Analysis Date2015-08-06 13:54:58
MD5ab6438adc43ebcca05a4402e2c6afb64
SHA103f6e1b5ee71ff2c0d22b8af91d766a09ac9d392

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 92cf529299e93e2c78d35061c72b563f sha1: e08da78d4594532cfaadf852d5df3a623d41b89d size: 3072
Section.rdata md5: 68885dee1063743f3f66ec52022b9f1c sha1: dd8e276e0648d5c656a5dedaafe3bac86df31aaf size: 512
Section.data md5: 57a03c3badd011614504826ac9ab846e sha1: 4a689048361644c6697c68e765e8dca4eff855a4 size: 512
Section.rsrc md5: abc89c4a7bb990abc9ed9ae476b84a32 sha1: f6ff85071db32fe2d28ee8057d3294e09d610d3f size: 32256
Section.reloc md5: 35fbdc274964df565792f38049118835 sha1: 6b65817b6503b148cece8b6677ada7afbeb2a48a size: 512
Timestamp2005-12-14 15:52:12
PackerPE Diminisher v0.1
PEhashcc1ee7b3764a119ace5d66b31da821492e61d552
IMPhashd91a358c7ab43df0a8e9faf69a22ec46
AVCA (E-Trust Ino)no_virus
AVF-SecureTrojan.Generic.KDZ.8870
AVDr. WebTrojan.DownLoader8.10342
AVClamAVWin.Trojan.Agent-212723
AVArcabit (arcavir)Trojan.Generic.KDZ.8870
AVBullGuardTrojan.Generic.KDZ.8870
AVPadvishBackdoor.Pushdo.plm
AVVirusBlokAda (vba32)Backdoor.Pushdo
AVCAT (quickheal)Trojan.Cutwail.AQ
AVTrend MicroBKDR_PUSHDO.SMJ
AVKasperskyTrojan.Win32.Generic
AVZillya!Backdoor.Pushdo.Win32.277
AVEmsisoftTrojan.Generic.KDZ.8870
AVIkarusBackdoor.Win32.Pushdo
AVFrisk (f-prot)W32/Trojan2.NVVQ
AVAuthentiumW32/Trojan.LFPX-2943
AVMalwareBytesTrojan.Ransom.Gen
AVMicroWorld (escan)Trojan.Generic.KDZ.8870
AVMicrosoft Security EssentialsTrojanDownloader:Win32/Cutwail.BS
AVK7Backdoor ( 0040f0931 )
AVBitDefenderTrojan.Generic.KDZ.8870
AVFortinetW32/Pushdo.PKG!tr
AVSymantecW32.Pilleuz!gen38
AVGrisoft (avg)SHeur4.BBMG
AVEset (nod32)Win32/Kryptik.AUWV
AVAlwil (avast)Kryptik-LFQ [Trj]
AVAd-AwareTrojan.Generic.KDZ.8870
AVTwisterTrojan.2AAD06E0C11C62F2
AVAvira (antivir)TR/Crypt.XPACK.Gen
AVMcafeeCutwail-FAKI!AB6438ADC43E
AVRisingno_virus

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

RegistryHKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\zuqeanypyqyb ➝
C:\Documents and Settings\Administrator\zuqeanypyqyb.exe
RegistryHKEY_CURRENT_USER\software\microsoft\windows\currentversion\AppManagement ➝
NULL
Creates FileC:\Documents and Settings\Administrator\zuqeanypyqyb.exe
Creates File\Device\Afd\Endpoint
Creates Mutexzuqeanypyqyb

Network Details:

DNSsmtp.glbdns2.microsoft.com
Type: A
65.55.176.126
DNSsmtp.live.com
Type: A
Flows TCP192.168.1.1:1031 ➝ 65.55.176.126:25

Raw Pcap

Strings