Analysis Date2013-11-05 13:42:24
MD586dd715a8d28788e68a575207d66df34
SHA1351d61cb8d67f78c55149a878ef8d8197a4571f6

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 38f65ba6a8043c244bde4b639049eeab sha1: c999384e409dff88f0369871f881e3069b9e521a size: 7680
Section.rdata md5: 2fb8b120698fe4be225c579758e4504e sha1: 6f9dab39ccbd6037f9c326d5c81bcd81daa613cf size: 2560
Section.data md5: 036841e3c4b2147260c41a2b06ef2a89 sha1: a360a397d54576e17a7e6437ee90da97c2dcd962 size: 2048
Section.rsrc md5: 0ead19d827b10755f59172aea238c585 sha1: 9f450014039ed494bb71c5d79a2d984bbd8a7e44 size: 1024
Timestamp2011-08-09 01:37:23
VersionLegalCopyright: Copyright ? 2002
InternalName: SMAgent
FileVersion: 3, 2, 6, 0
CompanyName: Analog Devices, Inc.
PrivateBuild:
LegalTrademarks:
Comments:
ProductName: SoundMAX service agent
SpecialBuild:
ProductVersion: 3, 2, 6, 0
FileDescription: SoundMAX service agent component
OriginalFilename: SMAgent.exe
PackerMicrosoft Visual C++ v6.0
PEhash45f2466133d0cf70f19d7b17a3c0d83708a9e302
AVaviraTR/Spy.Gen
AVavgDownloader.Agent2.AXCA
AVmsseBackdoor:Win32/Likseput.B

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Network Details:

DNSflash.aoldaily.com
Type: A
81.166.122.234
Flows TCP192.168.1.1:1031 ➝ 81.166.122.234:443
Flows TCP192.168.1.1:1032 ➝ 81.166.122.234:443
Flows TCP192.168.1.1:1033 ➝ 81.166.122.234:443
Flows TCP192.168.1.1:1034 ➝ 81.166.122.234:443

Raw Pcap
0x00000000 (00000)   804c0103                              .L..

0x00000000 (00000)   802b01                                .+.

0x00000000 (00000)   804c0103                              .L..

0x00000000 (00000)   802b01                                .+.


Strings
040904e4
3, 2, 6, 0
Analog Devices, Inc.
Comments
CompanyName
Copyright ? 2002
FileDescription
FileVersion
InternalName
LegalCopyright
LegalTrademarks
OriginalFilename
PrivateBuild
ProductName
ProductVersion
SMAgent
SMAgent.exe
SoundMAX service agent
SoundMAX service agent component
SpecialBuild
StringFileInfo
Translation
VarFileInfo
VS_VERSION_INFO
090205
%-24s %s
%-26s %5d
??2@YAPAXI@Z
??3@YAXPAX@Z
Accept:*/*
_acmdln
_adjust_fdiv
ADVAPI32.dll
AllocConsole
 and the PID is %d
Cache-Control:max-age=0
Cache-Control:no-cache
CD-ROM		
CloseHandle
CloseServiceHandle
\cmd.exe
CmdPath=
Computer:
%ComSpec%
CONIN$
Content-Length: %d
_controlfp
ControlService
ControlService failed!
Create failed with %d!
CreateFileA
CreatePipe
CreateProcessA
CreateProcessAsUserA
CreateProcess failed!
CreateThread
CreateToolhelp32Snapshot
__CxxFrameHandler
@.data
EnumServicesStatusExA
_except_handler3
ExpandEnvironmentStringsA
Failed!
Failed with %d!
FileSize:	%d
Fixed		
GetComputerNameA
GetConsoleDisplayMode
GetCurrentProcess
GetDriveTypeA
GetExitCodeProcess
GetFileAttributesA
GetFileAttributes Error code: %d
GetFileSize
GetLastError
GetLogicalDrives
__getmainargs
GetModuleHandleA
GetStartupInfoA
GetSystemDirectoryA
geturl
GetUserNameExA
GetVolumeInformationA
GetWindowsDirectoryA
<h1>Bad Request (Invalid Hostname)</h1>
HttpAddRequestHeadersA
HttpOpenRequestA
HttpSendRequestA
_initterm
InternetCloseHandle
InternetConnectA
InternetOpenA
InternetQueryOptionA
InternetReadFile
InternetSetOptionA
Invalid		
KERNEL32.dll
list process failed!
list service failed!
lstrcatA
memset
Mozilla/4.0
Mozilla/5.0
MSVCRT.dll
OpenP failed with %d!
OpenProcess
OpenProcessToken
OpenSCManagerA
OpenSCManager failed!
OpenServiceA
OpenService failed!
OpenT failed with %d!
__p__commode
PeekNamedPipe
__p__fmode
pidrun
Pragma:no-cache
Process32First
Process32Next
Process cmd.exe exited!
Program started!
Proxy-Connection:Keep-Alive
PVVVWV
QVVVPVV
Ramdisk		
`.rdata
ReadFile
Remote		
Removeable		
%*[^/]%*[/]%*[^/]%s
%s Connected!
Secur32.dll
Service does not exist!
Service doesn't start!
Service is running already!
Service started!
Service still running!
Service stopped!
Service stop pending!
__set_app_type
SetCurrentDirectoryA
SetStdHandle
__setusermatherr
Shell started fail!
Shell started successfully!
Shell started,wait to terminate it.....
Sleep Time:
So long!
sprintf
sscanf
Started already,
StartServiceA
StartService failed!
Start shell first.
strcat
_strcmpi
strcpy
strlen
strrchr
Syntax error!
Syntax error!	Usage:	getf/putf FileName <N>
Syntax error!	Usage:	GetUrl URL FileName
Syntax error!	Usage:	kill </p|/s> <pid|ServiceName>
Syntax error!	Usage:	list </p|/s|/d>
Syntax error!	Usage:	start </p|/s> <filename|ServiceName>
t4j SV3
\tasks
TerminateProcess
!This program cannot be run in DOS mode.
t<Ht2Ht(Ht
t:hXE@
Totally %d volumes found.
Unkown		
URLDownloadToFileA
urlmon.dll
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU
Volume on this computer:
Volume	Type		Volume Name
WaitForSingleObject
whoami
WININET.dll
WPhpB@
WriteConsoleInputA
WriteFile
_XcptFilter
YYh<E@
YYSSSSS
YYt5j\