Analysis Date2013-09-09 01:54:46
MD5d3f21f58925a7a0ccc2abb59e9922ca1
SHA1fbe4b25894c1151041c7265400932606e7da6bc3

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 066515834c1d952f260edd6a9a3318f4 sha1: ee9eaa406013684d797f4d1e3555aaa852b7f807 size: 139264
Section.rdata md5: 3440d6eb55d091690271f8ad9d0d2b62 sha1: 42ab80cd1263d9da2a5a5f4a5c6da078f49dc9a8 size: 24576
Section.data md5: f36db847fbaeccad00eb388d9361a658 sha1: a72769893e5457679dc9181e9983b3a9dc8f20e6 size: 4096
Section.rsrc md5: 6ac6ba2627de5eacfd0de3d3e0ec9d6c sha1: e8c73bbb04e4b5699adf333488624e053bf7cf82 size: 12288
Timestamp2010-05-22 11:13:54
PackerMicrosoft Visual C++ v6.0
PEhash2de857015bba01d6c09420920a81734a384fe4ee
AVaviraW32/Agent.EA
AVavgDownloader.Agent.15.BN

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates FilePIPE\lsarpc
Creates File\Device\Afd\Endpoint

Network Details:

DNSleemu.8866.org
Type: A

Raw Pcap

Strings