Skip to main content

Packed.Win32.Themida_5fbe412824


Packed.Win32.Themida.FD, Trojan-Downloader.Win32.Karagany.1.FD, Trojan-PSW.Win32.Bzub.2.FD, Trojan-PSW.Win32.MSNPassword.FD, Trojan.Win32.FlyStudio.FD, Trojan.Win32.Swrort.3.FD, mzpefinder_pcap_file.YR, GenericEmailWorm.YR, PackedThemida.YR, GenericInjector.YR, GenericPhysicalDrive0.YR (Lavasoft MAS)Behaviour: Trojan-Downloader, Trojan-PSW, Trojan, Worm, EmailWorm, Packed

The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.

Summary

MD5: 5fbe412824a59a573d118d13a7a1ef57

SHA1: e2c52c132da795c364d932f0a277928b19dd9803

SHA256: 8f3563891f1eb7ca8c5d7cbde6528e7ff0dc81fcca11bf8cd660860a694c3e6b

SSDeep: 196608:oxx9hcbHDNSPFYmrweyW1bxPTQw1aBVg1I/fAKncxd52UiwQenwwmKE1:6hcTDYPLrwdqGugfPgD2UzwrK

Size: 12238848 bytes

File type: EXE

Platform: WIN32

Entropy: Packed

PEID: UPolyXv05_v6

Company: no certificate found

Created at: 2016-09-11 18:41:36

Analyzed on: WindowsXP SP3 32-bit

Summary: Packed. A packed file can be a compressed and/or encrypted in a manner that prevents matching the memory image of that file and the actual file on disk. Sometimes used for copy protection, packers are often used to make Spyware less easy to analyze/detect.

Dynamic Analysis

Payload

Behaviour Description
EmailWormWorm can send e-mails.


Process activity

The Packed creates the following process(es):No processes have been created.The Packed injects its code into the following process(es):

%original file name%.exe:1612

Mutexes

The following mutexes were created/opened:No objects were found.

File activity

The process %original file name%.exe:1612 makes changes in the file system.


The Packed creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\user[1].htm (12 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\user[1].htm (380 bytes)
%WinDir%\qfx86.sys (188 bytes)

















































&j

<<<>>>

&>>>&>&KZO.uMs.....w...._..K..t..&&><>>&<&&

<<<>>>

&&

&j

<&&&I..a._0d.F1W..M.........<<&

<<<>>>

&uin&site&menu

&uin&site&menu

&W..sFS

&W..sFS

&

&

&vh

&vh

&

&

<:>

<:>

&into&over&options&Just-in-time&PI&k&Breakpoints&n

&into&over&options&Just-in-time&PI&k&Breakpoints&n

&S&Attach&breakpoints&Options...

&S&Attach&breakpoints&Options...

&da

&da

&

&

&

&

&

&

&

&

&&&&

&&&&

&k

&k

&

&

&&&

&&&

&

&

&

&

&

&

&NQy

&NQy

&

&

&

&

&Z

&Z

&

&

&

&

&

&

<.342>

<.342>

&x

&x

&

&

&

&

&

&

&

&

&

&

&action&loginsubmit&handlekey&loginhash&inajax

&action&loginsubmit&handlekey&loginhash&inajax

&password

&password

&ac&op

&ac&op

&ac&op

&ac&op

&action&aid&formhash

&action&aid&formhash

&

&

&

&

&

&

&j6

&j6

&

&

&

&

<:>

<:>

&

&

&

&

&

&

&

&

&joiner

&joiner

&non-joiner

&non-joiner

&More

&More

&en

&en

&ft

&ft

&

&

<:_:>

<:_:>

&y1

&y1