Hi Pondus,
Thanks for checking this one out, but there is also more interesting info on the packers used.
VT lists:
TrID
UPX compressed Win32 Executable (39.5%)
Win32 EXE Yoda's Crypter (34.3%)
Win32 Executable Generic (11.0%)
Win32 Dynamic Link Library (generic) (9.8%)
Generic Win/DOS Executable (2.5%)
PEiD packer identifier
UPX 2.93 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
DrWeb finds:
Checking: htxp://gjgt.sk/%7Efuller/dotakeys1.3/autoupdate.exe?fakeParam=3D3D%26%26amp%2F%26%2F%2F/
Engine version: 7.0.3.7130
Total virus-finding records: 3086527
File size: 209.84 KB
File MD5: e22b03decb36b26ee2c7b83becf02ec3
htxp://gjgt.sk/%7Efuller/dotakeys1.3/autoupdate.exe?fakeParam=3D3D%26%26amp%2F%26%2F%2F/ packed by UPX
>htxp://gjgt.sk/%7Efuller/dotakeys1.3/autoupdate.exe?fakeParam=3D3D%26%26amp%2F%26%2F%2F/ - archive AUTOIT
>>htxp://gjgt.sk/%7Efuller/dotakeys1.3/autoupdate.exe?fakeParam=3D3D%26%26amp%2F%26%2F%2F//_ahk\warpath\dotakeys1.3\pokusy\upd\update_checking.gif - Ok
>>htxp://gjgt.sk/%7Efuller/dotakeys1.3/autoupdate.exe?fakeParam=3D3D%26%26amp%2F%26%2F%2F//_ahk\warpath\dotakeys1.3\pokusy\upd\update_downloading.gif - Ok (Nebezpečné pokusy)
>>htxp://gjgt.sk/%7Efuller/dotakeys1.3/autoupdate.exe?fakeParam=3D3D%26%26amp%2F%26%2F%2F//_ahk\warpath\dotakeys1.3\pokusy\upd\update_available.gif - Ok (Nebezpečné pokusy)
>>htxp://gjgt.sk/%7Efuller/dotakeys1.3/autoupdate.exe?fakeParam=3D3D%26%26amp%2F%26%2F%2F//_ahk\warpath\dotakeys1.3\pokusy\upd\update_notfound.gif - Ok (Nebezpečné pokusy)
>>htxp://gjgt.sk/%7Efuller/dotakeys1.3/autoupdate.exe?fakeParam=3D3D%26%26amp%2F%26%2F%2F//_ahk\warpath\dotakeys1.3\pokusy\upd\line.gif - Ok
>>htxp://gjgt.sk/%7Efuller/dotakeys1.3/autoupdate.exe?fakeParam=3D3D%26%26amp%2F%26%2F%2F//DOCUME~1\Fucko\LOCALS~1\Temp\ahk1E7.tmp - Ok (hidden files an folders!)
>htxp://gjgt.sk/%7Efuller/dotakeys1.3/autoupdate.exe?fakeParam=3D3D%26%26amp%2F%26%2F%2F/ - Ok
compare the encoding heuristics to those given here:
http://www.malwareblacklist.com/searchClearingHouse.php?search=soft.youxi123.com/download/comsc/setup_7.exe?DotaKeys, the program that allows you to remap keys in Warcraft 3 map DotA:Allstars # see:
http://www.mywot.com/en/scorecard/gjgt.sk?utm_source=addon&utm_content=popup-donuts url also flagged by Bitdefender's TrafficLight as unsafe...
Above you see the update files haven't been found - fakeParam ddbeug parameter etc...
polonus