Analysis Date2014-11-22 18:41:46
MD5a79f9f2d63a4d45433e5157c5500b569
SHA1680d76b4b61322704883a4d38f8e56d8de84e255

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: b7237e0da2c065da30f22843670c6b96 sha1: cae1842abaa78b7a7c18efe2b8470f23287b2350 size: 23040
Section.rdata md5: 42595f358d82ed008b0da3cc81ff353d sha1: f534971c47ae8a0dda7a4f45207df4c00bdbedc8 size: 1536
Section.data md5: 46122e932513b79c37f6421a5afb89e9 sha1: 4d427f64cd1779c236975028fdb6cec34ef2538e size: 512
Section.rsrc md5: b5ed7b029bc65184d8f3a398fb854e6d sha1: 91766ab45f59a163181e3a98dd5559fc1f5b7b64 size: 1536
Timestamp2011-01-20 00:38:21
VersionLegalCopyright: Copyright ? 1996-2010 Adobe, Inc.
InternalName: Adobe? Flash? Player Installer/Uninstaller 10.1
FileVersion: 10,1,53,64
CompanyName: Adobe Systems, Inc.
LegalTrademarks: Adobe? Flash? Player
ProductName: Flash? Player Installer/Uninstaller
ProductVersion: 10,1,53,64
FileDescription: Adobe? Flash? Player Installer/Uninstaller 10.1 r53
OriginalFilename: FlashUtil.exe
PEhash561a4da0fc04893b149495a847379a49bef6e90a
IMPhash59fcf8e5b9f472815ad488343099f36b
AV360 SafeGen:Variant.Kazy.290327
AVAd-AwareGen:Variant.Kazy.290327
AVAlwil (avast)Taidoor-D [Trj]
AVArcabit (arcavir)no_virus
AVAuthentiumW32/Injector.AV.gen!Eldorado
AVAvira (antivir)TR/Crypt.ZPACK.Gen
AVBullGuardGen:Variant.Kazy.290327
AVCA (E-Trust Ino)no_virus
AVCAT (quickheal)Backdoor.Simbot.A4
AVClamAVWIN.Trojan.Inject-6449
AVDr. WebTrojan.DownLoad2.36100
AVEmsisoftGen:Variant.Kazy.290327
AVEset (nod32)Win32/Injector.ELH
AVFortinetW32/Injector.ELH!tr
AVFrisk (f-prot)W32/Injector.AV.gen!Eldorado
AVF-SecureGen:Variant.Kazy.290327
AVGrisoft (avg)Generic_r.CJK
AVIkarusBackdoor.Win32.Simbot
AVK7Trojan ( 002331771 )
AVKasperskyTrojan.Win32.Inject.bbyo
AVMalwareBytesTrojan.Inject
AVMcafeeBackDoor-EYG
AVMicrosoft Security EssentialsBackdoor:Win32/Simbot.gen
AVMicroWorld (escan)Gen:Variant.Kazy.290327
AVRisingBackdoor.Simbot!572E
AVSophosTroj/CeeInj-M
AVSymantecTrojan.Dropper
AVTrend MicroTROJ_KRYPTK.SMS
AVVirusBlokAda (vba32)SScope.Backdoor.Simbot

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates FileC:\Documents and Settings\Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-XXXXXXXXXX-XXXXXXXXXX-XXXXXXXXXX-500\a18ca4003deb042bbee7a40f15e1970b_666939c9-243b-475e-9504-51724db22670
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\4$@2.dat
Creates FilePIPE\lsarpc
Creates FileC:\malware.exe.tmp1
Creates Processsvchost.exe
Creates MutexDBWinMutex

Process
↳ svchost.exe

Network Details:


Raw Pcap

Strings

040904b0
10,1,53,64
Adobe? Flash? Player
Adobe? Flash? Player Installer/Uninstaller 10.1
Adobe? Flash? Player Installer/Uninstaller 10.1 r53
Adobe Systems, Inc.
CompanyName
Copyright ? 1996-2010 Adobe, Inc.
FileDescription
FileVersion
Flash? Player Installer/Uninstaller
FlashUtil.exe
InternalName
jjjj
@jjjj
LegalCopyright
LegalTrademarks
OriginalFilename
ProductName
ProductVersion
StringFileInfo
Translation
VarFileInfo
VS_VERSION_INFO
_0`G_.
4$@2.dat
6Y&ry2b[Y
:7KhG.
ADVAPI32.dll
AEg;r]
CloseHandle
CopyFileA
CreateFileA
CreateProcessA
CryptAcquireContextA
CryptGenRandom
CryptReleaseContext
@CSmK<V
@.data
EnterCriticalSection
ExitProcess
GetFileSize
GetLastError
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetProcessHeap
GetTempPathA
GetThreadContext
+gr%Y'
HeapAlloc
HeapFree
InitializeCriticalSection
,+i]P%TL
kernel32
KERNEL32.dll
l+/[0M
LeaveCriticalSection
lstrcatA
lstrcpyA
lstrlenA
MessageBoxA
mPCi3phI
OutputDebugStringA
Qsk?`p
.rdata
ReadFile
ReadProcessMemory
ResumeThread
rwbinru/dyd
SetFilePointer
SetThreadContext
szFile
TerminateProcess
!This program cannot be run in DOS mode.
&t^t7i
!tZk*Y^
update.exe
USER32.dll
VirtualAlloc
VirtualAllocEx
VirtualProtect
VirtualProtectEx
VirtualQueryEx
WriteFile
WritePrivateProfileStringA
WriteProcessMemory
$=yjp'
ZwUnmapViewOfSection