Analysis Date2018-06-11 21:08:04
MD501ac96f80e833087c0979dcef38a68df
SHA13c350e28cd127dba8094aa746c61afec66a65dc6

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
SectionUPX0 md5: d41d8cd98f00b204e9800998ecf8427e sha1: da39a3ee5e6b4b0d3255bfef95601890afd80709 size: 0
SectionUPX1 md5: d69844598cf08421e9108e3872b82d3c sha1: d51a0e876d8189c4dde5d3910620cc6a8aeff450 size: 9216
Section.rsrc md5: 841d4b2d264df55b0aabc26e0e4f7f92 sha1: fe96e63d64eca43d89b48f631499c4d071251373 size: 230912
Timestamp2009-06-13 12:28:10
VersionLegalCopyright: Copyright (C) 2009 HGACSystem v1
InternalName: Versiyon 1
FileVersion: 1, 0, 0, 7
CompanyName: www.hepgel.com
PrivateBuild: 6.0
LegalTrademarks: HGACSystem v1
Comments: HGACSystem v1
ProductName: HGACSystem v1
SpecialBuild: 6.0
ProductVersion: 1, 0, 0, 1
FileDescription: HGACSystem v1
OriginalFilename: HGACSystem.exe
PackerUPX -> www.upx.sourceforge.net
PEhash6f94b917e041e0161175a79ec5e6c4d3704837c7
IMPhash2b07ba9c1e54b04624dfdda69d875a1d
AV360 SafeBackdoor.Generic.253511
AVAd-AwareBackdoor.Generic.253511
AVAlwil (avast)Malware-gen:Win32:Malware-gen
AVArcabit (arcavir)Trojan.Inject.Asis
AVAuthentiumW32/Backdoor.MSGC-5288
AVAvira (antivir)TR/Inject.andu
AVCA (E-Trust Ino)no_virus
AVCAT (quickheal)Trojan.Inject.andu
AVClamAVno_virus
AVDr. WebTrojan.DownLoader2.62742
AVEmsisoftBackdoor.Generic.253511
AVEset (nod32)no_virus
AVFortinetW32/Inject.ANDU!tr
AVFrisk (f-prot)no_virus
AVF-SecureBackdoor.Generic.253511
AVGrisoft (avg)Generic16.AESC
AVIkarusTrojan.DelFiles
AVK7Trojan ( 0045ed2e1 )
AVKasperskyno_virus
AVMalwareBytesno_virus
AVMcafeeno_virus
AVMicrosoft Security EssentialsTrojan:Win32/Trufip!rts
AVMicroWorld (escan)Backdoor.Generic.253511
AVNormandoslegacy/Suspicious_Gen2.BIUYM
AVRisingno_virus
AVSophosno_virus
AVSymantecTrojan.Gen
AVTrend MicroTROJ_SPNR.29KT11
AVVirusBlokAda (vba32)Trojan.Inject
AVYara APTno_virus
AVZillya!Trojan.Inject.Win32.12903

Runtime Details:

Screenshot

Process
↳ C:\Windows\System32\lsass.exe

Process
↳ C:\Users\Phil\AppData\Local\Temp\3c350e28cd127dba8094aa746c61afec66a65dc6.exe

Network Details:


Raw Pcap

Strings
QS
..F
>.3
.
.
.
.
r.q....
QS
..F
>.3
.
.
.
.
r.q....

041F04B0
1, 0, 0, 1
1, 0, 0, 7
Comments
CompanyName
Copyright (C) 2009 HGACSystem v1
FileDescription
FileVersion
HGACSystem.exe
HGACSystem v1
InternalName
LegalCopyright
LegalTrademarks
OriginalFilename
PrivateBuild
ProductName
ProductVersion
SpecialBuild
StringFileInfo
Translation
VarFileInfo
Versiyon 1
VS_VERSION_INFO
www.hepgel.com
|[[_?[
}|";;#"
$!_&,+
+==.##
0(<<<(
/02lZ[^
?0PH7X$$u
10/:^_Y
12.Rprl
+().1++38Z[e
.&($1'(%6'(%3&'$+#%!
178Djuv
	18b]?#j
18egE\
-$;.,19
))1?DFA
1L;{)n*
,-*2/0,@./+<-.+5+-).%&#&
22^9n*C
22?k0ui
23=dZ[W
23/H887
$!/2FyN
2Lg|t$
%%2W+*R
33333H
35@PEGC
##3PGHD
3\wvfg-U4
452Bhhk
4FG~O]
4|\G|Ak
4MD<4,8
4U^u?%x
()&4wxs
5540Z[U
55MXLL\
56;Q$$:
577Q'$m
5AbuK.
5p*rkU
5V[M>88
5w?YzZ
5XMvLW
69q8:9
\6h63}
6_xoeU
7847xzs
786_00A
7"e4a:
:<7Efgj
7\Fzf=
7Gd0K(?P
	7jrK/Q:
:@\8 5D
8:5Nlnh
\.+8argu
8BJ5-u
8;=fog
8hob29
8/=ocP:#
8wwG[w
/9$59]
9;7H}~w
:(9H9p9B
9hnE {(
9ip'Ef
>?9'npj
9TQpu8d
$a }+-]
;A1d)?
A[7tiJS
AA>olnh
aa_Xfha
ABB`./-=
abbAAA
ABIm" G
a`^ghic
;>:~am4b}s
a(QjjQ
aQX.A|
]AzYAba!A
B5O;WJa
b6[@1PZ,SjlU
bayis~a
bb`N(b
(BEAen
bEYI+o
Bfid"[
$B.JR2?
&'$B@@M
Bo{1*X.
BO>9m_
Bp!/8m
Bp:JQx
[bqfi.c
@B@T$%"
b@Ye<v)
C3334C?
c6MC}~
c6zALZ8
CC*******Ct
cEE[!M1XL\
cg"UUDDDDR
c	`JGH
C]jKY=u
CreateProcessAGetStringTy
=<CurQnt
CV|CR`!
\`:CYU
`^D <5
d6Ck1H
da1d`E
DEB/opl
`>/dEwQR:
;dF]U)
D*&I#!
%DI(W&
:>D:>N@i
DUC-3#4
DV;Fit
E[c8#DTG5
eCbrToMJ^By[Z.
E)}cK,
egajDEC
E-GkO?
~(e]{M
E!Mv'''
ErP}R/|
essageBoxA
ExitProcess
[]F.1s
f1z%Yz
+f5:E+!
Fe t		
$(F_#G
fgw}S?
'(%-fhc
FIr]XX
*fj d_
fLgsNO
fs"dee
^f/snP
FuVEDF
G>05)':
G	7F	M!h
&G&887
G8=s:W
GetLa2A
GetProcAddress
g%I)k5
gjcz_c[aX[QGLNG-')$
gkcv\`WV@A=6()%
)),gkk
GLn?Mi
gQ<>;>
gYFlF1
h0Z]e:
h#4{QB
h677Y_[
}heap7'7not=w
HGACSyU
`H*h"MH2
 ! &HHO
@HicvF
hmyR"e
hpi&<Q)
htuMNv
HUU6yO
i+a#nX
^IDAT"4
IDAT}^S
i#f",i
IHFI`a\
-\[^iP
iT\dw/
?IVS+-
I{z(`/
+%iz|cR
iZ.VW<|
,\,J(`
J;	;8)`
  Jb  
?j@bY"
Jd<a~I
j)iV#Ib
Jj;rZZ
:jK@(4
jleu`c[YSTO<9;5"%&"
JLFj::9
`jV`YY
JY^r9.
`>k0$;
 Kablto iniValiz
)ka(_>Y
KDEUU"",
KERNEL32.DLL
ki Dosyay
#K#".IKIn
k,#;\Kf
,klwn>
,KNKYKYY
l(_4{m
l_9vG/
LNHvnnj
LoadBKf
LoadLibraryA
lw"UUUS3Z
M3+&gR7??t
M80x^c1e
me error 
MessageBoxA
M_*ex\/X
mgx|yA
m!hzAO
mk2bPI5
m;&]]]M4
<mm8q^v	
MNrrp]u
ModuleHand
MPH2rsm
*MQQ@#]
Mu	Wq	>
}+M@VkP
mwsX1so
$My.$c
[			n&'&
N,(`!(
ncF9EY
)N@ e=%
&nFxXU
"NNN89y
npo``_/
}NUpQCte
nuvwww
nYY^z`ui
ob0"j`
!+*OiY[U
$$$)ONY
OPa}FFb
Ot99b.
['Oxhi
P!8?}D
P$Brns
peLCMap
p@gram Jm
{[PNBw
POM~rtm
po\,xb
PQKS@A>
PQSnFHCO13/2"# 
PQ^VVo!8
pur+virtu!3
PVv{pa
P/$Y%7
)>/.=Q
Q1l,PD
|q6cFZf
Q @9`"
q}:aQV\
@Q-Ea_
\QJK='
QSNs>?=
QwDVSU
QWU]PPR
r%333c$
r%c3333<+
RF$hUBgj
{||^Rr
Rrd-xO
-.*)rsm
rU<%#3
rUR"TDDDUUUUR
r"UTDE'%TDDK
r"UUDBTDK
=r"UUR
RVT"KQ
r\W1dB
(s_02f
S,4 vu
S<>;5T
-S9:0CB
}>Sf@`|%B
sF`M[N
'SfsQq
S^GE'T
s]^OFQ
spac#f{low\v
SSSSSSSS9
%$$$sum
SUM>tvp
#%$SWUdbaXRR
sxxtmoow
*:&<*(|t".
=t9@eBg!
th7[dy
!This program cannot be run in DOS mode.
T	o5;a
tupInfo
TVPtnnj
TVQh,-)/
tw^8::zugg
<Tx|M|0
!tXYYA
u"A0z!
@ua{1~
u)A,LWKtT
>UH?0 
?ujuy5@
	UnhZd
USER32.dll
uTDURwww"|
ut}fFh
UUUBBB
U<x0n!
VC20XC00
vfffww}U?
vfwwvfi
VGTUE#
VirtualAlloc
VirtualFree
VirtualProtect
v,MIMCS
V~N0T6
VOH+$d
"VOo`e
v<|p_&=;
V[sion
vt%=%)
;_Vv{)2`!
=vwv9==
{VWV~nq~
VXOKuxq
VYQQ]`Yz`b[
((@w66Ah015O./-4
w%DKDUDU"U"}
"W DT,.EKT
w=GwH[9
 w^_l6
Wnlm,gA
wOOkRR
Wqq1n~
wr""#o>2
=wr"%UDDDER%K
w%TDR"UTEUUTDD,
w"UTDM3
w"UUUF3
wwr"s3DD
wwr"UT
ww"TDDDDUUUR,
wwv3%UD
wwwffgwg
wwwrs3EDK
;wwY;;KZZ
Xk1ZWjB[
x:#MRNNN(
XNv;BT
XPTPSW
""-X" R
x|rLw^q
_X@s%32.d*?
Xt;s7Em
x|y~vvg0
''&=xzs
XZUxAB>S
Y2RdfLg3
Yanlis
&YBE(:
{YE-/B
%Y?[Es!
{}&yF0
y"=	<R
YsYWlq
_`Y}]`Xx\_Wq[]WhZ\UbXZTZWZRRAC>H-.+B+,):)*'1()%*%'#$#$!
|zf[UU
ZK;ob/
?@<zLLg
zOQmnmq