Analysis Date2014-04-24 18:56:45
MD5a64050465fc48c179e11c72fa89a2953
SHA1680d0c583c28a66c3a0f412cf288ff2b85ec0b80

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: c8ae15a34e816958ea259a4fd5756ba7 sha1: 3d373d96f20c05ea2fbbbeaf0720406dd8d68dca size: 60928
Section.rdata md5: 8d920bb14a11d80490388edbc59ab44f sha1: 05c88a5f410a5635e253ab52ca9c0242cfd897f7 size: 13312
Section.data md5: 8a8740da1df1f7ea13498abbd2834abd sha1: 7b1bbcf67b78d00b6a38ca41337a472b0e0cab7a size: 1024
Section.rsrc md5: cc09698f91fa8573c2bc061cd35ea61e sha1: b849d28a3f650420b402c1a4466be82ec68f44e7 size: 98816
Section.reloc md5: a91d3c39fa721c43da470a194a52653b sha1: d9859e7db974f97a1124ed27d9fd24c73ad141c7 size: 5120
Section.dspak md5: e782472e53f860f0bdb1c503b95858ce sha1: 671f0a33ad44db2a62c5d4b41b066d176888c26c size: 9187
Timestamp2008-07-02 15:50:20
Pdb pathC:\fx19rel\WINNT_5.2_Depend\mozilla\obj-fx-trunk\toolkit\crashreporter\client\crashreporter.pdb
VersionLegalCopyright: License: MPL 1.1/GPL 2.0/LGPL 2.1
InternalName:
FileVersion: 1.9.0.1
CompanyName: Mozilla Foundation
BuildID: 2008070207
LegalTrademarks: Mozilla
Comments:
ProductName: Firefox
ProductVersion: 1.9.0.1
FileDescription:
OriginalFilename: crashreporter.exe
PackerMicrosoft Visual C++ ?.?
PEhash7223c548d59677eb411a962c3d7bad9289587b96
IMPhashc2a09daeccde53ea3a3eb85ad8eaeb75
AVavgWin32/Badya
AVmcafeeW32/Daum
AVmsseVirus:Win32/Daum.A
AVaviraW32/Daum.B

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Network Details:


Raw Pcap

Strings
=.
%+#.*
e
%+#I64
,
..
.

---------------------------
000004b0
1.9.0.1
2008070207
3f333
Breakpad/1.0 (Windows)
BuildID
Button
Comments
CompanyName
Content-Type: multipart/form-data; boundary=
\Crash Reporter
Crash Reporter
Crash Reporter Error
crashreporter.exe
Crash Reports
details...
EmailMe
fff3f
FileDescription
FileVersion
Firefox
http
https
include the address of the page i was on
IncludeURL
.ini
InternalName
jjjjj
LegalCopyright
LegalTrademarks
License: MPL 1.1/GPL 2.0/LGPL 2.1
Mozilla
Mozilla Foundation
MS Shell Dlg
OriginalFilename
oURL
POST
ProductName
ProductVersion
PROP_GRAYTEXT
quit without sending
restart firefox
riched20.dll
RichEdit20A
%s%08X%08X
Sending Crash Report...
Software\
@Software\Mozilla\Crash Reporter
StringFileInfo
SubmitReport
SysAnimate32
tell mozilla about this crash so they can fix it
tell mozilla to email me with more information
Translation
upload_file_minidump
uxtheme.dll
VarFileInfo
Vendor
view report
VS_VERSION_INFO
WinInet.dll
yEmail
your crash report will be submitted when you restart
                />
?#?>?`?
''{{''|
""""""
"""""" 
""""""!
""""""(
{''''''
-0<0{0
*00060<0B0H0O0V0]0d0k0r0y0
0>0[0x0
001=1G1L1t1
0$030>0J0
"""00db
0$0H0T0X0\0`0d0h0l0p0t0x0|0
0%0P0h0
0+0R0[0t0
: :$:(:,:0:4:8:<:@:D:t>x>|>
?$?*?0?6?K?P?`?
>$>0>8>h>|>
??0bad_cast@std@@QAE@ABV01@@Z
??0bad_cast@std@@QAE@PBD@Z
/0D0t0
0D1O1]1
;0;<;D;t;
>$>)>0>E>K>`>j>v>
??0exception@std@@QAE@ABQBD@Z
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@XZ
0L1P1`1d1h1p1
=(=0=`=t=
; <*<0<:<t<z<
1$1j1p1z1
1!2*232E2L2V2k2w2
1.234L4W4
1:3C3j3r3|3
181<1@1H1<2\2x2
??1bad_cast@std@@UAE@XZ
??1exception@std@@UAE@XZ
;%;1;=;K;V;q;
1V2[2m2
""""#2
#2""""!
2(2,20282P2`2d2t2x2|2
2#232E2
2#242T2i2
"""#2""""""33""""(
2>3I3e3j3
:":2:8:>:D:J:P:a:k:p:v:{:
""#2"$B""""'rDD""""wwDD""""ww$B""""'r"!
>,>2>H>
""""#2"%R""'r""UU""ww""UU&bww""%Rff'r""""ff""""""&b"""00db
#2ww""
??2@YAPAXI@Z
""""33
""""33!
""33""
""33"" 
33""""
""""33""""""#2"""00db
3"3(3/343L3T3[3
3$3<3L3P3`3d3l3
3&353A3e3y3
3+363x3
3$383M3f3R4b4
3,3D3f3p3
33'r""
3&4j4p4
<3<b<v<E=S=[={=
3N5}5'6n6
??3@YAXPAX@Z
4 4$4044484<4@4D4H4L4P4
4"4-4:4D4a4l4.6
4(4H4T4t4|4
4:4x4~4
4:5J5v5
464F4Q4X4
4E5U5P6C7
4n5!6B6e6
4O5e5k5r5w5
50]0b0h0~0
5*666X6j6
589<9@9D9H9L9P9T9X9\9`9d9h9l9p9t9x9|9
5D5\5j5
5H5d5h5p5t5
?5?I?c?m?
6$6,6@6H6L6P6X6`6h6|6
666R6t6|6
6'6[6u6
6;6@6Z6
6*787X7n7
6=7J7x7
6	7M7b7y7
:$:):/:6:;:A:H:T:e:n:v:}:
:(:6:=:K:R:`:p:
<#<6<V<i<
<$<7<=<
7,74787@7H7h7|7
7!7<7W7r7
7!797Z7
7"8>8L8
7#8U8d8{8
>&>7>B>R>d>r>
;,;7;D;p;
7I8Z8n8
:7;P;m;
;7;X;h;o;
809@9T9h9t9|9
8,888@8p8
8/8:8E8P8X8^8d8j8p8v8|8
8#8B8U8
8/8J8o8
8!9/9\9a9
8=9H9_9
;$<8<D<L<
:$:8:L:X:`:
?,?8?@?p?
919J9X9
969Q9l9
9'939B9O9^9v9
9M:u:z:
< =9=S=[=e=m=s={=
9wPYYt
#A?9VF
AA@@Ju
_adjust_fdiv
ADVAPI32.dll
_amsg_exit
__argc
</assembly>
<assemblyIdentity
                <assemblyIdentity
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
.?AVbad_alloc@std@@
.?AVbad_cast@std@@
.?AVexception@std@@
.?AVfacet@locale@std@@
.?AVfailure@ios_base@std@@
AVI LIST
.?AVlength_error@std@@
.?AV_Locimp@locale@std@@
.?AVlogic_error@std@@
.?AVout_of_range@std@@
.?AVruntime_error@std@@
.?AVtype_info@@
""""&b
""&b""
""&b""!
&b"""" 
""""$B
""$B""
""$B""(
$B""""
"&b""#2""ff""33""ff'r33""&bww#2""""ww""""""'r"""00db
bad allocation
bad cast
""""&b"$B""%R""DD""UU""DD!
"""$B""""""DD""""!
B.dspak
BeginPaint
"""&b""""""ff""""'rff%R""ww&bUU""ww""UU""'r""%R"#2""""!
$B""UU!
_calloc_crt
CallWindowProcW
&!cDX_
_cexit
CheckDlgButton
CheckIncludeURL
CheckSendEmail
CheckSendReport
ChildWindowFromPoint
CloseClipboard
CloseHandle
CloseThemeData
;<;C;M;R;W;n;t;};
COMCTL32.dll
CommentGrayText
_configthreadlocale
Content-Disposition: form-data; name="
Content-Type: application/octet-stream
_controlfp_s
Copyright (c) 1992-2004 by P.J. Plauger, licensed by Dinkumware, Ltd. ALL RIGHTS RESERVED.
Couldn't read configuration.
CrashDetailsURL
CrashID
CrashReporterDefault
CrashReporterDescriptionText2
CrashReporterErrorText
CrashReporterProductErrorText2
CrashReporterSorry
CrashReporterTitle
CrashReporterVendorTitle
Crash report submission failed: 
Crash report submitted successfully
CreateDirectoryW
CreateProcessW
CreateThread
_crt_debugger_hook
__crtLCMapStringA
__CxxFrameHandler3
_CxxThrowException
<+<D<}<
=!=>=D=
$;D$ ~
D$0+D$(j
D$4+D$,P
@.data
""DD""
""""DD""""""$B"""idx1
D$d+D$\P
D$D+D$<P
DD""UU""DD""%R""$B"&b"""" 
D$`+D$Xh
_decode_pointer
DeleteCriticalSection
DeleteFileW
</dependency>
<dependency>
        </dependentAssembly>
        <dependentAssembly>
<description>Crash Reporter</description>
Details
)D$H)D$P
+D$hPS
D$HSVW
DialogBoxParamW
|$D+L$H
__dllonexit
DrawTextW
D$T+D$\
D$T+D$LP
e:\fx19rel\WINNT_5.2_Depend\mozilla\obj-fx-trunk\toolkit\crashreporter\client\crashreporter.pdb
EmailGrayText
EnableWindow
_encode_pointer
EndDialog
EndOfLife
EndPaint
EnterCriticalSection
ErrorBadArguments
ErrorCreateDumpDir
ErrorDumpFileExists
ErrorDumpFileMove
ErrorEndOfLife
ErrorExtraFileExists
ErrorExtraFileMove
ErrorExtraFileRead
ErrorNoProductName
ErrorNoServerURL
ErrorNoSettingsPath
E VWPh
_except_handler4_common
.extra
ExtraReportInfo
fclose
""""ff
""""ff 
""ff""
ff""""
fflush
""ff%R
fgetpos
"; filename="
FillRect
FormatMessageW
fprintf
FreeLibrary
_free_locale
fscanf_s
fsetpos
_fsopen
fwrite
GDI32.dll
GetClientRect
GetClipboardData
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetDlgItem
GetDlgItemTextW
getenv
GetFileAttributesW
GetFocus
GetLastError
GetModuleFileNameW
GetModuleHandleW
_get_osplatform
GetProcAddress
GetPropW
GetStartupInfoW
GetStockObject
GetSysColor
GetSysColorBrush
GetSystemTime
GetSystemTimeAsFileTime
GetTextExtentPoint32W
GetThemePartSize
GetTickCount
GetWindowLongW
GetWindowRect
GetWindowTextW
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
:-:::H:
hdrlavih8
Ht9Ht+HtpHHt
HttpAddRequestHeadersW
HttpOpenRequestW
HttpQueryInfoW
HttpSendRequestW
InitCommonControlsEx
InitializeCriticalSection
_initterm
_initterm_e
InterlockedCompareExchange
InterlockedDecrement
InterlockedExchange
InterlockedIncrement
InternetCloseHandle
InternetConnectW
InternetCrackUrlW
InternetOpenW
InternetQueryDataAvailable
InternetReadFile
:^:i:n:v:
InvalidateRect
invalid map/set<T> iterator
_invalid_parameter_noinfo
invalid string position
_invoke_watson
ios_base::badbit set
ios_base::eofbit set
ios_base::failbit set
IsClipboardFormatAvailable
IsDebuggerPresent
IsDlgButtonChecked
islower
isupper
IsWindowEnabled
J'KKK&J
J&KQQQQQRRRRRQQQQQRQu
J'QKJQ{
J'QQQQKQQQQQQQK
KERNEL32.dll
K'KKKKK''''QQQQ
&KKKQK&Ju
{K'KKQQK
&KKQQQQ&&Jtu{
K&'KQQQQQKu
&'KQQQQQQQ'&J&QQQQQQR&u
{'KQQQQQQQQQQu
KVVVVj
L$\_^[3
L$4QSP
                        language="*"
___lc_codepage_func
___lc_handle_func
L$d_^[3
L$DQSP
LeaveCriticalSection
L$L+D$$
L$`+L$Xj
LoadIconW
LoadLibraryW
localeconv
LocalFree
_localtime64
L$$QSP
L$T_^[3
L$$u+h
="=;=_=m=
malloc
map/set<T> too long
MapWindowPoints
memchr
memcmp
memcpy
memcpy_s
memmove_s
memset
MessageBoxW
MoveFileW
MoveWindow
movi00db
MOZ_CRASHREPORTER_DATA_DIRECTORY
MOZ_CRASHREPORTER_NO_DELETE_DUMP
MOZ_CRASHREPORTER_RESTART_ARG_
MOZ_CRASHREPORTER_RESTART_XUL_APP_FILE
MOZ_CRASHREPORTER_STRINGS_OVERRIDE
MOZ_CRASHREPORTER_URL
MOZCRT19.dll
Mozilla
MultiByteToWideChar
        name="CrashReporter"
                        name="Microsoft.Windows.Common-Controls"
n'KK'&u
No server URL, not sending report
o&KQRRQQQQQQQu
:O;m;|;
_onexit
OpenClipboard
OpenThemeData
Out of memory
PathAppendW
__p__commode
__pctype_func
pending
__p__fmode
PostMessageW
                        processorArchitecture="*"
        processorArchitecture="*"
ProductName
                        publicKeyToken="6595b64144ccf1df"
_putenv
PWVSQR
'''''Q
{'Q{{''{
''QKKKKKKKKQQQQQRQ-Q
''QKKKKK'''''KKKQQQRQK
'-QQQ'KKQu{
'QQQQ{
{Q''QQQ
'-QQQQQQQQQQKQ
'-QQQQQQQQQQQQQ-Q
{'QQQQQQQQu
QueryPerformanceCounter
QWWWWWWPW
"'r""(
""'r" 
""""%R
""""%R" 
"%R""""(
%R""""
%R""""(
""'r33(
raB3GH
"'r""""$Bww""""DDww""""DD'r""""$B"#2"" 
`.rdata
RegCloseKey
RegCreateKeyW
RegOpenKeyW
RegQueryValueExW
RegSetValueExW
@.reloc
RemovePropW
ReportDuringSubmit2
ReportPreSubmit2
ReportSubmitFailed
ReportSubmitSuccess
Restart
%Rff""!
"""%R""""""UU""""&bUU!
"""'r""""""ww""""#2ww&b""33'rff""33""ff""#2""&b"(
SelectObject
SendDlgItemMessageW
SendMessageW
ServerURL
__set_app_type
SetBkMode
SetDlgItemTextW
SetFocus
setlocale
SetPropW
SetTextColor
SetTimer
SetUnhandledExceptionFilter
__setusermatherr
setvbuf
SetWindowLongW
SetWindowTextW
SHELL32.dll
SHGetFolderPathW
SHLWAPI.dll
ShowWindow
_snprintf
sprintf
sprintf_s
|$\ srj
{'{ss{'{y
StopSendingReportsFor
strcat
strcmp
strcpy
strcspn
_strdup
strftime
string too long
strlen
strlstrh8
submit.log
submitted
swprintf_s
SWwY+E
TerminateProcess
?terminate@@YAXXZ
!This program cannot be run in DOS mode.
_time64
T$$+L$D
+t$pVS
<+t"<-t
?_type_info_dtor_internal_method@type_info@@QAEXXZ
                        type="win32"
        type="win32"
uJ&&&''KKK&P
uJ&'KKQQQQQQQQKP
uJ&KKQQQQQQQQQQQRQQ
uK''KKQQ'
uK'KQKQ'QuuQK''''KKQQQ'
u''KQQQ
__uncaught_exception
ungetc
UnhandledExceptionFilter
Unknown error, error code: 0x%08x
_unlock
uQKKKK'u
uQ''K'u
uQRQRQQQu
USER32.dll
""""UU
""""UU(
UU""""
UU""$B
UU&b""""UU""""""%R"""00db
uuP'K&u
vector<T> too long
Vendor
Version
        version="1.0.0.0"
                        version="6.0.0.0"
ViewReportTitle
ViewURL
=V=m={=
??_V@YAXPAX@Z
WaitForSingleObject
__wargv
_wcmdln
wcscmp
wcscpy
wcslen
wcsncpy_s
wcsrchr
wcstol
wcstombs_s
_wfopen_s
_wfsopen
__wgetmainargs
?what@exception@std@@UBEPBDXZ
WideCharToMultiByte
WININET.dll
""ww""
""ww""(
""ww#2
_XcptFilter
=#=/=:=X=^=f=n=s=y=
=!=X=h=
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
XUL_APP_FILE=
ysOsssOz
ysssssssz
yssssy
ysyssssssssysyyyyy
^<^[YY
YYtMhL
YYur9}
YY_^][Y
yyyysssyyy
yyyyys
yyyyyssssssssss
yyyyyy
yyyyyyysssss
yyyyyyyy
yyyyyyyyy
yyyyyyyyyy
yyyyyyyyyyy
yyyyyyyyyyyyy
yyyyyyz
zsssssss
ZY[^_X
zyyysssssssssssssssyyyyyyyy
zyyyyyyyy
zyyyyyyyyyyy