Analysis Date2015-01-25 03:09:59
MD5c92d8e590aba645d84ef9de4d25fcb04
SHA17b7f8862b4cffff998a90704141c0aa3a9e7fb21

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 4d14369f60bf01614ce626e549d2b0ec sha1: 9c3afb3d647a7a9d3c2c2aac785a0ad141b4df61 size: 25088
Section.rdata md5: 01e91b03c94beb5e4e28d36b648a610f sha1: fb9fe2cb4161f4485d250fdbde413db1391c8a2e size: 4608
Section.data md5: 0c4b7a44773a679b9afc4f9c6dc4f5f4 sha1: 2e735da58741213fd28c09b8e14022ba34812a96 size: 3072
Section.ndata md5: d41d8cd98f00b204e9800998ecf8427e sha1: da39a3ee5e6b4b0d3255bfef95601890afd80709 size: 0
Section.rsrc md5: 7034ca29205a1a3ea98a517e88059fab sha1: 04329daea6e163eae8feeda3dd9a0c9dc14a27e5 size: 2048
Timestamp2009-12-05 22:53:13
PackerNullsoft PiMP Stub -> SFX
PEhash01fc6a423a56ab197625efbd32cd1f40937166f0
IMPhash1c042238f43557c055fca8642de8a074
AV360 Safeno_virus
AVAd-Awareno_virus
AVAlwil (avast)Malware-gen:Win32:Malware-gen
AVArcabit (arcavir)no_virus
AVAuthentiumno_virus
AVAvira (antivir)no_virus
AVBullGuardno_virus
AVCA (E-Trust Ino)no_virus
AVCAT (quickheal)no_virus
AVClamAVno_virus
AVDr. Webno_virus
AVEmsisoftno_virus
AVEset (nod32)NSIS/TrojanDownloader.Chindo.A
AVFortinetW32/Chindo.B!tr.dldr
AVFrisk (f-prot)no_virus
AVF-Secureno_virus
AVGrisoft (avg)no_virus
AVIkarusTrojan.Downloader.Chindo
AVK7no_virus
AVKasperskyTrojan-Downloader.NSIS.AdLoad.ak
AVMalwareBytesno_virus
AVMcafeeno_virus
AVMicrosoft Security Essentialsno_virus
AVMicroWorld (escan)no_virus
AVRisingno_virus
AVSophosno_virus
AVSymantecno_virus
AVTrend Microno_virus
AVVirusBlokAda (vba32)no_virus

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Network Details:


Raw Pcap

Strings
 " "
E
msctls_progress32
MS Shell Dlg
SysListView32
*?|<>/":
%02x%c
,1<n\uh
1S=='+
<%3)6a
3CTaAT
4FCf~Ko
4`FjDoO
4L0%\wflC
;}^4NQ
4&$\o;
>4q3Ja
4UV((cZ
@,5g<;
5k'Vn	
5m(0=j=
+^5SBh
5sf3mr,
*=5SHXz
'64B0!T]z
7/0w[T
}79nAJ
/7cAl3
7.QRl;7
7tNCLP
&."8!?
8h5fOs
8NCRCu
($8/V:
Aborting: "%s"
AdjustTokenPrivileges
ADVAPI32
ADVAPI32.dll
af":t"
	%Al1K
AppendMenuA
+AsQDH
!!a$%w
BeginPaint
#bI00F{
~bk=u-
BringToFront
:"*BU'
](B?z1
Call: %d
CallWindowProcA
CharNextA
CharPrevA
CheckDlgButton
CloseClipboard
CloseHandle
CoCreateInstance
COMCTL32.dll
CompareFileTime
Control Panel\Desktop\ResourceLocale
CopyFileA
CopyFiles "%s"->"%s"
CoTaskMemFree
CreateBrushIndirect
CreateDialogParamA
CreateDirectoryA
CreateDirectory: can't create "%s" - a file already exists
CreateDirectory: can't create "%s" (err=%d)
CreateDirectory: "%s" created
CreateDirectory: "%s" (%d)
created uninstaller: %d, "%s"
CreateFileA
CreateFontIndirectA
CreatePopupMenu
CreateProcessA
CreateShortCut: out: "%s", in: "%s %s", icon: %s,%d, sw=%d, hk=%d
CreateThread
CreateWindowExA
... %d%%
D$0+D$(P
@.data
dC<XD 
D$(+D$ SSP
.DEFAULT\Control Panel\International
DefWindowProcA
Delete: DeleteFile failed("%s")
Delete: DeleteFile on Reboot("%s")
Delete: DeleteFile("%s")
DeleteFileA
DeleteObject
DeleteRegKey: "%s\%s"
DeleteRegValue: "%s\%s" "%s"
Delete: "%s"
DestroyWindow
detailprint: %s
d>&H<"
DialogBoxParamA
dIiI#4Z
DispatchMessageA
`D/kys
'D@$mc
DN5CYx
DrawTextA
D$(SPS
D^w_t"
]E{2L5
EmptyClipboard
EnableMenuItem
EnableWindow
EndDialog
EndPaint
ENvg[q
Error launching installer
Error registering DLL: Could not initialize OLE
Error registering DLL: Could not load %s
Error registering DLL: %s not found in %s
Error writing temporary file. Make sure your temp folder is valid.
esSK#^
Exch: stack < %d elements
Exec: command="%s"
Exec: failed createprocess ("%s")
ExecShell: success ("%s": file:"%s" params:"%s")
ExecShell: warning: error ("%s": file:"%s" params:"%s")=%d
Exec: success ("%s")
ExitProcess
ExitWindowsEx
ExpandEnvironmentStringsA
File: error creating "%s"
File: error, user abort
File: error, user cancel
File: error, user retry
File: overwriteflag=%d, allowskipfilesflag=%d, name="%s"
File: skipped: "%s" (overwriteflag=%d)
File: wrote %d to "%s"
FillRect
FindClose
FindFirstFileA
FindNextFileA
FindWindowExA
FreeLibrary
FTf0[y
(%FV6H
)F.W1h
G@2!	%
G90.nPCj
GA@A!Srg*
GD6*	\
GDI32.dll
GetAsyncKeyState
GetClassInfoA
GetClientRect
GetCommandLineA
GetCurrentProcess
GetDeviceCaps
GetDiskFreeSpaceA
GetDiskFreeSpaceExA
GetDlgItem
GetDlgItemTextA
GetExitCodeProcess
GetFileAttributesA
GetFileSize
GetFileVersionInfoA
GetFileVersionInfoSizeA
GetFullPathNameA
GetLastError
GetMessagePos
GetModuleFileNameA
GetModuleHandleA
GetPrivateProfileStringA
GetProcAddress
GetShortPathNameA
GetSysColor
GetSystemDirectoryA
GetSystemMenu
GetSystemMetrics
GetTempFileNameA
GetTempPathA
GetTickCount
GetUserDefaultUILanguage
GetVersion
GetWindowLongA
GetWindowRect
GetWindowsDirectoryA
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
gpL.~ur
gS%Q_e@w
G(?xwK
HbtjJW:
h*E>bVX
HideWindow
HKEY_CLASSES_ROOT
HKEY_CURRENT_CONFIG
HKEY_CURRENT_USER
HKEY_DYN_DATA
HKEY_LOCAL_MACHINE
HKEY_PERFORMANCE_DATA
HKEY_USERS
/H=!-k's/atXG'
hMW>9.
HQ3L1	:f
)h+r/"')<
http://nsis.sf.net/NSIS_Error
IfFileExists: file "%s" does not exist, jumping %d
IfFileExists: file "%s" exists, jumping %d
ImageList_AddMasked
ImageList_Create
ImageList_Destroy
incomplete download and damaged media. Contact the
Installer integrity check has failed. Common causes include
installer's author to obtain a new copy.
install.log
Instu`
InvalidateRect
invalid registry key
iRichu
IsDlgButtonChecked
IsWindow
IsWindowEnabled
IsWindowVisible
&$iwW*
j1Y*8.
Jd~B3_I
J/?e]Y
jF8ft,
J@S'%3q
Jump: %d
K@1G(8
KERNEL32
KERNEL32.dll
{klMOCS
kmI5%J
kSLgT}
$(kXBj
<).L[[
]'LE7=
LjS$BA
LK nt}
>lLdpa
$LLWu"`
LNM-97i
LoadBitmapA
LoadCursorA
LoadImageA
LoadLibraryA
LoadLibraryExA
logging set to %d
LookupPrivilegeValueA
LP!|V4j<
lstrcatA
lstrcmpA
lstrcmpiA
lstrcpynA
lstrlenA
l|T8Ag
lu*Q~J
#m6OYV
MessageBox: %d,"%s"
MessageBoxIndirectA
\Microsoft\Internet Explorer\Quick Launch
`miv\v
$m$ ?o
More information at:
MoveFileA
MoveFileExA
!mpTTg
MulDiv
MultiByteToWideChar
mw{kns	y+
N"3}TN`
N8&T"6u
.ndata
New install of "%s" to "%s"
	Ng?/b
@nH,Kw
nl|mJ&q
NSIS Error
;nsNr#
~nsu.tmp
NullsoftInst
NulluN	E
O.;}$@
o6D@Q{
o9"V6_
ole32.dll
OleInitialize
OleUninitialize
OpenClipboard
OpenProcessToken
OY?<_:
p,15VEN+
+|Pa\`
pa <_Q
P<^bO>a
PeekMessageA
pm	c4uw9
p<NF*M~
Pop: stack empty
PostQuitMessage
Pp'/!M7
PPPPPP
P}usMt
@PWSh(
pZ" +Dr`A
Qa c XL
Q}$d|}
;q+GK%v
{Q'+)i
=Ql\A~
+R3#s6
~&R7qM
`.rdata
ReadFile
RegCloseKey
RegCreateKeyExA
RegDeleteKeyA
RegDeleteKeyExA
RegDeleteValueA
RegEnumKeyA
RegEnumValueA
RegisterClassA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RemoveDirectoryA
[Rename]
Rename failed: %s
Rename on reboot: %s
Rename: %s
r@FPU~_
R)g$Tv~BIIC
RichEd20
RichEd32
RichEdit
RichEdit20A
RMDir: RemoveDirectory failed("%s")
RMDir: RemoveDirectory invalid input("%s")
RMDir: RemoveDirectory on Reboot("%s")
RMDir: RemoveDirectory("%s")
RMDir: "%s"
r	`;Q{|l
%$~rvC
s	2}J1
S9)m>|ZC
ScreenToClient
SearchPathA
Section: "%s"
SelectObject
SendMessageA
SendMessageTimeoutA
SeShutdownPrivilege
SetBkColor
SetBkMode
SetClassLongA
SetClipboardData
SetCurrentDirectoryA
SetCursor
SetDlgItemTextA
SetErrorMode
SetFileAttributesA
SetFileAttributes failed.
SetFileAttributes: "%s":%08X
SetFilePointer
SetFileTime
SetForegroundWindow
SetTextColor
SetTimer
settings logging to %d
SetWindowLongA
SetWindowPos
SetWindowTextA
SHAutoComplete
SHBrowseForFolderA
SHELL32.dll
ShellExecuteA
SHFileOperationA
SHFOLDER
SHGetFileInfoA
SHGetFolderPathA
SHGetPathFromIDListA
SHGetSpecialFolderLocation
SHLWAPI
ShowWindow
SIQ[?z]
sK5#+.
Skipping section: "%s"
Sleep(%d)
softuW
Software\Microsoft\Windows\CurrentVersion
[svtEo
%SX920
SystemParametersInfoA
> _?=t
t5]3eu
TCl"-L{\w5
!This program cannot be run in DOS mode.
T"@KIu
"tKr`@
_^[t	P
TrackPopupMenu
u49-lcB
uEeOyr
^:~UF@
*UN=[MD
U-pD(x
?|uQ,%
USER32.dll
%u.%u%s%s
ux^'[|
Uxc/`%
/V:[/=%
V6Flm_a]M
VC"_S^ 
verifying installer: %d%%
VerQueryValueA
VERSION.dll
Vp`=xBb
!?V,*s
V_]@s w
vtzh5id4
}],vv{pI
	V;*yU
WaitForSingleObject
W;}@Bs
WriteFile
WriteINIStr: wrote [%s] %s=%s in %s
WritePrivateProfileStringA
WriteRegBin: "%s\%s" "%s"="%s"
WriteRegDWORD: "%s\%s" "%s"="0x%08x"
WriteReg: error creating key "%s\%s"
WriteReg: error writing into "%s\%s" "%s"
WriteRegExpandStr: "%s\%s" "%s"="%s"
WriteRegStr: "%s\%s" "%s"="%s"
wsprintfA
wvsprintfA
wwwwwwww
wwwwwwwxp
-WzdSkq
X~'	16
&XSF2_
y<e>D$
y+.[OFM$
yT}M]K
Zb``Z^y
zE5L2n+Du
Zj9IMZNUm
z-:(jaU
=zMlyZ
!ZrapwZ[
.zu7q@