Analysis Date2015-05-18 11:32:39
MD5cb56b1fc08451d1f56481a29bd1047e9
SHA1c01fbb52a7a188c4f7441a808b153a34ec753a2d

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Sectioncode md5: de3f4faa27f4f4f391be33bad815b13f sha1: 794af378113e7f8b33526fe0a2f62c50f5ca9e43 size: 7168
Sectiondata md5: ba8a13e55946b35da77b9a4a58e2d9a8 sha1: 605085241810d66b423646dc2f0bc6b4d374b8e9 size: 13824
Section.idata md5: 798744f175bcc62970423d43e37d6062 sha1: a0d2d94d08bc7913db947bcebff349009fd4e0f7 size: 3072
Timestamp2014-01-07 14:50:21
PEhash8b819e10a70df75cd0fc24de6abc5203b5014193
IMPhash3e960be8eda70801665d22b1c143e813

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Network Details:


Raw Pcap

Strings
<(*+++
<\*++]
[0Y0W0U
100208000000Z
130828000000Z
140927235959Z0
1(c) 2006 VeriSign, Inc. - For authorized use only1E0C
200207235959Z0
2Terms of use at https://www.verisign.com/rpa (c)101.0,
38"3$x3.3
5Digital ID Class 3 - Microsoft Software Validation v21 0
<6*+++
ADVAPI32.dll
AllocateAndInitializeSid
aoxdof98$nff
BeginPaint
B^^Z%;$;
(<C-++]
CallWindowProcA
]cdOroi
CloseHandle
CreateDialogParamA
CreateDirectoryA
CreateFileA
CreatePipe
CreateProcessA
CreateWindowExA
DDDDDDDDDD<-
dnff98*(/y(*Zfks*(/y(
DTOPTOOLZ Co.,Ltd.0
DTOPTOOLZ Co.,Ltd.1>0<
d*%|*(/y(*%~*XOMUYP*%n*(/y(
EndPaint
EqualSid
ExitProcess
ExpandEnvironmentStringsA
fclose
FindFirstFileA
FreeSid
fwrite
Gepcffk%>$:!"iegzk~chfo1!GYCO!2$:1!]cdne}y!D^!?$;1!Y\;#
GetComputerNameA
GetCurrentProcessId
GetCursorPos
GetDlgItemTextA
GetFileSize
GetForegroundWindow
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetStartupInfoA
GetSystemWow64DirectoryA
GetTempFileNameA
GetTempPathA
GetTickCount
GetTokenInformation
GetUserNameA
GetVersionExA
GetVolumeInformationA
GetWindowRect
gmtime
GoLink, GoAsm www.GoDevTool.com
hhhhhhhhhhW
#http://crl.verisign.com/pca3-g5.crl04
/http://csc3-2010-aia.verisign.com/CSC3-2010.cer0
/http://csc3-2010-crl.verisign.com/CSC3-2010.crl0D
#http://logo.verisign.com/vslogo.gif04
http://ocsp.verisign.com0
http://ocsp.verisign.com0;
HttpOpenRequestA
HttpSendRequestA
https://www.verisign.com/cps0*
https://www.verisign.com/rpa0
.idata
ign$oro*%i*
ign$oro*%i*x
ign$oro*%i*xom*knn*/yVYel~}kxoVGcixeyel~V]cdne}yVI
ign$oro*%i*zcdm*;8=$:$:$;*,*nof*(/y(
	image/gif0!0
InternetCloseHandle
InternetConnectA
InternetOpenA
InternetOpenUrlA
InternetReadFile
IsUserAnAdmin
KERNEL32.dll
LoadBitmapA
>""&lyy!!!x!3gg&9?8"x59;lbbey ?3!x7%&i599=?3ks%p"/&3ks2p ?2ks2
>""&lyy!!!x!3gg&9?8"x59;lbbey&>9"9ys%x<&1i ?2ks2
malloc
Management Support Team1
Mapo-gu1
memcpy
memset
MessageBoxA
msvcrt.dll
MultiByteToWideChar
/nU/nU/nU/y
OpenProcess
OpenProcessToken
PeekMessageA
PeekNamedPipe
ReadFile
RegCloseKey
RegDeleteValueA
RegOpenKeyA
rrrrrrrrrr
RtlZeroMemory
SEOUL1
SetFilePointer
SetWindowPos
SetWindowTextA
SHELL32.dll
ShowWindow
sprintf
strcat
strcpy
strlen
(<T*++
USER32.dll
%VeriSign Class 3 Code Signing 2010 CA
%VeriSign Class 3 Code Signing 2010 CA0
<VeriSign Class 3 Public Primary Certification Authority - G50
VeriSign, Inc.1
VeriSignMPKI-2-80
VeriSign Trust Network1:08
VeriSign Trust Network1;09
VirtualProtect
<~+++W,
<[)++W,
WideCharToMultiByte
Win32 Program!
WININET.dll
!!!x!3gg&9?8"x59;
]xc~oLcfo
xxod~\oxycedVX
y ?3!x7%&i599=?3ks%p"/&3ks2p ?2ks2
YEL^]KXOVGcixeyel~V]cdne}yVI
Yofl*Zxeioyy*Cn0/n