Analysis Date2014-03-08 15:29:27
MD57dfddad4736d00b914da586e6572c8db
SHA18e252d7ffb06201f517714c231bf58e225bb051f

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 9b124eacebc775c306f0f3f23f082655 sha1: ac097fdf2c591640d4f6b39eb4d611c44a037c28 size: 12288
Section.rdata md5: 77a3d52bc49d56614ee44acf451bafcc sha1: cfe0d3110067d76dbfd9ad81fa4d934dde334863 size: 4096
Section.data md5: 5774dec59d85f72c7c437c4cc0ab7fe1 sha1: 6e33f5b7e5f30479bf2c79cb94c403ae8ae0bbfc size: 4096
Section.rsrc md5: c3564a05c3a462a5a3caabefa66a1f00 sha1: 0a91f9b66bd6e8e1e75335e86b3b2e0fa94cae38 size: 106496
Timestamp2009-06-13 12:28:10
VersionLegalCopyright: Copyright (C) 2009 KOPoWerTR Founder
InternalName: KOPoWerTR Founder
FileVersion: 1, 0, 0, 7
CompanyName: 77.223.132.251
PrivateBuild: 6.0
LegalTrademarks: KOPoWerTR Founder
Comments: KOPoWerTR Founder
ProductName: KOPoWerTR Founder
SpecialBuild: 6.0
ProductVersion: 1, 0, 0, 1
FileDescription: KOPoWerTR Founder
OriginalFilename: KOPoWerTR.exe
PackerInstaller VISE Custom
PEhash2067bef5839e85b9509c92b9fb1072ad5f1da85c
IMPhashc7386d3a7786f4c8ed0cf6c1417a5643
AVclamavWin.Trojan.253511
AVaviraBDS/Gendal.253511
AVavgGeneric16.AESC

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates ProcessLauncher.exe

Process
↳ Launcher.exe

Network Details:


Raw Pcap

Strings
\
. 
..
041F04B0
1, 0, 0, 1
1, 0, 0, 7
77.223.132.251
Comments
CompanyName
Copyright (C) 2009 KOPoWerTR Founder
FileDescription
FileVersion
         (((((                  H
InternalName
KOPoWerTR.exe
KOPoWerTR Founder
LegalCopyright
LegalTrademarks
OriginalFilename
PrivateBuild
ProductName
ProductVersion
SpecialBuild
StringFileInfo
Translation
VarFileInfo
VS_VERSION_INFO
&19q<VeIGl
226!RQVE
,.29^y}
4#*.:0<C?/48
#.4/#8D
4AIB3AJ	f
`4BJ}Q
59=}#&*l%%&d
5>E=@R^
$+`#.5Q
;66Du}
74138:5:9638;
?(7@'o
.8>	8O]
8:8S988
_9=\U@
;+.9\UXa
abfC`hm
abnormal program termination
[agYRgv
b'''f%%%d
^^bUQRT uwy
///C(()
;@CGqcgk
<CQ~/4Cy'+3o
CreateProcessA
D8:Blhmt
@.data
DOMAIN error
DSUVWh
EEF^BCC
ExitProcess
f.AMzHt
- floating point not loaded
FreeEnvironmentStringsA
FreeEnvironmentStringsW
frqtaww}Root:SSX
G1=E^5N\w>[mv^
GetACP
GetActiveWindow
GetCommandLineA
GetCPInfo
GetCurrentProcess
GetEnvironmentStrings
GetEnvironmentStringsW
GetFileType
GetLastActivePopup
GetModuleFileNameA
GetModuleHandleA
GetOEMCP
GetProcAddress
GetStartupInfoA
GetStdHandle
GetStringTypeA
GetStringTypeW
GetVersion
GMRJTk{
++,H3:?
HbrE?]p
HeapAlloc
HeapCreate
HeapDestroy
HeapFree
HeapReAlloc
HeapSize
HHLtDDIZ239<
hhmm88;8
^hjv=HHN"(((
III	III	IHI
I`o9<Wh
^jp%Zp
KERNEL32.dll
KOPoWerTR Anti-Cheat Sistemi Launcher'a Baglanamadi.KOPanel'den indiriniz..
 L02:hPS]
Launcher'a Baglanamdi
Launcher.exe    
LCMapStringA
LCMapStringW
LLL	LKL
LoadLibraryA
MessageBoxA
Microsoft Visual C++ Runtime Library
MultiByteToWideChar
>;>Njv{
- not enough space for arguments
- not enough space for environment
- not enough space for lowio initialization
- not enough space for _onexit/atexit table
- not enough space for stdio initialization
- not enough space for thread data
P"%3^16Ek<BQu?EW}IO^
$P47<kGKS
Program: 
<program name unknown>
- pure virtual function call
Qal/7HS
qx}hF\j
r779F""%)
`.rdata
RtlUnwind
runtime error 
Runtime Error!
#S,/4iQUf
SetHandleCount
SING error
SSSc@A@
SS@SSPVSS
;:;	^\`t
TerminateProcess
!This program cannot be run in DOS mode.
TLOSS error
t#SSUP
tsvz<<?::Whfk
t.;t$$t(
t$$VSS
- unable to initialize heap
- unable to open console device
- unexpected heap error
- unexpected multithread lock error
UnhandledExceptionFilter
user32.dll
USER32.dll
UUU[.8?
%V"%-a!$-c
VC20XC00U
VirtualAlloc
VirtualFree
!!%?vy|
WideCharToMultiByte
WriteFile
_^][YY
YYh(P@
zcgzaeekF