Analysis Date2014-08-01 12:56:02
MD5d9f68466946b6c936bd18ffbc4634535
SHA10188b78eeb8015c0a1e64e72cdf27529e8f76ee1

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
SectionUPX0 md5: d41d8cd98f00b204e9800998ecf8427e sha1: da39a3ee5e6b4b0d3255bfef95601890afd80709 size: 0
SectionUPX1 md5: 58bb4a0863339af9e4a000d3ef4d05ee sha1: 760515599ade1873420e039ac09f1c5202b0ab40 size: 54784
Section.rsrc md5: 6ae54a26e06cd4d4583fd8247ea2f49b sha1: 5d918b7d48bb0cc72240fe6c8ecee7b92aa23811 size: 5248
Timestamp1992-06-19 22:22:17
PackerSafeguard 1.03 -> Simonzh
PEhash9e79cde40de80ff66f34b83abd4ebb6b06eceb33
IMPhashff63dc9c65eb25911a9bc535c8f06ad0
AV360 SafeWorm.Generic.510258
AVAd-AwareWorm.Generic.510258
AVAlwil (avast)Elkern-gen:Win32:Elkern-gen
AVArcabit (arcavir)W32.Klez.3520
AVAuthentiumW32/Sytro.NTQB-0623
AVAvira (antivir)W32/Elkern.B
AVCA (E-Trust Ino)Win32/WQK.B
AVCAT (quickheal)W32.Elkern.B
AVClamAVW32.Elkern.A
AVDr. WebWin32.HLLW.Sytro
AVEmsisoftno_virus
AVEset (nod32)Win32/ElKern.B virus
AVFortinetW32/Elkern.A
AVFrisk (f-prot)W32/Sytro.J@p2p (exact)
AVF-SecureWorm.Generic.510258
AVGrisoft (avg)SHeur4.BYVL
AVIkarusVirus.Win32.Sytro
AVK7Trojan ( 00386dc51 )
AVKasperskyVirus.Win32.Elkern.b
AVMalwareBytesWorm.P2P.Sytro
AVMcafeeW32/Elkern.cav.b
AVMicrosoft Security EssentialsVirus:Win32/Elkern.B
AVMicroWorld (escan)Worm.Generic.510258
AVNormanwin32:win32/SB/Malware
AVRisingTrojan.Win32.Mian007.f
AVSophosW32/ElKern-B
AVSymantecW32.ElKern.gen
AVTrend MicroPE_ELKERN.B
AVVirusBlokAda (vba32)Win32.Klez.3587

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Network Details:


Raw Pcap

Strings
V..
{.
..
.l.
.
.
+
.V..
{.
..
.l.
.
.
+

DVCLAL
PACKAGEINFO
$0fmk+f
0N|*|}&
0	}sc`
1876D+
2s28@2
2ZGt[QdT 
'/3@+4
,4CA&uQX
4MPbt	b
.4otjlCk
>4>pL$
 5.0'G
'5'736
5)"naa+
$5QH\f
"5u,`X!r>
66Yp/n
|-69:;
; 6\|H
*  6 Ke
<]6V=^KlF
 =7ChiH
[7Cse\
#` )7L
7Rtl:w
&8hQCC;
8/X5v]
(.9.77
9UNOFFICIAL/?c0d,
a)^@_?
	!&@A<
AAX]Xc.
A,=ba+|
advapi32.dll
#/AikaQus
AIMccQ
Array<
ASU<HtH
athNameA
?A'TY3
aU b9d
AUTBBpr
	A $y0
B"0a/W
B3.I'V
B^$C0x
BFK:+b
bFQ;oftware
b,*It.
Boolean
b{:T.P
~[Bytn
B"z3W+3A^
$;C<2B
CharNextA
\\CuXT
!}c+wov
C>YhFh
|D3*]2uc
D<*50r=%v
D@'%6"
`DATAx
DiskFreeS
,[DiVX] L(#on[`
,dQueryWid
Dr710C
d:SPx5
?D!y!/
EBt	y>
EClassNotF
EDivByZero
EHeapZ
EIn]Err[4rW
E-oc)}
EOutOfMemory
~ExC[)
?	Exception$q{
ExitProcess
E@x@}X
eXx320
ezaaT$
f793611053701.dup
FFlush
FHF>vM7
FPUMaskValu
G12345:
	G2xNd
g5ovj7;
G-)b0W$
GetProcAddress
|	GFCKY3
gM+@X#H
gtrcQT
g't!)S
gX <Y'
h|Lf;]
hpj?! 
[hU-|x&Q `
!\h[W dj/XP[5
I&;H	D@I&
ilt2n Speed7
Integer
iz0Virt2C
-|J@}e
.Jenna Jam(,ABu	
.jJo!([5]
JO8|"G
jO]V$y
JtLAA	
&jtV@\
K6789ABCDEF
kernel32.dll
KERNEL32.DLL
L\8 Hs
!L^{8x
lDy_Dy
lhx	gA
L(KJvZ
LoadLibraryA
lusteW
LV|klc
lw(rd{,
@Ma!!A
##m`Ko
m@PV2n4@
#MSNwX(
N#G{uM
N.>P@E"
NpP\g?
}O~#	|-{
@o" 2 - At"
 Of Th
OFTWARE\Borland\Delphi\RTL
Okdex"r32
oleaut32.dll
omponv^E4C
oo9yQH
OpenY@
?Owner
P|5UC(
]p$7r$
/PM_U}
 ~	PPF\\]
-^p+y	
q:\102\exe\278ae0ffb32d54a185df793611053701-log\backup\129985746716175000
q4;?}&!
Qcales
QD=g!8^X
:| q#K
!qPKsn2
Q$V|Ct
Q~);/X
RC	k;C
RegCloseKey
;[/-Rf;0 
Rgmh}kK
)s0(.r
Safecall?
sInverflow
SoY%Z5
SRegistry<
StringP
]S!wN[
T0+SS6
t<2Ph$
t[^_30
TCustom
td3aac
This program must be run under Win32
time e
>$TMul
TObject
TPropFixup
TS-(m/
tTopOF
tZXtU0u
Ulc@[LiHl
(UOm$C
user32.dll
Usf({!
v@6Q#z)
v8!l3`
VariantCopy
&`<+vBt
>v)Bw 
v]lLuPi
v|nc-R
V/PhPn
%V /Tz
Vv'''rx
Vw,2xI
Websit
`=Wffm
wknb8rd
]w`%m;m
[wNtyM=
 (WORKS!!
W;X6+"-dr07
|"wzs{4
:Xe%.~#
~@x$KQ
xUpxs=
X@\ZMJ
\	_\	Y
`%\Y' G
{y/+]k,,
ZaA 4Hsk.p
&ZPA|rm Fir
ZPW H`Z
Z`x`}Xkd(