I give you a picture and you give me your private data! What you say?
SHA1: 1c8e7315fae2a2af199bc3d79a5fec5cc8de4f79
['Microsoft Visual Basic v5.0 - v6.0']
PE Information
Win32 Executable Microsoft Visual Basic 6 (86.2%)
Win32 Executable Generic (5.8%)
Win32 Dynamic Link Library (generic) (5.1%)
Generic Win/DOS Executable (1.3%)
DOS Executable Generic (1.3%)
Optional Header: 0x400000
Address Of Entry Point: 0x1b04
Compile Time: 2012-01-25 10:58:42
Number of RVA and Sizes: 16
DLL: False
Number of Sections: 3
[IMAGE_RESOURCE_DIRECTORY]
0x2B000 0x0 Characteristics: 0x0
0x2B004 0x4 TimeDateStamp: 0x4F1FFC81 [Wed Jan 25 12:58:41 2012 UTC]
0x2B008 0x8 MajorVersion: 0x0
0x2B00A 0xA MinorVersion: 0x0
0x2B00C 0xC NumberOfNamedEntries: 0x0
0x2B00E 0xE NumberOfIdEntries: 0x3
Metadata
Translation: 0x0409 0x04b0
InternalName: Photo_Viewer_12_south
FileVersion: 12.00
CompanyName: ACDSee Image Viewer
ProductName: My_Photos
ProductVersion: 12.00
OriginalFilename: Photo_Viewer_12_south.exe
Registry
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
NTS ACDSee Image Viewer c:\windows\system32\wpowercfg.exe
VT detection rate 19/37
The malware has keylogging functionality. All captured information is sent via SMTP and displays an image run:
Do you know this girl? :-)
Alex
Ver más