Analysis Date2014-11-02 03:30:49
MD5d2df3248a2df99ef81c37e6263f3c5cd
SHA1f02c5e4df2c67aa8f678c0728839ce5da237f7a9

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
SectionCODE md5: d5855ffff15dcc376bbe941227b2650f sha1: 623878266a6d39e87a121962c3e0818ad6dcbc82 size: 43520
SectionDATA md5: a893ec37db7244095fb43c06a2097909 sha1: 61a88ffa482c35dfb719c5b3f082756aa1c0a3ad size: 1536
SectionBSS md5: d41d8cd98f00b204e9800998ecf8427e sha1: da39a3ee5e6b4b0d3255bfef95601890afd80709 size: 0
Section.idata md5: cf20dbe79d0b68e2a17d1231f0fcb612 sha1: dee2d182310fe48c8adbe331110cdb79cb918b94 size: 3072
Section.tls md5: d41d8cd98f00b204e9800998ecf8427e sha1: da39a3ee5e6b4b0d3255bfef95601890afd80709 size: 0
Section.rdata md5: 14cd4084095f4ba18ee2dc00be58135b sha1: 1d9109c580569ed48431ae828e64ee1cbbaa49c4 size: 512
Section.reloc md5: b703cd8ad96d5c7caffbca27337d5ef0 sha1: a45b859543128c571969a70f4b94d1380e13f6c1 size: 4096
Section.rsrc md5: 255a75ceabed2157c3fef019c003b296 sha1: 1dc384698f2ea7bb3ee0396b3bfbf36cc455eb14 size: 3584
Timestamp1992-06-19 22:22:17
PackerBorland Delphi v5.0 KOL
PEhashebf77bed06c4da4c2c4421e23f431ede4c2400f8
IMPhashf7b393fc676baf75581eec2d3c986530
AV360 SafeGen:Variant.Graftor.Elzob.23128
AVAd-AwareGen:Variant.Graftor.Elzob.23128
AVAlwil (avast)Delf-HBH [Trj]
AVArcabit (arcavir)no_virus
AVAuthentiumW32/NewMalware-Rootkit-I-based!
AVAvira (antivir)TR/Dldr.Delphi.Gen
AVBullGuardGen:Variant.Graftor.Elzob.23128
AVCA (E-Trust Ino)no_virus
AVCAT (quickheal)no_virus
AVClamAVno_virus
AVDr. WebTrojan.PWS.Gamania.17705
AVEmsisoftGen:Variant.Graftor.Elzob.23128
AVEset (nod32)Win32/Delf.NVJ
AVFortinetW32/Malware_fam.NB
AVFrisk (f-prot)W32/NewMalware-Rootkit-I-based!
AVF-SecureGen:Variant.Graftor.Elzob.23128
AVGrisoft (avg)PSW.OnlineGames.BPCK
AVIkarusTrojan-GameThief.Win32.WOW
AVK7Trojan-Downloader ( 0001c7291 )
AVKasperskyBackdoor.Win32.Delf.alkz
AVMalwareBytesno_virus
AVMcafeePWS-OnlineGames.fj
AVMicrosoft Security EssentialsTrojan:Win32/Trufip!rts
AVMicroWorld (escan)Gen:Variant.Graftor.Elzob.23128
AVNormanGen:Variant.Graftor.Elzob.23128
AVRisingBackdoor.Win32.Jusi.hl
AVSophosMal/Emogen-Y
AVSymantecBackdoor.Trojan
AVTrend MicroTROJ_GAMETHI.AUM
AVVirusBlokAda (vba32)TrojanPSW.WOW

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Network Details:


Raw Pcap

Strings
\
-
/////////
////
/

Abstract Error?Access violation at address %p in module '%s'. %s of address %p
Access violation
Application Error1Format '%s' invalid or incompatible with argument
April
Assertion failed
August	September
Control-C hit
December
Division by zero
DVCLAL
Exception in safecall method
External exception %x
February
File access denied
File not found
Floating point division by zero
Floating point overflow
Floating point underflow
Friday
Integer overflow Invalid floating point operation
Interface not supported
Invalid argument
Invalid class typecast0Access violation at address %p. %s of address %p
Invalid filename
Invalid numeric input
Invalid pointer operation
Invalid variant operation
Invalid variant type conversion
I/O error %d
January
jjjjjjjj
July
June
March
Monday
No argument for format '%s'"Variant method calls not supported
November
October
Out of memory
PACKAGEINFO
Privileged instruction(Exception %s in module %s at %p.
Range check error
Read
Read beyond end of file	Disk full
Saturday
!'%s' is not a valid integer value
%s%s
%s (%s, line %d)
Stack overflow
Sunday
Thursday
Too many open files
Tuesday	Wednesday
)Variant or safe array index out of bounds
Write$Error creating variant or safe array
                                                                
......
....................
$*@@@*$@@@$ *@@* $@@($*)@-$*@@$-*@@$*-@@(*$)@-*$@@*-$@@*$-@@-* $@-$ *@* $-@$ *-@$ -*@*- $@($ *)(* $)
0 0(00080@0H0P0X0`0h0p0x0
0 030D0T0}0
0,080<0@0D0H0L0P0T0b0j0r0z0
0123456789
0123456789ABCDEF
020\0e0u0}0
<%<0<5<:<G<]<d<v<{<
? ?(?0?8?@?H?P?X?`?h?p?x?
)090O0m0
='=0=;=D=K=Z=a=
#108/!
1 1$1(1,1014181<1@1D1H1L1P1T1X1\1`1d1h1l1p1t1x1|1
1!1%1)1-1115191=1A1E1I1M1
1"1*121:1B1J1R1Z1b1j1r1z1
1"1(141H1P1T1X1\1`1d1h1l1p1~1
1 1`1d1h1l1p1t1x1|1
1(1@1L1T1k1z1
1?1K1R1X1b1h1r1x1
127.0.0.1
1,2P2n2~2
#1<<<<<IDC<<<<<<<<=CQ]TS\<<<<<<<<CHsIvUri]IL<<<<QaYSYlWl<<<<<<<<<<<<<<<<<<<<trIO<mH?@iHOLqIO@mHL<<<<<<<<<<<<<<<<<<<<IoTsd<<<<<<<<<<<<<<<<<<<<<<<Au<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<bEa<<<<<<<<<<<<<<<<<<<<<<<<<r]vVL<<<<<<<<<<<<dmJOTqGo<sGo<t<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<!
;&<1<I<S<Z<_<m<r<
:1:Y:m:
2 2$2(2,2024282<2@2D2L2P2X2\2d2h2p2t2|2
2 2$2(2,20242H2h2p2t2x2|2
2$2,242<2D2L2T2\2d2l2t2|2
2>3U3]3b3!4)4.4J4 6'646B6J6y6
="=*=2=:=B=J=R=Z=b=j=w=
<2<c<r<
3$3(30343<3@3H3L3T3X3`3d3l3p3x3|3
3 3$3(3,3034383<3@3D3H3L3P3T3X3\3`3d3h3l3p3t3x3|3
3 3$3(3,3034383<3@3X3x3
3'3.3F3M3`3x3
3 383F3z3
3$3u3|3
3\4o4~4
40494k4t4
4080<0
4(4044484<4@4D4H4L4P4`4
4 4$434?4J4^4i4s4~4
4 4$4(4,4
484G4[4
:,:4:8:<:@:D:H:L:P:T:h:
;#;*;4;K;W;d;v;
535Q5k5
545<5@5D5H5L5P5T5X5\5l5
5&505:5D5N5X5b5l5v5
5#5+5O5o5
5.565W5
5-696T6
5M5h5l5p5t5x5
61778`8g8n8>9S9
636?6L6^6
6<6D6H6L6P6T6X6\6`6d6t6
6.6S6`6j6
6 7T7\7g7
:,:6:>:F:N:V:~:
<&<.<6<><F<N<V<^<f<n<v<~<
=#=(=6=;=F=X=
7/7K7m7
7,7L7T7X7\7`7d7h7l7p7t7
7!8=8J8d8n8s8y8}8
>">*>7>C>P>b>h>p>x>
808|849I9Y9}9
8$8.83898>8D8I8O8V8\8a8g8l8r8y8
8 8$8(8,808@8`8h8l8p8t8x8|8
8$9-969<9M9X9]9
8N8R8X8\8a8h8n8v8
989B9g9q9{9
9&9,949F9R9a9m9u9
9'9.989B9Y9j9w9~9
9 9$9(9,9094989<9@9D9H9L9P9T9X9\9`9d9l9w9
9 9$9(9,9094989<9P9p9x9|9
9;:G:N:X:b:t:
?9?H?V?y?
9N:f:k:w:
9Q:a;i;r;
abcdefghijklmnopqrstuvwxyz
abcdefghijklmnopqrstuvwxyz0123456789
Accept-Encoding: gzip, deflate
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, application/x-silverlight, */*
Accept-Language: zh-cn
advapi32.dll
>'>B>|>O?
ChangeServiceConfigA
CharNextA
CharToOemA
CloseHandle
CloseServiceHandle
closesocket
connect
Connection: Keep-Alive
C:\Program Files\Internet Explorer\IEXPLORE.EXE
CreateFileA
CreateProcessA
CreateThread
DeleteCriticalSection
:<:D:I:e:P;a;
;$;<;D;L;\;`;z;
EAbstractError
EAccessViolation
EAssertionFailed
	EControlC
EConvertError
EDivByZero
	EExternal
EExternalException
EHeapException
EInOutError
	EIntError
EIntfCastError
EIntOverflow
EInvalidCast
EInvalidOp
EInvalidPointer
=(>=>E>J>O>T>Y>^>c>k>u?
EMathError
EnterCriticalSection
EnumCalendarInfoA
EOutOfMemory
	EOverflow
EPrivilege
ERangeError
ESafecallException
EStackOverflow
EUnderflow
EVariantError
	Exception
ExitProcess
EZeroDivide
FindClose
FindFirstFileA
FPUMaskValue
FreeLibrary
GetACP
GetCommandLineA
GetCPInfo
GetCurrentThreadId
GetDiskFreeSpaceA
GetDiskFreeSpaceExA
GetFileSize
GetFileType
gethostbyname
gethostname
GetKeyboardType
GetLastError
GetLocaleInfoA
GetLongPathNameA
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetStartupInfoA
GetStdHandle
GetStringTypeExA
GetSystemDirectoryA
GetSystemMetrics
GetTempPathA
GetThreadLocale
GetTickCount
GetVersion
GetVersionExA
GetWindowsDirectoryA
, Host:
Host: 
Ht Ht.
</html>
http://
 HTTP/1.1
HUtil32
.idata
<(<I<l<x<
inet_addr
inet_ntoa
INFNAN
InitializeCriticalSection
InternetCloseHandle
InternetOpenA
InternetOpenUrlA
InternetReadFile
kernel32
kernel32.dll
KWindows
~KxI[)
LeaveCriticalSection
LoadLibraryExA
LoadStringA
LocalAlloc
LocalFree
lstrcpynA
lstrlenA
m/d/yy
MessageBoxA
mmmm d, yyyy
:mm:ss
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
>:>M>V>u>
:*:n:u:
oleaut32.dll
OpenSCManagerA
OpenServiceA
;'=?=P=l=
P.reloc
P.rsrc
QQQQQQSVW3
QQQQQSVW
QueryPerformanceCounter
QueryServiceStatus
RaiseException
.rdata
ReadFile
RegCloseKey
RegisterServiceCtrlHandlerA
RegOpenKeyExA
RegQueryValueExA
RtlUnwind
Runtime error     at 00000000
:/:::[:s:
select
sendto
SetEndOfFile
SetFilePointer
SetServiceStatus
*ShellAPI
socket
Software\Borland\Delphi\Locales
SOFTWARE\Borland\Delphi\RTL
Software\Borland\Locales
Software\Microsoft\Windows\CurrentVersion\AppPaths\IEXPLORE.EXE
StartServiceA
StartServiceCtrlDispatcherA
StringX
,SubHost:
svchost
SysConst
SysFreeString
SysInit
System
SysUtils
<*t"<0r=<9w9i
TCCSock
TerminateProcess
	TErrorRec
test...........
TExceptRec
This program must be run under Win32
TLoginSock
TlsGetValue
TlsSetValue
TObject
TSessionSock
udpHack:
udp test udp test udp test udp test udp test udp test udp test
UmySocket
UnhandledExceptionFilter
user32.dll
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322)
UTypes
VirtualAlloc
VirtualFree
VirtualQuery
vUCmdList
WideCharToMultiByte
window.location
Windows 3.1
Windows 95
Windows 98
Windows NT
?WinInet
wininet.dll
WinSock
WinSvc
WriteFile
WSACleanup
WSAStartup
wsock32.dll
_^[YY]
YZ]_^[
ZTUWVSPRTj