Analysis Date2014-01-03 11:32:03
MD53e6ed3ee47bce9946e2541332cb34c69
SHA162cd61df1aab118ee63247866d8e68b8f01db561

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 44106ea5c83575fd69fba1d898268fd4 sha1: 8bc4787f240fa52a9e2aa0de4008322575cc448a size: 7680
Section.rdata md5: 36a7c7460787e338df2a14dd986afb82 sha1: 8707f97d06499e269e42369b72dff41f204f38eb size: 2560
Section.data md5: abaa7ef60c7bab733b80e50ead5edb54 sha1: c564a39063d6c9bb48ea688f70f9cf0108351d5f size: 2048
Section.rsrc md5: 0ead19d827b10755f59172aea238c585 sha1: 9f450014039ed494bb71c5d79a2d984bbd8a7e44 size: 1024
Timestamp2010-10-21 06:51:09
VersionLegalCopyright: Copyright ? 2002
InternalName: SMAgent
FileVersion: 3, 2, 6, 0
CompanyName: Analog Devices, Inc.
PrivateBuild:
LegalTrademarks:
Comments:
ProductName: SoundMAX service agent
SpecialBuild:
ProductVersion: 3, 2, 6, 0
FileDescription: SoundMAX service agent component
OriginalFilename: SMAgent.exe
PackerMicrosoft Visual C++ v6.0
PEhash45f2466133d0cf70f19d7b17a3c0d83708a9e302
AVclamavWin.Trojan.Agent-195611
AVaviraTR/Spy.Gen
AVavgDownloader.Agent2.AVNR
AVmcafeeRDN/Downloader.a!bi

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Network Details:

DNSflash.aoldaily.com
Type: A
0.0.0.0

Raw Pcap

Strings
040904e4
3, 2, 6, 0
Analog Devices, Inc.
Comments
CompanyName
Copyright ? 2002
FileDescription
FileVersion
InternalName
LegalCopyright
LegalTrademarks
OriginalFilename
PrivateBuild
ProductName
ProductVersion
SMAgent
SMAgent.exe
SoundMAX service agent
SoundMAX service agent component
SpecialBuild
StringFileInfo
Translation
VarFileInfo
VS_VERSION_INFO
%-24s %s
%-26s %5d
??2@YAPAXI@Z
??3@YAXPAX@Z
Accept:*/*
_acmdln
_adjust_fdiv
ADVAPI32.dll
 and the PID is %d
AttachConsole
basicinfo
Cache-Control:max-age=0
Cache-Control:no-cache
CD-ROM		
CloseHandle
CloseServiceHandle
\cmd.exe
cmd.exe
CmdPath=
Computer:
%ComSpec%
CONIN$
Content-Length: %d
_controlfp
ControlService
ControlService failed!
Create failed with %d!
CreateFileA
CreatePipe
CreateProcessA
CreateProcessAsUserA
CreateProcess failed!
CreateThread
CreateToolhelp32Snapshot
__CxxFrameHandler
@.data
_EH_prolog
EnumServicesStatusExA
_except_handler3
ExpandEnvironmentStringsA
Failed!
Failed with %d!
FileSize:	%d
Fixed		
GetComputerNameA
GetConsoleDisplayMode
GetCurrentProcess
GetDriveTypeA
GetExitCodeProcess
GetFileAttributesA
GetFileAttributes Error code: %d
GetFileSize
GetLastError
GetLogicalDrives
__getmainargs
GetModuleHandleA
GetStartupInfoA
GetSystemDirectoryA
geturl
GetUserNameExA
GetVersion
GetVolumeInformationA
GetWindowsDirectoryA
<h1>Bad Request (Invalid Hostname)</h1>
HttpAddRequestHeadersA
HttpOpenRequestA
HttpSendRequestA
Hu7hLC@
_initterm
InternetCloseHandle
InternetConnectA
InternetOpenA
InternetQueryOptionA
InternetReadFile
InternetSetOptionA
Invalid		
ipconfig /all
KERNEL32.dll
list process failed!
list service failed!
lstrcatA
memset
Mozilla/4.0
Mozilla/5.0
MSVCRT.dll
net localgroup administrators
net start
OpenP failed with %d!
OpenProcess
OpenProcessToken
OpenSCManagerA
OpenSCManager failed!
OpenServiceA
OpenService failed!
OpenT failed with %d!
__p__commode
PeekNamedPipe
__p__fmode
pidrun
Pragma:no-cache
Process32First
Process32Next
Process cmd.exe exited!
Program started!
Proxy-Connection:Keep-Alive
PVVVWV
QVVVPVV
Ramdisk		
`.rdata
ReadFile
Remote		
Removeable		
%*[^/]%*[/]%*[^/]%s
%s Connected!
Secur32.dll
Service does not exist!
Service doesn't start!
Service is running already!
Service started!
Service still running!
Service stopped!
Service stop pending!
__set_app_type
SetCurrentDirectoryA
SetStdHandle
__setusermatherr
Shell started fail!
Shell started successfully!
Shell started,wait to terminate it.....
Sleep Time:
So long!
sprintf
sscanf
Started already,
StartServiceA
StartService failed!
Start shell first.
strcat
_strcmpi
strcpy
strlen
strrchr
Syntax error!
Syntax error!	Usage:	getf/putf FileName <N>
Syntax error!	Usage:	GetUrl URL FileName
Syntax error!	Usage:	kill </p|/s> <pid|ServiceName>
Syntax error!	Usage:	list </p|/s|/d>
Syntax error!	Usage:	start </p|/s> <filename|ServiceName>
systeminfo
t4j SV3
tasklist /v
\tasks
TerminateProcess
!This program cannot be run in DOS mode.
t<Ht2Ht(Ht
Totally %d volumes found.
Unkown		
URLDownloadToFileA
urlmon.dll
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU
Volume on this computer:
Volume	Type		Volume Name
WaitForSingleObject
whoami
WININET.dll
WriteConsoleInputA
WriteFile
_XcptFilter
YYSSSSS
YYt5j\