Analysis Date2015-02-01 14:20:09
MD5b893dc16a29d97c7a2911e8359241ab3
SHA1e5f852b3300fe970a502b413acba27aee6ffdb83

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: cc1a5088904d46afef4b96f3221c34e6 sha1: a917ecf13c1c7a95e974d2c66075cb61fa4415a6 size: 125440
Section.rsrc md5: 53526b3d7002cb07d54c1bbb838e43e4 sha1: c638b8cfe20bf423c908e11b75f933bf284e5338 size: 15360
Timestamp2007-08-20 23:10:30
VersionLegalCopyright: Copyright (C) 2003
InternalName: freegate
FileVersion: 1, 0, 0, 1
CompanyName:
PrivateBuild:
LegalTrademarks:
Comments:
ProductName: freegate Application
SpecialBuild:
ProductVersion: 1, 0, 0, 1
FileDescription: freegate MFC Application
OriginalFilename: freegate.EXE
PackerPeCompact 2.xx (Slim Loader) -> BitSum Technologies
PEhash81573c23729479b96d53c2ffababbcadbbf01f80
IMPhash09d0478591d4f788cb3e5ea416c25237
AV360 Safeno_virus
AVAd-AwareBackdoor.Generic.944163
AVAlwil (avast)Malware-gen:Win32:Malware-gen
AVArcabit (arcavir)Backdoor.Generic.944163
AVAuthentiumno_virus
AVAvira (antivir)no_virus
AVBullGuardBackdoor.Generic.944163
AVCA (E-Trust Ino)no_virus
AVCAT (quickheal)no_virus
AVClamAVno_virus
AVDr. WebBackDoor.Zhou.15
AVEmsisoftBackdoor.Generic.944163
AVEset (nod32)no_virus
AVFortinetno_virus
AVFrisk (f-prot)no_virus
AVF-SecureBackdoor.Generic.944163
AVGrisoft (avg)Proxy.AQRW
AVIkarusVirus.Win32.Agent
AVK7Backdoor ( 04c4de821 )
AVKasperskyno_virus
AVMalwareBytesno_virus
AVMcafeeno_virus
AVMicrosoft Security Essentialsno_virus
AVMicroWorld (escan)no_virus
AVRisingno_virus
AVSophosno_virus
AVSymantecno_virus
AVTrend Microno_virus
AVVirusBlokAda (vba32)no_virus

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

RegistryHKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Dgdebdtf ➝
54272
RegistryHKEY_CURRENT_CONFIG\Software\Microsoft\windows\CurrentVersion\Internet Settings\ProxyEnable ➝
NULL
Creates FileC:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat
Creates FileC:\Documents and Settings\Administrator\Cookies\index.dat
Creates FilePhysicalDrive0
Creates FilePIPE\lsarpc
Creates File\Device\Afd\Endpoint
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat
Creates File\Device\Netbios
Creates Mutexc:!documents and settings!administrator!local settings!history!history.ie5!
Creates MutexWininetConnectionMutex
Creates Mutexc:!documents and settings!administrator!cookies!
Creates Mutexc:!documents and settings!administrator!local settings!temporary internet files!content.ie5!

Network Details:

DNSw65.ziyoulonglive.com
Type: A
DNSw61.ziyoulonglive.com
Type: A
DNSw62.ziyoulonglive.com
Type: A
DNSw63.ziyoulonglive.com
Type: A
DNSw64.ziyoulonglive.com
Type: A
Flows UDP192.168.1.1:1031 ➝ 194.58.78.41:53
Flows UDP192.168.1.1:1031 ➝ 216.54.226.100:53
Flows UDP192.168.1.1:1031 ➝ 74.52.71.179:53
Flows UDP192.168.1.1:1031 ➝ 198.107.0.14:53
Flows UDP192.168.1.1:1031 ➝ 203.248.116.42:53
Flows UDP192.168.1.1:1031 ➝ 194.58.78.41:53

Raw Pcap

Strings
.}2
.
..
&
g
.
B
1....
..
...
040904b0
1, 0, 0, 1
Comments
CompanyName
Copyright (C) 2003
FileDescription
FileVersion
freegate
freegate Application
freegate.EXE
freegate MFC Application
InternalName
LegalCopyright
LegalTrademarks
OriginalFilename
PrivateBuild
ProductName
ProductVersion
SpecialBuild
StringFileInfo
Translation
VarFileInfo
VS_VERSION_INFO
)@@*(,(
0g=|BU
`0x^1<
?/0ZnZ
:1%53FI
~188881~
^1N3{L
1Q12c`
2!>M)1
2\<(-MUUVVVV
)2~sT*
2YYhr-s
 2zf 16
3dO#a)T'b'
'4|0$Ln/
#@(4tIK
5;!:9;
5v!spO]/=
6tx}.EL{K
6;)_V5
7'TDoy
7uJ)S_QAZ
881PWS9N
~8880000/01
,'8V+B
)90kp0:`
	 9)2]
9DEhI!
=]9LTbh}
:9V< K
A3KQ7Qw
aH2$at.
Ai6V|g
aJWQg}
AKJ[k3\
ARZ`N(2
;B{8Ln
 BB	<V
]BRjg_
b\SL*yf"
C}[7^/
CloseHandle
CQyB3^
@d FHn
Dg+nnR
$d"JI5
]dOQCS
DRjRj2
D!ubjh
E+4C!l
>E>6Eq
eerYek
e&u,	 
ExitProcess
#(EYPQ
f*-28K
fA	F/L
fMR;Ve
FQb+t<7
=)FRlO
fXGj>P
G''+9T
&G'c' 
GeASV_
GetProcAddress
-+gL#KL
G%op#H
g*pWiVE
g\{QG-
GR1k*",K.
gr<]lq
gwQEjx
^H?11P
h"5@hD
Ha,RTa
hdWTZis
h_<Ges
*HIb"|
HPgB*%x
HQ@He@lx$*
H\r@#-
H!r_lih
h?$u&iU
H~vql1
?\!i9Gt
|IjEUb
i@@@,-P
iQR_Qu
irtualtect
`ISo$<
_IYyP>
i@;ZYd
\jAZ2]Y	
j^h!H$
j@hQjV
jj5F\Q(
jp3Nab
jPB!p8
J~pq'U
~J:TJ*
k1jC LB
K8#[5+*,
kernel32.dll
$+%kg1
KLBU}.Y
[Ko@W(hM"nj
kWTu!Oq
	'+l1M
<.laN 
lKDZR-
Ln2(Zf
LoadLibraryA
l)("SRrT
/:M<BN
M&D1%tn0
M,?{F-C'
mF`NM#H"
Mk,t,`
MLKDc: 
?mY+.2
N34;2#
"O9`@)%vbj
O%'CQiAji9q
+oF	yut6
	omM"D
OW%&cv
+`PPc.
P-@U@VAVX
~%q]##
q08"*u
Q**1P\
@QAeR!
QFr9#M
qN1``V
QRVO%y
QX]kfmgzC
Qy/kVS
R+BwM$
*?RGO4
RGZ8JX
rH2FGBme
RKp%|ef
,^,rnd
rq$X^.
Ru2V[\
rV0K(~(
RYJI2K
s0-Z]?
S)F ;gf
sgGFkp
]Sm,lc
S;-+P5**
$[S^q*1
SrJJ!#
sRL}M$
S&$S'S
S&+S.S
'sY!sW
T1@LD 
TF1F{r%
:tGK&q
!This program cannot be run in DOS mode.
&t*@PWQS
T\S=<O
tT1B-#\
@tt'tA
t$xwWDc
[#U!,'
UeL2e0eh2
]!Ui-"
uJ&=dL
)uLJ]T
umxxmu
U*Pms9+
%UPRd`oLRVit
uR.R0g
USQWVR
usRWm&
U<)[\t
UVVVWX
V4*0"=ZA
vBFnC#
=$V#HQ&\s
VirtualAlloc
VirtualFree
vjBI\B
V\WIULW% 
\V$z Y
w7&? p
w9)Qk(
waMr<*
wci:cn
+W@-/H
whE_A^
W(P;b4p
WQ:mJ`
WX3~Xx
.X|1JD}"
,_X&6S
!xa^ZTpR
)XD(&K
Xn^`P@b
XT2(f:
[$#XXC7
}\yDpl
y\\>@E
Y/h]s$G4
?YNJux%y
YU4l,%
$Y_U@Ha$
Yuu"sU
YY%	>.UWj
z0=3N4XL
ZK]70Hit
ZP-@4"
*ZRJ@}
Zrru3c
Z^_Y[]