Analysis Date2015-08-14 02:51:45
MD57f811bad9e5275156cde3619a24b4422
SHA1017ef074782cd31c1fc52da29cdfa7016558d11b

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 33efc5e47af1d90edf97a85d45a0613c sha1: d7214006dc94a71eb126022510ff27214aafe51c size: 24576
Section.rdata md5: 2dab83c0e08277f6e2341acc84d115f9 sha1: 26540cf330108088d71ef01412d2fe3e35840249 size: 2560
Section.data md5: 75d3d2327ec6b1325244a4659e3cbb63 sha1: 0aa561bbbd1d78c7fe4aff4ab4a1c46675e5deef size: 11264
Section.rsrc md5: 39a4a2844ff349cf2d0a12e90b3415bf sha1: 25a7c2d52a3b69ffc0d4495a985015f5dcb7639b size: 39424
Timestamp2013-05-22 16:10:30
VersionLegalCopyright: Copyright Maker© 2013
InternalName: Kreza
FileVersion: 1, 3, 4, 7
CompanyName: Hause
PrivateBuild: Brepac
LegalTrademarks: Mirkz©
Comments: Trajhor
ProductName: Ruzgve
SpecialBuild: Marzma
ProductVersion: 5, 2, 1, 2
FileDescription: Marke
OriginalFilename: Zaga
PackerInstaller VISE Custom
PEhashe751e4c8527cfd91a9213017f675927245eb63b4
IMPhashba6fe3de0d0592b7c4e3553ae7d8b342
AVCA (E-Trust Ino)Win32/Gamarue.IULKJQ
AVF-SecureGen:Variant.Symmi.24081
AVDr. WebTrojan.Packed.24313
AVClamAVWin.Trojan.Generickdz-1248
AVArcabit (arcavir)Gen:Variant.Symmi.24081
AVBullGuardGen:Variant.Symmi.24081
AVPadvishWorm.Win32.Gamarue.MS13
AVVirusBlokAda (vba32)no_virus
AVCAT (quickheal)Worm.Gamarue.B
AVTrend MicroWORM_GAMARUE.SMJ
AVKasperskyTrojan.Win32.Agent.iech
AVZillya!Backdoor.Androm.Win32.1314
AVEmsisoftGen:Variant.Symmi.24081
AVIkarusTrojan.CryptEJE
AVFrisk (f-prot)W32/Agent.VX.gen!Eldorado
AVAuthentiumW32/Agent.VX.gen!Eldorado
AVMalwareBytesTrojan.Email.Bot
AVMicroWorld (escan)Gen:Variant.Symmi.24081
AVMicrosoft Security EssentialsWorm:Win32/Gamarue
AVK7Trojan ( 003ea6831 )
AVBitDefenderGen:Variant.Symmi.24081
AVFortinetW32/Kryptik.BBYD!tr
AVSymantecTrojan.Gen
AVGrisoft (avg)Crypt.CEJE
AVEset (nod32)Win32/Injector.AIHW
AVAlwil (avast)Malware-gen:Win32:Malware-gen
AVAd-AwareGen:Variant.Symmi.24081
AVTwisterTrojan.CFAD36FFDC54AD12
AVAvira (antivir)TR/Rogue.195211
AVMcafeeGeneric.gl.gen.a
AVRisingTrojan.Win32.Injector.fv

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates ProcessC:\malware.exe

Process
↳ C:\malware.exe

Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\6cf5_appcompat.txt
Creates FilePIPE\lsarpc
Creates ProcessC:\WINDOWS\system32\dwwin.exe -x -s 180

Process
↳ C:\WINDOWS\system32\dwwin.exe -x -s 180

Network Details:


Raw Pcap

Strings