Analysis Date2013-08-25 04:08:07
MD5a3454ef938b20970445ec71fed8b7c62
SHA14114d1eb2c29680b2625e79e1326d219a9749335

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 86001be78e70ef74f72af800e8dc1f5b sha1: 0e482e8e6a42d3a90ebb6a390b83d1f79f236764 size: 13824
Section.data md5: 95caf1f2c2134046613f7a083d504770 sha1: 09c9d2c9b8c4577f93b4b9cbaeba5a1ce4f24a24 size: 512
Section.rdata md5: 0eb9e42c316db6c0a76b987c21bf2698 sha1: 84b973c700061f4ecc9e97d89ecdce69b89f5657 size: 1024
Section.bss md5: d41d8cd98f00b204e9800998ecf8427e sha1: da39a3ee5e6b4b0d3255bfef95601890afd80709 size: 0
Section.idata md5: 4426e7d5dba1b662306174b24cc0a741 sha1: f57fbf884a91383bd68641e41f2acaa459a1138f size: 3072
Section.rsrc md5: acd33b8a073d68550f4f35d187410447 sha1: 43a106ab23a00c8d8b594d185de5e0667ef7266c size: 32256
Timestamp2010-11-15 15:16:29
PEhashd9ad7a3b50962450aed2c22808ec166445685919
AVavgGeneric32.LGT
AVmsseTrojan:Win32/Startpage.NT
AVclamavTrojan.Startpage-1571

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

RegistryHKEY_LOCAL_MACHINE\SOFTWARE\WinRAR\rpc ➝
CodonfMARnd
Creates FileC:\Program Files\Lenovo\inchar32.dat
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\linkp_gverych.tmp
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\ins1.tmp
Creates MutexCodonfMARnd

Network Details:


Raw Pcap

Strings