Analysis Date2013-09-09 21:08:07
MD59b42ed5a84758e3e20aa4dc5dd685ec2
SHA1215bf7fbbc9238cafae4f71af18b9324ea0b2369

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 97ec64a7d3e3ab212dae7201f296b841 sha1: 97c409cc08cc4b998686cff8daaa9551f85a5fd0 size: 16896
Section.data md5: 45c57c189aabaeca67ece0e48c124d0f sha1: c946cec235de95eb98da27ee24ac1de4ea096b73 size: 281600
Section.rdata md5: f2f33dbd14dcfe19aa99868ae6c2be53 sha1: 3969cc4d0a24bc0ad830f44083a6bd76961b4818 size: 7680
Section.rsrc md5: b996e1bb8ba5b1de0bb238a94ff79ce8 sha1: 31907519b6f8e352f920f637e0dc5b0a578415f6 size: 14336
Timestamp1995-01-02 23:22:49
VersionLegalCopyright: Copyright (c) 2009
FileVersion: 3.8.7.3
CompanyName: protoprotestant Nonpostponement
Comments: unnarrated
ProductName:
ProductVersion: 0.3.9.6
FileDescription: e05175b9.bin
PEhash137a50f9b001a7ab7c973586ca2fafe29999b7fe
AVavgSHeur4.ASMF
AVclamavWIN.Trojan.Agent-241262
AVaviraTR/Kazy.105593
AVmssePWS:Win32/Simda

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

RegistryHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\malware.exe ➝
C:\malware.exe:*:Enabled:Windows Explorer\\x00
RegistryHKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\c059900a ➝
DM\\xbd\\x95\\x1e\\xcbM\\xf2\\xc1\\x8a\\x1a\\xdfO\\xca[\\x88I\\x86\\x8dWi\\x08\\xdb\\xd7\\x90\\xcb9(\\xf72\\xef3-\\xf5\\x92?\\x9e\\x8e\\xad\\xaf;\\x96\\xda\\xcen\\xd2\\x85\\x935\\xe5\\xfb\\x1b\\x7f\\x15\\x8fi\\x11-\\x9C:\\xbd\\xde\\xa2\\xcd\\x8ds\\xb66\\xc3\\x02+\\xd1\\xefb\\xfd\\x15.\\xd3n.\\x0b\\xb3z.\\x86\\x03\\x83V9\\xde\\x0e\\xde.\\xc5\\xea\\x8b\\x9d\\xcf\\xde"\\x0b6n9\\x96Y\\x9d\\xc3\\xab_6\\xf9^\\xcf:}1\\x9a\\xce\\xa1\\x95\\r\\x9a\\x85%9\\xd1B\\xfa\\x8f\\xcb\\xd5\\x8fv\\xabka\\t>\\xd2-\\xf6\\xbb\\x0f\\xb3\\x87K\\xc9\\xde\\x15\\xf1\\xcfq\\xc5\\xb5~\\xf6\\x11\\x86E~\\xbe/\\xed\\xbe=\\xc2\\xfd\\x1e\\x19\\rVfy\\xd5\\xb2\\x05\\t%\\xd5\\xfa\\x817F\\x96\\x93\\xf9}vr\\xea\\x06\\x8dW\\x95%\\x86\\xdfn\\xf3\\x1f\\xb25\\xf6\\x93\\x82\\x91c\\x7f~\\x07\\xf6E\\x8eM\\xc9>\\x06\\xc1\\xa3"\\xddk:\\xef\\x86\\xab\\x1a\\x86K\\xb9S\\xde\\x86\\xcd\\x8a\\xabN\\xee\\xf3S\\xee\\xad\\xdf\\xda\\xb6\\xa5\\xe6\\x157\\x96\\xeds\\x0e\\xb2\\xa1\\xf5[\\x86\\x89
Creates FileC:\WINDOWS\apppatch\liejsxj.exe
Creates FilePIPE\lsarpc
Creates MutexGlobal\MicrosoftSysenterGate7

Network Details:


Raw Pcap

Strings