Analysis Date2015-02-03 21:07:52
MD57f2c7edc47a3c93da4eb84dc512e5f2a
SHA1374fdec52dde58a01789e224d7f0ff0b2aec1f2b

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
SectionUPX0 md5: d41d8cd98f00b204e9800998ecf8427e sha1: da39a3ee5e6b4b0d3255bfef95601890afd80709 size: 0
SectionUPX1f md5: c2dfe6dd51e022158fd3801f50c34fa6 sha1: 4292d38afbe642a89fca22e2bd93f9605de6cd3b size: 80896
Section.rsrc md5: 587e15a5e93daa1d21b039e77e62a445 sha1: dc5b1f11e3171234b1d061b2b46e141d53136950 size: 2048
Timestamp2013-11-19 10:08:46
VersionInternalName: bytele
FileVersion: 2.01
CompanyName: loofnbdfe
ProductName: dfgtyhnjhgf
ProductVersion: 2.01
OriginalFilename: bytele.exe
PackerUPX -> www.upx.sourceforge.net
PEhashcdce98f25e72e997cd70f36bd4d2d0f30c01351d
IMPhashd26f2866f2abe9fae713862341adbaea
AV360 Safeno_virus
AVAd-AwareTrojan.Encpk.Gen.4
AVAlwil (avast)Downloader-UPK [Trj]
AVArcabit (arcavir)Trojan.Encpk.Gen.4
AVAuthentiumno_virus
AVAvira (antivir)TR/Lofan.396648
AVBullGuardTrojan.Encpk.Gen.4
AVCA (E-Trust Ino)Win32/Gamarue.LK
AVCAT (quickheal)no_virus
AVClamAVno_virus
AVDr. WebTrojan.PWS.Siggen1.10855
AVEmsisoftTrojan.Encpk.Gen.4
AVEset (nod32)Win32/TrojanDownloader.Wauchos.Q
AVFortinetW32/Agent.ADBJ!tr
AVFrisk (f-prot)no_virus
AVF-SecureTrojan.Encpk.Gen.4
AVGrisoft (avg)PSW.Generic12.RJU
AVIkarusTrojan.VBInject
AVK7Trojan-Downloader ( 00483e861 )
AVKasperskyTrojan-PSW.Win32.Fareit.ammu
AVMalwareBytesTrojan.Downloader
AVMcafeePWSZbot-FMF!7F2C7EDC47A3
AVMicrosoft Security EssentialsVirTool:Win32/VBInject.gen!LD
AVMicroWorld (escan)Trojan.Encpk.Gen.4
AVRisingno_virus
AVSophosTroj/Agent-ADBJ
AVSymantecBackdoor.Trojan
AVTrend MicroTSPY_ZBOT.SMUL
AVVirusBlokAda (vba32)TrojanPSW.Fareit

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates ProcessC:\malware.exe

Process
↳ C:\malware.exe

Network Details:


Raw Pcap

Strings
..v.
e.I
.
T
j
..
.
.y
.]..}
s
..
G/.C
.
..v.
e.I
.

040904B0
2.01
bytele
bytele.exe
CompanyName
dfgtyhnjhgf
FileVersion
InternalName
loofnbdfe
OriginalFilename
ProductName
ProductVersion
StringFileInfo
Translation
VarFileInfo
VS_VERSION_INFO
0NrU?S
!0vJT(
	0\WvD
&1e0e9A
1  FGD)
1;l0dTE
1mtyBgz9
&1wK^Y
1y)B]&
2DG2FB
2Ds F{[
2E`c>2Mc
2r1TPH
:2=SD 
\3+,{ 
3Go6_P
3_j#$U
-3W)7O
&44UR's
4>Pid2
4u;UBE
{> /{5
$5+ar=
)@5@H*I/
]%]5]K1;
5oJnIR
5V9J?My
'5v|kd
5x:R	2
62TzoQ
66;qGF
:\6ek_
6e#.R)<7N
6Fd~7`
|6L}W@%
>6Q-|_
6V$7ScB
7,235V
7?Cg)h
:`7nf^w
7,$Q)d
7#~SqF
`;7t1X
7ySC5T
[~8^ecT
8O<8@U
{+//8{X%
91sK:i~
\9B(+$
|9\@i	
?[.9+;La
9l$\w_
9=$Oq2
9u4@Pt
-/9X ^
9X!?%f
A<),;A
A.BCmZa8
A@c0C#
}aFGUH
ag1y9O
aIbjw \
a"kp=^Rl
aLxTO#'
?AM^sOQ
$ato{y
 :aWA#@%
;b2g8m
|b4,EKh
}bawVg
^bcSor
(,bdiV
!b.,f2
BhI*AC
}&-Bow|9
@B{%qa
'Bw4;{
bw6p":z
bX%-St
@C?0&I
c375x2N
\>C3b^
ckz:T(
(Cm$j9
C?Po5D'Z
CrsXW~~
^CTw2F
{cz`V@
^%d,]+
D3u\Xj
D4s(D4#N
.)D$H)
"D&jJ|
("D`ksH
dlz9:k
	D^=P	
D$t+D$\
D$t#D$h
~D;V_E
DXDL82
dYLpRNi
E;\8H<
EA_tg*
E'bJ(*
E}{bL*
E!EC>Q
!ef	74
eG!&(Y
`&E)"I
[Ei=9'
EJ0SD9
eMCOxXt
	eN8?)
E	nlL0YyV'~\_
(eo5+nUEO
e&p >?K&
Eq?pYb
E$tc9Y^vx
ExitProcess
F)2Qz&
F3	&0=qr
f@&*+57
F>	_=a
fC1Tx]
F=DF:r+D
f	Ds0v?
*F"E<w/[M
F"'I!G
F}jd8ja
}fKBd2
<\Fo,>$
~Frcl``
FULK88E!!
fZFe^&.
;{g0SDFR8
G$2y1<tJ+
>G3pV$h
gC5S_U
GetProcAddress
GO%$H_=
$==goQ
G,p+?C
G)^_uR~
hD'g<V
(H'E>>6
}~h$%EQ;
?h;;l,
HnJ>JD
h-o, w
hozR~2
_h#QSHY
`hRXCrX
)H>sxz
hu,PM~
+@hy7<:yc
-%<$/(i
	,i $.
i53t$m
I\7W	{
i|8+Wb
,,Iblo
iH< >z
(" IIG
IJSwRA
<I_piz
iW(6;	
Ix:S[;
iZ7G!Q
	>IZ+hW
":}:j,
j5NJI'
(j}cgf9
JcyI@"#D
+/J^d\/a
j/,Dj	
jE74YV
JgM22v#
jgRJE5)
J|j#"d
]!JOL>~
jq=8'n
]"J	{QO!H
J@,rjD
.J^t-Ni
,JuAROV
Jxe3\'
^JXyecsQC
.JZeXE}2h,
 \{.K8
k$	dFd
KERNEL32.DLL
kFoRxh
khgw!d
k&"HMV
#!_KN-
&^k>!R&
K=".rB
KS&@=g
kv"/p=4
++$:L-
(`L0,eA[ 
l3@A-a
 >>L3}Js
l56$I9
l}!<5f
L?5jr,R
&LA9'?
lE2?@C
LG:U/i{
Ll-~9QSm
L{LjI?
L}L]M[
lmPQ:eK
	l\Nr?|
LoadLibraryA
LOWLNpV
:l^tqK
LwV-Lu
*+m2BS
(m5n@2
m'A:G?
=;M?B#F
mbujc?
McAvODe
MCVey[
mE]SG-
]Mf%qW
m"+G=$.
m>I>17
M+i`c	f%0
mL_JAc
M	$>MP
&M?o~<
`MPR+.mI
m`]Pw|
@msqf-:?
MSVBVM60.DLL
'mxYZ	
My\i&6
m%ZecWU
n<4 Ku
_nazoa0,
newekendepgoorno
newekendepgoorno*
newekendepgoorno568948948949849ggnewekendepgoornoQ
"n<FOh
nlP2km
NN@Z/)
N#u(/H
Nzr.|	H
O0?N*O
@O4#!G%
"&o8}8
-O9e`<
.OC+h7
o)DZ=lK
^-o=V6b
#oYWlS
?p^[4.y
P{9/(U:a
P+FG9D
pFWh*`
Pg6P9>N
p}K<]V[
pn>+F}
!`&pP,	
~(PQ"8M9
	Pt^@?
`pTh9^
P+>uV9
p:WB^/
PZ1-[OIu
:Q3J`j9Z=
Q!4zGy
Q[7\)Y
q9vP: B
Q9ydG*
qA/5U-
$qd2xMR
	~qD"\N
qe[R7f\
QHwOLm
Qm3=oJg
?|qOx>
qr"BbJ
q*vW!?,
r	5fUa
rBlx/W
Rc#U8%|!
RFf;}Ef
rf-_>g
rGKllk@
rhakxc
#RHUdX
rI	WnS
<Rj0YE
RJ{30\]{
r"-L)k
|RMr%@q
R[ns^h
rNs.j|
r=pVzy
&Rs;gz
r]u..r 
rxC``C
RzE#&u
s{6 *p(
s"$BF[
.s@c=r
S!Gqc#R*
S)}KU:
s`)L$4
]S>Myw^
sS^N!>j&+
sY2zd0
SystemParametersInfoA
"sZbZW'-
t:1Ch9
t1ZCg|9
T5B"{F
t[:5P=
T6%)O\
T+bGe]
.tC?Wf
T';.D1
TH'-b#
!This program cannot be run in DOS mode.
t,jTkpd
|T	k1L-FGE
t"m/hz
&[to%!
ts7.yF
t$t#t$l
u1A/{U
u4.;PE
U,>$6w
+]U7(C
U;8Dn(
U>d_^u
ULiLxn
Uq%Zi;
=ur`0F
u'*s0]e
user32.dll
UW:lVS
UWX:{g
uX!4[]
V2ecV>
v73</#
V7O.Z)`mi
v#$ebQ
;v-g}2
V|'hh^
VirtualAlloc
VirtualFree
VirtualProtect
V{<kF=?z
vmu$<5
v) n)Q_
V_RH|Y:F@
Vr-u3l3
) V\@su
vVAj0!r
vxasa~#
VYn3a9i
+v|yXw+
;<Vz1ww
@"-%*W
w.1nX'
w-2j5$
W4Ic*'
W4rg#Y
/W6W_(
w8a0-|
.w`/Ad
WB|"B~
wBC5,u
Wbq!e&
W!-=HK
W_*HW7
wJFK,m,
+w^M1j
''Wn1m
WoBTJ$
wS7>vP
wsL3&/
\w.T 4Rf0
WwO/;i
:WYl#;
[X!3--jZB
}-x4R/
X"9)1K
Xb8f1s
~xBbeGj
XbhX S
xeoW$$F|S
XF>@(J
xG{	2*1
xjT{/m
xlu`^O
?XM.d>
Xn\L!e
Xogox/
@]>xPL
XPTPSW
_X qfJ
XR{UZV'p#
XS"&+|B1
{xSH!H31
#/#&xX
,%XY(b
/;+#YBF=q
ybPtk\
yiXl:O
Ymb2r>
Y+mUqp{
YOzMvft
Yq8#&y
)	ytuo8r
y:,U.YG1y
#yzcGj
z.#/c'
zCip(7
&zC_Z}'
Ze[F']
*ZkR)8?
z`>ktNaus
ZMkk4!P`
-ZQT!j
@zspVFQ=
<Zv@#U;
z&w2Lb
Z$wWM^
=?}z(x
#zZtWkZ1Z