Analysis Date2014-01-15 17:11:01
MD5f3c24677e900225d9fe3a9abb8326eb1
SHA1df692ddbbd9c562f47a0a9f70915b7e829ddfa27

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 7c5b99f30b0ed659b4c0024a29335a04 sha1: 08e56e397e3ce5de2b9c96a7cd282dcdd2226813 size: 241664
Section.rdata md5: e5771bd92fd94521171bfbc2cfda8913 sha1: c49149b847c5435e1eba3543648db4580d8f8667 size: 7168
Section.data md5: c8f8c306f2725ef4407bfc9a6027dfa4 sha1: 270dbfc7ff323b6d64fa1a61dc252fdf55bfdfcf size: 512
Section.rsrc md5: 7a873e7847a31b989096b8a7d4b6acde sha1: d06057ad3b7f13472656935aa8e5aea1bfe8a23c size: 1024
Timestamp2004-06-04 10:04:11
VersionLegalCopyright: 1996-2005
Web: vvwknviswbayc
FileVersion: 57.52.27.23
Author: oojsftokhjfvqxg
CompanyName: bckyefgvmdmixagmvj
Comments: wfkepflflcegcd
FileDescription: uygcekjani
Internal Name: lsixuvuhgmesdvqtkv
PEhash094c84cf29e418dce809fd8b0d3c5cb383a677a8
AVavgSHeur3.AVUB
AVmcafeePWS-Spyeye.d
AVclamavTrojan.Spy.Zbot-440

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates Mutex__execxx__

Process
↳ C:\WINDOWS\Explorer.EXE

RegistryHKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\driversxxx.exe ➝
C:\driversxxx.exe\driversxxx.exe
Creates FileC:\driversxxx.exe\driversxxx.exe
Creates FileC:\driversxxx.exe
Creates FileC:\driversxxx.exe\config.bin
Deletes FileC:\malware.exe
Creates ProcessC:\driversxxx.exe\driversxxx.exe
Creates Mutex__execxx__

Process
↳ C:\driversxxx.exe\driversxxx.exe

Creates Mutex__execxx__
Creates MutexDBWinMutex

Process
↳ \??\C:\WINDOWS\system32\winlogon.exe

Process
↳ C:\WINDOWS\system32\lsass.exe

Creates FilePIPE\lsarpc
Creates File\Device\Afd\Endpoint
Creates FileUNC\WORKGROUP*\MAILSLOT\NET\NETLOGON
Winsock DNS192.168.1.1

Process
↳ C:\WINDOWS\system32\svchost.exe

Process
↳ C:\WINDOWS\system32\svchost.exe

Process
↳ C:\WINDOWS\System32\svchost.exe

RegistryHKEY_LOCAL_MACHINE\Software\Microsoft\WBEM\CIMOM\List of event-active namespaces ➝
NULL
Creates FilePIPE\lsarpc
Creates FileC:\WINDOWS\system32\WBEM\Repository\$WinMgmt.CFG
Creates FileC:\WINDOWS\system32\WBEM\Logs\wbemess.log
Creates Mutex\BaseNamedObjects\__SPYNET_REPALREADYSENDED__

Process
↳ C:\WINDOWS\system32\svchost.exe

Process
↳ C:\WINDOWS\system32\svchost.exe

Creates Mutex\BaseNamedObjects\__SPYNET_REPALREADYSENDED__

Process
↳ C:\WINDOWS\system32\spoolsv.exe

RegistryHKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Print\BeepEnabled ➝
NULL
RegistryHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Print\TypesSupported ➝
7
RegistryHKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Print\Printers\SymbolicLinkValue ➝
NULL
RegistryHKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Print\Printers\DefaultSpoolDirectory ➝
C:\WINDOWS\System32\spool\PRINTERS\\x00

Process
↳ C:\WINDOWS\System32\alg.exe

Network Details:


Raw Pcap

Strings
040904B0
1996-2005
57.52.27.23
9lYi
Author
bckyefgvmdmixagmvj
Comments
CompanyName
dD o
DYgD
`E3W
FileDescription
FileVersion
Internal Name
k@p<
LegalCopyright
lsixuvuhgmesdvqtkv
nv+U
oojsftokhjfvqxg
StringFileInfo
@#SZM
Translation
@uT|
uygcekjani
VarFileInfo
VS_VERSION_INFO
vvwknviswbayc
*w9D
wfkepflflcegcd
2685@#
AdjustWindowRectEx
AppendMenuA
BeginPaint
CallWindowProcA
CharLowerA
CharUpperA
CheckDlgButton
CheckMenuItem
CheckRadioButton
ChildWindowFromPoint
ClientToScreen
ClipCursor
CloseClipboard
CloseHandle
CoInitialize
comctl32.dll
CompareFileTime
CopyImage
CoTaskMemFree
CreateDialogParamA
CreateFileA
CreateMenu
CreatePipe
CreatePopupMenu
CreateProcessA
CreatePropertySheetPageA
CreatePropertySheetPageW
CreateStatusWindowA
CreateStatusWindowW
CreateToolbarEx
CreateWindowExA
@.data
DefFrameProcA
DefMDIChildProcA
DefWindowProcA
DeleteFileA
DeleteMenu
DestroyCursor
DestroyIcon
DestroyMenu
DestroyPropertySheetPage
DestroyWindow
DialogBoxParamA
DispatchMessageA
DragQueryFileA
DrawCaption
DrawEdge
DrawFrameControl
DrawMenuBar
DrawTextA
dy24yR$
EmptyClipboard
EnableMenuItem
EnableWindow
EndDialog
EndPaint
EnumChildWindows
ExitProcess
FillRect
FindClose
FindFirstFileA
FindNextFileA
FrameRect
FreeLibrary
GetACP
GetCapture
GetCaretPos
GetClassInfoExA
GetClientRect
GetClipboardData
GetCommandLineA
GetCommandLineW
GetCurrentDirectoryA
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetCursor
GetCursorPos
GetDesktopWindow
GetDialogBaseUnits
GetDlgItem
GetDlgItemInt
GetDlgItemTextA
GetDoubleClickTime
GetExitCodeProcess
GetFileAttributesA
GetFileSize
GetFileTime
GetFileVersionInfoA
GetFileVersionInfoSizeA
GetFocus
GetForegroundWindow
GetKeyState
GetMenuItemCount
GetMenuItemInfoA
GetMessageA
GetModuleFileNameA
GetModuleHandleA
GetModuleHandleW
GetParent
GetPrivateProfileIntA
GetPrivateProfileStringA
GetPrivateProfileStructA
GetProcAddress
GetProcessHeap
GetScrollPos
GetSysColor
GetSysColorBrush
GetSystemMetrics
GetTabbedTextExtentA
GetTickCount
GetTopWindow
GetWindow
GetWindowLongA
GetWindowPlacement
GetWindowRect
GetWindowTextA
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
h1211P
h1536S
HeapAlloc
HeapFree
HeapReAlloc
ImageList_Add
ImageList_AddMasked
ImageList_BeginDrag
ImageList_Create
ImageList_Destroy
ImageList_DragEnter
ImageList_DragLeave
ImageList_DragMove
ImageList_DragShowNolock
ImageList_Draw
ImageList_EndDrag
ImageList_GetIcon
ImageList_GetImageCount
ImageList_GetImageInfo
ImageList_LoadImageA
ImageList_LoadImageW
ImageList_Merge
ImageList_Read
ImageList_Remove
ImageList_ReplaceIcon
ImageList_SetBkColor
ImageList_SetIconSize
ImageList_SetImageCount
ImageList_SetOverlayImage
ImageList_Write
InitCommonControls
InitCommonControlsEx
InsertMenuItemA
InvalidateRect
IsCharUpperA
IsClipboardFormatAvailable
IsDialogMessageA
IsDlgButtonChecked
IsIconic
IsWindowEnabled
IsWindowVisible
IsZoomed
j5Ph5117
j7h2256
j7h2657Rj8
j7Sh42
j8j2j7
KERNEL32.DLL
KillTimer
LoadAcceleratorsA
LoadCursorA
LoadIconA
LoadImageA
LoadLibraryA
LoadStringA
LocalAlloc
LocalFree
LockWindowUpdate
lstrcatA
lstrcmpA
lstrcmpiA
lstrcpyA
lstrcpynA
lstrlenA
MapWindowPoints
MessageBoxA
ModifyMenuA
MoveWindow
MulDiv
MultiByteToWideChar
NJyrgy
OffsetRect
ole32.dll
OleInitialize
OleUninitialize
OpenClipboard
PeekMessageA
PeekNamedPipe
Pj1h71
PostMessageA
PostQuitMessage
PPh6447S
PropertySheetA
PropertySheetW
PtInRect
Qh2673
Qj6h44
`.rdata
ReadFile
RedrawWindow
RegisterClassExA
RegisterClipboardFormatA
ReleaseCapture
ReleaseDC
Rh6131
Rh8567Vj4
RSj5h38
RtlMoveMemory
RtlZeroMemory
ScreenToClient
SendDlgItemMessageA
SendMessageA
SetCapture
SetClipboardData
SetCurrentDirectoryA
SetCursor
SetDlgItemTextA
SetFocus
SetForegroundWindow
SetMenu
SetMenuItemInfoA
SetParent
SetScrollInfo
SetScrollPos
SetTimer
SetUnhandledExceptionFilter
SetWindowLongA
SetWindowPlacement
SetWindowPos
SetWindowTextA
SHAddToRecentDocs
SHBrowseForFolderA
shell32.dll
Shell_NotifyIconA
SHFileOperationA
SHGetPathFromIDListA
ShowWindow
SystemParametersInfoA
TabbedTextOutA
TerminateProcess
!This program cannot be run in DOS mode.
_TrackMouseEvent
TrackPopupMenu
TranslateAcceleratorA
TranslateMDISysAccel
TranslateMessage
UnhookWinEvent
UpdateWindow
USER32.DLL
VerQueryValueA
version.dll
VirtualAlloc
VirtualFree
WindowFromPoint
WinHelpA
WriteFile
WritePrivateProfileSectionA
WritePrivateProfileStringA
WritePrivateProfileStructA
wsprintfA
wy^wy_
yrwyRg
y:wyZwy
)z90(Z