Analysis Date2014-07-30 03:24:10
MD5c4021a9cce8e88594644f25f00f2709c
SHA1fbf444c509525806635302276f110918da0b3209

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
SectionUPX0 md5: d41d8cd98f00b204e9800998ecf8427e sha1: da39a3ee5e6b4b0d3255bfef95601890afd80709 size: 0
SectionUPX1 md5: 406f5868c63aa78a4f6f2578764740af sha1: a3a88edb8842425e43ed21026e9f072146c7b468 size: 60416
Section.rsrc md5: 3ae1348e29e86ca5afea48fad1b67e56 sha1: 3c7f934777520bc74f9cf16e57fc0579219f9511 size: 1024
Timestamp1992-06-19 22:22:17
PackerUPX -> www.upx.sourceforge.net
PEhash301df4b2f0803e9a9f1acb39fd82409488cf1e3e
IMPhash359d89624a26d1e756c3e9d6782d6eb0
AV360 SafeWorm.Win32.Picsys.A
AVAd-AwareWin32.Worm.P2p.Picsys.C
AVAlwil (avast)Picsys-C@UPX [Wrm]
AVArcabit (arcavir)Sixer.127
AVAuthentiumW32/Picsys.PYSN-0191
AVAvira (antivir)DR/Delphi.Gen
AVCA (E-Trust Ino)Win32/Picsys.C
AVCAT (quickheal)no_virus
AVClamAVWin.Worm.Picsys
AVDr. WebWin32.HLLW.Morpheus.3
AVEmsisoftWin32.Worm.P2p.Picsys.C
AVEset (nod32)Win32/Picsys.C worm
AVFortinetW32/Picsys.B!worm.p2p
AVFrisk (f-prot)W32/Picsys (exact)
AVF-SecureWin32.Worm.P2p.Picsys.C
AVGrisoft (avg)Worm/Generic2.BEDH
AVIkarusP2P-Worm.Win32.Picsys
AVK7Trojan ( 0000601c1 )
AVKasperskyTrojan.Win32.Generic:P2P-Worm.Win32.Picsys.c
AVMalwareBytesWorm.P2P.NKI
AVMcafeeW32/Picsys.worm.c
AVMicrosoft Security Essentialsno_virus
AVMicroWorld (escan)Win32.Worm.P2p.Picsys.C
AVNormanwin32legacy/Yoof.C
AVRisingWorm.Picsy!4CFF
AVSophosW32/Picsys-C
AVSymantecW32.HLLW.Yoof
AVTrend MicroWORM_SPYBOT.PA
AVVirusBlokAda (vba32)Worm.Picsys

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Version ➝
131
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\winxcfg.exe ➝
C:\WINDOWS\system32\winxcfg.exe\\x00
Creates FileC:\WINDOWS\system32\macromd\Grand theft auto 3 CD1 crack.exe
Creates FileC:\WINDOWS\system32\macromd\Choke on cum (sodomy, rape).mpg.exe
Creates FileC:\WINDOWS\system32\macromd\babes with an assortment of delicious big juggs.mpg.pif
Creates FileC:\WINDOWS\system32\macromd\gangbang tryout with young slut and two studs.mpg.pif
Creates FileC:\WINDOWS\system32\macromd\Harry Potter and the sorcerors stone.divx.exe
Creates FileC:\WINDOWS\system32\macromd\fat grannies action.mpg.pif
Creates FileC:\WINDOWS\system32\macromd\cute girl giving head.exe
Creates FileC:\WINDOWS\system32\macromd\aimhacker.exe
Creates FileC:\WINDOWS\system32\macromd\slutty cum babes sharing a dick.mpg.pif
Creates FileC:\WINDOWS\system32\macromd\two teen lesbians with dildo having fun.mpg.pif
Creates FileC:\WINDOWS\system32\macromd\Pamela Anderson.exe
Creates FileC:\WINDOWS\system32\macromd\babes getting big cocks off with lips.mpg.pif
Creates FileC:\WINDOWS\system32\macromd\sexy amatures sucking whole bag.mpg.pif
Creates FileC:\WINDOWS\system32\macromd\AOL, MSN, Yahoo mail password stealer.exe
Creates FileC:\WINDOWS\system32\macromd\hot girl on the beach sucking cock and fucking guy.mpg.exe
Creates FileC:\WINDOWS\system32\macromd\CKY3 - Bam Margera World Industries Alien Workshop.exe
Creates FileC:\WINDOWS\system32\macromd\Britney spears nude.exe
Creates FileC:\WINDOWS\system32\macromd\divx pro.exe
Creates FileC:\WINDOWS\system32\macromd\kill osama bin laden game.exe
Creates FileC:\WINDOWS\system32\macromd\chicks working orgasm from dude's cock as a present.mpg.pif
Creates FileC:\WINDOWS\system32\macromd\MSN Password Hacker and Stealer.exe
Creates FileC:\WINDOWS\system32\macromd\head rooster pimping hot little tender ass chickens.mpg.pif
Creates FileC:\WINDOWS\system32\macromd\virtua girl - bailey short skirt.pif
Creates FileC:\WINDOWS\system32\macromd\two teenie boppers learning to eat pussy.mpg.pif
Creates FileC:\WINDOWS\system32\winxcfg.exe
Creates FileC:\WINDOWS\system32\macromd\cool rooster raiding hen house for hot babes, link city.mpg.pif
Creates FileC:\WINDOWS\system32\macromd\dedicated honie giving dude a helping hand and head.mpg.pif
Creates FileC:\WINDOWS\system32\macromd\cute petite amateur girl spreading her snatch.mpg.pif
Creates FileC:\WINDOWS\system32\macromd\this really wild insane groupsex.mpg.pif
Creates FileC:\WINDOWS\system32\macromd\dude getting off in lover's mouth at party.mpg.pif
Creates FileC:\WINDOWS\system32\macromd\ICQ Hackingtools.exe
Creates FileC:\WINDOWS\system32\macromd\Kama Sutra Tetris.exe
Creates FileC:\WINDOWS\system32\macromd\amateur slut with a huge gun.mpg.pif

Network Details:


Raw Pcap

Strings
.{...
xys
9
j
0p\
S.
?D
.{...
xys
9
j
0p\
S.

DVCLAL
EINF
PACKAGEINFO
	0,%d6}r$
0/tPA%
%,1342373892
13)#OL
1YhHY*
20,(Id
.!+2M 2
2y{i{It
3%K+U<^
}3!'.nikki]ova
41[N>$
45:3r98
4C=Br/
4_*ex\/Xv
4MBRb~
4MJ^n~
%4SHost*
5+jglf
5x [ss
5-\zINFN
6789ABCDEF
(6HTfi
6std55
7aP9|I
$7CPEL
_8ib[&
8t2SCn
^}%95AFz
9ZKq X'qu,
a3	emcpy5k
a7"h(9x
%aaZ/%
ad3R/!Ey
a-#d-;N*	
advapi32.dll
+;as)[
AsyncS
B02dQ@t
BP;-|WE
B$qEHeapZ
BtjlCklW
BW#f`*<s9S
=bXK-^f
%C497s
{C7yC?;3{n
cE`=W	
Cgn2W	
CharNextA
[CLS:CS
cpxBase
C()rN1y
CRT#'(
CTLOSS
C_TY.D,
cysGv}
!(^dcF
~D+!&%C	p`!cFS
+DiskFreeSpaceExA
DLG:IDD_CHO
DLLReg&:D
D oSafecal
dos*Ox
d?P!:>|
Driv-`
D<*t"<0r
dvKERNEL
@E9opy
E{a3Ex
{ear-ld webc
EDivByZero
EIn]Err[
ek>!s{
E-Of<Afx
`e=O!s.hV<
EOutOfMem
~ExC[)
}	Exceptim
ExitProcess
f+953@
fadra0
f[Buff
,FcW0v
fd(9;8[
Fe t		
fH,|,|
FILE$1772%J
f]oepoJ
$Fr'4p43d
FWhaJf
-`F$\z
GET /cgi-b/w.	d@&
GetProcAddress
Gn+!,	
Gudwhois
guPxpV
GV_J]BN][
g_WSKG
'H91OX
HB3 u4_v
h#..eYkn
HP)^@_
 HTTP/
hZ\6;{n
>I /2..2
icePro
i<DLT\
ID/X*h-,	Ek*f!l
ifUcQ6@
I:H@W[
i $SQRXNr0Jc
-i@udFr! 
j?{foA
''jje- x
".J\lM
JOn+a[
k?8Y*K
Kazaa  
K@d4xt*A
kernel32.dll
KERNEL32.DLL
-|Keybo
"@Kj@D:	$
_k/Nmu
KqMYAl
kST[PD?$
?K'U"b
>[kyr|K
L3PWD1
l4h"	#
Lbe run
LoadLibraryA
lowi8e
L];P!xu
lW_Y{l
  Lxc9 
m1G3m/
/M4vmt
mfVYJ$
mH&Ly!x)#C
Mh]Uwx
M?Poin
\mZexc'krn
N$a }+
!Nd{/z
>/neH-
NHTO5R
nJF;s|
NKYKA&Y
n/*MSN
N=]}	r
NtB]	M
} nurSVc}
o{aut?
o`^Dd4Nsao
o?/}/e
OFTWARE\Borland\Delp~\RTL
oG9|eA&
oleaut32.dll
 on cu
On?On%
oQn53TG
OS type
pb31	 ~
@Peloc
pg.exe
 p%}]hP
	=PIj2
PROG[`
program
[p].W]c
q8EW8ee
Qcales
QuJybE,
r%30fn
r7v1oh
rape).m
RC0xFF0B
rectRy
RegOpenKeyA
/-Rf;0 
rG5HB[8
rInverflow4Tc
}rpath
>rpc!nf
'%s'1.#r.(
s4po=0
Sargu(s_02EA
Setup8,
 [  (Siz
Slay stl
spH_f>
ssNaC^
STls8[
StringX
syBUCW3
SysFreeString
SysU"ls
,t1>|d
t#"!1J
|t>6in
This program must be run under Win32
TObject
Ty	UsX
 U/a@$
uF-i/a
;u!<guy
 $UL2 (e
ul_port
U.S.))
user32.dll
us vic
	u+u!9
v: 1.31
v*B?42/tc
VC20XC0
vtl@wi
v).w U
^~v$\zr
([Website2L
weehay8`aM
WGetLongPathNameA
?Win32
 Ws.R^
+`W`W.
WWGShH0
X8f Vs
'=XejK
Xkot|'
	/X	lp
/XP*OG
X pro }/ge
xSo6ky-3fMpE
xtZXtU0
Ye<UW<U6
#y HP$
/yIEGHa
`y>M-!
Z<-a\9!l
ZG0P3@2
Zl-<dqQ
zovj|S