Analysis Date2014-03-08 18:15:01
MD5af04b5064ed70a0591cc7c57d4088595
SHA1cb73b3b49409ee23357fbf2bf559b8d3d03a5e15

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 9b124eacebc775c306f0f3f23f082655 sha1: ac097fdf2c591640d4f6b39eb4d611c44a037c28 size: 12288
Section.rdata md5: 77a3d52bc49d56614ee44acf451bafcc sha1: cfe0d3110067d76dbfd9ad81fa4d934dde334863 size: 4096
Section.data md5: 07095078a999bf4bb4ca6d831513bce1 sha1: 3c805fdd565868ce2f156e7c8f27e6430815b162 size: 4096
Section.rsrc md5: 7e5ef717e6451f51af3405b4aeec022c sha1: a43f005119b2bc3d039f6685c4dfa02edc600756 size: 94208
Timestamp2009-06-13 12:28:10
VersionLegalCopyright: Copyright © SexyReplay Corp. 2008-2009
InternalName: SOACS bypass
FileVersion: 1, 0, 0, 1
CompanyName: SexyReplay Corp.
PrivateBuild: 6.0
LegalTrademarks: SOACS bypass
Comments: SOACS bypass
ProductName: SOACS bypass
SpecialBuild: 6.0
ProductVersion: 1, 0, 0, 1
FileDescription: SOACS bypass
OriginalFilename: SOACS.exe
PackerInstaller VISE Custom
PEhashf87c5001a1152b768eef4a50465ca8bb18523044
IMPhashc7386d3a7786f4c8ed0cf6c1417a5643
AVclamavWin.Trojan.253511
AVaviraTR/Inject.asis
AVavgGeneric16.AESC
AVmsseTrojan:Win32/Trufip!rts

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates Processfasfsdffsdaf.exe

Process
↳ fasfsdffsdaf.exe

Network Details:


Raw Pcap

Strings
\
. 

041F04B0
1, 0, 0, 1
Comments
CompanyName
Copyright 
FileDescription
FileVersion
         (((((                  H
InternalName
LegalCopyright
LegalTrademarks
OriginalFilename
PrivateBuild
ProductName
ProductVersion
SexyReplay Corp.
 SexyReplay Corp. 2008-2009
SOACS bypass
SOACS.exe
SpecialBuild
StringFileInfo
Translation
VarFileInfo
VS_VERSION_INFO
0`h4kx
2a:JkL
2\jx(M
2q&AT/B
330NBd
3'd<Vd
4G>J\z
6RMw!/)x\
7=b4h!Z3
7+@_lS
7<ng8|
7+,]|q
7	X)<A
8cG#?'
&	8Cqcrs'
8Pm@i*|
_9=\U@
A&1Ls/
abnormal program termination
Af\80x4j
b.l5x>h
>'B*	Mf%
B'`:Qq:
Bq<vi3
b~~!?v
?|c=?4
c / o=
CreateProcessA
@.data
dg)/<]
)^D HP
D-,k4#
DOMAIN error
DSUVWh
	?erhS
EUeefe
ExitProcess
F3B#n|
fasfsdffsdaf.exe
- floating point not loaded
fRa:-_
FreeEnvironmentStringsA
FreeEnvironmentStringsW
g_6LYF
gCD,p4M
GetACP
GetActiveWindow
GetCommandLineA
GetCPInfo
GetCurrentProcess
GetEnvironmentStrings
GetEnvironmentStringsW
GetFileType
GetLastActivePopup
GetModuleFileNameA
GetModuleHandleA
GetOEMCP
GetProcAddress
GetStartupInfoA
GetStdHandle
GetStringTypeA
GetStringTypeW
GetVersion
g)W?|g
h5",,t_
HeapAlloc
HeapCreate
HeapDestroy
HeapFree
HeapReAlloc
HeapSize
(H`lMU
IB1N-_
IDAT{fi
I"lNkS|
ISa{/5=
I.Ysy|
;`i}yt	
i`YYRJf
J$eE:`
KERNEL32.dll
LA8Ks|
LCMapStringA
LCMapStringW
leK=T^?{
l{j^EY
LoadLibraryA
M?BO1N
MessageBoxA
Microsoft Visual C++ Runtime Library
MultiByteToWideChar
mZ!U U
!n},?\
N')NF	H
No Socket Connect !..
- not enough space for arguments
- not enough space for environment
- not enough space for lowio initialization
- not enough space for _onexit/atexit table
- not enough space for stdio initialization
- not enough space for thread data
'nY~f:
+<O#/*
O=}	++
Oef0+JM
`o/EKY
O,t!.n
PR2~@.-<M,
Program: 
<program name unknown>
- pure virtual function call
q 0nIa
qMs7}Yy
q[`wzQ
r3i$`o
`.rdata
RtlUnwind
runtime error 
Runtime Error!
?r,x[+
SetHandleCount
SING error
SOACS bypass isn't connect Socket..Because SOACS is Crack Fix.ByBy,Hack :S 
SS@SSPVSS
s_X*)-
TerminateProcess
!This program cannot be run in DOS mode.
TLOSS error
t#SSUP
t.;t$$t(
t$$VSS
]UH[!8/
<UJMN8
- unable to initialize heap
- unable to open console device
- unexpected heap error
- unexpected multithread lock error
UnhandledExceptionFilter
user32.dll
USER32.dll
VC20XC00U
VirtualAlloc
VirtualFree
+[@V@n?
V|ozulL
WideCharToMultiByte
`W_P&_
WriteFile
w#u\xF
x8Lp~%
X[	8v$b
X&AL3x5
*xh-bs
XnBkmk
\YMh6B
_^][YY
YYh(P@
Z1D;F6L@
<z>|c&