Especially while it is packed with FLY-CODE, where Control flow analysis is hindered by malware hiding the real code and contents, see here where the malware comes undetected: http://www.garyshood.com/virus/results.php?r=2da115a9f4e4667fb437f11bf2c5d41f
and in the anubis analysis we find this alureon characteristic: “x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll” unresolved import
One of three mutexes = critopmutex. which tries to connect out etc. etc.
Well again the avast Network shield blocks the malicious url as URL:Mal and the avast users have been protected all the time. Forum friends, the shields are the avast av solution’s gems, really they are,
This is proof of a quite new one or partially new: http://www.virustotal.com/file-scan/report.html?id=a99aa275cd539f17cfdd9483eccdd2926767ebce923274d7bc8753d96fe0068f-1312832335
Threat-Expert analysis:
File MD5: 0x2DA115A9F4E4667FB437F11BF2C5D41F;
File SHA-1: … %Temp%\2.tmp, 163840 bytes
unique and first seen here;
RGI4.TMP is unknown, probably legitimate
First seen June 1st 2011
MD5 of RGI4.TMP = 8DDC22056678464374DBD9BF8EFBFDA4
RGI4.TMP size is 85018 bytes.
Full path on a computer: %TEMP%\RGI4.TMP
E5\index.dat, 16384 bytes, MD5: 0x50CC4803AC4953D1B21A4120D4EC4669. SHA-1:
also first seen here.