Analysis Date2015-02-10 07:33:03
MD5afa2e2e8690a864d7348719693399452
SHA137a921275b1204f83dbfaa6790bde43ec80a9e09

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 87f587bbdf71544a881cfdda6aa80d07 sha1: 21f6948fbce55a36d49702d26112b7ac43c99131 size: 23040
Section.rdata md5: 42595f358d82ed008b0da3cc81ff353d sha1: f534971c47ae8a0dda7a4f45207df4c00bdbedc8 size: 1536
Section.data md5: d17149f7a08bdabe111b3e079bcac994 sha1: a8f528e11bc583b4df015901fd970a620e6bba89 size: 512
Section.rsrc md5: b5ed7b029bc65184d8f3a398fb854e6d sha1: 91766ab45f59a163181e3a98dd5559fc1f5b7b64 size: 1536
Timestamp2011-01-20 00:38:21
VersionLegalCopyright: Copyright ? 1996-2010 Adobe, Inc.
InternalName: Adobe? Flash? Player Installer/Uninstaller 10.1
FileVersion: 10,1,53,64
CompanyName: Adobe Systems, Inc.
LegalTrademarks: Adobe? Flash? Player
ProductName: Flash? Player Installer/Uninstaller
ProductVersion: 10,1,53,64
FileDescription: Adobe? Flash? Player Installer/Uninstaller 10.1 r53
OriginalFilename: FlashUtil.exe
PEhash561a4da0fc04893b149495a847379a49bef6e90a
IMPhash59fcf8e5b9f472815ad488343099f36b
AV360 Safeno_virus
AVAd-AwareGen:Variant.Kazy.290327
AVAlwil (avast)Taidoor-D [Trj]
AVArcabit (arcavir)Gen:Variant.Kazy.290327
AVAuthentiumW32/Injector.AV.gen!Eldorado
AVAvira (antivir)TR/Crypt.ZPACK.Gen
AVBullGuardGen:Variant.Kazy.290327
AVCA (E-Trust Ino)no_virus
AVCAT (quickheal)Backdoor.Simbot.A4
AVClamAVWIN.Trojan.Inject-6449
AVDr. WebTrojan.DownLoad2.36100
AVEmsisoftGen:Variant.Kazy.290327
AVEset (nod32)Win32/Injector.ELH
AVFortinetW32/Injector.ELH!tr
AVFrisk (f-prot)W32/Injector.AV.gen!Eldorado
AVF-SecureError Scanning File
AVGrisoft (avg)Generic_r.CJK
AVIkarusBackdoor.Win32.Simbot
AVK7Trojan ( 002331771 )
AVKasperskyTrojan.Win32.Inject.bbyo
AVMalwareBytesTrojan.Inject
AVMcafeeBackDoor-EYG
AVMicrosoft Security EssentialsBackdoor:Win32/Simbot.gen
AVMicroWorld (escan)Gen:Variant.Kazy.290327
AVRisingBackdoor.Simbot!572E
AVSophosTroj/CeeInj-M
AVSymantecTrojan.Dropper
AVTrend MicroTROJ_KRYPTK.SMS
AVVirusBlokAda (vba32)SScope.Backdoor.Simbot

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates FileC:\malware.exe.tmp1
Creates FileC:\Documents and Settings\Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-XXXXXXXXXX-XXXXXXXXXX-XXXXXXXXXX-500\a18ca4003deb042bbee7a40f15e1970b_666939c9-243b-475e-9504-51724db22670
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\4$@2.dat
Creates FilePIPE\lsarpc
Creates Processsvchost.exe
Creates MutexDBWinMutex

Process
↳ svchost.exe

Network Details:


Raw Pcap

Strings
.
I..:.

040904b0
10,1,53,64
Adobe? Flash? Player
Adobe? Flash? Player Installer/Uninstaller 10.1
Adobe? Flash? Player Installer/Uninstaller 10.1 r53
Adobe Systems, Inc.
CompanyName
Copyright ? 1996-2010 Adobe, Inc.
FileDescription
FileVersion
Flash? Player Installer/Uninstaller
FlashUtil.exe
InternalName
jjjj
@jjjj
LegalCopyright
LegalTrademarks
OriginalFilename
ProductName
ProductVersion
StringFileInfo
Translation
VarFileInfo
VS_VERSION_INFO
0FT0Oc
1&&hkz
1?'M2q
"?2E2	x
4$@2.dat
^4ILGC%GI:
5fw'h6
6v%g[>
>8!_)yedd
A+~|\:
A>aqH/
ADVAPI32.dll
BtT~V`
CloseHandle
CopyFileA
CreateFileA
CreateProcessA
CryptAcquireContextA
CryptGenRandom
CryptReleaseContext
@.data
Dghoxz
D;{suw
EnterCriticalSection
ExitProcess
[@FJ2N
FP`xBE
}G~|;[
G=:,*4!
GetFileSize
GetLastError
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetProcessHeap
GetTempPathA
GetThreadContext
HeapAlloc
HeapFree
H-PH$3
InitializeCriticalSection
i.U04W
J%?;@j!
-J\Ol^
-:jZ]v
kernel32
KERNEL32.dll
l+/[0M
LeaveCriticalSection
l~]pY"
lstrcatA
lstrcpyA
lstrlenA
MessageBoxA
,(oD'e
OutputDebugStringA
qy(%t&][`
;R#2g|N
.rdata
ReadFile
ReadProcessMemory
ResumeThread
RIwo;IlvT
rwbinru/dyd
SetFilePointer
SetThreadContext
szFile
TerminateProcess
`#Tf;{Iu
!This program cannot be run in DOS mode.
tN|#h 
TZ3 yu8
update.exe
USER32.dll
VirtualAlloc
VirtualAllocEx
VirtualProtect
VirtualProtectEx
VirtualQueryEx
Vud6%r
wb(91p
WriteFile
WritePrivateProfileStringA
WriteProcessMemory
~x`?'W
.YsxmJ
ZwUnmapViewOfSection