Analysis Date | 2014-04-18 13:26:24 |
---|---|
MD5 | a812353882aba71944e85db4286990e8 |
SHA1 | 10be6c8f577cdc58f1774e36ae6bda9ae85a223f |
File type | PE32 executable for MS Windows (GUI) Intel 80386 32-bit | |
---|---|---|
Section | .text md5: c52a72deb0170941d392ec38c6aeafd0 sha1: 1775038c6d58560083e29b74062aa40724b1de60 size: 24064 | |
Section | .rdata md5: dc77f8a1e6985a4361c55642680ddb4f sha1: 3d397ee25b2dd83ab741c67375880151cae94ed8 size: 5120 | |
Section | .data md5: 723ad80df002dc5421798f4307abe5cf sha1: da7fe0de0f0440d576cd7538ef0e8a4c210c38ca size: 1024 | |
Section | .ndata md5: d41d8cd98f00b204e9800998ecf8427e sha1: da39a3ee5e6b4b0d3255bfef95601890afd80709 size: 0 | |
Section | .rsrc md5: dc2e771ce96c29fbf07ac5d1fe29c785 sha1: b25ab32bfd4cdb1eb202505421644b9633f7f077 size: 16384 | |
Timestamp | 2009-12-05 22:52:12 | |
Packer | Nullsoft PiMP Stub -> SFX | |
PEhash | 4bfa89dd94256acbe18c9995758ba359ef279d5d | |
IMPhash | 7fa974366048f9c551ef45714595665e |
Screenshot |
---|
Registry | HKEY_CURRENT_CONFIGSoftwareMicrosoftwindowsCurrentVersionInternet SettingsProxyEnable ➝ NULL |
---|---|
Registry | HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet SettingsZoneMapProxyBypass ➝ 1 |
Creates File | C:Documents and SettingsAdministratorLocal SettingsTempnst2.tmpmanlib.dll |
Creates File | C:Documents and SettingsAdministratorLocal SettingsTempnst2.tmpMath.dll |
Creates File | C:Documents and SettingsAdministratorLocal SettingsHistoryHistory.IE5index.dat |
Creates File | C:Documents and SettingsAdministratorLocal SettingsTemporary Internet FilesContent.IE5index.dat |
Creates File | C:Documents and SettingsAdministratorLocal SettingsTempnst2.tmpUserInfo.dll |
Creates File | C:Documents and SettingsAdministratorLocal SettingsTempnst2.tmpSystem.dll |
Creates File | C:Documents and SettingsAdministratorLocal SettingsTempnst2.tmpnsDialogs.dll |
Creates File | C:Documents and SettingsAdministratorCookiesindex.dat |
Creates File | C:Documents and SettingsAdministratorLocal SettingsTempnst2.tmpheader.bmp |
Creates File | PIPElsarpc |
Creates File | C:Documents and SettingsAdministratorLocal SettingsTempnst2.tmpinstallog.txt |
Creates File | C:Documents and SettingsAdministratorLocal SettingsTempnst2.tmpblowfish.dll |
Creates File | DeviceAfdEndpoint |
Creates File | C:Documents and SettingsAdministratorLocal SettingsTempnst2.tmpregistry.dll |
Creates File | C:Documents and SettingsAdministratorLocal SettingsTempnst2.tmpGetVersion.dll |
Deletes File | C:Documents and SettingsAdministratorLocal SettingsTempnst2.tmpMath.dll |
Deletes File | C:Documents and SettingsAdministratorLocal SettingsTempnst2.tmpmanlib.dll |
Deletes File | C:Documents and SettingsAdministratorLocal SettingsTempnst2.tmpUserInfo.dll |
Deletes File | C:Documents and SettingsAdministratorLocal SettingsTempnst2.tmpSystem.dll |
Deletes File | C:Documents and SettingsAdministratorLocal SettingsTempnst2.tmpnsDialogs.dll |
Deletes File | C:Documents and SettingsAdministratorLocal SettingsTempnst2.tmp |
Deletes File | C:Documents and SettingsAdministratorLocal SettingsTempnst2.tmpheader.bmp |
Deletes File | C:Documents and SettingsAdministratorLocal SettingsTempnst2.tmpinstallog.txt |
Deletes File | C:Documents and SettingsAdministratorLocal SettingsTempnst2.tmpblowfish.dll |
Deletes File | C:Documents and SettingsAdministratorLocal SettingsTempnst2.tmpGetVersion.dll |
Deletes File | C:Documents and SettingsAdministratorLocal SettingsTempnsy1.tmp |
Creates Mutex | c:!documents and settings!administrator!local settings!history!history.ie5! |
Creates Mutex | WininetConnectionMutex |
Creates Mutex | c:!documents and settings!administrator!cookies! |
Creates Mutex | c:!documents and settings!administrator!local settings!temporary internet files!content.ie5! |
Winsock DNS | www.fsunlighteast.com |
DNS | fsunlighteast.com Type: A 50.97.62.154 |
---|---|
DNS | www.fsunlighteast.com Type: A |
HTTP POST | http://www.fsunlighteast.com/FCL_Co_v1.php User-Agent: NSIS_Inetc (Mozilla) |
Flows TCP | 192.168.1.1:1031 ➝ 50.97.62.154:80 |