Analysis Report for DHL_Print_Label_68115.exe

Comment on this report

Summary:

Description	Risk
Performs File Modification and Destruction: The executable modifies and destructs files which are not temporary.
Performs Registry Activities: The executable reads and modifies registry values. It may also create and monitor registry keys.

Table of Contents
expand all	collapse all
General information DHL_Print_Label_68115.exe C:\DHL_Print_Label_68115.exe Primary Analysis Subject General Information a) Registry Activities b) File Activities

1. General Information

	- Information about Anubis' invocation

Time needed:	240 s
Report created:	02/09/10, 14:34:42 UTC
Termination reason:	Timeout
Program version:	1.73.0

2. DHL_Print_Label_68115.exe

	- General information about this executable

Analysis Reason:	Primary Analysis Subject
Filename:	DHL_Print_Label_68115.exe
MD5:	7caf159667632ce6f65b9d466b33b373
SHA-1:	24e47797bbc98d19fc807f7af3b1eecdcc9c3a17
File Size:	41984 Bytes
Command Line:	"C:\DHL_Print_Label_68115.exe"
Process-status at analysis end:	alive
Exit Code:	0

	- Load-time Dlls

Module Name	Base Address	Size
C:\WINDOWS\system32\ntdll.dll	0x7C900000	0x000AF000
C:\WINDOWS\system32\kernel32.dll	0x7C800000	0x000F6000
C:\WINDOWS\system32\MSVCRT.dll	0x77C10000	0x00058000
C:\WINDOWS\system32\ole32.dll	0x774E0000	0x0013D000
C:\WINDOWS\system32\ADVAPI32.dll	0x77DD0000	0x0009B000
C:\WINDOWS\system32\RPCRT4.dll	0x77E70000	0x00092000
C:\WINDOWS\system32\Secur32.dll	0x77FE0000	0x00011000
C:\WINDOWS\system32\GDI32.dll	0x77F10000	0x00049000
C:\WINDOWS\system32\USER32.dll	0x7E410000	0x00091000
C:\WINDOWS\system32\oleaut32.dll	0x77120000	0x0008B000
C:\WINDOWS\system32\VERSION.dll	0x77C00000	0x00008000

	- Run-time Dlls

Module Name	Base Address	Size
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\2.tmp	0x10000000	0x0000C000
C:\WINDOWS\system32\WS2HELP.dll	0x71AA0000	0x00008000
C:\WINDOWS\system32\ws2_32.dll	0x71AB0000	0x00017000
C:\WINDOWS\system32\MSCTF.dll	0x74720000	0x0004C000
C:\WINDOWS\system32\iphlpapi.dll	0x76D60000	0x00019000
C:\WINDOWS\system32\CLBCATQ.DLL	0x76FD0000	0x0007F000
C:\WINDOWS\system32\COMRes.dll	0x77050000	0x000C5000

	- SigBuster Output

UPX All_Versions SN:1634

2.a) DHL_Print_Label_68115.exe - Registry Activities

	- Registry Values Read:

Key	Name	Value	Times
HKLM\SOFTWARE\Microsoft\CTF\SystemShared\	CUAS	0	1
HKLM\SYSTEM\CurrentControlSet\Control\Session Manager	CriticalSectionTimeout	2592000	1
HKLM\Software\Microsoft\COM3	Com+Enabled	1	2
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows	AppInit_DLLs		1
HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers	TransparentEnabled	1	1
HKLM\System\CurrentControlSet\Control\Terminal Server	TSAppCompat	0	3
HKLM\System\CurrentControlSet\Control\Terminal Server	TSUserEnabled	0	1
HKU\S-1-5-21-842925246-1425521274-308236825-500\Keyboard Layout\Toggle	Language Hotkey	1	2
HKU\S-1-5-21-842925246-1425521274-308236825-500\Keyboard Layout\Toggle	Layout Hotkey	2	2

	- Monitored Registry Keys:

Key Name	Watch subtree	Notify Filter	Count
HKLM\Software\Classes	1	Key Change,Value Change	1
HKLM\Software\Microsoft\COM3	1	Key Change,Value Change	1

2.b) DHL_Print_Label_68115.exe - File Activities

	- Files Created:

C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\2.tmp

	- Files Modified:

C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\2.tmp

\Device\Ip

\Device\Tcp

	- File System Control Communication:

File	Control Code	Times
C:\	0x00090028	1

	- Device Control Communication:

File	Control Code	Times
\Device\KsecDD	0x00390008	8
\Device\Tcp	0x00120003	6

	- Memory Mapped Files:

File Name

C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\2.tmp

C:\WINDOWS\system32\CLBCATQ.DLL

C:\WINDOWS\system32\COMRes.dll

C:\WINDOWS\system32\MSCTF.dll

C:\WINDOWS\system32\WS2HELP.dll

C:\WINDOWS\system32\imm32.dll

C:\WINDOWS\system32\iphlpapi.dll

C:\WINDOWS\system32\rpcss.dll

C:\WINDOWS\system32\ws2_32.dll

Analysis Report for DHL_Print_Label_68115.exe

Summary:

Table of Contents

1. General Information

2. DHL_Print_Label_68115.exe

2.a) DHL_Print_Label_68115.exe - Registry Activities

2.b) DHL_Print_Label_68115.exe - File Activities