Analysis Date2014-09-09 17:35:44
MD51fb4a88a2866f6139ce73580ac76d9e2
SHA15f0395ef34563d76d17b7b358c51a339e8ec381f

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: d2d635230965eef9e29b5ebb393b6e6e sha1: b9aff121e6ee7d828ad05c17f24de19b26510229 size: 10240
Section.rdata md5: 1944b9a12e05c7ff9ae1ea49f65df2b7 sha1: 60fd4a35fa67e081eed49f77b6d8109c9e099743 size: 6656
Section.data md5: 37b99740acd72766e5e05a37fa42e5c8 sha1: 57aefa1b1a375385c61b2db3443fe12bf5ebfcdb size: 48640
Section.rsrc md5: 4561a43f5fde740bd0508ad9e9192f43 sha1: 0e98dcbeada126ee74f7ba4020854223ad41968a size: 1024
Timestamp2009-05-20 07:09:19
VersionLegalCopyright: Copyright (C) Doctor Web, Ltd., 1992-2011
InternalName: Dr.Web for Windows
FileVersion: 5.0.572.1152
CompanyName: ComponentOne LLC
LegalTrademarks:
Comments:
ProductName: Dr.Web for Windows
ProductVersion: 5.0.572.1152
FileDescription: Dr.Web for Windows 2011
OriginalFilename: FP2011.exe
PackerBorland Delphi 4.0
PEhash201c39b6f51c59994427b17aec3f65f5e25c0131
IMPhashc55c413b940aedfbf427e8374944a70c

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\\\x03\1806 ➝
NULL
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\Ogf..bat
Creates FileC:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat
Creates FileC:\Documents and Settings\Administrator\Cookies\index.dat
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat
Creates ProcessC:\WINDOWS\system32\cmd.exe /q /c C:\Documents and Settings\Administrator\Local Settings\Temp\Ogf..bat > nul 2> nul
Creates Mutexc:!documents and settings!administrator!local settings!history!history.ie5!
Creates MutexWininetConnectionMutex
Creates Mutexc:!documents and settings!administrator!cookies!
Creates Mutexc:!documents and settings!administrator!local settings!temporary internet files!content.ie5!

Process
↳ C:\WINDOWS\system32\cmd.exe /q /c C:\Documents and Settings\Administrator\Local Settings\Temp\Ogf..bat > nul 2> nul

Creates Filenul
Deletes FileC:\malware.exe
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temp\Ogf..bat

Network Details:

DNSweather.com
Type: A
96.8.85.132
DNSweather.com
Type: A
96.8.80.132
DNSweather.com
Type: A
96.8.81.132
DNSweather.com
Type: A
96.8.82.132
DNSweather.com
Type: A
96.8.83.132
DNSweather.com
Type: A
96.8.84.132
DNSchinaz.com
Type: A
125.90.88.68
DNScoolfusioncode.in
Type: A
DNSkingfinearts.in
Type: A
DNSperibox.in
Type: A

Raw Pcap

Strings
..
...
041904E3
5.0.572.1152
Comments
CompanyName
ComponentOne LLC
Copyright (C) Doctor Web, Ltd., 1992-2011
Dr.Web for Windows
Dr.Web for Windows 2011
FileDescription
FileVersion
FP2011.exe
InternalName
LegalCopyright
LegalTrademarks
OriginalFilename
ProductName
ProductVersion
StringFileInfo
Translation
VarFileInfo
vg8X
VS_VERSION_INFO
0~PR.Xm
(0~=Xm
?[1|$basQic_Btr
3Jlgk2
\3+Uj7
5*[^;Q`
6cFDDc38d
{.6@XI
7e`7`4N
^7jIB<
,7yJnZ
8j^htP
__97ib5r
9FQZ^&
acf}>+fj
ActivateKeyboardLayout
AdjustWindowRectEx
a_~o-l<[
]aRZspG
&,ATG@_
BeginPaint
BitBlt
b&{ Z 
CallNextHookEx
CallWindowProcA
C?F}^&
CharLowerA
CharLowerBuffA
CharNextW
CharUpperA
CharUpperBuffA
chdv~-pi
CheckMenuItem
ChildWindowFromPoint
ChooseColorA
CloseClipboard
COMDLG32.dll
CompareStringA
CreateBrushIndirect
CreateCompatibleBitmap
CreateEventA
CreateIcon
CreateMenu
CreatePopupMenu
CreateStreamOnHGlobal
CreateWindowExA
}CvahG
@.data
DefFrameProcA
DefMDIChildProcA
DefWindowProcA
DeleteMenu
DestroyIcon
DestroyMenu
DestroyWindow
DispatchMessageA
DQ\$P]
DrawAnimatedRects
ecMh6QR6
ED^HhX
ED^Xhd
e#%@_e
EL^dh|
emIgUN}
EmptyClipboard
EnableMenuItem
EnableWindow
EnumCalendarInfoA
EnumChildWindows
EnumThreadWindows
EnumWindows
e@( p0d
EqualRect
EUNKIQSTR
ExitProcess
ExitThread
F0@8fJ<C
f9FYP4T
FblhOY
F*H&D,V
FillRect
FindResourceA
FindTextA
FindWindowA
FP2011.exe
FrameRect
FreeLibrary
FThis Bprog+am
F}u=?K
G2?N1PRgH
G9876d54T:1v:2?
GdbaK{A]Lx|-
GDI32.dll
GetACP
GetActiveWindow
GetBkMode
GetCapture
GetClassInfoA
GetClassNameA
GetClientRect
GetClipboardData
GetClipBox
GetDCEx
GetDesktopWindow
GetDIBits
GetDlgItem
GetEnvironmentStrings
GetFileAttributesA
GetFileTitleA
GetFocus
GetFullPathNameA
GetKeyboardLayoutList
GetKeyboardLayoutNameA
GetKeyboardState
GetKeyboardType
GetLastActivePopup
GetLastError
GetLocaleInfoA
GetMenu
GetMenuItemCount
GetMenuItemID
GetMenuItemInfoA
GetMenuState
GetMessagePos
GetOpenFileNameA
GetPaletteEntries
GetParent
GetPixel
GetRgnBox
GetSaveFileNameA
GetScrollInfo
GetStdHandle
GetStringTypeA
GetSysColorBrush
GetSystemDefaultLangID
GetSystemMenu
GetThreadLocale
GetTickCount
GetTopWindow
GetUserDefaultLCID
GetVersion
GetWindow
GetWindowDC
GetWindowLongW
GetWindowPlacement
GetWindowTextA
GetWindowTextLengthA
GetWindowThreadProcessId
GlobalDeleteAtom
gQhUPLJrD
G'>-vM
@ &H#3
H4"e d
h7HQM0
(h8&)@
HeapAlloc
HET.dl
<(h~@Ul@D
+HY`PT
IB[OLI
iJDO2SOmode.
I?npos2
InsertMenuA
IntersectRect
InvalidateRect
IsBadHugeReadPtr
IsBadReadPtr
IsCharLowerA
IsChild
IsDialogMessageW
IsIconic
IsRectEmpty
IsWindowEnabled
IsWindowVisible
::iu`)Qc
]JAN^h
@JaSn 35
J?comp>
j(d585
JHzha5r7
jMMQHU6V
jOhLaMq
K="1.0
$k1Zh	0d
kbNcsCB
kernel32.dll
kf&C(c
KillTimer
&	kqJ|V
?K_Tidy
	kV9+j
kYO^D'
'.l?1)k
)l~4dU
lB<0+|
L>^*~fP(z
LoadIconA
LoadKeyboardLayoutA
LoadLibraryExA
LoadResource
LoadStringA
LocalFree
LocalReAlloc
lstrcmpA
lstrcpynA
lstrlenA
lSu5	d
L(x~PU|@T
MapVirtualKeyA
MapWindowPoints
MessageBeep
MessageBoxA
MLMhA0
MsgWaitForMultipleObjects
MulDiv
M"X5:bo%
$naVQN
o2TX`Wn
!O>8XKHU@
OemToCharA
OffsetRect
OLE32.dll
OleRun
+ol#r[9
oqxNJ@16
ORUTF-8[nst
&O{,Yf
PeekMessageA
PeekMessageW
~p<khH
PostMessageA
PostQuitMessage
PropVariantClear
Q#4/%F
q51^qHRT
Qa`jwQWZ	
QBBEHIbP
qnAzUB2Z7LKi@8
R7U6sXB
RaiseException
`.rdata
ReadFile
RegisterClassA
RegisterClipboardFormatA
RegisterWindowMessageA
ReleaseCapture
ReleaseDC
ResetEvent
R*lz@k
.rPdat
RQORich
}Rrsu$
+rt,v/r(p=}$?
:RXich,
ScreenToClient
SendMessageA
SetActiveWindow
SetClassLongA
SetClipboardData
SetCursor
SetFilePointer
SetFocus
SetLastError
SetMenu
SetMenuItemInfoA
SetParent
SetPixel
SetPropA
SetWindowLongA
SetWindowPlacement
SetWindowPos
SetWindowsHookExA
SetWindowTextA
ShowOwnedPopups
ShowWindow
&SK.text
skyvD?
swNfmBK
SystemParametersInfoA
{T;Gi'
T$h1BqJ0
!This program cannot be run in DOS mode.
`t(O^\
T)QYmX
[UACE<K
(`~ Ud@$
UpdateWindow
user32.dll
uxX<_o=
V3x#h`
VIkCoun
VirtualAlloc
VirtualQuery
vru6f4r
\V}^t	
WaitForSingleObject
wf'|:g
WindowFromPoint
w!n$h=
w(siaH
~wurw:
wYVLPN4Pm9U0
X|86tnam
{X9a9,
<?xmlc v
xni.f2tV
xP~DPh
-XP-Zo
(X~,U\@0
}xv8n< 
X$|wJV
]yU~tf
Zm-|$|