Analysis Date2013-08-09 10:43:50
MD531a2c1e1d8b967c075b6ef9dc6f5bcf4
SHA1cd3759edf7f1d2792c3dacbb2e9b58ba9bd4c851

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
SectionUPX0 md5: d41d8cd98f00b204e9800998ecf8427e sha1: da39a3ee5e6b4b0d3255bfef95601890afd80709 size: 0
SectionUPX1 md5: 395428244c0f26b657476acae6ad3a7e sha1: 8012a0c4f96f740ce7ed6d4e461e4585dcc64fdb size: 16896
Section.rsrc md5: 5fd55ec9b7aea1ba5e4d7e78d8434b48 sha1: 51be240ae33f2012d75509f483606bbe924a9155 size: 5632
Timestamp2002-09-11 01:21:20
VersionLegalCopyright: Copyright (C) by 鬼束 裕之 2002
InternalName: deczip
FileVersion: 1.31.3
CompanyName: pon software
PrivateBuild:
LegalTrademarks:
Comments:
ProductName: decode ZIP
SpecialBuild:
ProductVersion: 1.31.3
FileDescription: Win32 Zip自己解凍書庫
OriginalFilename: deczip.exe
PackerUPX -> www.upx.sourceforge.net
PEhash0257be868a71f364d57bd88f3d0529fd4294d6ce

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates FileC:\DKANRI.ini
Creates FileC:\HACHU.ini
Creates FileC:\GASPDKI01X.xls
Creates FileC:\execute.bat
Creates FileC:\master.csv_TAISEI
Creates FileC:\DEKTAISEI29021313024501-001.csv
Creates FileC:\BackstageCtrl.xlam
Creates FileC:\DEKTAISEI29021313024501-001.sta
Creates FileC:\RibbonCtrl.xlam

Process
↳ C:\WINDOWS\system32\cmd.exe

Creates FilePIPE\wkssvc

Network Details:


Raw Pcap

Strings