File name: | fa0fd2f44c5220e17b7a5c167ce36440.exe |
Full analysis: | https://app.any.run/tasks/fb5b0278-0f51-4c60-809f-c3df7cd3bbf7 |
Verdict: | Malicious activity |
Analysis date: | November 08, 2019, 13:26:24 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/x-dosexec |
File info: | PE32 executable (GUI) Intel 80386, for MS Windows, PECompact2 compressed |
MD5: | FA0FD2F44C5220E17B7A5C167CE36440 |
SHA1: | 9ADAABEC174BB407E2A08587F5C1E87039A03037 |
SHA256: | 38F98CB9A85BCAD6178C62FAF2CF433E400603B81632A77A0F99FA57A39D8793 |
SSDEEP: | 3072:o7TQlatyYePxiFVj7TQlatyYePxiFVD7TQlatyYePxiFVV7TQlatyYePxiFVh:aTQt8XTQt83TQt8FTQt8h |
.exe | | | Generic Win/DOS Executable (50) |
---|---|---|
.exe | | | DOS Executable Generic (49.9) |
OriginalFileName: | Kazekage of the Sand |
---|---|
LegalCopyright: | © Kota Cantik - Paray City |
FileDescription: | Kazekage Games Action |
InternalName: | Kazekage Was Here |
ProductVersion: | 06.01.2008 (A) Update |
FileVersion: | 06.01.2008 (A) Update |
Mission: | Destroy HokageFile, KSpoold, AutoitV3, Autoruner, BlueFantasi, Sys, VBSvir, PornFile, and Kick Anbu-Team-Sampit |
ProductName: | Gaara The Kazekage By : Paraysutki VM Community |
Comments: | http:/www.narutogames.com |
CharacterSet: | Unicode |
LanguageCode: | English (U.S.) |
FileSubtype: | - |
ObjectFileType: | Executable application |
FileOS: | Win32 |
FileFlags: | (none) |
FileFlagsMask: | 0x003f |
ProductVersionNumber: | 6.1.0.2008 |
FileVersionNumber: | 6.1.0.2008 |
Subsystem: | Windows GUI |
SubsystemVersion: | 4 |
ImageVersion: | 6.1 |
OSVersion: | 4 |
EntryPoint: | 0x118c |
UninitializedDataSize: | - |
InitializedDataSize: | 16384 |
CodeSize: | 110592 |
LinkerVersion: | 6 |
PEType: | PE32 |
TimeStamp: | 2008:01:12 15:58:39+01:00 |
MachineType: | Intel 386 or later, and compatibles |
Architecture: | IMAGE_FILE_MACHINE_I386 |
---|---|
Subsystem: | IMAGE_SUBSYSTEM_WINDOWS_GUI |
Compilation Date: | 12-Jan-2008 14:58:39 |
Detected languages: |
|
Comments: | http:/www.narutogames.com |
FileDescription: | Kazekage Games Action |
ProductName: | Gaara The Kazekage By : Paraysutki VM Community |
Mission: | Destroy HokageFile, KSpoold, AutoitV3, Autoruner, BlueFantasi, Sys, VBSvir, PornFile, and Kick Anbu-Team-Sampit |
FileVersion: | 06.01.2008 (A) Update |
ProductVersion: | 06.01.2008 (A) Update |
InternalName: | Kazekage Was Here |
LegalCopyright: | © Kota Cantik - Paray City |
OriginalFilename: | Kazekage of the Sand |
Magic number: | MZ |
---|---|
Bytes on last page of file: | 0x0090 |
Pages in file: | 0x0003 |
Relocations: | 0x0000 |
Size of header: | 0x0004 |
Min extra paragraphs: | 0x0000 |
Max extra paragraphs: | 0xFFFF |
Initial SS value: | 0x0000 |
Initial SP value: | 0x00B8 |
Checksum: | 0x0000 |
Initial IP value: | 0x0000 |
Initial CS value: | 0x0000 |
Overlay number: | 0x0000 |
OEM identifier: | 0x0000 |
OEM information: | 0x0000 |
Address of NE header: | 0x000000B8 |
Signature: | PE |
---|---|
Machine: | IMAGE_FILE_MACHINE_I386 |
Number of sections: | 2 |
Time date stamp: | 12-Jan-2008 14:58:39 |
Pointer to Symbol Table: | 0x00000000 |
Number of symbols: | 0 |
Size of Optional Header: | 0x00E0 |
Characteristics: |
|
Name | Virtual Address | Virtual Size | Raw Size | Charateristics | Entropy |
---|---|---|---|---|---|
.text | 0x00001000 | 0x0001F000 | 0x00009E00 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 7.98081 |
.rsrc | 0x00020000 | 0x00004000 | 0x00003A00 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 6.10791 |
Title | Entropy | Size | Codepage | Language | Type |
---|---|---|---|---|---|
1 | 3.52785 | 1240 | Unicode (UTF 16LE) | English - United States | RT_VERSION |
kernel32.dll |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3000 | "C:\Users\admin\Desktop\fa0fd2f44c5220e17b7a5c167ce36440.exe" | C:\Users\admin\Desktop\fa0fd2f44c5220e17b7a5c167ce36440.exe | explorer.exe | |
User: admin Integrity Level: MEDIUM Description: Kazekage-Games-Action Version: 06.01.2008 (A) Update | ||||
2364 | ping -a -l www.rasasayang.com.my 65500 | C:\Windows\system32\ping.exe | — | fa0fd2f44c5220e17b7a5c167ce36440.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: TCP/IP Ping Command Exit code: 3221225786 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
2300 | ping -a -l www.duniasex.com 65500 | C:\Windows\system32\ping.exe | — | fa0fd2f44c5220e17b7a5c167ce36440.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: TCP/IP Ping Command Exit code: 3221225786 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
2580 | ping -a -l www.rasasayang.com.my 65500 | C:\Windows\system32\ping.exe | — | fa0fd2f44c5220e17b7a5c167ce36440.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: TCP/IP Ping Command Exit code: 3221225786 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
932 | ping -a -l www.duniasex.com 65500 | C:\Windows\system32\ping.exe | — | fa0fd2f44c5220e17b7a5c167ce36440.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: TCP/IP Ping Command Exit code: 3221225786 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
2360 | ping -a -l www.rasasayang.com.my 65500 | C:\Windows\system32\ping.exe | — | fa0fd2f44c5220e17b7a5c167ce36440.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: TCP/IP Ping Command Exit code: 3221225786 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
2376 | ping -a -l www.duniasex.com 65500 | C:\Windows\system32\ping.exe | — | fa0fd2f44c5220e17b7a5c167ce36440.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: TCP/IP Ping Command Exit code: 3221225786 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
3140 | ping -a -l www.rasasayang.com.my 65500 | C:\Windows\system32\ping.exe | — | fa0fd2f44c5220e17b7a5c167ce36440.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: TCP/IP Ping Command Exit code: 3221225786 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
3036 | ping -a -l www.duniasex.com 65500 | C:\Windows\system32\ping.exe | — | fa0fd2f44c5220e17b7a5c167ce36440.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: TCP/IP Ping Command Exit code: 3221225786 Version: 6.1.7600.16385 (win7_rtm.090713-1255) |
PID | Process | Filename | Type | |
---|---|---|---|---|
3000 | fa0fd2f44c5220e17b7a5c167ce36440.exe | C:\Users\admin\Desktop\Gaara The Kazekage.exe | executable | |
MD5:B9B537F47C3EFFFBEAAFC3B50F287E83 | SHA256:650DE0E1F363961326CFE1FDF92C16C68802B340F1A8BFF6F415AA8B1F628AF2 | |||
3000 | fa0fd2f44c5220e17b7a5c167ce36440.exe | C:\admin Games\Gaara go to Kazekage.exe | executable | |
MD5:5F5C425325892A9A5B473247A68AAD82 | SHA256:03039775993177D2735BFEE7C3947394604AF90D5C346C4432C8AA56C31912FE | |||
3000 | fa0fd2f44c5220e17b7a5c167ce36440.exe | C:\Users\admin\AppData\Local\VirtualStore\Windows\System32\desktop.ini | ini | |
MD5:64ACFA7E03B01F48294CF30D201A0026 | SHA256:BA8159D865D106E7B4D0043007A63D1541E1DE455DC8D7FF0EDD3013BD425C62 | |||
3000 | fa0fd2f44c5220e17b7a5c167ce36440.exe | C:\admin Games\Hokage-Sampit (Nothing).exe | executable | |
MD5:BD028D4F2FFFDAC4ECBA06E6CBEA06D0 | SHA256:C002242191D71DE2B43F40765CA527005E27445A58BFE427FD844A116FB3B0A1 | |||
3000 | fa0fd2f44c5220e17b7a5c167ce36440.exe | C:\admin Games\Kazekage VS Hokage.exe | executable | |
MD5:EF1BDF3DD072DC74A052120248649EE7 | SHA256:3E2C345B02A510B76C58E9CF292F6711167083ED401FEB295D7CF7828585EE63 | |||
3000 | fa0fd2f44c5220e17b7a5c167ce36440.exe | C:\admin Games\Readme.txt | text | |
MD5:BB5D6ABDF8D0948AC6895CE7FDFBC151 | SHA256:5DB2E0915B5464D32E83484F8AE5E3C73D2C78F238FDE5F58F9B40DBB5322DE8 | |||
3000 | fa0fd2f44c5220e17b7a5c167ce36440.exe | C:\admin Games\Naruto games.exe | executable | |
MD5:F817E0AFA911C3D40A27A08EFD6311E9 | SHA256:5308B5B7662200F8117AEEAE41213324D3B01A1AA54F29CF2EB86A9A7A71D94A | |||
3000 | fa0fd2f44c5220e17b7a5c167ce36440.exe | C:\admin Games\Kazekage.exe | executable | |
MD5:446118F23384932494112D19F6893509 | SHA256:B07C96181A8E38023CA5DBD064CEF22B98376343756778682C3875DA8A9DB119 |
Domain | IP | Reputation |
---|---|---|
220.255.0.0.in-addr.arpa |
| unknown |