Analysis Date2014-11-26 04:56:19
MD571ee5d4c3139ee1e945bcb54907a71f6
SHA1c45b528b8b72c022d3938ef65c7adedbaebd9652

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: a36f48d3a808bc1b0cc31fb9425bfdae sha1: 07763253828722bf0d034cdc5d5b614e01fa5e6a size: 49152
Section.data md5: ced10140e7c5be2da0cee69c25a20e4a sha1: b0bff33b671b497a2ea3c2aaaf68d5f606890d09 size: 13824
Section.rdata md5: b31e6f7b81fcf9df49abadf56bfb91ce sha1: 8d6a70f93af6475ab417158fb1bb07166ed2922c size: 9728
Section.rsrc) md5: c1823d8200364c58766353e0f553fd8c sha1: 172e25e24b0baa9bca7647203aa2da181730742d size: 6656
Timestamp2008-08-31 02:29:10
VersionInternalName: Elder Xyz Anyway Ripen Whee Octave
FileVersion: 2155 49034 120371
CompanyName: Phoenix Technologies Ltd.
ProductName: Gouge Read
ProductVersion: 2155 49034 230
OriginalFilename: Motto.exe
PackerMicrosoft Visual C++ v7.0
PEhash5fa15bb712bd19cbac8f0353cc2daa3f51264794
IMPhash68a66842b97b9be9cb59a03ebd46e88b
AV360 SafeTrojan.GenericKD.1686004
AVAd-AwareTrojan.GenericKD.1686004
AVAlwil (avast)Dropper-gen [Drp]
AVArcabit (arcavir)no_virus
AVAuthentiumW32/Trojan.YQTJ-1461
AVAvira (antivir)TR/Crypt.Xpack.67163
AVBullGuardTrojan.GenericKD.1686004
AVCA (E-Trust Ino)Win32/Zemo.R
AVCAT (quickheal)TrojanDownloader.Zemot.rw4
AVClamAVno_virus
AVDr. WebTrojan.DownLoad3.32895
AVEmsisoftTrojan.GenericKD.1686004
AVEset (nod32)Win32/TrojanDownloader.Agent.AGV
AVFortinetW32/Tiny.NKF!tr.dldr
AVFrisk (f-prot)W32/Trojan2.OFFF
AVF-SecureTrojan.GenericKD.1686004
AVGrisoft (avg)Downloader.Generic13.CENH
AVIkarusTrojan-Downloader.Win32.Zemot
AVK7Trojan-Downloader ( 004948121 )
AVKasperskyTrojan-Spy.Win32.Zbot.svtb
AVMalwareBytesSpyware.Zbot.VXGen
AVMcafeeRDN/Downloader.a!qv
AVMicrosoft Security EssentialsTrojanDownloader:Win32/Zemot.A
AVMicroWorld (escan)Trojan.GenericKD.1686004
AVRisingno_virus
AVSophosMal/Zbot-QY
AVSymantecTrojan.Zbot
AVTrend MicroTROJ_SPNR.0BF614
AVVirusBlokAda (vba32)no_virus

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Qbpipddofu\License ➝
1480
RegistryHKEY_CURRENT_CONFIG\Software\Microsoft\windows\CurrentVersion\Internet Settings\ProxyEnable ➝
NULL
RegistryHKEY_CURRENT_USER\SOFTWARE\Qbpipddofu\License ➝
1480
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass ➝
1
Creates FileC:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat
Creates FileC:\Documents and Settings\Administrator\Cookies\index.dat
Creates FilePIPE\lsarpc
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat
Creates Mutexc:!documents and settings!administrator!local settings!history!history.ie5!
Creates MutexWininetConnectionMutex
Creates Mutexc:!documents and settings!administrator!cookies!
Creates Mutexc:!documents and settings!administrator!local settings!temporary internet files!content.ie5!
Winsock DNSphil-comfo.com
Winsock DNSmix-juert.com

Network Details:

DNSmix-juert.com
Type: A
DNSphil-comfo.com
Type: A

Raw Pcap

Strings
|..1U..
.
040904B0
2155  49034 120371
2155   49034  230
Agenda Spicy Hobby
Amigo
Bangs
Book Calms Match
Bough
Calms
Clip
CompanyName
Cork
Czech
Elder Xyz Anyway Ripen Whee Octave
Fido
FileVersion
Flank
Gifts Add
Gouge Read
Gust
Harvey Glee Vigor
Hdtv Siesta
Hooch
InternalName
Motto.exe
MS Sans Serif
Oboe Miser Wyatt
OriginalFilename
P27)
Phoenix Technologies Ltd.
Poise
Pours Xmas
ProductName
ProductVersion
Ripe Rhyme Soars
Steep Speed
StringFileInfo
Suits
Swab Owl Laser
Translation
Uphold Clues Skims
VarFileInfo
VS_VERSION_INFO
Will Ghost Goods
Wit Hiv Ass
Yokel
******
*******
********
*********
**********
***********
************
**************
0?V:`EL <q
 0}{y	
0y4t{@
134231
?(]1"K%
1U713*
	1|usv
1WmaV<x
2x78qe
37325114
3`kY;	V
4623641
	4ok/jE
4Uf ",
5tp*:X
5YYzW`
6467334
7@wb`fd$
87374216361734
8	!=r3
a4lDeRTGP2Ejp
Abizic
AccessCheckByTypeResultList
Adiqovi
ADVAPI32.DLL
\aemVB
Afuvez
Alifam
AllowSetForegroundWindow
AnimateWindow
Aowus}
Arefebo
Awimex
Bahaxo
baVbfJiSspDnur
Bawycik
bcshtarm
"bKJ%'
BringWindowToTop
BroadcastSystemMessageA
BroadcastSystemMessageW
c7a62mm2esg7kxb
CallMsgFilterA
CallMsgFilterW
CallNextHookEx
CallWindowProcA
CallWindowProcW
ChangeMenuA
ChangeMenuW
CharLowerBuffA
CharLowerW
CharNextA
CharNextExA
CharPrevW
CharUpperBuffW
CheckDlgButton
CheckMenuItem
CheckMenuRadioItem
ChildWindowFromPoint
ChildWindowFromPointEx
Civexo
ClipCursor
CloseCluster
CloseClusterGroup
CloseDesktop
CloseWindow
CLUSAPI.DLL
ClusterGroupCloseEnum
ClusterGroupEnum
ClusterNetworkCloseEnum
ClusterNetworkControl
ClusterNodeControl
ClusterRegCreateKey
ClusterRegEnumKey
ClusterRegQueryInfoKey
ClusterRegSetKeySecurity
ClusterResourceControl
ClusterResourceTypeOpenEnum
CommConfigDialogA
CopyAcceleratorTableA
CopyAcceleratorTableW
CopyRect
CountClipboardFormats
CreateAcceleratorTableA
CreateCaret
CreateClusterResource
CreateClusterResourceType
CreateDesktopA
CreateDesktopW
CreateIconFromResource
CreatePopupMenu
CUlesiwy
Cyresy
`.data
DBTPKPFYDMOQASP
DdeAccessData
DdeAddData
DdeClientTransaction
DdeCmpStringHandles
DdeConnect
DdeCreateDataHandle
DdeCreateStringHandleA
DdeDisconnect
DdeEnableCallback
DdeFreeDataHandle
DdeGetData
DdeInitializeA
DdePostAdvise
DdeQueryConvInfo
DdeQueryStringW
DdeSetUserHandle
DdeUnaccessData
DdeUninitialize
DefDlgProcA
DeferWindowPos
DefWindowProcA
DeleteClusterGroup
DeregisterShellHookWindow
DestroyCursor
DestroyMenu
DestroyWindow
DFobyvul
DialogBoxIndirectParamW
DialogBoxParamA
DialogBoxParamW
DlgDirListA
DlgDirListComboBoxW
DlgDirListW
Dotazap
DrawAnimatedRects
DrawEdge
DrawIcon
DrawIconEx
DrawMenuBar
DrawTextA
DrawTextExW
DrawTextW
dxbixitujcrqgpj
Dyracol
Efadoh
Ejysoc
Elezyf
EmptyClipboard
Emyrygy
EnableMenuItem
EnableScrollBar
EndDialog
EnumChildWindows
EnumClipboardFormats
EnumDesktopsA
EnumDisplayMonitors
EnumPropsW
EnumThreadWindows
Enuxywy
Esojowe
{eYbPQ
Ezezej
FailClusterResource
Feruwo
Fezini
FillRect
FindWindowExA
FindWindowExW
FindWindowW
FlashWindow
F^lb`}~
Fobadi
Fojiju
FrameRect
g+25g>
g6Yhgi
GetAltTabInfoA
GetAncestor
GetCaretBlinkTime
GetCaretPos
GetClassInfoExA
GetClassInfoExW
GetClassWord
GetClientRect
GetClipCursor
GetClusterFromNode
GetClusterNetInterface
GetClusterNetInterfaceKey
GetClusterNodeId
GetClusterNodeKey
GetClusterNodeState
GetClusterResourceKey
GetCursor
GetCursorInfo
GetCursorPos
GetDCEx
GetDesktopWindow
GetDlgCtrlID
GetDlgItemTextA
GetDlgItemTextW
GetFocus
GetGuiResources
GetIconInfo
GetInputDesktop
GetInputState
GetKBCodePage
GetKeyboardLayout
GetKeyboardLayoutNameA
GetKeyboardLayoutNameW
GetKeyboardState
GetKeyNameTextA
GetLastActivePopup
GetLastInputInfo
GetMenuBarInfo
GetMenuCheckMarkDimensions
GetMenuContextHelpId
GetMenuDefaultItem
GetMenuInfo
GetMenuItemID
GetMenuItemInfoA
GetMenuItemInfoW
GetMessageA
GetMessagePos
GetMessageTime
GetMessageW
GetMonitorInfoA
GetMonitorInfoW
GetParent
GetProcAddress
GetProcessDefaultLayout
GetPropA
GetPropW
GetScrollPos
GetShellWindow
GetThreadDesktop
GetTopWindow
GetUserObjectInformationW
GetUserObjectSecurity
GetWindowLongA
GetWindowLongW
GetWindowModuleFileNameA
GetWindowRect
GetWindowRgn
GetWindowTextA
GetWindowTextLengthA
G>H<{z
!GJ@hA
Gomegih
GxMtHgQJQp
Gyqabyv
h3(bpYg
h#b80A
Hevaruq
hKyssnkVNQbL
Hylyfop
Ibimew
Icevon
Ifymewu
Ihubaz
IMAVNPMMMVLW
IMM32.DLL
ImmAssociateContextEx
ImmGetDescriptionW
ImmGetGuideLineW
ImmIsIME
ImmSetCompositionWindow
ImpersonateDdeClientWindow
IMPGetIMEW
IMPQueryIMEA
IMPSetIMEA
InflateRect
InsertMenuW
InvalidateRect
InvalidateRgn
Iriqito
IsCharAlphaA
IsCharAlphaNumericW
IsChild
IsClipboardFormatAvailable
IsDialogMessageW
IsHungAppWindow
IsRectEmpty
Isucupy
IsWindowUnicode
Japupy
.Jb!zu
JCUDTXQFJU
jJujWqfCaYk
JLBau4
Joxujav
Joxuji
Kd8ZDFW
Kejeron
KERNEL32.DLL
KjdkhT
K/?K?KPK//
KK/sMsK
KKUUwM
?KKxPw
/KPUUP
K?sxU/Ux
KU?M?M
/?KUws
KXDCXPPIIXL
Kx?sxw
lAlloc
LoadAcceleratorsA
LoadCursorA
LoadCursorFromFileA
LoadCursorFromFileW
LoadIconA
LoadImageW
LoadKeyboardLayoutA
LoadKeyboardLayoutW
LookupIconIdFromDirectory
LookupIconIdFromDirectoryEx
Lyloca
MapVirtualKeyExW
MapVirtualKeyW
MessageBeep
MKxMsM
mL:,1Ac
ModifyMenuA
ModifyMenuW
MonitorFromWindow
/M/?PP
M?/PPw
MsgWaitForMultipleObjects
M/sMxM
MsPMsP
/MsP?P
MUsM?MK
M/U/sMw
MwMxsUs
MxMxPK
/MxP//UM
n2gbmQLyc
Nejetas
Odovuca
Odujodo
OemToCharA
OemToCharBuffA
OemToCharBuffW
OffsetRect
Olucyc
Onityr
OnlineClusterResource
OpenClipboard
OpenClusterNode
OpenDesktopA
OpenDesktopW
OpenWindowStationW
p},-!)
P}^aP`
p Bz8*
PeekMessageA
PeekMessageW
PGAMIHWPV
@PK~5z
PKMMPx
`pn#Cp)h
PostMessageW
PostThreadMessageA
??P/P?
Ps?KMw
PswU?P
p	T_u 
PUKUws
Qemazy
Qifeqov
Qyqenyn
RCFSBJBFPJSGX
.rdata
RealChildWindowFromPoint
RealGetWindowClassW
RegisterDeviceNotificationA
RegisterDeviceNotificationW
RegisterShellHookWindow
RegisterWindowMessageA
ReleaseCapture
RemoveClusterResourceNode
RemoveMenu
ReplyMessage
ResumeClusterNode
ReuseDDElParam
Riluquk
Rokabo
RTTIRID
S8LLW3Rcu
ScrollWindow
SendDlgItemMessageA
SendIMEMessageExA
SendMessageA
SendMessageCallbackW
SendMessageTimeoutA
SendMessageTimeoutW
SendMessageW
SendNotifyMessageW
SetCapture
SetCaretBlinkTime
SetCaretPos
SetClassLongA
SetClipboardData
SetClusterGroupNodeList
SetClusterNetworkPriorityOrder
SetCursor
SetDebugErrorLevel
SetDlgItemInt
SetDlgItemTextA
SetDlgItemTextW
SetLastErrorEx
SetMenuDefaultItem
SetMenuItemBitmaps
SetMenuItemInfoA
SetMenuItemInfoW
SetRect
SetRectEmpty
SetScrollRange
SetShellWindow
SetSystemCursor
SetThreadDesktop
SetUserObjectSecurity
SetWindowLongW
SetWindowPlacement
SetWindowsHookA
SetWindowsHookExW
SetWindowsHookW
ShowCursor
ShowScrollBar
ShowWindow
s/K?xM
SKyRpjrA
sMUU?M
?sMw/xM
s?swMP
/ssx?s/PK
S`#tE1
s&UHy:
SwapMouseButton
SwitchDesktop
SwitchToThisWindow
s?wMxMxwxPM
/s/wsMP
sxxMPU/w
SystemParametersInfoA
TabbedTextOutA
t):c#41
Tenelob
!This program cannot be run in DOS mode.
Tideba
Tidybi
TileWindows
tLBta%`	\c!2
ToAscii
ToAsciiEx
ToUnicode
TrackMouseEvent
TrackPopupMenu
TranslateAcceleratorA
TranslateAcceleratorW
TranslateMessage
tvpr|~xzdf`blnhjTVPR\^XZDF@BLNHJ4602<>8:$& ",.(*
TV!P\^XD
Tyzyhy
Ucuvaxy
Umeqyb
UMsMMM
U?MU/U
Unenoro
UnhookWinEvent
UnionRect
UnpackDDElParam
UnregisterClassW
UnregisterHotKey
UpdateLayeredWindow
UpdateWindow
UPKMMs?ssU/
U?PMKMU/
??/UPPs
?/UPPUs
UPsUMMx
UPws/x
Uqenexy
USER32.DLL
Usipek
UsMw?MK
UsMx?Us
UssswMK?
uSwncVHqx
Uwikej
UxMKwxM
UxP/wM
ValidateRect
ValidateRgn
VdsshFFyOSNuT
Vequlo
VkKeyScanA
VkKeyScanExA
VkKeyScanExW
VkKeyScanW
VtI$.:
Vyseje
;/]WF_Z
WindowFromPoint
WinHelpW
wK/xKK
WLfRyFQCEs
wMMUUM
w?MPU/x
wMsMMwM
?wM/sMw
??wMws/
wMxwws
wPKKw?Ps
wPMwUs
WTSAPI32.DLL
WTSDisconnectSession
WTSEnumerateProcessesA
WTSEnumerateProcessesW
WTSEnumerateServersA
WTSEnumerateSessionsA
WTSFreeMemory
WTSLogoffSession
WTSOpenServerA
WTSOpenServerW
WTSQuerySessionInformationA
WTSQuerySessionInformationW
WTSQueryUserConfigA
WTSQueryUserConfigW
WTSSetSessionInformationA
WTSSetSessionInformationW
WTSSetUserConfigW
WTSShutdownSystem
WTSVirtualChannelClose
WTSVirtualChannelOpen
WTSVirtualChannelPurgeInput
WTSVirtualChannelRead
WTSVirtualChannelWrite
WU8 p 
Wusofy
wUUPMsP
wvsprintfW
w?w///
wwx?Kx
/wwxxsM
wxMUUU
Wyryma
Wyzosy
Xajonur
Xazavy
x:	 <dk{
Xecamo
xmnhcnw
xMP/MP
XVADSACTFRWC
Xysuxan
XYu_Gx
["__Y[
Ycaqop
Ycefita
Ygadeb
Yhalike
yjkrCb
Ykawiq
Ypoqoqo
Ypulyme
Ytaxuw
Zovysef
Zozeny
ZWodyra