Download Link: hxxp://hentai-xxx-manga.com/hentai-x-manga.exe File Name: hentai-x-manga.exe File size: 17640 bytes MD5...: 10687ca5d0474c88ece3c7599c91e1d7 SHA1..: d83fa8801965efa09d62ee69565d12540b9a85f7 SHA256: 4664de941ab908c0f1db7327ded7a7a4ca7da1cfe40fa65bba3b636ca94822dd SHA512: 8b28f95d46f4b50dc8020dc1dad2bfbb5878782692f1abafe539bb1a77324a3f 1e8f9227a7a02a981ca83e914312d596fd08e66562d607316c4a74855c7fd5c6 VirusTotal Result: 29/32 (90.63%) AhnLab-V3 2008.4.4.1 2008.04.04 Win-Trojan/Dialer.17640.B AntiVir 7.6.0.81 2008.04.05 TR/Dialer.HH.627 Authentium 4.93.8 2008.04.05 Possibly a new variant of W32/Dialer.TCS-behavior!Maximus Avast 4.7.1098.0 2008.04.06 Win32:StartPage-474 AVG 7.5.0.516 2008.04.06 Dialer.EDF BitDefender 7.2 2008.04.06 Trojan.PornDialer.G CAT-QuickHeal 9.50 2008.04.05 Trojan.Dialer.hh ClamAV 0.92.1 2008.04.06 Dialer-959 DrWeb 4.44.0.09170 2008.04.06 Dialer.Premium eSafe 7.0.15.0 2008.04.01 Win32.Dialer.hh Ewido 4.0 2008.04.06 Trojan.Dialer.hh F-Prot 4.4.2.54 2008.04.05 W32/Dialer.TCS-behavior!Maximus F-Secure 6.70.13260.0 2008.04.06 Trojan.Win32.Dialer.hh FileAdvisor 1 2008.04.06 Low threat detected Fortinet 3.14.0.0 2008.04.06 Dial/188 Ikarus T3.1.1.20 2008.04.06 Trojan.Win32.Dialer.hh Kaspersky 7.0.0.125 2008.04.06 Trojan.Win32.Dialer.hh McAfee 5267 2008.04.04 Generic.dx Norman 5.80.02 2008.04.04 W32/Dialer.BFEQ Panda 9.0.0.4 2008.04.06 Adware/SpywareNo Prevx1 V2 2008.04.06 Trojan.MultiDrop.Generic Rising 20.38.60.00 2008.04.03 Trojan.Win32.Dialer.hh Sophos 4.28.0 2008.04.06 Mal/Dial-D Sunbelt 3.0.1032.0 2008.04.05 Trojan-Dialer.Win32.MacEarny.gen (v) Symantec 10 2008.04.06 Dialer.Generic TheHacker 6.2.92.266 2008.04.05 Trojan/Dialer.hh VBA32 3.12.6.4 2008.04.06 Trojan.Win32.Dialer.hh VirusBuster 4.3.26:9 2008.04.05 Trojan.Dialer.ABR Webwasher-Gateway 6.6.2 2008.04.05 Trojan.Dialer.HH.627 File Info: PE Header **************************************************** Signature: 00004550 Machine: 014C - Intel 386 Number of sections: 0005 Time/Date stamp: 46097DC0 Pointer to symbol table: 00000000 Number of symbols: 00000000 Size of optional header: 00E0 Characteristics: 0103 Magic: 010B Linker version (major): 08 Linker version (minor): 00 Size of code: 00001400 Size of initialized data: 00001A00 Size of uninitialized data: 00000000 Address of entry point: 000021C0 Base of code: 00001000 Base of data: 00003000 Image base: 00400000 Section alignment: 00001000 File alignment: 00000200 OS version (major): 0004 OS version (minor): 0000 Image version (major): 0000 Image version (minor): 0000 Sub system version (major): 0004 Sub system version (minor): 0000 Win32 version: 00000000 Size of image: 00007000 Size of headers: 00000400 Checksum: 00011E34 Sub system: 0002 - Windows graphical user interface (GUI) subsystem DLL characteristics: 0400 Size of stack reserve: 00100000 Size of stack commit: 00001000 Size of heap reserve: 00100000 Size of heap commit: 00001000 Loader flags: 00000000 Number of RVA: 00000010 PE Sections Section VirtSize VirtAddr PhysSize PhysAddr Flags .text 000013CC 00001000 00001400 00000400 60000020 .rdata 00000856 00003000 00000A00 00001800 40000040 .data 000002F4 00004000 00000200 00002200 C0000040 .rsrc 00000D5C 00005000 00000E00 00002400 40000040 .pdata 000004DE 00006000 00000600 00003200 C0000000 Import table (libraries: 7) RASAPI32.dll (imports: 7) RasDialA RasEnumDevicesA RasGetEntryPropertiesA RasSetEntryPropertiesA RasSetEntryDialParamsA RasHangUpA RasEnumConnectionsA SHELL32.dll (imports: 1) ShellExecuteA COMCTL32.dll (imports: 1) #17 KERNEL32.dll (imports: 22) CloseHandle WriteFile CreateFileA HeapAlloc GetProcessHeap HeapFree VirtualFree VirtualAlloc GetVersionExA ExitProcess Sleep lstrlenA GetTickCount LoadLibraryA GetModuleHandleA GetStartupInfoA GetCommandLineA lstrcpyA lstrcpynA lstrcatA lstrcmpA lstrcmpiA USER32.dll (imports: 23) SendMessageA CallWindowProcA SetCursor LoadCursorA PostMessageA GetParent EndDialog SendDlgItemMessageA GetSysColor SetWindowTextA GetWindowLongA SetWindowLongA GetWindowPlacement SetDlgItemTextA GetDlgItem MessageBoxA DialogBoxParamA ShowWindow SetFocus MoveWindow wsprintfA MessageBeep SetWindowPlacement ADVAPI32.dll (imports: 5) RegQueryValueExA RegOpenKeyExA RegSetValueExA RegCreateKeyExA RegCloseKey ole32.dll (imports: 2) CoInitialize CoCreateInstance Process ID 1384 Filename c:\hentai-x-manga.exe Filesize 17640 bytes MD5 10687ca5d0474c88ece3c7599c91e1d7 Start Reason AnalysisTarget COM Object: COM Create Instance: %SystemRoot%\system32\shdocvw.dll, ProgID: (), Interface ID: ({56FDF342-FD6D-11D0-958A-006097C9A090}) Loaded DLL: c:\hentai-x-manga.exe C:\WINDOWS\system32\ntdll.dll C:\WINDOWS\system32\kernel32.dll C:\WINDOWS\system32\RASAPI32.dll C:\WINDOWS\system32\msvcrt.dll C:\WINDOWS\system32\ADVAPI32.dll C:\WINDOWS\system32\RPCRT4.dll C:\WINDOWS\system32\rasman.dll C:\WINDOWS\system32\WS2_32.dll C:\WINDOWS\system32\WS2HELP.dll C:\WINDOWS\system32\USER32.dll C:\WINDOWS\system32\GDI32.dll C:\WINDOWS\system32\NETAPI32.dll C:\WINDOWS\system32\TAPI32.dll C:\WINDOWS\system32\SHLWAPI.dll C:\WINDOWS\system32\rtutils.dll C:\WINDOWS\system32\WINMM.dll C:\WINDOWS\system32\SHELL32.dll C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\ C:\WINDOWS\system32\ole32.dll C:\WINDOWS\system32\oleaut32.dll C:\WINDOWS\system32\wsock32.dll C:\WINDOWS\system32\pstorec.dll C:\WINDOWS\system32\ATL.DLL C:\WINDOWS\system32\Wship6.dll C:\WINDOWS\system32\Secur32.dll Riched20.dll UxTheme.dll ole32.dll advapi32.dll kernel32.dll comctl32.dll Comctl32.dll RichEd20.dll File System Activities: Get File Attributes: C:\WINDOWS\Registration Flags: (SECURITY_ANONYMOUS) Open File: C:\WINDOWS\Registration\R000000000008.clb (OPEN_EXISTING) Read INI File: WIN.INI [windows] ScrollInset = WIN.INI [windows] DragDelay = WIN.INI [windows] DragMinDist = WIN.INI [windows] ScrollDelay = WIN.INI [windows] ScrollInterval = WIN.INI [richedit30] flags = Registry Changes: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main "Start Page" = hxxp://www.otherchance.com/?rid=340 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\archiviosex.net "*" = [REG_DWORD, value: 00000002] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\cercoporno.com "*" = [REG_DWORD, value: 00000002] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\eros-porno.com "*" = [REG_DWORD, value: 00000002] System Info: Get System Directory