803031ba920288aa502e42e7a071da88 --> Youtube_Giris_Programi

maliciousbrains · **Posted:** Sun May 11, 2008 4:29 pm

Download Link: hxxp://youtubegiris.com/Youtube_Giris_Programi.exe
File Name: Youtube_Giris_Programi.exe
File size: 1363848 bytes
MD5...: 803031ba920288aa502e42e7a071da88
SHA1..: 20b6289290f952a296bddeddb3cfd7c49e8f35dd
SHA256: 251b5502474e8f9d33f2bf2dfbe87f1c8d4466994f5dd73db0977bd2dccbfb0c
SHA512: 8920e7aea3d1d226255c921265fb62c0c5b79a621b0b8cce9830a8721bae34f0
d48597d8e3451c1e0e1abc14d01ac77856e693d575c3f1954a0ba1dd7defa105
PEiD..: ASPack v2.12

VirusTotal Result: 21/31 (67.74%)
Scanned on 05.10.2008 01:57:08 (CET)
AntiVir 7.8.0.17 2008.05.09 TR/Drop.Agent.loq
Authentium 4.93.8 2008.05.08 W32/Trojan.ACXG
Avast 4.8.1169.0 2008.05.07 Win32:Agent-WIE
BitDefender 7.2 2008.05.08 Trojan.Generic.156600
CAT-QuickHeal 9.50 2008.05.09 TrojanDropper.Agent.loq
ClamAV 0.92.1 2008.05.10 Trojan.Spy-3361
DrWeb 4.44.0.09170 2008.05.09 Trojan.PWS.Banker.19422
Ewido 4.0 2008.05.10 Dropper.Agent.loq
F-Prot 4.4.2.54 2008.05.08 W32/Trojan.ACXG
F-Secure 6.70.13260.0 2008.05.09 Trojan-Dropper.Win32.Agent.loq
Fortinet 3.14.0.0 2008.05.10 W32/Agent.LOQ!tr
Ikarus T3.1.1.26.0 2008.05.09 Trojan-Dropper.Win32.Agent.loq
Kaspersky 7.0.0.125 2008.05.10 Trojan-Dropper.Win32.Agent.loq
Norman 5.80.02 2008.05.09 W32/Agent.FHWP
Prevx1 V2 2008.05.10 Malware Dropper
Sophos 4.29.0 2008.05.09 Mal/Generic-A
Sunbelt 3.0.1097.0 2008.05.07 KCom Downloader
Symantec 10 2008.05.10 Infostealer
TheHacker 6.2.92.305 2008.05.08 Trojan/Dropper.Agent.loq
VBA32 3.12.6.5 2008.05.10 Trojan.PWS.Banker.19422
Webwasher-Gateway 6.6.2 2008.05.09 Trojan.Drop.Agent.loq

PE Structure information

( base data )
entrypointaddress.: 0x4a7001
timedatestamp.....: 0x2a425e19 (Fri Jun 19 22:22:17 1992)
machinetype.......: 0x14c (I386)

( 10 sections )
name viradd virsiz rawdsiz ntrpy md5
CODE 0x1000 0x88000 0x34600 8.00 33fbfa074926ac136135f1a92042fe5b
DATA 0x89000 0x2000 0xc00 7.70 cfab2107ed9aa2a50be60aae1dcc82ac
BSS 0x8b000 0x1000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.idata 0x8c000 0x3000 0x1000 7.68 70aaad4706025d30936f047ddd2137a5
.tls 0x8f000 0x1000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.rdata 0x90000 0x1000 0x200 0.19 3af729857ca623a92417c42b35d2cf48
.reloc 0x91000 0xa000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.rsrc 0x9b000 0xc000 0xc000 5.02 3c120abd18199045a4eaaa0d09c59d5e
.aspack 0xa7000 0x2000 0x1400 5.81 51c5ef6718dc5f73d512fbf8083888a1
.adata 0xa9000 0x1000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e

( 15 imports )
> kernel32.dll: GetProcAddress, GetModuleHandleA, LoadLibraryA
> user32.dll: GetKeyboardType
> advapi32.dll: RegQueryValueExA
> oleaut32.dll: SysFreeString
> advapi32.dll: RegSetValueExA
> version.dll: VerQueryValueA
> gdi32.dll: UnrealizeObject
> user32.dll: CreateWindowExA
> oleaut32.dll: SafeArrayPtrOfIndex
> ole32.dll: OleUninitialize
> oleaut32.dll: GetErrorInfo
> comctl32.dll: ImageList_SetIconSize
> winspool.drv: OpenPrinterA
> shell32.dll: ShellExecuteA
> shell32.dll: SHGetSpecialFolderLocation

803031ba920288aa502e42e7a071da88 --> Youtube_Giris_Programi

Who is online