Analysis Date2014-06-29 03:53:12
MD5cbeb14b902dcd3afc99e5973ce6ca592
SHA1017e9e74b2443e2a41bda72d993f3fb9a48bddbd

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 98c8f0ca1c607eba51ac9d7435608084 sha1: e1577bb530d2bf7e8b7ed902b4799b1d0dda852a size: 132608
Section.tls md5: b4bc41834dcc4634ef84d60742950f20 sha1: 6fb21780cdce6e31b49d76edc76b65f369915fb6 size: 1024
Section.data md5: 041a28bd68083392646e991420940b90 sha1: 0a03fd260e7bc7cde1051a4e2aa69abfae304cb7 size: 74752
Section.reloc md5: ee890c4806d652f1da45a3b21b2ddfc9 sha1: 4c150234492d75efd906b6ea5cd43269e3b98984 size: 1024
Timestamp2005-09-02 09:41:18
PEhash83ad39675b0d307252529d490e79ecb13de33695
IMPhash585c2bc8670edff5dfef03af2c9fdbb0
AV360 SafeGen:Heur.Conjar.9
AVAd-AwareGen:Heur.Conjar.9
AVAlwil (avast)Cybota [Trj]
AVArcabit (arcavir)no_virus
AVAuthentiumW32/Goolbot.K.gen!Eldorado
AVAvira (antivir)TR/Crypt.XPACK.Gen7
AVCA (E-Trust Ino)Win32/FakeAlert.J!generic
AVCAT (quickheal)Backdoor.Cycbot.B
AVClamAVWin.Trojan.Agent-700916
AVDr. WebBackDoor.Gbot.70
AVEmsisoftGen:Heur.Conjar.9
AVEset (nod32)Win32/Kryptik.RYP
AVFortinetW32/Kryptik.SMY!tr.bdr
AVFrisk (f-prot)W32/Goolbot.K.gen!Eldorado (generic, not disinfectable)
AVF-SecureGen:Heur.Conjar.9
AVGrisoft (avg)Generic24.AREG
AVIkarusBackdoor.Win32.Cycbot
AVK7Backdoor ( 003210941 )
AVKasperskyTrojan.Win32.Generic
AVMalwareBytesBackdoor.Bot
AVMcafeeBackDoor-EXI.gen.k
AVMicrosoft Security EssentialsBackdoor:Win32/Cycbot.G
AVMicroWorld (escan)Gen:Heur.Conjar.9
AVNormanwin32/Crypt.AWIO
AVRisingTrojan.Win32.Generic.128F6EA3
AVSophosMal/FakeAV-NT
AVSymantecBackdoor.Cycbot!gen5
AVTrend MicroBKDR_CYCBOT.SME3
AVVirusBlokAda (vba32)Trojan.SB.01567

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Network Details:


Raw Pcap

Strings
.
.`,
.
..RO
...O.RV
.
L.
.
-3.I.
.
..
...
..
A
.5"

080904b0
0_l=
1.0.0.1
1441
&All Exit        Shift+C
&exit
FileVersion
PrivateBuild
ProductVersion
StringFileInfo
Translation
VarFileInfo
VS_VERSION_INFO
>0)8c}
[0r#Hv
"#0V(%
0Wc@G4$
@&0'WG
?#10PEg
1'4b:5e
15-'Q0
1.9{%R
{!`1Zx
2f;xiK
2H8`?N,
2IWIW"
2<o7-	X
2!.V9dvw
{2:VX@A
3.[n]*
4NG57i
("4nx>1
4Z=OfA
5pytYb70R
5s5b!T
6g~01r
6HXVL7
6KsOt8
6O{H;i
\-6s8|Bg
6SFq>}
7nYs H
7TA^.(
81M}Cm
^85Jtl
8c49mU
8[C~ B
8GNa%w
8$:hxC|KJ"
8T!7J:!
;$9D2'>
9u=kYJ^
^A4rh-
\aD+C7*
a';{JZF
aKSN)U
asN<VK
a]S% O
#A?"XSs
&aY_NJ
aZGH[`:]
b4QxPq!
BCtvQP
B,h[yp!
B+iVCB
bp*FzN
!Bp?r5U@
B"*@}%=Q
b?r/~=
Bun=gA
=bvcC$
bwg*-1
+b>y<?
bzQ'Du
c4d]xeD
c[}B/C
C#; F@D
CoTaskMemFree
c{qM?k
CU-eH^8
c	wK9	I
cwX!ih
cYsBg'_e,
@.data
[dc~2*
d^%e;/
`"d'K#ie
	d`-p=
d_SmHR
-Dx;Ng=4%
#$"E[$
%![E1&X
e.8S-\
+eB	q?
eh97Xw<
EK/@P</
EnumResourceTypesA
Eo&wq7Q
?-Ew:S
ExHO;S
ExitProcess
F2ROY^1}
F[H\(~
Fm]IW!
FQ=I!7_
)Fsrt[
$-fy2	cjL
)G3@^p
G6KeuW
g#:~_aT3
gC)Z"S
gD+E];Q
Geily	
GetHGlobalFromILockBytes
GetLastError
GetStdHandle
Gk%zvf&
g`#MYtF
gS=xgk
GUc4q:R\5
gU]j\Z
hC0v`6
)hG/cA
}HGNY#9n#
h)J|!DA
']I-^]
If9A?G
iLQd!=W
IM5X}w
ImmAssociateContext
InterlockedIncrement
it!c5}
%;Iy])
=~':=J
@JE[g	
JhpJWV&5
j)iYBC
Jk5T!ND
jKz'Uw
#[JSeQ
J	UaEqY 
jYq)[{
:Jzh]'
K\19U(U
KDLQh(M
KERNEL32.dll
K=?<HM
km3KUG
k;xTJd7p
kZ&6ZZ
L04qK6
*]|l=Aj
[lg2>^ly
%@lgQ:?
^{!LOd+L
mAGRM{
M[Oc<:
M$.Pqo
M	SkO!
mUYT?/
MZ<0v1
,N[c '
@nCn44
<ncv+B
`Nd	|VbJ
.#n ;H
N${j-/
nkZeKt
/,nToz
nv@W;-A
}>!+O$
o+3oj\
O`6Hd2'
oDgZ[SauR
[ohfBq
oKw+NC
o:Nx?7
)o{z1>,
PG\;szf
pGw<en
\pIO4w
PP93?#
p`\t:2*
-Q0:7g
q3^<cK
q@3M%,
Qtn#}95
qxgNPI
]RC:tE
.reloc
rFxOFAU
RGmIjX;
-rGu^5\
RHBT@N
';R"lHf
	Rm_\uag*
Rmy;c2
R_rD	g
`|r[Si
ruF~;H
R?UHJJ
_s2h^D
S65ZIN{/n
Sc@VU%,
SetLastError
SetProcessPriorityBoost
sgS\$p
S_K4w}
%s[(OcP
s!QJeF
@|_SSo
StringFromGUID2
SYXT.FJ
T7y/HR`
T8eYoR
T8Ir<!
*~tcD/B
!This program cannot be run in DOS mode.
:TI0r+S=ak
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
?tuxUQA
u1/;jH
u<4Xj*
UAfbSH
	U,=B)
Ub]h/NTK
UbQFE!
`?;uk:\
^U)|Z6D
vfzY7?v
V{hSGs
vIUcNpG) x
Vl	@l1
V]n	'	B
v+TSjl
Vux+zd
	V%v,65W 
W-16j6$
w1\Kzdo
WhCC.dU
WI)lSz
Wsh'R2
?wv.[B
WYu5Ytx$
X5<Ki?
X9UF_5
xD(&B3
xie]EZ
Xj$1:T
xm'2$x
y:AIE(
y	CWp$
yD	~Vy
ygg]vi
YL$s[o1
\;YP7V#
Y@}\<	T
YwXQ'Sl
yYfAbe
\ Z?	#
;z{3r^
zejRK$rA
-}z	kU
Z$`S7`
ZuL'/r
Zx~<0l
zYF2[Dx
	zY,vc`q
ZYXPQR@f
^:+ZzE*