Analysis Date2014-09-22 06:38:42
MD55fe6d7a246a5e6696fa4ecb29ee86062
SHA137a9932e73ccbbdd235fed0a7bc12f4b9c3c56e3

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 0ebb8343585a72ffe6649584e8373340 sha1: 034a49d17f08b26c17646ef035a96a98ed5f0207 size: 1024
Section.rdata md5: 684bd04c4e90ebb1ac24b9d56ab5240e sha1: b0c47a151ebf4f663a525c722f9b6a11ffb06edc size: 512
Section.data md5: 5bf07cabd54e52fd2dc0364d084eca09 sha1: 774b1bf46bd11fa0e6bc2ebddfc00f7c9b3924c0 size: 2048
Section.rsrc md5: 68ec8bfd2ef61c49825bef1b57f36e5c sha1: 3f361f8f10b851f93d6d4085a7fcdc88327da47c size: 3072
Section.rmnet md5: b390aacb631495f66e4fa8990c299aeb sha1: 5088dd58f7251e8dada2686ba6cb253d872f6b3c size: 57856
Timestamp1972-12-25 05:33:23
PackerE language
PEhashf6814c006ee4093380ccd81b94bd85e24916e6f3
IMPhashae0a5112fe1176f4e5f6e1bc95e4c209

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Network Details:


Raw Pcap

Strings
.
{6793B367-79D9-43F3-88B7-5EB6CF04B618}
ADVAPI32.dll
}copUNe
d09f2340818511d396f6aaf844c7e325
@.data
EfkkY7
ExitProcess
ffffff
ffffff`
fffffffff
fffffffffffhwww
fffffffffffo
fffffffffo
ffffff`ffo
fffffffh
foffffff
FreeLibrary
GetModuleFileNameA
GetNewSock
GetProcAddress
jg`jIB,
jgn}WRx
kcdYRE1
KERNEL32.dll
krnln.fne
krnln.fnr
kvv~W{*
kwpkrE>
LoadLibraryA
lstrcatA
lstrlenA
MessageBoxA
Not found the kernel library or the kernel library is invalid!
offffff
%pfnNN+
pnfx^Xf
|ppvTEe
#q`w^F9
`.rdata
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
@reloc1
@.rmnet
Software\FlySky\E\Install
|svzH_=
!This program cannot be run in DOS mode.
tn#i^Y+
USER32.dll
vclbase
VCLBase
wwwwvf
wwwwvfo
wwwwww
wwwwwww
wwwwwwww
wwwwwwwww
wwwwwwwwwwwwwwwwwwwwwwww
xnBsWD;
zjfrZXu
Zm`fxI
zmgvULe
zmn%ZX5