Malaysia Honeynet Project - Malware Database

Malaysia Honeynet Project // Malware Database (Beta)

Clamav
Hash	b92a8d8218dbb57d56582a400fc86adb
First seen	2007-07-18T15:22:38
Last seen	2007-07-18T15:22:38
Filetype	MS-DOS executable PE for MS Windows (GUI) Intel 80386 32-bit
Mimetype	application/x-dosexec
Size	174080
Hits	1
F-Prot
Antivir	WORM/Sdbot.173056.18	No Virus Found
AVG
Objdump	binaries/b92a8d8218dbb57d56582a400fc86adb: file format efi-app-ia32 binaries/b92a8d8218dbb57d56582a400fc86adb architecture: i386, flags 0x00000102: EXEC_P, D_PAGED start address 0x000000000048eb33 Characteristics 0x30f relocations stripped executable line numbers stripped symbols stripped 32 bit words debugging information removed Time/Date Fri Jul 13 19:54:36 2007 ImageBase 0000000000400000 SectionAlignment 0000000000001000 FileAlignment 0000000000000200 MajorOSystemVersion 4 MinorOSystemVersion 0 MajorImageVersion 0 MinorImageVersion 0 MajorSubsystemVersion 4 MinorSubsystemVersion 0 Win32Version 00000000 SizeOfImage 000a8000 SizeOfHeaders 00000400 CheckSum 00000000 Subsystem 00000002 (Windows GUI) DllCharacteristics 00000000 SizeOfStackReserve 0000000000100000 SizeOfStackCommit 0000000000001000 SizeOfHeapReserve 0000000000100000 SizeOfHeapCommit 0000000000001000 LoaderFlags 00000000 NumberOfRvaAndSizes 00000010 The Data Directory Entry 0 0000000000000000 00000000 Export Directory [.edata (or where ever we found it)] Entry 1 000000000009fb2c 0000003c Import Directory [parts of .idata] Entry 2 0000000000000000 00000000 Resource Directory [.rsrc] Entry 3 0000000000000000 00000000 Exception Directory [.pdata] Entry 4 0000000000000000 00000000 Security Directory Entry 5 0000000000000000 00000000 Base Relocation Directory [.reloc] Entry 6 0000000000000000 00000000 Debug Directory Entry 7 0000000000000000 00000000 Description Directory Entry 8 0000000000000000 00000000 Special Directory Entry 9 0000000000000000 00000000 Thread Storage Directory [.tls] Entry a 0000000000000000 00000000 Load Configuration Directory Entry b 0000000000000000 00000000 Bound Import Directory Entry c 000000000009f000 0000005c Import Address Table Directory Entry d 0000000000000000 00000000 Delay Import Directory Entry e 0000000000000000 00000000 CLR Runtime Header Entry f 0000000000000000 00000000 Reserved There is an import table in 5 at 0x49fb2c The Import Tables (interpreted 5 section contents) vma: Hint Time Forward DLL First Table Stamp Chain Name Thunk 0009fb2c 0009fb68 00000000 00000000 0009fcb8 0009f000 DLL Name: KERNEL32.dll vma: Hint/Ord Member-Name Bound-To 9fbc4 537 InitializeCriticalSection 9fbe0 408 GetProcAddress 9fbf2 594 LocalFree 9fbfe 667 RaiseException 9fc10 590 LocalAlloc 9fc1e 375 GetModuleHandleA 9fc32 583 LeaveCriticalSection 9fc4a 143 EnterCriticalSection 9fc62 429 GetShortPathNameA 9fc76 709 ResumeThread 9fc86 925 WriteProcessMemory 9fc9c 400 GetPrivateProfileSectionA 9fd52 434 GetStringTypeA 9fd42 571 LCMapStringW 9fd32 570 LCMapStringA 9fcfa 714 RtlUnwind 9fd06 903 WideCharToMultiByte 9fd1c 619 MultiByteToWideChar 9fd64 437 GetStringTypeW 0009fb40 0009fbb8 00000000 00000000 0009fcee 0009f050 DLL Name: USER32.dll vma: Hint/Ord Member-Name Bound-To 9fcc6 142 DefWindowProcA 9fcd8 2 AdjustWindowRectEx 0009fb54 00000000 00000000 00000000 00000000 00000000 Sections: Idx Name Size VMA LMA File off Algn 0 0 00013600 0000000000401000 0000000000401000 00000400 22 CONTENTS, ALLOC, LOAD, CODE, DATA 1 1 00001000 0000000000424000 0000000000424000 00013a00 22 CONTENTS, ALLOC, LOAD, CODE, DATA 2 2 00007600 0000000000426000 0000000000426000 00014a00 22 CONTENTS, ALLOC, LOAD, CODE, DATA 3 3 00000018 000000000048c000 000000000048c000 0001c000 22 CONTENTS, ALLOC, LOAD, CODE, DATA 4 4 0000b600 000000000048d000 000000000048d000 0001c200 22 CONTENTS, ALLOC, LOAD, CODE, DATA 5 5 00000d76 000000000049f000 000000000049f000 00027800 22 CONTENTS, ALLOC, LOAD, CODE, DATA 6 6 00001c00 00000000004a0000 00000000004a0000 00028600 2**2 CONTENTS, ALLOC, LOAD, CODE, DATA SYMBOL TABLE: no symbols