Gen.Variant.Graftor.8233_a1b6642274 – Adaware

Gen:Variant.Graftor.8233 (B) (Emsisoft), Gen:Variant.Graftor.8233 (AdAware), Trojan-PSW.Win32.MSNPassword.FD, Trojan.Win32.FlyStudio.FD, GenericEmailWorm.YR, TrojanFlyStudio.YR (Lavasoft MAS)Behaviour: Trojan-PSW, Trojan, Worm, EmailWorm

The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.

Summary

MD5: a1b66422746865fa7328a33677cdcd5a

SHA1: ccd24b902fdb3d9bb328d6b5939d394c7dfca231

SHA256: 5e315ba1c7001cfa4ead5238d98234a84f4bb9422818c85bd4d4c599af5c6401

SSDeep: 196608:BNqe9sW9nn0G1Vlt2xXtSO2tIlhqCQVWsBBly4UhTclbT4tp78k1WfsibZM:BFn0sSXhqCQoiOhTclbT4tp78i 7VM

Size: 12554240 bytes

File type: EXE

Platform: WIN32

Entropy: Packed

PEID: UPolyXv05_v6, MicrosoftVisualC, MicrosoftVisualCv50v60MFC, MicrosoftVisualC50, Armadillov171

Company:

Created at: 2015-06-23 16:07:39

Analyzed on: WindowsXP SP3 32-bit

Summary: Trojan-PSW. Trojan program intended for stealing users passwords.

Dynamic Analysis

Payload

Behaviour	Description
EmailWorm	Worm can send e-mails.

Process activity

The Trojan creates the following process(es):









&show
&show&t
&r&lg&ntime&cnzz_eid&showp&t&h&rnd

&rnd
&cna
&show

&cna

&show&t

&rnd

&cna

&show&t

站长统计&&&k&&<><><><><>站长统计

<<<>>>

&r&lg&ntime&cnzz_eid&showp&t&h&rnd

<><><><><><><><><><><><><><><><><><><><><><>

<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>“”“”<><>“”“”“”“”<><><>&lt

<<<>>>

>><>>><>>>>>&

<<<>>>

>><&>&>>

<<<>>>

&show

&<&&

<<<>>>

>>>>&&>>>

<<<>>>

&cna

><>&&>&><>

<<<>>>

&src_uin&fid&spec

&dst_uin

&vu&auto_play&gpcflag&width&height

&keyindex&pt_aid&u1

&clientkey

&syn_tweet_verson&richtype&richval&special_url&subrichtype&who&con

&KPeQ

<.pe>

<.cz>

&C6

<.bm>

<.crz>

&W.wl

&hide_title_bar&f_url&no_verifyimg&qlogin_jumpname&hide_close_icon&s_url

&y1

&keyindex&pt_aid&u1

&clientkey

&syn_tweet_verson&richtype&richval&special_url&subrichtype&who&con