Xandora

File SHA1: 90994fa535094866d4f417cbe6f8c1f90999b136
File MD5 : 5f971650f239db713b826cf315c591e9
File Type: PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Additonal Info:
Source: Generated
Date: Sat Jul 31 07:08:55 MYT 2010
Final Score: 4
Possible Malware: NO

#– Files Created: –

#– Registry Created: –

[SOFTWARE]
[SYSTEM]
[SECURITIES]
[DEFAULT]
[NTUSER]

#– Malicious Running Processes: –

#– Malicious Processes Dump: –

cmd.exe::PID=980:1004::UID=0::Action=
cmd.exe::PID=1184:1200::UID=0::Action=

#– Malware Traffic – DNS: –

mobllo.in

#– Malware Traffic – Connections: –

202.109.143.16.81

#– Malware Traffic – www: –

#– Static Header: –

FILE HEADER INFORMATION

TimeStamp: 4C527701 Fri Jul 30 14:53:53 2010
Subsystem: 2 (Windows GUI)
Image Base: 00400000 Size: 00014000
Code Base: 00001000 Size: 00011200
Data Base: 00002000 Size: 00001400
Entry Point: 0000934A (file offset 0000194A)

SECTIONS

1: .text RVA: 00001000 Offset: 00000000 Size: 00000000 Flags: E0000020 (CERW)
2: .rsrc RVA: 00002000 Offset: 00000400 Size: 00000200 Flags: 40000040 (DR)
3: .vmp0 RVA: 00004000 Offset: 00000000 Size: 00000000 Flags: 60000060 (CDER)
4: .vmp1 RVA: 00008000 Offset: 00000600 Size: 0000A200 Flags: E2000020 (CERW)
5: .reloc RVA: 00013000 Offset: 0000A800 Size: 00000200 Flags: 42000040 (DR)

#– Screenshots: –