Analysis Date2014-10-05 22:11:35
MD54a630f8fa311dd4629c9570f0207db0c
SHA1cd01034ef74ca6eeeb9d31ef1da72cf3d6e4cdb1

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 53787f265c64a08e2ada581295386a98 sha1: c8b9f996ae1975bf66d5af0ec0838bd2bfc2aac9 size: 11776
Section.data md5: 0d8ad4b53dfa70e80265e9341c15830c sha1: 038d9803bbdf16bb8af17b76a6596ff5d028fa12 size: 4096
Section.rdata md5: 7739a22b63fc5e53d812283d466517f1 sha1: d0b7015ed313f7c963e02fd55a6b63c09ce33948 size: 8704
Section.bss md5: d41d8cd98f00b204e9800998ecf8427e sha1: da39a3ee5e6b4b0d3255bfef95601890afd80709 size: 0
Section.idata md5: 09077e9aac3f524d7aaf369b9b3c093a sha1: 717b353d00c24e1309f66a51ed52a29d27950a88 size: 2048
Section.rsrc md5: 76ce6188faa7a195d462a669a41f92f9 sha1: 4889fd0bdd5e1fcb43df2c1ae6c8f3c74c1ef801 size: 136704
Section/6877976 md5: d23918c0aaf3d19d7f763f5dc2068db5 sha1: a408eeffbc239e03f7753985e20726c64ff12620 size: 512
Timestamp2013-07-05 06:44:47
PackerMingWin32 GCC 3.x
PEhash8ad3c1fcd7105cee2f34347805e434892713e07b
IMPhash4e3b383c154bd70261798c41266e3a80

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Network Details:


Raw Pcap

Strings
040904b0
7.61.48.0
Adjective gift stronger powder 
April pan production 
Comments
CompanyName
Copyright (C) Johnson influence excellent pen curious thee 
FileDescription
FileVersion
InternalName
Lack swing Eddy tax fifth July tape curve 
LegalCopyright
LegalTrademarks
Mighty
OriginalFilename
Pen.exe
Piano task becoming 
ProductName
ProductVersion
StringFileInfo
Translation
VarFileInfo
VS_VERSION_INFO
&0e9H?AMU'
0	Mm#0M;
1k+]`JEj
1Kr@HJL
1%?M]RR
1?qc_F
"2;hkx,U
2{J/Zt
3495318070236293447
3En1_Q
3@)IES'
%3Q}rbb
3x\h~x]
3';ZGk
43|Iw}D*
47O~KA1jYf
\4A]t>i]
4c1	<3
4$egu_
4`pAi2]
5#C%08Usp
5dWpEc
>^5K'{
>$(6[3
63YlGX$
/6877976
6G9X;X
=70^{bK
71TnZ<
'7KLr?
7R@Rl#
%7V|Y}
7z7+<_a
84"5\8z
8!!!bMNRDi@OEMD!jDSODM
8'''iSrIJFWqNBPhAtBDSNHI'ISCKK	CKK'
8'''uBFCwUHDBTTjBJHU^'lBUIBK
9'''`BSsOUBFCdHISB_S'lBUIBK
9P|a)F
9'''tBSsOUBFCdHISB_S'lBUIBK
{{9zTE
`a/"+*
A 5{YS
;&&&aCReIKKGHBjOHCg&mCTHCJ
ag	z6^
({aH6q
a-))*m
	AQ?b&
asctime
_assert
atexit
_#.aWm
b5o2SN/u
BackupWrite
...bGHK
bItlq`Mq
BJJ&~v
bsearch
`@.bss
C5zgYBP;u 
caU<nmL%o
CDY[i5s
_cexit
c';hZ9
ClearCommBreak
ClearCommError
C#LLe^
COMCTL32.DLL
CompareFileTime
CreateMappedBitmap
CreatePropertySheetPageA
_ctype
_C[X;b
$$$D23
d'6:nR3
=D+_}_8
@@.data
{+}d/f8
DLL xp
D;Os[&
	dP	]AF\NA]Z	H[L	HG	@EE\Z@FG
Dq@lI{
DrawInsert
d,;s)p
;'''dUBFSBwUHDBTTf'lBUIBK
+E3IO$N
ef$V/ .w
EMM!yq
)))e@OL	@Z	HG	@EE\Z@FG
_errno
erZutz
/eUYjf
ExitProcess
ey30uTno
*.<f3s
FeD@\Gk
/F~eWg-
_filbuf
F./..J
_fmode
F<Nw'4
Ft5%HQC
]FW,&l3
fyA~]/
g#AGO?
GBB[]GA@
G&\;Da
__getmainargs
   gETmODULEfILEnAMEa kERNEL
GetModuleHandleA
G#rH,G
g@W)FFmt
`H33S'
hicfS!X
hs9Zwa
[\H+;Xk
'i=4V*q
icfS!X
.idata
#''I)F
I&-F;>
if&&RH
@i;$:j
I}j|$1
InitCommonControls
InterlockedDecrement
_isctype
iu+-XkJQ4
I yz/0
_%J)189
JH)ze#
|{JJ<:
j$uM\u<I
KDpn>To
KERNEL32.dll
_kF:ww
Kk. ic)I
kz!o5{
%KZT;%
L~&,aNstu
lE_~+;
L_E'\q
L_E'\qj
LfI#9$V
^Lo:I'
LqRE$%
--l|S?>E
l'uQK/J7m[
l)ZUiJ
m<9-3C
M9B~Rv
^m}$ai
malloc
__mb_cur_max
mD6[7Fl1
memchr
memcpy
MenuHelp
[Mm!HC
msvcrt.dll
mv'(r07
@mWkfC
[N	6Ok
>?n8'<
NA'w0NMD
N&'&&B
nd><Nh
n(+/$k
N-RB^[
,&+#:o
Ogyl<nKHr
(O>&i}
`oM_	n.
_onexit
oNyV\k
opIQE`
OsGeP^C
|O|.{y
 $\[P%
P>7,ZM
p]>	=8
PADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDING
_pctype
_p(!~D
__p__environ
>pes}m
__p__fmode
printf
Pr!%mP!
\PRzfGAX
PtsK^2
'''pUNSBwUHDBTTjBJHU^'lBUIBK
Q16~Hvq
	q(aa0
qI3`0.
.Q^-Ls
}Qly"-X
>'''qNUSRFKaUBB'lBUIBK
;'''qNUSRFKfKKHDb_'lBUIBK
='''qNUSRFKfKKHD'lBUIBK
qoC4e%/8
q	oK4y
q*OP4	
qrU	`k
~Q|U* 
.rdata
).Rm1)=
R|^t`p
?*'s"\
s3As$j]
S"4N?&}
.sD:.{)_
__set_app_type
setlocale
_setmode
SetUnhandledExceptionFilter
setvbuf
signal
SjaAuL
"*SO.a
sr?s'	r
s,?T>4
strftime
_strnicmp
strtod
strxfrm
s@|,tx^#L
sUn*'I
-t][ !
!This program cannot be run in DOS mode.
tJuhm@'
TlsSetValue
!Tn~hH|B
|TryQ1
&Tsr7b
tw1+KT7
#tYQ;zj
.u*)<	
 &:>U	
;u@7RA
='''uBTRJBsOUBFC'lBUIBK
U@j1@	(
 @_+uk
ungetc
@v[>4S@3	
}>v9.{
# VeE!
VirtualProtectEx
v+	ju:
$$$$vt
VUw%}Iz
;vx,|6$
{:VxOqp
W\5H@AK-
w?5.V8^
!@)W7~iRv
W>7 +QCix
#wD?*k
W.-G90I^
Wi	Tz6
xA1/'(
~x_H!@7T
$ xHLDK"
x`'{,:n
X-R,/f
X@R	Vz
 xs~mxa9E
@xT_'^
XVpWSi+Ed
XX0_d;
!Y&AF:
Y%GV*`8
y|[	Oc
YO$pD!3F
YQR:35
*Yq*S?R
Y-R@ )
Yurqra
y.W?l>
z|;6L3
*zd,gt
zE{mWE
ZFA[IFZ]
'<zMJB
$zS%pR