What is TrustedSource? | Create Account | Login 
Secure Computing Corporation
 
Home  Threats and Trends  Malware Information
TrustedSource™ Query
Enter IP address, domain name or URL to check reputation/traffic patterns:
Search
 

Malware Information

Malware nameTrojan.Dldr.Bagle.NK
TypeTrojan
Affected platformWin32
Media-Typeapplication/executable
MD5 checksum1AD002E1307BC480EE2C111E45FC2498
Static fileyes
Filesize684,032 Bytes
Alias names
(also known as)
SophosMal/Generic-A
McAfeeGeneric.dx
Side effects
  • Disable security applications
  • Downloads files
  • Lowers security settings
  • Registry modification
PropagationNo own spreading routine

Description:

Files

It copies itself to the following locations:
• %SYSDIR%\drivers\hldrrr.exe
• %SYSDIR%\drivers\mdelk.exe



It overwrites a file.
%randomly chosen directory%\%unknown%.exe

With the following contents:
%executed file%





It tries to download a file:

– The locations are the following:
• http://62.193.236.47/images/**********
• http://66.165.182.166/images/**********
• http://abservices.es/images/**********
• http://addexo.com/images/**********
• http://agenciahispanoamericana.net/images/**********
• http://agmagazine.com.ar/images/**********
• http://alugil.es/images/**********
• http://appartamentitropea.com/images/**********
• http://ar-dna.nazwa.pl/images/**********
• http://atlas-developpement.com/images/**********
• http://aultimahora.com.ar/images/**********
• http://bittersweet.pl/images/**********
• http://borkowsk.webd.pl/images/**********
• http://bungalowsdelsol.com/images/**********
• http://capriiateclube.com.br/images/**********
• http://carada.it/images/**********
• http://cestiregalo.altervista.org/images/**********
• http://coltplus.bremen.tw/images/**********
• http://delarte.p1718.futuro.pl/images/**********
• http://delzacc.com.ar/images/**********
• http://digisave.ch/images/**********
• http://djstoned.dj.funpic.de/images/**********
• http://e314.de/images/**********
• http://elmartinet.cat/images/**********
• http://empresariosmineros.com/images/**********
• http://eskandaie.com/images/**********
• http://evelya.es/images/**********
• http://faciltecnologias.com.br/images/**********
• http://foroantiguo.acuariofilia.net/images/**********
• http://gelezis.lt/images/**********
• http://habboaccesstaff.altervista.org/images/**********
• http://hacedoresmendoza.altervista.org/images/**********
• http://heniek.w.tkb.pl/images/**********
• http://henryglass.it/images/**********
• http://hostingpuebla.com/images/**********
• http://iescanpuig.cat/images/**********
• http://imaseo.com/images/**********
• http://indianwintersports.com/images/**********
• http://ivanrusso.com.ar/images/**********
• http://jillclicks.info/images/**********
• http://kaosconcept.net/images/**********
• http://karlsgarten.de/images/**********
• http://kinesis-gym.gr/images/**********
• http://ladeira.com.br/images/**********
• http://laruedespavots.org/images/**********
• http://lisac.si/images/**********
• http://llar-llibre.com/images/**********
• http://malasommamarco.com/images/**********
• http://margotmedia.com/images/**********
• http://mariage-tunisien.com/images/**********
• http://monilove.credors.pl/images/**********
• http://motto.com.pl/images/**********
• http://mwiktor.nazwa.pl/images/**********
• http://nasko.com.br/images/**********
• http://nzj.home.pl/images/**********
• http://oab-niteroi.org/images/**********
• http://parodiario.tv/images/**********
• http://pc-hard.com/images/**********
• http://perfumeria-online.pl/images/**********
• http://pflanzenoase.pf.funpic.de/images/**********
• http://projetoecotour.com.br/images/**********
• http://rainy.ir/images/**********
• http://realisations.net/images/**********
• http://recinservices.com/images/**********
• http://ringingcedarsusa.com/images/**********
• http://robert.startime.at/images/**********
• http://roupenboghossian.com/images/**********
• http://rubios-gay.info/images/**********
• http://rycsim.fr/images/**********
• http://s144758003.onlinehome.fr/images/**********
• http://shop-toyru.125.com1.ru/images/**********
• http://sminco.nazwa.pl/images/**********
• http://solar-protec.com/images/**********
• http://spainontv.com/images/**********
• http://statosphere.info/images/**********
• http://strzelectwo.lodz.pl/images/**********
• http://studiavanti.nl/images/**********
• http://surlabouche.biz/images/**********
• http://surtel.com.br/images/**********
• http://tanja-grimm.eu/images/**********
• http://taximan.fi/images/**********
• http://test.olivierdesforges.fr/images/**********
• http://toshiba-tvru.112.com1.ru/images/**********
• http://transwalkers.com/images/**********
• http://tus-fussball.com/images/**********
• http://von-hiss.com/images/**********
• http://wallat-knauth.de/images/**********
• http://web4.vs165183.vserver.de/images/**********
• http://wischalla.de/images/**********
• http://www.adiscart.com/images/**********
• http://www.aguirre-inc.com/images/**********
• http://www.altmannsports.ch/images/**********
• http://www.avalonvillarrubia.com/images/**********
• http://www.azionecattolicamessina.it/images/**********
• http://www.bagnoz.com/images/**********
• http://www.bellazura.com/images/**********
• http://www.cnc-steuerung.de/images/**********
• http://www.davidbrookins.com/images/**********
• http://www.deakteerstudio.nl/images/**********
• http://www.diesel.com/images/**********
• http://www.ewbbds.ae/images/**********
• http://www.ffcqatar.com/images/**********
• http://www.fluoreszcens.sote.hu/images/**********
• http://www.fourelementsjersey.com/images/**********
• http://www.hellseherin.li/images/**********
• http://www.infinito.art.br/images/**********
• http://www.juniordoctors.eu/images/**********
• http://www.kovos-dvorak.cz/images/**********
• http://www.labotest.it/images/**********
• http://www.magischekringhaaglanden.nl/images/**********
• http://www.mona-koenig.de/images/**********
• http://www.qualitycolombia.com/images/**********
• http://www.rgb-worx.com/images/**********
• http://www.scharsterrijn.nl/images/**********
• http://www.silverstoneinn.com/images/**********
• http://www.speedpicker.com/images/**********
• http://www.swtsound.com/images/**********
• http://www.taziocorse.com/images/**********
• http://www2.seminariodetenerife.org/images/**********
• http://www7.webdesign-promotion.com/images/**********
• http://zelenaratolest.cz/images/**********
At the time of writing this file was not online for further investigation.
Registry

The following registry key is added in order to run the process after reboot:

– [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
%unknown% = %randomly chosen directory%\%unknown%.exe

Process termination

List of processes that are terminated:
• a2cmd.exe; a2guard.exe; a2HiJackFree.exe; a2scan.exe; a2service.exe;
a2start.exe; a2upd.exe; a2wizard.exe; aavshield.exe; About.exe;
AckWin32.exe; ADVCHK.EXE; Agb5.exe; Agb5_.exe; AhnSD.exe;
airdefense.exe; ALERTSVC.EXE; ALMon.exe; ALOGSERV.EXE; ALsvc.exe;
ALUNOTIFY.EXE; amon.exe; Anti-Trojan.exe; AntiVirScheduler;
AntiVirService; AntiVirus.exe; ANTS.EXE; APVXDWIN.EXE; Armor2net.exe;
ash.exe; ashAvast.exe; ashAvSrv.exe; ashchest.exe; ashDisp.exe;
ashDug.exe; ashEnhcd.exe; ashLogV.exe; ashMaiSv.exe; ashPopWz.exe;
ashQuick.exe; ashServ.exe; ashsimp2.exe; ashSimpl.exe; ashSkPcc.exe;
ashSkPck.exe; ashUpd.exe; ashWebSv.exe; ash_UpdateMediator.exe;
aswRegSvr.exe; aswUpdSv.exe; ATCON.EXE; ATUPDATER.EXE; ATWATCH.EXE;
AUPDATE.EXE; AUTODOWN.EXE; AutostartExplorer.exe; AUTOTRACE.EXE;
AUTOUPDATE.EXE; avadmin.exe; avcenter.exe; avciman.exe; avcmd.exe;
avconfig.exe; Avconsol.exe; AVENGINE.EXE; avgamsvr.exe; avgcc.exe;
AVGCC32.EXE; AVGCTRL.EXE; avgdiag.exe; avgemc.exe; avgfwsrv.exe;
avginet.exe; avgnpdln.exe; avgnpsvc.exe; AVGNT.EXE; avgntdd; avgntmgr;
avgrssvc.exe; avgscan.exe; AVGSERV.EXE; AVGUARD.EXE; avgupden.exe;
avgupsvc.exe; avgvv.exe; avgw.exe; avgwizfw.exe; avinitnt.exe;
AvkServ.exe; AVKService.exe; AVKWCtl.exe; avnotify.exe; AVP.EXE;
AVP32.EXE; avpcc.exe; avpm.exe; AVPUPD.EXE; avscan.exe; AVSCHED32.EXE;
avsynmgr.exe; AVWUPD32.EXE; AVWUPSRV.EXE; AVXMONITOR9X.EXE;
AVXMONITORNT.EXE; AVXQUAR.EXE; BackWeb-4476822.exe; bdagent.exe;
bdmcon.exe; bdnews.exe; bdoesrv.exe; bdss.exe; bdsubmit.exe;
bdsubmitwiz.exe; BDSurvey.exe; bdswitch.exe; bdwizreg.exe; blackd.exe;
blackice.exe; blindman.exe; BTIni.exe; BTIniNT.exe; cafix.exe;
CavApp.exe; CaVasm.exe; CavAUD.exe; CavEmSrv.exe; Cavmr.exe;
CavMUD.exe; Cavoar.exe; CavQ.exe; CAVSCons.exe; cavse.exe; CavSn.exe;
CavSub.exe; CAVSubmit.exe; CavUMAS.exe; CavUserUpd.exe; Cavvl.exe;
ccApp.exe; ccEvtMgr.exe; ccProxy.exe; ccSetMgr.exe; CEmRep.exe;
CFIAUDIT.EXE; clamscan.exe; ClamTray.exe; ClamWin.exe; Claw95.exe;
Claw95cf.exe; cleaner.exe; cleaner3.exe; CliSvc.exe; CMain.exe;
CMGrdian.exe; copyx64.exe; cpd.exe; cssexc.exe; custinstall.exe;
custsetup.exe; defensewall.exe; DefWatch.exe; dislite.exe; DOORS.EXE;
dpatrolq.exe; drvctl.exe; DrVirus.exe; DrvMap.exe; drwadins.exe;
drweb32w.exe; drweb386.exe; drwebscd.exe; DRWEBUPW.EXE; drwebwcl.exe;
drwreg.exe; ecmd.exe; egni.exe; ekrn.exe; EMM386.EXE; ESCANH95.EXE;
ESCANHNT.EXE; ewidoctrl.exe; exit_av.exe;
EzAntivirusRegistrationCheck.exe; F-AGNT95.EXE; F-PROT95.EXE;
F-Sched.exe; F-StopW.EXE; FAMEH32.exe; FAST.EXE; FCH32.exe;
firebird.exe; FireSvc.exe; FireTray.exe; FIREWALL.EXE; FLOPPY.EXE;
FLOPPY9x.EXE; FLOPPYME.EXE; FPAVServer.exe; fpavupdm.exe;
FProtTray.exe; fpscan.exe; fptrayproc.exe; FPWin.exe; freshclam.exe;
FRW.EXE; fsample.exe; fsaua.exe; fsauach.exe; fsav.exe; fsav32.exe;
fsavaui.exe; fsavgui.exe; fsavstrt.exe; fsavwsch.exe; fsavwscr.exe;
fsbwsys.exe; fsdbuh.exe; fsdc.exe; fsdfwd.exe; FSDIAG.exe;
FsDiagUi.exe; fsfwwsch.exe; fsfwwscr.exe; fsgetwab.exe; fsgk32.exe;
fsgk32st.exe; fsguidll.exe; fsguiexe.exe; FSHDLL32.exe; fshelp.exe;
FSHOTFIX.exe; fsihcomp.exe; fsihs.exe; FSIMAGE.EXE; FSLAUNCH.exe;
FSM32.exe; FSMA32.exe; FSMB32.exe; fspc.exe; fspex.exe; fsqh.exe;
fssf.exe; fssg.exe; fssm32.exe; fsstm.exe; fssw.exe; fstlui.exe;
fsuninst.exe; fsus.exe; gcasDtServ.exe; gcasServ.exe;
GIANTAntiSpywareMain.exe; GIANTAntiSpywareUpdater.exe; GUARD.EXE;
guardgni.exe; GUARDGUI.EXE; GuardNT.exe; helper.exe; hipsdiag.exe;
HRegMon.exe; Hrres.exe; HSockPE.exe; HUpdate.EXE; iamapp.exe;
iamserv.exe; ICLOAD95.EXE; ICLOADNT.EXE; ICMON.EXE; ICSSUPPNT.EXE;
ICSUPP95.EXE; ICSUPPNT.EXE; IERegFix.exe; IFACE.EXE; ih8.exe;
ih8run.exe; ILAUNCHR.exe; INETUPD.EXE; InocIT.exe; InoRpc.exe;
InoRT.exe; InoTask.exe; InoUpTNG.exe; InstallCAVS.exe;
InstallLicense.exe; InstallLSP.exe; InstLsp.exe; INWISE.EXE;
IOMON98.EXE; isafe.exe; ISATRAY.EXE; ISPNews.exe; isPwdsvc.exe;
ISRV95.EXE; ISSVC.exe; isUAC.exe; JEDI.EXE; KAV.exe; kavmm.exe;
KAVPF.exe; KavPFW.exe; KAVStart.exe; KAVSvc.exe; KAVSvcUI.EXE;
KMailMon.EXE; KPfwSvc.EXE; KWatch.EXE; licmgr.exe; livesrv.exe;
LiveUpdate.exe; LOCKDOWN2000.EXE; LogWatNT.exe; lpfw.exe; LUALL.EXE;
LUCallbackProxy.exe; LUCheck.exe; LUCOMSERVER.EXE;
LuComServer_3_2.EXE; LuConfig.exe; LUInit.exe; Luupdate.exe;
MalwareRemoval.exe; MCAGENT.EXE; mcmnhdlr.exe; mcregwiz.exe;
Mcshield.exe; MCUPDATE.EXE; mcvsshld.exe; MemString.exe; MINILOG.EXE;
MONITOR.EXE; monlite.exe; MonSysNT.exe; MOOLIVE.EXE; MpEng.exe;
mpssvc.exe; MSMPSVC.exe; msascui.exe; mva.exe; MVC.exe; myAgtSvc.exe;
myagttry.exe; navapsvc.exe; NAVAPW32.EXE; NavLu32.exe; NAVStub.exe;
NAVW32.EXE; Navwnt.exe; NDD32.EXE; NeoWatchLog.exe; NeoWatchTray.exe;
NetstatViewer.exe; nisoptui.exe; NISSERV; NISUM.EXE; NMAIN.EXE;
nod32.exe; nod32krn.exe; nod32kui.exe; NORMIST.EXE; NotifyHA.exe;
notstart.exe; npavtray.exe; NPFMNTOR.EXE; npfmsg.exe; NPROTECT.EXE;
NSCHED32.EXE; NSMdtr.exe; NssServ.exe; NssTray.exe; ntrtscan.exe;
NTXconfig.exe; NUPGRADE.EXE; NVC95.EXE; Nvcod.exe; Nvcte.exe;
Nvcut.exe; NWCDEX.EXE; NWService.exe; oasrv.exe; oaui.exe;
OfcPfwSvc.exe; olAddin.exe; OnAccessInstaller.exe; osCheck.exe;
OUTPOST.EXE; PartIn.exe; PartIn9x.exe; partinfo.exe; PartInNT.exe;
PAV.EXE; PavFires.exe; PavFnSvr.exe; Pavkre.exe; PavProt.exe;
pavProxy.exe; pavprsrv.exe; pavsrv51.exe; PAVSS.EXE; pccguide.exe;
PCCIOMON.EXE; pccntmon.exe; PCCPFW.exe; PcCtlCom.exe; PCTAV.exe;
PERSFW.EXE; pertsk.exe; PERVAC.EXE; PM8Flash.exe; PMagic.exe;
PMagic9x.exe; PMagicBT.exe; PMagicNT.exe; PNMSRV.EXE; POLUTIL.exe;
POP3TRAP.EXE; POPROXY.EXE; postinstall.exe; ppfw.exe; PQBOOT.EXE;
Pqboot32.exe; PQBOOTX.EXE; pqbw.exe; PQLAUNCH.EXE; PQMAGIC.EXE;
PqPe.exe; pqpe9x.exe; pqpent.exe; preconfig.exe; preupd.exe;
prevsrv.exe; PrevxSetup.exe; ProcessViewer.exe; psctrls.exe;
pshost.exe; PsImSvc.exe; PTEDIT.EXE; PTEDIT32.EXE; PTEPIT32.EXE;
PXAgent.exe; PXConsole.exe; PXL.exe; PXL1.exe; PXReset.exe;
pxsupport.exe; QHM32.EXE; QHONLINE.EXE; QHONSVC.EXE; QHPF.EXE;
qhwscsvc.exe; qklez.exe; qrtfix.exe; quaranti.exe; RavMon.exe;
RavTimer.exe; Realmon.exe; REALMON95.EXE; register.exe; removeit.exe;
Remover.exe; Rescue.exe; rfwmain.exe; Rtvscan.exe; RTVSCN95.EXE;
RuLaunch.exe; RunSetup.exe; sarcli.exe; sargui.exe; SAV32CLI.EXE;
SAVAdminService.exe; SAVMain.exe; savprogress.exe; SAVScan.exe;
SCAN32.EXE; scanner.exe; ScanningProcess.exe; sched.exe; sdhelp.exe;
sdinvoker.exe; sdloader.exe; SDTrayApp.exe; seccenter.exe;
SERVIC~1.EXE; SHSTAT.EXE; sigtool.exe; SiteCli.exe; smc.exe;
SNDSrvc.exe; SNUTIL.EXE; SPBBCSvc.exe; SPHINX.EXE; spiderml.exe;
spidernt.exe; Spiderui.exe; sporder.exe; SpybotSD.exe; SPYXX.EXE;
SS3EDIT.EXE; start_diag.exe; stopsignav.exe; SubmitFiles.exe;
svcntaux.exe; swAgent.exe; swdoctor.exe; swdsvc.exe; SWNETSUP.EXE;
SymantecRootInstaller.exe; symlcsvc.exe; SymProxySvc.exe;
SymSPort.exe; SymWSC.exe; SYNMGR.EXE; Sysinfo.exe; TAUMON.EXE;
TBMon.exe; TC.EXE; tca.exe; TCM.EXE; TDS-3.EXE; TeaTimer.exe;
TFAK.EXE; tgsvcstp.exe; THAV.EXE; THGnard.exe; THSM.EXE; Tmas.exe;
tmlisten.exe; Tmntsrv.exe; TmPfw.exe; tmproxy.exe; tnbutil.exe;
tracelog.exe; TRJSCAN.EXE; TrojanGuarder.exe; TrojanHunter.exe;
trtddptr.exe; uiscan.exe; UninstallCAVS.exe; Uninstaller.exe;
UninstallLSP.exe; unp_test.exe; Up2Date.exe; UPDATE.EXE;
UpdaterUI.exe; updclient.exe; upgrepl.exe; UPSObMaker.exe; UUpd.exe;
Vba32ECM.exe; Vba32ifs.exe; vba32ldr.exe; Vba32PP3.exe; VBSNTW.exe;
vchk.exe; vcrmon.exe; VetTray.exe; viritexp.exe; viritsvc.exe;
VirusKeeper.exe; VirusNews.exe; VistAux.exe; VisthLic.exe;
VisthUpd.exe; VPTRAY.EXE; vrfwsvc.exe; VRMONNT.EXE; vrmonsvc.exe;
vrrw32.exe; VSECOMR.EXE; Vshwin32.exe; vsmon.exe; vsserv.exe;
VsStat.exe; w9xpopen; WATCHDOG.EXE; Wclose.exe; webfiltr.exe;
WebProxy.exe; Webscanx.exe; WEBTRAP.EXE; WGFE95.EXE; wil.exe;
Winaw32.exe; WindowList.exe; winroute.exe; winss.exe; winssnotify.exe;
WRADMIN.EXE; WRCTRL.EXE; writespid.exe; WRPROG.EXE; wsctool.exe;
xcommsvr.exe; zatutor.exe; ZAUINST.EXE; zauninst.exe; zlclient.exe;
zonealarm.exe; _AVP32.EXE; _AVPCC.EXE; _AVPM.EXE


List of services that are disabled:
• Aavmker4; ABVPN2K; acssrv; ADBLOCK.DLL; ADFirewall; AFWMCL; Ahnlab
task Scheduler; alerter; AlertManger; AntiVir Service; AntiyFirewall;
ARP.DLL; aswMon2; aswRdr; aswTdi; aswUpdSv; Ati HotKey Poller; avast!
Antivirus; avast! Mail Scanner; avast! Web Scanner; AVEService;
AVExch32Service; AvFlt; Avg7Alrt; Avg7Core; Avg7RsW; Avg7RsXP;
Avg7UpdSvc; AvgCore; AvgFsh; AVGFwSrv; AvgFwSvr; AvgServ; AvgTdi;
AVIRAMailService; AVIRAService; AVKProxy; AVKService; AVKWCtl; avpcc;
AVUPDService; AVWUpSrv; AvxIni; awhost32; backweb client - 4476822;
BackWeb Client - 7681197; backweb client-4476822; Bdfndisf; bdftdif;
bdss; BlackICE; BsFileSpy; BsFirewall; BsMailProxy; CAISafe; ccEvtMgr;
ccPwdSvc; ccSetMgr; ccSetMgr.exe; CONTENT.DLL; DefWatch; DNSCACHE.DLL;
drwebnet; dvpapi; dvpinit; ewido security suite control; ewido
security suite driver; ewido security suite guard; F-Prot Antivirus
Update Monitor; F-Secure Gatekeeper Handler Starter; firewall; FSAUA;
fsbwsys; FSDFWD; FSFW; FSMA; FTPFILT.DLL; FwcAgent; fwdrv; Guard NT;
HSnSFW; HSnSPro; HTMLFILT.DLL; HTTPFILT.DLL; IMAPFILT.DLL; InoRPC;
InoRT; InoTask; Ip6Fw; Ip6FwHlp; KAVMonitorService; KAVSvc; KLBLMain;
KPfwSvc; KWatch3; KWatchSvc; MAILFILT.DLL; McAfee Firewall;
McAfeeFramework; McShield; McTaskManager; mcupdmgr.exe; MCVSRte;
Microsoft NetWork FireWall Services; MonSvcNT; MpfService; MpsSvc;
navapsvc; Ndisuio; NDIS_RD; Network Associates Log Service; nipsvc;
NISSERV; NISUM; NNTPFILT.DLL; NOD32ControlCenter; NOD32krn;
NOD32Service; Norman NJeeves; Norman Type-R; Norman ZANDA; Norton
AntiVirus Server; NPDriver; NPFMntor; NProtectService; NSCTOP; nvcoas;
NVCScheduler; nwclntc; nwclntd; nwclnte; nwclntf; nwclntg; nwclnth;
NWService; OfcPfwSvc; Outbreak Manager; Outpost Firewall;
OutpostFirewall; PASSRV; PAVAGENTE; PavAtScheduler; PAVDRV; PAVFIRES;
PAVFNSVR; Pavkre; PavProc; PavProt; PavPrSrv; PavReport; PAVSRV;
PCCPFW; PCC_PFW; PersFW; Personal Firewall; POP3FILT.DLL; PREVSRV;
PSIMSVC; qhwscsvc; Quick Heal Online Protection; ravmon8; RfwService;
SAVFMSE; SAVScan; SBService; schscnt; SECRET.DLL; SharedAccess;
SmcService; SNDSrvc; SPBBCSvc; SpiderNT; SweepNet; SWEEPSRV.SYS;
Symantec AntiVirus Client; Symantec Core LC; The_Hacker_Antivirus;
Tmntsrv; TmPfw; tmproxy; tmtdi; tm_cfw; T_H_S_M; V3MonNT; V3MonSvc;
Vba32ECM; Vba32ifs; Vba32Ldr; Vba32PP3; VBCompManService;
VexiraAntivirus; VFILT; VisNetic AntiVirus Plug-in; vrfwsvc; vsmon;
VSSERV; WinAntivirus; WinDefend; WinRoute; wscsvc; wuauserv; xcomm

Miscellaneous

Anti debugging
It checks if one of the following programs is running:
• SoftIce
• FileMon
• RegMog
• ProcMon
• Process Explorer
• DeepFreeze

If it was successful it displays the following and terminates immediately:

File details

Runtime packer:
In order to aggravate detection and reduce size of the file it is packed with the following runtime packer:
• Themida
Secure Computing Corporate Homepage | Contact | Privacy Policy | Disclaimer

Copyright © 2007-2008 Secure Computing Corporation. All Rights Reserved.

THE DATA IS FURNISHED, "AS IS" WITHOUT ANY WARRANTY OF ANY KIND, AND SECURE COMPUTING® HEREBY DISCLAIM ALL WARRANTIES, EXPRESS, IMPLIED OR STATUTORY INCLUDING, WITHOUT LIMITATION, ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, AND ANY WARRANTIES AS TO NON-INFRINGEMENT, AND IN NO EVENT SHALL SECURE COMPUTING® BE LIABLE FOR COSTS OF PROCURING SUBSTITUTE GOODS. IN NO EVENT WILL SECURE COMPUTING® BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, INCIDENTAL, EXEMPLARY, OR OTHER DAMAGES WHETHER OR NOT SECURE COMPUTING® HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH LOSS OR DAMAGE.