Xandora

File SHA1: c44d52006a10e8fd3b436db323bbc16215d5f008
File MD5 : d24a85992bbf33a8161dc5af58926b40
File Type: PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Additonal Info: Armadillo v1.xx – v2.xx
Source: Web
Date: Sat Jul 31 01:47:01 MYT 2010
Final Score: 3
Possible Malware: NO

#– Files Created: –

#– Registry Created: –

[SOFTWARE]
[SYSTEM]
[SECURITIES]
[DEFAULT]
[NTUSER]

#– Malicious Running Processes: –

#– Malicious Processes Dump: –

cmd.exe::PID=956:992::UID=0::Action=
cmd.exe::PID=1184:1200::UID=0::Action=

#– Malware Traffic – DNS: –

#– Malware Traffic – Connections: –

#– Malware Traffic – www: –

#– Static Header: –

FILE HEADER INFORMATION

TimeStamp: 4C51DD6E Fri Jul 30 03:58:38 2010
Subsystem: 2 (Windows GUI)
Image Base: 10000000 Size: 00013000
Code Base: 00001000 Size: 0000C000
Data Base: 0000D000 Size: 00006000
Entry Point: 0000BEDF (file offset 0000BEDF)

SECTIONS

1: .text RVA: 00001000 Offset: 00001000 Size: 0000C000 Flags: 60000020 (CER)
2: .rdata RVA: 0000D000 Offset: 0000D000 Size: 00002000 Flags: 40000040 (DR)
3: .data RVA: 0000F000 Offset: 0000F000 Size: 00001000 Flags: C0000040 (DRW)
4: .sxdata RVA: 00011000 Offset: 00010000 Size: 00001000 Flags: C0000240 (DRW)
5: .reloc RVA: 00012000 Offset: 00011000 Size: 00001000 Flags: 42000040 (DR)

#– Screenshots: –