Analysis Report for 053eaa3e82af52f7e24c9abbbe587b36.amada

Comment on this report

Summary:

No threats could be detected by Anubis. This does not imply that execution of this executable is safe.

Table of Contents
expand all	collapse all
General information 053eaa3e82.exe C:\053eaa3e82.exe Primary Analysis Subject General Information a) Registry Activities b) File Activities

1. General Information

	- Information about Anubis' invocation

Time needed:	249 s
Report created:	06/27/11, 12:23:45 UTC
Termination reason:	Timeout
Program version:	1.75.3394

2. 053eaa3e82.exe

	- General information about this executable

Analysis Reason:	Primary Analysis Subject
Filename:	053eaa3e82.exe
MD5:	053eaa3e82af52f7e24c9abbbe587b36
SHA-1:	3ede661654f54c0805c9266675d099fb4d93b81c
File Size:	167981 Bytes
Command Line:	"C:\053eaa3e82.exe"
Process-status at analysis end:	alive
Exit Code:	0

	- Load-time Dlls

Module Name	Base Address	Size
C:\WINDOWS\system32\ntdll.dll	0x7C900000	0x000AF000
C:\WINDOWS\system32\kernel32.dll	0x7C800000	0x000F6000
C:\WINDOWS\system32\WINSPOOL.DRV	0x73000000	0x00026000
C:\WINDOWS\system32\ADVAPI32.dll	0x77DD0000	0x0009B000
C:\WINDOWS\system32\RPCRT4.dll	0x77E70000	0x00092000
C:\WINDOWS\system32\Secur32.dll	0x77FE0000	0x00011000
C:\WINDOWS\system32\GDI32.dll	0x77F10000	0x00049000
C:\WINDOWS\system32\USER32.dll	0x7E410000	0x00091000
C:\WINDOWS\system32\msvcrt.dll	0x77C10000	0x00058000
C:\WINDOWS\system32\WININET.dll	0x771B0000	0x000AA000
C:\WINDOWS\system32\CRYPT32.dll	0x77A80000	0x00095000
C:\WINDOWS\system32\MSASN1.dll	0x77B20000	0x00012000
C:\WINDOWS\system32\OLEAUT32.dll	0x77120000	0x0008B000
C:\WINDOWS\system32\ole32.dll	0x774E0000	0x0013D000
C:\WINDOWS\system32\SHLWAPI.dll	0x77F60000	0x00076000
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll	0x773D0000	0x00103000

2.a) 053eaa3e82.exe - Registry Activities

	- Registry Values Read:

Key	Name	Value	Times
HKLM\SYSTEM\CurrentControlSet\Control\Session Manager	CriticalSectionTimeout	2592000	1
HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers	TransparentEnabled	1	1
HKLM\System\CurrentControlSet\Control\Terminal Server	TSUserEnabled	0	1

2.b) 053eaa3e82.exe - File Activities

	- File System Control Communication:

File	Control Code	Times
C:\Program Files\Common Files\	0x00090028	1

	- Device Control Communication:

File	Control Code	Times
\Device\KsecDD	0x00390008	1

	- Memory Mapped Files:

File Name

C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

C:\WINDOWS\WindowsShell.Manifest

C:\WINDOWS\system32\WININET.dll

C:\WINDOWS\system32\WINSPOOL.DRV

International Secure Systems Lab
Vienna University of Technology, Eurecom France, UC Santa Barbara
Contact: anubis@iseclab.org