Analysis Date2014-01-03 10:55:35
MD5ec8c89aa5e521572c74e2dd02a4daf78
SHA101f5c3905f2098650f16f50a1b26156586238bfe

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: b442cc1ec79958ed5c8881fd7984feff sha1: e2f0adcf99e24685baa6ce6732e40f351d88ed80 size: 27136
Section.rdata md5: 7215c37c4097c125847115e68d5c05c2 sha1: 26595b22f83a0155e2ef5d4bd40dd8d0d2f19926 size: 3072
Section.data md5: dd4f21c604af6911a96c76d49127d9eb sha1: c8b9e5e37fb35dad56536e81a6c161fc05531893 size: 3072
Timestamp2009-08-03 08:29:29
PackerInstaller VISE Custom
PEhash13731ded792ec454f157557ec2171cbe13b1392d
AVavgAgent2.BCYK
AVclamavWIN.Trojan.Cossta-4
AVmcafeeBackDoor.adt
AVmsseBackdoor:Win32/Neunut.A

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates File\Device\Afd\Endpoint
Creates File\Device\Afd\AsyncConnectHlp
Winsock DNSks.aoldaily.com

Network Details:

DNSks.aoldaily.com
Type: A
0.0.0.0

Raw Pcap

Strings
         (((((                  H
jjjj
jjjjjj
(null)
WinHTTP 1.0
AAAAAAAAAAAAAAAA
ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/
abnormal program termination
btHHt.
CloseHandle
\cmd.exe
connect ok
connect %s
CreateFileA
CreatePipe
CreateProcessA
@.data
DOMAIN error
D$,SPQh,
DSUVWh
Error %d has occurred.
ExitProcess
- floating point not loaded
FlushFileBuffers
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetACP
GetActiveWindow
GetCommandLineA
GetComputerNameA
GetCPInfo
GetCurrentProcess
GetEnvironmentStrings
GetEnvironmentStringsW
GetFileType
GetLastActivePopup
GetLastError
GetModuleFileNameA
GetModuleHandleA
GetOEMCP
GetProcAddress
GetStartupInfoA
GetStdHandle
GetStringTypeA
GetStringTypeW
GetSystemDirectoryA
GetVersion
GlobalFree
`h````
</head>
<head>
HeapAlloc
HeapCreate
HeapDestroy
HeapFree
HeapReAlloc
HHtpHHtl
https://
KERNEL32.dll
ks.aoldaily.com
LCMapStringA
LCMapStringW
L$hQSSSUSS
LoadLibraryA
MessageBoxA
Microsoft Visual C++ Runtime Library
MultiByteToWideChar
new.new
- not enough space for arguments
- not enough space for environment
- not enough space for lowio initialization
- not enough space for _onexit/atexit table
- not enough space for stdio initialization
- not enough space for thread data
(null)
PeekNamedPipe
ppxxxx
Program: 
<program name unknown>
- pure virtual function call
`.rdata
ReadFile
Ready!
RtlUnwind
runtime error 
Runtime Error!
SetEndOfFile
SetFilePointer
SetHandleCount
SetStdHandle
SHELL32.dll
SING error
SS@SSPVSS
TerminateProcess
!This program cannot be run in DOS mode.
t-Ht!Ht
TLOSS error
t#SSUP
t.;t$$t(
t$$VSS
T$XVRSS
UFUVh0
- unable to initialize heap
- unable to open console device
- unexpected heap error
- unexpected multithread lock error
UnhandledExceptionFilter
user32.dll
VC20XC00U
VirtualAlloc
VirtualFree
WideCharToMultiByte
WinHttpCloseHandle
WinHttpConnect
WINHTTP.dll
WinHttpGetIEProxyConfigForCurrentUser
WinHttpGetProxyForUrl
WinHttpOpen
WinHttpOpenRequest
WinHttpQueryOption
WinHttpReadData
WinHttpReceiveResponse
WinHttpSendRequest
WinHttpSetOption
WinHttpWriteData
WriteFile
"WWShx
_^][YY