Sign In|Create an account

xandora.net - Suspicious File Analyzer

Home|Upload Files|Blog|Technology|Services|Products

P2P-Worm.Win32.Palevo.bgvj
File Details
MD5446442b48d48deb75e66c519e17566b9
SHA-1bdee4f834b825815090c170a0bd338417471e6c7
File Typeexe
First Received (GMT+8)2011-04-18 01:37:00
Size (bytes)200
Weightage358
virustotal.com35 vendors detected
PackerMicrosoft Visual Basic v5.0/v6.0
 
Static File Header
++++++++++++++++++++++++ FILE HEADER INFORMATION +++++++++++++++++++++++++

TimeStamp: 4CD9AA55 Wed Nov 10 04:08:53 2010
Subsystem: 2 (Windows GUI)
Image Base: 00400000 Size: 00030000
Code Base: 00001000 Size: 0000F000
Data Base: 00010000 Size: 00020000
Entry Point: 000017B8 (file offset 000017B8)

++++++++++++++++++++++++++++++++ SECTIONS ++++++++++++++++++++++++++++++++

1: .text RVA: 00001000 Offset: 00001000 Size: 0000F000 Flags: 60000020 (CER)
2: .data RVA: 00010000 Offset: 00010000 Size: 00001000 Flags: C0000040 (DRW)
3: .rsrc RVA: 00011000 Offset: 00011000 Size: 0001F000 Flags: 40000040 (DR)
 
Virustotal Result
 
Filesystem Change
MD5Filename
0x91ff086ba27b478b266e0c8a162f6f04"/WINDOWS/Prefetch/087.EXE-07E797FC.pf"
0x7cc1180219519f64d8ec9b4c7e619bf9"/WINDOWS/Prefetch/3439566.EXE-2422986D.pf"
0x5369b4393f59dec5027140eba095e9bc"/WINDOWS/Prefetch/344582.EXE-102C4E22.pf"
0x05ecbf57cca2039a877715e08c802ace"/WINDOWS/Prefetch/3459910.EXE-17665882.pf"
0xbfd3fe38e0838a0f129075f1736d907a"/WINDOWS/Prefetch/GNPKD.EXE-05A7CAD6.pf"
0x73e75905c1fd7e9ade8a45294949f6c5"/WINDOWS/Prefetch/JODRIVE32.EXE-209B216E.pf"
0x4add9545cf2b6f3f71fdcc09ffcc7842"/WINDOWS/Prefetch/PDF.EXE-04DED3D8.pf"
0xfa6b590d71aa6b8fcdc6ce455436a76d"/WINDOWS/Prefetch/UMDMGR.EXE-00064AAA.pf"
0xda6758a02f6199e92016c664b6105fed"/WINDOWS/jodrive32.exe"
0x616550adafac8441733917a6e75844e6"/WINDOWS/system32/umdmgr.exe"
0xf926775d55ea9c7e60ef4b7cc78c7059"/pdf.exe"
 
Registry Change
ActionRegistry
Addedsoftware_Microsoft_SystemCertificates_AuthRoot_Certificates_40E78C1D523D1CD9954FAC1A1AB3BD3CBAA15BFC
Addedsoftware_Microsoft_SystemCertificates_AuthRoot_Certificates_4463C531D7CCC1006794612BB656D3BF8257846F
Addedsoftware_Microsoft_SystemCertificates_AuthRoot_Certificates_47AFB915CDA26D82467B97FA42914468726138DD
Addedsoftware_Microsoft_SystemCertificates_AuthRoot_Certificates_4B421F7515F6AE8A6ECEF97F6982A400A4D9224E
Addedsoftware_Microsoft_SystemCertificates_AuthRoot_Certificates_4C95A9902ABE0777CED18D6ACCC3372D2748381E
Addedsoftware_Microsoft_SystemCertificates_AuthRoot_Certificates_4EFCED9C6BDD0C985CA3C7D253063C5BE6FC620C
Addedsoftware_Microsoft_SystemCertificates_AuthRoot_Certificates_4072BA31FEC351438480F62E6CB95508461EAB2F
Addedsoftware_Microsoft_SystemCertificates_AuthRoot_Certificates_40E78C1D523D1CD9954FAC1A1AB3BD3CBAA15BFC
Addedsoftware_Microsoft_SystemCertificates_AuthRoot_Certificates_4463C531D7CCC1006794612BB656D3BF8257846F
Addedsoftware_Microsoft_SystemCertificates_AuthRoot_Certificates_47AFB915CDA26D82467B97FA42914468726138DD
Addedsoftware_Microsoft_SystemCertificates_AuthRoot_Certificates_4B421F7515F6AE8A6ECEF97F6982A400A4D9224E
Addedsoftware_Microsoft_SystemCertificates_AuthRoot_Certificates_4C95A9902ABE0777CED18D6ACCC3372D2748381E
Addedsoftware_Microsoft_SystemCertificates_AuthRoot_Certificates_4EFCED9C6BDD0C985CA3C7D253063C5BE6FC620C
Addedsoftware_Microsoft_Windows_CurrentVersion_Group_Policy_State_Machine_Extension-List
Addedsoftware_Microsoft_Windows_CurrentVersion_Group_Policy_State_Machine_Extension-List
Addedsoftware_Microsoft_Windows_CurrentVersion_Group_Policy_State_S-1-5-21-790525478-1390067357-1417001333-500_Extension-List
Addedsoftware_Microsoft_Windows_CurrentVersion_Group_Policy_State_S-1-5-21-790525478-1390067357-1417001333-500_Extension-List
Addedsoftware_Microsoft_Windows_CurrentVersion_policies_Explorer
Addedsoftware_Microsoft_Windows_CurrentVersion_policies_NonEnum
Addedsoftware_Microsoft_Windows_CurrentVersion_RunOnce
Addedsoftware_Microsoft_Windows_CurrentVersion_RunOnceEx
Addedsoftware_Microsoft_Windows_NT_CurrentVersion_AeDebug
Addedsoftware_Microsoft_Windows_NT_CurrentVersion_AeDebug
Addedsoftware_Microsoft_Windows_NT_CurrentVersion_Prefetcher
Addedsoftware_Microsoft_Windows_NT_CurrentVersion_ProfileList
Addedsoftware_Microsoft_Windows_NT_CurrentVersion_Prefetcher
Addedsoftware_Microsoft_Windows_NT_CurrentVersion_ProfileList
Addedsoftware_Microsoft_Windows_NT_CurrentVersion_Winlogon_GPExtensions
Changedsoftware_Microsoft_Code_Store_Database
Changedsoftware_Microsoft_DownloadManager
Changedsoftware_Microsoft_Windows_CurrentVersion_policies_Explorer_Run
Changedsoftware_Microsoft_Windows_CurrentVersion_Run
Addedsoftware_Microsoft_BidInterface
Addedsoftware_Microsoft_Driver_Signing
Addedsoftware_Microsoft_SystemCertificates_AuthRoot_Certificates
Addedsoftware_Microsoft_SystemCertificates_AuthRoot_Certificates_0048F8D37B153F6EA2798C323EF4F318A5624A9E
Addedsoftware_Microsoft_SystemCertificates_AuthRoot_Certificates_049811056AFE9FD0F5BE01685AACE6A5D1C4454C
Addedsoftware_Microsoft_SystemCertificates_AuthRoot_Certificates
Addedsoftware_Microsoft_SystemCertificates_AuthRoot_Certificates_0048F8D37B153F6EA2798C323EF4F318A5624A9E
Addedsoftware_Microsoft_SystemCertificates_AuthRoot_Certificates_049811056AFE9FD0F5BE01685AACE6A5D1C4454C
Addedsoftware_Microsoft_SystemCertificates_AuthRoot_Certificates_1331F48A5DA8E01DAACA1BB0C17044ACFEF755BB
Addedsoftware_Microsoft_SystemCertificates_AuthRoot_Certificates_23E594945195F2414803B4D564D2A3A3F5D88B8C
Addedsoftware_Microsoft_SystemCertificates_AuthRoot_Certificates_24A40A1F573643A67F0A4B0749F6A22BF28ABB6B
Addedsoftware_Microsoft_SystemCertificates_AuthRoot_Certificates_1331F48A5DA8E01DAACA1BB0C17044ACFEF755BB
Addedsoftware_Microsoft_SystemCertificates_AuthRoot_Certificates_23E594945195F2414803B4D564D2A3A3F5D88B8C
Addedsoftware_Microsoft_SystemCertificates_AuthRoot_Certificates_24A40A1F573643A67F0A4B0749F6A22BF28ABB6B
Addedsoftware_Microsoft_SystemCertificates_AuthRoot_Certificates_36863563FD5128C7BEA6F005CFE9B43668086CCE
Addedsoftware_Microsoft_SystemCertificates_AuthRoot_Certificates_394FF6850B06BE52E51856CC10E180E882B385CC
Addedsoftware_Microsoft_SystemCertificates_AuthRoot_Certificates_3F85F2BB4A62B0B58BE1614ABB0D4631B4BEF8BA
Addedsoftware_Microsoft_SystemCertificates_AuthRoot_Certificates_36863563FD5128C7BEA6F005CFE9B43668086CCE
Addedsoftware_Microsoft_SystemCertificates_AuthRoot_Certificates_394FF6850B06BE52E51856CC10E180E882B385CC
Addedsoftware_Microsoft_SystemCertificates_AuthRoot_Certificates_3F85F2BB4A62B0B58BE1614ABB0D4631B4BEF8BA
Addedsoftware_Microsoft_SystemCertificates_AuthRoot_Certificates_4072BA31FEC351438480F62E6CB95508461EAB2F
ChangedNTUSER_Software_Microsoft_Visual_Basic
AddedNTUSER_Software_Microsoft_SystemCertificates_TrustedPublisher_CTLs
AddedNTUSER_Software_Microsoft_Windows
AddedNTUSER_Software_Microsoft_Windows_CurrentVersion
AddedNTUSER_Software_Microsoft_Windows_CurrentVersion_Applets_SysTray
AddedNTUSER_Software_Microsoft_Windows_CurrentVersion_Applets_SysTray
AddedNTUSER_Software_Microsoft_Windows_CurrentVersion_Explorer_CD_Burning_Drives
AddedNTUSER_Software_Microsoft_Windows_CurrentVersion_Explorer_CLSID
AddedNTUSER_Software_Microsoft_Windows_CurrentVersion_Explorer_CD_Burning_Drives
AddedNTUSER_Software_Microsoft_Windows_CurrentVersion_Explorer_CLSID
AddedNTUSER_Software_Microsoft_Windows_CurrentVersion_Explorer_Discardable_PostSetup_Component_Categories_{00021493-0000-0000-C000-000000000046}_Enum
AddedNTUSER_Software_Microsoft_Windows_CurrentVersion_Explorer_Discardable_PostSetup_Component_Categories_{00021493-0000-0000-C000-000000000046}_Enum
AddedNTUSER_Software_Microsoft_Windows_CurrentVersion_Explorer_Discardable_PostSetup_Component_Categories_{00021494-0000-0000-C000-000000000046}_Enum
AddedNTUSER_Software_Microsoft_Windows_CurrentVersion_Explorer_Discardable_PostSetup_ShellNew
AddedNTUSER_Software_Microsoft_Windows_CurrentVersion_Explorer_Discardable_PostSetup_Component_Categories_{00021494-0000-0000-C000-000000000046}_Enum
AddedNTUSER_Software_Microsoft_Windows_CurrentVersion_Explorer_Discardable_PostSetup_ShellNew
AddedNTUSER_Software_Microsoft_Windows_CurrentVersion_Explorer_RunMRU
AddedNTUSER_Software_Microsoft_Windows_CurrentVersion_Explorer_RunMRU
AddedNTUSER_Software_Microsoft_Windows_CurrentVersion_Explorer_UserAssist_{5E6AB780-7743-11CF-A12B-00AA004AE837}_Count
AddedNTUSER_Software_Microsoft_Windows_CurrentVersion_Explorer_UserAssist_{5E6AB780-7743-11CF-A12B-00AA004AE837}_Count
AddedNTUSER_Software_Microsoft_Windows_CurrentVersion_Explorer_UserAssist_{75048700-EF1F-11D0-9888-006097DEACF9}_Count
AddedNTUSER_Software_Microsoft_Windows_CurrentVersion_Explorer_UserAssist_{75048700-EF1F-11D0-9888-006097DEACF9}_Count
AddedNTUSER_Software_Microsoft_Windows_CurrentVersion_Ext_Stats_{02478D38-C3F9-4EFB-9B51-7695ECA05670}_iexplore
AddedNTUSER_Software_Microsoft_Windows_CurrentVersion_Ext_Stats_{02478D38-C3F9-4EFB-9B51-7695ECA05670}_iexplore
AddedNTUSER_Software_Microsoft_Windows_CurrentVersion_Internet_Settings_5.0_Cache_Extensible_Cache
AddedNTUSER_Software_Microsoft_Windows_CurrentVersion_Internet_Settings_5.0_Cache_Extensible_Cache
AddedNTUSER_Software_Microsoft_Windows_CurrentVersion_Run
AddedNTUSER_Software_Microsoft_Windows_CurrentVersion_RunOnce
AddedNTUSER_Software_Microsoft_Windows_CurrentVersion_WindowsUpdate
AddedNTUSER_Software_Microsoft_Windows_CurrentVersion_WinTrust
AddedNTUSER_Software_Piriform
 
Running Processes
PIDCommand
288smss.exe
392csrss.exe
420winlogon.exe
536services.exe
548lsass.exe pdf.exe
700svchost.exe
744svchost.exe
808svchost.exe
856svchost.exe
888svchost.exe
1084explorer.exe
1592alg.exe
1136087.exe
1028jodrive32.exe
1548pdf.exe
1628IEXPLORE.EXE
1664IEXPLORE.EXE
1736gnpkd.exe
1803439566.exe
240gnpkd.exe
656gnpkd.exe
836gnpkd.exe
908344582.exe
9443459910.exe
980gnpkd.exe
1048gnpkd.exe
1864umdmgr.exe
996gnpkd.exe
1292gnpkd.exe
1332gnpkd.exe
1276gnpkd.exe
1204gnpkd.exe
1824gnpkd.exe
1056gnpkd.exe
 
Traffic - by DNS
 
Traffic - by TCP/IP Connections
 
Traffic - by URL