Analysis Date2014-11-30 02:36:56
MD5f5b74352b43fe337e8353c6be526621d
SHA1cad7b738bdb189d84af863d32f2b6ed08105a5cd

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 9cffcf506d88c9b33c632ba9d874c26d sha1: ba0e05312f6fc743c7f95b6fafee883ea5d954c6 size: 10240
Section.data md5: de66abe58bfa4be0f002134ac936ed47 sha1: 78ce774a004d8618189ac25aff8ac272a96bde7a size: 12288
Section.adata md5: 3e9af96d9b9ae101fe12b61cf8c0c8a8 sha1: 55d16a52aa4b605175b50a2bc303f2a2f97946c3 size: 48640
Section.edata md5: 0f343b0931126a20f133d67c2b018a3b sha1: 60cacbf3d72e1e7834203da608037b1bf83b40e8 size: 1024
Section.idata md5: 34c53ed20f8cb65ce99f34f8199f5437 sha1: b68d416e08e1d3684a4c19b980c5aa0bb514c030 size: 2560
Section.rsrc md5: c390822ae5581424d1f5b28c21f037a9 sha1: ab3ccdef5231324ac0001596400e8d145fa8e3ea size: 8704
Timestamp2009-12-07 17:51:25
VersionLegalCopyright: Copyright © 2010 PC Tools. FK All rights reserved.
InternalName: kBmagk.exe
FileVersion: 7.0.0.61
CompanyName: videosoft
LegalTrademarks:
Comments:
ProductName: k u
ProductVersion: 7.0.0.61
FileDescription: DVideo Component Setupvt
OriginalFilename: kBmagk.exe
PEhashdc7c6d7b48ab71aa0d5be56dbe14be38010e887a
IMPhash0d3519ac77680eec3da1479013f9759d
AV360 SafeGen:Variant.Kazy.20071
AVAd-AwareGen:Variant.Kazy.20071
AVAlwil (avast)Renosator [Cryp]
AVArcabit (arcavir)Trojan.Jorik.Skor.aat
AVAuthentiumW32/FakeAlert.NW.gen!Eldorado
AVAvira (antivir)TR/Jorik.Skor.aat.9
AVBullGuardGen:Variant.Kazy.20071
AVCA (E-Trust Ino)Win32/Renos.D!generic
AVCAT (quickheal)Trojan.Renos.LN
AVClamAVTrojan.Jorik-137
AVDr. WebTrojan.DownLoader2.46375
AVEmsisoftGen:Variant.Kazy.20071
AVEset (nod32)Win32/TrojanDownloader.FakeAlert.BHX
AVFortinetW32/Diple.IZ!tr
AVFrisk (f-prot)W32/FakeAlert.NW.gen!Eldorado
AVF-SecurePacked:W32/TDSS.HZ
AVGrisoft (avg)Generic22.AAJR
AVIkarusTrojan.Win32.Jorik
AVK7Riskware ( 0040eff71 )
AVKasperskyWorm.Win32.Skor.an
AVMalwareBytesTrojan.Downloader
AVMcafeeDownloader-CEW.ar
AVMicrosoft Security EssentialsTrojanDownloader:Win32/Renos.PT
AVMicroWorld (escan)Gen:Variant.Kazy.20071
AVRisingTrojan.Win32.Generic.1286A75A
AVSophosMal/FakeAV-IZ
AVSymantecTrojan.FakeAV!gen52
AVTrend MicroTROJ_AGENT.SMAH
AVVirusBlokAda (vba32)BScope.Trojan-Inject.Popup.01658

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\\\x03\1806 ➝
NULL
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass ➝
1
Creates FilePIPE\wkssvc
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\Ogf..bat
Creates FileC:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat
Creates FileC:\Documents and Settings\Administrator\Cookies\index.dat
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat
Creates Process"C:\WINDOWS\system32\cmd.exe" /q /c "C:\Documents and Settings\Administrator\Local Settings\Temp\Ogf..bat" > nul 2> nul
Creates Mutexc:!documents and settings!administrator!local settings!history!history.ie5!
Creates MutexWininetConnectionMutex
Creates Mutexc:!documents and settings!administrator!cookies!
Creates Mutexc:!documents and settings!administrator!local settings!temporary internet files!content.ie5!

Process
↳ "C:\WINDOWS\system32\cmd.exe" /q /c "C:\Documents and Settings\Administrator\Local Settings\Temp\Ogf..bat" > nul 2> nul

Creates Filenul
Deletes FileC:\malware.exe
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temp\Ogf..bat

Network Details:

DNSslideshare.net
Type: A
108.174.2.100
DNSgoogle.ch
Type: A
74.125.225.159
DNSgoogle.ch
Type: A
74.125.225.143
DNSgoogle.ch
Type: A
74.125.225.151
DNSgoogle.ch
Type: A
74.125.225.152
DNSin.com
Type: A
123.108.40.13
DNSglickz.in
Type: A
DNSgrindbuzzchat.in
Type: A

Raw Pcap

Strings
..?
'

040904E4
 2010  PC Tools. FK All rights reserved. 
7.0.0.61
&About
Alt+
ANSI
ASCII
BBABORT
BBALL
BBCANCEL
BBCLOSE
BBHELP
BBIGNORE
BBNO
BBOK
BBRETRY
BBYES
BCD overflow
Big Endian Unicode
Comments
CompanyName
Copyright 
Ctrl+
Down
DVideo Component Setupvt
E&xit
&File
FileDescription
FileVersion
InternalName
Invalid owner=This control requires version 4.70 or greater of COMCTL32.DLL
Invalid SQL date/time values
kBmagk.exe
LegalCopyright
LegalTrademarks
LError loading dock zone from the stream. Expecting version %d, but found %d.#No OnGetItem event handler assigned
MAINMENU
&Open
OriginalFilename
PREVIEWGLYPH
ProductName
ProductVersion
Remote Login
Right
Shift+
%s is not a valid BCD value$Could not parse SQL TimeStamp string
StringFileInfo
Translation
Unicode
UTF-7
UTF-8
VarFileInfo
videosoft
VS_VERSION_INFO
0ET.dl
0jpK6d
/0["Lg
0P&P	Me
0StQZQqe
;#0u42
>10<\*
1b7OXo
1EEQiv
1|?k$H
2""333:"C8
2""#33:DC8
2$B""""C38
2C4"""D338
}2V0#8
]2WCx!f
3:"""""
:33:"$
"*"$33
3333:"$
33333?
333333
333333?
3333333
$3333333
#3333333
33333333
33333333333
333333333333
333333333333?
33333333?333333
333333333333333
333333333333333333
3333333333333338
3333333:3333333383
333333:"33333338
3333333333338
33333:"$3333338
3333:"$3333338
3333339
333333:"C3333338
333333DDD3
333338
33333833
:*3:"$3338
#33338
33338?383
3333Dc3333333
3333f3333333?
3333fc33333338
3333>fd333338
3334JC33333338?333
3336Dc3333338
3336fC3333338
:*"*"$3338
333838
333*C33
333DDD33333?
333>fC333333
333>fd333333
$334B"$3
334C33333338
33B$3333333
33DDDDD3333
33fd3>fC333
33>ffffc338
34""C33333833
37ysjXF
3B""$33333
3OKV5DUIE
4"*""C3338
4DF334DC33
5G987654w,1
5\^X,"
=5x)C"
^}7k$9
7z5[#e`
8%;8Eg
8Apr 2[92
>8_Lzk
8q/[9>
8-=SC[dW{+}RQ8P%~5
8@;=[X@
9J'?Q .
9& "vS
Aa8K}j
_AB,&DWS
.adata
AdjustWindowRectEx
_A*@iZs
aLzH0++t,)/+(*=>$f
|a``vI
$b3asic_wtr
_BuT8l
:"C333
"$c33333
c333333
"C333333
C3333333
C33333833?33
"C3338
c33*C333
"C8338
CallNextHookEx
CharLowerBuffA
ChildWindowFromPoint
CjC338
?c-ompFekf
`C=~[q
CreateMenu
CreatePopupMenu
~C:Y_.
d}1~t+
`.data
"dc3333833
D*C33383
:DC33:""$8
"DDB""$3
DefMDIChildProcA
DeleteMenu
DestroyCursor
DestroyMenu
;D<@$H
DhXqVL
DhzT55
DrawAnimatedRects
DrawFrameControl
DrawTextA
$D\:;S
Dyu,\.
E*8'{H
@.edata
EnableScrollBar
EndDialog
EnumWindows
enWQPM
EqualRect
ExitProcess
ExitThread
\faPqf
fC333?3
fC33333
fDFfC338
Ff2uw1qMV2p
F*F333383
fff3333
FillRect
FindWindowA
`Ft,Cur
f[,-v!6
GetClipboardData
GetCommandLineA
GetCPInfo
GetCurrentThread
GetCursorPos
GetFileAttributesA
GetFocus
GetForegroundWindow
GetLastActivePopup
GetLocaleInfoA
GetLocalTime
GetMenu
GetMenuItemCount
GetMenuState
GetModuleFileNameA
GetModuleHandleA
GetParent
GetStringTypeW
GetSysColor
GetVersion
GetWindow
GetWindowDC
GetWindowLongA
GetWindowPlacement
GetWindowRect
GetWindowTextA
GetWindowTextLengthA
gJpx7e
hGlPWTV
@.idata
InflateRect
IntersectRect
IsChild
IsDialogMessageW
IsWindowVisible
IsZoomed
"J333333
?"jAS4
"J"C3333
kBmagk.exe
kernel32.dll
KillTimer
L.KcEi
LoadIconA
LoadLibraryA
LocalReAlloc
%lPZ5e
lstrcmpA
lstrcpyA
lstrlenA
lstrlenW
L%T}St?\
L$<(WmP<
main.cpl
MapVirtualKeyA
MoveWindow
Mq.A4a
MswKri
naUm#UAC0
N	fihaY
nm6QPV
?n!posn
OemToCharA
Ofn:"=
OLEAUT32.DLL
oWO,Pg 
.?O>xf
PFX}VE
%Pg~tG
<pRptDX
%Q7wgd
&qb=5L
QSJk*k4
:;=qX@
.r(dat
r~Dv)'Zq
RegisterClassA
RegisterTypeLib
ReleaseCapture
_RflgP6qI4f7
rLiGoS
*rnbHw
@.rsrc
r SY~FEj
rtc	{{
rVhskt
SafeArrayCreate
SafeArrayGetElement
SafeArrayPtrOfIndex
SafeArrayUnaccessData
ScreenToClient
s!erth
SetActiveWindow
SetClassLongA
SetClipboardData
SetEndOfFile
SetErrorMode
SetForegroundWindow
SetLastError
SetPropA
SetTimer
SetWindowTextA
ShowWindow
SINdW9
sjuhtP
?slw6f|
SysFreeString
SysReAllocStringLen
SysStringLen
./t-(_
T3a4C5TmtiAaZ
T89G8_i
t;ax<1|
%;==t c
t:}eQT;z
tE-s;rh0%
:.texE
This program must be run under Win32
?_T+idy_z
TrackPopupMenu
TS(u"L
\txCuP
UEqH,(
UiAnD9BI
~Uj'?@
|$ul0]
\Um_\o~&
=UNIQS
UpdateWindow
user32.dll
%V==+"0`|p
VariantChangeType
vffzwa#
VirtualAlloc
VqgjU4
&V WN.
WaitMessage
WEluS{
WindowFromPoint
WriteFile
<?x?ml v
x-s&= 7y
]	xu;[
[|yh+2
YKdXwm
yYu29v
"z=;8t7
zTd ":
Zzw_YA