Gen:Variant.Graftor.8233 (B) (Emsisoft), Gen:Variant.Graftor.8233 (AdAware), Trojan-PSW.Win32.MSNPassword.FD, Trojan.Win32.FlyStudio.FD, GenericEmailWorm.YR, TrojanFlyStudio.YR (Lavasoft MAS)Behaviour: Trojan-PSW, Trojan, Worm, EmailWorm
The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.
Summary
MD5: a1b66422746865fa7328a33677cdcd5a
SHA1: ccd24b902fdb3d9bb328d6b5939d394c7dfca231
SHA256: 5e315ba1c7001cfa4ead5238d98234a84f4bb9422818c85bd4d4c599af5c6401
SSDeep: 196608:BNqe9sW9nn0G1Vlt2xXtSO2tIlhqCQVWsBBly4UhTclbT4tp78k1WfsibZM:BFn0sSXhqCQoiOhTclbT4tp78i 7VM
Size: 12554240 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: UPolyXv05_v6, MicrosoftVisualC, MicrosoftVisualCv50v60MFC, MicrosoftVisualC50, Armadillov171
Company:
Created at: 2015-06-23 16:07:39
Analyzed on: WindowsXP SP3 32-bit
Summary: Trojan-PSW. Trojan program intended for stealing users passwords.
Dynamic Analysis
Payload
Behaviour | Description |
---|---|
EmailWorm | Worm can send e-mails. |
Process activity
The Trojan creates the following process(es):
&show | |
&show&t | |
&r&lg&ntime&cnzz_eid&showp&t&h&rnd | |
&rnd | |
&cna | |
&show | |
&cna | |
&show&t | |
&rnd
&cna
&cna
&show&t
站长统计&&&k&&<><><><><>站长统计
<<<>>>
&r&lg&ntime&cnzz_eid&showp&t&h&rnd
<><><><><><><><><><><><><><><><><><><><><><>
<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>“”“”<><>“”“”“”“”<><><><
<<<>>>
>><>>><>>>>>&
<<<>>>
>><&>&>>
<<<>>>
&show
&<&&
<<<>>>
>>>>&&>>>
<<<>>>
&cna
><>&&>&><>
<<<>>>
&&
<<<>>>
&src_uin&fid&spec
&src_uin&fid&spec
&dst_uin
&dst_uin
&vu&auto_play&gpcflag&width&height
&vu&auto_play&gpcflag&width&height
&keyindex&pt_aid&u1
&keyindex&pt_aid&u1
&clientkey
&clientkey
&syn_tweet_verson&richtype&richval&special_url&subrichtype&who&con
&syn_tweet_verson&richtype&richval&special_url&subrichtype&who&con
&&
&&
&
&
&&
&&
&
&
&KPeQ
&KPeQ
&
&
<.pe>
<.pe>
&
&
<.cz>
<.cz>
&
&
&C6
&C6
&
&
&g
&g
&
&
&
&
&D
&D
&
&
<.bm>
<.bm>
&
&
&
&
&p
&p
&
&
&
&
&e
&e
<.crz>
<.crz>
&Z
&Z
&
&
&E
&E
&
&
&W.wl
&W.wl
&
&
&
&
&
&
&
&
&
&
&
&
&hide_title_bar&f_url&no_verifyimg&qlogin_jumpname&hide_close_icon&s_url
&hide_title_bar&f_url&no_verifyimg&qlogin_jumpname&hide_close_icon&s_url
&
&
&y1
&y1
&keyindex&pt_aid&u1
&keyindex&pt_aid&u1
&clientkey
&clientkey
&syn_tweet_verson&richtype&richval&special_url&subrichtype&who&con
&syn_tweet_verson&richtype&richval&special_url&subrichtype&who&con
&&
&&
&
&
&&
&&
&
&