Autovin

File SHA1: 75dcf8907e5efd2539f6504eaa987845102be092
File MD5 : 593ab005a63bcb25630a19644434ec0a
File Type: PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Date: Mon Nov 9 18:42:19 MYT 2009
Possible Malware: YES

#– Files Created: –

/Documents and Settings/Administrator/Local Settings/Temp/j83q8
/Documents and Settings/All Users/Application Data/t
/WINDOWS/3e5f.flv
/WINDOWS/Prefetch/CML1.TMP-12BB908C.pf
/WINDOWS/Prefetch/D1S3.EXE-1E0568E9.pf
/WINDOWS/Prefetch/F3Y6.EXE-048EB8F6.pf
/WINDOWS/Prefetch/RUNDLL32.EXE-14CF1FE2.pf
/WINDOWS/Temp/Cookies
/WINDOWS/Temp/History
/WINDOWS/Temp/Temporary Internet Files
/WINDOWS/Temp/cml1.tmp
/WINDOWS/Temp/jvicu
/WINDOWS/d10f.exe
/WINDOWS/f3d1.bmp
/WINDOWS/system32/-1878-71-51
/WINDOWS/system32/31nf.dll
/WINDOWS/system32/53ef.dll
/WINDOWS/system32/d1s3.exe
/WINDOWS/system32/s.exe
/WINDOWS/system32/tmp.exe

#– Registry Created: –

[SOFTWARE]
+ [software\Classes\CLSID\{237601B7-43B7-4988-8971-F15C435D4AE0}\ProgID]
+ [software\Classes\CLSID\{237601B7-43B7-4988-8971-F15C435D4AE0}\Programmable]
+ [software\Classes\CLSID\{237601B7-43B7-4988-8971-F15C435D4AE0}\TypeLib]
+ [software\Classes\CLSID\{237601B7-43B7-4988-8971-F15C435D4AE0}\VersionIndependentProgID]
+ [software\Classes\IEHpr.Invoke]
+ [software\Classes\IEHpr.Invoke\CLSID]
+ [software\Classes\IEHpr.Invoke\CurVer]
+ [software\Classes\IEHpr.Invoke.1\CLSID]
+ [software\Classes\Interface\{F2020427-271B-4C03-B5EB-1FF96B50763C}\ProxyStubClsid]
+ [software\Classes\Interface\{F2020427-271B-4C03-B5EB-1FF96B50763C}\TypeLib]
+ [software\Classes\TypeLib\{0D9B0F79-BD07-4F93-9F76-5EB7FC76D860}\1.0\FLAGS]
+ [software\Classes\TypeLib\{0D9B0F79-BD07-4F93-9F76-5EB7FC76D860}\1.0\HELPDIR]
+ [software\Microsoft\DownloadManager]
+ [software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
[SYSTEM]
+ [system\ControlSet001\Enum\Root\LEGACY_MSTCSF]
+ [system\ControlSet001\Services\Eventlog\Application\lsase]
+ [system\ControlSet001\Services\Eventlog\Application\mstcsf]
+ [system\ControlSet001\Services\Eventlog\Application\OSEvent]
+ [system\ControlSet001\Services\mstcsf]
+ [system\ControlSet001\Services\mstcsf\Security]
+ [system\ControlSet001\Services\OSEvent]
+ [system\ControlSet001\Services\OSEvent\Security]
[SECURITIES]
[DEFAULT]
[NTUSER]

#– Malware Traffic – DNS: –

110.770304123.cn
122.770304123.cn
343.boolans.com
www.netblogcn.cn
yahoo.com.cn

#– Malware Traffic – Connections: –

124.227.190.227.80
174.139.244.18
212.117.164.35.25
219.148.34.10.80
219.148.34.7.80
60.217.234.138.80
61.158.167.52.80
72.10.172.211.8080

#– Malware Traffic – www: –

122.770304123.cn/ue000/38sw.e?uid=189364158512902265799640
110.770304123.cn/player/blog.updata?v=2.2.2.5&mid=c42aebc0c1d238cef55114fa2770db52&r1=0ff5aba1999384238a4c4249ea7d93ac&tm=2009-11-09%2010:43:20&av=TD&os=Windows%20XP.2600%20with%20Service%20Pack%203&uid=189364158512902265800890&cht=0
www.netblogcn.cn/log.aspx?v=2.2.2.5&mid=c42aebc0c1d238cef55114fa2770db52&r1=0ff5aba1999384238a4c4249ea7d93ac&tm=2009-11-09%2010:43:20&av=TD&os=Windows%20XP.2600%20with%20Service%20Pack%203&uid=189364158512902265800890&cht=0&sn=05da65af5d88a9a3d4d4e5416df66d4b
www.netblogcn.cn/log.aspx?v=2.2.2.5&mid=c42aebc0c1d238cef55114fa2770db52&r1=0ff5aba1999384238a4c4249ea7d93ac&tm=2009-11-09%2010:43:20&av=TD&os=Windows%20XP.2600%20with%20Service%20Pack%203&uid=189364158512902265800890&cht=0&sn=05da65af5d88a9a3d4d4e5416df66d4b
343.boolans.com/list/2009-11-09/NO.y
343.boolans.com/list/bl.y
343.boolans.com/list/2009-11-09/ut_NO.y
219.148.34.10/dmupdate/sss.exe
122.770304123.cn/ue000/38sw.e?uid=189364158512902265841593
110.770304123.cn/player/blog.updata?v=2.2.2.7&mid=c42aebc0c1d238cef55114fa2770db52&r1=0ff5aba1999384238a4c4249ea7d93ac&tm=2009-11-09%2010:44:03&av=TD&os=Windows%20XP.2600%20with%20Service%20Pack%203&uid=189364158512902265843796&cht=0
www.netblogcn.cn/log.aspx?v=2.2.2.7&mid=c42aebc0c1d238cef55114fa2770db52&r1=0ff5aba1999384238a4c4249ea7d93ac&tm=2009-11-09%2010:44:03&av=TD&os=Windows%20XP.2600%20with%20Service%20Pack%203&uid=189364158512902265843796&cht=0&sn=05da65af5d88a9a3d4d4e5416df66d4b
343.boolans.com/list/2009-11-09/NO.y
343.boolans.com/list/bl.y
343.boolans.com/list/2009-11-09/ut_NO.y

#– Screenshots: –

Screen After 90 Seconds