Analysis Date2013-07-23 20:17:20
MD500377ab5fd5e6bf3bdacec9271bb0c30
SHA1edce1b87a5d67aab30c3cd0745c6bdcce4b6d060

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 185492ee589e45ae90dbacfd422ca514 sha1: 83e3763aa23a6c41f6aeb7b19729b1287ec5808a size: 7168
Section.data md5: 8a68889dc871001edc29264038deab9d sha1: bb33081edd5432908de82ff994b709bc66aad7b4 size: 12288
Section.bss md5: a54482415d063d90b3d0f88d54ce5c69 sha1: c15b2c5acfc6436820d65d8841c99badfb3dad35 size: 48128
Section.idata md5: 637b403457bdf33f18752ec51c90afe1 sha1: 53278ebe427ad41bbd2331fab9e67e537cefb8c9 size: 4096
Section.rsrc md5: 11aabfb9df67d859852fe278f7b408cf sha1: c57e7b09e865394e3c5dbe04280d9915119aa6aa size: 4096
Timestamp2009-02-08 03:10:36
VersionLegalCopyright: Copyright © 2010 cW PC Tools. E All rights reserved. lV
InternalName: fmag3Do.exe
FileVersion: 7.0.0.61
CompanyName: videosoft
LegalTrademarks:
Comments:
ProductName: X 4P
ProductVersion: 7.0.0.61
FileDescription: JVideo Component0
OriginalFilename: fmag3Do.exe
PEhash65193a774f60f36b2d9586644f5a6c302dceb340

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\\\x03\1806 ➝
NULL
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass ➝
1
Creates FilePIPE\wkssvc
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\Ogf..bat
Creates FileC:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat
Creates FileC:\Documents and Settings\Administrator\Cookies\index.dat
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat
Creates Process"C:\WINDOWS\system32\cmd.exe" /q /c "C:\Documents and Settings\Administrator\Local Settings\Temp\Ogf..bat" > nul 2> nul
Creates Mutexc:!documents and settings!administrator!local settings!history!history.ie5!
Creates MutexWininetConnectionMutex
Creates Mutexc:!documents and settings!administrator!cookies!
Creates Mutexc:!documents and settings!administrator!local settings!temporary internet files!content.ie5!

Process
↳ "C:\WINDOWS\system32\cmd.exe" /q /c "C:\Documents and Settings\Administrator\Local Settings\Temp\Ogf..bat" > nul 2> nul

Creates Filenul
Deletes FileC:\malware.exe
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temp\Ogf..bat

Network Details:

DNSrepubblica.it
Type: A
213.92.16.101
DNSseesaa.net
Type: A
59.106.28.139
DNSseesaa.net
Type: A
59.106.98.139
DNSyelp.com
Type: A
198.51.132.160
DNSyelp.com
Type: A
198.51.132.60
DNSflashz.in
Type: A
DNSwebdatum.in
Type: A

Raw Pcap

Strings