Analysis Date | 2013-09-08 01:26:55 |
---|---|
MD5 | 4a35448a603b386a0464f0e150aa9a43 |
SHA1 | 2fe9e2c8c27709caded8bf9afcde07280f421863 |
Static Details:
File type | PE32 executable for MS Windows (GUI) Intel 80386 32-bit | |
---|---|---|
Section | .text md5: f77e3a8249a2433084dca8a7a03c4a02 sha1: 329cdfc8e6d3beae02fa64644bc79d45b979b876 size: 53760 | |
Section | .data md5: d41d8cd98f00b204e9800998ecf8427e sha1: da39a3ee5e6b4b0d3255bfef95601890afd80709 size: 0 | |
Section | .rsrc md5: a8ed2cf42868604495d05c05d6be6c80 sha1: f40a2cefa5a1c7e94b9f9509e9db71e208095b7b size: 2560 | |
Timestamp | 2010-07-13 08:43:14 | |
Version | ProductVersion: 3.65 InternalName: TTvtPMcC FileVersion: 3.65 OriginalFilename: TTvtPMcC.exe ProductName: e | |
Packer | Microsoft Visual Basic v5.0 - v6.0 | |
PEhash | f1ea28f3e5a0d46089d584ff27d5de10c4b8104b | |
AV | avg | Injector.UB |
AV | msse | Worm:Win32/Vobfus.S |
AV | avira | TR/Dldr.VB.dxh |
AV | clamav | Trojan.VB-19611 |
Runtime Details:
Screenshot | ![]() |
---|
Process
↳ C:\malware.exe
Creates File | \Device\Afd\AsyncSelectHlp |
---|---|
Creates File | \Device\Afd\Endpoint |
Creates File | C:\Documents and Settings\Administrator\qioupo.exe |
Creates Process | C:\Documents and Settings\Administrator\qioupo.exe |
Creates Mutex | A |
Process
↳ C:\Documents and Settings\Administrator\qioupo.exe
Registry | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\qioupo ➝ C:\Documents and Settings\Administrator\qioupo.exe |
---|---|
Registry | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden ➝ NULL |
Creates File | C:\New Folder.lnk |
Creates File | PIPE\DAV RPC SERVICE |
Creates File | C:\autorun.inf |
Creates File | C:\Passwords.lnk |
Creates File | C:\qioupo.exe |
Creates File | C:\Video.lnk |
Creates File | C:\Music.lnk |
Creates File | C:\temp.lnk |
Creates File | C:\Pictures.lnk |
Creates File | PIPE\wkssvc |
Creates File | C:\..lnk |
Creates File | C:\...lnk |
Creates File | C:\qioupo.scr |
Creates File | C:\Documents.lnk |
Creates File | UNC\192.168.1.1\PIPE\srvsvc |
Process
↳ C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Network Details:
DNS | ns1.thepicturehut.net Type: A 192.155.89.148 |
---|---|
Flows TCP | 192.168.1.1:1031 ➝ 192.155.89.148:8000 |
Raw Pcap
Strings