http://anubis.iseclab.org/?action=result&task_id=1e9161208aa70af0405f1e409dfb90fc8&format=txt ___ __ _ + /- / | ____ __ __/ /_ (_)____ -\ + /s h- / /| | / __ \/ / / / __ \/ / ___/ -h s\ oh-:d/ / ___ |/ / / / /_/ / /_/ / (__ ) /d:-ho shh+hy- /_/ |_/_/ /_/\__,_/_.___/_/____/ -yh+hhs -:+hhdhyys/- -\syyhdhh+:- -//////dhhhhhddhhyss- Analysis Report -ssyhhddhhhhhd\\\\\\- /++/////oydddddhhyys/ ooooooooooooooooooooo \syyhhdddddyo\\\\\++\ -+++///////odh/- -+hdo\\\\\\\+++- +++++++++//yy+/: :\+yy\\+++++++++ /+soss+sys//yyo/os++o+: :+o++so\oyy\\sys+ssos+\ +oyyyys++o/+yss/+/oyyyy: :yyyyo\+\ssy+\o++syyyyo+ +oyyyyyyso+os/o/+yyyyyy/ \yyyyyy+\o\so+osyyyyyyo+ [#############################################################################] Analysis Report for zeusbin_4dc3c945cf56a5d248d6b406cd2fac90.exe MD5: 4dc3c945cf56a5d248d6b406cd2fac90 [#############################################################################] Summary: - Performs Registry Activities: The executable reads and modifies registry values. It also creates and monitors registry keys. [=============================================================================] Table of Contents [=============================================================================] - General information - zeusbin_4dc3c945cf56a5d248d6b406cd2fac90.exe a) Registry Activities b) Other Activities [#############################################################################] 1. General Information [#############################################################################] [=============================================================================] Information about Anubis' invocation [=============================================================================] Time needed: 241 s Report created: 03/30/10, 12:51:39 UTC Termination reason: Timeout Program version: 1.74.2681 [#############################################################################] 2. zeusbin_4dc3c945cf56a5d248d6b406cd2fac90.exe [#############################################################################] [=============================================================================] General information about this executable [=============================================================================] Analysis Reason: Primary Analysis Subject Filename: zeusbin_4dc3c945cf56a5d248d6b406cd2fac90.exe MD5: 4dc3c945cf56a5d248d6b406cd2fac90 SHA-1: 7c4bbada3c296df1ac92f748d23d4b5bc17df828 File Size: 133120 Bytes Command Line: "C:\zeusbin_4dc3c945cf56a5d248d6b406cd2fac90.exe" Process-status at analysis end: alive Exit Code: 0 [=============================================================================] Load-time Dlls [=============================================================================] Module Name: [ C:\WINDOWS\system32\ntdll.dll ], Base Address: [0x7C900000 ], Size: [0x000AF000 ] Module Name: [ C:\WINDOWS\system32\kernel32.dll ], Base Address: [0x7C800000 ], Size: [0x000F6000 ] Module Name: [ C:\WINDOWS\system32\USER32.dll ], Base Address: [0x7E410000 ], Size: [0x00091000 ] Module Name: [ C:\WINDOWS\system32\GDI32.dll ], Base Address: [0x77F10000 ], Size: [0x00049000 ] Module Name: [ C:\WINDOWS\system32\ADVAPI32.dll ], Base Address: [0x77DD0000 ], Size: [0x0009B000 ] Module Name: [ C:\WINDOWS\system32\RPCRT4.dll ], Base Address: [0x77E70000 ], Size: [0x00092000 ] Module Name: [ C:\WINDOWS\system32\Secur32.dll ], Base Address: [0x77FE0000 ], Size: [0x00011000 ] [=============================================================================] 2.a) zeusbin_4dc3c945cf56a5d248d6b406cd2fac90.exe - Registry Activities [=============================================================================] [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=] Registry Values Read: [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=] Key: [ HKLM\System\CurrentControlSet\Control\Terminal Server ], Value Name: [ TSAppCompat ], Value: [ 0 ], 3 times Key: [ HKLM\System\CurrentControlSet\Control\Terminal Server ], Value Name: [ TSUserEnabled ], Value: [ 0 ], 1 time [=============================================================================] 2.b) zeusbin_4dc3c945cf56a5d248d6b406cd2fac90.exe - Other Activities [=============================================================================] [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=] Windows SEH exceptions: [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=] Description: [ Exception 0xc0000096 (STATUS_PRIVILEGED_INSTRUCTION) at 0x4013fb ], 31411 times [#############################################################################] International Secure Systems Lab http://www.iseclab.org Vienna University of Technology Eurecom France UC Santa Barbara http://www.tuwien.ac.at http://www.eurecom.fr http://www.cs.ucsb.edu Contact: anubis@iseclab.org