Vundo.4
ExIF Data	File Size : 113 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:07:28 14:37:02-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 73728 Initialized Data Size : 90112 Uninitialized Data Size : 0 Entry Point : 0xe9c6 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.0.5.53 Product Version Number : 2.0.5.53 File Flags Mask : 0x30003f File Flags : Pre-release, Private build File OS : Windows 16-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Windows, Latin1 Active Movie : Filter dll OLE Self Register : AM20 Company Name : Intel Ereuuuegcnp File Description : Indeo® audio software File Version : 2.05.53 Internal Name : iac25_32.ax Legal Copyright : Copyright © Intel Corp. 1997 Original Filename : iac25_32.ax Product Name : Indeo® audio software Product Version : 2.05.53
VirusTotal Report submitted 2012-09-21 19:13:12
VirusShare info last updated 2012-09-23 06:10:50

	MD5	8e63dbe1276e10a8dc2f7d440f787093
	SHA1	ba8b3638beeacafdac5a969f597c9e92db019477
	SHA256	9674ca7d134abacaf98cc84212ccee746944d4952d9594b5f1ca6c0461ef0d4d
SSDeep	1536:frgb4BWVlxOoa3fr5oc4RPbUveopqalk5eYPRXbHzOzQI:MsBG1o9kxwpqal+HRI
Size	90112 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.abb Avast = Win32:MalOb-GD [Cryp] Antiy-AVL = Trojan/Win32.Monder.gen Ikarus = Trojan.Win32.Pirminay Kingsoft = Win32.Troj.Generic.(kcloud) AhnLab-V3 = Trojan/Win32.Vundo Panda = Suspicious file Rising = Trojan.Vundo!3CB2 K7AntiVirus = Trojan TrendMicro-HouseCall = TROJ_GEN.R72C2F8 Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.Virtumod.10117 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV ViRobot = Trojan.Win32.A.Monder.90112.B Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.H!generic McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Generic!BT F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Vundo.MH Norman = W32/Suspicious_Gen2.SEQUM Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado Agnitum = Trojan.Kryptik!r5uUjsSIU8k ESET-NOD32 = probably a variant of Win32/Kryptik.LXF BitDefender = Gen:Variant.Vundo.4
ExIF Data	File Size : 88 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:31 04:19:33-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 32768 Initialized Data Size : 90112 Uninitialized Data Size : 0 Entry Point : 0x51bd OS Version : 4.0 Image Version : 21315.20512 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7000.0 Product Version Number : 6.1.7000.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Jwutxkzaz Dgzmcdlzwkt File Description : Directory Service Security UI File Version : 6.1.7000.0 (winmain_win7beta.081212-1400) Internal Name : dssec Legal Copyright : © Jkznsiqfq Vknftkawkng. All rights reserved. Original Filename : dssec.dll Product Name : Hribrbafk® Itgylqu® Zeohkdnad Mzbacp Product Version : 6.1.7000.0
VirusTotal Report submitted 2012-09-21 22:18:26
VirusShare info last updated 2012-09-23 07:35:20

	MD5	a800cf8477b20642e30bdab2b3b938ee
	SHA1	78d024e2f8da37b977a2c4099e6cd942fbebef5a
	SHA256	c1d26b09354cb7b6d8ddc11cd09a6500a12a15200171f643e302c61c0213b705
SSDeep	3072:msb1IVLs05WNzmn+OPyEQ1nKXBGfK/a8u4xX9qC0AuD36x:XI20okfarfKYM8BD3K
Size	115200 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Crypt.XPACK.Gen Avast = Win32:MalOb-GD [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Vundo Panda = Trj/Genetic.gen Rising = Trojan.Vundo!3CB2 nProtect = Trojan.Generic.5928233 K7AntiVirus = Trojan TrendMicro-HouseCall = TROJ_GEN.R72C2F7 Comodo = TrojWare.Win32.Kryptik.LLT Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[Cont] McAfee-GW-Edition = Vundo.gen.fy DrWeb = Trojan.WinSpy.1276 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Generic.fnxb McAfee = Vundo.gen.fy F-Secure = Trojan.Generic.5928233 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Vundo.MH Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Trojan.Generic.5928233 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado Agnitum = Trojan.Kryptik!Rdrgb9b2cgk TheHacker = Trojan/Kryptik.llt ESET-NOD32 = a variant of Win32/Kryptik.LLT BitDefender = Trojan.Generic.5928233
ExIF Data	File Size : 112 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:06:11 15:18:07-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 102400 Initialized Data Size : 49152 Uninitialized Data Size : 0 Entry Point : 0x19601 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.0.0.3422 Product Version Number : 2.0.0.3422 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : Rlikrttkj Ibietanazzz File Description : Jugqectay Character Animation Data Provider File Version : 2.00.0.3422 Internal Name : AgentDataProvider2 Legal Copyright : Copyright (C) Bhgtbibxy Corp. 1997-98 Legal Trademarks : Original Filename : AgentDp2.dll Private Build : Product Name : Nrrmupjma Character Animation Data Provider Product Version : 2.00.0.3422 Special Build :
VirusTotal Report submitted 2012-09-22 03:21:40
VirusShare info last updated 2012-09-23 09:08:02

	MD5	02450e854659f6e32c1174e26fa7d83c
	SHA1	522d301ff0ecd8d89d30daa5c79ac932775ffeb8
	SHA256	d2102f512eb090ac7ae39582085ee5f02c184204bc0465bddf756e9e9752650b
SSDeep	3072:EX7TPXBDeB6txp/xuRHZaQWXYDVUWcySAlAS7Z8Zr+xuSUrm:iD3PkV4ySnS12S
Size	169472 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.307200 Avast = Win32:MalOb-GD [Cryp] Antiy-AVL = Trojan/win32.agent.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Genome Panda = Suspicious file K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!WMVbW9UOUxg eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R72C2E2 Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[Cont] McAfee-GW-Edition = Generic.dx!zsm DrWeb = Trojan.Smardec.82 TrendMicro = TROJ_GEN.R72C2E2 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen McAfee = Generic.dx!zsm F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CD.gen!Eldorado AVG = Generic22.UEE Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.13 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CD.gen!Eldorado TheHacker = Trojan/Kryptik.llt BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.LLT
ExIF Data	File Size : 166 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:12:07 08:18:18-05:00 PE Type : PE32 Linker Version : 5.12 Code Size : 118784 Initialized Data Size : 94208 Uninitialized Data Size : 0 Entry Point : 0x1a675 OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 4.30.62.2 Product Version Number : 4.30.62.2 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Intel Dorrzbwvtgm. File Description : Intel Indeo® Video Interactive Quick Compressor File Version : 4.30.62.02 Internal Name : ir41_qc Legal Copyright : Copyright© Intel Sjwyirasojb 1994-1997 Legal Trademarks : Indeo® is a registered trademark of Intel Lhiyzdfsvyz Original Filename : ir41_qc.dll Product Name : Intel Indeo® Video Interactive Quick Compressor Product Version : 4.30.62.02
VirusTotal Report submitted 2012-02-12 20:01:32
VirusShare info last updated 2012-09-23 22:38:11

	MD5	065bea2ac97b8316a2b6f17cc0cb56ee
	SHA1	25d6671063397bb57252a9d8a179c85312a79fa7
	SHA256	ce9348e91922e5714550aaaeebae825d152e376081d6c424d8744ea470c40cef
SSDeep	3072:IdDG1ZE/yrmi/doLFVu80nX5ljVbwjX6FC9yafQJWzvX2oFZfqb:IU1syq0YG80nX5XwjK49LwWzf1fq
Size	139776 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-EI Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Gen Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.13 Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[Cont] McAfee-GW-Edition = Artemis!065BEA2AC97B Microsoft = Trojan:Win32/Vundo McAfee = Artemis!065BEA2AC97B VIPRE = Virtumonde Avast5 = Win32:MalOb-EI AVG = Generic21.BBSJ Norman = W32/Suspicious_Gen2.MAWUI Symantec = Trojan.Gen GData = Gen:Variant.Vundo.13 TheHacker = Trojan/Kryptik.llt BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.LLT
ExIF Data	File Size : 136 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2007:12:31 08:21:02-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 86016 Initialized Data Size : 102400 Uninitialized Data Size : 0 Entry Point : 0x11e3a OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7000.0 Product Version Number : 6.1.7000.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Yufjgoqkg Lthxyltuyit File Description : Multimedia Class Scheduler Service File Version : 6.1.7000.0 (winmain_win7beta.081212-1400) Internal Name : mmcss.dll Legal Copyright : © Mzbqqmipl Mfueuwtxidl. All rights reserved. Original Filename : mmcss.dll Product Name : Rrkezhxjl® Khxauhj® Qznuguzah Dcqkhz Product Version : 6.1.7000.0
VirusTotal Report submitted 2011-05-23 03:17:43
VirusShare info last updated 2012-09-24 00:36:58

	MD5	08c10d82afadc291c1d6da6876a16826
	SHA1	ff7f08e3b7487ad28f448de5a761909c0de8efb8
	SHA256	986458c2c632426be8450409fd28ca656c87fbc08b1bd88be8a8a4f69e7b7fa9
SSDeep	3072:XeN2/wLOObqP7VU6bbnH2oLVo6v52b8IJ+kKC:X4239z2EbnHBLt2jq
Size	155648 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:Malware-gen Antiy-AVL = Trojan/win32.agent.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Malware/Win32.Generic Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr Jiangmin = Trojan/Generic.irik F-Secure = Gen:Variant.Vundo.4 VIPRE = Virtumonde Avast5 = Win32:Vundo-JU [Trj] F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic21.BBCB Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Gen:Variant.Vundo.4 NOD32 = Win32/Adware.Virtumonde.NHD
ExIF Data	File Size : 152 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:26 16:41:31-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 86016 Initialized Data Size : 102400 Uninitialized Data Size : 0 Entry Point : 0x1244e OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7000.0 Product Version Number : 6.1.7000.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 4 Language Code : English (U.S.) Character Set : Unicode Company Name : Uxthhdeui Psowbxeuwxd File Description : RDP Reflector Driver Miniport File Version : 6.1.7000.0 (winmain_win7beta.081212-1400) Internal Name : RDPREFMP.SYS Legal Copyright : © Rbnymbats Evjtimdxzbh. All rights reserved. Original Filename : RDPREFMP.SYS Product Name : Rfntuzsvd® Uxyqfjg® Gedouunyk Imlqkx Product Version : 6.1.7000.0
VirusTotal Report submitted 2011-09-09 08:17:33
VirusShare info last updated 2012-09-24 01:24:42

	MD5	163061fdd3479300028d2fdd3d9ba744
	SHA1	bd4006ef0fd9305a65d42128aadce4e63f93ecfb
	SHA256	d67b97e48c1b1e9a0a30b81d3423b9952e687937b5bbadbc517b64c6825121cd
SSDeep	3072:aDETwJG0dU9X2S7qu3EOdarLhoUL7Zo2lkNr99vHIPZvj+sKABOWcntZipr5TUPJ:nEJdkX2PnNx+x5HIBvj+s1BDcnR
Size	159744 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-EI Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Gen Panda = Suspicious file nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware VBA32 = AdWare.SuperJuan.heur TrendMicro-HouseCall = TROJ_GEN.R72C2FJ Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Artemis!163061FDD347 TrendMicro = TROJ_GEN.R72C2FJ Microsoft = Trojan:Win32/Vundo PCTools = Trojan.Gen McAfee = Artemis!163061FDD347 F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-EI eSafe = Win32.TRVundo AVG = Generic22.COFV Symantec = Trojan.Gen.2 GData = Gen:Variant.Vundo.4 TheHacker = Trojan/Kryptik.laq BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LAQ
ExIF Data	File Size : 156 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:20 15:09:33-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 102400 Initialized Data Size : 90112 Uninitialized Data Size : 0 Entry Point : 0x19814 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Program Compatibility Assistant File Version : 6.0.6000.16386 (vista_rtm.061101-2205) Internal Name : Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : Product Name : Microsoft® Windows® Operating System Product Version : 6.0.6000.16386
VirusTotal Report submitted 2011-07-04 21:56:07
VirusShare info last updated 2012-09-24 07:14:02

	MD5	16583a90498b6641fb783d522ac7fdef
	SHA1	5781145925b727e2cd5b5823ab9456b0b03fef30
	SHA256	c3e9f8d79fe775647eafc31afff6a418a766e29700d5557bfd70fb0029f5c866
SSDeep	1536:VB6v8FgmhCtT3KcqoJDOKAh6TbACySxLnHCd7/a+en0yod:VB6v8FgRV3tJNAMHACySZCd75ebod
Size	90112 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-GD [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Malware/Win32.Generic Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.13 VirusBuster = Trojan.Kryptik!btbkbD+hhug TrendMicro-HouseCall = TROJ_GEN.R47C2GB Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Artemis!16583A90498B TrendMicro = TROJ_GEN.R47C2GB Microsoft = Trojan:Win32/Vundo McAfee = Artemis!16583A90498B F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-GD [Cryp] AVG = Generic22.BKEW Norman = W32/Suspicious_Gen2.NIAMW Symantec = Trojan.Gen GData = Gen:Variant.Vundo.13 TheHacker = Trojan/Kryptik.ndc BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.NDC
ExIF Data	File Size : 88 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:12:08 07:48:01-05:00 PE Type : PE32 Linker Version : 5.12 Code Size : 73728 Initialized Data Size : 61440 Uninitialized Data Size : 0 Entry Point : 0xf0fa OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 3.57.0.442 Product Version Number : 3.57.0.442 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 6 Language Code : English (U.S.) Character Set : Unicode Company Name : VIA Technologies, Inc. File Description : NDIS 5.0 miniport driver File Version : 3.57.00.0442 Internal Name : FETND5.SYS Legal Copyright : Copyright (C) VIA Technologies, Inc. Legal Trademarks : VIA Original Filename : FETND5.SYS Product Name : VIA Rhine Family Fast Ethernet Adapter Product Version : 3.57.00.0442
VirusTotal Report submitted 2011-07-20 08:06:22
VirusShare info last updated 2012-09-24 07:20:11

	MD5	16b1e190c2a1c09d297d44bba5747ece
	SHA1	77fe61399130db78fd9c8011236b5d369fcaba4d
	SHA256	ce720bf38796fc5d0e52bee3651bc0c89de8de2a2d3d75b2fd227a6aa4bb897f
SSDeep	3072:S8EiakOH7BtjIo+IRxweCrf7PTijBxfULm5bEo7j81F:S8pakAEo+IfweuroBx8Lm5BC
Size	120832 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-GD Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Gen Panda = Trj/CI.A K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik.Gen.16 TrendMicro-HouseCall = TROJ_GEN.R72C2FO SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Artemis!16B1E190C2A1 TrendMicro = TROJ_GEN.R72C2FO Microsoft = Trojan:Win32/Vundo PCTools = Trojan.Gen McAfee = Artemis!16B1E190C2A1 F-Secure = Trojan.Generic.6151917 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-GD AVG = Generic23.JBF Symantec = Trojan.Gen GData = Trojan.Generic.6151917 TheHacker = Trojan/Kryptik.npn BitDefender = Trojan.Generic.6151917 NOD32 = a variant of Win32/Kryptik.NPN
ExIF Data	File Size : 118 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:14 13:39:47-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 69632 Initialized Data Size : 94208 Uninitialized Data Size : 0 Entry Point : 0x11a81 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1.3.0.3130 Product Version Number : 1.3.0.3130 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Jywyluocc Vhpbrgajfmp File Description : TDC ActiveX Control File Version : 1, 3, 0, 3130 Internal Name : TDC Legal Copyright : Copyright © 1996, 1997 Original Filename : TDC.OCX Product Name : Tabular Data Control Product Version : 1, 3, 0, 3130
VirusTotal Report submitted 2011-07-04 05:41:12
VirusShare info last updated 2012-09-24 07:33:29

	MD5	1cd2405ccbabd14e53682023df27b66f
	SHA1	842bb19aa97afc0e5fcbd8b142e14354cf70fb74
	SHA256	d1fd201c1091ca1367af0dd58bfdc70e3b835a4911fb98057ab6d67daf03cad9
SSDeep	6144:AGxjafQonIZo+qv4rNiyhPyKEHLJnppkEvDBI/D:TxjyIsQiiyPHLJnPZFI7
Size	252208 bytes
File Type	PE32 executable (GUI) Intel 80386, for MS Windows
Detections	Avast = Win32:Pirminay-EE [Trj] Antiy-AVL = Trojan/Win32.Pirminay Ikarus = Trojan-Downloader.Small Panda = Suspicious file nProtect = Trojan.Generic.6886472 K7AntiVirus = Riskware VBA32 = Trojan.Pirminay.orh TrendMicro-HouseCall = TROJ_SPNR.15KK11 Emsisoft = Trojan-Downloader.Small!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Artemis!1CD2405CCBAB DrWeb = Trojan.Smardec.119 TrendMicro = TROJ_SPNR.15KK11 Microsoft = Trojan:Win32/Dynamer!dtc Fortinet = W32/Pirminay.A!tr Jiangmin = Trojan/Generic.ogcu McAfee = Artemis!1CD2405CCBAB F-Secure = Trojan.Generic.6886472 AVG = Suspicion: unknown virus Norman = W32/Suspicious_Gen2.dam GData = Trojan.Generic.6886472 TheHacker = Trojan/Downloader.Agent.pxo BitDefender = Trojan.Generic.6886472 NOD32 = a variant of Win32/Ponmocup.AA
ExIF Data	File Size : 246 kB File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 62464 Initialized Data Size : 209408 Uninitialized Data Size : 0 Entry Point : 0x101da OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-06-15 10:42:55
VirusShare info last updated 2012-09-24 09:31:08

	MD5	20c443407736e0e4f1fb0c74e8569ae9
	SHA1	e0d2cdf2740715626a14bc8ed9af719d1a99ce7e
	SHA256	cdd8dd20a409cf081d6b161f1c0ab375afc56a4565e3f95cf435903e690cc90a
SSDeep	3072:S+Jm6rU50oY8ACy3pncXqrz5ZVz5ldFzqMqqDLy/eoDbc:GekQd0qvFz5qqDLue
Size	131072 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:Vundo-JX Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.4 VirusBuster = Trojan.Vundo.AKMH eTrust-Vet = Win32/Vundo.HPV!genus SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Artemis!20C443407736 Microsoft = Trojan:Win32/Vundo.gen!AV PCTools = Trojan.Gen McAfee = Artemis!20C443407736 F-Secure = Gen:Variant.Vundo.4 VIPRE = Virtumonde Avast5 = Win32:Vundo-JX AVG = Generic23.AEAA Norman = W32/Suspicious_Gen2.NCFBQ Symantec = Trojan.Gen GData = Gen:Variant.Vundo.4 BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Size : 128 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:05 18:48:40-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 86016 Initialized Data Size : 86016 Uninitialized Data Size : 0 Entry Point : 0x151a7 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.1.4026.0 Product Version Number : 2.0.0.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : Ncpniezam Kdqqjqacykd File Description : Movie Maker Filters File Version : 2, 1, 4026, 0 Internal Name : WMM2FILT Legal Copyright : Copyright (C) Lfwckqjlh Corp, 2004 Legal Trademarks : Original Filename : WMM2FILT.DLL Private Build : Product Name : Windows Movie Maker Product Version : 2.1.4026.0 Special Build :
VirusTotal Report submitted 2011-07-01 12:49:05
VirusShare info last updated 2012-09-24 10:38:55

	MD5	2953b364bd3131d7b604c19adbdb18de
	SHA1	3aedad17f973280fccb73b81cb088b52d963d2a8
	SHA256	d8da1b2d27c0360072378c3dc9322dc03ef401eb10cb042dc90de0b2d5bb258f
SSDeep	3072:JOSA4KHQgyoz81ZYXhQ8ebnZ3nnd6GON/:MCo816Qd3YGO
Size	126976 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-GD [Cryp] Ikarus = Trojan.Win32.Pirminay Panda = Suspicious file Rising = Trojan.Win32.Generic.129E23F3 K7AntiVirus = Riskware VirusBuster = Trojan.Vundo!e3LuwVuTVdI eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R45C1KJ Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Vundo SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[Cont] McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.WinSpy.1307 TrendMicro = TROJ_GEN.R45C1KJ Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.jebs McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.ADAD Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.13 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.ndc BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.NDC
ExIF Data	File Size : 124 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:22 18:06:30-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 28672 Initialized Data Size : 131072 Uninitialized Data Size : 0 Entry Point : 0x479e OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 10.1.7600.16385 Product Version Number : 10.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : Neutral Character Set : Unicode Company Name : Pnlhjydat Nclyeobtiny File Description : Jjdqikajd IME File Version : 10.1.7600.16385 (win7_rtm.090713-1255) Internal Name : imetip.dll Legal Copyright : © Kidfbbruu Fvvypdgzpsn. All rights reserved. Original Filename : imetip.dll Product Name : Ykiyjkswc® Niifhpp® Ulzhozywx System Product Version : 10.1.7600.16385
VirusTotal Report submitted 2012-02-25 00:46:13
VirusShare info last updated 2012-09-24 13:14:34

	MD5	2aee8e0d1555676e332cc774f86b2076
	SHA1	8e026ec15e53658c33e1e9a002df6465e10c71cf
	SHA256	c6a8d7babc0915eba982bc96a9a96af90ca5874f564fe4d7a2df53d8187e0edb
SSDeep	3072:Di2S/nWHaqgE3BS8xjEldJ4mx/jQqbkERAE9lGNWD:DsWHNfQ/j6eAEOK
Size	116736 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-EI Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Gen Panda = Generic Trojan VirusBuster = Trojan.Kryptik!A/jVGSssBd8 eTrust-Vet = Win32/Monder.A!generic TrendMicro-HouseCall = TROJ_GEN.R47C2FT Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Vundo!ja TrendMicro = TROJ_GEN.R47C2FT Microsoft = Trojan:Win32/Vundo PCTools = Trojan.Gen McAfee = Vundo!ja F-Secure = Trojan.Generic.KDV.271304 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:MalOb-EI eSafe = Win32.TRVundo AVG = Generic22.ANEP Symantec = Trojan.Gen GData = Trojan.Generic.KDV.271304 BitDefender = Trojan.Generic.KDV.271304 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Size : 114 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:03:23 11:26:14-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 102400 Initialized Data Size : 57344 Uninitialized Data Size : 0 Entry Point : 0x15bc1 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2001.12.4414.700 Product Version Number : 3.0.0.4414 File Flags Mask : 0x003f File Flags : Special build File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Windows, Latin1 Company Name : Mlkjnpewu Pjenvzsigtw File Version : 2001.12.4414.700 Internal Name : MTXLEGIH.DLL Legal Copyright : Copyright (C) Nifzwuacg Corp. 1995-1999 Legal Trademarks : Hfgeyufkn(R) is a registered trademark of Iudrtbrsi Uaeteqpwngc. Rzbnqbl(TM) is a trademark of Qsudlppwc Ylbhomwlaxg Product Name : COM Services Product Version : 03.00.00.4414
VirusTotal Report submitted 2011-07-15 23:48:09
VirusShare info last updated 2012-09-24 13:51:06

	MD5	2cb9e7f90f61d2d2bab8f6ca9794a22f
	SHA1	6859fd724caa689b33deac4be35206582257b84b
	SHA256	db0b634b92b83b26308ba4d48d96ed537819fb997acfe3d6277830762935ce2c
SSDeep	3072:S+br6rU50oY8ACe3QocX1+/cdFzrMqqDLy/IoDbc:xekk501hFzIqqDLuI
Size	131072 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-HF [Cryp] Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/Genetic.gen nProtect = Trojan/W32.Genome.131072.E K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!hHAKjIoNJ8s eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R72C2FU Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[Cont] McAfee-GW-Edition = Vundo!iy DrWeb = Trojan.WinSpy.1185 TrendMicro = TROJ_GEN.R72C2FU Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr Jiangmin = Trojan/Generic.kxyg McAfee = Vundo!iy F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Generic!BT eSafe = Win32.TRVundo F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.SUO Norman = Vundo.UVS Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = WS.Reputation.1 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.lxf BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Size : 128 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:05 18:48:40-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 86016 Initialized Data Size : 86016 Uninitialized Data Size : 0 Entry Point : 0x151a7 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.1.4026.0 Product Version Number : 2.0.0.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : Ncpniezam Kdqqjqacykd File Description : Movie Maker Filters File Version : 2, 1, 4026, 0 Internal Name : WMM2FILT Legal Copyright : Copyright (C) Lfwckqjlh Corp, 2004 Legal Trademarks : Original Filename : WMM2FILT.DLL Private Build : Product Name : Windows Movie Maker Product Version : 2.1.4026.0 Special Build :
VirusTotal Report submitted 2012-02-26 19:34:32
VirusShare info last updated 2012-09-24 14:29:16

	MD5	2cbd4105525ef789186f35cecf95ac6f
	SHA1	672be097209967d829b1e2bd290db25b6bbac965
	SHA256	d646f9c5c7c8d2e7a26fce3a3e9894b47e09535f3e62e8d2b4c8b2871c8044ee
SSDeep	3072:S+MY6rU50oY8ACBt0VcXLBvxdFzDMqqDLy//oDbc:RekZ00LZFzwqqDLu/
Size	131072 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:Vundo-JX Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.4 VirusBuster = Trojan.Vundo.AKMH eTrust-Vet = Win32/Vundo.HPV!genus TrendMicro-HouseCall = TROJ_GEN.R1BC2G1 Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Artemis!2CBD4105525E Microsoft = Trojan:Win32/Vundo.gen!AV PCTools = Trojan.Gen McAfee = Artemis!2CBD4105525E F-Secure = Gen:Variant.Vundo.4 VIPRE = Virtumonde Avast5 = Win32:Vundo-JX eSafe = Win32.TRVundo AVG = Generic23.AEJB Symantec = Trojan.Gen GData = Gen:Variant.Vundo.4 BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Size : 128 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:05 18:48:40-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 86016 Initialized Data Size : 86016 Uninitialized Data Size : 0 Entry Point : 0x151a7 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.1.4026.0 Product Version Number : 2.0.0.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : Ncpniezam Kdqqjqacykd File Description : Movie Maker Filters File Version : 2, 1, 4026, 0 Internal Name : WMM2FILT Legal Copyright : Copyright (C) Lfwckqjlh Corp, 2004 Legal Trademarks : Original Filename : WMM2FILT.DLL Private Build : Product Name : Windows Movie Maker Product Version : 2.1.4026.0 Special Build :
VirusTotal Report submitted 2011-07-01 18:18:59
VirusShare info last updated 2012-09-24 14:29:44

	MD5	2cd04f084b5b9f150a0490acc21b7c9b
	SHA1	419440f903895d714f71bc0014d7de2d24644c7e
	SHA256	c36d835d5936fff6d9498e8d2f824949197ce8cc03b678161d5b482f28ebe00f
SSDeep	3072:d8fRn8s/ePpeVx3b1OmFW+EWpSTircffljcIACjg0YcYmbRIryLcfBq8VOOW:Q8FwhNoseFcaYJmbRrGBq2W
Size	102912 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.307200 Avast = Win32:MalOb-EI Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Gen Panda = Generic Trojan nProtect = Gen:Variant.Vundo.13 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!qWysZA5v6FE TrendMicro-HouseCall = TROJ_GEN.R47C1F2 Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Faldesc[RE] McAfee-GW-Edition = Generic.dx!zrq TrendMicro = TROJ_GEN.R47C1F2 Kaspersky = HEUR:Trojan.Win32.Generic ViRobot = Trojan.Win32.Vundo.102912 Microsoft = Trojan:Win32/Vundo Fortinet = W32/Dx.ZRQ!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.gddy McAfee = Generic.dx!zrq F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-EI F-Prot = W32/Virtumonde.CD.gen!Eldorado AVG = Generic22.BFHJ Norman = W32/Suspicious_Gen2.MFPNJ Sophos = Mal/Generic-L Symantec = Trojan.Gen GData = Gen:Variant.Vundo.13 Commtouch = W32/Virtumonde.CD.gen!Eldorado TheHacker = Trojan/Kryptik.lxf BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Size : 100 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:08:15 19:44:32-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 53248 Initialized Data Size : 90112 Uninitialized Data Size : 0 Entry Point : 0xa8a5 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6001.18000 Product Version Number : 6.0.6001.18000 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Crspatyrt Iiavhzuekfy File Description : Inttonhuv EAPHost Peer Client DLL File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840) Internal Name : eappprxy.dll Legal Copyright : © Tmzeezucf Orpcjqwwmcj. All rights reserved. Original Filename : eappprxy.dll Product Name : Egasnptin® Klrcaac® Cbpvxbcoj Nvuogg Product Version : 6.0.6001.18000
VirusTotal Report submitted 2011-06-22 02:01:56
VirusShare info last updated 2012-09-24 14:31:17

	MD5	2d20fca38a28552792d0973ed9a4b4d6
	SHA1	b717979b2e97b339075267a09eb1bf82d6027d8e
	SHA256	9379680ef0456d0330aefbebd346c290b2157b7522da078ad7535152eb0fbf54
SSDeep	3072:m0R0kOUVd2cixJ/aMFA/7rl933OninJRkad0M:mY0khb2cixFk/7XHOiXk2
Size	106496 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-GD [Cryp] Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Genome Panda = Suspicious file nProtect = Trojan.Vundo.6916 K7AntiVirus = Riskware VirusBuster = Trojan.Vundo!cMckTRMijqc eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R4FC2G5 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Vundo SUPERAntiSpyware = Trojan.Agent/Gen-Faldesc[Cont] McAfee-GW-Edition = Vundo!jf DrWeb = Trojan.Click1.63025 TrendMicro = TROJ_GEN.R4FC2G5 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Genome.akzv McAfee = Vundo!jf F-Secure = Trojan.Vundo.6916 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.PNO Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen Symantec = Trojan.Gen GData = Trojan.Vundo.6916 Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Trojan.Vundo.6916 NOD32 = a variant of Win32/Adware.Virtumonde.NKO
ExIF Data	File Size : 104 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:01:06 17:18:11-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 49152 Initialized Data Size : 90112 Uninitialized Data Size : 0 Entry Point : 0x96dd OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.0.0.3422 Product Version Number : 2.0.0.3422 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : Qfvcysofc Corporation File Description : Mjpfshyda Agent Data Provider File Version : 2.00.0.3422 Internal Name : AgentDataProvider Legal Copyright : Copyright (C) Udxuqhanw Corp. 1997-98 Legal Trademarks : Original Filename : AgentDpv.dll Private Build : Product Name : Zkfnzoylw Agent Data Provider Product Version : 2.00.0.3422 Special Build :
VirusTotal Report submitted 2012-03-11 09:06:11
VirusShare info last updated 2012-09-24 14:37:16

	MD5	2e606c9296d873c21a54b1a8a4d8c02d
	SHA1	f1387bf08f707ed2b1687a2a7a67aa1a3052f67b
	SHA256	d65aa21d7b749acf8a5b98544676b6be3c0f36864bbd7c08e813ea2ba0ff7103
SSDeep	3072:R9ZPZwkRQE3DXgKgaF5yycuTZGisL7kLIv:R9XTRHTXgjaGPtXIg
Size	162617 bytes
File Type	PE32 executable (GUI) Intel 80386, for MS Windows
Detections	Avast = Win32:Trojan-gen Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Gen.Variant.Vundo AhnLab-V3 = Malware/Win32.Generic Panda = Suspicious file K7AntiVirus = Riskware VirusBuster = Trojan.Priminay.A eTrust-Vet = Win32/Swisyn.DT Comodo = UnclassifiedMalware Emsisoft = Gen.Variant.Vundo!IK McAfee-GW-Edition = Artemis!2E606C9296D8 Microsoft = TrojanDownloader:Win32/Renos.KC Jiangmin = Trojan/Pirminay.jp McAfee = Artemis!2E606C9296D8 F-Secure = Trojan.Generic.5479436 Avast5 = Win32:Trojan-gen AVG = Generic20.CKFC Norman = W32/Suspicious_Gen2.dam Sophos = Mal/Generic-E GData = Trojan.Generic.5479436 TheHacker = Trojan/Downloader.Agent.pxo BitDefender = Trojan.Generic.5479436 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Size : 159 kB File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2002:08:30 20:58:54-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 16384 Initialized Data Size : 618496 Uninitialized Data Size : 0 Entry Point : 0x44c0 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI Warning : Error processing PE data dictionary
VirusTotal Report submitted 2011-03-24 21:45:48
VirusShare info last updated 2012-09-24 15:05:04

	MD5	2ef04ca34e7cf5c92270d7a6843c38aa
	SHA1	e33cb13ae4ee629e785df32077fd4a25d5a38b59
	SHA256	db0969d9541f74e46bb22fb4190c07da25f5d89120622db27b425a791f2f308c
SSDeep	1536:rnTqa75TJkQSQje6Qi8sgIKFhNsKMfbcKNaOJ7xtcu:7eMk1Qje6f8sgI2hNefbpxtc
Size	72704 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.A.3 Avast = Win32:MalOb-EI Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Xema.variant Panda = Trj/CI.A nProtect = Trojan/W32.Agent.72704.KC VirusBuster = Trojan.Kryptik!db2unKscUgQ VBA32 = AdWare.SuperJuan.xfg TrendMicro-HouseCall = TROJ_GEN.R47C2LO Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Vundo!gv TrendMicro = TROJ_GEN.R47C2LO Microsoft = Trojan:Win32/Vundo PCTools = Trojan.Gen McAfee = Vundo!gv VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-EI AVG = Cryptic.BPO Norman = W32/Suspicious_Gen2.IUEMM Symantec = Trojan.Gen GData = Trojan.Generic.5240941 BitDefender = Trojan.Generic.5240941 NOD32 = a variant of Win32/Kryptik.JHE
ExIF Data	File Size : 71 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:09:26 09:07:13-04:00 PE Type : PE32 Linker Version : 5.12 Code Size : 27648 Initialized Data Size : 80896 Uninitialized Data Size : 0 Entry Point : 0x792a OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.5600.613 Product Version Number : 6.0.5600.613 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : VIA Technologies Inc.,Ltd Internal Name : vsraid Original Filename : vsraid Product Name : VIA RAID driver File Description : VIA RAID DRIVER FOR X86-32 File Version : 6.0.5600,613 Product Version : 6.0.5600,613 Legal Copyright : Copyright (C) VIA Technologies 1992-2006 Legal Trademarks : Private Build : Special Build :
VirusTotal Report submitted 2011-06-19 02:52:28
VirusShare info last updated 2012-09-24 15:16:23

	MD5	3082cd57d18e9c39227c1b8b510498b2
	SHA1	2d3752304be65918c0c0df5688ee2f7e61183f60
	SHA256	c689ad9e163e58cf1931ea6dbc256a6695198f19702f59f042572b76d9be6215
SSDeep	12288:WDQ2AEbCxr+TUbAYD6eo9sbXqFoMzBrhtYL7mOfjCKomNliZw6qiI47rfd:WnAEWzbA9N9d/UGOfuKNsNn
Size	844288 bytes
File Type	PE32 executable (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:Kelihos-D [Trj] Ikarus = Win32.SuspectCrc AhnLab-V3 = Trojan/Win32.Menti Panda = Trj/Mystic.a K7AntiVirus = Trojan VirusBuster = Trojan.Kryptik!F/BBiNDyM18 eTrust-Vet = Win32/Kelihos.B!generic TrendMicro-HouseCall = TROJ_GEN.R4FC7KO Emsisoft = Win32.SuspectCrc!IK Comodo = Heur.Suspicious CAT-QuickHeal = Backdoor.Kelihos.b McAfee-GW-Edition = Heuristic.LooksLike.Win32.FakeYak.E DrWeb = BackDoor.Slym.25 TrendMicro = TROJ_GEN.R4FC7KO Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Backdoor:Win32/Kelihos.B Fortinet = W32/Pirminay.BMF!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.kero McAfee = FakeAlert-SecurityTool.cv F-Secure = Gen:Variant.Kazy.33973 VIPRE = Trojan.Win32.Generic.pak!cobra F-Prot = W32/FakeAlert.QW.gen!Eldorado AVG = Generic24.UCW Norman = W32/Kryptik.AFR Sophos = Mal/FakeAV-MR GData = Gen:Variant.Kazy.33973 Symantec = Trojan.Gen.2 Commtouch = W32/FakeAlert.QW.gen!Eldorado BitDefender = Gen:Variant.Kazy.33973 NOD32 = a variant of Win32/Kryptik.RPV
ExIF Data	File Size : 824 kB File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2007:07:12 06:36:50-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 103424 Initialized Data Size : 739840 Uninitialized Data Size : 0 Entry Point : 0x1947a OS Version : 5.0 Image Version : 0.0 Subsystem Version : 5.0 Subsystem : Windows GUI File Version Number : 20480.0.20603.45014 Product Version Number : 20480.0.20603.45014 File Flags Mask : 0x0000 File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Ritlabs S.R.L. File Description : ySC5sK File Version : qkwTKzKOMPol2N Internal Name : xmJA5rbyIVS Legal Copyright : 4sjDBVGn8g Original Filename : xeEaz61m Product Name : DT4APpWLArbG Product Version : 74osBzkSaK0Vm1 Warning : Possibly corrupt Version resource
VirusTotal Report submitted 2012-02-25 16:02:37
VirusShare info last updated 2012-09-24 15:43:05

	MD5	322af42a33bbabd44975ada63b3eaddf
	SHA1	cc41cb338476e761b045170b16183f55f4e4d57d
	SHA256	c5a9c0b61762e199091709df210a20540b30c2f603a27fc54d87dbf1d9537b70
SSDeep	3072:V4bhakvH7Ctjdob10xweCrf7DTiaFfULmUbEo7jS1F:V4Fakixob1KweunHF8Lm4B4
Size	120832 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-GD Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Gen Panda = Trj/CI.A K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik.Gen.16 TrendMicro-HouseCall = TROJ_GEN.R72C2FN SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Artemis!322AF42A33BB TrendMicro = TROJ_GEN.R72C2FN Microsoft = Trojan:Win32/Vundo PCTools = Trojan.Gen McAfee = Artemis!322AF42A33BB F-Secure = Trojan.Generic.6150574 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-GD AVG = Generic23.INE Symantec = Trojan.Gen GData = Trojan.Generic.6150574 TheHacker = Trojan/Kryptik.npn BitDefender = Trojan.Generic.6150574 NOD32 = a variant of Win32/Kryptik.NPN
ExIF Data	File Size : 118 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:14 13:39:47-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 69632 Initialized Data Size : 94208 Uninitialized Data Size : 0 Entry Point : 0x11a81 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1.3.0.3130 Product Version Number : 1.3.0.3130 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Jywyluocc Vhpbrgajfmp File Description : TDC ActiveX Control File Version : 1, 3, 0, 3130 Internal Name : TDC Legal Copyright : Copyright © 1996, 1997 Original Filename : TDC.OCX Product Name : Tabular Data Control Product Version : 1, 3, 0, 3130
VirusTotal Report submitted 2011-07-04 04:33:14
VirusShare info last updated 2012-09-24 16:15:02

	MD5	3c9c4fac6f2e88ddd9c3dbfe6f3e0eab
	SHA1	ce6c77b43519129da089661cedb9c236a6f8b3a0
	SHA256	d19f4e7695c6013c649b97e9a583053bf368b3633a785a632d6b8f086189d0cf
SSDeep	3072:/+EMD/pj3aLkD+W/PCNxgPd93ULm3oKKL:bilZD+ty4mC
Size	131072 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-EI Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Malware/Win32.Generic Panda = Generic Trojan nProtect = Gen:Variant.Vundo.13 TrendMicro-HouseCall = TROJ_GEN.R30C2FT Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Vundo.av McAfee-GW-Edition = Artemis!3C9C4FAC6F2E TrendMicro = TROJ_GEN.R30C2FT Microsoft = Trojan:Win32/Vundo.gen!AV McAfee = Vundo!ja F-Secure = Gen:Variant.Vundo.13 VIPRE = Virtumonde Avast5 = Win32:MalOb-EI AVG = Generic22.BRYM GData = Gen:Variant.Vundo.13 TheHacker = Trojan/Kryptik.ndc BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.NDC
ExIF Data	File Size : 128 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:09:07 16:43:52-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 65536 Initialized Data Size : 98304 Uninitialized Data Size : 0 Entry Point : 0xceaa OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.10.2600.822 Product Version Number : 5.10.2600.822 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Unicode Company Name : NVIDIA Corporation File Description : NVIDIA® nForce(TM) Sata Performance Driver File Version : 5.10.2600.0822 (NT.060926-1359) Internal Name : NVIDIA nForce(TM) SATA Driver Legal Copyright : Copyright(C) 2001-2006 NVIDIA Corporation Original Filename : nvstor.sys Product Name : NVIDIA nForce(TM) SATA Driver Product Version : 5.10.2600.0822
VirusTotal Report submitted 2011-07-02 08:12:52
VirusShare info last updated 2012-09-24 19:59:07

	MD5	407c4ac40d13fe97c5da868acd39c460
	SHA1	a270c7ed713e35cfa8dc2152e2dd642644344380
	SHA256	d40e03845f98b53f8b5870669ce50e19dd5fe1c240482ca3a26c663bbf84915b
SSDeep	3072:mL2lakQH71tjZofCcnxweCrf7MTi4cfULmnbEo7jX1F:mL4akaNofCQweuk9c8LmbBl
Size	120832 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-GD Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Gen Panda = Trj/CI.A K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!UL+iQtBrsb0 TrendMicro-HouseCall = TROJ_GEN.R72C2FJ Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Artemis!407C4AC40D13 TrendMicro = TROJ_GEN.R72C2FJ Microsoft = Trojan:Win32/Vundo PCTools = Trojan.Gen McAfee = Artemis!407C4AC40D13 F-Secure = Trojan.Generic.6143660 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-GD AVG = Generic22.CNCL Symantec = Trojan.Gen GData = Trojan.Generic.6143660 TheHacker = Trojan/Kryptik.npn BitDefender = Trojan.Generic.6143660 NOD32 = a variant of Win32/Kryptik.NPN
ExIF Data	File Size : 118 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:14 13:39:47-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 69632 Initialized Data Size : 94208 Uninitialized Data Size : 0 Entry Point : 0x11a81 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1.3.0.3130 Product Version Number : 1.3.0.3130 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Jywyluocc Vhpbrgajfmp File Description : TDC ActiveX Control File Version : 1, 3, 0, 3130 Internal Name : TDC Legal Copyright : Copyright © 1996, 1997 Original Filename : TDC.OCX Product Name : Tabular Data Control Product Version : 1, 3, 0, 3130
VirusTotal Report submitted 2011-07-04 06:23:12
VirusShare info last updated 2012-09-24 21:09:12

	MD5	41e8f54f53dd533c0cf5e8027a683aa9
	SHA1	7b27e39cacde6d4d58020e1de638983a1254e426
	SHA256	c4e28b66ad43005fd599c668cb35a0c509a888d32f8b8c5808d9f7cd8878ff5a
SSDeep	3072:S+Fe6rU50oY8ACAuQVpcX4EGudFzQMqqDLy/IoDbc:qekI/04kFzbqqDLuI
Size	131072 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:Vundo-JX [Trj] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/Genetic.gen nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!hdTX0+Vi/5o eTrust-Vet = Win32/Vundo.HPV!genus TrendMicro-HouseCall = TROJ_GEN.R72C2FU Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Vundo!iy TrendMicro = TROJ_GEN.R72C2FU Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Vundo.IY!tr McAfee = Vundo!iy F-Secure = Gen:Variant.Vundo.4 VIPRE = Virtumonde Avast5 = Win32:Vundo-JX [Trj] eSafe = Win32.TRVundo AVG = Generic23.TSM Norman = W32/Suspicious_Gen2.MYTRF GData = Gen:Variant.Vundo.4 BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Size : 128 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:05 18:48:40-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 86016 Initialized Data Size : 86016 Uninitialized Data Size : 0 Entry Point : 0x151a7 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.1.4026.0 Product Version Number : 2.0.0.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : Ncpniezam Kdqqjqacykd File Description : Movie Maker Filters File Version : 2, 1, 4026, 0 Internal Name : WMM2FILT Legal Copyright : Copyright (C) Lfwckqjlh Corp, 2004 Legal Trademarks : Original Filename : WMM2FILT.DLL Private Build : Product Name : Windows Movie Maker Product Version : 2.1.4026.0 Special Build :
VirusTotal Report submitted 2011-07-10 06:52:50
VirusShare info last updated 2012-09-24 21:31:02

	MD5	43f44146752ceff8e3d31ad81276db6d
	SHA1	0e34e323b37498c5adc167593b1af8b21e7c3afc
	SHA256	c45361bf4793e80815a7df1e157754e3fa07560db177b24f9cd3d6cc4200abdf
SSDeep	3072:n8zRPh/eApeKD3B1PbuEo5CW8NirHfflUcIACjg0YcYmbRIryLcfBq8PfOOW:os2DjK+e/acaYJmbRrGBqoHW
Size	102912 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.307200 Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Vundo Panda = Trj/Genetic.gen nProtect = Trojan/W32.Vundo.102912.C K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!21SxhDB7WOM eTrust-Vet = Win32/Monder.A!generic TrendMicro-HouseCall = TROJ_GEN.R47C7J8 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Faldesc[RE] McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.Smardec.82 TrendMicro = TROJ_GEN.R47C7J8 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV ViRobot = Trojan.Win32.Vundo.102912 Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.gddy McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) eSafe = Win32.TRVundo F-Prot = W32/Virtumonde.CD.gen!Eldorado AVG = Generic22.BFHJ Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.13 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CD.gen!Eldorado TheHacker = Trojan/Kryptik.lxf BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Size : 100 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:08:15 19:44:32-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 53248 Initialized Data Size : 90112 Uninitialized Data Size : 0 Entry Point : 0xa8a5 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6001.18000 Product Version Number : 6.0.6001.18000 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Crspatyrt Iiavhzuekfy File Description : Inttonhuv EAPHost Peer Client DLL File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840) Internal Name : eappprxy.dll Legal Copyright : © Tmzeezucf Orpcjqwwmcj. All rights reserved. Original Filename : eappprxy.dll Product Name : Egasnptin® Klrcaac® Cbpvxbcoj Nvuogg Product Version : 6.0.6001.18000
VirusTotal Report submitted 2011-11-09 12:35:27
VirusShare info last updated 2012-09-24 22:06:53

	MD5	4d6aeff77c4e8ae315656336a1779456
	SHA1	d2235869aaafa7acb6db3cd230bcc638fd53492a
	SHA256	988f471add066e6acdfd5d691cce3f54d84403581514daf8d74c410b4b272cfa
SSDeep	3072:EvStakIH7ItjsoZJ5EKxweCrf7ETiEDfULmKbEo7ji1F:EvoakB4oZJ5RweuMBD8LmKBI
Size	120832 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-GD [Cryp] Antiy-AVL = Trojan/win32.agent.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Vundo Panda = Trj/Genetic.gen nProtect = Trojan.Generic.KDV.243039 K7AntiVirus = Trojan VirusBuster = Trojan.Kryptik.Gen.16 eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.RC1C2F7 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[Cont] McAfee-GW-Edition = Vundo!ix DrWeb = Trojan.WinSpy.1073 TrendMicro = TROJ_GEN.RC1C2F7 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.imrk McAfee = Vundo!ix F-Secure = Trojan.Generic.KDV.243039 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.CCKW Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Trojan.Generic.KDV.243039 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.npn BitDefender = Trojan.Generic.KDV.243039 NOD32 = a variant of Win32/Kryptik.NPN
ExIF Data	File Size : 118 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:14 13:39:47-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 69632 Initialized Data Size : 94208 Uninitialized Data Size : 0 Entry Point : 0x11a81 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1.3.0.3130 Product Version Number : 1.3.0.3130 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Jywyluocc Vhpbrgajfmp File Description : TDC ActiveX Control File Version : 1, 3, 0, 3130 Internal Name : TDC Legal Copyright : Copyright © 1996, 1997 Original Filename : TDC.OCX Product Name : Tabular Data Control Product Version : 1, 3, 0, 3130
VirusTotal Report submitted 2012-03-20 21:37:56
VirusShare info last updated 2012-09-25 00:51:56

	MD5	519144238543e9c2438ffdbb71742796
	SHA1	a6e2f1b1dea51aa380a0fa90e10c935fe3ea3b12
	SHA256	cc5cafabb1c0464809489c7a8a765b88f62ae8090597b2ad4575801658d61145
SSDeep	1536:Rgs91mGJeik9shWmiY6JuboRLQ3Fl1CnCRJZuZMqqU+NV23S2T:R7uGEil4miY6Mbo98kZMqqDLy/T
Size	86528 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:Vundo-JW [Trj] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.FakeAV Panda = Suspicious file nProtect = Gen:Variant.Vundo.4 TrendMicro-HouseCall = TROJ_GEN.R72C2G4 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Vundo!ja TrendMicro = TROJ_GEN.R72C2G4 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV PCTools = Trojan.Gen Jiangmin = Trojan/Generic.gije McAfee = Vundo!ja F-Secure = Gen:Variant.Vundo.4 VIPRE = Virtumonde Avast5 = Win32:Vundo-JW [Trj] AVG = Generic23.ALYL Symantec = Trojan.Gen GData = Gen:Variant.Vundo.4 TheHacker = Trojan/Kryptik.owy BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.OWY
ExIF Data	File Size : 84 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:13 09:32:51-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 32768 Initialized Data Size : 106496 Uninitialized Data Size : 0 Entry Point : 0x8a87 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Softpub Forwarder DLL File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : Softpub Forwarder DLL Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : Softpub Forwarder DLL Product Name : Microsoft® Windows® Operating System Product Version : 6.1.7600.16385
VirusTotal Report submitted 2011-07-05 18:21:08
VirusShare info last updated 2012-09-25 02:04:48

	MD5	54c21346a3293a83408e15a1be172deb
	SHA1	6002dc98b931e6fb473228715ab06267755b932a
	SHA256	c7ca51c74e80c570dd87c07a4b666ac64485a8643a5416c3d667b71423914b8f
SSDeep	3072:pNtYagYSq6xcUS/uNPsjn5oNRtq6GYyH1ZFrx+ZAchlVH:pNtYJ6qNPu5exyZsZjB
Size	135168 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.AV.574 Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay Panda = Generic Malware nProtect = Gen:Variant.Vundo.13 K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_GEN.R4FC2GF Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[RE] TrendMicro = TROJ_GEN.R4FC2GF Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Moder.DRJY!tr F-Secure = Gen:Variant.Vundo.13 VIPRE = Virtumonde Avast5 = Win32:MalOb-EI [Cryp] F-Prot = W32/Virtumonde.CD.gen!Eldorado AVG = Generic22.BZCG GData = Gen:Variant.Vundo.13 Commtouch = W32/Virtumonde.CD.gen!Eldorado TheHacker = Trojan/Kryptik.llt BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.LLT
ExIF Data	File Size : 132 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:11:23 12:22:02-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 106496 Initialized Data Size : 61440 Uninitialized Data Size : 0 Entry Point : 0x17889 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.0 Product Version Number : 5.2.3790.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Neshbidro Gdaeuxfmozv File Description : WIA Video File Version : 5.2.3790.0 (srv03_rtm.030324-2048) Internal Name : WIA Video Legal Copyright : © Urbjjpmzq Gjltvmzbric. All rights reserved. Original Filename : WIAVIDEO.DLL Product Name : Ujanimkrv® Acjdkou® Tgwygwffc Lgwmsd Product Version : 5.2.3790.0
VirusTotal Report submitted 2011-07-18 00:29:26
VirusShare info last updated 2012-09-25 03:10:58

	MD5	5bc1242b46eb116e30af5d8923ab1405
	SHA1	36bef9e3f8cd71af3dcab397bb2a96edf50152ff
	SHA256	c5cb23a35ef4906ec8abbf9642a9ebd3e7fde4a2279b71591cd5b07ff7775cb7
SSDeep	3072:qF8A8Me7T/nzTs4FSVORTN1hCXn1wMwHyaXnTcRJGi1wDEvXxt7IPRZZOwMG:qFmMe7PTAVfwMwpi6QnIs3
Size	150016 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:MalOb-GD Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Gen Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.13 K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_GEN.R72C2F8 Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Agent.Gen SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] TrendMicro = TROJ_GEN.R72C2F8 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo PCTools = Trojan.Gen Jiangmin = Trojan/Generic.gdwr McAfee = Vundo!iz F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-GD AVG = Generic22.BEFQ Norman = W32/Suspicious_Gen2.MYNHH Symantec = Trojan.Gen GData = Gen:Variant.Vundo.13 TheHacker = Trojan/Kryptik.ndf BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.NDF
ExIF Data	File Size : 146 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2007:02:25 23:57:15-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 139264 Initialized Data Size : 53248 Uninitialized Data Size : 0 Entry Point : 0x22691 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Sqdxuwjyv Jtzvdxwxyfz File Description : RD Gateway QEC File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : tsgqec.dll Legal Copyright : © Pfsomcmvl Jfkoqfylawb. All rights reserved. Original Filename : tsgqec.dll Product Name : Qidllkosj® Windows® Mphwnomth Jumiqu Product Version : 6.1.7600.16385
VirusTotal Report submitted 2011-06-25 06:55:28
VirusShare info last updated 2012-09-25 07:25:01

	MD5	5cfc935ad0d8e66aca7dea7e1da2cda8
	SHA1	1678842597943ce4810f7f926893665f2b9852d9
	SHA256	d214f310d3b166101b7b57e09e003e098da5a26996becbc272ec3785b122b22c
SSDeep	12288:zSVuxlTcViV6or9luvSXHBrmyi1NMYkg:8uxlYg3DuvSXa6h
Size	402432 bytes
File Type	PE32 executable (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Dldr.Ponmocup.A.156 Avast = Win32:Malware-gen Ikarus = Trojan-Downloader.Win32.Renos Panda = Suspicious file Rising = Trojan.Win32.Generic.52536AAB nProtect = Trojan.Generic.5149527 VBA32 = suspected of Trojan.Pirminay.aud Comodo = UnclassifiedMalware McAfee-GW-Edition = Generic Downloader.x!efh DrWeb = Trojan.Hosts.2242 Microsoft = TrojanDownloader:Win32/Renos.KC Fortinet = W32/Downloader_x.EFH!tr PCTools = Downloader.Generic McAfee = Generic Downloader.x!efh F-Secure = Trojan.Generic.5149527 VIPRE = Trojan.Win32.Generic!SB.0 Prevx = Medium Risk Malware Avast5 = Win32:Malware-gen eSafe = Win32.TRDldr.Ponmocu AVG = Downloader.Generic10.AVAD Norman = W32/Obfuscated.L Sophos = Mal/Generic-L Symantec = Downloader GData = Trojan.Generic.5149527 BitDefender = Trojan.Generic.5149527 NOD32 = a variant of Win32/Kryptik.IZC
ExIF Data	File Size : 393 kB File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:04:03 23:28:07-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 387072 Initialized Data Size : 315904 Uninitialized Data Size : 0 Entry Point : 0x5f3b0 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.0.0.3422 Product Version Number : 2.0.0.3422 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : Chinese (Simplified) Character Set : Unicode Comments : Company Name : Microsoft Corporation File Description : Microsoft Agent International Dll File Version : 2.00.0.3422 Internal Name : agt0804 Legal Copyright : Copyright (C) Microsoft Corp. 1998 Legal Trademarks : Original Filename : agt0804.dll Private Build : Product Name : Microsoft Agent International Dll Product Version : 2.00.0.3422 Special Build :
VirusTotal Report submitted 2010-12-28 16:40:50
VirusShare info last updated 2012-09-25 08:02:00

	MD5	60dc3efb42050f1ae3f24d6121754e86
	SHA1	609381c386c6dd1fd965c6f31845f68978b91358
	SHA256	93c15d06bb825e0463c1eec8644617a9e3c271e08ff2b65eaf8db36ad321e744
SSDeep	1536:7HcS7+6+gOHajKXoyUvVhmaXRpJq6FGSIZfcielrRZEXlwVZ:TcS7+6hOHMgGV4YF4SIrLXlY
Size	79360 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.307200 Avast = Win32:MalOb-EI Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Malware/Win32.Generic Panda = Generic Trojan nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware Comodo = UnclassifiedMalware McAfee-GW-Edition = Generic.dx!zrr Fortinet = W32/Dx.ZRR!tr McAfee = Generic.dx!zrr F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-EI F-Prot = W32/Virtumonde.CD.gen!Eldorado AVG = Generic22.ZMN Norman = W32/Suspicious_Gen2.MFRAB GData = Gen:Variant.Vundo.4 Commtouch = W32/Virtumonde.CD.gen!Eldorado TheHacker = Trojan/Kryptik.ndi BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.NDI
ExIF Data	File Size : 78 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:08:02 15:03:31-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 65536 Initialized Data Size : 57344 Uninitialized Data Size : 0 Entry Point : 0xd485 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7000.0 Product Version Number : 6.1.7000.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Jhomgdddd Hyerntzaduu File Description : MUI Callback for Language pack cleanup File Version : 6.1.7000.0 (winmain_win7beta.081212-1400) Internal Name : MUILanguageCleanup Legal Copyright : © Lkpxhcmaw Ixhiyawpxfg. All rights reserved. Original Filename : MUILanguageCleanup.dll Product Name : Kbmcrnygh® Frnxxrd® Ytxmxalqp Sdlirs Product Version : 6.1.7000.0
VirusTotal Report submitted 2011-06-22 08:47:30
VirusShare info last updated 2012-09-25 09:03:35

	MD5	62f9d3a5ab94cd5381a1f561d92f3d74
	SHA1	0ceee5b9ccaf0cf52f36f790320ce2a9c5b1f52b
	SHA256	c3967d269bb2fd96bdaba099810d3fb9bfc4a432033135477eddcc3f4a2009ca
SSDeep	3072:aWVYwBpqt8W09IyHDVRojWAoJCUoEp+e+z4mRBDjy1G:aMBAt8BoECHz4mRBny
Size	133120 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-GD [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.FakeAV K7AntiVirus = Riskware VirusBuster = Trojan.Vundo!X/J1+0MmAbo eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R47C2GI Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Vundo!jr DrWeb = Trojan.WinSpy.1172 TrendMicro = TROJ_GEN.R47C2GI Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.ipsf McAfee = Vundo!jr F-Secure = Gen:Variant.Vundo.4 VIPRE = Virtumonde F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.AUNW Norman = W32/Kryptik.AIF Sophos = Mal/Generic-L GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Gen:Variant.Vundo.4 NOD32 = probably a variant of Win32/Kryptik.LXF
ExIF Data	File Size : 130 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:09 21:06:46-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 73728 Initialized Data Size : 98304 Uninitialized Data Size : 0 Entry Point : 0xfd9a OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 4.6.3.518 Product Version Number : 4.6.3.518 File Flags Mask : 0x30003f File Flags : (none) File OS : Windows 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Windows, Latin1 Company Name : Microsoft Corporation File Description : Microsoft DirectDraw File Version : 4.06.03.0518 Internal Name : ddraw.dll Legal Copyright : Copyright © Microsoft Corp. 1994-1999 Original Filename : ddraw.dll Product Name : Microsoft® DirectX for Windows® 95 and 98 Product Version : 4.06.03.0518
VirusTotal Report submitted 2012-04-09 17:15:20
VirusShare info last updated 2012-09-25 09:46:16

	MD5	6304fe7d93a0efb5f626967171f8cacc
	SHA1	eb769c15dee1225caf07a56d12664780b8ca490e
	SHA256	cf18eace8adac9f41bc9dbd26c8c64e0ca9f95bc91caa45ff7ac7682b7923ea8
SSDeep	3072:IaD+Z2/Nrmi/dokFVuN0iX5ijVbwjQCOyafQJWzvX2oTBZfqb:IFqNq0nGN0iX5awjXOLwWzfJffq
Size	139776 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.5.377 Avast = Win32:MalOb-EI Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Malware/Win32.Generic Panda = Generic Trojan K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!juqlrO3WJi8 TrendMicro-HouseCall = TROJ_GEN.R3EC2D2 Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Vundo SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[Cont] McAfee-GW-Edition = Generic.dx!wzd TrendMicro = TROJ_GEN.R3EC2D2 Microsoft = Trojan:Win32/Vundo Fortinet = W32/Dx.WZD!tr McAfee = Generic.dx!wzd VIPRE = Trojan.Win32.Generic!BT Prevx = Medium Risk Malware Avast5 = Win32:MalOb-EI AVG = Generic21.BBSJ GData = Gen:Variant.Vundo.13 TheHacker = Trojan/Kryptik.llt BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.LLT
ExIF Data	File Size : 136 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2007:12:31 08:21:02-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 86016 Initialized Data Size : 102400 Uninitialized Data Size : 0 Entry Point : 0x11e3a OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7000.0 Product Version Number : 6.1.7000.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Yufjgoqkg Lthxyltuyit File Description : Multimedia Class Scheduler Service File Version : 6.1.7000.0 (winmain_win7beta.081212-1400) Internal Name : mmcss.dll Legal Copyright : © Mzbqqmipl Mfueuwtxidl. All rights reserved. Original Filename : mmcss.dll Product Name : Rrkezhxjl® Khxauhj® Qznuguzah Dcqkhz Product Version : 6.1.7000.0
VirusTotal Report submitted 2011-04-13 16:46:42
VirusShare info last updated 2012-09-25 09:46:58

	MD5	66bab97cf6af51f2ac5576ae845e9caf
	SHA1	e6c7390923d210520bac01cb679093f83552132a
	SHA256	d8f1e54d09062ea16a558bef70a503c18ced480d49dc642728a528ea8e207eb0
SSDeep	1536:0a7xfHmGgaY9shE5iY3ZboILQ3F/1CnCRJZumMqqU+NV23S2M:T1GGga5m5iYJboa8kmMqqDLy/M
Size	86528 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:Vundo-JW Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.FakeAV Panda = Suspicious file nProtect = Gen:Variant.Vundo.4 McAfee-GW-Edition = Generic.dx!zvr Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo McAfee = Generic.dx!zvr F-Secure = Gen:Trojan.Heur.LP.fu8@aKJP5vmi VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Vundo-JW eSafe = Win32.TRVundo AVG = Generic23.NBY Norman = W32/Suspicious_Gen2.MXKUT GData = Gen:Trojan.Heur.LP.fu8@aKJP5vmi TheHacker = Trojan/Kryptik.owy BitDefender = Gen:Trojan.Heur.LP.fu8@aKJP5vmi NOD32 = a variant of Win32/Kryptik.OWY
ExIF Data	File Size : 84 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:13 09:32:51-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 32768 Initialized Data Size : 106496 Uninitialized Data Size : 0 Entry Point : 0x8a87 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Softpub Forwarder DLL File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : Softpub Forwarder DLL Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : Softpub Forwarder DLL Product Name : Microsoft® Windows® Operating System Product Version : 6.1.7600.16385
VirusTotal Report submitted 2011-06-22 04:31:21
VirusShare info last updated 2012-09-25 10:49:32

	MD5	694b1a476d4abf74b1d3e2f2b7bfb12f
	SHA1	d5f93710653369d58b29557bc9bf1581cf7f8077
	SHA256	d3ebb1c1f4cce4c069af13582213bab29692eff7852a283454b62a7e0eae5a36
SSDeep	1536:BlYj4dtNJu3G8fNreMwamFILh01Y3hyNSpY6Y9l/MqqU+NV23S2wMnew:Bx81r3wSyy/7Cl/MqqDLy/wZw
Size	115712 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-HF [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Trj/Genetic.gen nProtect = Trojan/W32.Monder.115712.D K7AntiVirus = Riskware VirusBuster = Adware.Virtumonde.Gen.2 eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R4FC1JO Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Win32.Trojan.Monder.co.5 McAfee-GW-Edition = Generic Malware.j!pec DrWeb = Trojan.WinSpy.1176 TrendMicro = TROJ_GEN.R4FC1JO Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.ijpf McAfee = Generic Malware.j!pec F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.BHWY Norman = W32/Crypt.AWAT Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.qgj BitDefender = Gen:Variant.Vundo.4 NOD32 = Win32/Adware.Virtumonde.NHD
ExIF Data	File Size : 113 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:07:28 14:37:02-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 73728 Initialized Data Size : 90112 Uninitialized Data Size : 0 Entry Point : 0xe9c6 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.0.5.53 Product Version Number : 2.0.5.53 File Flags Mask : 0x30003f File Flags : Pre-release, Private build File OS : Windows 16-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Windows, Latin1 Active Movie : Filter dll OLE Self Register : AM20 Company Name : Intel Ereuuuegcnp File Description : Indeo® audio software File Version : 2.05.53 Internal Name : iac25_32.ax Legal Copyright : Copyright © Intel Corp. 1997 Original Filename : iac25_32.ax Product Name : Indeo® audio software Product Version : 2.05.53
VirusTotal Report submitted 2012-04-13 10:41:46
VirusShare info last updated 2012-09-25 11:37:28

	MD5	7379f5af77ab1fa9a236f77fba9b9a45
	SHA1	bf290312b4b8800f77ecbb25e913c3aa3c2b9b7c
	SHA256	cf7a89a40dd36e6b29f4c3cc0e78ff5f8e61dde6211eb638b2e3fadcd6520234
SSDeep	3072:ol7Vt2ChrKgCWf3stf3HVsMBCxn5R8ZEXz:QUErsss1VLBCp5cE
Size	102400 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/Win32.Monder.gen Ikarus = Trojan.Win32.Pirminay Rising = Trojan.Win32.Generic.12477A1D nProtect = Trojan/W32.Agent.102400.AGU K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!JZ6IuLatADI VBA32 = Trojan.Monder.mrwp eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R2FC2JU Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Artemis!7379F5AF77AB DrWeb = Trojan.Virtumod.10344 TrendMicro = TROJ_GEN.R2FC2JU Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Monder.adnt McAfee = Artemis!7379F5AF77AB F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) eSafe = Win32.TRVundo.Av F-Prot = W32/Virtumonde.BZ.gen!Eldorado AVG = Generic20.CNYR Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.BZ.gen!Eldorado TheHacker = Trojan/Kryptik.gnd BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.GND
ExIF Data	File Size : 100 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:04:08 08:39:21-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 51200 Initialized Data Size : 86528 Uninitialized Data Size : 0 Entry Point : 0xd651 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 3.2.0.27 Product Version Number : 3.2.0.27 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : File Description : TSHOOT Module File Version : 3.2.0.27 Internal Name : TSHOOT Legal Copyright : Copyright 2000 Legal Trademarks : OLE Self Register : Original Filename : TSHOOT.DLL Private Build : Product Name : TSHOOT Module Product Version : 3.2.0.27 Special Build :
VirusTotal Report submitted 2012-04-27 15:34:19
VirusShare info last updated 2012-09-25 14:38:55

	MD5	73ec158320357a0a100bc81c89c04e15
	SHA1	a577124478e6ae7b4f412ef2372b3e0acf72d07a
	SHA256	d3d67c8b813ecf4411c2f6a3c711bee9955f12270c8dc05f55b0bf4a3087f029
SSDeep	3072:WaILsF7/UC0Z4bP4NCeE117sqeH2Kxo79TCoAZfARjxos7tI:WtmaUHe4eWKyBIoJxo
Size	131072 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Malware/Win32.Generic Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.13 TrendMicro-HouseCall = TROJ_GEN.R47C2G4 Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Vundo!jb TrendMicro = TROJ_GEN.R47C2G4 Microsoft = Trojan:Win32/Vundo McAfee = Vundo!jb F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-EI [Cryp] AVG = Generic22.BKGL GData = Gen:Variant.Vundo.13 TheHacker = Trojan/Kryptik.lxf BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Size : 128 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:09:29 14:44:39-04:00 PE Type : PE32 Linker Version : 5.12 Code Size : 69632 Initialized Data Size : 94208 Uninitialized Data Size : 0 Entry Point : 0xdefe OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.5512 Product Version Number : 5.1.2600.5512 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Bxufqhusc Lsyvnozowtk File Description : USB Miniport Driver for Input Devices File Version : 5.1.2600.5512 (xpsp.080413-2108) Internal Name : HIDUSB.SYS Legal Copyright : © Kkwhopsnl Rujmohcknfq. All rights reserved. Original Filename : HIDUSB.SYS Product Name : Fzvycrpqx® Lpjnpml® Lkuzhsgyu Aezppw Product Version : 5.1.2600.5512
VirusTotal Report submitted 2011-07-05 21:48:47
VirusShare info last updated 2012-09-25 14:46:24

	MD5	79f6724f8b58a9f3284e12be82aac991
	SHA1	ce3e6c1134328bd3769f4d971d57c217902f6e54
	SHA256	d6cf9a6a858d9ebb5ea01845016db4b51a0240fac988c61225c46700ef394be2
SSDeep	6144:p/1EW1ZgFHrZGBAlNPDddUNEjCK1SaCUI1m3B/oFBU:p/1E0gnGBe/k4CK1CbABou
Size	577536 bytes
File Type	PE32 executable (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Dldr.Renos.KC.59 Ikarus = Trojan.Win32.Pirminay Rising = Trojan.Win32.Generic.128D780C Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = (Suspicious) - DNAScan Microsoft = TrojanDownloader:Win32/Renos.KC Fortinet = W32/Downloader_x.GAM!tr PCTools = Trojan.Gen McAfee = Generic Downloader.x!gam F-Secure = Trojan.Generic.KDV.210436 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Vundo-JU [Trj] AVG = Generic24.YMF Symantec = Trojan.Gen.2 GData = Trojan.Generic.KDV.210436 BitDefender = Trojan.Generic.KDV.210436
ExIF Data	File Size : 564 kB File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:11:06 01:19:32-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 28672 Initialized Data Size : 544768 Uninitialized Data Size : 0 Entry Point : 0x4b760 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2011-08-23 22:31:00
VirusShare info last updated 2012-09-25 16:55:44

	MD5	817ca51145f5e015f3770d26b13a9873
	SHA1	d8f48e5ec6f2affc536bef7adf2b30bf120baaf5
	SHA256	d6fa5034c72e7aa1ba51b9870f7e0bc2f827f3aaef646ac44506582932645a02
SSDeep	3072:u8nRFg/eopeJ351WFK2GbWBWirHffl8cIACjg0YcYmbRIryLcfBq88OOW:d59La0i/+caYJmbRrGBq1W
Size	102912 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.307200 Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Vundo Panda = Trj/Genetic.gen nProtect = Trojan/W32.Vundo.102912.C K7AntiVirus = Riskware VirusBuster = Trojan.Vundo!++lWO8Y2Eyc eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R45C2G8 Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.Smardec.82 TrendMicro = TROJ_GEN.R45C2G8 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV ViRobot = Trojan.Win32.Vundo.102912 Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.gddy McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CD.gen!Eldorado AVG = Generic22.BFHJ Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.13 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CD.gen!Eldorado TheHacker = Trojan/Kryptik.lxf BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Size : 100 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:08:15 19:44:32-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 53248 Initialized Data Size : 90112 Uninitialized Data Size : 0 Entry Point : 0xa8a5 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6001.18000 Product Version Number : 6.0.6001.18000 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Crspatyrt Iiavhzuekfy File Description : Inttonhuv EAPHost Peer Client DLL File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840) Internal Name : eappprxy.dll Legal Copyright : © Tmzeezucf Orpcjqwwmcj. All rights reserved. Original Filename : eappprxy.dll Product Name : Egasnptin® Klrcaac® Cbpvxbcoj Nvuogg Product Version : 6.0.6001.18000
VirusTotal Report submitted 2012-05-05 18:56:26
VirusShare info last updated 2012-09-25 19:37:46

	MD5	81dab6e3fc774f105576cda20b36e314
	SHA1	ef039e102aed9d441ed4ab7c745e4233456bc76a
	SHA256	db4d6eadce964d8a81f6bcb17ac08910fec76f6d71c1730fa02f609a6d67b280
SSDeep	1536:Ol92wmGC6l59sh4oiY0GbonLQ3Fj1CnCRJZubMqqU+NV23S2Mg:OeGC6lM6oiYTboF8kbMqqDLy/Mg
Size	86528 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:Vundo-JW [Trj] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Fakeav.86528.R Panda = Trj/Genetic.gen nProtect = Trojan/W32.Agent.86528.MA K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!eSSIaT2MdXk eTrust-Vet = Win32/Vundo.HSC TrendMicro-HouseCall = TROJ_GEN.R72C2FN Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Vundo!kf DrWeb = Trojan.WinSpy.1072 TrendMicro = TROJ_GEN.R72C2FN Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr Jiangmin = Trojan/Generic.gije McAfee = Vundo!kf F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Vundo-JW [Trj] F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.JCT Norman = W32/Suspicious_Gen2.NIRFI GData = Gen:Variant.Vundo.4 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.owy BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.OWY
ExIF Data	File Size : 84 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:13 09:32:51-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 32768 Initialized Data Size : 106496 Uninitialized Data Size : 0 Entry Point : 0x8a87 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Softpub Forwarder DLL File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : Softpub Forwarder DLL Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : Softpub Forwarder DLL Product Name : Microsoft® Windows® Operating System Product Version : 6.1.7600.16385
VirusTotal Report submitted 2011-09-15 15:37:44
VirusShare info last updated 2012-09-25 19:45:43

	MD5	8240b2fdf0999de39cc352374911aedb
	SHA1	8600deaa89aea6f7eac9d027add22710856ab675
	SHA256	cdc21379876d7250f48db9e62fe90a157aa3bbe488c5c933787e95081fd62c63
SSDeep	1536:u76BemGoYs9shFVIiYqzbo3LQ3FN1CnCRJZuZMqqU+NV23S2W:u6GoYtlIiYsbof8kZMqqDLy/W
Size	86528 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:Vundo-JW [Trj] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Fakeav.86528.R Panda = Trj/Genetic.gen nProtect = Trojan/W32.Agent.86528.MA K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!GfDSTjCH0lE eTrust-Vet = Win32/Vundo.HSC TrendMicro-HouseCall = TROJ_GEN.R72C2FN Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Vundo!kf DrWeb = Trojan.WinSpy.1072 TrendMicro = TROJ_GEN.R72C2FN Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr Jiangmin = Trojan/Generic.gije McAfee = Vundo!kf F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Vundo-JW [Trj] eSafe = Win32.TRVundo F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.HJE Norman = W32/Suspicious_Gen2.NIRNB GData = Gen:Variant.Vundo.4 Symantec = WS.Reputation.1 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.owy BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.OWY
ExIF Data	File Size : 84 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:13 09:32:51-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 32768 Initialized Data Size : 106496 Uninitialized Data Size : 0 Entry Point : 0x8a87 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Softpub Forwarder DLL File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : Softpub Forwarder DLL Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : Softpub Forwarder DLL Product Name : Microsoft® Windows® Operating System Product Version : 6.1.7600.16385
VirusTotal Report submitted 2011-09-15 15:38:44
VirusShare info last updated 2012-09-25 19:53:09

	MD5	8398e888b5b1ed45f10b090ec6048043
	SHA1	d838c7c7696866e0b559b837e54645b4b60fecc8
	SHA256	939079666d6a5c4e5c874e139d7af5a260bf102baa2ac36cf31b3108be226546
SSDeep	1536:XphQgY9PDPj0MlqAB975JNp/g2bxZaIou+nO61IE53Xuejx7ycyHCSAL:Xph6VDr0M0M975JNp/dzaIoNKyPzyiF
Size	101888 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:Kryptik-DQF [Trj] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Gen Panda = Generic Trojan Rising = Trojan.Win32.Generic.128ACD7F nProtect = Gen:Variant.Vundo.13 K7AntiVirus = Riskware VirusBuster = Trojan.Vundo!sWB6Ibs314k Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Vundo SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[RE] McAfee-GW-Edition = Artemis!8398E888B5B1 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV ViRobot = Trojan.Win32.Vundo.101888.A PCTools = Trojan.Gen McAfee = Artemis!8398E888B5B1 F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Kryptik-DQF [Trj] AVG = Generic22.AATS Norman = W32/Suspicious_Gen2.NRVAT Sophos = Troj/Virtum-Gen Symantec = Trojan.Gen.2 GData = Gen:Variant.Vundo.13 TheHacker = Trojan/Kryptik.ndc BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.NDC
ExIF Data	File Size : 100 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2004:08:04 10:23:09-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 45056 Initialized Data Size : 94208 Uninitialized Data Size : 0 Entry Point : 0x849a OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Gusqnepis Rhzzquscjns File Description : System Information File Version : 5.1.2600.0 (XPClient.010817-1148) Internal Name : winmsd.exe Legal Copyright : © Microsoft Isxgsafeqqy. All rights reserved. Original Filename : winmsd.exe Product Name : Igjyyucsh® Xwxahfm® Beqstdvpg Nifefr Product Version : 5.1.2600.0
VirusTotal Report submitted 2011-08-05 19:56:45
VirusShare info last updated 2012-09-25 20:22:23

	MD5	8c0344c33da1cd42390b2c51c6cf15ee
	SHA1	a97f5433305764cccb4ae8d4db53ebef59e039d5
	SHA256	da643db4f0056c42587f2efa66c0781c73fa1f12d153658bbb1edf5074221a1f
SSDeep	3072:lUb1IVLs05WNzmn+ODJE6WOKXBGfK/Q8uwxXANqCuARD3Jx:qI20okflrfK2kw2aD3z
Size	115200 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-GD [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Vundo Panda = Trj/Genetic.gen nProtect = Gen:Variant.Vundo.4 TrendMicro-HouseCall = TROJ_GEN.R47C2G6 Emsisoft = Trojan.Win32.Pirminay!IK Comodo = TrojWare.Win32.Kryptik.LLT SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Vundo!jc TrendMicro = TROJ_GEN.R47C2G6 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Jiangmin = Trojan/Generic.fnxb McAfee = Vundo!jc F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-GD [Cryp] AVG = Generic23.ATDQ Norman = W32/Suspicious_Gen2.NHPPF GData = Gen:Variant.Vundo.4 TheHacker = Trojan/Kryptik.llt BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LLT
ExIF Data	File Size : 112 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:06:11 15:18:07-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 102400 Initialized Data Size : 49152 Uninitialized Data Size : 0 Entry Point : 0x19601 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.0.0.3422 Product Version Number : 2.0.0.3422 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : Rlikrttkj Ibietanazzz File Description : Jugqectay Character Animation Data Provider File Version : 2.00.0.3422 Internal Name : AgentDataProvider2 Legal Copyright : Copyright (C) Bhgtbibxy Corp. 1997-98 Legal Trademarks : Original Filename : AgentDp2.dll Private Build : Product Name : Nrrmupjma Character Animation Data Provider Product Version : 2.00.0.3422 Special Build :
VirusTotal Report submitted 2011-07-08 20:23:30
VirusShare info last updated 2012-09-25 23:00:42

	MD5	95f6ee5045669e095c2f6dcbd52553fe
	SHA1	d1bc7eba7cbca1bc11568118f20fe4be12d3c4ff
	SHA256	954f384829db978d154087d4ba864e86198ce33497b6dee24bb6fcef7947699a
SSDeep	3072:7CuAIHPKZQEOHoDTsfNws28ttiZPFqw+uKg2ov6:7HPKZzKTlmtqlg
Size	147456 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.HDC Panda = Suspicious file Rising = Trojan.Win32.Generic.12A761DD K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!C821HrG4dng eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_SPNR.15L511 Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Vundo.av McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.WinSpy.1521 TrendMicro = TROJ_SPNR.15L511 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.iuvp McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.AZKH Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen.2 Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LLT
ExIF Data	File Size : 144 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:14 05:42:54-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 110592 Initialized Data Size : 69632 Uninitialized Data Size : 0 Entry Point : 0x17e76 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.131.2600.0 Product Version Number : 5.131.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Tfcnjmawb Qvupfhrkzes File Description : Softpub Forwarder DLL File Version : 5.131.2600.0 (abkebdef.010817-1148) Internal Name : Softpub Forwarder DLL Legal Copyright : © Qqcijkyet Pelvravtldf. All rights reserved. Original Filename : Softpub Forwarder DLL Product Name : Rwzaomffh® Upjtqiy® Xlljxlksz Pzpzqv Product Version : 5.131.2600.0
VirusTotal Report submitted 2012-05-18 07:16:05
VirusShare info last updated 2012-09-26 02:31:01

	MD5	995578463dc39ce497f98225bc77596d
	SHA1	28599570fffdda953717fae0590d4126f013e42f
	SHA256	d1d6025dd181a80093e2e6b2848fdb97fae1179408db0e621af664d0d5bf3bec
SSDeep	12288:pVfmBCbkxIkMDN3jM6QgxEQfQVGRyJzhg+EPFY9VWdIYJ:/mBCbgIyz1yaOI
Size	516096 bytes
File Type	PE32 executable (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Dldr.Renos.KC.44 Avast = Win32:Downloader-GQP Antiy-AVL = Trojan/win32.agent.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Pirminay.516096.B Panda = Suspicious file TrendMicro-HouseCall = TROJ_GEN.R47C2DQ Comodo = TrojWare.Win32.Trojan.Agent.Gen DrWeb = Trojan.DownLoader2.36546 TrendMicro = TROJ_GEN.R47C2DQ Microsoft = TrojanDownloader:Win32/Renos.KC Jiangmin = Trojan/Generic.eskt VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Downloader-GQP AVG = Downloader.Generic11.TGI Norman = W32/Obfuscated.L Sophos = Mal/Generic-L GData = Trojan.Generic.KDV.195132 BitDefender = Trojan.Generic.KDV.195132 NOD32 = Win32/TrojanDropper.Agent.PHH
ExIF Data	File Size : 504 kB File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:03:30 05:34:01-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 57344 Initialized Data Size : 892928 Uninitialized Data Size : 0 Entry Point : 0xe0c6 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6001.18000 Product Version Number : 6.0.6001.18000 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : NAP client config API helper File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840) Internal Name : naphlpr.DLL Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : naphlpr.DLL Product Name : Microsoft® Windows® Operating System Product Version : 6.0.6001.18000
VirusTotal Report submitted 2011-05-05 19:51:37
VirusShare info last updated 2012-09-26 04:08:16

	MD5	9ab337baabc847baa79bffd739af16d9
	SHA1	30612f7715b3219d9d0ec7e4cb5ad042d899db04
	SHA256	93d98f1db9830f0646da443d7666ef851d26e1ac2eb6f5d35e64c358ae8cfc21
SSDeep	1536:/ZqwWMuMlU9Wj/aLkyD4vpC/FLIQPFH7Ow0MCdxxgPdJ8srdhH48HUlqim3o0/UD:/qMDmAj/aLkXs/hGxgPd93ULm3oyKL
Size	131072 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Vundo Panda = Suspicious file Rising = Trojan.Win32.Generic.12A34A40 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!KwYCVhSbmo4 VBA32 = Trojan.Genome.ueob TrendMicro-HouseCall = TROJ_SPNR.15L611 Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Vundo.av SUPERAntiSpyware = Trojan.Agent/Gen-Vundo DrWeb = Trojan.Click2.194 TrendMicro = TROJ_SPNR.15L611 Kaspersky = Trojan.Win32.Genome.abuuv Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Virtumonde.MCZ!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Generic.acehp F-Secure = Gen:Variant.Vundo.13 VIPRE = Virtumonde eSafe = Win32.Trojan F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.BRYM Norman = W32/Kryptik.AIF Sophos = Mal/Generic-L GData = Gen:Variant.Vundo.13 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.ndc BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.NDC
ExIF Data	File Size : 128 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:09:07 16:43:52-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 65536 Initialized Data Size : 98304 Uninitialized Data Size : 0 Entry Point : 0xceaa OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.10.2600.822 Product Version Number : 5.10.2600.822 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Unicode Company Name : NVIDIA Corporation File Description : NVIDIA® nForce(TM) Sata Performance Driver File Version : 5.10.2600.0822 (NT.060926-1359) Internal Name : NVIDIA nForce(TM) SATA Driver Legal Copyright : Copyright(C) 2001-2006 NVIDIA Corporation Original Filename : nvstor.sys Product Name : NVIDIA nForce(TM) SATA Driver Product Version : 5.10.2600.0822
VirusTotal Report submitted 2012-05-21 22:03:11
VirusShare info last updated 2012-09-26 05:04:16

	MD5	9cf9437b623fb3cb309a8d11beeb3971
	SHA1	e22aca0c4a43597da6516f6fee3c76aa1fca345c
	SHA256	dab41044110df82d8e75dcdb6faa77b12d7c87f4a809b2ce11232c2ea77f4b30
SSDeep	1536:JzVglhMoInIyDMXRJwz2oIVbrSwtCTT0FvOKZDefFeP:JshpIIyIXDwz/I0wHvOqDeQP
Size	86016 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-EI Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Gen Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.13 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!ejqtgngjrm8 TrendMicro-HouseCall = TROJ_GEN.R72C2F8 Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[RE] McAfee-GW-Edition = Artemis!9CF9437B623F TrendMicro = TROJ_GEN.R72C2F8 Microsoft = Trojan:Win32/Vundo PCTools = Trojan.Gen McAfee = Artemis!9CF9437B623F F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-EI AVG = Generic22.AVNB Symantec = Trojan.Gen GData = Gen:Variant.Vundo.13 TheHacker = Trojan/Kryptik.npn BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.NPN
ExIF Data	File Size : 84 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2007:02:22 06:10:05-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 32768 Initialized Data Size : 81920 Uninitialized Data Size : 0 Entry Point : 0x8411 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7000.0 Product Version Number : 6.1.7000.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 4 Language Code : Neutral Character Set : Unicode Company Name : Ltmzfgyoq Ekatfnrniky File Description : 32K/64K color VGA\SVGA Display Driver File Version : 6.1.7000.0 (winmain_win7beta.081212-1400) Internal Name : vga64k.dll Legal Copyright : © Pwscrgghj Iwviidjoqnq. All rights reserved. Original Filename : vga64k.dll Product Name : Avxrwgrmw® Mhykzmm® Ujnmpkqdk System Product Version : 6.1.7000.0
VirusTotal Report submitted 2011-07-03 19:16:41
VirusShare info last updated 2012-09-26 06:37:49

	MD5	ab9bb73d73bf62dc8fa82592438f0b5c
	SHA1	7712609877a255537166d2d3f3c3508474ac59a5
	SHA256	dae2af499e32edca00e18900c00377624ef9a02619e92ae72ae640281e207156
SSDeep	3072:Z3Yy5hqishhGyeE8/TEhfRGFE8H1SxM3:V5hqiyQEGwJQV2
Size	131072 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Malware/Win32.Generic Panda = Trj/CI.A K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_GEN.R72C2D7 Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Vundo SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Artemis!AB9BB73D73BF TrendMicro = TROJ_GEN.R72C2D7 Microsoft = Trojan:Win32/Vundo McAfee = Artemis!AB9BB73D73BF F-Secure = Trojan.Generic.5742296 VIPRE = Trojan.Win32.Generic!BT Prevx = High Risk System Back Door Avast5 = Win32:Malware-gen AVG = Generic21.BQPG Norman = W32/Suspicious_Gen2.KFNMZ GData = Trojan.Generic.5742296 BitDefender = Trojan.Generic.5742296 NOD32 = probably a variant of Win32/Kryptik.LXF
ExIF Data	File Size : 128 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:08:08 12:20:53-04:00 PE Type : PE32 Linker Version : 5.12 Code Size : 110592 Initialized Data Size : 53248 Uninitialized Data Size : 0 Entry Point : 0x1bec1 OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7000.0 Product Version Number : 6.1.7000.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Hwlvhnnaf Hsopsnoqiga File Description : Media Foundation H264 Encoder File Version : 6.1.7000.0 (winmain_win7beta.081212-1400) Internal Name : Media Foundation H264 Encoder Legal Copyright : © Buukogwnp Qliirutbyfn. All rights reserved. Original Filename : mfH264Enc.dll Product Name : Tvzsjayqb® Odfhqkx® Tvuxpmkhy Oakqgn Product Version : 6.1.7000.0
VirusTotal Report submitted 2011-04-19 13:51:22
VirusShare info last updated 2012-09-26 12:36:03

	MD5	b0f94d0bc85bbe9d461e93f16148cb6b
	SHA1	761077fffd37af6dfebb277a857d2ba9d924005e
	SHA256	9a0f685916a70fef86bfeb93ea8e400372c254f08709fd3c8c7527ca20b18feb
SSDeep	1536:Kes9nzdTqWo3N3qQcSS5W1yiWhvwBnqIz1x:KHPo9aRDCqI5x
Size	106496 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-GD [Cryp] Antiy-AVL = Trojan/Win32.Monder.gen Ikarus = Trojan.Win32.Pirminay Panda = Suspicious file Rising = Trojan.Win32.Generic.129411EE K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!4FEWX7ovFr8 TrendMicro-HouseCall = TROJ_GEN.R47C2G1 Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Win32.Trojan.Monder.cc.5 McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.Smardec.76 TrendMicro = TROJ_GEN.R47C2G1 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Monder.BMF!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Generic.ipss McAfee = Generic Malware.ms ClamAV = PUA.Win32.Packer.Installshield-2 F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CP.gen!Eldorado AVG = Generic22.ACPU Norman = W32/Kryptik.AIF Sophos = Mal/Generic-L Symantec = Trojan.Gen GData = Gen:Variant.Vundo.13 Commtouch = W32/Virtumonde.CP.gen!Eldorado TheHacker = Trojan/Kryptik.ndc BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.NDC
ExIF Data	File Size : 104 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:11:03 15:11:13-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 20480 Initialized Data Size : 118784 Uninitialized Data Size : 0 Entry Point : 0x285e OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Ctwzhcunz Yqkslirlifg File Description : SCardDlg - Smart Card Common Dialog File Version : 6.0.6000.16386 (oyzlh_rtm.061101-2205) Internal Name : SCardDlg.dll Legal Copyright : © Aaidkyfuy Sphxtbjtbyu. All rights reserved. Original Filename : SCardDlg.dll Product Name : Rdwsfslrj® Irdlbjv® Fppgzaies Fdfkwz Product Version : 6.0.6000.16386
VirusTotal Report submitted 2012-06-08 07:09:56
VirusShare info last updated 2012-09-26 14:40:29

	MD5	b17ffa62795c45b9b6b06c77e8a64277
	SHA1	8475e69216972ea3d3a95552c44a6421448fe09f
	SHA256	db68c0eed718d6474218990824143d936108e47f042a2d0c8e7587f98ab12802
SSDeep	6144:fA7xM9WxoqqiZXyG+aBxzBwVam79w7zIGN9nv3rhUvlymEyjhcK0scNQlXA3hIh6:fsUiZXydWxdwVa8w7zIe3zWjhT0sLhAF
Size	390103 bytes
File Type	PE32 executable (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Crypt.XPACK.Gen Avast = Win32:Kryptik-ARX [Trj] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Fakeav.390103 Panda = Suspicious file Rising = Trojan.Win32.Generic.1288F4B0 nProtect = Trojan.Generic.6130575 K7AntiVirus = Riskware VBA32 = SScope.Trojan.Pirminay.chc TrendMicro-HouseCall = TROJ_DLOADR.SMWQ Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Kryp.b DrWeb = Trojan.Hosts.5738 TrendMicro = TROJ_DLOADR.SMWQ Microsoft = TrojanDownloader:Win32/Renos.KC Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.egwy McAfee = Kryp.b F-Secure = Trojan.Generic.6130575 VIPRE = Trojan.Win32.Generic!BT AVG = Downloader.Generic10.CIRB Norman = W32/Obfuscated.L Sophos = Troj/Virtum-Gen GData = Trojan.Generic.6130575 Symantec = Trojan.Gen TheHacker = Trojan/Kryptik.kwo BitDefender = Trojan.Generic.6130575 NOD32 = a variant of Win32/Kryptik.LLT
ExIF Data	File Size : 381 kB File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:12:14 11:47:53-05:00 PE Type : PE32 Linker Version : 5.12 Code Size : 98304 Initialized Data Size : 577536 Uninitialized Data Size : 0 Entry Point : 0x17cf6 OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : WbemPerf V2 Instance Provider File Version : 6.0.6000.16386 (vista_rtm.061101-2205) Internal Name : WbemPerfInst.dll Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : WbemPerfInst.dll Product Name : Microsoft® Windows® Operating System Product Version : 6.0.6000.16386
VirusTotal Report submitted 2012-06-15 09:30:55
VirusShare info last updated 2012-09-26 14:53:15

	MD5	b37d9126702dcc025bf4cda6ab483477
	SHA1	39c9943d9e87423398e7166fd20b1760fcb1ee20
	SHA256	ccfdd16ccb4a7adace206a9458497e538016967141c2fbe441532db5419be8e2
SSDeep	3072:Y9ZPZwkRQE3DXgKgaF5yycuTZGisL7kLIM:Y9XTRHTXgjaGPtXIj
Size	161205 bytes
File Type	PE32 executable (GUI) Intel 80386, for MS Windows
Detections	Avast = Win32:Trojan-gen Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Gen.Variant.Vundo eTrust-Vet = Win32/Swisyn.DT Emsisoft = Gen.Variant.Vundo!IK McAfee-GW-Edition = Artemis!B37D9126702D McAfee = Artemis!B37D9126702D Avast5 = Win32:Trojan-gen AVG = Generic20.CKFC GData = Win32:Trojan-gen NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Size : 157 kB File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2002:08:30 20:58:54-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 16384 Initialized Data Size : 618496 Uninitialized Data Size : 0 Entry Point : 0x44c0 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI Warning : Error processing PE data dictionary
VirusTotal Report submitted 2011-02-11 00:21:46
VirusShare info last updated 2012-09-26 15:41:10

	MD5	b39484332bc2030557965babfd777126
	SHA1	38b0b36403b1de9855f36fa7a7e9d22482313fd0
	SHA256	daa900b62a844bcfedfa8b7b5a0625048c28a3ac4402ea7867a98cb42325a056
SSDeep	3072:S+sJ6rU50oY8ACxtqdcX4+XUdFzsMqqDLy/IoDbc:cekBi04ZFzfqqDLuI
Size	131072 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-HF [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/Genetic.gen nProtect = Trojan/W32.Genome.131072.E K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!Zy4Dw8a1AvQ TrendMicro-HouseCall = TROJ_GEN.R72C2G8 Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Win32.Vundo.av5.ML McAfee-GW-Edition = Artemis!B39484332BC2 DrWeb = Trojan.WinSpy.1185 TrendMicro = TROJ_GEN.R72C2G8 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Generic.nkxv McAfee = Artemis!B39484332BC2 F-Secure = Trojan.Generic.6165212 VIPRE = Trojan.Win32.Generic!BT eSafe = Win32.TRVundo F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.SZZ Norman = Vundo.UVS Sophos = Troj/Virtum-Gen GData = Trojan.Generic.6165212 Symantec = WS.Reputation.1 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.lxf BitDefender = Trojan.Generic.6165212 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Size : 128 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:05 18:48:40-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 86016 Initialized Data Size : 86016 Uninitialized Data Size : 0 Entry Point : 0x151a7 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.1.4026.0 Product Version Number : 2.0.0.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : Ncpniezam Kdqqjqacykd File Description : Movie Maker Filters File Version : 2, 1, 4026, 0 Internal Name : WMM2FILT Legal Copyright : Copyright (C) Lfwckqjlh Corp, 2004 Legal Trademarks : Original Filename : WMM2FILT.DLL Private Build : Product Name : Windows Movie Maker Product Version : 2.1.4026.0 Special Build :
VirusTotal Report submitted 2012-06-16 08:54:27
VirusShare info last updated 2012-09-26 15:42:34

	MD5	b3db4c461f43f46fe95bde536a63440a
	SHA1	21a83f5680de5187a146eeb803dbc3a5fd12a142
	SHA256	db09544f5402a2e67f214e4b1db98981c9d278502c759a5dbe44499d0d8a3823
SSDeep	3072:v4z/hVAcR4enPgAt2b93Zg2elpMqqDLy/S5kS:vyAcR4ePSxpBqqDLuq
Size	136704 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.FakeAV Panda = Trj/CI.A VirusBuster = Trojan.Kryptik!tflP5QoBc50 TrendMicro-HouseCall = TROJ_GEN.R47C2G4 Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Falleg[RE] McAfee-GW-Edition = Vundo!jb TrendMicro = TROJ_GEN.R47C2G4 Microsoft = Trojan:Win32/Vundo Fortinet = W32/Vundo.JB!tr McAfee = Vundo!jb F-Secure = Trojan.Generic.KDV.277257 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Malware-gen eSafe = Win32.TRVundo AVG = Generic23.DKB Norman = W32/Suspicious_Gen2.NHQCR Symantec = Trojan.Gen GData = Trojan.Generic.KDV.277257 TheHacker = Trojan/Kryptik.myj BitDefender = Trojan.Generic.KDV.277257 NOD32 = a variant of Win32/Kryptik.MYJ
ExIF Data	File Size : 134 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:20 09:51:04-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 106496 Initialized Data Size : 86016 Uninitialized Data Size : 0 Entry Point : 0x1649a OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 0.90.16.16384 Product Version Number : 0.90.16.16384 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Unicode Company Name : N-trig Innovative Technologies File Description : N-trig tablet digitizer in-box driver File Version : 0.90.16.16384 (Vista_RC1.060509-2219) Internal Name : ntrigdigi.sys Legal Copyright : © Crhnesmrg Reogypswwyj. All rights reserved. Original Filename : ntrigdigi.sys Product Name : N-trig tablet digitizer in-box driver Product Version : 0.90.16.16384
VirusTotal Report submitted 2011-07-20 08:20:57
VirusShare info last updated 2012-09-26 15:48:54

	MD5	b6a081713b8e049cbb68dbc2c54013b2
	SHA1	b761e68b2df77ddb3d697a7558745323223c34e5
	SHA256	ce6b4a5894ada4f7fe7fc5bcfaf49c3a71e2b39e3b3924f6e3b8287de1bc0522
SSDeep	6144:70KDCqcXRMz69v6+hAXfoF6vSYqqDLu3:70QCqcXRMsOX1a9qnu3
Size	245760 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.HDC Rising = Trojan.Win32.Generic.128C1287 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!x67hZcFXIiY TrendMicro-HouseCall = TROJ_GEN.R29C1HI Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.WinSpy.1219 TrendMicro = TROJ_GEN.R29C1HI Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Generic.juyk McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.13 VIPRE = Virtumonde eSafe = Win32.TRVundo F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.ABQV Norman = W32/Suspicious_Gen2.NXPXG Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.13 Symantec = Trojan.Gen.2 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.lxf BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Size : 240 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:21 14:38:07-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 192512 Initialized Data Size : 94208 Uninitialized Data Size : 0 Entry Point : 0x2b526 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.6938.0 Product Version Number : 6.1.6938.0 File Flags Mask : 0x003f File Flags : Private build File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Yozaedtuxsv File Description : Microsoft DTV-DVD Audio Decoder File Version : 6.1.6938.0 (fbl_multimedia_media(bld4act).081031-0928) Internal Name : MSMPEG2ADEC.dll Legal Copyright : © Cuiggryah Ggtpqfspfer. All rights reserved. Original Filename : MSMPEG2ADEC.dll Product Name : Gwehwmftf® Xstvboy® Tydvqztub Awxyxz Product Version : 6.1.6938.0
VirusTotal Report submitted 2012-06-18 09:55:45
VirusShare info last updated 2012-09-26 16:40:32

	MD5	b75f7318823b4838be4ba4634a956049
	SHA1	75bdf3827b6e8b2b769ebfa41a908133e3a7bf43
	SHA256	c7fbe577ceee9ee02fd6b35ccf2d70c22c8a0e80ccb4971d606458f8c6380ab7
SSDeep	3072:qw8A8Me7T/no69JbNSVORTN1hCXn1wMwHyaXnTcRJGhkwJ4WFxtXIPRZZFA0Gn:qwmMe7E69SVfwMwphnzxI/tG
Size	150016 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:MalOb-GD Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Gen Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.13 K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_GEN.R72C2F8 Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Agent.Gen SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Vundo!iy TrendMicro = TROJ_GEN.R72C2F8 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo PCTools = Trojan.Gen Jiangmin = Trojan/Generic.gdwr McAfee = Vundo!iy F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-GD AVG = Generic22.BDYE Norman = W32/Suspicious_Gen2.MYNEU Symantec = Trojan.Gen GData = Gen:Variant.Vundo.13 TheHacker = Trojan/Kryptik.ndf BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.NDF
ExIF Data	File Size : 146 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2007:02:25 23:57:15-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 139264 Initialized Data Size : 53248 Uninitialized Data Size : 0 Entry Point : 0x22691 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Sqdxuwjyv Jtzvdxwxyfz File Description : RD Gateway QEC File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : tsgqec.dll Legal Copyright : © Pfsomcmvl Jfkoqfylawb. All rights reserved. Original Filename : tsgqec.dll Product Name : Qidllkosj® Windows® Mphwnomth Jumiqu Product Version : 6.1.7600.16385
VirusTotal Report submitted 2011-06-25 21:58:56
VirusShare info last updated 2012-09-26 16:52:25

	MD5	bb3d979658055161c6dbb557fbff1093
	SHA1	9a8bfd6e15174cd25a93fd3fd5dbe15e045285a3
	SHA256	98dd62aded71a05392af492a5e0da26a6dd1c33fb0b2e3f06ac25d35f181ae89
SSDeep	12288:qrtEgixBQWuMEe6UU2oIZqnukJ1tkiAYG:PgixBQWuMEe6UU2oIZ+ukRkiAYG
Size	443392 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Crypt.ZPACK.Gen2 Avast = Win32:MalOb-HF [Cryp] Ikarus = Trojan.Win32.Pirminay Rising = Trojan.Win32.Generic.128A72FB nProtect = Trojan.Generic.KDV.292532 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!Pdw7hKJ/IXY TrendMicro-HouseCall = TROJ_GEN.RC1C2GI Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Vundo.AV5 McAfee-GW-Edition = Artemis!BB3D97965805 DrWeb = Trojan.Siggen2.59654 TrendMicro = TROJ_GEN.RC1C2GI Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV ViRobot = Trojan.Win32.A.Diple.443392.B Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Diple.dvf McAfee = Artemis!BB3D97965805 F-Secure = Trojan.Generic.KDV.292532 VIPRE = Trojan.Win32.Kryptik.laq (v) eSafe = Win32.TRCrypt.ZPACK F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.BKBN Norman = W32/Suspicious_Gen2.NPOYX Sophos = Troj/Virtum-Gen GData = Trojan.Generic.KDV.292532 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.npr BitDefender = Trojan.Generic.KDV.292532 NOD32 = a variant of Win32/Kryptik.NPR
ExIF Data	File Size : 433 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:08:13 02:41:30-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 307200 Initialized Data Size : 192512 Uninitialized Data Size : 0 Entry Point : 0x4747e OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.0.2147.1 Product Version Number : 5.0.2147.1 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Lokxygtzk Jfdqwxhazcj File Description : Sort Utility File Version : 5.00.2147.1 Internal Name : Sort Legal Copyright : Copyright (C) Qxebiucic Corp. 1981-1999 Original Filename : Sort.EXE Product Name : Xhghanzsp(R) Bqogiph (R) 2000 Wugmjwbkt System Product Version : 5.00.2147.1
VirusTotal Report submitted 2012-06-21 11:37:59
VirusShare info last updated 2012-09-26 18:23:27

	MD5	bb51d3f20ca90d392db2450c86ab6707
	SHA1	52d90432591db9c0c673dbd624c4b8879748f3e0
	SHA256	c7f56f03c60f15cde0b2024c3078d579e5f92d1d4013edd2c6ac117ccb072f6d
SSDeep	3072:41nDoRog/9Nz15IOdBGMXVAsZBFS1G4Zk747xsVi9Wf2TbvRGeCI:41nDcoEdXQsZifZk747xsvkvQI
Size	131072 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/win32.agent.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Trj/CI.A Rising = Trojan.Win32.Generic.128B0706 nProtect = Gen:Variant.Vundo.13 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!gARlr4TztAg TrendMicro-HouseCall = TROJ_GEN.R49C1GO Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Vundo.av McAfee-GW-Edition = Vundo!jx TrendMicro = TROJ_GEN.R49C1GO Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Vundo.JX!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.imqv McAfee = Vundo!jx F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-EI [Cryp] eSafe = Win32.TRATRAPS F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.BQTI Norman = W32/Suspicious_Gen2.NSEEP Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.13 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.OXO
ExIF Data	File Size : 128 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:06:22 11:38:10-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 61440 Initialized Data Size : 98304 Uninitialized Data Size : 0 Entry Point : 0xf6b1 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.3.1.146 Product Version Number : 6.3.1.146 File Flags Mask : 0x003f File Flags : (none) File OS : Windows 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Windows, Latin1 Company Name : Pvtgzhytq Stbfsqdhccy File Description : TIME File Version : 6.03.01.0146 Internal Name : DATIME Legal Copyright : Copyright © Snyresdgl Corp. 1998-1999 Original Filename : DATIME.DLL Product Name : Bhhsllywf® Uhivwmo(TM) Sfuiqmllj Zlludo Product Version : 6.03.01.0146
VirusTotal Report submitted 2011-09-08 23:56:20
VirusShare info last updated 2012-09-26 18:24:45

	MD5	bccc70ab1839c263b27e8caaa4351e13
	SHA1	ce104302ee5cf509f8bba6ee2954531bde52960a
	SHA256	cf1bf98ab3b2bdca185b2bb81cf6fde7917695bc34afde66fda212548559ed43
SSDeep	6144:/akqaNcSrxTMRUm2cmlbyFWwv5mLynnoMr/:CuJbYl5mGno
Size	217088 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-GD [Cryp] Antiy-AVL = Trojan/win32.agent.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.HDC Panda = Suspicious file K7AntiVirus = Trojan VirusBuster = Trojan.Kryptik!8VK3m8Ll6Bk TrendMicro-HouseCall = TROJ_GEN.R72C2FB Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Artemis!BCCC70AB1839 DrWeb = Trojan.WinSpy.1306 TrendMicro = TROJ_GEN.R72C2FB Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Generic.gtuz McAfee = Artemis!BCCC70AB1839 F-Secure = Gen:Variant.Vundo.6 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.AYFI Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.6 Symantec = WS.Reputation.1 Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Gen:Variant.Vundo.6 NOD32 = probably a variant of Win32/Kryptik.LXF
ExIF Data	File Size : 212 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:08:10 09:01:37-04:00 PE Type : PE32 Linker Version : 6.0 Code Size : 151552 Initialized Data Size : 102400 Uninitialized Data Size : 0 Entry Point : 0x25a31 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.5479.0 Product Version Number : 6.0.5479.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 1 Language Code : English (U.S.) Character Set : Unicode Company Name : SEIKO EPSON CORPORATION File Description : EPSON Printer Driver File Version : 6.0.5479.0 (vbl_wcp_d2_drivers.060616-1619) Internal Name : ep0lvr1m.dll Legal Copyright : Copyright (c) SEIKO EPSON CORPORATION 2003-2004. All rights reserved. Original Filename : ep0lvr1m.dll Product Name : EPSON Printer Driver Product Version : 6.0.5479.0
VirusTotal Report submitted 2012-07-04 08:15:07
VirusShare info last updated 2012-09-26 18:57:01

	MD5	c13a568712a6e570308053a0691b5b5f
	SHA1	94a87e7e4f3348c150aef15696b2bd8fd2315639
	SHA256	9a5c9c8546220127360eb0bdc0d542a45fab516076b7f32927f93742ced0fc19
SSDeep	3072:qDF8A8Me7T/nuJZfulASVORTN1hCXn1wMwHyaXnTcRJGEqwduDB+xtaIPRZZOQs:qDFmMe78ZfGVfwMwpERmrIU
Size	150016 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:MalOb-GD [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.HDC Panda = Generic Trojan K7AntiVirus = Trojan VirusBuster = Trojan.Kryptik!RbYv+qNPMhg TrendMicro-HouseCall = TROJ_GEN.R72C2F8 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Agent.Gen.iw5 SUPERAntiSpyware = Trojan.Agent/Gen-FakeAlert[Rn] McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.WinSpy.1313 TrendMicro = TROJ_GEN.R72C2F8 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Generic.gdwr McAfee = Generic Malware.ms F-Secure = Gen:Heur.Ranpax.1 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.BDTM Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Heur.Ranpax.1 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.ndf BitDefender = Gen:Heur.Ranpax.1 NOD32 = a variant of Win32/Kryptik.NDF
ExIF Data	File Size : 146 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2007:02:25 23:57:15-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 139264 Initialized Data Size : 53248 Uninitialized Data Size : 0 Entry Point : 0x22691 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Sqdxuwjyv Jtzvdxwxyfz File Description : RD Gateway QEC File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : tsgqec.dll Legal Copyright : © Pfsomcmvl Jfkoqfylawb. All rights reserved. Original Filename : tsgqec.dll Product Name : Qidllkosj® Windows® Mphwnomth Jumiqu Product Version : 6.1.7600.16385
VirusTotal Report submitted 2012-07-12 06:02:54
VirusShare info last updated 2012-09-26 20:41:38

	MD5	c41943d1dade6f01871bec83e650d2ee
	SHA1	eeb9c7ba7b75e705679726dcad2e091ba8696195
	SHA256	caef36095f947066eada9d51f54259f8346cf24cf304f2ed4141f84a52b0019f
SSDeep	3072:m9Sb1IVLs05WNzmn+OqzEhntKXBGfK/j8ulxXDqCcAyD3Xx:/I20okfDrfKTfKFD3h
Size	115200 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-GD Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Vundo Panda = Trj/Genetic.gen nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_GEN.R72C2EV Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Vundo!iy TrendMicro = TROJ_GEN.R72C2EV Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo Jiangmin = Trojan/Generic.fnxb McAfee = Vundo!iy F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-GD AVG = Generic22.BDAF Norman = W32/Suspicious_Gen2.MYKLX GData = Gen:Variant.Vundo.4 TheHacker = Trojan/Kryptik.llt BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LLT
ExIF Data	File Size : 112 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:06:11 15:18:07-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 102400 Initialized Data Size : 49152 Uninitialized Data Size : 0 Entry Point : 0x19601 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.0.0.3422 Product Version Number : 2.0.0.3422 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : Rlikrttkj Ibietanazzz File Description : Jugqectay Character Animation Data Provider File Version : 2.00.0.3422 Internal Name : AgentDataProvider2 Legal Copyright : Copyright (C) Bhgtbibxy Corp. 1997-98 Legal Trademarks : Original Filename : AgentDp2.dll Private Build : Product Name : Nrrmupjma Character Animation Data Provider Product Version : 2.00.0.3422 Special Build :
VirusTotal Report submitted 2011-06-25 22:17:40
VirusShare info last updated 2012-09-26 21:27:15

	MD5	c5457cce36fc7014e6ebae6e726d6fef
	SHA1	f69960c04f60f40cc877f95a27870219443785a7
	SHA256	cc9f5b24f0c9d30c1832d2245695918e73ad573aba0a198f03ca03acb032fae5
SSDeep	1536:IW3aHprfoKFGrBYR6oT3Vu5SNjzv3eZGNBk/yMgSOiZR1Ej6nPa5G3O4GXCiu:qrwKOI6oTluIbGyMgeaoOlXCV
Size	99328 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Packed/Win32.Generic Panda = Suspicious file Rising = Trojan.Win32.Generic.127889B0 K7AntiVirus = Riskware VBA32 = AdWare.SuperJuan.yan TrendMicro-HouseCall = TROJ_GEN.R1BC2DT CAT-QuickHeal = Trojan.Vundo.av DrWeb = Trojan.Click1.30433 TrendMicro = TROJ_GEN.R1BC2DT Microsoft = Trojan:Win32/Vundo.gen!AV PCTools = HeurEngine.MaliciousPacker Jiangmin = Trojan/Genome.icg F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) Prevx = Medium Risk Malware Avast5 = Win32:Malware-gen F-Prot = W32/Virtumonde.BZ.gen!Eldorado AVG = Crypt_c.BDS Symantec = Packed.Generic.305 GData = Gen:Variant.Vundo.4 Commtouch = W32/Virtumonde.BZ.gen!Eldorado BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.GND
ExIF Data	File Size : 97 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:01:03 18:13:50-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 55808 Initialized Data Size : 78848 Uninitialized Data Size : 0 Entry Point : 0xe91b OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7000.0 Product Version Number : 6.1.7000.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Softpub Forwarder DLL File Version : 6.1.7000.0 (winmain_win7beta.081212-1400) Internal Name : Softpub Forwarder DLL Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : Softpub Forwarder DLL Product Name : Microsoft® Windows® Operating System Product Version : 6.1.7000.0
VirusTotal Report submitted 2011-04-30 10:40:48
VirusShare info last updated 2012-09-26 21:48:14

	MD5	c650de5b113058fc75026086ef162a2c
	SHA1	b015c505aa4c890b5c80011e839b6465085cc9cf
	SHA256	ce9d86bd3b32ab11cdcd77ca085e76bc87fc6a1a22eb0d588095f9c86ddd7c64
SSDeep	3072:S+Rk6rU50oY8ACHielcXW5gjdFz+MqqDLy/goDbc:AekcG0W8Fz1qqDLug
Size	131072 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-HF [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Generic Trojan nProtect = Trojan/W32.Genome.131072.E K7AntiVirus = Trojan VirusBuster = Trojan.Kryptik!rgQPvdBL0vI TrendMicro-HouseCall = TROJ_GEN.R72C2FU Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Win32.Vundo.av5.AD McAfee-GW-Edition = Vundo.gen.fy DrWeb = Trojan.WinSpy.1185 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Generic.oazs McAfee = Vundo.gen.fy F-Secure = Trojan.Generic.6168333 VIPRE = Trojan.Win32.Generic!BT eSafe = Win32.TRVundo F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.TDI Norman = Vundo.UVS Sophos = Troj/Virtum-Gen GData = Trojan.Generic.6168333 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.lxf ESET-NOD32 = a variant of Win32/Kryptik.LXF BitDefender = Trojan.Generic.6168333
ExIF Data	File Size : 128 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:05 18:48:40-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 86016 Initialized Data Size : 86016 Uninitialized Data Size : 0 Entry Point : 0x151a7 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.1.4026.0 Product Version Number : 2.0.0.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : Ncpniezam Kdqqjqacykd File Description : Movie Maker Filters File Version : 2, 1, 4026, 0 Internal Name : WMM2FILT Legal Copyright : Copyright (C) Lfwckqjlh Corp, 2004 Legal Trademarks : Original Filename : WMM2FILT.DLL Private Build : Product Name : Windows Movie Maker Product Version : 2.1.4026.0 Special Build :
VirusTotal Report submitted 2012-08-13 02:51:05
VirusShare info last updated 2012-09-26 22:06:22

	MD5	cd1d92209540b24c443c8139ed64841c
	SHA1	f3605f541be9ea3b741e893c1422f7b909c5f5a0
	SHA256	ce5330d41192e704e32339880c0acc3c02cd28594d606884559d80829e9b3b97
SSDeep	3072:EoCY/lLrse3w4KoXVDu6MqqDLy/TF8ms4akxPkTO:nb/xvg4VXVDupqqDLuTFLP
Size	151552 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:MalOb-EI Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.FakeAV Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.5 SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] F-Secure = Gen:Variant.Vundo.5 Avast5 = Win32:MalOb-EI GData = Gen:Variant.Vundo.5 TheHacker = Trojan/Kryptik.oxo BitDefender = Gen:Variant.Vundo.5 NOD32 = a variant of Win32/Kryptik.OXO
ExIF Data	File Size : 148 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2002:08:14 20:00:17-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 86016 Initialized Data Size : 106496 Uninitialized Data Size : 0 Entry Point : 0x15027 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 8 Language Code : English (U.S.) Character Set : Unicode Company Name : Zidpqoztd Xmjulpvwntz File Description : MCI driver for cdaudio devices File Version : 6.0.6000.16386 (lghkw_rtm.061101-2205) Internal Name : mcicda Legal Copyright : © Xlmzlsymb Udtuylwfojv. All rights reserved. Original Filename : mcicda.dll Product Name : Bmagjshby® Oikdmfw® Trhjpvtxe Xsafyn Product Version : 6.0.6000.16386
VirusTotal Report submitted 2011-06-19 14:06:39
VirusShare info last updated 2012-09-27 00:26:19

	MD5	d340de32eb2a877adc907bd54f289a4a
	SHA1	0068c470d0e8e145259f6f60a0aa8eeb54e626a4
	SHA256	c6daaa0567fa8254cb738798ab6b225f09d318e72cc0715919edd10b19baa5b6
SSDeep	6144:ITnFxhU2tYEVK2NoDhnlpxmCyac/vSxXBKaI+oICugoh4l4gfbJb:ie2oFnllOHZk4rbJb
Size	313608 bytes
File Type	PE32 executable (GUI) Intel 80386, for MS Windows
Detections	Avast = Win32:Pirminay-EE [Trj] Ikarus = Trojan.Win32.Pirminay Panda = Suspicious file K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_GEN.RCBH2HR McAfee-GW-Edition = Artemis!D340DE32EB2A DrWeb = Trojan.WinSpy.1711 Fortinet = W32/Pirminay.A!tr F-Secure = Gen:Variant.Kazy.38713 F-Prot = W32/FakeAlert.FT.gen!Eldorado AVG = Generic27.AIEP Norman = W32/Troj_Generic.DOOUS GData = Gen:Variant.Kazy.38713 Commtouch = W32/FakeAlert.FT.gen!Eldorado ESET-NOD32 = a variant of Win32/Ponmocup.AA
ExIF Data	File Size : 306 kB File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 57344 Initialized Data Size : 589824 Uninitialized Data Size : 0 Entry Point : 0xec3a OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-08-31 09:27:42
VirusShare info last updated 2012-09-27 02:27:31

	MD5	d4d6fe71c9f31bf9a5a8ca2bf3cb56af
	SHA1	ec20004cd7503ed7d63271044b60dc26d05d1b10
	SHA256	d938a9ffde722779e7e317090c84c55be7c227c25038c38177c2d285771cf60c
SSDeep	1536:P44sLI/eauxW+Nm3unr3ATfTFTo/37VszBN37rFPdkXi/rbjx92mJ1Tgj+jK:PZkWoNNm3u7w5M+33nVWAjzMa
Size	110592 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/ATRAPS.Gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Gen Panda = Suspicious file nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!Rs7rAwm6ntA Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[RE] McAfee-GW-Edition = Artemis!D4D6FE71C9F3 Microsoft = Trojan:Win32/Vundo.gen!AV PCTools = Trojan.Gen McAfee = Artemis!D4D6FE71C9F3 F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:Vundo-JU eSafe = Win32.TRATRAPS AVG = Generic23.CII Norman = W32/Suspicious_Gen2.MZQQH Symantec = Trojan.Gen GData = Gen:Variant.Vundo.4 TheHacker = Trojan/Kryptik.ndf BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.NDF
ExIF Data	File Size : 108 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:06:23 14:57:46-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 90112 Initialized Data Size : 53248 Uninitialized Data Size : 0 Entry Point : 0x16431 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6001.18000 Product Version Number : 6.0.6001.18000 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 6 Language Code : English (U.S.) Character Set : Unicode Company Name : Vynscpnwk Qdpqwzrbrar File Description : Link-Layer Topology Mapper I/O Driver File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840) Internal Name : LLTDIO.SYS Legal Copyright : © Jgldoeybd Pyuktpugexx. All rights reserved. Original Filename : LLTDIO.SYS Product Name : Ddpxfkawy® Kdzjwwd® Qgkpqffwa Chkikl Product Version : 6.0.6001.18000
VirusTotal Report submitted 2011-07-11 23:58:40
VirusShare info last updated 2012-09-27 02:57:33

	MD5	d5d6fb3f5fbeb5117bb2141ef5301ff8
	SHA1	ea2bacc1e94ad52541125620dbeb7fbfd109ca85
	SHA256	c324d75e6aa7ff0d46317013f789fc37aff70b5957c26d7076d352d7b48db9f9
SSDeep	3072:XWVYwIp9t2Wl9IvJDvpdvSWAoJCioEp+e+z4mRBDjyUG:XMI3t2xdv3CZz4mRBny
Size	133120 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-GD [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.FakeAV Panda = Suspicious file nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!cvE+yGesUVg TrendMicro-HouseCall = TROJ_GEN.R30C2G1 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Vundo.av McAfee-GW-Edition = Vundo!ja TrendMicro = TROJ_GEN.R30C2G1 Microsoft = Trojan:Win32/Vundo.gen!AV PCTools = Trojan.Gen McAfee = Vundo!ja F-Secure = Gen:Variant.Vundo.4 VIPRE = Virtumonde Avast5 = Win32:MalOb-GD [Cryp] eSafe = Win32.TRVundo AVG = Generic22.AUNW Norman = W32/Suspicious_Gen2.NKHOG Symantec = Trojan.Gen GData = Gen:Variant.Vundo.4 BitDefender = Gen:Variant.Vundo.4 NOD32 = probably a variant of Win32/Kryptik.LXF
ExIF Data	File Size : 130 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:09 21:06:46-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 73728 Initialized Data Size : 98304 Uninitialized Data Size : 0 Entry Point : 0xfd9a OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 4.6.3.518 Product Version Number : 4.6.3.518 File Flags Mask : 0x30003f File Flags : (none) File OS : Windows 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Windows, Latin1 Company Name : Microsoft Corporation File Description : Microsoft DirectDraw File Version : 4.06.03.0518 Internal Name : ddraw.dll Legal Copyright : Copyright © Microsoft Corp. 1994-1999 Original Filename : ddraw.dll Product Name : Microsoft® DirectX for Windows® 95 and 98 Product Version : 4.06.03.0518
VirusTotal Report submitted 2011-07-20 08:37:19
VirusShare info last updated 2012-09-27 03:23:29

	MD5	dcca4dc13214f9535872c7561cbb0d40
	SHA1	8c9f4049f3409eb6a5b33f1b53bb7945eded9a8b
	SHA256	99cbc762df76919c2dd2c0bc18bae6d9d55e6bab1c395d04981de4c323e7c213
SSDeep	1536:jspJN1limGSUp9shHoEiYozbotLQ3Fa1CnCRJZutMqqU+NV23S2l:jcNJGSUc5JiY2boo8ktMqqDLy/l
Size	86528 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:Vundo-JW Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.FakeAV Panda = Suspicious file nProtect = Gen:Variant.Vundo.4 Comodo = UnclassifiedMalware McAfee-GW-Edition = Artemis!DCCA4DC13214 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Jiangmin = Trojan/Generic.gije McAfee = Artemis!DCCA4DC13214 F-Secure = Gen:Variant.Vundo.4 VIPRE = Virtumonde Avast5 = Win32:Vundo-JW AVG = Generic23.AGJW GData = Gen:Variant.Vundo.4 TheHacker = Trojan/Kryptik.owy BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.OWY
ExIF Data	File Size : 84 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:13 09:32:51-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 32768 Initialized Data Size : 106496 Uninitialized Data Size : 0 Entry Point : 0x8a87 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Softpub Forwarder DLL File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : Softpub Forwarder DLL Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : Softpub Forwarder DLL Product Name : Microsoft® Windows® Operating System Product Version : 6.1.7600.16385
VirusTotal Report submitted 2011-07-02 02:28:07
VirusShare info last updated 2012-09-27 08:11:55

	MD5	df1b3070c7aa8d92c03f70f4077e7d49
	SHA1	6564b8ff43e04dd36e1ec45def7fd213814b2b94
	SHA256	cda463bbaea3fb725835d4eb3ae9e016c844cb97dcaa56818911aa5d03ea7621
SSDeep	3072:S+cz6rU50oY8AC4LTpcXlErdnqRdFzwMqqDLy/koDbc:iekK90lE0Fz7qqDLuk
Size	131072 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:Vundo-JX Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.4 VirusBuster = Trojan.Vundo.AKMH eTrust-Vet = Win32/Vundo.HPV!genus Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Vundo!ja Microsoft = Trojan:Win32/Vundo.gen!AV PCTools = Trojan.Gen McAfee = Vundo!ja F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Vundo-JX eSafe = Win32.TRVundo AVG = Generic23.ABQW Norman = W32/Suspicious_Gen2.NAXQT Symantec = Trojan.Gen.2 GData = Gen:Variant.Vundo.4 BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Size : 128 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:05 18:48:40-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 86016 Initialized Data Size : 86016 Uninitialized Data Size : 0 Entry Point : 0x151a7 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.1.4026.0 Product Version Number : 2.0.0.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : Ncpniezam Kdqqjqacykd File Description : Movie Maker Filters File Version : 2, 1, 4026, 0 Internal Name : WMM2FILT Legal Copyright : Copyright (C) Lfwckqjlh Corp, 2004 Legal Trademarks : Original Filename : WMM2FILT.DLL Private Build : Product Name : Windows Movie Maker Product Version : 2.1.4026.0 Special Build :
VirusTotal Report submitted 2011-06-30 16:42:38
VirusShare info last updated 2012-09-27 09:37:08

	MD5	e297643ba995069e833192d8bd6bd247
	SHA1	133a02066b367e2d4646f9b8f95c70b6bd7f4839
	SHA256	cca20f87abc1d8c3af005a7ae95a15cdc12047b93cef2cbf2710a9d748e9487e
SSDeep	1536:Za3I3AzWHWUYe3wgKh6/69QR4WboU0YN5bPsBDpWigAQLKf0fvlro6n7u6yEDpu:ZII3FHW9e3HQ6/6CRgebw1WfrGylrHnF
Size	95744 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/win32.agent.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Suspicious file Rising = Trojan.Win32.Generic.12A347AC K7AntiVirus = Trojan VirusBuster = Trojan.Kryptik!ht19+mxi8Rc TrendMicro-HouseCall = TROJ_GEN.R72C7KD Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[Cont] McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.WinSpy.1328 TrendMicro = TROJ_GEN.R72C7KD Kaspersky = HEUR:Trojan.Win32.Generic ViRobot = Trojan.Win32.A.Monder.95744.E Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Generic.imne McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) eSafe = Win32.TRVundo F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Vundo.MH Norman = W32/Suspicious_Gen2.SMTRD Sophos = Troj/Virtum-Gen Symantec = Trojan.Gen.2 GData = Gen:Variant.Vundo.4 Commtouch = W32/Virtumonde.CH.gen!Eldorado ESET-NOD32 = probably a variant of Win32/Kryptik.LXF BitDefender = Gen:Variant.Vundo.4
ExIF Data	File Size : 94 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:10 16:32:48-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 81920 Initialized Data Size : 49152 Uninitialized Data Size : 0 Entry Point : 0x14ab1 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.0 Product Version Number : 5.2.3790.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Xaaxgyesi Pewwrcilsmz File Description : Session Remote Control Utility File Version : 5.2.3790.0 (srv03_rtm.030324-2048) Internal Name : shadow Legal Copyright : © Dvituzzow Tqvhfjhgqcd. All rights reserved. Original Filename : shadow.exe Product Name : Ifimxlxgb® Dpbfokk® Hwwwivmmo Vlmpmg Product Version : 5.2.3790.0
VirusTotal Report submitted 2012-09-11 04:23:59
VirusShare info last updated 2012-09-27 10:45:44

	MD5	e69536ee295785310401d0e3551a36e7
	SHA1	348e9447a8aac845bf1f93346735b8ff29bcf746
	SHA256	cc3425120ef818c16aab62a1e87cdceef80be587c1ae66c93b243cafeabfd6c1
SSDeep	6144:ilDyOkVM2pipp6tU7gCtBNflIfxR/omKZNqqDLunuM:ilDFxkiwU71BNt9hwqnunu
Size	220160 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.A.945 Avast = Win32:MalOb-HH [Cryp] Antiy-AVL = Trojan/win32.agent.gen Ikarus = Trojan.Win32.Pirminay Panda = Suspicious file Rising = Trojan.Win32.Generic.128E3F49 K7AntiVirus = Trojan VirusBuster = Trojan.Kryptik!A0dOm8RLY80 TrendMicro-HouseCall = TROJ_GEN.R72C2FT Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Vundo.gen.fy DrWeb = Trojan.Smardec.75 TrendMicro = TROJ_AGENT_042717.TOMB Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr TotalDefense = Win32/Vundo.H!generic McAfee = Vundo.gen.fy F-Secure = Gen:Variant.Vundo.6 VIPRE = Trojan.Win32.Kryptik.laq (v) eSafe = Win32.GenVariant.Vun F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.SMJ Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.6 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.lxf ESET-NOD32 = a variant of Win32/Kryptik.LXF BitDefender = Gen:Variant.Vundo.6
ExIF Data	File Size : 215 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:03:26 09:32:35-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 155648 Initialized Data Size : 118784 Uninitialized Data Size : 0 Entry Point : 0x26307 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.5479.0 Product Version Number : 6.0.5479.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 1 Language Code : English (U.S.) Character Set : Unicode Company Name : SEIKO EPSON CORPORATION File Description : EPSON Printer Driver File Version : 6.0.5479.0 (vbl_wcp_d2_drivers.060616-1619) Internal Name : ep0lvr11.dll Legal Copyright : Copyright (c) SEIKO EPSON CORPORATION 2003-2004. All rights reserved. Original Filename : ep0lvr11.dll Product Name : EPSON Printer Driver Product Version : 6.0.5479.0
VirusTotal Report submitted 2012-08-10 03:31:20
VirusShare info last updated 2012-09-27 11:57:47

	MD5	ea8af06d9910738990dac57bc3c3b159
	SHA1	ecc0c0198977712424c9e37f640ee94c57422dfb
	SHA256	c6ee4dc97486e6e8c6500e620fca879cbaa02a13460186891303c2ba7013fbb8
SSDeep	3072:4Ub1IVLs05WNzmn+O/mCEkyVKXBGfK/E8utxXGqCAAmD3jx:JI20okfYrfKqHZ9D3d
Size	115200 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-GD Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Vundo Panda = Trj/Genetic.gen nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!jbE2FIT5H40 TrendMicro-HouseCall = TROJ_GEN.R72C2EU Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Artemis!EA8AF06D9910 TrendMicro = TROJ_GEN.R72C2EU Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo Jiangmin = Trojan/Generic.fnxb McAfee = Artemis!EA8AF06D9910 F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-GD AVG = Generic22.AULE GData = Gen:Variant.Vundo.4 TheHacker = Trojan/Kryptik.llt BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LLT
ExIF Data	File Size : 112 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:06:11 15:18:07-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 102400 Initialized Data Size : 49152 Uninitialized Data Size : 0 Entry Point : 0x19601 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.0.0.3422 Product Version Number : 2.0.0.3422 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : Rlikrttkj Ibietanazzz File Description : Jugqectay Character Animation Data Provider File Version : 2.00.0.3422 Internal Name : AgentDataProvider2 Legal Copyright : Copyright (C) Bhgtbibxy Corp. 1997-98 Legal Trademarks : Original Filename : AgentDp2.dll Private Build : Product Name : Nrrmupjma Character Animation Data Provider Product Version : 2.00.0.3422 Special Build :
VirusTotal Report submitted 2011-07-03 09:24:22
VirusShare info last updated 2012-09-27 13:13:12

	MD5	eb59f5f8718771cb6d3157233b846b19
	SHA1	a44d4bd9d7f757cfdc66efbd49ec107a98a3b3c6
	SHA256	d1b43ecd7469ce374f8fc940a96b878be03a3717abbde2f6735f82897d960e78
SSDeep	3072:S+oF6rU50oY8ACivkMjcX3OJ1dFzYMqqDLy/soDbc:wek8l03CFzTqqDLus
Size	131072 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:Vundo-JX Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.4 VirusBuster = Trojan.Vundo.AKMH eTrust-Vet = Win32/Vundo.HPV!genus Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Vundo!ja Microsoft = Trojan:Win32/Vundo.gen!AV McAfee = Vundo!ja F-Secure = Gen:Variant.Vundo.4 VIPRE = Virtumonde Avast5 = Win32:Vundo-JX AVG = Generic23.AGGG GData = Gen:Variant.Vundo.4 BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Size : 128 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:05 18:48:40-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 86016 Initialized Data Size : 86016 Uninitialized Data Size : 0 Entry Point : 0x151a7 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.1.4026.0 Product Version Number : 2.0.0.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : Ncpniezam Kdqqjqacykd File Description : Movie Maker Filters File Version : 2, 1, 4026, 0 Internal Name : WMM2FILT Legal Copyright : Copyright (C) Lfwckqjlh Corp, 2004 Legal Trademarks : Original Filename : WMM2FILT.DLL Private Build : Product Name : Windows Movie Maker Product Version : 2.1.4026.0 Special Build :
VirusTotal Report submitted 2011-07-02 04:09:11
VirusShare info last updated 2012-09-27 13:28:37

	MD5	f221cc5793782adf1dc1d245a536f795
	SHA1	38bba580cfae5628dc893f02b0a18fe1408205d3
	SHA256	9403f7d4d87ae48445c2b8db44325832c9868bc89a60adcae9ea98c4e2c6ddb5
SSDeep	3072:vzPwrRVVo1MqqDLy/pfxgzsuOVVFlkRay0z:LPwlRqqDLu7ecVfcU
Size	106496 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:Pirminay-BU [Trj] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.FakeAV Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.13 TrendMicro-HouseCall = TROJ_GEN.R47C2G4 Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Vundo!jb DrWeb = Trojan.MulDrop2.36782 TrendMicro = TROJ_GEN.R47C2G4 Microsoft = Trojan:Win32/Vundo McAfee = Vundo!jb F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Pirminay-BU [Trj] AVG = Generic23.GEL Symantec = Suspicious.Cloud.5 GData = Gen:Variant.Vundo.13 TheHacker = Trojan/Kryptik.npr BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.NPR
ExIF Data	File Size : 104 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:08:22 16:27:15-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 36864 Initialized Data Size : 118784 Uninitialized Data Size : 0 Entry Point : 0x5e8e OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.5512 Product Version Number : 5.1.2600.5512 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 4 Language Code : English (U.S.) Character Set : Unicode Company Name : Hhkpnmodi Gztyebnxsek File Description : RDP Display Driver File Version : 5.1.2600.5512 (xpsp.080413-2111) Internal Name : RDPDD.dll Legal Copyright : © Flaqhafxi Kjvcqccrztv. All rights reserved. Original Filename : RDPDD.dll Product Name : Iaunetfay® Dljbfjb® Pbkgrfwtm Qhktdp Product Version : 5.1.2600.5512
VirusTotal Report submitted 2011-07-05 12:34:25
VirusShare info last updated 2012-09-27 15:50:52

	MD5	f569be577db4feb96637b22f75287742
	SHA1	6029dd7ba6516ebd632fc2d82500849b31ce617f
	SHA256	9380cb330d5dc1c5b66b9270f41aeb2ae74ddb8daae580ae9f5c50ee699b7f3d
SSDeep	3072:S++hq6rU50oY8ACRgjOcXrlCAdFzSMqqDLy/VoDbc:mqekky0rZFzxqqDLuV
Size	131072 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:Vundo-JX [Trj] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/Genetic.gen nProtect = Gen:Variant.Vundo.4 VirusBuster = Trojan.Vundo.AKMH eTrust-Vet = Win32/Vundo.HPV!genus Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Vundo!jn Microsoft = Trojan:Win32/Vundo.gen!AV McAfee = Vundo!jn F-Secure = Gen:Variant.Vundo.4 VIPRE = Virtumonde Avast5 = Win32:Vundo-JX [Trj] AVG = Generic23.BKNY GData = Gen:Variant.Vundo.4 BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Size : 128 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:05 18:48:40-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 86016 Initialized Data Size : 86016 Uninitialized Data Size : 0 Entry Point : 0x151a7 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.1.4026.0 Product Version Number : 2.0.0.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : Ncpniezam Kdqqjqacykd File Description : Movie Maker Filters File Version : 2, 1, 4026, 0 Internal Name : WMM2FILT Legal Copyright : Copyright (C) Lfwckqjlh Corp, 2004 Legal Trademarks : Original Filename : WMM2FILT.DLL Private Build : Product Name : Windows Movie Maker Product Version : 2.1.4026.0 Special Build :
VirusTotal Report submitted 2011-07-18 09:49:50
VirusShare info last updated 2012-09-27 17:11:31

	MD5	fec80fcd3aa46ac1681afc65d2d37769
	SHA1	04eba03c539083cb8dbbe8bb4507eabdb2537cc2
	SHA256	995f1060f744d6a9b9e3397fcc90a9b8625b816a9b37499c2f49da3c1153d595
SSDeep	1536:JzmlhrNnI6ZOXRCw/koIV7rSwtCTT0FvOKZ9eyeP:Jwh5I6AXow/hIkwHvOq9e1P
Size	86016 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-EI Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Gen Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.13 K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_GEN.R49C2EN Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[RE] McAfee-GW-Edition = Artemis!FEC80FCD3AA4 TrendMicro = TROJ_GEN.R49C2EN Microsoft = Trojan:Win32/Vundo PCTools = Trojan.Gen McAfee = Artemis!FEC80FCD3AA4 F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-EI eSafe = Win32.TRVundo AVG = Generic22.ATOQ Symantec = Trojan.Gen GData = Gen:Variant.Vundo.13 BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.NPN
ExIF Data	File Size : 84 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2007:02:22 06:10:05-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 32768 Initialized Data Size : 81920 Uninitialized Data Size : 0 Entry Point : 0x8411 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7000.0 Product Version Number : 6.1.7000.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 4 Language Code : Neutral Character Set : Unicode Company Name : Ltmzfgyoq Ekatfnrniky File Description : 32K/64K color VGA\SVGA Display Driver File Version : 6.1.7000.0 (winmain_win7beta.081212-1400) Internal Name : vga64k.dll Legal Copyright : © Pwscrgghj Iwviidjoqnq. All rights reserved. Original Filename : vga64k.dll Product Name : Avxrwgrmw® Mhykzmm® Ujnmpkqdk System Product Version : 6.1.7000.0
VirusTotal Report submitted 2011-06-22 07:16:06
VirusShare info last updated 2012-09-27 19:37:11

	MD5	06c49b42c0cc1cedefbf534fb499026d
	SHA1	19c8a395759ae3d76a6052863521d1a40656aba0
	SHA256	c69362322b26e6173a1826088ff7a5c2eb1036f17db32f35de2190adefee0967
SSDeep	3072:yrb1IVLs05WNzmn+O64EbpmKXBGfK/r8uUxXQqCsAjD3Lx:KI20okfHrfKr4fAD3V
Size	115200 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Crypt.XPACK.Gen Avast = Win32:MalOb-GD [Cryp] Ikarus = Trojan.Win32.Pirminay Panda = Trj/Genetic.gen Rising = Trojan.Vundo!3CB2 K7AntiVirus = Trojan TrendMicro-HouseCall = TROJ_GEN.R72C2F8 Comodo = TrojWare.Win32.Kryptik.LLT SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[Cont] McAfee-GW-Edition = Vundo.gen.fy Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr TotalDefense = Win32/Vundo.H!generic PCTools = Trojan.Gen Jiangmin = Trojan/Generic.fnxb McAfee = Vundo.gen.fy F-Secure = Trojan.Generic.5957353 VIPRE = Trojan.Win32.Kryptik.laq (v) AVG = Generic22.AVMP Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Trojan.Generic.5957353 Commtouch = W32/Virtumonde.CH.gen!Eldorado Agnitum = Trojan.Kryptik!U1aWmGL2phw TheHacker = Trojan/Kryptik.llt BitDefender = Trojan.Generic.5957353 ESET-NOD32 = a variant of Win32/Kryptik.LLT
ExIF Data	File Size : 112 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:06:11 15:18:07-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 102400 Initialized Data Size : 49152 Uninitialized Data Size : 0 Entry Point : 0x19601 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.0.0.3422 Product Version Number : 2.0.0.3422 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : Rlikrttkj Ibietanazzz File Description : Jugqectay Character Animation Data Provider File Version : 2.00.0.3422 Internal Name : AgentDataProvider2 Legal Copyright : Copyright (C) Bhgtbibxy Corp. 1997-98 Legal Trademarks : Original Filename : AgentDp2.dll Private Build : Product Name : Nrrmupjma Character Animation Data Provider Product Version : 2.00.0.3422 Special Build :
VirusTotal Report submitted 2012-09-24 04:47:35
VirusShare info last updated 2012-09-27 20:48:32

	MD5	1d4bb40e1fda9c0fae3d291d06e46d69
	SHA1	c6ad2f1ee547faa386327863a1ae2e91efde5287
	SHA256	d1fab5042bee0c56c4d9d96e48d25389fac496a7d3b85bc6c3aa1c73167d46a0
SSDeep	3072:efF+Nak2H79tjDonoKpjxweCrf7WTixKfULmLbEo7jX1F:efeakMPonoK3weu6wK8Lm/Bl
Size	120832 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-GD [Cryp] Ikarus = Trojan.Win32.Pirminay nProtect = Trojan/W32.Genome.120832 K7AntiVirus = Trojan TrendMicro-HouseCall = TROJ_GEN.R72C2F9 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[Cont] McAfee-GW-Edition = Vundo.gen.fy DrWeb = Trojan.WinSpy.1073 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Generic.imrk McAfee = Vundo.gen.fy VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Cryptic.DXA Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen Symantec = Trojan.Gen GData = Trojan.Generic.6102774 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.npn ESET-NOD32 = a variant of Win32/Kryptik.NPN BitDefender = Trojan.Generic.6102774
ExIF Data	File Size : 118 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:14 13:39:47-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 69632 Initialized Data Size : 94208 Uninitialized Data Size : 0 Entry Point : 0x11a81 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1.3.0.3130 Product Version Number : 1.3.0.3130 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Jywyluocc Vhpbrgajfmp File Description : TDC ActiveX Control File Version : 1, 3, 0, 3130 Internal Name : TDC Legal Copyright : Copyright © 1996, 1997 Original Filename : TDC.OCX Product Name : Tabular Data Control Product Version : 1, 3, 0, 3130
VirusTotal Report submitted 2012-09-24 13:39:59
VirusShare info last updated 2012-09-27 22:21:02

	MD5	365f87df4ced074985fe81db1a209725
	SHA1	7284b6feda733b859788f39b2a5cedd47091bdb2
	SHA256	db63e9d4ace71e07ca1cc79372b98fda22eea683969642f04a0dd758365b36c7
SSDeep	3072:+9b1IVLs05WNzmn+ODzEu8JKXBGfK/R8utxXzqCvA2D34x:EI20okfurfKBHp1D3Q
Size	115200 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Crypt.XPACK.Gen Avast = Win32:MalOb-GD [Cryp] Antiy-AVL = Trojan/win32.agent.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Vundo Panda = Trj/Genetic.gen Rising = Trojan.Vundo!3CB2 K7AntiVirus = Trojan TrendMicro-HouseCall = TROJ_GEN.R72C2H8 Emsisoft = Trojan.Win32.Pirminay!IK Comodo = TrojWare.Win32.Kryptik.LLT SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[Cont] McAfee-GW-Edition = Vundo.gen.fy DrWeb = Trojan.WinSpy.1276 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Vundo TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Generic.fnxb McAfee = Vundo.gen.fy F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.BDEZ Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = Trojan.Vundo!gen9 Commtouch = W32/Virtumonde.CH.gen!Eldorado Agnitum = Trojan.Kryptik!Qgm1B5LvPeU TheHacker = Trojan/Kryptik.llt ESET-NOD32 = a variant of Win32/Kryptik.LLT BitDefender = Gen:Variant.Vundo.4
ExIF Data	File Size : 112 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:06:11 15:18:07-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 102400 Initialized Data Size : 49152 Uninitialized Data Size : 0 Entry Point : 0x19601 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.0.0.3422 Product Version Number : 2.0.0.3422 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : Rlikrttkj Ibietanazzz File Description : Jugqectay Character Animation Data Provider File Version : 2.00.0.3422 Internal Name : AgentDataProvider2 Legal Copyright : Copyright (C) Bhgtbibxy Corp. 1997-98 Legal Trademarks : Original Filename : AgentDp2.dll Private Build : Product Name : Nrrmupjma Character Animation Data Provider Product Version : 2.00.0.3422 Special Build :
VirusTotal Report submitted 2012-09-24 21:39:01
VirusShare info last updated 2012-09-27 23:51:43

	MD5	3e5cfbc70efee33065eec43ec350f169
	SHA1	88dd7d5cd3e573aa47b8caf48d9ee1dc100d3b04
	SHA256	d72528d247ab44141802902e49c231ee8e392c0cb7874e64ff0403279586cc90
SSDeep	3072:ifLQgHOSU8Q8zM97tu1G31fyujo0MqqDLy/X4SV8:wLQgG8zqha8UqqDLupV8
Size	118784 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-HH [Cryp] Ikarus = Trojan.Win32.Pirminay Kingsoft = Win32.Troj.Genome.(kcloud) Panda = Trj/Genetic.gen Rising = Trojan.Vundo!3CB2 K7AntiVirus = Trojan TrendMicro-HouseCall = TROJ_GEN.R4FC1KO Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Kundo McAfee-GW-Edition = Vundo.gen.fy DrWeb = Trojan.Click1.63787 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Generic.aaznh McAfee = Vundo.gen.fy F-Secure = Gen:Variant.Vundo.16 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Vundo.MH Norman = W32/Suspicious_Gen2.QGCUW Sophos = Troj/Virtum-Gen Symantec = Trojan.Gen GData = Gen:Variant.Vundo.16 Commtouch = W32/Virtumonde.CH.gen!Eldorado Agnitum = Trojan.Vundo!xBA9t6jER3I TheHacker = Trojan/Genome.srdh ESET-NOD32 = probably a variant of Win32/Kryptik.LXF BitDefender = Gen:Variant.Vundo.16
ExIF Data	File Size : 116 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:16 03:31:27-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 40960 Initialized Data Size : 118784 Uninitialized Data Size : 0 Entry Point : 0x6ec2 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1998.11.13.0 Product Version Number : 7.0.6.23 File Flags Mask : 0x003f File Flags : (none) File OS : Win16 Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Windows, Latin1 Platform : Windows Company Name : Microsoft Corporation File Description : SQL Client Configuration Utility. File Version : 1998.11.13 Internal Name : CLICONFG. Legal Copyright : Copyright © Microsoft Corp. 1988-1998 Legal Trademarks : Microsoft® is a registered trademark of Microsoft Corporation. Windows(TM) is a trademark of Microsoft Corporation Original Filename : CLICONFG.EXE. Product Name : Microsoft SQL Server Product Version : 7.00.623 Comments : Windows
VirusTotal Report submitted 2012-09-25 00:31:16
VirusShare info last updated 2012-09-28 00:15:50

	MD5	6e1e2ba850d32a2d394a21b20311f231
	SHA1	a130052d1f8d9f036d3ba045d58b605014e55977
	SHA256	d689e7d56bff1d3aaa2cda873d2a2c41f2504b7a3556486f0d1049aa029c6920
SSDeep	3072:ZDb1IVLs05WNzmn+OPDERKiKXBGfK/U8uSxXCqCDA5D3wx:LI20okf+rfK6u6qD34
Size	115200 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Crypt.XPACK.Gen Avast = Win32:MalOb-GD [Cryp] Antiy-AVL = Trojan/win32.agent.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Vundo Panda = Trj/Genetic.gen Rising = Trojan.Vundo!3CB2 K7AntiVirus = Trojan TrendMicro-HouseCall = TROJ_SPNR.15L511 Comodo = TrojWare.Win32.Kryptik.LLT Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[Cont] McAfee-GW-Edition = Vundo.gen.fy DrWeb = Trojan.WinSpy.1276 TrendMicro = TROJ_SPNR.15L511 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Generic.fnxb McAfee = Vundo.gen.fy F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Vundo.MH Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen Symantec = Trojan.Gen GData = Gen:Variant.Vundo.4 Commtouch = W32/Virtumonde.CH.gen!Eldorado Agnitum = Trojan.Kryptik!5R75EN8Jyho TheHacker = Trojan/Kryptik.llt ESET-NOD32 = a variant of Win32/Kryptik.LLT BitDefender = Gen:Variant.Vundo.4
ExIF Data	File Size : 112 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:06:11 15:18:07-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 102400 Initialized Data Size : 49152 Uninitialized Data Size : 0 Entry Point : 0x19601 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.0.0.3422 Product Version Number : 2.0.0.3422 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : Rlikrttkj Ibietanazzz File Description : Jugqectay Character Animation Data Provider File Version : 2.00.0.3422 Internal Name : AgentDataProvider2 Legal Copyright : Copyright (C) Bhgtbibxy Corp. 1997-98 Legal Trademarks : Original Filename : AgentDp2.dll Private Build : Product Name : Nrrmupjma Character Animation Data Provider Product Version : 2.00.0.3422 Special Build :
VirusTotal Report submitted 2012-09-25 16:59:47
VirusShare info last updated 2012-09-28 02:50:49

	MD5	74c0b552e079a8a90d54950579bc8d70
	SHA1	065800931eaa9daaf6fee4cfb9e391ec8d507306
	SHA256	c5ce2979e3c79af18b3fce1351ddeaf049043096e5fda886c17cb0521167ebae
SSDeep	3072:xQNAWg4N5n3Ub5aszzLP5O6y1wjkWgXpNmCdAlUMmfgHPFsiqMqqDLy/JdJm:zuNpkbImOgoTMmfgH2mqqDLuB
Size	184320 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-HH [Cryp] Ikarus = Trojan.Win32.Pirminay Kingsoft = Win32.Troj.Generic.(kcloud) AhnLab-V3 = Trojan/Win32.Vundo Panda = Suspicious file Rising = Trojan.Vundo!3CB2 K7AntiVirus = Trojan TrendMicro-HouseCall = TROJ_GEN.R4FC2I7 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Vundo McAfee-GW-Edition = Heuristic.BehavesLike.Win32.Suspicious-DTR.K DrWeb = Trojan.Click1.54577 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Generic.adtdl McAfee = Vundo.gen.fy F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Vundo.MH Norman = W32/Suspicious_Gen2.QGICE Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado Agnitum = Trojan.Vundo.Gen!Pac.49 TheHacker = Trojan/Kryptik.llt ESET-NOD32 = a variant of Win32/Kryptik.LLT BitDefender = Gen:Variant.Vundo.4
ExIF Data	File Size : 180 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2007:02:28 11:10:14-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 106496 Initialized Data Size : 118784 Uninitialized Data Size : 0 Entry Point : 0x162e2 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Disk Management DCOM Interface Stub File Version : 6.0.6000.16386 (vista_rtm.061101-2205) Internal Name : dmintf.dll Legal Copyright : Copyright© 1985-2002 Microsoft Corporation. All rights reserved. .Portions Copyright © 1997-2002 Veritas Software. All rights reserved. Original Filename : dmintf.dll Product Name : Microsoft® Windows® Operating System Product Version : 6.0.6000.16386
VirusTotal Report submitted 2012-09-25 19:02:32
VirusShare info last updated 2012-09-28 03:18:24

	MD5	ac90318f9362f82a3b4b76872aa13027
	SHA1	faf040cb608a915f7fa60d201c857fbc90d75f7d
	SHA256	93f9322882be73f3b431d7581c44f6d63fde287bf7c78020fc6b2c5d524d95f2
SSDeep	3072:ZcI67khjYVYFnVpRrBOrD+CnB2lrNlC3sse3OqdScR:+s0C/0yq2racR3V
Size	112128 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-GD [Cryp] Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.HDC Panda = Suspicious file Rising = Trojan.Vundo!3CB2 nProtect = Trojan/W32.Vundo.112128.B K7AntiVirus = Trojan TrendMicro-HouseCall = TROJ_GEN.R1CC2EU Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[Cont] McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.WinSpy.1261 Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Malware_fam.NB PCTools = Trojan.Gen TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Genome.biid McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Generic!BT F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.ZVC Norman = W32/Kryptik.AIF GData = Gen:Variant.Vundo.13 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado Agnitum = Trojan.Kryptik!pfCEbRXQjQw ESET-NOD32 = a variant of Win32/Kryptik.NDI BitDefender = Gen:Variant.Vundo.13
ExIF Data	File Size : 110 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:18 16:37:34-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 61440 Initialized Data Size : 94208 Uninitialized Data Size : 0 Entry Point : 0xc171 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 0.3.0.0 Product Version Number : 6.0.5479.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 1 Language Code : English (U.S.) Character Set : Unicode Company Name : Mujugavzr Ipyszyqabbe File Description : Canon BJ Mini Printer Driver File Version : 6.0.5479.0 (vbl_wcp_d2_drivers.060616-1619) Internal Name : CNB80.DLL Legal Copyright : © Ckepiclsx Uzudgoymaxf. All rights reserved. Original Filename : CNB80.DLL Product Name : Xlzuhwnww® Qcleyez® Cqlthejky Zxanjr Product Version : 6.0.5479.0
VirusTotal Report submitted 2012-09-26 16:54:35
VirusShare info last updated 2012-09-28 09:49:26

	MD5	bec960c01407116aeb67a208bbf16a53
	SHA1	8f886da6d5bd5f858ede70342326a94708ebc117
	SHA256	ccbf138549f49ca93dbcf55a896a2a6f7c984c66f1f969a26651c4bd0e252b90
SSDeep	3072:qz8A8Me7T/nP3WivSVORTN1hCXn1wMwHyaXnTcRJG7LwiPa+xt6IPRZZKBu:qzmMe7D3uVfwMwp7MvHIQ
Size	150016 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:MalOb-GD [Cryp] Ikarus = Trojan.Win32.Pirminay Panda = Trj/Genetic.gen Rising = Trojan.Vundo!3CB2 K7AntiVirus = Trojan eScan = Gen:Heur.Ranpax.1 TrendMicro-HouseCall = TROJ_GEN.R4FC2IG Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[Cont] McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.WinSpy.1313 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Vundo TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Generic.gdwr McAfee = Generic Malware.ms F-Secure = Gen:Heur.Ranpax.1 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.BUFF Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Heur.Ranpax.1 Symantec = Trojan.Vundo!gen9 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.ndf Agnitum = Trojan.Kryptik!35w05Pep+Pg BitDefender = Gen:Heur.Ranpax.1 ESET-NOD32 = a variant of Win32/Kryptik.NDF
ExIF Data	File Size : 146 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2007:02:25 23:57:15-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 139264 Initialized Data Size : 53248 Uninitialized Data Size : 0 Entry Point : 0x22691 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Sqdxuwjyv Jtzvdxwxyfz File Description : RD Gateway QEC File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : tsgqec.dll Legal Copyright : © Pfsomcmvl Jfkoqfylawb. All rights reserved. Original Filename : tsgqec.dll Product Name : Qidllkosj® Windows® Mphwnomth Jumiqu Product Version : 6.1.7600.16385
VirusTotal Report submitted 2012-09-26 23:43:13
VirusShare info last updated 2012-09-28 12:25:55

	MD5	03950fc01ff53707cd99e087cce8f5fd
	SHA1	610425204d08be24f10283724821ae2fda82789b
	SHA256	8ec20ef8b0578693b2baf8b8f8e01cb742edfc9f9cfe06818ca85a28e7d2e74d
SSDeep	3072:HQvg54N5n3UbJ8szzSP4y63wnXg3/NmCdIlUMmfgHPFsiXMqqDLy/TdJm:YxNpkbmMytELMmfgH2TqqDLu/
Size	184320 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-HH [Cryp] Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Vundo Rising = Trojan.Win32.Generic.128ACCBD K7AntiVirus = Riskware VirusBuster = Trojan.Vundo.Gen!Pac.49 eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R4FC1KO Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Vundo.av McAfee-GW-Edition = Vundo!jv DrWeb = Trojan.Click1.54577 TrendMicro = TROJ_GEN.R4FC1KO Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen McAfee = Vundo!jv F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) eSafe = Win32.TRVundo F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.ACTC Norman = W32/Suspicious_Gen2.NQBXQ Symantec = Trojan.Gen.2 GData = Gen:Variant.Vundo.4 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.llt BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LLT
ExIF Data	File Size : 180 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2007:02:28 11:10:14-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 106496 Initialized Data Size : 118784 Uninitialized Data Size : 0 Entry Point : 0x162e2 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Disk Management DCOM Interface Stub File Version : 6.0.6000.16386 (vista_rtm.061101-2205) Internal Name : dmintf.dll Legal Copyright : Copyright© 1985-2002 Microsoft Corporation. All rights reserved. .Portions Copyright © 1997-2002 Veritas Software. All rights reserved. Original Filename : dmintf.dll Product Name : Microsoft® Windows® Operating System Product Version : 6.0.6000.16386
VirusTotal Report submitted 2012-02-13 08:54:29
VirusShare info last updated 2012-09-29 05:17:10

	MD5	05f146fd6d1787b90b69768478f14f08
	SHA1	4e2c8f6487ca3df5a5a3e979889b1ba054776680
	SHA256	8369eaf495dfed933e0b15a11a58bd58cbafc6eab23319374cd634310ea15763
SSDeep	3072:S+Xg6rU50oY8ACSQyFQcXAb2rdFzSMqqDLy/DoDbc:yekTyO0AcFzxqqDLuD
Size	131072 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:Vundo-JX Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.4 VirusBuster = Trojan.Vundo.AKMH eTrust-Vet = Win32/Vundo.HPV!genus Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Vundo!ja Microsoft = Trojan:Win32/Vundo.gen!AV McAfee = Vundo!ja F-Secure = Gen:Variant.Vundo.4 VIPRE = Virtumonde Avast5 = Win32:Vundo-JX AVG = Generic23.AHOP GData = Gen:Variant.Vundo.4 BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Size : 128 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:05 18:48:40-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 86016 Initialized Data Size : 86016 Uninitialized Data Size : 0 Entry Point : 0x151a7 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.1.4026.0 Product Version Number : 2.0.0.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : Ncpniezam Kdqqjqacykd File Description : Movie Maker Filters File Version : 2, 1, 4026, 0 Internal Name : WMM2FILT Legal Copyright : Copyright (C) Lfwckqjlh Corp, 2004 Legal Trademarks : Original Filename : WMM2FILT.DLL Private Build : Product Name : Windows Movie Maker Product Version : 2.1.4026.0 Special Build :
VirusTotal Report submitted 2011-07-03 06:48:09
VirusShare info last updated 2012-09-29 07:42:29

	MD5	0862b37786f85994d8f3b4e856ece86a
	SHA1	866926550e6fade5b43179228d3d1a1804bf2722
	SHA256	84211e8fff8551e6060828804e8630c0c7a92d6ae5a6c4c61e1e24ead5cc1362
SSDeep	3072:S+KB6rU50oY8ACZab1cXiB9iHdFzpMqqDLy/uoDbc:KekyZ0iz4FziqqDLuu
Size	131072 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:Vundo-JX [Trj] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/Genetic.gen nProtect = Gen:Variant.Vundo.4 VirusBuster = Trojan.Vundo.AKMH eTrust-Vet = Win32/Vundo.HPV!genus TrendMicro-HouseCall = TROJ_GEN.R72C1GB Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Vundo!ja TrendMicro = TROJ_GEN.R72C1GB Microsoft = Trojan:Win32/Vundo.gen!AV PCTools = Trojan.Gen McAfee = Vundo!ja F-Secure = Gen:Variant.Vundo.4 VIPRE = Virtumonde Avast5 = Win32:Vundo-JX [Trj] eSafe = Win32.TRVundo AVG = Generic23.AJII Norman = W32/Suspicious_Gen2.NIVZO Symantec = Trojan.Gen GData = Gen:Variant.Vundo.4 BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Size : 128 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:05 18:48:40-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 86016 Initialized Data Size : 86016 Uninitialized Data Size : 0 Entry Point : 0x151a7 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.1.4026.0 Product Version Number : 2.0.0.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : Ncpniezam Kdqqjqacykd File Description : Movie Maker Filters File Version : 2, 1, 4026, 0 Internal Name : WMM2FILT Legal Copyright : Copyright (C) Lfwckqjlh Corp, 2004 Legal Trademarks : Original Filename : WMM2FILT.DLL Private Build : Product Name : Windows Movie Maker Product Version : 2.1.4026.0 Special Build :
VirusTotal Report submitted 2011-07-20 09:07:30
VirusShare info last updated 2012-09-29 10:04:23

	MD5	147960bde00f8460af24a23d1a30a86c
	SHA1	1e42c2f91475cc765d9107f38a4a5f98929df5a0
	SHA256	8b81bdaf9e63fe1213c600379091ccdebc9b20a44e9127c5bf3eef636562b2c3
SSDeep	1536:m+Knd7BmGiOz9shJ1iYqcboiLQ3Fj1CnCRJZutMqqU+NV23S2g:mN0GiOSz1iYXbog8ktMqqDLy/g
Size	86528 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:Vundo-JW Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.FakeAV Panda = Suspicious file nProtect = Gen:Variant.Vundo.4 McAfee-GW-Edition = Generic.evx!a Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo PCTools = Trojan.Gen Jiangmin = Trojan/Generic.gije McAfee = Generic.evx!a F-Secure = Gen:Variant.Vundo.4 VIPRE = Virtumonde Avast5 = Win32:Vundo-JW AVG = Generic23.ABRI Norman = W32/Suspicious_Gen2.NAWCA Symantec = Trojan.Gen.2 GData = Gen:Variant.Vundo.4 TheHacker = Trojan/Kryptik.owy BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.OWY
ExIF Data	File Size : 84 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:13 09:32:51-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 32768 Initialized Data Size : 106496 Uninitialized Data Size : 0 Entry Point : 0x8a87 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Softpub Forwarder DLL File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : Softpub Forwarder DLL Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : Softpub Forwarder DLL Product Name : Microsoft® Windows® Operating System Product Version : 6.1.7600.16385
VirusTotal Report submitted 2011-06-30 05:02:11
VirusShare info last updated 2012-09-29 16:31:36

	MD5	17b5076ef051016ff90d2355d056fec7
	SHA1	a292bd882941e4ece69fd04594c9f13a2cda31b9
	SHA256	3f9d6f049fe3ab144f82bb60a817b081f980c56c0486b4e6135f9ee02b1b66d8
SSDeep	3072:EBpZxWfCwzA7900vKrlyKnBHwdnMRwaDdSO:ExwzA79PvK1BQVonN
Size	114688 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-GD [Cryp] Antiy-AVL = Trojan/Win32.Agent2.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.FakeAV K7AntiVirus = Riskware eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R4FC1KN Emsisoft = Trojan.Win32.Pirminay!IK Comodo = TrojWare.Win32.Agent.onm SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[Cont] McAfee-GW-Edition = Vundo!lm DrWeb = Trojan.Siggen3.42285 TrendMicro = TROJ_GEN.R4FC1KN Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Agent.evtk McAfee = Vundo!lm F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.ONM Norman = W32/Suspicious_Gen2.QIDHF Symantec = Trojan.Gen GData = Gen:Variant.Vundo.13 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.ndi BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.NDI
ExIF Data	File Size : 112 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:09:23 03:29:11-04:00 PE Type : PE32 Linker Version : 5.12 Code Size : 45056 Initialized Data Size : 102400 Uninitialized Data Size : 0 Entry Point : 0x8131 OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.0.2134.1 Product Version Number : 5.0.2134.1 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Drdqvcasxqo File Description : Control Panel Console Applet File Version : 5.00.2134.1 Internal Name : Console Legal Copyright : Copyright (C) Tpfkytyvm Corp. 1981-1999 Original Filename : CONSOLE.DLL Product Name : Vhnvgfrur(R) Pnqxxto (R) 2000 Wqrkstcaa Jqirqf Product Version : 5.00.2134.1
VirusTotal Report submitted 2012-02-17 16:12:32
VirusShare info last updated 2012-09-29 17:22:44

	MD5	1a32485b9df315350d1e3f976eefdd09
	SHA1	f0c7b0de2525da10860a09274c913ef925db2182
	SHA256	8780a7e3b2819e94f546cbbff75f452da93fe93a149cd7a827806a5025b6e8ae
SSDeep	3072:s/inT2Lwz3ldgQtfj9iuoSPzr+1sZPPlGbGbdLrMvKYiakH7:s/iT2Uz1dgITJPI4PZbdMvRi7
Size	150016 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.307200 Avast = Win32:Vundo-JU [Trj] Antiy-AVL = Trojan/Win32.Monder.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Vundo Panda = Generic Trojan Rising = Trojan.Win32.Generic.129659EC nProtect = Trojan/W32.Vundo.150016.B K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!gxyIzvTdSfQ eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R28C1EC Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[Cont] McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.Virtumod.10208 TrendMicro = TROJ_GEN.R28C1EC Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Monder.abyl McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Cryptic.DSU Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.lxf BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Size : 146 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:04:14 23:19:50-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 94208 Initialized Data Size : 102400 Uninitialized Data Size : 0 Entry Point : 0x13f35 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 2 Language Code : Neutral Character Set : Unicode Company Name : Wdtozaoqi Wnrxmqwlglv File Description : Arabic_French_102 Keyboard Layout File Version : 6.0.6000.16386 (tvvmg_rtm.061101-2205) Internal Name : kbda3 (3.13) Legal Copyright : © Vcnhbzhqo Yhetcarnakf. All rights reserved. Original Filename : kbda3.dll Product Name : Juionegxd® Wphxkgi® Yxfjtgdks Ygmtbf Product Version : 6.0.6000.16386
VirusTotal Report submitted 2012-02-14 13:11:45
VirusShare info last updated 2012-09-29 18:03:36

	MD5	1a7d027db89167cea43c362186c09049
	SHA1	bb8b1242a9ed830545d7aaeed53d39b59010363d
	SHA256	8374e59d5e9b594ba61518e27db9e6caa0dbb1493e7f83ce1aee13f0619f7284
SSDeep	1536:+bfRH6Xw8GvgqFw1yqDh/3YxlHc/JwwAUDN0pvuWHk1q/WcD+Ym:+bfp6A8GvHw1yqalHOwwAKYvuWHk1Pc
Size	122880 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.A.465 Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Gen Panda = Trj/CI.A TrendMicro-HouseCall = TROJ_GEN.R1BC2E1 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Faldesc[RE] TrendMicro = TROJ_GEN.R1BC2E1 Microsoft = Trojan:Win32/Vundo PCTools = Trojan.Gen F-Secure = Trojan.Generic.KDV.204768 VIPRE = Virtumonde Prevx = Medium Risk Malware Dropper Avast5 = Win32:Malware-gen AVG = Generic22.VZI Symantec = Trojan.Gen.2 GData = Trojan.Generic.KDV.204768 BitDefender = Trojan.Generic.KDV.204768 NOD32 = probably a variant of Win32/Kryptik.LXF
ExIF Data	File Size : 120 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:31 12:52:00-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 28672 Initialized Data Size : 126976 Uninitialized Data Size : 0 Entry Point : 0x4191 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.6.0.8820 Product Version Number : 5.6.0.8820 File Flags Mask : 0x0003 File Flags : (none) File OS : Win32 Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Zrrvjhlxa Xxkkdbbfipg File Description : Tzgjeklgi (r) Ubvnnpr Based Script Host File Version : 5.6.0.8820 Internal Name : wscript.exe Legal Copyright : Copyright © Iuhodjotu Corp. 2002 Original Filename : wscript.exe Product Name : Chdwcsmae (r) Wukkftq Script Host Product Version : 5.6.0.8820
VirusTotal Report submitted 2011-05-03 09:19:59
VirusShare info last updated 2012-09-29 18:08:16

	MD5	1ba5ef1c14030bdaa3d37be495d44d00
	SHA1	ac1aa9ddc5291a2fd40672fccdb5d0049206985d
	SHA256	33f5a4414d0645933d57aa09cc0415e1af874f904d2ab7753dae3e5c5d0a5500
SSDeep	3072:S+xP6rU50oY8AC0cHl8cXyckJ0MdFz/MqqDLy/aHoDbc:bek3HK0yc2FzUqqDLuaH
Size	131072 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:Vundo-JX Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.4 VirusBuster = Trojan.Vundo.AKMH eTrust-Vet = Win32/Vundo.HPV!genus Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Vundo!ja Microsoft = Trojan:Win32/Vundo.gen!AV PCTools = Trojan.Gen McAfee = Vundo!ja F-Secure = Gen:Variant.Vundo.4 VIPRE = Virtumonde Avast5 = Win32:Vundo-JX AVG = Generic23.AEGF Symantec = Trojan.Gen GData = Gen:Variant.Vundo.4 BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Size : 128 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:05 18:48:40-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 86016 Initialized Data Size : 86016 Uninitialized Data Size : 0 Entry Point : 0x151a7 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.1.4026.0 Product Version Number : 2.0.0.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : Ncpniezam Kdqqjqacykd File Description : Movie Maker Filters File Version : 2, 1, 4026, 0 Internal Name : WMM2FILT Legal Copyright : Copyright (C) Lfwckqjlh Corp, 2004 Legal Trademarks : Original Filename : WMM2FILT.DLL Private Build : Product Name : Windows Movie Maker Product Version : 2.1.4026.0 Special Build :
VirusTotal Report submitted 2011-07-01 03:29:33
VirusShare info last updated 2012-09-29 18:28:12

	MD5	1bac3cac30dc41bcd32bf0cadd9a3644
	SHA1	f68b6f08fbdbf41ffbf0e18fecdd976cab90faa0
	SHA256	5d3973b9201949be7007a9e23cac398b009e2e16276481647d07cc5106d10660
SSDeep	3072:3QPpIIAJcl8C2CAdtAEpgsS0Aq6EUwQfrZb2ozMqqDLy/bo89lEcAEAJn06L+gUx:spI0NAdDpG0xKwUZbKqqDLubBABc
Size	161280 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:Pirminay-BU [Trj] Antiy-AVL = Trojan/win32.agent.gen Ikarus = Trojan.Win32.Pirminay Panda = Suspicious file K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!IEMx2CZGKl4 eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R72C2GB Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Vundo McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.MulDrop2.36782 TrendMicro = TROJ_GEN.R72C2GB Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.4 VIPRE = Virtumonde eSafe = Win32.TRVundo F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.AJJY Norman = W32/Suspicious_Gen2.NIVWZ Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.16 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.llt BitDefender = Gen:Variant.Vundo.16 NOD32 = a variant of Win32/Kryptik.LLT
ExIF Data	File Size : 158 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:21 05:50:29-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 81920 Initialized Data Size : 131072 Uninitialized Data Size : 0 Entry Point : 0x1104e OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : Debug File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Hqdbakkuz Vpjhdilpkof File Description : Query Session Utility File Version : 5.1.2600.0 (udrkcflm.010817-1148) Internal Name : qwinsta Legal Copyright : © Fqzusyduu Wmiflszlvgt. All rights reserved. Original Filename : qwinsta.exe Product Name : Ihbepbomv® Vgylorr® Rlhysvted Hpxbja Product Version : 5.1.2600.0
VirusTotal Report submitted 2012-02-20 02:34:20
VirusShare info last updated 2012-09-29 18:28:38

	MD5	1fcfce9466712f3f2743c10b9f46c6b0
	SHA1	852446f4b22e7172255461730821dc2e24ca0d6f
	SHA256	5ffc0cbd10d0540af539d0c874fa90f1f871c27e7bc042d5ca043a2496a52c47
SSDeep	3072:BYCFb8BoJlvOUG1dKlicOeWhixmsQZD2C6jtaJA5GIl8F3CoGVMqqDLy/W1W:uCF153GXK+eWAhdwIlQXqqDLugW
Size	188928 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Crypt.XPACK.Gen Avast = Win32:MalOb-HF [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Suspicious file K7AntiVirus = Riskware VirusBuster = Trojan.Vundo.Gen!Pac.49 eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R04C2GN Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Vundo!jy DrWeb = Trojan.MulDrop2.36782 TrendMicro = TROJ_GEN.R04C2GN Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.irfm McAfee = Vundo!jy F-Secure = Gen:Variant.Katusha.5 VIPRE = Virtumonde F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.AELP Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Katusha.5 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.lxf BitDefender = Gen:Variant.Katusha.5 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Size : 184 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:11 22:43:04-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 147456 Initialized Data Size : 90112 Uninitialized Data Size : 0 Entry Point : 0x20b82 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.0.0.3422 Product Version Number : 2.0.0.3422 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : Microsoft Corporation File Description : Microsoft Agent Data Provider File Version : 2.00.0.3422 Internal Name : AgentDataProvider Legal Copyright : Copyright (C) Microsoft Corp. 1997-98 Legal Trademarks : Original Filename : AgentDpv.dll Private Build : Product Name : Microsoft Agent Data Provider Product Version : 2.00.0.3422 Special Build :
VirusTotal Report submitted 2012-03-10 02:33:50
VirusShare info last updated 2012-09-29 19:35:14

	MD5	208483b7ef9eae05ad839132b63cf374
	SHA1	a7d568916b548ceb1d75f1a60f55f8f634f6bb66
	SHA256	364aca5a3a91f5ccbd183fd41729494705afdeb79f9fea0c94fa04527f6ac541
SSDeep	1536:uSmggek1m8qfx+66KO3fm131s2piqihB3lbfBGkepgMuuoNz0+kFlCJ:u7gM1qfx+63Sfq1nTm1bEke6rwFlCJ
Size	92160 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.abb Avast = Win32:MalOb-EI Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Malware/Win32.Generic Panda = Trj/CI.A VBA32 = AdWare.SuperJuan.yox Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Vundo.av SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp Microsoft = Trojan:Win32/Vundo.gen!AV ViRobot = Trojan.Win32.Vundo.92160 PCTools = Trojan.Gen F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-EI AVG = Generic21.AEMF Symantec = Trojan.Gen GData = Gen:Variant.Vundo.13 TheHacker = Trojan/Kryptik.gnd BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.GND
ExIF Data	File Size : 90 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:13 18:54:53-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 77824 Initialized Data Size : 57344 Uninitialized Data Size : 0 Entry Point : 0x10635 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6001.18000 Product Version Number : 6.0.6001.18000 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Occsuxmnx Afgqkhlrldo File Description : Network Policy Server File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840) Internal Name : IAS.DLL Legal Copyright : © Flrtrdzsk Abkngwstchl. All rights reserved. Original Filename : IAS.DLL Product Name : Zradnbevw® Tehokqj® Kamtxzehe Zmjhhs Product Version : 6.0.6001.18000
VirusTotal Report submitted 2011-05-06 15:50:06
VirusShare info last updated 2012-09-29 19:45:10

	MD5	21814dd00ac3a5940954eb26a8d5bb6e
	SHA1	5c47ea06d96cc50866f7003f76d4aa97a2b6153b
	SHA256	8ab1bd359199d75a5fe77d703a09c47eb0dc9fd6ac0736962b9d334218047445
SSDeep	1536:ad/x0xqYvYyDK0uwPk6TSC32GWHwhmSuizuf+4zWfQRbtbj8RdSZKRzQUA4ou1/o:ad/xAqYvYyDK0u0k6TSC32Gkwh3vzuf9
Size	98304 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-GD [Cryp] Antiy-AVL = Trojan/win32.agent.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Gen Panda = Trj/Sinowal.WXO K7AntiVirus = Riskware VirusBuster = Trojan.Vundo!oVrMdglqr+Q VBA32 = Adware.Virtumonde.nhd eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R4FC2GC Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Vundo SUPERAntiSpyware = Trojan.Agent/Gen-FakeAlert[Rn] McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.WinSpy.1362 TrendMicro = TROJ_GEN.R4FC2GC Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.jets McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.YMU Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen.2 Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Gen:Variant.Vundo.4 NOD32 = Win32/Adware.Virtumonde.NHD
ExIF Data	File Size : 96 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:03:24 17:20:10-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 45056 Initialized Data Size : 94208 Uninitialized Data Size : 0 Entry Point : 0x8476 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7000.0 Product Version Number : 6.1.7000.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 4 Language Code : English (U.S.) Character Set : Unicode Company Name : Hjfjhodcs Scsvfvtdqvq File Description : RDP Encoder Miniport File Version : 6.1.7000.0 (winmain_win7beta.081212-1400) Internal Name : RDPENCDD.SYS Legal Copyright : © Yoeawklco Qqkzbzcfipi. All rights reserved. Original Filename : RDPENCDD.SYS Product Name : Fgfutbvzi® Qwbrgcl® Ooqntveaj Nwremz Product Version : 6.1.7000.0
VirusTotal Report submitted 2012-02-16 04:35:26
VirusShare info last updated 2012-09-29 20:00:54

	MD5	25019f59764a29be2bdeb62a60b3475f
	SHA1	726ab07ba5ecc4f99263a406fdf4132769f37e8f
	SHA256	8797f67e6285eb1bf89924d5cdd8a70618a5e9beee1a6e35a2097cc6e6e3f4e3
SSDeep	3072:VZ59t5hdvnFGJlQdW9f8kRlWMqqDLy/co:fnvFGYw9fqqDLu
Size	106496 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-HH [Cryp] Antiy-AVL = Trojan/Win32.Delf.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Genome Panda = Suspicious file K7AntiVirus = Riskware VirusBuster = Trojan.Vundo!OpZ8Iou1cQo eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R3EC1L9 Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Vundo.av SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[Cont] McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.MulDrop2.36782 TrendMicro = TROJ_GEN.R3EC1L9 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Vundo Jiangmin = TrojanDownloader.Delf.abna McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.4 VIPRE = Virtumonde eSafe = Win32.TRVundo AVG = Generic23.AOVK Norman = W32/Obfuscated.C2!genr Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = Trojan.Vundo!gen9 TheHacker = Trojan/Genome.sqcu BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.QGJ
ExIF Data	File Size : 104 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:09:07 22:36:33-04:00 PE Type : PE32 Linker Version : 6.0 Code Size : 36864 Initialized Data Size : 110592 Uninitialized Data Size : 0 Entry Point : 0x4c8e OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Skpmzzglk Corporation File Description : Japwccd Write File Version : 5.1.2600.0 (lusplhbl.010817-1148) Internal Name : write Legal Copyright : © Cgjeupiyp Pllcycjuauu. All rights reserved. Original Filename : write Product Name : Mvfgrdqcn® Ovzuisr® Optfepazy Mexelr Product Version : 5.1.2600.0
VirusTotal Report submitted 2012-02-19 18:34:39
VirusShare info last updated 2012-09-29 20:56:51

	MD5	25183394cedcfa4d91410a0d6eb32082
	SHA1	c1f19343a6bc87c3dcbcab149fff273cbcacff6c
	SHA256	5d3b7fc212612f6078c191199b6cacc759fa5f78ed56c5ed80b1b068b99c1a8a
SSDeep	3072:rcKKouPhPiUFBJCmC02LTAZcZTko2lsjqEOTjz:rvKrpPCXxjIj
Size	147456 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Ikarus = Trojan.Win32.Pirminay Panda = Generic Trojan nProtect = Gen:Variant.Vundo.13 VirusBuster = Trojan.Kryptik!okllXEUJj3k VBA32 = AdWare.SuperJuan.heur TrendMicro-HouseCall = TROJ_GEN.R30C2E3 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Vundo.av SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[Cont] McAfee-GW-Edition = Artemis!25183394CEDC TrendMicro = TROJ_GEN.R30C2E3 Microsoft = Trojan:Win32/Vundo.gen!AV McAfee = Artemis!25183394CEDC F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:Vundo-JU eSafe = Win32.TRVundo AVG = Generic21.ASCK Norman = W32/Suspicious_Gen2.LWFCC GData = Gen:Variant.Vundo.13 TheHacker = Trojan/Kryptik.gnd BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.GND
ExIF Data	File Size : 144 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:26 13:42:50-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 86016 Initialized Data Size : 94208 Uninitialized Data Size : 0 Entry Point : 0x12651 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 4.10.0.1998 Product Version Number : 4.10.0.1998 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Windows, Latin1 Company Name : Elacfsggt Trnahxywymp File Description : Bezier Screen Saver File Version : 4.10.1998 Internal Name : BEZIER Legal Copyright : Copyright (C) Lorrkjfen Corp. 1991-1998 Original Filename : BEZIER.SCR Product Name : Jsoucuwow(R) Lexflgo(R) Oxzkzsbet Uqggiz Product Version : 4.10.1998
VirusTotal Report submitted 2011-05-20 15:44:27
VirusShare info last updated 2012-09-29 20:58:18

	MD5	251cb13226db8ba54eb07c59ec2a61bd
	SHA1	5b40543187acec7deed3d71ac56be206d33e81a9
	SHA256	5cf5149d5655cb6a9f98687165caa7184033d91a57279b47298c59e4729fc910
SSDeep	3072:gQGrAkgw3qCjmSk1uv1GSDtRm7uVGMovZ0a1n8DOn4MqqDLy/v9nqR8b:NkgCmSwuvISxIQGJ0jDOzqqDLuV
Size	180224 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:Pirminay-BU [Trj] Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Genome Panda = Suspicious file Rising = Trojan.Win32.Generic.1289D33E nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware VirusBuster = Trojan.Genome!BXALZZT4IkI eTrust-Vet = Win32/Vundo.HRU TrendMicro-HouseCall = TROJ_GEN.R47C2FP Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Artemis!251CB13226DB DrWeb = Trojan.MulDrop2.36782 TrendMicro = TROJ_GEN.R47C2FP Kaspersky = UDS:DangerousObject.Multi.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen McAfee = Artemis!251CB13226DB F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Pirminay-BU [Trj] F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.KBG Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.oxp BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.OXP
ExIF Data	File Size : 176 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2004:07:11 15:22:28-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 86016 Initialized Data Size : 135168 Uninitialized Data Size : 0 Entry Point : 0x119ca OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.3959 Product Version Number : 5.2.3790.3959 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Microsoft Server Appliance Services File Version : 5.2.3790.3959 (srv03_sp2_rtm.070216-1710) Internal Name : APPSRVCS.DLL Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : APPSRVCS.DLL Product Name : Microsoft® Windows® Operating System Product Version : 5.2.3790.3959
VirusTotal Report submitted 2011-09-12 09:21:29
VirusShare info last updated 2012-09-29 20:58:33

	MD5	2561ee868180277ca1374c04c503f6d2
	SHA1	9ddde81c496fc20ce9ded8948b772312ab02bbce
	SHA256	5dbaeddc9c7315a5cd8da8c6a9747bd04b3e4cf04aca6b7005eba02f09a665f7
SSDeep	3072:fhcnddRae0GSrGU0WdzsqQ5IQnglMMqqDLy/shmGTWp41AJh/H:fOnL8yJWS5/KqqDLu8mGTWcAr
Size	163840 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-HH [Cryp] Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Fakeav.163840.EV nProtect = Trojan/W32.Agent.163840.AFN K7AntiVirus = Riskware VirusBuster = Adware.Virtumonde!951L7HLEbj8 eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R4FC1IG Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Vundo McAfee-GW-Edition = Vundo!ki DrWeb = Trojan.Click2.449 TrendMicro = TROJ_GEN.R4FC1IG Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen McAfee = Vundo!ki F-Secure = Gen:Variant.TDss.65 VIPRE = Virtumonde eSafe = Win32.TRVundo F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.YXL Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.TDss.65 Symantec = Trojan.Gen.2 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Genome.sufl BitDefender = Gen:Variant.TDss.65 NOD32 = Win32/Adware.Virtumonde.NHD
ExIF Data	File Size : 160 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:14 06:08:13-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 86016 Initialized Data Size : 118784 Uninitialized Data Size : 0 Entry Point : 0x1147a OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.5479.0 Product Version Number : 6.0.5479.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : SEIKO EPSON CORPORATION File Description : EPSON Print Processor ESC/Page-S File Version : 6.0.5479.0 (vbl_wcp_d2_drivers.060616-1619) Internal Name : ep0lpp01.dll Legal Copyright : Copyright (c) SEIKO EPSON CORPORATION 2006. All rights reserved. Original Filename : ep0lpp01.dll Product Name : EPSON Print Processor ESC/Page-S Product Version : 6.0.5479.0
VirusTotal Report submitted 2012-02-20 15:30:35
VirusShare info last updated 2012-09-29 21:02:57

	MD5	2925c1115808fc469da9240a351da233
	SHA1	17a1be9831e38734124017b1a432468c6bc7c08e
	SHA256	301f78826b87f0266a3eeafd1e04378944839ae96aebdeb8527464b2fcb7477a
SSDeep	3072:vCJRV/o1MqqDLy/5fxgzsuOVVFlkXay0z:KPDqqDLuLecVfaU
Size	106496 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:Pirminay-BU [Trj] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.FakeAV Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.13 TrendMicro-HouseCall = TROJ_GEN.R47C2G4 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Artemis!2925C1115808 DrWeb = Trojan.MulDrop2.36782 TrendMicro = TROJ_GEN.R47C2G4 Microsoft = Trojan:Win32/Vundo McAfee = Artemis!2925C1115808 F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Pirminay-BU [Trj] AVG = Generic23.GEL Symantec = Suspicious.Cloud.5 GData = Gen:Variant.Vundo.13 TheHacker = Trojan/Kryptik.npr BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.NPR
ExIF Data	File Size : 104 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:08:22 16:27:15-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 36864 Initialized Data Size : 118784 Uninitialized Data Size : 0 Entry Point : 0x5e8e OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.5512 Product Version Number : 5.1.2600.5512 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 4 Language Code : English (U.S.) Character Set : Unicode Company Name : Hhkpnmodi Gztyebnxsek File Description : RDP Display Driver File Version : 5.1.2600.5512 (xpsp.080413-2111) Internal Name : RDPDD.dll Legal Copyright : © Flaqhafxi Kjvcqccrztv. All rights reserved. Original Filename : RDPDD.dll Product Name : Iaunetfay® Dljbfjb® Pbkgrfwtm Qhktdp Product Version : 5.1.2600.5512
VirusTotal Report submitted 2011-07-05 17:18:40
VirusShare info last updated 2012-09-29 22:25:43

	MD5	2b02e5c7000b40422f9338e24b9296be
	SHA1	65f69f3c650acef1fa7c783b8c908c785c64704e
	SHA256	3f8902c8cf0eeca8b291a6e4004fea132d678a524632c2c271f91a1a57df3d2f
SSDeep	1536:xBUtmGngD9shzJriYrcboqLQ3FB1CnCRJZuJMqqU+NV23S2H:xdGngC91iYoboS8kJMqqDLy/H
Size	86528 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Kaspersky = HEUR:Trojan.Win32.Generic Avast = Win32:MalOb-HH [Cryp] TotalDefense = Win32/Vundo.HSC Ikarus = Trojan.Win32.Pirminay Jiangmin = Trojan/Generic.gije McAfee = Vundo.gen.fy AhnLab-V3 = Trojan/Win32.FakeAV Panda = Trj/Genetic.gen K7AntiVirus = Trojan VirusBuster = Trojan.Kryptik!TrwquXEl+bM VIPRE = Virtumonde F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.WIO Norman = W32/Kryptik.AIF TrendMicro-HouseCall = TROJ_GEN.R72C2G1 CAT-QuickHeal = Trojan.Win32.Vundo.av5.AD SUPERAntiSpyware = Trojan.Agent/Gen-Vundo Commtouch = W32/Virtumonde.CH.gen!Eldorado McAfee-GW-Edition = Artemis!2B02E5C7000B TheHacker = Trojan/Kryptik.owy DrWeb = Trojan.WinSpy.1072 ESET-NOD32 = a variant of Win32/Kryptik.OWY
ExIF Data	File Size : 84 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:13 09:32:51-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 32768 Initialized Data Size : 106496 Uninitialized Data Size : 0 Entry Point : 0x8a87 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Softpub Forwarder DLL File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : Softpub Forwarder DLL Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : Softpub Forwarder DLL Product Name : Microsoft® Windows® Operating System Product Version : 6.1.7600.16385
VirusTotal Report submitted 2012-08-09 23:55:54
VirusShare info last updated 2012-09-29 23:13:11

	MD5	2ba7e203a935fa29189ac0e7a8731a6e
	SHA1	f413723949c28e5b693dd21e6b6c88520067af27
	SHA256	891b995ccec0062946f997fdfef171a54dcfa278b4bf5d015a6461104fc837ed
SSDeep	6144:sqSxQS+CQ2bpfkhlNn8l9JIADOGAbrzHJnb24Yph24d2D/Fbs2IEjy4TwUSefpuU:sqLpnourXrbvy4TGqmrQ
Size	247808 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	Ikarus = Trojan.Win32.Pirminay Emsisoft = Trojan.Win32.Pirminay!IK F-Secure = Gen:Variant.Vundo.4 AVG = Generic21.BESV GData = Gen:Variant.Vundo.4 BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Size : 242 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2005:03:15 06:36:59-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 172032 Initialized Data Size : 118784 Uninitialized Data Size : 0 Entry Point : 0x2724e OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.0.0.3422 Product Version Number : 2.0.0.3422 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : Dutch Character Set : Unicode Comments : Company Name : Epmaxbdkg Upciyksupla File Description : Nodfqaxsu Agent International Dll File Version : 2.00.0.3422 Internal Name : agt0413 Legal Copyright : Copyright (C) Dwjrmbzjv Corp. 1999 Legal Trademarks : Original Filename : agt0413.dll Private Build : Product Name : Dgrobozpq Agent International Dll Product Version : 2.00.0.3422 Special Build :
VirusTotal Report submitted 2011-05-02 17:23:57
VirusShare info last updated 2012-09-29 23:23:52

	MD5	2f85b5557a58659ddcd60996e29bc9e9
	SHA1	d6eba75676cc33b86c2876da8ff0a401043edb3f
	SHA256	556332cf63a431923ca25879e38012e23d2f53bec30df3648ad231931e729e97
SSDeep	3072:S+K06rU50oY8ACRl3ScXJXkXdFzLqMqqDLy/OoDbc:7ektC0JqFz1qqDLuO
Size	131072 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-HF [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Generic Trojan nProtect = Trojan/W32.Genome.131072.E K7AntiVirus = Trojan VirusBuster = Trojan.Kryptik!4YSNddtJy2w TrendMicro-HouseCall = TROJ_GEN.R72C2FT Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Win32.Vundo.av5.AD McAfee-GW-Edition = Vundo.gen.fy DrWeb = Trojan.WinSpy.1185 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Generic.kpyn McAfee = Vundo.gen.fy F-Secure = Trojan.Generic.KDV.266434 VIPRE = Trojan.Win32.Kryptik.laq (v) eSafe = Win32.TRVundo F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.SPG Norman = Vundo.UVS Sophos = Troj/Virtum-Gen GData = Trojan.Generic.KDV.266434 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.lxf ESET-NOD32 = a variant of Win32/Kryptik.LXF BitDefender = Trojan.Generic.KDV.266434
ExIF Data	File Size : 128 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:05 18:48:40-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 86016 Initialized Data Size : 86016 Uninitialized Data Size : 0 Entry Point : 0x151a7 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.1.4026.0 Product Version Number : 2.0.0.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : Ncpniezam Kdqqjqacykd File Description : Movie Maker Filters File Version : 2, 1, 4026, 0 Internal Name : WMM2FILT Legal Copyright : Copyright (C) Lfwckqjlh Corp, 2004 Legal Trademarks : Original Filename : WMM2FILT.DLL Private Build : Product Name : Windows Movie Maker Product Version : 2.1.4026.0 Special Build :
VirusTotal Report submitted 2012-08-10 04:38:48
VirusShare info last updated 2012-09-30 00:30:00

	MD5	32b65d2a11bb06eebf4adf87970a179c
	SHA1	ba22696d70e9f5c32c84d2059f68f4305a9c7cab
	SHA256	3bc674ad3215ad6649394cc4feeb94df689e7057d709caaee16b2938d8f97cd3
SSDeep	3072:ZB0R00OUkdGo3ixI/aMFAA7rlS33OninJRkadyM:/o00hIL3ixukA7UHOiXkY
Size	106496 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-GD [Cryp] Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Genome Panda = Suspicious file nProtect = Trojan.Vundo.7238 K7AntiVirus = Riskware VirusBuster = Trojan.Vundo!2VdTkjSLKn0 eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R45C7KJ Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Vundo SUPERAntiSpyware = Trojan.Agent/Gen-Faldesc[Cont] McAfee-GW-Edition = Artemis!32B65D2A11BB DrWeb = Trojan.Click1.63025 TrendMicro = TROJ_GEN.R45C7KJ Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Genome.akzv McAfee = Artemis!32B65D2A11BB F-Secure = Trojan.Vundo.7238 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.PNO Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Trojan.Vundo.7238 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Trojan.Vundo.7238 NOD32 = a variant of Win32/Adware.Virtumonde.NKO
ExIF Data	File Size : 104 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:01:06 17:18:11-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 49152 Initialized Data Size : 90112 Uninitialized Data Size : 0 Entry Point : 0x96dd OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.0.0.3422 Product Version Number : 2.0.0.3422 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : Qfvcysofc Corporation File Description : Mjpfshyda Agent Data Provider File Version : 2.00.0.3422 Internal Name : AgentDataProvider Legal Copyright : Copyright (C) Udxuqhanw Corp. 1997-98 Legal Trademarks : Original Filename : AgentDpv.dll Private Build : Product Name : Zkfnzoylw Agent Data Provider Product Version : 2.00.0.3422 Special Build :
VirusTotal Report submitted 2012-02-27 17:12:33
VirusShare info last updated 2012-09-30 01:24:05

	MD5	34bff3b1efb3415788e919331a384e83
	SHA1	7bc0f10316cc64587d36ed31511f6000fe85eb94
	SHA256	576059ca4a17ddeae77d941da1de7c6c8ed850ac1a05002c306ff8fc9cefa54d
SSDeep	3072:BnyVSw+AJFHW2196x3FxgHB5a1hqUxgEfEYbMvTxNXSTldMqqDLy/+N:MwMFHW8m+5OFXM9NXSwqqDLu
Size	144896 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Malware/Win32.Generic Panda = Generic Malware nProtect = Gen:Variant.Vundo.4 VirusBuster = Trojan.Vundo.Gen!Pac.49 Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[RE] McAfee-GW-Edition = Vundo!iy DrWeb = Trojan.MulDrop2.36782 Microsoft = Trojan:Win32/Vundo.gen!AV PCTools = Trojan.Gen McAfee = Vundo!iy F-Secure = Gen:Variant.Vundo.4 VIPRE = Virtumonde Avast5 = Win32:Malware-gen eSafe = Win32.TRVundo AVG = Generic23.OKC Norman = W32/Suspicious_Gen2.MZFLI Symantec = Trojan.Gen GData = Gen:Variant.Vundo.4 TheHacker = Trojan/Kryptik.lxf BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Size : 142 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:04:05 16:27:57-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 114688 Initialized Data Size : 86016 Uninitialized Data Size : 0 Entry Point : 0x17b96 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 8 Language Code : English (U.S.) Character Set : Unicode Company Name : Tdidwjbjy Lwycvszvikq File Description : Recqmufhl Sound Mapper File Version : 6.0.6000.16386 (nvpsl_rtm.061101-2205) Internal Name : Xtikbbjzg Sound Mapper Legal Copyright : © Microsoft Gkijxsdsygc. All rights reserved. Original Filename : msacm32.acm Product Name : Vywjlybww® Torzzwr® Opufkodvw Ajxsio Product Version : 6.0.6000.16386
VirusTotal Report submitted 2011-06-30 23:32:31
VirusShare info last updated 2012-09-30 01:58:10

	MD5	3eab2f7df63567ed6fc12e53db2096f8
	SHA1	e9befeb5870b9147a52001a6611d7e7d82691731
	SHA256	34c6cf5816da689c0985441a151283aa7a96b40ad9c77cbf1de02d17eb13b671
SSDeep	6144:qbr47+qinstMgQgRnyoFz8Nr9XFFxTH+likQojkfiIrqsusJX5NLAv0:oFq+sGYyo6RZFF9HcQfluaXLLN
Size	334695 bytes
File Type	PE32 executable (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Pirminay.bjk Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Suspicious file nProtect = Trojan.Generic.6537674 K7AntiVirus = Riskware VBA32 = SScope.Trojan.Pirminay.chc eTrust-Vet = Win32/Ponmocup.A TrendMicro-HouseCall = TROJ_SPYPRO.SM Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Renos McAfee-GW-Edition = Kryp.b DrWeb = Trojan.MulDrop1.60277 TrendMicro = TROJ_SPYPRO.SM Microsoft = TrojanDownloader:Win32/Renos.KC Fortinet = PossibleThreat PCTools = Trojan.Milicenso Jiangmin = Trojan/Pirminay.gy McAfee = Kryp.b ClamAV = Trojan.Agent-183368 F-Secure = Trojan.Generic.6537674 VIPRE = Trojan.Win32.Generic!BT eSafe = Win32.TRPirminay.Bjk F-Prot = W32/FakeAlert.LP.gen!Eldorado AVG = Generic20.BEEO Norman = Pirminay.B Sophos = Troj/Virtum-Gen GData = Trojan.Generic.6537674 Symantec = Trojan.Milicenso Commtouch = W32/FakeAlert.LP.gen!Eldorado TheHacker = Trojan/Pirminay.bih BitDefender = Trojan.Generic.6537674 NOD32 = a variant of Win32/Kryptik.JIB
ExIF Data	File Size : 327 kB File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:08:30 13:56:32-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 23040 Initialized Data Size : 603648 Uninitialized Data Size : 0 Entry Point : 0x6552 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.0.0.3422 Product Version Number : 2.0.0.3422 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : Hebrew Character Set : Unicode Comments : Company Name : Microsoft Corporation File Description : Microsoft Agent International Dll File Version : 2.00.0.3422 Internal Name : agt040d Legal Copyright : Copyright (C) Microsoft Corp. 1998 Legal Trademarks : Original Filename : agt040d.dll Private Build : Product Name : Microsoft Agent International Dll Product Version : 2.00.0.3422 Special Build :
VirusTotal Report submitted 2012-03-12 23:00:37
VirusShare info last updated 2012-09-30 06:20:23

	MD5	45e59f292580ed3b28cce38042967e41
	SHA1	06698d631fe0537cab70e552c61509ffabff2694
	SHA256	8ee93dc98978a35c308f4dffae67b749184218df5c56a15dd6221c89c0f884ba
SSDeep	6144:LxN/n+XotWPuPSgHJmppcbwT+5AQDipUdJ3reLZK9DeWd4oSSl:L9tGmJmsbB/OpUdJ3aABeWd4oSK
Size	270699 bytes
File Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Detections	AntiVir = TR/Crypt.ULPM.Gen Avast = Win32:Vundo-JU [Trj] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Downloader/Win32.Injecter Rising = Trojan.Win32.Generic.1287F757 nProtect = Trojan.Generic.KDV.222570 K7AntiVirus = Riskware VirusBuster = Trojan.Vundo!GluauRQsgCw Comodo = TrojWare.Win32.TrojanDownloader.Agent.~PAP Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Heuristic.BehavesLike.Win32.ModifiedUPX.C DrWeb = Trojan.DownLoader5.32345 Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Vundo!rem Jiangmin = Trojan/Pirminay.zt McAfee = Artemis!45E59F292580 ClamAV = Trojan.Downloader.Agent-1476 F-Secure = Trojan.Generic.KDV.222570 VIPRE = Trojan.Win32.Generic!BT eSafe = Win32.TRCrypt.Ulpm AVG = Dropper.Generic3.BRXF Norman = W32/Suspicious_Gen2.MAECJ GData = Trojan.Generic.KDV.222570 Symantec = Trojan.Vundo BitDefender = Trojan.Generic.KDV.222570 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Size : 264 kB File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:11:06 13:22:28-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 249856 Initialized Data Size : 23040 Uninitialized Data Size : 401408 Entry Point : 0x9f330 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-03-16 19:23:45
VirusShare info last updated 2012-09-30 09:41:00

	MD5	481f031b573ffce5bf0b3aca14b2d236
	SHA1	b3d5d3b17fc03853e1f4005b4bca0dfb7bd7f60d
	SHA256	86e50d6fb279818f11a528916b3a963ee804da95795ac97958f61f0240f3c5a3
SSDeep	3072:B+yVSw+AJFHW2196JSx4H3Ua99UxATfHYbM3TxNXSTldMqqDLy/+N:PwMFHW86XUn4SMFNXSwqqDLu
Size	144896 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Malware/Win32.Generic Panda = Generic Malware nProtect = Gen:Variant.Vundo.4 VirusBuster = Trojan.Vundo.Gen!Pac.49 Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[RE] McAfee-GW-Edition = Artemis!481F031B573F DrWeb = Trojan.MulDrop2.36782 Microsoft = Trojan:Win32/Vundo.gen!AV McAfee = Artemis!481F031B573F F-Secure = Gen:Variant.Vundo.4 VIPRE = Virtumonde Avast5 = Win32:Malware-gen AVG = Generic23.OKC Norman = W32/Suspicious_Gen2.MZJGA GData = Gen:Variant.Vundo.4 TheHacker = Trojan/Kryptik.lxf BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Size : 142 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:04:05 16:27:57-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 114688 Initialized Data Size : 86016 Uninitialized Data Size : 0 Entry Point : 0x17b96 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 8 Language Code : English (U.S.) Character Set : Unicode Company Name : Tdidwjbjy Lwycvszvikq File Description : Recqmufhl Sound Mapper File Version : 6.0.6000.16386 (nvpsl_rtm.061101-2205) Internal Name : Xtikbbjzg Sound Mapper Legal Copyright : © Microsoft Gkijxsdsygc. All rights reserved. Original Filename : msacm32.acm Product Name : Vywjlybww® Torzzwr® Opufkodvw Ajxsio Product Version : 6.0.6000.16386
VirusTotal Report submitted 2011-06-29 15:08:48
VirusShare info last updated 2012-09-30 10:15:21

	MD5	48ba55e0f52c92581701197ecbd20c3d
	SHA1	64e2dbcc6a3281476425a5eecd09646490731055
	SHA256	89550a1825cd859ef06f7e6dfe540384c5fb8a0468c93480235b5bb4a06f60df
SSDeep	3072:tnVMssLTlQpjVRQE0O2fGlijyJcwvTj2Mjj:YsiG7QECfN6sMH
Size	108032 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.13.10 Avast = Win32:MalOb-GD [Cryp] Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Genome Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.13 K7AntiVirus = Riskware VirusBuster = Trojan.Vundo!T7e65XXL+yI eTrust-Vet = Win32/Monder.A!generic TrendMicro-HouseCall = TROJ_GEN.R28C2EC Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Vundo SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Vundo!hs DrWeb = Trojan.Smardec.76 TrendMicro = TROJ_GEN.R28C2EC Kaspersky = UDS:DangerousObject.Multi.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen McAfee = Vundo!hs F-Secure = Gen:Variant.Vundo.13 VIPRE = Virtumonde Avast5 = Win32:MalOb-GD [Cryp] F-Prot = W32/Virtumonde.CD.gen!Eldorado AVG = Generic22.BYHN Norman = W32/Suspicious_Gen2.NMOVZ GData = Gen:Variant.Vundo.13 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CD.gen!Eldorado BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.OXQ
ExIF Data	File Size : 106 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:06:19 13:18:21-04:00 PE Type : PE32 Linker Version : 5.12 Code Size : 57344 Initialized Data Size : 94208 Uninitialized Data Size : 0 Entry Point : 0xad49 OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Btxmalesx Qspoakhbhnb File Description : Shell scrap object handler File Version : 5.1.2600.0 (nfunjbyq.010817-1148) Internal Name : shole Legal Copyright : © Hcsqowbmc Gehywoayxwc. All rights reserved. Original Filename : SHSCRAP.DLL Product Name : Usvzfyxox® Bydffez® Makrhcoel Kkzetx Product Version : 5.1.2600.0
VirusTotal Report submitted 2011-09-15 12:27:56
VirusShare info last updated 2012-09-30 10:26:24

	MD5	58264d4ac6589fd0222504a4fd9e3b1d
	SHA1	647b5c089152d7d2228f414677972849007342e6
	SHA256	3560f128d731e302aaa299926c41cab6688b285bb97d5f42371783c0f0b3207a
SSDeep	6144:aqixXS+CQ2bpfzOlNnYl9WwADOGAbrzHJpb24Yph24d2DNSbs2IEjy4GOUcefpu/:aqbmnkprXYbvy4GKqmr9
Size	247808 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.A.675 Avast = Win32:MalOb-GD [Cryp] Antiy-AVL = Trojan/win32.agent.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Gen Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!EGI8EbIfIr4 TrendMicro-HouseCall = TROJ_GEN.R47CRFN Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Generic.dx!zvx TrendMicro = TROJ_GEN.R47CRFN Kaspersky = UDS:DangerousObject.Multi.Generic Microsoft = Trojan:Win32/Vundo.gen!AV PCTools = Trojan.Gen McAfee = Generic.dx!zvx F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:MalOb-GD [Cryp] eSafe = Win32.GenVariant.Vun F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic21.BESV Norman = W32/Suspicious_Gen2.MYOGP Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen.2 Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Size : 242 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2005:03:15 06:36:59-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 172032 Initialized Data Size : 118784 Uninitialized Data Size : 0 Entry Point : 0x2724e OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.0.0.3422 Product Version Number : 2.0.0.3422 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : Dutch Character Set : Unicode Comments : Company Name : Epmaxbdkg Upciyksupla File Description : Nodfqaxsu Agent International Dll File Version : 2.00.0.3422 Internal Name : agt0413 Legal Copyright : Copyright (C) Dwjrmbzjv Corp. 1999 Legal Trademarks : Original Filename : agt0413.dll Private Build : Product Name : Dgrobozpq Agent International Dll Product Version : 2.00.0.3422 Special Build :
VirusTotal Report submitted 2011-08-25 17:59:04
VirusShare info last updated 2012-09-30 14:57:01

	MD5	58456b6513d3c7aa4d84e7f65a258a66
	SHA1	b7968accc55acca7e123812547e7beb56cfb8200
	SHA256	80ebea528df52cbb55d1d537efe75678baba399bddf2624f60d304ae8deb1cd2
SSDeep	6144:idsFsLB3GbOnTFPv5vWh2B2MMSMzvkVktn5MYPH2V1ZWlI:cLNNTVIsAPSMb04MMeqlI
Size	299396 bytes
File Type	PE32 executable (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Crypt.XPACK.Gen3 Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Suspicious file K7AntiVirus = Riskware VirusBuster = Trojan.Pirminay!Y/QETZYNb3k VBA32 = SScope.Trojan.Pirminay.chc TrendMicro-HouseCall = TROJ_DLOADR.SMWQ Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Downloader-CEW.ag DrWeb = Trojan.DownLoader4.48509 TrendMicro = TROJ_DLOADR.SMWQ Microsoft = TrojanDownloader:Win32/Renos.KC Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.ju McAfee = Downloader-CEW.ag F-Secure = Gen:Variant.Zbot.34 VIPRE = Trojan.Win32.Generic!BT AVG = Generic21.JAY Norman = W32/Obfuscated.L Sophos = Troj/Virtum-Gen GData = Gen:Variant.Zbot.34 Symantec = Trojan.Gen TheHacker = Trojan/Pirminay.csm BitDefender = Gen:Variant.Zbot.34 NOD32 = probably a variant of Win32/TrojanDownloader.Agent.FPVULED
ExIF Data	File Size : 292 kB File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:03:09 19:32:23-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 266240 Initialized Data Size : 286720 Uninitialized Data Size : 0 Entry Point : 0x41a90 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 0.3.1536.0 Product Version Number : 1.0.2.82 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 1 Language Code : English (U.S.) Character Set : Unicode Company Name : CANON INC. File Description : Canon Inkjet Printer Driver File Version : 1.00.2.82 (vbl_wcp_d2_drivers.060831-0027) Internal Name : CNBO157.DLL Legal Copyright : Copyright CANON INC. 2006 All Rights Reserved Original Filename : CNBO157.DLL Product Name : Canon Inkjet Printer Driver Product Version : 1.00.2.82
VirusTotal Report submitted 2012-04-04 11:58:33
VirusShare info last updated 2012-09-30 14:58:38

	MD5	5abc13e93035e03aa124e4b50cecaa08
	SHA1	af37a55d1ac4bec98897bf099d8a936fa6fdc79a
	SHA256	84969ba82c81a3626f4764a1e27847952fb22d42b99e5d70d8c2fdab833fd003
SSDeep	12288:CVfmBCbkxIkMDN3jM6QgxEQfQVGRyJzhg+EPFY9VWdIYJ:MmBCbgIyz1yaOI
Size	516096 bytes
File Type	PE32 executable (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Dldr.Renos.KC.44 Avast = Win32:Downloader-GQP Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Pirminay.516096 Panda = Suspicious file K7AntiVirus = Riskware VBA32 = TrojanDropper.Agent.phh TrendMicro-HouseCall = TROJ_GEN.R47C2DQ Comodo = TrojWare.Win32.Trojan.Agent.Gen CAT-QuickHeal = TrojanDownloader.Agent.nd DrWeb = Trojan.DownLoader2.36546 TrendMicro = TROJ_GEN.R47C2DQ Microsoft = TrojanDownloader:Win32/Renos.KC PCTools = Downloader.Generic Jiangmin = Trojan/Generic.eskt F-Secure = Trojan.Generic.KDV.195132 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Downloader-GQP AVG = Downloader.Generic11.TGI Norman = W32/Obfuscated.L Symantec = Downloader GData = Trojan.Generic.KDV.195132 BitDefender = Trojan.Generic.KDV.195132 NOD32 = Win32/TrojanDropper.Agent.PHH
ExIF Data	File Size : 504 kB File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:03:30 05:34:01-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 57344 Initialized Data Size : 892928 Uninitialized Data Size : 0 Entry Point : 0xe0c6 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6001.18000 Product Version Number : 6.0.6001.18000 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : NAP client config API helper File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840) Internal Name : naphlpr.DLL Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : naphlpr.DLL Product Name : Microsoft® Windows® Operating System Product Version : 6.0.6001.18000
VirusTotal Report submitted 2011-05-05 02:16:51
VirusShare info last updated 2012-09-30 16:41:09

	MD5	5afa4de1fdd7e86fca0bf5cb4805eb65
	SHA1	871a02b432bad700468247c3c33349c3648a4017
	SHA256	2fd4d8c856b194f34f7b24de8309c43b17ceb847555ecf46194f75965093fde4
SSDeep	3072:S+dC6rU50oY8ACylYc5cXpTNJdFz4MqqDLy/NoDbc:CekP80pBFzzqqDLuN
Size	131072 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:Vundo-JX [Trj] Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/Genetic.gen nProtect = Trojan/W32.Genome.131072.E K7AntiVirus = Riskware VirusBuster = Trojan.Vundo.AKMH eTrust-Vet = Win32/Vundo.HPV!genus Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Jiangmin = Trojan/Generic.imok F-Secure = Gen:Variant.Vundo.4 Avast5 = Win32:Vundo-JX [Trj] F-Prot = W32/Virtumonde.CH.gen!Eldorado Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.lxf BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Size : 128 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:05 18:48:40-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 86016 Initialized Data Size : 86016 Uninitialized Data Size : 0 Entry Point : 0x151a7 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.1.4026.0 Product Version Number : 2.0.0.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : Ncpniezam Kdqqjqacykd File Description : Movie Maker Filters File Version : 2, 1, 4026, 0 Internal Name : WMM2FILT Legal Copyright : Copyright (C) Lfwckqjlh Corp, 2004 Legal Trademarks : Original Filename : WMM2FILT.DLL Private Build : Product Name : Windows Movie Maker Product Version : 2.1.4026.0 Special Build :
VirusTotal Report submitted 2011-08-12 16:44:30
VirusShare info last updated 2012-09-30 16:46:22

	MD5	5caae2599390a4b2541b547668afc6ee
	SHA1	f3b028e7fc808623da14cf9637a420e702d174ba
	SHA256	31e7bcd04a1964bbdc22bb997f9f68219ef1afa7d2532c6c9052ede523457104
SSDeep	3072:amb1IVLs05WNzmn+OKfE8BLsKXBGfK/F8u6xXoqCfIAqD3kx:1I20okfxrfKl20IVD3M
Size	115200 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Crypt.XPACK.Gen Avast = Win32:MalOb-GD [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Vundo Panda = Trj/Genetic.gen nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!7OBnAxqf94Q Emsisoft = Trojan.Win32.Pirminay!IK Comodo = TrojWare.Win32.Kryptik.LLT CAT-QuickHeal = Trojan.Vundo.av SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Artemis!5CAAE2599390 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Virtum!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.fnxb McAfee = Artemis!5CAAE2599390 F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-GD [Cryp] F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.BZCQ Norman = W32/Suspicious_Gen2.QBLFT Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen.2 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.llt BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LLT
ExIF Data	File Size : 112 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:06:11 15:18:07-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 102400 Initialized Data Size : 49152 Uninitialized Data Size : 0 Entry Point : 0x19601 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.0.0.3422 Product Version Number : 2.0.0.3422 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : Rlikrttkj Ibietanazzz File Description : Jugqectay Character Animation Data Provider File Version : 2.00.0.3422 Internal Name : AgentDataProvider2 Legal Copyright : Copyright (C) Bhgtbibxy Corp. 1997-98 Legal Trademarks : Original Filename : AgentDp2.dll Private Build : Product Name : Nrrmupjma Character Animation Data Provider Product Version : 2.00.0.3422 Special Build :
VirusTotal Report submitted 2011-09-09 16:52:23
VirusShare info last updated 2012-09-30 17:19:15

	MD5	6ad19c502d566d32f1c8587536e8ccaa
	SHA1	bba51a2038e5a718ad9668627b122ca8fcc89f3f
	SHA256	53ebbfb475d01c8b035aaf5ce21795586e58effb4433a933ee4b6b1e6021064c
SSDeep	3072:S+1Eh6rU50oY8AC1c2HocXGv+2dFzlMqqDLy/EoDbc:6ek/I0GZFzGqqDLuE
Size	131072 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:Vundo-JX Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.4 VirusBuster = Trojan.Vundo.AKMH eTrust-Vet = Win32/Vundo.HPV!genus Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Vundo!ja Microsoft = Trojan:Win32/Vundo.gen!AV McAfee = Vundo!ja F-Secure = Gen:Variant.Vundo.4 VIPRE = Virtumonde Avast5 = Win32:Vundo-JX AVG = Generic23.AICX Norman = W32/Suspicious_Gen2.NDSNC GData = Gen:Variant.Vundo.4 BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Size : 128 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:05 18:48:40-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 86016 Initialized Data Size : 86016 Uninitialized Data Size : 0 Entry Point : 0x151a7 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.1.4026.0 Product Version Number : 2.0.0.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : Ncpniezam Kdqqjqacykd File Description : Movie Maker Filters File Version : 2, 1, 4026, 0 Internal Name : WMM2FILT Legal Copyright : Copyright (C) Lfwckqjlh Corp, 2004 Legal Trademarks : Original Filename : WMM2FILT.DLL Private Build : Product Name : Windows Movie Maker Product Version : 2.1.4026.0 Special Build :
VirusTotal Report submitted 2011-07-03 23:16:12
VirusShare info last updated 2012-09-30 21:47:17

	MD5	700f8eca091ebb680b2df0db885a1360
	SHA1	c84ba9107442eec0ad645a4070a0c8cc1578c319
	SHA256	545ba112c6bccc6e32d778e26b61b7893cdc15b798e3e82fee3624c0e4a78083
SSDeep	1536:Miga7wa6p3v7TN2lSfru+2Ix9TT99tAzG6n6feJX68lYYle:dga7B63vV2l0hlx9TZHAzGPQlYYle
Size	73216 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.aba.1 Avast = Win32:MalOb-GD Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Malware/Win32.Generic Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.13 VirusBuster = Trojan.Kryptik!Yc2bAwZHDI4 TrendMicro-HouseCall = TROJ_GEN.R47C2F1 Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Faldesc[RE] McAfee-GW-Edition = Generic.dx!zqv TrendMicro = TROJ_GEN.R47C2F1 Microsoft = Trojan:Win32/Vundo Fortinet = W32/Dx.ZQV!tr McAfee = Generic.dx!zqv F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-GD AVG = Generic22.BEOK GData = Gen:Variant.Vundo.13 TheHacker = Trojan/Kryptik.ndi BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.NDI
ExIF Data	File Size : 72 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:05:30 00:13:48-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 61440 Initialized Data Size : 57344 Uninitialized Data Size : 0 Entry Point : 0xbfcd OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Tag 0c 0904 E4 : Company Name : Tqroektgj Qrcfussllji File Description : Vsvlujguo Direct3D File Version : 6.0.6000.16386 Internal Name : D3DRamp.dll Legal Copyright : © Oxejugpwe Dywekurptmm. All rights reserved. Original Filename : D3DRamp.dll Product Name : Abevmsoiy® Utbejqa® Qmblpnydb Jyoupu Product Version : 6.0.6000.16386
VirusTotal Report submitted 2011-06-22 07:08:26
VirusShare info last updated 2012-09-30 23:26:30

	MD5	753327caf6dc4dc19b512be88c056109
	SHA1	ec4b4b93f86466d5c17be3d36f93c6a1c003746a
	SHA256	8e6e0edc2eabc198baf03e33c037627e231f3302da2ba3e1ee69731e8b747b19
SSDeep	1536:ASQqfhAPB5pSeQSwYnRQD2PQQDs6sRqHFdSfYVF9H0TyTAiDTZ7SLiyXIpb4x1G:A9ZPZwkRQE3DXgKgaF5yycuTZGisL7G
Size	141437 bytes
File Type	PE32 executable (GUI) Intel 80386, for MS Windows
Detections	Avast = Win32:Trojan-gen Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Gen.Variant.Vundo AhnLab-V3 = Malware/Win32.Generic Panda = Suspicious file K7AntiVirus = Riskware VirusBuster = Trojan.Priminay.A eTrust-Vet = Win32/Swisyn.DT Comodo = UnclassifiedMalware McAfee-GW-Edition = Artemis!753327CAF6DC Microsoft = TrojanDownloader:Win32/Renos.KC PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.jp McAfee = Artemis!753327CAF6DC Avast5 = Win32:Trojan-gen AVG = Generic20.CKFC Norman = W32/Suspicious_Gen2.dam Sophos = Mal/Generic-E Symantec = Trojan.Gen GData = Trojan.Generic.5704992 TheHacker = Trojan/Downloader.Agent.pxo BitDefender = Trojan.Generic.5704992 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Size : 138 kB File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2002:08:30 20:58:54-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 16384 Initialized Data Size : 618496 Uninitialized Data Size : 0 Entry Point : 0x44c0 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI Warning : Error processing PE data dictionary
VirusTotal Report submitted 2011-04-07 22:02:14
VirusShare info last updated 2012-10-01 00:43:45

	MD5	7ae688648b6615e5d5f7d7b03699bfd4
	SHA1	28a75e38f1145d9fb68125d79706f7fd17a22d07
	SHA256	3a2dc2579e78563e3bee4f2b9177bcada7d51d2b3b19d9a64aedd6fdf0d22dc8
SSDeep	3072:S+Cq6rU50oY8ACIF+PNcXk2ib6dFz/MqqDLy/roDbc:xekokN0kmFzUqqDLur
Size	131072 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-HF [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/Genetic.gen nProtect = Trojan.Generic.6170401 VirusBuster = Trojan.Kryptik!6BNXMlv5N1k eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R72C2FU Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Artemis!7AE688648B66 DrWeb = Trojan.WinSpy.1185 TrendMicro = TROJ_GEN.R72C2FU Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr Jiangmin = Trojan/Generic.itfy McAfee = Artemis!7AE688648B66 F-Secure = Trojan.Generic.6170401 VIPRE = Trojan.Win32.Generic!BT eSafe = Win32.TRVundo F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.STT Norman = Vundo.UVS Sophos = Troj/Virtum-Gen Symantec = WS.Reputation.1 GData = Trojan.Generic.6170401 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.lxf BitDefender = Trojan.Generic.6170401 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Size : 128 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:05 18:48:40-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 86016 Initialized Data Size : 86016 Uninitialized Data Size : 0 Entry Point : 0x151a7 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.1.4026.0 Product Version Number : 2.0.0.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : Ncpniezam Kdqqjqacykd File Description : Movie Maker Filters File Version : 2, 1, 4026, 0 Internal Name : WMM2FILT Legal Copyright : Copyright (C) Lfwckqjlh Corp, 2004 Legal Trademarks : Original Filename : WMM2FILT.DLL Private Build : Product Name : Windows Movie Maker Product Version : 2.1.4026.0 Special Build :
VirusTotal Report submitted 2012-05-02 01:22:24
VirusShare info last updated 2012-10-01 02:11:04

	MD5	7cd3e74fc8fcdc5d43d8fa7d2497ab96
	SHA1	23671d71b425a1dcf54391b9b436c5c88ac73524
	SHA256	52ed469fa64fbd6c706e69003e41e003f3d81ada35e4dacf6fddfbeaedc91a1d
SSDeep	12288:ISVuxlTcViV6or9luvSXHBrmyi1NMYkg:5uxlYg3DuvSXa6h
Size	402432 bytes
File Type	PE32 executable (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Dldr.Ponmocup.A.156 Avast = Win32:Malware-gen Ikarus = Trojan-Downloader.Win32.Renos AhnLab-V3 = Trojan/Win32.Gen Panda = Suspicious file nProtect = Trojan.Generic.5149527 VBA32 = suspected of Trojan.Pirminay.aud TrendMicro-HouseCall = TROJ_GEN.R47C2L2 Comodo = UnclassifiedMalware Emsisoft = Trojan-Downloader.Win32.Renos!IK DrWeb = Trojan.Hosts.2242 TrendMicro = TROJ_GEN.R47C2L2 Microsoft = TrojanDownloader:Win32/Ponmocup.A PCTools = Trojan.Gen F-Secure = Trojan.Generic.5149527 VIPRE = Trojan.Win32.Generic!SB.0 Avast5 = Win32:Malware-gen AVG = Downloader.Generic10.AVAD Norman = W32/Obfuscated.L Sophos = Mal/Generic-L GData = Trojan.Generic.5149527 Symantec = Trojan.Gen BitDefender = Trojan.Generic.5149527
ExIF Data	File Size : 393 kB File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:04:03 23:28:07-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 387072 Initialized Data Size : 315904 Uninitialized Data Size : 0 Entry Point : 0x5f3b0 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.0.0.3422 Product Version Number : 2.0.0.3422 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : Chinese (Simplified) Character Set : Unicode Comments : Company Name : Microsoft Corporation File Description : Microsoft Agent International Dll File Version : 2.00.0.3422 Internal Name : agt0804 Legal Copyright : Copyright (C) Microsoft Corp. 1998 Legal Trademarks : Original Filename : agt0804.dll Private Build : Product Name : Microsoft Agent International Dll Product Version : 2.00.0.3422 Special Build :
VirusTotal Report submitted 2010-12-07 18:44:30
VirusShare info last updated 2012-10-01 02:42:03

	MD5	89c9177c5f61f1e65583494f04570a20
	SHA1	018b95fea42a8e85aaf9c20c0366b85f12d2137e
	SHA256	3a32bfa9cd9c29f7e9717115b4cd5345c11839aa6263001c7c6dac7676d0f662
SSDeep	1536:f7lu5jAE/LteIGGs4uoP/MyUyapBxbFss7EVaMqqU+NV23S2vt90cmMPZ/+eF3yJ:fwr/heIqRes4VaMqqDLy/lRmMP1BY+
Size	112128 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:Pirminay-BU [Trj] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Suspicious file nProtect = Gen:Variant.Vundo.13 K7AntiVirus = Riskware VirusBuster = Trojan.Vundo!cuvpYOhPaJc VBA32 = BScope.Trojan.MTA.0162 TrendMicro-HouseCall = TROJ_GEN.R47C2G1 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Vundo!mg DrWeb = Trojan.MulDrop2.36782 TrendMicro = TROJ_GEN.R47C2G1 Kaspersky = UDS:DangerousObject.Multi.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen Jiangmin = Trojan/Monder.abcd McAfee = Vundo!mg F-Secure = Gen:Variant.Vundo.13 VIPRE = Virtumonde F-Prot = W32/Virtumonde.CH.gen!Eldorado Sophos = Troj/Virtum-Gen Symantec = Trojan.Gen GData = Gen:Variant.Vundo.13 Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.QGU
ExIF Data	File Size : 110 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2007:02:12 05:48:30-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 49152 Initialized Data Size : 114688 Uninitialized Data Size : 0 Entry Point : 0xc3b7 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.6.0.8820 Product Version Number : 5.6.0.8820 File Flags Mask : 0x0003 File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Microsoft (r) Shell Extension for Windows Script Host File Version : 5.6.0.8820 Internal Name : wshext.dll Legal Copyright : Copyright © Microsoft Corp. 2002 Original Filename : wshext.dll Product Name : Microsoft (r) Windows Script Host Product Version : 5.6.0.8820
VirusTotal Report submitted 2011-10-21 13:24:49
VirusShare info last updated 2012-10-01 09:14:41

	MD5	8cc659f604c5647071a5ef2a262bcbbf
	SHA1	1d43e4b95dd5b7978cd4d3c25da0d1e96db8164a
	SHA256	50ffbc879ca31f5f967513d2bad7a76c901b48080a77fed41f9d4cc4edf0fb78
SSDeep	3072:A9ZPZwkRQE3DXgKgaF5yycuTZGisL7kLIsbr5DEhHEw+MA/ZDUW1f6b:A9XTRHTXgjaGPtXITbrxeH/+MmvpU
Size	216273 bytes
File Type	PE32 executable (GUI) Intel 80386, for MS Windows
Detections	Avast = Win32:Trojan-gen Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Gen.Variant.Vundo AhnLab-V3 = Malware/Win32.Generic K7AntiVirus = Riskware VirusBuster = Trojan.Priminay.A eTrust-Vet = Win32/Swisyn.DT Comodo = UnclassifiedMalware McAfee-GW-Edition = Artemis!8CC659F604C5 Microsoft = TrojanDownloader:Win32/Renos.KC Jiangmin = Trojan/Pirminay.jp McAfee = Artemis!8CC659F604C5 F-Secure = Trojan.Generic.5574285 Avast5 = Win32:Trojan-gen AVG = Generic20.CKFC Norman = W32/Suspicious_Gen2.dam Sophos = Mal/Generic-E GData = Trojan.Generic.5574285 TheHacker = Trojan/Downloader.Agent.pxo BitDefender = Trojan.Generic.5574285 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Size : 211 kB File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2002:08:30 20:58:54-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 16384 Initialized Data Size : 618496 Uninitialized Data Size : 0 Entry Point : 0x44c0 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI Warning : Error processing PE data dictionary
VirusTotal Report submitted 2011-03-24 23:26:11
VirusShare info last updated 2012-10-01 10:03:56

	MD5	8fdcec0857e966509b9cb15638cdf38c
	SHA1	5f59a0f113801cfedb31e353db943708341b8edf
	SHA256	5554067060f5bb0ce939e8b085521a949a1e1afae31817eb0e63fb10acb6403d
SSDeep	3072:ByCFb8BgJlvOU5tXricOexhixasQZD2T6jtjJ++3IlK3+CoSpMqqDLy/b1W:YCFB535xcexAFWpIlxQiqqDLuRW
Size	188928 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Crypt.XPACK.Gen Avast = Win32:Pirminay-BU [Trj] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Suspicious file nProtect = Gen:Variant.Katusha.5 VirusBuster = Trojan.Vundo.Gen!Pac.49 Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Generic.evx!a DrWeb = Trojan.MulDrop2.36782 Microsoft = Trojan:Win32/Vundo McAfee = Generic.evx!a F-Secure = Gen:Variant.Katusha.5 VIPRE = Virtumonde Avast5 = Win32:Pirminay-BU [Trj] AVG = Generic23.AELP GData = Gen:Variant.Katusha.5 BitDefender = Gen:Variant.Katusha.5 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Size : 184 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:11 22:43:04-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 147456 Initialized Data Size : 90112 Uninitialized Data Size : 0 Entry Point : 0x20b82 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.0.0.3422 Product Version Number : 2.0.0.3422 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : Microsoft Corporation File Description : Microsoft Agent Data Provider File Version : 2.00.0.3422 Internal Name : AgentDataProvider Legal Copyright : Copyright (C) Microsoft Corp. 1997-98 Legal Trademarks : Original Filename : AgentDpv.dll Private Build : Product Name : Microsoft Agent Data Provider Product Version : 2.00.0.3422 Special Build :
VirusTotal Report submitted 2011-07-20 08:37:55
VirusShare info last updated 2012-10-01 10:53:56

	MD5	91c6c9bd6220abaa9602319ee8eaa144
	SHA1	12367af7f8927309c80155151ed4f8d63d177112
	SHA256	8e10ed857008035b54e07e1b4a44d3fadf22162939096c71f7eab70a8f2798ed
SSDeep	1536:aKVsWU0na67MwCOpuvCZNRMC7hNfuu/ayhti0bOmGVCCeVB6KryitemERoN6fI9:aiWk7MXzCtM2h3/owWyB6KuitB9N6f
Size	108544 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:Malware-gen Antiy-AVL = Trojan/win32.agent.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.HDC Panda = Generic Trojan Rising = Trojan.Win32.Generic.1295DF62 K7AntiVirus = Riskware VirusBuster = Trojan.Vundo!EdoLkR9xRX0 TrendMicro-HouseCall = TROJ_GEN.R49C2GU Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.WinSpy.1288 TrendMicro = TROJ_GEN.R49C2GU Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Generic.mrlo McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) eSafe = Win32.TRVundo F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.BRDR Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.13 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.oxo BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.OXO
ExIF Data	File Size : 106 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:11:22 22:25:18-05:00 PE Type : PE32 Linker Version : 5.12 Code Size : 36864 Initialized Data Size : 114688 Uninitialized Data Size : 0 Entry Point : 0x9d01 OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 8.0.6001.18000 Product Version Number : 8.0.6001.18000 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Qidxjbuxy Tgslcocagni File Description : Ofvbysqpj Speech Recognition Engine Extensions File Version : 8.0.6001.18000 (longhorn_rtm.080118-1840) Internal Name : spsrx.dll Legal Copyright : © Rjuwsfsvo Mbhhajrnbmz. All rights reserved. Original Filename : spsrx.dll Product Name : Mrhrjbsns® Kbgmzwg® Gdqowseae Azueje Product Version : 8.0.6001.18000
VirusTotal Report submitted 2012-06-14 20:47:26
VirusShare info last updated 2012-10-01 11:28:22

	MD5	930e0744031d80da271ee275d0703827
	SHA1	1e56024a72d2ed317d280ff9930e7a67cb117915
	SHA256	829f7ff09a21b94eab4a7c727d3920175f6e24ceef20d4cbb8e33bf3a225e297
SSDeep	3072:IWDRZL/Yrmi/dobFVut0zX5LjVbwjGCuyafQJWzvX2o7Zfqb:ImZYq0kGt0zX5VwjVuLwWzf/fq
Size	139776 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.5.371 Avast = Win32:MalOb-EI Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Malware/Win32.Generic Panda = Generic Trojan VirusBuster = Trojan.Kryptik!Mnjo+NNVOZg TrendMicro-HouseCall = TROJ_GEN.R3EC2D2 Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[Cont] McAfee-GW-Edition = Generic.dx!wyx TrendMicro = TROJ_GEN.R3EC2D2 Microsoft = Trojan:Win32/Vundo Fortinet = W32/Dx.WYX!tr McAfee = Generic.dx!wyx F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Generic!BT Prevx = Medium Risk Malware Avast5 = Win32:MalOb-EI AVG = Generic21.BBSJ GData = Gen:Variant.Vundo.13 TheHacker = Trojan/Kryptik.llt BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.LLT
ExIF Data	File Size : 136 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2007:12:31 08:21:02-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 86016 Initialized Data Size : 102400 Uninitialized Data Size : 0 Entry Point : 0x11e3a OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7000.0 Product Version Number : 6.1.7000.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Yufjgoqkg Lthxyltuyit File Description : Multimedia Class Scheduler Service File Version : 6.1.7000.0 (winmain_win7beta.081212-1400) Internal Name : mmcss.dll Legal Copyright : © Mzbqqmipl Mfueuwtxidl. All rights reserved. Original Filename : mmcss.dll Product Name : Rrkezhxjl® Khxauhj® Qznuguzah Dcqkhz Product Version : 6.1.7000.0
VirusTotal Report submitted 2011-04-13 16:47:08
VirusShare info last updated 2012-10-01 11:48:24

	MD5	96c873c7efc7d61598e5f200a28d965d
	SHA1	64524e7e8e905d1ffcefce15e70799b1b5f445f7
	SHA256	3d4fbe2e65a1d45bc13b9b9d44a8f642ac6d2f1c600d3621b2db4c4ec4da6e68
SSDeep	3072:BlCFb8BNJlvOUdfsdicOeghixEsQZD2L6jtaJop7Il/cxCo3MqqDLy/W1W:XCFU53dk2egAXexIlSeqqDLugW
Size	188928 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Crypt.XPACK.Gen Avast = Win32:MalOb-HF [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Suspicious file Rising = Trojan.Win32.Generic.129C2233 K7AntiVirus = Riskware VirusBuster = Trojan.Vundo.Gen!Pac.49 eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R01C7JA Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Vundo!mp DrWeb = Trojan.MulDrop2.36782 TrendMicro = TROJ_GEN.R01C7JA Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.irfm McAfee = Vundo!mp F-Secure = Gen:Variant.Katusha.5 VIPRE = Trojan.Win32.Kryptik.laq (v) eSafe = Win32.Trojan F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.AELP Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Katusha.5 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.lxf BitDefender = Gen:Variant.Katusha.5 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Size : 184 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:11 22:43:04-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 147456 Initialized Data Size : 90112 Uninitialized Data Size : 0 Entry Point : 0x20b82 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.0.0.3422 Product Version Number : 2.0.0.3422 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : Microsoft Corporation File Description : Microsoft Agent Data Provider File Version : 2.00.0.3422 Internal Name : AgentDataProvider Legal Copyright : Copyright (C) Microsoft Corp. 1997-98 Legal Trademarks : Original Filename : AgentDpv.dll Private Build : Product Name : Microsoft Agent Data Provider Product Version : 2.00.0.3422 Special Build :
VirusTotal Report submitted 2012-05-18 18:57:35
VirusShare info last updated 2012-10-01 12:51:17

	MD5	9859124f39a8e0ebacedfdda9aa9c167
	SHA1	f975ad61abb8cf202d64214aebf5a150fdf6e6db
	SHA256	364be4207e4583e247437a3c05cecd3667010c1536c18872f3c48eb25b941da4
SSDeep	1536:K0hWmGE4O9shAwiYHIWboBwDLQ3FQ1CnCRJZu1MqqU+NV23S2dr:KsGE4zGwiYnboBh8k1MqqDLy/N
Size	86528 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:Vundo-JW [Trj] Antiy-AVL = Trojan/win32.agent.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Fakeav.86528.R Panda = Suspicious file nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!KYEkMxpSaR8 TrendMicro-HouseCall = TROJ_GEN.R72C1G7 Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Vundo!ja DrWeb = Trojan.WinSpy.1072 TrendMicro = TROJ_GEN.R72C1G7 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/VUNDO.JA!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.gije McAfee = Vundo!ja F-Secure = Gen:Variant.Vundo.4 VIPRE = Virtumonde Avast5 = Win32:Vundo-JW [Trj] eSafe = Win32.TRVundo AVG = Generic23.AGNT Norman = W32/Suspicious_Gen2.NCORT Symantec = Trojan.Gen GData = Gen:Variant.Vundo.4 TheHacker = Trojan/Kryptik.owy BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.OWY
ExIF Data	File Size : 84 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:13 09:32:51-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 32768 Initialized Data Size : 106496 Uninitialized Data Size : 0 Entry Point : 0x8a87 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Softpub Forwarder DLL File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : Softpub Forwarder DLL Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : Softpub Forwarder DLL Product Name : Microsoft® Windows® Operating System Product Version : 6.1.7600.16385
VirusTotal Report submitted 2011-07-16 18:14:20
VirusShare info last updated 2012-10-01 13:17:58

	MD5	992167465d38291c3e43379e72ed5d7d
	SHA1	073bec835542da451bb70f35132a576ee53f0c05
	SHA256	8323cd6a83f571c80a27426b257f56af686dc5ca7d54823286c91d97194e67bd
SSDeep	3072:S+7X6rU50oY8ACBOHTcXFPsMdFzaMqqDLy/4oDbc:dekaz0FpFzJqqDLu4
Size	131072 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-HF [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/Genetic.gen nProtect = Trojan/W32.Genome.131072.E K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!PvGJ9PLXKyY eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R72C2FU Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware DrWeb = Trojan.WinSpy.1185 TrendMicro = TROJ_GEN.R72C2FU Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr Jiangmin = Trojan/Generic.itfy F-Secure = Trojan.Generic.6170572 VIPRE = Trojan.Win32.Generic!BT eSafe = Win32.TRVundo F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.STF Norman = Vundo.UVS Sophos = Troj/Virtum-Gen GData = Trojan.Generic.6170572 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.lxf BitDefender = Trojan.Generic.6170572 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Size : 128 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:05 18:48:40-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 86016 Initialized Data Size : 86016 Uninitialized Data Size : 0 Entry Point : 0x151a7 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.1.4026.0 Product Version Number : 2.0.0.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : Ncpniezam Kdqqjqacykd File Description : Movie Maker Filters File Version : 2, 1, 4026, 0 Internal Name : WMM2FILT Legal Copyright : Copyright (C) Lfwckqjlh Corp, 2004 Legal Trademarks : Original Filename : WMM2FILT.DLL Private Build : Product Name : Windows Movie Maker Product Version : 2.1.4026.0 Special Build :
VirusTotal Report submitted 2012-05-20 23:03:54
VirusShare info last updated 2012-10-01 13:30:26

	MD5	9bfc070387ab376d9ccb6db3285639f0
	SHA1	d4f427470f3983f17ce2933af25691037f369033
	SHA256	8dc568cf96dcf4b1bb3262b0c2ae7c8cdce2b53e663ea92ee122b94468374f8b
SSDeep	1536:BLi2sLH7U0aBAvHDN8idO57QNs70F9FgcItv6txf4jiVmiEQhUMsXKukPi+psIuC:BG2sz7U03LuKrxQjiAiRUMsXKukPi+pp
Size	98304 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-EI Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Gen Panda = Trj/CI.A Rising = Trojan.Win32.Generic.1282E4E7 nProtect = Gen:Variant.Vundo.13 SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[RE] McAfee-GW-Edition = Artemis!9BFC070387AB DrWeb = Trojan.Smardec.79 Microsoft = Trojan:Win32/Vundo PCTools = Trojan.Gen McAfee = Artemis!9BFC070387AB F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-EI AVG = Generic23.AEQE Symantec = Trojan.Gen GData = Gen:Variant.Vundo.13 TheHacker = Trojan/Kryptik.ndf BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.NDF
ExIF Data	File Size : 96 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:08:30 21:54:27-04:00 PE Type : PE32 Linker Version : 6.0 Code Size : 32768 Initialized Data Size : 98304 Uninitialized Data Size : 0 Entry Point : 0x86d1 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Unicode Company Name : Updhtwtvi Ruivycwxfwr File Description : Platform Specific Hardware Error Driver File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : pshed.dll Legal Copyright : © Pscomdbey Etlzzzaqrax. All rights reserved. Original Filename : pshed.dll Product Name : Cihplvzyu® Owrvvcy® Amdfatsht Chhvwn Product Version : 6.1.7600.16385
VirusTotal Report submitted 2011-07-01 07:14:02
VirusShare info last updated 2012-10-01 14:27:39

	MD5	9d540fd2c3b92293102a94187d61e0d0
	SHA1	f6eb4c014972c90c9c5b864926485decf8cbf577
	SHA256	3e2a6fef1cb97d864c400af8176eeff06434fe66598a84d52917599a7f0a02e6
SSDeep	1536:WSQqfhAPB5pSeQSwYnRQD2PQQDs6sRqHFdSfYVF9H0Tye:W9ZPZwkRQE3DXgKgaF5yye
Size	113197 bytes
File Type	PE32 executable (GUI) Intel 80386, for MS Windows
Detections	Avast = Win32:Trojan-gen Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Gen.Variant.Vundo Panda = Suspicious file K7AntiVirus = Riskware VirusBuster = Trojan.Priminay.A eTrust-Vet = Win32/Swisyn.DT Comodo = UnclassifiedMalware McAfee-GW-Edition = Artemis!9D540FD2C3B9 Microsoft = TrojanDownloader:Win32/Renos.KC Jiangmin = Trojan/Pirminay.jp McAfee = Artemis!9D540FD2C3B9 Avast5 = Win32:Trojan-gen AVG = Generic20.CKFC Norman = W32/Suspicious_Gen2.dam Sophos = Mal/Generic-E GData = Win32:Trojan-gen TheHacker = Trojan/Downloader.Agent.pxo NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Size : 111 kB File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2002:08:30 20:58:54-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 16384 Initialized Data Size : 618496 Uninitialized Data Size : 0 Entry Point : 0x44c0 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI Warning : Error processing PE data dictionary
VirusTotal Report submitted 2011-03-24 23:31:43
VirusShare info last updated 2012-10-01 14:55:22

	MD5	9e9036b6ea5ad9abede3d6256a7551f2
	SHA1	9e91ff06814139b7f7eea3d57668ea5d60a2dee9
	SHA256	3942cc37027e7e091006c255e099ce92ad84a839d194faac41452b41bd86b0b4
SSDeep	3072:q18A8Me7T/ndqC8QSVORTN1hCXn1wMwHyaXnTcRJGVHwP54LxtjIPRZZlFa:q1mMe7Jq3VfwMwpVQWzIr
Size	150016 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:MalOb-GD Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Malware/Win32.Generic Panda = Trj/CI.A CAT-QuickHeal = Trojan.Agent.Gen SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Generic.evx!a Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Jiangmin = Trojan/Generic.gdwr McAfee = Generic.evx!a F-Secure = Gen:Heur.Ranpax.1 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-GD AVG = Generic23.AGPS GData = Gen:Heur.Ranpax.1 TheHacker = Trojan/Kryptik.ndf BitDefender = Gen:Heur.Ranpax.1 NOD32 = a variant of Win32/Kryptik.NDF
ExIF Data	File Size : 146 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2007:02:25 23:57:15-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 139264 Initialized Data Size : 53248 Uninitialized Data Size : 0 Entry Point : 0x22691 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Sqdxuwjyv Jtzvdxwxyfz File Description : RD Gateway QEC File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : tsgqec.dll Legal Copyright : © Pfsomcmvl Jfkoqfylawb. All rights reserved. Original Filename : tsgqec.dll Product Name : Qidllkosj® Windows® Mphwnomth Jumiqu Product Version : 6.1.7600.16385
VirusTotal Report submitted 2011-07-02 03:52:22
VirusShare info last updated 2012-10-01 15:18:05

	MD5	a0406b2d81c000a597cce00cc1cb8b5b
	SHA1	e82de2d38aa239671e36af51445cc3aeb862f4a9
	SHA256	5e1a9c54561b885a1badb88d67dbc71626dd25ef71a30e1c4ca2a3cfe0d27e8c
SSDeep	3072:gAnTAtg1mGphtc0dWfchq/CFNWR092Ko+MqqDLy/zzw/Gu:rnTAtg1ddWkybqqDLu/N
Size	171008 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.4.308 Avast = Win32:Rootkit-gen [Rtk] Ikarus = Trojan.Win32.Pirminay Panda = Suspicious file nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!6csmNaNjoVs TrendMicro-HouseCall = TROJ_GEN.R72C2G7 Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware TrendMicro = TROJ_GEN.R72C2G7 Microsoft = Trojan:Win32/Vundo.gen!AV PCTools = Trojan.Gen McAfee = Artemis!A0406B2D81C0 F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Rootkit-gen [Rtk] AVG = Generic23.AFWN Norman = W32/Suspicious_Gen2.NCOUV Symantec = Trojan.Gen.2 GData = Gen:Variant.Vundo.4 TheHacker = Trojan/Kryptik.npr BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.NPR
ExIF Data	File Size : 167 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:11:23 17:58:04-05:00 PE Type : PE32 Linker Version : 5.0 Code Size : 114688 Initialized Data Size : 110592 Uninitialized Data Size : 0 Entry Point : 0x1892e OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 4.0.2927.8 Product Version Number : 4.0.2927.8 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : Neutral Character Set : Unicode Company Name : Zyhlaedur Rrufoajwkyf File Description : Gtxcdmnvy Jet Expression Service File Version : 4.00.2927.8 Internal Name : MSJTES40 Legal Copyright : Copyright (C) Lebhektse Corp. 1997-1999 Original Filename : MSJTES40.DLL Product Name : Xftlvtgpr (R) Jet Product Version : 4.00.2927.8
VirusTotal Report submitted 2011-07-16 17:55:07
VirusShare info last updated 2012-10-01 15:47:36

	MD5	a1911b3dba49b0438092e46abdb1f984
	SHA1	a4e7fc192b77f9430c7aa06df444bf7ac6445826
	SHA256	3bccd26ad5082ac61c6518b342f4b35aa63b96240d00ebbe38e116d81ef659a0
SSDeep	3072:DVqnc857nZzYH3Df2hJWlpMqqDLy/YeX:Dp8tZUoJqqDLuz
Size	106496 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Vundo Panda = Generic Trojan Rising = Trojan.Win32.Generic.128A4EB6 K7AntiVirus = Riskware VirusBuster = Adware.KXRVLNQ!KKAn7rFt2cA eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R1BC2G2 Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Vundo.av McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.Smardec.75 TrendMicro = TROJ_GEN.R1BC2G2 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.ikcs McAfee = Generic Malware.ms F-Secure = Gen:Heur.Ranpax.1 VIPRE = Trojan.Win32.Kryptik.laq (v) eSafe = Win32.TRVundo F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.AHYR Norman = W32/Crypt.AWAV Sophos = Mal/Generic-L Symantec = Trojan.Gen GData = Gen:Heur.Ranpax.1 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.qgj BitDefender = Gen:Heur.Ranpax.1 NOD32 = a variant of Win32/Kryptik.QGJ
ExIF Data	File Size : 104 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:15 03:11:02-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 45056 Initialized Data Size : 114688 Uninitialized Data Size : 0 Entry Point : 0x71b6 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7000.0 Product Version Number : 6.1.7000.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Dqobcighi Wexdayufmti File Description : Jbwdkjait DirectMusic Wave File Version : 6.1.7000.0 (winmain_win7beta.081212-1400) Internal Name : Qvunieave DirectMusic Wave Legal Copyright : © Mjkuhcxyt Fdynyqlkbfc. All rights reserved. Original Filename : dsave.dll Product Name : Regkuctuq® Hndhxzt® Wzqbwbzfu Fmiopt Product Version : 6.1.7000.0
VirusTotal Report submitted 2012-05-20 05:04:31
VirusShare info last updated 2012-10-01 16:10:07

	MD5	a1ed70aa2504398abbb2a73c88319d3d
	SHA1	381204fefba351d355a7774f1f6572baf4fa27cb
	SHA256	3fcb042e525e1232d48681e100f86f8cc51bd31e8a0d9baa89385523e6127570
SSDeep	3072:uI07ubwT/gierrRFt9NKw7QPMCgONwaG:ryuwYR+wEPMzONwa
Size	103424 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.103424.AV Avast = Win32:MalOb-EI Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Malware/Win32.Generic Panda = Suspicious file Rising = Trojan.Win32.Generic.125FF1CE K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!i4WivqY357s VBA32 = AdWare.SuperJuan.xgb TrendMicro-HouseCall = TROJ_GEN.R30C2DP Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Vundo.av TrendMicro = TROJ_GEN.R30C2DP Microsoft = Trojan:Win32/Vundo.gen!AV F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) Prevx = High Risk Fraudulent Security Program Avast5 = Win32:MalOb-EI F-Prot = W32/Virtumonde.BZ.gen!Eldorado AVG = Generic2_c.BWVN Symantec = Trojan.Gen GData = Gen:Variant.Vundo.13 Commtouch = W32/Virtumonde.BZ.gen!Eldorado BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.GND
ExIF Data	File Size : 101 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:19 07:13:17-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 42496 Initialized Data Size : 96256 Uninitialized Data Size : 0 Entry Point : 0xb527 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7000.0 Product Version Number : 6.1.7000.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : Neutral Character Set : Unicode Company Name : Microsoft Corporation File Description : ActiveX Data Objects (Multi-Dimensional) File Version : 6.1.7000.0 (winmain_win7beta.081212-1400) Internal Name : msadomd.dll Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : msadomd.dll Product Name : Microsoft® Windows® Operating System Product Version : 6.1.7000.0
VirusTotal Report submitted 2011-04-29 06:56:36
VirusShare info last updated 2012-10-01 16:15:32

	MD5	a2906bacc15840493ceb868a5fb56072
	SHA1	041d63170d93e960ac1b9e8fa74a7cc4be3688df
	SHA256	3e5e7869c5deb6f4697c15f9e4b2d0cc770449797b476752545bd3a5ece1aa30
SSDeep	3072:S+IdB6rU50oY8ACpY6+cXj6gPdFznMqqDLy/QoDbc:Ceks50jdFzMqqDLuQ
Size	131072 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-HF [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/Genetic.gen nProtect = Trojan/W32.Genome.131072.E K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!q8Yq2y08y30 eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R72C2FU Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware DrWeb = Trojan.WinSpy.1185 TrendMicro = TROJ_GEN.R72C2FU Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr Jiangmin = Trojan/Generic.iswz F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) eSafe = Win32.TRVundo F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.TWH Norman = Vundo.UVS Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.lxf BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Size : 128 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:05 18:48:40-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 86016 Initialized Data Size : 86016 Uninitialized Data Size : 0 Entry Point : 0x151a7 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.1.4026.0 Product Version Number : 2.0.0.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : Ncpniezam Kdqqjqacykd File Description : Movie Maker Filters File Version : 2, 1, 4026, 0 Internal Name : WMM2FILT Legal Copyright : Copyright (C) Lfwckqjlh Corp, 2004 Legal Trademarks : Original Filename : WMM2FILT.DLL Private Build : Product Name : Windows Movie Maker Product Version : 2.1.4026.0 Special Build :
VirusTotal Report submitted 2012-05-20 19:55:06
VirusShare info last updated 2012-10-01 16:25:53

	MD5	a6d6896e1882d9b9af53d67895e972d6
	SHA1	4bcc816059f8a3dec164dc3372b369be9458c42b
	SHA256	5184b6a37718d7ecf04ca8a53e70c50b3a1880cf94843672036b10865b9116bf
SSDeep	3072:AWVYwqp4tZW79IIZnDcIpvWAoJCioEp+e+z4mRBDjyXG:AMqWtZwxpICZz4mRBny
Size	133120 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-GD [Cryp] Antiy-AVL = Trojan/win32.agent.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.FakeAV Rising = Trojan.Win32.Generic.128E7D27 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!QtdiVEdwx9g TrendMicro-HouseCall = TROJ_GEN.R11C2FJ Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Vundo!kl DrWeb = Trojan.WinSpy.1172 TrendMicro = TROJ_GEN.R11C2FJ Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Generic.ipsf McAfee = Vundo!kl ClamAV = PUA.Win32.Packer.Armadillo-93 F-Secure = Gen:Variant.Vundo.4 VIPRE = Virtumonde F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.AUNW Norman = W32/Kryptik.AIF Sophos = Mal/Generic-L GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Gen:Variant.Vundo.4 NOD32 = probably a variant of Win32/Kryptik.LXF
ExIF Data	File Size : 130 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:09 21:06:46-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 73728 Initialized Data Size : 98304 Uninitialized Data Size : 0 Entry Point : 0xfd9a OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 4.6.3.518 Product Version Number : 4.6.3.518 File Flags Mask : 0x30003f File Flags : (none) File OS : Windows 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Windows, Latin1 Company Name : Microsoft Corporation File Description : Microsoft DirectDraw File Version : 4.06.03.0518 Internal Name : ddraw.dll Legal Copyright : Copyright © Microsoft Corp. 1994-1999 Original Filename : ddraw.dll Product Name : Microsoft® DirectX for Windows® 95 and 98 Product Version : 4.06.03.0518
VirusTotal Report submitted 2012-06-06 20:17:32
VirusShare info last updated 2012-10-01 17:44:18

	MD5	aa1453b9d12ae1168e1b3c2f1a725d39
	SHA1	69544cb459ee06ae2d3bc8cfafec3d25946dba1c
	SHA256	845c327e0e5b16617acae6e3ea73ad9b6f4b9fcc05d8b144233cccdf164711ed
SSDeep	3072:p8kRiH/eppe23S1tdeCzbWfIir1fflMcIACjg0YcYmbRIryLcfBq8QOOW:I236HJWNqcaYJmbRrGBqtW
Size	102912 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.307200 Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Malware/Win32.Generic Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.13 K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_GEN.R47C2G4 Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Faldesc[RE] McAfee-GW-Edition = Vundo!jb DrWeb = Trojan.Smardec.82 TrendMicro = TROJ_GEN.R47C2G4 Kaspersky = HEUR:Trojan.Win32.Generic ViRobot = Trojan.Win32.Vundo.102912 Microsoft = Trojan:Win32/Vundo.gen!AV Jiangmin = Trojan/Generic.gddy McAfee = Vundo!jb F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-EI [Cryp] F-Prot = W32/Virtumonde.CD.gen!Eldorado AVG = Generic22.BFHJ GData = Gen:Variant.Vundo.13 Commtouch = W32/Virtumonde.CD.gen!Eldorado TheHacker = Trojan/Kryptik.lxf BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Size : 100 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:08:15 19:44:32-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 53248 Initialized Data Size : 90112 Uninitialized Data Size : 0 Entry Point : 0xa8a5 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6001.18000 Product Version Number : 6.0.6001.18000 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Crspatyrt Iiavhzuekfy File Description : Inttonhuv EAPHost Peer Client DLL File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840) Internal Name : eappprxy.dll Legal Copyright : © Tmzeezucf Orpcjqwwmcj. All rights reserved. Original Filename : eappprxy.dll Product Name : Egasnptin® Klrcaac® Cbpvxbcoj Nvuogg Product Version : 6.0.6001.18000
VirusTotal Report submitted 2011-07-05 16:35:17
VirusShare info last updated 2012-10-01 18:53:51

	MD5	aabf4d83d3d974bfbbe789c59ac212c3
	SHA1	67396ffba38164ac8d532e2beb2da05c92463083
	SHA256	8f8d77500005fca7406ed0d5dfb5506a36f2d3167d373c048a3683baa90570ab
SSDeep	1536:BLi7sLg7/0av0vKDN8WdOuCNs7tGj9MgcItv6txf4jiVmiEQIUMsXKukPi+psIuC:BG7s87/05SfVrxQjiAi4UMsXKukPi+pp
Size	98304 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-EI Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Gen Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.13 VirusBuster = Trojan.Kryptik!Z+aM5cyHhpM TrendMicro-HouseCall = TROJ_GEN.R4FC1FQ Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[RE] McAfee-GW-Edition = Generic.dx!zqe DrWeb = Trojan.Smardec.79 TrendMicro = TROJ_GEN.R4FC1FQ Microsoft = Trojan:Win32/Vundo Fortinet = W32/Dx.ZQE!tr PCTools = Trojan.Gen McAfee = Generic.dx!zqe F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-EI AVG = Generic23.AFRL Norman = W32/Suspicious_Gen2.MKWQV Symantec = Trojan.Gen GData = Gen:Variant.Vundo.13 TheHacker = Trojan/Kryptik.ndf BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.NDF
ExIF Data	File Size : 96 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:08:30 21:54:27-04:00 PE Type : PE32 Linker Version : 6.0 Code Size : 32768 Initialized Data Size : 98304 Uninitialized Data Size : 0 Entry Point : 0x86d1 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Unicode Company Name : Updhtwtvi Ruivycwxfwr File Description : Platform Specific Hardware Error Driver File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : pshed.dll Legal Copyright : © Pscomdbey Etlzzzaqrax. All rights reserved. Original Filename : pshed.dll Product Name : Cihplvzyu® Owrvvcy® Amdfatsht Chhvwn Product Version : 6.1.7600.16385
VirusTotal Report submitted 2011-06-30 05:58:13
VirusShare info last updated 2012-10-01 19:05:58

	MD5	abd451bc37333519efa6bac5855fcc30
	SHA1	058bd182b721d894ba21544e09187ca00e2e192e
	SHA256	8c0b3a25187ac17dc2103d4a84d94f1420344e56e4b8f3e6d3ceb8cbcd67970a
SSDeep	1536:nRa3I3AzWHWUYe3wgKh6/69QR4WboU0Y95usPsBDPWkgClLK20fvlnGozn7u6yUa:nRII3FHW9e3HQ6/6CRge3wbWpoGTlnGg
Size	95744 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/win32.agent.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Suspicious file K7AntiVirus = Riskware VirusBuster = Trojan.Vundo!wK6MU4sSEPY TrendMicro-HouseCall = TROJ_GEN.R72C2DQ Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.WinSpy.1328 TrendMicro = TROJ_GEN.R72C2DQ Microsoft = Trojan:Win32/Vundo.gen!AV ViRobot = Trojan.Win32.A.Monder.95744.E Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Generic.imne McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.JSF Norman = W32/Suspicious_Gen2.LRSWY Sophos = Troj/Virtum-Gen Symantec = Trojan.Gen GData = Gen:Variant.Vundo.4 Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Gen:Variant.Vundo.4 NOD32 = probably a variant of Win32/Kryptik.LXF
ExIF Data	File Size : 94 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:10 16:32:48-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 81920 Initialized Data Size : 49152 Uninitialized Data Size : 0 Entry Point : 0x14ab1 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.0 Product Version Number : 5.2.3790.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Xaaxgyesi Pewwrcilsmz File Description : Session Remote Control Utility File Version : 5.2.3790.0 (srv03_rtm.030324-2048) Internal Name : shadow Legal Copyright : © Dvituzzow Tqvhfjhgqcd. All rights reserved. Original Filename : shadow.exe Product Name : Ifimxlxgb® Dpbfokk® Hwwwivmmo Vlmpmg Product Version : 5.2.3790.0
VirusTotal Report submitted 2012-06-03 13:19:40
VirusShare info last updated 2012-10-01 19:27:11

	MD5	b15b6ca494f5723c78791a34a07e79cf
	SHA1	8863b45f06c8236ebd34e83456e76f31a8bfcde5
	SHA256	84a85a8744bac640d33af0b79ec2c95038dbf562ceb7f2e7a8da3bf96c7b81eb
SSDeep	1536:Bnn0mG0Bv9sh1+RiYhGbofLQ3FQ1CnCRJZuZMqqU+NV23S2a:B/G0Be/+RiY4boU8kZMqqDLy/a
Size	86528 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:Vundo-JW [Trj] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Fakeav.86528.R Panda = Trj/Genetic.gen nProtect = Trojan/W32.Agent.86528.MA K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!cbwUWK7U7GQ eTrust-Vet = Win32/Vundo.HSC TrendMicro-HouseCall = TROJ_GEN.R72C2FO Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Vundo!kf DrWeb = Trojan.WinSpy.1072 TrendMicro = TROJ_GEN.R72C2FO Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr Jiangmin = Trojan/Generic.gije McAfee = Vundo!kf F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Vundo-JW [Trj] F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.HAQ Norman = W32/Suspicious_Gen2.NIRLB Symantec = WS.Reputation.1 GData = Gen:Variant.Vundo.4 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.owy BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.OWY
ExIF Data	File Size : 84 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:13 09:32:51-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 32768 Initialized Data Size : 106496 Uninitialized Data Size : 0 Entry Point : 0x8a87 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Softpub Forwarder DLL File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : Softpub Forwarder DLL Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : Softpub Forwarder DLL Product Name : Microsoft® Windows® Operating System Product Version : 6.1.7600.16385
VirusTotal Report submitted 2011-09-16 19:52:55
VirusShare info last updated 2012-10-01 21:05:43

	MD5	b60b8838533537dc1fc7f7a450e46878
	SHA1	fe99da7d8e1cc81395c38b5cb1081c24531415df
	SHA256	8a0b3a547c4df7522d1bed06d03dad8f7a06397fc36f420e088d433d6fb71e36
SSDeep	3072:S+F26rU50oY8AC0lmucXB2CRdFzRMqqDLy/JoDbc:aekY50BlFz6qqDLuJ
Size	131072 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:Vundo-JX [Trj] Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/Genetic.gen nProtect = Trojan/W32.Genome.131072.E K7AntiVirus = Riskware VirusBuster = Trojan.Vundo.AKMH eTrust-Vet = Win32/Vundo.HPV!genus TrendMicro-HouseCall = TROJ_GEN.R72C2H1 Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Vundo.av SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Vundo!kc TrendMicro = TROJ_GEN.R72C2H1 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Vundo.KC!tr PCTools = Trojan.Gen McAfee = Vundo!kc F-Secure = Gen:Variant.Vundo.4 VIPRE = Virtumonde Avast5 = Win32:Vundo-JX [Trj] F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.CHKD Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.lxf BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Size : 128 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:05 18:48:40-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 86016 Initialized Data Size : 86016 Uninitialized Data Size : 0 Entry Point : 0x151a7 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.1.4026.0 Product Version Number : 2.0.0.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : Ncpniezam Kdqqjqacykd File Description : Movie Maker Filters File Version : 2, 1, 4026, 0 Internal Name : WMM2FILT Legal Copyright : Copyright (C) Lfwckqjlh Corp, 2004 Legal Trademarks : Original Filename : WMM2FILT.DLL Private Build : Product Name : Windows Movie Maker Product Version : 2.1.4026.0 Special Build :
VirusTotal Report submitted 2011-08-31 12:51:40
VirusShare info last updated 2012-10-01 22:26:12

	MD5	cd5bc7a6579b122ab6ab7a22075ceca4
	SHA1	542ebbf3f7d46a9d1b4742dfdb7bbe0ef730b823
	SHA256	3b7a86823d9218a197631a646a4bbe1c6b89d8b7c50355a18a554ebf7a6d7a22
SSDeep	1536:/ZqFgUMuscUEjraLkynrv6/uLzQNFH7Ow0KJdxxgPdJ8srdhH48HUlqim3ocUfL:/KzMvXEjraLkQS/fXxgPd93ULm3ocKL
Size	131072 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-EI Antiy-AVL = Trojan/win32.agent.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Gen Panda = Generic Trojan nProtect = Gen:Variant.Vundo.13 VirusBuster = Trojan.Kryptik!k2HoGfn+/nE TrendMicro-HouseCall = TROJ_GEN.R29C2F3 Comodo = UnclassifiedMalware McAfee-GW-Edition = Generic.dx!ztg TrendMicro = TROJ_GEN.R29C2F3 Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Dx.ZTG!tr PCTools = Trojan.Gen McAfee = Generic.dx!ztg F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:MalOb-EI AVG = Generic22.BRYM Norman = W32/Suspicious_Gen2.MNSJQ Symantec = Trojan.Gen GData = Gen:Variant.Vundo.13 TheHacker = Trojan/Kryptik.ndc BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.NDC
ExIF Data	File Size : 128 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:09:07 16:43:52-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 65536 Initialized Data Size : 98304 Uninitialized Data Size : 0 Entry Point : 0xceaa OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.10.2600.822 Product Version Number : 5.10.2600.822 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Unicode Company Name : NVIDIA Corporation File Description : NVIDIA® nForce(TM) Sata Performance Driver File Version : 5.10.2600.0822 (NT.060926-1359) Internal Name : NVIDIA nForce(TM) SATA Driver Legal Copyright : Copyright(C) 2001-2006 NVIDIA Corporation Original Filename : nvstor.sys Product Name : NVIDIA nForce(TM) SATA Driver Product Version : 5.10.2600.0822
VirusTotal Report submitted 2011-07-03 11:22:48
VirusShare info last updated 2012-10-02 08:25:46

	MD5	cdbd09cf876bd47394557e10741067be
	SHA1	39c7c1f28194846ebc9501d229d86643a6c6c231
	SHA256	539c2dc963e2771c104b7d6a50e2a0a955d3cad8553cd23273a1c572be61bf28
SSDeep	3072:DRNSAPWHaD6P3BS8xjEldJ4mxLSrbkERHE9lw1NWD:DzWGKfQLBeHE8K
Size	116736 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-EI Antiy-AVL = Trojan/win32.agent.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Gen Panda = Trj/CI.A nProtect = Trojan.Generic.KDV.222013 TrendMicro-HouseCall = TROJ_GEN.R47C2EH Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Artemis!CDBD09CF876B TrendMicro = TROJ_GEN.R47C2EH Microsoft = Trojan:Win32/Vundo PCTools = Trojan.Gen McAfee = Artemis!CDBD09CF876B F-Secure = Trojan.Generic.KDV.222013 VIPRE = Virtumonde Prevx = Medium Risk Malware Avast5 = Win32:MalOb-EI AVG = Generic22.ANEP Symantec = Trojan.Gen GData = Trojan.Generic.KDV.222013 TheHacker = Trojan/Kryptik.lxf BitDefender = Trojan.Generic.KDV.222013 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Size : 114 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:03:23 11:26:14-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 102400 Initialized Data Size : 57344 Uninitialized Data Size : 0 Entry Point : 0x15bc1 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2001.12.4414.700 Product Version Number : 3.0.0.4414 File Flags Mask : 0x003f File Flags : Special build File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Windows, Latin1 Company Name : Mlkjnpewu Pjenvzsigtw File Version : 2001.12.4414.700 Internal Name : MTXLEGIH.DLL Legal Copyright : Copyright (C) Nifzwuacg Corp. 1995-1999 Legal Trademarks : Hfgeyufkn(R) is a registered trademark of Iudrtbrsi Uaeteqpwngc. Rzbnqbl(TM) is a trademark of Qsudlppwc Ylbhomwlaxg Product Name : COM Services Product Version : 03.00.00.4414
VirusTotal Report submitted 2011-05-19 00:08:22
VirusShare info last updated 2012-10-02 08:38:31

	MD5	cfc8c6fec7ff236bb5a48cf1a2320f17
	SHA1	b33d8122b9bfc8af88a524442d0fd6685e0927cf
	SHA256	5d6c3eca2b920bc68359b33a962658fd8442ba9dc19f5744ffba446c347fe48a
SSDeep	3072:fhDno+Iae0jLs0x0nd93qQ5JQnglMMqqDLy/HhmGTWp41AJh/H:f1nUcwn75SKqqDLuBmGTWcAT
Size	163840 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:Adware-gen [Adw] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Fakeav.163840.EV Panda = Trj/CI.A eTrust-Vet = Win32/Monder.A!generic TrendMicro-HouseCall = TROJ_GEN.R47C2G4 Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Vundo!jb TrendMicro = TROJ_GEN.R47C2G4 Microsoft = Trojan:Win32/Vundo.gen!AV McAfee = Vundo!jb F-Secure = Trojan.Generic.KDV.277402 VIPRE = Virtumonde Avast5 = Win32:Adware-gen [Adw] AVG = Generic23.YXL GData = Trojan.Generic.KDV.277402 BitDefender = Trojan.Generic.KDV.277402 NOD32 = Win32/Adware.Virtumonde.NHD
ExIF Data	File Size : 160 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:14 06:08:13-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 86016 Initialized Data Size : 118784 Uninitialized Data Size : 0 Entry Point : 0x1147a OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.5479.0 Product Version Number : 6.0.5479.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : SEIKO EPSON CORPORATION File Description : EPSON Print Processor ESC/Page-S File Version : 6.0.5479.0 (vbl_wcp_d2_drivers.060616-1619) Internal Name : ep0lpp01.dll Legal Copyright : Copyright (c) SEIKO EPSON CORPORATION 2006. All rights reserved. Original Filename : ep0lpp01.dll Product Name : EPSON Print Processor ESC/Page-S Product Version : 6.0.5479.0
VirusTotal Report submitted 2011-07-05 16:49:41
VirusShare info last updated 2012-10-02 09:53:03

	MD5	d54dd5c529d0c193979759eec6ae71da
	SHA1	c10536e2a139c37fce10d7abe1cd197a512b4b7f
	SHA256	8614b91a795b22686edc33b4f43369bf4cac3a002b17e7a03d6aec7657f398ec
SSDeep	1536:wkYQ3mG82i9shG4iYH6bo6LQ3FM1CnCRJZuKMqqU+NV23S2v:wZG82n44iYaboF8kKMqqDLy/v
Size	86528 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:Vundo-JW [Trj] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Fakeav.86528.R Panda = Trj/Genetic.gen nProtect = Trojan/W32.Agent.86528.MA K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!Chm9sJOKpMY eTrust-Vet = Win32/Vundo.HSC TrendMicro-HouseCall = TROJ_GEN.R72C2FO Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Vundo!kf DrWeb = Trojan.WinSpy.1072 TrendMicro = TROJ_GEN.R72C2FO Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr Jiangmin = Trojan/Generic.gije McAfee = Vundo!kf F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Vundo-JW [Trj] eSafe = Win32.TRVundo F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.HVS Norman = W32/Suspicious_Gen2.NINBU GData = Gen:Variant.Vundo.4 Symantec = WS.Reputation.1 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.owy BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.OWY
ExIF Data	File Size : 84 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:13 09:32:51-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 32768 Initialized Data Size : 106496 Uninitialized Data Size : 0 Entry Point : 0x8a87 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Softpub Forwarder DLL File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : Softpub Forwarder DLL Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : Softpub Forwarder DLL Product Name : Microsoft® Windows® Operating System Product Version : 6.1.7600.16385
VirusTotal Report submitted 2011-09-15 19:32:19
VirusShare info last updated 2012-10-02 11:37:24

	MD5	e16bdb060ab794e5902ee951eb55cb41
	SHA1	b3689f6f6aa4c24f1e25ac386c93c9098fbb5576
	SHA256	8ddd4ef40ec3954b83b703e6831df83bd9a01a2b65a11fdf9406800f383669ae
SSDeep	6144:t8M8z95jHGnHrwRWp47dRh9qXjjTqqDLuo1GP:1WDmnLwROwdX9WGqnu1P
Size	286720 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-HH [Cryp] Antiy-AVL = Trojan/win32.agent.gen Ikarus = Trojan.Win32.Pirminay Panda = Suspicious file Rising = Trojan.Win32.Generic.128B7E41 nProtect = Trojan/W32.Vundo.286720 K7AntiVirus = Trojan VirusBuster = Trojan.Kryptik!CaMbxtCzn1g TrendMicro-HouseCall = TROJ_GEN.R29CCAF Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.WinSpy.1558 TrendMicro = TROJ_GEN.R29CCAF Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.H!generic Jiangmin = DangerousObject.Multi.zy McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Vundo.MH Norman = W32/Troj_Generic.AETF Sophos = Troj/Virtum-Gen Symantec = Trojan.Gen.2 GData = Gen:Variant.Vundo.4 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.lxf ESET-NOD32 = a variant of Win32/Kryptik.LXF BitDefender = Gen:Variant.Vundo.4
ExIF Data	File Size : 280 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:08:07 23:47:57-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 192512 Initialized Data Size : 135168 Uninitialized Data Size : 0 Entry Point : 0x2b90e OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Rimkfbumw Hiquikzvjle File Description : Swjcnel Management Instrumentation (WMI) File Version : 5.1.2600.0 (bbbjaraa.010817-1148) Internal Name : winmgmt Legal Copyright : © Nhtsbfywg Imjxlkcndew. All rights reserved. Original Filename : winmgmt.exe Product Name : Glrzlzatm® Lfvxhmk® Ulrlglboz Axyidn Product Version : 5.1.2600.0
VirusTotal Report submitted 2012-09-03 18:57:40
VirusShare info last updated 2012-10-02 15:21:22

	MD5	e1dafb2a3bc67c56fdb56d38739ce2a4
	SHA1	01eaab8f937a8ac96f83fa49af831ec923c4dffd
	SHA256	3e5ee506033b60bb0f4e513ff303969ba102c66a94be17c673c6aad4cae31992
SSDeep	1536:Ca3I3AzWHWUYe3wgKh6/69QR4WboU0YQ5kvPsBD+WlgarLKV0fvlm1oUn7u6ySh3:CII3FHW9e3HQ6/6CRg3kvwKWeGGwl8hy
Size	95744 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Suspicious file K7AntiVirus = Riskware VirusBuster = Trojan.Vundo!6Z9EptiAniE TrendMicro-HouseCall = TROJ_GEN.R72C2DR Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.WinSpy.1328 TrendMicro = TROJ_GEN.R72C2DR Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV ViRobot = Trojan.Win32.A.Monder.95744.E Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Generic.imne McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.KWT Norman = W32/Suspicious_Gen2.TOZZX Sophos = Troj/Virtum-Gen Symantec = Trojan.Gen GData = Gen:Variant.Vundo.4 Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Gen:Variant.Vundo.4 NOD32 = probably a variant of Win32/Kryptik.LXF
ExIF Data	File Size : 94 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:10 16:32:48-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 81920 Initialized Data Size : 49152 Uninitialized Data Size : 0 Entry Point : 0x14ab1 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.0 Product Version Number : 5.2.3790.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Xaaxgyesi Pewwrcilsmz File Description : Session Remote Control Utility File Version : 5.2.3790.0 (srv03_rtm.030324-2048) Internal Name : shadow Legal Copyright : © Dvituzzow Tqvhfjhgqcd. All rights reserved. Original Filename : shadow.exe Product Name : Ifimxlxgb® Dpbfokk® Hwwwivmmo Vlmpmg Product Version : 5.2.3790.0
VirusTotal Report submitted 2012-05-29 22:29:42
VirusShare info last updated 2012-10-02 15:29:42

	MD5	e51f43bd917832a1d36a0cafabf0a4dc
	SHA1	46bd2b803808f4744cd266fadfb07d1c2e44d8fe
	SHA256	82de8b093f244cd14c31056d2ebdcb2b7f0e2cbaacb7b0528463f209e8e877b7
SSDeep	1536:EKAGmGcBMs9shpuiYi+bogLQ3Fr1CnCRJZuZMqqU+NV23S2X:ETGyMtfuiYtboW8kZMqqDLy/X
Size	86528 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:Vundo-JW Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.FakeAV Panda = Suspicious file nProtect = Gen:Variant.Vundo.4 McAfee-GW-Edition = Generic.dx!zvr Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo McAfee = Generic.dx!zvr F-Secure = Gen:Trojan.Heur.LP.fu8@aKJP5vmi VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Vundo-JW eSafe = Win32.TRVundo AVG = Generic23.NBJ Norman = W32/Suspicious_Gen2.MXLBA GData = Gen:Trojan.Heur.LP.fu8@aKJP5vmi TheHacker = Trojan/Kryptik.owy BitDefender = Gen:Trojan.Heur.LP.fu8@aKJP5vmi NOD32 = a variant of Win32/Kryptik.OWY
ExIF Data	File Size : 84 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:13 09:32:51-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 32768 Initialized Data Size : 106496 Uninitialized Data Size : 0 Entry Point : 0x8a87 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Softpub Forwarder DLL File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : Softpub Forwarder DLL Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : Softpub Forwarder DLL Product Name : Microsoft® Windows® Operating System Product Version : 6.1.7600.16385
VirusTotal Report submitted 2011-06-22 05:52:18
VirusShare info last updated 2012-10-02 16:29:18

	MD5	e656da51470e2cae61fa14a800120f39
	SHA1	e607fe0e515ee5c047def20452448b9b822d187a
	SHA256	34b6c3777716b9a7d9d77814a27f62d9a22b0623a4e010ecd9b5524656573a54
SSDeep	3072:S+296rU50oY8AChDBrcXvs1E6dFz8MqqDLy/yoDbc:iekv50vwLFzPqqDLuy
Size	131072 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:Vundo-JX [Trj] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/Genetic.gen nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware VirusBuster = Trojan.Vundo.AKMH eTrust-Vet = Win32/Vundo.HPV!genus TrendMicro-HouseCall = TROJ_GEN.R47C1G2 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Generic.dx!zvx TrendMicro = TROJ_GEN.R47C1G2 Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Dx.ZVX!tr PCTools = Trojan.Gen McAfee = Generic.dx!zvx F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Vundo-JX [Trj] eSafe = Win32.TRVundo AVG = Generic23.VRP Norman = W32/Suspicious_Gen2.MYOYF Symantec = Trojan.Gen GData = Gen:Variant.Vundo.4 BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Size : 128 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:05 18:48:40-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 86016 Initialized Data Size : 86016 Uninitialized Data Size : 0 Entry Point : 0x151a7 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.1.4026.0 Product Version Number : 2.0.0.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : Ncpniezam Kdqqjqacykd File Description : Movie Maker Filters File Version : 2, 1, 4026, 0 Internal Name : WMM2FILT Legal Copyright : Copyright (C) Lfwckqjlh Corp, 2004 Legal Trademarks : Original Filename : WMM2FILT.DLL Private Build : Product Name : Windows Movie Maker Product Version : 2.1.4026.0 Special Build :
VirusTotal Report submitted 2011-07-06 08:08:49
VirusShare info last updated 2012-10-02 16:48:56

	MD5	f03d4922336ac583e45b84648bc08c67
	SHA1	c642aefed5799b5e067bcb9ca23a67a6e1cfb3be
	SHA256	300c9b965922247ce25225b586b1b41eaa620e6a41443e07d3776cd60a728d06
SSDeep	3072:sJRkKpPRwWm7P/v20ObqlpMqqDLy/iBRyfu6fp:CaWA/vDObRqqDLuiXifp
Size	135168 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-HH [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.HDC Panda = Suspicious file nProtect = Gen:Variant.Vundo.13 K7AntiVirus = Riskware eTrust-Vet = Win32/Monder.A!generic TrendMicro-HouseCall = TROJ_GEN.R47C7KB Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Artemis!F03D4922336A DrWeb = Trojan.WinSpy.1374 TrendMicro = TROJ_GEN.R47C7KB Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.imog McAfee = Artemis!F03D4922336A F-Secure = Gen:Variant.Vundo.13 VIPRE = Virtumonde F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.BPZI Norman = W32/Suspicious_Gen2.RPRLA Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.13 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/DownloaderKryptik.qgj BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.QGJ
ExIF Data	File Size : 132 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2002:03:16 07:16:42-05:00 PE Type : PE32 Linker Version : 5.12 Code Size : 73728 Initialized Data Size : 118784 Uninitialized Data Size : 0 Entry Point : 0xe0d6 OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 4.0.4403.2 Product Version Number : 4.0.4403.2 File Flags Mask : 0x0003 File OS : Win32 Object File Type : Dynamic link library File Subtype : 101 Language Code : English (U.S.) Character Set : Windows, Latin1 Company Name : Microsoft Corporation File Description : ODBC (3.0) driver for text files File Version : 4.0.4403.2 Legal Copyright : Copyright © Microsoft Corporation 1991-1999 Legal Trademarks : ODBC(TM) is a trademark of Microsoft Corporation. Microsoft® is a registered trademark of Microsoft Corporation. Windows(TM) is a trademark of Microsoft Corporation. Product Name : ODBC (3.0) driver for text files Product Version : 4.00.4403.2 File Flags :
VirusTotal Report submitted 2011-12-13 03:29:57
VirusShare info last updated 2012-10-02 20:09:56

	MD5	f30a3d4accf02a32ee5e00fa226e6edd
	SHA1	cf5c2ac19ec412b9c66a8b4566e82e5610b9a7e8
	SHA256	3058a44b4e0f6419ee3c406c834af320c626a3d099605dd12910c11ee9a50c91
SSDeep	3072:Lt7vak/H7ztj7oheqxweCrf7vTixJfULmIbEo7jV1F:LtjakFfoheMweuLwJ8LmMBb
Size	120832 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-GD Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Gen Panda = Trj/CI.A K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik.Gen.16 TrendMicro-HouseCall = TROJ_GEN.R72C2FO Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Artemis!F30A3D4ACCF0 TrendMicro = TROJ_GEN.R72C2FO Microsoft = Trojan:Win32/Vundo PCTools = Trojan.Gen McAfee = Artemis!F30A3D4ACCF0 F-Secure = Trojan.Generic.6158631 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-GD AVG = Generic23.JBG Symantec = Trojan.Gen GData = Trojan.Generic.6158631 TheHacker = Trojan/Kryptik.npn BitDefender = Trojan.Generic.6158631 NOD32 = a variant of Win32/Kryptik.NPN
ExIF Data	File Size : 118 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:14 13:39:47-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 69632 Initialized Data Size : 94208 Uninitialized Data Size : 0 Entry Point : 0x11a81 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1.3.0.3130 Product Version Number : 1.3.0.3130 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Jywyluocc Vhpbrgajfmp File Description : TDC ActiveX Control File Version : 1, 3, 0, 3130 Internal Name : TDC Legal Copyright : Copyright © 1996, 1997 Original Filename : TDC.OCX Product Name : Tabular Data Control Product Version : 1, 3, 0, 3130
VirusTotal Report submitted 2011-07-04 18:25:49
VirusShare info last updated 2012-10-02 21:01:24

	MD5	f6031d94cf2e80ba3ed9e74137b29662
	SHA1	f88e557db4c6325799d2e214c9d436d63ccf2df7
	SHA256	86ea0364588d5b03dfd53b86c6cb653ab91f733eeb058d2a267b0ba3da2a3285
SSDeep	3072:BfyVSw+AJFHW2196fLxpClQag/UxSTfnYbMLTxNXSTldMqqDLy/iHN:8wMFHW8kwQ4GyMxNXSwqqDLui
Size	144896 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Malware/Win32.Generic Panda = Generic Malware nProtect = Gen:Variant.Vundo.4 VirusBuster = Trojan.Vundo.Gen!Pac.49 CAT-QuickHeal = Trojan.Vundo.av SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[RE] McAfee-GW-Edition = Artemis!F6031D94CF2E DrWeb = Trojan.MulDrop2.36782 Microsoft = Trojan:Win32/Vundo.gen!AV McAfee = Artemis!F6031D94CF2E F-Secure = Gen:Variant.Vundo.4 VIPRE = Virtumonde Avast5 = Win32:Malware-gen AVG = Generic23.OKC GData = Gen:Variant.Vundo.4 TheHacker = Trojan/Kryptik.lxf BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Size : 142 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:04:05 16:27:57-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 114688 Initialized Data Size : 86016 Uninitialized Data Size : 0 Entry Point : 0x17b96 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 8 Language Code : English (U.S.) Character Set : Unicode Company Name : Tdidwjbjy Lwycvszvikq File Description : Recqmufhl Sound Mapper File Version : 6.0.6000.16386 (nvpsl_rtm.061101-2205) Internal Name : Xtikbbjzg Sound Mapper Legal Copyright : © Microsoft Gkijxsdsygc. All rights reserved. Original Filename : msacm32.acm Product Name : Vywjlybww® Torzzwr® Opufkodvw Ajxsio Product Version : 6.0.6000.16386
VirusTotal Report submitted 2011-07-04 11:33:36
VirusShare info last updated 2012-10-02 21:55:37

	MD5	f7f7cd4fd56a15fada5621b020ea1e7a
	SHA1	f288fa049ac2a2622b4ccdafca17c31ebd7b2c0f
	SHA256	8e16e5070af0165cedc5f237bd913cc4a7fba52d11717419079849cc3269ddd2
SSDeep	1536:ya3I3AzWHWUYe3wgKh6/69QR4WboU0Yn5UPsBDhW1gDgyLKI0fvlUoBn7u6ydKu:yII3FHW9e3HQ6/6CRgwUw1WuDlGdlUEX
Size	95744 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-EI Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Malware/Win32.Generic Panda = Trj/CI.A K7AntiVirus = Riskware VirusBuster = Trojan.Vundo!hxBBqoqqLuA TrendMicro-HouseCall = TROJ_GEN.R72C2DQ SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Artemis!F7F7CD4FD56A TrendMicro = TROJ_GEN.R72C2DQ Microsoft = Trojan:Win32/Vundo McAfee = Artemis!F7F7CD4FD56A F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:MalOb-EI AVG = Generic22.JVG Norman = W32/Suspicious_Gen2.LRSUP BitDefender = Gen:Variant.Vundo.4 NOD32 = probably a variant of Win32/Kryptik.LXF
ExIF Data	File Size : 94 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:10 16:32:48-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 81920 Initialized Data Size : 49152 Uninitialized Data Size : 0 Entry Point : 0x14ab1 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.0 Product Version Number : 5.2.3790.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Xaaxgyesi Pewwrcilsmz File Description : Session Remote Control Utility File Version : 5.2.3790.0 (srv03_rtm.030324-2048) Internal Name : shadow Legal Copyright : © Dvituzzow Tqvhfjhgqcd. All rights reserved. Original Filename : shadow.exe Product Name : Ifimxlxgb® Dpbfokk® Hwwwivmmo Vlmpmg Product Version : 5.2.3790.0
VirusTotal Report submitted 2011-05-05 19:43:37
VirusShare info last updated 2012-10-02 22:28:50

	MD5	f97d6882b6c27ad5edc8b6ccd2193000
	SHA1	96046228c3d0e4ea63b5af269eb69c23e19e08b5
	SHA256	5faf220d02f97f8fa134586d94e963cc812b3c10015499e2b8152c8716a81987
SSDeep	3072:HDjlob74SN0faHVEMcNCRXrrRt8bUvEkbrrbtwGg6lnMqqDLy/nqdW4qhbAZ:jjlO7440faHVFcNCRXrVObeEkb5wGg7c
Size	175104 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Gen Panda = Generic Trojan nProtect = Gen:Variant.Vundo.13 K7AntiVirus = Riskware VirusBuster = Trojan.Vundo.Gen!Pac.49 eTrust-Vet = Win32/Monder.A!generic TrendMicro-HouseCall = TROJ_GEN.R30C2GN Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Vundo!jw TrendMicro = TROJ_GEN.R30C2GN Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.ikhf McAfee = Vundo!jw F-Secure = Gen:Variant.Vundo.13 VIPRE = Virtumonde F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.PHL Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.13 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Gen:Variant.Vundo.13 NOD32 = probably a variant of Win32/Kryptik.LXF
ExIF Data	File Size : 171 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2005:03:16 15:07:21-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 114688 Initialized Data Size : 118784 Uninitialized Data Size : 0 Entry Point : 0x18112 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 12 Language Code : English (U.S.) Character Set : Unicode Company Name : Oqxscvscm Cqwohydmllc File Description : Ybzoqqqdg Fax TIFF library File Version : 6.0.6000.16386 (wnxop_rtm.061101-2205) Internal Name : FXSTIFF.DLL Legal Copyright : © Ovovhpusx Corporation. All rights reserved. Original Filename : FXSTIFF.DLL Product Name : Phlfrzxjd® Kvhzovi® Oxonrjslv Whyjca Product Version : 6.0.6000.16386
VirusTotal Report submitted 2011-10-21 02:33:48
VirusShare info last updated 2012-10-02 22:56:28

	MD5	fd803b89b116cfd3583abdbe6ee1d1b2
	SHA1	4f75c03944a6fbe491684fe8a8cf6fd35ecdad8f
	SHA256	337bbbcf73d5c31631c33a25f8274bbc7bfe134294874424a378aa9d93546f7e
SSDeep	3072:6KGfDp1SP5EX7Solsfm6vBdFqoGMqqDLy/870:8l1UoKdPqqDLu
Size	155648 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay Panda = Suspicious file nProtect = Gen:Variant.Vundo.4 TrendMicro-HouseCall = TROJ_GEN.R4FC2GH Emsisoft = Trojan.Win32.Pirminay!IK TrendMicro = TROJ_GEN.R4FC2GH Microsoft = Trojan:Win32/Vundo.gen!AV F-Secure = Gen:Variant.Vundo.4 VIPRE = Virtumonde Avast5 = Win32:Malware-gen AVG = Cryptic.CZO GData = Gen:Variant.Vundo.4 BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Size : 152 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:22 10:44:33-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 110592 Initialized Data Size : 86016 Uninitialized Data Size : 0 Entry Point : 0x17802 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 2 Language Code : Neutral Character Set : Unicode Company Name : Microsoft Corporation File Description : Ukrainian (Enhanced) Keyboard Layout File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : kbdur1 (3.13) Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : kbdur1.dll Product Name : Microsoft® Windows® Operating System Product Version : 6.1.7600.16385
VirusTotal Report submitted 2011-07-18 19:22:31
VirusShare info last updated 2012-10-03 00:21:23

	MD5	fe172fe7d4c790afe2c47d83e83bb1ad
	SHA1	e272408f7a5e2829bca73e272bb11204b4598e48
	SHA256	5ec32a145543297925ba021b6c2e6c53a273abe579e137189703d7752dce7935
SSDeep	6144:ilDvO7VFgpl+vtU7gMyfKWflAfxR/omKZ/qqDLuPuM:ilDm7ylgU7gfKWtVhiqnuPu
Size	220160 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.A.945 Avast = Win32:Trojan-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Malware/Win32.Generic Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.6 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!TeUqZDLuRxw TrendMicro-HouseCall = TROJ_GEN.R72C2FU Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Vundo!iy DrWeb = Trojan.Smardec.75 TrendMicro = TROJ_GEN.R72C2FU Microsoft = Trojan:Win32/Vundo Fortinet = W32/Vundo.IY!tr McAfee = Vundo!iy F-Secure = Gen:Variant.Vundo.6 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:Trojan-gen eSafe = Win32.TRVundo AVG = Generic23.UBH Norman = W32/Suspicious_Gen2.MYUDW GData = Gen:Variant.Vundo.6 BitDefender = Gen:Variant.Vundo.6 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Size : 215 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:03:26 09:32:35-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 155648 Initialized Data Size : 118784 Uninitialized Data Size : 0 Entry Point : 0x26307 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.5479.0 Product Version Number : 6.0.5479.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 1 Language Code : English (U.S.) Character Set : Unicode Company Name : SEIKO EPSON CORPORATION File Description : EPSON Printer Driver File Version : 6.0.5479.0 (vbl_wcp_d2_drivers.060616-1619) Internal Name : ep0lvr11.dll Legal Copyright : Copyright (c) SEIKO EPSON CORPORATION 2003-2004. All rights reserved. Original Filename : ep0lvr11.dll Product Name : EPSON Printer Driver Product Version : 6.0.5479.0
VirusTotal Report submitted 2011-07-10 07:21:34
VirusShare info last updated 2012-10-03 00:35:04

	MD5	293729a4aec31b9e2316c9c31955bd3e
	SHA1	924ceb0218d9e6bea2c6939747ee96bd8ee6a69c
	SHA256	3a42bbe9aa06689de404e5dbb06e8441c3a9eebad94b8ab2e089b8c802888ca4
SSDeep	6144:RaXq7RGInirx4MR+m2cmlbyFWwv55cAnnoNr/:wqnyubYl55/no
Size	217088 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-GD [Cryp] Ikarus = Trojan.Win32.Pirminay Kingsoft = Win32.Troj.Undef.(kcloud) AhnLab-V3 = Trojan/Win32.HDC Panda = Suspicious file Rising = Trojan.Vundo!3CB2 K7AntiVirus = Trojan TrendMicro-HouseCall = TROJ_GEN.R72C2FJ Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Vundo.gen.fy DrWeb = Trojan.WinSpy.1306 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Generic.gtuz McAfee = Vundo.gen.fy F-Secure = Gen:Variant.Vundo.6 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CP.gen!Eldorado AVG = Generic22.AXLS Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.6 Commtouch = W32/Virtumonde.CP.gen!Eldorado Agnitum = Trojan.Kryptik!Ss/0HpEc8hM ESET-NOD32 = probably a variant of Win32/Kryptik.LXF BitDefender = Gen:Variant.Vundo.6
ExIF Data	File Size : 212 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:08:10 09:01:37-04:00 PE Type : PE32 Linker Version : 6.0 Code Size : 151552 Initialized Data Size : 102400 Uninitialized Data Size : 0 Entry Point : 0x25a31 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.5479.0 Product Version Number : 6.0.5479.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 1 Language Code : English (U.S.) Character Set : Unicode Company Name : SEIKO EPSON CORPORATION File Description : EPSON Printer Driver File Version : 6.0.5479.0 (vbl_wcp_d2_drivers.060616-1619) Internal Name : ep0lvr1m.dll Legal Copyright : Copyright (c) SEIKO EPSON CORPORATION 2003-2004. All rights reserved. Original Filename : ep0lvr1m.dll Product Name : EPSON Printer Driver Product Version : 6.0.5479.0
VirusTotal Report submitted 2012-09-30 02:26:49
VirusShare info last updated 2012-10-03 08:12:16

	MD5	543b10606178bb729e94da043f0dda23
	SHA1	b3247776e67ed331ad00cdea80b0f9b9924b9721
	SHA256	5ff4d7cec073bc62f766718daee967ceba661701a59629febc5b90bb3ab1c95b
SSDeep	3072:l0URWVAcR4enPgAfqpb93sg2elSMqqDLy/l5kS:lhNcR4ePspxeCqqDLuV
Size	136704 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-HF [Cryp] Antiy-AVL = Trojan/win32.agent.gen Ikarus = Trojan.Win32.Pirminay Rising = Trojan.Vundo!3CB2 nProtect = Trojan/W32.Agent.136704.HD K7AntiVirus = Trojan eScan = Trojan.Generic.6421193 TrendMicro-HouseCall = TROJ_GEN.RCBC1HB Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Win32.Vundo.av5.AD SUPERAntiSpyware = Trojan.Agent/Gen-Falleg[Cont] McAfee-GW-Edition = Vundo.gen.fy DrWeb = Trojan.Virtumod.10084 TrendMicro = TROJ_GEN.RCBC1HB Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV ViRobot = Trojan.Win32.A.Monder.136704 Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Generic.ineh McAfee = Vundo.gen.fy F-Secure = Trojan.Generic.6421193 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Vundo.MH Norman = W32/Suspicious_Gen2.QGSUZ Sophos = Mal/Generic-L Symantec = Trojan.Gen GData = Trojan.Generic.6421193 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.myj BitDefender = Trojan.Generic.6421193 ESET-NOD32 = a variant of Win32/Kryptik.MYJ
ExIF Data	File Size : 134 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:20 09:51:04-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 106496 Initialized Data Size : 86016 Uninitialized Data Size : 0 Entry Point : 0x1649a OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 0.90.16.16384 Product Version Number : 0.90.16.16384 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Unicode Company Name : N-trig Innovative Technologies File Description : N-trig tablet digitizer in-box driver File Version : 0.90.16.16384 (Vista_RC1.060509-2219) Internal Name : ntrigdigi.sys Legal Copyright : © Crhnesmrg Reogypswwyj. All rights reserved. Original Filename : ntrigdigi.sys Product Name : N-trig tablet digitizer in-box driver Product Version : 0.90.16.16384
VirusTotal Report submitted 2012-09-30 17:45:27
VirusShare info last updated 2012-10-03 13:36:45

	MD5	d4d8c5c60d45661bdaf36bd48f792946
	SHA1	32de2ad8ad62ed359f0adebfb20a4e93dafb336f
	SHA256	399ad25985aa8167e4f0f7654cccae600811b36241f358b42d22ff604e8887db
SSDeep	3072:b56qYqi8pIgYlcmWyYkMXRQemRgMqqDLy/m:16zqhpIXciMX+eULqqDLu
Size	122368 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:MalOb-HH [Cryp] Antiy-AVL = Trojan/win32.agent.gen Ikarus = Trojan.Win32.Pirminay Kingsoft = Win32.Troj.Generic.(kcloud) AhnLab-V3 = Trojan/Win32.HDC Panda = Generic Trojan Rising = Trojan.Vundo!3CB2 K7AntiVirus = Trojan TrendMicro-HouseCall = TROJ_GEN.R72C1H5 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Vundo.av SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[Cont] McAfee-GW-Edition = Generic Malware.ms Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Generic.ytfe McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.AHTW Norman = W32/Suspicious_Gen2.PMOJM Symantec = Trojan.Gen GData = Gen:Variant.Vundo.4 Commtouch = W32/Virtumonde.CH.gen!Eldorado Agnitum = Trojan.Kryptik!Hw/8ZU1uuIU ESET-NOD32 = a variant of Win32/Kryptik.OXO BitDefender = Gen:Variant.Vundo.4
ExIF Data	File Size : 120 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2005:04:13 14:15:08-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 98304 Initialized Data Size : 73728 Uninitialized Data Size : 0 Entry Point : 0x18af7 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7000.0 Product Version Number : 6.1.7000.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 2 Language Code : Neutral Character Set : Unicode Company Name : Befnsgrjs Olxhvabfjav File Description : Bulgarian (Phonetic Traditional) Keyboard Layout File Version : 6.1.7000.0 (winmain_win7beta.081212-1400) Internal Name : kbdbgph1 (3.13) Legal Copyright : © Ukhfwutil Ymwcvkhykgy. All rights reserved. Original Filename : kbdbgph1.dll Product Name : Vkjptbjlc® Oteugza® Uuepeqolu Biixnp Product Version : 6.1.7000.0
VirusTotal Report submitted 2012-10-02 15:30:25
VirusShare info last updated 2012-10-04 09:10:38

	MD5	dde387d63048bebdff0e812564858c32
	SHA1	a80bd91ea45a94e4ff8b450382ebad2000912c97
	SHA256	339dc1b39e08c1752db027ae435ec4efd63a2582c2a059748deed7ffcb3f483a
SSDeep	1536:qXYj4dtNJu3G8fN70wamFILh01Y3hyNSkY6Y9l/MqqU+NV23S2pMnew:q38170wSyyG7Cl/MqqDLy/pZw
Size	115712 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-HF [Cryp] Ikarus = Trojan.Win32.Pirminay Kingsoft = Win32.Troj.Undef.(kcloud) Panda = Trj/Genetic.gen Rising = Trojan.Vundo!3CB2 nProtect = Trojan/W32.Monder.115712.D K7AntiVirus = Trojan TrendMicro-HouseCall = TROJ_VIRTUMONDE_00001cf.TOMA Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Win32.Trojan.Monder.co.5 SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[Cont] McAfee-GW-Edition = Heuristic.BehavesLike.Win32.Suspicious-BAY.K DrWeb = Trojan.WinSpy.1176 TrendMicro = HT_VIRTUMONDE_00001ad.TOMA Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Vundo TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Generic.ijpf McAfee = Vundo.gen.fy F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Vundo.MH Norman = W32/Crypt.AWAT Sophos = Troj/Virtum-Gen Symantec = Trojan.Vundo!gen9 GData = Gen:Variant.Vundo.4 Commtouch = W32/Virtumonde.CH.gen!Eldorado Agnitum = Adware.Virtumonde.Gen.2 TheHacker = Trojan/Kryptik.qgj ESET-NOD32 = Win32/Adware.Virtumonde.NHD BitDefender = Gen:Variant.Vundo.4
ExIF Data	File Size : 113 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:07:28 14:37:02-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 73728 Initialized Data Size : 90112 Uninitialized Data Size : 0 Entry Point : 0xe9c6 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.0.5.53 Product Version Number : 2.0.5.53 File Flags Mask : 0x30003f File Flags : Pre-release, Private build File OS : Windows 16-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Windows, Latin1 Active Movie : Filter dll OLE Self Register : AM20 Company Name : Intel Ereuuuegcnp File Description : Indeo® audio software File Version : 2.05.53 Internal Name : iac25_32.ax Legal Copyright : Copyright © Intel Corp. 1997 Original Filename : iac25_32.ax Product Name : Indeo® audio software Product Version : 2.05.53
VirusTotal Report submitted 2012-10-02 18:13:55
VirusShare info last updated 2012-10-04 10:30:55

	MD5	fdb21ff33c5420d2f42bcdd15aed05f5
	SHA1	80c24218f70234b08823360eee59c244fb6226ef
	SHA256	35942985589649ad9cd061907a3775fb9dfaad3794321430eed685763d124b61
SSDeep	1536:BLiIsLW7t0aVJvpDN8MdORVNs7aX9DgcItv6txf4jiVmiEQRUMsXKukPi+psIuLG:BGIsa7t0KxurxQjiAiBUMsXKukPi+psA
Size	98304 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Vundo Panda = Trj/Genetic.gen Rising = Trojan.Vundo!3CB2 nProtect = Trojan.Vundo.7224 K7AntiVirus = Trojan TrendMicro-HouseCall = TROJ_GEN.RCBC1HB Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[Cont] McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.Smardec.79 TrendMicro = TROJ_GEN.RCBC1HB Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV MicroWorld-eScan = Trojan.Vundo.7224 Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Generic.ycxu McAfee = Generic Malware.ms F-Secure = Trojan.Vundo.7224 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CP.gen!Eldorado AVG = Vundo.MH Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen Symantec = Trojan.Gen GData = Trojan.Vundo.7224 Commtouch = W32/Virtumonde.CP.gen!Eldorado TheHacker = Trojan/Kryptik.ndf ESET-NOD32 = a variant of Win32/Kryptik.NDF BitDefender = Trojan.Vundo.7224
ExIF Data	File Size : 96 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:08:30 21:54:27-04:00 PE Type : PE32 Linker Version : 6.0 Code Size : 32768 Initialized Data Size : 98304 Uninitialized Data Size : 0 Entry Point : 0x86d1 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Unicode Company Name : Updhtwtvi Ruivycwxfwr File Description : Platform Specific Hardware Error Driver File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : pshed.dll Legal Copyright : © Pscomdbey Etlzzzaqrax. All rights reserved. Original Filename : pshed.dll Product Name : Cihplvzyu® Owrvvcy® Amdfatsht Chhvwn Product Version : 6.1.7600.16385
VirusTotal Report submitted 2012-10-03 04:26:00
VirusShare info last updated 2012-10-04 14:53:18

	MD5	e1e3f5bcc519fe7c2680abd6a1036d96
	SHA1	4ff44039fa83c59a136463ae9cc5e7ce3e26ca24
	SHA256	302a7de37ca5395980102ae52d6864db9e359c380100a4777d0de90a638588a9
SSDeep	3072:S+Lb6rU50oY8AC5opmcXEWn9dFzOMqqDLy/RoDbc:JekMU0EEFzlqqDLuR
Size	131072 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:Vundo-JX Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.4 VirusBuster = Trojan.Vundo.AKMH eTrust-Vet = Win32/Vundo.HPV!genus TrendMicro-HouseCall = TROJ_GEN.R47C2G4 Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Vundo!jb TrendMicro = TROJ_GEN.R47C2G4 Microsoft = Trojan:Win32/Vundo.gen!AV McAfee = Vundo!jb F-Secure = Gen:Variant.Vundo.4 VIPRE = Virtumonde Avast5 = Win32:Vundo-JX AVG = Generic23.APTZ GData = Gen:Variant.Vundo.4 BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Size : 128 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:05 18:48:40-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 86016 Initialized Data Size : 86016 Uninitialized Data Size : 0 Entry Point : 0x151a7 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.1.4026.0 Product Version Number : 2.0.0.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : Ncpniezam Kdqqjqacykd File Description : Movie Maker Filters File Version : 2, 1, 4026, 0 Internal Name : WMM2FILT Legal Copyright : Copyright (C) Lfwckqjlh Corp, 2004 Legal Trademarks : Original Filename : WMM2FILT.DLL Private Build : Product Name : Windows Movie Maker Product Version : 2.1.4026.0 Special Build :
VirusTotal Report submitted 2011-07-05 14:30:16
VirusShare info last updated 2012-10-07 01:56:09

	MD5	01a9358493d34873b3627db214aba983
	SHA1	243abab5d00615ef53818e4248827236afa2fe4f
	SHA256	3f936a0064034f98f0af566168563a39e22e67caf6b3b448a9f88f677fc1c0ff
SSDeep	1536:8u9WPfuq145cM4HG+GaV5gwXolN7gyQzBE9C2ejLn8Zd8KG+I:r5cMuGAolN7vK2QYZd8KpI
Size	70656 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/Downloader.YFJ nProtect = Gen:Variant.Graftor.310 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!2TV+9SEY7XI eTrust-Vet = Win32/Monder.A!generic TrendMicro-HouseCall = TROJ_GEN.R2EC1FF Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Vundo McAfee-GW-Edition = Generic.dx!zuj DrWeb = Trojan.Click1.60688 TrendMicro = TROJ_GEN.R2EC1FF Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen McAfee = Generic.dx!zuj F-Secure = Trojan.Generic.KDV.244913 VIPRE = Trojan.Win32.Kryptik.laq (v) eSafe = Win32.TRVundo F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.APVO Norman = W32/Suspicious_Gen2.MVGSU Sophos = Troj/Virtum-Gen GData = Trojan.Generic.KDV.244913 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.ndp BitDefender = Trojan.Generic.KDV.244913 NOD32 = a variant of Win32/Kryptik.NDP
ExIF Data	File Size : 69 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:05:10 03:51:51-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 24576 Initialized Data Size : 90112 Uninitialized Data Size : 0 Entry Point : 0x32e1 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.44.2.32 Product Version Number : 6.44.2.32 File Flags Mask : 0x003f File Flags : Private build File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Unicode Company Name : LSI Logic Corporation File Description : MegaRAID RAID Controller Driver for Qikzzbt Server 2003 for x86 File Version : 6.44.2.32 (NT.040809-2325) Internal Name : mraid35x.sys Legal Copyright : Copyright © LSI Logic Jofzefivxlc Original Filename : mraid35x.sys Product Name : MegaRAID Miniport Driver for Gviblmu Server 2003 for x86 Product Version : 6.44.2.32
VirusTotal Report submitted 2011-10-21 01:32:39
VirusShare info last updated 2012-10-07 23:53:48

	MD5	04c0be142fcf39924c6ed7ba309617ce
	SHA1	bed57678bf5f923a0dee05e5034e4206242956b1
	SHA256	5f7becc2d93e4a4aed392480ec0fa2abde268146fc38210e73632d9106d6881e
SSDeep	1536:j9q+mGkSs9shPg2iYjVboYALQ3FA1CnCRJZuQMqqU+NV23S2D:jGGkStdg2iYRboYH8kQMqqDLy/D
Size	86528 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:Vundo-JW Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.FakeAV Panda = Suspicious file nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_GEN.R72C2FP McAfee-GW-Edition = Vundo!iz TrendMicro = TROJ_GEN.R72C2FP Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo Jiangmin = Trojan/Generic.gije McAfee = Vundo!iz F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Vundo-JW eSafe = Win32.TRVundo AVG = Generic23.LJS Norman = W32/Suspicious_Gen2.NACST GData = Gen:Variant.Vundo.4 TheHacker = Trojan/Kryptik.owy BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.OWY
ExIF Data	File Size : 84 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:13 09:32:51-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 32768 Initialized Data Size : 106496 Uninitialized Data Size : 0 Entry Point : 0x8a87 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Softpub Forwarder DLL File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : Softpub Forwarder DLL Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : Softpub Forwarder DLL Product Name : Microsoft® Windows® Operating System Product Version : 6.1.7600.16385
VirusTotal Report submitted 2011-06-29 11:43:05
VirusShare info last updated 2012-10-08 02:11:17

	MD5	072e5312a08638ad7d01d2309f97ff43
	SHA1	a557379508b7bd81725d02f7f625e2a50e1b4cc3
	SHA256	891893c04dc49e91722a8a9d2d11dbfe2e83a8d950457747a0cc02e1315ebd37
SSDeep	1536:cdXPNHPVB7JJOZ3JFd26+qvLsS7EO1HTjJwA4TwKZ48WCHRogZTARP0BW/8:cdXh0Zm6+YQO1H1QwK5VQ0Bw8
Size	110080 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:MalOb-EI Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Gen Panda = Suspicious file Rising = Trojan.Win32.Generic.126845B9 nProtect = Trojan/W32.Vundo.110080.C K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!yE9p5AiPpbI TrendMicro-HouseCall = TROJ_GEN.R05C1AI Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Vundo McAfee-GW-Edition = Vundo!gv DrWeb = Trojan.Click1.34359 TrendMicro = TROJ_GEN.R05C1AI Microsoft = Trojan:Win32/Vundo PCTools = Trojan.Gen McAfee = Vundo!gv F-Secure = Gen:Variant.Vundo.5 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-EI F-Prot = W32/Virtumonde.BZ.gen!Eldorado AVG = Generic20.BCGT Norman = W32/Suspicious_Gen2.HKAJG Symantec = Trojan.Gen GData = Gen:Variant.Vundo.5 Commtouch = W32/Virtumonde.BZ.gen!Eldorado TheHacker = Trojan/Kryptik.itt BitDefender = Gen:Variant.Vundo.5 NOD32 = a variant of Win32/Kryptik.JGY
ExIF Data	File Size : 108 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:21 03:03:20-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 97792 Initialized Data Size : 48640 Uninitialized Data Size : 0 Entry Point : 0x18d17 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.0.2180.1 Product Version Number : 5.0.2180.1 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 4 Language Code : Neutral Character Set : Unicode Company Name : Microsoft Corporation File Description : ModeX Display Driver File Version : 5.00.2180.1 Internal Name : modex.dll Legal Copyright : Copyright (C) Microsoft Corp. 1981-1999 Original Filename : modex.dll Product Name : Microsoft(R) Windows (R) 2000 Operating System Product Version : 5.00.2180.1
VirusTotal Report submitted 2011-05-28 09:01:17
VirusShare info last updated 2012-10-08 04:11:41

	MD5	07662402521a57b5e73d01bf27937d46
	SHA1	8601dc0d94af2b4f69ac994ec59de86bbb772421
	SHA256	890a86e2f144ddbbe81f1464b7f579c3350d1666ff68eda604f2ff37adede8ef
SSDeep	3072:BMCFb8BxJlvOUJGovicOeVhixIsQZD286jtnJSbOIl3UxCoIMqqDLy/W1W:WCF853JtYeVA7fZIlCVqqDLugW
Size	188928 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Crypt.XPACK.Gen Avast = Win32:MalOb-HF [Cryp] Antiy-AVL = Trojan/win32.agent.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/CI.A Rising = Trojan.Win32.Generic.128ADBAC K7AntiVirus = Riskware VirusBuster = Trojan.Vundo.Gen!Pac.49 eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R4FC1HS Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Vundo!ju DrWeb = Trojan.MulDrop2.36782 TrendMicro = TROJ_GEN.R4FC1HS Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.irfm McAfee = Vundo!ju F-Secure = Gen:Variant.Katusha.5 VIPRE = Virtumonde eSafe = Win32.TRVundo F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.AELP Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Katusha.5 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.lxf BitDefender = Gen:Variant.Katusha.5 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Size : 184 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:11 22:43:04-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 147456 Initialized Data Size : 90112 Uninitialized Data Size : 0 Entry Point : 0x20b82 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.0.0.3422 Product Version Number : 2.0.0.3422 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : Microsoft Corporation File Description : Microsoft Agent Data Provider File Version : 2.00.0.3422 Internal Name : AgentDataProvider Legal Copyright : Copyright (C) Microsoft Corp. 1997-98 Legal Trademarks : Original Filename : AgentDpv.dll Private Build : Product Name : Microsoft Agent Data Provider Product Version : 2.00.0.3422 Special Build :
VirusTotal Report submitted 2012-02-15 15:44:44
VirusShare info last updated 2012-10-08 04:19:55

	MD5	0aa2b8f1b818301cac6fca6f2f2d8cf7
	SHA1	1329f7e353547ef4b3588ce1fd7a7eb184a8e968
	SHA256	8ddaa76a9b3ee2c4f083d6b6d822adad935c604be196f8f9384465413ddda166
SSDeep	3072:vs2RVlo1MqqDLy/vfxgzsuOVVFlkoay0z:0gRqqDLuBecVfnU
Size	106496 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:Trojan-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.FakeAV Panda = Generic Trojan nProtect = Gen:Variant.Vundo.13 TrendMicro-HouseCall = TROJ_GEN.R47C2G4 Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Vundo!ja DrWeb = Trojan.MulDrop2.36782 TrendMicro = TROJ_GEN.R47C2G4 Microsoft = Trojan:Win32/Vundo McAfee = Vundo!ja F-Secure = Gen:Variant.Vundo.13 VIPRE = Virtumonde Avast5 = Win32:Trojan-gen AVG = Generic23.GEL Symantec = Suspicious.Cloud.5 GData = Gen:Variant.Vundo.13 TheHacker = Trojan/Kryptik.npr BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.NPR
ExIF Data	File Size : 104 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:08:22 16:27:15-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 36864 Initialized Data Size : 118784 Uninitialized Data Size : 0 Entry Point : 0x5e8e OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.5512 Product Version Number : 5.1.2600.5512 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 4 Language Code : English (U.S.) Character Set : Unicode Company Name : Hhkpnmodi Gztyebnxsek File Description : RDP Display Driver File Version : 5.1.2600.5512 (xpsp.080413-2111) Internal Name : RDPDD.dll Legal Copyright : © Flaqhafxi Kjvcqccrztv. All rights reserved. Original Filename : RDPDD.dll Product Name : Iaunetfay® Dljbfjb® Pbkgrfwtm Qhktdp Product Version : 5.1.2600.5512
VirusTotal Report submitted 2011-07-05 07:34:16
VirusShare info last updated 2012-10-08 07:08:49

	MD5	0b25a575178094a1abf3a72d3be432a5
	SHA1	9e238fed0ca3fe365363e637f4d79b17e4d78af3
	SHA256	8f43a59128d2a0715f6e8154d1e47aa913b98a16ab33f3128e2620657d3a7b76
SSDeep	1536:RQS3YyRekhq10fcFy2rkw+M9EpeERm/TEyfXFWE/A8UE1H2xuS0q2l3:Z3Yy5hqishwGyeE8/TEyfXFS8X1WxO3
Size	131072 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Malware/Win32.Generic Panda = Trj/CI.A K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_GEN.R72C2D6 Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Vundo SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Artemis!0B25A5751780 TrendMicro = TROJ_GEN.R72C2D6 Microsoft = Trojan:Win32/Vundo McAfee = Artemis!0B25A5751780 F-Secure = Trojan.Generic.KDV.171601 VIPRE = Virtumonde Prevx = High Risk System Back Door Avast5 = Win32:Malware-gen AVG = Generic21.BLOF GData = Trojan.Generic.KDV.171601 BitDefender = Trojan.Generic.KDV.171601 NOD32 = probably a variant of Win32/Kryptik.LXF
ExIF Data	File Size : 128 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:08:08 12:20:53-04:00 PE Type : PE32 Linker Version : 5.12 Code Size : 110592 Initialized Data Size : 53248 Uninitialized Data Size : 0 Entry Point : 0x1bec1 OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7000.0 Product Version Number : 6.1.7000.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Hwlvhnnaf Hsopsnoqiga File Description : Media Foundation H264 Encoder File Version : 6.1.7000.0 (winmain_win7beta.081212-1400) Internal Name : Media Foundation H264 Encoder Legal Copyright : © Buukogwnp Qliirutbyfn. All rights reserved. Original Filename : mfH264Enc.dll Product Name : Tvzsjayqb® Odfhqkx® Tvuxpmkhy Oakqgn Product Version : 6.1.7000.0
VirusTotal Report submitted 2011-04-20 06:37:02
VirusShare info last updated 2012-10-08 07:33:03

	MD5	1011aaa278b6b6eaff01f32e15988603
	SHA1	a6246369a5294c0e61f791c9583b976ba05165f4
	SHA256	354e1eac8bba863273077a903ad0429724c64b8a4a307d575ea3ab49b1eeb531
SSDeep	1536:LVcwyVY1EEXfiAnSHrKP6PTKUQoH9B3/Cruy:5cPOu9AAOyPP9B3kV
Size	57856 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.57856.AV Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Packed/Win32.Generic Panda = Suspicious file Rising = Trojan.Win32.Generic.125B273C K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!hDdHPEhikUE VBA32 = AdWare.SuperJuan.xih TrendMicro-HouseCall = TROJ_GEN.R47C2LD Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Vundo.av McAfee-GW-Edition = Vundo!gu DrWeb = Trojan.Click1.29844 TrendMicro = TROJ_GEN.R47C2LD Microsoft = Trojan:Win32/Vundo.gen!AV PCTools = HeurEngine.MaliciousPacker Jiangmin = Trojan/Genome.kjk McAfee = Vundo!gu VIPRE = Trojan.Win32.Vundo Avast5 = Win32:Malware-gen F-Prot = W32/Virtumonde.BZ.gen!Eldorado AVG = Generic20.ANQS Norman = W32/Suspicious_Gen2.IBMNB Sophos = Mal/Generic-L Symantec = Packed.Generic.305 GData = Gen:Variant.Vundo.4 Commtouch = W32/Virtumonde.BZ.gen!Eldorado TheHacker = Trojan/Kryptik.gnd BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.GND
ExIF Data	File Size : 56 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:03:28 16:11:27-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 14848 Initialized Data Size : 78848 Uninitialized Data Size : 0 Entry Point : 0x479b OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7000.0 Product Version Number : 6.1.7000.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Windows Audit Settings CSE File Version : 6.1.7000.0 (winmain_win7beta.081212-1400) Internal Name : auditcse.dll Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : auditcse.dll Product Name : Microsoft® Windows® Operating System Product Version : 6.1.7000.0
VirusTotal Report submitted 2011-04-17 18:55:47
VirusShare info last updated 2012-10-08 10:20:25

	MD5	10cc613cd8675611c928788599daf8c5
	SHA1	c6e48eeb2aef01122db7264470e62b3fc4cb4414
	SHA256	8e037c0ecaf82c52fba34401a0793d67bd0b7fe968e491fa70705f0e5b6bc407
SSDeep	1536:lQd+cSQJmGhnnx9shQZPiY9+HboBLQ3F71CnCRJZuZMqqU+NV23S2X:lthrGhnnkeZPiYkboz8kZMqqDLy/X
Size	86528 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:Vundo-JW Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.FakeAV Panda = Suspicious file nProtect = Gen:Variant.Vundo.4 McAfee-GW-Edition = Generic.dx!zvr Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo McAfee = Generic.dx!zvr F-Secure = Gen:Trojan.Heur.LP.fu8@aKJP5vmi VIPRE = Trojan.Win32.Generic!BT Prevx = Medium Risk Malware Avast5 = Win32:Vundo-JW eSafe = Win32.TRVundo AVG = Generic23.NCS Norman = W32/Suspicious_Gen2.MXKNK GData = Gen:Trojan.Heur.LP.fu8@aKJP5vmi TheHacker = Trojan/Kryptik.owy BitDefender = Gen:Trojan.Heur.LP.fu8@aKJP5vmi NOD32 = a variant of Win32/Kryptik.OWY
ExIF Data	File Size : 84 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:13 09:32:51-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 32768 Initialized Data Size : 106496 Uninitialized Data Size : 0 Entry Point : 0x8a87 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Softpub Forwarder DLL File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : Softpub Forwarder DLL Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : Softpub Forwarder DLL Product Name : Microsoft® Windows® Operating System Product Version : 6.1.7600.16385
VirusTotal Report submitted 2011-06-22 01:43:12
VirusShare info last updated 2012-10-08 10:38:20

	MD5	13a81c386096f8828da6290b6967399e
	SHA1	2ea08bcb619467f000acc3780f5e3cece71b2dc9
	SHA256	8b97bdaea2c5f622e44ccdf12dc8b0e12985bb36c1e3a7bf3b98f498afadbc65
SSDeep	3072:wvSsTakFH7etjnoM/ZxweCrf79TiOifULmnbEo7jZ1F:wvSUakoroM/XweuVji8LmbB/
Size	120832 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-GD Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Gen Panda = Trj/CI.A K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_GEN.R72C2FP SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Artemis!13A81C386096 TrendMicro = TROJ_GEN.R72C2FP Microsoft = Trojan:Win32/Vundo PCTools = Trojan.Gen McAfee = Artemis!13A81C386096 F-Secure = Trojan.Generic.6152725 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-GD AVG = Generic23.LKP Norman = W32/Suspicious_Gen2.NBJCR Symantec = Trojan.Gen GData = Trojan.Generic.6152725 TheHacker = Trojan/Kryptik.npn BitDefender = Trojan.Generic.6152725 NOD32 = a variant of Win32/Kryptik.NPN
ExIF Data	File Size : 118 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:14 13:39:47-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 69632 Initialized Data Size : 94208 Uninitialized Data Size : 0 Entry Point : 0x11a81 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1.3.0.3130 Product Version Number : 1.3.0.3130 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Jywyluocc Vhpbrgajfmp File Description : TDC ActiveX Control File Version : 1, 3, 0, 3130 Internal Name : TDC Legal Copyright : Copyright © 1996, 1997 Original Filename : TDC.OCX Product Name : Tabular Data Control Product Version : 1, 3, 0, 3130
VirusTotal Report submitted 2011-06-30 13:53:28
VirusShare info last updated 2012-10-08 11:45:16

	MD5	176ab2cd4178b38900daa783a1388a51
	SHA1	9004c29de8f0a214a06eeaffefd37d22b2adc330
	SHA256	366eeb722ceeaff4740b0cd6e540906b3fe8172ad166795bffb81c52fb370756
SSDeep	3072:Vy9e5hdvwFGJlQdW9f8kRliMqqDLy/Eo:MwvYGYw9zqqDLu
Size	106496 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-HH [Cryp] Antiy-AVL = Trojan/Win32.Delf.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Genome Panda = Suspicious file Rising = Trojan.Win32.Generic.128A3D7B VirusBuster = Trojan.Kryptik!moGKqyzkwjg eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R1BC2GC Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[Cont] McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.MulDrop2.36782 TrendMicro = TROJ_GEN.R1BC2GC Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen Jiangmin = TrojanDownloader.Delf.abna McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Generic!BT AVG = Generic23.AOVK Norman = W32/Obfuscated.C2!genr Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen TheHacker = Trojan/Genome.sqcu BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.QGJ
ExIF Data	File Size : 104 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:09:07 22:36:33-04:00 PE Type : PE32 Linker Version : 6.0 Code Size : 36864 Initialized Data Size : 110592 Uninitialized Data Size : 0 Entry Point : 0x4c8e OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Skpmzzglk Corporation File Description : Japwccd Write File Version : 5.1.2600.0 (lusplhbl.010817-1148) Internal Name : write Legal Copyright : © Cgjeupiyp Pllcycjuauu. All rights reserved. Original Filename : write Product Name : Mvfgrdqcn® Ovzuisr® Optfepazy Mexelr Product Version : 5.1.2600.0
VirusTotal Report submitted 2012-02-16 20:57:56
VirusShare info last updated 2012-10-08 13:10:57

	MD5	19f011b4869c5e82f324e815e30717cd
	SHA1	0443ecef7f4343c7df4020697868c49d4f602897
	SHA256	54890c9890f7fb5f1d61e48570761046c38ba76bf820d11951d11ea88789069d
SSDeep	3072:huAu7krdURmEFNHGNiyM5vOBTD4yxKJ/I9R/uIN+X/5omMqqDLy/AFP:huhAruRmEXzxo1kJ/I3a/kqqDLuI
Size	195072 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.AV.559 Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.4 Emsisoft = Trojan.Win32.Pirminay!IK Microsoft = Trojan:Win32/Vundo.gen!AV F-Secure = Gen:Variant.Vundo.4 VIPRE = Virtumonde Avast5 = Win32:MalOb-EI [Cryp] AVG = Generic23.BHZJ GData = Gen:Variant.Vundo.4 TheHacker = Trojan/Kryptik.qgj BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.QGJ
ExIF Data	File Size : 190 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2005:03:25 21:57:08-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 155648 Initialized Data Size : 90112 Uninitialized Data Size : 0 Entry Point : 0x22cdf OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.0.50727.4927 Product Version Number : 2.0.50727.4927 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Iyljphate Oxuequheeij File Description : IE Remoting Interface File Version : 2.0.50727.4927 (NetFXspW7.050727-4900) Internal Name : IIEHost.dll Legal Copyright : © Mcqycqzrc Kwawvxqozwh. All rights reserved. Original Filename : IIEHost.dll Product Name : Qkvamnjuw® .NET Framework Product Version : 2.0.50727.4927 Comments : Flavor=Retail
VirusTotal Report submitted 2011-07-18 08:10:54
VirusShare info last updated 2012-10-08 14:11:44

	MD5	1a2f25317936ab87db9fc9935a38f95c
	SHA1	8b4996d5503ac5c7acbb2575082715add71e87cc
	SHA256	88f910076cc734e9e1aac4e05a1938d9d5261df9fb3aef03eeefa92818054ee1
SSDeep	1536:ynzdTqfoXN3qQcSS5W1yiWhvwB/qIz1x:MCodaRDqqI5x
Size	106496 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-GD [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Variant.106496.CH Panda = Generic Malware nProtect = Gen:Variant.Vundo.13 TrendMicro-HouseCall = TROJ_GEN.R47C2G5 Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[RE] McAfee-GW-Edition = Vundo!jb DrWeb = Trojan.Smardec.76 TrendMicro = TROJ_GEN.R47C2G5 Microsoft = Trojan:Win32/Vundo McAfee = Vundo!jb F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-GD [Cryp] AVG = Generic22.ACPU GData = Gen:Variant.Vundo.13 TheHacker = Trojan/Kryptik.ndc BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.NDC
ExIF Data	File Size : 104 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:11:03 15:11:13-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 20480 Initialized Data Size : 118784 Uninitialized Data Size : 0 Entry Point : 0x285e OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Ctwzhcunz Yqkslirlifg File Description : SCardDlg - Smart Card Common Dialog File Version : 6.0.6000.16386 (oyzlh_rtm.061101-2205) Internal Name : SCardDlg.dll Legal Copyright : © Aaidkyfuy Sphxtbjtbyu. All rights reserved. Original Filename : SCardDlg.dll Product Name : Rdwsfslrj® Irdlbjv® Fppgzaies Fdfkwz Product Version : 6.0.6000.16386
VirusTotal Report submitted 2011-07-06 03:46:48
VirusShare info last updated 2012-10-08 14:18:21

	MD5	20c15931e58a97d033138fdd7f85896e
	SHA1	4898ae112d1d3c155830ebe0e1ca2ac8801a702f
	SHA256	85bd261be113255fd5fbdc92e87e6464f6785e58866d0cb5088afa9bed6c9d10
SSDeep	3072:MUrAjRHibbT6kGKkyMTvLN79N6AEn/ezN:NANoT6kGKklY/
Size	143360 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-GD [Cryp] Antiy-AVL = Trojan/win32.agent.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Gen Panda = Generic Trojan nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!8WjbMjsi9sk TrendMicro-HouseCall = TROJ_GEN.R72C1G7 Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Meredrop McAfee-GW-Edition = Generic.dx!zwx TrendMicro = TROJ_GEN.R72C1G7 Microsoft = Trojan:Win32/Meredrop PCTools = Trojan.Gen McAfee = Generic.dx!zwx F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:MalOb-GD [Cryp] AVG = Generic23.AGMA Norman = W32/Suspicious_Gen2.NCOQZ Symantec = Trojan.Gen GData = Gen:Variant.Vundo.4 TheHacker = Trojan/Kryptik.oxo BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.OXO
ExIF Data	File Size : 140 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:16 01:23:23-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 53248 Initialized Data Size : 122880 Uninitialized Data Size : 0 Entry Point : 0xda91 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Iwscunoha Pdgktfqykam File Description : Ohcedoi NT PIF Manager Icon Resources Library File Version : 6.0.6000.16386 (wqfgp_rtm.061101-2205) Internal Name : PIFMGR.DLL Legal Copyright : © Jphsixnqr Dylluhhmgki. All rights reserved. Original Filename : PIFMGR.DLL Product Name : Ubgxqtaex® Fbhkdfd® Huenlfzbf Qqqeel Product Version : 6.0.6000.16386
VirusTotal Report submitted 2011-07-16 03:30:12
VirusShare info last updated 2012-10-08 17:55:00

	MD5	21e50841506851179691f59457bdf300
	SHA1	308646306cebd8e5c9441d8f9b20234a08584f4a
	SHA256	5f9bb0ad61e7ac365b20a0b87f64b169f0f6a40da0c7b959140f05295ed09e36
SSDeep	3072:ybTjoVAcR4enPgAnAb93Qg2elSMqqDLy/25kS:y/JcR4ePSxyCqqDLum
Size	136704 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.FakeAV Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falleg[RE] Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Moder.DRJY!tr VIPRE = Virtumonde Avast5 = Win32:Malware-gen AVG = Generic23.DKB GData = Win32:Malware-gen TheHacker = Trojan/Kryptik.myj NOD32 = a variant of Win32/Kryptik.MYJ
ExIF Data	File Size : 134 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:20 09:51:04-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 106496 Initialized Data Size : 86016 Uninitialized Data Size : 0 Entry Point : 0x1649a OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 0.90.16.16384 Product Version Number : 0.90.16.16384 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Unicode Company Name : N-trig Innovative Technologies File Description : N-trig tablet digitizer in-box driver File Version : 0.90.16.16384 (Vista_RC1.060509-2219) Internal Name : ntrigdigi.sys Legal Copyright : © Crhnesmrg Reogypswwyj. All rights reserved. Original Filename : ntrigdigi.sys Product Name : N-trig tablet digitizer in-box driver Product Version : 0.90.16.16384
VirusTotal Report submitted 2011-07-19 19:03:09
VirusShare info last updated 2012-10-08 18:43:32

	MD5	240609f2c0ad8ecb2870e3492c470bfb
	SHA1	57b6289ebec907cfcf9524ed967e0dacd873b731
	SHA256	37ac1576dc6997da5d08ef9138d2dd7f5d884a42611863060f7565c92c3ede2b
SSDeep	1536:asdDDw2uIR+XeoPMqqU+NV23S2n8VkFS+FcHmCnzuaUkYUhnQFOo0UT6PpCiD:astTnWeoPMqqDLy/QVzLSkYHFO5wi
Size	102400 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.AV.573 Avast = Win32:Malware-gen Antiy-AVL = Trojan/win32.agent.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Malware/Win32.Generic Panda = Generic Trojan VirusBuster = Trojan.Kryptik!sz54eiqbfac TrendMicro-HouseCall = TROJ_GEN.R47C2FI Comodo = UnclassifiedMalware TrendMicro = TROJ_GEN.R47C2FI Microsoft = Trojan:Win32/Vundo VIPRE = Virtumonde Avast5 = Win32:Malware-gen AVG = Generic23.NJ Norman = Vundo.UUS GData = Trojan.Generic.KDV.249945 TheHacker = Trojan/Kryptik.oxp BitDefender = Trojan.Generic.KDV.249945 NOD32 = a variant of Win32/Kryptik.OXP
ExIF Data	File Size : 100 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:01:23 05:31:25-05:00 PE Type : PE32 Linker Version : 5.12 Code Size : 28672 Initialized Data Size : 118784 Uninitialized Data Size : 0 Entry Point : 0x3b6a OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 7.0.0.0 Product Version Number : 5.2.3790.1230 File Flags Mask : 0x003f File Flags : Private build File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Unicode Company Name : Adaptec, Inc. File Description : Adaptec Jfccjbr Ultra320 Driver File Version : 7.0.000.000 (NT.040809-2325) Internal Name : PH 3.0 MS_V98 V564 bw01 - RTC03 Legal Copyright : Copyright © 2003 Adaptec, Inc. All rights reserved. Original Filename : adpu320.sys Product Name : Adaptec Uvsvqsj Ultra320 Family Driver Product Version : 5.2.3790.1230
VirusTotal Report submitted 2011-06-28 02:39:24
VirusShare info last updated 2012-10-08 19:41:36

	MD5	254290d0bd8a6a68f82304ce7ea41351
	SHA1	62373d99e7a62febec309052f920bbd6c6a9124b
	SHA256	3047e571b5ea6005e0d6f27f32ce10dfb4876d34487d5c5f416d76ddf460e424
SSDeep	3072:i9y9EUU808zM97tu1G31fyupo6MqqDLy/X4SV8:EyE8zqha84qqDLupV8
Size	118784 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-HH [Cryp] Ikarus = Trojan.Win32.Pirminay Kingsoft = Win32.Troj.Genome.(kcloud) AhnLab-V3 = Trojan/Win32.Genome Panda = Trj/Genetic.gen Rising = Trojan.Win32.Generic.12DA5ADC K7AntiVirus = Trojan TrendMicro-HouseCall = TROJ_GEN.R4FC1IH Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Kundo McAfee-GW-Edition = Vundo.gen.fy DrWeb = Trojan.Click1.63787 TrendMicro = TROJ_GEN.R4FC1IH Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Generic.aaznh McAfee = Vundo.gen.fy F-Secure = Gen:Variant.Vundo.16 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Vundo.MH Norman = W32/Suspicious_Gen2.QGGRH Sophos = Troj/Virtum-Gen Symantec = Trojan.Gen GData = Gen:Variant.Vundo.16 Commtouch = W32/Virtumonde.CH.gen!Eldorado Agnitum = Trojan.Kryptik!FM8MA+Hu6Nw TheHacker = Trojan/Genome.srdh ESET-NOD32 = probably a variant of Win32/Kryptik.LXF BitDefender = Gen:Variant.Vundo.16
ExIF Data	File Size : 116 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:16 03:31:27-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 40960 Initialized Data Size : 118784 Uninitialized Data Size : 0 Entry Point : 0x6ec2 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1998.11.13.0 Product Version Number : 7.0.6.23 File Flags Mask : 0x003f File Flags : (none) File OS : Win16 Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Windows, Latin1 Platform : Windows Company Name : Microsoft Corporation File Description : SQL Client Configuration Utility. File Version : 1998.11.13 Internal Name : CLICONFG. Legal Copyright : Copyright © Microsoft Corp. 1988-1998 Legal Trademarks : Microsoft® is a registered trademark of Microsoft Corporation. Windows(TM) is a trademark of Microsoft Corporation Original Filename : CLICONFG.EXE. Product Name : Microsoft SQL Server Product Version : 7.00.623 Comments : Windows
VirusTotal Report submitted 2012-10-01 03:54:30
VirusShare info last updated 2012-10-08 20:16:07

	MD5	2574b997cba92175575f0e66ca8fbdf9
	SHA1	c06cae92a6c818731d9e050227d5bb645569af32
	SHA256	3a7ee7ce9fa19c1a74a826770356d3cc165e8a950c1060e83ee8256cf7c47113
SSDeep	1536:Jrnf1SIfcaFovCL73mzjgjcttHirY286WfIYdlAT17M/2KLK5q+kZ/5l2z+CdP1M:Jrn9cW32Pph3wpK6dG5lo+KbgW
Size	134656 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.307200 Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/Win32.Monder.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Suspicious file nProtect = Trojan/W32.Vundo.134656.B K7AntiVirus = Riskware eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R26CCLD Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Monder.nepg SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[Cont] McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.Virtumod.10591 TrendMicro = TROJ_GEN.R26CCLD Kaspersky = Trojan.Win32.Monder.nepg Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Monder.acem McAfee = Generic Malware.ms F-Secure = Trojan.Generic.7040606 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CD.gen!Eldorado AVG = Generic21.BESP Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Trojan.Generic.7040606 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CD.gen!Eldorado BitDefender = Trojan.Generic.7040606 NOD32 = a variant of Win32/Adware.Virtumonde.NKO
ExIF Data	File Size : 132 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:01:04 11:49:58-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 32768 Initialized Data Size : 143360 Uninitialized Data Size : 0 Entry Point : 0x50d5 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Ugelvqjit Yuhuvgehrln File Description : GuideStore Module File Version : 5.1.2600.0 (luaziuor.010817-1148) Internal Name : GuideStore Legal Copyright : © Microsoft Zklqppxolqw. All rights reserved. Original Filename : GuideStore Product Name : Fxvpvqjpm® Asrwlfh® Vrdesqnoz Yoyvtv Product Version : 5.1.2600.0 Ole Self Register :
VirusTotal Report submitted 2012-02-21 08:23:33
VirusShare info last updated 2012-10-08 20:22:13

	MD5	2672783bef9d556832afbc2f1d9d01eb
	SHA1	3571b73fbb0de7868a319b0bc2f570e742450d68
	SHA256	8cc084a04f94325b856eb174e42ee917ccb004e4696bcf5edd9ee365eda183fe
SSDeep	1536:V2cDRmGUnxo9shclTiYIvbopLQ3FG1CnCRJZuZMqqU+NV23S26:QrGUnxpoTiYKbog8kZMqqDLy/6
Size	86528 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:Vundo-JW Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.FakeAV Panda = Suspicious file nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_GEN.R72C2FP Comodo = UnclassifiedMalware McAfee-GW-Edition = Artemis!2672783BEF9D TrendMicro = TROJ_GEN.R72C2FP Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo Jiangmin = Trojan/Generic.gije McAfee = Artemis!2672783BEF9D F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Vundo-JW AVG = Generic23.MGW TheHacker = Trojan/Kryptik.owy BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.OWY
ExIF Data	File Size : 84 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:13 09:32:51-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 32768 Initialized Data Size : 106496 Uninitialized Data Size : 0 Entry Point : 0x8a87 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Softpub Forwarder DLL File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : Softpub Forwarder DLL Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : Softpub Forwarder DLL Product Name : Microsoft® Windows® Operating System Product Version : 6.1.7600.16385
VirusTotal Report submitted 2011-06-30 06:58:00
VirusShare info last updated 2012-10-08 20:48:13

	MD5	2692c8a53ab8d935ec459dcb5ed77c66
	SHA1	3b4a70233df2701cb9194eafda03e50e369bd04d
	SHA256	50d094be16669f5e0a16678651e451c64bb4b426d3298075ecbd71df248a950f
SSDeep	1536:mzqdmGuaG9shmxCiY56bo8LQ3FC1CnCRJZu6MqqU+NV23S2V:mlGuarAAiY0bol8k6MqqDLy/V
Size	86528 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:Vundo-JW [Trj] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Fakeav.86528.R Panda = Suspicious file nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!XC9OX2dKwV4 TrendMicro-HouseCall = TROJ_GEN.R72C2G4 Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Artemis!2692C8A53AB8 TrendMicro = TROJ_GEN.R72C2G4 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo PCTools = Trojan.Gen Jiangmin = Trojan/Generic.gije McAfee = Artemis!2692C8A53AB8 F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Vundo-JW [Trj] eSafe = Win32.TRVundo AVG = Generic23.XOL Norman = W32/Suspicious_Gen2.MZNHJ Symantec = Trojan.Gen GData = Gen:Variant.Vundo.4 TheHacker = Trojan/Kryptik.owy BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.OWY
ExIF Data	File Size : 84 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:13 09:32:51-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 32768 Initialized Data Size : 106496 Uninitialized Data Size : 0 Entry Point : 0x8a87 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Softpub Forwarder DLL File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : Softpub Forwarder DLL Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : Softpub Forwarder DLL Product Name : Microsoft® Windows® Operating System Product Version : 6.1.7600.16385
VirusTotal Report submitted 2011-07-12 00:03:55
VirusShare info last updated 2012-10-08 20:51:18

	MD5	299bee80b7961a01ccdb546cc322d47e
	SHA1	4d4adaca430273de8ebb8eb5f1ae7186c6b47313
	SHA256	86acbb0dad394eca39e8b8855753663653365f32f762a7513597b84ace20fd1a
SSDeep	1536:9V1ZAUTTYDIEtVszufITHMHx5AAl7wZMqqU+NV23S2H3P:9nZAUT0tKzufsC7nYMqqDLy/H3P
Size	86016 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.HDC Panda = Suspicious file K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!/PJHMphBFZM eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R29C1HN Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.WinSpy.1213 TrendMicro = TROJ_GEN.R29C1HN Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.jcdv McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.4 VIPRE = Virtumonde eSafe = Win32.TRVundo F-Prot = W32/Virtumonde.CP.gen!Eldorado AVG = Generic23.COHA Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen.2 Commtouch = W32/Virtumonde.CP.gen!Eldorado TheHacker = Trojan/Kryptik.qgu BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.QGU
ExIF Data	File Size : 84 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:09:29 07:33:32-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 20480 Initialized Data Size : 114688 Uninitialized Data Size : 0 Entry Point : 0x5947 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Iojcjyrqs Eboxmwckloy File Description : NetWare Logon Script Utility File Version : 5.1.2600.0 (htbazejm.010817-1148) Internal Name : nwscript Legal Copyright : © Pjjwdqspv Evyejdkxyok. All rights reserved. Original Filename : nwscript.exe Product Name : Ukqdxmkpo® Pdueldb® Vfknwymhu Bruran Product Version : 5.1.2600.0
VirusTotal Report submitted 2012-02-25 04:18:47
VirusShare info last updated 2012-10-08 22:18:39

	MD5	29df548a073e9cc6af0363bfc820cfdf
	SHA1	a6b7dd8f60547dd1fb9e25f2b541ccb99fa699de
	SHA256	8699da257455540d6f9f650cef5b47396108e8783b71e86c57a301b3bf8e5f73
SSDeep	3072:S+EKN6rU50oY8ACFs/1cXeFopdFz0MqqDLy/toDbc:1NekIt0eeFzXqqDLut
Size	131072 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:Vundo-JX [Trj] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/Genetic.gen nProtect = Gen:Variant.Vundo.4 VirusBuster = Trojan.Vundo.AKMH eTrust-Vet = Win32/Vundo.HPV!genus TrendMicro-HouseCall = TROJ_GEN.R47C2G4 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Artemis!29DF548A073E TrendMicro = TROJ_GEN.R47C2G4 Microsoft = Trojan:Win32/Vundo.gen!AV McAfee = Artemis!29DF548A073E F-Secure = Gen:Variant.Vundo.4 VIPRE = Virtumonde Avast5 = Win32:Vundo-JX [Trj] AVG = Generic23.AOWN GData = Gen:Variant.Vundo.4 BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Size : 128 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:05 18:48:40-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 86016 Initialized Data Size : 86016 Uninitialized Data Size : 0 Entry Point : 0x151a7 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.1.4026.0 Product Version Number : 2.0.0.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : Ncpniezam Kdqqjqacykd File Description : Movie Maker Filters File Version : 2, 1, 4026, 0 Internal Name : WMM2FILT Legal Copyright : Copyright (C) Lfwckqjlh Corp, 2004 Legal Trademarks : Original Filename : WMM2FILT.DLL Private Build : Product Name : Windows Movie Maker Product Version : 2.1.4026.0 Special Build :
VirusTotal Report submitted 2011-07-05 18:51:57
VirusShare info last updated 2012-10-08 22:26:17

	MD5	2abd03fb5d2e643c9f3b1213f9db3c28
	SHA1	39d8a964eb1394f9b44ed7463c129b9fa484c148
	SHA256	52ea96c79be741422f702aa95475304ba415ea5e3ada0c96f6d04b7ae467454e
SSDeep	3072:4UAku86VQS/FY/c/50/DsuV9845f9MNzhIM1wtC5z6+OjlLMqqDLy/8:4UnS/6/1suVPlM4m5z6+OOqqDLu
Size	158208 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-HH [Cryp] Antiy-AVL = Trojan/win32.agent.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.HDC Panda = Trj/CI.A Rising = Trojan.Win32.Generic.129D1414 nProtect = Gen:Variant.Hiloti.2 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!P+9f4GcWM38 eTrust-Vet = Win32/Monder.A!generic TrendMicro-HouseCall = TROJ_GEN.R4FC2IF Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.Smardec.75 TrendMicro = TROJ_GEN.R4FC2IF Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.irao McAfee = Generic Malware.ms F-Secure = Gen:Variant.Hiloti.2 VIPRE = Virtumonde F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.AJUY Norman = W32/Suspicious_Gen2.QGIPY Sophos = Mal/Generic-L GData = Gen:Variant.Hiloti.2 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Gen:Variant.Hiloti.2 NOD32 = a variant of Win32/Kryptik.QGJ
ExIF Data	File Size : 154 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:02:28 22:02:07-05:00 PE Type : PE32 Linker Version : 7.0 Code Size : 122880 Initialized Data Size : 90112 Uninitialized Data Size : 0 Entry Point : 0x1a216 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.0 Product Version Number : 5.2.3790.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Unicode Company Name : Jelakhswt Hnbobaastpt File Description : Legacy Non-Pnp Modem Device Driver File Version : 5.2.3790.0 (srv03_rtm.030324-2048) Internal Name : ROOTMDM.SYS Legal Copyright : © Tgynuutdc Hehfrezoqlm. All rights reserved. Original Filename : ROOTMDM.SYS Product Name : Pmxzwvvbl® Oozpnco® Fivnqfqwy Zcqefj Product Version : 5.2.3790.0
VirusTotal Report submitted 2011-10-28 07:36:25
VirusShare info last updated 2012-10-08 22:52:27

	MD5	2bb16c3442e18c71f33bc40e39e656d4
	SHA1	a9ded19dffd7e7bc3087d7fad33d9b8e885d02cd
	SHA256	5f6584a1113c5b924ce76dda84f67fad4794bbdefeefab837e03a2f6a5b14525
SSDeep	3072:FEGY1Ix5blUnvf6MnoVMqqDLy/kOcWKCdzWe757HG:m1IdUK6qqDLukOXdm
Size	126976 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-HF [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Suspicious file Rising = Trojan.Win32.Generic.129CB35E K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!n0MtUKOP3Pw eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R4FC2IF Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Vundo McAfee-GW-Edition = Artemis!2BB16C3442E1 DrWeb = Trojan.WinSpy.1207 TrendMicro = TROJ_GEN.R4FC2IF Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen McAfee = Artemis!2BB16C3442E1 F-Secure = Gen:Variant.Vundo.16 VIPRE = Virtumonde F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.AOOB Norman = W32/Kryptik.AIF GData = Gen:Variant.Vundo.16 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.oxp BitDefender = Gen:Variant.Vundo.16 NOD32 = a variant of Win32/Kryptik.OXP
ExIF Data	File Size : 124 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:03:12 03:17:07-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 40960 Initialized Data Size : 126976 Uninitialized Data Size : 0 Entry Point : 0x72b2 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.6914.0 Product Version Number : 6.1.6914.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 1 Language Code : English (U.S.) Character Set : Unicode Company Name : SEIKO EPSON CORPORATION File Description : EPSON Printer Driver File Version : 6.1.6914.0 (fbl_dox_dev_ihvs.081001-2123) Internal Name : ep0lvr1g.dll Legal Copyright : Copyright (c) SEIKO EPSON CORPORATION 2003-2004. All rights reserved. Original Filename : ep0lvr1g.dll Product Name : EPSON Printer Driver Product Version : 6.1.6914.0
VirusTotal Report submitted 2012-02-26 06:37:33
VirusShare info last updated 2012-10-08 23:20:17

	MD5	2d8a2cc3758e0dde991ac7844593b6c1
	SHA1	e70b32a799611598923ee93b0737486f9512a8b9
	SHA256	5f6f54a069eaac319e2f6334a1b76c7e91f4fe985e29af3c5fc961ec06ad5b56
SSDeep	6144:6LaVq7j1SrxOMRKm2cmlbyFWwv5TiDnnoYr/:6uVMbYl5TWno
Size	217088 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-GD [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.HDC Panda = Suspicious file K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!qmVAVpy0eLY eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R72C2FC Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Vundo!kk DrWeb = Trojan.WinSpy.1306 TrendMicro = TROJ_GEN.R72C2FC Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr Jiangmin = Trojan/Generic.gtuz McAfee = Vundo!kk F-Secure = Gen:Variant.Vundo.6 VIPRE = Trojan.Win32.Kryptik.laq (v) eSafe = Win32.TRVundo F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.AYIJ Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.6 Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Gen:Variant.Vundo.6 NOD32 = probably a variant of Win32/Kryptik.LXF
ExIF Data	File Size : 212 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:08:10 09:01:37-04:00 PE Type : PE32 Linker Version : 6.0 Code Size : 151552 Initialized Data Size : 102400 Uninitialized Data Size : 0 Entry Point : 0x25a31 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.5479.0 Product Version Number : 6.0.5479.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 1 Language Code : English (U.S.) Character Set : Unicode Company Name : SEIKO EPSON CORPORATION File Description : EPSON Printer Driver File Version : 6.0.5479.0 (vbl_wcp_d2_drivers.060616-1619) Internal Name : ep0lvr1m.dll Legal Copyright : Copyright (c) SEIKO EPSON CORPORATION 2003-2004. All rights reserved. Original Filename : ep0lvr1m.dll Product Name : EPSON Printer Driver Product Version : 6.0.5479.0
VirusTotal Report submitted 2012-03-11 10:08:34
VirusShare info last updated 2012-10-09 00:04:43

	MD5	2e6015307d8ff78957e650152986e4ab
	SHA1	a97f91c9dcf589f56e7b403cc37b14c489a115ca
	SHA256	501e4fd18af71f2bf31b1c0aef85985f0839ba51f00e2779ac4d24351ac44601
SSDeep	1536:c1bihnzdTqEoBN3qQcSS5W1yiWhvwBnqIz1x:quNhoTaRDCqI5x
Size	106496 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-GD [Cryp] Antiy-AVL = Trojan/Win32.Monder.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Variant.106496.CH Panda = Suspicious file K7AntiVirus = Riskware VirusBuster = Trojan.Vundo!5g+jTzWSUrk eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R45C1KJ Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Win32.Trojan.Monder.cc.5 SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[Cont] McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.Smardec.76 TrendMicro = TROJ_GEN.R45C1KJ Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Monder.BMF!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.ipss McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CP.gen!Eldorado AVG = Generic22.ACPU Norman = W32/Kryptik.AIF Sophos = Mal/Generic-L GData = Gen:Variant.Vundo.13 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CP.gen!Eldorado TheHacker = Trojan/Kryptik.ndc BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.NDC
ExIF Data	File Size : 104 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:11:03 15:11:13-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 20480 Initialized Data Size : 118784 Uninitialized Data Size : 0 Entry Point : 0x285e OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Ctwzhcunz Yqkslirlifg File Description : SCardDlg - Smart Card Common Dialog File Version : 6.0.6000.16386 (oyzlh_rtm.061101-2205) Internal Name : SCardDlg.dll Legal Copyright : © Aaidkyfuy Sphxtbjtbyu. All rights reserved. Original Filename : SCardDlg.dll Product Name : Rdwsfslrj® Irdlbjv® Fppgzaies Fdfkwz Product Version : 6.0.6000.16386
VirusTotal Report submitted 2012-03-11 12:10:48
VirusShare info last updated 2012-10-09 00:20:05

	MD5	2ef982fdfe05d85305556cc66dd6d1a3
	SHA1	e3e1ed888164bf19c681b59608bb15d935ca3329
	SHA256	844c8cd667b6989a343ada3b60a2d2d97de83db642e2360599b15a7304023f5c
SSDeep	6144:KQUIv0MwX38dpUW3YJo5geRv51bprEKqqDLuc:rU0dwXpVGSe15mqnu
Size	198144 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:Trojan-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Malware/Win32.Generic Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.4 VirusBuster = Trojan.Vundo.Gen!Pac.49 Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Artemis!2EF982FDFE05 DrWeb = Trojan.MulDrop2.36782 Microsoft = Trojan:Win32/Vundo.gen!AV McAfee = Artemis!2EF982FDFE05 F-Secure = Gen:Variant.Vundo.4 VIPRE = Virtumonde Avast5 = Win32:Trojan-gen AVG = Generic23.ZIY Norman = W32/Suspicious_Gen2.NDICX GData = Gen:Variant.Vundo.4 BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Size : 194 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2004:07:22 18:10:03-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 131072 Initialized Data Size : 122880 Uninitialized Data Size : 0 Entry Point : 0x1bcf6 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Zgvxntnwz Jxhzogygshl File Description : Microsoft Neutral Natural Language Server Data and Code File Version : 6.0.6000.16386 (xnqcc_rtm.061101-2205) Internal Name : NlsLexicons002a Legal Copyright : © Xwfsiggvy Zgrxvguvkdl. All rights reserved. Original Filename : NlsLexicons002a.dll Product Name : Bzerkenxk® Nblymkf® Uvvjzzptj Akowjw Product Version : 6.0.6000.16386
VirusTotal Report submitted 2011-07-04 06:48:39
VirusShare info last updated 2012-10-09 00:33:41

	MD5	32a9499a4c8bafe96335d2b0afb1ec87
	SHA1	2a9d338be33584e37141f3151eaefb72d66049f9
	SHA256	535fe61c04c9b178b905660d3cfefc0f96f7147e5c3da8c24d44ed0b26c4b800
SSDeep	1536:e4oTZLHZFYA9o7XEMxZYU6HPkrad51pwsr6rPuEWrDllw/4o97COX9h:FoNLH3AXEjUlwzrr2urlVONh
Size	74240 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-EI Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Packed/Win32.Generic Panda = Suspicious file nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!VXEt47Eb1A4 CAT-QuickHeal = Trojan.Vundo.gen Microsoft = Trojan:Win32/Vundo.gen!AV PCTools = HeurEngine.MaliciousPacker F-Secure = Gen:Variant.Vundo.4 VIPRE = Virtumonde Avast5 = Win32:MalOb-EI F-Prot = W32/Virtumonde.BZ.gen!Eldorado AVG = Generic22.AQNF Symantec = Packed.Generic.305 GData = Gen:Variant.Vundo.4 Commtouch = W32/Virtumonde.BZ.gen!Eldorado BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.ITQ
ExIF Data	File Size : 72 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:08:12 08:00:51-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 32256 Initialized Data Size : 78336 Uninitialized Data Size : 0 Entry Point : 0x8b6d OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.2180 Product Version Number : 5.1.2600.2180 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Intel PCI IDE Driver File Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Internal Name : intelide.sys Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : intelide.sys Product Name : Microsoft® Windows® Operating System Product Version : 5.1.2600.2180
VirusTotal Report submitted 2011-05-14 07:31:59
VirusShare info last updated 2012-10-09 02:31:20

	MD5	33871fec51ef5d95ea2498c6c21f5216
	SHA1	bedb137df08d02dde71f5a1fb262f758a048eacb
	SHA256	559b199c76a626876424ee6d658f0282cd2d0d236938e4765889bc397cdef51d
SSDeep	3072:IUv0OVAcR4enPgAQNlb93Ag2el/MqqDLy/U5kS:IaOcR4ePAxizqqDLuA
Size	136704 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-HF [Cryp] Antiy-AVL = Trojan/win32.agent.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Fakeav.136704.AN nProtect = Trojan/W32.Agent.136704.HD K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!dXzl6yV4HIk eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R47C1G1 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falleg[Cont] McAfee-GW-Edition = Generic.dx!zwa DrWeb = Trojan.Virtumod.10084 TrendMicro = TROJ_GEN.R47C1G1 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.ineh McAfee = Generic.dx!zwa F-Secure = Trojan.Generic.KDV.265082 VIPRE = Trojan.Win32.Generic!BT eSafe = Win32.TRVundo F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.DKB Norman = W32/Suspicious_Gen2.SZZMU GData = Trojan.Generic.KDV.265082 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.myj BitDefender = Trojan.Generic.KDV.265082 NOD32 = a variant of Win32/Kryptik.MYJ
ExIF Data	File Size : 134 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:20 09:51:04-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 106496 Initialized Data Size : 86016 Uninitialized Data Size : 0 Entry Point : 0x1649a OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 0.90.16.16384 Product Version Number : 0.90.16.16384 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Unicode Company Name : N-trig Innovative Technologies File Description : N-trig tablet digitizer in-box driver File Version : 0.90.16.16384 (Vista_RC1.060509-2219) Internal Name : ntrigdigi.sys Legal Copyright : © Crhnesmrg Reogypswwyj. All rights reserved. Original Filename : ntrigdigi.sys Product Name : N-trig tablet digitizer in-box driver Product Version : 0.90.16.16384
VirusTotal Report submitted 2012-02-27 19:36:26
VirusShare info last updated 2012-10-09 02:55:38

	MD5	375005fb8e6a7abadffbe71c3fbffd8f
	SHA1	21c226730e54fb4a50a871179ad44a8b49d58f94
	SHA256	8f9a5204ebdefa33be46aeafe7477683223bcc6b3c01c2167904f9e91548ce79
SSDeep	6144:Xva8qBeZP6rxwyMRNm2cmlbyFWwv5wwxnno4r/:XSDMbYl5wqno
Size	217088 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-GD [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.HDC Panda = Trj/CI.A K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!Vqa6Pd1QSqc eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R72C2FC Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Vundo!kb DrWeb = Trojan.WinSpy.1306 TrendMicro = TROJ_GEN.R72C2FC Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr Jiangmin = Trojan/Generic.gtuz McAfee = Vundo!kb F-Secure = Gen:Variant.Vundo.6 VIPRE = Trojan.Win32.Kryptik.laq (v) eSafe = Win32.TRVundo F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.AZEQ Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.6 Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Gen:Variant.Vundo.6 NOD32 = probably a variant of Win32/Kryptik.LXF
ExIF Data	File Size : 212 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:08:10 09:01:37-04:00 PE Type : PE32 Linker Version : 6.0 Code Size : 151552 Initialized Data Size : 102400 Uninitialized Data Size : 0 Entry Point : 0x25a31 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.5479.0 Product Version Number : 6.0.5479.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 1 Language Code : English (U.S.) Character Set : Unicode Company Name : SEIKO EPSON CORPORATION File Description : EPSON Printer Driver File Version : 6.0.5479.0 (vbl_wcp_d2_drivers.060616-1619) Internal Name : ep0lvr1m.dll Legal Copyright : Copyright (c) SEIKO EPSON CORPORATION 2003-2004. All rights reserved. Original Filename : ep0lvr1m.dll Product Name : EPSON Printer Driver Product Version : 6.0.5479.0
VirusTotal Report submitted 2012-03-12 02:41:09
VirusShare info last updated 2012-10-09 06:33:27

	MD5	37ff753d870b1633b6d5f1a088983631
	SHA1	db255a07f4f0ebcc3bb97affba549a1a4118dc1d
	SHA256	376598b8bb9b0a1d8195caf6dc99caec89c178d2be50a946836ede63a2c6c15f
SSDeep	3072:FZ9HrpXQ3OTnz8kkxIKxLwl4MqqDLy/+myqW:xLlT8IKxLaqqDLu+n
Size	124928 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-HF [Cryp] Antiy-AVL = Trojan/win32.agent.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Genome Rising = Trojan.Win32.Generic.1294FDD5 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!3hEhf0GuIzY eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R47C2G9 Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.Click1.64020 TrendMicro = TROJ_GEN.R47C2G9 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.ijvl McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.ALCY Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.qgj BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.QGJ
ExIF Data	File Size : 122 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2005:03:16 17:19:07-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 73728 Initialized Data Size : 102400 Uninitialized Data Size : 0 Entry Point : 0xe442 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.5512 Product Version Number : 5.1.2600.5512 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Buprzhqzl Ytyfrwxuddn File Description : Event Create File Version : 5.1.2600.5512 (xpsp.080413-2108) Internal Name : EventCreate.exe Legal Copyright : © Vqcolnrmg Cmwwwvutglr. All rights reserved. Original Filename : EvCreate.exe Product Name : Qcaceajzp® Usctste® Tzsrbgmns Cjlzio Product Version : 5.1.2600.5512
VirusTotal Report submitted 2012-03-02 02:51:12
VirusShare info last updated 2012-10-09 07:12:43

	MD5	3db9bf384d74a51f37834956900de963
	SHA1	7c7c1523d3838a1879351b5cc813f027b9fff46d
	SHA256	338a125d9200ec84c813b7b741ad35069940464785101625b615ae80046e7794
SSDeep	1536:ShBYKhHTbMqqU+NV23S24Lo6CJcRt6ctVGqvUo85/rc:ShBV/MqqDLy/n6CaT6cmqY/rc
Size	86016 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-HF [Cryp] Ikarus = Trojan.Win32.Pirminay Panda = Suspicious file Rising = Trojan.Win32.Generic.129D01A6 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!ZzpCjul/nzY eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R72C7JC Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Vundo!nl DrWeb = Trojan.WinSpy.1188 TrendMicro = TROJ_GEN.R72C7JC Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.uxse McAfee = Vundo!nl F-Secure = Gen:Variant.Vundo.16 VIPRE = Virtumonde eSafe = Win32.TRVundo F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic25.AAIB Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.16 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Gen:Variant.Vundo.16 NOD32 = a variant of Win32/Kryptik.QGU
ExIF Data	File Size : 84 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:03:22 12:44:10-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 20480 Initialized Data Size : 106496 Uninitialized Data Size : 0 Entry Point : 0x4f87 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1.0.0.1 Product Version Number : 1.0.0.1 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : File Description : ScriptPW Module File Version : 1, 0, 0, 1 Internal Name : ScriptPW Legal Copyright : Copyright 2000 Original Filename : ScriptPW.DLL Product Name : ScriptPW Module Product Version : 1, 0, 0, 1 OLE Self Register :
VirusTotal Report submitted 2012-03-05 07:28:09
VirusShare info last updated 2012-10-09 11:27:24

	MD5	3dd2b258f32fe46e82c36aac0b4ec3d8
	SHA1	1c61034c4d8f05e260a5cb5ac0fe6f39dad4d3c2
	SHA256	5ca4d3ae74b7db54b99f2ca776eb5d1f652ef2ade430e5b6bc1ebccaa73bb541
SSDeep	3072:S+fM6rU50oY8AChBFyscXOYP2/dFzaMqqDLy/roDbc:mekPj0O1FzJqqDLur
Size	131072 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:Vundo-JX [Trj] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/Genetic.gen nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware VirusBuster = Trojan.Vundo.AKMH eTrust-Vet = Win32/Vundo.HPV!genus TrendMicro-HouseCall = TROJ_GEN.R72C2G4 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Artemis!3DD2B258F32F TrendMicro = TROJ_GEN.R72C2G4 Microsoft = Trojan:Win32/Vundo.gen!AV PCTools = Trojan.Gen McAfee = Artemis!3DD2B258F32F F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Vundo-JX [Trj] eSafe = Win32.TRVundo AVG = Generic23.YIS Norman = W32/Suspicious_Gen2.MZNQQ Symantec = Trojan.Gen GData = Gen:Variant.Vundo.4 BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Size : 128 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:05 18:48:40-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 86016 Initialized Data Size : 86016 Uninitialized Data Size : 0 Entry Point : 0x151a7 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.1.4026.0 Product Version Number : 2.0.0.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : Ncpniezam Kdqqjqacykd File Description : Movie Maker Filters File Version : 2, 1, 4026, 0 Internal Name : WMM2FILT Legal Copyright : Copyright (C) Lfwckqjlh Corp, 2004 Legal Trademarks : Original Filename : WMM2FILT.DLL Private Build : Product Name : Windows Movie Maker Product Version : 2.1.4026.0 Special Build :
VirusTotal Report submitted 2011-07-11 23:54:59
VirusShare info last updated 2012-10-09 11:30:15

	MD5	3fff9e54033ca2cc6af6c53b3caa854a
	SHA1	68b2caeb4bce620fdd15956402330f436aecb34b
	SHA256	31de83256874aa3aebee07a7dc678c7893c43575f443c4705cd571c7dbf34329
SSDeep	3072:pWVYwvEp5tsWw9I11DwVpJWAoJC7opp+e+z4mRBDjyNG:pMcbtsDpuCTz4mRBny
Size	133120 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-GD [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.FakeAV K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!lrPz+Wa3hz4 eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R08C1F8 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Generic.dx!znb DrWeb = Trojan.WinSpy.1172 TrendMicro = TROJ_GEN.R08C1F8 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.ipsf McAfee = Generic.dx!znb F-Secure = Gen:Variant.Vundo.4 VIPRE = Virtumonde F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.AUNW Norman = W32/Kryptik.AIF GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Gen:Variant.Vundo.4 NOD32 = probably a variant of Win32/Kryptik.LXF
ExIF Data	File Size : 130 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:09 21:06:46-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 73728 Initialized Data Size : 98304 Uninitialized Data Size : 0 Entry Point : 0xfd9a OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 4.6.3.518 Product Version Number : 4.6.3.518 File Flags Mask : 0x30003f File Flags : (none) File OS : Windows 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Windows, Latin1 Company Name : Microsoft Corporation File Description : Microsoft DirectDraw File Version : 4.06.03.0518 Internal Name : ddraw.dll Legal Copyright : Copyright © Microsoft Corp. 1994-1999 Original Filename : ddraw.dll Product Name : Microsoft® DirectX for Windows® 95 and 98 Product Version : 4.06.03.0518
VirusTotal Report submitted 2012-03-06 19:08:32
VirusShare info last updated 2012-10-09 12:29:14

	MD5	41ec25741969ab482a5a1168a1c0e4fc
	SHA1	71f0cb09bfcd7154ba28660795623cda0f7239e4
	SHA256	899ce15793673dd7e0fbc15e1a916a709b91b09060657326147b2946eafe0274
SSDeep	1536:O+wPAmGmLzb9shtwiYqpboiLQ3Fq1CnCRJZuZMqqU+NV23S2c:x4GmLzaPwiYabo78kZMqqDLy/c
Size	86528 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-HH [Cryp] Antiy-AVL = Trojan/win32.agent.gen Ikarus = Trojan.Win32.Pirminay Kingsoft = Win32.Troj.Generic.(kcloud) AhnLab-V3 = Trojan/Win32.FakeAV Panda = Trj/Genetic.gen Rising = Trojan.Win32.Generic.1295F2BD nProtect = Trojan/W32.Agent.86528.MA K7AntiVirus = Trojan TrendMicro-HouseCall = TROJ_GEN.R31C1HN Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Win32.Vundo.av5.AD SUPERAntiSpyware = Trojan.Agent/Gen-Vundo McAfee-GW-Edition = Vundo.gen.fy DrWeb = Trojan.WinSpy.1072 TrendMicro = TROJ_GEN.R31C1HN Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.HSC Jiangmin = Trojan/Generic.gije McAfee = Vundo.gen.fy F-Secure = Gen:Variant.Vundo.4 VIPRE = Virtumonde eSafe = Win32.TRVundo F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Vundo.MH Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen Symantec = Trojan.Gen GData = Gen:Variant.Vundo.4 Commtouch = W32/Virtumonde.CH.gen!Eldorado Agnitum = Trojan.Kryptik!g/2OT5/ORE8 TheHacker = Trojan/Kryptik.owy ESET-NOD32 = a variant of Win32/Kryptik.OWY BitDefender = Gen:Variant.Vundo.4
ExIF Data	File Size : 84 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:13 09:32:51-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 32768 Initialized Data Size : 106496 Uninitialized Data Size : 0 Entry Point : 0x8a87 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Softpub Forwarder DLL File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : Softpub Forwarder DLL Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : Softpub Forwarder DLL Product Name : Microsoft® Windows® Operating System Product Version : 6.1.7600.16385
VirusTotal Report submitted 2012-10-07 06:35:36
VirusShare info last updated 2012-10-09 13:21:22

	MD5	42a5344cc3125257822b35c93c31c2d7
	SHA1	c71b64728c41afdd79c5078504e423fe45f9970a
	SHA256	35558cdb8d035631d8eac11b4a6cc8e0380db4fb7e28ec70d57a3273a931358d
SSDeep	3072:S+kY6rU50oY8ACWmjFcX8EvmdFzyMqqDLy/voDbc:tekFR08pFzRqqDLuv
Size	131072 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:Vundo-JX [Trj] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/Genetic.gen nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware VirusBuster = Trojan.Vundo.AKMH eTrust-Vet = Win32/Vundo.HPV!genus Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Vundo!iz Microsoft = Trojan:Win32/Vundo.gen!AV McAfee = Vundo!iz F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Vundo-JX [Trj] eSafe = Win32.TRVundo AVG = Generic23.VOR Norman = W32/Suspicious_Gen2.MZNXS GData = Gen:Variant.Vundo.4 BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Size : 128 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:05 18:48:40-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 86016 Initialized Data Size : 86016 Uninitialized Data Size : 0 Entry Point : 0x151a7 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.1.4026.0 Product Version Number : 2.0.0.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : Ncpniezam Kdqqjqacykd File Description : Movie Maker Filters File Version : 2, 1, 4026, 0 Internal Name : WMM2FILT Legal Copyright : Copyright (C) Lfwckqjlh Corp, 2004 Legal Trademarks : Original Filename : WMM2FILT.DLL Private Build : Product Name : Windows Movie Maker Product Version : 2.1.4026.0 Special Build :
VirusTotal Report submitted 2011-07-11 23:54:21
VirusShare info last updated 2012-10-09 13:40:06

	MD5	449053cebf3484b65f9f366cbb244015
	SHA1	a8dbd64c534df4d234933e3ad4b39c3b095946e9
	SHA256	338104d08b0d0cda59364d9a176a8e4e678d46009b1a99a84e77e049f90024bb
SSDeep	3072:WeNPAwgOObqPsN+6bbnH29LVoev52b8IJlVKC:W4P79kYEbnHYLR2jM
Size	155648 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay Panda = Generic Trojan K7AntiVirus = Riskware VirusBuster = Adware.Virtumonde!DQM1HWx3QcM TrendMicro-HouseCall = TROJ_GEN.R47C1DO Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Vundo McAfee-GW-Edition = Vundo!ht TrendMicro = TROJ_GEN.R47C1DO Microsoft = Trojan:Win32/Vundo Fortinet = W32/Vundo.HT!tr PCTools = Trojan.Gen McAfee = Vundo!ht VIPRE = Virtumonde Prevx = Medium Risk Malware Avast5 = Win32:Malware-gen AVG = Generic21.BBCB Symantec = Trojan.Gen.2 GData = Trojan.Generic.KDV.194043 BitDefender = Trojan.Generic.KDV.194043 NOD32 = Win32/Adware.Virtumonde.NHD
ExIF Data	File Size : 152 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:26 16:41:31-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 86016 Initialized Data Size : 102400 Uninitialized Data Size : 0 Entry Point : 0x1244e OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7000.0 Product Version Number : 6.1.7000.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 4 Language Code : English (U.S.) Character Set : Unicode Company Name : Uxthhdeui Psowbxeuwxd File Description : RDP Reflector Driver Miniport File Version : 6.1.7000.0 (winmain_win7beta.081212-1400) Internal Name : RDPREFMP.SYS Legal Copyright : © Rbnymbats Evjtimdxzbh. All rights reserved. Original Filename : RDPREFMP.SYS Product Name : Rfntuzsvd® Uxyqfjg® Gedouunyk Imlqkx Product Version : 6.1.7000.0
VirusTotal Report submitted 2011-05-02 11:31:51
VirusShare info last updated 2012-10-09 14:32:26

	MD5	4559d0d1446aec198776ef70c1a01974
	SHA1	691669b2ca67e20b191ee8f8debdc362ae36714e
	SHA256	8d539a3a2f893dd17a93c1d19d163b9fe05691f196cedae121160410dfca51e2
SSDeep	3072:S+4ie6rU50oY8ACqUMtcX/zZIdFzNMqqDLy/2oDbc:qekHs0/gFzeqqDLu2
Size	131072 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:Vundo-JX Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.4 VirusBuster = Trojan.Vundo.AKMH eTrust-Vet = Win32/Vundo.HPV!genus TrendMicro-HouseCall = TROJ_GEN.R47C2G4 Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Artemis!4559D0D1446A TrendMicro = TROJ_GEN.R47C2G4 Microsoft = Trojan:Win32/Vundo.gen!AV McAfee = Artemis!4559D0D1446A F-Secure = Gen:Variant.Vundo.4 VIPRE = Virtumonde Avast5 = Win32:Vundo-JX AVG = Generic23.AOWX GData = Gen:Variant.Vundo.4 BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Size : 128 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:05 18:48:40-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 86016 Initialized Data Size : 86016 Uninitialized Data Size : 0 Entry Point : 0x151a7 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.1.4026.0 Product Version Number : 2.0.0.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : Ncpniezam Kdqqjqacykd File Description : Movie Maker Filters File Version : 2, 1, 4026, 0 Internal Name : WMM2FILT Legal Copyright : Copyright (C) Lfwckqjlh Corp, 2004 Legal Trademarks : Original Filename : WMM2FILT.DLL Private Build : Product Name : Windows Movie Maker Product Version : 2.1.4026.0 Special Build :
VirusTotal Report submitted 2011-07-05 07:01:18
VirusShare info last updated 2012-10-09 14:51:17

	MD5	48d201caaf28775027b6e3be6d29aba6
	SHA1	1c8f115214f1594efb38b320c56e417a92ec3aa6
	SHA256	52003d6c7b433e9fe5c3176b9870d448c25b95d316ff5c2cb478f066e41f9331
SSDeep	1536:C9q2mG8HbQ9shpE3iYEAPboMaLQ3FZ1CnCRJZuZMqqU+NV23S2+:CuG8HbxvE3iYE+boV8kZMqqDLy/+
Size	86528 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-HH [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Fakeav.86528.R Panda = Trj/Genetic.gen Rising = Trojan.Win32.Generic.12897A42 nProtect = Trojan/W32.Agent.86528.MA K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!YEEL8hPACxc eTrust-Vet = Win32/Vundo.HSC TrendMicro-HouseCall = TROJ_GEN.R3EC2G8 Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Vundo McAfee-GW-Edition = Vundo!jd DrWeb = Trojan.WinSpy.1072 TrendMicro = TROJ_GEN.R3EC2G8 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.gije McAfee = Vundo!jd F-Secure = Gen:Variant.Vundo.4 VIPRE = Virtumonde F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.AWQS Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.owy BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.OWY
ExIF Data	File Size : 84 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:13 09:32:51-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 32768 Initialized Data Size : 106496 Uninitialized Data Size : 0 Entry Point : 0x8a87 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Softpub Forwarder DLL File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : Softpub Forwarder DLL Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : Softpub Forwarder DLL Product Name : Microsoft® Windows® Operating System Product Version : 6.1.7600.16385
VirusTotal Report submitted 2012-03-18 09:23:24
VirusShare info last updated 2012-10-09 16:18:32

	MD5	4a08d651ddece081906da7fcddd7f647
	SHA1	d8bfb80e4495d5a2442dd262962db9dbba600421
	SHA256	864522ef529c27585694ed428f71c39ff1b66569342778e56a1ba3f2e4b655df
SSDeep	3072:VRM+CQ2bpfKA1zZ/WfROGAbrzHJq84Yph24d2kVYySivuSBGafogriC9BDMqqDLl:VG+CQ2bpfR1d/WfROGAbrzHJq84Yph2t
Size	183808 bytes
File Type	MS-DOS executable
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Malware/Win32.Generic Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.4 VirusBuster = Trojan.Kryptik!nAM08W25uWY Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falleg[RE] McAfee-GW-Edition = Generic.dx!zxs Microsoft = Trojan:Win32/Vundo McAfee = Generic.dx!zxs F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Malware-gen AVG = Generic23.ASQA Norman = W32/Suspicious_Gen2.NHPDB GData = Gen:Variant.Vundo.4 BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.NPN
ExIF Data	File Size : 180 kB Error : Unknown file type
VirusTotal Report submitted 2011-07-09 00:47:42
VirusShare info last updated 2012-10-09 16:41:45

	MD5	501a8383bcb2a37c124ee2cfe6930a2d
	SHA1	a9c5496ef72859cd601d435c4570f854212a256d
	SHA256	5015cf4bfc12ac760381b00827739d3dae7aa8bbf2180576ffcae36256ad0f97
SSDeep	3072:O2X6lA/Kspgs7a1x+tQE1q4s4qYxuLNqA7UQsYa9XYtaYvBW30JE:Om6l6fpg31x+tQEq45xQNHBaa5vBW
Size	114688 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/win32.agent.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Gen Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.13 VirusBuster = Trojan.Kryptik!Wjzd6BlNCC4 TrendMicro-HouseCall = TROJ_GEN.R72C1GB Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Generic.dx!zxe TrendMicro = TROJ_GEN.R72C1GB Microsoft = Trojan:Win32/Vundo PCTools = Trojan.Gen McAfee = Generic.dx!zxe F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-EI [Cryp] AVG = Generic23.AJVN Norman = W32/Suspicious_Gen2.NIVQO Symantec = Trojan.Gen GData = Gen:Variant.Vundo.13 TheHacker = Trojan/Kryptik.oxo BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.OXO
ExIF Data	File Size : 112 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:11:13 10:57:47-05:00 PE Type : PE32 Linker Version : 5.12 Code Size : 73728 Initialized Data Size : 86016 Uninitialized Data Size : 0 Entry Point : 0x1275b OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.131.3790.0 Product Version Number : 5.131.3790.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Omnuhcara Fnicrartgik File Description : MSCAT32 Forwarder DLL File Version : 5.131.3790.0 (srv03_rtm.030324-2048) Internal Name : MSCAT32 Forwarder DLL Legal Copyright : © Pimyrnmmk Yvpzgvvcutu. All rights reserved. Original Filename : MSCAT32 Forwarder DLL Product Name : Wytvtrjep® Dddkvzo® Mqbtlvedr Uxmijy Product Version : 5.131.3790.0
VirusTotal Report submitted 2011-07-20 06:33:14
VirusShare info last updated 2012-10-09 19:28:57

	MD5	507d95cc9747d116d452091ac055064a
	SHA1	c39f57ee2059b82fe562b95be37e4f10749c6314
	SHA256	8d4c26689defccdbb31669f0c578ce392da34efddef3635775d755c099b9ef38
SSDeep	3072:EBpZsWfEa8Z2f0yKrlRKnBHwdnMRwaDdSO:E4ag2cyKmBQVonN
Size	114688 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:Trojan-gen Antiy-AVL = Trojan/Win32.Agent2.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Malware/Win32.Generic Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.13 Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Vundo.av SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] DrWeb = Trojan.Siggen2.28609 Microsoft = Trojan:Win32/Vundo.gen!AV Jiangmin = Trojan/Agent.evtk F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) Prevx = Medium Risk Malware Dropper Avast5 = Win32:Vundo-JU AVG = Generic22.ONM GData = Gen:Variant.Vundo.13 TheHacker = Trojan/Kryptik.ndi BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.NDI
ExIF Data	File Size : 112 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:09:23 03:29:11-04:00 PE Type : PE32 Linker Version : 5.12 Code Size : 45056 Initialized Data Size : 102400 Uninitialized Data Size : 0 Entry Point : 0x8131 OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.0.2134.1 Product Version Number : 5.0.2134.1 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Drdqvcasxqo File Description : Control Panel Console Applet File Version : 5.00.2134.1 Internal Name : Console Legal Copyright : Copyright (C) Tpfkytyvm Corp. 1981-1999 Original Filename : CONSOLE.DLL Product Name : Vhnvgfrur(R) Pnqxxto (R) 2000 Wqrkstcaa Jqirqf Product Version : 5.00.2134.1
VirusTotal Report submitted 2011-05-20 04:11:26
VirusShare info last updated 2012-10-09 19:45:08

	MD5	542dbacec6df5d009ca251998836594b
	SHA1	5ef8b93a824b68a86e23c160a26edb940a750f64
	SHA256	8402491aec53fae6379ea8021b9293b2c52c8f4c90bea802d474d495bb80b526
SSDeep	3072:jbILq7rUWhTYC413e91KgOeH2Kxo39TCoAZfARjxos7pI:jU+S1eQeWKiBIoJxo
Size	131072 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-EI Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Gen Panda = Generic Trojan nProtect = Gen:Variant.Vundo.13 K7AntiVirus = Riskware SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Generic.dx!zvd Microsoft = Trojan:Win32/Vundo PCTools = Trojan.Gen McAfee = Generic.dx!zvd F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-EI eSafe = Win32.TRVundo AVG = Generic22.BKGL Norman = W32/Suspicious_Gen2.MWMIZ Symantec = Trojan.Gen.2 GData = Gen:Variant.Vundo.13 TheHacker = Trojan/Kryptik.lxf BitDefender = Gen:Variant.Vundo.13 NOD32 = probably a variant of Win32/Kryptik.LXF
ExIF Data	File Size : 128 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:09:29 14:44:39-04:00 PE Type : PE32 Linker Version : 5.12 Code Size : 69632 Initialized Data Size : 94208 Uninitialized Data Size : 0 Entry Point : 0xdefe OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.5512 Product Version Number : 5.1.2600.5512 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Bxufqhusc Lsyvnozowtk File Description : USB Miniport Driver for Input Devices File Version : 5.1.2600.5512 (xpsp.080413-2108) Internal Name : HIDUSB.SYS Legal Copyright : © Kkwhopsnl Rujmohcknfq. All rights reserved. Original Filename : HIDUSB.SYS Product Name : Fzvycrpqx® Lpjnpml® Lkuzhsgyu Aezppw Product Version : 5.1.2600.5512
VirusTotal Report submitted 2011-07-04 01:05:39
VirusShare info last updated 2012-10-09 21:35:20

	MD5	55c2e410a62a9df46f1e8a325f936b7f
	SHA1	20f4d5e4b6adee0cabfe80fed7094182ab9ef2cb
	SHA256	86b02eca73858099554d5dac155e497825098bcc72ae19e5e49a21d838631063
SSDeep	3072:+2nw3C9d2HIUdWjdR75QKWUDO8st7pRpo2:pwy9w/dWjTlXjDHsw
Size	103424 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:Trojan-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Malware/Win32.Suspicious Panda = Suspicious file Rising = Trojan.Win32.Generic.12535B02 nProtect = Joke/W32.Renos.103424.C Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Redirect McAfee-GW-Edition = Vundo!gy Microsoft = Trojan:Win32/Vundo Fortinet = W32/Agent.PG!tr PCTools = RogueAntiSpyware.SpywareStrike!rem McAfee = Vundo!gy F-Secure = Trojan.Renos.PJY VIPRE = Trojan.Win32.Vundo Prevx = High Risk Fraudulent Security Program Avast5 = Win32:Trojan-gen F-Prot = W32/Virtumonde.BZ.gen!Eldorado AVG = Crypt_c.CEV Symantec = SpywareStrike GData = Trojan.Renos.PJY Commtouch = W32/Virtumonde.BZ.gen!Eldorado TheHacker = Trojan/Kryptik.hhf BitDefender = Trojan.Renos.PJY NOD32 = a variant of Win32/Kryptik.HHF
ExIF Data	File Size : 101 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:17 15:51:36-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 92160 Initialized Data Size : 48640 Uninitialized Data Size : 0 Entry Point : 0x17649 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : Neutral Character Set : Unicode Company Name : Microsoft Corporation File Description : KO Hangeul Keyboard Layout for 101 (Type A) File Version : 6.0.6000.16386 (vista_rtm.061101-2205) Internal Name : kbd101a Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : kbd101a.dll Product Name : Microsoft® Windows® Operating System Product Version : 6.0.6000.16386
VirusTotal Report submitted 2011-02-04 12:56:14
VirusShare info last updated 2012-10-09 22:19:45

	MD5	57c369ba0db0e01a3aaf4df5449357d5
	SHA1	e1d1369f6735a50bcace7bb1751c5af52d0d191a
	SHA256	3e341a7f7db883d6fb8a1c6a23682ac051a518980f862e88d4f59d4f492ac7cb
SSDeep	3072:ikx1TowU848zM97tu1G31fyu9oiMqqDLy/L4SV8:9x1W8zqha8IqqDLuVV8
Size	118784 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Genome Panda = Suspicious file nProtect = Gen:Variant.Vundo.7 K7AntiVirus = Riskware Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Kundo Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV F-Secure = Gen:Variant.Vundo.7 Avast5 = Win32:Malware-gen F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.AGKM Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.7 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Genome.srdh BitDefender = Gen:Variant.Vundo.7 NOD32 = probably a variant of Win32/Kryptik.LXF
ExIF Data	File Size : 116 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:16 03:31:27-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 40960 Initialized Data Size : 118784 Uninitialized Data Size : 0 Entry Point : 0x6ec2 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1998.11.13.0 Product Version Number : 7.0.6.23 File Flags Mask : 0x003f File Flags : (none) File OS : Win16 Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Windows, Latin1 Platform : Windows Company Name : Microsoft Corporation File Description : SQL Client Configuration Utility. File Version : 1998.11.13 Internal Name : CLICONFG. Legal Copyright : Copyright © Microsoft Corp. 1988-1998 Legal Trademarks : Microsoft® is a registered trademark of Microsoft Corporation. Windows(TM) is a trademark of Microsoft Corporation Original Filename : CLICONFG.EXE. Product Name : Microsoft SQL Server Product Version : 7.00.623 Comments : Windows
VirusTotal Report submitted 2011-08-12 14:19:17
VirusShare info last updated 2012-10-09 23:19:52

	MD5	58e2dd38cefe6bd3f56a3cae46fc9e99
	SHA1	30ef08157ef7ca9784d4bf5f579a92ca233abfc0
	SHA256	526d887f99291301df8cfd7f9515d50e5a7b7ba687fa65b0aeec17f40c2b99ba
SSDeep	1536:9b8E5A4c3eRr+B2W5PTv8Wwd2kG72mUEi1eogApF4oLyzo9n:9ol4cOyPjH6mUEJViyzo9n
Size	110592 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-GD [Cryp] Antiy-AVL = Trojan/win32.agent.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.HDC Panda = Suspicious file Rising = Trojan.Win32.Generic.129BDC55 nProtect = Gen:Variant.Vundo.13 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!e5X2eQPsals TrendMicro-HouseCall = TROJ_GEN.R30C7J3 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Vundo.av McAfee-GW-Edition = Artemis!58E2DD38CEFE DrWeb = Trojan.WinSpy.1236 TrendMicro = TROJ_GEN.R30C7J3 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV PCTools = Trojan.Gen Jiangmin = Trojan/Generic.jffu McAfee = Artemis!58E2DD38CEFE F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.ADTX Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.13 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.myj BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.MYJ
ExIF Data	File Size : 108 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:07:18 14:53:13-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 81920 Initialized Data Size : 61440 Uninitialized Data Size : 0 Entry Point : 0x11382 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Microsoft® License Server Interface DLL File Version : 5.1.2600.0 (xpclient.010817-1148) Internal Name : ntlsapi.dll Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : ntlsapi.dll Product Name : Microsoft® Windows® Operating System Product Version : 5.1.2600.0
VirusTotal Report submitted 2011-10-31 03:48:37
VirusShare info last updated 2012-10-09 23:56:04

	MD5	5b22b855842f192e8fa392a1bb74dd82
	SHA1	4b9656b2cab02f072fba4ae2eb599951320d8cb5
	SHA256	37e3b8393ea4ac85ab0ffd04a8f2cb0d273a939e2b53f1aaf4412c1ece3dda4a
SSDeep	1536:/Yj2mGYIP9shXEiYPwUboNLQ3Ff1CnCRJZuCMqqU+NV23S2S:/OGYI+1EiYYUbof8kCMqqDLy/S
Size	86528 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:Vundo-JW Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.FakeAV Panda = Suspicious file nProtect = Gen:Variant.Vundo.4 Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Vundo!ja Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Jiangmin = Trojan/Generic.gije McAfee = Vundo!ja F-Secure = Gen:Variant.Vundo.4 VIPRE = Virtumonde Avast5 = Win32:Vundo-JW AVG = Generic23.AJAH GData = Gen:Variant.Vundo.4 TheHacker = Trojan/Kryptik.owy BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.OWY
ExIF Data	File Size : 84 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:13 09:32:51-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 32768 Initialized Data Size : 106496 Uninitialized Data Size : 0 Entry Point : 0x8a87 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Softpub Forwarder DLL File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : Softpub Forwarder DLL Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : Softpub Forwarder DLL Product Name : Microsoft® Windows® Operating System Product Version : 6.1.7600.16385
VirusTotal Report submitted 2011-07-04 17:25:01
VirusShare info last updated 2012-10-10 01:06:23

	MD5	5c49f382b6b13c1bd18063845304ec5e
	SHA1	c959ba13b1dcd26a504d52eb4f89c6965f626d73
	SHA256	54890c37d765a1300a2cac0522c149646622306973f4048862f78546651534f7
SSDeep	3072:RL2nFakWH70tjJocJhYxweCrf7rTi462fULmMbEo7jG1F:RLUak7VocJYweu/I28LmQBs
Size	120832 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-GD [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Gen Panda = Generic Trojan K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik.Gen.16 TrendMicro-HouseCall = TROJ_GEN.R72C2G7 Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Generic.evx!a DrWeb = Trojan.WinSpy.1073 TrendMicro = TROJ_GEN.R72C2G7 Microsoft = Trojan:Win32/Vundo PCTools = Trojan.Gen McAfee = Generic.evx!a F-Secure = Trojan.Generic.KDV.273177 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-GD [Cryp] eSafe = Win32.TRVundo AVG = Generic23.AGPH Symantec = Trojan.Gen GData = Trojan.Generic.KDV.273177 TheHacker = Trojan/Kryptik.npn BitDefender = Trojan.Generic.KDV.273177 NOD32 = a variant of Win32/Kryptik.NPN
ExIF Data	File Size : 118 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:14 13:39:47-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 69632 Initialized Data Size : 94208 Uninitialized Data Size : 0 Entry Point : 0x11a81 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1.3.0.3130 Product Version Number : 1.3.0.3130 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Jywyluocc Vhpbrgajfmp File Description : TDC ActiveX Control File Version : 1, 3, 0, 3130 Internal Name : TDC Legal Copyright : Copyright © 1996, 1997 Original Filename : TDC.OCX Product Name : Tabular Data Control Product Version : 1, 3, 0, 3130
VirusTotal Report submitted 2011-07-16 18:09:53
VirusShare info last updated 2012-10-10 01:45:32

	MD5	5c690dbbb0cda689fb3ef35732110d94
	SHA1	dc4b92e767685a6972b4d1fc4e7f985bf2811b83
	SHA256	3647e4273ad1187bee2e2ef5b7798d34c1f06aef459e2bcb13ae4cf3f87a2de6
SSDeep	6144:c0CvZTJ/KX39zucJXCd6eEpWuJw8lFCEOxICGPT:6Z9/KHQiX6EpWu9dp7PT
Size	259816 bytes
File Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Detections	Avast = Win32:Pirminay-BW [Trj] Ikarus = Trojan.Pirminay-BW Comodo = UnclassifiedMalware Emsisoft = Trojan.Pirminay-BW!IK McAfee-GW-Edition = Heuristic.BehavesLike.Win32.ModifiedUPX.C F-Prot = W32/Damaged_File.gen!Eldorado AVG = Suspicion: unknown virus Norman = W32/Suspicious_Gen2.dam GData = Win32:Pirminay-BW Commtouch = W32/Damaged_File.gen!Eldorado TheHacker = W32/Behav-Heuristic-CorruptFile-EP
ExIF Data	File Size : 254 kB File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:03:17 13:24:10-05:00 PE Type : PE32 Linker Version : 5.12 Code Size : 303104 Initialized Data Size : 4096 Uninitialized Data Size : 393216 Entry Point : 0xaa750 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI Warning : Error processing PE data dictionary
VirusTotal Report submitted 2012-04-06 04:05:56
VirusShare info last updated 2012-10-10 01:49:09

	MD5	5cbaf7b5b0cb7ef9479d3b8a5d21b1ff
	SHA1	ac70f0767600d07f435aaf3fa3db0abd441cf483
	SHA256	343ee1828d1b94ca4c92fb4b93a33c94931bd5e302cebc03b0dded5d88d4c153
SSDeep	3072:XKzLvTWp3CotiJvHAmU8n1VhBCimczxq1i4gPrta:krTWpyotiDVl3zx4iFt
Size	122880 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/Win32.Menti.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Menti Panda = Trj/CI.A nProtect = Trojan/W32.Agent.122880.ZK K7AntiVirus = Riskware VBA32 = AdWare.SuperJuan.heur eTrust-Vet = Win32/Monder.A!generic TrendMicro-HouseCall = TROJ_GEN.R06C7LA Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Vundo.Gen McAfee-GW-Edition = Vundo!ni DrWeb = Trojan.Siggen2.27947 TrendMicro = TROJ_GEN.R06C7LA Kaspersky = Trojan.Win32.Menti.jfww Fortinet = W32/Menti.fam!tr PCTools = Trojan.Gen Jiangmin = Trojan/Menti.aok McAfee = Vundo!ni F-Secure = Gen:Variant.Buzy.3628 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic26.WCE Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Buzy.3628 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.kfj BitDefender = Gen:Variant.Buzy.3628 NOD32 = a variant of Win32/Kryptik.KFJ
ExIF Data	File Size : 120 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:11:29 03:13:55-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 65536 Initialized Data Size : 90112 Uninitialized Data Size : 0 Entry Point : 0x10ab4 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1.0.33.0 Product Version Number : 1.0.33.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : Hewlett Packard Corporation File Description : JobRetention Render Plug-In module File Version : 1.0.33.0 Internal Name : HPCJOBRETR Legal Copyright : Copyright © 1997 - 2001 Legal Trademarks : Original Filename : Private Build : Product Name : Hewlett Packard JobRetention render module Product Version : 1.0.33.0 Special Build :
VirusTotal Report submitted 2011-12-13 22:59:53
VirusShare info last updated 2012-10-10 01:59:11

	MD5	5f12b9dc6655272690cb3e60fed200d3
	SHA1	23425b7d9c1ab80f56a5fdb466b8461fb840dfe8
	SHA256	517171c3835c29c855d8f53df2527bdc83a51158a4d07bce56a6418fd69938d1
SSDeep	12288:jKZ7y8yRxTmYdjO+gC9pBemjN5aWYPC3HDz:jKETaUgYnr8WYPCXDz
Size	483789 bytes
File Type	PE32 executable (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Dldr.Ponmocup.A.240 Avast = Win32:Vundo-JU [Trj] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay nProtect = Trojan.Generic.KDV.182684 K7AntiVirus = Riskware VirusBuster = Trojan.DL.Ponmocup!scNGICtXqTo TrendMicro-HouseCall = TROJ_GEN.R28C2EC Comodo = TrojWare.Win32.Trojan.Agent.Gen Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = TrojanDownloader.Ponmocup McAfee-GW-Edition = Artemis!5F12B9DC6655 DrWeb = Trojan.DownLoader5.44214 TrendMicro = TROJ_GEN.R28C2EC Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Kryptik.ANL!tr PCTools = Adware.Lop!rem Jiangmin = Trojan/Jorik.nsn McAfee = Artemis!5F12B9DC6655 F-Secure = Trojan.Generic.KDV.182684 VIPRE = Trojan.Win32.Generic!BT F-Prot = W32/Ponmocup.A.gen!Eldorado AVG = Downloader.Generic11.SBH Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Trojan.Generic.KDV.182684 Symantec = Adware.ADH Commtouch = W32/Ponmocup.A.gen!Eldorado TheHacker = Trojan/Downloader.Agent.pxo BitDefender = Trojan.Generic.KDV.182684 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Size : 472 kB File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:09:03 20:34:14-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 458752 Initialized Data Size : 385024 Uninitialized Data Size : 0 Entry Point : 0x6d45f OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 4.4.0.3400 Product Version Number : 4.4.0.3400 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Windows, Latin1 Company Name : Liokqanoq Corporation File Description : RTP/RTCP Core Module File Version : 4.4.3400 Internal Name : RRCM Legal Copyright : Copyright © Mojdqrgoc Ipizoiuuqix, 1996-1999 Original Filename : RRCM.DLL Product Name : RRCM.DLL Product Version : 4.4.3400
VirusTotal Report submitted 2012-04-07 15:05:36
VirusShare info last updated 2012-10-10 03:18:37

	MD5	632d02258d361da15a61b6591e9b230e
	SHA1	e56672d0a6fe68e4fbe2790c3740dd84d5a68fa4
	SHA256	3d84ed5426c025dd532d1dfd5a14243c30ef36c0a664de788d81dec520349ad7
SSDeep	1536:sKeqO8Eu0jXdfUtYbGbRRFoJ/lt0lyQBl27sTSa7p5Bt3cXdf+tKSY/lzl:sK5O8oXTbCdojt0lyQBlHTSad5P3GgSz
Size	89088 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Packed/Win32.Generic Panda = Suspicious file nProtect = Trojan.Generic.KDV.95076 TrendMicro-HouseCall = TROJ_GEN.R47C2LR Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Vundo!gv TrendMicro = TROJ_GEN.R47C2LR Microsoft = Trojan:Win32/Vundo.gen!AV PCTools = HeurEngine.MaliciousPacker McAfee = Vundo!gv F-Secure = Trojan.Generic.KDV.95076 VIPRE = Trojan.Win32.Vundo Prevx = High Risk Cloaked Malware Avast5 = Win32:Malware-gen AVG = Dropper.Generic2.CLPG Norman = W32/Suspicious_Gen2.FJSGF GData = Trojan.Generic.KDV.95076 Symantec = Packed.Generic.305 BitDefender = Trojan.Generic.KDV.95076 NOD32 = a variant of Win32/Injector.DSI
ExIF Data	File Size : 87 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:11:05 21:08:51-05:00 PE Type : PE32 Linker Version : 5.12 Code Size : 78848 Initialized Data Size : 41984 Uninitialized Data Size : 0 Entry Point : 0x1420d OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Microsoft Neutral Natural Language Server Data and Code File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : NlsData0024 Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : NlsData0024.dll Product Name : Microsoft® Windows® Operating System Product Version : 6.1.7600.16385
VirusTotal Report submitted 2010-12-30 14:50:08
VirusShare info last updated 2012-10-10 07:27:03

	MD5	63d960b9a5c3dc00db6ba196dfbf87c2
	SHA1	2cf10b91a8c6b3228b576e1369521bfb004217ca
	SHA256	8a880374fbd5b52bfdf6486131b74745e9a7e554f7a587d083968015f524854d
SSDeep	1536:n5Dh0Xd4w7Jrqrm2jWM+hSqyI1kq6oz8/Mg2NCmkfN/:n5Dh0XddB2jWhh/n1oo2bF/
Size	79360 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.4.445 Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Packed/Win32.Generic Panda = Suspicious file Rising = Trojan.Win32.Generic.125D50F1 K7AntiVirus = Riskware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Vundo.av Microsoft = Trojan:Win32/Vundo.gen!AV PCTools = HeurEngine.MaliciousPacker F-Secure = Gen:Variant.Vundo.4 Avast5 = Win32:Malware-gen F-Prot = W32/Virtumonde.BZ.gen!Eldorado AVG = Generic22.APFQ Symantec = Packed.Generic.305 GData = Gen:Variant.Vundo.4 Commtouch = W32/Virtumonde.BZ.gen!Eldorado BitDefender = Gen:Variant.Vundo.4 NOD32 = Win32/Adware.Virtumonde.NHD
ExIF Data	File Size : 78 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:01:07 05:58:15-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 14848 Initialized Data Size : 98304 Uninitialized Data Size : 0 Entry Point : 0x4859 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6002.18005 Product Version Number : 6.0.6002.18005 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : NPS Services Component File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830) Internal Name : IASSVCS.DLL Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : IASSVCS.DLL Product Name : Microsoft® Windows® Operating System Product Version : 6.0.6002.18005
VirusTotal Report submitted 2011-05-12 02:13:01
VirusShare info last updated 2012-10-10 08:02:10

	MD5	63fddc58bd565ce5d27fb1cf2d23d312
	SHA1	4181bff8ffca5cad874b261d929b1332de7d2008
	SHA256	3e3644d009022942a0026fe9ab208779315b52b72ecf6eb607ef882ae40f0190
SSDeep	1536:Ja3I3AzWHWUYe3wgKh6/69QR4WboU0Yc5BPsBD6WLgX6LKa0fvlzomn7u6yJgu:JII3FHW9e3HQ6/6CRg7BwmW0qGvlzTnV
Size	95744 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Suspicious file K7AntiVirus = Riskware VirusBuster = Trojan.Vundo!dfx4q+Qd+vM eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R72C2DQ Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.WinSpy.1328 TrendMicro = TROJ_GEN.R72C2DQ Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Vundo Jiangmin = Trojan/Generic.imne McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) eSafe = Win32.TRVundo F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.JDX Norman = W32/Suspicious_Gen2.LRSBN Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = Trojan.Vundo!gen9 Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Gen:Variant.Vundo.4 NOD32 = probably a variant of Win32/Kryptik.LXF
ExIF Data	File Size : 94 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:10 16:32:48-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 81920 Initialized Data Size : 49152 Uninitialized Data Size : 0 Entry Point : 0x14ab1 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.0 Product Version Number : 5.2.3790.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Xaaxgyesi Pewwrcilsmz File Description : Session Remote Control Utility File Version : 5.2.3790.0 (srv03_rtm.030324-2048) Internal Name : shadow Legal Copyright : © Dvituzzow Tqvhfjhgqcd. All rights reserved. Original Filename : shadow.exe Product Name : Ifimxlxgb® Dpbfokk® Hwwwivmmo Vlmpmg Product Version : 5.2.3790.0
VirusTotal Report submitted 2012-04-10 07:15:03
VirusShare info last updated 2012-10-10 08:10:20

	MD5	6554efdac8a62126d6c7352344673837
	SHA1	fbeea7850b4ced592b881c0ea288c40eb5c791ed
	SHA256	3f2e389fddd0620da9375ddca5af46ed0b83130c937b9037b3cd6e0c8e41a704
SSDeep	3072:S+m96rU50oY8ACdz7sJcXAZ/ddFz/MqqDLy/SoDbc:WekP00A9FzUqqDLuS
Size	131072 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:Vundo-JX [Trj] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/Genetic.gen nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!VBbhxvaup4Q eTrust-Vet = Win32/Vundo.HPV!genus TrendMicro-HouseCall = TROJ_GEN.R72C2G8 Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Vundo!iy TrendMicro = TROJ_GEN.R72C2G8 Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Vundo.IY!tr McAfee = Vundo!iy F-Secure = Trojan.Generic.6165920 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Vundo-JX [Trj] eSafe = Win32.TRVundo AVG = Generic23.TIR Norman = W32/Suspicious_Gen2.MYTPC GData = Trojan.Generic.6165920 BitDefender = Trojan.Generic.6165920 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Size : 128 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:05 18:48:40-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 86016 Initialized Data Size : 86016 Uninitialized Data Size : 0 Entry Point : 0x151a7 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.1.4026.0 Product Version Number : 2.0.0.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : Ncpniezam Kdqqjqacykd File Description : Movie Maker Filters File Version : 2, 1, 4026, 0 Internal Name : WMM2FILT Legal Copyright : Copyright (C) Lfwckqjlh Corp, 2004 Legal Trademarks : Original Filename : WMM2FILT.DLL Private Build : Product Name : Windows Movie Maker Product Version : 2.1.4026.0 Special Build :
VirusTotal Report submitted 2011-07-10 06:30:45
VirusShare info last updated 2012-10-10 09:31:33

	MD5	66cb5d8c26d57d462b6a6d1957719418
	SHA1	6a6c2645a01eef184122a738c387289dcab5a4e8
	SHA256	8067560a8a3acba2c1f4b8fb1707239045f7c266225f76a02c5ce983d75416ad
SSDeep	3072:78YRbC/e8peW3E17XXc58WVYirifflMcIACjg0YcYmbRIryLcfBq86OOW:DPuA7jYs6caYJmbRrGBqDW
Size	102912 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.307200 Avast = Win32:MalOb-EI Antiy-AVL = Trojan/win32.agent.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Malware/Win32.Generic Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.13 TrendMicro-HouseCall = TROJ_GEN.R47C2FC SUPERAntiSpyware = Trojan.Agent/Gen-Faldesc[RE] McAfee-GW-Edition = Artemis!66CB5D8C26D5 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV ViRobot = Trojan.Win32.Vundo.102912 McAfee = Artemis!66CB5D8C26D5 F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-EI F-Prot = W32/Virtumonde.CD.gen!Eldorado AVG = Generic22.BFHJ Norman = W32/Suspicious_Gen2.MUVAS GData = Gen:Variant.Vundo.13 Commtouch = W32/Virtumonde.CD.gen!Eldorado TheHacker = Trojan/Kryptik.lxf BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Size : 100 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:08:15 19:44:32-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 53248 Initialized Data Size : 90112 Uninitialized Data Size : 0 Entry Point : 0xa8a5 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6001.18000 Product Version Number : 6.0.6001.18000 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Crspatyrt Iiavhzuekfy File Description : Inttonhuv EAPHost Peer Client DLL File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840) Internal Name : eappprxy.dll Legal Copyright : © Tmzeezucf Orpcjqwwmcj. All rights reserved. Original Filename : eappprxy.dll Product Name : Egasnptin® Klrcaac® Cbpvxbcoj Nvuogg Product Version : 6.0.6001.18000
VirusTotal Report submitted 2011-06-14 02:48:11
VirusShare info last updated 2012-10-10 10:55:54

	MD5	68fb386c29bc94dfa9ed24c464c11b18
	SHA1	ec81d0eabc5dfe131abacbe0a47ee2ab2488e124
	SHA256	541021afe378bb3365f21b361694fe87baa2c5c20a47960a25b0962533800052
SSDeep	3072:ipcr0LU8C8zM97tu1G31fyuAo1MqqDLy/s4SV8:UcZ8zqha82qqDLuWV8
Size	118784 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-HH [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Genome Panda = Trj/Genetic.gen Rising = Trojan.Win32.Generic.128A6F96 K7AntiVirus = Riskware VirusBuster = Trojan.Vundo!PR3a2EVMONY eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R47C2GI Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Kundo McAfee-GW-Edition = Vundo!js DrWeb = Trojan.Click1.63787 TrendMicro = TROJ_GEN.R47C2GI Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.aaznh McAfee = Vundo!js F-Secure = Gen:Variant.Vundo.16 VIPRE = Virtumonde F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.AGKM Norman = W32/Suspicious_Gen2.NPNNF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.16 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Genome.srdh BitDefender = Gen:Variant.Vundo.16 NOD32 = probably a variant of Win32/Kryptik.LXF
ExIF Data	File Size : 116 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:16 03:31:27-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 40960 Initialized Data Size : 118784 Uninitialized Data Size : 0 Entry Point : 0x6ec2 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1998.11.13.0 Product Version Number : 7.0.6.23 File Flags Mask : 0x003f File Flags : (none) File OS : Win16 Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Windows, Latin1 Platform : Windows Company Name : Microsoft Corporation File Description : SQL Client Configuration Utility. File Version : 1998.11.13 Internal Name : CLICONFG. Legal Copyright : Copyright © Microsoft Corp. 1988-1998 Legal Trademarks : Microsoft® is a registered trademark of Microsoft Corporation. Windows(TM) is a trademark of Microsoft Corporation Original Filename : CLICONFG.EXE. Product Name : Microsoft SQL Server Product Version : 7.00.623 Comments : Windows
VirusTotal Report submitted 2012-04-13 06:05:00
VirusShare info last updated 2012-10-10 12:14:18

	MD5	6dfcde5b9ce7edba68dafe13c7aff281
	SHA1	16ccae3ec8dc9bb332dc46ab75f52856201eadc7
	SHA256	506aee891e46528470f415afe9b30324ce73b060d3e906d64a92aa1d7635a664
SSDeep	3072:/qlwakDzH77tjkoNV4xweCrf7+Tie7lfULmMbEo7ju1F:/q6akNYoNVuweuSz7l8LmQBE
Size	120832 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-GD [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Gen Panda = Trj/CI.A K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik.Gen.16 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Vundo!kg DrWeb = Trojan.WinSpy.1073 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV PCTools = Trojan.Gen Jiangmin = Trojan/Generic.imrk McAfee = Vundo!kg F-Secure = Trojan.Generic.6410482 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-GD [Cryp] F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.CQIS Sophos = Troj/Virtum-Gen GData = Trojan.Generic.6410482 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.npn BitDefender = Trojan.Generic.6410482 NOD32 = a variant of Win32/Kryptik.NPN
ExIF Data	File Size : 118 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:14 13:39:47-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 69632 Initialized Data Size : 94208 Uninitialized Data Size : 0 Entry Point : 0x11a81 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1.3.0.3130 Product Version Number : 1.3.0.3130 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Jywyluocc Vhpbrgajfmp File Description : TDC ActiveX Control File Version : 1, 3, 0, 3130 Internal Name : TDC Legal Copyright : Copyright © 1996, 1997 Original Filename : TDC.OCX Product Name : Tabular Data Control Product Version : 1, 3, 0, 3130
VirusTotal Report submitted 2011-08-31 06:57:26
VirusShare info last updated 2012-10-10 14:34:06

	MD5	710ca0efbf53edd601c6e79031171860
	SHA1	269493db476023c770bea2be9de8a055c7cd9806
	SHA256	861cef113f4401dc6d89cf61ce5897e016fbf8842face9533c14c7baf3f3b835
SSDeep	1536:uW9wfuqb45xM4HG+GaV5gcXolN7gyQzBE9C2ejLn8Zd8UG+I:P5xMuG8olN7vK2QYZd8UpI
Size	70656 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-EI Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Generic Trojan nProtect = Trojan.Generic.KDV.237575 Comodo = UnclassifiedMalware McAfee-GW-Edition = Generic.dx!zte Fortinet = W32/Dx.ZTE!tr McAfee = Generic.dx!zte F-Secure = Trojan.Generic.KDV.237575 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-EI AVG = Generic22.APVO Norman = W32/Suspicious_Gen2.MMNVD GData = Trojan.Generic.KDV.237575 TheHacker = Trojan/Kryptik.ndp BitDefender = Trojan.Generic.KDV.237575 NOD32 = a variant of Win32/Kryptik.NDP
ExIF Data	File Size : 69 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:05:10 03:51:51-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 24576 Initialized Data Size : 90112 Uninitialized Data Size : 0 Entry Point : 0x32e1 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.44.2.32 Product Version Number : 6.44.2.32 File Flags Mask : 0x003f File Flags : Private build File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Unicode Company Name : LSI Logic Corporation File Description : MegaRAID RAID Controller Driver for Qikzzbt Server 2003 for x86 File Version : 6.44.2.32 (NT.040809-2325) Internal Name : mraid35x.sys Legal Copyright : Copyright © LSI Logic Jofzefivxlc Original Filename : mraid35x.sys Product Name : MegaRAID Miniport Driver for Gviblmu Server 2003 for x86 Product Version : 6.44.2.32
VirusTotal Report submitted 2011-06-16 09:45:41
VirusShare info last updated 2012-10-10 15:59:09

	MD5	7573465e6efb96f870018a9fe4be0039
	SHA1	86d684ad773d9258ae37613ec187382e8a900c30
	SHA256	5c6ae8173e683fdb0e15327768f1ac6fdcebf629e3a469dd7f18a13c17714b91
SSDeep	3072:+NOpB3q7WVCR1n8049IMrv7lZMqqDLy/z:aO338WVCRFYWqqDLu
Size	114688 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Ikarus = Trojan.Win32.Pirminay Panda = Suspicious file nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware eTrust-Vet = Win32/Monder.A!generic Emsisoft = Trojan.Win32.Pirminay!IK DrWeb = Trojan.Smardec.75 Kaspersky = HEUR:Trojan.Win32.Generic Fortinet = W32/Moder.DRJY!tr F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado GData = Gen:Variant.Vundo.4 Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.QGJ
ExIF Data	File Size : 112 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:17 17:09:44-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 45056 Initialized Data Size : 110592 Uninitialized Data Size : 0 Entry Point : 0x78ca OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.0 Product Version Number : 5.2.3790.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Unicode Company Name : Drpoykpnw Nqiveywtblj File Description : Kernel Security Support Provider Interface File Version : 5.2.3790.0 (srv03_rtm.030324-2048) Internal Name : ksecdd.sys Legal Copyright : © Zgerjbzqh Runbrcbkpwz. All rights reserved. Original Filename : ksecdd.sys Product Name : Nsytoxfoj® Kwzjspk® Todupmbgw Ylfudo Product Version : 5.2.3790.0
VirusTotal Report submitted 2011-08-12 03:19:57
VirusShare info last updated 2012-10-10 17:56:39

	MD5	7a035053171e5c9a988d73995104a379
	SHA1	9dffbef2cea4ae6e6e17dd05bd2d1bd2f7a3f2dd
	SHA256	8df42343fd4283a713659003041f1d716f0afc6a5f42d0ca6f65a0288969111b
SSDeep	3072:EQ0/F4N5n3UbQVszzKPwY6zw2BgSaNmCdOlUMmfgHPFsikMqqDLy/MdJm:GeNpkb8IYtFpMmfgH2sqqDLu4
Size	184320 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:Pirminay-BU [Trj] Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Vundo Panda = Suspicious file nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware VirusBuster = Trojan.Vundo.Gen!Pac.49 eTrust-Vet = Win32/Monder.A!generic TrendMicro-HouseCall = TROJ_GEN.R1BC2G7 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Vundo!ja DrWeb = Trojan.Click1.54577 TrendMicro = TROJ_GEN.R1BC2G7 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/VUNDO.JA!tr McAfee = Vundo!ja F-Secure = Gen:Variant.Vundo.4 VIPRE = Virtumonde Avast5 = Win32:Pirminay-BU [Trj] F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.ACTC Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = WS.Reputation.1 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.llt BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LLT
ExIF Data	File Size : 180 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2007:02:28 11:10:14-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 106496 Initialized Data Size : 118784 Uninitialized Data Size : 0 Entry Point : 0x162e2 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Disk Management DCOM Interface Stub File Version : 6.0.6000.16386 (vista_rtm.061101-2205) Internal Name : dmintf.dll Legal Copyright : Copyright© 1985-2002 Microsoft Corporation. All rights reserved. .Portions Copyright © 1997-2002 Veritas Software. All rights reserved. Original Filename : dmintf.dll Product Name : Microsoft® Windows® Operating System Product Version : 6.0.6000.16386
VirusTotal Report submitted 2011-09-01 23:37:32
VirusShare info last updated 2012-10-10 20:24:57

	MD5	7a0eb0194776565addd9d9083ffb40e0
	SHA1	d5e038a83d3d5eeed37e73d2702c08114d3c27ee
	SHA256	524ef4b028a9f2b88177e7f4226a3482e3f42f17524f323259b8e752f0e1f738
SSDeep	1536:gpubOmGt0wNF9shssUiY8zbojLQ3F01CnCRJZu5MqqU+NV23S2h:gpEGt0GoqsUiYyboU8k5MqqDLy/h
Size	86528 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:Vundo-JW [Trj] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Fakeav.86528.R Panda = Trj/Genetic.gen nProtect = Trojan/W32.Agent.86528.MA K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!vfCXhTZh8Yw eTrust-Vet = Win32/Vundo.HSC TrendMicro-HouseCall = TROJ_GEN.R72C2FN Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Vundo!kf DrWeb = Trojan.WinSpy.1072 TrendMicro = TROJ_GEN.R72C2FN Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr Jiangmin = Trojan/Generic.gije McAfee = Vundo!kf F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Vundo-JW [Trj] F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.HMS Norman = W32/Suspicious_Gen2.NIRHG GData = Gen:Variant.Vundo.4 Symantec = WS.Reputation.1 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.owy BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.OWY
ExIF Data	File Size : 84 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:13 09:32:51-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 32768 Initialized Data Size : 106496 Uninitialized Data Size : 0 Entry Point : 0x8a87 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Softpub Forwarder DLL File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : Softpub Forwarder DLL Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : Softpub Forwarder DLL Product Name : Microsoft® Windows® Operating System Product Version : 6.1.7600.16385
VirusTotal Report submitted 2011-09-15 15:12:43
VirusShare info last updated 2012-10-10 20:26:03

	MD5	7cb91100f2957e551c3f51c8dad5d720
	SHA1	7cde25397c759790fdf3338520b089477af0cc18
	SHA256	87e0f332af590e3a524bd06c9af216015bce3777f460c092846be03901d422cc
SSDeep	6144:ixUID0SHzyR8gQ2W1Uo5qeRv51bprEKqqDLus:aUEpHzWE0e15mqnu
Size	198144 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-HF [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Genome Panda = Suspicious file Rising = Trojan.Win32.Generic.128A3FAC K7AntiVirus = Riskware VirusBuster = Trojan.Vundo.Gen!Pac.49 eTrust-Vet = Win32/Vundo.HRV TrendMicro-HouseCall = TROJ_GEN.R47C1G5 Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.MulDrop2.36782 TrendMicro = TROJ_GEN.R47C1G5 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.ijhx McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Generic!BT F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.ZIY Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Genome.srgh BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Size : 194 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2004:07:22 18:10:03-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 131072 Initialized Data Size : 122880 Uninitialized Data Size : 0 Entry Point : 0x1bcf6 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Zgvxntnwz Jxhzogygshl File Description : Microsoft Neutral Natural Language Server Data and Code File Version : 6.0.6000.16386 (xnqcc_rtm.061101-2205) Internal Name : NlsLexicons002a Legal Copyright : © Xwfsiggvy Zgrxvguvkdl. All rights reserved. Original Filename : NlsLexicons002a.dll Product Name : Bzerkenxk® Nblymkf® Uvvjzzptj Akowjw Product Version : 6.0.6000.16386
VirusTotal Report submitted 2012-04-18 13:54:06
VirusShare info last updated 2012-10-10 21:38:09

	MD5	7ce651a077fb1197e8ec5c87550b45de
	SHA1	805340d3c54229fe20a81e2a88c37d3678ca48cb
	SHA256	8dcfc38747264aa9aa63ef11af1d32414a41a88b15d78427503f4091ad98d87e
SSDeep	1536:5DM4F6sek1Ig1jQbq3SyuBCZUga3phK18zT2nftYA9wOfqXjbx6X:9F6sek1/BQISyueJKrz6nfyA6OjX
Size	74752 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Suspicious file nProtect = Trojan/W32.Agent.74752.NI K7AntiVirus = Riskware VBA32 = AdWare.SuperJuan.aaan TrendMicro-HouseCall = TROJ_GEN.R30CDLF Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Vundo.av McAfee-GW-Edition = Vundo!nj DrWeb = Trojan.WinSpy.1087 TrendMicro = TROJ_GEN.R30CDLF Kaspersky = Trojan.Win32.Monder.nets Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen McAfee = Vundo!nj F-Secure = Trojan.Generic.KDV.484667 VIPRE = Trojan.Win32.Kryptik.laq (v) eSafe = Win32.TRVundo F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Cryptic.BTF Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Trojan.Generic.KDV.484667 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Trojan.Generic.KDV.484667 NOD32 = a variant of Win32/Kryptik.JHE
ExIF Data	File Size : 73 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:08:04 03:43:26-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 47104 Initialized Data Size : 64512 Uninitialized Data Size : 0 Entry Point : 0xc564 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.0.2153.1 Product Version Number : 5.0.2153.1 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : CIC - MMC controls for Taskpad File Version : 5.00.2153.1 Internal Name : cic.dll Legal Copyright : Copyright (C) Microsoft Corp. 1981-1999 Original Filename : cic.dll Product Name : Microsoft(R) Windows (R) 2000 Operating System Product Version : 5.00.2153.1
VirusTotal Report submitted 2011-12-18 23:45:12
VirusShare info last updated 2012-10-10 21:43:09

	MD5	7d49f01cb0e6753c6c56068d60357ae9
	SHA1	b960587851200de7cb36538f2e1fa71a2812478c
	SHA256	551d74c7e742b2e2aeaa74127d201cb901fcd70f9013622782ebbfa2fdf50f70
SSDeep	3072:S+4h6rU50oY8AC8LYKcXALfW3vrdFzyMqqDLy/CoDbc:sekyD0AOFzRqqDLuC
Size	131072 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-HF [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/Genetic.gen nProtect = Trojan/W32.Genome.131072.E K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!/cOWs+UPmzM eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R72C2FU Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Artemis!7D49F01CB0E6 DrWeb = Trojan.WinSpy.1185 TrendMicro = TROJ_GEN.R72C2FU Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr Jiangmin = Trojan/Generic.imoi McAfee = Artemis!7D49F01CB0E6 F-Secure = Trojan.Generic.6171942 VIPRE = Trojan.Win32.Generic!BT eSafe = Win32.TRVundo F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.THK Norman = Vundo.UVS Sophos = Troj/Virtum-Gen GData = Trojan.Generic.6171942 Symantec = WS.Reputation.1 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.lxf BitDefender = Trojan.Generic.6171942 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Size : 128 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:05 18:48:40-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 86016 Initialized Data Size : 86016 Uninitialized Data Size : 0 Entry Point : 0x151a7 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.1.4026.0 Product Version Number : 2.0.0.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : Ncpniezam Kdqqjqacykd File Description : Movie Maker Filters File Version : 2, 1, 4026, 0 Internal Name : WMM2FILT Legal Copyright : Copyright (C) Lfwckqjlh Corp, 2004 Legal Trademarks : Original Filename : WMM2FILT.DLL Private Build : Product Name : Windows Movie Maker Product Version : 2.1.4026.0 Special Build :
VirusTotal Report submitted 2012-05-03 09:57:45
VirusShare info last updated 2012-10-10 21:54:48

	MD5	7e4f73ecad993647b990a7ffc7974b3d
	SHA1	6b16240453425d9ade5560aa7d2a95dac300b59b
	SHA256	3842f53f9e0c8c3e9b362afa06972bec21acd832e08b71a0e7b2fdd352eb3cae
SSDeep	3072:S++S6rU50oY8AC+TzNcXHvdZdFzWMqqDLy/ioDbc:9ekoB0HhFzdqqDLui
Size	131072 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-HF [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/Genetic.gen Rising = Trojan.Win32.Generic.12897F2C nProtect = Trojan/W32.Genome.131072.E K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!dx2hAl+jrEo eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R72C2FU Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Artemis!7E4F73ECAD99 DrWeb = Trojan.WinSpy.1185 TrendMicro = TROJ_GEN.R72C2FU Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr Jiangmin = Trojan/Generic.kzrm McAfee = Artemis!7E4F73ECAD99 F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Generic!BT eSafe = Win32.TRVundo F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.TNE Norman = Vundo.UVS Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.lxf BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Size : 128 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:05 18:48:40-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 86016 Initialized Data Size : 86016 Uninitialized Data Size : 0 Entry Point : 0x151a7 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.1.4026.0 Product Version Number : 2.0.0.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : Ncpniezam Kdqqjqacykd File Description : Movie Maker Filters File Version : 2, 1, 4026, 0 Internal Name : WMM2FILT Legal Copyright : Copyright (C) Lfwckqjlh Corp, 2004 Legal Trademarks : Original Filename : WMM2FILT.DLL Private Build : Product Name : Windows Movie Maker Product Version : 2.1.4026.0 Special Build :
VirusTotal Report submitted 2012-05-04 00:09:23
VirusShare info last updated 2012-10-10 22:23:56

	MD5	7ec521d66c336332de56fee639710b7f
	SHA1	97b170196135d8ef930823d28884a9db1f9a044b
	SHA256	8b1dda9c417e1c96ea2258d376422a9a0d98d819ef2b5132f3903da88d70beef
SSDeep	1536:dBOTyYj4dtNJu3G8fNxowamFILh01Y3hyNSaY6Y9l/MqqU+NV23S2jMnew:bOTm81xowSyyA7Cl/MqqDLy/jZw
Size	115712 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-HF [Cryp] Ikarus = Trojan.Win32.Pirminay Kingsoft = Win32.Troj.Undef.(kcloud) AhnLab-V3 = Trojan/Win32.Monder Panda = Trj/Genetic.gen Rising = Trojan.Win32.Generic.128AF49B nProtect = Trojan/W32.Monder.115712.D K7AntiVirus = Trojan TrendMicro-HouseCall = TROJ_GEN.RC1C2GS Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Win32.Trojan.Monder.co.5 SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[Cont] DrWeb = Trojan.WinSpy.1176 TrendMicro = HT_VIRTUMONDE_00001ad.TOMA Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Generic.ijpf McAfee = Vundo.gen.fy F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Vundo.MH Norman = W32/Crypt.AWAT Sophos = Troj/Virtum-Gen Symantec = Trojan.Gen GData = Gen:Variant.Vundo.4 Commtouch = W32/Virtumonde.CH.gen!Eldorado Agnitum = Trojan.Kryptik!qX39vMBx7P0 TheHacker = Trojan/Kryptik.qgj ESET-NOD32 = Win32/Adware.Virtumonde.NHD BitDefender = Gen:Variant.Vundo.4
ExIF Data	File Size : 113 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:07:28 14:37:02-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 73728 Initialized Data Size : 90112 Uninitialized Data Size : 0 Entry Point : 0xe9c6 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.0.5.53 Product Version Number : 2.0.5.53 File Flags Mask : 0x30003f File Flags : Pre-release, Private build File OS : Windows 16-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Windows, Latin1 Active Movie : Filter dll OLE Self Register : AM20 Company Name : Intel Ereuuuegcnp File Description : Indeo® audio software File Version : 2.05.53 Internal Name : iac25_32.ax Legal Copyright : Copyright © Intel Corp. 1997 Original Filename : iac25_32.ax Product Name : Indeo® audio software Product Version : 2.05.53
VirusTotal Report submitted 2012-09-27 18:46:01
VirusShare info last updated 2012-10-10 22:35:58

	MD5	7f7ef8662465d2786f280b76922fc0a9
	SHA1	f0caa12b37442530d359a1c105398cca38ef6098
	SHA256	50d51781359ba99fdc1afc818928be574ffe15179bcc529e55ae7a8a170c62bd
SSDeep	3072:S+kn6rU50oY8ACBZ4scXTDdkHdFzhMqqDLy/5oDbc:2eklp0TRKFzqqqDLu5
Size	131072 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:Vundo-JX [Trj] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/Genetic.gen nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!+jtVHl9H3TY eTrust-Vet = Win32/Vundo.HPV!genus TrendMicro-HouseCall = TROJ_GEN.R72C2G8 Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Vundo!iy TrendMicro = TROJ_GEN.R72C2G8 Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Vundo.IY!tr McAfee = Vundo!iy F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Vundo-JX [Trj] eSafe = Win32.TRVundo AVG = Generic23.SYU Norman = W32/Suspicious_Gen2.MYTRP GData = Gen:Variant.Vundo.4 BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Size : 128 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:05 18:48:40-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 86016 Initialized Data Size : 86016 Uninitialized Data Size : 0 Entry Point : 0x151a7 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.1.4026.0 Product Version Number : 2.0.0.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : Ncpniezam Kdqqjqacykd File Description : Movie Maker Filters File Version : 2, 1, 4026, 0 Internal Name : WMM2FILT Legal Copyright : Copyright (C) Lfwckqjlh Corp, 2004 Legal Trademarks : Original Filename : WMM2FILT.DLL Private Build : Product Name : Windows Movie Maker Product Version : 2.1.4026.0 Special Build :
VirusTotal Report submitted 2011-07-10 07:21:39
VirusShare info last updated 2012-10-10 22:56:04

	MD5	82d7b43c8c5eb254ec2151716fae13bd
	SHA1	10d9ee638fb93bdedc2f9c27429d44400fb5b9b3
	SHA256	3e55868bd4f16fecbecf88a38fd4c1ce20797bac403f5f2b7410b2c92599536a
SSDeep	3072:Z5b1IVLs05WNzmn+O6rEIE1KXBGfK/P8ulxXTqCVAJD39x:5I20okfHrfKvfnuD3H
Size	115200 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-GD Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Vundo Panda = Trj/Genetic.gen nProtect = Gen:Variant.Vundo.4 VirusBuster = Trojan.Kryptik!IYhOz4EqtNk TrendMicro-HouseCall = TROJ_GEN.R45C2FG Comodo = TrojWare.Win32.Kryptik.LLT SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] TrendMicro = TROJ_GEN.R45C2FG Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo PCTools = Trojan.Gen Jiangmin = Trojan/Generic.fnxb McAfee = Vundo!iz F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-GD eSafe = Win32.TRVundo AVG = Generic22.BZRE Norman = W32/Suspicious_Gen2.MYLRJ Symantec = Trojan.Gen GData = Gen:Variant.Vundo.4 TheHacker = Trojan/Kryptik.llt BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LLT
ExIF Data	File Size : 112 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:06:11 15:18:07-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 102400 Initialized Data Size : 49152 Uninitialized Data Size : 0 Entry Point : 0x19601 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.0.0.3422 Product Version Number : 2.0.0.3422 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : Rlikrttkj Ibietanazzz File Description : Jugqectay Character Animation Data Provider File Version : 2.00.0.3422 Internal Name : AgentDataProvider2 Legal Copyright : Copyright (C) Bhgtbibxy Corp. 1997-98 Legal Trademarks : Original Filename : AgentDp2.dll Private Build : Product Name : Nrrmupjma Character Animation Data Provider Product Version : 2.00.0.3422 Special Build :
VirusTotal Report submitted 2011-06-25 12:49:21
VirusShare info last updated 2012-10-11 00:52:29

	MD5	85dbbca266600070651cae745e092f6e
	SHA1	2cf0faffae3a5ac7ef94ad756d4267740b58f799
	SHA256	8a0a18c9fb53d7cd0c1f1753726073c9ba0760aa1bad4faf6b2fed2318af5543
SSDeep	1536:uUmggek1m8qfx+66KO3fm131s2pJpVB3WQ57vegMuuoNz0+pFlBJ:uVgM1qfx+63Sfq1nX9GQZvzrVFlBJ
Size	92160 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.abb Avast = Win32:MalOb-EI Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Malware/Win32.Generic Panda = Trj/CI.A VBA32 = AdWare.SuperJuan.yox Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Vundo.av SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp McAfee-GW-Edition = Artemis!85DBBCA26660 ViRobot = Trojan.Win32.Vundo.92160 Microsoft = Trojan:Win32/Vundo.gen!AV McAfee = Artemis!85DBBCA26660 F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-EI AVG = Generic21.AEMF GData = Gen:Variant.Vundo.13 TheHacker = Trojan/Kryptik.gnd BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.GND
ExIF Data	File Size : 90 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:13 18:54:53-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 77824 Initialized Data Size : 57344 Uninitialized Data Size : 0 Entry Point : 0x10635 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6001.18000 Product Version Number : 6.0.6001.18000 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Occsuxmnx Afgqkhlrldo File Description : Network Policy Server File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840) Internal Name : IAS.DLL Legal Copyright : © Flrtrdzsk Abkngwstchl. All rights reserved. Original Filename : IAS.DLL Product Name : Zradnbevw® Tehokqj® Kamtxzehe Zmjhhs Product Version : 6.0.6001.18000
VirusTotal Report submitted 2011-04-30 05:09:17
VirusShare info last updated 2012-10-11 02:13:22

	MD5	86bc6f7329dd4d34efa9a62a1b4a6665
	SHA1	d65b9599e46416b993557ce78d8fd5639c7f8a75
	SHA256	862169c66841f3dca0492c1382bff9d4c49f402d6891c3ca67d7b42e6ef4c06c
SSDeep	3072:kDAllTTPoEpt/8swdyT1+dbJdlXKzvjmzchbCi:kiTTPoEpNBdT0FJjKAYCi
Size	113458 bytes
File Type	PE32 executable (GUI) Intel 80386, for MS Windows
Detections	Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay Panda = Suspicious file Comodo = UnclassifiedMalware McAfee-GW-Edition = Artemis!86BC6F7329DD Jiangmin = Trojan/Pirminay.ak McAfee = Artemis!86BC6F7329DD VIPRE = Packed.Win32.Pirminay.a (v) AVG = Generic18.XAJ Norman = W32/Obfuscated.L Sophos = Mal/Ponmocup-A TheHacker = Trojan/Pirminay.bj
ExIF Data	File Size : 111 kB File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2007:12:28 01:42:07-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 52224 Initialized Data Size : 581632 Uninitialized Data Size : 0 Entry Point : 0xd902 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI Warning : Error processing PE data dictionary
VirusTotal Report submitted 2011-06-15 01:28:15
VirusShare info last updated 2012-10-11 02:35:10

	MD5	89342fdca265845c1721dd6a346233e2
	SHA1	f3527f9182892ec67405bce400fb07758a15fa36
	SHA256	8b1455847ded8899665a9f9f35cc2069d05db7f6d82731cdcd9e397a1061cbd2
SSDeep	3072:aWVYw5pptZWx9IRyDKHBSmWAoJCloPp+e+z4mRBDjyZG:aM5ftZPBICrz4mRBny
Size	133120 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-GD [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.FakeAV Panda = Suspicious file nProtect = Gen:Variant.Vundo.4 TrendMicro-HouseCall = TROJ_GEN.R4FC2GF Emsisoft = Trojan.Win32.Pirminay!IK TrendMicro = TROJ_GEN.R4FC2GF Microsoft = Trojan:Win32/Vundo.gen!AV F-Secure = Gen:Variant.Vundo.4 VIPRE = Virtumonde Avast5 = Win32:MalOb-GD [Cryp] AVG = Generic22.AUNW GData = Gen:Variant.Vundo.4 BitDefender = Gen:Variant.Vundo.4 NOD32 = probably a variant of Win32/Kryptik.LXF
ExIF Data	File Size : 130 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:09 21:06:46-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 73728 Initialized Data Size : 98304 Uninitialized Data Size : 0 Entry Point : 0xfd9a OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 4.6.3.518 Product Version Number : 4.6.3.518 File Flags Mask : 0x30003f File Flags : (none) File OS : Windows 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Windows, Latin1 Company Name : Microsoft Corporation File Description : Microsoft DirectDraw File Version : 4.06.03.0518 Internal Name : ddraw.dll Legal Copyright : Copyright © Microsoft Corp. 1994-1999 Original Filename : ddraw.dll Product Name : Microsoft® DirectX for Windows® 95 and 98 Product Version : 4.06.03.0518
VirusTotal Report submitted 2011-07-18 05:03:25
VirusShare info last updated 2012-10-11 03:57:13

	MD5	8da3c63b87c80253ca514b3841a0a18d
	SHA1	fa152d664a155c0832d8436e4588e5488a3024d3
	SHA256	3beedce8530cf1c378472fd72c09166cdb4ee2fe391d001afdf426c636204c38
SSDeep	3072:2KNNYagYSq6xcUS/uDPsjX5oNRIZ6GYyKUSSkP+xAcxlOH:2KNNYJ6qDPuJsxy5kGxjC
Size	135168 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-EI Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Gen Panda = Generic Malware nProtect = Gen:Variant.Vundo.13 K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_GEN.R30C2FK CAT-QuickHeal = Trojan.Vundo.av SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[RE] McAfee-GW-Edition = Artemis!8DA3C63B87C8 TrendMicro = TROJ_GEN.R30C2FK Microsoft = Trojan:Win32/Vundo.gen!AV PCTools = Trojan.Gen McAfee = Artemis!8DA3C63B87C8 F-Secure = Gen:Variant.Vundo.13 VIPRE = Virtumonde Avast5 = Win32:MalOb-EI F-Prot = W32/Virtumonde.CD.gen!Eldorado AVG = Generic22.BZCG Symantec = Trojan.Gen GData = Gen:Variant.Vundo.13 Commtouch = W32/Virtumonde.CD.gen!Eldorado TheHacker = Trojan/Kryptik.llt BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.LLT
ExIF Data	File Size : 132 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:11:23 12:22:02-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 106496 Initialized Data Size : 61440 Uninitialized Data Size : 0 Entry Point : 0x17889 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.0 Product Version Number : 5.2.3790.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Neshbidro Gdaeuxfmozv File Description : WIA Video File Version : 5.2.3790.0 (srv03_rtm.030324-2048) Internal Name : WIA Video Legal Copyright : © Urbjjpmzq Gjltvmzbric. All rights reserved. Original Filename : WIAVIDEO.DLL Product Name : Ujanimkrv® Acjdkou® Tgwygwffc Lgwmsd Product Version : 5.2.3790.0
VirusTotal Report submitted 2011-06-23 13:38:00
VirusShare info last updated 2012-10-11 08:16:32

	MD5	8e8f2c145f07e1c69af4443bb75e7915
	SHA1	6df14699af7128c9c0481339dc3c41676b30477f
	SHA256	36e3b2f36838458b6fae6bd450928b5f2b3909634003a19383bc57c2d8da27ea
SSDeep	6144:fA7xM9WxoqqiZXyG+aBxzBwVam79w7zIGN9nv3rhUvlymEyjhcK0scNQlXA3hIhd:fsUiZXydWxdwVa8w7zIe3zWjhT0sLhA8
Size	389942 bytes
File Type	PE32 executable (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Dldr.Ponmocup.A.34 Avast = Win32:Kryptik-ARX [Trj] Antiy-AVL = Trojan/win32.agent.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Gen Panda = Suspicious file nProtect = Gen:Variant.Zbot.34 K7AntiVirus = Riskware VBA32 = SScope.Trojan.Pirminay.chc TrendMicro-HouseCall = TROJ_GEN.R01C1FI Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = TrojanDownloader.Renos.kc McAfee-GW-Edition = Heuristic.BehavesLike.Win32.Suspicious.H DrWeb = Trojan.DownLoader3.34872 TrendMicro = TROJ_GEN.R01C1FI Kaspersky = UDS:DangerousObject.Multi.Generic Microsoft = TrojanDownloader:Win32/Renos.KC Fortinet = W32/Ponmocup.A!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.egwy McAfee = Kryp.b F-Secure = Trojan.Generic.6130575 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Kryptik-ARX [Trj] eSafe = Win32.TRDldr.Ponmocu AVG = Downloader.Generic10.CIRB Norman = W32/Obfuscated.L Sophos = Mal/Ponmocup-A Symantec = Trojan.Gen GData = Trojan.Generic.6130575 TheHacker = Trojan/Kryptik.kwo BitDefender = Trojan.Generic.6130575 NOD32 = a variant of Win32/Kryptik.LLT
ExIF Data	File Size : 381 kB File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:12:14 11:47:53-05:00 PE Type : PE32 Linker Version : 5.12 Code Size : 98304 Initialized Data Size : 577536 Uninitialized Data Size : 0 Entry Point : 0x17cf6 OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : WbemPerf V2 Instance Provider File Version : 6.0.6000.16386 (vista_rtm.061101-2205) Internal Name : WbemPerfInst.dll Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : WbemPerfInst.dll Product Name : Microsoft® Windows® Operating System Product Version : 6.0.6000.16386
VirusTotal Report submitted 2011-07-21 02:26:05
VirusShare info last updated 2012-10-11 09:08:12

	MD5	90275debf13ef8eef7a66f5edfbe35d2
	SHA1	3d429a1d307165958daf01ec7eec5819e6ec02f2
	SHA256	3d706da878e4cc4b94f7fbd35657156613a104b387fcf4e3dd267032325432c2
SSDeep	1536:jliga7wa6p3v7TN2lSfru+2Ix9TT99tu1r6n6feJX6pl7Yle:j0ga7B63vV2l0hlx9TZHu1rP1l7Yle
Size	73216 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.aba.1 Avast = Win32:MalOb-GD [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Genome Panda = Suspicious file nProtect = Trojan/W32.Genome.73216.F K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!U5ERVWbXr8k eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R01C3FF Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Generic Malware.fh!pec DrWeb = Trojan.Virtumod.10600 TrendMicro = TROJ_GEN.R01C3FF Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Genome.ahet McAfee = Generic Malware.fh!pec F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) eSafe = Win32.TRVundo.Aba F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.BEOK Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen Symantec = Trojan.Gen GData = Gen:Variant.Vundo.13 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.ndi BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.NDI
ExIF Data	File Size : 72 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:05:30 00:13:48-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 61440 Initialized Data Size : 57344 Uninitialized Data Size : 0 Entry Point : 0xbfcd OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Tag 0c 0904 E4 : Company Name : Tqroektgj Qrcfussllji File Description : Vsvlujguo Direct3D File Version : 6.0.6000.16386 Internal Name : D3DRamp.dll Legal Copyright : © Oxejugpwe Dywekurptmm. All rights reserved. Original Filename : D3DRamp.dll Product Name : Abevmsoiy® Utbejqa® Qmblpnydb Jyoupu Product Version : 6.0.6000.16386
VirusTotal Report submitted 2012-05-14 05:02:57
VirusShare info last updated 2012-10-11 10:09:01

	MD5	9123a0d7258bb0500d650cd8f3efbe05
	SHA1	61eb1b1fb1f4e98d6b08b2c9739001915312b8a7
	SHA256	50c2d8a3e999835df4fae409196652840a58edd5a405a4d9beb8886e26d14a6e
SSDeep	3072:fhGnlg3ae0HgWeM0/dXnqQ58QnglMMqqDLy/lhmGTWp41AJX/H:fgnO/B/J5rKqqDLuXmGTWcAZ
Size	163840 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:Adware-gen [Adw] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Fakeav.163840.EV eTrust-Vet = Win32/Monder.A!generic Emsisoft = Trojan.Win32.Pirminay!IK Microsoft = Trojan:Win32/Vundo.gen!AV VIPRE = Virtumonde Avast5 = Win32:Adware-gen [Adw] AVG = Generic23.YXL GData = Win32:Adware-gen NOD32 = Win32/Adware.Virtumonde.NHD
ExIF Data	File Size : 160 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:14 06:08:13-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 86016 Initialized Data Size : 118784 Uninitialized Data Size : 0 Entry Point : 0x1147a OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.5479.0 Product Version Number : 6.0.5479.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : SEIKO EPSON CORPORATION File Description : EPSON Print Processor ESC/Page-S File Version : 6.0.5479.0 (vbl_wcp_d2_drivers.060616-1619) Internal Name : ep0lpp01.dll Legal Copyright : Copyright (c) SEIKO EPSON CORPORATION 2006. All rights reserved. Original Filename : ep0lpp01.dll Product Name : EPSON Print Processor ESC/Page-S Product Version : 6.0.5479.0
VirusTotal Report submitted 2011-07-18 23:49:48
VirusShare info last updated 2012-10-11 10:37:25

	MD5	9159a5631d617c9144daeb121debe422
	SHA1	7f6ba44da5d9818f6e5621201b5fa7ed086d2ac1
	SHA256	3859441ce0197a2e2273f5945c7093f582a01c7d0232ffc2caafa5798dfb1f05
SSDeep	3072:qT8A8Me7T/nJbPkNRSVORTN1hCXn1wMwHyaXnTcRJGMnwMTqSxt3IPRZZUuXo:qTmMe7xPhVfwMwpMwpmIu
Size	150016 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:MalOb-GD Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Gen Panda = Trj/CI.A K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_GEN.R72C2FN CAT-QuickHeal = Trojan.Agent.Gen SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Artemis!9159A5631D61 TrendMicro = TROJ_GEN.R72C2FN Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo PCTools = Trojan.Gen Jiangmin = Trojan/Generic.gdwr McAfee = Artemis!9159A5631D61 F-Secure = Gen:Heur.Ranpax.1 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-GD AVG = Generic23.HFU Symantec = Trojan.Gen GData = Gen:Heur.Ranpax.1 TheHacker = Trojan/Kryptik.ndf BitDefender = Gen:Heur.Ranpax.1 NOD32 = a variant of Win32/Kryptik.NDF
ExIF Data	File Size : 146 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2007:02:25 23:57:15-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 139264 Initialized Data Size : 53248 Uninitialized Data Size : 0 Entry Point : 0x22691 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Sqdxuwjyv Jtzvdxwxyfz File Description : RD Gateway QEC File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : tsgqec.dll Legal Copyright : © Pfsomcmvl Jfkoqfylawb. All rights reserved. Original Filename : tsgqec.dll Product Name : Qidllkosj® Windows® Mphwnomth Jumiqu Product Version : 6.1.7600.16385
VirusTotal Report submitted 2011-07-04 10:54:28
VirusShare info last updated 2012-10-11 10:43:43

	MD5	93c5af65533605aacf720740b52f675f
	SHA1	6ca06555e790c68198d4facb6f2379b28ea48125
	SHA256	501b995fa8172453d15e623b88e45c64e84568a60660d039aefe781ec5a858f0
SSDeep	6144:NPW8Lrfsi87SRq++GCdTYpao/pe9+HE0ydQmDYr0HOmbuWJKUtGxOyjajiHUoS3O:NOBLIprTMThNJKY1WoiXOBiyWIhVDdI
Size	421736 bytes
File Type	PE32 executable (GUI) Intel 80386, for MS Windows
Detections	Avast = Win32:Pirminay-EE [Trj] Antiy-AVL = Trojan/Win32.Pirminay Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Suspicious file K7AntiVirus = Riskware VBA32 = Trojan.Pirminay.bzs Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK DrWeb = Trojan.WinSpy.1143 ViRobot = Trojan.Win32.A.Pirminay.441344 Fortinet = W32/Pirminay.A!tr Jiangmin = Trojan/Pirminay.anz F-Prot = W32/FakeAlert.FT.gen!Eldorado AVG = Suspicion: unknown virus Norman = W32/Troj_Generic.dam GData = Win32:Pirminay-EE Commtouch = W32/FakeAlert.FT.gen!Eldorado TheHacker = Trojan/Pirminay.bzs NOD32 = a variant of Win32/Ponmocup.AA
ExIF Data	File Size : 412 kB File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 147456 Initialized Data Size : 577536 Uninitialized Data Size : 0 Entry Point : 0x246aa OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-05-17 11:39:46
VirusShare info last updated 2012-10-11 11:57:25

	MD5	97bbc2f1653864c39e69b73d71c3e59b
	SHA1	7d3e490083681539758e273dfaec19ce0aa2db0b
	SHA256	36c14b1d27f25aff3a8fb95c57eebf7cf0d94f05e686a8148552cdab5404c2f9
SSDeep	3072:S+I56rU50oY8ACEJJSU/cX0gEgyidFzfMqqDLy/8oDbc:gek2N00opFz0qqDLu8
Size	131072 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-HF [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/Genetic.gen nProtect = Trojan/W32.Genome.131072.E K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!BEOApO0zh18 eTrust-Vet = Win32/Vundo.H!generic TrendMicro-HouseCall = TROJ_GEN.R72C2FU Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Vundo!iy DrWeb = Trojan.WinSpy.1185 TrendMicro = TROJ_GEN.R72C2FU Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr Jiangmin = Trojan/Generic.kvfm McAfee = Vundo!iy F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) eSafe = Win32.TRVundo F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.TIK Norman = Vundo.UVS Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.lxf BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Size : 128 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:05 18:48:40-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 86016 Initialized Data Size : 86016 Uninitialized Data Size : 0 Entry Point : 0x151a7 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.1.4026.0 Product Version Number : 2.0.0.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : Ncpniezam Kdqqjqacykd File Description : Movie Maker Filters File Version : 2, 1, 4026, 0 Internal Name : WMM2FILT Legal Copyright : Copyright (C) Lfwckqjlh Corp, 2004 Legal Trademarks : Original Filename : WMM2FILT.DLL Private Build : Product Name : Windows Movie Maker Product Version : 2.1.4026.0 Special Build :
VirusTotal Report submitted 2012-05-20 02:49:08
VirusShare info last updated 2012-10-11 14:05:23

	MD5	982fd5954f3a33be5d7377f2f4e146cb
	SHA1	ec1380b4f185b15118de3dcb90c8d45545b73496
	SHA256	5ea64988c5d5f54aefe3077ecb8f75ac4dea86a3211d249c01b5d03f9e81f97a
SSDeep	3072:m1b1IVLs05WNzmn+ONyEKoVlKXBGfK/e8uzxXeqCzAuD3nx:wI20okf1rfK8tWVD3x
Size	115200 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Crypt.XPACK.Gen Avast = Win32:MalOb-GD [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Vundo Panda = Trj/Genetic.gen nProtect = Trojan.Generic.5928223 K7AntiVirus = Trojan VirusBuster = Trojan.Kryptik!cZ4ZNKBvQGY TrendMicro-HouseCall = TROJ_GEN.R72C2FF Comodo = TrojWare.Win32.Kryptik.LLT Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Artemis!982FD5954F3A DrWeb = Trojan.WinSpy.1276 TrendMicro = TROJ_GEN.R72C2FF Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Generic.fnxb McAfee = Artemis!982FD5954F3A F-Secure = Trojan.Generic.5928223 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.ARZO Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Trojan.Generic.5928223 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.llt BitDefender = Trojan.Generic.5928223 NOD32 = a variant of Win32/Kryptik.LLT
ExIF Data	File Size : 112 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:06:11 15:18:07-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 102400 Initialized Data Size : 49152 Uninitialized Data Size : 0 Entry Point : 0x19601 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.0.0.3422 Product Version Number : 2.0.0.3422 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : Rlikrttkj Ibietanazzz File Description : Jugqectay Character Animation Data Provider File Version : 2.00.0.3422 Internal Name : AgentDataProvider2 Legal Copyright : Copyright (C) Bhgtbibxy Corp. 1997-98 Legal Trademarks : Original Filename : AgentDp2.dll Private Build : Product Name : Nrrmupjma Character Animation Data Provider Product Version : 2.00.0.3422 Special Build :
VirusTotal Report submitted 2012-05-27 05:03:17
VirusShare info last updated 2012-10-11 14:20:00

	MD5	9878676af4c5868ddf6d799178cba9de
	SHA1	4445970d3a5cba539145f0503388e4c4869083f8
	SHA256	8ac4bc92dc37c4cdafce1e077eca13cb1bce18f80f792bdccd61c447574da767
SSDeep	3072:+2nw3C9d2HIUdWjdR75QKWUDO8st7pCpo2:pwy9w/dWjTlXjDHsp
Size	103424 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:Trojan-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Malware/Win32.Suspicious Panda = Suspicious file Rising = Trojan.Win32.Generic.12535B02 nProtect = Joke/W32.Renos.103424.C K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!EuzH4SXQeaM TrendMicro-HouseCall = TROJ_GEN.R28C2KS Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Redirect McAfee-GW-Edition = Generic.dx!uvi TrendMicro = TROJ_GEN.R28C2KS Microsoft = Trojan:Win32/Vundo PCTools = RogueAntiSpyware.SpywareStrike!rem Jiangmin = Trojan/Genome.ihm McAfee = Generic.dx!uvi VIPRE = Trojan.Win32.Generic!BT Prevx = Medium Risk Malware Avast5 = Win32:Trojan-gen F-Prot = W32/MalwareF.SODO AVG = Crypt_c.CEV Norman = W32/Suspicious_Gen2.ERUGL Sophos = Mal/Agent-PG Symantec = SpywareStrike GData = Trojan.Renos.PJY Commtouch = W32/MalwareF.SODO TheHacker = Trojan/Kryptik.hhf BitDefender = Trojan.Renos.PJY NOD32 = a variant of Win32/Kryptik.HHF
ExIF Data	File Size : 101 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:17 15:51:36-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 92160 Initialized Data Size : 48640 Uninitialized Data Size : 0 Entry Point : 0x17649 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : Neutral Character Set : Unicode Company Name : Microsoft Corporation File Description : KO Hangeul Keyboard Layout for 101 (Type A) File Version : 6.0.6000.16386 (vista_rtm.061101-2205) Internal Name : kbd101a Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : kbd101a.dll Product Name : Microsoft® Windows® Operating System Product Version : 6.0.6000.16386
VirusTotal Report submitted 2011-03-12 22:46:04
VirusShare info last updated 2012-10-11 14:30:13

	MD5	0733dd906bed60845d8088618d15f159
	SHA1	e063db6c9121252b7297d9c83fa4f119e53629c6
	SHA256	5332dc4f059ec8f28348f5ab9b963835f56ccdd3932251053618e02ab08eff04
SSDeep	3072:r7UEmSHm6sT4J69ooe5/HbkL6Xo6Pfi7ZR5Ex32669cm0y2N9:46x6e5PbkLqPfi
Size	155648 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-GD [Cryp] Ikarus = Trojan.Win32.Pirminay Kingsoft = Win32.Troj.Undef.(kcloud) AhnLab-V3 = Trojan/Win32.HDC Panda = Generic Trojan Rising = Trojan.Vundo!3CB2 nProtect = Trojan.Generic.5819834 K7AntiVirus = Trojan TrendMicro-HouseCall = TROJ_GEN.R28C2EF Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Vundo McAfee-GW-Edition = Vundo.gen.fy DrWeb = Trojan.WinSpy.1554 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV MicroWorld-eScan = Trojan.Generic.5819834 Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Generic.vcof McAfee = Vundo.gen.fy F-Secure = Trojan.Generic.5819834 VIPRE = Virtumonde F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Vundo.MH Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Trojan.Generic.5819834 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado Agnitum = Trojan.Kryptik!Rv+GbMB1Il8 ESET-NOD32 = probably a variant of Win32/Kryptik.LXF BitDefender = Trojan.Generic.5819834
ExIF Data	File Size : 152 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2005:03:27 20:29:25-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 49152 Initialized Data Size : 139264 Uninitialized Data Size : 0 Entry Point : 0x933a OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1.0.13.0 Product Version Number : 1.0.13.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 1 Language Code : Danish Character Set : Unicode Comments : Company Name : Crjnqwpap Fnzjoqtkgdl File Description : Lexmark 3200 Color Jetprinter File Version : 1, 0, 13, 0 Internal Name : LXSYSRES.DLL Legal Copyright : Copyright (C) Fzcdjmecz Corp. 1981-1997 Legal Trademarks : Original Filename : OEMRES Private Build : Product Name : Tbhsuckgp(R) Hzzhyzz NT(R) Operativsystem Product Version : 1, 0, 13, 0 Special Build :
VirusTotal Report submitted 2012-10-08 08:12:23
VirusShare info last updated 2012-10-11 15:49:55

	MD5	9dc2cc323e787c293b300c371cf24238
	SHA1	c58035feeca4bff44cf9a8fb88d4780598ed6c56
	SHA256	3eb9b68470476cf70b1c3699133586072ce36263c0e4b099ea22af864a4dc855
SSDeep	3072:hCXiseVAcR4enPgABOb936g2el6MqqDLy/s5kS:hQV3cR4eP2xgWqqDLu4
Size	136704 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-HF [Cryp] Antiy-AVL = Trojan/win32.agent.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Fakeav.136704.AN Rising = Trojan.Win32.Generic.128FA151 nProtect = Trojan/W32.Agent.136704.HD K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!I1GWMNOov5M TrendMicro-HouseCall = TROJ_GEN.R1BC1G9 Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Vundo.av SUPERAntiSpyware = Trojan.Agent/Gen-Falleg[Cont] McAfee-GW-Edition = Vundo!ja DrWeb = Trojan.Virtumod.10084 TrendMicro = TROJ_GEN.R1BC1G9 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV ViRobot = Trojan.Win32.A.Monder.136704 Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Generic.ineh McAfee = Vundo!ja F-Secure = Trojan.Generic.6501341 VIPRE = Virtumonde F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.DKB Norman = W32/Suspicious_Gen2.PRFGB Sophos = Mal/Generic-L GData = Trojan.Generic.6501341 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.myj BitDefender = Trojan.Generic.6501341 NOD32 = a variant of Win32/Kryptik.MYJ
ExIF Data	File Size : 134 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:20 09:51:04-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 106496 Initialized Data Size : 86016 Uninitialized Data Size : 0 Entry Point : 0x1649a OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 0.90.16.16384 Product Version Number : 0.90.16.16384 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Unicode Company Name : N-trig Innovative Technologies File Description : N-trig tablet digitizer in-box driver File Version : 0.90.16.16384 (Vista_RC1.060509-2219) Internal Name : ntrigdigi.sys Legal Copyright : © Crhnesmrg Reogypswwyj. All rights reserved. Original Filename : ntrigdigi.sys Product Name : N-trig tablet digitizer in-box driver Product Version : 0.90.16.16384
VirusTotal Report submitted 2012-05-24 01:16:20
VirusShare info last updated 2012-10-11 17:53:05

	MD5	a06633527cbfbe5c209a91cc019eb2d1
	SHA1	7caa4c14fe610b4679535b740db47258421660c6
	SHA256	55044ba3716df99e0b8316114fecac0cfa4670a611ed8fb413b46744bb3dd65c
SSDeep	3072:NWVYwLpotqWe9Ib2DmtfxWAoJCNoNp+e+z4mRBDjyvG:NMLatqofmCZz4mRBny
Size	133120 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-GD Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.FakeAV Panda = Suspicious file nProtect = Gen:Variant.Vundo.4 TrendMicro-HouseCall = TROJ_GEN.R01C2FC Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Artemis!A06633527CBF TrendMicro = TROJ_GEN.R01C2FC Microsoft = Trojan:Win32/Vundo PCTools = Trojan.Generic McAfee = Artemis!A06633527CBF VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:MalOb-GD eSafe = Win32.Horse AVG = Generic22.AUNW Symantec = Trojan Horse GData = Gen:Variant.Vundo.4 BitDefender = Gen:Variant.Vundo.4 NOD32 = probably a variant of Win32/Kryptik.LXF
ExIF Data	File Size : 130 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:09 21:06:46-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 73728 Initialized Data Size : 98304 Uninitialized Data Size : 0 Entry Point : 0xfd9a OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 4.6.3.518 Product Version Number : 4.6.3.518 File Flags Mask : 0x30003f File Flags : (none) File OS : Windows 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Windows, Latin1 Company Name : Microsoft Corporation File Description : Microsoft DirectDraw File Version : 4.06.03.0518 Internal Name : ddraw.dll Legal Copyright : Copyright © Microsoft Corp. 1994-1999 Original Filename : ddraw.dll Product Name : Microsoft® DirectX for Windows® 95 and 98 Product Version : 4.06.03.0518
VirusTotal Report submitted 2011-06-16 20:52:46
VirusShare info last updated 2012-10-11 19:32:42

	MD5	a2fc947a07e8d48274f6e65ee406a187
	SHA1	553573916f45ba7e6c40d04f36a8bcdbb39dbab7
	SHA256	86ce35dda75e546b4b2a0180b57d8efe6b4354595dc1a08973af40e3440971bb
SSDeep	1536:lDp5Yj4dtNJu3G8fNXSwamFILh01Y3hyNSlY6Y9l/MqqU+NV23S2lMnew:l1t81XSwSyyb7Cl/MqqDLy/lZw
Size	115712 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:Vundo-KF [Trj] Antiy-AVL = Trojan/win32.agent.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Monder Panda = Trj/Genetic.gen Rising = Trojan.Win32.Generic.128B9D7C nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!Dy5lwK7zCDo eTrust-Vet = Win32/Monder.A!generic TrendMicro-HouseCall = TROJ_GEN.R01C2H6 Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Vundo!kd TrendMicro = TROJ_GEN.R01C2H6 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Vundo.KD!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.ijpf McAfee = Vundo!kd F-Secure = Gen:Variant.Vundo.4 VIPRE = Virtumonde Avast5 = Win32:Vundo-KF [Trj] eSafe = Win32.TRVundo F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.BHWY Norman = W32/Crypt.AWAT GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.qgj BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.QGJ
ExIF Data	File Size : 113 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:07:28 14:37:02-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 73728 Initialized Data Size : 90112 Uninitialized Data Size : 0 Entry Point : 0xe9c6 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.0.5.53 Product Version Number : 2.0.5.53 File Flags Mask : 0x30003f File Flags : Pre-release, Private build File OS : Windows 16-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Windows, Latin1 Active Movie : Filter dll OLE Self Register : AM20 Company Name : Intel Ereuuuegcnp File Description : Indeo® audio software File Version : 2.05.53 Internal Name : iac25_32.ax Legal Copyright : Copyright © Intel Corp. 1997 Original Filename : iac25_32.ax Product Name : Indeo® audio software Product Version : 2.05.53
VirusTotal Report submitted 2011-09-08 23:06:06
VirusShare info last updated 2012-10-11 20:57:28

	MD5	a64c793e8546d48c0b64e886ae2cf562
	SHA1	b24b909052298b5563ca32cab9b9d2f0cfdbdf00
	SHA256	3d7fc00178a8f79396b64b9f6a62bb9d0705d9d1cdf65a2b40818253e0f93e9a
SSDeep	3072:S+6OD6rU50oY8ACzLbNer6cX4HX/dFzdMqqDLy/BoDbc:YWekVHN04lFzOqqDLuB
Size	131072 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:Vundo-JX [Trj] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/Genetic.gen nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!Q7pGOhZPphs eTrust-Vet = Win32/Vundo.HPV!genus TrendMicro-HouseCall = TROJ_GEN.R72C2FU Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Vundo!iy TrendMicro = TROJ_GEN.R72C2FU Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Vundo.IY!tr McAfee = Vundo!iy F-Secure = Gen:Variant.Vundo.4 VIPRE = Virtumonde Avast5 = Win32:Vundo-JX [Trj] eSafe = Win32.TRVundo AVG = Generic23.UBJ Norman = W32/Suspicious_Gen2.MYTXN GData = Gen:Variant.Vundo.4 BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Size : 128 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:05 18:48:40-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 86016 Initialized Data Size : 86016 Uninitialized Data Size : 0 Entry Point : 0x151a7 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.1.4026.0 Product Version Number : 2.0.0.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : Ncpniezam Kdqqjqacykd File Description : Movie Maker Filters File Version : 2, 1, 4026, 0 Internal Name : WMM2FILT Legal Copyright : Copyright (C) Lfwckqjlh Corp, 2004 Legal Trademarks : Original Filename : WMM2FILT.DLL Private Build : Product Name : Windows Movie Maker Product Version : 2.1.4026.0 Special Build :
VirusTotal Report submitted 2011-07-10 06:28:43
VirusShare info last updated 2012-10-11 23:03:00

	MD5	a87815a01ce2e050591130948c9868b7
	SHA1	9b77dcc0d5937d5eb4d3b33d0a16138252b2e115
	SHA256	5682ce6d55102a38b1955801f2c0663d51bb47d454d9334124c8181336175c30
SSDeep	12288:ySVuxlTcViV6or9luvSXHBrmyi1NMYkg:nuxlYg3DuvSXa6h
Size	402432 bytes
File Type	PE32 executable (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Dldr.Ponmocup.A.156 Avast = Win32:Malware-gen Ikarus = Trojan-Downloader.Win32.Renos Panda = Suspicious file VBA32 = suspected of Trojan.Pirminay.aud TrendMicro-HouseCall = TROJ_GEN.R47C2L2 CAT-QuickHeal = TrojanDownloader.Renos.kc McAfee-GW-Edition = Artemis!A87815A01CE2 DrWeb = Trojan.Hosts.2242 TrendMicro = TROJ_GEN.R47C2L2 Microsoft = TrojanDownloader:Win32/Renos.KC PCTools = Trojan.Gen McAfee = Artemis!A87815A01CE2 VIPRE = Trojan.Win32.Generic!SB.0 Prevx = Medium Risk Malware Avast5 = Win32:Malware-gen AVG = Downloader.Generic10.AVAD Norman = W32/Obfuscated.L Sophos = Mal/Generic-L Symantec = Trojan.Gen GData = Trojan.Generic.5149527 TheHacker = Trojan/Kryptik.izc BitDefender = Trojan.Generic.5149527 NOD32 = a variant of Win32/Kryptik.IZC
ExIF Data	File Size : 393 kB File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:04:03 23:28:07-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 387072 Initialized Data Size : 315904 Uninitialized Data Size : 0 Entry Point : 0x5f3b0 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.0.0.3422 Product Version Number : 2.0.0.3422 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : Chinese (Simplified) Character Set : Unicode Comments : Company Name : Microsoft Corporation File Description : Microsoft Agent International Dll File Version : 2.00.0.3422 Internal Name : agt0804 Legal Copyright : Copyright (C) Microsoft Corp. 1998 Legal Trademarks : Original Filename : agt0804.dll Private Build : Product Name : Microsoft Agent International Dll Product Version : 2.00.0.3422 Special Build :
VirusTotal Report submitted 2011-03-05 02:55:38
VirusShare info last updated 2012-10-12 00:23:22

	MD5	308e4bfc4d6273fd99ae76f4804f8141
	SHA1	3666067244aa07ef3f0cbfdbc5b08dd3a2448b88
	SHA256	857aa3ef8e37af84fd798eb92100e6f9c45ad6df1bc0005945966d0aea254e82
SSDeep	3072:xnVMNyLTuQyBsQEM2JGl9jyJcwvTj2M7j:0NIg+QEBJq6sMv
Size	108032 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-GD [Cryp] Ikarus = Trojan.Win32.Pirminay Kingsoft = Win32.Troj.Generic.(kcloud) AhnLab-V3 = Trojan/Win32.Genome Panda = Trj/Genetic.gen Rising = Trojan.Vundo!3CB2 K7AntiVirus = Trojan Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[Cont] McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.Smardec.76 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Moder.DRJY!tr TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Genome.akxn McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CD.gen!Eldorado AVG = Vundo.MH Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.13 Commtouch = W32/Virtumonde.CD.gen!Eldorado ESET-NOD32 = a variant of Win32/Kryptik.OXQ BitDefender = Gen:Variant.Vundo.13
ExIF Data	File Size : 106 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:06:19 13:18:21-04:00 PE Type : PE32 Linker Version : 5.12 Code Size : 57344 Initialized Data Size : 94208 Uninitialized Data Size : 0 Entry Point : 0xad49 OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Btxmalesx Qspoakhbhnb File Description : Shell scrap object handler File Version : 5.1.2600.0 (nfunjbyq.010817-1148) Internal Name : shole Legal Copyright : © Hcsqowbmc Gehywoayxwc. All rights reserved. Original Filename : SHSCRAP.DLL Product Name : Usvzfyxox® Bydffez® Makrhcoel Kkzetx Product Version : 5.1.2600.0
VirusTotal Report submitted 2012-10-09 05:27:53
VirusShare info last updated 2012-10-12 00:43:56

	MD5	ab7e5c12bfd7c9dbbaa7ebe2b6aa6bb9
	SHA1	7b444ee80859ba35aab92b3de58a0b7a55e6ac54
	SHA256	8d4756f77f1b2d2a2836f93718a662b1368ff111070ab6e0d0d021fe631452c1
SSDeep	12288:CqS594yEMDVx3umx1+EjPCNYMNjT/EHTI6Zge1HMib6wMHlqZ1fWO2t:sFDj3uTNhWzRZv1HMM0HlIWt
Size	563200 bytes
File Type	PE32 executable (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/PSW.Fareit.A.49 Avast = Win32:Pirminay-W [Trj] Ikarus = Trojan.Win32.Pirminay Panda = Generic Trojan nProtect = Trojan.Generic.6848715 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!6RwfsvPGpY0 TrendMicro-HouseCall = TROJ_DROPPER.KBS Comodo = TrojWare.Win32.Trojan.Agent.Gen Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Heuristic.LooksLike.Win32.Suspicious.E DrWeb = Trojan.Packed.21886 TrendMicro = TROJ_DROPPER.KBS Microsoft = PWS:Win32/Fareit.A Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Generic Jiangmin = Trojan/Generic.pwwo McAfee = Artemis!AB7E5C12BFD7 F-Secure = Trojan.Generic.6848715 VIPRE = Trojan.Win32.Generic!BT AVG = Dropper.Small.OYQ Norman = W32/Kryptik.AIF Sophos = Mal/Generic-L GData = Trojan.Generic.6848715 Symantec = Trojan Horse TheHacker = Trojan/Kryptik.llt BitDefender = Trojan.Generic.6848715 NOD32 = a variant of Win32/Kryptik.LLT
ExIF Data	File Size : 550 kB File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:12:02 18:06:32-05:00 PE Type : PE32 Linker Version : 5.12 Code Size : 90112 Initialized Data Size : 933888 Uninitialized Data Size : 0 Entry Point : 0x1295f OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.0.2151.1 Product Version Number : 5.0.2151.1 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Picbqijix Hobvdbxbtge File Description : Event Translator Configuration Tool File Version : 5.00.2151.1 Internal Name : eventcmd.exe Legal Copyright : Copyright (C) Vyhemquaq Corp. 1981-1999 Original Filename : eventcmd.exe Product Name : Vykplshkw(R) Ifbcbmd (R) 2000 Ummbvilhx Muujmf Product Version : 5.00.2151.1
VirusTotal Report submitted 2012-06-07 11:39:04
VirusShare info last updated 2012-10-12 02:21:29

	MD5	4e481438701f5e07d8652e9fc56f0819
	SHA1	7b31136ce5f6f613bd689723112148f8af039a1a
	SHA256	5659bee932a1bd787ce30207da7e7212a4066f59a88c562d432583b918fbf29d
SSDeep	3072:nlqvakgH7GtjFosKsxweCrf7KwTiAcfULmabEo7jc1F:nliak3RosKyweuKg9c8Lm6Bi
Size	120832 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-GD [Cryp] Antiy-AVL = Trojan/win32.agent.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Vundo Panda = Trj/Genetic.gen Rising = Trojan.Vundo!3CB2 nProtect = Trojan/W32.Genome.120832 K7AntiVirus = Trojan TrendMicro-HouseCall = TROJ_GEN.R72C2FN Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[Cont] McAfee-GW-Edition = Vundo.gen.fy DrWeb = Trojan.WinSpy.1073 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV MicroWorld-eScan = Trojan.Generic.6147577 Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Generic.imrk McAfee = Vundo.gen.fy F-Secure = Trojan.Generic.6147577 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic22.CNQM Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Trojan.Generic.6147577 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.npn Agnitum = Trojan.Kryptik!0ULyQU8beN4 ESET-NOD32 = a variant of Win32/Kryptik.NPN BitDefender = Trojan.Generic.6147577
ExIF Data	File Size : 118 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:14 13:39:47-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 69632 Initialized Data Size : 94208 Uninitialized Data Size : 0 Entry Point : 0x11a81 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1.3.0.3130 Product Version Number : 1.3.0.3130 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Jywyluocc Vhpbrgajfmp File Description : TDC ActiveX Control File Version : 1, 3, 0, 3130 Internal Name : TDC Legal Copyright : Copyright © 1996, 1997 Original Filename : TDC.OCX Product Name : Tabular Data Control Product Version : 1, 3, 0, 3130
VirusTotal Report submitted 2012-10-09 22:40:38
VirusShare info last updated 2012-10-12 04:15:14

	MD5	51ed7a87b4a281ac57e3eeb5d846b864
	SHA1	a6f00f94693a7d51b73cbd4e3289cb3f97b2d676
	SHA256	882b3828d68db4a2290142d3e77fed9d138a9241c154245ac3f21a609241b539
SSDeep	6144:idsFsLB3GbOnTFPv5vWh2B2MMSMzvkVktn5MYPH2V1ZWlj:cLNNTVIsAPSMb04MMeqlj
Size	299528 bytes
File Type	PE32 executable (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Crypt.XPACK.Gen3 Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/Genetic.gen K7AntiVirus = Riskware VBA32 = SScope.Trojan.Pirminay.chc TrendMicro-HouseCall = TROJ_DLOADR.SMWQ Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Renos McAfee-GW-Edition = Downloader-CEW.ag DrWeb = Trojan.DownLoader4.48509 TrendMicro = TROJ_DLOADR.SMWQ Kaspersky = UDS:DangerousObject.Multi.Generic Microsoft = TrojanDownloader:Win32/Renos.KC Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.ju McAfee = Downloader-CEW.ag F-Secure = Gen:Variant.Zbot.34 VIPRE = Trojan.Win32.Generic!BT AVG = Generic21.JAY Norman = W32/Obfuscated.L Sophos = Troj/Virtum-Gen GData = Gen:Variant.Zbot.34 Symantec = Trojan.Gen TheHacker = Trojan/Pirminay.csm Agnitum = Trojan.Pirminay!Y/QETZYNb3k ESET-NOD32 = a variant of Win32/Kryptik.AJRO BitDefender = Gen:Variant.Zbot.34
ExIF Data	File Size : 293 kB File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:03:09 19:32:23-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 266240 Initialized Data Size : 286720 Uninitialized Data Size : 0 Entry Point : 0x41a90 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 0.3.1536.0 Product Version Number : 1.0.2.82 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 1 Language Code : English (U.S.) Character Set : Unicode Company Name : CANON INC. File Description : Canon Inkjet Printer Driver File Version : 1.00.2.82 (vbl_wcp_d2_drivers.060831-0027) Internal Name : CNBO157.DLL Legal Copyright : Copyright CANON INC. 2006 All Rights Reserved Original Filename : CNBO157.DLL Product Name : Canon Inkjet Printer Driver Product Version : 1.00.2.82
VirusTotal Report submitted 2012-10-10 00:25:31
VirusShare info last updated 2012-10-12 04:53:40

	MD5	b0c2611b3eb756bf9882d24abc74e105
	SHA1	a8a000338040e7efd52e257ffe3b84d53ac13163
	SHA256	8191a315ce609536ac054524d10f83c8e6c50757bcf24ef422dc152922a9c3f3
SSDeep	3072:fh8nQ49ae0M7LKF0FdpoqQ5NQnglMMqqDLy/JhmGTWp41AJc/H:fGnVTLHFQ5+KqqDLujmGTWcAK
Size	163840 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:Adware-gen [Adw] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Fakeav.163840.EV Panda = Trj/CI.A eTrust-Vet = Win32/Monder.A!generic TrendMicro-HouseCall = TROJ_GEN.R47C2G5 Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Artemis!B0C2611B3EB7 TrendMicro = TROJ_GEN.R47C2G5 Microsoft = Trojan:Win32/Vundo PCTools = Trojan.Gen McAfee = Artemis!B0C2611B3EB7 F-Secure = Trojan.Generic.KDV.270917 VIPRE = Virtumonde Avast5 = Win32:Adware-gen [Adw] eSafe = Win32.TRVundo AVG = Generic23.YXL Symantec = Trojan.Gen.2 GData = Trojan.Generic.KDV.270917 BitDefender = Trojan.Generic.KDV.270917 NOD32 = Win32/Adware.Virtumonde.NHD
ExIF Data	File Size : 160 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:14 06:08:13-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 86016 Initialized Data Size : 118784 Uninitialized Data Size : 0 Entry Point : 0x1147a OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.5479.0 Product Version Number : 6.0.5479.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : SEIKO EPSON CORPORATION File Description : EPSON Print Processor ESC/Page-S File Version : 6.0.5479.0 (vbl_wcp_d2_drivers.060616-1619) Internal Name : ep0lpp01.dll Legal Copyright : Copyright (c) SEIKO EPSON CORPORATION 2006. All rights reserved. Original Filename : ep0lpp01.dll Product Name : EPSON Print Processor ESC/Page-S Product Version : 6.0.5479.0
VirusTotal Report submitted 2011-07-15 23:59:02
VirusShare info last updated 2012-10-12 07:00:16

	MD5	6ec79b4d8a29b7b6b880f55f5bbd5bfa
	SHA1	ebdbe35b5bc096d4e012cbb6052e232a80a7353b
	SHA256	52523920dc83fbf2d29551f2ae649f2c6e57e18fb236b11cec81fe92c0a29261
SSDeep	3072:yVQE7w57fZzYH3Df2hJWlnMqqDLy/YeX:yfwthUo7qqDLuz
Size	106496 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-HH [Cryp] Ikarus = Trojan.Win32.Pirminay Kingsoft = Win32.Troj.Generic.(kcloud) Panda = Trj/Genetic.gen Rising = Trojan.Vundo!3CB2 nProtect = Trojan/W32.Genome.106496.AB K7AntiVirus = Trojan TrendMicro-HouseCall = TROJ_GEN.R4FCRGF Emsisoft = Trojan.Win32.Pirminay!IK Comodo = TrojWare.Win32.Agent.ahyr SUPERAntiSpyware = Trojan.Agent/Gen-Faldesc[Cont] McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.Smardec.75 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV MicroWorld-eScan = Gen:Heur.Ranpax.1 Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Generic.ikcs McAfee = Generic Malware.ms F-Secure = Gen:Heur.Ranpax.1 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Vundo.MH Norman = W32/Crypt.AWAV GData = Gen:Heur.Ranpax.1 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.qgj Agnitum = Trojan.Kryptik!Xzo8SBgU7vQ BitDefender = Gen:Heur.Ranpax.1 ESET-NOD32 = a variant of Win32/Kryptik.QGJ
ExIF Data	File Size : 104 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:15 03:11:02-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 45056 Initialized Data Size : 114688 Uninitialized Data Size : 0 Entry Point : 0x71b6 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7000.0 Product Version Number : 6.1.7000.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Dqobcighi Wexdayufmti File Description : Jbwdkjait DirectMusic Wave File Version : 6.1.7000.0 (winmain_win7beta.081212-1400) Internal Name : Qvunieave DirectMusic Wave Legal Copyright : © Mjkuhcxyt Fdynyqlkbfc. All rights reserved. Original Filename : dsave.dll Product Name : Regkuctuq® Hndhxzt® Wzqbwbzfu Fmiopt Product Version : 6.1.7000.0
VirusTotal Report submitted 2012-10-10 18:55:44
VirusShare info last updated 2012-10-12 09:36:06

	MD5	b42e431c6ed72142a722a41e5717a1bc
	SHA1	f433cfc12bda4c6bcede1fc8f0def0b384e9aac3
	SHA256	5f641534db6933f12d3f5508483a33f86b1b6d197a63258ebcf91998e9423199
SSDeep	6144:XmRll46LCLMPKZuZuTTTiSg7fSGF7i/RxunGoNx1QKO9hOrCGRP:WRTTLbCZuqTG7f8unrFO9hOrTP
Size	316009 bytes
File Type	PE32 executable (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Dldr.Ponmocup.A.154 Ikarus = Trojan-Downloader.Win32.Ponmocup AhnLab-V3 = Trojan/Win32.Gen Panda = Suspicious file VBA32 = SScope.Trojan.Pirminay.chc TrendMicro-HouseCall = TROJ_GEN.R47C2A2 Emsisoft = Trojan-Downloader.Win32.Ponmocup!IK McAfee-GW-Edition = Heuristic.BehavesLike.Win32.Downloader.H TrendMicro = TROJ_GEN.R47C2A2 Microsoft = TrojanDownloader:Win32/Ponmocup.A PCTools = Trojan.Gen McAfee = Artemis!B42E431C6ED7 F-Secure = Trojan.Generic.5341697 VIPRE = Trojan.Win32.Generic!BT AVG = Pakes.IEA Norman = W32/Obfuscated.L Sophos = Mal/Generic-L Symantec = Trojan.Gen GData = Trojan.Generic.5341697 BitDefender = Trojan.Generic.5341697 NOD32 = a variant of Win32/Kryptik.JIW
ExIF Data	File Size : 309 kB File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:11:27 15:01:27-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 49664 Initialized Data Size : 525824 Uninitialized Data Size : 0 Entry Point : 0xcd26 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 6 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : MS Remote Access and Routing ARP Driver File Version : 6.0.6000.16386 (vista_rtm.061101-2205) Internal Name : WANARP.SYS Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : WANARP.SYS Product Name : Microsoft® Windows® Operating System Product Version : 6.0.6000.16386
VirusTotal Report submitted 2011-03-08 21:51:30
VirusShare info last updated 2012-10-12 10:08:04

	MD5	b5683afba6028bc8ff35919130f6409a
	SHA1	8f7f2b34ff4880a39bb8a435a152a01df9a9f838
	SHA256	86f1677b06f866d1d87198a37bde5edf040b88d3f1e5a5c9568c1bd46af4ab21
SSDeep	1536:iMzOmGgoT9shPsLiY7jbohLQ3FV1CnCRJZuZMqqU+NV23S26:iaGgoy2LiY/bot8kZMqqDLy/6
Size	86528 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:Vundo-JW [Trj] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Fakeav.86528.R Panda = Trj/Genetic.gen Rising = Trojan.Win32.Generic.128E15A2 nProtect = Trojan/W32.Agent.86528.MA K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!7nE4GPOsPCM eTrust-Vet = Win32/Vundo.HSC TrendMicro-HouseCall = TROJ_GEN.R72C2FO Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Vundo!kf DrWeb = Trojan.WinSpy.1072 TrendMicro = TROJ_GEN.R72C2FO Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr Jiangmin = Trojan/Generic.gije McAfee = Vundo!kf F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Vundo-JW [Trj] eSafe = Win32.TRVundo F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.ITT Norman = W32/Suspicious_Gen2.NQDBK Sophos = Mal/Generic-L GData = Gen:Variant.Vundo.4 Symantec = WS.Reputation.1 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.owy BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.OWY
ExIF Data	File Size : 84 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:13 09:32:51-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 32768 Initialized Data Size : 106496 Uninitialized Data Size : 0 Entry Point : 0x8a87 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Softpub Forwarder DLL File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : Softpub Forwarder DLL Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : Softpub Forwarder DLL Product Name : Microsoft® Windows® Operating System Product Version : 6.1.7600.16385
VirusTotal Report submitted 2011-09-15 18:00:45
VirusShare info last updated 2012-10-12 10:58:54

	MD5	7b1d1ecfcb40bc61d635fd3b0fe60b9b
	SHA1	e76977b9217fa7d06fbd54a1188bd547509b510c
	SHA256	8b5c74db1609d17e953b493d8d31aff892f3ec9437e7ae02a7886c2695f17de2
SSDeep	1536:Pa3I3AzWHWUYe3wgKh6/69QR4WboU0YK5qPsBD4WZgfILKi0fvlBo+n7u6yncu:PII3FHW9e3HQ6/6CRglqwkWCAGHlB7nj
Size	95744 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay Kingsoft = Win32.Troj.Undef.(kcloud) AhnLab-V3 = Trojan/Win32.Monder Panda = Trj/Genetic.gen Rising = Trojan.Vundo!3CB2 K7AntiVirus = Trojan TrendMicro-HouseCall = TROJ_GEN.R28C2FJ Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[Cont] McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.WinSpy.1328 Kaspersky = HEUR:Trojan.Win32.Generic ViRobot = Trojan.Win32.A.Monder.95744.E Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Generic.imne McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Vundo.MH Norman = W32/Suspicious_Gen2.NMIDW Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado Agnitum = Trojan.Kryptik!3fdY319/Vow ESET-NOD32 = probably a variant of Win32/Kryptik.LXF BitDefender = Gen:Variant.Vundo.4
ExIF Data	File Size : 94 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:10 16:32:48-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 81920 Initialized Data Size : 49152 Uninitialized Data Size : 0 Entry Point : 0x14ab1 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.0 Product Version Number : 5.2.3790.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Xaaxgyesi Pewwrcilsmz File Description : Session Remote Control Utility File Version : 5.2.3790.0 (srv03_rtm.030324-2048) Internal Name : shadow Legal Copyright : © Dvituzzow Tqvhfjhgqcd. All rights reserved. Original Filename : shadow.exe Product Name : Ifimxlxgb® Dpbfokk® Hwwwivmmo Vlmpmg Product Version : 5.2.3790.0
VirusTotal Report submitted 2012-10-11 00:52:34
VirusShare info last updated 2012-10-12 11:12:53

	MD5	b60efaeba004432b25c779e765f18bc4
	SHA1	823df7ebdcb88e1a992abb301bc5e21df744f43e
	SHA256	8563fae08167a86a35543f53ab0be635120cdde13a11433c8a5a0f62f4af5198
SSDeep	3072:kEohQNgl+BUqJ2r7e2VuF+IN5NgoHOTBMfXxi0DB:CKaYxJOVegouTBMvjD
Size	113664 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Genome Panda = Suspicious file Rising = Trojan.Win32.Generic.1260AC87 nProtect = Trojan/W32.Genome.113664.C K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!uUU1teuCWX4 TrendMicro-HouseCall = TROJ_GEN.R72C2AK Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Kryptik McAfee-GW-Edition = Vundo!gw DrWeb = Trojan.Click1.58722 TrendMicro = TROJ_GEN.R72C2AK Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Genome.hzo McAfee = Vundo!gw F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) eSafe = Win32.TRATRAPS F-Prot = W32/Virtumonde.BZ.gen!Eldorado AVG = Generic20.BVMG Norman = W32/Vundo.UUW GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.BZ.gen!Eldorado TheHacker = Trojan/Kryptik.itu BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Size : 111 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2004:07:11 16:53:25-04:00 PE Type : PE32 Linker Version : 6.0 Code Size : 69632 Initialized Data Size : 80896 Uninitialized Data Size : 0 Entry Point : 0x11eed OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Microsoft® Windows(TM) RSVP Performance Monitor File Version : 5.1.2600.0 (xpclient.010817-1148) Internal Name : RSVP Performance Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : RSVPPERF.DLL Product Name : Microsoft® Windows® Operating System Product Version : 5.1.2600.0
VirusTotal Report submitted 2012-06-18 00:17:55
VirusShare info last updated 2012-10-12 11:21:59

	MD5	b7190d955ed155dd27b3a189c7dcfa1c
	SHA1	673f464de842ab65dda8bf3b4f401b544a39f4e8
	SHA256	53d4ab16a0bf10ae86f7949ab65f483ce56650befbd7f16fe34f63f9217407cf
SSDeep	3072:1MmhoFdSFsVJA1UgLLuzf/QqZ2ZFS63QdG4JPb3rKbU1IfFRFBC:mdqswdPuzfHZSt4JPb2gUF
Size	211968 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:MalOb-EI Antiy-AVL = Trojan/win32.agent.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Malware/Win32.Generic Panda = Suspicious file Rising = Trojan.Win32.Generic.12657349 nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!J8uzPbG7K+0 TrendMicro-HouseCall = TROJ_GEN.R49C4LN Comodo = UnclassifiedMalware McAfee-GW-Edition = Generic.dx!vfx TrendMicro = TROJ_GEN.R49C4LN Kaspersky = UDS:DangerousObject.Multi.Generic McAfee = Generic.dx!vfx F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-EI eSafe = Win32.TRATRAPS F-Prot = W32/Virtumonde.BZ.gen!Eldorado AVG = Generic20.APPM Norman = W32/Suspicious_Gen2.FGQGA GData = Gen:Variant.Vundo.4 Commtouch = W32/Virtumonde.BZ.gen!Eldorado TheHacker = Trojan/Kryptik.hzv BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.HZV
ExIF Data	File Size : 207 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2000:05:23 14:35:16-04:00 PE Type : PE32 Linker Version : 5.12 Code Size : 166400 Initialized Data Size : 81408 Uninitialized Data Size : 0 Entry Point : 0x298ab OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 4.0.2.7523 Product Version Number : 4.0.2.7523 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Microsoft FrontPage Server Extensions File Version : 4.0.2.7523 Original Filename : RPCTEST.DLL Legal Copyright : Copyright © 1995-1999 Microsoft Corporation, All rights reserved. Legal Trademark 1 : Microsoft®, Windows®, and FrontPage® are registered trademarks of Microsoft Corporation, and WebBot is a trademark of Microsoft Corporation, in the United States and/or other countries. Product Name : Microsoft® FrontPage® 2000 Product Version : 4.0.2.7523
VirusTotal Report submitted 2011-06-06 19:18:35
VirusShare info last updated 2012-10-12 12:03:43

	MD5	911aeb6ced928ba5ca46758407f391e6
	SHA1	af1872f0d83c956905e666a46c54e0694026ded8
	SHA256	8a0e6998e7a142a48504e3d324a2b2c09cd3c0cfa86853ded89f122caa28b106
SSDeep	6144:Xjq0xFS+CQ2bpfRYlNnul9j6ADOGAbrzHJcb24Yph24d2DEiobs2IEjy4srUYefq:XjqFwniGrXvbvy4s9qmrf
Size	247808 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.ghk Avast = Win32:MalOb-GD [Cryp] Ikarus = Trojan.Win32.Pirminay Panda = Trj/CI.A Rising = Trojan.Vundo!3CB2 K7AntiVirus = Trojan Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Win32.Trojan.Monder.cv.5 SUPERAntiSpyware = Trojan.Agent/Gen-Faker McAfee-GW-Edition = Vundo.gen.fy DrWeb = Trojan.WinSpy.1248 Microsoft = Trojan:Win32/Vundo.gen!AV MicroWorld-eScan = Gen:Variant.Vundo.4 Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Vundo TotalDefense = Win32/Vundo.H!generic Jiangmin = DangerousObject.Multi.boe McAfee = Vundo.gen.fy F-Secure = Gen:Variant.Vundo.4 VIPRE = Virtumonde F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Vundo.MH Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Genome.twen BitDefender = Gen:Variant.Vundo.4 ESET-NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Size : 242 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2005:03:15 06:36:59-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 172032 Initialized Data Size : 118784 Uninitialized Data Size : 0 Entry Point : 0x2724e OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.0.0.3422 Product Version Number : 2.0.0.3422 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : Dutch Character Set : Unicode Comments : Company Name : Epmaxbdkg Upciyksupla File Description : Nodfqaxsu Agent International Dll File Version : 2.00.0.3422 Internal Name : agt0413 Legal Copyright : Copyright (C) Dwjrmbzjv Corp. 1999 Legal Trademarks : Original Filename : agt0413.dll Private Build : Product Name : Dgrobozpq Agent International Dll Product Version : 2.00.0.3422 Special Build :
VirusTotal Report submitted 2012-10-11 14:36:10
VirusShare info last updated 2012-10-12 13:45:51

	MD5	952f3fe70a8834de10f5c697e4e5fba6
	SHA1	21db5dfd3beac1f7b9ff6361bfb0feb77c1e59ff
	SHA256	8c651bf6159ebbe70e11c815300a47c3ed38871293d0667b3688fb7a4e18f47e
SSDeep	3072:g9RfIc2a+mnf1M4T9iP9JLwLrXeEWVKlQycY75kC5jBG9wuoKxU2z2BpMqqDLy/+:aRfIc2tM1o9JiOqce5jI9pVz2QqqDLu
Size	176128 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:MalOb-HH [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Vundo Panda = Trj/CI.A Rising = Trojan.Vundo!3CB2 K7AntiVirus = Trojan TrendMicro-HouseCall = TROJ_GEN.R49C2H3 Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.WinSpy.1558 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV MicroWorld-eScan = Gen:Variant.Vundo.4 Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Generic.kvec McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.CLAP Norman = W32/Kryptik.AIF GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado Agnitum = Trojan.Kryptik!Ga4by/WG7II ESET-NOD32 = a variant of Win32/Kryptik.QGU BitDefender = Gen:Variant.Vundo.4
ExIF Data	File Size : 172 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:08:17 07:35:42-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 139264 Initialized Data Size : 77824 Uninitialized Data Size : 0 Entry Point : 0x227a7 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7000.0 Product Version Number : 6.1.7000.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 2 Language Code : Neutral Character Set : Unicode Company Name : Lbkzazmpg Hkssfjbulvs File Description : Serbian (Latin) Keyboard Layout File Version : 6.1.7000.0 (winmain_win7beta.081212-1400) Internal Name : kbdycl (3.13) Legal Copyright : © Kllldugye Corporation. All rights reserved. Original Filename : kbdycl.dll Product Name : Nbtmhculb® Zivwxio® Gffxzuuvv Iqclyr Product Version : 6.1.7000.0
VirusTotal Report submitted 2012-10-11 16:52:39
VirusShare info last updated 2012-10-12 14:15:29

	MD5	bcb898faa9b29c6bce4856c29ac605a6
	SHA1	f4e06463d62a1eb23a7fb2d745e0d67c59da0dc5
	SHA256	8258d108392faa93551d9b56cb2e3a817521ba96dec166a191e199c6af12ad9c
SSDeep	3072:jr99kllosQnm8+ldS/uo77XKKQGOOjCFehNNUhhmxxmUUvvvY++eFJ3KMqqDLy/B:iS/uZGOOjCFe6fqqDLuYP7Y88
Size	262144 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	Avast = Win32:MalOb-HF [Cryp] Antiy-AVL = Trojan/Win32.Monder.gen Ikarus = Trojan.Win32.Pirminay Panda = Suspicious file K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!5Afk+Fzy/Ag Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Vundo.av McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.WinSpy.1477 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Monder.BMF!tr TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Generic.inou McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Vundo.MH Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.SUR
ExIF Data	File Size : 256 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:08:21 14:57:39-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 184320 Initialized Data Size : 118784 Uninitialized Data Size : 0 Entry Point : 0x2da61 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Anzivbxzl Hjwkqrsnzvg File Description : Server Database Storage Utilities File Version : 5.1.2600.0 (tvwwiqml.010817-1148) Internal Name : esentutl.exe Legal Copyright : © Myfkdepov Lgzutvajbwy. All rights reserved. Original Filename : esentutl.exe Product Name : Wljjwniha® Vctpyhk® Juangwfex Oahwzd Product Version : 5.1.2600.0
VirusTotal Report submitted 2012-06-22 12:04:08
VirusShare info last updated 2012-10-12 15:39:26

	MD5	bfdc2b6cb5fefc19fda951cfc5f68896
	SHA1	4f6d2dcfe31054f52e7a39c20ae44400ba2a9853
	SHA256	364c75f95d3391a31f6917d4d4f7d168e8dfc6dffb13a7ca11fdb0ff1e765018
SSDeep	3072:bJuK1PRwWM7P/120+bqlpMqqDLy/9BRyfu6fp:1aW2/1D+bRqqDLu9Xifp
Size	135168 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Malware/Win32.Generic Panda = Suspicious file nProtect = Gen:Variant.Vundo.13 eTrust-Vet = Win32/Monder.A!generic Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Malware-gen F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.BPZI GData = Gen:Variant.Vundo.13 Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.QGJ
ExIF Data	File Size : 132 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2002:03:16 07:16:42-05:00 PE Type : PE32 Linker Version : 5.12 Code Size : 73728 Initialized Data Size : 118784 Uninitialized Data Size : 0 Entry Point : 0xe0d6 OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 4.0.4403.2 Product Version Number : 4.0.4403.2 File Flags Mask : 0x0003 File OS : Win32 Object File Type : Dynamic link library File Subtype : 101 Language Code : English (U.S.) Character Set : Windows, Latin1 Company Name : Microsoft Corporation File Description : ODBC (3.0) driver for text files File Version : 4.0.4403.2 Legal Copyright : Copyright © Microsoft Corporation 1991-1999 Legal Trademarks : ODBC(TM) is a trademark of Microsoft Corporation. Microsoft® is a registered trademark of Microsoft Corporation. Windows(TM) is a trademark of Microsoft Corporation. Product Name : ODBC (3.0) driver for text files Product Version : 4.00.4403.2 File Flags :
VirusTotal Report submitted 2011-07-22 23:50:02
VirusShare info last updated 2012-10-12 17:12:08

	MD5	c48488b44c6064d7ea4770fe27c5e8eb
	SHA1	2c6b48bd0bd57a51760eb85efb8f702cc380a9fd
	SHA256	8d67fa9bd03e75747cfbe8f7fde74d6c5ca519abef8b2ca05685442b4dd55439
SSDeep	3072:kEohQNgl+BUqJ2r7e2VuF+IN5NgoHOTBrfXxi0DB:CKaYxJOVegouTBrvjD
Size	113664 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Genome Panda = Trj/Genetic.gen Rising = Trojan.Win32.Generic.1260AC87 nProtect = Trojan/W32.Genome.113664.C K7AntiVirus = Trojan VirusBuster = Trojan.Kryptik!nPzWal+uKKo TrendMicro-HouseCall = TROJ_GEN.R72C2CQ Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Kryptik McAfee-GW-Edition = Vundo.gen.fy DrWeb = Trojan.Click1.58722 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Genome.hzo McAfee = Vundo.gen.fy F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) eSafe = Win32.TRATRAPS F-Prot = W32/Virtumonde.BZ.gen!Eldorado AVG = Generic21.ARDM Norman = W32/Vundo.UUW Symantec = Trojan.Gen GData = Gen:Variant.Vundo.4 Commtouch = W32/Virtumonde.BZ.gen!Eldorado ESET-NOD32 = a variant of Win32/Kryptik.LXF BitDefender = Gen:Variant.Vundo.4
ExIF Data	File Size : 111 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2004:07:11 16:53:25-04:00 PE Type : PE32 Linker Version : 6.0 Code Size : 69632 Initialized Data Size : 80896 Uninitialized Data Size : 0 Entry Point : 0x11eed OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Microsoft® Windows(TM) RSVP Performance Monitor File Version : 5.1.2600.0 (xpclient.010817-1148) Internal Name : RSVP Performance Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : RSVPPERF.DLL Product Name : Microsoft® Windows® Operating System Product Version : 5.1.2600.0
VirusTotal Report submitted 2012-08-17 23:50:08
VirusShare info last updated 2012-10-12 19:21:02

	MD5	c593a31a861fc8dda84c1f524ea6fd1f
	SHA1	6edde35379e72ff4cd2ec485ed3d2392c8057c5f
	SHA256	38242e38088e6d281e121e3d8ba3c7b2cd6cd13e07afdc37a8a7c3a9436ac1b6
SSDeep	1536:EDQf+pmGtq99shmqiYHxboyLQ3Fn1CnCRJZuZMqqU+NV23S2u:xJGtqgsqiYRboo8kZMqqDLy/u
Size	86528 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:Vundo-JW [Trj] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Fakeav.86528.R Panda = Trj/Genetic.gen nProtect = Trojan/W32.Agent.86528.MA K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!0weWfsa8TI4 eTrust-Vet = Win32/Vundo.HSC TrendMicro-HouseCall = TROJ_GEN.R72C2FN Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Vundo!kf DrWeb = Trojan.WinSpy.1072 TrendMicro = TROJ_GEN.R72C2FN Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.QGJ!tr Jiangmin = Trojan/Generic.gije McAfee = Vundo!kf F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Vundo-JW [Trj] F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.IOG Norman = W32/Suspicious_Gen2.NINYJ GData = Gen:Variant.Vundo.4 Symantec = WS.Reputation.1 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.owy BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.OWY
ExIF Data	File Size : 84 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:13 09:32:51-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 32768 Initialized Data Size : 106496 Uninitialized Data Size : 0 Entry Point : 0x8a87 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Softpub Forwarder DLL File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : Softpub Forwarder DLL Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : Softpub Forwarder DLL Product Name : Microsoft® Windows® Operating System Product Version : 6.1.7600.16385
VirusTotal Report submitted 2011-09-15 18:48:25
VirusShare info last updated 2012-10-12 19:52:15

	MD5	c68cd7bce10a67f1d8de2f5756ad7825
	SHA1	218b17ba39adc088fc008a147e251d038affe150
	SHA256	5f61015f4234e0757e11fedcb716067965b310f218e7f1b000576c7a25128f85
SSDeep	1536:r2a3I3AzWHWUYe3wgKh6/69QR4WboU0Y95lPsBDDWagPHLKd0fvlJoLn7u6yF2u:r2II3FHW9e3HQ6/6CRgylwnWnPGIlJKb
Size	95744 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-EI Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Malware/Win32.Generic Panda = Trj/CI.A K7AntiVirus = Riskware VirusBuster = Trojan.Vundo!oo+FoIvdqYI TrendMicro-HouseCall = TROJ_GEN.R72C2DQ SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Artemis!C68CD7BCE10A TrendMicro = TROJ_GEN.R72C2DQ Microsoft = Trojan:Win32/Vundo McAfee = Artemis!C68CD7BCE10A F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:MalOb-EI eSafe = Win32.TRVundo AVG = Generic22.JDK Norman = W32/Suspicious_Gen2.LRTAN GData = Gen:Variant.Vundo.4 BitDefender = Gen:Variant.Vundo.4 NOD32 = probably a variant of Win32/Kryptik.LXF
ExIF Data	File Size : 94 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:10 16:32:48-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 81920 Initialized Data Size : 49152 Uninitialized Data Size : 0 Entry Point : 0x14ab1 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.0 Product Version Number : 5.2.3790.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Xaaxgyesi Pewwrcilsmz File Description : Session Remote Control Utility File Version : 5.2.3790.0 (srv03_rtm.030324-2048) Internal Name : shadow Legal Copyright : © Dvituzzow Tqvhfjhgqcd. All rights reserved. Original Filename : shadow.exe Product Name : Ifimxlxgb® Dpbfokk® Hwwwivmmo Vlmpmg Product Version : 5.2.3790.0
VirusTotal Report submitted 2011-05-05 02:03:12
VirusShare info last updated 2012-10-12 20:19:42

	MD5	cb0c321291a5efe94339fae85ca707f4
	SHA1	46c43f8b7ad0c53afb07623e8dbbf1f2f15b2c74
	SHA256	5e282f653a8ec13dfa3111722fb99d1bf75c24327bceb77f45aa3a59afba7723
SSDeep	3072:yWVYwJphtVWy9ID0DArUkWAoJCUoEp+e+z4mRBDjyTG:yMJXtVKUFCHz4mRBny
Size	133120 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-GD [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.FakeAV Panda = Suspicious file nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!Ic1zzTxBBn0 TrendMicro-HouseCall = TROJ_GEN.R47C2G4 Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Vundo!jb TrendMicro = TROJ_GEN.R47C2G4 Microsoft = Trojan:Win32/Vundo.gen!AV PCTools = Trojan.Gen McAfee = Vundo!jb F-Secure = Gen:Variant.Vundo.4 VIPRE = Virtumonde Avast5 = Win32:MalOb-GD [Cryp] eSafe = Win32.TRVundo AVG = Generic22.AUNW Norman = W32/Suspicious_Gen2.NHNQK Symantec = Trojan.Gen GData = Gen:Variant.Vundo.4 BitDefender = Gen:Variant.Vundo.4 NOD32 = probably a variant of Win32/Kryptik.LXF
ExIF Data	File Size : 130 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:09 21:06:46-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 73728 Initialized Data Size : 98304 Uninitialized Data Size : 0 Entry Point : 0xfd9a OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 4.6.3.518 Product Version Number : 4.6.3.518 File Flags Mask : 0x30003f File Flags : (none) File OS : Windows 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Windows, Latin1 Company Name : Microsoft Corporation File Description : Microsoft DirectDraw File Version : 4.06.03.0518 Internal Name : ddraw.dll Legal Copyright : Copyright © Microsoft Corp. 1994-1999 Original Filename : ddraw.dll Product Name : Microsoft® DirectX for Windows® 95 and 98 Product Version : 4.06.03.0518
VirusTotal Report submitted 2011-07-20 10:04:02
VirusShare info last updated 2012-10-12 22:39:42

	MD5	ae6e7df9f83121cce83910f7f190ae5d
	SHA1	d23bab246209fa5e7df4b7e36fd2cdbebda8992a
	SHA256	31b951d9c9d4dd292e93c87b1fff62297de7f91a431a282702175426cd56e0bd
SSDeep	768:wAFzG2VGkWR3GWinTtANHjTimI6Bnm7k8c6Z:LRVGkWR3GM/nBnZ8H
Size	32843 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Spy.Gen Avast = Win32:Pirminay-EE [Trj] Ikarus = not-a-virus:AdWare.Win32.SuperJuan AhnLab-V3 = Trojan/Win32.Variant Panda = Trj/Genetic.gen Rising = Trojan.Vundo!3CB2 K7AntiVirus = Trojan TrendMicro-HouseCall = TROJ_GEN.R21C2AV Emsisoft = Riskware.AdWare.Win32.SuperJuan!IK CAT-QuickHeal = Win32.Trojan.Vundo.gen!AV.4.a McAfee-GW-Edition = Artemis!AE6E7DF9F831 DrWeb = Trojan.WinSpy.1558 Kaspersky = UDS:DangerousObject.Multi.Generic Microsoft = Trojan:Win32/Vundo.gen!AV MicroWorld-eScan = Gen:Variant.Vundo.10 Fortinet = W32/Vundo.JX!tr PCTools = Adware.Gen!rem Jiangmin = Adware/SuperJuan.hk McAfee = Artemis!AE6E7DF9F831 F-Secure = Gen:Variant.Vundo.10 VIPRE = Trojan.Win32.Vundo eSafe = Win32.TRSpy AVG = Generic4.BBEA Norman = W32/Suspicious_Gen2.QXVMO GData = Gen:Variant.Vundo.10 Symantec = Adware.Gen TheHacker = Trojan/Ponmocup.aa Agnitum = Adware.SuperJuan!W32BUFzIfbk ESET-NOD32 = a variant of Win32/Ponmocup.AA BitDefender = Gen:Variant.Vundo.10
ExIF Data	File Size : 32 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 8192 Initialized Data Size : 28672 Uninitialized Data Size : 0 Entry Point : 0x2eca OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-10-12 08:44:15
VirusShare info last updated 2012-10-12 22:52:35

	MD5	cbfd75702386073303e0ad5776d7f255
	SHA1	b29bb987dc309a534a235445dd4153847a40b72c
	SHA256	327d64bd14b4046229cf4549eb097ec7e3638e5fb99a342fcba53e8a0daf29a0
SSDeep	3072:V4b1IVLs05WNzmn+OovmEFVzKXBGfK/c8upxXV9qCtAFD3jx:iI20okfo5rfKCDP2D3d
Size	115200 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Crypt.XPACK.Gen Avast = Win32:MalOb-GD [Cryp] Ikarus = Trojan.Win32.Pirminay Panda = Trj/Genetic.gen K7AntiVirus = Trojan VirusBuster = Trojan.Kryptik!VhNa4vFqV2M TrendMicro-HouseCall = TROJ_GEN.R72C1G7 Emsisoft = Trojan.Win32.Pirminay!IK Comodo = TrojWare.Win32.Kryptik.LLT McAfee-GW-Edition = Artemis!CBFD75702386 DrWeb = Trojan.WinSpy.1276 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Generic.fnxb McAfee = Vundo.gen.fy F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.AGMT Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen Symantec = Trojan.Gen GData = Gen:Variant.Vundo.4 Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.llt ESET-NOD32 = a variant of Win32/Kryptik.LLT BitDefender = Gen:Variant.Vundo.4
ExIF Data	File Size : 112 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:06:11 15:18:07-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 102400 Initialized Data Size : 49152 Uninitialized Data Size : 0 Entry Point : 0x19601 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.0.0.3422 Product Version Number : 2.0.0.3422 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : Rlikrttkj Ibietanazzz File Description : Jugqectay Character Animation Data Provider File Version : 2.00.0.3422 Internal Name : AgentDataProvider2 Legal Copyright : Copyright (C) Bhgtbibxy Corp. 1997-98 Legal Trademarks : Original Filename : AgentDp2.dll Private Build : Product Name : Nrrmupjma Character Animation Data Provider Product Version : 2.00.0.3422 Special Build :
VirusTotal Report submitted 2012-08-09 10:00:25
VirusShare info last updated 2012-10-12 23:22:22

	MD5	b3d25b62d1fb3d013550687c433471ad
	SHA1	f8432073180470b3a2d69e6de8d928bf424048a8
	SHA256	83e5d3929a7e36cce534ef1bb1aa43eac6bd0af7fbe42a1c9ced56b612e79a1c
SSDeep	3072:OQiV/8V4N5n3UbXuszzPP/O66wZUgPeONmCd6lUMmfgHPFsixMqqDLy/4dJm:+22NpkbewOQV9MmfgH2xqqDLuc
Size	184320 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-HH [Cryp] Ikarus = Trojan.Win32.Pirminay Kingsoft = Win32.Troj.Generic.(kcloud) AhnLab-V3 = Trojan/Win32.Vundo Rising = Trojan.Vundo!3CB2 K7AntiVirus = Trojan TrendMicro-HouseCall = TROJ_GEN.R4FC1KM Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Vundo McAfee-GW-Edition = Heuristic.BehavesLike.Win32.Suspicious-DTR.K DrWeb = Trojan.Click1.54577 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV MicroWorld-eScan = Gen:Variant.Vundo.4 Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Generic.abclk McAfee = Vundo.gen.fy F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Vundo.MH Norman = W32/Suspicious_Gen2.QHPBU Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.llt Agnitum = Trojan.Vundo.Gen!Pac.49 ESET-NOD32 = a variant of Win32/Kryptik.LLT BitDefender = Gen:Variant.Vundo.4
ExIF Data	File Size : 180 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2007:02:28 11:10:14-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 106496 Initialized Data Size : 118784 Uninitialized Data Size : 0 Entry Point : 0x162e2 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Disk Management DCOM Interface Stub File Version : 6.0.6000.16386 (vista_rtm.061101-2205) Internal Name : dmintf.dll Legal Copyright : Copyright© 1985-2002 Microsoft Corporation. All rights reserved. .Portions Copyright © 1997-2002 Veritas Software. All rights reserved. Original Filename : dmintf.dll Product Name : Microsoft® Windows® Operating System Product Version : 6.0.6000.16386
VirusTotal Report submitted 2012-10-12 13:49:25
VirusShare info last updated 2012-10-12 23:34:55

	MD5	d1d7307ad4cf0f483af75bfe1d415a49
	SHA1	846ce87bccb278098e7f634aa69c1ea48e2dd4ad
	SHA256	87adf125aa8fc5a717398938045c42109574bf73575d7b6d7250171c68e24344
SSDeep	1536:fdXPNHPVB7JJOZ3JFd26+Nvp3OX3DnyA4iAaZ4SPaCHRogZTARM0BBpK:fdXh0Zm6+T3OX3NpAa/PRP0B6
Size	110080 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/ATRAPS.Gen Avast = Win32:MalOb-EI Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Gen Panda = Suspicious file K7AntiVirus = Riskware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Artemis!D1D7307AD4CF Microsoft = Trojan:Win32/Vundo McAfee = Artemis!D1D7307AD4CF F-Secure = Gen:Variant.Vundo.5 VIPRE = Virtumonde Prevx = Medium Risk Malware Avast5 = Win32:MalOb-EI F-Prot = W32/Virtumonde.BZ.gen!Eldorado AVG = Generic22.STU Symantec = Trojan.Gen GData = Gen:Variant.Vundo.5 Commtouch = W32/Virtumonde.BZ.gen!Eldorado TheHacker = Trojan/Kryptik.itt BitDefender = Gen:Variant.Vundo.5 NOD32 = a variant of Win32/Kryptik.JGY
ExIF Data	File Size : 108 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:21 03:03:20-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 97792 Initialized Data Size : 48640 Uninitialized Data Size : 0 Entry Point : 0x18d17 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.0.2180.1 Product Version Number : 5.0.2180.1 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 4 Language Code : Neutral Character Set : Unicode Company Name : Microsoft Corporation File Description : ModeX Display Driver File Version : 5.00.2180.1 Internal Name : modex.dll Legal Copyright : Copyright (C) Microsoft Corp. 1981-1999 Original Filename : modex.dll Product Name : Microsoft(R) Windows (R) 2000 Operating System Product Version : 5.00.2180.1
VirusTotal Report submitted 2011-04-25 04:46:00
VirusShare info last updated 2012-10-13 02:03:07

	MD5	d1ec5ee7af94adf1a3bff3f53c2ceae7
	SHA1	5c8714abbb6581599d1072dcc5917474e821789b
	SHA256	5393d9bb3427333d7c12b4924df03225ad31c19b60b12d317e07653cac4559e6
SSDeep	3072:7VUNNE57nZzYH3Df2hJWliMqqDLy/YeX:74EtZUoSqqDLuz
Size	106496 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay Panda = Generic Trojan VirusBuster = Adware.KXRVLNQ!KKAn7rFt2cA TrendMicro-HouseCall = TROJ_GEN.R47C2GA Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Faldesc[RE] McAfee-GW-Edition = Artemis!D1EC5EE7AF94 DrWeb = Trojan.Smardec.75 TrendMicro = TROJ_GEN.R47C2GA Microsoft = Trojan:Win32/Vundo.gen!AV McAfee = Vundo!jg F-Secure = Gen:Heur.Ranpax.1 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:Malware-gen AVG = Generic23.AHYR Norman = W32/Suspicious_Gen.PRBP GData = Gen:Heur.Ranpax.1 BitDefender = Gen:Heur.Ranpax.1
ExIF Data	File Size : 104 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:15 03:11:02-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 45056 Initialized Data Size : 114688 Uninitialized Data Size : 0 Entry Point : 0x71b6 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7000.0 Product Version Number : 6.1.7000.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Dqobcighi Wexdayufmti File Description : Jbwdkjait DirectMusic Wave File Version : 6.1.7000.0 (winmain_win7beta.081212-1400) Internal Name : Qvunieave DirectMusic Wave Legal Copyright : © Mjkuhcxyt Fdynyqlkbfc. All rights reserved. Original Filename : dsave.dll Product Name : Regkuctuq® Hndhxzt® Wzqbwbzfu Fmiopt Product Version : 6.1.7000.0
VirusTotal Report submitted 2011-07-11 18:57:00
VirusShare info last updated 2012-10-13 02:05:38

	MD5	d4f15646455fac4d15d83e46c8faab94
	SHA1	c8c27c476bc22f6d190fda7ad07cd834390efac7
	SHA256	397f11b17e7e2e7bd5558fb9374ef6b0aef369e1d9eb3e86d3fa18a82c0b2346
SSDeep	3072:Yxj+CQ2bpfKv1z9/WfnOGAbrzHJdg4Yph24d2kOymi1RSBGafogriC9BDMqqDLyt:YB+CQ2bpfG1h/WfnOGAbrzHJdg4Yph2Z
Size	183808 bytes
File Type	MS-DOS executable
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Malware/Win32.Generic Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.4 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falleg[RE] McAfee-GW-Edition = Artemis!D4F15646455F Microsoft = Trojan:Win32/Vundo McAfee = Artemis!D4F15646455F F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Malware-gen AVG = Generic23.ASRX Norman = W32/Suspicious_Gen2.NHQHL GData = Gen:Variant.Vundo.4 BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.NPN
ExIF Data	File Size : 180 kB Error : Unknown file type
VirusTotal Report submitted 2011-07-08 21:13:06
VirusShare info last updated 2012-10-13 03:46:58

	MD5	daffce1e0feb390694d6539ac678aea3
	SHA1	a1b1b4a1a1c285c4e553c8bc2d4b89c665f0d827
	SHA256	39574725160e987582b31b96f9dbc1dee60797778be195be696fce3a380312cc
SSDeep	1536:WcxNyWVbVPaxpYN5AlbWSS36MvrABkT2yf:TbVPaxpYN5CbWS4TjFf
Size	65536 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:Malware-gen Antiy-AVL = Trojan/win32.agent.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Malware/Win32.Generic Panda = Trj/CI.A nProtect = Trojan.Generic.KDV.233616 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!ODZF5YV8WVI TrendMicro-HouseCall = TROJ_GEN.R72C2F4 Comodo = UnclassifiedMalware McAfee-GW-Edition = Vundo!iw TrendMicro = TROJ_GEN.R72C2F4 Microsoft = Trojan:Win32/Vundo McAfee = Vundo!iw F-Secure = Trojan.Generic.KDV.233616 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:Malware-gen eSafe = Win32.TRVundo AVG = Generic22.BAKK Norman = W32/Suspicious_Gen2.MMCOB GData = Trojan.Generic.KDV.233616 TheHacker = Trojan/Kryptik.npn BitDefender = Trojan.Generic.KDV.233616 NOD32 = a variant of Win32/Kryptik.NPN
ExIF Data	File Size : 64 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:08:05 10:42:12-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 8192 Initialized Data Size : 90112 Uninitialized Data Size : 0 Entry Point : 0x2601 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.5512 Product Version Number : 5.1.2600.5512 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Bxdtnslfc Qombbanlzcz File Description : ProQuota File Version : 5.1.2600.5512 (xpsp.080413-2113) Internal Name : proquota Legal Copyright : © Gawcyiudp Vhiefxjyrxo. All rights reserved. Original Filename : proquota.exe Product Name : Hwnmyprjc® Sdtauqw® Fslvzjhlo Yhicem Product Version : 5.1.2600.5512
VirusTotal Report submitted 2011-06-09 18:43:50
VirusShare info last updated 2012-10-13 09:16:31

	MD5	dc2a28fe24d110e21e0c640f80ff804d
	SHA1	378d246125b6107416230f42ea1f0389ab09d779
	SHA256	846935b1da7d415bedcc97fc2217d9038a9efe16f3b1f4c96a1acc4d9dffe647
SSDeep	3072:S+iUu6rU50oY8ACSZoncXXl/ddFzLMqqDLy/RoDbc:sNeke+0XpFzoqqDLuR
Size	131072 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:Vundo-JX [Trj] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/Genetic.gen Rising = Trojan.Win32.Generic.1289BECA nProtect = Gen:Variant.Vundo.4 VirusBuster = Trojan.Vundo.AKMH eTrust-Vet = Win32/Vundo.HPV!genus Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] Microsoft = Trojan:Win32/Vundo.gen!AV F-Secure = Gen:Variant.Vundo.4 VIPRE = Virtumonde Avast5 = Win32:Vundo-JX [Trj] eSafe = Win32.TRVundo AVG = Generic23.BEMT Norman = W32/Suspicious_Gen2.NNRLZ Symantec = Trojan.Gen GData = Gen:Variant.Vundo.4 BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Size : 128 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:05 18:48:40-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 86016 Initialized Data Size : 86016 Uninitialized Data Size : 0 Entry Point : 0x151a7 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.1.4026.0 Product Version Number : 2.0.0.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : Ncpniezam Kdqqjqacykd File Description : Movie Maker Filters File Version : 2, 1, 4026, 0 Internal Name : WMM2FILT Legal Copyright : Copyright (C) Lfwckqjlh Corp, 2004 Legal Trademarks : Original Filename : WMM2FILT.DLL Private Build : Product Name : Windows Movie Maker Product Version : 2.1.4026.0 Special Build :
VirusTotal Report submitted 2011-07-14 20:04:15
VirusShare info last updated 2012-10-13 10:29:23

	MD5	dc54675dc43da3403a09b6621d710fa8
	SHA1	82020c9595f06457fa4902141828ae7ecae9957f
	SHA256	8f8fc1121f0d73b924fc3dcb94aacdec9a099eb6a9b236d341ed424d7e11b622
SSDeep	6144:IaRqAM7U5rxVMRcm2cmlbyFWwv5rfxnnoOr/:jTvbYl5rpno
Size	217088 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-GD [Cryp] Antiy-AVL = Trojan/win32.agent.gen Ikarus = Trojan.Win32.Pirminay Panda = Suspicious file K7AntiVirus = Trojan VirusBuster = Trojan.Kryptik!EQfuBweqjJs TrendMicro-HouseCall = TROJ_GEN.R4FC7HN Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Vundo.gen.fy DrWeb = Trojan.WinSpy.1306 TrendMicro = TROJ_GEN.R4FC7HN Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Generic.gtuz McAfee = Vundo.gen.fy F-Secure = Gen:Variant.Vundo.6 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CP.gen!Eldorado AVG = Generic22.AYGE Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.6 Commtouch = W32/Virtumonde.CP.gen!Eldorado ESET-NOD32 = probably a variant of Win32/Kryptik.LXF BitDefender = Gen:Variant.Vundo.6
ExIF Data	File Size : 212 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:08:10 09:01:37-04:00 PE Type : PE32 Linker Version : 6.0 Code Size : 151552 Initialized Data Size : 102400 Uninitialized Data Size : 0 Entry Point : 0x25a31 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.5479.0 Product Version Number : 6.0.5479.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 1 Language Code : English (U.S.) Character Set : Unicode Company Name : SEIKO EPSON CORPORATION File Description : EPSON Printer Driver File Version : 6.0.5479.0 (vbl_wcp_d2_drivers.060616-1619) Internal Name : ep0lvr1m.dll Legal Copyright : Copyright (c) SEIKO EPSON CORPORATION 2003-2004. All rights reserved. Original Filename : ep0lvr1m.dll Product Name : EPSON Printer Driver Product Version : 6.0.5479.0
VirusTotal Report submitted 2012-08-31 11:16:49
VirusShare info last updated 2012-10-13 10:40:00

	MD5	e066f7a0d90bd5b30dd354b8fceb6d60
	SHA1	4716f19a5749172884accb449719d952f8dd5643
	SHA256	8ce9a1e51b721d5891eb05759e5f59908a13837f60c5ac0a68b45fc86615238d
SSDeep	3072:nlb1IVLs05WNzmn+OQ4QE4y+KXBGfK/Z8utxXLqC/AdD3Vx:zI20okfQrfKZHBOD3v
Size	115200 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-GD Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Vundo Panda = Trj/Genetic.gen nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_GEN.R49C2F7 Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Artemis!E066F7A0D90B TrendMicro = TROJ_GEN.R49C2F7 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo Jiangmin = Trojan/Generic.fnxb McAfee = Vundo!iy F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-GD AVG = Generic22.ATWR Norman = W32/Suspicious_Gen2.MYKCO GData = Gen:Variant.Vundo.4 TheHacker = Trojan/Kryptik.llt BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LLT
ExIF Data	File Size : 112 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:06:11 15:18:07-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 102400 Initialized Data Size : 49152 Uninitialized Data Size : 0 Entry Point : 0x19601 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.0.0.3422 Product Version Number : 2.0.0.3422 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : Rlikrttkj Ibietanazzz File Description : Jugqectay Character Animation Data Provider File Version : 2.00.0.3422 Internal Name : AgentDataProvider2 Legal Copyright : Copyright (C) Bhgtbibxy Corp. 1997-98 Legal Trademarks : Original Filename : AgentDp2.dll Private Build : Product Name : Nrrmupjma Character Animation Data Provider Product Version : 2.00.0.3422 Special Build :
VirusTotal Report submitted 2011-06-25 12:13:19
VirusShare info last updated 2012-10-13 14:34:36

	MD5	d50a12c31604f1a6f3d98e2fb62a3e97
	SHA1	3e937bc62464a19af61a79f8ea5265bfaab07bd3
	SHA256	8cc1d47fb867c2fe56b86eb335067c8d3b467ff1c50f17f5fcefb852b50c9a05
SSDeep	3072:RKyknbj/4b4MQiB5r8c+/KV6yppYg9hH4zn8jt1lNcSwoZVaYfO:4vIbDVCC+1utNcStfO
Size	167936 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.307200 Avast = Win32:MalOb-GD [Cryp] Ikarus = Trojan.Win32.Pirminay Kingsoft = Win32.Troj.Undef.(kcloud) AhnLab-V3 = Trojan/Win32.FakeAV Panda = Trj/Genetic.gen Rising = Trojan.Vundo!3CB2 K7AntiVirus = Trojan Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[Cont] McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.WinSpy.1558 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV MicroWorld-eScan = Gen:Variant.Vundo.4 Fortinet = W32/Moder.DRJY!tr PCTools = Trojan.Vundo TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Monder.ackh McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.4 VIPRE = Virtumonde F-Prot = W32/Virtumonde.CD.gen!Eldorado AVG = Vundo.MH Norman = W32/Kryptik.AIF GData = Gen:Variant.Vundo.4 Symantec = Trojan.Vundo!gen9 Commtouch = W32/Virtumonde.CD.gen!Eldorado TheHacker = Trojan/Kryptik.ndi ESET-NOD32 = a variant of Win32/Kryptik.AGXH BitDefender = Gen:Variant.Vundo.4
ExIF Data	File Size : 164 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:01:18 00:19:53-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 102400 Initialized Data Size : 98304 Uninitialized Data Size : 0 Entry Point : 0x163c5 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6001.18000 Product Version Number : 6.0.6001.18000 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 8 Language Code : English (U.S.) Character Set : Unicode Company Name : Xztfevbqv Kbgbrtftghg File Description : Flnsgrboy ACM Audio Filter File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840) Internal Name : Jhyddtqsf ACM Audio Filter Legal Copyright : © Inorznyop Corporation. All rights reserved. Original Filename : msfltr32.acm Product Name : Xcsltbhjn® Zqtcvkp® Pgkevtdwi Lrgelv Product Version : 6.0.6001.18000
VirusTotal Report submitted 2012-10-13 07:51:15
VirusShare info last updated 2012-10-13 17:54:28

	MD5	e720e67a35fdf30aae24baa04eca8fb8
	SHA1	333e86f26b9013d7b20e03cb6ab9dc530937f4ad
	SHA256	5051f635bc414a010e0174e7bfbab02e6c48df248f342baa5d94ea61fe238af3
SSDeep	3072:GWSk4DjJHoeSrhvsuJjwW67EnkuBkmIaLpG+imuVnmg3CJrIzywN9llBMqqDLy/L:TSTPJJduJI7IkuNtE+inVmIwwN96qqD8
Size	192512 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:Pirminay-BU [Trj] Ikarus = Trojan.Win32.Pirminay Panda = Generic Malware Rising = Trojan.Win32.Generic.12898919 nProtect = Gen:Variant.Vundo.13 VirusBuster = Trojan.Vundo.Gen!Pac.49 eTrust-Vet = Win32/Monder.A!generic Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Faldesc[RE] DrWeb = Trojan.MulDrop2.36782 Microsoft = Trojan:Win32/Vundo.gen!AV F-Secure = Gen:Variant.Vundo.13 VIPRE = Virtumonde Avast5 = Win32:Pirminay-BU [Trj] AVG = Generic23.AJQI GData = Gen:Variant.Vundo.13 BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Size : 188 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:29 01:20:56-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 114688 Initialized Data Size : 122880 Uninitialized Data Size : 0 Entry Point : 0x1873a OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.0.2188.1 Product Version Number : 5.0.2188.1 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Bvschllnj Kwwvyoclftc File Description : Yqhtwvc NT Remote Access Perfmon Counter dll File Version : 5.00.2188.1 Internal Name : rasctrs.dll Legal Copyright : Copyright (C) Onwaffnge Corp. 1981-1999 Original Filename : rasctrs.dll Product Name : Mcwmgawgx(R) Wyelbpq (R) 2000 Hmiknycyi Zyqubl Product Version : 5.00.2188.1
VirusTotal Report submitted 2011-07-17 22:00:00
VirusShare info last updated 2012-10-13 19:39:36

	MD5	ec5dcdd8bad1c854df994972833752d6
	SHA1	a54c3289ef9ce5c097e1fbb8d0301944c3bb7a0c
	SHA256	83af629f093f30d161d9737badd3d3e6cc23bab978fe1098650aa495b801f903
SSDeep	1536:OHa3I3AzWHWUYe3wgKh6/69QR4WboU0YN55ePsBDTWJgtXLKv0fvlYoAn7u6yuJu:OHII3FHW9e3HQ6/6CRgu5ewvWyBGClYB
Size	95744 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-EI Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Malware/Win32.Generic Panda = Trj/CI.A K7AntiVirus = Riskware VirusBuster = Trojan.Vundo!kcYMh9lkajo TrendMicro-HouseCall = TROJ_GEN.R72C2DQ SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Artemis!EC5DCDD8BAD1 TrendMicro = TROJ_GEN.R72C2DQ Microsoft = Trojan:Win32/Vundo McAfee = Artemis!EC5DCDD8BAD1 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:MalOb-EI AVG = Generic22.JXB Norman = W32/Suspicious_Gen2.LRSUC GData = Gen:Variant.Vundo.4 BitDefender = Gen:Variant.Vundo.4 NOD32 = probably a variant of Win32/Kryptik.LXF
ExIF Data	File Size : 94 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:10 16:32:48-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 81920 Initialized Data Size : 49152 Uninitialized Data Size : 0 Entry Point : 0x14ab1 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.0 Product Version Number : 5.2.3790.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Xaaxgyesi Pewwrcilsmz File Description : Session Remote Control Utility File Version : 5.2.3790.0 (srv03_rtm.030324-2048) Internal Name : shadow Legal Copyright : © Dvituzzow Tqvhfjhgqcd. All rights reserved. Original Filename : shadow.exe Product Name : Ifimxlxgb® Dpbfokk® Hwwwivmmo Vlmpmg Product Version : 5.2.3790.0
VirusTotal Report submitted 2011-05-05 19:41:43
VirusShare info last updated 2012-10-13 23:07:42

	MD5	f2b1029c714850971cfbad60a4c32309
	SHA1	725221cd2f0b69a2a9f712a27b16ed56dcedb57d
	SHA256	87d8815fa8cfcf48715beec5222b4ff005b5a7bff385ace4c3912099cd27ff59
SSDeep	3072:qrtM7xMr1ymaRW0aGIHQ6X2oO8EoHsFYdYIky+86:qr2tqwRW0axX0B
Size	155648 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-EI Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Gen Panda = Suspicious file Rising = Trojan.Win32.Generic.128058DC nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_GEN.R72C2FG McAfee-GW-Edition = Artemis!F2B1029C7148 TrendMicro = TROJ_GEN.R72C2FG Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Menti.fam!tr PCTools = Trojan.Gen McAfee = Artemis!F2B1029C7148 F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-EI AVG = Generic23.HNG Symantec = Trojan.Gen.2 GData = Gen:Variant.Vundo.4 BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Adware.Virtumonde.NKN
ExIF Data	File Size : 152 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:01:24 13:44:38-05:00 PE Type : PE32 Linker Version : 5.12 Code Size : 61440 Initialized Data Size : 122880 Uninitialized Data Size : 0 Entry Point : 0xf0fa OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1.0.13.0 Product Version Number : 1.0.13.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 1 Language Code : Danish Character Set : Unicode Comments : Company Name : Microsoft Corporation File Description : Lexmark Z42 Color Jetprinter File Version : 1, 0, 13, 0 Internal Name : LXAASRES.DLL Legal Copyright : Copyright (C) Microsoft Corp. 1981-1997 Legal Trademarks : Original Filename : OEMRES Private Build : Product Name : Microsoft(R) Windows NT(R) Operativsystem Product Version : 1, 0, 13, 0 Special Build :
VirusTotal Report submitted 2011-07-04 11:19:14
VirusShare info last updated 2012-10-14 02:51:57

	MD5	f2d5ee3298b75e3cb101e926b98e9539
	SHA1	3265e1fd330e13adf74f1bdb459eee33af110885
	SHA256	38bb4ed492c5368f0a7c76c21adf4b9fc187b136984913b1cc356f4d5a6d50cc
SSDeep	3072:kDTm2esiZW5ckg6z6ArhgiF+e7KStAhLhc7xhAkamlV+s52u6UO2I3Jhlz:cpesiZWGdSHr6A+ePShKNCweD3J
Size	151040 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-GD [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Gen Panda = Generic Malware nProtect = Gen:Variant.Vundo.13 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!cDHZWlm2OdI eTrust-Vet = Win32/Monder.A!generic TrendMicro-HouseCall = TROJ_GEN.R47C2H8 Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Faldesc[RE] McAfee-GW-Edition = Generic Malware.ms TrendMicro = TROJ_GEN.R47C2H8 Kaspersky = UDS:DangerousObject.Multi.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = DangerousObject.Multi.gtb McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.13 VIPRE = Virtumonde F-Prot = W32/Virtumonde.CD.gen!Eldorado AVG = Generic22.IRB Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.13 Symantec = Trojan.Gen.2 Commtouch = W32/Virtumonde.CD.gen!Eldorado TheHacker = Trojan/Kryptik.lxf BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Size : 148 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:05:05 13:59:22-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 135168 Initialized Data Size : 61440 Uninitialized Data Size : 0 Entry Point : 0x1dc29 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 8.0.7600.16385 Product Version Number : 8.0.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : Neutral Character Set : Unicode Company Name : Eyodnjzfr Amxyatxhbuo File Description : Phavvkuqw Speech Recognition Locale Handlers File Version : 8.0.7600.16385 (win7_rtm.090713-1255) Internal Name : srloc.dll Legal Copyright : © Hxyltoblw Lnpkmesucxo. All rights reserved. Original Filename : srloc.dll Product Name : Fupunuwet® Fotfyld® Genakwhvg System Product Version : 8.0.7600.16385
VirusTotal Report submitted 2011-11-25 04:35:21
VirusShare info last updated 2012-10-14 02:55:47

	MD5	f324c023e3b86832a0bccb3da81b6a51
	SHA1	ae9bb7115e3ceda9ab587e1eab759754cff4178e
	SHA256	5d2cfb7abdc4f0e4d722128e37ad9be2aab79b3655637453dbbe41f5a93e4ba5
SSDeep	3072:zVD2CwPtc1r9OjBfxnAwGXkqhW+nleM6:d2CwqeWXkIW+
Size	125440 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.A.94 Avast = Win32:MalOb-EI Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Gen Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.13 VirusBuster = Trojan.Kryptik!aioBRDU0NSA Comodo = UnclassifiedMalware McAfee-GW-Edition = Artemis!F324C023E3B8 Microsoft = Trojan:Win32/Vundo PCTools = Trojan.Gen McAfee = Artemis!F324C023E3B8 F-Secure = Gen:Variant.Vundo.13 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-EI AVG = Generic21.AUWO Norman = W32/Suspicious_Gen2.MKNCG Symantec = Trojan.Gen.2 GData = Gen:Variant.Vundo.13 BitDefender = Gen:Variant.Vundo.13 NOD32 = a variant of Win32/Kryptik.LLT
ExIF Data	File Size : 122 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:11:10 16:29:58-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 106496 Initialized Data Size : 57344 Uninitialized Data Size : 0 Entry Point : 0x170a1 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Lzwsladpr Nvodeltwuke File Description : ODBC Code Page Translator File Version : 6.0.6000.16386 (eqpau_rtm.061101-2205) Internal Name : mscxpl32.dll Legal Copyright : © Shjkiokxt Corporation. All rights reserved. Original Filename : mscxpl32.dll Product Name : Awkurbrwh® Znzosuh® Dsacauqsz Wbrwfa Product Version : 6.0.6000.16386
VirusTotal Report submitted 2011-07-03 12:04:55
VirusShare info last updated 2012-10-14 03:14:14

	MD5	f817af2ad07a206a530795edc5337202
	SHA1	3d15626d08d5920e166fc27c5bcda2ad9f71789c
	SHA256	3ddd1f39a78ad9aab54f9463ee01f5b6e3f448c170fb351cef8cf2dca66cca6a
SSDeep	1536:dQkbUO/i+cC9UOkyS4i1oipUES9WAQyh3LZOwKW2lVSztNZs:dQk3/J9Uyi1oi5aWAXh3LZTntNZ
Size	100864 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-EI Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Malware/Win32.Generic Panda = Trj/Genetic.gen nProtect = Gen:Variant.Vundo.4 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!CAZDPSeZb6w TrendMicro-HouseCall = TROJ_GEN.R72C2F4 Comodo = UnclassifiedMalware McAfee-GW-Edition = Artemis!F817AF2AD07A TrendMicro = TROJ_GEN.R72C2F4 Microsoft = Trojan:Win32/Vundo McAfee = Artemis!F817AF2AD07A F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:MalOb-EI AVG = Generic22.BAJN Norman = W32/Suspicious_Gen2.NDTLA GData = Gen:Variant.Vundo.4 BitDefender = Gen:Variant.Vundo.4 NOD32 = probably a variant of Win32/Kryptik.LXF
ExIF Data	File Size : 98 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:11:26 13:28:48-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 40960 Initialized Data Size : 94208 Uninitialized Data Size : 0 Entry Point : 0x7a36 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3810.3997 Product Version Number : 5.2.3810.3997 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Rrvksghzi Dvpdihodtzi File Description : WPD Connection Objects File Version : 5.2.3810.3997 (srv03_sp2_rtm.070216-1710) Internal Name : WPDConns Legal Copyright : © Nrwfwdrzk Cyvttahkskw. All rights reserved. Original Filename : WPDConns.DLL Product Name : Fqmykpedm® Efiitcn® Eapqkhpap Kunghq Product Version : 5.2.3810.3997
VirusTotal Report submitted 2011-07-03 14:08:45
VirusShare info last updated 2012-10-14 07:35:46

	MD5	f8365116fa96f9b74064948f4006c131
	SHA1	805df1e691fc64b939c738c735fe9d8850d8f3dd
	SHA256	5d8606401b79d206b52e51242e40247c781bb4354fcb4f4aa77766d6c5bd8145
SSDeep	1536:/a3I3AzWHWUYe3wgKh6/69QR4WboU0YQ5GPsBD/WKg5jLKH0fvlgoTn7u6yxFu:/II3FHW9e3HQ6/6CRgvGwDWXRGqlganE
Size	95744 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen2 Avast = Win32:MalOb-EI Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Malware/Win32.Generic Panda = Trj/CI.A K7AntiVirus = Riskware VirusBuster = Trojan.Vundo!AghpPNqH7Qk TrendMicro-HouseCall = TROJ_GEN.R72C2DQ SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Artemis!F8365116FA96 TrendMicro = TROJ_GEN.R72C2DQ Microsoft = Trojan:Win32/Vundo McAfee = Artemis!F8365116FA96 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:MalOb-EI eSafe = Win32.TRVundo AVG = Generic22.JJX Norman = W32/Suspicious_Gen2.LRSQM GData = Gen:Variant.Vundo.4 BitDefender = Gen:Variant.Vundo.4 NOD32 = probably a variant of Win32/Kryptik.LXF
ExIF Data	File Size : 94 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:10 16:32:48-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 81920 Initialized Data Size : 49152 Uninitialized Data Size : 0 Entry Point : 0x14ab1 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.0 Product Version Number : 5.2.3790.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Xaaxgyesi Pewwrcilsmz File Description : Session Remote Control Utility File Version : 5.2.3790.0 (srv03_rtm.030324-2048) Internal Name : shadow Legal Copyright : © Dvituzzow Tqvhfjhgqcd. All rights reserved. Original Filename : shadow.exe Product Name : Ifimxlxgb® Dpbfokk® Hwwwivmmo Vlmpmg Product Version : 5.2.3790.0
VirusTotal Report submitted 2011-05-05 19:42:38
VirusShare info last updated 2012-10-14 07:42:59

	MD5	f8f4934f8ea29520c192a992ae822068
	SHA1	9528bc76b605645105a6432232d42dcacae7b6ea
	SHA256	830c281afecf485a7c6b00a59baccce12915f80c35fc06f1e535d00390cc747a
SSDeep	3072:pfa4inbiUgh2rUnvjfEhh0FArie0/0NkFfVldMqqDLy/UR+9:pfauHzvu0Fw0skFfuqqDLuJ
Size	137216 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:Pirminay-BU [Trj] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Malware/Win32.Generic Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.4 TrendMicro-HouseCall = TROJ_GEN.R47C2G4 Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[RE] McAfee-GW-Edition = Vundo!jb TrendMicro = TROJ_GEN.R47C2G4 Microsoft = Trojan:Win32/Vundo.gen!AV McAfee = Vundo!jb F-Secure = Gen:Variant.Vundo.4 VIPRE = Virtumonde Avast5 = Win32:Pirminay-BU [Trj] AVG = Generic23.AUN GData = Gen:Variant.Vundo.4 TheHacker = Trojan/Kryptik.llt BitDefender = Gen:Variant.Vundo.4 NOD32 = a variant of Win32/Kryptik.LLT
ExIF Data	File Size : 134 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:05 17:20:27-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 73728 Initialized Data Size : 114688 Uninitialized Data Size : 0 Entry Point : 0xe2ca OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.2180 Product Version Number : 5.1.2600.2180 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 6 Language Code : English (U.S.) Character Set : Unicode Company Name : Keixqbqdc Bwvleejxlrx File Description : IPv6 Tfwssbn Firewall Driver File Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Internal Name : ip6fw.sys Legal Copyright : © Capanacsh Bngdmkceeph. All rights reserved. Original Filename : ip6fw.sys Product Name : Kdgurrwrx® Bddpqkb® Xxzlbjwzi System Product Version : 5.1.2600.2180
VirusTotal Report submitted 2011-07-05 16:09:04
VirusShare info last updated 2012-10-14 08:25:26

	MD5	9c14cb63c611bd1b2e5d1d445a419d14
	SHA1	0cf96b0a6a687212395f48ae0a1cf2de993be85a
	SHA256	8fe9ad38e1b84d8a2cf8b86868a7279fcc6d4b17d866a829c971e0084e648815
SSDeep	3072:mVP8Nm570ZzYH3Df2hJWlJMqqDLy/YeX:m0mtKUoVqqDLuz
Size	106496 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Malware/Win32.Generic Panda = Generic Trojan eTrust-Vet = Win32/Monder.A!generic Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Faldesc[RE] DrWeb = Trojan.Smardec.75 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Jiangmin = Trojan/Generic.ikcs F-Secure = Gen:Heur.Ranpax.1 VIPRE = Trojan.Win32.Kryptik.laq (v) Avast5 = Win32:Malware-gen F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Generic23.AHYR GData = Gen:Heur.Ranpax.1 Commtouch = W32/Virtumonde.CH.gen!Eldorado BitDefender = Gen:Heur.Ranpax.1 NOD32 = a variant of Win32/Kryptik.QGJ
ExIF Data	File Size : 104 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:15 03:11:02-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 45056 Initialized Data Size : 114688 Uninitialized Data Size : 0 Entry Point : 0x71b6 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7000.0 Product Version Number : 6.1.7000.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Dqobcighi Wexdayufmti File Description : Jbwdkjait DirectMusic Wave File Version : 6.1.7000.0 (winmain_win7beta.081212-1400) Internal Name : Qvunieave DirectMusic Wave Legal Copyright : © Mjkuhcxyt Fdynyqlkbfc. All rights reserved. Original Filename : dsave.dll Product Name : Regkuctuq® Hndhxzt® Wzqbwbzfu Fmiopt Product Version : 6.1.7000.0
VirusTotal Report submitted 2011-07-23 00:13:47
VirusShare info last updated 2012-10-14 12:22:10

	MD5	efa5816f24bae97b2bdf642a9b80b332
	SHA1	34465c7a1eee4609c06fee9c8ead79c35564c282
	SHA256	888a2afcc304263f1952334bd3e3cdfde38ac1cf171ddef01072241098d0fab4
SSDeep	1536:jSYj4dtNJu3G8fNmOwamFILh01Y3hyNS5Y6Y9l/MqqU+NV23S2bMnew:jG81mOwSyyv7Cl/MqqDLy/bZw
Size	115712 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-HF [Cryp] Ikarus = Trojan.Win32.Pirminay Kingsoft = Win32.Troj.Undef.(kcloud) AhnLab-V3 = Trojan/Win32.Monder Panda = Trj/Genetic.gen Rising = Trojan.Vundo!3CB2 nProtect = Trojan/W32.Monder.115712.D K7AntiVirus = Trojan TrendMicro-HouseCall = TROJ_GEN.R4FC1IG Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Win32.Trojan.Monder.co.5 SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[Cont] McAfee-GW-Edition = Heuristic.BehavesLike.Win32.Suspicious-BAY.K DrWeb = Trojan.WinSpy.1176 TrendMicro = HT_VIRTUMONDE_00001ad.TOMA Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV MicroWorld-eScan = Gen:Variant.Vundo.4 Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.H!generic Jiangmin = Trojan/Generic.ijpf McAfee = Vundo.gen.fy F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Vundo.MH Norman = W32/Crypt.AWAT Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.qgj Agnitum = Adware.Virtumonde.Gen.2 ESET-NOD32 = Win32/Adware.Virtumonde.NHD BitDefender = Gen:Variant.Vundo.4
ExIF Data	File Size : 113 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:07:28 14:37:02-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 73728 Initialized Data Size : 90112 Uninitialized Data Size : 0 Entry Point : 0xe9c6 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.0.5.53 Product Version Number : 2.0.5.53 File Flags Mask : 0x30003f File Flags : Pre-release, Private build File OS : Windows 16-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Windows, Latin1 Active Movie : Filter dll OLE Self Register : AM20 Company Name : Intel Ereuuuegcnp File Description : Indeo® audio software File Version : 2.05.53 Internal Name : iac25_32.ax Legal Copyright : Copyright © Intel Corp. 1997 Original Filename : iac25_32.ax Product Name : Indeo® audio software Product Version : 2.05.53
VirusTotal Report submitted 2012-10-14 05:13:59
VirusShare info last updated 2012-10-14 13:59:40

	MD5	f358bb64138029968fdb0132aa7bb744
	SHA1	fc3836b289dfaa80c5d039d185c4cf642963cc53
	SHA256	38557d80fcb1fe1172a18979edadcdd29c6fb9fa5f0a2693cdcecb7d5ba83e71
SSDeep	3072:UQdJY14N5n3Ub8tszzKPN46jwrQgGqNmCdvlUMmfgHPFsiMMqqDLy/XdJm:rlNpkbwF4xXmMmfgH2gqqDLub
Size	184320 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.Gen Avast = Win32:MalOb-HH [Cryp] Ikarus = Trojan.Win32.Pirminay Kingsoft = Win32.Troj.Generic.(kcloud) AhnLab-V3 = Trojan/Win32.Vundo Panda = Suspicious file Rising = Trojan.Vundo!3CB2 K7AntiVirus = Trojan TrendMicro-HouseCall = TROJ_GEN.R4FC1II Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Heuristic.BehavesLike.Win32.Suspicious-DTR.K DrWeb = Trojan.Click1.54577 TrendMicro = TROJ_GEN.R4FC1II Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV MicroWorld-eScan = Gen:Variant.Vundo.4 Fortinet = W32/Kryptik.QGJ!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.H!generic McAfee = Vundo.gen.fy F-Secure = Gen:Variant.Vundo.4 VIPRE = Trojan.Win32.Kryptik.laq (v) F-Prot = W32/Virtumonde.CH.gen!Eldorado AVG = Vundo.MH Norman = W32/Suspicious_Gen2.QGIFJ Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.4 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CH.gen!Eldorado TheHacker = Trojan/Kryptik.llt Agnitum = Trojan.Vundo.Gen!Pac.49 ESET-NOD32 = a variant of Win32/Kryptik.LLT BitDefender = Gen:Variant.Vundo.4
ExIF Data	File Size : 180 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2007:02:28 11:10:14-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 106496 Initialized Data Size : 118784 Uninitialized Data Size : 0 Entry Point : 0x162e2 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Disk Management DCOM Interface Stub File Version : 6.0.6000.16386 (vista_rtm.061101-2205) Internal Name : dmintf.dll Legal Copyright : Copyright© 1985-2002 Microsoft Corporation. All rights reserved. .Portions Copyright © 1997-2002 Veritas Software. All rights reserved. Original Filename : dmintf.dll Product Name : Microsoft® Windows® Operating System Product Version : 6.0.6000.16386
VirusTotal Report submitted 2012-10-14 07:20:02
VirusShare info last updated 2012-10-14 14:15:51

	MD5	ff175acb9a183e69baf61b3052838e53
	SHA1	7bc1ecb5e975e41c27ac221200ea7e51e2614b1c
	SHA256	86ec3307e133c9aa343cec9ae154f5e2ff608c46e2dd30c9053557713f680309
SSDeep	6144:94sLurrigkRSsRo+1liyGJ4Q6cv0/67WIqgUcAGiKXEt8+LXvSK9lDIcyI6UZ:qsLoo8+a3J4qc29BIRL/DvDjyI6UZ
Size	383566 bytes
File Type	PE32 executable (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.6.24 Avast = Win32:Malware-gen Ikarus = Trojan.SuspectCRC AhnLab-V3 = Trojan/Win32.Swisyn Panda = Trj/CI.A K7AntiVirus = Riskware VBA32 = Trojan.Pirminay.dqd TrendMicro-HouseCall = TROJ_DLOADR.SMWQ Emsisoft = Trojan.SuspectCRC!IK McAfee-GW-Edition = Downloader-CEW.ag TrendMicro = TROJ_DLOADR.SMWQ Microsoft = TrojanDownloader:Win32/Renos.KC MicroWorld-eScan = Gen:Variant.Zbot.34 Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.ADH Jiangmin = Trojan/Pirminay.mb McAfee = Downloader-CEW.ag F-Secure = Gen:Variant.Zbot.34 VIPRE = Trojan.Win32.Generic!BT AVG = Generic21.PXC Norman = W32/Obfuscated.L GData = Gen:Variant.Zbot.34 Symantec = Trojan.ADH.2 TheHacker = Trojan/Pirminay.nsy ESET-NOD32 = a variant of Win32/Kryptik.KWL BitDefender = Gen:Variant.Zbot.34
ExIF Data	File Size : 375 kB File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:08:05 16:37:46-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 28672 Initialized Data Size : 700416 Uninitialized Data Size : 0 Entry Point : 0x7a30 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 3.0.6920.1109 Product Version Number : 3.0.6920.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Adobe Systems Incorporated File Description : WinFX OpenType/CFF Rasterizer File Version : 3.0.6920.1109 (lh_tools_devdiv_wpf.071009-1109) Internal Name : PresentationCFFRasterizerNative Legal Copyright : Copyright 1983-2005 Adobe Systems Incorporated. All rights reserved. Original Filename : PresentationCFFRasterizerNative.dll Product Name : Microsoft® Windows® Operating System Product Version : 3.0.6920.0
VirusTotal Report submitted 2012-10-14 15:56:21
VirusShare info last updated 2012-10-14 15:06:18

	MD5	45d67c8273ea0a4c6ec7ca31b4d69ce9
	SHA1	a820cd8927304efdd28899d305446bc9fab7873a
	SHA256	001e748931d5d6d0d4e77f6ecb8f066210f39b1aecd6f6860cbc24be3655345f
SSDeep	6144:tARCc5UrxbHFKBN8yGH6htp7jyGTiK+6h8OZjoM5huAgYIejc9zEdxYjYVQaGqOs:tgCDhlKBmyrhz7jzTiK+6hVdgLzTWl4s
Size	377704 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.XPACK.Gen2 Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/CI.A Rising = Trojan.DL.Win32.DownLoad.lx K7AntiVirus = Riskware VirusBuster = Trojan.XPACK!Acu0N2f889A VBA32 = Trojan.Pirminay.ifz TrendMicro-HouseCall = TROJ_GEN.R47C2FJ Comodo = TrojWare.Win32.Trojan.Agent.Gen Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Pirminay.ifz McAfee-GW-Edition = Artemis!45D67C8273EA DrWeb = Trojan.DownLoader3.33842 TrendMicro = TROJ_GEN.R47C2FJ Kaspersky = Trojan.Win32.Pirminay.ifz Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Pirminay.IFZ!tr McAfee = Suspect-BA!45D67C8273EA F-Secure = Trojan.Generic.KDV.249778 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Malware-gen eSafe = Win32.TRCrypt.XPACK AVG = Dropper.Generic3.CGMD Norman = W32/Obfuscated.L Sophos = Mal/Generic-L GData = Trojan.Generic.KDV.249778 BitDefender = Trojan.Generic.KDV.249778 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:07:25 03:34:37-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 368640 Initialized Data Size : 8192 Uninitialized Data Size : 479232 Entry Point : 0xcfcd0 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2011-07-13 06:02:16
VirusShare info last updated 2012-07-25 00:14:31