Analysis Date2013-09-04 14:48:07
MD5dcc438f6f3110b835f253bbcbfd72bf4
SHA19008703b4b25a87bd1d1cf6827cd21cccc83ed17

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 185492ee589e45ae90dbacfd422ca514 sha1: 83e3763aa23a6c41f6aeb7b19729b1287ec5808a size: 7168
Section.data md5: 0019d2ef5bf31564ea1be891d396f801 sha1: dd9b7f76420b2195c15e965860f9cb3bdb0c9868 size: 12288
Section.bss md5: a54482415d063d90b3d0f88d54ce5c69 sha1: c15b2c5acfc6436820d65d8841c99badfb3dad35 size: 48128
Section.idata md5: 637b403457bdf33f18752ec51c90afe1 sha1: 53278ebe427ad41bbd2331fab9e67e537cefb8c9 size: 4096
Section.rsrc md5: 11aabfb9df67d859852fe278f7b408cf sha1: c57e7b09e865394e3c5dbe04280d9915119aa6aa size: 4096
Timestamp2009-02-08 03:10:36
VersionLegalCopyright: Copyright © 2010 cW PC Tools. E All rights reserved. lV
InternalName: fmag3Do.exe
FileVersion: 7.0.0.61
CompanyName: videosoft
LegalTrademarks:
Comments:
ProductName: X 4P
ProductVersion: 7.0.0.61
FileDescription: JVideo Component0
OriginalFilename: fmag3Do.exe
PEhash65193a774f60f36b2d9586644f5a6c302dceb340
AVclamavTrojan.Jorik-122
AVaviraTR/Dldr.Renos.MK.1
AVavgGeneric22.UBH

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\\\x03\1806 ➝
NULL
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass ➝
1
Creates FilePIPE\wkssvc
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\Ogf..bat
Creates FileC:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat
Creates FileC:\Documents and Settings\Administrator\Cookies\index.dat
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat
Creates Process"C:\WINDOWS\system32\cmd.exe" /q /c "C:\Documents and Settings\Administrator\Local Settings\Temp\Ogf..bat" > nul 2> nul
Creates Mutexc:!documents and settings!administrator!local settings!history!history.ie5!
Creates MutexWininetConnectionMutex
Creates Mutexc:!documents and settings!administrator!cookies!
Creates Mutexc:!documents and settings!administrator!local settings!temporary internet files!content.ie5!

Process
↳ "C:\WINDOWS\system32\cmd.exe" /q /c "C:\Documents and Settings\Administrator\Local Settings\Temp\Ogf..bat" > nul 2> nul

Creates Filenul
Deletes FileC:\malware.exe
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temp\Ogf..bat

Network Details:

DNSrepubblica.it
Type: A
213.92.16.101
DNSyelp.com
Type: A
198.51.132.160
DNSyelp.com
Type: A
198.51.132.60
DNSseesaa.net
Type: A
DNSflashz.in
Type: A
DNSwebdatum.in
Type: A

Raw Pcap

Strings