Gen:Variant.Symmi.23237 (BitDefender), Trojan.DownLoader11.11699 (DrWeb), Gen:Variant.Symmi.23237 (B) (Emsisoft), Gen:Variant.Symmi.23237 (FSecure), Win32/Parite (AVG), Win32:WrongInf-D [Susp] (Avast), Gen:Variant.Symmi.23237 (AdAware), Trojan-PSW.Win32.MSNPassword.FD, Trojan.Win32.FlyStudio.FD, GenericEmailWorm.YR, TrojanFlyStudio.YR (Lavasoft MAS)Behaviour: Trojan-PSW, Trojan, Worm, EmailWorm
The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.
Summary
MD5: 04794d2e35f5e8983f2bee91249bca6b
SHA1: 00f74a1ed45fd501623da2a5aa3cf1050829b32c
SHA256: a2582353731f7a29013d4c99c5815b821c20e684a8d72524185f2d8c0313449e
SSDeep: 24576:HwdzcXes5i4fqHtgCsXbBU2eULSFCrLAKRcsHFcZn7nQeBDTl:HwdwTz6mICrcKRH6h
Size: 1200094 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: UPolyXv05_v6
Company: Premium Installer
Created at: 2014-07-29 12:14:12
Analyzed on: WindowsXPESX SP3 32-bit
Summary: Trojan-PSW. Trojan program intended for stealing users passwords.
Dynamic Analysis
Payload
| Behaviour | Description |
|---|---|
| EmailWorm | Worm can send e-mails. |
Process activity
The Trojan creates the following process(es):No processes have been created.The Trojan injects its code into the following process(es):
%original file name%.exe:2024
Mutexes
The following mutexes were created/opened:No objects were found.
File activity
The process %original file name%.exe:2024 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
<><><><><><><><><><><><><><><><><><><
<<<>>>
<><><><><><><><><><><><><><><
<<<>>>
&&:&&&&&&
&&:&&&&&&
&&:&&&&&
&&:&&&&&
&q
&q
&k
&&&&
&&:&&&&&&
&&:&&&&&
&q&q&k&&&&