Download Link: hxxp://ssex.hard-core-xxx.com/adult.exe File Name: adult.exe VirusTotal Result: 9/32 (28.13%) Avast 4.8.1169.0 2008.04.12 Win32:Agent-MIO ClamAV 0.92.1 2008.04.12 Dialer-872 DrWeb 4.44.0.09170 2008.04.12 Dialer.Adultchat.origin Ewido 4.0 2008.04.12 Heuristic.Win32.Dialer Ikarus T3.1.1.26.0 2008.04.12 not-a-virus:Porn-Dialer.Win32.Agent.aj Panda 9.0.0.4 2008.04.12 Suspicious file Prevx1 V2 2008.04.12 Heuristic: Suspicious Self Modifying File Rising 20.39.52.00 2008.04.12 Trojan.Win32.Dialer.usx Sophos 4.28.0 2008.04.12 ITDialer File Info: File size: 49152 bytes MD5...: f074b0098ffaaf2691b61263280833b0 SHA1..: f4880d79e6cc1e9f0a35e2c4e80f87afa0c40f7a SHA256: 93ae299ce25e16e520ac75977faf5ed0f08dfc80dc893d960ab05b275ef70e11 SHA512: 6e0a60d20f51c12925baa51bea3decafacabe06726d29c02d55f40663d2e30fd 331d82177c423ba2b5c77cda3759497698cdb9aac2a099d7fb8dbfecf2b2c46a PE Info: PE Structure information Base Data: Entry Point Address.: 0x405250 Time Date Stamp.....: 0x47f8c639 (Sun Apr 06 12:46:49 2008) Machine Type.......: 0x14c (I386) PE Header Signature: 00004550 Machine: 014C - Intel 386 Number of sections: 0004 Time/Date stamp: 47F8C639 Pointer to symbol table: 00000000 Number of symbols: 00000000 Size of optional header: 00E0 Characteristics: 010F Magic: 010B Linker version (major): 06 Linker version (minor): 00 Size of code: 00005000 Size of initialized data: 00007000 Size of uninitialized data: 00000000 Address of entry point: 00005250 Base of code: 00001000 Base of data: 00006000 Image base: 00400000 Section alignment: 00001000 File alignment: 00001000 OS version (major): 0004 OS version (minor): 0000 Image version (major): 0000 Image version (minor): 0000 Sub system version (major): 0004 Sub system version (minor): 0000 Win32 version: 00000000 Size of image: 0000D000 Size of headers: 00001000 Checksum: 00000000 Sub system: 0002 - Windows graphical user interface (GUI) subsystem DLL characteristics: 0000 Size of stack reserve: 00100000 Size of stack commit: 00001000 Size of heap reserve: 00100000 Size of heap commit: 00001000 Loader flags: 00000000 Number of RVA: 00000010 PE Sections Section VirtSize VirtAddr PhysSize PhysAddr Flags .text 000043F2 00001000 00005000 00001000 60000020 .rdata 00000A34 00006000 00001000 00006000 40000040 .data 0000239C 00007000 00002000 00007000 C0000040 .rsrc 000025E0 0000A000 00003000 00009000 40000040 Import table (libraries: 8) > MSVCRT.dll: _initterm, __setusermatherr, _adjust_fdiv, __p__commode, __getmainargs, __set_app_type, _except_handler3, _controlfp, _acmdln, exit, _XcptFilter, _exit, _onexit, __dllonexit, strcat, strcspn, __3@YAXPAX@Z, mbstowcs, strrchr, fopen, fwrite, fclose, strstr, strchr, memcpy, strlen, atoi, sprintf, memset, _snprintf, strcpy, strncat, strncpy, __p__fmode > USER32.dll: EnableWindow, DispatchMessageA, TranslateMessage, IsDialogMessageA, GetMessageA, SetDlgItemTextA, SendMessageA, SetWindowTextA, ShowWindow, CreateDialogParamA, LoadStringA, RegisterClassExA, LoadImageA, GetSystemMetrics, GetClientRect, PostMessageA, KillTimer, GetDlgItemTextA, MessageBoxA, SetTimer, EndDialog, PostQuitMessage, GetDlgItem > SHELL32.dll: ShellExecuteA, SHGetSpecialFolderPathA > WS2_32.dll: > ole32.dll: CoUninitialize, CoInitialize, CoCreateInstance > OLEAUT32.dll: -, -, -, -, -, -, - > ADVAPI32.dll: RegQueryValueExA, RegCreateKeyExA, RegCloseKey > KERNEL32.dll: CloseHandle, ReleaseMutex, GetLastError, CreateMutexA, GetModuleFileNameA, CreateThread, GetTickCount, lstrcatA, FreeLibrary, GetProcAddress, LoadLibraryA, MultiByteToWideChar, lstrlenA, CopyFileA, GetVersionExA, GlobalFree, GlobalAlloc, Sleep, lstrcpyA, GetModuleHandleA, GetStartupInfoA Process Details: Process ID 304 Filename C:\adult.exe Filesize 49152 bytes MD5 f074b0098ffaaf2691b61263280833b0 Start Reason AnalysisTarget COM Activity: COM Create Instance: shell32.dll, ProgID: (lnkfile), Interface ID: ({000214EE-0000-0000-C000-000000000046}) COM Create Instance: %SystemRoot%\system32\shdocvw.dll, ProgID: (), Interface ID: ({000214E6-0000-0000-C000-000000000046}) New Files Created: C:\Documents and Settings\Sandbox\Favorites\vm18.url C:\vm18.exe C:\Documents and Settings\Sandbox\Start Menu\Programs\vm18.LNK \Device\Tcp \Device\Ip \Device\Ip Activity in Sequential Order: Create File: C:\Documents and Settings\Sandbox\Favorites\vm18.url Copy File: C:\adult.exe to C:\vm18.exe Get File Attributes: C:\WINDOWS\Registration Flags: (SECURITY_ANONYMOUS) Get File Attributes: C:\WINDOWS\ Flags: (SECURITY_ANONYMOUS) Open File: \\.\PIPE\lsarpc (OPEN_EXISTING) Open File: C:\WINDOWS\system32\shdocvw.dll (OPEN_EXISTING) Get File Attributes: C:\vm18.exe Flags: (SECURITY_ANONYMOUS) Get File Attributes: C:\Documents and Settings\Sandbox\Start Menu\Programs\vm18.LNK Flags: (SECURITY_ANONYMOUS) Create File: C:\Documents and Settings\Sandbox\Start Menu\Programs\vm18.LNK Get File Attributes: C:\Documents and Settings\Sandbox\Start Menu\desktop.ini Flags: (SECURITY_ANONYMOUS) Get File Attributes: C:\Documents and Settings\All Users\Start Menu\desktop.ini Flags: (SECURITY_ANONYMOUS) Get File Attributes: C:\Documents and Settings\All Users\Application Data\desktop.ini Flags: (SECURITY_ANONYMOUS) Get File Attributes: C:\Documents and Settings\Sandbox\Application Data\desktop.ini Flags: (SECURITY_ANONYMOUS) Get File Attributes: C:\Documents and Settings\Sandbox\My Documents\desktop.ini Flags: (SECURITY_ANONYMOUS) Get File Attributes: C:\Documents and Settings\Sandbox\My Documents\My Pictures\desktop.ini Flags: (SECURITY_ANONYMOUS) Get File Attributes: C:\Program Files\desktop.ini Flags: (SECURITY_ANONYMOUS) Get File Attributes: C:\Documents and Settings\All Users\Documents\desktop.ini Flags: (SECURITY_ANONYMOUS) Get File Attributes: C:\Documents and Settings\All Users\Documents\My Pictures\desktop.ini Flags: (SECURITY_ANONYMOUS) Open File: \\.\PIPE\wkssvc (OPEN_EXISTING) Get File Attributes: C:\Documents and Settings\All Users\Documents\My Music\desktop.ini Flags: (SECURITY_ANONYMOUS) Get File Attributes: C:\Documents and Settings\All Users\Documents\My Videos\desktop.ini Flags: (SECURITY_ANONYMOUS) Open File: \\.\PIPE\ROUTER (OPEN_EXISTING) Create/Open File: \Device\Tcp (OPEN_ALWAYS) Create/Open File: \Device\Ip (OPEN_ALWAYS) Create/Open File: \Device\Ip (OPEN_ALWAYS) Open File: \\.\Ip (OPEN_EXISTING) Read INI File: C:\Documents and Settings\Sandbox\Start Menu\desktop.ini [DeleteOnCopy] Owner = C:\Documents and Settings\Sandbox\Start Menu\desktop.ini [.ShellClassInfo] LocalizedResourceName = C:\Documents and Settings\All Users\Start Menu\desktop.ini [DeleteOnCopy] Owner = C:\Documents and Settings\All Users\Start Menu\desktop.ini [.ShellClassInfo] LocalizedResourceName = C:\Documents and Settings\All Users\Application Data\desktop.ini [DeleteOnCopy] Owner = C:\Documents and Settings\All Users\Application Data\desktop.ini [.ShellClassInfo] LocalizedResourceName = C:\Documents and Settings\Sandbox\Application Data\desktop.ini [DeleteOnCopy] Owner = C:\Documents and Settings\Sandbox\Application Data\desktop.ini [.ShellClassInfo] LocalizedResourceName = C:\Documents and Settings\Sandbox\My Documents\desktop.ini [DeleteOnCopy] Owner = C:\Documents and Settings\Sandbox\My Documents\desktop.ini [DeleteOnCopy.A] Owner = C:\Documents and Settings\Sandbox\My Documents\desktop.ini [DeleteOnCopy] PersonalizedName = C:\Documents and Settings\Sandbox\My Documents\desktop.ini [DeleteOnCopy.A] PersonalizedName = C:\Documents and Settings\Sandbox\My Documents\My Pictures\desktop.ini [DeleteOnCopy] Owner = C:\Documents and Settings\Sandbox\My Documents\My Pictures\desktop.ini [DeleteOnCopy.A] Owner = C:\Documents and Settings\Sandbox\My Documents\My Pictures\desktop.ini [DeleteOnCopy] PersonalizedName = C:\Documents and Settings\Sandbox\My Documents\My Pictures\desktop.ini [DeleteOnCopy.A] PersonalizedName = C:\Documents and Settings\All Users\Documents\desktop.ini [DeleteOnCopy] Owner = C:\Documents and Settings\All Users\Documents\desktop.ini [.ShellClassInfo] LocalizedResourceName = C:\Documents and Settings\All Users\Documents\My Pictures\desktop.ini [DeleteOnCopy] Owner = C:\Documents and Settings\All Users\Documents\My Pictures\desktop.ini [.ShellClassInfo] LocalizedResourceName = C:\Documents and Settings\All Users\Documents\My Music\desktop.ini [DeleteOnCopy] Owner = C:\Documents and Settings\All Users\Documents\My Music\desktop.ini [.ShellClassInfo] LocalizedResourceName = C:\Documents and Settings\All Users\Documents\My Videos\desktop.ini [DeleteOnCopy] Owner = C:\Documents and Settings\All Users\Documents\My Videos\desktop.ini [.ShellClassInfo] LocalizedResourceName = Mutex: Creates Mutex: ITDialer Creates Mutex: RasPbFile Registry Reads HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\AppCompatibility "DisableAppCompat" HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{871c5380-42a0-1069-a2ea-08002b30309d}\InProcServer32 "" HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc\SecurityService "10" HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurityProviders "SecurityProviders" HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll "Name" HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll "Comment" HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll "Capabilities" HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll "RpcId" HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll "Version" HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll "Type" HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll "TokenSize" HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\SspiCache\digest.dll "Name" HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\SspiCache\digest.dll "Comment" HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\SspiCache\digest.dll "Capabilities" HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\SspiCache\digest.dll "RpcId" HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\SspiCache\digest.dll "Version" HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\SspiCache\digest.dll "Type" HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\SspiCache\digest.dll "TokenSize" HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll "Name" HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll "Comment" HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll "Capabilities" HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll "RpcId" HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll "Version" HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll "Type" HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll "TokenSize"