Autovin

File SHA1: 1d047508e5d52a9c8e7cb811854725f75e5e80de
File MD5 : 6d10ce288fb6d7d37676693f4cfed99c
File Type: PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Additonal Info:
Source: Web
Date: Sat Mar 20 18:36:29 MYT 2010
Final Score: 3
Possible Malware: NO

#– Files Created: –

/Documents and Settings/Administrator/Local Settings/Temp/is-5OLU5.tmp
/Documents and Settings/Administrator/Local Settings/Temp/is-K5AI6.tmp

#– Registry Created: –

[SOFTWARE]
[SYSTEM]
[SECURITIES]
[DEFAULT]
[NTUSER]

#– Malicious Running Processes: –

! “explorer.exe”,Process ID: “724″
! “sample.exe”,Process ID: “1416″
! “sample.tmp”,Process ID: “1464″
! “svchost.exe”,Process ID: “508″
! “wmiprvse.exe”,Process ID: “1368″
! “wmiprvse.exe”,Process ID: “1536″

#– Malicious Processes Dump: –

#– Malware Traffic – DNS: –

#– Malware Traffic – Connections: –

#– Malware Traffic – www: –

#– Static Header: –

FILE HEADER INFORMATION

TimeStamp: 2A425E19 Sat Jun 20 06:22:17 1992
Subsystem: 2 (Windows GUI)
Image Base: 00400000 Size: 00013000
Code Base: 00001000 Size: 00009200
Data Base: 0000B000 Size: 00003000
Entry Point: 00009A58 (file offset 00008E58)

SECTIONS

1: CODE RVA: 00001000 Offset: 00000400 Size: 00009200 Flags: 60000020 (CER)
2: DATA RVA: 0000B000 Offset: 00009600 Size: 00000400 Flags: C0000040 (DRW)
3: BSS RVA: 0000C000 Offset: 00009A00 Size: 00000000 Flags: C0000000 (RW)
4: .idata RVA: 0000D000 Offset: 00009A00 Size: 00000A00 Flags: C0000040 (DRW)
5: .tls RVA: 0000E000 Offset: 0000A400 Size: 00000000 Flags: C0000000 (RW)
6: .rdata RVA: 0000F000 Offset: 0000A400 Size: 00000200 Flags: 50000040 (DSR)
7: .reloc RVA: 00010000 Offset: 0000A600 Size: 00000000 Flags: 50000040 (DSR)
8: .rsrc RVA: 00011000 Offset: 0000A600 Size: 00002000 Flags: 50000040 (DSR)

#– Screenshots: –

Snapshot 1

Snapshot 2

Snapshot 4