Analysis Date2014-10-08 02:23:07
MD59ea42bbfc828ed2ae38306ea7b42ae99
SHA185ecc7921e1c653653e7974d9f473c165101b470

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 8c6c0f7080981d1610335874e853a6d6 sha1: 0acd33c2a32c5917be970f1e9cde579a10f59fa6 size: 45056
Section.rdata md5: 7ac8e0f8dae9db508f88a7aaa42469f0 sha1: defc5b515b998ca1537c1c1e602d5fc3afe166b6 size: 5120
Section.data md5: 57d5c7dedc475e87f7c24963ebe6ce7a sha1: 55f3099c251a84b30d2ee2903970aa4a871ad72c size: 34816
Section.rsrc md5: ef895904921c351dce0a0daf185212ca sha1: 42828965371036c9864a30580d1c53330b8b26bc size: 1024
Timestamp2005-11-03 12:54:35
VersionLegalCopyright: Copyright (C) 2010
InternalName: c1
FileVersion: 1, 0, 0, 1
FileDescription: Windows Host Process
ProductVersion: 1, 0, 0, 1
PrivateBuild: 7777
OriginalFilename: c1.exe
PEhash00b94e8a8dc0b5dffe0e414b13af717186eb783f
IMPhasha1bcea289cc0c4b1a2922edd0cedbea7
AV360 SafeGen:Heur.Conjar.2
AVAd-AwareGen:Heur.Conjar.2
AVAlwil (avast)MalOb-IJ [Cryp]
AVArcabit (arcavir)no_virus
AVAuthentiumW32/Goolbot.A.gen!Eldorado
AVAvira (antivir)TR/Crypt.XPACK.Gen
AVCA (E-Trust Ino)Win32/FakeAV.S!generic
AVCAT (quickheal)Backdoor.Cycbot.B
AVClamAVWin.Trojan.1949
AVDr. WebTrojan.Siggen2.7021
AVEmsisoftGen:Heur.Conjar.2
AVEset (nod32)Win32/Kryptik.HPG
AVFortinetW32/Swisyn.AOE!tr
AVFrisk (f-prot)W32/Goolbot.A.gen!Eldorado
AVF-SecureGen:Heur.Conjar.2
AVGrisoft (avg)Generic19.BWJF
AVIkarusPacked.Win32.Krap
AVK7Trojan ( 001b0fd31 )
AVKasperskyTrojan.Win32.Reconyc.cimu
AVMalwareBytesTrojan.Agent
AVMcafeeBackDoor-EXI
AVMicrosoft Security EssentialsBackdoor:Win32/Cycbot.G
AVMicroWorld (escan)Gen:Heur.Conjar.2
AVNormanwinpe/Cycbot.BF
AVRisingno_virus
AVSophosTroj/FakeAV-BVU
AVSymantecTrojan.Gen
AVTrend MicroBKDR_CYCBOT.U
AVVirusBlokAda (vba32)no_virus
AVYara APTno_virus
AVZillya!no_virus

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Network Details:


Raw Pcap

Strings
N1..
6.!x.|A.....h.....g..;.
'VA.o90\{
.q4O.R...=.
H..
.
...
040904b0
1, 0, 0, 1
7777
$Ab@
BB'D
'bbF
c1.exe
Copyright (C) 2010
FileDescription
FileVersion
InternalName
LegalCopyright
&Main
MS Sans Serif
OriginalFilename
PrivateBuild
ProductVersion
S&top
StringFileInfo
Translation
VarFileInfo
VS_VERSION_INFO
Windows Host Process
0%2&>c}
2s4Tm4i
2:!*T2
3\\<I8Pg
3p/va8
3`r\DQS
3_s}pI
5Jn\p3
5|X`as
!6kwn;A~
7;3dBr
)8h5[P4
a^b^Jv
]ac	QY
acWwa3
<ah:8@
BAj!;vR
bBDJfn
BitBlt
b]q*FI<
.?b!Q&i
c|/\itP@
CloseHandle
CLSIDFromProgID
CLSIDFromString
CoAllowSetForegroundWindow
CoCreateGuid
CoCreateInstance
CoGetClassObject
CoInitializeEx
CoInitializeSecurity
CommandLineToArgvW
CoSetProxyBlanket
CoTaskMemAlloc
CoTaskMemFree
CoUninitialize
CoXj:v6u
CreateCompatibleBitmap
CreateCompatibleDC
CreateEventW
CreateFileW
CreateMutexW
CreateSolidBrush
CreateStreamOnHGlobal
CreateThread
CRYPT32.dll
CryptProtectData
CryptUnprotectData
@.data
DDRAW.dll
DeleteCriticalSection
DeleteDC
DeleteObject
DirectDrawCreate
DirectDrawCreateEx
DirectDrawEnumerateA
dJ<tWs
-DP3J8
dtw~)#|
e9awHF3
EnterCriticalSection
EoE`~FnQ
ExitProcess
e'xwK2
	F0gG/
'%-f9F)s
FindExecutableW
FindResourceExW
FindResourceW
FlushInstructionCache
~#fMz	8"
FormatMessageW
FreeLibrary
GDI32.dll
GdipAlloc
GdipCloneImage
GdipCreateBitmapFromFile
GdipCreateBitmapFromFileICM
GdipCreateHBITMAPFromBitmap
GdipDisposeImage
GdipFree
gdiplus.dll
GdiplusShutdown
GdiplusStartup
GetACP
GetComputerNameW
GetCurrentProcess
GetCurrentThreadId
GetDeviceCaps
GetFileVersionInfoSizeW
GetFileVersionInfoW
GetLastError
GetLocaleInfoA
GetLocaleInfoW
GetModuleFileNameW
GetModuleHandleW
GetObjectW
GetProcAddress
GetProcessHeap
GetProcessId
GetProcessVersion
GetStartupInfoW
GetStockObject
GetSystemDirectoryW
GetSystemInfo
GetSystemTimeAsFileTime
GetTempPathW
GetThreadLocale
GetTickCount
GetUserNameExW
GetVersionExA
GetVersionExW
GlobalAlloc
GlobalFree
GlobalHandle
GlobalLock
GlobalUnlock
Gw6./wc |w
:hBhZ>@
HeapAlloc
HeapDestroy
HeapFree
HeapReAlloc
HeapSetInformation
HeapSize
hhLoca
h_h`o@
h) iKk
hlFreh
hLibrh
	;hm C
"hPPV`
hroteh
hSleeh
~;I4jy
iB3^X=
iGf<~B
IK33)	
InitializeCriticalSection
InterlockedCompareExchange
InterlockedDecrement
InterlockedExchange
InterlockedIncrement
I,^onY
IsDebuggerPresent
IsProcessorFeaturePresent
jhhualP
JMZmGO$e
JPP5)r`
-J	+Qh
JR*#{-:a
K,&[`~
k#+=8Yl
KERNEL32.dll
K[	JNL
K|QS5q
|!k#+v
LCMapStringW
LeaveCriticalSection
LoadLibraryA
LoadLibraryExW
LoadLibraryW
LoadResource
LocalAlloc
LocalFree
LockResource
lstrcmpW
lstrlenA
lstrlenW
m	*?3J
MulDiv
MultiByteToWideChar
My1b5=
N_8SZx
NETAPI32.dll
NetApiBufferFree
NetGetJoinInformation
NetLocalGroupAddMembers
NetUserAdd
NetUserDel
NetUserEnum
NetUserGetLocalGroups
NetWkstaUserGetInfo
n<Fr/;l
nK-1BX
NTA*{(
'OJz6/
ole32.dll
OleInitialize
OleLockRunning
OleUninitialize
OpenProcess
oTr;R4w
PathAppendW
PathCombineW
Ph@PgP
PPL)Sd
ProcessIdToSessionId
Pr/RPj
PuXrQa
\PW>B|&E
~(p<Z`
q]4uu	
QueryPerformanceCounter
RaiseException
`.rdata
ReleaseMutex
ResetEvent
rsr%Bzi
rt|wYku|+"
RtzG.0
_s}c)%W
Secur32.dll
SelectObject
SetEvent
SetLastError
SetUnhandledExceptionFilter
SHAppBarMessage
SHELL32.dll
ShellExecuteExW
ShellExecuteW
Shell_NotifyIconW
SHGetFolderPathW
SHLWAPI.dll
SizeofResource
StringFromCLSID
StringFromGUID2
t1(h+j@
-T3	Mb
tcoeBU
TerminateProcess
!This program cannot be run in DOS mode.
ThlAllh
ThLocah
*!tK&C
T,L&!*J
	Tp|~i#
TRh}\@
TTh3x@
tVx7oe
*ud0`5
UEk5M|
UnhandledExceptionFilter
UrlApplySchemeW
UrlCanonicalizeW
UrlCombineW
UrlGetPartW
]^@V)4
V*7}}C
VerQueryValueW
VERSION.dll
VirtualAlloc
VirtualFree
VirtualLock
VirtualUnlock
;W21k!
w8c#wo
W9xZ_>
WaitForMultipleObjects
WaitForSingleObject
wi<Aw<
WideCharToMultiByte
wPAQ"U
WTSAPI32.dll
WTSEnumerateSessionsW
WTSFreeMemory
WTSQuerySessionInformationW
WTSRegisterSessionNotification
WTSUnRegisterSessionNotification
wv?]wYD
wwAV1H>J
~w,W'oF
X *iC8
xRx)e:@XD0
yn<h<h
;YV8yw0
yYx)5=
>-"|Z0
^z_0+q
@Z"-6!
ZP@ia}
zPlCQ{