Xandora » File Analyzer: 988fd49178d95413cec44c0a70cd3f96036ecd11

Home > File Analysis > File Analyzer: 988fd49178d95413cec44c0a70cd3f96036ecd11

File Analyzer: 988fd49178d95413cec44c0a70cd3f96036ecd11

July 31st, 2010 xandora

File SHA1: 988fd49178d95413cec44c0a70cd3f96036ecd11
File MD5 : c3d60d55176bb3227644a687ebaf9b2e
File Type: PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Additonal Info:
Source: Generated
Date: Sat Jul 31 07:09:17 MYT 2010
Final Score: 27
Possible Malware: YES

#– Files Created: –

#– Registry Created: –

[SOFTWARE]
[SYSTEM]
[SECURITIES]
[DEFAULT]
[NTUSER]

#– Malicious Running Processes: –

#– Malicious Processes Dump: –

cmd.exe::PID=980:992::UID=0::Action=
cmd.exe::PID=1224:1548::UID=0::Action=
cmd.exe::PID=1224:1548::UID=0::Action=del
cmd.exe::PID=1224:1548::UID=0::Action=if
cmd.exe::PID=1224:1548::UID=0::Action=goto
cmd.exe::PID=1224:1548::UID=0::Action=try
cmd.exe::PID=1224:1548::UID=0::Action=reg
cmd.exe::PID=1224:1548::UID=0::Action=deleteHKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce/vSAMPLE/f
reg.exe::PID=1548:1556::UID=0::Action=
cmd.exe::PID=1224:1548::UID=0::Action=start
cmd.exe::PID=1224:1548::UID=0::Action=C:\DOCUME~1\ADMINI~1\LOCALS~1\APPLIC~1\526324~1.EXE-i
cmd.exe::PID=1224:1548::UID=0::Action=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\62257.bat
cmd.exe::PID=1188:1200::UID=0::Action=

#– Malware Traffic – DNS: –

#– Malware Traffic – Connections: –

91.216.73.29.80

#– Malware Traffic – www: –

91.216.73.29/cb_soft.php?q=8f4f5666e31d5d954c8b830c6e064c07

#– Static Header: –

FILE HEADER INFORMATION

TimeStamp: 42F22385 Thu Aug 4 22:17:41 2005
Subsystem: 2 (Windows GUI)
Image Base: 00400000 Size: 0042F004
Code Base: 00002000 Size: 000D2200
Data Base: 000D5000 Size: 00022A00 (plus 00002000 uninitialized)
Entry Point: 000022F3 (file offset 000006F3)

SECTIONS

1: .text RVA: 00002000 Offset: 00000400 Size: 000D2200 Flags: 60000020 (CER)
2: .rdata RVA: 000D5000 Offset: 000D2600 Size: 00000200 Flags: 40000040 (DR)
3: .data RVA: 000D6000 Offset: 000D2800 Size: 00022800 Flags: C0000040 (DRW)
4: .rsrc RVA: 000F9000 Offset: 000F5000 Size: 00000A00 Flags: 40000040 (DR)
5: .version RVA: 0042F000 Offset: 000F5A00 Size: 00000000 Flags: 40000080 (UR)