Analysis Date2013-10-25 08:56:57
MD5c3e39df4911ad3f8038caef62ec31d25
SHA1a0e1a6742ed7e92e4ea2d663eb777c9a39e0a00e

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
SectionUPX0 md5: 9103ce5447a31c2909dc768e4a5d3458 sha1: 46c5b97be64b9388ab2f3dc74f3cab6c63f00ea6 size: 32768
SectionUpX2 md5: 89b2a8ce1bf8a20571a79ecd3c0b1461 sha1: 33b5ce358f99411985a39109947c04dffa16376e size: 10752
Section.rsrc md5: 2f5b2ab23fe52614276dbb7d2e50c222 sha1: d132c69e1b555f60b39c46268d90f908aa452bb5 size: 6656
Timestamp2013-10-02 22:40:41
VersionInternalName: oilkiukjjhjiyuhjbnhuhiu
FileVersion: oilkiukjjhjiyuhjbnhuhiu
CompanyName: oilkiukjjhjiyuhjbnhuhiu
ProductName: oilkiukjjhjiyuhjbnhuhiu
ProductVersion: oilkiukjjhjiyuhjbnhuhiu
FileDescription: oilkiukjjhjiyuhjbnhuhiu
OriginalFilename: oilkiukjjhjiyuhjbnhuhiu
PEhash2830eb989e397f71f7c8a1a299526078956ba890
AVavgPSW.Generic12.FCP
AVaviraBDS/Androm.vmba

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates Processc:\malware.exe

Process
↳ c:\malware.exe

Network Details:


Raw Pcap

Strings
046504b0
CompanyName
FileDescription
FileVersion
InternalName
oilkiukjjhjiyuhjbnhuhiu
OriginalFilename
ProductName
ProductVersion
StringFileInfo
Translation
VarFileInfo
VS_VERSION_INFO
 _@ %[
;\$$|)
0<4obdf-
0)`^J5T
0<xl"v
1:*c[w
1lC-\o
1St	GB
%24]mU.
2]:Bxw>
!2oaV&
2tvZal
3DRlr1
3/*~G{
3M)BO3e
%/_4+:
<4^	[i
4rZ@=g
{[4u9),
4ZgLz\
52-5p4
5_/;Gl%
5J.Dr}
>5Lc{2Z^B
5NT|AdZ
6dOuCc&l
[+6N!A
6Ok}[z
%70 &Lf
7HO}d>g
7*|y?,
]7^Ysd&E
\$8+\$
%}8_+1[J
}823Y,?u
82K/j#
%8$<Hy
8$qfK(A
8WeEDHgNe$$$$$$$$$$$$
>8:)-z-
9;asz-
+9Ks;*'
9l$\w_
9NtV8i
>{9xJ7h
a0Zd_>
a[5	us
a8iHay
\.a$B>,
%]abJ*a
?<ais&||G
ak*B~0
AO`$4w
]AVVMK],aD
BFfnO_
*bKPEC
b;mksmRA
BOi^0a
bR4(&r
"B^W5>
C07zgD
caO,BT$!
c(i`'[
_CIlog10
_CIpow
C^k6(-]
CloseHandle
CoUninitialize
CreateBitmap
CreateCursor
C|=S.?
c_v/h9
C#Y&:c
d:)[5|
D*5e~p
/DAg.2(&
dC<(ese
DeleteCriticalSection
DestroyAcceleratorTable
DestroyIcon
.)D$H)
|DIe?8_
 DMI&}
DoCtZ/
D]s;bF
D$t+D$\
D$t#D$h
;\$Dux
D$ VPSj
+`*dxf
#e-*/h9
	@eNQTJ
E#P(Vw
_euQS3
ExitProcess
-$#F!$
(?F1Ij
'(+fga
FillRect
FlCx/qUSI
fs7+<v
(fs+J$
$fzfz519
fZ#>!PVE
g+4H1P
_gd>;I
GDI32.DLL
-}g\eS
GetDeviceCaps
GetDIBits
GetModuleHandleA
GetProcAddress
GetThreadPriority
GetVersionExA
`^Gf\%
gZtdp'
H2rCgARi
haD[ $
HeapAlloc
HeapCreate
HeapDestroy
HeapFree
HeapReAlloc
hE-~hh,
hLQ=z0'
%hojB,
:Hts^	
Hx:""u
\hzNr#
I]5>;&
iCf>aK
I}F@:2
ihB<(s>e
Ih:D(kk
(IkMXYu
%iKOC?
iNsh$i
 _IrAk
isr`q=-
i Te3!
-+IV^@
'&|/j"
/\J~02
JD Yd7
JE6[p)
jf4.;P
_{jf,V
jMYP1sP 
jPG\-af
Jr]?{+Z"
J&Si=&
]K3UVW
KERNEL32.DLL
k)JoM\'
KlVsrC9DS
Kn~CF3
KNq9%U
]KO9c%wa
Kw&c G
[KXYr%
k{-&yc
l76O&X
LeaveCriticalSection
LoadIconA
LoadLibraryA
l!vcSBO
L#$	w3
l\y1m:q
lYI2'1
#M|^';[
M>"~/@
m@3bT4|
m_b5r6
memcpy
memmove
memset
mj8	[l1^
mJ>Z(z[
;#mRi|
MS4//]
MSVCRT.dll
$$My\-
MyeZU?rY9
MZCa],8
"N9{.b
N9J)va
ncY%Z6e
nE2Xn>7u
n?$+(,Op&
Nw~)	f
&n&@zB
O5?>yru
o9c]QWT
(o;d4n
O:~D<xy
OLE32.DLL
oV](*Mf
o(VVvZ
p34.C_
PHW6AF
pQM. H
PRdEXtM
PU.o8?
pvz\6w/Vr
`,,q!^
^q=1FHd-qcdS
Qdcgs[iNx
Qh2N"J
QIKgoU|v
QPn![o
_%qXh.
q	ygxs
:qy'wH
.R8A5s
re/[6 
RemovePropA
RevokeDragDrop
RF~\%XK]
@rGL>(
RjARp&
*r,`^u
r~_u:K
 run in DOS mode.
%S<:&5
?S`8v9
SetPriorityClass
ShowCursor
S+iLvk
s`)L$4
Sr NNrH
strlen
SY$*SV
T5/&[3
t6j1,4g'7
+T=C6OL
Tcdv% 
t<DAvF
`.text
!This program cannot 
TlsGetValue
/;TN_p
toB4UG	
)tp){b
tq/CV^
t$t#t$l
tY/R^EK
u~4%3/
UAB9	a0>
{U=f@R
u%g&UO
UJW'D6
u	J^&Z
ul'V?,
UnregisterClassA
@upbLs
+Uq_q!
USER32.DLL
UVypB#
V0'$pG
V7SptX
V|)'Hn
VirtualAlloc
VirtualFree
VirtualProtect
v]LhH[cm
}vMo~N
v|m"|v
VSX,+gv@
VX#<	R
w6:#}}x
WeEDHgNe
WeEDHgNe25XUUQOQTXVQQTTTPPSVWWTXQOOQTVQQXROOPUTVPOWUPWPPXQWeEDHgNe
WideCharToMultiByte
W_p\je
WPp-G}
WX3=1q
w;YnOCF
X#+0B/
\$XK;\$$
xK$3{G
x Op%iY
xp|,RZ
XPTPSW
% Xpu8y
XQMk}}&
!X]z\5C
	$Y[2D
Y3uV~6
Y6xtZ&
YdLWaqX
`#yj(5
y{]jN8
Yp?nGT
Yq["<}
*"yrEu
/,YwRd7
Y#:Y)y
Z04_&w
z8H*!r 
zf^K[1*:
\z~"K\Z
Z*@LkF
z.NL1&
ZOd!_cx
Z\S\kB
-ZUc{8L
zY`Jg	`