Analysis Date2015-08-02 01:56:25
MD504b0c4e56c7f5370e51ce3fbcde3d40b
SHA103ca01ff81fdabe240c2e5809e62d2407c233b5e

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 8c0d5f8d1bff32cb0a856da7cb5a0163 sha1: 87b9c3de69f897bd93f1bc50daa7b861a83d3644 size: 12288
Section.rdata md5: 8e1c50e6370fd819bbb8447e77a7b185 sha1: 4eec306ceaf64a5f3546723521af09229e185840 size: 4096
Section.data md5: d31436d6978babbf4457e2c7107c2d96 sha1: 3b76466aec858b76f18c78427adcc74324ce793b size: 4096
Section.rsrc md5: ef0c977af452d7b1d678d031a4c6d3b5 sha1: 19a12244e363d91effcba13eabe927886d4f6034 size: 32768
Timestamp2009-12-04 13:35:59
PackerMicrosoft Visual C++ v6.0
PEhashe36e5d807888abb3937906b3576f59848c68cc38
IMPhash90b9a730372e0746d0c3a3252eb8d820
AVBitDefenderGen:Variant.Symmi.37890
AVMicroWorld (escan)Gen:Variant.Symmi.37890
AVFrisk (f-prot)no_virus
AVMicrosoft Security EssentialsTrojan:Win32/ServStart.G
AVCAT (quickheal)Trojan.Nitol.A
AVAvira (antivir)BDS/ServStart.idub
AVEmsisoftGen:Variant.Symmi.37890
AVIkarusTrojan.Win32.Vehidis
AVAuthentiumW32/Heuristic-317!Eldorado
AVTrend Microno_virus
AVTwisterTrojan.Vehidis.hc.uzte
AVAlwil (avast)Trojan-gen:Win32:Trojan-gen
AVZillya!no_virus
AVFortinetW32/ServStart.EZ!tr
AVClamAVWin.Trojan.Agent-885488
AVDr. WebTrojan.DownLoader9.6459
AVSymantecno_virus
AVBullGuardGen:Variant.Symmi.37890
AVMalwareBytesno_virus
AVKasperskyTrojan.Win32.Vehidis.hc
AVRisingno_virus
AVK7Trojan ( 004928ca1 )
AVCA (E-Trust Ino)no_virus
AVVirusBlokAda (vba32)Trojan.Vehidis
AVF-SecureGen:Variant.Symmi.37890
AVEset (nod32)Win32/ServStart.JA
AVAd-AwareGen:Variant.Symmi.37890
AVArcabit (arcavir)Gen:Variant.Symmi.37890
AVMcafeeRDN/Generic.dx
AVPadvishno_virus
AVGrisoft (avg)Generic35.AYKY

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates File\Device\Afd\Endpoint

Network Details:

DNS3588.myzmnet.com
Type: A
124.173.113.33
DNSmyhm.mybmnet.com
Type: A
98.126.11.190
Flows TCP192.168.1.1:1031 ➝ 124.173.113.33:3588
Flows TCP192.168.1.1:1032 ➝ 124.173.113.33:3588
Flows TCP192.168.1.1:1033 ➝ 98.126.11.190:1888
Flows TCP192.168.1.1:1034 ➝ 124.173.113.33:3588
Flows TCP192.168.1.1:1035 ➝ 98.126.11.190:1888
Flows TCP192.168.1.1:1036 ➝ 124.173.113.33:3588
Flows TCP192.168.1.1:1037 ➝ 98.126.11.190:1888
Flows TCP192.168.1.1:1038 ➝ 124.173.113.33:3588
Flows TCP192.168.1.1:1039 ➝ 98.126.11.190:1888
Flows TCP192.168.1.1:1040 ➝ 124.173.113.33:3588
Flows TCP192.168.1.1:1041 ➝ 98.126.11.190:1888
Flows TCP192.168.1.1:1042 ➝ 124.173.113.33:3588
Flows TCP192.168.1.1:1043 ➝ 98.126.11.190:1888
Flows TCP192.168.1.1:1044 ➝ 124.173.113.33:3588
Flows TCP192.168.1.1:1045 ➝ 98.126.11.190:1888
Flows TCP192.168.1.1:1046 ➝ 124.173.113.33:3588
Flows TCP192.168.1.1:1047 ➝ 98.126.11.190:1888
Flows TCP192.168.1.1:1048 ➝ 124.173.113.33:3588
Flows TCP192.168.1.1:1049 ➝ 98.126.11.190:1888
Flows TCP192.168.1.1:1050 ➝ 124.173.113.33:3588
Flows TCP192.168.1.1:1051 ➝ 98.126.11.190:1888
Flows TCP192.168.1.1:1052 ➝ 124.173.113.33:3588
Flows TCP192.168.1.1:1053 ➝ 98.126.11.190:1888
Flows TCP192.168.1.1:1054 ➝ 124.173.113.33:3588

Raw Pcap
0x00000000 (00000)   01                                    .

0x00000000 (00000)   01                                    .

0x00000000 (00000)   01                                    .

0x00000000 (00000)   01                                    .

0x00000000 (00000)   01                                    .

0x00000000 (00000)   01                                    .

0x00000000 (00000)   01                                    .

0x00000000 (00000)   01                                    .

0x00000000 (00000)   01                                    .

0x00000000 (00000)   01                                    .

0x00000000 (00000)   01                                    .

0x00000000 (00000)   01                                    .

0x00000000 (00000)   01                                    .

0x00000000 (00000)   01                                    .

0x00000000 (00000)   01                                    .

0x00000000 (00000)   01                                    .

0x00000000 (00000)   01                                    .

0x00000000 (00000)   01                                    .

0x00000000 (00000)   01                                    .

0x00000000 (00000)   01                                    .

0x00000000 (00000)   01                                    .

0x00000000 (00000)   01                                    .

0x00000000 (00000)   01                                    .


Strings