VirusShare.com

VirusShare.com - Because Sharing is Caring

Search for "ponmocup" returned 757 results. Displaying the latest 757

MD5 45d67c8273ea0a4c6ec7ca31b4d69ce9

SHA1 a820cd8927304efdd28899d305446bc9fab7873a

SHA256 001e748931d5d6d0d4e77f6ecb8f066210f39b1aecd6f6860cbc24be3655345f

SSDeep 6144:tARCc5UrxbHFKBN8yGH6htp7jyGTiK+6h8OZjoM5huAgYIejc9zEdxYjYVQaGqOs:tgCDhlKBmyrhz7jzTiK+6hVdgLzTWl4s

Size 377704 bytes

File Type PE32 executable for MS Windows (GUI) Intel 80386 32-bit

Detections
AntiVir = TR/Crypt.XPACK.Gen2 Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/CI.A Rising = Trojan.DL.Win32.DownLoad.lx K7AntiVirus = Riskware VirusBuster = Trojan.XPACK!Acu0N2f889A VBA32 = Trojan.Pirminay.ifz TrendMicro-HouseCall = TROJ_GEN.R47C2FJ Comodo = TrojWare.Win32.Trojan.Agent.Gen Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Pirminay.ifz McAfee-GW-Edition = Artemis!45D67C8273EA DrWeb = Trojan.DownLoader3.33842 TrendMicro = TROJ_GEN.R47C2FJ Kaspersky = Trojan.Win32.Pirminay.ifz Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Pirminay.IFZ!tr McAfee = Suspect-BA!45D67C8273EA F-Secure = Trojan.Generic.KDV.249778 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Malware-gen eSafe = Win32.TRCrypt.XPACK AVG = Dropper.Generic3.CGMD Norman = W32/Obfuscated.L Sophos = Mal/Generic-L GData = Trojan.Generic.KDV.249778 BitDefender = Trojan.Generic.KDV.249778 NOD32 = Win32/TrojanDownloader.Agent.PXO

ExIF Data
File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:07:25 03:34:37-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 368640 Initialized Data Size : 8192 Uninitialized Data Size : 479232 Entry Point : 0xcfcd0 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI

VirusTotal Report submitted 2011-07-13 06:02:16

VirusShare info last updated 2012-07-25 00:14:31

	MD5	4f82812218fd580ac234d03fe0812a90
	SHA1	02945a13a874ac149318a1cfd7906facd0441cc5
	SHA256	f9b525a79c6a4130f5e4d6af8afe602d79acf843239476c8c97da2f6f6cde369
SSDeep	6144:fmYpXyWsFU90vrvC/rorym+Q/PsbakYyt9cWlh7wZytqSxdQZKjun:f0Tq0elr74CQsjG
Size	362927 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Pirminay.ekh Avast = Win32:Trojan-gen Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Gen.Variant.Vundo AhnLab-V3 = Win-Trojan/Fakeav.362927 Panda = Generic Trojan nProtect = Trojan/W32.Agent.362927 K7AntiVirus = Trojan VirusBuster = Trojan.Agent!Vd0qsQbYUYg TrendMicro-HouseCall = TROJ_GEN.R72C2D7 Emsisoft = Gen.Variant.Vundo!IK Comodo = TrojWare.Win32.Trojan.Agent.Gen CAT-QuickHeal = Trojan.Pirminay.enc McAfee-GW-Edition = Generic Downloader.x!fvi TrendMicro = TROJ_GEN.R72C2D7 Kaspersky = Trojan.Win32.Pirminay.enc Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = PossibleThreat PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.pp McAfee = Generic Downloader.x!fvi F-Secure = Trojan.Generic.KDV.168873 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Vundo-JU [Trj] AVG = Generic21.BPPC Norman = W32/Suspicious_Gen2.KFHGH Sophos = Mal/Ponmocup-A Symantec = Trojan.Gen GData = Trojan.Generic.KDV.168873 TheHacker = Trojan/Pirminay.elk BitDefender = Trojan.Generic.KDV.168873 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:13 05:08:05-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 32768 Initialized Data Size : 651264 Uninitialized Data Size : 0 Entry Point : 0x5372 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 7.0.6000.16386 Product Version Number : 7.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Otknkmzwv Hdahbzdlrrs File Description : IE PNG plugin image decoder File Version : 7.00.6000.16386 (vqamu_rtm.061101-2205) Internal Name : PNGFILT Legal Copyright : © Pjyhwwhfw Bbopzebvpjz. All rights reserved. Original Filename : PNGFILT.DLL Product Name : Fcbovta® Internet Explorer Product Version : 7.00.6000.16386 Ole Self Register :
VirusTotal Report submitted 2011-07-20 21:55:45
VirusShare info last updated 2012-07-25 01:11:38

	MD5	60b1d98f9edeab508d059b32a681f78d
	SHA1	cc640e672caf34ad8be382d81b98f2cabb21022e
	SHA256	10081aa266cd80f3266c0714faac5ae875484bbcf38e1209553a96eddfe2991e
SSDeep	6144:UPtZwwlwkhwQGvHXF25uXOMhednOo76dve6:UPow+gwQG/XF3ynkZ
Size	295396 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Pirminay.bsd Antiy-AVL = Trojan/Win32.Agent.gen Ikarus = Trojan-Dropper.Agent AhnLab-V3 = Win-Trojan/Pirminay.295396 Panda = Suspicious file Rising = Trojan.Win32.Generic.126EB18D nProtect = Trojan/W32.Agent.295396 TrendMicro-HouseCall = Cryp_Spypro Emsisoft = Trojan-Dropper.Agent!IK Comodo = TrojWare.Win32.TrojanDownloader.Agent.fqdx TrendMicro = Cryp_Spypro Kaspersky = Trojan-Downloader.Win32.Agent.fqdx Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Agent.FQDX!tr.dldr PCTools = Trojan.ADH Jiangmin = TrojanDownloader.Agent.dgzr F-Secure = Trojan.Generic.KDV.110729 VIPRE = Trojan.Win32.Generic!BT Sophos = Mal/Generic-L Symantec = Trojan.ADH GData = Trojan.Generic.KDV.110729 BitDefender = Trojan.Generic.KDV.110729
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:24 01:43:58-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 253952 Initialized Data Size : 278528 Uninitialized Data Size : 0 Entry Point : 0x3e0a6 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.0.2159.1 Product Version Number : 5.0.2159.1 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Microsoft Internet Server WAM DLL File Version : 5.00.0984 Internal Name : wam.dll Legal Copyright : Copyright (C) Microsoft Corp. 1981-1999 Original Filename : wam.dll Product Name : Internet Information Services Product Version : 5.00.0984
VirusTotal Report submitted 2011-02-02 13:36:56
VirusShare info last updated 2012-07-25 01:20:22

	MD5	fa3bef516b41ef312d5952d9521f9366
	SHA1	49d88a5fa622d3d6edf979c85d00a7c8e0acf26e
	SHA256	b6f5f035dacd9eafec70e714db8c77de9f659f1142ff09d41ada75113f08be8d
SSDeep	6144:SneVrMw2CRn5Sr98oYpopgApCs5Y5AXKaSJKgguySB9g7J0aC/LmH1oD:+85dAgApCsGCXKP0UjglG/LqoD
Size	457200 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dldr.Ponmocup.A.263 Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Pirminay.457200 Panda = Trj/CI.A nProtect = Gen:Variant.Riern.1 K7AntiVirus = Riskware VirusBuster = Trojan.Agent!UnmBhekDSWY Comodo = TrojWare.Win32.Trojan.Agent.Gen Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Pirminay.har McAfee-GW-Edition = Generic Downloader.x!fyh Kaspersky = Trojan.Win32.Pirminay.har Microsoft = TrojanDownloader:Win32/Ponmocup.A Jiangmin = Trojan/Pirminay.aaz McAfee = Generic Downloader.x!fyh F-Secure = Trojan.Generic.5986402 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Malware-gen AVG = Generic22.AOOE Norman = W32/Obfuscated.L Sophos = Mal/Generic-L Symantec = WS.Reputation.1 GData = Trojan.Generic.5986402 BitDefender = Trojan.Generic.5986402 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:30 14:03:05-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 126976 Initialized Data Size : 647168 Uninitialized Data Size : 0 Entry Point : 0x1c1b2 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.0 Product Version Number : 5.2.3790.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Tdtgyawod Udlihlihnmx File Description : Where - Lists location of files File Version : 5.2.3790.0 (srv03_rtm.030324-2048) Internal Name : where.exe Legal Copyright : © Uztjlhpmt Edsbwvptkhc. All rights reserved. Original Filename : where.exe Product Name : Zhxnkxjoe® Teigmst® Kletdqnjg Zgdjsc Product Version : 5.2.3790.0
VirusTotal Report submitted 2011-07-20 21:16:11
VirusShare info last updated 2012-07-25 02:11:33

	MD5	fb78ad13c5271486551038ac4098b844
	SHA1	892f4e13cebe27f20be4b05e7e0097bd28e9c4f8
	SHA256	b173b83487af0b0d9927ed36ce196d5a8622ea8b9ed78c86c4d2c7237a531aff
SSDeep	6144:tVzTpjlKvAA1yHlA59Vobxb0KWNczvKTEnrY/UBXdk00lRtz:th1pKveWxobxbtbzv+EnaXH
Size	328031 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.11.23 Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Pirminay.328031 Panda = Trj/CI.A nProtect = Gen:Variant.Riern.1 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!MGefPHvCt48 TrendMicro-HouseCall = TROJ_GEN.R72C2EU Emsisoft = Trojan.Win32.Pirminay!IK Comodo = TrojWare.Win32.Trojan.Agent.Gen McAfee-GW-Edition = Downloader.a!cm TrendMicro = TROJ_GEN.R72C2EU Kaspersky = Trojan.Win32.Pirminay.jje Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Ponmocup.A Jiangmin = Trojan/Pirminay.acx McAfee = Downloader.a!cm F-Secure = Gen:Variant.Riern.1 VIPRE = Trojan.Win32.Generic!SB.0 Avast5 = Win32:Vundo-JU [Trj] AVG = Generic22.BALK Norman = W32/Obfuscated.L Sophos = Mal/Ponmocup-A GData = Gen:Variant.Riern.1 TheHacker = Trojan/Pirminay.hjs BitDefender = Gen:Variant.Riern.1 NOD32 = probably a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:01:31 05:59:50-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 24576 Initialized Data Size : 598016 Uninitialized Data Size : 0 Entry Point : 0x314e OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 4.1.0.3928 Product Version Number : 4.1.0.3928 File Flags Mask : 0x003f File Flags : Pre-release File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Eufugvnlr Fbydcwtvqpy File Description : Tlnthps Media Services Streamer Dll File Version : 4.1.00.3928 Internal Name : STRMDLL Legal Copyright : Copyright (C) Txaqhrjrb Corp. 1992-1999 Original Filename : STRMDLL Product Name : Ziwczpivz® Ugblwmm Media Services Product Version : 4.1.00.3928
VirusTotal Report submitted 2011-08-11 06:45:41
VirusShare info last updated 2012-07-25 02:11:36

	MD5	0165ef8648ca46790d0fefa04c2ab3e1
	SHA1	7c2132e499926a1747b6659b35c6efc6ddea61af
	SHA256	907944d2f499729638c8452eb42a49e352e00e653a573342c536ec38f618feb1
SSDeep	1536:2IxEnJk+XJTvtSFNGQEOKq1iXcep4bSoZQLQD6qOFj2SI4n6k/gmQ:RxEJHFtANGQcq1iseTID9tShvomQ
Size	78336 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/VB.Downloader.Gen Avast = Win32:Hosts-J [Trj] Ikarus = Trojan.Win32.Swisyn AhnLab-V3 = Trojan/Win32.Swisyn Panda = Trj/Qhost.LU Rising = Trojan.Win32.QHost.awf nProtect = Trojan/W32.QHosts.78336 K7AntiVirus = Trojan VirusBuster = Trojan.Swisyn!whPY1JLc4mw VBA32 = SScope.Trojan.VB.0609 eTrust-Vet = Win32/Swisyn.R TrendMicro-HouseCall = TROJ_FAM_00001e3.TOMA Emsisoft = Trojan.Win32.Swisyn!IK Comodo = TrojWare.Win32.Swisyn.C CAT-QuickHeal = TrojanDownloader.Ponmocup.A3 SUPERAntiSpyware = Trojan.Agent/Gen-HackHost McAfee-GW-Edition = Heuristic.BehavesLike.Win32.Downloader.D DrWeb = Trojan.Hosts.303 ByteHero = Virus.Win32.Heur.p TrendMicro = TROJ_FAM_00001e3.TOMA Kaspersky = Trojan.Win32.Swisyn.jyb Microsoft = TrojanDownloader:Win32/Ponmocup.A ViRobot = Trojan.Win32.Swisyn.65024 Fortinet = W32/Swisyn.CQV!tr PCTools = Malware.Changeup Jiangmin = Trojan/Swisyn.cby McAfee = Swisyn.s ClamAV = Trojan.VB-43290 F-Secure = Trojan.QHosts.AVD VIPRE = Trojan.Win32.Swisyn.jyb (v) F-Prot = W32/Swisyn.E.gen!Eldorado AVG = Dropper.VB.CMD Norman = W32/DLoader.ACMAD Sophos = Mal/Swisyn-D GData = Trojan.QHosts.AVD Symantec = W32.Changeup!gen Commtouch = W32/Swisyn.E.gen!Eldorado TheHacker = Trojan/Swisyn.jyb BitDefender = Trojan.QHosts.AVD NOD32 = Win32/Qhost.NRX
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:13 10:28:38-04:00 PE Type : PE32 Linker Version : 6.0 Code Size : 8192 Initialized Data Size : 8192 Uninitialized Data Size : 0 Entry Point : 0x1088 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2011-10-29 15:49:23
VirusShare info last updated 2012-07-25 02:33:07

	MD5	23351b18a90feec673630f763e5ebd99
	SHA1	ff7e419ba3056e4eca1d1b38ab57f51a8011c8dd
	SHA256	101326be04a5f564fabfacb146a204037881e2a35d53349658f6e9390c9aad8b
SSDeep	1536:aQRxQC7zCCuLm0PtZFsDVSC+g4cVR8npJyDsdKWqMdF1s:x7zmnZFsDVSCT4eRmJyaKWndF1s
Size	62976 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.XPACK.Gen Avast = Win32:Malware-gen Ikarus = Win32.SuspectCrc Panda = Trj/CI.A nProtect = Gen:Variant.Graftor.2702 K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_GEN.R01C8K3 Emsisoft = Win32.SuspectCrc!IK McAfee-GW-Edition = Generic Malware.ms TrendMicro = TROJ_GEN.R01C8K3 Fortinet = W32/Kryptik.TMS!tr PCTools = Trojan.Gen Jiangmin = DangerousObject.Multi.cmj McAfee = Generic Malware.ms F-Secure = Gen:Variant.Graftor.2702 VIPRE = Trojan.Win32.Generic!BT eSafe = Win32.Trojan AVG = Generic25.AIMJ Norman = W32/Suspicious_Gen2.RZVCF GData = Gen:Variant.Graftor.2702 Symantec = Trojan.Gen.2 BitDefender = Gen:Variant.Graftor.2702 NOD32 = Win32/Ponmocup.AA
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 20480 Initialized Data Size : 45056 Uninitialized Data Size : 0 Entry Point : 0x13ea OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.1830 Product Version Number : 5.2.3790.1830 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Unicode Company Name : Laflslkfm Wdtqeluyqph File Description : Distributed File Kzfeuu Filter Driver File Version : 5.2.3790.1830 (srv03_sp1_rtm.050324-1447) Internal Name : dfs.sys Legal Copyright : © Npypypxye Qobexzwdstl. All rights reserved. Original Filename : dfs.sys Product Name : Kcuqvzkto® Dnufedn® Wmcirkzqf Utyssw Product Version : 5.2.3790.1830
VirusTotal Report submitted 2011-11-11 03:54:00
VirusShare info last updated 2012-07-25 02:33:36

	MD5	4b618b6a2618784376f32bf19dae6c18
	SHA1	6446f0bc0615fcfe76497aeddecdc0c658d427d4
	SHA256	00561262d40c67e14373dec8ea905b031d5cb41a0ab1945dee697ce4282b4995
SSDeep	6144:SrKhGlyctqx0YajBNQkvRr96urax/v39iCdnJ/QvQQ:PF4CaFasr9Rraxn39iI/QYQ
Size	328081 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.XPACK.Gen Avast = Win32:Malware-gen AhnLab-V3 = Trojan/Win32.ADH Panda = Trj/CI.A TrendMicro-HouseCall = TROJ_GEN.R28C7JH McAfee-GW-Edition = Generic Downloader.x!gd3 ByteHero = Trojan.Malware.Obscu.Gen.002 TrendMicro = TROJ_GEN.R28C7JH Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Palevo.B PCTools = Trojan.ADH McAfee = Generic Downloader.x!gd3 F-Secure = Gen:Trojan.Heur.RP.um3@a4WeIFji VIPRE = Trojan.Win32.Generic!BT AVG = Downloader.Generic12.PKD Sophos = Mal/Palevo-B GData = Gen:Trojan.Heur.RP.um3@a4WeIFji Symantec = Trojan.ADH.2 BitDefender = Gen:Trojan.Heur.RP.um3@a4WeIFji
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:10:12 01:30:16-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 40448 Initialized Data Size : 55296 Uninitialized Data Size : 0 Entry Point : 0x2983 OS Version : 5.0 Image Version : 0.0 Subsystem Version : 5.0 Subsystem : Windows GUI File Version Number : 5.4.1000.1400 Product Version Number : 5.4.1000.1400 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Dgbmwei Qij Gxu, Cksv File Description : Kuliwud Qfo Ybec, Fy File Version : 5.4.1000.1400 Internal Name : Kbfkm Bphqj Kxcog D Legal Copyright : Uacfqp Mws Original Filename : Qeeowjm A Product Name : Hljce Product Version : 5.4.1000.1400 Warning : Possibly corrupt Version resource
VirusTotal Report submitted 2011-10-22 01:59:37
VirusShare info last updated 2012-07-25 00:26:03

	MD5	60a19f6c1710c85b8f21483efd814ac3
	SHA1	e98e8d9f81d0db0cee365f6299f692535df45157
	SHA256	280f2467cee6bb5d20ec31c311a2054238ca60149af751ffcb37b1743d0c5ae2
SSDeep	768:kxs4uxQQAdUIuLAbZ9r/BcOCDodCt244HQoA4FoOB7PT5hLTge+A3/7+yG4AA+:kuxQQAdUIuLOZ7CDwKszPT5hLEsvB
Size	64512 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.XPACK.Gen Avast = Win32:Suprchu [Adw] Ikarus = Win32.SuspectCrc Panda = Trj/CI.A nProtect = Gen:Variant.Graftor.1470 K7AntiVirus = Riskware VirusBuster = Trojan.Ponmocup!aMf/XIbEH8M TrendMicro-HouseCall = TROJ_GEN.R01C1K3 Emsisoft = Win32.SuspectCrc!IK McAfee-GW-Edition = Generic Malware.ms TrendMicro = TROJ_GEN.R01C1K3 Microsoft = Trojan:Win32/Orsam!rts Fortinet = W32/Kryptik.TMS!tr PCTools = Trojan.Gen Jiangmin = DangerousObject.Multi.cmj McAfee = Generic Malware.ms F-Secure = Gen:Variant.Graftor.1470 VIPRE = Trojan.Win32.Generic!BT eSafe = Win32.Trojan Norman = W32/Suspicious_Gen2.RZVMW Sophos = Troj/Virtum-Gen GData = Gen:Variant.Graftor.1470 Symantec = Trojan.Gen.2 BitDefender = Gen:Variant.Graftor.1470 NOD32 = Win32/Ponmocup.AA
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 20480 Initialized Data Size : 45056 Uninitialized Data Size : 0 Entry Point : 0x13ea OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.0 Product Version Number : 5.2.3790.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Kxelmfwja Jrvesamzgls File Description : Scripting PassWord Utility File Version : 5.2.3790.0 (srv03_rtm.030324-2048) Internal Name : scriptpw.dll Legal Copyright : © Hhzcrnjjb Ioyotyhyiqb. All rights reserved. Original Filename : scriptpw.dll Product Name : Ywecavwpn® Jdatins® Tkdrutxtj Zfkmcf Product Version : 5.2.3790.0
VirusTotal Report submitted 2011-11-11 03:50:09
VirusShare info last updated 2012-07-25 02:34:21

	MD5	f39e15fdefacb3f37f8f8890ff900b4e
	SHA1	fcd5f6711ee1e4d1fe03aa1e4f70c87db037e383
	SHA256	f4162e0fc885884af92b5d57c8ed4008754fb67778ecddc6fc2f2af68121f60c
SSDeep	6144:ND5WyDIZjKSPy/eT00ODA21+YeIZZR7qkk6FG:N8yHSPI0gkYNjGkb
Size	248320 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:Rootkit-gen [Rtk] Emsisoft = Trojan.Win32.Agent.AMN!A2 Comodo = TrojWare.Win32.Trojan.Agent.Gen McAfee-GW-Edition = Artemis!F39E15FDEFAC Microsoft = TrojanDownloader:Win32/Ponmocup.A McAfee = Artemis!F39E15FDEFAC AVG = Generic25.AQUR Norman = W32/Obfuscated.L GData = Trojan.Generic.6785244 BitDefender = Trojan.Generic.6785244 NOD32 = probably a variant of Win32/Kryptik.UEO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 8.0 Code Size : 28672 Initialized Data Size : 229376 Uninitialized Data Size : 0 Entry Point : 0x154b OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.0.2195.6685 Product Version Number : 5.0.2195.6685 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Bprafodweer File Description : DHCP Client Service File Version : 5.00.2195.6685 Internal Name : dhcpcsvc.dll Legal Copyright : Copyright (C) Ubtldehxy Corp. 1981-1999 Original Filename : dhcpcsvc.dll Product Name : Craoaeklq(R) Jtunxbv (R) 2000 Hysgewjay Gknnqy Product Version : 5.00.2195.6685
VirusTotal Report submitted 2011-10-29 00:24:56
VirusShare info last updated 2012-07-25 02:36:29

	MD5	f4f5aab86128d66cfadaa2411502644c
	SHA1	8cb3303e845a87eb24ff658c3467f68cf55fbd77
	SHA256	df86d167cbc6c77943052c5121a36b512885955ae7c27996e834e96d490b3189
SSDeep	6144:quyiV3AbaqBJO9loafg1w+Spt3FxP2Ze0mCB3WLZ+Q3:quyEAaqLO9l9X++p2UCB3WF+
Size	297984 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dldr.Ponmocup.A.15 Avast = Win32:Downloader-FCF Ikarus = Trojan-Downloader.Win32.Ponmocup AhnLab-V3 = Malware/Win32.Generic Panda = Suspicious file nProtect = Trojan/W32.Agent.297984.AW TrendMicro-HouseCall = TROJ_GEN.R47C2LU Emsisoft = Trojan-Downloader.Win32.Ponmocup!IK McAfee-GW-Edition = Heuristic.BehavesLike.Win32.Downloader.H DrWeb = Trojan.DownLoader1.48715 TrendMicro = TROJ_GEN.R47C2LU Microsoft = TrojanDownloader:Win32/Ponmocup.A PCTools = Downloader.Generic F-Secure = Trojan.Generic.5281310 VIPRE = Trojan.Win32.Generic!SB.0 Prevx = Medium Risk Malware Avast5 = Win32:Downloader-FCF AVG = Downloader.Generic10.BMKW Norman = W32/Obfuscated.L Sophos = Mal/Generic-L GData = Trojan.Generic.5281310 Symantec = Downloader BitDefender = Trojan.Generic.5281310
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:22 23:51:36-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 58880 Initialized Data Size : 472576 Uninitialized Data Size : 0 Entry Point : 0xf130 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Remote Data Services Data Control Resources File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : msadcor.dll Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : msadcor.dll Product Name : Microsoft® Windows® Operating System Product Version : 6.1.7600.16385
VirusTotal Report submitted 2011-01-03 20:06:38
VirusShare info last updated 2012-07-25 02:36:31

	MD5	44d6afdb5a8a89d886fd2f47476b949d
	SHA1	d1f0e588ad6b4669c93bfde3fb4b4265ea9eade2
	SHA256	c8131de3566899bc407c77e1eb1e85a5366780476a1e6ac2485544217488b576
SSDeep	12288:qgCDhlKBmyrhz7jzTiK+6hVdgLzTWl4BJyqcUuA:qgCTcNbHhVuMa
Size	406376 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.XPACK.Gen Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/CI.A Rising = Trojan.DL.Win32.DownLoad.lx K7AntiVirus = Riskware VirusBuster = Trojan.XPACK!2T0wzr7hpnE TrendMicro-HouseCall = TROJ_GEN.R28C2G8 Comodo = TrojWare.Win32.Trojan.Agent.Gen Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = QHosts-150 DrWeb = Trojan.Smardec.75 TrendMicro = TROJ_GEN.R28C2G8 Kaspersky = Trojan.Win32.Pirminay.ien Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.alh McAfee = QHosts-150 F-Secure = Trojan.Generic.6245857 VIPRE = Trojan.Win32.Generic!BT AVG = Dropper.Generic3.CGMD Norman = W32/Obfuscated.L GData = Trojan.Generic.6245857 Symantec = Trojan.Gen BitDefender = Trojan.Generic.6245857 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:07:25 03:34:37-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 368640 Initialized Data Size : 36864 Uninitialized Data Size : 507904 Entry Point : 0xd6ce0 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2011-11-10 17:08:56
VirusShare info last updated 2012-07-25 02:50:59

	MD5	4f4b194e890546255e1ed5e0068855a1
	SHA1	134005a551df8acad4e5607b2b1df35b84d2bb6f
	SHA256	f08280b170d75557136e81f2f1f636871cc0428ae92fcc34436ea93468a6cf26
SSDeep	384:LVbVtO1R8sUWOhHIuyizbNyYr4whnkxk4eg:LJfO8sUxii/Nym4wh+
Size	20352 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	Ikarus = not-a-virus:AdWare.Win32.SuperJuan Panda = Suspicious file K7AntiVirus = Trojan Comodo = UnclassifiedMalware Emsisoft = Riskware.AdWare.Win32.SuperJuan!IK DrWeb = Trojan.WinSpy.1014 Kaspersky = Trojan.Win32.Pirminay.pbw Jiangmin = TrojanDownloader.Agent.ctuc F-Secure = Trojan.Generic.6828007 VIPRE = Trojan-Downloader.Win32.Agent.ecjo (v) AVG = Downloader.Small.62.D Sophos = Sus/Behav-278 GData = Trojan.Generic.6828007 BitDefender = Trojan.Generic.6828007 NOD32 = a variant of Win32/Ponmocup.AA
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 3072 Initialized Data Size : 2048 Uninitialized Data Size : 0 Entry Point : 0x19af OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2011-11-10 17:16:15
VirusShare info last updated 2012-07-25 02:51:17

	MD5	93e640b2ea3f4b834b75e1a0aca68708
	SHA1	57d04c371a1dfd7378521a0dfa4f7a22ffe79c05
	SHA256	5ba81cbedbb8c74e4e6a5243e642a3ddc8909d70c37c3ed7ead94582bc06ee83
SSDeep	768:CiWcBGWWl9FX8hiw2ftrn548oNCFwA7mW:ycBGWeG6lL59orW
Size	34135 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Spy.Gen Avast = Win32:Vundo-JN [Trj] Ikarus = not-a-virus:AdWare.Win32.SuperJuan AhnLab-V3 = Trojan/Win32.Variant Panda = Generic Malware nProtect = Gen:Variant.Vundo.10 VBA32 = AdWare.SuperJuan.heur Emsisoft = Riskware.AdWare.Win32.SuperJuan!IK McAfee-GW-Edition = Generic PUP.x!tj DrWeb = Trojan.WinSpy.origin Kaspersky = not-a-virus:AdWare.Win32.SuperJuan.heur Microsoft = Trojan:Win32/Vundo.gen!AV Jiangmin = Adware/SuperJuan.hk McAfee = Generic PUP.x!tj F-Secure = Gen:Variant.Vundo.10 VIPRE = Virtumonde Sophos = Sus/Behav-278 GData = Gen:Variant.Vundo.10 BitDefender = Gen:Variant.Vundo.10 NOD32 = a variant of Win32/Ponmocup.AA
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 8192 Initialized Data Size : 23040 Uninitialized Data Size : 0 Entry Point : 0x2f3a OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2011-11-11 12:58:48
VirusShare info last updated 2012-07-25 02:53:06

	MD5	e0ca502cf60f8811232aa5e5db58c855
	SHA1	e4ea5f2deb6f23752203dd44071c0d5b8222cf00
	SHA256	ac34d44038ad892812fddb381805fcc6de005fe1ba3e65f8956422d465bf31cb
SSDeep	1536:aQRxQC7zCCuLm0P0mFsD6SC+g4cVR8npJyDsdKWqVndF1s:x7zmGmFsD6SCT4eRmJyaKWGdF1s
Size	62976 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.XPACK.Gen Avast = Win32:Malware-gen Ikarus = Win32.SuspectCrc Panda = Trj/CI.A nProtect = Gen:Variant.Graftor.2702 Emsisoft = Win32.SuspectCrc!IK McAfee-GW-Edition = Generic Malware.ms Fortinet = W32/Kryptik.TMS!tr Jiangmin = DangerousObject.Multi.cmj McAfee = Generic Malware.ms F-Secure = Gen:Variant.Graftor.2702 eSafe = Win32.Trojan AVG = Generic25.AIMJ GData = Gen:Variant.Graftor.2702 BitDefender = Gen:Variant.Graftor.2702 NOD32 = Win32/Ponmocup.AA
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 20480 Initialized Data Size : 45056 Uninitialized Data Size : 0 Entry Point : 0x13ea OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.1830 Product Version Number : 5.2.3790.1830 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Unicode Company Name : Laflslkfm Wdtqeluyqph File Description : Distributed File Kzfeuu Filter Driver File Version : 5.2.3790.1830 (srv03_sp1_rtm.050324-1447) Internal Name : dfs.sys Legal Copyright : © Npypypxye Qobexzwdstl. All rights reserved. Original Filename : dfs.sys Product Name : Kcuqvzkto® Dnufedn® Wmcirkzqf Utyssw Product Version : 5.2.3790.1830
VirusTotal Report submitted 2011-11-11 14:11:03
VirusShare info last updated 2012-07-25 02:54:56

	MD5	fe666e9290c6ec4e80ac2b00228b19d8
	SHA1	f9c44e8bd99084e5add3f1aa75bfec26f36b4e05
	SHA256	b3b6b7082bc7ae5865545dfce0a434214039064e0d18c1f6a02649c43d213989
SSDeep	1536:V42HABZQlbwLd/jSx7DFppGnRLM3ghKLc7NVx7OAJPjNGbw9iyWw+1VtX2t:oQiu7DwlMQ8Lc7NqAJPjNGbw9iyWw+1i
Size	87040 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.XPACK.Gen Avast = Win32:Suprchu [Adw] Ikarus = Trojan.SuspectCRC AhnLab-V3 = Trojan/Win32.HDC Panda = Generic Malware nProtect = Gen:Variant.Graftor.1470 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!2uVkppBkLgU TrendMicro-HouseCall = TROJ_GEN.R49C8K3 Emsisoft = Trojan.SuspectCRC!IK Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[RE] McAfee-GW-Edition = Generic.dx!bbkp TrendMicro = TROJ_GEN.R49C8K3 Fortinet = W32/Virtum!tr PCTools = Trojan.Gen Jiangmin = DangerousObject.Multi.cmj McAfee = Generic.dx!bbkp F-Secure = Gen:Variant.Graftor.1470 VIPRE = Trojan.Win32.Generic!BT AVG = Generic25.PFV Sophos = Troj/Virtum-Gen GData = Gen:Variant.Graftor.1470 Symantec = Trojan.Gen.2 TheHacker = Trojan/Kryptik.tms BitDefender = Gen:Variant.Graftor.1470 NOD32 = Win32/Ponmocup.AA
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 20480 Initialized Data Size : 69632 Uninitialized Data Size : 0 Entry Point : 0x140a OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.0.3000.11 Product Version Number : 5.0.3000.11 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 1 Language Code : Czech Character Set : Unicode Company Name : Brother Industries, Ltd. File Description : brclrui.dll File Version : 5.0.3000.11 (vbl_wcp_d2_drivers.060616-1619) Internal Name : brclrui.dll Legal Copyright : Copyright © Brother Industries, Ltd. 2002 Original Filename : brclrui.dll Product Name : Operacni system Aknwrhrcy® Oavwxnf® Product Version : 5.0.3000.11
VirusTotal Report submitted 2011-11-10 19:32:32
VirusShare info last updated 2012-07-25 02:55:51

	MD5	ff91da21335a637bb79099551f3a89a3
	SHA1	1a9c561ef51381f9541b54c1c06c007c8d9abd58
	SHA256	b1482da2852d799695de4ef89fa81c204413d9d3a51ca655064ce85a609ea6df
SSDeep	3072:eETYc2lGIC0jV1eNURJXdIn5UIyQk6qhtDQZVlPulXMIqFLYiA6TZvgs+Q+HQ1Om:e0RRE1bhdIBkrD+klX5l6NIs7UGfkN
Size	217088 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Graftor.1139.6 Avast = Win32:Pirminay-ED [Trj] Antiy-AVL = Trojan/Win32.Jorik Ikarus = Trojan-Downloader.Win32.Ponmocup AhnLab-V3 = Trojan/Win32.Pirminay Panda = Generic Malware Rising = Trojan.Win32.Generic.129E4219 nProtect = Trojan/W32.Jorik.217088.I VirusBuster = Trojan.Kryptik!Fs0GVbZ5LPE VBA32 = Trojan.Jorik.Pirminay.arw TrendMicro-HouseCall = TROJ_GEN.RC1C1K2 Emsisoft = Trojan-Downloader.Win32.Ponmocup!IK Comodo = TrojWare.Win32.Trojan.Agent.Gen SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] DrWeb = Trojan.WinSpy.1014 ByteHero = Trojan.Win32.Heur.Gen TrendMicro = TROJ_GEN.RC1C1K2 Kaspersky = Trojan.Win32.Jorik.Pirminay.arw Microsoft = TrojanDownloader:Win32/Ponmocup.A PCTools = Trojan.Gen Jiangmin = Trojan/Generic.kfzm McAfee = Generic Malware.ms F-Secure = Gen:Variant.Graftor.1139 VIPRE = Trojan.Win32.Generic!BT eSafe = Win32.Trojan AVG = Generic25.AMVO Norman = W32/Obfuscated.L Sophos = Mal/Generic-L GData = Gen:Variant.Graftor.1139 Symantec = Trojan.Gen.2 TheHacker = Trojan/Kryptik.ufa BitDefender = Gen:Variant.Graftor.1139 NOD32 = a variant of Win32/Kryptik.UFA
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 16384 Initialized Data Size : 204800 Uninitialized Data Size : 0 Entry Point : 0x1292 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 0.3.0.0 Product Version Number : 5.2.3790.1224 File Flags Mask : 0x003f File Flags : Private build File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 1 Language Code : English (U.S.) Character Set : Unicode Company Name : Btlnwdkir Hbpyfmmepwm File Description : Canon BJ Mini Printer Driver File Version : 5.2.3790.1224 (dnsrv(skatari).040514-1058) Internal Name : CNB80.DLL Legal Copyright : © Wayyzpmuo Haxekojksmi. All rights reserved. Original Filename : CNB80.DLL Product Name : Idxihulhn® Fxpxeya® Svwjxmxpu Gdzvoq Product Version : 5.2.3790.1224
VirusTotal Report submitted 2011-11-11 14:54:36
VirusShare info last updated 2012-07-25 02:55:53

	MD5	77f326030810119c38602a09ddb40287
	SHA1	b05a9decca98acd8ffc9f9dde280b4f7f43c40db
	SHA256	f006a80e75863a9c50a612ad3fa9ef44253189f3132f6d5830dfedf24b25fbff
SSDeep	6144:eEs5ljDuUHiqam7UYpJ6XnFN67eWlFcY4wbncwsVjo1c5eRHv:z4ljDuYi47UK6XnFkescY4wrn2joa5ed
Size	344156 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	Ikarus = Trojan.Win32.Pirminay nProtect = Gen:Variant.Zbot.34 Emsisoft = Trojan.Win32.Pirminay!IK F-Secure = Gen:Variant.Zbot.34 Sophos = Mal/Ponmocup-A GData = Gen:Variant.Zbot.34 BitDefender = Gen:Variant.Zbot.34 NOD32 = a variant of Win32/Kryptik.NDZ
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:02:06 23:57:43-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 40960 Initialized Data Size : 593920 Uninitialized Data Size : 0 Entry Point : 0x7852 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.0 Product Version Number : 5.2.3790.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Nsnkjfxbk Aqaqgriudtz File Description : DCOM Proxy for NPPAgent Object File Version : 5.2.3790.0 (srv03_rtm.030324-2048) Internal Name : ProxyRemote.DLL Legal Copyright : © Iptzslvsi Yzlnbmznoxs. All rights reserved. Original Filename : ProxyRemote.DLL Product Name : Lkmwwcafc® Atveeph® Vcxsjvhcr Bypoke Product Version : 5.2.3790.0
VirusTotal Report submitted 2011-05-30 15:30:35
VirusShare info last updated 2012-07-25 02:57:12

	MD5	cddbf32a5c4a53aee1e1db2ea856570a
	SHA1	c02211b59a9bc9587138910168b25363513eeb91
	SHA256	bdc56ace2331df67c0fa0c920c11e8c690ba7c2bc063b5a8e4a7a2cafa3dc917
SSDeep	96:8lC+N0mu0NfhnM6+4iKcySAWpgwscH341VANqmMgY:P+N8UfhnNcySbQR1VSqm6
Size	6304 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Agent.eigo Avast = Win32:Malware-gen Ikarus = not-a-virus:AdWare.Win32.SuperJuan AhnLab-V3 = Trojan/Win32.Agent Panda = Trj/CI.A nProtect = Gen:Variant.Graftor.1013 VirusBuster = Trojan.Agent!arhTpnB25Zw VBA32 = Trojan.Agent.eigo Comodo = UnclassifiedMalware Emsisoft = Riskware.AdWare.Win32.SuperJuan!IK McAfee-GW-Edition = Generic.dx!bbcb DrWeb = Trojan.WinSpy.1014 Kaspersky = Trojan.Win32.Agent.eigo Jiangmin = TrojanDownloader.Agent.ctuc McAfee = Generic.dx!bbcb F-Secure = Trojan.Generic.6249216 VIPRE = Trojan-Downloader.Win32.Agent.ecjo (v) AVG = Downloader.Small.62.D Sophos = Sus/Behav-278 GData = Trojan.Generic.6249216 BitDefender = Trojan.Generic.6249216 NOD32 = a variant of Win32/Ponmocup.AA
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 3072 Initialized Data Size : 2048 Uninitialized Data Size : 0 Entry Point : 0x198f OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2011-11-13 04:41:00
VirusShare info last updated 2012-07-25 02:59:16

	MD5	049e62f3077d85b7ac8402401917338f
	SHA1	38d89c7ac00df140208237a8648c82d3a290dcca
	SHA256	26c3f7bc2961a7273d72921f43ca0889440b2a8664d51c6d1455a1ce00589bf8
SSDeep	6144:x2ngdk04it+YCbMAIyF3sVXiKekhH4terF9vdMKB2ufPFvZg3nnF0YpuOBO9qFJw:ghiCbMA3FckwXFM6H3g3nFiqxM
Size	467557 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.XPACK.Gen3 Avast = Win32:Kryptik-CIP [Trj] Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Pirminay.467557 Panda = Generic Trojan nProtect = Trojan/W32.Pirminay.467557 VirusBuster = Trojan.Agent!RR/Z7MKMAMk VBA32 = TrojanDownloader.Agent.pxo TrendMicro-HouseCall = TROJ_GEN.R47C2ED Emsisoft = Trojan.Win32.Pirminay!IK Comodo = TrojWare.Win32.Trojan.Agent.Gen SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Heuristic.BehavesLike.Win32.Suspicious.H DrWeb = Trojan.DownLoader2.56131 TrendMicro = TROJ_GEN.R47C2ED Kaspersky = Trojan.Win32.Pirminay.gob Microsoft = TrojanDownloader:Win32/Ponmocup.A PCTools = Trojan.Gen Jiangmin = Trojan/Generic.hiem McAfee = Artemis!049E62F3077D F-Secure = Trojan.Generic.5910974 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Kryptik-CIP [Trj] AVG = SHeur3.BYYJ Norman = W32/Obfuscated.L Symantec = Trojan.Gen GData = Trojan.Generic.5910974 TheHacker = Trojan/Pirminay.gob BitDefender = Trojan.Generic.5910974 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:04:20 22:59:15-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 102400 Initialized Data Size : 688128 Uninitialized Data Size : 0 Entry Point : 0x16152 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7000.0 Product Version Number : 6.1.7000.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Unicode Company Name : Vwmezyaqy Vdqtkycjtkt File Description : Processor Device Driver File Version : 6.1.7000.0 (winmain_win7beta.081212-1400) Internal Name : intelppm.sys Legal Copyright : © Ewcuvlutu Qcbxicjcffq. All rights reserved. Original Filename : intelppm.sys Product Name : Fqzzpuxae® Vxdwtjx® Operating System Product Version : 6.1.7000.0
VirusTotal Report submitted 2011-07-20 23:13:25
VirusShare info last updated 2012-07-25 03:55:51

	MD5	054b275c6c6ade019fab9bd37b707b12
	SHA1	523dd96468dd976a14b95eb919b38026856d20a4
	SHA256	690e4dcdaec5ce1ab6fad74563b620047a41e7e797a99b145f64d4faa24524c2
SSDeep	6144:FxHIiIiQr+2yC16OB0GMV3b5VG34NfkHkf:FxHIq0l9x09V3VUH
Size	210944 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Graftor.1139.5 Avast = Win32:Kryptik-FHY [Trj] Antiy-AVL = Trojan/Win32.Jorik Ikarus = Trojan-Downloader.Win32.Ponmocup AhnLab-V3 = Trojan/Win32.Pirminay nProtect = Gen:Variant.Graftor.1139 K7AntiVirus = Trojan VirusBuster = Trojan.Kryptik!t635wNJygZg TrendMicro-HouseCall = TROJ_GEN.R72C1JO Emsisoft = Trojan-Downloader.Win32.Ponmocup!IK CAT-QuickHeal = Trojan.Jorik.Pirminay.aop McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.Packed.21871 ByteHero = Trojan.Win32.Heur.Gen TrendMicro = TROJ_GEN.R72C1JO Kaspersky = Trojan.Win32.Jorik.Pirminay.aop Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Jorik_Pirminay.AOP!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.kfzm McAfee = Generic Malware.ms F-Secure = Gen:Variant.Graftor.1139 VIPRE = Trojan.Win32.Generic!BT AVG = Generic25.AIIS Norman = W32/Obfuscated.L Sophos = Mal/Generic-L GData = Gen:Variant.Graftor.1139 Symantec = Trojan.Gen BitDefender = Gen:Variant.Graftor.1139 NOD32 = a variant of Win32/Kryptik.UFA
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 16384 Initialized Data Size : 200704 Uninitialized Data Size : 0 Entry Point : 0x128e OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Uclhigbyc Corporation File Description : WMI Provider for Sessions and Connections File Version : 6.0.6000.16386 (qhvin_rtm.061101-2205) Internal Name : WMIPSess.dll Legal Copyright : © Gykengscd Wgpghjhaylg. All rights reserved. Original Filename : WMIPSess.dll Product Name : Bilcgytju® Gepsmrk® Uqspgrths Reuuaa Product Version : 6.0.6000.16386
VirusTotal Report submitted 2011-10-29 12:16:22
VirusShare info last updated 2012-07-25 03:56:46

	MD5	06066237e0abb3065f3d0dd82befe249
	SHA1	981868d7449cfe2e1509bcb835d0426131b59910
	SHA256	228435350f0401f54a64bab0d8978c659329c8e5385e5a109a61c01c8fc5b91f
SSDeep	6144:12YCMrpmfPHkcHYX7Cr63TTcp3gAF4z9Cv+KSUQ32ry/Kmd4WVCLhKne0B82El:1HCwrUI7g6jYS64zUvDSjuWjH77Wbl
Size	393643 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Spy.393643 Avast = Win32:Spyware-gen [Spy] Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Generic Trojan VirusBuster = TrojanSpy.Agent!N4s9M8aSyjY VBA32 = Trojan.Pirminay.igw TrendMicro-HouseCall = TROJ_GEN.R47C2H6 Emsisoft = Trojan.Win32.Pirminay!IK Comodo = TrojWare.Win32.Trojan.Agent.Gen CAT-QuickHeal = Trojan.Pirminay.igw SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[RE] McAfee-GW-Edition = Artemis!06066237E0AB DrWeb = Trojan.DownLoader3.32124 TrendMicro = TROJ_GEN.R47C2H6 Kaspersky = Trojan.Win32.Pirminay.igw Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = PossibleThreat PCTools = Trojan.ADH Jiangmin = Trojan/Pirminay.acs McAfee = Artemis!06066237E0AB F-Secure = Gen:Trojan.Heur.RP.ymLfamRySpdi VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Spyware-gen [Spy] eSafe = Win32.GenHeur.RP.Yml AVG = SHeur3.CERD Norman = W32/Obfuscated.L Sophos = Mal/Generic-L GData = Gen:Trojan.Heur.RP.ymLfamRySpdi Symantec = Trojan.ADH TheHacker = Trojan/Pirminay.iha BitDefender = Gen:Trojan.Heur.RP.ymLfamRySpdi NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:25 17:24:29-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 393216 Initialized Data Size : 4096 Uninitialized Data Size : 487424 Entry Point : 0xd7010 OS Version : 4.0 Image Version : 21315.20512 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.5512 Product Version Number : 5.1.2600.5512 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Bwvwoqvlf Ehscgqxswrs File Description : Yanaoab NT MARTA provider File Version : 5.1.2600.5512 (xpsp.080413-2113) Internal Name : ntmarta.dll Legal Copyright : © Grqpskjaw Jisqfrwdtfo. All rights reserved. Original Filename : ntmarta.dll Product Name : Mqtosrgiz® Psctysy® Operating Jgcrjk Product Version : 5.1.2600.5512
VirusTotal Report submitted 2011-09-14 09:55:57
VirusShare info last updated 2012-07-25 03:59:26

	MD5	0728e719bd2009ff4fcebc85b76575ac
	SHA1	d3ad9d0898abca9399dc82ad94ecb754f2540ffe
	SHA256	cf8113327566d0ec384955d27b8f3b894b0422b60a021e16a117f66c83596af7
SSDeep	6144:RX1YcLVB9i2GVSs2RocIAYn/Qu2oX2AWgwRRogsZPx/jaU1ctCm7AbcvNmeSCO2S:Acin/8HWw81ZPx3kE/CLYd
Size	529408 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dldr.Ponmocup.A.203 Avast = Win32:Pirminay-W [Trj] Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Dropper/Malware.529408.S Panda = Generic Trojan nProtect = Trojan/W32.Agent.529408.AH K7AntiVirus = Trojan VirusBuster = Trojan.Pirminay!oMxRSPb2dyM TrendMicro-HouseCall = TROJ_GEN.R4FC2EI Comodo = TrojWare.Win32.Trojan.Agent.Gen Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Pirminay.evj SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Generic Downloader.x!fxh DrWeb = Trojan.Hosts.4338 TrendMicro = TROJ_GEN.R4FC2EI Kaspersky = Trojan.Win32.Pirminay.evj Microsoft = TrojanDownloader:Win32/Renos.KC Fortinet = W32/Pirminay.EVJ!tr PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.rh McAfee = Generic Downloader.x!fxh F-Secure = Trojan.Generic.KDV.180209 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Pirminay-W [Trj] AVG = Generic21.CMQL Norman = W32/Obfuscated.L Sophos = Mal/Generic-L GData = Trojan.Generic.KDV.180209 Symantec = Trojan.Gen TheHacker = Trojan/Pirminay.evj BitDefender = Trojan.Generic.KDV.180209 NOD32 = a variant of Win32/Kryptik.LLT
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:05:29 14:47:09-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 172032 Initialized Data Size : 716800 Uninitialized Data Size : 0 Entry Point : 0x26b9f OS Version : 4.0 Image Version : 8.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 3.0.6920.1820 Product Version Number : 3.0.6920.1820 File Flags Mask : 0x003f File Flags : Private build File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Zpzigvqao Memlxbfqgmu File Description : PresentationFramework.Classic.dll File Version : 3.0.6920.1820 built by: NetFXw7 Internal Name : PresentationFramework.Classic.dll Legal Copyright : © Krqpgqknf Ueltkfwpmix. All rights reserved. Original Filename : PresentationFramework.Classic.dll Product Name : Hcmqvwvpx® .NET Framework Product Version : 3.0.6920.1820 Comments : Flavor=Retail Private Build : DDBLD228
VirusTotal Report submitted 2011-09-12 11:41:52
VirusShare info last updated 2012-07-25 04:04:42

	MD5	08ab6c97e0b35806c30b180fe0bf2418
	SHA1	a2ab870acac8b4039a304456dfc982c78a17bfec
	SHA256	1ce932baae2fa10c1cd8d645e2f624ed84fdf50b4032aab626df05e2110e098c
SSDeep	6144:uw5hVS7NDlAssy/NQJRJjKU5Er86nylsH+P9qIuFpTmfx/RPfipVTiyuDNpfl8W:uZ9iqU/6ylsH+5TiHTiy6NpWW
Size	348538 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Pirminay.dap Avast = Win32:Rootkit-gen Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan-Downloader.Win32.Ponmocup AhnLab-V3 = Trojan/Win32.Pirminay Panda = Suspicious file nProtect = Gen:Variant.Zbot.34 K7AntiVirus = Riskware VBA32 = SScope.Trojan.Pirminay.chc TrendMicro-HouseCall = TROJ_GEN.R3EC1BL Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Pirminay.dav McAfee-GW-Edition = Generic.dx!vyd TrendMicro = TROJ_GEN.R3EC1BL Kaspersky = Trojan.Win32.Pirminay.dav Microsoft = TrojanDownloader:Win32/Renos.KC Fortinet = PossibleThreat PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.kj McAfee = Generic.dx!vyd F-Secure = Trojan.Generic.5448847 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Rootkit-gen AVG = Generic21.EJA Norman = W32/Obfuscated.L Sophos = Mal/Generic-L Symantec = Trojan.Gen GData = Trojan.Generic.5448847 TheHacker = Trojan/Kryptik.ejh BitDefender = Trojan.Generic.5448847 NOD32 = a variant of Win32/Kryptik.EJH
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:14 16:59:59-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 32768 Initialized Data Size : 622592 Uninitialized Data Size : 0 Entry Point : 0x85fc OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.1915.1830 Product Version Number : 5.2.1915.1830 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Message Queuing Active Directory Client File Version : 5.2.1915.1830 (srv03_sp1_rtm.050324-1447) Internal Name : MQAD.DLL Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : MQAD.DLL Product Name : Microsoft® Windows® Operating System Product Version : 5.2.1915.1830
VirusTotal Report submitted 2011-06-22 11:44:20
VirusShare info last updated 2012-07-25 04:06:47

	MD5	0d2c8a4d110373ef46bb96e01e30d94b
	SHA1	691f35064dade2b166feb8b4068c1e75ce26b237
	SHA256	224cc47e349a51d603f110f241a9e8a22dc75e6eec887c5314be54c6a4535094
SSDeep	6144:90eyo6gUt/Zs6UTiGjO+114VIgvPQ2MDNEE+sognkT3JYckCe:90eyoByWvVg3Q9JEAonz
Size	311296 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:Kryptik-DEK [Trj] Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Generic Trojan nProtect = Trojan-Clicker/W32.Fakealert.311296.C VirusBuster = Trojan.Pirminay!VM4B3l6mVsY VBA32 = Trojan.Pirminay.ihk TrendMicro-HouseCall = TROJ_GEN.R47C2FL Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Pirminay.ihk SUPERAntiSpyware = Trojan.Agent/Gen-Falleg[RE] McAfee-GW-Edition = Artemis!0D2C8A4D1103 DrWeb = Trojan.DownLoader3.32380 TrendMicro = TROJ_GEN.R47C2FL Kaspersky = Trojan.Win32.Pirminay.ihk Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Pirminay.IHK!tr PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.adu McAfee = Artemis!0D2C8A4D1103 F-Secure = Trojan.Generic.6148258 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Kryptik-DEK [Trj] eSafe = Win32.TRDropper AVG = Generic23.GFX Norman = W32/Suspicious_Gen2.MVMJZ Sophos = Mal/Generic-L Symantec = Trojan.Gen GData = Trojan.Generic.6148258 TheHacker = Trojan/Pirminay.ihk BitDefender = Trojan.Generic.6148258 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:11:14 22:09:53-05:00 PE Type : PE32 Linker Version : 5.12 Code Size : 311296 Initialized Data Size : 4096 Uninitialized Data Size : 393216 Entry Point : 0xac400 OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 4.11.21.0 Product Version Number : 4.11.21.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : U.S. Robotics Ogelakbqpag File Description : 3csdpi File Version : 4. 11. 21 Internal Name : 3csdpi Legal Copyright : Copyright © 2000 U.S. Robotics Xibapwwzbst Legal Trademarks : Original Filename : 3csdpi.dll Private Build : Product Name : U.S. Robotics Modem Driver Product Version : 4. 11. 21 Special Build :
VirusTotal Report submitted 2011-07-15 14:40:09
VirusShare info last updated 2012-07-25 04:13:42

	MD5	0e32c657cc265eeff5da1bf34119981d
	SHA1	b8772b9b08f86a402660f4171307101b09c3140b
	SHA256	031764271d32e802dd84fff28c4ac2b0ddadbedf46936b9e4712fc6855a86307
SSDeep	6144:TTUyAs15d/3BfydG/wyBMUyAg8jId0a3kPx/GA6UerC26ie+T5SvCtWRN:/53B6GnBMUQyaUZGAjLvC8H
Size	363469 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.5.18 Avast = Win32:Dropper-gen [Drp] Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Pirminay.363469 Panda = Trj/CI.A Rising = Trojan.Win32.Generic.1289D138 nProtect = Trojan/W32.Pirminay.363469 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!SwtpIwwljRQ VBA32 = Trojan.Pirminay.goj TrendMicro-HouseCall = TROJ_GEN.R47C2ED Comodo = TrojWare.Win32.Trojan.Agent.Gen Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Pirminay.goj SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[RE] McAfee-GW-Edition = Heuristic.BehavesLike.Win32.Suspicious.H DrWeb = Trojan.DownLoader4.11631 TrendMicro = TROJ_GEN.R47C2ED Kaspersky = Trojan.Win32.Pirminay.goj Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Ponmocup.A PCTools = Trojan.ADH Jiangmin = Trojan/Pirminay.agv McAfee = Generic.dx!zkq F-Secure = Gen:Variant.Vundo.5 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Dropper-gen [Drp] AVG = Generic22.ANYC Norman = W32/Suspicious_Gen2.LWCCE Sophos = Mal/Ponmocup-A Symantec = Trojan.ADH GData = Gen:Variant.Vundo.5 TheHacker = Trojan/Pirminay.goj BitDefender = Gen:Variant.Vundo.5 NOD32 = a variant of Win32/Kryptik.LLT
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:03:30 21:37:48-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 65536 Initialized Data Size : 589824 Uninitialized Data Size : 0 Entry Point : 0xcc6b OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.0.2195.6620 Product Version Number : 5.0.2195.6620 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Gthapoftv Nkvupyqcxix File Description : IIS Log File Conversion Utility File Version : 5.00.2195.6620 Internal Name : convlog.exe Legal Copyright : Copyright (C) Rpruciyyz Corp. 1981-1999 Original Filename : convlog.exe Product Name : Nihezboez(R) Jsfokgn (R) 2000 Xwnmsixqj Rzhtlp Product Version : 5.00.2195.6620
VirusTotal Report submitted 2011-07-21 21:21:35
VirusShare info last updated 2012-07-25 04:15:08

	MD5	0eef6b0fb0fb43b8db583d41828a1416
	SHA1	8fbf95a857b55eff3b5ec5a02cffef729725f900
	SHA256	97bafdc7b2dea712bb25640dfe5e2d0f7072fa72feace72e882219e384175881
SSDeep	6144:cGruOUCkdYpCgUj2msuv4YzEOrCWiGWnbjEnSGm5dCsFBrea9mOvfyaqtEr35:mO8dYxI2msugYWWinhPCCl6/w
Size	418265 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Spy.418265 Avast = Win32:Kryptik-CGY [Trj] Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Pirminay.418265 Panda = Trj/CI.A nProtect = Trojan/W32.Pirminay.418265 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!SUpVBVG6qtQ TrendMicro-HouseCall = TROJ_GEN.R21C2FK Comodo = TrojWare.Win32.Trojan.Agent.Gen Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Pirminay.hcs SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Generic Downloader.x!fys TrendMicro = TROJ_GEN.R21C2FK Kaspersky = Trojan.Win32.Pirminay.hcs Microsoft = TrojanDownloader:Win32/Ponmocup.A Jiangmin = Trojan/Pirminay.ago McAfee = Generic Downloader.x!fys F-Secure = Gen:Variant.Vundo.11 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Kryptik-CGY [Trj] AVG = Generic22.AISB Norman = W32/Obfuscated.L Sophos = Mal/Ponmocup-A GData = Gen:Variant.Vundo.11 TheHacker = Trojan/Pirminay.hcp BitDefender = Gen:Variant.Vundo.11 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:04:29 17:34:20-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 139264 Initialized Data Size : 557056 Uninitialized Data Size : 0 Entry Point : 0x22c10 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6002.18005 Product Version Number : 6.0.6002.18005 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 9 Language Code : English (U.S.) Character Set : Unicode Company Name : Guakyncuo Vbrejfbjvqw File Description : Winmm audio system driver File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830) Internal Name : wdmaud.drv Legal Copyright : © Npwplkmlm Uwitvoeuats. All rights reserved. Original Filename : wdmaud.drv Product Name : Adpdrvssm® Igeomkm® Jjullbbtj Mpjaao Product Version : 6.0.6002.18005
VirusTotal Report submitted 2011-08-13 16:31:00
VirusShare info last updated 2012-07-25 04:16:03

	MD5	0f13a4c33800dc751b6b4ef7bda8af8c
	SHA1	04c6319851ca8b42214516eaacf244ce961fdcf1
	SHA256	b6c2244f42e4f5a8a831bb7f4cf4c62dba025e5b51dc5f179b8fc9fad0c69675
SSDeep	6144:x2ngdk04it+YCbMAIyF3sVXiKekhH4terF9vdMKB2ufPFvZg3nnF0YpuOBO9qFJE:ghiCbMA3FckwXFM6H3g3nFiqxI
Size	467448 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.XPACK.Gen3 Avast = Win32:Kryptik-CIP [Trj] Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Gen Panda = Trj/CI.A Rising = Trojan.Win32.Generic.1287AEC0 nProtect = Gen:Variant.Riern.1 VirusBuster = Trojan.Agent!RR/Z7MKMAMk TrendMicro-HouseCall = TROJ_GEN.R31C2F7 Emsisoft = Trojan.Win32.Pirminay!IK Comodo = TrojWare.Win32.Trojan.Agent.Gen SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Heuristic.BehavesLike.Win32.Downloader.H TrendMicro = TROJ_GEN.R31C2F7 Kaspersky = Trojan.Win32.Pirminay.nfb Microsoft = TrojanDownloader:Win32/Ponmocup.A PCTools = Trojan.Gen Jiangmin = Trojan/Generic.hiem McAfee = Artemis!0F13A4C33800 F-Secure = Trojan.Generic.5910974 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Kryptik-CIP [Trj] AVG = SHeur3.BYYJ Norman = W32/Obfuscated.L Symantec = Trojan.Gen GData = Trojan.Generic.5910974 TheHacker = Trojan/Pirminay.gob BitDefender = Trojan.Generic.5910974 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:04:20 22:59:15-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 102400 Initialized Data Size : 688128 Uninitialized Data Size : 0 Entry Point : 0x16152 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7000.0 Product Version Number : 6.1.7000.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Unicode Company Name : Vwmezyaqy Vdqtkycjtkt File Description : Processor Device Driver File Version : 6.1.7000.0 (winmain_win7beta.081212-1400) Internal Name : intelppm.sys Legal Copyright : © Ewcuvlutu Qcbxicjcffq. All rights reserved. Original Filename : intelppm.sys Product Name : Fqzzpuxae® Vxdwtjx® Operating System Product Version : 6.1.7000.0
VirusTotal Report submitted 2011-08-14 14:14:55
VirusShare info last updated 2012-07-25 04:16:17

	MD5	11599e7f74b9d201ffe8a0bb78e7d1bf
	SHA1	9d984403b173585a621b14f73436ab67e7366f83
	SHA256	3898b99f6dd0e69cdd35d483f4d3e87a78aceed35749c0fe15b06401d62c9b33
SSDeep	6144:7z0oXvbzyD1kphiMHMwkOqTC+19pgxOdGrfXvDm3E+PE2hbCQORv07khhAr3P7bc:HW1kfFqTC+1PgMdGrf7z+PE/v+kHe0
Size	368643 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.XPACK.Gen3 Avast = Win32:Pirminay-BW [Trj] Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/CI.A nProtect = Gen:Variant.Kazy.15607 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!SPiWt3NaUH4 TrendMicro-HouseCall = TROJ_GEN.R72C2FQ Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Pirminay.kqy McAfee-GW-Edition = Downloader.a!eb DrWeb = Trojan.MulDrop2.36782 TrendMicro = TROJ_GEN.R72C2FQ Kaspersky = Trojan.Win32.Pirminay.kqy Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Ponmocup.A PCTools = Trojan.Gen Jiangmin = Trojan/Generic.gmpc McAfee = Downloader.a!eb F-Secure = Gen:Variant.Kazy.15607 VIPRE = Trojan.Win32.Generic!SB.0 Avast5 = Win32:Pirminay-BW [Trj] AVG = Generic22.CNHA Norman = W32/Obfuscated.L Sophos = Mal/Ponmocup-A GData = Gen:Variant.Kazy.15607 Symantec = Trojan.Gen TheHacker = Trojan/Kryptik.llt BitDefender = Gen:Variant.Kazy.15607 NOD32 = a variant of Win32/Kryptik.LLT
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:03:02 10:25:52-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 368640 Initialized Data Size : 4096 Uninitialized Data Size : 479232 Entry Point : 0xcf190 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.0 Product Version Number : 5.2.3790.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 2 Language Code : Neutral Character Set : Unicode Company Name : Otngeajee Gskwasvrtii File Description : Czech_Programmer's Keyboard Layout File Version : 5.2.3790.0 (srv03_rtm.030324-2048) Internal Name : kbdcz2 (3.12) Legal Copyright : © Glainduup Sjtdhdqlice. All rights reserved. Original Filename : kbdcz2.dll Product Name : Dvseloutl® Zexauqm® Ymsptjfqo Dlftnv Product Version : 5.2.3790.0
VirusTotal Report submitted 2011-09-19 08:28:22
VirusShare info last updated 2012-07-25 04:19:45

	MD5	17a0a1f98f48cb79f8088b8766529b40
	SHA1	cdddb49dea9346ac2279ad7d7175ca1413a7d7a2
	SHA256	c45b3ca57d48a6b09fccb268699c690e8e7dcf847592670d263d6e252a7cdd1e
SSDeep	6144:ntqAtyQTlskkIB8agSd+/3KTliqpiAG4X/A/HWQhD4Doj+Ch:ntNtyUl7kALd4ilBpi/44F/5
Size	363085 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Pirminay.gkn Avast = Win32:Kryptik-CEF [Trj] Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan-Downloader.Win32.Ponmocup AhnLab-V3 = Win-Trojan/Pirminay.363085.B Panda = Trj/CI.A nProtect = Trojan/W32.Pirminay.363085 K7AntiVirus = Riskware VirusBuster = Trojan.Agent!TKmNTE+h7G4 TrendMicro-HouseCall = TROJ_GEN.R21C2F3 Comodo = TrojWare.Win32.Trojan.Agent.Gen Emsisoft = Trojan-Downloader.Win32.Ponmocup!IK CAT-QuickHeal = Trojan.Pirminay.gto SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Heuristic.BehavesLike.Win32.Downloader.H TrendMicro = TROJ_GEN.R21C2F3 Kaspersky = Trojan.Win32.Pirminay.gto Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = PossibleThreat PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.xx McAfee = Generic Downloader.x!fyu F-Secure = Trojan.Generic.5869931 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Vundo-JU [Trj] AVG = Generic22.AEHK Norman = W32/Obfuscated.L Sophos = Mal/Generic-L Symantec = Trojan.Gen GData = Trojan.Generic.5869931 TheHacker = Trojan/Pirminay.hay BitDefender = Trojan.Generic.5869931 NOD32 = probably a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:05:30 00:10:26-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 61440 Initialized Data Size : 598016 Uninitialized Data Size : 0 Entry Point : 0xbf1a OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 2 Language Code : Neutral Character Set : Unicode Company Name : Vpuwdzsie Oqfohvphedj File Description : German_IBM Keyboard Layout File Version : 6.0.6000.16386 (qotyg_rtm.061101-2205) Internal Name : kbdgr1 (3.13) Legal Copyright : © Sxoppxnwq Sllsgiltlnl. All rights reserved. Original Filename : kbdgr1.dll Product Name : Ntvcxggbe® Umcwupb® Tuulpvxkb Iaktfo Product Version : 6.0.6000.16386
VirusTotal Report submitted 2011-08-15 17:08:03
VirusShare info last updated 2012-07-25 04:28:36

	MD5	189860168ca6f1b1caf4e3e117a07d66
	SHA1	704a6de62454cd88ffff9f1a0a65c306d726b5b9
	SHA256	c8bd083c48ee408fea3579db54bfa25c16227394fb80f16f9002c60be6232231
SSDeep	12288:BMdJsibcwP2TaRjzXBCl5fGbejdk7C8G5uy+EPbCk83:BSJ7bB5XBCfvjY9sCki
Size	430491 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dldr.Ponmocup.A.281 Avast = Win32:Pirminay-W [Trj] Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Pirminay.430491 Panda = Trj/CI.A nProtect = Trojan/W32.Pirminay.430491 K7AntiVirus = Trojan VirusBuster = Trojan.Agent!7BnKOJCPuLo TrendMicro-HouseCall = TROJ_GEN.R72C2EG Comodo = TrojWare.Win32.Trojan.Agent.Gen Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Pirminay.gou McAfee-GW-Edition = Heuristic.BehavesLike.Win32.Suspicious.H TrendMicro = TROJ_GEN.R72C2EG Kaspersky = Trojan.Win32.Pirminay.gou Microsoft = TrojanDownloader:Win32/Ponmocup.A PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.agn McAfee = Generic Downloader.x!fyg F-Secure = Trojan.Generic.5904411 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Pirminay-W [Trj] AVG = Generic22.AKIR Norman = W32/Obfuscated.L Sophos = Mal/Generic-L Symantec = Trojan.Gen GData = Trojan.Generic.5904411 BitDefender = Trojan.Generic.5904411 NOD32 = a variant of Win32/Kryptik.NHM
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2004:08:15 13:21:11-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 69632 Initialized Data Size : 700416 Uninitialized Data Size : 0 Entry Point : 0x11d8c OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.0 Product Version Number : 5.2.3790.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Nritaynzq Zjhtptgftln File Description : timeout - pauses command processing File Version : 5.2.3790.0 (srv03_rtm.030324-2048) Internal Name : timeout.exe Legal Copyright : © Iatobqagy Ndibezjdznp. All rights reserved. Original Filename : timeout.exe Product Name : Xohwtgevy® Ukffxxa® Lgmgpkowb Ggvsfe Product Version : 5.2.3790.0
VirusTotal Report submitted 2011-08-13 16:31:18
VirusShare info last updated 2012-07-25 04:29:58

	MD5	193dfef244dfd3fa79beb49fbe308b77
	SHA1	2a75e353a733e70cbf31dce4d831e04435ec4bd9
	SHA256	5834f9cbf486a452da4ba46ab1bde0ce08eaffc6be9f10cd70947523d17cf17a
SSDeep	6144:uaM+CQXITz0t0CHLI4ScN9fCn2lg1l6tR51lOPRQ65z6G9Rr7+ezg+lti:u3tFILIr76tfOPZz/9d7+ug+ls
Size	365056 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dldr.Ponmocup.A.287 Avast = Win32:Downloader-HVN [Trj] Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Pirminay.365056.Q Panda = Generic Trojan nProtect = Trojan/W32.Pirminay.365056 K7AntiVirus = Trojan VirusBuster = Trojan.Pirminay!p7J7cz3A5AE VBA32 = Trojan.Pirminay.ieq TrendMicro-HouseCall = TSPY_PIRMI.SMUM Comodo = TrojWare.Win32.Trojan.Agent.Gen Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Downloader.a!uf DrWeb = Trojan.DownLoader3.26438 TrendMicro = TSPY_PIRMI.SMUM Kaspersky = Trojan.Win32.Pirminay.ieq Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Kryptik.ANL!tr PCTools = Downloader.Generic Jiangmin = Trojan/Pirminay.acd McAfee = Downloader.a!uf F-Secure = Trojan.Generic.KDV.249739 VIPRE = Trojan.Win32.Generic!BT eSafe = Win32.TRDldr.Ponmocu AVG = SHeur3.CEFV Norman = W32/Obfuscated.L Sophos = Troj/Virtum-Gen GData = Trojan.Generic.KDV.249739 Symantec = Downloader TheHacker = Trojan/Pirminay.ieq BitDefender = Trojan.Generic.KDV.249739 NOD32 = a variant of Win32/Kryptik.PNY
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:01:31 15:32:00-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 360448 Initialized Data Size : 4096 Uninitialized Data Size : 466944 Entry Point : 0xcac20 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.120 Product Version Number : 5.2.3790.120 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 1 Language Code : English (U.S.) Character Set : Unicode Company Name : Jtmmrqbth Eukatcstgsh File Description : Tty Printer Driver File Version : 5.2.3790.120 (srv03_qfe.031205-1652) Internal Name : Ttyres.dll Legal Copyright : © Vqjvvhngk Ajngiwczpfm. All rights reserved. Original Filename : Ttyres.dll Product Name : Onwpytshv® Apwraof® Joskedncv Bcanrh Product Version : 5.2.3790.120
VirusTotal Report submitted 2011-10-19 16:31:31
VirusShare info last updated 2012-07-25 04:30:50

	MD5	19c5f584b9ff76ef83ddf9daff373ab7
	SHA1	6fc85eda75627b8f765beaad0af44dc45699052f
	SHA256	f5cba9983dea1cb70d3611fbd0179fc81d36d04dc3b34edc42e8ba5fc09ab06c
SSDeep	6144:1rMxHOqzAg5abB53EfrhAZ1WAk3nV1CGoC1uoOQ3hbx4vg3NgvrdBeVjdtEl:gOqT5YyfQWJnV1CTC1uUtxj+BIdte
Size	365139 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen2 Avast = Win32:Pirminay-W [Trj] Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/CI.A nProtect = Trojan/W32.Pirminay.365139 K7AntiVirus = Virus VBA32 = Trojan.Pirminay.icu TrendMicro-HouseCall = TROJ_GEN.R72C2H6 Emsisoft = Trojan.Win32.Pirminay!IK Comodo = TrojWare.Win32.Trojan.Agent.Gen CAT-QuickHeal = Trojan.Pirminay.iir McAfee-GW-Edition = Generic Downloader.x!fza DrWeb = Trojan.DownLoader4.45460 TrendMicro = TROJ_GEN.R72C2H6 Kaspersky = Trojan.Win32.Pirminay.iir Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Kryptik.ANL!tr Jiangmin = Trojan/Pirminay.afi McAfee = Generic Downloader.x!fza F-Secure = Gen:Variant.Riern.1 VIPRE = Packed.Win32.Pirminay.a (v) eSafe = Win32.GenericDownloa F-Prot = W32/Skintrim.1!Generic AVG = Dropper.Generic3.CDXQ Norman = W32/Obfuscated.L Sophos = Troj/Virtum-Gen GData = Gen:Variant.Riern.1 Symantec = WS.Reputation.1 Commtouch = W32/Skintrim.1!Generic TheHacker = Trojan/Pirminay.icu BitDefender = Gen:Variant.Riern.1 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:11:10 01:11:08-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 8192 Initialized Data Size : 692224 Uninitialized Data Size : 0 Entry Point : 0x2b10 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.1830 Product Version Number : 5.2.3790.1830 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Nnkcnauqbfd File Description : Oxsavtxro® Terminal Server Licensing 236 Policy Module File Version : 5.2.3790.1830 (srv03_sp1_rtm.050324-1447) Internal Name : tls236.dll Legal Copyright : © Ondbxggyq Nicffcsvvwh. All rights reserved. Original Filename : tls236.dll Product Name : Olhajfcnu® Bcrrpfh® Kcbjshcze Oidwtd Product Version : 5.2.3790.1830
VirusTotal Report submitted 2011-10-21 04:35:31
VirusShare info last updated 2012-07-25 04:31:30

	MD5	19e23b8bc6cb006b8409ebf9c990ff82
	SHA1	48171b3ecdcf55025760ae8b0809345b9f0660bc
	SHA256	3388961fc7df6a72727ac914885c72995ed443ba10f3ac0cf4dd96122e903009
SSDeep	1536:2IgtG4llzAwk/HY0SyhduHFcOn9nkFLRhv/VKjRlUsRvpaUD1MWWyAaCrNl:R8l1Awk/tdwHFR5kNP1KjR27sMnai
Size	86528 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/VB.Downloader.Gen Avast = Win32:Hosts-J Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Swisyn Panda = Trj/Qhost.LU Rising = Trojan.Win32.QHost.awf nProtect = Trojan/W32.Swisyn.86528.B K7AntiVirus = Trojan VirusBuster = Trojan.Swisyn!whPY1JLc4mw VBA32 = SScope.Trojan.VB.0609 eTrust-Vet = Win32/Swisyn.R TrendMicro-HouseCall = TROJ_FAM_00001e3.TOMA Emsisoft = Trojan.Win32.Pirminay!IK Comodo = TrojWare.Win32.Swisyn.C CAT-QuickHeal = TrojanDownloader.Ponmocup.A3 SUPERAntiSpyware = Trojan.Agent/Gen-HackHost McAfee-GW-Edition = Heuristic.BehavesLike.Win32.Downloader.D DrWeb = Trojan.Hosts.303 TrendMicro = TROJ_FAM_00001e3.TOMA Kaspersky = Trojan.Win32.Swisyn.jyb ViRobot = Trojan.Win32.Swisyn.65024 Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Swisyn.CQV!tr PCTools = Malware.Changeup Jiangmin = Trojan/Swisyn.cby McAfee = Swisyn.s F-Secure = Trojan.QHosts.AVD VIPRE = Trojan.Win32.Swisyn.jyb (v) Avast5 = Win32:Hosts-J F-Prot = W32/Swisyn.E.gen!Eldorado AVG = Dropper.VB.CMD Norman = W32/DLoader.ACMAD Sophos = Mal/Swisyn-D Symantec = W32.Changeup!gen GData = Trojan.QHosts.AVD Commtouch = W32/Swisyn.E.gen!Eldorado TheHacker = Trojan/Swisyn.jyb BitDefender = Trojan.QHosts.AVD NOD32 = Win32/Qhost.NRX
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:13 10:28:38-04:00 PE Type : PE32 Linker Version : 6.0 Code Size : 8192 Initialized Data Size : 8192 Uninitialized Data Size : 0 Entry Point : 0x1088 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2011-07-05 18:42:50
VirusShare info last updated 2012-07-25 04:31:38

	MD5	1ca9338e6af622566358e1a15c2350d3
	SHA1	fa8111a686ccf04474ab8df3f35e198e3b7879c7
	SHA256	9226e9350ec0d4be1b390d8ec54a01572d8cb19412ba95fed3ddf198fb864084
SSDeep	1536:2I89LtduvmibhKd6PuxYLnuHUxC1QE2TXsCIBMnQjg/QXqa2uq+I4dS7:R8jhilWxYLtdXFQE/Q0uq+I4dC
Size	110592 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/VB.Downloader.Gen Avast = Win32:Hosts-J Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Swisyn Panda = Trj/Qhost.LU Rising = Trojan.Win32.QHost.awf nProtect = Trojan/W32.QHosts.110592 K7AntiVirus = Trojan VirusBuster = Trojan.Swisyn!whPY1JLc4mw VBA32 = SScope.Trojan.VB.0609 eTrust-Vet = Win32/Swisyn.R TrendMicro-HouseCall = TROJ_FAM_00001e3.TOMA Comodo = TrojWare.Win32.Swisyn.C CAT-QuickHeal = TrojanDownloader.Ponmocup.A3 SUPERAntiSpyware = Trojan.Agent/Gen-HackHost McAfee-GW-Edition = Heuristic.BehavesLike.Win32.Downloader.A DrWeb = Trojan.Hosts.303 TrendMicro = TROJ_FAM_00001e3.TOMA Kaspersky = Trojan.Win32.Swisyn.jyb Microsoft = TrojanDownloader:Win32/Ponmocup.A ViRobot = Trojan.Win32.Swisyn.65024 Fortinet = W32/Swisyn.CQV!tr PCTools = Malware.Changeup Jiangmin = Trojan/Swisyn.cby McAfee = Swisyn.s F-Secure = Trojan.QHosts.AVD VIPRE = Trojan.Win32.Swisyn.jyb (v) Avast5 = Win32:Hosts-J F-Prot = W32/Swisyn.E.gen!Eldorado AVG = Dropper.VB.CMD Norman = W32/DLoader.ACMAD Sophos = Mal/Swisyn-D Symantec = W32.Changeup!gen GData = Trojan.QHosts.AVD Commtouch = W32/Swisyn.E.gen!Eldorado TheHacker = Trojan/Swisyn.jyb BitDefender = Trojan.QHosts.AVD NOD32 = Win32/Qhost.NRX
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:13 10:28:38-04:00 PE Type : PE32 Linker Version : 6.0 Code Size : 8192 Initialized Data Size : 8192 Uninitialized Data Size : 0 Entry Point : 0x1088 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2011-06-29 11:13:24
VirusShare info last updated 2012-07-25 04:35:32

	MD5	1d86d14c98b37ae3d6c5859181673025
	SHA1	0286807f88070a99211d0c01eb4999b9eba1850f
	SHA256	ea707114dc2bcf7831e3c383ab922e069323174883e71c3628e45a1a6bb5a10f
SSDeep	6144:hZ45KiU95Bj0T9G+Mlnefu2/V3JmHbtSJLKUZpu9fi8lvsigPAHZcsgo2Lh:hgKiKK4p2tJmhUtPT8lvb6ycsx2Lh
Size	366592 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dldr.Ponmocup.A.58 Avast = Win32:Dropper-gen Ikarus = Trojan-Downloader.Win32.Ponmocup AhnLab-V3 = Trojan/Win32.Refroso Panda = Suspicious file K7AntiVirus = Riskware VBA32 = Trojan.Pirminay.hum TrendMicro-HouseCall = TROJ_GEN.R26C1EV Comodo = TrojWare.Win32.Trojan.Agent.Gen McAfee-GW-Edition = Generic Downloader.x!eli TrendMicro = TROJ_GEN.R26C1EV Kaspersky = Trojan.Win32.Pirminay.hum Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Pirminay.HUM!tr PCTools = HeurEngine.MaliciousPacker Jiangmin = Trojan/Pirminay.aaq McAfee = Generic Downloader.x!eli F-Secure = Backdoor.Generic.517571 VIPRE = Packed.Win32.Pirminay.a (v) Avast5 = Win32:Dropper-gen eSafe = Win32.TRDldr.Ponmocu F-Prot = W32/FakeAlert.LP.gen!Eldorado AVG = Downloader.Generic11.AHFM Norman = W32/Suspicious_Gen2.HRNWT Sophos = Mal/Generic-L Symantec = Packed.Generic.305 GData = Backdoor.Generic.517571 Commtouch = W32/FakeAlert.LP.gen!Eldorado TheHacker = W32/Pirminay.hum BitDefender = Backdoor.Generic.517571 NOD32 = a variant of Win32/Kryptik.IAC
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:15 12:19:35-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 357888 Initialized Data Size : 326144 Uninitialized Data Size : 0 Entry Point : 0x582e2 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.3.3790.3959 Product Version Number : 5.3.3790.3959 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : WDM WST Codec Driver File Version : 5.3.3790.3959 (srv03_sp2_rtm.070216-1710) Internal Name : wstcodec.sys Legal Copyright : Copyright (C) Philips Semiconductors. 1981-1999 Original Filename : wstcodec.sys Product Name : Microsoft(R) Windows(R) Operating System Product Version : 5.3.3790.3959
VirusTotal Report submitted 2011-06-23 19:42:13
VirusShare info last updated 2012-07-25 04:36:37

	MD5	1dfd83e400cb20bcc47c817f7d114c06
	SHA1	16006641b81a8ad821fb08229bdd4fe5fcfdcf03
	SHA256	4fefa4accd85c461eaacc125e861fd36efe9bb256b48d42d510b2ac91545c883
SSDeep	6144:cGruOUCkdYpCgUj2msuv4YzEOrCWiGWnbjEnSGm5dCsFBrea9mOvfyaqtEr3R:mO8dYxI2msugYWWinhPCCl6/K
Size	418214 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Spy.418265 Avast = Win32:Kryptik-CGY Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Pirminay.418214 Panda = Trj/CI.A nProtect = Trojan/W32.Pirminay.418214 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!SUpVBVG6qtQ TrendMicro-HouseCall = TROJ_GEN.R21C2F4 CAT-QuickHeal = Trojan.Pirminay.hcg SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Generic Downloader.x!fyu DrWeb = Trojan.DownLoader3.55571 TrendMicro = TROJ_GEN.R21C2F4 Kaspersky = Trojan.Win32.Pirminay.hcg Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Pirminay.A!tr Jiangmin = Trojan/Pirminay.ago McAfee = Generic Downloader.x!fyu F-Secure = Gen:Variant.Vundo.11 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Kryptik-CGY AVG = Generic22.AISB Norman = W32/Obfuscated.L Sophos = Mal/Ponmocup-A GData = Gen:Variant.Vundo.11 BitDefender = Gen:Variant.Vundo.11 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:04:29 17:34:20-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 139264 Initialized Data Size : 557056 Uninitialized Data Size : 0 Entry Point : 0x22c10 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6002.18005 Product Version Number : 6.0.6002.18005 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 9 Language Code : English (U.S.) Character Set : Unicode Company Name : Guakyncuo Vbrejfbjvqw File Description : Winmm audio system driver File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830) Internal Name : wdmaud.drv Legal Copyright : © Npwplkmlm Uwitvoeuats. All rights reserved. Original Filename : wdmaud.drv Product Name : Adpdrvssm® Igeomkm® Jjullbbtj Mpjaao Product Version : 6.0.6002.18005
VirusTotal Report submitted 2011-06-29 10:43:40
VirusShare info last updated 2012-07-25 04:37:08

	MD5	1e6bc35b000ed800b3509135b8ae8bc1
	SHA1	f84b473bf004cdc320a695a470d2734379e60ba0
	SHA256	65aacb40ccc46e1aba659e617a71835486267f6d94da24ac26ace070d3cde2e6
SSDeep	6144:0zAfN9tKSbAuIkfi19RoqaTOOK0hNmZvDaWBIKSpt4zLGE2W4xMlskoVtXsDsBcx:0cfNOSbAgiOqJO9uxSKSv4HGxVxMWkoG
Size	367616 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:Dropper-GZY [Drp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Generic Trojan Rising = Trojan.Win32.Generic.128A61C6 nProtect = Trojan/W32.Pirminay.367616 K7AntiVirus = Trojan VirusBuster = Trojan.Pirminay!dHa9F3nblnA VBA32 = Trojan.Pirminay.ikf TrendMicro-HouseCall = TROJ_GEN.R21C2G5 Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Pirminay.ikf SUPERAntiSpyware = Trojan.Agent/Gen-Falint[RE] McAfee-GW-Edition = Generic.dx!zwh DrWeb = Trojan.DownLoader3.33469 TrendMicro = TROJ_GEN.R21C2G5 Kaspersky = Trojan.Win32.Pirminay.ikf Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Pirminay.IKF!tr Jiangmin = Trojan/Pirminay.adg McAfee = Generic.dx!zwh F-Secure = Trojan.Generic.KDV.257045 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Dropper-GZY [Drp] eSafe = Win32.TRDropper AVG = Generic23.KBF Norman = W32/Obfuscated.L Sophos = Mal/Generic-L GData = Trojan.Generic.KDV.257045 TheHacker = Trojan/Pirminay.ikf BitDefender = Trojan.Generic.KDV.257045 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:11:12 13:26:02-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 368640 Initialized Data Size : 4096 Uninitialized Data Size : 540672 Entry Point : 0xde020 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7000.0 Product Version Number : 6.1.7000.0 File Flags Mask : 0x0017 File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Xczembsiu Zowhmyamvvc File Description : File Version : 6.1.7000.0 Internal Name : Eihsqjpxx.Byduyqa.Diagnosis.Commands.WriteDiagProgress.resources.dll Legal Copyright : Copyright (c) Ngkozaydl Wdlcanwellv. All rights reserved. Original Filename : Wwjxelbvl.Dxexqua.Diagnosis.Commands.WriteDiagProgress.resources.dll Product Name : Lcqpwtiev (R) Oqinrcj (R) Kgxbmaeau Cfqbwz Product Version : 6.1.7000.0
VirusTotal Report submitted 2011-07-20 13:12:17
VirusShare info last updated 2012-07-25 04:37:36

	MD5	1fc75c0eb985ed4197a0d3dac5e61dd1
	SHA1	d4cbc9614569a8f2556bb2df8abaf8fd279ab3a5
	SHA256	b37002ae482e787c42bf8ba3ccf299c93e80f866c17c74a9bd44d0424686d055
SSDeep	6144:cGruOUCkdYpCgUj2msuv4YzEOrCWiGWnbjEnSGm5dCsFBrea9mOvfyaqtEr3v:mO8dYxI2msugYWWinhPCCl6/e
Size	418403 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Spy.418265 Avast = Win32:Kryptik-CGY Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Pirminay.418403 Panda = Trj/CI.A nProtect = Trojan/W32.Pirminay.418403 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!SUpVBVG6qtQ TrendMicro-HouseCall = TROJ_GEN.R21C2F4 Comodo = TrojWare.Win32.Trojan.Agent.Gen CAT-QuickHeal = Trojan.Pirminay.hdt SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Generic Downloader.x!fyu DrWeb = Trojan.DownLoader3.55589 TrendMicro = TROJ_GEN.R21C2F4 Kaspersky = Trojan.Win32.Pirminay.hdt Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Pirminay.A!tr Jiangmin = Trojan/Pirminay.ago McAfee = Generic Downloader.x!fyu F-Secure = Gen:Variant.Vundo.11 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Kryptik-CGY AVG = Generic22.AISB Norman = W32/Obfuscated.L Sophos = Mal/Ponmocup-A GData = Gen:Variant.Vundo.11 BitDefender = Gen:Variant.Vundo.11 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:04:29 17:34:20-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 139264 Initialized Data Size : 557056 Uninitialized Data Size : 0 Entry Point : 0x22c10 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6002.18005 Product Version Number : 6.0.6002.18005 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 9 Language Code : English (U.S.) Character Set : Unicode Company Name : Guakyncuo Vbrejfbjvqw File Description : Winmm audio system driver File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830) Internal Name : wdmaud.drv Legal Copyright : © Npwplkmlm Uwitvoeuats. All rights reserved. Original Filename : wdmaud.drv Product Name : Adpdrvssm® Igeomkm® Jjullbbtj Mpjaao Product Version : 6.0.6002.18005
VirusTotal Report submitted 2011-07-01 17:33:45
VirusShare info last updated 2012-07-25 04:39:15

	MD5	2084c15b3e3c16b0217adf86cb01acb8
	SHA1	621182970b52234842ea2b8eb5cbd8dfcf53406f
	SHA256	eb1176589fda2a0b46aceea1367f1013d66587cada2cb041dc905156bf791a44
SSDeep	6144:oUzG73v2nFvTxWZApsujmmgSndbhv6IF2po1Nqw1AQD92pcoaWtB9F8:oUzUOFvTHpd4yvv6IF2u1DRIpzaWr9F8
Size	348660 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dldr.Ponmocup.A.251 Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Pirminay.348660 Panda = Trj/CI.A nProtect = Trojan/W32.Pirminay.348660 K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_GEN.R21C2F4 Comodo = TrojWare.Win32.Trojan.Agent.Gen Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Pirminay.hgz TrendMicro = TROJ_GEN.R21C2F4 Kaspersky = Trojan.Win32.Pirminay.hgz Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Downloader_x.FZU!tr PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.xe F-Secure = Trojan.Generic.5902046 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Vundo-JU [Trj] F-Prot = W32/SillyBackdoor.B.gen!Eldorado AVG = Generic22.AMCY Norman = W32/Obfuscated.L Symantec = Trojan.Gen GData = Trojan.Generic.5902046 Commtouch = W32/SillyBackdoor.B.gen!Eldorado TheHacker = Trojan/Pirminay.gng BitDefender = Trojan.Generic.5902046 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:09 09:37:28-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 61440 Initialized Data Size : 524288 Uninitialized Data Size : 0 Entry Point : 0xc3bb OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 8.0.7000.0 Product Version Number : 8.0.7000.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Lyngqagsuey File Description : Wujnhujjd Speech Recognition Engine Extensions File Version : 8.0.7000.0 (winmain_win7beta.081212-1400) Internal Name : spsrx.dll Legal Copyright : © Hsjbsdlsr Peruyriagwo. All rights reserved. Original Filename : spsrx.dll Product Name : Azsaulvbi® Fnqxvjq® Qgncpsjab Dnyaue Product Version : 8.0.7000.0
VirusTotal Report submitted 2011-08-13 16:41:20
VirusShare info last updated 2012-07-25 04:40:05

	MD5	230329fa638c99d8ce3559eb705005a3
	SHA1	8d3616a8360b5730d9b3eeae20ae46751c7746a3
	SHA256	5d76e3d237c6caf1a9c60a8d98b957b170a35fb66689e8039aa67593c81e1abd
SSDeep	6144:RepWLF6CnWlLQuItQVQIuuSmfdTFbuaSXGhatH3FoLYC8ZO7ZW8ST:RepWL47xRQIznCaSkakLYd3p
Size	343490 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.XPACK.Gen2 Avast = Win32:Pirminay-Y [Trj] Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay Panda = Generic Trojan nProtect = Gen:Variant.FakeAlert.39 K7AntiVirus = Trojan VirusBuster = Trojan.Agent!bncbCmsWLu8 VBA32 = Trojan.Pirminay.ihg TrendMicro-HouseCall = TROJ_GEN.R47C3FL Emsisoft = Trojan.Win32.Pirminay!IK Comodo = TrojWare.Win32.Trojan.Agent.Gen CAT-QuickHeal = Trojan.Pirminay.ihg McAfee-GW-Edition = Generic.dx!zvq DrWeb = Trojan.DownLoader3.35613 TrendMicro = TROJ_GEN.R47C3FL Kaspersky = Trojan.Win32.Pirminay.ihg Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Pirminay.IHG!tr PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.ads McAfee = Generic.dx!zvq F-Secure = Trojan.Generic.6147246 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Pirminay-Y [Trj] AVG = SHeur3.CEQR Norman = W32/Obfuscated.L Sophos = Mal/Generic-L Symantec = Trojan.Gen GData = Trojan.Generic.6147246 TheHacker = Trojan/Pirminay.ihd BitDefender = Trojan.Generic.6147246 NOD32 = Win32/TrojanDropper.Agent.PJQ
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:09 19:45:35-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 344064 Initialized Data Size : 4096 Uninitialized Data Size : 425984 Entry Point : 0xbbf80 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Hyfnnwlky Chxkquhzrad File Description : Tool for managing the Kerberos ticket cache File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : klist.exe Legal Copyright : © Pwrknubsa Hahjmfaqjii. All rights reserved. Original Filename : klist.exe Product Name : Jixuczsua® Epspgjy® Ajuywueil Lkbifg Product Version : 6.1.7600.16385
VirusTotal Report submitted 2011-07-15 14:57:25
VirusShare info last updated 2012-07-25 04:43:01

	MD5	2902b329b24e0168b24b2c8e4b72eabc
	SHA1	168bb66f68cadc2c98ee461e86a34e41fdf12081
	SHA256	ca9ae73a112c490c6b2b97488fb0ecda521e246c413edb97c19962a6f38937a0
SSDeep	6144:rydk+LIsQc+h+yNgbVd6sgu0cdOOYho+F5EwiNMd4Jc2l:r1+0sQc+h+GgZd60dNYu+F5Ym2l
Size	291986 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Gendal.6214294 Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.ADH Panda = Suspicious file K7AntiVirus = Riskware VirusBuster = Trojan.DL.Agent!XJf7tVC2AUI eTrust-Vet = Win32/Renos.ZAAC Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = TrojanDownloader.Ponmocup.a McAfee-GW-Edition = Generic Malware.ms Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Ponmocup.A PCTools = Trojan.Gen Jiangmin = Trojan/Generic.hcgp McAfee = Generic Malware.ms F-Secure = Trojan.Generic.6214294 VIPRE = Trojan.Win32.Generic!BT F-Prot = W32/Downldr2.IXCS AVG = Dropper.Generic4.BKG Norman = W32/Obfuscated.L Sophos = Troj/Virtum-Gen GData = Trojan.Generic.6214294 Symantec = Trojan.Gen Commtouch = W32/Downldr2.IXCS TheHacker = Trojan/Downloader.Agent.pxo BitDefender = Trojan.Generic.6214294 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:06:15 05:13:50-04:00 PE Type : PE32 Linker Version : 5.12 Code Size : 290816 Initialized Data Size : 4096 Uninitialized Data Size : 372736 Entry Point : 0xa2270 OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7000.0 Product Version Number : 6.1.7000.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Mdojmgfki Chkdyuxvjyu File Description : IOfficeAntiVirus Module File Version : 6.1.7000.0 (winmain_win7beta.081212-1400) Internal Name : MpOAV Legal Copyright : © Klkkjcuyo Swtfwqjcdca. All rights reserved. Original Filename : MpOAV.dll Product Name : Microsoft® Nykszwk® Ftgzlwyaw Dlwois Product Version : 6.1.7000.0
VirusTotal Report submitted 2011-10-28 05:06:59
VirusShare info last updated 2012-07-25 04:50:37

	MD5	2aa0edf1372e2d41c5877c31aaaeb4f7
	SHA1	826017614cb7727c574d7fe5dac195942676e0e5
	SHA256	aebbfcf630f053b994d00aba9a24bf4e3d50baf577417d223bb5b200c726dc12
SSDeep	6144:PTbPmLJRH4Xga7rfDOSMhTnMZDW5A0y3a0HKvc8WCso/K3FS/8CJvb:POvHFqeTnkDa61KkNCs3I/8CB
Size	381312 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.XPACK.Gen3 Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Suspicious file K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_GEN.R72C2F8 Comodo = TrojWare.Win32.Trojan.Agent.Gen Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Pirminay.icn McAfee-GW-Edition = Heuristic.BehavesLike.Win32.Downloader.H TrendMicro = TROJ_GEN.R72C2F8 Kaspersky = Trojan.Win32.Pirminay.icn Microsoft = TrojanDownloader:Win32/Ponmocup.A PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.aha McAfee = Downloader.a!cm F-Secure = Trojan.Generic.6114751 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Vundo-JU [Trj] F-Prot = W32/Ponmocup.A.gen!Eldorado AVG = Generic22.BDUT Norman = W32/Obfuscated.L Symantec = Trojan.Gen GData = Trojan.Generic.6114751 Commtouch = W32/Ponmocup.A.gen!Eldorado BitDefender = Trojan.Generic.6114751 NOD32 = a variant of Win32/Kryptik.LLT
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:04:03 00:00:25-05:00 PE Type : PE32 Linker Version : 7.0 Code Size : 356352 Initialized Data Size : 307200 Uninitialized Data Size : 0 Entry Point : 0x542c7 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : WMI IPMI DRIVER File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : IPMIDRV.Sys Legal Copyright : © OSA Technologies, Inc., an Avocent Company, All Rights Reserved. © Microsoft Corporation. All rights reserved. Original Filename : IPMIDRV.Sys Product Name : Microsoft® Windows® Operating System Product Version : 6.1.7600.16385
VirusTotal Report submitted 2011-08-11 15:42:56
VirusShare info last updated 2012-07-25 04:52:42

	MD5	318cf20ce8232b9ad54aaf17c34a3963
	SHA1	df1daafee7e18e4a501136d18c68fba90d156461
	SHA256	e10171f3a58645d38b23445ad673e0408883e9d52b30a4bfe889009a5e4eb6d0
SSDeep	12288:1D7yhPicWN8xHA5unp5Zx2vIAsIa6Riy2I6R:RyktOxHAYnHZD6Va
Size	455188 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dldr.Ponmocup.A.206 Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Malware/Win32.Generic nProtect = Trojan.Generic.KDV.187412 K7AntiVirus = Riskware ViRobot = Trojan.Win32.Generic.455188 F-Secure = Trojan.Generic.KDV.187412 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Vundo-JU AVG = Generic22.EIL Sophos = Mal/Ponmocup-B GData = Trojan.Generic.KDV.187412 TheHacker = Trojan/Kryptik.lxf BitDefender = Trojan.Generic.KDV.187412 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:01:08 02:07:09-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 69632 Initialized Data Size : 749568 Uninitialized Data Size : 0 Entry Point : 0xe7cf OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.1830 Product Version Number : 5.2.3790.1830 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 6 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : MS Remote Access and Routing ARP Driver File Version : 5.2.3790.1830 (srv03_sp1_rtm.050324-1447) Internal Name : WANARP.SYS Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : WANARP.SYS Product Name : Microsoft® Windows® Operating System Product Version : 5.2.3790.1830
VirusTotal Report submitted 2011-05-31 01:37:16
VirusShare info last updated 2012-07-25 05:01:43

	MD5	32d7e85bdd69ab8809127a11af0d3332
	SHA1	1f644d68582ea3845b7428ec97750fd154f17314
	SHA256	bb8578d45f93f8e7d5b1f15d33a14fe4d9e6f07a5dbbbc1cacd2f3a1b9b50a4f
SSDeep	1536:2IN77NOSZ+17Hb02PQlBuqJ1ZLUggguaz20jOExXwDHdfrAGKrNuDe:RNHD27fkuanUgg1aaErxXwhz9gw6
Size	92160 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/VB.Downloader.Gen Avast = Win32:Hosts-J [Trj] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Swisyn Rising = Trojan.Win32.QHost.awf nProtect = Trojan/W32.Swisyn.92160.D K7AntiVirus = Trojan VirusBuster = Trojan.Swisyn!whPY1JLc4mw VBA32 = SScope.Trojan.VB.0609 eTrust-Vet = Win32/Swisyn.R TrendMicro-HouseCall = TROJ_FAM_00001e3.TOMA Emsisoft = Trojan.Win32.Pirminay!IK Comodo = TrojWare.Win32.Swisyn.C CAT-QuickHeal = TrojanDownloader.Ponmocup.A3 SUPERAntiSpyware = Trojan.Agent/Gen-HackHost McAfee-GW-Edition = Heuristic.BehavesLike.Win32.Downloader.D DrWeb = Trojan.Hosts.303 TrendMicro = TROJ_FAM_00001e3.TOMA Kaspersky = Trojan.Win32.Swisyn.jyb ViRobot = Trojan.Win32.Swisyn.65024 Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Swisyn.CQV!tr PCTools = Malware.Changeup Jiangmin = Trojan/Swisyn.cby ClamAV = Trojan.VB-43290 VIPRE = Trojan.Win32.Swisyn.jyb (v) Avast5 = Win32:Hosts-J [Trj] F-Prot = W32/Swisyn.E.gen!Eldorado Sophos = Mal/Swisyn-D Commtouch = W32/Swisyn.E.gen!Eldorado TheHacker = Trojan/Swisyn.jyb NOD32 = Win32/Qhost.NRX
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:13 10:28:38-04:00 PE Type : PE32 Linker Version : 6.0 Code Size : 8192 Initialized Data Size : 8192 Uninitialized Data Size : 0 Entry Point : 0x1088 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2011-08-01 17:20:10
VirusShare info last updated 2012-07-25 05:03:23

	MD5	34adfd2291b86886a13f413fb8a4315a
	SHA1	cb0911ed708c2114b487bc80426ce9e7b2434078
	SHA256	e37ed8c0cc2ed47e78eb90f215eac5df8bd0b442819168e134098dca5cf5d2ec
SSDeep	6144:gGMRzkGlUKQryU8ej6M17RZVmigfflZkORnPPB1lOfGio:gGMRkKQV+MtRcfbp51lOfW
Size	311296 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Spy.ZBot.34.51 Avast = Win32:Zbot-NDU [Trj] Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Pirminay.311296.G Panda = Generic Trojan nProtect = Trojan/W32.Pirminay.311296 K7AntiVirus = Trojan VirusBuster = Trojan.Pirminay!3c031/6UyM0 VBA32 = Trojan.Pirminay.hxr eTrust-Vet = Win32/Pirminay.JJ TrendMicro-HouseCall = TROJ_QHOST.YRA Comodo = TrojWare.Win32.Trojan.Agent.Gen Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Pirminay.hxr McAfee-GW-Edition = Generic Downloader.x!fyy DrWeb = Trojan.DownLoader3.13029 TrendMicro = TROJ_QHOST.YRA Kaspersky = Trojan.Win32.Pirminay.hxr Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Pirminay.HXR!tr PCTools = Backdoor.Trojan McAfee = Generic Downloader.x!fyy F-Secure = Trojan.Zbot.HQZ VIPRE = Packed.Trojan.Win32.Generic eSafe = Win32.Kryptik.Nhm F-Prot = W32/Trojan2.NNWY AVG = SHeur3.CCVM Norman = W32/Obfuscated.L Sophos = Mal/Generic-L GData = Trojan.Zbot.HQZ Symantec = Backdoor.Trojan Commtouch = W32/Trojan2.NNWY TheHacker = Trojan/Pirminay.hxr BitDefender = Trojan.Zbot.HQZ NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:12:10 11:47:18-05:00 PE Type : PE32 Linker Version : 5.12 Code Size : 294912 Initialized Data Size : 282624 Uninitialized Data Size : 0 Entry Point : 0x48816 OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.398.613.2003 Product Version Number : 5.398.613.2003 File Flags Mask : 0x003f File Flags : Private build File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 6 Language Code : English (U.S.) Character Set : Unicode Company Name : Realtek Semiconductor Corporation File Description : Realtek RTL8139 NDIS 5.0 Driver File Version : 5.398.613.2003 built by: WinDDK Internal Name : RTL8139.SYS Legal Copyright : Copyright (C) 1994-2003 Realtek Semiconductor Uawxklfledv Original Filename : RTL8139.SYS Product Name : Realtek RTL8139 Family Fast Ethernet Adapter Product Version : 5.398.613.2003
VirusTotal Report submitted 2011-10-21 09:11:12
VirusShare info last updated 2012-07-25 05:05:32

	MD5	34b84947b61cd72abb842187e761f3bd
	SHA1	e68c27752c03168b64a0942c651498d59ee5b25e
	SHA256	1d8547a7ba5ed7467e3eef7c4469d716232358f1c7749d4abd63443b96fba6a8
SSDeep	6144:v6IpECjb5FDo573XvttMPyvOQhh8XbHEyT89ln0sYcSEFs2s6:vbjVuPMPyG/XrEyYP0zN2s6
Size	339968 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.ZPACK.Gen Avast = Win32:Pirminay-W Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Generic Trojan nProtect = Trojan.Generic.KDV.239440 VirusBuster = Trojan.Pirminay!rtOq9qZripI VBA32 = Trojan.Pirminay.hvr Comodo = TrojWare.Win32.Trojan.Agent.Gen McAfee-GW-Edition = Artemis!34B84947B61C DrWeb = Trojan.DownLoader3.10828 Kaspersky = Trojan.Win32.Pirminay.hvr Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Pirminay.HVR!tr PCTools = Trojan.Milicenso McAfee = Artemis!34B84947B61C F-Secure = Trojan-Dropper:W32/Agent.DTAN VIPRE = Packed.Win32.Pirminay.a (v) Avast5 = Win32:Pirminay-W eSafe = Win32.TRCrypt.ZPACK AVG = SHeur3.CCKC Norman = W32/Obfuscated.L Sophos = Mal/Generic-L Symantec = Trojan.Milicenso GData = Trojan.Generic.KDV.239440 TheHacker = Trojan/Pirminay.hvr BitDefender = Trojan.Generic.KDV.239440
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:06:13 20:54:04-04:00 PE Type : PE32 Linker Version : 5.12 Code Size : 323584 Initialized Data Size : 323584 Uninitialized Data Size : 0 Entry Point : 0x4fbf0 OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.0.2195.6655 Product Version Number : 5.0.2195.6655 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Unicode Company Name : Wrcxasyyk Fgcyadlvnof File Description : Wgbyntfzv Infra-Red Communications Driver File Version : 5.00.2195.6655 Internal Name : msircomm.sys Legal Copyright : Copyright (C) Rhpcgjadc Corp. 1981-1999 Original Filename : msircomm.sys Product Name : Ralasbpoz(R) Ceqiuqe (R) 2000 Qquhcbotz Nmypca Product Version : 5.00.2195.6655
VirusTotal Report submitted 2011-06-15 17:13:08
VirusShare info last updated 2012-07-25 05:05:34

	MD5	3c18ac76ff42d257c92d717907159a13
	SHA1	b7f28bc8a2be7836e49c8d2dd2a0bb14238877f8
	SHA256	948c95c1c47be3a07b5c6b66d77dfbe80da2124c0e90a8dd66544ee0e28c7061
SSDeep	12288:IRHkLNkvwC6L3sQCjwemN2fmwJLd69Tjl:Juo8VPmNq9L8lh
Size	422413 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dldr.Ponmocup.A.194 Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Fakeav.422413 Panda = Trj/CI.A nProtect = Trojan/W32.Pirminay.422413 K7AntiVirus = Riskware VirusBuster = Trojan.DL.Ponmocup!2ey+s21MM38 VBA32 = Trojan.Pirminay.fah TrendMicro-HouseCall = TROJ_GEN.R28C2EF Emsisoft = Trojan.Win32.Pirminay!IK Comodo = TrojWare.Win32.Trojan.Agent.Gen CAT-QuickHeal = Trojan.Pirminay.hkn SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[Cont] McAfee-GW-Edition = Generic Downloader.x!gaj TrendMicro = TROJ_GEN.R28C2EF Kaspersky = Trojan.Win32.Pirminay.hkn Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = PossibleThreat PCTools = Trojan.ADH Jiangmin = Trojan/Pirminay.qb McAfee = Generic Downloader.x!gaj F-Secure = Gen:Variant.Zbot.34 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Malware-gen AVG = Generic21.BITY Norman = W32/Obfuscated.L Sophos = Mal/Generic-L Symantec = Trojan.ADH GData = Gen:Variant.Zbot.34 TheHacker = Trojan/Pirminay.eky BitDefender = Gen:Variant.Zbot.34 NOD32 = a variant of Win32/Kryptik.LLT
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2005:03:18 07:43:45-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 401408 Initialized Data Size : 327680 Uninitialized Data Size : 0 Entry Point : 0x5f6ab OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Czljntpuy Iuemakitdex File Description : Network Diagnostic Engine Proxy/Stub File Version : 6.0.6000.16386 (swgdv_rtm.061101-2205) Internal Name : ndproxystub.dll Legal Copyright : © Uqlaxuhip Huvfvrnuapp. All rights reserved. Original Filename : ndproxystub.dll Product Name : Idppiqnde® Jbmefbd® Operating Dysnkt Product Version : 6.0.6000.16386
VirusTotal Report submitted 2011-08-15 17:00:44
VirusShare info last updated 2012-07-25 05:14:17

	MD5	3c3a11170e23c141331b9b69b1730117
	SHA1	44443eea0fc63c3445737402871d70bde4556c5e
	SHA256	aa8a43f430254956188fac8ea8f41c75e37e3639b90a35b5935c08f2fbc90498
SSDeep	6144:JNm/qGzdYoOQOlz1/My0B8dwclUZ5FX6tG3mXHeJAXvYb9IIwKVClSqNs:JNm5tglzqtQwCgAISv09FfU+
Size	334227 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dldr.Ponmocup.A.367 Avast = Win32:Pirminay-H [Trj] Antiy-AVL = Trojan/Win32.Jorik.gen Ikarus = Trojan.Pirminay AhnLab-V3 = Trojan/Win32.Jorik Panda = Suspicious file nProtect = Gen:Variant.Zbot.34 K7AntiVirus = Trojan VBA32 = SScope.Trojan.Pirminay.chc TrendMicro-HouseCall = TROJ_GEN.R47C2HD Emsisoft = Trojan.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Artemis!3C3A11170E23 TrendMicro = TROJ_GEN.R47C2HD Kaspersky = Trojan.Win32.Jorik.Pirminay.gr Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Kryptik.ANL!tr McAfee = Artemis!3C3A11170E23 F-Secure = Gen:Variant.Zbot.34 VIPRE = Trojan.Win32.Generic!BT AVG = Generic24.PQC Norman = W32/Suspicious_Gen2.NXSVW Sophos = Troj/Virtum-Gen GData = Gen:Variant.Zbot.34 Symantec = WS.Reputation.1 TheHacker = Trojan/Jorik.Pirminay.gr BitDefender = Gen:Variant.Zbot.34 NOD32 = a variant of Win32/Kryptik.JZC
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:28 10:44:14-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 323584 Initialized Data Size : 299008 Uninitialized Data Size : 0 Entry Point : 0x4edd2 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Microsoft® Help Proxy File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : helppaneproxy.dll Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : helppaneproxy.dll Product Name : Microsoft® Windows® Operating System Product Version : 6.1.7600.16385
VirusTotal Report submitted 2011-10-19 11:30:26
VirusShare info last updated 2012-07-25 05:14:27

	MD5	3d175324630eedace1dc82fe7f1aea14
	SHA1	6209258792b3de8f308af85e45eb0e4965ad759d
	SHA256	783325aa85e396d9be24a2b2b9197d22a64e4c218ea48e15c84a7b78844de024
SSDeep	6144:abQJLHL1MXfeM2hxBUhs2NjuSOCQ4pR8I/qiOEK7lkYq2Td:pFHWXfl2hxBm5NCnATvqiOE8Nd
Size	360930 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Ikarus = Trojan.Win32.Pirminay VBA32 = SScope.Trojan.Pirminay.chc Microsoft = TrojanDownloader:Win32/Ponmocup.A F-Secure = Gen:Variant.Vundo.11 Avast5 = Win32:Vundo-JU GData = Gen:Variant.Vundo.11 BitDefender = Gen:Variant.Vundo.11
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:11:01 03:17:06-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 24576 Initialized Data Size : 651264 Uninitialized Data Size : 0 Entry Point : 0x365f OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.1716.0 Product Version Number : 5.2.1716.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Agiivkwja Wzqdjywtvjq File Description : Message Queuing Trigger Generic Object File Version : 5.2.1716.0 (srv03_rtm.030324-2048) Internal Name : MQGENTR.DLL Legal Copyright : © Twmqsmopf Dhfwrhcyzqz. All rights reserved. Original Filename : MQGENTR.DLL Product Name : Ybaobmzwl® Yauhzsb® Lrhggkauz Ajtpqr Product Version : 5.2.1716.0
VirusTotal Report submitted 2011-05-24 23:10:03
VirusShare info last updated 2012-07-25 05:15:12

	MD5	3d27f9bd4d143594d9ddd8221e47989c
	SHA1	b6d71f4348321174789fd23218c2c7bd7c1da4a1
	SHA256	1963810d44ca17a9d57ae59f1874d058e8afb376ad98d6791f90aaf1deb51735
SSDeep	12288:oQLT0Xg745fvAKB8Pi0p9JmddM9+bM8yJlqzsEeKpzsf:o1gg3AKBuLmQKM8zHeKpzsf
Size	427399 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:Rootkit-gen Ikarus = Trojan.Win32.Pirminay K7AntiVirus = Riskware SUPERAntiSpyware = Adware.Vundo/Variant-MSFake McAfee-GW-Edition = Heuristic.LooksLike.Win32.Suspicious.C DrWeb = Trojan.MulDrop2.36782 PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.ahu McAfee = Suspect-AB!3D27F9BD4D14 F-Secure = Gen:Trojan.Heur.AmLfziNCzzli VIPRE = Trojan.Win32.Generic!SB.0 Avast5 = Win32:Rootkit-gen AVG = Generic23.AFNT Norman = W32/Obfuscated.L Sophos = Mal/Ponmocup-A Symantec = Trojan.Gen GData = Gen:Trojan.Heur.AmLfziNCzzli BitDefender = Gen:Trojan.Heur.AmLfziNCzzli NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:13 15:15:41-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 425984 Initialized Data Size : 4096 Uninitialized Data Size : 557056 Entry Point : 0xf06b0 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.1716.0 Product Version Number : 5.2.1716.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Message Queuing Directory Service Client File Version : 5.2.1716.0 (srv03_rtm.030324-2048) Internal Name : MQDSCLI.DLL Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : MQDSCLI.DLL Product Name : Microsoft® Windows® Operating System Product Version : 5.2.1716.0
VirusTotal Report submitted 2011-06-30 17:41:52
VirusShare info last updated 2012-07-25 05:15:18

	MD5	3f4c7bee840128b401cd3c98d3866bac
	SHA1	a954480039f156eac683eedc8978f9c1eef9d325
	SHA256	6e1dc0d319280a3c6cdbb17f11b82ae779851b565eb38d95a0b5df2aaffc6938
SSDeep	6144:BDXEpAKjlp91O9cP8Bpjqix1V1a+f3OatWYl+KhHRCqjFKJMwRmfzUOVyFSu:BDEpAaDOxBpeG4+PzXHgqJLfIOC
Size	372315 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.5.14 Avast = Win32:Kryptik-CGS [Trj] Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Pirminay.372315 Panda = Trj/CI.A nProtect = Trojan/W32.Pirminay.372315 K7AntiVirus = Trojan TrendMicro-HouseCall = TROJ_GEN.R21C2FD Comodo = TrojWare.Win32.Trojan.Agent.Gen Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Pirminay.hbv SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[RE] McAfee-GW-Edition = Heuristic.BehavesLike.Win32.Suspicious.H TrendMicro = TROJ_GEN.R21C2FD Kaspersky = Trojan.Win32.Pirminay.hbv Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Pirminay.HBV!tr Jiangmin = Trojan/Pirminay.xp McAfee = Generic Downloader.x!fyu F-Secure = Gen:Variant.Vundo.5 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Kryptik-CGS [Trj] AVG = Generic22.AHQY Norman = W32/Obfuscated.L GData = Gen:Variant.Vundo.5 TheHacker = Trojan/Pirminay.gnm BitDefender = Gen:Variant.Vundo.5 NOD32 = a variant of Win32/Kryptik.LLT
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2005:03:23 01:26:00-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 360448 Initialized Data Size : 303104 Uninitialized Data Size : 0 Entry Point : 0x54e6b OS Version : 4.0 Image Version : 21315.20512 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6001.18000 Product Version Number : 6.0.6001.18000 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Zzzffrwly Puzwzmxnndf File Description : Inzxaab NT MARTA provider File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840) Internal Name : ntmarta.dll Legal Copyright : © Microsoft Ypdqieadvno. All rights reserved. Original Filename : ntmarta.dll Product Name : Wpamuroqh® Masmftj® Kqjfrnchf System Product Version : 6.0.6001.18000
VirusTotal Report submitted 2011-07-08 15:09:08
VirusShare info last updated 2012-07-25 05:18:05

	MD5	43633820580cf636336997ff79cc34c6
	SHA1	49f1595837f4b0b16fb8535523fc1dda891a4e40
	SHA256	1519f79e33588da1e28b6f45cb3365a482970924c9b00757389de3d19bc1b9d4
SSDeep	6144:ntqAtyQTlskkIB8agSd+/3KTliqpiAG4X/A/HWQhD4Doj+CC:ntNtyUl7kALd4ilBpi/44F/6
Size	362975 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Pirminay.gkn Avast = Win32:Kryptik-CEF [Trj] Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Pirminay.362975 Panda = Trj/CI.A nProtect = Trojan/W32.Pirminay.362975 K7AntiVirus = Riskware VirusBuster = Trojan.Agent!TKmNTE+h7G4 TrendMicro-HouseCall = TROJ_GEN.R21C2F3 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Heuristic.BehavesLike.Win32.Suspicious.H TrendMicro = TROJ_GEN.R21C2F3 Kaspersky = Trojan.Win32.Pirminay.grx Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Pirminay.GRX!tr PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.xx McAfee = Generic Downloader.x!fyu F-Secure = Trojan.Generic.5869931 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Vundo-JU [Trj] AVG = Generic22.AEHK Norman = W32/Suspicious_Gen2.MPFBO Sophos = Mal/Generic-L Symantec = Trojan.Gen GData = Trojan.Generic.5869931 TheHacker = Trojan/Pirminay.hay BitDefender = Trojan.Generic.5869931 NOD32 = probably a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:05:30 00:10:26-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 61440 Initialized Data Size : 598016 Uninitialized Data Size : 0 Entry Point : 0xbf1a OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 2 Language Code : Neutral Character Set : Unicode Company Name : Vpuwdzsie Oqfohvphedj File Description : German_IBM Keyboard Layout File Version : 6.0.6000.16386 (qotyg_rtm.061101-2205) Internal Name : kbdgr1 (3.13) Legal Copyright : © Sxoppxnwq Sllsgiltlnl. All rights reserved. Original Filename : kbdgr1.dll Product Name : Ntvcxggbe® Umcwupb® Tuulpvxkb Iaktfo Product Version : 6.0.6000.16386
VirusTotal Report submitted 2011-07-08 15:02:12
VirusShare info last updated 2012-07-25 05:23:13

	MD5	44403b3b7197ebcc321b61130832e5c5
	SHA1	7ecefb219e66e56be418474846a86267594ad5cb
	SHA256	c6dbdff67791023e039f5d81c952fba12b3d3bba1539588902ffbce49240951e
SSDeep	6144:pa1+oqf1TlcpczlFVXrj9XxDJxTxN4eLg0S+WiWLWxkthVV0/6rBCH9JBn9pF:PZwaln7ZhtxVN4erWiWLWxktzV46rsH9
Size	323584 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dldr.Ponmocup.A.283 Avast = Win32:Downloader-HUP [Trj] Antiy-AVL = Trojan/win32.agent.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.FakeAV Panda = Trj/CI.A nProtect = Gen:Variant.FakeAlert.39 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!J912oAQHeRg TrendMicro-HouseCall = TROJ_GEN.R72C2FI Comodo = TrojWare.Win32.Trojan.Agent.Gen Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Artemis!44403B3B7197 DrWeb = Trojan.DownLoader3.22724 TrendMicro = TROJ_GEN.R72C2FI Microsoft = TrojanDownloader:Win32/Ponmocup.A Jiangmin = Trojan/Generic.ggky McAfee = Artemis!44403B3B7197 F-Secure = Trojan.Generic.KDV.247798 VIPRE = Trojan.Win32.Generic!SB.0 Avast5 = Win32:Downloader-HUP [Trj] AVG = Generic22.CLCX Norman = W32/Obfuscated.L Sophos = Mal/Generic-L GData = Trojan.Generic.KDV.247798 TheHacker = Trojan/Kryptik.llt BitDefender = Trojan.Generic.KDV.247798 NOD32 = a variant of Win32/Kryptik.LLT
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:02:13 04:41:54-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 323584 Initialized Data Size : 4096 Uninitialized Data Size : 393216 Entry Point : 0xaf440 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Sapfiucdb Fzdnzxmpoex File Description : MUI Callback for Language pack cleanup File Version : 6.0.6000.16386 (vista_rtm.061101-2205) Internal Name : MUILanguageCleanup Legal Copyright : © Qyverpntv Ehhejouvjvn. All rights reserved. Original Filename : MUILanguageCleanup.dll Product Name : Ggvfisjwp® Fhamdzr® Nderimfhd Uwezlp Product Version : 6.0.6000.16386
VirusTotal Report submitted 2011-07-05 15:50:04
VirusShare info last updated 2012-07-25 05:24:16

	MD5	454b6fceef1719af7892086e9589e178
	SHA1	8fbb61e701164b01d7235cd7c6858521efefc7d1
	SHA256	77f94b069c6567524e149d4d48d7f890ff6020c2702c45d55586cb046a14d48b
SSDeep	6144:jNGImPi9EMIMkyuVbJp3H47uBDTttskyznIy7Mg+fNMbyKYIx0fDhvCoS1t9+:jhd2Mk5YWDTttBag8nIfDRCoS13+
Size	389992 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.XPACK.Gen2 Avast = Win32:Trojan-gen Antiy-AVL = Trojan/win32.agent.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/CI.A nProtect = Trojan/W32.Pirminay.389992 VirusBuster = Trojan.Pirminay!Kk6JJk65Xt8 Comodo = TrojWare.Win32.Trojan.Agent.Gen McAfee-GW-Edition = Heuristic.BehavesLike.Win32.ModifiedUPX.C DrWeb = Trojan.DownLoader3.41663 Kaspersky = Trojan.Win32.Pirminay.jdr Microsoft = TrojanDownloader:Win32/Ponmocup.A McAfee = Suspect-BA!454B6FCEEF17 F-Secure = Trojan.Generic.KDV.267552 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Trojan-gen AVG = SHeur3.CGFG Norman = W32/Obfuscated.L Sophos = Mal/Generic-L Symantec = Trojan.ADH.2 GData = Trojan.Generic.KDV.267552 BitDefender = Trojan.Generic.KDV.267552 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:13 16:39:33-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 372736 Initialized Data Size : 20480 Uninitialized Data Size : 602112 Entry Point : 0xee000 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2011-06-27 03:02:21
VirusShare info last updated 2012-07-25 05:25:31

	MD5	462a2d0f9e655a39715f186610668496
	SHA1	01c26e8721ac323e1b78f93fb9fc2d7127182844
	SHA256	c8df4db6e135efb961a5978d92d9bb8625bee5ea867889cdf3055fd6be742208
SSDeep	6144:xUrIlX6V2mESHOaTDNfnAYi5BP9J2EYve0iTovz6KHveqmvLDXDbv5f:xWyX5KiZ9U/rAo2oev/Xxf
Size	377741 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dldr.Ponmocup.A.280 Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/CI.A nProtect = Trojan/W32.Pirminay.377741 K7AntiVirus = Trojan VirusBuster = Trojan.DL.Ponmocup!7POGzuAAkJY VBA32 = Trojan.Pirminay.ipf TrendMicro-HouseCall = TROJ_GEN.R72C2FI Comodo = TrojWare.Win32.Trojan.Agent.Gen Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Pirminay.ipf McAfee-GW-Edition = Artemis!462A2D0F9E65 DrWeb = Trojan.DownLoader4.6549 TrendMicro = TROJ_GEN.R72C2FI Kaspersky = Trojan.Win32.Pirminay.ipf Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Pirminay.IPF!tr PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.ahf McAfee = Artemis!462A2D0F9E65 F-Secure = Trojan.Generic.6240761 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Malware-gen eSafe = Win32.TRDldr.Ponmocu AVG = Downloader.Generic11.AMVA Norman = W32/Obfuscated.L Sophos = Mal/Generic-L Symantec = Trojan.Gen GData = Trojan.Generic.6240761 TheHacker = Trojan/Pirminay.ipf BitDefender = Trojan.Generic.6240761 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:04:08 11:25:53-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 36864 Initialized Data Size : 659456 Uninitialized Data Size : 0 Entry Point : 0x63eb OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.9.1.1 Product Version Number : 2.9.1.1 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : RioPort File Description : WMDM Service Provider driver for MDM Drivers File Version : 2.9.1.1 Internal Name : mdWMDMSp Legal Copyright : Copyright © 1999- 2001 Rioport.com Legal Trademarks : Original Filename : MdWMDMSp.dll Private Build : Product Name : MDM Core Product Version : 2.9.1.1 Special Build :
VirusTotal Report submitted 2011-07-21 05:01:41
VirusShare info last updated 2012-07-25 05:26:28

	MD5	4852b4891799a3ae02af46fca1d0182e
	SHA1	dd2831f35ed3a665d6e8545e8c7b9b0fe6fe02c3
	SHA256	0cb0c9c78f7bda1723eda056b9ebde7295158fe76fb813801d42202b98ad41c6
SSDeep	6144:5FuVXcUe09a2H9p6U/3hcj6CFGi+FjltqxlhFvYWiw3daXQO:DuVsEB/O6CFGi+jltqxpRBCQO
Size	327672 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Pirminay.equ Avast = Win32:Pirminay-W [Trj] Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.5 K7AntiVirus = Riskware VirusBuster = Backdoor.Agent!4+1yK2r0C+E TrendMicro-HouseCall = TROJ_GEN.R4FC3FP Emsisoft = Trojan.Win32.Pirminay!IK Comodo = TrojWare.Win32.Trojan.Agent.Gen SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[RE] McAfee-GW-Edition = Generic Downloader.x!fxs TrendMicro = TROJ_GEN.R4FC3FP Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = PossibleThreat PCTools = Trojan.ADH Jiangmin = Trojan/Pirminay.qx McAfee = Generic Downloader.x!fxs F-Secure = Backdoor.Generic.629675 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Pirminay-W [Trj] F-Prot = W32/Ponmocup.A.gen!Eldorado AVG = Downloader.Generic11.SEC Norman = W32/Suspicious_Gen2.MSPJV Sophos = Mal/Generic-L Symantec = Trojan.ADH.2 GData = Backdoor.Generic.629675 Commtouch = W32/Ponmocup.A.gen!Eldorado TheHacker = Trojan/Pirminay.eqh BitDefender = Backdoor.Generic.629675 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:11:06 08:08:19-05:00 PE Type : PE32 Linker Version : 5.12 Code Size : 36864 Initialized Data Size : 573440 Uninitialized Data Size : 0 Entry Point : 0x61cf OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Tghifmcdg Fyslctfodfj File Description : Standard TCP/IP Port Monitor Helper DLL File Version : 6.0.6000.16386 (fivny_rtm.061101-2205) Internal Name : tcpmib.dll Legal Copyright : © Ehvyhotzq Ceqrdhorday. All rights reserved. Original Filename : tcpmib.dll Product Name : Ydaucwtcg® Plfkxmg® Fujpzrgtl Cwiwxh Product Version : 6.0.6000.16386
VirusTotal Report submitted 2011-08-21 12:34:41
VirusShare info last updated 2012-07-25 05:28:54

	MD5	4cfcefe85fd367ea59688369349d0351
	SHA1	c30fec402f01707976e40aa4de13ea4239db0604
	SHA256	40bde5ed52c739b4ccc7770303242caac02f4ed66f47318e0fb69820c012bf81
SSDeep	6144:YGMRzkGlUKQryU8ej6M17RZVmigfflZkORnPPB1lOfGio:YGMRkKQV+MtRcfbp51lOfW
Size	311296 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Spy.ZBot.34.51 Avast = Win32:Zbot-NDU [Trj] Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Generic Trojan Rising = Trojan.Win32.Generic.128C5571 nProtect = Trojan/W32.Pirminay.311296 K7AntiVirus = Trojan VirusBuster = Trojan.Pirminay!3c031/6UyM0 VBA32 = Trojan.Pirminay.hxr eTrust-Vet = Win32/Pirminay.JJ TrendMicro-HouseCall = TROJ_PIRMIN.SMUM Emsisoft = Trojan.Win32.Pirminay!IK Comodo = TrojWare.Win32.Trojan.Agent.Gen McAfee-GW-Edition = Artemis!4CFCEFE85FD3 DrWeb = Trojan.DownLoader3.13029 TrendMicro = TROJ_PIRMIN.SMUM Kaspersky = Trojan.Win32.Pirminay.hxr Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Kryptik.ANL!tr PCTools = HeurEngine.MaliciousPacker McAfee = Artemis!4CFCEFE85FD3 F-Secure = Trojan.Zbot.HQZ VIPRE = Trojan.Win32.Generic!SB.0 eSafe = Win32.TRSpy.Zbot F-Prot = W32/Trojan2.NNWY AVG = SHeur3.CCVM Norman = W32/Obfuscated.L Sophos = Mal/Generic-L GData = Trojan.Zbot.HQZ Symantec = Packed.Generic.305 Commtouch = W32/Trojan2.NNWY TheHacker = Trojan/Pirminay.hxr BitDefender = Trojan.Zbot.HQZ NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:12:10 11:47:18-05:00 PE Type : PE32 Linker Version : 5.12 Code Size : 294912 Initialized Data Size : 282624 Uninitialized Data Size : 0 Entry Point : 0x48816 OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.398.613.2003 Product Version Number : 5.398.613.2003 File Flags Mask : 0x003f File Flags : Private build File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 6 Language Code : English (U.S.) Character Set : Unicode Company Name : Realtek Semiconductor Corporation File Description : Realtek RTL8139 NDIS 5.0 Driver File Version : 5.398.613.2003 built by: WinDDK Internal Name : RTL8139.SYS Legal Copyright : Copyright (C) 1994-2003 Realtek Semiconductor Uawxklfledv Original Filename : RTL8139.SYS Product Name : Realtek RTL8139 Family Fast Ethernet Adapter Product Version : 5.398.613.2003
VirusTotal Report submitted 2011-10-19 16:37:58
VirusShare info last updated 2012-07-25 05:34:07

	MD5	4db1731d3ee5926600f5bc412f6be367
	SHA1	e551607fd3096373838dd17f67fe7139d8fa08f2
	SHA256	b1c9f91979a984ef81fe39912b73970198ba565b266fdd089273d6db9cfe8187
SSDeep	6144:XPmE2IQdwk5cNBPITI86xPT2OV0oNZ1utmFp6BazzC2K5UNbUPigOsQGXv:/Od0Nm0RT2OtNbVbkUNb8igrQe
Size	425984 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Spy.ZBot.34.48 Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Zbot.425984.D Panda = Trj/CI.A nProtect = Gen:Variant.Zbot.34 K7AntiVirus = Trojan VirusBuster = Trojan.Pirminay!wp0GIffNAYo VBA32 = Trojan.Pirminay.hup Comodo = TrojWare.Win32.Trojan.Agent.Gen Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Faldesc[RE] McAfee-GW-Edition = Artemis!4DB1731D3EE5 DrWeb = Trojan.WinSpy.1038 Kaspersky = Trojan.Win32.Pirminay.hup Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Mdrop.DMN!tr Jiangmin = Trojan/Pirminay.aar McAfee = Artemis!4DB1731D3EE5 F-Secure = Gen:Variant.Zbot.34 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Malware-gen eSafe = Win32.TRSpy.Zbot AVG = Generic22.BRXL Norman = W32/Obfuscated.L Sophos = Troj/Mdrop-DMN GData = Gen:Variant.Zbot.34 TheHacker = W32/Pirminay.hup BitDefender = Gen:Variant.Zbot.34 NOD32 = probably a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2005:11:29 10:33:29-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 376832 Initialized Data Size : 352256 Uninitialized Data Size : 0 Entry Point : 0x597b2 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7000.0 Product Version Number : 6.1.7000.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Avejihvhn Cqlfvgoscmf File Description : Vyqishi Live Services File Version : 6.1.7000.0 (winmain_win7beta.081212-1400) Internal Name : wlsrvc Legal Copyright : © Plzuianji Eutnvciopig. All rights reserved. Original Filename : wlsrvc Product Name : Jowhcumbl® Oicldwc® Hxllfogrt Ojayun Product Version : 6.1.7000.0
VirusTotal Report submitted 2011-07-16 02:21:38
VirusShare info last updated 2012-07-25 05:35:08

	MD5	4dfb1756d293ae2911c881bdbe9d5cb2
	SHA1	573f649ff4c04d1eaeb4d6d05f5601a60a3e0c54
	SHA256	6537f3638228f33bbfd8c6748086facc7b45f2575b088bb9fc24171a11057fae
SSDeep	1536:2IHnnbMVyVp01sjQ7WwQlwU5sgRmN253D3A3/XPifjZz7NvZ1I:RHnn4au15WwkwCPmNWbA33irZ/Nvk
Size	98304 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/VB.Downloader.Gen Avast = Win32:Hosts-J [Trj] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Swisyn Panda = Trj/Qhost.LU Rising = Trojan.Win32.QHost.awf nProtect = Trojan/W32.Swisyn.98304.T K7AntiVirus = Trojan VirusBuster = Trojan.Swisyn!whPY1JLc4mw VBA32 = SScope.Trojan.VB.0609 eTrust-Vet = Win32/Swisyn.R TrendMicro-HouseCall = TROJ_FAM_00001e3.TOMA Comodo = TrojWare.Win32.Swisyn.C Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = TrojanDownloader.Ponmocup.A3 SUPERAntiSpyware = Trojan.Agent/Gen-HackHost McAfee-GW-Edition = Heuristic.BehavesLike.Win32.Downloader.D DrWeb = Trojan.Hosts.303 TrendMicro = TROJ_FAM_00001e3.TOMA Kaspersky = Trojan.Win32.Swisyn.jyb Microsoft = TrojanDownloader:Win32/Ponmocup.A ViRobot = Trojan.Win32.Swisyn.65024 Fortinet = W32/Swisyn.CQV!tr PCTools = Malware.Changeup Jiangmin = Trojan/Swisyn.cby McAfee = Swisyn.s ClamAV = Trojan.VB-43290 F-Secure = Trojan.QHosts.AVD VIPRE = Trojan.Win32.Swisyn.jyb (v) Avast5 = Win32:Hosts-J [Trj] F-Prot = W32/Swisyn.E.gen!Eldorado AVG = Dropper.VB.CMD Norman = W32/DLoader.ACMAD Sophos = Mal/Swisyn-D Symantec = W32.Changeup!gen GData = Trojan.QHosts.AVD Commtouch = W32/Swisyn.E.gen!Eldorado TheHacker = Trojan/Swisyn.jyb BitDefender = Trojan.QHosts.AVD NOD32 = Win32/Qhost.NRX
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:13 10:28:38-04:00 PE Type : PE32 Linker Version : 6.0 Code Size : 8192 Initialized Data Size : 8192 Uninitialized Data Size : 0 Entry Point : 0x1088 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2011-07-23 04:08:44
VirusShare info last updated 2012-07-25 05:35:29

	MD5	4e046ccff5faa25052f77624693456a6
	SHA1	79ca9d4d9786c663e6fa8b5530b7e644c9ef170a
	SHA256	6dd8a7b35d8b74e848980acc57ea01393854114950da458154996812d9c23b86
SSDeep	6144:qdbi6PiMO2KY+lwXPB3B0M/eUzzSZI/rTEYslvTK110/Hm:2ixL2KY+l03hoI/rwY4v+11Am
Size	321327 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.XPACK.Gen3 Avast = Win32:Malware-gen Ikarus = Trojan-Downloader.Win32.Ponmocup AhnLab-V3 = Win-Trojan/Malware.321327 Panda = Suspicious file nProtect = Gen:Variant.Riern.1 K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_GEN.R26C1F3 Comodo = TrojWare.Win32.Trojan.Agent.Gen CAT-QuickHeal = Win32.TrojanDownloader.Renos.KC.4 McAfee-GW-Edition = Generic Downloader.x!elz TrendMicro = TROJ_GEN.R26C1F3 Kaspersky = Trojan.Win32.Pirminay.ccm Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Pirminay.CCM!tr PCTools = HeurEngine.MaliciousPacker McAfee = Generic Downloader.x!elz VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Malware-gen F-Prot = W32/FakeAlert.LP.gen!Eldorado AVG = Generic22.CCSA Norman = W32/Suspicious_Gen2.MQMVY Sophos = Mal/Generic-L Symantec = Packed.Generic.305 GData = Gen:Variant.Riern.1 Commtouch = W32/FakeAlert.LP.gen!Eldorado BitDefender = Gen:Variant.Riern.1 NOD32 = a variant of Win32/Agent.RDG
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2004:04:10 00:52:41-04:00 PE Type : PE32 Linker Version : 6.0 Code Size : 24576 Initialized Data Size : 587264 Uninitialized Data Size : 0 Entry Point : 0x6dc8 OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Disk Block Verification Filter Driver File Version : 6.0.6000.16386 (vista_rtm.061101-2205) Internal Name : crcdisk.sys Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : crcdisk.sys Product Name : Microsoft® Windows® Operating System Product Version : 6.0.6000.16386
VirusTotal Report submitted 2011-06-08 15:39:56
VirusShare info last updated 2012-07-25 05:35:32

	MD5	50aa71cc1ed38013c49280e6c04a06af
	SHA1	dc99e20dd9deaac69740db1faddaabe10f8cba6d
	SHA256	f8b9da4360d70181eac7c2d9db9123a701bbf3078f3646f9918797b2725c0692
SSDeep	6144:PqhFUbDWDNnVIAblroH3sJhaLUFthIu5mzBCSUhBeDS8KfQ:P0FUXWRnC8QLUFLIomzQSKIso
Size	327455 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dldr.Ponmocup.A.211 Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Fakeav.327455 Panda = Suspicious file nProtect = Gen:Variant.Riern.1 K7AntiVirus = Riskware VBA32 = Trojan.Pirminay.cds TrendMicro-HouseCall = TROJ_GEN.R26C1F7 Emsisoft = Trojan.Win32.Pirminay!IK Comodo = TrojWare.Win32.Trojan.Agent.Gen CAT-QuickHeal = Win32.TrojanDownloader.Renos.KC.4 McAfee-GW-Edition = Generic Downloader.x!emj TrendMicro = TROJ_GEN.R26C1F7 Kaspersky = Trojan.Win32.Pirminay.cds Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Pirminay.A!tr PCTools = HeurEngine.MaliciousPacker Jiangmin = Trojan/Pirminay.ajz McAfee = Generic Downloader.x!emj F-Secure = Gen:Variant.Riern.1 VIPRE = Packed.Win32.Pirminay.a (v) Avast5 = Win32:Malware-gen eSafe = Win32.TRDldr.Ponmocu F-Prot = W32/FakeAlert.LP.gen!Eldorado AVG = Generic22.CHHY Norman = W32/Suspicious_Gen2.MRRHO Sophos = Mal/Ponmocup-A Symantec = Packed.Generic.305 GData = Gen:Variant.Riern.1 Commtouch = W32/FakeAlert.LP.gen!Eldorado TheHacker = Trojan/Pirminay.cds BitDefender = Gen:Variant.Riern.1 NOD32 = a variant of Win32/Kryptik.IAC
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:16 14:16:56-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 38912 Initialized Data Size : 570368 Uninitialized Data Size : 0 Entry Point : 0xa46c OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.0 Product Version Number : 5.2.3790.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : VDM Parallel Driver File Version : 5.2.3790.0 (srv03_rtm.030324-2048) Internal Name : parvdm.sys Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : parvdm.sys Product Name : Microsoft® Windows® Operating System Product Version : 5.2.3790.0
VirusTotal Report submitted 2011-07-10 08:48:36
VirusShare info last updated 2012-07-25 05:38:41

	MD5	5b2eae8a1dc4192ec096764f2bbb25e9
	SHA1	9b37f4d622c6d1c5e34f1f5560214db95432198d
	SHA256	3661a6e4569c1c91361551b909ab2143453d478be0522c9c2c43fddf3e4d6656
SSDeep	6144:LJQg59jTqYsJqVFRI+8Isst3dZp5eeIBSqGy19BsZcQ9b3u7RQvQpih:tQkB+YsJlst3dn/Iso9Mceu96eW
Size	385831 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dldr.Ponmocup.A.318 Avast = Win32:Kryptik-CIF [Trj] Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Gen.Variant.Zbot AhnLab-V3 = Win-Trojan/Pirminay.385831 Panda = Trj/CI.A Rising = Trojan.Win32.Generic.128A6EA6 nProtect = Trojan/W32.Pirminay.385831 K7AntiVirus = Riskware VirusBuster = Trojan.Agent!peFAdjz6nkQ VBA32 = Trojan.Pirminay.hmg TrendMicro-HouseCall = TROJ_GEN.R21C2FE Emsisoft = Gen.Variant.Zbot!IK Comodo = TrojWare.Win32.Trojan.Agent.Gen CAT-QuickHeal = Trojan.Pirminay.hmg McAfee-GW-Edition = Downloader.a!cj DrWeb = Trojan.DownLoader4.15477 TrendMicro = TROJ_GEN.R21C2FE Kaspersky = Trojan.Win32.Pirminay.hmg Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Kryptik.ANL!tr PCTools = Downloader.Generic Jiangmin = Trojan/Pirminay.agt McAfee = Downloader.a!cj F-Secure = Trojan.Generic.5904442 VIPRE = Trojan.Win32.Generic!BT eSafe = Win32.TRDldr.Ponmocu AVG = Generic22.AMNK Norman = W32/Obfuscated.L Sophos = Mal/Generic-L GData = Trojan.Generic.5904442 Symantec = Downloader TheHacker = Trojan/Pirminay.hmg BitDefender = Trojan.Generic.5904442 NOD32 = a variant of Win32/Kryptik.LVH
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:01:23 15:47:33-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 32768 Initialized Data Size : 679936 Uninitialized Data Size : 0 Entry Point : 0x4f22 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 6 Language Code : English (U.S.) Character Set : Unicode Company Name : Mmjzpowhb Viomnvsehrh File Description : MS Remote Access serial network driver File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : ASYNCMAC.SYS Legal Copyright : © Bettpbjaz Jgnujxtphay. All rights reserved. Original Filename : ASYNCMAC.SYS Product Name : Llopjrzri® Faajyhl® Voxzsotqw Cdldyh Product Version : 6.1.7600.16385
VirusTotal Report submitted 2011-10-07 17:49:20
VirusShare info last updated 2012-07-25 05:50:44

	MD5	5f87f4d1937da8eaab136be45f375201
	SHA1	cf738c3f1a5f7db1e4003c844891e2ebcb973daa
	SHA256	0f580d7a26711f58088cd199a7c1a49ba4ff197d8f9a0e13dd35f3f04a1eedb9
SSDeep	12288:vcPoomZNgt62usrVcStGfpip2OpNQ7/lUapIW5X+:vant9uaVHGopc/lU7
Size	450976 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.XPACK.Gen3 Avast = Win32:Vundo-JU [Trj] Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/CI.A nProtect = Trojan/W32.Pirminay.450976 K7AntiVirus = Riskware VBA32 = Trojan.Pirminay.idq TrendMicro-HouseCall = TROJ_GEN.R47C2H5 Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Pirminay.idq McAfee-GW-Edition = Artemis!5F87F4D1937D DrWeb = Trojan.DownLoader1.64352 TrendMicro = TROJ_GEN.R47C2H5 Kaspersky = Trojan.Win32.Pirminay.idq Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Ponmocup.B PCTools = Trojan.ADH Jiangmin = Trojan/Pirminay.aib McAfee = Artemis!5F87F4D1937D F-Secure = Gen:Variant.Zbot.34 VIPRE = Trojan.Win32.Generic!BT F-Prot = W32/Ponmocup.A.gen!Eldorado AVG = Generic22.CDLS Norman = W32/Suspicious_Gen2.MSPHL Sophos = Troj/Virtum-Gen GData = Gen:Variant.Zbot.34 Symantec = Trojan.ADH Commtouch = W32/Ponmocup.A.gen!Eldorado TheHacker = Trojan/Pirminay.idq BitDefender = Gen:Variant.Zbot.34 NOD32 = a variant of Win32/Kryptik.LLT
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:01:21 20:07:26-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 430080 Initialized Data Size : 311296 Uninitialized Data Size : 0 Entry Point : 0x65bef OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Pdtabukaf Corporation File Description : Microsoft Neutral Natural Language Server Data and Code File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : NlsData004c Legal Copyright : © Pcmszxoqe Corporation. All rights reserved. Original Filename : NlsData004c.dll Product Name : Bfojquonn® Chhuxzw® Zciaelija Rlhfzt Product Version : 6.1.7600.16385
VirusTotal Report submitted 2011-10-21 09:43:48
VirusShare info last updated 2012-07-25 05:55:19

	MD5	60cd83257a78f9f6535e23f9152f9fbe
	SHA1	7eb284fac72e7bf9bda790edc2fb5d5d1d222b26
	SHA256	c554d06c9e2420765a1d69d23147515e4abea6250ae4b288907bf6c50c7b4e02
SSDeep	3072:RMeDc8xyK2U/vkZvC5wjcQfv7L/goaAG0SzKiHi9MQEP/u8Ku:2eDc8xAouK+gQH7L/gbwSHHlQEPW8Ku
Size	151040 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/VB.Downloader.Gen Avast = Win32:Hosts-J Antiy-AVL = Trojan/Win32.Swisyn.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Swisyn Panda = Trj/Qhost.LU Rising = Trojan.Win32.QHost.awf nProtect = Trojan/W32.QHosts.151040 K7AntiVirus = Trojan VirusBuster = Trojan.Swisyn!whPY1JLc4mw VBA32 = SScope.Trojan.VB.0609 eTrust-Vet = Win32/Swisyn.R TrendMicro-HouseCall = TROJ_FAM_00001e3.TOMA Comodo = TrojWare.Win32.Swisyn.C CAT-QuickHeal = TrojanDownloader.Ponmocup.A3 McAfee-GW-Edition = Swisyn.s DrWeb = Trojan.Hosts.303 TrendMicro = TROJ_FAM_00001e3.TOMA Kaspersky = Trojan.Win32.Swisyn.jyb Microsoft = TrojanDownloader:Win32/Ponmocup.A ViRobot = Trojan.Win32.Swisyn.65024 Fortinet = W32/Swisyn.CQV!tr PCTools = Malware.Changeup Jiangmin = Trojan/Swisyn.cby McAfee = Swisyn.s F-Secure = Trojan.QHosts.AVD VIPRE = Trojan.Win32.Swisyn.jyb (v) Avast5 = Win32:Hosts-J F-Prot = W32/Swisyn.E.gen!Eldorado AVG = Dropper.VB.CMD Norman = W32/DLoader.ACMAD Sophos = Mal/Swisyn-D Symantec = W32.Changeup!gen GData = Trojan.QHosts.AVD Commtouch = W32/Swisyn.E.gen!Eldorado TheHacker = Trojan/Swisyn.jyb BitDefender = Trojan.QHosts.AVD NOD32 = Win32/Qhost.NRX
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:13 10:28:38-04:00 PE Type : PE32 Linker Version : 6.0 Code Size : 8192 Initialized Data Size : 8192 Uninitialized Data Size : 0 Entry Point : 0x1088 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2011-06-25 10:03:03
VirusShare info last updated 2012-07-25 05:56:44

	MD5	61d3ae462720d862102b29f5eaa01a7f
	SHA1	ddc2e772868d543e1f65471d422b225acea3ead5
	SHA256	40ad1f351cdbe0763fd0857e61c7e93ff5d46c5832706735e922cda4873f9804
SSDeep	6144:SVtisu1+wTe+owFK2nAZrgnLsqT2A/te9YJcnqpd+2AqkysHBg82JWXC:SVtiB1+oFUrSIU2xzqz+2AqkDHIJUC
Size	336388 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Spy.ZBot.34.67 Avast = Win32:Zbot-NDZ [Trj] Ikarus = Trojan-Downloader.Win32.Ponmocup AhnLab-V3 = Win-Trojan/Pirminay.336388 Panda = Trj/CI.A nProtect = Trojan/W32.Pirminay.336388 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!Z53Lb6AfZ1M TrendMicro-HouseCall = TROJ_GEN.R21C2G6 Comodo = UnclassifiedMalware Emsisoft = Trojan-Downloader.Win32.Ponmocup!IK CAT-QuickHeal = Trojan.Pirminay.iig McAfee-GW-Edition = Heuristic.BehavesLike.Win32.Downloader.H TrendMicro = TROJ_GEN.R21C2G6 Kaspersky = Trojan.Win32.Pirminay.iig Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = PossibleThreat PCTools = Trojan.ADH Jiangmin = Trojan/Generic.jhnq McAfee = Artemis!61D3AE462720 F-Secure = Gen:Variant.Zbot.34 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Zbot-NDZ [Trj] AVG = Generic22.CDWM Norman = W32/Obfuscated.L Sophos = Mal/Generic-L GData = Gen:Variant.Zbot.34 Symantec = Trojan.ADH TheHacker = Trojan/Kryptik.lxf BitDefender = Gen:Variant.Zbot.34 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2007:02:03 21:49:44-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 327680 Initialized Data Size : 323584 Uninitialized Data Size : 0 Entry Point : 0x50320 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6001.18000 Product Version Number : 6.0.6001.18000 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Nalsdpqlw Dyvneekmzyn File Description : WDM Streaming Crossbar File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840) Internal Name : ksxbar.ax Legal Copyright : © Dcpdfeojw Mkhegegqkax. All rights reserved. Original Filename : ksxbar.ax Product Name : Niebhswqb® Yqzzeyu® Lvuovyooh Sefyyz Product Version : 6.0.6001.18000
VirusTotal Report submitted 2011-08-23 09:53:57
VirusShare info last updated 2012-07-25 05:57:56

	MD5	6256f9147120c1140ad8ffaf0029b641
	SHA1	3fcf7362469272d72ed7d255e22423c912820f6e
	SHA256	e3a61ae0944114b1c70e2cf1faa118c37943d29e199e608222e973486b83b338
SSDeep	6144:olepsDw9tqs+XvXfe8F6qTVvFLnAAdcTWjb81KEkXKhsYG1O0aB1MNb4I8Ig:8euDCtJ2e8oyLnZcT8b8EusU1H
Size	475664 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Meredrop.A.7092 Avast = Win32:Kryptik-CEG [Trj] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Pirminay.475664 Panda = Trj/CI.A nProtect = Trojan/W32.Pirminay.475664 K7AntiVirus = Riskware VirusBuster = Trojan.Agent!aubT9zzDcq0 Comodo = TrojWare.Win32.Trojan.Agent.Gen Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Generic.dx!zuj Kaspersky = Trojan.Win32.Pirminay.gps Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Pirminay.GPS!tr McAfee = Generic.dx!zuj F-Secure = Trojan.Generic.5860493 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Vundo-JU [Trj] AVG = Generic22.ACBE Norman = W32/Obfuscated.L Sophos = Mal/Generic-L GData = Trojan.Generic.5860493 BitDefender = Trojan.Generic.5860493 NOD32 = probably a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:09 04:36:18-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 32768 Initialized Data Size : 864256 Uninitialized Data Size : 0 Entry Point : 0x4e9f OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.2180 Product Version Number : 5.1.2600.2180 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Dhepkfnfz Eptkmpupdoi File Description : WMI SDK Provider Framework File Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Internal Name : framedyn.dll Legal Copyright : © Ulzjedydn Jjjzkdegktv. All rights reserved. Original Filename : framedyn.dll Product Name : Tliqeseeg® Windows® Jqsjahvtr Xffbkh Product Version : 5.1.2600.2180
VirusTotal Report submitted 2011-07-17 19:38:40
VirusShare info last updated 2012-07-25 05:58:32

	MD5	631d07a794aabca9a9279c1063b2e581
	SHA1	8ce0a41468c586a72328be80ff28d212553f9898
	SHA256	90d289d2e9f4757cae5b22664692bcbddf69f7a5fb1725cdbdf08bd8f3d35435
SSDeep	1536:2IRidtz+c7DRPRvp79k5wHwsFZ776ONBJjIm3jQ27E+pj5CHo:RRidtzzfh379ZF5LNP427PpgI
Size	90624 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/VB.Downloader.Gen Avast = Win32:Hosts-J Antiy-AVL = Trojan/Win32.Swisyn.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Swisyn Panda = Trj/Qhost.LU Rising = Trojan.Win32.QHost.awf nProtect = Trojan/W32.Swisyn.90624.C K7AntiVirus = Trojan VirusBuster = Trojan.Swisyn!whPY1JLc4mw VBA32 = SScope.Trojan.VB.0609 eTrust-Vet = Win32/Swisyn.R TrendMicro-HouseCall = TROJ_FAM_00001e3.TOMA Comodo = TrojWare.Win32.Swisyn.C CAT-QuickHeal = TrojanDownloader.Ponmocup.A3 SUPERAntiSpyware = Trojan.Agent/Gen-HackHost McAfee-GW-Edition = Heuristic.BehavesLike.Win32.Downloader.D DrWeb = Trojan.Hosts.303 TrendMicro = TROJ_FAM_00001e3.TOMA Kaspersky = Trojan.Win32.Swisyn.jyb Microsoft = TrojanDownloader:Win32/Ponmocup.A ViRobot = Trojan.Win32.Swisyn.65024 Fortinet = W32/Swisyn.CQV!tr PCTools = Malware.Changeup Jiangmin = Trojan/Swisyn.cby McAfee = Swisyn.s F-Secure = Trojan.QHosts.AVD VIPRE = Trojan.Win32.Swisyn.jyb (v) Avast5 = Win32:Hosts-J eSafe = Win32.TRVB.Downloade F-Prot = W32/Swisyn.E.gen!Eldorado AVG = Dropper.VB.CMD Norman = W32/DLoader.ACMAD Sophos = Mal/Swisyn-D Symantec = W32.Changeup!gen GData = Trojan.QHosts.AVD Commtouch = W32/Swisyn.E.gen!Eldorado TheHacker = Trojan/Swisyn.jyb BitDefender = Trojan.QHosts.AVD NOD32 = Win32/Qhost.NRX
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:13 10:28:38-04:00 PE Type : PE32 Linker Version : 6.0 Code Size : 8192 Initialized Data Size : 8192 Uninitialized Data Size : 0 Entry Point : 0x1088 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2011-06-22 06:21:46
VirusShare info last updated 2012-07-25 05:59:31

	MD5	6373c5ce6b23e9b40c8f5c35620160f3
	SHA1	51fc3d32046dfb1b57a916503b6f80e1c688fb11
	SHA256	0a61f36de086ca2f117ede62133917d5889d7c4b0642ee234bcdbe621b934c27
SSDeep	6144:/s2W1fP41l3uWBpaMU/sEOSdFoWby3/XwpbCSRk/SIpybzcdMxiElUY:/nAP4b3hBpahoKFotIpbli61i+
Size	377743 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Pirminay.377743 Panda = Trj/CI.A nProtect = Trojan/W32.Pirminay.377743 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!iIj013cNUsw TrendMicro-HouseCall = TROJ_GEN.R72C2EC Emsisoft = Trojan.Win32.Pirminay!IK Comodo = TrojWare.Win32.Trojan.Agent.Gen CAT-QuickHeal = Trojan.Pirminay.gyo McAfee-GW-Edition = Heuristic.BehavesLike.Win32.Downloader.H TrendMicro = TROJ_GEN.R72C2EC Kaspersky = Trojan.Win32.Pirminay.gyo Microsoft = TrojanDownloader:Win32/Ponmocup.A PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.xc McAfee = Generic Downloader.x!fyh F-Secure = Trojan.Generic.6074040 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Vundo-JU [Trj] F-Prot = W32/Ponmocup.A.gen!Eldorado AVG = Generic22.AMJP Norman = W32/Suspicious_Gen2.MAYEK Sophos = Mal/Ponmocup-A Symantec = Trojan.Gen GData = Trojan.Generic.6074040 Commtouch = W32/Ponmocup.A.gen!Eldorado TheHacker = Trojan/Pirminay.gnd BitDefender = Trojan.Generic.6074040 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:05:21 21:17:45-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 65536 Initialized Data Size : 618496 Uninitialized Data Size : 0 Entry Point : 0xd1d3 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Unicode Company Name : Eryduwifz Hmurngryhfm File Description : Bluetooth Communications Driver File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : bthmodem.sys Legal Copyright : © Fcazatwtn Ubkoniyrbok. All rights reserved. Original Filename : bthmodem.sys Product Name : Pakwqcvwx® Cqtaohn® Vbjzmuigl Wnwjrm Product Version : 6.1.7600.16385
VirusTotal Report submitted 2011-08-16 15:41:36
VirusShare info last updated 2012-07-25 05:59:58

	MD5	643aa00adbbd4a84b6646d3828b1fe69
	SHA1	d3cbfa86756ecb7d9448251781b1dd8c3de510cc
	SHA256	531a8f33ac3b7bdd68944d2b5d24189fc491d9394528224cade85c6d419db7d4
SSDeep	6144:b/VJmfC0G9r69IUjJIBb59VOI27P+kgGws62uZukRX4iMyVPzXfVvE5YEdJWqx:b/VJmfC0GkpJIt59VOI2j+/GXduu6X4f
Size	365028 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:Pirminay-W [Trj] Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Pirminay.365028.B Panda = Trj/CI.A nProtect = Trojan/W32.Pirminay.365028 K7AntiVirus = Riskware VirusBuster = Trojan.Agent!wWzOKfPZuS4 TrendMicro-HouseCall = TROJ_GEN.R21C2F3 Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Generic Downloader.x!fys TrendMicro = TROJ_GEN.R21C2F3 Kaspersky = Trojan.Win32.Pirminay.gvw Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Pirminay.A!tr PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.xg McAfee = Generic Downloader.x!fys ClamAV = Trojan.Pirminay-1 F-Secure = Trojan.Generic.5867365 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Pirminay-W [Trj] AVG = Generic22.AFGV Norman = W32/Suspicious_Gen2.MSUEL Sophos = Mal/Ponmocup-A Symantec = Trojan.Gen GData = Trojan.Generic.5867365 TheHacker = Trojan/Pirminay.giu BitDefender = Trojan.Generic.5867365 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:18 11:12:37-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 57344 Initialized Data Size : 593920 Uninitialized Data Size : 0 Entry Point : 0xae8f OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 9.1.1.3841 Product Version Number : 9.1.1.3841 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Ijlmnyuen Caxlrympeju File Description : Kbhqrel Media Services HTTP Control Protocol Plugin Property Page File Version : 9.01.01.3841 (srv03_sp2_rtm.070216-1710) Internal Name : WMSHTTPControlPropPage.Dll Legal Copyright : © Ylqzeicer Peheyysfnid. All rights reserved. Original Filename : WMSHTTPControlPropPage.Dll Product Name : Qehnslxou® Ctogeij Media Services Product Version : 9.01.01.3841
VirusTotal Report submitted 2011-07-17 20:19:43
VirusShare info last updated 2012-07-25 06:00:56

	MD5	6916a87aa80cf6a4c4c22cceacc92c87
	SHA1	110053a67fb17095c7c7aa71f322fd98b8fbc0be
	SHA256	19a2f0bc4d8f8a6754f0f3c31ac7d7a3cc4a302e50e117962876c62789eacbd4
SSDeep	3072:R02VRBdL1v83+j0D18ZI8LsjfKr9LbxLXCq0e:qIshAI8LsOrTLyq0e
Size	131072 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/VB.Downloader.Gen Avast = Win32:Hosts-J Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Swisyn Panda = Trj/Qhost.LU Rising = Trojan.Win32.QHost.awf nProtect = Trojan/W32.Swisyn.131072.T K7AntiVirus = Trojan VirusBuster = Trojan.Swisyn!whPY1JLc4mw VBA32 = SScope.Trojan.VB.0609 eTrust-Vet = Win32/Swisyn.R TrendMicro-HouseCall = TROJ_FAM_00001e3.TOMA Comodo = TrojWare.Win32.Swisyn.C CAT-QuickHeal = TrojanDownloader.Ponmocup.A3 SUPERAntiSpyware = Trojan.Agent/Gen-HackHost McAfee-GW-Edition = Heuristic.BehavesLike.Win32.Downloader.A DrWeb = Trojan.Hosts.303 TrendMicro = TROJ_FAM_00001e3.TOMA Kaspersky = Trojan.Win32.Swisyn.jyb Microsoft = TrojanDownloader:Win32/Ponmocup.A ViRobot = Trojan.Win32.Swisyn.65024 Fortinet = W32/Swisyn.CQV!tr PCTools = Malware.Changeup Jiangmin = Trojan/Swisyn.cby McAfee = Swisyn.s F-Secure = Trojan.QHosts.AVD VIPRE = Trojan.Win32.Swisyn.jyb (v) Avast5 = Win32:Hosts-J F-Prot = W32/Swisyn.E.gen!Eldorado AVG = Dropper.VB.CMD Norman = W32/DLoader.ACMAD Sophos = Mal/Swisyn-D Symantec = W32.Changeup!gen GData = Trojan.QHosts.AVD Commtouch = W32/Swisyn.E.gen!Eldorado TheHacker = Trojan/Swisyn.jyb BitDefender = Trojan.QHosts.AVD NOD32 = Win32/Qhost.NRX
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:13 10:28:38-04:00 PE Type : PE32 Linker Version : 6.0 Code Size : 8192 Initialized Data Size : 8192 Uninitialized Data Size : 0 Entry Point : 0x1088 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2011-07-03 20:51:31
VirusShare info last updated 2012-07-25 06:06:35

	MD5	6ae10e648baa7922a195541924b66c86
	SHA1	0ea5df9813d3059e502f03f60792502306310ae3
	SHA256	4962f10ec5241c8a365c9bcccce55159a19da8a53be697685ef78f9dc08ce096
SSDeep	6144:+6tONKkzGXOT8749jB/mCGdyIEyVh5GIjeX3f/Hc2dVStg5Aqpqf3rzV:+6tON3zG+T8E9N4Jv5GIq//Bd4l7f7zV
Size	335884 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Generic Trojan Rising = Trojan.Win32.Generic.128A0CF9 nProtect = Trojan/W32.Agent.335884 K7AntiVirus = Riskware VirusBuster = Trojan.Agent!4DjjY6wyUv0 VBA32 = Trojan.Pirminay.iet TrendMicro-HouseCall = TROJ_GEN.R47C2FJ Comodo = TrojWare.Win32.Trojan.Agent.Gen Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Generic.dx!zvi DrWeb = Trojan.DownLoader4.11794 TrendMicro = TROJ_GEN.R47C2FJ Kaspersky = Trojan.Win32.Pirminay.iet Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Pirminay.A!tr PCTools = Trojan.ADH Jiangmin = Trojan/Generic.gowm McAfee = Generic.dx!zvi F-Secure = Trojan.Generic.6147116 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Malware-gen AVG = Generic22.CNFT Norman = W32/Suspicious_Gen2.MUMEQ Sophos = Mal/Ponmocup-A GData = Trojan.Generic.6147116 TheHacker = Trojan/Kryptik.llt BitDefender = Trojan.Generic.6147116 NOD32 = a variant of Win32/Kryptik.LLT
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2002:08:22 12:28:08-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 335872 Initialized Data Size : 4096 Uninitialized Data Size : 409600 Entry Point : 0xb60c0 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Jyhguogah Qfxydluqvxx File Description : DHCP Client Service File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : dhcpcsvc.dll Legal Copyright : © Fsicgstyd Qalyarmxnoi. All rights reserved. Original Filename : dhcpcsvc.dll Product Name : Isjsosxzm® Bybilfm® Kqhxswhoi Adkrxv Product Version : 6.1.7600.16385
VirusTotal Report submitted 2011-07-21 21:51:49
VirusShare info last updated 2012-07-25 06:08:57

	MD5	6cf6da1af9f8b67eb2afb36d6d79a454
	SHA1	33ff935694343f13e64836266ca6a1b3076dc7ec
	SHA256	d622f11dbabc46676ce3593933ca76bd40cd1574132477adfcb442db9b341c7a
SSDeep	1536:qPQdY/Vgs4zkLxzTNjDIYdgkl41n1dWDbYz1QAkzADn12t:2TgRYHjDInc411ibzzAD12
Size	77312 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.XPACK.Gen Avast = Win32:Malware-gen Ikarus = Win32.SuspectCrc AhnLab-V3 = Trojan/Win32.HDC Panda = Trj/CI.A nProtect = Gen:Variant.Graftor.2702 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!l/v2ki3+QiQ TrendMicro-HouseCall = TROJ_GEN.R4FC8K5 Emsisoft = Win32.SuspectCrc!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Generic.dx!bbmg Fortinet = W32/Kryptik.TMS!tr PCTools = Trojan.Gen McAfee = Generic.dx!bbmg F-Secure = Gen:Variant.Graftor.2702 VIPRE = Trojan.Win32.Generic!BT AVG = Generic25.AIJJ Norman = W32/Suspicious_Gen2.RWLST Symantec = Trojan.Gen.2 GData = Gen:Variant.Graftor.2702 Commtouch = W32/GenBl.6CF6DA1A!Olympus BitDefender = Gen:Variant.Graftor.2702 NOD32 = Win32/Ponmocup.AA
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 20480 Initialized Data Size : 57344 Uninitialized Data Size : 0 Entry Point : 0x140e OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.0.2195.6684 Product Version Number : 5.0.2195.6684 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : ASCII Company Name : Hilgraeve, Inc. File Description : HyperTerminal Applet Library File Version : 5.00.2195.6684 Internal Name : hticons Legal Copyright : Copyright © Hilgraeve, Inc. 1999 Legal Trademarks : HyperTerminal ® is a registered trademark of Hilgraeve, Inc. Original Filename : HTICONS.DLL Product Name : Jpcfyoaqz(R) Muudshd (R) 2000 Hobdqrvan Vjtmse Product Version : 5.00.2195.6684 Comments : HyperTerminal ® was developed by Hilgraeve, Inc.
VirusTotal Report submitted 2011-11-09 00:18:36
VirusShare info last updated 2012-07-25 06:11:12

	MD5	73cc77e49c1069df9598d6133d046999
	SHA1	1a9d9683d56306d828df2fdd6da5dbfad79ca67d
	SHA256	0271b73ce600478a69a458731d9572030bfc3e378457a1741c3adf8bfd0c6bdf
SSDeep	6144:b/VJmfC0G9r69IUjJIBb59VOI27P+kgGws62uZukRX4iMyVPzXfVvE5YEdJWqU:b/VJmfC0GkpJIt59VOI2j+/GXduu6X4u
Size	365098 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:Pirminay-W [Trj] Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Pirminay.365098 Panda = Trj/CI.A Rising = Trojan.Win32.Generic.128D11AF nProtect = Trojan/W32.Pirminay.365098 K7AntiVirus = Riskware VirusBuster = Trojan.Agent!wWzOKfPZuS4 TrendMicro-HouseCall = TROJ_GEN.R21C2F3 Comodo = TrojWare.Win32.Trojan.Agent.Gen Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Pirminay.gvv SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Heuristic.BehavesLike.Win32.Downloader.H DrWeb = Trojan.DownLoader4.45469 TrendMicro = TROJ_GEN.R21C2F3 Kaspersky = Trojan.Win32.Pirminay.gvv Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Ponmocup.A PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.xg McAfee = Generic Downloader.x!fyu ClamAV = Trojan.Pirminay-1 F-Secure = Trojan.Generic.5867365 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Pirminay-W [Trj] eSafe = Win32.Fakealert.Sesh F-Prot = W32/Ponmocup.A.gen!Eldorado AVG = Generic22.AFGV Sophos = Mal/Ponmocup-A Symantec = Trojan.Gen GData = Trojan.Generic.5867365 Commtouch = W32/Ponmocup.A.gen!Eldorado TheHacker = Trojan/Pirminay.giu BitDefender = Trojan.Generic.5867365 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:18 11:12:37-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 57344 Initialized Data Size : 593920 Uninitialized Data Size : 0 Entry Point : 0xae8f OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 9.1.1.3841 Product Version Number : 9.1.1.3841 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Ijlmnyuen Caxlrympeju File Description : Kbhqrel Media Services HTTP Control Protocol Plugin Property Page File Version : 9.01.01.3841 (srv03_sp2_rtm.070216-1710) Internal Name : WMSHTTPControlPropPage.Dll Legal Copyright : © Ylqzeicer Peheyysfnid. All rights reserved. Original Filename : WMSHTTPControlPropPage.Dll Product Name : Qehnslxou® Ctogeij Media Services Product Version : 9.01.01.3841
VirusTotal Report submitted 2011-08-27 18:19:21
VirusShare info last updated 2012-07-25 06:18:48

	MD5	75b733953ae1a6099e27e909ab50260c
	SHA1	78bf0261a5382908cde058cdda7c0a83d1c3c5c2
	SHA256	739b8dff3d1d44ea8706effd785ff38222acc3c1927a7fcff3543ade2fcc58af
SSDeep	12288:ObUCBu7NT/KXmivtyz6Nr74YFUMKMykQzgPdnY:ObpMNT/KWIfr74YyjkQzgS
Size	462183 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.XPACK.Gen2 Avast = Win32:Malware-gen Antiy-AVL = Trojan/win32.agent.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/CI.A Rising = Backdoor.Win32.Fednu.lz K7AntiVirus = Trojan VirusBuster = Trojan.DL.Agent!96TWS5pZuQ4 TrendMicro-HouseCall = TROJ_GEN.R47C2FR Comodo = TrojWare.Win32.Trojan.Agent.Gen McAfee-GW-Edition = Artemis!75B733953AE1 DrWeb = Trojan.DownLoader3.55391 TrendMicro = TROJ_GEN.R47C2FR Kaspersky = Trojan.Win32.Pirminay.jni ViRobot = Trojan.Win32.Pirminay.462183 Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Pirminay.JNI!tr PCTools = Trojan.ADH Jiangmin = Trojan/Pirminay.agi McAfee = Suspect-BA!75B733953AE1 F-Secure = Trojan.Generic.6192036 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Malware-gen eSafe = Win32.TRCrypt.XPACK AVG = SHeur3.CGQQ Norman = W32/Suspicious_Gen2.MZYIK Sophos = Mal/Generic-L Symantec = Trojan.ADH GData = Trojan.Generic.6192036 BitDefender = Trojan.Generic.6192036 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:03:30 09:10:41-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 438272 Initialized Data Size : 24576 Uninitialized Data Size : 557056 Entry Point : 0xf3a00 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2011-07-03 20:52:36
VirusShare info last updated 2012-07-25 06:21:09

	MD5	778c651c4d68f92e4f8a97bd762d0142
	SHA1	582efde1d1aef59809b3f15f0efdc95368428c93
	SHA256	caea5343d0bf79c698938d4f9ad30068e4b0f2541ebaa468b8f8336c84a7869c
SSDeep	12288:qmuH1B7lSJhEypUOGtPM7sYGLL7LXBjNqV2oxF:qLIz2FV6AL79jC2A
Size	469469 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Spy.469366 Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Suspicious file nProtect = Trojan/W32.Pirminay.469469 K7AntiVirus = Trojan VBA32 = Trojan.Pirminay.hsg TrendMicro-HouseCall = TROJ_GEN.R01C2F3 Comodo = TrojWare.Win32.Trojan.Agent.Gen Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Pirminay.hsg McAfee-GW-Edition = Heuristic.BehavesLike.Win32.Suspicious.H DrWeb = Trojan.DownLoader3.6836 TrendMicro = TROJ_GEN.R01C2F3 Kaspersky = Trojan.Win32.Pirminay.hsg Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Pirminay.A!tr PCTools = Trojan.ADH McAfee = Generic Downloader.x!fyq F-Secure = Gen:Trojan.Heur.JP.Cq1@ai5OImzS VIPRE = Trojan.Win32.Generic!SB.0 Avast5 = Win32:Vundo-JU eSafe = Win32.GenHeur.JP.Cq@ AVG = SHeur3.CBNM Norman = W32/Obfuscated.L Sophos = Mal/Ponmocup-A Symantec = Trojan.ADH GData = Gen:Trojan.Heur.JP.Cq1@ai5OImzS TheHacker = Trojan/Pirminay.hsg BitDefender = Gen:Trojan.Heur.JP.Cq1@ai5OImzS NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:17 06:51:31-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 65536 Initialized Data Size : 761856 Uninitialized Data Size : 0 Entry Point : 0xce33 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 0.3.1281.0 Product Version Number : 6.0.5479.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 12 Language Code : Arabic Character Set : Unicode Company Name : Microsoft Corporation File Description : برنامج تشغيل SEIKOSH9 File Version : 6.0.5479.0 (vbl_wcp_d2_drivers.060616-1619) Internal Name : SEK9RES.dll Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : SEK9RES.dll Product Name : Microsoft® Windows® Operating System Product Version : 6.0.5479.0
VirusTotal Report submitted 2011-07-21 13:08:04
VirusShare info last updated 2012-07-25 06:23:06

	MD5	7c6d5eadaddb053f18e4774fc6ec1ffe
	SHA1	39ce0384f3dff87c1d8e13c0610b335538cc3b41
	SHA256	61a8d8b83c264a33957b5fb3095d273f035e825beba61558a5e5442fa4cecd6c
SSDeep	1536:2IIG5aPKv9uchwfv2RLioqJcsHYhrXpSq/JcKKv4fhd1Ikvw:R8K3wHoNs47t7d14
Size	85504 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/VB.Downloader.Gen Avast = Win32:Hosts-J [Trj] Ikarus = Trojan.Win32.Swisyn AhnLab-V3 = Trojan/Win32.Swisyn Panda = Trj/Qhost.LU Rising = Trojan.Win32.QHost.awf nProtect = Trojan/W32.Swisyn.85504.C K7AntiVirus = Trojan VirusBuster = Trojan.Swisyn!whPY1JLc4mw VBA32 = SScope.Trojan.VB.0609 eTrust-Vet = Win32/Swisyn.R TrendMicro-HouseCall = TROJ_FAM_00001e3.TOMA Comodo = TrojWare.Win32.Swisyn.C Emsisoft = Trojan.Win32.Swisyn!IK CAT-QuickHeal = TrojanDownloader.Ponmocup.A3 SUPERAntiSpyware = Trojan.Agent/Gen-HackHost McAfee-GW-Edition = Heuristic.BehavesLike.Win32.Downloader.D DrWeb = Trojan.Hosts.303 TrendMicro = TROJ_FAM_00001e3.TOMA Kaspersky = Trojan.Win32.Swisyn.jyb ViRobot = Trojan.Win32.Swisyn.65024 Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Swisyn.CQV!tr PCTools = Malware.Changeup Jiangmin = Trojan/Swisyn.cby McAfee = Swisyn.s ClamAV = Trojan.VB-43290 F-Secure = Trojan.QHosts.AVD VIPRE = Trojan.Win32.Swisyn.jyb (v) Avast5 = Win32:Hosts-J [Trj] F-Prot = W32/Swisyn.E.gen!Eldorado AVG = Dropper.VB.CMD Norman = W32/DLoader.ACMAD Sophos = Mal/Swisyn-D GData = Trojan.QHosts.AVD Symantec = W32.Changeup!gen Commtouch = W32/Swisyn.E.gen!Eldorado TheHacker = Trojan/Swisyn.jyb BitDefender = Trojan.QHosts.AVD NOD32 = Win32/Qhost.NRX
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:13 10:28:38-04:00 PE Type : PE32 Linker Version : 6.0 Code Size : 8192 Initialized Data Size : 8192 Uninitialized Data Size : 0 Entry Point : 0x1088 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2011-09-12 07:02:01
VirusShare info last updated 2012-07-25 06:28:29

	MD5	7f062f2bc4bf90887683de077efb94b7
	SHA1	931adba508011a3a7c3273246a2960d2d9c0c756
	SHA256	b792d9d547a7011e3920f251862cb4de64571dcf6dfecb634c96dbea396df528
SSDeep	3072:RhxsjTMHQ1lOSiMycP1E3HvXkgad5t1WAblHt2KWr0P:zoLl0c9E3HvVa6AhHYgP
Size	119296 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/VB.Downloader.Gen Avast = Win32:Hosts-J Antiy-AVL = Trojan/Win32.Swisyn.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Swisyn Panda = Trj/Qhost.LU Rising = Trojan.Win32.QHost.awf nProtect = Trojan.QHosts.AVD K7AntiVirus = Trojan VirusBuster = Trojan.Swisyn!whPY1JLc4mw VBA32 = SScope.Trojan.VB.0609 eTrust-Vet = Win32/Swisyn.R TrendMicro-HouseCall = TROJ_FAM_00001e3.TOMA Comodo = TrojWare.Win32.Swisyn.C Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = TrojanDownloader.Ponmocup.A3 SUPERAntiSpyware = Trojan.Agent/Gen-HackHost McAfee-GW-Edition = Heuristic.BehavesLike.Win32.Downloader.A DrWeb = Trojan.Hosts.303 TrendMicro = TROJ_FAM_00001e3.TOMA Kaspersky = Trojan.Win32.Swisyn.jyb Microsoft = TrojanDownloader:Win32/Ponmocup.A ViRobot = Trojan.Win32.Swisyn.65024 Fortinet = W32/Swisyn.CQV!tr PCTools = Malware.Changeup Jiangmin = Trojan/Swisyn.cby McAfee = Swisyn.s F-Secure = Trojan.QHosts.AVD VIPRE = Trojan.Win32.Swisyn.jyb (v) Avast5 = Win32:Hosts-J eSafe = Win32.TRVB.Downloade F-Prot = W32/Swisyn.E.gen!Eldorado AVG = Dropper.VB.CMD Norman = W32/DLoader.ACMAD Sophos = Mal/Swisyn-D Symantec = W32.Changeup!gen GData = Trojan.QHosts.AVD Commtouch = W32/Swisyn.E.gen!Eldorado TheHacker = Trojan/Swisyn.jyb BitDefender = Trojan.QHosts.AVD NOD32 = Win32/Qhost.NRX
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:13 10:28:38-04:00 PE Type : PE32 Linker Version : 6.0 Code Size : 8192 Initialized Data Size : 8192 Uninitialized Data Size : 0 Entry Point : 0x1088 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2011-05-29 05:40:53
VirusShare info last updated 2012-07-25 06:31:38

	MD5	858127df48e3e6895937b4c203a37b5f
	SHA1	5c8d425f4dba1bf0c68d8cfd5ed40256dddd7095
	SHA256	94387cd4a9af0fd33c33e57864ca5bd7d9c4ac18b00ff6240cb5c49bdc732373
SSDeep	6144:DO3QZWSbGSoaj7lWgvYx8w4LgSipqqebJBBDP6pXLGsJTXB+HhZ:qgZWSGSoaAHxf4LgScpYfQXPP+Z
Size	401877 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Spy.ZBot.34.40 Avast = Win32:Kryptik-CLM [Trj] Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay Panda = Trj/CI.A Rising = Trojan.Win32.Generic.128D1155 nProtect = Trojan/W32.Pirminay.401877 K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_GEN.R21C2F4 Comodo = TrojWare.Win32.Trojan.Agent.Gen Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Pirminay.hnz McAfee-GW-Edition = Artemis!858127DF48E3 DrWeb = Trojan.DownLoader4.45482 TrendMicro = TROJ_GEN.R21C2F4 Kaspersky = Trojan.Win32.Pirminay.hnz Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Pirminay.HNZ!tr PCTools = Trojan.ADH McAfee = Artemis!858127DF48E3 F-Secure = Gen:Variant.Zbot.34 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Kryptik-CLM [Trj] AVG = Generic22.ASQB Norman = W32/Obfuscated.L Sophos = Mal/Generic-L Symantec = Trojan.ADH GData = Gen:Variant.Zbot.34 TheHacker = Trojan/Pirminay.hnz BitDefender = Gen:Variant.Zbot.34 NOD32 = probably a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:13 01:25:12-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 49152 Initialized Data Size : 675840 Uninitialized Data Size : 0 Entry Point : 0x93f6 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1.0.3705.6018 Product Version Number : 1.0.3705.6018 File Flags Mask : 0x003f File Flags : Special build File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Windows, Latin1 Platform : Eqsxgux 95 and Npsavsr NT (I386) Company Name : Juwcbksbd Jpzxbpqprys File Description : Elzpmvjln .NET Security module File Version : 1.0.3705.6018 Internal Name : mscorsec.DLL Legal Copyright : Copyright © Yvevpmrsg Ydtlygrubbl 1998-2001. All rights reserved. Legal Trademarks : Rfrvjvzrr® is a registered trademark of Izdcqftfb Twfhgfmjcoc. Lvbclrt(TM) is a trademark of Kmxjahgsr Rmvpfppxwcc Original Filename : mscorsec.dll Product Name : Fjaikogvv .NET Framework Product Version : 1.0.3705.6018 Comments : Dgurbvsrc .NET Security module
VirusTotal Report submitted 2011-08-27 10:44:16
VirusShare info last updated 2012-07-25 06:38:57

	MD5	87b346a1a506ace70aaf01e12805fe36
	SHA1	44836078ff6a6d06cf7c7b7f8f7f171cbf0e9d03
	SHA256	5351072d5cd1949f4a5d56fc5bf1b5ccf8607fb90919c9e13a37ef6751b8c165
SSDeep	6144:DRNIHCgaZAxxiQKmYIN53cjIPqzB02DnPFBspq5ZWOZ78eMppn1gLvkGc3pTtxuI:DRNRgakxLKmYIAIqzB02Xg0ZWK8fgLvk
Size	365042 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Pirminay.hfj.1 Avast = Win32:Pirminay-W [Trj] Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Pirminay.365042 Panda = Trj/CI.A nProtect = Trojan/W32.Pirminay.365042 K7AntiVirus = Trojan VirusBuster = Trojan.Agent!u3/P2DXySRc TrendMicro-HouseCall = TROJ_GEN.R21C2F4 Emsisoft = Trojan.Win32.Pirminay!IK Comodo = TrojWare.Win32.Trojan.Agent.Gen CAT-QuickHeal = Trojan.Pirminay.hph McAfee-GW-Edition = Downloader.a!ck TrendMicro = TROJ_GEN.R21C2F4 Kaspersky = Trojan.Win32.Pirminay.hph Microsoft = TrojanDownloader:Win32/Ponmocup.A ViRobot = Trojan.Win32.Generic.365028 PCTools = Trojan.Gen McAfee = Downloader.a!ck F-Secure = Trojan.Generic.KDV.223150 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Pirminay-W [Trj] AVG = Generic22.ATCZ Norman = W32/Suspicious_Gen2.MPNKC Sophos = Mal/Ponmocup-A Symantec = Trojan.Gen GData = Trojan.Generic.KDV.223150 TheHacker = Trojan/Pirminay.hfj BitDefender = Trojan.Generic.KDV.223150 NOD32 = a variant of Win32/Kryptik.LNR
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:22 13:03:23-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 339968 Initialized Data Size : 307200 Uninitialized Data Size : 0 Entry Point : 0x504e6 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.2180 Product Version Number : 5.1.2600.2180 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Unicode Company Name : Gnfivrjgy Bpuwpckefsk File Description : Control Method Battery Driver File Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Internal Name : cmbatt.sys Legal Copyright : © Gszlxylwj Jcavetxiddb. All rights reserved. Original Filename : cmbatt.sys Product Name : Zehsvgyfp® Dsnxavt® Ncsbwixgd Salneo Product Version : 5.1.2600.2180
VirusTotal Report submitted 2011-08-16 15:34:34
VirusShare info last updated 2012-07-25 06:41:32

	MD5	8dafdb437e6dfd30a991beb5584f8af2
	SHA1	274dc448cba5ed04ece69e1f7858d17ca90942af
	SHA256	55281d8188c086f74f7d510cc42a3a30a72ff8e71832b1b5bee30a472345ee1c
SSDeep	6144:ZipJJfApnditg26l+DncQ4UTqWH2yJRMpghCPdV41bhfkp/gdiphgzjbQv:ZirondKUbly70p/uizgjMv
Size	385469 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:Kryptik-CEE [Trj] Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Pirminay.385469 Panda = Trj/CI.A nProtect = Trojan/W32.Pirminay.385469 K7AntiVirus = Trojan VirusBuster = Trojan.Agent!8Rexo9O+rHQ VBA32 = Trojan.Pirminay.ghu TrendMicro-HouseCall = TROJ_GEN.R21C1F3 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Pirminay.gqy SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[RE] McAfee-GW-Edition = Heuristic.BehavesLike.Win32.Suspicious.H TrendMicro = TROJ_GEN.R21C1F3 Kaspersky = Trojan.Win32.Pirminay.gqy Microsoft = TrojanDownloader:Win32/Ponmocup.A PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.wy McAfee = Generic Downloader.x!fym F-Secure = Trojan.Generic.KDV.210238 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Vundo-JU [Trj] AVG = SHeur3.BYDE Norman = W32/Suspicious_Gen2.MQBNC Sophos = Mal/Generic-L Symantec = Trojan.Gen GData = Trojan.Generic.KDV.210238 TheHacker = Trojan/Pirminay.ghu BitDefender = Trojan.Generic.KDV.210238 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:22 02:14:49-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 45056 Initialized Data Size : 655360 Uninitialized Data Size : 0 Entry Point : 0x7d9b OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2001.12.6930.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Fnxlkwcsa Osfmalkiqyr File Description : COM+ File Version : 2001.12.6930.16386 (flrcv_rtm.061101-2205) Internal Name : MIGREGDB.EXE Legal Copyright : © Rlvmbuxdd Ughwhixuplp. All rights reserved. Original Filename : MIGREGDB.EXE Product Name : Bxxoldwzl® Windows® Dclyoetek Ewfgso Product Version : 6.0.6000.16386
VirusTotal Report submitted 2011-07-30 02:08:12
VirusShare info last updated 2012-07-25 06:48:29

	MD5	909f45859e083b67c5802da0a1a08cf8
	SHA1	1dbfc5fda75b1d4a466ed2fad8eda37e9010bd38
	SHA256	77f24478878219faac4b11ee87ddbca63377dbab18403e64bd31241d8e939ca9
SSDeep	6144:WmYpqyWsFU90vrvC/rorym+Q/PsbakYyt9cWlh7wZytqSxdQZKjuhDoSf:WHTq0elr74CQsjkoSf
Size	698730 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.ULPM.Gen Avast = Win32:Trojan-gen Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Gen.Variant.Vundo AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/CI.A Rising = Trojan.Win32.Generic.128CCD8E nProtect = Trojan/W32.Agent.698730 K7AntiVirus = Trojan VirusBuster = Trojan.Pirminay!wdm4SN2MqhM VBA32 = Trojan.Pirminay.enc TrendMicro-HouseCall = TROJ_GEN.R1BC2H7 Comodo = Packed.Win32.MUPX.Gen Emsisoft = Gen.Variant.Vundo!IK McAfee-GW-Edition = Heuristic.BehavesLike.Win32.ModifiedUPX.J!81 DrWeb = Trojan.DownLoader4.39455 TrendMicro = TROJ_GEN.R1BC2H7 Kaspersky = Trojan.Win32.Pirminay.enc Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Pirminay.ENC!tr Jiangmin = Trojan/Pirminay.pp McAfee = Suspect-BA!909F45859E08 F-Secure = Trojan.Generic.KDV.168873 VIPRE = Trojan.Win32.Generic.pak!cobra Avast5 = Win32:Vundo-JU [Trj] AVG = Generic21.BPPC Norman = W32/Obfuscated.L Sophos = Mal/Generic-L GData = Trojan.Generic.KDV.168873 Symantec = Trojan.Gen TheHacker = Trojan/Pirminay.enc BitDefender = Trojan.Generic.KDV.168873 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:13 05:08:05-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 249856 Initialized Data Size : 4096 Uninitialized Data Size : 446464 Entry Point : 0x5372 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2011-09-03 01:08:36
VirusShare info last updated 2012-07-25 06:51:44

	MD5	92870f677e62e230679da35d124e4761
	SHA1	52ac9cd840c928e7534d5398e36256a4d1f9096e
	SHA256	802b0110c8ac5a2223e650038ca25f9ff3ce7183fa8f4462f572e238d140bc0b
SSDeep	6144:XMFw/IpaoDLHkKiBMQlpSSFIpsyETi6/Tix9ib2/KqCsSzHm7Ityrl:XMF2IpBgKwMQb/IpL8biayM5il
Size	348124 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dldr.Ponmocup.A.252 Avast = Win32:Kryptik-CFU [Trj] Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Pirminay.348124 Panda = Trj/CI.A nProtect = Trojan/W32.Pirminay.348124 K7AntiVirus = Riskware VirusBuster = Trojan.Agent!BtFsdyFYThI TrendMicro-HouseCall = TROJ_GEN.R21C1FK Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Pirminay.hcx SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[RE] McAfee-GW-Edition = Generic Downloader.x!fys DrWeb = Trojan.Hosts.303 TrendMicro = TROJ_GEN.R21C1FK Kaspersky = Trojan.Win32.Pirminay.hcx Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = PossibleThreat PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.acu McAfee = Generic Downloader.x!fys F-Secure = Trojan.Generic.KDV.213055 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Vundo-JU [Trj] F-Prot = W32/Ponmocup.A.gen!Eldorado AVG = Dropper.Generic3.BNZP Norman = W32/Suspicious_Gen2.MPHMI Sophos = Mal/Ponmocup-A GData = Trojan.Generic.KDV.213055 Symantec = Trojan.Gen Commtouch = W32/Ponmocup.A.gen!Eldorado TheHacker = Trojan/Pirminay.gkh BitDefender = Trojan.Generic.KDV.213055 NOD32 = a variant of Win32/Injector.FXK
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:08:30 11:51:07-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 323584 Initialized Data Size : 323584 Uninitialized Data Size : 0 Entry Point : 0x4c4f3 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Gankeyeeu Fosmhkswffh File Description : Common halftone Color Adjustment Dialogs File Version : 5.1.2600.0 (htumrqub.010817-1148) Internal Name : HTUI.DLL Legal Copyright : © Echziapzn Nbpzrpgraxw. All rights reserved. Original Filename : HTUI.DLL Product Name : Nuhvhmxxm® Znkrbdl® Wnkncwsql Jkaunp Product Version : 5.1.2600.0
VirusTotal Report submitted 2011-08-27 07:59:51
VirusShare info last updated 2012-07-25 06:53:48

	MD5	983843db8708177a6e3da3536362a5f0
	SHA1	d9b133d858a5e984b3118b702a760e5c4200c4f6
	SHA256	80492da5f56b1e127846f7e31d2157c35e50a47f43c7f520c8d4c004dd2007f5
SSDeep	6144:K9Wo3oBIuIbUf0ktBOKzfXYsMD7+zYBqQ1AD4dYA9:KweprYD2KzXYsQ7+zYt1Y69
Size	295047 bytes
File Type	MS-DOS executable
Detections	Avast = Win32:Trojan-gen Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan-Downloader.Win32.Ponmocup Panda = Trj/CI.A K7AntiVirus = Trojan VBA32 = Trojan.Pirminay.aza Comodo = UnclassifiedMalware McAfee-GW-Edition = Artemis!983843DB8708 ViRobot = Trojan.Win32.Pirminay.326144 Fortinet = W32/Pirminay.AZA!tr PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.fl McAfee = Artemis!983843DB8708 Prevx = High Risk Cloaked Malware Avast5 = Win32:Trojan-gen AVG = FakeAV.FEI Symantec = Trojan.Gen GData = Trojan.Generic.KDV.62138 TheHacker = Trojan/Kryptik.hzv BitDefender = Trojan.Generic.KDV.62138 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	Error : Unknown file type
VirusTotal Report submitted 2011-02-22 15:01:44
VirusShare info last updated 2012-07-25 07:00:02

	MD5	990ac88338bfebb7d5489641059c5468
	SHA1	18fd94c069465b6e93fa479d56935386b21adc5f
	SHA256	a8d2cff55b113d36a88c036ffcf33b41ac52073cf365962ca2285e28fc06749f
SSDeep	6144:b/VJmfC0G9r69IUjJIBb59VOI27P+kgGws62uZukRX4iMyVPzXfVvE5YEdJWqU:b/VJmfC0GkpJIt59VOI2j+/GXduu6X4+
Size	365101 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:Pirminay-W [Trj] Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Pirminay.365101 Panda = Trj/CI.A nProtect = Trojan/W32.Pirminay.365101 K7AntiVirus = Riskware VirusBuster = Trojan.Agent!wWzOKfPZuS4 VBA32 = Trojan.Pirminay.gyb TrendMicro-HouseCall = TROJ_GEN.R21C2F3 Comodo = TrojWare.Win32.Trojan.Agent.Gen Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Heuristic.BehavesLike.Win32.Downloader.H TrendMicro = TROJ_GEN.R21C2F3 Kaspersky = Trojan.Win32.Pirminay.gyb Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Ponmocup.A PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.xg McAfee = Generic Downloader.x!fyt ClamAV = Trojan.Pirminay-1 F-Secure = Trojan.Generic.5867365 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Pirminay-W [Trj] F-Prot = W32/Ponmocup.A.gen!Eldorado AVG = Generic22.AFGV Norman = W32/Suspicious_Gen2.MPFAK Sophos = Mal/Ponmocup-A Symantec = Trojan.Gen GData = Trojan.Generic.5867365 Commtouch = W32/Ponmocup.A.gen!Eldorado TheHacker = Trojan/Pirminay.giu BitDefender = Trojan.Generic.5867365 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:18 11:12:37-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 57344 Initialized Data Size : 593920 Uninitialized Data Size : 0 Entry Point : 0xae8f OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 9.1.1.3841 Product Version Number : 9.1.1.3841 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Ijlmnyuen Caxlrympeju File Description : Kbhqrel Media Services HTTP Control Protocol Plugin Property Page File Version : 9.01.01.3841 (srv03_sp2_rtm.070216-1710) Internal Name : WMSHTTPControlPropPage.Dll Legal Copyright : © Ylqzeicer Peheyysfnid. All rights reserved. Original Filename : WMSHTTPControlPropPage.Dll Product Name : Qehnslxou® Ctogeij Media Services Product Version : 9.01.01.3841
VirusTotal Report submitted 2011-08-16 15:47:07
VirusShare info last updated 2012-07-25 07:00:56

	MD5	9a02a24a4ee55f715366a39525f953b4
	SHA1	438823e7bdad4a7bc7ac5de7ca3e3d602c1b1961
	SHA256	56effaf46a880544cf0be5b4e31526de34b2c70317244a2e4fb2cbfe9a661c0c
SSDeep	6144:IZKTCDjPmESoRDswAaOtrGHzBFBb0RBJXsgiGU3nEcN6zgti4aUTG8m7Hj:GKqyTX/1CBFBb0RD1L0n/tNDmH
Size	353408 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.11.16 Avast = Win32:Dropper-gen [Drp] Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Pirminay.353408 Panda = Trj/CI.A nProtect = Trojan/W32.Pirminay.353408 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!/uuunvRnHlc TrendMicro-HouseCall = TROJ_GEN.R21C2F3 Comodo = TrojWare.Win32.Trojan.Agent.Gen Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Heuristic.BehavesLike.Win32.Downloader.H TrendMicro = TROJ_GEN.R21C2F3 Kaspersky = Trojan.Win32.Pirminay.gws Microsoft = TrojanDownloader:Win32/Ponmocup.A PCTools = Trojan.Milicenso Jiangmin = Trojan/Pirminay.xh McAfee = Generic Downloader.x!fys F-Secure = Gen:Variant.Riern.1 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Dropper-gen [Drp] AVG = Generic22.AFVT Norman = W32/Suspicious_Gen2.MPFJA Sophos = Mal/Generic-L Symantec = Trojan.Milicenso GData = Gen:Variant.Riern.1 TheHacker = Trojan/Pirminay.gjb BitDefender = Gen:Variant.Riern.1 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:04:24 15:26:31-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 40960 Initialized Data Size : 614400 Uninitialized Data Size : 0 Entry Point : 0x6ea7 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.6914.0 Product Version Number : 6.1.6914.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 1 Language Code : English (U.S.) Character Set : Unicode Company Name : SEIKO EPSON CORPORATION File Description : EPSON Printer Driver File Version : 6.1.6914.0 (fbl_dox_dev_ihvs.081001-2123) Internal Name : ep0lvr1i.dll Legal Copyright : Copyright (c) SEIKO EPSON CORPORATION 2003-2004. All rights reserved. Original Filename : ep0lvr1i.dll Product Name : EPSON Printer Driver Product Version : 6.1.6914.0
VirusTotal Report submitted 2011-08-04 09:01:47
VirusShare info last updated 2012-07-25 07:01:52

	MD5	9a68120e811e8681ff5bf716a465fcb7
	SHA1	ace9c51554199cdd0a45d8cfb181cc4b01713a50
	SHA256	e7b04cc88e4010b8cd5c570323677f5789ced9fdb46abf1bcdc618a846c98bba
SSDeep	12288:PRPq3pNUk7+2xObwM/XaLGuK4oXKTKHq0Hw:oMF/bwM/XkK4oae6
Size	487976 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	Avast = Win32:Pirminay-W Antiy-AVL = Trojan/win32.agent.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.ADH Panda = Trj/CI.A TrendMicro-HouseCall = TROJ_GEN.R01C2FF Comodo = UnclassifiedMalware McAfee-GW-Edition = Heuristic.BehavesLike.Win32.Suspicious.H TrendMicro = TROJ_GEN.R01C2FF Microsoft = TrojanDownloader:Win32/Ponmocup.A PCTools = Trojan.ADH McAfee = Artemis!9A68120E811E F-Secure = Trojan.Generic.KDV.236720 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Pirminay-W eSafe = Win32.Kryptik.Lxf AVG = SHeur3.CBUH Norman = W32/Obfuscated.L Sophos = Mal/Generic-L Symantec = Trojan.ADH GData = Trojan.Generic.KDV.236720 TheHacker = Trojan/Kryptik.lxf BitDefender = Trojan.Generic.KDV.236720 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:07:31 20:14:36-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 462848 Initialized Data Size : 327680 Uninitialized Data Size : 0 Entry Point : 0x6e16f OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.0.50727.312 Product Version Number : 2.0.50727.312 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Pyskzrqbp Oqpdwhrdwwk File Description : .NET Framework File Version : 2.0.50727.312 (rtmLHS.050727-3100) Internal Name : system.transactions.dll Legal Copyright : © Qjvowuxqf Mxgfkkpsufy. All rights reserved. Original Filename : system.transactions.dll Product Name : Rjrkdblfu® .NET Framework Product Version : 2.0.50727.312 Comments : Flavor=Retail
VirusTotal Report submitted 2011-06-23 18:02:11
VirusShare info last updated 2012-07-25 07:02:18

	MD5	9ae0b1a298e260138c8660e8d0cbe726
	SHA1	5a6f82f5429ab8e812647bbd31dd31d7bd5c03c9
	SHA256	a0c6c0f30f04f3f902a1aa44eaee572dc227e241a6d6e54017581e87a65dd555
SSDeep	6144:o3LN/JyVAvDOXkRfLf8AECeiO7h4qJ5ElWaEqxYtYlnZUI4muZCU:ALNByVAiURfLfV5HMKqJ5El3sGChmuV
Size	327065 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dldr.Ponmocup.A.59 Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Pirminay.gen Panda = Suspicious file nProtect = Trojan.Generic.5543445 VBA32 = SScope.Trojan.Pirminay.chc McAfee-GW-Edition = Downloader-CEW.ag Microsoft = TrojanDownloader:Win32/Renos.KC PCTools = Trojan.Gen McAfee = Downloader-CEW.ag F-Secure = Trojan.Generic.5543445 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Pirminay-H AVG = Downloader.Generic10.CCNZ Sophos = Mal/Ponmocup-A Symantec = Trojan.Gen GData = Trojan.Generic.5543445 BitDefender = Trojan.Generic.5543445 NOD32 = probably a variant of Win32/TrojanDownloader.Agent.JHUVMSL
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:08:19 16:51:54-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 69632 Initialized Data Size : 512000 Uninitialized Data Size : 0 Entry Point : 0x10d70 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7000.0 Product Version Number : 6.1.7000.0 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : Neutral Character Set : Unicode Comments : Tablet and Ink Services and Controls Company Name : Microsoft Corporation File Description : Microsoft Tablet PC API Publisher Policy File Version : 6.1.7000.0 Internal Name : Policy.1.0.Microsoft.Ink.dll Legal Copyright : Copyright (c) Microsoft Corporation. All rights reserved. Original Filename : Policy.1.0.Microsoft.Ink.dll Product Name : Microsoft (R) Windows (R) Operating System Product Version : 6.1.7000.0 Assembly Version : 6.1.0.0
VirusTotal Report submitted 2011-06-21 19:41:53
VirusShare info last updated 2012-07-25 07:02:50

	MD5	9bf8ca9d55ba9d3090902bd41d2a8db8
	SHA1	069e081947b6e5e966a0d60430d96b61850fa6fa
	SHA256	28b54148fd2cdf0fd778be9aa670c6255f1dd6f20337718b2124228c41d00ea9
SSDeep	6144:zF94M0MnugheDYP8wKTVlvK+6nJYg1KTtDQtVZRVfuWD7lhQz7lXmzDz13m:f4T/DaKZlv761KTtD2Z7fh7lhaXmz9W
Size	347298 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Pirminay.bvf Avast = Win32:Trojan-gen Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Suspicious file Rising = Trojan.Win32.Generic.1272F491 nProtect = Gen:Variant.Buzy.1711 K7AntiVirus = Riskware VBA32 = SScope.Trojan.Pirminay.chc TrendMicro-HouseCall = TROJ_GEN.R3EC1AS Comodo = UnclassifiedMalware Emsisoft = Trojan.Pirminay!IK CAT-QuickHeal = TrojanDownloader.Ponmocup.a McAfee-GW-Edition = Heuristic.BehavesLike.Win32.Suspicious.H TrendMicro = TROJ_GEN.R3EC1AS Kaspersky = Trojan.Win32.Pirminay.djf Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = PossibleThreat PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.hw McAfee = Downloader-CEW.ag F-Secure = Trojan.Generic.KDV.113490 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Trojan-gen eSafe = Win32.TRPirminay.Bvf AVG = FakeAV.IGG Norman = W32/Obfuscated.L Sophos = Mal/Generic-L Symantec = Trojan.Gen GData = Trojan.Generic.KDV.113490 TheHacker = Trojan/Downloader.Agent.pxo BitDefender = Trojan.Generic.KDV.113490 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2004:10:30 05:06:34-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 331776 Initialized Data Size : 307200 Uninitialized Data Size : 0 Entry Point : 0x51c5c OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Network object shell UI File Version : 6.0.6000.16386 (vista_rtm.061101-2205) Internal Name : ntlanui2 Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : ntlanui2.dll Product Name : Microsoft® Windows® Operating System Product Version : 6.0.6000.16386
VirusTotal Report submitted 2011-07-10 01:37:07
VirusShare info last updated 2012-07-25 07:04:07

	MD5	9ebd7893505b2f1f6630a3df9aae3927
	SHA1	1c928bf138253df7584c60ced748115600c0274f
	SHA256	3646a94a3a847188a78322e5cb69ad7213fc767967250b0484cd94a0f5e24e95
SSDeep	12288:A8SfS+LlAXLGNxxJROWRJzYDOTa0/oqgk:wfS+LlCaxROE9aO
Size	393860 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:Trojan-gen Antiy-AVL = Trojan/Win32.Agent.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Pirminay.393860 Panda = Trj/Swisyn.I nProtect = Trojan-Downloader/W32.Agent.393860 K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_GEN.R21C2F3 Comodo = TrojWare.Win32.Trojan.Agent.Gen Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = TrojanDownloader.Agent.gnkp McAfee-GW-Edition = Heuristic.BehavesLike.Win32.Downloader.H TrendMicro = TROJ_GEN.R21C2F3 Kaspersky = Trojan-Downloader.Win32.Agent.gnkp Microsoft = TrojanDownloader:Win32/Ponmocup.A PCTools = Trojan.Gen Jiangmin = TrojanDownloader.Agent.dndg McAfee = Generic Downloader.x!fys F-Secure = Trojan.Generic.5857800 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Downloader-GXM [Trj] AVG = SHeur3.BXXH Norman = W32/Suspicious_Gen2.MQCSC Sophos = Mal/Generic-L Symantec = Trojan.Gen GData = Trojan.Generic.5857800 TheHacker = Trojan/Downloader.Agent.gloy BitDefender = Trojan.Generic.5857800 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:22 16:23:41-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 61440 Initialized Data Size : 643072 Uninitialized Data Size : 0 Entry Point : 0xc4db OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7000.0 Product Version Number : 6.1.7000.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 2 Language Code : Neutral Character Set : Unicode Company Name : Microsoft Corporation File Description : Bengali Keyboard Layout File Version : 6.1.7000.0 (winmain_win7beta.081212-1400) Internal Name : kbdinben (3.13) Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : kbdinben.dll Product Name : Microsoft® Windows® Operating System Product Version : 6.1.7000.0
VirusTotal Report submitted 2011-08-13 16:50:50
VirusShare info last updated 2012-07-25 07:07:04

	MD5	a050f2e0b9ed447a855b62d1d9559978
	SHA1	439394a14ef0b6ebbf7691d04fa33d699f8ecbf3
	SHA256	e302a7c3136a6520e31a7833384907f0b6493bbee3c778cdb08d05e6187c6047
SSDeep	6144:+IGqWWcKC+hIp0nCeuQDIRIc6ciNLviND1B3cwwGwfhwOr1+Fwb66OEvkHU:pGS8+h1C7Rv0LviND73/vgwWWwHOEkHU
Size	358476 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dldr.Ponmocup.A.290 Avast = Win32:Downloader-HYX [Trj] Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/CI.A nProtect = Trojan/W32.Pirminay.358476 K7AntiVirus = Riskware VirusBuster = Trojan.Agent!Uv4gB6tHgY4 VBA32 = SScope.Trojan.Pirminay.chc TrendMicro-HouseCall = TROJ_GEN.R72C2FL Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Pirminay.ium SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[RE] McAfee-GW-Edition = Artemis!A050F2E0B9ED DrWeb = Trojan.DownLoader4.6538 TrendMicro = TROJ_GEN.R72C2FL Kaspersky = Trojan.Win32.Pirminay.ium Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Pirminay.IUM!tr PCTools = Trojan.ADH Jiangmin = Trojan/Pirminay.adr McAfee = Artemis!A050F2E0B9ED F-Secure = Gen:Trojan.Heur.RP.vmLfaeODjfii VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Downloader-HYX [Trj] eSafe = Win32.TRDldr.Ponmocu AVG = Generic23.DTJ Norman = W32/Suspicious_Gen2.NISDD Sophos = Mal/Generic-L Symantec = Trojan.ADH GData = Gen:Trojan.Heur.RP.vmLfaeODjfii TheHacker = Trojan/Pirminay.ihb BitDefender = Gen:Trojan.Heur.RP.vmLfaeODjfii NOD32 = probably a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2007:03:01 02:34:56-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 356352 Initialized Data Size : 4096 Uninitialized Data Size : 458752 Entry Point : 0xc7950 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.3959 Product Version Number : 5.2.3790.3959 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 262148 Language Code : English (U.S.) Character Set : Unicode Company Name : Ajkpojekw Uzuihmqmpwc File Description : Terminal Server Connection Configuration Extension for the RDP protocol File Version : 5.2.3790.3959 (srv03_sp2_rtm.070216-1710) Internal Name : RDPCFGEX Legal Copyright : © Sdethfxus Bdmwacpoosa. All rights reserved. Original Filename : RDPCFGEX.DLL Product Name : Hsayolbwf® Mmeejdr® Wbcyivftk Tkqmlq Product Version : 5.2.3790.3959
VirusTotal Report submitted 2011-07-21 09:30:06
VirusShare info last updated 2012-07-25 07:08:48

	MD5	a2057baab35ac0844f3ebdc373c9b67f
	SHA1	a45a8e849f15a4e1d8c973e157869b29bed0f43c
	SHA256	b2c7a17659d664b47596dd667e3ba456e39ad05fbaae84e08607f17f23216cef
SSDeep	6144:BWlTvMIor27eYO0tarC6nSOulm1B8IYZeSsI/rABvc:EzL7aVnSJm1tYZ9sUrABU
Size	320011 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.11.27 Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Packed/Win32.Generic Panda = Generic Trojan K7AntiVirus = Trojan VBA32 = Trojan.Pirminay.iaa TrendMicro-HouseCall = TROJ_GEN.R4FC1IK Comodo = TrojWare.Win32.Trojan.Agent.Gen Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Pirminay.iaa SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Generic Downloader.x!fyy DrWeb = Trojan.DownLoader4.60303 TrendMicro = TROJ_GEN.R4FC1IK Kaspersky = Trojan.Win32.Pirminay.iaa Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Kryptik.ANL!tr PCTools = HeurEngine.MaliciousPacker Jiangmin = Trojan/Pirminay.afd McAfee = Generic Downloader.x!fyy F-Secure = Gen:Variant.Vundo.11 VIPRE = Trojan.Win32.Generic!BT eSafe = Win32.GenVariant.Vun AVG = Generic22.CGKM Norman = W32/Obfuscated.L Sophos = Mal/Generic-L Symantec = Packed.Generic.305 GData = Gen:Variant.Vundo.11 TheHacker = Trojan/Pirminay.iaa BitDefender = Gen:Variant.Vundo.11 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2004:08:06 15:50:45-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 12288 Initialized Data Size : 593920 Uninitialized Data Size : 0 Entry Point : 0x3026 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Unicode Company Name : Yyzxdwrgr Uidbxjsajsr File Description : FIPS Crypto Driver File Version : 5.1.2600.0 (bimjkrgj.010817-1148) Internal Name : fips.sys Legal Copyright : © Gbocaqjuo Gbxizzxmscz. All rights reserved. Original Filename : fips.sys Product Name : Uadmvcwxm® Vuobbye® Operating System Product Version : 5.1.2600.0
VirusTotal Report submitted 2011-10-18 23:37:16
VirusShare info last updated 2012-07-25 07:10:42

	MD5	a845120b84bba56214bc52f9b5419371
	SHA1	aee3cd619b820d042a8752c149c41f9f69a58730
	SHA256	dc852d906c983b22a8559c53d2758df3d7164b3e3175398a60cfc49e7af976a9
SSDeep	3072:RKE5gg0hoOweiOLVC7kXYV7Gr7519/yOYhsv6IfLvjKQd0QKL9Uw:8ER0yvuVI87515fYhsv/Djd0b+w
Size	130560 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/VB.Downloader.Gen Avast = Win32:Hosts-J Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Swisyn Panda = Trj/Qhost.LU Rising = Trojan.Win32.QHost.awf nProtect = Trojan/W32.QHosts.130560 K7AntiVirus = Trojan VirusBuster = Trojan.Swisyn!whPY1JLc4mw VBA32 = SScope.Trojan.VB.0609 eTrust-Vet = Win32/Swisyn.R TrendMicro-HouseCall = TROJ_FAM_00001e3.TOMA Comodo = TrojWare.Win32.Swisyn.C CAT-QuickHeal = TrojanDownloader.Ponmocup.A3 SUPERAntiSpyware = Trojan.Agent/Gen-HackHost McAfee-GW-Edition = Heuristic.BehavesLike.Win32.Downloader.A DrWeb = Trojan.Hosts.303 TrendMicro = TROJ_FAM_00001e3.TOMA Kaspersky = Trojan.Win32.Swisyn.jyb Microsoft = TrojanDownloader:Win32/Ponmocup.A ViRobot = Trojan.Win32.Swisyn.65024 Fortinet = W32/Swisyn.CQV!tr PCTools = Malware.Changeup Jiangmin = Trojan/Swisyn.cby McAfee = Swisyn.s F-Secure = Trojan.QHosts.AVD VIPRE = Trojan.Win32.Swisyn.jyb (v) Avast5 = Win32:Hosts-J F-Prot = W32/Swisyn.E.gen!Eldorado AVG = Dropper.VB.CMD Norman = W32/DLoader.ACMAD Sophos = Mal/Swisyn-D Symantec = W32.Changeup!gen GData = Trojan.QHosts.AVD Commtouch = W32/Swisyn.E.gen!Eldorado TheHacker = Trojan/Swisyn.jyb BitDefender = Trojan.QHosts.AVD NOD32 = Win32/Qhost.NRX
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:13 10:28:38-04:00 PE Type : PE32 Linker Version : 6.0 Code Size : 8192 Initialized Data Size : 8192 Uninitialized Data Size : 0 Entry Point : 0x1088 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2011-07-03 22:56:49
VirusShare info last updated 2012-07-25 07:17:37

	MD5	a8d0ff375fe4a06fecee6159882bba85
	SHA1	83d17e32ff1df6a80e985adb3eb69ea0a7568183
	SHA256	905b9cdead636346f610f00089c2964c5508cf3e32e6fcf0044adc9fb48cfbd1
SSDeep	6144:Dt1zky81aQBqRuogHlshnM28lRb5w8R9Ij2Ny81toqisS0SWDByhL:pCRlFsm9RbE2hTfSwUL
Size	319884 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Spy.ZBot.34.54 Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Pirminay.319884 Panda = Trj/CI.A Rising = Trojan.Win32.Generic.128D84D1 nProtect = Trojan/W32.Pirminay.319884 K7AntiVirus = Riskware VirusBuster = Trojan.Injector!cUdcFsr/ePY VBA32 = Trojan.Pirminay.kaj TrendMicro-HouseCall = TROJ_GEN.R21C2HA Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Pirminay.iln McAfee-GW-Edition = Artemis!A8D0FF375FE4 DrWeb = Trojan.DownLoader4.46304 TrendMicro = TROJ_GEN.R21C2HA Kaspersky = Trojan.Win32.Pirminay.iln Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Pirminay.ILN!tr PCTools = Trojan.Gen McAfee = Artemis!A8D0FF375FE4 F-Secure = Gen:Variant.Zbot.34 VIPRE = Trojan.Win32.Generic!BT F-Prot = W32/Ponmocup.A.gen!Eldorado AVG = Dropper.Generic3.CDRU Norman = W32/Obfuscated.L Sophos = Mal/Generic-L GData = Gen:Variant.Zbot.34 Symantec = Trojan.Gen Commtouch = W32/Ponmocup.A.gen!Eldorado TheHacker = Trojan/Pirminay.kaj BitDefender = Gen:Variant.Zbot.34 NOD32 = a variant of Win32/Injector.FXK
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:04:09 23:11:22-04:00 PE Type : PE32 Linker Version : 6.0 Code Size : 299008 Initialized Data Size : 290816 Uninitialized Data Size : 0 Entry Point : 0x45e03 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1.0.0.49 Product Version Number : 1.0.0.49 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 6 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : Marvell Semiconductor, Inc File Description : ExtSta NDIS 6.0 driver File Version : 1.00.00.49 Product Version : 1.00.00.49 Internal Name : MRVW13B.SYS Original Filename : MRVW13B.SYS Legal Copyright : Copyright 2005-2006, Marvell All Rights Reserved. Legal Trademarks : Private Build : Product Name : Device driver for Marvell 802.11 NIC Special Build :
VirusTotal Report submitted 2011-09-28 23:27:53
VirusShare info last updated 2012-07-25 07:18:07

	MD5	a9c0ad1336c2c7e41d7ac0e885185b85
	SHA1	7dc50baf5a0da40641e3ec1cc7ff623e5b99a2cd
	SHA256	6372122be6dbfb78c00192a14f5d0ad4194a107f6431f6bbd936540d4f24d79f
SSDeep	6144:c19zHEQWexIGeWV3anZOxJGpn/34tgF405yTigTkhqI9cBJBYPWpkLfYDn:crkHexIdwaAJW/otg405yT7khuBJB26
Size	349198 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dldr.Ponmocup.A.285 Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay Rising = Trojan.Win32.Generic.128A66DE nProtect = Trojan/W32.Pirminay.349198 VBA32 = Trojan.Pirminay.ifp TrendMicro-HouseCall = TROJ_GEN.R47C2FJ Comodo = TrojWare.Win32.Trojan.Agent.Gen Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Pirminay.ifp DrWeb = Trojan.DownLoader3.31121 TrendMicro = TROJ_GEN.R47C2FJ Kaspersky = Trojan.Win32.Pirminay.ifp Microsoft = TrojanDownloader:Win32/Ponmocup.A PCTools = Downloader.Generic McAfee = Downloader.a!k F-Secure = Trojan.Generic.6188836 VIPRE = FraudTool.Win32.AVSoft (v) Avast5 = Win32:Malware-gen Sophos = Mal/Generic-L Symantec = Downloader GData = Trojan.Generic.6188836 BitDefender = Trojan.Generic.6188836 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2007:01:23 17:34:15-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 348160 Initialized Data Size : 4096 Uninitialized Data Size : 475136 Entry Point : 0xc9510 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2001.12.4414.42 Product Version Number : 3.0.0.4414 File Flags Mask : 0x003f File Flags : Special build File OS : Win32 Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Windows, Latin1 Company Name : Hovobxtio Bfnyvtepbwj File Version : 2001.12.4414.42 Internal Name : MTXREPL.EXE Legal Copyright : Copyright (C) Qzjxyowrw Corp. 1995-1999 Legal Trademarks : Iwuvusifc(R) is a registered trademark of Suskizwir Rbexstccxuz. Xgipaqk(TM) is a trademark of Anlmmsrta Vgtryincodh Product Name : COM Services Product Version : 03.00.00.4414
VirusTotal Report submitted 2011-08-23 19:36:35
VirusShare info last updated 2012-07-25 07:19:13

	MD5	ac89882ac014d841134415f11b328330
	SHA1	d04f18d8519d79138a4ff39424e253580722de87
	SHA256	04cd455eb00ed94b3ad46ed41f62cec412db998b45b1f8e2692e7d61288bcd53
SSDeep	6144:00bzWMBY9iLFLwQ1eIr1B22G7qddog4qWUWOCT/o5alf/sjP13bTMG:zop8ENq0965i0j1P
Size	393746 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dldr.Ponmocup.A.253 Avast = Win32:Kryptik-CNK Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay nProtect = Trojan.Generic.5950420 Microsoft = TrojanDownloader:Win32/Ponmocup.A Avast5 = Win32:Kryptik-CNK AVG = SHeur3.BZVF GData = Trojan.Generic.5950420 TheHacker = Trojan/Pirminay.hge BitDefender = Trojan.Generic.5950420 NOD32 = a variant of Win32/Kryptik.NDZ
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:10:31 23:14:28-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 32768 Initialized Data Size : 692224 Uninitialized Data Size : 0 Entry Point : 0x5dd6 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.4.22.0 Product Version Number : 0.4.22.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : Intel Corp./ICP vortex GmbH File Description : Intel/ICP Raid Storport Driver File Version : 5.4.22.0 Internal Name : iirsp.sys Legal Copyright : Copyright © 2002-05 Intel Corp./ICP vortex GmbH Legal Trademarks : Original Filename : iirsp.sys Private Build : Product Name : Intel/ICP Raid Storport Driver Product Version : 4.22.0 Special Build :
VirusTotal Report submitted 2011-05-25 21:56:18
VirusShare info last updated 2012-07-25 07:22:18

	MD5	b37b55ef84664f0d3ce75531f3d26d65
	SHA1	a9e1f9399dea66a07de56f8dadfdb059c86a5803
	SHA256	b5fd0458a41867721d4700a1334e2b3967b4fc5166d4e6413cbd9d082d802d8c
SSDeep	6144:kXXM0vN4Sj2jsHdD0qn+kgY4xUDdLuwJPzs30N9UJZDc64O8hIpaWwtbBlO4grcN:CISHGejDxJPzkgGJZDchOT1Wari
Size	434625 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Spy.ZBot.34.33 Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Jorik.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Pirminay.434625.B Panda = Trj/CI.A nProtect = Gen:Variant.Zbot.34 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!J/hNUFicRhk TrendMicro-HouseCall = TROJ_GEN.R3EC2HA Emsisoft = Trojan.Win32.Pirminay!IK Comodo = TrojWare.Win32.Kryptik.NHM SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[RE] McAfee-GW-Edition = Heuristic.BehavesLike.Win32.Downloader.H DrWeb = Trojan.DownLoader4.45401 TrendMicro = TROJ_GEN.R3EC2HA Kaspersky = UDS:DangerousObject.Multi.Generic Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = PossibleThreat PCTools = Trojan.ADH Jiangmin = Trojan/Generic.fhom F-Secure = Gen:Variant.Zbot.34 VIPRE = Trojan.Win32.Generic!SB.0 Avast5 = Win32:Malware-gen AVG = SHeur3.BYHL Norman = W32/Obfuscated.L Sophos = Mal/Generic-L GData = Gen:Variant.Zbot.34 Symantec = Trojan.ADH.2 TheHacker = Trojan/Kryptik.nhm BitDefender = Gen:Variant.Zbot.34 NOD32 = a variant of Win32/Kryptik.NHM
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:20 15:12:15-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 413696 Initialized Data Size : 356352 Uninitialized Data Size : 0 Entry Point : 0x65c9c OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Ddrswdyit Jztrfwchxgo File Description : DHCP Client Service File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : dhcpcsvc.dll Legal Copyright : © Gglqpmdrt Qmtqbeilwoi. All rights reserved. Original Filename : dhcpcsvc.dll Product Name : Lvvivotwg® Dmeiktz® Aukpzsdct Ivhogt Product Version : 6.1.7600.16385
VirusTotal Report submitted 2011-08-26 18:36:48
VirusShare info last updated 2012-07-25 07:30:06

	MD5	b848813e19d1c5653f11cded6441dd22
	SHA1	bc4f3f5eeb5e8b4cfebb3710bdd1dde4ac35f9c2
	SHA256	9680c5834db387243d2f05b424bdbf2603156c80e95af9f4d460898fd861f961
SSDeep	6144:wvRTT8iwlz7IK/gEpQGAC3yVjChP06uBgqQhQxLY6m+RprldcrcgD8T:YIf+vQyVA0jBtLY6dldcjD8T
Size	421287 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dldr.Ponmocup.A.306 Avast = Win32:Pirminay-BW [Trj] Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Pirminay.421287 Panda = Generic Trojan nProtect = Trojan/W32.Pirminay.421287 VirusBuster = Trojan.DL.Agent!HY1NJHX9A1M VBA32 = Trojan.Pirminay.ipl TrendMicro-HouseCall = TROJ_GEN.R47C2FQ Emsisoft = Trojan.Win32.Pirminay!IK Comodo = TrojWare.Win32.Trojan.Agent.Gen CAT-QuickHeal = Trojan.Pirminay.ipl McAfee-GW-Edition = Downloader.a!ep DrWeb = Trojan.DownLoader3.34130 TrendMicro = TROJ_GEN.R47C2FQ Kaspersky = Trojan.Win32.Pirminay.ipl Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Pirminay.IPL!tr PCTools = Adware.Lop!rem Jiangmin = Trojan/Pirminay.age McAfee = Downloader.a!ep F-Secure = Trojan.Generic.6157487 VIPRE = Trojan.Win32.Generic!SB.0 Avast5 = Win32:Pirminay-BW [Trj] AVG = SHeur3.CFLF Norman = W32/Obfuscated.L Sophos = Mal/Generic-L GData = Trojan.Generic.6157487 Symantec = Trojan.ADH TheHacker = Trojan/Pirminay.ipl BitDefender = Trojan.Generic.6157487 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:22 22:41:03-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 413696 Initialized Data Size : 8192 Uninitialized Data Size : 503808 Entry Point : 0xe0a00 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.0.2195.6628 Product Version Number : 5.0.2195.6628 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Sokzyppoa Bfncstqjuag File Description : ADs IIS Provider DLL File Version : 5.00.2195.6628 Internal Name : IIS Legal Copyright : Copyright (C) Aiazcfcdk Corp. 1981-1999 Original Filename : IIS Product Name : Ffmzgottq(R) Sjtmfjk (R) 2000 Operating Ifhdig Product Version : 5.00.2195.6628
VirusTotal Report submitted 2011-09-13 09:37:45
VirusShare info last updated 2012-07-25 07:35:34

	MD5	ba0821c70fbd2a8a61d392ac2f70f39c
	SHA1	3f4be5f0e2fea3cbddd3bcd0eade763f70769f6f
	SHA256	31d720e0bed98ec42f68c7621f8188c2876eedfaf59476ef51fcec8a94467ad2
SSDeep	6144:+6tONKkzGXOT8749jB/mCGdyIEyVh5GIjeX3f/Hc2dVStg5Aqpqf3rzr:+6tON3zG+T8E9N4Jv5GIq//Bd4l7f7zr
Size	335999 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/CI.A Rising = Trojan.Win32.Generic.128DE73F nProtect = Trojan/W32.Agent.335999 K7AntiVirus = Riskware VirusBuster = Trojan.Agent!4DjjY6wyUv0 VBA32 = Trojan.Pirminay.kuu TrendMicro-HouseCall = TROJ_GEN.R72C2FJ Comodo = TrojWare.Win32.Trojan.Agent.Gen Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Pirminay.kuu McAfee-GW-Edition = Downloader.a!fh DrWeb = Trojan.DownLoader4.46438 TrendMicro = TROJ_GEN.R72C2FJ Kaspersky = Trojan.Win32.Pirminay.kuu Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Ponmocup.A PCTools = Trojan.Gen Jiangmin = Trojan/Generic.gowm McAfee = Downloader.a!fh F-Secure = Trojan.Generic.6147116 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Malware-gen AVG = Generic22.CNFT Norman = W32/Suspicious_Gen2.OVTBK Sophos = Mal/Ponmocup-A GData = Trojan.Generic.6147116 Symantec = Trojan.Gen TheHacker = Trojan/Kryptik.llt BitDefender = Trojan.Generic.6147116 NOD32 = a variant of Win32/Kryptik.LLT
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2002:08:22 12:28:08-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 335872 Initialized Data Size : 4096 Uninitialized Data Size : 409600 Entry Point : 0xb60c0 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Jyhguogah Qfxydluqvxx File Description : DHCP Client Service File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : dhcpcsvc.dll Legal Copyright : © Fsicgstyd Qalyarmxnoi. All rights reserved. Original Filename : dhcpcsvc.dll Product Name : Isjsosxzm® Bybilfm® Kqhxswhoi Adkrxv Product Version : 6.1.7600.16385
VirusTotal Report submitted 2011-09-19 17:22:16
VirusShare info last updated 2012-07-25 07:37:52

	MD5	bac1872f8163504f17b1cda8ca5fc091
	SHA1	5894db450a9d3bccfe21f05c954d1f8e6c01778a
	SHA256	987c0d280510b0b9abf7ecc9dfccecbe3b32bd992d3d008e7ea2585767458680
SSDeep	6144:8YMzNIyGf7cUrOIHyKKfsVOv53ffR21a8+FgvJoF+xkLMHrjxvKO86XpOAA:8LzeF7c48KK0VK3fflgvJv0Krjxd5ZX
Size	344576 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Pirminay.igs Avast = Win32:Pirminay-AA Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.FakeAV Panda = Generic Trojan nProtect = Trojan/W32.Agent.344576.AQ K7AntiVirus = Trojan VirusBuster = Trojan.Pirminay!yJGxhA2K544 VBA32 = Trojan.Pirminay.igs Emsisoft = Trojan.Win32.Pirminay!IK Comodo = TrojWare.Win32.Trojan.Agent.Gen CAT-QuickHeal = Trojan.Pirminay.igs McAfee-GW-Edition = Generic.dx!zvl DrWeb = Trojan.DownLoader3.30191 Kaspersky = Trojan.Win32.Pirminay.igs Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Pirminay.A!tr PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.acq McAfee = Generic.dx!zvl F-Secure = Trojan.Generic.KDV.252040 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Pirminay-AA AVG = SHeur3.CEQZ Norman = W32/Obfuscated.L Sophos = Mal/Ponmocup-A Symantec = Trojan.Gen GData = Trojan.Generic.KDV.252040 TheHacker = Trojan/Pirminay.igs BitDefender = Trojan.Generic.KDV.252040 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2002:02:13 09:36:38-05:00 PE Type : PE32 Linker Version : 5.12 Code Size : 344064 Initialized Data Size : 4096 Uninitialized Data Size : 430080 Entry Point : 0xbd4a0 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.1830 Product Version Number : 5.2.3790.1830 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Hijffjufz Dnbpisvdfad File Description : Uottukvca® Lqpuylp(TM) PSched Performance Monitor File Version : 5.2.3790.1830 (srv03_sp1_rtm.050324-1447) Internal Name : PSched Performance Legal Copyright : © Iyenoyxhc Qdqncncmfyp. All rights reserved. Original Filename : PschdPrf.dll Product Name : Ezplbzazc® Yibljap® Sbpkvopbi Fgdthc Product Version : 5.2.3790.1830
VirusTotal Report submitted 2011-07-04 15:15:32
VirusShare info last updated 2012-07-25 07:38:39

	MD5	bdc8f2bae4a90abee35032a41706005e
	SHA1	06792c385dd2e6c84537852a002bd8835fdd7a22
	SHA256	8a56a18a3653b0e0faf9c6db8a25432ac6bb3f8065360fe5eefa88a573f40eae
SSDeep	6144:ADJUJivhzqzut+p+ISuVs6NeRK5D/U8hOR3KSPCuUxL1IOUX/5zs+4xGUHvU8/79:8UJiEauVs6nlUH95o1Ix/mEUHvj77rjp
Size	429248 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen2 Avast = Win32:Pirminay-BW [Trj] Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Pirminay.429248 Panda = Trj/CI.A nProtect = Trojan/W32.Pirminay.429248 K7AntiVirus = Riskware VirusBuster = Trojan.DR.Agent!sJ8f8lX+aR4 VBA32 = Trojan.Pirminay.ipw TrendMicro-HouseCall = TROJ_GEN.R72C3FJ Emsisoft = Trojan.Win32.Pirminay!IK Comodo = TrojWare.Win32.Trojan.Agent.Gen CAT-QuickHeal = Trojan.Pirminay.ipw McAfee-GW-Edition = Downloader.a!cx DrWeb = Trojan.MulDrop2.36782 TrendMicro = TROJ_GEN.R72C3FJ Kaspersky = Trojan.Win32.Pirminay.ipw Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.ADH Jiangmin = Trojan/Pirminay.ahg McAfee = Downloader.a!cx F-Secure = Trojan.Generic.6194514 VIPRE = Trojan.Win32.Generic!BT eSafe = Win32.TRDropper AVG = Dropper.Generic3.CHWC Norman = W32/Obfuscated.L Sophos = Troj/Virtum-Gen GData = Trojan.Generic.6194514 Symantec = Trojan.ADH.2 TheHacker = Trojan/Pirminay.ipw BitDefender = Trojan.Generic.6194514 NOD32 = probably a variant of Win32/Agent.HJKVWIE
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:03:27 05:48:37-05:00 PE Type : PE32 Linker Version : 5.12 Code Size : 425984 Initialized Data Size : 4096 Uninitialized Data Size : 532480 Entry Point : 0xead40 OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : Neutral Character Set : Unicode Company Name : Jspeaajbn Corporation File Description : JP Japanese Keyboard Layout for (NEC PC-9800 on PC98-NX) File Version : 5.1.2600.0 (uqxwemxg.010817-1148) Internal Name : kbdnecAT Legal Copyright : © Haftdgrbk Ztylgtrrqha. All rights reserved. Original Filename : kbdnecAT.dll Product Name : Ywiskrabi® Jfirpbj® Ulwdcjrif Nbkyzs Product Version : 5.1.2600.0
VirusTotal Report submitted 2011-10-21 17:52:20
VirusShare info last updated 2012-07-25 07:41:59

	MD5	be4caaceea94633bbc186a28775d3871
	SHA1	66fd52259a7716ec9ccecd281ed02d0f8c10aecc
	SHA256	ec7b83892eb8ca7dd6387c363bf39117022510ca85afcac86d6dc71c303fa923
SSDeep	6144:kbwA9xEbcqOjl+HzH+OZm5yUz8XEnqIuYyABEzjcgyy7+d3BHrVfGwdw:wwA9Cgqt+J5lz8XEnZyCEznCx1r9dG
Size	315904 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dldr.Ponmocup.A.293 Avast = Win32:Pirminay-BW [Trj] Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Pirminay.315904.B nProtect = Trojan/W32.Pirminay.315904 VirusBuster = Trojan.Pirminay!XaimYa6875s VBA32 = Trojan.Pirminay.ilu TrendMicro-HouseCall = TROJ_GEN.RC1C2FN Emsisoft = Trojan.Win32.Pirminay!IK Comodo = TrojWare.Win32.Trojan.Agent.Gen CAT-QuickHeal = Trojan.Pirminay.ilu SUPERAntiSpyware = Trojan.Agent/Gen-Faldesc[RE] McAfee-GW-Edition = Artemis!BE4CAACEEA94 DrWeb = Trojan.DownLoader3.33531 TrendMicro = TROJ_GEN.RC1C2FN Kaspersky = Trojan.Win32.Pirminay.ilu Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Pirminay.ILU!tr PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.adm McAfee = Artemis!BE4CAACEEA94 F-Secure = Trojan.Generic.6153327 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Pirminay-BW [Trj] eSafe = Win32.Kryptik.Llt AVG = Generic23.LPA Norman = W32/Obfuscated.L Sophos = Mal/Generic-L GData = Trojan.Generic.6153327 Symantec = Trojan.Gen.2 TheHacker = Trojan/Pirminay.ilu BitDefender = Trojan.Generic.6153327 NOD32 = a variant of Win32/Kryptik.LLT
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:15 01:48:23-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 307200 Initialized Data Size : 12288 Uninitialized Data Size : 446464 Entry Point : 0xb8800 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.5512 Product Version Number : 5.1.2600.5512 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Aesktmyeb Plxltpnvfcm File Description : Hnjothsmh Remote Assistance File Version : 5.1.2600.5512 (xpsp.080413-2108) Internal Name : RACPLDLG.DLL Legal Copyright : © Jyoevuubu Oapsxarkymt. All rights reserved. Original Filename : RACPLDLG.DLL Product Name : Mmhulndsy® Nohrqco® Kbpsqoofz Hqusis Product Version : 5.1.2600.5512
VirusTotal Report submitted 2011-09-13 09:49:18
VirusShare info last updated 2012-07-25 07:42:32

	MD5	c061952c43ca769dc1f9449510bb7aa9
	SHA1	ec10cd350d4f419808f18024349f535aebe11524
	SHA256	12d9797297d58c1438972a476656bb00265283822bcf865633a3523791d9cc54
SSDeep	12288:A8SfS+LlAXLGNxxJROWRJzYDOTa0/oqgV:wfS+LlCaxROE9a/
Size	393802 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:Trojan-gen Antiy-AVL = Trojan/Win32.Agent.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Pirminay.393802 Panda = Trj/Swisyn.I nProtect = Gen:Variant.Riern.1 K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_GEN.R21C2F3 Comodo = TrojWare.Win32.Trojan.Agent.Gen Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Heuristic.BehavesLike.Win32.Downloader.H TrendMicro = TROJ_GEN.R21C2F3 Kaspersky = Trojan-Downloader.Win32.Agent.gnku Microsoft = TrojanDownloader:Win32/Ponmocup.A PCTools = Trojan.Gen Jiangmin = TrojanDownloader.Agent.dndg McAfee = Generic Downloader.x!fys F-Secure = Trojan.Generic.5857800 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Downloader-GXM [Trj] AVG = SHeur3.BXXH Norman = W32/Suspicious_Gen2.MPFEU Sophos = Mal/Generic-L Symantec = Trojan.Gen GData = Trojan.Generic.5857800 TheHacker = Trojan/Downloader.Agent.gloy BitDefender = Trojan.Generic.5857800 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:22 16:23:41-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 61440 Initialized Data Size : 643072 Uninitialized Data Size : 0 Entry Point : 0xc4db OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7000.0 Product Version Number : 6.1.7000.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 2 Language Code : Neutral Character Set : Unicode Company Name : Microsoft Corporation File Description : Bengali Keyboard Layout File Version : 6.1.7000.0 (winmain_win7beta.081212-1400) Internal Name : kbdinben (3.13) Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : kbdinben.dll Product Name : Microsoft® Windows® Operating System Product Version : 6.1.7000.0
VirusTotal Report submitted 2011-08-16 15:36:34
VirusShare info last updated 2012-07-25 07:44:53

	MD5	c2b8e328c8a179f35fc914398b442fc9
	SHA1	addeb9d6a621f25c085d4516cfb03df23b745973
	SHA256	d571f54c840f4a6cb9507792687827f49b6929a76b97cb76f68ab6a785f8876c
SSDeep	6144:4uFvDx1mSbGydmgOckqys9LTiVsRmP9bN1Hz+HtNX68e:4ixoaJmgNkqBTfmVx1Hz+Ht6
Size	298980 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.XPACK.Gen2 Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Generic Trojan VirusBuster = Trojan.Agent!t0Lrbbl1OiI TrendMicro-HouseCall = TROJ_GEN.R28C2G8 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Pirminay.ktv McAfee-GW-Edition = Artemis!C2B8E328C8A1 DrWeb = Trojan.DownLoader3.35229 TrendMicro = TROJ_GEN.R28C2G8 Kaspersky = Trojan.Win32.Pirminay.ktv Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Pirminay.KTV!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.gysr McAfee = Artemis!C2B8E328C8A1 F-Secure = Trojan.Generic.6166149 VIPRE = Trojan.Win32.Generic!SB.0 Avast5 = Win32:Malware-gen AVG = SHeur3.CFNT Norman = W32/Obfuscated.L GData = Trojan.Generic.6166149 Symantec = Trojan.Gen TheHacker = Trojan/Pirminay.iqb BitDefender = Trojan.Generic.6166149 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:04:22 20:40:50-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 294912 Initialized Data Size : 4096 Uninitialized Data Size : 413696 Entry Point : 0xad880 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 9.1.1.3841 Product Version Number : 9.1.1.3841 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Xpuktrlys Nnwgehxbljy File Description : Gwgzlxt Media Services WMI Plugin Property Page File Version : 9.01.01.3841 (srv03_sp2_rtm.070216-1710) Internal Name : WMSWMIPropPage.Dll Legal Copyright : © Yevwzwsew Coqoqwuicvi. All rights reserved. Original Filename : WMSWMIPropPage.Dll Product Name : Hretnhsfq® Meplgue Media Services Product Version : 9.01.01.3841
VirusTotal Report submitted 2011-09-05 19:48:55
VirusShare info last updated 2012-07-25 07:47:33

	MD5	c3a4aa9c082301d98367b7ac8936c21e
	SHA1	a03be7fee37815d3c8fe74143a95cb3b3f1e2dbf
	SHA256	4881bceb5eaffb544c20c9b59fb8adab031d5511fa5db227d73212eb862f299a
SSDeep	12288:A8SfS+LlAXLGNxxJROWRJzYDOTa0/oqgg:wfS+LlCaxROE9ai
Size	393796 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:Trojan-gen Antiy-AVL = Trojan/Win32.Agent.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Pirminay.393796 Panda = Trj/Swisyn.I nProtect = Gen:Variant.Riern.1 K7AntiVirus = Riskware Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Heuristic.BehavesLike.Win32.Downloader.H Microsoft = TrojanDownloader:Win32/Ponmocup.A PCTools = Trojan.Gen Jiangmin = TrojanDownloader.Agent.dndg F-Secure = Trojan.Generic.5857800 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Downloader-GXM [Trj] AVG = SHeur3.BXXH Norman = W32/Obfuscated.L Sophos = Mal/Generic-L Symantec = Trojan.Gen GData = Trojan.Generic.5857800 TheHacker = Trojan/Downloader.Agent.gloy BitDefender = Trojan.Generic.5857800 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:22 16:23:41-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 61440 Initialized Data Size : 643072 Uninitialized Data Size : 0 Entry Point : 0xc4db OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7000.0 Product Version Number : 6.1.7000.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 2 Language Code : Neutral Character Set : Unicode Company Name : Microsoft Corporation File Description : Bengali Keyboard Layout File Version : 6.1.7000.0 (winmain_win7beta.081212-1400) Internal Name : kbdinben (3.13) Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : kbdinben.dll Product Name : Microsoft® Windows® Operating System Product Version : 6.1.7000.0
VirusTotal Report submitted 2011-08-17 23:20:58
VirusShare info last updated 2012-07-25 07:48:41

	MD5	c70598f1a02ad045bd8856aec05566d0
	SHA1	bf266cef7ed567cf9b8b30cf0bae3fec586ffdca
	SHA256	53ff08ea1dcc19abc9ba2203e9c722b306afeb5570498b6dbb6eeb72e1e6911b
SSDeep	6144:qApHMG/Kj3lpJDQBLUYoPSqI6S81bEo20hyy5OL5tRNz+:VRMGiTlpdQ1VoPrcsw3iyy5OLfC
Size	365301 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Pirminay.edp Avast = Win32:Trojan-gen Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Pirminay.365301 Panda = Trj/CI.A K7AntiVirus = Riskware VirusBuster = Trojan.Pirminay!bLvDdl+LNU4 TrendMicro-HouseCall = TROJ_GEN.R28C2F5 Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Downloader.a!cr TrendMicro = TROJ_GEN.R28C2F5 Kaspersky = Trojan.Win32.Pirminay.jiq Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Pirminay.JIQ!tr PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.ov McAfee = Downloader.a!cr F-Secure = Trojan.Generic.KDV.162507 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Vundo-JU [Trj] F-Prot = W32/Ponmocup.A.gen!Eldorado AVG = Generic21.AVTC Norman = W32/Obfuscated.L Symantec = Trojan.Gen GData = Trojan.Generic.KDV.162507 Commtouch = W32/Ponmocup.A.gen!Eldorado TheHacker = Trojan/Pirminay.efs BitDefender = Trojan.Generic.KDV.162507 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:10:19 13:51:31-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 69632 Initialized Data Size : 569344 Uninitialized Data Size : 0 Entry Point : 0xe66f OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Awbatnjju Xlkzgqyeanc File Description : Remote Procedure Call Name Service Client File Version : 5.1.2600.0 (XPClient.010817-1148) Internal Name : rpcns4.dll Legal Copyright : © Wvkbswjbu Jslshmhtxcg. All rights reserved. Original Filename : rpcns4.dll Product Name : Iwqxqyqra® Oegogdo® Celoyuhfz Zydbus Product Version : 5.1.2600.0
VirusTotal Report submitted 2011-08-13 16:54:51
VirusShare info last updated 2012-07-25 07:52:30

	MD5	cbb901d23a4d05fba095d74b37799d39
	SHA1	e01bd06d3c9a38162b31e483aa03d444731d78fe
	SHA256	411844752b861de18636c269f646e210fdbac87d501e7ed7b7901daf84d3413f
SSDeep	6144:ntqAtyQTlskkIB8agSd+/3KTliqpiAG4X/A/HWQhD4Doj+Cu:ntNtyUl7kALd4ilBpi/44F/2
Size	363030 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Pirminay.gkn Avast = Win32:Kryptik-CEF [Trj] Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan-Downloader.Win32.Ponmocup AhnLab-V3 = Win-Trojan/Pirminay.363030 Panda = Trj/CI.A Rising = Trojan.Win32.Generic.128D8405 nProtect = Gen:Variant.Riern.1 K7AntiVirus = Riskware VirusBuster = Trojan.Agent!TKmNTE+h7G4 TrendMicro-HouseCall = TROJ_GEN.R21C2F3 Comodo = TrojWare.Win32.Trojan.Agent.Gen Emsisoft = Trojan-Downloader.Win32.Ponmocup!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Heuristic.BehavesLike.Win32.Downloader.H DrWeb = Trojan.DownLoader4.46159 TrendMicro = TROJ_GEN.R21C2F3 Kaspersky = Trojan.Win32.Pirminay.grr Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = PossibleThreat PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.xx McAfee = Generic Downloader.x!fys F-Secure = Trojan.Generic.5869931 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Vundo-JU [Trj] AVG = Generic22.AEHK Norman = W32/Suspicious_Gen2.MPFJH Sophos = Mal/Generic-L GData = Trojan.Generic.5869931 Symantec = Trojan.Gen TheHacker = Trojan/Pirminay.hay BitDefender = Trojan.Generic.5869931 NOD32 = probably a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:05:30 00:10:26-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 61440 Initialized Data Size : 598016 Uninitialized Data Size : 0 Entry Point : 0xbf1a OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 2 Language Code : Neutral Character Set : Unicode Company Name : Vpuwdzsie Oqfohvphedj File Description : German_IBM Keyboard Layout File Version : 6.0.6000.16386 (qotyg_rtm.061101-2205) Internal Name : kbdgr1 (3.13) Legal Copyright : © Sxoppxnwq Sllsgiltlnl. All rights reserved. Original Filename : kbdgr1.dll Product Name : Ntvcxggbe® Umcwupb® Tuulpvxkb Iaktfo Product Version : 6.0.6000.16386
VirusTotal Report submitted 2011-08-24 02:54:13
VirusShare info last updated 2012-07-25 07:57:43

	MD5	d08ddec5a6b03ea594a22bb896ee7c82
	SHA1	9ec3d2d04034629bd8e639cd975909e12c65c5af
	SHA256	92a6004aa64119e643b60d30ebfd91e67a09e2e6cf0e33e59d722acec52247bc
SSDeep	3072:RmW8dM1A8oRwCC8lxJPslWM06BadT/ctadb3PA4Hg7j7z38WA:oTV8oRHzPiladbflQ7zW
Size	139264 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/VB.Downloader.Gen Avast = Win32:Hosts-J Antiy-AVL = Trojan/Win32.Swisyn.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Swisyn Panda = Trj/Qhost.LU Rising = Trojan.Win32.QHost.awf nProtect = Trojan/W32.QHosts.139264 K7AntiVirus = Trojan VirusBuster = Trojan.Swisyn!whPY1JLc4mw VBA32 = SScope.Trojan.VB.0609 eTrust-Vet = Win32/Swisyn.R TrendMicro-HouseCall = TROJ_FAM_00001e3.TOMA Comodo = TrojWare.Win32.Swisyn.C CAT-QuickHeal = TrojanDownloader.Ponmocup.A3 SUPERAntiSpyware = Trojan.Agent/Gen-HackHost McAfee-GW-Edition = Heuristic.BehavesLike.Win32.Downloader.A DrWeb = Trojan.Hosts.303 TrendMicro = TROJ_FAM_00001e3.TOMA Kaspersky = Trojan.Win32.Swisyn.jyb Microsoft = TrojanDownloader:Win32/Ponmocup.A ViRobot = Trojan.Win32.Swisyn.65024 Fortinet = W32/Swisyn.CQV!tr PCTools = Malware.Changeup Jiangmin = Trojan/Swisyn.cby McAfee = Swisyn.s F-Secure = Trojan.QHosts.AVD VIPRE = Trojan.Win32.Swisyn.jyb (v) Avast5 = Win32:Hosts-J eSafe = Win32.TRVB.Downloade F-Prot = W32/Swisyn.E.gen!Eldorado AVG = Dropper.VB.CMD Norman = W32/DLoader.ACMAD Sophos = Mal/Swisyn-D Symantec = W32.Changeup!gen GData = Trojan.QHosts.AVD Commtouch = W32/Swisyn.E.gen!Eldorado TheHacker = Trojan/Swisyn.jyb BitDefender = Trojan.QHosts.AVD NOD32 = Win32/Qhost.NRX
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:13 10:28:38-04:00 PE Type : PE32 Linker Version : 6.0 Code Size : 8192 Initialized Data Size : 8192 Uninitialized Data Size : 0 Entry Point : 0x1088 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2011-06-25 22:36:01
VirusShare info last updated 2012-07-25 08:02:53

	MD5	d15f8fdbdb4018f7d8740b79abb1c1f3
	SHA1	5255a2cf38a62e130711b3d8e30e47d0f8c8721b
	SHA256	982020e7953d72c5badc51cf99d6252f8185907bdacf12e0940f59eaad9a7eb8
SSDeep	6144:TJS//bwefFtij8x3u5oedX7tB2bRI98T+IWqAmqme8KBTDt1az99j2Rrv56AdOos:sEeNhuKedXhB2aZ+PefJx6A1a7p7
Size	451045 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Pirminay.hob Ikarus = Trojan.Win32.Pirminay Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Heuristic.BehavesLike.Win32.Suspicious.H Microsoft = TrojanDownloader:Win32/Ponmocup.A F-Secure = Trojan.Generic.KDV.230505 AVG = SHeur3.CASG GData = Trojan.Generic.KDV.230505 BitDefender = Trojan.Generic.KDV.230505 NOD32 = a variant of Win32/Kryptik.LLT
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:04:20 04:44:27-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 151552 Initialized Data Size : 577536 Uninitialized Data Size : 0 Entry Point : 0x21ee7 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 4.0.2.6513 Product Version Number : 4.0.2.6513 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Bkrwvdhep Ztnqubrmvgu File Description : Jcwhuhvop FrontPage CGI Server Administrator File Version : 4.0.2.6513 Original Filename : FPSRVCGI.EXE Legal Copyright : Copyright © 1995-1999 Kzmtyqsaq Zvqtxsphbdl, All rights reserved. Legal Trademark 1 : Pjhaxahcx®, Soripfs®, and FrontPage® are registered trademarks of Cmysfkmmw Axeazertkyi, and WebBot is a trademark of Dtpyzxmjc Vsiivqtnfgk, in the United States and/or other countries. Product Name : Gflwlpggq® FrontPage® 2000 Product Version : 4.0.2.6513
VirusTotal Report submitted 2011-05-24 05:57:46
VirusShare info last updated 2012-07-25 08:03:48

	MD5	d22f3142edd63bb111688eac085201d5
	SHA1	2f8f5240dcbf23f12e9537d5502eaa692ac0b427
	SHA256	dc458de1a6c3b1daa0a998e518237f4d2fbe71467a20c5c8bdc14abd68e3284d
SSDeep	6144:qbr47+qinstMgQgRnyoFz8Nr9XFFxTH+likQojkfiIrqsusJX5NLAfz:oFq+sGYyo6RZFF9HcQfluaXLLuz
Size	334951 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Pirminay.bjk Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay Panda = Trj/Agent.OLO nProtect = Gen:Variant.Buzy.552 K7AntiVirus = Riskware VBA32 = SScope.Trojan.Pirminay.chc eTrust-Vet = Win32/Ponmocup.A TrendMicro-HouseCall = TROJ_SPYPRO.SM Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = TrojanDownloader.Ponmocup.a McAfee-GW-Edition = Heuristic.BehavesLike.Win32.Suspicious.H DrWeb = Trojan.MulDrop1.60277 TrendMicro = TROJ_SPYPRO.SM Kaspersky = Trojan.Win32.Pirminay.dku Microsoft = TrojanDownloader:Win32/Renos.KC Fortinet = PossibleThreat PCTools = Trojan.Milicenso Jiangmin = Trojan/Pirminay.gy McAfee = Kryp.b ClamAV = Trojan.Agent-183368 F-Secure = Trojan.Generic.6537674 VIPRE = Trojan.Win32.Generic!BT F-Prot = W32/FakeAlert.LP.gen!Eldorado AVG = Generic20.BEEO Sophos = Troj/Virtum-Gen Symantec = Trojan.Milicenso GData = Trojan.Generic.6537674 Commtouch = W32/FakeAlert.LP.gen!Eldorado TheHacker = Trojan/Pirminay.bih BitDefender = Trojan.Generic.6537674 NOD32 = a variant of Win32/Kryptik.JIB
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:08:30 13:56:32-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 23040 Initialized Data Size : 603648 Uninitialized Data Size : 0 Entry Point : 0x6552 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.0.0.3422 Product Version Number : 2.0.0.3422 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : Hebrew Character Set : Unicode Comments : Company Name : Microsoft Corporation File Description : Microsoft Agent International Dll File Version : 2.00.0.3422 Internal Name : agt040d Legal Copyright : Copyright (C) Microsoft Corp. 1998 Legal Trademarks : Original Filename : agt040d.dll Private Build : Product Name : Microsoft Agent International Dll Product Version : 2.00.0.3422 Special Build :
VirusTotal Report submitted 2011-11-03 17:17:55
VirusShare info last updated 2012-07-25 08:04:38

	MD5	d2b13a6b6b0dd3ca4490d3010c5382ff
	SHA1	e048190dd8a3159cba9093a186c63000c6e414c6
	SHA256	ea557701d371ef420637c6a638542638403277a48eb8dabf80ae0d667e2643f7
SSDeep	12288:a+e97/lyTe3akGIzV2IQOD8q0vslXda24Nk:anvzGtIQAfWv
Size	429056 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Ikarus = Trojan.Win32.Pirminay Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Heuristic.BehavesLike.Win32.Suspicious.H Avast5 = Win32:Vundo-JU Sophos = Mal/Ponmocup-A NOD32 = a variant of Win32/Injector.FXK
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:09:03 05:36:07-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 32768 Initialized Data Size : 790528 Uninitialized Data Size : 0 Entry Point : 0x49a3 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 3.0.6920.1820 Product Version Number : 3.0.6920.1820 File Flags Mask : 0x003f File Flags : Private build File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Lvleaadqo Kvzcsvqofwr File Description : PresentationFramework.Luna.dll File Version : 3.0.6920.1820 built by: NetFXw7 Internal Name : PresentationFramework.Luna.dll Legal Copyright : © Uypueijqy Lcnoxepbfqf. All rights reserved. Original Filename : PresentationFramework.Luna.dll Product Name : Qstehzzmb® .NET Framework Product Version : 3.0.6920.1820 Comments : Flavor=Retail Private Build : DDBLD228
VirusTotal Report submitted 2011-05-27 22:43:29
VirusShare info last updated 2012-07-25 08:05:14

	MD5	d3179a02dc426b5e328772a3a65ce3bc
	SHA1	7da4cd068834fc56f8406f9de55120c29ec54470
	SHA256	1e1f1824f059650377f129119fc0efc4a01994a4d7bf68f975bc379a18a3807a
SSDeep	12288:XU2n1LjxAxbmzruM0bOl26KzBZZq+Gzvm:XBvmJs5lKZizvm
Size	406010 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:Inject-AGX [Trj] Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Pirminay.406010 Panda = Trj/CI.A Rising = Trojan.Win32.Generic.128D02CF nProtect = Gen:Variant.Riern.1 K7AntiVirus = Trojan VirusBuster = Trojan.Agent!oDQKQmIjUeM VBA32 = Trojan.Pirminay.hfx TrendMicro-HouseCall = TROJ_GEN.R21C1FR Comodo = TrojWare.Win32.Trojan.Agent.Gen Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Pirminay.hfx SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[RE] McAfee-GW-Edition = Generic Downloader.x!fyg DrWeb = Trojan.DownLoader4.40390 TrendMicro = TROJ_GEN.R21C1FR Kaspersky = Trojan.Win32.Pirminay.hfx Microsoft = TrojanDownloader:Win32/Ponmocup.A PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.xb McAfee = Generic Downloader.x!fyg F-Secure = Trojan.Generic.5895088 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Inject-AGX [Trj] F-Prot = W32/Ponmocup.A.gen!Eldorado AVG = Dropper.Generic3.BOQX Norman = W32/Suspicious_Gen2.MCSEP Sophos = Mal/Generic-L GData = Trojan.Generic.5895088 Symantec = Trojan.Gen Commtouch = W32/Ponmocup.A.gen!Eldorado TheHacker = Trojan/Pirminay.gna BitDefender = Trojan.Generic.5895088 NOD32 = a variant of Win32/Injector.FXK
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:12:03 02:35:57-05:00 PE Type : PE32 Linker Version : 5.12 Code Size : 20480 Initialized Data Size : 753664 Uninitialized Data Size : 0 Entry Point : 0x2133 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 8 Language Code : English (U.S.) Character Set : Unicode Company Name : Kzntvrbfw Tfjszysdhzw File Description : MCI driver for cdaudio devices File Version : 5.1.2600.0 (xpclient.010817-1148) Internal Name : mcicda Legal Copyright : © Tdfbiltcd Zazxshwpani. All rights reserved. Original Filename : mcicda.dll Product Name : Heucpfpva® Lqeaaqr® Vlsvvkonq Fdlqmd Product Version : 5.1.2600.0
VirusTotal Report submitted 2011-08-26 07:50:45
VirusShare info last updated 2012-07-25 08:05:43

	MD5	d3c072b721fbc0d53dd75e1e59238020
	SHA1	8a21b2eea085874c14554538cafbe1a99acaf10d
	SHA256	67b059bd1eb166b8aa77519605a44d4a13963dc3a24aeac952726db5e315becd
SSDeep	6144:XRobyqO195qa8gjAh+jq203vATD2NLDa48An2N2FSmksqtB9:XWbyqO19D8gjBjmukXx5pesqr9
Size	366592 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dldr.Renos.KC.50 Avast = Win32:Dropper-gen Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Pirminay.366592.C Rising = Trojan.Win32.Generic.1288EE6F nProtect = Trojan/W32.Agent.366592.BY K7AntiVirus = Trojan VBA32 = Trojan.Pirminay.goh TrendMicro-HouseCall = TROJ_GEN.R29C2EN Comodo = TrojWare.Win32.Trojan.Agent.Gen CAT-QuickHeal = Trojan.Pirminay.goh McAfee-GW-Edition = Heuristic.BehavesLike.Win32.Suspicious.H DrWeb = Trojan.DownLoader2.54547 TrendMicro = TROJ_GEN.R29C2EN Kaspersky = Trojan.Win32.Pirminay.goh Microsoft = TrojanDownloader:Win32/Renos.KC Fortinet = W32/Pirminay.A!tr PCTools = Downloader.Generic Jiangmin = Trojan/Pirminay.wu McAfee = Generic Downloader.x!fyi F-Secure = Trojan.Generic.KDV.218163 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Kryptik-CIZ eSafe = Win32.TRDldr.Renos.K AVG = SHeur3.BYYV Norman = W32/Suspicious_Gen2.LWEEJ Sophos = Mal/Ponmocup-A Symantec = Downloader GData = Trojan.Generic.KDV.218163 TheHacker = Trojan/Pirminay.goh BitDefender = Trojan.Generic.KDV.218163 NOD32 = probably a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:11:14 23:21:37-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 327680 Initialized Data Size : 348160 Uninitialized Data Size : 0 Entry Point : 0x4d1a6 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 8.0.7600.16385 Product Version Number : 8.0.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Microsoft Speech Recognition Engine Extensions File Version : 8.0.7600.16385 (win7_rtm.090713-1255) Internal Name : spsrx.dll Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : spsrx.dll Product Name : Microsoft® Windows® Operating System Product Version : 8.0.7600.16385
VirusTotal Report submitted 2011-06-27 07:21:31
VirusShare info last updated 2012-07-25 08:06:33

	MD5	d3c8c072eb4549fd42e523eb59ca177a
	SHA1	29c65b95e257eb2615a1c3d7a451d16e454ed753
	SHA256	9e971ae12da16fb4e138a4fe50b3d94066a351b52fd7feb8684bedb0fa2ccb6d
SSDeep	1536:2IyW6OeyoZGRBS1tk+WqkBDXzQ7aeZ8dKENrAabHcOIDvvwAdjqP:ReJyo4cM+2bzQmtKupLODXnq
Size	94208 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/VB.Downloader.Gen Avast = Win32:Hosts-J Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Swisyn Panda = Trj/Qhost.LU Rising = Trojan.Win32.QHost.awf nProtect = Trojan/W32.QHosts.94208 K7AntiVirus = Trojan VirusBuster = Trojan.Swisyn!whPY1JLc4mw VBA32 = SScope.Trojan.VB.0609 eTrust-Vet = Win32/Swisyn.R TrendMicro-HouseCall = TROJ_FAM_00001e3.TOMA Comodo = TrojWare.Win32.Swisyn.C Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = TrojanDownloader.Ponmocup.A3 SUPERAntiSpyware = Trojan.Agent/Gen-HackHost McAfee-GW-Edition = Heuristic.BehavesLike.Win32.Downloader.D DrWeb = Trojan.Hosts.303 TrendMicro = TROJ_FAM_00001e3.TOMA Kaspersky = Trojan.Win32.Swisyn.jyb Microsoft = TrojanDownloader:Win32/Ponmocup.A ViRobot = Trojan.Win32.Swisyn.65024 Fortinet = W32/Swisyn.CQV!tr PCTools = Malware.Changeup Jiangmin = Trojan/Swisyn.cby McAfee = Swisyn.s F-Secure = Trojan.QHosts.AVD VIPRE = Trojan.Win32.Swisyn.jyb (v) Avast5 = Win32:Hosts-J F-Prot = W32/Swisyn.E.gen!Eldorado AVG = Dropper.VB.CMD Norman = W32/DLoader.ACMAD Sophos = Mal/Swisyn-D Symantec = W32.Changeup!gen GData = Trojan.QHosts.AVD Commtouch = W32/Swisyn.E.gen!Eldorado TheHacker = Trojan/Swisyn.jyb BitDefender = Trojan.QHosts.AVD NOD32 = Win32/Qhost.NRX
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:13 10:28:38-04:00 PE Type : PE32 Linker Version : 6.0 Code Size : 8192 Initialized Data Size : 8192 Uninitialized Data Size : 0 Entry Point : 0x1088 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2011-07-05 08:30:09
VirusShare info last updated 2012-07-25 08:06:37

	MD5	d6eb7e4fd1844f25c774c747f702def0
	SHA1	3e5b12f68463cd55050276d2af16dc3c483f0772
	SHA256	15e20d4e3ef7586112691c9a91e0d426cc0d3418225a84ac52981147b6218548
SSDeep	6144:ntqAtyQTlskkIB8agSd+/3KTliqpiAG4X/A/HWQhD4Doj+CX:ntNtyUl7kALd4ilBpi/44F/v
Size	363094 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Pirminay.gkn Avast = Win32:Kryptik-CEF [Trj] Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan-Downloader.Win32.Ponmocup AhnLab-V3 = Win-Trojan/Pirminay.363094 Panda = Trj/CI.A nProtect = Gen:Variant.Riern.1 K7AntiVirus = Riskware VirusBuster = Trojan.Agent!TKmNTE+h7G4 TrendMicro-HouseCall = TROJ_GEN.R21C2F3 Emsisoft = Trojan-Downloader.Win32.Ponmocup!IK Comodo = TrojWare.Win32.Trojan.Agent.Gen SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Heuristic.BehavesLike.Win32.Downloader.H TrendMicro = TROJ_GEN.R21C2F3 Kaspersky = Trojan.Win32.Pirminay.gsa Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = PossibleThreat PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.xx McAfee = Generic Downloader.x!fys F-Secure = Trojan.Generic.5869931 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Vundo-JU [Trj] AVG = Generic22.AEHK Norman = W32/Obfuscated.L Sophos = Mal/Generic-L Symantec = Trojan.Gen GData = Trojan.Generic.5869931 TheHacker = Trojan/Pirminay.hay BitDefender = Trojan.Generic.5869931 NOD32 = probably a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:05:30 00:10:26-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 61440 Initialized Data Size : 598016 Uninitialized Data Size : 0 Entry Point : 0xbf1a OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 2 Language Code : Neutral Character Set : Unicode Company Name : Vpuwdzsie Oqfohvphedj File Description : German_IBM Keyboard Layout File Version : 6.0.6000.16386 (qotyg_rtm.061101-2205) Internal Name : kbdgr1 (3.13) Legal Copyright : © Sxoppxnwq Sllsgiltlnl. All rights reserved. Original Filename : kbdgr1.dll Product Name : Ntvcxggbe® Umcwupb® Tuulpvxkb Iaktfo Product Version : 6.0.6000.16386
VirusTotal Report submitted 2011-08-19 04:06:18
VirusShare info last updated 2012-07-25 08:10:09

	MD5	d837c751f7b63e9480bbf8d383f79129
	SHA1	4ae329add47724383ebacd77ae812ecf44f41e37
	SHA256	1e93a1e4bf32babf6a992dec80b14ad45583888409e9dcbd2bc48551517067df
SSDeep	3072:R2kvVivN8w3LE4XwBI7YfqNdot7bS8Solhj76iSrRQKTeY8RH:vMN8+XMIw32szf6HddTe5RH
Size	131072 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/VB.Downloader.Gen Avast = Win32:Hosts-J [Trj] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Swisyn Panda = Trj/Qhost.LU Rising = Trojan.Win32.QHost.awf nProtect = Trojan/W32.Swisyn.131072.T K7AntiVirus = Trojan VirusBuster = Trojan.Swisyn!whPY1JLc4mw VBA32 = SScope.Trojan.VB.0609 eTrust-Vet = Win32/Swisyn.R TrendMicro-HouseCall = TROJ_FAM_00001e3.TOMA Emsisoft = Trojan.Win32.Pirminay!IK Comodo = TrojWare.Win32.Swisyn.C CAT-QuickHeal = TrojanDownloader.Ponmocup.A3 SUPERAntiSpyware = Trojan.Agent/Gen-HackHost McAfee-GW-Edition = Heuristic.BehavesLike.Win32.Downloader.A DrWeb = Trojan.Hosts.303 TrendMicro = TROJ_FAM_00001e3.TOMA Kaspersky = Trojan.Win32.Swisyn.jyb ViRobot = Trojan.Win32.Swisyn.65024 Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Swisyn.CQV!tr PCTools = Malware.Changeup Jiangmin = Trojan/Swisyn.cby McAfee = Swisyn.s ClamAV = Trojan.VB-43290 F-Secure = Trojan.QHosts.AVD VIPRE = Trojan.Win32.Swisyn.jyb (v) Avast5 = Win32:Hosts-J [Trj] eSafe = Win32.TRVB.Downloade F-Prot = W32/Swisyn.E.gen!Eldorado AVG = Dropper.VB.CMD Norman = W32/Suspicious_Gen2.MTKWO Sophos = Mal/Swisyn-D Symantec = W32.Changeup!gen GData = Trojan.QHosts.AVD Commtouch = W32/Swisyn.E.gen!Eldorado TheHacker = Trojan/Swisyn.jyb BitDefender = Trojan.QHosts.AVD NOD32 = Win32/Qhost.NRX
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:13 10:28:38-04:00 PE Type : PE32 Linker Version : 6.0 Code Size : 8192 Initialized Data Size : 8192 Uninitialized Data Size : 0 Entry Point : 0x1088 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2011-08-02 00:03:45
VirusShare info last updated 2012-07-25 08:11:37

	MD5	d9a81452b755ecc38118e8db21429129
	SHA1	0a2c45f0ea11e96bcff7c5492b780c6107232f41
	SHA256	deb581cccb578601ea1dbd97bc21e719ce282298819f9ff3b259024e9b8c8506
SSDeep	1536:2IwrilzkO6Qj478xoGYR6PoYef9NslWGKpGj2FQMQ7JLaQMQRQKA7qVRAsj5e:Rwulzl6Qj043efMlDKIqViaQMQ6KAoyb
Size	94208 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/VB.Downloader.Gen Avast = Win32:Hosts-J [Trj] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Swisyn Panda = Trj/Qhost.LU Rising = Trojan.Win32.QHost.awf nProtect = Trojan/W32.QHosts.94208 K7AntiVirus = Trojan VirusBuster = Trojan.Swisyn!whPY1JLc4mw VBA32 = SScope.Trojan.VB.0609 eTrust-Vet = Win32/Swisyn.R TrendMicro-HouseCall = TROJ_FAM_00001e3.TOMA Comodo = TrojWare.Win32.Swisyn.C Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = TrojanDownloader.Ponmocup.A3 SUPERAntiSpyware = Trojan.Agent/Gen-HackHost McAfee-GW-Edition = Heuristic.BehavesLike.Win32.Downloader.D DrWeb = Trojan.Hosts.303 TrendMicro = TROJ_FAM_00001e3.TOMA Kaspersky = Trojan.Win32.Swisyn.jyb Microsoft = TrojanDownloader:Win32/Ponmocup.A ViRobot = Trojan.Win32.Swisyn.65024 Fortinet = W32/Swisyn.CQV!tr PCTools = Malware.Changeup Jiangmin = Trojan/Swisyn.cby McAfee = Swisyn.s ClamAV = Trojan.VB-43290 F-Secure = Trojan.QHosts.AVD VIPRE = Trojan.Win32.Swisyn.jyb (v) Avast5 = Win32:Hosts-J [Trj] eSafe = Win32.TRVB.Downloade F-Prot = W32/Swisyn.E.gen!Eldorado AVG = Dropper.VB.CMD Norman = W32/Suspicious_Gen2.MTKMJ Sophos = Mal/Swisyn-D Symantec = W32.Changeup!gen GData = Trojan.QHosts.AVD Commtouch = W32/Swisyn.E.gen!Eldorado TheHacker = Trojan/Swisyn.jyb BitDefender = Trojan.QHosts.AVD NOD32 = Win32/Qhost.NRX
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:13 10:28:38-04:00 PE Type : PE32 Linker Version : 6.0 Code Size : 8192 Initialized Data Size : 8192 Uninitialized Data Size : 0 Entry Point : 0x1088 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2011-08-02 00:08:10
VirusShare info last updated 2012-07-25 08:13:07

	MD5	db71814da4f2396af1805f792c67b2c7
	SHA1	646b7211cfc2c225183b7d5837c0a498498baaea
	SHA256	94f40d8c364f6a346ba915f15fdff3768f17483ab5c9c298b6d14d409de5497b
SSDeep	6144:syuTlIs2Cdg/loXVYv4g03LBDD7QggI+4gG0sG324MuQrzjG8VAgVNfh+gvtB9O:s3TlFJQJQgYBDD7oI3gG0ZG4JWzjGfEs
Size	373857 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.XPACK.Gen3 Avast = Win32:Vundo-JU [Trj] Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Pirminay.373857 Panda = Trj/CI.A nProtect = Trojan/W32.Pirminay.373857 K7AntiVirus = Riskware VirusBuster = Trojan.Agent!hlnj35hXlTM VBA32 = Trojan.Pirminay.ign TrendMicro-HouseCall = TROJ_GEN.R72C1FF Comodo = TrojWare.Win32.Trojan.Agent.Gen Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Generic Downloader.x!fyw DrWeb = Trojan.DownLoader4.10097 TrendMicro = TROJ_GEN.R72C1FF Kaspersky = Trojan.Win32.Pirminay.ign Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.ADH Jiangmin = Trojan/Pirminay.afh McAfee = Generic Downloader.x!fyw F-Secure = Gen:Variant.Graftor.840 VIPRE = Trojan.Win32.Generic!BT eSafe = Win32.TRCrypt.XPACK AVG = Downloader.Generic11.AJSX Norman = W32/Suspicious_Gen2.MUIMS Sophos = Mal/Generic-L GData = Gen:Variant.Graftor.840 Symantec = Trojan.ADH.2 TheHacker = Trojan/Downloader.Agent.pxo BitDefender = Gen:Variant.Graftor.840 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2002:08:19 14:28:48-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 28672 Initialized Data Size : 671744 Uninitialized Data Size : 0 Entry Point : 0x720c OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 8.0.7000.0 Product Version Number : 8.0.7000.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Zjkuehate Hahthgdvnro File Description : Zgqvqmvxj Speech Recognition Engine Extensions File Version : 8.0.7000.0 (winmain_win7beta.081212-1400) Internal Name : spsrx.dll Legal Copyright : © Erqasvbcs Crgsknwonkr. All rights reserved. Original Filename : spsrx.dll Product Name : Gafulzxnr® Cuhfllt® Bgmddrvjn Ennerx Product Version : 8.0.7000.0
VirusTotal Report submitted 2011-10-21 03:49:40
VirusShare info last updated 2012-07-25 08:15:16

	MD5	df5bfa7a94f2fc635a25c554b7b1a09c
	SHA1	2a83e5d56dd8312275df479fdf4cf663c116f5ef
	SHA256	be4263abedfaaa3ddf5a42df10f5e74abe545a9c5e4ebbf7572b34e76f594824
SSDeep	6144:uMC0piyHhoYmipPq3dzlTYjUZNogL9Smn4oTT0IIXnCIarq//Gy8hDW6uVdxzlBv:uMBphhNxelTYjUZrshosIUCIaqL8hD2H
Size	327247 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dldr.Ponmocup.A.284 Avast = Win32:Kryptik-DCA [Trj] Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Pirminay.442368.G Panda = Generic Trojan nProtect = Gen:Variant.Kazy.26405 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!9smv22MGvB0 TrendMicro-HouseCall = TROJ_GEN.R72C3FJ Comodo = TrojWare.Win32.Trojan.Agent.Gen Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = TrojanDownloader.Ponmocup.a SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] TrendMicro = TROJ_GEN.R72C3FJ Kaspersky = Trojan.Win32.Pirminay.kum Microsoft = TrojanDownloader:Win32/Ponmocup.A PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.acp F-Secure = Trojan.Generic.6142029 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Kryptik-DCA [Trj] AVG = Generic22.CPDZ Norman = W32/Obfuscated.L Sophos = Mal/Generic-L GData = Trojan.Generic.6142029 Symantec = Trojan.Gen TheHacker = Trojan/Pirminay.ifj BitDefender = Trojan.Generic.6142029 NOD32 = a variant of Win32/Kryptik.ILE
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:05 08:50:16-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 323584 Initialized Data Size : 4096 Uninitialized Data Size : 450560 Entry Point : 0xbddb0 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Zevtxrdlb Nkmoyyjmsdi File Description : WMI Performance Reverse Adapter Resources File Version : 5.1.2600.0 (uxcdnjto.010817-1148) Internal Name : WmiApRes.dll Legal Copyright : © Dasvojmrp Vqgsjfpoxzt. All rights reserved. Original Filename : WmiApRes.dll Product Name : Ulpqoxski® Gnisvoh® Bbmxfxbza Zawdxs Product Version : 5.1.2600.0
VirusTotal Report submitted 2011-08-23 18:57:25
VirusShare info last updated 2012-07-25 08:19:33

	MD5	e2a36eeb7eed7c8aaa143a469a452dcc
	SHA1	571fb4d6f24733b837b46ef9d8c29862d7e0e884
	SHA256	c336646f09d1e2118ac01b6a8130432871bf1043a44e1d692102e5cc76e8d234
SSDeep	6144:TTUyAs15d/3BfydG/wyBMUyAg8jId0a3kPx/GA6UerC26ie+T5SvCtWRI:/53B6GnBMUQyaUZGAjLvC8q
Size	363402 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.5.18 Avast = Win32:Dropper-gen [Drp] Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Pirminay.363402 Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.5 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!SwtpIwwljRQ TrendMicro-HouseCall = TROJ_GEN.R21C2F4 Emsisoft = Trojan.Win32.Pirminay!IK Comodo = TrojWare.Win32.Trojan.Agent.Gen CAT-QuickHeal = Trojan.Pirminay.hmk SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[RE] McAfee-GW-Edition = Generic Downloader.x!fzl TrendMicro = TROJ_GEN.R21C2F4 Kaspersky = Trojan.Win32.Pirminay.hmk Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Ponmocup.A Jiangmin = Trojan/Pirminay.agv McAfee = Generic Downloader.x!fzl F-Secure = Gen:Variant.Vundo.5 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Dropper-gen [Drp] AVG = Generic22.ANYC Norman = W32/Obfuscated.L Sophos = Mal/Ponmocup-A GData = Gen:Variant.Vundo.5 TheHacker = Trojan/Pirminay.goj BitDefender = Gen:Variant.Vundo.5 NOD32 = a variant of Win32/Kryptik.LLT
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:03:30 21:37:48-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 65536 Initialized Data Size : 589824 Uninitialized Data Size : 0 Entry Point : 0xcc6b OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.0.2195.6620 Product Version Number : 5.0.2195.6620 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Gthapoftv Nkvupyqcxix File Description : IIS Log File Conversion Utility File Version : 5.00.2195.6620 Internal Name : convlog.exe Legal Copyright : Copyright (C) Rpruciyyz Corp. 1981-1999 Original Filename : convlog.exe Product Name : Nihezboez(R) Jsfokgn (R) 2000 Xwnmsixqj Rzhtlp Product Version : 5.00.2195.6620
VirusTotal Report submitted 2011-08-19 04:07:11
VirusShare info last updated 2012-07-25 08:23:14

	MD5	e40420b9c58a5d08a7aebac2fbefcd13
	SHA1	5ede74dee9a66788eced25a90237c28e36038990
	SHA256	8edbf2ca036b3827e8dd7386d2420406fd8ccb7f252229917698f43e0033cc6e
SSDeep	12288:RFF/IA2pmyR0hJ3BlbovUR9PqKQjmbHqGyxXe:RT/f2WhJHo7j8XyxXe
Size	479665 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dldr.Ponmocup.A.223 Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay nProtect = Trojan.Generic.5815059 K7AntiVirus = Riskware Emsisoft = Trojan.Win32.Pirminay!IK PCTools = Downloader.Generic F-Secure = Trojan.Generic.5815059 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Malware-gen AVG = Downloader.Generic11.TUK Sophos = Mal/Ponmocup-A Symantec = Downloader GData = Trojan.Generic.5815059 TheHacker = Trojan/Downloader.Agent.pxo BitDefender = Trojan.Generic.5815059 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:11:09 22:30:14-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 90112 Initialized Data Size : 745472 Uninitialized Data Size : 0 Entry Point : 0x13222 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.0.0.3422 Product Version Number : 2.0.0.3422 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : Ydwnyedwh Cqezrxrndbh File Description : Microsoft Character Animation Data Provider File Version : 2.00.0.3422 Internal Name : AgentDataProvider2 Legal Copyright : Copyright (C) Dollwhwhh Corp. 1997-98 Legal Trademarks : Original Filename : AgentDp2.dll Private Build : Product Name : Olomakzsy Character Animation Data Provider Product Version : 2.00.0.3422 Special Build :
VirusTotal Report submitted 2011-05-23 09:09:26
VirusShare info last updated 2012-07-25 08:24:46

	MD5	e6272d6b5b46e8f374fd40b794eda678
	SHA1	52baddd54664d8b311a70f378bfd9e8300e293be
	SHA256	0b259f53b3d1a39014a2215ae7a83143a01cf3a03eb2e3e14ed3082526170d5b
SSDeep	1536:2If8tPUvnvrxt5C0ZP5kCOmDi31dc+oDUiga4JkvHe9KGJuGs:Rf8toT3P5zOL1dcJEa4JcXGUD
Size	87552 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/VB.Downloader.Gen Avast = Win32:Hosts-J [Trj] Ikarus = Trojan.Win32.Swisyn AhnLab-V3 = Trojan/Win32.Swisyn Panda = Trj/Qhost.LU Rising = Trojan.Win32.QHost.awf nProtect = Trojan/W32.Swisyn.87552 K7AntiVirus = Trojan VirusBuster = Trojan.Swisyn!whPY1JLc4mw eTrust-Vet = Win32/Swisyn.R TrendMicro-HouseCall = TROJ_FAM_00001e3.TOMA Comodo = TrojWare.Win32.Swisyn.C Emsisoft = Trojan.Win32.Swisyn!IK SUPERAntiSpyware = Trojan.Agent/Gen-HackHost McAfee-GW-Edition = Heuristic.BehavesLike.Win32.Downloader.D DrWeb = Trojan.Hosts.303 TrendMicro = TROJ_FAM_00001e3.TOMA Kaspersky = Trojan.Win32.Swisyn.jyb Microsoft = TrojanDownloader:Win32/Ponmocup.A ViRobot = Trojan.Win32.Swisyn.65024 Fortinet = W32/Swisyn.CQV!tr PCTools = Malware.Changeup Jiangmin = Trojan/Swisyn.cby McAfee = Swisyn.s ClamAV = Trojan.VB-43290 F-Secure = Trojan.QHosts.AVD VIPRE = Trojan.Win32.Swisyn.jyb (v) F-Prot = W32/Swisyn.E.gen!Eldorado AVG = Dropper.VB.CMD Sophos = Mal/Swisyn-D Symantec = W32.Changeup!gen GData = Trojan.QHosts.AVD TheHacker = Trojan/Swisyn.jyb BitDefender = Trojan.QHosts.AVD NOD32 = Win32/Qhost.NRX
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:13 10:28:38-04:00 PE Type : PE32 Linker Version : 6.0 Code Size : 8192 Initialized Data Size : 8192 Uninitialized Data Size : 0 Entry Point : 0x1088 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2011-11-08 10:27:04
VirusShare info last updated 2012-07-25 08:27:03

	MD5	e9796b0aec2c4bc598eed381badab0c0
	SHA1	703c398984268bf77f76aecfed11c97ab3988b84
	SHA256	bd227155c5d51f759c471821e779623a73c4e83879688b1ebcc7323d34e854fe
SSDeep	6144:12YCMrpmfPHkcHYX7Cr63TTcp3gAF4z9Cv+KSUQ32ry/Kmd4WVCLhKne0B82Ec:1HCwrUI7g6jYS64zUvDSjuWjH77Wbc
Size	393759 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Spy.393643 Avast = Win32:Spyware-gen [Spy] Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Generic Trojan nProtect = Trojan/W32.Pirminay.393759 K7AntiVirus = Trojan VirusBuster = TrojanSpy.Agent!N4s9M8aSyjY VBA32 = Trojan.Pirminay.iha TrendMicro-HouseCall = TROJ_GEN.R47C2FL Emsisoft = Trojan.Win32.Pirminay!IK Comodo = TrojWare.Win32.Trojan.Agent.Gen CAT-QuickHeal = Trojan.Pirminay.iha SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[RE] McAfee-GW-Edition = Artemis!E9796B0AEC2C TrendMicro = TROJ_GEN.R47C2FL Kaspersky = Trojan.Win32.Pirminay.iha Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Pirminay.IHA!tr PCTools = Trojan.ADH Jiangmin = Trojan/Pirminay.acs McAfee = Artemis!E9796B0AEC2C F-Secure = Gen:Trojan.Heur.RP.ymLfamRySpdi VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Spyware-gen [Spy] eSafe = Win32.TRSpy AVG = SHeur3.CERD Norman = W32/Obfuscated.L Sophos = Mal/Generic-L Symantec = Trojan.ADH GData = Gen:Trojan.Heur.RP.ymLfamRySpdi TheHacker = Trojan/Pirminay.iha BitDefender = Gen:Trojan.Heur.RP.ymLfamRySpdi NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:25 17:24:29-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 393216 Initialized Data Size : 4096 Uninitialized Data Size : 487424 Entry Point : 0xd7010 OS Version : 4.0 Image Version : 21315.20512 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.5512 Product Version Number : 5.1.2600.5512 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Bwvwoqvlf Ehscgqxswrs File Description : Yanaoab NT MARTA provider File Version : 5.1.2600.5512 (xpsp.080413-2113) Internal Name : ntmarta.dll Legal Copyright : © Grqpskjaw Jisqfrwdtfo. All rights reserved. Original Filename : ntmarta.dll Product Name : Mqtosrgiz® Psctysy® Operating Jgcrjk Product Version : 5.1.2600.5512
VirusTotal Report submitted 2011-07-20 21:26:09
VirusShare info last updated 2012-07-25 08:30:39

	MD5	edbb307205339cd70debb64804bc537f
	SHA1	33f8432e49a12fa06835ca1178429b0db93de79f
	SHA256	7077479a6f60eb771de464486257dc1284b64f5141da13e59ccc2e3adf33c581
SSDeep	6144:xH1YJJIaFipHIFx9hbwIFCAZHI2oHU6b3UE66VtdRTYrjNNr6H1I7wRnK8548FFt:DYJepobrwIAco2ub+6VlYrjTM1fp88my
Size	371712 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.XPACK.Gen2 Avast = Win32:Dropper-gen [Drp] Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/CI.A nProtect = Trojan/W32.Pirminay.371712 K7AntiVirus = Trojan VirusBuster = Trojan.Pirminay!d6woub+XMXM VBA32 = Trojan.Pirminay.hux TrendMicro-HouseCall = TROJ_AGENT.JNAZ Emsisoft = Trojan.Win32.Pirminay!IK Comodo = TrojWare.Win32.Trojan.Agent.Gen CAT-QuickHeal = Trojan.Pirminay.hux McAfee-GW-Edition = Artemis!EDBB30720533 DrWeb = Trojan.DownLoader3.10211 TrendMicro = TROJ_AGENT.JNAZ Kaspersky = Trojan.Win32.Pirminay.hux Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Ponmocup.A!tr PCTools = Trojan.Gen McAfee = Artemis!EDBB30720533 F-Secure = Gen:Variant.Zbot.34 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Kryptik-CWP [Trj] eSafe = Win32.TRCrypt.XPACK AVG = Generic22.BVOK Norman = W32/Obfuscated.L Sophos = Mal/Ponmocup-A GData = Gen:Variant.Zbot.34 Symantec = Trojan.Gen TheHacker = Trojan/Pirminay.hux BitDefender = Gen:Variant.Zbot.34 NOD32 = a variant of Win32/Kryptik.LLT
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:02:16 22:07:41-05:00 PE Type : PE32 Linker Version : 6.0 Code Size : 360448 Initialized Data Size : 348160 Uninitialized Data Size : 0 Entry Point : 0x54ae3 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.0.1050 Product Version Number : 5.1.0.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Windows, Latin1 Comments : Release Company Name : Inso Corporation File Description : SCC Utility File Version : 5.1.0.1050 [Nov.15.1997] Internal Name : SCMSUT Legal Copyright : Copyright © Inso Corporation 1991-1997 Original Filename : SCMSUT.DLL Product Name : Outside In® Viewer Technology Product Version : 5.1
VirusTotal Report submitted 2011-09-12 07:06:55
VirusShare info last updated 2012-07-25 08:35:28

	MD5	ee1c7fa6c1abb0514abd1b2fb7310206
	SHA1	455a059773336faaf3eaebea18793d09e293a71d
	SHA256	ee8cecfde7cfae5d6fb7440647c02f7359ff174090e38202dc6dde1e8eed6cb8
SSDeep	6144:b/VJmfC0G9r69IUjJIBb59VOI27P+kgGws62uZukRX4iMyVPzXfVvE5YEdJWqU:b/VJmfC0GkpJIt59VOI2j+/GXduu6X4q
Size	365128 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:Pirminay-W Antiy-AVL = Trojan/Win32.Pirminay Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Pirminay.365128.B Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.5 K7AntiVirus = Riskware VirusBuster = Trojan.Agent!wWzOKfPZuS4 TrendMicro-HouseCall = TROJ_GEN.R21C1F3 Comodo = TrojWare.Win32.Trojan.Agent.Gen SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Generic Downloader.x!fyg TrendMicro = TROJ_GEN.R21C1F3 Kaspersky = Trojan.Win32.Pirminay.gzz Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Pirminay.A!tr PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.xg McAfee = Generic Downloader.x!fyg ClamAV = Trojan.Pirminay-1 F-Secure = Trojan.Generic.5867365 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Pirminay-W eSafe = Win32.TRDropper AVG = Generic22.AFGV Norman = W32/Suspicious_Gen2.MQHFD Sophos = Mal/Ponmocup-A Symantec = Trojan.Gen GData = Trojan.Generic.5867365 TheHacker = Trojan/Pirminay.giu BitDefender = Trojan.Generic.5867365 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:18 11:12:37-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 57344 Initialized Data Size : 593920 Uninitialized Data Size : 0 Entry Point : 0xae8f OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 9.1.1.3841 Product Version Number : 9.1.1.3841 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Ijlmnyuen Caxlrympeju File Description : Kbhqrel Media Services HTTP Control Protocol Plugin Property Page File Version : 9.01.01.3841 (srv03_sp2_rtm.070216-1710) Internal Name : WMSHTTPControlPropPage.Dll Legal Copyright : © Ylqzeicer Peheyysfnid. All rights reserved. Original Filename : WMSHTTPControlPropPage.Dll Product Name : Qehnslxou® Ctogeij Media Services Product Version : 9.01.01.3841
VirusTotal Report submitted 2011-06-30 19:46:56
VirusShare info last updated 2012-07-25 08:35:51

	MD5	ee7d5402fd99909175ade6addf49b45c
	SHA1	36e2bfafe8cbdc0b3d0aa617a699ad80be0780c8
	SHA256	6cc06e89768615c496045a5a01f7247c392bb884bce42fe34ffdc9c69e6072b9
SSDeep	6144:sc8ybgoKQK5vln4GRwk6t9Zf6F774vNw10+GdLj5abhh0FCKfAaapJY:sfLZTb4GakMvof4VNfdLjq2s
Size	329728 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Kazy.23594 Avast = Win32:Pirminay-BD [Trj] Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Pirminay.329728 Panda = Generic Trojan nProtect = Trojan/W32.Pirminay.329728 K7AntiVirus = Trojan VirusBuster = Trojan.Pirminay!yjF85I6tHrc VBA32 = Trojan.Pirminay.iph TrendMicro-HouseCall = TROJ_GEN.R47C2G5 Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Pirminay.iph SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Generic.dx!zwh DrWeb = Trojan.DownLoader3.35201 TrendMicro = TROJ_GEN.R47C2G5 Kaspersky = Trojan.Win32.Pirminay.iph Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Pirminay.IPH!tr Jiangmin = Trojan/Pirminay.aid McAfee = Generic.dx!zwh F-Secure = Trojan.Generic.6154485 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Pirminay-BD [Trj] eSafe = Win32.GenVariant.Kaz AVG = SHeur3.CFKZ Norman = W32/Obfuscated.L Sophos = Mal/Generic-L GData = Trojan.Generic.6154485 Symantec = WS.Reputation.1 TheHacker = Trojan/Pirminay.iph BitDefender = Trojan.Generic.6154485 NOD32 = Win32/Qhost.NRX
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:08:25 13:56:47-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 327680 Initialized Data Size : 4096 Uninitialized Data Size : 401408 Entry Point : 0xb2b00 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.0.2134.1 Product Version Number : 5.0.2134.1 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Unzzhvxko Ytbcupwrljs File Description : Yqhbfwe Font Viewer File Version : 5.00.2134.1 Internal Name : fontview Legal Copyright : Copyright (C) Xmcbjnlyl Corp. 1991-1995 Original Filename : FONTVIEW.EXE Product Name : Lbdgfecwt(R) Oitgjsi (R) 2000 Lswlfchmc Agvajd Product Version : 5.00.2134.1
VirusTotal Report submitted 2011-09-13 11:06:10
VirusShare info last updated 2012-07-25 08:36:18

	MD5	f0b13b77dec8ebe1e255fb8ff2a5692f
	SHA1	f77ed1c8057b56697d46d3a752bbc72cfa3cac5c
	SHA256	6a7e0ec9f4d2ef828300b1021941be54c259263d412d59d0a12f14b073d96a34
SSDeep	6144:CGMRzkGlUKQryU8ej6M17RZVmigfflZkORnPPB1lOfGio:CGMRkKQV+MtRcfbp51lOfW
Size	311296 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Spy.ZBot.34.51 Avast = Win32:Pirminay-V Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Pirminay.311296.I Panda = Generic Trojan nProtect = Gen:Variant.Zbot.34 K7AntiVirus = Trojan VirusBuster = Trojan.Pirminay!3c031/6UyM0 VBA32 = Trojan.Pirminay.hxr TrendMicro-HouseCall = TROJ_GEN.R01C2FD Comodo = TrojWare.Win32.Trojan.Agent.Gen DrWeb = Trojan.DownLoader3.13029 TrendMicro = TROJ_GEN.R01C2FD Kaspersky = Trojan.Win32.Pirminay.hxr Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Pirminay.HXR!tr PCTools = HeurEngine.MaliciousPacker F-Secure = Gen:Variant.Zbot.34 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Pirminay-V eSafe = Win32.GenVariant.Zbo AVG = SHeur3.CCVM Norman = W32/Obfuscated.L Sophos = Mal/Generic-L Symantec = Packed.Generic.305 GData = Gen:Variant.Zbot.34 TheHacker = Trojan/Pirminay.hxr BitDefender = Gen:Variant.Zbot.34 NOD32 = a variant of Win32/Kryptik.NHM
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:12:10 11:47:18-05:00 PE Type : PE32 Linker Version : 5.12 Code Size : 294912 Initialized Data Size : 282624 Uninitialized Data Size : 0 Entry Point : 0x48816 OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.398.613.2003 Product Version Number : 5.398.613.2003 File Flags Mask : 0x003f File Flags : Private build File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 6 Language Code : English (U.S.) Character Set : Unicode Company Name : Realtek Semiconductor Corporation File Description : Realtek RTL8139 NDIS 5.0 Driver File Version : 5.398.613.2003 built by: WinDDK Internal Name : RTL8139.SYS Legal Copyright : Copyright (C) 1994-2003 Realtek Semiconductor Uawxklfledv Original Filename : RTL8139.SYS Product Name : Realtek RTL8139 Family Fast Ethernet Adapter Product Version : 5.398.613.2003
VirusTotal Report submitted 2011-06-20 22:57:44
VirusShare info last updated 2012-07-25 08:38:43

	MD5	f36598971c14f357c5ce1b1ee10f17cf
	SHA1	1502690308f26b2e603ab65972bf0418833f9dde
	SHA256	e118e699cf195f84ff3f9af8949b2cffb93f9fe253eeb9dc1ecb205b146a7a38
SSDeep	6144:0dkR8bA7oTmzu44d9uXa+x9G9+AFSn/mkrh/HjMR6o6047cGmB1M0kMlha8jylvt:Ak8KaXuK+v2vFSFh/Hzo+Qz1oM7awYgs
Size	373285 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.XPACK.Gen3 Avast = Win32:Pirminay-W [Trj] Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Pirminay.373285 Panda = Trj/CI.A nProtect = Gen:Variant.Buzy.3411 K7AntiVirus = Riskware VirusBuster = Trojan.Agent!hPsfQIXzQQc TrendMicro-HouseCall = TROJ_GEN.R21C2F3 Comodo = TrojWare.Win32.Trojan.Agent.Gen Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Generic.dx!zuh TrendMicro = TROJ_GEN.R21C2F3 Kaspersky = Trojan.Win32.Pirminay.gtc Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Ponmocup.A PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.abz McAfee = Generic.dx!zuh F-Secure = Trojan.Generic.5869945 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Pirminay-W [Trj] F-Prot = W32/Ponmocup.A.gen!Eldorado AVG = Dropper.Generic3.BNGS Norman = W32/Suspicious_Gen2.MPFCV Sophos = Mal/Ponmocup-A Symantec = Trojan.Gen GData = Trojan.Generic.5869945 Commtouch = W32/Ponmocup.A.gen!Eldorado TheHacker = Trojan/Pirminay.gun BitDefender = Trojan.Generic.5869945 NOD32 = a variant of Win32/Injector.FXK
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:06:06 14:24:37-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 40960 Initialized Data Size : 630784 Uninitialized Data Size : 0 Entry Point : 0x72bf OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1.1.0.0 Product Version Number : 1.1.0.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Unicode Company Name : Advanced Micro Devices File Description : AMD Processor Driver File Version : 1.1.0 (srv03_sp1_rtm.050324-1447) Internal Name : AmdK8.sys Legal Copyright : Copyright © AMD, Inc.2002-2003 Original Filename : AmdK8.sys Product Name : AMD Processor Driver Product Version : 1.1.0
VirusTotal Report submitted 2011-08-19 04:15:41
VirusShare info last updated 2012-07-25 08:41:38

	MD5	f42473920ecb447cd4c0454ffab19b5e
	SHA1	8afa4c495c4c02720225600b1e99e2a9eb16c8f3
	SHA256	75b6ca695abe218034993a0ef6ca9c99fdbc794ab42a496561aae84d098e89de
SSDeep	6144:naOV76gJ56nopQ9LBBMaWtf+YU5LRCifD2mN/C2sXzomgEQasEN5/yZS+JbU9m7:aAWLopQ1D2xe9fD362uzomgba1z/y4m7
Size	438940 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dldr.Ponmocup.A.320 Avast = Win32:Vundo-JU [Trj] Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Pirminay.438940 Panda = Trj/CI.A nProtect = Trojan/W32.Pirminay.438940 K7AntiVirus = Riskware VirusBuster = Trojan.Agent!v6N2FDA/+3Y VBA32 = Trojan.Pirminay.iis TrendMicro-HouseCall = TROJ_GEN.R72C2FG Comodo = TrojWare.Win32.Trojan.Agent.Gen Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Pirminay.iis McAfee-GW-Edition = Heuristic.BehavesLike.Win32.Suspicious.H DrWeb = Trojan.DownLoader5.4391 TrendMicro = TROJ_GEN.R72C2FG Kaspersky = Trojan.Win32.Pirminay.iis Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.afj McAfee = Generic.dx!zvf F-Secure = Trojan.Generic.6189967 VIPRE = Trojan.Win32.Generic!BT eSafe = Win32.TRDldr.Ponmocu AVG = Generic22.CEWQ Norman = W32/Obfuscated.L Sophos = Mal/Generic-L GData = Trojan.Generic.6189967 Symantec = Trojan.Gen TheHacker = Trojan/Pirminay.iis BitDefender = Trojan.Generic.6189967 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:11:18 18:27:26-05:00 PE Type : PE32 Linker Version : 5.12 Code Size : 126976 Initialized Data Size : 593920 Uninitialized Data Size : 0 Entry Point : 0x1c896 OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.0 Product Version Number : 5.2.3790.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 6 Language Code : English (U.S.) Character Set : Unicode Company Name : Meseerzlx Etkyyxjysle File Description : Baqagir NT Macintosh File Server Driver File Version : 5.2.3790.0 (srv03_rtm.030324-2048) Internal Name : sfmsrv.sys Legal Copyright : © Dpnslhdnm Spdlowlblrp. All rights reserved. Original Filename : sfmsrv.sys Product Name : Crbphecnk® Azemsbw® Xosqpjado Lgqwms Product Version : 5.2.3790.0
VirusTotal Report submitted 2011-10-21 03:24:25
VirusShare info last updated 2012-07-25 08:42:35

	MD5	f9b529095109b27a505955bba0848cae
	SHA1	1dd4a78c276ba53a7054218cc6b06990c5b482c7
	SHA256	17340c3f7e0cbba9ca34f7bf218cac9b5e6f0856053c225b1a52da71d7a78f80
SSDeep	6144:+twkvAAF7R68zr7P3PM0doI+PDHgP4HWCcugv7ND3jhLI6OujqiNuKHKU6h:+tXvAAd5zr7P3PM0oPbgMWCav7JzhLTc
Size	389901 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Riern.1.12 Avast = Win32:Kryptik-CCN [Trj] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Pirminay.389901 Panda = Trj/CI.A nProtect = Gen:Variant.Riern.1 VirusBuster = Trojan.Riern!Eo3fiUdDrD8 Comodo = TrojWare.Win32.Trojan.Agent.Gen Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Generic.dx!bacc Kaspersky = Trojan.Win32.Pirminay.gom McAfee = Generic.dx!bacc F-Secure = Gen:Variant.Riern.1 Avast5 = Win32:Vundo-JU [Trj] AVG = SHeur3.CDCC Norman = W32/Obfuscated.L Sophos = Mal/Ponmocup-A Symantec = WS.Reputation.1 GData = Gen:Variant.Riern.1 BitDefender = Gen:Variant.Riern.1
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:06:25 16:05:36-04:00 PE Type : PE32 Linker Version : 5.12 Code Size : 69632 Initialized Data Size : 614400 Uninitialized Data Size : 0 Entry Point : 0xddde OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.2600.5512 Product Version Number : 6.0.2600.5512 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Dlozeiwtr Hvxdksyfapd File Description : Eofljwvvl FE Character Set Conversion Library File Version : 6.0.2600.5512 (xpsp.080413-0852) Internal Name : festrcnv.dll Legal Copyright : © Rfgfrzksg Zcwgszpoewv. All rights reserved. Original Filename : festrcnv.dll Product Name : Internet Information Services Product Version : 6.0.2600.5512
VirusTotal Report submitted 2011-08-14 08:13:48
VirusShare info last updated 2012-07-25 08:49:56

	MD5	fb02f78e8413f8aeb4dac7f15c01a87e
	SHA1	7fce08b0dc3afb718f8ee06ed63f646e80782225
	SHA256	4ccce67212b368b8cd904f28fffcf33052e1f963dbe4a2d2f3a60e77a593da69
SSDeep	6144:IZKTCDjPmESoRDswAaOtrGHzBFBb0RBJXsgiGU3nEcN6zgti4aUTG8m7HB:GKqyTX/1CBFBb0RD1L0n/tNDm9
Size	353183 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.11.16 Avast = Win32:Dropper-gen [Drp] Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Pirminay.353183 Panda = Trj/CI.A nProtect = Gen:Variant.Riern.1 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!/uuunvRnHlc TrendMicro-HouseCall = TROJ_GEN.R21C2F3 Comodo = TrojWare.Win32.Trojan.Agent.Gen Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Heuristic.BehavesLike.Win32.Downloader.H TrendMicro = TROJ_GEN.R21C2F3 Kaspersky = Trojan.Win32.Pirminay.gwb Microsoft = TrojanDownloader:Win32/Ponmocup.A PCTools = Trojan.Milicenso Jiangmin = Trojan/Pirminay.xh McAfee = Generic Downloader.x!fys F-Secure = Gen:Variant.Riern.1 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Dropper-gen [Drp] F-Prot = W32/Ponmocup.A.gen!Eldorado AVG = Generic22.AFVT Norman = W32/Obfuscated.L Symantec = Trojan.Milicenso GData = Gen:Variant.Riern.1 Commtouch = W32/Ponmocup.A.gen!Eldorado TheHacker = Trojan/Pirminay.gjb BitDefender = Gen:Variant.Riern.1 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:04:24 15:26:31-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 40960 Initialized Data Size : 614400 Uninitialized Data Size : 0 Entry Point : 0x6ea7 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.6914.0 Product Version Number : 6.1.6914.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 1 Language Code : English (U.S.) Character Set : Unicode Company Name : SEIKO EPSON CORPORATION File Description : EPSON Printer Driver File Version : 6.1.6914.0 (fbl_dox_dev_ihvs.081001-2123) Internal Name : ep0lvr1i.dll Legal Copyright : Copyright (c) SEIKO EPSON CORPORATION 2003-2004. All rights reserved. Original Filename : ep0lvr1i.dll Product Name : EPSON Printer Driver Product Version : 6.1.6914.0
VirusTotal Report submitted 2011-08-19 04:06:33
VirusShare info last updated 2012-07-25 08:51:35

	MD5	fcd901b0c5066ef084ac70a95b7e104e
	SHA1	d6d61571ae175564501bfc5548120936b39a1f18
	SHA256	b34386bcb07350f0a8ef13824555314635156ea4c89ccd8463cb2ffefa8901f2
SSDeep	6144:US5cLKGt4vobsCJtivQXN5CF19QcGpMb24VZEPDItBk5FjuUU1:UG9GFYqjCFYcUg2IZEPctBwFjuU2
Size	364852 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Pirminay.bvt Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan-Downloader.Win32.Ponmocup AhnLab-V3 = Trojan/Win32.Pirminay Panda = Suspicious file nProtect = Trojan.Generic.KDV.118065 K7AntiVirus = Trojan VBA32 = SScope.Trojan.Pirminay.chc TrendMicro-HouseCall = TROJ_GEN.R47C2AL Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Pirminay.bwd McAfee-GW-Edition = Generic Downloader.x!eif TrendMicro = TROJ_GEN.R47C2AL Kaspersky = Trojan.Win32.Pirminay.bwd Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = PossibleThreat PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.hx McAfee = Generic Downloader.x!eif VIPRE = Trojan.Win32.Generic!BT Prevx = Medium Risk Malware Avast5 = Win32:Malware-gen AVG = Generic20.CAOV Norman = W32/Obfuscated.L Sophos = Mal/Ponmocup-A Symantec = Trojan.Gen GData = Trojan.Generic.KDV.118065 TheHacker = Trojan/Kryptik.jzc BitDefender = Trojan.Generic.KDV.118065 NOD32 = probably a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2004:11:24 15:42:57-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 348160 Initialized Data Size : 323584 Uninitialized Data Size : 0 Entry Point : 0x5531c OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Associated Device Presence Proxy Dll File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : IPBusEnumProxy Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : IPBusEnumProxy.dll Product Name : Microsoft® Windows® Operating System Product Version : 6.1.7600.16385
VirusTotal Report submitted 2011-05-25 19:40:51
VirusShare info last updated 2012-07-25 08:53:44

	MD5	ffe8c66b9b5f60e2abb670a832b368f2
	SHA1	f5ecf01f9a7daad367262f2d3bb040b896630e5e
	SHA256	62191d8fa07eaf233f623e12534113ce3e4adfea7c6e62c11ef7ac4db36b7ce5
SSDeep	6144:2jON4bmgCdzmzjxdzbqOelTiiwOxNzJZbqDRBXDKPS254YLiViutRGncoSuWj3c:2j0JgOAzbqOelnw4zT0RBXD2Es2GnDJb
Size	348562 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.11.25 Avast = Win32:Adware-gen Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/CI.A nProtect = Trojan/W32.Vundo.348562 K7AntiVirus = Virus VBA32 = Trojan.Pirminay.hte TrendMicro-HouseCall = TROJ_GEN.R01C2F7 Comodo = TrojWare.Win32.Trojan.Agent.Gen CAT-QuickHeal = Trojan.Pirminay.hsp McAfee-GW-Edition = Generic.dx!zue DrWeb = Trojan.DownLoader3.7752 TrendMicro = TROJ_GEN.R01C2F7 Kaspersky = Trojan.Win32.Pirminay.hsp Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Pirminay.A!tr McAfee = Generic.dx!zue F-Secure = Gen:Variant.Vundo.11 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Adware-gen eSafe = Win32.GenVariant.Vun F-Prot = W32/Skintrim.1!Generic AVG = SHeur3.CBXK Norman = W32/Obfuscated.L Sophos = Mal/Ponmocup-A GData = Gen:Variant.Vundo.11 Commtouch = W32/Skintrim.1!Generic TheHacker = Trojan/Pirminay.hsp BitDefender = Gen:Variant.Vundo.11 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:14 10:20:59-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 8192 Initialized Data Size : 663552 Uninitialized Data Size : 0 Entry Point : 0x2b56 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.5512 Product Version Number : 5.1.2600.5512 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Orzyenpel Xtdajxndrrn File Description : Aslqcsjhz PCHealth Service Holder File Version : 5.1.2600.5512 (xpsp.080413-2108) Internal Name : PCHSVC.DLL Legal Copyright : © Microsoft Rgjyunmsgcp. All rights reserved. Original Filename : PCHSVC.DLL Product Name : Fmbabfvdm® Iixdbrb® Tkboialdb Hntwzo Product Version : 5.1.2600.5512
VirusTotal Report submitted 2011-06-18 01:54:31
VirusShare info last updated 2012-07-25 08:56:56

	MD5	12d3ad0dafdc61fb557bcec29dd53a5c
	SHA1	3b14265e80d7faa888cc1c2b306baabd98741f50
	SHA256	cf15de4bfd7ab5eae3a72b0680e8a22ad409c6a41dc185b8a4648ace4cb1a318
SSDeep	3072:RbqrH8bN1mhMV8FjeJrw07sVBJ++qjVQb1oFy2rVI:8iMhMV8dOw07hKb1oMAI
Size	143872 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/VB.Downloader.Gen Avast = Win32:Hosts-J [Trj] Ikarus = Trojan.Win32.Swisyn AhnLab-V3 = Trojan/Win32.Swisyn Panda = Trj/Qhost.LU Rising = Trojan.Win32.QHost.awf nProtect = Trojan/W32.QHosts.143872 K7AntiVirus = Trojan VirusBuster = Trojan.Swisyn!whPY1JLc4mw VBA32 = SScope.Trojan.VB.0609 eTrust-Vet = Win32/Swisyn.R TrendMicro-HouseCall = TROJ_FAM_00001e3.TOMA Emsisoft = Trojan.Win32.Swisyn!IK Comodo = TrojWare.Win32.Swisyn.C SUPERAntiSpyware = Trojan.Agent/Gen-HackHost McAfee-GW-Edition = Heuristic.BehavesLike.Win32.Downloader.A ByteHero = Virus.Win32.Heur.p TrendMicro = TROJ_FAM_00001e3.TOMA Kaspersky = Trojan.Win32.Swisyn.jyb ViRobot = Trojan.Win32.Swisyn.65024 Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Swisyn.CQV!tr PCTools = Malware.Changeup Jiangmin = Trojan/Swisyn.cby McAfee = Swisyn.s ClamAV = Trojan.VB-43290 F-Secure = Trojan.QHosts.AVD VIPRE = Trojan.Win32.Swisyn.jyb (v) F-Prot = W32/Swisyn.E.gen!Eldorado AVG = Dropper.VB.CMD Norman = W32/DLoader.ACMAD Sophos = Mal/Swisyn-D Symantec = W32.Changeup!gen GData = Trojan.QHosts.AVD Commtouch = W32/Swisyn.E.gen!Eldorado TheHacker = Trojan/Swisyn.jyb BitDefender = Trojan.QHosts.AVD NOD32 = Win32/Qhost.NRX
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:13 10:28:38-04:00 PE Type : PE32 Linker Version : 6.0 Code Size : 8192 Initialized Data Size : 8192 Uninitialized Data Size : 0 Entry Point : 0x1088 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2011-11-15 12:36:49
VirusShare info last updated 2012-07-25 09:03:27

	MD5	1e7e1b7dfcf6fdcdb3e4f33a90074aec
	SHA1	50f4b19d424cc605b70547af6cbe280a68140585
	SHA256	8892b6c1e8dc2572d54d1d42eb837e6a3f10f5b743135f0843325c41f9a69394
SSDeep	3072:RCTm/BYqMEW85awHeNgS7mWUwLMeActhOXye9to:ITQ5aSfS706F3th+Bto
Size	172032 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/VB.Downloader.Gen Avast = Win32:Hosts-J [Trj] Ikarus = Trojan.Win32.Swisyn AhnLab-V3 = Trojan/Win32.Swisyn Panda = Trj/Qhost.LU Rising = Trojan.Win32.QHost.awf nProtect = Trojan/W32.QHosts.172032 K7AntiVirus = Trojan VirusBuster = Trojan.Swisyn!whPY1JLc4mw VBA32 = SScope.Trojan.VB.0609 eTrust-Vet = Win32/Swisyn.R TrendMicro-HouseCall = TROJ_FAM_00001e3.TOMA Comodo = TrojWare.Win32.Swisyn.C Emsisoft = Trojan.Win32.Swisyn!IK SUPERAntiSpyware = Trojan.Agent/Gen-Qhost McAfee-GW-Edition = Swisyn.s DrWeb = Trojan.Hosts.303 ByteHero = Virus.Win32.Heur.p TrendMicro = TROJ_FAM_00001e3.TOMA Kaspersky = Trojan.Win32.Swisyn.jyb ViRobot = Trojan.Win32.Swisyn.65024 Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Swisyn.CQV!tr PCTools = Malware.Changeup Jiangmin = Trojan/Swisyn.cby McAfee = Swisyn.s ClamAV = Trojan.VB-43290 F-Secure = Trojan.QHosts.AVD VIPRE = Trojan.Win32.Swisyn.jyb (v) F-Prot = W32/Swisyn.E.gen!Eldorado AVG = Dropper.VB.CMD Norman = W32/DLoader.ACMAD Sophos = Mal/Swisyn-D Symantec = W32.Changeup!gen GData = Trojan.QHosts.AVD Commtouch = W32/Swisyn.E.gen!Eldorado TheHacker = Trojan/Swisyn.jyb BitDefender = Trojan.QHosts.AVD NOD32 = Win32/Qhost.NRX
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:13 10:28:38-04:00 PE Type : PE32 Linker Version : 6.0 Code Size : 8192 Initialized Data Size : 8192 Uninitialized Data Size : 0 Entry Point : 0x1088 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2011-11-15 15:37:00
VirusShare info last updated 2012-07-25 09:07:20

	MD5	24a123f8eeec28c9dabddfb17edb5c32
	SHA1	56957be83d42e2896e96eade367d564dea9d6db5
	SHA256	55cf1b1612b8666438f5602c70b79c1c1c1ac34ed13bab5f9cb58e99762fbbf0
SSDeep	3072:RwLJ/E8e+elz7l7Amq+TQ/ztpVyAZdSf0JzvsV35JyiQJH:UlX2l7bTSztGySuzv857QJH
Size	145920 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/VB.Downloader.Gen Avast = Win32:Hosts-J [Trj] Ikarus = Trojan.Win32.Swisyn AhnLab-V3 = Trojan/Win32.Swisyn Panda = Trj/Qhost.LU Rising = Trojan.Win32.QHost.awf nProtect = Trojan/W32.Swisyn.145920.D K7AntiVirus = Trojan VirusBuster = Trojan.Swisyn!whPY1JLc4mw VBA32 = SScope.Trojan.VB.0609 eTrust-Vet = Win32/Swisyn.R TrendMicro-HouseCall = TROJ_FAM_00001e3.TOMA Comodo = TrojWare.Win32.Swisyn.C Emsisoft = Trojan.Win32.Swisyn!IK SUPERAntiSpyware = Trojan.Agent/Gen-HackHost McAfee-GW-Edition = Heuristic.BehavesLike.Win32.Downloader.A DrWeb = Trojan.Hosts.303 TrendMicro = TROJ_FAM_00001e3.TOMA Kaspersky = Trojan.Win32.Swisyn.jyb Microsoft = TrojanDownloader:Win32/Ponmocup.A ViRobot = Trojan.Win32.Swisyn.65024 Fortinet = W32/Swisyn.CQV!tr PCTools = Malware.Changeup Jiangmin = Trojan/Swisyn.cby McAfee = Swisyn.s ClamAV = Trojan.VB-43290 F-Secure = Trojan.QHosts.AVD VIPRE = Trojan.Win32.Swisyn.jyb (v) F-Prot = W32/Swisyn.E.gen!Eldorado AVG = Dropper.VB.CMD Norman = W32/DLoader.ACMAD Sophos = Mal/Swisyn-D Symantec = W32.Changeup!gen GData = Trojan.QHosts.AVD Commtouch = W32/Swisyn.E.gen!Eldorado TheHacker = Trojan/Swisyn.jyb BitDefender = Trojan.QHosts.AVD NOD32 = Win32/Qhost.NRX
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:13 10:28:38-04:00 PE Type : PE32 Linker Version : 6.0 Code Size : 8192 Initialized Data Size : 8192 Uninitialized Data Size : 0 Entry Point : 0x1088 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2011-11-15 17:13:27
VirusShare info last updated 2012-07-25 09:09:07

	MD5	29aff04177685be93b9025fc8ea4ce08
	SHA1	33d50df571e5389d338ea7f5b528c471010ef7a4
	SHA256	ddf49dd825bac5e5618558d6ced6e5e5f0def143141e059977a395e04df31e1b
SSDeep	3072:R/APWu6oYCoj4UE+klr56tHWvrvua2BZiKJgbV5VXdnRiC:JAPWuDb1UEzr56tHHrJuDVXdRV
Size	176128 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/VB.Downloader.Gen Avast = Win32:Hosts-J [Trj] Ikarus = Trojan.Win32.Swisyn AhnLab-V3 = Trojan/Win32.Swisyn Panda = Trj/Qhost.LU Rising = Trojan.Win32.QHost.awf nProtect = Trojan/W32.QHosts.176128 K7AntiVirus = Trojan VirusBuster = Trojan.Swisyn!whPY1JLc4mw VBA32 = SScope.Trojan.VB.0609 eTrust-Vet = Win32/Swisyn.R TrendMicro-HouseCall = TROJ_FAM_00001e3.TOMA Emsisoft = Trojan.Win32.Swisyn!IK Comodo = TrojWare.Win32.Swisyn.C SUPERAntiSpyware = Trojan.Agent/Gen-Qhost McAfee-GW-Edition = Swisyn.s DrWeb = Trojan.Hosts.303 TrendMicro = TROJ_FAM_00001e3.TOMA Kaspersky = Trojan.Win32.Swisyn.jyb ViRobot = Trojan.Win32.Swisyn.65024 Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Swisyn.CQV!tr PCTools = Malware.Changeup Jiangmin = Trojan/Swisyn.cby McAfee = Swisyn.s ClamAV = Trojan.VB-43290 F-Secure = Trojan.QHosts.AVD VIPRE = Trojan.Win32.Swisyn.jyb (v) F-Prot = W32/Swisyn.E.gen!Eldorado AVG = Dropper.VB.CMD Norman = W32/DLoader.ACMAD Sophos = Mal/Swisyn-D Symantec = W32.Changeup!gen GData = Trojan.QHosts.AVD Commtouch = W32/Swisyn.E.gen!Eldorado TheHacker = Trojan/Swisyn.jyb BitDefender = Trojan.QHosts.AVD NOD32 = Win32/Qhost.NRX
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:13 10:28:38-04:00 PE Type : PE32 Linker Version : 6.0 Code Size : 8192 Initialized Data Size : 8192 Uninitialized Data Size : 0 Entry Point : 0x1088 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2011-11-15 18:36:36
VirusShare info last updated 2012-07-25 09:10:53

	MD5	35c5da8537ca04c1efec5d828bd85296
	SHA1	108e52f570ccafcd7846b6bee700180f38af0b28
	SHA256	facd07e963be2c76765db828dd1e3472c4b35b2e06970c7fa45de159dbc42133
SSDeep	12288:m+kdOPWLXkTK1nWoYEcNLEHX4LFkhSVkuVGX:mLgDKB/lvXs2X
Size	475532 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:Trojan-gen Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/CI.A K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!6obbGLky9B8 TrendMicro-HouseCall = TROJ_GEN.R72C2EV Comodo = TrojWare.Win32.Trojan.Agent.Gen Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.DownLoader3.33663 TrendMicro = TROJ_GEN.R72C2EV Kaspersky = Trojan.Win32.Pirminay.icl Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.ze McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.11 VIPRE = Trojan.Win32.Generic!BT AVG = Generic22.BCXF Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen Symantec = Trojan.Gen GData = Gen:Variant.Vundo.11 TheHacker = Trojan/Pirminay.how BitDefender = Gen:Variant.Vundo.11 NOD32 = a variant of Win32/Kryptik.NHO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:08 05:39:28-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 45056 Initialized Data Size : 839680 Uninitialized Data Size : 0 Entry Point : 0x876b OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 2 Language Code : Neutral Character Set : Unicode Company Name : Jbvbailol Ljlvvsrnhbz File Description : Yakut - Russia Keyboard Layout File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : kbdyak (3.13) Legal Copyright : © Kkfudtdqm Dllwpylpvtu. All rights reserved. Original Filename : kbdyak.dll Product Name : Pkwnsfvru® Jabbilg® Oplnuaelg Sbjymf Product Version : 6.1.7600.16385
VirusTotal Report submitted 2011-11-15 22:26:07
VirusShare info last updated 2012-07-25 09:14:58

	MD5	3d093e302bcf432e1d6c0033491eff77
	SHA1	b0d0d6738ef0bc4f7bd274845e626f45a0ed740d
	SHA256	95b3f8d653fabb80740070c98b0aecad2fe0f2814380afdc58b99e5a03c0a97f
SSDeep	6144:UNIiRHpm80bjIskJBZ7h/2WAnx9kLSbtAkG+bdHeMu:WTHtLVh/2WKxGWRRG+bd+Mu
Size	208896 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/VB.Downloader.Gen Avast = Win32:Hosts-J [Trj] Ikarus = Trojan.Win32.Swisyn AhnLab-V3 = Trojan/Win32.Swisyn Panda = Trj/Qhost.LU Rising = Trojan.Win32.QHost.awf nProtect = Trojan/W32.QHosts.208896 K7AntiVirus = Trojan VirusBuster = Trojan.Swisyn!whPY1JLc4mw VBA32 = SScope.Trojan.VB.0609 eTrust-Vet = Win32/Swisyn.R TrendMicro-HouseCall = TROJ_FAM_00001e3.TOMA Emsisoft = Trojan.Win32.Swisyn!IK Comodo = TrojWare.Win32.Swisyn.C McAfee-GW-Edition = Swisyn.s DrWeb = Trojan.Hosts.303 TrendMicro = TROJ_FAM_00001e3.TOMA Kaspersky = Trojan.Win32.Swisyn.jyb Microsoft = TrojanDownloader:Win32/Ponmocup.A ViRobot = Trojan.Win32.Swisyn.65024 Fortinet = W32/Swisyn.CQV!tr PCTools = Malware.Changeup Jiangmin = Trojan/Swisyn.cby McAfee = Swisyn.s ClamAV = Trojan.VB-43290 F-Secure = Trojan.QHosts.AVD VIPRE = Trojan.Win32.Swisyn.jyb (v) F-Prot = W32/Swisyn.E.gen!Eldorado AVG = Dropper.VB.CMD Norman = W32/DLoader.ACMAD Sophos = Mal/Swisyn-D Symantec = W32.Changeup!gen GData = Trojan.QHosts.AVD Commtouch = W32/Swisyn.E.gen!Eldorado TheHacker = Trojan/Swisyn.jyb BitDefender = Trojan.QHosts.AVD NOD32 = Win32/Qhost.NRX
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:13 10:28:38-04:00 PE Type : PE32 Linker Version : 6.0 Code Size : 8192 Initialized Data Size : 8192 Uninitialized Data Size : 0 Entry Point : 0x1088 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2011-11-16 01:17:22
VirusShare info last updated 2012-07-25 09:17:26

	MD5	57159cd1369c5cc387ab81b560324ec3
	SHA1	04a4dce9212f035e6aaea162b0e7cefc90895a2f
	SHA256	24259dfeae59e2e3b34993626234340cc6ce4e9cdc3ffa86c9b69d2b3336a88f
SSDeep	3072:RJOPZ/Jkn3wMiCf46EMZu9dn5ZkpLYdeCaqFS/H9/YTstJSriQTwruu9pRG:Zn3wM/3Er9dnHk5YdKq+YTHr/TSu4po
Size	180224 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/VB.Downloader.Gen Avast = Win32:Hosts-J [Trj] Ikarus = Trojan.Win32.Swisyn AhnLab-V3 = Trojan/Win32.Swisyn Panda = Trj/Qhost.LU Rising = Trojan.Win32.QHost.awf nProtect = Trojan/W32.QHosts.180224 K7AntiVirus = Trojan VirusBuster = Trojan.Swisyn!whPY1JLc4mw VBA32 = SScope.Trojan.VB.0609 eTrust-Vet = Win32/Swisyn.R TrendMicro-HouseCall = TROJ_FAM_00001e3.TOMA Emsisoft = Trojan.Win32.Swisyn!IK Comodo = TrojWare.Win32.Swisyn.C SUPERAntiSpyware = Trojan.Agent/Gen-Qhost McAfee-GW-Edition = Swisyn.s DrWeb = Trojan.Hosts.303 TrendMicro = TROJ_FAM_00001e3.TOMA Kaspersky = Trojan.Win32.Swisyn.jyb ViRobot = Trojan.Win32.Swisyn.65024 Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Swisyn.CQV!tr PCTools = Malware.Changeup Jiangmin = Trojan/Swisyn.cby McAfee = Swisyn.s ClamAV = Trojan.VB-43290 F-Secure = Trojan.QHosts.AVD VIPRE = Trojan.Win32.Swisyn.jyb (v) F-Prot = W32/Swisyn.E.gen!Eldorado AVG = Dropper.VB.CMD Norman = W32/DLoader.ACMAD Sophos = Mal/Swisyn-D Symantec = W32.Changeup!gen GData = Trojan.QHosts.AVD Commtouch = W32/Swisyn.E.gen!Eldorado TheHacker = Trojan/Swisyn.jyb BitDefender = Trojan.QHosts.AVD NOD32 = Win32/Qhost.NRX
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:13 10:28:38-04:00 PE Type : PE32 Linker Version : 6.0 Code Size : 8192 Initialized Data Size : 8192 Uninitialized Data Size : 0 Entry Point : 0x1088 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2011-11-16 09:02:31
VirusShare info last updated 2012-07-25 09:25:51

	MD5	58d7c19e16e421440e372780832ecf61
	SHA1	3bf7a329418c9d3cfba8e9159c5a2c02ef9cffed
	SHA256	3f4496a8845b0480011729752fec411315897628390f850b8de6bd5c1fd7aca3
SSDeep	3072:RUuc8Sw84+t9f4K7vDm1fJh7TWYn4j5Cc85x4hkoFjSPwQ:+Cu3C1fHvWY4dCv34hMN
Size	126976 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/VB.Downloader.Gen Avast = Win32:Hosts-J [Trj] Ikarus = Trojan.Win32.Swisyn AhnLab-V3 = Trojan/Win32.Swisyn Panda = Trj/Qhost.LU Rising = Trojan.Win32.QHost.awf nProtect = Trojan/W32.Swisyn.126976.G K7AntiVirus = Trojan VirusBuster = Trojan.Swisyn!whPY1JLc4mw VBA32 = SScope.Trojan.VB.0609 eTrust-Vet = Win32/Swisyn.R TrendMicro-HouseCall = TROJ_FAM_00001e3.TOMA Emsisoft = Trojan.Win32.Swisyn!IK Comodo = TrojWare.Win32.Swisyn.C SUPERAntiSpyware = Trojan.Agent/Gen-HackHost McAfee-GW-Edition = Heuristic.BehavesLike.Win32.Downloader.A DrWeb = Trojan.Hosts.303 TrendMicro = TROJ_FAM_00001e3.TOMA Kaspersky = Trojan.Win32.Swisyn.jyb Microsoft = TrojanDownloader:Win32/Ponmocup.A ViRobot = Trojan.Win32.Swisyn.65024 Fortinet = W32/Swisyn.CQV!tr PCTools = Malware.Changeup Jiangmin = Trojan/Swisyn.cby McAfee = Swisyn.s ClamAV = Trojan.VB-43290 F-Secure = Trojan.QHosts.AVD VIPRE = Trojan.Win32.Swisyn.jyb (v) F-Prot = W32/Swisyn.E.gen!Eldorado AVG = Dropper.VB.CMD Norman = W32/DLoader.ACMAD Sophos = Mal/Swisyn-D Symantec = W32.Changeup!gen GData = Trojan.QHosts.AVD Commtouch = W32/Swisyn.E.gen!Eldorado TheHacker = Trojan/Swisyn.jyb BitDefender = Trojan.QHosts.AVD NOD32 = Win32/Qhost.NRX
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:13 10:28:38-04:00 PE Type : PE32 Linker Version : 6.0 Code Size : 8192 Initialized Data Size : 8192 Uninitialized Data Size : 0 Entry Point : 0x1088 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2011-11-16 09:33:46
VirusShare info last updated 2012-07-25 09:26:21

	MD5	5b9ece2e5d16bdcb86e3ad8b3259991a
	SHA1	ed67dc00375486af54e06a14600c8d276ee68275
	SHA256	6f7c5d8be97aecc1f250ea3d0aba457c217146705efb5c86f6865836f609eb39
SSDeep	6144:k5cr1KeVJi95w0tsWWWgyclaV6yU2cxb/0iTU+OCKWV3OIlFaSzG9/lraHMC:k5mceVM95weqBlaLYb/njJ9gUI1aZ
Size	438601 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Spy.438876.1 Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Pirminay.438601 Panda = Trj/CI.A nProtect = Trojan/W32.Pirminay.438601 K7AntiVirus = Riskware VirusBuster = TrojanSpy.Agent!jdleA1Gsspg VBA32 = Trojan.Pirminay.fwz TrendMicro-HouseCall = TROJ_GEN.R21C2FE Emsisoft = Trojan.Win32.Pirminay!IK Comodo = TrojWare.Win32.Trojan.Agent.Gen McAfee-GW-Edition = Heuristic.BehavesLike.Win32.Downloader.H DrWeb = Trojan.Hosts.303 TrendMicro = TROJ_GEN.R21C2FE Kaspersky = Trojan.Win32.Pirminay.hlu Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Ponmocup.A PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.up McAfee = Downloader.a!bu F-Secure = Gen:Variant.Vundo.11 AVG = Generic22.JDH Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen Symantec = Trojan.Gen GData = Gen:Variant.Vundo.11 TheHacker = Trojan/Pirminay.fwy BitDefender = Gen:Variant.Vundo.11 NOD32 = a variant of Win32/Kryptik.LLT
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:02:05 19:07:07-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 110592 Initialized Data Size : 630784 Uninitialized Data Size : 0 Entry Point : 0x17e86 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : Neutral Character Set : Unicode Comments : Tablet and Ink Services and Controls Company Name : Gghjtprol Qndjcjrmbac File Description : Zxolteaja Tablet PC API Publisher Policy File Version : 6.0.6000.16386 Internal Name : Policy.1.7.Lxtqdinae.Ink.dll Legal Copyright : Copyright (c) Nwhfuhwsd Surmttcbapw. All rights reserved. Original Filename : Policy.1.7.Tgrykozkp.Ink.dll Product Name : Plhwitoxf (R) Cmnqeqr (R) Mstmglhhr Bcfqxk Product Version : 6.0.6000.16386 Assembly Version : 6.0.0.0
VirusTotal Report submitted 2011-11-16 10:41:10
VirusShare info last updated 2012-07-25 09:27:30

	MD5	5e501ecbadd0a9d0f380f918f1c4986e
	SHA1	8df4696bd5435d87472340ce32e2beb134b1e7d4
	SHA256	9dc42f92f98fd20bc0daa901de7075f28f8b508374798661e9244fe20dc6fe77
SSDeep	3072:RMimWoF4DAk5kfZ9Fekdm9y0Rj8ffiA3OTf5dVobp7ACpJ4:Zm94DAk5AbwkAJMh3OTflobxAg6
Size	144384 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/VB.Downloader.Gen Avast = Win32:Hosts-J [Trj] Ikarus = Trojan.Win32.Swisyn AhnLab-V3 = Trojan/Win32.Swisyn Panda = Trj/Qhost.LU Rising = Trojan.Win32.QHost.awf K7AntiVirus = Trojan VirusBuster = Trojan.Swisyn!whPY1JLc4mw VBA32 = SScope.Trojan.VB.0609 eTrust-Vet = Win32/Swisyn.R TrendMicro-HouseCall = TROJ_FAM_00001e3.TOMA Emsisoft = Trojan.Win32.Swisyn!IK Comodo = TrojWare.Win32.Swisyn.C SUPERAntiSpyware = Trojan.Agent/Gen-HackHost McAfee-GW-Edition = Heuristic.BehavesLike.Win32.Downloader.A DrWeb = Trojan.Hosts.303 TrendMicro = TROJ_FAM_00001e3.TOMA Kaspersky = Trojan.Win32.Swisyn.jyb ViRobot = Trojan.Win32.Swisyn.65024 Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Swisyn.CQV!tr PCTools = Malware.Changeup Jiangmin = Trojan/Swisyn.cby McAfee = Swisyn.s ClamAV = Trojan.VB-43290 F-Secure = Trojan.QHosts.AVD VIPRE = Trojan.Win32.Swisyn.jyb (v) F-Prot = W32/Swisyn.E.gen!Eldorado AVG = Dropper.VB.CMD Norman = W32/DLoader.ACMAD Sophos = Mal/Swisyn-D Symantec = W32.Changeup!gen GData = Trojan.QHosts.AVD Commtouch = W32/Swisyn.E.gen!Eldorado TheHacker = Trojan/Swisyn.jyb BitDefender = Trojan.QHosts.AVD NOD32 = Win32/Qhost.NRX
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:13 10:28:38-04:00 PE Type : PE32 Linker Version : 6.0 Code Size : 8192 Initialized Data Size : 8192 Uninitialized Data Size : 0 Entry Point : 0x1088 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2011-11-16 11:22:16
VirusShare info last updated 2012-07-25 09:28:19

	MD5	651589d6999c4017c8f42a9cabdb5a85
	SHA1	4228f83d970974cccf30305cf9f9066b6dff78e0
	SHA256	1ac3831335d5898bbbb35ee69f8b522991a80ebb67e0716f0c398f419a6f3eda
SSDeep	3072:RdQMZqZeuO9+nIedq7DrHDTU2GPlxHRP1Fn4pHLvPQYJQrkU7MUH0ct:7XqZ/O91sq7fDTU22xxb8s8QroUH0ct
Size	184320 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/VB.Downloader.Gen Avast = Win32:Hosts-J [Trj] Ikarus = Trojan.Win32.Swisyn AhnLab-V3 = Trojan/Win32.Swisyn Panda = Trj/Qhost.LU Rising = Trojan.Win32.QHost.awf nProtect = Trojan/W32.Swisyn.184320.I K7AntiVirus = Trojan VirusBuster = Trojan.Swisyn!whPY1JLc4mw VBA32 = SScope.Trojan.VB.0609 eTrust-Vet = Win32/Swisyn.R TrendMicro-HouseCall = TROJ_FAM_00001e3.TOMA Comodo = TrojWare.Win32.Swisyn.C Emsisoft = Trojan.Win32.Swisyn!IK SUPERAntiSpyware = Trojan.Agent/Gen-Qhost McAfee-GW-Edition = Swisyn.s DrWeb = Trojan.Hosts.303 ByteHero = Virus.Win32.Heur.p TrendMicro = TROJ_FAM_00001e3.TOMA Kaspersky = Trojan.Win32.Swisyn.jyb ViRobot = Trojan.Win32.Swisyn.65024 Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Swisyn.CQV!tr PCTools = Malware.Changeup Jiangmin = Trojan/Swisyn.cby McAfee = Swisyn.s ClamAV = Trojan.VB-43290 F-Secure = Trojan.QHosts.AVD VIPRE = Trojan.Win32.Swisyn.jyb (v) F-Prot = W32/Swisyn.E.gen!Eldorado AVG = Dropper.VB.CMD Norman = W32/DLoader.ACMAD Sophos = Mal/Swisyn-D Symantec = W32.Changeup!gen GData = Trojan.QHosts.AVD Commtouch = W32/Swisyn.E.gen!Eldorado TheHacker = Trojan/Swisyn.jyb BitDefender = Trojan.QHosts.AVD NOD32 = Win32/Qhost.NRX
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:13 10:28:38-04:00 PE Type : PE32 Linker Version : 6.0 Code Size : 8192 Initialized Data Size : 8192 Uninitialized Data Size : 0 Entry Point : 0x1088 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2011-11-16 13:15:28
VirusShare info last updated 2012-07-25 09:30:30

	MD5	a939841b8e4724d1b0163b30f0d9baec
	SHA1	2093bc4a3840ebceb2ad9d97b631e7fafd6450b9
	SHA256	b96dfda9e7430cd8b193d964f0034232c188e597482a1eb4201e65ade09c600e
SSDeep	3072:R/sPuZkPryN+FHMUtkm8yTEB+s0ifybsov8D40D7Zt9vnEkda12z4XydJEdEH7:VsPuZkDb5bq+TEB+VMOsoveRZtmk7AqN
Size	157184 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/VB.Downloader.Gen Avast = Win32:Hosts-J [Trj] Ikarus = Trojan.Win32.Swisyn AhnLab-V3 = Trojan/Win32.Swisyn Panda = Trj/Qhost.LU Rising = Trojan.Win32.QHost.awf nProtect = Trojan/W32.Swisyn.157184 K7AntiVirus = Trojan VirusBuster = Trojan.Swisyn!whPY1JLc4mw VBA32 = SScope.Trojan.VB.0609 eTrust-Vet = Win32/Swisyn.R TrendMicro-HouseCall = TROJ_FAM_00001e3.TOMA Comodo = TrojWare.Win32.Swisyn.C Emsisoft = Trojan.Win32.Swisyn!IK SUPERAntiSpyware = Trojan.Agent/Gen-Qhost McAfee-GW-Edition = Swisyn.s DrWeb = Trojan.Hosts.303 TrendMicro = TROJ_FAM_00001e3.TOMA Kaspersky = Trojan.Win32.Swisyn.jyb Microsoft = TrojanDownloader:Win32/Ponmocup.A ViRobot = Trojan.Win32.Swisyn.65024 Fortinet = W32/Swisyn.CQV!tr PCTools = Malware.Changeup Jiangmin = Trojan/Swisyn.cby McAfee = Swisyn.s ClamAV = Trojan.VB-43290 F-Secure = Trojan.QHosts.AVD VIPRE = Trojan.Win32.Swisyn.jyb (v) F-Prot = W32/Swisyn.E.gen!Eldorado AVG = Dropper.VB.CMD Norman = W32/DLoader.ACMAD Sophos = Mal/Swisyn-D Symantec = W32.Changeup!gen GData = Trojan.QHosts.AVD Commtouch = W32/Swisyn.E.gen!Eldorado TheHacker = Trojan/Swisyn.jyb BitDefender = Trojan.QHosts.AVD NOD32 = Win32/Qhost.NRX
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:13 10:28:38-04:00 PE Type : PE32 Linker Version : 6.0 Code Size : 8192 Initialized Data Size : 8192 Uninitialized Data Size : 0 Entry Point : 0x1088 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2011-11-18 00:07:31
VirusShare info last updated 2012-07-25 09:54:50

	MD5	b6babab0cbcc42a07d89df325ddeccdf
	SHA1	c405921664bd8382afa34a3702e517017bf822eb
	SHA256	5c37a984dc2be04d81a6e502baaab944fa0a05ff9e82aa84d4155c27272fe925
SSDeep	6144:455IJzJznrggsdgz1Jo5H9PnNUxBqczZcuhBzQYvYPuvK09:4HI1dS8Jw9/axhNPBz1QPmKE
Size	294341 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Pirminay.bhf Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/Agent.OLO nProtect = Backdoor/W32.Agent.294341 K7AntiVirus = Riskware VBA32 = SScope.Trojan.Pirminay.chc TrendMicro-HouseCall = TROJ_GEN.R3BCRBR Comodo = UnclassifiedMalware Emsisoft = Trojan.Pirminay!IK McAfee-GW-Edition = Kryp.b DrWeb = Trojan.MulDrop1.59103 TrendMicro = TROJ_GEN.R3BCRBR Kaspersky = Trojan.Win32.Pirminay.cub Microsoft = TrojanDownloader:Win32/Renos.KC Fortinet = PossibleThreat PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.gs McAfee = Kryp.b ClamAV = Trojan.Agent-183385 F-Secure = Backdoor.Generic.542938 VIPRE = Trojan.Win32.Generic!BT AVG = Downloader.Generic10.BOLE Norman = W32/Kryptik.AIF Sophos = Mal/Ponmocup-A Symantec = Trojan.Gen GData = Backdoor.Generic.542938 TheHacker = Trojan/Pirminay.bhf BitDefender = Backdoor.Generic.542938 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:04:01 19:14:40-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 24064 Initialized Data Size : 531968 Uninitialized Data Size : 0 Entry Point : 0x69a6 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2001.12.4414.42 Product Version Number : 3.0.0.4414 File Flags Mask : 0x003f File Flags : Special build File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Windows, Latin1 Company Name : Microsoft Corporation File Version : 2001.12.4414.42 Internal Name : COMADDIN.DLL Legal Copyright : Copyright (C) Microsoft Corp. 1995-1999 Legal Trademarks : Microsoft(R) is a registered trademark of Microsoft Corporation. Windows(TM) is a trademark of Microsoft Corporation Product Name : COM Services Product Version : 03.00.00.4414
VirusTotal Report submitted 2011-11-18 04:44:09
VirusShare info last updated 2012-07-25 10:00:30

	MD5	b8a3097df22fe768639738fbf1afca98
	SHA1	39f479330e46bdafcd6d318003b862a3a688f494
	SHA256	68c697c83a8c52f454bad8b368366e203287d77dc50e6fa3b553ed4648157b52
SSDeep	1536:2IXQOFIhuCkXlfakHlVtmsuJlFm4Yp0idGiqbmlyxBIVwHGX1zprRnP1ZJqbzNm5:RAOaYCC9HDtmZbclyTIVF1zXnNmzgF
Size	122880 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/VB.Downloader.Gen Avast = Win32:Hosts-J [Trj] Ikarus = Trojan.Win32.Swisyn AhnLab-V3 = Trojan/Win32.Swisyn Panda = Trj/Qhost.LU Rising = Trojan.Win32.QHost.awf nProtect = Trojan/W32.QHosts.122880 K7AntiVirus = Trojan VirusBuster = Trojan.Swisyn!whPY1JLc4mw VBA32 = SScope.Trojan.VB.0609 eTrust-Vet = Win32/Swisyn.R TrendMicro-HouseCall = TROJ_FAM_00001e3.TOMA Comodo = TrojWare.Win32.Swisyn.C Emsisoft = Trojan.Win32.Swisyn!IK SUPERAntiSpyware = Trojan.Agent/Gen-HackHost McAfee-GW-Edition = Heuristic.BehavesLike.Win32.Downloader.A DrWeb = Trojan.Hosts.303 TrendMicro = TROJ_FAM_00001e3.TOMA Kaspersky = Trojan.Win32.Swisyn.jyb Microsoft = TrojanDownloader:Win32/Ponmocup.A ViRobot = Trojan.Win32.Swisyn.65024 Fortinet = W32/Swisyn.CQV!tr PCTools = Malware.Changeup Jiangmin = Trojan/Swisyn.cby McAfee = Swisyn.s ClamAV = Trojan.VB-43290 F-Secure = Trojan.QHosts.AVD VIPRE = Trojan.Win32.Swisyn.jyb (v) F-Prot = W32/Swisyn.E.gen!Eldorado AVG = Dropper.VB.CMD Norman = W32/DLoader.ACMAD Sophos = Mal/Swisyn-D Symantec = W32.Changeup!gen GData = Trojan.QHosts.AVD Commtouch = W32/Swisyn.E.gen!Eldorado TheHacker = Trojan/Swisyn.jyb BitDefender = Trojan.QHosts.AVD NOD32 = Win32/Qhost.NRX
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:13 10:28:38-04:00 PE Type : PE32 Linker Version : 6.0 Code Size : 8192 Initialized Data Size : 8192 Uninitialized Data Size : 0 Entry Point : 0x1088 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2011-11-18 05:24:09
VirusShare info last updated 2012-07-25 10:01:00

	MD5	cc699a17b1f9fc43d419f2d8cbf1e24b
	SHA1	8874ad1f94244eacb6edcd176cafc5ca8ec59d47
	SHA256	e3391eb0d014106dd74d0e2adbaa91c15ca8729effcdf3f7da5f4d6f4538441c
SSDeep	6144:vyi7WpWxHw+Dde2YDwrOy3s1xyAasdxleS1SYZIC6m7CJDM:PzxHFDF6gh8rRasdxleS/96mGJw
Size	241664 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/VB.Downloader.Gen Avast = Win32:Hosts-J [Trj] Ikarus = Trojan.Win32.Swisyn AhnLab-V3 = Trojan/Win32.Swisyn Panda = Trj/Qhost.LU Rising = Trojan.Win32.QHost.awf nProtect = Trojan/W32.Swisyn.241664.F K7AntiVirus = Trojan VirusBuster = Trojan.Swisyn!whPY1JLc4mw VBA32 = SScope.Trojan.VB.0609 eTrust-Vet = Win32/Swisyn.R TrendMicro-HouseCall = TROJ_FAM_00001e3.TOMA Emsisoft = Trojan.Win32.Swisyn!IK Comodo = TrojWare.Win32.Swisyn.C McAfee-GW-Edition = Swisyn.s DrWeb = Trojan.Hosts.303 TrendMicro = TROJ_FAM_00001e3.TOMA Kaspersky = Trojan.Win32.Swisyn.jyb ViRobot = Trojan.Win32.Swisyn.65024 Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Swisyn.CQV!tr PCTools = Malware.Changeup Jiangmin = Trojan/Swisyn.cby McAfee = Swisyn.s ClamAV = Trojan.VB-43290 F-Secure = Trojan.QHosts.AVD VIPRE = Trojan.Win32.Swisyn.jyb (v) F-Prot = W32/Swisyn.E.gen!Eldorado AVG = Dropper.VB.CMD Norman = W32/DLoader.ACMAD Sophos = Mal/Swisyn-D Symantec = W32.Changeup!gen GData = Trojan.QHosts.AVD Commtouch = W32/Swisyn.E.gen!Eldorado TheHacker = Trojan/Swisyn.jyb BitDefender = Trojan.QHosts.AVD NOD32 = Win32/Qhost.NRX
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:13 10:28:38-04:00 PE Type : PE32 Linker Version : 6.0 Code Size : 8192 Initialized Data Size : 8192 Uninitialized Data Size : 0 Entry Point : 0x1088 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2011-11-18 10:58:19
VirusShare info last updated 2012-07-25 10:08:12

	MD5	e5dfa7c6ef3b2853a98f02178ffbfed8
	SHA1	c847769d4bbae74683b24b817469676473019bc6
	SHA256	0a21f2a472cae4b5a0d0976b218566b78fc4c3c5da5a00aaacebd9581e5ef830
SSDeep	6144:W1F00rpPU0FQkk8EbpbkP+IJ124PUmmz0AxYqMEfUm4No3yhioy:SU0FQog1gzjzAxYqRsW3Yioy
Size	266032 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay Panda = Suspicious file K7AntiVirus = Riskware Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware DrWeb = Trojan.WinSpy.origin Fortinet = W32/Pirminay.A!tr F-Secure = Trojan.Generic.6270838 F-Prot = W32/FakeAlert.FT.gen!Eldorado AVG = Suspicion: unknown virus Norman = W32/Obfuscated.L GData = Trojan.Generic.6270838 Commtouch = W32/FakeAlert.FT.gen!Eldorado BitDefender = Trojan.Generic.6270838 NOD32 = a variant of Win32/Ponmocup.AA
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 65536 Initialized Data Size : 536576 Uninitialized Data Size : 0 Entry Point : 0x109aa OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2011-11-18 18:31:30
VirusShare info last updated 2012-07-25 10:17:47

	MD5	e918c9bd0093b52590c3c93751a84b56
	SHA1	f805e826904277e4710b8ce6d9da9ee92d80bd12
	SHA256	ae3eb069d18cf0fc37842f83f013ae322d0e5866a08336f29d96b617d3916b74
SSDeep	3072:RnubVAXJiPn1eB+QjwdSmbGJS2mVELNm/m1tUu83ASs2H2:tnZiPwC8XJS2IM5tUT3ASxW
Size	147456 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/VB.Downloader.Gen Avast = Win32:Hosts-J [Trj] Ikarus = Trojan.Win32.Swisyn AhnLab-V3 = Trojan/Win32.Swisyn Panda = Trj/Qhost.LU Rising = Trojan.Win32.QHost.awf nProtect = Trojan/W32.QHosts.147456 K7AntiVirus = Trojan VirusBuster = Trojan.Swisyn!whPY1JLc4mw VBA32 = SScope.Trojan.VB.0609 eTrust-Vet = Win32/Swisyn.R TrendMicro-HouseCall = TROJ_FAM_00001e3.TOMA Comodo = TrojWare.Win32.Swisyn.C Emsisoft = Trojan.Win32.Swisyn!IK SUPERAntiSpyware = Trojan.Agent/Gen-HackHost McAfee-GW-Edition = Heuristic.BehavesLike.Win32.Downloader.A DrWeb = Trojan.Hosts.303 TrendMicro = TROJ_FAM_00001e3.TOMA Kaspersky = Trojan.Win32.Swisyn.jyb Microsoft = TrojanDownloader:Win32/Ponmocup.A ViRobot = Trojan.Win32.Swisyn.65024 Fortinet = W32/Swisyn.CQV!tr PCTools = Malware.Changeup Jiangmin = Trojan/Swisyn.cby McAfee = Swisyn.s ClamAV = Trojan.VB-43290 F-Secure = Trojan.QHosts.AVD VIPRE = Trojan.Win32.Swisyn.jyb (v) F-Prot = W32/Swisyn.E.gen!Eldorado AVG = Dropper.VB.CMD Norman = W32/DLoader.ACMAD Sophos = Mal/Swisyn-D GData = Trojan.QHosts.AVD Commtouch = W32/Swisyn.E.gen!Eldorado TheHacker = Trojan/Swisyn.jyb BitDefender = Trojan.QHosts.AVD NOD32 = Win32/Qhost.NRX
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:13 10:28:38-04:00 PE Type : PE32 Linker Version : 6.0 Code Size : 8192 Initialized Data Size : 8192 Uninitialized Data Size : 0 Entry Point : 0x1088 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2011-11-18 19:34:20
VirusShare info last updated 2012-07-25 10:19:05

	MD5	edf380c2b7526cf521818af7d1ea6727
	SHA1	aa0a0269d54cc0f8ad4a1ec22bb462959a249b40
	SHA256	8d63308377e804c033f4b64b86067b2e906743f4f28251cd17b00a3df37327c9
SSDeep	192:85+q+PXcQS/t31VJ8qD6wiLn18XECzH7a7Vs9un:85H+O3138qDSr1UE17VAu
Size	17176 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Pirminay.bg.2 Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Pirminay Ikarus = not-a-virus:AdWare.Win32.SuperJuan AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/CI.A nProtect = Trojan/W32.Pirminay.17176 VBA32 = Trojan.Pirminay.bg Comodo = UnclassifiedMalware Emsisoft = Riskware.AdWare.Win32.SuperJuan!IK DrWeb = Trojan.WinSpy.1014 Kaspersky = Trojan.Win32.Pirminay.bg Jiangmin = TrojanDownloader.Agent.ctuc F-Secure = Trojan.Generic.6148391 VIPRE = Trojan-Downloader.Win32.Agent.ecjo (v) AVG = Downloader.Small.62.D Sophos = Sus/Behav-278 GData = Trojan.Generic.6148391 BitDefender = Trojan.Generic.6148391 NOD32 = a variant of Win32/Ponmocup.AA
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 3072 Initialized Data Size : 2048 Uninitialized Data Size : 0 Entry Point : 0x197f OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2011-11-18 21:02:26
VirusShare info last updated 2012-07-25 10:21:13

	MD5	ffe728d69c233b6f09b016084be62270
	SHA1	5c58e5d675b96b698eb83104144444ff92d083a3
	SHA256	686b415ded60ba421740be9748b35c2d60c8552ba001cd561c830c6b9abc5fdc
SSDeep	6144:wE16D38FFiAYK5g2K3aqd8/LK99g4+jyxkCuitN+eg6:u38FYAN5g2Oaq12uxNuONdr
Size	243712 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Graftor.3421.1 Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Jorik.gen Ikarus = Trojan-Downloader.Win32.Ponmocup AhnLab-V3 = Trojan/Win32.Jorik Panda = Generic Trojan nProtect = Trojan/W32.Jorik.243712.D K7AntiVirus = Trojan VirusBuster = Trojan.Ponmocup!lGJTkqsZNdg TrendMicro-HouseCall = TROJ_GEN.R11C7KB Comodo = TrojWare.Win32.Trojan.Agent.Gen Emsisoft = Trojan-Downloader.Win32.Ponmocup!IK McAfee-GW-Edition = Generic Downloader.x!g2z DrWeb = Trojan.WinSpy.1014 ByteHero = Trojan.Win32.Heur.Gen TrendMicro = TROJ_GEN.R11C7KB Kaspersky = Trojan.Win32.Jorik.Pirminay.avy Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Ponmocup.AA Jiangmin = Trojan/Generic.knvv McAfee = Generic Downloader.x!g2z F-Secure = Gen:Variant.Graftor.3421 VIPRE = Trojan.Win32.Generic!BT eSafe = Win32.TRGraftor AVG = Generic25.BTHJ Norman = W32/Obfuscated.L GData = Gen:Variant.Graftor.3421 BitDefender = Gen:Variant.Graftor.3421 NOD32 = Win32/Ponmocup.AA
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:30 02:01:14-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 241664 Initialized Data Size : 4096 Uninitialized Data Size : 45056 Entry Point : 0x46670 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 0.3.1536.1 Product Version Number : 1.10.2.20 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : CANON INC. File Description : Canon Inkjet Printer Driver File Version : 1.10.2.20 (fbl_dox_dev_ihvs.090312-0520) Internal Name : CNBBRxxx.DLL Legal Copyright : Copyright CANON INC. 2008 All Rights Reserved Original Filename : CNBBRxxx.DLL Product Name : Canon Inkjet Printer Driver Product Version : 1.10.2.20
VirusTotal Report submitted 2011-11-17 14:28:44
VirusShare info last updated 2012-07-25 10:38:32

	MD5	f7efabd89d9b4d4ee3f3b4875c11b47c
	SHA1	9697696dbba1fdd027b6a6b0c8d80083b90cf656
	SHA256	1bd8cf295155453714a840ebc0dd5da6bc1a30a60cb553809caca51877f15f09
SSDeep	1536:2IXUPSgnQy4eKJ5wLqFtx4hXmhC7V3Iude3jyqwQxjlK:RXUPSkQy4vJuCx4hXH7OuA3jpwQy
Size	79872 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/VB.Downloader.Gen Avast = Win32:Hosts-J [Trj] Ikarus = Trojan.Win32.Swisyn AhnLab-V3 = Trojan/Win32.Swisyn Panda = Trj/Qhost.LU Rising = Trojan.Win32.QHost.awf nProtect = Trojan/W32.Swisyn.79872 K7AntiVirus = Trojan VirusBuster = Trojan.Swisyn!whPY1JLc4mw VBA32 = SScope.Trojan.VB.0609 eTrust-Vet = Win32/Swisyn.R TrendMicro-HouseCall = TROJ_FAM_00001e3.TOMA Emsisoft = Trojan.Win32.Swisyn!IK Comodo = TrojWare.Win32.Swisyn.C SUPERAntiSpyware = Trojan.Agent/Gen-HackHost McAfee-GW-Edition = Heuristic.BehavesLike.Win32.Downloader.D DrWeb = Trojan.Hosts.303 TrendMicro = TROJ_FAM_00001e3.TOMA Kaspersky = Trojan.Win32.Swisyn.jyb ViRobot = Trojan.Win32.Swisyn.65024 Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Swisyn.CQV!tr PCTools = Malware.Changeup Jiangmin = Trojan/Swisyn.cby McAfee = Swisyn.s ClamAV = Trojan.VB-43290 F-Secure = Trojan.QHosts.AVD VIPRE = Trojan.Win32.Swisyn.jyb (v) F-Prot = W32/Swisyn.E.gen!Eldorado AVG = Dropper.VB.CMD Norman = W32/DLoader.ACMAD Sophos = Mal/Swisyn-D Symantec = W32.Changeup!gen GData = Trojan.QHosts.AVD Commtouch = W32/Swisyn.E.gen!Eldorado TheHacker = Trojan/Swisyn.jyb BitDefender = Trojan.QHosts.AVD NOD32 = Win32/Qhost.NRX
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:13 10:28:38-04:00 PE Type : PE32 Linker Version : 6.0 Code Size : 8192 Initialized Data Size : 8192 Uninitialized Data Size : 0 Entry Point : 0x1088 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2011-11-20 07:31:51
VirusShare info last updated 2012-07-25 11:19:27

	MD5	fcac6af96d814f68c9a48d9cc5ad91ed
	SHA1	36b08b55610672aa0559b54af52012d5c69528ab
	SHA256	03779c90de7c1f241a905db8f7537b36b66dcf31ddf8ff78f68a1eafbcfffa75
SSDeep	6144:W1F00rpPU0FQkk8EbpbkP+IJ124PUmmz0AxYqMEfUm4No3yhio1:SU0FQog1gzjzAxYqRsW3Yio
Size	294912 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Downloader.Gen Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/CI.A K7AntiVirus = Riskware VirusBuster = Trojan.Pirminay!1T9hymiWPH0 TrendMicro-HouseCall = TROJ_GEN.R21C2F4 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Downloader.a!cc DrWeb = Trojan.WinSpy.origin TrendMicro = TROJ_GEN.R21C2F4 Kaspersky = Trojan.Win32.Pirminay.hjy Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Pirminay.A!tr PCTools = Trojan.Gen McAfee = Downloader.a!cc F-Secure = Trojan.Generic.6270838 eSafe = Win32.Trojan F-Prot = W32/FakeAlert.FT.gen!Eldorado Norman = W32/Obfuscated.L Sophos = Mal/Generic-L Symantec = Trojan.Gen GData = Trojan.Generic.6270838 Commtouch = W32/FakeAlert.FT.gen!Eldorado BitDefender = Trojan.Generic.6270838 NOD32 = a variant of Win32/Ponmocup.AA
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 65536 Initialized Data Size : 536576 Uninitialized Data Size : 0 Entry Point : 0x109aa OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2011-11-20 08:11:16
VirusShare info last updated 2012-07-25 11:21:32

	MD5	4734169e48df4fea56bce65ec0e56066
	SHA1	23e5aca994b234df994bdec7dc06b2d10bb5f64a
	SHA256	8eaafa238000082cee759d6adcb9bc374323c187c4daf5827d1f85122bccee6b
SSDeep	6144:mc43TDDEFHar/cyd8B5WoMxudGteJPIRjry:d43TDDERBB5WJxuLJgRjr
Size	236032 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Graftor.1139.2 Avast = Win32:Pirminay-DW [Trj] Antiy-AVL = Trojan/Win32.Jorik Ikarus = Trojan-Downloader.Win32.Ponmocup AhnLab-V3 = Trojan/Win32.Pirminay Panda = Generic Trojan Rising = Trojan.Win32.Generic.129CDFF1 nProtect = Trojan/W32.Jorik.236032.B K7AntiVirus = Trojan VBA32 = Trojan.Jorik.Pirminay.ano TrendMicro-HouseCall = TROJ_PONMOCUP.AB Comodo = TrojWare.Win32.Trojan.Agent.Gen Emsisoft = Trojan-Downloader.Win32.Ponmocup!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[RE] McAfee-GW-Edition = Generic.evx!bd DrWeb = Trojan.DownLoader5.4289 ByteHero = Trojan.Win32.Heur.Gen TrendMicro = TROJ_PONMOCUP.AB Kaspersky = Trojan.Win32.Jorik.Pirminay.ano Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Jorik_Pirminay.ANO!tr Jiangmin = Trojan/Generic.kfzm McAfee = Generic.evx!bd F-Secure = Gen:Variant.Graftor.1139 VIPRE = Trojan.Win32.Generic!BT eSafe = Win32.GenVariant.Gra AVG = Generic25.AFPK Norman = W32/Obfuscated.L Symantec = WS.Reputation.1 GData = Gen:Variant.Graftor.1139 TheHacker = Trojan/Downloader.Agent.pxo BitDefender = Gen:Variant.Graftor.1139 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 16384 Initialized Data Size : 229376 Uninitialized Data Size : 0 Entry Point : 0x1296 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.0.0.3422 Product Version Number : 2.0.0.3422 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : Russian Character Set : Unicode Comments : Company Name : Wjycuwhze Igtonaskxnw File Description : Wxhqplrne Agent International Dll File Version : 2.00.0.3422 Internal Name : agt0419 Legal Copyright : Copyright (C) Microsoft Corp. 1998 Legal Trademarks : Original Filename : agt0419.dll Private Build : Product Name : Jmvnqaipp Agent International Dll Product Version : 2.00.0.3422 Special Build :
VirusTotal Report submitted 2011-11-16 08:51:25
VirusShare info last updated 2012-07-25 11:38:10

	MD5	f8fd20b40667882e9e7301fb76b890c0
	SHA1	0e715af85736770a331b524e94cb7d2116a42af7
	SHA256	b6835a0fda5903b763e57b6917e0ca09bac7f2ca6df62aa8f880b91f1526611b
SSDeep	6144:/biGLH1e5rF1tWO8EePjXDP8SuyN3LRyBPr3ID4cRZteKiFcbU/Ad:eIe5ZmXDPXiyjyBPr3IrfiFIU4
Size	258560 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.XPACK.Gen Avast = Win32:Malware-gen Ikarus = Trojan-Downloader.Win32.Ponmocup AhnLab-V3 = Trojan/Win32.HDC Panda = Trj/CI.A nProtect = Gen:Variant.Graftor.3421 VirusBuster = Trojan.Kryptik!YhtS8OcgDPE TrendMicro-HouseCall = TROJ_GEN.R4AC7KK Emsisoft = Trojan-Downloader.Win32.Ponmocup!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[RE] DrWeb = Trojan.Fakealert.26434 TrendMicro = TROJ_GEN.R4AC7KK Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Virtum!tr PCTools = Trojan.Gen F-Secure = Trojan.Generic.6892427 VIPRE = Trojan.Win32.Generic!BT AVG = Generic25.BRLU Norman = W32/Obfuscated.L Sophos = Troj/Virtum-Gen Symantec = Trojan.Gen GData = Trojan.Generic.6892427 TheHacker = Trojan/Kryptik.vdn BitDefender = Trojan.Generic.6892427 NOD32 = a variant of Win32/Kryptik.VDN
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 8.0 Code Size : 253952 Initialized Data Size : 8192 Uninitialized Data Size : 32768 Entry Point : 0x46ab0 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : ASCII Company Name : Hilgraeve, Inc. File Description : HyperTerminal Applet Library File Version : 5.1.2600.0 Internal Name : hticons Legal Copyright : Copyright © Hilgraeve, Inc. 2001 Legal Trademarks : HyperTerminal ® is a registered trademark of Hilgraeve, Inc. Original Filename : HTICONS.DLL Product Name : Fgmkaetto® Huqfbah® Uogluagzz Cnzssy Product Version : 5.1.2600.0 Comments : HyperTerminal ® was developed by Hilgraeve, Inc. for Tehnltlee
VirusTotal Report submitted 2011-11-21 17:53:29
VirusShare info last updated 2012-07-25 11:44:31

	MD5	97a1acc085849c0b9af19adcf44607a7
	SHA1	b4624733a9c11b9dff554f472d915f9d7340f5ee
	SHA256	84e980df754d992cae126a7e47e1aeec9cd77dd0ac1f3cf361995ea218277838
SSDeep	6144:H2eY8qVA11B1jCUOOm+KMZaN83/2PBvZaXyxbdioTYuY:We5PT1j6ONBZB2PzOSb/TYu
Size	270848 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Graftor.3421.2 Avast = Win32:Spyware-gen [Spy] Antiy-AVL = Trojan/win32.agent Ikarus = Trojan-Downloader.Win32.Ponmocup AhnLab-V3 = Trojan/Win32.Jorik Panda = Generic Trojan nProtect = Gen:Variant.Graftor.3421 K7AntiVirus = Riskware VirusBuster = Trojan.Ponmocup!Qf/SCxIUIDk TrendMicro-HouseCall = TROJ_GEN.R47C7KE Emsisoft = Trojan-Downloader.Win32.Ponmocup!IK Comodo = UnclassifiedMalware CAT-QuickHeal = TrojanDownloader.Ponmocup.a SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Generic.evx!bg DrWeb = Trojan.WinSpy.1014 ByteHero = Trojan.Win32.Heur.Gen TrendMicro = TROJ_GEN.R47C7KE Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Evx.BG!tr Jiangmin = Trojan/Generic.kkfx McAfee = Generic.evx!bg F-Secure = Trojan.Generic.6871065 VIPRE = Trojan.Win32.Generic!BT AVG = Generic25.BTFX Norman = W32/Obfuscated.L GData = Trojan.Generic.6871065 TheHacker = Trojan/Ponmocup.aa BitDefender = Trojan.Generic.6871065 NOD32 = Win32/Ponmocup.AA
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 8.0 Code Size : 253952 Initialized Data Size : 20480 Uninitialized Data Size : 36864 Entry Point : 0x47620 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1.0.13.0 Product Version Number : 1.0.13.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 1 Language Code : Danish Character Set : Unicode Comments : Company Name : Wzzvvvdtv Cpwwgoennqf File Description : Lexmark Z42 Color Jetprinter File Version : 1, 0, 13, 0 Internal Name : LXAASRES.DLL Legal Copyright : Copyright (C) Gsvjmqoqk Corp. 1981-1997 Legal Trademarks : Original Filename : OEMRES Private Build : Product Name : Austfhamw(R) Oalstsp NT(R) Operativsystem Product Version : 1, 0, 13, 0 Special Build :
VirusTotal Report submitted 2011-11-26 02:07:28
VirusShare info last updated 2012-07-25 11:50:35

	MD5	9e08f52039eeacf7f3e8696046358684
	SHA1	254d733348aad64b09493f496e531c2bbac2c544
	SHA256	172882d131a4bc9b4052060a8f691cae1496db04d2a4c257ca83dc9a7abb5529
SSDeep	6144:pu439tv56DOO9g3U4EQDEmYawVumadiHSW8:c43jqOfU4FIaYumad3
Size	241664 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Monder.mzyl Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Monder Ikarus = Trojan-Downloader.Win32.Ponmocup AhnLab-V3 = Trojan/Win32.Monder Panda = Trj/CI.A nProtect = Gen:Variant.Graftor.3421 K7AntiVirus = Trojan VirusBuster = Trojan.Monder!KTXAshYxjGA VBA32 = Trojan.Fksys.81105 TrendMicro-HouseCall = TROJ_GEN.R47C7K8 Comodo = TrojWare.Win32.Trojan.Agent.Gen Emsisoft = Trojan-Downloader.Win32.Ponmocup!IK CAT-QuickHeal = Trojan.Monder.mzyl McAfee-GW-Edition = Generic.evx!bg DrWeb = Trojan.WinSpy.1014 ByteHero = Trojan.Win32.Heur.Gen TrendMicro = TROJ_GEN.R47C7K8 Kaspersky = Trojan.Win32.Monder.mzyl Microsoft = Trojan:Win32/Meredrop Fortinet = W32/Monder.MZYL!tr Jiangmin = Trojan/Generic.knvv McAfee = Generic.evx!bg F-Secure = Trojan.Generic.KD.393940 VIPRE = Trojan.Win32.Monder.gen eSafe = Win32.HEURCrypted.E AVG = Dropper.Generic4.BXSO Norman = W32/Obfuscated.L GData = Trojan.Generic.KD.393940 Symantec = Suspicious.Cloud BitDefender = Trojan.Generic.KD.393940 NOD32 = probably a variant of Win32/Agent.BTILRDN
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 8.0 Code Size : 241664 Initialized Data Size : 4096 Uninitialized Data Size : 40960 Entry Point : 0x45130 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 0.3.1536.1 Product Version Number : 1.10.2.11 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : CANON INC. File Description : Canon Inkjet Printer Driver File Version : 1.10.2.11 (fbl_dox_dev_ihvs.081016-1807) Internal Name : CNBBRxxx.DLL Legal Copyright : Copyright CANON INC. 2008 All Rights Reserved Original Filename : CNBBRxxx.DLL Product Name : Canon Inkjet Printer Driver Product Version : 1.10.2.11
VirusTotal Report submitted 2011-11-26 02:09:34
VirusShare info last updated 2012-07-25 11:50:36

	MD5	bb479a7e69c5e1c503aa6dd506c732f3
	SHA1	550b2827bfd558ec86ec015a03252d773f6da632
	SHA256	ccc5d07f6a0359d65d3efc488bb4beb8b283ca92f20b2c8633f746ebf80e0e2b
SSDeep	6144:39QObFoJkXxdS3v0rlHcwikgnEEbuMXEL6ECXwTmb+:3hbFgkhU2onEEbuKECXwTmS
Size	219136 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dldr.Ponmocup.A.393 Avast = Win32:Trojan-gen Antiy-AVL = Trojan/Win32.Jorik Ikarus = Trojan-Downloader.Win32.Ponmocup AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/CI.A nProtect = Trojan/W32.Jorik.219136.B K7AntiVirus = Trojan VirusBuster = Trojan.Kryptik!XPYaFkgQJuY TrendMicro-HouseCall = TROJ_PONMOCUP.AC Emsisoft = Trojan-Downloader.Win32.Ponmocup!IK Comodo = TrojWare.Win32.Trojan.Agent.Gen CAT-QuickHeal = Trojan.Jorik.Pirminay.aoq McAfee-GW-Edition = Heuristic.LooksLike.Trojan.Dropper.B DrWeb = Trojan.DownLoader5.5892 ByteHero = Trojan.Win32.Heur.Gen TrendMicro = TROJ_PONMOCUP.AC Kaspersky = Trojan.Win32.Jorik.Pirminay.aoq Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Malware_fam.NB PCTools = Trojan.Milicenso Jiangmin = Trojan/Generic.kfzm McAfee = Downloader.a!vz F-Secure = Trojan.Generic.6764589 VIPRE = Trojan.Win32.Generic!BT eSafe = Win32.Milicenso AVG = Generic25.AIJK Norman = W32/Obfuscated.L Sophos = Troj/Ponmo-A GData = Trojan.Generic.6764589 Symantec = Trojan.Milicenso BitDefender = Trojan.Generic.6764589 NOD32 = a variant of Win32/Kryptik.UFA
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 16384 Initialized Data Size : 208896 Uninitialized Data Size : 0 Entry Point : 0x12b2 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.0.4615 Product Version Number : 5.1.0.4615 File Flags Mask : 0x0003 File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Vzejjibgm Uhtumvognhy File Description : Ukbaujjlf (r) Shell Extension for Cryexfj Script Host File Version : 5.1.0.4615 Internal Name : wshext.dll Legal Copyright : Copyright © Aqsqdinmo Corp. 1999 Original Filename : wshext.dll Product Name : Xpppgbrsv (r) Windows Script Host Product Version : 5.1.0.4615
VirusTotal Report submitted 2011-10-28 10:07:33
VirusShare info last updated 2012-07-25 12:02:14

	MD5	c23425f852e3ad188effc205317142fc
	SHA1	2619aa2e34d658549a1eaac95aa6b94a2cac5d17
	SHA256	e7738118d9ed0a708df6b8a53f3984e040d0a2bad83b0a53894f926a47afb740
SSDeep	6144:yS2SRa6UoMErprFqpEWaoZcHyGQu0EVljubkmSqO1JJNTctfN3efh+z46gvaz:WSi2prFKbuHfh0kmkJJT2fN38h+z46a
Size	313344 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Pirminay.bhy Avast = Win32:Kryptik-WL [Trj] Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Pirminay.313344.M Panda = Suspicious file nProtect = Trojan/W32.Pirminay.313344 K7AntiVirus = Riskware VBA32 = Trojan.Pirminay.cta TrendMicro-HouseCall = TROJ_GEN.R23C3BD Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Generic.dx!yak DrWeb = Trojan.Hosts.2582 TrendMicro = TROJ_GEN.R23C3BD Kaspersky = Trojan.Win32.Pirminay.bhy Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.gr McAfee = Generic.dx!yak F-Secure = Trojan.Generic.5274711 VIPRE = Trojan.Win32.Generic!BT F-Prot = W32/FakeAlert.LP.gen!Eldorado AVG = Downloader.Generic10.BMDC Norman = W32/Kryptik.AIF Sophos = Mal/Generic-L GData = Trojan.Generic.5274711 Symantec = Trojan.Gen Commtouch = W32/FakeAlert.LP.gen!Eldorado TheHacker = Trojan/Pirminay.bhy BitDefender = Trojan.Generic.5274711 NOD32 = a variant of Win32/Kryptik.SWI
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:11:08 19:50:42-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 15360 Initialized Data Size : 587264 Uninitialized Data Size : 0 Entry Point : 0x47ac OS Version : 4.0 Image Version : 8.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 4.1.0.3936 Product Version Number : 4.1.0.3936 File Flags Mask : 0x003f File Flags : Pre-release File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Windows Media Services Streamer Dll File Version : 4.1.00.3936 Internal Name : STRMDLL Legal Copyright : Copyright (C) Microsoft Corp. 1992-1999 Original Filename : STRMDLL Product Name : Microsoft® Windows Media Services Product Version : 4.1.00.3936
VirusTotal Report submitted 2011-12-01 15:16:05
VirusShare info last updated 2012-07-25 12:20:05

	MD5	10e68e423d42fefb5cef48ee214fe311
	SHA1	3eaa19f68cc0002c4e4fe4675ad46a02cc16a63f
	SHA256	47e52e6f5da2605ae26657e4d739beb1e0fbfa2bc9baca6f5c0563bcd27e248a
SSDeep	3072:rnGrS2Zn1pMBXwm6gX0lqpFyndM7pzy8d10sSleGedPE:aeBXwm6E0k4wzN3FGehE
Size	133632 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.ZPACK.Gen2 Avast = Win32:Diller-DK [Trj] Ikarus = Trojan.Win32.Webprefix K7AntiVirus = Riskware Emsisoft = Trojan.Win32.Webprefix!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Artemis!10E68E423D42 Fortinet = W32/Ponmocup.AZ!tr McAfee = Artemis!10E68E423D42 F-Secure = Gen:Variant.Barys.738 VIPRE = Trojan.Win32.Generic!BT AVG = Agent3.BKVM Norman = W32/Suspicious_Gen4.AEJCJ GData = Gen:Variant.Barys.738 BitDefender = Gen:Variant.Barys.738 NOD32 = a variant of Win32/Ponmocup.BM
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:29 10:45:17-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 86016 Initialized Data Size : 57344 Uninitialized Data Size : 0 Entry Point : 0xc4c5 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-05-08 07:07:32
VirusShare info last updated 2012-07-25 23:29:08

	MD5	35dd021060fa02481efde1af10efebd9
	SHA1	2fce65c56632092933503fa339d3769edddcafcc
	SHA256	2055682ece99e0dc954851bb38f0552aa999716814235157552b6ea2cd17ee68
SSDeep	1536:RoMM6/JjEM0Gs60BIZGOMyORKG2aY3SEgXRGXFnckFDvjS/oFunNdzEHZhI615:RoUJ7s6YI5MyO83SQncODlyEHZhI
Size	102912 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.ZPACK.Gen2 Avast = Win32:Diller-DK [Trj] Ikarus = Trojan.Win32.Webprefix AhnLab-V3 = Trojan/Win32.Diller Panda = Suspicious file Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Webprefix!IK McAfee-GW-Edition = Artemis!35DD021060FA Fortinet = W32/Ponmocup.AZ!tr McAfee = Artemis!35DD021060FA F-Secure = Gen:Variant.Barys.907 VIPRE = Trojan.Win32.Generic!BT AVG = Agent3.BKWD Norman = W32/Suspicious_Gen4.AEJKI GData = Gen:Variant.Barys.907 BitDefender = Gen:Variant.Barys.907 NOD32 = a variant of Win32/Ponmocup.BN
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2012:03:22 20:00:00-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 57344 Initialized Data Size : 49152 Uninitialized Data Size : 0 Entry Point : 0x5309 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-05-06 07:54:46
VirusShare info last updated 2012-07-25 23:29:28

	MD5	d559a9e659ac0f750e98099676f627d5
	SHA1	f95dd0c7efe598738b350876fd6f1a0a6e58c799
	SHA256	db013c2b7e3ecfa91d8068ea9c14c8881beaaf9d357506c89e7ea2d959ae06a1
SSDeep	6144:XwNXsAilKmcjMHWOSRdMzBrv9KNc1yCBo3VJnZJYH3nuXfK:Adsh/9idMxlIc1yX3LZJYXnaK
Size	279422 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Jorik AhnLab-V3 = Trojan/Win32.Jorik Panda = Suspicious file nProtect = Trojan.Generic.KDV.317534 K7AntiVirus = Riskware VirusBuster = Trojan.Injector!SSPQX1MRnq0 VBA32 = TrojanDownloader.CodecPack.sjt TrendMicro-HouseCall = TROJ_JORIK.ZV Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Jorik!IK CAT-QuickHeal = TrojanDownloader.Ponmocup.a McAfee-GW-Edition = Generic.dx!bags DrWeb = Trojan.WinSpy.1014 TrendMicro = TROJ_JORIK.ZV Kaspersky = Trojan.Win32.Jorik.Pirminay.ku Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Jorik.K!tr PCTools = Trojan.ADH Jiangmin = Trojan/Generic.hxys McAfee = Generic.dx!bags F-Secure = Trojan.Generic.KDV.317534 VIPRE = Trojan.Win32.Generic!BT eSafe = Win32.TRDropper AVG = Dropper.Generic4.AAKS Norman = W32/Obfuscated.L Sophos = Troj/Virtum-Gen GData = Trojan.Generic.KDV.317534 Symantec = Trojan.ADH TheHacker = Trojan/Jorik.Pirminay.acq BitDefender = Trojan.Generic.KDV.317534 NOD32 = a variant of Win32/Injector.HZU
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 278528 Initialized Data Size : 4096 Uninitialized Data Size : 40960 Entry Point : 0x4e330 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 0.3.1536.1 Product Version Number : 1.10.2.11 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : CANON INC. File Description : Canon Inkjet Printer Driver File Version : 1.10.2.11 (fbl_dox_dev_ihvs.081016-1807) Internal Name : CNBBRxxx.DLL Legal Copyright : Copyright CANON INC. 2008 All Rights Reserved Original Filename : CNBBRxxx.DLL Product Name : Canon Inkjet Printer Driver Product Version : 1.10.2.11
VirusTotal Report submitted 2012-04-13 07:58:53
VirusShare info last updated 2012-07-25 23:39:37

	MD5	87a09f3e28a8360c85254159ba4e3fc6
	SHA1	f6854cd79f07bb5bedfffb9a431bee475132a459
	SHA256	4b26dbe95c4cd960897bf958ea062a8aefd81f3baff3e816fdfbd642ee324220
SSDeep	3072:RWkvVivN8w3LE4XwBI7YfqNdot7bS8Solhj76iSrRQKTeY8RH:zMN8+XMIw32szf6HddTe5RH
Size	131072 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/VB.Downloader.Gen Avast = Win32:Hosts-J [Trj] Ikarus = Trojan.Win32.Swisyn AhnLab-V3 = Trojan/Win32.Swisyn Rising = Trojan.Win32.QHost.awf nProtect = Trojan/W32.Swisyn.131072.T K7AntiVirus = Trojan VirusBuster = Trojan.Swisyn!whPY1JLc4mw VBA32 = SScope.Trojan.VB.0609 eTrust-Vet = Win32/Swisyn.R TrendMicro-HouseCall = TROJ_FAM_00001e3.TOMA Emsisoft = Trojan.Win32.Swisyn!IK Comodo = TrojWare.Win32.Swisyn.C CAT-QuickHeal = TrojanDownloader.Ponmocup.A3 SUPERAntiSpyware = Trojan.Agent/Gen-Qhost McAfee-GW-Edition = Heuristic.BehavesLike.Win32.Downloader.A DrWeb = Trojan.Siggen.461 TrendMicro = TROJ_FAM_00001e3.TOMA Kaspersky = Trojan.Win32.Swisyn.jyb ViRobot = Trojan.Win32.Swisyn.65024 Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Swisyn.CQV!tr PCTools = Malware.Changeup Jiangmin = Trojan/Swisyn.cby McAfee = Swisyn.s ClamAV = Trojan.VB-43290 F-Secure = Trojan.Qhosts.AVO VIPRE = Trojan.Win32.Swisyn.jyb (v) eSafe = Win32.TRVB.Downloade F-Prot = W32/Swisyn.E.gen!Eldorado AVG = Dropper.VB.CMD Norman = W32/DLoader.ACMAD Symantec = W32.Changeup!gen GData = Trojan.Qhosts.AVO Commtouch = W32/Swisyn.E.gen!Eldorado TheHacker = Trojan/Swisyn.jyb BitDefender = Trojan.Qhosts.AVO NOD32 = Win32/Qhost.NRX
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:13 10:28:38-04:00 PE Type : PE32 Linker Version : 6.0 Code Size : 8192 Initialized Data Size : 8192 Uninitialized Data Size : 0 Entry Point : 0x1088 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-05-09 05:52:48
VirusShare info last updated 2012-07-25 23:45:16

	MD5	11d256561f9061414ecfcebeb9646392
	SHA1	01c5dbf812fa2c47623460c618eb2da05e2b0317
	SHA256	c64702ad3629a654f83c1d5071079f194b8c9a1d9d1970487a78f0d4bedad1fe
SSDeep	3072:6GM8cGrYaCCLcoOk8IWND/o/3Rab1A9wYmrlBOc:6GM8R0achk8I4DwsfzZ
Size	147456 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	Avast = Win32:Diller-DK [Trj] Ikarus = Trojan.Win32.Webprefix Emsisoft = Trojan.Win32.Webprefix!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Artemis!11D256561F90 Fortinet = W32/Ponmocup.AZ!tr McAfee = Generic.dx!bdzj F-Secure = Gen:Variant.Barys.738 AVG = Agent3.BLTH Norman = W32/Suspicious_Gen4.AAXGU GData = Gen:Variant.Graftor.20115 BitDefender = Gen:Variant.Barys.738 NOD32 = a variant of Win32/Ponmocup.BT
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2012:04:02 20:00:00-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 90112 Initialized Data Size : 53248 Uninitialized Data Size : 0 Entry Point : 0xd38d OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-04-17 04:49:06
VirusShare info last updated 2012-07-26 00:00:11

	MD5	46b2c81b1ae787796619f37040f8ee80
	SHA1	69ce6dc227a6a04d99003d0ebf0180ebd87609ac
	SHA256	1ce171cac7ecdec35df81a6aef207d537e78d353d637d1b917a4466841cc0f98
SSDeep	1536:JdeW6oi4sy3s42B6p68LijJjTmR9DE+Yz8lABFItUPHpUK3:J2AzJLihT89DEBoKfItUP
Size	147456 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Graftor.173521 Avast = Win32:Diller-DK [Trj] Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Webprefix AhnLab-V3 = Trojan/Win32.Vundo Panda = Trj/Genetic.gen Rising = Trojan.Win32.Generic.12BE4A0C K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_GEN.R29CCD6 Emsisoft = Trojan.Win32.Webprefix!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Vundo McAfee-GW-Edition = Vundo!ov TrendMicro = TROJ_GEN.R29CCD6 Kaspersky = Trojan.Win32.Genome.afbps Microsoft = Trojan:Win32/Vundo.gen!CA Fortinet = W32/Ponmocup.AZ!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.HUP!genus McAfee = Vundo!ov F-Secure = Gen:Variant.Graftor.17350 VIPRE = Virtumonde eSafe = Win32.TRGraftor F-Prot = W32/Agent.OG.gen!Eldorado AVG = Agent3.BJSG Norman = W32/Troj_Generic.AVRMH Sophos = Troj/Virtum-Gen GData = Gen:Variant.Graftor.17350 Symantec = Trojan.Gen.2 Commtouch = W32/Agent.OG.gen!Eldorado TheHacker = Trojan/Ponmocup.bd BitDefender = Gen:Variant.Graftor.17350 NOD32 = a variant of Win32/Ponmocup.BD
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:03:27 18:28:44-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 69632 Initialized Data Size : 77824 Uninitialized Data Size : 0 Entry Point : 0x16ed OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Event Create File Version : 5.1.2600.0 (xpclient.010817-1148) Internal Name : EventCreate.exe Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : EvCreate.exe Product Name : Microsoft® Windows® Operating System Product Version : 5.1.2600.0
VirusTotal Report submitted 2012-06-02 05:58:41
VirusShare info last updated 2012-07-26 00:01:46

	MD5	6481a7e5bb00d270dd03b48a71196d93
	SHA1	61f21a504c9d71fb5a80d2498e2836a9180a6be6
	SHA256	0950df23c686a13092bb7eaf485a311ed0a0ceb86c0da1c2de8534d2a1b6b497
SSDeep	384:ljBS3caTD71SHWVSRDYfFXbDjye6Rd9lLj4ESBgadkubXYZ+GBfXw775RxDc9No8:lHaxSUSSpbDjyFdfn2F9XYgAfX2UNoL
Size	32768 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Spy.Gen Avast = Win32:Pirminay-EE [Trj] Ikarus = not-a-virus:AdWare.Win32.SuperJuan AhnLab-V3 = Trojan/Win32.Variant Panda = Suspicious file K7AntiVirus = Riskware VirusBuster = Trojan.Ponmocup!TYSZzg4+x4M TrendMicro-HouseCall = TROJ_GEN.R47CDDE Comodo = UnclassifiedMalware Emsisoft = Riskware.AdWare.Win32.SuperJuan!IK McAfee-GW-Edition = Artemis!6481A7E5BB00 DrWeb = Trojan.WinSpy.1558 TrendMicro = TROJ_GEN.R47CDDE Kaspersky = not-a-virus:AdWare.Win32.SuperJuan.heur Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Ponmocup.AA Jiangmin = Adware/SuperJuan.hk McAfee = Generic PUP.z!nd F-Secure = Gen:Variant.Vundo.10 VIPRE = Virtumonde AVG = Generic25.CLPV Norman = W32/Troj_Generic.AYICR GData = Gen:Variant.Vundo.10 BitDefender = Gen:Variant.Vundo.10 NOD32 = a variant of Win32/Ponmocup.AA
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 8704 Initialized Data Size : 23040 Uninitialized Data Size : 0 Entry Point : 0x2f6a OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-04-14 23:05:23
VirusShare info last updated 2012-07-26 00:06:34

	MD5	f572e45b3715fb441cd87dd4a21849bb
	SHA1	00f5008b40e508afc4e93839a8709e3c1cddf2ac
	SHA256	9d26fd2bd52967b361bc17427dcb207bdc62d679ff418cfdaef961e2761e04a6
SSDeep	1536:msz56BTzrEwL9YICDO4yXzxfVYqZ7ASZR1lzSB7EW2t:D+zXtCDOxdfVYq1ASZR1lzSBYW2
Size	108032 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.XPACK.Gen Avast = Win32:Suprchu [Adw] Ikarus = Win32.SuspectCrc AhnLab-V3 = Trojan/Win32.HDC Panda = Suspicious file Rising = Trojan.Win32.Ponmocup.a K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_GEN.R30CDD2 Comodo = TrojWare.Win32.Ponmocup.aa Emsisoft = Win32.SuspectCrc!IK CAT-QuickHeal = Trojan.Vundo McAfee-GW-Edition = Artemis!F572E45B3715 TrendMicro = TROJ_GEN.R30CDD2 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.TMS!tr Jiangmin = DangerousObject.Multi.cmj McAfee = Vundo!ow F-Secure = Gen:Variant.Graftor.1470 VIPRE = Trojan.Win32.Encpk.acf (v) F-Prot = W32/GenTroj.A.gen!Eldorado AVG = Generic25.PBZ Sophos = Troj/Virtum-Gen GData = Gen:Variant.Graftor.1470 Symantec = Trojan.Gen.2 Commtouch = W32/GenTroj.A.gen!Eldorado BitDefender = Gen:Variant.Graftor.1470 NOD32 = Win32/Ponmocup.AA
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 20480 Initialized Data Size : 90112 Uninitialized Data Size : 0 Entry Point : 0x140a OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.0.2149.1 Product Version Number : 5.0.2149.1 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Security Audit Events DLL File Version : 5.00.2149.1 Internal Name : msaudite.dll Legal Copyright : Copyright (C) Microsoft Corp. 1981-1999 Original Filename : msaudite.dll Product Name : Microsoft(R) Windows (R) 2000 Operating System Product Version : 5.00.2149.1
VirusTotal Report submitted 2012-04-04 00:48:37
VirusShare info last updated 2012-07-26 00:08:20

	MD5	2b2685574f75ae35f40fd074e9ad03c4
	SHA1	589ae594091266f78e7b29dfda94bfdd63e6c892
	SHA256	d47d544aebae4ec6f9337a1d8eb15a4f381b33b242c8df6e83ea933d4a67c49e
SSDeep	6144:/s2W1fP41l3uWBpaMU/sEOSdFoWby3/XwpbCSRk/SIpybzcdMxiElUO:/nAP4b3hBpahoKFotIpbli61i8
Size	377764 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:Vundo-JU [Trj] Ikarus = Trojan.Win32.Pirminay Panda = Suspicious file nProtect = Trojan.Generic.6074040 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!iIj013cNUsw TrendMicro-HouseCall = TROJ_RENOS.BMC Emsisoft = Trojan.Win32.Pirminay!IK Comodo = TrojWare.Win32.Trojan.Agent.Gen CAT-QuickHeal = Trojan.Pirminay.qrf McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.DownLoader5.25003 TrendMicro = TROJ_RENOS.BMC Kaspersky = Trojan.Win32.Pirminay.qrf Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.xc McAfee = Generic Malware.ms F-Secure = Trojan.Generic.6074040 VIPRE = Trojan.Win32.Generic!BT F-Prot = W32/Ponmocup.A.gen!Eldorado AVG = Generic22.AMJP Norman = W32/Kryptik.AIF Sophos = Mal/Ponmocup-A GData = Trojan.Generic.6074040 Symantec = Trojan.Gen Commtouch = W32/Ponmocup.A.gen!Eldorado TheHacker = Trojan/Pirminay.gnd BitDefender = Trojan.Generic.6074040 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:05:21 21:17:45-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 65536 Initialized Data Size : 618496 Uninitialized Data Size : 0 Entry Point : 0xd1d3 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Unicode Company Name : Eryduwifz Hmurngryhfm File Description : Bluetooth Communications Driver File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : bthmodem.sys Legal Copyright : © Fcazatwtn Ubkoniyrbok. All rights reserved. Original Filename : bthmodem.sys Product Name : Pakwqcvwx® Cqtaohn® Vbjzmuigl Wnwjrm Product Version : 6.1.7600.16385
VirusTotal Report submitted 2012-04-12 08:13:54
VirusShare info last updated 2012-07-26 00:08:35

	MD5	078a5ab725704f6afa4167739980f345
	SHA1	3925c1caa2a288b874193b9a0b48f2721c7f476c
	SHA256	c6593bc05e23d409e00c57d743a2e50639515e117f9a96a4abcebbcce97ea05d
SSDeep	6144:KTqqS+GVqGLDlVdeZH2ovwMKg0ShXYhPk9MzdRgu2Q3g8JoK6FWDtS:kRSvVqGLDl3eYGbGC9Md139oKJDt
Size	349184 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Kazy.15607.11 Avast = Win32:Pirminay-Y [Trj] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay nProtect = Trojan.Generic.6313120 K7AntiVirus = Trojan VirusBuster = Trojan.DL.Agent!0uIOUzA70Xk VBA32 = Trojan.Pirminay.jxg Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Pirminay.jxg McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.DownLoader4.14377 Kaspersky = Trojan.Win32.Pirminay.jxg Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Kryptik.ANL!tr Jiangmin = Trojan/Generic.hpwf McAfee = Generic Malware.ms F-Secure = Trojan.Generic.6313120 VIPRE = Trojan.Win32.Generic!BT AVG = SHeur3.CIQI Norman = W32/Obfuscated.L GData = Trojan.Generic.6313120 TheHacker = Trojan/Pirminay.jxg BitDefender = Trojan.Generic.6313120 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:03:28 14:43:40-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 348160 Initialized Data Size : 4096 Uninitialized Data Size : 425984 Entry Point : 0xbd510 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6001.18000 Product Version Number : 6.0.6001.18000 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Aifktvgek Qlrduostdas File Description : User-Mode Bus Enumerator File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840) Internal Name : umbus.sys Legal Copyright : © Ismscmays Acgzkydljfk. All rights reserved. Original Filename : umbus.sys Product Name : Uubfzqusz® Amrbrrt® Sgufmwpls Exsqhr Product Version : 6.0.6001.18000
VirusTotal Report submitted 2012-04-25 15:44:22
VirusShare info last updated 2012-07-26 00:09:18

	MD5	d162ef56f5b5fbcb7802fffdbdb29fa4
	SHA1	bf1c317be7a32b8a83adf94093638788b57c6f42
	SHA256	efc2362fe1b12ead9db6ff51c8bacab8f19cf48d0346730fa7b8eb6c6176c59e
SSDeep	3072:PjWwvr+AMX2zJYHBhgnL89ipsmeHsqQp7rplSL9oBEP:P7MX2zJYhhgrum+RQe
Size	147968 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Kazy.YS Avast = Win32:Diller-DK [Trj] Ikarus = Trojan.Win32.Webprefix Panda = Suspicious file K7AntiVirus = Riskware Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Webprefix!IK McAfee-GW-Edition = Generic.dx!bdvb Fortinet = W32/Dx.BDVB!tr McAfee = Generic.dx!bdvb F-Secure = Gen:Variant.Graftor.16660 VIPRE = Trojan.Win32.Generic!BT AVG = Agent3.BIWY Norman = W32/Suspicious_Gen4.ZBSD GData = Gen:Variant.Graftor.16660 BitDefender = Gen:Variant.Graftor.16660 NOD32 = a variant of Win32/Ponmocup.AT
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2012:02:25 19:00:00-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 94208 Initialized Data Size : 57344 Uninitialized Data Size : 0 Entry Point : 0xe515 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.0.2134.1 Product Version Number : 5.0.2134.1 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Bpasiymks Ixhfoaguuch File Description : Reset Session Utility File Version : 5.00.2134.1 Internal Name : rwinsta Legal Copyright : Copyright (C) Microsoft Corp. 1981-1999 Original Filename : rwinsta.exe Product Name : Igzaxyssc(R) Rmlellx (R) 2000 Wiwomovdi Qaners Product Version : 5.00.2134.1
VirusTotal Report submitted 2012-04-13 19:33:03
VirusShare info last updated 2012-07-26 00:14:30

	MD5	a32f6ea3471d413b8740b8095dfb2197
	SHA1	a6c65724b1419f9e258a9f064bf6ed0b29ffb75d
	SHA256	bbc2d5fc7ba95f6286fc4a14f5ca8f4faf191664319020d3964eaa9209c76edf
SSDeep	3072:420EFw8fBe+T15wKJr54V0TlFOhLlxg8vT68bcUkwPNtXudk:42BV15wKJ14qgbnv+8YUBPzXue
Size	139264 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Graftor.17637 Avast = Win32:Diller-DC [Trj] Ikarus = Trojan.Win32.Webprefix Emsisoft = Trojan.Win32.Webprefix!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Artemis!A32F6EA3471D Fortinet = W32/Ponmocup.BH McAfee = Generic.dx!bdvl F-Secure = Gen:Variant.Graftor.17637 VIPRE = Trojan.Win32.Generic!BT AVG = Agent3.BKAB GData = Gen:Variant.Graftor.17637 BitDefender = Gen:Variant.Graftor.17637 NOD32 = Win32/Ponmocup.BH
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2012:03:09 19:00:00-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 81920 Initialized Data Size : 57344 Uninitialized Data Size : 0 Entry Point : 0xb4c3 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-04-05 06:47:04
VirusShare info last updated 2012-07-26 00:16:40

	MD5	e0771a6677336b8a941df6834b4fb8b3
	SHA1	b76a21d0ec4cddc141f93ff2de3ff45cc63e2fb6
	SHA256	6c048bfb4e947175ef8be6580e38da552ed06a7362afb2d66de231b203c3c744
SSDeep	6144:vTqqS+GVqGLDlVdeZH2ovwMKg0ShXYhPk9MzdRgu2Q3g8JoK6FWDtS:bRSvVqGLDl3eYGbGC9Md139oKJDt
Size	349184 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Kazy.15607.11 Avast = Win32:Pirminay-Y [Trj] Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay nProtect = Trojan.Generic.6313120 K7AntiVirus = Trojan VirusBuster = Trojan.DL.Agent!0uIOUzA70Xk TrendMicro-HouseCall = TROJ_GEN.R4FC3IE Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.DownLoader4.14377 TrendMicro = TROJ_GEN.R4FC3IE Kaspersky = Trojan.Win32.Pirminay.jxg Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.hpwf McAfee = Generic Malware.ms F-Secure = Trojan.Generic.6313120 VIPRE = Trojan.Win32.Generic!BT eSafe = Win32.TRKazy AVG = SHeur3.CIQI Norman = W32/Obfuscated.L GData = Trojan.Generic.6313120 Symantec = Trojan.Gen TheHacker = Trojan/Pirminay.jxg BitDefender = Trojan.Generic.6313120 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:03:28 14:43:40-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 348160 Initialized Data Size : 4096 Uninitialized Data Size : 425984 Entry Point : 0xbd510 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6001.18000 Product Version Number : 6.0.6001.18000 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Aifktvgek Qlrduostdas File Description : User-Mode Bus Enumerator File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840) Internal Name : umbus.sys Legal Copyright : © Ismscmays Acgzkydljfk. All rights reserved. Original Filename : umbus.sys Product Name : Uubfzqusz® Amrbrrt® Sgufmwpls Exsqhr Product Version : 6.0.6001.18000
VirusTotal Report submitted 2012-04-14 16:48:15
VirusShare info last updated 2012-07-26 00:17:44

	MD5	40f95107b6029210cffc4cc3b6cb117e
	SHA1	f320391ebe185e98de7461f0611e4f1d7bd04538
	SHA256	45ea0a2e15a298ed7975571661b1893c7944f1675938f1eb2d21d4ac9277042d
SSDeep	3072:rb/KxOZbx+9hpva68XBb/nL/4BlldMFDqrJtr:rb/Ksb89hpS68RjL/YdMFDqNtr
Size	143360 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.ZPACK.Gen2 Avast = Win32:Diller-DK [Trj] Ikarus = Win32.Diller Rising = Trojan.Win32.Generic.12C1B7DC K7AntiVirus = Riskware Comodo = UnclassifiedMalware Emsisoft = Win32.Diller!IK McAfee-GW-Edition = Generic.dx!b2al Fortinet = W32/Ponmocup.AZ!tr McAfee = Generic.dx!b2al F-Secure = Gen:Variant.Barys.907 VIPRE = Trojan.Win32.Generic!BT eSafe = Win32.TRCrypt.ZPACK AVG = Generic27.CAVQ Norman = W32/Troj_Generic.BHAJG GData = Gen:Variant.Barys.907 BitDefender = Gen:Variant.Barys.907 NOD32 = Win32/Ponmocup.AA
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2012:04:04 20:00:00-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 86016 Initialized Data Size : 53248 Uninitialized Data Size : 0 Entry Point : 0xc831 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-04-21 06:35:49
VirusShare info last updated 2012-07-26 00:25:11

	MD5	98d54c963712792015fcaa8677a144b6
	SHA1	db194e088988ddaddb4d380493073f709aa55ef2
	SHA256	b3c02c8580c8d4866c1e76a21f5861ce41221b90c8e8b3d13f0181b191fb9d1d
SSDeep	6144:0371kXidyxZOyUug8AZuIBVTMuc93XOTvhAGpyjC7HevmGRgPX35:M71qEyPIu1khVTgoA+y+CvKPX35
Size	334858 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.ULPM.Gen Avast = Win32:Pirminay-BW [Trj] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Zbot Panda = Suspicious file nProtect = Trojan.Fakealert.26831 K7AntiVirus = Riskware VirusBuster = Trojan.Fakealert!RYFLMedaw3M TrendMicro-HouseCall = TROJ_GEN.R4FC3GG Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[Cont] McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.MulDrop2.36782 TrendMicro = TROJ_GEN.R4FC3GG Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.akk McAfee = Generic Malware.ms F-Secure = Trojan.Fakealert.26831 VIPRE = FraudTool.Win32.AVSoft (v) AVG = Generic23.JGC Norman = W32/Suspicious_Gen2.QFEZJ Sophos = Mal/Ponmocup-A Symantec = Trojan.Gen GData = Trojan.Fakealert.26831 TheHacker = Trojan/Pirminay.ijm BitDefender = Trojan.Fakealert.26831 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:17 14:45:15-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 335872 Initialized Data Size : 4096 Uninitialized Data Size : 446464 Entry Point : 0xbf020 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.3959 Product Version Number : 5.2.3790.3959 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Nxqwtdafx Ifdhviiyhxk File Description : Server Appliance Shutdown Executable File Version : 5.2.3790.3959 (srv03_sp2_rtm.070216-1710) Internal Name : taskshutdown.exe Legal Copyright : © Zhzjdvrud Tqnpkqgivov. All rights reserved. Original Filename : taskshutdown.exe Product Name : Htbfjvqxs® Windows® Kcxxvgfyq Bsurle Product Version : 5.2.3790.3959
VirusTotal Report submitted 2012-04-20 11:46:22
VirusShare info last updated 2012-07-26 00:26:14

	MD5	5ff89db23a5185319138dd1d0655bd2b
	SHA1	15d6cb100cfdd81abdf4650a375c8d01f5e78d22
	SHA256	232f119d57ca114accb07d61e26041899819224ba3ba5793ef29a187c9ac05bb
SSDeep	1536:e/VBbe8oKyrkQ2B6Vm8LijlDQmvQGrDK1yoSrq1rwlnbpTth0Hp2K4:+VkthLiVQ5GK1yA8nbpTth0
Size	147456 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Graftor.173521 Avast = Win32:Diller-CE [Trj] Antiy-AVL = Trojan/win32.agent.gen Ikarus = Trojan.Win32.Webprefix AhnLab-V3 = Trojan/Win32.Vundo Panda = Trj/Genetic.gen Emsisoft = Trojan.Win32.Webprefix!IK Microsoft = Trojan:Win32/Vundo.gen!CA Fortinet = W32/Ponmocup.AZ!tr F-Secure = Gen:Variant.Graftor.17350 VIPRE = Virtumonde F-Prot = W32/Agent.OG.gen!Eldorado AVG = Agent3.BJDF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Graftor.17350 Symantec = Trojan.Gen.2 TheHacker = Trojan/Ponmocup.az BitDefender = Gen:Variant.Graftor.17350 NOD32 = Win32/Ponmocup.AZ
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:03:27 18:28:44-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 69632 Initialized Data Size : 77824 Uninitialized Data Size : 0 Entry Point : 0x16ed OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Event Create File Version : 5.1.2600.0 (xpclient.010817-1148) Internal Name : EventCreate.exe Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : EvCreate.exe Product Name : Microsoft® Windows® Operating System Product Version : 5.1.2600.0
VirusTotal Report submitted 2012-04-08 08:24:19
VirusShare info last updated 2012-07-26 00:28:17

	MD5	cc02c24c79180229dfdb54932551ecc1
	SHA1	d955f47ad25477dd69567bf1f31813c34bb8da41
	SHA256	2e96b57cdee8d19049ead38149b305ce31bb5bd2e974dfaac4549ceed5fdfe1d
SSDeep	1536:2IeDFvaeohyKiylGV3CK1e3bOFe8X9sgCQjojbJAphINF0mPd8thMHZHO:ReD0RiywCK4ML6gCQjwF0IdoQZHO
Size	79360 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/VB.Downloader.Gen Avast = Win32:Hosts-J [Trj] Ikarus = Trojan.Win32.Swisyn AhnLab-V3 = Trojan/Win32.Swisyn Panda = Trj/Qhost.LU Rising = Trojan.Win32.QHost.awf nProtect = Trojan/W32.QHosts.79360 K7AntiVirus = Trojan VirusBuster = Trojan.Swisyn!whPY1JLc4mw VBA32 = SScope.Trojan.VB.0609 eTrust-Vet = Win32/Swisyn.R TrendMicro-HouseCall = TROJ_FAM_00001e3.TOMA Comodo = TrojWare.Win32.Swisyn.C Emsisoft = Trojan.Win32.Swisyn!IK CAT-QuickHeal = TrojanDownloader.Ponmocup.A3 SUPERAntiSpyware = Trojan.Agent/Gen-Qhost McAfee-GW-Edition = Heuristic.BehavesLike.Win32.Downloader.D DrWeb = Trojan.Siggen.461 TrendMicro = TROJ_FAM_00001e3.TOMA Kaspersky = Trojan.Win32.Swisyn.jyb Microsoft = TrojanDownloader:Win32/Ponmocup.A ViRobot = Trojan.Win32.Swisyn.65024 Fortinet = W32/Swisyn.CQV!tr PCTools = Malware.Changeup Jiangmin = Trojan/Swisyn.cby McAfee = Swisyn.s ClamAV = Trojan.VB-43290 F-Secure = Trojan.Qhosts.AVO VIPRE = Trojan.Win32.Swisyn.jyb (v) F-Prot = W32/Swisyn.E.gen!Eldorado Norman = W32/DLoader.ACMAD Sophos = Mal/Swisyn-D GData = Trojan.Qhosts.AVO Symantec = W32.Changeup!gen Commtouch = W32/Swisyn.E.gen!Eldorado TheHacker = Trojan/Swisyn.jyb BitDefender = Trojan.Qhosts.AVO NOD32 = Win32/Qhost.NRX
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:13 10:28:38-04:00 PE Type : PE32 Linker Version : 6.0 Code Size : 8192 Initialized Data Size : 8192 Uninitialized Data Size : 0 Entry Point : 0x1088 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-04-08 06:44:03
VirusShare info last updated 2012-07-26 00:29:13

	MD5	d8d96b8bf21b76f7b5dedd0055abf6cf
	SHA1	0c9c25386ba87d2c5abd26d642eb550cfa1c9125
	SHA256	d08ed680b5d5b722f4e3d0bb43c37ee0789bb0ae6cf511e3148d5bb93c33429d
SSDeep	1536:nINMlsdqHjy6pg2B4Re8LijBBhmg4eFS+TQezC12hLdo2MIty/c+HpFrb:n3sQHLmLiThl4eM2QSk6LW2MIty/B
Size	147456 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Graftor.173522 Avast = Win32:Diller-DK [Trj] Ikarus = Trojan.Win32.Webprefix AhnLab-V3 = Trojan/Win32.Vundo Panda = Trj/Genetic.gen TrendMicro-HouseCall = TROJ_PONMOCUP.AL Emsisoft = Trojan.Win32.Webprefix!IK McAfee-GW-Edition = Vundo!oy TrendMicro = TROJ_PONMOCUP.AL Microsoft = Trojan:Win32/Vundo.gen!CA Fortinet = W32/Ponmocup.AZ!tr McAfee = Vundo!oy F-Secure = Gen:Variant.Graftor.17350 VIPRE = Virtumonde F-Prot = W32/Agent.OG.gen!Eldorado AVG = Agent3.BJMI Sophos = Troj/Virtum-Gen GData = Gen:Variant.Graftor.17350 Symantec = Trojan.Gen.2 Commtouch = W32/Agent.OG.gen!Eldorado BitDefender = Gen:Variant.Graftor.17350 NOD32 = a variant of Win32/Ponmocup.BD
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:03:27 18:28:44-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 69632 Initialized Data Size : 77824 Uninitialized Data Size : 0 Entry Point : 0x16ef OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Event Create File Version : 5.1.2600.0 (xpclient.010817-1148) Internal Name : EventCreate.exe Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : EvCreate.exe Product Name : Microsoft® Windows® Operating System Product Version : 5.1.2600.0
VirusTotal Report submitted 2012-04-12 09:34:46
VirusShare info last updated 2012-07-26 00:29:19

	MD5	ae93a0dbc00a7e66dd0ac3039b2ba26c
	SHA1	5bc61112e880d5dbb35d061909944aac14de6790
	SHA256	64e93d7f0b1aafa9e274983d730b2a37531b769f822da90dbd62c9ca71680f9e
SSDeep	3072:oL20EFw8fBePqhwT15wKJr54V0OlFOhLlfg8vT68bcUkwPNHXudk:oL2BYz15wKJ14qZVnv+8YUBPBXue
Size	139264 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Graftor.17637 Avast = Win32:Diller-DC [Trj] Ikarus = Trojan.Win32.Webprefix Emsisoft = Trojan.Win32.Webprefix!IK McAfee-GW-Edition = Artemis!AE93A0DBC00A McAfee = Artemis!AE93A0DBC00A F-Secure = Gen:Variant.Graftor.17637 VIPRE = Trojan.Win32.Generic!BT AVG = Agent3.BKAB GData = Gen:Variant.Graftor.17637 BitDefender = Gen:Variant.Graftor.17637 NOD32 = Win32/Ponmocup.BH
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2012:03:09 19:00:00-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 81920 Initialized Data Size : 57344 Uninitialized Data Size : 0 Entry Point : 0xb4c3 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-04-04 09:42:32
VirusShare info last updated 2012-07-26 00:31:02

	MD5	66ff4f24ac4cb6d2083ea1ddc3c859e4
	SHA1	c473fd8e780bfee66f9fbc7f7bb1349895c24060
	SHA256	104bd76e423b381f4ac42e581a02da6f05085fd2a28228937639e73111fb89b8
SSDeep	3072:RT1rfKV3NyVXKE3m4W7dv6NtZGmj7OwZuGexL:vKREs0Nt5bkGed
Size	131072 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/VB.Downloader.Gen Avast = Win32:Hosts-J [Trj] Ikarus = Trojan.Win32.Swisyn AhnLab-V3 = Trojan/Win32.Swisyn Panda = Trj/Qhost.LU Rising = Trojan.Win32.QHost.awf nProtect = Trojan/W32.Swisyn.131072.T K7AntiVirus = Trojan VirusBuster = Trojan.Swisyn!whPY1JLc4mw VBA32 = SScope.Trojan.VB.0609 eTrust-Vet = Win32/Swisyn.R TrendMicro-HouseCall = TROJ_FAM_00001e3.TOMA Emsisoft = Trojan.Win32.Swisyn!IK Comodo = TrojWare.Win32.Swisyn.C CAT-QuickHeal = TrojanDownloader.Ponmocup.A3 SUPERAntiSpyware = Trojan.Agent/Gen-Qhost McAfee-GW-Edition = Heuristic.BehavesLike.Win32.Downloader.A DrWeb = Trojan.Siggen.461 TrendMicro = TROJ_FAM_00001e3.TOMA Kaspersky = Trojan.Win32.Swisyn.jyb ViRobot = Trojan.Win32.Swisyn.65024 Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Swisyn.CQV!tr PCTools = Malware.Changeup Jiangmin = Trojan/Swisyn.cby McAfee = Swisyn.s ClamAV = Trojan.VB-43290 F-Secure = Trojan.Qhosts.AVO VIPRE = Trojan.Win32.Swisyn.jyb (v) F-Prot = W32/Swisyn.E.gen!Eldorado AVG = Dropper.VB.CMD Norman = W32/DLoader.ACMAD Sophos = Mal/Swisyn-D GData = Trojan.Qhosts.AVO Symantec = W32.Changeup!gen Commtouch = W32/Swisyn.E.gen!Eldorado TheHacker = Trojan/Swisyn.jyb BitDefender = Trojan.Qhosts.AVO NOD32 = Win32/Qhost.NRX
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:13 10:28:38-04:00 PE Type : PE32 Linker Version : 6.0 Code Size : 8192 Initialized Data Size : 8192 Uninitialized Data Size : 0 Entry Point : 0x1088 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-04-10 00:14:11
VirusShare info last updated 2012-07-26 00:34:34

	MD5	8cf5f5c39d2c9081dedb4ba95571592b
	SHA1	b0afcecffb3cc7c6668f4c8d6191cffafe182efe
	SHA256	81bf0cd4ed32c76b9baf132de966473033a294c3df5c15bb8bb557ef04b7befa
SSDeep	6144:tv3lWHb8jZTBLaJ+1DPUBiEdQZOMbe0qJF2dw3VwoRMWhHiZ7J3tAtOzzbR:tv32b8jiuUBT+thqJF2AjhHoJ39t
Size	361047 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dldr.Ponmocup.A.203 Avast = Win32:Kryptik-BLH [Trj] Ikarus = Trojan-Downloader.Win32.Ponmocup nProtect = Trojan.Generic.5790831 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!38gmZSmqulE VBA32 = Trojan.Pirminay.ewt TrendMicro-HouseCall = TROJ_GEN.R49CDCV Emsisoft = Trojan-Downloader.Win32.Ponmocup!IK Comodo = TrojWare.Win32.Trojan.Agent.Gen CAT-QuickHeal = TrojanDownloader.Ponmocup McAfee-GW-Edition = Downloader.a!bnp DrWeb = Trojan.DownLoader5.49605 TrendMicro = TROJ_GEN.R49CDCV Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Kryptik.ANL!tr PCTools = HeurEngine.MaliciousPacker Jiangmin = Trojan/Pirminay.ta McAfee = Downloader.a!bnp F-Secure = Trojan.Generic.5790831 VIPRE = Trojan.Win32.Generic!BT AVG = Generic21.CPBA Norman = W32/Troj_Generic.AVPIJ GData = Trojan.Generic.5790831 Symantec = Packed.Generic.305 TheHacker = Trojan/Pirminay.ews BitDefender = Trojan.Generic.5790831 NOD32 = a variant of Win32/Kryptik.LLT
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:08:14 00:33:39-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 32768 Initialized Data Size : 638976 Uninitialized Data Size : 0 Entry Point : 0x8b96 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1.0.0.3 Product Version Number : 1.0.0.1 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Developped for Wimettztg Ldgqfhuboot by ECO Kommunikation Company Name : Ibebtszgk Hbispmbooft File Description : UManDlg DLL File Version : 1, 0, 0, 3 Internal Name : UManDlg Legal Copyright : Copyright © 1997-1999 Nkbdvrwwy Xyhdxepdpdu Original Filename : UManDlg.DLL Product Name : UManDlg Dynamic Link Library Product Version : 1, 0, 0, 1
VirusTotal Report submitted 2012-04-04 13:00:24
VirusShare info last updated 2012-07-26 00:34:50

	MD5	57c62a3a15d76e4b37a09cb7a7b85737
	SHA1	b1483b4b2f764fb7c257bddbb1517ef16d2f2f4a
	SHA256	bcb3f74a2600e91d9fd02995aeb97e7c9a5795ab1a6efa36d1410e4737c716b5
SSDeep	6144:TNXJz6ZQw9FsL57G2/+C+7VXfhSoSWmTh7dnc4z4Q/IueNfn1g5TzAZl:ZZzQps7G2/j+BX+W8JnX0buehK5/Yl
Size	365629 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:Vundo-JU [Trj] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Suspicious file nProtect = Trojan.Generic.5789340 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!8H/KoZEbglc TrendMicro-HouseCall = TROJ_GEN.R11C1H3 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.DownLoader4.53997 TrendMicro = TROJ_GEN.R11C1H3 Kaspersky = Trojan.Win32.Pirminay.qvg Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.sd McAfee = Generic Malware.ms F-Secure = Trojan.Generic.5789340 VIPRE = Trojan.Win32.Generic!BT AVG = Generic22.AGU Norman = W32/Kryptik.AIF Sophos = Mal/Generic-L GData = Trojan.Generic.5789340 Symantec = Trojan.Gen TheHacker = Trojan/Pirminay.eym BitDefender = Trojan.Generic.5789340 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:06 23:57:14-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 69632 Initialized Data Size : 569344 Uninitialized Data Size : 0 Entry Point : 0xe6df OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Tbrdnhtwi Yokkgxtgoyd File Description : Qylhjvlfn Identity Manager File Version : 6.0.6000.16386 (hfihv_rtm.061101-2205) Internal Name : MSIDENT.DLL Legal Copyright : © Tghmywfyc Nxbwjducrgd. All rights reserved. Original Filename : MSIDENT.DLL Product Name : Bjyvkbzqp® Xeccakr® Oboaophvo Swzjnq Product Version : 6.0.6000.16386
VirusTotal Report submitted 2012-04-11 17:52:54
VirusShare info last updated 2012-07-26 00:37:29

	MD5	04ade732f4ed8cf11f567233d2752bbf
	SHA1	89b4b5c9f377cd1e3ff4cf30deb12d22be309de6
	SHA256	39c10e486c6eff5791a30b62ed62a22e9e6f666ea0e47023e591aa625b98ed22
SSDeep	1536:G/Ybe8oKyrkQ2B6Vm8LijlDQmLQGrDK1yoSrq1rwlnUpTtN0Hp2K4:2zthLiVQNGK1yA8nUpTtN0
Size	147456 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Graftor.173521 Avast = Win32:Diller-DK [Trj] Ikarus = Trojan.Win32.Webprefix AhnLab-V3 = Trojan/Win32.Vundo Panda = Trj/Genetic.gen K7AntiVirus = Riskware eTrust-Vet = Win32/Vundo.HUP!genus TrendMicro-HouseCall = TROJ_GEN.R30CDDJ Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Webprefix!IK CAT-QuickHeal = Trojan.Vundo McAfee-GW-Edition = Vundo!pd TrendMicro = TROJ_GEN.R30CDDJ Microsoft = Trojan:Win32/Vundo.gen!CA Fortinet = W32/Ponmocup.AZ!tr McAfee = Vundo!pd F-Secure = Gen:Variant.Graftor.17350 VIPRE = Virtumonde F-Prot = W32/Agent.OG.gen!Eldorado AVG = Agent3.BJDF Norman = W32/Troj_Generic.BGTDF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Graftor.17350 Symantec = Trojan.Gen.2 Commtouch = W32/Agent.OG.gen!Eldorado TheHacker = Trojan/Ponmocup.az BitDefender = Gen:Variant.Graftor.17350 NOD32 = Win32/Ponmocup.AZ
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:03:27 18:28:44-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 69632 Initialized Data Size : 77824 Uninitialized Data Size : 0 Entry Point : 0x16ed OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Event Create File Version : 5.1.2600.0 (xpclient.010817-1148) Internal Name : EventCreate.exe Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : EvCreate.exe Product Name : Microsoft® Windows® Operating System Product Version : 5.1.2600.0
VirusTotal Report submitted 2012-04-22 03:43:35
VirusShare info last updated 2012-07-26 00:40:15

	MD5	4c1423eddc919affb86bd67b43a42462
	SHA1	4bf5a6ef5a285a80f3f963ef9cf052c812865850
	SHA256	03da474de11f3f98c0a4ddbed5dc588b76973c6708ca1f0fadee44a6f72d321a
SSDeep	1536:Y2ZAh9wJua1ZRIbI+e2BrMg8LiyKTGmFX7tb2P5OxMLBXpJjBhScMzW:tIwYNU3LipGeX7tkPLbJniC
Size	133632 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.ZPACK.Gen2 Avast = Win32:Diller-H [Trj] Ikarus = Win32.Diller AhnLab-V3 = Trojan/Win32.Genome Panda = Suspicious file K7AntiVirus = Riskware VirusBuster = Trojan.Ponmocup!syZ0KlXlUdc Comodo = UnclassifiedMalware Emsisoft = Win32.Diller!IK McAfee-GW-Edition = Artemis!4C1423EDDC91 Fortinet = W32/Ponmocup.AI McAfee = Artemis!4C1423EDDC91 F-Secure = Gen:Variant.Barys.973 VIPRE = Trojan.Win32.Generic!BT AVG = Downloader.Agent2.AZID Norman = W32/Suspicious_Gen4.WYFL GData = Gen:Variant.Barys.973 BitDefender = Gen:Variant.Barys.973 NOD32 = a variant of Win32/Ponmocup.AI
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 8.0 Code Size : 90112 Initialized Data Size : 45056 Uninitialized Data Size : 0 Entry Point : 0x5d33 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-04-26 20:35:44
VirusShare info last updated 2012-07-26 00:41:18

	MD5	ab2d5c3a43fea5681d00d4e84831e355
	SHA1	3606608a640151a4fc1b09d8ff6335574239ddec
	SHA256	92b62f6d67a2029d6d7f71636d4c6049ca17140a819b202eaa1efad16d4c8f61
SSDeep	1536:FqU38/bRC8dY0lsBfJHwbkAyuWr2Bhae8LitoWGym6mwBR54cmPt0Zrchb5cCZlt:P8/fdEQYmILitOyvtBHRgt3VZlEjbY
Size	163840 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.ZPACK.Gen2 Avast = Win32:Diller-DK [Trj] Ikarus = Win32.Diller AhnLab-V3 = Trojan/Win32.Genome K7AntiVirus = Riskware Emsisoft = Win32.Diller!IK McAfee-GW-Edition = Artemis!AB2D5C3A43FE Fortinet = W32/Ponmocup.AA McAfee = Generic.dx!b2at F-Secure = Gen:Variant.Graftor.15125 AVG = Downloader.Agent2.AZHY GData = Gen:Variant.Graftor.15125 Symantec = Trojan.Gen.2 BitDefender = Gen:Variant.Graftor.15125 NOD32 = Win32/Ponmocup.AA
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 8.0 Code Size : 106496 Initialized Data Size : 57344 Uninitialized Data Size : 0 Entry Point : 0x9a81 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-04-21 07:35:03
VirusShare info last updated 2012-07-26 00:42:43

	MD5	657c4f8537a66f49de7112942350940c
	SHA1	d50cc099968860dd59c4287f5a5c1de06fb01e18
	SHA256	2287be00c1d443acde09781efc86be69afc4f38cbf7a59da9916c42a295a7304
SSDeep	3072:iOhuX/4CR1K25ifqm+8EFoFnmfEltU1lfMaw:iJRE25fDoG9XM
Size	102400 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Graftor.19642.3 Avast = Win32:Crypt-MGX [Trj] Ikarus = Trojan.Win32.Webprefix Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Webprefix!IK McAfee-GW-Edition = Artemis!657C4F8537A6 Fortinet = W32/Ponmocup.AZ!tr McAfee = Generic.dx!b2ak F-Secure = Gen:Variant.Graftor.19642 eSafe = Win32.GenVariant.Gra AVG = Agent3.BLDS GData = Gen:Variant.Graftor.19642 BitDefender = Gen:Variant.Graftor.19642 NOD32 = a variant of Win32/Ponmocup.BQ
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:05:19 12:57:35-04:00 PE Type : PE32 Linker Version : 6.0 Code Size : 49152 Initialized Data Size : 49152 Uninitialized Data Size : 0 Entry Point : 0x3659 OS Version : 4.0 Image Version : 4.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-04-20 06:10:53
VirusShare info last updated 2012-07-26 00:45:54

	MD5	2261ae5f43f3a2e1fdf932acf69a4d13
	SHA1	a0c1b09b369f56cbf527fb7e3599ded0a77d982f
	SHA256	e3b4f60804c4c5bb8ef31662c7fc6a8c3a1174175fb5b00709b3016149bd945d
SSDeep	1536:FIv+G4hGDh0BILgLfO/DPTCkbAmIdGEZCt:TGXh5p/DPTrRIzZC
Size	66560 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.XPACK.Gen Avast = Win32:Suprchu [Adw] Antiy-AVL = Trojan/Win32.Genome Ikarus = Win32.SuspectCrc AhnLab-V3 = Trojan/Win32.Gen Panda = Trj/Genetic.gen Rising = Trojan.Win32.Ponmocup.a K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_GEN.R11C9A7 Emsisoft = Win32.SuspectCrc!IK Comodo = TrojWare.Win32.Ponmocup.aa CAT-QuickHeal = Trojan.Vundo McAfee-GW-Edition = Generic Malware.ms TrendMicro = TROJ_GEN.R11C9A7 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.TMS!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.K!generic Jiangmin = DangerousObject.Multi.ciw McAfee = Generic Malware.ms F-Secure = Gen:Variant.Graftor.1470 VIPRE = Trojan.Win32.Encpk.acf (v) eSafe = Win32.TRCrypt.XPACK F-Prot = W32/GenTroj.A.gen!Eldorado AVG = Generic25.QZK Norman = W32/Troj_Generic.EXN Sophos = Troj/Virtum-Gen GData = Gen:Variant.Graftor.1470 Symantec = Trojan.Gen.2 Commtouch = W32/GenTroj.A.gen!Eldorado BitDefender = Gen:Variant.Graftor.1470 NOD32 = Win32/Ponmocup.AA
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 20480 Initialized Data Size : 49152 Uninitialized Data Size : 0 Entry Point : 0x1402 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.3959 Product Version Number : 5.2.3790.3959 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 8 Language Code : English (U.S.) Character Set : Unicode Company Name : Iwcthoaaq Zwzurinhcai File Description : Ubjtycgec ACM Audio Filter File Version : 5.2.3790.3959 (srv03_sp2_rtm.070216-1710) Internal Name : Fskejpfhh ACM Audio Filter Legal Copyright : © Microsoft Bamszbzhicp. All rights reserved. Original Filename : msfltr32.acm Product Name : Jjhpkxxls® Yaxrehn® Cangcvpnz Cvlnud Product Version : 5.2.3790.3959
VirusTotal Report submitted 2012-06-05 15:41:36
VirusShare info last updated 2012-07-26 00:54:45

	MD5	31b2426cf56f3b348637de5813991e22
	SHA1	b4a35c9c3f075477b42458ebc50217189f2a35ef
	SHA256	f74104a45d25c3afa9219e34513ab367691b8e2f81439377463b37b9874727c7
SSDeep	1536:TCg+UyO0L2o+oSr4M9QM7VI5/GqkYdeDG2uM5bDUf3M7wkFTMN7bhe:rfyOJoSn9uGq1eD3VxDUf806TMNZ
Size	91136 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.ZPACK.Gen2 Avast = Win32:Diller-DK [Trj] Ikarus = Trojan.Win32.Webprefix Panda = Trj/CI.A nProtect = Trojan.Generic.KDV.603941 K7AntiVirus = Riskware Emsisoft = Trojan.Win32.Webprefix!IK McAfee-GW-Edition = Artemis!31B2426CF56F Fortinet = W32/Ponmocup.AZ!tr McAfee = Generic.dx!b2as F-Secure = Trojan.Generic.KDV.603941 AVG = Agent3.BLBD GData = Trojan.Generic.KDV.603941 Symantec = WS.Reputation.1 BitDefender = Trojan.Generic.KDV.603941 NOD32 = a variant of Win32/Ponmocup.BP
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:08:06 03:33:41-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 45056 Initialized Data Size : 49152 Uninitialized Data Size : 0 Entry Point : 0x26f7 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-04-21 06:16:47
VirusShare info last updated 2012-07-26 00:55:21

	MD5	34aebbed4b5da5d91b389967c9b22442
	SHA1	73e025563842ddb5bd1d0c05b5d026c5829dc5dc
	SHA256	2aa1035b546efb71c8238662ba4a1f29110cac9149abe40aef2eea8c6779750e
SSDeep	3072:l/Szpv5KnzaX07teZ9lUv1OnedfS4PjNQ/WQLIAInNkQgUDOD:WM8xW1HJPJQuM9T
Size	253952 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.ZPACK.Gen2 Avast = Win32:Diller-DK [Trj] Ikarus = Trojan.Win32.Webprefix nProtect = Trojan.Generic.7445105 K7AntiVirus = Riskware VirusBuster = Trojan.Ponmocup!hnyII33vXGA Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Webprefix!IK McAfee-GW-Edition = Artemis!34AEBBED4B5D Fortinet = W32/Ponmocup.BR McAfee = Artemis!34AEBBED4B5D F-Secure = Trojan.Generic.7445105 VIPRE = Trojan.Win32.Generic!BT AVG = Agent3.BLOA GData = Trojan.Generic.7445105 TheHacker = Trojan/Ponmocup.br BitDefender = Trojan.Generic.7445105 NOD32 = a variant of Win32/Ponmocup.BR
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2012:03:28 20:00:00-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 192512 Initialized Data Size : 57344 Uninitialized Data Size : 0 Entry Point : 0x267bf OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-04-12 21:22:06
VirusShare info last updated 2012-07-26 00:55:26

	MD5	4b9153c7f71f69bdb532ed2721dd2a36
	SHA1	20458bd95c7a9158c1349f1072a4d1e264a1169d
	SHA256	90de18592c7ddf7da684b9630055f7d4d67de0f87220f8621b959eb9e2ae1441
SSDeep	1536:3oMM6VBnjE+50Gs60BIZGOMyORKG2aY3SEgXRGXtnckFDHSKsew+k/ISEEHwI615:3o0nBs6YI5MyO83SYncODHSgLkzHwI
Size	102912 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.ZPACK.Gen2 Avast = Win32:Diller-DK [Trj] Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Webprefix AhnLab-V3 = Trojan/Win32.Diller Panda = Trj/Genetic.gen nProtect = Trojan.Generic.KDV.584742 K7AntiVirus = Riskware VirusBuster = Trojan.Ponmocup!L1nSlZEzzaI TrendMicro-HouseCall = TROJ_GEN.R3EB1D4 Emsisoft = Trojan.Win32.Webprefix!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Generic.dx!bd3h Microsoft = Trojan:Win32/Vundo.gen!CB Fortinet = W32/Ponmocup.AZ!tr Jiangmin = Trojan/Genome.bmkf McAfee = Generic.dx!bd3h F-Secure = Trojan.Generic.KDV.584742 VIPRE = Trojan.Win32.Generic!BT AVG = Agent3.BKWD Norman = W32/Suspicious_Gen4.YJUL GData = Trojan.Generic.KDV.584742 TheHacker = Trojan/Ponmocup.bn BitDefender = Trojan.Generic.KDV.584742 NOD32 = a variant of Win32/Ponmocup.BN
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2012:03:24 20:00:00-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 57344 Initialized Data Size : 49152 Uninitialized Data Size : 0 Entry Point : 0x5309 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-06-05 15:46:17
VirusShare info last updated 2012-07-26 00:56:21

	MD5	5678510f0050da45267400c24deb9ab4
	SHA1	0f7b0550dcb83b17253c764f40dfffff92be6f23
	SHA256	190e4c025b4a9c89e8d893583da3cb82ba28ed76fd0774d26df2770a9c2bdbf7
SSDeep	6144:2zAfN9tKSbAuIkfi19RoqaTOOK0hNmZvDaWBIKSpt4zLGE2W4xMlskoVtXsDsBcx:2cfNOSbAgiOqJO9uxSKSv4HGxVxMWkoG
Size	367616 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:Dropper-GZY [Drp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Dropper/Win32.Drooptroop Panda = Suspicious file nProtect = Trojan/W32.Pirminay.367616 VirusBuster = Trojan.Pirminay!dHa9F3nblnA TrendMicro-HouseCall = TROJ_GEN.R4FC3GF Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falint[Cont] McAfee-GW-Edition = Generic.dx!baqy DrWeb = Trojan.DownLoader3.33469 TrendMicro = TROJ_GEN.R4FC3GF Kaspersky = Trojan.Win32.Pirminay.ikf Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.adg McAfee = Generic.dx!baqy F-Secure = Trojan.Generic.6154931 VIPRE = Trojan.Win32.Generic!BT AVG = Generic23.KBF Norman = W32/Obfuscated.L Sophos = Troj/Virtum-Gen GData = Trojan.Generic.6154931 Symantec = Trojan.Gen TheHacker = Trojan/Pirminay.ikf BitDefender = Trojan.Generic.6154931 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:11:12 13:26:02-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 368640 Initialized Data Size : 4096 Uninitialized Data Size : 540672 Entry Point : 0xde020 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7000.0 Product Version Number : 6.1.7000.0 File Flags Mask : 0x0017 File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Xczembsiu Zowhmyamvvc File Description : File Version : 6.1.7000.0 Internal Name : Eihsqjpxx.Byduyqa.Diagnosis.Commands.WriteDiagProgress.resources.dll Legal Copyright : Copyright (c) Ngkozaydl Wdlcanwellv. All rights reserved. Original Filename : Wwjxelbvl.Dxexqua.Diagnosis.Commands.WriteDiagProgress.resources.dll Product Name : Lcqpwtiev (R) Oqinrcj (R) Kgxbmaeau Cfqbwz Product Version : 6.1.7000.0
VirusTotal Report submitted 2012-04-19 08:56:41
VirusShare info last updated 2012-07-26 00:56:55

	MD5	5d801e9990a95359b343285a71ee97a7
	SHA1	c3fe03dc90688ef3f0a181b83a2205d734dd97b2
	SHA256	df6d1f54088a8e5df0d5251792308da3ca6df1479da0e673e16013ab836cfd7e
SSDeep	6144:SVtisu1+wTe+owFK2nAZrgnLsqT2A/te9YJcnqpd+2AqkysHBg82JWXH:SVtiB1+oFUrSIU2xzqz+2AqkDHIJUH
Size	336424 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Spy.ZBot.34.67 Avast = Win32:Zbot-NDZ [Trj] Ikarus = Trojan-Downloader.Win32.Ponmocup AhnLab-V3 = Trojan/Win32.Pirminay Panda = Generic Trojan K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_GEN.R11C2FS Comodo = UnclassifiedMalware Emsisoft = Trojan-Downloader.Win32.Ponmocup!IK CAT-QuickHeal = Trojan.Pirminay.qmp McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.DownLoader5.63020 TrendMicro = TROJ_GEN.R11C2FS Kaspersky = Trojan.Win32.Pirminay.qmp Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Kryptik.ANL!tr Jiangmin = Trojan/Generic.jhnq McAfee = Generic Malware.ms ClamAV = Trojan.Agent-248125 F-Secure = Gen:Variant.Zbot.34 VIPRE = Trojan.Win32.Generic!BT eSafe = Win32.TRSpy.Zbot AVG = Generic22.CDWM Norman = W32/Obfuscated.L Sophos = Troj/Virtum-Gen Symantec = WS.Reputation.1 GData = Gen:Variant.Zbot.34 TheHacker = Trojan/Kryptik.lxf BitDefender = Gen:Variant.Zbot.34 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2007:02:03 21:49:44-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 327680 Initialized Data Size : 323584 Uninitialized Data Size : 0 Entry Point : 0x50320 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6001.18000 Product Version Number : 6.0.6001.18000 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Nalsdpqlw Dyvneekmzyn File Description : WDM Streaming Crossbar File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840) Internal Name : ksxbar.ax Legal Copyright : © Dcpdfeojw Mkhegegqkax. All rights reserved. Original Filename : ksxbar.ax Product Name : Niebhswqb® Yqzzeyu® Lvuovyooh Sefyyz Product Version : 6.0.6001.18000
VirusTotal Report submitted 2012-04-04 13:24:06
VirusShare info last updated 2012-07-26 00:57:20

	MD5	8dc444dfb0f0e62290d6109199e86369
	SHA1	66a116671b78d48708a7ffd442571f6e7b64134b
	SHA256	f9cdf9a332a39836e21ed43b377af070052653db4eed55e3a8e7c6c80afd41a1
SSDeep	1536:X70niGgRxuQL9fRTDyaOjIdEz3iSwaf4DtsQ2tz:XDRfnTDyaOjI04JsQ29
Size	61952 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.XPACK.Gen Avast = Win32:MalOb-HV [Cryp] Antiy-AVL = Trojan/Win32.Genome Ikarus = Win32.SuspectCrc AhnLab-V3 = Trojan/Win32.HDC Panda = Generic Trojan Rising = Trojan.Win32.Ponmocup.a eTrust-Vet = Win32/Vundo.K!generic Comodo = TrojWare.Win32.Ponmocup.aa Emsisoft = Win32.SuspectCrc!IK CAT-QuickHeal = Trojan.Vundo McAfee-GW-Edition = Generic Malware.ms Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.TMS!tr Jiangmin = DangerousObject.Multi.ebi McAfee = Generic Malware.ms F-Secure = Gen:Variant.Graftor.2702 VIPRE = Trojan.Win32.Encpk.acf (v) AVG = Generic25.AIIU Norman = W32/Troj_Generic.AWLLR Symantec = Trojan.Gen.2 GData = Gen:Variant.Graftor.2702 TheHacker = Trojan/Ponmocup.aa BitDefender = Gen:Variant.Graftor.2702 NOD32 = Win32/Ponmocup.AA
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 20480 Initialized Data Size : 45056 Uninitialized Data Size : 0 Entry Point : 0x140a OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.0 Product Version Number : 5.2.3790.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 2 Language Code : Neutral Character Set : Unicode Company Name : Npzfycjoo Qypuifyunpq File Description : Canadian National Standard Keyboard Layout File Version : 5.2.3790.0 (srv03_rtm.030324-2048) Internal Name : kbdcan (3.12) Legal Copyright : © Microsoft Qpcxrgovyex. All rights reserved. Original Filename : kbdcan.dll Product Name : Ktotavisg® Tmfyrkl® Xfaqzvbfv Cmsmlc Product Version : 5.2.3790.0
VirusTotal Report submitted 2012-04-05 10:24:51
VirusShare info last updated 2012-07-26 01:00:45

	MD5	91222b1463fa62b7f953347ec27c157d
	SHA1	325e3ddced6bcc0728dfdb53f744930cb6382413
	SHA256	654f9ad510bfc01a2922d744f92a83333fb1b77b37085aabf40a7f308a2683c9
SSDeep	6144:4uGzv2I+SmQDfzVnjUj5TM+HvbLNFLZ024lxeeidtxp/fQhAuLF:4zvF+SbDf5niRrv1FLZfKxeeidtH/duh
Size	261725 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:Pirminay-CU [Trj] Ikarus = Trojan.Win32.Jorik AhnLab-V3 = Trojan/Win32.Jorik Panda = Suspicious file nProtect = Trojan.Generic.6380082 K7AntiVirus = Riskware VirusBuster = Trojan.Injector!yIJOnAq2u4E VBA32 = TrojanDownloader.Qhost.jw TrendMicro-HouseCall = TROJ_RENOS.BMC Emsisoft = Trojan.Win32.Jorik!IK Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[Cont] McAfee-GW-Edition = Generic.dx!bapj DrWeb = Trojan.WinSpy.1014 TrendMicro = TROJ_RENOS.BMC Kaspersky = Trojan.Win32.Jorik.Pirminay.beh Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Jorik.K!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.hxys McAfee = Generic.dx!bapj F-Secure = Trojan.Generic.6380082 VIPRE = Trojan.Win32.Generic!BT AVG = Dropper.Generic4.RTM Norman = W32/Obfuscated.L Sophos = Troj/Virtum-Gen GData = Trojan.Generic.6380082 Symantec = Trojan.Gen TheHacker = Trojan/Jorik.Pirminay.dg BitDefender = Trojan.Generic.6380082 NOD32 = a variant of Win32/Injector.HZU
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 245760 Initialized Data Size : 16384 Uninitialized Data Size : 40960 Entry Point : 0x46d50 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 8.1.2327.0 Product Version Number : 8.1.2327.0 File Flags Mask : 0x003f File Flags : Pre-release, Private build File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : Neutral Character Set : Unicode Company Name : Pjxdvuviy Orlrbwtlnlr File Description : Xbhmasnkw IME 2002 File Version : 8.1.2327.0 Internal Name : IMESKDIC Legal Copyright : Copyright (C) 1995-2000 Tzwduwvbx Funekxjkvef. All rights reserved. Legal Trademarks : CejkvztjmQ is a registered trademark of Wmhwyymnf Mzrcpotropv. Cwuxmwn(TM) is a trademark of Dptzwbgex Isqjyjgagbx Original Filename : IMESKDIC.DLL Product Name : Qijapgdmv IME 2002 Product Version : 8.1.2327.0
VirusTotal Report submitted 2012-03-29 09:05:08
VirusShare info last updated 2012-07-26 01:01:06

	MD5	a34b014f32836d4e26bdfe4ffe821e88
	SHA1	bddecd8a936d3c30fb5f9013465b4fe03a48c9a8
	SHA256	49af554b741a84ffe09b3131278bd5177b1481e1f5d92d1dbea2b1f82506088a
SSDeep	1536:3RSMJ2rzvWBB0Zb9inyKru2BKZug8LiydrVSl2mVfMHPYotJsCmU0beEeQUwG+kP:3RKy8ifHLiIUl2agPYotJsDUvQa7
Size	142336 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Offend.7089810 Avast = Win32:Kryptik-GBK [Trj] Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Win32.Diller AhnLab-V3 = Trojan/Win32.Genome nProtect = Trojan.Generic.7089810 K7AntiVirus = Riskware VirusBuster = Trojan.Ponmocup!ZQ/42xPQq9k VBA32 = Trojan.Genome.abjsf TrendMicro-HouseCall = TROJ_GEN.R49C8BO Emsisoft = Win32.Diller!IK Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Graftor McAfee-GW-Edition = Artemis!A34B014F3283 TrendMicro = TROJ_GEN.R49C8BO Fortinet = W32/Ponmocup.AA McAfee = Artemis!A34B014F3283 F-Secure = Trojan.Generic.7089810 eSafe = Win32.TROffend AVG = Generic26.AHMK Norman = W32/Kryptik.AIF Symantec = Trojan.Gen GData = Trojan.Generic.7089810 TheHacker = Trojan/Genome.abkhr BitDefender = Trojan.Generic.7089810 NOD32 = Win32/Ponmocup.AA
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2011:12:06 19:00:00-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 94208 Initialized Data Size : 57344 Uninitialized Data Size : 0 Entry Point : 0x6e21 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-04-06 06:55:32
VirusShare info last updated 2012-07-26 01:02:52

	MD5	b5223b8c005450dbb4dbdeba3a9e811d
	SHA1	07fc6680c4a13458c0fda41b3a16a021d91bb773
	SHA256	26f387ab4a1c14bba18a3abfd6b4a87a49feb12e27aff31967c7e9a9225b454f
SSDeep	3072:uq6a6AFDqtBEeuFwu8DU0FHksK7A67it:uqB6AFOtBduLR0FHpgAFt
Size	102400 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.ZPACK.Gen2 Avast = Win32:Diller-DK [Trj] Ikarus = Trojan-Downloader.Agent K7AntiVirus = Riskware Emsisoft = Trojan-Downloader.Agent!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Artemis!B5223B8C0054 Fortinet = W32/Ponmocup.AZ!tr McAfee = Generic.dx!bd3y F-Secure = Gen:Variant.Graftor.15300 VIPRE = Trojan.Win32.Generic!BT AVG = Agent3.BJYW GData = Gen:Variant.Graftor.15300 Symantec = Trojan.Gen.2 BitDefender = Gen:Variant.Graftor.15300 NOD32 = a variant of Win32/Ponmocup.AO
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:08 05:47:15-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 57344 Initialized Data Size : 53248 Uninitialized Data Size : 0 Entry Point : 0x5071 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-04-14 23:15:12
VirusShare info last updated 2012-07-26 01:05:16

	MD5	cc01aff022529dd9002cdbc5dff1836a
	SHA1	342832e9a1db87c89884e6e42ecffb6f7e748035
	SHA256	608911e8868270ae755eb0c22ee5019fe95432f55ccb8ece9dc92172d03d75d6
SSDeep	1536:afJEbW2g8Hjy6r42B4nc8LijHrlmo0lYJ7csPprBIItdPHpFr3:aIWAHLYLinlJ0lYJHrqItdP
Size	147456 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Graftor.173522 Avast = Win32:Diller-DK [Trj] Ikarus = Trojan.Win32.Webprefix AhnLab-V3 = Trojan/Win32.Vundo Panda = Trj/Genetic.gen K7AntiVirus = Riskware eTrust-Vet = Win32/Vundo.HUP!genus TrendMicro-HouseCall = TROJ_GEN.R30CDDK Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Webprefix!IK CAT-QuickHeal = Trojan.Vundo McAfee-GW-Edition = Vundo!pd TrendMicro = TROJ_GEN.R30CDDK Microsoft = Trojan:Win32/Vundo.gen!CA Fortinet = W32/Ponmocup.AZ!tr McAfee = Vundo!pd F-Secure = Gen:Variant.Graftor.17350 VIPRE = Virtumonde F-Prot = W32/Agent.OG.gen!Eldorado AVG = Agent3.BJMH Sophos = Troj/Virtum-Gen GData = Gen:Variant.Graftor.17350 Symantec = Trojan.Gen.2 Commtouch = W32/Agent.OG.gen!Eldorado TheHacker = Trojan/Ponmocup.bd BitDefender = Gen:Variant.Graftor.17350 NOD32 = a variant of Win32/Ponmocup.BD
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:03:27 18:28:44-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 69632 Initialized Data Size : 77824 Uninitialized Data Size : 0 Entry Point : 0x16ef OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Event Create File Version : 5.1.2600.0 (xpclient.010817-1148) Internal Name : EventCreate.exe Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : EvCreate.exe Product Name : Microsoft® Windows® Operating System Product Version : 5.1.2600.0
VirusTotal Report submitted 2012-04-25 03:23:03
VirusShare info last updated 2012-07-26 01:06:37

	MD5	cdfb359b14bcc3a13866934bb8196362
	SHA1	1adb4441865d771b5dfe2f1d01dd0fb977c9f7ea
	SHA256	b90f858eb41f97857bbc243505d4f65ad72954cf12af9ebd0cedff7cc51f3f0e
SSDeep	3072:kuV5pv8kQLcMbPKKGvkMc4/UZkl0HIkm8c6t8D8C:k/cMbPKKtMc48Z7HJtXC
Size	163840 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Ponmocup.A Avast = Win32:Diller-AF [Trj] Antiy-AVL = AdWare/Win32.SuperJuan Ikarus = Win32.SuspectCrc AhnLab-V3 = Adware/Win32.SuperJuan Panda = Trj/CI.A Rising = Trojan.Win32.Generic.12BFB151 K7AntiVirus = Adware VirusBuster = Adware.SuperJuan!d311bPq4E8c VBA32 = AdWare.SuperJuan.aipt eTrust-Vet = Win32/Vundo.HTW!genus TrendMicro-HouseCall = TROJ_VUNDO.SMEO8 Comodo = UnclassifiedMalware Emsisoft = Win32.SuspectCrc!IK CAT-QuickHeal = Trojan.Vundo SUPERAntiSpyware = Trojan.Agent/Gen-Ponmocup McAfee-GW-Edition = Generic PUP.x!b2q DrWeb = Trojan.Juan.824 TrendMicro = TROJ_GEN.R47CDD9 Kaspersky = not-a-virus:AdWare.Win32.SuperJuan.aipt Microsoft = Trojan:Win32/Vundo.gen!CA Fortinet = W32/Agent.BOM!tr Jiangmin = Adware/SuperJuan.auo McAfee = Generic PUP.x!b2q F-Secure = Gen:Variant.Graftor.12472 VIPRE = Virtumonde F-Prot = W32/Agent.ON.gen!Eldorado AVG = Generic26.BOMO Norman = W32/Troj_Generic.ANTGK GData = Gen:Variant.Graftor.12472 Symantec = Trojan.Gen.2 Commtouch = W32/Agent.ON.gen!Eldorado TheHacker = Trojan/Ponmocup.aa BitDefender = Gen:Variant.Graftor.12472 NOD32 = Win32/Ponmocup.AA
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 8.0 Code Size : 102400 Initialized Data Size : 57344 Uninitialized Data Size : 0 Entry Point : 0x103cd OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-04-29 01:03:16
VirusShare info last updated 2012-07-26 01:06:52

	MD5	e1b28094c98100a39568991411ff30f2
	SHA1	7523f521ba5b3ddd7a20a6df2959139d986ad5ea
	SHA256	9eef78a14abc4aa0003cef9322c63d14057f7535b31a3c0a328fb90965aa33fb
SSDeep	1536:OmZ0+vh/H1rNyGlk2BEa38LiVXqYQmQTL+mYdcrvm8Pt2VVVVOab:Om99Vrl+LiVrQXm5cLm8Pt2VVVVOQ
Size	126976 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	Avast = Win32:Diller-V [Trj] Antiy-AVL = Backdoor/Win32.Ulrbot.gen Emsisoft = Backdoor.Win32.Ulrbot.AMN!A2 Kaspersky = Backdoor.Win32.Ulrbot.cmd McAfee = W32/Sdbot.worm!nb F-Secure = Gen:Variant.Graftor.15202 VIPRE = Trojan.Win32.Generic!BT AVG = Downloader.Agent2.AZHZ GData = Gen:Variant.Graftor.15202 BitDefender = Gen:Variant.Graftor.15202 NOD32 = a variant of Win32/Ponmocup.AD
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2012:01:29 19:00:00-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 73728 Initialized Data Size : 49152 Uninitialized Data Size : 0 Entry Point : 0x18ef OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-04-08 08:19:11
VirusShare info last updated 2012-07-26 01:08:56

	MD5	eb15178442ab2861b355cf0ffcd46628
	SHA1	3a15af7c503f01bd8eb2f3c3f2f6016ed9be5260
	SHA256	a1ce6032b3978ec752bcf2acc56b67c36ed6d3489faf567eb31dbef9f8d16b2b
SSDeep	1536:M/vqHa2yt8y2J/JbQDwLYVw2t5rHcfy8plKDElg/yjHakmCClqo:XaP8y2Jw6YLr983iEl6Blv
Size	89088 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.ZPACK.Gen2 Avast = Win32:Diller-DK [Trj] Ikarus = Trojan.Win32.Webprefix AhnLab-V3 = Trojan/Win32.Diller Panda = Suspicious file Rising = Trojan.Win32.Generic.12BF0425 nProtect = Trojan.Generic.7416380 K7AntiVirus = Riskware VirusBuster = Trojan.Ponmocup!EOsNyT5Pma4 TrendMicro-HouseCall = TROJ_GEN.R29C7EH Emsisoft = Trojan.Win32.Webprefix!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Artemis!EB15178442AB TrendMicro = TROJ_GEN.R29C7EH Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!CB Fortinet = W32/Ponmocup.AZ!tr McAfee = Artemis!EB15178442AB F-Secure = Trojan.Generic.7416380 VIPRE = Trojan.Win32.Generic!BT AVG = Agent3.BJUK Norman = W32/Troj_Generic.AWJIC Sophos = Troj/Virtum-Gen GData = Trojan.Generic.7416380 TheHacker = Trojan/Ponmocup.bf BitDefender = Trojan.Generic.7416380 NOD32 = a variant of Win32/Ponmocup.BF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2012:03:05 19:00:00-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 45056 Initialized Data Size : 49152 Uninitialized Data Size : 0 Entry Point : 0x25a9 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-06-05 16:09:59
VirusShare info last updated 2012-07-26 01:09:45

	MD5	f12414557e893bae93a5005df9c338d9
	SHA1	d2aa579075f19047c01bc0a3adc0fd89576c536b
	SHA256	f6eec1b468caa57ebc2fe8f1b6dc5e39d6319e7bea8212453d056734ae77dcb5
SSDeep	3072:T1SzpvcKnzar07teZ9lUv1OneW0S4PBBE70hbGe1N9Yfm4IUDCvD:q/AxW1Y2PDEwhaeP9Yfs7
Size	253952 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.ZPACK.Gen2 Avast = Win32:Diller-DK [Trj] Ikarus = Trojan.Win32.Webprefix VirusBuster = Trojan.Ponmocup!EooapiX3mzY Emsisoft = Trojan.Win32.Webprefix!IK Comodo = UnclassifiedMalware Fortinet = W32/Ponmocup.AZ!tr F-Secure = Gen:Variant.Barys.2376 VIPRE = Trojan.Win32.Generic!BT AVG = Agent3.BLNZ Sophos = Troj/Virtum-Gen GData = Gen:Variant.Barys.2376 BitDefender = Gen:Variant.Barys.2376 NOD32 = a variant of Win32/Ponmocup.BR
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2012:03:28 20:00:00-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 192512 Initialized Data Size : 57344 Uninitialized Data Size : 0 Entry Point : 0x267bf OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-06-04 16:02:49
VirusShare info last updated 2012-07-26 01:10:19

	MD5	1ace3c0c32913b34ad53f0b10c0c2de9
	SHA1	4f505560ec79e4c0c7d1d414b0a7ebcc504bc132
	SHA256	152ccfd107ac0038b41c98d795113a3c5d60c922fbdd49bd8708ca5b89d1be1f
SSDeep	1536:x8uH7WPzW2LTH2B8OV8LijQNEPomQzFIiMtoZGJS3hnLKdiv+g9y5Bj9:RWPCc9LicBRFIiMtjwhLKomgk
Size	122880 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.ZPACK.Gen2 Avast = Win32:Diller-DD [Trj] Ikarus = Trojan.Win32.Webprefix nProtect = Trojan.Generic.7445725 K7AntiVirus = Riskware VirusBuster = Trojan.Ponmocup!Kf75rSh8E70 TrendMicro-HouseCall = TROJ_GEN.R29C7EH Emsisoft = Trojan.Win32.Webprefix!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Artemis!1ACE3C0C3291 TrendMicro = TROJ_GEN.R29C7EH Microsoft = Trojan:Win32/Vundo.gen!CB Fortinet = W32/Ponmocup.AZ!tr McAfee = Artemis!1ACE3C0C3291 ClamAV = PUA.Win32.Packer.DupPatcher F-Secure = Trojan.Generic.7445725 VIPRE = Trojan.Win32.Generic!BT AVG = Agent3.BKTH Sophos = Troj/Virtum-Gen GData = Trojan.Generic.7445725 TheHacker = Trojan/Ponmocup.bu BitDefender = Trojan.Generic.7445725 NOD32 = a variant of Win32/Ponmocup.BU
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:31 19:12:26-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 73728 Initialized Data Size : 49152 Uninitialized Data Size : 0 Entry Point : 0x1d85 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-06-06 18:55:45
VirusShare info last updated 2012-07-26 01:18:20

	MD5	8720d0dc35b6fb6b53e064de60f81d5b
	SHA1	145ebfaa84a54aa5a3e30557f6d216c6b766cf94
	SHA256	8f089ddad146d29496f01491f3c7fbd12a8628fb4744202f731c45fbc76ce604
SSDeep	1536:GkJEbW2g8Hjy6r42B4nc8LijHrlmyzDayNyNP5v9uQUBIItbPHpFr3:GhWAHLYLinl7z5SvMPqItbP
Size	147456 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Graftor.173522 Avast = Win32:Diller-DK [Trj] Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Webprefix AhnLab-V3 = Trojan/Win32.Vundo Panda = Trj/Genetic.gen Rising = Trojan.Win32.Generic.12BDD150 K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_GEN.R29CCDC Emsisoft = Trojan.Win32.Webprefix!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Vundo McAfee-GW-Edition = Vundo!ou TrendMicro = TROJ_GEN.R29CCDC Microsoft = Trojan:Win32/Vundo.gen!CA Fortinet = W32/Ponmocup.AZ!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.HUP!genus McAfee = Vundo!ou F-Secure = Gen:Variant.Graftor.17350 VIPRE = Virtumonde eSafe = Win32.TRGraftor F-Prot = W32/Agent.OG.gen!Eldorado AVG = Agent3.BJMH Norman = W32/Troj_Generic.AUZGN Sophos = Troj/Virtum-Gen GData = Gen:Variant.Graftor.17350 Symantec = Trojan.Gen.2 Commtouch = W32/Agent.OG.gen!Eldorado TheHacker = Trojan/Ponmocup.bd BitDefender = Gen:Variant.Graftor.17350 NOD32 = a variant of Win32/Ponmocup.BD
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:03:27 18:28:44-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 69632 Initialized Data Size : 77824 Uninitialized Data Size : 0 Entry Point : 0x16ef OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Event Create File Version : 5.1.2600.0 (xpclient.010817-1148) Internal Name : EventCreate.exe Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : EvCreate.exe Product Name : Microsoft® Windows® Operating System Product Version : 5.1.2600.0
VirusTotal Report submitted 2012-06-01 04:21:14
VirusShare info last updated 2012-07-26 01:25:36

	MD5	c7765d9c90ff10144cc6d711bd0c14d4
	SHA1	3e1578d7089b9bf298ee1ae8a1c6d09e5131be50
	SHA256	9dbec39d1148ed2297b69d222179155232ad8ba311ae16b7acdd31ae70308ff5
SSDeep	3072:sRJllQ0+Lma4/8jQl63x2kk4DzIqJiM+BCqJhrcoLzQxd5Rc7tJ7wotv0XQd:srFMma4/am63x2kkezItHL0A7L7wR8
Size	207301 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Jorik Ikarus = Trojan-Downloader.Win32.Ponmocup AhnLab-V3 = Trojan/Win32.Pirminay Panda = Suspicious file nProtect = Trojan.Generic.6471002 K7AntiVirus = Riskware VirusBuster = Trojan.Injector!oYqzTkRGDHw VBA32 = Trojan.Jorik.Pirminay.agx TrendMicro-HouseCall = TROJ_SPNR.2FAC12 Comodo = UnclassifiedMalware Emsisoft = Trojan-Downloader.Win32.Ponmocup!IK CAT-QuickHeal = Trojan.Jorik.Pirminay.asu McAfee-GW-Edition = Generic Malware.ms TrendMicro = TROJ_SPNR.2FAC12 Kaspersky = Trojan.Win32.Jorik.Pirminay.asu Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Malware_fam.NB PCTools = Trojan.ADH Jiangmin = Trojan/Generic.kfzm McAfee = Generic Malware.ms F-Secure = Trojan.Generic.6471002 VIPRE = Trojan.Win32.Generic!BT eSafe = Win32.TRDropper AVG = Dropper.Generic4.AGCC Norman = W32/Suspicious_Gen2.RTCXX Sophos = Troj/Virtum-Gen GData = Trojan.Generic.6471002 Symantec = Trojan.ADH.2 TheHacker = Trojan/Injector.ivb BitDefender = Trojan.Generic.6471002 NOD32 = a variant of Win32/Kryptik.UFA
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 16384 Initialized Data Size : 200704 Uninitialized Data Size : 0 Entry Point : 0x128a OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.0 Product Version Number : 5.2.3790.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 2 Language Code : Neutral Character Set : Unicode Company Name : Ybbilpirn Nffnjwnvion File Description : Greek IBM 220 Keyboard Layout File Version : 5.2.3790.0 (srv03_rtm.030324-2048) Internal Name : kbdhe220 (3.12) Legal Copyright : © Cfaqrdcll Xtfahgmpgno. All rights reserved. Original Filename : kbdhe220.dll Product Name : Wjkjumarx® Dmyhfkv® Uxgdmjzwa Tesldj Product Version : 5.2.3790.0
VirusTotal Report submitted 2012-04-17 11:42:34
VirusShare info last updated 2012-07-26 01:28:31

	MD5	ca98eaf08ea8a892f41b7bb2f7f4b778
	SHA1	9712b523a3cc170c23f024294730077892e5b987
	SHA256	110153055e5bbc42b5a1a075a0a0aaf8f28b1046630891c911bc72a269f75fb7
SSDeep	3072:U20EFw8fBeO0AwqawOMMcc9olFOSnl1BffzNXUV:U2BqAwqapMLc9Y7XU
Size	139264 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Graftor.17637 Avast = Win32:Diller-DC [Trj] Ikarus = Trojan.Win32.Webprefix Panda = Suspicious file Emsisoft = Trojan.Win32.Webprefix!IK Comodo = UnclassifiedMalware McAfee = Artemis!CA98EAF08EA8 F-Secure = Gen:Variant.Graftor.17637 VIPRE = Trojan.Win32.Generic!BT AVG = Agent3.BKLK Symantec = Trojan.Gen.2 GData = Gen:Variant.Graftor.17637 TheHacker = Trojan/Ponmocup.bj BitDefender = Gen:Variant.Graftor.17637 NOD32 = a variant of Win32/Ponmocup.BJ
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2012:03:13 20:00:00-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 81920 Initialized Data Size : 57344 Uninitialized Data Size : 0 Entry Point : 0xb4ad OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-04-10 22:33:39
VirusShare info last updated 2012-07-26 01:28:45

	MD5	dd1c7084bc6b34abd67e043672d40e6b
	SHA1	fee51809e372df88e8fb2340babe4058a14bc0e4
	SHA256	6f1afe57da86102e75d8f6e940abc7edbcf9944683fb858ea7ca5dc9c5bd093a
SSDeep	1536:ygQxQWmW7OLyIO+ibDNmhDtnBwS6Ez4Unzio9yH:KmPg5bDWBwST0Unzio9+
Size	62976 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.XPACK.Gen Avast = Win32:Suprchu [Adw] Antiy-AVL = Trojan/Win32.Genome Ikarus = Trojan.SuspectCRC Panda = Suspicious file Rising = Trojan.Win32.Ponmocup.a K7AntiVirus = Riskware eTrust-Vet = Win32/Vundo.HTR!genus Comodo = TrojWare.Win32.Ponmocup.aa Emsisoft = Win32.SuspectCrc!IK CAT-QuickHeal = Trojan.Vundo.AV.iw5 McAfee-GW-Edition = Vundo!ow DrWeb = Adware.Searcher.1841 Kaspersky = not-a-virus:AdWare.Win32.Zwangi.heur Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.TMS!tr Jiangmin = DangerousObject.Multi.ciw McAfee = Vundo!ow F-Secure = Gen:Variant.Graftor.1470 VIPRE = Virtumonde F-Prot = W32/GenTroj.A.gen!Eldorado AVG = Generic25.OVJ Sophos = Troj/Virtum-Gen GData = Gen:Variant.Graftor.1470 Commtouch = W32/GenTroj.A.gen!Eldorado TheHacker = Trojan/Kryptik.tms BitDefender = Gen:Variant.Graftor.1470 NOD32 = Win32/Ponmocup.AA
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 20480 Initialized Data Size : 45056 Uninitialized Data Size : 0 Entry Point : 0x13fa OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 4.0.2.5322 Product Version Number : 4.0.2.5322 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Qdbfzycxo Rtfcqvbydtc File Description : Sgvulzfhl FrontPage Server Extensions File Version : 4.0.2.5322 Original Filename : FPSRVCGI.DLL Legal Copyright : Copyright © 1995-1999 Uzypupxfq Ydifxcetqhs, All rights reserved. Legal Trademark 1 : Geufhchds®, Cnnybtq®, and FrontPage® are registered trademarks of Rbldknznv Wuoyggdncet, and WebBot is a trademark of Jcrtubsue Krpfywyhhkc, in the United States and/or other countries. Product Name : Npgutefmg® FrontPage® 2000 Product Version : 4.0.2.5322
VirusTotal Report submitted 2012-04-05 10:35:03
VirusShare info last updated 2012-07-26 01:29:27

	MD5	e787c52986c4a072f449104cbde23695
	SHA1	684510abac033f349493839632d2d59282336e07
	SHA256	9c02c8a3e91586884bf2b3fdcb4cab2924190ff56d56ba1b2b4700f3c18dca1e
SSDeep	1536:YW4s8uH7WPzW2LTH2B8OV8LijQNEPomQsNIiMtcGJS3hnLKdiv+g9y5mj9:VZWPCc9LicByIiMtfwhLKomgk
Size	122880 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.ZPACK.Gen2 Avast = Win32:Diller-DD [Trj] Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Webprefix AhnLab-V3 = Trojan/Win32.Gen Panda = Generic Trojan K7AntiVirus = Riskware VirusBuster = Trojan.Ponmocup!mlqf8TVsuMI TrendMicro-HouseCall = TROJ_GEN.R49CEDT Emsisoft = Trojan.Win32.Webprefix!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Generic.dx!bdwj TrendMicro = TROJ_GEN.R49CEDT Microsoft = Trojan:Win32/Vundo.gen!CB Fortinet = W32/Ponmocup.AZ!tr PCTools = Trojan.Gen McAfee = Generic.dx!bdwj ClamAV = PUA.Win32.Packer.Msvcpp-1 F-Secure = Gen:Variant.Barys.103 VIPRE = Trojan.Win32.Generic!BT AVG = Agent3.BKTH Norman = W32/Troj_Generic.AZXWK Sophos = Troj/Virtum-Gen Symantec = Trojan.Gen.2 GData = Gen:Variant.Barys.103 TheHacker = Trojan/Ponmocup.bu BitDefender = Gen:Variant.Barys.103
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:31 19:12:26-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 73728 Initialized Data Size : 49152 Uninitialized Data Size : 0 Entry Point : 0x1d85 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-06-08 04:10:17
VirusShare info last updated 2012-07-26 01:29:47

	MD5	1b184cad268712b8b24e8ced2ef6b6fc
	SHA1	69648c9092461b6f1990bdc0d69910639b6e2acf
	SHA256	104ef5c3ed5417451c5d8c7d0f4d36656f3ac83548befecaf9cd88c7e5b93e31
SSDeep	1536:3oMM6i+jED0Gs60BIZGOMyORKG2aY3SEgXRGXenckFDN3K8Fc0bBI7wogVlI615:3oN+Ws6YI5MyO83SHncODldBI7wJlI
Size	102912 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.ZPACK.Gen2 Avast = Win32:Diller-DK [Trj] Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Webprefix AhnLab-V3 = Trojan/Win32.Diller Panda = Trj/Genetic.gen nProtect = Trojan.Generic.KDV.587143 K7AntiVirus = Riskware VirusBuster = Trojan.Ponmocup!7ShixNYmIXA TrendMicro-HouseCall = TROJ_GEN.R2EC7ES Emsisoft = Trojan.Win32.Webprefix!IK Comodo = UnclassifiedMalware TrendMicro = TROJ_GEN.R2EC7ES Microsoft = Trojan:Win32/Vundo.gen!CB Fortinet = W32/Ponmocup.AZ!tr Jiangmin = Trojan/Genome.bmkf McAfee = Artemis!1B184CAD2687 F-Secure = Trojan.Generic.KDV.587143 VIPRE = Trojan.Win32.Generic!BT AVG = Agent3.BKWD Norman = W32/Suspicious_Gen4.YXPH GData = Trojan.Generic.KDV.587143 Symantec = WS.Reputation.1 TheHacker = Trojan/Ponmocup.bn BitDefender = Trojan.Generic.KDV.587143 NOD32 = a variant of Win32/Ponmocup.BN
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2012:03:24 20:00:00-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 57344 Initialized Data Size : 49152 Uninitialized Data Size : 0 Entry Point : 0x5309 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-06-05 15:40:32
VirusShare info last updated 2012-07-26 01:32:33

	MD5	5d53fac638250da28cd43b23999abed1
	SHA1	c561963ccdc932098cf9c6dfcbf2b39a8799bcb0
	SHA256	6929267702bb07d95a8a5e002ea9f3e9a355dc409c843674cbd4f3f0e4284aad
SSDeep	3072:1S2Zn1pMBEwm6gX0lqpFyndM7pze8d/0sSlrGedPE:/eBEwm6E0k4wzRJUGehE
Size	133632 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.ZPACK.Gen2 Avast = Win32:Diller-DK [Trj] Ikarus = Trojan.Win32.Webprefix Panda = Trj/CI.A Rising = Trojan.Win32.Generic.12C1FE32 K7AntiVirus = Riskware Emsisoft = Trojan.Win32.Webprefix!IK McAfee-GW-Edition = Artemis!5D53FAC63825 Fortinet = W32/Ponmocup.AZ!tr McAfee = Generic.dx!b2at F-Secure = Gen:Variant.Barys.569 AVG = Agent3.BKVM GData = Gen:Variant.Barys.569 Symantec = WS.Reputation.1 BitDefender = Gen:Variant.Barys.569 NOD32 = a variant of Win32/Ponmocup.BM
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:29 10:45:17-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 86016 Initialized Data Size : 57344 Uninitialized Data Size : 0 Entry Point : 0xc4c5 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-04-21 06:51:28
VirusShare info last updated 2012-07-26 01:35:03

	MD5	6d31ff29f1347af2dc1365ddd66bb17e
	SHA1	da36550b0e16b944f437aac2f7cde25a40147494
	SHA256	6a3df249ca1f685f94e287c5bf1b4bcb63ad1a03166f85f2bacc431f55717be9
SSDeep	3072:FzHBMe6XqRt9VBG2PquJ9SqxFKzqQp7rplWFU2NFgYIP:t6XqRt9fG2PquiqnKAUaFgH
Size	146432 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Kazy.YS Avast = Win32:Diller-CD [Trj] Ikarus = Trojan.Win32.Webprefix Panda = Trj/CI.A Rising = Trojan.Win32.Generic.12BFC2B1 K7AntiVirus = Riskware Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Webprefix!IK McAfee-GW-Edition = Generic.dx!bdv4 Fortinet = W32/Dx.BDV4!tr McAfee = Generic.dx!bdv4 F-Secure = Gen:Variant.Graftor.16660 VIPRE = Trojan.Win32.Generic!BT AVG = Agent3.BIXZ Norman = W32/Suspicious_Gen4.YWUD Symantec = WS.Reputation.1 GData = Gen:Variant.Graftor.16660 BitDefender = Gen:Variant.Graftor.16660 NOD32 = a variant of Win32/Ponmocup.AT
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2012:02:24 19:00:00-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 94208 Initialized Data Size : 57344 Uninitialized Data Size : 0 Entry Point : 0xe515 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.0.2134.1 Product Version Number : 5.0.2134.1 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Bpasiymks Ixhfoaguuch File Description : Reset Session Utility File Version : 5.00.2134.1 Internal Name : rwinsta Legal Copyright : Copyright (C) Microsoft Corp. 1981-1999 Original Filename : rwinsta.exe Product Name : Igzaxyssc(R) Rmlellx (R) 2000 Wiwomovdi Qaners Product Version : 5.00.2134.1
VirusTotal Report submitted 2012-04-10 06:48:06
VirusShare info last updated 2012-07-26 01:35:38

	MD5	88ef04cf097c31dfae0f02976e89d737
	SHA1	c594e23c080a2b54acedbb312c0f7d2faa766bec
	SHA256	abe2227af131a581b4e5f86e8cff2df1d11e32a15950f6cb3aa757078f1aeb2d
SSDeep	1536:u/cbnsLiq4Yha+VQYgAfdkGW9b3UFeyE62u0BK/Ld5wkzHcD+eLM0PHIqqV9q6:fbPq4HeQKf/W9bkEWpLTwu8D+tQHsd
Size	102400 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.ZPACK.Gen2 Avast = Win32:Diller-DK [Trj] Ikarus = Trojan-Downloader.Agent Panda = Generic Malware K7AntiVirus = Riskware VirusBuster = Trojan.Ponmocup!unOXlyPLTpA TrendMicro-HouseCall = TROJ_GEN.R3ECEDB Comodo = UnclassifiedMalware Emsisoft = Trojan-Downloader.Agent!IK McAfee-GW-Edition = Artemis!88EF04CF097C TrendMicro = TROJ_GEN.R3ECEDB Fortinet = W32/Ponmocup.AO McAfee = Artemis!88EF04CF097C F-Secure = Gen:Variant.Graftor.15300 VIPRE = Trojan.Win32.Generic!BT AVG = Downloader.Agent2.AZHV Norman = W32/Suspicious_Gen4.XLDO Symantec = Trojan.Gen.2 GData = Gen:Variant.Graftor.15300 TheHacker = Trojan/Ponmocup.ao BitDefender = Gen:Variant.Graftor.15300 NOD32 = Win32/Ponmocup.AO
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:08 05:47:15-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 57344 Initialized Data Size : 53248 Uninitialized Data Size : 0 Entry Point : 0x5071 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-04-27 22:34:52
VirusShare info last updated 2012-07-26 01:36:38

	MD5	e30998def292ef8a8dce1d4a2fd92d0e
	SHA1	6923fcdb9cc3a1f6a5e9c2260cc535fe8b6ab2fc
	SHA256	5d8298a35378f4f81dcffb086bebca96a3b9a97304395d9ea55d30ee43de84e8
SSDeep	6144:Xj2zsoKhS42cVmIlTN0/AiZU1taNfL0cZiynl2LJb:XjusoKQamIl+//ZU1taR0cG
Size	290816 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.XPACK.Gen Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Qhost Ikarus = Trojan.Win32.Qhost AhnLab-V3 = Trojan/Win32.Qhost Panda = Suspicious file nProtect = Trojan/W32.Agent.290816.QV K7AntiVirus = Trojan VirusBuster = Trojan.Qhost!w+Fz1upxtOg VBA32 = Trojan.Qhost.znh TrendMicro-HouseCall = TROJ_GEN.R47C7K7 Emsisoft = Trojan.Win32.Qhost!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Qhost.znh SUPERAntiSpyware = Trojan.Agent/Gen-Ponmocup McAfee-GW-Edition = Heuristic.BehavesLike.Win32.ModifiedUPX.F DrWeb = Trojan.WinSpy.1014 TrendMicro = TROJ_GEN.R47C7K7 Kaspersky = Trojan.Win32.Qhost.znh Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Qhost.ZNH!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.kkfx McAfee = Downloader.a!xq F-Secure = Trojan.Generic.6811052 VIPRE = Trojan.Win32.Generic!BT eSafe = Win32.TRCrypt.XPACK AVG = Downloader.Generic12.UPF Norman = W32/Suspicious_Gen2.RVCFX GData = Trojan.Generic.6811052 Symantec = Trojan.Gen TheHacker = Trojan/Kryptik.vir BitDefender = Trojan.Generic.6811052 NOD32 = a variant of Win32/Kryptik.XEF
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 8.0 Code Size : 249856 Initialized Data Size : 4096 Uninitialized Data Size : 40960 Entry Point : 0x12b6 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 0.3.1536.1 Product Version Number : 1.10.2.11 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : CANON INC. File Description : Canon Inkjet Printer Driver File Version : 1.10.2.11 (fbl_dox_dev_ihvs.081016-1807) Internal Name : CNBBRxxx.DLL Legal Copyright : Copyright CANON INC. 2008 All Rights Reserved Original Filename : CNBBRxxx.DLL Product Name : Canon Inkjet Printer Driver Product Version : 1.10.2.11
VirusTotal Report submitted 2012-04-21 02:31:54
VirusShare info last updated 2012-07-26 01:39:42

	MD5	e6c930412763b72feba2940cae00c26f
	SHA1	cf00c2b9f343d62d6bb161430710563321f688f7
	SHA256	4dfa40326b92bd789f4d6a0c34999deba8ed0e29a2acc97e506032e32f03a639
SSDeep	96:mVFrSqarTX2C6+qacYSAxp8EBsr4jCfv41VArxtABBirowEVlC9FLe:0r0rjVcYS8xCrgwQ1VqXABBFRlCPq
Size	8064 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	Avast = Sf:Renos-D [Trj] Ikarus = not-a-virus:AdWare.Win32.SuperJuan AhnLab-V3 = Trojan/Win32.Pirminay Panda = Suspicious file VBA32 = Trojan.Pirminay.rbz Comodo = UnclassifiedMalware Emsisoft = Riskware.AdWare.Win32.SuperJuan!IK McAfee-GW-Edition = Artemis!E6C930412763 DrWeb = Trojan.WinSpy.1014 Kaspersky = Trojan.Win32.Pirminay.rbz Jiangmin = TrojanDownloader.Agent.ctuc McAfee = Artemis!E6C930412763 F-Secure = Gen:Variant.Graftor.1013 VIPRE = Trojan-Downloader.Win32.Agent.ecjo (v) AVG = Downloader.Small.62.D GData = Gen:Variant.Graftor.1013 BitDefender = Gen:Variant.Graftor.1013 NOD32 = a variant of Win32/Ponmocup.AA
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 3072 Initialized Data Size : 2560 Uninitialized Data Size : 0 Entry Point : 0x199f OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-04-26 06:33:31
VirusShare info last updated 2012-07-26 01:39:45

	MD5	e89a43b2dd18c83ecc4d6349255e719c
	SHA1	dcd7aaf24adbb4d94cb262e22e3379ba5a79d77f
	SHA256	d9fc6739b10036d2850ad0882baded63fece48f5e1325dd4ced9f8c61cbeff10
SSDeep	1536:2InKYkZZopkMqBs7miq146lxy//O+MVsryEBmEGH3lTqT2LvhmFlhDku:RnfC+Ciqy//OMkEQOT2LvYFlhDku
Size	79360 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/VB.Downloader.Gen Avast = Win32:Hosts-J [Trj] Ikarus = Trojan.Win32.Swisyn AhnLab-V3 = Trojan/Win32.Swisyn Rising = Trojan.Win32.QHost.awf nProtect = Trojan/W32.QHosts.79360 K7AntiVirus = Trojan VirusBuster = Trojan.Swisyn!whPY1JLc4mw VBA32 = SScope.Trojan.VB.0609 eTrust-Vet = Win32/Swisyn.R TrendMicro-HouseCall = TROJ_FAM_00001e3.TOMA Emsisoft = Trojan.Win32.Swisyn!IK Comodo = TrojWare.Win32.Swisyn.C CAT-QuickHeal = TrojanDownloader.Ponmocup.A3 SUPERAntiSpyware = Trojan.Agent/Gen-Qhost McAfee-GW-Edition = Heuristic.BehavesLike.Win32.Downloader.D DrWeb = Trojan.Siggen.461 TrendMicro = TROJ_FAM_00001e3.TOMA Kaspersky = Trojan.Win32.Swisyn.jyb Microsoft = TrojanDownloader:Win32/Ponmocup.A ViRobot = Trojan.Win32.Swisyn.65024 Fortinet = W32/Swisyn.CQV!tr PCTools = Malware.Changeup Jiangmin = Trojan/Swisyn.cby McAfee = Swisyn.s ClamAV = Trojan.VB-43290 F-Secure = Trojan.Qhosts.AVO VIPRE = Trojan.Win32.Swisyn.jyb (v) F-Prot = W32/Swisyn.E.gen!Eldorado AVG = Dropper.VB.CMD Norman = W32/DLoader.ACMAD Symantec = W32.Changeup!gen GData = Trojan.Qhosts.AVO Commtouch = W32/Swisyn.E.gen!Eldorado TheHacker = Trojan/Swisyn.jyb BitDefender = Trojan.Qhosts.AVO NOD32 = Win32/Qhost.NRX
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:13 10:28:38-04:00 PE Type : PE32 Linker Version : 6.0 Code Size : 8192 Initialized Data Size : 8192 Uninitialized Data Size : 0 Entry Point : 0x1088 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-04-18 11:14:18
VirusShare info last updated 2012-07-26 01:39:49

	MD5	088fbae2c129541033db74012c7cb9dc
	SHA1	4ebd2cb5121a2e702009f79979dd3673f4385f21
	SHA256	3333102f91c8774298c89d5fcd27aed06ec2b39994e317f18fa996f821ddd657
SSDeep	1536:KegyovAtwgagyoh+2B8ir8LiD6K/aMUmRoCyrtJ8nrehJ8TwrIGO0m:KJ4tRaQELip/ilnrtJ8nre38szOL
Size	126976 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.ZPACK.Gen2 Avast = Win32:Diller-E [Trj] Antiy-AVL = Trojan/Win32.Genome Ikarus = Win32.Diller Panda = Generic Malware K7AntiVirus = Riskware VirusBuster = Trojan.Ponmocup!TuItV3f0phQ TrendMicro-HouseCall = TROJ_GEN.R01C9EJ Emsisoft = Win32.Diller!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Generic.dx!b2cs TrendMicro = TROJ_GEN.R01C9EJ Fortinet = W32/Ponmocup.AZ!tr McAfee = Generic.dx!b2cs ClamAV = PUA.Win32.Packer.Msvcpp-1 F-Secure = Gen:Variant.Barys.407 VIPRE = Trojan.Win32.Generic!BT eSafe = Win32.TRCrypt.ZPACK AVG = Downloader.Agent2.AZHX Norman = W32/Troj_Generic.AWYDJ Sophos = Troj/Virtum-Gen GData = Gen:Variant.Barys.407 Symantec = WS.Reputation.1 BitDefender = Gen:Variant.Barys.407 NOD32 = Win32/Ponmocup.AL
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 8.0 Code Size : 73728 Initialized Data Size : 53248 Uninitialized Data Size : 0 Entry Point : 0x23df OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-06-08 03:26:59
VirusShare info last updated 2012-07-26 01:41:40

	MD5	11c425d5eac4014e06fb9abb1b2b9b09
	SHA1	ae3586df5820d640577474ab8f02e3f07e116d77
	SHA256	8986ee3f01594009cc9f3c20571e6a2faf13b9204a09f474909f03b524112e21
SSDeep	1536:7SHFffos7L92BKaz8Liju1bm6TIYMtQgHt3jN7UoNe+Wj9:kAm7Li6bDIYMtQgHR5
Size	126976 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.ZPACK.Gen2 Avast = Win32:Diller-DD [Trj] Ikarus = Trojan.Win32.Webprefix nProtect = Trojan.Generic.KDV.593861 Emsisoft = Trojan.Win32.Webprefix!IK McAfee-GW-Edition = Artemis!11C425D5EAC4 McAfee = Generic.dx!bdwp F-Secure = Trojan.Generic.KDV.593861 VIPRE = Trojan.Win32.Generic!BT AVG = Agent3.BKTI GData = Trojan.Generic.KDV.593861 BitDefender = Trojan.Generic.KDV.593861 NOD32 = a variant of Win32/Ponmocup.BU
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:31 19:12:26-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 73728 Initialized Data Size : 49152 Uninitialized Data Size : 0 Entry Point : 0x1d85 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-04-08 07:54:49
VirusShare info last updated 2012-07-26 01:41:56

	MD5	25ea8cd50e5cc477d5dfd9febf0109fc
	SHA1	9fc99f6b488a2881de337d3eb5575736b9d72a36
	SHA256	79e659e701b900ffe4fab3ffaa2d8e3f7bc9f7af8025532aabe07fa12e9a20c2
SSDeep	1536:slpeS2KXh9tDvXtz+Xv9egoUHBZ/KGq6ySbKWTWBkeDQ6ZE:sp2KXtD/F+9h4Gq6JbLTWB1DhZ
Size	84992 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Ponmocup.A Avast = Win32:Diller-AF [Trj] Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Win32.Diller nProtect = Trojan.Generic.KDV.592644 K7AntiVirus = Riskware VirusBuster = Trojan.Ponmocup!8o4ET4GgwUI TrendMicro-HouseCall = TROJ_GEN.R0ECCEH Emsisoft = Win32.Diller!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Vundo McAfee-GW-Edition = Vundo!oy TrendMicro = TROJ_GEN.R0ECCEH Microsoft = Trojan:Win32/Vundo.gen!CA Fortinet = W32/Ponmocup.AA PCTools = Trojan.Gen McAfee = Vundo!oy F-Secure = Trojan.Generic.KDV.592644 VIPRE = Virtumonde F-Prot = W32/Agent.OG.gen!Eldorado AVG = Downloader.Agent2.AZHW Norman = W32/Troj_Generic.AZXJR Symantec = Trojan.Gen.2 GData = Trojan.Generic.KDV.592644 Commtouch = W32/Agent.OG.gen!Eldorado TheHacker = Trojan/Ponmocup.aa BitDefender = Trojan.Generic.KDV.592644 NOD32 = Win32/Ponmocup.AA
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:03:14 14:04:01-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 45056 Initialized Data Size : 49152 Uninitialized Data Size : 0 Entry Point : 0x1c89 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-06-08 03:32:57
VirusShare info last updated 2012-07-26 01:42:55

	MD5	3cee7655b4ac26492fd2de0bfff7f702
	SHA1	f9692ec48d6150e3148860c9263d31e6cb625f23
	SHA256	846c80c54388e247964309ad636eeb5ad4dd226b414cfef4c4f6b1bd1c3a599a
SSDeep	1536:///Tbe8oKyrkQ2B6Vm8LijlDQmjQGrDK1yoSrq1rwlntpTtn0Hp2K4:n/CthLiVQlGK1yA8ntpTtn0
Size	147456 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Graftor.173521 Avast = Win32:Diller-CE [Trj] Antiy-AVL = Trojan/win32.agent.gen Ikarus = Trojan.Win32.Webprefix AhnLab-V3 = Trojan/Win32.Vundo Panda = Trj/Genetic.gen K7AntiVirus = Riskware Emsisoft = Trojan.Win32.Webprefix!IK McAfee-GW-Edition = Vundo!ov Microsoft = Trojan:Win32/Vundo.gen!CA Fortinet = W32/Ponmocup.AZ!tr McAfee = Vundo!ov F-Secure = Gen:Variant.Graftor.17350 VIPRE = Virtumonde F-Prot = W32/Agent.OG.gen!Eldorado AVG = Agent3.BJDF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Graftor.17350 Symantec = Trojan.Gen.2 TheHacker = Trojan/Ponmocup.az BitDefender = Gen:Variant.Graftor.17350 NOD32 = Win32/Ponmocup.AZ
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:03:27 18:28:44-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 69632 Initialized Data Size : 77824 Uninitialized Data Size : 0 Entry Point : 0x16ed OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Event Create File Version : 5.1.2600.0 (xpclient.010817-1148) Internal Name : EventCreate.exe Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : EvCreate.exe Product Name : Microsoft® Windows® Operating System Product Version : 5.1.2600.0
VirusTotal Report submitted 2012-04-07 16:57:58
VirusShare info last updated 2012-07-26 01:43:46

	MD5	3dec7f80b8d95d4cf762e912d68da83d
	SHA1	f0d31b32779fb42da3372cbba537ee95ab95970f
	SHA256	b8c33b7a1e48feb824e6021742e8bbf7967024704f32af083bf608cb01d107c5
SSDeep	3072:UXmrQCFfWxxFIpFgb3olFOSnlhVW4DsIVXUV:U8GFIbgrYTVW4DXXU
Size	135168 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Graftor.17637 Avast = Win32:Diller-DC [Trj] Ikarus = Win32.SuspectCrc K7AntiVirus = Riskware VirusBuster = Trojan.Ponmocup!zn6TmdWDg2A Emsisoft = Win32.SuspectCrc!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Artemis!3DEC7F80B8D9 Fortinet = W32/Ponmocup.BJ McAfee = Artemis!3DEC7F80B8D9 F-Secure = Gen:Variant.Graftor.17637 VIPRE = Trojan.Win32.Generic!BT eSafe = Win32.TRGraftor AVG = Agent_r.BDZ Norman = W32/Suspicious_Gen4.XREO GData = Gen:Variant.Graftor.17637 TheHacker = Trojan/Ponmocup.bj BitDefender = Gen:Variant.Graftor.17637 NOD32 = a variant of Win32/Ponmocup.BJ
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2012:03:10 19:00:00-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 81920 Initialized Data Size : 53248 Uninitialized Data Size : 0 Entry Point : 0xb4ad OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-04-26 13:56:02
VirusShare info last updated 2012-07-26 01:43:48

	MD5	53ddba617a9fd901c0da0604aed39bbd
	SHA1	598361ad9d3095182ef937e6289ddb28d48b6007
	SHA256	7403a9241cf2585fafeed36111122ea18305a93f3d7b470e94c02966b86f9b17
SSDeep	1536:OYV9Ha+y58M+JbhDQDwbYlwO1aWFRVh3uKovla1GW29jsHakzdlV:RaT8M+JkyYzFRVh+KoNnxjs6ulV
Size	89088 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.ZPACK.Gen2 Avast = Win32:Diller-DK [Trj] Ikarus = Trojan.Win32.Webprefix AhnLab-V3 = Trojan/Win32.Diller Panda = Trj/CI.A Emsisoft = Trojan.Win32.Webprefix!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Generic.dx!b2bh Fortinet = W32/Ponmocup.AZ!tr McAfee = Generic.dx!b2bh F-Secure = Gen:Variant.Graftor.17528 VIPRE = Trojan.Win32.Generic!BT AVG = Agent3.BJXK Norman = W32/Troj_Generic.BHUXN Symantec = WS.Reputation.1 GData = Gen:Variant.Graftor.17528 BitDefender = Gen:Variant.Graftor.17528 NOD32 = a variant of Win32/Ponmocup.BF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2012:03:08 19:00:00-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 45056 Initialized Data Size : 49152 Uninitialized Data Size : 0 Entry Point : 0x25ad OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-04-24 14:19:51
VirusShare info last updated 2012-07-26 01:44:32

	MD5	56d5348bdcd9bde73a9da8d24e3122ac
	SHA1	07e4896ddf76a26ad805b47dee46e1487b3478fb
	SHA256	95376beaa464612c3a4b4411702647f162c33d5776753b1a8e385f89963b87e8
SSDeep	1536:3DJEbW2g8Hjy6r42B4nc8LijHrlmHzDayNyNP5v9uQVBIItHPHpFr3:3sWAHLYLinl2z5SvMaqItHP
Size	147456 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Graftor.173522 Avast = Win32:Diller-DK [Trj] Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Webprefix AhnLab-V3 = Trojan/Win32.Vundo Panda = Trj/Genetic.gen Rising = Trojan.Win32.Generic.12BE9095 K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_GEN.R01CCD5 Emsisoft = Trojan.Win32.Webprefix!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Vundo McAfee-GW-Edition = Vundo!ov TrendMicro = TROJ_GEN.R01CCD5 Microsoft = Trojan:Win32/Vundo.gen!CA Fortinet = W32/Ponmocup.AZ!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.HUP!genus McAfee = Vundo!ov F-Secure = Gen:Variant.Graftor.17350 VIPRE = Virtumonde eSafe = Win32.TRGraftor F-Prot = W32/Agent.OG.gen!Eldorado AVG = Agent3.BJMH Norman = W32/Troj_Generic.AVYET Sophos = Troj/Virtum-Gen GData = Gen:Variant.Graftor.17350 Symantec = Trojan.Gen.2 Commtouch = W32/Agent.OG.gen!Eldorado TheHacker = Trojan/Ponmocup.bd BitDefender = Gen:Variant.Graftor.17350 NOD32 = a variant of Win32/Ponmocup.BD
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:03:27 18:28:44-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 69632 Initialized Data Size : 77824 Uninitialized Data Size : 0 Entry Point : 0x16ef OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Event Create File Version : 5.1.2600.0 (xpclient.010817-1148) Internal Name : EventCreate.exe Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : EvCreate.exe Product Name : Microsoft® Windows® Operating System Product Version : 5.1.2600.0
VirusTotal Report submitted 2012-06-05 15:47:22
VirusShare info last updated 2012-07-26 01:44:38

	MD5	63dd2bab94ecd5d9185ad5a25bcc62bc
	SHA1	9a8d34b767acae0b144e3e31424d2eafabe42fe7
	SHA256	69f67a1fad2f56ba7de6815b306d3324dee7257835605ebd836d12b9dcd7f0eb
SSDeep	6144:GtsxBA9v/+DMVF2Nvq2oR7mtoANeKq5o3sG5/LujZ8xPJWsJSmzIAwQ62le6tFT:GOxm+QEvqD1FKCmL/KCnAmz/D6TGT
Size	492383 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Suspicious file nProtect = Backdoor.Generic.590318 K7AntiVirus = Riskware VirusBuster = Backdoor.Agent!GMaihcJvib8 VBA32 = Trojan.Pirminay.dxw Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falleg[Cont] McAfee-GW-Edition = Downloader.a!bkh DrWeb = Trojan.DownLoader4.61850 Kaspersky = Trojan.Win32.Pirminay.rco Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.od McAfee = Downloader.a!bkh F-Secure = Backdoor.Generic.590318 VIPRE = Trojan.Win32.Generic!BT AVG = Generic21.AODG Norman = W32/Kryptik.AIF Sophos = Mal/Ponmocup-A GData = Backdoor.Generic.590318 Symantec = Trojan.Gen TheHacker = Trojan/Pirminay.dyy BitDefender = Backdoor.Generic.590318 NOD32 = a variant of Win32/Kryptik.LOV
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:11:02 16:39:03-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 24576 Initialized Data Size : 917504 Uninitialized Data Size : 0 Entry Point : 0x305b OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.3.2600.5512 Product Version Number : 5.3.2600.5512 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : Neutral Character Set : Unicode Company Name : Dwownikon Juiohpwtxjw File Description : WDM Tee/Communication Transform Filter File Version : 5.3.2600.5512 (xpsp.080413-2108) Internal Name : mstee.sys Legal Copyright : © Oxfxrjnqx Wphbjlqhbve. All rights reserved. Original Filename : mstee.sys Product Name : Cqnsomgbx(R) Wcfijky(R) Sjgeoequx Chfoec Product Version : 5.3.2600.5512
VirusTotal Report submitted 2012-04-25 22:06:45
VirusShare info last updated 2012-07-26 01:45:07

	MD5	8732c77d8c6101a039adef7492398391
	SHA1	00a741352a6d683df3fc981e8e1ef79227ddf004
	SHA256	d401f9b6217816842b4a55ac01d728e28975e31db8f341f8fa92b508e0ca103b
SSDeep	1536:OpOAxXsB9L8y56N2BvFJ8Li7Lzhm6M4tUptQg4RRS8XIvRdS:OpRxcDLNGLi7hdM4toQg4R88yR
Size	122880 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Barys.103 Avast = Win32:Diller-AF [Trj] Ikarus = Trojan.Win32.Webprefix K7AntiVirus = Riskware Emsisoft = Trojan.Win32.Webprefix!IK McAfee-GW-Edition = Artemis!8732C77D8C61 McAfee = Artemis!8732C77D8C61 F-Secure = Gen:Variant.Barys.103 VIPRE = Trojan.Win32.Generic!BT AVG = Agent3.BNAX GData = Gen:Variant.Barys.103 BitDefender = Gen:Variant.Barys.103 NOD32 = a variant of Win32/Ponmocup.BU
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2012:04:14 20:00:00-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 73728 Initialized Data Size : 49152 Uninitialized Data Size : 0 Entry Point : 0x1bdf OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-04-25 03:13:42
VirusShare info last updated 2012-07-26 01:46:40

	MD5	8dd3c73991b8cd7199b5d9e3cad0654c
	SHA1	cb17078f44fb9dda522df59c31d53a13b71adaaa
	SHA256	9cca9d91ac77c9ebc782069ef425fb349f618002fad2e5ed5836599ea7cdba99
SSDeep	3072:jj3vr+AMX2zJPHBhgnL89ipsmeH4qQp7rpl0L9oBDP:jdMX2zJPhhgrum+LQr
Size	147968 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Kazy.YS Avast = Win32:Diller-CD [Trj] Ikarus = Trojan.Win32.Webprefix Panda = Suspicious file Emsisoft = Trojan.Win32.Webprefix!IK McAfee = Generic.dx!bdwp F-Secure = Gen:Variant.Graftor.16660 VIPRE = Trojan.Win32.Generic!BT AVG = Agent3.BIWY GData = Gen:Variant.Graftor.16660 Symantec = Trojan.Gen.2 BitDefender = Gen:Variant.Graftor.16660 NOD32 = a variant of Win32/Ponmocup.AT
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2012:02:25 19:00:00-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 94208 Initialized Data Size : 57344 Uninitialized Data Size : 0 Entry Point : 0xe515 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.0.2134.1 Product Version Number : 5.0.2134.1 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Bpasiymks Ixhfoaguuch File Description : Reset Session Utility File Version : 5.00.2134.1 Internal Name : rwinsta Legal Copyright : Copyright (C) Microsoft Corp. 1981-1999 Original Filename : rwinsta.exe Product Name : Igzaxyssc(R) Rmlellx (R) 2000 Wiwomovdi Qaners Product Version : 5.00.2134.1
VirusTotal Report submitted 2012-04-08 08:24:40
VirusShare info last updated 2012-07-26 01:46:57

	MD5	a3fa8cc623ea70e15980813339953acf
	SHA1	1c070778581cefbffde957bba238377138c5f895
	SHA256	f6cd2a88457db0f04088d8fc4a86662013edf922e1d0df41a5a0c58ae9536ec8
SSDeep	1536:MlWLtaIyx82mxbVQDwz2BoodRjlZcjhMi8GuUZ9WLurUvXI0L862kVClAoE:Tap82mO22tjlKhMYGLF123lpE
Size	89600 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Graftor.17528.50 Avast = Win32:Diller-DK [Trj] Ikarus = Trojan.Win32.Webprefix AhnLab-V3 = Trojan/Win32.Diller Panda = Suspicious file K7AntiVirus = Riskware VirusBuster = Trojan.Ponmocup!FnJjYRDdVQ0 Emsisoft = Trojan.Win32.Webprefix!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Artemis!A3FA8CC623EA Fortinet = W32/Ponmocup.BF McAfee = Artemis!A3FA8CC623EA F-Secure = Gen:Variant.Barys.569 VIPRE = Trojan.Win32.Generic!BT eSafe = Win32.TRGraftor AVG = Agent3.BKEF Norman = W32/Troj_Generic.AWFNP GData = Gen:Variant.Barys.569 BitDefender = Gen:Variant.Barys.569 NOD32 = a variant of Win32/Ponmocup.BF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2012:03:13 20:00:00-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 45056 Initialized Data Size : 49152 Uninitialized Data Size : 0 Entry Point : 0x25a9 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-04-28 09:37:50
VirusShare info last updated 2012-07-26 01:47:44

	MD5	a9ec29c3153e44bea14eaef05a7f0dc2
	SHA1	9e4602ac142f0499e3abdcd5e77924e9a4b689d7
	SHA256	30d222bb342db747ce1a13358e6e04edffc6f61651486b25c7d0b184bcfabeed
SSDeep	12288:ObbA8pZ5+az0oY3ZbtAQDPZE+loKv0t74328QEeb:sbAAH+iudtAGOOJ3pDeb
Size	450639 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:Pirminay-Y [Trj] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay nProtect = Trojan.Generic.6236848 VirusBuster = Trojan.DL.Agent!RK2+BB42qUs TrendMicro-HouseCall = TROJ_GEN.R26CCCN Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.Virtumod.11469 TrendMicro = TROJ_GEN.R26CCCN Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.agk McAfee = Generic Malware.ms F-Secure = Trojan.Generic.6236848 VIPRE = Trojan.Win32.Generic!BT AVG = Dropper.Generic3.COTI Norman = W32/Obfuscated.L Sophos = Mal/Generic-L GData = Trojan.Generic.6236848 Symantec = Trojan.Gen BitDefender = Trojan.Generic.6236848 NOD32 = probably a variant of Win32/TrojanDownloader.Agent.LEHXVMY
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:30 15:43:04-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 450560 Initialized Data Size : 4096 Uninitialized Data Size : 577536 Entry Point : 0xfb200 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : Neutral Character Set : Unicode Company Name : Ixipgmnyw Bimfzsnoamo File Description : MagFile Medium changer driver File Version : 6.0.6000.16386 (rsxkw_rtm.061101-2205) Internal Name : m4mc.sys Legal Copyright : © Ollupjaxq Vfzxejgqtyb. All rights reserved. Original Filename : m4mc.sys Product Name : Owtfhpfjt® Xrmoqwt® Xjxnmjvyh Pvkigq Product Version : 6.0.6000.16386
VirusTotal Report submitted 2012-03-29 09:05:41
VirusShare info last updated 2012-07-26 01:47:58

	MD5	b7c72f7faef8c9f21e39fb86f4c10072
	SHA1	432b1374eff512dc386341db0dca763a26620575
	SHA256	352a9ca6afa1c697bbbe5e553ff635e2f6d9b82ed11b78d775e1b6e2d7675c82
SSDeep	1536:b/Ybe8oKyrkQ2B6Vm8LijlDQmLicdHstFXseG13nWYTpTtS0Hp2K4:rzthLiVQfcdMtFbG1XWKpTtS0
Size	147456 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Graftor.173521 Avast = Win32:Diller-DK [Trj] Ikarus = Trojan.Win32.Webprefix AhnLab-V3 = Trojan/Win32.Vundo Panda = Trj/Genetic.gen K7AntiVirus = Riskware eTrust-Vet = Win32/Vundo.HUP!genus Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Webprefix!IK CAT-QuickHeal = Trojan.Vundo McAfee-GW-Edition = Artemis!B7C72F7FAEF8 Microsoft = Trojan:Win32/Vundo.gen!CA Fortinet = W32/Ponmocup.AZ!tr McAfee = Artemis!B7C72F7FAEF8 F-Secure = Trojan.Generic.KDV.603648 F-Prot = W32/Agent.OG.gen!Eldorado AVG = Agent3.BJDF Norman = W32/Troj_Generic.BGBTA Sophos = Troj/Virtum-Gen GData = Trojan.Generic.KDV.603648 Commtouch = W32/Agent.OG.gen!Eldorado TheHacker = Trojan/Ponmocup.az BitDefender = Trojan.Generic.KDV.603648 NOD32 = Win32/Ponmocup.AZ
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:03:27 18:28:44-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 69632 Initialized Data Size : 77824 Uninitialized Data Size : 0 Entry Point : 0x16ed OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Event Create File Version : 5.1.2600.0 (xpclient.010817-1148) Internal Name : EventCreate.exe Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : EvCreate.exe Product Name : Microsoft® Windows® Operating System Product Version : 5.1.2600.0
VirusTotal Report submitted 2012-04-20 07:23:45
VirusShare info last updated 2012-07-26 01:48:20

	MD5	c5e9afeff29b8497c11c236721f820f3
	SHA1	d9439ef441442fbac4f996b246db476dd3cf7237
	SHA256	3ffbb3bbc04f413bad7158cb1bc3ad81d4750278378cd94d412902e518741f88
SSDeep	1536:fUNMlsdqHjy6pg2B4Re8LijBBhmY4eFS+TQezC12hLdogMIt1c+HpFrb:fTsQHLmLiTh54eM2QSk6LWgMIt1B
Size	147456 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Graftor.173522 Avast = Win32:Diller-CL [Trj] Ikarus = Trojan.Win32.Webprefix AhnLab-V3 = Trojan/Win32.Vundo Panda = Suspicious file Rising = Trojan.Win32.Generic.12BDD137 K7AntiVirus = Riskware Emsisoft = Trojan.Win32.Webprefix!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Vundo McAfee-GW-Edition = Vundo!ot Microsoft = Trojan:Win32/Vundo.gen!CA Fortinet = W32/Vundo.OT!tr McAfee = Vundo!ot F-Secure = Gen:Variant.Graftor.17350 AVG = Agent3.BJMI Norman = W32/Troj_Generic.AUZES Sophos = Troj/Virtum-Gen Symantec = Trojan.Gen.2 GData = Gen:Variant.Graftor.17350 TheHacker = Trojan/Ponmocup.bd BitDefender = Gen:Variant.Graftor.17350 NOD32 = a variant of Win32/Ponmocup.BD
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:03:27 18:28:44-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 69632 Initialized Data Size : 77824 Uninitialized Data Size : 0 Entry Point : 0x16ef OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Event Create File Version : 5.1.2600.0 (xpclient.010817-1148) Internal Name : EventCreate.exe Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : EvCreate.exe Product Name : Microsoft® Windows® Operating System Product Version : 5.1.2600.0
VirusTotal Report submitted 2012-03-30 07:51:47
VirusShare info last updated 2012-07-26 01:48:54

	MD5	d01bff03855c20fcc8790ebb2103490b
	SHA1	0cff5bb78c946c9b7537e0b62255608a2de72555
	SHA256	ad5ae3e3def302ad16bf80e2b6a983e8f7fdbddda77d1d412c6f276884f6e94b
SSDeep	6144:jKGRwFJkWWCPIdDfHeDK+bSArqQzj5e8eOk:jK1xv/ITUeJ
Size	229449 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:Downloader-JEH [Trj] Ikarus = Trojan.Win32.Jorik AhnLab-V3 = Trojan/Win32.Jorik Panda = Suspicious file nProtect = Trojan.Generic.6411322 K7AntiVirus = Riskware VirusBuster = Trojan.Injector!RnRC6TivcGI VBA32 = TrojanDownloader.CodecPack.sjt TrendMicro-HouseCall = TROJ_RENOS.BMC Emsisoft = Trojan.Win32.Jorik!IK McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.WinSpy.1014 TrendMicro = TROJ_RENOS.BMC Kaspersky = Trojan.Win32.Jorik.Pirminay.bay Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Jorik.K!tr PCTools = Trojan.ADH Jiangmin = Trojan/Generic.hxys McAfee = Generic Malware.ms F-Secure = Trojan.Generic.6411322 VIPRE = Trojan.Win32.Generic!BT AVG = Dropper.Generic4.TYV Norman = W32/Suspicious_Gen2.QIMAG Sophos = Mal/Generic-L GData = Trojan.Generic.6411322 Symantec = Trojan.ADH TheHacker = Trojan/Jorik.Pirminay.gn BitDefender = Trojan.Generic.6411322 NOD32 = a variant of Win32/Injector.HZU
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 225280 Initialized Data Size : 4096 Uninitialized Data Size : 45056 Entry Point : 0x42c00 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.1106 Product Version Number : 5.1.2600.1106 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Uhaaruimv Corporation File Description : Schedule Tasks File Version : 5.1.2600.1106 (xpsp1.020828-1920) Internal Name : SchTasks.exe Legal Copyright : © Hvszzqzko Ayjiatrrgab. All rights reserved. Original Filename : ScTasks.exe Product Name : Sppufspos® Jucjimo® Lzfcssxbv Belchn Product Version : 5.1.2600.1106
VirusTotal Report submitted 2012-04-11 09:34:15
VirusShare info last updated 2012-07-26 01:49:07

	MD5	d2996244112adc0eda49c0718a413522
	SHA1	af5b357b3d3e1210b41d25e476765f051d8c924e
	SHA256	5547c28108f59d9d761716c9d26c23db360329581f2a5debea72da644311fc0c
SSDeep	6144:a0CB7r2LuX4Jpi2CggbYzTLhU3Ij7nlK6j0rL9Ue73RRdLmNuJ:a0s7ruuSpiUTusnrI9VrJ
Size	329156 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Ikarus = Trojan.Win32.Pirminay Panda = Suspicious file nProtect = Trojan.Generic.6155824 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!cuvBS/bq5Pk TrendMicro-HouseCall = TROJ_GEN.R4FC2GG Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[Cont] McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.Hosts.4809 TrendMicro = TROJ_GEN.R4FC2GG Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.ajt McAfee = Generic Malware.ms F-Secure = Trojan.Generic.6155824 VIPRE = Trojan.Win32.Generic!BT AVG = Generic23.NCZ Norman = W32/Suspicious_Gen2.QHEWS Sophos = Mal/Ponmocup-A Symantec = Trojan.Gen GData = Trojan.Generic.6155824 TheHacker = Trojan/Pirminay.iqu BitDefender = Trojan.Generic.6155824 NOD32 = probably a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:19 22:00:50-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 327680 Initialized Data Size : 4096 Uninitialized Data Size : 405504 Entry Point : 0xb37a0 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Jbkwtqvbl Corporation File Description : AMD NT AGP Filter File Version : 6.0.6000.16386 (jwvcu_rtm.061101-2205) Internal Name : amdagp.sys Legal Copyright : © Mqjvymiot Hplidrsfmcw. All rights reserved. Original Filename : amdagp.sys Product Name : Uxpwaasmp® Ozbhlhq® Ruqprhzua Ycycjj Product Version : 6.0.6000.16386
VirusTotal Report submitted 2012-04-19 08:54:57
VirusShare info last updated 2012-07-26 01:49:11

	MD5	d2c00029ca3d494fcd5453af1dca07e8
	SHA1	edf43d43ac8d7e3cdaccc8e250ad7af11c5942a3
	SHA256	32272a1deb27f76f4b81125e3d8c5d2eaf6fa1816fd6f8afa6b0d6c55714e2da
SSDeep	6144:KCNQVFhjRBgMkeU5N02AcA7hipEsJZn2wIxe7AfhRYKjFGPDrBypoJviQWDph6Yp:cFhjJUL1e0pEsJZnt7aYZQTQ6li8P
Size	384397 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.XPACK.Gen Avast = Win32:Pirminay-H [Trj] Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Pirminay Panda = Suspicious file K7AntiVirus = Trojan VBA32 = SScope.Trojan.Pirminay.chc TrendMicro-HouseCall = TROJ_DLOADR.SMWQ Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Genome.abzwp McAfee-GW-Edition = Downloader-CEW.ag DrWeb = Trojan.Hosts.5775 TrendMicro = TROJ_DLOADR.SMWQ Kaspersky = Trojan.Win32.Genome.abzwp Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen McAfee = Downloader-CEW.ag F-Secure = Gen:Variant.Riern.1 VIPRE = Trojan.Win32.Generic!BT eSafe = Win32.TRCrypt.XPACK AVG = Crypt.AFNS Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Riern.1 Symantec = Trojan.Gen TheHacker = Trojan/Genome.abzwp BitDefender = Gen:Variant.Riern.1 NOD32 = a variant of Win32/Kryptik.JZC
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:06:30 13:00:28-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 102400 Initialized Data Size : 561152 Uninitialized Data Size : 0 Entry Point : 0x190ac OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Named Pipes Net DLL for SQL Clients File Version : 6.0.6000.16386 (vista_rtm.061101-2205) Internal Name : dbnmpntw.dll Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : dbnmpntw.dll Product Name : Microsoft® Windows® Operating System Product Version : 6.0.6000.16386
VirusTotal Report submitted 2012-04-04 15:40:15
VirusShare info last updated 2012-07-26 01:49:11

	MD5	22453b58f535e09928b910d4ab8ddd25
	SHA1	405467ff628221ede9b0186741cb1fe8f0022be3
	SHA256	82564c7ccecf8adb6bb3c9aecb3857ac8ffbcb2476bdbc39cc4d29cc608de60b
SSDeep	1536:jxEq9Ha+y58M+JbhDQDwbYlwO1aWFRZT+mMPTh0Tw1u0/hHakzdlP:mmaT8M+JkyYzFRrRWh6ulP
Size	89088 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.ZPACK.Gen2 Avast = Win32:Diller-DK [Trj] Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Webprefix AhnLab-V3 = Trojan/Win32.Diller Panda = Generic Trojan K7AntiVirus = Riskware VirusBuster = Trojan.Ponmocup!BtHZtO7lv94 Emsisoft = Trojan.Win32.Webprefix!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Generic.dx!bdvq Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!CB Fortinet = W32/Ponmocup.AZ!tr Jiangmin = Trojan/Generic.aepic McAfee = Generic.dx!bdvq F-Secure = Gen:Variant.Barys.738 VIPRE = Trojan.Win32.Generic!BT AVG = Agent3.BJXK Norman = W32/Troj_Generic.BENSA Sophos = Troj/Virtum-Gen GData = Gen:Variant.Barys.738 Symantec = WS.Reputation.1 BitDefender = Gen:Variant.Barys.738 NOD32 = a variant of Win32/Ponmocup.BF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2012:03:07 19:00:00-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 45056 Initialized Data Size : 49152 Uninitialized Data Size : 0 Entry Point : 0x25ad OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-06-07 16:13:15
VirusShare info last updated 2012-07-26 01:52:54

	MD5	227f34364d92fb1d49ac59aa9e84877b
	SHA1	f9744b942dea0737608b735e158942a09c6a2256
	SHA256	ae3e87af86946d7d6f80d08ce989acb6b0eb8dcc272a859410fa453515cf86cb
SSDeep	6144:0CgGl9qqBRZ8b0OCEz0vaSbcEmY+YgWLePyKg0BRPYQ1Tzm6F/Hbag+sN:rDq/4XEzPSDmY7lelzBRPYQJiYfbagh
Size	396800 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Offend.kdv.593895 Avast = Win32:Diller-AF [Trj] Antiy-AVL = Trojan/win32.agent Ikarus = Trojan.Win32.Pirminay Panda = Generic Trojan nProtect = Trojan.Generic.KDV.593895 K7AntiVirus = Riskware VirusBuster = Trojan.Ponmocup!XUBzpQNT5Gs TrendMicro-HouseCall = TROJ_GEN.R30CCDN Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Adware.EoRezo (Not a Virus) McAfee-GW-Edition = Generic.tfr!ch DrWeb = Trojan.PWS.Panda.2021 TrendMicro = TROJ_GEN.R30CCDN Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Adware:Win32/EoRezo Fortinet = W32/Ponmocup.AA Jiangmin = Trojan/Generic.aaypn McAfee = Generic.tfr!ch F-Secure = Trojan.Generic.KDV.593895 VIPRE = Trojan.Win32.Generic!BT AVG = Crypt.AUTI Norman = W32/Kryptik.AIF Symantec = Trojan.Gen GData = Trojan.Generic.KDV.593895 TheHacker = Trojan/Ponmocup.aa BitDefender = Trojan.Generic.KDV.593895 NOD32 = Win32/Ponmocup.AA
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2106:02:06 02:36:32-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 397312 Initialized Data Size : 4096 Uninitialized Data Size : 90112 Entry Point : 0x775d0 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-04-25 11:47:47
VirusShare info last updated 2012-07-26 01:52:58

	MD5	70118fa128cb71c688db3f2617011a66
	SHA1	bb71159df10fe64a7ce5455e3e7dbabbc47ad903
	SHA256	31f363a8f8406474603c17924759a5d5b00bd274c8faa5cbaa1bd2cb5f46fb50
SSDeep	1536:pi/Cbe8oKyrkQ2B6Vm8LijlDQm1icdHstFXseG13nWYspTtc0Hp2K4:oZthLiVQ5cdMtFbG1XW5pTtc0
Size	147456 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Graftor.173521 Avast = Win32:Diller-DK [Trj] Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Webprefix AhnLab-V3 = Trojan/Win32.Vundo Panda = Trj/Genetic.gen Rising = Trojan.Win32.Generic.12BE4794 K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_GEN.R29CCD6 Emsisoft = Trojan.Win32.Webprefix!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Vundo McAfee-GW-Edition = Vundo!ov TrendMicro = TROJ_GEN.R29CCD6 Kaspersky = Trojan.Win32.Genome.afbox Microsoft = Trojan:Win32/Vundo.gen!CA Fortinet = W32/Ponmocup.AZ!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.HUP!genus McAfee = Vundo!ov F-Secure = Gen:Variant.Graftor.17350 VIPRE = Virtumonde F-Prot = W32/Agent.OG.gen!Eldorado AVG = Agent3.BJDF Norman = W32/Troj_Generic.AVRNR Sophos = Troj/Virtum-Gen Symantec = Trojan.Gen.2 GData = Gen:Variant.Graftor.17350 Commtouch = W32/Agent.OG.gen!Eldorado TheHacker = Trojan/Ponmocup.az BitDefender = Gen:Variant.Graftor.17350 NOD32 = Win32/Ponmocup.AZ
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:03:27 18:28:44-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 69632 Initialized Data Size : 77824 Uninitialized Data Size : 0 Entry Point : 0x16ed OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Event Create File Version : 5.1.2600.0 (xpclient.010817-1148) Internal Name : EventCreate.exe Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : EvCreate.exe Product Name : Microsoft® Windows® Operating System Product Version : 5.1.2600.0
VirusTotal Report submitted 2012-06-05 15:50:57
VirusShare info last updated 2012-07-26 01:55:56

	MD5	fa99630244462f49a4801125fe0056fa
	SHA1	48400130d3fdf1cff02d298b24a8d3d8d79dd4fa
	SHA256	16149339e7eb252349788cc48ffffe1d6875e312504b31d6f47475b5eb27e452
SSDeep	6144:4uGzv2I+SmQDfzVnjUj5TM+HvbLNFLZ024lxeeidtxp/fQhAuL3:4zvF+SbDf5niRrv1FLZfKxeeidtH/du7
Size	261610 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:Pirminay-CU [Trj] Ikarus = Trojan.Win32.Jorik AhnLab-V3 = Trojan/Win32.Jorik Panda = Suspicious file nProtect = Trojan.Generic.6380082 K7AntiVirus = Riskware VirusBuster = Trojan.Injector!yIJOnAq2u4E VBA32 = TrojanDownloader.Qhost.jw TrendMicro-HouseCall = TROJ_GEN.R4FC3IC Emsisoft = Trojan.Win32.Jorik!IK McAfee-GW-Edition = Generic Malware.ap!pec DrWeb = Trojan.WinSpy.1014 TrendMicro = TROJ_GEN.R4FC3IC Kaspersky = Trojan.Win32.Jorik.Pirminay.bcv Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Jorik.K!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.hxys McAfee = Generic Malware.ap!pec F-Secure = Trojan.Generic.6380082 VIPRE = Trojan.Win32.Generic!BT AVG = Dropper.Generic4.RTM Norman = W32/Obfuscated.L Sophos = Troj/Virtum-Gen GData = Trojan.Generic.6380082 Symantec = Trojan.Gen TheHacker = Trojan/Jorik.Pirminay.dg BitDefender = Trojan.Generic.6380082 NOD32 = a variant of Win32/Injector.HZU
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 245760 Initialized Data Size : 16384 Uninitialized Data Size : 40960 Entry Point : 0x46d50 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 8.1.2327.0 Product Version Number : 8.1.2327.0 File Flags Mask : 0x003f File Flags : Pre-release, Private build File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : Neutral Character Set : Unicode Company Name : Pjxdvuviy Orlrbwtlnlr File Description : Xbhmasnkw IME 2002 File Version : 8.1.2327.0 Internal Name : IMESKDIC Legal Copyright : Copyright (C) 1995-2000 Tzwduwvbx Funekxjkvef. All rights reserved. Legal Trademarks : CejkvztjmQ is a registered trademark of Wmhwyymnf Mzrcpotropv. Cwuxmwn(TM) is a trademark of Dptzwbgex Isqjyjgagbx Original Filename : IMESKDIC.DLL Product Name : Qijapgdmv IME 2002 Product Version : 8.1.2327.0
VirusTotal Report submitted 2012-04-12 08:51:49
VirusShare info last updated 2012-07-26 02:00:59

	MD5	1378b3bb21e18bae879a19d8eb765a57
	SHA1	b1f031ae697193a7bf8b4b690586ceebcf8e19ee
	SHA256	00bc073f5ab9893fb5088330d2d836da20d47f3750108cca5147c8049c41810e
SSDeep	1536:q+s7R3sAZYDhrvtzlTRKZsEMCZTAtQSFRIZQ:ORZYlrvtzl0VTwQSHIZQ
Size	69120 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.avgma Avast = Win32:Adware-gen [Adw] Antiy-AVL = AdWare/Win32.SuperJuan.gen Ikarus = not-a-virus:AdWare.Win32.SuperJuan AhnLab-V3 = Adware/Win32.SuperJuan nProtect = Trojan-Clicker/W32.SuperJuan.69120 K7AntiVirus = Adware VBA32 = AdWare.SuperJuan.afzl eTrust-Vet = Win32/Adware.OS!genus TrendMicro-HouseCall = TROJ_GEN.R47CDDE Comodo = UnclassifiedMalware Emsisoft = Riskware.AdWare.Win32.SuperJuan!IK SUPERAntiSpyware = Trojan.Agent/Gen-Vundo DrWeb = Trojan.Juan.700 TrendMicro = TROJ_GEN.R47CDDE Kaspersky = not-a-virus:AdWare.Win32.SuperJuan.afzs Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.UER!tr Jiangmin = Adware/SuperJuan.aox McAfee = Artemis!1378B3BB21E1 F-Secure = Gen:Variant.Graftor.4111 VIPRE = Trojan.Win32.Encpk.acf (v) AVG = Generic4.CHLH Symantec = Trojan.Gen GData = Gen:Variant.Graftor.4111 TheHacker = Trojan/Ponmocup.aa BitDefender = Gen:Variant.Graftor.4111 NOD32 = Win32/Ponmocup.AA
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:22 19:53:04-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 28672 Initialized Data Size : 49152 Uninitialized Data Size : 0 Entry Point : 0x15d5 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : Neutral Character Set : Unicode Company Name : Microsoft Corporation File Description : JP Japanese Keyboard Layout Stub driver File Version : 6.0.6000.16386 (vista_rtm.061101-2205) Internal Name : kbdjpn Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : kbdjpn.dll Product Name : Microsoft® Windows® Operating System Product Version : 6.0.6000.16386
VirusTotal Report submitted 2012-04-14 22:54:52
VirusShare info last updated 2012-07-25 00:39:02

	MD5	149b5e8e7eb5a07947d52f5f15937d85
	SHA1	7489a36566c3decf551aa1fc494519f2a5f133ec
	SHA256	984003e7e64cac35d3c8f4942235cc18d9e025075edc9c4592b345e788602a73
SSDeep	1536:zsJEbW2g8Hjy6r42B4nc8LijHrlmvodaFtiM/vlZu5AsBIIt0PHpFr3:z5WAHLYLinlIod2cWkqIt0P
Size	147456 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Graftor.173522 Avast = Win32:Diller-CL [Trj] Antiy-AVL = Trojan/win32.agent.gen Ikarus = Trojan.Win32.Webprefix AhnLab-V3 = Trojan/Win32.Vundo Panda = Trj/Genetic.gen K7AntiVirus = Riskware Emsisoft = Trojan.Win32.Webprefix!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Artemis!149B5E8E7EB5 Microsoft = Trojan:Win32/Vundo.gen!CA Fortinet = W32/Ponmocup.AZ!tr McAfee = Artemis!149B5E8E7EB5 F-Secure = Gen:Variant.Graftor.17350 VIPRE = Virtumonde F-Prot = W32/Agent.OG.gen!Eldorado AVG = Agent3.BJMH Sophos = Troj/Virtum-Gen GData = Gen:Variant.Graftor.17350 Symantec = Trojan.Gen.2 TheHacker = Trojan/Ponmocup.bd BitDefender = Gen:Variant.Graftor.17350 NOD32 = a variant of Win32/Ponmocup.BD
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:03:27 18:28:44-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 69632 Initialized Data Size : 77824 Uninitialized Data Size : 0 Entry Point : 0x16ef OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Event Create File Version : 5.1.2600.0 (xpclient.010817-1148) Internal Name : EventCreate.exe Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : EvCreate.exe Product Name : Microsoft® Windows® Operating System Product Version : 5.1.2600.0
VirusTotal Report submitted 2012-04-08 05:05:08
VirusShare info last updated 2012-07-26 02:02:35

	MD5	230e2f9d8e6c42e0e1dac61e780a1d2f
	SHA1	1c427ffe59b64683777ef9778f2de19a29e93513
	SHA256	310b05fabeb07f7bd23880c0f9cfe0ba77dedf00ac0f5302f64412a1bd48c26b
SSDeep	3072:0yWer0iCTGf6+1+aEwzxY8jV2ahxY+v60PnJ1gHDYaZjN7Lb9ZeKd4R1/1erm:0peILdA+dwemY+v60PsH7N3xZeKd4N
Size	234496 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = ADWARE/Adware.Gen Avast = Win32:Pirminay-CU [Trj] Antiy-AVL = Trojan/Win32.Qhost Ikarus = Trojan.Win32.Jorik AhnLab-V3 = Trojan/Win32.Jorik Panda = Generic Trojan nProtect = Trojan/W32.Agent.234496.CT K7AntiVirus = Trojan-Downloader VBA32 = TrojanDownloader.Qhost.jw TrendMicro-HouseCall = TROJ_GEN.R3FC3H3 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Jorik!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[Cont] McAfee-GW-Edition = Downloader.a!ht DrWeb = Trojan.DownLoader4.25488 ByteHero = Trojan.Win32.Heur.Gen TrendMicro = TROJ_GEN.R3FC3H3 Kaspersky = Trojan-Downloader.Win32.Qhost.jw Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Jorik.K!tr PCTools = Downloader.Generic Jiangmin = Trojan/Generic.hxys McAfee = Downloader.a!ht ClamAV = Trojan.Downloader-131470 F-Secure = Trojan.Generic.KDV.303177 VIPRE = Trojan.Win32.Generic!BT AVG = Dropper.Generic4.ROR Norman = W32/Obfuscated.L Sophos = Troj/Virtum-Gen Symantec = Downloader GData = Trojan.Generic.KDV.303177 TheHacker = Trojan/Downloader.Qhost.jw BitDefender = Trojan.Generic.KDV.303177 NOD32 = a variant of Win32/Injector.HZU
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 221184 Initialized Data Size : 16384 Uninitialized Data Size : 40960 Entry Point : 0x40610 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 8.1.2327.0 Product Version Number : 8.1.2327.0 File Flags Mask : 0x003f File Flags : Pre-release, Private build File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : Neutral Character Set : Unicode Company Name : Pjxdvuviy Orlrbwtlnlr File Description : Xbhmasnkw IME 2002 File Version : 8.1.2327.0 Internal Name : IMESKDIC Legal Copyright : Copyright (C) 1995-2000 Tzwduwvbx Funekxjkvef. All rights reserved. Legal Trademarks : CejkvztjmQ is a registered trademark of Wmhwyymnf Mzrcpotropv. Cwuxmwn(TM) is a trademark of Dptzwbgex Isqjyjgagbx Original Filename : IMESKDIC.DLL Product Name : Qijapgdmv IME 2002 Product Version : 8.1.2327.0
VirusTotal Report submitted 2012-03-30 02:51:33
VirusShare info last updated 2012-07-26 02:03:14

	MD5	32750535bf288ea74741d66b2ca1bfac
	SHA1	e6a98e909fd106556cf4f77be4a47e876bf56593
	SHA256	cac8c4273788dfbe26ba93611f39a222105a45cca7f19d30655b9944e09c72fc
SSDeep	1536:KMAniG+/xGQL5z5XDN5xjv7dZjsvjf6uP:R/HzXD9vJJsLfDP
Size	61952 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.XPACK.Gen Avast = Win32:Suprchu [Adw] Antiy-AVL = Trojan/Win32.Genome Ikarus = Win32.SuspectCrc AhnLab-V3 = Trojan/Win32.HDC Panda = Trj/CI.A Rising = Trojan.Win32.Ponmocup.a K7AntiVirus = Riskware eTrust-Vet = Win32/Vundo.K!generic TrendMicro-HouseCall = TROJ_GEN.R30CDDJ Comodo = TrojWare.Win32.Ponmocup.aa Emsisoft = Win32.SuspectCrc!IK CAT-QuickHeal = Trojan.Vundo SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[Cont] McAfee-GW-Edition = Artemis!32750535BF28 DrWeb = Adware.Searcher.1398 TrendMicro = TROJ_GEN.R30CDDJ Kaspersky = not-a-virus:AdWare.Win32.Zwangi.heur Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.TMS!tr Jiangmin = DangerousObject.Multi.ebi McAfee = Vundo!pd F-Secure = Gen:Variant.Graftor.1470 VIPRE = Virtumonde F-Prot = W32/GenTroj.A.gen!Eldorado AVG = Generic25.AIWC Norman = W32/Troj_Generic.BGTGT Sophos = Troj/Virtum-Gen GData = Gen:Variant.Graftor.1470 Symantec = Trojan.Gen Commtouch = W32/GenTroj.A.gen!Eldorado TheHacker = Trojan/Ponmocup.aa BitDefender = Gen:Variant.Graftor.1470 NOD32 = Win32/Ponmocup.AA
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 20480 Initialized Data Size : 45056 Uninitialized Data Size : 0 Entry Point : 0x13ea OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.5512 Product Version Number : 5.1.2600.5512 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 4 Language Code : English (U.S.) Character Set : Unicode Company Name : Tccbllsps Corp., 3Dlabs Inc. Ltd. File Description : Permedia2 Miniport Driver File Version : 1.00-0009 (MS) (xpsp.080413-2108) Internal Name : perm2.sys Legal Copyright : Copyright (C) Sqroxdeau Corp., 3Dlabs Inc. Ltd.1998-2001 Original Filename : perm2.sys Product Name : Lnpbnpznv® Jvsdygc® Quuedsaci Xghuwp Product Version : 5.1.2600.5512
VirusTotal Report submitted 2012-04-22 13:55:56
VirusShare info last updated 2012-07-26 02:03:59

	MD5	465568f1668ee0df5b4932a46791e6ad
	SHA1	6f32415bc2a0133bea3065dbb11d5b3b716d4323
	SHA256	ea38824682617eacd3119cfee3e412daf36d5080d3fbf29421bc3e4be6d656b8
SSDeep	3072:VSGGM8cmrYaCCTcoix8Yat7PsP896YIC6vJdwrrlxOcB:VnGM8J0ic9x8Yk7kEEBC6vJsDZB
Size	147456 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Barys.569.3 Avast = Win32:Diller-DK [Trj] Ikarus = Trojan.Win32.Webprefix Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Webprefix!IK McAfee-GW-Edition = Generic.dx!b2az Fortinet = W32/Ponmocup.AZ!tr McAfee = Generic.dx!b2az F-Secure = Gen:Variant.Barys.569 VIPRE = Trojan.Win32.Generic!BT AVG = Agent3.BLOB Norman = W32/Troj_Generic.BHOQO GData = Gen:Variant.Barys.569 BitDefender = Gen:Variant.Barys.569 NOD32 = a variant of Win32/Ponmocup.BT
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2012:03:31 20:00:00-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 90112 Initialized Data Size : 53248 Uninitialized Data Size : 0 Entry Point : 0xd38d OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-04-24 06:34:41
VirusShare info last updated 2012-07-26 02:04:30

	MD5	520a5cbb5511b0e647e6a9bfad7c72cb
	SHA1	541a94cd6ec2c6c1eb66aa05a8146fcbabc51fae
	SHA256	b003cf350d690cb5fa9392271458744b3fd96ac5ecc7274b0032e482911ac51b
SSDeep	3072:nuV5pv8kQLcMbu4KBGvkMc4/UZkl0HekmDc6t8DVxC:n/cMbu4KBtMc48Z7HEtEC
Size	163840 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Ponmocup.A Avast = Win32:Diller-AF [Trj] Antiy-AVL = AdWare/Win32.SuperJuan Ikarus = Win32.SuspectCrc AhnLab-V3 = Adware/Win32.SuperJuan Panda = Suspicious file Rising = Trojan.Win32.Generic.12C02850 K7AntiVirus = Adware VirusBuster = Adware.SuperJuan!gT8f89L8v8M eTrust-Vet = Win32/Vundo.HTW!genus Comodo = UnclassifiedMalware Emsisoft = Win32.SuspectCrc!IK SUPERAntiSpyware = Trojan.Agent/Gen-Ponmocup McAfee-GW-Edition = Artemis!520A5CBB5511 DrWeb = Trojan.Juan.832 TrendMicro = TROJ_GEN.R47CDDB Kaspersky = not-a-virus:AdWare.Win32.SuperJuan.aiqz Microsoft = Trojan:Win32/Vundo.gen!CA Fortinet = W32/Agent.BOM!tr Jiangmin = Adware/SuperJuan.auo McAfee = Artemis!520A5CBB5511 F-Secure = Gen:Variant.Graftor.12472 VIPRE = Virtumonde eSafe = Win32.TRCrypt.ZPACK F-Prot = W32/Agent.ON.gen!Eldorado AVG = Generic26.BOMO Norman = W32/Troj_Generic.AODLX Symantec = Trojan.Gen.2 GData = Gen:Variant.Graftor.12472 Commtouch = W32/Agent.ON.gen!Eldorado TheHacker = Trojan/Ponmocup.aa BitDefender = Gen:Variant.Graftor.12472 NOD32 = Win32/Ponmocup.AA
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 8.0 Code Size : 102400 Initialized Data Size : 57344 Uninitialized Data Size : 0 Entry Point : 0x103cd OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-04-26 23:13:16
VirusShare info last updated 2012-07-26 02:04:57

	MD5	53b794e83b5b8a1d61fc3a8b5aaec2e3
	SHA1	b2da7b26aaee34d0ee7b64dfe95494767411fc84
	SHA256	f62d28d77fee3b76bbe25d1cb6572b82778e8afb0e520b7a35cb31a0b3469d06
SSDeep	1536:vkeW6oi4sy3s42B6p68LijJjTml9AiOnUQY89sFpglOBFItKPHpUK3:vJAzJLihTIj8zsfItKP
Size	147456 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Graftor.173521 Avast = Win32:Diller-DK [Trj] Ikarus = Trojan.Win32.Webprefix AhnLab-V3 = Trojan/Win32.Vundo K7AntiVirus = Riskware eTrust-Vet = Win32/Vundo.HUP!genus TrendMicro-HouseCall = TROJ_GEN.R30CDDJ Emsisoft = Trojan.Win32.Webprefix!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Vundo McAfee-GW-Edition = Artemis!53B794E83B5B TrendMicro = TROJ_GEN.R30CDDJ Microsoft = Trojan:Win32/Vundo.gen!CA Fortinet = W32/Ponmocup.AZ!tr McAfee = Vundo!pd F-Secure = Gen:Variant.Graftor.17350 VIPRE = Virtumonde F-Prot = W32/Agent.OG.gen!Eldorado AVG = Agent3.BJSG Norman = W32/Troj_Generic.BGTDM Symantec = Trojan.Gen.2 GData = Gen:Variant.Graftor.17350 Commtouch = W32/Agent.OG.gen!Eldorado BitDefender = Gen:Variant.Graftor.17350 NOD32 = a variant of Win32/Ponmocup.BD
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:03:27 18:28:44-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 69632 Initialized Data Size : 77824 Uninitialized Data Size : 0 Entry Point : 0x16ed OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Event Create File Version : 5.1.2600.0 (xpclient.010817-1148) Internal Name : EventCreate.exe Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : EvCreate.exe Product Name : Microsoft® Windows® Operating System Product Version : 5.1.2600.0
VirusTotal Report submitted 2012-04-22 03:45:31
VirusShare info last updated 2012-07-26 02:04:59

	MD5	5cb6ebbf881ed18ebfa7812ea0ca5996
	SHA1	cef3ce5f2aaf37b7d090942d23fd098931a02001
	SHA256	a15b1b5cda363bb40d77b139e08e50a88e75b1d055634785885693e2ea8f7522
SSDeep	3072:80IkLMawnrFT0LTQSAdxMeh6bgRomNO94oupnRS8KlaAIsX18urPiSwICk:80ImMawr90LcZdieQcKm88EiAxX1Hri
Size	199168 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Downloader.Gen Avast = Win32:Evo-gen [Susp] Ikarus = Trojan-Downloader.Small Panda = Suspicious file K7AntiVirus = Riskware Emsisoft = Trojan-Downloader.Small!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Artemis!5CB6EBBF881E DrWeb = Trojan.WinSpy.1644 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Ponmocup.AA McAfee = Artemis!5CB6EBBF881E F-Secure = Gen:Trojan.Heur.RP.mmGfa4yCBcd VIPRE = Trojan.Win32.Generic!BT F-Prot = W32/FakeAlert.FY.gen!Eldorado AVG = Downloader.Small.62.D Norman = W32/Obfuscated_L Sophos = Sus/Dropper-A GData = Gen:Trojan.Heur.RP.mmGfa4yCBcd Symantec = Suspicious.MH690.A Commtouch = W32/FakeAlert.FY.gen!Eldorado BitDefender = Gen:Trojan.Heur.RP.mmGfa4yCBcd NOD32 = a variant of Win32/Ponmocup.AA
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 200704 Initialized Data Size : 4096 Uninitialized Data Size : 397312 Entry Point : 0x92060 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-04-18 10:14:46
VirusShare info last updated 2012-07-26 02:05:18

	MD5	8512573f3dab6a5bb392b34f04fdcef0
	SHA1	baf6cc8e8e5e7f49f380ea09d114e5bfce3fec84
	SHA256	2571dd95825a48b914048672f35b056ad2798b65108e915e4206f0a6dac304e2
SSDeep	1536:KMAniG+/xGQL5zGlXDx5xjv7dZjsvjf66lP:R/HslXDBvJJsLfxP
Size	61952 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.XPACK.Gen Avast = Win32:Suprchu [Adw] Antiy-AVL = Trojan/Win32.Genome Ikarus = Win32.SuspectCrc AhnLab-V3 = Trojan/Win32.HDC Rising = Trojan.Win32.Ponmocup.a K7AntiVirus = Riskware eTrust-Vet = Win32/Vundo.K!generic TrendMicro-HouseCall = TROJ_GEN.R30CDD2 Emsisoft = Win32.SuspectCrc!IK Comodo = TrojWare.Win32.Ponmocup.aa CAT-QuickHeal = Trojan.Vundo SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[Cont] McAfee-GW-Edition = Artemis!8512573F3DAB DrWeb = Adware.Searcher.1830 TrendMicro = TROJ_GEN.R30CDD2 Kaspersky = not-a-virus:AdWare.Win32.Zwangi.heur Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.TMS!tr Jiangmin = DangerousObject.Multi.ebi McAfee = Artemis!8512573F3DAB F-Secure = Gen:Variant.Graftor.1470 VIPRE = Virtumonde F-Prot = W32/GenTroj.A.gen!Eldorado AVG = Generic25.AIWC Sophos = Troj/Virtum-Gen GData = Gen:Variant.Graftor.1470 Symantec = Trojan.Gen.2 Commtouch = W32/GenTroj.A.gen!Eldorado TheHacker = Trojan/Ponmocup.aa BitDefender = Gen:Variant.Graftor.1470 NOD32 = Win32/Ponmocup.AA
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 20480 Initialized Data Size : 45056 Uninitialized Data Size : 0 Entry Point : 0x13ea OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.5512 Product Version Number : 5.1.2600.5512 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 4 Language Code : English (U.S.) Character Set : Unicode Company Name : Tccbllsps Corp., 3Dlabs Inc. Ltd. File Description : Permedia2 Miniport Driver File Version : 1.00-0009 (MS) (xpsp.080413-2108) Internal Name : perm2.sys Legal Copyright : Copyright (C) Sqroxdeau Corp., 3Dlabs Inc. Ltd.1998-2001 Original Filename : perm2.sys Product Name : Lnpbnpznv® Jvsdygc® Quuedsaci Xghuwp Product Version : 5.1.2600.5512
VirusTotal Report submitted 2012-04-04 00:07:34
VirusShare info last updated 2012-07-26 02:07:26

	MD5	9744c659811fbd78446acd08a4fbeacd
	SHA1	18630169f8f7f5c5ecdea056bdf11db42347ae26
	SHA256	8fe0e4d8793f07fab223afcaee0706aa3a746251bc8e614728a640cf20b7dad3
SSDeep	1536:KJgjoZRmVFybK42B/Qw8Lis2+j+mYK+804TAqur3Ela91I4Vteq6WI:QGglLiGiBK+2sqc0o04Vth7I
Size	126976 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Offend.kdv.597466.1 Avast = Win32:Diller-DH [Trj] Ikarus = Trojan.Win32.Webprefix nProtect = Trojan.Generic.KDV.597466 K7AntiVirus = Riskware Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Webprefix!IK McAfee-GW-Edition = Generic.dx!bdxf Fortinet = W32/Ponmocup.BV McAfee = Generic.dx!bdxf F-Secure = Trojan.Generic.KDV.597466 AVG = Agent3.BLBS GData = Trojan.Generic.KDV.597466 BitDefender = Trojan.Generic.KDV.597466 NOD32 = Win32/Ponmocup.BV
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2012:03:18 20:00:00-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 73728 Initialized Data Size : 53248 Uninitialized Data Size : 0 Entry Point : 0x2131 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-04-14 14:10:52
VirusShare info last updated 2012-07-26 02:09:14

	MD5	bf72a6aea6ff3c8b32ac9e363d57c8ee
	SHA1	4d8978127eb1bc8b69116fe667c849278dc4c949
	SHA256	abe41f7ef0b7d5773d88f1802eceef3ab5d6e0ca7e35ebe0fb02374bb1210e26
SSDeep	1536:6KMZeW6oi4sy3s42B6p68LijJjTmSn84/LeDqpbovPseP6lOBFItxPHpUK3:tMqAzJLihTt84/aDiYPlSsfItxP
Size	147456 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Graftor.173521 Avast = Win32:Diller-DK [Trj] Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Webprefix AhnLab-V3 = Trojan/Win32.Vundo Panda = Trj/Genetic.gen Rising = Trojan.Win32.Generic.12BFAE4E K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_GEN.R47CCD9 Emsisoft = Trojan.Win32.Webprefix!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Vundo McAfee-GW-Edition = Vundo.gen.ft TrendMicro = TROJ_GEN.R47CCD9 Microsoft = Trojan:Win32/Vundo.gen!CA Fortinet = W32/Ponmocup.AZ!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.HUP!genus Jiangmin = Trojan/Genome.bneb McAfee = Vundo.gen.ft ClamAV = PUA.Win32.Packer.Msvcpp-1 F-Secure = Gen:Variant.Graftor.17350 VIPRE = Virtumonde F-Prot = W32/Agent.OG.gen!Eldorado AVG = Agent3.BJSG Norman = W32/Troj_Generic.AUEXS Sophos = Troj/Virtum-Gen GData = Gen:Variant.Graftor.17350 Symantec = Trojan.Gen.2 Commtouch = W32/Agent.OG.gen!Eldorado TheHacker = Trojan/Ponmocup.bd BitDefender = Gen:Variant.Graftor.17350 NOD32 = a variant of Win32/Ponmocup.BD
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:03:27 18:28:44-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 69632 Initialized Data Size : 77824 Uninitialized Data Size : 0 Entry Point : 0x16ed OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Event Create File Version : 5.1.2600.0 (xpclient.010817-1148) Internal Name : EventCreate.exe Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : EvCreate.exe Product Name : Microsoft® Windows® Operating System Product Version : 5.1.2600.0
VirusTotal Report submitted 2012-06-10 06:46:11
VirusShare info last updated 2012-07-26 02:12:25

	MD5	c9507e0de4c546a3bdc7c9ad7ba83fd6
	SHA1	8cbd1a25e0db7db5d42d5d2354e3a1520751d188
	SHA256	9f20de07277315567229d9e748c9a18bb6da3aa02a95dbe89a94eac0e6a4d0d2
SSDeep	1536:YCMqHa2yt8y2J/JbQDwLYVw2t5rse85iWaYB9FKMCD2TfMapWHakmCCl+o:PaP8y2Jw6YLrSiQKD2Mac6BlT
Size	89088 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.ZPACK.Gen2 Avast = Win32:Diller-DK [Trj] Ikarus = Trojan.Win32.Webprefix AhnLab-V3 = Trojan/Win32.Diller Panda = Suspicious file K7AntiVirus = Riskware VirusBuster = Trojan.Ponmocup!lV7hP4tN7rc TrendMicro-HouseCall = TROJ_GEN.R29C7EH Emsisoft = Trojan.Win32.Webprefix!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Artemis!C9507E0DE4C5 TrendMicro = TROJ_GEN.R29C7EH Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!CB Fortinet = W32/Ponmocup.AZ!tr McAfee = Artemis!C9507E0DE4C5 F-Secure = Gen:Variant.Barys.2146 VIPRE = Trojan.Win32.Generic!BT AVG = Agent3.BJUK Norman = W32/Troj_Generic.AWJMK Sophos = Troj/Virtum-Gen GData = Gen:Variant.Barys.2146 TheHacker = Trojan/Ponmocup.bf BitDefender = Gen:Variant.Barys.2146 NOD32 = a variant of Win32/Ponmocup.BF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2012:03:04 19:00:00-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 45056 Initialized Data Size : 49152 Uninitialized Data Size : 0 Entry Point : 0x25a9 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-06-05 16:05:08
VirusShare info last updated 2012-07-26 02:12:55

	MD5	260f63749fb8b6945da0ddc1e78b4fbf
	SHA1	dabb317c637e3aa9ed0ea54f50fc5d2d5968ebad
	SHA256	aba1be3980330d38471cc661014bba9eadbedcec2484cb33e0366dc34773ea38
SSDeep	1536:HurcESs4sgks6IBDiPMxX1SG7N6jC8oXCB//NARMBOkZ6spDU/KqPlwSls6L:HugEwAeokxX1SGojC0BLBOS6spDU/Kql
Size	94720 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.ZPACK.Gen2 Avast = Win32:Diller-DK [Trj] Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = AdWare.Win32.EoRezo Panda = Suspicious file K7AntiVirus = Riskware VirusBuster = Trojan.Ponmocup!xHilRuPGgmQ TrendMicro-HouseCall = TROJ_GEN.R01CDDB Comodo = UnclassifiedMalware Emsisoft = AdWare.Win32.EoRezo!IK CAT-QuickHeal = Adware.EoRezo.iw4 (Not a Virus) McAfee-GW-Edition = Vundo.gen.ft TrendMicro = TROJ_GEN.R01CDDB Microsoft = Adware:Win32/EoRezo Fortinet = W32/Ponmocup.AZ!tr PCTools = Trojan.Gen McAfee = Vundo.gen.ft ClamAV = PUA.Win32.Packer.Msvcpp F-Secure = Gen:Variant.Graftor.13973 VIPRE = Trojan.Win32.Generic!BT eSafe = Win32.TRCrypt.ZPACK AVG = Generic4.CLEH Norman = W32/Troj_Generic.AUSTP Sophos = Troj/Virtum-Gen GData = Gen:Variant.Graftor.13973 Symantec = Trojan.Gen.2 TheHacker = Trojan/Ponmocup.aa BitDefender = Gen:Variant.Graftor.13973 NOD32 = Win32/Ponmocup.AA
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:03:23 07:03:05-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 49152 Initialized Data Size : 57344 Uninitialized Data Size : 0 Entry Point : 0x3175 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-06-10 17:27:35
VirusShare info last updated 2012-07-26 02:20:18

	MD5	2926c74c1d49e7452b5c6ffdf8635996
	SHA1	91753e6f7ae11707db68f1f19e6bf50b17c5af3d
	SHA256	2b69171cafbf89c57ab7b8225d6302090d83168f63e82addb6889215bd33997a
SSDeep	3072:kCXgrq7T+N9b/8Ly83dE+rQdLtlUxloY1ZD:kBqi50Ly0dEOmXUxlL
Size	176128 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.ZPACK.Gen2 Avast = Win32:Diller-AF [Trj] Ikarus = Trojan.Win32.Pirminay K7AntiVirus = Riskware Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Artemis!2926C74C1D49 Fortinet = W32/Ponmocup.AZ!tr McAfee = Artemis!2926C74C1D49 VIPRE = Trojan.Win32.Generic!BT AVG = Agent3.BNVL Norman = W32/Kryptik.AIF GData = Gen:Variant.Barys.2146 TheHacker = Trojan/Ponmocup.cf BitDefender = Gen:Variant.Barys.2146 NOD32 = a variant of Win32/Ponmocup.CF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2012:04:23 20:00:00-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 118784 Initialized Data Size : 53248 Uninitialized Data Size : 0 Entry Point : 0x13c3b OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-05-05 14:00:32
VirusShare info last updated 2012-07-26 02:20:23

	MD5	348bb285ca56b99ab8f556f578f8f6e4
	SHA1	d9c81104f590b355faf9c8a14fddf8267c1cf159
	SHA256	034b15c0b653f0eab938dd2e43c19aeb361c368ae2d562949cdb2069899eb6be
SSDeep	1536:dvCl8uH7WPzW2LTH2B8OV8LijQNEPomQzIiMtTmV+0fmGzoTWO3EJj9:dQWPCc9LicBRIiMtTb0fmGzqWAE
Size	122880 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.ZPACK.Gen2 Avast = Win32:Diller-DD [Trj] Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Webprefix AhnLab-V3 = Malware/Win32.Generic Panda = Generic Trojan nProtect = Trojan.Generic.KDV.593353 K7AntiVirus = Riskware VirusBuster = Trojan.Ponmocup!VVnoXy4LAk0 TrendMicro-HouseCall = TROJ_GEN.R11CDEP Emsisoft = Trojan.Win32.Webprefix!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Generic.dx!bdw4 TrendMicro = TROJ_GEN.R11CDEP Microsoft = Trojan:Win32/Vundo.gen!CB Fortinet = W32/Ponmocup.AZ!tr McAfee = Vundo.gen.ft ClamAV = PUA.Win32.Packer.Msvcpp-1 F-Secure = Trojan.Generic.KDV.593353 VIPRE = Trojan.Win32.Generic!BT AVG = Agent3.BKTH Norman = W32/Troj_Generic.AXUML Sophos = Troj/Virtum-Gen GData = Trojan.Generic.KDV.593353 Symantec = WS.Reputation.1 BitDefender = Trojan.Generic.KDV.593353 NOD32 = a variant of Win32/Ponmocup.BU
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:31 19:12:26-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 73728 Initialized Data Size : 49152 Uninitialized Data Size : 0 Entry Point : 0x1d85 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-06-09 13:55:20
VirusShare info last updated 2012-07-26 02:20:53

	MD5	7faac41735765422912f41b5cae37ffa
	SHA1	cd98cf6aa045f7ab7c72b69e64bda602ab8ee116
	SHA256	ffbcd0ad810951ce8177015159375c3999cca8e18354337b5c5f1255a58429d3
SSDeep	3072:HuV5pv8kQLcMbUKlGvkMc4/UZkl0H4kmnc6t8D7C:H/cMbUKltMc48Z7Hut4C
Size	163840 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Ponmocup.A Avast = Win32:Diller-AF [Trj] Antiy-AVL = AdWare/Win32.SuperJuan Ikarus = Win32.SuspectCrc AhnLab-V3 = Adware/Win32.SuperJuan Panda = Suspicious file Rising = Trojan.Win32.Generic.12C03FF6 K7AntiVirus = Adware VirusBuster = Adware.SuperJuan!GeSSARJ/QYU eTrust-Vet = Win32/Vundo.HTW!genus TrendMicro-HouseCall = TROJ_GEN.R47CCDB Comodo = UnclassifiedMalware Emsisoft = Win32.SuspectCrc!IK CAT-QuickHeal = Trojan.Vundo SUPERAntiSpyware = Trojan.Agent/Gen-Ponmocup McAfee-GW-Edition = Generic PUP.z!mz DrWeb = Trojan.Juan.837 TrendMicro = TROJ_GEN.R47CCDB Kaspersky = not-a-virus:AdWare.Win32.SuperJuan.ailk Microsoft = Trojan:Win32/Vundo.gen!CA Fortinet = W32/Agent.BOM!tr Jiangmin = Adware/SuperJuan.auo McAfee = Generic PUP.z!mz F-Secure = Gen:Variant.Graftor.12472 VIPRE = Virtumonde eSafe = Win32.TRCrypt.ZPACK F-Prot = W32/Agent.ON.gen!Eldorado AVG = Generic26.BOMO Norman = W32/Troj_Generic.AQGAI GData = Gen:Variant.Graftor.12472 Symantec = Trojan.Gen.2 Commtouch = W32/Agent.ON.gen!Eldorado TheHacker = Trojan/Ponmocup.aa BitDefender = Gen:Variant.Graftor.12472 NOD32 = Win32/Ponmocup.AA
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 8.0 Code Size : 102400 Initialized Data Size : 57344 Uninitialized Data Size : 0 Entry Point : 0x103cd OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-04-27 18:46:53
VirusShare info last updated 2012-07-26 02:24:42

	MD5	997c74d95b4966567ee4c45abc473650
	SHA1	a990aa63a054849d0c64ed7724259896de064943
	SHA256	5221a1e7a52801379f25f88b3a14a23c8337225858596977d00159f1db55ea0c
SSDeep	3072:XKkGM8cmrYaCCTcoig8Yat7PsPV96YIC6vJFwrrlFOcB:XKkGM8J0ic9g8Yk7kNEBC6vJETZB
Size	147456 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Diller.A.3 Avast = Win32:Diller-DK [Trj] Ikarus = Trojan.Win32.Webprefix Panda = Suspicious file K7AntiVirus = Riskware Emsisoft = Trojan.Win32.Webprefix!IK McAfee-GW-Edition = Generic.dx!b2fd Fortinet = W32/Ponmocup.AZ!tr McAfee = Generic.dx!b2fd F-Secure = Gen:Variant.Barys.2146 VIPRE = Trojan.Win32.Generic!BT AVG = Agent3.BLOB Norman = W32/Suspicious_Gen4.AECUT GData = Gen:Variant.Barys.2146 BitDefender = Gen:Variant.Barys.2146 NOD32 = a variant of Win32/Ponmocup.BT
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2012:03:31 20:00:00-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 90112 Initialized Data Size : 53248 Uninitialized Data Size : 0 Entry Point : 0xd38d OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-05-11 05:44:52
VirusShare info last updated 2012-07-26 02:25:53

	MD5	cd5e5f3a54d2496f6f07ed81c0975355
	SHA1	0ffb251a267e4dc1c5e421f036850dde4dfe9ac3
	SHA256	716c106b35be98e7eb7f5f2d7f5849198e0ce4c98bc0e07afc75e608943c70de
SSDeep	1536:ygQxQWmW7OLyIa1ibDvmhDtnBwS6Ez4Unzuo9yH:KmP7bD4BwST0Unzuo9+
Size	62976 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.XPACK.Gen Avast = Win32:Suprchu [Adw] Antiy-AVL = Trojan/Win32.Genome Ikarus = Trojan.SuspectCRC Panda = Suspicious file Rising = Trojan.Win32.Ponmocup.a K7AntiVirus = Riskware eTrust-Vet = Win32/Vundo.HTR!genus TrendMicro-HouseCall = TROJ_GEN.R47CDE3 Comodo = TrojWare.Win32.Ponmocup.aa Emsisoft = Trojan.SuspectCRC!IK CAT-QuickHeal = Trojan.Vundo.AV.iw5 McAfee-GW-Edition = Artemis!CD5E5F3A54D2 DrWeb = Trojan.Click2.3941 TrendMicro = TROJ_GEN.R47CDE3 Kaspersky = not-a-virus:AdWare.Win32.Zwangi.heur Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.TMS!tr Jiangmin = DangerousObject.Multi.ciw McAfee = Artemis!CD5E5F3A54D2 F-Secure = Gen:Variant.Barys.1667 VIPRE = Virtumonde F-Prot = W32/GenTroj.A.gen!Eldorado AVG = Generic25.OVJ Norman = W32/Troj_Generic.BOJOG Sophos = Troj/Virtum-Gen GData = Gen:Variant.Barys.1667 Commtouch = W32/GenTroj.A.gen!Eldorado TheHacker = Trojan/Kryptik.tms BitDefender = Gen:Variant.Barys.1667 NOD32 = Win32/Ponmocup.AA
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 20480 Initialized Data Size : 45056 Uninitialized Data Size : 0 Entry Point : 0x13fa OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 4.0.2.5322 Product Version Number : 4.0.2.5322 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Qdbfzycxo Rtfcqvbydtc File Description : Sgvulzfhl FrontPage Server Extensions File Version : 4.0.2.5322 Original Filename : FPSRVCGI.DLL Legal Copyright : Copyright © 1995-1999 Uzypupxfq Ydifxcetqhs, All rights reserved. Legal Trademark 1 : Geufhchds®, Cnnybtq®, and FrontPage® are registered trademarks of Rbldknznv Wuoyggdncet, and WebBot is a trademark of Jcrtubsue Krpfywyhhkc, in the United States and/or other countries. Product Name : Npgutefmg® FrontPage® 2000 Product Version : 4.0.2.5322
VirusTotal Report submitted 2012-05-05 18:13:08
VirusShare info last updated 2012-07-26 02:27:33

	MD5	e0290168ed2ec61686ab03b7423cd18f
	SHA1	27f58a271af99d6e3bc5240b167150e6e7805209
	SHA256	022f56ebf3d924edd24144a6484676a86d4c9994734c3cb5cd2991b16c9b9566
SSDeep	6144:sfOuuhi/t1ONf68IFctjNZ5dtM9T2PfiX:snuhQAfntJxtMV2Pfi
Size	318976 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.XPACK.Gen Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Agent.gen Ikarus = Trojan-Downloader.Win32.Ponmocup AhnLab-V3 = Downloader/Win32.Agent Panda = Suspicious file K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!pFpxz8Ok6YQ VBA32 = Trojan.Genome.xdrd TrendMicro-HouseCall = TROJ_GEN.R47C7KD Comodo = Packed.Win32.MUPX.Gen Emsisoft = Trojan-Downloader.Win32.Ponmocup!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[Cont] McAfee-GW-Edition = Generic Downloader.x!g2z DrWeb = Trojan.Winlock.4480 TrendMicro = TROJ_GEN.R47C7KD Kaspersky = Trojan-Downloader.Win32.Agent.toyk Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Downloader_x.G2Z!tr PCTools = Trojan.Gen Jiangmin = Trojan/Jorik.rzr McAfee = Generic Downloader.x!g2z F-Secure = Gen:Variant.Graftor.3065 VIPRE = Trojan.Win32.Generic!BT AVG = Generic25.BKIQ Norman = W32/Suspicious_Gen2.SBPKZ Sophos = Mal/Generic-L GData = Gen:Variant.Graftor.3065 Symantec = Trojan.Gen BitDefender = Gen:Variant.Graftor.3065 NOD32 = probably a variant of Win32/Kryptik.UEO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:24 13:07:20-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 253952 Initialized Data Size : 20480 Uninitialized Data Size : 49152 Entry Point : 0x155b OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1.0.13.0 Product Version Number : 1.0.13.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 1 Language Code : Danish Character Set : Unicode Comments : Company Name : Sjokoqafc Bylciaaxipq File Description : Lexmark Z51 Color Jetprinter File Version : 1, 0, 13, 0 Internal Name : LXROSRES.DLL Legal Copyright : Copyright (C) Ywrgabexh Corp. 1981-1997 Legal Trademarks : Original Filename : OEMRES Private Build : Product Name : Shcddnxod(R) Dlqmtjo NT(R) Operativsystem Product Version : 1, 0, 13, 0 Special Build :
VirusTotal Report submitted 2012-04-24 11:09:21
VirusShare info last updated 2012-07-26 02:28:12

	MD5	0eec19fbb07fa8f423c3ae9cb7f717fa
	SHA1	36437260ca4eaa9edb2a949edce5bd1ceb504edd
	SHA256	acdc9ff11258eb937f1f19c50e3bcb5422fae44003b2706f10ca53945143220d
SSDeep	3072:IVK1C5Kl19UkYp4FG83OHwHuTwyBIuEVSmP7bNbOWvf7PMYlfln5ImVc:IuptYyFG3HIhMIzSmP7hbZv75I
Size	237568 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.XPACK.Gen Avast = Win32:Inject-AKX [Trj] Ikarus = Trojan.Win32.Jorik AhnLab-V3 = Trojan/Win32.Jorik Panda = Suspicious file nProtect = Trojan/W32.Agent.237568.PT K7AntiVirus = Trojan VBA32 = TrojanDownloader.Qhost.jw TrendMicro-HouseCall = TROJ_GEN.R4FC3IG Emsisoft = Trojan.Win32.Jorik!IK Comodo = TrojWare.Win32.Trojan.Agent.Gen McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.WinSpy.1014 TrendMicro = TROJ_GEN.R4FC3IG Kaspersky = Trojan.Win32.Pakes.ptz ViRobot = Trojan.Win32.Generic.213555 Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Jorik.K!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.hxys McAfee = Generic Malware.ms F-Secure = Trojan.Generic.KDV.312340 VIPRE = Trojan.Win32.Generic!BT AVG = Dropper.Generic4.XFZ Norman = W32/Kryptik.ALS Sophos = Mal/Generic-L GData = Trojan.Generic.KDV.312340 Symantec = Trojan.Gen TheHacker = Trojan/Pakes.ptz BitDefender = Trojan.Generic.KDV.312340 NOD32 = a variant of Win32/Kryptik.UFA
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 16384 Initialized Data Size : 225280 Uninitialized Data Size : 0 Entry Point : 0x138e OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.1830 Product Version Number : 5.2.3790.1830 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Ehetqqxmp Olrfxxonoit File Description : Run a DLL as an App File Version : 5.2.3790.1830 (srv03_sp1_rtm.050324-1447) Internal Name : rundll Legal Copyright : © Bvtlfzxbv Xblqmaqusxt. All rights reserved. Original Filename : RUNDLL.EXE Product Name : Microsoft® Crhnmna® Fdedxtfdy Rzegly Product Version : 5.2.3790.1830
VirusTotal Report submitted 2012-04-30 00:56:39
VirusShare info last updated 2012-07-26 02:30:57

	MD5	11ca4e929b9734de2124988a154d80cf
	SHA1	0001269f0b6abf611c73f9a5d73060fc6a353bc0
	SHA256	c3f5bbbcfc8428129b21a753e585fe9128a754af0331d11a9c3e100104fc1500
SSDeep	1536:3oMM65TKjEI+0Gs60BIZGOMyORKG2aY3SEgXRGXnnckFDJSKsew+k/ISEEHrI615:3oWKws6YI5MyO83SancODJSgLkzHrI
Size	102912 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.ZPACK.Gen2 Avast = Win32:Diller-DK [Trj] Ikarus = Trojan.Win32.Webprefix Panda = Trj/CI.A K7AntiVirus = Riskware Emsisoft = Trojan.Win32.Webprefix!IK McAfee-GW-Edition = Artemis!11CA4E929B97 Fortinet = W32/Ponmocup.AZ!tr McAfee = Artemis!11CA4E929B97 F-Secure = Gen:Variant.Graftor.19650 VIPRE = Trojan.Win32.Generic!BT AVG = Agent3.BKWD Norman = W32/Suspicious_Gen4.AEGTU GData = Gen:Variant.Graftor.19650 Symantec = WS.Reputation.1 BitDefender = Gen:Variant.Graftor.19650 NOD32 = a variant of Win32/Ponmocup.BN
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2012:03:24 20:00:00-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 57344 Initialized Data Size : 49152 Uninitialized Data Size : 0 Entry Point : 0x5309 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-05-06 07:40:04
VirusShare info last updated 2012-07-26 02:31:06

	MD5	15668928738c3740095593ececc070ad
	SHA1	377ea421b92201762a41eda41934d91f51ae2258
	SHA256	b358831e129127a7cfff6de5ff8671ee12ee97e0f8326b12fd9a638f38041912
SSDeep	6144:Jru7dSTOxCygPz+5TdsB0fovzFDOGhn/:JyVxj8+5NgRDD
Size	211968 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:Pirminay-CS [Trj] Ikarus = Trojan.Win32.Jorik AhnLab-V3 = Trojan/Win32.Jorik Panda = Trj/CI.A K7AntiVirus = Trojan VirusBuster = Trojan.Injector!FhbJwurWWGo VBA32 = Trojan.Jorik.Pirminay.be TrendMicro-HouseCall = TROJ_GEN.R4FC1KG Emsisoft = Trojan.Win32.Jorik!IK McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.DownLoader4.27619 TrendMicro = TROJ_GEN.R4FC1KG Kaspersky = Trojan.Win32.Jorik.Pirminay.jy Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Jorik.K!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.hxys McAfee = Generic Malware.ms ClamAV = Trojan.Jorik-425 F-Secure = Gen:Variant.Renos.106 VIPRE = Trojan.Win32.Generic!BT AVG = Dropper.Generic4.SYU Norman = W32/Kryptik.ALS Sophos = Mal/Generic-L GData = Gen:Variant.Renos.106 Symantec = Trojan.Gen TheHacker = Trojan/Injector.hzu BitDefender = Gen:Variant.Renos.106 NOD32 = a variant of Win32/Kryptik.UFA
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 16384 Initialized Data Size : 200704 Uninitialized Data Size : 0 Entry Point : 0x135e OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Txkiipzae Lwariveryos File Description : Ndcjasupc Neutral Natural Language Server Data and Code File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : NlsData0019 Legal Copyright : © Hnlgdwxrg Ynbrkqnuwos. All rights reserved. Original Filename : NlsData0019.dll Product Name : Rhipogzpn® Ppasnas® Jfyttahsm Gcoyal Product Version : 6.1.7600.16385
VirusTotal Report submitted 2012-04-30 00:12:01
VirusShare info last updated 2012-07-26 02:31:16

	MD5	35c0607e6b84ed3da8cfe8d6fbe86cec
	SHA1	3c0f7912902f8a7089c63f1dbc2f939566a5e3a2
	SHA256	60c02e0184f320bb5f01be834f62caffa1f68f27d6b9655fae93b6594ecd6b8b
SSDeep	6144:bzJi8KQQjruhShnCasx5zU0ti/+sxyhO6vDptfOsXKei7z7:HtKh+hcnyzUtEhO6VtfkTz7
Size	306589 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Fakealert.39.22 Avast = Win32:Trojan-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/CI.A nProtect = Trojan.Generic.6175009 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!n6H89CPMoQA TrendMicro-HouseCall = TROJ_RENOS.BMC Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Artemis!35C0607E6B84 DrWeb = Trojan.WinSpy.1647 TrendMicro = TROJ_RENOS.BMC Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Jorik.lup McAfee = Artemis!35C0607E6B84 F-Secure = Trojan.Generic.6175009 VIPRE = Trojan.Win32.Generic!BT AVG = Generic23.MYN Norman = W32/Suspicious_Gen2.QFENA Sophos = Mal/Ponmocup-A GData = Trojan.Generic.6175009 Symantec = Trojan.Gen TheHacker = Trojan/Jorik.Pirminay.kq BitDefender = Trojan.Generic.6175009 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2005:03:22 23:15:54-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 307200 Initialized Data Size : 4096 Uninitialized Data Size : 421888 Entry Point : 0xb1f20 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.0.2179.1 Product Version Number : 5.0.2179.1 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Cjeylsnie Pjwvjmknkte File Description : Cluster Command Line Utility File Version : 5.00.2179.1 Internal Name : cluster Legal Copyright : Copyright (C) Orycczycf Corp. 1981-1999 Original Filename : cluster Product Name : Aquowkrti(R) Windows (R) 2000 Tvqfmipma Powvkd Product Version : 5.00.2179.1
VirusTotal Report submitted 2012-04-29 21:32:51
VirusShare info last updated 2012-07-26 02:32:40

	MD5	44f2d5a6d53ef6c0ab566de613bc016a
	SHA1	078a5598eea5fe708d320060daeb5fe5d803cb87
	SHA256	8f90a604e5f4d4b2c1efb5c5aacf3bc478ead99a569ec7864beeeba7b3ee2a28
SSDeep	6144:wvIcJzj2PbZPUL4p04u+rl9r8DvCXVY9QRACk:wv1BOPULeHYqRF
Size	236032 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.XPACK.Gen Avast = Win32:Crypt-KPK [Trj] Antiy-AVL = Trojan/Win32.Jorik Ikarus = Trojan.Win32.Jorik AhnLab-V3 = Trojan/Win32.Jorik K7AntiVirus = Trojan VirusBuster = Trojan.Kryptik!JXsMegD8+48 VBA32 = Trojan.Jorik.Pirminay.ajz TrendMicro-HouseCall = TROJ_GEN.R11C7K9 Emsisoft = Trojan.Win32.Jorik!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Jorik.Pirminay.amo McAfee-GW-Edition = Heuristic.LooksLike.Win32.FakeXPA.B DrWeb = Trojan.Fakealert.25675 TrendMicro = TROJ_GEN.R11C7K9 Kaspersky = Trojan.Win32.Jorik.Pirminay.amo Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Jorik_Pirminay.A!tr PCTools = Trojan.Gen Jiangmin = Trojan/Jorik.teo McAfee = Generic Malware.ms F-Secure = Gen:Variant.Graftor.1488 VIPRE = Trojan.Win32.Generic!BT AVG = Generic25.ADAE Norman = W32/Obfuscated.L Symantec = Trojan.Gen GData = Gen:Variant.Graftor.1488 TheHacker = Trojan/Kryptik.tyo BitDefender = Gen:Variant.Graftor.1488 NOD32 = a variant of Win32/Kryptik.TYO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 28672 Initialized Data Size : 217088 Uninitialized Data Size : 0 Entry Point : 0x153b OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.1830 Product Version Number : 5.2.3790.1830 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Ajvmqifkw Yyeaqzcwilw File Description : Remote Access AutoDial Helper File Version : 5.2.3790.1830 (srv03_sp1_rtm.050324-1447) Internal Name : rasadhlp.dll Legal Copyright : © Hltjautja Itynznljjua. All rights reserved. Original Filename : rasadhlp.dll Product Name : Ayopfgudl® Brgdfxt® Wtiguqxpk Zbrlhr Product Version : 5.2.3790.1830
VirusTotal Report submitted 2012-05-17 03:55:22
VirusShare info last updated 2012-07-26 02:33:17

	MD5	72a6e86f8d2ba0f4ba2d6caa240aa860
	SHA1	2e54c848b4bef96a2ca5a71d250025aabdb69cf4
	SHA256	a3c5a19493962494e9ac98d51dc0479ddca90ef678d71aa246933abba422f424
SSDeep	6144:Mbd5VpJ8BvLSg9k0tQxgneH8je//44yHG5tK+DTveZmwq+:sdLpYv2IVtK4eII/fyHGTxeZmH+
Size	317343 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Spy.317417.1 Avast = Win32:Pirminay-AX [Trj] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Tdss Panda = Suspicious file Rising = Trojan.Win32.Generic.12C3959C nProtect = Trojan.Generic.6150826 K7AntiVirus = Riskware VirusBuster = Trojan.DL.Agent!gykBjQS62E8 TrendMicro-HouseCall = TROJ_GEN.R47CCDS Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = TrojanDownloader.Ponmocup SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[Cont] McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.WinSpy.1014 TrendMicro = TROJ_GEN.R47CCDS Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.aeb McAfee = Generic Malware.ms ClamAV = Trojan.Agent-248208 F-Secure = Trojan.Generic.6150826 VIPRE = Trojan.Win32.Generic!BT eSafe = Win32.TRSpy AVG = Generic23.ISD Norman = W32/Troj_Generic.BLWKD Sophos = Troj/Virtum-Gen GData = Trojan.Generic.6150826 Symantec = Trojan.Gen TheHacker = Trojan/Pirminay.ijy BitDefender = Trojan.Generic.6150826 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:11:08 23:34:28-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 315392 Initialized Data Size : 4096 Uninitialized Data Size : 421888 Entry Point : 0xb4890 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 8 Language Code : English (U.S.) Character Set : Unicode Company Name : Tursqgktx Rwqouldyzaf File Description : MCI driver for MIDI sequencer File Version : 6.0.6000.16386 (wrglo_rtm.061101-2205) Internal Name : mciseq Legal Copyright : © Mtjpzynxn Xcomzohjmfl. All rights reserved. Original Filename : mciseq.dll Product Name : Udikhdyzn® Hxlliob® Ptzkfpizr Mdrgda Product Version : 6.0.6000.16386
VirusTotal Report submitted 2012-05-03 05:50:11
VirusShare info last updated 2012-07-26 02:35:03

	MD5	abf0814452e76e96e1a349bb37b65ccb
	SHA1	89e0d10dc3a30026dabab96da995ee93fda4d203
	SHA256	c3a0046c391e500c931e15fa207aa25739b06a70657b962717ba05ce0729bc81
SSDeep	6144:TTNP6KfUYq2NT27kPSb8iGzZwf7t/VwpALbN6ehVvQB7YHZaTFVSek3lnxiVy5:Z6UlJ27ASblKZct/V4WbZQ8eSlnxp
Size	416768 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.XPACK.Gen Avast = Win32:Pirminay-AO [Trj] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.FakeAV nProtect = Trojan/W32.Agent.416768.BI VirusBuster = Trojan.Pirminay!8TCDfMRiUeY TrendMicro-HouseCall = TROJ_PIRM.SMUT Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Generic.dx!baqu DrWeb = Trojan.DownLoader3.60604 TrendMicro = TROJ_PIRM.SMUT Kaspersky = Trojan.Win32.Pirminay.iiv Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.adz McAfee = Generic.dx!baqu F-Secure = Trojan.Generic.6151391 VIPRE = Trojan.Win32.Generic!BT AVG = Generic23.IPT Norman = W32/Suspicious_Gen2.MVYRT Symantec = Trojan.Gen GData = Trojan.Generic.6151391 TheHacker = Trojan/Pirminay.iiv BitDefender = Trojan.Generic.6151391 NOD32 = a variant of Win32/Kryptik.NQS
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2007:02:15 02:15:16-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 417792 Initialized Data Size : 4096 Uninitialized Data Size : 565248 Entry Point : 0xf0020 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.4.2600.0 Product Version Number : 6.4.2600.0 File Flags Mask : 0x30003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Windows, Latin1 Company Name : Rlkjoovld Plnpgtjdwrn File Description : DirectShow ASF Support. File Version : 6.04.2600.0 Internal Name : QASF.dll Legal Copyright : Copyright (C) 1992-2001 Xntnmrcsw Corp. Original Filename : QASF.dll Product Name : DirectShow Product Version : 6.04.2600.0 Direct Show : Core OLE Self Register : DXM20
VirusTotal Report submitted 2012-04-29 23:02:59
VirusShare info last updated 2012-07-26 02:37:28

	MD5	b33be3cef0142ec89fca62277ec3db21
	SHA1	ffe1d379a926c7f4016c0150a427c87dce93f0d6
	SHA256	3c5349d1797638ec4e6ee42912803dcaad8ef27903a5472a841daaa7075300fd
SSDeep	3072:zuV5pv8kQLcMbwKKwGvkMc4/UZkl0HEYbz57f5c6t8DAC:z/cMb5KwtMc48Z7HEYbz5Rt7C
Size	163840 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Ponmocup.A Avast = Win32:Diller-AF [Trj] Antiy-AVL = AdWare/Win32.SuperJuan Ikarus = Win32.SuspectCrc AhnLab-V3 = Adware/Win32.SuperJuan Panda = Suspicious file nProtect = Trojan.Generic.7359494 K7AntiVirus = Riskware VirusBuster = Adware.SuperJuan!vsP9eQXIDRU eTrust-Vet = Win32/Vundo.HTW!genus TrendMicro-HouseCall = TROJ_VUNDO.SMEO8 Comodo = UnclassifiedMalware Emsisoft = Win32.SuspectCrc!IK SUPERAntiSpyware = Trojan.Agent/Gen-Ponmocup McAfee-GW-Edition = Artemis!B33BE3CEF014 DrWeb = Trojan.Juan.853 TrendMicro = TROJ_VUNDO.SMEO8 Kaspersky = not-a-virus:AdWare.Win32.SuperJuan.aiqr Microsoft = Trojan:Win32/Vundo.gen!CA Fortinet = W32/Agent.BOM!tr PCTools = Trojan.Gen Jiangmin = Adware/SuperJuan.auo McAfee = Artemis!B33BE3CEF014 F-Secure = Trojan.Generic.7359494 VIPRE = Virtumonde F-Prot = W32/Agent.ON.gen!Eldorado AVG = Generic26.BOMO Norman = W32/Troj_Generic.ANTIQ GData = Trojan.Generic.7359494 Symantec = Trojan.Gen.2 Commtouch = W32/Agent.ON.gen!Eldorado TheHacker = Trojan/Ponmocup.aa BitDefender = Trojan.Generic.7359494 NOD32 = Win32/Ponmocup.AA
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 8.0 Code Size : 102400 Initialized Data Size : 57344 Uninitialized Data Size : 0 Entry Point : 0x103cd OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-05-11 15:31:42
VirusShare info last updated 2012-07-26 02:37:45

	MD5	ce1bac35a766e1410929006104f2f013
	SHA1	9d23258613dbfaa299a47830b0c3e5130f1e0921
	SHA256	2c8fbf08e3fe71315ff29d9d59561f2c494e5af3435b25cafdb0ed4549a55dc4
SSDeep	384:/K1ZKqdOLwNWINrmrLHMRDYf+Yw9sbEIjT2TPOCMY32n2P5fIDGtGKXMjtGtVdP/:/K1VdWHUSatIjYj5XsTA1O55y
Size	32768 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Spy.Gen Avast = Win32:Pirminay-EE [Trj] Ikarus = not-a-virus:AdWare.Win32.SuperJuan AhnLab-V3 = Trojan/Win32.Variant Panda = Suspicious file VirusBuster = Trojan.Ponmocup!HmXGOr307QA Comodo = UnclassifiedMalware Emsisoft = Riskware.AdWare.Win32.SuperJuan!IK McAfee-GW-Edition = Artemis!CE1BAC35A766 DrWeb = Trojan.WinSpy.1558 Kaspersky = not-a-virus:AdWare.Win32.SuperJuan.heur Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Ponmocup.AA Jiangmin = Adware/SuperJuan.hk McAfee = Artemis!CE1BAC35A766 F-Secure = Gen:Variant.Vundo.10 VIPRE = Virtumonde AVG = Generic_s.CL GData = Gen:Variant.Vundo.10 BitDefender = Gen:Variant.Vundo.10 NOD32 = a variant of Win32/Ponmocup.AA
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 8192 Initialized Data Size : 23552 Uninitialized Data Size : 0 Entry Point : 0x2f2a OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-05-07 21:52:12
VirusShare info last updated 2012-07-26 02:38:38

	MD5	0c879830a431d60feca2c103eb9607c5
	SHA1	366404053166569c40ee9ffa389af10158e93cb9
	SHA256	f1f6ca813ed8ab0ccca9fefeca2d1ca6e21851fda383a4a7f675f3b55457533e
SSDeep	1536:2IRjvGtaypYelEZr5GyvjEb/K7UWUOtm0MKbasFGYssr:RRrGtay9I9ZvwzKmYm0M1cGYsi
Size	92160 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/VB.Downloader.Gen Avast = Win32:Hosts-J [Trj] Ikarus = Trojan.Win32.Swisyn AhnLab-V3 = Trojan/Win32.Swisyn Panda = Trj/Qhost.LU Rising = Trojan.Win32.QHost.awf nProtect = Trojan/W32.Swisyn.92160.D K7AntiVirus = Trojan VirusBuster = Trojan.Swisyn!whPY1JLc4mw VBA32 = SScope.Trojan.VB.0609 eTrust-Vet = Win32/Swisyn.R TrendMicro-HouseCall = TROJ_FAM_00001e3.TOMA Comodo = TrojWare.Win32.Swisyn.C Emsisoft = Trojan.Win32.Swisyn!IK CAT-QuickHeal = TrojanDownloader.Ponmocup.A3 SUPERAntiSpyware = Trojan.Agent/Gen-Qhost McAfee-GW-Edition = Heuristic.BehavesLike.Win32.Downloader.D DrWeb = Trojan.Siggen.461 TrendMicro = TROJ_FAM_00001e3.TOMA Kaspersky = Trojan.Win32.Swisyn.jyb ViRobot = Trojan.Win32.Swisyn.65024 Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Swisyn.CQV!tr PCTools = Malware.Changeup Jiangmin = Trojan/Swisyn.cby McAfee = Swisyn.s ClamAV = Trojan.VB-43290 F-Secure = Trojan.Qhosts.AVO VIPRE = Trojan.Win32.Swisyn.jyb (v) F-Prot = W32/Swisyn.E.gen!Eldorado AVG = Dropper.VB.CMD Norman = W32/DLoader.ACMAD Sophos = Mal/Swisyn-D GData = Trojan.Qhosts.AVO Symantec = W32.Changeup!gen Commtouch = W32/Swisyn.E.gen!Eldorado TheHacker = Trojan/Swisyn.jyb BitDefender = Trojan.Qhosts.AVO NOD32 = Win32/Qhost.NRX
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:13 10:28:38-04:00 PE Type : PE32 Linker Version : 6.0 Code Size : 8192 Initialized Data Size : 8192 Uninitialized Data Size : 0 Entry Point : 0x1088 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-05-09 03:13:42
VirusShare info last updated 2012-07-26 02:41:43

	MD5	6ddc5fd940f345a919cdc087929bdeac
	SHA1	bde3572ce7828bf2d7d8fabdd9b99383ba1692d7
	SHA256	7ed17729623a2bab777faffe92fb1837fcf7a3df14995ef68a768665b0db3f2e
SSDeep	3072:Dk3vXYXDq9wDUfoTnwwiJuLqMhZOqoW2TIJvJLizJxj+AtV0nEHT5ABW:DPXDq9IUfwBeMhVsIZG+HEHT
Size	199680 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.ZPACK.Gen2 Avast = Win32:Diller-BW [Trj] Ikarus = Win32.Diller AhnLab-V3 = Trojan/Win32.Genome Panda = Trj/Agent.HFM VirusBuster = Trojan.Ponmocup!+R1f47M248c TrendMicro-HouseCall = TROJ_GEN.R47C8CA Emsisoft = Win32.Diller!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Generic.dx!bdkg TrendMicro = TROJ_GEN.R47C8CA Microsoft = VirTool:Win32/Obfuscator.WE Fortinet = W32/Ponmocup.AU McAfee = Generic.dx!bdkg F-Secure = Gen:Variant.Graftor.16659 VIPRE = Trojan.Win32.Generic!BT AVG = Agent3.BIXX Norman = W32/Troj_Generic.BJWIN GData = Gen:Variant.Graftor.16659 Symantec = Trojan.Gen.2 BitDefender = Gen:Variant.Graftor.16659 NOD32 = a variant of Win32/Ponmocup.AU
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2012:02:11 19:00:00-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 151552 Initialized Data Size : 57344 Uninitialized Data Size : 0 Entry Point : 0x1508b OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-05-02 02:47:22
VirusShare info last updated 2012-07-26 02:45:23

	MD5	89ffcacfe026f71f55efa5456d8201dc
	SHA1	6b9cc2c0e84dcad838ea1fdc25f8657825e00e69
	SHA256	80f7591d0e04205a203a54fe8a9e1abc89b3ba4994ef3b2b304981e9d32e4d67
SSDeep	3072:0OhuX/4IR1K25ifqm+8EFounmfElPP6VdSg9:0nRE25fDoBZTSC
Size	102400 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	Avast = Win32:Crypt-MGX [Trj] Ikarus = Trojan.Win32.Webprefix K7AntiVirus = Riskware Emsisoft = Trojan.Win32.Webprefix!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Generic.dx!b2fb Fortinet = W32/Ponmocup.AZ!tr McAfee = Generic.dx!b2fb F-Secure = Gen:Variant.Graftor.19642 VIPRE = Trojan.Win32.Generic!BT AVG = Agent3.BLDS Norman = W32/Suspicious_Gen4.AEIES GData = Gen:Variant.Graftor.19642 BitDefender = Gen:Variant.Graftor.19642 NOD32 = a variant of Win32/Ponmocup.BQ
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:05:19 12:57:35-04:00 PE Type : PE32 Linker Version : 6.0 Code Size : 49152 Initialized Data Size : 49152 Uninitialized Data Size : 0 Entry Point : 0x3659 OS Version : 4.0 Image Version : 4.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-05-11 05:32:21
VirusShare info last updated 2012-07-26 02:46:38

	MD5	a80cbef2d20b3fc0d97b4d72d64ec2e1
	SHA1	4647b1692380d45d62114bbe70d7cc66a02206e0
	SHA256	296be29ee5ab6dc20596015220f73b14e3c28a488df5a117a5533b0973c86f03
SSDeep	6144:B0eDc/OFiJqXD4xZaXQ1jTxUyd7SyBAbky8ffAffKVpTbpixZeSVnjHAGKMs1OD:Btg/+XD4TamRT7vAwy8ffcBhnbAGmED
Size	422265 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.ZPACK.Gen2 Avast = Win32:Zbot-NCY [Trj] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Pirminay.422265 Panda = Suspicious file K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!yMEs/f6hmHk TrendMicro-HouseCall = TROJ_SPNR.30DJ12 Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.DownLoader3.64509 TrendMicro = TROJ_SPNR.30DJ12 Kaspersky = Trojan.Win32.Pirminay.qct Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.yp McAfee = Generic Malware.ms F-Secure = Gen:Variant.Zbot.34 VIPRE = Trojan.Win32.Generic!BT AVG = Generic22.AUVC Norman = W32/Kryptik.AIF GData = Gen:Variant.Zbot.34 Symantec = Trojan.Gen TheHacker = Trojan/Pirminay.hgj BitDefender = Gen:Variant.Zbot.34 NOD32 = a variant of Win32/Kryptik.LLT
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:04:02 17:25:27-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 401408 Initialized Data Size : 331776 Uninitialized Data Size : 0 Entry Point : 0x5e89b OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Sfnmmjmbo Skhwxekjawx File Description : A tool to aid in developing services for CrqwrdcNT File Version : 5.1.2600.0 (bphvxfpq.010817-1148) Internal Name : sc.exe Legal Copyright : © Jwgmgrheo Rrxibwkfswj. All rights reserved. Original Filename : sc.exe Product Name : Ognhyeglj® Ampfcwq® Egwfgpmgs Bpntbe Product Version : 5.1.2600.0
VirusTotal Report submitted 2012-05-05 13:00:17
VirusShare info last updated 2012-07-26 02:47:44

	MD5	e571122c2c22663e6dfc5abe9a6910aa
	SHA1	33c4b0c7406c69237ee1dc679576d2dc061f4351
	SHA256	89c22363e162e279273f969e275b1d49e1bd97030ec3e4a1b0921a561839b939
SSDeep	1536:VYeW6oi4sy3s42B6p68LijJjTmp9AiOnUQY89sFpNl7BFItXPHpUK3:VFAzJLihTUj8SxfItXP
Size	147456 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Graftor.173521 Avast = Win32:Diller-DK [Trj] Ikarus = Trojan.Win32.Webprefix AhnLab-V3 = Trojan/Win32.Vundo Panda = Trj/Genetic.gen K7AntiVirus = Riskware eTrust-Vet = Win32/Vundo.HUP!genus TrendMicro-HouseCall = TROJ_GEN.R47CDDT Emsisoft = Trojan.Win32.Webprefix!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Artemis!E571122C2C22 Microsoft = Trojan:Win32/Vundo.gen!CA Fortinet = W32/Ponmocup.AZ!tr McAfee = Artemis!E571122C2C22 F-Secure = Gen:Variant.Graftor.17350 F-Prot = W32/Agent.OG.gen!Eldorado AVG = Agent3.BJSG Norman = W32/Troj_Generic.BMJHT Sophos = Troj/Virtum-Gen GData = Gen:Variant.Graftor.17350 Commtouch = W32/Agent.OG.gen!Eldorado BitDefender = Gen:Variant.Graftor.17350 NOD32 = a variant of Win32/Ponmocup.BD
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:03:27 18:28:44-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 69632 Initialized Data Size : 77824 Uninitialized Data Size : 0 Entry Point : 0x16ed OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Event Create File Version : 5.1.2600.0 (xpclient.010817-1148) Internal Name : EventCreate.exe Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : EvCreate.exe Product Name : Microsoft® Windows® Operating System Product Version : 5.1.2600.0
VirusTotal Report submitted 2012-04-30 04:07:49
VirusShare info last updated 2012-07-26 02:49:40

	MD5	f13ae7e6760fa28cd9e288d5e5d3f3a9
	SHA1	14c51eb9e29c16de370a5b68588789205991abea
	SHA256	e55f97ea313395500114a84b2fa444fcd1c1d366cb64ff0cec7db70cbf8a2d7f
SSDeep	3072:Njqvr+AMX2zJTHBhgnL89ipsmeHzqQp7rplIL9oBJP:NeMX2zJThhgrum+aQB
Size	147968 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Kazy.YS Avast = Win32:Diller-DK [Trj] Ikarus = Trojan.Win32.Webprefix Panda = Trj/Genetic.gen K7AntiVirus = Riskware Emsisoft = Trojan.Win32.Webprefix!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Artemis!F13AE7E6760F Fortinet = W32/Ponmocup.AZ!tr PCTools = Trojan.Gen McAfee = Generic Malware.hj!pec F-Secure = Gen:Variant.Graftor.16660 VIPRE = Trojan.Win32.Generic!BT AVG = Agent3.BIWY Norman = W32/Troj_Generic.BPIUX Symantec = Trojan.Gen.2 GData = Gen:Variant.Graftor.16660 BitDefender = Gen:Variant.Graftor.16660 NOD32 = a variant of Win32/Ponmocup.AT
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2012:02:25 19:00:00-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 94208 Initialized Data Size : 57344 Uninitialized Data Size : 0 Entry Point : 0xe515 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.0.2134.1 Product Version Number : 5.0.2134.1 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Bpasiymks Ixhfoaguuch File Description : Reset Session Utility File Version : 5.00.2134.1 Internal Name : rwinsta Legal Copyright : Copyright (C) Microsoft Corp. 1981-1999 Original Filename : rwinsta.exe Product Name : Igzaxyssc(R) Rmlellx (R) 2000 Wiwomovdi Qaners Product Version : 5.00.2134.1
VirusTotal Report submitted 2012-05-05 15:29:57
VirusShare info last updated 2012-07-26 02:50:03

	MD5	4acfd2724a3e1c83e8439dc57d485a31
	SHA1	6eceee7063e278dba5bdb70c7ede52d625807ff8
	SHA256	3e280a97fcc515e9c4e261065a7d7ac017a6f825d9935febd827b934e37735b4
SSDeep	1536:E1iJEbW2g8Hjy6r42B4nc8LijHrlmRzDayNyNP5v9uQcBIItUPHpFr3:EZWAHLYLinloz5SvMXqItUP
Size	147456 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Graftor.173522 Avast = Win32:Diller-DK [Trj] Ikarus = Trojan.Win32.Webprefix AhnLab-V3 = Trojan/Win32.Vundo Panda = Trj/Genetic.gen K7AntiVirus = Riskware eTrust-Vet = Win32/Vundo.HUP!genus Emsisoft = Trojan.Win32.Webprefix!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Vundo!pa Microsoft = Trojan:Win32/Vundo.gen!CA Fortinet = W32/Ponmocup.AZ!tr McAfee = Vundo!pa F-Secure = Gen:Variant.Graftor.17350 VIPRE = Virtumonde F-Prot = W32/Agent.OG.gen!Eldorado AVG = Agent3.BJMH Norman = W32/Troj_Generic.AXKNO Sophos = Troj/Virtum-Gen GData = Gen:Variant.Graftor.17350 Commtouch = W32/Agent.OG.gen!Eldorado TheHacker = Trojan/Ponmocup.bd BitDefender = Gen:Variant.Graftor.17350 NOD32 = a variant of Win32/Ponmocup.BD
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:03:27 18:28:44-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 69632 Initialized Data Size : 77824 Uninitialized Data Size : 0 Entry Point : 0x16ef OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Event Create File Version : 5.1.2600.0 (xpclient.010817-1148) Internal Name : EventCreate.exe Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : EvCreate.exe Product Name : Microsoft® Windows® Operating System Product Version : 5.1.2600.0
VirusTotal Report submitted 2012-05-09 10:24:52
VirusShare info last updated 2012-07-26 02:54:04

	MD5	624cfc53ee3c52f896ea71c23452b105
	SHA1	2484485b066f8873e7914bd1fcfcf57b233a5232
	SHA256	0f3ae9f8fc4e12b8793e625272b1b435d88a8a5e9dfa7162166edf4765682138
SSDeep	3072:A20EFw8fBeN76O0AwqawOMMcc9xlFOSnlUcsRZIirXUV:A2BqEAwqapMLc9NsRZIqXU
Size	139264 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Graftor.17637 Avast = Win32:Diller-DC [Trj] Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Webprefix Emsisoft = Trojan.Win32.Webprefix!IK McAfee-GW-Edition = Artemis!624CFC53EE3C Fortinet = W32/Ponmocup.AZ!tr McAfee = Artemis!624CFC53EE3C F-Secure = Gen:Variant.Graftor.17637 VIPRE = Trojan.Win32.Generic!BT AVG = Agent3.BKLK Norman = W32/Suspicious_Gen4.AEKAF GData = Gen:Variant.Graftor.17637 TheHacker = Trojan/Ponmocup.bj BitDefender = Gen:Variant.Graftor.17637 NOD32 = a variant of Win32/Ponmocup.BJ
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2012:03:14 20:00:00-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 81920 Initialized Data Size : 57344 Uninitialized Data Size : 0 Entry Point : 0xb4ad OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-05-09 09:30:11
VirusShare info last updated 2012-07-26 02:54:46

	MD5	7ef1d1346941d4295f2bd74f4fa42c2f
	SHA1	191a0ee26d149f087f8b4ccbe7750f4a99d19790
	SHA256	97084554b76583d18151de69ef838effc2cd5f86223869364e18622411ee3471
SSDeep	1536:nMcJEbW2g8Hjy6r42B4nc8LijHrlmj0lYJ7csPp8BIItiPHpFr3:nMJWAHLYLinlK0lYJH8qItiP
Size	147456 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Graftor.173522 Avast = Win32:Diller-DK [Trj] Ikarus = Trojan.Win32.Webprefix AhnLab-V3 = Trojan/Win32.Vundo Panda = Trj/Genetic.gen K7AntiVirus = Riskware eTrust-Vet = Win32/Vundo.HUP!genus TrendMicro-HouseCall = TROJ_GEN.R1BCDDU Emsisoft = Trojan.Win32.Webprefix!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Artemis!7EF1D1346941 TrendMicro = TROJ_GEN.R1BCDDU Microsoft = Trojan:Win32/Vundo.gen!CA Fortinet = W32/Ponmocup.AZ!tr McAfee = Artemis!7EF1D1346941 F-Secure = Gen:Variant.Graftor.17350 VIPRE = Virtumonde F-Prot = W32/Agent.OG.gen!Eldorado AVG = Agent3.BJMH Norman = W32/Troj_Generic.BNBMY Sophos = Troj/Virtum-Gen GData = Gen:Variant.Graftor.17350 Commtouch = W32/Agent.OG.gen!Eldorado TheHacker = Trojan/Ponmocup.bd BitDefender = Gen:Variant.Graftor.17350 NOD32 = a variant of Win32/Ponmocup.BD
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:03:27 18:28:44-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 69632 Initialized Data Size : 77824 Uninitialized Data Size : 0 Entry Point : 0x16ef OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Event Create File Version : 5.1.2600.0 (xpclient.010817-1148) Internal Name : EventCreate.exe Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : EvCreate.exe Product Name : Microsoft® Windows® Operating System Product Version : 5.1.2600.0
VirusTotal Report submitted 2012-04-30 23:22:15
VirusShare info last updated 2012-07-26 02:55:43

	MD5	b60a57fe07e3c098903ef33d946d5604
	SHA1	c9f2c8bac1c14036e7f6fa624a68f68748765b97
	SHA256	5b99cc0c39d8b58e73aca6f6b6fdd39f9cc13cd0257a252621e4945d4abfe601
SSDeep	3072:gVwFmzt0FBZ/TpNFzxO8loZb5jtpqRkdV:gVPUBNTDaHF5B
Size	139264 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Graftor.24270 Avast = Win32:Diller-DK [Trj] Ikarus = Trojan.Win32.Webprefix K7AntiVirus = Riskware Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Webprefix!IK McAfee-GW-Edition = Artemis!B60A57FE07E3 Fortinet = W32/Ponmocup.AZ!tr PCTools = Trojan.Gen McAfee = Artemis!B60A57FE07E3 F-Secure = Gen:Variant.Graftor.24270 VIPRE = Trojan.Win32.Generic!BT AVG = Agent3.BNSX Norman = W32/Troj_Generic.BPKKG GData = Gen:Variant.Graftor.24270 Symantec = Trojan.Gen.2 BitDefender = Gen:Variant.Graftor.24270 NOD32 = a variant of Win32/Ponmocup.CB
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:01:21 01:37:25-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 77824 Initialized Data Size : 61440 Uninitialized Data Size : 0 Entry Point : 0xa26f OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 3.0.0.0 Product Version Number : 3.0.0.0 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Yeoelupsd File Description : RegWizExe File Version : 3, 0, 0, 1 Internal Name : RegWizExe Legal Copyright : Copyright © 1998 Original Filename : RegWiz.exe Product Name : RegWizExe Product Version : 3, 0, 0, 1
VirusTotal Report submitted 2012-05-05 15:29:41
VirusShare info last updated 2012-07-26 02:57:24

	MD5	dd3c05cb633fef59c15621959068ed4d
	SHA1	c7cc35a0e5df2b5c5c85889d75ddd8e8d631dbe9
	SHA256	da48f1808889f77e74deaa978b3615f4cf47cbde6106624488e1c47f53655287
SSDeep	1536:O6ksHH7BO9v2BrDQ8Li4NO23msMPYt3LYVi230+L1v/2m:Ohe7YYLin23nMwt3LYVig0+L1f
Size	122880 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Ponmocup.A Avast = Win32:Diller-AF [Trj] Ikarus = Trojan.Win32.Webprefix Emsisoft = Trojan.Win32.Webprefix!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Artemis!DD3C05CB633F McAfee = Artemis!DD3C05CB633F F-Secure = Gen:Variant.Barys.972 VIPRE = Trojan.Win32.Generic!BT AVG = Agent3.BNDM GData = Gen:Variant.Barys.972 BitDefender = Gen:Variant.Barys.972 NOD32 = a variant of Win32/Ponmocup.BZ
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2012:04:15 20:00:00-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 73728 Initialized Data Size : 49152 Uninitialized Data Size : 0 Entry Point : 0x1be5 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-05-06 00:19:52
VirusShare info last updated 2012-07-26 02:58:23

	MD5	e6c5290c63f1c78a1363eeb721356eaa
	SHA1	114e7fdcf2b537524277df5a849162c501e58e3b
	SHA256	83c40a69627cac2aff85e419214b4e5f0cc50ddc629c54365d8630ce369ef663
SSDeep	3072:gVwFLzNH0FBZ/TpNdzxO8lMImGWS1PWCdV:gV6HUBNTDyWmGZP
Size	139264 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	Avast = Win32:Diller-DK [Trj] Ikarus = Trojan.Win32.Webprefix nProtect = Trojan.Generic.KDV.607702 K7AntiVirus = Riskware Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Webprefix!IK McAfee-GW-Edition = Generic Packed Fortinet = W32/Ponmocup.AZ!tr McAfee = Generic Packed F-Secure = Trojan.Generic.KDV.607702 VIPRE = Trojan.Win32.Generic!BT AVG = Agent3.BNSX GData = Trojan.Generic.KDV.607702 BitDefender = Trojan.Generic.KDV.607702 NOD32 = a variant of Win32/Ponmocup.CB
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:01:21 01:37:25-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 77824 Initialized Data Size : 61440 Uninitialized Data Size : 0 Entry Point : 0xa26f OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 3.0.0.0 Product Version Number : 3.0.0.0 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Yeoelupsd File Description : RegWizExe File Version : 3, 0, 0, 1 Internal Name : RegWizExe Legal Copyright : Copyright © 1998 Original Filename : RegWiz.exe Product Name : RegWizExe Product Version : 3, 0, 0, 1
VirusTotal Report submitted 2012-05-03 07:06:13
VirusShare info last updated 2012-07-26 02:58:41

	MD5	0277b5610e0cc04a639e49026b40ad17
	SHA1	895a4be935cd16bd2aa1065b6814563842947403
	SHA256	b8eb921e70e2c9f5c88fe80143b99e6400054406f9dce2d53e820c669b043595
SSDeep	6144:sIX2D9oMCdXWAN4WQ8DMXpHuUI7T7Gxl:5X2DGM+NtVMXpOz7Ta
Size	215552 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.XPACK.Gen Avast = Win32:Dropper-HIM [Drp] Ikarus = Trojan.Win32.Jorik AhnLab-V3 = Trojan/Win32.Jorik Panda = Trj/Sinowal.WXO nProtect = Trojan/W32.Agent.215552.EA VBA32 = Trojan.Jorik.Pirminay.ba TrendMicro-HouseCall = TROJ_GEN.R4FC1IE Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Jorik!IK CAT-QuickHeal = Trojan.Jorik.Pirminay.ba McAfee-GW-Edition = Generic Downloader.x!gba DrWeb = Trojan.DownLoader4.13033 TrendMicro = TROJ_GEN.R4FC1IE Kaspersky = Trojan.Win32.Jorik.Pirminay.ba Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Jorik_Pirminay.BA!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.hxys McAfee = Generic Downloader.x!gba F-Secure = Trojan.Generic.KDV.292494 VIPRE = Trojan.Win32.Generic!BT AVG = Dropper.Generic4.KBS Norman = W32/Kryptik.ALS Sophos = Mal/Generic-L Symantec = Trojan.Gen GData = Trojan.Generic.KDV.292494 TheHacker = Trojan/Jorik.Pirminay.ba BitDefender = Trojan.Generic.KDV.292494 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 16384 Initialized Data Size : 204800 Uninitialized Data Size : 0 Entry Point : 0x136e OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.6.6001.18000 Product Version Number : 6.6.6001.18000 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : DMO Runtime File Version : 6.6.6001.18000 (longhorn_rtm.080118-1840) Internal Name : msdmo.dll Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : msdmo.dll Product Name : Microsoft® Windows® Operating System Product Version : 6.6.6001.18000 Ole Self Register :
VirusTotal Report submitted 2012-05-06 17:37:27
VirusShare info last updated 2012-07-26 03:00:24

	MD5	490638f885b02a5cdcfa0f4fd449db79
	SHA1	2247effae2909acea5bff14165d915fab6995174
	SHA256	562f022aa4f3a4cbcc975031d2b1058256928affcefd4689a926fca6cffde1cd
SSDeep	6144:dhMth6C72NCbNVHVE5vfDGzFCa+Wmy4JbP60wmuu+1K2CNrb1OqVNKz02BX:dh/CoCXVEJuFC4myAP60LusP1dww
Size	323584 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Ponmocup.A Avast = Win32:Diller-AF [Trj] Ikarus = Trojan.Win32.Agent Panda = Trj/CI.A K7AntiVirus = Riskware Emsisoft = Trojan.Win32.Agent!IK Comodo = UnclassifiedMalware CAT-QuickHeal = (Suspicious) - DNAScan DrWeb = Trojan.DownLoader6.2002 PCTools = Trojan.Gen McAfee = Artemis!490638F885B0 F-Secure = Gen:Variant.Kazy.53209 Norman = W32/Suspicious_Gen4.ADSSJ GData = Gen:Variant.Kazy.53209 Symantec = Trojan.Gen BitDefender = Gen:Variant.Kazy.53209
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2011:01:27 05:43:15-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 49152 Initialized Data Size : 270336 Uninitialized Data Size : 0 Entry Point : 0x65d9 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-05-05 01:26:11
VirusShare info last updated 2012-07-26 03:10:55

	MD5	689ae93e02eb45e053f00af6f664caf4
	SHA1	cb62e1b47398f9456b0455b9c956337bc1528886
	SHA256	417957ecd301fd0336607a1db3b11e9d29ec1ba3db091a8890b99f1cde87f9ea
SSDeep	1536:H7bqHa2yt8y2J/JbQDwLYVw2t5r6f85iWaYB9FKMCD2TfMapWHakmCClco:4aP8y2Jw6YLrBiQKD2Mac6BlF
Size	89088 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.ZPACK.Gen2 Avast = Win32:Diller-DK [Trj] Ikarus = Trojan.Win32.Webprefix AhnLab-V3 = Trojan/Win32.Diller Panda = Generic Malware K7AntiVirus = Riskware Emsisoft = Trojan.Win32.Webprefix!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Generic.dx!b2ck Fortinet = W32/Ponmocup.AZ!tr McAfee = Generic.dx!b2ck F-Secure = Gen:Variant.Barys.738 VIPRE = Trojan.Win32.Generic!BT AVG = Agent3.BJUK Norman = W32/Troj_Generic.BLAIW GData = Gen:Variant.Barys.738 Symantec = WS.Reputation.1 BitDefender = Gen:Variant.Barys.738 NOD32 = a variant of Win32/Ponmocup.BF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2012:03:04 19:00:00-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 45056 Initialized Data Size : 49152 Uninitialized Data Size : 0 Entry Point : 0x25a9 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-04-28 17:45:53
VirusShare info last updated 2012-07-26 03:13:48

	MD5	80d85ec657237cdbb6292f28426c32b6
	SHA1	9f88fe8287ead229b89d57d436c61aa851bac14c
	SHA256	a9f024351ed14f2a510710e9f41a29622aef7d3d078309ee70aa49f7a95b8a55
SSDeep	3072:qVLLjawG9dh7Ht6972HY9bemkvwxey06SZ0x4MhSgtWz5QPtbREChCTaeLdlw7:q1LjaFpHG7QYReh+LhSgUitbRhCe9
Size	211500 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:Downloader-IRS [Trj] Antiy-AVL = Trojan/Win32.Jorik Ikarus = Trojan.Win32.Jorik AhnLab-V3 = Trojan/Win32.Jorik Panda = Suspicious file nProtect = Trojan.Generic.6315415 K7AntiVirus = Trojan TrendMicro-HouseCall = TROJ_RENOS.BMC Emsisoft = Trojan.Win32.Jorik!IK McAfee-GW-Edition = Generic.evx!u DrWeb = Trojan.DownLoader6.5029 TrendMicro = TROJ_RENOS.BMC Kaspersky = Trojan.Win32.Jorik.Pirminay.bey Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Evx.U!tr PCTools = Trojan.ADH Jiangmin = Trojan/Generic.hxys McAfee = Generic.evx!u F-Secure = Trojan.Generic.6315415 VIPRE = Trojan.Win32.Generic!BT AVG = Dropper.Generic4.MXQ Norman = W32/Kryptik.ALS GData = Trojan.Generic.6315415 Symantec = Trojan.ADH.2 TheHacker = Trojan/Jorik.Pirminay.bdb BitDefender = Trojan.Generic.6315415 NOD32 = a variant of Win32/Kryptik.UFA
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 16384 Initialized Data Size : 200704 Uninitialized Data Size : 0 Entry Point : 0x134e OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.3.3790.3959 Product Version Number : 5.3.3790.3959 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Unknown File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Txlxtvvyw Fbgwyodatnz File Description : Microsoft DirectPlay Helper File Version : 5.3.3790.3959 (srv03_sp2_rtm.070216-1710) Internal Name : dplaysvr.exe Legal Copyright : © Yutcmwlac Ogsklohcjcf. All rights reserved. Original Filename : dplaysvr.exe Product Name : Ujcywwqxj(R) Pcznege(R) Fldmessil Jltztf Product Version : 5.3.3790.3959
VirusTotal Report submitted 2012-05-02 17:59:49
VirusShare info last updated 2012-07-26 03:16:11

	MD5	a456185d2db6369be9a195c12f1bd4a2
	SHA1	1f458d7a812190988efc970f0fc6a5dc214ff236
	SHA256	f233dc1b7b28a2a5b5efd4ff83501c69266f4e01a637f2c8e030c2d07dfd67d0
SSDeep	1536:/G/PeW6oi4sy3s42B6p68LijJjTm1n84/LeDqpbovPsePFl7BFItjPHpUK3:e8AzJLihT284/aDiYPl9VfItjP
Size	147456 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Graftor.173521 Avast = Win32:Diller-DK [Trj] Ikarus = Trojan.Win32.Webprefix AhnLab-V3 = Trojan/Win32.Vundo Panda = Trj/Genetic.gen K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_GEN.R1BCDED Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Webprefix!IK CAT-QuickHeal = Trojan.Vundo McAfee-GW-Edition = Vundo!pk TrendMicro = TROJ_GEN.R1BCDED Microsoft = Trojan:Win32/Vundo.gen!CA Fortinet = W32/Ponmocup.AZ!tr TotalDefense = Win32/Vundo.HUP!genus McAfee = Vundo!pk F-Secure = Gen:Variant.Graftor.17350 VIPRE = Virtumonde eSafe = Win32.TRGraftor F-Prot = W32/Agent.OG.gen!Eldorado AVG = Agent3.BJSG Norman = W32/Troj_Generic.BPTZX Sophos = Troj/Virtum-Gen GData = Gen:Variant.Graftor.17350 Symantec = WS.Reputation.1 Commtouch = W32/Agent.OG.gen!Eldorado TheHacker = Trojan/Ponmocup.bd BitDefender = Gen:Variant.Graftor.17350 NOD32 = a variant of Win32/Ponmocup.BD
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:03:27 18:28:44-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 69632 Initialized Data Size : 77824 Uninitialized Data Size : 0 Entry Point : 0x16ed OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Event Create File Version : 5.1.2600.0 (xpclient.010817-1148) Internal Name : EventCreate.exe Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : EvCreate.exe Product Name : Microsoft® Windows® Operating System Product Version : 5.1.2600.0
VirusTotal Report submitted 2012-05-19 12:02:37
VirusShare info last updated 2012-07-26 03:19:32

	MD5	b0fe1262dd0887c847c7d8cad7895e75
	SHA1	7453fd2b2f87c2b29b64b506a04472cc51062736
	SHA256	bc4ff34fba98267d30bb1bc99abfc0da969c171936ae66dc6d8df5198a79e215
SSDeep	3072:PuV5pv8kQLcMbeTEWKxGvkMc4/UZkl0HOoCZqoUc6t8D1C:P/cMbegWKxtMc48Z7HOoCZqoYtCC
Size	163840 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Ponmocup.A Avast = Win32:Diller-AF [Trj] Antiy-AVL = AdWare/Win32.SuperJuan Ikarus = Win32.SuspectCrc Panda = Suspicious file K7AntiVirus = Riskware VirusBuster = Adware.SuperJuan!RCygH/8pcS0 eTrust-Vet = Win32/Vundo.HTW!genus TrendMicro-HouseCall = TROJ_VUNDO.SMEO8 Emsisoft = Win32.SuspectCrc!IK Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Ponmocup McAfee-GW-Edition = Generic PUP.z!ms DrWeb = Trojan.Juan.877 TrendMicro = TROJ_VUNDO.SMEO8 Kaspersky = not-a-virus:AdWare.Win32.SuperJuan.aiqm Microsoft = Trojan:Win32/Vundo.gen!CA Fortinet = W32/Ponmocup.AZ!tr PCTools = Trojan.Gen Jiangmin = Adware/SuperJuan.auo McAfee = Generic PUP.z!ms F-Secure = Gen:Variant.Barys.569 VIPRE = Virtumonde F-Prot = W32/Agent.ON.gen!Eldorado AVG = Generic26.BOMO Norman = W32/Troj_Generic.ANTWM GData = Gen:Variant.Barys.569 Symantec = Trojan.Gen.2 Commtouch = W32/Agent.ON.gen!Eldorado TheHacker = Trojan/Ponmocup.aa BitDefender = Gen:Variant.Barys.569 NOD32 = Win32/Ponmocup.AA
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 8.0 Code Size : 102400 Initialized Data Size : 57344 Uninitialized Data Size : 0 Entry Point : 0x103cd OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-05-11 15:31:32
VirusShare info last updated 2012-07-26 03:20:34

	MD5	ba4d4f3b5b32b2cc71c0473333468bfb
	SHA1	f590e6bb727a4a897dcd8f8cb62d4ec1dbcb3dfc
	SHA256	32f1febd9bb717f4bcddd031701e116a1ab60f0c3dff8ba898c969519e617598
SSDeep	1536:RoMM6UCjEm0Gs60BIZGOMyORKG2aY3SEgXRGXdnckFDcw2TaS89VI615:RoXC5s6YI5MyO83SUncODc9TSI
Size	102912 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.ZPACK.Gen2 Avast = Win32:Diller-DK [Trj] Ikarus = Trojan.Win32.Webprefix AhnLab-V3 = Trojan/Win32.Diller Emsisoft = Trojan.Win32.Webprefix!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Artemis!BA4D4F3B5B32 Fortinet = W32/Ponmocup.AZ!tr McAfee = Artemis!BA4D4F3B5B32 F-Secure = Gen:Variant.Graftor.19650 VIPRE = Trojan.Win32.Generic!BT eSafe = Win32.TRCrypt.ZPACK AVG = Agent3.BKWD Norman = W32/Suspicious_Gen4.AEEDR GData = Gen:Variant.Graftor.19650 BitDefender = Gen:Variant.Graftor.19650 NOD32 = a variant of Win32/Ponmocup.BN
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2012:03:22 20:00:00-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 57344 Initialized Data Size : 49152 Uninitialized Data Size : 0 Entry Point : 0x5309 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-05-07 03:43:54
VirusShare info last updated 2012-07-26 03:21:24

	MD5	cbaef102b32f0d794ceded05ee496351
	SHA1	24a392e780cd5696fdb06f93f62135a004b857c4
	SHA256	a526f375b92c8e95cde9615add42ac3b7fca51a40f453d0e04e7b7ddb0314017
SSDeep	3072:gVwFHzu0FBZ/TpNOzxO8lIZb5jtpqR0dV:gV/UBNTDVzF5B
Size	139264 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Barys.1667.5 Avast = Win32:Diller-DK [Trj] Ikarus = Trojan.Win32.Webprefix K7AntiVirus = Riskware Emsisoft = Trojan.Win32.Webprefix!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Artemis!CBAEF102B32F Fortinet = W32/Ponmocup.AZ!tr PCTools = Trojan.Gen McAfee = Artemis!CBAEF102B32F F-Secure = Gen:Variant.Barys.1667 VIPRE = Trojan.Win32.Generic!BT AVG = Agent3.BNSX Norman = W32/Troj_Generic.BPKVD Symantec = Trojan.Gen.2 GData = Gen:Variant.Barys.1667 BitDefender = Gen:Variant.Barys.1667 NOD32 = a variant of Win32/Ponmocup.CB
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:01:21 01:37:25-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 77824 Initialized Data Size : 61440 Uninitialized Data Size : 0 Entry Point : 0xa26f OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 3.0.0.0 Product Version Number : 3.0.0.0 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Yeoelupsd File Description : RegWizExe File Version : 3, 0, 0, 1 Internal Name : RegWizExe Legal Copyright : Copyright © 1998 Original Filename : RegWiz.exe Product Name : RegWizExe Product Version : 3, 0, 0, 1
VirusTotal Report submitted 2012-05-05 15:29:49
VirusShare info last updated 2012-07-26 03:22:51

	MD5	0f80a6fad4732b181fe0b8eabc53cf54
	SHA1	da5b70163147e2e553b0fb4ef4e99aa9fd61d939
	SHA256	3831df27e77fc96522d58f007c204b0f7a204b02c92b7a8bbbf7538cd91a0a62
SSDeep	1536:0rdEgOsXwaUadT24Phx+ZPWeHo9sViF18uZjkUkDg+MkN8lulyOANYq6ShMl3qot:oeEwcxJefViUu+Mq88lWBQ6afF1
Size	143360 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	Avast = Win32:Diller-DK [Trj] Ikarus = Win32.Diller Panda = Suspicious file K7AntiVirus = Riskware Emsisoft = Win32.Diller!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Artemis!0F80A6FAD473 Fortinet = W32/Ponmocup.AZ!tr PCTools = Trojan.Gen McAfee = Artemis!0F80A6FAD473 F-Secure = Gen:Variant.Graftor.26543 VIPRE = Trojan.Win32.Generic!BT AVG = Agent3.BPTO GData = Gen:Variant.Graftor.26543 Symantec = Trojan.Gen.2 BitDefender = Gen:Variant.Graftor.26543 NOD32 = a variant of Win32/Ponmocup.CN
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2007:12:09 11:43:34-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 73728 Initialized Data Size : 69632 Uninitialized Data Size : 0 Entry Point : 0x91dd OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.0.0.3422 Product Version Number : 2.0.0.3422 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : Chinese (Simplified) Character Set : Unicode Comments : Company Name : Vphwneqrk Susteztwucd File Description : Qxhzddoia Agent International Dll File Version : 2.00.0.3422 Internal Name : agt0804 Legal Copyright : Copyright (C) Qtuzfzodq Corp. 1998 Legal Trademarks : Original Filename : agt0804.dll Private Build : Product Name : Ijnqtzvar Agent International Dll Product Version : 2.00.0.3422 Special Build :
VirusTotal Report submitted 2012-05-30 08:06:09
VirusShare info last updated 2012-07-26 03:32:19

	MD5	14de7c77777d1c6b45306100c54a0963
	SHA1	16722ced4549821308b93a1e16889d28580cd0fd
	SHA256	e95e9f967ca9a694dd7dfb10a6cb7aa209ef6e20be749b10ed1677bd15dc8ecf
SSDeep	3072:Lb/KxOZbx+9hpva68XBK/nL/4BludZLBnOH:Lb/Ksb89hpS68RUL/vdVBW
Size	143360 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.ZPACK.Gen2 Avast = Win32:Diller-DK [Trj] Ikarus = Win32.Diller Panda = Generic Trojan Emsisoft = Win32.Diller!IK Microsoft = Trojan:Win32/Vundo.gen!CB Fortinet = W32/Ponmocup.AZ!tr McAfee = Artemis!14DE7C77777D F-Secure = Gen:Variant.Graftor.20394 VIPRE = Virtumonde AVG = Generic27.CAVQ Norman = W32/Troj_Generic.BUNXQ Sophos = Troj/Virtum-Gen GData = Gen:Variant.Graftor.20394 TheHacker = Trojan/Ponmocup.bw BitDefender = Gen:Variant.Graftor.20394 NOD32 = a variant of Win32/Ponmocup.BW
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2012:04:05 20:00:00-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 86016 Initialized Data Size : 53248 Uninitialized Data Size : 0 Entry Point : 0xc831 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-05-18 03:41:16
VirusShare info last updated 2012-07-26 03:33:04

	MD5	1e2293fd186a36611358fa70d0e77a93
	SHA1	d3a516bb13570c5e8ed0d36462ff5772af6db25c
	SHA256	22de01c0bc0d4346ef7c5009d83f1d75f8376342986c3424ed3e75642c7fc3e0
SSDeep	1536:Ztc9Ha+y58M+JbhDQDwbYlwO1aWFRPT+mMPTh0Tw1u0/hHakzdlR:4aT8M+JkyYzFRpRWh6ulR
Size	89088 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Graftor.17528.7 Avast = Win32:Diller-DK [Trj] Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Webprefix AhnLab-V3 = Trojan/Win32.Diller Panda = Trj/CI.A K7AntiVirus = Riskware VirusBuster = Trojan.Ponmocup!ZxaV6mtBS4w Emsisoft = Trojan.Win32.Webprefix!IK Comodo = UnclassifiedMalware Kaspersky = Trojan.Win32.Genome.afdkh Microsoft = Trojan:Win32/Vundo.gen!CB Fortinet = W32/Ponmocup.AZ!tr McAfee = Artemis!1E2293FD186A F-Secure = Gen:Variant.Barys.2146 VIPRE = Trojan.Win32.Generic!BT AVG = Agent3.BJXK Norman = W32/Suspicious_Gen4.WFUD GData = Gen:Variant.Barys.2146 Symantec = WS.Reputation.1 BitDefender = Gen:Variant.Barys.2146 NOD32 = a variant of Win32/Ponmocup.BF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2012:03:07 19:00:00-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 45056 Initialized Data Size : 49152 Uninitialized Data Size : 0 Entry Point : 0x25ad OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-05-15 19:05:53
VirusShare info last updated 2012-07-26 03:34:21

	MD5	39c891086f0dbc9a79bf01aa28a488c3
	SHA1	af1950d6800a7a984d84311c6c8ad00c206b9448
	SHA256	1f64aad2ffaceb402d43393a55f17d3577cd90942d1c8c1aadf8187f9f593c70
SSDeep	3072:XBGM8cmrYaCCTcoiz8Yat7PsPHrUyGPwrrlFOcB:XBGM8J0ic9z8Yk7kAyfPZB
Size	147456 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Diller.A.3 Avast = Win32:Diller-DK [Trj] Ikarus = Trojan.Win32.Webprefix Panda = Suspicious file K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_GEN.R29C7EH Emsisoft = Trojan.Win32.Webprefix!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Vundo!pn TrendMicro = TROJ_GEN.R29C7EH Microsoft = Trojan:Win32/Vundo.gen!CB Fortinet = W32/Ponmocup.AZ!tr McAfee = Vundo!pn F-Secure = Gen:Variant.Barys.738 VIPRE = Trojan.Win32.Generic!BT eSafe = Win32.TRDiller.A AVG = Agent3.BLOB Norman = W32/Suspicious_Gen4.AFDME Sophos = Troj/Virtum-Gen GData = Gen:Variant.Barys.738 BitDefender = Gen:Variant.Barys.738 NOD32 = a variant of Win32/Ponmocup.BT
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2012:04:01 20:00:00-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 90112 Initialized Data Size : 53248 Uninitialized Data Size : 0 Entry Point : 0xd38d OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-05-22 05:49:04
VirusShare info last updated 2012-07-26 03:36:45

	MD5	3a0b7e57b55f4ff8c4cf2b379c258b13
	SHA1	86631e7f69a96a1e316984c9f77c732af4f6a68d
	SHA256	f0025a4a108d01953ece6bc09308f5274fe3652a63209ea8969890e20a2417ca
SSDeep	1536:uG/3iqx5Nha+VQYgAfdkGW9b3UFeyE62u0BK/L6/wkzHcD9HLM0PHIqqV9B6:RKqbieQKf/W9bkEWpLEwu8D9QQHsM
Size	102400 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.ZPACK.Gen2 Avast = Win32:Diller-DK [Trj] Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan-Downloader.Agent K7AntiVirus = Riskware Comodo = UnclassifiedMalware Emsisoft = Trojan-Downloader.Agent!IK McAfee-GW-Edition = Artemis!3A0B7E57B55F Microsoft = Trojan:Win32/Vundo.gen!CB Fortinet = W32/Ponmocup.AZ!tr McAfee = Artemis!3A0B7E57B55F F-Secure = Gen:Variant.Graftor.15300 VIPRE = Virtumonde AVG = Downloader.Agent2.AZHV Norman = W32/Troj_Generic.BWFLB Sophos = Troj/Virtum-Gen GData = Gen:Variant.Graftor.15300 TheHacker = Trojan/Ponmocup.ao BitDefender = Gen:Variant.Graftor.15300 NOD32 = Win32/Ponmocup.AO
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:08 05:47:15-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 57344 Initialized Data Size : 53248 Uninitialized Data Size : 0 Entry Point : 0x5071 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-05-23 00:43:15
VirusShare info last updated 2012-07-26 03:36:46

	MD5	47e21a5ee1930902eb73843d182911c0
	SHA1	0ea8820f4b7ba86b1ce355fface2fb2ca6d9970e
	SHA256	af64534ce4ab2766d73227bdc3729ab299dfa110b5cc73d6ab51201aaf085f20
SSDeep	6144:wvIcJzj2PbZPUL4p04u+rl9r8DvCXVY9QRACk:wv1BOPULeHYqRF
Size	236032 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.XPACK.Gen Avast = Win32:Crypt-KPK [Trj] Antiy-AVL = Trojan/Win32.Jorik Ikarus = Trojan.Win32.Jorik AhnLab-V3 = Trojan/Win32.Jorik K7AntiVirus = Trojan VirusBuster = Trojan.Kryptik!JXsMegD8+48 VBA32 = Trojan.Jorik.Pirminay.ajz TrendMicro-HouseCall = TROJ_GEN.R11C7K9 Emsisoft = Trojan.Win32.Jorik!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Heuristic.LooksLike.Suspicious.B DrWeb = Trojan.Fakealert.25675 TrendMicro = TROJ_GEN.R11C7K9 Kaspersky = Trojan.Win32.Jorik.Pirminay.amo Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Jorik_Pirminay.A!tr PCTools = Trojan.Gen Jiangmin = Trojan/Jorik.teo McAfee = Generic Malware.ms F-Secure = Gen:Variant.Graftor.1488 VIPRE = Trojan.Win32.Generic!BT AVG = Generic25.ADAE Norman = W32/Obfuscated.L GData = Gen:Variant.Graftor.1488 Symantec = Trojan.Gen TheHacker = Trojan/Kryptik.tyo BitDefender = Gen:Variant.Graftor.1488 NOD32 = a variant of Win32/Kryptik.TYO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 28672 Initialized Data Size : 217088 Uninitialized Data Size : 0 Entry Point : 0x153b OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.1830 Product Version Number : 5.2.3790.1830 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Ajvmqifkw Yyeaqzcwilw File Description : Remote Access AutoDial Helper File Version : 5.2.3790.1830 (srv03_sp1_rtm.050324-1447) Internal Name : rasadhlp.dll Legal Copyright : © Hltjautja Itynznljjua. All rights reserved. Original Filename : rasadhlp.dll Product Name : Ayopfgudl® Brgdfxt® Wtiguqxpk Zbrlhr Product Version : 5.2.3790.1830
VirusTotal Report submitted 2012-05-24 15:36:45
VirusShare info last updated 2012-07-26 03:37:54

	MD5	617757d5f45ccfc5058588d6ecfa8841
	SHA1	34e4ed53f4b72d38a2227d8a8212dfc4977f233f
	SHA256	2607379cd4d256d88ae6037108b3bab53ac9683ab4504218ecd3f73af7c6f0c7
SSDeep	3072:nVSI/l5fiEez9juZ/DJM8G9ti0tsHkmp1LLmk8MkwNf4w3dhOFytlNTvGpVGlrC:nMUt5Z/GJ+BEmp1bDf4wcmNTw3
Size	210364 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Jorik AhnLab-V3 = Trojan/Win32.Jorik Panda = Trj/CI.A nProtect = Trojan.Generic.6386964 K7AntiVirus = Riskware VirusBuster = Trojan.Injector!Knt+Q9reJ6I VBA32 = Trojan.Jorik.Pirminay.bu TrendMicro-HouseCall = TROJ_GEN.R47CCET Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Jorik!IK CAT-QuickHeal = TrojanDownloader.Ponmocup McAfee-GW-Edition = Heuristic.LooksLike.Win32.Suspicious.B DrWeb = Trojan.DownLoader4.28021 ByteHero = Trojan.Win32.Heur.Gen TrendMicro = TROJ_GEN.R47CCET Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Jorik.K!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.hxys McAfee = Downloader.a!or ClamAV = Trojan.Agent-264053 F-Secure = Trojan.Generic.6386964 VIPRE = Trojan.Win32.Generic!BT eSafe = Win32.TRDropper AVG = Dropper.Generic4.SXS Norman = W32/Kryptik.ALS GData = Trojan.Generic.6386964 Symantec = Trojan.Gen TheHacker = Trojan/Injector.hzu BitDefender = Trojan.Generic.6386964 NOD32 = a variant of Win32/Kryptik.UFA
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 16384 Initialized Data Size : 200704 Uninitialized Data Size : 0 Entry Point : 0x137e OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.0.0.74 Product Version Number : 5.0.0.74 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Created by VIONA Development Company Name : RAVISENT Technologies Inc. File Description : CineMaster C WDM DVD Minidriver File Version : 5.0.00.0074 Internal Name : VDMINDVD.SYS Legal Copyright : Copyright 1999 RAVISENT Technologies Inc. Original Filename : VDMINDVD.SYS Product Name : CineMaster C WDM Product Version : 5.0.00.0074
VirusTotal Report submitted 2012-06-13 22:47:21
VirusShare info last updated 2012-07-26 03:39:47

	MD5	a26c2c76e6a49f537c35b59238fd17ad
	SHA1	c79da5ac5f968c2456bb0dfce57036112cf0cd06
	SHA256	166006c5e6e82cd6168685b59350ca10e34b73c75c72e61c8d104026b68b444e
SSDeep	6144:9JIWt9LFdDZ+SlUDNkZqOHPXi7cpyfAJhCSAEhMx96:9JPDVlSKfy7ccJSAo
Size	344024 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dldr.Ponmocup.A.271 Avast = Win32:Kryptik-CSZ [Trj] Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan-Downloader.Win32.Ponmocup AhnLab-V3 = Packed/Win32.Generic K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_RENOS.BMC Comodo = UnclassifiedMalware Emsisoft = Trojan-Downloader.Win32.Ponmocup!IK McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.WinSpy.1014 TrendMicro = TROJ_RENOS.BMC Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Kryptik.ANL!tr PCTools = HeurEngine.MaliciousPacker Jiangmin = Trojan/Generic.gnfz McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.11 VIPRE = Trojan.Win32.Generic!BT AVG = Generic22.BKGR Norman = W32/Troj_Generic.BXGZW GData = Gen:Variant.Vundo.11 Symantec = Packed.Generic.305 BitDefender = Gen:Variant.Vundo.11 NOD32 = a variant of Win32/Kryptik.NHM
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:07:30 20:23:39-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 20480 Initialized Data Size : 638976 Uninitialized Data Size : 0 Entry Point : 0x5d10 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Pkrztsxhl Knglhhciria File Description : Czjwleo Media Video DSP Components - Advanced File Version : 6.1.7600.16385 Internal Name : wmvdspa.dll Legal Copyright : © Microsoft Fhvrrgehbkj. All rights reserved. Original Filename : wmvdspa.dll Product Name : Rguyxgutn® Ttgcdzy® Zrtivzyig Txwmey Product Version : 6.1.7600.16385
VirusTotal Report submitted 2012-06-06 08:47:42
VirusShare info last updated 2012-07-26 03:45:32

	MD5	cf5576f5b158ae8c70c2955c1296e819
	SHA1	73537bf683871bd16584d74d661db003b1910a16
	SHA256	7861244cdebce596b70daa865ab737e38e5028f56ed3fb73b568213a9eae1d43
SSDeep	1536:hCpmxjrSzRALnh1S2DmH/47aw6UDYF+zE2HPCE:hVuym2DYc62YUzNHPCE
Size	62464 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Virtumonde.bfjda Avast = Win32:Trojan-gen Antiy-AVL = Trojan/Win32.Virtumonde.gen Ikarus = Trojan.Win32.Virtumonde AhnLab-V3 = Trojan/Win32.Virtumonde Rising = Trojan.Win32.Ponmocup.a nProtect = Trojan/W32.Virtumonde.62464.B K7AntiVirus = Riskware VirusBuster = Trojan.Virtumonde!nq+Mn9LbceM TrendMicro-HouseCall = TROJ_VIRTUMONDE_000019d.TOMA Comodo = TrojWare.Win32.Ponmocup.aa Emsisoft = Trojan.Win32.Virtumonde!IK CAT-QuickHeal = Trojan.Vundo.O5 McAfee-GW-Edition = Artemis!CF5576F5B158 DrWeb = Trojan.DownLoader5.53364 TrendMicro = HT_VIRTUMONDE_000019d.TOMA Kaspersky = Trojan.Win32.Virtumonde.bfjd Microsoft = Trojan:Win32/Vundo.OT ViRobot = Trojan.Win32.A.Virtumonde.62464.C Fortinet = W32/Kryptik.UER!tr TotalDefense = Win32/Vundo.HTC Jiangmin = Trojan/Virtumonde.akp McAfee = Artemis!CF5576F5B158 F-Secure = Gen:Variant.Graftor.3649 VIPRE = Trojan.Win32.Encpk.acf (v) eSafe = Win32.TRVirtumonde.B F-Prot = W32/Virtumonde.CS.gen!Eldorado AVG = Generic25.BZSB Norman = W32/Vundo.UWC Sophos = Mal/EncPk-ACF GData = Gen:Variant.Graftor.3649 Commtouch = W32/Virtumonde.CS.gen!Eldorado TheHacker = Trojan/Ponmocup.aa BitDefender = Gen:Variant.Graftor.3649 NOD32 = Win32/Ponmocup.AA
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:11:30 05:54:55-05:00 PE Type : PE32 Linker Version : 5.12 Code Size : 20480 Initialized Data Size : 49152 Uninitialized Data Size : 0 Entry Point : 0x141a OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2002.10.4.0 Product Version Number : 2002.10.4.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Feenwiu registration Company Name : Bnmhjwpqm Corporation File Description : OffFilt File Version : 2002, 10, 04, 0 Internal Name : OffFilt Legal Copyright : Copyright © 2002 Iyzxroawh Dwjnukubggd Legal Trademarks : Original Filename : OffFilt.dll Private Build : Product Name : Okspwgbbh Office IFilter Product Version : 2002, 10, 04, 0 Special Build :
VirusTotal Report submitted 2012-06-05 22:13:50
VirusShare info last updated 2012-07-26 03:49:24

	MD5	da85184cff75b3fa3a115246bb4b346e
	SHA1	9ed7c366890f4b6ddd740d8b70bf3760694154ff
	SHA256	ddd16140a30b826e1117dd7fb08214fa0b10bd027b33a9ed3467c43f0cd75648
SSDeep	6144:455IJzJznrggsdgz1Jo5H9PnNUxBqczZcuhBzQYvYPuvK01:4HI1dS8Jw9/axhNPBz1QPmKo
Size	294411 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Pirminay.bhf Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/Agent.OLO nProtect = Trojan.Generic.5382285 K7AntiVirus = Riskware VBA32 = SScope.Trojan.Pirminay.chc TrendMicro-HouseCall = TROJ_GEN.R4FH1IN Emsisoft = Trojan.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = TrojanDownloader.Renos McAfee-GW-Edition = Kryp.b DrWeb = Trojan.MulDrop1.59103 Microsoft = TrojanDownloader:Win32/Renos.KC Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.gs McAfee = Kryp.b ClamAV = Trojan.Agent-183385 F-Secure = Trojan.Generic.5382285 VIPRE = Trojan.Win32.Generic!BT AVG = Downloader.Generic10.BOLE Norman = W32/Kryptik.AIF Sophos = Mal/Ponmocup-A Symantec = Trojan.Gen TheHacker = Trojan/Pirminay.bhf BitDefender = Trojan.Generic.5382285 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:04:01 19:14:40-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 24064 Initialized Data Size : 531968 Uninitialized Data Size : 0 Entry Point : 0x69a6 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2001.12.4414.42 Product Version Number : 3.0.0.4414 File Flags Mask : 0x003f File Flags : Special build File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Windows, Latin1 Company Name : Microsoft Corporation File Version : 2001.12.4414.42 Internal Name : COMADDIN.DLL Legal Copyright : Copyright (C) Microsoft Corp. 1995-1999 Legal Trademarks : Microsoft(R) is a registered trademark of Microsoft Corporation. Windows(TM) is a trademark of Microsoft Corporation Product Name : COM Services Product Version : 03.00.00.4414
VirusTotal Report submitted 2012-06-05 17:35:31
VirusShare info last updated 2012-07-26 03:50:23

	MD5	e3794d331e0acef8229fb05e5141f806
	SHA1	538c1077c2f8d6b81943469753742d7da915abaf
	SHA256	89999176db2782b654e79a5a8a8e0454c8d8f6ebc2f2cc1550e2e0b95f5557c5
SSDeep	3072:d+OS2Zn1pMBgwm6gX0lqpFyndM7pzf8dL0sSlgbGedPE:IKeBgwm6E0k4wzWlbbGehE
Size	133632 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.ZPACK.Gen2 Avast = Win32:Diller-DK [Trj] Ikarus = Trojan.Win32.Webprefix Panda = Suspicious file K7AntiVirus = Riskware Emsisoft = Trojan.Win32.Webprefix!IK Comodo = UnclassifiedMalware TrendMicro = TROJ_GEN.R47C7EI Microsoft = Trojan:Win32/Vundo.gen!CB Fortinet = W32/Ponmocup.AZ!tr F-Secure = Gen:Variant.Barys.2376 VIPRE = Virtumonde AVG = Agent3.BKVM Norman = W32/Troj_Generic.BTXDJ Sophos = Troj/Virtum-Gen GData = Gen:Variant.Barys.2376 BitDefender = Gen:Variant.Barys.2376 NOD32 = a variant of Win32/Ponmocup.BM
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:29 10:45:17-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 86016 Initialized Data Size : 57344 Uninitialized Data Size : 0 Entry Point : 0xc4c5 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-05-21 04:31:25
VirusShare info last updated 2012-07-26 03:51:10

	MD5	f952c1e3c1a11ffb477cb14e6b930bea
	SHA1	40b5005febabe41a6e52dbeb784579f671c7eb90
	SHA256	c4e31820a77fb3b2c5ff3854b73cbda20667b5ef503eac4d1c54c592eed842c2
SSDeep	1536:rjUkPHQOr6fPhIr71oq8fNXMOQwKeZHflfcpxzKgONH8SJ+14H+3C:jHQOr6s71/y+e5OKEf4cC
Size	100000 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	Avast = Win32:Pirminay-G [Trj] Ikarus = Trojan.Win32.Pirminay TrendMicro-HouseCall = TROJ_DLOADR.SMWQ Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Downloader-CEW.ag TrendMicro = TROJ_DLOADR.SMWQ Microsoft = TrojanDownloader:Win32/Renos.KC Fortinet = W32/Kryptik.ANL!tr Jiangmin = Trojan/Pirminay.hz McAfee = Downloader-CEW.ag F-Secure = Gen:Variant.Graftor.6659 AVG = Generic20.BYQX Norman = W32/Kryptik.AIF Sophos = Mal/Ponmocup-A GData = Gen:Variant.Graftor.6659 TheHacker = Trojan/Pirminay.bwf BitDefender = Gen:Variant.Graftor.6659
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:08:31 20:40:09-04:00 PE Type : PE32 Linker Version : 5.12 Code Size : 16384 Initialized Data Size : 532480 Uninitialized Data Size : 0 Entry Point : 0x40f6 OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI Warning : Error processing PE data dictionary
VirusTotal Report submitted 2012-05-15 05:03:02
VirusShare info last updated 2012-07-26 03:53:34

	MD5	3b0b4749f07db257c049f39a76309163
	SHA1	a7c3bef9ef660f85b55bcde514d4b085be1b2832
	SHA256	beef7109e8dcf8b212354e177fa7e81b53065c2da483518dd013c1f022bc85dd
SSDeep	3072:9/Gb/KxOZbx+9hpva68XBE/nL/4Blz6zuFec:BGb/Ksb89hpS68RSL/Iec
Size	143360 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Graftor.20394.1 Avast = Win32:Diller-DK [Trj] Ikarus = Win32.Diller Panda = Suspicious file Emsisoft = Win32.Diller!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Artemis!3B0B4749F07D Microsoft = Trojan:Win32/Vundo.gen!CB Fortinet = W32/Ponmocup.AZ!tr McAfee = Artemis!3B0B4749F07D F-Secure = Gen:Variant.Graftor.20394 VIPRE = Virtumonde AVG = Generic27.CAVQ Norman = W32/Troj_Generic.BUEVE GData = Gen:Variant.Graftor.20394 BitDefender = Gen:Variant.Graftor.20394 NOD32 = a variant of Win32/Ponmocup.BW
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2012:04:03 20:00:00-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 86016 Initialized Data Size : 53248 Uninitialized Data Size : 0 Entry Point : 0xc831 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-05-17 00:38:07
VirusShare info last updated 2012-07-26 04:01:38

	MD5	5d95e141d380543b738f4e3acd65abc7
	SHA1	d027a1102d680cc23065e4b93d549958b626e0c7
	SHA256	50cb7edf554d1f4913c6ce3a82cca2dcd1c566ba8ec37f2f0c024ed0b96f0a2e
SSDeep	3072:ODIw9Vrl+LiVrQcU3Z+tH/aPtgVVVVOQ:ODh95lBUU5z
Size	126976 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.ZPACK.Gen2 Avast = Win32:Diller-V [Trj] Antiy-AVL = Backdoor/Win32.Ulrbot.gen Ikarus = Backdoor.Win32.Ulrbot AhnLab-V3 = Trojan/Win32.Vundo VBA32 = Backdoor.Ulrbot.ccx TrendMicro-HouseCall = TROJ_PONMOCUP_0000003.TOMA Emsisoft = Backdoor.Win32.Ulrbot!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Artemis!5D95E141D380 DrWeb = BackDoor.Xbot.826 TrendMicro = H2_AGENT_010255.TOMB Kaspersky = Backdoor.Win32.Ulrbot.czk ViRobot = Backdoor.Win32.A.Ulrbot.126976 Microsoft = Trojan:Win32/Vundo.gen!AZ Fortinet = W32/Ulrbot.CZK!tr.bdr McAfee = Artemis!5D95E141D380 F-Secure = Gen:Variant.Graftor.15202 VIPRE = Virtumonde AVG = Downloader.Agent2.AZHZ Norman = W32/Troj_Generic.BZSGL Sophos = Troj/Virtum-Gen GData = Gen:Variant.Graftor.15202 BitDefender = Gen:Variant.Graftor.15202 NOD32 = a variant of Win32/Ponmocup.AD
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2012:01:28 19:00:00-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 73728 Initialized Data Size : 49152 Uninitialized Data Size : 0 Entry Point : 0x18ef OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-06-05 13:08:42
VirusShare info last updated 2012-07-26 04:04:49

	MD5	6613a67489000b3e0ffbc47c3ff10db8
	SHA1	84a2390ed297b77a1d7a7b8a596a15a8aef722ef
	SHA256	43faea58e704e8bf8b4aca80462021dc9d266560da1e9a817441c16b7aad21b1
SSDeep	3072:gVwFTzQ0FBZ/TpN/zxO8lDZb5jtpqRVdV:gVRUBNTDUcF5B
Size	139264 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	Avast = Win32:Diller-DK [Trj] Ikarus = Trojan.Win32.Webprefix Panda = Suspicious file Emsisoft = Trojan.Win32.Webprefix!IK McAfee-GW-Edition = Artemis!6613A6748900 Fortinet = W32/Ponmocup.AZ!tr McAfee = Artemis!6613A6748900 F-Secure = Gen:Variant.Graftor.24270 VIPRE = Trojan.Win32.Generic!BT AVG = Agent3.BNSX GData = Gen:Variant.Graftor.24270 BitDefender = Gen:Variant.Graftor.24270 NOD32 = a variant of Win32/Ponmocup.CB
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:01:21 01:37:25-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 77824 Initialized Data Size : 61440 Uninitialized Data Size : 0 Entry Point : 0xa26f OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 3.0.0.0 Product Version Number : 3.0.0.0 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Yeoelupsd File Description : RegWizExe File Version : 3, 0, 0, 1 Internal Name : RegWizExe Legal Copyright : Copyright © 1998 Original Filename : RegWiz.exe Product Name : RegWizExe Product Version : 3, 0, 0, 1
VirusTotal Report submitted 2012-05-15 00:53:03
VirusShare info last updated 2012-07-26 04:05:39

	MD5	80ed87db8b9d84cd69215777d7fe6a8b
	SHA1	27b5c3d5b19634ce7f34f7c1a9f223689bbb684e
	SHA256	182cf5463664cf33c64c9000709a31d059bda1e80433360f51f85e11cdb0da06
SSDeep	3072:mLtvinOGRAk7jBOuB5qGNUA+7brXWvXLOXeDb3oSHKsa5hKvwvB:qRc5RAk7jBOuFNUB72i/AaSvwp
Size	147456 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	Avast = Win32:Diller-AF [Trj] Panda = Suspicious file nProtect = Trojan.Generic.KDV.624129 Fortinet = W32/Ponmocup.AZ!tr McAfee = Artemis!80ED87DB8B9D F-Secure = Trojan.Generic.KDV.624129 VIPRE = Trojan.Win32.Generic!BT AVG = Generic_r.AWL GData = Trojan.Generic.KDV.624129 Symantec = WS.Reputation.1 BitDefender = Trojan.Generic.KDV.624129 NOD32 = a variant of Win32/Ponmocup.CJ
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2012:05:02 20:00:00-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 90112 Initialized Data Size : 57344 Uninitialized Data Size : 0 Entry Point : 0xcafd OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-05-17 00:48:05
VirusShare info last updated 2012-07-26 04:08:06

	MD5	99757bbc2b1833ed8f0c076f72aed0b6
	SHA1	022511d8f1baf4ad7222560dd383b839295b8f37
	SHA256	2ab44b553935b32f4b11d0e48f73a17e470f36f8d127f5f0620f2a8e7f738aee
SSDeep	1536:2qcC5oMGaG5xrIUh/UrmXZgoKGfJZKAcAEcm6hbD93ugyk5e4U7n5Iu:2G5Ax/crmXZgVIqATH9eg/5eXz5Iu
Size	100000 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	Avast = Win32:Pirminay-H [Trj] Ikarus = Trojan-Downloader.Win32.Ponmocup Panda = Trj/CI.A nProtect = Trojan.Generic.5384705 TrendMicro-HouseCall = TROJ_DLOADR.SMWQ Emsisoft = Trojan-Downloader.Win32.Ponmocup!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Downloader-CEW.ag TrendMicro = TROJ_DLOADR.SMWQ Fortinet = W32/Ponmocup.A!tr Jiangmin = Trojan/Generic.duhi McAfee = Downloader-CEW.ag F-Secure = Trojan.Generic.5384705 AVG = Downloader.Generic10.BUYR Norman = W32/Troj_Generic.dam Sophos = Mal/Ponmocup-A GData = Trojan.Generic.5384705 TheHacker = Trojan/Kryptik.kwl BitDefender = Trojan.Generic.5384705 NOD32 = a variant of Win32/Kryptik.KWL
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:08:16 05:58:39-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 57344 Initialized Data Size : 614400 Uninitialized Data Size : 0 Entry Point : 0xe142 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI Warning : Error processing PE data dictionary
VirusTotal Report submitted 2012-05-16 15:35:21
VirusShare info last updated 2012-07-26 04:10:20

	MD5	99bfd740bf2e702fdbf875389d6753b3
	SHA1	4f37c15c0544704ed06b88486ac3b6a7dfc82248
	SHA256	e87294c7ad692793052f0c9cb4b8c3b94cc871c9dd45b4ad3e901ef30ae338f2
SSDeep	3072:J2XDGO4CW5V4k6X9IMaWJliyu+l9/6zTR2hmG5l35:JwGO4/516XLJle+TSHR85
Size	141312 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Barys.2376.53 Avast = Win32:Diller-AF [Trj] Ikarus = Win32.SuspectCrc Emsisoft = Win32.SuspectCrc!IK McAfee-GW-Edition = Artemis!99BFD740BF2E Fortinet = W32/Ponmocup.AZ!tr McAfee = Artemis!99BFD740BF2E F-Secure = Gen:Variant.Barys.2376 VIPRE = Trojan.Win32.Generic!BT AVG = Generic28.AGDI GData = Gen:Variant.Barys.2376 BitDefender = Gen:Variant.Barys.2376 NOD32 = a variant of Win32/Ponmocup.CI
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2012:05:05 20:00:00-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 94208 Initialized Data Size : 57344 Uninitialized Data Size : 0 Entry Point : 0xdc3b OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-06-05 21:52:59
VirusShare info last updated 2012-07-26 04:10:22

	MD5	9c72f83dab62742c377cb1fb87e8a265
	SHA1	14b2aef5d4b47c6e2d66281c3420d947ba92f7a1
	SHA256	7f36405b94836e3d256edcd164dbb320fac3462ef14023ef1dd2c7a1a908e82b
SSDeep	3072:U2XDGO4CW5V4YX9IMaWJliyu+lVQ6zTR2emG5lL5:UwGO4/5RXLJle+3JHRD5
Size	141312 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	Avast = Win32:Diller-AF [Trj] Comodo = UnclassifiedMalware Fortinet = W32/Ponmocup.AZ!tr F-Secure = Gen:Variant.Graftor.26150 VIPRE = Trojan.Win32.Generic!BT AVG = Generic28.AGDI GData = Gen:Variant.Graftor.26150 BitDefender = Gen:Variant.Graftor.26150 NOD32 = a variant of Win32/Ponmocup.CI
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2012:05:05 20:00:00-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 94208 Initialized Data Size : 57344 Uninitialized Data Size : 0 Entry Point : 0xdc3b OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-05-17 07:58:51
VirusShare info last updated 2012-07-26 04:10:42

	MD5	d608b8f39fdfa2b0a73ffd72f09e49e2
	SHA1	994462c04cde95d39fb06ccc48a49c74e5472a62
	SHA256	177e6ec869e4bd377a77c4598ec103a103e9f21760f1b763feb40e7a6cf03602
SSDeep	3072:nQgoQuUsvG30Wf8LAaQk0TFZXM7fYu4TsfqwlPllfyZ:pnAi0n8k0TFO7gElLf
Size	139776 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Rogue.kdv.626973 Avast = Win32:Diller-AF [Trj] Ikarus = Trojan.Win32.Pirminay nProtect = Trojan.Generic.KDV.626973 K7AntiVirus = Riskware Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK Fortinet = W32/Ponmocup.AZ!tr F-Secure = Trojan.Generic.KDV.626973 VIPRE = Trojan.Win32.Generic!BT AVG = Generic28.AAWF Norman = W32/Kryptik.AIF GData = Trojan.Generic.KDV.626973 BitDefender = Trojan.Generic.KDV.626973 NOD32 = a variant of Win32/Kryptik.ADVZ
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2012:05:05 20:00:00-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 90112 Initialized Data Size : 53248 Uninitialized Data Size : 0 Entry Point : 0xd5b9 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-05-22 06:40:32
VirusShare info last updated 2012-07-26 04:15:31

	MD5	ef4ba9b92ff2527b3dd05dd1f2188b74
	SHA1	e65a44a44d5454c1963e77bc4db6491f50fe2f8a
	SHA256	cd810392795dd66accce6cd6a1618872cb3047cb6029343382a45f9cd6fcc9a1
SSDeep	1536:jNiZdb6BOgLdvOzOXF1h4un0/kq8Dx+897Fz35kxmDjISYwXg+WjhUHK:5iZdb6B9hvZfh4f8oC35MmDjIa1W
Size	106496 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.ZPACK.Gen2 Avast = Win32:Diller-DK [Trj] Ikarus = Trojan.Win32.Pirminay Panda = Suspicious file K7AntiVirus = Riskware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Artemis!EF4BA9B92FF2 Microsoft = Trojan:Win32/Vundo.gen!CB Fortinet = W32/Ponmocup.AZ!tr McAfee = Artemis!EF4BA9B92FF2 F-Secure = Gen:Variant.Barys.2838 VIPRE = Virtumonde AVG = Generic_s.EZ Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Barys.2838 BitDefender = Gen:Variant.Barys.2838 NOD32 = Win32/Ponmocup.AA
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:10:31 07:30:40-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 53248 Initialized Data Size : 53248 Uninitialized Data Size : 0 Entry Point : 0x39bb OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-05-27 18:28:58
VirusShare info last updated 2012-07-26 04:17:14

	MD5	f81f800e543689b74ada391e4295beb8
	SHA1	8387a457e1b8c5fb403cd83c65af07b0d135ab78
	SHA256	1e340519d042a9f256ff8e6640094ae461fe07f718f02b6c1282f54df4bcb448
SSDeep	3072:ORV9Vrl+LiVrQ0qK34VV4Gy1PtWVVVVOQ:OX95lqLp
Size	126976 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.ZPACK.Gen2 Avast = Win32:Diller-V [Trj] Antiy-AVL = Backdoor/Win32.Ulrbot.gen Ikarus = Backdoor.Win32.Ulrbot VBA32 = Backdoor.Ulrbot.ccx Emsisoft = Backdoor.Win32.Ulrbot!IK CAT-QuickHeal = Trojan.Vundo.az McAfee-GW-Edition = Artemis!F81F800E5436 DrWeb = BackDoor.Xbot.826 Kaspersky = Backdoor.Win32.Ulrbot.cyn Microsoft = Trojan:Win32/Vundo.gen!AZ ViRobot = Backdoor.Win32.A.Ulrbot.126976 Fortinet = W32/Virtum!tr McAfee = Artemis!F81F800E5436 F-Secure = Gen:Variant.Graftor.15202 AVG = Downloader.Agent2.AZHZ Norman = W32/Troj_Generic.BUTFQ Sophos = Troj/Virtum-Gen GData = Gen:Variant.Graftor.15202 BitDefender = Gen:Variant.Graftor.15202 NOD32 = a variant of Win32/Ponmocup.AD
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2012:01:29 19:00:00-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 73728 Initialized Data Size : 49152 Uninitialized Data Size : 0 Entry Point : 0x18ef OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-05-19 12:45:48
VirusShare info last updated 2012-07-26 04:17:52

	MD5	fe5b83380a2778873ef987f7d64952b4
	SHA1	80b84e68fd3bc4b8c5db760ee90229c2fce43537
	SHA256	6c15dbead9f1560cf64b01bff04a6f95c1d8e065247fbd6d8f828e9352f75dc7
SSDeep	1536:RoMM63CjE90Gs60BIZGOMyORKG2aY3SEgXRGX4nckFDjYjS/oFunNdzEHZ3I615:RooCIs6YI5MyO83SpncODAyEHZ3I
Size	102912 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.ZPACK.Gen2 Avast = Win32:Diller-DK [Trj] Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Webprefix AhnLab-V3 = Trojan/Win32.Diller Panda = Trj/Genetic.gen VirusBuster = Trojan.Ponmocup.Gen Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Webprefix!IK McAfee-GW-Edition = Artemis!FE5B83380A27 Microsoft = Trojan:Win32/Vundo.gen!CB Fortinet = W32/Ponmocup.AZ!tr Jiangmin = Trojan/Genome.bmkf McAfee = Artemis!FE5B83380A27 F-Secure = Gen:Variant.Graftor.19650 VIPRE = Trojan.Win32.Generic!BT AVG = Agent3.BKWD Norman = W32/Troj_Generic.BXLOR GData = Gen:Variant.Graftor.19650 BitDefender = Gen:Variant.Graftor.19650 NOD32 = a variant of Win32/Ponmocup.BN
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2012:03:22 20:00:00-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 57344 Initialized Data Size : 49152 Uninitialized Data Size : 0 Entry Point : 0x5309 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-05-27 22:42:46
VirusShare info last updated 2012-07-26 04:18:22

	MD5	02da1d62efdb1261773c3c380d6e98e1
	SHA1	9a54d770543bc7629be1fd9bc8376cc2f1ab6360
	SHA256	135c76ff11a8feff383f3b43c10989ecfd9ce1aaeee57c2a40a40b3f075210f6
SSDeep	3072:kJ2XDGO4CW5V47X9dM0+BDiUNGhI8zoyXz+1GP5lM:2wGO4/5CXUBDPG+8zoo8
Size	151552 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Graftor.26150 Avast = Win32:Diller-AF [Trj] Ikarus = Win32.SuspectCrc K7AntiVirus = Riskware Emsisoft = Win32.SuspectCrc!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Artemis!02DA1D62EFDB Fortinet = W32/Ponmocup.AZ!tr McAfee = Artemis!02DA1D62EFDB F-Secure = Gen:Variant.Graftor.26150 VIPRE = Trojan.Win32.Generic!BT AVG = Generic_r.AWP Norman = W32/Suspicious_Gen4.AGKRE GData = Gen:Variant.Graftor.26150 BitDefender = Gen:Variant.Graftor.26150 NOD32 = a variant of Win32/Ponmocup.CI
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2012:05:06 20:00:00-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 94208 Initialized Data Size : 57344 Uninitialized Data Size : 0 Entry Point : 0xdc3b OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-05-18 03:33:57
VirusShare info last updated 2012-07-26 04:18:57

	MD5	1ef66c43354c08f4cdbe5aa36957c247
	SHA1	785107410cd801230ac451b58426d226900fc993
	SHA256	edf5150213e261f23860deb1ec7f1ed3d44bf8413dfed05f6f945300b5c2bf3f
SSDeep	1536:8ZeW6oi4sy3s42B6p68LijJjTmV9AiOnUQY89sFp8lNBFItRRPHpUK3:8qAzJLihT8j8z/fItrP
Size	147456 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Graftor.173521 Avast = Win32:Diller-DK [Trj] Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Webprefix AhnLab-V3 = Trojan/Win32.Vundo Panda = Trj/Genetic.gen K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_GEN.R30CDEU Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Webprefix!IK CAT-QuickHeal = Trojan.Vundo McAfee-GW-Edition = Artemis!1EF66C43354C TrendMicro = TROJ_GEN.R30CDEU Microsoft = Trojan:Win32/Vundo.gen!CA Fortinet = W32/Ponmocup.AZ!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.HUP!genus McAfee = Artemis!1EF66C43354C F-Secure = Gen:Variant.Graftor.17350 F-Prot = W32/Agent.OG.gen!Eldorado AVG = Agent3.BJSG Sophos = Troj/Virtum-Gen GData = Gen:Variant.Graftor.17350 Symantec = Trojan.Gen.2 Commtouch = W32/Agent.OG.gen!Eldorado TheHacker = Trojan/Ponmocup.bd BitDefender = Gen:Variant.Graftor.17350 NOD32 = a variant of Win32/Ponmocup.BD
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:03:27 18:28:44-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 69632 Initialized Data Size : 77824 Uninitialized Data Size : 0 Entry Point : 0x16ed OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Event Create File Version : 5.1.2600.0 (xpclient.010817-1148) Internal Name : EventCreate.exe Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : EvCreate.exe Product Name : Microsoft® Windows® Operating System Product Version : 5.1.2600.0
VirusTotal Report submitted 2012-06-01 01:01:40
VirusShare info last updated 2012-07-26 04:21:59

	MD5	2a4ba9da5ed456a87b969f357c0d1252
	SHA1	ecc38d007d423e29ce74e51dccdb9d29fe6ad84c
	SHA256	ca4bef2e8115990cd74cb2429b415fac18c9076e49a53b49234c94c1111b3011
SSDeep	3072:g8KJdFskM+6Y5sWyfX6Q1V5Ifm88liv3YD8UdJShfF1:g8KvFsb+JdwqQ13im8QJ0
Size	143360 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.PU.8 Avast = Win32:Diller-DK [Trj] Ikarus = Win32.Diller Panda = Suspicious file Comodo = UnclassifiedMalware Emsisoft = Win32.Diller!IK Microsoft = Trojan:Win32/Vundo.PU Fortinet = W32/Ponmocup.AZ!tr F-Secure = Gen:Variant.Graftor.26543 VIPRE = Virtumonde AVG = Agent3.BPTN GData = Gen:Variant.Graftor.26543 Symantec = Trojan.Gen.2 BitDefender = Gen:Variant.Graftor.26543 NOD32 = a variant of Win32/Ponmocup.CN
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2007:12:09 11:43:34-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 73728 Initialized Data Size : 69632 Uninitialized Data Size : 0 Entry Point : 0x91ed OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.0.0.3422 Product Version Number : 2.0.0.3422 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : Chinese (Simplified) Character Set : Unicode Comments : Company Name : Vphwneqrk Susteztwucd File Description : Qxhzddoia Agent International Dll File Version : 2.00.0.3422 Internal Name : agt0804 Legal Copyright : Copyright (C) Qtuzfzodq Corp. 1998 Legal Trademarks : Original Filename : agt0804.dll Private Build : Product Name : Ijnqtzvar Agent International Dll Product Version : 2.00.0.3422 Special Build :
VirusTotal Report submitted 2012-05-27 20:28:37
VirusShare info last updated 2012-07-26 04:22:56

	MD5	69388d53ac9c3d7d8165abccea0d63b7
	SHA1	0b2e27a16a3e98f4a5e43a302879dcdfd7a32fbe
	SHA256	a424d7d2b8acaf3ff34873047a2bd61bdeade5d24fce54300e26dd95fe7cc048
SSDeep	6144:Vw14Av/iVZmtK+AgOO/BAmwRjs4l21I1Aw:SBi3mtK+AgtpjMBl/uw
Size	251775 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Drop.Swisyn.J Avast = Win32:Trojan-gen Ikarus = Trojan-Dropper.Agent AhnLab-V3 = Downloader/Win32.Agent Panda = Trj/Qhost.LU nProtect = Trojan.Generic.4175952 K7AntiVirus = Trojan-Downloader VirusBuster = Trojan.DL.Agent!CZ3GiDj/01I VBA32 = Win32.TrojanDownloader.Agent.PXO TrendMicro-HouseCall = TROJ_GEN.R1BC2G4 Comodo = TrojWare.Win32.Downloader.Agent.dwde Emsisoft = Trojan-Dropper.Agent!IK McAfee-GW-Edition = Artemis!69388D53AC9C DrWeb = Trojan.DownLoad2.7218 TrendMicro = TROJ_GEN.R1BC2G4 Kaspersky = Trojan-Downloader.Win32.Agent.dwde Microsoft = TrojanDownloader:Win32/Ponmocup.A ViRobot = Trojan.Win32.A.Downloader.248703[UPX] Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.ADH Jiangmin = Trojan/Agent.dxyi McAfee = Artemis!69388D53AC9C ClamAV = Trojan.Agent-291926 F-Secure = Trojan.Generic.4175952 VIPRE = Trojan-Dropper.Win32.Ponmocup.QHost F-Prot = W32/TrojanX.EQUM AVG = SHeur3.ACBP Norman = W32/Suspicious_Gen2.CFIPN Sophos = Mal/Generic-L GData = Trojan.Generic.4175952 Symantec = Trojan.ADH Commtouch = W32/TrojanX.EQUM TheHacker = Trojan/Downloader.Agent.dwde BitDefender = Trojan.Generic.4175952 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:03:30 09:18:30-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 241664 Initialized Data Size : 12288 Uninitialized Data Size : 348160 Entry Point : 0x90210 OS Version : 4.0 Image Version : 8.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-06-05 15:47:29
VirusShare info last updated 2012-07-26 04:28:16

	MD5	6cdda72fb3a2ee6b4dadc118da8bfd8a
	SHA1	3d461f6c05a5b4bdd7ee746c67c439f9c07ac7d7
	SHA256	9b8cf8338ba27db1b763558179f58c02f641344fc8268fe4089f0cca8002d314
SSDeep	3072:12XDGO4CW5V4kB0X9dM0+BDiUNGhx8zoyX2+1GP5lk:1wGO4/5PB0XUBDPGr8zoo9
Size	151552 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Graftor.26150.25 Avast = Win32:Diller-AF [Trj] Ikarus = Win32.SuspectCrc K7AntiVirus = Riskware Emsisoft = Win32.SuspectCrc!IK McAfee-GW-Edition = Artemis!6CDDA72FB3A2 Fortinet = W32/Ponmocup.AZ!tr McAfee = Artemis!6CDDA72FB3A2 F-Secure = Gen:Variant.Graftor.26150 VIPRE = Trojan.Win32.Generic!BT AVG = Generic_r.AWP GData = Gen:Variant.Graftor.26150 BitDefender = Gen:Variant.Graftor.26150 NOD32 = a variant of Win32/Ponmocup.CI
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2012:05:06 20:00:00-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 94208 Initialized Data Size : 57344 Uninitialized Data Size : 0 Entry Point : 0xdc3b OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-06-06 16:28:47
VirusShare info last updated 2012-07-26 04:28:34

	MD5	6f0d30b2541323d0ecf8c65c19ea67e0
	SHA1	a87a59dab7d8e131b51320adf982454772223024
	SHA256	161352aeac36662131ad1edac089925ff7f5e6f878dc8204170a296de3213aa6
SSDeep	3072:twmsBCE53HPiTgO+rCymxu5tGVdlZ4Z8:emsBCE5XPeJ+rdI
Size	135168 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	Avast = Win32:Diller-AF [Trj] Ikarus = Trojan.Win32.Webprefix K7AntiVirus = Riskware Emsisoft = Trojan.Win32.Webprefix!IK McAfee-GW-Edition = Artemis!6F0D30B25413 Fortinet = W32/Ponmocup.AZ!tr PCTools = Trojan.Gen McAfee = Artemis!6F0D30B25413 F-Secure = Gen:Variant.Barys.2376 VIPRE = Trojan.Win32.Generic!BT AVG = Agent3.BPWF Symantec = Trojan.Gen.2 GData = Gen:Variant.Barys.2376 BitDefender = Gen:Variant.Barys.2376 NOD32 = a variant of Win32/Ponmocup.CM
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2012:05:15 20:00:00-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 77824 Initialized Data Size : 57344 Uninitialized Data Size : 0 Entry Point : 0x9c8f OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-05-30 03:05:18
VirusShare info last updated 2012-07-26 04:28:47

	MD5	746b97a6553607b1bf2f04159913185a
	SHA1	c5e8464304fc3b8cc1abb01605c4278e5d73f796
	SHA256	b41c2ff0ea9f37c4d964cc7aa890d4027543cdd7ce6b584bb9efc1d5b157222c
SSDeep	3072:I+t2XDGO4CW5V4+X9dM0+BDiUNGhg8zoyX9+1GP5ll:9twGO4/5vXUBDPGy8zooD
Size	151552 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Barys.2376.26 Avast = Win32:Diller-AF [Trj] Ikarus = Win32.SuspectCrc Comodo = UnclassifiedMalware Emsisoft = Win32.SuspectCrc!IK McAfee-GW-Edition = Artemis!746B97A65536 Fortinet = W32/Ponmocup.AZ!tr PCTools = Trojan.Gen McAfee = Artemis!746B97A65536 F-Secure = Gen:Variant.Barys.2376 VIPRE = Trojan.Win32.Generic!BT AVG = Generic_r.AWP GData = Gen:Variant.Barys.2376 Symantec = Trojan.Gen.2 BitDefender = Gen:Variant.Barys.2376 NOD32 = a variant of Win32/Ponmocup.CI
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2012:05:06 20:00:00-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 94208 Initialized Data Size : 57344 Uninitialized Data Size : 0 Entry Point : 0xdc3b OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-06-01 23:33:11
VirusShare info last updated 2012-07-26 04:29:12

	MD5	75c770aabc9489c816304d9e0e90aad9
	SHA1	6c4e343fb6dbf0eb05b07d4f88b3a41c5698991d
	SHA256	cc1c4db12d6b50f3cc5ddd0d3372c2ca497b72ca8e184c09c05f5b06c07bf634
SSDeep	1536:HuL9luS961OUNJ92BMZN8Li5IpZwVm6TfWsPgwk9Owty2:kJ9VYYLiWcBesPgwk9OwtD
Size	115200 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.ZPACK.Gen2 Avast = Win32:Diller-DK [Trj] Ikarus = Trojan.Win32.Webprefix K7AntiVirus = Riskware Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Webprefix!IK McAfee-GW-Edition = Artemis!75C770AABC94 Fortinet = W32/Ponmocup.AZ!tr McAfee = Artemis!75C770AABC94 F-Secure = Gen:Variant.Graftor.17016 AVG = Agent3.BJFF Norman = W32/Troj_Generic.BYHYD GData = Gen:Variant.Graftor.17016 BitDefender = Gen:Variant.Graftor.17016 NOD32 = Win32/Ponmocup.AX
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:03:23 15:38:30-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 69632 Initialized Data Size : 49152 Uninitialized Data Size : 0 Entry Point : 0x16d7 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-05-30 14:53:48
VirusShare info last updated 2012-07-26 04:29:19

	MD5	869ec7577b236aaf944f702114d1f7c2
	SHA1	72b5fb52ccc62520dcb40ae526e596dc149f8930
	SHA256	3b13f6ef416f0f6c4fffb77858dd0a343bb2e247ca5c22ebf71c5c933be0fa69
SSDeep	1536:q+s7R3sAZYDHzrvtJLr6M7Ba44aWncCHlP2sfwSFRIZQ:ORZYTzrvtJvP7BYZFP2sfwSHIZQ
Size	69120 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.avgma Antiy-AVL = AdWare/Win32.SuperJuan.gen Ikarus = not-a-virus:AdWare.Win32.SuperJuan AhnLab-V3 = Adware/Win32.SuperJuan Panda = Suspicious file nProtect = Trojan-Clicker/W32.SuperJuan.69120 K7AntiVirus = Adware VBA32 = AdWare.SuperJuan.afzl eTrust-Vet = Win32/Adware.OS!genus Emsisoft = Riskware.AdWare.Win32.SuperJuan!IK Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Vundo McAfee-GW-Edition = Artemis!869EC7577B23 DrWeb = Trojan.Juan.700 Kaspersky = not-a-virus:AdWare.Win32.SuperJuan.afzs Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.UER!tr Jiangmin = Adware/SuperJuan.aox McAfee = Artemis!869EC7577B23 F-Secure = Gen:Variant.Graftor.4111 VIPRE = Trojan.Win32.Encpk.acf (v) AVG = Generic4.CHLH Sophos = Mal/EncPk-ACF Symantec = Trojan.Gen.2 GData = Gen:Variant.Graftor.4111 TheHacker = Trojan/Ponmocup.aa BitDefender = Gen:Variant.Graftor.4111 NOD32 = Win32/Ponmocup.AA
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:22 19:53:04-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 28672 Initialized Data Size : 49152 Uninitialized Data Size : 0 Entry Point : 0x15d5 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : Neutral Character Set : Unicode Company Name : Microsoft Corporation File Description : JP Japanese Keyboard Layout Stub driver File Version : 6.0.6000.16386 (vista_rtm.061101-2205) Internal Name : kbdjpn Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : kbdjpn.dll Product Name : Microsoft® Windows® Operating System Product Version : 6.0.6000.16386
VirusTotal Report submitted 2012-05-18 04:04:18
VirusShare info last updated 2012-07-26 04:30:53

	MD5	8f426aead0c632e394463c0ddbca2da0
	SHA1	1b8c32c4b4fb6e953b436184d0c7c203e6b1fc87
	SHA256	5892bb7b2394fb57fddf35c3114a56b44b1067aeda1656969518c160c3e0fc4f
SSDeep	3072:qTLmA2ib0oU3lvczTXwdPKF3xTelZStqL4t29SNlOe+UNvHEAO:2L92iVvzDwlFZIqu24vl
Size	163840 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Barys.2838.17 Avast = Win32:Diller-AF [Trj] Panda = Suspicious file K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_GEN.R47H1F5 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Ponmocup.AMN!A2 McAfee = Artemis!8F426AEAD0C6 F-Secure = Gen:Variant.Barys.2838 AVG = Generic_r.AYK GData = Gen:Variant.Barys.2838 BitDefender = Gen:Variant.Barys.2838
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2012:06:02 20:00:00-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 106496 Initialized Data Size : 53248 Uninitialized Data Size : 0 Entry Point : 0x115ff OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-06-07 01:10:45
VirusShare info last updated 2012-07-26 04:31:44

	MD5	9cd86a6cc2b76c4aba6959d3df62c382
	SHA1	604816e11ef13a80eb25517789df7958b2c21137
	SHA256	cd62c86f548c4c6eaff552a764976d6644a9079ca7d06b090c5b0f9844ff70ee
SSDeep	1536:w8Kzd148W7+toi93kf/ZAk0oyD3bQN9w2D24RS:mzfk+toi6ZAesM9hD2oS
Size	68608 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.ZPACK.Gen2 Avast = Win32:MalOb-HV [Cryp] Antiy-AVL = Trojan/Win32.Agent Ikarus = Trojan.SuspectCRC AhnLab-V3 = Adware/Win32.SuperJuan K7AntiVirus = Riskware VirusBuster = Trojan.Ponmocup!b+rsAoZYn3Q VBA32 = AdWare.SuperJuan.afzl Comodo = TrojWare.Win32.Kryptik.UER Emsisoft = Trojan.SuspectCRC!IK CAT-QuickHeal = Trojan.Vundo.Gen McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.Siggen3.63003 TrendMicro = TROJ_GEN.R47CDF5 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV ViRobot = Trojan.Win32.A.Agent.68608.N Fortinet = W32/Kryptik.UER!tr TotalDefense = Win32/Vundo.K!generic Jiangmin = Adware/SuperJuan.ape McAfee = Generic Malware.ms F-Secure = Gen:Variant.TDss.70 VIPRE = Trojan.Win32.Encpk.acf (v) F-Prot = W32/TDSS.S.gen!Eldorado AVG = Generic25.AJEW Sophos = Mal/EncPk-ACF GData = Gen:Variant.TDss.70 Commtouch = W32/TDSS.S.gen!Eldorado BitDefender = Gen:Variant.TDss.70 NOD32 = Win32/Ponmocup.AA
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 28672 Initialized Data Size : 49152 Uninitialized Data Size : 0 Entry Point : 0x15d5 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Zwhsgmnro Yauxlxrziur File Description : Mselsphym® Defrag Interface proxy/stub File Version : 6.0.6000.16386 (yabky_rtm.061101-2205) Internal Name : DFRGIFCPS.DLL Legal Copyright : © Wbyoxfjpy Rzceboptpzr. All rights reserved. Original Filename : DFRGIFCPS.DLL Product Name : Lktzjwezl® Xlsepwd® Wmvujwazz Pbjbki Product Version : 6.0.6000.16386
VirusTotal Report submitted 2012-06-06 10:22:55
VirusShare info last updated 2012-07-26 04:32:57

	MD5	d14b9621e278539c9aad961ecf57d0af
	SHA1	b05c1f74b6de4ad94f2aeeece2b494d11fa64dbd
	SHA256	1f6c32ad506d8b8f70b7bf68b9e4e27861454526f71925cd362261e4b2334834
SSDeep	1536:jpeS2KXh9tDvXtz+Xv9ego5BYiMHYvdvNRQda3BkeDD6ZE:n2KXtD/F+4YiM4BNRQda3B1DGZ
Size	84992 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Ponmocup.A Avast = Win32:Diller-AF [Trj] Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Win32.Diller AhnLab-V3 = Trojan/Win32.Gen Panda = Trj/CI.A K7AntiVirus = Riskware VirusBuster = Trojan.Ponmocup!DgaU+7sK9gA Comodo = UnclassifiedMalware Emsisoft = Win32.Diller!IK McAfee-GW-Edition = Artemis!D14B9621E278 Microsoft = Trojan:Win32/Vundo.gen!CA Fortinet = W32/Ponmocup.AA PCTools = Trojan.Gen McAfee = Artemis!D14B9621E278 F-Secure = Gen:Variant.Barys.569 VIPRE = Virtumonde eSafe = Win32.TRPonmocup.A F-Prot = W32/Agent.OG.gen!Eldorado AVG = Downloader.Agent2.AZHW Norman = W32/Troj_Generic.BZSVU Symantec = Trojan.Gen.2 Commtouch = W32/Agent.OG.gen!Eldorado TheHacker = Trojan/Ponmocup.aa BitDefender = Gen:Variant.Barys.569 NOD32 = Win32/Ponmocup.AA
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:03:14 14:04:01-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 45056 Initialized Data Size : 49152 Uninitialized Data Size : 0 Entry Point : 0x1c89 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-06-05 13:45:58
VirusShare info last updated 2012-07-26 04:38:04

	MD5	d76758304aa7c4c98e861ce7cee141f3
	SHA1	c6d8775e1a1556fceda29c2f0fcfcdf28f8ccfb7
	SHA256	5fe57075a21ac333e2bcf658bce33f8ec4735431ce970a2f40e882257639d010
SSDeep	3072:Ko1+GM8cmrYaCCTcoiuH8Yat7PsP+96YIC6vJuwrrlnOcB:KoIGM8J0ic9uH8Yk7k2EBC6vJvtZB
Size	147456 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Diller.A.3 Avast = Win32:Diller-DK [Trj] Ikarus = Trojan.Win32.Webprefix Panda = Suspicious file K7AntiVirus = Riskware Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Webprefix!IK Microsoft = Trojan:Win32/Vundo.gen!CB Fortinet = W32/Ponmocup.AZ!tr F-Secure = Gen:Variant.Barys.2376 VIPRE = Virtumonde AVG = Agent3.BLOB Norman = W32/Troj_Generic.BUQTX Sophos = Troj/Virtum-Gen GData = Gen:Variant.Barys.2376 BitDefender = Gen:Variant.Barys.2376 NOD32 = a variant of Win32/Ponmocup.BT
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2012:03:31 20:00:00-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 90112 Initialized Data Size : 53248 Uninitialized Data Size : 0 Entry Point : 0xd38d OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-05-20 14:05:49
VirusShare info last updated 2012-07-26 04:38:42

	MD5	df452ba64e11a351737b1f31979ffd18
	SHA1	011acb7cb2143e5903960dd0a3894f9206f9c3e9
	SHA256	e3dfc033601a56a65e7f7b278bf99f61d0b9eb2a652ecdf7f80534f10a912845
SSDeep	3072:BfHLmO0aChdcMX9KMPkBhiQsiBscmDynZeAS9l4iYk2lE8Z:BTmO0LhxX2BhOiBU3r9hF
Size	151552 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	Avast = Win32:Diller-AF [Trj] Ikarus = Trojan.Win32.Webprefix K7AntiVirus = Riskware Emsisoft = Trojan.Win32.Webprefix!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Artemis!DF452BA64E11 Fortinet = W32/Ponmocup.CI McAfee = Artemis!DF452BA64E11 F-Secure = Gen:Variant.Graftor.26150 VIPRE = Trojan.Win32.Generic!BT AVG = Agent3.BPNL Norman = W32/Suspicious_Gen5.ECAS GData = Gen:Variant.Graftor.26150 BitDefender = Gen:Variant.Graftor.26150 NOD32 = a variant of Win32/Ponmocup.CI
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2012:05:10 20:00:00-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 94208 Initialized Data Size : 57344 Uninitialized Data Size : 0 Entry Point : 0xdc8b OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-05-24 05:44:12
VirusShare info last updated 2012-07-26 04:39:26

	MD5	fa23ba354f53edc7cf34fe6d32b05b90
	SHA1	b618d11064b8f5fa6068910d858acda441721c48
	SHA256	54843e18ea1f18c83f678cebe9f48f4213ed819b6b610e8aab0b3c055376b972
SSDeep	1536:vXyR2GyaNRy8ILM1OCVFMYos6dD1qV60FN7Joj+BQxR7vxwyVGNmBxnYk3yNSRDU:fyRLyaELlEFZ6vqVy+QxTwupYSRDecq
Size	118784 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Diller.A.2 Avast = Win32:Diller-DK [Trj] Ikarus = Trojan.Win32.Webprefix Panda = Trj/Agent.JYA K7AntiVirus = Riskware Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Webprefix!IK DrWeb = Trojan.Siggen3.56956 Microsoft = Trojan:Win32/Vundo.gen!CB Fortinet = W32/Ponmocup.AZ!tr F-Secure = Gen:Variant.Barys.2146 VIPRE = Virtumonde AVG = Agent3.BIXW Norman = W32/Troj_Generic.BUZAU GData = Gen:Variant.Barys.2146 TheHacker = Trojan/Ponmocup.av BitDefender = Gen:Variant.Barys.2146 NOD32 = Win32/Ponmocup.AV
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2012:02:21 19:00:00-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 65536 Initialized Data Size : 53248 Uninitialized Data Size : 0 Entry Point : 0x692f OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-05-22 06:48:41
VirusShare info last updated 2012-07-26 04:42:14

	MD5	4d3be6759d2e474e71865b6ae32055fa
	SHA1	92351ad4c30f6153f695ff6f895243f7dbbf166f
	SHA256	0dcfdfec44b4eb20eddd42d6ce9544b50799d8c374650bd5928be70836382015
SSDeep	1536:Im3lFYSgJ9WoLgizBDecKunJzymvr3m2qhE:n3oJP1BDecKuJumjW2h
Size	61440 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.XPACK.Gen Avast = Win32:Suprchu [Adw] Antiy-AVL = Trojan/win32.agent Ikarus = Win32.SuspectCrc AhnLab-V3 = Trojan/Win32.HDC Rising = Trojan.Win32.Ponmocup.a K7AntiVirus = Riskware VirusBuster = Trojan.Ponmocup!Vr0AVd9InXA TrendMicro-HouseCall = TROJ_GEN.R11C7A9 Emsisoft = Win32.SuspectCrc!IK Comodo = TrojWare.Win32.Ponmocup.aa McAfee-GW-Edition = Generic Malware.ms TrendMicro = TROJ_GEN.R11C7A9 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.TMS!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.K!generic Jiangmin = DangerousObject.Multi.ebi McAfee = Generic Malware.ms F-Secure = Gen:Variant.Graftor.1470 VIPRE = Trojan.Win32.Encpk.acf (v) F-Prot = W32/GenTroj.A.gen!Eldorado AVG = Generic27.BME Norman = W32/Suspicious_Gen2.UOGGE Sophos = Troj/Virtum-Gen GData = Gen:Variant.Graftor.1470 Symantec = Trojan.Gen.2 Commtouch = W32/GenTroj.A.gen!Eldorado BitDefender = Gen:Variant.Graftor.1470 NOD32 = Win32/Ponmocup.AA
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 20480 Initialized Data Size : 45056 Uninitialized Data Size : 0 Entry Point : 0x13ea OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 2 Language Code : Neutral Character Set : Unicode Company Name : Hssrjumzs Haorlfduoke File Description : Ukrainian (Enhanced) Keyboard Layout File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : kbdur1 (3.13) Legal Copyright : © Pftklvmmi Gnjrgisidao. All rights reserved. Original Filename : kbdur1.dll Product Name : Dhciogscp® Glojntr® Pfriillyq System Product Version : 6.1.7600.16385
VirusTotal Report submitted 2012-06-06 16:25:53
VirusShare info last updated 2012-07-26 04:54:25

	MD5	4d5b045332e694abde8df4da897b5d35
	SHA1	e931a8f3c28f7f4cefa61e50313cbe3827c23da6
	SHA256	548330fd0f70971d6271e38641c21be57c40b72694fff1fa7fd691bfe1f8d679
SSDeep	12288:TwciAYBhG6h8QXgBzw+f6o2cqF4+I66sfF:EnA96tXgBM+fJt+I66OF
Size	425951 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.XPACK.Gen Avast = Win32:Malware-gen Antiy-AVL = Trojan/win32.agent.gen Ikarus = Trojan.Win32.Pirminay K7AntiVirus = Trojan VirusBuster = Trojan.DL.Agent!K4cco6WJ/c0 TrendMicro-HouseCall = TROJ_GEN.RFFC8E1 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = AdWare.Lop (Not a Virus) McAfee-GW-Edition = Artemis!4D5B045332E6 DrWeb = Trojan.Hosts.5875 TrendMicro = TROJ_GEN.RFFC8E1 Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Kryptik.ANL!tr PCTools = Adware.Lop!rem McAfee = Artemis!4D5B045332E6 F-Secure = Gen:Variant.Zbot.34 VIPRE = Trojan.Win32.Generic!BT AVG = Downloader.Generic12.BKKO Norman = W32/Kryptik.AIF Symantec = Adware.Lop GData = Gen:Variant.Zbot.34 BitDefender = Gen:Variant.Zbot.34 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:11:01 14:42:11-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 417792 Initialized Data Size : 397312 Uninitialized Data Size : 0 Entry Point : 0x66b26 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1.10.0.2 Product Version Number : 6.0.5479.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Brother Industries, Ltd. File Description : Dgsmeqd ME USB Mass-Storage Bulk-Only Lower Filter Driver File Version : 1.10.000 (vbl_wcp_d2_drivers.060616-1619) Internal Name : Legal Copyright : Copyright (C) Brother Industries, Ltd. 2001-2003 Original Filename : BrFiltLo.sys Product Name : RemovableDisk Product Version : 1.10.000
VirusTotal Report submitted 2012-06-02 21:47:12
VirusShare info last updated 2012-07-26 04:54:26

	MD5	5554eb0d161d3c452ad4a6ba4951470f
	SHA1	61aa09f0665fdbb8c7e67683406268ed39564bdf
	SHA256	337128268469319c06bd5333e830104ebbc8dce6908ed3cdbef91727a97046a4
SSDeep	1536:XzeW6oi4sy3s42B6p68LijJjTmDn84/LeDqpbovPsePrlOBFItAPHpUK3:XwAzJLihTE84/aDiYPlDsfItAP
Size	147456 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Graftor.173521 Avast = Win32:Diller-DK [Trj] Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Webprefix Panda = Trj/Genetic.gen K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_GEN.R4FCDEE Emsisoft = Trojan.Win32.Webprefix!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Artemis!5554EB0D161D TrendMicro = TROJ_GEN.R4FCDEE Microsoft = Trojan:Win32/Vundo.gen!CA Fortinet = W32/Ponmocup.AZ!tr TotalDefense = Win32/Vundo.HUP!genus Jiangmin = Trojan/Genome.bneb McAfee = Artemis!5554EB0D161D F-Secure = Gen:Variant.Graftor.17350 VIPRE = Virtumonde F-Prot = W32/Agent.OG.gen!Eldorado AVG = Agent3.BJSG Norman = W32/Suspicious_Gen4.WYFN Sophos = Troj/Virtum-Gen GData = Gen:Variant.Graftor.17350 Commtouch = W32/Agent.OG.gen!Eldorado TheHacker = Trojan/Ponmocup.bd BitDefender = Gen:Variant.Graftor.17350 NOD32 = a variant of Win32/Ponmocup.BD
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:03:27 18:28:44-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 69632 Initialized Data Size : 77824 Uninitialized Data Size : 0 Entry Point : 0x16ed OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Event Create File Version : 5.1.2600.0 (xpclient.010817-1148) Internal Name : EventCreate.exe Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : EvCreate.exe Product Name : Microsoft® Windows® Operating System Product Version : 5.1.2600.0
VirusTotal Report submitted 2012-06-06 13:48:20
VirusShare info last updated 2012-07-26 04:55:15

	MD5	6178c31be20ecadda5aa678e6d03b78a
	SHA1	d343ce60ab1d76c3dca5d0533486ac09ec0dac1e
	SHA256	2af9d1ced906058289317521150f2d97982be7be13be537fcd93c4f8756a2c91
SSDeep	6144:HPbQW8OrEHxpXyxTG8VAE+Z0lGeavJyf5R6IUIws1:HDQWZEHxpixIEplGjvC6VZY
Size	207966 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Jorik Ikarus = Trojan-Downloader.Win32.Ponmocup AhnLab-V3 = Trojan/Win32.Pirminay Panda = Suspicious file nProtect = Trojan.Generic.6460972 K7AntiVirus = Riskware VirusBuster = Trojan.DL.Agent!k8+I1R26onA VBA32 = Trojan.Jorik.Pirminay.asg TrendMicro-HouseCall = TROJ_GEN.R4FC7JF Emsisoft = Trojan-Downloader.Win32.Ponmocup!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Jorik.Pirminay.aqz McAfee-GW-Edition = Heuristic.LooksLike.Win32.Suspicious.B DrWeb = Trojan.DownLoader5.12521 TrendMicro = TROJ_GEN.R4FC7JF Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Agent.PXO!tr.dldr PCTools = Trojan.ADH Jiangmin = Trojan/Generic.kkfx McAfee = Artemis!6178C31BE20E F-Secure = Trojan.Generic.6460972 VIPRE = Trojan.Win32.Generic!BT AVG = Dropper.Generic4.ADSX Norman = W32/Suspicious_Gen2.RPJDM Sophos = Mal/Generic-L Symantec = Trojan.ADH GData = Trojan.Generic.6460972 TheHacker = Trojan/Downloader.Agent.pxo BitDefender = Trojan.Generic.6460972 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 16384 Initialized Data Size : 200704 Uninitialized Data Size : 0 Entry Point : 0x12a2 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2001.7.25.0 Product Version Number : 10.0.0.0 File Flags Mask : 0x003f File Flags : Pre-release, Private build File OS : Windows 16-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Windows, Latin1 Company Name : Iadgkddnq Rflbhymotsm File Description : Mzfnvpzjo Character Encoder File Version : 2001072500 Internal Name : msencode Legal Copyright : Copyright © 1996-2001 Dpwokgyty Rnuuwdvkidm. Legal Trademarks : Fsfspgeah® is a registered trademark of Nmvbsghsk Ovftffwlszh. Product Name : Bsrvjmvzb Character Encoder Product Version : 10.0 Comments :
VirusTotal Report submitted 2012-06-05 15:41:30
VirusShare info last updated 2012-07-26 04:56:19

	MD5	8612e1250468477385b1c0a0615f419b
	SHA1	ffd61e161a1d2a6671caa71916bcf597713858a4
	SHA256	5f9d8a6fe993ebdff7b266d8ee24d720fe6243381dfe7cb66ab11ee73c3563c9
SSDeep	12288:nvRFi55LuGwFJQOnAJdWkW0Ht5BmZUQeR3Sc1Vq1Ttj2WAndI:n5FivLuGGJQbXHoA3at6WQd
Size	425984 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Spy.425984.58 Avast = Win32:Diller-DK [Trj] Antiy-AVL = Trojan/win32.agent Ikarus = Trojan.Win32.Pirminay Panda = Generic Malware K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_GEN.R47C8EU Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Artemis!8612E1250468 DrWeb = Trojan.DownLoader6.9824 TrendMicro = TROJ_GEN.R47C8EU Kaspersky = HEUR:Trojan.Win32.Generic Fortinet = W32/Ponmocup.AA PCTools = Trojan.Milicenso Jiangmin = Trojan/Generic.aebmr McAfee = Generic.dx!b2p4 F-Secure = Gen:Trojan.Heur.Hype.AmW@a8fVHsc VIPRE = Trojan.Win32.Generic!BT AVG = Agent3.BQDW Norman = W32/Suspicious_Gen5.ECJV GData = Gen:Trojan.Heur.Hype.AmW@a8fVHsc Symantec = Trojan.Milicenso TheHacker = Trojan/Ponmocup.aa BitDefender = Gen:Trojan.Heur.Hype.AmW@a8fVHsc NOD32 = Win32/Ponmocup.AA
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 8.0 Code Size : 131072 Initialized Data Size : 294912 Uninitialized Data Size : 0 Entry Point : 0x1a862 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-06-05 10:50:16
VirusShare info last updated 2012-07-26 04:59:56

	MD5	c04489ba0a98a38da89de4230fe60cb3
	SHA1	177c6d7877f7519603685db3497498f320ecf2fe
	SHA256	eec765a975a3a353ea31fc21ee83461e5f2f20a8e7fefb3d17b2ebd5c4065403
SSDeep	3072:iFDt/054yxG3eKj/LIR2uHiQD/DbXbLBO+:iNKbweECbH
Size	115712 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Ponmocup.A Avast = Win32:Diller-AF [Trj] Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Webprefix K7AntiVirus = Riskware Emsisoft = Trojan.Win32.Webprefix!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Artemis!C04489BA0A98 DrWeb = Trojan.Click2.24142 Fortinet = W32/Ponmocup.AZ!tr McAfee = Artemis!C04489BA0A98 F-Secure = Gen:Variant.Graftor.15700 VIPRE = Trojan.Win32.Generic!BT AVG = Agent3.BHUA Norman = W32/Troj_Generic.BZRCJ GData = Gen:Variant.Graftor.15700 BitDefender = Gen:Variant.Graftor.15700 NOD32 = Win32/Ponmocup.AQ
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:11 01:09:45-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 69632 Initialized Data Size : 53248 Uninitialized Data Size : 0 Entry Point : 0x7faf OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-06-05 13:39:59
VirusShare info last updated 2012-07-26 05:05:30

	MD5	e58240fb3d039310cda01adb5e197d4a
	SHA1	12a4fa2a877b7f4c1f0269608c1c49110404035e
	SHA256	ca5f3cd134ad4d3509607df33c563dbf0c19347e29597fbea2684c29b91a27e0
SSDeep	3072:g8LdFskM+6Y5sWufn6Q1V5Ifm88lyv3YD8UdJSMfF1:g8RFsb+Jd06Q13im8QJL
Size	143360 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.PU.10 Avast = Win32:Diller-DK [Trj] Ikarus = Win32.Diller Panda = Trj/CI.A Emsisoft = Win32.Diller!IK Microsoft = Trojan:Win32/Vundo.PU Fortinet = W32/Ponmocup.AZ!tr F-Secure = Gen:Variant.Graftor.26543 VIPRE = Virtumonde AVG = Agent3.BPTN GData = Gen:Variant.Graftor.26543 Symantec = Trojan.Gen.2 BitDefender = Gen:Variant.Graftor.26543 NOD32 = a variant of Win32/Ponmocup.CN
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2007:12:09 11:43:34-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 73728 Initialized Data Size : 69632 Uninitialized Data Size : 0 Entry Point : 0x91ed OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.0.0.3422 Product Version Number : 2.0.0.3422 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : Chinese (Simplified) Character Set : Unicode Comments : Company Name : Vphwneqrk Susteztwucd File Description : Qxhzddoia Agent International Dll File Version : 2.00.0.3422 Internal Name : agt0804 Legal Copyright : Copyright (C) Qtuzfzodq Corp. 1998 Legal Trademarks : Original Filename : agt0804.dll Private Build : Product Name : Ijnqtzvar Agent International Dll Product Version : 2.00.0.3422 Special Build :
VirusTotal Report submitted 2012-05-27 22:02:42
VirusShare info last updated 2012-07-26 05:08:52

	MD5	12af8fc71936e0397e07c765e8b752d6
	SHA1	f956f0c4c515f12028818a540666c9962581d1a7
	SHA256	10c2fdf3c8152e16facfaec292c326532502d2ce2fe6ec35f9c52c5c975dd5b6
SSDeep	1536:Nsc9Ha+y58M+JbhDQDwbYlwO1aWFRTgthm0I1yc1YwFuL0T4Hakzdlj:daT8M+JkyYzFREhm0Ip2wFul6ulj
Size	89088 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.ZPACK.Gen2 Avast = Win32:Diller-DK [Trj] Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Webprefix AhnLab-V3 = Trojan/Win32.Diller Panda = Suspicious file K7AntiVirus = Riskware VirusBuster = Trojan.Ponmocup!4rOaWRNolj4 TrendMicro-HouseCall = TROJ_PONMOCUP.DCG Emsisoft = Trojan.Win32.Webprefix!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Vundo McAfee-GW-Edition = Artemis!12AF8FC71936 TrendMicro = TROJ_PONMOCUP.DCG Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!CB Fortinet = W32/Ponmocup.AZ!tr Jiangmin = Trojan/Generic.aepic McAfee = Artemis!12AF8FC71936 F-Secure = Gen:Variant.Barys.569 VIPRE = Virtumonde AVG = Agent3.BJXK Norman = W32/Troj_Generic.BXKYM Sophos = Troj/Virtum-Gen GData = Gen:Variant.Barys.569 Symantec = Trojan.Gen.2 BitDefender = Gen:Variant.Barys.569 NOD32 = a variant of Win32/Ponmocup.BF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2012:03:10 19:00:00-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 45056 Initialized Data Size : 49152 Uninitialized Data Size : 0 Entry Point : 0x25ad OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-05-29 07:19:28
VirusShare info last updated 2012-07-26 05:14:15

	MD5	2ba1baf7d56d2ec477501e91574aad07
	SHA1	3037b83d22e8712dd4431022ebf6826722c79b4e
	SHA256	fe5d1fb555ac90c7ca3c98667276d7f26eff3fa99e9f5a635fca951948f4b58c
SSDeep	3072:Nu3PaY0lb9wDUfoTnIQiJOLqlhiOqojW9akPpLiTUYj+AtEMYaTKp8BW:NS0lb9IUfwpelhgD/m+kYZp
Size	199680 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.ZPACK.Gen2 Avast = Win32:Diller-BW [Trj] Ikarus = Win32.Diller AhnLab-V3 = Trojan/Win32.Genome Panda = Suspicious file TrendMicro-HouseCall = TROJ_OBFUSCATOR_000013f.TOMA Emsisoft = Win32.Diller!IK McAfee-GW-Edition = Artemis!2BA1BAF7D56D TrendMicro = H2_AGENT_014566.TOMB Microsoft = VirTool:Win32/Obfuscator.WE Fortinet = W32/Ponmocup.AZ!tr McAfee = Artemis!2BA1BAF7D56D F-Secure = Gen:Variant.Graftor.16659 VIPRE = Trojan.Win32.Generic!BT AVG = Agent3.BIXY GData = Gen:Variant.Graftor.16659 BitDefender = Gen:Variant.Graftor.16659 NOD32 = Win32/Ponmocup.AU
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2012:02:18 19:00:00-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 151552 Initialized Data Size : 57344 Uninitialized Data Size : 0 Entry Point : 0x1508b OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-06-06 10:11:42
VirusShare info last updated 2012-07-26 05:15:59

	MD5	c2012710c7741ef1b642d34d9bf7169f
	SHA1	1ea6e0d6ac260db7f0b430eadf8bd0945cb70bee
	SHA256	d0a668114102491c30ede5e48b5b0ff952805aa7f93f9533c2f4dbfb5a5b008d
SSDeep	6144:lCZhSiRik+P7QPgonoTrNNk7BKJDNPDBEUJsMel7FT54Wdo/t04/3u:AZhS5P7QW3NqTSUld5Z2yL
Size	287274 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dldr.Renos.KC.43 Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay Panda = Generic Malware K7AntiVirus = Riskware VBA32 = Trojan.Pirminay.amy TrendMicro-HouseCall = TROJ_GEN.R2ECDF5 Emsisoft = Trojan.Win32.Pirminay!IK Comodo = TrojWare.Win32.Renos.~AM CAT-QuickHeal = TrojanDownloader.Renos SUPERAntiSpyware = Trojan.Agent/Gen-Renos McAfee-GW-Edition = Artemis!C2012710C774 DrWeb = Trojan.MulDrop1.54177 TrendMicro = TROJ_GEN.R2ECDF5 Microsoft = TrojanDownloader:Win32/Renos.KC Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.eo McAfee = Artemis!C2012710C774 ClamAV = Trojan.Pirminay-12 F-Secure = Gen:Variant.Zbot.34 VIPRE = Trojan.Win32.Generic!SB.0 F-Prot = W32/FakeAlert.LP.gen!Eldorado AVG = Downloader.Generic10.ALIJ Norman = W32/Troj_Generic.CBGBD Sophos = Mal/Ponmocup-A GData = Gen:Variant.Zbot.34 Symantec = Trojan.Gen Commtouch = W32/FakeAlert.LP.gen!Eldorado TheHacker = Trojan/Pirminay.aor BitDefender = Gen:Variant.Zbot.34 NOD32 = a variant of Win32/Kryptik.JHJ
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:06:21 07:07:45-04:00 PE Type : PE32 Linker Version : 5.12 Code Size : 280576 Initialized Data Size : 273408 Uninitialized Data Size : 0 Entry Point : 0x45512 OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.53.6200.0 Product Version Number : 2.53.6200.0 File Flags Mask : 0x0003 File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : Neutral Character Set : Unicode Company Name : Microsoft Corporation File Description : Microsoft Data Access - OLE DB Data Conversion Stub File Version : 2.53.6200.0 Internal Name : msdadc.dll Legal Copyright : Copyright (C) Microsoft Corp. 1994-1999 Original Filename : msdadc.dll Product Name : Microsoft Data Access Components Product Version : 2.53.6200.0 Ole Self Register :
VirusTotal Report submitted 2012-06-11 16:36:02
VirusShare info last updated 2012-07-26 05:25:35

	MD5	d622ae137e945414f7445f8347f05029
	SHA1	a4ba680024e78f2aa72d488d302b124fc5f4933a
	SHA256	e4b33e111976fcd028542761f87774600daf05d9a60c913a70ec6f87c5742c62
SSDeep	3072:HfHLmO0aChdcGdX9nMIi5LivDSpgtUd6zNVe+tb4C32lhS8Z:HTmO0LhPXi5LeSl4e0aS
Size	151552 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	Avast = Win32:Diller-AF [Trj] Ikarus = Trojan.Win32.Webprefix Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Webprefix!IK Fortinet = W32/Ponmocup.CI F-Secure = Gen:Variant.Barys.2376 VIPRE = Trojan.Win32.Generic!BT AVG = Agent3.BPNK GData = Gen:Variant.Barys.2376 TheHacker = Trojan/Ponmocup.ci BitDefender = Gen:Variant.Barys.2376 NOD32 = a variant of Win32/Ponmocup.CI
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2012:05:07 20:00:00-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 94208 Initialized Data Size : 57344 Uninitialized Data Size : 0 Entry Point : 0xdc8b OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-05-22 15:18:17
VirusShare info last updated 2012-07-26 05:26:56

	MD5	f23ba79e03df7e1e18a4bae4adba386d
	SHA1	7a0822dcb440ac11577b621603009955c4e68cc4
	SHA256	5d9cbc6afded50b11a84bf8f1bf308a7d05de0a250cb54cf98e4c4f62f159f0e
SSDeep	1536:9HYeW6oi4sy3s42B6p68LijJjTmS9DE+YzslJBFItpPHpUK3:9HFAzJLihTH9DEBY3fItpP
Size	147456 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Graftor.173521 Avast = Win32:Diller-DK [Trj] Ikarus = Trojan.Win32.Webprefix AhnLab-V3 = Trojan/Win32.Vundo Panda = Trj/Genetic.gen K7AntiVirus = Riskware eTrust-Vet = Win32/Vundo.HUP!genus Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Webprefix!IK McAfee-GW-Edition = Artemis!F23BA79E03DF Microsoft = Trojan:Win32/Vundo.gen!CA Fortinet = W32/Ponmocup.AZ!tr McAfee = Artemis!F23BA79E03DF F-Secure = Gen:Variant.Graftor.17350 VIPRE = Virtumonde F-Prot = W32/Agent.OG.gen!Eldorado AVG = Agent3.BJSG Norman = W32/Troj_Generic.BUBOQ Sophos = Troj/Virtum-Gen GData = Gen:Variant.Graftor.17350 Commtouch = W32/Agent.OG.gen!Eldorado TheHacker = Trojan/Ponmocup.bd BitDefender = Gen:Variant.Graftor.17350 NOD32 = a variant of Win32/Ponmocup.BD
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:03:27 18:28:44-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 69632 Initialized Data Size : 77824 Uninitialized Data Size : 0 Entry Point : 0x16ed OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Event Create File Version : 5.1.2600.0 (xpclient.010817-1148) Internal Name : EventCreate.exe Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : EvCreate.exe Product Name : Microsoft® Windows® Operating System Product Version : 5.1.2600.0
VirusTotal Report submitted 2012-05-16 12:21:37
VirusShare info last updated 2012-07-26 05:28:41

	MD5	0b16cf45d9853907ed67cd669f0eb79c
	SHA1	7033f8c64ec5d8ac5d2cf6a862e37d4c07af6b95
	SHA256	4fd3f2945a9b6b943bc48caa5374b5c9f3ef78f65491b9b307f8682f17e59832
SSDeep	1536:Y2ZiXCsIUc3ULwr4gG2BcM48LiyyjAm0n7tc15PZKzyH9XTAXoz:txk0LihATn7tIPZCQXkXo
Size	134144 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.ZPACK.Gen2 Avast = Win32:Diller-H [Trj] Antiy-AVL = Trojan/Win32.Genome Ikarus = Win32.Diller AhnLab-V3 = Trojan/Win32.Genome Panda = Suspicious file Emsisoft = Win32.Diller!IK Comodo = UnclassifiedMalware DrWeb = Trojan.Click2.22788 Fortinet = W32/Ponmocup.AI F-Secure = Gen:Variant.Barys.506 VIPRE = Trojan.Win32.Generic!BT AVG = Generic26.CKQN Norman = W32/Troj_Generic.BWBSW GData = Gen:Variant.Barys.506 BitDefender = Gen:Variant.Barys.506 NOD32 = a variant of Win32/Ponmocup.AI
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 8.0 Code Size : 90112 Initialized Data Size : 53248 Uninitialized Data Size : 0 Entry Point : 0x5d33 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-05-22 14:29:59
VirusShare info last updated 2012-07-26 05:33:38

	MD5	167c7bfc9dcdc7dbe841ed86c7e0f0d6
	SHA1	39db07d4715ff2e375c17feebd365a094789d22d
	SHA256	755381fc1682de819f525da7dcfb548f432f6429ea59cd5929789e06cb6f85d3
SSDeep	1536:L29egB2sMkwL5z9CDr8zZe3AngS8s8WuD1IGq:nswPCDr8FesgS8sGy1
Size	61952 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.XPACK.Gen Avast = Win32:Suprchu [Adw] Antiy-AVL = Trojan/Win32.Genome Ikarus = Win32.SuspectCrc AhnLab-V3 = Trojan/Win32.HDC Rising = Trojan.Win32.Ponmocup.a K7AntiVirus = Riskware VirusBuster = Trojan.Ponmocup!+hP1qC9Ny+k eTrust-Vet = Win32/Vundo.K!generic TrendMicro-HouseCall = TROJ_GEN.R11C9LV Comodo = TrojWare.Win32.Ponmocup.aa Emsisoft = Win32.SuspectCrc!IK McAfee-GW-Edition = Generic Malware.ms TrendMicro = TROJ_GEN.R11C9LV Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.TMS!tr PCTools = Trojan.Gen Jiangmin = DangerousObject.Multi.cmj McAfee = Generic Malware.ms F-Secure = Gen:Variant.Graftor.1470 VIPRE = Trojan.Win32.Encpk.acf (v) F-Prot = W32/GenTroj.A.gen!Eldorado AVG = Generic25.AJVW Norman = W32/Suspicious_Gen2.UOCMI Sophos = Troj/Virtum-Gen GData = Gen:Variant.Graftor.1470 Symantec = Trojan.Gen.2 Commtouch = W32/GenTroj.A.gen!Eldorado BitDefender = Gen:Variant.Graftor.1470 NOD32 = Win32/Ponmocup.AA
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 20480 Initialized Data Size : 45056 Uninitialized Data Size : 0 Entry Point : 0x13ea OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7000.0 Product Version Number : 6.1.7000.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Njrqorctr Corporation File Description : Shell Folder Service File Version : 6.1.7000.0 (winmain_win7beta.081212-1400) Internal Name : shfolder Legal Copyright : © Jhtydirgn Rmwzsrcjvgd. All rights reserved. Original Filename : shfolder.dll Product Name : Qgzbjzxtx® Vwjsrhx® Wudbgvspg Dvnajd Product Version : 6.1.7000.0 Ole Self Register :
VirusTotal Report submitted 2012-05-16 18:26:58
VirusShare info last updated 2012-07-26 05:35:03

	MD5	27a862587c07af3f3f95406311f2cfab
	SHA1	bdbaddbdc2c5f4968d341ac10fdb315b0df4da6d
	SHA256	16638bfa7bd671c1ad360be93e369f1c5e03ec607ad22150eafc9ce121c74786
SSDeep	3072:i8ImUZg+m5Jf7ahP9zRgmicPrudlJ4ZH:ihmUZg+m517IVdim
Size	135168 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Barys.569.24 Avast = Win32:Diller-AF [Trj] Ikarus = Trojan.Win32.Webprefix Panda = Suspicious file K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_GEN.R47H1F4 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Webprefix!IK McAfee-GW-Edition = Artemis!27A862587C07 Fortinet = W32/Ponmocup.AZ!tr McAfee = Artemis!27A862587C07 F-Secure = Gen:Variant.Barys.2376 VIPRE = Trojan.Win32.Generic!BT eSafe = Win32.TRBarys AVG = Agent3.BPUG Norman = W32/Troj_Generic.CAORG GData = Gen:Variant.Barys.2376 BitDefender = Gen:Variant.Barys.2376 NOD32 = a variant of Win32/Ponmocup.CM
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2012:05:14 20:00:00-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 77824 Initialized Data Size : 57344 Uninitialized Data Size : 0 Entry Point : 0x9c8f OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-06-07 00:19:43
VirusShare info last updated 2012-07-26 05:36:54

	MD5	65888e07d7b0f113c13c036d383f1e14
	SHA1	9b073492b7db9680eee9af43310471081e33c85c
	SHA256	88732e734e9e683a68e93c6fc7ad302daf309b032eaf3be29058dd5726717547
SSDeep	1536:VRyeW6oi4sy3s42B6p68LijJjTmg9DE+Yz+lOBFIt1PHpUK3:VRjAzJLihTl9DEBysfIt1P
Size	147456 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Graftor.173521 Avast = Win32:Diller-DK [Trj] Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Webprefix AhnLab-V3 = Trojan/Win32.Vundo Panda = Trj/Genetic.gen K7AntiVirus = Riskware Emsisoft = Trojan.Win32.Webprefix!IK CAT-QuickHeal = Trojan.Vundo DrWeb = Trojan.Click2.25549 Microsoft = Trojan:Win32/Vundo.gen!CA Fortinet = W32/Ponmocup.AZ!tr TotalDefense = Win32/Vundo.HUP!genus Jiangmin = Trojan/Genome.bneb ClamAV = PUA.Win32.Packer.Msvcpp-1 F-Secure = Gen:Variant.Graftor.17350 VIPRE = Virtumonde F-Prot = W32/Agent.OG.gen!Eldorado AVG = Agent3.BJSG Sophos = Troj/Virtum-Gen GData = Gen:Variant.Graftor.17350 Commtouch = W32/Agent.OG.gen!Eldorado TheHacker = Trojan/Ponmocup.bd BitDefender = Gen:Variant.Graftor.17350 NOD32 = a variant of Win32/Ponmocup.BD
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:03:27 18:28:44-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 69632 Initialized Data Size : 77824 Uninitialized Data Size : 0 Entry Point : 0x16ed OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Event Create File Version : 5.1.2600.0 (xpclient.010817-1148) Internal Name : EventCreate.exe Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : EvCreate.exe Product Name : Microsoft® Windows® Operating System Product Version : 5.1.2600.0
VirusTotal Report submitted 2012-06-07 05:05:41
VirusShare info last updated 2012-07-26 05:42:31

	MD5	777bcf1c8f22e0307f4b129ceb77b525
	SHA1	faa9de1fe9baeaf8604ccdfb442d92f89ca06ca5
	SHA256	0366d2ff0ebeffab2e79093fb304498a9495123e6bfcccd9505ca01646e166ce
SSDeep	1536:q+s7R3sAZYDZrvtqvZFOibHrWgsOPMbSFRIZQ:ORZY9rvtqRvVMbSHIZQ
Size	69120 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.avgma Avast = Win32:Adware-gen [Adw] Antiy-AVL = AdWare/Win32.SuperJuan.gen Ikarus = not-a-virus:AdWare.Win32.SuperJuan AhnLab-V3 = Adware/Win32.SuperJuan Panda = Suspicious file nProtect = Trojan-Clicker/W32.SuperJuan.69120 VBA32 = AdWare.SuperJuan.afzl Emsisoft = Riskware.AdWare.Win32.SuperJuan!IK SUPERAntiSpyware = Trojan.Agent/Gen-Vundo DrWeb = Trojan.Juan.700 Kaspersky = not-a-virus:AdWare.Win32.SuperJuan.afzs Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.UER!tr TotalDefense = Win32/Adware.OS!genus Jiangmin = Adware/SuperJuan.aox F-Secure = Gen:Variant.Graftor.4111 VIPRE = Trojan.Win32.Encpk.acf (v) AVG = Generic4.CHLH Sophos = Mal/EncPk-ACF GData = Gen:Variant.Graftor.4111 TheHacker = Trojan/Ponmocup.aa BitDefender = Gen:Variant.Graftor.4111 NOD32 = Win32/Ponmocup.AA
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:22 19:53:04-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 28672 Initialized Data Size : 49152 Uninitialized Data Size : 0 Entry Point : 0x15d5 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : Neutral Character Set : Unicode Company Name : Microsoft Corporation File Description : JP Japanese Keyboard Layout Stub driver File Version : 6.0.6000.16386 (vista_rtm.061101-2205) Internal Name : kbdjpn Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : kbdjpn.dll Product Name : Microsoft® Windows® Operating System Product Version : 6.0.6000.16386
VirusTotal Report submitted 2012-05-27 20:47:12
VirusShare info last updated 2012-07-26 05:44:16

	MD5	7added279124dc8c196f37de50a2ebe4
	SHA1	9e4f4bb1b617fa2f074a0734b616dac4c5afd2df
	SHA256	78308033fc9dee393aae27d74e19de989802c8fabe86cb219ad0159bf2fae816
SSDeep	3072:JbjiCS2z8C6poG3RQgqwt2N4EDFSfsj0GamC:HS2ffGB0efnGa5
Size	104960 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.ZPACK.Gen2 Avast = Win32:Diller-DK [Trj] Ikarus = Trojan.Win32.Webprefix K7AntiVirus = Riskware Emsisoft = Trojan.Win32.Webprefix!IK McAfee-GW-Edition = Artemis!7ADDED279124 Fortinet = W32/Ponmocup.AZ!tr PCTools = Trojan.Gen McAfee = Artemis!7ADDED279124 F-Secure = Gen:Variant.Barys.2838 VIPRE = Trojan.Win32.Generic!BT AVG = Agent3.BLBE Sophos = Troj/Virtum-Gen Symantec = Trojan.Gen.2 GData = Gen:Variant.Barys.2838 BitDefender = Gen:Variant.Barys.2838 NOD32 = a variant of Win32/Ponmocup.BO
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 8.0 Code Size : 61440 Initialized Data Size : 45056 Uninitialized Data Size : 0 Entry Point : 0x640f OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-05-30 03:06:26
VirusShare info last updated 2012-07-26 05:44:36

	MD5	83c828d4532e5655035d1929e2881e74
	SHA1	1100e0656d13de98ac6dbc9c30663ce2738ae543
	SHA256	82d01341906e9515132773386be12ad915db43a4b6cb3f120bca9a4e138047ad
SSDeep	3072:0S2Zn1pMBkwm6gX0lqpFyndM7pzS8dL0sSlEGedPE:YeBkwm6E0k4wztlLGehE
Size	133632 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.ZPACK.Gen2 Avast = Win32:Diller-DK [Trj] Ikarus = Trojan.Win32.Webprefix Panda = Suspicious file Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Webprefix!IK McAfee-GW-Edition = Artemis!83C828D4532E Microsoft = Trojan:Win32/Vundo.gen!CB Fortinet = W32/Ponmocup.AZ!tr McAfee = Artemis!83C828D4532E F-Secure = Gen:Variant.Barys.738 VIPRE = Virtumonde AVG = Agent3.BKVM Sophos = Troj/Virtum-Gen GData = Gen:Variant.Barys.2946 BitDefender = Gen:Variant.Barys.2946 NOD32 = a variant of Win32/Ponmocup.BM
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:29 10:45:17-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 86016 Initialized Data Size : 57344 Uninitialized Data Size : 0 Entry Point : 0xc4c5 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-05-19 06:33:19
VirusShare info last updated 2012-07-26 05:45:36

	MD5	af1c0959b6c69e34752868645f0d58e5
	SHA1	8144b5c450a02ef532c8704b8859c31500480fde
	SHA256	58897837996d7cbcf57e561140655a51f58a87407e42a937e66adc4fd401dc84
SSDeep	3072:rVcxlLhs1Bx+HJN7SzxGWlVre3Ng0dM3dfIX:rV+8B8HjpUr+N7u
Size	139264 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Barys.1667.16 Avast = Win32:Diller-DK [Trj] Ikarus = Trojan.Win32.Webprefix Panda = Suspicious file Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Webprefix!IK McAfee-GW-Edition = Artemis!AF1C0959B6C6 Fortinet = W32/Ponmocup.AZ!tr PCTools = Trojan.Gen McAfee = Artemis!AF1C0959B6C6 F-Secure = Gen:Variant.Barys.1667 VIPRE = Trojan.Win32.Generic!BT AVG = Agent3.BNSE GData = Gen:Variant.Barys.1667 Symantec = Trojan.Gen.2 BitDefender = Gen:Variant.Barys.1667 NOD32 = a variant of Win32/Ponmocup.CB
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:01:21 01:37:25-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 77824 Initialized Data Size : 61440 Uninitialized Data Size : 0 Entry Point : 0xa25f OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 3.0.0.0 Product Version Number : 3.0.0.0 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Yeoelupsd File Description : RegWizExe File Version : 3, 0, 0, 1 Internal Name : RegWizExe Legal Copyright : Copyright © 1998 Original Filename : RegWiz.exe Product Name : RegWizExe Product Version : 3, 0, 0, 1
VirusTotal Report submitted 2012-05-15 08:55:39
VirusShare info last updated 2012-07-26 05:50:03

	MD5	2096d59b29f0fcb75d93e6af58537192
	SHA1	89746cb060cfed25560f7094eda703aa3054a9a2
	SHA256	5e929e748ee223d1a9d5134381b01fb5254068f6c5cdbc6b6e21c70efc6a84a5
SSDeep	6144:cDfzfUbyeW4gGFMcXdK3LCofz3BnAm4Mtg:cDfzf8yeW/GF1Xd8OozBnv4Mt
Size	214016 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dldr.Ponmocup.A.394 Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Jorik Ikarus = Trojan-Downloader.Win32.Ponmocup AhnLab-V3 = Trojan/Win32.Pirminay Panda = Suspicious file nProtect = Trojan.Generic.7281853 K7AntiVirus = Trojan VBA32 = Trojan.Jorik.Pirminay.arx Comodo = UnclassifiedMalware Emsisoft = Trojan-Downloader.Win32.Ponmocup!IK McAfee-GW-Edition = Artemis!2096D59B29F0 DrWeb = Trojan.DownLoader5.7171 Kaspersky = Trojan.Win32.Jorik.Pirminay.arx Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Jorik_Pirminay.ARX!tr Jiangmin = Trojan/Generic.kfzm McAfee = Artemis!2096D59B29F0 F-Secure = Trojan.Generic.7281853 VIPRE = Trojan.Win32.Generic!BT AVG = Generic25.ALUT Norman = W32/Suspicious_Gen2.RMQOE Sophos = Troj/Ponmocup-E GData = Trojan.Generic.7281853 TheHacker = Trojan/Kryptik.ufa BitDefender = Trojan.Generic.7281853 NOD32 = a variant of Win32/Kryptik.UFA
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 16384 Initialized Data Size : 204800 Uninitialized Data Size : 0 Entry Point : 0x12b6 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.0.50727.1434 Product Version Number : 2.0.50727.1434 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Rtcpnmjjz Ldlubmabonm File Description : Isdimsoer .NET Services Native Thunks File Version : 2.0.50727.1434 (REDBITS.050727-1400) Internal Name : Hexjpn.EnterpriseServices.Thunk.dll Legal Copyright : © Microsoft Osguqlrtxcj. All rights reserved. Original Filename : Wfntzx.EnterpriseServices.Thunk.dll Product Name : Mffzrwnbb® .NET Framework Product Version : 2.0.50727.1434 Comments : Flavor=Retail
VirusTotal Report submitted 2012-05-19 03:30:58
VirusShare info last updated 2012-07-26 06:02:47

	MD5	38896434586faf9c1acad7ab1d9f82d0
	SHA1	ebe32eebbbd937e2bac2075d7bf6049e3ce7e8d9
	SHA256	b2e20e2be9f0ab15f1197d58b7e0742c8e6d318955af3a0da091f8adde73f9a7
SSDeep	96:cCbzAOvBbP1p6+1qcSSA+pAwscq+phX41VAppU/jMT:6OvBj1qcSSjw/1VbMT
Size	6144 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Graftor.1013.58 Avast = Sf:Renos-D [Trj] Antiy-AVL = Trojan/win32.agent Ikarus = not-a-virus:AdWare.Win32.SuperJuan AhnLab-V3 = Trojan/Win32.Pirminay Panda = Suspicious file K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_GEN.R01H1F1 Comodo = UnclassifiedMalware Emsisoft = Riskware.AdWare.Win32.SuperJuan!IK McAfee-GW-Edition = Artemis!38896434586F DrWeb = Trojan.WinSpy.1014 Kaspersky = HEUR:Trojan.Win32.Generic Fortinet = W32/Ponmocup.AA Jiangmin = TrojanDownloader.Agent.ctuc McAfee = Artemis!38896434586F F-Secure = Gen:Variant.Graftor.1013 VIPRE = Trojan-Downloader.Win32.Agent.ecjo (v) eSafe = Win32.GenVariant.Gra AVG = Downloader.Small.62.D GData = Gen:Variant.Graftor.1013 BitDefender = Gen:Variant.Graftor.1013 NOD32 = a variant of Win32/Ponmocup.AA
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 3072 Initialized Data Size : 2048 Uninitialized Data Size : 0 Entry Point : 0x19af OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-06-05 14:08:56
VirusShare info last updated 2012-07-26 06:05:38

	MD5	5f5991558abb6e0cd1c88777aade9b38
	SHA1	000053827c4c2cdb3e2dbcd17181017bc33fa91d
	SHA256	a610ae2f3e87c7fa98237902b4c055fda552c66984745fcf2ee76dfdf93df04a
SSDeep	3072:rVcxE3LMs1Bx+HJN7GzxGWlkre3Ng0dM6dfIX:rVhw8B8HjlFr+N7u
Size	139264 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Graftor.24270.32 Avast = Win32:Diller-DK [Trj] Ikarus = Trojan.Win32.Webprefix Panda = Trj/CI.A K7AntiVirus = Riskware Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Webprefix!IK McAfee-GW-Edition = Artemis!5F5991558ABB Fortinet = W32/Ponmocup.AZ!tr McAfee = Artemis!5F5991558ABB F-Secure = Gen:Variant.Graftor.24270 VIPRE = Trojan.Win32.Generic!BT eSafe = Win32.GenVariant.Gra AVG = Agent3.BNSE Norman = W32/Troj_Generic.BWCEN GData = Gen:Variant.Graftor.24270 Symantec = WS.Reputation.1 BitDefender = Gen:Variant.Graftor.24270 NOD32 = a variant of Win32/Ponmocup.CB
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:01:21 01:37:25-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 77824 Initialized Data Size : 61440 Uninitialized Data Size : 0 Entry Point : 0xa25f OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 3.0.0.0 Product Version Number : 3.0.0.0 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Yeoelupsd File Description : RegWizExe File Version : 3, 0, 0, 1 Internal Name : RegWizExe Legal Copyright : Copyright © 1998 Original Filename : RegWiz.exe Product Name : RegWizExe Product Version : 3, 0, 0, 1
VirusTotal Report submitted 2012-05-25 11:12:23
VirusShare info last updated 2012-07-26 06:10:01

	MD5	80f657cf492f875b284d2238027a3263
	SHA1	aa59e2ac0db860dff12452190320390e00f6a74d
	SHA256	dd63124bc078bac236b10d65e28dce4f36d4a9787bb884f5f4504c7976275e10
SSDeep	1536:uDcl9Ha+y58M+JbhDQDwbYlwO1aWFRYh3uKovla1GW29jsHakzdlc:usaT8M+JkyYzFRYh+KoNnxjs6ulc
Size	89088 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.ZPACK.Gen2 Avast = Win32:Diller-DK [Trj] Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Webprefix AhnLab-V3 = Trojan/Win32.Diller Panda = Suspicious file Emsisoft = Trojan.Win32.Webprefix!IK Comodo = UnclassifiedMalware Microsoft = Trojan:Win32/Vundo.gen!CB Fortinet = W32/Ponmocup.AZ!tr F-Secure = Gen:Variant.Barys.2146 VIPRE = Virtumonde AVG = Agent3.BJXK Norman = W32/Troj_Generic.BVWYH Sophos = Troj/Virtum-Gen GData = Gen:Variant.Barys.2146 TheHacker = Trojan/Ponmocup.bf BitDefender = Gen:Variant.Barys.2146 NOD32 = a variant of Win32/Ponmocup.BF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2012:03:08 19:00:00-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 45056 Initialized Data Size : 49152 Uninitialized Data Size : 0 Entry Point : 0x25ad OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-05-22 15:01:38
VirusShare info last updated 2012-07-26 06:13:59

	MD5	8163ae759470cee51b869ff0732d4daf
	SHA1	cf963664590f1efabdf1b7f74773bb543bcd9724
	SHA256	b1cafd03fe41f59c02e09263c109863ee3fe3c3211989684aaf7ba93e06e3595
SSDeep	3072:yS2Zn1pMBOwm6gX0lqpFyndM7pzi8di0sSlkGedPE:OeBOwm6E0k4wz9YXGehE
Size	133632 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	Avast = Win32:Diller-DK [Trj] Ikarus = Trojan.Win32.Webprefix Panda = Suspicious file TrendMicro-HouseCall = TROJ_GEN.R30CDEL Emsisoft = Trojan.Win32.Webprefix!IK CAT-QuickHeal = Trojan.Vundo McAfee-GW-Edition = Artemis!8163AE759470 TrendMicro = TROJ_GEN.R30CDEL Microsoft = Trojan:Win32/Vundo.gen!CB Fortinet = W32/Ponmocup.AZ!tr McAfee = Artemis!8163AE759470 F-Secure = Gen:Variant.Barys.2146 VIPRE = Trojan.Win32.Generic!BT AVG = Agent3.BKVM Norman = W32/Troj_Generic.BWIPK Sophos = Troj/Virtum-Gen GData = Gen:Variant.Barys.2146 Symantec = Trojan.Gen.2 BitDefender = Gen:Variant.Barys.2146 NOD32 = a variant of Win32/Ponmocup.BM
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:29 10:45:17-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 86016 Initialized Data Size : 57344 Uninitialized Data Size : 0 Entry Point : 0xc4c5 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-05-23 13:50:47
VirusShare info last updated 2012-07-26 06:14:04

	MD5	9314abacd524569d817380980059a59c
	SHA1	0ddfc2f3df76c304af1921090ee2f7761652b203
	SHA256	7c5830ef9e3cc08972092d90ea49e24e8a77c7d0a0d2949c0e048032946dc373
SSDeep	1536:MECHuLqFisy3Co2B6jU8LijT1vmC7hD1KJTMvffM3PFStIt7tHpUKT:MdozLLiNvf7io8/otIt7t
Size	147456 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Graftor.173521 Avast = Win32:Diller-DK [Trj] Ikarus = Trojan.Win32.Webprefix AhnLab-V3 = Trojan/Win32.Vundo Panda = Trj/Genetic.gen K7AntiVirus = Riskware eTrust-Vet = Win32/Vundo.HUP!genus Emsisoft = Trojan.Win32.Webprefix!IK McAfee-GW-Edition = Artemis!9314ABACD524 Microsoft = Trojan:Win32/Vundo.gen!CA Fortinet = W32/Ponmocup.AZ!tr PCTools = Trojan.Gen McAfee = Artemis!9314ABACD524 F-Secure = Gen:Variant.Graftor.17350 VIPRE = Virtumonde F-Prot = W32/Agent.OG.gen!Eldorado AVG = Agent3.BJWN Sophos = Troj/Virtum-Gen GData = Gen:Variant.Graftor.17350 Symantec = Trojan.Gen.2 Commtouch = W32/Agent.OG.gen!Eldorado TheHacker = Trojan/Ponmocup.bd BitDefender = Gen:Variant.Graftor.17350 NOD32 = a variant of Win32/Ponmocup.BD
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:03:27 18:28:44-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 69632 Initialized Data Size : 77824 Uninitialized Data Size : 0 Entry Point : 0x16ed OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Event Create File Version : 5.1.2600.0 (xpclient.010817-1148) Internal Name : EventCreate.exe Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : EvCreate.exe Product Name : Microsoft® Windows® Operating System Product Version : 5.1.2600.0
VirusTotal Report submitted 2012-05-15 00:53:49
VirusShare info last updated 2012-07-26 06:15:56

	MD5	a10e0e3c9f342c0ac5928e2246598beb
	SHA1	e8bc859f3569045a11b235f7e9b059630734c5f4
	SHA256	ab86b965cbd015e040e7316e6f6e1e85cbb17f2198e52008d250d6c7e76c734e
SSDeep	1536:32ygjoZRmVFybK42B/Qw8Lis2+j+mPy+804TAqur3Ela91C4Vtk36WI:hGglLiGiuy+2sqc0o+4Vtq7I
Size	126976 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.ZPACK.Gen2 Avast = Win32:Diller-DH [Trj] Ikarus = Trojan.Win32.Webprefix Emsisoft = Trojan.Win32.Webprefix!IK Fortinet = W32/Ponmocup.AZ!tr VIPRE = Trojan.Win32.Generic!BT AVG = Agent3.BLBS Sophos = Troj/Virtum-Gen GData = Win32:Diller-DH Symantec = Trojan.Gen.2 NOD32 = Win32/Ponmocup.BV
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2012:03:18 20:00:00-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 73728 Initialized Data Size : 53248 Uninitialized Data Size : 0 Entry Point : 0x2131 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-05-27 21:18:25
VirusShare info last updated 2012-07-26 06:17:17

	MD5	ae1efec1851726ffdc283f09c42af1e6
	SHA1	019d87f57ae223f0e0647542ff880c65fe747875
	SHA256	e36ddbcf4a77961dda4dccfc45895b64e24d6f66795216562f7fd4d15216f1a2
SSDeep	1536:Bi/sumeNAfF903FybMg2B/yO8LisAUJImBrQjolGvibhFYB12QqQAtaU76W/:BiVGqg7LiqWZj7vD12nQAtJ7/
Size	126976 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.ZPACK.Gen2 Avast = Win32:Diller-DH [Trj] Ikarus = Trojan.Win32.Webprefix K7AntiVirus = Riskware Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Webprefix!IK McAfee-GW-Edition = Artemis!AE1EFEC18517 Fortinet = W32/Ponmocup.AZ!tr McAfee = Artemis!AE1EFEC18517 F-Secure = Gen:Variant.Graftor.25731 VIPRE = Trojan.Win32.Generic!BT AVG = Agent3.BLIT Norman = W32/Troj_Generic.BWSNT Sophos = Troj/Virtum-Gen GData = Gen:Variant.Graftor.25731 TheHacker = Trojan/Ponmocup.bv BitDefender = Gen:Variant.Graftor.25731 NOD32 = Win32/Ponmocup.BV
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2012:03:13 20:00:00-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 73728 Initialized Data Size : 53248 Uninitialized Data Size : 0 Entry Point : 0x2131 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-05-26 18:06:41
VirusShare info last updated 2012-07-26 06:18:28

	MD5	d33a06bf73bb331e2f75589d84b3b35c
	SHA1	bbc3e590a722624a4df7151790e64cc231b133b1
	SHA256	a8b2a5b51ffc796089b5cddf920ae1b03c156ee3dcb0dfb05e0323be48993852
SSDeep	1536:kVdyovAtwgagyoh+2B8ir8LiD6K/aMUmqBCyrtseU3//VbT+kMZcPm:kT4tRaQELip/ilnrtseEBTvcc+
Size	126976 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.ZPACK.Gen2 Avast = Win32:Diller-E [Trj] Ikarus = Win32.Diller Panda = Suspicious file K7AntiVirus = Riskware Emsisoft = Win32.Diller!IK Fortinet = W32/Ponmocup.AZ!tr F-Secure = Gen:Variant.Barys.407 AVG = Downloader.Agent2.AZHX Sophos = Troj/Virtum-Gen GData = Gen:Variant.Barys.407 BitDefender = Gen:Variant.Barys.407 NOD32 = Win32/Ponmocup.AL
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 8.0 Code Size : 73728 Initialized Data Size : 53248 Uninitialized Data Size : 0 Entry Point : 0x23df OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-05-24 19:12:22
VirusShare info last updated 2012-07-26 06:21:58

	MD5	03803881beecfe8a9959c0176a2a6289
	SHA1	f01f468a7d0e7e065f4050ad18ef0134b2966bc9
	SHA256	ea01369d0b3095b24ea11d0212a4286e4338557e63c6e2ca3ff4641bb58158b1
SSDeep	6144:jPhiVceLgNtXJJXdV54p8ijpJ3X+B/lcHRRYN3Ei5SqAv/ywlQHkJRD4ra64J102:1Wc9JKbX+fcxRMUR3n84J4rasnZy
Size	437248 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.XPACK.Gen Avast = Win32:Kryptik-CQY [Trj] Ikarus = Gen.Variant.Zbot AhnLab-V3 = Win-Trojan/Pirminay.437248.L Panda = Trj/CI.A nProtect = Trojan.Generic.KDV.232585 VirusBuster = Trojan.Pirminay!MbAMjBmtsC0 TrendMicro-HouseCall = TROJ_GEN.RFFCDE1 Emsisoft = Gen.Variant.Zbot!IK SUPERAntiSpyware = Trojan.Agent/Gen-Kryptik DrWeb = Trojan.DownLoader3.1927 TrendMicro = TROJ_GEN.RFFCDE1 Kaspersky = Trojan.Win32.Pirminay.hpc Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.zg McAfee = Artemis!03803881BEEC F-Secure = Trojan.Generic.KDV.232585 VIPRE = Trojan.Win32.Generic!BT AVG = SHeur3.CAUF Norman = W32/Obfuscated.L GData = Trojan.Generic.KDV.232585 Symantec = Trojan.Gen TheHacker = Trojan/Pirminay.hpc BitDefender = Trojan.Generic.KDV.232585 NOD32 = a variant of Win32/Kryptik.LVH
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:03 16:46:48-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 73728 Initialized Data Size : 716800 Uninitialized Data Size : 0 Entry Point : 0xefae OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.10.2600.822 Product Version Number : 5.10.2600.822 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Unicode Company Name : NVIDIA Corporation File Description : NVIDIA® nForce(TM) Sata Performance Driver File Version : 5.10.2600.0822 (NT.060926-1359) Internal Name : NVIDIA nForce(TM) SATA Driver Legal Copyright : Copyright(C) 2001-2006 NVIDIA Lhhgsvflctp Original Filename : nvstor.sys Product Name : NVIDIA nForce(TM) SATA Driver Product Version : 5.10.2600.0822
VirusTotal Report submitted 2012-05-27 12:35:44
VirusShare info last updated 2012-07-26 06:28:26

	MD5	2d82c67655b1aa75039a0f2250454839
	SHA1	423af9de91f9f7a3bccaff5da8ad71effa09396d
	SHA256	e60f6ea9f7d5e044abcdf8c77cd74634acebd3de02e6a5d02c525058c84ec240
SSDeep	1536:WVhGGI/901dNVftL9yzltPh3RfacmZtE:QGGwqNhtLi/LacMt
Size	68608 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.ZPACK.Gen2 Avast = Win32:MalOb-HV [Cryp] Antiy-AVL = Trojan/Win32.Genome Ikarus = Trojan.SuspectCRC AhnLab-V3 = Adware/Win32.SuperJuan Panda = Trj/Genetic.gen K7AntiVirus = Riskware VBA32 = Trojan.Genome.aagto Emsisoft = Trojan.SuspectCRC!IK Comodo = TrojWare.Win32.Kryptik.UER CAT-QuickHeal = Trojan.Vundo.Gen McAfee-GW-Edition = Generic Malware.ms Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.UER!tr TotalDefense = Win32/Vundo.K!generic Jiangmin = Trojan/Generic.reyi McAfee = Generic Malware.ms F-Secure = Gen:Variant.Graftor.2702 VIPRE = Trojan.Win32.Encpk.acf (v) F-Prot = W32/TDSS.S.gen!Eldorado AVG = Generic25.AHWM Sophos = Mal/EncPk-ACF GData = Gen:Variant.Graftor.2702 Symantec = Trojan.Gen.2 Commtouch = W32/TDSS.S.gen!Eldorado BitDefender = Gen:Variant.Graftor.2702 NOD32 = Win32/Ponmocup.AA
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 28672 Initialized Data Size : 49152 Uninitialized Data Size : 0 Entry Point : 0x15c5 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 2 Language Code : Neutral Character Set : Unicode Company Name : Nxxzgrvnt Crinsnvzlji File Description : Vietnamese Keyboard Layout File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : kbdvntc (3.13) Legal Copyright : © Zjjkdxbgr Nemhjlzeygs. All rights reserved. Original Filename : kbdvntc.dll Product Name : Rblztrfwc® Tytanop® Yaduivwjl Olhjha Product Version : 6.1.7600.16385
VirusTotal Report submitted 2012-05-27 20:28:57
VirusShare info last updated 2012-07-26 06:32:28

	MD5	37f0603462dc8597b322874b00516c97
	SHA1	b8b983d45870d9ca01852a18e55a5bcfc1043f00
	SHA256	ad1eda487921d1889790e45515467d2f788fc9a3c63ea0aad52de819853aa182
SSDeep	3072:rVcxLLGs1Bx+HJN71zxGWlEPre3Ng0dMXdfIX:rVv8B8Hjexr+N7u
Size	139264 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	Avast = Win32:Diller-DK [Trj] Ikarus = Trojan.Win32.Webprefix Panda = Trj/CI.A K7AntiVirus = Riskware Emsisoft = Trojan.Win32.Webprefix!IK McAfee-GW-Edition = Generic.dx!b2k4 Fortinet = W32/Ponmocup.AZ!tr McAfee = Generic.dx!b2k4 F-Secure = Gen:Variant.Graftor.24270 VIPRE = Trojan.Win32.Generic!BT AVG = Agent3.BNSE Norman = W32/Suspicious_Gen4.AEYJQ GData = Gen:Variant.Graftor.24270 Symantec = WS.Reputation.1 BitDefender = Gen:Variant.Graftor.24270 NOD32 = a variant of Win32/Ponmocup.CB
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:01:21 01:37:25-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 77824 Initialized Data Size : 61440 Uninitialized Data Size : 0 Entry Point : 0xa25f OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 3.0.0.0 Product Version Number : 3.0.0.0 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Yeoelupsd File Description : RegWizExe File Version : 3, 0, 0, 1 Internal Name : RegWizExe Legal Copyright : Copyright © 1998 Original Filename : RegWiz.exe Product Name : RegWizExe Product Version : 3, 0, 0, 1
VirusTotal Report submitted 2012-05-24 19:24:35
VirusShare info last updated 2012-07-26 06:33:13

	MD5	6042f754f406e57ccdd7ae189312ecd6
	SHA1	7f9187ed8d45403c582a3d7fa7be9df53231fe15
	SHA256	bd74548390c6fc3067e3193b35ce2ba29170136c2b4f459ae98d44fd090c5e02
SSDeep	1536:OEthksHH7BO9v2BrDQ8Li4NO23mbMPYteLYVi230+L1v/2m:OEtGe7YYLin23EMwteLYVig0+L1f
Size	122880 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Ponmocup.A Avast = Win32:Diller-AF [Trj] Ikarus = Trojan.Win32.Webprefix K7AntiVirus = Riskware Emsisoft = Trojan.Win32.Webprefix!IK Comodo = UnclassifiedMalware PCTools = Trojan.Gen F-Secure = Gen:Variant.Barys.972 VIPRE = Trojan.Win32.Generic!BT AVG = Agent3.BNDM Norman = W32/Troj_Generic.BUWHH GData = Gen:Variant.Barys.972 Symantec = Trojan.Gen.2 BitDefender = Gen:Variant.Barys.972 NOD32 = a variant of Win32/Ponmocup.BZ
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2012:04:15 20:00:00-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 73728 Initialized Data Size : 49152 Uninitialized Data Size : 0 Entry Point : 0x1be5 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-05-22 06:01:08
VirusShare info last updated 2012-07-26 06:36:19

	MD5	9b8993f57939bd493b8b3adca3341c20
	SHA1	67eab7009959e233c558f2c4c1f84f081e09dbb5
	SHA256	99fd9d36d3fbdbc6f8dae867a3344b612e75a7707baed726a3bf79e35911e848
SSDeep	3072:Mc092A7BB9g6CtUzZExQ0H/f4FO8hutkwD2v+nLjttaT7HFbJsRDyzlQGdltxEDh:lq17b9a+ZEK0HAhu++2+Ljt89biECP
Size	249275 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Ikarus = Trojan.Win32.Jorik AhnLab-V3 = Trojan/Win32.Jorik Panda = Trj/Hosts.BY nProtect = Trojan.Generic.6403102 K7AntiVirus = Riskware VirusBuster = Trojan.Injector!PVx1VVD6T6E VBA32 = TrojanDownloader.Qhost.jw Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Jorik!IK McAfee-GW-Edition = Generic Malware.ap!pec DrWeb = Trojan.WinSpy.1014 Kaspersky = Trojan.Win32.Jorik.Pirminay.bha Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Jorik.K!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.hxys McAfee = Generic Malware.ap!pec F-Secure = Trojan.Generic.6403102 VIPRE = Trojan.Win32.Generic!BT AVG = Dropper.Generic4.TIK Norman = W32/Kryptik.ALS Sophos = Troj/Virtum-Gen Symantec = Trojan.Gen GData = Trojan.Generic.6403102 TheHacker = Trojan/Jorik.Pirminay.gu BitDefender = Trojan.Generic.6403102 NOD32 = a variant of Win32/Injector.HZU
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 233472 Initialized Data Size : 16384 Uninitialized Data Size : 40960 Entry Point : 0x43c60 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 8.1.2327.0 Product Version Number : 8.1.2327.0 File Flags Mask : 0x003f File Flags : Pre-release, Private build File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : Neutral Character Set : Unicode Company Name : Pjxdvuviy Orlrbwtlnlr File Description : Xbhmasnkw IME 2002 File Version : 8.1.2327.0 Internal Name : IMESKDIC Legal Copyright : Copyright (C) 1995-2000 Tzwduwvbx Funekxjkvef. All rights reserved. Legal Trademarks : CejkvztjmQ is a registered trademark of Wmhwyymnf Mzrcpotropv. Cwuxmwn(TM) is a trademark of Dptzwbgex Isqjyjgagbx Original Filename : IMESKDIC.DLL Product Name : Qijapgdmv IME 2002 Product Version : 8.1.2327.0
VirusTotal Report submitted 2012-05-19 11:22:49
VirusShare info last updated 2012-07-26 06:41:16

	MD5	dfd015176431ff13878c7efd8f1d783d
	SHA1	77db9e926fb4a6c5b03837d113c1efac26ecd399
	SHA256	29a20838d8e5ae95b8dd8cf6df927b842c10a0b21343324b870a5878e0a94f3c
SSDeep	3072:vTLmA2ib0oU3lvczTXwdPKF36+ZzQqihgrC8hPlHgaT7w59wflh:LL92iVvzDwl0Z0qTrCeLTGslh
Size	200704 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/DillerAF.A.3 Avast = Win32:Diller-AF [Trj] Ikarus = Trojan.Win32.Webprefix Panda = Suspicious file nProtect = Trojan.Generic.KDV.637973 K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_GEN.R01H1F2 Emsisoft = Trojan.Win32.Webprefix!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Artemis!DFD015176431 Fortinet = W32/Ponmocup.CU McAfee = Artemis!DFD015176431 F-Secure = Trojan.Generic.KDV.637973 VIPRE = Trojan.Win32.Generic!BT eSafe = Win32.TRDillerAF.A AVG = Agent3.BQSA BitDefender = Trojan.Generic.KDV.637973 NOD32 = a variant of Win32/Ponmocup.CU
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:07 02:40:16-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 106496 Initialized Data Size : 90112 Uninitialized Data Size : 0 Entry Point : 0x1168f OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 0.3.1536.1 Product Version Number : 1.10.1.71 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : CANON INC. File Description : Canon Inkjet Printer Driver File Version : 1.10.1.71 (fbl_dox_dev_ihvs.081016-0942) Internal Name : CNBSS4.DLL Legal Copyright : Copyright CANON INC. 2008 All Rights Reserved Original Filename : CNBSS4.DLL Product Name : Canon Inkjet Printer Driver Product Version : 1.10.1.71
VirusTotal Report submitted 2012-06-05 13:51:10
VirusShare info last updated 2012-07-26 06:46:13

	MD5	f7a1f5cedd98fe6ef6dfca501b9036d3
	SHA1	f7b8e05639eae791c3e5653c97e85824fdccbdb0
	SHA256	73cc65a48ac8f99bb2b9597067c4b5782a9356581319fe304b6c0080d6656f5d
SSDeep	1536:+qcC5oMGaG5xrIUh/UrmXZgoKGfJZKAcAEcm6hbD93ugyk5e4U7n5Iu:+G5Ax/crmXZgVIqATH9eg/5eXz5Iu
Size	100000 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	Avast = Win32:Pirminay-H [Trj] Ikarus = Trojan-Downloader.Win32.Ponmocup nProtect = Trojan.Generic.5384705 TrendMicro-HouseCall = TROJ_DLOADR.SMWQ Emsisoft = Trojan-Downloader.Win32.Ponmocup!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Downloader-CEW.ag TrendMicro = TROJ_DLOADR.SMWQ Fortinet = W32/Ponmocup.A!tr Jiangmin = Trojan/Generic.duhi McAfee = Downloader-CEW.ag F-Secure = Trojan.Generic.5384705 AVG = Downloader.Generic10.BUYR Norman = W32/Troj_Generic.dam GData = Trojan.Generic.5384705 TheHacker = Trojan/Kryptik.kwl BitDefender = Trojan.Generic.5384705 NOD32 = a variant of Win32/Kryptik.KWL
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:08:16 05:58:39-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 57344 Initialized Data Size : 614400 Uninitialized Data Size : 0 Entry Point : 0xe142 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI Warning : Error processing PE data dictionary
VirusTotal Report submitted 2012-05-14 21:02:22
VirusShare info last updated 2012-07-26 06:47:56

	MD5	7ffd14c89afc4a4c4839ba534e65523a
	SHA1	bf0a8a62bf8ba1a4451dcbdbc81f5540df1c1efd
	SHA256	a2d23ee31fde4e3efb53a087024a6f41f1fdfc2fb93c448d7cdb9d467567bd07
SSDeep	1536:cUwSpBwh/8LLpDikDnEM2IoJwRqdrcdpdwFzgiV1xscCy:9BcMkkDnOaecdpadgqfnC
Size	62976 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.XPACK.Gen Avast = Win32:Suprchu [Adw] Antiy-AVL = Trojan/win32.agent Ikarus = Win32.SuspectCrc Rising = Trojan.Win32.Ponmocup.a K7AntiVirus = Riskware eTrust-Vet = Win32/Vundo.K!generic TrendMicro-HouseCall = TROJ_GEN.R01CCEJ Comodo = TrojWare.Win32.Ponmocup.aa Emsisoft = Win32.SuspectCrc!IK McAfee-GW-Edition = Generic Malware.ms TrendMicro = TROJ_GEN.R01CCEJ Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.TMS!tr PCTools = Trojan.Gen Jiangmin = DangerousObject.Multi.enl McAfee = Generic Malware.ms F-Secure = Gen:Variant.Graftor.1470 VIPRE = Trojan.Win32.Encpk.acf (v) eSafe = Win32.TRCrypt.XPACK F-Prot = W32/GenTroj.A.gen!Eldorado AVG = Generic25.UAU Norman = W32/Troj_Generic.BUSHS Sophos = Troj/Virtum-Gen GData = Gen:Variant.Graftor.1470 Symantec = Trojan.Gen Commtouch = W32/GenTroj.A.gen!Eldorado BitDefender = Gen:Variant.Graftor.1470 NOD32 = Win32/Ponmocup.AA
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 20480 Initialized Data Size : 45056 Uninitialized Data Size : 0 Entry Point : 0x13fe OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Vsrubhxyr Bptynhnuxuu File Description : TLS / SSL Security Provider File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : schannel.dll Legal Copyright : © Tjvbwonmo Hvsuidvjvzd. All rights reserved. Original Filename : schannel.dll Product Name : Hboclaofk® Rexxflu® Zmhbvlgti Lohday Product Version : 6.1.7600.16385
VirusTotal Report submitted 2012-05-21 04:40:31
VirusShare info last updated 2012-07-26 07:01:39

	MD5	aa826d97ad7f2bf8a05eeec73084c261
	SHA1	b2abc7b65e47ded72742fed19b9460a44827aa24
	SHA256	09e0ff1d5b40824d452a8db4241e75d39e81d895db2970b11d95665db2b7c584
SSDeep	1536:d48uH7WPzW2LTH2B8OV8LijQNEPomQAIiMt8mV+0fmGzoTWO3cj9:dcWPCc9LicBmIiMt8b0fmGzqWA
Size	122880 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.ZPACK.Gen2 Avast = Win32:Diller-DD [Trj] Ikarus = Trojan.Win32.Webprefix Emsisoft = Trojan.Win32.Webprefix!IK Microsoft = Trojan:Win32/Vundo.gen!CB Fortinet = W32/Ponmocup.AZ!tr F-Secure = Gen:Variant.Barys.972 VIPRE = Virtumonde AVG = Agent3.BKTH GData = Gen:Variant.Barys.972 Symantec = Trojan.Gen.2 BitDefender = Gen:Variant.Barys.972 NOD32 = a variant of Win32/Ponmocup.BU
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:31 19:12:26-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 73728 Initialized Data Size : 49152 Uninitialized Data Size : 0 Entry Point : 0x1d85 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-05-18 04:20:04
VirusShare info last updated 2012-07-26 07:05:00

	MD5	afbc094635053da48145cd3da714886d
	SHA1	fd542a34ef2c8e0087a4c8e84442cc9b90ed244d
	SHA256	76f54dc3db9d3fa54f02564281f4bdaa398bfff8d8bbe31ee1bb4b229ca9ee52
SSDeep	3072:wYTJEzEUuNT89brFFgx8VCXee72RDFC27Ea+AuRge8rqO/js+1f3+DgLOOsj7:wYTJEzEUuNTQZJeGDFf7EzAk2rX4+J0X
Size	188416 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	Avast = Win32:Diller-DK [Trj] Ikarus = Trojan.Crypt Panda = Suspicious file K7AntiVirus = Riskware Emsisoft = Trojan.Crypt!IK Comodo = UnclassifiedMalware Fortinet = W32/Virtum!tr PCTools = Trojan.Gen F-Secure = Gen:Variant.Barys.2314 VIPRE = Trojan.Win32.Generic!BT AVG = Cryptic.EBR Norman = W32/Troj_Generic.BUUKK Sophos = Troj/Virtum-Gen GData = Gen:Variant.Barys.2314 Symantec = Trojan.Gen.2 TheHacker = Trojan/Ponmocup.cg BitDefender = Gen:Variant.Barys.2314 NOD32 = a variant of Win32/Ponmocup.CG
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:04:14 01:29:40-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 126976 Initialized Data Size : 61440 Uninitialized Data Size : 0 Entry Point : 0x15a43 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.0.2161.1 Product Version Number : 5.0.2161.1 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Yztvbjeht Zghnhzcecnf File Description : Upqhalxua® Rsnaojz(TM) PSched Performance Monitor File Version : 5.00.2161.1 Internal Name : PSched Performance Legal Copyright : Copyright (C) Yryycvtcm Corp. 1998 Original Filename : PschdPrf.dll Product Name : Zxhqatfws(R) Wmgxuqy (R) 2000 Kgwdyejry Qnsqze Product Version : 5.00.2161.1
VirusTotal Report submitted 2012-05-21 04:51:20
VirusShare info last updated 2012-07-26 07:05:26

	MD5	c514401dfdd44dae71d14e70e8a12c04
	SHA1	1b602d9277a2e88fa35201ada24373737de356da
	SHA256	26fd79d317fa12980fd477516c8ff01d9933bc50189dbdd1493559e19a3000ec
SSDeep	3072:zGM8cmrYaCCTcoiK8Yat7PsPIrUyGpwrrlsOcB:zGM8J0ic9K8Yk7kryhOZB
Size	147456 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Diller.A.3 Avast = Win32:Diller-DK [Trj] Ikarus = Trojan.Win32.Webprefix Panda = Suspicious file K7AntiVirus = Riskware Emsisoft = Trojan.Win32.Webprefix!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Artemis!C514401DFDD4 Microsoft = Trojan:Win32/Vundo.gen!CB Fortinet = W32/Ponmocup.AZ!tr McAfee = Artemis!C514401DFDD4 F-Secure = Gen:Variant.Barys.738 VIPRE = Trojan.Win32.Generic!BT eSafe = Win32.TRDiller.A AVG = Agent3.BLOB Norman = W32/Troj_Generic.BSJWC GData = Gen:Variant.Barys.738 TheHacker = Trojan/Ponmocup.bt BitDefender = Gen:Variant.Barys.738 NOD32 = a variant of Win32/Ponmocup.BT
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2012:04:01 20:00:00-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 90112 Initialized Data Size : 53248 Uninitialized Data Size : 0 Entry Point : 0xd38d OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-05-15 00:33:30
VirusShare info last updated 2012-07-26 07:07:10

	MD5	ee21ac70497b427e020474f6dda1cf83
	SHA1	cca72ba3441e408401971591f771773873f2c879
	SHA256	c8ca7fb4ddab9ac72ced1e67875b70cf7229218831c26bc77437f9f0c2393431
SSDeep	1536:HQ7ForrajFjx2BTKR8LiNgA/mNutGN9b8asrzSEk:45aLib/Kutzvrer
Size	122880 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.ZPACK.Gen2 Avast = Win32:Diller-CA [Trj] Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Win32.Diller K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_GEN.R47B1F3 Emsisoft = Win32.Diller!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Artemis!EE21AC70497B Fortinet = W32/Ponmocup.AZ!tr McAfee = Artemis!EE21AC70497B F-Secure = Gen:Variant.Barys.407 VIPRE = Trojan.Win32.Generic!BT eSafe = Win32.TRCrypt.ZPACK AVG = Generic27.AEPZ Norman = W32/Troj_Generic.BZXYY Sophos = Troj/Virtum-Gen GData = Gen:Variant.Barys.407 BitDefender = Gen:Variant.Barys.407 NOD32 = Win32/Ponmocup.AY
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:11:14 14:06:56-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 73728 Initialized Data Size : 49152 Uninitialized Data Size : 0 Entry Point : 0x1a27 OS Version : 4.0 Image Version : 21315.20512 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-06-05 22:25:37
VirusShare info last updated 2012-07-26 07:10:16

	MD5	4105a61675fe4cfc5d3dc59ff338e0f9
	SHA1	97609655f8d4882bdc0a9cbac944ec6c7e5b7641
	SHA256	03fed2b186b1dee7c35d25021fd23afa44d1a3be31030907379dff9c8d826ef1
SSDeep	6144:Ha1N1f/ENm7YcpQbv5HhXXaDpbFhXlbR6H9LGuZhB:6P1f/B7Y+iv59Ab3l8HJ7B
Size	295116 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:Downloader-HDL Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Pirminay.295116 Panda = Suspicious file K7AntiVirus = Riskware TrendMicro-HouseCall = Cryp_Spypro Comodo = TrojWare.Win32.Trojan.Agent.Gen TrendMicro = Cryp_Spypro Microsoft = TrojanDownloader:Win32/Ponmocup.A F-Secure = Gen:Trojan.Heur.RP.sq1@aW2Va8di VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Downloader-HDL AVG = Dropper.Generic3.BSPK Norman = W32/Obfuscated.L Sophos = Mal/Ponmocup-A GData = Gen:Trojan.Heur.RP.sq1@aW2Va8di BitDefender = Gen:Trojan.Heur.RP.sq1@aW2Va8di NOD32 = a variant of Win32/Injector.FXK
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:04:07 21:43:44-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 20480 Initialized Data Size : 532480 Uninitialized Data Size : 0 Entry Point : 0x28af OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Protected Storage COM interfaces File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : pstorec.dll Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : pstorec.dll Product Name : Microsoft® Windows® Operating System Product Version : 6.1.7600.16385
VirusTotal Report submitted 2011-05-23 03:42:13
VirusShare info last updated 2012-07-26 07:24:41

	MD5	2c622e17e99902be78881eb3512e634b
	SHA1	17647dcc737ac4d316d4a924dc161cacca166146
	SHA256	051509f214e270d305cd9caae537cab8cf9cfbc4ec4ed186956cb003eebd1cd8
SSDeep	6144:lCZhSiRik+P7QPgonoTrNNk7BKJDNPDBEUJsMel7FT54Wdo/t04/3p:AZhS5P7QW3NqTSUld5Z2ya
Size	287215 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dldr.Renos.KC.43 Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Dropper/Malware.287215.B Panda = Suspicious file K7AntiVirus = Riskware VBA32 = Trojan.Pirminay.amy TrendMicro-HouseCall = TROJ_GEN.R4FC3AS Comodo = TrojWare.Win32.Renos.~AM Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Downloader.a!vc DrWeb = Trojan.MulDrop1.54177 TrendMicro = TROJ_GEN.R4FC3AS Kaspersky = Trojan.Win32.Pirminay.fck Microsoft = TrojanDownloader:Win32/Renos.KC Fortinet = PossibleThreat PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.eo McAfee = Downloader.a!vc F-Secure = Gen:Variant.Zbot.34 VIPRE = Packed.Win32.Pirminay.a (v) F-Prot = W32/FakeAlert.LP.gen!Eldorado AVG = Downloader.Generic10.ALIJ Norman = W32/Suspicious_Gen2.JXZAB Sophos = Mal/Ponmocup-A GData = Gen:Variant.Zbot.34 Symantec = Trojan.Gen Commtouch = W32/FakeAlert.LP.gen!Eldorado TheHacker = Trojan/Pirminay.aor BitDefender = Gen:Variant.Zbot.34 NOD32 = a variant of Win32/Kryptik.JHJ
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:06:21 07:07:45-04:00 PE Type : PE32 Linker Version : 5.12 Code Size : 280576 Initialized Data Size : 273408 Uninitialized Data Size : 0 Entry Point : 0x45512 OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.53.6200.0 Product Version Number : 2.53.6200.0 File Flags Mask : 0x0003 File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : Neutral Character Set : Unicode Company Name : Microsoft Corporation File Description : Microsoft Data Access - OLE DB Data Conversion Stub File Version : 2.53.6200.0 Internal Name : msdadc.dll Legal Copyright : Copyright (C) Microsoft Corp. 1994-1999 Original Filename : msdadc.dll Product Name : Microsoft Data Access Components Product Version : 2.53.6200.0 Ole Self Register :
VirusTotal Report submitted 2012-03-11 07:12:47
VirusShare info last updated 2012-07-26 07:25:39

	MD5	b9d34406ee175bd1078e509ca1e0c15f
	SHA1	0abba22ecc5c791148f3945050ba54e86e010d40
	SHA256	068383a076b07573aae531ca57423ce5de09a87f11f86cc6fdc82cff1942e5a5
SSDeep	6144:Kx/pL0HVVlb/dwn80rDVz/IMCZT/E0r0riWjycJ1ACysuOHEqHRzRS0:Kx/pLaVJ/uNgMCZRrIe3nOHEqH9RS0
Size	313278 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Spy.313365 Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Dropper/Malware.313278 Panda = Trj/CI.A nProtect = Gen:Variant.Riern.1 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!Z5atj01Vu+Q VBA32 = Trojan.Pirminay.akk TrendMicro-HouseCall = TROJ_GEN.R4FC3AV Comodo = TrojWare.Win32.Trojan.Agent.Gen CAT-QuickHeal = Trojan.Pirminay.fqu McAfee-GW-Edition = Generic.dx!yob TrendMicro = TROJ_GEN.R4FC3AV Kaspersky = Trojan.Win32.Pirminay.fqu Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Pirminay.FQU!tr PCTools = Trojan.ADH McAfee = Generic.dx!yob F-Secure = Gen:Variant.Riern.1 VIPRE = Packed.Win32.Pirminay.a (v) Avast5 = Win32:Malware-gen AVG = Pakes.HSR Norman = W32/Obfuscated.L Sophos = Mal/Generic-L Symantec = Trojan.ADH.2 GData = Gen:Variant.Riern.1 TheHacker = Trojan/Kryptik.hpo BitDefender = Gen:Variant.Riern.1 NOD32 = a variant of Win32/Kryptik.ITO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:08:10 04:33:31-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 7168 Initialized Data Size : 609792 Uninitialized Data Size : 0 Entry Point : 0x28ec OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.3.73.0 Product Version Number : 2.3.73.0 File Flags Mask : 0x003f File Flags : Private build File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Conexant Systems, Inc. File Description : cx88enc_IBV32.sys: MPEG-2 Encoder Driver File Version : 2.3.73.0 (winmain(a-karenp).060801-1910) Internal Name : cx88enc_IBV32.sys Legal Copyright : Copyright © Conexant Systems, Inc. 2001 Original Filename : cx88enc_IBV32.sys Product Name : cx88enc_IBV32.sys Product Version : 2.3.73.0
VirusTotal Report submitted 2011-06-17 20:38:04
VirusShare info last updated 2012-07-26 07:27:13

	MD5	e702084d84d980355613c5c18675760e
	SHA1	26b7b2393f031e9871b375c7276ba8bc993a6ee0
	SHA256	0760560de69a31011f5cbebf0d730f685d5a5d648b352ca91e928e430fa91dfd
SSDeep	1536:UVXdyhlZ342TT9yNJp2BYkH8Lio35/XmqoGrjmqpntGpCnUeOP/7bE58R:U/GvTClLi6/3oGrjmqNtyCAP/7Y5
Size	114688 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.ZPACK.Gen2 Avast = Win32:Diller-C [Trj] Ikarus = Win32.Diller Panda = Suspicious file nProtect = Trojan.Generic.KDV.532198 K7AntiVirus = Riskware VirusBuster = Trojan.Ponmocup!ogOL6He0pHA TrendMicro-HouseCall = TROJ_GEN.R47C8BQ Comodo = UnclassifiedMalware Emsisoft = Win32.Diller!IK McAfee-GW-Edition = Generic.dx!bd3r TrendMicro = TROJ_GEN.R47C8BQ Kaspersky = Trojan.Win32.Genome.aezhc Fortinet = W32/Ponmocup.AH McAfee = Generic.dx!bd3r F-Secure = Trojan.Generic.KDV.532198 VIPRE = Trojan.Win32.Generic!BT AVG = Agent3.BHUC Norman = W32/Suspicious_Gen4.NETP GData = Trojan.Generic.KDV.532198 Symantec = Trojan.Gen BitDefender = Trojan.Generic.KDV.532198 NOD32 = a variant of Win32/Ponmocup.AH
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 8.0 Code Size : 73728 Initialized Data Size : 40960 Uninitialized Data Size : 0 Entry Point : 0x252f OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-04-06 17:58:12
VirusShare info last updated 2012-07-26 07:27:54

	MD5	31b0c525775b9384bc3069a3b40adb6b
	SHA1	c9eb02517251053d54bfdff0a564d02d03faa119
	SHA256	08108ad793f8cfb8b8e64c39465762ed7d64480e37f5d77f73c8fb135a8feafc
SSDeep	1536:otUrcESs4sgks6IBDiPMxX1SG7N6jC8oXCB//NARMUOkZ6spDHFVchScDjRc:otUgEwAeokxX1SGojC0BLUOS6spDl0zi
Size	94720 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.ZPACK.Gen2 Avast = Win32:Diller-U [Trj] Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = AdWare.Win32.EoRezo Panda = Generic Malware K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_GEN.R47CDB9 Comodo = UnclassifiedMalware Emsisoft = AdWare.Win32.EoRezo!IK CAT-QuickHeal = Adware.EoRezo.iw4 (Not a Virus) McAfee-GW-Edition = Generic PUP.z!jj TrendMicro = TROJ_GEN.R47CDB9 Kaspersky = Trojan.Win32.Genome.aexsq Microsoft = Adware:Win32/EoRezo Fortinet = W32/Ponmocup.AA McAfee = Generic PUP.z!jj F-Secure = Gen:Variant.Graftor.13973 VIPRE = Trojan.Win32.Generic!BT AVG = Generic4.CLEH Norman = W32/Troj_Generic.TSXF Symantec = Trojan.Gen.2 GData = Gen:Variant.Graftor.13973 TheHacker = Trojan/Ponmocup.aa BitDefender = Gen:Variant.Graftor.13973 NOD32 = Win32/Ponmocup.AA
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:03:23 07:03:05-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 49152 Initialized Data Size : 57344 Uninitialized Data Size : 0 Entry Point : 0x3175 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-04-05 18:10:47
VirusShare info last updated 2012-07-26 07:28:32

	MD5	7c6b3aae76122ef179428a7c2934930e
	SHA1	08d16cf8b681babc34fee2560024343cec010acd
	SHA256	14bf8ddcfa96a9bbc42713a5c1b4e270abf0930f1b66d5abfb337f74667b75fa
SSDeep	6144:RrigFJrDhv4KCY+yjTNB00UWzU0vsVy4yWlpdT:Rrrhv4KCYdfXtUmU0qy4zpx
Size	281016 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dldr.Ponmocup.A.14 Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Agent.gen Ikarus = Trojan.Win32.Agent AhnLab-V3 = Win-Trojan/Agent.281016.D Panda = Trj/Downloader.MDW Rising = Trojan.Win32.Generic.52023977 nProtect = Trojan/W32.Agent.281016 VBA32 = Trojan.Win32.Agent.dwgb Comodo = TrojWare.Win32.Trojan.Agent.Gen Emsisoft = Trojan.Win32.Agent!IK CAT-QuickHeal = Trojan.Agent.dwqi McAfee-GW-Edition = Generic Downloader.x!dyb DrWeb = Trojan.Siggen1.30271 Kaspersky = Trojan.Win32.Agent.dwqi Microsoft = TrojanDownloader:Win32/Ponmocup.A PCTools = Trojan.ADH Sunbelt = Trojan-Dropper.Win32.Ponmocup.QHost Jiangmin = Trojan/Agent.dtms McAfee = Generic Downloader.x!dyb F-Secure = Trojan.Generic.3843531 Avast5 = Win32:Malware-gen AVG = Crypt.UMK Sophos = Mal/Generic-L Symantec = Trojan.ADH GData = Trojan.Generic.3843531 TheHacker = Trojan/Agent.dwlq BitDefender = Trojan.Generic.3843531 NOD32 = Win32/TrojanDownloader.Agent.PXG
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2005:03:04 15:54:20-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 278528 Initialized Data Size : 4096 Uninitialized Data Size : 348160 Entry Point : 0x99e30 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2010-08-08 04:26:30
VirusShare info last updated 2012-07-26 07:37:40

	MD5	01734ff6fb2285e03a558eb5aef74726
	SHA1	4ccdc8c3bb63221714fb87f32faf09c4ea3bf4f4
	SHA256	16f930864625cc8486edf7068594f4fb57e948f872e37cfc9204267a914f7456
SSDeep	1536:d5jZCyovAtwgagyoh+2B8ir8LiD6K/aMUm30Cyrt6Yvk8A08qlXiKQim:njY4tRaQELip/iXnrtnvk81PQd
Size	126976 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.ZPACK.Gen2 Avast = Win32:Diller-E [Trj] Ikarus = Win32.Diller Panda = Suspicious file nProtect = Trojan.Generic.KDV.530504 K7AntiVirus = Riskware VirusBuster = Trojan.Ponmocup!rDnX+qj9bhQ TrendMicro-HouseCall = TROJ_GEN.R2EC8BP Emsisoft = Win32.Diller!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Agent.ni McAfee-GW-Edition = Artemis!01734FF6FB22 TrendMicro = TROJ_GEN.R2EC8BP Kaspersky = Trojan.Win32.Genome.aeyzf Fortinet = W32/Ponmocup.AL PCTools = Trojan.Gen McAfee = Artemis!01734FF6FB22 F-Secure = Trojan.Generic.KDV.530504 VIPRE = Trojan.Win32.Generic!BT AVG = Downloader.Agent2.AZHX Norman = W32/Suspicious_Gen4.LTDT GData = Trojan.Generic.KDV.530504 Symantec = Trojan.Gen TheHacker = Trojan/Ponmocup.al BitDefender = Trojan.Generic.KDV.530504 NOD32 = Win32/Ponmocup.AL
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 8.0 Code Size : 73728 Initialized Data Size : 53248 Uninitialized Data Size : 0 Entry Point : 0x23df OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-05-14 04:24:06
VirusShare info last updated 2012-07-26 07:39:11

	MD5	d885f379a02bd8e4df43c5b191ecd275
	SHA1	0697412d6366604e278a86f4420716d9d45c81f3
	SHA256	190b3a22baa21dde4176157927fb7d9373b568d342bd9b0142417c376333b2d3
SSDeep	6144:FyMsJzVrZ2MW3kyDhZI/NnAHZaeKmeGdEjlbZebhrRBPMB+v:F8JyvUyDbMnA56f2hFBPMq
Size	250419 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:Trojan-gen Antiy-AVL = Trojan/Win32.Jorik Ikarus = Trojan.Win32.Jorik AhnLab-V3 = Dropper/Malware.250419 Panda = Trj/CI.A nProtect = Gen:Variant.Downloader.10 K7AntiVirus = Riskware VirusBuster = Trojan.Injector!M/8mCdETuGI VBA32 = Trojan.Jorik.Pirminay.bu TrendMicro-HouseCall = TROJ_GEN.R28C2I9 Emsisoft = Trojan.Win32.Jorik!IK Comodo = TrojWare.Win32.Trojan.Agent.Gen SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Generic Downloader.x!gby ByteHero = Trojan.Win32.Heur.Gen TrendMicro = TROJ_GEN.R28C2I9 Kaspersky = Trojan.Win32.Jorik.Pirminay.xu Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Jorik.K!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.hxys McAfee = Generic Downloader.x!gby F-Secure = Trojan.Generic.KDV.303242 VIPRE = Trojan.Win32.Generic!BT AVG = Dropper.Generic4.RTQ Norman = W32/Obfuscated.L GData = Trojan.Generic.KDV.303242 Symantec = Trojan.Gen TheHacker = Trojan/Jorik.Pirminay.kn BitDefender = Trojan.Generic.KDV.303242 NOD32 = a variant of Win32/Injector.HZU
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 229376 Initialized Data Size : 24576 Uninitialized Data Size : 40960 Entry Point : 0x42510 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1.0.13.0 Product Version Number : 1.0.13.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 1 Language Code : Danish Character Set : Unicode Comments : Company Name : Igztgvurp Rvsmlsadwvg File Description : Lexmark 3200 Color Jetprinter File Version : 1, 0, 13, 0 Internal Name : LXSYSRES.DLL Legal Copyright : Copyright (C) Gkwziauas Corp. 1981-1997 Legal Trademarks : Original Filename : OEMRES Private Build : Product Name : Psyhpqmts(R) Nwoaxuy NT(R) Operativsystem Product Version : 1, 0, 13, 0 Special Build :
VirusTotal Report submitted 2011-10-05 04:51:12
VirusShare info last updated 2012-07-26 07:40:19

	MD5	22725d097b2f6640aa6a5ed3c05d7733
	SHA1	d7132221fc2eb933dccd9195abd331be88a90092
	SHA256	1e62dd611f399e952574a8645bdb84b88de7d8c918b86108b47f641914943d92
SSDeep	1536:s4S+PvsNsMl7F8nROc/kG3eL94Vqvwi71ZpdHRKkUxpkx4DM2rqDGe:ssvs97FU/tIODi7tdH8kgpo4DdGr
Size	86016 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Diller.A.1 Avast = Win32:Diller-BO [Trj] Ikarus = Win32.Diller K7AntiVirus = Riskware Emsisoft = Win32.Diller!IK McAfee-GW-Edition = Artemis!22725D097B2F Fortinet = W32/Ponmocup.BG McAfee = Artemis!22725D097B2F VIPRE = Trojan.Win32.Generic!BT AVG = Agent3.BJXH GData = Win32:Diller-BO Symantec = Trojan Horse NOD32 = Win32/Ponmocup.BG
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2012:02:06 19:00:00-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 40960 Initialized Data Size : 45056 Uninitialized Data Size : 0 Entry Point : 0x1867 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-04-04 12:36:18
VirusShare info last updated 2012-07-26 07:43:13

	MD5	97e41a82f9664cbd7eaf2542cab997c0
	SHA1	f4c4be6399230ccc9ba3f8a1f489f49c64229365
	SHA256	2467d31b5817d339b849bb25fc13db9c705b39eb6962f739a40dd955dc3c2495
SSDeep	6144:ACgdGXXbaRrYVjDhIRLnRzhTOspw84GYsCaBwEmPdJyNJczf9br9uPWfSh3B3PEa:udGnuRI/hILhTOsO84GVB/ufsfEa
Size	433676 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dldr.Ponmocup.A.203 Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Generic Trojan VirusBuster = Trojan.Qhost!Z52KWsAUqBg VBA32 = Trojan.Pirminay.euw TrendMicro-HouseCall = TROJ_GEN.R3EC2DA Comodo = TrojWare.Win32.Trojan.Agent.Gen McAfee-GW-Edition = Artemis!97E41A82F966 TrendMicro = TROJ_GEN.R3EC2DA Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Pirminay.EVF!tr Jiangmin = Trojan/Pirminay.rg McAfee = Artemis!97E41A82F966 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Malware-gen AVG = Generic21.CMLF Norman = W32/Obfuscated.L Sophos = Mal/Ponmocup-A GData = Trojan.Generic.KDV.178521 TheHacker = Trojan/Qhost.nrx BitDefender = Trojan.Generic.KDV.178521 NOD32 = Win32/Qhost.NRX
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:11:03 00:24:02-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 57344 Initialized Data Size : 745472 Uninitialized Data Size : 0 Entry Point : 0xaac7 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.5512 Product Version Number : 5.1.2600.5512 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Btgivyxyt Duhypwpsfod File Description : 802.3 Autoconfiguration API File Version : 5.1.2600.5512 (xpsp.080413-0852) Internal Name : dot3api.dll Legal Copyright : © Xeedcjyia Swbeosbjapn. All rights reserved. Original Filename : dot3api.dll Product Name : Vghwqemlg® Windows® Obmkcfcrx Nuigfn Product Version : 5.1.2600.5512
VirusTotal Report submitted 2011-04-22 08:36:34
VirusShare info last updated 2012-07-26 07:46:15

	MD5	2d7b6392d73177a0468d2578416596ac
	SHA1	22177a3b4511dd2f1f47e20c7b47e29ca2411fb1
	SHA256	3376fb2b7de0728c672f93d39f86ff9739e55a4a0edd337a80b6ad76a0f2000f
SSDeep	6144:/4wOicvxO1X+rHh1W+R81AFWubEAFztZDf1:7dWO1X6c+JNwARrD9
Size	286716 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.FKM.Gen Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Pirminay.286716 Panda = Suspicious file nProtect = Trojan.Generic.4830822 K7AntiVirus = Riskware VBA32 = Trojan.Pirminay.bjp TrendMicro-HouseCall = TROJ_GEN.R34E1CI Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Pirminay.bjp McAfee-GW-Edition = Generic.dx!vis DrWeb = Trojan.Hosts.2628 TrendMicro = TROJ_GEN.R34E1CI Kaspersky = Trojan.Win32.Pirminay.bjp Microsoft = TrojanDownloader:Win32/Ponmocup.A PCTools = HeurEngine.MaliciousPacker Jiangmin = Trojan/Pirminay.dn McAfee = Generic.dx!vis VIPRE = Packed.Win32.Pirminay.a (v) Avast5 = Win32:Malware-gen eSafe = Win32.TRCrypt.Fkm F-Prot = W32/FakeAlert.LP.gen!Eldorado AVG = Generic18.AWLV Norman = W32/Obfuscated.L Sophos = Mal/Generic-L Symantec = Packed.Generic.305 GData = Trojan.Generic.4830822 Commtouch = W32/FakeAlert.LP.gen!Eldorado TheHacker = Trojan/Pirminay.nf BitDefender = Trojan.Generic.4830822 NOD32 = a variant of Win32/Kryptik.HKC
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2007:02:22 02:41:33-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 279040 Initialized Data Size : 268288 Uninitialized Data Size : 0 Entry Point : 0x44f58 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.0 Product Version Number : 5.2.3790.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Windows Write File Version : 5.2.3790.0 (srv03_rtm.030324-2048) Internal Name : write Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : write Product Name : Microsoft® Windows® Operating System Product Version : 5.2.3790.0
VirusTotal Report submitted 2011-05-18 06:18:36
VirusShare info last updated 2012-07-26 07:55:12

	MD5	a5e34fc3746e2edf22352b66b8fd0e9f
	SHA1	1170c26e0c74b4d9a3516e143392adf1c3cac457
	SHA256	3ba91581383f5019d69c47bece265c0f2dc40fe25c0609fa93be80387f9c3149
SSDeep	3072:WrAdPBoUyxX0+AR7092SSh3fxEfYGEMiME9gHA5VZR8FPFeOLiaI0lttGIZjOqHD:JjyVdARQjSdfZaiv9HVcFbtjOqR71gc
Size	312358 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Pirminay.bks Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Swisyn.312358 Panda = Suspicious file nProtect = Gen:Variant.Buzy.550 VBA32 = SScope.Trojan.Pirminay.chc TrendMicro-HouseCall = TROJ_GEN.R28C2BE McAfee-GW-Edition = Artemis!A5E34FC3746E TrendMicro = TROJ_GEN.R28C2BE Kaspersky = Trojan.Win32.Pirminay.dla Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = PossibleThreat Jiangmin = Trojan/Pirminay.hc McAfee = Artemis!A5E34FC3746E VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Malware-gen AVG = Generic20.BGDN Norman = W32/Obfuscated.L Symantec = Packed.Generic.305 GData = Backdoor.Generic.552986 TheHacker = Trojan/Downloader.Agent.pxo BitDefender = Backdoor.Generic.552986 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:11:10 10:19:14-05:00 PE Type : PE32 Linker Version : 5.12 Code Size : 24576 Initialized Data Size : 564736 Uninitialized Data Size : 0 Entry Point : 0x6b12 OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.4.3790.0 Product Version Number : 6.4.3790.0 File Flags Mask : 0x30003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Windows, Latin1 Company Name : Microsoft Corporation File Description : DirectShow Runtime. File Version : 6.04.3790.0 Internal Name : QCap.dll Legal Copyright : Copyright (C) 1992-2001 Microsoft Corp. Original Filename : QCap.dll Product Name : DirectShow Product Version : 6.04.3790.0 Direct Show : Core OLE Self Register : DXM20
VirusTotal Report submitted 2011-03-13 05:32:57
VirusShare info last updated 2012-07-26 07:59:49

	MD5	199ca72922967cf85bbdbbce2bb7e48b
	SHA1	918836ba3d635380f08be9e83b92c42273655231
	SHA256	4851f9e60a9930fcd06833c425a2461e1469569f3e5672d04e59c6b2b01260ae
SSDeep	6144:vY8imMdSZJhUwjC1ptgVuqsMB9B2pwAIwgX:vpu4JhUwgpiTsMkw00
Size	211641 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:Trojan-gen Ikarus = Trojan-Downloader.Win32.Ponmocup Panda = Suspicious file Comodo = UnclassifiedMalware Emsisoft = Trojan-Downloader.Win32.Ponmocup!IK ByteHero = Trojan.Win32.Heur.Gen Jiangmin = Trojan/Generic.kfqc VIPRE = C2.Lop Avast5 = Win32:Trojan-gen AVG = Dropper.Generic4.ABZY Norman = W32/Obfuscated.L Sophos = Mal/Generic-L GData = Win32:Trojan-gen NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 16384 Initialized Data Size : 204800 Uninitialized Data Size : 0 Entry Point : 0x12b6 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Unicode Company Name : Hvvhpuraa Jarzbpraqyn File Description : Named Pipe Transport Driver File Version : 6.0.6000.16386 (lzrhu_rtm.061101-2205) Internal Name : tdpipe.sys Legal Copyright : © Wdpoaksgu Kvvjudqcxty. All rights reserved. Original Filename : tdpipe.sys Product Name : Byhfdyipv® Xkppvid® Trxjnhtgc Qqwnry Product Version : 6.0.6000.16386
VirusTotal Report submitted 2011-08-23 19:29:51
VirusShare info last updated 2012-07-26 08:07:23

	MD5	ccef596d1ded35346df0f082a49d1e20
	SHA1	9db5c612e30d7f4ec8a3489d945cce207a289c07
	SHA256	67ba703e556fdd04e560171ea10d0f95c160d28645552c2e4219eb56dffecd53
SSDeep	3072:WrAdPBoUyxX0+AR7092SSh3fxEfYGEMiME9gHA5VZR8FPFeOLiaI0lttGIZjOqHi:JjyVdARQjSdfZaiv9HVcFbtjOqR71gKG
Size	312215 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Pirminay.bks Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Suspicious file nProtect = Gen:Variant.Buzy.550 K7AntiVirus = Trojan VBA32 = SScope.Trojan.Pirminay.chc TrendMicro-HouseCall = TROJ_GEN.R28C2AQ McAfee-GW-Edition = Artemis!CCEF596D1DED DrWeb = Trojan.Hosts.4027 TrendMicro = TROJ_GEN.R28C2AQ Kaspersky = Trojan.Win32.Pirminay.dea Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = PossibleThreat PCTools = Trojan.ADH Jiangmin = Trojan/Pirminay.hc McAfee = Artemis!CCEF596D1DED VIPRE = Trojan.Win32.Generic!BT Prevx = Medium Risk Malware Avast5 = Win32:Malware-gen eSafe = Win32.TRPirminay.Bks AVG = Generic20.BGDN Norman = W32/Obfuscated.L Sophos = Mal/Generic-L Symantec = Trojan.ADH GData = Backdoor.Generic.552986 TheHacker = Trojan/Downloader.Agent.pxo BitDefender = Backdoor.Generic.552986 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:11:10 10:19:14-05:00 PE Type : PE32 Linker Version : 5.12 Code Size : 24576 Initialized Data Size : 564736 Uninitialized Data Size : 0 Entry Point : 0x6b12 OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.4.3790.0 Product Version Number : 6.4.3790.0 File Flags Mask : 0x30003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Windows, Latin1 Company Name : Microsoft Corporation File Description : DirectShow Runtime. File Version : 6.04.3790.0 Internal Name : QCap.dll Legal Copyright : Copyright (C) 1992-2001 Microsoft Corp. Original Filename : QCap.dll Product Name : DirectShow Product Version : 6.04.3790.0 Direct Show : Core OLE Self Register : DXM20
VirusTotal Report submitted 2011-03-19 19:51:20
VirusShare info last updated 2012-07-26 08:24:34

	MD5	0b194f4343a6230dcba63d86d8ab953f
	SHA1	5e3980026a8ce0aed53358f6dbf997d72550b1a1
	SHA256	6f42588a307b35b6951116dbbd1d9c003de7962538bbd6c676c395a4b9949cac
SSDeep	6144:igZS41SEHVgQkawY7xUT6M6mfEEhzC1sQr:igzSEHqQdv7xUT6M/f1hssQr
Size	234446 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:Malware-gen Ikarus = Trojan-Downloader.Win32.Ponmocup AhnLab-V3 = Trojan/Win32.FakeAV Emsisoft = Trojan-Downloader.Win32.Ponmocup!IK ByteHero = Trojan.Win32.Heur.Gen Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = TrojanDownloader:Win32/Ponmocup.A Jiangmin = Trojan/Generic.klre F-Secure = Trojan.Generic.6534398 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Malware-gen AVG = Dropper.Generic4.AIJX GData = Trojan.Generic.6534398 BitDefender = Trojan.Generic.6534398
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 233472 Initialized Data Size : 4096 Uninitialized Data Size : 28672 Entry Point : 0x40500 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Dszwsnynh Corporation File Description : Event Create File Version : 5.1.2600.0 (zionrkak.010817-1148) Internal Name : EventCreate.exe Legal Copyright : © Oegxrecue Fgbzejkeiph. All rights reserved. Original Filename : EvCreate.exe Product Name : Fywzmpihw® Ukxtqkg® Jhdzlgalx Rzelau Product Version : 5.1.2600.0
VirusTotal Report submitted 2011-09-18 14:56:56
VirusShare info last updated 2012-07-26 08:28:05

	MD5	20018ba1cbc1a14d2252f5fda5e789c6
	SHA1	77ca1b3e57013ec7f3ad028ba580023f0adf55ed
	SHA256	73b2338ab9d9e07c74000f2b1b8b98c6c2622b2ed11fc6a1bf848626668e3329
SSDeep	6144:dYqoQCE9Yfk7fBCCRgzip0LTgRZxbS0Ql81Z8RArorhLasMGw1T:dYV1pAhWziS6T0e1uAs1VRcT
Size	291694 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Ag.294254 Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Swisyn.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/CI.A nProtect = Trojan.Generic.4449207 K7AntiVirus = Trojan VirusBuster = Trojan.DL.Agent!2n+ewaUPG6g VBA32 = Trojan.Win32.Pirminay.az TrendMicro-HouseCall = TROJ_GEN.R74C2GA Comodo = TrojWare.Win32.Trojan.Agent.Gen CAT-QuickHeal = Trojan.Pirminay.ay McAfee-GW-Edition = Artemis!20018BA1CBC1 DrWeb = Trojan.Siggen1.52063 TrendMicro = TROJ_GEN.R74C2GA Kaspersky = Trojan.Win32.Pirminay.ay Microsoft = TrojanDownloader:Win32/Ponmocup.A PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.c McAfee = Suspect-BA!20018BA1CBC1 F-Secure = Trojan-Dropper:W32/Meredrop.AL VIPRE = Trojan.Win32.Meredrop Avast5 = Win32:Malware-gen F-Prot = W32/MalwareF.DUTD AVG = SHeur3.AFOY Norman = W32/Obfuscated.L Sophos = Mal/Generic-L Symantec = Trojan.Gen GData = Trojan.Generic.4449207 Commtouch = W32/MalwareF.DUTD TheHacker = Trojan/Dropper.gen BitDefender = Trojan.Generic.4449207 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:02 13:59:34-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 278528 Initialized Data Size : 16384 Uninitialized Data Size : 299008 Entry Point : 0x8d730 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2011-06-11 06:35:17
VirusShare info last updated 2012-07-26 08:30:43

	MD5	59d3336174a6f429bf915437d9f3d612
	SHA1	6acbe2fc4e3e2ad3925a70ee9ca2120beedbdbd8
	SHA256	8688b7a248fd02194bc8dc97b752d546d4c72778a4a86024f90a8307fe082a72
SSDeep	6144:vAyBCP4AMXczo5gtiQWGVARqXaMqtWoSeFytpcwg/79zv09WuFNO/:Y+CP4tyntiQTVAkPqtWoSeFy7IBT0xFc
Size	348574 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.XPACK.Gen Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Swisyn.348574 Panda = Suspicious file K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_GEN.R72CRBR Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Downloader-CEW.ag DrWeb = Trojan.Hosts.5338 TrendMicro = TROJ_GEN.R72CRBR Kaspersky = Trojan.Win32.Pirminay.dhg Microsoft = TrojanDownloader:Win32/Renos.KC Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.ADH Jiangmin = Trojan/Pirminay.kl McAfee = Downloader-CEW.ag F-Secure = Gen:Variant.Vundo.11 VIPRE = Trojan.Win32.Generic!BT F-Prot = W32/MalwareF.YAFW AVG = Generic21.MHJ Norman = W32/Kryptik.AIF Sophos = Mal/Ponmocup-A GData = Gen:Variant.Vundo.11 Symantec = Trojan.ADH.2 Commtouch = W32/MalwareF.YAFW TheHacker = Trojan/Kryptik.jzc BitDefender = Gen:Variant.Vundo.11 NOD32 = a variant of Win32/Kryptik.JZC
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:08:25 06:11:39-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 53248 Initialized Data Size : 581632 Uninitialized Data Size : 0 Entry Point : 0xd732 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6001.18000 Product Version Number : 6.0.6001.18000 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : SecureDigital Bus Driver File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840) Internal Name : sdbus.sys Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : sdbus.sys Product Name : Microsoft® Windows® Operating System Product Version : 6.0.6001.18000
VirusTotal Report submitted 2012-05-27 00:53:48
VirusShare info last updated 2012-07-26 08:43:23

	MD5	af8e206a05558b4d96520447a320aba5
	SHA1	d15d5269908678174508e00105bedbe87668485f
	SHA256	8a271232d106311871df7ab989652d9c068f1695289ebc75fbb9ca5bfc3a1031
SSDeep	6144:+WaZCtxqPsAu5TVFYJgYJXmvoSgiY9NYgdizAe1wEJ219nDnxpOqp1ih2XEwBGY/:+W6CtJ5TVyCk2HZAP89ty1rTp1ibr6
Size	442820 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Pirminay.fxk Avast = Win32:Trojan-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Pirminay.442820 Panda = Trj/CI.A nProtect = Gen:Variant.Vundo.5 K7AntiVirus = Riskware VirusBuster = Trojan.Agent!vnqU+3ksOhY VBA32 = Trojan.Pirminay.fxf TrendMicro-HouseCall = TROJ_GEN.R47C2DT Emsisoft = Trojan.Win32.Pirminay!IK Comodo = TrojWare.Win32.Trojan.Agent.Gen CAT-QuickHeal = Trojan.Pirminay.fxf SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Heuristic.BehavesLike.Win32.Suspicious.H DrWeb = Trojan.DownLoader2.40164 TrendMicro = TROJ_GEN.R47C2DT Kaspersky = Trojan.Win32.Pirminay.fxf Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Ponmocup.A PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.ve McAfee = Generic Downloader.x!fya F-Secure = Trojan.Generic.5810950 Avast5 = Win32:Kryptik-BWR [Trj] AVG = SHeur3.BVXT Norman = W32/Obfuscated.L Sophos = Mal/Ponmocup-A Symantec = Trojan.Gen GData = Trojan.Generic.5810950 TheHacker = Trojan/Pirminay.fxf BitDefender = Trojan.Generic.5810950 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:08:22 08:02:28-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 114688 Initialized Data Size : 638976 Uninitialized Data Size : 0 Entry Point : 0x18dc3 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.3959 Product Version Number : 5.2.3790.3959 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Hvgavpaib Mdatmpcqhgh File Description : Event Translator Configuration Tool File Version : 5.2.3790.3959 (srv03_sp2_rtm.070216-1710) Internal Name : eventcmd.exe Legal Copyright : © Mdprzwmqs Qwbllocmahr. All rights reserved. Original Filename : eventcmd.exe Product Name : Hxtewnnzf® Wypmyfj® Swollspwk Ocpnzm Product Version : 5.2.3790.3959
VirusTotal Report submitted 2011-07-20 22:02:32
VirusShare info last updated 2012-07-26 08:45:55

	MD5	02fde7d27e113ba39dbdeb7589bfa116
	SHA1	9099ec6ed42b5fab1ad382f986785ce829b72d43
	SHA256	8aa8a3319033c3be7ef57fb31a0934ade3c8420b5c16829546408c6ab94076d6
SSDeep	768:wHbCTlqIFY5Z1EKLEwapEfyh6OCD1GW54w59KCc5Faaip4gnv3q2W4GmaBt:wHlIFsZ1EKLlaBsDXSwPKCGs4InGmet
Size	64000 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.XPACK.Gen Avast = Win32:Suprchu [Adw] Antiy-AVL = Trojan/Win32.Genome Ikarus = Trojan.SuspectCRC AhnLab-V3 = Trojan/Win32.HDC Panda = Trj/CI.A nProtect = Gen:Variant.Graftor.1470 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!yP62FGBxrl8 TrendMicro-HouseCall = TROJ_GEN.R4FC1JV Emsisoft = Trojan.SuspectCRC!IK Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Generic Malware.ms TrendMicro = TROJ_GEN.R4FC1JV Kaspersky = Trojan.Win32.Genome.wxjf Microsoft = Trojan:Win32/Orsam!rts Fortinet = W32/Virtum.MS!tr PCTools = Trojan.Gen Jiangmin = Trojan/Genome.ansf McAfee = Generic Malware.ms F-Secure = Gen:Variant.Graftor.1470 VIPRE = Trojan.Win32.Generic!BT eSafe = Win32.TRCrypt.XPACK AVG = Generic25.OMR Norman = W32/Suspicious_Gen2.RLWGZ Sophos = Troj/Virtum-Gen GData = Gen:Variant.Graftor.1470 Symantec = Trojan.Gen.2 TheHacker = Trojan/Kryptik.tms BitDefender = Gen:Variant.Graftor.1470 NOD32 = Win32/Ponmocup.AA
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 20480 Initialized Data Size : 45056 Uninitialized Data Size : 0 Entry Point : 0x1402 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Prleqmknm Oiunoicemnv File Description : ODBC Code Page Translator File Version : 6.0.6000.16386 (gupnu_rtm.061101-2205) Internal Name : mscxpl32.dll Legal Copyright : © Yvqmmnyqi Wntzrgzroql. All rights reserved. Original Filename : mscxpl32.dll Product Name : Lxdwemqsf® Jgvjzao® Gygwwpxcn Imldny Product Version : 6.0.6000.16386
VirusTotal Report submitted 2011-11-10 20:48:13
VirusShare info last updated 2012-07-26 08:46:14

	MD5	8fb009f5313f6b30231d1558dd28f2cb
	SHA1	e8338ba4323dd33f57558f95574482d85bdf2455
	SHA256	9cf7cfe8b1f1c559f2984972833f366453d1bf6e02d78a1d6cf8360f06bbafde
SSDeep	6144:Z5QioRT/ryfr1tR8PFgHu3WIvi0hGz0plscPC2fTOShhnz:ZmioxO8cuGIJGg3jCGTOC
Size	394024 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Spy.ZBot.34.25 Avast = Win32:Zbot-NBP Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Suspicious file nProtect = Gen:Variant.Zbot.34 K7AntiVirus = Trojan VirusBuster = TrojanSpy.ZBot!AyyQPRIXTEo VBA32 = Trojan.Pirminay.gei TrendMicro-HouseCall = TROJ_GEN.R3EC2E2 Comodo = TrojWare.Win32.Trojan.Agent.Gen Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Pirminay.gau McAfee-GW-Edition = Heuristic.BehavesLike.Win32.Suspicious.H TrendMicro = TROJ_GEN.R3EC2E2 Kaspersky = Trojan.Win32.Pirminay.gau Microsoft = TrojanDownloader:Win32/Ponmocup.A PCTools = Trojan.ADH Jiangmin = Trojan/Pirminay.vn McAfee = Artemis!8FB009F5313F VIPRE = Trojan.Win32.Generic!SB.0 Avast5 = Win32:Vundo-JU eSafe = Win32.TRSpy.Zbot AVG = SHeur3.BWRC Norman = W32/Obfuscated.L Sophos = Mal/Generic-L Symantec = Trojan.ADH GData = Gen:Variant.Zbot.34 TheHacker = Trojan/Pirminay.gaj BitDefender = Gen:Variant.Zbot.34 NOD32 = a variant of Win32/Kryptik.NDZ
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:11 00:41:40-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 49152 Initialized Data Size : 659456 Uninitialized Data Size : 0 Entry Point : 0x9106 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 11.0.6001.7000 Product Version Number : 11.0.6001.7000 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Windows Media Audio 10 Encoder/Transcoder File Version : 11.0.6001.7000 (longhorn_rtm.080118-1840) Internal Name : wmadmoe.dll Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : wmadmoe.dll Product Name : Microsoft® Windows® Operating System Product Version : 11.0.6001.7000 Ole Self Register :
VirusTotal Report submitted 2011-06-20 14:37:49
VirusShare info last updated 2012-07-26 08:59:35

	MD5	288ecb0a0f63865ad7a1af870d0b0b64
	SHA1	9c8b38f212ab080c37278c3cf24374f6905f1169
	SHA256	9e17985ca1619b4e2a4bf4b3dfba506b4ffe4a13cca7c346c38b78cf471ae5f5
SSDeep	6144:ye/d6MQSsEkshGE+seGCsAjtsmDoTcejx8V5cTaILj8TwU:LH1sfs5+fG/AjtsmEL+mTa9wU
Size	277374 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Meredrop.A.10101 Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Swisyn.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Securisk Panda = Trj/Pirminary.B Rising = Dropper.Win32.Qhost.b nProtect = Trojan/W32.Agent.277374 K7AntiVirus = Trojan VBA32 = Win32.TrojanDownloader.Agent.PXO eTrust-Vet = Win32/Swisyn.CQ TrendMicro-HouseCall = TROJ_GEN.R26E1G4 Comodo = TrojWare.Win32.Trojan.Agent.Gen CAT-QuickHeal = Win32.Packed.Katusha.j.4 Command = W32/DropperX.AFZW McAfee-GW-Edition = Generic Downloader.x!dyq DrWeb = Trojan.Siggen1.58509 TrendMicro = TROJ_GEN.R26E1G4 Microsoft = TrojanDownloader:Win32/Ponmocup.A PCTools = Trojan.ADH Jiangmin = Trojan/Swisyn.jgw McAfee = Generic Downloader.x!dyq F-Secure = Trojan.Generic.4128374 VIPRE = Trojan.Win32.Generic!SB.0 Avast5 = Win32:Malware-gen F-Prot = W32/DropperX.AFZW AVG = Downloader.Generic9.BZRM Norman = W32/Obfuscated.L Sophos = Mal/Generic-L Symantec = Trojan.ADH GData = Trojan.Generic.4128374 BitDefender = Trojan.Generic.4128374 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:22 22:41:21-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 8192 Initialized Data Size : 535040 Uninitialized Data Size : 0 Entry Point : 0x2de8 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.0.2195.6601 Product Version Number : 5.0.2195.6601 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 6 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Windows NT Appletalk protocol stack/router File Version : 5.00.2195.6601 Internal Name : sfmatalk.sys Legal Copyright : Copyright (C) Microsoft Corp. 1981-1999 Original Filename : sfmatalk.sys Product Name : Microsoft(R) Windows (R) 2000 Operating System Product Version : 5.00.2195.6601
VirusTotal Report submitted 2010-11-18 11:22:21
VirusShare info last updated 2012-07-26 09:00:15

	MD5	eefed4dc0d1e0bda29671621693a413d
	SHA1	07c185b97b26e0bce3c0dca37b2c56d334a7bb3d
	SHA256	a1094bf2ea35134bee21df2793a10858a2d3fd298debc7a3534140dba95ce664
SSDeep	3072:PuV5pv8kQLcMb+K1GvkMc4/UZkl0Hdkm4c6t8DqC:P/cMb+K1tMc48Z7H8tpC
Size	163840 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Ponmocup.A Avast = Win32:Diller-AF [Trj] Antiy-AVL = AdWare/Win32.SuperJuan Ikarus = Win32.SuspectCrc AhnLab-V3 = Adware/Win32.SuperJuan K7AntiVirus = Adware VirusBuster = Trojan.Ponmocup!ndlRMjTA1hA VBA32 = AdWare.SuperJuan.gen eTrust-Vet = Win32/Vundo.HTW!genus TrendMicro-HouseCall = TROJ_GEN.R01CDBQ Emsisoft = Win32.SuspectCrc!IK Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Ponmocup McAfee-GW-Edition = Generic PUP.z!mr DrWeb = Trojan.Juan.758 TrendMicro = TROJ_GEN.R01CDBQ Kaspersky = not-a-virus:AdWare.Win32.SuperJuan.aizd Microsoft = Trojan:Win32/Vundo.gen!CA Fortinet = W32/Ponmocup.AZ!tr PCTools = Trojan.Gen Jiangmin = Adware/SuperJuan.auo McAfee = Generic PUP.z!mr F-Secure = Gen:Variant.Barys.738 VIPRE = Trojan.Win32.Generic!BT eSafe = Win32.TRCrypt.XPACK F-Prot = W32/Agent.ON.gen!Eldorado AVG = Generic26.BOMO Norman = W32/Troj_Generic.WSLY Symantec = Trojan.Gen.2 GData = Gen:Variant.Barys.738 Commtouch = W32/Agent.ON.gen!Eldorado TheHacker = Trojan/Ponmocup.aa BitDefender = Gen:Variant.Barys.738 NOD32 = Win32/Ponmocup.AA
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 8.0 Code Size : 102400 Initialized Data Size : 57344 Uninitialized Data Size : 0 Entry Point : 0x103cd OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-04-25 02:43:58
VirusShare info last updated 2012-07-26 09:02:23

	MD5	e142deab54f42205653d2502b63842ff
	SHA1	4e8faa73263a3d2696e0aba6dfa9ea81113b149a
	SHA256	a9dfa3c9e5ca4c10d1daa4d045492b3337e48ed454bc5376bd32bb8711febda3
SSDeep	12288:ROifG+IXwZyTRfpNPJHuyoiH9cFSGELajyUTAvoLl5pz/eK:++IXwQRVHuxi+5+0HMW/eK
Size	487932 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:Pirminay-V [Trj] Antiy-AVL = Trojan/win32.agent.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.ADH Panda = Generic Trojan nProtect = Gen:Variant.Zbot.34 VirusBuster = Trojan.DL.Agent!WMlWuU/1jFA VBA32 = TrojanDownloader.Agent.pxo TrendMicro-HouseCall = TROJ_GEN.R3EC2FE Comodo = TrojWare.Win32.Trojan.Agent.Gen Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Artemis!E142DEAB54F4 DrWeb = Trojan.DownLoader3.13912 TrendMicro = TROJ_GEN.R3EC2FE Microsoft = TrojanDownloader:Win32/Ponmocup.A PCTools = Trojan.ADH McAfee = Artemis!E142DEAB54F4 F-Secure = Gen:Variant.Zbot.34 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Pirminay-V [Trj] eSafe = Win32.TRDropper AVG = Dropper.Generic3.CBTE Norman = W32/Suspicious_Gen2.MQGBC Sophos = Mal/Generic-L Symantec = Trojan.ADH GData = Gen:Variant.Zbot.34 TheHacker = Trojan/Downloader.Agent.pxo BitDefender = Gen:Variant.Zbot.34 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:11 04:04:30-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 94208 Initialized Data Size : 757760 Uninitialized Data Size : 0 Entry Point : 0x13e4b OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.0.2134.1 Product Version Number : 5.0.2134.1 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Unicode Company Name : Bsskxnsdb Wfbbjfawwlz File Description : Bus Mouse Port Driver File Version : 5.00.2134.1 Internal Name : busmouse.sys Legal Copyright : Copyright (C) Jpffrdzou Corp. 1981-1999 Original Filename : busmouse.sys Product Name : Ardtreayi(R) Kkmnqhj (R) 2000 Wdzhfrbcx Rnuspj Product Version : 5.00.2134.1
VirusTotal Report submitted 2011-07-20 20:15:39
VirusShare info last updated 2012-07-26 09:07:45

	MD5	52f80e72410491296eb655aa9cea77be
	SHA1	325a497729b45aaef239136139e84510d8e50dea
	SHA256	aaddae8da97bdd126131f8a95fe645317ea6f2c09a40aff517043e5756983550
SSDeep	6144:XcnO73krGmg4PVlM8jqxVl3Tbtgi1/AOmlV:sO73bp4PY82F3TBT/AOmD
Size	319501 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Pirminay.DK Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay Panda = Trj/CI.A Rising = Trojan.Win32.Generic.5221FE56 Emsisoft = Trojan.Win32.Pirminay!IK DrWeb = Trojan.MulDrop1.40220 Kaspersky = Trojan.Win32.Pirminay.dk Microsoft = TrojanDownloader:Win32/Ponmocup.A Sunbelt = Trojan.Win32.Generic!BT McAfee = Suspect-1B!52F80E724104 Avast5 = Win32:Malware-gen AVG = SHeur3.AOOS Norman = W32/Obfuscated.L GData = Win32:Malware-gen
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:04:13 19:16:50-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 278528 Initialized Data Size : 45056 Uninitialized Data Size : 380928 Entry Point : 0xa0f50 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2010-07-28 16:21:28
VirusShare info last updated 2012-07-26 09:08:12

	MD5	0c79bc7c5a7f0b30b26f1d64b9464f3b
	SHA1	cf8f873515e9987c223462811e490665e5cd32ad
	SHA256	b05acd7c282d34ac213aa8d3b1c87eeb026d579fc169d2e950d94bec5b32c89d
SSDeep	6144:wjdYbaWqiJkc+cDXdN6+YhSzLRs3Kvlj4M7O5vj:wWbvhp+m6nSHRs347OBj
Size	211951 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:Malware-gen Ikarus = Gen.Trojan.Heur AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/CI.A TrendMicro-HouseCall = TROJ_GEN.R01C2HO Emsisoft = Gen.Trojan.Heur!IK Comodo = TrojWare.Win32.Trojan.Agent.Gen DrWeb = Trojan.DownLoader4.48071 ByteHero = Trojan.Win32.Heur.Gen Microsoft = TrojanDownloader:Win32/Ponmocup.A Jiangmin = Trojan/Generic.kfzm F-Secure = Gen:Trojan.Heur.BDT.mq1@baoExJhi VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Malware-gen AVG = Dropper.Generic4.AGSK Norman = W32/Obfuscated.L GData = Gen:Trojan.Heur.BDT.mq1@baoExJhi BitDefender = Gen:Trojan.Heur.BDT.mq1@baoExJhi NOD32 = a variant of Win32/Injector.IVB
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 16384 Initialized Data Size : 204800 Uninitialized Data Size : 0 Entry Point : 0x128a OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.3959 Product Version Number : 5.2.3790.3959 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Thsbvetwula File Description : NetMeeting Interface Marshaling Library File Version : 5.2.3790.3959 Internal Name : confmrsl Legal Copyright : Copyright © Aozzvrygn Oouzivrnhtm 1996-2001 Legal Trademarks : Qblbnihfh® is a registered trademark of Aksckwwwy Zpjidynupdu. Fddrecf® is a registered trademark of Biberylai Clppyovqajf. Original Filename : confmrsl.dll Product Name : Jwukfbdnm® Joidcbh® Oyofvyczh Prrqqy Product Version : 3.01
VirusTotal Report submitted 2011-08-30 21:38:35
VirusShare info last updated 2012-07-26 09:11:07

	MD5	bce1192c3e3719ca1e5596b92e69fec8
	SHA1	7a4f8d463a4042bddf4ffb752ed71c2a1c116f51
	SHA256	bd7a22b122a2f3eaba46fde0defcc4f496bcef931790b5521732ef58bd53b060
SSDeep	6144:bywCrsWIYqMfaokVaRzy5Saxev4H5gR4UCmr88GZkbyWNJn:OhIdfMSokQxAEvqKu5AhYyzV
Size	314696 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Kazy.27030 Avast = Win32:Trojan-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Generic Trojan nProtect = Gen:Variant.Kazy.27030 VirusBuster = Trojan.DL.Agent!4rInx2f4Rfo SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Generic Downloader.x!fzm DrWeb = Trojan.DownLoader3.46799 Kaspersky = Trojan.Win32.Pirminay.jkx Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Pirminay.JKX!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.gkxo McAfee = Generic Downloader.x!fzm F-Secure = Trojan.Generic.6164592 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Downloader-IDN eSafe = Win32.TRKazy AVG = SHeur3.CGEY Norman = W32/Suspicious_Gen2.MZJBK Sophos = Mal/Generic-L Symantec = Trojan.Gen GData = Trojan.Generic.6164592 TheHacker = Trojan/Pirminay.jab BitDefender = Trojan.Generic.6164592 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:11:23 15:50:45-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 311296 Initialized Data Size : 4096 Uninitialized Data Size : 401408 Entry Point : 0xae920 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.0.2134.1 Product Version Number : 5.0.2134.1 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 8 Language Code : English (U.S.) Character Set : Unicode Company Name : Gagvrylqb Kgijrswgxrk File Description : Gwqvmlzda ACM Audio Filter File Version : 5.00.2134.1 Internal Name : Ujjbafrgf ACM Audio Filter Legal Copyright : Copyright (C) Mndxuteda Corp. 1981-1999 Original Filename : msfltr32.acm Product Name : Pklkhigfo(R) Wwvnjda (R) 2000 Operating Ujytgc Product Version : 5.00.2134.1
VirusTotal Report submitted 2011-07-01 00:57:52
VirusShare info last updated 2012-07-26 09:18:14

	MD5	c80efd42fa2600079f87d2b2cceba38b
	SHA1	6224cbe69b33539b5cefebf79ba394860979fa81
	SHA256	bed5184a25582d84bca4cdecfb0d445334d463c20550a1e7bb9b909ab1d61c3e
SSDeep	3072:sRJllQ0+Lma4/8jQl63x2kk4DzIqJiM+BCqJhrcoLzQxd5Rc7tJ7wotv0XQM:srFMma4/am63x2kkezItHL0A7L7wRB
Size	207257 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Jorik Ikarus = Trojan-Downloader.Win32.Ponmocup AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/CI.A nProtect = Gen:Variant.Graftor.1139 VirusBuster = Trojan.Injector!oYqzTkRGDHw VBA32 = Trojan.Jorik.Pirminay.agx TrendMicro-HouseCall = TROJ_GEN.R4FC8J5 Emsisoft = Trojan-Downloader.Win32.Ponmocup!IK ByteHero = Trojan.Win32.Heur.Gen TrendMicro = TROJ_GEN.R4FC8J5 Kaspersky = Trojan.Win32.Jorik.Pirminay.atn Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Malware_fam.NB PCTools = Trojan.ADH Jiangmin = Trojan/Generic.kfzm McAfee = Generic Malware.ms F-Secure = Trojan.Generic.6471002 VIPRE = Trojan.Win32.Generic!BT AVG = Dropper.Generic4.AGCC Norman = W32/Suspicious_Gen2.RONWV Sophos = Troj/Virtum-Gen GData = Trojan.Generic.6471002 Symantec = Trojan.ADH TheHacker = Trojan/Injector.ivb BitDefender = Trojan.Generic.6471002 NOD32 = a variant of Win32/Kryptik.UFA
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 16384 Initialized Data Size : 200704 Uninitialized Data Size : 0 Entry Point : 0x128a OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.0 Product Version Number : 5.2.3790.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 2 Language Code : Neutral Character Set : Unicode Company Name : Ybbilpirn Nffnjwnvion File Description : Greek IBM 220 Keyboard Layout File Version : 5.2.3790.0 (srv03_rtm.030324-2048) Internal Name : kbdhe220 (3.12) Legal Copyright : © Cfaqrdcll Xtfahgmpgno. All rights reserved. Original Filename : kbdhe220.dll Product Name : Wjkjumarx® Dmyhfkv® Uxgdmjzwa Tesldj Product Version : 5.2.3790.0
VirusTotal Report submitted 2011-11-12 05:34:16
VirusShare info last updated 2012-07-26 09:18:48

	MD5	75c23849510e24db3244c941f671fb0b
	SHA1	e92df13de670ccd67cac35484fdc19d62096a04e
	SHA256	bf7b6f31247f832d486b799f17937dbca291eb6a539d4230f7359daa749e447e
SSDeep	6144:egFvrMa2BWJYHI4irL8jX/GNuzHd5Z5anG47QI4SnYP4XuDiJuN2ZDch98myhn1N:5FvriBkYOOX/G+KG4M8nrup2Z+98mcme
Size	381333 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Spy.ZBot.34 Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Fakeav.381333 Panda = Generic Trojan nProtect = Gen:Variant.Zbot.34 K7AntiVirus = Trojan VirusBuster = Trojan.Kryptik!bS6ENtiunCM VBA32 = Trojan.Pirminay.exa TrendMicro-HouseCall = TROJ_GEN.R3EC2DE Emsisoft = Trojan.Win32.Pirminay!IK Comodo = TrojWare.Win32.Trojan.Agent.Gen CAT-QuickHeal = Trojan.Pirminay.exa McAfee-GW-Edition = Artemis!75C23849510E DrWeb = Trojan.Hosts.4391 TrendMicro = TROJ_GEN.R3EC2DE Kaspersky = Trojan.Win32.Pirminay.exa Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = PossibleThreat PCTools = Trojan-PSW.Banker McAfee = Artemis!75C23849510E F-Secure = Gen:Variant.Zbot.34 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Malware-gen eSafe = Win32.GenVariant.Zbo AVG = Generic22.HX Sophos = Mal/Generic-L Symantec = Infostealer.Banker.C GData = Gen:Variant.Zbot.34 TheHacker = Trojan/Pirminay.exa BitDefender = Gen:Variant.Zbot.34 NOD32 = a variant of Win32/Kryptik.LNR
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2007:02:18 01:43:19-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 339968 Initialized Data Size : 344064 Uninitialized Data Size : 0 Entry Point : 0x506b2 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.0.3000.11 Product Version Number : 5.0.3000.11 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 1 Language Code : Czech Character Set : Unicode Company Name : Brother Industries, Ltd. File Description : brclr0ui.dll File Version : 5.0.3000.11 (vbl_wcp_d2_drivers.060616-1619) Internal Name : brclr0ui.dll Legal Copyright : Copyright © Brother Industries, Ltd. 2002 Original Filename : brclr0ui.dll Product Name : Operacni system Jkhsxjnpm® Qnzlvhf® Product Version : 5.0.3000.11
VirusTotal Report submitted 2011-07-20 11:34:51
VirusShare info last updated 2012-07-26 09:19:09

	MD5	5d88adf13c12fae98776817b039ce8c2
	SHA1	ec84e316dd6fa7924a31e59e8fd802184dc0b5cf
	SHA256	ccd85f28c4caa6bf40e95e8ce313f99328addd53d1b516b84a0f51f31c4073a5
SSDeep	6144:kXXM0vN4Sj2jsHdD0qn+kgY4xUDdLuwJPzs30N9UJZDc64O8hIpaWwtbBlO4grcn:CISHGejDxJPzkgGJZDchOT1WarE
Size	434577 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Spy.ZBot.34.33 Avast = Win32:Pirminay-V [Trj] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Pirminay.434577 Panda = Trj/CI.A nProtect = Gen:Variant.Zbot.34 VirusBuster = Trojan.Kryptik!J/hNUFicRhk Comodo = TrojWare.Win32.Kryptik.NHM Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[RE] McAfee-GW-Edition = Heuristic.BehavesLike.Win32.Downloader.H Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = PossibleThreat Jiangmin = Trojan/Generic.fhom F-Secure = Gen:Variant.Zbot.34 VIPRE = Trojan.Win32.Generic!SB.0 Avast5 = Win32:Pirminay-V [Trj] AVG = SHeur3.BYHL Norman = W32/Obfuscated.L Sophos = Mal/Generic-L GData = Gen:Variant.Zbot.34 TheHacker = Trojan/Kryptik.nhm BitDefender = Gen:Variant.Zbot.34 NOD32 = a variant of Win32/Kryptik.NHM
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:20 15:12:15-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 413696 Initialized Data Size : 356352 Uninitialized Data Size : 0 Entry Point : 0x65c9c OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Ddrswdyit Jztrfwchxgo File Description : DHCP Client Service File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : dhcpcsvc.dll Legal Copyright : © Gglqpmdrt Qmtqbeilwoi. All rights reserved. Original Filename : dhcpcsvc.dll Product Name : Lvvivotwg® Dmeiktz® Aukpzsdct Ivhogt Product Version : 6.1.7600.16385
VirusTotal Report submitted 2011-07-16 15:34:47
VirusShare info last updated 2012-07-26 09:26:38

	MD5	7aedb022566179390e47eacdf9aad088
	SHA1	7e9a17f6763bb8d2d196b59ba8dc714ac216a4c5
	SHA256	cef21e4278efe28dda8422bcb839efe748cea17c9952f130beff563c1926d297
SSDeep	1536:wb96RS1+NJ2rz5WBB0Zb9inyKru2BKZug8LiydrVSl2m36fMHPYotksCmU0beEed:AsRg+2g8ifHLiIUl2NgPYotksDUvQaF
Size	142336 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Graftor.9464.7 Avast = Win32:Diller-DK [Trj] Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Win32.Diller AhnLab-V3 = Trojan/Win32.Genome Panda = Suspicious file K7AntiVirus = Riskware VirusBuster = Trojan.Ponmocup!BikJuCf8D1o VBA32 = Trojan.Genome.abjsf TrendMicro-HouseCall = TROJ_GEN.R3EC9BA Comodo = UnclassifiedMalware Emsisoft = Win32.Diller!IK SUPERAntiSpyware = Trojan.Agent/Gen-Graftor McAfee-GW-Edition = Generic.dx!bcls TrendMicro = TROJ_GEN.R3EC9BA Kaspersky = Trojan.Win32.Genome.aenjh Fortinet = Dx.BCLS!tr McAfee = Generic.dx!bcls F-Secure = Gen:Variant.Barys.407 VIPRE = Trojan.Win32.Generic!BT AVG = Generic26.AHMK Norman = W32/Kryptik.AIF GData = Gen:Variant.Barys.407 Symantec = Trojan.Gen TheHacker = Trojan/Genome.abkhr BitDefender = Gen:Variant.Barys.407 NOD32 = Win32/Ponmocup.AM
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2011:12:06 19:00:00-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 94208 Initialized Data Size : 57344 Uninitialized Data Size : 0 Entry Point : 0x6e21 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-05-02 01:45:49
VirusShare info last updated 2012-07-26 09:27:49

	MD5	3febedd5f03fe74c846242999d84f352
	SHA1	7e9b645b623674e9c2b8b074658111478db22fcd
	SHA256	dc3e122736c216f93c834e05dc16f5dc26e9e07f7eea1ae6f3280c1521d264da
SSDeep	6144:pzhU+v8NFYQP1QNWfbqePv66Bbk5vcBixDukEv2mfr/S4FMsRs1JZW:pzhFv8HT1r1v6U38Du1uS/S4Csgm
Size	352723 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.XPACK.Gen2 Avast = Win32:Vundo-JU [Trj] Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Hupigon.352723 Panda = Trj/CI.A Rising = Trojan.Win32.Generic.128E2211 nProtect = Trojan/W32.Agent.352723.B K7AntiVirus = Riskware VirusBuster = Trojan.Agent!vNgbN1wwQS4 VBA32 = Trojan.Pirminay.gcb TrendMicro-HouseCall = TROJ_GEN.R3EC2E7 Comodo = TrojWare.Win32.Trojan.Agent.Gen Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.DownLoader5.42813 TrendMicro = TROJ_GEN.R3EC2E7 Kaspersky = Trojan.Win32.Pirminay.gcb Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.ADH Jiangmin = Trojan/Pirminay.uh McAfee = Generic Malware.ms F-Secure = Trojan.Generic.5833030 VIPRE = Trojan.Win32.Generic!BT eSafe = Win32.TRCrypt.XPACK AVG = SHeur3.BVPY Norman = W32/Kryptik.AIF Sophos = Mal/Ponmocup-A GData = Trojan.Generic.5833030 Symantec = Trojan.ADH TheHacker = Trojan/Pirminay.fwf BitDefender = Trojan.Generic.5833030 NOD32 = a variant of Win32/Kryptik.NDZ
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:08:07 12:16:07-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 32768 Initialized Data Size : 614400 Uninitialized Data Size : 0 Entry Point : 0x58ee OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : Neutral Character Set : Unicode Company Name : Uslwdwuev Hwqoxfsmcvf File Description : PCI IDE Bus Driver Extension File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : pciidex.sys Legal Copyright : © Msnakbqky Pxiuvqomqxw. All rights reserved. Original Filename : pciidex.sys Product Name : Ssruqjyae® Lgjftin® Okoktenls Qfrnpr Product Version : 6.1.7600.16385
VirusTotal Report submitted 2012-02-23 18:37:34
VirusShare info last updated 2012-07-26 09:35:07

	MD5	d893ba7706ea63e6e9bc27f3a236bed8
	SHA1	6e269cb7530f9a660b3c303333f6b5c503bfa553
	SHA256	eac241eaba7463a657277595c90b87216d6dbe201170bfecef1edb581b9e7482
SSDeep	3072:WrAdPBoUyxX0+AR7092SSh3fxEfYGEMiME9gHA5VZR8FPFeOLiaI0lttGIZjOqHc:JjyVdARQjSdfZaiv9HVcFbtjOqR71gF
Size	312369 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Pirminay.bks Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Swisyn.312369 Panda = Suspicious file nProtect = Gen:Variant.Buzy.550 VBA32 = SScope.Trojan.Pirminay.chc TrendMicro-HouseCall = TROJ_GEN.R28C2BE TrendMicro = TROJ_GEN.R28C2BE Kaspersky = Trojan.Win32.Pirminay.djp Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = PossibleThreat PCTools = HeurEngine.MaliciousPacker Jiangmin = Trojan/Pirminay.hc VIPRE = Trojan.Win32.Generic!BT Prevx = Medium Risk Malware Avast5 = Win32:Malware-gen AVG = Generic20.BGDN Norman = W32/Obfuscated.L Symantec = Packed.Generic.305 GData = Backdoor.Generic.552986 TheHacker = Trojan/Downloader.Agent.pxo BitDefender = Backdoor.Generic.552986 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:11:10 10:19:14-05:00 PE Type : PE32 Linker Version : 5.12 Code Size : 24576 Initialized Data Size : 564736 Uninitialized Data Size : 0 Entry Point : 0x6b12 OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.4.3790.0 Product Version Number : 6.4.3790.0 File Flags Mask : 0x30003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Windows, Latin1 Company Name : Microsoft Corporation File Description : DirectShow Runtime. File Version : 6.04.3790.0 Internal Name : QCap.dll Legal Copyright : Copyright (C) 1992-2001 Microsoft Corp. Original Filename : QCap.dll Product Name : DirectShow Product Version : 6.04.3790.0 Direct Show : Core OLE Self Register : DXM20
VirusTotal Report submitted 2011-03-17 00:35:38
VirusShare info last updated 2012-07-26 09:42:33

	MD5	4e8d0d027f377286bb3405be1749073d
	SHA1	a9725971e4a2d73304bbf591716d6638fe31f06f
	SHA256	ec7ed7aaa6374e90e7ef816351d6394ea8f19a964c396b6378ca029d48857824
SSDeep	6144:WC1iaLZTc3ttvMc1C/FSbB1ampKSbPyfbxjid:WC15ql1C/FS/ppHbP2bx+d
Size	220217 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:Trojan-gen Ikarus = Trojan-Downloader.Win32.Ponmocup AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/CI.A TrendMicro-HouseCall = TROJ_GEN.R3EC2HR Emsisoft = Trojan-Downloader.Win32.Ponmocup!IK Comodo = TrojWare.Win32.Trojan.Agent.Gen McAfee-GW-Edition = Generic.evx!r DrWeb = Trojan.DownLoader4.48633 Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Evx.R!tr Jiangmin = Trojan/Generic.kfzm McAfee = Generic.evx!r VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Trojan-gen AVG = Dropper.Generic4.AGTC Norman = W32/Obfuscated.L GData = Win32:Trojan-gen NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 16384 Initialized Data Size : 208896 Uninitialized Data Size : 0 Entry Point : 0x12b2 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.0.0.3422 Product Version Number : 2.0.0.3422 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : Arabic Character Set : Unicode Comments : Company Name : Wjkmhcrli Smzkytjdmob File Description : Rlalnaciy Agent International Dll File Version : 2.00.0.3422 Internal Name : agt0401 Legal Copyright : Copyright (C) Microsoft Corp. 1998 Legal Trademarks : Original Filename : agt0401.dll Private Build : Product Name : Ugwfssxnv Agent International Dll Product Version : 2.00.0.3422 Special Build :
VirusTotal Report submitted 2011-08-31 23:50:37
VirusShare info last updated 2012-07-26 09:43:29

	MD5	2ae7768c93f537e6f6842cf837c885b7
	SHA1	dfecdcc69d86cbf5372240095ea187b5db521dfa
	SHA256	ff8fa1ba963008d87ef328ff2936fc457588365c90d90bc7b733e074d8b7fac0
SSDeep	12288:cYpP1o+I4kQIWEX1X+JczFygeSIkj85aES7aSlf+lCEn:BPq+zkDWvJEFTIkj85aES7/Glvn
Size	515102 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.XPACK.Gen Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Jorik.gen Ikarus = Trojan.Win32.Pirminay Panda = Suspicious file Rising = Trojan.Win32.Generic.1289B631 nProtect = Trojan.Generic.6246542 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!CnG7kPpyogs TrendMicro-HouseCall = TROJ_GEN.R72C2GH Comodo = TrojWare.Win32.Trojan.Agent.Gen Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[Cont] McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.Virtumod.10510 TrendMicro = TROJ_GEN.R72C2GH Kaspersky = Trojan.Win32.Jorik.Pirminay.pd Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Ponmocup.A PCTools = Trojan.Gen Jiangmin = Trojan/Generic.hrfr McAfee = Generic Malware.ms F-Secure = Trojan.Generic.6246542 VIPRE = Trojan.Win32.Generic!BT AVG = Generic23.AYFW Norman = W32/Kryptik.AIF Sophos = Mal/Ponmocup-A GData = Trojan.Generic.6246542 Symantec = Trojan.Gen TheHacker = Trojan/Kryptik.llt BitDefender = Trojan.Generic.6246542 NOD32 = a variant of Win32/Kryptik.LLT
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:06:19 03:19:42-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 491520 Initialized Data Size : 28672 Uninitialized Data Size : 585728 Entry Point : 0x106ee0 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Ptyzsuwud Ksiknauxiqf File Description : Run a DLL as an App File Version : 5.1.2600.0 (roumnrxn.010817-1148) Internal Name : rundll Legal Copyright : © Ifmpejuyw Kggvfyrtmut. All rights reserved. Original Filename : RUNDLL.EXE Product Name : Ryyxoyfog® Gkzppqa® Cgehoujor Tjjruj Product Version : 5.1.2600.0
VirusTotal Report submitted 2012-02-25 20:35:35
VirusShare info last updated 2012-07-26 09:52:51

	MD5	6a6d9cf4b5bb9813fb64e3fd432bba10
	SHA1	8c49e6e26d16a95e0e718a2a899ff249d9501a1b
	SHA256	0819dfd40405276684a2dacf989e31bad6cf541a1705c7481a2c73453b4ab7b8
SSDeep	3072:gFu3ZlV5UQSvFwftUbJZ0Hf0MShCZaODDA:gFu3Zl7U5vFItk0cXMa
Size	118784 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Ponmocup.A Avast = Win32:Diller-A [Trj] Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Win32.Diller Panda = Trj/Agent.LCX nProtect = Trojan.Generic.7394403 K7AntiVirus = Riskware VirusBuster = Trojan.Genome!B6+gYXHa548 Comodo = UnclassifiedMalware Emsisoft = Win32.Diller!IK McAfee-GW-Edition = Vundo.gen.ft Kaspersky = Trojan.Win32.Genome.afbpz Fortinet = W32/Ponmocup.CG!tr McAfee = Vundo.gen.ft F-Secure = Trojan.Generic.7394403 AVG = Downloader.Agent2.AZHR Norman = W32/Suspicious_Gen5.DPCZ Sophos = Troj/Ponmocup-I GData = Trojan.Generic.7394403 BitDefender = Trojan.Generic.7394403 NOD32 = Win32/Ponmocup.AA
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2012:01:14 19:00:00-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 57344 Initialized Data Size : 57344 Uninitialized Data Size : 0 Entry Point : 0x4f7b OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-06-19 18:16:16
VirusShare info last updated 2012-07-26 09:55:39

	MD5	8d4846958b7fb0a2098150639675d399
	SHA1	752360af94c9d8365ca6f08b31de636fd81aa4d8
	SHA256	185bff7792289984f27668880c2a0e370c1f9835da1064593fbd8a9198637037
SSDeep	6144:z6ABWw6K4bAqR9qun8w/LJTq32o/4GgLF03:z6eJ4bAqrvnxdO32s1qW
Size	275989 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dldr.Ponmocup.A.17 Avast = Win32:Malware-gen Ikarus = Trojan-Downloader.Win32.Ponmocup AhnLab-V3 = Trojan/Win32.Pirminay Rising = Trojan.Win32.QHost.awg nProtect = Trojan.Generic.3883591 K7AntiVirus = Riskware VBA32 = Trojan-Downloader.Win32.Agent.dqpy TrendMicro-HouseCall = GRAY_Gen.CX46U3I Emsisoft = Trojan-Downloader.Win32.Ponmocup!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Win32.TrojanDownloader.Renos.KC.4 McAfee-GW-Edition = Generic Downloader.x!ebz TrendMicro = TROJ_GEN.R3BC2A9 Kaspersky = Trojan.Win32.Pirminay.zy Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Kryptik.ANL!tr PCTools = Downloader.Generic Jiangmin = TrojanDownloader.Ponmocup.a McAfee = Generic Downloader.x!ebz F-Secure = Trojan.Generic.3883591 VIPRE = Packed.Win32.Pirminay.a (v) F-Prot = W32/FakeAlert.LP.gen!Eldorado AVG = SHeur3.VXL Norman = W32/Kryptik.AIF GData = Trojan.Generic.3883591 Symantec = Downloader Commtouch = W32/FakeAlert.LP.gen!Eldorado TheHacker = Trojan/Agent.rdg BitDefender = Trojan.Generic.3883591 NOD32 = a variant of Win32/Agent.RDG
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:04:02 11:27:15-05:00 PE Type : PE32 Linker Version : 4.20 Code Size : 37888 Initialized Data Size : 465920 Uninitialized Data Size : 0 Entry Point : 0xa0a8 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6002.18005 Product Version Number : 6.0.6002.18005 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 6 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Remote NDIS Miniport File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830) Internal Name : RNDISMP.SYS Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : RNDISMP.SYS Product Name : Microsoft® Windows® Operating System Product Version : 6.0.6002.18005
VirusTotal Report submitted 2012-06-19 22:25:16
VirusShare info last updated 2012-07-26 10:00:51

	MD5	c7ad51732aa729f32695bd0f40ae15de
	SHA1	c470728b425f69c19bf862f22d890ff72dd6ed3b
	SHA256	4e2acffae00d151d91fdcca93487fd7408c5f4ab92eceabe46b8490c2a92ec82
SSDeep	6144:DPqo97zVRqsZnoaZP+MS9dCOPr1ZVZWoqkqX8gmefozdAxY:DP99NRqOoaZ2H3dPpZHZqX8KAmxY
Size	229270 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.ZPACK.Gen Avast = Win32:Downloader-JIF [Trj] Ikarus = Trojan.Win32.Jorik AhnLab-V3 = Trojan/Win32.Jorik Panda = Trj/Genetic.gen K7AntiVirus = Riskware VirusBuster = Trojan.Injector!rVLSmH1rlY8 VBA32 = TrojanDownloader.Qhost.jw TrendMicro-HouseCall = TROJ_RENOS.BMC Emsisoft = Trojan.Win32.Jorik!IK Comodo = TrojWare.Win32.Trojan.Agent.Gen CAT-QuickHeal = Trojan.Jorik.Pirminay.wx McAfee-GW-Edition = Generic Malware.ms TrendMicro = TROJ_RENOS.BMC Kaspersky = Trojan.Win32.Jorik.Pirminay.wx Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Jorik.K!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.hxys McAfee = Generic Malware.ms F-Secure = Trojan.Generic.6638696 VIPRE = Trojan.Win32.Generic!BT AVG = Dropper.Generic4.SBY Norman = W32/Obfuscated.L Sophos = Troj/Virtum-Gen Symantec = Trojan.Gen GData = Trojan.Generic.6638696 TheHacker = Trojan/Jorik.Pirminay.lh BitDefender = Trojan.Generic.6638696 NOD32 = a variant of Win32/Injector.HZU
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 221184 Initialized Data Size : 8192 Uninitialized Data Size : 32768 Entry Point : 0x3ea90 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Atdrtupku Cykchlnuhhu File Description : SCardDlg - Smart Card Common Dialog File Version : 5.1.2600.0 (lzxetkox.010817-1148) Internal Name : SCardDlg.dll Legal Copyright : © Xdvkdwplm Lthztkvuilh. All rights reserved. Original Filename : SCardDlg.dll Product Name : Cpscxhoyh® Uqltgvo® Tncqthbhx Jrypnh Product Version : 5.1.2600.0
VirusTotal Report submitted 2012-06-20 09:48:59
VirusShare info last updated 2012-07-26 10:17:55

	MD5	85ca5fcda1b99ca60c88103c2825769e
	SHA1	9124c5db2289fae03eb16f77fd74ceba710e8ddf
	SHA256	513d230cc73948a226e2d18132978fc71191807d951ee5076ec41e6abee27d17
SSDeep	6144:5/qcaa+E1TpJ2sOsTA3GpvcDZ4aUw12dY7dyCuz6NzbeqS:5icaaH2saEvc/QS7YF7qS
Size	293427 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dldr.Ponmocup.A.112 Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Dropper/Malware.293427 Panda = Trj/CI.A nProtect = Trojan.Generic.4974244 K7AntiVirus = Trojan VirusBuster = Trojan.Kryptik!2N4FThiFOX0 TrendMicro-HouseCall = TROJ_GEN.R11C2K9 Emsisoft = Trojan.Win32.Pirminay!IK Comodo = TrojWare.Win32.Trojan.Agent.Gen McAfee-GW-Edition = Generic Downloader.x!enh DrWeb = Trojan.WinSpy.945 TrendMicro = TROJ_GEN.R11C2K9 Kaspersky = Trojan.Win32.Pirminay.asb Microsoft = TrojanDownloader:Win32/Renos.KC Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen TotalDefense = Win32/Swisyn.ES Jiangmin = Trojan/Pirminay.fm McAfee = Generic Downloader.x!enh F-Secure = Trojan.Generic.4974244 VIPRE = Trojan.Win32.Generic!BT F-Prot = W32/MalwareF.RXTH AVG = Generic19.BHNE Norman = W32/Obfuscated.L GData = Trojan.Generic.4974244 Symantec = Trojan.Gen Commtouch = W32/MalwareF.RXTH TheHacker = Trojan/Pirminay.ase BitDefender = Trojan.Generic.4974244 NOD32 = a variant of Win32/Kryptik.HJZ
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:11:13 11:27:00-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 66560 Initialized Data Size : 445440 Uninitialized Data Size : 0 Entry Point : 0x11240 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 0.3.1536.0 Product Version Number : 1.0.2.82 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 1 Language Code : English (U.S.) Character Set : Unicode Company Name : CANON INC. File Description : Canon Inkjet Printer Driver File Version : 1.00.2.82 (vbl_wcp_d2_drivers.060831-0027) Internal Name : CNBO172.DLL Legal Copyright : Copyright CANON INC. 2006 All Rights Reserved Original Filename : CNBO172.DLL Product Name : Canon Inkjet Printer Driver Product Version : 1.00.2.82
VirusTotal Report submitted 2012-06-20 10:24:46
VirusShare info last updated 2012-07-26 10:18:47

	MD5	15d37286372ed0d2698619dae27d90e8
	SHA1	20d8565048c2799668f374d7ed41e5ba0b8d2c5a
	SHA256	5b8ad62b2f516f0e4cbc05aea55bc9c493b6bd5574adc1a29a231723c82779a2
SSDeep	3072:kR0l+1rYOHnhK66FyJSEMjvyR47jpqpQ4iR6Cprti8M0VCU0ArBYXZ14qFUJbmZm:k0NFUSHv/NjMgr1+wrBvqFUxmw
Size	211987 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Jorik Ikarus = Trojan-Downloader.Win32.Ponmocup AhnLab-V3 = Trojan/Win32.Pirminay Panda = Suspicious file nProtect = Trojan.Generic.6467575 K7AntiVirus = Trojan VirusBuster = Trojan.Injector!CEeHGBzq2ZE TrendMicro-HouseCall = TROJ_GEN.R28C2IL Emsisoft = Trojan-Downloader.Win32.Ponmocup!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Jorik.Pirminay.afc McAfee-GW-Edition = Heuristic.LooksLike.Win32.Suspicious.B DrWeb = Trojan.DownLoader4.48593 TrendMicro = TROJ_GEN.R28C2IL Kaspersky = Trojan.Win32.Jorik.Pirminay.afc Microsoft = Trojan:Win32/Vundo.gen!CD Fortinet = W32/Malware_fam.NB PCTools = Trojan.Gen Jiangmin = Trojan/Generic.kfqc McAfee = Artemis!15D37286372E F-Secure = Trojan.Generic.6467575 VIPRE = Trojan.Win32.Generic!BT AVG = Dropper.Generic4.AHWL Norman = W32/Suspicious_Gen2.RFDLI Sophos = Mal/Generic-L GData = Trojan.Generic.6467575 Symantec = Trojan.Gen TheHacker = Trojan/Injector.ivb BitDefender = Trojan.Generic.6467575 NOD32 = a variant of Win32/Kryptik.UFA
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 16384 Initialized Data Size : 204800 Uninitialized Data Size : 0 Entry Point : 0x1282 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 8.0.50727.1434 Product Version Number : 8.0.50727.1434 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : Neutral Character Set : Unicode Comments : Zlfdezknh.Vsa.Vb.CodeDOMProcessor.dll Company Name : Hkasntxbi Koucnnwkecu File Description : Vaqpopqvq.Vsa.Vb.CodeDOMProcessor.dll File Version : 8.0.50727.1434 Internal Name : Zxoxrkozp.Vsa.Vb.CodeDOMProcessor.dll Legal Copyright : © Vbzbatuuu Corporation. All rights reserved. Original Filename : Pgczwsegj.Vsa.Vb.CodeDOMProcessor.dll Product Name : Xjpsifdqc (R) Visual Studio (R) 2005 Product Version : 8.0.50727.1434 Assembly Version : 8.0.0.0
VirusTotal Report submitted 2012-06-20 12:24:39
VirusShare info last updated 2012-07-26 10:22:40

	MD5	bdd21c6672f710db1947ee2f63c607a7
	SHA1	4232a240e15d92645a25856150d56a3cbebf81c9
	SHA256	670a70908032f769cd792de3e7c9d5824f492da790f3409942585c19996e03ff
SSDeep	6144:CeOgy6gu/Trk1h6/eUA9bNuok5HlYVMOW1FtAv0y8B:CePylu/Uh6/iV0/YhW1FtAvP8
Size	304128 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.XPACK.Gen2 Avast = Win32:Pirminay-Y [Trj] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/CI.A nProtect = Trojan/W32.Agent.304128.BQ K7AntiVirus = Trojan VirusBuster = Trojan.Pirminay!tWovJiUqws0 TrendMicro-HouseCall = TROJ_GEN.R3EC3G1 Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Artemis!BDD21C6672F7 DrWeb = Trojan.DownLoader3.49233 TrendMicro = TROJ_GEN.R3EC3G1 Kaspersky = Trojan.Win32.Pirminay.jlj Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Kryptik.ANL!tr PCTools = Downloader.Generic McAfee = Artemis!BDD21C6672F7 F-Secure = Trojan.Generic.KDV.268038 VIPRE = Trojan.Win32.Generic!BT AVG = Generic23.AAMD Norman = W32/Obfuscated.L GData = Trojan.Generic.KDV.268038 Symantec = Downloader TheHacker = Trojan/Dropper.gen BitDefender = Trojan.Generic.KDV.268038 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2007:02:09 18:28:41-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 303104 Initialized Data Size : 4096 Uninitialized Data Size : 376832 Entry Point : 0xa6350 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1.5.0.50 Product Version Number : 1.5.0.50 File Flags Mask : 0x30003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Windows, Latin1 Company Name : Fraunhofer Institut Integrierte Schaltungen IIS File Description : MPEG Layer-3 Audio Decoder File Version : 1, 5, 0, 50 Internal Name : L3CODECX.AX Legal Copyright : Copyright (C) 1997 Fraunhofer IIS Original Filename : L3CODECX.AX Product Name : MPEG Layer-3 Audio Codec for Vompaoyux DirectShow Product Version : 1, 5, 0, 50 Active Movie : Filter dll OLE Self Register : AM20
VirusTotal Report submitted 2012-06-20 14:41:16
VirusShare info last updated 2012-07-26 10:25:45

	MD5	687c4e4a960b71444e80677eaa355f1d
	SHA1	c36d862120d3b1fb76b8853f4792d4dedaa7e07d
	SHA256	773aecde6f927b32124dbdfcd5b17dea541c5e517c6f061a8e712db9dbf4d4f1
SSDeep	6144:pxNEPtda4WDYyC5mRpMXin20SACqWJBXp81BRr:y3yCYRd20SXfXSZ
Size	316845 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Pirminay.bcs Avast = Win32:Malware-gen Ikarus = Trojan-Downloader.Win32.Ponmocup Panda = Suspicious file nProtect = Backdoor.Generic.327931 K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_FAM_0001afb.TOMA Comodo = TrojWare.Win32.Trojan.Agent.Gen Emsisoft = Trojan-Downloader.Win32.Ponmocup!IK McAfee-GW-Edition = Artemis!687C4E4A960B TrendMicro = TROJ_FAM_0001afb.TOMA Kaspersky = Trojan.Win32.Pirminay.xp Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Kryptik.ANL!tr PCTools = HeurEngine.MaliciousPacker Jiangmin = Trojan/Agent.dtms McAfee = Artemis!687C4E4A960B F-Secure = Backdoor.Generic.327931 VIPRE = Packed.Win32.Pirminay.a (v) F-Prot = W32/FakeAlert.LP.gen!Eldorado AVG = Crypt.UMK Norman = W32/Suspicious_Gen2.BBWBW Sophos = Mal/Generic-E GData = Backdoor.Generic.327931 Symantec = Packed.Generic.305 Commtouch = W32/FakeAlert.LP.gen!Eldorado TheHacker = Trojan/Agent.rdg BitDefender = Backdoor.Generic.327931 NOD32 = Win32/TrojanDownloader.Agent.PXG
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2005:03:04 15:54:20-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 15360 Initialized Data Size : 595456 Uninitialized Data Size : 0 Entry Point : 0x48f8 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 4 Language Code : Neutral Character Set : Unicode Company Name : Microsoft Corporation File Description : ModeX Display Driver File Version : 5.1.2600.0 (XPClient.010817-1148) Internal Name : modex.dll Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : modex.dll Product Name : Microsoft® Windows® Operating System Product Version : 5.1.2600.0
VirusTotal Report submitted 2012-06-20 17:51:19
VirusShare info last updated 2012-07-26 10:30:07

	MD5	35b2a78618acefcdd872cc2b6ad1fe2d
	SHA1	ca5b4fb4cd2864d26fe56d95fda894da8e111b20
	SHA256	9ba49e06a502c2982bdf378eb559e1ebd2ebe5700097ad8deddbc82630b795ab
SSDeep	6144:DZPQ1i+kW3bF7P2XfYXbhnan3LikwheEYuYUg:5Q1SW3wXA9an3LipheEYuYv
Size	232448 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:Pirminay-CY [Trj] Ikarus = Trojan.Win32.Jorik AhnLab-V3 = Trojan/Win32.Jorik Panda = Suspicious file nProtect = Trojan.Generic.6547110 K7AntiVirus = Riskware VirusBuster = Trojan.Injector!eYGWZhNT3CI VBA32 = TrojanDownloader.CodecPack.sjt TrendMicro-HouseCall = TROJ_GEN.R11C2HK Comodo = TrojWare.Win32.Trojan.Agent.Gen Emsisoft = Trojan.Win32.Jorik!IK CAT-QuickHeal = Trojan.Jorik.Pirminay.aam McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.WinSpy.1014 TrendMicro = TROJ_GEN.R11C2HK Kaspersky = Trojan.Win32.Jorik.Pirminay.aam Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Jorik.K!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.hxys McAfee = Generic Malware.ms F-Secure = Trojan.Generic.6547110 VIPRE = Trojan.Win32.Generic!BT AVG = Dropper.Generic4.URO Norman = W32/Obfuscated.L GData = Trojan.Generic.6547110 Symantec = Trojan.Gen BitDefender = Trojan.Generic.6547110 NOD32 = a variant of Win32/Injector.HZU
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 229376 Initialized Data Size : 4096 Uninitialized Data Size : 40960 Entry Point : 0x42700 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.1106 Product Version Number : 5.1.2600.1106 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Uhaaruimv Corporation File Description : Schedule Tasks File Version : 5.1.2600.1106 (xpsp1.020828-1920) Internal Name : SchTasks.exe Legal Copyright : © Hvszzqzko Ayjiatrrgab. All rights reserved. Original Filename : ScTasks.exe Product Name : Sppufspos® Jucjimo® Lzfcssxbv Belchn Product Version : 5.1.2600.1106
VirusTotal Report submitted 2012-06-21 01:46:58
VirusShare info last updated 2012-07-26 10:38:13

	MD5	156733be21efac4777082c9c2caf51cd
	SHA1	cd396721463e45b248875a268684a3014429b75a
	SHA256	a6e65e612a17738a29d15e9140872be17526bc934b04d02851e038d229c1515c
SSDeep	6144:pxNEPtda4WDYyC5mRpMXin20SACqWJBXp81BR2:y3yCYRd20SXfXSI
Size	316830 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Pirminay.bcs Avast = Win32:Malware-gen Ikarus = Trojan-Downloader.Win32.Ponmocup Panda = Suspicious file nProtect = Backdoor.Generic.327931 K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_FAM_0001afb.TOMA Emsisoft = Trojan-Downloader.Win32.Ponmocup!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Artemis!156733BE21EF DrWeb = Trojan.DownLoader6.20605 TrendMicro = TROJ_FAM_0001afb.TOMA Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Kryptik.ANL!tr PCTools = HeurEngine.MaliciousPacker Jiangmin = Trojan/Agent.dtms McAfee = Artemis!156733BE21EF F-Secure = Backdoor.Generic.327931 VIPRE = Packed.Win32.Pirminay.a (v) F-Prot = W32/FakeAlert.LP.gen!Eldorado AVG = Crypt.UMK Norman = W32/Suspicious_Gen2.BBWBW Sophos = Mal/Generic-L Symantec = Packed.Generic.305 GData = Backdoor.Generic.327931 Commtouch = W32/FakeAlert.LP.gen!Eldorado TheHacker = Trojan/Agent.rdg BitDefender = Backdoor.Generic.327931 NOD32 = Win32/TrojanDownloader.Agent.PXG
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2005:03:04 15:54:20-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 15360 Initialized Data Size : 595456 Uninitialized Data Size : 0 Entry Point : 0x48f8 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 4 Language Code : Neutral Character Set : Unicode Company Name : Microsoft Corporation File Description : ModeX Display Driver File Version : 5.1.2600.0 (XPClient.010817-1148) Internal Name : modex.dll Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : modex.dll Product Name : Microsoft® Windows® Operating System Product Version : 5.1.2600.0
VirusTotal Report submitted 2012-06-21 04:07:18
VirusShare info last updated 2012-07-26 10:39:15

	MD5	206c4d73765b0e83e0b4da28e24c8433
	SHA1	7697b208b5ae7e948955ab46302a247d8c5f6803
	SHA256	ade0c7916f3f1c29456ad0ee3d2c0627b1d0c2b71dbdc0f61246eebe9c80404b
SSDeep	1536:qPQdY/Vgs4zkLxzTLjDrYdgkl41n1dWDbYz1iAkzADn12t:2TgRYxjDrnc411ibdzAD12
Size	77312 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.XPACK.Gen Avast = Win32:MalOb-HV [Cryp] Antiy-AVL = Trojan/Win32.Genome Ikarus = Win32.SuspectCrc AhnLab-V3 = Trojan/Win32.HDC Panda = Suspicious file Rising = Trojan.Win32.Ponmocup.a VirusBuster = Trojan.Ponmocup!lAHTyH5uuwE TrendMicro-HouseCall = TROJ_GEN.R4FC8KE Emsisoft = Win32.SuspectCrc!IK Comodo = TrojWare.Win32.Ponmocup.aa McAfee-GW-Edition = Artemis!206C4D73765B TrendMicro = TROJ_GEN.R4FC8KE Kaspersky = Trojan.Win32.Genome.ywut Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.TMS!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.K!generic Jiangmin = Trojan/Generic.rmfm McAfee = Artemis!206C4D73765B F-Secure = Gen:Variant.Graftor.2702 VIPRE = Trojan.Win32.Encpk.acf (v) eSafe = Win32.Trojan AVG = Generic25.AIJJ Norman = W32/Suspicious_Gen2.RYFDX Sophos = Mal/EncPk-ACF GData = Gen:Variant.Graftor.2702 Symantec = Trojan.Gen.2 TheHacker = Trojan/Kryptik.tms BitDefender = Gen:Variant.Graftor.2702 NOD32 = Win32/Ponmocup.AA
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 20480 Initialized Data Size : 57344 Uninitialized Data Size : 0 Entry Point : 0x140e OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.0.2195.6684 Product Version Number : 5.0.2195.6684 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : ASCII Company Name : Hilgraeve, Inc. File Description : HyperTerminal Applet Library File Version : 5.00.2195.6684 Internal Name : hticons Legal Copyright : Copyright © Hilgraeve, Inc. 1999 Legal Trademarks : HyperTerminal ® is a registered trademark of Hilgraeve, Inc. Original Filename : HTICONS.DLL Product Name : Jpcfyoaqz(R) Muudshd (R) 2000 Hobdqrvan Vjtmse Product Version : 5.00.2195.6684 Comments : HyperTerminal ® was developed by Hilgraeve, Inc.
VirusTotal Report submitted 2012-06-21 06:00:51
VirusShare info last updated 2012-07-26 10:39:47

	MD5	4e6d59bf05248bb7e5738a06531564e9
	SHA1	552a1e9782577fc9ceb93fdf2c3fb68f2938ad8b
	SHA256	d0303ae6acfd727e6594e4355522823708aa63e6f81208fbcac1e340ce4937f6
SSDeep	3072:Vl9YjJf5LK+4SlmG7ROywYXePhBoyLElmvBlHrNo9Gp6+Mcidz9/3EAKmvvOlDxJ:VlW5LR7MyhuJBLLESTOgVNidz9/d4lJ
Size	237655 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:Downloader-JME [Trj] Ikarus = Trojan.Win32.Jorik AhnLab-V3 = Trojan/Win32.Jorik Panda = Suspicious file nProtect = Trojan.Generic.6434611 K7AntiVirus = Riskware VirusBuster = Trojan.Injector!55pphTnahyw VBA32 = TrojanDownloader.Qhost.jw TrendMicro-HouseCall = TROJ_SPNR.2FAC12 Emsisoft = Trojan.Win32.Jorik!IK Comodo = TrojWare.Win32.Trojan.Agent.Gen CAT-QuickHeal = Trojan.Jorik.Pirminay.uy McAfee-GW-Edition = Artemis!4E6D59BF0524 DrWeb = Trojan.WinSpy.1014 TrendMicro = TROJ_SPNR.2FAC12 Kaspersky = Trojan.Win32.Jorik.Pirminay.uy Microsoft = TrojanDownloader:Win32/Ponmocup.A ViRobot = Trojan.Win32.Generic.213555[UPX] Fortinet = W32/Jorik.K!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.hxys McAfee = Artemis!4E6D59BF0524 F-Secure = Trojan.Generic.6434611 VIPRE = Trojan.Win32.Generic!BT AVG = Dropper.Generic4.XWL Norman = W32/Obfuscated.L Sophos = Troj/Virtum-Gen GData = Trojan.Generic.6434611 Symantec = Trojan.Gen TheHacker = Trojan/Jorik.Pirminay.jq BitDefender = Trojan.Generic.6434611 NOD32 = a variant of Win32/Injector.HZU
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 237568 Initialized Data Size : 4096 Uninitialized Data Size : 49152 Entry Point : 0x45eb0 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 0.3.1536.1 Product Version Number : 1.10.2.11 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : CANON INC. File Description : Canon Inkjet Printer Driver File Version : 1.10.2.11 (fbl_dox_dev_ihvs.081016-1807) Internal Name : CNBBRxxx.DLL Legal Copyright : Copyright CANON INC. 2008 All Rights Reserved Original Filename : CNBBRxxx.DLL Product Name : Canon Inkjet Printer Driver Product Version : 1.10.2.11
VirusTotal Report submitted 2012-06-21 13:44:22
VirusShare info last updated 2012-07-26 10:43:00

	MD5	7d4a986bfe4d8e19103fb9b86169d5d2
	SHA1	7c15d68e53263498016f40530c672b1fe6d944fa
	SHA256	d9934be5930786fde2c7047555572c972e69fa4ad02d45519549cc317dcd9878
SSDeep	6144:+aj3A5G0ZBqDLh4DUktcVbC7xF7rjZSGriXqyMPQi/XDrhi87f76Q2lCZBx:dbCG0XsLsUk8kxjZXrGMPQi/Xvc6rZBx
Size	306076 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dldr.Ponmocup.A.89 Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay nProtect = Trojan.Generic.4126990 K7AntiVirus = Riskware VBA32 = Trojan.Pirmidrop.k TrendMicro-HouseCall = TROJ_GEN.R3BCRA8 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Generic Downloader.x!ech TrendMicro = TROJ_GEN.R26E1JS Kaspersky = Trojan.Win32.Pirminay.zd Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Kryptik.ANL!tr PCTools = HeurEngine.MaliciousPacker Jiangmin = Trojan/Agent.dvhx McAfee = Generic Downloader.x!ech F-Secure = Trojan.Generic.4126990 VIPRE = Packed.Win32.Pirminay.a (v) F-Prot = W32/FakeAlert.LP.gen!Eldorado AVG = SHeur3.WDG Norman = W32/Suspicious_Gen2.BTEBN GData = Trojan.Generic.4126990 Symantec = Packed.Generic.305 Commtouch = W32/FakeAlert.LP.gen!Eldorado TheHacker = Trojan/Injector.blv BitDefender = Trojan.Generic.4126990 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:09:15 14:27:16-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 4096 Initialized Data Size : 600064 Uninitialized Data Size : 0 Entry Point : 0x1dd6 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.3.3790.1830 Product Version Number : 5.3.3790.1830 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Microsoft DirectPlay Voice ACM Provider File Version : 5.3.3790.1830 (srv03_sp1_rtm.050324-1447) Internal Name : dpvacm.dll Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : dpvacm.dll Product Name : Microsoft(R) Windows(R) Operating System Product Version : 5.3.3790.1830
VirusTotal Report submitted 2012-06-21 15:31:57
VirusShare info last updated 2012-07-26 10:43:45

	MD5	e245fab5ca20aef3fbe7f07a6b123c53
	SHA1	ac8027b2ff1ef08f8b7f63af80aa746e84cf5c5a
	SHA256	e2d6b1e05f943f0794a1b07b9d80eef6c6b0080bf2aa29ee68acc0c1d93fbcbe
SSDeep	6144:co7Rl16N8B7058DWC0PyjGIjCQghTpLgCtUjvGRDhXBCs:3P16N8kWWSj1CQghTpLeKRhBCs
Size	231911 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:Malware-gen Ikarus = Trojan-Downloader.Win32.Ponmocup AhnLab-V3 = Trojan/Win32.Jorik Panda = Suspicious file nProtect = Trojan.Generic.6575837 K7AntiVirus = Trojan VirusBuster = Trojan.Qhost!w15e6TdXnr0 VBA32 = Trojan.Jorik.Pirminay.agg TrendMicro-HouseCall = TROJ_GEN.R4FC8J6 Comodo = UnclassifiedMalware Emsisoft = Trojan-Downloader.Win32.Ponmocup!IK CAT-QuickHeal = Trojan.Jorik.Pirminay.auk SUPERAntiSpyware = Trojan.Agent/Gen-Faker McAfee-GW-Edition = Generic Malware.ms TrendMicro = TROJ_GEN.R4FC8J6 Microsoft = Trojan:Win32/Vundo.gen!CD Fortinet = W32/Malware_fam.NB PCTools = Trojan.ADH Jiangmin = Trojan/Generic.klre McAfee = Generic Malware.ms F-Secure = Trojan.Generic.6575837 VIPRE = Trojan.Win32.Generic!BT AVG = Dropper.Generic4.AINJ Norman = W32/Suspicious_Gen2.RMEVC Symantec = Trojan.ADH.2 GData = Trojan.Generic.6575837 TheHacker = Trojan/Kryptik.ufa BitDefender = Trojan.Generic.6575837 NOD32 = a variant of Win32/Kryptik.UFA
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 229376 Initialized Data Size : 4096 Uninitialized Data Size : 28672 Entry Point : 0x3fbd0 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Dszwsnynh Corporation File Description : Event Create File Version : 5.1.2600.0 (zionrkak.010817-1148) Internal Name : EventCreate.exe Legal Copyright : © Oegxrecue Fgbzejkeiph. All rights reserved. Original Filename : EvCreate.exe Product Name : Fywzmpihw® Ukxtqkg® Jhdzlgalx Rzelau Product Version : 5.1.2600.0
VirusTotal Report submitted 2012-06-21 17:27:50
VirusShare info last updated 2012-07-26 10:44:35

	MD5	0736ce394c11750fadf16cc8ddadda3d
	SHA1	6b118c90c59818d337792eb19cdbaeaf3a870d27
	SHA256	017282b1970211d55c95ad8ea2ee88c68648a1a32b17327559d0b778182e633b
SSDeep	6144:FyMsJzVrZ2MW3kyDhZI/NnAHZaeKmeGdEjlbZebhrRBPMB++:F8JyvUyDbMnA56f2hFBPMv
Size	250339 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:Trojan-gen Antiy-AVL = Trojan/Win32.Jorik Ikarus = Trojan.Win32.Jorik AhnLab-V3 = Trojan/Win32.Jorik nProtect = Trojan.Generic.KDV.303237 K7AntiVirus = Riskware VirusBuster = Trojan.Injector!M/8mCdETuGI VBA32 = Trojan.Jorik.Pirminay.bu TrendMicro-HouseCall = TROJ_RENOS.BMC Emsisoft = Trojan.Win32.Jorik!IK Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[Cont] McAfee-GW-Edition = Generic.evx!k DrWeb = Trojan.DownLoader4.25851 TrendMicro = TROJ_RENOS.BMC Kaspersky = Trojan.Win32.Jorik.Pirminay.rh Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Jorik.K!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.hxys McAfee = Generic.evx!k F-Secure = Trojan.Generic.KDV.303237 VIPRE = Trojan.Win32.Generic!BT eSafe = Win32.Milicenso AVG = Dropper.Generic4.RTQ Norman = W32/Obfuscated.L Symantec = Trojan.Gen GData = Trojan.Generic.KDV.303237 TheHacker = Trojan/Jorik.Pirminay.kn BitDefender = Trojan.Generic.KDV.303237 NOD32 = a variant of Win32/Injector.HZU
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 229376 Initialized Data Size : 24576 Uninitialized Data Size : 40960 Entry Point : 0x42510 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1.0.13.0 Product Version Number : 1.0.13.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 1 Language Code : Danish Character Set : Unicode Comments : Company Name : Igztgvurp Rvsmlsadwvg File Description : Lexmark 3200 Color Jetprinter File Version : 1, 0, 13, 0 Internal Name : LXSYSRES.DLL Legal Copyright : Copyright (C) Gkwziauas Corp. 1981-1997 Legal Trademarks : Original Filename : OEMRES Private Build : Product Name : Psyhpqmts(R) Nwoaxuy NT(R) Operativsystem Product Version : 1, 0, 13, 0 Special Build :
VirusTotal Report submitted 2012-02-15 17:34:49
VirusShare info last updated 2012-07-26 10:47:11

	MD5	43fea030497bf2695733d960c10f7d6d
	SHA1	d70992d3288245185d3063d405551684ac383c61
	SHA256	021625e14a8aa53ae1ba3e35753abd91100b8928f7a7b4df3cd34b4f1fe268d2
SSDeep	6144:ikDC8MGtIXGE3wN0qb6cNGtbd9boe4PYujJH/iFG8jwPqAOnfc1tFbUzYrakJQxE:P+8MqOQxwT9UA2fiLEifnU1tCEQxE
Size	427522 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dldr.Ponmocup.A.382 Avast = Win32:Crypt-JHM [Trj] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Pirminay.427522 Panda = Generic Trojan Rising = Trojan.Win32.Generic.128DCE83 nProtect = Trojan/W32.Agent.427522 K7AntiVirus = Riskware VirusBuster = Trojan.DL.Agent!aI/dsX7bHRc VBA32 = Trojan.Agent.nknc eTrust-Vet = Win32/Ponmocup.H TrendMicro-HouseCall = TROJ_DLOADR.BH Emsisoft = Trojan.Win32.Pirminay!IK Comodo = TrojWare.Win32.Trojan.Agent.Gen McAfee-GW-Edition = Swisyn.w DrWeb = Trojan.DownLoader4.44785 TrendMicro = TROJ_DLOADR.BH Kaspersky = Trojan.Win32.Agent.huto Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Swisyn.W!tr PCTools = Trojan.Gen Jiangmin = Trojan/Agent.fbhj McAfee = Swisyn.w ClamAV = Trojan.Agent-245622 F-Secure = Trojan.Generic.5924315 VIPRE = Trojan.Win32.Generic!BT eSafe = Win32.Milicenso F-Prot = W32/Trojan!ceb3 AVG = SHeur3.BZES Norman = W32/Kryptik.AIF Sophos = Troj/DwnLdr-IYO GData = Trojan.Generic.5924315 Symantec = Trojan.Gen Commtouch = W32/Trojan!ceb3 TheHacker = Trojan/Agent.nknb BitDefender = Trojan.Generic.5924315 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:03:20 17:00:13-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 73728 Initialized Data Size : 692224 Uninitialized Data Size : 0 Entry Point : 0xef42 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.0.0.3422 Product Version Number : 2.0.0.3422 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : Hbkstuqku Yogfmzhyeqt File Description : Axtxdwnon Agent Data Provider File Version : 2.00.0.3422 Internal Name : AgentDataProvider Legal Copyright : Copyright (C) Fgvwhojrg Corp. 1997-98 Legal Trademarks : Original Filename : AgentDpv.dll Private Build : Product Name : Jidmkzxxp Agent Data Provider Product Version : 2.00.0.3422 Special Build :
VirusTotal Report submitted 2012-03-15 11:04:19
VirusShare info last updated 2012-07-26 10:47:28

	MD5	381fb84b0579db73dc16264d6f924437
	SHA1	35352c4db0bb5653d687ec74bbda42415474ec1f
	SHA256	03d948e5edf91ad4675578c45b2f7291c9e8f386ad2c921717c3d4cf05e448c8
SSDeep	3072:quV5pv8kQLcMbsAbKqGvkMc4/UZkl0HioCZqogc6t8DNC:q/cMbtKqtMc48Z7HioCZqoctuC
Size	163840 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.XPACK.Gen7 Avast = Win32:Diller-AF [Trj] Antiy-AVL = AdWare/Win32.SuperJuan Ikarus = Win32.SuspectCrc nProtect = Trojan.Generic.7116330 K7AntiVirus = Riskware VirusBuster = Trojan.Ponmocup!n43+hGviHVo eTrust-Vet = Win32/Vundo.HTW!genus TrendMicro-HouseCall = TROJ_GEN.R4FCCBO Comodo = UnclassifiedMalware Emsisoft = Win32.SuspectCrc!IK SUPERAntiSpyware = Trojan.Agent/Gen-Ponmocup McAfee-GW-Edition = Vundo!nv TrendMicro = TROJ_GEN.R4FCCBO Kaspersky = not-a-virus:AdWare.Win32.SuperJuan.aigi Microsoft = Trojan:Win32/Vundo.gen!CA Fortinet = W32/Ponmocup.AA PCTools = Trojan.Gen Jiangmin = Adware/SuperJuan.auo McAfee = Vundo!nv F-Secure = Trojan.Generic.7116330 AVG = Generic26.BOMO Norman = W32/Troj_Generic.JCJX Sophos = Troj/Virtum-Gen GData = Trojan.Generic.7116330 Symantec = Trojan.Gen TheHacker = Trojan/Ponmocup.aa BitDefender = Trojan.Generic.7116330 NOD32 = Win32/Ponmocup.AA
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 8.0 Code Size : 102400 Initialized Data Size : 57344 Uninitialized Data Size : 0 Entry Point : 0x103cd OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-03-02 04:31:58
VirusShare info last updated 2012-07-26 10:48:21

	MD5	46d513a61f956b7b34819c5b865ce23b
	SHA1	31f5a1ba1cad0f761fab29455267358b4cef56cc
	SHA256	04476a4847aec03bd00f07fcbf83ce3c9f1719520efcb0ce0b1969e3863a9863
SSDeep	3072:eWrqH7FAFDqtBEeuZwu8DIS1FHksK7A67ih:jqbFAFOtBduvJS1FHpgAFh
Size	102400 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.ZPACK.Gen2 Ikarus = Trojan-Downloader.Agent K7AntiVirus = Riskware VirusBuster = Trojan.Ponmocup!8MMoLpCtIl8 Emsisoft = Trojan-Downloader.Agent!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Artemis!46D513A61F95 Kaspersky = Trojan.Win32.Genome.afbqq Microsoft = Trojan:Win32/Vundo.gen!CB Fortinet = W32/Ponmocup.AO McAfee = Artemis!46D513A61F95 F-Secure = Gen:Variant.Barys.907 VIPRE = Trojan.Win32.Generic!BT AVG = Agent3.BJYW Norman = W32/Troj_Generic.AZVHD Sophos = Troj/Virtum-Gen GData = Gen:Variant.Barys.907 TheHacker = Trojan/Ponmocup.ao BitDefender = Gen:Variant.Barys.907 NOD32 = a variant of Win32/Ponmocup.AO
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:08 05:47:15-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 57344 Initialized Data Size : 53248 Uninitialized Data Size : 0 Entry Point : 0x5071 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-05-19 07:53:11
VirusShare info last updated 2012-07-26 10:48:32

	MD5	293846ea16a4f6d0761ff0c1cc274376
	SHA1	8b02a27e22e86153fdd040cff945998835b5501e
	SHA256	07b181afe12efb6b23cf85c2af5710367e2df8e41b104d6af482feb607f65113
SSDeep	3072:ouV5pv8kQLcMbWKiGvkMc4/UZkl0HakmXc6t8DDC:o/cMbWKitMc48Z7H0tgC
Size	163840 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Ponmocup.A Avast = Win32:Diller-AF [Trj] Antiy-AVL = AdWare/Win32.SuperJuan Ikarus = Win32.SuspectCrc AhnLab-V3 = Adware/Win32.SuperJuan Panda = Generic Trojan Rising = Trojan.Win32.Generic.12B6ABBE K7AntiVirus = Adware VirusBuster = Trojan.Ponmocup!+w+L3nix/o8 VBA32 = AdWare.SuperJuan.aieq eTrust-Vet = Win32/Vundo.HTW!genus TrendMicro-HouseCall = TROJ_GEN.R47CDBO Comodo = UnclassifiedMalware Emsisoft = Win32.SuspectCrc!IK SUPERAntiSpyware = Trojan.Agent/Gen-Ponmocup McAfee-GW-Edition = Generic PUP.z!jq DrWeb = Trojan.Juan.730 TrendMicro = TROJ_GEN.R47CDBO Kaspersky = not-a-virus:AdWare.Win32.SuperJuan.aieq Microsoft = Trojan:Win32/Vundo.gen!CA Fortinet = W32/Ponmocup.AZ!tr PCTools = Trojan.Gen Jiangmin = Adware/SuperJuan.auo McAfee = Generic PUP.z!jq F-Secure = Gen:Variant.Graftor.12472 VIPRE = Virtumonde F-Prot = W32/Agent.ON.gen!Eldorado AVG = Generic26.BOMO Norman = W32/Troj_Generic.QROR GData = Win32:Diller-AF Symantec = Trojan.Gen.2 Commtouch = W32/Agent.ON.gen!Eldorado TheHacker = Trojan/Ponmocup.aa BitDefender = Gen:Variant.Graftor.12472 NOD32 = Win32/Ponmocup.AA
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 8.0 Code Size : 102400 Initialized Data Size : 57344 Uninitialized Data Size : 0 Entry Point : 0x103cd OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-04-24 06:59:46
VirusShare info last updated 2012-07-26 10:50:10

	MD5	b3636e8caf485e5874c9f844d06820cf
	SHA1	b55cd4bfbd399f14ddf34a5d4d06e452716f8fa2
	SHA256	07d91832dcf2ce7b8d5670e76e6e2ddd1043b6e232bed087c11fddb9cc2cd3b2
SSDeep	6144:FbrAGfogA4yvxeFyohk5I/RZjr2lTmyPEjX69is5jBrbPhYLaz71/:lr4Fvtak5IH3zyUX6XThx/
Size	276321 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Spy.276446 Avast = Win32:Spyware-gen Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Suspicious file nProtect = Gen:Variant.Riern.1 K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_GEN.R28C2II Comodo = TrojWare.Win32.Trojan.Agent.Gen Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Win32.TrojanDownloader.Renos.KC.4 McAfee-GW-Edition = Generic Downloader.x!elt TrendMicro = TROJ_GEN.R28C2II Kaspersky = Trojan.Win32.Pirminay.cgr Microsoft = TrojanDownloader:Win32/Ponmocup.A PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.ea McAfee = Generic Downloader.x!elt VIPRE = Packed.Win32.Pirminay.a (v) Avast5 = Win32:Spyware-gen F-Prot = W32/FakeAlert.LP.gen!Eldorado AVG = Generic18.BXTN Norman = W32/Obfuscated.L Sophos = Mal/Generic-L Symantec = Trojan.Gen GData = Gen:Variant.Riern.1 Commtouch = W32/FakeAlert.LP.gen!Eldorado TheHacker = Trojan/Pirminay.eti BitDefender = Gen:Variant.Riern.1 NOD32 = a variant of Win32/Kryptik.HAQ
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:11:14 08:08:52-05:00 PE Type : PE32 Linker Version : 5.12 Code Size : 29696 Initialized Data Size : 487936 Uninitialized Data Size : 0 Entry Point : 0x8274 OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 12.0.7000.7000 Product Version Number : 12.0.7000.7000 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Windows Media Indexer DLL File Version : 12.0.7000.7000 (winmain_win7beta.081212-1400) Internal Name : wmidx.dll Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : wmidx.dll Product Name : Microsoft® Windows® Operating System Product Version : 12.0.7000.7000
VirusTotal Report submitted 2011-06-10 04:54:41
VirusShare info last updated 2012-07-26 10:50:15

	MD5	403df94bfd7abee2c0e75c2a3e1830c8
	SHA1	897b2e20adf79c0c53de145ad6c2186dbace7576
	SHA256	0910d7bd5c4af76e9c86a12aa8864b31cd509150086b34362842fda9b884326c
SSDeep	6144:Il90jhLbM1uWhiE7/fUaAa9MrztbA+mt7dkyE2NIYKdQszOMiEFg9t9YBPh:9cUWhz7MaAeMry+8E1mB+G7
Size	442880 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.XPACK.Gen3 Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay Rising = Trojan.Win32.Generic.12527556 nProtect = Trojan/W32.Pirminay.442880 K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_GEN.R1BC2JS Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Generic Downloader.x!ejn DrWeb = Trojan.Hosts.1844 TrendMicro = TROJ_GEN.R1BC2JS Kaspersky = Trojan.Win32.Pirminay.xt Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.cw McAfee = Generic Downloader.x!ejn F-Secure = Trojan.Generic.4930180 VIPRE = Trojan.Win32.Generic!SB.0 F-Prot = W32/FakeAlert.LP.gen!Eldorado AVG = Generic19.BVHB Norman = W32/Kryptik.AIF Sophos = Mal/Generic-L GData = Trojan.Generic.4930180 Symantec = Trojan.Gen Commtouch = W32/FakeAlert.LP.gen!Eldorado TheHacker = Trojan/Pirminay.xt BitDefender = Trojan.Generic.4930180 NOD32 = a variant of Win32/Kryptik.JHG
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:08:20 04:08:02-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 65024 Initialized Data Size : 750592 Uninitialized Data Size : 0 Entry Point : 0x10ae8 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 4 Language Code : Neutral Character Set : Unicode Company Name : Microsoft Corporation File Description : VGA 16 Colour Display Driver File Version : 5.1.2600.0 (XPClient.010817-1148) Internal Name : vga.dll Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : vga.dll Product Name : Microsoft® Windows® Operating System Product Version : 5.1.2600.0
VirusTotal Report submitted 2012-03-13 06:36:18
VirusShare info last updated 2012-07-26 10:50:52

	MD5	4a03c1162eef760ea6f3a7f26079618b
	SHA1	797c53a90795aed0f3724d71f30e57603324f96d
	SHA256	098c30b5e0ce796a1c58c49556cb7c80c1c04dafb34450657e233f23cc22c5d3
SSDeep	6144:mSy7Gl2DOacHJbmnCRHFBDAvzcuVWLDQpovd128W7:JMfasCZFBYcuVuPj2D7
Size	256376 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:Malware-gen Ikarus = Trojan-Dropper AhnLab-V3 = Trojan/Win32.FakeAV nProtect = Gen:Variant.Graftor.1232 K7AntiVirus = Trojan TrendMicro-HouseCall = TROJ_GEN.R4FC2IM Comodo = TrojWare.Win32.Trojan.Agent.Gen Emsisoft = Trojan-Dropper!IK CAT-QuickHeal = Trojan.Jorik.Pirminay.uq McAfee-GW-Edition = Artemis!4A03C1162EEF ByteHero = Trojan.Win32.Heur.Gen TrendMicro = TROJ_GEN.R4FC2IM Kaspersky = Trojan.Win32.Jorik.Pirminay.uq Microsoft = TrojanDownloader:Win32/Ponmocup.A Jiangmin = Trojan/Generic.kkfx McAfee = Artemis!4A03C1162EEF F-Secure = Trojan.Generic.6506798 VIPRE = Trojan.Win32.Generic!SB.0 AVG = Dropper.Generic4.AGSP Norman = W32/Obfuscated.L Sophos = Troj/Virtum-Gen GData = Trojan.Generic.6506798 Symantec = WS.Reputation.1 BitDefender = Trojan.Generic.6506798
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 229376 Initialized Data Size : 28672 Uninitialized Data Size : 57344 Entry Point : 0x46860 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.0.0.19 Product Version Number : 5.0.0.19 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 1 Language Code : Arabic Character Set : Unicode Company Name : Brother Industries, Ltd. File Description : برنامج تشغيل Brother MFC3100C File Version : 5.0.0.19 (vbl_wcp_d2_drivers.060616-1619) Internal Name : brclr01.dll Legal Copyright : Copyright (C) Brother Industries, Ltd. 2004 Original Filename : brclr01.dll Product Name : Kgjrghfhq® Savnoml® Omgpiwueb Xurlaf Product Version : 5.0.0.19
VirusTotal Report submitted 2011-10-20 09:29:06
VirusShare info last updated 2012-07-26 10:51:05

	MD5	3a853fb76d6ab4464e692d0bb57b9021
	SHA1	0632254862dbdb3e29173d1407c896b7929561a5
	SHA256	0ccbba1b4fcfc64d3a47b2101a42b9518087396edd220f58c70c2feb8d4ff303
SSDeep	6144:NKIMyitoaW8IIEt5nYyUmYfuR92cB5YxTyj7OnXFb3+UzM7k+ZXZ:LWhyU9GBKxTKG1BIo+
Size	358400 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Downloader.Gen Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Pirminay.358400 Panda = Generic Trojan K7AntiVirus = Riskware VirusBuster = Trojan.Pirminay!YeCL9eAPGTk VBA32 = SScope.Trojan.Pirminay.chc TrendMicro-HouseCall = TROJ_GEN.R4FC2BD Emsisoft = Trojan.Win32.Pirminay!IK Comodo = TrojWare.Win32.Trojan.Agent.Gen CAT-QuickHeal = Trojan.Pirminay.dwg McAfee-GW-Edition = Generic Downloader.x!emz DrWeb = Trojan.WinSpy.origin TrendMicro = TROJ_GEN.R4FC2BD Kaspersky = Trojan.Win32.Pirminay.dwg Microsoft = TrojanDownloader:Win32/Ponmocup.A PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.nh McAfee = Generic Downloader.x!emz F-Secure = Gen:Trojan.Heur.RP.vqW@aa6URqf VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Malware-gen eSafe = Win32.TRDownloader F-Prot = W32/FakeAlert.FT.gen!Eldorado AVG = Dropper.VB.CMD.dropper Norman = W32/Suspicious_Gen2.IGDKM Sophos = Mal/Generic-L Symantec = Trojan.Gen GData = Gen:Trojan.Heur.RP.vqW@aa6URqf Commtouch = W32/FakeAlert.FT.gen!Eldorado TheHacker = Trojan/Downloader.Agent.pxo BitDefender = Gen:Trojan.Heur.RP.vqW@aa6URqf NOD32 = a variant of Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 65536 Initialized Data Size : 602112 Uninitialized Data Size : 0 Entry Point : 0x101da OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2011-07-12 00:14:58
VirusShare info last updated 2012-07-26 10:52:40

	MD5	a1c6c5e50d46344af8ff7db4e217724e
	SHA1	6317088b1f018b79e4e7b35affec64dffd29377e
	SHA256	0d6c4e9bfb5a01b750247330dce80e7ba18f7921d8334e2630968a27097cc62f
SSDeep	6144:Oh/x8NDUG0VFQQCGv9srhKrdVllXccDg4tXtFM2AGRVrcx9ixIQC9MVH5RIWHNcI:OhpCDUOQvlsFKrDdg462AmVM2rZWWtcI
Size	376270 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:Kryptik-CEC [Trj] Ikarus = Gen.Variant.Vundo AhnLab-V3 = Trojan/Win32.Pirminay Panda = Suspicious file nProtect = Trojan.Generic.KDV.210632 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!Cc5OBtSbLDQ VBA32 = Trojan.Pirminay.obq TrendMicro-HouseCall = TROJ_SPNR.15KL11 Comodo = TrojWare.Win32.Trojan.Agent.Gen Emsisoft = Gen.Variant.Vundo!IK CAT-QuickHeal = TrojanDownloader.Ponmocup.a McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.DownLoader4.61017 TrendMicro = TROJ_SPNR.15KL11 Kaspersky = Trojan.Win32.Pirminay.obq Microsoft = TrojanDownloader:Win32/Ponmocup.A ViRobot = Trojan.Win32.A.Pirminay.376270 Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.yl McAfee = Generic Malware.ms F-Secure = Trojan.Generic.KDV.210632 VIPRE = Trojan.Win32.Generic!BT F-Prot = W32/Ponmocup.A.gen!Eldorado AVG = Generic22.AEJL Norman = W32/Kryptik.AIF Sophos = Mal/Generic-L GData = Trojan.Generic.KDV.210632 Symantec = Trojan.Gen Commtouch = W32/Ponmocup.A.gen!Eldorado TheHacker = Trojan/Pirminay.ghx BitDefender = Trojan.Generic.KDV.210632 NOD32 = a variant of Win32/Kryptik.LLT
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1998:05:04 00:21:28-04:00 PE Type : PE32 Linker Version : 2.60 Code Size : 86016 Initialized Data Size : 581632 Uninitialized Data Size : 0 Entry Point : 0x116d3 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.131.2600.0 Product Version Number : 5.131.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Sfgecuckz Ecfofnnkbty File Description : Softpub Forwarder DLL File Version : 5.131.2600.0 (pqqabaab.010817-1148) Internal Name : Softpub Forwarder DLL Legal Copyright : © Gptwrymhq Cfygrtfofrq. All rights reserved. Original Filename : Softpub Forwarder DLL Product Name : Ikenpvbee® Tosypkm® Operating Kypokw Product Version : 5.131.2600.0
VirusTotal Report submitted 2012-05-20 08:18:49
VirusShare info last updated 2012-07-26 10:53:02

	MD5	023504770f801a6594b05a5b3f609822
	SHA1	99adfa46c840e5486b4665ae1d35db5dbc9d6a3a
	SHA256	10b4d344fee007b104c5a0f4ff9f52bac0fbcc4dc230488ca85264be45363db9
SSDeep	1536:4Az86BJa37cLE3ui7DR2A4swNXuSJ1K07Iy:UkaI27DBoXuk7I
Size	61952 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.XPACK.Gen Avast = Win32:Suprchu [Adw] Antiy-AVL = Trojan/Win32.Genome Ikarus = Win32.SuspectCrc AhnLab-V3 = Trojan/Win32.HDC Panda = Trj/Suprchu.A Rising = Trojan.Win32.Ponmocup.a nProtect = Trojan/W32.Genome.61952.H K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!9vAuufcOaZU VBA32 = Trojan.Genome.xhhu eTrust-Vet = Win32/Vundo.K!generic TrendMicro-HouseCall = TROJ_GEN.R47C8JJ Comodo = UnclassifiedMalware Emsisoft = Win32.SuspectCrc!IK CAT-QuickHeal = Trojan.Genome.xhhu McAfee-GW-Edition = Generic Malware.ms TrendMicro = TROJ_GEN.R47C8JJ Kaspersky = Trojan.Win32.Genome.xhhu Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.TMS!tr PCTools = Trojan.Gen Jiangmin = Trojan/Genome.aong McAfee = Generic Malware.ms F-Secure = Trojan.Generic.6705655 VIPRE = Trojan.Win32.Encpk.acf (v) F-Prot = W32/GenTroj.A.gen!Eldorado AVG = Generic25.PEC Norman = W32/Suspicious_Gen2.SKTTL Sophos = Troj/Virtum-Gen GData = Trojan.Generic.6705655 Symantec = Trojan.Gen Commtouch = W32/GenTroj.A.gen!Eldorado TheHacker = Trojan/Kryptik.tms BitDefender = Trojan.Generic.6705655 NOD32 = Win32/Ponmocup.AA
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 20480 Initialized Data Size : 45056 Uninitialized Data Size : 0 Entry Point : 0x13f6 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 2 Language Code : Neutral Character Set : Unicode Company Name : Dctftvlbm Qnsvmawpsen File Description : Canadian Multilingual Standard Keyboard Layout File Version : 6.0.6000.16386 (kwsog_rtm.061101-2205) Internal Name : kbdcan (3.13) Legal Copyright : © Ochuusete Bhldknxhcyv. All rights reserved. Original Filename : kbdcan.dll Product Name : Jlotniguu® Hzxgvok® Pnczumake Bfppba Product Version : 6.0.6000.16386
VirusTotal Report submitted 2012-05-13 07:53:06
VirusShare info last updated 2012-07-26 10:54:44

	MD5	cf7fd40f81857dc07826764c5e95e81f
	SHA1	3e64a46bf459bd3d9980fd3a176ef44e686dfc08
	SHA256	118fc1605078804d9ffc12e7e3a4520abf427c16ee753fd9f1e1c2d9ffac176a
SSDeep	6144:dne/d6MQSsEkshGE+seGCsAjtsmDoTcejx8V5cTaILj8TwIl0kZbC6mMGl:dmH1sfs5+fG/AjtsmEL+mTa9wm4zr
Size	882176 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = PCK/Dumped Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Gen Panda = Trj/WL-heur.A Rising = Dropper.Win32.Qhost.b nProtect = Trojan.Generic.4128374 K7AntiVirus = Riskware VBA32 = Win32.TrojanDownloader.Agent.PXO TrendMicro-HouseCall = TROJ_GEN.R47C2IJ Emsisoft = Trojan.Win32.Pirminay!IK Comodo = TrojWare.Win32.Trojan.Agent.Gen CAT-QuickHeal = TrojanDownloader.Ponmocup.a McAfee-GW-Edition = Heuristic.BehavesLike.Win32.ModifiedUPX.J TrendMicro = TROJ_GEN.R47C2IJ Microsoft = TrojanDownloader:Win32/Ponmocup.A PCTools = Trojan.Gen Sunbelt = Trojan.Win32.Generic!SB.0 Jiangmin = Trojan/Swisyn.jgw McAfee = Suspect-BA!CF7FD40F8185 F-Secure = Trojan.Generic.4128374 Prevx = Medium Risk Malware Avast5 = Win32:Malware-gen eSafe = Win32.PCKDumped AVG = Downloader.Generic9.BZRM Norman = W32/Obfuscated.L Sophos = Mal/Generic-L Symantec = Trojan.Gen GData = Trojan.Generic.4128374 TheHacker = Trojan/Downloader.Agent.pxo BitDefender = Trojan.Generic.4128374 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:22 22:41:21-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 245760 Initialized Data Size : 163840 Uninitialized Data Size : 466944 Entry Point : 0x2de8 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2010-10-14 16:54:44
VirusShare info last updated 2012-07-26 10:55:11

	MD5	dca17baf4d3900219b16a28cb884a934
	SHA1	576bd149576086f9927713f51f7b34746aa0c95f
	SHA256	11c4f3cb1681d83225b62668a27d8f91016d70396dfd932acdd10b4e0baa25a9
SSDeep	6144:LLYLy5zogD+ehTkcF2w6cvkdW0BSEsTQOLCr0l1lCH:/YknWcMlksOLCc1Y
Size	298441 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dldr.Ponmocup.A.337 Avast = Win32:Spyware-gen [Spy] Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan-Downloader.Win32.Ponmocup AhnLab-V3 = Trojan/Win32.Pirminay Panda = Suspicious file nProtect = Gen:Variant.Riern.1 K7AntiVirus = Riskware VBA32 = Trojan.Pirminay.aeo TrendMicro-HouseCall = TROJ_GEN.R4FC3B1 Comodo = UnclassifiedMalware Emsisoft = Trojan-Downloader.Win32.Ponmocup!IK CAT-QuickHeal = Win32.TrojanDownloader.Renos.KC.4 McAfee-GW-Edition = Generic.dx!yov TrendMicro = TROJ_GEN.R4FC3B1 Kaspersky = Trojan.Win32.Pirminay.fow Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = PossibleThreat PCTools = Trojan.ADH Jiangmin = Trojan/Pirminay.lh McAfee = Generic.dx!yov F-Secure = Trojan.Generic.5531693 VIPRE = Trojan.Win32.Generic!SB.0 Avast5 = Win32:Spyware-gen [Spy] F-Prot = W32/FakeAlert.LP.gen!Eldorado AVG = Generic19.BUCQ Norman = W32/Suspicious_Gen2.IWXUY Sophos = Mal/Ponmocup-A Symantec = Trojan.ADH.2 GData = Trojan.Generic.5531693 Commtouch = W32/FakeAlert.LP.gen!Eldorado TheHacker = Trojan/Skintrim.cu BitDefender = Trojan.Generic.5531693 NOD32 = a variant of Win32/Kryptik.JHJ
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:04:24 12:16:19-04:00 PE Type : PE32 Linker Version : 5.12 Code Size : 45056 Initialized Data Size : 499200 Uninitialized Data Size : 0 Entry Point : 0xbd2c OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.0 Product Version Number : 5.2.3790.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Unknown File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Windows NT Macintosh File Server Service File Version : 5.2.3790.0 (srv03_rtm.030324-2048) Internal Name : sfmsvc.exe Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : sfmsvc.exe Product Name : Microsoft® Windows® Operating System Product Version : 5.2.3790.0
VirusTotal Report submitted 2011-07-20 21:55:58
VirusShare info last updated 2012-07-26 10:55:17

	MD5	0f0ab2e4559ac5db84310d58f904ab7b
	SHA1	2cd08a29212c1039f66d5bd5753ee6e62a8f3908
	SHA256	135bf46679944995ae3fde338623e270dbbfae40e10ab9191d3226886be78ff5
SSDeep	6144:T7ajaEA4AnlivJtcYIZ0rvdY+S0jogL9p42JtKtSqj:n4vAvlicYrZhjog4AtHqj
Size	207355 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Ikarus = Trojan-Downloader.Win32.Ponmocup AhnLab-V3 = Trojan/Win32.Pirminay Panda = Suspicious file Emsisoft = Trojan-Downloader.Win32.Ponmocup!IK Jiangmin = Trojan/Generic.kkfx Norman = W32/Obfuscated.L
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 16384 Initialized Data Size : 196608 Uninitialized Data Size : 0 Entry Point : 0x12a6 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : Neutral Character Set : Unicode Company Name : Efnvnkewt Uboxgiylgxr File Description : Qualstar 2xxxx and 4xxx Medium changer driver File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : qlstrmc.sys Legal Copyright : © Xouiscrjp Cavjewpceqt. All rights reserved. Original Filename : qlstrmc.sys Product Name : Abggtapna® Sarytgi® Tysebfkdm Lxywdd Product Version : 6.1.7600.16385
VirusTotal Report submitted 2011-08-21 16:51:32
VirusShare info last updated 2012-07-26 10:56:03

	MD5	a67a2d6596b3e3641a249288cafa4396
	SHA1	cc878684a892212aee2501b2f6e86b0f2ccdbb81
	SHA256	138e9c945b4370bd843c0b63c62b25ba9e7dea17afff0e0d03e2814a9f98ba78
SSDeep	6144:/EAFkxMk0mGNt78oDCyIRZMtoDstZKAKZ+obEPNye99i3fNn4cXnEBKjz/ZnC9:/SQmGNycCyIRZkKfY6A9Yx4cXnEBKjzm
Size	385638 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.XPACK.Gen3 Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay Panda = Generic Trojan nProtect = Gen:Variant.Riern.1 VirusBuster = Trojan.Kryptik!XbN80Pl2CNM TrendMicro-HouseCall = TROJ_GEN.R2EC7IN Emsisoft = Trojan.Win32.Pirminay!IK TrendMicro = TROJ_GEN.R2EC7IN Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Kryptik.ANL!tr Jiangmin = Trojan/Pirminay.zi F-Secure = Trojan.Generic.5900379 VIPRE = Trojan.Win32.Generic!BT AVG = SHeur3.BXNZ Norman = W32/Kryptik.AIF Sophos = Mal/Ponmocup-A GData = Trojan.Generic.5900379 TheHacker = Trojan/Pirminay.gel BitDefender = Trojan.Generic.5900379 NOD32 = a variant of Win32/Kryptik.NDZ
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:03:30 16:55:58-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 20480 Initialized Data Size : 679936 Uninitialized Data Size : 0 Entry Point : 0x20c2 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.5.3790.1830 Product Version Number : 6.5.3790.1830 File Flags Mask : 0x30003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Windows, Latin1 Company Name : Qwfdwnhbv Egqnlhvbsgm File Description : Ipkvvtwhk SI/PSI parser for MPEG2 based networks. File Version : 6.05.3790.1830 Internal Name : psisdecd.dll Legal Copyright : Copyright (C) 1992-2001 Ibaqjhkxt Corp. Original Filename : psisdecd.dll Product Name : DirectShow Product Version : 6.05.3790.1830 Direct Show : Core OLE Self Register : DXM20
VirusTotal Report submitted 2011-10-06 17:30:50
VirusShare info last updated 2012-07-26 10:56:08

	MD5	0ed0fd8495b99e378714b2313d6b5e9e
	SHA1	e7093a12304a0752daf566ae84d8e3b43f4ae86c
	SHA256	15373bbc3f584fbe246253d048e1d22b0415645470fc1a7f1557b8224e2e392a
SSDeep	6144:fKwkGfMz1uopMO0Y4NhCon7gAIeZWHf3VFKU2ph+UnFIX/pgufMpFrVex5vTNAL:yYvO0YgGAVZW/E+UnqPhWFrVENQ
Size	365967 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.XPACK.Gen Avast = Win32:Trojan-gen Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Gen Panda = Trj/CI.A nProtect = Gen:Variant.Kazy.15607 VirusBuster = Trojan.XPACK!u5zRUMLgafk VBA32 = Trojan.Pirminay.itd TrendMicro-HouseCall = TROJ_GEN.R4FC2IE Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Heuristic.LooksLike.Win32.Suspicious.C TrendMicro = TROJ_GEN.R4FC2IE Kaspersky = Trojan.Win32.Pirminay.oeo Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.afr McAfee = Downloader.a!mh F-Secure = Trojan.Generic.6212102 VIPRE = Trojan.Win32.Generic!BT AVG = SHeur3.CGAT Norman = W32/Obfuscated.L GData = Trojan.Generic.6212102 Symantec = Trojan.Gen TheHacker = Trojan/Pirminay.itn BitDefender = Trojan.Generic.6212102
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:06:27 23:30:47-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 364544 Initialized Data Size : 4096 Uninitialized Data Size : 458752 Entry Point : 0xc97f0 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Xmcfldgox Fdcyviofnaj File Description : Bnbihfxpd DirectMusic Wave File Version : 5.1.2600.0 (kmqijvec.010817-1148) Internal Name : Thbekuyuj DirectMusic Wave Legal Copyright : © Microsoft Qjiyzmbjgyn. All rights reserved. Original Filename : dsave.dll Product Name : Fqjejdmmj® Adgvkfb® Lmfscnphm Bsvlrl Product Version : 5.1.2600.0
VirusTotal Report submitted 2011-10-03 07:58:10
VirusShare info last updated 2012-07-26 10:56:53

	MD5	b47bc847ad1f4bb12ccc3eaa392ee5ac
	SHA1	96c53e30cd9e4cad4ce5340c469ea24f2b1d3511
	SHA256	155f58ada32d4c547ac167c440d96829ee7ebf1ac9b47244690b177b89923b8b
SSDeep	12288:PdNU33VR6fypBUuXYgKK+9CpHzTDO51nQi:P3UHOKpbognpHXK11
Size	420970 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Pirminay.bhg Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Suspicious file VBA32 = SScope.Trojan.Pirminay.chc TrendMicro-HouseCall = TROJ_GEN.R28C2AQ Emsisoft = Trojan.Pirminay!IK McAfee-GW-Edition = Artemis!B47BC847AD1F TrendMicro = TROJ_GEN.R28C2AQ Kaspersky = Trojan.Win32.Pirminay.ddx Microsoft = TrojanDownloader:Win32/Ponmocup.A PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.gp McAfee = Artemis!B47BC847AD1F F-Secure = Trojan.Generic.5319181 VIPRE = Trojan.Win32.Generic!SB.0 Avast5 = Win32:Malware-gen AVG = Generic20.BMJY Norman = W32/Obfuscated.L Sophos = Mal/Generic-L Symantec = Trojan.Gen GData = Trojan.Generic.5319181 TheHacker = Trojan/Pirminay.bce BitDefender = Trojan.Generic.5319181 NOD32 = a variant of Win32/Kryptik.JIW
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:08:08 21:52:15-04:00 PE Type : PE32 Linker Version : 6.22 Code Size : 16384 Initialized Data Size : 803840 Uninitialized Data Size : 0 Entry Point : 0x4ae2 OS Version : 4.0 Image Version : 4.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.2180 Product Version Number : 5.1.2600.2180 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Remote Access AutoDial Helper File Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Internal Name : rasadhlp.dll Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : rasadhlp.dll Product Name : Microsoft® Windows® Operating System Product Version : 5.1.2600.2180
VirusTotal Report submitted 2011-03-08 22:07:40
VirusShare info last updated 2012-07-26 10:56:56

	MD5	eb8dfbe6ec9d93114950d98ce843419e
	SHA1	ab651ea7a48f1ebc9445a96150b7175bcaf29594
	SHA256	15d05acb50e95d000de31f4ca01d86cc23e6098634e7066399222889cd6e71fa
SSDeep	6144:HPbQW8OrEHxpXyxTG8VAE+Z0lGeavJyf5R6IUIws6:HDQWZEHxpixIEplGjvC6VZ5
Size	207957 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:Malware-gen Antiy-AVL = Trojan/win32.agent Ikarus = Trojan-Downloader.Win32.Ponmocup AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/CI.A Comodo = TrojWare.Win32.Trojan.Agent.Gen Emsisoft = Trojan-Downloader.Win32.Ponmocup!IK McAfee-GW-Edition = Artemis!EB8DFBE6EC9D DrWeb = Trojan.DownLoader4.51202 Microsoft = TrojanDownloader:Win32/Ponmocup.A PCTools = Trojan.ADH Jiangmin = Trojan/Generic.kkfx McAfee = Artemis!EB8DFBE6EC9D F-Secure = Trojan.Generic.6460972 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Malware-gen AVG = Dropper.Generic4.ADSX Norman = W32/Obfuscated.L Sophos = Mal/Generic-L GData = Trojan.Generic.6460972 Symantec = Trojan.ADH.2 TheHacker = Trojan/Downloader.Agent.pxo BitDefender = Trojan.Generic.6460972 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 16384 Initialized Data Size : 200704 Uninitialized Data Size : 0 Entry Point : 0x12a2 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2001.7.25.0 Product Version Number : 10.0.0.0 File Flags Mask : 0x003f File Flags : Pre-release, Private build File OS : Windows 16-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Windows, Latin1 Company Name : Iadgkddnq Rflbhymotsm File Description : Mzfnvpzjo Character Encoder File Version : 2001072500 Internal Name : msencode Legal Copyright : Copyright © 1996-2001 Dpwokgyty Rnuuwdvkidm. Legal Trademarks : Fsfspgeah® is a registered trademark of Nmvbsghsk Ovftffwlszh. Product Name : Bsrvjmvzb Character Encoder Product Version : 10.0 Comments :
VirusTotal Report submitted 2011-09-05 02:39:14
VirusShare info last updated 2012-07-26 10:57:07

	MD5	0901f3836dd0d15dc088dc6b750d1880
	SHA1	2a52291204cbb913740110210b35b31d8ba0be19
	SHA256	1797a251161bd137f1434f61fc0eb88037d36255678f6b937c97e65c6848cc62
SSDeep	1536:c7JEbW2g8Hjy6r42B4nc8LijHrlmPodaFtiM/vlZu5AiBIIttPHpFr3:c0WAHLYLinlsod2cWKqIttP
Size	147456 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Graftor.173522 Avast = Win32:Diller-DK [Trj] Ikarus = Trojan.Win32.Webprefix AhnLab-V3 = Trojan/Win32.Vundo Panda = Trj/Genetic.gen Rising = Trojan.Win32.Generic.12BBB9BC K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_GEN.R01C1CK Emsisoft = Trojan.Win32.Webprefix!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Vundo!oq TrendMicro = TROJ_GEN.R01C1CK Kaspersky = Trojan.Win32.Genome.afdgc Microsoft = Trojan:Win32/Vundo.gen!CA Fortinet = W32/Ponmocup.AZ!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.HUP!genus McAfee = Vundo!oq F-Secure = Gen:Variant.Graftor.17350 VIPRE = Virtumonde eSafe = Win32.TRGraftor F-Prot = W32/Agent.OG.gen!Eldorado AVG = Agent3.BJMH Norman = W32/Troj_Generic.APJLN Sophos = Troj/Virtum-Gen GData = Gen:Variant.Graftor.17350 Symantec = Trojan.Gen.2 Commtouch = W32/Agent.OG.gen!Eldorado TheHacker = Trojan/Ponmocup.bd BitDefender = Gen:Variant.Graftor.17350 NOD32 = a variant of Win32/Ponmocup.BD
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:03:27 18:28:44-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 69632 Initialized Data Size : 77824 Uninitialized Data Size : 0 Entry Point : 0x16ef OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Event Create File Version : 5.1.2600.0 (xpclient.010817-1148) Internal Name : EventCreate.exe Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : EvCreate.exe Product Name : Microsoft® Windows® Operating System Product Version : 5.1.2600.0
VirusTotal Report submitted 2012-05-30 16:33:27
VirusShare info last updated 2012-07-26 10:58:01

	MD5	7445cdcb9ae90abe29d4a2ec2813e22a
	SHA1	52dd96bf122b5d74aa0998ffb79213518c4cb7dc
	SHA256	1a5ae402ddfdb62912793b6d69da67838dddb5274269fa8b24987daee3614635
SSDeep	3072:Vjivr+AMX2zJPHBhgnL89ipsmeH6qQp7rplVpas7iSP:VmMX2zJPhhgrum+Eas7j
Size	147968 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Kazy.YS Avast = Win32:Diller-DK [Trj] Ikarus = Trojan.Win32.Webprefix Panda = Trj/Genetic.gen K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_GEN.R01C8CJ Emsisoft = Trojan.Win32.Webprefix!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Generic Malware.hj!pec TrendMicro = TROJ_GEN.R01C8CJ Kaspersky = Trojan.Win32.Genome.afcxz Microsoft = Trojan:Win32/Bumat!rts Fortinet = W32/Ponmocup.AZ!tr PCTools = Trojan.Gen McAfee = Generic Malware.hj!pec F-Secure = Gen:Variant.Barys.1086 VIPRE = Trojan.Win32.Generic!BT eSafe = Win32.TRKazy.Ys AVG = Agent3.BIWY Norman = W32/Troj_Generic.AOPAW Sophos = Troj/Virtum-Gen GData = Gen:Variant.Barys.1086 Symantec = Trojan.Gen.2 TheHacker = Trojan/Ponmocup.at BitDefender = Gen:Variant.Barys.1086 NOD32 = a variant of Win32/Ponmocup.AT
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2012:02:22 19:00:00-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 94208 Initialized Data Size : 57344 Uninitialized Data Size : 0 Entry Point : 0xe515 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.0.2134.1 Product Version Number : 5.0.2134.1 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Bpasiymks Ixhfoaguuch File Description : Reset Session Utility File Version : 5.00.2134.1 Internal Name : rwinsta Legal Copyright : Copyright (C) Microsoft Corp. 1981-1999 Original Filename : rwinsta.exe Product Name : Igzaxyssc(R) Rmlellx (R) 2000 Wiwomovdi Qaners Product Version : 5.00.2134.1
VirusTotal Report submitted 2012-05-30 16:41:32
VirusShare info last updated 2012-07-26 10:59:11

	MD5	0e3aaa301b14143318ffa2e05e743f34
	SHA1	05a51416bc920ecc3a63087006b1e57efcbc075c
	SHA256	1ab0027cd16b0132ec7cf5f6819b1c915a1aac3604a2657a19fd8d26b29000d0
SSDeep	6144:vDleF/55iPJNiCtrJ4ObeKUpy0mLyrzYhvEb05kObHoRq:vDlE5iP/iCPfbeKUpfy2zYhMb05dUA
Size	267143 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:Malware-gen Ikarus = Trojan-Downloader.Win32.Ponmocup AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/CI.A Comodo = TrojWare.Win32.Trojan.Agent.Gen Emsisoft = Trojan-Downloader.Win32.Ponmocup!IK McAfee-GW-Edition = Heuristic.LooksLike.Trojan.Crypt.ZPACK.B DrWeb = Trojan.DownLoader4.47441 ByteHero = Trojan.Win32.Heur.Gen Microsoft = TrojanDownloader:Win32/Ponmocup.A Jiangmin = Trojan/Generic.kfzm McAfee = Generic Downloader.x!gas VIPRE = Trojan.Win32.Generic!SB.0 Avast5 = Win32:Malware-gen AVG = Dropper.Generic4.AFLZ Norman = W32/Obfuscated.L Sophos = Mal/Generic-L GData = Win32:Malware-gen NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 16384 Initialized Data Size : 258048 Uninitialized Data Size : 0 Entry Point : 0x12ae OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.0 Product Version Number : 5.2.3790.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Sfefdynny Uiyfuapywio File Description : Keyring Manager Application File Version : 5.2.3790.0 (srv03_rtm.030324-2048) Internal Name : keymgr.cpl Legal Copyright : © Ecprhxhtf Kmwtvvffozp. All rights reserved. Original Filename : keymgr.cpl Product Name : Gducodeqm® Lnfacqy® Yguzcjiyy Yxehwj Product Version : 5.2.3790.0
VirusTotal Report submitted 2011-08-25 00:54:15
VirusShare info last updated 2012-07-26 10:59:17

	MD5	fe9fe54a4fa8c6dbc6565ddb5b83769f
	SHA1	6f91868a690e959d1c855324ff542790ff2ca5fa
	SHA256	290062560917161297fd4ad89c3b6b930e3784cf7cc7bfbe291d7df40c34c779
SSDeep	6144:/th1N8ETtzzKibnbz/S/4DnX6uvyXOH3IVo95jK/:/th5KgnbLRXOe4t/
Size	211424 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:Malware-gen Ikarus = Trojan-Downloader.Win32.Ponmocup AhnLab-V3 = Trojan/Win32.Pirminay Panda = Suspicious file Emsisoft = Trojan-Downloader.Win32.Ponmocup!IK McAfee-GW-Edition = Generic Downloader.x!gbc ByteHero = Trojan.Win32.Heur.Gen Microsoft = TrojanDownloader:Win32/Ponmocup.A PCTools = Trojan.ADH Jiangmin = Trojan/Generic.klre McAfee = Generic Downloader.x!gbc F-Secure = Trojan.Generic.6471082 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Malware-gen AVG = Dropper.Generic4.AJKE Norman = W32/Obfuscated.L GData = Trojan.Generic.6471082 Symantec = Trojan.ADH.2 BitDefender = Trojan.Generic.6471082 NOD32 = a variant of Win32/Injector.IVB
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 16384 Initialized Data Size : 200704 Uninitialized Data Size : 0 Entry Point : 0x12a6 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 4.30.62.2 Product Version Number : 4.30.62.2 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Intel Neqjhqfsftp. File Description : Intel Indeo® Video Interactive Quick Compressor File Version : 4.30.62.02 Internal Name : ir41_qc Legal Copyright : Copyright© Intel Hmnhrzcfpui 1994-1997 Legal Trademarks : Indeo® is a registered trademark of Intel Xhkocrbcvkm Original Filename : ir41_qc.dll Product Name : Intel Indeo® Video Interactive Quick Compressor Product Version : 4.30.62.02
VirusTotal Report submitted 2011-09-02 12:50:59
VirusShare info last updated 2012-07-26 11:04:33

	MD5	f8943e1b9f90a241f72e1dc773b987a6
	SHA1	baa2177514cf2132dbc7f2d3140fbe6724f6158e
	SHA256	2b68feb0fde4f2f390b7bc37e941948de226136f4a5f47eb76e7af63642560ed
SSDeep	6144:CSSg+nAua1yRObE6wxRXpP7w4Jl1P+T2L9o+xIn66728Qtz2F:CSdSOb/wbXp1Jl1WT2S+UtS8QN2F
Size	348854 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Pirminay.dai Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan-PWS.SuspectCRC AhnLab-V3 = Malware/Win32.Downadup Panda = Trj/CI.A VirusBuster = Trojan.Qhost!uq5BapCcNoQ VBA32 = SScope.Trojan.Pirminay.chc TrendMicro-HouseCall = TROJ_GEN.R3EC3BI Emsisoft = Trojan-PWS.SuspectCRC!IK Comodo = UnclassifiedMalware DrWeb = Trojan.Hosts.3416 TrendMicro = TROJ_GEN.R3EC3BI Microsoft = TrojanDownloader:Win32/Ponmocup.A PCTools = Net-Worm.Conficker!rem F-Secure = Trojan.Generic.KDV.135327 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Pirminay-H AVG = PSW.Generic8.AVZB Norman = W32/Obfuscated.L Symantec = W32.Downadup.B GData = Trojan.Generic.KDV.135327 TheHacker = Trojan/Qhost.nrx BitDefender = Trojan.Generic.KDV.135327 NOD32 = Win32/Qhost.NRX
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:04:07 21:32:32-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 278528 Initialized Data Size : 315392 Uninitialized Data Size : 0 Entry Point : 0x44898 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 3.9.0.0 Product Version Number : 2.0.0.0 File Flags Mask : 0x003f File Flags : Private build File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Unicode Company Name : AVM Berlin File Description : Driver for FRITZ!Card PCMCIA File Version : 3.9 Internal Name : fpcmbase.sys Legal Copyright : AVM Berlin 2005 Original Filename : fpcmbase.sys Product Name : Driver for FRITZ!Card PCMCIA Product Version : 2.0
VirusTotal Report submitted 2011-02-24 17:27:16
VirusShare info last updated 2012-07-26 11:05:27

	MD5	9d438eb086891427485e0420c8239898
	SHA1	2c23b1cce5f8614bfa0952892f81ee1d88286547
	SHA256	2c26b8e6acaa05a2069ea1416c43639c240653a272bd0dcb25e69c5c9436c438
SSDeep	1536:+I/RSvJ2rz9WBB0Zb9inyKru2BKZug8LiydrVSl2mPfMHPYotqQV4h5St9xCkP:FRR88ifHLiIUl20gPYotqQVw5KxP
Size	142336 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.ZPACK.Gen2 Avast = Win32:Kryptik-GBK [Trj] Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Win32.Diller AhnLab-V3 = Trojan/Win32.Genome Panda = Suspicious file K7AntiVirus = Riskware VBA32 = Trojan.Genome.abjsf Emsisoft = Win32.Diller!IK McAfee-GW-Edition = Generic.dx!bdkc Fortinet = W32/Ponmocup.AM!tr McAfee = Generic.dx!bdkc F-Secure = Gen:Variant.Graftor.9464 VIPRE = Trojan.Win32.Generic!BT AVG = Generic26.AHMK Norman = W32/Kryptik.AIF GData = Gen:Variant.Graftor.9464 Symantec = Trojan.Gen.2 TheHacker = Trojan/Genome.abkhr BitDefender = Gen:Variant.Graftor.9464 NOD32 = Win32/Ponmocup.AM
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2011:12:04 19:00:00-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 94208 Initialized Data Size : 57344 Uninitialized Data Size : 0 Entry Point : 0x6e21 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-04-05 09:21:45
VirusShare info last updated 2012-07-26 11:05:42

	MD5	5ee454340bb393bcbba137a41073c82a
	SHA1	f780b69a4cf71209b2e442dee15fbc39e4eefde2
	SHA256	31da22f6723b9f5e3223def572b37e916a38865ead4038830f048463d5980c55
SSDeep	6144:iTn93twyT4GjD9FwmqxqCIW1o+Y0EOJSYCrlS5lZkXwZB3ZW:iZ3yyT7D9efk+FEOJkMB3c
Size	326144 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	Avast = Win32:Malware-gen Ikarus = Trojan-Downloader.Win32.Ponmocup Panda = Generic Trojan Rising = Trojan.Win32.Generic.5203837A Comodo = UnclassifiedMalware McAfee-GW-Edition = Win32.NewMalware.BM Microsoft = TrojanDownloader:Win32/Ponmocup.A Sunbelt = Trojan.Win32.Generic!BT McAfee = Generic Downloader.x!dxc Avast5 = Win32:Malware-gen AVG = Crypt.VNF Sophos = Mal/Generic-L GData = Win32:Malware-gen TheHacker = Trojan/Injector.blv NOD32 = a variant of Win32/Injector.BLV
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:02:01 10:19:12-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 24576 Initialized Data Size : 580096 Uninitialized Data Size : 0 Entry Point : 0x6d6c OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 0.3.81.1 Product Version Number : 7.6.81.1 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 12 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : ThinPrint GmbH File Description : TPOG Printer Driver File Version : 7,6,81,1 Internal Name : tpprn.dll Legal Copyright : Copyright © 2000 - 2007 ThinPrint GmbH Legal Trademarks : Original Filename : tpprn.dll Private Build : Product Name : ThinPrint Output Gateway Product Version : 7,6,81,1 Special Build :
VirusTotal Report submitted 2010-05-13 18:51:24
VirusShare info last updated 2012-07-26 11:07:48

	MD5	ff1084d7d9fa7cd2d071eeef0c36bf3f
	SHA1	c6cf1719dc7b6dcb345b27a19310edbf3f832e09
	SHA256	3f8ea5fe14fba99e936b55c96c018fb1b93dfd56ca196a2edc8d2f953311b05b
SSDeep	3072:KVv58vZuZ1d9Yj/FtjHaVv1nXw3p5wHWZb7Q79vxxtfcyCOQzLhrQAG29pPlyJ:KB//uhWnXw7pM9FNCOOQB2Q
Size	208231 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:Downloader-JIF [Trj] Antiy-AVL = Trojan/Win32.Jorik Ikarus = Trojan.Win32.Jorik AhnLab-V3 = Trojan/Win32.Jorik Panda = Generic Trojan nProtect = Trojan/W32.Agent.208231 K7AntiVirus = Riskware VBA32 = TrojanDownloader.Qhost.jw TrendMicro-HouseCall = TROJ_GEN.R21C1IE Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Jorik!IK CAT-QuickHeal = TrojanDownloader.Ponmocup.a McAfee-GW-Edition = Generic.evx!i DrWeb = Trojan.DownLoader4.20577 ByteHero = Trojan.Win32.Heur.Gen TrendMicro = TROJ_GEN.R21C1IE Kaspersky = Trojan.Win32.Jorik.Pirminay.mg Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Jorik.K!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.hxys McAfee = Generic.evx!i F-Secure = Trojan.Generic.KDV.297459 VIPRE = Trojan.Win32.Generic!BT eSafe = Win32.TRDropper AVG = Dropper.Generic4.NUT Norman = W32/Suspicious_Gen2.NRADH Sophos = Mal/Generic-L GData = Trojan.Generic.KDV.297459 Symantec = Trojan.Gen TheHacker = Trojan/Jorik.Pirminay.ch BitDefender = Trojan.Generic.KDV.297459 NOD32 = a variant of Win32/Kryptik.UFA
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 16384 Initialized Data Size : 196608 Uninitialized Data Size : 0 Entry Point : 0x138e OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.2600.1 Product Version Number : 6.0.2600.1 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Cfcyhlmfh Qyosmxxshap File Description : Internet Service Location protocol library File Version : 6.0.2600.0 (taeyoxcz.010817-1148) Internal Name : INETSLOC.DLL Legal Copyright : © Microsoft Zjumnmujlcs. All rights reserved. Original Filename : INETSLOC.DLL Product Name : Internet Information Services Product Version : 6.0.2600.0
VirusTotal Report submitted 2011-10-21 02:56:14
VirusShare info last updated 2012-07-26 11:11:56

	MD5	2d89b6703418d505b239bb2edbc68f6a
	SHA1	a55ab70effe86144dd96bb5277168bbd6b500521
	SHA256	41cda7ed8a50ddd3286564a436ebe869afae1e93f7fd7123a317bc0fadcedbbb
SSDeep	6144:oVhnETRyreVmDgLzmEVra8QpwiJus0AKXyqtdbICT/Ec4cEv3l+r8bxjgDHh:okmLYS59uW7gdpDhg3sr810
Size	347136 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dldr.Ponmocup.A.11 Avast = Win32:Malware-gen Ikarus = Trojan.Crypt AhnLab-V3 = Malware/Win32.Generic Panda = Suspicious file nProtect = Trojan.Generic.3690783 Comodo = UnclassifiedMalware McAfee-GW-Edition = Generic Downloader.x!drq Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = PossibleThreat Sunbelt = Trojan.Win32.Generic!BT McAfee = Generic Downloader.x!drq a-squared = Trojan.Crypt!IK F-Secure = Trojan.Generic.3690783 Avast5 = Win32:Malware-gen eSafe = Win32.Injector.Bet AVG = Crypt.TAZ Sophos = Mal/Generic-L GData = Trojan.Generic.3690783 TheHacker = Trojan/Injector.bet BitDefender = Trojan.Generic.3690783 NOD32 = a variant of Win32/Injector.BET
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:11:03 07:31:23-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 18944 Initialized Data Size : 652800 Uninitialized Data Size : 0 Entry Point : 0x5856 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Universal Serial Bus Camera Driver File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : usbcamd2.sys Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : usbcamd2.sys Product Name : Microsoft® Windows® Operating System Product Version : 6.1.7600.16385
VirusTotal Report submitted 2010-05-18 14:41:36
VirusShare info last updated 2012-07-26 11:12:44

	MD5	9f9910b4410902041b169cc63346b972
	SHA1	9b4094fd5fbe2a2ebe35b9b491cd8dc0053f6c05
	SHA256	4abb9edb4ab9c620f9b137a8a4d676ad389fa8df0b7676be043ee05b056e6069
SSDeep	12288:4nQlqEYeQSd9l74oxtUHWl+YQIylKFjkuJ4BN:4QUKl7NajI8mku+j
Size	411648 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	Avast = Win32:Malware-gen Ikarus = Trojan-Downloader.Win32.Ponmocup CAT-QuickHeal = Win32.Packed.Katusha.j.4 DrWeb = Trojan.MulDrop1.6910 Microsoft = TrojanDownloader:Win32/Ponmocup.A Avast5 = Win32:Malware-gen AVG = Crypt.RSO GData = Win32:Malware-gen NOD32 = a variant of Win32/Injector.BET
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:10:17 01:42:42-04:00 PE Type : PE32 Linker Version : 5.12 Code Size : 53760 Initialized Data Size : 705024 Uninitialized Data Size : 0 Entry Point : 0xe062 OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.2600.0 Product Version Number : 6.0.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Internet Connection Wizard File Version : 6.00.2600.0000 (xpclient.010817-1148) Internal Name : INETWIZ Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : INETWIZ.EXE Product Name : Microsoft® Windows® Operating System Product Version : 6.00.2600.0000
VirusTotal Report submitted 2010-05-17 21:40:57
VirusShare info last updated 2012-07-26 11:15:49

	MD5	16fd250aca647d2ebec5609a461e0898
	SHA1	465ba5760dcd59ee8e0f394bb140bcfe47f6088f
	SHA256	4d6eb9027a4b9558b5b9a06a2f3cbfaf57a2de60cec28746aae7f52471fbd10b
SSDeep	6144:eoZ1uk30dbJ9kd9Bc1hKs1zPrkaQi3ykwKy/xrdAPZ8PAQTNOoxPy2PBvnmmrY:eobukkdbnO21h7bpzwKqxAPy9xP/mmrY
Size	403860 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dldr.Ponmocup.A.340 Avast = Win32:Pirminay-V [Trj] Ikarus = Trojan.Win32.Pirminay Panda = Trj/CI.A Comodo = TrojWare.Win32.Trojan.Agent.Gen Emsisoft = Trojan.Win32.Pirminay!IK DrWeb = Trojan.Smardec.75 Microsoft = TrojanDownloader:Win32/Ponmocup.A VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Pirminay-V [Trj] AVG = Generic23.BLDW Norman = W32/Obfuscated.L GData = Win32:Pirminay-V NOD32 = a variant of Win32/Kryptik.LNR
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:15 10:29:29-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 401408 Initialized Data Size : 4096 Uninitialized Data Size : 491520 Entry Point : 0xdac20 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 2 Language Code : Neutral Character Set : Unicode Company Name : Hvyzymjqj Pgscgwvqhil File Description : FYROMacedonian_Cyrillic Keyboard Layout File Version : 5.1.2600.0 (abafasin.010817-1148) Internal Name : kbdmac (3.11) Legal Copyright : © Xktwcioxs Vbdjfujfnfb. All rights reserved. Original Filename : kbdmac.dll Product Name : Nvitddzjt® Xoamqmr® Jmudxcshd Bcipfs Product Version : 5.1.2600.0
VirusTotal Report submitted 2011-07-18 20:11:12
VirusShare info last updated 2012-07-26 11:16:49

	MD5	520502489d9453b7ae7fa3e5f55c4a37
	SHA1	c7c7a48a7a2f9ac885511e87bae5f519321b1915
	SHA256	4e364091b9c75e7382b20f0ce0aec6451118b4c99df616aef2361ac3da1b4110
SSDeep	192:z+b3Ol0FJTcgSXeUIp1V1A41HgSZc3hfVjmikR3rNAUv20xfLu9zNxXR:zu3Ol8VDp1A41HT++R3120xapjXR
Size	21016 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Offend.5523425 Avast = Win32:Malware-gen Ikarus = not-a-virus:AdWare.Win32.SuperJuan AhnLab-V3 = Trojan/Win32.Pirminay Panda = Suspicious file nProtect = Trojan.Generic.5523425 K7AntiVirus = Trojan VBA32 = Trojan.Pirminay.baz Emsisoft = Riskware.AdWare.Win32.SuperJuan!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Generic.dx!bcwf DrWeb = Trojan.WinSpy.1014 Kaspersky = Trojan.Win32.Pirminay.baz Fortinet = W32/Pirminay.BAZ!tr Jiangmin = TrojanDownloader.Agent.ctuc McAfee = Generic.dx!bcwf F-Secure = Trojan.Generic.5523425 VIPRE = Trojan.Win32.Generic!BT AVG = Downloader.Small.62.D Norman = W32/Troj_Generic.OYFS Sophos = Sus/Behav-278 GData = Trojan.Generic.5523425 BitDefender = Trojan.Generic.5523425 NOD32 = a variant of Win32/Ponmocup.AA
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 3072 Initialized Data Size : 2048 Uninitialized Data Size : 0 Entry Point : 0x196f OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-02-18 20:51:24
VirusShare info last updated 2012-07-26 11:17:05

	MD5	ba377d6905f7d57082a5fc0a8f8199df
	SHA1	b85662bcf59a0b63147d25fedefa651b8696aac6
	SHA256	501643fdd3f60d55066a58ce549733e9b7e88ddc5a0de60f1a0cf9a3ab7314d7
SSDeep	6144:jKGRwFJkWWCPIdDfHeDK+bSArqQzj5e8eOu:jK1xv/ITUej
Size	229355 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:Downloader-JEH [Trj] Antiy-AVL = Trojan/Win32.Jorik Ikarus = Trojan.Win32.Jorik AhnLab-V3 = Trojan/Win32.Jorik Panda = Trj/CI.A nProtect = Gen:Variant.Downloader.10 K7AntiVirus = Riskware VirusBuster = Trojan.Injector!RnRC6TivcGI VBA32 = TrojanDownloader.CodecPack.sjt TrendMicro-HouseCall = TROJ_GEN.R4FC3IF Emsisoft = Trojan.Win32.Jorik!IK CAT-QuickHeal = Trojan.Jorik.Pirminay.arz SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.WinSpy.1014 ByteHero = Trojan.Win32.Heur.Gen TrendMicro = TROJ_GEN.R4FC3IF Kaspersky = Trojan.Win32.Jorik.Pirminay.arz Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Jorik.K!tr PCTools = Trojan.ADH Jiangmin = Trojan/Generic.hxys McAfee = Generic Malware.ms F-Secure = Trojan.Generic.6411322 VIPRE = Trojan.Win32.Generic!BT AVG = Dropper.Generic4.TYV Norman = W32/Obfuscated.L GData = Trojan.Generic.6411322 Symantec = Trojan.ADH TheHacker = Trojan/Jorik.Pirminay.gn BitDefender = Trojan.Generic.6411322 NOD32 = a variant of Win32/Injector.HZU
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 225280 Initialized Data Size : 4096 Uninitialized Data Size : 45056 Entry Point : 0x42c00 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.1106 Product Version Number : 5.1.2600.1106 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Uhaaruimv Corporation File Description : Schedule Tasks File Version : 5.1.2600.1106 (xpsp1.020828-1920) Internal Name : SchTasks.exe Legal Copyright : © Hvszzqzko Ayjiatrrgab. All rights reserved. Original Filename : ScTasks.exe Product Name : Sppufspos® Jucjimo® Lzfcssxbv Belchn Product Version : 5.1.2600.1106
VirusTotal Report submitted 2011-12-02 09:16:29
VirusShare info last updated 2012-07-26 11:17:51

	MD5	cfb77bd9387d97ec25d27c38f919afcf
	SHA1	8432a79c60f3788e27a8a5a414ae64347c898e0a
	SHA256	51cc1dc9041c1be24ebf89e5210640287e140ae89dced8477571e36817cfc8f5
SSDeep	1536:V42HABZQlbwLd/jSc7DEppGnRLM3ghKLc7QVx7OAJPjNGbw9iyWw+1VtX2t:oQiv7DNlMQ8Lc7QqAJPjNGbw9iyWw+1i
Size	87040 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.XPACK.Gen Avast = Win32:Suprchu [Adw] Antiy-AVL = Trojan/Win32.Genome Ikarus = Trojan.SuspectCRC AhnLab-V3 = Trojan/Win32.HDC Panda = Trj/CI.A nProtect = Gen:Variant.Graftor.1470 VirusBuster = Trojan.Kryptik!6Xbo/zd+Yjw TrendMicro-HouseCall = TROJ_GEN.R29C8JK Comodo = UnclassifiedMalware Emsisoft = Trojan.SuspectCRC!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[RE] McAfee-GW-Edition = Generic.dx!bbkm TrendMicro = TROJ_GEN.R29C8JK Kaspersky = Trojan.Win32.Genome.wxwc Fortinet = W32/Malware_fam.NB PCTools = Trojan.Gen Jiangmin = DangerousObject.Multi.cmj McAfee = Generic.dx!bbkm F-Secure = Trojan.Generic.6715785 VIPRE = Trojan.Win32.Generic!BT AVG = Generic25.PFV Norman = W32/Suspicious_Gen2.RIPDE Sophos = Troj/Virtum-Gen GData = Trojan.Generic.6715785 Symantec = Trojan.Gen.2 TheHacker = Trojan/Kryptik.tms BitDefender = Trojan.Generic.6715785 NOD32 = Win32/Ponmocup.AA
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 20480 Initialized Data Size : 69632 Uninitialized Data Size : 0 Entry Point : 0x140a OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.0.3000.11 Product Version Number : 5.0.3000.11 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 1 Language Code : Czech Character Set : Unicode Company Name : Brother Industries, Ltd. File Description : brclrui.dll File Version : 5.0.3000.11 (vbl_wcp_d2_drivers.060616-1619) Internal Name : brclrui.dll Legal Copyright : Copyright © Brother Industries, Ltd. 2002 Original Filename : brclrui.dll Product Name : Operacni system Aknwrhrcy® Oavwxnf® Product Version : 5.0.3000.11
VirusTotal Report submitted 2011-11-11 17:56:01
VirusShare info last updated 2012-07-26 11:18:29

	MD5	650e1a939065d9ba56fbee1e15523dee
	SHA1	c01429265a2cab43a442ee5211df6d9f905f3aa3
	SHA256	5ab755ec8c5746cfe9678298793d66810dffc6055f2a856470e59eebba0fd6dc
SSDeep	1536:Pku3P2UGUxlw8glUb1vDSSvHl0dRfGbk8XfbYgbxD8wOTOjbCk2aODvrW:Mu3Za5UQSvFwftSYglDcKjbCZaODva
Size	118784 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.ZPACK.Gen2 Avast = Win32:Diller-A [Trj] Ikarus = Win32.Diller K7AntiVirus = Riskware Comodo = UnclassifiedMalware Emsisoft = Win32.Diller!IK Fortinet = W32/Ponmocup.AA VIPRE = Trojan.Win32.Generic!BT AVG = Downloader.Agent2.AZHR GData = Win32:Diller-A NOD32 = Win32/Ponmocup.AA
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2012:01:10 19:00:00-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 57344 Initialized Data Size : 57344 Uninitialized Data Size : 0 Entry Point : 0x4f7b OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-04-10 11:39:58
VirusShare info last updated 2012-07-26 11:21:44

	MD5	9e9a0257fa39189250b88d4fe1ad2836
	SHA1	3a3e49a3589b7ac433ba5bbe5664ebb9d5109cbb
	SHA256	5fa0ad73fd41faa10bf6a1adde5dd1297e9d11e765e872ca105a11f6b5aa85f9
SSDeep	3072:p8/fdGQYmILitOyvtBmRgttgb0xBF5DhIqjbY:p8/lBhpgYHDDhL
Size	163840 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.ZPACK.Gen2 Avast = Win32:Diller-DK [Trj] Antiy-AVL = Trojan/win32.agent Ikarus = Win32.Diller AhnLab-V3 = Trojan/Win32.Genome K7AntiVirus = Riskware VirusBuster = Trojan.Ponmocup!JSOkNu0pzO8 VBA32 = Trojan.Genome.aeumn Emsisoft = Win32.Diller!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Genome.aeumn McAfee-GW-Edition = Artemis!9E9A0257FA39 Kaspersky = Trojan.Win32.Genome.aeumn Fortinet = W32/Genome.AA!tr McAfee = Artemis!9E9A0257FA39 F-Secure = Gen:Variant.Graftor.15125 VIPRE = Trojan.Win32.Generic!BT eSafe = Win32.TRCrypt.ZPACK AVG = Downloader.Agent2.AZHY Norman = W32/Troj_Generic.AVJQV GData = Gen:Variant.Graftor.15125 TheHacker = Trojan/Genome.aeumn BitDefender = Gen:Variant.Graftor.15125 NOD32 = Win32/Ponmocup.AA
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 8.0 Code Size : 106496 Initialized Data Size : 57344 Uninitialized Data Size : 0 Entry Point : 0x9a81 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-05-13 07:57:28
VirusShare info last updated 2012-07-26 11:25:30

	MD5	19b96361a958bee5a1ba2dae036eeaa7
	SHA1	b3ddcd71c92115e2db74c55da6e79f70920ea52e
	SHA256	5fa5c02a727f3949d2428fd55ce7c82468ad454f03b819fff060da705f4ecea3
SSDeep	6144:Xa6fpqH834iaZNuVbpBxSJjYW24iAA8445af68IH6tIlMLEjc+N9u2wPY4wqomtB:XaU3FaDuVbpBcJnzDQfAHwIJ9u2wP6GT
Size	323021 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.XPACK.Gen Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/CI.A nProtect = Gen:Variant.Kazy.29755 K7AntiVirus = Trojan VirusBuster = Trojan.Kryptik!ve93BbQGaOA TrendMicro-HouseCall = TROJ_GEN.R28C2I9 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Pirminay.okn McAfee-GW-Edition = Generic Downloader.x!gby TrendMicro = TROJ_GEN.R28C2I9 Kaspersky = Trojan.Win32.Pirminay.okn Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.ajb McAfee = Generic Downloader.x!gby F-Secure = Trojan.Generic.6220171 VIPRE = Trojan.Win32.Generic!BT AVG = Generic23.AKTP Norman = W32/Kryptik.AIF Sophos = Mal/Generic-L GData = Trojan.Generic.6220171 Symantec = Trojan.Gen TheHacker = Trojan/Pirminay.jsp BitDefender = Trojan.Generic.6220171 NOD32 = a variant of Win32/Kryptik.LNR
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:24 23:48:36-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 319488 Initialized Data Size : 4096 Uninitialized Data Size : 405504 Entry Point : 0xb1c40 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.0.0.3422 Product Version Number : 2.0.0.3422 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : Hungarian Character Set : Unicode Comments : Company Name : Dtptfvhbg Duyzgajkbjz File Description : Fbwfnblrz Agent International Dll File Version : 2.00.0.3422 Internal Name : agt040E Legal Copyright : Copyright (C) Vabpmlabc Corp. 1999 Legal Trademarks : Original Filename : agt040E.dll Private Build : Product Name : Liarfvqba Agent International Dll Product Version : 2.00.0.3422 Special Build :
VirusTotal Report submitted 2011-11-30 04:16:53
VirusShare info last updated 2012-07-26 11:25:30

	MD5	432bfdda359524feb57e107d20d97383
	SHA1	bed199b352cf8619834a8d83312b05630badb6c8
	SHA256	623e69fbe8595f871a4af0193f18279102725ce2bdaf9091e6735ec4ffcb0dbd
SSDeep	6144:Txfjwu3qHNTc2Rpvszs2n/FJfUerdZLod5E:Zf3qac32sMLode
Size	241105 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Meredrop.A.8437 Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Jorik Ikarus = Trojan-Downloader.Win32.Ponmocup AhnLab-V3 = Trojan/Win32.HDC Panda = Trj/CI.A nProtect = Gen:Variant.Graftor.1232 K7AntiVirus = Trojan VirusBuster = Trojan.Meredrop!NlVl7wjc8ec TrendMicro-HouseCall = TROJ_GEN.R28C2IH Emsisoft = Trojan-Downloader.Win32.Ponmocup!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Jorik.Pirminay.ace McAfee-GW-Edition = Generic Malware.ms ByteHero = Trojan.Win32.Heur.Gen TrendMicro = TROJ_GEN.R28C2IH Kaspersky = Trojan.Win32.Jorik.Pirminay.ace Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Downloader_x.GBY!tr PCTools = Trojan.ADH Jiangmin = Trojan/Generic.kkfx McAfee = Generic Malware.ms F-Secure = Gen:Variant.Graftor.1232 VIPRE = Trojan.Win32.Generic!BT AVG = Generic25.PSG Norman = W32/Suspicious_Gen2.RFDAT Sophos = Troj/Virtum-Gen GData = Gen:Variant.Graftor.1232 Symantec = Trojan.ADH TheHacker = Trojan/Kryptik.ufa BitDefender = Gen:Variant.Graftor.1232 NOD32 = a variant of Win32/Kryptik.UFA
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 233472 Initialized Data Size : 12288 Uninitialized Data Size : 32768 Entry Point : 0x40fb0 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Ginurmapb Ghyrymrcktr File Description : Nxsktivvd Internet Account Manager Resources File Version : 6.0.6000.16386 (rkrvg_rtm.061101-2205) Internal Name : ACCTRES.DLL Legal Copyright : © Vsdeixdxn Jocofcxyhnl. All rights reserved. Original Filename : ACCTRES.DLL Product Name : Znvxuvbsk® Windows® Rnpchgglr Vivelf Product Version : 6.0.6000.16386 Ole Self Register :
VirusTotal Report submitted 2011-11-30 04:15:34
VirusShare info last updated 2012-07-26 11:26:32

	MD5	b36493383b589230b36ae4a8a372639d
	SHA1	3c370c7895227c5c40ae43fa406c9dacf2a08089
	SHA256	646f5f37c5d46c24bd5a99ef87219a2cc73dc2baf8b679b036d905ba0212915e
SSDeep	6144:wyAKZZf+ftQ2lQccTpi4m6OUtmIP+ORaGxT9dueGOw7IR0oC5FE5CA:tf+1Q2lQdi4RtAORaIuYXWEJ
Size	308465 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.XPACK.Gen2 Ikarus = Trojan.Pirminay Panda = Suspicious file nProtect = Gen:Variant.Vundo.6 VBA32 = SScope.Trojan.Pirminay.chc Emsisoft = Trojan.Pirminay!IK Microsoft = TrojanDownloader:Win32/Ponmocup.A PCTools = Trojan.ADH F-Secure = Gen:Variant.Vundo.6 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Pirminay-H AVG = Generic21.KEO Symantec = Trojan.ADH.2 GData = Gen:Variant.Vundo.6 BitDefender = Gen:Variant.Vundo.6 NOD32 = a variant of Win32/Kryptik.JZC
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:27 21:37:03-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 49152 Initialized Data Size : 507904 Uninitialized Data Size : 0 Entry Point : 0xcc8c OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.5512 Product Version Number : 5.1.2600.5512 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Microsoft T2Embed Font Embedding File Version : 5.1.2600.5512 (xpsp.080413-2105) Internal Name : T2EMBED.DLL Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : T2EMBED.DLL Product Name : Microsoft® Windows® Operating System Product Version : 5.1.2600.5512
VirusTotal Report submitted 2011-02-19 08:48:29
VirusShare info last updated 2012-07-26 11:27:29

	MD5	6bc63baa819757db66a7e56c202cec0c
	SHA1	753d8f099e30a31678b92a747ba1bc058791d676
	SHA256	653641ed0073673b12e87ada94022410bd159d96c8864da035b036ab828d141b
SSDeep	6144:pmyGCQxXlyDw2c0bkkmem2t4ux1x2FbjwAa4vhMO:pmyGF5lyDw2c0bY2t4q1KZMO
Size	228904 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:Pirminay-CY [Trj] Antiy-AVL = Trojan/win32.agent Ikarus = Trojan.Win32.Jorik AhnLab-V3 = Trojan/Win32.Jorik Panda = Trj/CI.A nProtect = Gen:Variant.Downloader.10 K7AntiVirus = Riskware VirusBuster = Trojan.Injector!BcCvnnEp8Uo VBA32 = TrojanDownloader.CodecPack.sjt TrendMicro-HouseCall = TROJ_GEN.R28C1I9 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Jorik!IK CAT-QuickHeal = TrojanDownloader.Ponmocup.a SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] ByteHero = Trojan.Win32.Heur.Gen TrendMicro = TROJ_GEN.R28C1I9 Kaspersky = Trojan.Win32.Jorik.Pirminay.vm Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Jorik.K!tr PCTools = Trojan.ADH Jiangmin = Trojan/Generic.hxys McAfee = Downloader.a!ds VIPRE = Trojan.Win32.Generic!BT AVG = Dropper.Generic4.UHL Norman = W32/Obfuscated.L Sophos = Mal/Generic-L GData = Trojan.Generic.6433564 Symantec = Trojan.ADH.2 BitDefender = Trojan.Generic.6433564 NOD32 = a variant of Win32/Injector.HZU
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 225280 Initialized Data Size : 4096 Uninitialized Data Size : 45056 Entry Point : 0x42970 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.1106 Product Version Number : 5.1.2600.1106 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Uhaaruimv Corporation File Description : Schedule Tasks File Version : 5.1.2600.1106 (xpsp1.020828-1920) Internal Name : SchTasks.exe Legal Copyright : © Hvszzqzko Ayjiatrrgab. All rights reserved. Original Filename : ScTasks.exe Product Name : Sppufspos® Jucjimo® Lzfcssxbv Belchn Product Version : 5.1.2600.1106
VirusTotal Report submitted 2011-10-16 21:15:11
VirusShare info last updated 2012-07-26 11:27:50

	MD5	f48cc7117bb9a03e49a15ff89d97d008
	SHA1	fa57c4c6ae7af751797c49b79e9edc64a8959740
	SHA256	66913868fa6a948cf0e5a64426ec49faaa355d12e4839e66c585186ddfdb365e
SSDeep	3072:8yR9yayL3wBJw2V5W/M+U+ZsQgyhRDcqV:0ZLgBq2V5iMuJha
Size	118784 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Diller.A.2 Avast = Win32:Diller-DK [Trj] Ikarus = Win32.Diller Panda = Trj/Agent.JYA K7AntiVirus = Riskware VirusBuster = Trojan.Ponmocup!sI9bOrSmWtw TrendMicro-HouseCall = TROJ_GEN.R29C7EH Emsisoft = Win32.Diller!IK Comodo = UnclassifiedMalware TrendMicro = TROJ_GEN.R29C7EH Kaspersky = Trojan.Win32.Genome.afbxt Microsoft = Trojan:Win32/Vundo.gen!CB Fortinet = W32/Ponmocup.BG F-Secure = Gen:Variant.Barys.569 VIPRE = Trojan.Win32.Generic!BT AVG = Agent3.BJXJ Norman = W32/Troj_Generic.AYCUR GData = Gen:Variant.Barys.569 BitDefender = Gen:Variant.Barys.569 NOD32 = Win32/Ponmocup.BG
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2012:02:18 19:00:00-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 65536 Initialized Data Size : 53248 Uninitialized Data Size : 0 Entry Point : 0x692f OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-05-20 14:37:59
VirusShare info last updated 2012-07-26 11:28:22

	MD5	fd54fe32e247b52f181cf43620d772f9
	SHA1	71b3296cbfe62fc021ef72f442c0793fdae0a377
	SHA256	66b801e17d97eec9885d15a50abf871c3d473d99a15cb2c84eea988d2ae72547
SSDeep	12288:i6CN6oVpJhEeqw3IJfzCJLGQEqt8t3oYHN:LCNHhEeZGfGLGQEqt8po
Size	519168 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	Panda = Suspicious file DrWeb = Trojan.MulDrop1.17546 Microsoft = TrojanDownloader:Win32/Ponmocup.A
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:03:24 14:17:53-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 125440 Initialized Data Size : 782848 Uninitialized Data Size : 0 Entry Point : 0x1f6fc OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.0 Product Version Number : 5.2.3790.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 4 Language Code : Neutral Character Set : Unicode Company Name : Microsoft Corporation File Description : 32K/64K color VGA\SVGA Display Driver File Version : 5.2.3790.0 (srv03_rtm.030324-2048) Internal Name : vga64k.dll Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : vga64k.dll Product Name : Microsoft® Windows® Operating System Product Version : 5.2.3790.0
VirusTotal Report submitted 2010-05-06 05:29:36
VirusShare info last updated 2012-07-26 11:28:26

	MD5	22c6862ac491dc3a714b2601e9da742c
	SHA1	6dcf19c1ad1aacb804ea352a89d180f1a37ffce0
	SHA256	6842d90bbf246531c1bd0a5b644b8fe43eedc19e0e87f4f08283e1f3c2b2bf60
SSDeep	1536:fSQhBxT9gaYLelXRtDYKrFw745hWhVi+EKneqFK1ajmAFbWYtALieISFjPn7:f5B9OytDYKr6QYyRKneqFK1ajmAFbWYC
Size	94720 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Graftor.364921 Avast = Win32:Trojan-gen Ikarus = Virus.Win32.Vundo AhnLab-V3 = Trojan/Win32.HDC Panda = Generic Trojan K7AntiVirus = Trojan VirusBuster = Trojan.Virtumonde!QWoW7TbvEvA VBA32 = Trojan.Virtumonde.bfjs eTrust-Vet = Win32/Vundo.HTS!genus TrendMicro-HouseCall = TROJ_GEN.R29CDLP Comodo = TrojWare.Win32.Ponmocup.aa Emsisoft = Virus.Win32.Vundo!IK CAT-QuickHeal = Trojan.Virtumonde.bfjs SUPERAntiSpyware = Trojan.Agent/Gen-Kundo McAfee-GW-Edition = Vundo!nk DrWeb = Trojan.Siggen3.32790 TrendMicro = TROJ_GEN.R29CDLP Kaspersky = Trojan.Win32.Virtumonde.bfjs Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Virtumonde.AA!tr PCTools = Trojan.Gen Jiangmin = Trojan/Virtumonde.akp McAfee = Vundo!nk F-Secure = Gen:Variant.Graftor.3649 VIPRE = Trojan.Win32.Encpk.acf (v) eSafe = Win32.TRGraftor AVG = Generic25.BOQO Norman = W32/Suspicious_Gen2.UDARV GData = Gen:Variant.Graftor.3649 Symantec = Trojan.Gen TheHacker = Trojan/Virtumonde.bfjs BitDefender = Gen:Variant.Graftor.3649 NOD32 = Win32/Ponmocup.AA
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:24 20:35:19-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 20480 Initialized Data Size : 81920 Uninitialized Data Size : 0 Entry Point : 0x1422 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1.3.0.2 Product Version Number : 1.3.0.2 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : Arabic Character Set : Windows, Arabic Company Name : Brother Industries Ltd. File Description : ‎‎برنامج تشغيل فئة Brother Parallel File Version : 1.03 Internal Name : BrParWdm.sys Legal Copyright : Copyright © Brother Industries Ltd., 2001-2003 Original Filename : BrParWdm.sys Product Name : Brother Parallel class Driver Product Version : 1.03
VirusTotal Report submitted 2012-02-17 20:24:55
VirusShare info last updated 2012-07-26 11:29:08

	MD5	ce5fef108ba91bb54898ec65eb3eb065
	SHA1	39598c35c9ac33db41f2d9017215caedb3cc3ea3
	SHA256	6bc63ed177ef979f16802017cb4168fd4b3bb798aca4c3027fbd9e83d00085cd
SSDeep	6144:wjdYbaWqiJkc+cDXdN6+YhSzLRs3Kvlj4M7O5vM:wWbvhp+m6nSHRs347OBM
Size	212050 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Jorik Ikarus = Gen.Trojan.Heur AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/CI.A nProtect = Gen:Variant.Graftor.1139 K7AntiVirus = Riskware VBA32 = Trojan.Jorik.Pirminay.amw TrendMicro-HouseCall = TROJ_GEN.R21C1K9 Emsisoft = Gen.Trojan.Heur!IK DrWeb = Trojan.DownLoader4.53444 ByteHero = Trojan.Win32.Heur.Gen TrendMicro = TROJ_GEN.R21C1K9 Kaspersky = Trojan.Win32.Jorik.Pirminay.auc Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Jorik_Pirminay.AUC!tr PCTools = Trojan.ADH Jiangmin = Trojan/Generic.kfzm McAfee = Generic Downloader.x!gbz F-Secure = Gen:Variant.Graftor.1139 VIPRE = Trojan.Win32.Generic!BT AVG = Dropper.Generic4.AGSK Norman = W32/Suspicious_Gen2.RPQAO Sophos = Mal/Generic-L Symantec = Trojan.ADH GData = Gen:Variant.Graftor.1139 TheHacker = Trojan/Injector.ivb BitDefender = Gen:Variant.Graftor.1139 NOD32 = a variant of Win32/Kryptik.UFA
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 16384 Initialized Data Size : 204800 Uninitialized Data Size : 0 Entry Point : 0x128a OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.3959 Product Version Number : 5.2.3790.3959 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Thsbvetwula File Description : NetMeeting Interface Marshaling Library File Version : 5.2.3790.3959 Internal Name : confmrsl Legal Copyright : Copyright © Aozzvrygn Oouzivrnhtm 1996-2001 Legal Trademarks : Qblbnihfh® is a registered trademark of Aksckwwwy Zpjidynupdu. Fddrecf® is a registered trademark of Biberylai Clppyovqajf. Original Filename : confmrsl.dll Product Name : Jwukfbdnm® Joidcbh® Oyofvyczh Prrqqy Product Version : 3.01
VirusTotal Report submitted 2011-11-13 17:30:44
VirusShare info last updated 2012-07-26 11:30:59

	MD5	3f15454c7e3c1b42ec8c31a9506e51e6
	SHA1	35b180f388a90c4e4a330c53a786986b6af54a9b
	SHA256	6d7239cbcf314835c009dde6e8ad3bf0d401a6edd12c5953cce59e00d54dfedc
SSDeep	6144:BGow5TI25teoXej7w23yb3msGUfJ43EE+i+Fzdh:Y1juiejqb3fGUfJVEin
Size	247119 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Gendal.6393477 Avast = Win32:Downloader-JDZ [Trj] Antiy-AVL = Trojan/Win32.Jorik Ikarus = Trojan.Win32.Jorik AhnLab-V3 = Trojan/Win32.Jorik Panda = Trj/Genetic.gen nProtect = Gen:Variant.Graftor.262 K7AntiVirus = Riskware VirusBuster = Trojan.Injector!r1Tot8G7Pd0 VBA32 = TrojanDownloader.Qhost.jw TrendMicro-HouseCall = TROJ_GEN.R29C1HR Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Jorik!IK CAT-QuickHeal = Trojan.Jorik.Pirminay.abo SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Generic.dx!bafg DrWeb = Trojan.DownLoader4.34368 ByteHero = Trojan.Win32.Heur.Gen TrendMicro = TROJ_GEN.R29C1HR Kaspersky = Trojan.Win32.Jorik.Pirminay.abo Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Jorik.K!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.hxys McAfee = Generic.dx!bafg F-Secure = Trojan.Generic.6393477 VIPRE = Trojan.Win32.Generic!BT eSafe = Win32.TRGendal AVG = Dropper.Generic4.TIL Norman = W32/Suspicious_Gen2.NWUMQ Sophos = Mal/Generic-L GData = Trojan.Generic.6393477 Symantec = Trojan.Gen TheHacker = Trojan/Jorik.Pirminay.lt BitDefender = Trojan.Generic.6393477 NOD32 = a variant of Win32/Injector.HZU
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 241664 Initialized Data Size : 8192 Uninitialized Data Size : 28672 Entry Point : 0x421f0 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Atdrtupku Cykchlnuhhu File Description : SCardDlg - Smart Card Common Dialog File Version : 5.1.2600.0 (lzxetkox.010817-1148) Internal Name : SCardDlg.dll Legal Copyright : © Xdvkdwplm Lthztkvuilh. All rights reserved. Original Filename : SCardDlg.dll Product Name : Cpscxhoyh® Uqltgvo® Tncqthbhx Jrypnh Product Version : 5.1.2600.0
VirusTotal Report submitted 2011-10-18 20:31:28
VirusShare info last updated 2012-07-26 11:31:53

	MD5	47134cae50b571b777e4ead61fc51a4c
	SHA1	18b98ca34118494cc21993c8718e2050c3812863
	SHA256	7032d73a43997ad648ca6df904cc3206e5f32b4e3d41d5945d8d8a97a77da65c
SSDeep	6144:j+0Q6o8AHAurkEsS/aDfhTUlvie6scjOz:j+/6o88UuatTUrxcj2
Size	225907 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:Downloader-JIF [Trj] Ikarus = Trojan.Win32.Jorik AhnLab-V3 = Trojan/Win32.ADH Panda = Trj/CI.A nProtect = Gen:Variant.Downloader.10 VirusBuster = Trojan.Injector!ryBYBBed64c VBA32 = Trojan.Jorik.Pirminay.ba TrendMicro-HouseCall = TROJ_GEN.R29C1HI Emsisoft = Trojan.Win32.Jorik!IK Comodo = TrojWare.Win32.Trojan.Agent.Gen McAfee-GW-Edition = Generic.dx!bafh ByteHero = Trojan.Win32.Heur.Gen Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Jorik.K!tr PCTools = Trojan.ADH Jiangmin = Trojan/Generic.hxys McAfee = Generic.dx!bafh F-Secure = Gen:Variant.Downloader.10 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Downloader-JIF [Trj] eSafe = Win32.TRDropper AVG = Dropper.Generic4.XFJ Norman = W32/Suspicious_Gen2.NWVSD GData = Gen:Variant.Downloader.10 Symantec = Trojan.ADH.2 BitDefender = Gen:Variant.Downloader.10 NOD32 = a variant of Win32/Injector.HZU
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 221184 Initialized Data Size : 8192 Uninitialized Data Size : 24576 Entry Point : 0x3c6c0 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1.0.0.1 Product Version Number : 1.0.0.1 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Hdtzdrawq File Description : Dgnet Module File Version : 1, 0, 0, 1 Internal Name : Dgnet Legal Copyright : Copyright 2000 Original Filename : Dgnet.dll Product Name : Dgnet Module Product Version : 1, 0, 0, 1 OLE Self Register :
VirusTotal Report submitted 2011-08-26 22:08:24
VirusShare info last updated 2012-07-26 11:33:19

	MD5	466baddadd6fa401b2ca086db52d8ecb
	SHA1	b0a6348c22b92d8ac1c25fcdd3d87a3359efae3e
	SHA256	76d52da4e1cd8d50db9917043ae70200d5191316aa87303bc63798008fdb825b
SSDeep	3072:bh/flKl7FZKRjDue5UNH8KVDd1SSG4Ljj2jCEA9uWPQrzW6V6h7xGn5u8Myn93uz:bpEAFDju6KVuO3KSdPQrnq7xd2xhE
Size	212063 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:Trojan-gen Ikarus = Trojan-Downloader.Win32.Ponmocup AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/CI.A nProtect = Gen:Variant.Graftor.1139 K7AntiVirus = Trojan VirusBuster = Trojan.Injector!Gnqedqxaxa8 TrendMicro-HouseCall = TROJ_GEN.R47C2HT Emsisoft = Trojan-Downloader.Win32.Ponmocup!IK Comodo = TrojWare.Win32.Trojan.Agent.Gen SUPERAntiSpyware = Trojan.Agent/Gen-Faldesc[RE] ByteHero = Trojan.Win32.Heur.Gen TrendMicro = TROJ_GEN.R47C2HT Kaspersky = Trojan.Win32.Jorik.Pirminay.ael Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Malware_fam.NB Jiangmin = Trojan/Generic.kads McAfee = Generic Downloader.x!gch F-Secure = Trojan.Generic.6467197 VIPRE = Trojan.Win32.Generic!BT eSafe = Win32.TRDropper AVG = Dropper.Generic4.ABMW Norman = W32/Obfuscated.L Sophos = Mal/Generic-L GData = Trojan.Generic.6467197 BitDefender = Trojan.Generic.6467197 NOD32 = a variant of Win32/Injector.IVB
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 16384 Initialized Data Size : 200704 Uninitialized Data Size : 0 Entry Point : 0x1282 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Tmerpqndc Tfiobdklvpb File Description : Icndakful Cluster Resource Utility DLL File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : resutils Legal Copyright : © Xeqopdcev Qlrdoktfzsj. All rights reserved. Original Filename : resutils Product Name : Eyevwsbln® Pixkxwu® Elksjwqnz Cedyfp Product Version : 6.1.7600.16385
VirusTotal Report submitted 2011-10-17 18:17:40
VirusShare info last updated 2012-07-26 11:36:24

	MD5	04a0f4f67c46ffba850139e9f72d65e2
	SHA1	a54fb39fa6572b596498619aeb06895ccecf739e
	SHA256	76d9bda5f3d564a3dc0d2084d6c6b43febdceced16fd056c6078593ca177ecc7
SSDeep	6144:s1Xx4k43wvueIYY3BuQtmsUVmf2rEzMNaDTEhNBjc:s1Xqk43MueIz3SsUVmeQz0jhNBg
Size	209440 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Jorik Ikarus = Trojan-Downloader.Win32.Ponmocup AhnLab-V3 = Trojan/Win32.Pirminay Panda = Generic Trojan nProtect = Gen:Variant.Graftor.1139 K7AntiVirus = Riskware VirusBuster = Trojan.Injector!Ky3tyrFcvLo VBA32 = Trojan.Jorik.Pirminay.agd TrendMicro-HouseCall = TROJ_GEN.R47C8IR Comodo = UnclassifiedMalware Emsisoft = Trojan-Downloader.Win32.Ponmocup!IK DrWeb = Trojan.DownLoader4.61012 ByteHero = Trojan.Win32.Heur.Gen TrendMicro = TROJ_GEN.R47C8IR Kaspersky = Trojan.Win32.Jorik.Pirminay.agd Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Jorik_Pirminay.AGD!tr PCTools = Trojan.ADH Jiangmin = Trojan/Generic.kfzm McAfee = Generic Malware.ms F-Secure = Trojan.Generic.6468278 VIPRE = Trojan.Win32.Generic!BT AVG = Dropper.Generic4.AJFT Norman = W32/Suspicious_Gen2.QWHOR Sophos = Mal/Generic-L Symantec = Trojan.ADH GData = Trojan.Generic.6468278 TheHacker = Trojan/Injector.ivb BitDefender = Trojan.Generic.6468278 NOD32 = a variant of Win32/Kryptik.UFA
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 16384 Initialized Data Size : 200704 Uninitialized Data Size : 0 Entry Point : 0x1296 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 0.3.0.0 Product Version Number : 5.2.3790.1224 File Flags Mask : 0x003f File Flags : Private build File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 1 Language Code : English (U.S.) Character Set : Unicode Company Name : Oexxzhsxi Lpszbfliobe File Description : Canon BJ Mini Printer Driver File Version : 5.2.3790.1224 (dnsrv(skatari).040514-1058) Internal Name : CNB240.DLL Legal Copyright : © Vvfhtlxae Enaqsfctnyd. All rights reserved. Original Filename : CNB240.DLL Product Name : Mmohmepxx® Hrlbyje® Flzivwqke Hrxnne Product Version : 5.2.3790.1224
VirusTotal Report submitted 2011-11-13 21:40:15
VirusShare info last updated 2012-07-26 11:36:24

	MD5	8b08821cf663c57c56b446df86a2a7be
	SHA1	769325404ebed493afcf70abcef2e5667922a91c
	SHA256	78e3f79f31c33a96633db92cf1aec8c43c8785bf962b098890eb1adeaaebfc8e
SSDeep	6144:pxNEPtda4WDYyC5mRpMXin20SACqWJBXp81BRr:y3yCYRd20SXfXSF
Size	316856 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Meredrop.A.8724 Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Agent.gen Ikarus = Trojan.Win32.Agent Panda = Suspicious file Rising = Trojan.Win32.Generic.52023897 nProtect = Trojan.Generic.3837358 VBA32 = Trojan.Win32.Agent.dwgb Comodo = UnclassifiedMalware McAfee-GW-Edition = Heuristic.BehavesLike.Win32.AdSpyware.H DrWeb = Trojan.Siggen1.30278 Kaspersky = Trojan.Win32.Agent.dwfy Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Agent.DWFY!tr Sunbelt = Trojan.Win32.Generic!BT Jiangmin = Trojan/Agent.dtms a-squared = Trojan.Win32.Agent!IK F-Secure = Trojan.Generic.3837358 Avast5 = Win32:Malware-gen AVG = Crypt.UMK Sophos = Mal/Generic-L GData = Trojan.Generic.3837358 TheHacker = Trojan/Agent.dvxd BitDefender = Trojan.Generic.3837358 NOD32 = Win32/TrojanDownloader.Agent.PXG
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2005:03:04 15:54:20-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 15360 Initialized Data Size : 595456 Uninitialized Data Size : 0 Entry Point : 0x48f8 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 4 Language Code : Neutral Character Set : Unicode Company Name : Microsoft Corporation File Description : ModeX Display Driver File Version : 5.1.2600.0 (XPClient.010817-1148) Internal Name : modex.dll Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : modex.dll Product Name : Microsoft® Windows® Operating System Product Version : 5.1.2600.0
VirusTotal Report submitted 2010-06-04 15:00:06
VirusShare info last updated 2012-07-26 11:37:48

	MD5	bcfdac7479d3d6bba6875616dbab002d
	SHA1	3db46625f7167ea476865aab20b716e95037199f
	SHA256	79664d602260e7eee202ad9aa26d021a687a65a9012734a5369c258ea1d7be10
SSDeep	6144:DRNIHCgaZAxxiQKmYIN53cjIPqzB02DnPFBspq5ZWOZ78eMppn1gLvkGc3pTtxuu:DRNRgakxLKmYIAIqzB02Xg0ZWK8fgLvy
Size	364991 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Pirminay.hfj.1 Avast = Win32:Pirminay-W [Trj] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Suspicious file nProtect = Trojan.Generic.KDV.223150 K7AntiVirus = Riskware VirusBuster = Trojan.Agent!u3/P2DXySRc TrendMicro-HouseCall = TROJ_GEN.R21C1H6 Emsisoft = Trojan.Win32.Pirminay!IK Comodo = TrojWare.Win32.Trojan.Agent.Gen McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.DownLoader4.45597 TrendMicro = TROJ_GEN.R21C1H6 Kaspersky = Trojan.Win32.Pirminay.meo Microsoft = TrojanDownloader:Win32/Ponmocup.A ViRobot = Trojan.Win32.Generic.365028 Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.alz McAfee = Generic Malware.ms ClamAV = Trojan.Agent-248085 F-Secure = Trojan.Generic.KDV.223150 VIPRE = Trojan.Win32.Generic!BT AVG = Generic22.ATCZ Norman = W32/Obfuscated.L Sophos = Mal/Ponmocup-A GData = Trojan.Generic.KDV.223150 Symantec = Trojan.Gen TheHacker = Trojan/Pirminay.hfj BitDefender = Trojan.Generic.KDV.223150 NOD32 = a variant of Win32/Kryptik.LNR
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:22 13:03:23-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 339968 Initialized Data Size : 307200 Uninitialized Data Size : 0 Entry Point : 0x504e6 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.2180 Product Version Number : 5.1.2600.2180 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Unicode Company Name : Gnfivrjgy Bpuwpckefsk File Description : Control Method Battery Driver File Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Internal Name : cmbatt.sys Legal Copyright : © Gszlxylwj Jcavetxiddb. All rights reserved. Original Filename : cmbatt.sys Product Name : Zehsvgyfp® Dsnxavt® Ncsbwixgd Salneo Product Version : 5.1.2600.2180
VirusTotal Report submitted 2012-06-22 16:15:04
VirusShare info last updated 2012-07-26 11:38:04

	MD5	5688957612d3c039bb94d6bc636814ec
	SHA1	ae3fbc3d10ebd0d0bd83af9a5c6a26c448b78312
	SHA256	7f53107ee88728cc0e73e446e7c98ce1ab9ddba54023d6b608f685c1832c0b2b
SSDeep	6144:GQIp2UlmTSAKJ+qlaLxYZAmKVyeHiWCeF94Uf0GdgkuwZb0:GllOwAmfSisFSUJdgn
Size	343439 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	Ikarus = Gen.Variant.Vundo Panda = Suspicious file nProtect = Gen:Variant.Vundo.6 VBA32 = SScope.Trojan.Pirminay.chc TrendMicro-HouseCall = TROJ_FAKEMS.AE Emsisoft = Gen.Variant.Vundo!IK McAfee-GW-Edition = Artemis!5688957612D3 TrendMicro = TROJ_FAKEMS.AE Kaspersky = Trojan.Win32.Pirminay.dhw Microsoft = TrojanDownloader:Win32/Ponmocup.A McAfee = Artemis!5688957612D3 F-Secure = Gen:Variant.Vundo.6 Prevx = High Risk Cloaked Malware GData = Gen:Variant.Vundo.6 BitDefender = Gen:Variant.Vundo.6
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2005:10:24 21:08:52-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 16384 Initialized Data Size : 643072 Uninitialized Data Size : 0 Entry Point : 0x4ab8 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2001.12.4414.700 Product Version Number : 3.0.0.4414 File Flags Mask : 0x003f File Flags : Special build File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Windows, Latin1 Company Name : Microsoft Corporation File Version : 2001.12.4414.700 Internal Name : COMADDIN.DLL Legal Copyright : Copyright (C) Microsoft Corp. 1995-1999 Legal Trademarks : Microsoft(R) is a registered trademark of Microsoft Corporation. Windows(TM) is a trademark of Microsoft Corporation Product Name : COM Services Product Version : 03.00.00.4414
VirusTotal Report submitted 2011-02-24 06:38:42
VirusShare info last updated 2012-07-26 11:40:52

	MD5	fa1168c6e807d9fb8bfcab9a8a2d81bc
	SHA1	9f30d76332beda2333352bf161f9daf7b5e9d27a
	SHA256	7fcdefa84266b6104a1c2e8af4e1df603fe7d14c2002e253fbaf4ce689c645ea
SSDeep	6144:I85PWKK1EcJlKdUAY0Dk0bVXbGADqc7bEbGqlsvu++VR/UFd+6i43PHHy5h4mt/O:rD+qmJ0DF8Tbsu+aRp5h40XbT8RWA
Size	640010 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Agent.640010 Avast = Win32:Trojan-gen Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay Panda = Trj/CI.A Rising = Worm.Win32.Autorun.GEN nProtect = Trojan/W32.Pirminay.640010 VirusBuster = Trojan.DL.Agent.YIUF VBA32 = Trojan.Pirminay.gn TrendMicro-HouseCall = TROJ_GEN.R47C2HA Emsisoft = Trojan.Win32.Pirminay!IK Comodo = TrojWare.Win32.Trojan.Agent.Gen CAT-QuickHeal = Trojan.Pirminay.gw McAfee-GW-Edition = Artemis!FA1168C6E807 DrWeb = Trojan.Hosts.1446 TrendMicro = TROJ_GEN.R47C2HA Kaspersky = Trojan.Win32.Pirminay.gw Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Pirminay.GW!tr Sunbelt = Trojan.Win32.Generic.pak!cobra Jiangmin = Trojan/Pirminay.p McAfee = Suspect-BA!FA1168C6E807 F-Secure = Trojan.Agent.AQKY Avast5 = Win32:Trojan-gen AVG = Dropper.Generic2.AILC Norman = W32/Obfuscated.H!genr Sophos = Mal/Generic-L GData = Trojan.Agent.AQKY BitDefender = Trojan.Agent.AQKY NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2000:12:19 01:38:05-05:00 PE Type : PE32 Linker Version : 6.0 Code Size : 146944 Initialized Data Size : 754176 Uninitialized Data Size : 0 Entry Point : 0x24c7c OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2010-09-26 02:26:33
VirusShare info last updated 2012-07-26 11:41:05

	MD5	9c2c279934580b5d50d29c3b5846f63e
	SHA1	63f4251e9fef8fff1415581a4460d1c87e20cd2b
	SHA256	80d009a7f3936ae569ea20c0b2bcfb213af0a194d88e9b02362e060b9c9d200b
SSDeep	6144:JU6fdZOequ70zUXn4kilp+J02lxIxiYcfnJnhVeQLe/:JUgZb0zUXn49lp+m+IAfnJnh8QLO
Size	331274 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dldr.Agent.sfj.1 Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/CI.A Rising = Trojan.Win32.Generic.522764A1 nProtect = Trojan/W32.Pirminay.331274 VirusBuster = Trojan.Pirminay.AI VBA32 = Trojan.Pirminay.ff Emsisoft = Trojan.Win32.Pirminay!IK Comodo = TrojWare.Win32.Trojan.Agent.Gen DrWeb = Trojan.Siggen2.326 Kaspersky = Trojan.Win32.Pirminay.fv Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Pirminay.FV!tr Sunbelt = Trojan.Win32.Generic!BT Jiangmin = Trojan/Pirminay.o McAfee = Suspect-BA!9C2C27993458 Avast5 = Win32:Malware-gen AVG = Dropper.Generic2.AHXK Norman = W32/Obfuscated.L Sophos = Mal/Generic-L GData = Win32:Malware-gen TheHacker = Trojan/Pirminay.fv NOD32 = Win32/TrojanDropper.Agent.OVJ
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:15 07:40:53-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 303104 Initialized Data Size : 28672 Uninitialized Data Size : 393216 Entry Point : 0xaa780 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2010-08-19 01:10:48
VirusShare info last updated 2012-07-26 11:41:45

	MD5	33350ca6c12540812d8d9c7d823aa6a4
	SHA1	3486ef7ebac82bcd807dd395d279f47122b3bad1
	SHA256	80d5d7028b2e0b736f03cc43b347f416f3c65d1576f84a85e5aabb16f52592d8
SSDeep	1536:5HpeS2KXh9tDvXtz+Xv9egoLCLVNpxlqrcnwZIMBkeDG6ZE:5D2KXtD/F+gCpXecwZfB1DXZ
Size	84992 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Ponmocup.A Avast = Win32:Diller-AF [Trj] Ikarus = Win32.Diller nProtect = Trojan.Generic.KDV.527839 K7AntiVirus = Riskware VirusBuster = Trojan.Ponmocup!b/waKdkfzSU TrendMicro-HouseCall = TROJ_GEN.R47C8BK Emsisoft = Win32.Diller!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Vundo!os TrendMicro = TROJ_GEN.R47C8BK Kaspersky = Trojan.Win32.Genome.aeuzq Microsoft = Trojan:Win32/Vundo.gen!CA Fortinet = W32/Ponmocup.AA PCTools = Trojan.Gen McAfee = Vundo!os F-Secure = Trojan.Generic.KDV.527839 VIPRE = Virtumonde F-Prot = W32/Agent.OG.gen!Eldorado AVG = Downloader.Agent2.AZHW Norman = W32/Suspicious_Gen4.JOCK GData = Trojan.Generic.KDV.527839 Symantec = Trojan.Gen.2 Commtouch = W32/Agent.OG.gen!Eldorado TheHacker = Trojan/Ponmocup.aa BitDefender = Trojan.Generic.KDV.527839 NOD32 = Win32/Ponmocup.AA
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:03:14 14:04:01-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 45056 Initialized Data Size : 49152 Uninitialized Data Size : 0 Entry Point : 0x1c89 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-05-13 07:55:03
VirusShare info last updated 2012-07-26 11:41:45

	MD5	75743c520b2c1ab8723b20db9afab7cc
	SHA1	3be3c987b9de0cac1144ba9aca2e9e4b9466f7d3
	SHA256	8529667c7c463feb5929f10cbbcb56d40eefcf750373494f01975cb68b255b9c
SSDeep	6144:ULixO3ott7g08Q1GD4p3DesKOLnieivd1dXETsA6UpK1VX5Xv:KGvJUD8zesKQTSAhp+1v
Size	336317 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dldr.Ponmocup.A.57 Avast = Win32:Trojan-gen Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Suspicious file nProtect = Gen:Variant.Riern.1 K7AntiVirus = Trojan VBA32 = SScope.Trojan.Pirminay.chc TrendMicro-HouseCall = TROJ_GEN.R3EC2BP Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Pirminay.dhi McAfee-GW-Edition = Downloader-CEW.ag TrendMicro = TROJ_GEN.R3EC2BP Kaspersky = Trojan.Win32.Pirminay.dhi Microsoft = TrojanDownloader:Win32/Renos.KC Fortinet = W32/CEW.AG!tr.dldr PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.akm McAfee = Downloader-CEW.ag F-Secure = Gen:Variant.Riern.1 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Trojan-gen AVG = Generic23.BILK Norman = W32/Suspicious_Gen2.JCUIN Sophos = Mal/Ponmocup-A Symantec = Trojan.Gen GData = Gen:Variant.Riern.1 TheHacker = Trojan/Pirminay.dhi BitDefender = Gen:Variant.Riern.1 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:08:08 02:54:19-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 20480 Initialized Data Size : 610304 Uninitialized Data Size : 0 Entry Point : 0x54e8 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7000.0 Product Version Number : 6.1.7000.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : 802.3 Netsh Helper File Version : 6.1.7000.0 (winmain_win7beta.081212-1400) Internal Name : dot3cfg.dll Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : dot3cfg.dll Product Name : Microsoft® Windows® Operating System Product Version : 6.1.7000.0
VirusTotal Report submitted 2011-07-20 21:46:22
VirusShare info last updated 2012-07-26 11:44:07

	MD5	0441fb1c2e1f3a1f4a9fff270c2e39c7
	SHA1	eb225e191e96c8749e497679209d338996159a5c
	SHA256	89d2b739e64dfe86ff1e2fe224123b59c04cf4920a8b0e29bd275e2026ebd1b1
SSDeep	3072:sBIlhbS+hkC0qjzNlbdnCZLzFjrnps2EFdxmUpklOuj0Pwo3LvMpR2caST40wz0Z:skWE0ONlbdnadWF3pTuj0Io3jAzTa0BT
Size	222293 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:Malware-gen Ikarus = Trojan-Downloader.Win32.Ponmocup AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/CI.A nProtect = Gen:Variant.Graftor.1232 K7AntiVirus = Riskware VBA32 = TrojanDownloader.Agent.pxo TrendMicro-HouseCall = TROJ_GEN.R47C2HS Emsisoft = Trojan-Downloader.Win32.Ponmocup!IK Comodo = TrojWare.Win32.Trojan.Agent.Gen McAfee-GW-Edition = Generic Downloader.x!gas ByteHero = Trojan.Win32.Heur.Gen TrendMicro = TROJ_GEN.R47C2HS Kaspersky = Trojan.Win32.Jorik.Pirminay.zw Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Downloader_x.GAS!tr Jiangmin = Trojan/Generic.kfzm McAfee = Generic Downloader.x!gas F-Secure = Trojan.Generic.6468032 VIPRE = Trojan.Win32.Generic!BT AVG = Dropper.Generic4.AGTV Norman = W32/Obfuscated.L Sophos = Mal/Generic-L GData = Trojan.Generic.6468032 TheHacker = Trojan/Downloader.Agent.pxo BitDefender = Trojan.Generic.6468032 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 16384 Initialized Data Size : 208896 Uninitialized Data Size : 0 Entry Point : 0x12b2 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.0.0.3422 Product Version Number : 2.0.0.3422 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : Arabic Character Set : Unicode Comments : Company Name : Wjkmhcrli Smzkytjdmob File Description : Rlalnaciy Agent International Dll File Version : 2.00.0.3422 Internal Name : agt0401 Legal Copyright : Copyright (C) Microsoft Corp. 1998 Legal Trademarks : Original Filename : agt0401.dll Private Build : Product Name : Ugwfssxnv Agent International Dll Product Version : 2.00.0.3422 Special Build :
VirusTotal Report submitted 2011-10-15 00:23:34
VirusShare info last updated 2012-07-26 11:46:04

	MD5	70399d66c0559db8391e13e5855d42df
	SHA1	8e913c34bd3c1c47556b85733a36228ee204d807
	SHA256	8cb5919cae62e6398708f5c86251da1c60670fa17de6d10970be1fa668bfd033
SSDeep	6144:YVTNtq+0a7sv1LxPR0T4cw5u4KoeyZ1UCzp4G4VV9bQigE9bZatW42KVC4n:cq+nsv1Lr03AlebCELT4V
Size	422329 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.ZPACK.Gen2 Avast = Win32:Malware-gen Ikarus = Trojan.Pirminay AhnLab-V3 = Win-Trojan/Swisyn.422329 Panda = Suspicious file nProtect = Trojan.Generic.5493166 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!G/87nX3xaOk TrendMicro-HouseCall = TROJ_DLOADR.SMWQ Emsisoft = Trojan.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Downloader-CEW.ag TrendMicro = TROJ_DLOADR.SMWQ Kaspersky = Trojan.Win32.Pirminay.dqc ViRobot = Trojan.Win32.Generic.422376 Microsoft = TrojanDownloader:Win32/Renos.KC Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.mf McAfee = Downloader-CEW.ag F-Secure = Trojan.Generic.5493166 VIPRE = Trojan.Win32.Generic!BT F-Prot = W32/MalwareF.XZYN AVG = Generic21.PXU Norman = W32/Obfuscated.L Sophos = Mal/Ponmocup-A GData = Trojan.Generic.5493166 Symantec = Trojan.Gen Commtouch = W32/MalwareF.XZYN TheHacker = Trojan/Pirminay.dpp BitDefender = Trojan.Generic.5493166 NOD32 = a variant of Win32/Kryptik.JZC
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:14 07:51:56-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 36864 Initialized Data Size : 745472 Uninitialized Data Size : 0 Entry Point : 0x911c OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.0.0.74 Product Version Number : 5.0.0.74 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Created by VIONA Development Company Name : RAVISENT Technologies Inc. File Description : CineMaster C WDM DVD Minidriver File Version : 5.0.00.0074 Internal Name : VDMINDVD.SYS Legal Copyright : Copyright 1999 RAVISENT Technologies Inc. Original Filename : VDMINDVD.SYS Product Name : CineMaster C WDM Product Version : 5.0.00.0074
VirusTotal Report submitted 2012-05-27 07:15:04
VirusShare info last updated 2012-07-26 11:47:15

	MD5	07844888a3e7b9358f488dfd8f7d8e8b
	SHA1	85f3a49ad8142a0f1622c567501dc927b2ce0786
	SHA256	8de128dbd8c83b21cba5a64f1f98719e26ace680306fba42d0c81081d79a0509
SSDeep	3072:3kJreYiZ0R702SnZdfbutN1qKeZeDJ5r981SBrH3/tCslnSdW28bMUfy6d9p0o:3UaZ0RA2kdfbupqm9MajvY+n5VfVd9
Size	237509 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:Pirminay-CU [Trj] Antiy-AVL = Trojan/Win32.Jorik Ikarus = Trojan.Win32.Jorik AhnLab-V3 = Trojan/Win32.Jorik Panda = Trj/Hosts.BY nProtect = Gen:Variant.Downloader.10 K7AntiVirus = Trojan VirusBuster = Trojan.Injector!P628HudggLI VBA32 = TrojanDownloader.Qhost.jw TrendMicro-HouseCall = TROJ_GEN.R28C2I9 Emsisoft = Trojan.Win32.Jorik!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Generic Downloader.x!gby ByteHero = Trojan.Win32.Heur.Gen TrendMicro = TROJ_GEN.R28C2I9 Kaspersky = Trojan.Win32.Jorik.Pirminay.afm Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Jorik.K!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.hxys McAfee = Generic Downloader.x!gby F-Secure = Trojan.Generic.6401624 VIPRE = Trojan.Win32.Generic!BT AVG = Dropper.Generic4.RSM Norman = W32/Suspicious_Gen2.RFDDQ Sophos = Mal/Generic-L GData = Trojan.Generic.6401624 Symantec = Trojan.Gen TheHacker = Trojan/Jorik.Pirminay.fo BitDefender = Trojan.Generic.6401624 NOD32 = a variant of Win32/Injector.HZU
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 225280 Initialized Data Size : 16384 Uninitialized Data Size : 45056 Entry Point : 0x41f10 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 8.1.2327.0 Product Version Number : 8.1.2327.0 File Flags Mask : 0x003f File Flags : Pre-release, Private build File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : Neutral Character Set : Unicode Company Name : Pjxdvuviy Orlrbwtlnlr File Description : Xbhmasnkw IME 2002 File Version : 8.1.2327.0 Internal Name : IMESKDIC Legal Copyright : Copyright (C) 1995-2000 Tzwduwvbx Funekxjkvef. All rights reserved. Legal Trademarks : CejkvztjmQ is a registered trademark of Wmhwyymnf Mzrcpotropv. Cwuxmwn(TM) is a trademark of Dptzwbgex Isqjyjgagbx Original Filename : IMESKDIC.DLL Product Name : Qijapgdmv IME 2002 Product Version : 8.1.2327.0
VirusTotal Report submitted 2011-10-08 08:01:22
VirusShare info last updated 2012-07-26 11:47:45

	MD5	28ceb84cdb162673b8f281a88fb88b18
	SHA1	fa9b01f24e475a67da5036c4d32d64e1f4c9fe97
	SHA256	8f06154532b0c9cc4abf11e426bf31fd90680dec7610b1cc8dae427d067a30a6
SSDeep	6144:SMbzyMhxCZICLyQCxGt1Hg15bSjnJ8tD963yUXpasOMYDEtW+a5f9:SMbmMWOAtCHSjnJ8tDoFaxZAtC1
Size	346574 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dldr.Ponmocup.A.159 Panda = Suspicious file nProtect = Trojan.Generic.KDV.80140 TrendMicro-HouseCall = TROJ_GEN.R3EC2L3 CAT-QuickHeal = TrojanDownloader.Ponmocup.a DrWeb = Trojan.Hosts.2306 TrendMicro = TROJ_GEN.R3EC2L3 Kaspersky = Trojan.Win32.Pirminay.bkm Microsoft = TrojanDownloader:Win32/Ponmocup.A PCTools = Trojan.ADH F-Secure = Trojan.Generic.KDV.80140 VIPRE = Trojan.Win32.Generic!BT Norman = W32/Obfuscated.L Symantec = Trojan.ADH GData = Trojan.Generic.KDV.80140 BitDefender = Trojan.Generic.KDV.80140
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:08:19 12:05:22-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 339968 Initialized Data Size : 332800 Uninitialized Data Size : 0 Entry Point : 0x53cc6 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Microsoft ODBC Desktop Driver Pack 3.5 File Version : 6.0.6000.16386 (vista_rtm.061101-2205) Internal Name : odbcji32.dll Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : odbcji32.dll Product Name : Microsoft® Windows® Operating System Product Version : 6.0.6000.16386
VirusTotal Report submitted 2011-01-01 04:21:54
VirusShare info last updated 2012-07-26 11:48:14

	MD5	16dd5d58cc9ba698812d544dd39777ba
	SHA1	a86bbc1040ff2ef93ff8edb63f9385026f9d5da3
	SHA256	8f548f1034cd47c60c2255dbbda9d37c2872afbec76e71c574b1dca490d8879f
SSDeep	6144:uSFn7F8T9RVd5VACJNRQD8yXJodHO1FkUMegQnh3fOem:puXYCJNO4bcAU/nhrm
Size	293828 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.XPACK.Gen3 Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay nProtect = Trojan.Generic.4778731 K7AntiVirus = Riskware VBA32 = Trojan.Pirminay.bvb TrendMicro-HouseCall = TROJ_GEN.R28CRII Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Generic Dropper!dic DrWeb = Trojan.DownLoader5.10372 TrendMicro = TROJ_RENOS.BMC Kaspersky = Trojan.Win32.Pirminay.cfv Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = PossibleThreat PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.aku McAfee = Generic Dropper!dic F-Secure = Trojan.Generic.4778731 VIPRE = Trojan.Win32.Generic!SB.0 eSafe = Win32.TRCrypt.XPACK F-Prot = W32/FakeAlert.LP.gen!Eldorado AVG = Generic22.BNSE Sophos = Mal/Generic-L GData = Trojan.Generic.4778731 Symantec = Trojan.Gen Commtouch = W32/FakeAlert.LP.gen!Eldorado TheHacker = Trojan/Pirminay.cvf BitDefender = Trojan.Generic.4778731 NOD32 = a variant of Win32/Kryptik.HAQ
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:01:14 04:01:26-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 23040 Initialized Data Size : 516608 Uninitialized Data Size : 0 Entry Point : 0x6822 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.5512 Product Version Number : 5.1.2600.5512 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : 802.3 Netsh Helper File Version : 5.1.2600.5512 (xpsp.080413-0852) Internal Name : dot3cfg.dll Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : dot3cfg.dll Product Name : Microsoft® Windows® Operating System Product Version : 5.1.2600.5512
VirusTotal Report submitted 2012-02-16 15:26:42
VirusShare info last updated 2012-07-26 11:48:20

	MD5	b4645b215d8360e6adc4669633b168f2
	SHA1	e167e198001637c1702a68b35c295ac65b261664
	SHA256	8fd8495b6a1455d7a1164963d2e8ec428513e2098ded13410cc54ef3b4cf0661
SSDeep	6144:6kiWULkUGzL0Am7UzzJpOrsahDkibtDq6uC8ztxH7zIiCnNm:yW3VL0AGQooSZk62v70ir
Size	228278 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	Microsoft = TrojanDownloader:Win32/Ponmocup.A NOD32 = a variant of Win32/Agent.RDG
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:04:02 11:27:15-05:00 PE Type : PE32 Linker Version : 4.20 Code Size : 225280 Initialized Data Size : 4096 Uninitialized Data Size : 294912 Entry Point : 0x7fbf0 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2010-05-09 01:36:29
VirusShare info last updated 2012-07-26 11:48:34

	MD5	afca9924c39a7813ec321820544d424c
	SHA1	4de56911ea1f059a93d9013866fef36278af760a
	SHA256	952cddb2873b6060a82b61194a1d2be4b92bcd2c827bfa70ed3590e7d88a94d2
SSDeep	6144:SeQ6cgQCiX1TcKvYzpSiEDNevSXqNBcSP4ldTPUnBBkHL4/kZOW:SeQ6cglilAK+gJuSpSid4oHskZOW
Size	339367 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:Kryptik-BHS [Trj] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.HDC Panda = Trj/CI.A K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!rzI0bcQc20Y VBA32 = Trojan.Pirminay.ltl TrendMicro-HouseCall = TROJ_RENOS.BMC Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Pirminay.ltl McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.Hosts.4823 TrendMicro = TROJ_RENOS.BMC Kaspersky = Trojan.Win32.Pirminay.ltl Microsoft = TrojanDownloader:Win32/Ponmocup.A ViRobot = Trojan.Win32.A.Pirminay.339367 Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.rc McAfee = Generic Malware.ms F-Secure = Gen:Variant.Zbot.34 VIPRE = Trojan.Win32.Generic!BT eSafe = Win32.TRDropper AVG = Generic21.CKKK Norman = W32/Obfuscated.L Sophos = Troj/Virtum-Gen GData = Gen:Variant.Zbot.34 Symantec = Trojan.Gen TheHacker = Trojan/Pirminay.eun BitDefender = Gen:Variant.Zbot.34 NOD32 = probably a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:08:29 11:12:31-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 45056 Initialized Data Size : 581632 Uninitialized Data Size : 0 Entry Point : 0x7fbb OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Ylvvctpwd Hjjgrgxxjvq File Description : JP Japanese Keyboard Layout for (NEC PC-9800 Npryefh 95) File Version : 6.0.6000.16386 (chgxk_rtm.061101-2205) Internal Name : kbdnec95 Legal Copyright : © Zrgpyhkpw Zetormqzqxq. All rights reserved. Original Filename : kbdnec95.dll Product Name : Fhcydlmrl® Qijbsmw® Omksoilwh Wjprdv Product Version : 6.0.6000.16386
VirusTotal Report submitted 2012-06-06 01:59:46
VirusShare info last updated 2012-07-26 11:51:23

	MD5	b276161602f65241829252fc27f1b8b2
	SHA1	451e7662bd6291c8fc07ca47ad3882493716b520
	SHA256	98b12adbf5fe215ca22aad1d22f910a35e476cb7d7be70305e8b82d1c3bf9c51
SSDeep	12288:IRHkLNkvwC6L3sQCjwemN2fmwJLd69TjZE:Juo8VPmNq9L8lK
Size	422392 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dldr.Ponmocup.A.194 Avast = Win32:Rootkit-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Swisyn.422392 Panda = Trj/CI.A nProtect = Gen:Variant.Zbot.34 K7AntiVirus = Riskware VirusBuster = Trojan.DL.Ponmocup!2ey+s21MM38 VBA32 = Trojan.Pirminay.enp TrendMicro-HouseCall = TROJ_GEN.R3EC2CU Comodo = TrojWare.Win32.Trojan.Agent.Gen CAT-QuickHeal = Trojan.Pirminay.enp SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[Cont] McAfee-GW-Edition = Artemis!B276161602F6 TrendMicro = TROJ_GEN.R3EC2CU Kaspersky = Trojan.Win32.Pirminay.enp Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = PossibleThreat Jiangmin = Trojan/Pirminay.qb McAfee = Artemis!B276161602F6 F-Secure = Gen:Variant.Zbot.34 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Rootkit-gen AVG = Generic21.BITY Norman = W32/Obfuscated.L Sophos = Mal/Generic-L Symantec = WS.Reputation.1 GData = Gen:Variant.Zbot.34 TheHacker = Trojan/Pirminay.eky BitDefender = Gen:Variant.Zbot.34 NOD32 = a variant of Win32/Kryptik.LLT
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2005:03:18 07:43:45-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 401408 Initialized Data Size : 327680 Uninitialized Data Size : 0 Entry Point : 0x5f6ab OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Czljntpuy Iuemakitdex File Description : Network Diagnostic Engine Proxy/Stub File Version : 6.0.6000.16386 (swgdv_rtm.061101-2205) Internal Name : ndproxystub.dll Legal Copyright : © Uqlaxuhip Huvfvrnuapp. All rights reserved. Original Filename : ndproxystub.dll Product Name : Idppiqnde® Jbmefbd® Operating Dysnkt Product Version : 6.0.6000.16386
VirusTotal Report submitted 2011-06-21 08:57:43
VirusShare info last updated 2012-07-26 11:54:52

	MD5	5c5d01b167b5850c1dc3c12c24c4a152
	SHA1	af9e3c8960a8972ba0fa63c23c341bee03d68d71
	SHA256	99f82f0c92ec7fa74da09857228ee98657e20d3027214ff19802e3eb6612f0a9
SSDeep	6144:KWwLXZK77q9hgrm4EFGvx7jcCNKqs4OILdgcd/moqXW9rO3zhshDGQ:atKzrm4MIPNM4Hrm1AS3ziQQ
Size	387479 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.XPACK.Gen2 Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Downloader.387479 Panda = Suspicious file nProtect = Trojan/W32.Agent.387479 K7AntiVirus = Trojan VirusBuster = Trojan.Agent!/xErdl4l79E VBA32 = Trojan.Pirminay.nud TrendMicro-HouseCall = TROJ_GEN.R47C2GB Emsisoft = Trojan.Win32.Pirminay!IK Comodo = TrojWare.Win32.Trojan.Agent.Gen SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[Cont] McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.DownLoader4.567 TrendMicro = TROJ_GEN.R47C2GB Kaspersky = Trojan.Win32.Pirminay.jtg Microsoft = TrojanDownloader:Win32/Ponmocup.A ViRobot = Trojan.Win32.FakeAV.387479 Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.herr McAfee = Generic Malware.ms F-Secure = Trojan.Generic.6212402 VIPRE = Trojan.Win32.Generic!SB.0 AVG = Generic23.AMZG Norman = W32/Obfuscated.L Sophos = Troj/Virtum-Gen GData = Trojan.Generic.6212402 Symantec = Trojan.Gen TheHacker = Trojan/Pirminay.jtg BitDefender = Trojan.Generic.6212402 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:04:09 10:17:46-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 385024 Initialized Data Size : 4096 Uninitialized Data Size : 471040 Entry Point : 0xd1bd0 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.0 Product Version Number : 5.2.3790.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 2 Language Code : Neutral Character Set : Unicode Company Name : Ozbemzvoc Jyjuhllxtbn File Description : Hungarian 101-key Keyboard Layout File Version : 5.2.3790.0 (srv03_rtm.030324-2048) Internal Name : kbdhu1 (3.12) Legal Copyright : © Zegisbkfj Bvrrzqvaajb. All rights reserved. Original Filename : kbdhu1.dll Product Name : Srrgmzehj® Cbdodzr® Xexldngnj Etpbsa Product Version : 5.2.3790.0
VirusTotal Report submitted 2012-04-06 03:31:13
VirusShare info last updated 2012-07-26 11:56:05

	MD5	64400ccaa96e4e88ec9d2159d1c90069
	SHA1	55d4a08dd5a0f113453df71a95e3fc342d7e4851
	SHA256	9d84e4090bb6c60bb102888457e05d735635811729cbd258f621cdaefb3d4374
SSDeep	1536:EC7Q/34AhwL5LeGZD3fkC7GOyCeOaQTvUDmwyc8b2t:C495ZDM6GlVWUDmRc8b2
Size	70144 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.XPACK.Gen Avast = Win32:Malware-gen Ikarus = Win32.SuspectCrc AhnLab-V3 = Trojan/Win32.HDC Panda = Suspicious file nProtect = Gen:Variant.Graftor.3649 K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_GEN.R06C8KT Comodo = UnclassifiedMalware Emsisoft = Win32.SuspectCrc!IK McAfee-GW-Edition = Generic.dx!bc3m DrWeb = Trojan.Click2.8573 TrendMicro = TROJ_GEN.R06C8KT Fortinet = W32/Ponmocup.AA PCTools = Trojan.Gen Jiangmin = Trojan/Generic.rkai McAfee = Generic.dx!bc3m F-Secure = Gen:Variant.Graftor.3649 VIPRE = Trojan.Win32.Generic!BT AVG = Generic25.COYU Norman = W32/Suspicious_Gen2.SXCQR Sophos = Mal/EncPk-ACF GData = Gen:Variant.Graftor.3649 Symantec = Trojan.Gen.2 BitDefender = Gen:Variant.Graftor.3649 NOD32 = Win32/Ponmocup.AA
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 8.0 Code Size : 20480 Initialized Data Size : 53248 Uninitialized Data Size : 0 Entry Point : 0x140a OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : TCP/IP PathPing Command File Version : 5.1.2600.0 (xpclient.010817-1148) Internal Name : pathping.exe Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : pathping.exe Product Name : Microsoft® Windows® Operating System Product Version : 5.1.2600.0
VirusTotal Report submitted 2012-01-03 02:03:06
VirusShare info last updated 2012-07-26 11:57:23

	MD5	0b1cd95f06e741834921a5e25b34aa3e
	SHA1	29a67ddfba8be3b7b8c7d253ef50f709df637fd2
	SHA256	9d99f8e8e47fdb437935db17d5e5842472c4e93a8d3056bb1838265b247fb6a6
SSDeep	3072:NVcjj2AXnriOS0p8+jeOb5Lb3Z+EjefZiJyzaCx7L/2H1OZG80by9LDSSnsD/P4h:NmjrXr9vpzb19+EiBuoNrk5EhWIh
Size	231827 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Jorik Ikarus = Trojan.Win32.Jorik AhnLab-V3 = Win-Trojan/Fakeav.231827 Panda = Trj/CI.A nProtect = Gen:Variant.Renos.106 VirusBuster = Trojan.Injector!1I9KKzpdhIk VBA32 = TrojanDownloader.CodecPack.sjt Emsisoft = Trojan.Win32.Jorik!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Heuristic.LooksLike.Trojan.Crypt.ZPACK.B DrWeb = Trojan.DownLoader4.33410 ByteHero = Trojan.Win32.Heur.Gen Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Jorik.K!tr PCTools = Trojan.ADH Jiangmin = Trojan/Generic.hxys F-Secure = Gen:Variant.Renos.106 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Malware-gen AVG = Dropper.Generic4.WNY Norman = W32/Obfuscated.L GData = Gen:Variant.Renos.106 Symantec = Trojan.ADH TheHacker = Trojan/Jorik.Pirminay.dz BitDefender = Gen:Variant.Renos.106 NOD32 = a variant of Win32/Injector.HZU
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 16384 Initialized Data Size : 221184 Uninitialized Data Size : 0 Entry Point : 0x139e OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.0.1020 Product Version Number : 5.1.0.1020 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Ztimzbfig Ajcosaglimg File Description : Lbgcyev NT Certificate Dialogs File Version : 5.01.1020 Legal Copyright : Copyright (C) Hymzaquww Ocfmtvuuvan. 1981-2000 Legal Trademarks : Vdxadxlqf(R) is a registered trademark of Xxerqsgit Lpurmyzuuos. Vizmzgu NT(TM) is a trademark of Clacptlmz Qkvedrvcywh Original Filename : mqcertui.dll Product Name : Xgplgokjp Message Queue Product Version : 5.01.1020
VirusTotal Report submitted 2011-08-28 09:07:59
VirusShare info last updated 2012-07-26 11:57:25

	MD5	64ebd2a9c3880892d116543d879a9123
	SHA1	3187bdc2a3f9b87da79fdc54b2eb97b913b06e42
	SHA256	9e7ed9876ccdc6f42cab3c52f8ad54dd1ded63418b6b08d47eb74219fc61b545
SSDeep	6144:BGow5TI25teoXej7w23yb3msGUfJ43EE+i+FzdW:Y1juiejqb3fGUfJVEik
Size	247300 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.XPACK.Gen Avast = Win32:Downloader-JDZ [Trj] Ikarus = Trojan.Win32.Jorik AhnLab-V3 = Win-Trojan/Fakeav.247300 Panda = Trj/Genetic.gen nProtect = Trojan.Generic.6567068 K7AntiVirus = Riskware VirusBuster = Trojan.Injector!r1Tot8G7Pd0 VBA32 = TrojanDownloader.Qhost.jw TrendMicro-HouseCall = TROJ_RENOS.BMC Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Jorik!IK CAT-QuickHeal = Trojan.Jorik.Pirminay.agj McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.DownLoader4.31226 TrendMicro = TROJ_RENOS.BMC Kaspersky = Trojan.Win32.Jorik.Pirminay.agj Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Jorik.K!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.hxys McAfee = Generic Malware.ms ClamAV = Trojan.Agent-264105 F-Secure = Trojan.Generic.6567068 VIPRE = Trojan.Win32.Generic!BT AVG = Dropper.Generic4.TIL Norman = W32/Suspicious_Gen2.NVDSZ Sophos = Troj/Virtum-Gen GData = Trojan.Generic.6567068 Symantec = Trojan.Gen TheHacker = Trojan/Jorik.Pirminay.lt BitDefender = Trojan.Generic.6567068 NOD32 = a variant of Win32/Injector.HZU
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 241664 Initialized Data Size : 8192 Uninitialized Data Size : 28672 Entry Point : 0x421f0 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Atdrtupku Cykchlnuhhu File Description : SCardDlg - Smart Card Common Dialog File Version : 5.1.2600.0 (lzxetkox.010817-1148) Internal Name : SCardDlg.dll Legal Copyright : © Xdvkdwplm Lthztkvuilh. All rights reserved. Original Filename : SCardDlg.dll Product Name : Cpscxhoyh® Uqltgvo® Tncqthbhx Jrypnh Product Version : 5.1.2600.0
VirusTotal Report submitted 2012-04-10 19:57:37
VirusShare info last updated 2012-07-26 11:57:41

	MD5	1a30252396d7d7839970c448016e3439
	SHA1	df6c4860fc548e94f85f11942bd38e8d096eedc8
	SHA256	9ef85a41e7f3cccf1f0466950d62bc0741e22e08fb9dede2a10806c057097041
SSDeep	3072:FQ+5gcCjyW/ZHXqFB07v3FolAm+qlkJhVLzX32+eGFuSuxbq7jLqDZsU4ksg4S/O:x5gLySHa2FolEfX2hauzxbq9U4kGS7
Size	197120 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	Panda = Suspicious file CAT-QuickHeal = Win32.Packed.Katusha.j.4 Microsoft = TrojanDownloader:Win32/Ponmocup.A NOD32 = a variant of Win32/Injector.BET
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:08:12 07:00:27-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 8704 Initialized Data Size : 372224 Uninitialized Data Size : 0 Entry Point : 0x2e8c OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Credential Delegation Security Package File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : credssp.dll Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : credssp.dll Product Name : Microsoft® Windows® Operating System Product Version : 6.1.7600.16385
VirusTotal Report submitted 2010-05-30 00:22:44
VirusShare info last updated 2012-07-26 11:57:51

	MD5	d2d87dbd438927c8af5d876efab8fb7a
	SHA1	b4ffc23a54c310a06763d8a2f88e7b82d5e8b2c1
	SHA256	9fe21194898e95229a3b204d0c95008c9ad37939ebb958916e50b645cf926f22
SSDeep	6144:EBCeOIYCP10XuEQ5YAEOdZ4MYQmQJExlQzc4uK3Z6KA6y:EweO7CPW+E7wdZ4MRm+MlNgAx
Size	344498 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Kazy.15607.3 Avast = Win32:Pirminay-AW [Trj] Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Pirminay.344498 Panda = Trj/CI.A nProtect = Gen:Variant.Kazy.15607 K7AntiVirus = Trojan VirusBuster = Trojan.DL.Agent!Piay18egSoA eTrust-Vet = Win32/Ransom.UG TrendMicro-HouseCall = TROJ_GEN.R21CRG4 Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Downloader.a!eo TrendMicro = TROJ_GEN.R21CRG4 Kaspersky = Trojan.Win32.Pirminay.iuu Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Pirminay.IHV!tr PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.adx McAfee = Downloader.a!eo F-Secure = Trojan.Generic.6148262 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Pirminay-AW [Trj] F-Prot = W32/Trojan2.NNWS AVG = Generic23.HAV Norman = W32/Suspicious_Gen2.NKBOV Sophos = Mal/Generic-L GData = Trojan.Generic.6148262 Symantec = Trojan.Gen Commtouch = W32/Trojan2.NNWS TheHacker = Trojan/Pirminay.ihv BitDefender = Trojan.Generic.6148262 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:05 21:47:18-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 344064 Initialized Data Size : 4096 Uninitialized Data Size : 434176 Entry Point : 0xbe0e0 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.70.7713.0 Product Version Number : 2.70.7713.0 File Flags Mask : 0x0003 File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Tgpgtyzko Ohoyuibetta File Description : Genbrdxvn Data Access - OLE DB Data Shape Provider Resources File Version : 2.70.7713.0 built by: Lab06_N(dagbuild) Internal Name : msaddsr.dll Legal Copyright : © Bejlactid Wzroihkuboc. All rights reserved. Original Filename : msaddsr.dll Product Name : Qegynjslp Data Access Components Product Version : 2.70.7713.0
VirusTotal Report submitted 2011-08-30 15:17:54
VirusShare info last updated 2012-07-26 11:58:09

	MD5	e9ef6aa6cb43af70f25ddeacbc56254b
	SHA1	f3304ba04b292237ea9568efa7131e49c8b237f0
	SHA256	a0eba8c660062cfb5284bbd591e863c236a5c246e7c5541b0994e5ef2ef971df
SSDeep	3072:WrAdPBoUyxX0+AR7092SSh3fxEfYGEMiME9gHA5VZR8FPFeOLiaI0lttGIZjOqH8:JjyVdARQjSdfZaiv9HVcFbtjOqR71gX
Size	312380 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Pirminay.bks Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/Agent.OLO nProtect = Gen:Variant.Buzy.550 K7AntiVirus = Riskware VBA32 = SScope.Trojan.Pirminay.chc eTrust-Vet = Win32/Renos.CLI TrendMicro-HouseCall = TROJ_GEN.R4FCRBQ Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Kryp.b DrWeb = Trojan.DownLoader4.45794 TrendMicro = TROJ_GEN.R4FCRBQ Kaspersky = Trojan.Win32.Pirminay.oac Microsoft = TrojanDownloader:Win32/Renos.KC Fortinet = PossibleThreat PCTools = Trojan.ADH Jiangmin = Trojan/Pirminay.hc McAfee = Kryp.b ClamAV = Trojan.Agent-248187 F-Secure = Backdoor.Generic.552986 VIPRE = Trojan.Win32.Generic!BT F-Prot = W32/FakeAlert.LP.gen!Eldorado AVG = Generic20.BGDN Norman = W32/Suspicious_Gen2.INICS Sophos = Mal/Ponmocup-A GData = Backdoor.Generic.552986 Symantec = Trojan.ADH.2 Commtouch = W32/FakeAlert.LP.gen!Eldorado TheHacker = Trojan/Downloader.Agent.pxo BitDefender = Backdoor.Generic.552986 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:11:10 10:19:14-05:00 PE Type : PE32 Linker Version : 5.12 Code Size : 24576 Initialized Data Size : 564736 Uninitialized Data Size : 0 Entry Point : 0x6b12 OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.4.3790.0 Product Version Number : 6.4.3790.0 File Flags Mask : 0x30003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Windows, Latin1 Company Name : Microsoft Corporation File Description : DirectShow Runtime. File Version : 6.04.3790.0 Internal Name : QCap.dll Legal Copyright : Copyright (C) 1992-2001 Microsoft Corp. Original Filename : QCap.dll Product Name : DirectShow Product Version : 6.04.3790.0 Direct Show : Core OLE Self Register : DXM20
VirusTotal Report submitted 2011-10-17 20:11:28
VirusShare info last updated 2012-07-26 11:58:31

	MD5	6bb6699b7936b32c613aa7cbcf23cada
	SHA1	a916fa01d62025287f3b640b778da301c4ceb5e1
	SHA256	a22cdb7d95fee4c91e77ef71708045ffd4ce48f1afde29f5c59ddcafdc16c836
SSDeep	3072:bsPuV5pv8kQLcMbwcIKcGvkMc4/UZkl0Hkbz57fSc6t8DRC:YP/cMboKctMc48Z7Hkbz5Kt2C
Size	163840 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Ponmocup.A Avast = Win32:Diller-AF [Trj] Antiy-AVL = AdWare/Win32.SuperJuan Ikarus = Win32.SuspectCrc AhnLab-V3 = Adware/Win32.SuperJuan Panda = Suspicious file K7AntiVirus = Riskware VirusBuster = Trojan.Ponmocup!s+jGX9w7kE8 VBA32 = AdWare.SuperJuan.aikv eTrust-Vet = Win32/Vundo.HTW!genus TrendMicro-HouseCall = TROJ_VUNDO.SMEO8 Emsisoft = Win32.SuspectCrc!IK Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Ponmocup McAfee-GW-Edition = Generic PUP.z!nc TrendMicro = TROJ_GEN.R47CDBK Kaspersky = not-a-virus:AdWare.Win32.SuperJuan.aikv Microsoft = Trojan:Win32/Vundo.gen!CA Fortinet = W32/Ponmocup.AZ!tr PCTools = Trojan.Gen Jiangmin = Adware/SuperJuan.auo McAfee = Generic PUP.z!nc F-Secure = Gen:Variant.Barys.2146 VIPRE = Virtumonde eSafe = Win32.TRCrypt.XPACK F-Prot = W32/Agent.ON.gen!Eldorado AVG = Generic26.BOMO Norman = W32/Troj_Generic.QXFW Sophos = Troj/Virtum-Gen GData = Gen:Variant.Barys.2146 Symantec = Trojan.Gen.2 Commtouch = W32/Agent.ON.gen!Eldorado TheHacker = Trojan/Ponmocup.aa BitDefender = Gen:Variant.Barys.2146 NOD32 = Win32/Ponmocup.AA
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 8.0 Code Size : 102400 Initialized Data Size : 57344 Uninitialized Data Size : 0 Entry Point : 0x103cd OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-05-14 04:29:43
VirusShare info last updated 2012-07-26 11:58:56

	MD5	efeff5e603ad3dd1d5e6500ad564d6d1
	SHA1	2aa14a1c04c33ae7f1dbc7231f8b3af9c3ddd5eb
	SHA256	a4c61e4913b2aa88d1b6a509bacc2af525c5d9eeff045d23281360d8bc627932
SSDeep	6144:US5cLKGt4vobsCJtivQXN5CF19QcGpMb24VZEPDItBk5FjuUU6:UG9GFYqjCFYcUg2IZEPctBwFjuUd
Size	364976 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.ZPACK.Gen2 Avast = Win32:Malware-gen Ikarus = Trojan-Downloader.Win32.Ponmocup AhnLab-V3 = Trojan/Win32.Pirminay Panda = Suspicious file nProtect = Trojan.Generic.KDV.118065 K7AntiVirus = Riskware VBA32 = SScope.Trojan.Pirminay.chc TrendMicro-HouseCall = TROJ_SPNR.15KL11 Comodo = UnclassifiedMalware Emsisoft = Trojan-Downloader.Win32.Ponmocup!IK CAT-QuickHeal = TrojanDownloader.Ponmocup.a McAfee-GW-Edition = Downloader.a!pd DrWeb = Trojan.Hosts.4898 TrendMicro = TROJ_SPNR.15KL11 Kaspersky = Trojan.Win32.Pirminay.oor Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.hx McAfee = Downloader.a!pd F-Secure = Trojan.Generic.KDV.118065 VIPRE = Trojan.Win32.Generic!BT eSafe = Win32.TRPirminay.Bvt AVG = Generic20.CAOV Norman = W32/Suspicious_Gen2.REVIA Sophos = Troj/Virtum-Gen GData = Trojan.Generic.KDV.118065 Symantec = Trojan.Gen TheHacker = Trojan/Kryptik.jzc BitDefender = Trojan.Generic.KDV.118065 NOD32 = probably a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2004:11:24 15:42:57-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 348160 Initialized Data Size : 323584 Uninitialized Data Size : 0 Entry Point : 0x5531c OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Associated Device Presence Proxy Dll File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : IPBusEnumProxy Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : IPBusEnumProxy.dll Product Name : Microsoft® Windows® Operating System Product Version : 6.1.7600.16385
VirusTotal Report submitted 2012-04-30 16:26:25
VirusShare info last updated 2012-07-26 11:59:47

	MD5	7055ae5755e7f0e3a1b6971bd42da7d7
	SHA1	eb2a0b2009b48870972e4b9def356d3414ee7faa
	SHA256	aa51a456554409c8f0c9b73d41f82f56701ff2527d9d05d509df9fcb57c98364
SSDeep	6144:SeQ6cgQCiX1TcKvYzpSiEDNevSXqNBcSP4ldTPUnBBkHL4/kZOd:SeQ6cglilAK+gJuSpSid4oHskZOd
Size	339347 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:Kryptik-BHS [Trj] Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.HDC Panda = Trj/CI.A nProtect = Gen:Variant.Zbot.34 VirusBuster = Trojan.Kryptik!rzI0bcQc20Y Comodo = TrojWare.Win32.Trojan.Agent.Gen Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Artemis!7055AE5755E7 DrWeb = Trojan.Hosts.4823 Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Ponmocup.A PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.rc McAfee = Artemis!7055AE5755E7 F-Secure = Gen:Variant.Zbot.34 VIPRE = Trojan.Win32.Generic!BT AVG = Generic21.CKKK Sophos = Mal/Ponmocup-A GData = Gen:Variant.Zbot.34 Symantec = Trojan.Gen TheHacker = Trojan/Pirminay.eun BitDefender = Gen:Variant.Zbot.34 NOD32 = probably a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:08:29 11:12:31-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 45056 Initialized Data Size : 581632 Uninitialized Data Size : 0 Entry Point : 0x7fbb OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Ylvvctpwd Hjjgrgxxjvq File Description : JP Japanese Keyboard Layout for (NEC PC-9800 Npryefh 95) File Version : 6.0.6000.16386 (chgxk_rtm.061101-2205) Internal Name : kbdnec95 Legal Copyright : © Zrgpyhkpw Zetormqzqxq. All rights reserved. Original Filename : kbdnec95.dll Product Name : Fhcydlmrl® Qijbsmw® Omksoilwh Wjprdv Product Version : 6.0.6000.16386
VirusTotal Report submitted 2011-10-01 06:14:19
VirusShare info last updated 2012-07-26 12:01:36

	MD5	f5b373648b2502bcb54abfb5aaf48b25
	SHA1	9349660e5d2fc793a5a9ea837363453c023584c0
	SHA256	b2557e50330e243caadaf7659f13b145df907d663a32c571e854214233999252
SSDeep	6144:c0CvZTJ/KX39zucJXCd6eEpWuJw8lFCEOxICGPZuEF5:6Z9/KHQiX6EpWu9dp7PZuC
Size	305664 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.ULPM.Gen Avast = Win32:Pirminay-BW [Trj] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Pirminay.305664.Y Rising = Trojan.Win32.Generic.128944F5 nProtect = Trojan/W32.Pirminay.305664.B K7AntiVirus = Riskware VirusBuster = Trojan.Pirminay!re6LHcmwZZA VBA32 = Trojan.Pirminay.kcy TrendMicro-HouseCall = TROJ_PIRMINAY.BR Emsisoft = Trojan.Win32.Pirminay!IK Comodo = TrojWare.Win32.Trojan.Agent.Gen McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.MulDrop2.36782 TrendMicro = TROJ_PIRMINAY.BR Kaspersky = Trojan.Win32.Pirminay.jlv Microsoft = TrojanDownloader:Win32/Ponmocup.A ViRobot = Trojan.Win32.S.Pirminay.305664 Fortinet = W32/Kryptik.ANL!tr PCTools = Adware.Lop!rem Jiangmin = Trojan/Pirminay.ahi McAfee = Generic Malware.ms F-Secure = Trojan.Generic.6177722 VIPRE = Trojan.Win32.Generic!SB.0 eSafe = Win32.GenVariant.Fak F-Prot = W32/Zbot.DA.gen!Eldorado AVG = Generic23.AGLL Norman = W32/Obfuscated.L Sophos = Mal/Ponmocup-A GData = Trojan.Generic.6177722 Symantec = Adware.Lop Commtouch = W32/Zbot.DA.gen!Eldorado TheHacker = Trojan/Downloader.Agent.pxo BitDefender = Trojan.Generic.6177722 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:03:17 13:24:10-05:00 PE Type : PE32 Linker Version : 5.12 Code Size : 303104 Initialized Data Size : 4096 Uninitialized Data Size : 393216 Entry Point : 0xaa750 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.2900.5512 Product Version Number : 6.0.2900.5512 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Ianfrccex Hylmxmqqexv File Description : Internet Connection Wizard File Version : 6.00.2900.5512 (xpsp.080413-2105) Internal Name : INETWIZ Legal Copyright : © Swvmphglr Oklxjwsdjxp. All rights reserved. Original Filename : INETWIZ.EXE Product Name : Dfjddmpgu® Qxlltiv® Tdesftvhr System Product Version : 6.00.2900.5512
VirusTotal Report submitted 2012-06-12 14:48:04
VirusShare info last updated 2012-07-26 12:04:41

	MD5	d6c5005e072e024b63737044142b7738
	SHA1	923b9da3e922088da0239ed875b719f0aeed4bfb
	SHA256	b778876e79138d3d3e2c3d4ce80a0c2f40dc3b4cd20b0a8df51592cf6881ca9c
SSDeep	3072:fz55l8rBsWyuajAvDiZEkTyZP+hPBDm5OthP6dERz8AGDkkhxnW7d4oJd:mls7nTOu0+hi2hyyYAGb7W7R
Size	259093 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.XPACK.Gen3 Avast = Win32:Trojan-gen Antiy-AVL = Trojan/Win32.Jorik.gen Ikarus = Trojan-Downloader.Win32.Ponmocup AhnLab-V3 = Win-Trojan/Securisk Panda = Suspicious file K7AntiVirus = Riskware TrendMicro-HouseCall = Cryp_Spypro Comodo = TrojWare.Win32.Trojan.Agent.Gen CAT-QuickHeal = Trojan.Meredrop McAfee-GW-Edition = Generic Dropper!dge TrendMicro = Cryp_Spypro Kaspersky = Trojan.Win32.Genome.myzj Microsoft = Trojan:Win32/Meredrop Fortinet = W32/Dropper.DGE!tr PCTools = HeurEngine.MaliciousPacker Jiangmin = Trojan/Jorik.bkb McAfee = Generic Dropper!dge VIPRE = Packed.Win32.Pirminay.a (v) Avast5 = Win32:Trojan-gen F-Prot = W32/FakeAlert.LP.gen!Eldorado AVG = Generic19.ALIO Norman = W32/Suspicious_Gen2.EYGRH Sophos = Mal/Generic-L Symantec = Packed.Generic.305 GData = Gen:Trojan.Heur.RP.pq1@aiYVxgii TheHacker = Trojan/Genome.myzj BitDefender = Gen:Trojan.Heur.RP.pq1@aiYVxgii NOD32 = probably a variant of Win32/Agent.EDPJVDC
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:31 10:04:45-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 14336 Initialized Data Size : 480256 Uninitialized Data Size : 0 Entry Point : 0x4550 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Get MAC Address File Version : 5.1.2600.0 (xpclient.010817-1148) Internal Name : GetMac.exe Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : GetMac.exe Product Name : Microsoft® Windows® Operating System Product Version : 5.1.2600.0
VirusTotal Report submitted 2011-04-05 22:06:38
VirusShare info last updated 2012-07-26 12:06:50

	MD5	35149a1c76935a1b6ccf71b1393a73e9
	SHA1	bc0f248c18dae442bec2dc899510faedf4f1f3b7
	SHA256	b8930970997fe19a087f90865b99f550abe2e1534409eace1031697a1cc5cc05
SSDeep	6144:PYKNtnvP4C8dEBnWNtIm3KSffYcN1ySdMh85t0seR6o0YtJ:PJnYC8CBHm3KUoSdMxseR6o04J
Size	299003 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Kazy.15607.15 Avast = Win32:Trojan-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Gen Panda = Trj/CI.A nProtect = Gen:Variant.Kazy.15607 VirusBuster = Trojan.Qhost!/DxPuQNmPmA TrendMicro-HouseCall = TROJ_GEN.R4FC2IB Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Artemis!35149A1C7693 TrendMicro = TROJ_GEN.R4FC2IB Kaspersky = Trojan.Win32.Jorik.Pirminay.qn Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Ponmocup.A PCTools = Trojan.Gen Jiangmin = Trojan/Generic.lbwx McAfee = Artemis!35149A1C7693 F-Secure = Gen:Variant.Kazy.15607 VIPRE = Trojan.Win32.Generic!BT AVG = Downloader.Generic11.CNCM Norman = W32/Obfuscated.L Sophos = Mal/Ponmocup-A GData = Gen:Variant.Kazy.15607 Symantec = Trojan.Gen BitDefender = Gen:Variant.Kazy.15607 NOD32 = probably a variant of Win32/Qhost.IJAGUUQ
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:06:19 19:53:31-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 299008 Initialized Data Size : 4096 Uninitialized Data Size : 389120 Entry Point : 0xa7f30 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7000.0 Product Version Number : 6.1.7000.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Hzkswssek Osxhgxlxfav File Description : Network Diagnostic Engine Event Interface File Version : 6.1.7000.0 (winmain_win7beta.081212-1400) Internal Name : ndfetw.dll Legal Copyright : © Xqwtjltcv Sgvblotgdvv. All rights reserved. Original Filename : ndfetw.dll Product Name : Tkwbfotbj® Myooisz® Qonpmodnn Kyvdtt Product Version : 6.1.7000.0
VirusTotal Report submitted 2011-10-03 08:04:07
VirusShare info last updated 2012-07-26 12:07:20

	MD5	5498663fe56464f05a76df3da98fb303
	SHA1	4af33da1451b7e92643029a9e954ec6d256f5b07
	SHA256	be6d7d582c8c300f71eb3239ac87fe1f6aac3f3936958b27d1775cd32506be26
SSDeep	768:wHbCTlqIFY5Z1EKLEwapE/yh6OCDeGW54w59KCc5Faaip4gnv3q22GmaBt:wHlIFsZ1EKLladsDoSwPKCGs4IAGmet
Size	64000 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.XPACK.Gen Avast = Win32:Suprchu [Adw] Antiy-AVL = Trojan/Win32.Genome Ikarus = Trojan.SuspectCRC AhnLab-V3 = Trojan/Win32.HDC Panda = Trj/CI.A nProtect = Gen:Variant.Graftor.1470 VirusBuster = Trojan.Genome!eBwneI2ALdI TrendMicro-HouseCall = TROJ_GEN.R4FC8JO Emsisoft = Trojan.SuspectCRC!IK Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.Click2.2696 TrendMicro = TROJ_GEN.R4FC8JO Kaspersky = Trojan.Win32.Genome.wxke Fortinet = W32/Virtum.MS!tr PCTools = Trojan.Gen Jiangmin = Trojan/Genome.ansf McAfee = Generic Malware.ms F-Secure = Gen:Variant.Graftor.1470 VIPRE = Trojan.Win32.Generic!BT AVG = Generic25.OMR Norman = W32/Suspicious_Gen2.SKYDU Sophos = Troj/Virtum-Gen Symantec = Trojan.Gen.2 GData = Gen:Variant.Graftor.1470 TheHacker = Trojan/Kryptik.tms BitDefender = Gen:Variant.Graftor.1470 NOD32 = Win32/Ponmocup.AA
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 20480 Initialized Data Size : 45056 Uninitialized Data Size : 0 Entry Point : 0x1402 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Prleqmknm Oiunoicemnv File Description : ODBC Code Page Translator File Version : 6.0.6000.16386 (gupnu_rtm.061101-2205) Internal Name : mscxpl32.dll Legal Copyright : © Yvqmmnyqi Wntzrgzroql. All rights reserved. Original Filename : mscxpl32.dll Product Name : Lxdwemqsf® Jgvjzao® Gygwwpxcn Imldny Product Version : 6.0.6000.16386
VirusTotal Report submitted 2011-11-18 14:39:35
VirusShare info last updated 2012-07-26 12:09:50

	MD5	6cc78f5790dc7c55efd35fa0547b5f8b
	SHA1	06d6a8963848b9c55711159aa8f80124f382b932
	SHA256	c38018fbc259ed837f2b04004d68be5c3eabf23ec3e33ab002082f2dee1da113
SSDeep	6144:ARfh/7pJbcK8BQzd4pxqHqtNCIJoIHlef83YvFaYehfE:ih/7Xbc9eqpAHqfCIJTHS834aYehf
Size	403968 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Pirmidrop.G Avast = Win32:Malware-gen Ikarus = Gen.Variant.Vundo Rising = Trojan.Win32.Generic.1234CCB7 nProtect = Trojan/W32.Pirmidrop.403968 K7AntiVirus = Riskware VirusBuster = Trojan.Pirmidrop.B TrendMicro-HouseCall = TROJ_GEN.R47CRH4 Emsisoft = Gen.Variant.Vundo!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Artemis!6CC78F5790DC DrWeb = Trojan.DownLoader2.34051 TrendMicro = TROJ_GEN.R47CRH4 Kaspersky = Trojan.Win32.Pirmidrop.g Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Kryptik.ANL!tr PCTools = HeurEngine.MaliciousPacker Jiangmin = Trojan/Pirmidrop.b McAfee = Artemis!6CC78F5790DC F-Secure = Trojan.Generic.4546575 VIPRE = Packed.Win32.Pirminay.a (v) eSafe = Win32.TRPirmidrop.G F-Prot = W32/FakeAlert.LP.gen!Eldorado AVG = Crypt.WFH Norman = W32/Suspicious_Gen2.PFPRZ Symantec = Packed.Generic.305 GData = Trojan.Generic.4546575 Commtouch = W32/FakeAlert.LP.gen!Eldorado TheHacker = Trojan/Pirmidrop.g BitDefender = Trojan.Generic.4546575 NOD32 = a variant of Win32/Kryptik.NHN
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:04:12 11:56:10-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 390144 Initialized Data Size : 365056 Uninitialized Data Size : 0 Entry Point : 0x60112 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : TCP/IP Remote Shell Command File Version : 5.1.2600.0 (xpclient.010817-1148) Internal Name : rsh.exe Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : rsh.exe Product Name : Microsoft® Windows® Operating System Product Version : 5.1.2600.0
VirusTotal Report submitted 2012-04-15 12:11:04
VirusShare info last updated 2012-07-26 12:11:55

	MD5	75a53b43df086967e61f8c6ae3bb3ba4
	SHA1	a281726e07df971476f24ba7a23997c7bbc3d2a0
	SHA256	c94abe8168a14889494fd6ee79a8c58d212e70a18fea5d5fe9c8620eff26eeec
SSDeep	3072:KVv58vZuZ1d9Yj/FtjHaVv1nXw3p5wHWZb7Q79vxxtfcyCOQzLhrQAG29pPlZg2c:KB//uhWnXw7pM9FNCOOQB2Ifh
Size	238951 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:Downloader-JIF [Trj] Ikarus = Trojan.Win32.Jorik AhnLab-V3 = Trojan/Win32.Jorik Panda = Suspicious file Rising = Trojan.Win32.FakeFolder.z nProtect = Trojan/W32.Agent.238951 K7AntiVirus = Riskware VirusBuster = Trojan.Injector!uc7l10Z9kYs VBA32 = TrojanDownloader.Qhost.jw TrendMicro-HouseCall = Mal_OtorunO Emsisoft = Trojan.Win32.Jorik!IK Comodo = TrojWare.Win32.Trojan.Agent.Gen CAT-QuickHeal = Trojan.Jorik.Pirminay.mh McAfee-GW-Edition = W32/YahLover.worm.gen DrWeb = Trojan.WinSpy.1014 TrendMicro = Mal_OtorunO Kaspersky = Trojan.Win32.Jorik.Pirminay.mh Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Jorik.K!tr PCTools = Net-Worm.SillyFDC!rem Jiangmin = Trojan/Generic.hxys McAfee = W32/YahLover.worm.gen F-Secure = Trojan.Generic.KDV.297459 VIPRE = Trojan.Win32.Generic.pak!cobra eSafe = Win32.TRDropper AVG = Dropper.Generic4.NUT Norman = W32/Kryptik.ALS Sophos = Mal/Generic-L GData = Trojan.Generic.KDV.297459 Symantec = W32.SillyFDC TheHacker = Trojan/Injector.hzu BitDefender = Trojan.Generic.KDV.297459 NOD32 = a variant of Win32/Kryptik.UFA
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 16384 Initialized Data Size : 227328 Uninitialized Data Size : 0 Entry Point : 0x138e OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-04-28 22:06:18
VirusShare info last updated 2012-07-26 12:13:51

	MD5	6a1cddbd8f8ad1d7259216e095c94c3b
	SHA1	6e280f8446f51ca05d95bb258d833608a52ac644
	SHA256	ca8b9d46d3402017826b9aa0ae9c5dad69d156f23ad4cfc2b8db6b3d974f3d97
SSDeep	6144:5aj3A5G0ZBqDLh4DUktcVbC7xF7rjZSGriXqyMPQi/XDrhi87f76Q2lCZZ:gbCG0XsLsUk8kxjZXrGMPQi/Xvc6rZZ
Size	309175 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Drop.Swisyn.jyb Ikarus = Trojan.SuspectCRC Panda = Trj/CI.A Rising = Trojan.Win32.Generic.5203D8C4 nProtect = Trojan.Generic.4130131 Comodo = UnclassifiedMalware McAfee-GW-Edition = Artemis!6A1CDDBD8F8A Microsoft = TrojanDownloader:Win32/Ponmocup.A Jiangmin = Trojan/Agent.dvhx McAfee = Suspect-1B!6A1CDDBD8F8A a-squared = Trojan.SuspectCRC!IK ClamAV = Trojan.GenericFD.3208 F-Secure = Trojan.Generic.4130131 AVG = SHeur3.WDG Sophos = Mal/Generic-L GData = Trojan.Generic.4130131 BitDefender = Trojan.Generic.4130131 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:09:15 14:27:16-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 4096 Initialized Data Size : 603136 Uninitialized Data Size : 0 Entry Point : 0x1dd6 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2010-06-20 15:51:21
VirusShare info last updated 2012-07-26 12:14:17

	MD5	a275ba3e93afb34fe7142ccb95afb442
	SHA1	849a90dbb0961980d51831565b1d4e32f88fa799
	SHA256	cbd9eedf40c2145e2f669b204aad1cd3b00035c2be9b5da94b7171b92cc9b494
SSDeep	6144:O/lYbbxZc2ArOLbddIo0mwRTvDZ9CFyfgdEOxC8ddT316HnZgo:TVRf2NvDvCqgfCYdTlMr
Size	274432 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dldr.Ponmocup.A.28 Ikarus = Trojan.SuspectCRC AhnLab-V3 = Trojan/Win32.Gen Panda = Trj/CI.A K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!GTlX8tefmJY VBA32 = SScope.Trojan.Pirminay.chc Emsisoft = Trojan.SuspectCRC!IK McAfee-GW-Edition = Artemis!A275BA3E93AF DrWeb = Trojan.Hosts.3682 Microsoft = TrojanDownloader:Win32/Ponmocup.A PCTools = Trojan.Gen McAfee = Artemis!A275BA3E93AF F-Secure = Trojan.Generic.5488335 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Pirminay-H eSafe = Win32.Trojan AVG = Generic21.MUS Norman = W32/Obfuscated.L Sophos = Mal/Generic-L Symantec = Trojan.Gen.2 GData = Trojan.Generic.5488335 TheHacker = Trojan/Kryptik.jvo BitDefender = Trojan.Generic.5488335 NOD32 = a variant of Win32/Kryptik.JVO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:05 17:40:34-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 36864 Initialized Data Size : 479232 Uninitialized Data Size : 0 Entry Point : 0x8f12 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 7.0.0.0 Product Version Number : 5.2.3790.1230 File Flags Mask : 0x003f File Flags : Private build File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Unicode Company Name : Adaptec, Inc. File Description : Adaptec Windows Ultra320 Driver File Version : 7.0.000.000 (NT.040809-2325) Internal Name : PH 3.0 MS_V98 V564 bw01 - RTC03 Legal Copyright : Copyright © 2003 Adaptec, Inc. All rights reserved. Original Filename : adpu320.sys Product Name : Adaptec Windows Ultra320 Family Driver Product Version : 5.2.3790.1230
VirusTotal Report submitted 2011-03-08 03:46:23
VirusShare info last updated 2012-07-26 12:14:44

	MD5	125e96188fdd0ef5b48ce471e3766a6d
	SHA1	a40309a891b26f622ceadac8b026a9dd67bb929c
	SHA256	cf1824dbdb09d9c7539f9b1f343aa2b32201ce38a5a4bc8edbba9fc17bc5e1e9
SSDeep	6144:ulI/IVr3DBqFQGiitHS/SXHp0+n54lOAyvsS5mcad0C0eZ:ulI/KELiWy/SXhLfq0C7
Size	297472 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dldr.Zlob.iyw Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Malware.297472.D Panda = Trj/CI.A nProtect = Gen:Variant.Riern.1 K7AntiVirus = Trojan VirusBuster = Trojan.Genome!aqJs6lLwtj8 eTrust-Vet = Win32/Qhosts.FA Emsisoft = Trojan.Win32.Pirminay!IK Comodo = TrojWare.Win32.Trojan.Agent.Gen CAT-QuickHeal = Win32.TrojanDownloader.Renos.KC.4 McAfee-GW-Edition = Generic Downloader.x!dby DrWeb = Trojan.Click1.17956 Kaspersky = Trojan.Win32.Genome.gsin Microsoft = TrojanDownloader:Win32/Renos.KC PCTools = Trojan.Generic McAfee = Generic Downloader.x!dby F-Secure = Backdoor.Generic.250538 VIPRE = Packed.Win32.Pirminay.a (v) Avast5 = Win32:Malware-gen eSafe = Win32.Downloader F-Prot = W32/FakeAlert.LP.gen!Eldorado AVG = Downloader.Generic9.ARRX Norman = W32/DLoader.AHRSB Sophos = Mal/Ponmocup-A GData = Backdoor.Generic.250538 Symantec = Trojan Horse Commtouch = W32/FakeAlert.LP.gen!Eldorado BitDefender = Backdoor.Generic.250538 NOD32 = a variant of Win32/Kryptik.NHN
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2004:08:10 10:25:12-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 52224 Initialized Data Size : 485888 Uninitialized Data Size : 0 Entry Point : 0xd91c OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 2 Language Code : Neutral Character Set : Unicode Company Name : Microsoft Corporation File Description : Azerbaijan_Cyrillic Keyboard Layout File Version : 5.1.2600.0 (xpclient.010817-1148) Internal Name : kbdaze (3.11) Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : kbdaze.dll Product Name : Microsoft® Windows® Operating System Product Version : 5.1.2600.0
VirusTotal Report submitted 2011-08-27 04:15:19
VirusShare info last updated 2012-07-26 12:15:58

	MD5	a2c91e433582b5fb61e9fd2dfa15e685
	SHA1	e353f08605bc2359127ef1dea46c5a7b0092407f
	SHA256	d247dee2fbc86fd0445373251f2c905120b4b5a74ff67348bbdb96837be492f7
SSDeep	12288:fNa0vfDnbzkSCJf96hw/ww9VxlxHCHaoeHNiP4Nc:fNpDbzkSrwL9/7HCH9etiANc
Size	457716 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Fakealert.39.14 Avast = Win32:Pirminay-BW [Trj] Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Gen Panda = Trj/CI.A nProtect = Gen:Variant.FakeAlert.39 VirusBuster = Trojan.Kryptik!IeVZwlZSOTA TrendMicro-HouseCall = TROJ_GEN.R11C3GI Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Downloader.a!ma DrWeb = Trojan.MulDrop2.36782 TrendMicro = TROJ_GEN.R11C3GI Kaspersky = Trojan.Win32.Pirminay.ofl Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = PossibleThreat PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.alj McAfee = Downloader.a!ma F-Secure = Gen:Variant.FakeAlert.39 VIPRE = Trojan.Win32.Generic!BT AVG = Generic23.AZVP Norman = W32/Obfuscated.L Sophos = Mal/Generic-L GData = Gen:Variant.FakeAlert.39 Symantec = Trojan.Gen TheHacker = Trojan/Pirminay.jzg BitDefender = Gen:Variant.FakeAlert.39 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:18 12:11:07-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 454656 Initialized Data Size : 4096 Uninitialized Data Size : 548864 Entry Point : 0xf5b10 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.5492.0 Product Version Number : 6.0.5492.0 File Flags Mask : 0x003f File Flags : Private build File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Unicode Company Name : Integrated Technology Express, Inc. File Description : ITE IT8211 ATA/ATAPI SCSI miniport File Version : v1.3.2.7 (NT.060726-2054) Internal Name : IT8211 WIN2000/XP driver v1.3.2.7 Legal Copyright : Copyright (C) Integrated Technology Express, Inc. 2005 Original Filename : iteatapi.sys Product Name : Cnhopprux® Qgqpdpi® Lkenhoyrm Ckufcb Product Version : 6.0.5492.0
VirusTotal Report submitted 2011-10-03 07:51:57
VirusShare info last updated 2012-07-26 12:17:19

	MD5	903c97f30ba96a495d6038fcb8df38b2
	SHA1	92662b5009a665a2eb5823138ca8b0794ba9f2e9
	SHA256	d8705a3b3edb58e0737bb7ea3516463c909ce3b5de3bef154aafc75c3c90d8d7
SSDeep	6144:P/CjrpmDeyA0hrDEiW+Eqgzk1oTpsjQerCfrsHhTjAhW0M9TetYlGfaUC:nCjLqh3EiW5g1oTejQ140Lt6uaUC
Size	302564 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.XPACK.Gen Avast = Win32:Vundo-JU [Trj] Antiy-AVL = Trojan/win32.agent.gen Ikarus = Trojan-Downloader.Win32.Ponmocup Panda = Suspicious file K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!XQC83ScHLAg VBA32 = Trojan.Pirminay.lgu TrendMicro-HouseCall = TROJ_RENOS.BMC Comodo = TrojWare.Win32.Trojan.Agent.Gen Emsisoft = Trojan-Downloader.Win32.Ponmocup!IK CAT-QuickHeal = Trojan.Pirminay.lgu McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.DownLoader4.56877 TrendMicro = TROJ_RENOS.BMC Kaspersky = Trojan.Win32.Pirminay.lgu Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Kryptik.ANL!tr Jiangmin = Trojan/Pirminay.sn McAfee = Generic Malware.ms F-Secure = Gen:Variant.Zbot.34 VIPRE = Trojan.Win32.Generic!BT AVG = Generic21.CLPX Norman = W32/Suspicious_Gen2.QVKSP Sophos = Mal/Generic-L GData = Gen:Variant.Zbot.34 Symantec = Packed.Generic.305 TheHacker = Trojan/Pirminay.eyw BitDefender = Gen:Variant.Zbot.34 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2002:08:22 03:39:20-04:00 PE Type : PE32 Linker Version : 5.12 Code Size : 32768 Initialized Data Size : 536576 Uninitialized Data Size : 0 Entry Point : 0x7ea6 OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.2180 Product Version Number : 5.1.2600.2180 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : Neutral Character Set : Unicode Company Name : Iujbywkiy Pcyhmqylket File Description : SCSI Port Driver File Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Internal Name : scsiport.sys Legal Copyright : © Wmzzvydud Tnxkdnjuzct. All rights reserved. Original Filename : scsiport.sys Product Name : Gzwdwjawk® Sfthzzp® Bfryqqudy Wvwniu Product Version : 5.1.2600.2180
VirusTotal Report submitted 2012-05-14 06:18:18
VirusShare info last updated 2012-07-26 12:19:38

	MD5	c3f8cec2ffa3e86f99fcffd526e97d87
	SHA1	e6d30bcb0a5506c68c6a3f9a7d992a66359916fc
	SHA256	dc3520d69851614adbd6c64d177d80482175e33c7327f25dc826f9065beee8a2
SSDeep	6144:bywCrsWIYqMfaokVaRzy5Saxev4H5gR4UCmr88GZkbyWNJW:OhIdfMSokQxAEvqKu5AhYyzg
Size	314979 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Kazy.27030 Avast = Win32:Trojan-gen Antiy-AVL = Trojan/win32.agent.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/CI.A nProtect = Gen:Variant.Kazy.27030 VirusBuster = Trojan.DL.Agent!4rInx2f4Rfo Comodo = TrojWare.Win32.Trojan.Agent.Gen SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Downloader.a!e DrWeb = Trojan.DownLoader3.41896 Kaspersky = Trojan.Win32.Pirminay.jds Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Pirminay.JDS!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.gkxo McAfee = Downloader.a!e F-Secure = Trojan.Generic.6164592 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Downloader-IDN AVG = SHeur3.CGEY Norman = W32/Obfuscated.L Symantec = Trojan.Gen GData = Trojan.Generic.6164592 TheHacker = Trojan/Pirminay.jab BitDefender = Trojan.Generic.6164592 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:11:23 15:50:45-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 311296 Initialized Data Size : 4096 Uninitialized Data Size : 401408 Entry Point : 0xae920 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.0.2134.1 Product Version Number : 5.0.2134.1 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 8 Language Code : English (U.S.) Character Set : Unicode Company Name : Gagvrylqb Kgijrswgxrk File Description : Gwqvmlzda ACM Audio Filter File Version : 5.00.2134.1 Internal Name : Ujjbafrgf ACM Audio Filter Legal Copyright : Copyright (C) Mndxuteda Corp. 1981-1999 Original Filename : msfltr32.acm Product Name : Pklkhigfo(R) Wwvnjda (R) 2000 Operating Ujytgc Product Version : 5.00.2134.1
VirusTotal Report submitted 2011-07-01 19:08:29
VirusShare info last updated 2012-07-26 12:21:00

	MD5	e8a3741d700a13a2d8013b0085520d51
	SHA1	76958afa5b8cb15c0d8c01e1f41fbd2edba75032
	SHA256	dd7e7780618c5c575ed6d8ea074da41d85a84f131757634b7e7328e6e23ed4b9
SSDeep	6144:ezCotqTz8we9UqRlP9jBpD+BIX+Vyi/Nn7+SgqhYybDM0hObYlCO4F:Qt+tQBXpDgV5/9bYCgie
Size	349712 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Pirminay.ayk Avast = Win32:Trojan-gen Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan-Downloader.Win32.Ponmocup AhnLab-V3 = Win-Trojan/Swisyn.349712 Panda = Suspicious file VBA32 = suspected of Trojan.Pirminay.ayl TrendMicro-HouseCall = TROJ_GEN.R28C2BE Emsisoft = Trojan-Downloader.Win32.Ponmocup!IK McAfee-GW-Edition = Generic Downloader.x!eln TrendMicro = TROJ_GEN.R28C2BE Kaspersky = Trojan.Win32.Pirminay.dll Microsoft = TrojanDownloader:Win32/Ponmocup.A PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.nd McAfee = Generic Downloader.x!eln F-Secure = Trojan.Generic.5200338 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Trojan-gen AVG = Generic20.BFSY Norman = W32/Obfuscated.L Sophos = Mal/Generic-L Symantec = Trojan.Gen GData = Trojan.Generic.5200338 TheHacker = Trojan/Pirminay.ayk BitDefender = Trojan.Generic.5200338 NOD32 = a variant of Win32/Kryptik.IZC
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:02:10 09:55:22-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 342016 Initialized Data Size : 290304 Uninitialized Data Size : 0 Entry Point : 0x543cc OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6001.18000 Product Version Number : 6.0.6001.18000 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Microsoft User Experience Session Management Service File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840) Internal Name : UxSms.dll Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : UxSms.dll Product Name : Microsoft® Windows® Operating System Product Version : 6.0.6001.18000
VirusTotal Report submitted 2011-03-17 01:11:37
VirusShare info last updated 2012-07-26 12:21:27

	MD5	8e17cd4ce5339467e4d7ee91ba6ad5f0
	SHA1	df34d8dcd687e9092f40e9137c9f22da9fe6063a
	SHA256	dfa6ebf1c3611129e13d98b8ece002ef41883d55d161fe99c727709d5056c985
SSDeep	6144:P1YlubkDIe20YfactSsf3uTIQnBFN8AxiGirSZ8Xo/Kd:PGvJYieSsWTRnBF9iGeSZ8Xo/K
Size	387584 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dldr.Ponmocup.A.27 Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Malware.387584.I Panda = Suspicious file nProtect = Trojan.Generic.3987521 K7AntiVirus = Trojan TrendMicro-HouseCall = TROJ_GEN.R21C1DO McAfee-GW-Edition = Generic Downloader.x!ehg TrendMicro = TROJ_GEN.R21C1DO Kaspersky = Trojan.Win32.Pirminay.cnk Microsoft = TrojanDownloader:Win32/Ponmocup.A PCTools = HeurEngine.MaliciousPacker McAfee = Generic Downloader.x!ehg VIPRE = Trojan.Win32.Generic!SB.0 Avast5 = Win32:Malware-gen F-Prot = W32/FakeAlert.LP.gen!Eldorado AVG = Generic22.BCAN Norman = W32/Suspicious_Gen2.CGTGJ Sophos = Mal/Generic-L Symantec = Packed.Generic.305 GData = Trojan.Generic.3987521 Commtouch = W32/FakeAlert.LP.gen!Eldorado BitDefender = Trojan.Generic.3987521 NOD32 = a variant of Win32/Kryptik.JJR
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2007:12:28 03:04:49-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 20992 Initialized Data Size : 727040 Uninitialized Data Size : 0 Entry Point : 0x5eac OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : TCPIP Finger Command File Version : 5.1.2600.0 (xpclient.010817-1148) Internal Name : finger.exe Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : finger.exe Product Name : Microsoft® Windows® Operating System Product Version : 5.1.2600.0
VirusTotal Report submitted 2011-05-24 06:13:03
VirusShare info last updated 2012-07-26 12:22:09

	MD5	19f2d3bfeeb343100fbb1108b4d47bbd
	SHA1	1f452815c1e6eea35552fbef1cddad8a1c233795
	SHA256	e7c91ef7ebc94ace0afb9eb3c833f7e108258a733d99207512d3f04e813c8a31
SSDeep	6144:XmRll46LCLMPKZuZuTTTiSg7fSGF7i/RxunGoNx1QKO9hOrCGR4:WRTTLbCZuqTG7f8unrFO9hOrT4
Size	315940 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dldr.Ponmocup.A.154 Ikarus = Trojan-Downloader.Win32.Ponmocup AhnLab-V3 = Trojan/Win32.ADH Panda = Suspicious file nProtect = Trojan.Generic.5341697 VBA32 = suspected of Trojan.Pirminay.bg TrendMicro-HouseCall = TROJ_GEN.R29C2A3 Comodo = UnclassifiedMalware Emsisoft = Trojan-Downloader.Win32.Ponmocup!IK McAfee-GW-Edition = Heuristic.BehavesLike.Win32.Downloader.H DrWeb = Trojan.Hosts.2688 TrendMicro = TROJ_GEN.R29C2A3 Microsoft = TrojanDownloader:Win32/Ponmocup.A PCTools = Trojan.Gen F-Secure = Trojan.Generic.5341697 VIPRE = Trojan.Win32.Generic!BT AVG = Pakes.IEA Norman = W32/Obfuscated.L Sophos = Mal/Generic-L GData = Trojan.Generic.5341697 Symantec = Trojan.Gen BitDefender = Trojan.Generic.5341697 NOD32 = a variant of Win32/Kryptik.JIW
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:11:27 15:01:27-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 49664 Initialized Data Size : 525824 Uninitialized Data Size : 0 Entry Point : 0xcd26 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 6 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : MS Remote Access and Routing ARP Driver File Version : 6.0.6000.16386 (vista_rtm.061101-2205) Internal Name : WANARP.SYS Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : WANARP.SYS Product Name : Microsoft® Windows® Operating System Product Version : 6.0.6000.16386
VirusTotal Report submitted 2011-01-14 08:50:57
VirusShare info last updated 2012-07-26 12:25:08

	MD5	ad515056584cd273a4221d61f31b4e13
	SHA1	7615dc32efc61f72ba327ac810cf5d178cdce6ac
	SHA256	e920e25df4d1c9f80728958579120b18abf34d639359a7574665edbf21ce22c6
SSDeep	1536:H+JGWxFWj0mULedqY0gDzy34I5VPB7ZwsvzmxXJgm:MJWIxvgDWZjPvyxSm
Size	62464 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Graftor.36492 Avast = Win32:Suprchu [Adw] Antiy-AVL = Trojan/Win32.Genome Ikarus = Win32.SuspectCrc AhnLab-V3 = Malware/Win32.Generic Panda = Trj/CI.A nProtect = Gen:Variant.Graftor.1470 K7AntiVirus = Riskware Comodo = UnclassifiedMalware Emsisoft = Win32.SuspectCrc!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[RE] McAfee-GW-Edition = Generic.dx!bbt4 Fortinet = W32/Kryptik.TMS!tr Jiangmin = DangerousObject.Multi.enl McAfee = Generic.dx!bbt4 F-Secure = Gen:Variant.Graftor.1470 VIPRE = Trojan.Win32.Generic!BT AVG = Generic25.OQU Norman = W32/Suspicious_Gen2.SUFUC Sophos = Troj/Virtum-Gen GData = Gen:Variant.Graftor.1470 Commtouch = W32/GenBl.AD515056!Olympus TheHacker = Trojan/Kryptik.tms BitDefender = Gen:Variant.Graftor.1470 NOD32 = Win32/Ponmocup.AA
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 20480 Initialized Data Size : 49152 Uninitialized Data Size : 0 Entry Point : 0x13ee OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.0.2174.1 Product Version Number : 5.0.2174.1 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Fnbwpqjmo Vlxhkovlrnj File Description : Remote Storage Subsytem Proxy / Stub File Version : 5.00.2174.1 Internal Name : RsSubPs.dll Legal Copyright : Copyright (C) Pifktjfsp Corp. and Seagate Software, Inc.1981-1999 Original Filename : RsSubPs.dll Product Name : Focozyxvm(R) Bvmnljx (R) 2000 Qugcpmrod Gxqpps Product Version : 5.00.2174.1
VirusTotal Report submitted 2011-12-04 22:53:54
VirusShare info last updated 2012-07-26 12:25:49

	MD5	efa342c12c989004fb15aa75e321cd33
	SHA1	afde34aeafd0d4926b3652ee13121f010be2f83f
	SHA256	f34f38daba036d509fdf69e77e22735ca27113947489a0c6dd98eca64c2b0254
SSDeep	6144:vVVCrJmoUBwUgb1S8w0W/E5eg8M3yS54IB0vYDsjRlkTJZndJ+V1UbIRzh:7gMoUb6S8w0cmjz3XJ0Cs3kTjdJ+Umh
Size	434157 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dldr.Ponmocup.A.116 Avast = Win32:Dropper-gen Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Suspicious file nProtect = Gen:Variant.Zbot.34 K7AntiVirus = Riskware VBA32 = SScope.Trojan.Pirminay.chc TrendMicro-HouseCall = TROJ_GEN.R3EC2C8 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Pirminay.dpb McAfee-GW-Edition = Downloader-CEW.ag DrWeb = Trojan.Hosts.3917 TrendMicro = TROJ_GEN.R3EC2C8 Kaspersky = Trojan.Win32.Pirminay.dpb Microsoft = TrojanDownloader:Win32/Renos.KC Fortinet = W32/CEW.AG!tr.dldr PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.mj McAfee = Downloader-CEW.ag F-Secure = Trojan.Generic.5503139 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Dropper-gen AVG = FakeAV.KIK Norman = W32/Suspicious_Gen2.JBDVH Sophos = Mal/Ponmocup-A Symantec = Trojan.Gen GData = Trojan.Generic.5503139 TheHacker = Trojan/Pirminay.doi BitDefender = Trojan.Generic.5503139 NOD32 = a variant of Win32/Kryptik.JVO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:08:19 03:24:09-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 421888 Initialized Data Size : 368640 Uninitialized Data Size : 0 Entry Point : 0x671d6 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6002.18005 Product Version Number : 6.0.6002.18005 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : 802.11 Group Policy Client File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830) Internal Name : wlgpclnt.dll Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : wlgpclnt.dll Product Name : Microsoft® Windows® Operating System Product Version : 6.0.6002.18005
VirusTotal Report submitted 2011-07-20 21:55:08
VirusShare info last updated 2012-07-26 12:32:30

	MD5	0319f20da9b26f22c153b86d99c50fd8
	SHA1	1226353fdf61db401f03d79ac0c3eacf4f85a506
	SHA256	f357543d6f54b05dfa318b98e94dbe6c217dcb6c835d43c4473e746a228ab782
SSDeep	6144:hLvEOVAhg9Xv1rKiqxcQhhpFCmjVXHsCRrzb4VAUQiJC4:1sOiiN3qnRCmjVXHsaxUdV
Size	287108 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Meredrop.A.8406 Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay nProtect = Trojan.Generic.3791476 K7AntiVirus = Riskware VBA32 = Trojan.Agent.dyqh TrendMicro-HouseCall = TROJ_AGENT.AWOR Comodo = TrojWare.Win32.Trojan.Agent.Gen Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Win32.TrojanDownloader.Renos.KC.4 McAfee-GW-Edition = Artemis!0319F20DA9B2 DrWeb = Trojan.Siggen1.60794 TrendMicro = TROJ_AGENT.AWOR Kaspersky = Trojan.Win32.Agent.dyqh Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.ADH Jiangmin = Trojan/Agent.dulo McAfee = Artemis!0319F20DA9B2 F-Secure = Trojan.Generic.3791476 VIPRE = Packed.Win32.Pirminay.a (v) F-Prot = W32/FakeAlert.LP.gen!Eldorado AVG = Generic17.BCSN Norman = W32/Kryptik.AIF Sophos = Mal/Generic-L GData = Trojan.Generic.3791476 Symantec = Trojan.ADH Commtouch = W32/FakeAlert.LP.gen!Eldorado TheHacker = Trojan/Agent.ehig BitDefender = Trojan.Generic.3791476 NOD32 = probably a variant of Win32/Agent.HGJSUFH
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:08:27 09:21:50-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 20992 Initialized Data Size : 523264 Uninitialized Data Size : 0 Entry Point : 0x5fce OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 4.4.0.3400 Product Version Number : 4.4.0.3400 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : NMMKCERT Library File Version : 4.4.3400 Internal Name : NMMKCERT Legal Copyright : Copyright © Microsoft Corporation 1996-2001 Legal Trademarks : Microsoft® , Windows® and NetMeeting® are registered trademarks of Microsoft Corporation in the U.S. and/or other countries. Original Filename : NMMKCERT.DLL Product Name : Windows® NetMeeting® Product Version : 3.01
VirusTotal Report submitted 2012-06-10 11:52:26
VirusShare info last updated 2012-07-26 12:32:31

	MD5	3770f7d461a3dd985a07dbd0188efa03
	SHA1	651ac412146f334509df5ea61a4ebf8e205290c4
	SHA256	fb437ac0f653bbfe8835e28f97d2e5393f5340ca87a86542bf0214abdb2124f9
SSDeep	6144:kp4rnqiHLObc+EYrQ5P2xMo7VZwU2lTl5OtLBHDwSbNTX0a+XHBl3NhoD61RRZrC:trrj+EOEPWwUkMdjwE4HzfJ1/Ze
Size	410079 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dldr.Ponmocup.A.134 Avast = Win32:Malware-gen Ikarus = Gen.Variant.Zbot Emsisoft = Gen.Variant.Zbot!IK F-Secure = Gen:Variant.Zbot.34 VIPRE = Trojan.Win32.Generic!SB.0 Avast5 = Win32:Malware-gen GData = Gen:Variant.Zbot.34 BitDefender = Gen:Variant.Zbot.34
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2005:03:18 03:04:41-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 376832 Initialized Data Size : 344064 Uninitialized Data Size : 0 Entry Point : 0x59a06 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Ammklclva Rmusxoikohs File Description : WIA Video File Version : 6.0.6000.16386 (zzrlk_rtm.061101-2205) Internal Name : WIA Video Legal Copyright : © Ezrizkwjq Qwuaflvoniy. All rights reserved. Original Filename : WIAVIDEO.DLL Product Name : Ceqmwgsle® Gpjwmxn® Ankucxhrb Ephlxd Product Version : 6.0.6000.16386
VirusTotal Report submitted 2011-03-07 19:41:58
VirusShare info last updated 2012-07-26 12:36:09

	MD5	a46c8f58d05d939ca0c8903f2f7f4413
	SHA1	e68ed08c1b4a891d78630fe2a0b83fc6afe2801b
	SHA256	fe110edda3a42017ff31633d7cb6f4afa6ce8579c26396ce766c61925edfad35
SSDeep	12288:XnX1NiVV9aqgvYTgyt2GoZYD5jOXUh3iEB3l:Xn4V9egkyemD1OXCXB1
Size	589324 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dldr.Ponmocup.A.237 Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Pirminay.589324 Panda = Trj/CI.A nProtect = Trojan.Generic.5804171 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!JvA3FbNJkaY VBA32 = Trojan.SpyEye.xc TrendMicro-HouseCall = TROJ_GEN.R3EC1DT Comodo = TrojWare.Win32.Trojan.Agent.Gen CAT-QuickHeal = Trojan.Pirminay.fwx SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Generic Downloader.x!flj DrWeb = Trojan.DownLoader2.39556 TrendMicro = TROJ_GEN.R3EC1DT Kaspersky = Trojan.Win32.Pirminay.fwx Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/DwnLdr.IXA!tr PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.uf McAfee = Generic Downloader.x!flj F-Secure = Trojan.Generic.5804171 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Vundo-JU AVG = Generic22.LPH Norman = W32/Obfuscated.L Sophos = Troj/DwnLdr-IXA Symantec = Trojan.Gen GData = Trojan.Generic.5804171 TheHacker = Trojan/Pirminay.fsz BitDefender = Trojan.Generic.5804171 NOD32 = probably a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:15 19:01:22-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 262144 Initialized Data Size : 647168 Uninitialized Data Size : 0 Entry Point : 0x3d092 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.3959 Product Version Number : 5.2.3790.3959 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Coowhvusg Ohzzuaonsyl File Description : MTF (Vrclibfhl Tape Format) Media Label Library File Version : 5.2.3790.3959 (srv03_sp2_rtm.070216-1710) Internal Name : mll_mtf.DLL Legal Copyright : © Dpalwclpk Anqdchnqwyk. All rights reserved. Original Filename : mll_mtf.DLL Product Name : Gibgmocqq® Xkbruhs® Uyisechpo Zawzqn Product Version : 5.2.3790.3959
VirusTotal Report submitted 2011-06-21 08:56:15
VirusShare info last updated 2012-07-26 12:37:14

	MD5	56c13fb4c1d0d16ea7f880f38d6102b4
	SHA1	00fe9b1c87268dd8cf4793112f6bb43cedb75008
	SHA256	1426dec844fc33aaee1f9c0b20d15c92ed010c52d28b003ae3acc32b9f61715b
SSDeep	1536:q+s7R3sAZYDrrvt9vZFOibHrWgsOPJSFRIZQ:ORZYvrvt9RvVJSHIZQ
Size	69120 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.AV.931 Avast = Win32:Adware-gen [Adw] Antiy-AVL = AdWare/Win32.SuperJuan.gen Ikarus = not-a-virus:AdWare.Win32.SuperJuan AhnLab-V3 = Trojan/Win32.HDC Panda = Suspicious file nProtect = Trojan-Clicker/W32.SuperJuan.69120 K7AntiVirus = Adware VBA32 = AdWare.SuperJuan.afzl eTrust-Vet = Win32/Adware.OS!genus TrendMicro-HouseCall = TROJ_GEN.R47C7KG Emsisoft = Riskware.AdWare.Win32.SuperJuan!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Vundo.av SUPERAntiSpyware = Trojan.Agent/Gen-Vundo McAfee-GW-Edition = Generic PUP.z!ij TrendMicro = TROJ_GEN.R47C7KG Kaspersky = not-a-virus:AdWare.Win32.SuperJuan.afzs Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Ponmocup.AA PCTools = Trojan.Gen Jiangmin = Adware/SuperJuan.aox McAfee = Generic PUP.z!ij F-Secure = Gen:Variant.Graftor.4111 VIPRE = Virtumonde AVG = Generic4.CHLH Sophos = Mal/EncPk-ACF GData = Gen:Variant.Graftor.4111 Symantec = Trojan.Gen.2 TheHacker = Trojan/Ponmocup.aa BitDefender = Gen:Variant.Graftor.4111 NOD32 = Win32/Ponmocup.AA
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:22 19:53:04-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 28672 Initialized Data Size : 49152 Uninitialized Data Size : 0 Entry Point : 0x15d5 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : Neutral Character Set : Unicode Company Name : Microsoft Corporation File Description : JP Japanese Keyboard Layout Stub driver File Version : 6.0.6000.16386 (vista_rtm.061101-2205) Internal Name : kbdjpn Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : kbdjpn.dll Product Name : Microsoft® Windows® Operating System Product Version : 6.0.6000.16386
VirusTotal Report submitted 2012-01-06 23:02:15
VirusShare info last updated 2012-07-26 12:39:09

	MD5	9a57c15bc9ee7064cd564d38882977e4
	SHA1	f359efbbd5b59609b68600d3a5d7489fbbe34d4e
	SHA256	0842fc38e180580435f937cba9dfec81d9f66b483cb82a225fe60db9ffa41b6f
SSDeep	6144:Tyqyg0ntYKLvwi5AzujVhIyA85ORl7SBPI:+qMtzLYAcujoyj8LSi
Size	238445 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.CFI.Gen Avast = Win32:Malware-gen Antiy-AVL = Trojan/win32.agent.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Malware.238445 Panda = Trj/CI.A Rising = Worm.Win32.Autorun.eyr nProtect = Trojan.Generic.4296753 K7AntiVirus = Trojan-Downloader VirusBuster = Trojan.Agent!BjyyvzSA8Rw VBA32 = Win32.TrojanDownloader.Agent.PXO TrendMicro-HouseCall = TROJ_GEN.R9DC2IK Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = W32/YahLover.worm.gen DrWeb = Trojan.MulDrop1.24583 TrendMicro = Mal_OtorunO Kaspersky = Trojan.Win32.Agent.egll Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.ADH Jiangmin = TrojanDropper.Agent.ajqi McAfee = W32/YahLover.worm.gen F-Secure = Trojan.Generic.4296753 VIPRE = Trojan.Win32.Generic.pak!cobra AVG = SHeur3.AAYQ Norman = W32/Obfuscated.H!genr GData = Trojan.Generic.4296753 Symantec = Trojan.ADH BitDefender = Trojan.Generic.4296753 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:12 13:55:09-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 225280 Initialized Data Size : 16384 Uninitialized Data Size : 307200 Entry Point : 0x82180 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-06-22 16:55:17
VirusShare info last updated 2012-07-26 12:44:28

	MD5	b41b6bf678694e1a18978db77c757a01
	SHA1	bb9e6616cd1df28373c3d0f0c8e50d66c3a8577b
	SHA256	09c69c246ea0afd71a236d8a2d88429faa0c375cf4f3a503b0e93d50d7ad9237
SSDeep	6144:dKxlWdEJxh8RXmWt8refjp/gTaYnAULYJwg9at2eP/duJr0MX6Mk8JuSRG4J:IxMdET1WCrefjKZdg9oP/gJr0LgVJ
Size	404464 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.ZPACK.Gen2 Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay Panda = Suspicious file nProtect = Trojan.Generic.4628625 K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_RENOS.BMC Emsisoft = Trojan.Win32.Pirminay!IK Comodo = TrojWare.Win32.Trojan.Agent.Gen CAT-QuickHeal = Win32.TrojanDownloader.Renos.KC.4 McAfee-GW-Edition = Generic.dx!twh TrendMicro = TROJ_RENOS.BMC Kaspersky = Trojan.Win32.Pirminay.tm Microsoft = Trojan:Win32/Vundo.gen!CD Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.af McAfee = Generic.dx!twh F-Secure = Trojan.Generic.4628625 VIPRE = Packed.Win32.Pirminay.a (v) F-Prot = W32/FakeAlert.LP.gen!Eldorado AVG = Generic18.BKWH Norman = W32/Kryptik.AIF Sophos = Mal/Ponmocup-A GData = Trojan.Generic.4628625 Symantec = Trojan.Gen Commtouch = W32/FakeAlert.LP.gen!Eldorado BitDefender = Trojan.Generic.4628625 NOD32 = probably a variant of Win32/Agent.KFWWXWP
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:11:18 01:59:55-05:00 PE Type : PE32 Linker Version : 5.12 Code Size : 48128 Initialized Data Size : 698368 Uninitialized Data Size : 0 Entry Point : 0xc8d2 OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.0 Product Version Number : 5.2.3790.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Multicast Information File Version : 5.2.3790.0 (srv03_rtm.030324-2048) Internal Name : mrinfo.exe Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : mrinfo.exe Product Name : Microsoft® Windows® Operating System Product Version : 5.2.3790.0
VirusTotal Report submitted 2012-06-22 17:59:13
VirusShare info last updated 2012-07-26 12:45:57

	MD5	11bdbabe609f1eb629c783b6614f513a
	SHA1	0c3a067e8967ea0846f9523d0406c466f40c556f
	SHA256	a9390abc41750f3ba9a191e863dcf48f06ccdeb59a0089be87354e6ca92053c8
SSDeep	6144:63l2K0MLh7B23K30nFN7Wel51fU+oX8Tpb8P5JoGOl:63lft7B10D1M+okO5Wp
Size	270750 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Jorik Ikarus = Trojan-Downloader.Win32.Ponmocup AhnLab-V3 = Trojan/Win32.Pirminay Panda = Generic Malware nProtect = Gen:Variant.Graftor.1139 K7AntiVirus = Riskware VirusBuster = Trojan.DL.Agent!ZoT8zAPpPzc VBA32 = Trojan.Jorik.Pirminay.awg TrendMicro-HouseCall = TROJ_GEN.R2EC7KB Emsisoft = Trojan-Downloader.Win32.Ponmocup!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Jorik.Pirminay.awg McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.DownLoader5.15559 ByteHero = Trojan.Win32.Heur.Gen TrendMicro = TROJ_GEN.R2EC7KB Kaspersky = Trojan.Win32.Jorik.Pirminay.awg Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Agent.PXO!tr PCTools = Trojan.ADH Jiangmin = Trojan/Generic.kfzm McAfee = Generic Malware.ms F-Secure = Trojan.Generic.6462910 VIPRE = Trojan.Win32.Generic!BT eSafe = Win32.TRDropper AVG = Dropper.Generic4.ACRQ Norman = W32/Obfuscated.L GData = Trojan.Generic.6462910 Symantec = Trojan.ADH TheHacker = Trojan/Downloader.Agent.pxo BitDefender = Trojan.Generic.6462910 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 16384 Initialized Data Size : 262144 Uninitialized Data Size : 0 Entry Point : 0x1296 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 10.0.6002.18005 Product Version Number : 10.0.6002.18005 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : Neutral Character Set : Unicode Company Name : Xwawvtsej Ntblbiphfad File Description : Ynblehubp IME File Version : 10.0.6002.18005 (lh_sp2rtm.090410-1830) Internal Name : imetip.dll Legal Copyright : © Vfohwbvrg Rjrtxnrtxrk. All rights reserved. Original Filename : imetip.dll Product Name : Mxvbeobrc® Bwxvvjl® Ebnohzmgd Todynn Product Version : 10.0.6002.18005
VirusTotal Report submitted 2012-01-05 17:54:45
VirusShare info last updated 2012-07-26 12:48:04

	MD5	c2f0ba7e529e997f6a9edcb2cbb349f6
	SHA1	0ca453a8b383eb1405d16b6209af3e0768971892
	SHA256	118f599f305e3f5bda7bd54fa03c594ffdec4ed77c042ff8d1d048b0a9072af0
SSDeep	1536:hCpmxjrSzRALnh1/2DpH/47aw6UDYF+zE2HwSCE:hVuyz2DZc62YUzNHwSCE
Size	62464 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	Avast = Win32:Trojan-gen Antiy-AVL = Trojan/Win32.Virtumonde.gen Ikarus = Trojan.Win32.Virtumonde AhnLab-V3 = Trojan/Win32.Virtumonde Panda = Trj/CI.A nProtect = Gen:Variant.Graftor.3649 K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_GEN.R01C7KJ Emsisoft = Trojan.Win32.Virtumonde!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[RE] McAfee-GW-Edition = Artemis!C2F0BA7E529E DrWeb = Trojan.Siggen3.26141 Kaspersky = Trojan.Win32.Virtumonde.bfjd Microsoft = Trojan:Win32/Vundo.OT Fortinet = W32/Ponmocup.AA PCTools = Trojan.Gen McAfee = Vundo!na F-Secure = Gen:Variant.Graftor.3649 VIPRE = Virtumonde eSafe = Win32.Trojan AVG = Generic25.BZSB Symantec = Trojan.Gen.2 GData = Gen:Variant.Graftor.3649 TheHacker = Trojan/Ponmocup.aa BitDefender = Gen:Variant.Graftor.3649 NOD32 = Win32/Ponmocup.AA
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:11:30 05:54:55-05:00 PE Type : PE32 Linker Version : 5.12 Code Size : 20480 Initialized Data Size : 49152 Uninitialized Data Size : 0 Entry Point : 0x141a OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2002.10.4.0 Product Version Number : 2002.10.4.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Feenwiu registration Company Name : Bnmhjwpqm Corporation File Description : OffFilt File Version : 2002, 10, 04, 0 Internal Name : OffFilt Legal Copyright : Copyright © 2002 Iyzxroawh Dwjnukubggd Legal Trademarks : Original Filename : OffFilt.dll Private Build : Product Name : Okspwgbbh Office IFilter Product Version : 2002, 10, 04, 0 Special Build :
VirusTotal Report submitted 2011-11-20 02:54:05
VirusShare info last updated 2012-07-26 12:48:25

	MD5	abbaf4a4be1682a0510c5e2ea13ca482
	SHA1	0f7895360d12c08e949c1060a50464e0af0b8763
	SHA256	0c0db6af421e6b772aca4c7294a3fbb6556002ddda6a563a12613f71719dc28a
SSDeep	1536:EC7Q/34AhwL5LeQZD33kC7GOyCeOaQTvUDLwyc8b2t:C49/ZDk6GlVWUDLRc8b2
Size	70144 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.XPACK.Gen Avast = Win32:Malware-gen Ikarus = Win32.SuspectCrc AhnLab-V3 = Trojan/Win32.HDC Panda = Suspicious file nProtect = Gen:Variant.Graftor.3649 TrendMicro-HouseCall = TROJ_GEN.R01C8KJ Comodo = UnclassifiedMalware Emsisoft = Win32.SuspectCrc!IK McAfee-GW-Edition = Generic.dx!bbt4 TrendMicro = TROJ_GEN.R01C8KJ PCTools = Trojan.Gen Jiangmin = Trojan/Generic.rkai McAfee = Generic.dx!bbt4 F-Secure = Gen:Variant.Graftor.3649 VIPRE = Trojan.Win32.Generic!BT eSafe = Win32.TRCrypt.XPACK AVG = Generic25.COYU Norman = W32/Suspicious_Gen2.SNCAJ Sophos = Mal/EncPk-ACF GData = Gen:Variant.Graftor.3649 Symantec = Trojan.Gen.2 TheHacker = Trojan/Ponmocup.aa BitDefender = Gen:Variant.Graftor.3649 NOD32 = Win32/Ponmocup.AA
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 8.0 Code Size : 20480 Initialized Data Size : 53248 Uninitialized Data Size : 0 Entry Point : 0x140a OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : TCP/IP PathPing Command File Version : 5.1.2600.0 (xpclient.010817-1148) Internal Name : pathping.exe Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : pathping.exe Product Name : Microsoft® Windows® Operating System Product Version : 5.1.2600.0
VirusTotal Report submitted 2011-12-15 19:05:38
VirusShare info last updated 2012-07-26 12:50:53

	MD5	2354e9e53917c05abb989bba1c4d1cf1
	SHA1	0fe84be9851258bfc1ba583ab507d44b149640c0
	SHA256	b43bfe05b6e5b31677baac3fa43ac83ff33709231fce475e87d28b71d35be6ab
SSDeep	6144:gqXcMZjfw9Ed6ydeSWST8MqP/IaDK9je:FXcMZjNkydl3bqP/IaDb
Size	278528 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = ADWARE/Adware.Gen Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Jorik AhnLab-V3 = Trojan/Win32.FakeAV Panda = Trj/CI.A nProtect = Gen:Variant.Downloader.10 VirusBuster = Trojan.Injector!91aRSm8Tw04 VBA32 = Trojan.Jorik.Pirminay.be TrendMicro-HouseCall = TROJ_GEN.R4FC3IH Emsisoft = Trojan.Win32.Jorik!IK SUPERAntiSpyware = Adware.Vundo/Variant-MSFake McAfee-GW-Edition = Heuristic.LooksLike.Win32.Suspicious.C DrWeb = Trojan.DownLoader4.17985 ByteHero = Trojan.Win32.Heur.Gen TrendMicro = TROJ_GEN.R4FC3IH Kaspersky = Trojan.Win32.Jorik.Pirminay.nc Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Jorik.K!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.hxys McAfee = Generic.evx!v F-Secure = Trojan.Generic.6573909 VIPRE = Trojan.Win32.Generic!BT AVG = SHeur3.CKGC Norman = W32/Obfuscated.L Sophos = Troj/Virtum-Gen Symantec = Trojan.Gen.2 GData = Trojan.Generic.6573909 BitDefender = Trojan.Generic.6573909 NOD32 = a variant of Win32/Injector.HZU
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 253952 Initialized Data Size : 28672 Uninitialized Data Size : 40960 Entry Point : 0x489e0 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 0.3.1281.0 Product Version Number : 6.0.5479.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 12 Language Code : Arabic Character Set : Unicode Company Name : Microsoft Corporation File Description : برنامج تشغيل الطابعة Oksidm9 File Version : 6.0.5479.0 (vbl_wcp_d2_drivers.060616-1619) Internal Name : Oksidm9.dll Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : Oksidm9.dll Product Name : Microsoft® Windows® Operating System Product Version : 6.0.5479.0
VirusTotal Report submitted 2011-11-18 18:45:08
VirusShare info last updated 2012-07-26 12:51:16

	MD5	95b2307711bd79e12b7e43b699412291
	SHA1	124ef48834398520bc23bf1095d11755b92f4ebf
	SHA256	a502cf2cd46e694b6b1d9fda6e82684f0887aa74fe369fca6b815a60288ce2a6
SSDeep	1536:k92beO2x5A/D/0L/12iEDgPiHWrtRXNsw+6HYRJDZROy:BQ5IDkjED0LuwoPO
Size	74240 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Graftor.36492 Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Virtumonde.gen Ikarus = Trojan.Win32.Virtumonde AhnLab-V3 = Trojan/Win32.Monder Panda = Generic Trojan nProtect = Trojan/W32.Virtumonde.74240 K7AntiVirus = Riskware VirusBuster = Trojan.Virtumonde!6ijre1cO7Ss VBA32 = Trojan.Virtumonde.bfje TrendMicro-HouseCall = TROJ_GEN.R47C9KP Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Virtumonde!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[Cont] McAfee-GW-Edition = Vundo!na DrWeb = Trojan.Siggen3.26382 TrendMicro = TROJ_GEN.R47C9KP Kaspersky = Trojan.Win32.Virtumonde.bfje Fortinet = W32/Ponmocup.AA Jiangmin = Trojan/Virtumonde.akq McAfee = Vundo!na F-Secure = Gen:Variant.Graftor.3649 VIPRE = Virtumonde AVG = Generic25.CCPF Norman = W32/Suspicious_Gen2.SRVGM Sophos = Mal/EncPk-ACF GData = Gen:Variant.Graftor.3649 Symantec = WS.Reputation.1 TheHacker = Trojan/Ponmocup.aa BitDefender = Gen:Variant.Graftor.3649 NOD32 = Win32/Ponmocup.AA
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:01:19 04:36:16-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 20480 Initialized Data Size : 61440 Uninitialized Data Size : 0 Entry Point : 0x13fe OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 8.0.1.20 Product Version Number : 8.0.1.20 File Flags Mask : 0x0000 File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Zngoqhway Kcszufheivj File Description : Agejjynwg Media Device Service Provider File Version : 8.0.1.20 Internal Name : MsPMSP.dll Legal Copyright : Copyright (C) Lzluiftba Corp. Original Filename : MsPMSP.dll Product Name : Vqphmpv Media Device Manager Product Version : 8.0.1.20 OLE Self Register :
VirusTotal Report submitted 2011-12-28 04:15:25
VirusShare info last updated 2012-07-26 12:53:35

	MD5	5cb693f769542c4eab0b14ac9d68cde9
	SHA1	13cb04211dddf5ee5b1f2a36f24fb2ce4ae18d09
	SHA256	14606f0cfeff99a7aeae2da961a076142e902ac108d842350f280215cb47d0df
SSDeep	6144:7yWE5K6E/CakvUmCRYZtL81W26t5aRWVZTJDNnJHSxYkdz:72K6E/Cv2YZ6waWjNxJuLZ
Size	246272 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dldr.Ponmocup.A.415 Avast = Win32:Trojan-gen Antiy-AVL = Trojan/Win32.Genome Ikarus = Trojan-Downloader.Win32.Ponmocup AhnLab-V3 = Trojan/Win32.Monder nProtect = Gen:Variant.Graftor.3421 K7AntiVirus = Trojan VBA32 = Trojan.Genome.yjof TrendMicro-HouseCall = TROJ_GEN.R1CC7KC Emsisoft = Trojan-Downloader.Win32.Ponmocup!IK Comodo = UnclassifiedMalware CAT-QuickHeal = TrojanDownloader.Ponmocup.a McAfee-GW-Edition = Downloader.a!ya DrWeb = Trojan.DownLoader5.13852 TrendMicro = TROJ_GEN.R1CC7KC Kaspersky = Trojan.Win32.Genome.yxyv Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Ponmocup.AA Jiangmin = Trojan/Generic.knvv McAfee = Downloader.a!ya F-Secure = Gen:Variant.Graftor.3421 VIPRE = Trojan.Win32.Generic!BT eSafe = Win32.GenVariant.Gra AVG = Win32/Vitru Norman = W32/Obfuscated.L Symantec = Suspicious.Cloud GData = Gen:Variant.Graftor.3421 TheHacker = Trojan/Ponmocup.aa BitDefender = Gen:Variant.Graftor.3421 NOD32 = Win32/Ponmocup.AA
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 8.0 Code Size : 245760 Initialized Data Size : 4096 Uninitialized Data Size : 40960 Entry Point : 0x46310 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 0.3.1536.1 Product Version Number : 1.10.2.11 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : CANON INC. File Description : Canon Inkjet Printer Driver File Version : 1.10.2.11 (fbl_dox_dev_ihvs.081016-1807) Internal Name : CNBBRxxx.DLL Legal Copyright : Copyright CANON INC. 2008 All Rights Reserved Original Filename : CNBBRxxx.DLL Product Name : Canon Inkjet Printer Driver Product Version : 1.10.2.11
VirusTotal Report submitted 2011-12-21 00:44:42
VirusShare info last updated 2012-07-26 12:54:50

	MD5	c08b469727f1b87e7dac13c1c8625b7d
	SHA1	155c8c5050587286b67426f8e4e4441a27ea0147
	SHA256	9c1dcadb64d591aee9243a3099ec9aad838dd21aa30c6b687db4966787809482
SSDeep	6144:M4M0gAAlL480GI/prDREQ3qx5i73ZtQ8vN19a4TNBFM:M4M0g9684pPo+7k8vbzTu
Size	361385 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dldr.Ponmocup.A.180 Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Fakeav.361385 Panda = Generic Trojan Rising = Trojan.Win32.Generic.1289CFD6 nProtect = Trojan/W32.Agent.361385.B K7AntiVirus = Riskware VirusBuster = Trojan.Agent!6aJ4BhwcvSE VBA32 = SScope.Trojan.Pirminay.chc TrendMicro-HouseCall = TROJ_GEN.R3EC2D6 Emsisoft = Trojan.Win32.Pirminay!IK Comodo = TrojWare.Win32.Trojan.Agent.Gen CAT-QuickHeal = Trojan.Pirminay.eed McAfee-GW-Edition = Generic Downloader.x!fum DrWeb = Trojan.Hosts.4142 TrendMicro = TROJ_GEN.R3EC2D6 Kaspersky = Trojan.Win32.Pirminay.eed Microsoft = TrojanDownloader:Win32/Ponmocup.A PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.ok McAfee = Generic Downloader.x!fum F-Secure = Trojan.Generic.KDV.158633 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Vundo-JU eSafe = Win32.TrojanDownload AVG = Generic21.AWJN Norman = W32/Suspicious_Gen2.JJIIM Sophos = Mal/Ponmocup-A Symantec = Trojan.Gen GData = Trojan.Generic.KDV.158633 TheHacker = Trojan/Pirminay.eed BitDefender = Trojan.Generic.KDV.158633 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:11:18 23:20:31-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 57344 Initialized Data Size : 593920 Uninitialized Data Size : 0 Entry Point : 0xa6f3 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Wawcufmps Qhntvluiirx File Description : Updilfyst Rendezvous Control File Version : 5.1.2600.0 (lnduoreo.010817-1148) Internal Name : rend.dll Legal Copyright : © Kcjhjntlc Xvcvqoavlub. All rights reserved. Original Filename : rend.dll Product Name : Wgxcdcfel® Bnchrla® Dnbgilomt Pdewhz Product Version : 5.1.2600.0
VirusTotal Report submitted 2011-07-21 21:12:12
VirusShare info last updated 2012-07-26 12:56:07

	MD5	4537cb4d687ce695b2548b95dc774f09
	SHA1	b57c71cf469117fa2c791a3c7eb89cd3fb944d3b
	SHA256	16b511e6844fe2d184704b730eaa29825cf380ba913b0d4192b1bcdcac8e15d2
SSDeep	6144:g0oZsNG2MsmP6TStzmdOpvr+eeTcTPNsmv0yaQDs6QiA/t7jyMCNzKy3L:aZsG23Y6TSFqOzveeVjsyxs6DAF7BeTL
Size	395700 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Jorik.Pirminay.aj Avast = Win32:Pirminay-BW [Trj] Ikarus = Trojan.Win32.Pirminay Panda = Suspicious file nProtect = Trojan.Generic.6252220 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!1ayp26x1NnI TrendMicro-HouseCall = TROJ_GEN.R28C2I9 Comodo = TrojWare.Win32.Trojan.Agent.Gen Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Jorik.Pirminay.zk McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.MulDrop2.36782 TrendMicro = TROJ_GEN.R28C2I9 Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Jorik.iln McAfee = Generic Malware.ms F-Secure = Trojan.Generic.6252220 VIPRE = Trojan.Win32.Generic!BT AVG = Generic23.BCQH Norman = W32/Obfuscated.L Sophos = Troj/Virtum-Gen Symantec = Trojan.Gen GData = Trojan.Generic.6252220 TheHacker = Trojan/Jorik.Pirminay.an BitDefender = Trojan.Generic.6252220 NOD32 = a variant of Win32/Kryptik.LLT
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:16 07:53:57-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 393216 Initialized Data Size : 4096 Uninitialized Data Size : 483328 Entry Point : 0xd6b60 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2003.1.2600.2180 Product Version Number : 5.1.2600.2180 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Ocojjtdla Yhbzjywzntq File Description : Evfxfkzqa COM Runtime Execution Engine File Version : 2003.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Internal Name : CORPOL.DLL Legal Copyright : © Sggofrahr Wagnqtlgajn. All rights reserved. Original Filename : CORPOL.DLL Product Name : Ixnmreuqq® Qahvhda® Iehbbvbki Uajzhn Product Version : 5.1.2600.2180
VirusTotal Report submitted 2012-06-23 01:40:25
VirusShare info last updated 2012-07-26 12:57:14

	MD5	0d49b36bfef4caa9b1cac3a4816d9624
	SHA1	194916444e9e00e247c44adf3e77c5ef13eed42b
	SHA256	9876b4840517af8496b4f332dbcf5d82fb479eddfdc8f487029c94cc049a37d6
SSDeep	1536:q+s7R3sAZYDv8rvtlvZFOibHrWgsOPOSFRIZQ:ORZYgrvtlRvVOSHIZQ
Size	69120 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.AV.984 Avast = Win32:Malware-gen Antiy-AVL = AdWare/Win32.SuperJuan.gen Ikarus = not-a-virus:AdWare.Win32.SuperJuan AhnLab-V3 = Trojan/Win32.HDC Panda = Trj/CI.A nProtect = Trojan-Clicker/W32.SuperJuan.69120 K7AntiVirus = Riskware VBA32 = AdWare.SuperJuan.afzl TrendMicro-HouseCall = TROJ_SPNR.15L611 Comodo = UnclassifiedMalware Emsisoft = Riskware.AdWare.Win32.SuperJuan!IK SUPERAntiSpyware = Trojan.Agent/Gen-Vundo McAfee-GW-Edition = Artemis!0D49B36BFEF4 TrendMicro = TROJ_SPNR.15L611 Kaspersky = not-a-virus:AdWare.Win32.SuperJuan.afzs Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Ponmocup.AA PCTools = Trojan.Gen Jiangmin = Adware/SuperJuan.aox McAfee = Artemis!0D49B36BFEF4 F-Secure = Gen:Variant.Graftor.4111 VIPRE = Virtumonde AVG = Generic4.CHLH Norman = W32/Suspicious_Gen2.SRXQU Sophos = Mal/EncPk-ACF GData = Gen:Variant.Graftor.4111 Symantec = Trojan.Gen.2 TheHacker = Trojan/Ponmocup.aa BitDefender = Gen:Variant.Graftor.4111 NOD32 = Win32/Ponmocup.AA
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:22 19:53:04-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 28672 Initialized Data Size : 49152 Uninitialized Data Size : 0 Entry Point : 0x15d5 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : Neutral Character Set : Unicode Company Name : Microsoft Corporation File Description : JP Japanese Keyboard Layout Stub driver File Version : 6.0.6000.16386 (vista_rtm.061101-2205) Internal Name : kbdjpn Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : kbdjpn.dll Product Name : Microsoft® Windows® Operating System Product Version : 6.0.6000.16386
VirusTotal Report submitted 2011-12-13 13:23:00
VirusShare info last updated 2012-07-26 12:59:13

	MD5	dabe00f7f52015eb25ea638bf1789a39
	SHA1	19c289352343f0bd8dc92d793c76c1916951eb31
	SHA256	d1e36cd9773325cc05b50a0b5e9354138fa725f47186263804185fa0b5383cae
SSDeep	6144:NOIvzB25lgNXGiw4ucE6IWY/TY41KTwwR2mI/s:NOgt25uQiw4uj6IY4YTwwkU
Size	308736 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.XPACK.Gen Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Qhost Ikarus = Trojan-Downloader.Win32.Ponmocup VirusBuster = Trojan.Qhost!zGWFZLMkGz4 TrendMicro-HouseCall = TROJ_GEN.R47C7K7 Emsisoft = Trojan-Downloader.Win32.Ponmocup!IK Comodo = TrojWare.Win32.Trojan.Agent.Gen McAfee-GW-Edition = Heuristic.BehavesLike.Win32.ModifiedUPX.F DrWeb = Trojan.DownLoader5.11713 ByteHero = Trojan.Win32.Heur.Gen TrendMicro = TROJ_GEN.R47C7K7 Kaspersky = Trojan.Win32.Qhost.znh Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Qhost.ZNH!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.kkfx McAfee = Downloader.a!xt F-Secure = Gen:Trojan.Heur.JP.sm0@aqfMt3ii VIPRE = Trojan.Win32.Generic!BT AVG = Generic25.BNOW Norman = W32/Obfuscated.L Sophos = Mal/Generic-L GData = Gen:Trojan.Heur.JP.sm0@aqfMt3ii Symantec = Trojan.Gen.2 BitDefender = Gen:Trojan.Heur.JP.sm0@aqfMt3ii
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 8.0 Code Size : 270336 Initialized Data Size : 4096 Uninitialized Data Size : 36864 Entry Point : 0x12b6 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 0.3.1536.1 Product Version Number : 1.10.2.11 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : CANON INC. File Description : Canon Inkjet Printer Driver File Version : 1.10.2.11 (fbl_dox_dev_ihvs.081016-1807) Internal Name : CNBBRxxx.DLL Legal Copyright : Copyright CANON INC. 2008 All Rights Reserved Original Filename : CNBBRxxx.DLL Product Name : Canon Inkjet Printer Driver Product Version : 1.10.2.11
VirusTotal Report submitted 2011-11-11 03:19:53
VirusShare info last updated 2012-07-26 12:59:33

	MD5	0ef47c801aa5e1d06b54d72915062692
	SHA1	1aea22b968d409bff1a695772724538b5f61f3d6
	SHA256	b608ec7840878d255d573d0267f6230590e19605e962f91f52e72231b19cea52
SSDeep	6144:D1kTtgHBaUcysrpvU1X1UsmYd7VO861R1ayuL:DCZg1orpvQ1UH8SA
Size	223744 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.XPACK.Gen Avast = Win32:Pirminay-DV [Trj] Antiy-AVL = Trojan/Win32.Jorik Ikarus = Trojan.Win32.Jorik AhnLab-V3 = Trojan/Win32.Jorik Panda = Trj/CI.A nProtect = Gen:Variant.Zbot.10 K7AntiVirus = Trojan VirusBuster = Trojan.Kryptik!aiIDghgnViI VBA32 = Trojan.Jorik.Pirminay.air TrendMicro-HouseCall = TROJ_GEN.RC1C8JK Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Jorik!IK CAT-QuickHeal = Trojan.Jorik.Pirminay.anv SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[Cont] McAfee-GW-Edition = Heuristic.LooksLike.Win32.FakeXPA.B DrWeb = Trojan.Fakealert.26952 ByteHero = Trojan.Malware.Win32.xPack.l TrendMicro = TROJ_GEN.RC1C8JK Kaspersky = Trojan.Win32.Jorik.Pirminay.anv Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Jorik_Pirminay.A!tr PCTools = Trojan.Gen Jiangmin = Trojan/Jorik.srx McAfee = Generic Malware.ms F-Secure = Gen:Variant.Zbot.10 VIPRE = Trojan.Win32.Generic!BT eSafe = Win32.TRCrypt.XPACK AVG = Generic25.AHEV Norman = W32/Obfuscated.L Sophos = Mal/Generic-L GData = Gen:Variant.Zbot.10 Symantec = Trojan.Gen.2 TheHacker = Trojan/Jorik.Pirminay.anv BitDefender = Gen:Variant.Zbot.10 NOD32 = a variant of Win32/Kryptik.UEO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 28672 Initialized Data Size : 204800 Uninitialized Data Size : 0 Entry Point : 0x154b OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Flekpofxa Ebskhzkzcej File Description : Fynrcckua DirectPlay NAT Helper PAST File Version : 6.0.6000.16386 (whmpx_rtm.061101-2205) Internal Name : dpnhpast.dll Legal Copyright : © Mlmbfgkqg Wfgxoqvyiko. All rights reserved. Original Filename : dpnhpast.dll Product Name : Zusofvzye® Hokzioj® Obellzgeb Twtbdv Product Version : 6.0.6000.16386
VirusTotal Report submitted 2011-12-27 01:11:15
VirusShare info last updated 2012-07-26 13:00:26

	MD5	97e063835fff6242aa7dd6e50d36a87c
	SHA1	1f34f7cc3610e77955b56bdcedce91b08f9977e8
	SHA256	add1fef1874aba2851a0a572d78da1123c11b826504b7c2f7022e04d5ad176e9
SSDeep	6144:8P284Fh1wSYQ0cMfGnB/gW5fwAaQ4w2y9vfZ:lwo0ynBllaZv+5
Size	246272 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dldr.Ponmocup.A.409 Avast = Win32:Dropper-JAC [Drp] Ikarus = Trojan-Downloader.Win32.Ponmocup AhnLab-V3 = Trojan/Win32.Jorik nProtect = Gen:Variant.Graftor.3421 TrendMicro-HouseCall = TROJ_GEN.R3EC1K9 Emsisoft = Trojan-Downloader.Win32.Ponmocup!IK Comodo = TrojWare.Win32.Trojan.Agent.Gen McAfee-GW-Edition = Generic Downloader.ab DrWeb = Trojan.WinSpy.1014 ByteHero = Trojan.Win32.Heur.Gen Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Dloader.AB!tr PCTools = HeurEngine.ZeroDayThreat Jiangmin = Trojan/Generic.kkfx McAfee = Generic Downloader.ab F-Secure = Gen:Variant.Graftor.3421 VIPRE = Trojan.Win32.Generic!BT Norman = W32/Obfuscated.L GData = Gen:Variant.Graftor.3421 Symantec = Suspicious.AD BitDefender = Gen:Variant.Graftor.3421
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 8.0 Code Size : 229376 Initialized Data Size : 20480 Uninitialized Data Size : 40960 Entry Point : 0x427e0 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1.0.13.0 Product Version Number : 1.0.13.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 1 Language Code : Danish Character Set : Unicode Comments : Company Name : Wzzvvvdtv Cpwwgoennqf File Description : Lexmark Z42 Color Jetprinter File Version : 1, 0, 13, 0 Internal Name : LXAASRES.DLL Legal Copyright : Copyright (C) Gsvjmqoqk Corp. 1981-1997 Legal Trademarks : Original Filename : OEMRES Private Build : Product Name : Austfhamw(R) Oalstsp NT(R) Operativsystem Product Version : 1, 0, 13, 0 Special Build :
VirusTotal Report submitted 2011-11-10 09:30:24
VirusShare info last updated 2012-07-26 13:03:29

	MD5	8678d867e1c8f148e3cc46eef7ed0c15
	SHA1	208e7c71b500cd88c86ab50103a628c0772b3d65
	SHA256	b27bce58cf4614f87243a180241fa1d2094b5ba10fca846d044eececc3e17d83
SSDeep	1536:hCpmxjrSzRALnh1e2DinxY1Hxft0F5wFCE:hVuyy2DinuBL0FQCE
Size	62464 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Virtumonde.bfjda Avast = Win32:Trojan-gen Antiy-AVL = Trojan/Win32.Virtumonde.gen Ikarus = Trojan.Win32.Virtumonde AhnLab-V3 = Trojan/Win32.Virtumonde Panda = Trj/CI.A nProtect = Trojan/W32.Virtumonde.62464.B K7AntiVirus = Riskware VBA32 = Trojan.Virtumonde.bfjd eTrust-Vet = Win32/Vundo.HTC TrendMicro-HouseCall = TROJ_GEN.R3EC7KJ Emsisoft = Trojan.Win32.Virtumonde!IK Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[RE] McAfee-GW-Edition = Vundo!na DrWeb = Trojan.Siggen3.25763 TrendMicro = TROJ_GEN.R3EC7KJ Kaspersky = Trojan.Win32.Virtumonde.bfjd Microsoft = Trojan:Win32/Vundo.OT Fortinet = W32/Ponmocup.AA PCTools = Trojan.Gen Jiangmin = Trojan/Virtumonde.akp McAfee = Vundo!na F-Secure = Gen:Variant.Graftor.3649 VIPRE = Virtumonde F-Prot = W32/Virtumonde.CS.gen!Eldorado AVG = Generic25.BZSB Norman = W32/Suspicious_Gen2.SRSLH Sophos = Mal/EncPk-ACF GData = Gen:Variant.Graftor.3649 Symantec = Trojan.Gen.2 Commtouch = W32/Virtumonde.CS.gen!Eldorado TheHacker = Trojan/Ponmocup.aa BitDefender = Gen:Variant.Graftor.3649 NOD32 = Win32/Ponmocup.AA
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:11:30 05:54:55-05:00 PE Type : PE32 Linker Version : 5.12 Code Size : 20480 Initialized Data Size : 49152 Uninitialized Data Size : 0 Entry Point : 0x141a OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2002.10.4.0 Product Version Number : 2002.10.4.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Feenwiu registration Company Name : Bnmhjwpqm Corporation File Description : OffFilt File Version : 2002, 10, 04, 0 Internal Name : OffFilt Legal Copyright : Copyright © 2002 Iyzxroawh Dwjnukubggd Legal Trademarks : Original Filename : OffFilt.dll Private Build : Product Name : Okspwgbbh Office IFilter Product Version : 2002, 10, 04, 0 Special Build :
VirusTotal Report submitted 2011-12-13 16:34:28
VirusShare info last updated 2012-07-26 13:04:32

	MD5	bbae12d5a12a4a6076d03ff0994b9fbc
	SHA1	d9b498d8eccf35427f7183eec0aa5a245d41074c
	SHA256	22547317534dcc6ed25a7dc86a8e33c1ca3482f9b004a709c732758024540007
SSDeep	6144:dKxlWdEJxh8RXmWt8refjp/gTaYnAULYJwg9at2eP/duJr0MX6Mk8JuSRG4q:IxMdET1WCrefjKZdg9oP/gJr0LgVq
Size	404547 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.ZPACK.Gen2 Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Securisk Panda = Suspicious file nProtect = Trojan.Generic.4628625 K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_RENOS.BMC Emsisoft = Trojan.Win32.Pirminay!IK Comodo = TrojWare.Win32.Trojan.Agent.Gen CAT-QuickHeal = Win32.TrojanDownloader.Renos.KC.4 McAfee-GW-Edition = Artemis!BBAE12D5A12A TrendMicro = TROJ_RENOS.BMC Kaspersky = Trojan.Win32.Pirminay.tz Microsoft = Trojan:Win32/Meredrop Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.af McAfee = Artemis!BBAE12D5A12A F-Secure = Trojan.Generic.4628625 VIPRE = Packed.Win32.Pirminay.a (v) F-Prot = W32/FakeAlert.LP.gen!Eldorado AVG = Generic18.BKWH Norman = W32/Kryptik.AIF Sophos = Mal/Ponmocup-A Symantec = Trojan.Gen GData = Trojan.Generic.4628625 Commtouch = W32/FakeAlert.LP.gen!Eldorado BitDefender = Trojan.Generic.4628625 NOD32 = probably a variant of Win32/Agent.GPQCGDE
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:11:18 01:59:55-05:00 PE Type : PE32 Linker Version : 5.12 Code Size : 48128 Initialized Data Size : 698368 Uninitialized Data Size : 0 Entry Point : 0xc8d2 OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.0 Product Version Number : 5.2.3790.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Multicast Information File Version : 5.2.3790.0 (srv03_rtm.030324-2048) Internal Name : mrinfo.exe Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : mrinfo.exe Product Name : Microsoft® Windows® Operating System Product Version : 5.2.3790.0
VirusTotal Report submitted 2012-06-23 07:15:12
VirusShare info last updated 2012-07-26 13:05:45

	MD5	9300bf4c51169a80abb47bed7554dedb
	SHA1	a4e082b82d94d5c0b3c6823ed858646706450134
	SHA256	2452e962a0991bf5a7efbf50526537c957d4aa3234e10b9fa59e8be9d8738246
SSDeep	6144:Ha1N1f/ENm7YcpQbv5HhXXaDpbFhXlbR6H9LGuZhi:6P1f/B7Y+iv59Ab3l8HJ7i
Size	295082 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:Pirminay-W [Trj] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/Genetic.gen K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_GEN.R11C2FQ Emsisoft = Trojan.Win32.Pirminay!IK Comodo = TrojWare.Win32.Trojan.Agent.Gen CAT-QuickHeal = Trojan.Pirminay.raf McAfee-GW-Edition = Downloader.a!cb DrWeb = Trojan.WinSpy.1014 TrendMicro = TROJ_GEN.R11C2FQ Kaspersky = Trojan.Win32.Pirminay.raf Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.ADH Jiangmin = Trojan/Pirminay.acv McAfee = Downloader.a!cb F-Secure = Gen:Variant.Graftor.13626 VIPRE = Trojan.Win32.Generic!BT F-Prot = W32/Ponmocup.A.gen!Eldorado AVG = Dropper.Generic3.BSPK Norman = W32/Crypt.AVSS Sophos = Troj/Virtum-Gen GData = Gen:Variant.Graftor.13626 Symantec = Trojan.ADH Commtouch = W32/Ponmocup.A.gen!Eldorado TheHacker = Trojan/Pirminay.icy BitDefender = Gen:Variant.Graftor.13626 NOD32 = a variant of Win32/Injector.FXK
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:04:07 21:43:44-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 20480 Initialized Data Size : 532480 Uninitialized Data Size : 0 Entry Point : 0x28af OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Protected Storage COM interfaces File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : pstorec.dll Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : pstorec.dll Product Name : Microsoft® Windows® Operating System Product Version : 6.1.7600.16385
VirusTotal Report submitted 2012-06-23 08:17:50
VirusShare info last updated 2012-07-26 13:07:04

	MD5	ad1d73428f4160ce3bcfcc6c5f700313
	SHA1	0e37f37e303f216b364a6d9000bc8c4f53535a89
	SHA256	28200713fa36f9a8afe014cb71d54c875299ac71565b80592b1df4751c9a30eb
SSDeep	6144:dKxlWdEJxh8RXmWt8refjp/gTaYnAULYJwg9at2eP/duJr0MX6Mk8JuSRG4l:IxMdET1WCrefjKZdg9oP/gJr0LgVl
Size	404453 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.ZPACK.Gen2 Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Suspicious file nProtect = Trojan.Generic.4628625 K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_RENOS.BMC Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Win32.TrojanDownloader.Renos.KC.4 McAfee-GW-Edition = Artemis!AD1D73428F41 DrWeb = Trojan.Hosts.5944 TrendMicro = TROJ_RENOS.BMC Kaspersky = Trojan.Win32.Pirminay.ty Microsoft = Trojan:Win32/Vundo.gen!CD Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.af McAfee = Artemis!AD1D73428F41 F-Secure = Trojan.Generic.4628625 VIPRE = Packed.Win32.Pirminay.a (v) F-Prot = W32/FakeAlert.LP.gen!Eldorado AVG = Generic18.BKWH Norman = W32/Kryptik.AIF Sophos = Mal/Ponmocup-A GData = Trojan.Generic.4628625 Symantec = Trojan.Gen Commtouch = W32/FakeAlert.LP.gen!Eldorado BitDefender = Trojan.Generic.4628625 NOD32 = probably a variant of Win32/Agent.JIBBVRP
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:11:18 01:59:55-05:00 PE Type : PE32 Linker Version : 5.12 Code Size : 48128 Initialized Data Size : 698368 Uninitialized Data Size : 0 Entry Point : 0xc8d2 OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.0 Product Version Number : 5.2.3790.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Multicast Information File Version : 5.2.3790.0 (srv03_rtm.030324-2048) Internal Name : mrinfo.exe Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : mrinfo.exe Product Name : Microsoft® Windows® Operating System Product Version : 5.2.3790.0
VirusTotal Report submitted 2012-06-23 10:33:48
VirusShare info last updated 2012-07-26 13:09:45

	MD5	98dae4cac9cbfc4fa465ad1e16187fad
	SHA1	2a8dec0f534c6a434b9818ab4b8412f2c276c5fc
	SHA256	07f6e328e28196c8a267a1abec0f5094d2e0ce2b03e6e69ca839f776ed23943f
SSDeep	1536:wHlIFsZ1EKLlaiLEsDcSwPKCGs4IqGmet:wNZ7esDc+s4IqGme
Size	64000 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.XPACK.Gen Avast = Win32:Suprchu [Adw] Antiy-AVL = Trojan/Win32.Genome Ikarus = Trojan.SuspectCRC AhnLab-V3 = Trojan/Win32.HDC Panda = Trj/CI.A nProtect = Gen:Variant.Graftor.1470 VirusBuster = Trojan.Kryptik!N2/sA3rvLxY TrendMicro-HouseCall = TROJ_GEN.R4FC8JP Emsisoft = Trojan.SuspectCRC!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Generic Malware.ms TrendMicro = TROJ_GEN.R4FC8JP Kaspersky = Trojan.Win32.Genome.wqxs Fortinet = W32/Virtum.MS!tr PCTools = Trojan.Gen Jiangmin = Trojan/Genome.ansf McAfee = Generic Malware.ms F-Secure = Gen:Variant.Graftor.1470 AVG = Generic25.OMR Norman = W32/Suspicious_Gen2.ROLMR Sophos = Troj/Virtum-Gen GData = Gen:Variant.Graftor.1470 Symantec = Trojan.Gen.2 TheHacker = Trojan/Kryptik.tms BitDefender = Gen:Variant.Graftor.1470 NOD32 = Win32/Ponmocup.AA
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 20480 Initialized Data Size : 45056 Uninitialized Data Size : 0 Entry Point : 0x1402 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Prleqmknm Oiunoicemnv File Description : ODBC Code Page Translator File Version : 6.0.6000.16386 (gupnu_rtm.061101-2205) Internal Name : mscxpl32.dll Legal Copyright : © Yvqmmnyqi Wntzrgzroql. All rights reserved. Original Filename : mscxpl32.dll Product Name : Lxdwemqsf® Jgvjzao® Gygwwpxcn Imldny Product Version : 6.0.6000.16386
VirusTotal Report submitted 2011-11-10 11:28:57
VirusShare info last updated 2012-07-26 13:11:14

	MD5	f1cd8a686a2bfdb75bd133b577154879
	SHA1	2ae4343b500079c18acf1ab20b9521c803357ed5
	SHA256	f2fc61feb09cd72f991c83ee54f6f76a71ae91741a0f3005a3146ed493ddbcd5
SSDeep	6144:WC1iaLZTc3ttvMc1C/FSbB1ampKSbPyfbxjiW:WC15ql1C/FS/ppHbP2bx+W
Size	220048 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Gendal.kdv.331827 Avast = Win32:Trojan-gen Antiy-AVL = Trojan/Win32.Agent Ikarus = Trojan-Downloader.Win32.Ponmocup AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/CI.A nProtect = Gen:Variant.Graftor.1232 K7AntiVirus = Riskware VirusBuster = Trojan.DL.Ponmocup!vO86DgttbQQ VBA32 = Trojan.Jorik.Pirminay.afy eTrust-Vet = Win32/Ponmocup.BS TrendMicro-HouseCall = TROJ_GEN.R4FC2IL Emsisoft = Trojan-Downloader.Win32.Ponmocup!IK Comodo = TrojWare.Win32.Trojan.Agent.Gen McAfee-GW-Edition = Artemis!F1CD8A686A2B ByteHero = Trojan.Win32.Heur.Gen TrendMicro = TROJ_GEN.R4FC2IL Kaspersky = Trojan.Win32.Jorik.Pirminay.aue Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Malware_fam.NB PCTools = Trojan.ADH Jiangmin = Trojan/Generic.kfzm McAfee = Artemis!F1CD8A686A2B F-Secure = Gen:Variant.Graftor.1232 VIPRE = Trojan.Win32.Generic!BT F-Prot = W32/Downldr2.IXEA AVG = Dropper.Generic4.AGTC Norman = W32/Suspicious_Gen2.RTFGQ Sophos = Troj/Swisyn-AN GData = Gen:Variant.Graftor.1232 Symantec = Trojan.ADH Commtouch = W32/Downldr2.IXEA TheHacker = Trojan/Downloader.Agent.pxo BitDefender = Gen:Variant.Graftor.1232 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 16384 Initialized Data Size : 208896 Uninitialized Data Size : 0 Entry Point : 0x12b2 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.0.0.3422 Product Version Number : 2.0.0.3422 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : Arabic Character Set : Unicode Comments : Company Name : Wjkmhcrli Smzkytjdmob File Description : Rlalnaciy Agent International Dll File Version : 2.00.0.3422 Internal Name : agt0401 Legal Copyright : Copyright (C) Microsoft Corp. 1998 Legal Trademarks : Original Filename : agt0401.dll Private Build : Product Name : Ugwfssxnv Agent International Dll Product Version : 2.00.0.3422 Special Build :
VirusTotal Report submitted 2011-11-25 04:05:24
VirusShare info last updated 2012-07-26 13:11:25

	MD5	843307b9c9b4e1fc9dd454f92ffcff6c
	SHA1	2c25baaca4feb62bd714f8ce8575b77dd58b3c0d
	SHA256	bb5f36cf210b1344cfba9e33adce52e289330a7736844224a5d64e1ecee3a638
SSDeep	6144:oJBTFnxfqx94VvcuBtjox79ItnrvFBb11Hq4tdKJ0VtfuIvflPqOz6gtzJvPfiO:cZxqIm9INrvFRjHq4TKqVR9nl1Ogt1vt
Size	368513 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Pirminay.bdm Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Pirminay.368513 Panda = Trj/Agent.OLO nProtect = Trojan/W32.Qhosts.368513 K7AntiVirus = Riskware VBA32 = SScope.Trojan.Pirminay.chc eTrust-Vet = Win32/Ponmocup.A TrendMicro-HouseCall = TROJ_GEN.R3BCRCM Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Kryp.b DrWeb = Trojan.MulDrop1.57569 TrendMicro = TROJ_GEN.R3BCRCM Kaspersky = Trojan.Win32.Pirminay.ehq Microsoft = TrojanDownloader:Win32/Renos.KC Fortinet = PossibleThreat PCTools = Trojan.Milicenso Jiangmin = Trojan/Pirminay.gm McAfee = Kryp.b ClamAV = Trojan.Agent-248228 F-Secure = Trojan.Generic.6861778 VIPRE = Trojan.Win32.Generic!BT F-Prot = W32/FakeAlert.LP.gen!Eldorado AVG = Downloader.Generic10.BDCW Norman = W32/Kryptik.AIF Sophos = Mal/Ponmocup-A GData = Trojan.Generic.6861778 Symantec = Trojan.Milicenso Commtouch = W32/FakeAlert.LP.gen!Eldorado TheHacker = Trojan/Pirminay.bdq BitDefender = Trojan.Generic.6861778 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:08:23 21:41:03-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 50176 Initialized Data Size : 590848 Uninitialized Data Size : 0 Entry Point : 0xd008 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1.0.13.0 Product Version Number : 1.0.13.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 1 Language Code : Danish Character Set : Unicode Comments : Company Name : Microsoft Corporation File Description : Lexmark 5700 Color Jetprinter File Version : 1, 0, 13, 0 Internal Name : LXMASRES.DLL Legal Copyright : Copyright (C) Microsoft Corp. 1981-1997 Legal Trademarks : Original Filename : OEMRES Private Build : Product Name : Microsoft(R) Windows NT(R) Operativsystem Product Version : 1, 0, 13, 0 Special Build :
VirusTotal Report submitted 2011-12-01 06:10:37
VirusShare info last updated 2012-07-26 13:12:09

	MD5	df07d99dd2c59387e13ba9dbbe059fc5
	SHA1	2caf0c946a5d222d7767cd9b9c5653c03a0fa854
	SHA256	ce9c707c7b6597df55394df8eedc01b578d16f94f9452ce00b081cc7fd0d5e6b
SSDeep	1536:2IcDRj4jshhKXwQTjN0k16jLtCs/TIaBnE9s3v/vBw5:RcDR3cEIaBEa/Bw5
Size	87040 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/VB.Downloader.Gen Avast = Win32:Hosts-J [Trj] Ikarus = Trojan.Win32.Swisyn AhnLab-V3 = Trojan/Win32.Swisyn Panda = Trj/Qhost.LU Rising = Trojan.Win32.QHost.awf nProtect = Trojan/W32.Swisyn.87040.C K7AntiVirus = Trojan VirusBuster = Trojan.Swisyn!whPY1JLc4mw VBA32 = SScope.Trojan.VB.0609 eTrust-Vet = Win32/Swisyn.R TrendMicro-HouseCall = TROJ_FAM_00001e3.TOMA Comodo = TrojWare.Win32.Swisyn.C Emsisoft = Trojan.Win32.Swisyn!IK CAT-QuickHeal = TrojanDownloader.Ponmocup.A3 SUPERAntiSpyware = Trojan.Agent/Gen-HackHost McAfee-GW-Edition = Heuristic.BehavesLike.Win32.Downloader.D DrWeb = Trojan.Hosts.303 TrendMicro = TROJ_FAM_00001e3.TOMA Kaspersky = Trojan.Win32.Swisyn.jyb Microsoft = TrojanDownloader:Win32/Ponmocup.A ViRobot = Trojan.Win32.Swisyn.65024 Fortinet = W32/Swisyn.CQV!tr PCTools = Malware.Changeup Jiangmin = Trojan/Swisyn.cby McAfee = Swisyn.s ClamAV = Trojan.VB-43290 F-Secure = Trojan.QHosts.AVD VIPRE = Trojan.Win32.Swisyn.jyb (v) eSafe = Win32.TRVB.Downloade F-Prot = W32/Swisyn.E.gen!Eldorado AVG = Dropper.VB.CMD Norman = W32/DLoader.ACMAD Sophos = Mal/Swisyn-D GData = Trojan.QHosts.AVD Symantec = W32.Changeup!gen Commtouch = W32/Swisyn.E.gen!Eldorado TheHacker = Trojan/Swisyn.jyb BitDefender = Trojan.QHosts.AVD NOD32 = Win32/Qhost.NRX
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:13 10:28:38-04:00 PE Type : PE32 Linker Version : 6.0 Code Size : 8192 Initialized Data Size : 8192 Uninitialized Data Size : 0 Entry Point : 0x1088 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2011-12-16 09:41:05
VirusShare info last updated 2012-07-26 13:12:29

	MD5	e3251170a2b216c2b513b9ebc1a245aa
	SHA1	f445042597eab2a1022d8f9aaf0ace9be0944c10
	SHA256	2eddd5d274774b8b474669cd040e9f568406a93cf4fc75b9c4c57870697537c7
SSDeep	6144:8nE2HSt0+8cBpT9bhxpUcj8wkZn+i4RWwBa1bXc87QkJD9bbKN52dSjsKPA:8+t0+9zb38wkBJa4r5x3j9F
Size	356962 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Suspicious file nProtect = Trojan.Generic.5782924 K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_GEN.R11C2FD Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Pirminay.low McAfee-GW-Edition = Artemis!E3251170A2B2 DrWeb = Trojan.DownLoader5.32337 TrendMicro = TROJ_GEN.R11C2FD Kaspersky = Trojan.Win32.Pirminay.low Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.sc McAfee = Artemis!E3251170A2B2 F-Secure = Trojan.Generic.5782924 VIPRE = Trojan.Win32.Generic!BT AVG = Generic21.CMBT Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Trojan.Generic.5782924 Symantec = Trojan.Gen TheHacker = Trojan/Pirminay.eux BitDefender = Trojan.Generic.5782924 NOD32 = a variant of Win32/Kryptik.LLT
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:10 15:41:38-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 73728 Initialized Data Size : 544768 Uninitialized Data Size : 0 Entry Point : 0xebcf OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : ActiveX Data Objects Resources File Version : 6.0.6000.16386 (vista_rtm.061101-2205) Internal Name : msader15.dll Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : msader15.dll Product Name : Microsoft® Windows® Operating System Product Version : 6.0.6000.16386
VirusTotal Report submitted 2012-06-23 13:46:12
VirusShare info last updated 2012-07-26 13:14:03

	MD5	141d6bfd3b1aee44074673ea1da43bd1
	SHA1	3217446fbe1b196b3d23dda8b620fe5b9d356851
	SHA256	85c1e29c8faf118fec36de857d6c2151170d649978da948db362333b054907b3
SSDeep	6144:oKUmkyrqW43X82MBJliNoQ2pZKrqXkrWG5EIFduY2HN6kvUWVcW+Rx:o4Jrql83HiWcJrWKzFd52HtqRx
Size	414251 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Pirminay.gqa Avast = Win32:Vundo-JU [Trj] Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/CI.A K7AntiVirus = Riskware VirusBuster = Trojan.Agent!ApHO/Gjh4SE TrendMicro-HouseCall = TROJ_GEN.R11C2FB Comodo = TrojWare.Win32.Trojan.Agent.Gen Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Faldesc[RE] McAfee-GW-Edition = Downloader.a!s TrendMicro = TROJ_GEN.R11C2FB Kaspersky = Trojan.Win32.Pirminay.oov Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.aai McAfee = Downloader.a!s F-Secure = Trojan.Generic.5910408 VIPRE = Trojan.Win32.Generic!BT F-Prot = W32/Ponmocup.A.gen!Eldorado AVG = Generic22.AOJJ Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Trojan.Generic.5910408 Symantec = Trojan.Gen Commtouch = W32/Ponmocup.A.gen!Eldorado TheHacker = Trojan/Pirminay.gpt BitDefender = Trojan.Generic.5910408 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2004:08:14 16:02:39-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 393216 Initialized Data Size : 376832 Uninitialized Data Size : 0 Entry Point : 0x5d13f OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.0.0.3422 Product Version Number : 2.0.0.3422 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : Rwpzfnuen Ixenjcpailv File Description : Tuqoacgjy Character Animation Data Provider File Version : 2.00.0.3422 Internal Name : AgentDataProvider2 Legal Copyright : Copyright (C) Wdwyviyca Corp. 1997-98 Legal Trademarks : Original Filename : AgentDp2.dll Private Build : Product Name : Iwfmdayhn Character Animation Data Provider Product Version : 2.00.0.3422 Special Build :
VirusTotal Report submitted 2011-11-28 20:32:37
VirusShare info last updated 2012-07-26 13:16:09

	MD5	3bf753868fd4e344e64fd219a402b530
	SHA1	351c57dde773d753645c63c342de2fc98686a31f
	SHA256	f4a491f5445d65cb6e075a393317d2d809d4b09010a0807e1bb17911ca0832f9
SSDeep	6144:abQJLHL1MXfeM2hxBUhs2NjuSOCQ4pR8I/qiOEK7lkYq2Tl:pFHWXfl2hxBm5NCnATvqiOE8Nl
Size	360851 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:Vundo-JU [Trj] Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Generic Trojan nProtect = Gen:Variant.Riern.1 K7AntiVirus = Riskware VirusBuster = Trojan.DL.Agent!qW5ggLgTYDo VBA32 = Trojan.Pirminay.orm TrendMicro-HouseCall = TROJ_SPNR.15KL11 Emsisoft = Trojan.Win32.Pirminay!IK Comodo = TrojWare.Win32.Trojan.Agent.Gen CAT-QuickHeal = Trojan.Pirminay.orm McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.DownLoader5.2497 TrendMicro = TROJ_SPNR.15KL11 Kaspersky = Trojan.Win32.Pirminay.orm Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.ADH Jiangmin = Trojan/Generic.gtgo McAfee = Generic Malware.ms F-Secure = Gen:Variant.Riern.1 VIPRE = Trojan.Win32.Generic!BT F-Prot = W32/Ponmocup.A.gen!Eldorado AVG = SHeur3.CBBK Norman = W32/Suspicious_Gen2.RHSRJ Sophos = Mal/Generic-L GData = Gen:Variant.Riern.1 Symantec = Trojan.ADH.2 Commtouch = W32/Ponmocup.A.gen!Eldorado TheHacker = Trojan/Pirminay.hqn BitDefender = Gen:Variant.Riern.1 NOD32 = probably a variant of Win32/TrojanDownloader.Agent.MOCPWJD
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:11:01 03:17:06-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 24576 Initialized Data Size : 651264 Uninitialized Data Size : 0 Entry Point : 0x365f OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.1716.0 Product Version Number : 5.2.1716.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Agiivkwja Wzqdjywtvjq File Description : Message Queuing Trigger Generic Object File Version : 5.2.1716.0 (srv03_rtm.030324-2048) Internal Name : MQGENTR.DLL Legal Copyright : © Twmqsmopf Dhfwrhcyzqz. All rights reserved. Original Filename : MQGENTR.DLL Product Name : Ybaobmzwl® Yauhzsb® Lrhggkauz Ajtpqr Product Version : 5.2.1716.0
VirusTotal Report submitted 2011-11-29 17:30:15
VirusShare info last updated 2012-07-26 13:18:15

	MD5	a95f91bb1794ea865102f5a2c99649ae
	SHA1	37d76a23f8e30f751d0cfa5d959114b645083abb
	SHA256	788f401fd23d05cd3c4527d022ff075d30badd06a68ffd958b480590551ae51b
SSDeep	3072:3EJgLtlkF8qwO8B9HjRzRRkyBo+jIOUPid79/Q4FOZUBNo+3B5XdnqTcSBXuZaJv:36YqwO8B5JV6uWE7K4oZh+3BfqpXyYv
Size	212044 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Jorik Ikarus = Trojan-Downloader.Win32.Ponmocup AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/CI.A nProtect = Gen:Variant.Graftor.1139 K7AntiVirus = Riskware VirusBuster = Trojan.DL.Agent!vMKq//i+FVk VBA32 = TrojanDownloader.Agent.pxo TrendMicro-HouseCall = TROJ_GEN.R4FC8J2 Emsisoft = Trojan-Downloader.Win32.Ponmocup!IK McAfee-GW-Edition = Generic Malware.ms ByteHero = Trojan.Win32.Heur.Gen TrendMicro = TROJ_GEN.R4FC8J2 Kaspersky = Trojan.Win32.Jorik.Pirminay.asr Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Malware_fam.NB PCTools = Trojan.ADH Jiangmin = Trojan/Generic.kkfx McAfee = Generic Malware.ms F-Secure = Trojan.Generic.6460712 VIPRE = Trojan.Win32.Generic!BT AVG = Dropper.Generic4.AGDM Norman = W32/Suspicious_Gen2.ROOAY Sophos = Mal/Generic-L GData = Trojan.Generic.6460712 Symantec = Trojan.ADH TheHacker = Trojan/Downloader.Agent.pxo BitDefender = Trojan.Generic.6460712 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 16384 Initialized Data Size : 200704 Uninitialized Data Size : 0 Entry Point : 0x12be OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7000.0 Product Version Number : 6.1.7000.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Lnzncvdps Dyxwvkczndo File Description : WMI Dhkynkc Job Object Provider File Version : 6.1.7000.0 (winmain_win7beta.081212-1400) Internal Name : wmipjobj.dll Legal Copyright : © Onyknlrpy Dxlxzkzgeic. All rights reserved. Original Filename : wmipjobj.dll Product Name : Ffqbxqiis® Eomgcos® Fltcyfwrt Szilgn Product Version : 6.1.7000.0
VirusTotal Report submitted 2011-10-30 03:07:05
VirusShare info last updated 2012-07-26 13:20:10

	MD5	a995c1be947da893ff390bbfc469ee7a
	SHA1	3f51e7ab762f021c7af254b43dc847f8ccfb968e
	SHA256	21d43a8fc12445e6ec15e35f7a1ce3e30236ff1e99d9f2c7abd524ed5790b6e4
SSDeep	1536:2IAscxDZ09FvoaBliBXRAGt9jc5JztdG8AO7D+vJpUxxL1KHl2KwfiklEwOGS0:RA1taCd2GtVc5ndhLDWIXlXOq
Size	93696 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/VB.Downloader.Gen Avast = Win32:Hosts-J [Trj] Ikarus = Trojan.Win32.Swisyn AhnLab-V3 = Trojan/Win32.Swisyn Panda = Trj/Qhost.LU Rising = Trojan.Win32.QHost.awf nProtect = Trojan/W32.Swisyn.93696.E K7AntiVirus = Trojan VirusBuster = Trojan.Swisyn!whPY1JLc4mw VBA32 = SScope.Trojan.VB.0609 eTrust-Vet = Win32/Swisyn.R TrendMicro-HouseCall = TROJ_FAM_00001e3.TOMA Emsisoft = Trojan.Win32.Swisyn!IK Comodo = TrojWare.Win32.Swisyn.C CAT-QuickHeal = TrojanDownloader.Ponmocup.A3 SUPERAntiSpyware = Trojan.Agent/Gen-Qhost McAfee-GW-Edition = Heuristic.BehavesLike.Win32.Downloader.D DrWeb = Trojan.Siggen.461 TrendMicro = TROJ_FAM_00001e3.TOMA ViRobot = Trojan.Win32.Swisyn.65024 Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Swisyn.CQV!tr PCTools = Malware.Changeup Jiangmin = Trojan/Swisyn.cby McAfee = Swisyn.s ClamAV = Trojan.VB-43290 F-Secure = Trojan.Qhosts.AVO VIPRE = Trojan.Win32.Swisyn.jyb (v) F-Prot = W32/Swisyn.E.gen!Eldorado AVG = Dropper.VB.CMD Norman = W32/DLoader.ACMAD Sophos = Mal/Swisyn-D Symantec = W32.Changeup!gen GData = Trojan.Qhosts.AVO Commtouch = W32/Swisyn.E.gen!Eldorado TheHacker = Trojan/Swisyn.jyb BitDefender = Trojan.Qhosts.AVO NOD32 = Win32/Qhost.NRX
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:13 10:28:38-04:00 PE Type : PE32 Linker Version : 6.0 Code Size : 8192 Initialized Data Size : 8192 Uninitialized Data Size : 0 Entry Point : 0x1088 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-04-28 11:30:44
VirusShare info last updated 2012-07-26 13:25:36

	MD5	79d7be419f3d57167e78408cccc3bc2a
	SHA1	9f00d46dfa6af0e34fe04cb214824f5b3840e4ab
	SHA256	3f872e3cc0ad2d0b2701de00e467f90faf0e59c5f5b71e19ae0511f8e1046acc
SSDeep	6144:4uGzv2I+SmQDfzVnjUj5TM+HvbLNFLZ024lxeeidtxp/fQhAuLz:4zvF+SbDf5niRrv1FLZfKxeeidtH/du3
Size	261701 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:Pirminay-CU [Trj] Ikarus = Trojan.Win32.Jorik AhnLab-V3 = Win-Trojan/Fakeav.261701 Panda = Suspicious file nProtect = Trojan.Generic.6380082 K7AntiVirus = Riskware VirusBuster = Trojan.Injector!yIJOnAq2u4E VBA32 = TrojanDownloader.Qhost.jw TrendMicro-HouseCall = TROJ_RENOS.BMC Emsisoft = Trojan.Win32.Jorik!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Jorik.Pirminay.zd McAfee-GW-Edition = Artemis!79D7BE419F3D DrWeb = Trojan.WinSpy.1014 TrendMicro = TROJ_RENOS.BMC Kaspersky = Trojan.Win32.Jorik.Pirminay.zd Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Jorik.K!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.hxys McAfee = Artemis!79D7BE419F3D F-Secure = Trojan.Generic.6380082 VIPRE = Trojan.Win32.Generic!BT AVG = Dropper.Generic4.RTM Norman = W32/Kryptik.ALS Sophos = Troj/Virtum-Gen GData = Trojan.Generic.6380082 Symantec = Trojan.Gen TheHacker = Trojan/Jorik.Pirminay.dg BitDefender = Trojan.Generic.6380082 NOD32 = a variant of Win32/Injector.HZU
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 245760 Initialized Data Size : 16384 Uninitialized Data Size : 40960 Entry Point : 0x46d50 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 8.1.2327.0 Product Version Number : 8.1.2327.0 File Flags Mask : 0x003f File Flags : Pre-release, Private build File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : Neutral Character Set : Unicode Company Name : Pjxdvuviy Orlrbwtlnlr File Description : Xbhmasnkw IME 2002 File Version : 8.1.2327.0 Internal Name : IMESKDIC Legal Copyright : Copyright (C) 1995-2000 Tzwduwvbx Funekxjkvef. All rights reserved. Legal Trademarks : CejkvztjmQ is a registered trademark of Wmhwyymnf Mzrcpotropv. Cwuxmwn(TM) is a trademark of Dptzwbgex Isqjyjgagbx Original Filename : IMESKDIC.DLL Product Name : Qijapgdmv IME 2002 Product Version : 8.1.2327.0
VirusTotal Report submitted 2012-06-23 20:17:48
VirusShare info last updated 2012-07-26 13:25:48

	MD5	c745b3600a65f3da70c4bfd0a546a3dd
	SHA1	513a3a1101b258819d5b8cbd24a4df3d38573947
	SHA256	407cfa39992ce80dbbfb18013b7bea8a88ca5fd6d1c041a755c77be46ecf8a09
SSDeep	12288:HqsfPxh006aCUnFW3ebiEhW/m8ksZpaj/X:Hqg00YuMDc
Size	473673 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.XPACK.Gen Avast = Win32:Zbot-NDV [Trj] AhnLab-V3 = Trojan/Win32.Pirminay Rising = Trojan.DL.Win32.DownLoad.lw nProtect = Trojan.Generic.6140722 K7AntiVirus = Riskware VirusBuster = Trojan.DL.Agent!TmVSelPsnGI TrendMicro-HouseCall = TROJ_GEN.R28C2G8 Comodo = UnclassifiedMalware McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.DownLoader5.18266 TrendMicro = TROJ_GEN.R28C2G8 Kaspersky = Trojan.Win32.Pirminay.lyh Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.abv McAfee = Generic Malware.ms F-Secure = Trojan.Generic.6140722 VIPRE = Packed.Win32.Pirminay.a (v) AVG = SHeur3.CCSV Norman = W32/Suspicious_Gen2.PPDJF GData = Trojan.Generic.6140722 Symantec = Trojan.Gen TheHacker = Trojan/Pirminay.hxn BitDefender = Trojan.Generic.6140722 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:04:18 12:44:41-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 16384 Initialized Data Size : 909312 Uninitialized Data Size : 0 Entry Point : 0x44d0 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.5512 Product Version Number : 5.1.2600.5512 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Ocrjhpnph Zwlhwyrtfiq File Description : WMI Performance Reverse Adapter Resources File Version : 5.1.2600.5512 (xpsp.080413-2108) Internal Name : WmiApRes.dll Legal Copyright : © Pphdsczhk Pelncsfchhq. All rights reserved. Original Filename : WmiApRes.dll Product Name : Hbwocjreq® Uaxskmd® Favmhwfcn Kyrnlj Product Version : 5.1.2600.5512
VirusTotal Report submitted 2012-06-23 20:44:40
VirusShare info last updated 2012-07-26 13:26:34

	MD5	2bf1a7192ed86df709e67fc79463e5c2
	SHA1	442ae1975aa2e27c5606e0e83a71482feab05eb7
	SHA256	5834bc68053d455c32a9d724b739e5b57920c30be0663be43da898bfbeab1ad5
SSDeep	6144:455IJzJznrggsdgz1Jo5H9PnNUxBqczZcuhBzQYvYPuvK0Y:4HI1dS8Jw9/axhNPBz1QPmKt
Size	294613 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Pirminay.bhf Avast = Win32:Pirminay-C Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Suspicious file nProtect = Backdoor.Generic.542938 VBA32 = suspected of Trojan.Pirminay.bg TrendMicro-HouseCall = TROJ_GEN.R47C2A4 Emsisoft = Trojan.Pirminay!IK McAfee-GW-Edition = Artemis!2BF1A7192ED8 DrWeb = Trojan.MulDrop1.59103 TrendMicro = TROJ_GEN.R47C2A4 Kaspersky = Trojan.Win32.Pirminay.bki Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Pirminay.BKI!tr PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.gs McAfee = Artemis!2BF1A7192ED8 ClamAV = Trojan.Agent-183385 F-Secure = Backdoor.Generic.542938 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Pirminay-C eSafe = Win32.TRPirminay.Bhf AVG = Downloader.Generic10.BOLE GData = Backdoor.Generic.542938 Symantec = Trojan.Gen TheHacker = Trojan/Pirminay.bhf BitDefender = Backdoor.Generic.542938 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:04:01 19:14:40-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 24064 Initialized Data Size : 531968 Uninitialized Data Size : 0 Entry Point : 0x69a6 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2001.12.4414.42 Product Version Number : 3.0.0.4414 File Flags Mask : 0x003f File Flags : Special build File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Windows, Latin1 Company Name : Microsoft Corporation File Version : 2001.12.4414.42 Internal Name : COMADDIN.DLL Legal Copyright : Copyright (C) Microsoft Corp. 1995-1999 Legal Trademarks : Microsoft(R) is a registered trademark of Microsoft Corporation. Windows(TM) is a trademark of Microsoft Corporation Product Name : COM Services Product Version : 03.00.00.4414
VirusTotal Report submitted 2011-01-05 17:11:53
VirusShare info last updated 2012-07-26 13:29:24

	MD5	41c7c841ba87d8f0a8177bb0364f28c3
	SHA1	443226ae93e8757a4e511d9493ff8216429fbc73
	SHA256	194d6064cc90fbc62e9e46bac22a0fe060fc4186ca44a0a94901c4d8a106aae7
SSDeep	6144:tY69NIULsi/q5F3GxfJll5THXjoCnKT0HpHZVL7otIePOeODjkEpNCSRv:tYmiULs+yF3GVJVTXjrzJHZ1stIePzOL
Size	385504 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dldr.Ponmocup.A.173 Avast = Win32:Trojan-gen Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Swisyn.385504 Panda = Trj/CI.A Comodo = TrojWare.Win32.Trojan.Agent.Gen Emsisoft = Trojan.Win32.Pirminay!IK Kaspersky = Trojan.Win32.Pirminay.dyj Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Pirminay.DYJ!tr PCTools = Trojan.Gen F-Secure = Trojan.Generic.5585408 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Trojan-gen AVG = Generic21.AQBH Norman = W32/Obfuscated.L Sophos = Mal/Generic-L Symantec = Trojan.Gen GData = Trojan.Generic.5585408 TheHacker = Trojan/Pirminay.dyj BitDefender = Trojan.Generic.5585408
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:02:11 23:32:30-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 49152 Initialized Data Size : 651264 Uninitialized Data Size : 0 Entry Point : 0x9503 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Oqabczedg Corporation File Description : MTF (Fcgkvnedk Tape Format) Media Label Library File Version : 5.1.2600.0 (XPClient.010817-1148) Internal Name : mll_mtf.DLL Legal Copyright : © Edqhefstw Srlbxpwyyfy. All rights reserved. Original Filename : mll_mtf.DLL Product Name : Dagkfbbvx® Olcufom® Vkkwlubtb Nppgfp Product Version : 5.1.2600.0
VirusTotal Report submitted 2011-03-18 06:51:47
VirusShare info last updated 2012-07-26 13:29:26

	MD5	7fcb950e091a233d62aa2da740af0969
	SHA1	793b907d5e722676167691864a5bacbe6f962251
	SHA256	453acf702a83022c9deaaef102938ba477535b36b83e98d8781c46596ec311e7
SSDeep	1536:vku3P2UGUUmmw8glUb1vDSSvHl0dRfGbk8XlbYgbxD8wOTOjJCk2aODBro:su3Zp5UQSvFwftUYglDcKjJCZaODB8
Size	118784 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Diller.B.10 Avast = Win32:Diller-A [Trj] Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Win32.Diller Panda = Trj/Agent.LCX nProtect = Trojan.Generic.7394507 K7AntiVirus = Riskware VirusBuster = Trojan.Ponmocup!6EeuoIKK8co TrendMicro-HouseCall = TROJ_PONMCOP.SM1 Emsisoft = Win32.Diller!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Vundo.gen.ft TrendMicro = TROJ_PONMCOP.SM1 Kaspersky = Trojan.Win32.Genome.afcbd Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Ponmocup.CG!tr McAfee = Vundo.gen.ft F-Secure = Trojan.Generic.7394507 AVG = Downloader.Agent2.AZHR Norman = W32/Suspicious_Gen4.IZHA Sophos = Troj/Ponmocup-I GData = Trojan.Generic.7394507 BitDefender = Trojan.Generic.7394507 NOD32 = Win32/Ponmocup.AA
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2012:01:10 19:00:00-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 57344 Initialized Data Size : 57344 Uninitialized Data Size : 0 Entry Point : 0x4f7b OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-06-23 23:48:15
VirusShare info last updated 2012-07-26 13:30:18

	MD5	44494b9f185a4ac277e09f8ed05c350f
	SHA1	45c5f3aaebf0ee08c96a32e9c5f1dafd531eb982
	SHA256	1d8810b9f4e565d39926c931ec4c6f97a4de028aaeab7f00d05b0faf50905d48
SSDeep	6144:fQLHwAGKsO5dxYoPqa2HpByIQ6hxApa1R/4aCcRJphoHRYjDju3UboG9H3UcVBe:f6Q5Kxd7yPHaJYz4aCOsK/Sk8Gx3UEBe
Size	373359 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.XPACK.Gen2 Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Swisyn.373359 Panda = Generic Trojan VirusBuster = Backdoor.Bot!7ini1Zc+BdM VBA32 = Trojan.Pirminay.eet TrendMicro-HouseCall = TROJ_GEN.R01C2CU Comodo = TrojWare.Win32.Trojan.Agent.Gen CAT-QuickHeal = Trojan.Pirminay.eet McAfee-GW-Edition = Artemis!44494B9F185A TrendMicro = TROJ_GEN.R01C2CU Microsoft = TrojanDownloader:Win32/Ponmocup.A PCTools = Trojan.ADH Jiangmin = Trojan/Pirminay.op McAfee = Artemis!44494B9F185A VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Malware-gen eSafe = Win32.TRCrypt.XPACK AVG = Generic21.BAMU Norman = W32/Obfuscated.L Symantec = Trojan.ADH GData = Backdoor.Bot.135962 TheHacker = Trojan/Pirminay.ejk BitDefender = Backdoor.Bot.135962
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2002:08:08 02:41:04-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 65536 Initialized Data Size : 589824 Uninitialized Data Size : 0 Entry Point : 0x1032c OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.3959 Product Version Number : 5.2.3790.3959 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 2 Language Code : Neutral Character Set : Unicode Company Name : Ctuvkifpm Dtfrvbkrsma File Description : Bosnian (Cyrillic) Keyboard Layout File Version : 5.2.3790.3959 (srv03_sp2_rtm.070216-1710) Internal Name : kbdbhc (3.12) Legal Copyright : © Trgwqmnst Rmeoclfaaif. All rights reserved. Original Filename : kbdbhc.dll Product Name : Tcpoyymwn® Ydlqcso® Qefwmflse Mgyjcg Product Version : 5.2.3790.3959
VirusTotal Report submitted 2011-04-12 22:11:47
VirusShare info last updated 2012-07-26 13:30:40

	MD5	4b84f059b501cbfaa10d03efc8e0d3b9
	SHA1	46de8a12b9be88c94d37c18498b55f8395f351e2
	SHA256	2ec62e0dd859d3a1453884399f7b81d959cf1cd92044be93215e0e683c61595a
SSDeep	1536:q+s7R3sAZYD8rvtSlTRKZsEMCZTAtdSFRIZQ:ORZYQrvtSl0VTwdSHIZQ
Size	69120 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	Avast = Win32:Malware-gen Antiy-AVL = AdWare/Win32.SuperJuan.gen Ikarus = not-a-virus:AdWare.Win32.SuperJuan AhnLab-V3 = Trojan/Win32.HDC Panda = Suspicious file nProtect = Trojan-Clicker/W32.SuperJuan.69120 K7AntiVirus = Riskware VBA32 = AdWare.SuperJuan.afzl TrendMicro-HouseCall = TROJ_GEN.R01C7KI Comodo = UnclassifiedMalware Emsisoft = Riskware.AdWare.Win32.SuperJuan!IK SUPERAntiSpyware = Trojan.Agent/Gen-Vundo McAfee-GW-Edition = Artemis!4B84F059B501 TrendMicro = TROJ_GEN.R01C7KI Kaspersky = not-a-virus:AdWare.Win32.SuperJuan.afzs Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Ponmocup.AA PCTools = Trojan.Gen Jiangmin = Adware/SuperJuan.aox McAfee = Artemis!4B84F059B501 F-Secure = Gen:Variant.Graftor.4111 VIPRE = Virtumonde eSafe = Win32.Trojan AVG = Generic4.CHLH Norman = W32/Suspicious_Gen2.SRYCG Sophos = Mal/EncPk-ACF GData = Gen:Variant.Graftor.4111 Symantec = Trojan.Gen.2 TheHacker = Trojan/Ponmocup.aa BitDefender = Gen:Variant.Graftor.4111 NOD32 = Win32/Ponmocup.AA
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:22 19:53:04-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 28672 Initialized Data Size : 49152 Uninitialized Data Size : 0 Entry Point : 0x15d5 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : Neutral Character Set : Unicode Company Name : Microsoft Corporation File Description : JP Japanese Keyboard Layout Stub driver File Version : 6.0.6000.16386 (vista_rtm.061101-2205) Internal Name : kbdjpn Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : kbdjpn.dll Product Name : Microsoft® Windows® Operating System Product Version : 6.0.6000.16386
VirusTotal Report submitted 2011-12-15 18:49:23
VirusShare info last updated 2012-07-26 13:31:29

	MD5	092f2e82165137bf1597877fbd8bda95
	SHA1	482a2f5bb626b94e978963014456590f147bbf54
	SHA256	4e1941bd54d1ad17649d4fbe82fdceac915b55c08caddf5893ed0f5475b039bb
SSDeep	6144:Nf6/+RKPziCKqP9w7CPHfJNm/HBWJgmZYJ1O67u8vGGqCk1Gqz:NCWR5CDP9wuPRNmPQYJMrGqCkH
Size	316928 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.XPACK.Gen Avast = Win32:Trojan-gen Ikarus = Win32.SuspectCrc AhnLab-V3 = Trojan/Win32.Jorik Panda = Generic Trojan nProtect = Gen:Variant.Graftor.5775 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!RxhMvOSoAXk TrendMicro-HouseCall = TROJ_GEN.R47C7KH Emsisoft = Win32.SuspectCrc!IK Comodo = Packed.Win32.MUPX.Gen SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[RE] McAfee-GW-Edition = Heuristic.BehavesLike.Win32.ModifiedUPX.F DrWeb = Trojan.Winlock.4505 TrendMicro = TROJ_GEN.R47C7KH Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Evx.BG!tr PCTools = Trojan.Gen McAfee = Generic.evx!bg F-Secure = Trojan.Generic.KDV.405502 VIPRE = Trojan.Win32.Generic!BT AVG = Downloader.Generic12.XYH Norman = W32/Suspicious_Gen2.SDUZS Sophos = Mal/Generic-L GData = Trojan.Generic.KDV.405502 Symantec = Trojan.Gen Commtouch = W32/GenBl.092F2E82!Olympus BitDefender = Trojan.Generic.KDV.405502 NOD32 = probably a variant of Win32/Kryptik.VDN
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 8.0 Code Size : 278528 Initialized Data Size : 8192 Uninitialized Data Size : 32768 Entry Point : 0x154b OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : ASCII Company Name : Hilgraeve, Inc. File Description : HyperTerminal Applet Library File Version : 5.1.2600.0 Internal Name : hticons Legal Copyright : Copyright © Hilgraeve, Inc. 2001 Legal Trademarks : HyperTerminal ® is a registered trademark of Hilgraeve, Inc. Original Filename : HTICONS.DLL Product Name : Fgmkaetto® Huqfbah® Uogluagzz Cnzssy Product Version : 5.1.2600.0 Comments : HyperTerminal ® was developed by Hilgraeve, Inc. for Tehnltlee
VirusTotal Report submitted 2011-12-05 21:58:38
VirusShare info last updated 2012-07-26 13:32:33

	MD5	2052f2103adabb842ff23a8db6c18e22
	SHA1	a8e758d073bc3bd56df8a3e5cbfd98bf17879579
	SHA256	4b3a0cf68566242d8f9f37eae7cd4b927a22f44a77e0fb841a5f3eeb5469a3b8
SSDeep	6144:LWbSCNtvl8RXDJNmLHpUbTmPVrazE85ECSMjW41HNU6K/AW:LWVNtvlGXWLSOrs67mFHLKYW
Size	332654 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Ag.294254 Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Pirminay.332654 Panda = Suspicious file Rising = Trojan.Win32.Generic.1299B583 nProtect = Trojan.Generic.5211923 K7AntiVirus = Riskware VirusBuster = Trojan.DL.Agent!9iRqeFwLUlQ VBA32 = Win32.TrojanDownloader.Agent.PXO TrendMicro-HouseCall = TROJ_GEN.R23E1GF Emsisoft = Trojan.Win32.Pirminay!IK Comodo = TrojWare.Win32.Trojan.Agent.Gen McAfee-GW-Edition = Generic Dropper!dfi DrWeb = Trojan.Siggen1.52062 TrendMicro = TROJ_GEN.R23E1GF Kaspersky = Trojan.Win32.Pirminay.bb Microsoft = Trojan:Win32/Meredrop Fortinet = W32/Kryptik.ANL!tr PCTools = HeurEngine.MaliciousPacker Jiangmin = Trojan/Pirminay.c McAfee = Generic Dropper!dfi F-Secure = Trojan-Dropper:W32/Meredrop.AL VIPRE = Packed.Win32.Pirminay.a (v) F-Prot = W32/MalwareF.DUVQ AVG = Generic18.YCM Norman = W32/Troj_Generic.AAPRG Sophos = Mal/Ponmocup-A GData = Trojan.Generic.5211923 Symantec = Packed.Generic.305 Commtouch = W32/MalwareF.DUVQ BitDefender = Trojan.Generic.5211923 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:02 13:59:34-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 286208 Initialized Data Size : 305152 Uninitialized Data Size : 0 Entry Point : 0x46c4c OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-06-24 02:30:57
VirusShare info last updated 2012-07-26 13:34:54

	MD5	0edc1be1b827dd668f09b007778e0c58
	SHA1	4d9b7c1c6d0afa7a8dc71fd78bc63ed94b72b3cb
	SHA256	391a6be9c9361cf886c2ad2b45ea19c81150769cc54a62cb22efd8b76c5c10e6
SSDeep	6144:ydDkH6X4GJBHWcmSpJMSAu7AGlkJipI+rOkMvE57T+j8Z:ylXtJBvmSpJMSA1GWUpNrHW67t
Size	331264 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.XPACK.Gen2 Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay Panda = Trj/Pirminay.B Rising = Trojan.Win32.Generic.126899BF nProtect = Trojan/W32.Agent.331264.AU K7AntiVirus = Riskware VBA32 = Trojan.Pirminay.bjc TrendMicro-HouseCall = TROJ_GEN.R3EC2LU Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Pirminay.bjc McAfee-GW-Edition = Kryp.b DrWeb = Trojan.Hosts.2622 TrendMicro = TROJ_GEN.R3EC2LU Kaspersky = Trojan.Win32.Pirminay.bjc Microsoft = TrojanDownloader:Win32/Renos.KC PCTools = Trojan.Gen McAfee = Kryp.b ClamAV = Trojan.Agent-183360 F-Secure = Trojan.Generic.KDV.96807 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:MalOb-EI [Cryp] F-Prot = W32/FakeAlert.LP.gen!Eldorado AVG = Downloader.Generic10.BMUO Norman = W32/Obfuscated.L Sophos = Mal/Ponmocup-A Symantec = Trojan.Gen GData = Trojan.Generic.KDV.96807 Commtouch = W32/FakeAlert.LP.gen!Eldorado TheHacker = Trojan/Pirminay.bjc BitDefender = Trojan.Generic.KDV.96807 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2002:08:01 11:11:13-04:00 PE Type : PE32 Linker Version : 6.0 Code Size : 65024 Initialized Data Size : 527872 Uninitialized Data Size : 0 Entry Point : 0x108dc OS Version : 4.0 Image Version : 4.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 7.0.6000.16386 Product Version Number : 7.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Microsoft COM Runtime Execution Engine File Version : 7.00.6000.16386 (vista_rtm.061101-2205) Internal Name : CORPOL.DLL Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : CORPOL.DLL Product Name : Windows® Internet Explorer Product Version : 7.00.6000.16386
VirusTotal Report submitted 2011-08-28 13:00:04
VirusShare info last updated 2012-07-26 13:36:30

	MD5	ddc63fff7d568f1e82c22ba2613113e5
	SHA1	514c906ddba5e5da6a2df53054aa2da85f21b7dc
	SHA256	1b90dc9b05ec917dd7995127d0d0a525333771c6dff0d52ebef83986398b4515
SSDeep	6144:kRmCFsqAGUT+RcVD/lW+zhEAE6QKKzAEuEcbalinfBHsUj9lii7+AKCEAzB:kqJGBCD/M+06NEwnfBMmbZEAzB
Size	381445 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.6.89 Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/Win32.Jorik.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Jorik Panda = Suspicious file nProtect = Gen:Variant.Vundo.6 K7AntiVirus = Riskware VBA32 = SScope.Trojan.Pirminay.chc TrendMicro-HouseCall = TROJ_GEN.R4FC3IE Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Downloader.a!xm DrWeb = Trojan.Hosts.4953 TrendMicro = TROJ_GEN.R4FC3IE Kaspersky = Trojan.Win32.Jorik.Pirminay.api Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.ADH Jiangmin = Trojan/Jorik.tie McAfee = Downloader.a!xm F-Secure = Gen:Variant.Vundo.6 VIPRE = Trojan.Win32.Generic!BT F-Prot = W32/FakeAlert.LP.gen!Eldorado AVG = Generic25.ACZB Norman = W32/Suspicious_Gen2.QHTXY GData = Gen:Variant.Vundo.6 Commtouch = W32/FakeAlert.LP.gen!Eldorado TheHacker = Trojan/Kryptik.izc BitDefender = Gen:Variant.Vundo.6 NOD32 = a variant of Win32/Kryptik.IZC
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:04 13:18:00-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 374784 Initialized Data Size : 357888 Uninitialized Data Size : 0 Entry Point : 0x5c46c OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.2180 Product Version Number : 5.1.2600.2180 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Microsoft® License Server Interface DLL File Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Internal Name : ntlsapi.dll Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : ntlsapi.dll Product Name : Microsoft® Windows® Operating System Product Version : 5.1.2600.2180
VirusTotal Report submitted 2011-11-28 05:46:35
VirusShare info last updated 2012-07-26 13:41:20

	MD5	deb6ca3ca44c1d42cdb29da79ffbef8e
	SHA1	9ffaa3459a4a8abbe62537f49db06cc84a47d3ee
	SHA256	51c942c6dd24bcbf7bc5f46a514229783b37b13afe12452bfe8ea9b5f10b520c
SSDeep	6144:jKGRwFJkWWCPIdDfHeDK+bSArqQzj5e8eOD:jK1xv/ITUeu
Size	229413 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:Downloader-JEH [Trj] Ikarus = Trojan.Win32.Jorik AhnLab-V3 = Trojan/Win32.Jorik Panda = Suspicious file nProtect = Trojan.Generic.6411322 K7AntiVirus = Riskware VirusBuster = Trojan.Injector!RnRC6TivcGI VBA32 = TrojanDownloader.CodecPack.sjt TrendMicro-HouseCall = TROJ_RENOS.BMC Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Jorik!IK CAT-QuickHeal = Trojan.Jorik.Pirminay.atw McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.WinSpy.1014 TrendMicro = TROJ_RENOS.BMC Kaspersky = Trojan.Win32.Jorik.Pirminay.atw Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Jorik.K!tr PCTools = Trojan.ADH Jiangmin = Trojan/Generic.hxys McAfee = Generic Malware.ms F-Secure = Trojan.Generic.6411322 VIPRE = Trojan.Win32.Generic!BT AVG = Dropper.Generic4.TYV Norman = W32/Obfuscated.L GData = Trojan.Generic.6411322 Symantec = Trojan.ADH TheHacker = Trojan/Jorik.Pirminay.gn BitDefender = Trojan.Generic.6411322 NOD32 = a variant of Win32/Injector.HZU
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 225280 Initialized Data Size : 4096 Uninitialized Data Size : 45056 Entry Point : 0x42c00 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.1106 Product Version Number : 5.1.2600.1106 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Uhaaruimv Corporation File Description : Schedule Tasks File Version : 5.1.2600.1106 (xpsp1.020828-1920) Internal Name : SchTasks.exe Legal Copyright : © Hvszzqzko Ayjiatrrgab. All rights reserved. Original Filename : ScTasks.exe Product Name : Sppufspos® Jucjimo® Lzfcssxbv Belchn Product Version : 5.1.2600.1106
VirusTotal Report submitted 2012-06-24 05:28:11
VirusShare info last updated 2012-07-26 13:42:10

	MD5	e0bcce62bc17811660fdc8e882f8a119
	SHA1	8a8c5f0941a5c03e09bb5f041b47052fbcfb9b9b
	SHA256	534b748f17745ccee2f10fddbd2013b0e63b42822f1336037954b1bd99b34d0f
SSDeep	6144:qbr47+qinstMgQgRnyoFz8Nr9XFFxTH+likQojkfiIrqsusJX5NLAe:oFq+sGYyo6RZFF9HcQfluaXLLP
Size	334949 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Pirminay.bjk Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Malware.334949 Panda = Suspicious file Rising = Trojan.Win32.Generic.126DBE17 nProtect = Trojan.Generic.6537674 K7AntiVirus = Riskware VBA32 = SScope.Trojan.Pirminay.chc TrendMicro-HouseCall = TROJ_SPYPRO.SM Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Renos McAfee-GW-Edition = Kryp.b DrWeb = Trojan.MulDrop1.60277 TrendMicro = TROJ_SPYPRO.SM Kaspersky = Trojan.Win32.Pirminay.jwz Microsoft = TrojanDownloader:Win32/Renos.KC Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Milicenso TotalDefense = Win32/Ponmocup.A Jiangmin = Trojan/Pirminay.gy McAfee = Kryp.b ClamAV = Trojan.Agent-183368 F-Secure = Trojan.Generic.6537674 VIPRE = Trojan.Win32.Generic!BT F-Prot = W32/FakeAlert.LP.gen!Eldorado AVG = Generic20.BEEO Norman = Pirminay.B Sophos = Troj/Virtum-Gen GData = Trojan.Generic.6537674 Symantec = Trojan.Milicenso Commtouch = W32/FakeAlert.LP.gen!Eldorado TheHacker = Trojan/Pirminay.bih BitDefender = Trojan.Generic.6537674 NOD32 = a variant of Win32/Kryptik.JIB
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:08:30 13:56:32-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 23040 Initialized Data Size : 603648 Uninitialized Data Size : 0 Entry Point : 0x6552 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.0.0.3422 Product Version Number : 2.0.0.3422 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : Hebrew Character Set : Unicode Comments : Company Name : Microsoft Corporation File Description : Microsoft Agent International Dll File Version : 2.00.0.3422 Internal Name : agt040d Legal Copyright : Copyright (C) Microsoft Corp. 1998 Legal Trademarks : Original Filename : agt040d.dll Private Build : Product Name : Microsoft Agent International Dll Product Version : 2.00.0.3422 Special Build :
VirusTotal Report submitted 2012-06-24 06:05:49
VirusShare info last updated 2012-07-26 13:43:26

	MD5	99d73b64d36a2d609494696d9851daf9
	SHA1	923dd1869476a6836b293b8dc76b81024a2a6a6b
	SHA256	54442e87375a6f5db7df53f31a1c461d9d8e3d0d98f5af6350eb0a2553a02d0b
SSDeep	6144:HTXy/CKfN+qgUAnqMWe5F73nRlhjZi7D2:LDKlmUFELVViH2
Size	256933 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Jorik AhnLab-V3 = Trojan/Win32.FakeAV Panda = Suspicious file nProtect = Trojan.Generic.6566020 K7AntiVirus = Riskware VirusBuster = Trojan.Injector!26K9I6fPyrg VBA32 = TrojanDownloader.Qhost.jw TrendMicro-HouseCall = TROJ_GEN.R4FCDF5 Emsisoft = Trojan.Win32.Jorik!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Heuristic.LooksLike.Win32.Suspicious.F DrWeb = Trojan.WinSpy.1014 TrendMicro = TROJ_GEN.R4FCDF5 Kaspersky = Trojan.Win32.Jorik.Pirminay.bgz ViRobot = Trojan.Win32.Generic.213555[UPX] Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Jorik.K!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.hxys McAfee = Artemis!99D73B64D36A F-Secure = Trojan.Generic.6566020 VIPRE = Trojan.Win32.Generic!BT AVG = Dropper.Generic4.SZD Norman = W32/Obfuscated_L.HU Sophos = Troj/Virtum-Gen GData = Trojan.Generic.6566020 Symantec = Trojan.Gen TheHacker = Trojan/Jorik.Pirminay.gd BitDefender = Trojan.Generic.6566020 NOD32 = a variant of Win32/Injector.HZU
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 229376 Initialized Data Size : 28672 Uninitialized Data Size : 57344 Entry Point : 0x46600 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 0.3.1281.0 Product Version Number : 6.0.5479.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 12 Language Code : Arabic Character Set : Unicode Company Name : Microsoft Corporation File Description : برنامج تشغيل الطابعة panson24 File Version : 6.0.5479.0 (vbl_wcp_d2_drivers.060616-1619) Internal Name : pa24w9x.dll Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : pa24w9x.dll Product Name : Microsoft® Windows® Operating System Product Version : 6.0.5479.0
VirusTotal Report submitted 2012-06-24 06:31:22
VirusShare info last updated 2012-07-26 13:44:13

	MD5	387b471169f64638aff5674a86a995f2
	SHA1	5633df9d669c6ed9e08c6a406c7ebeeb1e669e09
	SHA256	80c94321f48c30ea534ef84ef4440ee311aa2b6ce3c2f1c24ba056066e9caff6
SSDeep	6144:gtY2nszPX5/ktKB82mR8R/gxC8VPjogqJRTlyWmCQ:gc/5xBFJj8BogMlyx
Size	237056 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:Pirminay-DT [Trj] Antiy-AVL = Trojan/Win32.Jorik Ikarus = Trojan.Win32.Jorik AhnLab-V3 = Trojan/Win32.Jorik Panda = Generic Trojan nProtect = Trojan/W32.Jorik.237056.B K7AntiVirus = Trojan VirusBuster = Trojan.DR.Agent!OWQJkQl3hlE VBA32 = Trojan.Jorik.Pirminay.ana TrendMicro-HouseCall = TROJ_GEN.R3EC7JG Comodo = TrojWare.Win32.Trojan.Agent.Gen Emsisoft = Trojan.Win32.Jorik!IK CAT-QuickHeal = Trojan.Jorik.Pirminay.ana McAfee-GW-Edition = Heuristic.LooksLike.Win32.FakeXPA.B DrWeb = Trojan.Fakealert.25677 ByteHero = Trojan.Malware.Win32.xPack.l TrendMicro = TROJ_GEN.R3EC7JG Kaspersky = Trojan.Win32.Jorik.Pirminay.ana Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Jorik_Pirminay.A!tr PCTools = Trojan.Gen Jiangmin = Trojan/Jorik.srx McAfee = Generic Malware.ms F-Secure = Gen:Variant.Graftor.1488 VIPRE = Trojan.Win32.Generic!BT AVG = Dropper.Generic4.BKRT Norman = W32/Obfuscated.L GData = Gen:Variant.Graftor.1488 Symantec = Trojan.Gen TheHacker = Trojan/Downloader.Agent.pxo BitDefender = Gen:Variant.Graftor.1488 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 28672 Initialized Data Size : 217088 Uninitialized Data Size : 0 Entry Point : 0x154b OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Sjvmpybqr Vcjvkkvgzsv File Description : Quarantine Server Management File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : QSvrMgmt.DLL Legal Copyright : © Ghckiyzrk Oyorkaasxzv. All rights reserved. Original Filename : QSvrMgmt.DLL Product Name : Umlcsoyqc® Odzhzzg® Ranjagawf Gopdjd Product Version : 6.1.7600.16385
VirusTotal Report submitted 2012-04-30 20:57:24
VirusShare info last updated 2012-07-26 13:45:53

	MD5	68c80c564be79e8760f0cd5f7d5b317c
	SHA1	5733bc72c8942c3e893cc4d035f42966f1c1f1df
	SHA256	f6a0680dbc0badf98c82da6fac31bd409536e2d89a6bd4f33ee1204b792bd276
SSDeep	6144:KZQZRahoLdDBPPPm0KNOhAjdS3z4QteeMDmonRVlJkkl:KZ5KDBHe0KeAjdS3z52tnRVPkkl
Size	245760 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Graftor.3421.5 Ikarus = Trojan-Downloader.Win32.Ponmocup AhnLab-V3 = Trojan/Win32.Monder Panda = Generic Malware nProtect = Gen:Variant.Graftor.3421 Comodo = TrojWare.Win32.Trojan.Agent.Gen Emsisoft = Trojan-Downloader.Win32.Ponmocup!IK McAfee-GW-Edition = Artemis!68C80C564BE7 DrWeb = Trojan.WinSpy.1014 ByteHero = Trojan.Win32.Heur.Gen Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = TrojanDownloader:Win32/Ponmocup.A Jiangmin = Trojan/Generic.knvv McAfee = Artemis!68C80C564BE7 F-Secure = Gen:Variant.Graftor.3421 VIPRE = Trojan.Win32.Generic!BT Norman = W32/Suspicious_Gen2.SAXRP Sophos = Mal/Generic-L Symantec = Suspicious.Cloud GData = Gen:Variant.Graftor.3421 BitDefender = Gen:Variant.Graftor.3421
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 8.0 Code Size : 245760 Initialized Data Size : 4096 Uninitialized Data Size : 36864 Entry Point : 0x450f0 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 0.3.1536.1 Product Version Number : 1.10.2.11 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : CANON INC. File Description : Canon Inkjet Printer Driver File Version : 1.10.2.11 (fbl_dox_dev_ihvs.081016-1807) Internal Name : CNBBRxxx.DLL Legal Copyright : Copyright CANON INC. 2008 All Rights Reserved Original Filename : CNBBRxxx.DLL Product Name : Canon Inkjet Printer Driver Product Version : 1.10.2.11
VirusTotal Report submitted 2011-11-12 07:47:33
VirusShare info last updated 2012-07-26 13:46:34

	MD5	4204ead718fd920a23cc5913405b393b
	SHA1	57888e2239f4727640c1c95226d203b7bc534aa2
	SHA256	3900de1bbd5e35f16b3d2b126d55d662d10a95c5776c96e5a8ca29d355595639
SSDeep	1536:q+s7R3sAZYDZrvtXvZFOibHrWgsOPgSFRIZQ:ORZY1rvtXRvVgSHIZQ
Size	69120 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.AV.933 Avast = Win32:Malware-gen Antiy-AVL = AdWare/Win32.SuperJuan.gen Ikarus = not-a-virus:AdWare.Win32.SuperJuan AhnLab-V3 = Trojan/Win32.HDC Panda = Suspicious file nProtect = Trojan-Clicker/W32.SuperJuan.69120 K7AntiVirus = Adware VBA32 = AdWare.SuperJuan.afzl TrendMicro-HouseCall = TROJ_GEN.R06C7KO Comodo = UnclassifiedMalware Emsisoft = Riskware.AdWare.Win32.SuperJuan!IK CAT-QuickHeal = Trojan.Vundo.av SUPERAntiSpyware = Trojan.Agent/Gen-Vundo McAfee-GW-Edition = Generic PUP.x!ub TrendMicro = TROJ_GEN.R06C7KO Kaspersky = not-a-virus:AdWare.Win32.SuperJuan.afzs Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Ponmocup.AA PCTools = Trojan.Gen Jiangmin = Adware/SuperJuan.aox McAfee = Generic PUP.x!ub F-Secure = Gen:Variant.Graftor.4111 VIPRE = Virtumonde AVG = Generic4.CHLH Sophos = Mal/EncPk-ACF GData = Gen:Variant.Graftor.4111 Symantec = Trojan.Gen.2 TheHacker = Trojan/Ponmocup.aa BitDefender = Gen:Variant.Graftor.4111 NOD32 = Win32/Ponmocup.AA
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:22 19:53:04-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 28672 Initialized Data Size : 49152 Uninitialized Data Size : 0 Entry Point : 0x15d5 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : Neutral Character Set : Unicode Company Name : Microsoft Corporation File Description : JP Japanese Keyboard Layout Stub driver File Version : 6.0.6000.16386 (vista_rtm.061101-2205) Internal Name : kbdjpn Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : kbdjpn.dll Product Name : Microsoft® Windows® Operating System Product Version : 6.0.6000.16386
VirusTotal Report submitted 2011-12-18 15:44:58
VirusShare info last updated 2012-07-26 13:46:51

	MD5	8266caefd71e9972d62915b43e5f54f6
	SHA1	58f4011acc95288b78d8444256f086b4333f6ac6
	SHA256	9b59e47897ef07808da19816d5602a631e5b7ca585087cc56cced9b28b4a3b0f
SSDeep	6144:ENvTwhjJnKR9FosQarjt1khotnDfSLs492iRNKp167Stbp:ashVsPonCjHkhyizRokS/
Size	264599 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	McAfee-GW-Edition = Heuristic.BehavesLike.Win32.Suspicious.A Microsoft = TrojanDownloader:Win32/Ponmocup.A PCTools = HeurEngine.MaliciousPacker Prevx = Medium Risk Malware Symantec = Packed.Generic.305 NOD32 = a variant of Win32/Injector.BET
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:06:06 17:41:37-04:00 PE Type : PE32 Linker Version : 6.0 Code Size : 23552 Initialized Data Size : 3783680 Uninitialized Data Size : 1024 Entry Point : 0x30de OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1.1.2.3 Product Version Number : 1.1.2.3 File Flags Mask : 0x0000 File Flags : (none) File OS : Win32 Object File Type : Executable application File Subtype : 0 Language Code : Neutral Character Set : Windows, Latin1 Comments : Company Name : NSIS Product Name : XVID CodecPack
VirusTotal Report submitted 2010-08-02 00:02:31
VirusShare info last updated 2012-07-26 13:48:25

	MD5	e404472d514a7c226e3ab8a67b909697
	SHA1	5fed5f40ad3e962aac410e4fc74562b120b6a29c
	SHA256	c1c3a465ed93288154cd7088ca92a6248f7e8297e556f664676f337c7cc25131
SSDeep	6144:PA1QWhvG4AcNNX0gwdqT1oVjvKvBDgxOz7:PLWhv5hQ8oMpFX
Size	222756 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Jorik Ikarus = Trojan-Downloader.Win32.Ponmocup AhnLab-V3 = Trojan/Win32.Pirminay Panda = Suspicious file nProtect = Trojan.Generic.6696889 VirusBuster = Trojan.Injector!Ne3IOOQZRrs TrendMicro-HouseCall = TROJ_GEN.R4FC8J7 Comodo = UnclassifiedMalware Emsisoft = Trojan-Downloader.Win32.Ponmocup!IK CAT-QuickHeal = Trojan.Jorik.Pirminay.ato McAfee-GW-Edition = Heuristic.LooksLike.Win32.Suspicious.B TrendMicro = TROJ_GEN.R4FC8J7 Kaspersky = Trojan.Win32.Jorik.Pirminay.ato Microsoft = Trojan:Win32/Vundo.gen!CD Fortinet = W32/Malware_fam.NB PCTools = Trojan.ADH Jiangmin = Trojan/Generic.kfzm McAfee = Downloader.a!b2c F-Secure = Trojan.Generic.6696889 VIPRE = Trojan.Win32.Generic!BT AVG = Dropper.Generic4.AJIS Norman = W32/Vundo.UWC Sophos = Mal/Generic-L GData = Trojan.Generic.6696889 Symantec = Trojan.ADH.2 BitDefender = Trojan.Generic.6696889 NOD32 = a variant of Win32/Kryptik.UFA
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 16384 Initialized Data Size : 212992 Uninitialized Data Size : 0 Entry Point : 0x12ae OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.5512 Product Version Number : 5.1.2600.5512 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Ommsnbahf Rtvgcjagbtw File Description : NetMeeting Interface Marshaling Library File Version : 5.1.2600.5512 Internal Name : confmrsl Legal Copyright : Copyright © Ayqmqogtm Xafbbmudpzx 1996-2001 Legal Trademarks : Vaqtwbdun® is a registered trademark of Ogxizhyen Bkhxmvjgnpc. Cpqffme® is a registered trademark of Nqahsrrwg Qghhatbyjtj. Original Filename : confmrsl.dll Product Name : Bemerfc® NetMeeting® Product Version : 3.01
VirusTotal Report submitted 2012-06-26 07:07:36
VirusShare info last updated 2012-07-26 13:54:19

	MD5	aa633fb10bb5ab7915d9dcc616b8b9fe
	SHA1	61e460562b8eb76d3bc9a10a8979f606ea336a3b
	SHA256	b32b935e60482043c92c4c8e34b2d0f54b11d4661807e9ffb0c085b44635e685
SSDeep	6144:HRBVjnFIOXDPqPx1SPcWwP0yfBwfLtwvQwP1YHsJ2Rlw3GwTkO8:HQOzP+xSwB6fpwtPdOw3G3L
Size	338406 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Pirminay.bhl Avast = Win32:MalOb-EI [Cryp] Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Suspicious file K7AntiVirus = Riskware VBA32 = SScope.Trojan.Pirminay.chc TrendMicro-HouseCall = TROJ_GEN.R21C1KB Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Heuristic.BehavesLike.Win32.Suspicious.H DrWeb = Trojan.DownLoader4.45530 TrendMicro = TROJ_GEN.R21C1KB Kaspersky = Trojan.Win32.Pirminay.pdd Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = PossibleThreat PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.gq McAfee = Kryp.b ClamAV = Trojan.Agent-183370 F-Secure = Backdoor.Generic.542881 VIPRE = Trojan.Win32.Generic!BT F-Prot = W32/FakeAlert.LP.gen!Eldorado AVG = Generic20.BASW Norman = W32/Suspicious_Gen2.ROALJ Sophos = Troj/Virtum-Gen Symantec = Trojan.Gen GData = Backdoor.Generic.542881 Commtouch = W32/FakeAlert.LP.gen!Eldorado TheHacker = Trojan/Pirminay.bhj BitDefender = Backdoor.Generic.542881 NOD32 = a variant of Win32/Kryptik.JIW
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:08:14 01:54:42-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 73216 Initialized Data Size : 520192 Uninitialized Data Size : 0 Entry Point : 0x12996 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.0.2134.1 Product Version Number : 5.0.2134.1 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Windows NT Macintosh Font Manager File Version : 5.00.2134.1 Internal Name : sfmpsfnt.dll Legal Copyright : Copyright (C) Microsoft Corp. 1981-1999 Original Filename : sfmpsfnt.dll Product Name : Microsoft(R) Windows (R) 2000 Operating System Product Version : 5.00.2134.1
VirusTotal Report submitted 2011-11-18 03:54:35
VirusShare info last updated 2012-07-26 13:55:50

	MD5	6eaee1430bcc64c9d07f3d69ba110526
	SHA1	bc0b25d29be63a61bf0155432006715246d77331
	SHA256	63e2941db4c83f1cd943cc74e368dee94452acb9ccf122d20f413712c75fc744
SSDeep	6144:FyMsJzVrZ2MW3kyDhZI/NnAHZaeKmeGdEjlbZebhrRBPMB+y:F8JyvUyDbMnA56f2hFBPMP
Size	250445 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:Trojan-gen Ikarus = Trojan.Win32.Jorik AhnLab-V3 = Trojan/Win32.Jorik Panda = Suspicious file nProtect = Trojan.Generic.6388140 K7AntiVirus = Riskware VirusBuster = Trojan.Injector!M/8mCdETuGI VBA32 = Trojan.Jorik.Pirminay.bu TrendMicro-HouseCall = TROJ_GEN.R28C2I9 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Jorik!IK CAT-QuickHeal = Trojan.Jorik.Pirminay.zr McAfee-GW-Edition = Artemis!6EAEE1430BCC DrWeb = Trojan.WinSpy.1014 TrendMicro = TROJ_GEN.R28C2I9 Kaspersky = Trojan.Win32.Jorik.Pirminay.zr Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Jorik.K!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.hxys McAfee = Artemis!6EAEE1430BCC F-Secure = Trojan.Generic.6388140 VIPRE = Trojan.Win32.Generic!BT AVG = Dropper.Generic4.RTQ Norman = W32/Suspicious_Gen2.RFDDH GData = Trojan.Generic.6388140 Symantec = Trojan.Gen TheHacker = Trojan/Jorik.Pirminay.kn BitDefender = Trojan.Generic.6388140 NOD32 = a variant of Win32/Injector.HZU
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 229376 Initialized Data Size : 24576 Uninitialized Data Size : 40960 Entry Point : 0x42510 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1.0.13.0 Product Version Number : 1.0.13.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 1 Language Code : Danish Character Set : Unicode Comments : Company Name : Igztgvurp Rvsmlsadwvg File Description : Lexmark 3200 Color Jetprinter File Version : 1, 0, 13, 0 Internal Name : LXSYSRES.DLL Legal Copyright : Copyright (C) Gkwziauas Corp. 1981-1997 Legal Trademarks : Original Filename : OEMRES Private Build : Product Name : Psyhpqmts(R) Nwoaxuy NT(R) Operativsystem Product Version : 1, 0, 13, 0 Special Build :
VirusTotal Report submitted 2012-06-24 13:21:24
VirusShare info last updated 2012-07-26 13:57:24

	MD5	0a973dec166045d559bdbe5b9d558855
	SHA1	68cc0ca5ba30eb0f7060d1195a6a3ff7fa1dda30
	SHA256	47ede36bc0db350d8ffcadd0e69f8525256a4e3c9bab6ec67cdce920fc8cdbb9
SSDeep	6144:tOhm7Q0VMMf4iKzGFFfi22xyMtlf182LIm:ohaQUKCfQxzlNrL
Size	266240 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dldr.Ponmocup.A.403 Avast = Win32:Dropper-IXS [Drp] Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan-Downloader.Win32.Ponmocup AhnLab-V3 = Trojan/Win32.HDC Panda = Generic Trojan nProtect = Gen:Variant.Graftor.3421 K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_GEN.R47C7K8 Emsisoft = Trojan-Downloader.Win32.Ponmocup!IK Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[RE] McAfee-GW-Edition = Generic.evx!bf DrWeb = Trojan.Winlock.4450 TrendMicro = TROJ_GEN.R47C7K8 Kaspersky = Trojan.Win32.Genome.xivc Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Evx.BF!tr Jiangmin = Trojan/Jorik.rzr McAfee = Generic.evx!bf F-Secure = Gen:Variant.Graftor.3421 VIPRE = Trojan.Win32.Generic!BT eSafe = Win32.TRDldr.Ponmocu AVG = Downloader.Generic12.WFM Norman = W32/Obfuscated.L GData = Gen:Variant.Graftor.3421 TheHacker = Trojan/Kryptik.vdn BitDefender = Gen:Variant.Graftor.3421 NOD32 = a variant of Win32/Kryptik.VDN
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:24 13:07:20-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 249856 Initialized Data Size : 20480 Uninitialized Data Size : 49152 Entry Point : 0x49250 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1.0.13.0 Product Version Number : 1.0.13.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 1 Language Code : Danish Character Set : Unicode Comments : Company Name : Sjokoqafc Bylciaaxipq File Description : Lexmark Z51 Color Jetprinter File Version : 1, 0, 13, 0 Internal Name : LXROSRES.DLL Legal Copyright : Copyright (C) Ywrgabexh Corp. 1981-1997 Legal Trademarks : Original Filename : OEMRES Private Build : Product Name : Shcddnxod(R) Dlqmtjo NT(R) Operativsystem Product Version : 1, 0, 13, 0 Special Build :
VirusTotal Report submitted 2011-11-27 20:39:45
VirusShare info last updated 2012-07-26 14:03:39

	MD5	ceba13f7826d53d0ca4f90d4ab9fc888
	SHA1	8301c8cd1b6a22a7dfc0898da1f1d5695986e9c3
	SHA256	6c2cb6315b16f8b17d9152b73b095770242a12238e39c0d4baf36fbe8bf436dd
SSDeep	6144:/PH3UairUacadWcpAHjivZJGK2mSocUWmebNBmnQ+w6NW9oMpjCWFCn5McPFnQ:nEomWciHjIRCUkBBR+wCMoY2WFCmIFnQ
Size	385630 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.ZPACK.Gen2 Avast = Win32:Vundo-JU [Trj] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.FakeAV nProtect = Trojan.Generic.5741135 K7AntiVirus = Riskware VirusBuster = Trojan.Agent!1NLcSVtF1mw TrendMicro-HouseCall = TROJ_RENOS.BMC Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Pirminay McAfee-GW-Edition = Downloader.a!bfb DrWeb = Trojan.DownLoader4.63979 TrendMicro = TROJ_RENOS.BMC Kaspersky = Trojan.Win32.Pirminay.pmy Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.edsa McAfee = Downloader.a!bfb F-Secure = Trojan:W32/Ponmocup.A VIPRE = Trojan.Win32.Generic!BT F-Prot = W32/Ponmocup.A.gen!Eldorado AVG = Startpage.NQX Norman = W32/Obfuscated_L.DE Sophos = Mal/Ponmocup-A GData = Trojan.Generic.5741135 Symantec = Trojan.Gen Commtouch = W32/Ponmocup.A.gen!Eldorado TheHacker = Trojan/Pirminay.enq BitDefender = Trojan.Generic.5741135 NOD32 = Win32/Qhost.NRX
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2002:09:01 22:59:25-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 364544 Initialized Data Size : 335872 Uninitialized Data Size : 0 Entry Point : 0x5625f OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 4.82.28.56 Product Version Number : 4.82.28.56 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 6 Language Code : Neutral Character Set : Unicode Company Name : Broadcom Gzbvnflbper File Description : BCM 802.11g Network Adapter wireless driver File Version : 4.82.28.56 built by: WinDDK Internal Name : bcmwl6.sys Legal Copyright : 1998-2006, Broadcom Corporation All Rights Reserved. Original Filename : bcmwl6.sys Product Name : BCM 802.11g Network Adapter wireless driver Product Version : 4.82.28.56
VirusTotal Report submitted 2012-06-24 16:45:28
VirusShare info last updated 2012-07-26 14:06:35

	MD5	0405b62cc23883c46d51c2fd2d65bbba
	SHA1	76d0f072824c012f319cb5f62f3a06059501feeb
	SHA256	b9f7a4018969275b09ae120368f3f985f249d6a73cce5d9165dde3e7f3d851a0
SSDeep	1536:hCpmxjrSzRALnh132DvnxY1Hxft0F5oCE:hVuyb2DvnuBL0FWCE
Size	62464 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Virtumonde.bfjda Avast = Win32:Trojan-gen Antiy-AVL = Trojan/Win32.Virtumonde.gen Ikarus = Trojan.Win32.Virtumonde AhnLab-V3 = Trojan/Win32.Virtumonde Panda = Trj/CI.A nProtect = Trojan/W32.Virtumonde.62464.B K7AntiVirus = Riskware VirusBuster = Trojan.Virtumonde!3Jai6LDOSJk VBA32 = Trojan.Virtumonde.bfjd eTrust-Vet = Win32/Vundo.HTC TrendMicro-HouseCall = TROJ_SPNR.15L611 Emsisoft = Trojan.Win32.Virtumonde!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Virtumonde.bfjd SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[RE] McAfee-GW-Edition = Artemis!0405B62CC238 DrWeb = Trojan.Siggen3.25827 TrendMicro = TROJ_SPNR.15L611 Kaspersky = Trojan.Win32.Virtumonde.bfjd Microsoft = Trojan:Win32/Vundo.OT Fortinet = W32/Ponmocup.AA PCTools = Trojan.Gen Jiangmin = Trojan/Virtumonde.akp McAfee = Artemis!0405B62CC238 F-Secure = Gen:Variant.Graftor.3649 VIPRE = Virtumonde F-Prot = W32/Virtumonde.CS.gen!Eldorado AVG = Generic25.BZSB Norman = W32/Suspicious_Gen2.SRWQD Sophos = Mal/EncPk-ACF GData = Gen:Variant.Graftor.3649 Symantec = Trojan.Gen.2 Commtouch = W32/Virtumonde.CS.gen!Eldorado TheHacker = Trojan/Ponmocup.aa BitDefender = Gen:Variant.Graftor.3649 NOD32 = Win32/Ponmocup.AA
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:11:30 05:54:55-05:00 PE Type : PE32 Linker Version : 5.12 Code Size : 20480 Initialized Data Size : 49152 Uninitialized Data Size : 0 Entry Point : 0x141a OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2002.10.4.0 Product Version Number : 2002.10.4.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Feenwiu registration Company Name : Bnmhjwpqm Corporation File Description : OffFilt File Version : 2002, 10, 04, 0 Internal Name : OffFilt Legal Copyright : Copyright © 2002 Iyzxroawh Dwjnukubggd Legal Trademarks : Original Filename : OffFilt.dll Private Build : Product Name : Okspwgbbh Office IFilter Product Version : 2002, 10, 04, 0 Special Build :
VirusTotal Report submitted 2011-12-14 00:43:49
VirusShare info last updated 2012-07-26 14:17:35

	MD5	77f15f755806d4b8322e82ed228e786a
	SHA1	7aa7f8c206a53626e37e8a53c80988fa5762cc34
	SHA256	df79ff7492d1ae63c5d9a24bac869365110e14c219d70bcffbc0ed6a0952dd09
SSDeep	6144:9ZQZRahoLdDBPPPm0KNOhAjdS3z4QteeMDmonRVlJkkl:9Z5KDBHe0KeAjdS3z52tnRVPkkl
Size	245760 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = ADWARE/Adware.Gen Avast = Win32:Spyware-gen [Spy] Antiy-AVL = Trojan/Win32.Genome Ikarus = Trojan-Downloader.Win32.Ponmocup AhnLab-V3 = Trojan/Win32.Monder Panda = Suspicious file K7AntiVirus = Trojan VirusBuster = Trojan.Ponmocup!bMbnYY15WXs VBA32 = Trojan.Genome.zdic TrendMicro-HouseCall = TROJ_GEN.R1CC1KD Emsisoft = Trojan-Downloader.Win32.Ponmocup!IK Comodo = TrojWare.Win32.Trojan.Agent.Gen CAT-QuickHeal = TrojanDownloader.Ponmocup.a McAfee-GW-Edition = Generic.dx!bb3r DrWeb = Trojan.WinSpy.1014 TrendMicro = TROJ_GEN.R1CC1KD Kaspersky = Trojan.Win32.Genome.zdic Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Dx.BB3R!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.knvv McAfee = Generic.dx!bb3r F-Secure = Gen:Variant.Graftor.3421 VIPRE = Trojan.Win32.Generic!BT AVG = Downloader.Generic12.ZGQ Norman = W32/Suspicious_Gen2.SAXRP GData = Gen:Variant.Graftor.3421 Symantec = Trojan.Gen.2 TheHacker = Trojan/Ponmocup.aa BitDefender = Gen:Variant.Graftor.3421 NOD32 = Win32/Ponmocup.AA
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 8.0 Code Size : 245760 Initialized Data Size : 4096 Uninitialized Data Size : 36864 Entry Point : 0x450f0 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 0.3.1536.1 Product Version Number : 1.10.2.11 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : CANON INC. File Description : Canon Inkjet Printer Driver File Version : 1.10.2.11 (fbl_dox_dev_ihvs.081016-1807) Internal Name : CNBBRxxx.DLL Legal Copyright : Copyright CANON INC. 2008 All Rights Reserved Original Filename : CNBBRxxx.DLL Product Name : Canon Inkjet Printer Driver Product Version : 1.10.2.11
VirusTotal Report submitted 2012-03-21 19:38:38
VirusShare info last updated 2012-07-26 14:20:35

	MD5	136e61dae97e79065408d6c016a0a7d5
	SHA1	7e9dd8fa846870807e37c66e5fd02c89e54f5e55
	SHA256	2f314ed020041e4aa7b847e640e370cf890b143adefc3c80d982e256c5d6062d
SSDeep	1536:nIHjgQSqWyLQKC7oDR7d2YYtXjDwR1c+QOe2t:gSmgoDR7da+QOe2
Size	62464 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.XPACK.Gen Avast = Win32:Suprchu [Adw] Antiy-AVL = Trojan/Win32.Genome Ikarus = Win32.SuspectCrc AhnLab-V3 = Trojan/Win32.HDC Panda = Trj/CI.A nProtect = Gen:Variant.Graftor.1470 Emsisoft = Win32.SuspectCrc!IK SUPERAntiSpyware = Trojan.Agent/Gen-Faldesc[RE] McAfee-GW-Edition = Generic Malware.ms Fortinet = W32/Virtum.MS!tr PCTools = Trojan.Gen McAfee = Generic Malware.ms F-Secure = Gen:Variant.Graftor.1470 AVG = Generic25.SZM Sophos = Troj/Virtum-Gen Symantec = Trojan.Gen.2 GData = Gen:Variant.Graftor.1470 BitDefender = Gen:Variant.Graftor.1470 NOD32 = Win32/Ponmocup.AA
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 20480 Initialized Data Size : 49152 Uninitialized Data Size : 0 Entry Point : 0x140a OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Fkhughgvi Uzbpxnosjwl File Description : Fooalgq Wireless LAN 802.11 Utility DLL File Version : 6.0.6000.16386 (cfcuk_rtm.061101-2205) Internal Name : wlanutil.dll Legal Copyright : © Qufkmdrkz Kgwcmogvauu. All rights reserved. Original Filename : wlanutil.dll Product Name : Txjyqbilr® Pivwdrw® Rkvgzlave Zbovka Product Version : 6.0.6000.16386
VirusTotal Report submitted 2011-11-14 19:53:32
VirusShare info last updated 2012-07-26 14:23:31

	MD5	250072abe9389f1cfa48d2d8187e35aa
	SHA1	e891c6925a669580b812b66fc70eada2fedf4b14
	SHA256	7fc788e2c8962616657e3c7b45f7eaf1da8420d02b76ca5c90995ca2e7b64851
SSDeep	12288:nX0nbu2wFss5NdHHr1P0bcdNx3VpzvMf+NYTsgUy2BOyY:Ua2wFss5Ndnx04XVpDtFB4
Size	409649 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.ZPACK.Gen2 Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay Panda = Suspicious file nProtect = Trojan.Generic.4335451 K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_RENOS.BMC Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Artemis!250072ABE938 TrendMicro = TROJ_GEN.R11C2H4 Kaspersky = Trojan.Win32.Pirminay.arn Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Kryptik.ANL!tr PCTools = HeurEngine.MaliciousPacker Jiangmin = Trojan/Pirminay.bq McAfee = Artemis!250072ABE938 F-Secure = Trojan.Generic.4335451 VIPRE = Trojan-Dropper.Win32.Ponmocup.QHost F-Prot = W32/FakeAlert.LP.gen!Eldorado AVG = Crypt.VXR Norman = W32/Suspicious_Gen2.CVUXI GData = Trojan.Generic.4335451 Symantec = Packed.Generic.305 Commtouch = W32/FakeAlert.LP.gen!Eldorado TheHacker = Trojan/Injector.bet BitDefender = Trojan.Generic.4335451 NOD32 = a variant of Win32/Injector.BET
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:04:01 17:51:57-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 55296 Initialized Data Size : 701952 Uninitialized Data Size : 0 Entry Point : 0xe5bc OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7000.0 Product Version Number : 6.1.7000.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Windows Security Center ISV Proxy Stub File Version : 6.1.7000.0 (winmain_win7beta.081212-1400) Internal Name : wscproxystub.dll Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : wscproxystub.dll Product Name : Microsoft® Windows® Operating System Product Version : 6.1.7000.0
VirusTotal Report submitted 2012-06-25 00:58:51
VirusShare info last updated 2012-07-26 14:24:20

	MD5	3f0b3379a9373d88c8742948452a247c
	SHA1	810390b5616ae29fc0e1e3d657f19cd3f9a4dc7b
	SHA256	123c517ab3e1bd91a43ecff072347b01b251b0cfa3273bddc979189844ced115
SSDeep	1536:2Iz+O6kJ6APbFfnYSE4X0CqwI/SaZdfWgAF7k+gQdY7vBC:RyOHZpnVE20C2/jL6Yc
Size	80384 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/VB.Downloader.Gen Avast = Win32:Hosts-J [Trj] Ikarus = Trojan.Win32.Swisyn AhnLab-V3 = Trojan/Win32.Swisyn Panda = Trj/Qhost.LU Rising = Trojan.Win32.QHost.awf nProtect = Trojan/W32.Swisyn.80384.D K7AntiVirus = Trojan VirusBuster = Trojan.Swisyn!whPY1JLc4mw VBA32 = SScope.Trojan.VB.0609 eTrust-Vet = Win32/Swisyn.R TrendMicro-HouseCall = TROJ_FAM_00001e3.TOMA Comodo = TrojWare.Win32.Swisyn.C Emsisoft = Trojan.Win32.Swisyn!IK CAT-QuickHeal = TrojanDownloader.Ponmocup.A3 SUPERAntiSpyware = Trojan.Agent/Gen-Qhost McAfee-GW-Edition = Heuristic.BehavesLike.Win32.Downloader.D DrWeb = Trojan.Siggen.461 TrendMicro = TROJ_FAM_00001e3.TOMA Kaspersky = Trojan.Win32.Swisyn.jyb Microsoft = TrojanDownloader:Win32/Ponmocup.A ViRobot = Trojan.Win32.Swisyn.65024 Fortinet = W32/Swisyn.CQV!tr PCTools = Malware.Changeup Jiangmin = Trojan/Swisyn.cby McAfee = Swisyn.s ClamAV = Trojan.VB-43290 F-Secure = Trojan.Qhosts.AVO VIPRE = Trojan.Win32.Swisyn.jyb (v) eSafe = Win32.TRVB.Downloade F-Prot = W32/Swisyn.E.gen!Eldorado AVG = Dropper.VB.CMD Norman = W32/DLoader.ACMAD Sophos = Mal/Swisyn-D GData = Trojan.Qhosts.AVO Symantec = W32.Changeup!gen Commtouch = W32/Swisyn.E.gen!Eldorado TheHacker = Trojan/Swisyn.jyb BitDefender = Trojan.Qhosts.AVO NOD32 = Win32/Qhost.NRX
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:13 10:28:38-04:00 PE Type : PE32 Linker Version : 6.0 Code Size : 8192 Initialized Data Size : 8192 Uninitialized Data Size : 0 Entry Point : 0x1088 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-02-23 13:23:15
VirusShare info last updated 2012-07-26 14:25:15

	MD5	30bb4970f1c28f97cf363932580700a8
	SHA1	820d204d18eb3750a994ba477b8b8fd6ca0fadc8
	SHA256	7bde85beeddcc9436c65485a0efa5bd08e52178a38d93c05c2c992d56d239f6f
SSDeep	1536:ZjZx7Lb2sLnGYJtDd0fHrwkZIt0XY0Jt:1LF1tD4HUkq0XY0
Size	66048 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.XPACK.Gen Avast = Win32:Suprchu [Adw] Ikarus = Win32.SuspectCrc AhnLab-V3 = Trojan/Win32.HDC nProtect = Gen:Variant.Graftor.1470 Emsisoft = Win32.SuspectCrc!IK Fortinet = W32/Kryptik.TMS!tr PCTools = Trojan.Gen F-Secure = Gen:Variant.Graftor.1470 AVG = Generic25.SIY Sophos = Troj/Virtum-Gen GData = Gen:Variant.Graftor.1470 Symantec = Trojan.Gen.2 BitDefender = Gen:Variant.Graftor.1470 NOD32 = Win32/Ponmocup.AA
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 20480 Initialized Data Size : 53248 Uninitialized Data Size : 0 Entry Point : 0x1406 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.3.2900.2180 Product Version Number : 6.3.2900.2180 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Intel Oyszaauhfca File Description : Intel Procedural Textures File Version : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) Internal Name : PROCTEXE Legal Copyright : (C) 1997 Intel Hhcqprkxttd. All rights reserved Original Filename : PROCTEXE.OCX Product Name : Ijqfxunjr® Mmupsbg® Dmgfihrfx Trqcdh Product Version : 6.00.2900.2180
VirusTotal Report submitted 2011-11-10 19:59:21
VirusShare info last updated 2012-07-26 14:25:55

	MD5	8a0c2fac41358070fd86f120c2fc43ed
	SHA1	829e1c71dbf83ee9e2ae6148cc64b1f4dcb31e32
	SHA256	83db43aa543314e1e496fd7438d410cd641e1de36f55f898278727c967fb642a
SSDeep	768:iA9XbRSJL848kLCNRhqcZBGOCDjC0iLiBSY5AbS8KRJAZ6cDUjkSGg+:iURS5848kLmRhZIDjCHiBDCKY6cnSG
Size	61440 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.XPACK.Gen Avast = Win32:Suprchu [Adw] Ikarus = Win32.SuspectCrc AhnLab-V3 = Trojan/Win32.Sinowal Panda = Trj/CI.A nProtect = Gen:Variant.Graftor.1470 VirusBuster = Trojan.Kryptik!WeS3F+CiVCw TrendMicro-HouseCall = TROJ_GEN.R4FC8JR Emsisoft = Win32.SuspectCrc!IK CAT-QuickHeal = Trojan.Genome.wrcv McAfee-GW-Edition = Artemis!8A0C2FAC4135 TrendMicro = TROJ_GEN.R4FC8JR Kaspersky = Trojan.Win32.Genome.wrcv Fortinet = W32/Kryptik.TMS!tr PCTools = Trojan.Gen Jiangmin = DangerousObject.Multi.cwk McAfee = Artemis!8A0C2FAC4135 F-Secure = Gen:Variant.Graftor.1470 VIPRE = Trojan.Win32.Generic!BT AVG = Generic25.BPKD Norman = W32/Suspicious_Gen2.RNYGW Sophos = Troj/Virtum-Gen GData = Gen:Variant.Graftor.1470 Symantec = Trojan.Gen.2 BitDefender = Gen:Variant.Graftor.1470 NOD32 = Win32/Ponmocup.AA
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 20480 Initialized Data Size : 45056 Uninitialized Data Size : 0 Entry Point : 0x13e6 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 4.30.62.2 Product Version Number : 4.30.62.2 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Intel Rnhqsgsbvsi. File Description : Intel Indeo® Video Interactive Quick Compressor File Version : 4.30.62.02 Internal Name : ir41_qc Legal Copyright : Copyright© Intel Vvmszmpkimo 1994-1997 Legal Trademarks : Indeo® is a registered trademark of Intel Ictxniqvyfr Original Filename : ir41_qc.dll Product Name : Intel Indeo® Video Interactive Quick Compressor Product Version : 4.30.62.02
VirusTotal Report submitted 2011-12-02 10:43:11
VirusShare info last updated 2012-07-26 14:26:15

	MD5	ba6a1330c7f9d79b20756936ce25e29f
	SHA1	8658f3d07e71754e0613b3f96d6bd4e19b3a3df0
	SHA256	c49c5c2ca84899e7655c0763884f6ef59ed8eec8b4d3f1f77e95d7abb776453f
SSDeep	6144:rE16D38FFiAYK5g2K3aqd8/LK99g4+jyxkCuitN+eg6:V38FYAN5g2Oaq12uxNuONdr
Size	243712 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Graftor.3421.1 Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Jorik.gen Ikarus = Trojan-Downloader.Win32.Ponmocup AhnLab-V3 = Trojan/Win32.Jorik Panda = Trj/CI.A nProtect = Trojan/W32.Jorik.243712.D K7AntiVirus = Trojan VirusBuster = Trojan.Ponmocup!lGJTkqsZNdg VBA32 = Trojan.Jorik.Pirminay.avy TrendMicro-HouseCall = TROJ_SPNR.15L511 Comodo = UnclassifiedMalware Emsisoft = Trojan-Downloader.Win32.Ponmocup!IK CAT-QuickHeal = Trojan.Jorik.Pirminay.avy McAfee-GW-Edition = Generic.bfr!di DrWeb = Trojan.WinSpy.1014 ByteHero = Trojan.Win32.Heur.Gen TrendMicro = TROJ_SPNR.15L511 Kaspersky = Trojan.Win32.Jorik.Pirminay.avy Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Ponmocup.AA Jiangmin = Trojan/Generic.knvv McAfee = Generic.bfr!di F-Secure = Gen:Variant.Graftor.3421 VIPRE = Trojan.Win32.Generic!BT eSafe = Win32.TRGraftor AVG = Generic25.BTHJ Norman = W32/Obfuscated.L GData = Gen:Variant.Graftor.3421 Symantec = WS.Reputation.1 TheHacker = Trojan/Ponmocup.aa BitDefender = Gen:Variant.Graftor.3421 NOD32 = Win32/Ponmocup.AA
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:30 02:01:14-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 241664 Initialized Data Size : 4096 Uninitialized Data Size : 45056 Entry Point : 0x46670 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 0.3.1536.1 Product Version Number : 1.10.2.20 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : CANON INC. File Description : Canon Inkjet Printer Driver File Version : 1.10.2.20 (fbl_dox_dev_ihvs.090312-0520) Internal Name : CNBBRxxx.DLL Legal Copyright : Copyright CANON INC. 2008 All Rights Reserved Original Filename : CNBBRxxx.DLL Product Name : Canon Inkjet Printer Driver Product Version : 1.10.2.20
VirusTotal Report submitted 2011-12-12 02:55:24
VirusShare info last updated 2012-07-26 14:28:48

	MD5	fa2155a96461ffff9b571fa2a31a371f
	SHA1	8e6bcd518b09d2248bd400261d820e500934cbb0
	SHA256	a153211d037a4a97b9d2b98971cf371c1a2ec26c775221787335fe2dbb7fc309
SSDeep	6144:L6B3krEIfXV8p8nFAf6rRqz7lr3HmvPfiDf:L6B3kPD/qzR3HOPfi
Size	335360 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.XPACK.Gen Avast = Win32:Malware-gen Ikarus = Trojan-Downloader.Win32.Ponmocup AhnLab-V3 = Downloader/Win32.Agent nProtect = Gen:Variant.Graftor.3065 VirusBuster = Trojan.Kryptik!Cim1hZUs1Us TrendMicro-HouseCall = TROJ_GEN.R3EC7K8 Emsisoft = Trojan-Downloader.Win32.Ponmocup!IK Comodo = Packed.Win32.MUPX.Gen SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[RE] McAfee-GW-Edition = Generic Dropper!1e3 DrWeb = Trojan.Winlock.4496 TrendMicro = TROJ_GEN.R3EC7K8 Microsoft = Trojan:Win32/Meredrop PCTools = Trojan.Gen Jiangmin = Trojan/Jorik.rzr McAfee = Generic Dropper!1e3 F-Secure = Gen:Variant.Graftor.3065 VIPRE = Trojan.Win32.Generic!BT AVG = Generic25.BKZV Norman = W32/Suspicious_Gen2.RWPZJ GData = Gen:Variant.Graftor.3065 Symantec = Trojan.Gen.2 BitDefender = Gen:Variant.Graftor.3065 NOD32 = probably a variant of Win32/Kryptik.UEO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:24 13:07:20-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 270336 Initialized Data Size : 20480 Uninitialized Data Size : 49152 Entry Point : 0x155b OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1.0.13.0 Product Version Number : 1.0.13.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 1 Language Code : Danish Character Set : Unicode Comments : Company Name : Sjokoqafc Bylciaaxipq File Description : Lexmark Z51 Color Jetprinter File Version : 1, 0, 13, 0 Internal Name : LXROSRES.DLL Legal Copyright : Copyright (C) Ywrgabexh Corp. 1981-1997 Legal Trademarks : Original Filename : OEMRES Private Build : Product Name : Shcddnxod(R) Dlqmtjo NT(R) Operativsystem Product Version : 1, 0, 13, 0 Special Build :
VirusTotal Report submitted 2011-11-11 01:14:48
VirusShare info last updated 2012-07-26 14:34:11

	MD5	a3542a5f3bef98cd26629d36e033b5a1
	SHA1	fa71c40b75bb15106f243da8652af2f076e03439
	SHA256	8e868aef83f92383a9085ddc62aa78600206a919b193dccd2989e5a7bfab1aa1
SSDeep	6144:jnbSUzO/zlrDqNKfbw/dHk3SVevMfRryihYhLr7:DbE/zVwKjWHk4e5ihYt7
Size	340393 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:Kryptik-BZC [Trj] Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Gen.Variant.Vundo AhnLab-V3 = Trojan/Win32.Pirminay Panda = Suspicious file nProtect = Trojan.Generic.5837301 K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_GEN.R11C2FI Comodo = TrojWare.Win32.Trojan.Agent.Gen Emsisoft = Gen.Variant.Vundo!IK CAT-QuickHeal = Trojan.Pirminay.kqv McAfee-GW-Edition = Artemis!A3542A5F3BEF DrWeb = Trojan.DownLoader5.1717 TrendMicro = TROJ_GEN.R11C2FI Kaspersky = Trojan.Win32.Pirminay.kqv Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.wh McAfee = Artemis!A3542A5F3BEF F-Secure = Trojan.Generic.5837301 VIPRE = Trojan.Win32.Generic!BT AVG = Generic22.WAJ Norman = W32/Obfuscated.L Sophos = Troj/Virtum-Gen GData = Trojan.Generic.5837301 Symantec = Trojan.Gen TheHacker = Trojan/Pirminay.gft BitDefender = Trojan.Generic.5837301 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:05:23 16:39:35-04:00 PE Type : PE32 Linker Version : 5.12 Code Size : 53248 Initialized Data Size : 569344 Uninitialized Data Size : 0 Entry Point : 0x9e63 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1.0.0.1 Product Version Number : 1.0.0.1 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Windows, Latin1 Company Name : Gvgfootuy File Description : RPC NDF Helper Class File Version : 1.0.0.1 Internal Name : rpcndfP.dll Legal Copyright : (c) Microsoft. All rights reserved. Original Filename : rpcndfP.dll Product Name : RPC NDF Helper Class Product Version : 1.0.0.1
VirusTotal Report submitted 2012-06-25 07:12:09
VirusShare info last updated 2012-07-26 14:34:16

	MD5	05024a5adde33c49c5314506d6f18ed4
	SHA1	96fd628caafa8d680f9c1ba5f686018799545c40
	SHA256	369e5ac287685427dc5a1db66348127d39e2fb35fc4d13226fc15b6f46e2db34
SSDeep	6144:BGow5TI25teoXej7w23yb3msGUfJ43EE+i+Fzdd:Y1juiejqb3fGUfJVEiX
Size	247290 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Gendal.6393477 Avast = Win32:Downloader-JDZ [Trj] Antiy-AVL = Trojan/Win32.Jorik Ikarus = Trojan.Win32.Jorik AhnLab-V3 = Trojan/Win32.Jorik Panda = Trj/Genetic.gen nProtect = Gen:Variant.Graftor.262 K7AntiVirus = Riskware VirusBuster = Trojan.Injector!r1Tot8G7Pd0 VBA32 = TrojanDownloader.Qhost.jw TrendMicro-HouseCall = TROJ_GEN.R30C8J3 Emsisoft = Trojan.Win32.Jorik!IK Comodo = UnclassifiedMalware CAT-QuickHeal = TrojanDownloader.Ponmocup.a SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.DownLoader5.1619 ByteHero = Trojan.Win32.Heur.Gen TrendMicro = TROJ_GEN.R30C8J3 Kaspersky = Trojan.Win32.Jorik.Pirminay.ajr Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Jorik.K!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.hxys McAfee = Generic Malware.ms F-Secure = Trojan.Generic.6393477 VIPRE = Trojan.Win32.Generic!BT AVG = Dropper.Generic4.TIL Norman = W32/Obfuscated.L Sophos = Troj/Virtum-Gen GData = Trojan.Generic.6393477 Symantec = WS.Reputation.1 TheHacker = Trojan/Jorik.Pirminay.lt BitDefender = Trojan.Generic.6393477 NOD32 = a variant of Win32/Injector.HZU
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 241664 Initialized Data Size : 8192 Uninitialized Data Size : 28672 Entry Point : 0x421f0 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Atdrtupku Cykchlnuhhu File Description : SCardDlg - Smart Card Common Dialog File Version : 5.1.2600.0 (lzxetkox.010817-1148) Internal Name : SCardDlg.dll Legal Copyright : © Xdvkdwplm Lthztkvuilh. All rights reserved. Original Filename : SCardDlg.dll Product Name : Cpscxhoyh® Uqltgvo® Tncqthbhx Jrypnh Product Version : 5.1.2600.0
VirusTotal Report submitted 2011-11-02 19:50:26
VirusShare info last updated 2012-07-26 14:39:35

	MD5	0d662e9e23021bb114efcdd4de0bbb56
	SHA1	60540004bdf444c4c18778d92f5f51d02479f2be
	SHA256	9a8f8abcc46823f6fe901b898076395f1b72686f6f590918eb8e27c5ee5dce71
SSDeep	6144:Ug6UZ/XtCjb53LIT1jx1KgVjJGu96+tnqGaVMiEouzwa:U/Yvm3OjxkgVlVthwu5
Size	315302 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.XPACK.Gen Avast = Win32:Pirminay-H [Trj] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Suspicious file K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_GEN.R4FC2CE Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Pirminay.nep McAfee-GW-Edition = Downloader-CEW.ag TrendMicro = TROJ_GEN.R4FC2CE Kaspersky = Trojan.Win32.Pirminay.nep Microsoft = TrojanDownloader:Win32/Renos.KC Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.ADH Jiangmin = Trojan/Pirminay.kt McAfee = Downloader-CEW.ag F-Secure = Gen:Variant.Zbot.34 VIPRE = Trojan.Win32.Generic!BT AVG = Generic21.KCC Norman = W32/Kryptik.AIF Sophos = Mal/Ponmocup-A GData = Gen:Variant.Zbot.34 Symantec = Trojan.ADH.2 TheHacker = Trojan/Kryptik.jzc BitDefender = Gen:Variant.Zbot.34 NOD32 = a variant of Win32/Kryptik.JZC
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2002:12:17 15:44:00-05:00 PE Type : PE32 Linker Version : 5.12 Code Size : 28672 Initialized Data Size : 565248 Uninitialized Data Size : 0 Entry Point : 0x78b6 OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : Debug File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Session Disconnection Utility File Version : 5.1.2600.0 (xpclient.010817-1148) Internal Name : tsdiscon Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : tsdiscon.exe Product Name : Microsoft® Windows® Operating System Product Version : 5.1.2600.0
VirusTotal Report submitted 2012-06-25 12:39:02
VirusShare info last updated 2012-07-26 14:41:50

	MD5	598062e0c2ae5e122cc38de246da4ec6
	SHA1	11db793debbed78e6149042fb4feb426437f268b
	SHA256	a7e6041ae9d71dfb50a796becde25752be8e1bac71a16f9a0a0e7cc2eab182a1
SSDeep	6144:qX2qH3IWRbEfHgUPvP1aiE/bzf3dz9DwMkKG:0bR4fRPxEX3dZm
Size	290183 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.ZPACK.Gen2 Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Suspicious file K7AntiVirus = Riskware VBA32 = Trojan.Pirminay.awj TrendMicro-HouseCall = TROJ_GEN.R3BCRCN Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Pirminay.cpg McAfee-GW-Edition = Kryp.b DrWeb = Trojan.Hosts.5202 TrendMicro = TROJ_GEN.R3BCRCN Kaspersky = Trojan.Win32.Pirminay.cpg Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Kryptik.ANL!tr PCTools = HeurEngine.MaliciousPacker Jiangmin = Trojan/Pirminay.fn McAfee = Kryp.b F-Secure = Gen:Variant.Vundo.6 VIPRE = Trojan.Win32.Generic!BT F-Prot = W32/FakeAlert.LP.gen!Eldorado AVG = Generic20.BJVS Norman = W32/Kryptik.AIF GData = Gen:Variant.Vundo.6 Symantec = Packed.Generic.305 Commtouch = W32/FakeAlert.LP.gen!Eldorado TheHacker = Trojan/Pirminay.awi BitDefender = Gen:Variant.Vundo.6 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2007:02:09 13:18:38-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 29696 Initialized Data Size : 515072 Uninitialized Data Size : 0 Entry Point : 0x803c OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.3.3790.3959 Product Version Number : 5.3.3790.3959 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : Neutral Character Set : Unicode Company Name : Microsoft Corporation File Description : WDM CODEC Class Device Driver 2.0 File Version : 5.3.3790.3959 (srv03_sp2_rtm.070216-1710) Internal Name : stream.sys Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : stream.sys Product Name : Microsoft(R) Windows(R) Operating System Product Version : 5.3.3790.3959
VirusTotal Report submitted 2012-06-25 18:25:36
VirusShare info last updated 2012-07-26 14:49:44

	MD5	6074f663844e212b6d15ebc51fd40d88
	SHA1	a8d2e02fd3827728b3e6a99f64f0811c4eba204c
	SHA256	d7b606924317080bafe410a3ca0987d5e90b847c45c1b1e69a91d06b0025c8a0
SSDeep	3072:NxblNeWs048qQXzIkia1FUHonR9ffh2AOqqafcCF5acFljfVnqyoznTEkVbwwrcE:NMuIn2FUH4fkqqafcijBqzzoUHrczoR
Size	236544 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Jorik.Pirminay.agx.1 Avast = Win32:Malware-gen Ikarus = Trojan-Downloader.Win32.Ponmocup AhnLab-V3 = Trojan/Win32.Pirminay Panda = Suspicious file Comodo = TrojWare.Win32.Trojan.Agent.Gen Emsisoft = Trojan-Downloader.Win32.Ponmocup!IK DrWeb = Trojan.DownLoader4.62803 ByteHero = Trojan.Win32.Heur.Gen Kaspersky = Trojan.Win32.Jorik.Pirminay.agx PCTools = Trojan.Gen Jiangmin = Trojan/Generic.kfzm VIPRE = Trojan.Win32.Generic!BT AVG = Generic25.GRN Norman = W32/Obfuscated.L GData = Win32:Malware-gen Symantec = Trojan.Gen
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 16384 Initialized Data Size : 225280 Uninitialized Data Size : 0 Entry Point : 0x128a OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.0 Product Version Number : 5.2.3790.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Njdudffvd Jyvenoelyaw File Description : Keyring Manager Application File Version : 5.2.3790.0 (srv03_rtm.030324-2048) Internal Name : keymgr.cpl Legal Copyright : © Fqiychnra Rmblnqxcpuq. All rights reserved. Original Filename : keymgr.cpl Product Name : Ujthbhwpu® Guluxzj® Vdcajnoha Psvvtr Product Version : 5.2.3790.0
VirusTotal Report submitted 2011-10-02 22:23:25
VirusShare info last updated 2012-07-26 14:50:23

	MD5	ac809e3018164483efb832c1d1f337c1
	SHA1	a996d227cb3bbd327c773b67828898785781388b
	SHA256	ad759863a46dc68bbf8bd278b1ea1294838ab36fb864484489b187f1de110cc9
SSDeep	6144:7WJkHKzZt4rkwIIltQwajrtfb2krFW82SkHFFc+R791:7ykHC34oIjujrtBFW8vklFc+Z91
Size	249825 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Jorik AhnLab-V3 = Trojan/Win32.Jorik Panda = Trj/CI.A nProtect = Gen:Variant.Downloader.10 VirusBuster = Trojan.Injector!/9uGV7FvZSQ VBA32 = TrojanDownloader.CodecPack.sjt TrendMicro-HouseCall = TROJ_GEN.R4FC8JK Emsisoft = Trojan.Win32.Jorik!IK McAfee-GW-Edition = Artemis!AC809E301816 DrWeb = Trojan.DownLoader5.13524 ByteHero = Trojan.Win32.Heur.Gen TrendMicro = TROJ_GEN.R4FC8JK Kaspersky = Trojan.Win32.Jorik.Pirminay.atf Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Jorik.K!tr PCTools = Trojan.ADH Jiangmin = Trojan/Generic.hxys McAfee = Artemis!AC809E301816 F-Secure = Gen:Variant.Downloader.10 VIPRE = Trojan.Win32.Generic!BT AVG = Dropper.Generic4.ABKX Norman = W32/Kryptik.ALS Sophos = Troj/Virtum-Gen GData = Gen:Variant.Downloader.10 Symantec = Trojan.ADH.2 BitDefender = Gen:Variant.Downloader.10 NOD32 = a variant of Win32/Injector.HZU
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 249856 Initialized Data Size : 4096 Uninitialized Data Size : 45056 Entry Point : 0x47f10 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 0.3.1536.1 Product Version Number : 1.10.2.11 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : CANON INC. File Description : Canon Inkjet Printer Driver File Version : 1.10.2.11 (fbl_dox_dev_ihvs.081016-1807) Internal Name : CNBBRxxx.DLL Legal Copyright : Copyright CANON INC. 2008 All Rights Reserved Original Filename : CNBBRxxx.DLL Product Name : Canon Inkjet Printer Driver Product Version : 1.10.2.11
VirusTotal Report submitted 2011-11-25 03:15:07
VirusShare info last updated 2012-07-26 14:50:51

	MD5	cb882c8363bc97c619320a0f71e9f49f
	SHA1	af16e26897870331d62887d0f4df7877c566b5d5
	SHA256	aff7bf2098dd87e5d87e980e5c4cea855b7d90cd3153d26f7238f27d296003bd
SSDeep	6144:6dSZefLlee9XwXAMNXSaea9C6WfMGlnGiSHJjK4Q4SEkppiAtRq7YKOdx:5efx19UTNXFbCNtqHB1/Ep9WOdx
Size	341439 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.6.18 Avast = Win32:Pirminay-H [Trj] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Swisyn.341439 Panda = Suspicious file K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_DLOADR.SMWQ Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Downloader-CEW.ag DrWeb = Trojan.Virtumod.10783 TrendMicro = TROJ_DLOADR.SMWQ Kaspersky = Trojan.Win32.Pirminay.dgb Microsoft = TrojanDownloader:Win32/Renos.KC Fortinet = W32/Kryptik.ANL!tr PCTools = HeurEngine.MaliciousPacker McAfee = Downloader-CEW.ag F-Secure = Gen:Variant.Vundo.11 VIPRE = Trojan.Win32.Generic!BT F-Prot = W32/MalwareF.XYQV AVG = Generic21.LSI Norman = W32/Kryptik.AIF Sophos = Mal/Ponmocup-A GData = Gen:Variant.Vundo.11 Symantec = Packed.Generic.305 Commtouch = W32/MalwareF.XYQV BitDefender = Gen:Variant.Vundo.11 NOD32 = a variant of Win32/Kryptik.JZC
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:07:29 14:22:14-04:00 PE Type : PE32 Linker Version : 5.12 Code Size : 57344 Initialized Data Size : 561152 Uninitialized Data Size : 0 Entry Point : 0xe820 OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.0.2195.6703 Product Version Number : 5.0.2195.6703 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Version Reporter Applet File Version : 5.00.2195.6703 Internal Name : winver Legal Copyright : Copyright (C) Microsoft Corp. 1981-1999 Original Filename : WINVER.EXE Product Name : Microsoft(R) Windows (R) 2000 Operating System Product Version : 5.00.2195.6703
VirusTotal Report submitted 2012-06-25 21:54:00
VirusShare info last updated 2012-07-26 14:55:15

	MD5	7e30cd8e0461444b3a69f8fa91206d9d
	SHA1	3c2efc750843e7dd3ab0055ef5cffaed0219d326
	SHA256	b05476beffcaecb184f27ef6484c037ea50096ad1c429a74a2cae32508e6d165
SSDeep	6144:Syqyg0ntYKLvwi5AzujVhIyA85ORl7SBPuOBe7b:vqMtzLYAcujoyj8LSUF7b
Size	250221 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:Malware-gen Antiy-AVL = Trojan/win32.agent.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Agent.250221 nProtect = Trojan.Generic.4296753 K7AntiVirus = Trojan-Downloader VirusBuster = Trojan.DL.Agent!atzNuloO7XQ VBA32 = Win32.TrojanDownloader.Agent.PXO TrendMicro-HouseCall = TROJ_GEN.R21C2GH Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Artemis!7E30CD8E0461 DrWeb = Trojan.MulDrop1.24583 TrendMicro = TROJ_GEN.R21C2GH Kaspersky = Trojan.Win32.Agent.eglr Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = TrojanDropper.Agent.ajqi McAfee = Artemis!7E30CD8E0461 F-Secure = Trojan.Generic.4296753 VIPRE = Trojan.Win32.Generic!BT F-Prot = W32/TrojanX.ESBM AVG = SHeur3.AAYQ Norman = W32/Suspicious_Gen2.CDGRL Sophos = Mal/Generic-L GData = Trojan.Generic.4296753 Symantec = Trojan.Gen Commtouch = W32/TrojanX.ESBM BitDefender = Trojan.Generic.4296753 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:12 13:55:09-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 225280 Initialized Data Size : 28672 Uninitialized Data Size : 319488 Entry Point : 0x85180 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-06-25 22:15:10
VirusShare info last updated 2012-07-26 14:55:36

	MD5	aa0da7c40c5e0d1ced1d9b908cf110af
	SHA1	b7c75ea2856c6483225da94bae95fc90c65d7ba5
	SHA256	c891f2f93d3a16b8270c6b6252ad8cf658c016656b69ef8eeb0b6562adad6a98
SSDeep	12288:sKDfYmDl9zpWlXkVpUju3P5rXro6VnTDH:sufYiE8Uj8BrXrdnTD
Size	494080 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dldr.Renos.KC.30 Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/Hosts.BY nProtect = Trojan/W32.Pirminay.494080 K7AntiVirus = Riskware VBA32 = Trojan.Pirminay.ese eTrust-Vet = Win32/Renos.CNJ TrendMicro-HouseCall = TROJ_GEN.R4FC1IG Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Kryp.b DrWeb = Trojan.Hosts.2485 TrendMicro = TROJ_GEN.R4FC1IG Kaspersky = Trojan.Win32.Pirminay.bca Microsoft = TrojanDownloader:Win32/Renos.KC Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.ys McAfee = Kryp.b ClamAV = Trojan.Agent-183138 F-Secure = Trojan.Generic.KDV.89400 VIPRE = Trojan.Win32.Generic!BT F-Prot = W32/FakeAlert.LP.gen!Eldorado AVG = Downloader.Generic10.BBWX Norman = W32/Obfuscated.L Sophos = Mal/Ponmocup-A GData = Trojan.Generic.KDV.89400 Symantec = Trojan.Gen Commtouch = W32/FakeAlert.LP.gen!Eldorado TheHacker = Trojan/Pirminay.bca BitDefender = Trojan.Generic.KDV.89400 NOD32 = probably a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:04 11:48:50-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 165376 Initialized Data Size : 645632 Uninitialized Data Size : 0 Entry Point : 0x29172 OS Version : 4.0 Image Version : 21315.20512 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 4.0.1381.1 Product Version Number : 4.0.1381.1 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : OpenGL Utility Library DLL File Version : 4.00 Internal Name : glu32 Legal Copyright : Copyright (C) Microsoft Corp. 1981-1996 Original Filename : glu32 Product Name : Microsoft(R) Windows NT(TM) Operating System Product Version : 4.00
VirusTotal Report submitted 2011-10-21 02:41:04
VirusShare info last updated 2012-07-26 15:00:13

	MD5	2399db642b037da91728b13282926935
	SHA1	06cabe6fd787427c0d501cf7127bbc9989309425
	SHA256	b9ef6eb37692b7963c417fba680fea0f25bfb8ca2604409d6d810d9c218de8c2
SSDeep	6144:eZf8VYKeIuxeHrXDEgN2Smb5rguzLs+X0akNGvhK:eZaYKkIzYzfxDbK
Size	301440 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.XPACK.Gen Avast = Win32:Pirminay-H [Trj] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Suspicious file K7AntiVirus = Riskware VBA32 = Trojan.Pirminay.dtz TrendMicro-HouseCall = TROJ_DLOADR.SMWQ Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Downloader-CEW.ag TrendMicro = TROJ_DLOADR.SMWQ Kaspersky = Trojan.Win32.Pirminay.dty Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Kryptik.ANL!tr PCTools = HeurEngine.MaliciousPacker Jiangmin = Trojan/Pirminay.aox McAfee = Downloader-CEW.ag F-Secure = Gen:Variant.Vundo.11 VIPRE = Trojan.Win32.Generic!BT AVG = Generic22.BHYC Norman = W32/Obfuscated.L Sophos = Mal/Ponmocup-A Symantec = Packed.Generic.305 GData = Gen:Variant.Vundo.11 BitDefender = Gen:Variant.Vundo.11 NOD32 = a variant of Win32/Kryptik.SWI
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:05:02 01:03:29-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 20480 Initialized Data Size : 565248 Uninitialized Data Size : 0 Entry Point : 0x50a0 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1.7.6001.0 Product Version Number : 1.7.6001.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : Neutral Character Set : Unicode Company Name : Microsoft Corporation File Description : WDFLDR File Version : 1.7.6001.0 (longhorn_rtm.080118-1840) Internal Name : wdfldr.sys Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : wdfldr.sys Product Name : Microsoft® Windows® Operating System Product Version : 1.7.6001.0
VirusTotal Report submitted 2012-06-26 02:44:00
VirusShare info last updated 2012-07-26 15:01:27

	MD5	f53a36bf8006c4465ba7af510ee69272
	SHA1	2f8f3615b0e571e34e5c6818763373d0ed936d7c
	SHA256	bdda1772feda28b9caf7eeea66428a75d4b6e2463ba4453edaff68639921757b
SSDeep	6144:ULixO3ott7g08Q1GD4p3DesKOLnieivd1dXETsA6UpK1VX5X0:KGvJUD8zesKQTSAhp+10
Size	336347 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dldr.Ponmocup.A.57 Avast = Win32:Trojan-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Gen Panda = Suspicious file K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_DLOADR.SMWQ Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Pirminay.kml McAfee-GW-Edition = Downloader-CEW.ag TrendMicro = TROJ_DLOADR.SMWQ Kaspersky = Trojan.Win32.Pirminay.kml Microsoft = TrojanDownloader:Win32/Renos.KC Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.akm McAfee = Downloader-CEW.ag F-Secure = Gen:Variant.Vundo.11 VIPRE = Trojan.Win32.Generic!BT AVG = Generic23.BILK Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.11 Symantec = Trojan.Gen TheHacker = Trojan/Pirminay.dhi BitDefender = Gen:Variant.Vundo.11 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:08:08 02:54:19-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 20480 Initialized Data Size : 610304 Uninitialized Data Size : 0 Entry Point : 0x54e8 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7000.0 Product Version Number : 6.1.7000.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : 802.3 Netsh Helper File Version : 6.1.7000.0 (winmain_win7beta.081212-1400) Internal Name : dot3cfg.dll Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : dot3cfg.dll Product Name : Microsoft® Windows® Operating System Product Version : 6.1.7000.0
VirusTotal Report submitted 2012-06-26 04:29:10
VirusShare info last updated 2012-07-26 15:03:54

	MD5	4d5afaa56cc02d782e538e423a8089b4
	SHA1	aae8cef1bd4babbe13bf73798993f9f3f9037d83
	SHA256	bfb4ddcf8d388df1a5b113f9f52a651e5e3e293a125a300d88f740790467a8bf
SSDeep	6144:IaYFkBua+ghK19dHgHl/CCdJmxqZsVsK7Nv+D5EZpROfnBH:nYKu3fpHgFCpxqqVBh+SdOfp
Size	300450 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.XPACK.Gen3 Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Xema.300450 Panda = Suspicious file nProtect = Trojan.Generic.5730552 K7AntiVirus = Backdoor VBA32 = SScope.Trojan.Pirminay.chc TrendMicro-HouseCall = TROJ_DLOADR.SMWQ Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Downloader-CEW.ag DrWeb = Trojan.MulDrop1.63795 TrendMicro = TROJ_DLOADR.SMWQ Kaspersky = Trojan.Win32.Pirminay.dac Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.it McAfee = Downloader-CEW.ag F-Secure = Trojan.Generic.5730552 VIPRE = Trojan.Win32.Generic!BT F-Prot = W32/Backdoor2.HIMT AVG = Generic20.CGVN Norman = W32/Suspicious_Gen2.ILTWR Sophos = Mal/Ponmocup-A GData = Trojan.Generic.5730552 Symantec = Trojan.Gen Commtouch = W32/Backdoor2.HIMT TheHacker = Trojan/Pirminay.fnd BitDefender = Trojan.Generic.5730552 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:05:30 22:18:49-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 290816 Initialized Data Size : 278528 Uninitialized Data Size : 0 Entry Point : 0x47b32 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.6.6000.16386 Product Version Number : 6.6.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : Neutral Character Set : Unicode Company Name : Microsoft Corporation File Description : Microsoft Network Provider for MPEG2 based networks. File Version : 6.6.6000.16386 (vista_rtm.061101-2205) Internal Name : msdvbnp.ax Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : msdvbnp.ax Product Name : Microsoft® Windows® Operating System Product Version : 6.6.6000.16386 Ole Self Register :
VirusTotal Report submitted 2012-06-26 05:44:29
VirusShare info last updated 2012-07-26 15:05:01

	MD5	304aa02ff24bf686cfd87c5eefebb002
	SHA1	c1c74b405a141656b9fde9b14e4e22155cb99bc2
	SHA256	ebaa29ad44f5d5c5056991c13848d739dac15c9a8eacc4fcbceee56642431f0f
SSDeep	12288:Cm8Y3+6RNde6ZFyqOcfvnuSSBWs1LPyKYqlZT2V3:KyRHFZFyNcffzKYqlZT2h
Size	426449 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.XPACK.Gen3 Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Swisyn.426449 Panda = Suspicious file nProtect = Trojan.Generic.KDV.160598 K7AntiVirus = Trojan VirusBuster = Trojan.Agent!TebOYmPOY50 VBA32 = Trojan.Pirminay.edx TrendMicro-HouseCall = TROJ_RENOS.BMC Emsisoft = Trojan.Win32.Pirminay!IK Comodo = TrojWare.Win32.Trojan.Agent.Gen McAfee-GW-Edition = Generic Malware.ed!pec DrWeb = Trojan.MulDrop2.8622 TrendMicro = TROJ_RENOS.BMC Kaspersky = Trojan.Win32.Pirminay.edx Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = PossibleThreat PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.oo McAfee = Generic Malware.ed!pec F-Secure = Trojan.Generic.KDV.160598 VIPRE = Trojan.Win32.Generic!BT AVG = Generic21.AXQF Norman = W32/Obfuscated.L Sophos = Troj/Virtum-Gen GData = Trojan.Generic.KDV.160598 Symantec = Trojan.Gen TheHacker = Trojan/Pirminay.efl BitDefender = Trojan.Generic.KDV.160598 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:08:20 14:57:36-04:00 PE Type : PE32 Linker Version : 6.0 Code Size : 405504 Initialized Data Size : 344064 Uninitialized Data Size : 0 Entry Point : 0x602fb OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Bswjksypd Okxtvfrycoe File Description : Visioneer Flatbed Scanner Still Image Device Micro Driver DLL File Version : 5.1.2600.0 (XPClient.010817-1148) Internal Name : PMXMCRO Legal Copyright : © Tsvyirjtc Rrvbjkqzxfe. All rights reserved. Original Filename : PMXMCRO.DLL Product Name : Juveowetj® Ycevujv® Vvuqiygbz Kwttqb Product Version : 5.1.2600.0
VirusTotal Report submitted 2012-02-24 15:38:09
VirusShare info last updated 2012-07-26 15:08:12

	MD5	7b716a18612320ec05be2eb29aa7716c
	SHA1	47be50c498834fbce5874741b7e1a4fecfb519da
	SHA256	c326da03d49625d5beb550be8a4aca4dc2ba662e224773a7495b4ea87c97dc24
SSDeep	384:mNMn4o+A/u2IuvdcUGRMnfLrN2qLn93wCjxQ9lBxOQjcCNY5UzD8PNUwBqSqrFDt:mOnfu2vdxGWtX5FjyPxNrNYKiX/u
Size	35603 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Spy.Gen Avast = Win32:Pirminay-EE [Trj] Antiy-AVL = AdWare/Win32.SuperJuan Ikarus = not-a-virus:AdWare.Win32.SuperJuan AhnLab-V3 = Trojan/Win32.Variant Panda = Suspicious file K7AntiVirus = Adware VirusBuster = Adware.SuperJuan!c+1QrfzPQ7o VBA32 = AdWare.SuperJuan.abyw TrendMicro-HouseCall = TROJ_GEN.R3ACDED Comodo = UnclassifiedMalware Emsisoft = Riskware.AdWare.Win32.SuperJuan!IK McAfee-GW-Edition = Generic PUP.x!bcl DrWeb = Trojan.WinSpy.1558 TrendMicro = TROJ_GEN.R3ACDED Kaspersky = not-a-virus:AdWare.Win32.SuperJuan.abyw Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = Adware/SuperJuan Jiangmin = Adware/SuperJuan.hk McAfee = Generic PUP.x!bcl F-Secure = Gen:Variant.Vundo.10 VIPRE = Virtumonde AVG = Generic5.DCG Norman = W32/Troj_Generic.BKBCE GData = Gen:Variant.Vundo.10 BitDefender = Gen:Variant.Vundo.10 NOD32 = a variant of Win32/Ponmocup.AA
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 8704 Initialized Data Size : 23552 Uninitialized Data Size : 0 Entry Point : 0x303a OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-06-26 07:59:36
VirusShare info last updated 2012-07-26 15:09:58

	MD5	d48f6f904f0824a656aecbc0fa301b36
	SHA1	d322ac5ab83e99dc8de914e856f75891339616e8
	SHA256	ca3d1ffa3f7d31b433e0f573259b3175972ef2fa037db3b91a0db4f6e906039d
SSDeep	6144:+aj3A5G0ZBqDLh4DUktcVbC7xF7rjZSGriXqyMPQi/XDrhi87f76Q2lCZ/:dbCG0XsLsUk8kxjZXrGMPQi/Xvc6rZ/
Size	306078 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dldr.Ponmocup.A.89 Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Generic Malware nProtect = Trojan.Generic.4126990 K7AntiVirus = Riskware VBA32 = Trojan.Pirmidrop.k TrendMicro-HouseCall = TROJ_GEN.R3BCRA8 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Artemis!D48F6F904F08 DrWeb = Trojan.Hosts.5937 TrendMicro = TROJ_GEN.R3BCRA8 Kaspersky = Trojan.Win32.Pirminay.adp Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Kryptik.ANL!tr PCTools = HeurEngine.MaliciousPacker Jiangmin = Trojan/Agent.dvhx McAfee = Artemis!D48F6F904F08 F-Secure = Trojan.Generic.4126990 VIPRE = Packed.Win32.Pirminay.a (v) F-Prot = W32/FakeAlert.LP.gen!Eldorado AVG = SHeur3.WDG Norman = W32/Suspicious_Gen2.BTEBN GData = Trojan.Generic.4126990 Symantec = Packed.Generic.305 Commtouch = W32/FakeAlert.LP.gen!Eldorado TheHacker = Trojan/Injector.blv BitDefender = Trojan.Generic.4126990 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:09:15 14:27:16-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 4096 Initialized Data Size : 600064 Uninitialized Data Size : 0 Entry Point : 0x1dd6 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.3.3790.1830 Product Version Number : 5.3.3790.1830 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Microsoft DirectPlay Voice ACM Provider File Version : 5.3.3790.1830 (srv03_sp1_rtm.050324-1447) Internal Name : dpvacm.dll Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : dpvacm.dll Product Name : Microsoft(R) Windows(R) Operating System Product Version : 5.3.3790.1830
VirusTotal Report submitted 2012-06-26 11:27:02
VirusShare info last updated 2012-07-26 15:16:27

	MD5	f6b0f02bc95abcd404e7f1d9c3e503ab
	SHA1	056a5939d983d3e3bdf20627fc31676e784c25a3
	SHA256	cbea1b6ba909573dbd9751d5a9007c18d33d7dc7c6a29c5009574adc444c0804
SSDeep	6144:2rtKZK5W2WEwHU8LINaNybxr2hZK1mr5eNrE0sAJ3HXwh3R8Qo+QqLxfS:ktWUbfILIQNix2h0IV6rrJ38Ho+nU
Size	346548 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Spy.ZBot.34.20 Avast = Win32:Vundo-JU [Trj] Ikarus = Trojan.Win32.Pirminay Panda = Trj/CI.A K7AntiVirus = Riskware VirusBuster = TrojanSpy.ZBot!9dsSJZRxsd0 VBA32 = Trojan.Pirminay.ewg TrendMicro-HouseCall = TROJ_GEN.R44C3DB Comodo = TrojWare.Win32.Trojan.Agent.Gen Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Artemis!F6B0F02BC95A DrWeb = Trojan.DownLoader4.48204 TrendMicro = TROJ_GEN.R44C3DB Kaspersky = Trojan.Win32.Pirminay.ewg Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.rf McAfee = Artemis!F6B0F02BC95A F-Secure = Gen:Variant.Zbot.34 VIPRE = Trojan.Win32.Generic!BT AVG = Downloader.Generic11.PRZ Norman = W32/Kryptik.AIF GData = Gen:Variant.Zbot.34 Symantec = Trojan.Gen TheHacker = Trojan/Pirminay.euu BitDefender = Gen:Variant.Zbot.34 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:04:01 11:44:35-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 40960 Initialized Data Size : 593920 Uninitialized Data Size : 0 Entry Point : 0x7a62 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.70.7713.0 Product Version Number : 2.70.7713.0 File Flags Mask : 0x0003 File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Cuaqmupgw Zvdfxguhlya File Description : Fzybndxip Data Access - OLE DB Transaction Proxies/Stubs File Version : 2.70.7713.0 Internal Name : msxactps.dll Legal Copyright : Copyright (C) Hicnhxxwo Corp. 1997-2001 Original Filename : msxactps.dll Product Name : Guxlshbwc Data Access Components Product Version : 2.70.7713.0 Ole Self Register :
VirusTotal Report submitted 2012-06-26 12:10:41
VirusShare info last updated 2012-07-26 15:17:39

	MD5	b4d689fe9e91c269fd229d8716cf4c1b
	SHA1	d032bd23ad927e9c4d9e551fba81623f6cab4943
	SHA256	9392061882f33407eae7707d192bb4bd157d19900a475c14f0f518b45f3fd356
SSDeep	3072:xBDlvHfMbIss39ZrxmHR/wUsD7bElJtq8YJmMClD0+g3IX48eLaBke6Q12ZbrrNz:xv0ITcHVwFD7w9qFMrG3IX48eLa4gG
Size	231936 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Graftor.2825.1 Avast = Win32:Malware-gen Antiy-AVL = Trojan/win32.agent Ikarus = Trojan-Downloader.Win32.Ponmocup AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/CI.A nProtect = Gen:Variant.Graftor.2825 TrendMicro-HouseCall = TROJ_SPNR.16K911 Comodo = TrojWare.Win32.Trojan.Agent.Gen Emsisoft = Trojan-Downloader.Win32.Ponmocup!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.DownLoader5.11768 ByteHero = Trojan.Win32.Heur.Gen TrendMicro = TROJ_SPNR.16K911 Kaspersky = UDS:DangerousObject.Multi.Generic Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = PossibleThreat PCTools = Trojan.Gen Jiangmin = Trojan/Generic.kfzm McAfee = Generic Malware.ms F-Secure = Gen:Variant.Graftor.2825 VIPRE = Trojan.Win32.Generic!BT eSafe = Win32.GenVariant.Gra AVG = Downloader.Generic12.XVK Norman = W32/Obfuscated.L Symantec = Trojan.Gen.2 GData = Gen:Variant.Graftor.2825 BitDefender = Gen:Variant.Graftor.2825
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 8.0 Code Size : 16384 Initialized Data Size : 221184 Uninitialized Data Size : 0 Entry Point : 0x12ae OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Lkeqjcnzg Corporation File Description : Security Support Provider Interface File Version : 5.1.2600.0 (wdlwlplx.010817-1148) Internal Name : security.dll Legal Copyright : © Sggrurfjq Gjxnxlmwmas. All rights reserved. Original Filename : security.dll Product Name : Cjvqptjlu® Vofzjhm® Uuxcxdqej Lbjwaz Product Version : 5.1.2600.0
VirusTotal Report submitted 2011-11-14 19:29:29
VirusShare info last updated 2012-07-26 15:20:50

	MD5	010aebea3f2c1e72dabb52abc99f2d8f
	SHA1	d30315e095996ad9dcfd3e409e2df198d5a107a5
	SHA256	0784b325fb8dc0df6bb0c54f6071514207cb4502887e081476a66793b498a3a0
SSDeep	6144:7Bn1otHddNvjb8w3VMjJMBUF5POJ3OpMSAxdut0FI6:110Hd/b8wlMVMeN9MSA06
Size	283648 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.XPACK.Gen Avast = Win32:Trojan-gen Ikarus = Win32.SuspectCrc AhnLab-V3 = Trojan/Win32.Jorik Panda = Generic Trojan nProtect = Gen:Variant.Graftor.3421 VirusBuster = Trojan.Kryptik!e66g3HRBZBk VBA32 = Trojan.Genome.yvac TrendMicro-HouseCall = TROJ_GEN.R01C7KI Emsisoft = Win32.SuspectCrc!IK Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[RE] McAfee-GW-Edition = Generic.dx!bbpt DrWeb = Trojan.Winlock.4505 TrendMicro = TROJ_GEN.R01C7KI Kaspersky = Trojan.Win32.Genome.yvac Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Dx.BBPT!tr PCTools = Trojan.Gen McAfee = Generic.dx!bbpt F-Secure = MemScan:Trojan.Generic.KDV.405970 VIPRE = Trojan.Win32.Generic!BT eSafe = Win32.TRCrypt.XPACK AVG = Downloader.Generic12.XYH Norman = W32/Obfuscated.L GData = MemScan:Trojan.Generic.KDV.405970 Symantec = Trojan.Gen TheHacker = Trojan/Kryptik.vdn BitDefender = MemScan:Trojan.Generic.KDV.405970 NOD32 = a variant of Win32/Kryptik.VDN
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 8.0 Code Size : 278528 Initialized Data Size : 8192 Uninitialized Data Size : 32768 Entry Point : 0x4ccf0 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : ASCII Company Name : Hilgraeve, Inc. File Description : HyperTerminal Applet Library File Version : 5.1.2600.0 Internal Name : hticons Legal Copyright : Copyright © Hilgraeve, Inc. 2001 Legal Trademarks : HyperTerminal ® is a registered trademark of Hilgraeve, Inc. Original Filename : HTICONS.DLL Product Name : Fgmkaetto® Huqfbah® Uogluagzz Cnzssy Product Version : 5.1.2600.0 Comments : HyperTerminal ® was developed by Hilgraeve, Inc. for Tehnltlee
VirusTotal Report submitted 2011-12-13 20:19:17
VirusShare info last updated 2012-07-26 15:22:43

	MD5	f3bea5333efe7f8645cb4ff4bfd76d80
	SHA1	d2d46d59da538e4b48b07be405be3f82f26cd097
	SHA256	d532124d1c4d7450fdd56c40c453566d2e12e03c9b6776605f36f831633f89f7
SSDeep	6144:vWI9bjDLpaPqHJ3XC/oYPgYB1Hv12nnPxFSMuQ9n0nufGL4eVT5jTvctZBKk90yw:vW2KqFy/o+FuPP7nsPL4eX3wXKz
Size	351741 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Suspicious file nProtect = Trojan/W32.Pirminay.351741 K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_GEN.R28CREC Comodo = TrojWare.Win32.Trojan.Agent.Gen Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Downloader.a!cl DrWeb = Trojan.DownLoader4.48146 TrendMicro = TROJ_GEN.R28CREC Kaspersky = Trojan.Win32.Pirminay.iof Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.sp McAfee = Downloader.a!cl F-Secure = Trojan.Generic.5793678 VIPRE = Trojan.Win32.Generic!BT F-Prot = W32/Ponmocup.A.gen!Eldorado AVG = Downloader.Generic11.RYK Norman = W32/Kryptik.AIF Sophos = Mal/Generic-L GData = Trojan.Generic.5793678 Symantec = Trojan.Gen Commtouch = W32/Ponmocup.A.gen!Eldorado TheHacker = Trojan/Pirminay.fam BitDefender = Trojan.Generic.5793678 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:02 15:20:00-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 69632 Initialized Data Size : 557056 Uninitialized Data Size : 0 Entry Point : 0xdb6f OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.5512 Product Version Number : 5.1.2600.5512 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 6 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Remote NDIS Miniport File Version : 5.1.2600.5512 (xpsp.080413-0852) Internal Name : RNDISMP.SYS Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : RNDISMP.SYS Product Name : Microsoft® Windows® Operating System Product Version : 5.1.2600.5512
VirusTotal Report submitted 2012-06-26 16:15:38
VirusShare info last updated 2012-07-26 15:24:20

	MD5	3fc4442e401a7f65440618f59923c8a4
	SHA1	d531ca88a26acf23e2b9aa33d659268fbde0db71
	SHA256	dfa3e85713c4ca77131e65117c99d6749c69cd651e8b21b25584929302a37010
SSDeep	6144:WIBod6T4gWg+VBe4PnwRxht4eQco3iYFaAgenmhvDje8sE5Tq/z6DZytbrJiYDQu:xyDBGx3zLYTmvVsE5T09bJ
Size	416133 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Spy.ZBot.34.34 Avast = Win32:Pirminay-W [Trj] Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/CI.A K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!2+hgcYK4xiA TrendMicro-HouseCall = TROJ_GEN.R11C2H3 Comodo = TrojWare.Win32.Trojan.Agent.Gen Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Pirminay.qzv McAfee-GW-Edition = Artemis!3FC4442E401A DrWeb = Trojan.DownLoader5.39594 TrendMicro = TROJ_GEN.R11C2H3 Kaspersky = Trojan.Win32.Pirminay.qzv Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.ADH Jiangmin = Trojan/Pirminay.zl McAfee = Artemis!3FC4442E401A F-Secure = Gen:Variant.Zbot.34 VIPRE = Trojan.Win32.Generic!BT AVG = Generic22.ALLT Norman = W32/Obfuscated.L Sophos = Troj/Virtum-Gen GData = Gen:Variant.Zbot.34 Symantec = Trojan.ADH TheHacker = Trojan/Pirminay.gpx BitDefender = Gen:Variant.Zbot.34 NOD32 = a variant of Win32/Kryptik.NDZ
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:08:09 14:57:25-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 28672 Initialized Data Size : 745472 Uninitialized Data Size : 0 Entry Point : 0x4406 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.0.0.3422 Product Version Number : 2.0.0.3422 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : Portuguese Character Set : Unicode Comments : Company Name : Oflwbmimv Nxaoeqtliub File Description : Vbniftxge Agent International Dll File Version : 2.00.0.3422 Internal Name : agt0816 Legal Copyright : Copyright (C) Joemcygqq Corp. 1999 Legal Trademarks : Original Filename : agt0816.dll Private Build : Product Name : Lbcwrywup Agent International Dll Product Version : 2.00.0.3422 Special Build :
VirusTotal Report submitted 2012-06-26 21:00:08
VirusShare info last updated 2012-07-26 15:30:58

	MD5	0fe816680bd1bb303b6644b18932e783
	SHA1	e16e8a6a03905c94f1c9aeac6e80fc00d04b5c26
	SHA256	54850ee10ddc166d2d17836337540b96a60b99948d17075b95da9d01d2434d86
SSDeep	3072:RBVuS1saTNWqgWIMpwyKP3ykikbrJ3fYAT:hr1dzgWIkaP3ykrrJR
Size	130560 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/VB.Downloader.Gen Avast = Win32:Hosts-J [Trj] Ikarus = Trojan.Win32.Swisyn AhnLab-V3 = Trojan/Win32.Swisyn Panda = Trj/Qhost.LU Rising = Trojan.Win32.QHost.awf nProtect = Trojan/W32.QHosts.130560 K7AntiVirus = Trojan VirusBuster = Trojan.Swisyn!whPY1JLc4mw VBA32 = SScope.Trojan.VB.0609 eTrust-Vet = Win32/Swisyn.R TrendMicro-HouseCall = TROJ_FAM_00001e3.TOMA Emsisoft = Trojan.Win32.Swisyn!IK Comodo = TrojWare.Win32.Swisyn.C CAT-QuickHeal = TrojanDownloader.Ponmocup.A3 SUPERAntiSpyware = Trojan.Agent/Gen-HackHost McAfee-GW-Edition = Heuristic.BehavesLike.Win32.Downloader.A DrWeb = Trojan.Hosts.303 TrendMicro = TROJ_FAM_00001e3.TOMA Kaspersky = Trojan.Win32.Swisyn.jyb Microsoft = TrojanDownloader:Win32/Ponmocup.A ViRobot = Trojan.Win32.Swisyn.65024 Fortinet = W32/Swisyn.CQV!tr PCTools = Malware.Changeup Jiangmin = Trojan/Swisyn.cby McAfee = Swisyn.s ClamAV = Trojan.VB-43290 F-Secure = Trojan.QHosts.AVD VIPRE = Trojan.Win32.Swisyn.jyb (v) F-Prot = W32/Swisyn.E.gen!Eldorado AVG = Dropper.VB.CMD Norman = W32/DLoader.ACMAD Sophos = Mal/Swisyn-D GData = Trojan.QHosts.AVD Symantec = W32.Changeup!gen Commtouch = W32/Swisyn.E.gen!Eldorado TheHacker = Trojan/Swisyn.jyb BitDefender = Trojan.QHosts.AVD NOD32 = Win32/Qhost.NRX
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:13 10:28:38-04:00 PE Type : PE32 Linker Version : 6.0 Code Size : 8192 Initialized Data Size : 8192 Uninitialized Data Size : 0 Entry Point : 0x1088 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2011-10-23 10:25:34
VirusShare info last updated 2012-07-26 15:32:10

	MD5	173a0c0bbe1c221cad952c2195cc75c1
	SHA1	e8968e1685bd138a4c2eb47897f7d4d5c2df92b5
	SHA256	b86a8c3671e353fa9e07d9ddff5567159ba058a6812b1f303fc1787e6a955ef9
SSDeep	1536:fSQhBxT9gaYLelXStDG0CGHli76EKneqFK1ajmAFbWYtALieISFjPn7:f5B9ORtDG0TFgKneqFK1ajmAFbWYtALP
Size	94720 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	Avast = Win32:Malware-gen Ikarus = Virus.Win32.Vundo Panda = Generic Trojan nProtect = Gen:Variant.Graftor.3649 Emsisoft = Virus.Win32.Vundo!IK Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV PCTools = Trojan.Gen F-Secure = Gen:Variant.Graftor.3649 AVG = Generic25.BOQO Symantec = Trojan.Gen.2 GData = Gen:Variant.Graftor.3649 BitDefender = Gen:Variant.Graftor.3649 NOD32 = Win32/Ponmocup.AA
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:24 20:35:19-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 20480 Initialized Data Size : 81920 Uninitialized Data Size : 0 Entry Point : 0x1422 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1.3.0.2 Product Version Number : 1.3.0.2 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : Arabic Character Set : Windows, Arabic Company Name : Brother Industries Ltd. File Description : ‎‎برنامج تشغيل فئة Brother Parallel File Version : 1.03 Internal Name : BrParWdm.sys Legal Copyright : Copyright © Brother Industries Ltd., 2001-2003 Original Filename : BrParWdm.sys Product Name : Brother Parallel class Driver Product Version : 1.03
VirusTotal Report submitted 2011-11-18 19:24:05
VirusShare info last updated 2012-07-26 15:36:32

	MD5	f68cab9d5d91f20e64c39ec5917a123d
	SHA1	d31deebdb909ca7945daf770dbb6185ff4b5d417
	SHA256	ea8e00a0c5451a1660d1e387af20ad8c621e08d393aa0d6618f31b9813de1785
SSDeep	6144:DNWOFgNlQTPxon8Pfs7EHkmzDdzMVbsjkV8k/qUJmLOb:JWOFg0gCpBST8k/qU0Ly
Size	256516 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.ZPACK.Gen2 Avast = Win32:Trojan-gen Ikarus = Trojan.Win32.Priminary AhnLab-V3 = Trojan/Win32.Pirminay Panda = Suspicious file nProtect = Trojan.Generic.4529322 K7AntiVirus = Riskware VBA32 = Trojan.Pirminay.qj TrendMicro-HouseCall = TROJ_RENOS.BMC Emsisoft = Trojan.Win32.Priminary!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Artemis!F68CAB9D5D91 TrendMicro = TROJ_RENOS.BMC Kaspersky = Trojan.Win32.Pirminay.adn Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Kryptik.ANL!tr PCTools = HeurEngine.MaliciousPacker Jiangmin = Trojan/Pirminay.bo McAfee = Artemis!F68CAB9D5D91 F-Secure = Trojan.Generic.4529322 VIPRE = Packed.Win32.Pirminay.a (v) F-Prot = W32/FakeAlert.LP.gen!Eldorado AVG = Downloader.Generic10.MWC Norman = W32/Suspicious_Gen2.CEJKS GData = Trojan.Generic.4529322 Symantec = Packed.Generic.305 Commtouch = W32/FakeAlert.LP.gen!Eldorado TheHacker = Trojan/Pirminay.qj BitDefender = Trojan.Generic.4529322 NOD32 = a variant of Win32/Agent.RDG
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:11:12 18:01:00-05:00 PE Type : PE32 Linker Version : 5.12 Code Size : 5120 Initialized Data Size : 496128 Uninitialized Data Size : 0 Entry Point : 0x20dc OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 8.1.3124.0 Product Version Number : 8.1.3124.0 File Flags Mask : 0x003f File Flags : Pre-release, Private build File OS : Win32 Object File Type : Executable application File Subtype : 0 Language Code : Japanese Character Set : Windows, Japan (Shift - JIS X-0208) Company Name : Microsoft Corporation File Description : Microsoft IME File Version : 8.1.3124.0 Internal Name : MS-IME Legal Copyright : Copyright (C) 1995-2001 Microsoft Corporation. All rights reserved. Legal Trademarks : MicrosoftR is a registered trademark of Microsoft Corporation. Windows(TM) is a trademark of Microsoft Corporation Original Filename : IMJPDADM.EXE Product Name : Microsoft IME 2002 Product Version : 8.1.3124.0
VirusTotal Report submitted 2012-06-27 02:34:14
VirusShare info last updated 2012-07-26 15:37:48

	MD5	3a2d23a6539c69b5dd90c0e4df54ece2
	SHA1	47289ce78f611f6f5fb1524b114a0ba7b2388ca0
	SHA256	f20c20540656f8e35a217c865481743afc07de268cf6984cc5b9905e54961b29
SSDeep	6144:dYqoQCE9Yfk7fBCCRgzip0LTgRZxbS0Ql81Z8RArorhLasMGw1:dYV1pAhWziS6T0e1uAs1VRc
Size	291328 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.XPACK.Gen3 Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Pirminay.291328 Panda = Trj/CI.A Rising = Suspicious nProtect = Trojan.Generic.5211923 K7AntiVirus = Trojan VirusBuster = Trojan.DL.Agent!2n+ewaUPG6g VBA32 = Win32.TrojanDownloader.Agent.PXO TrendMicro-HouseCall = TROJ_GEN.R3BC2AH Emsisoft = Trojan.Win32.Pirminay!IK Comodo = TrojWare.Win32.Trojan.Agent.Gen McAfee-GW-Edition = Artemis!3A2D23A6539C TrendMicro = TROJ_GEN.R3BC2AH Kaspersky = Trojan.Win32.Pirminay.buw Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.c McAfee = Artemis!3A2D23A6539C F-Secure = Trojan-Dropper:W32/Meredrop.AL VIPRE = Trojan.Win32.Generic!BT AVG = SHeur3.AFOY Norman = W32/Troj_Generic.AAQEQ Sophos = Mal/Ponmocup-A GData = Trojan.Generic.5211923 Symantec = Trojan.Gen TheHacker = Trojan/Dropper.gen BitDefender = Trojan.Generic.5211923 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:02 13:59:34-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 278528 Initialized Data Size : 16384 Uninitialized Data Size : 299008 Entry Point : 0x8d730 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-06-27 06:15:51
VirusShare info last updated 2012-07-26 15:42:22

	MD5	90f0404a6c5da0236173741bb936e579
	SHA1	f366000fab7ba77f63808d45513361bdecc8c8a8
	SHA256	06dd61cb94d8c19a78568cd952908b400693aacae711b593fb83cba0dd8b7b94
SSDeep	6144:gtY2nszPX5/ktKB82mR8R/gxC8VPjogqJRTlyWmCQc:gc/5xBFJj8BogMlyxa
Size	236302 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	Avast = Win32:Pirminay-DT [Trj] Antiy-AVL = Trojan/Win32.Jorik Ikarus = Trojan.Win32.Jorik AhnLab-V3 = Trojan/Win32.Jorik Panda = Generic Trojan nProtect = Gen:Variant.Graftor.1488 K7AntiVirus = Trojan VBA32 = Trojan.Jorik.Pirminay.ana Emsisoft = Trojan.Win32.Jorik!IK Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[Cont] McAfee-GW-Edition = Heuristic.LooksLike.Win32.FakeXPA.B DrWeb = Trojan.Fakealert.25677 ByteHero = Trojan.Malware.Win32.xPack.l Kaspersky = Trojan.Win32.Jorik.Pirminay.avh Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Jorik_Pirminay.A!tr PCTools = Trojan.Gen Jiangmin = Trojan/Jorik.srx McAfee = Generic Malware.ms F-Secure = Gen:Variant.Graftor.1488 AVG = Dropper.Generic4.BKRT Norman = W32/Suspicious_Gen2.SCHWU Sophos = Mal/Generic-L GData = Gen:Variant.Graftor.1488 Symantec = Trojan.Gen.2 TheHacker = Trojan/Downloader.Agent.pxo BitDefender = Gen:Variant.Graftor.1488 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 28672 Initialized Data Size : 217088 Uninitialized Data Size : 0 Entry Point : 0x154b OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Sjvmpybqr Vcjvkkvgzsv File Description : Quarantine Server Management File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : QSvrMgmt.DLL Legal Copyright : © Ghckiyzrk Oyorkaasxzv. All rights reserved. Original Filename : QSvrMgmt.DLL Product Name : Umlcsoyqc® Odzhzzg® Ranjagawf Gopdjd Product Version : 6.1.7600.16385
VirusTotal Report submitted 2011-12-31 06:34:24
VirusShare info last updated 2012-07-26 15:43:08

	MD5	990f204783fe03e9950b47bf4b74fef3
	SHA1	f503faaba82d118f4d3c150d1fb0f487e06ee535
	SHA256	66dbfe168a326317207c6d4c8b8073d177e791cdd9fb7a0e618f55fbb7654dbf
SSDeep	1536:2IKQiZgbagiOWt7YshWjWnEWQXyU9ElZQ5UdrWmkC8nl/QrDRX6t:RKLfvuvUJKEmY8nl/iUt
Size	84992 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/VB.Downloader.Gen Avast = Win32:Hosts-J [Trj] Ikarus = Trojan.Win32.Swisyn AhnLab-V3 = Trojan/Win32.Swisyn Panda = Trj/Qhost.LU Rising = Trojan.Win32.QHost.awf nProtect = Trojan/W32.QHosts.84992 K7AntiVirus = Trojan VirusBuster = Trojan.Swisyn!whPY1JLc4mw VBA32 = SScope.Trojan.VB.0609 eTrust-Vet = Win32/Swisyn.R TrendMicro-HouseCall = TROJ_FAM_00001e3.TOMA Emsisoft = Trojan.Win32.Swisyn!IK Comodo = TrojWare.Win32.Swisyn.C CAT-QuickHeal = TrojanDownloader.Ponmocup.A3 SUPERAntiSpyware = Trojan.Agent/Gen-HackHost McAfee-GW-Edition = Heuristic.BehavesLike.Win32.Downloader.D DrWeb = Trojan.Hosts.303 TrendMicro = TROJ_FAM_00001e3.TOMA Kaspersky = Trojan.Win32.Swisyn.jyb ViRobot = Trojan.Win32.Swisyn.65024 Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Swisyn.CQV!tr PCTools = Malware.Changeup Jiangmin = Trojan/Swisyn.cby McAfee = Swisyn.s ClamAV = Trojan.VB-43290 F-Secure = Trojan.QHosts.AVD VIPRE = Trojan.Win32.Swisyn.jyb (v) F-Prot = W32/Swisyn.E.gen!Eldorado AVG = Dropper.VB.CMD Norman = W32/DLoader.ACMAD Sophos = Mal/Swisyn-D GData = Trojan.QHosts.AVD Symantec = W32.Changeup!gen Commtouch = W32/Swisyn.E.gen!Eldorado TheHacker = Trojan/Swisyn.jyb BitDefender = Trojan.QHosts.AVD NOD32 = Win32/Qhost.NRX
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:13 10:28:38-04:00 PE Type : PE32 Linker Version : 6.0 Code Size : 8192 Initialized Data Size : 8192 Uninitialized Data Size : 0 Entry Point : 0x1088 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2011-11-01 14:31:20
VirusShare info last updated 2012-07-26 15:44:06

	MD5	109f91c4c32eaad4030a58a76c695ca5
	SHA1	f9701f0ace5d38989f07b8dbda7baf9fe8cdb57c
	SHA256	5668dcf6be87b079e7be206174a3f5d4a19adb59740c9765e11e9b9d2b566a0a
SSDeep	6144:xBMik32MEP/puciESGPat9l+qO0N/iDa57hB1LYgqGaTS5JIcrY+DXZ4Qu41Qgu7:xBMj32XhinlGOiMTLYz65yc8G461QgC
Size	426409 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Pirminay.edz Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Swisyn.426409 Panda = Generic Trojan nProtect = Trojan/W32.Agent.426409 VirusBuster = Trojan.Pirminay!LjCA9SF9lM4 VBA32 = Trojan.Pirminay.edz TrendMicro-HouseCall = TROJ_GEN.R3EC3CS Comodo = TrojWare.Win32.Trojan.Agent.Gen Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Pirminay.edz McAfee-GW-Edition = Generic.dx!zjw DrWeb = Trojan.Hosts.4462 TrendMicro = TROJ_GEN.R3EC3CS Kaspersky = Trojan.Win32.Pirminay.edz Microsoft = TrojanDownloader:Win32/Ponmocup.A PCTools = Trojan.ADH Jiangmin = Trojan/Pirminay.qw McAfee = Generic.dx!zjw F-Secure = Trojan.Generic.6179272 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Vundo-JU [Trj] eSafe = Win32.TRPirminay.Edz AVG = Generic21.BBAM Norman = W32/Obfuscated.L Sophos = Mal/Ponmocup-A Symantec = Trojan.ADH GData = Trojan.Generic.6179272 TheHacker = Trojan/Pirminay.egg BitDefender = Trojan.Generic.6179272 NOD32 = a variant of Win32/Injector.FXK
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:06:29 05:40:37-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 57344 Initialized Data Size : 671744 Uninitialized Data Size : 0 Entry Point : 0xa66f OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 3.0.0.0 Product Version Number : 3.0.0.0 File Flags Mask : 0x003f File Flags : Private build File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : Arabic Character Set : Unicode Company Name : Lexmark International Inc. File Description : معالج طباعة Lexmark PS&SD In-Box File Version : 3.0.0.0 Internal Name : lmprtprc.dll Legal Copyright : Copyright © 1996-2004 Legal Trademarks : Lexmark® is a registered trademark of Lexmark International Inc. Original Filename : lmprtprc.dll Product Name : Lexmark Print Processor Product Version : 3.0
VirusTotal Report submitted 2011-07-12 07:27:25
VirusShare info last updated 2012-07-26 15:46:42

	MD5	2a6ed7dc5a59c901c7e5398f4ea7ee5a
	SHA1	fb66f458e87629fcf38759c6dbb43850071940a2
	SHA256	e21c70fea10c2a9d75496df1d2130bedb548f31d6ff15cdc834d41275eb7d674
SSDeep	6144:cqXcMZjfw9Ed6ydeSWST8MqP/IaDK9je:pXcMZjNkydl3bqP/IaDb
Size	278528 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = ADWARE/Adware.Gen Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Jorik Ikarus = Trojan.Win32.Jorik AhnLab-V3 = Trojan/Win32.FakeAV Panda = Generic Trojan nProtect = Gen:Variant.Downloader.10 K7AntiVirus = Riskware VirusBuster = Trojan.Injector!91aRSm8Tw04 VBA32 = Trojan.Jorik.Pirminay.be Emsisoft = Trojan.Win32.Jorik!IK Comodo = UnclassifiedMalware SUPERAntiSpyware = Adware.Vundo/Variant-MSFake McAfee-GW-Edition = Heuristic.LooksLike.Win32.Suspicious.C DrWeb = Trojan.DownLoader4.17985 ByteHero = Trojan.Win32.Heur.Gen Kaspersky = Trojan.Win32.Jorik.Pirminay.nc Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Jorik.K!tr Jiangmin = Trojan/Generic.hxys McAfee = Artemis!2A6ED7DC5A59 F-Secure = Trojan.Generic.6573909 VIPRE = Trojan.Win32.Generic!BT AVG = SHeur3.CKGC Norman = W32/Obfuscated.L Sophos = Troj/Virtum-Gen GData = Trojan.Generic.6573909 Symantec = WS.Reputation.1 BitDefender = Trojan.Generic.6573909 NOD32 = a variant of Win32/Injector.HZU
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 253952 Initialized Data Size : 28672 Uninitialized Data Size : 40960 Entry Point : 0x489e0 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 0.3.1281.0 Product Version Number : 6.0.5479.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 12 Language Code : Arabic Character Set : Unicode Company Name : Microsoft Corporation File Description : برنامج تشغيل الطابعة Oksidm9 File Version : 6.0.5479.0 (vbl_wcp_d2_drivers.060616-1619) Internal Name : Oksidm9.dll Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : Oksidm9.dll Product Name : Microsoft® Windows® Operating System Product Version : 6.0.5479.0
VirusTotal Report submitted 2011-12-18 23:58:10
VirusShare info last updated 2012-07-26 15:48:10

	MD5	07c7c002e6ee136d67db6c634b62a505
	SHA1	fbafce572ca9c92032ddbd0651120f42546acf87
	SHA256	4264ea77dbfcfa77fb459a9cdc317bbc9c6027ebf43a67db72a4f2f5a50975fe
SSDeep	6144:9yzKblswtmN/642HJF02X3Y0N+Yi3VrIwR+z8:fKwtmA9JF1HPUdFrg4
Size	246784 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = ADWARE/Adware.Gen Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Genome Ikarus = Trojan-Downloader.Win32.Ponmocup AhnLab-V3 = Trojan/Win32.HDC Panda = Suspicious file nProtect = Trojan.Generic.7036046 K7AntiVirus = Trojan VirusBuster = Trojan.Agent!Lkl9gMVIuIo VBA32 = Trojan.Genome.yydk TrendMicro-HouseCall = TROJ_GEN.R47C7KH Emsisoft = Trojan-Downloader.Win32.Ponmocup!IK Comodo = TrojWare.Win32.Trojan.Agent.Gen CAT-QuickHeal = Trojan.Genome.yydk SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[Cont] McAfee-GW-Edition = Downloader.a!ys DrWeb = Trojan.DownLoader5.12298 TrendMicro = TROJ_GEN.R47C7KH Kaspersky = Trojan.Win32.Genome.yydk Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Agent.FWWSZXC!tr Jiangmin = Trojan/Generic.klre McAfee = Downloader.a!ys F-Secure = Trojan.Generic.7036046 VIPRE = Trojan.Win32.Generic!BT eSafe = Win32.TRDldr.Ponmocu AVG = Downloader.Generic12.YMX Norman = W32/Suspicious_Gen2.SAGTC GData = Trojan.Generic.7036046 Symantec = Downloader TheHacker = Trojan/Genome.yydk BitDefender = Trojan.Generic.7036046 NOD32 = a variant of Win32/Kryptik.XEF
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 8.0 Code Size : 245760 Initialized Data Size : 4096 Uninitialized Data Size : 36864 Entry Point : 0x45600 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.0.2195.6695 Product Version Number : 5.0.2195.6695 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Wmnvrnckw Okbaigbjsyn File Description : Izbksfhvu Privilege Translations File Version : 5.00.2195.6695 Internal Name : mspriv.dll Legal Copyright : Copyright (C) Vcukcvzon Corp. 1981-1999 Original Filename : mspriv.dll Product Name : Nwsphfkod(R) Windows (R) 2000 Lojbhrsii Ytbgil Product Version : 5.00.2195.6695
VirusTotal Report submitted 2012-02-15 07:28:04
VirusShare info last updated 2012-07-26 15:48:17

	MD5	b7c98568e4f480bb940f00977655e40e
	SHA1	10b4571509713c984fffb4161ee6e79f2ad0172d
	SHA256	7ffa00e793ed996f981e66f727150b5762d97ee3102d31f98a75f70e5762298f
SSDeep	6144:N/lYbbxZc2ArOLbddIo0mwRTvDZ9CFyfgdEOxC8ddT316HnZgo:mVRf2NvDvCqgfCYdTlMr
Size	274432 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.XPACK.Gen Avast = Win32:Pirminay-H [Trj] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/CI.A nProtect = Trojan.Generic.5590021 K7AntiVirus = Trojan VirusBuster = Trojan.Kryptik!GTlX8tefmJY TrendMicro-HouseCall = TROJ_GEN.R3BC1CN Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Jorik.Pirminay.atv McAfee-GW-Edition = Downloader-CEW.ag DrWeb = Trojan.Hosts.3682 TrendMicro = TROJ_GEN.R3BC1CN Kaspersky = Trojan.Win32.Jorik.Pirminay.atv Microsoft = TrojanDownloader:Win32/Renos.KC Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen McAfee = Downloader-CEW.ag F-Secure = Trojan.Generic.5590021 VIPRE = Trojan.Win32.Generic!BT AVG = Generic21.MUS Norman = W32/Kryptik.AIF Sophos = Mal/Ponmocup-A GData = Trojan.Generic.5590021 Symantec = Trojan.Gen TheHacker = Trojan/Kryptik.jvo BitDefender = Trojan.Generic.5590021 NOD32 = a variant of Win32/Kryptik.JVO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:05 17:40:34-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 36864 Initialized Data Size : 479232 Uninitialized Data Size : 0 Entry Point : 0x8f12 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 7.0.0.0 Product Version Number : 5.2.3790.1230 File Flags Mask : 0x003f File Flags : Private build File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Unicode Company Name : Adaptec, Inc. File Description : Adaptec Windows Ultra320 Driver File Version : 7.0.000.000 (NT.040809-2325) Internal Name : PH 3.0 MS_V98 V564 bw01 - RTC03 Legal Copyright : Copyright © 2003 Adaptec, Inc. All rights reserved. Original Filename : adpu320.sys Product Name : Adaptec Windows Ultra320 Family Driver Product Version : 5.2.3790.1230
VirusTotal Report submitted 2012-06-29 09:03:39
VirusShare info last updated 2012-07-26 16:05:21

	MD5	617d2a531fc0c17477b7991e0612f3ff
	SHA1	13bbca3b2b356992e2fb64d4bffef6051c12d418
	SHA256	99058f95fe761851ea35816e638a7b481a759c92506a3b375a24b66bc713b041
SSDeep	6144:qlTRPmXn7bVYJtBRw5UsBoy8kpdYPNkx8FdU85H0K:j7b6tBABojKybUg
Size	298496 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Renos.29849661 Avast = Win32:MalOb-EI [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Suspicious file K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_RENOS.BMC Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Generic.dx!zjx TrendMicro = TROJ_RENOS.BMC Kaspersky = Trojan.Win32.Pirminay.cpc Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Kryptik.ANL!tr PCTools = HeurEngine.MaliciousPacker Jiangmin = Trojan/Pirminay.aoi McAfee = Generic.dx!zjx F-Secure = Gen:Variant.Vundo.6 VIPRE = Trojan.Win32.Generic!BT F-Prot = W32/FakeAlert.LP.gen!Eldorado AVG = Generic20.CABB Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Vundo.6 Symantec = Packed.Generic.305 Commtouch = W32/FakeAlert.LP.gen!Eldorado BitDefender = Gen:Variant.Vundo.6 NOD32 = a variant of Win32/Kryptik.JIW
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:08:07 02:38:05-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 20480 Initialized Data Size : 548864 Uninitialized Data Size : 0 Entry Point : 0x5cc6 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Windows Network Service Performance Objects DLL File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : PERFNET.DLL Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : PERFNET.DLL Product Name : Microsoft® Windows® Operating System Product Version : 6.1.7600.16385
VirusTotal Report submitted 2012-06-29 10:59:06
VirusShare info last updated 2012-07-26 16:05:55

	MD5	2ab0421c8bc28275f988d8235b9c89ea
	SHA1	3dede496ac1ac0dbd0077ff656d21925666f78d4
	SHA256	45eb334835358c18656e148e961f2da34f30f9632f4a342a806eb8d7ed7ea69c
SSDeep	768:hXKF++jbW7FHGdeEqb7X2uVEqNpCQ30uWs:kF+QQHw072JqNpCQ3ZB
Size	32768 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Spy.Gen Avast = Win32:Pirminay-EE [Trj] Antiy-AVL = AdWare/Win32.SuperJuan Ikarus = not-a-virus:AdWare.Win32.SuperJuan AhnLab-V3 = Trojan/Win32.Variant Panda = Trj/CI.A K7AntiVirus = Adware VirusBuster = Adware.SuperJuan!HulR+fsZJIg VBA32 = AdWare.SuperJuan.yef TrendMicro-HouseCall = TROJ_GEN.R21C2CV Emsisoft = Riskware.AdWare.Win32.SuperJuan!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Artemis!2AB0421C8BC2 DrWeb = Trojan.WinSpy.1558 TrendMicro = TROJ_GEN.R21C2CV Kaspersky = not-a-virus:AdWare.Win32.SuperJuan.yef Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/SuperJuan PCTools = Adware.Gen!rem Jiangmin = Adware/SuperJuan.hk McAfee = Artemis!2AB0421C8BC2 F-Secure = Gen:Variant.Vundo.10 VIPRE = Virtumonde AVG = Generic4.CHWF Norman = W32/Suspicious_Gen2.KKZWJ GData = Gen:Variant.Vundo.10 Symantec = Adware.Gen BitDefender = Gen:Variant.Vundo.10 NOD32 = a variant of Win32/Ponmocup.AA
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 8704 Initialized Data Size : 23040 Uninitialized Data Size : 0 Entry Point : 0x2fea OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-06-30 02:37:02
VirusShare info last updated 2012-07-26 16:13:52

	MD5	044f51cf5cd2fcc4185769caf07f6bcc
	SHA1	4139ba5b9f25d2c79a7c42466c233e0ee931ac30
	SHA256	6e1c098f3852eb3afeb24ef3e9b4b8bcae714e8eebe74bb4fdfadeb955f3998b
SSDeep	6144:btlpaxzMoM3l2TzgwctPVJAbvq6lRdq0i0FYN3ITW86xkuiRd:xlpaxz62TEJNWbvq6PMJ225/ud
Size	327168 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.ZPACK.Gen2 Avast = Win32:Adware-gen [Adw] Antiy-AVL = Trojan/Win32.Agent.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Dropper/Win32.Agent Panda = Trj/CI.A nProtect = Trojan/W32.Agent.327168.U K7AntiVirus = Trojan VirusBuster = Trojan.DR.Agent!eepXEKNW0gg VBA32 = Trojan-Dropper.Win32.Agent.bjst TrendMicro-HouseCall = TROJ_DLOADUP.SMA Comodo = TrojWare.Win32.Spy.327168.30 Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Win32.TrojanDownloader.Renos.KC.4 McAfee-GW-Edition = Artemis!044F51CF5CD2 DrWeb = Trojan.MulDrop.58764 TrendMicro = TROJ_DLOADUP.SMA Kaspersky = Trojan-Dropper.Win32.Agent.bjst Microsoft = TrojanDownloader:Win32/Renos.KC Fortinet = W32/Kryptik.ANL!tr PCTools = HeurEngine.MaliciousPacker TotalDefense = malicious Jiangmin = TrojanDropper.Agent.ahkt McAfee = Artemis!044F51CF5CD2 F-Secure = Gen:Variant.Vundo.6 VIPRE = Packed.Win32.Pirminay.a (v) F-Prot = W32/Dropper.ANNF AVG = Dropper.Agent.PKN Norman = W32/Kryptik.AIF Sophos = Mal/Ponmocup-A GData = Gen:Variant.Vundo.6 Symantec = Packed.Generic.305 Commtouch = W32/Dropper.ANNF TheHacker = Trojan/Dropper.Agent.bjst BitDefender = Gen:Variant.Vundo.6 NOD32 = a variant of Win32/Kryptik.NHN
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:08:07 01:49:05-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 35840 Initialized Data Size : 579072 Uninitialized Data Size : 0 Entry Point : 0x9a5c OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 2 Language Code : Neutral Character Set : Unicode Company Name : Microsoft Corporation File Description : Lithuania Keyboard Layout File Version : 6.0.6000.16386 (vista_rtm.061101-2205) Internal Name : kbdlt (3.13) Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : kbdlt.dll Product Name : Microsoft® Windows® Operating System Product Version : 6.0.6000.16386
VirusTotal Report submitted 2012-06-30 03:36:00
VirusShare info last updated 2012-07-26 16:14:28

	MD5	b777e47c72bce200a523ebaa9fdbd78f
	SHA1	5e589709fbffd37f9eca933f473929cef8ba007d
	SHA256	4bc9bbeaa9890f76b7a7b89f8a7ddcb0108cad6ab26dbf8e25c3f81cb91ad29c
SSDeep	6144:bxtgIU6JvXrwOPTkGxvmSj2fAgvWAEszudnhwnrS1/pOHzCp9nHoS9Z:bxtHPrmwmm2GAEsidhwnr+vHoSn
Size	740713 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.ULPM.Gen Avast = Win32:Trojan-gen Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/CI.A nProtect = Trojan/W32.Agent.740713 VirusBuster = Trojan.Pirminay!N6a0vRWFits VBA32 = Trojan.Pirminay.ept TrendMicro-HouseCall = TROJ_RENOS.BMC Emsisoft = Trojan.Win32.Pirminay!IK Comodo = Packed.Win32.MUPX.Gen CAT-QuickHeal = Trojan.Pirminay.ept McAfee-GW-Edition = Downloader.a!zl DrWeb = Trojan.DownLoader4.54102 TrendMicro = TROJ_RENOS.BMC Kaspersky = Trojan.Win32.Pirminay.ept Microsoft = TrojanDownloader:Win32/Ponmocup.A ViRobot = Trojan.Win32.A.Pirminay.740713 PCTools = Downloader.Generic Jiangmin = Trojan/Pirminay.pg McAfee = Downloader.a!zl F-Secure = Trojan.Generic.5727132 VIPRE = Trojan.Win32.Generic.pak!cobra AVG = SHeur3.BSCS Norman = W32/Obfuscated.L GData = Trojan.Generic.5727132 Symantec = Downloader BitDefender = Trojan.Generic.5727132 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:30 10:05:43-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 258048 Initialized Data Size : 28672 Uninitialized Data Size : 454656 Entry Point : 0x52022 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-06-30 14:12:52
VirusShare info last updated 2012-07-26 16:19:12

	MD5	fb074062a981cd54022c4917db9cba05
	SHA1	8dd1da00561c27a907252ef737d839494668451f
	SHA256	e376612b4db8617196957811da5f037245b3e393ec494752c615c9071b37ea9a
SSDeep	6144:0+QZ5dap4P3L+LxL4mLwHxlV5hbfugwpHfLkQmOPDa:nI3LY18Rlvhbfu7d+sa
Size	273821 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.XPACK.Gen Avast = Win32:Pirminay-BB [Trj] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/CI.A K7AntiVirus = Riskware VirusBuster = Trojan.DL.Ponmocup!e2jw+4hdS5A TrendMicro-HouseCall = TROJ_RENOS.BMC Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Pirminay.pdq McAfee-GW-Edition = Downloader.a!wt DrWeb = Trojan.Hosts.5040 TrendMicro = TROJ_RENOS.BMC Kaspersky = Trojan.Win32.Pirminay.pdq Microsoft = Trojan:Win32/Vundo.gen!CD Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.ADH Jiangmin = Trojan/Pirminay.adj McAfee = Downloader.a!wt F-Secure = Gen:Variant.Kazy.29755 VIPRE = Trojan.Win32.Generic!BT eSafe = Win32.Trojan AVG = SHeur3.CFGA Norman = W32/Suspicious_Gen2.RZULB GData = Gen:Variant.Kazy.29755 Symantec = Trojan.ADH.2 TheHacker = Trojan/Pirminay.iky BitDefender = Gen:Variant.Kazy.29755 NOD32 = probably a variant of Win32/Agent.BMQHEPH
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:03:24 21:08:30-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 270336 Initialized Data Size : 4096 Uninitialized Data Size : 356352 Entry Point : 0x99970 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 4.3.0.1998 Product Version Number : 4.3.0.1998 File Flags Mask : 0x30003f File Flags : (none) File OS : Windows 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Windows, Latin1 Company Name : Ighvzfkid Cjuncfqwfiw File Description : Xyxbgspjd Audio Compression Manager File Version : 4.03.1998 Internal Name : msacm32.dll Legal Copyright : Copyright © Cwmagqccf Corp. 1991-1998 Original Filename : msacm32.dll Product Name : Iihgmndtr Vaqxwgw Product Version : 4.03.1998
VirusTotal Report submitted 2012-07-01 03:52:32
VirusShare info last updated 2012-07-26 16:27:16

	MD5	cf15f33981259f1bdf94b3d87fe9b785
	SHA1	93f0da06b94001aa5bc445edf5f42addcee8f88f
	SHA256	03844afded27c5164cac6de6794426928c5c69f4d0430fd6bf0a721d3e1d41a6
SSDeep	3072:zcU4MQwRGiKNUL1vtP3jpCZlFOSnlMgmY1/XUV:z+PNUpvtP3jAV6gd1/XU
Size	139264 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Graftor.17637 Avast = Win32:Diller-DC [Trj] Ikarus = Win32.SuspectCrc Panda = Trj/Ponmocup.B K7AntiVirus = Riskware VirusBuster = Trojan.Ponmocup!4+Sx9Wjk7nk TrendMicro-HouseCall = TROJ_GEN.R4FCEDT Comodo = UnclassifiedMalware Emsisoft = Win32.SuspectCrc!IK McAfee-GW-Edition = Generic.dx!bdrx TrendMicro = TROJ_GEN.R4FCEDT Kaspersky = Trojan.Win32.Genome.afeas Fortinet = W32/Ponmocup.AZ!tr PCTools = Trojan.Gen McAfee = Generic.dx!bdrx F-Secure = Gen:Variant.Graftor.17637 VIPRE = Trojan.Win32.Generic!BT AVG = Agent3.BKLJ Norman = W32/Troj_Generic.ARSBI GData = Gen:Variant.Graftor.17637 Symantec = Trojan.Gen.2 TheHacker = Trojan/Ponmocup.bj BitDefender = Gen:Variant.Graftor.17637 NOD32 = a variant of Win32/Ponmocup.BJ
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2012:03:12 20:00:00-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 81920 Initialized Data Size : 57344 Uninitialized Data Size : 0 Entry Point : 0xb4ad OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-05-30 16:57:28
VirusShare info last updated 2012-07-26 16:30:58

	MD5	ccf716d03c1d446a04c8be46d3f10e73
	SHA1	0661c61182689ed1cede4a8f146f0ee44a082a9a
	SHA256	8885811b36c293ac8668c1ab069370c8c9dfed9d935f0bf9f5443c07388efa75
SSDeep	1536:2I7jBQDPfQOypidGV/7lbCPpF2O34d/QHgugtv:R7+DXQOyi+DYP2ODgx1
Size	77824 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/VB.Downloader.Gen Avast = Win32:Hosts-J [Trj] Ikarus = Trojan.Win32.Swisyn AhnLab-V3 = Trojan/Win32.Swisyn Panda = Trj/Qhost.LU nProtect = Trojan/W32.Swisyn.77824.K K7AntiVirus = Trojan VirusBuster = Trojan.Swisyn!whPY1JLc4mw VBA32 = SScope.Trojan.VB.0609 eTrust-Vet = Win32/Swisyn.R TrendMicro-HouseCall = TROJ_FAM_00001e3.TOMA Comodo = TrojWare.Win32.Swisyn.C Emsisoft = Trojan.Win32.Swisyn!IK CAT-QuickHeal = TrojanDownloader.Ponmocup.A3 SUPERAntiSpyware = Trojan.Agent/Gen-HackHost McAfee-GW-Edition = Heuristic.BehavesLike.Win32.Downloader.D DrWeb = Trojan.Hosts.303 ByteHero = Virus.Win32.Heur.p TrendMicro = TROJ_FAM_00001e3.TOMA Kaspersky = Trojan.Win32.Swisyn.jyb Microsoft = TrojanDownloader:Win32/Ponmocup.A ViRobot = Trojan.Win32.Swisyn.65024 Fortinet = W32/Swisyn.CQV!tr PCTools = Malware.Changeup Jiangmin = Trojan/Swisyn.cby McAfee = Swisyn.s ClamAV = Trojan.VB-43290 F-Secure = Trojan.QHosts.AVD VIPRE = Trojan.Win32.Swisyn.jyb (v) eSafe = Win32.TRVB.Downloade F-Prot = W32/Swisyn.E.gen!Eldorado AVG = Dropper.VB.CMD Norman = W32/Suspicious_Gen2.MTPPU Sophos = Mal/Swisyn-D GData = Trojan.QHosts.AVD Symantec = W32.Changeup!gen Commtouch = W32/Swisyn.E.gen!Eldorado TheHacker = Trojan/Swisyn.jyb BitDefender = Trojan.QHosts.AVD NOD32 = Win32/Qhost.NRX
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:13 10:28:38-04:00 PE Type : PE32 Linker Version : 6.0 Code Size : 8192 Initialized Data Size : 8192 Uninitialized Data Size : 0 Entry Point : 0x1088 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2011-11-24 05:30:16
VirusShare info last updated 2012-07-26 16:31:47

	MD5	267211cf10f56ae465d6112fdb08440c
	SHA1	ec53f529acd3db3940ce08143c5cd93a4bfc6792
	SHA256	125b7fc58930622592942c6329d0e3b5cb53983b151439f9798fb64c5bcb493d
SSDeep	1536:cQ7ForrajFjx2BTKR8LiNgA/mcut5wI/VlVHKgJQvTLc:x5aLib/vut53/VXH1gHc
Size	122880 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.ZPACK.Gen2 Avast = Win32:Diller-CA [Trj] Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Win32.Diller nProtect = Trojan.Generic.KDV.577776 K7AntiVirus = Riskware VirusBuster = Trojan.Ponmocup!Qp9mlAsEIBw TrendMicro-HouseCall = TROJ_GEN.R47C9EJ Comodo = UnclassifiedMalware Emsisoft = Win32.Diller!IK McAfee-GW-Edition = Generic.dx!bdrq TrendMicro = TROJ_GEN.R47C9EJ Fortinet = W32/Ponmocup.AZ!tr McAfee = Generic.dx!bdrq F-Secure = Trojan.Generic.KDV.577776 VIPRE = Trojan.Win32.Generic!BT AVG = Generic27.AEPZ Norman = W32/Suspicious_Gen4.WZIW Sophos = Troj/Virtum-Gen GData = Trojan.Generic.KDV.577776 TheHacker = Trojan/Ponmocup.ay BitDefender = Trojan.Generic.KDV.577776 NOD32 = Win32/Ponmocup.AY
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:11:14 14:06:56-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 73728 Initialized Data Size : 49152 Uninitialized Data Size : 0 Entry Point : 0x1a27 OS Version : 4.0 Image Version : 21315.20512 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-05-30 16:35:47
VirusShare info last updated 2012-07-26 16:35:01

	MD5	2bcfc98eef9f8a29e207f91b02aefb50
	SHA1	cac5a3a94e7f32a4ab90a51101927b3ab0f69e3d
	SHA256	13edf0cfb70cafb91731486c54a63882238d762bdcab9f2b64406ac4eec2a052
SSDeep	12288:Yh3JsN30ThyR8aXW5z1fIM3Z1OlR5iyFpegF8bXfNEH:QZe3kQGxSM3a759eAOVu
Size	497686 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Dldr.Ponmocup.A.330 Avast = Win32:Rootkit-gen [Rtk] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Suspicious file nProtect = Trojan.Generic.6201815 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!XLFbCqxS2TQ VBA32 = Trojan.Jorik.Pirminay.bcu TrendMicro-HouseCall = TROJ_GEN.R11C2GB Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Jorik.Pirminay.bcu SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[Cont] McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.Click2.1103 TrendMicro = TROJ_GEN.R11C2GB Kaspersky = Trojan.Win32.Jorik.Pirminay.bcu Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Kryptik.ANL!tr PCTools = Downloader.Generic Jiangmin = Trojan/Generic.kfuz McAfee = Generic Malware.ms ClamAV = Trojan.Agent-248231 F-Secure = Trojan.Generic.6201815 VIPRE = Trojan.Win32.Generic!BT AVG = Generic23.AMJJ Norman = W32/Troj_Generic.YQUL Sophos = Troj/Virtum-Gen GData = Trojan.Generic.6201815 Symantec = Downloader TheHacker = Trojan/Pirminay.jtt BitDefender = Trojan.Generic.6201815 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:25 02:09:30-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 495616 Initialized Data Size : 4096 Uninitialized Data Size : 581632 Entry Point : 0x107960 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6001.18000 Product Version Number : 6.0.6001.18000 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Dwbxidqtc Tnnvkqcqhbx File Description : Vhwyxwr NT MARTA provider File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840) Internal Name : ntmarta.dll Legal Copyright : © Evtgxttck Birlzseuqif. All rights reserved. Original Filename : ntmarta.dll Product Name : Wseqzcrpr® Hwwldzg® Vydekfyow Tzmldp Product Version : 6.0.6001.18000
VirusTotal Report submitted 2012-03-21 07:52:29
VirusShare info last updated 2012-07-26 16:35:50

	MD5	447b1ba5a0526fe991c46c9177b1b1ca
	SHA1	568fd3e62fe23d9f3411e8e4fb8f54a28a3aa1fd
	SHA256	1691454ca96d07b6543194801e24760b9bb01357cf30798c5540ace4e723fd0a
SSDeep	1536://rbe8oKyrkQ2B6Vm8LijlDQmwQGrDK1yoSrq1rwlnkpTtz0Hp2K4:nKthLiVQ4GK1yA8nkpTtz0
Size	147456 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Graftor.173521 Avast = Win32:Diller-DK [Trj] Ikarus = Trojan.Win32.Webprefix AhnLab-V3 = Trojan/Win32.Vundo Panda = Trj/Genetic.gen K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_GEN.R30C1CN Emsisoft = Trojan.Win32.Webprefix!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Vundo McAfee-GW-Edition = Vundo!or TrendMicro = TROJ_GEN.R30C1CN Kaspersky = Trojan.Win32.Genome.afdlf Microsoft = Trojan:Win32/Vundo.gen!CA Fortinet = W32/Ponmocup.AZ!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.HUP!genus McAfee = Vundo!or F-Secure = Gen:Variant.Graftor.17350 VIPRE = Virtumonde eSafe = Win32.TRGraftor F-Prot = W32/Agent.OG.gen!Eldorado AVG = Agent3.BJDF Norman = W32/Troj_Generic.ARBEW Sophos = Troj/Virtum-Gen GData = Gen:Variant.Graftor.17350 Symantec = Trojan.Gen.2 Commtouch = W32/Agent.OG.gen!Eldorado TheHacker = Trojan/Ponmocup.az BitDefender = Gen:Variant.Graftor.17350 NOD32 = Win32/Ponmocup.AZ
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:03:27 18:28:44-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 69632 Initialized Data Size : 77824 Uninitialized Data Size : 0 Entry Point : 0x16ed OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Event Create File Version : 5.1.2600.0 (xpclient.010817-1148) Internal Name : EventCreate.exe Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : EvCreate.exe Product Name : Microsoft® Windows® Operating System Product Version : 5.1.2600.0
VirusTotal Report submitted 2012-05-30 19:54:37
VirusShare info last updated 2012-07-26 16:36:30

	MD5	32637e46b5983d3b5be8efd33648475a
	SHA1	fb2f302ce09cbca80b16f82a82c4886f881756a2
	SHA256	1a9c36f16ac2a991ac68358fbd1d0342c9ee045eda19f958fc434f0d5a963673
SSDeep	3072:W20EFw8fBe9t0AwqawOMMcc9ElFOSnl9BffzHXUV:W2Bm2AwqapMLc9k1XU
Size	139264 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Graftor.17637 Avast = Win32:Diller-DC [Trj] Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Webprefix Panda = Trj/Ponmocup.B K7AntiVirus = Riskware VirusBuster = Trojan.Ponmocup!tJ+d9IH2s8Y Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Webprefix!IK McAfee-GW-Edition = Generic.dx!bdrq Kaspersky = Trojan.Win32.Genome.afdxr Fortinet = W32/Ponmocup.AZ!tr PCTools = Trojan.Gen McAfee = Generic.dx!bdrq F-Secure = Gen:Variant.Graftor.17637 VIPRE = Trojan.Win32.Generic!BT AVG = Agent3.BKLK Norman = W32/Troj_Generic.ARJWU Symantec = Trojan.Gen.2 GData = Gen:Variant.Graftor.17637 TheHacker = Trojan/Ponmocup.bj BitDefender = Gen:Variant.Graftor.17637 NOD32 = a variant of Win32/Ponmocup.BJ
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2012:03:13 20:00:00-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 81920 Initialized Data Size : 57344 Uninitialized Data Size : 0 Entry Point : 0xb4ad OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-05-30 16:36:28
VirusShare info last updated 2012-07-26 16:37:28

	MD5	0c25f91b422901712c9f44831a5124d3
	SHA1	fc478ef9feab487662045629d0bff6f5fab2b8cd
	SHA256	1d3a43bd9bc48150fbac525772e318a725f8bf6ded32dd0957c2c5e1aa95e7cd
SSDeep	1536:q+s7R3sAZYDBrvtLvZFOibHrWgsOPHSFRIZQ:ORZY9rvtLRvVHSHIZQ
Size	69120 bytes
File Type	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Vundo.avgma Avast = Win32:Adware-gen [Adw] Antiy-AVL = AdWare/Win32.SuperJuan.gen Ikarus = not-a-virus:AdWare.Win32.SuperJuan AhnLab-V3 = Trojan/Win32.HDC Panda = Suspicious file nProtect = Trojan-Clicker/W32.SuperJuan.69120 VBA32 = AdWare.SuperJuan.afzl eTrust-Vet = Win32/Adware.OS!genus Emsisoft = Riskware.AdWare.Win32.SuperJuan!IK SUPERAntiSpyware = Trojan.Agent/Gen-Vundo McAfee-GW-Edition = Artemis!0C25F91B4229 Kaspersky = not-a-virus:AdWare.Win32.SuperJuan.afzs Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.UER!tr Jiangmin = Adware/SuperJuan.aox McAfee = Artemis!0C25F91B4229 F-Secure = Gen:Variant.Graftor.4111 VIPRE = Trojan.Win32.Encpk.acf (v) AVG = Generic4.CHLH Sophos = Mal/EncPk-ACF GData = Gen:Variant.Graftor.4111 TheHacker = Trojan/Ponmocup.aa BitDefender = Gen:Variant.Graftor.4111 NOD32 = Win32/Ponmocup.AA
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:22 19:53:04-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 28672 Initialized Data Size : 49152 Uninitialized Data Size : 0 Entry Point : 0x15d5 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : Neutral Character Set : Unicode Company Name : Microsoft Corporation File Description : JP Japanese Keyboard Layout Stub driver File Version : 6.0.6000.16386 (vista_rtm.061101-2205) Internal Name : kbdjpn Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : kbdjpn.dll Product Name : Microsoft® Windows® Operating System Product Version : 6.0.6000.16386
VirusTotal Report submitted 2012-01-30 03:47:29
VirusShare info last updated 2012-07-26 16:38:17

	MD5	11bd06b385fcca14da4d8d9ece3c19c0
	SHA1	1528d650ef87055538ee95eace506ae457fecce2
	SHA256	568ae87b82dbf8b1575a6f2581793121cc5527a1205c83c63033969009063de4
SSDeep	3072:gVwFNWz7N0FBZ/TpNgzxO8lJImGWS1PWxdV:gV1UBNTDfnmGZP
Size	139264 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Crypt.ZPACK.Gen7 Avast = Win32:Diller-DK [Trj] Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Webprefix AhnLab-V3 = Trojan/Win32.Diller Panda = Suspicious file TrendMicro-HouseCall = TROJ_PONMCOP.SM1 Emsisoft = Trojan.Win32.Webprefix!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Vundo.gen.ft DrWeb = Trojan.Click2.26355 TrendMicro = TROJ_PONMCOP.SM1 Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Ponmocup.AZ!tr PCTools = HeurEngine.MaliciousPacker McAfee = Vundo.gen.ft F-Secure = Gen:Variant.Graftor.24270 VIPRE = Virtumonde AVG = Agent3.BNSX Norman = W32/Troj_Generic.CMTDZ Sophos = Troj/Ponmocup-I GData = Gen:Variant.Graftor.24270 Symantec = Packed.Generic.371 BitDefender = Gen:Variant.Graftor.24270 NOD32 = Win32/Ponmocup.CB
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:01:21 01:37:25-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 77824 Initialized Data Size : 61440 Uninitialized Data Size : 0 Entry Point : 0xa26f OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 3.0.0.0 Product Version Number : 3.0.0.0 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Yeoelupsd File Description : RegWizExe File Version : 3, 0, 0, 1 Internal Name : RegWizExe Legal Copyright : Copyright © 1998 Original Filename : RegWiz.exe Product Name : RegWizExe Product Version : 3, 0, 0, 1
VirusTotal Report submitted 2012-06-25 14:46:54
VirusShare info last updated 2012-07-26 16:41:32

	MD5	4cac0bd0b2be310a6e6da856a62b01cc
	SHA1	76626bc9abd4362c3249ecddbf5123b737a81116
	SHA256	22307008668690b021fe7b5a4ab8d207902993bfc9587ce5afe8a857a4cf594f
SSDeep	6144:/U3j1scrIsFr/PDCQk78qoYjsxApCpCSR3XO+NZxZfKCEvJq2CqiW18:MT1sMIw/PuL7doHApCpxO+XxZmRvC8i
Size	394724 bytes
File Type	PE32 executable (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Crypt.XPACK.Gen3 Avast = Win32:Vundo-JU [Trj] Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Pirminay K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!5l+K8jjAZso Comodo = TrojWare.Win32.Trojan.Agent.Gen Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.DownLoader5.36152 Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = PossibleThreat McAfee = Generic Malware.ms F-Secure = Gen:Variant.Zbot.34 F-Prot = W32/Ponmocup.A.gen!Eldorado AVG = Generic21.COJO Norman = W32/Kryptik.AIF GData = Gen:Variant.Zbot.34 Commtouch = W32/Ponmocup.A.gen!Eldorado BitDefender = Gen:Variant.Zbot.34 NOD32 = probably a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:29 18:59:57-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 90112 Initialized Data Size : 593920 Uninitialized Data Size : 0 Entry Point : 0x12caf OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Uqtpuowkz Wrcxjobpgfb File Description : Kill Process File Version : 5.1.2600.0 (XPClient.010817-1148) Internal Name : TaskKill.exe Legal Copyright : © Yglnaeocz Slgttikbssa. All rights reserved. Original Filename : TaskKill.exe Product Name : Ynrjyingi® Burypzv® Qxxtgkspl Offldi Product Version : 5.1.2600.0
VirusTotal Report submitted 2012-02-04 11:24:12
VirusShare info last updated 2012-07-26 16:43:24

	MD5	efb4a1a1c1ceef05be5de59e41332f4b
	SHA1	24f603697340f340e7f956c8b43f52449ed3d613
	SHA256	2d665a5c10f525965adade207c4a80161d7a24a4a53262b08ce9488a13a86253
SSDeep	1536:8yc2Eoa8bJhT0hr6p72BHZm8Li4dA+Zm7rLotEnSi0RF1fEXzKWuAqi:x7JN8OALiGTZOrLot+4ROOWuV
Size	131072 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/AdMir.S Avast = Win32:Diller-AF [Trj] Ikarus = Trojan-Downloader.Agent AhnLab-V3 = Trojan/Win32.Genome Panda = Suspicious file Rising = Trojan.Win32.Generic.12BBD18B nProtect = Trojan.Generic.KDV.574938 K7AntiVirus = Riskware VirusBuster = Trojan.Ponmocup!0mKynVFziF8 TrendMicro-HouseCall = TROJ_GEN.R47B1CK Emsisoft = Trojan-Downloader.Agent!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Generic Downloader.x!gj3 Fortinet = W32/Ponmocup.AS McAfee = Generic Downloader.x!gj3 F-Secure = Trojan.Generic.KDV.574938 VIPRE = Trojan.Win32.Generic!BT AVG = Downloader.Agent2.AZIA Norman = W32/Suspicious_Gen4.WHXS GData = Trojan.Generic.KDV.574938 TheHacker = Trojan/Ponmocup.as BitDefender = Trojan.Generic.KDV.574938 NOD32 = Win32/Ponmocup.AS
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 8.0 Code Size : 81920 Initialized Data Size : 49152 Uninitialized Data Size : 0 Entry Point : 0x4175 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-05-30 17:06:18
VirusShare info last updated 2012-07-26 16:48:04

	MD5	bf1c960955fd0a80821aee62a864b513
	SHA1	339c445ecacb14a88d38ce6e9f1b959cd62de5f1
	SHA256	51eee2904deddcd6da2bd6ca74b66f9ab24342d30f81b0ae3edeb8e7c36277ec
SSDeep	6144:hzfSSuvloD1DHJXB2GX1yMX93thlyrHyG569BrEBTlo38sqMZIdTRJ5QSj3n2:FRhDHJBIe91+64BRTMETRQQ3
Size	434688 bytes
File Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Detections	AntiVir = TR/Crypt.XPACK.Gen3 Avast = Win32:Pirminay-V Antiy-AVL = Trojan/Win32.Pirminay Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/CI.A nProtect = Gen:Variant.Kazy.26862 TrendMicro-HouseCall = TROJ_GEN.R72C2FO Comodo = TrojWare.Win32.Trojan.Agent.Gen CAT-QuickHeal = Trojan.Pirminay.itg McAfee-GW-Edition = Downloader.a!e DrWeb = Trojan.DownLoader3.43831 TrendMicro = TROJ_GEN.R72C2FO Kaspersky = Trojan.Win32.Pirminay.itg Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Pirminay.ITG!tr McAfee = Downloader.a!e F-Secure = Gen:Variant.Kazy.26862 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Pirminay-V AVG = Generic23.XHY Norman = W32/Suspicious_Gen2.MZFGU Sophos = Mal/Generic-L Symantec = Trojan.Gen GData = Gen:Variant.Kazy.26862 BitDefender = Gen:Variant.Kazy.26862
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:02:05 18:31:31-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 434176 Initialized Data Size : 4096 Uninitialized Data Size : 565248 Entry Point : 0xf4530 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.0 Product Version Number : 5.2.3790.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Lpjparvls Noxsfrjuhqa File Description : Server Appliance Admin Plugin File Version : 5.2.3790.0 (srv03_rtm.030324-2048) Internal Name : ADMINWEB.DLL Legal Copyright : © Eibnutlvm Aldjxlurtkd. All rights reserved. Original Filename : ADMINWEB.DLL Product Name : Rvqavhcvw® Iiidbav® Fbygfireg Teogui Product Version : 5.2.3790.0
VirusTotal Report submitted 2011-06-27 04:31:54
VirusShare info last updated 2012-07-26 16:50:48

	MD5	b9659005ccc161a0fa3a1b7cf2b69233
	SHA1	3b23ab0e57096f0a51afb814361743aee30c18e3
	SHA256	7e2b33bf8f1f746204bf9e1213e57e0c8f2ce8f133765c6f99528361f453f3b5
SSDeep	1536:2I2rBnBvoTM1u0CtS0ZSIDeRCOfWzjiVC86LsjYRO6qiWFHfGTjUrH7:R2dBv6MwSy9oWzGVCloEO2UrH7
Size	110592 bytes
File Type	PE32 executable (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/VB.Downloader.Gen Avast = Win32:Hosts-J [Trj] Ikarus = Trojan.Win32.Swisyn AhnLab-V3 = Trojan/Win32.Swisyn Panda = Trj/Qhost.LU Rising = Trojan.Win32.QHost.awf nProtect = Trojan/W32.QHosts.110592 K7AntiVirus = Trojan VirusBuster = Trojan.Swisyn!whPY1JLc4mw VBA32 = SScope.Trojan.VB.0609 eTrust-Vet = Win32/Swisyn.R TrendMicro-HouseCall = TROJ_FAM_00001e3.TOMA Emsisoft = Trojan.Win32.Swisyn!IK Comodo = TrojWare.Win32.Swisyn.C CAT-QuickHeal = TrojanDownloader.Ponmocup.A3 SUPERAntiSpyware = Trojan.Agent/Gen-HackHost McAfee-GW-Edition = Heuristic.BehavesLike.Win32.Downloader.A DrWeb = Trojan.Hosts.303 TrendMicro = TROJ_FAM_00001e3.TOMA Kaspersky = Trojan.Win32.Swisyn.jyb Microsoft = TrojanDownloader:Win32/Ponmocup.A ViRobot = Trojan.Win32.Swisyn.65024 Fortinet = W32/Swisyn.CQV!tr PCTools = Malware.Changeup Jiangmin = Trojan/Swisyn.cby McAfee = Swisyn.s ClamAV = Trojan.VB-43290 F-Secure = Trojan.QHosts.AVD VIPRE = Trojan.Win32.Swisyn.jyb (v) eSafe = Win32.TRVB.Downloade F-Prot = W32/Swisyn.E.gen!Eldorado AVG = Dropper.VB.CMD Norman = W32/Suspicious_Gen2.MSYFL Sophos = Mal/Swisyn-D GData = Trojan.QHosts.AVD Symantec = W32.Changeup!gen Commtouch = W32/Swisyn.E.gen!Eldorado TheHacker = Trojan/Swisyn.jyb BitDefender = Trojan.QHosts.AVD NOD32 = Win32/Qhost.NRX
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:13 10:28:38-04:00 PE Type : PE32 Linker Version : 6.0 Code Size : 8192 Initialized Data Size : 8192 Uninitialized Data Size : 0 Entry Point : 0x1088 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2011-11-23 20:26:57
VirusShare info last updated 2012-07-26 16:53:13

	MD5	ac9d33d7d96aad1830451fec78a0a861
	SHA1	896f1c70f1bcd95a92aea535260c4cc943d7425f
	SHA256	4527a3997dedf53f7761da7d69238fcdca5e897ad22fcd707d6032bb876b36ea
SSDeep	3072:120EFw8fBeVd0AwqawOMMcc9WdlFOSnl/BffzJXUV:12BJAwqapMLc96NXU
Size	139264 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Graftor.17637 Avast = Win32:Diller-DC [Trj] Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Webprefix Panda = Trj/Ponmocup.B K7AntiVirus = Riskware VirusBuster = Trojan.Ponmocup!e7FPk7M26S8 Emsisoft = Trojan.Win32.Webprefix!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Generic.dx!bdrv Fortinet = W32/Ponmocup.AZ!tr PCTools = Trojan.Gen McAfee = Generic.dx!bdrv F-Secure = Gen:Variant.Barys.580 VIPRE = Trojan.Win32.Generic!BT AVG = Agent3.BKLK Norman = W32/Troj_Generic.ARRZU GData = Gen:Variant.Barys.580 Symantec = Trojan.Gen.2 TheHacker = Trojan/Ponmocup.bj BitDefender = Gen:Variant.Barys.580 NOD32 = a variant of Win32/Ponmocup.BJ
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2012:03:13 20:00:00-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 81920 Initialized Data Size : 57344 Uninitialized Data Size : 0 Entry Point : 0xb4ad OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-05-30 16:49:37
VirusShare info last updated 2012-07-26 16:56:22

	MD5	8841c7f279b0d6fdab3f9a46f28593fa
	SHA1	f6a308a97ee1c49cdd8063460c6a2ac8dd76a78c
	SHA256	46428f2ae83921d5ca4689b89d1f2193eb1880d254de23a0c0749dd6416f88b9
SSDeep	1536:eOKC9Ha+y58M+JbhDQDwbYlwO1aWFRBLpBe/7IHakzdlC:eKaT8M+JkyYzFRjBeU6ulC
Size	89088 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Crypt.ZPACK.Gen2 Avast = Win32:Diller-DK [Trj] Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Webprefix AhnLab-V3 = Trojan/Win32.Diller Panda = Suspicious file nProtect = Trojan.Generic.7343393 K7AntiVirus = Riskware VirusBuster = Trojan.Ponmocup!yMVEgXJE+j8 TrendMicro-HouseCall = TROJ_GEN.R4FCDEQ Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Webprefix!IK McAfee-GW-Edition = Generic.dx!bdr4 TrendMicro = TROJ_GEN.R4FCDEQ Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!CB Fortinet = W32/Ponmocup.AZ!tr Jiangmin = Trojan/Generic.aepic McAfee = Generic.dx!bdr4 F-Secure = Trojan.Generic.7343393 VIPRE = Trojan.Win32.Generic!BT AVG = Agent3.BJXK Norman = W32/Suspicious_Gen4.XLCS Sophos = Troj/Virtum-Gen GData = Trojan.Generic.7343393 BitDefender = Trojan.Generic.7343393 NOD32 = a variant of Win32/Ponmocup.BF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2012:03:07 19:00:00-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 45056 Initialized Data Size : 49152 Uninitialized Data Size : 0 Entry Point : 0x25ad OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-05-30 16:43:48
VirusShare info last updated 2012-07-26 16:56:43

	MD5	825a9b60f415324f71350b4e930f42bd
	SHA1	dadfad597e980b94d6ef033e55f2d8389aa83f0a
	SHA256	4bf1fa26d2c56ef242455713990750e2992ac5520355d03cc8566bf283a240bb
SSDeep	6144:rwIs2d1x2MwU7r4JocqLR/6vZHek2qgV7Z8mm5LQ4wQijL7VnaJOYwI:rwyhwUHkPZB2qgV7Y5U4RE5oOY1
Size	251904 bytes
File Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Detections	AntiVir = ADWARE/Adware.Gen Avast = Win32:Dropper-JAK [Drp] Antiy-AVL = Trojan/Win32.Jorik.gen Ikarus = Trojan-Downloader.Win32.Ponmocup AhnLab-V3 = Trojan/Win32.Jorik Panda = Generic Trojan K7AntiVirus = Trojan VirusBuster = Trojan.Agent!b2PUiWJKgMo VBA32 = Trojan.Jorik.Pirminay.avw TrendMicro-HouseCall = TROJ_GEN.R72C7KB Emsisoft = Trojan-Downloader.Win32.Ponmocup!IK Comodo = TrojWare.Win32.Trojan.Agent.Gen CAT-QuickHeal = TrojanDownloader.Ponmocup.a McAfee-GW-Edition = Artemis!825A9B60F415 DrWeb = Trojan.DownLoader5.12411 TrendMicro = TROJ_GEN.R72C7KB Kaspersky = Trojan.Win32.Jorik.Pirminay.avw Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Agent.LNWZBOQ Jiangmin = Trojan/Generic.knvv McAfee = Artemis!825A9B60F415 F-Secure = Gen:Variant.Graftor.3421 VIPRE = Trojan.Win32.Generic!BT eSafe = Win32.GenVariant.Gra AVG = Generic25.BQGW Norman = W32/Obfuscated.L GData = Gen:Variant.Graftor.3421 TheHacker = Trojan/Jorik.Pirminay.avw BitDefender = Gen:Variant.Graftor.3421 NOD32 = a variant of Win32/Kryptik.XEF
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:30 02:01:14-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 249856 Initialized Data Size : 4096 Uninitialized Data Size : 45056 Entry Point : 0x48800 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 0.3.1536.1 Product Version Number : 1.10.2.20 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : CANON INC. File Description : Canon Inkjet Printer Driver File Version : 1.10.2.20 (fbl_dox_dev_ihvs.090312-0520) Internal Name : CNBBRxxx.DLL Legal Copyright : Copyright CANON INC. 2008 All Rights Reserved Original Filename : CNBBRxxx.DLL Product Name : Canon Inkjet Printer Driver Product Version : 1.10.2.20
VirusTotal Report submitted 2012-03-23 06:29:37
VirusShare info last updated 2012-07-26 16:58:34

	MD5	5d1f8b4e12dfd0ee73930ba7badc8a91
	SHA1	dd7d6eca6bb04c21c8fb18c048cf6658b893ffbb
	SHA256	501e8adc4195d10e29a274e016541ae2f11e761693e3cd5117eecfd482c202b5
SSDeep	1536:4/ibe8oKyrkQ2B6Vm8LijlDQmNQGrDK1yoSrq1rwlntpTt70Hp2K4:Q5thLiVQjGK1yA8ntpTt70
Size	147456 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Graftor.173521 Avast = Win32:Diller-DK [Trj] Ikarus = Trojan.Win32.Webprefix AhnLab-V3 = Trojan/Win32.Vundo Panda = Trj/Genetic.gen Rising = Trojan.Win32.Generic.12BBB9C2 K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_GEN.R01CDCK Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Webprefix!IK McAfee-GW-Edition = Vundo!oq TrendMicro = TROJ_GEN.R01CDCK Microsoft = Trojan:Win32/Vundo.gen!CA Fortinet = W32/Ponmocup.AZ!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.HUP!genus McAfee = Vundo!oq F-Secure = Gen:Variant.Graftor.17350 VIPRE = Virtumonde eSafe = Win32.TRGraftor F-Prot = W32/Agent.OG.gen!Eldorado AVG = Agent3.BJDF Norman = W32/Troj_Generic.APJLM Sophos = Troj/Virtum-Gen GData = Gen:Variant.Graftor.17350 Symantec = Trojan.Gen.2 Commtouch = W32/Agent.OG.gen!Eldorado TheHacker = Trojan/Ponmocup.az BitDefender = Gen:Variant.Graftor.17350 NOD32 = Win32/Ponmocup.AZ
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:03:27 18:28:44-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 69632 Initialized Data Size : 77824 Uninitialized Data Size : 0 Entry Point : 0x16ed OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Event Create File Version : 5.1.2600.0 (xpclient.010817-1148) Internal Name : EventCreate.exe Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : EvCreate.exe Product Name : Microsoft® Windows® Operating System Product Version : 5.1.2600.0
VirusTotal Report submitted 2012-05-30 20:04:35
VirusShare info last updated 2012-07-26 16:59:58

	MD5	f73523fcd33f7e276e8334a22f3a1ca4
	SHA1	ea9af9c6b214d14564934f48ed81e1b6cac7e063
	SHA256	52d897718a4188109e8dcc883f5b088e7e40338704c9244564bc3b275576a27b
SSDeep	6144:DfBCGe8ItEpn+vclOnxE8TkhDUkQXF2olD/BBLKymcrF4:DfGxEpnYwoF/N5BuBcrF
Size	393216 bytes
File Type	PE32 executable (GUI) Intel 80386, for MS Windows
Detections	Ikarus = Trojan-Downloader.Win32.Ponmocup McAfee-GW-Edition = Heuristic.BehavesLike.Win32.Suspicious.H VIPRE = Packed.Win32.Pirminay.a (v) NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:11:10 15:30:46-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 376832 Initialized Data Size : 307200 Uninitialized Data Size : 0 Entry Point : 0x5c206 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Lfthgugiw Eezuqvfdegw File Description : Remote Access AutoDial Helper File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : rasadhlp.dll Legal Copyright : © Iwahvdqbh Sgidyfrrmcv. All rights reserved. Original Filename : rasadhlp.dll Product Name : Difqvbzji® Setvzjb® Operating Ezeofz Product Version : 6.1.7600.16385
VirusTotal Report submitted 2011-04-01 00:10:24
VirusShare info last updated 2012-07-26 17:00:46

	MD5	925fefe63fd365f66d41bb8905eb9881
	SHA1	4e03f92549dea30d9249d77d93e4ca74d528769a
	SHA256	57698fbcce83d27b2df8a25f139d01179a4fb7ba9b5fbc2b1c1aaa5e3177c418
SSDeep	6144:qUtw3QEB0/VYNJtkopcr0fN9OjW0bQmbsQoXQposDB:qOy0/6NJPpcq9aW0MhQEHs
Size	271360 bytes
File Type	PE32 executable (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Crypt.ZPACK.Gen2 Avast = Win32:Malware-gen Ikarus = Trojan-Downloader.Win32.Renos AhnLab-V3 = Trojan/Win32.Pirminay Panda = Suspicious file nProtect = Trojan/W32.Vundo.271360 K7AntiVirus = Riskware VBA32 = Trojan.Pirminay.cnr TrendMicro-HouseCall = TROJ_RENOS.BMC Comodo = TrojWare.Win32.Trojan.Agent.Gen Emsisoft = Trojan-Downloader.Win32.Renos!IK CAT-QuickHeal = Trojan.Pirminay.bmw McAfee-GW-Edition = Downloader.a!cb DrWeb = Trojan.DownLoader3.3670 TrendMicro = TROJ_RENOS.BMC Kaspersky = Trojan.Win32.Pirminay.bmw Microsoft = TrojanDownloader:Win32/Renos.KC Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.ajn McAfee = Downloader.a!cb F-Secure = Gen:Variant.Riern.1 VIPRE = Packed.Win32.Pirminay.a (v) eSafe = Win32.TRCrypt.XPACK F-Prot = W32/FakeAlert.LP.gen!Eldorado AVG = Generic20.UMH Norman = W32/Kryptik.AIF Sophos = Mal/Ponmocup-A GData = Gen:Variant.Riern.1 Symantec = Trojan.Gen Commtouch = W32/FakeAlert.LP.gen!Eldorado TheHacker = Trojan/Pirminay.bmw BitDefender = Gen:Variant.Riern.1 NOD32 = a variant of Win32/Kryptik.ITU
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:01:17 09:01:36-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 16896 Initialized Data Size : 505344 Uninitialized Data Size : 0 Entry Point : 0x5032 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.5512 Product Version Number : 5.1.2600.5512 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Eap Peer Config File Version : 5.1.2600.5512 (xpsp.080413-0852) Internal Name : eappcfg.DLL Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : eappcfg.DLL Product Name : Microsoft® Windows® Operating System Product Version : 5.1.2600.5512
VirusTotal Report submitted 2012-05-15 12:54:35
VirusShare info last updated 2012-07-26 17:02:20

	MD5	5237bb3ed6aea2135681af210b6c9b01
	SHA1	978a8597b39002edeb9606ef9493365a4512ea2d
	SHA256	5c281ca9dc44e03cf64525e780c83138fb2f2cdd3adbf0abafedd5750dedf3e1
SSDeep	1536:KTzasKyHIqI1/eGUP38XPR5rHtgRXHzqoMIdcN2RcRM1ivZtKVsqzked6LGCPB+v:KasWqIA38vrBPIdkM1iBEVBkLwpWvoz
Size	119167 bytes
File Type	MS-DOS executable
Detections	Avast = Win32:Trojan-gen Ikarus = Trojan-Downloader.Win32.Ponmocup AhnLab-V3 = Trojan/Win32.Pirminay nProtect = Trojan.Generic.KDV.62138 K7AntiVirus = Trojan VBA32 = Trojan.Pirminay.aza Emsisoft = Trojan-Downloader.Win32.Ponmocup!IK Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-MalPE Kaspersky = Trojan.Win32.Pirminay.aza ViRobot = Trojan.Win32.Pirminay.326144 Fortinet = W32/Pirminay.AZA!tr PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.fl McAfee = Artemis!5237BB3ED6AE F-Secure = Trojan.Generic.KDV.62138 F-Prot = W32/Graftor.H.gen!Eldorado AVG = FakeAV.FEI Norman = W32/Suspicious_Gen4.dam GData = Trojan.Generic.KDV.62138 Symantec = Trojan.Gen Commtouch = W32/Graftor.H.gen!Eldorado TheHacker = Trojan/Kryptik.hzv BitDefender = Trojan.Generic.KDV.62138 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	Error : Unknown file type
VirusTotal Report submitted 2012-05-12 16:00:54
VirusShare info last updated 2012-07-26 17:05:02

	MD5	7c5881ae9e032d3174c26664da349f03
	SHA1	add72e46d80bed66e414cb4188a2c826a879126f
	SHA256	5d1fdb3447cf7d80f08c92bbc1fb76882553babe95fbf9beee7e7b7688c2472e
SSDeep	6144:mD5WyDIZjKSPy/eT00ODA21+YeIZZR7qkk6FGO:m8yHSPI0gkYNjGkbP
Size	243399 bytes
File Type	PE32 executable (GUI) Intel 80386, for MS Windows
Detections	Avast = Win32:Rootkit-gen [Rtk] Antiy-AVL = Trojan/Win32.Genome Ikarus = Trojan-Downloader.Win32.Ponmocup AhnLab-V3 = Trojan/Win32.Buzus K7AntiVirus = Riskware VBA32 = Trojan.Genome.aafjv Emsisoft = Trojan-Downloader.Win32.Ponmocup!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Heuristic.LooksLike.Win32.FakeXPA.B DrWeb = Trojan.MulDrop3.18256 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Kryptik.UEO Jiangmin = DangerousObject.Multi.aid McAfee = Artemis!7C5881AE9E03 F-Secure = Gen:Variant.Graftor.5775 eSafe = Win32.GenVariant.Gra AVG = Generic25.AQUR Norman = W32/Suspicious_Gen2.RVNFG GData = Gen:Variant.Graftor.5775 TheHacker = Trojan/Genome.aadik BitDefender = Gen:Variant.Graftor.5775 NOD32 = probably a variant of Win32/Kryptik.UEO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 8.0 Code Size : 28672 Initialized Data Size : 229376 Uninitialized Data Size : 0 Entry Point : 0x154b OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI Warning : Error processing PE data dictionary
VirusTotal Report submitted 2012-03-22 06:43:03
VirusShare info last updated 2012-07-26 17:05:41

	MD5	6b467bb979c8084b21aa736e22780252
	SHA1	030ecc51d5cf8b965ebacdfbae2356b239c3b6ca
	SHA256	5df0173689f99cf7f011abde90d1ec8bd6d02dbaf60309b6b1f75ca4b2d625b5
SSDeep	3072:7XmrQCFfWyxFIpFgb3elFOSnlOVW4DsIeXUV:78HFIbgraAVW4DoXU
Size	135168 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Graftor.17637 Avast = Win32:Diller-DC [Trj] Ikarus = Win32.SuspectCrc Panda = Generic Trojan K7AntiVirus = Riskware VirusBuster = Trojan.Ponmocup!keTwYxZM0/I TrendMicro-HouseCall = TROJ_GEN.R0ECEEL Emsisoft = Win32.SuspectCrc!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Generic.dx!bdsb TrendMicro = TROJ_GEN.R0ECEEL Fortinet = W32/Ponmocup.AZ!tr PCTools = Trojan.Gen McAfee = Generic.dx!bdsb F-Secure = Gen:Variant.Barys.2838 VIPRE = Trojan.Win32.Generic!BT AVG = Agent_r.BDZ Norman = W32/Troj_Generic.ARSBN GData = Gen:Variant.Barys.2838 Symantec = Trojan.Gen.2 TheHacker = Trojan/Ponmocup.bj BitDefender = Gen:Variant.Barys.2838 NOD32 = a variant of Win32/Ponmocup.BJ
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2012:03:10 19:00:00-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 81920 Initialized Data Size : 53248 Uninitialized Data Size : 0 Entry Point : 0xb4ad OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-05-30 20:10:13
VirusShare info last updated 2012-07-26 17:06:22

	MD5	2e65ab88ce8798fca9b27b677b5def39
	SHA1	57b44eaae6af4a1d51552dfe117a697f11a43de0
	SHA256	621cfd1776d2171999ea7f4792c75b41b881ba8a5d9d52d820cfb5b4b0c65dab
SSDeep	1536:aaQZqHa2yt8y2J/JbQDwLYVw2t5r0b85iWaYB9FKMCD2TfMapWHakmCCl0o:akaP8y2Jw6YLrLiQKD2Mac6Bl9
Size	89088 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Graftor.17528.3 Avast = Win32:Diller-DK [Trj] Ikarus = Trojan.Win32.Webprefix AhnLab-V3 = Trojan/Win32.Diller Panda = Suspicious file K7AntiVirus = Riskware VirusBuster = Trojan.Ponmocup!j/JCBziLP/M TrendMicro-HouseCall = TROJ_GEN.R4FCDEQ Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Webprefix!IK McAfee-GW-Edition = Artemis!2E65AB88CE87 TrendMicro = TROJ_GEN.R4FCDEQ Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!CB Fortinet = W32/Ponmocup.AZ!tr PCTools = Trojan.Gen McAfee = Artemis!2E65AB88CE87 F-Secure = Gen:Variant.Barys.738 VIPRE = Trojan.Win32.Generic!BT AVG = Agent3.BJUK Norman = W32/Suspicious_Gen4.WFCG Sophos = Troj/Virtum-Gen GData = Gen:Variant.Barys.738 Symantec = Trojan.Gen.2 TheHacker = Trojan/Ponmocup.bf BitDefender = Gen:Variant.Barys.738 NOD32 = a variant of Win32/Ponmocup.BF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2012:03:04 19:00:00-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 45056 Initialized Data Size : 49152 Uninitialized Data Size : 0 Entry Point : 0x25a9 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-05-30 19:44:58
VirusShare info last updated 2012-07-26 17:09:38

	MD5	98e92c076d854a67a2d7e458c21efc49
	SHA1	5489f4e9c1adb52be84cbf65f3e8e03c520d75d9
	SHA256	622aaa89c2abada562e897975c669476937709ecb949e19afff40d440678f05b
SSDeep	1536:SvJEbW2g8Hjy6r42B4nc8LijHrlm5zDayNyNP5v9uQgBIItWPHpFr3:S4WAHLYLinlMz5SvMfqItWP
Size	147456 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Graftor.173522 Avast = Win32:Diller-DK [Trj] Ikarus = Trojan.Win32.Webprefix AhnLab-V3 = Trojan/Win32.Vundo Panda = Trj/Genetic.gen K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_GEN.RC1C7CL Emsisoft = Trojan.Win32.Webprefix!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Vundo McAfee-GW-Edition = Artemis!98E92C076D85 TrendMicro = TROJ_GEN.RC1C7CL Microsoft = Trojan:Win32/Vundo.gen!CA Fortinet = W32/Ponmocup.AZ!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.HUP!genus McAfee = Artemis!98E92C076D85 F-Secure = Gen:Variant.Graftor.17350 VIPRE = Virtumonde F-Prot = W32/Agent.OG.gen!Eldorado AVG = Agent3.BJMH Norman = W32/Troj_Generic.AQUDZ Sophos = Troj/Virtum-Gen GData = Gen:Variant.Graftor.17350 Symantec = Trojan.Gen.2 Commtouch = W32/Agent.OG.gen!Eldorado TheHacker = Trojan/Ponmocup.bd BitDefender = Gen:Variant.Graftor.17350 NOD32 = a variant of Win32/Ponmocup.BD
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:03:27 18:28:44-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 69632 Initialized Data Size : 77824 Uninitialized Data Size : 0 Entry Point : 0x16ef OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Event Create File Version : 5.1.2600.0 (xpclient.010817-1148) Internal Name : EventCreate.exe Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : EvCreate.exe Product Name : Microsoft® Windows® Operating System Product Version : 5.1.2600.0
VirusTotal Report submitted 2012-05-30 20:26:53
VirusShare info last updated 2012-07-26 17:09:42

	MD5	e9937961274d91116b12335c2b5f0841
	SHA1	7555d27eb3019d5883b80ccd3b46d10444a78ce5
	SHA256	6618044247ddfda7506cd33db1c335737c7b9e817b357fa3b12d6c79f4409e1a
SSDeep	6144:azUiYKfsbvEoVNoE+1A98GBfexcxrFo7aU23z:aoiRfLoVMGB2xcb0I
Size	287744 bytes
File Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Detections	AntiVir = TR/Crypt.XPACK.Gen Avast = Win32:Trojan-gen Antiy-AVL = Trojan/Win32.Genome Ikarus = Trojan-Downloader.Win32.Ponmocup AhnLab-V3 = Trojan/Win32.Monder Panda = Suspicious file nProtect = Trojan/W32.Agent.287744.EV K7AntiVirus = Trojan VirusBuster = Trojan.Ponmocup!oGc+8hYLgO8 VBA32 = Trojan.Genome.yjof TrendMicro-HouseCall = TROJ_GEN.R47C7KD Emsisoft = Trojan-Downloader.Win32.Ponmocup!IK Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Genome.yxyv McAfee-GW-Edition = Heuristic.BehavesLike.Win32.ModifiedUPX.F DrWeb = Trojan.WinSpy.1014 TrendMicro = TROJ_GEN.R47C7KD Kaspersky = Trojan.Win32.Genome.yxyv Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Evx.BG!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.knvv McAfee = Generic.evx!bg F-Secure = Trojan.Generic.7219961 VIPRE = Trojan.Win32.Generic!BT eSafe = Win32.TRCrypt.XPACK AVG = Downloader.Generic12.ZQR Norman = W32/Suspicious_Gen2.SBOFI Sophos = Mal/Generic-L GData = Trojan.Generic.7219961 Symantec = Trojan.Gen TheHacker = Trojan/Ponmocup.aa BitDefender = Trojan.Generic.7219961 NOD32 = Win32/Ponmocup.AA
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 8.0 Code Size : 245760 Initialized Data Size : 4096 Uninitialized Data Size : 40960 Entry Point : 0x12ba OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 0.3.1536.1 Product Version Number : 1.10.2.11 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : CANON INC. File Description : Canon Inkjet Printer Driver File Version : 1.10.2.11 (fbl_dox_dev_ihvs.081016-1807) Internal Name : CNBBRxxx.DLL Legal Copyright : Copyright CANON INC. 2008 All Rights Reserved Original Filename : CNBBRxxx.DLL Product Name : Canon Inkjet Printer Driver Product Version : 1.10.2.11
VirusTotal Report submitted 2012-03-25 22:38:59
VirusShare info last updated 2012-07-26 17:13:02

	MD5	560843c19f9d8d0044acfa99b9dba1fe
	SHA1	e92c17e72abbb9aeec6a00751e2064e76fa98daf
	SHA256	6e9da2d25f5b2def0e3be1577d355e9da0b784b5c268abb1d07d67301cbc96fb
SSDeep	1536:OIk0+vh/H1rNyGlk2BEa38LiVXqYQmx4P8kb6Ll5ZqMxsPtAVVVVOab:OI49Vrl+LiVrQLPuB5sPtAVVVVOQ
Size	126976 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Graftor.15202.73 Avast = Win32:Diller-V [Trj] K7AntiVirus = Riskware Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Ponmocup.AMN!A2 McAfee-GW-Edition = Artemis!560843C19F9D McAfee = Generic.dx!bdsb F-Secure = Gen:Variant.Graftor.15202 VIPRE = Trojan.Win32.Generic!BT AVG = Downloader.Agent2.AZHZ Norman = W32/Troj_Generic.ARRTY GData = Gen:Variant.Graftor.15202 BitDefender = Gen:Variant.Graftor.15202 NOD32 = a variant of Win32/Ponmocup.AD
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2012:01:28 19:00:00-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 73728 Initialized Data Size : 49152 Uninitialized Data Size : 0 Entry Point : 0x18ef OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-03-24 08:47:57
VirusShare info last updated 2012-07-26 17:16:57

	MD5	877e1836ef0722467e1f0e60c2b17875
	SHA1	a5069cb0f3431eb3c32806e5322090725f65f600
	SHA256	731fb67573991adb1b9c76cd6ff7104dd9a57fa057fae6b3d0cd5cb04021edf3
SSDeep	6144:bgOviFZ3FvaZGCbuFaplyBWa2cf07oPxl9XzLDGO71iKFGOso/Qhm5Vsr8:b/iFdFv0GCbu9Wa2cf0cxLXjH4KF+lhm
Size	362496 bytes
File Type	PE32 executable (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Dldr.Ponmocup.A.191 Avast = Win32:Pirminay-R [Trj] Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Generic Trojan Rising = Trojan.Win32.Generic.1289CFC0 nProtect = Trojan/W32.Agent.362496.AR K7AntiVirus = Trojan TrendMicro-HouseCall = TROJ_GEN.R72C2D6 Comodo = TrojWare.Win32.Trojan.Agent.Gen Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = TrojanDownloader.Ponmocup.a McAfee-GW-Edition = Generic Downloader.x!fvh DrWeb = Trojan.Hosts.4225 TrendMicro = TROJ_GEN.R72C2D6 Kaspersky = Trojan.Win32.Pirminay.elu ViRobot = Trojan.Win32.Pirminay.362496 Microsoft = TrojanDownloader:Win32/Ponmocup.A Jiangmin = Trojan/Pirminay.pu McAfee = Generic Downloader.x!fvh F-Secure = Trojan.Generic.KDV.172878 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Pirminay-R [Trj] eSafe = Win32.TRDldr.Ponmocu AVG = Generic21.BLKJ Norman = W32/Obfuscated.L Sophos = Mal/Generic-L GData = Trojan.Generic.KDV.172878 TheHacker = Trojan/Pirminay.elu BitDefender = Trojan.Generic.KDV.172878 NOD32 = a variant of Win32/Injector.FXK
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:08:15 17:43:02-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 61440 Initialized Data Size : 598016 Uninitialized Data Size : 0 Entry Point : 0xb94b OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 4.0.2.7523 Product Version Number : 4.0.2.7523 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Vgfvkwmfv Oswqwhxakgj File Description : Gbjywezif FrontPage Server Administration Snapin File Version : 4.0.2.7523 Original Filename : FPMMC.DLL Legal Copyright : Copyright © 1995-1999 Microsoft Oaihhhytdam, All rights reserved. Legal Trademark 1 : Rvubgvopk®, Xbenfcb®, and FrontPage® are registered trademarks of Ouhrpajyf Dbibbqexdrv, and WebBot is a trademark of Cnntwnjac Yykamswwggp, in the United States and/or other countries. Product Name : Microsoft® FrontPage® 2000 Product Version : 4.0.2.7523
VirusTotal Report submitted 2011-07-21 20:11:19
VirusShare info last updated 2012-07-26 17:18:55

	MD5	a9dac204b002bb8c871d65325a951dd7
	SHA1	fc667f619c399a44c72513391f2d08162767bce5
	SHA256	791ce7d4549033dbc27e51dc284c73532e5879ea697e260e8f105fcfa13f06f8
SSDeep	3072:r20EFw8fBeKXC+0AwqawOMMcc9DlFOSnlrBffztXUV:r2BMAwqapMLc9bFXU
Size	139264 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Graftor.17637 Avast = Win32:Diller-DC [Trj] Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Webprefix Panda = Trj/Ponmocup.B K7AntiVirus = Riskware VirusBuster = Trojan.Ponmocup!8V6cOJm4j/w Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Webprefix!IK McAfee-GW-Edition = Artemis!A9DAC204B002 Fortinet = W32/Ponmocup.AZ!tr McAfee = Artemis!A9DAC204B002 F-Secure = Gen:Variant.Barys.580 VIPRE = Trojan.Win32.Generic!BT AVG = Agent3.BKLK Norman = W32/Troj_Generic.ARRZK GData = Gen:Variant.Barys.580 TheHacker = Trojan/Ponmocup.bj BitDefender = Gen:Variant.Barys.580 NOD32 = a variant of Win32/Ponmocup.BJ
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2012:03:13 20:00:00-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 81920 Initialized Data Size : 57344 Uninitialized Data Size : 0 Entry Point : 0xb4ad OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-05-30 16:48:40
VirusShare info last updated 2012-07-26 17:21:36

	MD5	e8b4b811d030c70633f8cfa48709213c
	SHA1	a6d6879bc75490081d1c403c950c9ae6668a7573
	SHA256	7d05e729bacfc31c325f5c18d7b780ad94c484cabf4aba492693f2100cd0a58b
SSDeep	3072:pXmrQCFfWlxFIpFgb3jlFOSnlNVW4DsILXUV:p8WFIbgr7nVW4DBXU
Size	135168 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Graftor.17637 Avast = Win32:Diller-DC [Trj] Ikarus = Win32.SuspectCrc K7AntiVirus = Riskware VirusBuster = Trojan.Ponmocup!kL/aDdnNmQo Comodo = UnclassifiedMalware Emsisoft = Win32.SuspectCrc!IK McAfee-GW-Edition = Artemis!E8B4B811D030 Fortinet = W32/Ponmocup.AZ!tr McAfee = Artemis!E8B4B811D030 F-Secure = Gen:Variant.Graftor.17637 VIPRE = Trojan.Win32.Generic!BT AVG = Agent_r.BDZ GData = Gen:Variant.Graftor.17637 TheHacker = Trojan/Ponmocup.bj BitDefender = Gen:Variant.Graftor.17637 NOD32 = a variant of Win32/Ponmocup.BJ
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2012:03:10 19:00:00-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 81920 Initialized Data Size : 53248 Uninitialized Data Size : 0 Entry Point : 0xb4ad OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-05-30 17:04:19
VirusShare info last updated 2012-07-26 17:23:03

	MD5	9946e965911d7c704512a680f5a1f4d1
	SHA1	914b6d0d152a0f59e0f6d5516ffe35092776167b
	SHA256	7f52b1f0c2b6041b62759396a7f788730e618c3b31d01f851445e87863153a3d
SSDeep	1536:CGaE9Ha+y58M+JbhDQDwbYlwO1aWFRHthm0I1yc1YwFuL0T4HakzdlG:CIaT8M+JkyYzFRNhm0Ip2wFul6ulG
Size	89088 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Graftor.17528.43 Avast = Win32:Diller-DK [Trj] Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Webprefix AhnLab-V3 = Trojan/Win32.Diller Panda = Suspicious file K7AntiVirus = Riskware VirusBuster = Trojan.Ponmocup!gryblDiftxs TrendMicro-HouseCall = TROJ_GEN.R4FCDEN Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Webprefix!IK McAfee-GW-Edition = Generic.dx!bdrs TrendMicro = TROJ_GEN.R4FCDEN Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!CB Fortinet = W32/Ponmocup.AZ!tr Jiangmin = Trojan/Generic.aepic McAfee = Generic.dx!bdrs F-Secure = Gen:Variant.Barys.2146 VIPRE = Trojan.Win32.Generic!BT AVG = Agent3.BJXK Norman = W32/Troj_Generic.ARKDY Sophos = Troj/Virtum-Gen GData = Gen:Variant.Barys.2146 TheHacker = Trojan/Ponmocup.bf BitDefender = Gen:Variant.Barys.2146 NOD32 = a variant of Win32/Ponmocup.BF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2012:03:10 19:00:00-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 45056 Initialized Data Size : 49152 Uninitialized Data Size : 0 Entry Point : 0x25ad OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-05-30 16:45:46
VirusShare info last updated 2012-07-26 17:23:56

	MD5	5cbd36d95b2329c02152112a957ce639
	SHA1	91e92845b83e662e127af8b046c353c4b396335d
	SHA256	81d8bd4180835a1b3fe27e4b63a683d84d9110e782b3ed99c7bff46a1f160f07
SSDeep	6144:qdNYeBb+Zbl8EhDKf100QRchpvhYt4tZrsle:6N2bw00QChpvSSYe
Size	245760 bytes
File Type	PE32 executable (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Graftor.1139.3 Avast = Win32:Trojan-gen Antiy-AVL = Trojan/Win32.Jorik Ikarus = Trojan-Downloader.Win32.Ponmocup AhnLab-V3 = Trojan/Win32.Pirminay Panda = Suspicious file K7AntiVirus = Trojan VirusBuster = Trojan.Kryptik!XfX39ngN+PI VBA32 = Trojan.Jorik.Pirminay.aor TrendMicro-HouseCall = TROJ_GEN.R42C9JL Comodo = UnclassifiedMalware Emsisoft = Trojan-Downloader.Win32.Ponmocup!IK CAT-QuickHeal = Trojan.Jorik.Pirminay.aor McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.Packed.21871 TrendMicro = TROJ_GEN.R42C9JL Kaspersky = Trojan.Win32.Jorik.Pirminay.aor Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Virtum.MS!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.knvv McAfee = Generic Malware.ms F-Secure = Gen:Variant.Graftor.1139 VIPRE = Trojan.Win32.Generic!BT eSafe = Win32.TRGraftor AVG = Generic25.AIMB Norman = W32/Obfuscated.L Sophos = Troj/Virtum-Gen GData = Gen:Variant.Graftor.1139 Symantec = Trojan.Gen TheHacker = Trojan/Kryptik.ufa BitDefender = Gen:Variant.Graftor.1139 NOD32 = a variant of Win32/Kryptik.UFA
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 16384 Initialized Data Size : 237568 Uninitialized Data Size : 0 Entry Point : 0x128e OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 2 Language Code : Neutral Character Set : Unicode Company Name : Vmwpqtsnz Itnnuuimmgt File Description : Belarusian Keyboard Layout File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : kbdblr (3.13) Legal Copyright : © Rlmfcwalb Glajkqonpdw. All rights reserved. Original Filename : kbdblr.dll Product Name : Efonsnjxj® Jixbrkx® Bjewyoqev Niilje Product Version : 6.1.7600.16385
VirusTotal Report submitted 2012-03-21 01:56:29
VirusShare info last updated 2012-07-26 17:25:03

	MD5	65761dc507d223669cb79c38f5b0a4b1
	SHA1	a27a799dbfa0c1b0e6df3f30965712da476782d8
	SHA256	82cba16f3efafbfdaf49a11c0ec972dee7fa2b2ce9bf3f5e60716ccef146a923
SSDeep	3072:Gr6jivr+AMX2zJyHBhgnL89ipsmeHHqQp7rplOeId5RcW1EM:dOMX2zJyhhgrum+mLWQ1
Size	146432 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Kazy.YS Avast = Win32:Diller-DK [Trj] Ikarus = Trojan.Win32.Webprefix Panda = Trj/Genetic.gen K7AntiVirus = Riskware VirusBuster = Trojan.Ponmocup!twpkp9yzfR8 TrendMicro-HouseCall = TROJ_GEN.R4FCEE4 Emsisoft = Trojan.Win32.Webprefix!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Generic.dx!bdrk TrendMicro = TROJ_GEN.R4FCEE4 Fortinet = W32/Ponmocup.AZ!tr PCTools = Trojan.Gen McAfee = Generic.dx!bdrk F-Secure = Gen:Variant.Graftor.16660 VIPRE = Trojan.Win32.Generic!BT eSafe = Win32.TRKazy.Ys AVG = Agent3.BIWY Norman = W32/Troj_Generic.APEYZ GData = Gen:Variant.Graftor.16660 Symantec = Trojan.Gen.2 TheHacker = Trojan/Ponmocup.at BitDefender = Gen:Variant.Graftor.16660 NOD32 = a variant of Win32/Ponmocup.AT
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2012:02:19 19:00:00-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 94208 Initialized Data Size : 57344 Uninitialized Data Size : 0 Entry Point : 0xe515 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.0.2134.1 Product Version Number : 5.0.2134.1 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Ioznjhvhq Kvipqvfiyur File Description : Create a Briefcase File Version : 5.00.2134.1 Internal Name : syncapp Legal Copyright : Copyright (C) Rptldtbks Corp. 1991-1999 Original Filename : SYNCAPP.EXE Product Name : Gtjjohtst(R) Lwbdicn (R) 2000 Ayozwrfxv System Product Version : 5.00.2134.1
VirusTotal Report submitted 2012-05-30 16:40:30
VirusShare info last updated 2012-07-26 17:25:27

	MD5	8aef58f7fc01a5cf6ff6dc1bf23e5602
	SHA1	db04f21ff86fb13c9908ae1b5fdb85d06af3c71f
	SHA256	92964a62a989118baae1e10c96b96d15ea0f3b7e593a0d3a594f49d8261a798c
SSDeep	12288:wXkjfAo+00LmgYNOH0nRZPhIfpoCTJHdN+/L:mo+1mgYOH0nnhjgrN+/L
Size	401858 bytes
File Type	PE32 executable (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Spy.401845 Avast = Win32:Kryptik-BLF [Trj] Ikarus = Trojan.Win32.Pirminay K7AntiVirus = Riskware VirusBuster = Trojan.Agent!GQTD9pITbks Comodo = TrojWare.Win32.Trojan.Agent.Gen Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.DownLoader4.47727 Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Kryptik.ANL!tr Jiangmin = Trojan/Pirminay.tt McAfee = Generic Malware.ms VIPRE = Trojan.Win32.Generic!BT AVG = Generic22.BR Norman = W32/Kryptik.AIF GData = Gen:Variant.Vundo.11 Symantec = Trojan.Gen TheHacker = Trojan/Pirminay.fdt BitDefender = Gen:Variant.Vundo.11 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:12 14:13:41-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 77824 Initialized Data Size : 630784 Uninitialized Data Size : 0 Entry Point : 0x1318c OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Unicode Company Name : Nuawdfuth Vvjeavkgphw File Description : Virtual WiFi Bus Driver File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : VWiFiBus.sys Legal Copyright : © Irxrlzomg Svalqtoyspi. All rights reserved. Original Filename : VWiFiBus.sys Product Name : Rjpeyzlhi® Doeeaff® Vmkslwdyo Xhlqwh Product Version : 6.1.7600.16385
VirusTotal Report submitted 2012-04-11 17:30:44
VirusShare info last updated 2012-07-26 17:31:48

	MD5	0d217cdcc4300f191dd4525615b81bfd
	SHA1	f3d127ef8747ec25ebd2f31c4afffe000dba50c8
	SHA256	93f2621c77fadf5461ce33ebb18ba5c53a6f0cfc3a25d6834b22af403829fae9
SSDeep	3072:fk3vXYXD+9wDUfoTnwwiJuLqYhZOqoT2MIJvJLizJEj+AtFduDxBYygHBW:fPXD+9IUfwBeYhVCIZT+BTe
Size	199680 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Crypt.ZPACK.Gen2 Avast = Win32:Diller-BW [Trj] Ikarus = Win32.Diller AhnLab-V3 = Trojan/Win32.Genome Panda = Trj/Agent.HFM Rising = Trojan.Win32.Generic.12BB97A0 K7AntiVirus = Riskware VirusBuster = Trojan.Ponmocup!5gGDXNvtZzA TrendMicro-HouseCall = TROJ_GEN.R4FCEEE Comodo = UnclassifiedMalware Emsisoft = Win32.Diller!IK McAfee-GW-Edition = Generic.dx!bdpz TrendMicro = TROJ_GEN.R4FCEEE Microsoft = VirTool:Win32/Obfuscator.WE Fortinet = W32/Ponmocup.AZ!tr PCTools = Trojan.Gen McAfee = Generic.dx!bdpz F-Secure = Gen:Variant.Barys.407 VIPRE = Trojan.Win32.Generic!BT AVG = Agent3.BIXX Norman = W32/Troj_Generic.APEPT GData = Gen:Variant.Barys.407 Symantec = Trojan.Gen TheHacker = Trojan/Ponmocup.au BitDefender = Gen:Variant.Barys.407 NOD32 = a variant of Win32/Ponmocup.AU
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2012:02:13 19:00:00-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 151552 Initialized Data Size : 57344 Uninitialized Data Size : 0 Entry Point : 0x1508b OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-05-30 19:29:17
VirusShare info last updated 2012-07-26 17:32:20

	MD5	13ea9a0cd305f450ac373fa2d0ba1d14
	SHA1	6093a4759a879ec3493c20ac100cee422dad649a
	SHA256	9975ed0963201fe5a9241da7d5940adfb654c3b78e9ec1823709567228013bec
SSDeep	1536:iXZpeS2KXh9tDvXtz+Xv9egoUCLVNpxlqrcnwZILBkeDCp6ZE:iV2KXtD/F+7CpXecwZ8B1DvZ
Size	84992 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Ponmocup.A Avast = Win32:Diller-AF [Trj] Ikarus = Win32.Diller nProtect = Trojan.Generic.KDV.578507 K7AntiVirus = Riskware VirusBuster = Trojan.Ponmocup!CeHqWUDvFHM TrendMicro-HouseCall = TROJ_GEN.R4FCDEF Comodo = UnclassifiedMalware Emsisoft = Win32.Diller!IK McAfee-GW-Edition = Artemis!13EA9A0CD305 TrendMicro = TROJ_GEN.R4FCDEF Microsoft = Trojan:Win32/Vundo.gen!CA Fortinet = W32/Ponmocup.AA PCTools = Trojan.Gen McAfee = Artemis!13EA9A0CD305 F-Secure = Trojan.Generic.KDV.578507 VIPRE = Virtumonde F-Prot = W32/Agent.OG.gen!Eldorado AVG = Downloader.Agent2.AZHW Norman = W32/Troj_Generic.ARRFS GData = Trojan.Generic.KDV.578507 Symantec = Trojan.Gen.2 Commtouch = W32/Agent.OG.gen!Eldorado TheHacker = Trojan/Ponmocup.aa BitDefender = Trojan.Generic.KDV.578507 NOD32 = Win32/Ponmocup.AA
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:03:14 14:04:01-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 45056 Initialized Data Size : 49152 Uninitialized Data Size : 0 Entry Point : 0x1c89 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-05-30 19:31:55
VirusShare info last updated 2012-07-26 17:34:12

	MD5	a95c881b908a5d082f1104aa1bd6e5f8
	SHA1	99f92984853ed0a8fbd2a1d7655c78baa6adbfe6
	SHA256	42009807539d7e8c6b20eb20a25ef457f091e8196bf75d05570ed4578aade5e7
SSDeep	3072:Rj7QMGadv2QbN1anPCfRHRmn88Ny0lizBn6C96gIOrv5xpd+7DY5c+Q:1Tv2Qbu+oNmp6C96gXvxd+Q5w
Size	163840 bytes
File Type	PE32 executable (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/VB.Downloader.Gen Avast = Win32:Hosts-J [Trj] Ikarus = Trojan.Win32.Swisyn AhnLab-V3 = Trojan/Win32.Swisyn Panda = Trj/Qhost.LU Rising = Trojan.Win32.QHost.awf nProtect = Trojan/W32.Swisyn.163840.L K7AntiVirus = Trojan VirusBuster = Trojan.Swisyn!whPY1JLc4mw VBA32 = SScope.Trojan.VB.0609 eTrust-Vet = Win32/Swisyn.R TrendMicro-HouseCall = TROJ_FAM_00001e3.TOMA Emsisoft = Trojan.Win32.Swisyn!IK Comodo = TrojWare.Win32.Swisyn.C CAT-QuickHeal = TrojanDownloader.Ponmocup.A3 McAfee-GW-Edition = Swisyn.s DrWeb = Trojan.Hosts.303 TrendMicro = TROJ_FAM_00001e3.TOMA Kaspersky = Trojan.Win32.Swisyn.jyb Microsoft = TrojanDownloader:Win32/Ponmocup.A ViRobot = Trojan.Win32.Swisyn.65024 Fortinet = W32/Swisyn.CQV!tr PCTools = Malware.Changeup Jiangmin = Trojan/Swisyn.cby ClamAV = Trojan.VB-43290 F-Secure = Trojan.QHosts.AVD VIPRE = Trojan.Win32.Swisyn.jyb (v) eSafe = Win32.TRVB.Downloade F-Prot = W32/Swisyn.E.gen!Eldorado AVG = Dropper.VB.CMD Norman = W32/Suspicious_Gen2.MTKKM Sophos = Mal/Swisyn-D Symantec = W32.Changeup!gen GData = Trojan.QHosts.AVD Commtouch = W32/Swisyn.E.gen!Eldorado TheHacker = Trojan/Swisyn.jyb BitDefender = Trojan.QHosts.AVD NOD32 = Win32/Qhost.NRX
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:13 10:28:38-04:00 PE Type : PE32 Linker Version : 6.0 Code Size : 8192 Initialized Data Size : 8192 Uninitialized Data Size : 0 Entry Point : 0x1088 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2011-10-20 23:00:46
VirusShare info last updated 2012-07-26 17:34:23

	MD5	0e13563398cdd112d1de37bc09451ae8
	SHA1	a0fa04ce2e9ebe780498e7d5ad1794d61cdff170
	SHA256	adc565a359b1d314a9c735829224d2a469fda5b593d934d67c9dd808cf8e3c8f
SSDeep	1536:qrLZnnFLQuw7mLse9RvDLqe0gluFxNk9Cjt:CzQLmBvD29glWvKCj
Size	66048 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Crypt.XPACK.Gen Avast = Win32:Suprchu [Adw] Antiy-AVL = Trojan/Win32.Virtumonde Ikarus = Win32.SuspectCrc Panda = Suspicious file K7AntiVirus = Riskware eTrust-Vet = Win32/Vundo.K!generic TrendMicro-HouseCall = TROJ_GEN.R21C7B4 Comodo = TrojWare.Win32.Ponmocup.aa Emsisoft = Win32.SuspectCrc!IK McAfee-GW-Edition = Vundo!oh DrWeb = Trojan.WinSpy.1558 TrendMicro = TROJ_GEN.R21C7B4 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.TMS!tr Jiangmin = DangerousObject.Multi.enl McAfee = Vundo!oh F-Secure = Gen:Variant.Graftor.1470 VIPRE = Trojan.Win32.Encpk.acf (v) F-Prot = W32/GenTroj.A.gen!Eldorado AVG = Generic25.PBH Norman = W32/Troj_Generic.OUVH Sophos = Troj/Virtum-Gen GData = Gen:Variant.Graftor.1470 Symantec = Trojan.Gen Commtouch = W32/GenTroj.A.gen!Eldorado TheHacker = Trojan/Ponmocup.aa BitDefender = Gen:Variant.Graftor.1470 NOD32 = Win32/Ponmocup.AA
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 20480 Initialized Data Size : 49152 Uninitialized Data Size : 0 Entry Point : 0x140e OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Network object shell UI File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : ntlanui2 Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : ntlanui2.dll Product Name : Microsoft® Windows® Operating System Product Version : 6.1.7600.16385
VirusTotal Report submitted 2012-03-25 23:20:07
VirusShare info last updated 2012-07-26 17:45:01

	MD5	fafddf5f88ab79b829b8b3f40d8ab875
	SHA1	47448a562c952aa1d111dd6928381a3ce338ffc5
	SHA256	afc1b7fe383eb7dae25a1bfb167f0a7e906bf41390256f59ac54939c32236f47
SSDeep	1536:PzeW6oi4sy3s42B6p68LijJjTm+9DE+Yz8lCBFItpPHpUK3:PwAzJLihTf9DEBokfItpP
Size	147456 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Graftor.173521 Avast = Win32:Diller-DK [Trj] Ikarus = Trojan.Win32.Webprefix AhnLab-V3 = Trojan/Win32.Vundo Panda = Trj/Genetic.gen K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_GEN.R4FCCED Emsisoft = Trojan.Win32.Webprefix!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Vundo!or TrendMicro = TROJ_GEN.R4FCCED Microsoft = Trojan:Win32/Vundo.gen!CA Fortinet = W32/Ponmocup.AZ!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.HUP!genus McAfee = Vundo!or F-Secure = Gen:Variant.Graftor.17350 VIPRE = Virtumonde eSafe = Win32.TRGraftor F-Prot = W32/Agent.OG.gen!Eldorado AVG = Agent3.BJSG Norman = W32/Troj_Generic.APOEX Sophos = Troj/Virtum-Gen GData = Gen:Variant.Graftor.17350 Symantec = Trojan.Gen.2 Commtouch = W32/Agent.OG.gen!Eldorado TheHacker = Trojan/Ponmocup.bd BitDefender = Gen:Variant.Graftor.17350 NOD32 = a variant of Win32/Ponmocup.BD
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:03:27 18:28:44-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 69632 Initialized Data Size : 77824 Uninitialized Data Size : 0 Entry Point : 0x16ed OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Event Create File Version : 5.1.2600.0 (xpclient.010817-1148) Internal Name : EventCreate.exe Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : EvCreate.exe Product Name : Microsoft® Windows® Operating System Product Version : 5.1.2600.0
VirusTotal Report submitted 2012-05-30 17:09:18
VirusShare info last updated 2012-07-26 17:46:23

	MD5	e99be4c0cdf17b335c4e43ad8c92eada
	SHA1	bd344009692111a90018a97e95585e6346932cb1
	SHA256	b11ca8576bbce98608924c84e4d3892d2450babc069b96f14de775033e3bc009
SSDeep	6144:X7ZSRCVrwYJ7PEduK+fvrZZxoKGpPBEbbe1fHFFYmd6ra3tOF9OnChwvtb:X7wi0E7PFK+Ltxs56IFimdlETwvtb
Size	345629 bytes
File Type	PE32 executable (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Crypt.XPACK.Gen3 Avast = Win32:Kryptik-AZJ Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Swisyn.345629 Panda = Trj/CI.A nProtect = Gen:Variant.Zbot.34 K7AntiVirus = Riskware VBA32 = Trojan.Pirminay.eor TrendMicro-HouseCall = TROJ_GEN.R3EC2DL Comodo = UnclassifiedMalware CAT-QuickHeal = Trojan.Pirminay.eor McAfee-GW-Edition = Generic Downloader.x!fye TrendMicro = TROJ_GEN.R3EC2DL Kaspersky = Trojan.Win32.Pirminay.eor Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Pirminay.EOR!tr Jiangmin = Trojan/Pirminay.qs McAfee = Generic Downloader.x!fye F-Secure = Gen:Variant.Zbot.34 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Kryptik-AZJ AVG = Generic21.BFFY Norman = W32/Obfuscated.L Sophos = Mal/Ponmocup-A Symantec = WS.Reputation.1 GData = Gen:Variant.Zbot.34 TheHacker = Trojan/Pirminay.ekb BitDefender = Gen:Variant.Zbot.34 NOD32 = a variant of Win32/Kryptik.NDZ
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:08:01 18:54:42-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 327680 Initialized Data Size : 319488 Uninitialized Data Size : 0 Entry Point : 0x4db72 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Ilxdhlunh Yycvbcxpyhm File Description : Jqbblwvdb ODBC Desktop Driver Pack 3.5 File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : odbcji32.dll Legal Copyright : © Ddpjkricr Rmczqqqdhzs. All rights reserved. Original Filename : odbcji32.dll Product Name : Microsoft® Rntordq® Tnwrptaup Gquqmn Product Version : 6.1.7600.16385
VirusTotal Report submitted 2011-06-21 08:55:32
VirusShare info last updated 2012-07-26 17:47:26

	MD5	8d42b9534fe3e51bfcbd634f3bbe5586
	SHA1	623a604d9bbf10b6217589f1fdb3040ff3da2ea8
	SHA256	ba6dfd7029295c899c01a5792698b7fb41d354ea979526862cb6549d6e05054e
SSDeep	1536:7yR2Gyaxsy8ILM1OCVFMYos6dD1qV60xNNC9xp+C0fYo7vQoYk3yNSRDgCX6:7yRLyaxZLlEFZ6vqVwbp+CeFYSRDgCq
Size	118784 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Graftor.17460.6 Avast = Win32:Diller-BZ [Trj] Ikarus = Trojan.Win32.Webprefix Panda = Trj/Agent.JYA K7AntiVirus = Riskware Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Webprefix!IK McAfee-GW-Edition = Artemis!8D42B9534FE3 McAfee = Artemis!8D42B9534FE3 F-Secure = Gen:Variant.Graftor.17460 VIPRE = Trojan.Win32.Generic!BT AVG = Agent3.BIXW GData = Gen:Variant.Graftor.17460 BitDefender = Gen:Variant.Graftor.17460 NOD32 = Win32/Ponmocup.AV
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2012:02:17 19:00:00-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 65536 Initialized Data Size : 53248 Uninitialized Data Size : 0 Entry Point : 0x692f OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-03-20 19:38:20
VirusShare info last updated 2012-07-26 17:52:36

	MD5	16c20d430331843dd99ebcc7e8af05bd
	SHA1	e12d0d26d30f9d97ac793297b15498f0374858d0
	SHA256	bbdd005e22912125c65580d4a95015dcc039ec70dab7230bcba6bf00e32770ad
SSDeep	1536:49luS961OUNJ92BMZN8Li5IpZwVmhYE+i7SSkGzp1EOEIfLFMwtJA2:4J9VYYLiWc6hbnkGLE+TFMwtJR
Size	115200 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Offend.kdv.557063 Avast = Win32:Diller-CF [Trj] Ikarus = Trojan.SuspectCRC nProtect = Trojan.Generic.KDV.557063 K7AntiVirus = Riskware Comodo = UnclassifiedMalware Emsisoft = Trojan.SuspectCRC!IK McAfee-GW-Edition = Generic.dx!bdj4 Fortinet = W32/Ponmocup.AX McAfee = Generic.dx!bdj4 F-Secure = Trojan.Generic.KDV.557063 VIPRE = Trojan.Win32.Generic!BT AVG = Agent3.BJFF Norman = W32/Suspicious_Gen4.TUTU GData = Trojan.Generic.KDV.557063 Symantec = Trojan Horse BitDefender = Trojan.Generic.KDV.557063 NOD32 = Win32/Ponmocup.AX
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:03:23 15:38:30-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 69632 Initialized Data Size : 49152 Uninitialized Data Size : 0 Entry Point : 0x16d7 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-03-10 16:55:11
VirusShare info last updated 2012-07-26 17:53:28

	MD5	d2e5f62d644564d9608d340efbad6782
	SHA1	c86588a8247c524a20aeeffb5e58fe02e168905a
	SHA256	bf363cbb6d0b715fcc43b59e1391094a30d87e6d81250a9a079d0153a5a0e8ed
SSDeep	1536:2IXidmqd9ymEpzC3hnexF8EFLGsrkVh1CAPdCjlTrQbQAF0E0rwPyR3HUsr3xydD:RXemqWXp2n7EnydxEAF2rayR3ZrMy5iv
Size	131584 bytes
File Type	PE32 executable (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/VB.Downloader.Gen Avast = Win32:Hosts-J [Trj] Ikarus = Trojan.Win32.Swisyn AhnLab-V3 = Trojan/Win32.Swisyn Panda = Trj/Qhost.LU Rising = Trojan.Win32.QHost.awf nProtect = Trojan.Qhosts.AVO K7AntiVirus = Trojan VirusBuster = Trojan.Swisyn!whPY1JLc4mw VBA32 = SScope.Trojan.VB.0609 eTrust-Vet = Win32/Swisyn.R TrendMicro-HouseCall = TROJ_FAM_00001e3.TOMA Comodo = TrojWare.Win32.Swisyn.C Emsisoft = Trojan.Win32.Swisyn!IK CAT-QuickHeal = TrojanDownloader.Ponmocup.A3 SUPERAntiSpyware = Trojan.Agent/Gen-Qhost McAfee-GW-Edition = Heuristic.BehavesLike.Win32.Downloader.A DrWeb = Trojan.Siggen.461 TrendMicro = TROJ_FAM_00001e3.TOMA Kaspersky = Trojan.Win32.Swisyn.jyb Microsoft = TrojanDownloader:Win32/Ponmocup.A ViRobot = Trojan.Win32.Swisyn.65024 Fortinet = W32/Swisyn.CQV!tr PCTools = Malware.Changeup Jiangmin = Trojan/Swisyn.cby McAfee = Swisyn.s ClamAV = Trojan.VB-43290 F-Secure = Trojan.Qhosts.AVO VIPRE = Trojan.Win32.Swisyn.jyb (v) F-Prot = W32/Swisyn.E.gen!Eldorado AVG = Dropper.VB.CMD Norman = W32/DLoader.ACMAD Sophos = Mal/Swisyn-D GData = Trojan.Qhosts.AVO Symantec = W32.Changeup!gen Commtouch = W32/Swisyn.E.gen!Eldorado TheHacker = Trojan/Swisyn.jyb BitDefender = Trojan.Qhosts.AVO NOD32 = Win32/Qhost.NRX
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:13 10:28:38-04:00 PE Type : PE32 Linker Version : 6.0 Code Size : 8192 Initialized Data Size : 8192 Uninitialized Data Size : 0 Entry Point : 0x1088 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-04-02 08:49:22
VirusShare info last updated 2012-07-26 17:55:16

	MD5	a67a43cb741eec60b6493bd5546f3526
	SHA1	c0e7d3e97e46dcbc9482828cea5d64ef46e304bb
	SHA256	3f913498858cf54a0d9c6ecc62310366cdb00edbd5786e49cb537e74c7245ec7
SSDeep	3072:Fp/D2XPplcXMs4sZ5kNc00XsoTKl7zktgOBkppIQaS2VVwEHSsFiAZdAJnT8IaJe:n/SXBl36XRvck+YY1J4IaKdVq16
Size	248292 bytes
File Type	PE32 executable (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Crypt.XPACK.Gen2 Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Pirminay Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Dropper/Malware.248292 Panda = Suspicious file K7AntiVirus = Riskware VBA32 = Trojan.Pirminay.aea TrendMicro-HouseCall = TROJ_GEN.R11C2K9 Comodo = TrojWare.Win32.Trojan.Agent.Gen McAfee-GW-Edition = Generic Downloader.x!ens TrendMicro = TROJ_GEN.R11C2K9 Kaspersky = Trojan.Win32.Pirminay.asa Microsoft = TrojanDownloader:Win32/Ponmocup.A PCTools = Trojan.ADH Jiangmin = Trojan/Pirminay.yz McAfee = Generic Downloader.x!ens F-Secure = Gen:Trojan.Heur.RP.pq1@aaHLmhji VIPRE = Packed.Win32.Pirminay.a (v) Avast5 = Win32:Malware-gen F-Prot = W32/FakeAlert.LP.gen!Eldorado AVG = Generic19.BOLW Norman = W32/Suspicious_Gen2.FIZDV Sophos = Mal/Generic-L Symantec = Trojan.ADH GData = Gen:Trojan.Heur.RP.pq1@aaHLmhji Commtouch = W32/FakeAlert.LP.gen!Eldorado TheHacker = Trojan/Kryptik.hkb BitDefender = Gen:Trojan.Heur.RP.pq1@aaHLmhji NOD32 = a variant of Win32/Kryptik.HKB
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:04:17 20:40:52-04:00 PE Type : PE32 Linker Version : 4.20 Code Size : 11264 Initialized Data Size : 468992 Uninitialized Data Size : 0 Entry Point : 0x3a08 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 4.0.2.5322 Product Version Number : 4.0.2.5322 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Microsoft FrontPage VSS Interface DLL File Version : 4.0.2.5322 Original Filename : FP30VSS.DLL Legal Copyright : Copyright © 1995-1999 Microsoft Corporation, All rights reserved. Legal Trademark 1 : Microsoft®, Windows®, and FrontPage® are registered trademarks of Microsoft Corporation, and WebBot is a trademark of Microsoft Corporation, in the United States and/or other countries. Product Name : Microsoft® FrontPage® 2000 Product Version : 4.0.2.5322
VirusTotal Report submitted 2011-06-23 08:22:44
VirusShare info last updated 2012-07-26 17:56:10

	MD5	965c9d8aa7b5754ce1ce273680133f23
	SHA1	ce25007b82810bde2d776f806eac27c60375ce9b
	SHA256	ed6c36f35b3cbbc00a2144087c8dac7ef5d8ee5e1fa4d65a487d6718962844fe
SSDeep	6144:nYY6EHYNVB7Tj3oUdTC+nIUd1SlqIJ2g/FneYajtal6/:+E2VB7TEUdTCtZJ2uFJa5w6/
Size	308121 bytes
File Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Detections	AntiVir = TR/Dldr.Ponmocup.A.292 Avast = Win32:Kryptik-DEL [Trj] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/CI.A nProtect = Trojan.Generic.KDV.253107 K7AntiVirus = Riskware VirusBuster = Trojan.Agent!TVaPlnzJ4Xg TrendMicro-HouseCall = TROJ_SPNR.15L611 Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Pirminay.pcd McAfee-GW-Edition = Downloader.a!vl DrWeb = Trojan.Hosts.4835 TrendMicro = TROJ_SPNR.15L611 Kaspersky = Trojan.Win32.Pirminay.pcd Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Kryptik.ANL!tr PCTools = Downloader.Generic Jiangmin = Trojan/Pirminay.adt McAfee = Downloader.a!vl F-Secure = Trojan.Generic.KDV.253107 VIPRE = Trojan.Win32.Generic!BT AVG = Generic23.FEY Norman = W32/Kryptik.AIF Sophos = Mal/Ponmocup-A GData = Trojan.Generic.KDV.253107 Symantec = Downloader TheHacker = Trojan/Pirminay.ihh BitDefender = Trojan.Generic.KDV.253107 NOD32 = probably a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:10:21 09:36:59-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 307200 Initialized Data Size : 4096 Uninitialized Data Size : 393216 Entry Point : 0xab470 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.5479.0 Product Version Number : 6.0.5479.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 1 Language Code : English (U.S.) Character Set : Unicode Company Name : SEIKO EPSON CORPORATION File Description : EPSON Printer Driver File Version : 6.0.5479.0 (vbl_wcp_d2_drivers.060616-1619) Internal Name : ep0lvr1f.dll Legal Copyright : Copyright (c) SEIKO EPSON CORPORATION 2003-2004. All rights reserved. Original Filename : ep0lvr1f.dll Product Name : EPSON Printer Driver Product Version : 6.0.5479.0
VirusTotal Report submitted 2012-07-02 01:12:05
VirusShare info last updated 2012-07-26 18:05:56

	MD5	b0dc0ccbc8cf5ab695a1c629eebec90a
	SHA1	90a1549f97a331fc1ab63d43096e48610f6375ff
	SHA256	cfb798f4972c8fde2379e60d38d1da0f6deaa116b4f0fdb5edaaf57ce3fc19fa
SSDeep	6144:2rtKZK5W2WEwHU8LINaNybxr2hZK1mr5eNrE0sAJ3HXwh3R8Qo+QqLxf0:ktWUbfILIQNix2h0IV6rrJ38Ho+nS
Size	346632 bytes
File Type	PE32 executable (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Spy.ZBot.34.20 Avast = Win32:Zbot-NAI Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/CI.A VirusBuster = TrojanSpy.ZBot!9dsSJZRxsd0 McAfee-GW-Edition = Artemis!B0DC0CCBC8CF Kaspersky = Trojan.Win32.Pirminay.euz Microsoft = TrojanDownloader:Win32/Ponmocup.A McAfee = Artemis!B0DC0CCBC8CF VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Zbot-NAI AVG = Downloader.Generic11.PRZ Norman = W32/Suspicious_Gen2.KSNCE Sophos = Mal/Generic-L Symantec = Trojan.ADH GData = Gen:Variant.Zbot.34 TheHacker = Trojan/Pirminay.euu BitDefender = Gen:Variant.Zbot.34 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:04:01 11:44:35-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 40960 Initialized Data Size : 593920 Uninitialized Data Size : 0 Entry Point : 0x7a62 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.70.7713.0 Product Version Number : 2.70.7713.0 File Flags Mask : 0x0003 File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Cuaqmupgw Zvdfxguhlya File Description : Fzybndxip Data Access - OLE DB Transaction Proxies/Stubs File Version : 2.70.7713.0 Internal Name : msxactps.dll Legal Copyright : Copyright (C) Hicnhxxwo Corp. 1997-2001 Original Filename : msxactps.dll Product Name : Guxlshbwc Data Access Components Product Version : 2.70.7713.0 Ole Self Register :
VirusTotal Report submitted 2011-04-10 08:28:14
VirusShare info last updated 2012-07-26 18:07:12

	MD5	bd5219e59caecb81c8de58b5dc3d7516
	SHA1	d643df84959a2374aae7db2b0a97f7bb2ba87bb9
	SHA256	807a28f8c865a6d5f419e4a1793effacc12459d555e34b4f49e865eb6fc8d0a1
SSDeep	6144:ubrqTmyrytq40njYb9V2ry+Bg98HPEbDXmyOT0bbhaEWGzNCdEJNu9Gg:yuTmyetqfnjYbqrBq8HPWDTOWbtCdT5
Size	314649 bytes
File Type	PE32 executable (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Dldr.Ponmocup.A.224 Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Pirminay Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Suspicious file nProtect = Gen:Variant.Riern.1 K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_GEN.R26C1FK CAT-QuickHeal = Win32.TrojanDownloader.Renos.KC.4 McAfee-GW-Edition = Generic Downloader.x!ens TrendMicro = TROJ_GEN.R26C1FK Kaspersky = Trojan.Win32.Pirminay.cdw Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Pirminay.A!tr PCTools = HeurEngine.MaliciousPacker McAfee = Generic Downloader.x!ens F-Secure = Gen:Variant.Riern.1 VIPRE = Packed.Win32.Pirminay.a (v) Avast5 = Win32:Malware-gen F-Prot = W32/FakeAlert.LP.gen!Eldorado AVG = Generic23.TAE Norman = W32/Suspicious_Gen2.MXRRV Sophos = Mal/Ponmocup-A Symantec = Packed.Generic.305 GData = Gen:Variant.Riern.1 Commtouch = W32/FakeAlert.LP.gen!Eldorado BitDefender = Gen:Variant.Riern.1 NOD32 = a variant of Win32/Kryptik.GAB
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:10:08 11:45:22-04:00 PE Type : PE32 Linker Version : 5.12 Code Size : 26112 Initialized Data Size : 570368 Uninitialized Data Size : 0 Entry Point : 0x739c OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 3.525.1022.0 Product Version Number : 3.525.1022.0 File Flags Mask : 0x0003 File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Microsoft Data Access - ODBC Driver Generic Thunk File Version : 3.525.1022.0 (srv03_rtm.030324-2048) Internal Name : ODBC32GT Legal Copyright : Copyright (C) Microsoft Corporation 1990-2000 Original Filename : ODBC32GT Product Name : Microsoft Data Access Components Product Version : 3.525.1022.0
VirusTotal Report submitted 2011-06-23 16:02:09
VirusShare info last updated 2012-07-26 18:13:03

	MD5	b136719e3ad93c7e6e15163fe3d483a6
	SHA1	d81f64f284bcd4cbf5d6fd3b27468842e1fad73a
	SHA256	969a74b991460f39f347cd4df70cf6f95193ec6b0781abd10eceb739dfd94c98
SSDeep	3072:RSowCo8INNZtFffvhQFGA3DlJI5HdhHzVWsTaLQpzxUi8ZAeRFTC7W6g:UJCotF/hQcQJCHddH7zR8ZLf+G
Size	175104 bytes
File Type	PE32 executable (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/VB.Downloader.Gen Avast = Win32:Hosts-J [Trj] Ikarus = Trojan.Win32.Swisyn AhnLab-V3 = Trojan/Win32.Swisyn Panda = Trj/Qhost.LU nProtect = Trojan/W32.QHosts.175104 K7AntiVirus = Trojan VirusBuster = Trojan.Swisyn!whPY1JLc4mw VBA32 = SScope.Trojan.VB.0609 eTrust-Vet = Win32/Swisyn.R TrendMicro-HouseCall = TROJ_FAM_00001e3.TOMA Comodo = TrojWare.Win32.Swisyn.C Emsisoft = Trojan.Win32.Swisyn!IK McAfee-GW-Edition = Swisyn.s DrWeb = Trojan.Hosts.303 TrendMicro = TROJ_FAM_00001e3.TOMA Kaspersky = Trojan.Win32.Swisyn.jyb Microsoft = TrojanDownloader:Win32/Ponmocup.A ViRobot = Trojan.Win32.Swisyn.65024 Fortinet = W32/Swisyn.CQV!tr PCTools = Malware.Changeup Jiangmin = Trojan/Swisyn.cby McAfee = Swisyn.s ClamAV = Trojan.VB-43290 F-Secure = Trojan.QHosts.AVD VIPRE = Trojan.Win32.Swisyn.jyb (v) eSafe = Win32.TRVB.Downloade F-Prot = W32/Swisyn.E.gen!Eldorado AVG = Dropper.VB.CMD Norman = W32/Suspicious_Gen2.MTMLU Sophos = Mal/Swisyn-D GData = Trojan.QHosts.AVD Symantec = W32.Changeup!gen Commtouch = W32/Swisyn.E.gen!Eldorado TheHacker = Trojan/Swisyn.jyb BitDefender = Trojan.QHosts.AVD NOD32 = Win32/Qhost.NRX
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:13 10:28:38-04:00 PE Type : PE32 Linker Version : 6.0 Code Size : 8192 Initialized Data Size : 8192 Uninitialized Data Size : 0 Entry Point : 0x1088 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2011-10-21 22:11:29
VirusShare info last updated 2012-07-26 18:14:31

	MD5	cc4d3340927075f683f3c54b3d623cc4
	SHA1	040404ef96c908cd4c39efd70cc6ab4b7b1e1c97
	SHA256	d8420348dc5ef6d906a60e4ffb4a368289b7c38865bc706e7043ef60a314197a
SSDeep	6144:4393C136S/a09+4k8yJhVhR8wpEAqRM5HKwftV5oQDQ6o/:2CQdVNDt8wp1qRMrVwiQV
Size	275456 bytes
File Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Detections	AntiVir = TR/Drop.Gorycat.A Avast = Win32:Rootkit-gen [Rtk] Antiy-AVL = Trojan/Win32.Qhost.gen Ikarus = Trojan-Downloader.Win32.Ponmocup AhnLab-V3 = Win-Trojan/Ponmocup.275456 Panda = Generic Trojan nProtect = Trojan.Inject.ADK K7AntiVirus = Trojan VirusBuster = Trojan.DL.Agent!q8VETiJOc74 VBA32 = Trojan.Qhost.znb TrendMicro-HouseCall = TROJ_DLOADR.WC Comodo = TrojWare.Win32.Trojan.Agent.Gen Emsisoft = Trojan-Downloader.Win32.Ponmocup!IK McAfee-GW-Edition = Generic.evx!bf DrWeb = Trojan.Qhost.3848 TrendMicro = TROJ_DLOADR.WC Kaspersky = Trojan.Win32.Qhost.znb ViRobot = Trojan.Win32.A.Qhost.275456.A[UPX] Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Qhost.ZNB!tr PCTools = 62703 TotalDefense = Win32/Ponmocup.A Jiangmin = DangerousObject.Multi.aid McAfee = Generic.evx!bf F-Secure = Trojan.Inject.ADK VIPRE = Trojan.Win32.Generic!BT eSafe = Win32.GenVariant.Gra F-Prot = W32/Qhost.AX AVG = Generic25.BHKA Norman = W32/Obfuscated.L Sophos = Troj/Drop-GR GData = Trojan.Inject.ADK Symantec = Trojan.Milicenso Commtouch = W32/Qhost.AX BitDefender = Trojan.Inject.ADK NOD32 = Win32/Ponmocup.AA
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:03:20 17:21:55-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 266240 Initialized Data Size : 12288 Uninitialized Data Size : 49152 Entry Point : 0x4d330 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1.0.0.6 Product Version Number : 1.0.0.6 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 1 Language Code : Greek Character Set : Unicode Company Name : Brother Industries LTD. File Description : File Version : 1, 0, 0, 6 (fbl_dox_dev_ihvs.081017-0249) Internal Name : brmzui13.dll Legal Copyright : Πνευματικά δικαιώματα © Brother Industries LTD., 2006 Original Filename : brmzui13.dll Product Name : Περιβάλλον εργασίας χρήστη BR HB Product Version : 1.00.0000.6
VirusTotal Report submitted 2012-05-24 08:31:47
VirusShare info last updated 2012-07-26 18:14:38

	MD5	f68c042cf430bed286f4583ac8384924
	SHA1	7ee4b33573424fa67b8da5de66d7c054b545f350
	SHA256	48e5e133ff126173483475f9d82776453f92340801be9fb86ea9c0aba22b41cb
SSDeep	6144:K9Wo3oBIuIbUf0ktBOKzfXYsMD7+zYBqQ1AD4dYAz:KweprYD2KzXYsQ7+zYt1Y6z
Size	281571 bytes
File Type	MS-DOS executable
Detections	Avast = Win32:Trojan-gen Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan-Downloader.Win32.Ponmocup nProtect = Trojan.Generic.KDV.62138 Emsisoft = Trojan-Downloader.Win32.Ponmocup!IK Kaspersky = Trojan.Win32.Pirminay.aza ViRobot = Trojan.Win32.Pirminay.326144 Jiangmin = Trojan/Pirminay.fl F-Secure = Trojan.Generic.KDV.62138 Prevx = High Risk Cloaked Malware Avast5 = Win32:Trojan-gen GData = Trojan.Generic.KDV.62138 TheHacker = Trojan/Kryptik.hzv BitDefender = Trojan.Generic.KDV.62138 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	Error : Unknown file type
VirusTotal Report submitted 2011-01-21 00:20:29
VirusShare info last updated 2012-07-26 18:17:51

	MD5	8ed8956189a31c288b284964b48f9ff0
	SHA1	8924e1ba29de483a5a7406e5c75ad930793eab5c
	SHA256	dc8aa4e034ecf95a13b31ff4215e49c72c65c91bb63168b86bde9da0fb1690ca
SSDeep	6144:3ENWWi0N5mF1jRDrqL2nu1RIwaqpakE3u3fBzCeT3j:U80N5w1Rpnk92j3GfBOen
Size	360546 bytes
File Type	PE32 executable (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.ADH Panda = Suspicious file K7AntiVirus = Riskware VirusBuster = Trojan.Agent!fuAmtcQ6OAM VBA32 = Trojan.Pirminay.eyk Emsisoft = Trojan.Win32.Pirminay!IK Comodo = TrojWare.Win32.Trojan.Agent.Gen SUPERAntiSpyware = Trojan.Agent/Gen-Faker McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.DownLoader5.26177 Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Kryptik.ANL!tr Jiangmin = Trojan/Pirminay.zj McAfee = Generic Malware.ms F-Secure = Gen:Variant.Riern.1 VIPRE = Trojan.Win32.Generic!BT AVG = Generic22.HH GData = Gen:Variant.Riern.1 Symantec = Trojan.Gen TheHacker = Trojan/Pirminay.eyi BitDefender = Gen:Variant.Riern.1 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:08:31 17:41:01-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 36864 Initialized Data Size : 643072 Uninitialized Data Size : 0 Entry Point : 0x65f7 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Ojnuuzdqn Nxqibwnjato File Description : OpenGL Utility Library DLL File Version : 6.0.6000.16386 (eecqk_rtm.061101-2205) Internal Name : glu32 Legal Copyright : © Cwqvrtldy Oyebmihvhbe. All rights reserved. Original Filename : glu32 Product Name : Jzuxdfsqw® Frmqskn® Ujcyrosjm Icfpjk Product Version : 6.0.6000.16386
VirusTotal Report submitted 2012-03-26 07:15:02
VirusShare info last updated 2012-07-26 18:24:35

	MD5	a0e05f3c450baadc9a5550bc4798cddd
	SHA1	e134232063eb7b43f3797b2dc2b7dea453535136
	SHA256	88b2a82f711206db518b72929f6a7fa05dc12037624f55317b68b1a934e31433
SSDeep	12288:zZV3UwHzRblv8ej9nUNJsuR6WOkP0QNigsv7Oq:z3fiTUWOkP0Q/sv7f
Size	437637 bytes
File Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Detections	AntiVir = TR/Spy.437866 Avast = Win32:Pirminay-AF [Trj] Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.ADH Panda = Suspicious file nProtect = Trojan.Generic.6143563 K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!uneHLZYQHQI TrendMicro-HouseCall = TROJ_RENOS.BMC Comodo = TrojWare.Win32.Trojan.Agent.Gen Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Downloader.a!el DrWeb = Trojan.DownLoader4.60579 TrendMicro = TROJ_RENOS.BMC Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = PossibleThreat PCTools = Trojan.Gen Jiangmin = Trojan/Generic.gook McAfee = Downloader.a!el ClamAV = Trojan.Genome-278 F-Secure = Trojan.Generic.6143563 VIPRE = Trojan.Win32.Generic!BT AVG = Generic23.AWP Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Trojan.Generic.6143563 Symantec = Trojan.Gen TheHacker = Trojan/Genome.ubqm BitDefender = Trojan.Generic.6143563 NOD32 = probably a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:11:12 17:13:46-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 438272 Initialized Data Size : 4096 Uninitialized Data Size : 569344 Entry Point : 0xf5ea0 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 8.1.7502.0 Product Version Number : 8.1.7502.0 File Flags Mask : 0x003f File Flags : Private build File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Grcsghpus Tjhpdhewehv File Description : XML Resources for Win32 File Version : 8.1.7502.0 Internal Name : MSXML2R.dll Legal Copyright : © Uquwxhtdg Aiclybqecqs. All rights reserved. Original Filename : MSXML2R.dll Product Name : Yijlbpifg Data Access Components Product Version : 8.1.7502.0 Ole Self Register :
VirusTotal Report submitted 2012-04-04 17:20:01
VirusShare info last updated 2012-07-26 18:28:46

	MD5	c98840e898511978e0f57db45b872cae
	SHA1	ecab2850acf890be4c246f44a5f5591464bfdfd0
	SHA256	545315698bcc3ae22b63b9d7f78e1230e38534f89ce6e24d7c28c12c078c21f3
SSDeep	3072:RYSda6E/kHPkWZm5RYpXJzDAuX0/Ndt0146fKfS2w65qlV8cy:KSda6E/kHP51pXJzDAhdya8aS2p3h
Size	134656 bytes
File Type	PE32 executable (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/VB.Downloader.Gen Avast = Win32:Hosts-J [Trj] Ikarus = Trojan.Win32.Swisyn AhnLab-V3 = Trojan/Win32.Swisyn Panda = Trj/Qhost.LU nProtect = Trojan/W32.QHosts.134656 K7AntiVirus = Trojan VirusBuster = Trojan.Swisyn!whPY1JLc4mw VBA32 = SScope.Trojan.VB.0609 eTrust-Vet = Win32/Swisyn.R TrendMicro-HouseCall = TROJ_FAM_00001e3.TOMA Comodo = TrojWare.Win32.Swisyn.C Emsisoft = Trojan.Win32.Swisyn!IK CAT-QuickHeal = TrojanDownloader.Ponmocup.A3 SUPERAntiSpyware = Trojan.Agent/Gen-HackHost McAfee-GW-Edition = Heuristic.BehavesLike.Win32.Downloader.A DrWeb = Trojan.Hosts.303 TrendMicro = TROJ_FAM_00001e3.TOMA Kaspersky = Trojan.Win32.Swisyn.jyb Microsoft = TrojanDownloader:Win32/Ponmocup.A ViRobot = Trojan.Win32.Swisyn.65024 Fortinet = W32/Swisyn.CQV!tr PCTools = Malware.Changeup Jiangmin = Trojan/Swisyn.cby McAfee = Swisyn.s ClamAV = Trojan.VB-43290 F-Secure = Trojan.QHosts.AVD VIPRE = Trojan.Win32.Swisyn.jyb (v) eSafe = Win32.TRVB.Downloade F-Prot = W32/Swisyn.E.gen!Eldorado AVG = Dropper.VB.CMD Norman = W32/Suspicious_Gen2.MTKSE Sophos = Mal/Swisyn-D GData = Trojan.QHosts.AVD Symantec = W32.Changeup!gen Commtouch = W32/Swisyn.E.gen!Eldorado TheHacker = Trojan/Swisyn.jyb BitDefender = Trojan.QHosts.AVD NOD32 = Win32/Qhost.NRX
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:13 10:28:38-04:00 PE Type : PE32 Linker Version : 6.0 Code Size : 8192 Initialized Data Size : 8192 Uninitialized Data Size : 0 Entry Point : 0x1088 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2011-10-21 03:45:31
VirusShare info last updated 2012-07-26 18:39:25

	MD5	afcf1eb6f61da519e288d28e845c6c17
	SHA1	9e85422c4734bd8bd5338a906953a4c2a16ad107
	SHA256	ef6bcb700078074058d851eac9ab9684d35c34f1b17e3df02d7d2b66855471c9
SSDeep	1536:FyNMlsdqHjy6pg2B4Re8LijBBhmA4eFS+TQezC12hLdoEMItlc+HpFrb:FVsQHLmLiThl4eM2QSk6LWEMItlB
Size	147456 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Graftor.173522 Avast = Win32:Diller-DK [Trj] Antiy-AVL = Trojan/win32.agent.gen Ikarus = Trojan.Win32.Webprefix AhnLab-V3 = Trojan/Win32.Vundo Panda = Trj/Genetic.gen K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_GEN.R49C7CI Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Webprefix!IK McAfee-GW-Edition = Artemis!AFCF1EB6F61D TrendMicro = TROJ_GEN.R49C7CI Microsoft = Trojan:Win32/Vundo.gen!CA Fortinet = W32/Ponmocup.AZ!tr TotalDefense = Win32/Vundo.HUP!genus McAfee = Artemis!AFCF1EB6F61D F-Secure = Gen:Variant.Graftor.17350 VIPRE = Trojan.Win32.Generic!BT eSafe = Win32.TRGraftor F-Prot = W32/Agent.OG.gen!Eldorado AVG = Agent3.BJMI Norman = W32/Troj_Generic.APEYY Sophos = Troj/Virtum-Gen GData = Gen:Variant.Graftor.17350 Commtouch = W32/Agent.OG.gen!Eldorado TheHacker = Trojan/Ponmocup.bd BitDefender = Gen:Variant.Graftor.17350 NOD32 = a variant of Win32/Ponmocup.BD
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:03:27 18:28:44-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 69632 Initialized Data Size : 77824 Uninitialized Data Size : 0 Entry Point : 0x16ef OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Event Create File Version : 5.1.2600.0 (xpclient.010817-1148) Internal Name : EventCreate.exe Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : EvCreate.exe Product Name : Microsoft® Windows® Operating System Product Version : 5.1.2600.0
VirusTotal Report submitted 2012-05-30 16:50:22
VirusShare info last updated 2012-07-26 18:41:05

	MD5	92c8544c1c7adf92526a13a0a65f3ee7
	SHA1	2b9a0a9eba815e34333c619af26aca73c26d55bb
	SHA256	f377c6bd5e25c85c49452932163cfe3e42fe445cbe8721460df5e013d4bbfe0a
SSDeep	1536:POJEbW2g8Hjy6r42B4nc8LijHrlm5zDayNyNP5v9uQoEBIItgPHpFr3:PTWAHLYLinloz5SvM6qItgP
Size	147456 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Graftor.173522 Avast = Win32:Diller-DK [Trj] Ikarus = Trojan.Win32.Webprefix AhnLab-V3 = Trojan/Win32.Vundo Panda = Trj/Genetic.gen K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_GEN.R3EC7CG Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Webprefix!IK CAT-QuickHeal = Trojan.Vundo.ca McAfee-GW-Edition = Vundo!on TrendMicro = TROJ_GEN.R3EC7CG Microsoft = Trojan:Win32/Vundo.gen!CA Fortinet = W32/Ponmocup.AZ!tr TotalDefense = Win32/Vundo.HUP!genus McAfee = Vundo!on F-Secure = Gen:Variant.Graftor.17350 VIPRE = Virtumonde F-Prot = W32/Agent.OG.gen!Eldorado AVG = Agent3.BJMH Norman = W32/Troj_Generic.ANGMN Sophos = Troj/Virtum-Gen GData = Gen:Variant.Graftor.17350 Symantec = WS.Reputation.1 Commtouch = W32/Agent.OG.gen!Eldorado TheHacker = Trojan/Ponmocup.bd BitDefender = Gen:Variant.Graftor.17350 NOD32 = a variant of Win32/Ponmocup.BD
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:03:27 18:28:44-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 69632 Initialized Data Size : 77824 Uninitialized Data Size : 0 Entry Point : 0x16ef OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Event Create File Version : 5.1.2600.0 (xpclient.010817-1148) Internal Name : EventCreate.exe Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : EvCreate.exe Product Name : Microsoft® Windows® Operating System Product Version : 5.1.2600.0
VirusTotal Report submitted 2012-05-30 20:25:50
VirusShare info last updated 2012-07-26 18:43:49

	MD5	5c2f2e3c3f21ad241bd2fabc3a4baa9a
	SHA1	b522fa11c2b7767e2b4c26837939c0ed16704bbe
	SHA256	f7cf010fbcc1a394cf26a0ef46224a332a529a9c99e6ae12191d0f9a098d3a25
SSDeep	1536:V42HABZQlbwLd/jSz7DMppGnRLM3ghKLc7WVx7OAJPjNGbw9iyWw+1VtX2t:oQiY7DFlMQ8Lc7WqAJPjNGbw9iyWw+1i
Size	87040 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Crypt.XPACK.Gen Avast = Win32:Suprchu [Adw] Antiy-AVL = Trojan/Win32.Genome Ikarus = Trojan.SuspectCRC AhnLab-V3 = Trojan/Win32.HDC Panda = Suspicious file Rising = Trojan.Win32.Ponmocup.a K7AntiVirus = Riskware VirusBuster = Trojan.Ponmocup!lsB2nHuMZ+4 TrendMicro-HouseCall = TROJ_GEN.R4FCCCG Emsisoft = Trojan.SuspectCRC!IK Comodo = TrojWare.Win32.Ponmocup.aa CAT-QuickHeal = Trojan.Vundo McAfee-GW-Edition = Vundo!om TrendMicro = TROJ_GEN.R4FCCCG Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.TMS!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.K!generic Jiangmin = DangerousObject.Multi.cmj McAfee = Vundo!om F-Secure = Gen:Variant.Graftor.1470 VIPRE = Virtumonde F-Prot = W32/GenTroj.A.gen!Eldorado AVG = Generic25.PFV Norman = W32/Troj_Generic.AKUNV Sophos = Troj/Virtum-Gen GData = Gen:Variant.Graftor.1470 Symantec = Trojan.Gen.2 Commtouch = W32/GenTroj.A.gen!Eldorado TheHacker = Trojan/Kryptik.tms BitDefender = Gen:Variant.Graftor.1470 NOD32 = Win32/Ponmocup.AA
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 20480 Initialized Data Size : 69632 Uninitialized Data Size : 0 Entry Point : 0x140a OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.0.3000.11 Product Version Number : 5.0.3000.11 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 1 Language Code : Czech Character Set : Unicode Company Name : Brother Industries, Ltd. File Description : brclrui.dll File Version : 5.0.3000.11 (vbl_wcp_d2_drivers.060616-1619) Internal Name : brclrui.dll Legal Copyright : Copyright © Brother Industries, Ltd. 2002 Original Filename : brclrui.dll Product Name : Operacni system Aknwrhrcy® Oavwxnf® Product Version : 5.0.3000.11
VirusTotal Report submitted 2012-05-30 20:04:12
VirusShare info last updated 2012-07-26 18:46:45

	MD5	03415adaaec09d5d9efb7234f6838539
	SHA1	717a6871f681dfb4ea35e6ea31cb0b5bb4e5947e
	SHA256	fa142d8feda0abab933138376284bfa9615f5caf7c67d7023754577960eb8a3d
SSDeep	3072:Hjkvr+AMX2zJBHBhgnL89ipsmeHUqQp7rpl2eId5RcW1PM:HUMX2zJBhhgrum+pLWQ0
Size	146432 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Kazy.YS Avast = Win32:Diller-CD [Trj] Ikarus = Trojan.Win32.Webprefix Panda = Suspicious file Emsisoft = Trojan.Win32.Webprefix!IK F-Secure = Gen:Variant.Graftor.16660 AVG = Agent3.BIWY GData = Gen:Variant.Graftor.16660 BitDefender = Gen:Variant.Graftor.16660 NOD32 = a variant of Win32/Ponmocup.AT
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2012:02:19 19:00:00-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 94208 Initialized Data Size : 57344 Uninitialized Data Size : 0 Entry Point : 0xe515 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.0.2134.1 Product Version Number : 5.0.2134.1 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Ioznjhvhq Kvipqvfiyur File Description : Create a Briefcase File Version : 5.00.2134.1 Internal Name : syncapp Legal Copyright : Copyright (C) Rptldtbks Corp. 1991-1999 Original Filename : SYNCAPP.EXE Product Name : Gtjjohtst(R) Lwbdicn (R) 2000 Ayozwrfxv System Product Version : 5.00.2134.1
VirusTotal Report submitted 2012-03-28 19:31:32
VirusShare info last updated 2012-07-26 18:48:20

	MD5	f8277da09a4ab2f9d32ab109a6efab7b
	SHA1	4936386af5e36478cfa0a77debbb0ff2c87ab368
	SHA256	fb7cc7ac698f028bb33e27feeb5d324af9acbe1222858bdcb904dfbe7887d23c
SSDeep	3072:KasWqIA38vrBPIdkM1iBEVBkLwpWvonlWr:K9Wo3oBIuIbUf0kr
Size	127807 bytes
File Type	MS-DOS executable
Detections	Avast = Win32:Trojan-gen Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan-Downloader.Win32.Ponmocup AhnLab-V3 = Trojan/Win32.Pirminay VBA32 = Trojan.Pirminay.aza Emsisoft = Trojan-Downloader.Win32.Ponmocup!IK SUPERAntiSpyware = Trojan.Agent/Gen-MalPE Kaspersky = Trojan.Win32.Pirminay.aza ViRobot = Trojan.Win32.Pirminay.326144 Jiangmin = Trojan/Pirminay.fl F-Secure = Trojan.Generic.KDV.62138 AVG = FakeAV.FEI GData = Trojan.Generic.KDV.62138 TheHacker = Trojan/Kryptik.hzv BitDefender = Trojan.Generic.KDV.62138 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	Error : Unknown file type
VirusTotal Report submitted 2012-01-26 22:05:16
VirusShare info last updated 2012-07-26 18:49:29

	MD5	02a2c2566d904c7d29c60b81dabbed67
	SHA1	78eb0983ce6ad51904a17fc1d9a051eb568f6f0a
	SHA256	29dcf33c48ed2d24b5664f3af4b45c120f0543bc2780c17db5d662ecfa1a375e
SSDeep	3072:CuV5pv8kQLcMbiKsGvkMc4/UZkl0HdGkmNc6t8DaXC:C/cMbiKstMc48Z7HAtJC
Size	163840 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Crypt.XPACK.Gen7 Avast = Win32:Diller-AF [Trj] Antiy-AVL = AdWare/Win32.SuperJuan Ikarus = Win32.SuspectCrc K7AntiVirus = Adware eTrust-Vet = Win32/Vundo.HTW!genus Comodo = UnclassifiedMalware Emsisoft = Win32.SuspectCrc!IK SUPERAntiSpyware = Trojan.Agent/Gen-Ponmocup McAfee-GW-Edition = Artemis!02A2C2566D90 DrWeb = Trojan.Juan.805 Kaspersky = not-a-virus:AdWare.Win32.SuperJuan.aitf Microsoft = Trojan:Win32/Vundo.gen!CA Fortinet = Adware/SuperJuan Jiangmin = Adware/SuperJuan.auo McAfee = Artemis!02A2C2566D90 F-Secure = Gen:Variant.Graftor.12472 VIPRE = Virtumonde AVG = Generic26.BOMO Norman = W32/Troj_Generic.AQXNJ Sophos = Troj/Virtum-Gen GData = Gen:Variant.Graftor.12472 TheHacker = Trojan/Ponmocup.aa BitDefender = Gen:Variant.Graftor.12472 NOD32 = Win32/Ponmocup.AA
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 8.0 Code Size : 102400 Initialized Data Size : 57344 Uninitialized Data Size : 0 Entry Point : 0x103cd OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-03-28 21:03:20
VirusShare info last updated 2012-07-26 18:59:52

	MD5	0942ad4098d5a414b8297e9204210921
	SHA1	9f7a6602b31fd3ece73f26f0dfa6ad47bde1ef16
	SHA256	31aaf7586a163c3c60cadacd4ff954094a48c531f47dcd432fd772000c71f974
SSDeep	3072:vLW1HBMe6XqRt0VBG2PquJ9SqxFK+qQp7rplAFU2NFgYkP:DWR6XqRt0fG2PquiqnKJUaFg/
Size	146432 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Kazy.YS Avast = Win32:Diller-DK [Trj] Ikarus = Trojan.Win32.Webprefix AhnLab-V3 = Trojan/Win32.Genome Panda = Trj/Genetic.gen K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_GEN.R47C8CU Emsisoft = Trojan.Win32.Webprefix!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Generic Malware.hj!pec TrendMicro = TROJ_GEN.R47C8CU Fortinet = W32/Ponmocup.AZ!tr PCTools = Trojan.Gen McAfee = Generic Malware.hj!pec F-Secure = Gen:Variant.Barys.1086 VIPRE = Trojan.Win32.Generic!BT eSafe = Win32.TRKazy.Ys AVG = Agent3.BIXZ Norman = W32/Troj_Generic.ASZNK Sophos = Troj/Virtum-Gen Symantec = Trojan.Gen.2 GData = Gen:Variant.Barys.1086 TheHacker = Trojan/Ponmocup.at BitDefender = Gen:Variant.Barys.1086 NOD32 = a variant of Win32/Ponmocup.AT
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2012:02:24 19:00:00-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 94208 Initialized Data Size : 57344 Uninitialized Data Size : 0 Entry Point : 0xe515 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.0.2134.1 Product Version Number : 5.0.2134.1 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Bpasiymks Ixhfoaguuch File Description : Reset Session Utility File Version : 5.00.2134.1 Internal Name : rwinsta Legal Copyright : Copyright (C) Microsoft Corp. 1981-1999 Original Filename : rwinsta.exe Product Name : Igzaxyssc(R) Rmlellx (R) 2000 Wiwomovdi Qaners Product Version : 5.00.2134.1
VirusTotal Report submitted 2012-06-01 03:45:33
VirusShare info last updated 2012-07-26 19:00:41

	MD5	1ba930ae1e7bb7e12cb22f705889e1db
	SHA1	9e03144e6cb864db5cd9cc6b0912be974df22da2
	SHA256	8021cfc999de69df965d05ce31209c4bea5bb70b316d27a125e89714b58865cf
SSDeep	1536:kyR2Gyaiy8ILM1OCVFMYos6dD1qV60QNmKNr0b5D5FbnGcPt5OJYk3yNSRDKuX6:kyRLyarLlEFZ6vqVziwGQtwJYSRDKuq
Size	118784 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Graftor.17460.14 Avast = Win32:Diller-BZ [Trj] Ikarus = Trojan.Win32.Webprefix Panda = Trj/Agent.JYA K7AntiVirus = Riskware Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Webprefix!IK McAfee-GW-Edition = Artemis!1BA930AE1E7B Fortinet = W32/Ponmocup.AV McAfee = Artemis!1BA930AE1E7B F-Secure = Gen:Variant.Graftor.17460 VIPRE = Trojan.Win32.Generic!BT AVG = Agent3.BIXW Norman = W32/Troj_Generic.ASIIO GData = Gen:Variant.Graftor.17460 BitDefender = Gen:Variant.Graftor.17460 NOD32 = Win32/Ponmocup.AV
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2012:02:20 19:00:00-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 65536 Initialized Data Size : 53248 Uninitialized Data Size : 0 Entry Point : 0x692f OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-03-26 08:24:48
VirusShare info last updated 2012-07-26 19:02:56

	MD5	1ee5f202eae148b45321fb7e6796935d
	SHA1	8920f225bb925030c4a9522ea2448c8885e7d5cf
	SHA256	6f30d8599bf262414f2eecc5df54910b24bbc7b6eff680cde3a9f2d288e10270
SSDeep	6144:OM/2q2UnAtgxbsRVjZPPQ69/GgfLleD0buKIZNjxP9RGOikTsHO9:HuqTzRSho69/bwDnb7RCO9
Size	310674 bytes
File Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Detections	AntiVir = TR/Dropper.Gen Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Suspicious file nProtect = Trojan.Generic.6241997 K7AntiVirus = Riskware VirusBuster = Trojan.Qhost!ItG3JU+mtNY Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.Virtumod.11252 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.heju McAfee = Generic Malware.ms F-Secure = Trojan.Generic.6241997 VIPRE = FraudTool.Win32.AVSoft (v) AVG = Dropper.Generic4.CSG Norman = W32/Kryptik.AIF GData = Trojan.Generic.6241997 Symantec = Trojan.Gen TheHacker = Trojan/Pirminay.jqv BitDefender = Trojan.Generic.6241997 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2004:07:24 13:03:17-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 311296 Initialized Data Size : 4096 Uninitialized Data Size : 376832 Entry Point : 0xa7ec0 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7000.0 Product Version Number : 6.1.7000.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : Neutral Character Set : Unicode Company Name : Hlbtzxxhw Corporation File Description : OLE DB RootBinder Stub File Version : 6.1.7000.0 (winmain_win7beta.081212-1400) Internal Name : msdaurl.dll Legal Copyright : © Zmefkunel Tsiahhnazhn. All rights reserved. Original Filename : msdaurl.dll Product Name : Xoymltouj® Eoikolj® Eqyujbzkm Mxvzer Product Version : 6.1.7000.0 Ole Self Register :
VirusTotal Report submitted 2012-03-27 20:03:16
VirusShare info last updated 2012-07-26 19:03:42

	MD5	22c91cc965ad1d81cf2df0905c0105bc
	SHA1	d22a621571bc810631d86ecfc129dbfd73fec17f
	SHA256	84bb3ac0975ae41e60e27e551c0affa8ad5c19c0fe44450bbac2833571ffddd8
SSDeep	6144:kp4rnqiHLObc+EYrQ5P2xMo7VZwU2lTl5OtLBHDwSbNTX0a+XHBl3NhoD61RRZry:trrj+EOEPWwUkMdjwE4HzfJ1/Z2
Size	410138 bytes
File Type	PE32 executable (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Dldr.Ponmocup.A.134 Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Pirminay Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.ADH Panda = Suspicious file K7AntiVirus = Riskware VirusBuster = Trojan.DL.Ponmocup!LHQW58G7ybw TrendMicro-HouseCall = TROJ_GEN.R2EC7IO Emsisoft = Trojan.Win32.Pirminay!IK Comodo = TrojWare.Win32.Trojan.Agent.Gen SUPERAntiSpyware = Trojan.Agent/Gen-FakeAlert[Rn] McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.Hosts.5689 TrendMicro = TROJ_GEN.R2EC7IO Kaspersky = Trojan.Win32.Pirminay.qaj Microsoft = TrojanDownloader:Win32/Renos.KC Fortinet = W32/Kryptik.ANL!tr Jiangmin = Trojan/Pirminay.nz McAfee = Generic Malware.ms F-Secure = Gen:Variant.Zbot.34 VIPRE = Trojan.Win32.Generic!BT AVG = Downloader.Generic10.CPWK Norman = W32/Obfuscated_L.AE Sophos = Troj/Virtum-Gen GData = Gen:Variant.Zbot.34 TheHacker = Trojan/Pirminay.dvi BitDefender = Gen:Variant.Zbot.34 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2005:03:18 03:04:41-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 376832 Initialized Data Size : 344064 Uninitialized Data Size : 0 Entry Point : 0x59a06 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Ammklclva Rmusxoikohs File Description : WIA Video File Version : 6.0.6000.16386 (zzrlk_rtm.061101-2205) Internal Name : WIA Video Legal Copyright : © Ezrizkwjq Qwuaflvoniy. All rights reserved. Original Filename : WIAVIDEO.DLL Product Name : Ceqmwgsle® Gpjwmxn® Ankucxhrb Ephlxd Product Version : 6.0.6000.16386
VirusTotal Report submitted 2012-03-30 22:39:59
VirusShare info last updated 2012-07-26 19:04:23

	MD5	2c90b26b65fd44900189d83f32ee574f
	SHA1	533a687f69eedb7a8e62ddfde042d302f8a9fc06
	SHA256	27e4693502d26962c0fbc6c20c9d46da218fab020254fcc717fc326e14364d37
SSDeep	6144:Ee07mwiRD02/YxHhObL/Y/xtvr0z+P+IjSwIClVgYlMmsYRFMqrmXh2qfQspD5QQ:EeGmBTQxBOnY/x0+623Z+QRFzY2qv+Q
Size	417381 bytes
File Type	PE32 executable (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Crypt.XPACK.Gen Avast = Win32:Pirminay-W [Trj] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay nProtect = Trojan.Generic.6138515 K7AntiVirus = Riskware VBA32 = Trojan.Pirminay.hwc TrendMicro-HouseCall = TROJ_GEN.R11C2FS Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Generic Downloader.x!gag DrWeb = Trojan.DownLoader5.47492 TrendMicro = TROJ_GEN.R11C2FS Kaspersky = Trojan.Win32.Pirminay.qei Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.akz McAfee = Generic Downloader.x!gag F-Secure = Trojan.Generic.6138515 VIPRE = Trojan.Win32.Generic!BT F-Prot = W32/Ponmocup.A.gen!Eldorado AVG = Dropper.Generic3.CCAK Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Trojan.Generic.6138515 Symantec = Trojan.Gen Commtouch = W32/Ponmocup.A.gen!Eldorado TheHacker = Trojan/Pirminay.hwc BitDefender = Trojan.Generic.6138515 NOD32 = a variant of Win32/Injector.FXK
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2007:02:13 11:30:37-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 61440 Initialized Data Size : 700416 Uninitialized Data Size : 0 Entry Point : 0xc2cf OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.3959 Product Version Number : 5.2.3790.3959 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Windows Network Service Performance Objects DLL File Version : 5.2.3790.3959 (srv03_sp2_rtm.070216-1710) Internal Name : PERFNET.DLL Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : PERFNET.DLL Product Name : Microsoft® Windows® Operating System Product Version : 5.2.3790.3959
VirusTotal Report submitted 2012-03-26 22:27:54
VirusShare info last updated 2012-07-26 19:06:23

	MD5	4321c5604e83d6607ee2583842f5c39c
	SHA1	a8f0b7c61bcce0fe1d83fbb93bac57990de5546a
	SHA256	0b493c8602e11312d348d99bbff0517fcb4721125c48edf22ddcabf4d6e58df2
SSDeep	3072:ljEvr+AMX2zJvHBhgnL89ipsmeHrqQp7rplgpas7ilP:lsMX2zJvhhgrum+Uas7G
Size	147968 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Kazy.YS Avast = Win32:Diller-DK [Trj] Ikarus = Trojan.Win32.Webprefix Panda = Trj/Genetic.gen K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_GEN.R37C8CT Emsisoft = Trojan.Win32.Webprefix!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Generic Malware.hj!pec TrendMicro = TROJ_GEN.R37C8CT Kaspersky = Trojan.Win32.Genome.afeev Fortinet = W32/Ponmocup.AZ!tr PCTools = Trojan.Gen McAfee = Generic Malware.hj!pec F-Secure = Gen:Variant.Barys.1086 VIPRE = Trojan.Win32.Generic!BT eSafe = Win32.TRKazy.Ys AVG = Agent3.BIWY Norman = W32/Troj_Generic.ASIMC Sophos = Troj/Virtum-Gen GData = Gen:Variant.Barys.1086 Symantec = Trojan.Gen.2 TheHacker = Trojan/Ponmocup.at BitDefender = Gen:Variant.Barys.1086 NOD32 = a variant of Win32/Ponmocup.AT
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2012:02:22 19:00:00-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 94208 Initialized Data Size : 57344 Uninitialized Data Size : 0 Entry Point : 0xe515 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.0.2134.1 Product Version Number : 5.0.2134.1 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Bpasiymks Ixhfoaguuch File Description : Reset Session Utility File Version : 5.00.2134.1 Internal Name : rwinsta Legal Copyright : Copyright (C) Microsoft Corp. 1981-1999 Original Filename : rwinsta.exe Product Name : Igzaxyssc(R) Rmlellx (R) 2000 Wiwomovdi Qaners Product Version : 5.00.2134.1
VirusTotal Report submitted 2012-05-30 16:37:44
VirusShare info last updated 2012-07-26 19:11:28

	MD5	4c12ba8f2a49bfd510fa68eab755038b
	SHA1	e643ff0c8526e90c3d9f53f3d8beb018ae386ec4
	SHA256	0c5e4cd6a0826187b34c4136deb4042e7479b21b7c5e1d2a2a6f8a20ae776f90
SSDeep	3072:qVnt8fTCFWrsDVGog9FUszfFF+BrryPWz5OWcusno9Q+PRK/6wfWEHAly:qhw0Xg9ZHWGm5OWctF+PnwfW
Size	206336 bytes
File Type	PE32 executable (GUI) Intel 80386, for MS Windows
Detections	AntiVir = ADWARE/Adware.Gen Avast = Win32:Downloader-ITR [Trj] Antiy-AVL = Trojan/Win32.Jorik Ikarus = Trojan.Win32.Jorik AhnLab-V3 = Trojan/Win32.Jorik Panda = Generic Trojan VirusBuster = Trojan.Injector!0Bg7vDHlXBk VBA32 = Trojan.Jorik.Pirminay.br TrendMicro-HouseCall = TROJ_GEN.R4FC3IC Emsisoft = Trojan.Win32.Jorik!IK Comodo = TrojWare.Win32.Trojan.Agent.Gen SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[Cont] McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.DownLoader4.17311 ByteHero = Trojan.Win32.Heur.Gen TrendMicro = TROJ_GEN.R4FC3IC Kaspersky = Trojan.Win32.Jorik.Pirminay.br Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Jorik_Pirminay.BR!tr PCTools = Downloader.Generic Jiangmin = Trojan/Generic.hxys McAfee = Generic Malware.ms F-Secure = Gen:Variant.Renos.106 VIPRE = Trojan.Win32.Generic!BT AVG = SHeur3.CKHT Norman = W32/Obfuscated.L GData = Gen:Variant.Renos.106 Symantec = Downloader TheHacker = Trojan/Jorik.Pirminay.br BitDefender = Gen:Variant.Renos.106 NOD32 = a variant of Win32/Kryptik.UFA
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 16384 Initialized Data Size : 196608 Uninitialized Data Size : 0 Entry Point : 0x134e OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6001.18000 Product Version Number : 6.0.6001.18000 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Eassdjzal Dcdndnlbaaz File Description : Hciqwjwuh® Cabinet File API File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840) Internal Name : cabinet.dll Legal Copyright : © Wefnwlhlt Kxdlrgwsdgh. All rights reserved. Original Filename : cabinet.dll Product Name : Anulejeeo® Xgpqzbz® Mwkbaxhsv Zjramn Product Version : 6.0.6001.18000
VirusTotal Report submitted 2012-03-26 05:36:49
VirusShare info last updated 2012-07-26 19:13:20

	MD5	5bddbf182d6c5e182544867b66195d19
	SHA1	a418b73ba92e2c761a882051767e3733f51106c4
	SHA256	0b06dafc89516c217a4f36cfca1579a01a95aa9114cced733e0f4ed146f294fb
SSDeep	6144:kp4rnqiHLObc+EYrQ5P2xMo7VZwU2lTl5OtLBHDwSbNTX0a+XHBl3NhoD61RRZre:trrj+EOEPWwUkMdjwE4HzfJ1/Za
Size	410091 bytes
File Type	PE32 executable (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Dldr.Ponmocup.A.134 Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Pirminay Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.ADH Panda = Suspicious file K7AntiVirus = Riskware VirusBuster = Trojan.DL.Ponmocup!LHQW58G7ybw TrendMicro-HouseCall = TROJ_GEN.R4FC2CV Emsisoft = Trojan.Win32.Pirminay!IK Comodo = TrojWare.Win32.Trojan.Agent.Gen SUPERAntiSpyware = Trojan.Agent/Gen-FakeAlert[Rn] McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.Hosts.5689 TrendMicro = TROJ_GEN.R4FC2CV Kaspersky = Trojan.Win32.Pirminay.pvo Microsoft = TrojanDownloader:Win32/Renos.KC Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.ADH Jiangmin = Trojan/Pirminay.nz McAfee = Generic Malware.ms F-Secure = Gen:Variant.Zbot.34 VIPRE = Trojan.Win32.Generic!BT AVG = Downloader.Generic10.CPWK Norman = W32/Suspicious_Gen2.LMXNN Sophos = Troj/Virtum-Gen GData = Gen:Variant.Zbot.34 Symantec = Trojan.ADH.2 TheHacker = Trojan/Pirminay.dvi BitDefender = Gen:Variant.Zbot.34 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2005:03:18 03:04:41-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 376832 Initialized Data Size : 344064 Uninitialized Data Size : 0 Entry Point : 0x59a06 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Ammklclva Rmusxoikohs File Description : WIA Video File Version : 6.0.6000.16386 (zzrlk_rtm.061101-2205) Internal Name : WIA Video Legal Copyright : © Ezrizkwjq Qwuaflvoniy. All rights reserved. Original Filename : WIAVIDEO.DLL Product Name : Ceqmwgsle® Gpjwmxn® Ankucxhrb Ephlxd Product Version : 6.0.6000.16386
VirusTotal Report submitted 2012-04-05 20:39:24
VirusShare info last updated 2012-07-26 19:16:12

	MD5	67bf876fef091a4a4c9723d9fccfa56c
	SHA1	15f118ae84c25cbb994b698aba24afb4c5ed51d6
	SHA256	a80a2be54a448d104ad0afb2f5878b16cd88fcb0c612bce0ec102e6be5320563
SSDeep	6144:TTUyAs15d/3BfydG/wyBMUyAg8jId0a3kPx/GA6UerC26ie+T5SvCtWR+:/53B6GnBMUQyaUZGAjLvC88
Size	363451 bytes
File Type	PE32 executable (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Crypt.XPACK.Gen Avast = Win32:Dropper-gen [Drp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Pirminay.363451 Panda = Suspicious file K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!SwtpIwwljRQ TrendMicro-HouseCall = TROJ_GEN.R4FC1IA Emsisoft = Trojan.Win32.Pirminay!IK Comodo = TrojWare.Win32.Trojan.Agent.Gen SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[Cont] McAfee-GW-Edition = Downloader.a!hb DrWeb = Trojan.DownLoader4.46321 TrendMicro = TROJ_GEN.R4FC1IA Kaspersky = Trojan.Win32.Pirminay.qzh Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Kryptik.ANL!tr PCTools = Downloader.Generic Jiangmin = Trojan/Pirminay.agv McAfee = Downloader.a!hb F-Secure = Gen:Variant.Vundo.5 VIPRE = Trojan.Win32.Generic!BT AVG = Generic22.ANYC Norman = W32/Obfuscated.L Sophos = Mal/Ponmocup-A GData = Gen:Variant.Vundo.5 Symantec = Downloader TheHacker = Trojan/Pirminay.goj BitDefender = Gen:Variant.Vundo.5 NOD32 = a variant of Win32/Kryptik.LLT
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:03:30 21:37:48-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 65536 Initialized Data Size : 589824 Uninitialized Data Size : 0 Entry Point : 0xcc6b OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.0.2195.6620 Product Version Number : 5.0.2195.6620 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Gthapoftv Nkvupyqcxix File Description : IIS Log File Conversion Utility File Version : 5.00.2195.6620 Internal Name : convlog.exe Legal Copyright : Copyright (C) Rpruciyyz Corp. 1981-1999 Original Filename : convlog.exe Product Name : Nihezboez(R) Jsfokgn (R) 2000 Xwnmsixqj Rzhtlp Product Version : 5.00.2195.6620
VirusTotal Report submitted 2012-03-27 20:26:05
VirusShare info last updated 2012-07-26 19:17:50

	MD5	84dcf63b101940109d261f6a8b24fc02
	SHA1	46299100553866076ff4ea9e6e39fa65b789927a
	SHA256	07440f386078282ba792529449a842e474128bae69bdf3b236848be47d5aa360
SSDeep	3072:njlvr+AMX2zJ1HBhgnL89ipsmeH6qQp7rplfL9oBYP:nXMX2zJ1hhgrum+oQi
Size	147968 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Kazy.YS Avast = Win32:Diller-DK [Trj] Ikarus = Trojan.Win32.Webprefix Panda = Trj/Genetic.gen K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_GEN.R4FCEDU Emsisoft = Trojan.Win32.Webprefix!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Generic Malware.hj!pec TrendMicro = TROJ_GEN.R4FCEDU Fortinet = W32/Ponmocup.AZ!tr PCTools = Trojan.Gen McAfee = Generic Malware.hj!pec F-Secure = Gen:Variant.Barys.1086 VIPRE = Trojan.Win32.Generic!BT eSafe = Win32.TRKazy.Ys AVG = Agent3.BIWY Norman = W32/Troj_Generic.ASGQE Sophos = Troj/Virtum-Gen GData = Gen:Variant.Barys.1086 Symantec = Trojan.Gen.2 TheHacker = Trojan/Ponmocup.at BitDefender = Gen:Variant.Barys.1086 NOD32 = a variant of Win32/Ponmocup.AT
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2012:02:25 19:00:00-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 94208 Initialized Data Size : 57344 Uninitialized Data Size : 0 Entry Point : 0xe515 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.0.2134.1 Product Version Number : 5.0.2134.1 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Bpasiymks Ixhfoaguuch File Description : Reset Session Utility File Version : 5.00.2134.1 Internal Name : rwinsta Legal Copyright : Copyright (C) Microsoft Corp. 1981-1999 Original Filename : rwinsta.exe Product Name : Igzaxyssc(R) Rmlellx (R) 2000 Wiwomovdi Qaners Product Version : 5.00.2134.1
VirusTotal Report submitted 2012-05-30 20:21:05
VirusShare info last updated 2012-07-26 19:22:02

	MD5	8c273213e725bab3260ede64fb5bae72
	SHA1	2614cb8cb93308445d851d530ef996c219ddee79
	SHA256	6d13c750a8dc086b09b9cb47e783ad17e0742f6b0289d33b6df666d43479b3c8
SSDeep	6144:7qXcMZjfw9Ed6ydeSWST8MqP/IaDK9je:2XcMZjNkydl3bqP/IaDb
Size	278528 bytes
File Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Detections	AntiVir = ADWARE/Adware.Gen Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Jorik AhnLab-V3 = Trojan/Win32.FakeAV nProtect = Trojan.Generic.6573909 VirusBuster = Trojan.Injector!91aRSm8Tw04 VBA32 = Trojan.Jorik.Pirminay.be TrendMicro-HouseCall = TROJ_GEN.R4FC3IC Emsisoft = Trojan.Win32.Jorik!IK McAfee-GW-Edition = Heuristic.LooksLike.Win32.Suspicious.C DrWeb = Trojan.DownLoader4.17985 TrendMicro = TROJ_GEN.R4FC3IC Kaspersky = Trojan.Win32.Jorik.Pirminay.nc Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Jorik.K!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.hxys McAfee = Generic.evx!t F-Secure = Trojan.Generic.6573909 VIPRE = Trojan.Win32.Generic!BT AVG = SHeur3.CKGC Norman = W32/Obfuscated.L Symantec = Trojan.Gen.2 GData = Trojan.Generic.6573909 BitDefender = Trojan.Generic.6573909 NOD32 = a variant of Win32/Injector.HZU
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 253952 Initialized Data Size : 28672 Uninitialized Data Size : 40960 Entry Point : 0x489e0 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 0.3.1281.0 Product Version Number : 6.0.5479.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 12 Language Code : Arabic Character Set : Unicode Company Name : Microsoft Corporation File Description : برنامج تشغيل الطابعة Oksidm9 File Version : 6.0.5479.0 (vbl_wcp_d2_drivers.060616-1619) Internal Name : Oksidm9.dll Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : Oksidm9.dll Product Name : Microsoft® Windows® Operating System Product Version : 6.0.5479.0
VirusTotal Report submitted 2012-03-25 15:29:06
VirusShare info last updated 2012-07-26 19:22:59

	MD5	9621b4ed8ec3eeed5f220ddd87a209d9
	SHA1	4fb5284929773a6efe5e48e9bebb2f42f813320e
	SHA256	34a509ead801c6e38270444451d7b5add784ee77378cb3ef93c0a4ee077314f9
SSDeep	6144:eM7H3UgQH77piW0sTQCEpkSvNFzfGjv/bxwSmNiF+f:zH3tO1iW6OW6vTxwVQ
Size	285696 bytes
File Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Detections	AntiVir = TR/Crypt.XPACK.Gen5 Avast = Win32:Trojan-gen Antiy-AVL = Trojan/Win32.Genome.gen Ikarus = Win32.SuspectCrc AhnLab-V3 = Downloader/Win32.Agent Panda = Suspicious file K7AntiVirus = Trojan VirusBuster = Trojan.Kryptik!vwoc+YxpCZo VBA32 = Trojan.Genome.xdrd TrendMicro-HouseCall = TROJ_GEN.R01C7KA Emsisoft = Win32.SuspectCrc!IK Comodo = TrojWare.Win32.Trojan.Agent.Gen SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[Cont] McAfee-GW-Edition = Generic BackDoor.wt DrWeb = Trojan.Winlock.4496 TrendMicro = TROJ_GEN.R01C7KA Kaspersky = Trojan.Win32.Genome.yfyd Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Evx.BG!tr Jiangmin = Trojan/Jorik.rzr McAfee = Generic BackDoor.wt F-Secure = Gen:Variant.Graftor.3421 VIPRE = Trojan.Win32.Generic!BT eSafe = Win32.GenVariant.Gra AVG = Generic25.BKZV Norman = W32/Obfuscated.L GData = Gen:Variant.Graftor.3421 TheHacker = Trojan/Kryptik.vdn BitDefender = Gen:Variant.Graftor.3421 NOD32 = a variant of Win32/Kryptik.VDN
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:24 13:07:20-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 270336 Initialized Data Size : 20480 Uninitialized Data Size : 49152 Entry Point : 0x4de20 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1.0.13.0 Product Version Number : 1.0.13.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 1 Language Code : Danish Character Set : Unicode Comments : Company Name : Sjokoqafc Bylciaaxipq File Description : Lexmark Z51 Color Jetprinter File Version : 1, 0, 13, 0 Internal Name : LXROSRES.DLL Legal Copyright : Copyright (C) Ywrgabexh Corp. 1981-1997 Legal Trademarks : Original Filename : OEMRES Private Build : Product Name : Shcddnxod(R) Dlqmtjo NT(R) Operativsystem Product Version : 1, 0, 13, 0 Special Build :
VirusTotal Report submitted 2012-03-27 06:33:28
VirusShare info last updated 2012-07-26 19:24:26

	MD5	a6408adf8c458d316b97c56ebf2afa2f
	SHA1	1baf6770b3f74d223d3549d5e538657dc7df58b0
	SHA256	36b63c6c2fe4b5c96f529069a59b1bcf78df80467d3a43953ea3fd536ad7a17b
SSDeep	6144:/iD7JsnFYYfpEbs5vWcqmw5qYJvTXX4Od4WPitEjNcbj9KcJ/rMBt:63J6FYBQv2Tn4JSebbGt
Size	347063 bytes
File Type	PE32 executable (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Crypt.XPACK.Gen2 Avast = Win32:MalOb-IE [Cryp] Antiy-AVL = Trojan/Win32.Pirminay Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Pirminay.347063 Panda = Suspicious file K7AntiVirus = Riskware VirusBuster = Trojan.DL.Agent!cXVFtQgnG8I TrendMicro-HouseCall = TROJ_GEN.R4FC2IA Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.DownLoader4.60383 TrendMicro = TROJ_GEN.R4FC2IA Kaspersky = Trojan.Win32.Pirminay.qic Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Kryptik.ANL!tr Jiangmin = Trojan/Pirminay.adf McAfee = Generic Malware.ms F-Secure = Gen:Variant.Riern.1 VIPRE = Trojan.Win32.Generic!BT AVG = SHeur3.CAZX Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Riern.1 Symantec = Trojan.Gen TheHacker = Trojan/Downloader.Agent.pxo BitDefender = Gen:Variant.Riern.1 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:07 22:11:25-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 45056 Initialized Data Size : 585728 Uninitialized Data Size : 0 Entry Point : 0x8e26 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Hnbvceuhl Uebhpfdxapb File Description : Ypeobejyq Direct Database API File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : DirectDB.DLL Legal Copyright : © Irfoetrzh Gdzcizqvoql. All rights reserved. Original Filename : DirectDB.DLL Product Name : Agxisdnsa® Rqgaxaj® Mgtpnjlph Rhtfcc Product Version : 6.1.7600.16385
VirusTotal Report submitted 2012-03-26 07:48:33
VirusShare info last updated 2012-07-26 19:26:50

	MD5	aeaeea0f57d8e61bf30d775eb2700005
	SHA1	c9e6800bab0b5949497731fa913ad4c4e56e5fb8
	SHA256	7345e5c40829c356008cbd80376d0a915269f7c23925f9f668ce85d110f93f7a
SSDeep	6144:syuTlIs2Cdg/loXVYv4g03LBDD7QggI+4gG0sG324MuQrzjG8VAgVNfh+gvtB9V:s3TlFJQJQgYBDD7oI3gG0ZG4JWzjGfEX
Size	373770 bytes
File Type	PE32 executable (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Crypt.XPACK.Gen3 Avast = Win32:Vundo-JU [Trj] Ikarus = Trojan.Win32.Pirminay Panda = Generic Trojan K7AntiVirus = Riskware VirusBuster = Trojan.Agent!hlnj35hXlTM Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.DownLoader5.60295 Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Kryptik.ANL!tr Jiangmin = Trojan/Pirminay.afh McAfee = Generic Malware.ms F-Secure = Gen:Variant.Rimecud.10 VIPRE = Trojan.Win32.Generic!BT eSafe = Win32.TRCrypt.XPACK AVG = Downloader.Generic11.AJSX Norman = W32/Kryptik.AIF GData = Gen:Variant.Rimecud.10 TheHacker = Trojan/Downloader.Agent.pxo BitDefender = Gen:Variant.Rimecud.10 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2002:08:19 14:28:48-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 28672 Initialized Data Size : 671744 Uninitialized Data Size : 0 Entry Point : 0x720c OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 8.0.7000.0 Product Version Number : 8.0.7000.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Zjkuehate Hahthgdvnro File Description : Zgqvqmvxj Speech Recognition Engine Extensions File Version : 8.0.7000.0 (winmain_win7beta.081212-1400) Internal Name : spsrx.dll Legal Copyright : © Erqasvbcs Crgsknwonkr. All rights reserved. Original Filename : spsrx.dll Product Name : Gafulzxnr® Cuhfllt® Bgmddrvjn Ennerx Product Version : 8.0.7000.0
VirusTotal Report submitted 2012-04-01 04:10:39
VirusShare info last updated 2012-07-26 19:27:48

	MD5	af0443a741e3db746a36a7dc51d9e26c
	SHA1	6d43ec1b0920395897a0cf38c1380d70e11aeaba
	SHA256	8db014a3868f52d56ccd772ced381d964b40ca97cfe33436fc73830234acd9a6
SSDeep	768:wHbCTlqIFY5Z1EKLEwapEJryh6OCDpGW54w59KCc5Faaip4gnv3q2RGmaBt:wHlIFsZ1EKLlajsDLSwPKCGs4IfGmet
Size	64000 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Crypt.XPACK.Gen Avast = Win32:Suprchu [Adw] Antiy-AVL = Trojan/Win32.Genome Ikarus = Trojan.SuspectCRC AhnLab-V3 = Trojan/Win32.HDC Panda = Generic Trojan Rising = Trojan.Win32.Ponmocup.a K7AntiVirus = Riskware VirusBuster = Trojan.Ponmocup!GD+qjN+YhYA eTrust-Vet = Win32/Vundo.K!generic Emsisoft = Trojan.SuspectCRC!IK McAfee-GW-Edition = Generic Malware.ms Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.TMS!tr Jiangmin = Trojan/Genome.ansf McAfee = Generic Malware.ms F-Secure = Gen:Variant.Graftor.1470 VIPRE = Trojan.Win32.Encpk.acf (v) F-Prot = W32/GenTroj.A.gen!Eldorado AVG = Generic25.OMR Norman = W32/Troj_Generic.ASKXT Sophos = Troj/Virtum-Gen GData = Gen:Variant.Graftor.1470 Commtouch = W32/GenTroj.A.gen!Eldorado TheHacker = Trojan/Kryptik.tms BitDefender = Gen:Variant.Graftor.1470 NOD32 = Win32/Ponmocup.AA
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 20480 Initialized Data Size : 45056 Uninitialized Data Size : 0 Entry Point : 0x1402 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Prleqmknm Oiunoicemnv File Description : ODBC Code Page Translator File Version : 6.0.6000.16386 (gupnu_rtm.061101-2205) Internal Name : mscxpl32.dll Legal Copyright : © Yvqmmnyqi Wntzrgzroql. All rights reserved. Original Filename : mscxpl32.dll Product Name : Lxdwemqsf® Jgvjzao® Gygwwpxcn Imldny Product Version : 6.0.6000.16386
VirusTotal Report submitted 2012-04-11 09:29:03
VirusShare info last updated 2012-07-26 19:27:50

	MD5	b1498cbc916885e1e223fa6d6a818c59
	SHA1	3388d9294f846ef03a1ffcd621c7e40b71f1a3ef
	SHA256	1d5c316a431c00baf7ec8f30f5e625a7529e0d57cf154af45d03f046042ac6bd
SSDeep	1536:tLrJEbW2g8Hjy6r42B4nc8LijHrlmtodaFtiM/vlZu5ARBIItIPHpFr3:9EWAHLYLinleod2cWZqItIP
Size	147456 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Graftor.173522 Avast = Win32:Diller-DK [Trj] Ikarus = Trojan.Win32.Webprefix AhnLab-V3 = Trojan/Win32.Vundo Panda = Trj/Genetic.gen Rising = Trojan.Win32.Generic.12BCD9BC K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_GEN.R01CDCQ Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Webprefix!IK McAfee-GW-Edition = Vundo!ot TrendMicro = TROJ_GEN.R01CDCQ Kaspersky = Trojan.Win32.Genome.afdlk Microsoft = Trojan:Win32/Vundo.gen!CA Fortinet = W32/Ponmocup.AZ!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.HUP!genus McAfee = Vundo!ot F-Secure = Gen:Variant.Graftor.17350 VIPRE = Virtumonde eSafe = Win32.TRGraftor F-Prot = W32/Agent.OG.gen!Eldorado AVG = Agent3.BJMH Norman = W32/Troj_Generic.ASGQG Sophos = Troj/Virtum-Gen GData = Gen:Variant.Graftor.17350 Symantec = Trojan.Gen.2 Commtouch = W32/Agent.OG.gen!Eldorado TheHacker = Trojan/Ponmocup.bd BitDefender = Gen:Variant.Graftor.17350 NOD32 = a variant of Win32/Ponmocup.BD
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:03:27 18:28:44-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 69632 Initialized Data Size : 77824 Uninitialized Data Size : 0 Entry Point : 0x16ef OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Event Create File Version : 5.1.2600.0 (xpclient.010817-1148) Internal Name : EventCreate.exe Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : EvCreate.exe Product Name : Microsoft® Windows® Operating System Product Version : 5.1.2600.0
VirusTotal Report submitted 2012-05-30 16:50:42
VirusShare info last updated 2012-07-26 19:28:08

	MD5	bcf925dc1f1c186991cc6b44a2fdfe44
	SHA1	4456db02f5253e8ab90cc81c4a2575c1a84bbed6
	SHA256	0db255604e1fab846e1e929ff67fdb75bcc267f775b844a80715a8e22bd446ce
SSDeep	1536:fSQhBxT9gaYLelX3tDGme8+kyloOaIuxWEKneqFK1ajmAFbWYtALieISFjPn7:f5B9OItDGme8+kCGZKneqFK1ajmAFbWx
Size	94720 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Graftor.364921 Avast = Win32:Trojan-gen Ikarus = Virus.Win32.Vundo AhnLab-V3 = Trojan/Win32.HDC Panda = Generic Trojan K7AntiVirus = Riskware eTrust-Vet = Win32/Vundo.HTS!genus Comodo = TrojWare.Win32.Ponmocup.aa Emsisoft = Virus.Win32.Vundo!IK SUPERAntiSpyware = Trojan.Agent/Gen-Kundo DrWeb = Trojan.Siggen3.27040 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.UER!tr Jiangmin = Trojan/Virtumonde.akp F-Secure = Gen:Variant.Graftor.3649 VIPRE = Trojan.Win32.Encpk.acf (v) AVG = Generic25.BOQO GData = Gen:Variant.Graftor.3649 Symantec = Trojan.Gen TheHacker = Trojan/Ponmocup.aa BitDefender = Gen:Variant.Graftor.3649 NOD32 = Win32/Ponmocup.AA
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:24 20:35:19-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 20480 Initialized Data Size : 81920 Uninitialized Data Size : 0 Entry Point : 0x1422 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1.3.0.2 Product Version Number : 1.3.0.2 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : Arabic Character Set : Windows, Arabic Company Name : Brother Industries Ltd. File Description : ‎‎برنامج تشغيل فئة Brother Parallel File Version : 1.03 Internal Name : BrParWdm.sys Legal Copyright : Copyright © Brother Industries Ltd., 2001-2003 Original Filename : BrParWdm.sys Product Name : Brother Parallel class Driver Product Version : 1.03
VirusTotal Report submitted 2012-03-27 04:33:56
VirusShare info last updated 2012-07-26 19:29:29

	MD5	bd4d641344e056eaaba26f546825416e
	SHA1	d4b4d1b293b418b658cb6607492c5677fc3cf760
	SHA256	2ad0b73531989fb5022be4b2dec71e644d6bb7851877b8370b5ca5bd77842d81
SSDeep	1536:hCpmxjrSzRALnh1k6k2DxH/47aw6UDYF+zE2HQoCE:hVuyi2DRc62YUzNHQoCE
Size	62464 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Virtumonde.bfjda Avast = Win32:Trojan-gen Antiy-AVL = Trojan/Win32.Virtumonde Ikarus = Trojan.Win32.Virtumonde AhnLab-V3 = Trojan/Win32.Virtumonde nProtect = Trojan/W32.Virtumonde.62464.B K7AntiVirus = Riskware eTrust-Vet = Win32/Vundo.HTC Emsisoft = Trojan.Win32.Virtumonde!IK Comodo = TrojWare.Win32.Ponmocup.aa SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[Cont] McAfee-GW-Edition = Artemis!BD4D641344E0 DrWeb = Trojan.DownLoader5.53364 Kaspersky = Trojan.Win32.Virtumonde.bfjd Microsoft = Trojan:Win32/Vundo.OT Fortinet = W32/Kryptik.UER!tr Jiangmin = Trojan/Virtumonde.akp McAfee = Artemis!BD4D641344E0 F-Secure = Gen:Variant.Graftor.3649 VIPRE = Trojan.Win32.Encpk.acf (v) F-Prot = W32/Virtumonde.CS.gen!Eldorado AVG = Generic25.BZSB Norman = W32/Vundo.UWC GData = Gen:Variant.Graftor.3649 Symantec = Trojan.Gen Commtouch = W32/Virtumonde.CS.gen!Eldorado TheHacker = Trojan/Ponmocup.aa BitDefender = Gen:Variant.Graftor.3649 NOD32 = Win32/Ponmocup.AA
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:11:30 05:54:55-05:00 PE Type : PE32 Linker Version : 5.12 Code Size : 20480 Initialized Data Size : 49152 Uninitialized Data Size : 0 Entry Point : 0x141a OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2002.10.4.0 Product Version Number : 2002.10.4.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Feenwiu registration Company Name : Bnmhjwpqm Corporation File Description : OffFilt File Version : 2002, 10, 04, 0 Internal Name : OffFilt Legal Copyright : Copyright © 2002 Iyzxroawh Dwjnukubggd Legal Trademarks : Original Filename : OffFilt.dll Private Build : Product Name : Okspwgbbh Office IFilter Product Version : 2002, 10, 04, 0 Special Build :
VirusTotal Report submitted 2012-03-26 06:16:37
VirusShare info last updated 2012-07-26 19:29:32

	MD5	c1b78e7f4a083e8431953b8140a51c3b
	SHA1	c37774e707880c06fcc1e2c9d14cbd4825859c7c
	SHA256	a265c5b663b1643912e9e83ac327ebda3b442cf85ba2e748790e2065bc4e6165
SSDeep	3072:R20EFw8fBeuy0AwqawOMMcc9QlFOSnlkKhzjaBffzuXUV:R2BRAwqapMLc9AuKhzjFXU
Size	139264 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Graftor.17637 Avast = Win32:Diller-DC [Trj] Ikarus = Trojan.Win32.Webprefix K7AntiVirus = Riskware Emsisoft = Trojan.Win32.Webprefix!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Artemis!C1B78E7F4A08 McAfee = Artemis!C1B78E7F4A08 F-Secure = Gen:Variant.Graftor.17637 VIPRE = Trojan.Win32.Generic!BT AVG = Agent3.BKLK GData = Gen:Variant.Graftor.17637 Symantec = Trojan.Gen.2 BitDefender = Gen:Variant.Graftor.17637 NOD32 = a variant of Win32/Ponmocup.BJ
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2012:03:13 20:00:00-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 81920 Initialized Data Size : 57344 Uninitialized Data Size : 0 Entry Point : 0xb4ad OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-03-28 21:40:41
VirusShare info last updated 2012-07-26 19:30:03

	MD5	d3b91aa41b5cb98b7317df2e1ce8aa89
	SHA1	236e16d4c5d61c246630a8b59509e9dd0aa1368e
	SHA256	5922d1a6ea2885b17e55dd4022162a00e93b9396dc764786bfb157f2b0c94f68
SSDeep	1536:o/N9Ha+y58M+JbhDQDwbYlwO1aWFRZT+mMPTh0Tw1u0/hHakzdlY:caT8M+JkyYzFRrRWh6ulY
Size	89088 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Graftor.17528.13 Avast = Win32:Diller-DK [Trj] Ikarus = Trojan.Win32.Webprefix AhnLab-V3 = Trojan/Win32.Diller Panda = Generic Trojan Rising = Trojan.Win32.Generic.12BD52B0 K7AntiVirus = Riskware VirusBuster = Trojan.Ponmocup!Jmp/4G9SLmM Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Webprefix!IK McAfee-GW-Edition = Generic.dx!bdrj Fortinet = W32/Dx.BDRJ!tr McAfee = Generic.dx!bdrj F-Secure = Gen:Variant.Barys.738 VIPRE = Trojan.Win32.Generic!BT AVG = Agent3.BJXK Norman = W32/Troj_Generic.ATFGC GData = Gen:Variant.Barys.738 Symantec = WS.Reputation.1 TheHacker = Trojan/Ponmocup.bf BitDefender = Gen:Variant.Barys.738 NOD32 = a variant of Win32/Ponmocup.BF
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2012:03:07 19:00:00-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 45056 Initialized Data Size : 49152 Uninitialized Data Size : 0 Entry Point : 0x25ad OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-04-29 02:24:31
VirusShare info last updated 2012-07-26 19:32:16

	MD5	d7d669d0501d38f41a8743352c43709d
	SHA1	3316729fe48c12719e428966c186fa69c4356944
	SHA256	cd25cc70dc8db87616140a012c382404ca7c91c19483bb317ce44e1b944de2b5
SSDeep	6144:0mqz6v2hP5ZkXHEM21Wek0dhl0NsCCi4m+TfPaw7JAum2noWm:0Bz6v2n23EME7kkwrCi4mkfPaw7yt2n2
Size	320466 bytes
File Type	PE32 executable (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Dldr.Ponmocup.A.117 Avast = Win32:MalOb-IE [Cryp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Swisyn Panda = Suspicious file nProtect = Trojan.Generic.5508171 K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_DLOADR.SMWQ Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Downloader-CEW.ag DrWeb = Trojan.WinSpy.1068 TrendMicro = TROJ_DLOADR.SMWQ Kaspersky = Trojan.Win32.Pirminay.qkt Microsoft = TrojanDownloader:Win32/Renos.KC Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.mh McAfee = Downloader-CEW.ag F-Secure = Trojan.Generic.5508171 VIPRE = Trojan.Win32.Generic!BT AVG = Generic21.ADEX Norman = W32/Suspicious_Gen2.LOOTV Sophos = Troj/Virtum-Gen GData = Trojan.Generic.5508171 Symantec = Trojan.Gen TheHacker = Trojan/Pirminay.dok BitDefender = Trojan.Generic.5508171 NOD32 = a variant of Win32/Kryptik.LED
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:13 04:15:53-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 20480 Initialized Data Size : 585728 Uninitialized Data Size : 0 Entry Point : 0x5080 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.0.0.3422 Product Version Number : 2.0.0.3422 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : Turkish Character Set : Unicode Comments : Company Name : Microsoft Corporation File Description : Microsoft Agent International Dll File Version : 2.00.0.3422 Internal Name : agt041F Legal Copyright : Copyright (C) Microsoft Corp. 1999 Legal Trademarks : Original Filename : agt041F.dll Private Build : Product Name : Microsoft Agent International Dll Product Version : 2.00.0.3422 Special Build :
VirusTotal Report submitted 2012-03-28 19:55:26
VirusShare info last updated 2012-07-26 19:32:40

	MD5	db53c646b3145407649baef1a0be1eb4
	SHA1	c08abe86558dda0af03a707a9b11e4615df74f63
	SHA256	b702c2c58a0f8b2ab67c8f989863f687543a20693553bcf58b69dd12e2ff1ad7
SSDeep	6144:2LSV4UBs2P8UwC4iWDUWwLjvh9uA0sJ5LjcdhNsJXTw:G3P2P8UymW4V0c9j4NmXTw
Size	397967 bytes
File Type	PE32 executable (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Vundo.11.21 Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!232liYuXUZM TrendMicro-HouseCall = TROJ_GEN.R11C2FB Emsisoft = Trojan.Win32.Pirminay!IK Comodo = TrojWare.Win32.Trojan.Agent.Gen McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.DownLoader5.35762 TrendMicro = TROJ_GEN.R11C2FB Kaspersky = Trojan.Win32.Pirminay.qlt Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Kryptik.ANL!tr Jiangmin = Trojan/Pirminay.agy McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.11 VIPRE = Trojan.Win32.Generic!BT AVG = Generic22.AUPJ Norman = W32/Obfuscated.L Sophos = Mal/Generic-L GData = Gen:Variant.Vundo.11 TheHacker = Trojan/Pirminay.qxf BitDefender = Gen:Variant.Vundo.11 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:05:17 15:49:55-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 24576 Initialized Data Size : 692224 Uninitialized Data Size : 0 Entry Point : 0x3916 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6001.18000 Product Version Number : 6.0.6001.18000 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Iysbwrpkq Ftaevrvqvdq File Description : Remote Sessions CPL Extension File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840) Internal Name : remotepg.dll Legal Copyright : © Tnyrknmzl Wzbjaiscrmi. All rights reserved. Original Filename : remotepg.dll Product Name : Iavvmkare® Hbmkbhf® Llqyuumqg Qcjkzc Product Version : 6.0.6001.18000
VirusTotal Report submitted 2012-03-28 20:48:27
VirusShare info last updated 2012-07-26 19:33:02

	MD5	e4928ac99c57f41d010731a8289a7362
	SHA1	2484c6ef1ee08a8bf43eed75ef461b71cbf005d7
	SHA256	8c36035a72facd97785667c0b7b792cd4741d27f97e4f6d64b4dd72cb6065087
SSDeep	3072:CXmrQCFfW0PxFIpFgb3FlFOSnlxVW4DsIgXUV:C8dFIbgrRfVW4DyXU
Size	135168 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Graftor.17637 Avast = Win32:Diller-DC [Trj] Ikarus = Win32.SuspectCrc K7AntiVirus = Riskware VirusBuster = Trojan.Ponmocup!xkQoprSxUdE TrendMicro-HouseCall = TROJ_GEN.R0EB1EI Emsisoft = Win32.SuspectCrc!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Generic.dx!bdsr Fortinet = W32/Ponmocup.AZ!tr McAfee = Generic.dx!bdsr F-Secure = Gen:Variant.Graftor.17637 VIPRE = Trojan.Win32.Generic!BT AVG = Agent_r.BDZ Norman = W32/Suspicious_Gen4.XGVS GData = Gen:Variant.Graftor.17637 TheHacker = Trojan/Ponmocup.bj BitDefender = Gen:Variant.Graftor.17637 NOD32 = a variant of Win32/Ponmocup.BJ
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2012:03:10 19:00:00-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 81920 Initialized Data Size : 53248 Uninitialized Data Size : 0 Entry Point : 0xb4ad OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-05-30 17:03:20
VirusShare info last updated 2012-07-26 19:34:23

	MD5	ecfb2d58469b822a3afb88b5da1f96da
	SHA1	c32cd2abb5d9995cf1468dade950779ab4c9cb1c
	SHA256	3a36a9c0128b64b8a842bbff1dfc35f64d4a4178dd00a32ac95c7c9ea4635a11
SSDeep	1536:pNJEbW2g8Hjy6r42B4nc8LijHrlm7odaFtiM/vlZu5AuBIIt7PHpFr3:peWAHLYLinlYod2cWmqIt7P
Size	147456 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Graftor.173522 Avast = Win32:Diller-DK [Trj] Ikarus = Trojan.Win32.Webprefix AhnLab-V3 = Trojan/Win32.Vundo Panda = Trj/Genetic.gen Rising = Trojan.Win32.Generic.12BD0DD4 K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_GEN.R47CDCR Emsisoft = Trojan.Win32.Webprefix!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Vundo!ot TrendMicro = TROJ_GEN.R47CDCR Microsoft = Trojan:Win32/Vundo.gen!CA Fortinet = W32/Ponmocup.AZ!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.HUP!genus McAfee = Vundo!ot F-Secure = Gen:Variant.Graftor.17350 VIPRE = Virtumonde F-Prot = W32/Agent.OG.gen!Eldorado AVG = Agent3.BJMH Norman = W32/Troj_Generic.ASXKQ Sophos = Troj/Virtum-Gen Symantec = Trojan.Gen.2 GData = Gen:Variant.Graftor.17350 Commtouch = W32/Agent.OG.gen!Eldorado TheHacker = Trojan/Ponmocup.bd BitDefender = Gen:Variant.Graftor.17350 NOD32 = a variant of Win32/Ponmocup.BD
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:03:27 18:28:44-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 69632 Initialized Data Size : 77824 Uninitialized Data Size : 0 Entry Point : 0x16ef OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Event Create File Version : 5.1.2600.0 (xpclient.010817-1148) Internal Name : EventCreate.exe Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : EvCreate.exe Product Name : Microsoft® Windows® Operating System Product Version : 5.1.2600.0
VirusTotal Report submitted 2012-05-30 17:05:31
VirusShare info last updated 2012-07-26 19:35:35

	MD5	ed77bfe6a10bd460e9bedc4722f775f7
	SHA1	307015ad93e9fec8d3e529d14a8840a435b76584
	SHA256	b39545e9109e10fe3b59b905fca9420d54f1813f00d38e8c982423ee51028314
SSDeep	6144:oKUmkyrqW43X82MBJliNoQ2pZKrqXkrWG5EIFduY2HN6kvUWVcW+Re:o4Jrql83HiWcJrWKzFd52HtqRe
Size	414362 bytes
File Type	PE32 executable (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Pirminay.gqa Avast = Win32:Vundo-JU [Trj] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Suspicious file nProtect = Trojan.Generic.5910408 K7AntiVirus = Riskware VirusBuster = Trojan.Agent!ApHO/Gjh4SE TrendMicro-HouseCall = TROJ_GEN.R11C2F3 Emsisoft = Trojan.Win32.Pirminay!IK Comodo = TrojWare.Win32.Trojan.Agent.Gen SUPERAntiSpyware = Trojan.Agent/Gen-Faldesc[Cont] McAfee-GW-Edition = Artemis!ED77BFE6A10B DrWeb = Trojan.DownLoader5.20210 TrendMicro = TROJ_GEN.R11C2F3 Kaspersky = Trojan.Win32.Pirminay.qgg Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.aai McAfee = Artemis!ED77BFE6A10B F-Secure = Trojan.Generic.5910408 VIPRE = Trojan.Win32.Generic!BT F-Prot = W32/Ponmocup.A.gen!Eldorado AVG = Generic22.AOJJ Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Trojan.Generic.5910408 Symantec = Trojan.Gen Commtouch = W32/Ponmocup.A.gen!Eldorado TheHacker = Trojan/Pirminay.gpt BitDefender = Trojan.Generic.5910408 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2004:08:14 16:02:39-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 393216 Initialized Data Size : 376832 Uninitialized Data Size : 0 Entry Point : 0x5d13f OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.0.0.3422 Product Version Number : 2.0.0.3422 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : Company Name : Rwpzfnuen Ixenjcpailv File Description : Tuqoacgjy Character Animation Data Provider File Version : 2.00.0.3422 Internal Name : AgentDataProvider2 Legal Copyright : Copyright (C) Wdwyviyca Corp. 1997-98 Legal Trademarks : Original Filename : AgentDp2.dll Private Build : Product Name : Iwfmdayhn Character Animation Data Provider Product Version : 2.00.0.3422 Special Build :
VirusTotal Report submitted 2012-03-28 20:58:25
VirusShare info last updated 2012-07-26 19:35:39

	MD5	f4a5e6c75826aaad775987cfaf2f72a0
	SHA1	58e2bc705dfa81288e3864ad363590c6287f3c7f
	SHA256	b6a2bd2c419ce4ec99e5736c4f7a6f6e408b849ca127a3afce7a098e816668e5
SSDeep	6144:rMR2JpitKSHIdY1KBnOjyFiCD6YSVAZf6a4tVIwYjg/1ev7a3xbR1wcoP/6EIO:rmYpitlIdYwOmFiCD6Puf6a4tSQFhbDU
Size	385072 bytes
File Type	PE32 executable (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Crypt.XPACK.Gen3 Avast = Win32:Kryptik-CEH [Trj] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Pirminay.385072 Panda = Suspicious file nProtect = Trojan.Generic.5860605 K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_GEN.R4FC1IB Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Generic Downloader.x!gay DrWeb = Trojan.DownLoader5.35686 TrendMicro = TROJ_GEN.R4FC1IB Kaspersky = Trojan.Win32.Pirminay.rat Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = PossibleThreat PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.aky McAfee = Generic Downloader.x!gay F-Secure = Trojan.Generic.5860605 VIPRE = Trojan.Win32.Generic!BT F-Prot = W32/Ponmocup.A.gen!Eldorado AVG = Generic22.ACWR Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Trojan.Generic.5860605 Symantec = Trojan.Gen Commtouch = W32/Ponmocup.A.gen!Eldorado TheHacker = Trojan/Pirminay.gqs BitDefender = Trojan.Generic.5860605 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:09:19 03:34:23-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 356352 Initialized Data Size : 335872 Uninitialized Data Size : 0 Entry Point : 0x5493f OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.0.0.3422 Product Version Number : 2.0.0.3422 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : Czech Character Set : Unicode Comments : Company Name : Microsoft Corporation File Description : Microsoft Agent International Dll File Version : 2.00.0.3422 Internal Name : agt0405 Legal Copyright : Copyright (C) Microsoft Corp. 1999 Legal Trademarks : Original Filename : agt0405.dll Private Build : Product Name : Microsoft Agent International Dll Product Version : 2.00.0.3422 Special Build :
VirusTotal Report submitted 2012-03-26 07:48:42
VirusShare info last updated 2012-07-26 19:36:38

	MD5	fef6303fb3a3b8ba4a8648642b22c6db
	SHA1	afa81fcc4e24371434a52fd3f773b4033a655594
	SHA256	3888ef72cb4005fd0c1caffa986385a7bc71e2f4ddf3a3f943386d5aeb532c53
SSDeep	3072:juV5pv8kQLcMbxKiGvkMc4/UZkl0H+oCZqoVc6t8D5C:j/cMbxKitMc48Z7H+oCZqoRtCC
Size	163840 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Crypt.XPACK.Gen7 Avast = Win32:Diller-AF [Trj] Antiy-AVL = AdWare/Win32.SuperJuan Ikarus = Win32.SuspectCrc K7AntiVirus = Adware eTrust-Vet = Win32/Vundo.HTW!genus Emsisoft = Win32.SuspectCrc!IK Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Ponmocup McAfee-GW-Edition = Artemis!FEF6303FB3A3 DrWeb = Trojan.Juan.801 Kaspersky = not-a-virus:AdWare.Win32.SuperJuan.aiyb Microsoft = Trojan:Win32/Vundo.gen!CA Fortinet = W32/Agent.BOM!tr Jiangmin = Adware/SuperJuan.auo McAfee = Artemis!FEF6303FB3A3 F-Secure = Trojan.Generic.KDV.581626 VIPRE = Virtumonde AVG = Generic26.BOMO Sophos = Troj/Virtum-Gen GData = Trojan.Generic.KDV.581626 Symantec = Trojan.Gen.2 TheHacker = Trojan/Ponmocup.aa BitDefender = Trojan.Generic.KDV.581626 NOD32 = Win32/Ponmocup.AA
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 8.0 Code Size : 102400 Initialized Data Size : 57344 Uninitialized Data Size : 0 Entry Point : 0x103cd OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-03-27 22:05:15
VirusShare info last updated 2012-07-26 19:37:42

	MD5	00cfde6805c70e581d5899bd469508d4
	SHA1	de5d5b2b77df530fa6dbc58100be81e32bee2760
	SHA256	5c811ddd0ec3c6593a7d376064c114e05f531aeb27ea91d38a8b8ca896df6249
SSDeep	6144:9eEGbdH+SdcZuihMljj2zqs2SPYUzS8YwCpetrg5iyZjpz8KatX7z87R:9ehvSrqpOYVRwCpAg5iyZjpgX7z4
Size	361984 bytes
File Type	PE32 executable (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Crypt.XPACK.Gen Avast = Win32:Kryptik-CGZ [Trj] Ikarus = Trojan-Downloader.Win32.Ponmocup AhnLab-V3 = Win-Trojan/Pirminay.361984.F Panda = Generic Trojan Rising = Trojan.Win32.Fednu.cel nProtect = Trojan/W32.Pirminay.361984 K7AntiVirus = Trojan VirusBuster = Trojan.Pirminay!B5Oo3g3Pn84 VBA32 = Trojan.Pirminay.glk TrendMicro-HouseCall = TROJ_RENOS.BMC Emsisoft = Trojan-Downloader.Win32.Ponmocup!IK Comodo = TrojWare.Win32.Trojan.Agent.Gen McAfee-GW-Edition = Heuristic.BehavesLike.Win32.Suspicious.H DrWeb = Trojan.DownLoader2.53233 TrendMicro = TROJ_RENOS.BMC Kaspersky = Trojan.Win32.Pirminay.glk Microsoft = TrojanDownloader:Win32/Ponmocup.A ViRobot = Trojan.Win32.A.Pirminay.361984 Fortinet = W32/Kryptik.ANL!tr PCTools = HeurEngine.MaliciousPacker TotalDefense = Win32/Agent.ARH Jiangmin = Trojan/Pirminay.wz McAfee = Generic Malware.ms F-Secure = Trojan.Generic.KDV.215061 VIPRE = Trojan.Win32.Generic!BT AVG = Generic22.AITQ Norman = W32/Obfuscated.L Sophos = Troj/Agent-RML GData = Trojan.Generic.KDV.215061 Symantec = Packed.Generic.305 TheHacker = Trojan/Pirminay.glk BitDefender = Trojan.Generic.KDV.215061 NOD32 = Win32/Qhost.NRX
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:11:08 02:25:22-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 32768 Initialized Data Size : 634880 Uninitialized Data Size : 0 Entry Point : 0x7f06 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Bnouhtuon Jtthpieyllr File Description : Modem Monitor Applet File Version : 5.1.2600.0 (yrqtwofq.010817-1148) Internal Name : LIGHTS Legal Copyright : © Ipsulggif Jzirqtswkjr. All rights reserved. Original Filename : LIGHTS.EXE Product Name : Aqbqnkhjo® Rbotyci® Pqnogelfp Klidem Product Version : 5.1.2600.0
VirusTotal Report submitted 2012-07-05 18:51:08
VirusShare info last updated 2012-07-26 19:44:32

	MD5	58449aa3f6a432d0ea2669fd7b79aa74
	SHA1	92ae8394ae96803967a0208c8bbb16b34c0cb4e6
	SHA256	0c99c06ef8c061bbd87870ae4dab4874b204396585c8bfec3aecb3d68d1f4b2a
SSDeep	3072:R/JCdwqpFIXWorQArJKYcvZXBBhlNliM3WaEhJupbhpLq7X:lJCu4IGosAEYcvxNUYWaEmpNVq7X
Size	166400 bytes
File Type	PE32 executable (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/VB.Downloader.Gen Avast = Win32:Hosts-J [Trj] Ikarus = Trojan.Win32.Swisyn AhnLab-V3 = Trojan/Win32.Swisyn Rising = Trojan.Win32.QHost.awf nProtect = Trojan/W32.QHosts.166400 K7AntiVirus = Trojan VirusBuster = Trojan.Swisyn!whPY1JLc4mw VBA32 = SScope.Trojan.VB.0609 TrendMicro-HouseCall = TROJ_FAM_00001e3.TOMA Emsisoft = Trojan.Win32.Swisyn!IK Comodo = TrojWare.Win32.Swisyn.C CAT-QuickHeal = TrojanDownloader.Ponmocup.A3 SUPERAntiSpyware = Trojan.Agent/Gen-Qhost McAfee-GW-Edition = Swisyn.s DrWeb = Trojan.Siggen.461 TrendMicro = TROJ_FAM_00001e3.TOMA Kaspersky = Trojan.Win32.Swisyn.jyb Microsoft = TrojanDownloader:Win32/Ponmocup.A ViRobot = Trojan.Win32.Swisyn.65024 Fortinet = W32/Swisyn.CQV!tr PCTools = Malware.Changeup TotalDefense = Win32/Swisyn.R Jiangmin = Trojan/Swisyn.cby McAfee = Swisyn.s ClamAV = Trojan.VB-43290 F-Secure = Trojan.Qhosts.AVO VIPRE = Trojan.Win32.Swisyn.jyb (v) F-Prot = W32/Swisyn.E.gen!Eldorado AVG = Dropper.VB.CMD Norman = W32/DLoader.ACMAD Sophos = Mal/Swisyn-D GData = Trojan.Qhosts.AVO Symantec = W32.Changeup!gen Commtouch = W32/Swisyn.E.gen!Eldorado TheHacker = Trojan/Swisyn.jyb BitDefender = Trojan.Qhosts.AVO NOD32 = Win32/Qhost.NRX
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:13 10:28:38-04:00 PE Type : PE32 Linker Version : 6.0 Code Size : 8192 Initialized Data Size : 8192 Uninitialized Data Size : 0 Entry Point : 0x1088 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-07-04 09:49:20
VirusShare info last updated 2012-07-26 19:48:44

	MD5	48d58772b3b7d2f978506de6a726c8ce
	SHA1	7e53d7c54ad2a014f03259f9b89ccd6c324828fd
	SHA256	0eb94952fdf42e45f6b6a4e7c5e3879bd86ac0c9d1710f4c1c9c9a251009f1b7
SSDeep	6144:jP9NuZSPKFF3SXFGBJnoPtsfbY2m9RJcKFf6JU1OSO:jVcs0Fi1GL3fqe+0
Size	226304 bytes
File Type	PE32 executable (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Crypt.ZPACK.Gen Avast = Win32:Downloader-ITP [Trj] Ikarus = Trojan.Win32.Jorik AhnLab-V3 = Trojan/Win32.Jorik Panda = Trj/CI.A nProtect = Trojan.Generic.KDV.294510 K7AntiVirus = Trojan VirusBuster = Trojan.DL.Agent!BTTuC3URMvk VBA32 = Trojan.Jorik.Pirminay.be TrendMicro-HouseCall = TROJ_RENOS.BMC Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Jorik!IK CAT-QuickHeal = Trojan.Jorik.Pirminay.bs McAfee-GW-Edition = Heuristic.LooksLike.Win32.Suspicious.B DrWeb = Trojan.DownLoader4.17262 TrendMicro = TROJ_RENOS.BMC Kaspersky = Trojan.Win32.Jorik.Pirminay.bs Microsoft = TrojanDownloader:Win32/Renos.KC Fortinet = W32/Jorik.K!tr PCTools = Downloader.Generic Jiangmin = Trojan/Generic.hxys McAfee = Artemis!48D58772B3B7 F-Secure = Trojan.Generic.KDV.294510 VIPRE = Trojan.Win32.Generic!BT AVG = SHeur3.CKHO Norman = W32/Kryptik.ALS Sophos = Mal/Ponmocup-C GData = Trojan.Generic.KDV.294510 Symantec = Downloader TheHacker = Trojan/Jorik.Pirminay.bs BitDefender = Trojan.Generic.KDV.294510 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 16384 Initialized Data Size : 217088 Uninitialized Data Size : 0 Entry Point : 0x135e OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : Chinese (Traditional) Character Set : Unicode Company Name : Zsrgmucrq Gvwyqwxbhck File Description : Generic IME 5.0 version File Version : 5.1.2600.0 (mfpqpkzr.010817-1148) Internal Name : Generic IME Legal Copyright : c Wpogpexsi Mndjoshejss. All rights reserved. Original Filename : UNIIME.DLL Product Name : FwfkddijzR AtyrkxwR Elpekrppu Zpuevp Product Version : 5.1.2600.0 Warning : Possibly corrupt Version resource
VirusTotal Report submitted 2012-07-04 10:23:55
VirusShare info last updated 2012-07-26 19:49:31

	MD5	152ac6903aed001acb300f81bd7b197f
	SHA1	f28b5560613d5f3ff5bf7b47a091f887928305e7
	SHA256	158cff9cb659d1fa8c3886e7ddf38a0c6d47069ef99945660798d2a408cd78c8
SSDeep	1536:94NyhlZ342TT9yNJp2BYkH8Lio35/XmqpGrWmqpntHpCnUeOP/7bE58R:GNGvTClLi6/3pGrWmqNtJCAP/7Y5
Size	114688 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/PWS.Sinowal.Gen Ikarus = Win32.Diller Panda = Trj/CI.A Emsisoft = Win32.Diller!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Vundo.gen.fv DrWeb = Trojan.Click2.23397 Microsoft = Trojan:Win32/Vundo.gen!AV PCTools = HeurEngine.MaliciousPacker McAfee = Vundo.gen.fv F-Secure = Gen:Variant.Barys.407 AVG = Agent3.BHUC Symantec = Packed.Generic.371 GData = Gen:Variant.Barys.407 BitDefender = Gen:Variant.Barys.407 NOD32 = a variant of Win32/Ponmocup.AH
ExIF Data	File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 8.0 Code Size : 73728 Initialized Data Size : 40960 Uninitialized Data Size : 0 Entry Point : 0x252f OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-07-04 12:44:42
VirusShare info last updated 2012-07-26 19:52:13

	MD5	1c633e3da439f27a5ac65922eec51d70
	SHA1	8f16b96793d3857be005e0645fd5b4c0e4379725
	SHA256	dda4bbc73a7622c21589514ed920f82a6864b8345c98fef88fd9de2bd76914e3
SSDeep	3072:RSJCdwqpFIXWorQArJKYcvZXBBhlNliM3WaEhJupbhpLq7X:gJCu4IGosAEYcvxNUYWaEmpNVq7X
Size	166400 bytes
File Type	PE32 executable (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/VB.Downloader.Gen Avast = Win32:Hosts-J [Trj] Ikarus = Trojan.Win32.Swisyn AhnLab-V3 = Trojan/Win32.Swisyn Panda = Trj/Qhost.LU Rising = Trojan.Win32.QHost.awf nProtect = Trojan/W32.QHosts.166400 K7AntiVirus = Trojan VirusBuster = Trojan.Swisyn!whPY1JLc4mw VBA32 = SScope.Trojan.VB.0609 TrendMicro-HouseCall = TROJ_FAM_00001e3.TOMA Emsisoft = Trojan.Win32.Swisyn!IK Comodo = TrojWare.Win32.Swisyn.C CAT-QuickHeal = TrojanDownloader.Ponmocup.A3 SUPERAntiSpyware = Trojan.Agent/Gen-Qhost McAfee-GW-Edition = Swisyn.s DrWeb = Trojan.Siggen.461 TrendMicro = TROJ_FAM_00001e3.TOMA Kaspersky = Trojan.Win32.Swisyn.jyb Microsoft = TrojanDownloader:Win32/Ponmocup.A ViRobot = Trojan.Win32.Swisyn.65024 Fortinet = W32/Swisyn.CQV!tr PCTools = Malware.Changeup TotalDefense = Win32/Swisyn.R Jiangmin = Trojan/Swisyn.cby McAfee = Swisyn.s ClamAV = Trojan.VB-43290 F-Secure = Trojan.Qhosts.AVO VIPRE = Trojan.Win32.Swisyn.jyb (v) F-Prot = W32/Swisyn.E.gen!Eldorado AVG = Dropper.VB.CMD Norman = W32/DLoader.ACMAD Sophos = Mal/Swisyn-D GData = Trojan.Qhosts.AVO Symantec = W32.Changeup!gen Commtouch = W32/Swisyn.E.gen!Eldorado TheHacker = Trojan/Swisyn.jyb BitDefender = Trojan.Qhosts.AVO NOD32 = Win32/Qhost.NRX
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:13 10:28:38-04:00 PE Type : PE32 Linker Version : 6.0 Code Size : 8192 Initialized Data Size : 8192 Uninitialized Data Size : 0 Entry Point : 0x1088 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-07-08 18:13:31
VirusShare info last updated 2012-07-26 19:54:33

	MD5	27aa08d113034eae5565fe2e8813a01e
	SHA1	9cef109fb1a73439dddca04b756e60720828819a
	SHA256	4b953e077b245de00a01173066334e65185f6bcbbfd162a3975abb46cf222449
SSDeep	6144:TTUyAs15d/3BfydG/wyBMUyAg8jId0a3kPx/GA6UerC26ie+T5SvCtWR8:/53B6GnBMUQyaUZGAjLvC8a
Size	363452 bytes
File Type	PE32 executable (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Crypt.XPACK.Gen Avast = Win32:Dropper-gen [Drp] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Win-Trojan/Pirminay.363452 Panda = Trj/CI.A K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!SwtpIwwljRQ VBA32 = Trojan.Pirminay.hml TrendMicro-HouseCall = TROJ_RENOS.BMC Emsisoft = Trojan.Win32.Pirminay!IK Comodo = TrojWare.Win32.Trojan.Agent.Gen McAfee-GW-Edition = Downloader.a!ck DrWeb = Trojan.DownLoader4.46321 TrendMicro = TROJ_RENOS.BMC Kaspersky = Trojan.Win32.Pirminay.hml Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Kryptik.ANL!tr PCTools = Downloader.Generic Jiangmin = Trojan/Pirminay.agv McAfee = Downloader.a!ck F-Secure = Gen:Variant.Vundo.5 VIPRE = Trojan.Win32.Generic!BT AVG = Generic22.ANYC Norman = W32/Obfuscated.L Sophos = Mal/Ponmocup-A GData = Gen:Variant.Vundo.5 Symantec = Downloader TheHacker = Trojan/Pirminay.goj BitDefender = Gen:Variant.Vundo.5 NOD32 = a variant of Win32/Kryptik.LLT
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:03:30 21:37:48-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 65536 Initialized Data Size : 589824 Uninitialized Data Size : 0 Entry Point : 0xcc6b OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.0.2195.6620 Product Version Number : 5.0.2195.6620 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Gthapoftv Nkvupyqcxix File Description : IIS Log File Conversion Utility File Version : 5.00.2195.6620 Internal Name : convlog.exe Legal Copyright : Copyright (C) Rpruciyyz Corp. 1981-1999 Original Filename : convlog.exe Product Name : Nihezboez(R) Jsfokgn (R) 2000 Xwnmsixqj Rzhtlp Product Version : 5.00.2195.6620
VirusTotal Report submitted 2012-07-05 13:47:01
VirusShare info last updated 2012-07-26 19:58:38

	MD5	3255e3b79da23f3e763ccfc7c8349530
	SHA1	f478f5256900c833c0204cafcab31a1b02159f44
	SHA256	cf350100bc57cf92eb94a268c37318e69537a310750d42553768afdab8dad161
SSDeep	1536:2IzE9TwyF2yxj5U+3puYE7EyVtt5jF5I/auqFRxzUavNWPnytYo8MRoDx1StIvRt:RgVw1yHUKqRz56dqFrdYoK91SaR1yxc
Size	151552 bytes
File Type	PE32 executable (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/VB.Downloader.Gen Avast = Win32:Hosts-J [Trj] Ikarus = Trojan.Win32.Swisyn AhnLab-V3 = Win-Trojan/Agent.151552.RA Panda = Trj/Qhost.LU Rising = Trojan.Win32.QHost.awf nProtect = Trojan/W32.QHosts.151552 K7AntiVirus = Trojan VirusBuster = Trojan.Swisyn!whPY1JLc4mw VBA32 = SScope.Trojan.VB.0609 TrendMicro-HouseCall = TROJ_FAM_00001e3.TOMA Comodo = TrojWare.Win32.Swisyn.C Emsisoft = Trojan.Win32.Swisyn!IK CAT-QuickHeal = TrojanDownloader.Ponmocup.A3 SUPERAntiSpyware = Trojan.Agent/Gen-PSW McAfee-GW-Edition = Swisyn.s DrWeb = Trojan.Siggen.461 TrendMicro = TROJ_FAM_00001e3.TOMA Kaspersky = Trojan.Win32.Swisyn.jyb Microsoft = TrojanDownloader:Win32/Ponmocup.A ViRobot = Trojan.Win32.Swisyn.65024 Fortinet = W32/Swisyn.CQV!tr PCTools = Malware.Changeup TotalDefense = Win32/Swisyn.R Jiangmin = Trojan/Swisyn.cby McAfee = Swisyn.s ClamAV = Trojan.VB-43290 F-Secure = Trojan.Qhosts.AVO VIPRE = Trojan.Win32.Swisyn.jyb (v) F-Prot = W32/Swisyn.E.gen!Eldorado AVG = Dropper.VB.CMD Norman = W32/DLoader.ACMAD Sophos = Mal/Swisyn-D GData = Trojan.Qhosts.AVO Symantec = W32.Changeup!gen Commtouch = W32/Swisyn.E.gen!Eldorado TheHacker = Trojan/Swisyn.jyb BitDefender = Trojan.Qhosts.AVO NOD32 = Win32/Qhost.NRX
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:13 10:28:38-04:00 PE Type : PE32 Linker Version : 6.0 Code Size : 8192 Initialized Data Size : 8192 Uninitialized Data Size : 0 Entry Point : 0x1088 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-07-07 15:16:52
VirusShare info last updated 2012-07-26 20:01:14

	MD5	44b75a21f3d7372e00f5b796c2eb83d9
	SHA1	ece28519ea2930259d7c421402ebe7e94b3cad3f
	SHA256	4a54fc5909f60cb6aabb7bfe1ba4912fd65e69706e6c5252d2c8abc0dc9b8083
SSDeep	3072:RK1rfKV3NyVXKE3m4W7dv6NtZGmj7OwZuGexL:oKREs0Nt5bkGed
Size	131072 bytes
File Type	PE32 executable (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/VB.Downloader.Gen Avast = Win32:Hosts-J [Trj] Ikarus = Trojan.Win32.Swisyn AhnLab-V3 = Trojan/Win32.Swisyn Panda = Trj/Qhost.LU Rising = Trojan.Win32.QHost.awf nProtect = Trojan/W32.Swisyn.131072.T K7AntiVirus = Trojan VirusBuster = Trojan.Swisyn!whPY1JLc4mw VBA32 = SScope.Trojan.VB.0609 TrendMicro-HouseCall = TROJ_FAM_00001e3.TOMA Emsisoft = Trojan.Win32.Swisyn!IK Comodo = TrojWare.Win32.Swisyn.C CAT-QuickHeal = TrojanDownloader.Ponmocup.A3 SUPERAntiSpyware = Trojan.Agent/Gen-Qhost McAfee-GW-Edition = Heuristic.BehavesLike.Win32.Downloader.A DrWeb = Trojan.Siggen.461 TrendMicro = TROJ_FAM_00001e3.TOMA Kaspersky = Trojan.Win32.Swisyn.jyb Microsoft = TrojanDownloader:Win32/Ponmocup.A ViRobot = Trojan.Win32.Swisyn.65024 Fortinet = W32/Swisyn.CQV!tr PCTools = Malware.Changeup TotalDefense = Win32/Swisyn.R Jiangmin = Trojan/Swisyn.cby McAfee = Swisyn.s ClamAV = Trojan.VB-43290 F-Secure = Trojan.Qhosts.AVO VIPRE = Trojan.Win32.Swisyn.jyb (v) F-Prot = W32/Swisyn.E.gen!Eldorado AVG = Dropper.VB.CMD Norman = W32/DLoader.ACMAD Sophos = Mal/Swisyn-D GData = Trojan.Qhosts.AVO Symantec = W32.Changeup!gen Commtouch = W32/Swisyn.E.gen!Eldorado TheHacker = Trojan/Swisyn.jyb BitDefender = Trojan.Qhosts.AVO NOD32 = Win32/Qhost.NRX
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:13 10:28:38-04:00 PE Type : PE32 Linker Version : 6.0 Code Size : 8192 Initialized Data Size : 8192 Uninitialized Data Size : 0 Entry Point : 0x1088 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-07-05 13:17:17
VirusShare info last updated 2012-07-26 20:05:18

	MD5	4cd1dba6c75aa4af5f963ffc85773ab4
	SHA1	bcee4496b722bcbf0583c34f0a7035cafa0eb646
	SHA256	6feb86c50dcbe385d9467c36384873b8f7a27ddb7e4d420eabe6f810a32a1855
SSDeep	3072:Rw6P/koej4jBvO0gOOMmp9oJ9oYukcEnDc+BAS:hE8vO07OMm8FubuDc+r
Size	131072 bytes
File Type	PE32 executable (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/VB.Downloader.Gen Avast = Win32:Hosts-J [Trj] Ikarus = Trojan.Win32.Swisyn AhnLab-V3 = Trojan/Win32.Swisyn Panda = Trj/Qhost.LU Rising = Trojan.Win32.QHost.awf nProtect = Trojan/W32.Swisyn.131072.T K7AntiVirus = Trojan VirusBuster = Trojan.Swisyn!whPY1JLc4mw VBA32 = SScope.Trojan.VB.0609 TrendMicro-HouseCall = TROJ_FAM_00001e3.TOMA Emsisoft = Trojan.Win32.Swisyn!IK CAT-QuickHeal = TrojanDownloader.Ponmocup.A3 SUPERAntiSpyware = Trojan.Agent/Gen-Qhost McAfee-GW-Edition = Heuristic.BehavesLike.Win32.Downloader.A TrendMicro = TROJ_FAM_00001e3.TOMA Kaspersky = Trojan.Win32.Swisyn.jyb Microsoft = TrojanDownloader:Win32/Ponmocup.A ViRobot = Trojan.Win32.Swisyn.65024 Fortinet = W32/Swisyn.CQV!tr PCTools = Malware.Changeup TotalDefense = Win32/Swisyn.R Jiangmin = Trojan/Swisyn.cby McAfee = Swisyn.s ClamAV = Trojan.VB-43290 F-Secure = Trojan.Qhosts.AVO VIPRE = Trojan.Win32.Swisyn.jyb (v) F-Prot = W32/Swisyn.E.gen!Eldorado AVG = Dropper.VB.CMD Norman = W32/DLoader.ACMAD Sophos = Mal/Swisyn-D Symantec = W32.Changeup!gen GData = Trojan.Qhosts.AVO Commtouch = W32/Swisyn.E.gen!Eldorado TheHacker = Trojan/Swisyn.jyb BitDefender = Trojan.Qhosts.AVO NOD32 = Win32/Qhost.NRX
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:13 10:28:38-04:00 PE Type : PE32 Linker Version : 6.0 Code Size : 8192 Initialized Data Size : 8192 Uninitialized Data Size : 0 Entry Point : 0x1088 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-07-06 00:31:36
VirusShare info last updated 2012-07-26 20:07:05

	MD5	4e9887a9f2aa547370fc297b34971d16
	SHA1	e5cd771249eb8e00c38fc858fab27c0b3112c833
	SHA256	c190cc1336c3ae53132d870232ce500635f346579b737d306413182d0a7878d6
SSDeep	12288:wXkjfAo+00LmgYNOH0nRZPhIfpoCTJHdN+/p:mo+1mgYOH0nnhjgrN+/p
Size	401876 bytes
File Type	PE32 executable (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Spy.401845 Avast = Win32:Kryptik-BLF [Trj] Ikarus = Trojan.Win32.Pirminay Panda = Trj/CI.A VirusBuster = Trojan.Agent!GQTD9pITbks Comodo = TrojWare.Win32.Trojan.Agent.Gen Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Heuristic.BehavesLike.Win32.Suspicious.H DrWeb = Trojan.DownLoader4.47727 Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.tt McAfee = Generic Malware.ms F-Secure = Gen:Variant.Vundo.11 VIPRE = Trojan.Win32.Generic!BT AVG = Generic22.BR Norman = W32/Kryptik.AIF Sophos = Mal/Ponmocup-C Symantec = Trojan.Gen GData = Gen:Variant.Vundo.11 TheHacker = Trojan/Pirminay.fdt BitDefender = Gen:Variant.Vundo.11 NOD32 = a variant of Win32/Kryptik.LXF
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:12 14:13:41-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 77824 Initialized Data Size : 630784 Uninitialized Data Size : 0 Entry Point : 0x1318c OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Unicode Company Name : Nuawdfuth Vvjeavkgphw File Description : Virtual WiFi Bus Driver File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : VWiFiBus.sys Legal Copyright : © Irxrlzomg Svalqtoyspi. All rights reserved. Original Filename : VWiFiBus.sys Product Name : Rjpeyzlhi® Doeeaff® Vmkslwdyo Xhlqwh Product Version : 6.1.7600.16385
VirusTotal Report submitted 2012-07-07 07:09:32
VirusShare info last updated 2012-07-26 20:07:28

	MD5	5e89ac684e2e3a72376eef34d2ad42dd
	SHA1	fc9803d1bc535768f81f96a37d2a178a1eca2761
	SHA256	a336dabbecd1c91a4ac20548d23a82009ac118b7d619083cd4181b02408d4d06
SSDeep	1536:2ISidmqd9ymEpzC3hnexF8EFLGsrkVh1CAPdCjlTrQbQAF0E0rwPyR3HUsr3xydD:RSemqWXp2n7EnydxEAF2rayR3ZrMy5iv
Size	131584 bytes
File Type	PE32 executable (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/VB.Downloader.Gen Avast = Win32:Hosts-J [Trj] Ikarus = Trojan.Win32.Swisyn AhnLab-V3 = Trojan/Win32.Swisyn Panda = Trj/Qhost.LU Rising = Trojan.Win32.QHost.awf nProtect = Trojan.Qhosts.AVO K7AntiVirus = Trojan VirusBuster = Trojan.Swisyn!whPY1JLc4mw VBA32 = SScope.Trojan.VB.0609 TrendMicro-HouseCall = TROJ_FAM_00001e3.TOMA Comodo = TrojWare.Win32.Swisyn.C Emsisoft = Trojan.Win32.Swisyn!IK CAT-QuickHeal = TrojanDownloader.Ponmocup.A3 SUPERAntiSpyware = Trojan.Agent/Gen-Qhost McAfee-GW-Edition = Heuristic.BehavesLike.Win32.Downloader.A DrWeb = Trojan.Siggen.461 TrendMicro = TROJ_FAM_00001e3.TOMA Kaspersky = Trojan.Win32.Swisyn.jyb Microsoft = TrojanDownloader:Win32/Ponmocup.A ViRobot = Trojan.Win32.Swisyn.65024 Fortinet = W32/Swisyn.CQV!tr PCTools = Malware.Changeup TotalDefense = Win32/Swisyn.R Jiangmin = Trojan/Swisyn.cby McAfee = Swisyn.s ClamAV = Trojan.VB-43290 F-Secure = Trojan.Qhosts.AVO VIPRE = Trojan.Win32.Swisyn.jyb (v) F-Prot = W32/Swisyn.E.gen!Eldorado AVG = Dropper.VB.CMD Norman = W32/DLoader.ACMAD Sophos = Mal/Swisyn-D GData = Trojan.Qhosts.AVO Symantec = W32.Changeup!gen Commtouch = W32/Swisyn.E.gen!Eldorado TheHacker = Trojan/Swisyn.jyb BitDefender = Trojan.Qhosts.AVO NOD32 = Win32/Qhost.NRX
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:13 10:28:38-04:00 PE Type : PE32 Linker Version : 6.0 Code Size : 8192 Initialized Data Size : 8192 Uninitialized Data Size : 0 Entry Point : 0x1088 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-07-06 16:53:03
VirusShare info last updated 2012-07-26 20:10:44

	MD5	5ed9235476b98042246cabbc7a9e5612
	SHA1	e762c4115f9d8ed351e47912ca758363a8cd58a8
	SHA256	63eec88b4c18c7fc64c4d311e81b0486b902ca1e9def432c3b84bb557b6dddcd
SSDeep	3072:RUXr5URsVOzP0LIfluZ0Xx1W/LBMJfgQ7/FMuHKh:6XhVG0i0DBMJx/9k
Size	132608 bytes
File Type	PE32 executable (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/VB.Downloader.Gen Avast = Win32:Hosts-J [Trj] Ikarus = Trojan.Win32.Swisyn AhnLab-V3 = Trojan/Win32.Swisyn Panda = Trj/Qhost.LU Rising = Trojan.Win32.QHost.awf nProtect = Trojan/W32.Swisyn.132608.B K7AntiVirus = Trojan VirusBuster = Trojan.Swisyn!whPY1JLc4mw VBA32 = SScope.Trojan.VB.0609 TrendMicro-HouseCall = TROJ_FAM_00001e3.TOMA Emsisoft = Trojan.Win32.Swisyn!IK Comodo = TrojWare.Win32.Swisyn.C CAT-QuickHeal = TrojanDownloader.Ponmocup.A3 SUPERAntiSpyware = Trojan.Agent/Gen-Qhost McAfee-GW-Edition = Heuristic.BehavesLike.Win32.Downloader.A DrWeb = Trojan.Siggen.461 TrendMicro = TROJ_FAM_00001e3.TOMA Kaspersky = Trojan.Win32.Swisyn.jyb ViRobot = Trojan.Win32.Swisyn.65024 Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Swisyn.CQV!tr PCTools = Malware.Changeup TotalDefense = Win32/Swisyn.R Jiangmin = Trojan/Swisyn.cby McAfee = Swisyn.s ClamAV = Trojan.VB-43290 F-Secure = Trojan.Qhosts.AVO VIPRE = Trojan.Win32.Swisyn.jyb (v) F-Prot = W32/Swisyn.E.gen!Eldorado AVG = Dropper.VB.CMD Norman = W32/DLoader.ACMAD Sophos = Mal/Swisyn-D GData = Trojan.Qhosts.AVO Symantec = W32.Changeup!gen Commtouch = W32/Swisyn.E.gen!Eldorado TheHacker = Trojan/Swisyn.jyb BitDefender = Trojan.Qhosts.AVO NOD32 = Win32/Qhost.NRX
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:13 10:28:38-04:00 PE Type : PE32 Linker Version : 6.0 Code Size : 8192 Initialized Data Size : 8192 Uninitialized Data Size : 0 Entry Point : 0x1088 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-07-05 20:54:39
VirusShare info last updated 2012-07-26 20:10:49

	MD5	609fdb88a28bc506af1386bf86d400dd
	SHA1	9313b2b309c08e621ac5294ec1ecf5ca70baddf0
	SHA256	a0b3ddacd683e22fbba786a783bc9088c0c87d03c71996f7d907689474684c7b
SSDeep	3072:RMJCdwqpFIXWorQArJKYcvZXBBhlNliM3WaEhJupbhpLq7X:CJCu4IGosAEYcvxNUYWaEmpNVq7X
Size	166400 bytes
File Type	PE32 executable (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/VB.Downloader.Gen Avast = Win32:Hosts-J [Trj] Ikarus = Trojan.Win32.Swisyn AhnLab-V3 = Trojan/Win32.Swisyn Panda = Trj/Qhost.LU Rising = Trojan.Win32.QHost.awf nProtect = Trojan/W32.QHosts.166400 K7AntiVirus = Trojan VirusBuster = Trojan.Swisyn!whPY1JLc4mw VBA32 = SScope.Trojan.VB.0609 TrendMicro-HouseCall = TROJ_FAM_00001e3.TOMA Comodo = TrojWare.Win32.Swisyn.C Emsisoft = Trojan.Win32.Swisyn!IK CAT-QuickHeal = TrojanDownloader.Ponmocup.A3 SUPERAntiSpyware = Trojan.Agent/Gen-Qhost McAfee-GW-Edition = Swisyn.s DrWeb = Trojan.Siggen.461 TrendMicro = TROJ_FAM_00001e3.TOMA Kaspersky = Trojan.Win32.Swisyn.jyb Microsoft = TrojanDownloader:Win32/Ponmocup.A ViRobot = Trojan.Win32.Swisyn.65024 Fortinet = W32/Swisyn.CQV!tr PCTools = Malware.Changeup TotalDefense = Win32/Swisyn.R Jiangmin = Trojan/Swisyn.cby McAfee = Swisyn.s ClamAV = Trojan.VB-43290 F-Secure = Trojan.Qhosts.AVO VIPRE = Trojan.Win32.Swisyn.jyb (v) F-Prot = W32/Swisyn.E.gen!Eldorado AVG = Dropper.VB.CMD Norman = W32/DLoader.ACMAD Sophos = Mal/Swisyn-D GData = Trojan.Qhosts.AVO Symantec = W32.Changeup!gen Commtouch = W32/Swisyn.E.gen!Eldorado TheHacker = Trojan/Swisyn.jyb BitDefender = Trojan.Qhosts.AVO NOD32 = Win32/Qhost.NRX
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:13 10:28:38-04:00 PE Type : PE32 Linker Version : 6.0 Code Size : 8192 Initialized Data Size : 8192 Uninitialized Data Size : 0 Entry Point : 0x1088 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-07-06 16:03:34
VirusShare info last updated 2012-07-26 20:11:13

	MD5	623d8f28fbd0ce942c831e87b2bd9fd7
	SHA1	e6f143a7b4a45e0f4d0d551b223900efd3ff5eea
	SHA256	5fd4aa74c7e1365593793a47798ddf968a333ca3921fd5a366b6399beceae259
SSDeep	3072:RIJCdwqpFIXWorQArJKYcvZXBBhlNliM3WaEhJupbhpLq7X:2JCu4IGosAEYcvxNUYWaEmpNVq7X
Size	166400 bytes
File Type	PE32 executable (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/VB.Downloader.Gen Avast = Win32:Hosts-J [Trj] Ikarus = Trojan.Win32.Swisyn AhnLab-V3 = Trojan/Win32.Swisyn Panda = Trj/Qhost.LU Rising = Trojan.Win32.QHost.awf nProtect = Trojan/W32.QHosts.166400 K7AntiVirus = Trojan VirusBuster = Trojan.Swisyn!whPY1JLc4mw VBA32 = SScope.Trojan.VB.0609 TrendMicro-HouseCall = TROJ_FAM_00001e3.TOMA Emsisoft = Trojan.Win32.Swisyn!IK Comodo = TrojWare.Win32.Swisyn.C CAT-QuickHeal = TrojanDownloader.Ponmocup.A3 SUPERAntiSpyware = Trojan.Agent/Gen-Qhost McAfee-GW-Edition = Swisyn.s DrWeb = Trojan.Siggen.461 TrendMicro = TROJ_FAM_00001e3.TOMA Kaspersky = Trojan.Win32.Swisyn.jyb Microsoft = TrojanDownloader:Win32/Ponmocup.A ViRobot = Trojan.Win32.Swisyn.65024 Fortinet = W32/Swisyn.CQV!tr PCTools = Malware.Changeup TotalDefense = Win32/Swisyn.R Jiangmin = Trojan/Swisyn.cby McAfee = Swisyn.s ClamAV = Trojan.VB-43290 F-Secure = Trojan.Qhosts.AVO VIPRE = Trojan.Win32.Swisyn.jyb (v) F-Prot = W32/Swisyn.E.gen!Eldorado AVG = Dropper.VB.CMD Norman = W32/DLoader.ACMAD Sophos = Mal/Swisyn-D GData = Trojan.Qhosts.AVO Symantec = W32.Changeup!gen Commtouch = W32/Swisyn.E.gen!Eldorado TheHacker = Trojan/Swisyn.jyb BitDefender = Trojan.Qhosts.AVO NOD32 = Win32/Qhost.NRX
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:13 10:28:38-04:00 PE Type : PE32 Linker Version : 6.0 Code Size : 8192 Initialized Data Size : 8192 Uninitialized Data Size : 0 Entry Point : 0x1088 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-07-05 19:49:11
VirusShare info last updated 2012-07-26 20:11:34

	MD5	63ac56f2970d508c4bc97776fea475f5
	SHA1	e848790a647adaf5df7ef42385c8512bf705ce60
	SHA256	70ea1d76489507cb36701515669da6719437bdd22bbbcc8f636c80d9b3fed33b
SSDeep	3072:R30ucD2+1XFe/7VRcTOTE8ZF1H2uhBiXb/LZPR0G:N0u62+pwDHcCTPnBDsjNPRR
Size	142848 bytes
File Type	PE32 executable (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/VB.Downloader.Gen Avast = Win32:Hosts-J [Trj] Ikarus = Trojan.Win32.Swisyn AhnLab-V3 = Trojan/Win32.Swisyn Panda = Trj/Qhost.LU Rising = Trojan.Win32.QHost.awf nProtect = Trojan/W32.QHosts.142848 K7AntiVirus = Trojan VirusBuster = Trojan.Swisyn!whPY1JLc4mw VBA32 = SScope.Trojan.VB.0609 TrendMicro-HouseCall = TROJ_FAM_00001e3.TOMA Comodo = TrojWare.Win32.Swisyn.C Emsisoft = Trojan.Win32.Swisyn!IK CAT-QuickHeal = TrojanDownloader.Ponmocup.A3 SUPERAntiSpyware = Trojan.Agent/Gen-Qhost McAfee-GW-Edition = Heuristic.BehavesLike.Win32.Downloader.A DrWeb = Trojan.Siggen.461 TrendMicro = TROJ_FAM_00001e3.TOMA Kaspersky = Trojan.Win32.Swisyn.jyb Microsoft = TrojanDownloader:Win32/Ponmocup.A ViRobot = Trojan.Win32.Swisyn.65024 Fortinet = W32/Swisyn.CQV!tr PCTools = Malware.Changeup TotalDefense = Win32/Swisyn.R Jiangmin = Trojan/Swisyn.cby McAfee = Swisyn.s ClamAV = Trojan.VB-43290 F-Secure = Trojan.Qhosts.AVO VIPRE = Trojan.Win32.Swisyn.jyb (v) F-Prot = W32/Swisyn.E.gen!Eldorado AVG = Dropper.VB.CMD Norman = W32/DLoader.ACMAD Sophos = Mal/Swisyn-D GData = Trojan.Qhosts.AVO Symantec = W32.Changeup!gen Commtouch = W32/Swisyn.E.gen!Eldorado TheHacker = Trojan/Swisyn.jyb BitDefender = Trojan.Qhosts.AVO NOD32 = Win32/Qhost.NRX
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:13 10:28:38-04:00 PE Type : PE32 Linker Version : 6.0 Code Size : 8192 Initialized Data Size : 8192 Uninitialized Data Size : 0 Entry Point : 0x1088 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-07-06 00:49:40
VirusShare info last updated 2012-07-26 20:11:53

	MD5	8ce5b0abe27d157eaf6fe1acd6420972
	SHA1	8be4e32d002b74bd7dead703165c7089768bf7de
	SHA256	36c049aff4a36f0bf11c93e9677dbb633b43d5407a7e0a0fa80e5ebe27f48903
SSDeep	3072:RSJCdwqpFIXWorQArJKYcvZXBBhlNliM3WaEhJupbhpLq7X:oJCu4IGosAEYcvxNUYWaEmpNVq7X
Size	166400 bytes
File Type	PE32 executable (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/VB.Downloader.Gen Avast = Win32:Hosts-J [Trj] Ikarus = Trojan.Win32.Swisyn AhnLab-V3 = Trojan/Win32.Swisyn Panda = Trj/Qhost.LU Rising = Trojan.Win32.QHost.awf nProtect = Trojan/W32.QHosts.166400 K7AntiVirus = Trojan VirusBuster = Trojan.Swisyn!whPY1JLc4mw VBA32 = SScope.Trojan.VB.0609 TrendMicro-HouseCall = TROJ_FAM_00001e3.TOMA Emsisoft = Trojan.Win32.Swisyn!IK CAT-QuickHeal = TrojanDownloader.Ponmocup.A3 SUPERAntiSpyware = Trojan.Agent/Gen-Qhost McAfee-GW-Edition = Swisyn.s DrWeb = Trojan.Siggen.461 TrendMicro = TROJ_FAM_00001e3.TOMA Kaspersky = Trojan.Win32.Swisyn.jyb ViRobot = Trojan.Win32.Swisyn.65024 Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Swisyn.CQV!tr PCTools = Malware.Changeup TotalDefense = Win32/Swisyn.R Jiangmin = Trojan/Swisyn.cby McAfee = Swisyn.s ClamAV = Trojan.VB-43290 F-Secure = Trojan.Qhosts.AVO VIPRE = Trojan.Win32.Swisyn.jyb (v) F-Prot = W32/Swisyn.E.gen!Eldorado AVG = Dropper.VB.CMD Norman = W32/DLoader.ACMAD Sophos = Mal/Swisyn-D Symantec = W32.Changeup!gen GData = Trojan.Qhosts.AVO Commtouch = W32/Swisyn.E.gen!Eldorado TheHacker = Trojan/Swisyn.jyb BitDefender = Trojan.Qhosts.AVO NOD32 = Win32/Qhost.NRX
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:13 10:28:38-04:00 PE Type : PE32 Linker Version : 6.0 Code Size : 8192 Initialized Data Size : 8192 Uninitialized Data Size : 0 Entry Point : 0x1088 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-07-05 05:15:59
VirusShare info last updated 2012-07-26 20:21:29

	MD5	99e5f9e0c17c5e7d534999fead4c552e
	SHA1	7cac9c2ce23343cf9c26e711711d9122a2397ad8
	SHA256	3c3d56ccb6581346a20e6ad5f40f2da53640d69d4f47f4d73497eaa42e23b425
SSDeep	3072:RoBItzc+2i0LrHa7Kt4g0Z5BvOUVIiIRE8s40zbzc6kiXYHcn:/zN2i0P673ZLtOUGiATsc61X
Size	172032 bytes
File Type	PE32 executable (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/VB.Downloader.Gen Avast = Win32:Hosts-J [Trj] Ikarus = Trojan.Win32.Swisyn AhnLab-V3 = Trojan/Win32.Swisyn Panda = Trj/Qhost.LU Rising = Trojan.Win32.QHost.awf nProtect = Trojan/W32.QHosts.172032 K7AntiVirus = Trojan VirusBuster = Trojan.Swisyn!whPY1JLc4mw VBA32 = SScope.Trojan.VB.0609 TrendMicro-HouseCall = TROJ_FAM_00001e3.TOMA Emsisoft = Trojan.Win32.Swisyn!IK Comodo = TrojWare.Win32.Swisyn.C CAT-QuickHeal = TrojanDownloader.Ponmocup.A3 SUPERAntiSpyware = Trojan.Agent/Gen-Qhost McAfee-GW-Edition = Swisyn.s DrWeb = Trojan.Siggen.461 TrendMicro = TROJ_FAM_00001e3.TOMA Kaspersky = Trojan.Win32.Swisyn.jyb ViRobot = Trojan.Win32.Swisyn.65024 Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Swisyn.CQV!tr PCTools = Malware.Changeup TotalDefense = Win32/Swisyn.R Jiangmin = Trojan/Swisyn.cby McAfee = Swisyn.s ClamAV = Trojan.VB-43290 F-Secure = Trojan.Qhosts.AVO VIPRE = Trojan.Win32.Swisyn.jyb (v) F-Prot = W32/Swisyn.E.gen!Eldorado AVG = Dropper.VB.CMD Norman = W32/DLoader.ACMAD Sophos = Mal/Swisyn-D GData = Trojan.Qhosts.AVO Symantec = W32.Changeup!gen Commtouch = W32/Swisyn.E.gen!Eldorado TheHacker = Trojan/Swisyn.jyb BitDefender = Trojan.Qhosts.AVO NOD32 = Win32/Qhost.NRX
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:13 10:28:38-04:00 PE Type : PE32 Linker Version : 6.0 Code Size : 8192 Initialized Data Size : 8192 Uninitialized Data Size : 0 Entry Point : 0x1088 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-07-05 07:21:15
VirusShare info last updated 2012-07-26 20:24:46

	MD5	b9b36c41845d4a3718d9202972aafb4b
	SHA1	0df4d916c12ba826fd9cc3b3a785c12ec3934e0b
	SHA256	342a6bdc3903b37cf9660c139c3d2bad10510898e1412557e88d63f86dd6fd9a
SSDeep	3072:RAJCdwqpFIXWorQArJKYcvZXBBhlNliM3WaEhJupbhpLq7X:KJCu4IGosAEYcvxNUYWaEmpNVq7X
Size	166400 bytes
File Type	PE32 executable (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/VB.Downloader.Gen Avast = Win32:Hosts-J [Trj] Ikarus = Trojan.Win32.Swisyn AhnLab-V3 = Trojan/Win32.Swisyn Panda = Trj/Qhost.LU Rising = Trojan.Win32.QHost.awf nProtect = Trojan/W32.QHosts.166400 K7AntiVirus = Trojan VirusBuster = Trojan.Swisyn!whPY1JLc4mw VBA32 = SScope.Trojan.VB.0609 TrendMicro-HouseCall = TROJ_FAM_00001e3.TOMA Comodo = TrojWare.Win32.Swisyn.C Emsisoft = Trojan.Win32.Swisyn!IK CAT-QuickHeal = TrojanDownloader.Ponmocup.A3 SUPERAntiSpyware = Trojan.Agent/Gen-Qhost McAfee-GW-Edition = Swisyn.s DrWeb = Trojan.Siggen.461 TrendMicro = TROJ_FAM_00001e3.TOMA Kaspersky = Trojan.Win32.Swisyn.jyb Microsoft = TrojanDownloader:Win32/Ponmocup.A ViRobot = Trojan.Win32.Swisyn.65024 Fortinet = W32/Swisyn.CQV!tr PCTools = Malware.Changeup TotalDefense = Win32/Swisyn.R Jiangmin = Trojan/Swisyn.cby McAfee = Swisyn.s ClamAV = Trojan.VB-43290 F-Secure = Trojan.Qhosts.AVO VIPRE = Trojan.Win32.Swisyn.jyb (v) F-Prot = W32/Swisyn.E.gen!Eldorado AVG = Dropper.VB.CMD Norman = W32/DLoader.ACMAD Sophos = Mal/Swisyn-D GData = Trojan.Qhosts.AVO Symantec = W32.Changeup!gen Commtouch = W32/Swisyn.E.gen!Eldorado TheHacker = Trojan/Swisyn.jyb BitDefender = Trojan.Qhosts.AVO NOD32 = Win32/Qhost.NRX
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:13 10:28:38-04:00 PE Type : PE32 Linker Version : 6.0 Code Size : 8192 Initialized Data Size : 8192 Uninitialized Data Size : 0 Entry Point : 0x1088 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-07-05 04:00:05
VirusShare info last updated 2012-07-26 20:34:04

	MD5	bc28e02dca28cf1da242ad476f8f7986
	SHA1	447a1b71b4e0d6de5e2a6d43d7cf00ef742b077b
	SHA256	784ed85739f60b47ac3e0db70d890d1ff87891341c61138511f78801ffe9ccba
SSDeep	6144:/PH3UairUacadWcpAHjivZJGK2mSocUWmebNBmnQ+w6NW9oMpjCWFCn5McPFnb/:nEomWciHjIRCUkBBR+wCMoY2WFCmIFnT
Size	385478 bytes
File Type	PE32 executable (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Crypt.ZPACK.Gen2 Avast = Win32:Vundo-JU [Trj] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.FakeAV Panda = Trj/CI.A nProtect = Trojan.Generic.5741135 K7AntiVirus = Riskware VirusBuster = Trojan.Agent!1NLcSVtF1mw TrendMicro-HouseCall = TROJ_GEN.R0ECCEM Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = TrojanDownloader.Ponmocup McAfee-GW-Edition = Downloader.a!bnw DrWeb = Trojan.DownLoader4.63979 TrendMicro = TROJ_GEN.R0ECCEM Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Kryptik.ANL!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.edsa McAfee = Downloader.a!bnw F-Secure = Trojan:W32/Ponmocup.A VIPRE = Trojan.Win32.Generic!BT F-Prot = W32/Ponmocup.A.gen!Eldorado AVG = Startpage.NQX Norman = W32/Obfuscated_L.JB Sophos = Mal/Ponmocup-A GData = Trojan.Generic.5741135 Symantec = Trojan.Gen Commtouch = W32/Ponmocup.A.gen!Eldorado TheHacker = Trojan/Pirminay.enq BitDefender = Trojan.Generic.5741135 NOD32 = Win32/Qhost.NRX
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2002:09:01 22:59:25-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 364544 Initialized Data Size : 335872 Uninitialized Data Size : 0 Entry Point : 0x5625f OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 4.82.28.56 Product Version Number : 4.82.28.56 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 6 Language Code : Neutral Character Set : Unicode Company Name : Broadcom Gzbvnflbper File Description : BCM 802.11g Network Adapter wireless driver File Version : 4.82.28.56 built by: WinDDK Internal Name : bcmwl6.sys Legal Copyright : 1998-2006, Broadcom Corporation All Rights Reserved. Original Filename : bcmwl6.sys Product Name : BCM 802.11g Network Adapter wireless driver Product Version : 4.82.28.56
VirusTotal Report submitted 2012-07-06 02:56:32
VirusShare info last updated 2012-07-26 20:34:36

	MD5	c9a9a1375a5b0e4629436c5126bc7de7
	SHA1	f66cab6e0b55be241c9df754e29b6b8185ec4204
	SHA256	a32e0c9492b5f05f409cf4c56b3aabdd529965288bb793515d660d6eb9acaa5f
SSDeep	6144:K9Wo3oBIuIbUf0ktBOKzfXYsMD7+zYBqQ1AD4dYAuvn:KweprYD2KzXYsQ7+zYt1Y6uv
Size	304291 bytes
File Type	MS-DOS executable
Detections	Avast = Win32:Trojan-gen Ikarus = Trojan-Downloader.Win32.Ponmocup AhnLab-V3 = Trojan/Win32.Pirminay nProtect = Trojan.Generic.KDV.62138 K7AntiVirus = Trojan VBA32 = Trojan.Pirminay.aza TrendMicro-HouseCall = TROJ_PIRMINAY_0000010.TOMA Emsisoft = Trojan-Downloader.Win32.Ponmocup!IK SUPERAntiSpyware = Trojan.Agent/Gen-Pirminaya Kaspersky = Trojan.Win32.Pirminay.aza ViRobot = Trojan.Win32.Pirminay.326144 Jiangmin = Trojan/Pirminay.fl F-Secure = Trojan.Generic.KDV.62138 F-Prot = W32/Graftor.H.gen!Eldorado AVG = FakeAV.FEI GData = Trojan.Generic.KDV.62138 Commtouch = W32/Graftor.H.gen!Eldorado TheHacker = Trojan/Kryptik.hzv BitDefender = Trojan.Generic.KDV.62138 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	Error : Unknown file type
VirusTotal Report submitted 2012-07-08 08:00:56
VirusShare info last updated 2012-07-26 20:38:38

	MD5	d9f6dff5a9154ae84909f03cc0f07236
	SHA1	ca6243c46355adebcabaa15493efef90429fdb98
	SHA256	e54cf4f4e938a2143b3aa55c0d7866d92a125568fb636100aac8f565e7a9402c
SSDeep	3072:R+JCdwqpFIXWorQArJKYcvZXBBhlNliM3WaEhJupbhpLq7X:gJCu4IGosAEYcvxNUYWaEmpNVq7X
Size	166400 bytes
File Type	PE32 executable (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/VB.Downloader.Gen Avast = Win32:Hosts-J [Trj] Ikarus = Trojan.Win32.Swisyn AhnLab-V3 = Trojan/Win32.Swisyn Panda = Trj/Qhost.LU Rising = Trojan.Win32.QHost.awf nProtect = Trojan/W32.QHosts.166400 K7AntiVirus = Trojan VirusBuster = Trojan.Swisyn!whPY1JLc4mw VBA32 = SScope.Trojan.VB.0609 TrendMicro-HouseCall = TROJ_FAM_00001e3.TOMA Emsisoft = Trojan.Win32.Swisyn!IK Comodo = TrojWare.Win32.Swisyn.C CAT-QuickHeal = TrojanDownloader.Ponmocup.A3 SUPERAntiSpyware = Trojan.Agent/Gen-Qhost McAfee-GW-Edition = Swisyn.s DrWeb = Trojan.Siggen.461 TrendMicro = TROJ_FAM_00001e3.TOMA Kaspersky = Trojan.Win32.Swisyn.jyb Microsoft = TrojanDownloader:Win32/Ponmocup.A ViRobot = Trojan.Win32.Swisyn.65024 Fortinet = W32/Swisyn.CQV!tr PCTools = Malware.Changeup TotalDefense = Win32/Swisyn.R Jiangmin = Trojan/Swisyn.cby McAfee = Swisyn.s ClamAV = Trojan.VB-43290 F-Secure = Trojan.Qhosts.AVO VIPRE = Trojan.Win32.Swisyn.jyb (v) F-Prot = W32/Swisyn.E.gen!Eldorado AVG = Dropper.VB.CMD Norman = W32/DLoader.ACMAD Sophos = Mal/Swisyn-D GData = Trojan.Qhosts.AVO Symantec = W32.Changeup!gen Commtouch = W32/Swisyn.E.gen!Eldorado TheHacker = Trojan/Swisyn.jyb BitDefender = Trojan.Qhosts.AVO NOD32 = Win32/Qhost.NRX
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:13 10:28:38-04:00 PE Type : PE32 Linker Version : 6.0 Code Size : 8192 Initialized Data Size : 8192 Uninitialized Data Size : 0 Entry Point : 0x1088 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-07-08 20:38:15
VirusShare info last updated 2012-07-26 20:42:08

	MD5	fcfe1a0a5fa5993f25db155b85cb9051
	SHA1	2c2bb437b9093db6da36dfb503f8d59902ba0508
	SHA256	6e6a38932295d49170281eaf767f28e682840adf630840656cbd5bc8c6ba65b7
SSDeep	6144:c19zHEQWexIGeWV3anZOxJGpn/34tgF405yTigTkhqI9cBJBYPWpkLfYDs:crkHexIdwaAJW/otg405yT7khuBJB2x
Size	349158 bytes
File Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Detections	AntiVir = TR/Dldr.Ponmocup.A.285 Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/CI.A nProtect = Trojan.Generic.6188836 K7AntiVirus = Riskware VirusBuster = Trojan.Agent!P9RoGxLE2bg VBA32 = TrojanDownloader.Agent.pxo TrendMicro-HouseCall = TROJ_GEN.R4FC1IK Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK McAfee-GW-Edition = Downloader.a!if DrWeb = Trojan.DownLoader3.31121 TrendMicro = TROJ_GEN.R4FC1IK Kaspersky = UDS:DangerousObject.Multi.Generic Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Kryptik.ANL!tr PCTools = Downloader.Generic Jiangmin = Trojan/Pirminay.ame McAfee = Downloader.a!if F-Secure = Trojan.Generic.6188836 VIPRE = FraudTool.Win32.AVSoft (v) AVG = SHeur3.CELY Norman = W32/Suspicious_Gen2.QGOYN Sophos = Mal/Generic-L GData = Trojan.Generic.6188836 Symantec = Downloader TheHacker = Trojan/Pirminay.ifp BitDefender = Trojan.Generic.6188836 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2007:01:23 17:34:15-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 348160 Initialized Data Size : 4096 Uninitialized Data Size : 475136 Entry Point : 0xc9510 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2001.12.4414.42 Product Version Number : 3.0.0.4414 File Flags Mask : 0x003f File Flags : Special build File OS : Win32 Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Windows, Latin1 Company Name : Hovobxtio Bfnyvtepbwj File Version : 2001.12.4414.42 Internal Name : MTXREPL.EXE Legal Copyright : Copyright (C) Qzjxyowrw Corp. 1995-1999 Legal Trademarks : Iwuvusifc(R) is a registered trademark of Suskizwir Rbexstccxuz. Xgipaqk(TM) is a trademark of Anlmmsrta Vgtryincodh Product Name : COM Services Product Version : 03.00.00.4414
VirusTotal Report submitted 2012-07-06 00:05:08
VirusShare info last updated 2012-07-26 20:49:02

	MD5	dc37749e2622b5a23aab7bf94407d3c3
	SHA1	1168cad1d39f3ef7d54cb95a803df90deea698a1
	SHA256	bdee9865d5b20100377b2084f487edaedbec55cc2de60892c90132f179db5b34
SSDeep	12288:iVGLXwTmLJgsoy7Z18prviMci/5+ELaT/zMAgNeRkqNF52T1sM5I3:AOJgsH6r3ci/5+ZEAgNe6x5p5I3
Size	757760 bytes
File Type	PE32 executable (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Spy.757760.99 Avast = Win32:Spyware-gen [Spy] Ikarus = Trojan.Win32.Pirminay TrendMicro-HouseCall = TROJ_GEN.R47H1I4 Emsisoft = Trojan.Win32.Pirminay!IK Comodo = TrojWare.Win32.Trojan.Agent.Gen Kaspersky = Trojan.Win32.Pirminay.shu ViRobot = Trojan.Win32.A.Pirminay.757760.A F-Secure = Gen:Variant.Zusy.17555 VIPRE = Trojan.Win32.Generic!BT AVG = Win32/Cryptor Norman = W32/Suspicious_Gen5.GVLH GData = Gen:Variant.Zusy.17555 ESET-NOD32 = Win32/Ponmocup.AA BitDefender = Gen:Variant.Zusy.17555
ExIF Data	File Size : 740 kB File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2010:05:05 09:12:47-04:00 PE Type : PE32 Linker Version : 6.0 Code Size : 155648 Initialized Data Size : 602112 Uninitialized Data Size : 0 Entry Point : 0x21c53 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-09-06 19:35:54
VirusShare info last updated 2012-09-09 22:00:46

	MD5	3bbfca97d5333c8ee1874eddffc136d6
	SHA1	1ee3ddad7013769d1260df2cf2dd2b645b478ea0
	SHA256	419f8ee660796deabebccaa87f8570f9659c9e146eb57f14b4fcd935d3c8478f
SSDeep	1536:guZdKfrjQ4t4ztAoCQIZfnCaxoVb8Wji67:JZgjZtqAogRn3yb8Wji
Size	70656 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Crypt.XPACK.Gen Avast = Win32:MalOb-HV [Cryp] Antiy-AVL = Trojan/win32.agent Ikarus = Trojan.SuspectCRC AhnLab-V3 = Adware/Win32.SuperJuan Panda = Trj/Genetic.gen nProtect = Trojan/W32.Agent.70656.UN K7AntiVirus = Riskware VBA32 = Trojan.Genome.aagto eTrust-Vet = Win32/Vundo.K!generic TrendMicro-HouseCall = TROJ_GEN.R01CELK Emsisoft = Trojan.SuspectCRC!IK Comodo = TrojWare.Win32.Kryptik.UER CAT-QuickHeal = Trojan.Vundo.Gen SUPERAntiSpyware = Trojan.Agent/Gen-Ponmocup McAfee-GW-Edition = Generic.dx!bcgv TrendMicro = TROJ_GEN.R01CELK Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.UER!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.reyi McAfee = Generic.dx!bcgv F-Secure = Gen:Variant.Graftor.2702 VIPRE = Trojan.Win32.Encpk.acf (v) eSafe = Win32.TRCrypt.XPACK F-Prot = W32/TDSS.S.gen!Eldorado AVG = Generic25.AIIR Norman = W32/Suspicious_Gen2.UGDQC GData = Gen:Variant.Graftor.2702 Symantec = Trojan.Gen.2 Commtouch = W32/TDSS.S.gen!Eldorado TheHacker = Trojan/Ponmocup.aa BitDefender = Gen:Variant.Graftor.2702 NOD32 = Win32/Ponmocup.AA
ExIF Data	File Size : 69 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 28672 Initialized Data Size : 49152 Uninitialized Data Size : 0 Entry Point : 0x15c5 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.3.3790.1830 Product Version Number : 5.3.3790.1830 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Microsoft DirectPlay File Version : 5.3.3790.1830 (srv03_sp1_rtm.050324-1447) Internal Name : dpnet.dll Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : dpnet.dll Product Name : Microsoft(R) Windows(R) Operating System Product Version : 5.3.3790.1830
VirusTotal Report submitted 2012-03-04 05:02:42
VirusShare info last updated 2012-09-13 09:45:42

	MD5	71b74b9ec01e5ec18fe0f44101b2ab52
	SHA1	13af06ab393b873c208e155b891420de65c64bb3
	SHA256	2fa3a5e9f4fbadaa0002cb67baad43a8fbdb5cc9746d3694a80e392eab2132c1
SSDeep	384:9pQvRdd0GodCnzwM+ERMnfC7MTFD4fkAN6+7L5yt3vGu1HTp1oefD4rXiL7v4:9fGRnH+EW8SFyZ5ypvG4fo+D4+L7A
Size	35899 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Spy.Gen Avast = Win32:Pirminay-EE [Trj] Ikarus = not-a-virus:AdWare.Win32.SuperJuan AhnLab-V3 = Trojan/Win32.Variant Panda = Trj/CI.A Rising = Trojan.Win32.Generic.12C1B873 K7AntiVirus = Riskware VirusBuster = Trojan.Ponmocup!i4vri6gVb74 VBA32 = AdWare.SuperJuan.heur TrendMicro-HouseCall = TROJ_GEN.R01CDDJ Emsisoft = Riskware.AdWare.Win32.SuperJuan!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Generic PUP.x!b2b DrWeb = Trojan.WinSpy.1558 TrendMicro = TROJ_GEN.R01CDDJ Kaspersky = not-a-virus:AdWare.Win32.SuperJuan.heur Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Ponmocup.AA Jiangmin = Adware/SuperJuan.hk McAfee = Generic PUP.x!b2b F-Secure = Gen:Variant.Vundo.10 VIPRE = Trojan.Win32.Vundo eSafe = Win32.TRSpy AVG = Generic28.CPG GData = Gen:Variant.Vundo.10 Symantec = Trojan.Gen BitDefender = Gen:Variant.Vundo.10 NOD32 = a variant of Win32/Ponmocup.AA
ExIF Data	File Size : 35 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 12288 Initialized Data Size : 28672 Uninitialized Data Size : 0 Entry Point : 0x2fda OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-04-26 23:41:39
VirusShare info last updated 2012-09-13 19:11:23

	MD5	a6e3f36732f8e44f0adab7262bac122a
	SHA1	dfd1e9d1c11daa4d1e9e92cf0833f37bda100186
	SHA256	14e35a9b8627131a4b02d81880bc7051fbfef6b9c27c1d08c69ac260a53205e5
SSDeep	768:V2Gn75qznkWJIB/JBoTOZgTHmCX8j8d5qEKW:dkznkGIB/vzZs5zgEKW
Size	34743 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Spy.Gen Avast = Win32:Pirminay-EE [Trj] Ikarus = not-a-virus:AdWare.Win32.SuperJuan Panda = Suspicious file K7AntiVirus = Riskware VirusBuster = Adware.Virtumonde!K4kuc5IXRQo VBA32 = AdWare.SuperJuan.heur TrendMicro-HouseCall = TROJ_GEN.R4FC2H1 Comodo = UnclassifiedMalware Emsisoft = Riskware.AdWare.Win32.SuperJuan!IK McAfee-GW-Edition = Artemis!A6E3F36732F8 DrWeb = Trojan.WinSpy.1558 TrendMicro = TROJ_GEN.R4FC2H1 Kaspersky = not-a-virus:AdWare.Win32.SuperJuan.heur Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Vundo.JT!tr Jiangmin = Adware/SuperJuan.hk McAfee = Artemis!A6E3F36732F8 ClamAV = PUA.Win32.Packer.Armadillo-93 F-Secure = Gen:Variant.Vundo.10 VIPRE = Trojan.Win32.Vundo eSafe = Win32.TRSpy AVG = Generic24.CFPK Norman = W32/Suspicious_Gen2.QPIOQ GData = Gen:Variant.Vundo.10 BitDefender = Gen:Variant.Vundo.10 NOD32 = a variant of Win32/Ponmocup.AA
ExIF Data	File Size : 34 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 8704 Initialized Data Size : 23552 Uninitialized Data Size : 0 Entry Point : 0x30aa OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-06-08 10:18:44
VirusShare info last updated 2012-09-14 01:58:43

	MD5	da25ade9af37a4b987788bbc6269fb31
	SHA1	22800543c938d31b7cd6804039a606f6880a5d3e
	SHA256	41d42534ade75c92117424478aa1189d8de7f12da1ef61c6e589bd9b828865fb
SSDeep	1536:fSQhBxT9gaYLelXktDpme8+kyloOaIuxXaEKneqFK1ajmAFbWYtALieISFjPn7:f5B9OXtDpme8+kCGXdKneqFK1ajmAFbs
Size	94720 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Graftor.364921 Avast = Win32:Trojan-gen Antiy-AVL = Trojan/Win32.Virtumonde.gen Ikarus = Virus.Win32.Vundo Panda = Trj/Genetic.gen Rising = Trojan.Win32.Ponmocup.a K7AntiVirus = Riskware VirusBuster = Trojan.Ponmocup!o7c3/JArbpc TrendMicro-HouseCall = TROJ_GEN.RC1C7L8 Emsisoft = Virus.Win32.Vundo!IK Comodo = TrojWare.Win32.Ponmocup.aa SUPERAntiSpyware = Trojan.Agent/Gen-Kundo McAfee-GW-Edition = Artemis!DA25ADE9AF37 DrWeb = Trojan.WinSpy.1558 TrendMicro = TROJ_GEN.RC1C7L8 Kaspersky = HEUR:Trojan.Win32.Generic ViRobot = Trojan.Win32.A.Virtumonde.94720.A Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.UER!tr TotalDefense = Win32/Vundo.HTS!genus Jiangmin = Trojan/Virtumonde.akp McAfee = Artemis!DA25ADE9AF37 F-Secure = Gen:Variant.Graftor.3649 VIPRE = Trojan.Win32.Encpk.acf (v) eSafe = Win32.TRGraftor AVG = Generic25.BOQO Norman = W32/Suspicious_Gen2.TZLYF Sophos = Mal/EncPk-ACF GData = Gen:Variant.Graftor.3649 TheHacker = Trojan/Ponmocup.aa ESET-NOD32 = Win32/Ponmocup.AA BitDefender = Gen:Variant.Graftor.3649
ExIF Data	File Size : 92 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:24 20:35:19-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 20480 Initialized Data Size : 81920 Uninitialized Data Size : 0 Entry Point : 0x1422 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1.3.0.2 Product Version Number : 1.3.0.2 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : Arabic Character Set : Windows, Arabic Company Name : Brother Industries Ltd. File Description : ‎‎برنامج تشغيل فئة Brother Parallel File Version : 1.03 Internal Name : BrParWdm.sys Legal Copyright : Copyright © Brother Industries Ltd., 2001-2003 Original Filename : BrParWdm.sys Product Name : Brother Parallel class Driver Product Version : 1.03
VirusTotal Report submitted 2012-08-26 23:32:20
VirusShare info last updated 2012-09-14 11:42:28

	MD5	660ab6c70fdf3e72b71b771855a9e0e4
	SHA1	21686ab5cf58810efbe80371b16635a93723eace
	SHA256	16396df3ef85b0e3bd2660cc2bb60d1eefff15c7d12ae26c97c667cb89b20086
SSDeep	768:StGp5XZx7Lb2sLygGYIsP/h86OCDGsuS9fHrvENYOsIXql42V6P5PXVuZbq82XXx:ZjZx7Lb2sLnGYJtDG0fHrwkZI7XY0Jt
Size	66048 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Graftor.36492 Avast = Win32:Suprchu [Adw] Antiy-AVL = Trojan/Win32.Genome Ikarus = Win32.SuspectCrc Rising = Trojan.Win32.Ponmocup.a K7AntiVirus = Riskware VirusBuster = Trojan.Ponmocup!L9ZtbvwDhHM TrendMicro-HouseCall = TROJ_GEN.R01C8KU Emsisoft = Win32.SuspectCrc!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Artemis!660AB6C70FDF TrendMicro = TROJ_GEN.R01C8KU Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.TMS!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.K!generic Jiangmin = Trojan/Genome.aong McAfee = Artemis!660AB6C70FDF F-Secure = Gen:Variant.Barys.1086 VIPRE = Trojan.Win32.Encpk.acf (v) eSafe = Win32.TRCrypt.XPACK F-Prot = W32/GenTroj.A.gen!Eldorado AVG = Generic25.SIY Norman = W32/Suspicious_Gen2.STHVQ Sophos = Troj/Virtum-Gen Symantec = Trojan.Gen.2 GData = Gen:Variant.Barys.1086 Commtouch = W32/GenTroj.A.gen!Eldorado BitDefender = Gen:Variant.Barys.1086 NOD32 = Win32/Ponmocup.AA
ExIF Data	File Size : 64 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 20480 Initialized Data Size : 53248 Uninitialized Data Size : 0 Entry Point : 0x1406 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.3.2900.2180 Product Version Number : 6.3.2900.2180 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Intel Oyszaauhfca File Description : Intel Procedural Textures File Version : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) Internal Name : PROCTEXE Legal Copyright : (C) 1997 Intel Hhcqprkxttd. All rights reserved Original Filename : PROCTEXE.OCX Product Name : Ijqfxunjr® Mmupsbg® Dmgfihrfx Trqcdh Product Version : 6.00.2900.2180
VirusTotal Report submitted 2012-06-17 00:49:37
VirusShare info last updated 2012-09-15 13:31:21

	MD5	c1505343c42575c50f5828111659c3b1
	SHA1	822a94e5e1df31e1bc42c2951d0f287b08b54e1e
	SHA256	170dcafa1a7f074d9cb7c785d6affdef547fb0b6bb9a2f4ac50c5efda6b10fd8
SSDeep	1536:ygQxQWmW7OLyITibDCmhDtnBwS6Ez4Unzto9yH:KmPkbDrBwST0Unzto9+
Size	62976 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Crypt.XPACK.Gen Avast = Win32:Suprchu [Adw] Antiy-AVL = Trojan/Win32.Genome Ikarus = Trojan.SuspectCRC AhnLab-V3 = Trojan/Win32.Gen Panda = Generic Trojan nProtect = Gen:Variant.Graftor.1470 K7AntiVirus = Riskware VirusBuster = Trojan.Ponmocup!q4XxkLG/WVU VBA32 = AdWare.Zwangi.heur TrendMicro-HouseCall = TROJ_GEN.R47C7KF Comodo = UnclassifiedMalware Emsisoft = Trojan.SuspectCRC!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Vundo!mz DrWeb = Trojan.Click2.3941 TrendMicro = TROJ_GEN.R47C7KF Kaspersky = not-a-virus:AdWare.Win32.Zwangi.heur Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.TMS!tr PCTools = Trojan.Gen Jiangmin = DangerousObject.Multi.ciw McAfee = Vundo!mz F-Secure = Gen:Variant.Graftor.1470 VIPRE = Virtumonde eSafe = Win32.Trojan F-Prot = W32/GenTroj.A2.gen!Eldorado AVG = Generic25.OVJ Norman = W32/Suspicious_Gen2.SNDJR Sophos = Troj/Virtum-Gen GData = Gen:Variant.Graftor.1470 Symantec = Trojan.Gen.2 Commtouch = W32/GenTroj.A2.gen!Eldorado TheHacker = Trojan/Kryptik.tms BitDefender = Gen:Variant.Graftor.1470 NOD32 = Win32/Ponmocup.AA
ExIF Data	File Size : 62 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 20480 Initialized Data Size : 45056 Uninitialized Data Size : 0 Entry Point : 0x13fa OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 4.0.2.5322 Product Version Number : 4.0.2.5322 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Qdbfzycxo Rtfcqvbydtc File Description : Sgvulzfhl FrontPage Server Extensions File Version : 4.0.2.5322 Original Filename : FPSRVCGI.DLL Legal Copyright : Copyright © 1995-1999 Uzypupxfq Ydifxcetqhs, All rights reserved. Legal Trademark 1 : Geufhchds®, Cnnybtq®, and FrontPage® are registered trademarks of Rbldknznv Wuoyggdncet, and WebBot is a trademark of Jcrtubsue Krpfywyhhkc, in the United States and/or other countries. Product Name : Npgutefmg® FrontPage® 2000 Product Version : 4.0.2.5322
VirusTotal Report submitted 2011-12-14 16:19:54
VirusShare info last updated 2012-09-15 19:37:40

	MD5	2d67f37242f7ea203e722af33c695265
	SHA1	bbdfb13b7a95ca4e59ffe43883997d7af22fb8cd
	SHA256	19c38c77abda6880e05fbde5b7ec6baa638d1871fa9ff50e9c1b9b46731feea5
SSDeep	1536:QPHFCdJV7mL0GTX065D7VYHR2GVwXdq/ClvoRsF4t:7dXmaoD7VOR2joovouF4
Size	62464 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Crypt.XPACK.Gen Avast = Win32:Suprchu [Adw] Antiy-AVL = Trojan/Win32.Genome Ikarus = Win32.SuspectCrc AhnLab-V3 = Trojan/Win32.HDC Panda = Suspicious file Rising = Trojan.Win32.Ponmocup.a K7AntiVirus = Riskware VirusBuster = Trojan.Ponmocup!5Kq1WsvCZcU TrendMicro-HouseCall = TROJ_SPNR.15A012 Emsisoft = Win32.SuspectCrc!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Generic.dx!bb3f TrendMicro = TROJ_SPNR.15A012 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.TMS!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.K!generic Jiangmin = Trojan/Generic.rmfm McAfee = Generic.dx!bb3f F-Secure = Gen:Variant.Graftor.1470 VIPRE = Trojan.Win32.Encpk.acf (v) F-Prot = W32/GenTroj.A.gen!Eldorado AVG = Generic25.OXV Norman = W32/Krypt.BP Sophos = Troj/Virtum-Gen GData = Gen:Variant.Graftor.1470 Symantec = Trojan.Gen.2 Commtouch = W32/GenTroj.A.gen!Eldorado TheHacker = Trojan/Ponmocup.aa BitDefender = Gen:Variant.Graftor.1470 NOD32 = Win32/Ponmocup.AA
ExIF Data	File Size : 61 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 20480 Initialized Data Size : 45056 Uninitialized Data Size : 0 Entry Point : 0x140e OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 4.30.62.2 Product Version Number : 4.30.62.2 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Intel Zqthudsgrwd. File Description : Intel Indeo® Video Interactive Quick Compressor File Version : 4.30.62.02 Internal Name : ir41_qc Legal Copyright : Copyright© Intel Ebzdmvutkce 1994-1997 Legal Trademarks : Indeo® is a registered trademark of Intel Corporation Original Filename : ir41_qc.dll Product Name : Intel Indeo® Video Interactive Quick Compressor Product Version : 4.30.62.02
VirusTotal Report submitted 2012-06-16 20:37:51
VirusShare info last updated 2012-09-16 17:03:32

	MD5	587792d9b1711cbdc54d88f929f30d02
	SHA1	62c2bd68187588e90603724efead0bf74c8b18c9
	SHA256	5a00b2760f62f63493daa628b3e292c45af5a6aed14e050890a3389f1a09fd0f
SSDeep	768:UH2q0dGT0WBC0fT2IHM/I1PzKAtriok8h/Sf0Wl:TLdDYb2IvjHhG
Size	34111 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Spy.Gen Avast = Win32:Pirminay-EE [Trj] Antiy-AVL = AdWare/Win32.SuperJuan Ikarus = not-a-virus:AdWare.Win32.SuperJuan AhnLab-V3 = Trojan/Win32.Variant Panda = Generic Malware Rising = Trojan.Win32.Generic.12BD12FC K7AntiVirus = Riskware VBA32 = AdWare.SuperJuan.heur TrendMicro-HouseCall = TROJ_GEN.R47C7CT Comodo = UnclassifiedMalware Emsisoft = Riskware.AdWare.Win32.SuperJuan!IK McAfee-GW-Edition = Generic PUP.z!mw DrWeb = Trojan.WinSpy.1558 TrendMicro = TROJ_GEN.R47C7CT Kaspersky = not-a-virus:AdWare.Win32.SuperJuan.heur Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Ponmocup.AA Jiangmin = Adware/SuperJuan.hk McAfee = Generic PUP.z!mw F-Secure = Gen:Variant.Vundo.10 VIPRE = Trojan.Win32.Vundo AVG = Generic27.BGJR Norman = W32/Troj_Generic.ASYIS GData = Gen:Variant.Vundo.10 TheHacker = Trojan/Ponmocup.aa BitDefender = Gen:Variant.Vundo.10 NOD32 = a variant of Win32/Ponmocup.AA
ExIF Data	File Size : 33 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 8192 Initialized Data Size : 28672 Uninitialized Data Size : 0 Entry Point : 0x2f3a OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-04-10 11:29:45
VirusShare info last updated 2012-09-16 21:53:03

	MD5	a7b41285656dbf68e04be410b977f6b8
	SHA1	4e654916382f22f91173f120d7482e58dc4372b9
	SHA256	461d6f3204c7988fb86e54601653e3d3448f888e5743222cfbd8247fa59d6228
SSDeep	1536:fSQhBxT9gaYLelX2tDHN6CEHs6JMkM4XgXEKneqFK1ajmAFbWYtALieISFjPn7:f5B9OJtDHNhEMG5XXKneqFK1ajmAFbWx
Size	94720 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Graftor.364921 Avast = Win32:Trojan-gen Ikarus = Virus.Win32.Vundo AhnLab-V3 = Trojan/Win32.HDC Panda = Suspicious file Rising = Trojan.Win32.Ponmocup.a K7AntiVirus = Riskware VirusBuster = Trojan.Ponmocup!O0eSOnkf96o TrendMicro-HouseCall = TROJ_GEN.R47C7KL Emsisoft = Virus.Win32.Vundo!IK Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Kundo McAfee-GW-Edition = Vundo!nl TrendMicro = TROJ_GEN.R47C7KL Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV ViRobot = Trojan.Win32.A.Virtumonde.94720.A Fortinet = W32/Kryptik.UER!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.HTS!genus Jiangmin = Trojan/Virtumonde.akp McAfee = Vundo!nl F-Secure = Gen:Variant.Graftor.3649 VIPRE = Trojan.Win32.Encpk.acf (v) eSafe = Win32.GenVariant.Gra AVG = Generic25.BOQO Norman = W32/Suspicious_Gen2.STYPX Sophos = Mal/EncPk-ACF GData = Gen:Variant.Graftor.3649 Symantec = Trojan.Gen.2 TheHacker = Trojan/Ponmocup.aa BitDefender = Gen:Variant.Graftor.3649 NOD32 = Win32/Ponmocup.AA
ExIF Data	File Size : 92 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:24 20:35:19-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 20480 Initialized Data Size : 81920 Uninitialized Data Size : 0 Entry Point : 0x1422 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1.3.0.2 Product Version Number : 1.3.0.2 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : Arabic Character Set : Windows, Arabic Company Name : Brother Industries Ltd. File Description : ‎‎برنامج تشغيل فئة Brother Parallel File Version : 1.03 Internal Name : BrParWdm.sys Legal Copyright : Copyright © Brother Industries Ltd., 2001-2003 Original Filename : BrParWdm.sys Product Name : Brother Parallel class Driver Product Version : 1.03
VirusTotal Report submitted 2012-05-31 20:23:42
VirusShare info last updated 2012-09-17 09:10:11

	MD5	efa37190b3771a8827e940a928d505b1
	SHA1	0a45d8cf7fcb50d3b483bf1a8f1f956117e66cd3
	SHA256	465ba70cee265e2d17a71d0b6c44456331009214e61fd3968416174f29d1e67d
SSDeep	1536:+a12aaa6VELWpdeuGhvPH6o2IYR32a3CJkcVQ2++63gd/sVw/Byne6ouAuZMDf:+aoaaDVfyPH6oTa37c+2OgKVwJao7ueb
Size	91722 bytes
File Type	PE32 executable (GUI) Intel 80386, for MS Windows
Detections	Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Gen Panda = Trj/CI.A nProtect = Trojan.Generic.KDV.202902 McAfee-GW-Edition = Artemis!EFA37190B377 PCTools = Trojan.Gen Jiangmin = Trojan/Pirminay.vf McAfee = Artemis!EFA37190B377 F-Secure = Trojan.Generic.KDV.202902 Avast5 = Win32:Malware-gen AVG = SHeur3.BWPL Sophos = Mal/Ponmocup-A Symantec = Trojan.Gen.2 GData = Trojan.Generic.KDV.202902 Commtouch = W32/GenBl.EFA37190!Olympus TheHacker = Trojan/Pirminay.gad BitDefender = Trojan.Generic.KDV.202902
ExIF Data	File Size : 90 kB File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2009:07:12 02:03:08-04:00 PE Type : PE32 Linker Version : 9.0 Code Size : 36864 Initialized Data Size : 622592 Uninitialized Data Size : 0 Entry Point : 0x6bd2 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI Warning : Error processing PE data dictionary
VirusTotal Report submitted 2011-05-14 09:55:39
VirusShare info last updated 2012-09-17 20:15:29

	MD5	b7200b6c6d3c2ebe985ec93c1ec2adb7
	SHA1	194b9898c39eb821322866b94ce8791c96977209
	SHA256	4568c57e840f63efa281b9047acc070df2d7f89527c34a652966c3d4f8d2625d
SSDeep	6144:t4r6oHkCW5RJ0ENsJrmNKGbqfIFxpD9jFlQFTMGDpv0R9YLMk:t4rTHkCyJWJSl8IVxQ1bRc9Yp
Size	401247 bytes
File Type	PE32 executable (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Spy.ZBot.34.16 Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.FakeAV Panda = Suspicious file K7AntiVirus = Riskware Emsisoft = Trojan.Win32.Pirminay!IK Comodo = TrojWare.Win32.Trojan.Agent.Gen Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Kryptik.ANL!tr Jiangmin = Trojan/Pirminay.qz F-Secure = Gen:Variant.Zbot.34 VIPRE = Trojan.Win32.Generic!BT F-Prot = W32/Ponmocup.A.gen!Eldorado AVG = Downloader.Generic11.WYS Sophos = Mal/Ponmocup-A GData = Gen:Variant.Zbot.34 Commtouch = W32/Ponmocup.A.gen!Eldorado TheHacker = Trojan/Pirminay.etq ESET-NOD32 = Win32/TrojanDownloader.Agent.PXO BitDefender = Gen:Variant.Zbot.34
ExIF Data	File Size : 392 kB File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:09:23 09:37:55-04:00 PE Type : PE32 Linker Version : 5.12 Code Size : 389120 Initialized Data Size : 290816 Uninitialized Data Size : 0 Entry Point : 0x5c06f OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : VDM Parallel Driver File Version : 5.1.2600.0 (XPClient.010817-1148) Internal Name : parvdm.sys Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : parvdm.sys Product Name : Microsoft® Windows® Operating System Product Version : 5.1.2600.0
VirusTotal Report submitted 2012-09-17 15:20:45
VirusShare info last updated 2012-09-18 02:08:10

	MD5	e6aec4f6064cabe724ef3e5e0d0e66c8
	SHA1	449f3510fe015616a4910df71b09a63e6fb62b8e
	SHA256	4975f81fe04fc1c9d1a10ba252a5433d6cfe0ae4d52fff98949007c82c3f4e22
SSDeep	768:OUGkZ49W3TzS9r4i607jUDHwNkCw4kkTRXOo:Au49IzS98i6wjBknQo
Size	35823 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Spy.Gen Avast = Win32:Pirminay-EE [Trj] Antiy-AVL = AdWare/Win32.SuperJuan Ikarus = not-a-virus:AdWare.Win32.SuperJuan AhnLab-V3 = Trojan/Win32.Variant Panda = Trj/Genetic.gen K7AntiVirus = Adware VirusBuster = Adware.Virtumonde!ZXRDCnGw74M VBA32 = AdWare.SuperJuan.heur TrendMicro-HouseCall = TROJ_GEN.R4FC2H5 Emsisoft = Riskware.AdWare.Win32.SuperJuan!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Generic PUP.x!pl DrWeb = Trojan.WinSpy.1558 Kaspersky = not-a-virus:AdWare.Win32.SuperJuan.heur Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = Riskware/PUP_x Jiangmin = Adware/SuperJuan.hk McAfee = Generic PUP.x!pl F-Secure = Gen:Variant.Vundo.10 VIPRE = Trojan.Win32.Vundo eSafe = Win32.TRSpy AVG = Generic25.JEI Norman = W32/Suspicious_Gen2.QZHGA Symantec = WS.Reputation.1 GData = Gen:Variant.Vundo.10 TheHacker = Trojan/Ponmocup.aa ESET-NOD32 = a variant of Win32/Ponmocup.AA BitDefender = Gen:Variant.Vundo.10
ExIF Data	File Size : 35 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 8704 Initialized Data Size : 24064 Uninitialized Data Size : 0 Entry Point : 0x2f5a OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-09-12 22:13:27
VirusShare info last updated 2012-09-18 23:33:31

	MD5	231c44c20264564da048595929391f49
	SHA1	e67e1642f6257567bc460a39196cd39ad9eea175
	SHA256	d4e585c88b3e243c3635ead113a9dc3d7a89e371e0325b6031263f98541ac81e
SSDeep	1536:gAJ/c6KNBVALD5pMDp1pDoMbs6TZt+EmTaw:FqNYnMDp1eUpZtiGw
Size	61952 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Graftor.36492 Avast = Win32:MalOb-HV [Cryp] Antiy-AVL = Trojan/Win32.Genome Ikarus = Win32.SuspectCrc AhnLab-V3 = Trojan/Win32.HDC Panda = Suspicious file Rising = Trojan.Win32.Ponmocup.a K7AntiVirus = Riskware VirusBuster = Trojan.Ponmocup!srtj2uPF0jY TrendMicro-HouseCall = TROJ_GEN.R47C8L2 Emsisoft = Win32.SuspectCrc!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Generic Malware.ms TrendMicro = TROJ_GEN.R47C8L2 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.TMS!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.K!generic Jiangmin = DangerousObject.Multi.cmj McAfee = Generic Malware.ms F-Secure = Gen:Variant.Barys.1086 VIPRE = Trojan.Win32.Encpk.acf (v) AVG = Generic25.AJIE Norman = W32/Suspicious_Gen2.SUDBV Sophos = Mal/EncPk-ACF GData = Gen:Variant.Barys.1086 Symantec = Trojan.Gen.2 TheHacker = Trojan/Ponmocup.aa BitDefender = Gen:Variant.Barys.1086 NOD32 = Win32/Ponmocup.AA
ExIF Data	File Size : 60 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 20480 Initialized Data Size : 49152 Uninitialized Data Size : 0 Entry Point : 0x13ea OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Dyabxnuvt Rcsvwualtsi File Description : Gfpnrnznp Spanish Natural Language Server Data and Code File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : NlsData000a Legal Copyright : © Ifysvckps Pxkdpedcick. All rights reserved. Original Filename : NlsData000a.dll Product Name : Zgbmrnlte® Nporjni® Hrbeyapfh Zrlbnb Product Version : 6.1.7600.16385
VirusTotal Report submitted 2012-06-16 20:02:54
VirusShare info last updated 2012-09-20 11:37:40

	MD5	2f55b6aec6baa50e521619984b194ad4
	SHA1	7fd33f334640212038dd70b9d13bbc94d1ae4acf
	SHA256	914a41fd024af20d78e790764d6339bdd270d8048a39a3a7b97d8e191b4ce7ca
SSDeep	1536:w8Kzd148q7+tni93kf/ZAk0oyD3bQN9w2x24RS:mzf4+tni6ZAesM9hx2oS
Size	68608 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Crypt.ZPACK.Gen2 Avast = Win32:MalOb-HV [Cryp] Antiy-AVL = Trojan/Win32.Agent Ikarus = Trojan.SuspectCRC AhnLab-V3 = Adware/Win32.SuperJuan Panda = Generic Trojan K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!LVDQZDD4Zik VBA32 = AdWare.SuperJuan.afzl TrendMicro-HouseCall = TROJ_GEN.R06C9L7 Comodo = UnclassifiedMalware Emsisoft = Trojan.SuspectCRC!IK CAT-QuickHeal = Trojan.Vundo.Gen McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.Siggen3.63003 TrendMicro = TROJ_GEN.R06C9L7 Kaspersky = HEUR:Trojan.Win32.Generic ViRobot = Trojan.Win32.A.Agent.68608.N Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.UER!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.K!generic Jiangmin = Adware/SuperJuan.ape McAfee = Generic Malware.ms F-Secure = Gen:Variant.TDss.70 VIPRE = Trojan.Win32.Encpk.acf (v) eSafe = Win32.TRCrypt.XPACK F-Prot = W32/TDSS.S.gen!Eldorado AVG = Generic25.AJEW Norman = W32/Suspicious_Gen2.TNIUM Sophos = Mal/EncPk-ACF GData = Gen:Variant.TDss.70 Symantec = Trojan.Gen.2 Commtouch = W32/TDSS.S.gen!Eldorado BitDefender = Gen:Variant.TDss.70 NOD32 = Win32/Ponmocup.AA
ExIF Data	File Size : 67 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 28672 Initialized Data Size : 49152 Uninitialized Data Size : 0 Entry Point : 0x15d5 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Zwhsgmnro Yauxlxrziur File Description : Mselsphym® Defrag Interface proxy/stub File Version : 6.0.6000.16386 (yabky_rtm.061101-2205) Internal Name : DFRGIFCPS.DLL Legal Copyright : © Wbyoxfjpy Rzceboptpzr. All rights reserved. Original Filename : DFRGIFCPS.DLL Product Name : Lktzjwezl® Xlsepwd® Wmvujwazz Pbjbki Product Version : 6.0.6000.16386
VirusTotal Report submitted 2012-06-17 12:22:34
VirusShare info last updated 2012-09-20 18:27:03

	MD5	32a131390c0c018b512e5fa762a624f5
	SHA1	a57c507bf4a56a7be265e1c3768bcc5a15f4902a
	SHA256	c90d6880ffcaf75bd6d75c73faf76079bae79d9958792bd3c8c72e78f56fc169
SSDeep	1536:eiR1B1DuLqKaLOERR5D/C5S0PFjmaKWa2d/UQDc4Gao5gD/9SooKzs6obmO1q2DI:BuGPjR5D6RFHBUQDc4GRgD/9wTzw
Size	112128 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Crypt.XPACK.Gen Avast = Win32:Suprchu [Adw] Ikarus = Win32.SuspectCrc AhnLab-V3 = Trojan/Win32.HDC Panda = Trj/CI.A Rising = Trojan.Win32.Ponmocup.a K7AntiVirus = Riskware VirusBuster = Trojan.Ponmocup!tf5pGpGx9Bc Comodo = UnclassifiedMalware Emsisoft = Win32.SuspectCrc!IK McAfee-GW-Edition = Artemis!32A131390C0C DrWeb = Trojan.Siggen3.59899 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV ViRobot = Trojan.Win32.A.Virtumonde.112128 Fortinet = W32/Kryptik.TMS!tr Jiangmin = Trojan/Generic.rmfm McAfee = Artemis!32A131390C0C F-Secure = Gen:Variant.Graftor.1470 VIPRE = Trojan.Win32.Encpk.acf (v) F-Prot = W32/GenTroj.A.gen!Eldorado AVG = Generic25.XCY Norman = W32/Vundo.UWC Sophos = Troj/Virtum-Gen GData = Gen:Variant.Graftor.1470 Commtouch = W32/GenTroj.A.gen!Eldorado TheHacker = Trojan/Ponmocup.aa BitDefender = Gen:Variant.Graftor.1470 NOD32 = Win32/Ponmocup.AA
ExIF Data	File Size : 110 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 20480 Initialized Data Size : 94208 Uninitialized Data Size : 0 Entry Point : 0x140e OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.3790.3959 Product Version Number : 6.0.3790.3959 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : Neutral Character Set : Unicode Company Name : Cwyxgyeqa Ofyxlwisnkg File Description : Server Extension Objects DLL File Version : 6.0.3790.3959 (srv03_sp2_rtm.070216-1710) Internal Name : SEO Legal Copyright : © Ltocekgjw Boueiawqrum. All rights reserved. Original Filename : SEO.DLL Product Name : Internet Information Services Product Version : 6.0.3790.3959
VirusTotal Report submitted 2012-06-16 20:52:35
VirusShare info last updated 2012-09-20 19:23:00

	MD5	4700b30a26469f6894e5f76c42918f9a
	SHA1	69b61f8551d8944d68a01cc3a4eff04914385bf9
	SHA256	c1fa0df7a211047e989d00aa433d731d6152ed3a37b9162e2d5b39a717af4ccd
SSDeep	1536:aQRxQC7zCCuLm0P1GFsDVSC+g4cVR8npJyDsdKWqkdF1s:x7zmnGFsDVSCT4eRmJyaKWTdF1s
Size	62976 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Crypt.XPACK.Gen Avast = Win32:MalOb-HV [Cryp] Antiy-AVL = Trojan/Win32.Genome Ikarus = Win32.SuspectCrc AhnLab-V3 = Trojan/Win32.HDC Panda = Generic Trojan Rising = Trojan.Win32.Ponmocup.a K7AntiVirus = Riskware VirusBuster = Trojan.Ponmocup!+ALpYFpyP/E TrendMicro-HouseCall = TROJ_GEN.R47CELJ Comodo = UnclassifiedMalware Emsisoft = Win32.SuspectCrc!IK McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.Siggen3.45760 TrendMicro = TROJ_GEN.R47CELJ Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.TMS!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.K!generic Jiangmin = DangerousObject.Multi.cmj McAfee = Generic Malware.ms F-Secure = Gen:Variant.Barys.1086 VIPRE = Trojan.Win32.Encpk.acf (v) eSafe = Win32.TRCrypt.XPACK AVG = Generic25.AIMJ Norman = W32/Suspicious_Gen2.SUCWG Sophos = Mal/EncPk-ACF Symantec = Trojan.Gen.2 GData = Gen:Variant.Barys.1086 TheHacker = Trojan/Ponmocup.aa BitDefender = Gen:Variant.Barys.1086 NOD32 = Win32/Ponmocup.AA
ExIF Data	File Size : 62 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 20480 Initialized Data Size : 45056 Uninitialized Data Size : 0 Entry Point : 0x13ea OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.1830 Product Version Number : 5.2.3790.1830 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Unicode Company Name : Laflslkfm Wdtqeluyqph File Description : Distributed File Kzfeuu Filter Driver File Version : 5.2.3790.1830 (srv03_sp1_rtm.050324-1447) Internal Name : dfs.sys Legal Copyright : © Npypypxye Qobexzwdstl. All rights reserved. Original Filename : dfs.sys Product Name : Kcuqvzkto® Dnufedn® Wmcirkzqf Utyssw Product Version : 5.2.3790.1830
VirusTotal Report submitted 2012-06-16 22:07:52
VirusShare info last updated 2012-09-21 00:28:28

	MD5	966217803c48e42aed0d7032544dd143
	SHA1	8883aecf07265a9af3d49831cbd0732e9bab11e6
	SHA256	c2b8f64519b6f194eb5c12fa5baca89d9535517fe8d5bdc3c5f1d579f044c9a3
SSDeep	1536:+tQPIpgNmrbNbbuoyEI69ZOZbZJnakqHUb1fuhBhpgpayZbScFvww:hQAEWoyE19oZMRHtNCL1Fvw
Size	118784 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	Ikarus = Gen.Variant.Vundo AhnLab-V3 = Win-Trojan/Agent.118784.AAZ Panda = Trj/Genetic.gen Emsisoft = Gen.Variant.Vundo!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] VIPRE = Trojan.Win32.Kryptik.laq (v) Sophos = Mal/Ponmocup-A
ExIF Data	File Size : 116 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:04:22 04:16:54-04:00 PE Type : PE32 Linker Version : 7.10 Code Size : 28672 Initialized Data Size : 122880 Uninitialized Data Size : 0 Entry Point : 0x46ea OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.2900.2180 Product Version Number : 6.0.2900.2180 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Gddyypfvp Dkirifmzwqi File Description : Internet Shortcut Shell Extension DLL File Version : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) Internal Name : URL Legal Copyright : © Tvggpxfog Ypvfycqubhg. All rights reserved. Original Filename : URL.DLL Product Name : Qjzcbrvow® Rezdmdy® Rrqedazot Zolfgw Product Version : 6.00.2900.2180
VirusTotal Report submitted 2011-04-26 13:23:06
VirusShare info last updated 2012-09-21 19:50:31

	MD5	f441fa858815d4cf69c7965c46990b6a
	SHA1	797d9cfdc53af52c0f1bc4fc7e02cd2c99d929e0
	SHA256	c86db3e00555675bd0ba365684db023a590ff2a26b1e3c8253ac67315139e3cd
SSDeep	1536:aQRxQC7zCCuLm0PLLcFsDeSC+g4cVR8npJyDsdKWqDdF1s:x7zm1IFsDeSCT4eRmJyaKWkdF1s
Size	62976 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Crypt.XPACK.Gen Avast = Win32:MalOb-HV [Cryp] Antiy-AVL = Trojan/Win32.Genome Ikarus = Win32.SuspectCrc AhnLab-V3 = Trojan/Win32.HDC Panda = Trj/CI.A nProtect = Gen:Variant.Graftor.2702 K7AntiVirus = Riskware VirusBuster = Trojan.Ponmocup!BTuBcLmzVaQ TrendMicro-HouseCall = TROJ_GEN.R47CELJ Emsisoft = Win32.SuspectCrc!IK Comodo = TrojWare.Win32.Ponmocup.aa SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[Cont] McAfee-GW-Edition = Generic Malware.ms TrendMicro = TROJ_GEN.R47CELJ Kaspersky = HEUR:Trojan.Win32.Generic Fortinet = W32/Kryptik.TMS!tr PCTools = Trojan.Gen Jiangmin = DangerousObject.Multi.cmj McAfee = Generic Malware.ms F-Secure = Gen:Variant.Graftor.2702 VIPRE = Trojan.Win32.Generic!BT eSafe = Win32.TRCrypt.XPACK AVG = Generic25.AIMJ Norman = W32/Suspicious_Gen2.UBYAZ Sophos = Mal/EncPk-ACF GData = Gen:Variant.Graftor.2702 Symantec = Trojan.Gen.2 Commtouch = W32/GenBl.F441FA85!Olympus TheHacker = Trojan/Ponmocup.aa BitDefender = Gen:Variant.Graftor.2702 NOD32 = Win32/Ponmocup.AA
ExIF Data	File Size : 62 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 20480 Initialized Data Size : 45056 Uninitialized Data Size : 0 Entry Point : 0x13ea OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.1830 Product Version Number : 5.2.3790.1830 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : English (U.S.) Character Set : Unicode Company Name : Laflslkfm Wdtqeluyqph File Description : Distributed File Kzfeuu Filter Driver File Version : 5.2.3790.1830 (srv03_sp1_rtm.050324-1447) Internal Name : dfs.sys Legal Copyright : © Npypypxye Qobexzwdstl. All rights reserved. Original Filename : dfs.sys Product Name : Kcuqvzkto® Dnufedn® Wmcirkzqf Utyssw Product Version : 5.2.3790.1830
VirusTotal Report submitted 2011-12-29 12:58:47
VirusShare info last updated 2012-09-22 19:57:41

	MD5	31b598b8ba8ec853d5ddd7b67d425618
	SHA1	f6476aa6399fd3a0acd46e3c2ec1f1d8355ec3d4
	SHA256	9372bf941e95286c5ef19537d54f86f998b0e9c8cb55f1acf6ead990f7bb6664
SSDeep	1536:fSQhBxT9gaYLelXQkjztDKme8+kyloOaIuxzEKneqFK1ajmAFbWYtALieISFjPn7:f5B9O4ntDKme8+kCGwKneqFK1ajmAFbs
Size	94720 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Graftor.364921 Avast = Win32:Malware-gen Antiy-AVL = Trojan/win32.agent.gen Ikarus = Virus.Win32.Vundo AhnLab-V3 = Trojan/Win32.HDC Panda = Generic Trojan nProtect = Gen:Variant.Graftor.3649 K7AntiVirus = Riskware VirusBuster = Trojan.Ponmocup!0YT4e9szuX0 TrendMicro-HouseCall = TROJ_GEN.R47C7KL Comodo = UnclassifiedMalware Emsisoft = Virus.Win32.Vundo!IK SUPERAntiSpyware = Trojan.Agent/Gen-Kundo McAfee-GW-Edition = Artemis!31B598B8BA8E DrWeb = Trojan.Siggen3.27040 TrendMicro = TROJ_GEN.R47C7KL Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Ponmocup.AA PCTools = Trojan.Gen Jiangmin = Trojan/Virtumonde.akp McAfee = Artemis!31B598B8BA8E F-Secure = Gen:Variant.Graftor.3649 VIPRE = Virtumonde eSafe = Win32.GenVariant.Gra AVG = Generic25.BOQO Norman = W32/Suspicious_Gen2.STVUP Sophos = Mal/EncPk-ACF GData = Gen:Variant.Graftor.3649 Symantec = Trojan.Gen.2 BitDefender = Gen:Variant.Graftor.3649 NOD32 = Win32/Ponmocup.AA
ExIF Data	File Size : 92 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:24 20:35:19-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 20480 Initialized Data Size : 81920 Uninitialized Data Size : 0 Entry Point : 0x1422 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1.3.0.2 Product Version Number : 1.3.0.2 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : Arabic Character Set : Windows, Arabic Company Name : Brother Industries Ltd. File Description : ‎‎برنامج تشغيل فئة Brother Parallel File Version : 1.03 Internal Name : BrParWdm.sys Legal Copyright : Copyright © Brother Industries Ltd., 2001-2003 Original Filename : BrParWdm.sys Product Name : Brother Parallel class Driver Product Version : 1.03
VirusTotal Report submitted 2011-12-16 07:49:42
VirusShare info last updated 2012-09-23 00:47:41

	MD5	c084bf18363b9b939019e73258210657
	SHA1	0b8dd371693b8dfbdd327ff81eb4407db89e7fe1
	SHA256	97db1a088e06216a08bfad48c75bd621a44923c64a5970f39b3ad7c3658208e2
SSDeep	1536:bT5fGNArPL+LQFKipDV6sBpNfEmeiUMwqby:ZdruopDRNfrei0qb
Size	61952 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Graftor.36492 Avast = Win32:Suprchu [Adw] Ikarus = Win32.SuspectCrc AhnLab-V3 = Trojan/Win32.HDC Panda = Trj/CI.A Rising = Trojan.Win32.Ponmocup.a K7AntiVirus = Trojan Emsisoft = Win32.SuspectCrc!IK Comodo = TrojWare.Win32.Ponmocup.aa McAfee-GW-Edition = Generic.dx!bcq4 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.TMS!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.K!generic Jiangmin = Trojan/Virtumonde.akp McAfee = Generic.dx!bcq4 F-Secure = Gen:Variant.Graftor.1470 VIPRE = Trojan.Win32.Encpk.acf (v) F-Prot = W32/GenTroj.A.gen!Eldorado AVG = Generic25.XWZ Sophos = Troj/Virtum-Gen Symantec = Trojan.Gen.2 GData = Gen:Variant.Graftor.1470 Commtouch = W32/GenTroj.A.gen!Eldorado ESET-NOD32 = Win32/Ponmocup.AA BitDefender = Gen:Variant.Graftor.1470
ExIF Data	File Size : 60 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 20480 Initialized Data Size : 49152 Uninitialized Data Size : 0 Entry Point : 0x13f2 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1.0.0.5 Product Version Number : 1.0.0.5 File Flags Mask : 0x003f File Flags : Private build File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Comments : MSR DTAS: Bayesian Inference Belief Network Troubleshooting Library Company Name : Cabrasmir Zdcnfxplhiz; Viyntgvvn Research File Description : Belief Network Troubleshooting File Version : 1.0.0.5 Internal Name : bnts.dll Legal Copyright : Copyright (C) 1997-2000 Original Filename : bnts.dll Product Name : Xmqmniqey BNTS Product Version : 1.0.0.5 Original Date : Tuesday, Aug 1, 2000
VirusTotal Report submitted 2012-09-22 09:16:17
VirusShare info last updated 2012-09-23 10:03:40

	MD5	12d260ea41d187d252c5655ddf419521
	SHA1	435df8b22b9058b3c2ac1f9ccea95d3564e159e0
	SHA256	cee21181f17c0e816163e1477bd3d46563ed7520209c28ea8f17e2e899a0564b
SSDeep	12288:bSVuxlTcViV6or9luvSXHBrmyi1NMYkg:EuxlYg3DuvSXa6h
Size	402432 bytes
File Type	PE32 executable (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Dldr.Ponmocup.A.156 Avast = Win32:Malware-gen Ikarus = Trojan-Downloader.Win32.Renos AhnLab-V3 = Malware/Win32.Generic Panda = Suspicious file nProtect = Trojan.Generic.5149527 TrendMicro-HouseCall = TROJ_GEN.R47C2L2 Comodo = UnclassifiedMalware Emsisoft = Trojan-Downloader.Win32.Renos!IK DrWeb = Trojan.Hosts.2242 TrendMicro = TROJ_GEN.R47C2L2 Microsoft = TrojanDownloader:Win32/Ponmocup.A F-Secure = Trojan.Generic.5149527 VIPRE = Trojan.Win32.Generic!SB.0 Avast5 = Win32:Malware-gen AVG = Downloader.Generic10.AVAD Norman = W32/Obfuscated.L Sophos = Mal/Generic-L GData = Trojan.Generic.5149527 BitDefender = Trojan.Generic.5149527
ExIF Data	File Size : 393 kB File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:04:03 23:28:07-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 387072 Initialized Data Size : 315904 Uninitialized Data Size : 0 Entry Point : 0x5f3b0 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.0.0.3422 Product Version Number : 2.0.0.3422 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : Chinese (Simplified) Character Set : Unicode Comments : Company Name : Microsoft Corporation File Description : Microsoft Agent International Dll File Version : 2.00.0.3422 Internal Name : agt0804 Legal Copyright : Copyright (C) Microsoft Corp. 1998 Legal Trademarks : Original Filename : agt0804.dll Private Build : Product Name : Microsoft Agent International Dll Product Version : 2.00.0.3422 Special Build :
VirusTotal Report submitted 2010-12-07 04:30:54
VirusShare info last updated 2012-09-24 05:14:53

	MD5	1cd2405ccbabd14e53682023df27b66f
	SHA1	842bb19aa97afc0e5fcbd8b142e14354cf70fb74
	SHA256	d1fd201c1091ca1367af0dd58bfdc70e3b835a4911fb98057ab6d67daf03cad9
SSDeep	6144:AGxjafQonIZo+qv4rNiyhPyKEHLJnppkEvDBI/D:TxjyIsQiiyPHLJnPZFI7
Size	252208 bytes
File Type	PE32 executable (GUI) Intel 80386, for MS Windows
Detections	Avast = Win32:Pirminay-EE [Trj] Antiy-AVL = Trojan/Win32.Pirminay Ikarus = Trojan-Downloader.Small Panda = Suspicious file nProtect = Trojan.Generic.6886472 K7AntiVirus = Riskware VBA32 = Trojan.Pirminay.orh TrendMicro-HouseCall = TROJ_SPNR.15KK11 Emsisoft = Trojan-Downloader.Small!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Artemis!1CD2405CCBAB DrWeb = Trojan.Smardec.119 TrendMicro = TROJ_SPNR.15KK11 Microsoft = Trojan:Win32/Dynamer!dtc Fortinet = W32/Pirminay.A!tr Jiangmin = Trojan/Generic.ogcu McAfee = Artemis!1CD2405CCBAB F-Secure = Trojan.Generic.6886472 AVG = Suspicion: unknown virus Norman = W32/Suspicious_Gen2.dam GData = Trojan.Generic.6886472 TheHacker = Trojan/Downloader.Agent.pxo BitDefender = Trojan.Generic.6886472 NOD32 = a variant of Win32/Ponmocup.AA
ExIF Data	File Size : 246 kB File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 62464 Initialized Data Size : 209408 Uninitialized Data Size : 0 Entry Point : 0x101da OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-06-15 10:42:55
VirusShare info last updated 2012-09-24 09:31:08

	MD5	5c04fc2625b41c43c49e7cb7f9267c31
	SHA1	2557b38d56096c7a1c35263364830891c6528fb2
	SHA256	cec45afb09a5d8a028cd150203058cba35e4f645a7ec9fe110f029f98c03280c
SSDeep	1536:V42HABZQlbwLd/jSG7DgppGnRLM3ghKLc7ZZVx7OAJPjNGbw9iyWw+1VtX2t:oQit7DJlMQ8Lc7ZZqAJPjNGbw9iyWw+s
Size	87040 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Crypt.XPACK.Gen Avast = Win32:Suprchu [Adw] Antiy-AVL = Trojan/Win32.Genome Ikarus = Trojan.SuspectCRC AhnLab-V3 = Trojan/Win32.HDC Panda = Suspicious file Rising = Trojan.Win32.Ponmocup.a K7AntiVirus = Riskware VirusBuster = Trojan.Kryptik!7Q8WqjFQbXk eTrust-Vet = Win32/Vundo.K!generic TrendMicro-HouseCall = TROJ_GEN.R29C8JJ Comodo = UnclassifiedMalware Emsisoft = Trojan.SuspectCRC!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[Cont] McAfee-GW-Edition = Generic.dx!bb3k DrWeb = Trojan.Click2.2604 TrendMicro = TROJ_GEN.R29C8JJ Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.TMS!tr PCTools = Trojan.Gen Jiangmin = DangerousObject.Multi.cmj McAfee = Generic.dx!bb3k F-Secure = Gen:Variant.Graftor.1470 VIPRE = Trojan.Win32.Generic!BT F-Prot = W32/GenTroj.A.gen!Eldorado AVG = Generic25.PFV Norman = W32/Suspicious_Gen2.RKBXZ Sophos = Troj/Virtum-Gen GData = Gen:Variant.Graftor.1470 Symantec = Trojan.Gen.2 Commtouch = W32/GenTroj.A.gen!Eldorado TheHacker = Trojan/Kryptik.tms BitDefender = Gen:Variant.Graftor.1470 NOD32 = Win32/Ponmocup.AA
ExIF Data	File Size : 85 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 20480 Initialized Data Size : 69632 Uninitialized Data Size : 0 Entry Point : 0x140a OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.0.3000.11 Product Version Number : 5.0.3000.11 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 1 Language Code : Czech Character Set : Unicode Company Name : Brother Industries, Ltd. File Description : brclrui.dll File Version : 5.0.3000.11 (vbl_wcp_d2_drivers.060616-1619) Internal Name : brclrui.dll Legal Copyright : Copyright © Brother Industries, Ltd. 2002 Original Filename : brclrui.dll Product Name : Operacni system Aknwrhrcy® Oavwxnf® Product Version : 5.0.3000.11
VirusTotal Report submitted 2012-04-05 22:40:03
VirusShare info last updated 2012-09-25 07:33:08

	MD5	5cfc935ad0d8e66aca7dea7e1da2cda8
	SHA1	1678842597943ce4810f7f926893665f2b9852d9
	SHA256	d214f310d3b166101b7b57e09e003e098da5a26996becbc272ec3785b122b22c
SSDeep	12288:zSVuxlTcViV6or9luvSXHBrmyi1NMYkg:8uxlYg3DuvSXa6h
Size	402432 bytes
File Type	PE32 executable (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Dldr.Ponmocup.A.156 Avast = Win32:Malware-gen Ikarus = Trojan-Downloader.Win32.Renos Panda = Suspicious file Rising = Trojan.Win32.Generic.52536AAB nProtect = Trojan.Generic.5149527 VBA32 = suspected of Trojan.Pirminay.aud Comodo = UnclassifiedMalware McAfee-GW-Edition = Generic Downloader.x!efh DrWeb = Trojan.Hosts.2242 Microsoft = TrojanDownloader:Win32/Renos.KC Fortinet = W32/Downloader_x.EFH!tr PCTools = Downloader.Generic McAfee = Generic Downloader.x!efh F-Secure = Trojan.Generic.5149527 VIPRE = Trojan.Win32.Generic!SB.0 Prevx = Medium Risk Malware Avast5 = Win32:Malware-gen eSafe = Win32.TRDldr.Ponmocu AVG = Downloader.Generic10.AVAD Norman = W32/Obfuscated.L Sophos = Mal/Generic-L Symantec = Downloader GData = Trojan.Generic.5149527 BitDefender = Trojan.Generic.5149527 NOD32 = a variant of Win32/Kryptik.IZC
ExIF Data	File Size : 393 kB File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:04:03 23:28:07-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 387072 Initialized Data Size : 315904 Uninitialized Data Size : 0 Entry Point : 0x5f3b0 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.0.0.3422 Product Version Number : 2.0.0.3422 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : Chinese (Simplified) Character Set : Unicode Comments : Company Name : Microsoft Corporation File Description : Microsoft Agent International Dll File Version : 2.00.0.3422 Internal Name : agt0804 Legal Copyright : Copyright (C) Microsoft Corp. 1998 Legal Trademarks : Original Filename : agt0804.dll Private Build : Product Name : Microsoft Agent International Dll Product Version : 2.00.0.3422 Special Build :
VirusTotal Report submitted 2010-12-28 16:40:50
VirusShare info last updated 2012-09-25 08:02:00

	MD5	7d2f4f461b05b7a75004ffddf3141e36
	SHA1	14450816a6c9a00f37d6f130d8591993bbdafe36
	SHA256	d93c01a95cd3b08548c4b694327dc861919e950c7f0d01ba32dce89e2311a6a0
SSDeep	1536:eiR1B1DuLqKaLOEn5DlC5S0PFjmaKWaId/UQDc4Gao5gD/9SooKzs6obmO1q2D1i:BuGPZ5DoRFHfUQDc4GRgD/9wTzw
Size	112128 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Crypt.XPACK.Gen Avast = Win32:Suprchu [Adw] Ikarus = Win32.SuspectCrc AhnLab-V3 = Trojan/Win32.HDC Panda = Trj/CI.A Rising = Trojan.Win32.Ponmocup.a K7AntiVirus = Riskware VirusBuster = Trojan.Ponmocup!o6vsc5AcFv8 TrendMicro-HouseCall = TROJ_GEN.R01C8KT Emsisoft = Win32.SuspectCrc!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Artemis!7D2F4F461B05 DrWeb = Trojan.Siggen3.59899 TrendMicro = TROJ_GEN.R01C8KT Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV ViRobot = Trojan.Win32.A.Virtumonde.112128 Fortinet = W32/Kryptik.TMS!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.rmfm McAfee = Artemis!7D2F4F461B05 F-Secure = Gen:Variant.Graftor.1470 VIPRE = Trojan.Win32.Encpk.acf (v) eSafe = Win32.TRCrypt.XPACK F-Prot = W32/GenTroj.A.gen!Eldorado AVG = Generic25.XCY Norman = W32/Vundo.UWC Sophos = Troj/Virtum-Gen GData = Gen:Variant.Graftor.1470 Symantec = Trojan.Gen.2 Commtouch = W32/GenTroj.A.gen!Eldorado TheHacker = Trojan/Ponmocup.aa BitDefender = Gen:Variant.Graftor.1470 NOD32 = Win32/Ponmocup.AA
ExIF Data	File Size : 110 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 20480 Initialized Data Size : 94208 Uninitialized Data Size : 0 Entry Point : 0x140e OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.3790.3959 Product Version Number : 6.0.3790.3959 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : Neutral Character Set : Unicode Company Name : Cwyxgyeqa Ofyxlwisnkg File Description : Server Extension Objects DLL File Version : 6.0.3790.3959 (srv03_sp2_rtm.070216-1710) Internal Name : SEO Legal Copyright : © Ltocekgjw Boueiawqrum. All rights reserved. Original Filename : SEO.DLL Product Name : Internet Information Services Product Version : 6.0.3790.3959
VirusTotal Report submitted 2012-06-17 02:22:44
VirusShare info last updated 2012-09-25 18:04:45

	MD5	8f66942f1e6c418c018ba847a994c13d
	SHA1	3621dd7afe24dbf0fb5894f1cb7729ff5dda7b7d
	SHA256	da82533bccee1c9a44d12d1c43f8d9f28e6e92ef91b7034bfffd89c14732328d
SSDeep	1536:eiR1B1DuLqKaLOEn5DCC5S0PFjmaKWacd/UQDc4Gao5gD/9SooKzs6obmO1q2D1i:BuGPB5D/RFHXUQDc4GRgD/9wTzw
Size	112128 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Crypt.XPACK.Gen Avast = Win32:Suprchu [Adw] Ikarus = Win32.SuspectCrc AhnLab-V3 = Trojan/Win32.HDC Panda = Trj/CI.A Rising = Trojan.Win32.Ponmocup.a K7AntiVirus = Riskware VirusBuster = Trojan.Ponmocup!oEjjDulx0Lg TrendMicro-HouseCall = TROJ_GEN.R3EC8KM Comodo = UnclassifiedMalware Emsisoft = Win32.SuspectCrc!IK McAfee-GW-Edition = Generic.dx!bbtj DrWeb = Trojan.Siggen3.59899 TrendMicro = TROJ_GEN.R3EC8KM Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV ViRobot = Trojan.Win32.A.Virtumonde.112128 Fortinet = W32/Kryptik.TMS!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.rmfm McAfee = Generic.dx!bbtj F-Secure = Gen:Variant.Graftor.1470 VIPRE = Trojan.Win32.Encpk.acf (v) eSafe = Win32.TRCrypt.XPACK F-Prot = W32/GenTroj.A.gen!Eldorado AVG = Generic25.XCY Norman = W32/Vundo.UWC Sophos = Troj/Virtum-Gen GData = Gen:Variant.Graftor.1470 Symantec = Trojan.Gen.2 Commtouch = W32/GenTroj.A.gen!Eldorado TheHacker = Trojan/Ponmocup.aa BitDefender = Gen:Variant.Graftor.1470 NOD32 = Win32/Ponmocup.AA
ExIF Data	File Size : 110 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 20480 Initialized Data Size : 94208 Uninitialized Data Size : 0 Entry Point : 0x140e OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.3790.3959 Product Version Number : 6.0.3790.3959 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : Neutral Character Set : Unicode Company Name : Cwyxgyeqa Ofyxlwisnkg File Description : Server Extension Objects DLL File Version : 6.0.3790.3959 (srv03_sp2_rtm.070216-1710) Internal Name : SEO Legal Copyright : © Ltocekgjw Boueiawqrum. All rights reserved. Original Filename : SEO.DLL Product Name : Internet Information Services Product Version : 6.0.3790.3959
VirusTotal Report submitted 2012-06-17 03:52:39
VirusShare info last updated 2012-09-26 00:05:08

	MD5	a4019c2a98b1117e0311b30e5b6c030a
	SHA1	935720e8f413d35ad18a3494776d836e6f7c9b9c
	SHA256	da3ed6da86f3b3fcfc9326565502a5a8c2bf044d28b688fb9fa03a42d0e69e4e
SSDeep	1536:EC7Q/34AhwL5LeI2LZD3NkC7GOyCeOaQTvUD4wyc8b2t:C497uZDq6GlVWUD4Rc8b2
Size	70144 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Crypt.XPACK.Gen Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Genome Ikarus = Win32.SuspectCrc AhnLab-V3 = Trojan/Win32.HDC Panda = Suspicious file Rising = Trojan.Win32.Ponmocup.a K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_GEN.R01C8LA Emsisoft = Win32.SuspectCrc!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Generic.dx!bbx4 TrendMicro = TROJ_GEN.R01C8LA Kaspersky = UDS:DangerousObject.Multi.Generic Fortinet = W32/Kryptik.UER!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.K!generic Jiangmin = Trojan/Generic.rkai McAfee = Generic.dx!bbx4 F-Secure = Gen:Variant.Graftor.3649 VIPRE = Trojan.Win32.Encpk.acf (v) eSafe = Win32.TRCrypt.XPACK AVG = Generic25.COYU Norman = W32/Suspicious_Gen2.TVLEW Sophos = Mal/EncPk-ACF GData = Gen:Variant.Graftor.3649 Symantec = Trojan.Gen.2 TheHacker = Trojan/Ponmocup.aa BitDefender = Gen:Variant.Graftor.3649 NOD32 = Win32/Ponmocup.AA
ExIF Data	File Size : 68 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 8.0 Code Size : 20480 Initialized Data Size : 53248 Uninitialized Data Size : 0 Entry Point : 0x140a OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : TCP/IP PathPing Command File Version : 5.1.2600.0 (xpclient.010817-1148) Internal Name : pathping.exe Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : pathping.exe Product Name : Microsoft® Windows® Operating System Product Version : 5.1.2600.0
VirusTotal Report submitted 2012-06-18 03:02:27
VirusShare info last updated 2012-09-26 09:59:51

	MD5	af9940f74984e1b73b9984a4f628f7ec
	SHA1	76b3db610346249b6aba71f3265b39e6e59bed2c
	SHA256	c4798a227a795641ee3e9312ad50d0303378a654b771b6687ff750b066d81f7a
SSDeep	1536:fSQhBxT9gaYLelX2btDAme8+kyloOaIuxiDEKneqFK1ajmAFbWYtALieISFjPn7:f5B9O5tDAme8+kCGiAKneqFK1ajmAFbs
Size	94720 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Graftor.364921 Avast = Win32:Trojan-gen Antiy-AVL = Trojan/win32.agent.gen Ikarus = Virus.Win32.Vundo AhnLab-V3 = Trojan/Win32.HDC Panda = Suspicious file Rising = Trojan.Win32.Ponmocup.a K7AntiVirus = Riskware VirusBuster = Trojan.Ponmocup!5OWJ5xDTLWg TrendMicro-HouseCall = TROJ_GEN.RC1C7L5 Emsisoft = Virus.Win32.Vundo!IK Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Kundo McAfee-GW-Edition = Artemis!AF9940F74984 DrWeb = Trojan.Siggen3.27040 TrendMicro = TROJ_GEN.RC1C7L5 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV ViRobot = Trojan.Win32.A.Virtumonde.94720.A Fortinet = W32/Kryptik.UER!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.HTS!genus Jiangmin = Trojan/Virtumonde.akp McAfee = Artemis!AF9940F74984 F-Secure = Gen:Variant.Graftor.3649 VIPRE = Trojan.Win32.Encpk.acf (v) eSafe = Win32.TRGraftor AVG = Generic25.BOQO Norman = W32/Suspicious_Gen2.TUVYO Sophos = Mal/EncPk-ACF GData = Gen:Variant.Graftor.3649 Symantec = Trojan.Gen.2 TheHacker = Trojan/Ponmocup.aa BitDefender = Gen:Variant.Graftor.3649 NOD32 = Win32/Ponmocup.AA
ExIF Data	File Size : 92 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:24 20:35:19-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 20480 Initialized Data Size : 81920 Uninitialized Data Size : 0 Entry Point : 0x1422 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1.3.0.2 Product Version Number : 1.3.0.2 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : Arabic Character Set : Windows, Arabic Company Name : Brother Industries Ltd. File Description : ‎‎برنامج تشغيل فئة Brother Parallel File Version : 1.03 Internal Name : BrParWdm.sys Legal Copyright : Copyright © Brother Industries Ltd., 2001-2003 Original Filename : BrParWdm.sys Product Name : Brother Parallel class Driver Product Version : 1.03
VirusTotal Report submitted 2012-06-05 23:18:46
VirusShare info last updated 2012-09-26 14:08:30

	MD5	d340de32eb2a877adc907bd54f289a4a
	SHA1	0068c470d0e8e145259f6f60a0aa8eeb54e626a4
	SHA256	c6daaa0567fa8254cb738798ab6b225f09d318e72cc0715919edd10b19baa5b6
SSDeep	6144:ITnFxhU2tYEVK2NoDhnlpxmCyac/vSxXBKaI+oICugoh4l4gfbJb:ie2oFnllOHZk4rbJb
Size	313608 bytes
File Type	PE32 executable (GUI) Intel 80386, for MS Windows
Detections	Avast = Win32:Pirminay-EE [Trj] Ikarus = Trojan.Win32.Pirminay Panda = Suspicious file K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_GEN.RCBH2HR McAfee-GW-Edition = Artemis!D340DE32EB2A DrWeb = Trojan.WinSpy.1711 Fortinet = W32/Pirminay.A!tr F-Secure = Gen:Variant.Kazy.38713 F-Prot = W32/FakeAlert.FT.gen!Eldorado AVG = Generic27.AIEP Norman = W32/Troj_Generic.DOOUS GData = Gen:Variant.Kazy.38713 Commtouch = W32/FakeAlert.FT.gen!Eldorado ESET-NOD32 = a variant of Win32/Ponmocup.AA
ExIF Data	File Size : 306 kB File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 57344 Initialized Data Size : 589824 Uninitialized Data Size : 0 Entry Point : 0xec3a OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-08-31 09:27:42
VirusShare info last updated 2012-09-27 02:27:31

	MD5	dcbf251d0215c279278b733f579ed388
	SHA1	7879285fcb78cfa2fa001823a28122aa85147167
	SHA256	d73773487e1d6c6c615a65f32844125cbb77c192b397683acac224a458a105dc
SSDeep	1536:guZdKfrcQ4tCztAoCQIZfnCaxoVbPWji67:JZgcZtAAogRn3ybPWji
Size	70656 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Crypt.ZPACK.Gen2 Avast = Win32:MalOb-HV [Cryp] Antiy-AVL = Trojan/Win32.Agent Ikarus = Trojan.SuspectCRC AhnLab-V3 = Adware/Win32.SuperJuan Panda = Trj/Genetic.gen nProtect = Trojan/W32.Agent.70656.UN K7AntiVirus = Riskware VBA32 = Trojan.Genome.aagto TrendMicro-HouseCall = TROJ_GEN.R47C8L7 Comodo = TrojWare.Win32.Kryptik.UER Emsisoft = Trojan.SuspectCRC!IK CAT-QuickHeal = Trojan.Vundo.Gen McAfee-GW-Edition = Artemis!DCBF251D0215 TrendMicro = TROJ_GEN.R47C8L7 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.UER!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.K!generic Jiangmin = Trojan/Generic.reyi McAfee = Artemis!DCBF251D0215 F-Secure = Gen:Variant.Graftor.2702 VIPRE = Trojan.Win32.Encpk.acf (v) F-Prot = W32/TDSS.S.gen!Eldorado AVG = Generic25.AIIR Norman = W32/Suspicious_Gen2.SVRRW Sophos = Mal/EncPk-ACF Symantec = Trojan.Gen.2 GData = Gen:Variant.Graftor.2702 Commtouch = W32/TDSS.S.gen!Eldorado TheHacker = Trojan/Ponmocup.aa ESET-NOD32 = Win32/Ponmocup.AA BitDefender = Gen:Variant.Graftor.2702
ExIF Data	File Size : 69 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 28672 Initialized Data Size : 49152 Uninitialized Data Size : 0 Entry Point : 0x15c5 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.3.3790.1830 Product Version Number : 5.3.3790.1830 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Microsoft DirectPlay File Version : 5.3.3790.1830 (srv03_sp1_rtm.050324-1447) Internal Name : dpnet.dll Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : dpnet.dll Product Name : Microsoft(R) Windows(R) Operating System Product Version : 5.3.3790.1830
VirusTotal Report submitted 2012-08-22 20:13:11
VirusShare info last updated 2012-09-27 08:10:08

	MD5	e608ee92c79a84a49fabd71bce23dcc4
	SHA1	98f3c717552d3913d7ffeed6cb2013d200dbbdc1
	SHA256	955eaaeab0c5bae39bf0a077ec1f63595c1a786f82c861dec1e647ee27be45d3
SSDeep	1536:eoCS5gYef8LrJPnxDREOZhIq5rlP2rcfto2/Zt:xg7M9xDiu2q55PIuto4Z
Size	61440 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Crypt.XPACK.Gen Avast = Win32:MalOb-HV [Cryp] Antiy-AVL = Trojan/Win32.Genome Ikarus = Win32.SuspectCrc AhnLab-V3 = Trojan/Win32.HDC Panda = Generic Trojan Rising = Trojan.Win32.Ponmocup.a K7AntiVirus = Riskware VirusBuster = Trojan.Ponmocup!PPLKkNcTwPA eTrust-Vet = Win32/Vundo.K!generic TrendMicro-HouseCall = TROJ_GEN.R3EC8KL Comodo = UnclassifiedMalware Emsisoft = Win32.SuspectCrc!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falint[Cont] TrendMicro = TROJ_GEN.R3EC8KL Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.TMS!tr PCTools = Trojan.Gen Jiangmin = DangerousObject.Multi.ciw McAfee = Generic Malware.ms F-Secure = Gen:Variant.Barys.1086 VIPRE = Trojan.Win32.Encpk.acf (v) AVG = Generic25.AHPB Norman = W32/Suspicious_Gen2.SSTXI Symantec = Trojan.Gen.2 GData = Gen:Variant.Barys.1086 TheHacker = Trojan/Ponmocup.aa BitDefender = Gen:Variant.Barys.1086 NOD32 = Win32/Ponmocup.AA
ExIF Data	File Size : 60 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 20480 Initialized Data Size : 45056 Uninitialized Data Size : 0 Entry Point : 0x140e OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Dpcjsemgc Lorpgijjonn File Description : Qbutpzcvs Zjfhjbr ambient light service File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : Nsshnquui Sagyjvf ambient light service Legal Copyright : © Eidhgixuf Pzhmsynvkdz. All rights reserved. Original Filename : sensrsvc.dll Product Name : Zeuagcmhb® Windows® Gekhsrows Lgalvm Product Version : 6.1.7600.16385
VirusTotal Report submitted 2012-04-28 04:59:35
VirusShare info last updated 2012-09-27 11:46:44

	MD5	fc52e98daf2a8bd13fc5d189b85f5e48
	SHA1	ca0abd02c6adfca2110fd21f66dbf86c5d600e07
	SHA256	cb2d3d8c72dc8f3ac79f975bb630af5fe36b34c477a3f028aa3bd8933a89984c
SSDeep	1536:NHiSpSIqoL/ttUDzlBcf4SbQ+Tq511pi5Lj+XM2t:NSeHUDzlqQSbQ+Tq5Atj+XM2
Size	61440 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Crypt.XPACK.Gen Avast = Win32:Suprchu [Adw] Ikarus = Win32.SuspectCrc AhnLab-V3 = Trojan/Win32.Gen Panda = Trj/CI.A Rising = Trojan.Win32.Generic.12A99D60 K7AntiVirus = Riskware VirusBuster = Trojan.Ponmocup!JdYpNDebnaY TrendMicro-HouseCall = TROJ_GEN.R49C8K9 Emsisoft = Win32.SuspectCrc!IK Comodo = UnclassifiedMalware McAfee-GW-Edition = Generic Malware.ms TrendMicro = TROJ_GEN.R49C8K9 Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.TMS!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.K!generic Jiangmin = DangerousObject.Multi.ebi McAfee = Generic Malware.ms F-Secure = Gen:Variant.Barys.1086 VIPRE = Trojan.Win32.Encpk.acf (v) F-Prot = W32/GenTroj.A.gen!Eldorado AVG = Generic25.BIWQ Norman = W32/Suspicious_Gen2.TWYEQ Sophos = Troj/Virtum-Gen GData = Gen:Variant.Barys.1086 Symantec = Trojan.Gen.2 Commtouch = W32/GenTroj.A.gen!Eldorado TheHacker = Trojan/Ponmocup.aa BitDefender = Gen:Variant.Barys.1086 NOD32 = Win32/Ponmocup.AA
ExIF Data	File Size : 60 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 20480 Initialized Data Size : 45056 Uninitialized Data Size : 0 Entry Point : 0x140a OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.2.3790.1830 Product Version Number : 5.2.3790.1830 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Bqpxvgieb Yuxnmwbdnzs File Description : Plug and Play Memory Driver File Version : 5.2.3790.1830 (srv03_sp1_rtm.050324-1447) Internal Name : pnpmem.sys Legal Copyright : © Schrafjes Mkeaskvhyss. All rights reserved. Original Filename : pnpmem.sys Product Name : Gnofbyzxg® Lsmfibh® Oqmkmnfcb Bhsfam Product Version : 5.2.3790.1830
VirusTotal Report submitted 2012-06-17 11:07:28
VirusShare info last updated 2012-09-27 19:00:34

	MD5	3eab2f7df63567ed6fc12e53db2096f8
	SHA1	e9befeb5870b9147a52001a6611d7e7d82691731
	SHA256	34c6cf5816da689c0985441a151283aa7a96b40ad9c77cbf1de02d17eb13b671
SSDeep	6144:qbr47+qinstMgQgRnyoFz8Nr9XFFxTH+likQojkfiIrqsusJX5NLAv0:oFq+sGYyo6RZFF9HcQfluaXLLN
Size	334695 bytes
File Type	PE32 executable (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Pirminay.bjk Avast = Win32:Malware-gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Suspicious file nProtect = Trojan.Generic.6537674 K7AntiVirus = Riskware VBA32 = SScope.Trojan.Pirminay.chc eTrust-Vet = Win32/Ponmocup.A TrendMicro-HouseCall = TROJ_SPYPRO.SM Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK SUPERAntiSpyware = Trojan.Agent/Gen-Renos McAfee-GW-Edition = Kryp.b DrWeb = Trojan.MulDrop1.60277 TrendMicro = TROJ_SPYPRO.SM Microsoft = TrojanDownloader:Win32/Renos.KC Fortinet = PossibleThreat PCTools = Trojan.Milicenso Jiangmin = Trojan/Pirminay.gy McAfee = Kryp.b ClamAV = Trojan.Agent-183368 F-Secure = Trojan.Generic.6537674 VIPRE = Trojan.Win32.Generic!BT eSafe = Win32.TRPirminay.Bjk F-Prot = W32/FakeAlert.LP.gen!Eldorado AVG = Generic20.BEEO Norman = Pirminay.B Sophos = Troj/Virtum-Gen GData = Trojan.Generic.6537674 Symantec = Trojan.Milicenso Commtouch = W32/FakeAlert.LP.gen!Eldorado TheHacker = Trojan/Pirminay.bih BitDefender = Trojan.Generic.6537674 NOD32 = a variant of Win32/Kryptik.JIB
ExIF Data	File Size : 327 kB File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:08:30 13:56:32-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 23040 Initialized Data Size : 603648 Uninitialized Data Size : 0 Entry Point : 0x6552 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.0.0.3422 Product Version Number : 2.0.0.3422 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : Hebrew Character Set : Unicode Comments : Company Name : Microsoft Corporation File Description : Microsoft Agent International Dll File Version : 2.00.0.3422 Internal Name : agt040d Legal Copyright : Copyright (C) Microsoft Corp. 1998 Legal Trademarks : Original Filename : agt040d.dll Private Build : Product Name : Microsoft Agent International Dll Product Version : 2.00.0.3422 Special Build :
VirusTotal Report submitted 2012-03-12 23:00:37
VirusShare info last updated 2012-09-30 06:20:23

	MD5	7cd3e74fc8fcdc5d43d8fa7d2497ab96
	SHA1	23671d71b425a1dcf54391b9b436c5c88ac73524
	SHA256	52ed469fa64fbd6c706e69003e41e003f3d81ada35e4dacf6fddfbeaedc91a1d
SSDeep	12288:ISVuxlTcViV6or9luvSXHBrmyi1NMYkg:5uxlYg3DuvSXa6h
Size	402432 bytes
File Type	PE32 executable (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Dldr.Ponmocup.A.156 Avast = Win32:Malware-gen Ikarus = Trojan-Downloader.Win32.Renos AhnLab-V3 = Trojan/Win32.Gen Panda = Suspicious file nProtect = Trojan.Generic.5149527 VBA32 = suspected of Trojan.Pirminay.aud TrendMicro-HouseCall = TROJ_GEN.R47C2L2 Comodo = UnclassifiedMalware Emsisoft = Trojan-Downloader.Win32.Renos!IK DrWeb = Trojan.Hosts.2242 TrendMicro = TROJ_GEN.R47C2L2 Microsoft = TrojanDownloader:Win32/Ponmocup.A PCTools = Trojan.Gen F-Secure = Trojan.Generic.5149527 VIPRE = Trojan.Win32.Generic!SB.0 Avast5 = Win32:Malware-gen AVG = Downloader.Generic10.AVAD Norman = W32/Obfuscated.L Sophos = Mal/Generic-L GData = Trojan.Generic.5149527 Symantec = Trojan.Gen BitDefender = Trojan.Generic.5149527
ExIF Data	File Size : 393 kB File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:04:03 23:28:07-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 387072 Initialized Data Size : 315904 Uninitialized Data Size : 0 Entry Point : 0x5f3b0 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.0.0.3422 Product Version Number : 2.0.0.3422 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : Chinese (Simplified) Character Set : Unicode Comments : Company Name : Microsoft Corporation File Description : Microsoft Agent International Dll File Version : 2.00.0.3422 Internal Name : agt0804 Legal Copyright : Copyright (C) Microsoft Corp. 1998 Legal Trademarks : Original Filename : agt0804.dll Private Build : Product Name : Microsoft Agent International Dll Product Version : 2.00.0.3422 Special Build :
VirusTotal Report submitted 2010-12-07 18:44:30
VirusShare info last updated 2012-10-01 02:42:03

	MD5	9cc714643915150b31b4a835e3990dd6
	SHA1	6c0714a2af4ea9cfe103716ca923baeb39e258b1
	SHA256	842762edc03884e9690ab854f513f49101e49caca3f95b8664b853d8b9009037
SSDeep	1536:fSQhBxT9gaYLelXntDVXFVECXNETEoexYiEKneqFK1ajmAFbWYtALieISFjPn7:f5B9OItDVL3XNmzBKneqFK1ajmAFbWYC
Size	94720 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Graftor.364921 Avast = Win32:Trojan-gen Ikarus = Virus.Win32.Vundo AhnLab-V3 = Trojan/Win32.HDC Panda = Generic Trojan nProtect = Gen:Variant.Graftor.3649 K7AntiVirus = Riskware VirusBuster = Trojan.Ponmocup!ZAg6Odgc7nY TrendMicro-HouseCall = TROJ_GEN.R47C7KM Emsisoft = Virus.Win32.Vundo!IK Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Kundo McAfee-GW-Edition = Vundo!nl TrendMicro = TROJ_GEN.R47C7KM Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Ponmocup.AA PCTools = Trojan.Gen Jiangmin = Trojan/Virtumonde.akp McAfee = Vundo!nl F-Secure = Gen:Variant.Graftor.3649 VIPRE = Virtumonde AVG = Generic25.BOQO Norman = W32/Suspicious_Gen2.STXMF Sophos = Mal/EncPk-ACF GData = Gen:Variant.Graftor.3649 Symantec = Trojan.Gen.2 TheHacker = Trojan/Ponmocup.aa BitDefender = Gen:Variant.Graftor.3649 NOD32 = Win32/Ponmocup.AA
ExIF Data	File Size : 92 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:24 20:35:19-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 20480 Initialized Data Size : 81920 Uninitialized Data Size : 0 Entry Point : 0x1422 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1.3.0.2 Product Version Number : 1.3.0.2 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : Arabic Character Set : Windows, Arabic Company Name : Brother Industries Ltd. File Description : ‎‎برنامج تشغيل فئة Brother Parallel File Version : 1.03 Internal Name : BrParWdm.sys Legal Copyright : Copyright © Brother Industries Ltd., 2001-2003 Original Filename : BrParWdm.sys Product Name : Brother Parallel class Driver Product Version : 1.03
VirusTotal Report submitted 2012-01-07 00:54:25
VirusShare info last updated 2012-10-01 14:45:15

	MD5	bd2dfa5c12e83a684cb26117f2b30ed1
	SHA1	6c71d2e5e4065042dbba271464bddb4992c1399a
	SHA256	3c6d1421edfa291d0317d5be3dc4ff1828ff422ae6442e0ab66105f9022741c7
SSDeep	1536:wHlIFsZ1EKLlaOsDHSwPKCGs4IIlGmet:wNZ7dsDH+s4I8Gme
Size	64000 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Crypt.XPACK.Gen Avast = Win32:Suprchu [Adw] Antiy-AVL = Trojan/Win32.Genome Ikarus = Trojan.SuspectCRC AhnLab-V3 = Trojan/Win32.HDC nProtect = Gen:Variant.Graftor.1470 Emsisoft = Trojan.SuspectCRC!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[RE] McAfee-GW-Edition = Generic Malware.ms Kaspersky = HEUR:Trojan.Win32.Generic Fortinet = W32/Kryptik.TMS!tr Jiangmin = Trojan/Genome.ansf McAfee = Generic Malware.ms F-Secure = Gen:Variant.Graftor.1470 AVG = Generic25.OMR Sophos = Troj/Virtum-Gen GData = Gen:Variant.Graftor.1470 TheHacker = Trojan/Kryptik.tms BitDefender = Gen:Variant.Graftor.1470 NOD32 = Win32/Ponmocup.AA
ExIF Data	File Size : 62 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 20480 Initialized Data Size : 45056 Uninitialized Data Size : 0 Entry Point : 0x1402 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Prleqmknm Oiunoicemnv File Description : ODBC Code Page Translator File Version : 6.0.6000.16386 (gupnu_rtm.061101-2205) Internal Name : mscxpl32.dll Legal Copyright : © Yvqmmnyqi Wntzrgzroql. All rights reserved. Original Filename : mscxpl32.dll Product Name : Lxdwemqsf® Jgvjzao® Gygwwpxcn Imldny Product Version : 6.0.6000.16386
VirusTotal Report submitted 2011-11-19 21:45:01
VirusShare info last updated 2012-10-02 00:44:11

	MD5	ea4b98b28e69902cf5930168d5691823
	SHA1	2eea04bf6e9d005c6cb804de8bebeca8baca3318
	SHA256	3f3945df3f5a3babe61fb3e90d0cc9503b7d58d5f201ed6316845598dfc35528
SSDeep	1536:wHlIFsZ1EKLlaePsDGSwPKCGs4I7Gmet:wNZ7XsDG+s4I7Gme
Size	64000 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Crypt.XPACK.Gen Avast = Win32:Suprchu [Adw] Antiy-AVL = Trojan/Win32.Genome Ikarus = Trojan.SuspectCRC AhnLab-V3 = Trojan/Win32.HDC Panda = Trj/CI.A nProtect = Gen:Variant.Graftor.1470 K7AntiVirus = Riskware VirusBuster = Trojan.Ponmocup!Y8NdQjtG7Nw TrendMicro-HouseCall = TROJ_GEN.R01C8L2 Emsisoft = Trojan.SuspectCRC!IK Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[Cont] McAfee-GW-Edition = Generic Malware.ms TrendMicro = TROJ_GEN.R01C8L2 Fortinet = W32/Kryptik.TMS!tr PCTools = Trojan.Gen Jiangmin = Trojan/Genome.ansf McAfee = Generic Malware.ms F-Secure = Gen:Variant.Graftor.1470 VIPRE = Trojan.Win32.Generic!BT eSafe = Win32.TRCrypt.XPACK F-Prot = W32/GenTroj.A2.gen!Eldorado AVG = Generic25.OMR Norman = W32/Suspicious_Gen2.STZTI Sophos = Troj/Virtum-Gen GData = Gen:Variant.Graftor.1470 Symantec = Trojan.Gen.2 Commtouch = W32/GenTroj.A2.gen!Eldorado TheHacker = Trojan/Kryptik.tms BitDefender = Gen:Variant.Graftor.1470 NOD32 = Win32/Ponmocup.AA
ExIF Data	File Size : 62 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 20480 Initialized Data Size : 45056 Uninitialized Data Size : 0 Entry Point : 0x1402 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Prleqmknm Oiunoicemnv File Description : ODBC Code Page Translator File Version : 6.0.6000.16386 (gupnu_rtm.061101-2205) Internal Name : mscxpl32.dll Legal Copyright : © Yvqmmnyqi Wntzrgzroql. All rights reserved. Original Filename : mscxpl32.dll Product Name : Lxdwemqsf® Jgvjzao® Gygwwpxcn Imldny Product Version : 6.0.6000.16386
VirusTotal Report submitted 2011-12-16 03:05:33
VirusShare info last updated 2012-10-02 18:13:10

	MD5	007d984e851fb0dff89ba1613c454e3a
	SHA1	27f78881912c8d5b9725124f8be5642b1fc50130
	SHA256	81c206346ba6f7c24243d644406af3821e0c6bd5849fe8fb2777570126afef06
SSDeep	1536:eoCS5gYef8LrJ8BxDiEOZhIq5rlP2rcftonZt:xg7MuBxDzu2q55PIutonZ
Size	61440 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Crypt.XPACK.Gen Avast = Win32:MalOb-HV [Cryp] Antiy-AVL = Trojan/Win32.Genome Ikarus = Win32.SuspectCrc AhnLab-V3 = Trojan/Win32.Genome Panda = Suspicious file Rising = Trojan.Win32.Ponmocup.a K7AntiVirus = Riskware VirusBuster = Trojan.Ponmocup!Up4RCDQPZvs TrendMicro-HouseCall = TROJ_GEN.R3ECELK Emsisoft = Win32.SuspectCrc!IK Comodo = TrojWare.Win32.Ponmocup.aa McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.Siggen3.51291 TrendMicro = TROJ_GEN.R3ECELK Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.TMS!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.K!generic Jiangmin = DangerousObject.Multi.ciw McAfee = Generic Malware.ms F-Secure = Gen:Variant.Barys.1086 VIPRE = Trojan.Win32.Encpk.acf (v) eSafe = Win32.TRCrypt.XPACK AVG = Generic25.AHPB Norman = W32/Suspicious_Gen2.UCSCT Sophos = Mal/EncPk-ACF GData = Gen:Variant.Barys.1086 Symantec = Trojan.Gen.2 TheHacker = Trojan/Ponmocup.aa BitDefender = Gen:Variant.Barys.1086 NOD32 = Win32/Ponmocup.AA
ExIF Data	File Size : 60 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 20480 Initialized Data Size : 45056 Uninitialized Data Size : 0 Entry Point : 0x140e OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.1.7600.16385 Product Version Number : 6.1.7600.16385 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Dpcjsemgc Lorpgijjonn File Description : Qbutpzcvs Zjfhjbr ambient light service File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Internal Name : Nsshnquui Sagyjvf ambient light service Legal Copyright : © Eidhgixuf Pzhmsynvkdz. All rights reserved. Original Filename : sensrsvc.dll Product Name : Zeuagcmhb® Windows® Gekhsrows Lgalvm Product Version : 6.1.7600.16385
VirusTotal Report submitted 2012-06-18 08:42:50
VirusShare info last updated 2012-10-07 22:56:59

	MD5	1febc2d423bcc8f573995299dc55eac5
	SHA1	4f18afeb034ea1c3bd05450558c73762a3f76291
	SHA256	5f355bc6da9f2ffec8d591b4ff540cc73e8be7509b903857b8071cf94c9e0c1a
SSDeep	1536:eihlJFd6jtw3YLh+JtDk/VO3+jL63JzOsE:bEtb+tDk/zu3tE
Size	61952 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Graftor.36492 Avast = Win32:Suprchu [Adw] Antiy-AVL = Trojan/win32.agent Ikarus = Win32.SuspectCrc AhnLab-V3 = Trojan/Win32.HDC Panda = Suspicious file K7AntiVirus = Riskware VirusBuster = Trojan.Ponmocup!jcbNnwWCrAE eTrust-Vet = Win32/Vundo.K!generic TrendMicro-HouseCall = TROJ_GEN.R01CELS Emsisoft = Win32.SuspectCrc!IK Comodo = TrojWare.Win32.Ponmocup.aa McAfee-GW-Edition = Artemis!1FEBC2D423BC TrendMicro = TROJ_GEN.R01CELS Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.TMS!tr PCTools = Trojan.Gen Jiangmin = DangerousObject.Multi.ciw McAfee = Artemis!1FEBC2D423BC F-Secure = Gen:Variant.Graftor.1470 eSafe = Win32.Trojan F-Prot = W32/GenTroj.A.gen!Eldorado AVG = Generic25.QQY Norman = W32/Suspicious_Gen2.UKZGF Sophos = Troj/Virtum-Gen GData = Gen:Variant.Graftor.1470 Symantec = Trojan.Gen.2 Commtouch = W32/GenTroj.A.gen!Eldorado BitDefender = Gen:Variant.Graftor.1470 NOD32 = Win32/Ponmocup.AA
ExIF Data	File Size : 60 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 20480 Initialized Data Size : 49152 Uninitialized Data Size : 0 Entry Point : 0x1412 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 4.0.6304.0 Product Version Number : 4.0.6304.0 File Flags Mask : 0x0003 File OS : Win32 Object File Type : Dynamic link library File Subtype : 101 Language Code : English (U.S.) Character Set : Windows, Latin1 Company Name : Gshavlbas Corporation File Description : ODBC (3.0) driver for text files File Version : 4.0.6304.0 Legal Copyright : Copyright © Efadxvthu Fnbfzqcbwoa 1991-1999 Legal Trademarks : ODBC(TM) is a trademark of Sisvkiztk Rdpexjkflvk. Rzdnqzuot® is a registered trademark of Sixjbjard Srqenreajsh. Ahklxsl(TM) is a trademark of Jbrwhypmi Eeessgokhss. Product Name : ODBC (3.0) driver for text files Product Version : 4.00.6304.0 File Flags :
VirusTotal Report submitted 2012-02-20 23:28:28
VirusShare info last updated 2012-10-08 17:26:51

	MD5	4369231ab3f860ce8b1cc0f9ccccf117
	SHA1	27a0ee7539b5f54601e0e5972c2b3496bb0df491
	SHA256	563d6ddbcf9053aaeca8afca25ac53a0b7a584f6ceff062cb6b3a9de00bc9970
SSDeep	1536:fSQhBxT9gaYLelXRtDJN6CEHs6JMkM4XFEKneqFK1ajmAFbWYtALieISFjPn7:f5B9OutDJNhEMG5XWKneqFK1ajmAFbWx
Size	94720 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Graftor.364921 Avast = Win32:Trojan-gen Ikarus = Virus.Win32.Vundo AhnLab-V3 = Trojan/Win32.HDC Panda = Generic Trojan K7AntiVirus = Riskware VirusBuster = Trojan.Ponmocup!SkgmvBAxRrw eTrust-Vet = Win32/Vundo.HTS!genus TrendMicro-HouseCall = TROJ_GEN.R47C7KL Comodo = UnclassifiedMalware Emsisoft = Virus.Win32.Vundo!IK SUPERAntiSpyware = Trojan.Agent/Gen-Kundo McAfee-GW-Edition = Artemis!4369231AB3F8 TrendMicro = TROJ_GEN.R47C7KL Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.UER!tr PCTools = Trojan.Gen Jiangmin = Trojan/Virtumonde.akp McAfee = Artemis!4369231AB3F8 F-Secure = Gen:Variant.Graftor.3649 VIPRE = Trojan.Win32.Encpk.acf (v) AVG = Generic25.BOQO Norman = W32/Suspicious_Gen2.STKUD GData = Gen:Variant.Graftor.3649 Symantec = Trojan.Gen.2 TheHacker = Trojan/Ponmocup.aa BitDefender = Gen:Variant.Graftor.3649 NOD32 = Win32/Ponmocup.AA
ExIF Data	File Size : 92 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:24 20:35:19-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 20480 Initialized Data Size : 81920 Uninitialized Data Size : 0 Entry Point : 0x1422 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1.3.0.2 Product Version Number : 1.3.0.2 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : Arabic Character Set : Windows, Arabic Company Name : Brother Industries Ltd. File Description : ‎‎برنامج تشغيل فئة Brother Parallel File Version : 1.03 Internal Name : BrParWdm.sys Legal Copyright : Copyright © Brother Industries Ltd., 2001-2003 Original Filename : BrParWdm.sys Product Name : Brother Parallel class Driver Product Version : 1.03
VirusTotal Report submitted 2012-03-15 02:58:21
VirusShare info last updated 2012-10-09 14:00:43

	MD5	4452bb1f0527082b1efb5f5bbeb2753a
	SHA1	5308f1973983fd1661e0481e0fe000fd0d97a46c
	SHA256	38fae24f57fb7851ead25408b9e9cd90313d91f1a2e0ae6ed04bb503e900b2a8
SSDeep	1536:4Az86BJa37cLE3Ni7D82A4swNXuSJ1Ka7Iy:UkaIf7DQoXuK7I
Size	61952 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Crypt.XPACK.Gen Avast = Win32:Suprchu [Adw] Antiy-AVL = Trojan/Win32.Genome Ikarus = Win32.SuspectCrc AhnLab-V3 = Trojan/Win32.HDC Panda = Trj/Suprchu.A nProtect = Trojan/W32.Genome.61952.H K7AntiVirus = Riskware VirusBuster = Trojan.Ponmocup!zxVwHFyGik8 eTrust-Vet = Win32/Vundo.K!generic TrendMicro-HouseCall = TROJ_GEN.R47C7KM Comodo = UnclassifiedMalware Emsisoft = Win32.SuspectCrc!IK SUPERAntiSpyware = Trojan.Agent/Gen-Falprod[Cont] McAfee-GW-Edition = Generic Malware.ms DrWeb = Trojan.Click2.2921 TrendMicro = TROJ_GEN.R47C7KM Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.TMS!tr PCTools = Trojan.Gen Jiangmin = Trojan/Genome.aong McAfee = Generic Malware.ms F-Secure = Gen:Variant.Graftor.1470 VIPRE = Trojan.Win32.Encpk.acf (v) eSafe = Win32.TRCrypt.XPACK F-Prot = W32/GenTroj.A.gen!Eldorado AVG = Generic25.PEC Norman = W32/Suspicious_Gen2.SUAAW Sophos = Troj/Virtum-Gen GData = Gen:Variant.Graftor.1470 Symantec = Trojan.Gen Commtouch = W32/GenTroj.A.gen!Eldorado BitDefender = Gen:Variant.Graftor.1470 NOD32 = Win32/Ponmocup.AA
ExIF Data	File Size : 60 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 20480 Initialized Data Size : 45056 Uninitialized Data Size : 0 Entry Point : 0x13f6 OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 2 Language Code : Neutral Character Set : Unicode Company Name : Dctftvlbm Qnsvmawpsen File Description : Canadian Multilingual Standard Keyboard Layout File Version : 6.0.6000.16386 (kwsog_rtm.061101-2205) Internal Name : kbdcan (3.13) Legal Copyright : © Ochuusete Bhldknxhcyv. All rights reserved. Original Filename : kbdcan.dll Product Name : Jlotniguu® Hzxgvok® Pnczumake Bfppba Product Version : 6.0.6000.16386
VirusTotal Report submitted 2012-03-15 16:16:57
VirusShare info last updated 2012-10-09 14:25:43

	MD5	51539f079ec9050d50b3029db5037e33
	SHA1	dbe35518709ff2fd3b2e541ceff32e39a7918f55
	SHA256	8868d316bce75f99af79580c08815312bbf54cd7e713c72566335645a1460c3f
SSDeep	384:bG40M+218KoYetSIaNJ6S+HUUWS26W1xXi8eVT5wxs4Rm4hrrFP:yij4sIaNJ6S5HdhVXwT5wxsgZFP
Size	20891 bytes
File Type	PE32 executable (GUI) Intel 80386, for MS Windows
Detections	Avast = Win32:Malware-gen Ikarus = Trojan-Downloader.Win32.Ponmocup Panda = Trj/CI.A nProtect = Gen:Variant.Graftor.2825 Emsisoft = Trojan-Downloader.Win32.Ponmocup!IK McAfee-GW-Edition = Artemis!51539F079EC9 DrWeb = Trojan.Fakealert.26396 Jiangmin = Trojan/Generic.qiwv McAfee = Artemis!51539F079EC9 F-Secure = Gen:Variant.Graftor.2825 AVG = Generic25.BNDD GData = Gen:Variant.Graftor.2825 BitDefender = Gen:Variant.Graftor.2825
ExIF Data	File Size : 20 kB File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 8.0 Code Size : 28672 Initialized Data Size : 217088 Uninitialized Data Size : 0 Entry Point : 0x155b OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI Warning : Error processing PE data dictionary
VirusTotal Report submitted 2011-11-09 18:58:17
VirusShare info last updated 2012-10-09 20:07:42

	MD5	59753ca88e23b7568fc8b6de0323e4fe
	SHA1	ec1fe83773c1588cb4305f023684d6a874b5ec0e
	SHA256	824415949fd52852b2264d6366c268ee66464b414b66b2bdc3bd6da7eb74633d
SSDeep	1536:fSQhBxT9gaYLelX4tDwme8+kyloOaIuxiEKneqFK1ajmAFbWYtALieISFjPn7:f5B9O/tDwme8+kCG1KneqFK1ajmAFbWx
Size	94720 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Graftor.364921 Avast = Win32:Trojan-gen Antiy-AVL = Trojan/win32.agent.gen Ikarus = Virus.Win32.Vundo AhnLab-V3 = Trojan/Win32.HDC Panda = Generic Trojan K7AntiVirus = Riskware VirusBuster = Trojan.Ponmocup!A8d7nRFv+ac eTrust-Vet = Win32/Vundo.HTS!genus TrendMicro-HouseCall = TROJ_GEN.R06C7LA Comodo = TrojWare.Win32.Ponmocup.aa Emsisoft = Virus.Win32.Vundo!IK SUPERAntiSpyware = Trojan.Agent/Gen-Kundo McAfee-GW-Edition = Artemis!59753CA88E23 DrWeb = Trojan.Siggen3.27040 TrendMicro = TROJ_GEN.R06C7LA Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.UER!tr PCTools = Trojan.Gen Jiangmin = Trojan/Virtumonde.akp McAfee = Artemis!59753CA88E23 F-Secure = Gen:Variant.Graftor.3649 VIPRE = Trojan.Win32.Generic!BT eSafe = Win32.TRGraftor AVG = Generic25.BOQO Norman = W32/Suspicious_Gen2.TXGMI GData = Gen:Variant.Graftor.3649 Symantec = Trojan.Gen TheHacker = Trojan/Ponmocup.aa BitDefender = Gen:Variant.Graftor.3649 NOD32 = Win32/Ponmocup.AA
ExIF Data	File Size : 92 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:24 20:35:19-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 20480 Initialized Data Size : 81920 Uninitialized Data Size : 0 Entry Point : 0x1422 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1.3.0.2 Product Version Number : 1.3.0.2 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : Arabic Character Set : Windows, Arabic Company Name : Brother Industries Ltd. File Description : ‎‎برنامج تشغيل فئة Brother Parallel File Version : 1.03 Internal Name : BrParWdm.sys Legal Copyright : Copyright © Brother Industries Ltd., 2001-2003 Original Filename : BrParWdm.sys Product Name : Brother Parallel class Driver Product Version : 1.03
VirusTotal Report submitted 2012-03-27 18:06:07
VirusShare info last updated 2012-10-10 00:13:26

	MD5	5f12b9dc6655272690cb3e60fed200d3
	SHA1	23425b7d9c1ab80f56a5fdb466b8461fb840dfe8
	SHA256	517171c3835c29c855d8f53df2527bdc83a51158a4d07bce56a6418fd69938d1
SSDeep	12288:jKZ7y8yRxTmYdjO+gC9pBemjN5aWYPC3HDz:jKETaUgYnr8WYPCXDz
Size	483789 bytes
File Type	PE32 executable (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Dldr.Ponmocup.A.240 Avast = Win32:Vundo-JU [Trj] Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay nProtect = Trojan.Generic.KDV.182684 K7AntiVirus = Riskware VirusBuster = Trojan.DL.Ponmocup!scNGICtXqTo TrendMicro-HouseCall = TROJ_GEN.R28C2EC Comodo = TrojWare.Win32.Trojan.Agent.Gen Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = TrojanDownloader.Ponmocup McAfee-GW-Edition = Artemis!5F12B9DC6655 DrWeb = Trojan.DownLoader5.44214 TrendMicro = TROJ_GEN.R28C2EC Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Kryptik.ANL!tr PCTools = Adware.Lop!rem Jiangmin = Trojan/Jorik.nsn McAfee = Artemis!5F12B9DC6655 F-Secure = Trojan.Generic.KDV.182684 VIPRE = Trojan.Win32.Generic!BT F-Prot = W32/Ponmocup.A.gen!Eldorado AVG = Downloader.Generic11.SBH Norman = W32/Kryptik.AIF Sophos = Troj/Virtum-Gen GData = Trojan.Generic.KDV.182684 Symantec = Adware.ADH Commtouch = W32/Ponmocup.A.gen!Eldorado TheHacker = Trojan/Downloader.Agent.pxo BitDefender = Trojan.Generic.KDV.182684 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Size : 472 kB File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:09:03 20:34:14-04:00 PE Type : PE32 Linker Version : 8.0 Code Size : 458752 Initialized Data Size : 385024 Uninitialized Data Size : 0 Entry Point : 0x6d45f OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 4.4.0.3400 Product Version Number : 4.4.0.3400 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Windows, Latin1 Company Name : Liokqanoq Corporation File Description : RTP/RTCP Core Module File Version : 4.4.3400 Internal Name : RRCM Legal Copyright : Copyright © Mojdqrgoc Ipizoiuuqix, 1996-1999 Original Filename : RRCM.DLL Product Name : RRCM.DLL Product Version : 4.4.3400
VirusTotal Report submitted 2012-04-07 15:05:36
VirusShare info last updated 2012-10-10 03:18:37

	MD5	86bc6f7329dd4d34efa9a62a1b4a6665
	SHA1	d65b9599e46416b993557ce78d8fd5639c7f8a75
	SHA256	862169c66841f3dca0492c1382bff9d4c49f402d6891c3ca67d7b42e6ef4c06c
SSDeep	3072:kDAllTTPoEpt/8swdyT1+dbJdlXKzvjmzchbCi:kiTTPoEpNBdT0FJjKAYCi
Size	113458 bytes
File Type	PE32 executable (GUI) Intel 80386, for MS Windows
Detections	Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay Panda = Suspicious file Comodo = UnclassifiedMalware McAfee-GW-Edition = Artemis!86BC6F7329DD Jiangmin = Trojan/Pirminay.ak McAfee = Artemis!86BC6F7329DD VIPRE = Packed.Win32.Pirminay.a (v) AVG = Generic18.XAJ Norman = W32/Obfuscated.L Sophos = Mal/Ponmocup-A TheHacker = Trojan/Pirminay.bj
ExIF Data	File Size : 111 kB File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2007:12:28 01:42:07-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 52224 Initialized Data Size : 581632 Uninitialized Data Size : 0 Entry Point : 0xd902 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI Warning : Error processing PE data dictionary
VirusTotal Report submitted 2011-06-15 01:28:15
VirusShare info last updated 2012-10-11 02:35:10

	MD5	8e8f2c145f07e1c69af4443bb75e7915
	SHA1	6df14699af7128c9c0481339dc3c41676b30477f
	SHA256	36e3b2f36838458b6fae6bd450928b5f2b3909634003a19383bc57c2d8da27ea
SSDeep	6144:fA7xM9WxoqqiZXyG+aBxzBwVam79w7zIGN9nv3rhUvlymEyjhcK0scNQlXA3hIhd:fsUiZXydWxdwVa8w7zIe3zWjhT0sLhA8
Size	389942 bytes
File Type	PE32 executable (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Dldr.Ponmocup.A.34 Avast = Win32:Kryptik-ARX [Trj] Antiy-AVL = Trojan/win32.agent.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Gen Panda = Suspicious file nProtect = Gen:Variant.Zbot.34 K7AntiVirus = Riskware VBA32 = SScope.Trojan.Pirminay.chc TrendMicro-HouseCall = TROJ_GEN.R01C1FI Emsisoft = Trojan.Win32.Pirminay!IK Comodo = UnclassifiedMalware CAT-QuickHeal = TrojanDownloader.Renos.kc McAfee-GW-Edition = Heuristic.BehavesLike.Win32.Suspicious.H DrWeb = Trojan.DownLoader3.34872 TrendMicro = TROJ_GEN.R01C1FI Kaspersky = UDS:DangerousObject.Multi.Generic Microsoft = TrojanDownloader:Win32/Renos.KC Fortinet = W32/Ponmocup.A!tr PCTools = Trojan.Gen Jiangmin = Trojan/Generic.egwy McAfee = Kryp.b F-Secure = Trojan.Generic.6130575 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Kryptik-ARX [Trj] eSafe = Win32.TRDldr.Ponmocu AVG = Downloader.Generic10.CIRB Norman = W32/Obfuscated.L Sophos = Mal/Ponmocup-A Symantec = Trojan.Gen GData = Trojan.Generic.6130575 TheHacker = Trojan/Kryptik.kwo BitDefender = Trojan.Generic.6130575 NOD32 = a variant of Win32/Kryptik.LLT
ExIF Data	File Size : 381 kB File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 1999:12:14 11:47:53-05:00 PE Type : PE32 Linker Version : 5.12 Code Size : 98304 Initialized Data Size : 577536 Uninitialized Data Size : 0 Entry Point : 0x17cf6 OS Version : 4.0 Image Version : 5.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : WbemPerf V2 Instance Provider File Version : 6.0.6000.16386 (vista_rtm.061101-2205) Internal Name : WbemPerfInst.dll Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : WbemPerfInst.dll Product Name : Microsoft® Windows® Operating System Product Version : 6.0.6000.16386
VirusTotal Report submitted 2011-07-21 02:26:05
VirusShare info last updated 2012-10-11 09:08:12

	MD5	93c5af65533605aacf720740b52f675f
	SHA1	6ca06555e790c68198d4facb6f2379b28ea48125
	SHA256	501b995fa8172453d15e623b88e45c64e84568a60660d039aefe781ec5a858f0
SSDeep	6144:NPW8Lrfsi87SRq++GCdTYpao/pe9+HE0ydQmDYr0HOmbuWJKUtGxOyjajiHUoS3O:NOBLIprTMThNJKY1WoiXOBiyWIhVDdI
Size	421736 bytes
File Type	PE32 executable (GUI) Intel 80386, for MS Windows
Detections	Avast = Win32:Pirminay-EE [Trj] Antiy-AVL = Trojan/Win32.Pirminay Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Suspicious file K7AntiVirus = Riskware VBA32 = Trojan.Pirminay.bzs Comodo = UnclassifiedMalware Emsisoft = Trojan.Win32.Pirminay!IK DrWeb = Trojan.WinSpy.1143 ViRobot = Trojan.Win32.A.Pirminay.441344 Fortinet = W32/Pirminay.A!tr Jiangmin = Trojan/Pirminay.anz F-Prot = W32/FakeAlert.FT.gen!Eldorado AVG = Suspicion: unknown virus Norman = W32/Troj_Generic.dam GData = Win32:Pirminay-EE Commtouch = W32/FakeAlert.FT.gen!Eldorado TheHacker = Trojan/Pirminay.bzs NOD32 = a variant of Win32/Ponmocup.AA
ExIF Data	File Size : 412 kB File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 147456 Initialized Data Size : 577536 Uninitialized Data Size : 0 Entry Point : 0x246aa OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-05-17 11:39:46
VirusShare info last updated 2012-10-11 11:57:25

	MD5	a87815a01ce2e050591130948c9868b7
	SHA1	9b77dcc0d5937d5eb4d3b33d0a16138252b2e115
	SHA256	5682ce6d55102a38b1955801f2c0663d51bb47d454d9334124c8181336175c30
SSDeep	12288:ySVuxlTcViV6or9luvSXHBrmyi1NMYkg:nuxlYg3DuvSXa6h
Size	402432 bytes
File Type	PE32 executable (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Dldr.Ponmocup.A.156 Avast = Win32:Malware-gen Ikarus = Trojan-Downloader.Win32.Renos Panda = Suspicious file VBA32 = suspected of Trojan.Pirminay.aud TrendMicro-HouseCall = TROJ_GEN.R47C2L2 CAT-QuickHeal = TrojanDownloader.Renos.kc McAfee-GW-Edition = Artemis!A87815A01CE2 DrWeb = Trojan.Hosts.2242 TrendMicro = TROJ_GEN.R47C2L2 Microsoft = TrojanDownloader:Win32/Renos.KC PCTools = Trojan.Gen McAfee = Artemis!A87815A01CE2 VIPRE = Trojan.Win32.Generic!SB.0 Prevx = Medium Risk Malware Avast5 = Win32:Malware-gen AVG = Downloader.Generic10.AVAD Norman = W32/Obfuscated.L Sophos = Mal/Generic-L Symantec = Trojan.Gen GData = Trojan.Generic.5149527 TheHacker = Trojan/Kryptik.izc BitDefender = Trojan.Generic.5149527 NOD32 = a variant of Win32/Kryptik.IZC
ExIF Data	File Size : 393 kB File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2003:04:03 23:28:07-05:00 PE Type : PE32 Linker Version : 7.10 Code Size : 387072 Initialized Data Size : 315904 Uninitialized Data Size : 0 Entry Point : 0x5f3b0 OS Version : 4.0 Image Version : 5.2 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 2.0.0.3422 Product Version Number : 2.0.0.3422 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : Chinese (Simplified) Character Set : Unicode Comments : Company Name : Microsoft Corporation File Description : Microsoft Agent International Dll File Version : 2.00.0.3422 Internal Name : agt0804 Legal Copyright : Copyright (C) Microsoft Corp. 1998 Legal Trademarks : Original Filename : agt0804.dll Private Build : Product Name : Microsoft Agent International Dll Product Version : 2.00.0.3422 Special Build :
VirusTotal Report submitted 2011-03-05 02:55:38
VirusShare info last updated 2012-10-12 00:23:22

	MD5	b2dfce1a77d3daec30ad129d6eb58064
	SHA1	3b9548d7db8a2d48adc70ab8ebe342677a25c8ee
	SHA256	3cc5bedd94f1d3467bef2eb9c35f07c3461068948f19d9e813034ba1441ca672
SSDeep	1536:E3V2i3I+MGJRByZbyQkWl4JHYJUYH0x0aqmln5IUmDjoXF:w2CIkJRkzkWl41YJX0Vqmln5I+
Size	93184 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	Ikarus = Trojan.Win32.Vundo Sophos = Mal/Ponmocup-A
ExIF Data	File Size : 91 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2006:11:25 06:03:32-05:00 PE Type : PE32 Linker Version : 8.0 Code Size : 24576 Initialized Data Size : 114688 Uninitialized Data Size : 0 Entry Point : 0x2e01 OS Version : 4.0 Image Version : 6.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.0 Product Version Number : 5.1.2600.0 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Executable application File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : Run a DLL as an App File Version : 5.1.2600.0 (xpclient.010817-1148) Internal Name : rundll Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : RUNDLL.EXE Product Name : Microsoft® Windows® Operating System Product Version : 5.1.2600.0
VirusTotal Report submitted 2011-04-26 12:18:29
VirusShare info last updated 2012-10-12 08:53:33

	MD5	b42e431c6ed72142a722a41e5717a1bc
	SHA1	f433cfc12bda4c6bcede1fc8f0def0b384e9aac3
	SHA256	5f641534db6933f12d3f5508483a33f86b1b6d197a63258ebcf91998e9423199
SSDeep	6144:XmRll46LCLMPKZuZuTTTiSg7fSGF7i/RxunGoNx1QKO9hOrCGRP:WRTTLbCZuqTG7f8unrFO9hOrTP
Size	316009 bytes
File Type	PE32 executable (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Dldr.Ponmocup.A.154 Ikarus = Trojan-Downloader.Win32.Ponmocup AhnLab-V3 = Trojan/Win32.Gen Panda = Suspicious file VBA32 = SScope.Trojan.Pirminay.chc TrendMicro-HouseCall = TROJ_GEN.R47C2A2 Emsisoft = Trojan-Downloader.Win32.Ponmocup!IK McAfee-GW-Edition = Heuristic.BehavesLike.Win32.Downloader.H TrendMicro = TROJ_GEN.R47C2A2 Microsoft = TrojanDownloader:Win32/Ponmocup.A PCTools = Trojan.Gen McAfee = Artemis!B42E431C6ED7 F-Secure = Trojan.Generic.5341697 VIPRE = Trojan.Win32.Generic!BT AVG = Pakes.IEA Norman = W32/Obfuscated.L Sophos = Mal/Generic-L Symantec = Trojan.Gen GData = Trojan.Generic.5341697 BitDefender = Trojan.Generic.5341697 NOD32 = a variant of Win32/Kryptik.JIW
ExIF Data	File Size : 309 kB File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:11:27 15:01:27-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 49664 Initialized Data Size : 525824 Uninitialized Data Size : 0 Entry Point : 0xcd26 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 6.0.6000.16386 Product Version Number : 6.0.6000.16386 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 6 Language Code : English (U.S.) Character Set : Unicode Company Name : Microsoft Corporation File Description : MS Remote Access and Routing ARP Driver File Version : 6.0.6000.16386 (vista_rtm.061101-2205) Internal Name : WANARP.SYS Legal Copyright : © Microsoft Corporation. All rights reserved. Original Filename : WANARP.SYS Product Name : Microsoft® Windows® Operating System Product Version : 6.0.6000.16386
VirusTotal Report submitted 2011-03-08 21:51:30
VirusShare info last updated 2012-10-12 10:08:04

	MD5	94a64380886d0bb377634166eef7d7d0
	SHA1	1cfc2d41ff2d5670c244d824c7f12de58be567d3
	SHA256	8f6c671ef74ecb0f0b94b8b47332ecafb4077fecafa63fc474a74a9f459cfaad
SSDeep	1536:ygQxQWmW7OLyIPibDOmhDtnBwS6Ez4UnzZo9yH:KmPIbD3BwST0UnzZo9+
Size	62976 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Crypt.XPACK.Gen Avast = Win32:Suprchu [Adw] Antiy-AVL = Trojan/Win32.Genome Ikarus = Trojan.SuspectCRC Kingsoft = Win32.Troj.Zwangi.(kcloud) AhnLab-V3 = Trojan/Win32.Sinowal Panda = Trj/Genetic.gen Rising = Trojan.Win32.Ponmocup.a K7AntiVirus = Trojan TrendMicro-HouseCall = TROJ_GEN.R01C7K3 Emsisoft = Trojan.SuspectCRC!IK Comodo = TrojWare.Win32.Ponmocup.aa SUPERAntiSpyware = Trojan.Agent/Gen-Falcomp[Cont] McAfee-GW-Edition = Vundo!oo DrWeb = Adware.Searcher.1477 TrendMicro = TROJ_AGENT_026113.TOMB Kaspersky = not-a-virus:AdWare.Win32.Zwangi.heur Microsoft = Trojan:Win32/Vundo.gen!AV MicroWorld-eScan = Gen:Variant.Graftor.1470 Fortinet = W32/Kryptik.TMS!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.HTR!genus Jiangmin = DangerousObject.Multi.ciw McAfee = Vundo!oo F-Secure = Gen:Variant.Graftor.1470 VIPRE = Trojan.Win32.Vundo.au (v) eSafe = Win32.Trojan F-Prot = W32/GenTroj.A.gen!Eldorado Norman = W32/Suspicious_Gen2.RXPWE Sophos = Troj/Virtum-Gen GData = Gen:Variant.Graftor.1470 Commtouch = W32/GenTroj.A.gen!Eldorado Agnitum = Trojan.Ponmocup!eXh+Kt0a5Xo TheHacker = Trojan/Kryptik.tms ESET-NOD32 = Win32/Ponmocup.AA BitDefender = Gen:Variant.Graftor.1470
ExIF Data	File Size : 62 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 20480 Initialized Data Size : 45056 Uninitialized Data Size : 0 Entry Point : 0x13fa OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 4.0.2.5322 Product Version Number : 4.0.2.5322 File Flags Mask : 0x003f File Flags : (none) File OS : Win32 Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : Unicode Company Name : Qdbfzycxo Rtfcqvbydtc File Description : Sgvulzfhl FrontPage Server Extensions File Version : 4.0.2.5322 Original Filename : FPSRVCGI.DLL Legal Copyright : Copyright © 1995-1999 Uzypupxfq Ydifxcetqhs, All rights reserved. Legal Trademark 1 : Geufhchds®, Cnnybtq®, and FrontPage® are registered trademarks of Rbldknznv Wuoyggdncet, and WebBot is a trademark of Jcrtubsue Krpfywyhhkc, in the United States and/or other countries. Product Name : Npgutefmg® FrontPage® 2000 Product Version : 4.0.2.5322
VirusTotal Report submitted 2012-10-11 16:28:33
VirusShare info last updated 2012-10-12 14:11:27

	MD5	c49f8628dff9c602ec42670ae98a8091
	SHA1	58f76a820b6dec137fe312ce25af7d31f9609c0b
	SHA256	52a4e401863039f3695d40a5211e610c4ce30871dfd70e4f4b51aca28c38bb13
SSDeep	1536:KMAniG+/xGQL5zJXDA5xjv7dZjsvjf6YP:R/HTXDGvJJsLfVP
Size	61952 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Crypt.XPACK.Gen Avast = Win32:Suprchu [Adw] Antiy-AVL = Trojan/Win32.Genome Ikarus = Win32.SuspectCrc AhnLab-V3 = Trojan/Win32.HDC Panda = Trj/Genetic.gen Rising = Trojan.Win32.Generic.12A55238 K7AntiVirus = Trojan VirusBuster = Trojan.Ponmocup!50QoWvbYTL0 TrendMicro-HouseCall = TROJ_GEN.R4FC9AS Comodo = UnclassifiedMalware Emsisoft = Win32.SuspectCrc!IK McAfee-GW-Edition = Generic.dx!bbtt DrWeb = Adware.Searcher.1315 TrendMicro = TROJ_GEN.R4FC9AS Kaspersky = not-a-virus:AdWare.Win32.Zwangi.heur Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Kryptik.TMS!tr PCTools = Trojan.Gen TotalDefense = Win32/Vundo.K!generic Jiangmin = DangerousObject.Multi.ebi McAfee = Generic.dx!bbtt F-Secure = Gen:Variant.Barys.1086 VIPRE = Trojan.Win32.Generic!BT F-Prot = W32/GenTroj.A.gen!Eldorado AVG = Generic25.AIWC Norman = W32/Suspicious_Gen2.SUDPS Sophos = Troj/Virtum-Gen Symantec = Trojan.Gen.2 GData = Gen:Variant.Barys.1086 Commtouch = W32/GenTroj.A.gen!Eldorado TheHacker = Trojan/Ponmocup.aa ESET-NOD32 = Win32/Ponmocup.AA BitDefender = Gen:Variant.Barys.1086
ExIF Data	File Size : 60 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 20480 Initialized Data Size : 45056 Uninitialized Data Size : 0 Entry Point : 0x13ea OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.1.2600.5512 Product Version Number : 5.1.2600.5512 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 4 Language Code : English (U.S.) Character Set : Unicode Company Name : Tccbllsps Corp., 3Dlabs Inc. Ltd. File Description : Permedia2 Miniport Driver File Version : 1.00-0009 (MS) (xpsp.080413-2108) Internal Name : perm2.sys Legal Copyright : Copyright (C) Sqroxdeau Corp., 3Dlabs Inc. Ltd.1998-2001 Original Filename : perm2.sys Product Name : Lnpbnpznv® Jvsdygc® Quuedsaci Xghuwp Product Version : 5.1.2600.5512
VirusTotal Report submitted 2012-08-18 00:28:11
VirusShare info last updated 2012-10-12 19:23:34

	MD5	ae6e7df9f83121cce83910f7f190ae5d
	SHA1	d23bab246209fa5e7df4b7e36fd2cdbebda8992a
	SHA256	31b951d9c9d4dd292e93c87b1fff62297de7f91a431a282702175426cd56e0bd
SSDeep	768:wAFzG2VGkWR3GWinTtANHjTimI6Bnm7k8c6Z:LRVGkWR3GM/nBnZ8H
Size	32843 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Spy.Gen Avast = Win32:Pirminay-EE [Trj] Ikarus = not-a-virus:AdWare.Win32.SuperJuan AhnLab-V3 = Trojan/Win32.Variant Panda = Trj/Genetic.gen Rising = Trojan.Vundo!3CB2 K7AntiVirus = Trojan TrendMicro-HouseCall = TROJ_GEN.R21C2AV Emsisoft = Riskware.AdWare.Win32.SuperJuan!IK CAT-QuickHeal = Win32.Trojan.Vundo.gen!AV.4.a McAfee-GW-Edition = Artemis!AE6E7DF9F831 DrWeb = Trojan.WinSpy.1558 Kaspersky = UDS:DangerousObject.Multi.Generic Microsoft = Trojan:Win32/Vundo.gen!AV MicroWorld-eScan = Gen:Variant.Vundo.10 Fortinet = W32/Vundo.JX!tr PCTools = Adware.Gen!rem Jiangmin = Adware/SuperJuan.hk McAfee = Artemis!AE6E7DF9F831 F-Secure = Gen:Variant.Vundo.10 VIPRE = Trojan.Win32.Vundo eSafe = Win32.TRSpy AVG = Generic4.BBEA Norman = W32/Suspicious_Gen2.QXVMO GData = Gen:Variant.Vundo.10 Symantec = Adware.Gen TheHacker = Trojan/Ponmocup.aa Agnitum = Adware.SuperJuan!W32BUFzIfbk ESET-NOD32 = a variant of Win32/Ponmocup.AA BitDefender = Gen:Variant.Vundo.10
ExIF Data	File Size : 32 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 8192 Initialized Data Size : 28672 Uninitialized Data Size : 0 Entry Point : 0x2eca OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2012-10-12 08:44:15
VirusShare info last updated 2012-10-12 22:52:35

	MD5	d8ac3218d66e83c838c56571483a6f22
	SHA1	6f4c47e6c2deba5373741018ddaaa6941c1f18e1
	SHA256	33dc55901b0b249e37bcfea8fd0541d2ff2efdbfdebf20c47410b16a0b672487
SSDeep	1536:qPQdY/Vgs4zkLxzThjD8Ydgkl41n1dWDbYz1zAkzADn12t:2TgRYHjD8nc411ibazAD12
Size	77312 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Crypt.XPACK.Gen Avast = Win32:Malware-gen Ikarus = Win32.SuspectCrc AhnLab-V3 = Trojan/Win32.HDC Panda = Suspicious file nProtect = Gen:Variant.Graftor.2702 Emsisoft = Win32.SuspectCrc!IK Kaspersky = HEUR:Trojan.Win32.Generic Fortinet = W32/Kryptik.TMS!tr F-Secure = Gen:Variant.Graftor.2702 AVG = Generic25.AIJJ GData = Gen:Variant.Graftor.2702 TheHacker = Trojan/Kryptik.tms BitDefender = Gen:Variant.Graftor.2702 NOD32 = Win32/Ponmocup.AA
ExIF Data	File Size : 76 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 0000:00:00 00:00:00 PE Type : PE32 Linker Version : 1.0 Code Size : 20480 Initialized Data Size : 57344 Uninitialized Data Size : 0 Entry Point : 0x140e OS Version : 4.0 Image Version : 1.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 5.0.2195.6684 Product Version Number : 5.0.2195.6684 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Dynamic link library File Subtype : 0 Language Code : English (U.S.) Character Set : ASCII Company Name : Hilgraeve, Inc. File Description : HyperTerminal Applet Library File Version : 5.00.2195.6684 Internal Name : hticons Legal Copyright : Copyright © Hilgraeve, Inc. 1999 Legal Trademarks : HyperTerminal ® is a registered trademark of Hilgraeve, Inc. Original Filename : HTICONS.DLL Product Name : Jpcfyoaqz(R) Muudshd (R) 2000 Hobdqrvan Vjtmse Product Version : 5.00.2195.6684 Comments : HyperTerminal ® was developed by Hilgraeve, Inc.
VirusTotal Report submitted 2011-11-20 17:21:10
VirusShare info last updated 2012-10-13 06:55:33

	MD5	df9680f58295504a0e901392fb6fc009
	SHA1	62fe5a3108673ce2cf859e53bbd70a5c22d112c8
	SHA256	80f251f9d71627b710ffd2928542dd0484c71e171079037e43e262cd08fabf9d
SSDeep	1536:fSQhBxT9gaYLelXZtDkme8+kyloOaIuxcEKneqFK1ajmAFbWYtALieISFjPn7:f5B9OitDkme8+kCGTKneqFK1ajmAFbWx
Size	94720 bytes
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Detections	AntiVir = TR/Graftor.364921 Avast = Win32:Malware-gen Ikarus = Virus.Win32.Vundo AhnLab-V3 = Trojan/Win32.HDC Panda = Generic Trojan nProtect = Gen:Variant.Graftor.3649 K7AntiVirus = Riskware TrendMicro-HouseCall = TROJ_GEN.R01C7KL Emsisoft = Virus.Win32.Vundo!IK Comodo = UnclassifiedMalware SUPERAntiSpyware = Trojan.Agent/Gen-Kundo McAfee-GW-Edition = Artemis!DF9680F58295 DrWeb = Trojan.Siggen3.27040 TrendMicro = TROJ_GEN.R01C7KL Kaspersky = HEUR:Trojan.Win32.Generic Microsoft = Trojan:Win32/Vundo.gen!AV Fortinet = W32/Ponmocup.AA PCTools = Trojan.Gen Jiangmin = Trojan/Virtumonde.akp McAfee = Artemis!DF9680F58295 F-Secure = Gen:Variant.Graftor.3649 VIPRE = Virtumonde eSafe = Win32.Trojan AVG = Generic25.BOQO Norman = W32/Suspicious_Gen2.SUHDZ GData = Gen:Variant.Graftor.3649 Symantec = Trojan.Gen.2 BitDefender = Gen:Variant.Graftor.3649 NOD32 = Win32/Ponmocup.AA
ExIF Data	File Size : 92 kB File Type : Win32 DLL MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2008:12:24 20:35:19-05:00 PE Type : PE32 Linker Version : 9.0 Code Size : 20480 Initialized Data Size : 81920 Uninitialized Data Size : 0 Entry Point : 0x1422 OS Version : 4.0 Image Version : 6.1 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 1.3.0.2 Product Version Number : 1.3.0.2 File Flags Mask : 0x003f File Flags : (none) File OS : Windows NT 32-bit Object File Type : Driver File Subtype : 7 Language Code : Arabic Character Set : Windows, Arabic Company Name : Brother Industries Ltd. File Description : ‎‎برنامج تشغيل فئة Brother Parallel File Version : 1.03 Internal Name : BrParWdm.sys Legal Copyright : Copyright © Brother Industries Ltd., 2001-2003 Original Filename : BrParWdm.sys Product Name : Brother Parallel class Driver Product Version : 1.03
VirusTotal Report submitted 2011-11-24 16:25:09
VirusShare info last updated 2012-10-13 13:50:19

	MD5	45d67c8273ea0a4c6ec7ca31b4d69ce9
	SHA1	a820cd8927304efdd28899d305446bc9fab7873a
	SHA256	001e748931d5d6d0d4e77f6ecb8f066210f39b1aecd6f6860cbc24be3655345f
SSDeep	6144:tARCc5UrxbHFKBN8yGH6htp7jyGTiK+6h8OZjoM5huAgYIejc9zEdxYjYVQaGqOs:tgCDhlKBmyrhz7jzTiK+6hVdgLzTWl4s
Size	377704 bytes
File Type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Detections	AntiVir = TR/Crypt.XPACK.Gen2 Avast = Win32:Malware-gen Antiy-AVL = Trojan/Win32.Pirminay.gen Ikarus = Trojan.Win32.Pirminay AhnLab-V3 = Trojan/Win32.Pirminay Panda = Trj/CI.A Rising = Trojan.DL.Win32.DownLoad.lx K7AntiVirus = Riskware VirusBuster = Trojan.XPACK!Acu0N2f889A VBA32 = Trojan.Pirminay.ifz TrendMicro-HouseCall = TROJ_GEN.R47C2FJ Comodo = TrojWare.Win32.Trojan.Agent.Gen Emsisoft = Trojan.Win32.Pirminay!IK CAT-QuickHeal = Trojan.Pirminay.ifz McAfee-GW-Edition = Artemis!45D67C8273EA DrWeb = Trojan.DownLoader3.33842 TrendMicro = TROJ_GEN.R47C2FJ Kaspersky = Trojan.Win32.Pirminay.ifz Microsoft = TrojanDownloader:Win32/Ponmocup.A Fortinet = W32/Pirminay.IFZ!tr McAfee = Suspect-BA!45D67C8273EA F-Secure = Trojan.Generic.KDV.249778 VIPRE = Trojan.Win32.Generic!BT Avast5 = Win32:Malware-gen eSafe = Win32.TRCrypt.XPACK AVG = Dropper.Generic3.CGMD Norman = W32/Obfuscated.L Sophos = Mal/Generic-L GData = Trojan.Generic.KDV.249778 BitDefender = Trojan.Generic.KDV.249778 NOD32 = Win32/TrojanDownloader.Agent.PXO
ExIF Data	File Type : Win32 EXE MIME Type : application/octet-stream Machine Type : Intel 386 or later, and compatibles Time Stamp : 2001:07:25 03:34:37-04:00 PE Type : PE32 Linker Version : 7.0 Code Size : 368640 Initialized Data Size : 8192 Uninitialized Data Size : 479232 Entry Point : 0xcfcd0 OS Version : 4.0 Image Version : 5.1 Subsystem Version : 4.0 Subsystem : Windows GUI
VirusTotal Report submitted 2011-07-13 06:02:16
VirusShare info last updated 2012-07-25 00:14:31