Link: hxxp://user1.3332210.net/StormII.html

File Name: StormII.html
File size: 3650 bytes
MD5...: 8904fbe5689a1a4c900c61f0ae7ee099
SHA1..: 3a28e16ef06ebd0ffdab1cde13d5d8b873e160f3
SHA256: 91adb4f99661214fd3212b95c03058afbd2489be692b15fbf7bf5aa77faad082
SHA512: 729d33ab9ae4a3c097438c8fafea027a470d0d656dd43fb358d1b81040d2117d
0d87f265e599fcb055c9a00cc81b7d1eec9f976ff1263d7e6e6254a304171d92

VirusTotal Result: 11/32 (34.38%)
AntiVir	7.8.0.8	2008.04.18	HTML/Shellcode.Gen
Authentium	4.93.8	2008.04.19	JS/Agent.CU
Avast	4.8.1169.0	2008.04.19	VBS:Malware-gen
BitDefender	7.2	2008.04.20	Exploit.HTML.Agent.AB
eSafe	7.0.15.0	2008.04.17	JS.Agent.jo
F-Prot	4.4.2.54	2008.04.20	JS/Agent.CU
Ikarus	T3.1.1.26.0	2008.04.20	Exploit.HTML.Agent.AB
NOD32v2	3041	2008.04.19	JS/TrojanDownloader.Agent.NCH
Rising	20.40.52.00	2008.04.19	Hack.Exploit.Script.JS.Bucode.c
Sophos	4.28.0	2008.04.19	Mal/JSShell-B
Webwasher-Gateway	6.6.2	2008.04.18	Script.Shellcode.Gen

Process Details:
----------------
Process: IEXPLORE.EXE Pid: 1148

Mutants:-
\BaseNamedObjects\_!MSFTHISTORY!_
\BaseNamedObjects\_!SHMSFTHISTORY!_
\BaseNamedObjects\c:!documents and settings!administrator!cookies!
\BaseNamedObjects\c:!documents and settings!administrator!local settings!history!history.ie5!
\BaseNamedObjects\c:!documents and settings!administrator!local settings!history!history.ie5!mshist012008042120080422!
\BaseNamedObjects\c:!documents and settings!administrator!local settings!temporary internet files!content.ie5!
\BaseNamedObjects\CTF.Asm.MutexDefaultS-1-5-21-1417001333-1343024091-1957994488-500
\BaseNamedObjects\CTF.Compart.MutexDefaultS-1-5-21-1417001333-1343024091-1957994488-500
\BaseNamedObjects\CTF.Layouts.MutexDefaultS-1-5-21-1417001333-1343024091-1957994488-500
\BaseNamedObjects\CTF.LBES.MutexDefaultS-1-5-21-1417001333-1343024091-1957994488-500
\BaseNamedObjects\CTF.TMD.MutexDefaultS-1-5-21-1417001333-1343024091-1957994488-500
\BaseNamedObjects\mvmkgnevfnei_1148
\BaseNamedObjects\ovmkgnevfnei_1148
\BaseNamedObjects\RasPbFile
\BaseNamedObjects\ShimCacheMutex
\BaseNamedObjects\WininetConnectionMutex
\BaseNamedObjects\WininetProxyRegistryMutex
\BaseNamedObjects\WininetStartupMutex
\BaseNamedObjects\SENS Information Cache
\BaseNamedObjects\ShimSharedMemory
\BaseNamedObjects\UrlZonesSM_Administrator
\BaseNamedObjects\shell._ie_sessioncount
\BaseNamedObjects\shell.{090851A5-EB96-11D2-8BE4-00C04FA31A66}
\BaseNamedObjects\shell.{210A4BA0-3AEA-1069-A2D9-08002B30309D}
\BaseNamedObjects\shell.{6D5313C0-8C62-11D1-B2CD-006097DF8C11}
\BaseNamedObjects\shell.{7CB834F0-527B-11D2-9D1F-0000F805CA57}
\BaseNamedObjects\shell.{A48F1A32-A340-11D1-BC6B-00A0C90312E1}

Files Created:
C:\Sandbox\Administrator\Test\user\current\Local Settings\Temporary Internet Files\Content.IE5\0X05Q5EL\CAS73MKW.HTM

Files Read:
\Device\Afd\AsyncConnectHlp
\Device\Afd\Endpoint
\Device\Ip
\Device\KsecDD
\Device\NamedPipe\lsarpc
\Device\NamedPipe\ROUTER
\Device\Tcp
\Device\Udp
\Device\WMIDataDevice
E:\Infected\Malware Archive\StormII.html
C:\Sandbox\Administrator\Test\RegHive.LOG
C:\WINDOWS\system32\390187669212.CPX
C:\Sandbox\Administrator\Test\user\current\Local Settings\Temporary Internet Files\Content.IE5\0X05Q5EL\CAS73MKW.HTM

Registry Keys Read:
HKCU\Software\Classes
HKCU\Software\Microsoft\Internet Explorer\Security\P3Global
HKCU\Software\Microsoft\Internet Explorer\Security\P3Sites
HKCU\Software\Microsoft\Internet Explorer\TypedURLs
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
HKCU\Software\Microsoft\Windows\ShellNoRoam
HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\3\Shell
HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache
HKLM\SOFTWARE\Microsoft\COM3
HKLM\SOFTWARE\Microsoft\Tracing\RASAPI32
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
HKLM\SOFTWARE\Microsoft\Windows\Shell
HKLM\SYSTEM\ControlSet003\Control\Nls\Language Groups
HKLM\SYSTEM\ControlSet003\Control\Nls\Locale
HKLM\SYSTEM\ControlSet003\Control\Nls\Locale\Alternate Sorts
HKLM\SYSTEM\ControlSet003\Hardware Profiles\0001
HKLM\SYSTEM\ControlSet003\Services\NetBT\Parameters
HKLM\SYSTEM\ControlSet003\Services\NetBT\Parameters\Interfaces
HKLM\SYSTEM\ControlSet003\Services\Tcpip\Linkage
HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters
HKLM\SYSTEM\ControlSet003\Services\WinSock2\Parameters\NameSpace_Catalog5
HKLM\SYSTEM\ControlSet003\Services\WinSock2\Parameters\Protocol_Catalog9

Registry Entries Created:
HKCU\user\current\software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist
HKCU\user\current\software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}
HKCU\user\current\software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count
HKCU\user\current\software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist
HKCU\user\current\software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}
HKCU\user\current\software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count