ThreatExpert Report: Packed.Vmpbad!gen4

Visit ThreatExpert web site

Close Report

Submission Summary:

Submission details:

Submission received: 14 September 2012, 17:14:00
Processing time: 9 min 37 sec
Submitted sample:

File MD5: 0x5D70C790950DC60FC3939BEF160E79C4
File SHA-1: 0xBED6AE8B24F530E532790B5FF1B53890536AF349
Filesize: 3,369,247 bytes

Technical Details:

The new window was created, as shown below:

NOTICE: The content shown in the above window is captured automatically and is not controlled or endorsed by ThreatExpert.
Please contact us on this link should any material be offensive or inappropriate and we will ensure any such content is blocked from future viewers of the report.

File System Modifications

The following files were created in the system:

#	Filename(s)	File Size	File Hash	Alias
1	%Temp%\binkw32.dll	226,304 bytes	MD5: 0x2D72418B2D6E6FC6176D8C0CE5AB79D9 SHA-1: 0x476A8661E6CD9829D8BFA17E44CD4541429AC9D1	(not available)
2	%Temp%\CommunicationNet.dll	410,280 bytes	MD5: 0x43647AEE7332034AE58D989105FAF838 SHA-1: 0xA02BCC0A0538381D2CE72CC3FCE7BA31899418CB	(not available)
3	%Temp%\FirewallInstallHelper.dll	44,904 bytes	MD5: 0x18768F110AFCBFD6A9B2B6F95E19C6DB SHA-1: 0xD0792C193F06E33B805A745EB168C441AF9CD854	(not available)
4	%Temp%\GameuxInstallHelper.dll	96,776 bytes	MD5: 0xB5BBC4D7BD73FF404E3ABA3161C77A9F SHA-1: 0xE4A01337D0E7CE2AB616054A2B16F661788F6CF1	(not available)
5	%Temp%\gsrld.dll	161,792 bytes	MD5: 0x7C70A8F9FEA2C5396ADD14495396D678 SHA-1: 0xC3F40FA6674806552A891192BBACBA164E630B43	Packed.Vmpbad!gen4 [Symantec]
6	%Temp%\MP3GDF.dll	1,804,416 bytes	MD5: 0x90FA685EB093CF9796FE0CAB481E0622 SHA-1: 0x35FAC516135AFF2AF19C9F23E1F320B985FEBF16	(not available)
7	%Temp%\MP3_Launcher_1_27_0_0.exe	1,092,944 bytes	MD5: 0x054F18852EBB94458DBFD4BAD8870BDB SHA-1: 0x8F7806F234B15AAD443CF7A46FDEA4FFF8DD125C	(not available)
8	%Temp%\SecureDownloadAPI.dll	33,448 bytes	MD5: 0x0469B10B5C03C72A3B226DDEB9331093 SHA-1: 0x85737BE4FB7DB8E5195309DBABC2575E11D985AC	(not available)
9	%Temp%\unins000.exe	918,307 bytes	MD5: 0x9B2F8873557EFAAA0A0EAA22C238EE01 SHA-1: 0x85CA687B7A607E6541C0C077C62CC69113E38892	(not available)
10	[file and pathname of the sample #1]	3,369,247 bytes	MD5: 0x5D70C790950DC60FC3939BEF160E79C4 SHA-1: 0xBED6AE8B24F530E532790B5FF1B53890536AF349	(not available)

Note:

%Temp% is a variable that refers to the temporary folder in the short path form. By default, this is C:\Documents and Settings\[UserName]\Local Settings\Temp\ (Windows NT/2000/XP).

Memory Modifications

There were new processes created in the system:

Process Name	Process Filename	Main Module Size
[generic host process]	[generic host process filename]	20,480 bytes
MP3_Launcher_1_27_0_0.exe	%Temp%\MP3_Launcher_1_27_0_0.exe	2,306,048 bytes
unins000.exe	%Temp%\unins000.exe	974,848 bytes

Notes:

[generic host process filename] is a full path filename of [generic host process].

Other details

To mark the presence in the system, the following Mutex object was created:

All content ("Information") contained in this report is the copyrighted work of Threat Expert Ltd and its associated companies ("ThreatExpert") and may not be copied without the express permission of ThreatExpert.

The Information is provided on an "as is" basis. ThreatExpert disclaims all warranties, whether express or implied, to the maximum extent permitted by law, including the implied warranties that the Information is merchantable, of satisfactory quality, accurate, fit for a particular purpose or need, or non-infringing, unless such implied warranties are legally incapable of exclusion. Further, ThreatExpert does not warrant or make any representations regarding the use or the results of the use of the Information in terms of their correctness, accuracy, reliability, or otherwise.