ThreatExpert Report: W32.Virut.CF, W32/Virut.n.gen, W32/Scribble-B, Virus.Win32.Virut..

Visit ThreatExpert web site

Close Report

Submission Summary:

Submission details:

Submission received: 4 July 2012, 19:31:13
Processing time: 16 min 28 sec
Submitted sample:

File MD5: 0xFB296BD65D5A0A0E2C9328DA290E6DFB
File SHA-1: 0x1C08910705F7289D15E16B58E5369BA9276C41FA
Filesize: 305,152 bytes
Alias:

W32.Virut.CF [Symantec]
W32/Virut.n.gen [McAfee]
W32/Scribble-B [Sophos]
Virus.Win32.Virut [Ikarus]

Summary of the findings:

What's been found	Severity Level
Produces outbound traffic.
Downloads/requests other files from Internet.
Creates a startup registry entry.
Contains characteristics of an identified security risk.

Technical Details:

Possible Security Risk

Attention! The following threat categories were identified:

Threat Category	Description
	A malicious backdoor trojan that runs in the background and allows remote access to the compromised system
	A malicious trojan horse or bot that may represent security risk for the compromised system and/or its network environment

File System Modifications

The following files were created in the system:

#	Filename(s)	File Size	File Hash	Alias
1	%AllUsersProfile%\svchost.exe	43,520 bytes	MD5: 0xACE63C6D60B134DC7BCE837F6E5C93DC SHA-1: 0xB1D5ECD0D331B9CB171D1A7C885F184F39D7A658	Backdoor.Trojan [Symantec] Backdoor.Win32.Androm.a [Kaspersky Lab] Backdoor-FGP [McAfee] Mal/Generic-L [Sophos] Trojan.Win32.Spy [Ikarus]
2	%AppData%\afeiisb.exe	63,488 bytes	MD5: 0x583E8CE84533F5545638BC0E99AB26E9 SHA-1: 0x4550AD0B48C6D4EDB8E0A78BD95F43CC92BB3D36	W32.Virut.CF [Symantec] W32/Virut.n.gen [McAfee] W32/Scribble-B [Sophos] Trojan.Win32.VB [Ikarus]
3	%AppData%\audiomgr.exe	88,576 bytes	MD5: 0x8AF569E4496E7F91E02017566536A8BF SHA-1: 0x5C02A2EA7A0D5C9748A2BFDF952EF88CCFD29045	W32.Virut.CF [Symantec] W32/Virut.n.gen [McAfee] W32/Scribble-B [Sophos] Virus.Win32.Virut [Ikarus]
4	%AppData%\msstart.exe	63,488 bytes	MD5: 0x608C79BC1FFB533FF05914D2CF4CC664 SHA-1: 0x1E1D8C7200B9B81CDC08E1EAD42050E8CEEA3480	W32.Virut.CF [Symantec] W32/Virut.n.gen [McAfee] W32/Scribble-B [Sophos] Trojan.Win32.VB [Ikarus]
5	%AppData%\Plug.bat	110 bytes	MD5: 0x65665C18A13B28554B34EBF4C5F75987 SHA-1: 0x1EFF465A0CF636ADAD3688A6ED77C17893BF0353	Generic BackDoor.se!bat [McAfee] Troj/Runstub-A [Sophos]
6	%AppData%\qtwm.exe	728,576 bytes	MD5: 0x8BD1EDE9278F8BBD25657FD22755FEDB SHA-1: 0xA0D469388DCAC658CE1509A091388158CED9B343	W32.Virut.CF [Symantec] W32/Virut.n.gen [McAfee] W32/Scribble-B [Sophos] Win32.SuspectCrc [Ikarus]
7	%AppData%\rudgbrm.exe	728,576 bytes	MD5: 0xD70BD57EC892E090873072B18E5609B5 SHA-1: 0x4D9C3298CA8CE15022116F6F764AA73EBE56B7B9	W32.Virut.CF [Symantec] W32/Virut.n.gen [McAfee] W32/Scribble-B [Sophos] Win32.Virtob [Ikarus]
8	%AppData%\s4clak.exe	65,024 bytes	MD5: 0xFC8D07E176DE69622CD3645E3A6A9851 SHA-1: 0xADB019DD5D8B51460A3A9654819B64B278842885	W32.Virut.CF [Symantec] W32/Virut.n.gen [McAfee] W32/Scribble-B [Sophos] Backdoor.Win32.VB [Ikarus]
9	%AppData%\tnsb	0 bytes	MD5: 0xD41D8CD98F00B204E9800998ECF8427E SHA-1: 0xDA39A3EE5E6B4B0D3255BFEF95601890AFD80709	(not available)
10	%AppData%\tonysba.exe	0 bytes	MD5: 0xD41D8CD98F00B204E9800998ECF8427E SHA-1: 0xDA39A3EE5E6B4B0D3255BFEF95601890AFD80709	(not available)
11	%Temp%\datafile1	1,544 bytes	MD5: 0x5DDFF206DD73E50A2ED7BD19846CE999 SHA-1: 0x6A2E3B9AE580B42A706E0D5FD6521A2C6F607DDC	(not available)
12	%System%\nwcwks.dll	8,192 bytes	MD5: 0x560F8147E9BB5A728D8715120D2F7E7F SHA-1: 0xBBE08F172EAE8F6E49A6E1B8BB121816C326F8E3	Trojan.Gen [Symantec] Generic BackDoor.s [McAfee] Troj/Inject-OJ [Sophos] Trojan.Win32.Inject [Ikarus]
13	[file and pathname of the sample #1]	305,152 bytes	MD5: 0xFB296BD65D5A0A0E2C9328DA290E6DFB SHA-1: 0x1C08910705F7289D15E16B58E5369BA9276C41FA	W32.Virut.CF [Symantec] W32/Virut.n.gen [McAfee] W32/Scribble-B [Sophos] Virus.Win32.Virut [Ikarus]
14	%Windir%\Temp\datafile1	232 bytes	MD5: 0xB449677C5C4170EAA6C2A439DB23D442 SHA-1: 0x7507BF05EDC9CB44087FE8F06E2C8AF1DBEAB4EC	(not available)
15	%Windir%\Temp\VRT1.tmp %Windir%\Temp\VRT4.tmp	8,192 bytes	MD5: 0x55BB4F22ABBA468BE858223A0035CB22 SHA-1: 0xDAA50F041120E095AF87F447C17ED9ADB41200B8	Trojan-PWS.Win32.VB [Ikarus]
16	%Windir%\Temp\VRT2.tmp %Windir%\Temp\VRT5.tmp	13,824 bytes	MD5: 0xFF5F5BC2340A93642E0CA8D336255139 SHA-1: 0xD0F7AE09770E487F2A7C0F829DCBB7E37925E444	Trojan.Gen.2 [Symantec] Backdoor-FGP [McAfee] Mal/Generic-L [Sophos] Trojan.Win32.Spy [Ikarus]
17	%Windir%\Temp\VRT3.tmp %Windir%\VRT3.tmp	153,600 bytes	MD5: 0x862DFD89F5777B89E7FBDF814513638C SHA-1: 0xC686E54012F2FF9B94570D531EBF0566F3C17435	W32.SillyFDC [Symantec] Win32.SuspectCrc [Ikarus]
18	%Windir%\Temp\VRT6.tmp	0 bytes	MD5: 0xD41D8CD98F00B204E9800998ECF8427E SHA-1: 0xDA39A3EE5E6B4B0D3255BFEF95601890AFD80709	(not available)

Notes:

%AllUsersProfile% is a variable that specifies the all users' profile folder. By default, this is C:\Documents and Settings\All Users (Windows NT/2000/XP).
%AppData% is a variable that refers to the file system directory that serves as a common repository for application-specific data. A typical path is C:\Documents and Settings\[UserName]\Application Data.
%Temp% is a variable that refers to the temporary folder in the short path form. By default, this is C:\Documents and Settings\[UserName]\Local Settings\Temp\ (Windows NT/2000/XP).
%System% is a variable that refers to the System folder. By default, this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).
%Windir% is a variable that refers to the Windows installation folder. By default, this is C:\Windows or C:\Winnt.

Registry Modifications

The following Registry Keys were created:

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/json
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/json\CLSID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Play_Background_Sounds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tbsolute
HKEY_LOCAL_MACHINE\SOFTWARE\mdlwe42dgd
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MSHOST_MANAGER
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MSHOST_MANAGER\0000
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_NWCWORKSTATION
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_NWCWORKSTATION\0000
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Mshost Manager
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Mshost Manager\Security
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NWCWorkstation
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NWCWorkstation\Parameters
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NWCWorkstation\Security
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_MSHOST_MANAGER
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_MSHOST_MANAGER\0000
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_NWCWORKSTATION
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_NWCWORKSTATION\0000
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Mshost Manager
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Mshost Manager\Security
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\NWCWorkstation
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\NWCWorkstation\Parameters
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\NWCWorkstation\Security
HKEY_USERS\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates\53845E9FD070B7AA36976F536FF1441C578C63D2
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History
HKEY_USERS\.DEFAULT\Software\tcpudp
HKEY_USERS\.DEFAULT\Software\tnsbinstalled

The newly created Registry Values are:

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/json]

CLSID = "{25336920-03F9-11cf-8FD0-00AA00686F13}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]

Use FormSuggest = "yes"
Play_Background_Sounds = "no"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings]

WarnOnZoneCrossing = 0x00000000
WarnOnPost = 0x00000000
WarnonBadCertRecving = 0x00000000
WarnOnHTTPSToHTTPRedirect = 0x00000000
WarnOnPostRedirect = 0x00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

Mshost Manager = "%AppData%\msstart.exe"
SunJavaUpdateSched = "%AllUsersProfile%\svchost.exe"
UserFaultCheck = "%System%\dumprep 0 -u"

so that msstart.exe runs every time Windows starts

so that svchost.exe runs every time Windows starts

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup]

RegistryWm1 = "14421273"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AeDebug]

Auto = 0x00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tbsolute]

values = 2A 3D F7 67 64 67 67 67 63 67 67 67 98 98 67 67 DF 67 67 67 67 67 67 67 27 67 67 67 67 67 67 67 67 67 67 67 67 67 67 67 67 67 67 67 67 67 67 67 67 67 67 67 67 67 67 67 67 67 67 67 67 66 67 67 69 78 DD 69 67 D3 6E AA 46 DF 66 2B AA 46 33 0F 0E 14 47 1

[HKEY_LOCAL_MACHINE\SOFTWARE\mdlwe42dgd]

mdlwe42dgdpath = "%AppData%\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MSHOST_MANAGER\0000]

Service = "Mshost Manager"
Legacy = 0x00000001
ConfigFlags = 0x00000000
Class = "LegacyDriver"
ClassGUID = "{8ECC055D-047F-11D1-A537-0000F8753ED1}"
DeviceDesc = "Mshost Manager"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MSHOST_MANAGER]

NextInstance = 0x00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_NWCWORKSTATION\0000]

Service = "NWCWorkstation"
Legacy = 0x00000001
ConfigFlags = 0x00000000
Class = "LegacyDriver"
ClassGUID = "{8ECC055D-047F-11D1-A537-0000F8753ED1}"
DeviceDesc = "Client Service for NetWare"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_NWCWORKSTATION]

NextInstance = 0x00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Mshost Manager\Security]

Security = 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 0

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Mshost Manager]

Type = 0x00000110
Start = 0x00000002
ErrorControl = 0x00000000
ImagePath = "%AppData%\Plug.bat"
DisplayName = "Mshost Manager"
ObjectName = "LocalSystem"
Description = "Provides network host signaling and local traffic control setup functionality for network programs and control applets."

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NWCWorkstation\Security]

Security = 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 0

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NWCWorkstation\Parameters]

ServiceDll = "%System%\nwcwks.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NWCWorkstation]

Type = 0x00000020
Start = 0x00000002
ErrorControl = 0x00000001
ImagePath = "%System%\svchost.exe -k netsvcs"
DisplayName = "Client Service for NetWare"
ObjectName = "LocalSystem"
Description = "Provides access to file and print resources on NetWare networks."

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_MSHOST_MANAGER\0000]

Service = "Mshost Manager"
Legacy = 0x00000001
ConfigFlags = 0x00000000
Class = "LegacyDriver"
ClassGUID = "{8ECC055D-047F-11D1-A537-0000F8753ED1}"
DeviceDesc = "Mshost Manager"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_MSHOST_MANAGER]

NextInstance = 0x00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_NWCWORKSTATION\0000]

Service = "NWCWorkstation"
Legacy = 0x00000001
ConfigFlags = 0x00000000
Class = "LegacyDriver"
ClassGUID = "{8ECC055D-047F-11D1-A537-0000F8753ED1}"
DeviceDesc = "Client Service for NetWare"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_NWCWORKSTATION]

NextInstance = 0x00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Mshost Manager\Security]

Security = 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 0

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Mshost Manager]

Type = 0x00000110
Start = 0x00000002
ErrorControl = 0x00000000
ImagePath = "%AppData%\Plug.bat"
DisplayName = "Mshost Manager"
ObjectName = "LocalSystem"
Description = "Provides network host signaling and local traffic control setup functionality for network programs and control applets."

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\NWCWorkstation\Security]

Security = 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 0

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\NWCWorkstation\Parameters]

ServiceDll = "%System%\nwcwks.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\NWCWorkstation]

Type = 0x00000020
Start = 0x00000002
ErrorControl = 0x00000001
ImagePath = "%System%\svchost.exe -k netsvcs"
DisplayName = "Client Service for NetWare"
ObjectName = "LocalSystem"
Description = "Provides access to file and print resources on NetWare networks."

[HKEY_USERS\.DEFAULT\AppEvents\Schemes\Apps\Explorer\Navigating\.Current]

(Default) = ""

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main]

Use FormSuggest = "yes"
DisableScriptDebuggerIE = "yes"
Error Dlg Displayed On Every Error = "no"

[HKEY_USERS\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates\53845E9FD070B7AA36976F536FF1441C578C63D2]

Blob = 18 00 00 00 01 00 00 00 10 00 00 00 99 C0 39 58 D4 13 8C 59 AE 87 67 2B EB 67 43 2A 04 00 00 00 01 00 00 00 10 00 00 00 81 9C F2 D1 27 5D 3F F9 1C 23 F1 00 93 5B B0 78 03 00 00 00 01 00 00 00 14 00 00 00 53 84 5E 9F D0 70 B7 AA 36 97 6F 53 6F F1 44 1

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer]

UpdateHost = 00 50 53 85 77 C5

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]

Hidden = 0x00000002
ShowSuperHidden = 0x00000000
SuperHidden = 0x00000001

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]

ProxyEnable = 0x00000000
WarnonBadCertRecving = 0x00000000
CertificateRevocation = 0x00000000
WarnonZoneCrossing = 0x00000000
WarnOnPostRedirect = 0x00000000

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

Audio Driver = "%AppData%\audiomgr.exe"
tcpudp = "%Windir%\VRT6.tmp"
tnssb = "%AppData%\tonysba.EXE"
RegistryWm = "%AppData%\qtwm.exe"

so that audiomgr.exe runs every time Windows starts

so that VRT6.tmp runs every time Windows starts

so that qtwm.exe runs every time Windows starts

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows NT\CurrentVersion\Windows]

win = "%AppData%\msstart.exe"
init = "%AppData%\msstart.exe"

so that msstart.exe runs every time Windows starts

[HKEY_USERS\.DEFAULT\Software\tcpudp]

MasterServer = "Y2x1YnByb3RlY3RlcmxkdC5zdQ=="
ReserveServer = "am9yZW1vbmtvdmljaHNkai5zdQ=="
MasterPath = "L2ZvcnVtLyNhdXRvLnBocA=="

Other details

Analysis of the file resources indicate the following possible countries of origin:

	Germany
	China

There were registered attempts to establish connection with the remote hosts. The connection details are:

Remote Host	Port Number
109.230.208.143	80
184.164.144.83	80
31.210.109.42	80
50.22.71.155	80
122.224.18.29	520
122.224.18.29	66

The data identified by the following URLs was then requested from the remote web server:

http://www.lkio09.com/nfdyifd3.txt
http://zhongmail.com:520/jiba.asp
http://zhongmail.com:66/sb.txt
http://zhongmail.com:66/afei.txt
http://zhongmail.com:66/sk.txt
http://www.zzxml.com/p6.asp?MAC=00-0C-29-05-61-EA&Publicer=tr2
http://www.nintendodsis.info/
http://www.nintendodsis.info/wp-content/themes/universal-web/style.css
http://www.nintendodsis.info/wp-content/themes/universal-web/images/header.png
http://www.nintendodsis.info/wp-content/themes/universal-web/images/search.png
http://www.nintendodsis.info/wp-content/themes/universal-web/images/body.png
http://www.nintendodsis.info/wp-content/themes/universal-web/images/post-bottom.png
http://www.nintendodsis.info/wp-content/themes/universal-web/images/icons.png
http://www.nintendodsis.info/wp-content/uploads/2012/06/electr-300x261.jpg
http://www.nintendodsis.info/wp-content/themes/universal-web/images/sidebox.png
http://www.nintendodsis.info/wp-content/themes/universal-web/images/search-button.png
http://www.nintendodsis.info/wp-content/themes/universal-web/images/footer.png
http://www.nintendodsis.info/wp-content/themes/universal-web/images/pagination.png

Outbound traffic (potentially malicious)

There was an outbound traffic produced on port 80:

All content ("Information") contained in this report is the copyrighted work of Threat Expert Ltd and its associated companies ("ThreatExpert") and may not be copied without the express permission of ThreatExpert.

The Information is provided on an "as is" basis. ThreatExpert disclaims all warranties, whether express or implied, to the maximum extent permitted by law, including the implied warranties that the Information is merchantable, of satisfactory quality, accurate, fit for a particular purpose or need, or non-infringing, unless such implied warranties are legally incapable of exclusion. Further, ThreatExpert does not warrant or make any representations regarding the use or the results of the use of the Information in terms of their correctness, accuracy, reliability, or otherwise.