Analysis Date2015-07-13 10:56:23
MD56576dac0829082a4e6d9b6fe224ea376
SHA188746082ef77aae9292224a5034dd23e284117f0

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly
Section.text md5: a6386a5dadd8d8d947651741c2ce8be3 sha1: a4f5279de0fc19cccb5cd7fe835f873689bf860e size: 96256
Section.sdata md5: 962d34580e1e7f5159cb24895a443141 sha1: 7fd2c5f41af95248de4ce6d009310a151e886097 size: 512
Section.rsrc md5: 8bfabdecc5c6a9a343613ec18f538194 sha1: 7dfba2c76c3ca5dd8fa0d52733801354d9200877 size: 156672
Section.reloc md5: b60fbc01e2af6ea280ee39ad88a10a13 sha1: 273c4995e7d043bb64003075f16a79b8342a5769 size: 512
Timestamp2015-04-10 10:11:06
Pdb pathC:\Users\xxxx\documents\visual studio 2010\Projects\WindowsApplication4\WindowsApplication4\obj\x86\Release\WindowsApplication4.pdb
VersionLegalCopyright: Copyright © 2015
Assembly Version: 1.0.0.0
InternalName: WindowsApplication4.exe
FileVersion: 1.0.0.0
ProductName: WindowsApplication2
ProductVersion: 1.0.0.0
FileDescription: WindowsApplication2
OriginalFilename: WindowsApplication4.exe
PackerMicrosoft Visual C# v7.0 / Basic .NET
PEhashbf15e639a969aeb251d00f9128605aeb4b4f24dc
IMPhashf34d5f2d4577ed6d9ceec516c1f5a744
AVK7no_virus
AVBitDefenderGen:Variant.Strictor.83529
AVArcabit (arcavir)Gen:Variant.Strictor.83529
AVBullGuardGen:Variant.Strictor.83529
AVMicroWorld (escan)Gen:Variant.Strictor.83529
AVMcafeeRDN/Generic.dx!dql
AVMicrosoft Security Essentialsno_virus
AVAuthentiumW32/S-01aa79d5!Eldorado
AVKasperskyTrojan.MSIL.Zapchast.aakyo
AVIkarusBackdoor.Win32.DarkKomet
AVAvira (antivir)no_virus
AVZillya!no_virus
AVCAT (quickheal)Trojan.MSI.r4
AVPadvishno_virus
AVDr. Webno_virus
AVCA (E-Trust Ino)no_virus
AVEset (nod32)MSIL/Kryptik.CPV
AVRisingno_virus
AVAd-AwareGen:Variant.Strictor.83529
AVAlwil (avast)no_virus
AVClamAVno_virus
AVSymantecno_virus
AVEmsisoftGen:Variant.Strictor.83529
AVGrisoft (avg)MSIL7.BVGL
AVTrend Microno_virus
AVFrisk (f-prot)no_virus
AVF-SecureGen:Variant.Strictor.83529
AVVirusBlokAda (vba32)no_virus
AVFortinetMSIL/Kryptik.BDK!tr
AVTwisterno_virus
AVMalwareBytesno_virus

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

RegistryHKEY_CURRENT_USER\Software\Microsoft\GDIPlus\FontCachePath ➝
C:\Documents and Settings\Administrator\Local Settings\Application Data\\x00
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

Network Details:


Raw Pcap

Strings