855dcd36...2ca3

Filters:

Filename	Category	Type	Severity	Actions

C:\Users\FD1HVy\Desktop\BUDDINGPULVERS.exe

Sample File

Binary

Malicious

Mime Type	application/vnd.microsoft.portable-executable
File Size	88.00 KB
MD5	a4e1caab1b9642ef645b6549ca09d303
SHA1	da0cd782f32088c0df8cd62deda1c61b4cedd6fb
SHA256	855dcd368dbb01539e7efa4b3fefa9b56d197db87b1ba3ede5e1f95927ea2ca3
SSDeep	768:nAqGAtr4sozjTFpy3RlyvK6WZmYNnYIzxz84k567+tb+pA:AqGcAFp6ynCvNnY8t8Z5E+t6p
ImpHash	3c9f900665a4beb93988dde083f7e392

PE Information

Image Base	0x400000
Entry Point	0x401484
Size Of Code	0x13000
Size Of Initialized Data	0x2000
File Type	FileType.executable
Subsystem	Subsystem.windows_gui
Machine Type	MachineType.i386
Compile Timestamp	2009-12-07 18:47:22+00:00

Version Information (8)

Comments	Smart
CompanyName	Smart
FileDescription	Skarnkasse1
FileVersion	1.00.0004
InternalName	BUDDINGPULVERS
OriginalFilename	BUDDINGPULVERS.exe
ProductName	KNEVER
ProductVersion	1.00.0004

Sections (3)

Name	Virtual Address	Virtual Size	Raw Data Size	Raw Data Offset	Flags	Entropy
.text	0x401000	0x12228	0x13000	0x1000	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ	3.42
.data	0x414000	0xa14	0x1000	0x14000	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE	0.0
.rsrc	0x415000	0xdaa	0x1000	0x15000	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ	4.26

Imports (1)

MSVBVM60.DLL (86)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
_CIcos	0x0	0x401000	0x12d2c	0x12d2c	0x53
_adj_fptan	0x0	0x401004	0x12d30	0x12d30	0x1b3
__vbaVarMove	0x0	0x401008	0x12d34	0x12d34	0x178
__vbaFreeVar	0x0	0x40100c	0x12d38	0x12d38	0xb1
__vbaStrVarMove	0x0	0x401010	0x12d3c	0x12d3c	0x148
__vbaFreeVarList	0x0	0x401014	0x12d40	0x12d40	0xb2
_adj_fdiv_m64	0x0	0x401018	0x12d44	0x12d44	0x1aa
_adj_fprem1	0x0	0x40101c	0x12d48	0x12d48	0x1b2
__vbaStrCat	0x0	0x401020	0x12d4c	0x12d4c	0x133
(by ordinal)	0x22a	0x401024	0x12d50	0x12d50	-
__vbaHresultCheckObj	0x0	0x401028	0x12d54	0x12d54	0xc0
(by ordinal)	0x296	0x40102c	0x12d58	0x12d58	-
__vbaLenBstrB	0x0	0x401030	0x12d5c	0x12d5c	0xea
_adj_fdiv_m32	0x0	0x401034	0x12d60	0x12d60	0x1a8
__vbaAryVar	0x0	0x401038	0x12d64	0x12d64	0x64
__vbaAryDestruct	0x0	0x40103c	0x12d68	0x12d68	0x5d
__vbaLateMemSt	0x0	0x401040	0x12d6c	0x12d6c	0xe5
(by ordinal)	0x24f	0x401044	0x12d70	0x12d70	-
(by ordinal)	0x252	0x401048	0x12d74	0x12d74	-
_adj_fdiv_m16i	0x0	0x40104c	0x12d78	0x12d78	0x1a7
__vbaObjSetAddref	0x0	0x401050	0x12d7c	0x12d7c	0x100
_adj_fdivr_m16i	0x0	0x401054	0x12d80	0x12d80	0x1ac
(by ordinal)	0x2bf	0x401058	0x12d84	0x12d84	-
(by ordinal)	0x20a	0x40105c	0x12d88	0x12d88	-
(by ordinal)	0x2c3	0x401060	0x12d8c	0x12d8c	-
__vbaFpR8	0x0	0x401064	0x12d90	0x12d90	0xab
(by ordinal)	0x2c4	0x401068	0x12d94	0x12d94	-
_CIsin	0x0	0x40106c	0x12d98	0x12d98	0x56
__vbaChkstk	0x0	0x401070	0x12d9c	0x12d9c	0x6f
EVENT_SINK_AddRef	0x0	0x401074	0x12da0	0x12da0	0x11
__vbaStrCmp	0x0	0x401078	0x12da4	0x12da4	0x134
__vbaVarTstEq	0x0	0x40107c	0x12da8	0x12da8	0x193
__vbaAryConstruct2	0x0	0x401080	0x12dac	0x12dac	0x5b
(by ordinal)	0x230	0x401084	0x12db0	0x12db0	-
__vbaR4Str	0x0	0x401088	0x12db4	0x12db4	0x111
__vbaObjVar	0x0	0x40108c	0x12db8	0x12db8	0x101
(by ordinal)	0x232	0x401090	0x12dbc	0x12dbc	-
(by ordinal)	0x29f	0x401094	0x12dc0	0x12dc0	-
(by ordinal)	0x2a0	0x401098	0x12dc4	0x12dc4	-
_adj_fpatan	0x0	0x40109c	0x12dc8	0x12dc8	0x1b0
(by ordinal)	0x2a2	0x4010a0	0x12dcc	0x12dcc	-
(by ordinal)	0x238	0x4010a4	0x12dd0	0x12dd0	-
EVENT_SINK_Release	0x0	0x4010a8	0x12dd4	0x12dd4	0x15
_CIsqrt	0x0	0x4010ac	0x12dd8	0x12dd8	0x57
EVENT_SINK_QueryInterface	0x0	0x4010b0	0x12ddc	0x12ddc	0x14
(by ordinal)	0x2c6	0x4010b4	0x12de0	0x12de0	-
__vbaExceptHandler	0x0	0x4010b8	0x12de4	0x12de4	0x8e
_adj_fprem	0x0	0x4010bc	0x12de8	0x12de8	0x1b1
_adj_fdivr_m64	0x0	0x4010c0	0x12dec	0x12dec	0x1af
__vbaFPException	0x0	0x4010c4	0x12df0	0x12df0	0x93
(by ordinal)	0x214	0x4010c8	0x12df4	0x12df4	-
(by ordinal)	0x2cd	0x4010cc	0x12df8	0x12df8	-
__vbaStrVarVal	0x0	0x4010d0	0x12dfc	0x12dfc	0x149
(by ordinal)	0x285	0x4010d4	0x12e00	0x12e00	-
_CIlog	0x0	0x4010d8	0x12e04	0x12e04	0x55
(by ordinal)	0x21b	0x4010dc	0x12e08	0x12e08	-
(by ordinal)	0x286	0x4010e0	0x12e0c	0x12e0c	-
__vbaR8Str	0x0	0x4010e4	0x12e10	0x12e10	0x11b
__vbaNew2	0x0	0x4010e8	0x12e14	0x12e14	0xf7
__vbaInStr	0x0	0x4010ec	0x12e18	0x12e18	0xd0
_adj_fdiv_m32i	0x0	0x4010f0	0x12e1c	0x12e1c	0x1a9
_adj_fdivr_m32i	0x0	0x4010f4	0x12e20	0x12e20	0x1ae
__vbaStrCopy	0x0	0x4010f8	0x12e24	0x12e24	0x137
__vbaFreeStrList	0x0	0x4010fc	0x12e28	0x12e28	0xb0
_adj_fdivr_m32	0x0	0x401100	0x12e2c	0x12e2c	0x1ad
_adj_fdiv_r	0x0	0x401104	0x12e30	0x12e30	0x1ab
(by ordinal)	0x64	0x401108	0x12e34	0x12e34	-
(by ordinal)	0x262	0x40110c	0x12e38	0x12e38	-
__vbaVarAdd	0x0	0x401110	0x12e3c	0x12e3c	0x156
(by ordinal)	0x263	0x401114	0x12e40	0x12e40	-
__vbaVarDup	0x0	0x401118	0x12e44	0x12e44	0x162
__vbaLateMemCallLd	0x0	0x40111c	0x12e48	0x12e48	0xdf
_CIatan	0x0	0x401120	0x12e4c	0x12e4c	0x52
(by ordinal)	0x21c	0x401124	0x12e50	0x12e50	-
__vbaStrMove	0x0	0x401128	0x12e54	0x12e54	0x13f
(by ordinal)	0x26a	0x40112c	0x12e58	0x12e58	-
__vbaAryCopy	0x0	0x401130	0x12e5c	0x12e5c	0x5c
(by ordinal)	0x21d	0x401134	0x12e60	0x12e60	-
(by ordinal)	0x21f	0x401138	0x12e64	0x12e64	-
_allmul	0x0	0x40113c	0x12e68	0x12e68	0x1b4
(by ordinal)	0x28c	0x401140	0x12e6c	0x12e6c	-
(by ordinal)	0x221	0x401144	0x12e70	0x12e70	-
_CItan	0x0	0x401148	0x12e74	0x12e74	0x58
_CIexp	0x0	0x40114c	0x12e78	0x12e78	0x54
__vbaFreeStr	0x0	0x401150	0x12e7c	0x12e7c	0xaf
__vbaFreeObj	0x0	0x401154	0x12e80	0x12e80	0xad

Icons (1)

Memory Dumps (12)

Name	Process ID	Start VA	End VA	Dump Reason	Bitness	Entry Point	Actions
buddingpulvers.exe	1	0x00400000	0x00415FFF	Relevant Image	32-bit	0x00401484	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x00430000	0x0043FFFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x00430000	0x0043FFFF	First Execution	32-bit	0x00435648	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x005C0000	0x005CFFFF	First Execution	32-bit	0x005C0000	... Memory Dump Actions Go to Process Go to YARA Matches Download Dump
buffer	1	0x005C0000	0x005CFFFF	Content Changed	32-bit	0x005C5D69	... Memory Dump Actions Go to Process Go to YARA Matches Download Dump
buffer	1	0x005C0000	0x005CFFFF	Content Changed	32-bit	0x005CA718	... Memory Dump Actions Go to Process Go to YARA Matches Download Dump
ntdll.dll	1	0x77970000	0x77AFDFFF	First Execution	32-bit	0x779E2210	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x005C0000	0x005CFFFF	Content Changed	32-bit	0x005C7CB5	... Memory Dump Actions Go to Process Go to YARA Matches Download Dump
buffer	1	0x005C0000	0x005CFFFF	Content Changed	32-bit	0x005CB052	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x005C0000	0x005CFFFF	Content Changed	32-bit	0x005CAB0B	... Memory Dump Actions Go to Process Go to YARA Matches Download Dump
buffer	1	0x005C0000	0x005CFFFF	Content Changed	32-bit	0x005CB388	... Memory Dump Actions Go to Process Download Dump
buddingpulvers.exe	1	0x00400000	0x00415FFF	Process Termination	32-bit	-	... Memory Dump Actions Go to Process Download Dump

c:\users\fd1hvy\appdata\local\microsoft\windows\inetcache\counters2.dat

Modified File

Stream

Unknown

Mime Type	application/octet-stream
File Size	128 Bytes
MD5	f3344e084c76cf0e0a3ad5bacde88678
SHA1	7609c6b4fe4da79d21ddea0cbc56b9e0ce5822a7
SHA256	67a2c36c1223e17b98b6114a85c345a63696aabb2d8225e7c3423762f7109ed7
SSDeep	3:iu/B:i
ImpHash	-

c:\users\fd1hvy\appdata\local\temp\~df629a5bfedc807167.tmp

Dropped File

Unknown

Mime Type	application/CDFV2
File Size	16.00 KB
MD5	4700b285d9ede726e7a1f5f55ba8514f
SHA1	bedd1a5213d6ef9f4c44f5a2e2cace2aeeed5f0a
SHA256	e24dd97f526aa50b60ba4c3f38a599ae6123e626b8de3dd3a488ec39b75fcea2
SSDeep	3:YmsalTlLPltl2N81HRJ//:rl912N0xJX
ImpHash	-

There are no files for this filter

There are no files in this analysis

WHOIS Domain Information

Before

After