Analysis Date2014-03-24 04:30:59
MD5ad1537a3455f77038a598c62e4c0d25f
SHA1902075fb87d70693dc4272563be68b8d1ef09eff

Static Details:

File typePE32 executable for MS Windows (console) Intel 80386 32-bit
Section.text md5: 9f56cc5c81a2199881dcc727a600465c sha1: dff77e51ef4abe4029eb0fa94247c1cdd178b96d size: 17920
Section.data md5: b6ba8bb11947d92d9eeabb7017371838 sha1: 6e1f024815e8044fb94da1ebc77625f5330dc6fb size: 512
Section.rsrc md5: 8cbb86e013a39df1385d0f79ddc19c43 sha1: 034e9942730ebb2795881a6c601cbfb6ca8ad40d size: 28160
Timestamp2018-05-23 21:28:23
Pdb pathfindstr.pdb
VersionLegalCopyright: © Microsoft Corporation. All rights reserved.
InternalName: findstr
FileVersion: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
ProductVersion: 5.1.2600.2180
FileDescription: Find String (QGREP) Utility
OriginalFilename: FINDSTR.EXE
PackerMicrosoft Visual C++ v7.0
PEhashbb12c92fae54f401d72531f685aae0f0a77a975e
IMPhash8084d93c613ab1d1513dcb7965a1819a
AVavgWin32/Virut.dropper
AVmcafeeW32/Virut.n.gen
AVaviraW32/Virut.Gen
AVmsseVirus:Win32/Virut.EPO

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Network Details:


Raw Pcap

Strings
^
/
..
.

040904B0
%1: %2 ignored
%1: Argument missing after /%2
%1: Bad command line
%1: Cannot open %2
%1: Cannot read file list from %2
%1: Cannot read strings from %2
%1: Error reading file %2.
%1: Files with offline attribute were skipped.
%1: Line %2 is too long.
%1: No search strings
%1: Out of memory
%1: Read file failed.  (Cannot create file mapping.)
%1: Read file failed.  (Cannot map view of file.)
%1: Search string too long.
%1: Unable to get current directory.
%1: Write error
5.1.2600.2180
5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
  /A:attr    Specifies color attribute with two hex digits. See "color /?"
  /B         Matches pattern if at the beginning of a line.
  [class]  Character class: any one character in set
  [^class] Inverse class: any one character not in set
CompanyName
        [/C:string] [/G:file] [/D:dir list] [/A:color attributes] [/OFF[LINE]]
  /C:string  Uses specified string as a literal search string.
  /D:dir     Search a semicolon delimited list of directories
  [drive:][path]filename
  /E         Matches pattern if at the end of a line.
  /F:file    Reads file list from the specified file(/ stands for console).
FileDescription
FileVersion
findstr
FINDSTR [/B] [/E] [/L] [/R] [/S] [/I] [/X] [/V] [/N] [/M] [/O] [/P] [/F:file]
FINDSTR.EXE
Find String (QGREP) Utility
For full information on FINDSTR regular expressions refer to the online Command
  /G:file    Gets search strings from the specified file(/ stands for console).
"hello there" in file x.y.
InternalName
  /I         Specifies that the search is not to be case-sensitive.
LegalCopyright
  ^        Line position: beginning of line
  $        Line position: end of line
  /L         Uses search strings literally.
Microsoft
Microsoft Corporation
 Microsoft Corporation. All rights reserved.
  /M         Prints only the filename if a file contains a match.
  /N         Prints the line number before each line that matches.
  /OFF[LINE] Do not skip files with offline attribute set.
 Operating System
  /O         Prints character offset before each matching line.
OriginalFilename
ProductName
ProductVersion
  /P         Skip files with non-printable characters.
Reference.
Regular expression quick reference:
  *        Repeat: zero or more occurances of previous character or class
  /R         Uses search strings as regular expressions.
Searches for strings in files.
             Specifies a file or files to search.
Specify only /L or /R.
  /S         Searches for matching files in the current directory and all
String count error: (%1 does not equal %2)
StringFileInfo
        strings [[drive:][path]filename[ ...]]
  strings    Text to be searched for.
             subdirectories.
"there" in file x.y.  'FINDSTR /C:"hello there" x.y' searches for
Too many /C:string specified.
Too many string lists
Translation
Unable to set locale.
Use /OFFLINE for not skipping such files.
Use spaces to separate multiple search strings unless the argument is prefixed
VarFileInfo
  /V         Prints only lines that do not contain a match.
VS_VERSION_INFO
  .        Wildcard: any character
 Windows
with /C.  For example, 'FINDSTR "hello there" x.y' searches for "hello" or
  \x       Escape: literal use of metacharacter x
  /X         Prints lines that match exactly.
  [x-y]    Range: any characters within the specified range
  \<xyz    Word position: beginning of word
  xyz\>    Word position: end of word
1(8Vdb%
@1g8;y
1&~?I$o,wC
2q0I-p
*~31!	Af
.%3.4d
7Hb:T$
9/8ZRw
9+iRuCOA
_adjust_fdiv
[^A-Za-z0-9_]
_cexit
_c_exit
CharToOemA
clirnR
CloseHandle
_controlfp
CreateFileA
CreateFileMappingA
D$4|dB
@d&5DR>r
DbgPrint
EnterCriticalSection
_except_handler3
ExitProcess
Failure to convert MultiByte to Unicode: %d
Failure to convert Unicode to Oem: %d
fclose
FHt\Ht/Ht
FindClose
FindFirstFileA
FindNextFileA
FINDSTR
findstr.pdb
FormatMessageA
FormatMessage failed: %d
fPDA\m
fprintf
GetConsoleOutputCP
GetConsoleScreenBufferInfo
GetCurrentDirectoryA
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetFileAttributesA
GetFileSize
GetLastError
__getmainargs
GetModuleHandleA
GetStdHandle
GetSystemTimeAsFileTime
GetTickCount
GetUserDefaultLCID
`GI\P;S
Gr3;@)
gxpZreZ
HHtkHt8Ht
H>nlIJ
HtHHtQHt2Ht
__initenv
InitializeCriticalSection
_initterm
isalnum
isalpha
_isatty
IsDBCSLeadByte
islower
isprint
isspace
isupper
isxdigit
KERNEL32.dll
;`lc<'
LeaveCriticalSection
lstrlenA
malloc
MapViewOfFile
memmove
M_*^Mu
msvcrt.dll
NKf1D$
ntdll.dll
NTDLL.DLL
OFFLINE
__p__commode
__p__fmode
P,r#:&d
Pv	,}\Cr
q|2V3Q
QueryPerformanceCounter
ReadFile
"Rf~:b
RSDSu?pE~
RtlMultiByteToUnicodeN
RtlUnicodeToOemN
^>R&whx
__set_app_type
SetConsoleCtrlHandler
SetConsoleTextAttribute
SetCurrentDirectoryA
SetFileApisToOEM
setlocale
_setmode
SetThreadLocale
SetUnhandledExceptionFilter
__setusermatherr
_splitpath
sprintf
strchr
strcoll
strcspn
_stricmp
_strlwr
_strncoll
strncpy
_strnicoll
_strupr
\Sy!v)
TerminateProcess
!This program cannot be run in DOS mode.
tolower
+t$(vD
U&Idwuw
_ultoa
UnhandledExceptionFilter
UnmapViewOfFile
U=>Ot]
USER32.dll
Ut'"y8jOP
V0{XH	
WriteFile
wsprintfA
_XcptFilter
X-q=Llo
ys_ :N
<>\YYt
Y`_z>$ 
ZaGnWFq
z[Me]i