Analysis Date2015-05-09 10:29:28
MD53b51daa5322f0a5f97676d94773cb352
SHA15bb8cfebdbf391577eec3a23cda7cb187efe43dd

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 29d43fadd3b239d39e926584cfe5d0f2 sha1: 007b31723258f732e4996fa39a7ee9e0a9ccec7a size: 1024
Section.rdata md5: 9696c1f5f6d0aa20359dd9c3f01b8e5a sha1: f260f0e13435bf2066036a0570589e4d733591bc size: 1024
Section.data md5: d41d8cd98f00b204e9800998ecf8427e sha1: da39a3ee5e6b4b0d3255bfef95601890afd80709 size: 0
Section.rsrc md5: 29590fbd9c280a775c4ded8c7f8784e7 sha1: 2619fa946dba887e4aabc1c6293f615d90cae6a6 size: 41984
Timestamp2004-07-06 02:31:53
VersionLegalCopyright: Copyright (C) 1995-2005
InternalName: gettextsrc.dll
FileVersion: 0.14.4
CompanyName: Free Software Foundation
LegalTrademarks:
Comments: This library is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License. You should have received a copy of the GNU General Public License along with this library; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
ProductName: libgettextsrc: subroutines for gettext-tools
ProductVersion: 0.14.4
FileDescription: GPLed libgettextsrc for Windows NT/2000/XP and Windows 95/98/ME
OriginalFilename: gettextsrc.dll
PEhash712e44f8fd76b703888339588a8c4cf874764cbd
IMPhash70af587cd4b428b99127e3e41b8f9287
AVAd-AwareGen:Variant.Kazy.183265
AVAlwil (avast)Kryptik-LYO [Trj]
AVArcabit (arcavir)Gen:Variant.Kazy.183265
AVAuthentiumW32/Trojan.DBLC-1862
AVAvira (antivir)TR/Dropper.Gen
AVBitDefenderGen:Variant.Kazy.183265
AVBullGuardGen:Variant.Kazy.183265
AVCA (E-Trust Ino)Win32/Cutwail.FYLAKd
AVCAT (quickheal)TrojanDownloader.Cutwail.r4
AVClamAVno_virus
AVDr. WebBackDoor.Bulknet.893
AVEmsisoftGen:Variant.Kazy.183265
AVEset (nod32)Win32/Wigon.PH
AVFortinetW32/Pushdo.YOY!tr
AVFrisk (f-prot)no_virus
AVF-SecureGen:Variant.Kazy.183265
AVGrisoft (avg)Dropper.Generic8.AUQK
AVIkarusTrojan-Dropper.Agent
AVK7Trojan ( 0040c0821 )
AVKasperskyTrojan.Win32.Generic
AVMalwareBytesBackdoor.Bot
AVMcafeeCutwail-FCJX!3B51DAA5322F
AVMicrosoft Security EssentialsTrojanDownloader:Win32/Cutwail.BS
AVMicroWorld (escan)Gen:Variant.Kazy.183265
AVPadvishno_virus
AVRisingno_virus
AVSophosno_virus
AVSymantecW32.Pilleuz
AVTrend MicroBKDR_PUSHDO.FI
AVTwisterVirus.EF31FD3958B7E04F
AVVirusBlokAda (vba32)no_virus

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

RegistryHKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\gyplanileaho ➝
C:\Documents and Settings\Administrator\gyplanileaho.exe
RegistryHKEY_CURRENT_USER\software\microsoft\windows\currentversion\AppManagement ➝
NULL
Creates FileC:\Documents and Settings\Administrator\gyplanileaho.exe
Creates File\Device\Afd\Endpoint
Creates Mutexgyplanileaho

Network Details:

DNSsmtp.glbdns2.microsoft.com
Type: A
65.55.163.152
DNSsmtp.live.com
Type: A
Flows TCP192.168.1.1:1031 ➝ 65.55.163.152:25

Raw Pcap

Strings
.
".g.b.
0.14.4
04090000
Auto Boot
&Boot
Cancel
Comments
CompanyName
Copyright (C) 1995-2005
details...
FileDescription
FileVersion
Frame Buffer:
Free Software Foundation
gettextsrc.dll
GPLed libgettextsrc for Windows NT/2000/XP and Windows 95/98/ME
hpcboot
HPCBOOT
include the address of the page i was on
InternalName
Kernel name:
LegalCopyright
LegalTrademarks
libgettextsrc: subroutines for gettext-tools
Load debug info.
Loading...
\microSD
\miniSD
msctls_progress32
MS Shell Dlg
\Multimedia Card\
\My Documents\
Options:
OriginalFilename
Pause before boot.
PocketBSD
ProductName
ProductVersion
Progress1
Properties
PROPERTY
quit without sending
restart firefox
Reverse Video
RichEdit20A
\SD-MMC Card\
Sending Crash Report...
Serial port on
SMC1:/
\Storage Card\
\Storage Card1\
\Storage Card2\
StringFileInfo
SysAnimate32
System
tell mozilla about this crash so they can fix it
tell mozilla to email me with more information
TEXTINCLUDE
This library is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License. You should have received a copy of the GNU General Public License along with this library; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
	Thompson delics
Translation
user defined
VarFileInfo
VS_VERSION_INFO
Welcome to PocketBSD!
your crash report will be submitted when you restart
""""""
"""""" 
""""""!
""""""(
"""00db
1C1F{a 
1%yz!_
""""#2
#2""""!
"""#2""""""33""""(
""#2"$B""""'rDD""""wwDD""""ww$B""""'r"!
""""#2"%R""'r""UU""ww""UU&bww""%Rff'r""""ff""""""&b"""00db
#2ww""
""""33
""""33!
""33""
""33"" 
33""""
""""33""""""#2"""00db
33'r""
58yxp6\
5;wTQX
}6WE`4
7'u%ZR
8YTJ;SW
9LWG+j5<N
|?@a>%
~a}&JG
AVI LIST
""""&b
""&b""
""&b""!
&b"""" 
""""$B
""$B""
""$B""(
$B""""
"&b""#2""ff""33""ff'r33""&bww#2""""ww""""""'r"""00db
""""&b"$B""%R""DD""UU""DD!
"""$B""""""DD""""!
"""&b""""""ff""""'rff%R""ww&bUU""ww""UU""'r""%R"#2""""!
b@-hl(^
bn	B:'
$B""UU!
C026fW7
CreateWindowExA
 CV3n?
@.data
""DD""
""""DD""""""$B"""idx1
DD""UU""DD""%R""$B"&b"""" 
#define _AFX_NO_OLE_RESOURCES
#define _AFX_NO_PROPERTY_RESOURCES
#define _AFX_NO_SPLITTER_RESOURCES
#define _AFX_NO_TRACKER_RESOURCES
DefWindowProcA
DispatchMessageA
#endif
#endif //_WIN32
ExitProcess
f4B!T<
""""ff
""""ff 
""ff""
ff""""
""ff%R
gdi32.dll
GetCommandLineA
GetMessageA
GetModuleHandleA
GetObjectA
GetProcAddress
~[gn+@
hdrlavih8
=HE2+{ul
h_wJ'1~
hw\LX]
#if !defined(AFX_RESOURCE_DLL) || defined(AFX_TARG_ENU)
#ifdef _WIN32
ILzUT7
#include "afxres.h"
#include "afxres.rc"         // Standard components
#include "res\BINDInstall.rc2"  // non-Microsoft Visual C++ edited resources
,>%K|04
k5/q`V
kA9#bl
K.-EcV
kernel32.dll
KillTimer
kLpq<>z
? kZt:_F4
LANGUAGE 9, 1
LoadCursorA
LoadIconA
LoadImageA
movi00db
MSDReactionCls
@%NCll
NKelly NFD's vision
nLgm0 
o~o@`'
p?_iPO_B
PostQuitMessage
pPlTB}
#pragma code_page(1252)
q<)1dI
Q<v/3.)
`#	.r!
"'r""(
""'r" 
""""%R
""""%R" 
"%R""""(
%R""""
%R""""(
""'r33(
"'r""""$Bww""""DDww""""DD'r""""$B"#2"" 
`.rdata
RegisterClassExA
resource.h
%Rff""!
"""%R""""""UU""""&bUU!
"""'r""""""ww""""#2ww&b""33'rff""33""ff""#2""&b"(
[(~sE)
SetTimer
ShowWindow
*Sl@"j
strlstrh8
't-fF(
!This program cannot be run in DOS mode.
T_i	e'
TranslateMessage
UpdateWindow
user32.dll
""""UU
""""UU(
UU""""
UU""$B
UU&b""""UU""""""%R"""00db
wnzHl!U
wO\f.^
<WRpbZ
""ww""
""ww""(
""ww#2
%X~NeMU
xS+B-i
xYV@Y(
yK@:|l
<YK^OC
	Z~{#2p
z9(@6m
ZjyG4C