Analysis Date2013-10-11 20:33:19
MD5f6d4f7e181ad23dbfcae087845f3dcc3
SHA1fbcdfc663d8e3514b47840b28e271ebc74a60ce0

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 6861d582ece82091d053d38285ae921d sha1: baf3b7d7dcef9118148fec7baf84b94eefef34ab size: 29184
Section.rsrc md5: 0d8ad2e06c6308c5d7d67adf610dc2e6 sha1: 3dbf69604d54260e6e873c66f7c6a129f60d5d33 size: 171520
Section.reloc md5: 5401926f7dd28b87a5e5d4e9086cf714 sha1: 60d9dda8be660cf3051bf7cc06e26d21617c2527 size: 1024
Section.rdata md5: 55b4229f20f69e802df1f2bc5bc107f4 sha1: df6e78a09bee528edeb5aaeba40d7bccc5b3c8ab size: 8704
Timestamp2005-03-30 19:51:13
VersionLegalCopyright: Voleter it(c) © 2012
InternalName: vmyzm
FileVersion: a 7 RC113.63610013.385
CompanyName: Voleter it(c)
ProductName: Voleter it(c)
ProductVersion: 4130.6504 RelC
FileDescription: Voleter it(c)
OriginalFilename: vmyzm.exe
PEhashc2d73da6bb9284b16d167d480213e10571f14ec1
AVaviraTR/Crypt.Xpack.14018
AVavgCrypt2.BJMH

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates FileGoogleUpdate.exe
Creates FilePIPE\lsarpc
Creates File@
Creates File\Device\Afd\Endpoint
Creates ProcessC:\WINDOWS\system32\cmd.exe

Process
↳ C:\WINDOWS\system32\cmd.exe

Network Details:

DNSj.maxmind.com
Type: A
Flows UDP192.168.1.1:1031 ➝ 8.8.8.8:53
Flows UDP192.168.1.1:1032 ➝ 85.114.128.127:53
Flows UDP192.168.1.1:1033 ➝ 85.114.128.127:53
Flows UDP192.168.1.1:1034 ➝ 85.114.128.127:53
Flows UDP192.168.1.1:1035 ➝ 85.114.128.127:53
Flows UDP192.168.1.1:1036 ➝ 85.114.128.127:53
Flows UDP192.168.1.1:1037 ➝ 85.114.128.127:53
Flows UDP192.168.1.1:1038 ➝ 85.114.128.127:53
Flows UDP192.168.1.1:1039 ➝ 85.114.128.127:53
Flows UDP192.168.1.1:1040 ➝ 85.114.128.127:53

Raw Pcap

Strings
040904b0
 2012
4130.6504 RelC
a 7 RC113.63610013.385
Bludert
CompanyName
FileDescription
FileVersion
InternalName
LegalCopyright
OriginalFilename
ProductName
ProductVersion
StringFileInfo
Translation
VarFileInfo
vmyzm
vmyzm.exe
Voleter it(c)
Voleter it(c) 
VS_VERSION_INFO
010I0Z0d0|0
;0>7ll
0B{E`E]-
0:\N.5
=0=>=Z=h=u=
1#101=1
.1J=BgN
1qxpIQE_y
1>S(2Kwg
&{1u;sb
2<4kCG
.26~e&
29XLGF
2;Ai;k!
2}$"DJF
2r(jkW 
2~x4_f
)	3LA},
=+44hq
@	4r@!
+4SH~m
>5>\>f>
(5f`:&F
5fx5+X
5j*5|:
/5so|D
]	5"T|:u
6'd/d/
6O{M_S@1w
\+\7XyIX%
8ex-I7
8Wb	4u.
9#3`rw
}9di18
9g=ssf
9@\nxJ
AdjustWindowRectEx
advapi32.dll
AF"z=A
Ag!X%d
#%=AjB
AllowForegroundActivation
at?'9/
AttachThreadInput
*aYh:V?
BeginOrcktwoba
BeginPaint
}bQq@!
Br'2+Q
Brnwncafiv
'_B;~u
B^[ZY]U
&c~>"<
]C*4OmK@
@c(h1/
;C~h6a
ChangeDisplaySettingsExA
CharToOemA
ChildWindowFromPoint
ChildWindowFromPointEx
	'CiIB~
CKPt~_
ClearCommError
ClipCursor
CloseClipboard
CloseDesktop
CloseHandle
cm^BJk
CommConfigDialogA
CompareStringA
CopyFileA
CreateAcceleratorTableA
CreateDialogParamA
CreateIconFromResource
CreateIconIndirect
CreateLpqiglea
CreateMutexA
CreateSemaphoreA
CreateWaitableTimerA
CreateWindowStationA
CredReadDomainCredentialsA
C? YfM
Cy`Sf&
d3d8.dll
d3d8thk.dll
DefFrameProcA
DefWindowProcA
DeleteAtom
DeleteTimerQueueTimer
DF	g{sYI
Direct3DCreate8
DirectPlay8Create
DisconnectNamedPipe
DrawAnimatedRects
DTC/qe
d.tv;#S
DuplicateConsoleHandle
%E-'1<tc^
	.^E5>&
E9B5 '
~e9*;l
ELr)xLo
EnableMenuItem
EndDialog
EndUpdateResourceA
EnumDesktopWindows
~E@UtC
>.!)\Ev
eW.98DT!
ExitWindowsEx
ExpandEnvironmentStringsA
Ey}U)5
f5#67"`p
>F/6,m}{
FindAtomA
FindFirstChangeNotificationA
FindNextFileA
FindResourceExA
FlushFileBuffers
FOAPQ\
<*<F<p<
FreeLibrary
(!`fWX
fZM\XIX
G0	;z6
GetAltTabInfo
GetAppCompatFlags2
GetClassInfoExW
GetClipboardOwner
GetCommandLineA
GetComPlusPackageInstallStatus
GetCompressedFileSizeA
GetComputerNameA
GetComputerNameExA
GetConsoleCursorInfo
GetConsoleInputWaitHandle
GetConsoleOutputCP
GetCPInfo
GetCurrentConsoleFont
GetCurrentThread
GetCursorFrameInfo
GetCursorPos
GetDCEx
GetDefaultCommConfigA
GetDevicePowerState
GetDiskFreeSpaceA
GetDiskFreeSpaceExA
GetDoubleClickTime
GetExitCodeProcess
GetFileAttributesA
GetFileAttributesExA
GetFileInformationByHandle
GetFullPathNameA
GetInternalWindowPos
GetKeyboardLayout
GetKeyState
GetLastError
GetLocaleInfoA
GetLocalTime
GetLogicalDriveStringsA
GetMenuInfo
GetMenuState
GetModuleFileNameA
GetModuleHandleA
GetNumberOfConsoleFonts
GetPriorityClipboardFormat
GetPrivateProfileSectionA
GetPrivateProfileSectionNamesW
GetProcessHeaps
GetProcessTimes
GetProcessWorkingSetSize
GetProfileIntA
GetRawInputData
GetStdHandle
GetStringTypeA
GetSysColor
GetSystemRegistryQuota
GetSystemTimeAdjustment
GetSystemWindowsDirectoryA
GetTempFileNameA
GetThreadLocale
GetThreadPriorityBoost
GetThreadSelectorEntry
GetThreadTimes
GetTickCount
GetUserObjectInformationA
GetVolumePathNameA
GetWindowDC
GetWindowRect
GetWindowRgnBox
GetWindowTextLengthW
^,'gIM}
>g?\is_mv
glFogfv
GlobalAddAtomA
GlobalMemoryStatus
GlobalSize
GlobalUnfix
%[G S*
g{Y)F8
hc#G\(
Heap32ListNext
HeapAlloc
HeapCreate
HeapDestroy
HeapUnlock
>-hF6;>s
#HhkN(
HiliteMenuItem
*`^#hP
HsX2Q+*RRi
H\T!%z
{hXR>H
I~5uU9e
=i95Y=
Iddrovnxg
^Ig7cN.
i?kpGm
InflateRect
IsBadCodePtr
IsBadHugeWritePtr
IsBadStringPtrA
IsGUIThread
IsSystemResumeAutomatic
IsWindowEnabled
IsWindowInDestroy
IsWindowUnicode
JMa+:S
jNM(Ng
J=S+pnH
K8}ANMm
kernel32
KERNEL32
&kernel32.dll
kernel32.dll
KERNEL32.DLL
KillTimer
kZ?t,Z
^legfu
;L;F6b
&"|LgX
+LIP`b1
Ll8aSS
LoadCursorFromFileA
LoadIconA
LoadImageA
LoadMenuIndirectW
LocalSize
LocalUnlock
LockWindowStation
LockWindowUpdate
 */Lr[
lstrcmp
lstrcmpA
Lv h(Vzn7
_lwrite
LZCloseFile
LZOpenFileA
',//m=
M<1s>^
^+,M6d
^MA$7-
MapUserPhysicalPagesScatter
md\wa=x
MessageBoxTimeoutW
Module32First
MoveFileExA
MR4B\{
$mS|h-
N0occ)3
N}6a=n
NEoL7a
(NKA(|
n]rW]`
nswm=/
,odqQ*
OemToCharBuffA
\oivS6M
On2LB	
OPENGL32.dll
OpenJobObjectA
OpenProcess
OpenSemaphoreA
OpenThread
OsThunkD3dContextCreate
OU7mR7
!&O(WT
	pd.-W
PE/76<
PeekMessageA
 pGclk
Pgncprpnj
P;'H.]
Pp!dZB
PPEql"B3O
Process32Next
prP9.dzD
Ps&}	P
P/u7K8
pxM:D$U
PznF\f
Q+4CcN
Q 7~xy*	oL
q!a}Lq
q-mx#]di8
<(}qP	
QueryMemoryResourceNotification
QuerySendMessage
R<`0)Sn
.rdata 
reA*7mrM
ReadConsoleA
ReadConsoleOutputAttribute
RedrawWindow
RegisterClipboardFormatW
RegisterDeviceNotificationA
RegisterLogonProcess
RegisterUserApiHook
'Regro
.reloc 
ReplaceFileA
@%{rl&
rmU074
Rpf\.e
r$*+ps
@rr~`v
~RS9`$H
`.rsrc 
rVhl.,
ScrollWindowEx
SendMessageCallbackA
SendMessageTimeoutA
SetCapture
SetCaretPos
SetClipboardViewer
SetCommMask
SetCommState
SetComputerNameA
SetConsoleCP
SetConsoleCursorPosition
SetConsoleIcon
SetConsoleMode
SetConsoleOutputCP
SetConsolePalette
SetCurrentDirectoryA
SetDoubleClickTime
SetEndOfFile
SetEvent
SetFilePointerEx
SetFileShortNameA
SetFileTime
SetFirmwareEnvironmentVariableA
SetHandleInformation
SetInformationJobObject
SetLocalPrimaryComputerNameA
SetLocalTime
SetMenuInfo
SetMenuItemInfoA
SetMessageExtraInfo
SetTapeParameters
SetThreadContext
SetThreadDesktop
SetTimeZoneInformation
SetVolumeLabelA
SetWindowRgn
SetWindowsHookExA
ShowCaret
ShowWindowAsync
SleepEx
Taxlphxt
TB$ ]r}
TerminateThread
.text 
T|< FO
	&t/GC
!This program cannot be run in DOS mode.
TileChildWindows
#tmQeW
ToUnicodeEx
Tp}S!o'yR
TranslateAcceleratorA
TranslateMessageEx
tV]`;s
>/tXPA
u7AbI8
:_u$Aw
~u}:Is
UJ?&_e
UnhookWindowsHook
UnionRect
UnregisterClassA
UnregisterDeviceNotification
UnregisterUserApiHook
UODMee:`
UpdateWindow
user32.dll
uXWn69}
V`4f3cw
VCOzTka
Vd8ZK1%
VirtualAllocEx
v^MA]}
V~{oHO*o%q
 v)q:6L
+VY}*cD
w600*z
W>!7f_
|w8G;Y
WaitForMultipleObjects
WaitNamedPipeA
WbMcDn
WC|2{u
W`E:3P
WG_t.\
WiTQaL
Wm9\+;
.wO gLq
WriteConsoleInputA
WriteConsoleOutputAttribute
WriteConsoleOutputCharacterA
WriteFile
WriteFileEx
WritePrivateProfileSectionA
WriteProcessMemory
WriteProfileSectionA
WriteProfileStringA
Wty#a]
w\-U#h
;?x`-?
x%$_5N
xbbed.exe/
XFSCC%
X:H!U5
XkIH]B
}xOZA/
(^x:{)u
xvb]#W%w
xVPnvBB
Y'"_3,:
Y(<5u]
+!YL^>
@yR/_m
Ytt&J]M
'yW/bFA+`
]yXye)=&
yZdXW~'u
z;0$uF
Z@9kD}
zD,uE.
Zk=&.!
,.z]p?Ve9
zqdWB )
";z]Yb