Xandora

File SHA1: d6088a801f18354031ef7113c081d1a6200776a6
File MD5 : fa61033bfa168fadcefec9139b90db3f
File Type: MS-DOS executable PE for MS Windows (GUI) Intel 80386 32-bit
Date: Fri Nov 6 18:00:21 MYT 2009

#– Files Created: –

/WINDOWS/Prefetch/NETSH.EXE-085CFFDE.pf
/WINDOWS/Prefetch/SERVICES.EXE-2B0DDD57.pf
/WINDOWS/Temp/Perflib_Perfdata_578.dat
/WINDOWS/services.exe

#– Registry Created: –

[SOFTWARE]
+ [software\Microsoft\Tracing\FWCFG]
+ [software\Microsoft\Windows\CurrentVersion\services]
+ [software\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\NAP]
+ [software\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\NAP\Netsh]
+ [software\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\NAP\Netsh\Napmontr]
+ [software\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\qagent]
+ [software\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\qagent\traceIdentifier]
+ [software\Policies\Microsoft\WindowsFirewall]
+ [software\Policies\Microsoft\WindowsFirewall\DomainProfile]
+ [software\Policies\Microsoft\WindowsFirewall\StandardProfile]
[SYSTEM]
+ [system\ControlSet001\Services\napagent\LocalConfig\Enroll]
+ [system\ControlSet001\Services\napagent\LocalConfig\Enroll\HcsGroups]
+ [system\ControlSet001\Services\napagent\LocalConfig\UI]
+ [system\ControlSet002\Services\napagent\LocalConfig\Enroll]
+ [system\ControlSet002\Services\napagent\LocalConfig\Enroll\HcsGroups]
+ [system\ControlSet002\Services\napagent\LocalConfig\UI]
[SECURITIES]
[DEFAULT]
[NTUSER]

#– Malware Traffic – DNS: –

#– Malware Traffic – Connections: –

#– Malware Traffic – www: –

#– Screenshots: –

Screen After 90 Seconds