Analysis Date2014-09-30 23:05:04
MD5bbf86d2a90f6d778f6d1ab7f77a98848
SHA190d06060f4d922aecb04626f5ae0c7bfef283e98

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 57480c5997ad08166b033fd8fc2496ee sha1: 8f98f0850867c4a5f666192c979d3c1b1f83338b size: 30208
Section.rdata md5: 05ae3de17af63220c4f86cae61d131e7 sha1: e6b3f857a3053e429c65b897833875d882648012 size: 7169
Section.data md5: 31850932f84a4683e153164bca6524e6 sha1: 3e94beb029ab2f87321f1d8f61026067d69138dc size: 3584
Section.rsrc md5: e8abe5bcfc7d5fc1b6365dadac90b779 sha1: 242b07a6672f0bd5d8f838d845d679553d718240 size: 66560
Timestamp2014-09-21 18:48:26
PackerMicrosoft Visual C++ ?.?
PEhash39f9084878e3e1f8ab64d97c193c680a2d0938da
IMPhash3a8fbfb6e0bd608f922f3a896bde4f70

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates MutexDBWinMutex

Network Details:


Raw Pcap

Strings
000004b0
1.7.4739.38088
Alex Schepeljanski
 AS 2010
Assembly Version
AS SSD Benchmark
AS SSD Benchmark.exe
Comments
CompanyName
Copyright 
FileDescription
FileVersion
                                 H
         (((((                  H
         h((((                  H
_INFO
InternalName
KERNEL32.DLL
LegalCopyright
LegalTrademarks
M3ZX3
mscoree.dll
NALSA4
OriginalFilename
ProductName
ProductVersion
SSD  Benchmark
StringFileInfo
Translation
VarFileInfo
VS_VERSIO
                          
,$.~,<
::::((%! 
:::(&! 
}||('>
}}})(>
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
0A@@Ju
0a|qe,
/`0q<p
0SSSSS
0WWWWW
_1sYs?XQ
1V7520-,
2/c	SX
2d qn;
38F	^J`
3t}0r$
{4qOJi(5P
4y&qj1
7U@@7520,;9$
AAFFf;
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
An application has made an attempt to load the C runtime library incorrectly.
</assembly>PAPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADBp
atf'd4
- Attempt to initialize the CRT more than once.
- Attempt to use MSIL code from this assembly during native code initialization
August
aZoNIx
BB@??7755YW;$
CorExitProcess
- CRT not initialized
c$#\_@^x
@.data
dddd, MMMM dd, yyyy
December
DecodePointer
DeleteCriticalSection
DKG72J
DOMAIN error
*DY5Un?
	e=hiE9
EncodePointer
EnterCriticalSection
ExitProcess
F;e%.[
February
FFFED&%
ff`ff`
FFFFD&%
- floating point support not loaded
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
FppplmljjfffTTNONKKKJHHHHGH
FpppmmljjfffTPPNNNKKJHHHGGG
FppppmmljjffTTTNNNJKJHHHHHH
FreeEnvironmentStringsW
Friday
&FX2r!g
:G@@>=<;*)'$$
GetACP
GetActiveWindow
GetCommandLineW
GetCPInfo
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetEnvironmentStringsW
GetFileType
GetLastActivePopup
GetLastError
GetLocaleInfoA
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleW
GetOEMCP
GetProcAddress
GetProcessWindowStation
GetStartupInfoA
GetStartupInfoW
GetStdHandle
GetStringTypeA
GetStringTypeW
GetSystemTimeAsFileTime
GetTickCount
GetUserObjectInformationA
/gX"moF
HeapAlloc
HeapCreate
HeapFree
HeapReAlloc
HeapSize
HH:mm:ss
HiiwXL
@hjMm1
hP~vUl
hRichM
i7Mv	?t
InitializeCriticalSectionAndSpinCount
InterlockedDecrement
InterlockedIncrement
IsDebuggerPresent
IsValidCodePage
JanFebMarAprMayJunJulAugSepOctNovDec
January
JHnok^Y
j@j ^V
Jxp~/*
:k1@$+
KERNEL32.dll
KiBq|*
-+KvSl
LCMapStringA
LCMapStringW
LeaveCriticalSection
LoadLibraryA
Mb`Fs[
MessageBoxA
Microsoft Visual C++ Runtime Library
MM/dd/yy
Monday
mU$9 AH
MultiByteToWideChar
- not enough space for arguments
- not enough space for environment
- not enough space for locale information
- not enough space for lowio initialization
- not enough space for _onexit/atexit table
- not enough space for stdio initialization
- not enough space for thread data
November
Obf&\k
October
OJF%]D
oxY	%k
/P,+[;
PA<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
#[P!iF
Please contact the application's support team for more information.
PPPPPPPP
Program: 
<program name unknown>
PSSj SSSS
PTqsBC
- pure virtual function call
PVVWVVV
QIBGog
QQNMLLF
QQSVWh
QueryPerformanceCounter
r1t35cP2
`.rdata
        <requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
      </requestedPrivileges>
      <requestedPrivileges>
|$Rj9r 
RQQNLLF
RQQNML
RRQBA532F
RtlUnwind
runtime error 
Runtime Error!
%ryK" 
s5	{#(
Saturday
,SBL	%
    </security>
    <security>
September
SetHandleCount
SetLastError
SetUnhandledExceptionFilter
shell32
shlwapi
SING error
Sunday
SunMonTueWedThuFriSat
TerminateProcess
This application has requested the Runtime to terminate it in an unusual way.
This indicates a bug in your application.
This indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain.
!This program cannot be run in DOS mode.
Thursday
TLOSS error
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
  </trustInfo>
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
t"SS9]
ttqbb[[YX
Tuesday
;t$,v-
t+WWVPV
^T:Xh.
uBh4G@
- unable to initialize heap
- unable to open console device
- unexpected heap error
- unexpected multithread lock error
UnhandledExceptionFilter
UQPXY]Y[
URPQQh
user32
USER32.DLL
>^Ux/<Y
V>>>>7>
VC20XC00U
VirtualAlloc
VirtualFree
VirtualQuery
v	N+D$
vWyP@M
w!?7520,
Wednesday
w/H,@I
WideCharToMultiByte
WriteFile
~~~~ww
x9@>>555
XSxb*Q(
~	<Xxw
Y7[g!'L
>=Yt1j
z-{F:U
zVp0w#