Analysis Date2013-10-26 07:42:05
MD5fb676007e93a46a1525fd18452ed4f35
SHA1f3c39039505754ea1d047e5c2f84bca2cb6ee0ed

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
SectionUPX0 md5: d41d8cd98f00b204e9800998ecf8427e sha1: da39a3ee5e6b4b0d3255bfef95601890afd80709 size: 0
SectionUpX2 md5: f488622fba4553dbd8a6daa94e6b4125 sha1: 3c2aedc0b4ff51008ed5ea62fb932f6c7b665d4f size: 10752
Section.rsrc md5: e7568447382cd11f1f8389b0e1ffcf21 sha1: e241c513ef7402c27af0185f60a4fb606be365a7 size: 6144
Timestamp2013-10-02 22:40:41
VersionInternalName: oilkiukjjhjiyuhjbnhuhiu
FileVersion: oilkiukjjhjiyuhjbnhuhiu
CompanyName: oilkiukjjhjiyuhjbnhuhiu
ProductName: oilkiukjjhjiyuhjbnhuhiu
ProductVersion: oilkiukjjhjiyuhjbnhuhiu
FileDescription: oilkiukjjhjiyuhjbnhuhiu
OriginalFilename: oilkiukjjhjiyuhjbnhuhiu
PackerUPX -> www.upx.sourceforge.net
PEhashda37bd816a9e5101b839856051261212d8271b23
AVaviraTR/Kryptik.32768.52
AVavgPSW.Generic12.FCP

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates Processc:\malware.exe

Process
↳ c:\malware.exe

Network Details:


Raw Pcap

Strings
046504b0
CompanyName
FileDescription
FileVersion
InternalName
oilkiukjjhjiyuhjbnhuhiu
OriginalFilename
ProductName
ProductVersion
StringFileInfo
Translation
VarFileInfo
VS_VERSION_INFO
0)`^J5T
2l*%;_~
3DRlr1
+*8[Dz|
8/%SF~p
`8^}`y
9l$\w_
:(a9HUBf\
!Aiy		r7
b^=AU]
B>.Gd@e
*bKPEC
C07zgD
"CdS]Am	
CoUninitialize
dA"AFT1 z
dC<(ese
.)D$H)
D$t+D$\
D$t#D$h
ExitProcess
fd+}VU
f&Gh1)Pewda
FillRect
GDI32.DLL
GetDIBits
GetProcAddress
GTWI`XR4
+hc<1T
i)T sS#
]J]ghf
.JTlDv])
]jU7l*
%j@y8f
kc,'XKa
KERNEL32.DLL
l76O&X
LoadLibraryA
loq]hy*
m@3bT4|
memset
@m	SAV&' a
MSVCRT.dll
$$My\-
[MYH3/0
nsu3E'
OLE32.DLL
pn~5swNJ
'[PQJG
Qzu\\t
rEW,yG@
RjARp&
 run in DOS mode.
s`)L$4
S.ZE(UsvD
T5/&[3
!This program cannot 
Tk-8j9"
)tp){b
t$t#t$l
}tyfAS
@upbLs
USER32.DLL
V|)'Hn
VirtualAlloc
VirtualFree
VirtualProtect
WeEDHgNe
WeEDHgNe````````````
WeEDHgNe25XUUQOQTXVQQTTTPPSVWWTXQOOQTVQQXROOPUTVPOWUPWPPXQWeEDHgNe
XPTPSW
zZxYo'