Analysis Date2013-09-05 15:57:38
MD559a4f7d748919e5e877ca2336b2493b4
SHA190033e14c921dd92a2c553da2db8926006721975

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 697c2736ce437d5b388a3dc27b5373ae sha1: 5a7761a8ca3ecabc15510ea4f41c6a201d6f1a73 size: 39424
Section.rdata md5: 4a4ac1314e4b03b334746739f1ea4f39 sha1: 6d685516cc106b919bbbd780051f6ee208eea5ba size: 11264
Section.data md5: 6d3dea0f20eb9c8278f6c40c6be51576 sha1: be03932c98197f0a6ce7ac65575580c5f4f37285 size: 3072
Section.rsrc md5: 18ae22817c3f5ebaff2e5b75b4ce4153 sha1: 7168895c9f8e6762dd24ad19cb39b66a9b204c26 size: 224768
Timestamp2012-09-03 03:27:31
VersionLegalCopyright: Copyright (C) MSCoree 2012
ProductVersion: 1.0.0.1
ProductName: MSCoree
FileVersion: 1.0.0.1
FileDescription: MSCoree
PackerMicrosoft Visual C++ ?.?
PEhash9630e76f5fee0bc74d625fc59ab2c4cd5599165e
AVclamavWIN.Trojan.Agent-246953
AVavgDropper.Generic6.BZAC
AVaviraTR/Dropper.Gen

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates ProcessC:\malware.exe

Process
↳ C:\malware.exe

Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\73b7_appcompat.txt
Creates FilePIPE\lsarpc
Creates ProcessC:\WINDOWS\system32\dwwin.exe -x -s 180

Process
↳ C:\WINDOWS\system32\dwwin.exe -x -s 180

Network Details:


Raw Pcap

Strings