Analysis Date2015-07-28 18:59:51
MD54236018f322f3db9286e633bb7079adf
SHA1040337a5e57143ee9505c427441746a6dd454511

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: c1f583bc3d68357a105ec4208dc9f289 sha1: 1f3ae4bc41ab092804d986154b2326c0b68f8c88 size: 733184
Section.rdata md5: cdecba15f3517208b55ce8a525096c85 sha1: 35601b0f74cc7945d88be21a93d96fd02424308e size: 512
Section.data md5: c51154a024c2b25dfb420b1aedf109a3 sha1: 394364b91dd3e947d041f67cf03587856c4f1648 size: 2048
Section.rsrc md5: a91459536ead58b85699dbe17336c8c5 sha1: a34c7d4762928b8b59aebac656af01be57256fcb size: 4608
Timestamp2015-07-26 16:07:44
PEhash3537cd2367db79a1b09770197c5c898e96d4a9e3
IMPhashe9a1aa26ef7e1bef5ba3168e4a3bf8aa
AVCA (E-Trust Ino)no_virus
AVF-SecureWin32.Virlock.Gen.3
AVDr. WebWin32.VirLock.15
AVClamAVno_virus
AVArcabit (arcavir)Win32.Virlock.Gen.3
AVBullGuardWin32.Virlock.Gen.3
AVPadvishno_virus
AVVirusBlokAda (vba32)SScope.Malware-Cryptor.Hlux
AVCAT (quickheal)Ransom.PolyRansom.F3
AVTrend MicroPE_VIRLOCK.A
AVKasperskyVirus.Win32.PolyRansom.f
AVZillya!no_virus
AVEmsisoftWin32.Virlock.Gen.3
AVIkarusVirus.Win32.Virlock
AVFrisk (f-prot)no_virus
AVAuthentiumW32/S-ebf374ab!Eldorado
AVMalwareBytesno_virus
AVMicroWorld (escan)Win32.Virlock.Gen.3
AVMicrosoft Security EssentialsVirus:Win32/Nabucur.D
AVK7Trojan ( 004c21251 )
AVBitDefenderWin32.Virlock.Gen.3
AVFortinetW32/Virlock.J
AVSymantecno_virus
AVGrisoft (avg)Generic_s.EJU
AVEset (nod32)Win32/Virlock.J virus
AVAlwil (avast)Nabucur-A [Trj]
AVAd-AwareWin32.Virlock.Gen.3
AVTwisterW32.PolyRansom.f.szjp.mg
AVAvira (antivir)TR/Crypt.ZPACK.Gen
AVMcafeeW32/VirRansom.c
AVRisingTrojan.Win32.Cridex.a

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\3fe4_appcompat.txt
Creates FilePIPE\lsarpc
Creates ProcessWYZX
Creates ProcessC:\WINDOWS\system32\dwwin.exe -x -s 200

Process
↳ WYZX

Creates FileC:\040337a5e57143ee9505c427441746a6dd454511WYZX

Process
↳ C:\WINDOWS\system32\dwwin.exe -x -s 200

Network Details:


Raw Pcap

Strings