Analysis Date2015-06-09 21:20:30
MD50c8af0fb8f391429dc119a454e916829
SHA1939326eb23327437b655c534f073d61d78144d1d

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
SectionUPX0 md5: d41d8cd98f00b204e9800998ecf8427e sha1: da39a3ee5e6b4b0d3255bfef95601890afd80709 size: 0
SectionUPX1 md5: 177508ddd9e2c44a9fc9707eb4b88c7a sha1: ac5e36705381d1b53aee4b55fe89f77797eaa9b9 size: 14336
Section.rsrc md5: 5464ba2608e892c0bfc88b46b58cc3ce sha1: 03861201c467fbeb61a7c84a7175e2279eadbcdb size: 16384
Timestamp2012-07-17 13:07:35
VersionInternalName: 2
FileVersion: 1.01.0003
CompanyName: MagicIso
Comments: stabsorce
ProductName: stabsorce
ProductVersion: 1.01.0003
FileDescription: HWID
OriginalFilename: 2.exe
PackerUPX -> www.upx.sourceforge.net
PEhasha9cc80ca5b55d11bbb6820360149b06b3b569be2
IMPhash6dce49c3d25455b8d4e9d7887aa74d54
AVAuthentiumno_virus
AVVirusBlokAda (vba32)TScope.Trojan.VB
AVDr. WebTrojan.Tenagour.9
AVClamAVno_virus
AVCA (E-Trust Ino)no_virus
AVCAT (quickheal)Trojan.Mokes.azw
AVEmsisoftTrojan.Generic.7678752
AVBitDefenderTrojan.Generic.7678752
AVIkarusTrojan.Win32.Jorik
AVZillya!Trojan.Jorik.Win32.112458
AVAlwil (avast)Malware-gen:Win32:Malware-gen
AVEset (nod32)Win32/TrojanDownloader.Zurgop.AS
AVFortinetW32/Mokes.AZW!tr
AVK7Trojan ( 003cca981 )
AVGrisoft (avg)SHeur4.AJVA
AVMicroWorld (escan)Trojan.Generic.7678752
AVTwisterTrojan.26D6AF0CCE19927E
AVF-SecureTrojan.Generic.7678752
AVTrend Microno_virus
AVSymantecTrojan.Gen
AVPadvishTrojan.Win32.Jorik.Mokes
AVArcabit (arcavir)Trojan.Generic.7678752
AVMicrosoft Security EssentialsDDoS:Win32/Dofoil.A
AVKasperskyBackdoor.Win32.Mokes.aac
AVFrisk (f-prot)no_virus
AVMcafeeVBObfus.ek
AVBullGuardTrojan.Generic.7678752
AVAvira (antivir)TR/Dropper.VB.Gen
AVMalwareBytesTrojan.Agent
AVAd-AwareTrojan.Generic.7678752
AVRisingno_virus

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates ProcessC:\malware.exe

Process
↳ C:\malware.exe

Creates FilePIPE\lsarpc
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\b025_appcompat.txt
Creates ProcessC:\WINDOWS\system32\dwwin.exe -x -s 196

Process
↳ C:\WINDOWS\system32\dwwin.exe -x -s 196

Network Details:


Raw Pcap

Strings