Ce26d6936e24ac58512ca654ec852527
Jump to navigation
Jump to search
DRAFT
This page is still a draft. Thank you for your understanding.
Description
Summary
INCOMPLETE SECTION OR ARTICLE
This section/article is being written and is therefore not complete.
Thank you for your comprehension.
Thank you for your comprehension.
Identification
| MD5 | ce26d6936e24ac58512ca654ec852527 |
|---|---|
| SHA1 | 47cf55086ea9ae5c28a5c0132dcc22986f8f58b0 |
| SHA256 | c6ae82707e3034211cefde381c6b1fde77e78bd12a009068528aa55409eb8aad |
| ssdeep | 768:575jE3+KV70O9y8EBXRz3CyDwCxvZn9pPnfsWFIIklo3oWaSa1c8u+XevvIAb:579EOK0eCRGEwCxDp8WKIsWahq8uL |
| imphash | a026e422bbd77ef6a4cf26f918ee8595 |
| File size | 60.5 KB ( 61952 bytes ) |
| File type | Win32 EXE |
| Magic literal | PE32 executable for MS Windows (GUI) Intel 80386 32-bit |
Antivirus detection
| Antivirus | Result | Update |
|---|---|---|
| AVG | Generic35.CAAO | 20140227 |
| Ad-Aware | Trojan.GenericKD.1583214 | 20140227 |
| Agnitum | Trojan.Cutwail!BSxWvyf6+Bg | 20140227 |
| AhnLab-V3 | Backdoor/Win32.Pushdo | 20140227 |
| AntiVir | TR/Spy.ZBot.drsc.5 | 20140227 |
| Antiy-AVL | Trojan/Win32.SGeneric | 20140227 |
| Avast | Win32:Downloader-UZM [Trj] | 20140227 |
| Baidu-International | Trojan.Win32.Cutwail.aWE | 20140227 |
| BitDefender | Trojan.GenericKD.1583214 | 20140227 |
| Comodo | TrojWare.Win32.Cutwail.~CKE | 20140227 |
| DrWeb | Trojan.MulDrop3.14959 | 20140227 |
| ESET-NOD32 | Win32/Wigon.PH | 20140227 |
| Emsisoft | Trojan.Win32.Agent (A) | 20140227 |
| F-Secure | Trojan.GenericKD.1583214 | 20140227 |
| Fortinet | W32/Cutwail.CKE!tr | 20140227 |
| GData | Trojan.GenericKD.1583214 | 20140227 |
| Ikarus | Trojan-Downloader.Win32.Cutwail | 20140227 |
| K7AntiVirus | Trojan ( 0040c0821 ) | 20140226 |
| K7GW | Trojan ( 0040c0821 ) | 20140227 |
| Kaspersky | Trojan.Win32.Cutwail.cke | 20140227 |
| Kingsoft | Win32.Troj.Cutwail.c.(kcloud) | 20140227 |
| Malwarebytes | Trojan.Inject | 20140227 |
| McAfee | RDN/Generic Downloader.x!jv | 20140227 |
| McAfee-GW-Edition | RDN/Generic Downloader.x!jv | 20140227 |
| MicroWorld-eScan | Trojan.GenericKD.1583214 | 20140227 |
| Microsoft | TrojanDownloader:Win32/Cutwail.BS | 20140227 |
| Norman | Troj_Generic.STGFH | 20140227 |
| Panda | Trj/CI.A | 20140226 |
| Qihoo-360 | HEUR/Malware.QVM20.Gen | 20140227 |
| Sophos | Mal/Generic-S | 20140227 |
| Symantec | Backdoor.Trojan | 20140227 |
| TotalDefense | Win32/Cutwail.EZRMJeB | 20140227 |
| TrendMicro | TROJ_CUTWAIL.XYW | 20140227 |
| TrendMicro-HouseCall | TROJ_CUTWAIL.XYW | 20140227 |
| VIPRE | Trojan.Win32.Generic!BT | 20140227 |
| ViRobot | Trojan.Win32.Cutwail.61952.A | 20140227 |
| nProtect | Trojan/W32.Cutwail.61952 | 20140227 |
| Bkav | 20140225 | |
| ByteHero | 20140227 | |
| CAT-QuickHeal | 20140227 | |
| CMC | 20140220 | |
| ClamAV | 20140227 | |
| Commtouch | 20140227 | |
| F-Prot | 20140227 | |
| Jiangmin | 20140227 | |
| NANO-Antivirus | 20140227 | |
| Rising | 20140226 | |
| SUPERAntiSpyware | 20140227 | |
| TheHacker | 20140226 | |
| VBA32 | 20140226 |
Dynamic analysis
Network indicators
INCOMPLETE SECTION OR ARTICLE
This section/article is being written and is therefore not complete.
Thank you for your comprehension.
Thank you for your comprehension.
Files
The malware copies itself in C:\Documents and Settings\%user%\kiryquwufvub.exe
Registry keys
Folllowing keys were created:
| Key | Name | Type | Value |
|---|---|---|---|
| HKCU\Software\Microsoft\Windows\CurrentVersion | AppManagement | REG_BINARY | A8 DA 80 26 3F E4 FD A3 BC 62 7B 21 3A DF F8 9E |
| HKCU\Software\Microsoft\Windows\CurrentVersion | kiryquwufvubzap | REG_BINARY | E7 8D A6 4C 65 0B 24 C9 E2 FB A1 BA 60 79 1F 38 |
| HKCU\Software\Microsoft\Windows\CurrentVersion\Run | kiryquwufvub | REG_SZ | C:\Documents and Settings\malware\kiryquwufvub.exe |
Mutexes
INCOMPLETE SECTION OR ARTICLE
This section/article is being written and is therefore not complete.
Thank you for your comprehension.
Thank you for your comprehension.
Static analysis
Version information
| LegalCopyright | Copyright (C) 2006 |
|---|---|
| InternalName | cosmic |
| FileVersion | 4,3,4,28 |
| ProductName | cosmic Application |
| ProductVersion | 9,1,1,17 |
| FileDescription | cosmic Application |
| OriginalFilename | cosmic.exe |
| Translation | 0x0419 0x04b0 |
Sections
INCOMPLETE SECTION OR ARTICLE
This section/article is being written and is therefore not complete.
Thank you for your comprehension.
Thank you for your comprehension.
Resources
Name RVA Size Lang Sublang Type -------------------------------------------------------------------------------- RT_BITMAP 0x10700 0x7ee8 LANG_ENGLISH SUBLANG_ENGLISH_US data RT_MENU 0xbf68 0x118 LANG_ENGLISH SUBLANG_ENGLISH_US data RT_MENU 0xc4a8 0x140 LANG_ENGLISH SUBLANG_ENGLISH_US data RT_MENU 0xc5e8 0x594 LANG_ENGLISH SUBLANG_ENGLISH_US data RT_MENU 0xcf60 0x196 LANG_ENGLISH SUBLANG_ENGLISH_US data RT_MENU 0xd3b8 0x440 LANG_ENGLISH SUBLANG_ENGLISH_US data RT_MENU 0xdae0 0x104 LANG_ENGLISH SUBLANG_ENGLISH_US data RT_MENU 0xdfb8 0x30 LANG_ENGLISH SUBLANG_ENGLISH_US data RT_MENU 0xe308 0x2a4 LANG_ENGLISH SUBLANG_ENGLISH_US data RT_MENU 0xe960 0x38c LANG_ENGLISH SUBLANG_ENGLISH_US data RT_MENU 0xf9a8 0x36 LANG_ENGLISH SUBLANG_ENGLISH_US data RT_MENU 0x100a0 0x3c0 LANG_ENGLISH SUBLANG_ENGLISH_US data RT_DIALOG 0xb860 0x334 LANG_ENGLISH SUBLANG_ENGLISH_US data RT_DIALOG 0xbb98 0x3cc LANG_ENGLISH SUBLANG_ENGLISH_US data RT_DIALOG 0xc080 0x28c LANG_ENGLISH SUBLANG_ENGLISH_US data RT_DIALOG 0xc310 0x194 LANG_ENGLISH SUBLANG_ENGLISH_US data RT_DIALOG 0xcb80 0xa0 LANG_ENGLISH SUBLANG_ENGLISH_US data RT_DIALOG 0xcc20 0x33e LANG_ENGLISH SUBLANG_ENGLISH_US data RT_DIALOG 0xd0f8 0x2bc LANG_ENGLISH SUBLANG_ENGLISH_US data RT_DIALOG 0xd7f8 0x6c LANG_ENGLISH SUBLANG_ENGLISH_US data RT_DIALOG 0xd868 0x134 LANG_ENGLISH SUBLANG_ENGLISH_US data RT_DIALOG 0xd9a0 0x13a LANG_ENGLISH SUBLANG_ENGLISH_US data RT_DIALOG 0xdbe8 0x60 LANG_ENGLISH SUBLANG_ENGLISH_US data RT_DIALOG 0xdc48 0x36a LANG_ENGLISH SUBLANG_ENGLISH_US data RT_DIALOG 0xdfe8 0x9c LANG_ENGLISH SUBLANG_ENGLISH_US data RT_DIALOG 0xe088 0x144 LANG_ENGLISH SUBLANG_ENGLISH_US data RT_DIALOG 0xe1d0 0x138 LANG_ENGLISH SUBLANG_ENGLISH_US data RT_DIALOG 0xe5b0 0x3ac LANG_ENGLISH SUBLANG_ENGLISH_US data RT_DIALOG 0xecf0 0x208 LANG_ENGLISH SUBLANG_ENGLISH_US data RT_DIALOG 0xeef8 0x180 LANG_ENGLISH SUBLANG_ENGLISH_US data RT_DIALOG 0xf078 0x368 LANG_ENGLISH SUBLANG_ENGLISH_US data RT_DIALOG 0xf3e0 0x2b4 LANG_ENGLISH SUBLANG_ENGLISH_US data RT_DIALOG 0xf698 0x30a LANG_ENGLISH SUBLANG_ENGLISH_US data RT_DIALOG 0xf9e0 0x2b6 LANG_ENGLISH SUBLANG_ENGLISH_US data RT_DIALOG 0xfc98 0x234 LANG_ENGLISH SUBLANG_ENGLISH_US data RT_DIALOG 0xfed0 0x1cc LANG_ENGLISH SUBLANG_ENGLISH_US data RT_STRING 0x185e8 0x232 LANG_ENGLISH SUBLANG_ENGLISH_US data RT_STRING 0x18820 0x3f8 LANG_ENGLISH SUBLANG_ENGLISH_US data RT_STRING 0x18c18 0x3aa LANG_ENGLISH SUBLANG_ENGLISH_US AmigaOS bitmap font RT_STRING 0x18fc8 0x4c LANG_ENGLISH SUBLANG_ENGLISH_US data RT_VERSION 0x10460 0x29c LANG_ENGLISH SUBLANG_ENGLISH_US data
IAT
INCOMPLETE SECTION OR ARTICLE
This section/article is being written and is therefore not complete.
Thank you for your comprehension.
Thank you for your comprehension.
Strings
INCOMPLETE SECTION OR ARTICLE
This section/article is being written and is therefore not complete.
Thank you for your comprehension.
Thank you for your comprehension.