Analysis Date2013-09-19 16:02:20
MD5b8d40aed6f3290ac3b640dab2da6e9a3
SHA1fb3a78f1b8fff7a68ac56a749f7919055d9c81ba

Static Details:

File typePE32 executable for MS Windows (console) Intel 80386 32-bit
Section.text md5: 5c58f67422897f8bae55ac4bc31ee411 sha1: f16db7ebf9a3bf9b7f18efde2610df5653c1dbdf size: 12288
Section.rdata md5: 065b864afd76747d5953f780f8d64236 sha1: aec94488c0981cc051e02511e2ec82c72f34e425 size: 4096
Section.data md5: cd3f75ef5a4e71ac805fb0f5e55a4653 sha1: 670905fd23541ac01794b0ac3f36724915c2a1a8 size: 4096
Section.rsrc md5: 68c617ac9561a5a608794ba231a72b6c sha1: 81a72dfa906beec00e5365da704a1530ff0a4f32 size: 40960
Timestamp2004-12-10 01:35:16
PackerMicrosoft Visual C++ 5.0
PEhashece7ff8a68e1a858ba01616de832f44cf1aa5ffe
AVavgWin32/Tufik.A
AVaviraWORM/Rbot.Gen

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Network Details:


Raw Pcap

Strings
%02X:O
0lo.W,
0>mj #
1V}B5}B7
1;Vs[d@
?1*[WP,
1.xls"
2460E=$
2WPh{~
&32.d1+7
36&0r|#
3 C7onfdb
)4AAST
%-60s: %s
6789+/
6~D@s{R
(7 not
8HbLd<"P
8I/,ao
9D>b/gy
9O?j*c
ABCDEFGH
add explicit instances to list
_adjust_fdiv
ADVAPI32.dll
AG B\k
a MPRN
AVsdh.e{B
bcdefghi
:blaHc!x
blank list, we'll add instance id's by hand
BRESFT) 
B{X/EW
C0*47Ct!8
C~3Ro8
CharNextA
_chdir
CloseHandle
CMNn)2A
Cn>bF<cB*g
_controlfp
Could not open uninstaller ini file!
Cp*t8C`!x
c="QL*
CreateFileA
__CxxFrameHandler
d3?T7>
D$4h<U@
dArC9PL4R
@.data
\d@b`1D
de|H2he
DeleteFileA
Device Not Found
D$H_^][d
__dllonexit
.DLs5N&
 Do you want to remove the shared Driver Files?
 Do you want to restart your computer now?
Do you want to restart your computer now?
DriverDesc
DsV)PI
)Ei	r4
;!EiU$*
Error: This Program only runs under Windows 98 and ME.
_except_handler3
ExitWindowsEx
FindWindowA
FTC"5an
FT;M|U
g3$HhqHShrd
gA&FV!C
GetLastError
__getmainargs
GetProcAddress
GetSystemDirectoryA
GetVersionExA
GetWindowsDirectoryA
Got nothing filtering on the class
"]H#2W6D%Y 
h$,62p
HE_P]S~
+#hX3>
^hXC%C
"i8n",
IJKLMNOP	QRST
iKE9RN
IlVuHp
inf\other
InfPath
InfSection
_initterm
isD0<.VB
_ismbcalpha
!J1k*J
j$h0S@
jklmnopq
KERNEL32.dll
kMDw+%
L$0PQU
L$4PQhPS@
L$4PQU3
="LHj[
L$L_^]
L$Lh,T@
LoadLibraryA
lstrcmpA
lstrcpyA
lstrlenA
_mbctolower
_mbctoupper
_mbschr
_mbscmp
_mbsicmp
_mbsnbicmp
MeQ_VPU
MessageBoxA
MFC42.DLL
&MI_00&OS_9X*
M)id"m
MKVpLZ
=Modem
MSVCRT.dll
MSyesHm37O$
}M{V|R
No explicit instances.
NoLeaveSource
Notification
$~&> <O
"o^$+#2jY
odsT3>wD
/OERL=p
OeSH\Wdd2X
_onexit
oP'ir	)z
PADPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADD
>pB?"x(
__p__commode
__p__fmode
p&H40&
__p___initenv
=Ports
p:q/<fm
printf
ProviderName
purXvi
pvwHb/
Q(0gfut
$Q+=K4Et
QV}BU}DW
R"b32d3
rB8h(*
`.rdata
ReadFile
Ready to uninstall %s Driver? 
RegCloseKey
RegDeleteKeyA
RegOpenKeyExA
RegQueryValueExA
R^E'Hy}
REngvP
RLP\aYG.<
,RQaE(
runtime 
R\z19ht
S(,9v}L_
Search All Devices Specified 
Search All; No Device Specified 
Search Class specified 
__set_app_type
SetConsoleTitleA
SetFileAttributesA
SETUPAPI.dll
SetupCloseFileQueue
SetupDiBuildDriverInfoList
SetupDiCallClassInstaller
SetupDiClassGuidsFromNameExA
SetupDiCreateDeviceInfoListExA
SetupDiDestroyDeviceInfoList
SetupDiDestroyDriverInfoList
SetupDiEnumDeviceInfo
SetupDiEnumDriverInfoA
SetupDiGetClassDevsExA
SetupDiGetDeviceInfoListDetailA
SetupDiGetDeviceInstallParamsA
SetupDiGetDeviceInstanceIdA
SetupDiGetDeviceRegistryPropertyA
SetupDiGetDriverInfoDetailA
SetupDiOpenDeviceInfoA
SetupDiOpenDevRegKey
SetupDiSetClassInstallParamsA
SetupDiSetDeviceInstallParamsA
SetupDiSetSelectedDriverA
SetupOpenFileQueue
SetupScanFileQueueA
__setusermatherr
ShowWindow
s=jr^X
slabbus.sys
slabcm95.sys
slabcmnt.sys
slabcm.sys
slabcomm.vxd
SLABCR
SLABCR\{E4768D57-352E-4495-880C-056A7CB34611}
slabcr.sys
slabser.sys
slabun.u98
slabvcd.vxd
slabvcr.vxd
slabwh95.sys
slabwhnt.sys
slabwh.sys
>sNHMX
Software\Microsoft\Windows\CurrentVersion\Uninstall
sprintf
Ssp4	l"
_strdup
<SUVWh@S@
"S$W_+>
Sy>BamT,
=System
T$4Rh8U@
t^$,8kx
T$8Rh?
t94+N|x2
?terminate@@YAXXZ
t.EVUj
\tf.T#
tg0 Qb
This is a shared driver resource. 
!This program cannot be run in DOS mode.
tNHt HuR
tProcAd
T$,@RPU
tUp=#{
tX<axK
'u,bGw
uB)sE`(a
:	UdT)
ug{h$sp`3Hf:
:uG\wCrqI	
u j$h0S@
u#j$h0S@
ULANSy
unin98
unin98.ini
Uninstaller
Uninstall Finished: Some Driver Files could not be found
Uninstall Finished: Some Driver Files could not be found /r/nYou must restart your computer before the new settings will take effect.
Uninstall Successfull. You must restart your computer before the new settings will take effect.
USER32.dll
\$@UVW3
VAprWs
_V~B}D
_VG20XN}-
VH")l3
*VID_0C88&PID_FE43*
Vn-\k)D
&^VRip
V!UJ{E
Vvx"8HP 
WL-{	;
wld.zj
x7=tBxhF5
_XcptFilter
`XYS+=d
y4cYKs
Yq7m)MF
yz012345
yZc	1mT
zLj9Y}u
ZX;`}2