Packed.Win32.Themida.FD, Trojan-Downloader.Win32.Karagany.1.FD, Trojan-PSW.Win32.Bzub.2.FD, Trojan-PSW.Win32.MSNPassword.FD, Trojan.Win32.FlyStudio.FD, Trojan.Win32.Swrort.3.FD, mzpefinder_pcap_file.YR, GenericEmailWorm.YR, PackedThemida.YR, GenericInjector.YR, GenericPhysicalDrive0.YR (Lavasoft MAS)Behaviour: Trojan-Downloader, Trojan-PSW, Trojan, Worm, EmailWorm, Packed
The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.
Summary
MD5: 5fbe412824a59a573d118d13a7a1ef57
SHA1: e2c52c132da795c364d932f0a277928b19dd9803
SHA256: 8f3563891f1eb7ca8c5d7cbde6528e7ff0dc81fcca11bf8cd660860a694c3e6b
SSDeep: 196608:oxx9hcbHDNSPFYmrweyW1bxPTQw1aBVg1I/fAKncxd52UiwQenwwmKE1:6hcTDYPLrwdqGugfPgD2UzwrK
Size: 12238848 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: UPolyXv05_v6
Company: no certificate found
Created at: 2016-09-11 18:41:36
Analyzed on: WindowsXP SP3 32-bit
Summary: Packed. A packed file can be a compressed and/or encrypted in a manner that prevents matching the memory image of that file and the actual file on disk. Sometimes used for copy protection, packers are often used to make Spyware less easy to analyze/detect.
Dynamic Analysis
Payload
Behaviour | Description |
---|---|
EmailWorm | Worm can send e-mails. |
Process activity
The Packed creates the following process(es):No processes have been created.The Packed injects its code into the following process(es):
%original file name%.exe:1612
Mutexes
The following mutexes were created/opened:No objects were found.
File activity
The process %original file name%.exe:1612 makes changes in the file system.
The Packed creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\user[1].htm (12 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\user[1].htm (380 bytes)
%WinDir%\qfx86.sys (188 bytes)
&j
<<<>>>
&>>>&>&KZO.uMs.....w...._..K..t..&&><>>&<&&
<<<>>>
&&
&j
<&&&I..a._0d.F1W..M.........<<&
<<<>>>
&Z
&Z
&
&
&
&
&
&
<.342>
<.342>
&x
&x
&
&
&
&
&
&
&
&
&
&
&action&loginsubmit&handlekey&loginhash&inajax
&action&loginsubmit&handlekey&loginhash&inajax
&password
&password
&ac&op
&ac&op
&ac&op
&ac&op
&action&aid&formhash
&action&aid&formhash
&
&
&
&
&
&
&j6
&j6
&
&
&
&
<:>
<:>
&
&
&
&
&
&
&
&
&joiner
&joiner
&non-joiner
&non-joiner
&More
&More
&en
&en
&ft
&ft
&
&
<:_:>
<:_:>
&y1
&y1