Analysis Date2014-06-28 08:27:46
MD55b1eec655e947be7ff1d586b553b5200
SHA101c6ef27c7beaa52658e51816ee4f50b4a4acf16

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 3a371ce342c48c4f820e5d1989bc38d0 sha1: f581cc3801dd83a79ca31920cd4033a3b61432a6 size: 3072
Section.rdata md5: e9ada2616715d6cb7417a16d56d71f92 sha1: e8358806dc67f0233107b51c51727c8a00623745 size: 512
Section.data md5: 41b98b59761071f5f8d17694ed53eadc sha1: bf5d1016c288aa9635914490cc096b68b5550bee size: 512
Section.rsrc md5: f3518f13047f81a9cb20c031bd8b8904 sha1: 410b353be9eca280c299ac08328235225ab2389a size: 42496
Timestamp2006-07-31 22:00:50
VersionLegalCopyright: Copyright © 2000-2003 Intel Corporation
InternalName: SnifferMFC
FileVersion: 1.2
CompanyName: Intel Corporation
ProductName: Intel Call Logging API
ProductVersion: 1.2
FileDescription: SnifferMFC - Intel Call Logging API sample application
OriginalFilename: SnifferMFC.exe
PEhash5f21f470e3af82d890cc92f6e4d6d3f8e46c912f
IMPhash9d30e521e05aa720868d6a07d3e78d80
AV360 SafeBackdoor.Win32.Bulknet.A
AVAd-AwareGen:Variant.Kazy.262406
AVAlwil (avast)Kryptik-NAU [Trj]
AVArcabit (arcavir)no_virus
AVAuthentiumno_virus
AVAvira (antivir)TR/Dldr.Cutwail.BS.437
AVCA (E-Trust Ino)no_virus
AVCAT (quickheal)TrojanDownloader.Cutwail.BS4
AVClamAVno_virus
AVDr. WebBackDoor.Bulknet.1150
AVEmsisoftGen:Variant.Kazy.262406
AVEset (nod32)Win32/Kryptik.BMDF
AVFortinetW32/Kryptik.WIC!tr
AVFrisk (f-prot)no_virus
AVF-SecureGen:Variant.Kazy.262406
AVGrisoft (avg)Agent4.BFPO
AVIkarusTrojan.Agent4
AVK7no_virus
AVKasperskyTrojan.Win32.Generic
AVMalwareBytesTrojan.Downloader
AVMcafeeCutwail-FCWE!70CA1B8CB5FE
AVMicrosoft Security EssentialsTrojanDownloader:Win32/Cutwail.BS
AVMicroWorld (escan)Gen:Variant.Kazy.262406
AVNormanwinpe/Kryptik.CCOH
AVRisingno_virus
AVSophosTroj/Agent-AEEH
AVSymantecTrojan.Gen
AVTrend Microno_virus
AVVirusBlokAda (vba32)BScope.Malware-Cryptor.2814

Runtime Details:

Network Details:


Raw Pcap

Strings
.$
.s
040904b0
 2000-2003 Intel Corporation
4ESS
5ESS
&About SnifferMFC...
About SnifferMFC
&Arrange Icons
Attach voice resources
Called
Calling
Cancel
&Cascade
Channel
cl_Open arguments
&Close
CompanyName
Copyright 
&Decode Trace
E&xit
&File
FILE
FileDescription
FileVersion
HDLC
&Help
Intel Call Logging API
Intel Corporation
InternalName
ISDN
LegalCopyright
Method:
MS Sans Serif
NET5
Network-side board:
&New	Ctrl+N
&New Window
&Open
OriginalFilename
Popup
ProductName
ProductVersion
Protocol:
QSIGE1
QSIGT1
Resulting pszDeviceName string:
&Sniffer
SnifferMFC
SnifferMFC.exe
SnifferMFC - Intel Call Logging API sample application
SnifferMFC Version 1.2
Starting from device:
&Start Trace
&Status Bar
Stop &Trace
StringFileInfo
TEXTINCLUDE
&Tile
&Toolbar
Trace Text
Translation
User-side board:
VarFileInfo
&View
VS_VERSION_INFO
&Window
1%<BI)
20k?XP
2"*ul&
3527Ic
4xlpH,
7>8E~{
8	kCC_Q
@.data
#define _AFX_NO_OLE_RESOURCES
#define _AFX_NO_PROPERTY_RESOURCES
#define _AFX_NO_SPLITTER_RESOURCES
#define _AFX_NO_TRACKER_RESOURCES
ekg7bm7
E>lC$ p
En3b25
#endif
#endif //_WIN32
g"(	|B
gdi32.dll
gEBQ0k
GetModuleHandleA
GetObjectW
GetProcAddress
GetTopWindow
Hwq>"_
I?||[8
#if !defined(AFX_RESOURCE_DLL) || defined(AFX_TARG_ENU)
#ifdef _WIN32
ikT*p5v!
#include "afxres.h"
#include "afxres.rc"         // Standard components
#include "res\SnifferMFC.rc2"  // non-Microsoft Visual C++ edited resources
IYpWS/
kernel32.dll
[kH3N+}
KR's;PfoM
LANGUAGE 9, 1
LoadImageA
LoadLibraryExA
+L~z8#
m6o%6x
M%{[Of
`]Ne4t>y
%$;N?*k
+|nS,H	
OK.{%w
<[p 9\
PAJ3)U
PCnF|.
PJG[Lne.
#pragma code_page(1252)
_.qh=-
rBpc}{
`.rdata
resource.h
SJMlc-
t+g8~ev
!This program cannot be run in DOS mode.
-/\tSB
}Ue*jlf
user32.dll
Vp%l3|
wE0a<R
"%W{Un
,~)X&5
xM05PrUO
<` __y
yI$Va:!