Analysis Date2014-01-03 10:54:20
MD5c044715c2626ab515f6c85a21c47c7dd
SHA1d637e2ebee25fd7bcfb8fcdb4bc5456805ee8d7f

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: b049c510153c0a0b2072bd849c7725dd sha1: 4a6e23f0a518c856dd07be20dd5a7a87cd009208 size: 7680
Section.rdata md5: 74a74f4b8c4a9208b04e5a009454a01f sha1: 5f24336329755cea7c55d977a79d6aaf5eda3d78 size: 3072
Section.data md5: f54cc8a58c81ebcb4e9886b5d42d4a7a sha1: aa95333e97fd4177a29e6baa1ffa431a93f0a747 size: 2560
Timestamp2011-10-14 11:58:04
PackerMicrosoft Visual C++ v6.0
PEhashc66ec479ab1cad367fc6724def4764b98e1f0f48
AVavgAgent3.AUCG
AVaviraTR/Spy.Gen
AVclamavWin.Trojan.Agent-195590
AVmcafeeBackDoor!dtb

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates MutexGlobal\AdobeReaderX

Network Details:

DNSflash.cnndaily.com
Type: A

Raw Pcap

Strings
20111014
%-24s %s
%-26s %5d
??2@YAPAXI@Z
??3@YAXPAX@Z
Accept:*/*
_acmdln
_adjust_fdiv
Adobe Reader Speed Launcher
ADVAPI32.dll
AllocConsole
 and the PID is %d
Cache-Control:max-age=0
Cache-Control:no-cache
CD-ROM		
CloseHandle
CloseServiceHandle
\cmd.exe
CmdPath=
Computer:
%ComSpec%
CONIN$
Content-Length: %d
_controlfp
ControlService
ControlService failed!
Create failed with %d!
CreateFileA
CreateMutexA
CreatePipe
CreateProcessA
CreateProcessAsUserA
CreateProcess failed!
CreateThread
CreateToolhelp32Snapshot
__CxxFrameHandler
@.data
EnumServicesStatusExA
error no RegCreateKeyEx %s
error no RegSetValueEx %s
_except_handler3
ExpandEnvironmentStringsA
Failed!
Failed with %d!
FileSize:	%d
Fixed		
GetComputerNameA
GetConsoleDisplayMode
GetCurrentProcess
GetDriveTypeA
GetExitCodeProcess
GetFileAttributesA
GetFileAttributes Error code: %d
GetFileSize
GetLastError
GetLogicalDrives
__getmainargs
GetModuleFileNameA
GetModuleHandleA
GetStartupInfoA
GetSystemDirectoryA
geturl
GetUserNameExA
GetVolumeInformationA
GetWindowsDirectoryA
Global\AdobeReaderX
<h1>Bad Request (Invalid Hostname)</h1>
HttpAddRequestHeadersA
HttpOpenRequestA
HttpSendRequestA
_initterm
/install
InternetCloseHandle
InternetConnectA
InternetOpenA
InternetQueryOptionA
InternetReadFile
InternetSetOptionA
Invalid		
KERNEL32.dll
list process failed!
list service failed!
lstrcatA
memset
Mozilla/5.0
MSVCRT.dll
OpenP failed with %d!
OpenProcess
OpenProcessToken
OpenSCManagerA
OpenSCManager failed!
OpenServiceA
OpenService failed!
OpenT failed with %d!
__p__commode
PeekNamedPipe
__p__fmode
pidrun
Pragma:no-cache
printf
Process32First
Process32Next
Process cmd.exe exited!
Program started!
Proxy-Connection:Keep-Alive
PVVVWV
QVVVPVV
Ramdisk		
`.rdata
ReadFile
RegCloseKey
RegCreateKeyExA
RegDeleteValueA
RegOpenKeyA
RegSetValueExA
Remote		
Removeable		
%*[^/]%*[/]%*[^/]%s
%s Connected!
Secur32.dll
Service does not exist!
Service doesn't start!
Service is running already!
Service started!
Service still running!
Service stopped!
Service stop pending!
__set_app_type
SetCurrentDirectoryA
SetStdHandle
__setusermatherr
Shell started fail!
Shell started successfully!
Shell started,wait to terminate it.....
Sleep Time:
Software\Microsoft\Windows\CurrentVersion\Policies\EXPlorer\Run
So long!
sprintf
sscanf
Started already,
StartServiceA
StartService failed!
Start shell first.
strcat
_strcmpi
strcpy
strlen
strrchr
Syntax error!
Syntax error!	Usage:	getf/putf FileName <N>
Syntax error!	Usage:	GetUrl URL FileName
Syntax error!	Usage:	kill </p|/s> <pid|ServiceName>
Syntax error!	Usage:	list </p|/s|/d>
Syntax error!	Usage:	start </p|/s> <filename|ServiceName>
t4j SV3
\tasks
TerminateProcess
!This program cannot be run in DOS mode.
t<Ht2Ht(Ht
t:hXE@
Totally %d volumes found.
/uninstall
Unkown		
URLDownloadToFileA
urlmon.dll
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU
Volume on this computer:
Volume	Type		Volume Name
W95HH@
WaitForSingleObject
whoami
WININET.dll
WPhpB@
WriteConsoleInputA
WriteFile
_XcptFilter
YYh<E@
YYSSSSS
YYt5j\