Analysis Date2014-12-19 00:36:34
MD5e5b2be5ad7d9bdd310a3bf1c9881ad9b
SHA1b3404f5979ea6e8c17617aa8ea3ce9e7cd8a5db3

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
SectionUPX0 md5: d41d8cd98f00b204e9800998ecf8427e sha1: da39a3ee5e6b4b0d3255bfef95601890afd80709 size: 0
SectionUPX1 md5: 08db4975dd7b2594cd48ae37549b4614 sha1: 2a8226174f74af5bc0ce57a86dbd315124c2f1d0 size: 110080
Section.rsrc md5: 20d4ab1ed6d8c63de66326c95e731012 sha1: 567cb3f80c550d703ecdba51f4052247650a2f9b size: 17920
Timestamp2009-07-18 16:10:33
VersionLegalCopyright: Copyright © 2008-2009 HackMew
InternalName: A-Trainer
FileVersion: 0.09.0001
CompanyName: HackMew Productions
ProductName: Advance Trainer
ProductVersion: 0.09.0001
FileDescription: Advance Trainer
OriginalFilename: A-Trainer.exe
PackerUPX -> www.upx.sourceforge.net
PEhash7e5c2181329242cc42a93d19f0dacc35acebe80d
IMPhash3243b13e562279ab7fbe2f31e45d3a95
AVArcabit (arcavir)No Virus
AVAuthentiumW32/Trojan.QDTE-3631
AVGrisoft (avg)No Virus
AVAvira (antivir)No Virus
AVAlwil (avast)No Virus
AVAd-AwareNo Virus
AVBitDefenderNo Virus
AVBullGuardNo Virus
AVClamAVNo Virus
AVDr. WebNo Virus
AVEmsisoftNo Virus
AVMicroWorld (escan)No Virus
AVCA (E-Trust Ino)No Virus
AVFortinetW32/Vb.BL!tr
AVFrisk (f-prot)No Virus
AVF-SecureNo Virus
AVIkarusTrojan-Ransom.Win32.PornoAsset
AVK7Riskware ( 0040eff71 )
AVKasperskyNo Virus
AVMalwareBytesError Scanning File
AVMcafeeGeneric.tra!g
AVMicrosoft Security EssentialsNo Virus
AVNANONo Virus
AVEset (nod32)No Virus
AVPadvishNo Virus
AVCAT (quickheal)Trojan.IGENERIC
AVRisingNo Virus
AV360 SafeNo Virus
AVSUPERAntiSpywareNo Virus
AVSymantecTrojan.Gen.2
AVTrend MicroNo Virus
AVTwisterNo Virus
AVVirusBlokAda (vba32)No Virus
AVWindows DefenderNo Virus
AVZillya!No Virus

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Winsock URLhttp://www.andreasartori.net/hackmew/updates/A-Trainer.txt

Network Details:

DNSwww.andreasartori.net
Type: A
107.20.253.26
HTTP GEThttp://www.andreasartori.net/hackmew/updates/A-Trainer.txt
User-Agent:
Flows TCP192.168.1.1:1031 ➝ 107.20.253.26:80

Raw Pcap
0x00000000 (00000)   47455420 2f686163 6b6d6577 2f757064   GET /hackmew/upd
0x00000010 (00016)   61746573 2f412d54 7261696e 65722e74   ates/A-Trainer.t
0x00000020 (00032)   78742048 5454502f 312e310d 0a486f73   xt HTTP/1.1..Hos
0x00000030 (00048)   743a2077 77772e61 6e647265 61736172   t: www.andreasar
0x00000040 (00064)   746f7269 2e6e6574 0d0a0d0a            tori.net....


Strings
.,.
T
s.
f.
.
..
.
.
..,.
T
s.
f.
.
..
.
.
.
0.09.0001
040904B0
 2008-2009 HackMew
Advance Trainer
A-Trainer
A-Trainer.exe
CompanyName
Copyright 
FileDescription
FileVersion
HackMew Productions
InternalName
LegalCopyright
OriginalFilename
ProductName
ProductVersion
StringFileInfo
Translation
VarFileInfo
VS_VERSION_INFO
!02(r3
0-w`Bc
%1i+2,p
1,oBwo'
2	sB6p]
}39N3Kq
3iPusT6
3=P[pK
3&pW:3
450*YR
+4"SfN
5]	*Y2
69xTF-
6cA!1%
}6N."c
/6,[=X
;7[3xj
75a"5P
7j?yUI8
7'KMM o
7_Ms5%
7NB=3%-
7u7P@3a7S
7Wk#lEN
8{TL)W
9l$\w_
9_'*o{
"9t]j;
 a1\&VG
am8S|Wx
Anae%AY^#
aY%aSH
b_2Y ~
B6:5n5i	4(
bbj;##
BBn5(h
bRich@
\BVzFpP
b!X_ir8
By-?QDMnZ
byTO1o-P
c ANHdc
CNWH_C7
/;C."?U5
cuJYJ(
c-	X{6%
)D#Asi
.)D$H)
dPmCB(2
?`dqO|
D$t+D$\
D$t#D$h
d*v-a55
!&/dy?
*d![*y
e*bGo=s
e.ir\fP+
e?j9?d
'e,S>1
ExitProcess
%f}6bJ@
+F`)70
fbKihZ$
f/g7I^
f<g--x
;Fim"7J
f$MXY>+
	Fnt:h
@f^tHK
f$_VrZ
fX,e5Nh
&(g0FY
GetProcAddress
G$Hghwy
gpT%&f
gq"dX}
gtBLcps
>gVVlg
gzHJxu
h:[[(=
H??0%'
h8Iae1
hckB\m[!
hJ+Ww|
H>kfIH
h`?($s
!hy4,G
i(!5`}e
I KvaP'
iQ.WO*
/J3N\:
Ji#[2i
J-u}:ZQ
[k5tp2
K@;ayN
K}b	\G
KERNEL32.DLL
K`~u>*
L5 ~uA
lB82Q!uF
LJ|)[Q
LoadLibraryA
[lQ$g"
&lX(|jW
m33AY"
:m8q<Q
Md%S;?
m#d*Vl
+MeYyP^
,%	mg4Y
	<mOL_
MSVBVM60.DLL
mWMkX!
n"Ek`>
n!E#kB
_#*nI}]
no9PY}>
NPp0q&=
N:;R(/
<NtZ-U
N}wCjISV	
#o3*,N
o5[|t$
]o U:U
`{O}wE
OwI!T*
=^oWpi
%p&25['v
*.}pMs4
$P]n1q
q5#wC(]
q*C8<}t
Q TFF4
qV,>Iw
{QVLjJ#
r4g(fS+
(r^,8W
`&-r,f
$r""sO
'Ry<+Z+N
'*S`#<
S8<F5/vx
s`)L$4
S?-M,?
S,Nj2t
<S&W8	?
sXc3tb
#T4O"r
TArLt%I
]t^C|rY
!This program cannot be run in DOS mode.
ThX;FMd
To-pXnT
t$t#t$l
t	/x"pJ
t%?,Xr
Tzj9S8T
u.4)CLn
UeYF.NZ
Ui[Q{!
upX31HQ
uQTsGl$
uq=XhP
V6	gKp
* vbP0	+h
VeDBr>r
-;Ven]
Vg}G{l
^Vh[~_
v`H"8_
VirtualAlloc
VirtualFree
VirtualProtect
&{V@}N
\`@VO$
vR\d-2
vx,.N#
Vy%bB,z
V$&y!Y"5
'WE<jlmD
	+~w=m
wM8:E"
wOsa1*
xA/d?0
Xi4H<W
XJM:"0
<?xml version="1.0" encoding="UTF-8" standalone="yes"?><assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><assemblyIdentity version="1.0.0.0" processorArchitecture="X86" name="vbAccelerator.XPStylesTester.ResXpStylesTester" type="win32" /><description>XP Styles Demonstration Using Resource Manifest</description><dependency><dependentAssembly><assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="X86" publicKeyToken="6595b64144ccf1df" language="*" /></dependentAssembly></dependency></assembly>
XPTPSW
X#R75O	
XWno2e
*Y+1CHG	?
Y30(3T/
yeT$.t
yG*60U
./Yiu 
ynk4)*U
y@x7O6
Z_cstv
Z{m>55!
@z/o#w