Analysis Date2014-11-28 18:47:20
MD53631d03f7fd8b7e6e6154bfcbc4ec1e8
SHA132a6965a3b429875e8879bfc68f65699587b3c9b

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 1ff6cfd1a9d4f4a8caa31a0198dc71ef sha1: 69c814cd5e2190cb679c56b0e1e834c310c9dcbc size: 121344
Section.rsrc md5: c0958d19200efedf0fd1e04860606f3a sha1: 0c00517aea12450d6bb944074b428d14bf979d08 size: 16896
Timestamp2008-07-29 22:55:23
VersionLegalCopyright: Copyright (C) 2003-2008
InternalName: Freegate
FileVersion: 0, 0, 0, 0
CompanyName:
PrivateBuild:
LegalTrademarks:
Comments:
ProductName: Freegate Application
SpecialBuild:
ProductVersion: 0, 0, 0, 0
FileDescription: Freegate Application
OriginalFilename: freegate.EXE
PackerPeCompact 2.xx (Slim Loader) -> BitSum Technologies
PEhash90db43907c9252e99e77086521cc82b2a844c55e
IMPhash09d0478591d4f788cb3e5ea416c25237
AV360 SafeTrojan.GenericKD.1943373
AVAd-AwareTrojan.GenericKD.1943373
AVAlwil (avast)Malware-gen:Win32:Malware-gen
AVArcabit (arcavir)no_virus
AVAuthentiumW32/Trojan.DKMS-3332
AVAvira (antivir)BDS/Rogue.139264
AVBullGuardTrojan.GenericKD.1943373
AVCA (E-Trust Ino)no_virus
AVCAT (quickheal)Backdoor.Clack.r2
AVClamAVno_virus
AVDr. WebTrojan.Proxy.3764
AVEmsisoftTrojan.GenericKD.1943373
AVEset (nod32)no_virus
AVFortinetW32/Clack.K!tr.bdr
AVFrisk (f-prot)no_virus
AVF-SecureTrojan.GenericKD.1943373
AVGrisoft (avg)BackDoor.Generic_c.ACHK
AVIkarusBackdoor.Win32.Clack
AVK7Backdoor ( 04c4c5c21 )
AVKasperskyBackdoor.Win32.Clack.k
AVMalwareBytesTrojan.Agent
AVMcafeeGeneric.dx
AVMicrosoft Security Essentialsno_virus
AVMicroWorld (escan)Trojan.GenericKD.1943373
AVRisingno_virus
AVSophosno_virus
AVSymantecTrojan.Gen
AVTrend Microno_virus
AVVirusBlokAda (vba32)Trojan.Proxy

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

RegistryHKEY_CURRENT_CONFIG\Software\Microsoft\windows\CurrentVersion\Internet Settings\ProxyEnable ➝
NULL
RegistryHKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Dgdebdtf ➝
5120
Creates FileC:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat
Creates FileC:\Documents and Settings\Administrator\Cookies\index.dat
Creates FilePhysicalDrive0
Creates FilePIPE\lsarpc
Creates File\Device\Afd\Endpoint
Creates File\Device\Afd\AsyncConnectHlp
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat
Creates Mutexc:!documents and settings!administrator!local settings!history!history.ie5!
Creates MutexWininetConnectionMutex
Creates Mutexc:!documents and settings!administrator!cookies!
Creates Mutexc:!documents and settings!administrator!local settings!temporary internet files!content.ie5!

Network Details:

DNSw61.ziyoulonglive.com
Type: A
DNSw62.ziyoulonglive.com
Type: A
DNSw63.ziyoulonglive.com
Type: A
DNSw64.ziyoulonglive.com
Type: A
DNSw65.ziyoulonglive.com
Type: A
DNS2adc94a80e7323c474bd8a0720bef8d41acbd3fb.6e80e4495ec782b711c9277c7e4821785b62226d.4.ziyouforever.com
Type: MX
DNSa48d1b007c8d88c9e573a4ec6eba690d949a5c53.1c7e4f44cf09ac5c5fcdb6a5c25ba66a8768f660.4.ziyouforever.com
Type: MX
DNSfc5616cc92232ec8517d63e2f0fcea63cc41519f.f2d0e9457b076b52c18b35cbf8834c09c0a21036.4.ziyouforever.com
Type: MX
DNSa31ffe28bf50352eeb07056ea916da589308b97b.dfa3f2a3c17d0dde986105f0182d7d54bd7b0c73.4.ziyouforever.com
Type: MX
DNS28195b7e3250f8f00546e1947800ffdc180e1c2d.52a33f7d2f3ce924497720749220bd22cf2b2a3d.4.ziyouforever.com
Type: MX
DNScf69a558877ff1d166191d9c674b32e9ff7ee20b.e78c365c4c63152c563ced41b7a9bc031998d805.4.ziyouforever.com
Type: MX
DNSe79f29fb73284d9cb83b2dfade348c48d7886ea8.13db8a119241254aef4353e021d4bf3c1c741b6a.4.ziyouforever.com
Type: MX
DNS2b7fd25d87004c6f197c4a97b8d9bab5c02006d5.af6050aabfdd0ab452752d8e96456c49e4c19851.4.ziyouforever.com
Type: MX
Flows UDP192.168.1.1:1031 ➝ 38.99.76.229:53
Flows UDP192.168.1.1:1032 ➝ 38.35.193.158:53
Flows UDP192.168.1.1:1032 ➝ 38.65.238.191:53
Flows UDP192.168.1.1:1031 ➝ 88.85.74.8:53
Flows UDP192.168.1.1:1032 ➝ 38.121.7.4:53
Flows UDP192.168.1.1:1032 ➝ 38.52.86.4:53
Flows UDP192.168.1.1:1032 ➝ 38.90.52.20:53
Flows UDP192.168.1.1:1031 ➝ 211.115.66.121:53
Flows UDP192.168.1.1:1032 ➝ 38.8.89.139:53
Flows UDP192.168.1.1:1031 ➝ 192.88.195.10:53
Flows UDP192.168.1.1:1032 ➝ 38.229.52.56:53
Flows UDP192.168.1.1:1032 ➝ 38.124.246.93:53
Flows UDP192.168.1.1:1031 ➝ 202.27.17.253:53
Flows UDP192.168.1.1:1032 ➝ 38.169.113.191:53
Flows UDP192.168.1.1:1032 ➝ 38.255.164.59:53
Flows UDP192.168.1.1:1032 ➝ 38.154.10.26:53
Flows UDP192.168.1.1:1031 ➝ 63.90.67.11:53
Flows UDP192.168.1.1:1032 ➝ 38.187.73.55:53
Flows UDP192.168.1.1:1032 ➝ 38.31.161.238:53
Flows UDP192.168.1.1:1031 ➝ 209.191.16.131:53
Flows UDP192.168.1.1:1032 ➝ 38.108.170.121:53
Flows UDP192.168.1.1:1032 ➝ 38.155.32.47:53
Flows UDP192.168.1.1:1031 ➝ 143.166.82.252:53
Flows UDP192.168.1.1:1032 ➝ 38.133.71.220:53
Flows UDP192.168.1.1:1031 ➝ 38.99.76.229:53
Flows UDP192.168.1.1:1032 ➝ 38.188.56.178:53
Flows UDP192.168.1.1:1032 ➝ 38.210.125.75:53
Flows UDP192.168.1.1:1032 ➝ 38.211.181.4:53
Flows UDP192.168.1.1:1032 ➝ 38.104.12.145:53
Flows UDP192.168.1.1:1032 ➝ 38.227.90.71:53
Flows UDP192.168.1.1:1032 ➝ 38.189.151.150:53
Flows UDP192.168.1.1:1032 ➝ 38.148.218.131:53
Flows UDP192.168.1.1:1032 ➝ 38.33.166.85:53
Flows UDP192.168.1.1:1032 ➝ 38.41.255.155:53
Flows UDP192.168.1.1:1032 ➝ 38.181.225.55:53
Flows UDP192.168.1.1:1032 ➝ 38.64.8.106:53
Flows UDP192.168.1.1:1032 ➝ 38.244.140.201:53
Flows UDP192.168.1.1:1032 ➝ 38.138.151.88:53
Flows UDP192.168.1.1:1032 ➝ 38.27.124.220:53
Flows UDP192.168.1.1:1032 ➝ 38.48.17.114:53
Flows UDP192.168.1.1:1032 ➝ 38.45.90.86:53
Flows UDP192.168.1.1:1032 ➝ 38.60.92.227:53
Flows UDP192.168.1.1:1032 ➝ 38.190.71.167:53
Flows UDP192.168.1.1:1032 ➝ 38.204.197.183:53
Flows UDP192.168.1.1:1032 ➝ 38.205.131.63:53
Flows UDP192.168.1.1:1032 ➝ 38.151.54.94:53
Flows UDP192.168.1.1:1032 ➝ 38.129.129.247:53
Flows UDP192.168.1.1:1032 ➝ 38.25.142.242:53
Flows UDP192.168.1.1:1032 ➝ 38.14.38.100:53
Flows UDP192.168.1.1:1032 ➝ 38.2.148.17:53
Flows UDP192.168.1.1:1032 ➝ 38.78.223.129:53
Flows UDP192.168.1.1:1032 ➝ 38.209.105.242:53
Flows UDP192.168.1.1:1032 ➝ 38.179.244.70:53
Flows UDP192.168.1.1:1033 ➝ 38.99.76.229:53
Flows UDP192.168.1.1:1033 ➝ 88.85.74.8:53
Flows UDP192.168.1.1:1033 ➝ 211.115.66.121:53
Flows UDP192.168.1.1:1033 ➝ 192.88.195.10:53
Flows UDP192.168.1.1:1033 ➝ 202.27.17.253:53
Flows UDP192.168.1.1:1033 ➝ 63.90.67.11:53
Flows UDP192.168.1.1:1033 ➝ 209.191.16.131:53
Flows UDP192.168.1.1:1033 ➝ 143.166.82.252:53
Flows TCP192.168.1.1:1034 ➝ 175.181.101.252:443
Flows TCP192.168.1.1:1035 ➝ 175.181.114.173:443
Flows TCP192.168.1.1:1036 ➝ 1.161.151.225:443
Flows TCP192.168.1.1:1037 ➝ 118.169.168.243:443
Flows TCP192.168.1.1:1038 ➝ 122.121.11.111:443
Flows TCP192.168.1.1:1039 ➝ 114.43.197.79:443
Flows TCP192.168.1.1:1040 ➝ 114.27.38.18:443
Flows TCP192.168.1.1:1041 ➝ 36.224.10.251:443
Flows TCP192.168.1.1:1042 ➝ 64.235.32.206:53
Flows TCP192.168.1.1:1043 ➝ 129.66.95.3:53
Flows TCP192.168.1.1:1044 ➝ 141.151.0.68:53
Flows TCP192.168.1.1:1045 ➝ 211.10.204.5:53
Flows TCP192.168.1.1:1046 ➝ 64.80.255.251:53
Flows TCP192.168.1.1:1047 ➝ 128.30.52.200:53
Flows TCP192.168.1.1:1048 ➝ 208.101.39.236:53

Raw Pcap
0x00000000 (00000)   1603                                  ..

0x00000000 (00000)   1603                                  ..

0x00000000 (00000)   1603                                  ..

0x00000000 (00000)   1603                                  ..

0x00000000 (00000)   1603                                  ..

0x00000000 (00000)   1603                                  ..

0x00000000 (00000)   1603                                  ..

0x00000000 (00000)   1603                                  ..

0x00000000 (00000)   02                                    .

0x00000000 (00000)   02                                    .

0x00000000 (00000)   02                                    .

0x00000000 (00000)   02                                    .

0x00000000 (00000)   02                                    .

0x00000000 (00000)   02                                    .

0x00000000 (00000)   02                                    .


Strings
.
.-..
.
.
5.
x...
SC
;
..[
.
.
..
..
.
0, 0, 0, 0
040904b0
Comments
CompanyName
Copyright (C) 2003-2008
FileDescription
FileVersion
Freegate
Freegate Application
freegate.EXE
InternalName
LegalCopyright
LegalTrademarks
OriginalFilename
PrivateBuild
ProductName
ProductVersion
SpecialBuild
StringFileInfo
Translation
VarFileInfo
VS_VERSION_INFO
)@@*(,(
0D'rdyx
0kk=!q
-0u}%r
~188881~
%+(1HI
1Pk|q-K
2D>F\yy7s
2Gje@C
2\<(-MUUVVVV
=~35\k-Lf
3CTc(y
3DfXN=
3PR_{GY1
4E@E6M
\(*4NV
56i$0i&
5Eb#g5
6DW=.>
*]#71gf
/7ju=jT
@7N[uPy
7s/uI`
~8880000/01
89]n\~
8aIydO
#8R>44
8V7}R5e
8;vLr2
8|xa1~9
9Dj#il
`%9mJ5
a5g9O;p
a{cA3{
AExi>$/
A	f'~	
}~AG:C
a/jf1E
aKRXK#
AKXh4Pa
a-qy{q
A,^tvQx
>/AwuZ
$`b*!'
b)AW}k
b:f17^
BoxOA	@Vh
|b[ ;r
bSjv?I
Bspr9a
By:B,&B
B|ZbOc4
!c6E+E
^c7hOZ
c9dk}ft
C|\_e:uEvc\
C#I7oyl'4
c-iQ(Zg
;@ cO=
C-qx{m
c$V9Yp
&C|Vik
^!D75r
d)e&s-
~DiR?]
{;DMI@t'
D#M}VBZc
`d|n hu-
]D@TD,
DVTVU0"
\D<"W.
>E>6Eq
eCFNJE
}E=ja%
!:Ep6e
f18=c9
f31z{n
<F5C3wsJ
f{5Dj%56
fc3~\U
F#E5^E
fl~-qdn
Foazew
/fr$}d
FUyMHsT
FW=|)7G
+|fWP"
fxVW9{
FZ7toKqn
G''+9T
GDi/>L
gDjADV
G	@EQt`
GetProcAddress
"gG	QUs
:g<]h|
$gn%*A
GRH[`b
`!GT,wF
GXg>;O
H3*v&ct
$h8jg{
hA:}Zv
hdWTZis
|/;!h!p`
hy|E)v
 'hYH$
`If/3*z
>@[IHQ
iIH1+\~j
ikw?8`
i)oGb<
i@@@,-P
Ip~Q&*f
iQ`hsE
irtualA
It_	{v
^(]I-u
i@;ZYd
!J&2UV
%}+J(V
j|Y)4I
-k2sh<
k3JV+4v
kernel32.dll
KGq-xv6n 2
KP*pm:M
'kR2|/
Krs9^.
{Kve7<
L^2 $k
'Lly	Yu
LoadLibraryA
?lP~h'O
}ly/nG
~#m{,A
maeW9F4
MB!<N(
mJ	6)G
m<je|z
MLKDc: 
>m$Nd_j
mOR_3dB
msvb]f
^mS.:Y
M;t&kXQ
:MV	&s(
N34;2#
n;_`5b
%<nfLh)
NH xjC
Nu8$SJ
Nvm0ow
"Nw/'0
(o1U*l-i
!(O\>e
.OE5U*
oF?L	|<Q
OHk9,>]
OJpVH9
O)!\w7
[OXo,3l
oxu#\`
>P60dw7
PEC2=O
p-gd:9
Pj@Rtr
P-@U@VAVX
QSz:Jh"
QX]kfmgzC
*Q,XYAT
]}@~ )'r
r3b+F_
r9hP']@
rB3uc6F|I
rBLUu5
R-_D8K8
RqjDA,
r&}>sp
rw@Ig:{
R'y3=%
r>zZ|u
&S/.<.,
s'0vc,
S7}'fe
s.g{BT
sGmu0D
sJ)S7>n[U
([S_-K4
S)}@NF
S;-+P5**
(s$`W3
S$wDDc-
SZi2;5
t@1( ;
}tE9Vd]
!This program cannot be run in DOS mode.
TmVLzCD
(tOs*p
TU"|/	
?TY)3' 3
_)U]@`
u6g@YL
`uCWI-
U-E	MG
Uf(U}$
uG&l;6
uGlgEk
uhX{R2
u-iHN.
ulEGf6
um on7imm
>um.%;V
umxxmu
uNR8ow
U"o[~z
>uPxq&
USQWVR
uv3`jS
UVVVWX
Ux^!tZ^
[%V*2)
V$F`PW
VirtualAlloc
VirtualFree
vjBI\B
@#VluK
"vQel=O:
({v#w$
W3R{(`$
W7'po/
#wemSg
<Wj6 BW
w'PJ5)
W#~RLC
wv/=Gz
wx(V,@
.^{xe^^
xpI3Ug
xRWs~ZD8
xUf{g.
- Y1)q
Yot #sb
*yP0xw
YrPpgI/
`Z^)JNA
z=kA;i
{zp\sL
`Zqd}yH
ZXb^U-
zXsuDJ
Z^_Y[]
Z/y&`?(E