Analysis Date2013-09-01 22:33:47
MD59986fa16440c4cefcbe7231c1e830de5
SHA1107feb2445b76ab7562bdd4471bafaa1061a5a24

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
SectionAUTO md5: 967d33e846a3765b97d2f606f0f61824 sha1: 05921267fd480bb8d483e20c2215a087e3fa2a43 size: 63488
Section.idata md5: ab7e41d964b58b51c896c32105383d74 sha1: b78add26b856a46890bb521ee4bea6477d0ca03f size: 1536
SectionDGROUP md5: 10041cdef98d214f52f92548f06ea139 sha1: abf58c576d9090a65cc3882e5b813c9ca79d4ba7 size: 133120
Section.reloc md5: 1890e529f2e6dbfd36764c8fa70a5b3d sha1: 426f60645a72667101292d55c2ad247f52fc6e7d size: 1536
Timestamp2013-05-25 06:26:47
PEhash467212b117a7bd6aec12842831510ca76b99a578

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates FileC:\Documents and Settings\All Users\Application Data\Mozilla\xgdnakm.exe
Creates FilePIPE\lsarpc
Creates FileC:\WINDOWS\Tasks\ojdkgck.job

Process
↳ C:\Documents and Settings\All Users\Application Data\Mozilla\xgdnakm.exe

RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs ➝
C:\Documents and Settings\All Users\Application Data\Mozilla\hssmeim.dll
Creates FileC:\Documents and Settings\All Users\Application Data\Mozilla\hssmeim.dll

Network Details:


Raw Pcap

Strings