| Analysis Date | 2014-11-05 18:03:06 |
|---|---|
| MD5 | 3cb3b7d1ac54fdd1df396fe3cf148ef5 |
| SHA1 | ace2228a0240d0725c9222e49e7ca179a8c4aaba |
Static Details:
| File type | PE32 executable for MS Windows (GUI) Intel 80386 32-bit | |
|---|---|---|
| Section | .text md5: 55171473146715541aad20477ecdd5df sha1: e77a70718d6c1179762b097b1219fb4c13523eb4 size: 140800 | |
| Section | .rsrc md5: da137ecd1851e1f3468f33c892af924b sha1: 467bbe586d35a715771aa65ba856d6458ef693cb size: 17920 | |
| Timestamp | 2008-07-29 22:55:23 | |
| Version | LegalCopyright: Copyright (C) 2003-2008 InternalName: Freegate FileVersion: 0, 0, 0, 0 CompanyName: PrivateBuild: LegalTrademarks: Comments: ProductName: Freegate Application SpecialBuild: ProductVersion: 0, 0, 0, 0 FileDescription: Freegate Application OriginalFilename: freegate.EXE | |
| Packer | PeCompact 2.xx (Slim Loader) -> BitSum Technologies | |
| PEhash | 707ffc5ff3d4bf09190c5573ff9d51b359937f31 | |
| IMPhash | 09d0478591d4f788cb3e5ea416c25237 | |
| AV | 360 Safe | Backdoor.Generic.931129 |
| AV | Ad-Aware | Backdoor.Generic.931129 |
| AV | Alwil (avast) | Malware-gen:Win32:Malware-gen |
| AV | Arcabit (arcavir) | no_virus |
| AV | Authentium | W32/Backdoor.OMLW-6433 |
| AV | Avira (antivir) | BDS/Rogue.159744 |
| AV | BullGuard | Backdoor.Generic.931129 |
| AV | CA (E-Trust Ino) | no_virus |
| AV | CAT (quickheal) | Backdoor.Clack.r2 |
| AV | ClamAV | no_virus |
| AV | Dr. Web | Trojan.Proxy.3764 |
| AV | Emsisoft | Backdoor.Generic.931129 |
| AV | Eset (nod32) | no_virus |
| AV | Fortinet | W32/Clack.K!tr.bdr |
| AV | Frisk (f-prot) | no_virus |
| AV | F-Secure | Backdoor.Generic.931129 |
| AV | Grisoft (avg) | BackDoor.Generic18.AZEN |
| AV | Ikarus | Backdoor.Win32.Clack |
| AV | K7 | Backdoor ( 04c4c5c21 ) |
| AV | Kaspersky | Backdoor.Win32.Clack.k |
| AV | MalwareBytes | Trojan.Agent |
| AV | Mcafee | no_virus |
| AV | Microsoft Security Essentials | no_virus |
| AV | MicroWorld (escan) | no_virus |
| AV | Norman | Backdoor.Generic.931129 |
| AV | Rising | no_virus |
| AV | Sophos | no_virus |
| AV | Symantec | no_virus |
| AV | Trend Micro | no_virus |
| AV | VirusBlokAda (vba32) | Trojan.Proxy |
Runtime Details:
| Screenshot |  |
|---|
Process
↳ C:\malware.exe
| Registry | HKEY_CURRENT_CONFIG\Software\Microsoft\windows\CurrentVersion\Internet Settings\ProxyEnable ➝ NULL |
|---|---|
| Registry | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Dgdebdtf ➝ 5120 |
| Creates File | C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat |
| Creates File | C:\Documents and Settings\Administrator\Cookies\index.dat |
| Creates File | PhysicalDrive0 |
| Creates File | PIPE\lsarpc |
| Creates File | \Device\Afd\Endpoint |
| Creates File | \Device\Afd\AsyncConnectHlp |
| Creates File | C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat |
| Creates Mutex | c:!documents and settings!administrator!local settings!history!history.ie5! |
| Creates Mutex | WininetConnectionMutex |
| Creates Mutex | c:!documents and settings!administrator!cookies! |
| Creates Mutex | c:!documents and settings!administrator!local settings!temporary internet files!content.ie5! |
Network Details:
| DNS | w65.ziyoulonglive.com Type: A |
|---|---|
| DNS | w61.ziyoulonglive.com Type: A |
| DNS | w62.ziyoulonglive.com Type: A |
| DNS | w63.ziyoulonglive.com Type: A |
| DNS | w64.ziyoulonglive.com Type: A |
| DNS | 03a0fc3fc28118959b762690e9fcdff6a35005df.90d62343cf803f82481b32fcbcfab642a86d5105.4.ziyouforever.com Type: MX |
| DNS | 1f42cb6fc61f907c5e7683f29334aaf5bfb2328f.9448abaa0a809ae032d347ff3182eb6a1d1f4711.4.ziyouforever.com Type: MX |
| DNS | 3e986c8854079ee8f2623ba1c933c39e9e689568.0650a53ea69422b368d42e94e041d41b5ad3871e.4.ziyouforever.com Type: MX |
| DNS | afba0fce023246f73ab6415ec3a3f6a40f4af62e.50657d216e40584c62441baece15051e6b6f1d68.4.ziyouforever.com Type: MX |
| DNS | 0fdf1acfb2ac0c4be6303bae999e003faf2fe32f.e0fb379db2c622bc3879ed3544deae57f2478517.4.ziyouforever.com Type: MX |
| DNS | 3b7272927f93b60efed482e9f94ed03a9b828b72.2dc48dd8aa229bfb58a93d3020dd4e7a4b5b7013.4.ziyouforever.com Type: MX |
| DNS | 82b1150d029c194ebc018b0714ba59602241eced.50cb2298e8f79215b55db46a98dc802716fee277.4.ziyouforever.com Type: MX |
| DNS | 67c446fd1e389166decbf61d14fb5ea0c734bf1d.4c6faab08a3def0fb51cb3aa82233c45512b124f.4.ziyouforever.com Type: MX |
| Flows UDP | 192.168.1.1:1031 ➝ 38.99.76.229:53 |
| Flows UDP | 192.168.1.1:1032 ➝ 38.35.193.158:53 |
| Flows UDP | 192.168.1.1:1032 ➝ 38.65.238.191:53 |
| Flows UDP | 192.168.1.1:1032 ➝ 38.121.7.4:53 |
| Flows UDP | 192.168.1.1:1031 ➝ 88.85.74.8:53 |
| Flows UDP | 192.168.1.1:1032 ➝ 38.52.86.4:53 |
| Flows UDP | 192.168.1.1:1032 ➝ 38.90.52.20:53 |
| Flows UDP | 192.168.1.1:1031 ➝ 211.115.66.121:53 |
| Flows UDP | 192.168.1.1:1032 ➝ 38.8.89.139:53 |
| Flows UDP | 192.168.1.1:1032 ➝ 38.229.52.56:53 |
| Flows UDP | 192.168.1.1:1031 ➝ 192.88.195.10:53 |
| Flows UDP | 192.168.1.1:1032 ➝ 38.124.246.93:53 |
| Flows UDP | 192.168.1.1:1032 ➝ 38.169.113.191:53 |
| Flows UDP | 192.168.1.1:1031 ➝ 202.27.17.253:53 |
| Flows UDP | 192.168.1.1:1032 ➝ 38.255.164.59:53 |
| Flows UDP | 192.168.1.1:1032 ➝ 38.154.10.26:53 |
| Flows UDP | 192.168.1.1:1031 ➝ 63.90.67.11:53 |
| Flows UDP | 192.168.1.1:1032 ➝ 38.187.73.55:53 |
| Flows UDP | 192.168.1.1:1032 ➝ 38.31.161.238:53 |
| Flows UDP | 192.168.1.1:1031 ➝ 209.191.16.131:53 |
| Flows UDP | 192.168.1.1:1032 ➝ 38.108.170.121:53 |
| Flows UDP | 192.168.1.1:1032 ➝ 38.155.32.47:53 |
| Flows UDP | 192.168.1.1:1031 ➝ 143.166.82.252:53 |
| Flows UDP | 192.168.1.1:1032 ➝ 38.133.71.220:53 |
| Flows UDP | 192.168.1.1:1032 ➝ 38.188.56.178:53 |
| Flows UDP | 192.168.1.1:1031 ➝ 38.99.76.229:53 |
| Flows UDP | 192.168.1.1:1032 ➝ 38.210.125.75:53 |
| Flows UDP | 192.168.1.1:1032 ➝ 38.211.181.4:53 |
| Flows UDP | 192.168.1.1:1032 ➝ 38.104.12.145:53 |
| Flows UDP | 192.168.1.1:1032 ➝ 38.227.90.71:53 |
| Flows UDP | 192.168.1.1:1032 ➝ 38.189.151.150:53 |
| Flows UDP | 192.168.1.1:1032 ➝ 38.148.218.131:53 |
| Flows UDP | 192.168.1.1:1032 ➝ 38.33.166.85:53 |
| Flows UDP | 192.168.1.1:1032 ➝ 38.41.255.155:53 |
| Flows UDP | 192.168.1.1:1032 ➝ 38.181.225.55:53 |
| Flows UDP | 192.168.1.1:1032 ➝ 38.64.8.106:53 |
| Flows UDP | 192.168.1.1:1032 ➝ 38.244.140.201:53 |
| Flows UDP | 192.168.1.1:1032 ➝ 38.138.151.88:53 |
| Flows UDP | 192.168.1.1:1032 ➝ 38.27.124.220:53 |
| Flows UDP | 192.168.1.1:1032 ➝ 38.48.17.114:53 |
| Flows UDP | 192.168.1.1:1032 ➝ 38.45.90.86:53 |
| Flows UDP | 192.168.1.1:1032 ➝ 38.60.92.227:53 |
| Flows UDP | 192.168.1.1:1032 ➝ 38.190.71.167:53 |
| Flows UDP | 192.168.1.1:1032 ➝ 38.204.197.183:53 |
| Flows UDP | 192.168.1.1:1032 ➝ 38.205.131.63:53 |
| Flows UDP | 192.168.1.1:1032 ➝ 38.151.54.94:53 |
| Flows UDP | 192.168.1.1:1032 ➝ 38.129.129.247:53 |
| Flows UDP | 192.168.1.1:1032 ➝ 38.25.142.242:53 |
| Flows UDP | 192.168.1.1:1032 ➝ 38.14.38.100:53 |
| Flows UDP | 192.168.1.1:1032 ➝ 38.2.148.17:53 |
| Flows UDP | 192.168.1.1:1032 ➝ 38.78.223.129:53 |
| Flows UDP | 192.168.1.1:1032 ➝ 38.209.105.242:53 |
| Flows UDP | 192.168.1.1:1032 ➝ 38.179.244.70:53 |
| Flows UDP | 192.168.1.1:1033 ➝ 38.99.76.229:53 |
| Flows UDP | 192.168.1.1:1033 ➝ 88.85.74.8:53 |
| Flows UDP | 192.168.1.1:1033 ➝ 211.115.66.121:53 |
| Flows UDP | 192.168.1.1:1033 ➝ 192.88.195.10:53 |
| Flows UDP | 192.168.1.1:1033 ➝ 202.27.17.253:53 |
| Flows UDP | 192.168.1.1:1033 ➝ 63.90.67.11:53 |
| Flows UDP | 192.168.1.1:1033 ➝ 209.191.16.131:53 |
| Flows UDP | 192.168.1.1:1033 ➝ 143.166.82.252:53 |
| Flows TCP | 192.168.1.1:1034 ➝ 175.181.101.252:443 |
| Flows TCP | 192.168.1.1:1035 ➝ 175.181.114.173:443 |
| Flows TCP | 192.168.1.1:1036 ➝ 1.161.151.225:443 |
| Flows TCP | 192.168.1.1:1037 ➝ 118.169.168.243:443 |
| Flows TCP | 192.168.1.1:1038 ➝ 122.121.11.111:443 |
| Flows TCP | 192.168.1.1:1039 ➝ 114.43.197.79:443 |
| Flows TCP | 192.168.1.1:1040 ➝ 114.27.38.18:443 |
| Flows TCP | 192.168.1.1:1041 ➝ 36.224.10.251:443 |
| Flows TCP | 192.168.1.1:1042 ➝ 64.235.32.206:53 |
| Flows TCP | 192.168.1.1:1043 ➝ 129.66.95.3:53 |
| Flows TCP | 192.168.1.1:1044 ➝ 141.151.0.68:53 |
| Flows TCP | 192.168.1.1:1045 ➝ 211.10.204.5:53 |
| Flows TCP | 192.168.1.1:1046 ➝ 64.80.255.251:53 |
| Flows TCP | 192.168.1.1:1047 ➝ 128.30.52.200:53 |
| Flows TCP | 192.168.1.1:1048 ➝ 208.101.39.236:53 |
Raw Pcap
0x00000000 (00000) 1603 .. 0x00000000 (00000) 1603 .. 0x00000000 (00000) 1603 .. 0x00000000 (00000) 1603 .. 0x00000000 (00000) 1603 .. 0x00000000 (00000) 1603 .. 0x00000000 (00000) 1603 .. 0x00000000 (00000) 1603 .. 0x00000000 (00000) 02 . 0x00000000 (00000) 02 . 0x00000000 (00000) 02 . 0x00000000 (00000) 02 . 0x00000000 (00000) 02 . 0x00000000 (00000) 02 . 0x00000000 (00000) 02 .
Strings
.
.
..
.
`#7
8c7
.e
\.
..
...
..
..
.
0, 0, 0, 0
040904b0
Comments
CompanyName
Copyright (C) 2003-2008
FileDescription
FileVersion
Freegate
Freegate Application
freegate.EXE
InternalName
LegalCopyright
LegalTrademarks
OriginalFilename
PrivateBuild
ProductName
ProductVersion
SpecialBuild
StringFileInfo
Translation
VarFileInfo
VS_VERSION_INFO
)@@*(,(
&~@"-|
0BOY($
0D27R6:
0{o`1?
0.P)br
~188881~
\1b;)r
' ;2?\~G@ci
2Jq.i+
2\<(-MUUVVVV
.{2QR28=
360v@b
]3G=/Fl:F
3hoy?)
3RE2m|ZplL
3VMtFPr
44JCcEA
4@6fBL
47!V3B6G
}4DBC4
_4utgW.
5G;l )
5}hHF
5$h>L_H
5p#bp2
]5v|Q.BiH
_6aEyg
`6d f1d
6Fse`c
6o0,o8
6QA|R
6u`RI@
7!2r6X
{747Nj
@7a0z\
'7NW{~
[7Y|Q<tv
+7ZoSg
83<g9+Q
'87F=O
~8880000/01
8ed2V&
8%h T"
.8KyLd
8NOp-wzf
8o%;VlG
8sz{e|"Uf'E
8v];al
8Z3LjBV
}[9dNW
9n!1/FPh"
{}A~0pE.
aBJuTy
'ADq&D
|A@f_4
A%luu
:.+<aPT
"aRetxQb
As&Ma0
?$->aY
B9#PbC
b#~ay1
?b`I?c
]biM*\
<bkVPU
;!`bn*
|BOQ~Q
B r)%2!B
+ bw*-
!,&#C
CcWtA?
CiCc>:v
cj|EIHv
c(jewK1
cKYX#@
cn_DTqF)
*CS][)
cT}FAE
cuzaBw}#
.cXQ 4
%czo+)
d`**8[
# {DBS
D~Dl<d
D I,djMW
D]+Ptn
e}1 EU*5E
E 2tM1U#
>E>6Eq
\e82eF
Ea*NV&V
]e|'!aQ
!e_Bl
|~EeJX
ef2e2e
e$[i/E
el2e2e
eL3e3eh3
&Ep`VF[r
E#pzDcex{h
'eR*`*
eTU X]%Z
eUXCUX$ x
eV:del
e:y4dF
F3E*9Nc
+Fbt]#F
_fD >5
]%fedg
$F(->FH
!f~He>\
\f{~^kf
FoS'@u
fpjJ{[
`fRHot
Fr=Nuxb
/fvE"Eq
|F(wS}
g0h,?Uf
g5}=>3
G''+9T
GbU8`V-$
G<c&G*W
G\eI0
GetProcAddress
g.?I]A
:G`__j
&Gj2:1H
$<GJs!
GTMG<6
Gx;a4Q
H0d]A$0
h$0h1L
ha'RPA
hdWTZis
h IMuZ
hLr!-|
H.LWT$
%HPJ6(
h/-Wd=
HWUy_D
H/zf}
i9MWtu
I'E]K+v
IKPu/u
iKu2eds
IlLMjN
I [o7&
i@@@,-P
"Ip57$
i@;ZYd
J0#@/1
*J0~h+
j3{R\[
j5NZFh
j7U*N[
J:aRg,
\JBg"!
`j dbD
J~##*i
@JIBMe
:jmNrQU
j%QT1>x
jsFuAtR:
[jX['uV
JytPrE
k0FQg]
K4PE52
k5tg(u8
KC<03*
K-DC@"
kE4gBB
kernel32.dll
kJP-O(z
k!Le>7
kp^y1H
`l5vdk
lCZH b+B
lgb^-}
L/^M/j>:nz
LoadLibraryA
LQ@7jecn
lrt2vr
LYFod
M 5%bN
MB=?;)
mdGeC 2#B#1#3#
m]E!e U>0
,%M)Gpl
MLKDc:
mQ>[Z>[
MyYtDr
N34;2#
$_N43g
:n5}>.
N9-Ae`
.N:b5Y
nOJ-,M
~:Ns%`
**NSiUn
Nw Pq_
NY0.@"
Nya)hE
N@/YEC
NYu{;r
`O?#i3
o:i!n:
osoSCm'{~=
= P5L_
\p8V:J
PaU8,[L
PEC2=O
PEiAcy
(PHP0:
P\/%J4
+<+@pjO
P,n% "
~$Poa
P-@U@VAVX
py,]lh
_QBv@1
qcZe{E
QE#e`RbI
qEj'R}
QF+`HuV+
QI*Q|#
qmLLo#hD
QNRUvi
-Q)Q>2
qUUfE*
QX]kfmgzC
QzREtAt[
,=r|,1jI
r8mo{!$PN
rJ6J*B
ry8vfx
S&5SQ4
S+A5u&
[>SB.a
SD&-2Q
s^EQVp
S'|'jOp'N
>S&JXP8
s^.j~Z.E
S;-+P5**
S+q4hX
S:t|V_
s/w))x
sZ%\dJXI
T">/'^
T1% py
t,a2/L
tBk_Q~
T,e&.4
tgerJM
TGFlY1
!This program cannot be run in DOS mode.
tjkxYW
% t|OK
}+TqCP
T^Ra^(
TSazQJ
ty0X~Y1
(u`1`1
+# U5v
u9iHFq
>u',AJ
uBQQT9
ucg=Q[
UevEiA"
([u%f5
[uj@W(
)uLB)l9>
ULPE(]
umxxmu
UON~W,
UQ7BGF
*us`ID}
USQWVR
UVVVWX
uxBIw]
V4C*PYU
vHls;@#&
VirtualAlloc
VirtualFree
vjBI\B
(VLVE~h
Vti{ U
V^u;kt
VW2VC/
;}`V~z
@w3b/%
w`BBxK
Wd4qB0
wMo-i$
!wqA(lH90
WR``+K}
X^]E]yM
#X}ge8
X.GTL:
X \JD%
X&j'q}f^@8n\ E
XlRGh_
<XoHPq
xpT60B
XU|`T@8
Y0V*)=
;Y{FS~
yGeV8v_k
'yi:0k
YN,JE*q
Y oQvA
yq*&%9i
yvN kO g
YYu|9E
Z -@fR
Z&j#S _=
zKT]j.
(zND{y
Z RTPQDP
Zsj~J-
ztkj@#;(
$zUT+i
Z^_Y[]