Analysis Date | 2014-11-05 18:03:06 |
---|---|
MD5 | 3cb3b7d1ac54fdd1df396fe3cf148ef5 |
SHA1 | ace2228a0240d0725c9222e49e7ca179a8c4aaba |
Static Details:
File type | PE32 executable for MS Windows (GUI) Intel 80386 32-bit | |
---|---|---|
Section | .text md5: 55171473146715541aad20477ecdd5df sha1: e77a70718d6c1179762b097b1219fb4c13523eb4 size: 140800 | |
Section | .rsrc md5: da137ecd1851e1f3468f33c892af924b sha1: 467bbe586d35a715771aa65ba856d6458ef693cb size: 17920 | |
Timestamp | 2008-07-29 22:55:23 | |
Version | LegalCopyright: Copyright (C) 2003-2008 InternalName: Freegate FileVersion: 0, 0, 0, 0 CompanyName: PrivateBuild: LegalTrademarks: Comments: ProductName: Freegate Application SpecialBuild: ProductVersion: 0, 0, 0, 0 FileDescription: Freegate Application OriginalFilename: freegate.EXE | |
Packer | PeCompact 2.xx (Slim Loader) -> BitSum Technologies | |
PEhash | 707ffc5ff3d4bf09190c5573ff9d51b359937f31 | |
IMPhash | 09d0478591d4f788cb3e5ea416c25237 | |
AV | 360 Safe | Backdoor.Generic.931129 |
AV | Ad-Aware | Backdoor.Generic.931129 |
AV | Alwil (avast) | Malware-gen:Win32:Malware-gen |
AV | Arcabit (arcavir) | no_virus |
AV | Authentium | W32/Backdoor.OMLW-6433 |
AV | Avira (antivir) | BDS/Rogue.159744 |
AV | BullGuard | Backdoor.Generic.931129 |
AV | CA (E-Trust Ino) | no_virus |
AV | CAT (quickheal) | Backdoor.Clack.r2 |
AV | ClamAV | no_virus |
AV | Dr. Web | Trojan.Proxy.3764 |
AV | Emsisoft | Backdoor.Generic.931129 |
AV | Eset (nod32) | no_virus |
AV | Fortinet | W32/Clack.K!tr.bdr |
AV | Frisk (f-prot) | no_virus |
AV | F-Secure | Backdoor.Generic.931129 |
AV | Grisoft (avg) | BackDoor.Generic18.AZEN |
AV | Ikarus | Backdoor.Win32.Clack |
AV | K7 | Backdoor ( 04c4c5c21 ) |
AV | Kaspersky | Backdoor.Win32.Clack.k |
AV | MalwareBytes | Trojan.Agent |
AV | Mcafee | no_virus |
AV | Microsoft Security Essentials | no_virus |
AV | MicroWorld (escan) | no_virus |
AV | Norman | Backdoor.Generic.931129 |
AV | Rising | no_virus |
AV | Sophos | no_virus |
AV | Symantec | no_virus |
AV | Trend Micro | no_virus |
AV | VirusBlokAda (vba32) | Trojan.Proxy |
Runtime Details:
Screenshot | ![]() |
---|
Process
↳ C:\malware.exe
Registry | HKEY_CURRENT_CONFIG\Software\Microsoft\windows\CurrentVersion\Internet Settings\ProxyEnable ➝ NULL |
---|---|
Registry | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Dgdebdtf ➝ 5120 |
Creates File | C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat |
Creates File | C:\Documents and Settings\Administrator\Cookies\index.dat |
Creates File | PhysicalDrive0 |
Creates File | PIPE\lsarpc |
Creates File | \Device\Afd\Endpoint |
Creates File | \Device\Afd\AsyncConnectHlp |
Creates File | C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat |
Creates Mutex | c:!documents and settings!administrator!local settings!history!history.ie5! |
Creates Mutex | WininetConnectionMutex |
Creates Mutex | c:!documents and settings!administrator!cookies! |
Creates Mutex | c:!documents and settings!administrator!local settings!temporary internet files!content.ie5! |
Network Details:
DNS | w65.ziyoulonglive.com Type: A |
---|---|
DNS | w61.ziyoulonglive.com Type: A |
DNS | w62.ziyoulonglive.com Type: A |
DNS | w63.ziyoulonglive.com Type: A |
DNS | w64.ziyoulonglive.com Type: A |
DNS | 03a0fc3fc28118959b762690e9fcdff6a35005df.90d62343cf803f82481b32fcbcfab642a86d5105.4.ziyouforever.com Type: MX |
DNS | 1f42cb6fc61f907c5e7683f29334aaf5bfb2328f.9448abaa0a809ae032d347ff3182eb6a1d1f4711.4.ziyouforever.com Type: MX |
DNS | 3e986c8854079ee8f2623ba1c933c39e9e689568.0650a53ea69422b368d42e94e041d41b5ad3871e.4.ziyouforever.com Type: MX |
DNS | afba0fce023246f73ab6415ec3a3f6a40f4af62e.50657d216e40584c62441baece15051e6b6f1d68.4.ziyouforever.com Type: MX |
DNS | 0fdf1acfb2ac0c4be6303bae999e003faf2fe32f.e0fb379db2c622bc3879ed3544deae57f2478517.4.ziyouforever.com Type: MX |
DNS | 3b7272927f93b60efed482e9f94ed03a9b828b72.2dc48dd8aa229bfb58a93d3020dd4e7a4b5b7013.4.ziyouforever.com Type: MX |
DNS | 82b1150d029c194ebc018b0714ba59602241eced.50cb2298e8f79215b55db46a98dc802716fee277.4.ziyouforever.com Type: MX |
DNS | 67c446fd1e389166decbf61d14fb5ea0c734bf1d.4c6faab08a3def0fb51cb3aa82233c45512b124f.4.ziyouforever.com Type: MX |
Flows UDP | 192.168.1.1:1031 ➝ 38.99.76.229:53 |
Flows UDP | 192.168.1.1:1032 ➝ 38.35.193.158:53 |
Flows UDP | 192.168.1.1:1032 ➝ 38.65.238.191:53 |
Flows UDP | 192.168.1.1:1032 ➝ 38.121.7.4:53 |
Flows UDP | 192.168.1.1:1031 ➝ 88.85.74.8:53 |
Flows UDP | 192.168.1.1:1032 ➝ 38.52.86.4:53 |
Flows UDP | 192.168.1.1:1032 ➝ 38.90.52.20:53 |
Flows UDP | 192.168.1.1:1031 ➝ 211.115.66.121:53 |
Flows UDP | 192.168.1.1:1032 ➝ 38.8.89.139:53 |
Flows UDP | 192.168.1.1:1032 ➝ 38.229.52.56:53 |
Flows UDP | 192.168.1.1:1031 ➝ 192.88.195.10:53 |
Flows UDP | 192.168.1.1:1032 ➝ 38.124.246.93:53 |
Flows UDP | 192.168.1.1:1032 ➝ 38.169.113.191:53 |
Flows UDP | 192.168.1.1:1031 ➝ 202.27.17.253:53 |
Flows UDP | 192.168.1.1:1032 ➝ 38.255.164.59:53 |
Flows UDP | 192.168.1.1:1032 ➝ 38.154.10.26:53 |
Flows UDP | 192.168.1.1:1031 ➝ 63.90.67.11:53 |
Flows UDP | 192.168.1.1:1032 ➝ 38.187.73.55:53 |
Flows UDP | 192.168.1.1:1032 ➝ 38.31.161.238:53 |
Flows UDP | 192.168.1.1:1031 ➝ 209.191.16.131:53 |
Flows UDP | 192.168.1.1:1032 ➝ 38.108.170.121:53 |
Flows UDP | 192.168.1.1:1032 ➝ 38.155.32.47:53 |
Flows UDP | 192.168.1.1:1031 ➝ 143.166.82.252:53 |
Flows UDP | 192.168.1.1:1032 ➝ 38.133.71.220:53 |
Flows UDP | 192.168.1.1:1032 ➝ 38.188.56.178:53 |
Flows UDP | 192.168.1.1:1031 ➝ 38.99.76.229:53 |
Flows UDP | 192.168.1.1:1032 ➝ 38.210.125.75:53 |
Flows UDP | 192.168.1.1:1032 ➝ 38.211.181.4:53 |
Flows UDP | 192.168.1.1:1032 ➝ 38.104.12.145:53 |
Flows UDP | 192.168.1.1:1032 ➝ 38.227.90.71:53 |
Flows UDP | 192.168.1.1:1032 ➝ 38.189.151.150:53 |
Flows UDP | 192.168.1.1:1032 ➝ 38.148.218.131:53 |
Flows UDP | 192.168.1.1:1032 ➝ 38.33.166.85:53 |
Flows UDP | 192.168.1.1:1032 ➝ 38.41.255.155:53 |
Flows UDP | 192.168.1.1:1032 ➝ 38.181.225.55:53 |
Flows UDP | 192.168.1.1:1032 ➝ 38.64.8.106:53 |
Flows UDP | 192.168.1.1:1032 ➝ 38.244.140.201:53 |
Flows UDP | 192.168.1.1:1032 ➝ 38.138.151.88:53 |
Flows UDP | 192.168.1.1:1032 ➝ 38.27.124.220:53 |
Flows UDP | 192.168.1.1:1032 ➝ 38.48.17.114:53 |
Flows UDP | 192.168.1.1:1032 ➝ 38.45.90.86:53 |
Flows UDP | 192.168.1.1:1032 ➝ 38.60.92.227:53 |
Flows UDP | 192.168.1.1:1032 ➝ 38.190.71.167:53 |
Flows UDP | 192.168.1.1:1032 ➝ 38.204.197.183:53 |
Flows UDP | 192.168.1.1:1032 ➝ 38.205.131.63:53 |
Flows UDP | 192.168.1.1:1032 ➝ 38.151.54.94:53 |
Flows UDP | 192.168.1.1:1032 ➝ 38.129.129.247:53 |
Flows UDP | 192.168.1.1:1032 ➝ 38.25.142.242:53 |
Flows UDP | 192.168.1.1:1032 ➝ 38.14.38.100:53 |
Flows UDP | 192.168.1.1:1032 ➝ 38.2.148.17:53 |
Flows UDP | 192.168.1.1:1032 ➝ 38.78.223.129:53 |
Flows UDP | 192.168.1.1:1032 ➝ 38.209.105.242:53 |
Flows UDP | 192.168.1.1:1032 ➝ 38.179.244.70:53 |
Flows UDP | 192.168.1.1:1033 ➝ 38.99.76.229:53 |
Flows UDP | 192.168.1.1:1033 ➝ 88.85.74.8:53 |
Flows UDP | 192.168.1.1:1033 ➝ 211.115.66.121:53 |
Flows UDP | 192.168.1.1:1033 ➝ 192.88.195.10:53 |
Flows UDP | 192.168.1.1:1033 ➝ 202.27.17.253:53 |
Flows UDP | 192.168.1.1:1033 ➝ 63.90.67.11:53 |
Flows UDP | 192.168.1.1:1033 ➝ 209.191.16.131:53 |
Flows UDP | 192.168.1.1:1033 ➝ 143.166.82.252:53 |
Flows TCP | 192.168.1.1:1034 ➝ 175.181.101.252:443 |
Flows TCP | 192.168.1.1:1035 ➝ 175.181.114.173:443 |
Flows TCP | 192.168.1.1:1036 ➝ 1.161.151.225:443 |
Flows TCP | 192.168.1.1:1037 ➝ 118.169.168.243:443 |
Flows TCP | 192.168.1.1:1038 ➝ 122.121.11.111:443 |
Flows TCP | 192.168.1.1:1039 ➝ 114.43.197.79:443 |
Flows TCP | 192.168.1.1:1040 ➝ 114.27.38.18:443 |
Flows TCP | 192.168.1.1:1041 ➝ 36.224.10.251:443 |
Flows TCP | 192.168.1.1:1042 ➝ 64.235.32.206:53 |
Flows TCP | 192.168.1.1:1043 ➝ 129.66.95.3:53 |
Flows TCP | 192.168.1.1:1044 ➝ 141.151.0.68:53 |
Flows TCP | 192.168.1.1:1045 ➝ 211.10.204.5:53 |
Flows TCP | 192.168.1.1:1046 ➝ 64.80.255.251:53 |
Flows TCP | 192.168.1.1:1047 ➝ 128.30.52.200:53 |
Flows TCP | 192.168.1.1:1048 ➝ 208.101.39.236:53 |
Raw Pcap
0x00000000 (00000) 1603 .. 0x00000000 (00000) 1603 .. 0x00000000 (00000) 1603 .. 0x00000000 (00000) 1603 .. 0x00000000 (00000) 1603 .. 0x00000000 (00000) 1603 .. 0x00000000 (00000) 1603 .. 0x00000000 (00000) 1603 .. 0x00000000 (00000) 02 . 0x00000000 (00000) 02 . 0x00000000 (00000) 02 . 0x00000000 (00000) 02 . 0x00000000 (00000) 02 . 0x00000000 (00000) 02 . 0x00000000 (00000) 02 .
Strings
. . .. . `#7 8c7 .e \. .. ... .. .. . 0, 0, 0, 0 040904b0 Comments CompanyName Copyright (C) 2003-2008 FileDescription FileVersion Freegate Freegate Application freegate.EXE InternalName LegalCopyright LegalTrademarks OriginalFilename PrivateBuild ProductName ProductVersion SpecialBuild StringFileInfo Translation VarFileInfo VS_VERSION_INFO )@@*(,( &~@"-| 0BOY($ 0D27R6: 0{o`1? 0.P)br ~188881~ \1b;)r ' ;2?\~G@ci 2Jq.i+ 2\<(-MUUVVVV .{2QR28= 360v@b ]3G=/Fl:F 3hoy?) 3RE2m|ZplL 3VMtFPr 44JCcEA 4@6fBL 47!V3B6G }4DBC4 _4utgW. 5G;l ) 5}hHF 5$h>L_H 5p#bp2 ]5v|Q.BiH _6aEyg `6d f1d 6Fse`c 6o0,o8 6QA|R 6u`RI@ 7!2r6X {747Nj @7a0z\ '7NW{~ [7Y|Q<tv +7ZoSg 83<g9+Q '87F=O ~8880000/01 8ed2V& 8%h T" .8KyLd 8NOp-wzf 8o%;VlG 8sz{e|"Uf'E 8v];al 8Z3LjBV }[9dNW 9n!1/FPh" {}A~0pE. aBJuTy 'ADq&D |A@f_4 A%luu :.+<aPT "aRetxQb As&Ma0 ?$->aY B9#PbC b#~ay1 ?b`I?c ]biM*\ <bkVPU ;!`bn* |BOQ~Q B r)%2!B + bw*- !,&#C CcWtA? CiCc>:v cj|EIHv c(jewK1 cKYX#@ cn_DTqF) *CS][) cT}FAE cuzaBw}# .cXQ 4 %czo+) d`**8[ # {DBS D~Dl<d D I,djMW D]+Ptn e}1 EU*5E E 2tM1U# >E>6Eq \e82eF Ea*NV&V ]e|'!aQ !e_Bl |~EeJX ef2e2e e$[i/E el2e2e eL3e3eh3 &Ep`VF[r E#pzDcex{h 'eR*`* eTU X]%Z eUXCUX$ x eV:del e:y4dF F3E*9Nc +Fbt]#F _fD >5 ]%fedg $F(->FH !f~He>\ \f{~^kf FoS'@u fpjJ{[ `fRHot Fr=Nuxb /fvE"Eq |F(wS} g0h,?Uf g5}=>3 G''+9T GbU8`V-$ G<c&G*W G\eI0 GetProcAddress g.?I]A :G`__j &Gj2:1H $<GJs! GTMG<6 Gx;a4Q H0d]A$0 h$0h1L ha'RPA hdWTZis h IMuZ hLr!-| H.LWT$ %HPJ6( h/-Wd= HWUy_D H/zf} i9MWtu I'E]K+v IKPu/u iKu2eds IlLMjN I [o7& i@@@,-P "Ip57$ i@;ZYd J0#@/1 *J0~h+ j3{R\[ j5NZFh j7U*N[ J:aRg, \JBg"! `j dbD J~##*i @JIBMe :jmNrQU j%QT1>x jsFuAtR: [jX['uV JytPrE k0FQg] K4PE52 k5tg(u8 KC<03* K-DC@" kE4gBB kernel32.dll kJP-O(z k!Le>7 kp^y1H `l5vdk lCZH b+B lgb^-} L/^M/j>:nz LoadLibraryA LQ@7jecn lrt2vr LYFod M 5%bN MB=?;) mdGeC 2#B#1#3# m]E!e U>0 ,%M)Gpl MLKDc: mQ>[Z>[ MyYtDr N34;2# $_N43g :n5}>. N9-Ae` .N:b5Y nOJ-,M ~:Ns%` **NSiUn Nw Pq_ NY0.@" Nya)hE N@/YEC NYu{;r `O?#i3 o:i!n: osoSCm'{~= = P5L_ \p8V:J PaU8,[L PEC2=O PEiAcy (PHP0: P\/%J4 +<+@pjO P,n% " ~$Poa P-@U@VAVX py,]lh _QBv@1 qcZe{E QE#e`RbI qEj'R} QF+`HuV+ QI*Q|# qmLLo#hD QNRUvi -Q)Q>2 qUUfE* QX]kfmgzC QzREtAt[ ,=r|,1jI r8mo{!$PN rJ6J*B ry8vfx S&5SQ4 S+A5u& [>SB.a SD&-2Q s^EQVp S'|'jOp'N >S&JXP8 s^.j~Z.E S;-+P5** S+q4hX S:t|V_ s/w))x sZ%\dJXI T">/'^ T1% py t,a2/L tBk_Q~ T,e&.4 tgerJM TGFlY1 !This program cannot be run in DOS mode. tjkxYW % t|OK }+TqCP T^Ra^( TSazQJ ty0X~Y1 (u`1`1 +# U5v u9iHFq >u',AJ uBQQT9 ucg=Q[ UevEiA" ([u%f5 [uj@W( )uLB)l9> ULPE(] umxxmu UON~W, UQ7BGF *us`ID} USQWVR UVVVWX uxBIw] V4C*PYU vHls;@#& VirtualAlloc VirtualFree vjBI\B (VLVE~h Vti{ U V^u;kt VW2VC/ ;}`V~z @w3b/% w`BBxK Wd4qB0 wMo-i$ !wqA(lH90 WR``+K} X^]E]yM #X}ge8 X.GTL: X \JD% X&j'q}f^@8n\ E XlRGh_ <XoHPq xpT60B XU|`T@8 Y0V*)= ;Y{FS~ yGeV8v_k 'yi:0k YN,JE*q Y oQvA yq*&%9i yvN kO g YYu|9E Z -@fR Z&j#S _= zKT]j. (zND{y Z RTPQDP Zsj~J- ztkj@#;( $zUT+i Z^_Y[]