Analysis Date2013-08-31 05:56:04
MD55673ec821295ae79bbd23eb162204b03
SHA1904edfa9bb04f3211ca51f2b32ebb6ee91adb5d1

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: b0dd3cdd8f58b44c361a8ebdde039f28 sha1: 03b4a6231f758e4b78114a362b44d43e1c731138 size: 286326784
Section.rdata md5: 1664a906080244b688be142f827fcc8c sha1: 8759e11ae4b645bf2043e55e22185b24445d5ed4 size: 1024
Section.data md5: 97a778e02a913c3daa1bd9c91a924fae sha1: 4e7e5b0eb28c5451a522b69d2d0c095144c1a030 size: 512
Section.rsrc md5: 6dd0d2043ca44a05d6cce4ba3994de3c sha1: 24ca89d5dcb99670a9a4b2a2d28f26a66f642e6b size: 37376
Timestamp2008-11-26 00:11:04
VersionProductVersion: 1.00
InternalName: Project1
FileVersion: 1.00
OriginalFilename: Project1.exe
ProductName: Project1
PEhash4602d30f8dc13a8430b399d1380a655ed49063ac
AVavgSmall.BSO
AVclamavWin.Trojan.Bifrose-2790

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates Process\\xc3\\xab:\malware.exe

Process
↳ \\xc3\\xab:\malware.exe

Creates ProcessC:\WINDOWS\system32\drwtsn32 -p 1292 -e 76 -g

Process
↳ C:\WINDOWS\system32\drwtsn32 -p 1292 -e 76 -g

Network Details:


Raw Pcap

Strings