Analysis Date2013-08-23 00:55:31
MD50916a2443b894b0bc4e03529981df7c3
SHA1faffe6f61ccea1c09ad44866fb3eb5334e09d5db

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: c1a078bacb0836f4d5f7364f5b771814 sha1: aed7cc94e4dcd0f05b38f3af3dd8a3a0adfb2dfe size: 19968
Section.data md5: 7034900b0429ee1622909eac3e3da787 sha1: 2551076dd52cb963192540157b29e1e1311fbc25 size: 1024
Section.rsrc md5: 5dab154702cec8fabe10a72b966679e4 sha1: 6d71a5377f22d9ef574acc1c97934cd47755298f size: 29696
SectionXOR md5: ea1822c887ae2a40c0621eb109e9d2fe sha1: 783a1dad2c014d27cbe35479a5beee7169034a37 size: 2048
Timestamp2001-08-17 20:57:13
Pdb pathdb
VersionLegalCopyright: © Microsoft Corporation. All rights reserved.
InternalName: W95UPG
FileVersion: 5.1.2600.0 (xpclient.010817-1148)
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
ProductVersion: 5.1.2600.0
FileDescription: Win95-to-WinNT Migration Dll, Win95 Side
OriginalFilename: W95UPG.DLL
PEhash042a511124af36ae4b6728ca0051de4f4a937e55
AVmsseVirus:Win32/Valla.2048
AVavgWin32/Valla.2048
AVclamavW32.Xorala

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates Filecalc.exe
Creates FileC:\WINDOWS\system32\rasdial.exe
Creates FileC:\WINDOWS\system32\dfrgntfs.exe
Creates FileC:\WINDOWS\system32\reset.exe
Creates FileC:\WINDOWS\system32\autoconv.exe
Creates FileC:\WINDOWS\system32\atmadm.exe
Creates FileC:\WINDOWS\system32\systeminfo.exe
Creates FileC:\WINDOWS\system32\msiexec.exe
Creates FileC:\WINDOWS\system32\taskmgr.exe
Creates FileC:\WINDOWS\system32\debug.exe
Creates FileC:\WINDOWS\system32\grpconv.exe
Creates FileC:\WINDOWS\system32\ctfmon.exe
Creates FileC:\WINDOWS\system32\bootok.exe
Creates FileC:\WINDOWS\system32\diskpart.exe
Creates FileC:\WINDOWS\system32\rtcshare.exe
Creates FileC:\WINDOWS\system32\dcomcnfg.exe
Creates FileC:\WINDOWS\system32\conime.exe
Creates FileC:\WINDOWS\system32\net1.exe
Creates FileC:\WINDOWS\system32\driverquery.exe
Creates FileC:\WINDOWS\system32\qappsrv.exe
Creates FileC:\WINDOWS\system32\actmovie.exe
Creates FileC:\WINDOWS\system32\ddeshare.exe
Creates FileC:\WINDOWS\system32\doskey.exe
Creates FileC:\WINDOWS\system32\accwiz.exe
Creates FileC:\WINDOWS\system32\lodctr.exe
Creates Filebootok.exe
Creates FileC:\WINDOWS\system32\wiaacmgr.exe
Creates FileC:\WINDOWS\system32\ipv6.exe
Creates FileC:\WINDOWS\system32\cipher.exe
Creates FileC:\WINDOWS\system32\cmd.exe
Creates FileC:\WINDOWS\system32\tlntsvr.exe
Creates FileC:\WINDOWS\system32\sethc.exe
Creates FileC:\WINDOWS\system32\mplay32.exe
Creates FileC:\WINDOWS\system32\sysedit.exe
Creates FileC:\WINDOWS\system32\nwscript.exe
Creates FileC:\WINDOWS\system32\at.exe
Creates FileC:\WINDOWS\system32\sprestrt.exe
Creates FileC:\WINDOWS\system32\dplaysvr.exe
Creates FileC:\WINDOWS\system32\proquota.exe
Creates FileC:\WINDOWS\system32\attrib.exe
Creates FileC:\WINDOWS\system32\fc.exe
Creates FileC:\WINDOWS\system32\sort.exe
Creates FileC:\WINDOWS\system32\msg.exe
Creates FileC:\WINDOWS\system32\nbtstat.exe
Creates FileC:\WINDOWS\system32\convert.exe
Creates FileC:\WINDOWS\system32\replace.exe
Creates FileC:\WINDOWS\system32\rsvp.exe
Creates FileC:\WINDOWS\system32\nslookup.exe
Creates FileC:\WINDOWS\system32\logagent.exe
Creates FileC:\WINDOWS\system32\relog.exe
Creates FileC:\WINDOWS\system32\odbcconf.exe
Creates FileC:\WINDOWS\system32\ping.exe
Creates FileC:\WINDOWS\system32\rsm.exe
Creates FileC:\WINDOWS\system32\wbem\unsecapp.exe
Creates FileC:\WINDOWS\system32\logoff.exe
Creates FileC:\WINDOWS\system32\pathping.exe
Creates FileC:\WINDOWS\system32\runas.exe
Creates FileC:\WINDOWS\system32\exe2bin.exe
Creates FileC:\WINDOWS\system32\label.exe
Creates FileC:\WINDOWS\system32\wbem\winmgmt.exe
Creates FileC:\WINDOWS\system32\esentutl.exe
Creates FileC:\WINDOWS\system32\cleanmgr.exe
Creates FileC:\WINDOWS\system32\stimon.exe
Creates FileC:\WINDOWS\system32\ntvdm.exe
Creates FileC:\WINDOWS\system32\comp.exe
Creates FileC:\WINDOWS\system32\charmap.exe
Creates FileC:\WINDOWS\system32\unlodctr.exe
Creates FileC:\WINDOWS\system32\schtasks.exe
Creates FileC:\WINDOWS\system32\ups.exe
Creates FileC:\WINDOWS\system32\wextract.exe
Creates FileC:\WINDOWS\system32\chkntfs.exe
Creates FileC:\WINDOWS\system32\wupdmgr.exe
Creates FileC:\WINDOWS\system32\expand.exe
Creates FileC:\WINDOWS\system32\arp.exe
Creates FileC:\WINDOWS\system32\cmmon32.exe
Creates FileC:\WINDOWS\system32\tasklist.exe
Creates FileC:\WINDOWS\system32\tscon.exe
Creates FileC:\WINDOWS\system32\ntbackup.exe
Creates FileC:\WINDOWS\system32\hostname.exe
Creates FileC:\WINDOWS\system32\cscript.exe
Creates FileC:\WINDOWS\system32\rundll32.exe
Creates FileC:\WINDOWS\system32\regedt32.exe
Creates FileC:\WINDOWS\system32\wbem\wbemtest.exe
Creates FileC:\WINDOWS\system32\ie4uinit.exe
Creates FileC:\WINDOWS\system32\print.exe
Creates FileC:\WINDOWS\system32\routemon.exe
Creates FileC:\WINDOWS\system32\wbem\scrcons.exe
Creates FileC:\WINDOWS\system32\napstat.exe
Creates FileC:\WINDOWS\system32\dpvsetup.exe
Creates Fileatmadm.exe
Creates FileC:\WINDOWS\system32\sfc.exe
Creates FileC:\WINDOWS\system32\dumprep.exe
Creates FileC:\WINDOWS\system32\spider.exe
Creates FileC:\WINDOWS\system32\rsmui.exe
Creates FileC:\WINDOWS\system32\tskill.exe
Creates FileC:\WINDOWS\system32\tcmsetup.exe
Creates FileC:\WINDOWS\system32\imapi.exe
Creates FileC:\WINDOWS\system32\vssadmin.exe
Creates FileC:\WINDOWS\system32\shrpubw.exe
Creates FileC:\WINDOWS\system32\setupn.exe
Creates FileC:\WINDOWS\system32\netsh.exe
Creates Fileasr_pfu.exe
Creates FileC:\WINDOWS\system32\vssvc.exe
Creates FileC:\WINDOWS\system32\append.exe
Creates FileC:\WINDOWS\system32\wowexec.exe
Creates FileC:\WINDOWS\system32\openfiles.exe
Creates FileC:\WINDOWS\system32\tftp.exe
Creates FileC:\WINDOWS\system32\odbcad32.exe
Creates FileC:\WINDOWS\system32\locator.exe
Creates FileC:\WINDOWS\system32\extrac32.exe
Creates FileC:\WINDOWS\system32\rasautou.exe
Creates FileC:\WINDOWS\system32\setup.exe
Creates FileC:\WINDOWS\system32\sol.exe

Process
↳ C:\WINDOWS\system32\rundll32.exe

RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Desktop\CleanupWiz\Last used time ➝
NULL
Creates FilePIPE\srvsvc
Creates FilePIPE\wkssvc
Creates FilePIPE\lsarpc
Creates MutexDesktopCleanupMutex

Network Details:


Raw Pcap

Strings