Xandora

File SHA1: 8a19573e6ec13f6b54830e793dc9b363cc5c345e
File MD5 : 66cea624e61abe29cc9a1d5cad384b89
File Type: PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Date: Wed Nov 11 05:42:14 MYT 2009
Possible Malware: YES

#– Files Created: –

/WINDOWS/Tasks/{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job

#– Registry Created: –

[SOFTWARE]
[SYSTEM]
[SECURITIES]
[DEFAULT]
[NTUSER]
+ [NTUSER\Software\TurboNet]
+ [NTUSER\Software\XML]

#– System Running Processes: –

command=(sample.exe):pid=(924:932):uid=(0)
command=(svchost.exe):pid=(260:508):uid=(0)
command=(svchost.exe):pid=(260:548):uid=(0)

#– Malware Traffic – DNS: –

chatpartyline.com
new-search-zone.com

#– Malware Traffic – Connections: –

64.120.164.39.80
64.191.82.22.80

#– Malware Traffic – www: –

chatpartyline.com/resolution.php
new-search-zone.com/borders.php

#– Screenshots: –

Screen After 90 Seconds