Source: Immunity Debugger, IDA Pro
File: necurs_dropper[.]exe
Size: 97792 Bytes
MD5: 6B3D2D146E683DAF0DEB906D57393E22
Mutex:
Name *
————————————————–
Instance0: ESENT Performance Data Schema Version 40
Ports:
Port PID Type Path
————————————————–
- 3417 2688 TCP C:\Documents and Settings\Administrator\Desktop\dropper[.]exe
- 3418 3536 TCP C:\Documents and Settings\Administrator\Desktop\dropper[.]exe
- 3419 384 TCP C:\Documents and Settings\Administrator\Desktop\dropper
API Logger (Interesting Calls):
- 91222 CreateFileA(\\.\NtSecureSys)
- 912c6 GetCurrentProcessId()=2688
- 771bd3a9 connect(69.50.214[.]54:80)
URLs (via GlobalAddAtomA API):
————————————————–
- 504 Connect to %s failed: host unreachable.
504 Connect to %s failed: host unreachable
The following error occurred while trying to access http://%s%s:
504 Connect to %s failed: host unreachable
- http://69.50.214%5B.%5D54/i.php?v=1012&affid=36411
- http://69.50.214%5B.%5D54/i.php?v=1012&affid=36414
- http://213.229.106%5B.%5D135/mac/mac.php?affid=00100
- http://69.50.214%5B.%5D54/i.php?v=1012&affid=36413
- http://69.50.214%5B.%5D54/i.php?v=1012&affid=36412
- http://69.50.214%5B.%5D54/i.php?v=1012&affid=36410
RegKeys (Anti-AV Check):
————————————————–
————————————————–
- SUNBELT SOFTWARE
- Sunbelt Software
- G DATA Software
- CJSC Returnil Software
- Check Point Software Technologies Ltd
- Panda Software International
- FRISK Software International Ltd
- ALWIL Software
- SUNBELT SOFTWARE
- Sunbelt Software
- G DATA Software
- CJSC Returnil Software
- Check Point Software Technologies Ltd
- Panda Software International
- FRISK Software International Ltd
- ALWIL Software
Reverse Engineering, Malware Deep Insight 