Gen:Variant.Graftor.61976 (B) (Emsisoft), Gen:Variant.Graftor.61976 (AdAware), Trojan.Win32.FlyStudio.FD, GenericEmailWorm.YR (Lavasoft MAS)Behaviour: Trojan, Worm, EmailWorm
The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.
Summary
MD5: 29b0ae9be51157ebf6cb7a35a189d890
SHA1: 8ef1f29be7cf4b090392304e0333361e836a615f
SHA256: e1e93c50d0090ad9b3ba606f1b75fecbbeda8ff3ac058adc882daa954414467b
SSDeep: 12288:oSKYiVe795NpAdtR05Oy X2eksMHC6R5nWFpPoS7llllFV:o47957AdtRwOVXjksMobxllllP
Size: 741376 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: UPolyXv05_v6
Company: no certificate found
Created at: 2014-11-10 02:58:48
Analyzed on: WindowsXPESX SP3 32-bit
Summary: Trojan. A program that appears to do one thing but actually does another (a.k.a. Trojan Horse).
Dynamic Analysis
Payload
| Behaviour | Description |
|---|---|
| EmailWorm | Worm can send e-mails. |
Process activity
The Trojan creates the following process(es):
mscorsvw.exe:1912
The Trojan injects its code into the following process(es):
%original file name%.exe:228
Mutexes
The following mutexes were created/opened:No objects were found.
File activity
The process %original file name%.exe:228 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
C:\脙茠芒鈧