Analysis Date2013-08-29 21:47:19
MD5add796c728efa06a020ef16215f30124
SHA11b17a4305fab9890a674485392645a2936e5bc01

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 185492ee589e45ae90dbacfd422ca514 sha1: 83e3763aa23a6c41f6aeb7b19729b1287ec5808a size: 7168
Section.data md5: c1d91d04516d3f9ad1bb20ae6518df1a sha1: 9373d0afb0c024e14f54093a8829f86d1841861c size: 12288
Section.bss md5: a54482415d063d90b3d0f88d54ce5c69 sha1: c15b2c5acfc6436820d65d8841c99badfb3dad35 size: 48128
Section.idata md5: 637b403457bdf33f18752ec51c90afe1 sha1: 53278ebe427ad41bbd2331fab9e67e537cefb8c9 size: 4096
Section.rsrc md5: 11aabfb9df67d859852fe278f7b408cf sha1: c57e7b09e865394e3c5dbe04280d9915119aa6aa size: 4096
Timestamp2009-02-08 03:10:36
VersionLegalCopyright: Copyright © 2010 cW PC Tools. E All rights reserved. lV
InternalName: fmag3Do.exe
FileVersion: 7.0.0.61
CompanyName: videosoft
LegalTrademarks:
Comments:
ProductName: X 4P
ProductVersion: 7.0.0.61
FileDescription: JVideo Component0
OriginalFilename: fmag3Do.exe
PEhash65193a774f60f36b2d9586644f5a6c302dceb340
AVclamavTrojan.Jorik-122
AVavgGeneric22.UBH

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\\\x03\1806 ➝
NULL
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass ➝
1
Creates FilePIPE\wkssvc
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\Ogf..bat
Creates FileC:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat
Creates FileC:\Documents and Settings\Administrator\Cookies\index.dat
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat
Creates Process"C:\WINDOWS\system32\cmd.exe" /q /c "C:\Documents and Settings\Administrator\Local Settings\Temp\Ogf..bat" > nul 2> nul
Creates Mutexc:!documents and settings!administrator!local settings!history!history.ie5!
Creates MutexWininetConnectionMutex
Creates Mutexc:!documents and settings!administrator!cookies!
Creates Mutexc:!documents and settings!administrator!local settings!temporary internet files!content.ie5!

Process
↳ "C:\WINDOWS\system32\cmd.exe" /q /c "C:\Documents and Settings\Administrator\Local Settings\Temp\Ogf..bat" > nul 2> nul

Creates Filenul
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temp\Ogf..bat
Deletes FileC:\malware.exe

Network Details:

DNSrepubblica.it
Type: A
213.92.16.101
DNSseesaa.net
Type: A
59.106.28.139
DNSseesaa.net
Type: A
59.106.98.139
DNSyelp.com
Type: A
198.51.132.60
DNSyelp.com
Type: A
198.51.132.160
DNSflashz.in
Type: A
DNSwebdatum.in
Type: A

Raw Pcap

Strings