Static Analysis

PE Compile Time

2010-06-08 17:06:11

PE Imphash

1ab4a64725d1bc79627f25a38a864ecb

PEiD Signatures

MinGW GCC 3.x

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
y901bdip 0x00001000 0x0000b5b0 0x0000b600 6.04868951432
395zfvyb 0x0000d000 0x00000500 0x00000600 4.2693917192
4008cvbx 0x0000e000 0x0000556c 0x00005600 7.6625033362
0x00014000 0x000042c4 0x00000000 0.0
.idata 0x00019000 0x00001010 0x00001200 4.44565557779
.rsrc 0x0001b000 0x00000504 0x00000600 2.77003569327

Resources

Name Offset Size Language Sub-language File type
RT_ICON 0x0001b3b8 0x00000128 LANG_ENGLISH SUBLANG_ENGLISH_US data
RT_ICON 0x0001b3b8 0x00000128 LANG_ENGLISH SUBLANG_ENGLISH_US data
RT_GROUP_ICON 0x0001b4e0 0x00000022 LANG_ENGLISH SUBLANG_ENGLISH_US data

Imports

Library KERNEL32.DLL:
0x419368 AddAtomA
0x41936c CloseHandle
0x419370 CopyFileA
0x419374 CreateFileA
0x419378 CreateFileMappingA
0x41937c CreateMutexA
0x419380 CreateProcessA
0x419384 CreateSemaphoreA
0x419388 CreateThread
0x419390 DeleteFileA
0x419394 ExitProcess
0x419398 FindAtomA
0x41939c FindClose
0x4193a0 FindFirstFileA
0x4193a4 FindNextFileA
0x4193a8 FreeLibrary
0x4193ac GetAtomNameA
0x4193b0 GetCurrentProcess
0x4193b4 GetCurrentProcessId
0x4193b8 GetDriveTypeA
0x4193bc GetFileSize
0x4193c0 GetFileTime
0x4193c4 GetLastError
0x4193c8 GetLocalTime
0x4193cc GetModuleFileNameA
0x4193d0 GetModuleHandleA
0x4193d4 GetProcAddress
0x4193d8 GetProcessHeap
0x4193dc GetSystemDirectoryA
0x4193e0 GetSystemTime
0x4193e4 GetTickCount
0x4193e8 GetVersionExA
0x4193ec GlobalAlloc
0x4193f0 GlobalFree
0x4193f4 HeapAlloc
0x4193f8 HeapFree
0x4193fc HeapReAlloc
0x419408 IsBadReadPtr
0x41940c IsDebuggerPresent
0x419410 LoadLibraryA
0x419414 MapViewOfFile
0x419418 OpenProcess
0x41941c Process32First
0x419420 Process32Next
0x419424 ReadFile
0x419428 ReleaseSemaphore
0x41942c SetErrorMode
0x419430 SetFilePointer
0x419434 SetFileTime
0x419438 SetLastError
0x419440 Sleep
0x419444 TerminateProcess
0x419448 TerminateThread
0x41944c TlsAlloc
0x419450 TlsFree
0x419454 TlsGetValue
0x419458 TlsSetValue
0x41945c UnmapViewOfFile
0x419460 WaitForSingleObject
0x419464 WriteFile
0x419468 lstrcatA
0x41946c lstrcmpA
0x419470 lstrcpyA
0x419474 lstrcpynA
0x419478 lstrlenA
Library ADVAPI32.DLL:
0x419330 CryptCreateHash
0x419334 CryptDestroyHash
0x419338 CryptGetHashParam
0x41933c CryptHashData
0x419340 CryptReleaseContext
0x419348 OpenProcessToken
0x41934c RegCloseKey
0x419350 RegCreateKeyExA
0x419354 RegOpenKeyExA
0x419358 RegQueryValueExA
0x41935c RegSetValueExA
Library DNSAPI.DLL:
0x41953c DnsQuery_A
Library msvcrt.dll:
0x419490 __getmainargs
0x419494 __p__environ
0x419498 __p__fmode
0x41949c __set_app_type
0x4194a0 _cexit
0x4194a4 _iob
0x4194a8 _onexit
0x4194ac _setmode
0x4194b0 abort
0x4194b4 atexit
0x4194b8 atoi
0x4194bc fclose
0x4194c0 fflush
0x4194c4 fgetc
0x4194c8 fopen
0x4194cc fprintf
0x4194d0 fread
0x4194d4 free
0x4194d8 fseek
0x4194dc ftell
0x4194e0 malloc
0x4194e4 memcpy
0x4194e8 memmove
0x4194ec memset
0x4194f0 rand
0x4194f4 realloc
0x4194f8 rewind
0x4194fc signal
0x419500 sprintf
0x419504 srand
0x419508 sscanf
0x41950c strcat
0x419510 strchr
0x419514 strcmp
0x419518 strcpy
0x41951c strstr
0x419520 strtok
Library msvcrt.dll:
0x419484 _itoa
Library USER32.dll:
0x41952c CharLowerA
0x419530 wsprintfA
Library WININET.DLL:
Library WS2_32.DLL:
0x419554 WSAConnect
0x419558 WSASocketA
0x41955c WSAStartup
0x419560 closesocket
0x419564 connect
0x419568 gethostbyname
0x41956c gethostname
0x419570 htons
0x419574 inet_addr
0x419578 inet_ntoa
0x41957c recv
0x419580 send
0x419584 sendto
0x419588 setsockopt
0x41958c socket
y901bdip
P`395zfvyb
4008cvbxlU
.idata
B4CUNG
ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/
ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/
Qkkbal
The message cannot be represented in 7-bit ASCII encoding and has been sent as a binary attachment.
The message contains Unicode characters and has been sent as a binary attachment.
Your account in System is successfully created, please read the instructions.
Administration has blocked your account.
Your account on the System was removed.
Your account on the system successfully activated.
Closure of your account, please read the instructions.
Change your password, please read the instructions.
Your account is successfully created on the site BigTits.
I Love You more than life, read at verse.
I Wish You all the best.
Instruction
Readme
Document
Message
WebMoney Instruction
Administration CyberPlat
PayPal Instruction
RUpay Administration
E-Gold Instruction
EasyPay Instruction
Administration WebMoney
Closure of your account
Change your password
Your account has been blocked due to violation of the rules
Account activation is successful
You have successfully registered on the site BigTits
Server Report
Mail Delivery System
Mail Transaction Failed
Your IP was logged
I Love You
Happy birthday to you
Webmoney
support@wmtransfer.com
admin@wmtransfer.com
support@cyberplat.com
admin@paypal.com
support@rbkmoney.ru
support@e-gold.com
admin@easypay.com
@aol.com
@msn.com
@yahoo.com
@hotmail.com
@gmail.com
@mail.ru
@rambler.ru
@pochta.ru
@yandex.ru
andrew
sandra
claudia
robert
Alexey
Fyodor
Matvey
Nikita
Nikolai
Andrei
Alexander
Valera
Viktor
Vladimir
Ruslan
Stepan
Margarita
Larisa
Ksenia
Valentina
Nastya
Natasha
Khristina
Oksana
milashka
Tamara
mvcsv.qyy
admin@bigtits.com
I_Love_You.zip
Happy_birthday_to_you.zip
mvcsvnd.qyy
symantec
winrar
winzip
icrosoft
norman
norton
noreply
hotmail
mcafee
antivi
bitdefender
agnitum
rating
master
gold-certs
contact
support
borland
update
hosting
certific
clamwin
Software\Microsoft\WAB\WAB4\Wab File Name
tepbcl.qyy
Readme.exe
foto.pif
Fbsgjner\Zvpebfbsg\Jvaqbjf\PheeragIrefvba\Rkcybere\ihyaiby32\Irefvba
fgngrz
vqhfre
hfonpgvi
IHYanFuibyan
Flfgrz\PheeragPbagebyFrg\Freivprf\FunerqNpprff
PYFVQ\{R6SO5R20-QR35-11PS-9P87-00NN005127RQ}\VacebpFreire32
k_fbpxf5nna
user32.dll
fureinaf.qyy
pgszra.rkr
SeDebugPrivilege
virtual
vmware
SYSTEM\ControlSet001\Services\Disk\Enum
ABCDEFGHIJKLMNOPQRSTUVWXYZ
abcdefghijklmnopqrstuvwxyz
Fbsgjner\Zvpebfbsg\Jvaqbjf\PheeragIrefvba\Rkcybere\ihyaiby32\Irefvba
jvavarg.qyy
fVISta
192.168.1.2
vqhfre
tepbcl.qyy
user32.dll
ICQ 8.exe
office_crack_all.exe
Winrar 4.exe
K-Lite Codec Pack 7.exe
DivX 8.exe
ACDSee.exe
Winamp 7.exe
serials 2010.txt.exe
crack windows 7.exe
crack windows 8.exe
my_passwords.exe
Fbsgjner\Xnmnn\Genafsre
QyQve0
Fbsgjner\vZrfu\Trareny
QbjaybnqQve
pgszra.rkr
Fbsgjner\Zvpebfbsg\Jvaqbjf\PheeragIrefvba\Eha
user32.dll
3NlrN
zg,/5>JYk
|rkgfhmu
`sJ5jb}
zHc=0_/
/RMKfk
NFE_<z
}RuMm
st.+`h
E qJZH
O%!$p]
(I,@Z&
~Spv_5
dv^%LZ#
-WO2cr~
Sl`TAM&
yTTyG2
aS1(jm
7[T rt
`uz\Ul
).a"7*%N
%.:I[p
ylb[WVX]ep~
KKNT]ix
T|fSC6,
"'/:H
DfGnVFq
ou%MuzpS
{k^TMIHJOWbp
==@FO[j|
3NlrN
,,/5>JYk
|rkgfhmu
j)4S.(8
OYP/yY@
F&LQTVl
yVq`Zzh\#
VpzL8YC=
;TS_fn}
AWfncX
CuTB<e
#.<Max
#:Ibw
vfYOHDCEJR]k|
88;AJVew
%s, %d %s %d %d:%d:%d GMT
HELO %s
MAIL FROM: <%s>
RCPT TO: <%s>
FROM: <%s>
TO: <%s>
Date: %s
MIME-Version: 1.0
Subject: %s
X-Mailer: Microsoft Outlook Express 6.00.2800.1106
Content-type: Multipart/Mixed; boundary=xContext
--xContext
Content-type: text/plain; charset=Windows-1251
Content-type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
Content-type: Application/Octet-stream; name="%s"; type:unknown
Content-Disposition: attachment; filename="%s"
Content-Transfer-Encoding: base64
--xContext--
nhgbeha.vas
fngbeanf.qyy
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Maxthon)
Mozilla/5.0 (Windows; U; Windows NT 5.1; ru-RU; rv:1.9.1.4) Gecko/20091016 Firefox/3.5.4 (.NET CLR 3.5.30729)
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; .NET CLR 1.1.4322)
Opera/9.64 (Windows NT 5.1; U; ru) Presto/2.1.1
Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; InfoPath.1)
Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
GET %s HTTP/1.1
Connection: Keep-Alive
User-Agent: %s
Host: %s
Accept: */*
urlmon.dll
URLDownloadToFileA
donzx.dll
spamon
Fbsgjner\Zvpebfbsg\Jvaqbjf\PheeragIrefvba\Rkcybere\ihyaiby32\Irefvba
fgngrz
down_file
restart
fzaff.rkr
pgszra.rkr
timeout
socksa
flash_on
hfonpgvi
flash_off
p515p225982son69p76q604qp7s97975
2317q129n58non7o3148por15qs741r3
command
Qkkbal
-LIBGCCW32-EH-2-SJLJ-GTHR-MINGW32
w32_sharedptr->size == sizeof(W32_EH_SHARED)
%s:%u: failed assertion `%s'
../../gcc/gcc/config/i386/w32-shared-ptr.c
GetAtomNameA (atom, s, sizeof(s)) != 0
N10__cxxabiv117__class_type_infoE
N10__cxxabiv120__si_class_type_infoE
N10__cxxabiv121__vmi_class_type_infoE
St10bad_typeid
St13bad_exception
St8bad_cast
St9bad_alloc
St9exception
St9type_info
AdjustTokenPrivileges
CryptAcquireContextA
CryptCreateHash
CryptDestroyHash
CryptGetHashParam
CryptHashData
CryptReleaseContext
LookupPrivilegeValueA
OpenProcessToken
RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
AddAtomA
CloseHandle
CopyFileA
CreateFileA
CreateFileMappingA
CreateMutexA
CreateProcessA
CreateSemaphoreA
CreateThread
CreateToolhelp32Snapshot
DeleteFileA
ExitProcess
FindAtomA
FindClose
FindFirstFileA
FindNextFileA
FreeLibrary
GetAtomNameA
GetCurrentProcess
GetCurrentProcessId
GetDriveTypeA
GetFileSize
GetFileTime
GetLastError
GetLocalTime
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetProcessHeap
GetSystemDirectoryA
GetSystemTime
GetTickCount
GetVersionExA
GlobalAlloc
GlobalFree
HeapAlloc
HeapFree
HeapReAlloc
InterlockedDecrement
InterlockedIncrement
IsBadReadPtr
IsDebuggerPresent
LoadLibraryA
MapViewOfFile
OpenProcess
Process32First
Process32Next
ReadFile
ReleaseSemaphore
SetErrorMode
SetFilePointer
SetFileTime
SetLastError
SetUnhandledExceptionFilter
TerminateProcess
TerminateThread
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnmapViewOfFile
WaitForSingleObject
WriteFile
lstrcatA
lstrcmpA
lstrcpyA
lstrcpynA
lstrlenA
__getmainargs
__p__environ
__p__fmode
__set_app_type
_cexit
_onexit
_setmode
atexit
fclose
fflush
fprintf
malloc
memcpy
memmove
memset
realloc
rewind
signal
sprintf
sscanf
strcat
strchr
strcmp
strcpy
strstr
strtok
CharLowerA
wsprintfA
DnsQuery_A
InternetGetConnectedState
WSAConnect
WSASocketA
WSAStartup
closesocket
connect
gethostbyname
gethostname
inet_addr
inet_ntoa
sendto
setsockopt
socket
ADVAPI32.DLL
KERNEL32.DLL
msvcrt.dll
msvcrt.dll
USER32.dll
DNSAPI.DLL
WININET.DLL
WS2_32.DLL
1g77pnon1830xomz1884abcv
j67evhkk1940jxml19a4jkph
Antivirus Signature
Bkav W32.AIDetectMalware
Lionic Clean
Elastic malicious (high confidence)
ClamAV Win.Malware.Generickdz-9918324-0
CMC Clean
CAT-QuickHeal Trojan.Occamy.S5071046
Skyhigh BehavesLike.Win32.Mytob.lh
ALYac Dropped:Generic.Mydoom.5713DF4B
Cylance Unsafe
Zillya Trojan.Small.Win32.44096
Sangfor Trojan.Win32.Save.a
CrowdStrike win/malicious_confidence_100% (W)
Alibaba Malware:Win32/km_2edd8.None
K7GW Trojan ( 004d7c651 )
K7AntiVirus Trojan ( 004d7c651 )
huorong Worm/Autorun.de
Baidu Clean
VirIT Trojan.Win32.Dnldr8.DFQI
Paloalto generic.ml
Symantec W32.Mydoom.B@mm
tehtris Clean
ESET-NOD32 a variant of Win32/Agent.NHB
APEX Malicious
Avast Win32:Mydoom-BJ [Wrm]
Cynet Malicious (score: 100)
Kaspersky Trojan.Win32.Small.acli
BitDefender Dropped:Generic.Mydoom.5713DF4B
NANO-Antivirus Trojan.Win32.Mudrop.ijmve
ViRobot Clean
MicroWorld-eScan Dropped:Generic.Mydoom.5713DF4B
Tencent Trojan-Dropper.Win32.Mudrop.ca
Sophos Mal/Behav-104
F-Secure Trojan.TR/Downloader.Gen
DrWeb Trojan.DownLoader8.56532
VIPRE Dropped:Generic.Mydoom.5713DF4B
TrendMicro Clean
McAfeeD Real Protect-LS!D57CC2304C40
Trapmine malicious.high.ml.score
CTX exe.unknown.dropped
Emsisoft Dropped:Generic.Mydoom.5713DF4B (B)
Ikarus Trojan.Win32.Mydoom
FireEye Generic.mg.d57cc2304c405554
Jiangmin TrojanDropper.Mudrop.cbn
Webroot W32.Malware.gen
Varist W32/Mydoom.G.gen!Eldorado
Avira TR/Downloader.Gen
Fortinet W32/Agent.NHB!worm
Antiy-AVL Trojan/Win32.Small
Kingsoft malware.kb.a.1000
Gridinsoft Trojan.Win32.Agent.bot!s1
Xcitium TrojWare.Win32.Small.AD@83l0z7
Arcabit Generic.Mydoom.5713DF4B
SUPERAntiSpyware Clean
Microsoft Trojan:Win32/MyDoom!pz
Google Detected
AhnLab-V3 Trojan/Win.Generic.R643764
Acronis suspicious
McAfee Trojan-FRMT!D57CC2304C40
TACHYON Clean
VBA32 BScope.Trojan-Spy.Zbot
Malwarebytes Generic.Malware.AI.DDS
Panda W32/MyDoom.IC.worm
Zoner Clean
TrendMicro-HouseCall Clean
Rising Worm.Mydoom!1.100A4 (CLASSIC)
Yandex Trojan.GenAsa!q1iGQt0wAtk
SentinelOne Static AI - Malicious PE
MaxSecure Clean
GData Win32.Trojan.PSE.1BC1FFR
AVG Win32:Mydoom-BJ [Wrm]
DeepInstinct MALICIOUS
alibabacloud Clean
IRMA Signature
ESET Security (Windows) a variant of Win32/Agent.NHB worm
Avast Core Security (Linux) Win32:Mydoom-BJ [Wrm]
C4S ClamAV (Linux) Win.Malware.Generickdz-9918324-0
F-Secure Antivirus (Linux) Trojan.TR/Downloader.Gen [Aquarius]
Windows Defender (Windows) Trojan:Win32/MyDoom!pz
McAfee CLI scanner (Linux) Trojan-FRMT
Microsoft Defender ATP (Linux) Trojan:Win32/MyDoom!pz
Forticlient (Linux) W32/Agent.NHB!worm
Bitdefender Antivirus (Linux) Dropped:Generic.Mydoom.5713DF4B
G Data Antivirus (Windows) Virus: Dropped:Generic.Mydoom.5713DF4B (Engine A)
Sophos Anti-Virus (Linux) Mal/Behav-104
DrWeb Antivirus (Linux) Trojan.DownLoader8.56532
Trend Micro SProtect (Linux) Clean
ClamAV (Linux) Win.Malware.Generickdz-9918324-0
eScan Antivirus (Linux) Dropped:Generic.Mydoom.5713DF4B(DB)
Kaspersky Standard (Windows) Trojan.Win32.Small.acli
Emsisoft Commandline Scanner (Windows) Dropped:Generic.Mydoom.5713DF4B (B)
Cuckoo

We're processing your submission... This could take a few seconds.