Analysis Date2015-07-08 02:27:05
MD5f61c8afdf865492061bb9bee225d16fa
SHA104589fc3f758a15ea69a3112ab616a9819fd3a71

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: ae79ffa99cfed0e8999038740a6b96ac sha1: 635c926d6bc46f603af5a33dc737af1d0e5450b1 size: 7168
Section.data md5: 40a6e6ebadaf5314fcf30178ceaaf1bf sha1: 05a60e00d362505863918739dbeaeab307b53f81 size: 11264
SectionrSrc md5: 3a43816981dcc54893e89ee755a7e7db sha1: 0143d1f32144ad6541340747ee761affbbd42a6d size: 419328
Timestamp1997-10-25 21:19:52
PEhashcb61f4676f70ff6f710bc88beeaa437e1164cd02
IMPhash3738e90116b156995499c16c1a65ac76
AVRisingno_virus
AVCA (E-Trust Ino)no_virus
AVF-SecureTrojan.Dyreza.Gen.2
AVDr. WebTrojan.Upatre.5064
AVClamAVno_virus
AVArcabit (arcavir)Trojan.Dyreza.Gen.2
AVBullGuardTrojan.Dyreza.Gen.2
AVPadvishno_virus
AVVirusBlokAda (vba32)no_virus
AVCAT (quickheal)no_virus
AVTrend MicroTROJ_UPATRE.SMX3
AVKasperskyTrojan.Win32.Generic
AVZillya!no_virus
AVEmsisoftTrojan.Dyreza.Gen.2
AVIkarusTrojan.Win32.Crypt
AVFrisk (f-prot)no_virus
AVAuthentiumno_virus
AVMalwareBytesTrojan.Upatre.Gen
AVMicroWorld (escan)no_virus
AVMicrosoft Security EssentialsTrojanDownloader:Win32/Upatre.F
AVK7no_virus
AVBitDefenderTrojan.Dyreza.Gen.2
AVFortinetW32/Waski.A!tr
AVSymantecTrojan.Gen.SMH
AVGrisoft (avg)no_virus
AVEset (nod32)Win32/Kryptik.DONO
AVAlwil (avast)no_virus
AVAd-AwareTrojan.Dyreza.Gen.2
AVTwisterTrojan.DOMG.lxpk
AVAvira (antivir)TR/Agent.439296.64
AVMcafeeUpatre-FACE!F61C8AFDF865

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates FileC:\WINDOWS\AJAhLAWLQbtqgVK.exe
Creates ProcessC:\malware.exe

Process
↳ C:\malware.exe

Creates ServiceGoogle Update - C:\WINDOWS\AJAhLAWLQbtqgVK.exe

Process
↳ C:\WINDOWS\system32\svchost.exe

Creates FileC:\WINDOWS\system32\config\systemprofile\Application Data\ea1bw72e0f4.dll
Creates FilePIPE\lsarpc
Creates File\Device\Afd\Endpoint
Creates MutexGlobal\pen3j3832h

Process
↳ C:\WINDOWS\system32\svchost.exe

Process
↳ Pid 856

Process
↳ C:\WINDOWS\System32\svchost.exe

Process
↳ Pid 1212

Process
↳ Pid 1300

Process
↳ Pid 1852

Process
↳ Pid 2044

Network Details:

DNSgoogle.com
Type: A
216.58.216.78
DNSstun.sipgate.net
Type: A
217.10.68.152
Flows TCP192.168.1.1:1031 ➝ 216.58.216.78:80
Flows UDP192.168.1.1:5049 ➝ 217.10.68.152:3478

Raw Pcap

Strings