Analysis Date2013-10-25 16:35:20
MD5969537f634e6a54faefaaf17e13ef105
SHA1ccab294a318a614996585e43e3c8e3e20b85a17c

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
SectionUPX0 md5: d41d8cd98f00b204e9800998ecf8427e sha1: da39a3ee5e6b4b0d3255bfef95601890afd80709 size: 0
SectionUpX2 md5: f488622fba4553dbd8a6daa94e6b4125 sha1: 3c2aedc0b4ff51008ed5ea62fb932f6c7b665d4f size: 10752
Section.rsrc md5: e7568447382cd11f1f8389b0e1ffcf21 sha1: e241c513ef7402c27af0185f60a4fb606be365a7 size: 6144
Timestamp2013-10-02 22:40:41
VersionInternalName: oilkiukjjhjiyuhjbnhuhiu
FileVersion: oilkiukjjhjiyuhjbnhuhiu
CompanyName: oilkiukjjhjiyuhjbnhuhiu
ProductName: oilkiukjjhjiyuhjbnhuhiu
ProductVersion: oilkiukjjhjiyuhjbnhuhiu
FileDescription: oilkiukjjhjiyuhjbnhuhiu
OriginalFilename: oilkiukjjhjiyuhjbnhuhiu
PackerUPX -> www.upx.sourceforge.net
PEhashda37bd816a9e5101b839856051261212d8271b23
AVavgPSW.Generic12.FCP
AVaviraTR/Crypt.ULPM.Gen

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Network Details:


Raw Pcap

Strings
046504b0
CompanyName
FileDescription
FileVersion
InternalName
oilkiukjjhjiyuhjbnhuhiu
OriginalFilename
ProductName
ProductVersion
StringFileInfo
Translation
VarFileInfo
VS_VERSION_INFO
?^=<][
0)`^J5T
#2{>OK
3DRlr1
8/%SF~p
8s=)k4
9l$\w_
:(a9HUBf\
B>.Gd@e
*bKPEC
) bXDK
C07zgD
CoUninitialize
dC<(ese
.)D$H)
D$t+D$\
D$t#D$h
ExitProcess
FillRect
GDI32.DLL
GetDIBits
GetProcAddress
gy(.SJ
{<jga3
.JTlDv])
%j@y8f
KERNEL32.DLL
l76O&X
LoadLibraryA
m@3bT4|
memset
MSVCRT.dll
$$My\-
[MYH3/0
OLE32.DLL
p&4y"ij
Qzu\\t
RjARp&
 run in DOS mode.
s`)L$4
sLh@4|
T5/&[3
!This program cannot 
)tp){b
t$t#t$l
}tyfAS
udhf!= 
@upbLs
USER32.DLL
V|)'Hn
VirtualAlloc
VirtualFree
VirtualProtect
\vOj2<
VVCb|'
WeEDHgNe
WeEDHgNe25XUUQOQTXVQQTTTPPSVWWTXQOOQTVQQXROOPUTVPOWUPWPPXQWeEDHgNe
{?['Wy
XPTPSW
xyOsxN
yxh AZ@