Analysis Date2014-09-11 14:42:28
MD5da5ed73d15826ff3a8c7d6a63b5d5bf0
SHA1cd0d5cbec0b7203a78edf4ed26cf5ce38ed41ed3

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
PEhash848e210a378b8e79b891553ba80722b57c46b36e
IMPhash

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\2c97_appcompat.txt
Creates FilePIPE\lsarpc
Creates ProcessC:\WINDOWS\system32\drwtsn32 -p 1220 -e 124 -g
Creates ProcessC:\WINDOWS\system32\dwwin.exe -x -s 168

Process
↳ C:\WINDOWS\system32\dwwin.exe -x -s 168

Process
↳ C:\WINDOWS\system32\drwtsn32 -p 1220 -e 124 -g

Network Details:


Raw Pcap

Strings

>`'	;:
3Rich]
}8;BJE
8(foah?:
9be8@S
a......
A@C0	j+.
${bZyM
*E'rU9
)g68n@
hP<	<#
kHrl(*
 m>`%7~)
.O~e@o]
] [ooO
PEC2TO
p^	/Up<
:t>HHv
!This program cannot be run in DOS mode.
TK&t`@
VI{xX?
xf#GSe
Y	PLg<B