Analysis Date2015-01-13 23:05:38
MD5caa653b3fc9e64b71d0122f43357d2b5
SHA1a4273b1008ba541d16d91dd4f277f9d4159bef64

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
SectionUPX0 md5: d41d8cd98f00b204e9800998ecf8427e sha1: da39a3ee5e6b4b0d3255bfef95601890afd80709 size: 0
SectionUPX1 md5: 4e4d3fc26345d1c9b51b562edc89b34c sha1: 0186cb2effab0fb46de6016c7b5cc8245ec3bb3a size: 339968
Section.rsrc md5: c6a511b90eb106b64f970657f25eba3e sha1: 0a2b2c624cccafa80da0887507e8f56e6dbfe0d4 size: 28160
Timestamp2010-01-01 19:35:33
VersionLegalCopyright: EP-Service
InternalName:
FileVersion: 2.5.4.27
CompanyName: EP-Service
LegalTrademarks:
Comments:
ProductName:
ProductVersion: 2.5
FileDescription: Windows COM+ Manager
OriginalFilename:
PackerUPX -> www.upx.sourceforge.net
PEhash8ae07914aa3639c5d057acc30e4cf54781c4262d
IMPhashb3ba8832a9e97a07020948ffbdd37caa
AV360 Safeno_virus
AVAd-AwareTrojan.Generic.IS.438848
AVAlwil (avast)Malware-gen:Win32:Malware-gen
AVArcabit (arcavir)Trojan.Generic.IS.438848
AVAuthentiumW32/Trojan.IFMQ-1680
AVAvira (antivir)TR/Scar.bbjy
AVBullGuardTrojan.Generic.IS.438848
AVCA (E-Trust Ino)Win32/SillyDl.RXX
AVCAT (quickheal)no_virus
AVClamAVWin.Trojan.Scar-6048
AVDr. WebTrojan.Siggen.50581
AVEmsisoftTrojan.Generic.IS.438848
AVEset (nod32)Win32/Delf.OYY
AVFortinetW32/Scar.BBJY!tr
AVFrisk (f-prot)W32/Trojan2.LPFX
AVF-SecureTrojan.Generic.IS.438848
AVGrisoft (avg)SHeur2.CDHH
AVIkarusTrojan.Win32.Scar
AVK7Trojan ( 001233321 )
AVKasperskyTrojan.Win32.Scar.bbjy
AVMalwareBytesTrojan.Scar
AVMcafeeno_virus
AVMicrosoft Security EssentialsTrojan:Win32/Trufip!rts
AVMicroWorld (escan)Trojan.Generic.IS.438848
AVRisingTrojan.Win32.Generic.128E8DCD
AVSophosMal/Scar-D
AVSymantecTrojan Horse
AVTrend Microno_virus
AVVirusBlokAda (vba32)Trojan.Scar

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\COM+ Manager ➝
"C:\Documents and Settings\Administrator\.COMMgr\complmgr.exe"\\x00\\x00
Creates FileC:\Documents and Settings\Administrator\.COMMgr\complmgr.exe
Creates ProcessC:\Documents and Settings\Administrator\.COMMgr\complmgr.exe

Process
↳ C:\Documents and Settings\Administrator\.COMMgr\complmgr.exe

RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass ➝
1
Creates FileC:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat
Creates FileC:\Documents and Settings\Administrator\Cookies\index.dat
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat
Creates Mutexc:!documents and settings!administrator!local settings!history!history.ie5!
Creates MutexWininetConnectionMutex
Creates Mutexc:!documents and settings!administrator!cookies!
Creates Mutexc:!documents and settings!administrator!local settings!temporary internet files!content.ie5!

Network Details:

DNSjacksonamiller76.com
Type: A

Raw Pcap

Strings
...
.=m.
jw.
M..
..
4
p
8....
.
..
..
U.
..<
.
..u
..Lm.
.
...2.\:.t...}k
..
..
..Z
.i
,
a
..v
q%...
r
.
...A.
<.M
.
...
.=m.
jw.
M..
..
4
p
8....
.
..
..
U.
..<
.
..u
..Lm.
.
...2.\:.t...}k
..
..
..Z
.i
,
a
..v
q%...
r
.
...A.
<.M
.

040904E4
2.5.4.27
BBABORT
BBALL
BBCANCEL
BBCLOSE
BBHELP
BBIGNORE
BBNO
BBOK
BBRETRY
BBYES
CDROM
CLOSEDFOLDER
Comments
CompanyName
CURRENTFOLDER
DVCLAL
EP-Service
EXECUTABLE
FileDescription
FileVersion
FLOPPY
HARD	KNOWNFILE
InternalName
LegalCopyright
LegalTrademarks
MAINICON
NETWORK
OPENFOLDER
OriginalFilename
PACKAGEINFO
ProductName
ProductVersion
StringFileInfo
TFRMMAIN
Translation
UNKNOWNFILE	CHARTABLE
VarFileInfo
VS_VERSION_INFO
Windows COM+ Manager
         ^
     /
________
-# [`/
!&<%+@
""""""""""
******@
%&'()*
++++++++++.
	$$$$$$##$$$	
																					
0()(2)
0222227U
0B,E?6
0BINDFW
0C0w0Bx
0Do\2!!P
0f;\2 
0fmBC"B$
,]0hk}
0@(HLP
0i0TJ^
0I[$x"
0JDL,P
0N. -C
0@Q<r2$Y@
0v!emiA
$>0VV ;s
 ^0W@P<
0wStaJ
0!<xJ)
'&&&),-1+
11111111111114
1\{5Mo\b
1bWka{
1;, in.M
1.J(SB
1O$cZC
1_x:-G
1~\Xwvl
'''''''2
2"~{0l
=}+'@?'21
@2Ah2W
2 C,,(
2C("Ds808
2$KXQa#Q
2N|.T}*
31.2..
	33dVC
}3,- c
@3>d3?
3_funcsJF
.3(+I/'
3$-	*-&*$Q
3rh>'9
3Viewer9Bf
%,3:;y
3?Yt]#
* !+,4
40'''',(
!$4488
44:K}Kc
47Rf +
4AN[oD-
4""C['BY{
4>D'GNNIN
$,4<DLy
4. ]I;
4KxzZj
4l70OGj3
.4n(W4
4N.X"6m."
4>o,uA/
4^RL: p
#$4Sk/
4T-S&pF
>4UrQ2
	4.}x#
5333333333333333333333333333
5|4Fr8
56789ABCDEF$
(5BO\iy
5D$	SB"P!
5+'dxaX
5S<G`AA0
*6!1w	f|}UlW{
64:Mmr 
6Dc1'>fC
6FFFFFF
6JXT] v
\^6'l%
6;<t|F
*6tgHc?
6tJx:P
	^6\Y(
}70=a#
71MQS'9
743V-*
74l$|0
77777d777777777777777777777x
77Nid'
 7>9+`
}7a(FW
-7AKU_<
#-7AKU<
7a_u.n
7cf87224dL
7 e74o
[7H~O3
7Jz=vu
7!*VRv@
80_AI	
80ItNa
& 80kig
8.0P4;yF>
=@>83r
898U8X
8c2Bk-
@8e<4i&T
8FAoF-G
8,fk<dl
/[8h=]
8H[qg<PPA@
:8]_/I
8(<,L}
8,nC4&
8PF[#9
8{/Q}{
8	u?pvD
:[8X86
995-2005 
;9~aa'''''8
9BsrLgw
</9CMW
%'9KXKp
9LbEp<
9\T##7V"
9;wtt4
9 'yhz
_,9YSv^
'a<;~0
A0gzd\9
A=0K|7
a+$3OS"%
@a4'/J
A4:RZg
-A7H?8
A7T]O@6
=A7XAB
=,A8FFFFFF
AAAAAAu
AAAAACy
Aa/D3f
/a_a:Z
Ab<m$]
abR9''cdeT
<$ad"J
ADqm#`5
advapi32.dll
aHSHed\
+aH@u>
A&;]i.k
 {,ajg
AKt6V)
AKU_xS'
AlphaBlend
AnsiCharG
Ao.S-@W(
(((((aR
AR`3N0
aSCr]J
at 0v!
At*but
#;A@ti
AULT_CHARSET
AV- 'e
AwG Mc
A. @< X
=aZ*p@x
B1c\su
B3FFF'
b4w	[D
b7`	%L
b((((((((b
BBBBBBq
BBBBBv
B,)E$y@
:b?F@D2HU&
BgKxH<m
\B> )h
b(h<0I
B;hp_IW
bjrz^u
|}B!K}~
:_@BKS
B^*L#PS
(##bm%
B$:MbHS
bnList$
Boolean
Boross&%
BP8(of
<bpdc7
BpS^~{Zu
BRegistry
bS\9~LHW
bSV"Wr
BThumb
ByE`[u.
bZi	i7
~%%%%%c
;"~'C,
<C2$Ct
^(c3\Q
c4'7Rf7
C4C4_"
C@CDe+F
:C|;Cw
#)/CGW
c',Hi2
CHOSTUI
}$ciXh
CJKe0:
C$K +3[*
C\@LXK
@^+Cm*M0
Cmp4FromSt*
",CMWa
CoInternetCreateZoneManager
comctl32.dll
!CRV8>
c:'s?Z>
/CSZqT
CUnhBaK
CX@h'I"
Cx=,rG
C'%xS'C3
[+C'@y
C`Ykm$
cZC_jPf
d::::::::::::::::::::
"""""D
^d8@@k.
;{D&9RjI
;^dBbl
d<<<<<<<<<<<<<<<<<<<<d
@DDH<&9DD
`"de=:1
d@;FA"
D*F>U:T[`
(d`GE'
	:DGk"
dho,,2
DIF`IF
dK>9vE
D ((KM
{D#M /
dN@/M#
D)	OTV
dpMVIs
@dQ9zSy
d+,SnI
D &[t?
DtBkAM
Du%^=#
D([u6;_8I
/dVR!q
dwEffR3h
DWQ)H)
dXOXX~(
e]043.4
E2e4K@
E2FFFFF
E??A	@
EAbort
EakBX!
E@dJH"
eFormat
EHeap<
eH*\L\
*eHV.Aq
eiQl;g!C
 EMFtW
e\olfr`
EOutOfN4
;EOYcm4
epN66 {&
eP*}:q
E&)rb5
E sZ$~
EVH@?x
ewh/?y
	Excep;hwiJ
EXCEPINFO N
ExitProcess
ezc]KU0ova
`EZirc
e \ZYYP
f[#/!+
-----------F
F07O]K
F0e$i~
F4	3B6
F4(aSj4jH
F].5MA
'#/f86`"
!fB.iD
Fd7QR0
.FDiag
Fd t=8
;FFFFF9
:FFFFFF	
?FFFFFF
%FFFFFF
FFFFFFF
FFFFFFF5C4FFFFFFFFFF-@"
FFFFFFFFFF
%!!F%	g
"FGTreG
	F$+)H
?FHCC4D
FHHHHb
FIEHTTP
*FixupV
FjF1jP
}'fl*B
f(@m I
$*Fn7N
FocusDefaultPHotLigh
FontP[
Foot4aE
F\=O{-q
/fP0u'
Fpo_`!
fQ"0f5
;FRange
,_@fSYO
Ft?Htb
F,T;s$|
??????f??????v
FW3	x*QaV
F x7Gh
%,}Fy7g
fY<E3-
FY|'<o
FZ:PiRJ
*...*G
g0f8!h
G1T&v[
|G2daR
G4;6taA
$_G4,H
,g-5`SZ
.GB2:1
GB^~*HX[
gccccccc
,G$CNHta
&GC@T!<t
gdi32.dll
GetProcAddress
$G	F``BD
Gf_nOr
g'G>Eh
gGroup
GHIJKLMNOa
GHZqWTX.	J
 Gi%_pwKlKk
gjRTlXV
gk4NHh 
GKJmD0=5bw1
Gl[s;D,fD
GMMgZb
gM<`Ws
gNn'-N
gO(`1@&
gO,*?DC
go;w8"_,
?GOW_g
!G=Rg(
>GSSU .
g"[T(0
!;G$t@v<
-G<U+>
GUL6s8h
Gv/_U7
gXduG4/\
}Gzdsc
$G#zze
((,,<h
H*0"DW
H3hzlG{
h`3M52
H!`$4(
`h5|/(V00
<h82I#/9
hA`KDK
,)h$bai!/
<&}%hc
/`HcHSe
h;CrVF
H+dH*T
hG1t	h
 >%(HG1\z
HG,M>b
HHHHHy
]H.H~Z
h&i:404
hl3s}U
/>hO?U|
HOx7RK
H?pTH:
,-HpZH
^H=Qq6yr
hR$6W+
hr9zu&
HRESULT
.h&$Tu
hxb0XW
H`` Y)
.H!y tFO.H
^i-([@
\\\\\i
I1sAdapH
?I4%b"
\I4!Gp@
(>(I?5
i5 kvD
I6X.^@
i7u'o(l
i801P*
I9rface
/I-9 wp
ic bit o
IcPRZ#
^	IDispatch
idNI`!
#IGit7(
IiGM>nw
IIIIIKx
$ij8Vlw
I"+,k!
^IK+xx
ImageList_Add
ING0h76
Integer
InternetOpenW
Inverf
inv<IR
i>(OD`|
Io[	J/
IP/Au-
iTLPTX5
	ITypeInfo
%Iu>GmH
IvB&y,
ive>NoAcc
[iVsSD$
IWB6i0j
iwbwmj;
	+Ix/ 
(i.zt	
J1uOej\n^
!J6@/SA
)j75x:
j<7}Ih]
.^'J7V
!j"	_B )],
JD9x"u
J?.DD@
jea~)J
JEncoding
|JHGo~s
jHmo?h+
>j`JLF
J_j@XL&P
J]/l 8
|_jLzA
JP8-%X^
JP[w0[G
|Jr1"Y
jtAa5I
Jt'Jt5
jvK0d3
,"JW^+
J<WA8C
JYhw}t
k0h>'H}
	k,8G 
-KC^I?
KERNEL32.DLL
keysK8ByB>
k]@	_I
K@ 'ik
~KK&Bi'
>+KO]'
Kp8./"
=k?-Rf;h 
k^`_wd
K!"X<fK&
KXG@rP
@.KXKJ
}"KXO`
(((((+l
l$101P1
'L3'L3
L;7#;+
:*l9[)Z
lASfK~4
Layou`
l!;b	F
LCID'Tb!
&"LcR3
@L_dOov
*" LEb
l@eP^`G
!>Lg1I#
LHD@9999<8409999,($ 9999
LHPsQ<
)Liq1W
lkg!HS
?lLlxk
[-&LMb#{'
LoadLibraryA
L\OD.LQ
lPB4Slp
LPp=l|M
LRpu).
lrRB]aJH
"l$sai
LsG2xQC2ONxQ\u
/l=TxP
Lu\~CbC
 L#;x&`^
@LX@^2 p
l#Y"6P
lYIHH@MC#^O
L]/Z`K
LzW>$p@
@@@@@m
M\},;=$
M8/7L)|
m8d7|7'#
	Manag
MarqueeSpd
!<Mc^I"><
mCp$)I
Md,.#[
MD384|
MD/ggD
_ method
MFT^4>
mh	Zv;
~MK#W~f
m'L'L'Ms
MNbof"7
Monike*
_	!M/r
m-r- a
msimg32.dll
=m;T..
}mU)|_
MuE;@ 1
MU]emuy
mUIuT0RE
MulDivIdivod
MV$@o#
mWBFsW
?M"yU4
MzKSwat
#Mzpp\
:N__"&"
\N,(@(
n0a!s`H7
N3+NOt`r10
(N6Ga`t%;MP
n!!8S_;
'NAbL$
@nB%Sr
nc'*,;0
ncz_oVRk
nCzrzc
Nfar ba
~NgH 0
/N GNd
nHGxe)
<N\jc'kC
'!%[Nl
NLLLNL
?N'M/i5
$NNNn? 
`\NNNNXTPLNNNNHD@<NNNN840,NNNN($ 
nPiG?$
@nr_p	"<
Nt4V|\X
ntaS 2
#nULxa
NZI'tZ
:	$&-[-o
?#,o ~~\
o0C>B_
o$-),4
O5a[MU5Um
?O8# "
o9tTh .
O*9y] 
OC)FkJ0<a
oCK	7@
o"DISPPARA
OHvn@;
OjQBtX
ole32.dll
oleaut32.dll
OleDraw
OL/G?:_G
OLX{LW
omboBox
OnClick,
%ONreR
o(>OH@
	o=oPP1
[oP.C{SCw/
%o#pGwt
oQ-Q!/
O R{)y
o/SJb.Kh
otAddSub//
*`%`oW
^@oW8l
oWDhAh@!
O(yGiPc
oyNxeH_
"(p::?
!P 0pC
P1*7LL0x
.p35dJ5
p4G57Vu
P4JFa|d
p8I:4'/
p8sGtUV!
}p8w>J
%p>9uh
PA5ifL
'-=Pad
#Pa$H{
PathNameW'b
{p#-ba
pBpC	P
>	pbsN;g
PC7H%%p
PDc`D|
=peh;T
_Persist
PF'vac
pGh\Zf
phi.J.
PH; LA
<PI`Bp
PIHlbj
)PILoad
\piM6g6Xr7)
PitN[e
P.JGLF
|_Pj@~v
p+N4*k`P
,P[O`G
PopupMu
	P	`p	
|PP:	G
Primary
PSE0_Su
P;sxu/
!psz|p
P*t'kH
P<UF87Z
 &p v2
p_VPP7
pw9E| 
pXl6GN
PY9]~)
p.!z)J
pZJ2BJ
\<	:PzK
q0*{<J
q 4HU.
 \$q9H,
Q'a-ys
	qdhtp
(-Q%^.G{
QGq-_O
qh7~#`Z
.QhhbR{
q#Jb:.
q>\JX%+
|qn|.i
Q/$Nw!t
q+++++++O
(qou(x
Q& :"Q
Q[Q&B"Qv
QqOx}U
qR&IAV
^qs(	@
-Q+[_s
qsH^0+
q:;SJr
\q(t@-
qt0Ela
"QVOnly
;q@v}X
qy(`h0
r00000000000J
r0000000s0002
R2bwNp
.R3U)LD!X3
R9r|tsm]
rb{F7sH%CQG
rc|ism
R[-]`Dk
RebuildS
RegFlushKey
RegStr*H
Remove
RequiA.
R <hYfk
R#k0 WD
(<R`N/
/"rofessXR S
?\$|r%p
rP(hR;g
r$P>q+:
rreekAW
r--------rP
rvgf8 Ps
Rw ey@
Rwg`iX.#
Ry	lhS2*
 rZV\S
* (()@-s
S/00ITz
s11111111;Nxt2D
s,1P V
,$S24 
S#381J)$*
S390&9
Safecal
s(AMQ$o
SaveDC
{SeX+x
S	F"lR
%SgRt, `
/Sh4mG
shdY;D<
shell32.dll
SHGetPathFromIDListW
|;sHKH
skR'CfZ@wj
;Sl8]/5
Sm  {e$
SOptL2%</j
SPmIOp:
sqUl;o
SR8'@a
.,;S(s
ssViolaN$
Ss$.&vj
STO<yH
sU?o4K4
;SuWI>
sV(cL^
sVk0H^?
S''!x/Co
SX@F$h
SysUtils
T`!.@;
&<$T	2An
t2Ht[e4o
t/2@rM
T4J{@g
T5>O;!p8
t6at,,`,}
TAdxncP
tagMFI_QI
taLeftJ0ify
TAlign=
:TApBa
tb1"xt
tb-Ht"
TBi|ndl
Tb.|I*x]
@t\;By
T*Ch6He
TColX;+
TCrigS
TCuF@?V;
t.!E!CH
t'e+U2
?tE)!XU
TFcu'P
&tfLN@
tHash?
THelpOE
This program must be run under Win32
T Hr;t
ti  (c) 200
timeEndPeriod
$tKDWT
TM@-}7
t|M%G;
TMLTxt
TModul
tNlDsHHD
~tocolS~kw
TOr_V2*0e
TOwnND
TPAL<K[5d
tp gb*
TQAgPuk
-[tqqq	
<@t!QS<$
+tr$ttxtn
TThreadLo
T\Tri&
t$+tvJ
tuHL6H
twa@DevelopmeV
t:X	.3
t@y({?
T|)$YUc
>":(u2N0
u7@~|w3
U$`adL
.uAOs9$
ubsTbe
u@Fah:
UG$;+~
u"hW{Fl
uIZ@NY
>uK'[H>
umUCx@@K]
unexpVe
Unknown
$uO!x1
Uppetuf$
URLMON.DLL
user32.dll
UUHZ=(
.uvCOu
uwQWrw
>>>>>>>>>>>>>>>u>>>>>>x
U%XHB"
uXhTZ]
u!zMe.
UZou%s
`,'v2Y3
V-8E\r
v9DN(@u
v/a6pl
VariantCopy
(v,+aX
v	 BbY
VerQueryValueW
version.dll
Vf2f	|
	Vg*N]
VHg1%z
VhW"[!
V&^i3t7
v idOD
>V{+iK
VirtualAlloc
VirtualFree
VirtualProtect
v;IuIB@
vJwKzU
vnBusyWai
vQhDk{#
VQX4Pg
VSSSSSWs
VuR}io
@@}v@V*
v+WH+x
V@*W$M
%vY-)=+
w11FRO
]W2d E
@w2TtEv
w6o7o[
Wd"`YX
WEnIz5
wF+C_EbA
\)`Wft
":wGPJ
w|HOAn
Windows
wininet.dll
winmm.dll
) wi<#O
 $WK^@|
wmApizUx=
wmbxxg
WN!&L(
'w~$Prx
Wr2yp[Y
[Wro8(
wT[kPAD
WUKlKL
WV^"u%
[w{Y@#t
+W/Zb`
~]x[[)
-	X^%!|
| x">0
x 1@pD
X`	1Rp
X3^H4$
%x8I<S
X8(,'O
!&X-:avT
 !"#$%xc
+xC_.TJPEGZ6
x'd5G7
)>XdPV
xEX[CL
X'GJ|<9
	XgO#^\
Xi=A==\
X!I}Z[/
,X*#KC
#.X!KT
X>Longo
XlusPWr
x|MkDW
>XMLDOM	B
x @o3_
X{)Ow[FX
xOZucI
xpe5.61
XPTPSW
XR	SVB
)>Xr}Z
Xs7JFwe
xt0^%0
~~Xth0u
|xtNNNNplhdNNNN`\XTNNNNPLHDNNNN@<84NNNN0,($NNNN 
|x''''tplh
X''''TPLH''''D@<8''''40,(''''$ 
;xUH)J
xwt2f#
xyk00X
X Y.MXzCQJ{DjPS
XYZabcdefghijklmnopqrstuvwxyz
|xZNNNtpl
%%%%%%%%%%y
y1892+
Y'e>B]
yEOYcm
YF"<{w
yGQ[eo
?#\Yhw
Yi7,vb<
yj%KQ'
'ykKa5S
{<:y&q?	
ysRFz^
YSU<HtH
yT\dlt
YT"	GXir
Y[.Ut_
/Y,v	.
Y!%,Vd 
YXYYXXYV
@;,$}z
**********z
Z3	b~-8
z<&3F"
Z%7L<Iw
ze~fak
)\ZEo^m/
:Z*h"vY4(F,D
ZKL$wAQ
Zm<Xhf,J
`[Zo?b
zpAkCa
z*PkJ~
$?z#r1
+Z`u86
Zy`d|8m(
ZZ+=?_