Analysis Date | 2014-09-16 18:22:50 |
---|---|
MD5 | 38f97da7df2aa6ff7f699b3161701923 |
SHA1 | 2dbffd921859907a2000ecea192593d2a059d3ff |
Static Details:
File type | PE32 executable for MS Windows (GUI) Intel 80386 32-bit | |
---|---|---|
Section | .text md5: 628f86bdc1697c687b6b68c603a31593 sha1: 7791cb8176d33b6ec8e9fd54a5626f68152b7697 size: 139776 | |
Section | .rsrc md5: 0a2bc0dfdf5818687134f36b795d7d48 sha1: 33169081a89ab1de117aa2eae8927de431604747 size: 17920 | |
Timestamp | 2008-07-29 22:55:23 | |
Version | LegalCopyright: Copyright (C) 2003-2008 InternalName: Freegate FileVersion: 0, 0, 0, 0 CompanyName: PrivateBuild: LegalTrademarks: Comments: ProductName: Freegate Application SpecialBuild: ProductVersion: 0, 0, 0, 0 FileDescription: Freegate Application OriginalFilename: freegate.EXE | |
Packer | PECompact 2.0x Heuristic Mode -> Jeremy Collake | |
PEhash | c94136959181ad7ad975791a9c140203d2936269 | |
IMPhash | 09d0478591d4f788cb3e5ea416c25237 |
Runtime Details:
Screenshot | ![]() |
---|
Process
↳ C:\malware.exe
Registry | HKEY_CURRENT_CONFIG\Software\Microsoft\windows\CurrentVersion\Internet Settings\ProxyEnable ➝ NULL |
---|---|
Registry | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Dgdebdtf ➝ 5120 |
Creates File | C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat |
Creates File | C:\Documents and Settings\Administrator\Cookies\index.dat |
Creates File | PhysicalDrive0 |
Creates File | PIPE\lsarpc |
Creates File | \Device\Afd\Endpoint |
Creates File | \Device\Afd\AsyncConnectHlp |
Creates File | C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat |
Creates Mutex | c:!documents and settings!administrator!local settings!history!history.ie5! |
Creates Mutex | WininetConnectionMutex |
Creates Mutex | c:!documents and settings!administrator!cookies! |
Creates Mutex | c:!documents and settings!administrator!local settings!temporary internet files!content.ie5! |
Network Details:
DNS | w63.ziyoulonglive.com Type: A |
---|---|
DNS | w64.ziyoulonglive.com Type: A |
DNS | w65.ziyoulonglive.com Type: A |
DNS | w61.ziyoulonglive.com Type: A |
DNS | w62.ziyoulonglive.com Type: A |
DNS | 098362be7f210702c3d0b1587594c6a14cdb21f9.a9094dc921186e2b3196afcafd70224934286933.4.ziyouforever.com Type: MX |
DNS | 9905bfe1fdcae4693bd6726d4b79ae53dc5dfca6.2be2aea2d91ead1e0f7bc7386f413a78b92ca310.4.ziyouforever.com Type: MX |
DNS | 8cc2952a4cd0d0c4007c2ff04c9097b2c99ad66d.9af89a0fe2b4f0830892fed9dfe2b74d35edc23f.4.ziyouforever.com Type: MX |
DNS | 1f641efc2d108ddb9e2a28d924ccfa915a3c5dbb.fb38c7107ce2f7aa60ce93fa74ce9514aa325e24.4.ziyouforever.com Type: MX |
DNS | 6231426d8abafce25d38b9a19524b09f2769012a.5c92b629bff066d2d126d9f4e622314e29eeb314.4.ziyouforever.com Type: MX |
DNS | b6b8637be635a732ebc6c7a3f6128f0db8f17a77.2147a6e85c45098af95bf73cf527bc66aaba9a06.4.ziyouforever.com Type: MX |
DNS | 7d12877e17a5d4a63aa1a3599dfb0b6d735b9e72.d0d7d57c8d226d7092b2735c9ba91a4873b06845.4.ziyouforever.com Type: MX |
DNS | b9f234b0d91935c8dba8544da885fcbbb7bb2dbc.1e6b34126c2b9a64a7cc848a68634431faef9066.4.ziyouforever.com Type: MX |
Flows UDP | 192.168.1.1:1031 ➝ 38.99.76.229:53 |
Flows UDP | 192.168.1.1:1032 ➝ 38.35.193.158:53 |
Flows UDP | 192.168.1.1:1032 ➝ 38.65.238.191:53 |
Flows UDP | 192.168.1.1:1032 ➝ 38.121.7.4:53 |
Flows UDP | 192.168.1.1:1031 ➝ 88.85.74.8:53 |
Flows UDP | 192.168.1.1:1032 ➝ 38.52.86.4:53 |
Flows UDP | 192.168.1.1:1032 ➝ 38.90.52.20:53 |
Flows UDP | 192.168.1.1:1031 ➝ 211.115.66.121:53 |
Flows UDP | 192.168.1.1:1032 ➝ 38.8.89.139:53 |
Flows UDP | 192.168.1.1:1032 ➝ 38.229.52.56:53 |
Flows UDP | 192.168.1.1:1031 ➝ 192.88.195.10:53 |
Flows UDP | 192.168.1.1:1032 ➝ 38.124.246.93:53 |
Flows UDP | 192.168.1.1:1032 ➝ 38.169.113.191:53 |
Flows UDP | 192.168.1.1:1031 ➝ 202.27.17.253:53 |
Flows UDP | 192.168.1.1:1032 ➝ 38.255.164.59:53 |
Flows UDP | 192.168.1.1:1031 ➝ 63.90.67.11:53 |
Flows UDP | 192.168.1.1:1032 ➝ 38.154.10.26:53 |
Flows UDP | 192.168.1.1:1032 ➝ 38.187.73.55:53 |
Flows UDP | 192.168.1.1:1031 ➝ 209.191.16.131:53 |
Flows UDP | 192.168.1.1:1032 ➝ 38.31.161.238:53 |
Flows UDP | 192.168.1.1:1032 ➝ 38.108.170.121:53 |
Flows UDP | 192.168.1.1:1031 ➝ 143.166.82.252:53 |
Flows UDP | 192.168.1.1:1032 ➝ 38.155.32.47:53 |
Flows UDP | 192.168.1.1:1032 ➝ 38.133.71.220:53 |
Flows UDP | 192.168.1.1:1032 ➝ 38.188.56.178:53 |
Flows UDP | 192.168.1.1:1031 ➝ 38.99.76.229:53 |
Flows UDP | 192.168.1.1:1032 ➝ 38.210.125.75:53 |
Flows UDP | 192.168.1.1:1032 ➝ 38.211.181.4:53 |
Flows UDP | 192.168.1.1:1032 ➝ 38.104.12.145:53 |
Flows UDP | 192.168.1.1:1032 ➝ 38.227.90.71:53 |
Flows UDP | 192.168.1.1:1032 ➝ 38.189.151.150:53 |
Flows UDP | 192.168.1.1:1032 ➝ 38.148.218.131:53 |
Flows UDP | 192.168.1.1:1032 ➝ 38.33.166.85:53 |
Flows UDP | 192.168.1.1:1032 ➝ 38.41.255.155:53 |
Flows UDP | 192.168.1.1:1032 ➝ 38.181.225.55:53 |
Flows UDP | 192.168.1.1:1032 ➝ 38.64.8.106:53 |
Flows UDP | 192.168.1.1:1032 ➝ 38.244.140.201:53 |
Flows UDP | 192.168.1.1:1032 ➝ 38.138.151.88:53 |
Flows UDP | 192.168.1.1:1032 ➝ 38.27.124.220:53 |
Flows UDP | 192.168.1.1:1032 ➝ 38.48.17.114:53 |
Flows UDP | 192.168.1.1:1032 ➝ 38.45.90.86:53 |
Flows UDP | 192.168.1.1:1032 ➝ 38.60.92.227:53 |
Flows UDP | 192.168.1.1:1032 ➝ 38.190.71.167:53 |
Flows UDP | 192.168.1.1:1032 ➝ 38.204.197.183:53 |
Flows UDP | 192.168.1.1:1032 ➝ 38.205.131.63:53 |
Flows UDP | 192.168.1.1:1032 ➝ 38.151.54.94:53 |
Flows UDP | 192.168.1.1:1032 ➝ 38.129.129.247:53 |
Flows UDP | 192.168.1.1:1032 ➝ 38.25.142.242:53 |
Flows UDP | 192.168.1.1:1032 ➝ 38.14.38.100:53 |
Flows UDP | 192.168.1.1:1032 ➝ 38.2.148.17:53 |
Flows UDP | 192.168.1.1:1032 ➝ 38.78.223.129:53 |
Flows UDP | 192.168.1.1:1032 ➝ 38.209.105.242:53 |
Flows UDP | 192.168.1.1:1032 ➝ 38.179.244.70:53 |
Flows UDP | 192.168.1.1:1033 ➝ 38.99.76.229:53 |
Flows UDP | 192.168.1.1:1033 ➝ 88.85.74.8:53 |
Flows UDP | 192.168.1.1:1033 ➝ 211.115.66.121:53 |
Flows UDP | 192.168.1.1:1033 ➝ 192.88.195.10:53 |
Flows UDP | 192.168.1.1:1033 ➝ 202.27.17.253:53 |
Flows UDP | 192.168.1.1:1033 ➝ 63.90.67.11:53 |
Flows UDP | 192.168.1.1:1033 ➝ 209.191.16.131:53 |
Flows UDP | 192.168.1.1:1033 ➝ 143.166.82.252:53 |
Flows TCP | 192.168.1.1:1034 ➝ 175.181.101.252:443 |
Flows TCP | 192.168.1.1:1035 ➝ 175.181.114.173:443 |
Flows TCP | 192.168.1.1:1036 ➝ 1.161.151.225:443 |
Flows TCP | 192.168.1.1:1037 ➝ 118.169.168.243:443 |
Flows TCP | 192.168.1.1:1038 ➝ 122.121.11.111:443 |
Flows TCP | 192.168.1.1:24206 ➝ 114.43.197.79:443 |
Flows TCP | 192.168.1.1:1039 ➝ 114.27.38.18:443 |
Flows TCP | 192.168.1.1:1040 ➝ 36.224.10.251:443 |
Flows TCP | 192.168.1.1:1041 ➝ 64.235.32.206:53 |
Flows TCP | 192.168.1.1:1042 ➝ 129.66.95.3:53 |
Flows TCP | 192.168.1.1:1043 ➝ 141.151.0.68:53 |
Flows TCP | 192.168.1.1:1044 ➝ 211.10.204.5:53 |
Flows TCP | 192.168.1.1:1045 ➝ 64.80.255.251:53 |
Flows TCP | 192.168.1.1:1046 ➝ 128.30.52.200:53 |
Flows TCP | 192.168.1.1:1047 ➝ 208.101.39.236:53 |
Raw Pcap
0x00000000 (00000) 1603 .. 0x00000000 (00000) 1603 .. 0x00000000 (00000) 1603 .. 0x00000000 (00000) 1603 .. 0x00000000 (00000) 1603 .. 0x00000000 (00000) 1603 .. 0x00000000 (00000) 1603 .. 0x00000000 (00000) 1603 .. 0x00000000 (00000) 02 . 0x00000000 (00000) 02 . 0x00000000 (00000) 02 . 0x00000000 (00000) 02 . 0x00000000 (00000) 02 . 0x00000000 (00000) 02 . 0x00000000 (00000) 02 .
Strings
F . 8 - ..+ . .f[.x ... e.-.... .L. ...) .. ... 0, 0, 0, 0 040904b0 Comments CompanyName Copyright (C) 2003-2008 FileDescription FileVersion Freegate Freegate Application freegate.EXE InternalName LegalCopyright LegalTrademarks OriginalFilename PrivateBuild ProductName ProductVersion SpecialBuild StringFileInfo Translation VarFileInfo VS_VERSION_INFO |({{ * )@@*(,( )0[%5= +(0i+C }0 JGc +_0u[P 0zyY"VHB %1^_-/ 1@.0,L ~188881~ ?"18YI 1|aI~%| 1i/R9d 1;uBDtqf B 1{~^[Y 27Q Py 2Is(Ye 2\<(-MUUVVVV 2Q}69|ad "2yQF.^ 3b&~~nb 3y<O5: /4b?V8 4CP]Ok 4h_R7aw 4ordinal %d2* ?4?y57 5BNyXW 5XY~'; '|5yWve 6<fh1& 6%Gsc< 6HMF~@ <_6@[l0? 6mF{?P 77j>l_v )7|[8. 7bjO]y 7ryKi1D 7uE_bp "8;7b@4c ~8880000/01 ^8F1KA0 9Kkh66 $9oE/! |9pVmQ7 1q 9`Q$bf78D /9`tGn aAwkGNH adt}SK "AECqQp a{H1-$ AP.=6% Application error ASPKN^ ^\aUp= }[=a"w !AxrYW ba\?'( $babep |bDaw/ (BE,7_ b+OxS bu+O#D +C2*o cCHM)=b Ci)S/$` CKi,Dj >:CloseHandle corrupt. CzF=E1mq d1+#.P D9X-7l /dc,@E Dfh yLRX #dm=;|v d not be located in the DLL %s <-d+t@ *!`D|V E3t<W8 >E>6Eq ec=KGlZ eD1Gtx (]&E#h ehVKJQ Eiy6z9r #Ek}>Y }EM5^\E !}Eo7T er@C~S erK;X 6W e+``Tr eveb)L F7y{"A \}fA[H 'f!#kyP* Fn-"d{ FP!O7',P FUBp94 fUe22.8 FVEbhD0 g-1D\Z g:1wB' g=4eS< g@9-jg G''+9T GetModul GetProcAddress GI8-y) Glr&<R; |GoFhy1Y-B Gq^>`m G[U:FW |gZ-~T/' hdWTZis HeSime H\G66? HP9"E* H+"pI:U Hqf1(0 +hQZ?< i8aWh% &iB@Ro i/'d9, ID_w=f IO_|0"NL i@@@,-P ^iSe#[5 i@;ZYd $"{J,: j]*'N3 jo_ApbZG7P <J,RW J$*SyX JZWO1lr .K2.=G K!2r2h kernel32 kernel32.dll kLa`F( K'q1:^ (kV1$ K>z|{x $L$/|% Lao=94 >*LC[viMo@" .lEZZ[ ln_7Hf LoadLibraryA lr hp4 Lrl$(l LT%Hh\ /LVst8^Q< m2i?4kn +M3?:\q MaU#^D Message Mf3 ;* m:i,5o MLKDc: |[=mO5 M)rL:R, msvbvmU <=M*T3 M!yYJuVv N34;2# N4Qqct n,<9X+ ndeo5c NJTLk% NK]MW4( nn_yZ| N)}/@Q |#ns2' NuO5}M&peS NX\T_j ny K%iiL #O`#\{ !-oDHd oiH C o[M'tp ON1!AiB^ OnK+2U } Oo-l o \RSE ORZ1!' O!]vBD o(@^-Y pan{>|E'Emk Paww 1X PEC2=O PECompact2 \[pLzF pnVGtggSL @p+%P5 Pq<rVG Protect P-@U@VAVX &&Pwt[< pw$*X] ,pYPo+ /pyWb8 q/~]8Q Qb}hq v q+d8[/-4 q#,I ~4 }|Q/I+8 qKbWf* & {q<t qW:6z` QWXa+R QX]kfmgzC Q'&ZGc% R1`qd Rd >3a R'dA"# RInkAl r'=KH& &"rTI_ R: u6K ^@Rv#t= rw>>#< | RXIufw[ rZ6&>} s0KWQ& S7k[84 `S@.oh S;-+P5** sUSY,J0 S~XnU[ SzFI9w T+afD9 t*/&dD ;tDyZCw tfJ!]g The procedure %s coul !This program cannot be run in DOS mode. (t+i>R T|LjSHx : t>QV t`[-V7tZ TWl:En tWvN(30 TYmMiC u4R$xa/ UH`wxR umxxmu user32 USQWVR UVVVWX Uw'{bds ,U=?xE.0 uXyg5E#& u?Zm]> v"_03E vaZ#eH vFam_O V+fUkt (_v|G4 vG\tfy@ Virtual VirtualAlloc VirtualFree vjBI\B VKfeHM %V *,%N vQJn%5 & )VSQ1w .|#%'W}* w"5LwwM /*W~8( w^9||H|-X w!EG*u :wGm]@ WO_u@E. wsprintfA ww>dV7 Xe5FR\ }x+m&& xS"G4!^ Xw`v:w Xx]dCa{< Xy]n/G y"^%/= Yb|qTp y}lG$] Yp~[zf .Yr|SHX ]yXYH! z]3b+] ~z/C~E ZG?"%P Z?Ja)Kl ^Z"j. q *z$#O" zW"?gi9%D zXr;SCI Z^_Y[]