Analysis Date2014-12-03 19:18:55
MD5ba8fd8f307d5e91577ca1b936ff392ed
SHA1b2a4786bffb0bebc80192cc460d3fe8a705259a6

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
SectionUPX0 md5: d41d8cd98f00b204e9800998ecf8427e sha1: da39a3ee5e6b4b0d3255bfef95601890afd80709 size: 0
SectionUPX1 md5: 728aefdd7db08e7f018f71bf7a623b63 sha1: c3f373bdf7dd3a20087afc594d44b40fa48e0723 size: 34816
Section.rsrc md5: eafba14e69ff7e5ca4944febd91b74fb sha1: f59e6ec32a988cf5d07b289f79694db5697c9302 size: 31744
Sectiongxxqvjh md5: d41d8cd98f00b204e9800998ecf8427e sha1: da39a3ee5e6b4b0d3255bfef95601890afd80709 size: 0
Timestamp2002-03-27 19:44:57
VersionLegalCopyright: Copyright (C) 2009-2011 Foxit Corporation
InternalName: Foxit Reader.exe
FileVersion: 5, 0, 2, 0718
CompanyName: Foxit Corporation
PrivateBuild:
LegalTrademarks:
Comments:
ProductName: Foxit Reader
SpecialBuild:
ProductVersion: 5, 0, 2, 0718
FileDescription: Foxit Reader 5.0, Best Reader for Everyday Use!
OriginalFilename: Foxit Reader.EXE
PackerUPX -> www.upx.sourceforge.net
PEhashad6805b1be30c3c8c892dc9247238766ae65a470
IMPhash47fd3b06492e5d9d8246d40899d7f8fd
AV360 SafeGen:Heur.Conjar.7
AVAd-AwareGen:Heur.Conjar.7
AVAlwil (avast)Patched-YH [Trj]
AVArcabit (arcavir)no_virus
AVAuthentiumW32/Fareit.A.gen!Eldorado
AVAvira (antivir)TR/Crypt.ULPM.Gen
AVBullGuardGen:Heur.Conjar.7
AVCA (E-Trust Ino)no_virus
AVCAT (quickheal)no_virus
AVClamAVWin.Trojan.Agent-112721
AVDr. WebTrojan.Packed.22288
AVEmsisoftGen:Heur.Conjar.7
AVEset (nod32)Win32/Kryptik.AJNB
AVFortinetW32/Yakes.B!tr
AVFrisk (f-prot)W32/Fareit.A.gen!Eldorado
AVF-SecureGen:Heur.Conjar.7
AVGrisoft (avg)Crypt2.AGVT
AVIkarusTrojan.Win32.Yakes
AVK7Trojan ( 003640b31 )
AVKasperskyTrojan.Win32.Generic
AVMalwareBytesTrojan.Downloader
AVMcafeeno_virus
AVMicrosoft Security EssentialsDDoS:Win32/Dofoil.A
AVMicroWorld (escan)Gen:Heur.Conjar.7
AVNormanGen:Heur.Conjar.7
AVRisingno_virus
AVSophosMal/Bredo-RH
AVSymantecno_virus
AVTrend Microno_virus
AVVirusBlokAda (vba32)BScope.Trojan-Ransom.Winlock.9214

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Network Details:


Raw Pcap

Strings
S
.
S
.

040904b0
5, 0, 2, 0718
Comments
CompanyName
Copyright (C) 2009-2011 Foxit Corporation 
FileDescription
FileVersion
Foxit Corporation
Foxit Reader
Foxit Reader 5.0, Best Reader for Everyday Use!
Foxit Reader.exe
Foxit Reader.EXE
InternalName
LegalCopyright
LegalTrademarks
OriginalFilename
PrivateBuild
ProductName
ProductVersion
SpecialBuild
StringFileInfo
Translation
VarFileInfo
VS_VERSION_INFO
19:yaFN
1xo3,2
$2{FL-=
2L5U<w
3'F+o^
3SywmhBc
3y4R;d
4oN3K2I
$4Q5Qz
50PW7A
5[[4.Wh
5.pk	M
6G\RT[
](;6|'w
6zXFIL
,8d!SeG
[9.*7j|#q}F
)9	swM
AA+ie; LX
ADVAPI32.DLL
a`E_%lBl
aeMF@RqrXCu
an6{TL
AnBlK$
A>OyMYxH*R-+
~A^PYRdZ:jva
B7J*nH
bVvf399
CAp7oA
cBhLB<y
CesP3d
cess6FileAttribut
.cgbn5@
 [C%nw_z
cseHand
DB'7yUX&+
D{%$Dx
[eSX*&
ExitProcess
]FA\Fm
foWSLastError
fx<oc/B
GetProcAddress
GetStartupIn
%Gf'Yk
Gt3}>bV
gvhNs)
gxxqvjh
/h2Ud_
HbDkjo
HrahyA[
H>"<Yxw
iaMGsG
IbOMP4
/Ihj@+
=k6baN3x3
KERNEL32.DLL
%K	!Ir/+C
lck9<9R
lF3f	[g
lgI/ex+
LoadImageA
LoadLibraryA
ltiBy$
Ly"&.o
M7Sii[
m'	f%i{w
MGSxoF,
M+xKx%5
=\n1!!
NetAlertRaiseEx
NETAPI32.DLL
No*&>E
NTDLL.DLL
n)-@Vx!
{O#C!G
oE5}#G
oHc1vH)
OjL2F]
Oj!>SL>m
oJXsMCb
OQ<Xhs
o(uGlz
{ows_S73
oXEe#O
PCLI:~fT\
"PHO2T
P)kX\X
p]{O^M
p"pj?D
pqonZE
)Q$fu=
Q-O<nG
QueROs
R8Ol ?3$Hg
_R"BAb
=_rC/e
RegOpenKeyW
rf`db)
RtlFreeSid
\?r^]v
s3S_1aAk
!sd/-;
SpIBp.
|SSVD=
SysAm7As
t9GWideChYToMu
TaI>GV>o
!This program cannot be run in DOS mode.
Uc'7twh
=U$csIv
 u!D*c-
un=Gick
USER32.DLL
va5Oj	
VirtualAlloc
VirtualFree
VirtualProtect
VM3uKeA
>-vqpr
vSO(eB=
(:W?1]G
WAzV#-
wdMK[u1T*
We4elA.
wEo -J
Wki?d4
(wtOXax
X6)U/E-p
xfMnG]x1
XI>hCexA
XPTPSW
XTedf2GT*
}xURgiFrEv
y9jnhsEHG+Qx
yrr|pX3
ySkkA{"
	yth6~Z
zalTime
ZG-$Z'
zk^Rmrh