Analysis Date2014-08-01 21:45:41
MD560f612a63bdf6e240a2637380b3b4dbc
SHA1b2e695b3e9d01f8db7c468468bae838b53f22f73

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: dbaeed4401d404bffe85ef6baaa29ed1 sha1: e5ce1d4dc0ff8d951b18a1e084fc124633163335 size: 48128
Section.rdata md5: 45bc2935901f3ddc833b2a959cbbde6c sha1: 619fa3c138188075dccd94172234ee90fba6710d size: 6656
Section.data md5: 2b797f104eb3355d9d9c02a936595449 sha1: 2ace83cd30116d4676009bd356e7c2082bca40a0 size: 310272
Section.rsrc md5: 531e377c6c7d0709ab52abbd2751a0da sha1: e4006a23cef1a47ba9c4611c5f6910506bef424c size: 15360
Timestamp2013-01-17 13:54:59
PackerMicrosoft Visual C++ 5.0
PEhashf4a05c9272cd9f470cde8876688b375e0aff3b14
IMPhash4f58cd3e911e56a07dfce49b2183dbc5
AV360 SafeGen:Variant.Zusy.33253
AVAd-AwareGen:Variant.Zusy.33253
AVAlwil (avast)Malware-gen:Win32:Malware-gen
AVArcabit (arcavir)Backdoor.Shiz.icsn
AVAuthentiumno_virus
AVAvira (antivir)TR/Zusy.33253
AVCA (E-Trust Ino)Win32/Simda.DNaCBWB
AVCAT (quickheal)no_virus
AVClamAVno_virus
AVDr. WebTrojan.Inject1.17277
AVEmsisoftGen:Variant.Zusy.33253
AVEset (nod32)Win32/Spy.Shiz.NCF
AVFortinetW32/Kryptik.UUD!tr
AVFrisk (f-prot)no_virus
AVF-SecureGen:Variant.Zusy.33253
AVGrisoft (avg)Win32/Cryptor
AVIkarusBackdoor.Win32.Shiz
AVK7Trojan ( 0040f0751 )
AVKasperskyTrojan.Win32.Generic
AVMalwareBytesno_virus
AVMcafeeno_virus
AVMicrosoft Security EssentialsBackdoor:Win32/Simda
AVMicroWorld (escan)Gen:Variant.Zusy.33253
AVNormanwinpe/Kuluoz.EP
AVRisingno_virus
AVSophosno_virus
AVSymantecTrojan.Gen
AVTrend MicroTROJ_SPNR.35CD13
AVVirusBlokAda (vba32)Backdoor.Shiz

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

RegistryHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\malware.exe ➝
C:\malware.exe:*:Enabled:Windows Explorer\\x00
Creates FilePIPE\lsarpc
Creates MutexMicrosoftSysenterGate8

Network Details:


Raw Pcap

Strings
.
C::::% BbmHpAadYySMI-- SF
.....]
.
...\.s.
g
.
..c..
...
l......-....
.O.9.x...._
N.
...
,.
.J..N
N.(

         (((((                  H
jjjj
0\BH8\BH
0G'gbi
0()LMw
0O-0IR5	
*0_)Q%s
 14di]
1AABBf
28W\H2Yc
2EG4E!
2@f52#
2g?54H
=]2=r;:
2uf$h5
^2VI6~F
35Dz>T
&36hm &
3789KB'=
3iZPhm`C
+3nMYh
3O[ZXsx
3~QAGw
3z1141
.4bus<#
4cgmS.C
4e.zNG
4F4*])eK
4hqM@P
(%4mly
^4SXDu
4Y.zNS`
5,)|<(
5;4zNS
5Qm	N~
/)5(R!D,
5{W!P;
5\?$\y
65'HN5
;-@6JFB
6LSz"s
6nB2xW
*6n:/Jq
6qh$6z
6uf<Tb
6X@-FU
6ZFq. 
75y:()
'78EkX
_7F{<2T
+7&KDf
7m_Lw72
[7]Rmy
8a]4}/:
8b[\*K
8.+cSx
8k_OlH
8s 9_XQW
${,8wR
8XJ'c+
8>Xy']
9B_7@T
=9!/bh
9;dr:[,&+'>
>9/+fy
^9i'"$
9OF.QF
9QgJC2
9Q*:j5N
9Q"w[N
9/uyVA?
9[v>F9U
9XkWPO 
9zNi/P
a8rj6$
AaVcgE
abnormal program termination
a~*dlN
agQ#s4o3
america
american
american english
american-english
Argentina
a</&Ug
August
Australia
australian
Austria
A#,VP$
AwzF"L
ay4g*T#
"B%5>eS
b8n5jXk
Basque
BC4C(X
belgian
Belgium
Bg<dst
Bi#)G]
>BJv,>=
^Bl@6m[
bOT_X}_K
BP;Pg,M
%Bp[U8
BQ|`L6
britain
BTXrgCES
<bU];3F	~
BU/I!C
-c5mB(
c	6=WVYo
-&c9nf
Canada
canadian
|cAq98=
c\B>q8
chinese
chinese-hongkong
chinese-simplified
chinese-singapore
chinese-traditional
Cki|Mr<
'ClhX,
CLM)e1
\cl^v>9
 C^`}o
Colombia
CompareStringA
CompareStringW
Costa Rica
CreateEventA
CreateEventW
CreateMutexA
CreateSemaphoreA
CT3NEn
>Cu28V
_.c&wQV
'CWTiC
(cx~oc
)D'`/"6
@.data
DataModeCheckForDataEnd
#:dD/::
dddd, MMMM dd, yyyy
December
DeleteCriticalSection
DeleteFileW
DestroyWindow
/}dgWR
/DI7QU
Dk932A6ZS~
Dk{w_{
;dM^a}<
DOMAIN error
Dominican Republic
dutch-belgian
\)>dU[/)<x
D|V/|F
dz!i:J[;
e$3$Y|z
E.}4&s
e6fsJYy2C
eay5XK
Ecuador
Eel1Ml
`EK0k	
EluMg@z
EnableWindow
EndPaint
england
English
english-american
english-aus
english-belize
english-can
english-caribbean
english-ire
english-jamaica
english-nz
english-south africa
english-trinidad y tobago
english-uk
english-us
english-usa
EnterCriticalSection
EnumSystemLocalesA
eo*kW|
!E$#Q-
E/tHR1
E%!#V}
eVKr\p
ew ;:g
eWz]~*}*
ExitProcess
F(5UUa
-f80K5
FatalAppExitA
F-#`dF
February
FhG2i	
FindFirstFileA
FindFirstFileW
FindNextFileW
Finland
Finnish
fJ'PdA
F@j@Ph
- floating point not loaded
'fM>tb
.?fOLf
FormatMessageW
F PjPWj
F$PjQWj
F.PjRWj
F*PjTWj
F+PjUWj
F,PjVWj
F-PjWWj
*fR9U$
France
FreeEnvironmentStringsA
FreeEnvironmentStringsW
FreeLibrary
French
french-belgian
french-canadian
french-luxembourg
french-swiss
Friday
f.\yg\
German
german-austrian
german-lichtenstein
german-luxembourg
german-swiss
GetACP
GetActiveWindow
GetClientRect
GetCommandLineA
GetCommandLineW
GetConsoleMode
GetCPInfo
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDCEx
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
GetExitCodeProcess
GetFileAttributesA
GetFileAttributesW
GetFileType
GetLastActivePopup
GetLastError
GetLocaleInfoA
GetLocaleInfoW
GetMenuItemCount
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetOEMCP
GetParent
GetProcAddress
GetProcessHeap
GetStartupInfoA
GetStartupInfoW
GetStdHandle
GetStringTypeA
GetStringTypeW
GetSysColorBrush
GetTimeZoneInformation
GetUserDefaultLCID
GetVersion
GetVersionExA
GetWindowDC
GetWindowRect
GetWindowTextA
GetWindowTextLengthW
GetWindowThreadProcessId
g>g(;9
g|GTI!
__GLOBAL_HEAP_SELECTED
G_Low_MseHangTime
GLp6~&w
,)$GM+
G!)%.o
GP\F)X
great britain
gr|Qu$7C
Guatemala
g!y.=9!
g_YLG<
h0IZJ1ND\='u
~H*8!F
HeapAlloc
HeapCreate
HeapDestroy
HeapFree
HeapReAlloc
HHtiHtGH
HKvu<v
Hli0:lJ2
H(`)ml_
H:mm:ss
hN";}qZq
/HNseBD
holland
hong-kong
hoRIRR
hOu{x)
/H QZ}{
Hr`0NE
HtHHt(
HtOHt)H
'H?;u+
	HwbMim?WZ`
=?i-2}
Iceland
Icelandic
I"?/Hh
i%iW|L5
InitializeCriticalSection
InPreK)
InterlockedDecrement
InterlockedExchange
InterlockedIncrement
InvalidateRect
I,:oAK-5]d
irish-english
IsBadWritePtr
IS_Ey.=
IsValidCodePage
IsValidLocale
IsWindowEnabled
italian-swiss
It[IItM
iuYEv>M(;
IYLFt{
J.|7vR
=J.81>
JanFebMarAprMayJunJulAugSepOctNovDec
January
Jhke$l
jISyx,
jK!FC	!N
jmJF_wu5
jNw]Hm
JuuMA%/
KERNEL32.dll
K#)i27
KJ^zMV
KP`<0o
krqr z
Ku!&>m
KUTP*AU
 ^L-0BjN+
L]1DtF
l	6<]q)
LC_ALL
LC_COLLATE
LC_CTYPE
\lCicbV
LCMapStringA
LCMapStringW
LC_MONETARY
LC_NUMERIC
LC_TIME
;[L{E9
LeaveCriticalSection
?l|iJC
;:L/JU$
lL<\K{
l=n-!q
LoadLibraryA
LoadLibraryW
LockResource
#lOR-CsA
LqEwm<
lstrlenW
Luxembourg
L#|YP -A
#m2dy[
m3G?<ZW
mCEB["
,M;DDr
M/d/yy
MessageBoxA
Mexico
	M$)f|
M":Fx1
mg;5K"
m.*H5<
Microsoft Visual C++ Runtime Library
mj3H*o"
	;mlKcp
MN`o3h 
Monday
M)%p7J
m;;PEJ
mR/N%"o'Ib
__MSVCRT_HEAP_SELECT
MultiByteToWideChar
N2SK>L
:"N9$u^LDD
=nAE1O[^1
new-zealand
;Nf2I>m
~Nl"7q
n'LqV5
norwegian
norwegian-bokmal
norwegian-nynorsk
- not enough space for arguments
- not enough space for environment
- not enough space for lowio initialization
- not enough space for _onexit/atexit table
- not enough space for stdio initialization
- not enough space for thread data
November
n'?R5^
]n$S9wS
>nSU1AT
NvQdlJL
Nw~6~<
O7>&O<
O[9I44	
October
Ogi)"C
o *;j$
o(?jP0W
~O( jS
$Ok].67&Kd
O`O+o2E
o]O!P?
Oqqd.W
o Wq-K
OW.Sj8
,*|}}p
Panama
Paraguay
p:+Dw7G
P HNE+
$pi~|?
/$"pl%
[PlY,C
'p{no]
portuguese-brazilian
PPPPPPPP
pr china
pr-china
Program: 
<program name unknown>
puerto-rico
- pure virtual function call
p*X$A[@
P_Y#ig
q2^VD,"
Q3,	4`i
q/&4D\
Q4+EB+
Q5LlMa
Qk .	Z" 9
"QM]:_h
QQSVW3
QQSVWj
{q:TWO
(	r09{
[`(R+1
>R#%1Y
r641b3
`.rdata
ReleaseDC
r`*_gaJ
%rg~znc
"rj!hIP
rJ@;.m
! :r;l
rMw4r|
'R$MW9
=}@R`NA8
"r<n\ok
rpf2G#
"R/PS^$Z
}"R^ry
RtlUnwind
runtime error 
Runtime Error!
R:Yq!Y)
Saturday
s`b~e^4*n
SendMessageA
September
SetCursor
SetEndOfFile
SetEnvironmentVariableA
SetErrorMode
SetFilePointer
SetForegroundWindow
SetHandleCount
SetLastError
SetMenuContextHelpId
SetRectEmpty
SetTimer
SetUnhandledExceptionFilter
SetWindowPos
SHELL32.dll
SHFileOperationW
S}Hg	Gq
SING error
SizeofResource
slovak
sN=C.|
south africa
south-africa
South Africa
south korea
south-korea
Spanish
spanish-argentina
spanish-bolivia
spanish-chile
spanish-colombia
spanish-costa rica
spanish-dominican republic
spanish-ecuador
spanish-el salvador
spanish-guatemala
spanish-honduras
spanish-mexican
spanish-modern
Spanish - Modern Sort
spanish-nicaragua
spanish-panama
spanish-paraguay
spanish-peru
spanish-puerto rico
Spanish - Traditional Sort
spanish-uruguay
spanish-venezuela
SPN4,:?p
,sqE,Gkx
STATUS_LOST_WRITEBEHIND_DATA
Sunday
SunMonTueWedThuFriSat
Sweden
Swedish
swedish-finland
Switzerland
tEj@Vh
TerminateProcess
!This program cannot be run in DOS mode.
Thursday
Thy<=:
tiuLGO,U
TLOSS error
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TMDN#%;5
tn<%t2
tp"SwU@
_TQ\95
trinidad & tobago
trKe6N
t/S1i<[]
tSbnm;
TtpZRfor
t.;t$$t(
Tuesday
t/WWUPj
t @;;x!
tx.i4L
u5zC7H
\,]u/D#
}]UE@!n
Uf4^T"{
>:u#FV
-u	)G9{7
UlA/@v
- unable to initialize heap
- unable to open console device
- unexpected heap error
- unexpected multithread lock error
>:uNFV
UnhandledExceptionFilter
united-kingdom
united-states
UR)370
Uruguay
user32.dll
USER32.dll
utWH>MQ
uW9=$[
)u&	X="
!ux !o
-v 7_Z]^
v{86AwTPZ
VC20XC00U
Venezuela
^_"vH>Qg
VirtualAlloc
VirtualFree
vNkAzN
vRt4;d
_<)vs?o_
Vtvj0j
)V>Uwm
v\xgOw
v#X]Jz@
}W>(1|
Wednesday
w@fop#
*+}W`G%RF&%|
WideCharToMultiByte
WJP2i7
_WK6O>M
w:lDCj
WQj1Pj
WriteConsoleW
WriteFile
WrLx35
WSS~mu
W<[VIV
"WWShL
W^XLcw
 X2H \bH TbH
X7QQ74<
X {8&5
(X^BR5
]Xc6VyN:
Xdp \bH
"xdsKr
Xg=%D|>
Xki/c6
XRHGX*
$X@WH&2
X"<*yf
/XYxw$
+y!{+"
Y2M(KI(
Y73R`(
YamXhDo
y,^bfc3
ycX`3(06
y[f}#G
Y,JF^C
y"kRc-
y:o<8V(
y#R2bxEu
y@speN
Y: YbsB
y(ynpk
*yz{O%Y
Z7$Tt-
Z88E	3
$+ZAh%|
[z	;C[
^"Zn3{'
zNC.I(4	
|z+o+fHst
%zOhv@
;_Zp9We
zu^SSS
Z >V9KUa
z"W\#[