Analysis Date | 2014-10-31 20:05:39 |
---|---|
MD5 | c55d2df62b31a216c48612118d2d57a6 |
SHA1 | fce717cf3ab12bf4518ab78e21b2ffc423adeae4 |
Static Details:
File type | PE32 executable for MS Windows (GUI) Intel 80386 32-bit | |
---|---|---|
Section | .text md5: 7bf74ba9a723faaccb99cb6352b182b5 sha1: 8ed921a45a4c73595b906374cfabb82af72aa9f8 size: 121344 | |
Section | .rsrc md5: 65a72cfcf93792cf1f4c4187b74703bf sha1: b6d1fbb6f1616986a160ee0b9f295774ab759d6f size: 18944 | |
Timestamp | 2008-07-29 22:55:23 | |
Version | LegalCopyright: Copyright (C) 2003-2008 InternalName: Freegate FileVersion: 0, 0, 0, 0 CompanyName: PrivateBuild: LegalTrademarks: Comments: ProductName: Freegate Application SpecialBuild: ProductVersion: 0, 0, 0, 0 FileDescription: Freegate Application OriginalFilename: freegate.EXE | |
Packer | PeCompact 2.xx (Slim Loader) -> BitSum Technologies | |
PEhash | 64887c7ee1731aeafc2fa19493371296e1e1c09e | |
IMPhash | 09d0478591d4f788cb3e5ea416c25237 | |
AV | 360 Safe | Trojan.GenericKD.1942458 |
AV | Ad-Aware | Trojan.GenericKD.1942458 |
AV | Alwil (avast) | no_virus |
AV | Arcabit (arcavir) | no_virus |
AV | Authentium | W32/Trojan.BLHE-4762 |
AV | Avira (antivir) | BDS/Rogue.141312 |
AV | BullGuard | Trojan.GenericKD.1942458 |
AV | CA (E-Trust Ino) | no_virus |
AV | CAT (quickheal) | no_virus |
AV | ClamAV | no_virus |
AV | Dr. Web | Trojan.Proxy.3764 |
AV | Emsisoft | Trojan.GenericKD.1942458 |
AV | Eset (nod32) | no_virus |
AV | Fortinet | W32/Clack.K!tr.bdr |
AV | Frisk (f-prot) | no_virus |
AV | F-Secure | Trojan.GenericKD.1942458 |
AV | Grisoft (avg) | BackDoor.Generic18.AZCH |
AV | Ikarus | Backdoor.Win32.Clack |
AV | K7 | no_virus |
AV | Kaspersky | Backdoor.Win32.Clack.k |
AV | MalwareBytes | Trojan.Agent |
AV | Mcafee | Generic.dx |
AV | Microsoft Security Essentials | no_virus |
AV | MicroWorld (escan) | no_virus |
AV | Norman | Trojan.GenericKD.1942458 |
AV | Rising | no_virus |
AV | Sophos | no_virus |
AV | Symantec | no_virus |
AV | Trend Micro | no_virus |
AV | VirusBlokAda (vba32) | Trojan.Proxy |
Runtime Details:
Screenshot | ![]() |
---|
Process
↳ C:\malware.exe
Registry | HKEY_CURRENT_CONFIG\Software\Microsoft\windows\CurrentVersion\Internet Settings\ProxyEnable ➝ NULL |
---|---|
Registry | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Dgdebdtf ➝ 5120 |
Creates File | C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat |
Creates File | C:\Documents and Settings\Administrator\Cookies\index.dat |
Creates File | PhysicalDrive0 |
Creates File | PIPE\lsarpc |
Creates File | \Device\Afd\Endpoint |
Creates File | \Device\Afd\AsyncConnectHlp |
Creates File | C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat |
Creates Mutex | c:!documents and settings!administrator!local settings!history!history.ie5! |
Creates Mutex | WininetConnectionMutex |
Creates Mutex | c:!documents and settings!administrator!cookies! |
Creates Mutex | c:!documents and settings!administrator!local settings!temporary internet files!content.ie5! |
Network Details:
DNS | w62.ziyoulonglive.com Type: A |
---|---|
DNS | w63.ziyoulonglive.com Type: A |
DNS | w64.ziyoulonglive.com Type: A |
DNS | w65.ziyoulonglive.com Type: A |
DNS | w61.ziyoulonglive.com Type: A |
DNS | fcba435fd77918d53d0f1664b239c98c62f5848f.b05cb74db2f2347d2de0118d2c12959ba6a23fb9.4.ziyouforever.com Type: MX |
DNS | 41244068cec62b155405ef36fb848063df6b87b8.a9e3848ddbf8cd2f645d5862c0a74e1600631909.4.ziyouforever.com Type: MX |
DNS | a7658ee3f3313ef8ac6cac83f3e4579d392a4933.9414916023918e9a6c3d8f9ca84c782033edf553.4.ziyouforever.com Type: MX |
DNS | 6907c9cb96e88d0e357b8578aae15aa2f7480e1b.f1cd2296ba86a761353882a39decfb093643c26f.4.ziyouforever.com Type: MX |
DNS | 5c1502585434608d38bd73e0623e09bcc25ac588.3311cf15b74051f9fde7d1bd18ef6360aa07fa7c.4.ziyouforever.com Type: MX |
DNS | a11085da87a475f1426ca90564471d683f5f420a.e081da69cd918b1cfb9ec56948b17f3a9eb07b2c.4.ziyouforever.com Type: MX |
DNS | afe3f1179e67ee785103e4a1636c8fda31ac36c7.f94241e0defec6b8fcb557db76c55f30d31e8641.4.ziyouforever.com Type: MX |
DNS | 715bcc819d00b8ef3e20e20de6d2d137ef140b51.fa251777b1ddc014790b09367abb1a4347003f53.4.ziyouforever.com Type: MX |
Flows UDP | 192.168.1.1:1031 ➝ 38.99.76.229:53 |
Flows UDP | 192.168.1.1:1032 ➝ 38.35.193.158:53 |
Flows UDP | 192.168.1.1:1032 ➝ 38.65.238.191:53 |
Flows UDP | 192.168.1.1:1032 ➝ 38.121.7.4:53 |
Flows UDP | 192.168.1.1:1031 ➝ 88.85.74.8:53 |
Flows UDP | 192.168.1.1:1032 ➝ 38.52.86.4:53 |
Flows UDP | 192.168.1.1:1031 ➝ 211.115.66.121:53 |
Flows UDP | 192.168.1.1:1032 ➝ 38.90.52.20:53 |
Flows UDP | 192.168.1.1:1032 ➝ 38.8.89.139:53 |
Flows UDP | 192.168.1.1:1031 ➝ 192.88.195.10:53 |
Flows UDP | 192.168.1.1:1032 ➝ 38.229.52.56:53 |
Flows UDP | 192.168.1.1:1032 ➝ 38.124.246.93:53 |
Flows UDP | 192.168.1.1:1031 ➝ 202.27.17.253:53 |
Flows UDP | 192.168.1.1:1032 ➝ 38.169.113.191:53 |
Flows UDP | 192.168.1.1:1032 ➝ 38.255.164.59:53 |
Flows UDP | 192.168.1.1:1031 ➝ 63.90.67.11:53 |
Flows UDP | 192.168.1.1:1032 ➝ 38.154.10.26:53 |
Flows UDP | 192.168.1.1:1032 ➝ 38.187.73.55:53 |
Flows UDP | 192.168.1.1:1031 ➝ 209.191.16.131:53 |
Flows UDP | 192.168.1.1:1032 ➝ 38.31.161.238:53 |
Flows UDP | 192.168.1.1:1032 ➝ 38.108.170.121:53 |
Flows UDP | 192.168.1.1:1031 ➝ 143.166.82.252:53 |
Flows UDP | 192.168.1.1:1032 ➝ 38.155.32.47:53 |
Flows UDP | 192.168.1.1:1032 ➝ 38.133.71.220:53 |
Flows UDP | 192.168.1.1:1031 ➝ 38.99.76.229:53 |
Flows UDP | 192.168.1.1:1032 ➝ 38.188.56.178:53 |
Flows UDP | 192.168.1.1:1032 ➝ 38.210.125.75:53 |
Flows UDP | 192.168.1.1:1032 ➝ 38.211.181.4:53 |
Flows UDP | 192.168.1.1:1032 ➝ 38.104.12.145:53 |
Flows UDP | 192.168.1.1:1032 ➝ 38.227.90.71:53 |
Flows UDP | 192.168.1.1:1032 ➝ 38.189.151.150:53 |
Flows UDP | 192.168.1.1:1032 ➝ 38.148.218.131:53 |
Flows UDP | 192.168.1.1:1032 ➝ 38.33.166.85:53 |
Flows UDP | 192.168.1.1:1032 ➝ 38.41.255.155:53 |
Flows UDP | 192.168.1.1:1032 ➝ 38.181.225.55:53 |
Flows UDP | 192.168.1.1:1032 ➝ 38.64.8.106:53 |
Flows UDP | 192.168.1.1:1032 ➝ 38.244.140.201:53 |
Flows UDP | 192.168.1.1:1032 ➝ 38.138.151.88:53 |
Flows UDP | 192.168.1.1:1032 ➝ 38.27.124.220:53 |
Flows UDP | 192.168.1.1:1032 ➝ 38.48.17.114:53 |
Flows UDP | 192.168.1.1:1032 ➝ 38.45.90.86:53 |
Flows UDP | 192.168.1.1:1032 ➝ 38.60.92.227:53 |
Flows UDP | 192.168.1.1:1032 ➝ 38.190.71.167:53 |
Flows UDP | 192.168.1.1:1032 ➝ 38.204.197.183:53 |
Flows UDP | 192.168.1.1:1032 ➝ 38.205.131.63:53 |
Flows UDP | 192.168.1.1:1032 ➝ 38.151.54.94:53 |
Flows UDP | 192.168.1.1:1032 ➝ 38.129.129.247:53 |
Flows UDP | 192.168.1.1:1032 ➝ 38.25.142.242:53 |
Flows UDP | 192.168.1.1:1032 ➝ 38.14.38.100:53 |
Flows UDP | 192.168.1.1:1032 ➝ 38.2.148.17:53 |
Flows UDP | 192.168.1.1:1032 ➝ 38.78.223.129:53 |
Flows UDP | 192.168.1.1:1032 ➝ 38.209.105.242:53 |
Flows UDP | 192.168.1.1:1032 ➝ 38.179.244.70:53 |
Flows UDP | 192.168.1.1:1033 ➝ 38.99.76.229:53 |
Flows UDP | 192.168.1.1:1033 ➝ 88.85.74.8:53 |
Flows UDP | 192.168.1.1:1033 ➝ 211.115.66.121:53 |
Flows UDP | 192.168.1.1:1033 ➝ 192.88.195.10:53 |
Flows UDP | 192.168.1.1:1033 ➝ 202.27.17.253:53 |
Flows UDP | 192.168.1.1:1033 ➝ 63.90.67.11:53 |
Flows UDP | 192.168.1.1:1033 ➝ 209.191.16.131:53 |
Flows UDP | 192.168.1.1:1033 ➝ 143.166.82.252:53 |
Flows TCP | 192.168.1.1:1034 ➝ 175.181.101.252:443 |
Flows TCP | 192.168.1.1:1035 ➝ 175.181.114.173:443 |
Flows TCP | 192.168.1.1:1036 ➝ 1.161.151.225:443 |
Flows TCP | 192.168.1.1:1037 ➝ 118.169.168.243:443 |
Flows TCP | 192.168.1.1:1038 ➝ 122.121.11.111:443 |
Flows TCP | 192.168.1.1:1039 ➝ 114.43.197.79:443 |
Flows TCP | 192.168.1.1:1040 ➝ 114.27.38.18:443 |
Flows TCP | 192.168.1.1:1041 ➝ 36.224.10.251:443 |
Flows TCP | 192.168.1.1:1042 ➝ 64.235.32.206:53 |
Flows TCP | 192.168.1.1:1043 ➝ 129.66.95.3:53 |
Flows TCP | 192.168.1.1:1044 ➝ 141.151.0.68:53 |
Flows TCP | 192.168.1.1:1045 ➝ 211.10.204.5:53 |
Flows TCP | 192.168.1.1:1046 ➝ 64.80.255.251:53 |
Flows TCP | 192.168.1.1:1047 ➝ 128.30.52.200:53 |
Flows TCP | 192.168.1.1:1048 ➝ 208.101.39.236:53 |
Raw Pcap
0x00000000 (00000) 1603 .. 0x00000000 (00000) 1603 .. 0x00000000 (00000) 1603 .. 0x00000000 (00000) 1603 .. 0x00000000 (00000) 1603 .. 0x00000000 (00000) 1603 .. 0x00000000 (00000) 1603 .. 0x00000000 (00000) 1603 .. 0x00000000 (00000) 02 . 0x00000000 (00000) 02 . 0x00000000 (00000) 02 . 0x00000000 (00000) 02 . 0x00000000 (00000) 02 . 0x00000000 (00000) 02 . 0x00000000 (00000) 02 .
Strings
. .-.. . . 5. x... SC ; ..[ . . .. . 0, 0, 0, 0 040904b0 Comments CompanyName Copyright (C) 2003-2008 FileDescription FileVersion Freegate Freegate Application freegate.EXE InternalName LegalCopyright LegalTrademarks OriginalFilename PrivateBuild ProductName ProductVersion SpecialBuild StringFileInfo Translation VarFileInfo VS_VERSION_INFO )@@*(,( 0D'rdyx 0kk=!q -0u}%r ~188881~ %+(1HI 1Pk|q-K 1t-h,9 2D>F\yy7s 2Gje@C 2\<(-MUUVVVV =~35\k-Lf 3CTc(y 3DfXN= 3PR_{GY1 4E@E6M \(*4NV 56i$0i& 5Eb#g5 6DW=.> *]#71gf /7ju=jT @7N[uPy 7s/uI` ~8880000/01 89]n\~ 8aIydO #8R>44 8V7}R5e 8;vLr2 8|xa1~9 9Dj#il `%9mJ5 a5g9O;p a{cA3{ A f'~ }~AG:C a/jf1E aKRXK# AKXh4Pa a-qy{q A,^tvQx >/AwuZ $`b*!' b)AW}k b:f17^ |b[ ;r bSjv?I Bspr9a By:B,&B !c6E+E ^c7hOZ c9dk}ft C|\_e:uEvc\ C#I7oyl'4 c-iQ(Zg ;@ cO= C-qx{m c$V9Yp &C|Vik ^!D75r d)e&s- ~DiR?] {;DMI@t' D#M}VBZc `d|n hu- ]D@TD, DVTVU0" \D<"W. >E>6Eq eCFNJE }E=ja% !:Ep6e f18=c9 f31z{n <F5C3wsJ f{5Dj%56 fc3~\U F#E5^E fl~-qdn Foazew /fr$}d FUyMHsT FW=|)7G +|fWP" fxVW9{ FZ7toKqn G''+9T GDi/>L gDjADV G @EQt` GetProcAddress "gG QUs :g<]h| $gn%*A GRH[`b `!GT,wF GXg>;O H3*v&ct $h8jg{ hA:}Zv hdWTZis |/;!h!p` hy|E)v 'hYH$ `If/3*z >@[IHQ iIH1+\~j ikw?8` i)oGb< i@@@,-P Ip~Q&*f iQ`hsE It_ {v ^(]I-u i@;ZYd !J&2UV %}+J(V j|Y)4I -k2sh< k3JV+4v kernel32.dll KGq-xv6n 2 KP*pm:M 'kR2|/ Krs9^. {Kve7< L^2 $k 'Lly Yu LoadLibraryA ?lP~h'O }ly/nG ~#m{,A maeW9F4 MB!<N( mJ 6)G m<je|z MLKDc: >m$Nd_j mOR_3dB m?/qQRl ^mS.:Y M;t&kXQ :MV &s( N34;2# n;_`5b %<nfLh) NH xjC Nu8$SJ Nvm0ow "Nw/'0 (o1U*l-i !(O\>e .OE5U* oF?L |<Q OHk9,>] O)!\w7 [OXo,3l oxu#\` >P60dw7 PEC2=O p-gd:9 P-@U@VAVX QSz:Jh" QX]kfmgzC *Q,XYAT ]}@~ )'r r3b+F_ r9hP']@ rB3uc6F|I rBLUu5 R-_D8K8 RqjDA, r&}>sp rw@Ig:{ R'y3=% r>zZ|u &S/.<., s'0vc, S7}'fe s.g{BT sGmu0D sJ)S7>n[U ([S_-K4 S)}@NF S;-+P5** (s$`W3 S$wDDc- SZi2;5 t@1( ; }tE9Vd] !This program cannot be run in DOS mode. TmVLzCD (tOs*p TU"|/ ?TY)3' 3 _)U]@` u6g@YL `uCWI- U-E MG Uf(U}$ uG&l;6 uGlgEk uhX{R2 u-iHN. ulEGf6 >um.%;V umxxmu uNR8ow U"o[~z >uPxq& USQWVR uv3`jS UVVVWX Ux^!tZ^ [%V*2) V$F`PW VirtualAlloc VirtualFree vjBI\B @#VluK "vQel=O: ({v#w$ W3R{(`$ W7'po/ #wemSg <Wj6 BW w'PJ5) W#~RLC wv/=Gz wx(V,@ .^{xe^^ xpI3Ug xRWs~ZD8 xUf{g. - Y1)q Yot #sb *yP0xw YrPpgI/ YYu|9E `Z^)JNA z=kA;i /ZlgX8: {zp\sL `Zqd}yH ZXb^U- zXsuDJ Z^_Y[] Z/y&`?(E