Analysis Date2015-12-18 08:46:29
MD55acee320c01c0e2d8c56fafeafaeda80
SHA103798e5772efdc46f4a8fa1c2bb1f08fabdecdbc

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: d18eae366b95f37c38f05aba9c7ca90d sha1: a88a669d2d8525f7d7db74379dffb943f664dac7 size: 142848
Section.rdata md5: 1d08113c30c4ac2363bd81eb4cc4e1e4 sha1: 290b3433718d173ba6f0afd42a6654e0f50201eb size: 37888
Section.data md5: 97e97c982262ef504b1b27597129a56b sha1: 4d313f667d0700002022e00ddc628a30bd2f9dc3 size: 6144
Section.rsrc md5: d9ae0d5c30d01f593ca2dcef38b2051e sha1: b4b284a66ca1af52f90a0e9537639b61534c3716 size: 66560
Timestamp2015-09-18 16:09:39
PackerMicrosoft Visual C++ ?.?
PEhash8ff66256461afbcbc1214e961095596470015a08
IMPhash988c3073a9831556dd653993192fadaf
AVBitDefenderTrojan.GenericKDZ.30369
AVFrisk (f-prot)no_virus
AVGrisoft (avg)Inject3.GRI
AVF-SecureTrojan.GenericKDZ.30369
AVBullGuardTrojan.GenericKDZ.30369
AVMicrosoft Security EssentialsWorm:Win32/Gamarue
AVAd-AwareTrojan.GenericKDZ.30369
AVK7Trojan ( 004ce5451 )
AVMalwareBytesTrojan.Agent
AVZillya!Backdoor.Androm.Win32.28308
AVCAT (quickheal)Worm.Gamarue.r4
AVSymantecTrojan.Gen
AVClamAVno_virus
AVMicroWorld (escan)Trojan.GenericKDZ.30369
AVDr. WebTrojan.Packed.32977
AVAvira (antivir)TR/AD.Gamarue.Y.716
AVTwisterTrojan.Girtk.DXOQ.xkwb
AVTrend Microno_virus
AVRisingno_virus
AVAuthentiumW32/Agent.XL.gen!Eldorado
AVArcabit (arcavir)Trojan.GenericKDZ.30369
AVFortinetW32/Kryptik.DYEZ!tr
AVAlwil (avast)Androp [Drp]
AVIkarusTrojan.Win32.Crypt
AVVirusBlokAda (vba32)no_virus
AVEset (nod32)Win32/Kryptik.DXOQ
AVMcafeePacked-FR!5ACEE320C01C
AVCA (E-Trust Ino)no_virus
AVKasperskyTrojan.Win32.Generic
AVEmsisoftTrojan.GenericKDZ.30369

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates ProcessC:\WINDOWS\system32\msiexec.exe

Process
↳ C:\WINDOWS\system32\msiexec.exe

Creates FilePIPE\lsarpc
Creates File\Device\Afd\Endpoint
Winsock DNSnorth-america.pool.ntp.org
Winsock DNSafrica.pool.ntp.org
Winsock DNSoceania.pool.ntp.org
Winsock DNSasia.pool.ntp.org
Winsock DNSsouth-america.pool.ntp.org
Winsock DNSeurope.pool.ntp.org

Network Details:

DNSeurope.pool.ntp.org
Type: A
188.227.227.31
DNSeurope.pool.ntp.org
Type: A
131.188.3.221
DNSeurope.pool.ntp.org
Type: A
129.70.132.36
DNSeurope.pool.ntp.org
Type: A
78.46.93.106
DNSnorth-america.pool.ntp.org
Type: A
138.236.128.112
DNSnorth-america.pool.ntp.org
Type: A
108.61.194.85
DNSnorth-america.pool.ntp.org
Type: A
208.88.126.226
DNSnorth-america.pool.ntp.org
Type: A
208.75.89.4
DNSsouth-america.pool.ntp.org
Type: A
200.186.125.195
DNSsouth-america.pool.ntp.org
Type: A
200.160.0.8
DNSsouth-america.pool.ntp.org
Type: A
200.93.227.170
DNSsouth-america.pool.ntp.org
Type: A
192.188.53.26
DNSasia.pool.ntp.org
Type: A
157.7.154.23
DNSasia.pool.ntp.org
Type: A
52.69.228.202
DNSasia.pool.ntp.org
Type: A
218.189.210.4
DNSasia.pool.ntp.org
Type: A
192.248.1.162
DNSoceania.pool.ntp.org
Type: A
203.56.27.253
DNSoceania.pool.ntp.org
Type: A
202.127.210.37
DNSoceania.pool.ntp.org
Type: A
150.101.112.134
DNSoceania.pool.ntp.org
Type: A
54.252.165.245
DNSafrica.pool.ntp.org
Type: A
41.231.53.4
DNSafrica.pool.ntp.org
Type: A
197.82.150.123
DNSafrica.pool.ntp.org
Type: A
196.41.127.42
DNSafrica.pool.ntp.org
Type: A
146.231.129.86

Raw Pcap

Strings