Analysis Date2014-11-09 11:04:59
MD58e610f4086a60389a0f01de8d3019ee1
SHA1680d182a4faad094de649dd28c597519d5ac9f08

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 34a254b3b262c817a974eb4c151aa85f sha1: ecbe73ba53e98566e25f0df3e234bcecb5490087 size: 21504
Section.data md5: c8b5872a8cb0865914efb9e0e5f5f472 sha1: b3555c90f4c9fa937cb7284d953b024330ae3035 size: 512
Section.rsrc md5: 4f26a1b9c75d0e829b6042cc51afe319 sha1: 439afdcb33a77635f9d32d8a5154c15690d17ee7 size: 9728
Timestamp2008-03-19 11:02:09
PackerMicrosoft Visual C++ v7.0
PEhashf8dd15cb75a085aee261e30f4f039871e8a249fd
IMPhashfd679a35f1af306c88ee5ebdc6c3b382
AV360 SafeGen:Variant.Symmi.14807
AVAd-AwareGen:Variant.Symmi.14807
AVAlwil (avast)no_virus
AVArcabit (arcavir)no_virus
AVAuthentiumW32/Risk.KIQW-1961
AVAvira (antivir)TR/Symmi.32256
AVBullGuardGen:Variant.Symmi.14807
AVCA (E-Trust Ino)no_virus
AVCAT (quickheal)no_virus
AVClamAVTrojan.Agent-283971
AVDr. Webno_virus
AVEmsisoftGen:Variant.Symmi.14807
AVEset (nod32)no_virus
AVFortinetno_virus
AVFrisk (f-prot)W32/MalwareS.BGXC
AVF-SecureGen:Variant.Symmi.14807
AVGrisoft (avg)Generic21.KQN
AVIkarusTrojan.Win32.Spy
AVK7Hacktool ( 004953a81 )
AVKasperskyno_virus
AVMalwareBytesno_virus
AVMcafeeno_virus
AVMicrosoft Security Essentialsno_virus
AVMicroWorld (escan)Gen:Variant.Symmi.14807
AVNormanGen:Variant.Symmi.14807
AVRisingno_virus
AVSophosno_virus
AVSymantecno_virus
AVTrend Microno_virus
AVVirusBlokAda (vba32)Error Scanning File

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Network Details:


Raw Pcap

Strings
Arial
WCRPatcher::NfoViewer 1.0
.1 layerwswp
??1type_info@@UAE@XZ
??2@YAPAXI@Z
??3@YAXPAX@Z
@@4#[$
(80}m<->l
?8-=81838286hJ
8u2AA;M
_acmdln
Adding File: %s
_adjust_fdiv
ADVAPI32.dll
All Files
AnimateWindow
AppendMenuA
aqkv@=R4
<atJ<AtF<bt=<Bt9<ct0<Ct,<dt#<Dt
avitel H
:'ba6u
BeginPaint
BitBlt
CallWindowProcA
_cexit
_c_exit
CloseHandle
comdlg32.dll
.comGshSwt
"%COMSPEC%" /c "%s"
@Continue Patching?
_controlfp
CopyFileA
CreateCompatibleBitmap
CreateCompatibleDC
CreateFileA
CreateFileMappingA
CreateFontA
CreatePopupMenu
CreateProcessA
CreateSolidBrush
CreateWindowExA
__CxxFrameHandler
_CxxThrowException
DeleteFileA
DeleteObject
DialogBoxIndirectParamA
__dllonexit
DrawTextA
EnableWindow
EndDialog
EndPaint
Error Occurred
;E _^t
_except_handler3
ExpandEnvironmentStringsA
ffffff
FillRect
FindResourceA
FlushFileBuffers
FormatMessageA
FreeLibrary
<ft	<Ft
GDI32.dll
GdipAlloc
GdipCloneImage
GdipCreateFromHDC
GdipDeleteGraphics
GdipDisposeImage
GdipDrawImageRectI
GdipFree
GdipGetImageHeight
GdipGetImageWidth
GdipLoadImageFromFile
gdiplus.dll
GdiplusShutdown
GdiplusStartup
GetClientRect
GetCurrentDirectoryA
GetCursorPos
GetDlgItem
GetFileAttributesA
GetFileSize
GetLastError
__getmainargs
GetModuleHandleA
GetOpenFileNameA
GetParent
GetProcAddress
GetPropA
GetScrollRange
GetStartupInfoA
GetSysColor
GetSystemMetrics
GetTempFileNameA
GetTempPathA
GetTextMetricsA
GetVersionExA
GetWindowLongA
HtEHt;Ht1Ht'Ht
Ht	Hu$j
http://%s
ignature
imagehlp.dll
ImageNtHeader
Incorrect file.
Incorrect File Format.
Incorrect file size.
Initialization
_initterm
InterlockedExchange
J?L(n<(
KERNEL32.dll
LoadCursorA
LoadIconA
LoadLibraryA
LoadResource
LocalAlloc
L$pjNP
mailto:%s
malloc
MapViewOfFile
memcmp
memcpy
memset
Message
MessageBeep
MessageBoxA
MoveWindow
msvcrt.dll
MultiByteToWideChar
O?`=1326o9P;T
_onexit
p:/]4h
PADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADD
Patch Aborted
Patching: %s
Patch Successfully Applied
__p__commode
__p__fmode
PSSj SSSVS
QRPhXU@
QSVW`3
RaiseException
ReadFile
RegCloseKey
RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA
Registry Patch
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
ReleaseDC
RemovePropA
Removing File: %s
Resource Not Found.
RpY, Am
Running Batch Script
SelectObject
SendDlgItemMessageA
SendMessageA
__set_app_type
SetBkMode
SetCursor
SetFileAttributesA
SetFilePointer
SetFocus
SetLastError
SetLayeredWindowAttributes
SetPropA
SetRect
SetScrollInfo
SetScrollPos
SetTextColor
__setusermatherr
SetWindowLongA
SetWindowPos
SHELL32.dll
ShellExecuteA
ShowScrollBar
ShowWindow
sprintf
strcat
strcpy
strlen
strrchr
T$0Rh+
Terminal
?terminate@@YAXXZ
t?Ht -
tooltips_class32
TrackPopupMenu
tsHt[-
UnmapViewOfFile
UpdateWindow
User32.dll
USER32.dll
WaitForSingleObject
WCRPatcher 1.2 Batch Script
WriteFile
_XcptFilter