Gen.Variant.Symmi.5363_f4d056f12e

by malwarelabrobot on September 6th, 2014 in Malware Descriptions.

HEUR:Trojan.Win32.Generic (Kaspersky), Gen:Variant.Symmi.5363 (B) (Emsisoft), Gen:Variant.Symmi.5363 (AdAware), GenericAutorunWorm.YR (Lavasoft MAS)
Behaviour: Trojan, Worm, WormAutorun


The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.

Requires JavaScript enabled!

Summary
Dynamic Analysis
Static Analysis
Network Activity
Map
Strings from Dumps
Removals

MD5: f4d056f12ec2e405a27b4c7226248f7e
SHA1: acdd87ff378b5f2e0d505d331ace59f14d06f51d
SHA256: 2b355c0a3f75c50b90076f8d7a1ab22424a94c2506ae86f3288c7ddb47519a47
SSDeep: 1536:dBOQugTGG3VaO2u8Z68vvWfhoBQ3Ob4lhlwLkgpYEtDLonouy8:/OQuIGG3Qy8Z68vvMTheLkg9DMout
Size: 1080832 bytes
File type: EXE
Platform: WIN32
Entropy: Not Packed
PEID: PackerUPXCompresorGratuitowwwupxsourceforgenet, UPolyXv05_v6
Company: no certificate found
Created at: 2011-07-26 08:31:19
Analyzed on: WindowsXPESX SP3 32-bit


Summary:

Trojan. A program that appears to do one thing but actually does another (a.k.a. Trojan Horse).

Payload

Behaviour Description
WormAutorun A worm can spread via removable drives. It writes its executable and creates "autorun.inf" scripts on all removable drives. The autorun script will execute the Trojan's file once a user opens a drive's folder in Windows Explorer.


Process activity

The Trojan creates the following process(es):
No processes have been created.
The Trojan injects its code into the following process(es):
No processes have been created.

Mutexes

The following mutexes were created/opened:
No objects were found.

File activity

No files have been created.

Registry activity

Dropped PE files

MD5 File path
fd8bd221f53eeed97073a68b37a16e6d c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\ICD1.tmp\FP_AX_CAB_INSTALLER64.exe
7805e5fd154a06c713fe9c6e3d4f02c9 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\{018045A8-6104-43FF-B749-0E3F8766D8CA}\fpb.tmp
87a49bdb8cc20c34e735f2383d55ba8e c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\{5E929924-F22A-4960-A0EE-FC487A6C136C}\InstallFlashPlayer.exe

HOSTS file anomalies

The Trojan modifies "%System%\drivers\etc\hosts" file which is used to translate DNS entries to IP addresses.
The modified file is 23831 bytes in size. The following strings are added to the hosts file listed below:

184.168.105.79 viabcp.com
184.168.105.79 www.viabcp.com
184.168.105.79 bcpzonasegura.viabcp.com
184.168.105.79 bn.com.pe
184.168.105.79 www.bn.com.pe
184.168.105.79 zonasegura1.bn.com.pe
184.168.105.79 bbvabancocontinental.com
184.168.105.79 www.bbvabancocontinental.com
184.168.105.79 peb1.bbvanetlatam.com
184.168.105.79 www.peb1.bbvanetlatam.com
184.168.105.79 scotiabank.com.pe
184.168.105.79 www.scotiabank.com.pe
184.168.105.79 scotiaenlinea.scotiabank.com.pe
74.63.223.176 www.colmena.com.co
74.63.223.176 colmena.com.co
74.63.223.176 www.bancocajasocial.com.co
74.63.223.176 bancocajasocial.com.co
74.63.223.176 www.colpatria.com
74.63.223.176 colpatria.com
74.63.237.36 www.citibank.com.pe
74.63.237.36 citibank.com.pe
204.197.241.82 bancoguayaquil.com
204.197.241.82 www.bancoguayaquil.com
204.197.241.82 www.personas.santanderrio.com.ar
204.197.241.82 personas.santanderrio.com.ar
204.197.241.82 www.santanderrio.com.ar
204.197.241.82 santanderrio.com.ar
204.197.241.82 www.mibanco.com.pe
204.197.241.82 mibanco.com.pe
5.239.183.28 iniciorapido.info
237.191.3.54 www.iniciorapido.info
226.224.161.94 buscalo.in
228.82.144.214 www.buscalo.in
123.209.139.159 buscafacil.com
31.228.216.186 www.buscafacil.com
20.5.117.225 emsisoft.com
90.119.100.157 ahnlab.com
173.246.95.103 antivir.es
149.198.172.61 antiy.net
138.230.74.168 authentium.com
140.88.244.33 avast.com
35.27.52.234 avg.com
199.235.128.192 bitdefender.com
188.12.30.43 quickheal.com
2.125.200.164 clamav.net
86.252.8.109 comodo.com
250.16.84.135 drweb.com
239.49.242.175 aladdin.com
53.163.157.39 ca.com
204.34.220.240 f-prot.com
112.241.41.11 f-secure.com
101.86.198.50 fortinet.com
171.132.113.170 gdata.es
254.71.176.116 ikarus.at
162.23.253.142 jiangmin.com
151.55.155.181 kaspersky.com
221.169.69.114 mcafee.com
116.108.133.247 microsoft.com
24.60.209.17 eset.es
13.93.111.124 norman.com
83.206.25.245 nprotect.com
166.77.89.190 pandasecurity.com
75.97.165.148 pctools.com
64.130.255.0 prevx.com
134.176.238.120 rising-global.com
217.115.233.65 sophos.com
193.66.122.92 sunbeltsoftware.com
182.99.211.131 symantec.com
184.213.194.251 hacksoft.com.pe
79.152.189.197 trendmicro.com
243.104.78.223 anti-virus.by
232.136.168.6 hauri.net
46.250.150.127 virusbuster.hu
129.121.146.72 www.emsisoft.com
105.141.222.98 www.ahnlab.com
94.174.124.137 www.antivir.es
96.219.106.2 www.antiy.net
247.158.102.203 www.authentium.com
156.110.178.229 www.avast.com
145.143.80.81 www.avg.com
215.1.63.201 www.bitdefender.com
42.196.58.146 www.quickheal.com
206.147.135.105 www.clamav.net
195.180.36.212 www.comodo.com
9.38.19.76 www.drweb.com
160.165.14.22 www.aladdin.com
68.185.91.236 www.ca.com
57.217.249.87 www.f-prot.com
127.75.231.208 www.f-secure.com
210.202.227.153 www.fortinet.com
118.154.47.179 www.gdata.es
107.187.205.218 www.ikarus.at
177.44.187.83 www.jiangmin.com
5.239.183.28 www.kaspersky.com
237.191.3.54 www.mcafee.com
226.224.161.94 www.microsoft.com
228.82.144.214 www.eset.es
123.209.139.159 www.norman.com
31.228.216.186 www.nprotect.com
20.5.117.225 www.pandasecurity.com
90.119.100.157 www.pctools.com
173.246.95.103 www.prevx.com
149.198.172.61 www.rising-global.com
138.230.74.168 www.sophos.com
140.88.244.33 www.sunbeltsoftware.com
35.27.52.234 www.symantec.com
199.235.128.192 www.hacksoft.com.pe
188.12.30.43 www.trendmicro.com
2.125.200.164 www.anti-virus.by
86.252.8.109 www.hauri.net
250.16.84.135 www.virusbuster.hu
239.49.242.175 www.emsisoft.com
53.163.157.39 www.anti-trojan.net
204.34.220.240 malwarescan.emsisoft.com
112.241.41.11 forum.emsisoft.com
101.86.198.50 www.emsisoft.net
171.132.113.170 www.emsisoft.it
254.71.176.116 www.emsisoft.de
162.23.253.142 www.anti-trojan-software.net
151.55.155.181 mamutu.com
221.169.69.114 www.emsisoft.es
84.76.101.215 malwarescan.emsisoft.de
248.28.177.241 ww.emsisoft.com
237.61.79.93 www.emsisoft.fr
52.175.249.213 www.emsisoft.nl
135.45.57.158 onlinecheck.emsisoft.com
43.65.134.116 onlinecheck.emsisoft.de
32.98.223.224 www.emsisoft.org
102.144.206.88 scan.anti-trojan.net
185.83.201.33 www.trojaner.info
161.34.90.60 onlinecheck.emsisoft.org
150.67.179.99 onlinecheck.emsisoft.net
152.181.162.219 blitzblank.com
47.120.158.165 www.emsisoft.at
211.72.46.191 www.emsisoft.jp
200.105.136.230 www.mamutu.com
14.218.118.95 malwarescan.emsisoft.es
97.89.114.40 www.mamutu.de
73.109.190.66 download5.emsisoft.com
62.142.92.106 download1.emsisoft.com
65.188.74.226 download4.emsisoft.com
216.126.70.171 global.ahnlab.com
124.78.147.197 www.hackshields.com
113.111.48.49 www.internationalservicecheck.com
183.225.31.169 www.irangoals.com
10.164.26.114 ixomodels.com
174.115.103.73 www.indielisboa.com
163.148.4.180 www.latin-mass-society.org
233.6.243.44 www.arpia.be
128.133.238.246 www.owen.org
36.153.59.204 www.prdouglas.co.uk
25.186.217.55 www.zarya.info
95.43.199.176 www.willsee.com
178.170.195.121 halmapr.com
86.122.15.147 karuna-shechen.org
75.155.173.187 www.barder.com
146.13.155.51 www.antivir.es
229.207.151.252 www.buraka.tv
205.159.228.22 www.dr-bull.com
194.192.129.62 www.manchester-offices.co.uk
196.50.112.182 saverssite.com
91.177.107.127 canada.karuna-shechen.org
255.196.184.154 developmentdrums.org
244.229.85.193 www.imddomains.co.uk
58.87.68.125 cutlines.org
141.214.63.71 elblogdemanu.com
117.166.140.29 ruben.bzin.net
106.199.42.136 welkam.co.jp
108.56.212.1 www.cambridge-steiner-school.co.uk
3.251.20.202 naturesimages.net
167.203.96.160 www.1stavenuelimousines.co.uk
156.236.254.12 www.mtr-design.com
227.94.168.132 dev.depeuter.org
54.220.232.77 www.emeraldclassic.co.uk
218.240.53.103 www.peterhearnwaste.co.uk
207.17.210.143 etrr.co.uk
21.131.125.7 www.avoncourt.com
172.2.188.208 sarahmcconnellphotography.net
80.209.9.235 www.ixomodels.com
69.54.166.18 natsko.com
139.100.81.138 www.nottinghampoetryseries.com
222.39.144.84 www.sheffieldmind.co.uk
130.247.221.110 ixostore.ixomodels.com
119.24.123.149 www.flairweddings.co.uk
189.137.37.82 www.fimasys.com
84.76.101.215 cohartuk.com
248.28.177.241 qqjkw.net
237.61.79.93 vivo-austin.com
52.175.249.213 www.freeality.com
135.45.57.158 bestofewan.com
43.65.134.116 www.handwritingforkids.com
127.194.63.64 cowsmo.com
197.240.45.184 www.2xlgames.com
25.178.41.129 kimzimmer.net
1.130.186.155 basetendencies.com
246.163.19.195 trackingtheworld.com
248.21.2.59 www.reviewsofbooks.com
143.216.253.4 www.collectedcurios.com
51.167.142.31 www.renningers.com
40.200.231.70 ccslaughterspdx.com
110.58.214.190 www.briarhurst.com
193.185.209.136 www.smf.org
169.205.30.162 ribbonwarehouse.com
158.237.188.201 www.garryowen.com
160.27.170.66 45pounds.com
55.222.166.11 isotopecomics.com
219.174.242.37 roysephotos.com
208.207.144.145 www.stadiumpage.com
22.65.126.9 www.elvis-express.com
106.3.122.210 www.tomorrowsedge.net
14.211.199.168 www.beautybar.com
3.244.100.20 pineleafboys.com
73.102.83.140 www.mountainlakeslodge.com
4.9.114.121 pvtc.org
168.28.191.80 bhsbees.com
157.61.92.187 baristamagazine.com
227.175.75.51 www.gokidding.com
54.46.71.253 defalcos.com
218.254.147.23 www.celticmerchant.com
207.31.49.62 www.hxproduction.com
21.144.31.183 www.wellgousa.com
104.83.27.128 blog.titanium-jewelry.com
80.35.103.154 www.brightoctober.com
70.68.5.194 hishomeforchildren.com
72.182.243.58 www.phoenixtrikeworks.com
223.52.239.3 www.professorbeyer.com
131.72.60.30 www.secondchanceboxer.com
120.105.217.69 www.residentphotography.com
190.219.200.1 woottonfootball.com
17.90.195.202 www.deborahshelton.net
249.42.16.161 bobbondart.com
238.74.173.12 www.authentium.com
240.188.88.132 asap.authentium.com
135.127.152.78 www.authentium.com.au
43.79.228.36 avast.com
32.112.130.143 www.avast.com
102.225.44.8 files.avast.com
185.96.108.209 download535.avast.com
93.116.184.235 avg.com
83.149.86.19 www.avg.com
153.7.0.139 grisoft.com
48.133.64.84 www.grisoft.com
212.85.141.111 antivirus-tools.com
201.186.42.150 archive.bitdefender.com
15.232.213.14 avx.rob-have.net
98.171.20.215 b-have.orgbitdefender-ar.com
6.123.97.242 bitdefender.com
251.155.254.25 bitdefender.org
65.13.169.213 bitdefenderchina.com
216.208.233.91 bitdefenderguatemala.com
124.160.53.117 bitdefendermalaysia.com
113.193.211.224 bitdefendertaiwan.com
183.50.125.89 bitdefenderuruguay.com
10.177.189.34 bitdefenderusa.com
174.197.9.248 buy.bitdefender-es.com
164.230.99.100 buy.bitdefender.com
234.20.81.220 buy.bitdefender.de
61.214.77.165 de.bitdefender.com
37.166.222.192 fr.bitdefender.com
26.199.55.231 futurenow.bitdefender.com
28.57.38.95 it.bitdefender.com
179.252.33.40 jobs.bitdefender.com
87.203.178.67 kb.bitdefender.com
76.236.11.106 kb.bitdefender.de
146.94.250.226 kb.bitdefender.us
229.221.246.172 latin.bitdefender.com
205.241.66.198 linux.bitdefender.com
194.18.224.237 malwarecity.com
196.63.206.102 malwarecity.netmalwarecity.org
91.2.202.47 malwarepedia.com
255.210.22.73 neunet.orgnews.bitdefender.com
245.243.180.181 nl.bitdefender.com
59.101.162.45 renewals.bitdefender.com
142.39.158.246 sales.bitdefender.com
50.247.235.205 square.bitdefender.com
39.24.136.56 store.bitdefender.com
109.138.119.176 store.de.bitdefender.com
4.9.114.121 us.bitdefender.com
168.28.191.80 virusscanonline.net
157.61.92.187 wedoantivirus.com
227.175.75.51 www.antivirus-tools.com
54.46.71.253 www.avx.ro
218.254.147.23 www.bit-defender.de
207.31.49.62 www.bitdefende.de
21.144.31.183 www.bitdefender-es.com
104.83.27.128 www.bitdefender.be
80.35.103.154 www.bitdefender.cl
70.68.5.194 www.bitdefender.co.uk
72.182.243.58 www.bitdefender.com
223.52.239.3 www.bitdefender.com.au
131.72.60.30 www.bitdefender.com.sg
120.105.217.69 www.bitdefender.com.tw
190.219.200.1 www.bitdefender.com.vn
17.90.195.202 www.bitdefender.de
249.42.16.161 www.bitdefender.es
238.74.173.12 www.bitdefender.fr
240.188.88.132 www.bitdefender.hk
135.127.152.78 www.bitdefender.us
43.79.228.36 www.bitdefenderme.com
32.112.130.143 www.malwarecity.com
102.225.44.8 www.malwarecity.fr
185.96.108.209 quickheal.com
120.143.211.6 www.quickheal.com
110.176.113.46 www.clamav.net
180.34.27.166 cgi.clamav.net
75.160.91.111 lurker.clamav.net
239.112.168.138 wwws.clamav.net
228.213.69.177 lists.clamav.net
42.3.240.41 bugs.clamav.net
125.198.47.242 system-cleaner.comodo.com
33.149.124.13 backup.comodo.com
22.182.25.52 www.comodoantispam.com
92.40.196.240 easy-vpn.comodo.com
243.235.4.118 www.trustlogo.com
151.187.80.144 ztl.comodo.com
140.220.238.251 www.livepcsupport.com
210.77.152.116 www.whichssl.com
37.204.216.61 www.trustix.com
201.224.36.19 disk-encryption.comodo.com
190.1.126.127 speedtest.comodo.com
5.47.108.247 www.contentverification.com
88.241.104.192 idauthority.com
64.193.249.219 www.comodo.tv
53.226.82.2 online-backup.comodo.com
55.84.65.122 www.testmypcsecurity.com
206.23.60.67 www.ccssforum.org
114.230.173.62 i-vault.comodo.com
71.231.7.101 internetsecurity.comodo.com
141.89.245.221 www.comodopartners.com
224.216.241.167 timestamp.comodoca.com
200.236.61.193 secure-email.comodo.com
189.13.219.232 timestamp.wosign.com
191.58.201.97 rover800.gaima.co.uk
86.253.197.42 www.nsclean.com
251.205.17.68 www.contentverification.com
240.238.175.176 new-estore.drweb.com
54.96.158.40 support.drweb.com
137.35.153.241 pda.drweb.com
45.242.230.200 updates.drweb.com
34.19.131.51 drweb.com
104.133.114.171 vms.drweb.com
255.4.109.117 solutions.drweb.com
163.24.186.75 news.drweb.com
152.56.87.182 my.drweb.com
222.170.70.46 buy.drweb.com
49.41.66.248 products.drweb.com
213.249.142.18 new-support.drweb.com
202.26.44.57 promotions.drweb.com
16.139.26.178 network.drweb.com
99.78.22.123 customers.drweb.com
76.30.98.149 store.drweb.com
65.63.0.189 company.drweb.com
67.177.239.53 training.drweb.com
218.48.234.254 license.drweb.com
221.163.150.120 cureit.ru
211.196.52.160 free.drweb.com
25.54.35.92 info.drweb.com
108.180.30.37 new-partners.drweb.com
84.132.107.252 drweb.net
73.165.8.103 new-company.drweb.com
75.23.179.223 new-beta.drweb.com
226.218.242.169 new-forum.drweb.com
134.170.63.127 secure.av-desk.com
123.202.220.234 www.av-desk.com
193.60.135.98 new-solutions.drweb.com
20.187.199.44 new-www.drweb.com
184.207.19.70 www.freedrweb.ru
173.240.177.109 daniloff.net
243.97.91.230 drweb-inside.com
138.224.155.175 drwebinside.com
46.176.231.201 aladdin.com
36.21.133.241 alladdin.ru
106.67.48.105 chickensroamfree.com
157.230.79.18 ealaddin.net
65.181.156.45 ealaddin.orgeshop.aladdin.com
54.214.57.84 secureme.com
124.72.228.16 www.aks.com
19.11.35.150 www.aladdin.com
183.219.112.176 www.ealaddin.com
172.251.14.27 www.ealaddin.com
242.109.184.148 auwww.ealaddin.nl
69.236.248.93 www.esafe.com
233.0.68.51 www.hasp.se
222.33.158.158 www.safenet-inc.com
36.79.140.23 www3.safenet-inc.com
216.114.232.65 www.ca.com
192.66.121.91 cacomvip.ca.com
181.98.211.130 www.netegrity.com
183.212.193.251 search.ca.com
78.151.189.196 cai.com
242.103.77.222 www.f-prot.com
231.136.167.5 frisk-software.com
45.249.149.126 www.frisk.is
97.88.113.39 www.frisk-software.com
73.108.190.65 f-secure.com
62.141.91.105 f-secure.frf-secure.hk
64.187.74.225 f-secure.nlfsecure.com
215.126.69.170 fsecure.nlwebyard.com
123.77.146.197 www.f-secure.com
112.110.47.48 www.fsecure.com
182.224.30.168 www.virus.fi
9.163.25.114 fortihero.com
173.115.102.72 fortilog.com
162.148.4.19 fortinet.co.at
72.101.82.139 fortinet.com
223.228.77.85 fortiprotect.com
131.248.154.43 fortiwifi.com
120.24.56.150 www.apsecure.com
190.138.38.15 www.fortifed.com
17.9.34.216 www.fortiid.com
181.217.110.242 www.fortimail.com
170.250.12.26 www.fortinet-apac.com
21.144.30.182 www.fortinet.ch
104.82.26.127 www.fortinet.co.il
80.34.103.154 www.fortinet.com
69.67.4.193 www.fortinet.com
71.181.243.57 arwww.fortinet.cz
222.52.238.2 www.fortinet.net
130.71.59.29 www.fortinet.nl
119.104.216.68 www.fortinet.sg
189.218.199.0 www.fortinetuk.com
16.89.195.202 www.secure-elements.com
248.41.15.160 gdata.es
237.74.173.11 www.gdata.es
13.217.117.162 ikarus.at
164.156.181.107 www.ikarus.at
72.108.1.65 global.jiangmin.com
61.141.159.173 jiangmin.com.cn
132.255.73.37 jiangmin.com
215.125.137.238 www.jiangmin.com.cn
123.145.214.9 www.kaspersky.com
112.178.115.48 forum.kaspersky.com
150.4.254.136 support.kaspersky.co
45.131.61.82 usa.kaspersky.com
209.83.138.108 brazil.kaspersky.com
198.183.39.147 latam.kaspersky.com
12.229.210.11 kaspersky.com
95.168.18.213 me.kaspersky.com
3.120.94.239 images.kaspersky.com
248.153.252.22 www.mcafee.com
62.10.166.211 support.mcafee.com
213.205.230.88 msr.mcafee.com
122.157.50.114 home.mcafee.com
111.190.48.61 networkassociates.com
20.143.218.182 us.mcafee.com
103.14.26.127 tr.mcafee.com
11.34.102.85 au.mcafee.com
1.67.192.193 mx.mcafee.com
71.113.175.57 networkassociates.nai.com
154.51.170.2 go.mcafee.com
130.3.59.253 fr.mcafee.com
87.4.116.36 uk.mcafee.com
89.118.99.156 de.mcafee.com
240.57.94.102 obscgi.mcafee.com
148.9.239.128 nai.com
137.41.73.167 www.entercept.com
207.155.55.32 jp.mcafee.com
34.26.51.233 mcafeeb2b.com
10.46.127.3 cn.mcafee.com
255.79.29.42 service.mcafee.com
1.125.11.163 br.mcafee.com
153.63.7.108 www.mcafee.at
61.15.84.134 mcafeeretail.com
146.144.82.82 it.mcafee.com
216.2.64.203 tw.mcafee.com
43.197.60.148 privacy.microsoft.com
207.149.136.106 tempuri.org
196.182.38.213 schemas.xmlsoap.org
10.39.20.78 www.microsoft.com
161.166.16.247 specs.xmlsoap.org
38.154.61.205 www.eugrantsadvisor.ie
27.187.218.57 schemas.microsoft.com
97.45.201.177 encarta.msn.com
180.172.196.122 www.sysinternals.com
88.123.17.149 grv.microsoft.com
77.156.174.188 www.xmlsoap.org
147.14.157.52 www.eugrantsadvisor.se
230.209.152.254 www.eugrantsadvisor.com
206.161.229.24 research.microsoft.com
195.194.226.159 www.engyro.com
37.147.209.23 www.exchangeyourcareer.com
188.18.204.225 www.eugrantsadvisor.de
96.38.25.251 exchangeyourcareer.net
85.70.183.34 eugrantsadvisor.de
155.184.165.223 eugrantsadvisor.cz
238.55.161.168 www.eset.es
214.7.237.126 demos.eset.es
240.76.175.14 descargas.eset.es
242.190.89.134 blogs.protegerse.com
137.128.153.79 eos.eset.es
45.80.230.38 pedidos.protegerse.com
34.113.131.145 reg-int.nod32-es.com
104.227.46.9 reg.eset.es
187.98.109.210 vicentevirtual.com
95.117.186.237 cou85.com
84.150.87.20 www.norman.com
154.8.2.140 fsc.norman.com
49.135.66.86 nprobeta.norman.com
213.87.142.112 register.norman.com
202.188.44.151 webadmin.norman.no
16.233.214.16 sandbox.norman.com
99.172.22.217 www.nprotect.com
7.124.98.243 global.nprotect.com
253.157.0.27 www.nprotect.co.kr
67.15.170.215 www.npin.co.kr
218.209.234.92 siren24.nprotect.com
126.161.55.119 15660808.co.kr
115.194.212.226 biz.nprotect.com
212.79.154.117 nprotect.net
39.206.217.62 www.nprotect.com.br
203.225.38.21 liveprotect.net
192.2.127.128 nprotect.seoul.go.kr
6.48.110.248 chollian.nprotect.co.kr
89.243.106.194 www.pandasecurity.com
65.195.250.220 research.pandasecurity.com
54.228.84.3 support.pandasecurity.com
56.85.66.124 pandalabs.pandasecurity.com
207.24.62.69 pandasecurity.com
115.232.206.95 mop.pandasecurity.com
104.9.40.135 timeforyourbusi.pandasecurity.com
175.123.22.255 cybercrime.pandasecurity.com
2.249.18.200 free.pandasecurity.com
234.13.95.227 cloudprotection.pandasecurity.com
223.46.252.10 shop.pandasecurity.com
225.92.235.130 soporte.pandasecurity.com
120.31.230.75 together.pctools.com
28.238.51.102 www.prevx.com
17.15.208.209 info.prevx.com
87.129.191.73 free.prevx.com
170.68.187.19 spywarefiles.prevx.com
78.20.7.233 spywaredlls.prevx.com
35.21.133.52 shield.prevx.com
105.134.115.173 www.prevx1.com
0.5.111.118 howsafeismypc.com
165.25.187.76 www.retento.com
154.58.89.184 www.freerav.com
224.172.72.48 www.rising-global.com
51.43.67.249 www.risingav.com.au
215.250.144.20 support.rising-global.com
204.27.45.59 superboy2010.com.au
18.141.28.179 www.sophos.com
101.80.23.125 feeds.sophos.com
77.32.100.151 esp.sophos.com
66.64.1.190 cn.sophos.com
68.178.240.54 tw.sophos.com
219.49.236.0 kr.sophos.com
127.69.56.26 sophos.com
116.102.214.65 podcasts.sophos.com
186.215.196.254 www.sunbeltsoftware.com
13.86.192.199 go.sunbeltsoftware.com
246.38.12.157 oem.sunbeltsoftware.com
235.71.170.9 antispam.sunbeltsoftware.com
237.185.85.129 antispyware.sunbeltsoftware.com
132.124.148.74 antivirus.sunbeltsoftware.com
40.75.225.33 sunbeltsoftware.com
29.108.126.140 shop.sunbeltsoftware.com
99.222.41.4 live.sunbeltsoftware.com
182.93.104.206 firewall.sunbeltsoftware.com
90.113.181.232 www.symantec.com
79.145.82.15 security.symantec.com
149.3.253.135 securityrespons.symantec.com
44.130.61.81 service1.symantec.com
48.178.233.203 enterprisesecur.symantec.com
37.22.134.242 eval.symantec.com
107.68.49.106 symantec.com
190.7.113.52 definitions.symantec.com
98.215.189.78 investor.symantec.com
87.248.91.117 et.symantec.com
157.105.5.50 sfdoccentral.symantec.com
52.44.69.183 servicenews.symantec.com
216.252.145.209 securityrespons.symantec.com
206.29.47.61 sea.symantec.com
20.143.218.181 go.symantec.com
103.13.25.126 dell.symantec.com
11.33.102.85 sun.symantec.com
0.66.191.192 marian.symantec.com
70.112.174.56 tms.symantec.com
153.51.169.2 securitycheck.symantec.com
129.3.58.28 smallbiz.symantec.com
118.35.147.67 www.symantec.com
120.149.130.187 visualtracking.symantec.com
15.88.126.133 search.symantec.com
179.40.14.159 liveupdate.symantec.com
168.73.104.198 sitedirector.symantec.com
238.186.86.63 edm.symantec.com
65.57.82.8 hostedmailsecur.symantec.com
41.77.158.34 www4.symantec.com
255.78.28.42 education.symantec.com
1.124.11.162 vos.symantec.com
152.63.6.107 www.hacksoft.com.pe
60.14.83.134 hacksoft.pe
49.47.240.241 www.hacksoft.pe
119.161.223.105 housecall.trendmicro.com
202.100.218.51 www.trendmicro.com
110.52.39.9 housecall65.trendmicro.com
99.84.197.116 us.trendmicro.com
169.198.179.237 blog.trendmicro.com
64.69.175.182 emea.trendmicro.com
228.89.251.140 housecall60.trendmicro.com
217.122.153.247 jp.trendmicro.com
31.236.135.112 de.trendmicro.com
115.106.131.57 it.trendmicro.com
23.58.207.83 itw.trendmicro.com
108.187.206.219 esupport.trendmicro.com
178.45.188.84 es.trendmicro.com
5.240.184.29 br.trendmicro.com
237.192.4.55 tw.trendmicro.com
226.225.162.94 la.trendmicro.com
228.82.144.215 uk.trendmicro.com
123.209.140.160 ru.trendmicro.com
32.229.216.186 smbstore.trendmicro.com
21.6.118.226 apac.trendmicro.com
91.120.101.158 store.trendmicro.com
174.247.96.103 training.trendmicro.com
150.198.173.62 trial.trendmicro.com
139.231.74.169 ushousecall02.trendmicro.com
141.89.245.33 subwiz.trendmicro.com
36.28.52.235 go.trendmicro.com
200.236.129.193 feeds.trendmicro.com
189.12.31.44 channelpartner.trendmicro.com
3.126.201.165 wtc.trendmicro.com
86.253.9.110 shop.trendmicro.com
250.17.85.136 fr.trendmicro.com
239.50.243.175 threatinfo.trendmicro.com
53.163.157.40 newsletters.trendmicro.com
204.34.221.241 www.anti-virus.by
113.242.41.11 bg.virusblokada.com
102.87.199.51 www.vba.com.by
172.133.114.171 beta.anti-virus.by
255.72.177.116 www.bg.virusblokada.com
163.23.254.143 www.hauri.net
152.56.155.150 www.hauri.co.kr
190.138.38.82 company.hauri.net
85.77.101.216 www.globalhauri.com
249.29.178.242 shop.hauri.co.kr
238.62.80.93 hauri.co.kr
52.175.250.214 pg.hauri.net
135.46.58.159 esecurity.livecall.co.kr
43.66.134.117 mall.hauri.co.kr
32.99.224.225 company.hauri.co.kr
103.145.206.89 haurijapan.com
186.83.202.34 virobot.co.kr
162.35.91.60 www.virusbuster.hu
246.164.20.196 virusbuster.hu
249.22.2.60 scanner.novirusthanks.org
144.216.254.5 scanner2.novirusthanks.or
52.168.143.31 novirusthanks.org
41.201.232.71 www.novirusthanks.org
111.59.215.191 virustotal.com
194.186.210.136 www.virustotal.com
170.205.31.163 virscan.org
159.238.188.202 www.virscan.org
161.28.171.66 virusscan.jotti.org
56.223.166.12 jotti.org
220.175.243.38 www.jotti.org
209.207.145.145 viruschief.com
23.65.127.10 www.viruschief.com
106.4.123.211 scanner.virus.org
14.212.199.169 virus.org
3.245.101.21 www.virus.org
110.139.119.177 scan4you.net
5.9.115.122 www.scan4you.net
169.29.192.81 avhide.com
158.62.93.188 www.avhide.com
228.176.76.52 anubis.iseclab.org
55.47.71.253 iseclab.org
219.255.148.24 www.iseclab.org
208.31.49.63 threatexpert.com
22.145.32.183 www.threatexpert.com
105.84.28.129 forospyware.com
81.36.104.155 www.forospyware.com
70.69.6.194 in.answers.yahoo.com
96.206.12.83 es.answers.yahoo.com
247.77.8.28 kioskea.net
155.97.84.54 www.kioskea.net
144.130.242.94 es.kioskea.net
215.244.224.26 mygeekside.com
42.114.220.227 www.mygeekside.com
18.66.41.186 www.tecniservicioslys.com
7.99.198.37 tecniservicioslys.com
9.213.113.157 virusfreezone.info
160.152.176.102 www.virusfreezone.info
68.103.253.61 intranet.cidiroax.ipn.mx
57.136.154.168 spycheck.es
127.250.69.32 www.spycheck.es
210.121.133.234 antivirus.hispavista.com
118.141.209.4 computing.net
107.174.111.43 www.computing.net
177.31.25.164 spycheck.co.uk
40.126.57.77 www.spycheck.co.uk
205.78.133.103 midescargas.com
194.179.35.143 www.midescargas.com
8.225.206.7 static.yoreparo.com
91.164.13.208 softfaq.com
255.115.90.235 www.softfaq.com
244.148.247.18 configurarequipos.com
58.6.162.206 www.configurarequipos.com
209.201.225.84 seasonsecurity.com
117.153.46.110 www.seasonsecurity.com
106.185.203.217 removetrojanvirus.org
176.43.118.81 www.removetrojanvirus.org
99.10.21.123 ibusca.me
7.30.98.81 www.ibusca.me
252.62.187.188 busco.in
66.108.170.52 www.busco.in
149.47.166.254 inicioid.com
125.255.54.24 www.inicioid.com


Rootkit activity

No anomalies have been detected.

Propagation

A worm can spread via removable drives. It writes its executable and creates "autorun.inf" scripts on all removable drives. The autorun script will execute the Trojan's file once a user opens a drive's folder in Windows Explorer.

VersionInfo

No information is available.

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Section MD5
4096 200704 0 0 d41d8cd98f00b204e9800998ecf8427e
204800 77824 74240 5.5353 d2cef4d41f4f9dd2a9429f5018e34d1a
282624 4096 512 2.44574 15635006b89365a5a6fc7ac61f19d3c3

Dropped from:

Downloaded by:

Similar by SSDeep:

Similar by Lavasoft Polymorphic Checker:

Total found: 637
94b4fdbf29e0f8472d11604ca95455c6
4be1a3488fc85a44abdcf8bdb0f58ca2
5971a956598ed43e808e6b336c9f55c7
1567b96a6bc432d19192862d6235511f
6e7494ad1e335a2310e75ff0051e4ce8
2a5ecbf9deb640531a73d088f04a3a0c
e30b8a72d74876ace102eea06185625d
87a235f68f169eea463fa65a763d83a2
ce1e121b286f0915d608e495176f066b
aecbe789e4f0459490eb37f4bd89261d
a26e008fdc8590851a4ad5e30a8a38a2
eb1bd68322332dc1d3196144691f15fd
4f3f6ce7266634ae15529fa088e7497d
ceaf11c9d10291b97314aaff8238eb5f
2151c7eade1087765c716e1c94355773
8fc90024e949008f2c0681ac2246aa6d
ce23eb259f220c9bd4a0fe79c5669ae5
850e58b9ab90172d0d0acc1962d7dd79
a3cf4be1526752d8591859f15733b789
352453eaffb440e084c9b20b19ffee85
6fc9d34ffb3abda4a7d1a82c6b8edf70
0c6be81adddc312409820354979b8b69
0c5aaea1dd8c09fc9a80fa1f2d92d69a
3a115f585549f0c79fa62e514aa7efee
2bb0ac0568540041a3993893028e538e
b78c447744c0bc6e72cb45d49985e7fe

URLs

URL IP
hxxp://www.kuigames.com/templates/indigo/images/main_background.png 141.101.118.57
hxxp://www.kuigames.com/games/images/Liberate-the-Angels.jpg 141.101.118.57
hxxp:///iframe3?ndFKGzVsXgBZJ6gBAAAAADAAdgAAAAAAAwAAAAAAAAAAAP8AAAAFF3UhkgAAAAAARJMsAAAAAAAzy5EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAvjhwAAAAAAAICAwAAgD8AAAAAAAAAAAAAADjQPaGYPwAAAAAAAAAAAAA40D2hqD8AAAAAAAAAAAAA.Po0HLI.AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACGvptneApSELj9ucrBKETiiMMhk7L8E0CZ69oyAAAAAA==,,http://ads.kuigames.us/pop.html,B=10&H=&M=5&Z=0x0&_salt=2038240574&r=0&s=6188085&y=28,ffa248e4-34a7-11e4-8fe7-3cd92bff92de,1409885688096
hxxp://ads.yahoo.com/st?ad_type=iframe&ad_size=300x250&section=6188085&pub_url=${PUB_URL} 98.138.49.43
hxxp://www.kuigames.com/games/images/Catchem-2.jpg 141.101.118.57
hxxp://www.kuigames.com/games/images/CycloManiacs-2.jpg 141.101.118.57
hxxp://www.kuigames.com/games/images/Red-Fluxion.jpg 141.101.118.57
hxxp://sstatic1.histats.com/0.gif?1568213&101 208.43.241.181
hxxp://www.kuigames.com/games/images/Starcom.jpg 141.101.118.57
hxxp://www.kuigames.com/games/images/Crabs-Hunt.jpg 141.101.118.57
hxxp://www.kuigames.com/templates/indigo/forums/images/topic_search_button.png 141.101.118.57
hxxp://sstatic1.histats.com/0.gif?1568494&101 208.43.241.181
hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab 207.108.220.195
hxxp://594275355.qseach.com/redir.php 192.121.167.58
hxxp://www.kuigames.com/games/images/Zoe-Hand-Doctor.jpg 141.101.118.57
hxxp://www.kuigames.com/games/images/Platform-Racing-2.jpg 141.101.118.57
hxxp://www.kuigames.com/games/images/Polar-PWND-2.jpg 141.101.118.57
hxxp://www.kuigames.com/templates/indigo/images/main_menu.png 141.101.118.57
hxxp://584q2ap5o892pv8r7wm64zo363pc8i.ipgreat.com/ 192.121.167.58
hxxp://ads.yahoo.com/st?ad_type=iframe&ad_size=160x600&section=6188085&pub_url=${PUB_URL} 98.138.49.43
hxxp://www.kuigames.com/games/images/Sofia-And-Newborn-Sister.jpg 141.101.118.57
hxxp://www.kuigames.com/games/images/Orb-Avoidance-2.jpg 141.101.118.57
hxxp://ads.kuigames.us/160x600.html 104.28.6.118
hxxp://www.kuigames.com/templates/indigo/images/module_heart.png 141.101.118.57
hxxp://www.kuigames.com/games/images/CycloManiacs.jpg 141.101.118.57
hxxp://ads.yahoo.com/rw?title=&qs=iframe3?ndFKGzVsXgBZJ6gBAAAAADAAdgAAAAAAAwAAAAAAAAAAAP8AAAAFF3UhkgAAAAAARJMsAAAAAAAzy5EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAvjhwAAAAAAAICAwAAgD8AAAAAAAAAAAAAADjQPaGYPwAAAAAAAAAAAAA40D2hqD8AAAAAAAAAAAAA.Po0HLI.AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACGvptneApSELj9ucrBKETiiMMhk7L8E0CZ69oyAAAAAA==,,http%3A%2F%2Fads.kuigames.us%2Fpop.html,B%3D10%26H%3D%26M%3D5%26Z%3D0x0%26_salt%3D2038240574%26r%3D0%26s%3D6188085%26y%3D28,ffa248e4-34a7-11e4-8fe7-3cd92bff92de,1409885688096 98.138.49.43
hxxp://evcs-crl.ws.symantec.com/evcs.crl 23.9.117.163
hxxp://www.kuigames.com/games/images/GhostBall.jpg 141.101.118.57
hxxp://ads.yahoo.com/imp?Z=160x600&s=6188085&T=3&_salt=1796922812&B=10&H=http://ads.kuigames.us/160x600.html&u=http://ads.kuigames.us/160x600.html&M=4&r=0 98.138.49.43
hxxp://www.kuigames.com/games/images/Gravitex-2.jpg 141.101.118.57
hxxp://www.kuigames.com/games/images/Warlords-Call-to-Arms.jpg 141.101.118.57
hxxp://www.kuigames.com/templates/indigo/images/module_header.png 141.101.118.57
hxxp://www.kuigames.com/games/images/Galaxy-Wars-For-the-Sake-Of-the-Universe.jpg 141.101.118.57
hxxp://www.kuigames.com/games/images/Fruits-Couple-Dress-Up.jpg 141.101.118.57
hxxp://www.kuigames.com/templates/indigo/blank.gif 141.101.118.57
hxxp://www.kuigames.com/templates/indigo/images/module_user.png 141.101.118.57
hxxp://www.kuigames.com/games/images/Zoes-Messy-House.jpg 141.101.118.57
hxxp://www.kuigames.com/games/images/Zodiac-Reactor.jpg 141.101.118.57
hxxp://ads.yahoo.com/imp?Z=468x60&s=6188085&T=3&_salt=4054896393&B=10&H=http://ads.kuigames.us/468x60.html&u=http://ads.kuigames.us/468x60.html&M=4&r=0 98.138.49.43
hxxp://www.kuigames.com/templates/indigo/images/module_popular.png 141.101.118.57
hxxp://ads.kuigames.us/300x250.html 104.28.6.118
hxxp://www.kuigames.com/games/images/The-Endless-Drop.jpg 141.101.118.57
hxxp://www.kuigames.com/games/images/Drift-Runners-2.jpg 141.101.118.57
hxxp://www.kuigames.com/templates/indigo/images/module_star.png 141.101.118.57
hxxp://www.kuigames.com/templates/indigo/images/home_cat_header.png 141.101.118.57
hxxp://252709031.qseach.com/redir.php 192.121.167.58
hxxp://c.statcounter.com/7040553/0/edbb565e/1/ 67.215.253.140
hxxp://www.kuigames.com/templates/indigo/images/searchbox.png 141.101.118.57
hxxp://www.kuigames.com/templates/indigo/images/logo.png 141.101.118.57
hxxp://www.kuigames.com/games/images/Inner-Demon.jpg 141.101.118.57
hxxp://www.kuigames.com/uploads/avatars/default.png 141.101.118.57
hxxp://www.kuigames.com/games/images/Enigmata-2-Genus-Revenge.jpg 141.101.118.57
hxxp://ads.yahoo.com/imp?Z=120x600&s=6188085&T=3&_salt=1166147371&B=10&H=http://ads.kuigames.us/120x600.html&u=http://ads.kuigames.us/120x600.html&M=4&r=0 98.138.49.43
hxxp://www.kuigames.com/templates/hightek/images/anon.png 141.101.118.57
hxxp://www.kuigames.com/games/images/Pyro.jpg 141.101.118.57
hxxp://www.kuigames.com/games/images/Super-Fishing.jpg 141.101.118.57
hxxp://content.yieldmanager.com/ak/p.gif 199.117.103.59
hxxp://www.kuigames.com/games/images/Monkey-Talent.jpg 141.101.118.57
hxxp://content.yieldmanager.edgesuite.net/atoms/38/3b/c3/5a/383bc35a07d9cef4d21a25cb8636c781.swf?clickTag=http://ads.yahoo.com/clk?3,eJyljdFuwjAMRb-Gt6pKY7cLqvaQAqkQtBtSmBbe2mQkrGSb1LKOff0KVPzAjizfK.tajiDVQMDUCSRIqz3saRohQ6h1HKEOSJqmFAEfWDyNpsGHEav896V9tbN4lX9m.MKiUbXlN666uflndulCwNY1456emRyTzqDm.-D73fWjXXI-WDtnw7OcbYjN7ql855XkUPptv5YFUVJ3hRTHckbwSWZ-LTXupGkKqc7lfElUf798DALXdV8T4BMqhqpMGzang638Wxue2mGCCftJSOg6f.wDgolc6g==, 23.67.244.10
hxxp://www.kuigames.com/games/images/Bubblequod-2.jpg 141.101.118.57
hxxp://www.kuigames.com/games/images/Sprout.jpg 141.101.118.57
hxxp://ads.yahoo.com/get-user-id?ver=2&s=6188085&ts=1409885688&sig=f649a3b6311803b2 98.138.49.43
hxxp://www.kuigames.com/games/images/Reincarnation--A-Taste-Of-Evil.jpg 141.101.118.57
hxxp://www.kuigames.com/games/images/Conquerium.jpg 141.101.118.57
hxxp://ads.kuigames.us/120x600.html 104.28.6.118
hxxp://ads.yahoo.com/get-user-id?ver=2&s=6188085&ts=1409885687&sig=61cb7a3de0b4d59d 98.138.49.43
hxxp://ads.yahoo.com/st?ad_type=iframe&ad_size=468x60&section=6188085&pub_url=${PUB_URL} 98.138.49.43
hxxp://www.kuigames.com/games/images/Deadly-Neighbours.jpg 141.101.118.57
hxxp://www.kuigames.com/games/images/Captain-Steelbounce.jpg 141.101.118.57
hxxp://ads.yahoo.com/imp?Z=728x90&s=6188085&T=3&_salt=2368955277&B=10&H=http://ads.kuigames.us/728x90.html&u=http://ads.kuigames.us/728x90.html&M=4&r=0 98.138.49.43
hxxp://www.kuigames.com/ 141.101.118.57
hxxp://c.statcounter.com/7040548/0/9a85091e/1/ 67.215.253.140
hxxp://www.kuigames.com/games/images/Blocked-Out.jpg 141.101.118.57
hxxp://www.kuigames.com/templates/indigo/images/pages_menu_item_border.png 141.101.118.57
hxxp://crl.verisign.com/pca3-g5.crl 23.7.69.163
hxxp://content.yieldmanager.edgesuite.net/atoms/71/ca/f5/7e/71caf57efe61cc3184a879d13e20aca3.swf?clickTag=http://ads.yahoo.com/clk?3,eJyljWFPwjAQhn8N3-ZypWW0afzQASWTbagpU.nGOumwVElaxPjr3TKiP8Anl8uTuzd3CPOaJGzP9jqZIEZZPeWIUIJrPQHQEXDOxwhNGSEM4ei9kavld-WfTRrIyqaiZ52WjREDF7EQ4mPwe9p3KfGmtdf9413hB5vF-SkT.-Dzrb1cNev.CjOnAhY39AFM-ptabl3pKreebyBXBbwoHQolj-UMHUqX4VxpslWNLVSXeaps-Xf.NoraEE4jLEZj2dWu8bE9H8zOvfr47LsJSuArAYjb4I4.23hdAQ==, 23.67.244.10
hxxp://www.kuigames.com/games/images/Sproing-Reloaded.jpg 141.101.118.57
hxxp://www.directorio-w.com/ 192.121.167.58
hxxp://www.kuigames.com/games/images/Cardinal-Quest.jpg 141.101.118.57
hxxp://www.kuigames.com/games/images/P.O.D..jpg 141.101.118.57
hxxp://content.yieldmanager.edgesuite.net/atoms/5e/5e/48/47/5e5e48471469e5535a6811552a398d35.swf?clickTag=http://ads.yahoo.com/clk?3,eJyljd1ugkAQhZ.GO0pmf6RLNr0A6xKVXWuDtnoHbl0UtjFZLLZPXyjGF-jJ5OTLzJwcRLjOdUGDAtEOWIBDjiijpNjTA0UecM4xC9kjA8RC71OLRfKzce8mdnRRxVGvZay0iQa1vU0HfmG9C0HWZXW7v86lG2jip-dZ9A99ncr2hrO.XvPc9cEDW4GJ71.Jzqpkd1RWQppJ2Gb7RmaiVhMYK7yp00ydVDIdS7sm6k1-b9t78snzyqY5j0g0wqKbXDu.uhxNbj-cf3HdBmG4BgB-2dj6Fz08XPw=, 23.67.244.10
hxxp://ads.yahoo.com/imp?Z=0x0&y=28&s=6188085&_salt=2038240574&B=10&H=&u=http://ads.kuigames.us/pop.html&M=5&r=0 98.138.49.43
hxxp://ads.kuigames.us/468x60.html 104.28.6.118
hxxp://ads.yahoo.com/imp?Z=300x250&s=6188085&T=3&_salt=4003166706&B=10&H=http://ads.kuigames.us/300x250.html&u=http://ads.kuigames.us/300x250.html&M=4&r=0 98.138.49.43
hxxp://180730105.qseach.com/redir.php 192.121.167.58
hxxp://ads.yahoo.com/st?ad_type=iframe&ad_size=728x90&section=6188085&pub_url=${PUB_URL} 98.138.49.43
hxxp://www.kuigames.com/templates/indigo/images/left_arrow.png 141.101.118.57
hxxp://kuigames.com/ 141.101.118.56
hxxp://www.kuigames.com/templates/indigo/style.css 141.101.118.57
hxxp://3e36y22v93d34l85tj4vs012m5r884.ipcheker.com/ 192.121.167.58
hxxp://www.kuigames.com/games/images/Epic-War-Saga.jpg 141.101.118.57
hxxp://www.kuigames.com/games/images/Legend-of-the-Void.jpg 141.101.118.57
hxxp://www.kuigames.com/games/images/Zoe-Animals-Doctor.jpg 141.101.118.57
hxxp://www.kuigames.com/games/images/Indiana-Jones.jpg 141.101.118.57
hxxp://content.yieldmanager.edgesuite.net/atoms/b6/11/29/55/b6112955568fc2e8d1197b57b15f6a43.swf?clickTag=http://ads.yahoo.com/clk?3,eJydjd1ugkAQRp.GO0L2j7LNpheDiCEq1HSlwp0suOC6bROwLX36YrA-QE8mky8n32QwFbViStW-V.oVV0f1IDDjjJbKQwo7SAhBKPN8TJFHnLcqWi1.sm6vIdsTFsCVeJGWXzChYQGQT.mZX3cU0V1j9KTIwOWt-dK-3-T.-Dw1f09jgDHqkEON53yLdHBvLQubhmbIbXFayw3Kpeo3Mjonc9wWr.GwlpVNwhilMjNJGJh8e798cpym7z9mFGYkGudQda65tPpg6869dKPxCf9-RG7T2.MvjvleIA==, 23.67.244.10
hxxp://ads.yahoo.com/st?ad_type=iframe&ad_size=120x600&section=6188085&pub_url=${PUB_URL} 98.138.49.43
hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab 96.17.227.191
hxxp://www.kuigames.com/games/images/Sam-Bike-Accident.jpg 141.101.118.57
hxxp://content.yieldmanager.edgesuite.net/flash_activate.js 23.67.244.10
hxxp://www.kuigames.com/games/images/Shameless-Clone-2.jpg 141.101.118.57
hxxp://www.kuigames.com/games/images/Distopix.jpg 141.101.118.57
hxxp://www.kuigames.com/games/images/Amberial-Nebulosa-Realms.jpg 141.101.118.57
hxxp://ads.yahoo.com/imp?Z=300x250&s=6188085&T=3&_salt=3230503250&B=10&H=http://ads.kuigames.us/300x250.html&u=http://ads.kuigames.us/300x250.html&M=4&r=0 98.138.49.43
hxxp://ads.yahoo.com/st?ad_type=pop&ad_size=0x0&section=6188085&banned_pop_types=28&pop_times=1&pop_frequency=21600&pub_url=${PUB_URL} 98.138.49.43
hxxp://www.kuigames.com/games/images/Wigman-Big-Run.jpg 141.101.118.57
hxxp://www.kuigames.com/games/images/Planet-Juicer.jpg 141.101.118.57
hxxp://www.kuigames.com/includes/jquery-1.8.2.js 141.101.118.57
hxxp://www.kuigames.com/games/images/Pirate-tresaure.jpg 141.101.118.57
hxxp://www.kuigames.com/games/images/Wheel-of-Misfortune.jpg 141.101.118.57
hxxp://fpdownload.macromedia.com/get/flashplayer/update/current/install/install_all_win_cab_ax_sgn.z 23.194.155.238
hxxp://ads.kuigames.us/728x90.html 104.28.6.118
hxxp://ads.kuigames.us/pop.html 104.28.6.118
hxxp://www.kuigames.com/games/images/Heat-Rush-USA.jpg 141.101.118.57
hxxp://www.kuigames.com/includes/avarcade.js 141.101.118.57
hxxp://www.kuigames.com/games/images/Dungeon-Defender.jpg 141.101.118.57
hxxp://content.yieldmanager.edgesuite.net/atoms/6c/0e/12/64/6c0e1264dba660d9b65103bbe5ec3ce6.png 23.67.244.10
hxxp://www.kuigames.com/games/images/Baby-Elsa-Skin-Allergy.jpg 141.101.118.57
hxxp://www.kuigames.com/games/images/Bubble-Harm.png 141.101.118.57
hxxp://www.kuigames.com/templates/indigo/images/right_arrow.png 141.101.118.57
hxxp://www.kuigames.com/images/overlay.png 141.101.118.57
30324460.qseach.com 192.121.167.58
y1263nz903ui77u71n67v05swp4jah.ipcheker.com 192.121.167.58


IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)

Traffic

Web Traffic was not found.

The Trojan connects to the servers at the folowing location(s):

Strings from Dumps were not found.


Remove it with Ad-Aware

  1. Click (here) to download and install Ad-Aware Free Antivirus.
  2. Update the definition files.
  3. Run a full scan of your computer.


Manual removal*

  1. Delete the original Trojan file.
  2. Restore the original content of the HOSTS file (%System%\drivers\etc\hosts):
    127.0.0.1 localhost
  3. Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
  4. Find and delete all copies of the worm's file together with "autorun.inf" scripts on removable drives.
  5. Reboot the computer.

*Manual removal may cause unexpected system behaviour and should be performed at your own risk.

No votes yet


Lavasoft is the maker of Ad-Aware, the world's most popular anti-malware software with over 450 million downloads.
© 2026 Lavasoft. All rights reserved.
Terms Of Use |   Privacy Policy


x

Our best antivirus yet!

Fresh new look. Faster scanning. Better protection.

Enjoy unique new features, lightning fast scans and a simple yet beautiful new look in our best antivirus yet!

For a quicker, lighter and more secure experience, download the all new adaware antivirus 12 now!

Download adaware antivirus 12
No thanks, continue to lavasoft.com
close x

Discover the new adaware antivirus 12

Our best antivirus yet

Download Now