Xandora

File SHA1: 023709e35bbc8f3938fce21da60f65f650d97636
File MD5 : 64cb7b8dc61530062e932bc09d2fce7a
File Type: PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
Additonal Info:
Source: Generated
Date: Sat Jul 31 07:07:02 MYT 2010
Final Score: 12
Possible Malware: YES

#– Files Created: –

#– Registry Created: –

[SOFTWARE]
[SYSTEM]
[SECURITIES]
[DEFAULT]
[NTUSER]

#– Malicious Running Processes: –

#– Malicious Processes Dump: –

cmd.exe::PID=984:992::UID=0::Action=
cmd.exe::PID=1188:1196::UID=0::Action=

#– Malware Traffic – DNS: –

#– Malware Traffic – Connections: –

#– Malware Traffic – www: –

#– Static Header: –

FILE HEADER INFORMATION

TimeStamp: 4AC743C9 Sat Oct 3 20:30:01 2009
Subsystem: 2 (Windows GUI)
Image Base: 10000000 Size: 00016000
Code Base: 00001000 Size: 00010000
Data Base: 00011000 Size: 00005000
Entry Point: 0000BA70 (file offset 0000AE70)

SECTIONS

1: .text RVA: 00001000 Offset: 00000400 Size: 0000FA00 Flags: 60000020 (CER)
2: .data RVA: 00011000 Offset: 0000FE00 Size: 00002800 Flags: C0000040 (DRW)
3: .rsrc RVA: 00014000 Offset: 00012600 Size: 00000400 Flags: 40000040 (DR)
4: .reloc RVA: 00015000 Offset: 00012A00 Size: 00000600 Flags: 42000040 (DR)

#– Screenshots: –

Snapshot 1

Snapshot 2

Snapshot 4