Analysis Date2013-10-25 13:53:22
MD5f69639dadd24df6e00018aad29541962
SHA1eebd1950d96acd8eb2fe1f79b69645249b6438a3

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
SectionUPX0 md5: 9103ce5447a31c2909dc768e4a5d3458 sha1: 46c5b97be64b9388ab2f3dc74f3cab6c63f00ea6 size: 32768
SectionUpX2 md5: 89b2a8ce1bf8a20571a79ecd3c0b1461 sha1: 33b5ce358f99411985a39109947c04dffa16376e size: 10752
Section.rsrc md5: 2f5b2ab23fe52614276dbb7d2e50c222 sha1: d132c69e1b555f60b39c46268d90f908aa452bb5 size: 6656
Timestamp2013-10-02 22:40:41
VersionInternalName: oilkiukjjhjiyuhjbnhuhiu
FileVersion: oilkiukjjhjiyuhjbnhuhiu
CompanyName: oilkiukjjhjiyuhjbnhuhiu
ProductName: oilkiukjjhjiyuhjbnhuhiu
ProductVersion: oilkiukjjhjiyuhjbnhuhiu
FileDescription: oilkiukjjhjiyuhjbnhuhiu
OriginalFilename: oilkiukjjhjiyuhjbnhuhiu
PEhashbb7c73e67d914ba2df5d28cebee14edab2ea1706
AVavgPSW.Generic12.FCP
AVaviraTR/Dropper.Gen

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates Processc:\malware.exe

Process
↳ c:\malware.exe

Network Details:


Raw Pcap

Strings
046504b0
CompanyName
FileDescription
FileVersion
InternalName
oilkiukjjhjiyuhjbnhuhiu
OriginalFilename
ProductName
ProductVersion
StringFileInfo
Translation
VarFileInfo
VS_VERSION_INFO
;\$$|)
0)`^J5T
0\r%r+*
15+klu
1@bzy{
1,vC(\=
2^5VLI
3(*7,Wop
3DRlr1
6M`[ReW9
(6!Q9s5
71L/0r
\$8+\$
*~ 904
9l$\w_
aB#tK^?
aM,	>A
~ap?HL
	]b-ic
*bKPEC
C07zgD
_CIlog10
_CIpow
CloseHandle
CoUninitialize
cq4R/?
CreateBitmap
CreateCursor
CU{g@c
D8&<AY
dC<(ese
DeleteCriticalSection
DestroyAcceleratorTable
DestroyIcon
.)D$H)
D$t+D$\
D$t#D$h
DtM^]J
;\$Dux
D$ VPSj
ExitProcess
FillRect
FP4T-t
$fzfz519
GDI32.DLL
GetDeviceCaps
GetDIBits
GetModuleHandleA
GetProcAddress
GetThreadPriority
GetVersionExA
G/[Gt& 
(G%r]*aN
gwo!kcT
^H{1//
H9`8^W
HeapAlloc
HeapCreate
HeapDestroy
HeapFree
HeapReAlloc
h/*q!qr
HTl/ PX
HxiC	]
I "GW<
>JoR\N
.@JS7:
j|:sy%E
K4Jo:;
KERNEL32.DLL
#:KHs;
#k!S!U
l76O&X
l9#a>h
LeaveCriticalSection
LoadIconA
LoadLibraryA
m@3bT4|
memcpy
memmove
memset
_mJR5:
MSVCRT.dll
$$My\-
nXD.FX
o6I }>U
o91<{G
OLE32.DLL
pzPx(O
qP7@	\
%Rea4m
RemovePropA
RevokeDragDrop
RjARp&
 run in DOS mode.
SetPriorityClass
ShowCursor
s`)L$4
S,TL1g
strlen
 SXC~)$J
T5/&[3
tai)JE|
`.text
Tf/^?n
!This program cannot 
TI1\igW
&tL<&$
TlsGetValue
)tp){b
t$t#t$l
T[VUQ|	Cf
U[D-ac
UnregisterClassA
@upbLs
USER32.DLL
V|)'Hn
VirtualAlloc
VirtualFree
VirtualProtect
vw'LwU
wB+n:balS
WeEDHgNe
WeEDHgNe````````````
WeEDHgNe25XUUQOQTXVQQTTTPPSVWWTXQOOQTVQQXROOPUTVPOWUPWPPXQWeEDHgNe
w=eev#2
WideCharToMultiByte
xb?h%B
x#Eb0?
\$XK;\$$
xoCWT%
XPTPSW
XR0czp
-Xrve	U}
y'e/J<
yq@y7qbP
yX V7"R
ZEM,e2