Analysis Date2013-09-06 14:49:45
MD58bc79cc327c5c8ed56a1ae0be9de5e31
SHA110a1690b2c773af38bcb77e75559a0c7ef5a8869

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 9f3f5ea6315a15c203af02e99d100db0 sha1: 46cf7884ded9abde4929a3586f75905741ff451b size: 122880
Section.data md5: d41d8cd98f00b204e9800998ecf8427e sha1: da39a3ee5e6b4b0d3255bfef95601890afd80709 size: 0
Section.rsrc md5: b74af00053375cd78b8f1a88ae861463 sha1: ce48b8bd336f5d558094162de50bfe5598219a0c size: 4096
Timestamp2012-09-15 19:08:08
VersionProductVersion: 2.05
InternalName: premerei
FileVersion: 2.05
OriginalFilename: premerei.exe
ProductName: Trisulcate
PackerMicrosoft Visual Basic v5.0 - v6.0
PEhashacaeaa957b97513df748d700571d39e74c47842b
AVclamavWIN.Trojan.VB-5290
AVaviraTR/Dropper.Gen
AVmsseTrojanDownloader:Win32/Beebone.DT
AVavgVBCrypt.EYM

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Network Details:


Raw Pcap

Strings