Analysis Date2013-09-03 11:52:32
MD505c57dd4c36e8642077d2ec47c0fba93
SHA14112d757b40797c0b1e09e0cb12269160e0a0d6d

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 6a0a2ffcd73f481319d06853b279a96a sha1: 2e69e8854091b67a9a854e9ce2a371eeaf8b95ff size: 19968
Section.rdata md5: 56a0df15c0ba03c8a0dc145e402024b9 sha1: 2b9b3f6a42f75e3970357d3996919e58f1ff48b2 size: 2560
Section.data md5: d67beeb5ef4314fcb1ff97a9d8ce0791 sha1: e432f76b8d2bdc2595513b9c2f98cb84d2174774 size: 4096
Section.rsrc md5: 73d0eeea97c09fa1f856398e0bcfed31 sha1: 542219ddf420a5ac9482a29511988cd6763487b7 size: 1024
Timestamp2010-10-05 12:31:46
VersionLegalCopyright: 0HpjL 1Iw8Q 8SKy xnVmg8 ZHNe
InternalName: 4JwuI
FileVersion: 143.100.16360.33346
CompanyName: gUqO9I 3i5vGs M3xebit OkVp8KWjW yhUfS0A
ProductName: HNhwWh 6z3XbVB NZbqPbQzk yezzoRy1
ProductVersion: 190.182.59745
FileDescription: xaNO Rjg0G 5j3mXe TdKkZ MHEj8NtO3o ufbT
OriginalFilename: wm9vo
PackerBorland Delphi 3.0 (???)
PEhash50e574b426f89aa14727e4fb8c7ea30dc8c52815
AVavgCrypt_s.CGR
AVaviraTR/Crypt.ZPACK.Gen

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates File\Device\Afd\Endpoint

Network Details:

HTTP GEThttp://123.108.108.42/api/dom/no_respond/?ts=d24bbf463f5c63b763bd1eea0d91f4b81c7743e9&token=sysdocx1&group=sdx&affid=00303
User-Agent:
Flows TCP192.168.1.1:1031 ➝ 123.108.108.42:80
Flows TCP192.168.1.1:1031 ➝ 123.108.108.42:80

Raw Pcap
0x00000000 (00000)   47455420 2f617069 2f646f6d 2f6e6f5f   GET /api/dom/no_
0x00000010 (00016)   72657370 6f6e642f 3f74733d 64323462   respond/?ts=d24b
0x00000020 (00032)   62663436 33663563 36336237 36336264   bf463f5c63b763bd
0x00000030 (00048)   31656561 30643931 66346238 31633737   1eea0d91f4b81c77
0x00000040 (00064)   34336539 26746f6b 656e3d73 7973646f   43e9&token=sysdo
0x00000050 (00080)   63783126 67726f75 703d7364 78266166   cx1&group=sdx&af
0x00000060 (00096)   6669643d 30303330 33204854 54502f31   fid=00303 HTTP/1
0x00000070 (00112)   2e300d0a 486f7374 3a203132 332e3130   .0..Host: 123.10
0x00000080 (00128)   382e3130 382e3432 0d0a0d0a            8.108.42....


Strings