[################################################## ###########################]
Analysis Report for RemoveWAT.exe
MD5: 1dae1764763eaa5ad14c75eb80f246e1
[################################################## ###########################]
Summary: No threats could be detected by Anubis.
This does NOT imply that execution of this executable is safe.
[================================================== ===========================]
Table of Contents
[================================================== ===========================]
- General information
- RemoveWAT.exe
a) Other Activities
[################################################## ###########################]
1. General Information
[################################################## ###########################]
[================================================== ===========================]
Information about Anubis' invocation
[================================================== ===========================]
Time needed: 78 s
Report created: 03/31/10, 22:53:09 UTC
Termination reason: All tracked processes have exited
Program version: 1.74.2681
[================================================== ===========================]
Popups
[================================================== ===========================]
Process: csrss.exe
Window Name: RemoveWAT.exe - Application Error
Displayed Times: 1
Window Text:
OK
The application failed to initialize properly (0xc0000135). Click on OK to terminate the application.
[################################################## ###########################]
2. RemoveWAT.exe
[################################################## ###########################]
[================================================== ===========================]
General information about this executable
[================================================== ===========================]
Analysis Reason: Primary Analysis Subject
Filename: RemoveWAT.exe
MD5: 1dae1764763eaa5ad14c75eb80f246e1
SHA-1: cf962ede46849659aed4750ac9d1c689531f0df2
File Size: 1197056 Bytes
Process-status
at analysis end: dead
Exit Code: -1073741515
[================================================== ===========================]
Load-time Dlls
[================================================== ===========================]
Module Name: [ C:\WINDOWS\system32\ntdll.dll ],
Base Address: [0x7C900000 ], Size: [0x000AF000 ]
[================================================== ===========================]
2.a) RemoveWAT.exe - Other Activities
[================================================== ===========================]
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
Windows SEH exceptions:
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
Description: [ Exception 0xc0000135 at 0x7c96478e ], 1 time
[################################################## ###########################]
International Secure Systems Lab
http://www.iseclab.org
Vienna University of Technology Eurecom France UC Santa Barbara
http://www.tuwien.ac.at http://www.eurecom.fr http://www.cs.ucsb.edu
Contact:
anubis@iseclab.org