anubis left
Anubis - Analysis Report
anubis right

Analysis Report for test668951972364.bin

 Comment on this report

Summary:

Description Risk
Performs Registry Activities: The executable reads and modifies registry values. It may also create and monitor registry keys. low


Table of Contents
expand all expand all   collapse all collapse all

1. General Information

  - Information about Anubis' invocation  
Time needed: 240 s 
Report created: 02/24/10, 07:33:11 UTC 
Termination reason: Timeout 
Program version: 1.74.2603 

2. test668951972364.bin

  - General information about this executable  
Analysis Reason: Primary Analysis Subject 
Filename: test668951972364.bin 
MD5: f1ceb33fefcc3ba153aed21d3a7473b8 
SHA-1: 78c922900c59adf651f2eaf05d2dbbd6783b5a09 
File Size: 80384 Bytes
Command Line: "C:\test668951972364.bin"  
Process-status at analysis end: alive 
Exit Code:

  - Load-time Dlls  
Module Name Base Address Size
C:\​WINDOWS\​system32\​ntdll.dll  0x7C900000  0x000AF000 
C:\​WINDOWS\​system32\​kernel32.dll  0x7C800000  0x000F6000 
C:\​WINDOWS\​system32\​USER32.dll  0x7E410000  0x00091000 
C:\​WINDOWS\​system32\​GDI32.dll  0x77F10000  0x00049000 
C:\​WINDOWS\​system32\​ole32.dll  0x774E0000  0x0013D000 
C:\​WINDOWS\​system32\​ADVAPI32.dll  0x77DD0000  0x0009B000 
C:\​WINDOWS\​system32\​RPCRT4.dll  0x77E70000  0x00092000 
C:\​WINDOWS\​system32\​Secur32.dll  0x77FE0000  0x00011000 
C:\​WINDOWS\​system32\​msvcrt.dll  0x77C10000  0x00058000 
C:\​WINDOWS\​system32\​SHLWAPI.dll  0x77F60000  0x00076000 

2.a) test668951972364.bin - Registry Activities

  - Registry Values Read:  
Key Name Value Times
HKLM\​SYSTEM\​CurrentControlSet\​Control\​Session Manager  CriticalSectionTimeout  2592000 
HKLM\​System\​CurrentControlSet\​Control\​Terminal Server  TSAppCompat 

2.b) test668951972364.bin - File Activities

  - Device Control Communication:  
File Control Code Times
\Device\KsecDD  0x00390008 


International Secure Systems Lab
Vienna University of Technology, Eurecom France, UC Santa Barbara
Contact: anubis@iseclab.org