MalwareDisasters is a division of MalwareIntelligence. In the same test information is captured about the behavior of malicious code, and also offering the necessary countermeasures to mitigate the malicious actions in question.

7.19.2012

I give you a picture and you give me your private data! What you say?


MD5 :  bf25f7588c58cd4b7cc5ac04ebfd00c5
SHA1:  1c8e7315fae2a2af199bc3d79a5fec5cc8de4f79
['Microsoft Visual Basic v5.0 - v6.0']

PE Information
     Win32 Executable Microsoft Visual Basic 6 (86.2%)
     Win32 Executable Generic (5.8%)
     Win32 Dynamic Link Library (generic) (5.1%)
     Generic Win/DOS Executable (1.3%)
     DOS Executable Generic (1.3%)


     Optional Header: 0x400000
     Address Of Entry Point: 0x1b04
     Compile Time: 2012-01-25 10:58:42
     Number of RVA and Sizes: 16
     DLL: False
     Number of Sections: 3


[IMAGE_RESOURCE_DIRECTORY]
     0x2B000    0x0   Characteristics: 0x0       
     0x2B004    0x4   TimeDateStamp: 0x4F1FFC81 [Wed Jan 25 12:58:41 2012 UTC]
     0x2B008    0x8   MajorVersion: 0x0       
     0x2B00A    0xA   MinorVersion: 0x0       
     0x2B00C    0xC   NumberOfNamedEntries: 0x0       
     0x2B00E    0xE   NumberOfIdEntries: 0x3  


Metadata
     Translation: 0x0409 0x04b0
     InternalName: Photo_Viewer_12_south
     FileVersion: 12.00
     CompanyName: ACDSee Image Viewer
     ProductName: My_Photos
     ProductVersion: 12.00
     OriginalFilename: Photo_Viewer_12_south.exe

Registry
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
NTS ACDSee Image Viewer c:\windows\system32\wpowercfg.exe

VT detection rate 19/37

The malware has keylogging functionality. All captured information is sent via SMTP and displays an image run:


Do you know this girl? :-)


Alex

0 comentarios:

Post a Comment

Subscribe to: Post Comments (Atom)