Analysis file
| General information | |
| Joebox Version: | 1.0.0 |
| Date: | 05/12/2007 |
| System Time: | 14:21:27 |
| Analysis Duration: | 0m 3s |
| File Name: | STL Packer 1.3 - for Rampage.exe |
| Calling statistic (user mode) | |
| NtCreateFile | 20 |
| NtCreateSection | 98 |
| NtSetInformationFile | 0 |
| NtDeleteFile | 0 |
| NtCreateProcess | 0 |
| NtTerminateProcess | 2 |
| NtCreateKey | 1 |
| NtSetValueKey | 1 |
| NtDeleteValueKey | 0 |
| Calling statistic (kernel mode) | |
| ZwCreateFile | 0 |
| ZwCreateSection | 0 |
| ZwSetInformationFile | 0 |
| ZwDeleteFile | 0 |
| ZwCreateProcess | 0 |
| ZwTerminateProcess | 0 |
| ZwCreateKey | 0 |
| ZwSetValueKey | 0 |
| ZwDeleteValueKey | 0 |
File Activities
| Files created |
| Files opened | |||
| Call Number | File Path | Completion | I/O Status |
| 0 | \DEVICE\HARDDISKVOLUME1 | success or wait | superseded |
| 1 | \DEVICE\HARDDISKVOLUME1 | success or wait | opened |
| 2 | \DEVICE\HARDDISKVOLUME1\ | success or wait | opened |
| 3 | \DEVICE\HARDDISKVOLUME1\$EXTEND\ | access denied | superseded |
| 4 | \DEVICE\HARDDISKVOLUME1\ANALYSISFILES\ | success or wait | opened |
| 5 | \DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\ | success or wait | opened |
| 6 | \DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\ADMIN\ | success or wait | opened |
| 7 | \DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\ADMIN\LOCAL SETTINGS\ | success or wait | opened |
| 8 | \DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\ADMIN\LOCAL SETTINGS\APPLICATION DATA\ | success or wait | opened |
| 9 | \DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\ADMIN\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\ | success or wait | opened |
| 10 | \DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\ADMIN\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS\ | success or wait | opened |
| 11 | \DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\ALL USERS\ | success or wait | opened |
| 12 | \DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\ | success or wait | opened |
| 13 | \DEVICE\HARDDISKVOLUME1\WINDOWS\ | success or wait | opened |
| 14 | \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\ | success or wait | opened |
| 15 | \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\CONFIG\ | success or wait | opened |
| 16 | \DEVICE\HARDDISKVOLUME1\WINDOWS\WINSXS\ | success or wait | opened |
| 17 | \DEVICE\HARDDISKVOLUME1\WINDOWS\WINSXS\X86_MICROSOFT.WINDOWS.COMMON-CONTROLS_6595B64144CCF1DF_6.0.2600.2982_X-WW_AC3F9C03\ | success or wait | opened |
| 319 | \??\C:\WINDOWS\system32\msctfime.ime | success or wait | opened |
| 322 | \??\C:\WINDOWS\system32\msctfime.ime | success or wait | opened |
| Files overwritten |
| Files deleted |
Section Activities
| Section created for commit | |||
| Call Number | File Path | Page Attributes | Completion |
| 18 | \WINDOWS\system32\ntdll.dll | read write | success or wait |
| 19 | \WINDOWS\system32\kernel32.dll | read write | success or wait |
| 20 | \WINDOWS\system32\unicode.nls | read write | success or wait |
| 21 | \WINDOWS\system32\locale.nls | read write | success or wait |
| 22 | \WINDOWS\system32\sorttbls.nls | read write | success or wait |
| 23 | \STL Packer 1.3 - for Rampage.exe | read write | success or wait |
| 24 | \WINDOWS\system32\user32.dll | read write | success or wait |
| 25 | \WINDOWS\system32\gdi32.dll | read write | success or wait |
| 26 | \WINDOWS\system32\imm32.dll | read write | success or wait |
| 27 | \WINDOWS\system32\advapi32.dll | read write | success or wait |
| 28 | \WINDOWS\system32\rpcrt4.dll | read write | success or wait |
| 29 | \WINDOWS\system32\secur32.dll | read write | success or wait |
| 30 | \WINDOWS\system32\ctype.nls | read write | success or wait |
| 31 | \WINDOWS\system32\sortkey.nls | read write | success or wait |
| 32 | \WINDOWS\system32\MSCTF.dll | read write | success or wait |
| 33 | \WINDOWS\system32\msvcrt.dll | read write | success or wait |
| 34 | \WINDOWS\system32\version.dll | read write | success or wait |
| 35 | \WINDOWS\system32\MSCTFIME.IME | read write | success or wait |
| 36 | \WINDOWS\system32\ole32.dll | read write | success or wait |
| 37 | \WINDOWS\system32\comctl32.dll | read write | success or wait |
| 38 | \WINDOWS\system32\comdlg32.dll | read write | success or wait |
| 39 | \WINDOWS\system32\shlwapi.dll | read write | success or wait |
| 40 | \WINDOWS\system32\shell32.dll | read write | success or wait |
| 41 | \WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll | read write | success or wait |
| 42 | \WINDOWS\WindowsShell.Manifest | read write | success or wait |
| 43 | \WINDOWS\system32\oleaut32.dll | read write | success or wait |
| 44 | \WINDOWS\system32\ws2_32.dll | read write | success or wait |
| 45 | \WINDOWS\system32\ws2help.dll | read write | success or wait |
| 46 | \WINDOWS\system32\inetmib1.dll | read write | success or wait |
| 47 | \WINDOWS\system32\iphlpapi.dll | read write | success or wait |
| 48 | \WINDOWS\system32\snmpapi.dll | read write | success or wait |
| 49 | \WINDOWS\system32\wsock32.dll | read write | success or wait |
| 50 | \WINDOWS\system32\mprapi.dll | read write | success or wait |
| 51 | \WINDOWS\system32\activeds.dll | read write | success or wait |
| 52 | \WINDOWS\system32\adsldpc.dll | read write | success or wait |
| 53 | \WINDOWS\system32\netapi32.dll | read write | success or wait |
| 54 | \WINDOWS\system32\wldap32.dll | read write | success or wait |
| 55 | \WINDOWS\system32\atl.dll | read write | success or wait |
| 56 | \WINDOWS\system32\rtutils.dll | read write | success or wait |
| 57 | \WINDOWS\system32\samlib.dll | read write | success or wait |
| 58 | \WINDOWS\system32\setupapi.dll | read write | success or wait |
| 59 | \Documents and Settings\All Users\Application Data\TEMP | read write | success or wait |
| 60 | \WINDOWS\system32\uxtheme.dll | read write | success or wait |
| 61 | \WINDOWS\system32\MSIMTF.dll | read write | success or wait |
| 98 | unkown | read write | success or wait |
| Section created for file |
| Section created for image | |||
| Call Number | File Path | Page Attributes | Completion |
| 62 | \WINDOWS\system32\ntdll.dll | execute | success or wait |
| 63 | \WINDOWS\system32\kernel32.dll | execute | success or wait |
| 64 | \STL Packer 1.3 - for Rampage.exe | execute | success or wait |
| 65 | \WINDOWS\system32\user32.dll | execute | success or wait |
| 66 | \WINDOWS\system32\gdi32.dll | execute | success or wait |
| 67 | \WINDOWS\system32\imm32.dll | execute | success or wait |
| 68 | \WINDOWS\system32\advapi32.dll | execute | success or wait |
| 69 | \WINDOWS\system32\rpcrt4.dll | execute | success or wait |
| 70 | \WINDOWS\system32\secur32.dll | execute | success or wait |
| 71 | \WINDOWS\system32\MSCTF.dll | execute | success or wait |
| 72 | \WINDOWS\system32\msvcrt.dll | execute | success or wait |
| 73 | \WINDOWS\system32\version.dll | execute | success or wait |
| 74 | \WINDOWS\system32\MSCTFIME.IME | execute | success or wait |
| 75 | \WINDOWS\system32\ole32.dll | execute | success or wait |
| 76 | \WINDOWS\system32\comctl32.dll | execute | success or wait |
| 77 | \WINDOWS\system32\comdlg32.dll | execute | success or wait |
| 78 | \WINDOWS\system32\shlwapi.dll | execute | success or wait |
| 79 | \WINDOWS\system32\shell32.dll | execute | success or wait |
| 80 | \WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll | execute | success or wait |
| 81 | \WINDOWS\system32\oleaut32.dll | execute | success or wait |
| 82 | \WINDOWS\system32\ws2_32.dll | execute | success or wait |
| 83 | \WINDOWS\system32\ws2help.dll | execute | success or wait |
| 84 | \WINDOWS\system32\inetmib1.dll | execute | success or wait |
| 85 | \WINDOWS\system32\iphlpapi.dll | execute | success or wait |
| 86 | \WINDOWS\system32\snmpapi.dll | execute | success or wait |
| 87 | \WINDOWS\system32\wsock32.dll | execute | success or wait |
| 88 | \WINDOWS\system32\mprapi.dll | execute | success or wait |
| 89 | \WINDOWS\system32\activeds.dll | execute | success or wait |
| 90 | \WINDOWS\system32\adsldpc.dll | execute | success or wait |
| 91 | \WINDOWS\system32\netapi32.dll | execute | success or wait |
| 92 | \WINDOWS\system32\wldap32.dll | execute | success or wait |
| 93 | \WINDOWS\system32\atl.dll | execute | success or wait |
| 94 | \WINDOWS\system32\rtutils.dll | execute | success or wait |
| 95 | \WINDOWS\system32\samlib.dll | execute | success or wait |
| 96 | \WINDOWS\system32\setupapi.dll | execute | success or wait |
| 97 | \WINDOWS\system32\uxtheme.dll | execute | success or wait |
| 101 | \WINDOWS\system32\imm32.dll | execute | success or wait |
| 103 | \STL Packer 1.3 - for Rampage.exe | execute | success or wait |
| 316 | \WINDOWS\system32\MSCTF.dll | execute | success or wait |
| 325 | \WINDOWS\system32\MSCTFIME.IME | execute | success or wait |
| 327 | \WINDOWS\system32\ole32.dll | execute | success or wait |
Registry Activities
| Keys created | |||
| Call Number | Key Path | Create Options | Completion |
| 328 | \Registry\Machine\SOFTWARE\Microsoft\Cryptography\RNG | non volatile | success or wait |
| Keys set | ||||
| Call Number | Key Path | Key Name | Data | Completion |
| 329 | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG | Seed | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | success or wait |
Process Activities
| Process created | ||
| Call Number | File Path | Completion |
| 105 | "C:\STL Packer 1.3 - for Rampage.exe" | success or wait |
| Process terminated | |||
| Call Number | File Path | Exit status | Completion |
| 339 | current process | 0 | success or wait |
| 340 | "C:\STL Packer 1.3 - for Rampage.exe" | 0 | |